1 --- 9.6-ESV-R5 released ---
3 3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing.
4 See http://www.freebsd.org/cgi/query-pr.cgi?pr=158307
7 3132. [bug] Workaround for excessive startup time with large
8 number of zones; allow setting of an environment
9 variable to tune the number of tasks, default is 8,
10 recommends 200 zones per task. If you have 200000
11 zones set the BIND9_ZONE_TASKS_HINT environment
12 variable to 1000 before starting named:
14 csh: setenv BIND9_ZONE_TASKS_HINT 1000
15 sh: BIND9_ZONE_TASKS_HINT=1000;
16 export BIND9_ZONE_TASKS_HINT
18 Applicable to 9.7, 9.6, auto-tuned in 9.8 and up.
21 --- 9.6-ESV-R5rc1 released ---
23 3124. [bug] Use an rdataset attribute flag to indicate
25 3124. [bug] Use an rdataset attribute flag to indicate
26 negative-cache records rather than using rrtype 0;
27 this will prevent problems when that rrtype is
28 used in actual DNS packets. [RT #24777]
30 3123. [security] Change #2912 exposed a latent flaw in
31 dns_rdataset_totext() that could cause named to
32 crash with an assertion failure. [RT #24777]
34 3121. [security] An authoritative name server sending a negative
35 response containing a very large RRset could
36 trigger an off-by-one error in the ncache code
37 and crash named. [RT #24650]
39 3120. [bug] Named could fail to validate zones list in a DLV
40 that validated insecure without using DLV and had
41 DS records in the parent zone. [RT #24631]
43 3118. [bug] nsupdate could dump core on shutdown when using
44 SIG(0) keys. [RT #24604]
46 3113. [doc] Document the relationship between serial-query-rate
49 3112. [doc] Add missing descriptions of the update policy name
50 types "ms-self", "ms-subdomain", "krb5-self" and
51 "krb5-subdomain", which allow machines to update
52 their own records, to the BIND 9 ARM.
54 3110. [bug] dnssec-signzone: Wrong error message could appear
55 when attempting to sign with no KSK. [RT #24369]
57 3104. [bug] Better support for cross-compiling. [RT #24367]
59 3099. [test] "dlz" system test now runs but gives R:SKIPPED if
60 not compiled with --with-dlz-filesystem. [RT #24146]
62 3097. [test] Add a tool to test handling of malformed packets.
65 --- 9.6-ESV-R5b1 released ---
67 3095. [bug] Handle isolated reserved ports in the port range.
70 3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
71 and add setup.sh in order to resolve changing
72 named.conf issue. [RT #23687]
74 3083. [bug] NOTIFY messages were not being sent when generating
75 a NSEC3 chain incrementally. [RT #23702]
77 3081. [bug] Failure of DNAME substitution did not return
80 3080. [cleanup] Replaced compile time constant by STDTIME_ON_32BITS.
83 3079. [bug] Handle isc_event_allocate failures in t_tasks.
86 3074. [bug] Make the adb cache read through for zone data and
87 glue learn for zone named is authoritative for.
90 3071. [bug] has_nsec could be used unintialised in
91 update.c:next_active. [RT #20256]
93 3069. [cleanup] Silence warnings messages from clang static analysis.
96 3068. [bug] Named failed to build with a OpenSSL without engine
99 3067. [bug] ixfr-from-differences {master|slave}; failed to
100 select the master/slave zones. [RT #23580]
102 3065. [bug] RRSIG could have time stamps too far in the future.
105 3064. [bug] powerpc: add sync instructions to the end of atomic
106 operations. [RT #23469]
108 3063. [contrib] More verbose error reporting from DLZ LDAP. [RT #23402]
110 3059. [test] Added a regression test for change #3023.
112 3058. [bug] Cause named to terminate at startup or rndc reconfig/
113 reload to fail, if a log file specified in the conf
114 file isn't a plain file. [RT #22771]
116 3053. [bug] Under a sustained high query load with a finite
117 max-cache-size, it was possible for cache memory
118 to be exhausted and not recovered. [RT #23371]
120 3051. [bug] NS records obsure DNAME records at the bottom of the
121 zone if both are present. [RT #23035]
123 3046. [bug] Use RRSIG original TTL to compute validated RRset
124 and RRSIG TTL. [RT #23332]
126 3044. [bug] Hold the socket manager lock while freeing the socket.
129 3043. [test] Merged in the NetBSD ATF test framework (currently
130 version 0.12) for development of future unit tests.
131 Use configure --with-atf to build ATF internally
132 or configure --with-atf=prefix to use an external
135 3042. [bug] dig +trace could fail attempting to use IPv6
136 addresses on systems with only IPv4 connectivity.
139 3041. [bug] dnssec-signzone failed to generate new signatures on
140 ttl changes. [RT #23330]
142 3040. [bug] Named failed to validate insecure zones where a node
143 with a CNAME existed between the trust anchor and the
144 top of the zone. [RT #23338]
146 3037. [doc] Update COPYRIGHT to contain all the individual
147 copyright notices that cover various parts.
149 3036. [bug] Check built-in zone arguments to see if the zone
150 is re-usable or not. [RT #21914]
152 3035. [cleanup] Simplify by using strlcpy. [RT #22521]
154 3034. [cleanup] nslookup: use strlcpy instead of safecopy. [RT #22521]
156 3033. [cleanup] Add two INSIST(bucket != DNS_ADB_INVALIDBUCKET).
159 3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
161 3031. [bug] dns_rdataclass_format() handle a zero sized buffer.
164 3030. [bug] dns_rdatatype_format() handle a zero sized buffer.
167 3029. [bug] isc_netaddr_format() handle a zero sized buffer.
170 3028. [bug] isc_sockaddr_format() handle a zero sized buffer.
173 3027. [bug] Add documented REQUIREs to cfg_obj_asnetprefix() to
174 catch NULL pointer dereferences before they happen.
177 3026. [bug] lib/isc/httpd.c: check that we have enough space
178 after calling grow_headerspace() and if not
179 re-call grow_headerspace() until we do. [RT #22521]
181 3025. [bug] Fixed a possible deadlock due to zone resigning.
184 3023. [bug] Named could be left in an inconsistent state when
185 receiving multiple AXFR response messages that were
186 not all TSIG-signed. [RT #23254]
188 3019. [test] Test: check apex NSEC3 records after adding DNSKEY
189 record via UPDATE. [RT #23229]
191 3018. [bug] Named failed to check for the "none;" acl when deciding
192 if a zone may need to be re-signed. [RT #23120]
194 3016. [bug] rndc usage missing '-b'. [RT #22937]
196 3015. [port] win32: fix IN6_IS_ADDR_LINKLOCAL and
197 IN6_IS_ADDR_SITELOCAL macros. [RT #22724]
199 3014. [bug] Fix the zonechecks system test to match expected
200 behaviour for 9.6 and to fail on error. [RT #22905]
202 3012. [bug] Remove DNSKEY TTL change pairs before generating
203 signing records for any remaining DNSKEY changes.
206 --- 9.6-ESV-R4 released ---
208 --- 9.6.3 released ---
210 3009. [bug] clients-per-query code didn't work as expected with
211 particular query patterns. [RT #22972]
213 --- 9.6.3rc1 released ---
215 3007. [bug] Named failed to preserve the case of domain names in
216 rdata which is not compressible when writing master
219 3002. [bug] isc_mutex_init_errcheck() failed to destroy attr.
222 2996. [security] Temporarily disable SO_ACCEPTFILTER support.
225 2995. [bug] The Kerberos realm was not being correctly extracted
226 from the signer's identity. [RT #22770]
228 2994. [port] NetBSD: use pthreads by default on NetBSD >= 5.0, and
229 do not use threads on earlier versions. Also kill
230 the unproven-pthreads, mit-pthreads, and ptl2 support.
232 2984. [bug] Don't run MX checks when the target of the MX record
235 2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
238 --- 9.6.3b1 released ---
240 2982. [bug] Reference count dst keys. dst_key_attach() can be used
241 increment the reference count.
243 Note: dns_tsigkey_createfromkey() callers should now
244 always call dst_key_free() rather than setting it
245 to NULL on success. [RT #22672]
247 2979. [bug] named could deadlock during shutdown if two
248 "rndc stop" commands were issued at the same
251 2978. [port] hpux: look for <devpoll.h> [RT #21919]
253 2976. [bug] named could die on exit after negotiating a GSS-TSIG
256 2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
257 wrong lock which could lead to server deadlock.
260 2965. [func] Test HMAC functions using test data from RFC 2104 and
261 RFC 4634. [RT #21702]
263 2960. [func] Check that named accepts non-authoritative answers.
266 2959. [func] Check that named starts with a missing masterfile.
269 2957. [bug] entropy_get() and entropy_getpseudo() failed to match
270 the API for RAND_bytes() and RAND_pseudo_bytes()
271 respectively. [RT #21962]
273 2956. [port] Enable atomic operations on the PowerPC64. [RT #21899]
275 2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
276 build_sqldbinstance failure. [RT #21623]
278 2953. [bug] Silence spurious "expected covering NSEC3, got an
279 exact match" message when returning a wildcard
280 no data response. [RT #21744]
282 2950. [bug] named failed to perform a SOA up to date check when
283 falling back to TCP on UDP timeouts when
284 ixfr-from-differences was set. [RT #21595]
286 2946. [doc] Document the default values for the minimum and maximum
287 zone refresh and retry values in the ARM. [RT #21886]
289 2945. [doc] Update empty-zones list in ARM. [RT #21772]
291 2944. [maint] Remove ORCHID prefix from built in empty zones.
294 2942. [contrib] zone2sqlite failed to setup the entropy sources.
297 2941. [bug] sdb and sdlz (dlz's zone database) failed to support
298 DNAME at the zone apex. [RT #21610]
300 2935. [bug] nsupdate: improve 'file not found' error message.
303 2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
306 2933. [bug] 'dig +nsid' used stack memory after it went out of
307 scope. This could potentially result in a unknown,
308 potentially malformed, EDNS option being sent instead
309 of the desired NSID option. [RT #21781]
311 2932. [cleanup] Corrected a numbering error in the "dnssec" test.
314 2931. [bug] Temporarily and partially disable change 2864
315 because it would cause infinite attempts of RRSIG
316 queries. This is an urgent care fix; we'll
317 revisit the issue and complete the fix later.
320 2929. [bug] Improved handling of GSS security contexts:
321 - added LRU expiration for generated TSIGs
322 - added the ability to use a non-default realm
323 - added new "realm" keyword in nsupdate
324 - limited lifetime of generated keys to 1 hour
325 or the lifetime of the context (whichever is
329 2923. [bug] 'dig +trace' could drop core after "connection
330 timeout". [RT #21514]
332 2922. [contrib] Update zkt to version 1.0.
334 2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
336 2916. [func] Add framework to use IPv6 in tests.
337 fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
339 2915. [cleanup] Be smarter about which objects we attempt to compile
340 based on configure options. [RT #21444]
342 2912. [func] Windows clients don't like UPDATE responses that clear
343 the zone section. [RT #20986]
345 2911. [bug] dnssec-signzone didn't handle out of zone records well.
348 2910. [func] Sanity check Kerberos credentials. [RT #20986]
350 2908. [bug] It was possible for re-signing to stop after removing
351 a DNSKEY. [RT #21384]
353 2905. [port] aix: set use_atomic=yes with native compiler.
356 2904. [bug] When using DLV, sub-zones of the zones in the DLV,
357 could be incorrectly marked as insecure instead of
358 secure leading to negative proofs failing. This was
359 a unintended outcome from change 2890. [RT# 21392]
361 2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
363 2899. [port] win32: Support linking against OpenSSL 1.0.0.
365 2898. [bug] nslookup leaked memory when -domain=value was
366 specified. [RT #21301]
368 2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
370 2891. [maint] Update empty-zones list to match
371 draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
373 2889. [bug] Elements of the grammar where not properly reported.
376 2888. [bug] Only the first EDNS option was displayed. [RT #21273]
378 2885. [bug] Improve -fno-strict-aliasing support probing in
379 configure. [RT #21080]
381 2884. [bug] Insufficient validation in dns_name_getlabelsequence().
384 2883. [bug] 'dig +short' failed to handle really large datasets.
387 2882. [bug] Remove memory context from list of active contexts
388 before clearing 'magic'. [RT #21274]
390 2881. [bug] Reduce the amount of time the rbtdb write lock
391 is held when closing a version. [RT #21198]
393 2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
396 2877. [bug] The validator failed to skip obviously mismatching
399 2875. [bug] dns_time64_fromtext() could accept non digits.
402 2874. [bug] Cache lack of EDNS support only after the server
403 successfully responds to the query using plain DNS.
406 2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
408 2868. [cleanup] Run "make clean" at the end of configure to ensure
409 any changes made by configure are integrated.
410 Use --with-make-clean=no to disable. [RT #20994]
412 2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
413 don't like it. [RT #20986]
415 2866. [bug] Windows does not like the TSIG name being compressed.
418 2865. [bug] memset to zero event.data. [RT #20986]
420 2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
423 2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
426 2862. [bug] nsupdate didn't default to the parent zone when
427 updating DS records. [RT #20896]
429 2859. [bug] When cancelling validation it was possible to leak
432 2858. [bug] RTT estimates were not being adjusted on ICMP errors.
435 2857. [bug] named-checkconf did not fail on a bad trusted key.
438 2856. [bug] The size of a memory allocation was not always properly
439 recorded. [RT #20927]
441 2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
443 2851. [doc] nslookup.1, removed <informalexample> from the docbook
444 source as it produced bad nroff. [RT #21007]
446 --- 9.6-ESV-R3 released ---
448 2972. [bug] win32: address windows socket errors. [RT #21906]
450 2971. [bug] Fixed a bug that caused journal files not to be
451 compacted on Windows systems as a result of
452 non-POSIX-compliant rename() semantics. [RT #22434]
454 2970. [security] Adding a NO DATA negative cache entry failed to clear
455 any matching RRSIG records. A subsequent lookup of
456 of NO DATA cache entry could trigger a INSIST when the
457 unexpected RRSIG was also returned with the NO DATA
460 CVE-2010-3613, VU#706148. [RT #22288]
462 2969. [security] Fix acl type processing so that allow-query works
463 in options and view statements. Also add a new
464 set of tests to verify proper functioning.
466 CVE-2010-3615, VU#510208. [RT #22418]
468 2968. [security] Named could fail to prove a data set was insecure
469 before marking it as insecure. One set of conditions
470 that can trigger this occurs naturally when rolling
473 CVE-2010-3614, VU#837744. [RT #22309]
475 2967. [bug] 'host -D' now turns on debugging messages earlier.
478 2966. [bug] isc_print_vsnprintf() failed to check if there was
479 space available in the buffer when adding a left
480 justified character with a non zero width,
481 (e.g. "%-1c"). [RT #22270]
483 2964. [bug] view->queryacl was being overloaded. Seperate the
484 usage into view->queryacl, view->cacheacl and
485 view->queryonacl. [RT #22114]
487 2962. [port] win32: add more dependencies to BINDBuild.dsw.
490 2952. [port] win32: named-checkzone and named-checkconf failed
491 to initialise winsock. [RT #21932]
493 2951. [bug] named failed to generate a correct signed response
494 in a optout, delegation only zone with no secure
495 delegations. [RT #22007]
497 --- 9.6-ESV-R2 released ---
499 2939. [func] Check that named successfully skips NSEC3 records
500 that fail to match the NSEC3PARAM record currently
503 2937. [bug] Worked around an apparent race condition in over
504 memory conditions. Without this fix a DNS cache DB or
505 ADB could incorrectly stay in an over memory state,
506 effectively refusing further caching, which
507 subsequently made a BIND 9 caching server unworkable.
508 This fix prevents this problem from happening by
509 polling the state of the memory context, rather than
510 making a copy of the state, which appeared to cause
511 a race. This is a "workaround" in that it doesn't
512 solve the possible race per se, but several experiments
513 proved this change solves the symptom. Also, the
514 polling overhead hasn't been reported to be an issue.
515 This bug should only affect a caching server that
516 specifies a finite max-cache-size. It's also quite
517 likely that the bug happens only when enabling threads,
518 but it's not confirmed yet. [RT #21818]
520 2925. [bug] Named failed to accept uncachable negative responses
521 from insecure zones. [RT# 21555]
523 2921. [bug] The resolver could attempt to destroy a fetch context
524 too soon. [RT #19878]
526 2900. [bug] The placeholder negative caching element was not
527 properly constructed triggering a INSIST in
528 dns_ncache_towire(). [RT #21346]
530 2890. [bug] Handle the introduction of new trusted-keys and
531 DS, DLV RRsets better. [RT #21097]
533 2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
536 --- 9.6-ESV-R1 released ---
538 2876. [bug] Named could return SERVFAIL for negative responses
539 from unsigned zones. [RT #21131]
541 --- 9.6-ESV released ---
543 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
545 --- 9.6.2 released ---
547 2850. [bug] If isc_heap_insert() failed due to memory shortage
548 the heap would have corrupted entries. [RT #20951]
550 2849. [bug] Don't treat errors from the xml2 library as fatal.
553 2846. [bug] EOF on unix domain sockets was not being handled
554 correctly. [RT #20731]
556 2844. [doc] notify-delay default in ARM was wrong. It should have
557 been five (5) seconds.
559 --- 9.6.2rc1 released ---
561 2838. [func] Backport support for SHA-2 DNSSEC algorithms,
562 RSASHA256 and RSASHA512, from BIND 9.7. (This
563 incorporates changes 2726 and 2738 from that
564 release branch.) [RT #20871]
566 2837. [port] Prevent Linux spurious warnings about fwrite().
569 2831. [security] Do not attempt to validate or cache
570 out-of-bailiwick data returned with a secure
571 answer; it must be re-fetched from its original
572 source and validated in that context. [RT #20819]
574 2828. [security] Cached CNAME or DNAME RR could be returned to clients
575 without DNSSEC validation. [RT #20737]
577 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
579 2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
580 was in the process of being created was not properly
581 recorded in the zone. [RT #20786]
583 2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
585 2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define.
588 2818. [cleanup] rndc could return an incorrect error code
589 when a zone was not found. [RT #20767]
591 2815. [bug] Exclusively lock the task when freezing a zone.
594 2814. [func] Provide a definitive error message when a master
595 zone is not loaded. [RT #20757]
597 --- 9.6.2b1 released ---
599 2797. [bug] Don't decrement the dispatch manager's maxbuffers.
602 2790. [bug] Handle DS queries to stub zones. [RT #20440]
604 2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
606 2786. [bug] Additional could be promoted to answer. [RT #20663]
608 2784. [bug] TC was not always being set when required glue was
611 2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
612 buffer size of 512 or less. [RT #20654]
614 2782. [port] win32: use getaddrinfo() for hostname lookups.
617 2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
619 2772. [security] When validating, track whether pending data was from
620 the additional section or not and only return it if
621 validates as secure. [RT #20438]
623 2765. [bug] Skip masters for which the TSIG key cannot be found.
626 2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
628 2759. [doc] Add information about .jbk/.jnw files to
631 2758. [bug] win32: Added a workaround for a windows 2008 bug
632 that could cause the UDP client handler to shut
635 2757. [bug] dig: assertion failure could occur in connect
638 2755. [doc] Clarify documentation of keyset- files in
639 dnssec-signzone man page. [RT #19810]
641 2754. [bug] Secure-to-insecure transitions failed when zone
642 was signed with NSEC3. [RT #20587]
644 2750. [bug] dig: assertion failure could occur when a server
645 didn't have an address. [RT #20579]
647 2749. [bug] ixfr-from-differences generated a non-minimal ixfr
648 for NSEC3 signed zones. [RT #20452]
650 2747. [bug] Journal roll forwards failed to set the re-signing
651 time of RRSIGs correctly. [RT #20541]
653 2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
654 for a insecure delegation.
656 2729. [func] When constructing a CNAME from a DNAME use the DNAME
659 2723. [bug] isc_base32_totext(), isc_base32hex_totext(), and
660 isc_base64_totext(), didn't always mark regions of
661 memory as fully consumed after conversion. [RT #20445]
663 2722. [bug] Ensure that the memory associated with the name of
664 a node in a rbt tree is not altered during the life
665 of the node. [RT #20431]
667 2721. [port] Have dst__entropy_status() prime the random number
668 generator. [RT #20369]
670 2718. [bug] The space calculations in opensslrsa_todns() were
671 incorrect. [RT #20394]
673 2716. [bug] nslookup debug mode didn't return the ttl. [RT #20414]
675 2715. [bug] Require OpenSSL support to be explicitly disabled.
678 2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
681 2713. [bug] powerpc: atomic operations missing asm("ics") /
684 2706. [bug] Loading a zone with a very large NSEC3 salt could
685 trigger an assert. [RT #20368]
687 2705. [bug] Reconcile the XML stats version number with a later
688 BIND9 release, by adding a "name" attribute to
689 "cache" elements and increasing the version number
690 to 2.2. (This is a minor version change, but may
691 affect XML parsers if they assume the cache element
692 doesn't take an attribute.)
694 2704. [bug] Serial of dynamic and stub zones could be inconsistent
695 with their SOA serial. [RT #19387]
697 2701. [doc] Correction to ARM: hmac-md5 is no longer the only
698 supported TSIG key algorithm. [RT #18046]
700 2700. [doc] The match-mapped-addresses option is discouraged.
703 2699. [bug] Missing lock in rbtdb.c. [RT #20037]
705 2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
706 S_IFREG are defined after including <isc/stat.h>.
709 2696. [bug] named failed to successfully process some valid
710 acl constructs. [RT #20308]
712 2692. [port] win32: 32/64 bit cleanups. [RT #20335]
714 2690. [bug] win32: fix isc_thread_key_getspecific() prototype.
717 2689. [bug] Correctly handle snprintf result. [RT #20306]
719 2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
720 to decide to fetch the destination address. [RT #20305]
722 2686. [bug] dnssec-signzone should clean the old NSEC chain when
723 signing with NSEC3 and vice versa. [RT #20301]
725 2683. [bug] dnssec-signzone should clean out old NSEC3 chains when
726 the NSEC3 parameters used to sign the zone change.
729 2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
732 2678. [func] Treat DS queries as if "minimal-response yes;"
735 2672. [bug] Don't enable searching in 'host' when doing reverse
738 2670. [bug] Unexpected connect failures failed to log enough
739 information to be useful. [RT #20205]
741 2663. [func] win32: allow named to run as a service using
742 "NT AUTHORITY\LocalService" as the account. [RT #19977]
744 2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
745 returned a misleading error code when lwresd was
748 2661. [bug] Check whether socket fd exceeds FD_SETSIZE when
749 creating lwres context. [RT #20029]
751 2659. [doc] Clarify dnssec-keygen doc: key name must match zone
752 name for DNSSEC keys. [RT #19938]
754 2656. [func] win32: add a "tools only" check box to the installer
755 which causes it to only install dig, host, nslookup,
756 nsupdate and relevant DLLs. [RT #19998]
758 2655. [doc] Document that key-directory does not affect
759 rndc.key. [RT #20155]
761 2653. [bug] Treat ENGINE_load_private_key() failures as key
762 not found rather than out of memory. [RT #18033]
764 2649. [bug] Set the domain for forward only zones. [RT #19944]
766 2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
768 2647. [bug] Remove unnecessary SOA updates when a new KSK is
771 2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
773 2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
774 which default to 64 bits. [RT #19927]
776 2643. [bug] Stub zones interacted badly with NSEC3 support.
779 2642. [bug] nsupdate could dump core on solaris when reading
780 improperly formatted key files. [RT #20015]
782 2640. [security] A specially crafted update packet will cause named
785 2639. [bug] Silence compiler warnings in gssapi code. [RT #19954]
787 2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
790 2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
793 2633. [bug] Handle 15 bit rand() functions. [RT #19783]
795 2632. [func] util/kit.sh: warn if documentation appears to be out of
798 2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
800 2623. [bug] Named started searches for DS non-optimally. [RT #19915]
802 2621. [doc] Made copyright boilerplate consistent. [RT #19833]
804 2620. [bug] Delay thawing the zone until the reload of it has
805 completed successfully. [RT #19750]
807 2618. [bug] The sdb and sdlz db_interator_seek() methods could
808 loop infinitely. [RT #19847]
810 2617. [bug] ifconfig.sh failed to emit an error message when
811 run from the wrong location. [RT #19375]
813 2616. [bug] 'host' used the nameservers from resolv.conf even
814 when a explicit nameserver was specified. [RT #19852]
816 2615. [bug] "__attribute__((unused))" was in the wrong place
817 for ia64 gcc builds. [RT #19854]
819 2614. [port] win32: 'named -v' should automatically be executed
820 in the foreground. [RT #19844]
822 2613. [bug] Option argument validation was missing for
823 dnssec-dsfromkey. [RT #19828]
825 2610. [port] sunos: Change #2363 was not complete. [RT #19796]
827 2608. [func] Perform post signing verification checks in
828 dnssec-signzone. These can be disabled with -P.
830 The post sign verification test ensures that for each
831 algorithm in use there is at least one non revoked
832 self signed KSK key. That all revoked KSK keys are
833 self signed. That all records in the zone are signed
834 by the algorithm. [RT #19653]
836 2601. [doc] Mention file creation mode mask in the
839 2593. [bug] Improve a corner source of SERVFAILs [RT #19632]
841 2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
844 2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
845 Requires MySQL 5.0.19 or later. [RT #19084]
847 2580. [bug] UpdateRej statistics counter could be incremented twice
848 for one rejection. [RT #19476]
850 2533. [doc] ARM: document @ (at-sign). [RT #17144]
852 2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
853 function. [RT #18582]
855 --- 9.6.1 released ---
857 2607. [bug] named could incorrectly delete NSEC3 records for
858 empty nodes when processing a update request.
861 2606. [bug] "delegation-only" was not being accepted in
862 delegation-only type zones. [RT #19717]
864 2605. [bug] Accept DS responses from delegation only zones.
867 2603. [port] win32: handle .exe extension of named-checkzone and
868 named-comilezone argv[0] names under windows.
871 2602. [port] win32: fix debugging command line build of libisccfg.
874 --- 9.6.1rc1 released ---
876 2599. [bug] Address rapid memory growth when validation fails.
879 2597. [bug] Handle a validation failure with a insecure delegation
880 from a NSEC3 signed master/slave zone. [RT #19464]
882 2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
883 long, leading to inefficient memory usage or rejecting
884 newer cache entries in the worst case. [RT #19563]
886 2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
888 2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
890 2591. [bug] named could die when processing a update in
891 removed_orphaned_ds(). [RT #19507]
893 2588. [bug] SO_REUSEADDR could be set unconditionally after failure
894 of bind(2) call. This should be rare and mostly
895 harmless, but may cause interference with other
896 processes that happen to use the same port. [RT #19642]
898 2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
901 2585. [bug] Uninitialized socket name could be referenced via a
902 statistics channel, triggering an assertion failure in
903 XML rendering. [RT #19427]
905 2584. [bug] alpha: gcc optimization could break atomic operations.
908 2583. [port] netbsd: provide a control to not add the compile
909 date to the version string, -DNO_VERSION_DATE.
911 2582. [bug] Don't emit warning log message when we attempt to
912 remove non-existent journal. [RT #19516]
914 2579. [bug] DNSSEC lookaside validation failed to handle unknown
915 algorithms. [RT #19479]
917 2578. [bug] Changed default sig-signing-type to 65534, because
918 65535 turns out to be reserved. [RT #19477]
920 2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
923 --- 9.6.1b1 released ---
925 2577. [doc] Clarified some statistics counters. [RT #19454]
927 2576. [bug] NSEC record were not being correctly signed when
928 a zone transitions from insecure to secure.
929 Handle such incorrectly signed zones. [RT #19114]
931 2574. [doc] Document nsupdate -g and -o. [RT #19351]
933 2573. [bug] Replacing a non-CNAME record with a CNAME record in a
934 single transaction in a signed zone failed. [RT #19397]
936 2568. [bug] Report when the write to indicate a otherwise
937 successful start fails. [RT #19360]
939 2567. [bug] dst__privstruct_writefile() could miss write errors.
940 write_public_key() could miss write errors.
941 dnssec-dsfromkey could miss write errors.
944 2564. [bug] Only take EDNS fallback steps when processing timeouts.
947 2563. [bug] Dig could leak a socket causing it to wait forever
950 2562. [doc] ARM: miscellaneous improvements, reorganization,
951 and some new content.
953 2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
955 2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
957 2559. [bug] dnssec-dsfromkey could compute bad DS records when
958 reading from a K* files. [RT #19357]
960 2557. [cleanup] PCI compliance:
961 * new libisc log module file
962 * isc_dir_chroot() now also changes the working
965 * additional logging when files can't be removed.
967 2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
968 error checks in the correct order resulting in the
969 wrong error code sometimes being returned. [RT #19249]
971 2554. [bug] Validation of uppercase queries from NSEC3 zones could
974 2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
976 2552. [bug] zero-no-soa-ttl-cache was not being honoured.
979 2551. [bug] Potential Reference leak on return. [RT #19341]
981 2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
984 2549. [port] linux: define NR_OPEN if not currently defined.
987 2548. [bug] Install iterated_hash.h. [RT #19335]
989 2547. [bug] openssl_link.c:mem_realloc() could reference an
990 out-of-range area of the source buffer. New public
991 function isc_mem_reallocate() was introduced to address
992 this bug. [RT #19313]
994 2545. [doc] ARM: Legal hostname checking (check-names) is
995 for SRV RDATA too. [RT #19304]
997 2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
999 2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
1001 2542. [doc] Update the description of dig +adflag. [RT #19290]
1003 2541. [bug] Conditionally update dispatch manager statistics.
1006 2539. [security] Update the interaction between recursion, allow-query,
1007 allow-query-cache and allow-recursion. [RT #19198]
1009 2538. [bug] cache/ADB memory could grow over max-cache-size,
1010 especially with threads and smaller max-cache-size
1013 2537. [experimental] Added more statistics counters including those on socket
1014 I/O events and query RTT histograms. [RT #18802]
1016 2536. [cleanup] Silence some warnings when -Werror=format-security is
1017 specified. [RT #19083]
1019 2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
1021 2532. [bug] dig: check the question section of the response to
1022 see if it matches the asked question. [RT #18495]
1024 2531. [bug] Change #2207 was incomplete. [RT #19098]
1026 2530. [bug] named failed to reject insecure to secure transitions
1027 via UPDATE. [RT #19101]
1029 2529. [cleanup] Upgrade libtool to silence complaints from recent
1030 version of autoconf. [RT #18657]
1032 2528. [cleanup] Silence spurious configure warning about
1033 --datarootdir [RT #19096]
1035 2527. [bug] named could reuse cache on reload with
1036 enabling/disabling validation. [RT #19119]
1038 2525. [func] New logging category "query-errors" to provide detailed
1039 internal information about query failures, especially
1040 about server failures. [RT #19027]
1042 2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
1044 2523. [bug] Random type rdata freed by dns_nsec_typepresent().
1047 2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
1049 2521. [bug] Improve epoll cross compilation support. [RT #19047]
1051 2519. [bug] dig/host with -4 or -6 didn't work if more than two
1052 nameserver addresses of the excluded address family
1053 preceded in resolv.conf. [RT #19081]
1055 2517. [bug] dig +trace with -4 or -6 failed when it chose a
1056 nameserver address of the excluded address type.
1059 2516. [bug] glue sort for responses was performed even when not
1062 2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
1063 a nameserver of the excluded address family.
1066 2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
1069 2506. [port] solaris: Check at configure time if
1070 hack_shutup_pthreadonceinit is needed. [RT #19037]
1072 2505. [port] Treat amd64 similarly to x86_64 when determining
1073 atomic operation support. [RT #19031]
1075 2503. [port] linux: improve compatibility with Linux Standard
1078 2502. [cleanup] isc_radix: Improve compliance with coding style,
1079 document function in <isc/radix.h>. [RT #18534]
1081 --- 9.6.0 released ---
1083 2520. [bug] Update xml statistics version number to 2.0 as change
1084 #2388 made the schema incompatible to the previous
1085 version. [RT #19080]
1087 --- 9.6.0rc2 released ---
1089 2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
1092 2513. [bug] Fix windows cli build. [RT #19062]
1094 2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
1097 2509. [bug] Specifying a fixed query source port was broken.
1100 2504. [bug] Address race condition in the socket code. [RT #18899]
1102 --- 9.6.0rc1 released ---
1104 2498. [bug] Removed a bogus function argument used with
1105 ISC_SOCKET_USE_POLLWATCH: it could cause compiler
1106 warning or crash named with the debug 1 level
1107 of logging. [RT #18917]
1109 2497. [bug] Don't add RRSIG bit to NSEC3 bit map for insecure
1112 2496. [bug] Add sanity length checks to NSID option. [RT #18813]
1114 2495. [bug] Tighten RRSIG checks. [RT #18795]
1116 2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
1117 installed. [RT #18826]
1119 2493. [bug] The linux capabilities code was not correctly cleaning
1120 up after itself. [RT #18767]
1122 2492. [func] Rndc status now reports the number of cpus discovered
1123 and the number of worker threads when running
1124 multi-threaded. [RT #18273]
1126 2491. [func] Attempt to re-use a local port if we are already using
1127 the port. [RT #18548]
1129 2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
1130 is cleared when IPV6_V6ONLY is set. [RT #18785]
1132 2489. [port] solaris: Workaround Solaris's kernel bug about
1134 http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
1135 Define ISC_SOCKET_USE_POLLWATCH at build time to enable
1136 this workaround. [RT #18870]
1138 2488. [func] Added a tool, dnssec-dsfromkey, to generate DS records
1139 from keyset and .key files. [RT #18694]
1141 2487. [bug] Give TCP connections longer to complete. [RT #18675]
1143 2486. [func] The default locations for named.pid and lwresd.pid
1144 are now /var/run/named/named.pid and
1145 /var/run/lwresd/lwresd.pid respectively.
1147 This allows the owner of the containing directory
1148 to be set, for "named -u" support, and allows there
1149 to be a permanent symbolic link in the path, for
1150 "named -t" support. [RT #18306]
1152 2485. [bug] Change update's the handling of obscured RRSIG
1153 records. Not all orphaned DS records were being
1154 removed. [RT #18828]
1156 2484. [bug] It was possible to trigger a REQUIRE failure when
1157 adding NSEC3 proofs to the response in
1158 query_addwildcardproof(). [RT #18828]
1160 2483. [port] win32: chroot() is not supported. [RT #18805]
1162 2482. [port] libxml2: support versions 2.7.* in addition
1163 to 2.6.*. [RT #18806]
1165 --- 9.6.0b1 released ---
1167 2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
1168 collisions. [RT #18812]
1170 2480. [bug] named could fail to emit all the required NSEC3
1171 records. [RT #18812]
1173 2479. [bug] xfrout:covers was not properly initialized. [RT #18801]
1175 2478. [bug] 'addresses' could be used uninitialized in
1176 configure_forward(). [RT #18800]
1178 2477. [bug] dig: the global option to print the command line is
1179 +cmd not print_cmd. Update the output to reflect
1182 2476. [doc] ARM: improve documentation for max-journal-size and
1183 ixfr-from-differences. [RT #15909] [RT #18541]
1185 2475. [bug] LRU cache cleanup under overmem condition could purge
1186 particular entries more aggressively. [RT #17628]
1188 2474. [bug] ACL structures could be allocated with insufficient
1189 space, causing an array overrun. [RT #18765]
1191 2473. [port] linux: raise the limit on open files to the possible
1192 maximum value before spawning threads; 'files'
1193 specified in named.conf doesn't seem to work with
1194 threads as expected. [RT #18784]
1196 2472. [port] linux: check the number of available cpu's before
1197 calling chroot as it depends on "/proc". [RT #16923]
1199 2471. [bug] named-checkzone was not reporting missing mandatory
1200 glue when sibling checks were disabled. [RT #18768]
1202 2470. [bug] Elements of the isc_radix_node_t could be incorrectly
1203 overwritten. [RT# 18719]
1205 2469. [port] solaris: Work around Solaris's select() limitations.
1208 2468. [bug] Resolver could try unreachable servers multiple times.
1211 2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
1213 2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
1216 2465. [bug] Adb's handling of lame addresses was different
1217 for IPv4 and IPv6. [RT #18738]
1219 2464. [port] linux: check that a capability is present before
1220 trying to set it. [RT #18135]
1222 2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
1223 API and glibc hides parts of the IPv6 Advanced Socket
1224 API as a result. This is stupid as it breaks how the
1225 two halves (Basic and Advanced) of the IPv6 Socket API
1226 were designed to be used but we have to live with it.
1227 Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
1230 2462. [doc] Document -m (enable memory usage debugging)
1231 option for dig. [RT #18757]
1233 2461. [port] sunos: Change #2363 was not complete. [RT #17513]
1235 --- 9.6.0a1 released ---
1237 2460. [bug] Don't call dns_db_getnsec3parameters() on the cache.
1240 2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
1242 2458. [doc] ARM: update and correction for max-cache-size.
1245 2457. [tuning] max-cache-size is reverted to 0, the previous
1246 default. It should be safe because expired cache
1247 entries are also purged. [RT #18684]
1249 2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
1250 address, regardless of family. They now correctly
1251 distinguish IPv4 from IPv6. [RT #18559]
1253 2455. [bug] Stop metadata being transferred via axfr/ixfr.
1256 2454. [func] nsupdate: you can now set a default ttl. [RT #18317]
1258 2453. [bug] Remove NULL pointer dereference in dns_journal_print().
1261 2452. [func] Improve bin/test/journalprint. [RT #18316]
1263 2451. [port] solaris: handle runtime linking better. [RT #18356]
1265 2450. [doc] Fix lwresd docbook problem for manual page.
1270 2448. [func] Add NSEC3 support. [RT #15452]
1272 2447. [cleanup] libbind has been split out as a separate product.
1274 2446. [func] Add a new log message about build options on startup.
1275 A new command-line option '-V' for named is also
1276 provided to show this information. [RT# 18645]
1278 2445. [doc] ARM out-of-date on empty reverse zones (list includes
1279 RFC1918 address, but these are not yet compiled in).
1282 2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
1283 (clear DF) for UDP responses and requests.
1285 2443. [bug] win32: UDP connect() would not generate an event,
1286 and so connected UDP sockets would never clean up.
1287 Fix this by doing an immediate WSAConnect() rather
1288 than an io completion port type for UDP.
1290 2442. [bug] A lock could be destroyed twice. [RT# 18626]
1292 2441. [bug] isc_radix_insert() could copy radix tree nodes
1293 incompletely. [RT #18573]
1295 2440. [bug] named-checkconf used an incorrect test to determine
1296 if an ACL was set to none.
1298 2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
1301 2438. [bug] Timeouts could be logged incorrectly under win32.
1303 2437. [bug] Sockets could be closed too early, leading to
1304 inconsistent states in the socket module. [RT #18298]
1306 2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
1308 2435. [bug] Fixed an ACL memory leak affecting win32.
1310 2434. [bug] Fixed a minor error-reporting bug in
1311 lib/isc/win32/socket.c.
1313 2433. [tuning] Set initial timeout to 800ms.
1315 2432. [bug] More Windows socket handling improvements. Stop
1316 using I/O events and use IO Completion Ports
1317 throughout. Rewrite the receive path logic to make
1318 it easier to support multiple simultaneous
1319 requesters in the future. Add stricter consistency
1320 checking as a compile-time option (define
1321 ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
1323 2431. [bug] Acl processing could leak memory. [RT #18323]
1325 2430. [bug] win32: isc_interval_set() could round down to
1326 zero if the input was less than NS_INTERVAL
1327 nanoseconds. Round up instead. [RT #18549]
1329 2429. [doc] nsupdate should be in section 1 of the man pages.
1332 2428. [bug] dns_iptable_merge() mishandled merges of negative
1335 2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
1336 was set. [RT #18528]
1338 2426. [bug] libbind: inet_net_pton() can sometimes return the
1339 wrong value if excessively large net masks are
1340 supplied. [RT #18512]
1342 2425. [bug] named didn't detect unavailable query source addresses
1343 at load time. [RT #18536]
1345 2424. [port] configure now probes for a working epoll
1346 implementation. Allow the use of kqueue,
1347 epoll and /dev/poll to be selected at compile
1350 2423. [security] Randomize server selection on queries, so as to
1351 make forgery a little more difficult. Instead of
1352 always preferring the server with the lowest RTT,
1353 pick a server with RTT within the same 128
1354 millisecond band. [RT #18441]
1356 2422. [bug] Handle the special return value of a empty node as
1357 if it was a NXRRSET in the validator. [RT #18447]
1359 2421. [func] Add new command line option '-S' for named to specify
1360 the max number of sockets. [RT #18493]
1361 Use caution: this option may not work for some
1362 operating systems without rebuilding named.
1364 2420. [bug] Windows socket handling cleanup. Let the io
1365 completion event send out canceled read/write
1366 done events, which keeps us from writing to memory
1367 we no longer have ownership of. Add debugging
1368 socket_log() function. Rework TCP socket handling
1369 to not leak sockets.
1371 2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
1372 should not be used for isc_sockettype_fdwatch sockets.
1375 2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
1378 2417. [bug] Connecting UDP sockets for outgoing queries could
1379 unexpectedly fail with an 'address already in use'
1382 2416. [func] Log file descriptors that cause exceeding the
1383 internal maximum. [RT #18460]
1385 2415. [bug] 'rndc dumpdb' could trigger various assertion failures
1386 in rbtdb.c. [RT #18455]
1388 2414. [bug] A masterdump context held the database lock too long,
1389 causing various troubles such as dead lock and
1390 recursive lock acquisition. [RT #18311, #18456]
1392 2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
1394 2412. [bug] win32: address a resource leak. [RT #18374]
1396 2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
1397 for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
1398 at compilation time. [RT #18433]
1400 Note: with changes #2469 and #2421 above, there is no
1401 need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
1404 2410. [bug] Correctly delete m_versionInfo. [RT #18432]
1406 2409. [bug] Only log that we disabled EDNS processing if we were
1407 subsequently successful. [RT #18029]
1409 2408. [bug] A duplicate TCP dispatch event could be sent, which
1410 could then trigger an assertion failure in
1411 resquery_response(). [RT #18275]
1413 2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
1417 2405. [cleanup] The default value for dnssec-validation was changed to
1418 "yes" in 9.5.0-P1 and all subsequent releases; this
1419 was inadvertently omitted from CHANGES at the time.
1421 2404. [port] hpux: files unlimited support.
1423 2403. [bug] TSIG context leak. [RT #18341]
1425 2402. [port] Support Solaris 2.11 and over. [RT #18362]
1427 2401. [bug] Expect to get E[MN]FILE errno internal_accept()
1428 (from accept() or fcntl() system calls). [RT #18358]
1430 2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
1435 2398. [bug] Improve file descriptor management. New,
1436 temporary, named.conf option reserved-sockets,
1437 default 512. [RT #18344]
1439 2397. [bug] gssapi_functions had too many elements. [RT #18355]
1441 2396. [bug] Don't set SO_REUSEADDR for randomized ports.
1444 2395. [port] Avoid warning and no effect from "files unlimited"
1445 on Linux when running as root. [RT #18335]
1447 2394. [bug] Default configuration options set the limit for
1448 open files to 'unlimited' as described in the
1449 documentation. [RT #18331]
1451 2393. [bug] nested acls containing keys could trigger an
1452 assertion in acl.c. [RT #18166]
1454 2392. [bug] remove 'grep -q' from acl test script, some platforms
1455 don't support it. [RT #18253]
1457 2391. [port] hpux: cover additional recvmsg() error codes.
1460 2390. [bug] dispatch.c could make a false warning on 'odd socket'.
1463 2389. [bug] Move the "working directory writable" check to after
1464 the ns_os_changeuser() call. [RT #18326]
1466 2388. [bug] Avoid using tables for layout purposes in
1467 statistics XSL [RT #18159].
1469 2387. [bug] Silence compiler warnings in lib/isc/radix.c.
1470 [RT #18147] [RT #18258]
1472 2386. [func] Add warning about too small 'open files' limit.
1475 2385. [bug] A condition variable in socket.c could leak in
1476 rare error handling [RT #17968].
1478 2384. [security] Fully randomize UDP query ports to improve
1479 forgery resilience. [RT #17949, #18098]
1481 2383. [bug] named could double queries when they resulted in
1482 SERVFAIL due to overkilling EDNS0 failure detection.
1485 2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
1488 2381. [port] dlz/mysql: support multiple install layouts for
1489 mysql. <prefix>/include/{,mysql/}mysql.h and
1490 <prefix>/lib/{,mysql/}. [RT #18152]
1492 2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
1493 proofs which, in turn, caused validation failures
1494 for insecure zones immediately below a secure zone
1495 the server was authoritative for. [RT #18112]
1497 2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
1498 TLDs and supported RRs with TTLs [RT #17972]
1500 2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
1503 2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
1505 2376. [bug] Change #2144 was not complete.
1509 2374. [bug] "blackhole" ACLs could cause named to segfault due
1510 to some uninitialized memory. [RT #18095]
1512 2373. [bug] Default values of zone ACLs were re-parsed each time a
1513 new zone was configured, causing an overconsumption
1514 of memory. [RT #18092]
1516 2372. [bug] Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
1518 2371. [doc] Add +nsid option to dig man page. [RT #18039]
1520 2370. [bug] "rndc freeze" could trigger an assertion in named
1521 when called on a nonexistent zone. [RT #18050]
1523 2369. [bug] libbind: Array bounds overrun on read in bitncmp().
1526 2368. [port] Linux: use libcap for capability management if
1527 possible. [RT# 18026]
1529 2367. [bug] Improve counting of dns_resstatscounter_retry
1532 2366. [bug] Adb shutdown race. [RT #18021]
1534 2365. [bug] Fix a bug that caused dns_acl_isany() to return
1535 spurious results. [RT #18000]
1537 2364. [bug] named could trigger a assertion when serving a
1538 malformed signed zone. [RT #17828]
1540 2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
1543 2362. [cleanup] Make "rrset-order fixed" a compile-time option.
1544 settable by "./configure --enable-fixed-rrset".
1545 Disabled by default. [RT #17977]
1547 2361. [bug] "recursion" statistics counter could be counted
1548 multiple times for a single query. [RT #17990]
1550 2360. [bug] Fix a condition where we release a database version
1551 (which may acquire a lock) while holding the lock.
1553 2359. [bug] Fix NSID bug. [RT #17942]
1555 2358. [doc] Update host's default query description. [RT #17934]
1557 2357. [port] Don't use OpenSSL's engine support in versions before
1558 OpenSSL 0.9.7f. [RT #17922]
1560 2356. [bug] Built in mutex profiler was not scalable enough.
1563 2355. [func] Extend the number statistics counters available.
1566 2354. [bug] Failed to initialize some rdatasetheader_t elements.
1569 2353. [func] Add support for Name Server ID (RFC 5001).
1570 'dig +nsid' requests NSID from server.
1571 'request-nsid yes;' causes recursive server to send
1572 NSID requests to upstream servers. Server responds
1573 to NSID requests with the string configured by
1574 'server-id' option. [RT #17091]
1576 2352. [bug] Various GSS_API fixups. [RT #17729]
1578 2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
1580 2350. [port] win32: IPv6 support. [RT #17797]
1582 2349. [func] Provide incremental re-signing support for secure
1583 dynamic zones. [RT #1091]
1585 2348. [func] Use the EVP interface to OpenSSL. Add PKCS#11 support.
1586 Documentation is in the new README.pkcs11 file.
1587 New tool, dnssec-keyfromlabel, which takes the
1588 label of a key pair in a HSM and constructs a DNS
1589 key pair for use by named and dnssec-signzone.
1592 2347. [bug] Delete now traverses the RB tree in the canonical
1595 2346. [func] Memory statistics now cover all active memory contexts
1596 in increased detail. [RT #17580]
1598 2345. [bug] named-checkconf failed to detect when forwarders
1599 were set at both the options/view level and in
1600 a root zone. [RT #17671]
1602 2344. [bug] Improve "logging{ file ...; };" documentation.
1605 2343. [bug] (Seemingly) duplicate IPv6 entries could be
1606 created in ADB. [RT #17837]
1608 2342. [func] Use getifaddrs() if available under Linux. [RT #17224]
1610 2341. [bug] libbind: add missing -I../include for off source
1611 tree builds. [RT #17606]
1613 2340. [port] openbsd: interface configuration. [RT #17700]
1615 2339. [port] tru64: support for libbind. [RT #17589]
1617 2338. [bug] check_ds() could be called with a non DS rdataset.
1620 2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
1622 2336. [func] If "named -6" is specified then listen on all IPv6
1623 interfaces if there are not listen-on-v6 clauses in
1624 named.conf. [RT #17581]
1626 2335. [port] sunos: libbind and *printf() support for long long.
1629 2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
1630 bug in fromstruct_txt(). [RT #17609]
1632 2333. [bug] Fix off by one error in isc_time_nowplusinterval().
1635 2332. [contrib] query-loc-0.4.0. [RT #17602]
1637 2331. [bug] Failure to regenerate any signatures was not being
1638 reported nor being past back to the UPDATE client.
1641 2330. [bug] Remove potential race condition when handling
1642 over memory events. [RT #17572]
1644 WARNING: API CHANGE: over memory callback
1645 function now needs to call isc_mem_waterack().
1646 See <isc/mem.h> for details.
1648 2329. [bug] Clearer help text for dig's '-x' and '-i' options.
1650 2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
1651 F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
1652 J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
1655 2327. [bug] It was possible to dereference a NULL pointer in
1656 rbtdb.c. Implement dead node processing in zones as
1657 we do for caches. [RT #17312]
1659 2326. [bug] It was possible to trigger a INSIST in the acache
1662 2325. [port] Linux: use capset() function if available. [RT #17557]
1664 2324. [bug] Fix IPv6 matching against "any;". [RT #17533]
1666 2323. [port] tru64: namespace clash. [RT #17547]
1668 2322. [port] MacOS: work around the limitation of setrlimit()
1669 for RLIMIT_NOFILE. [RT #17526]
1673 2320. [func] Make statistics counters thread-safe for platforms
1674 that support certain atomic operations. [RT #17466]
1676 2319. [bug] Silence Coverity warnings in
1677 lib/dns/rdata/in_1/apl_42.c. [RT #17469]
1679 2318. [port] sunos fixes for libbind. [RT #17514]
1681 2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
1683 2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
1686 2315. [bug] Used incorrect address family for mapped IPv4
1687 addresses in acl.c. [RT #17519]
1689 2314. [bug] Uninitialized memory use on error path in
1690 bin/named/lwdnoop.c. [RT #17476]
1692 2313. [cleanup] Silence Coverity warnings. Handle private stacks.
1693 [RT #17447] [RT #17478]
1695 2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
1698 2311. [bug] IPv6 addresses could match IPv4 ACL entries and
1699 vice versa. [RT #17462]
1701 2310. [bug] dig, host, nslookup: flush stdout before emitting
1702 debug/fatal messages. [RT #17501]
1704 2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
1707 2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
1710 2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
1712 2306. [bug] Remove potential race from lib/dns/resolver.c.
1715 2305. [security] inet_network() buffer overflow. CVE-2008-0122.
1717 2304. [bug] Check returns from all dns_rdata_tostruct() calls.
1720 2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
1723 2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
1725 2301. [bug] Remove resource leak and fix error messages in
1726 bin/tests/system/lwresd/lwtest.c. [RT #17474]
1728 2300. [bug] Fixed failure to close open file in
1729 bin/tests/names/t_names.c. [RT #17473]
1731 2299. [bug] Remove unnecessary NULL check in
1732 bin/nsupdate/nsupdate.c. [RT #17475]
1734 2298. [bug] isc_mutex_lock() failure not caught in
1735 bin/tests/timers/t_timers.c. [RT #17468]
1737 2297. [bug] isc_entropy_createfilesource() failure not caught in
1738 bin/tests/dst/t_dst.c. [RT #17467]
1740 2296. [port] Allow docbook stylesheet location to be specified to
1741 configure. [RT #17457]
1743 2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
1746 2294. [func] Allow the experimental statistics channels to have
1747 multiple connections and ACL.
1748 Note: the stats-server and stats-server-v6 options
1749 available in the previous beta releases are replaced
1750 with the generic statistics-channels statement.
1752 2293. [func] Add ACL regression test. [RT #17375]
1754 2292. [bug] Log if the working directory is not writable.
1757 2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
1758 failure to set PR_SET_DUMPABLE. [RT #17312]
1760 2290. [bug] Let AD in the query signal that the client wants AD
1761 set in the response. [RT #17301]
1763 2289. [func] named-checkzone now reports the out-of-zone CNAME
1766 2288. [port] win32: mark service as running when we have finished
1767 loading. [RT #17441]
1769 2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
1771 2286. [func] Allow a TCP connection to be used as a weak
1772 authentication method for reverse zones.
1773 New update-policy methods tcp-self and 6to4-self.
1776 2285. [func] Test framework for client memory context management.
1779 2284. [bug] Memory leak in UPDATE prerequisite processing.
1782 2283. [bug] TSIG keys were not attaching to the memory
1783 context. TSIG keys should use the rings
1784 memory context rather than the clients memory
1785 context. [RT #17377]
1787 2282. [bug] Acl code fixups. [RT #17346] [RT #17374]
1789 2281. [bug] Attempts to use undefined acls were not being logged.
1792 2280. [func] Allow the experimental http server to be reached
1793 over IPv6 as well as IPv4. [RT #17332]
1795 2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
1796 to protect applications from receiving spurious
1797 SIGPIPE signals when using the resolver.
1799 2278. [bug] win32: handle the case where Windows returns no
1800 search list or DNS suffix. [RT #17354]
1802 2277. [bug] Empty zone names were not correctly being caught at
1803 in the post parse checks. [RT #17357]
1805 2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
1807 2275. [func] Add support to dig to perform IXFR queries over UDP.
1810 2274. [func] Log zone transfer statistics. [RT #17336]
1812 2273. [bug] Adjust log level to WARNING when saving inconsistent
1813 stub/slave master and journal files. [RT# 17279]
1815 2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
1818 2271. [bug] Fix a memory leak in http server code [RT #17100]
1820 2270. [bug] dns_db_closeversion() version->writer could be reset
1821 before it is tested. [RT #17290]
1823 2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
1825 2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
1828 --- 9.5.0b1 released ---
1830 2267. [bug] Radix tree node_num value could be set incorrectly,
1831 causing positive ACL matches to look like negative
1834 2266. [bug] client.c:get_clientmctx() returned the same mctx
1835 once the pool of mctx's was filled. [RT #17218]
1837 2265. [bug] Test that the memory context's basic_table is non NULL
1838 before freeing. [RT #17265]
1840 2264. [bug] Server prefix length was being ignored. [RT #17308]
1842 2263. [bug] "named-checkconf -z" failed to set default value
1843 for "check-integrity". [RT #17306]
1845 2262. [bug] Error status from all but the last view could be
1848 2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
1850 2260. [bug] Reported wrong clients-per-query when increasing the
1855 --- 9.5.0a7 released ---
1857 2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
1860 2257. [bug] win32: Use the full path to vcredist_x86.exe when
1861 calling it. [RT #17222]
1863 2256. [bug] win32: Correctly register the installation location of
1864 bindevt.dll. [RT #17159]
1866 2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
1868 2254. [bug] timer.c:dispatch() failed to lock timer->lock
1869 when reading timer->idle allowing it to see
1870 intermediate values as timer->idle was reset by
1871 isc_timer_touch(). [RT #17243]
1873 2253. [func] "max-cache-size" defaults to 32M.
1874 "max-acache-size" defaults to 16M.
1876 2252. [bug] Fixed errors in sortlist code [RT #17216]
1880 2250. [func] New flag 'memstatistics' to state whether the
1881 memory statistics file should be written or not.
1882 Additionally named's -m option will cause the
1883 statistics file to be written. [RT #17113]
1885 2249. [bug] Only set Authentic Data bit if client requested
1886 DNSSEC, per RFC 3655 [RT #17175]
1888 2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
1890 2247. [doc] Sort doc/misc/options. [RT #17067]
1892 2246. [bug] Make the startup of test servers (ans.pl) more
1895 2245. [bug] Validating lack of DS records at trust anchors wasn't
1896 working. [RT #17151]
1898 2244. [func] Allow the check of nameserver names against the
1899 SOA MNAME field to be disabled by specifying
1900 'notify-to-soa yes;'. [RT #17073]
1902 2243. [func] Configuration files without a newline at the end now
1903 parse without error. [RT #17120]
1905 2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
1906 library could require a source of random data.
1909 2241. [func] nsupdate: add a interactive 'help' command. [RT #17099]
1911 2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
1912 a number of INSIST()s into plain fatal() errors
1913 which report the triggering result code.
1914 The 'key' command wasn't disabling GSS-TSIG.
1917 2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
1919 2238. [bug] It was possible to trigger a REQUIRE when a
1920 validation was canceled. [RT #17106]
1922 2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
1924 2236. [bug] dnssec-signzone failed to preserve the case of
1925 of wildcard owner names. [RT #17085]
1927 2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
1929 2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
1931 2233. [func] Add support for O(1) ACL processing, based on
1932 radix tree code originally written by Kevin
1933 Brintnall. [RT #16288]
1935 2232. [bug] dns_adb_findaddrinfo() could fail and return
1936 ISC_R_SUCCESS. [RT #17137]
1938 2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
1941 2230. [bug] We could INSIST reading a corrupted journal.
1944 2229. [bug] Null pointer dereference on query pool creation
1945 failure. [RT #17133]
1947 2228. [contrib] contrib: Change 2188 was incomplete.
1949 2227. [cleanup] Tidied up the FAQ. [RT #17121]
1953 2225. [bug] More support for systems with no IPv4 addresses.
1956 2224. [bug] Defer journal compaction if a xfrin is in progress.
1959 2223. [bug] Make a new journal when compacting. [RT #17119]
1961 2222. [func] named-checkconf now checks server key references.
1964 2221. [bug] Set the event result code to reflect the actual
1965 record turned to caller when a cache update is
1966 rejected due to a more credible answer existing.
1969 2220. [bug] win32: Address a race condition in final shutdown of
1970 the Windows socket code. [RT #17028]
1972 2219. [bug] Apply zone consistency checks to additions, not
1973 removals, when updating. [RT #17049]
1975 2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
1978 2217. [func] Adjust update log levels. [RT #17092]
1980 2216. [cleanup] Fix a number of errors reported by Coverity.
1983 2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
1985 2214. [bug] Deregister OpenSSL lock callback when cleaning
1986 up. Reorder OpenSSL cleanup so that RAND_cleanup()
1987 is called before the locks are destroyed. [RT #17098]
1989 2213. [bug] SIG0 diagnostic failure messages were looking at the
1990 wrong status code. [RT #17101]
1992 2212. [func] 'host -m' now causes memory statistics and active
1993 memory to be printed at exit. [RT 17028]
1995 2211. [func] Update "dynamic update temporarily disabled" message.
1998 2210. [bug] Deleting class specific records via UPDATE could
2001 2209. [port] osx: linking against user supplied static OpenSSL
2002 libraries failed as the system ones were still being
2005 2208. [port] win32: make sure both build methods produce the
2006 same output. [RT #17058]
2008 2207. [port] Some implementations of getaddrinfo() fail to set
2009 ai_canonname correctly. [RT #17061]
2011 --- 9.5.0a6 released ---
2013 2206. [security] "allow-query-cache" and "allow-recursion" now
2014 cross inherit from each other.
2016 If allow-query-cache is not set in named.conf then
2017 allow-recursion is used if set, otherwise allow-query
2018 is used if set, otherwise the default (localnets;
2019 localhost;) is used.
2021 If allow-recursion is not set in named.conf then
2022 allow-query-cache is used if set, otherwise allow-query
2023 is used if set, otherwise the default (localnets;
2024 localhost;) is used.
2028 2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
2030 2204. [bug] "rndc flushanme name unknown-view" caused named
2031 to crash. [RT #16984]
2033 2203. [security] Query id generation was cryptographically weak.
2036 2202. [security] The default acls for allow-query-cache and
2037 allow-recursion were not being applied. [RT #16960]
2039 2201. [bug] The build failed in a separate object directory.
2042 2200. [bug] The search for cached NSEC records was stopping to
2043 early leading to excessive DLV queries. [RT #16930]
2045 2199. [bug] win32: don't call WSAStartup() while loading dlls.
2048 2198. [bug] win32: RegCloseKey() could be called when
2049 RegOpenKeyEx() failed. [RT #16911]
2051 2197. [bug] Add INSIST to catch negative responses which are
2052 not setting the event result code appropriately.
2055 2196. [port] win32: yield processor while waiting for once to
2056 to complete. [RT #16958]
2058 2195. [func] dnssec-keygen now defaults to nametype "ZONE"
2059 when generating DNSKEYs. [RT #16954]
2061 2194. [bug] Close journal before calling 'done' in xfrin.c.
2063 --- 9.5.0a5 released ---
2065 2193. [port] win32: BINDInstall.exe is now linked statically.
2068 2192. [port] win32: use vcredist_x86.exe to install Visual
2069 Studio's redistributable dlls if building with
2070 Visual Stdio 2005 or later.
2072 2191. [func] named-checkzone now allows dumping to stdout (-).
2073 named-checkconf now has -h for help.
2074 named-checkzone now has -h for help.
2075 rndc now has -h for help.
2076 Better handling of '-?' for usage summaries.
2079 2190. [func] Make fallback to plain DNS from EDNS due to timeouts
2080 more visible. New logging category "edns-disabled".
2083 2189. [bug] Handle socket() returning EINTR. [RT #15949]
2085 2188. [contrib] queryperf: autoconf changes to make the search for
2086 libresolv or libbind more robust. [RT #16299]
2088 2187. [bug] query_addds(), query_addwildcardproof() and
2089 query_addnxrrsetnsec() should take a version
2090 argument. [RT #16368]
2092 2186. [port] cygwin: libbind: check for struct sockaddr_storage
2093 independently of IPv6. [RT #16482]
2095 2185. [port] sunos: libbind: check for ssize_t, memmove() and
2096 memchr(). [RT #16463]
2098 2184. [bug] bind9.xsl.h didn't build out of the source tree.
2101 2183. [bug] dnssec-signzone didn't handle offline private keys
2104 2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
2105 could return ISC_R_SUCCESS when they ran out of
2108 2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
2110 2180. [cleanup] Remove bit test from 'compress_test' as they
2111 are no longer needed. [RT #16497]
2113 2179. [func] 'rndc command zone' will now find 'zone' if it is
2114 unique to all the views. [RT #16821]
2116 2178. [bug] 'rndc reload' of a slave or stub zone resulted in
2117 a reference leak. [RT #16867]
2119 2177. [bug] Array bounds overrun on read (rcodetext) at
2120 debug level 10+. [RT #16798]
2122 2176. [contrib] dbus update to handle race condition during
2123 initialization (Bugzilla 235809). [RT #16842]
2125 2175. [bug] win32: windows broadcast condition variable support
2126 was broken. [RT #16592]
2128 2174. [bug] I/O errors should always be fatal when reading
2129 master files. [RT #16825]
2131 2173. [port] win32: When compiling with MSVS 2005 SP1 we also
2132 need to ship Microsoft.VC80.MFCLOC.
2134 --- 9.5.0a4 released ---
2136 2172. [bug] query_addsoa() was being called with a non zone db.
2139 2171. [bug] Handle breaks in DNSSEC trust chains where the parent
2140 servers are not DS aware (DS queries to the parent
2141 return a referral to the child).
2143 2170. [func] Add acache processing to test suite. [RT #16711]
2145 2169. [bug] host, nslookup: when reporting NXDOMAIN report the
2146 given name and not the last name searched for.
2149 2168. [bug] nsupdate: in non-interactive mode treat syntax errors
2150 as fatal errors. [RT #16785]
2152 2167. [bug] When re-using a automatic zone named failed to
2153 attach it to the new view. [RT #16786]
2155 --- 9.5.0a3 released ---
2157 2166. [bug] When running in batch mode, dig could misinterpret
2158 a server address as a name to be looked up, causing
2159 unexpected output. [RT #16743]
2161 2165. [func] Allow the destination address of a query to determine
2162 if we will answer the query or recurse.
2163 allow-query-on, allow-recursion-on and
2164 allow-query-cache-on. [RT #16291]
2166 2164. [bug] The code to determine how named-checkzone /
2167 named-compilezone was called failed under windows.
2170 2163. [bug] If only one of query-source and query-source-v6
2171 specified a port the query pools code broke (change
2174 2162. [func] Allow "rrset-order fixed" to be disabled at compile
2177 2161. [bug] Fix which log messages are emitted for 'rndc flush'.
2180 2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
2181 from getifaddrs(). [RT #16708]
2183 --- 9.5.0a2 released ---
2185 2159. [bug] Array bounds overrun in acache processing. [RT #16710]
2187 2158. [bug] ns_client_isself() failed to initialize key
2188 leading to a REQUIRE failure. [RT #16688]
2190 2157. [func] dns_db_transfernode() created. [RT #16685]
2192 2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
2193 resolver.c:validated() and resolver.c:cache_name().
2194 Fix a memory leak in rbtdb.c:free_noqname().
2195 Make lookup.c:lookup_find() robust against
2196 event leaks. [RT #16685]
2198 2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com.
2201 2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
2202 matched in acls by omitting the scope. [RT #16599]
2204 2153. [bug] nsupdate could leak memory. [RT #16691]
2206 2152. [cleanup] Use sizeof(buf) instead of fixed number in
2207 dighost.c:get_trusted_key(). [RT #16678]
2209 2151. [bug] Missing newline in usage message for journalprint.
2212 2150. [bug] 'rrset-order cyclic' uniformly distribute the
2213 starting point for the first response for a given
2216 2149. [bug] isc_mem_checkdestroyed() failed to abort on
2217 if there were still active memory contexts.
2220 2148. [func] Add positive logging for rndc commands. [RT #14623]
2222 2147. [bug] libbind: remove potential buffer overflow from
2223 hmac_link.c. [RT #16437]
2225 2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
2226 SO_BSDCOMPAT" message. [RT #16641]
2228 2145. [bug] Check DS/DLV digest lengths for known digests.
2231 2144. [cleanup] Suppress logging of SERVFAIL from forwarders.
2234 2143. [bug] We failed to restart the IPv6 client when the
2235 kernel failed to return the destination the
2236 packet was sent to. [RT #16613]
2238 2142. [bug] Handle master files with a modification time that
2239 matches the epoch. [RT# 16612]
2241 2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
2242 equivalent of LDH checks). [RT #16609]
2244 2140. [bug] libbind: missing unlock on pthread_key_create()
2245 failures. [RT #16654]
2247 2139. [bug] dns_view_find() was being called with wrong type
2248 in adb.c. [RT #16670]
2250 2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2252 2137. [port] Mips little endian and/or mips 64 bit are now
2253 supported for atomic operations. [RT#16648]
2255 2136. [bug] nslookup/host looped if there was no search list
2256 and the host didn't exist. [RT #16657]
2258 2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
2260 2134. [func] Additional statistics support. [RT #16666]
2262 2133. [port] powerpc: Support both IBM and MacOS Power PC
2263 assembler syntaxes. [RT #16647]
2265 2132. [bug] Missing unlock on out of memory in
2266 dns_dispatchmgr_setudp().
2268 2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
2270 2130. [func] Log if CD or DO were set. [RT #16640]
2272 2129. [func] Provide a pool of UDP sockets for queries to be
2273 made over. See use-queryport-pool, queryport-pool-ports
2274 and queryport-pool-updateinterval. [RT #16415]
2276 2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
2278 2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
2280 2126. [security] Serialize validation of type ANY responses. [RT #16555]
2282 2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ
2283 was defined. [RT #16574]
2285 2124. [security] It was possible to dereference a freed fetch
2286 context. [RT #16584]
2288 --- 9.5.0a1 released ---
2290 2123. [func] Use Doxygen to generate internal documentation.
2293 2122. [func] Experimental http server and statistics support
2296 2121. [func] Add a 10 slot dead masters cache (LRU) with a 600
2297 second timeout. [RT #16553]
2299 2120. [doc] Fix markup on nsupdate man page. [RT #16556]
2301 2119. [compat] libbind: allow res_init() to succeed enough to
2302 return the default domain even if it was unable
2305 2118. [bug] Handle response with long chains of domain name
2306 compression pointers which point to other compression
2307 pointers. [RT #16427]
2309 2117. [bug] DNSSEC fixes: named could fail to cache NSEC records
2310 which could lead to validation failures. named didn't
2311 handle negative DS responses that were in the process
2312 of being validated. Check CNAME bit before accepting
2313 NODATA proof. To be able to ignore a child NSEC there
2314 must be SOA (and NS) set in the bitmap. [RT #16399]
2316 2116. [bug] 'rndc reload' could cause the cache to continually
2317 be cleaned. [RT #16401]
2319 2115. [bug] 'rndc reconfig' could trigger a INSIST if the
2320 number of masters for a zone was reduced. [RT #16444]
2322 2114. [bug] dig/host/nslookup: searches for names with multiple
2323 labels were failing. [RT #16447]
2325 2113. [bug] nsupdate: if a zone is specified it should be used
2326 for server discover. [RT# 16455]
2328 2112. [security] Warn if weak RSA exponent is used. [RT #16460]
2330 2111. [bug] Fix a number of errors reported by Coverity.
2333 2110. [bug] "minimal-responses yes;" interacted badly with BIND 8
2334 priming queries. [RT #16491]
2336 2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
2338 2108. [func] DHCID support. [RT #16456]
2340 2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
2342 2106. [func] 'rndc status' now reports named's version. [RT #16426]
2344 2105. [func] GSS-TSIG support (RFC 3645).
2346 2104. [port] Fix Solaris SMF error message.
2348 2103. [port] Add /usr/sfw to list of locations for OpenSSL
2351 2102. [port] Silence Solaris 10 warnings.
2353 2101. [bug] OpenSSL version checks were not quite right.
2356 2100. [port] win32: copy libeay32.dll to Build\Debug.
2357 Copy Debug\named-checkzone to Debug\named-compilezone.
2359 2099. [port] win32: more manifest issues.
2361 2098. [bug] Race in rbtdb.c:no_references(), which occasionally
2362 triggered an INSIST failure about the node lock
2363 reference. [RT #16411]
2365 2097. [bug] named could reference a destroyed memory context
2366 after being reloaded / reconfigured. [RT #16428]
2368 2096. [bug] libbind: handle applications that fail to detect
2369 res_init() failures better.
2371 2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
2372 net_cidr_ntop_ipv6(). [RT #16388]
2374 2094. [contrib] Update named-bootconf. [RT# 16404]
2376 2093. [bug] named-checkzone -s was broken.
2378 2092. [bug] win32: dig, host, nslookup. Use registry config
2379 if resolv.conf does not exist or no nameservers
2382 2091. [port] dighost.c: race condition on cleanup. [RT #16417]
2384 2090. [port] win32: Visual C++ 2005 command line manifest support.
2387 2089. [security] Raise the minimum safe OpenSSL versions to
2388 OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
2389 prior to these have known security flaws which
2390 are (potentially) exploitable in named. [RT #16391]
2392 2088. [security] Change the default RSA exponent from 3 to 65537.
2395 2087. [port] libisc failed to compile on OS's w/o a vsnprintf.
2398 2086. [port] libbind: FreeBSD now has get*by*_r() functions.
2401 2085. [doc] win32: added index.html and README to zip. [RT #16201]
2403 2084. [contrib] dbus update for 9.3.3rc2.
2405 2083. [port] win32: Visual C++ 2005 support.
2407 2082. [doc] Document 'cache-file' as a test only option.
2409 2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
2412 2080. [port] libbind: res_init.c did not compile on older versions
2413 of Solaris. [RT #16363]
2415 2079. [bug] The lame cache was not handling multiple types
2416 correctly. [RT #16361]
2418 2078. [bug] dnssec-checkzone output style "default" was badly
2419 named. It is now called "relative". [RT #16326]
2421 2077. [bug] 'dnssec-signzone -O raw' wasn't outputting the
2422 complete signed zone. [RT #16326]
2424 2076. [bug] Several files were missing #include <config.h>
2425 causing build failures on OSF. [RT #16341]
2427 2075. [bug] The spillat timer event hander could leak memory.
2430 2074. [bug] dns_request_createvia2(), dns_request_createvia3(),
2431 dns_request_createraw2() and dns_request_createraw3()
2432 failed to send multiple UDP requests. [RT #16349]
2434 2073. [bug] Incorrect semantics check for update policy "wildcard".
2437 2072. [bug] We were not generating valid HMAC SHA digests.
2440 2071. [port] Test whether gcc accepts -fno-strict-aliasing.
2443 2070. [bug] The remote address was not always displayed when
2444 reporting dispatch failures. [RT #16315]
2446 2069. [bug] Cross compiling was not working. [RT #16330]
2448 2068. [cleanup] Lower incremental tuning message to debug 1.
2451 2067. [bug] 'rndc' could close the socket too early triggering
2452 a INSIST under Windows. [RT #16317]
2454 2066. [security] Handle SIG queries gracefully. [RT #16300]
2456 2065. [bug] libbind: probe for HPUX prototypes for
2457 endprotoent_r() and endservent_r(). [RT 16313]
2459 2064. [bug] libbind: silence AIX compiler warnings. [RT #16218]
2461 2063. [bug] Change #1955 introduced a bug which caused the first
2462 'rndc flush' call to not free memory. [RT #16244]
2464 2062. [bug] 'dig +nssearch' was reusing a buffer before it had
2465 been returned by the socket code. [RT #16307]
2467 2061. [bug] Accept expired wildcard message reversed. [RT #16296]
2469 2060. [bug] Enabling DLZ support could leave views partially
2470 configured. [RT #16295]
2472 2059. [bug] Search into cache rbtdb could trigger an INSIST
2473 failure while cleaning up a stale rdataset.
2476 2058. [bug] Adjust how we calculate rtt estimates in the presence
2477 of authoritative servers that drop EDNS and/or CD
2478 requests. Also fallback to EDNS/512 and plain DNS
2479 faster for zones with less than 3 servers. [RT #16187]
2481 2057. [bug] Make setting "ra" dependent on both allow-query-cache
2482 and allow-recursion. [RT #16290]
2484 2056. [bug] dig: ixfr= was not being treated case insensitively
2485 at all times. [RT #15955]
2487 2055. [bug] Missing goto after dropping multicast query.
2490 2054. [port] freebsd: do not explicitly link against -lpthread.
2493 2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220]
2495 2052. [bug] 'rndc' improve connect failed message to report
2496 the failing address. [RT #15978]
2498 2051. [port] More strtol() fixes. [RT #16249]
2500 2050. [bug] Parsing of NSAP records was not case insensitive.
2503 2049. [bug] Restore SOA before AXFR when falling back from
2504 a attempted IXFR when transferring in a zone.
2505 Allow a initial SOA query before attempting
2506 a AXFR to be requested. [RT #16156]
2508 2048. [bug] It was possible to loop forever when using
2509 avoid-v4-udp-ports / avoid-v6-udp-ports when
2510 the OS always returned the same local port.
2513 2047. [bug] Failed to initialize the interface flags to zero.
2516 2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
2517 cleanup [RT #16247].
2519 2045. [func] Use lock buckets for acache entries to limit memory
2520 consumption. [RT #16183]
2522 2044. [port] Add support for atomic operations for Itanium.
2525 2043. [port] nsupdate/nslookup: Force the flushing of the prompt
2526 for interactive sessions. [RT#16148]
2528 2042. [bug] named-checkconf was incorrectly rejecting the
2529 logging category "config". [RT #16117]
2531 2041. [bug] "configure --with-dlz-bdb=yes" produced a bad
2532 set of libraries to be linked. [RT #16129]
2534 2040. [bug] rbtdb no_references() could trigger an INSIST
2535 failure with --enable-atomic. [RT #16022]
2537 2039. [func] Check that all buffers passed to the socket code
2538 have been retrieved when the socket event is freed.
2541 2038. [bug] dig/nslookup/host was unlinking from wrong list
2542 when handling errors. [RT #16122]
2544 2037. [func] When unlinking the first or last element in a list
2545 check that the list head points to the element to
2546 be unlinked. [RT #15959]
2548 2036. [bug] 'rndc recursing' could cause trigger a REQUIRE.
2551 2035. [func] Make falling back to TCP on UDP refresh failure
2552 optional. Default "try-tcp-refresh yes;" for BIND 8
2553 compatibility. [RT #16123]
2555 2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
2557 2033. [bug] We weren't creating multiple client memory contexts
2558 on demand as expected. [RT #16095]
2560 2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074]
2562 2031. [bug] Emit a error message when "rndc refresh" is called on
2563 a non slave/stub zone. [RT # 16073]
2565 2030. [bug] We were being overly conservative when disabling
2566 openssl engine support. [RT #16030]
2568 2029. [bug] host printed out the server multiple times when
2569 specified on the command line. [RT #15992]
2571 2028. [port] linux: socket.c compatibility for old systems.
2574 2027. [port] libbind: Solaris x86 support. [RT #16020]
2576 2026. [bug] Rate limit the two recursive client exceeded messages.
2579 2025. [func] Update "zone serial unchanged" message. [RT #16026]
2581 2024. [bug] named emitted spurious "zone serial unchanged"
2582 messages on reload. [RT #16027]
2584 2023. [bug] "make install" should create ${localstatedir}/run and
2585 ${sysconfdir} if they do not exist. [RT #16033]
2587 2022. [bug] If dnssec validation is disabled only assert CD if
2588 CD was requested. [RT #16037]
2590 2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037]
2592 2020. [bug] rdataset_setadditional() could leak memory. [RT #16034]
2594 2019. [tuning] Reduce the amount of work performed per quantum
2595 when cleaning the cache. [RT #15986]
2597 2018. [bug] Checking if the HMAC MD5 private file was broken.
2600 2017. [bug] allow-query default was not correct. [RT #15946]
2602 2016. [bug] Return a partial answer if recursion is not
2603 allowed but requested and we had the answer
2604 to the original qname. [RT #15945]
2606 2015. [cleanup] use-additional-cache is now acache-enable for
2607 consistency. Default acache-enable off in BIND 9.4
2608 as it requires memory usage to be configured.
2609 It may be enabled by default in BIND 9.5 once we
2610 have more experience with it.
2612 2014. [func] Statistics about acache now recorded and sent
2615 2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
2616 responses more gracefully. [RT #15941]
2618 2012. [func] Don't insert new acache entries if acache is full.
2621 2011. [func] dnssec-signzone can now update the SOA record of
2622 the signed zone, either as an increment or as the
2623 system time(). [RT #15633]
2625 2010. [placeholder] rt15958
2627 2009. [bug] libbind: Coverity fixes. [RT #15808]
2629 2008. [func] It is now possible to enable/disable DNSSEC
2630 validation from rndc. This is useful for the
2631 mobile hosts where the current connection point
2632 breaks DNSSEC (firewall/proxy). [RT #15592]
2634 rndc validation newstate [view]
2636 2007. [func] It is now possible to explicitly enable DNSSEC
2637 validation. default dnssec-validation no; to
2638 be changed to yes in 9.5.0. [RT #15674]
2640 2006. [security] Allow-query-cache and allow-recursion now default
2641 to the built in acls "localnets" and "localhost".
2643 This is being done to make caching servers less
2644 attractive as reflective amplifying targets for
2645 spoofed traffic. This still leave authoritative
2648 The best fix is for full BCP 38 deployment to
2649 remove spoofed traffic.
2651 2005. [bug] libbind: Retransmission timeouts should be
2652 based on which attempt it is to the nameserver
2653 and not the nameserver itself. [RT #13548]
2655 2004. [bug] dns_tsig_sign() could pass a NULL pointer to
2656 dst_context_destroy() when cleaning up after a
2659 2003. [bug] libbind: The DNS name/address lookup functions could
2660 occasionally follow a random pointer due to
2661 structures not being completely zeroed. [RT #15806]
2663 2002. [bug] libbind: tighten the constraints on when
2664 struct addrinfo._ai_pad exists. [RT #15783]
2666 2001. [func] Check the KSK flag when updating a secure dynamic zone.
2667 New zone option "update-check-ksk yes;". [RT #15817]
2669 2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812]
2671 1999. [func] Implement "rrset-order fixed". [RT #13662]
2673 1998. [bug] Restrict handling of fifos as sockets to just SunOS.
2674 This allows named to connect to entropy gathering
2675 daemons that use fifos instead of sockets. [RT #15840]
2677 1997. [bug] Named was failing to replace negative cache entries
2678 when a positive one for the type was learnt.
2681 1996. [bug] nsupdate: if a zone has been specified it should
2682 appear in the output of 'show'. [RT #15797]
2684 1995. [bug] 'host' was reporting multiple "is an alias" messages.
2687 1994. [port] OpenSSL 0.9.8 support. [RT #15694]
2689 1993. [bug] Log messages, via syslog, were missing the space
2690 after the timestamp if "print-time yes" was specified.
2693 1992. [bug] Not all incoming zone transfer messages included the
2696 1991. [cleanup] The configuration data, once read, should be treated
2697 as read only. Expand the use of const to enforce this
2698 at compile time. [RT #15813]
2700 1990. [bug] libbind: isc's override of broken gettimeofday()
2701 implementations was not always effective.
2704 1989. [bug] win32: don't check the service password when
2705 re-installing. [RT #15882]
2707 1988. [bug] Remove a bus error from the SHA256/SHA512 support.
2710 1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
2712 1986. [func] Report when a zone is removed. [RT #15849]
2714 1985. [protocol] DLV has now been assigned a official type code of
2717 Note: care should be taken to ensure you upgrade
2718 both named and dnssec-signzone at the same time for
2719 zones with DLV records where named is the master
2720 server for the zone. Also any zones that contain
2721 DLV records should be removed when upgrading a slave
2722 zone. You do not however have to upgrade all
2723 servers for a zone with DLV records simultaneously.
2725 1984. [func] dig, nslookup and host now advertise a 4096 byte
2726 EDNS UDP buffer size by default. [RT #15855]
2728 1983. [func] Two new update policies. "selfsub" and "selfwild".
2731 1982. [bug] DNSKEY was being accepted on the parent side of
2732 a delegation. KEY is still accepted there for
2733 RFC 3007 validated updates. [RT #15620]
2735 1981. [bug] win32: condition.c:wait() could fail to reattain
2738 1980. [func] dnssec-signzone: output the SOA record as the
2739 first record in the signed zone. [RT #15758]
2741 1979. [port] linux: allow named to drop core after changing
2742 user ids. [RT #15753]
2744 1978. [port] Handle systems which have a broken recvmsg().
2747 1977. [bug] Silence noisy log message. [RT #15704]
2749 1976. [bug] Handle systems with no IPv4 addresses. [RT #15695]
2751 1975. [bug] libbind: isc_gethexstring() could misparse multi-line
2752 hex strings with comments. [RT #15814]
2754 1974. [doc] List each of the zone types and associated zone
2755 options separately in the ARM.
2757 1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
2758 HMACSHA512 support. [RT #13606]
2760 1972. [contrib] DBUS dynamic forwarders integration from
2761 Jason Vas Dias <jvdias@redhat.com>.
2763 1971. [port] linux: make detection of missing IF_NAMESIZE more
2766 1970. [bug] nsupdate: adjust UDP timeout when falling back to
2767 unsigned SOA query. [RT #15775]
2769 1969. [bug] win32: the socket code was freeing the socket
2770 structure too early. [RT #15776]
2772 1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
2774 1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
2776 1966. [bug] Don't set CD when we have fallen back to plain DNS.
2779 1965. [func] Suppress spurious "recursion requested but not
2780 available" warning with 'dig +qr'. [RT #15780].
2782 1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
2784 1963. [port] Tru64 4.0E doesn't support send() and recv().
2787 1962. [bug] Named failed to clear old update-policy when it
2788 was removed. [RT #15491]
2790 1961. [bug] Check the port and address of responses forwarded
2791 to dispatch. [RT #15474]
2793 1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
2796 1959. [func] Control the zeroing of the negative response TTL to
2797 a soa query. Defaults "zero-no-soa-ttl yes;" and
2798 "zero-no-soa-ttl-cache no;". [RT #15460]
2800 1958. [bug] Named failed to update the zone's secure state
2801 until the zone was reloaded. [RT #15412]
2803 1957. [bug] Dig mishandled responses to class ANY queries.
2806 1956. [bug] Improve cross compile support, 'gen' is now built
2807 by native compiler. See README for additional
2808 cross compile support information. [RT #15148]
2810 1955. [bug] Pre-allocate the cache cleaning iterator. [RT #14998]
2812 1954. [func] Named now falls back to advertising EDNS with a
2813 512 byte receive buffer if the initial EDNS queries
2816 1953. [func] The maximum EDNS UDP response named will send can
2817 now be set in named.conf (max-udp-size). This is
2818 independent of the advertised receive buffer
2819 (edns-udp-size). [RT #14852]
2821 1952. [port] hpux: tell the linker to build a runtime link
2822 path "-Wl,+b:". [RT #14816].
2824 1951. [security] Drop queries from particular well known ports.
2825 Don't return FORMERR to queries from particular
2826 well known ports. [RT #15636]
2828 1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
2829 a TCP socket. This prevents the source address being
2830 set for TCP connections. [RT #15628]
2832 1949. [func] Addition memory leakage checks. [RT #15544]
2834 1948. [bug] If was possible to trigger a REQUIRE failure in
2835 xfrin.c:maybe_free() if named ran out of memory.
2838 1947. [func] It is now possible to configure named to accept
2839 expired RRSIGs. Default "dnssec-accept-expired no;".
2840 Setting "dnssec-accept-expired yes;" leaves named
2841 vulnerable to replay attacks. [RT #14685]
2843 1946. [bug] resume_dslookup() could trigger a REQUIRE failure
2844 when using forwarders. [RT #15549]
2846 1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
2847 To generate a RSAMD5 key you must explicitly request
2850 1944. [cleanup] isc_hash_create() does not need a read/write lock.
2853 1943. [bug] Set the loadtime after rolling forward the journal.
2856 1942. [bug] If the name of a DNSKEY match that of one in
2857 trusted-keys do not attempt to validate the DNSKEY
2858 using the parents DS RRset. [RT #15649]
2860 1941. [bug] ncache_adderesult() should set eresult even if no
2861 rdataset is passed to it. [RT #15642]
2863 1940. [bug] Fixed a number of error conditions reported by
2866 1939. [bug] The resolver could dereference a null pointer after
2867 validation if all the queries have timed out.
2870 1938. [bug] The validator was not correctly handling unsecure
2871 negative responses at or below a SEP. [RT #15528]
2873 1937. [bug] sdlz doesn't handle RRSIG records. [RT #15564]
2875 1936. [bug] The validator could leak memory. [RT #15544]
2877 1935. [bug] 'acache' was DO sensitive. [RT #15430]
2879 1934. [func] Validate pending NS RRsets, in the authority section,
2880 prior to returning them if it can be done without
2881 requiring DNSKEYs to be fetched. [RT #15430]
2883 1933. [bug] dump_rdataset_raw() had a incorrect INSIST. [RT #15534]
2885 1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
2887 1931. [bug] Per-client mctx could require a huge amount of memory,
2888 particularly for a busy caching server. [RT #15519]
2890 1930. [port] HPUX: ia64 support. [RT #15473]
2892 1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
2894 1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
2896 1927. [bug] Access to soanode or nsnode in rbtdb violated the
2897 lock order rule and could cause a dead lock.
2900 1926. [bug] The Windows installer did not check for empty
2901 passwords. BINDinstall was being installed in
2902 the wrong place. [RT #15483]
2904 1925. [port] All outer level AC_TRY_RUNs need cross compiling
2905 defaults. [RT #15469]
2907 1924. [port] libbind: hpux ia64 support. [RT #15473]
2909 1923. [bug] ns_client_detach() called too early. [RT #15499]
2911 1922. [bug] check-tool.c:setup_logging() missing call to
2912 dns_log_setcontext().
2914 1921. [bug] Client memory contexts were not using internal
2917 1920. [bug] The cache rbtdb lock array was too small to
2918 have the desired performance characteristics.
2921 1919. [contrib] queryperf: a set of new features: collecting/printing
2922 response delays, printing intermediate results, and
2923 adjusting query rate for the "target" qps.
2925 1918. [bug] Memory leak when checking acls. [RT #15391]
2927 1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
2928 when generating man pages. [RT #15385]
2930 1916. [func] Integrate contributed IDN code from JPNIC. [RT #15383]
2932 1915. [bug] dig +ndots was broken. [RT #15215]
2934 1914. [protocol] DS is required to accept mnemonic algorithms
2935 (RFC 4034). Still emit numeric algorithms for
2936 compatibility with RFC 3658. [RT #15354]
2938 1913. [func] Integrate contributed DLZ code into named. [RT #11382]
2940 1912. [port] aix: atomic locking for powerpc. [RT #15020]
2942 1911. [bug] Update windows socket code. [RT #14965]
2944 1910. [bug] dig's +sigchase code overhauled. [RT #14933]
2946 1909. [bug] The DLV code has been re-worked to make no longer
2947 query order sensitive. [RT #14933]
2949 1908. [func] dig now warns if 'RA' is not set in the answer when
2950 'RD' was set in the query. host/nslookup skip servers
2951 that fail to set 'RA' when 'RD' is set unless a server
2952 is explicitly set. [RT #15005]
2954 1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
2957 1906. [func] dig now has a '-q queryname' and '+showsearch' options.
2960 1905. [bug] Strings returned from cfg_obj_asstring() should be
2961 treated as read-only. The prototype for
2962 cfg_obj_asstring() has been updated to reflect this.
2965 1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
2966 friends. Note: RFC 1918 zones are not yet covered by
2967 this but are likely to be in a future release.
2969 New options: empty-server, empty-contact,
2970 empty-zones-enable and disable-empty-zone.
2972 1903. [func] ISC string copy API.
2974 1902. [func] Attempt to make the amount of work performed in a
2975 iteration self tuning. The covers nodes clean from
2976 the cache per iteration, nodes written to disk when
2977 rewriting a master file and nodes destroyed per
2978 iteration when destroying a zone or a cache.
2981 1901. [cleanup] Don't add DNSKEY records to the additional section.
2983 1900. [bug] ixfr-from-differences failed to ensure that the
2984 serial number increased. [RT #15036]
2986 1899. [func] named-checkconf now validates update-policy entries.
2989 1898. [bug] Extend ISC_SOCKADDR_FORMATSIZE and
2990 ISC_NETADDR_FORMATSIZE to allow for scope details.
2992 1897. [func] x86 and x86_64 now have separate atomic locking
2995 1896. [bug] Recursive clients soft quota support wasn't working
2996 as expected. [RT #15103]
2998 1895. [bug] A escaped character is, potentially, converted to
2999 the output character set too early. [RT #14666]
3001 1894. [doc] Review ARM for BIND 9.4.
3003 1893. [port] Use uintptr_t if available. [RT #14606]
3005 1892. [func] Support for SPF rdata type. [RT #15033]
3007 1891. [port] freebsd: pthread_mutex_init can fail if it runs out
3008 of memory. [RT #14995]
3010 1890. [func] Raise the UDP receive buffer size to 32k if it is
3011 less than 32k. [RT #14953]
3013 1889. [port] sunos: non blocking i/o support. [RT #14951]
3015 1888. [func] Support for IPSECKEY rdata type. [RT #14967]
3017 1887. [bug] The cache could delete expired records too fast for
3018 clients with a virtual time in the past. [RT #14991]
3020 1886. [bug] fctx_create() could return success even though it
3023 1885. [func] dig: report the number of extra bytes still left in
3024 the packet after processing all the records.
3026 1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>.
3028 1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug
3031 1882. [func] Limit the number of recursive clients that can be
3032 waiting for a single query (<qname,qtype,qclass>) to
3033 resolve. New options clients-per-query and
3034 max-clients-per-query.
3036 1881. [func] Add a system test for named-checkconf. [RT #14931]
3038 1880. [func] The lame cache is now done on a <qname,qclass,qtype>
3039 basis as some servers only appear to be lame for
3040 certain query types. [RT #14916]
3042 1879. [func] "USE INTERNAL MALLOC" is now runtime selectable.
3045 1878. [func] Detect duplicates of UDP queries we are recursing on
3046 and drop them. New stats category "duplicate".
3049 1877. [bug] Fix unreasonably low quantum on call to
3050 dns_rbt_destroy2(). Remove unnecessary unhash_node()
3053 1876. [func] Additional memory debugging support to track size
3054 and mctx arguments. [RT #14814]
3056 1875. [bug] process_dhtkey() was using the wrong memory context
3057 to free some memory. [RT #14890]
3059 1874. [port] sunos: portability fixes. [RT #14814]
3061 1873. [port] win32: isc__errno2result() now reports its caller.
3064 1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
3068 1870. [func] Added framework for handling multiple EDNS versions.
3071 1869. [func] dig can now specify the EDNS version when making
3072 a query. [RT #14873]
3074 1868. [func] edns-udp-size can now be overridden on a per
3075 server basis. [RT #14851]
3077 1867. [bug] It was possible to trigger a INSIST in
3078 dlv_validatezonekey(). [RT #14846]
3080 1866. [bug] resolv.conf parse errors were being ignored by
3081 dig/host/nslookup. [RT #14841]
3083 1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
3084 bad addresses. [RT #14841]
3086 1864. [bug] Don't try the alternative transfer source if you
3087 got a answer / transfer with the main source
3088 address. [RT #14802]
3090 1863. [bug] rrset-order "fixed" error messages not complete.
3092 1862. [func] Add additional zone data constancy checks.
3093 named-checkzone has extended checking of NS, MX and
3094 SRV record and the hosts they reference.
3095 named has extended post zone load checks.
3096 New zone options: check-mx and integrity-check.
3099 1861. [bug] dig could trigger a INSIST on certain malformed
3100 responses. [RT #14801]
3102 1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
3103 incorrectly set. [RT #14775]
3105 1859. [func] Add support for CH A record. [RT #14695]
3107 1858. [bug] The flush-zones-on-shutdown option wasn't being
3110 1857. [bug] named could trigger a INSIST() if reconfigured /
3111 reloaded too fast. [RT #14673]
3113 1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
3116 1855. [bug] ixfr-from-differences was failing to detect changes
3117 of ttl due to dns_diff_subtract() was ignoring the ttl
3118 of records. [RT #14616]
3120 1854. [bug] lwres also needs to know the print format for
3121 (long long). [RT #13754]
3123 1853. [bug] Rework how DLV interacts with proveunsecure().
3126 1852. [cleanup] Remove last vestiges of dnssec-signkey and
3127 dnssec-makekeyset (removed from Makefile years ago).
3129 1851. [doc] Doxygen comment markup. [RT #11398]
3131 1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
3133 1849. [doc] All forms of the man pages (docbook, man, html) should
3134 have consistent copyright dates.
3136 1848. [bug] Improve SMF integration. [RT #13238]
3138 1847. [bug] isc_ondestroy_init() is called too late in
3139 dns_rbtdb_create()/dns_rbtdb64_create().
3142 1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
3143 <bortzmeyer@nic.fr>.
3145 1845. [bug] Improve error reporting to distinguish between
3146 accept()/fcntl() and socket()/fcntl() errors.
3149 1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
3150 for each 16 bit piece of the IPv6 address. The text
3151 representation of a IPv6 address has been tightened
3152 to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
3155 1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps
3156 when CFLAGS contains "-I /usr/local/include"
3157 resulting in old header files being used.
3159 1842. [port] cmsg_len() could produce incorrect results on
3160 some platform. [RT #13744]
3162 1841. [bug] "dig +nssearch" now makes a recursive query to
3163 find the list of nameservers to query. [RT #13694]
3165 1840. [func] dnssec-signzone can now randomize signature end times
3166 (dnssec-signzone -j jitter). [RT #13609]
3168 1839. [bug] <isc/hash.h> was not being installed.
3170 1838. [cleanup] Don't allow Linux capabilities to be inherited.
3173 1837. [bug] Compile time option ISC_FACILITY was not effective
3174 for 'named -u <user>'. [RT #13714]
3176 1836. [cleanup] Silence compiler warnings in hash_test.c.
3178 1835. [bug] Update dnssec-signzone's usage message. [RT #13657]
3180 1834. [bug] Bad memset in rdata_test.c. [RT #13658]
3182 1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660]
3184 1832. [bug] named fails to return BADKEY on unknown TSIG algorithm.
3187 1831. [doc] Update named-checkzone documentation. [RT#13604]
3189 1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
3191 1829. [bug] win32: "pid-file none;" broken. [RT #13563]
3193 1828. [bug] isc_rwlock_init() failed to properly cleanup if it
3194 encountered a error. [RT #13549]
3196 1827. [bug] host: update usage message for '-a'. [RT #37116]
3198 1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out
3199 of memory error. [RT #13537]
3201 1825. [bug] Missing UNLOCK() on out of memory error from in
3202 rbtdb.c:subtractrdataset(). [RT #13519]
3204 1824. [bug] Memory leak on dns_zone_setdbtype() failure.
3207 1823. [bug] Wrong macro used to check for point to point interface.
3210 1822. [bug] check-names test for RT was reversed. [RT #13382]
3214 1820. [bug] Gracefully handle acl loops. [RT #13659]
3216 1819. [bug] The validator needed to check both the algorithm and
3217 digest types of the DS to determine if it could be
3218 used to introduce a secure zone. [RT #13593]
3220 1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599]
3222 1817. [func] Add support for additional zone file formats for
3223 improving loading performance. The masterfile-format
3224 option in named.conf can be used to specify a
3225 non-default format. A separate command
3226 named-compilezone was provided to generate zone files
3227 in the new format. Additionally, the -I and -O options
3228 for dnssec-signzone specify the input and output
3231 1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
3234 1815. [bug] nsupdate triggered a REQUIRE if the server was set
3235 without also setting the zone and it encountered
3236 a CNAME and was using TSIG. [RT #13086]
3238 1814. [func] UNIX domain controls are now supported.
3240 1813. [func] Restructured the data locking framework using
3241 architecture dependent atomic operations (when
3242 available), improving response performance on
3243 multi-processor machines significantly.
3244 x86, x86_64, alpha, powerpc, and mips are currently
3247 1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
3250 1811. [func] Preserve the case of domain names in rdata during
3251 zone transfers. [RT #13547]
3253 1810. [bug] configure, lib/bind/configure make different default
3254 decisions about whether to do a threaded build.
3257 1809. [bug] "make distclean" failed for libbind if the platform
3260 1808. [bug] zone.c:notify_zone() contained a race condition,
3261 zone->db could change underneath it. [RT #13511]
3263 1807. [bug] When forwarding (forward only) set the active domain
3264 from the forward zone name. [RT #13526]
3266 1806. [bug] The resolver returned the wrong result when a CNAME /
3267 DNAME was encountered when fetching glue from a
3268 secure namespace. [RT #13501]
3270 1805. [bug] Pending status was not being cleared when DLV was
3273 1804. [bug] Ensure that if we are queried for glue that it fits
3274 in the additional section or TC is set to tell the
3275 client to retry using TCP. [RT #10114]
3277 1803. [bug] dnssec-signzone sometimes failed to remove old
3280 1802. [bug] Handle connection resets better. [RT #11280]
3282 1801. [func] Report differences between hints and real NS rrset
3283 and associated address records.
3285 1800. [bug] Changes #1719 allowed a INSIST to be triggered.
3288 1799. [bug] 'rndc flushname' failed to flush negative cache
3289 entries. [RT #13438]
3291 1798. [func] The server syntax has been extended to support a
3292 range of servers. [RT #11132]
3294 1797. [func] named-checkconf now check acls to verify that they
3295 only refer to existing acls. [RT #13101]
3297 1796. [func] "rndc freeze/thaw" now freezes/thaws all zones.
3299 1795. [bug] "rndc dumpdb" was not fully documented. Minor
3300 formating issues with "rndc dumpdb -all". [RT #13396]
3302 1794. [func] Named and named-checkzone can now both check for
3303 non-terminal wildcard records.
3305 1793. [func] Extend adjusting TTL warning messages. [RT #13378]
3307 1792. [func] New zone option "notify-delay". Specify a minimum
3308 delay between sets of NOTIFY messages.
3310 1791. [bug] 'host -t a' still printed out AAAA and MX records.
3313 1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
3314 allow parallel make to succeed.
3316 1789. [bug] Prerequisite test for tkey and dnssec could fail
3317 with "configure --with-libtool".
3319 1788. [bug] libbind9.la/libbind9.so needs to link against
3320 libisccfg.la/libisccfg.so.
3322 1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.
3324 1786. [port] AIX: libt_api needs to be taught to look for
3325 T_testlist in the main executable (--with-libtool).
3328 1785. [bug] libbind9.la/libbind9.so needs to link against
3329 libisc.la/libisc.so.
3331 1784. [cleanup] "libtool -allow-undefined" is the default.
3332 Leave hooks in configure to allow it to be set
3333 if needed in the future.
3335 1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the
3338 1782. [port] OSX: --with-libtool + --enable-libbind broke on
3339 __evOptMonoTime. [RT #13219]
3341 1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
3343 1780. [bug] Update libtool to 1.5.10.
3345 1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
3347 1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
3348 IN6ADDR_LOOPBACK_INIT macros.
3350 1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
3351 IN6ADDR_LOOPBACK_INIT macros.
3353 1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
3354 IN6ADDR_LOOPBACK_INIT macros.
3356 1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
3358 1774. [port] Aix: Silence compiler warnings / build failures.
3361 1773. [bug] Fast retry on host / net unreachable. [RT #13153]
3367 1770. [bug] named-checkconf failed to report missing a missing
3368 file clause for rbt{64} master/hint zones. [RT#13009]
3370 1769. [port] win32: change compiler flags /MTd ==> /MDd,
3373 1768. [bug] nsecnoexistnodata() could be called with a non-NSEC
3374 rdataset. [RT #12907]
3376 1767. [port] Builds on IPv6 platforms without IPv6 Advanced API
3377 support for (struct in6_pktinfo) failed. [RT #13077]
3379 1766. [bug] Update the master file timestamp on successful refresh
3380 as well as the journal's timestamp. [RT# 13062]
3382 1765. [bug] configure --with-openssl=auto failed. [RT #12937]
3384 1764. [bug] dns_zone_replacedb failed to emit a error message
3385 if there was no SOA record in the replacement db.
3388 1763. [func] Perform sanity checks on NS records which refer to
3389 'in zone' names. [RT #13002]
3391 1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS
3392 even when it failed. [RT #12995]
3394 1761. [bug] 'rndc dumpdb' didn't report unassociated entries.
3397 1760. [bug] Host / net unreachable was not penalising rtt
3398 estimates. [RT #12970]
3400 1759. [bug] Named failed to startup if the OS supported IPv6
3401 but had no IPv6 interfaces configured. [RT #12942]
3403 1758. [func] Don't send notify messages to self. [RT #12933]
3405 1757. [func] host now can turn on memory debugging flags with '-m'.
3407 1756. [func] named-checkconf now checks the logging configuration.
3410 1755. [func] allow-update is now settable at the options / view
3413 1754. [bug] We weren't always attempting to query the parent
3414 server for the DS records at the zone cut.
3417 1753. [bug] Don't serve a slave zone which has no NS records.
3420 1752. [port] Move isc_app_start() to after ns_os_daemonise()
3421 as some fork() implementations unblock the signals
3422 that are blocked by isc_app_start(). [RT #12810]
3424 1751. [bug] --enable-getifaddrs failed under linux. [RT #12867]
3426 1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
3429 1749. [bug] 'check-names response ignore;' failed to ignore.
3432 1748. [func] dig now returns the byte count for axfr/ixfr.
3434 1747. [bug] BIND 8 compatibility: named/named-checkconf failed
3435 to parse "host-statistics-max" in named.conf.
3437 1746. [func] Make public the function to read a key file,
3438 dst_key_read_public(). [RT #12450]
3440 1745. [bug] Dig/host/nslookup accept replies from link locals
3441 regardless of scope if no scope was specified when
3442 query was sent. [RT #12745]
3444 1744. [bug] If tuple2msgname() failed to convert a tuple to
3445 a name a REQUIRE could be triggered. [RT #12796]
3447 1743. [bug] If isc_taskmgr_create() was not able to create the
3448 requested number of worker threads then destruction
3449 of the manager would trigger an INSIST() failure.
3452 1742. [bug] Deleting all records at a node then adding a
3453 previously existing record, in a single UPDATE
3454 transaction, failed to leave / regenerate the
3455 associated RRSIG records. [RT #12788]
3457 1741. [bug] Deleting all records at a node in a secure zone
3458 using a update-policy grant failed. [RT #12787]
3460 1740. [bug] Replace rbt's hash algorithm as it performed badly
3461 with certain zones. [RT #12729]
3463 NOTE: a hash context now needs to be established
3464 via isc_hash_create() if the application was not
3467 1739. [bug] dns_rbt_deletetree() could incorrectly return
3468 ISC_R_QUOTA. [RT #12695]
3470 1738. [bug] Enable overrun checking by default. [RT #12695]
3472 1737. [bug] named failed if more than 16 masters were specified.
3475 1736. [bug] dst_key_fromnamedfile() could fail to read a
3476 public key. [RT #12687]
3478 1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
3481 1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path.
3484 1733. [bug] Return non-zero exit status on initial load failure.
3487 1732. [bug] 'rrset-order name "*"' wasn't being applied to ".".
3490 1731. [port] darwin: relax version test in ifconfig.sh.
3493 1730. [port] Determine the length type used by the socket API.
3496 1729. [func] Improve check-names error messages.
3498 1728. [doc] Update check-names documentation.
3500 1727. [bug] named-checkzone: check-names support didn't match
3503 1726. [port] aix5: add support for aix5.
3505 1725. [port] linux: update error message on interaction of threads,
3506 capabilities and setuid support (named -u). [RT #12541]
3508 1724. [bug] Look for DNSKEY records with "dig +sigtrace".
3511 1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
3513 1722. [bug] Don't commit the journal on malformed ixfr streams.
3516 1721. [bug] Error message from the journal processing were not
3517 always identifying the relevant journal. [RT #12519]
3519 1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1
3520 negative response. [RT #12506]
3522 1719. [bug] named was not correctly caching a RFC 2308 Type 1
3523 negative response. [RT #12506]
3525 1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative
3526 responses when looking for the zone / master server.
3529 1717. [port] solaris: ifconfig.sh did not support Solaris 10.
3530 "ifconfig.sh down" didn't work for Solaris 9.
3532 1716. [doc] named.conf(5) was being installed in the wrong
3533 location. [RT# 12441]
3535 1715. [func] 'dig +trace' now randomly selects the next servers
3536 to try. Report if there is a bad delegation.
3538 1714. [bug] dig/host/nslookup were only trying the first
3539 address when a nameserver was specified by name.
3542 1713. [port] linux: extend capset failure message to say:
3543 please ensure that the capset kernel module is
3544 loaded. see insmod(8)
3546 1712. [bug] Missing FULLCHECK for "trusted-key" in dig.
3548 1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'.
3550 1710. [func] 'rndc notify zone [class [view]]' resend the NOTIFY
3551 messages for the specified zone. [RT #9479]
3553 1709. [port] solaris: add SMF support from Sun.
3555 1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
3556 for conformance to the name space convention. Binary
3557 backward compatibility to the old function name is
3558 provided. [RT #12376]
3560 1707. [contrib] sdb/ldap updated to version 1.0-beta.
3562 1706. [bug] 'rndc stop' failed to cause zones to be flushed
3563 sometimes. [RT #12328]
3565 1705. [func] Allow the journal's name to be changed via named.conf.
3567 1704. [port] lwres needed a snprintf() implementation for
3568 platforms without snprintf(). Add missing
3569 "#include <isc/print.h>". [RT #12321]
3571 1703. [bug] named would loop sending NOTIFY messages when it
3572 failed to receive a response. [RT #12322]
3574 1702. [bug] also-notify should not be applied to built in zones.
3577 1701. [doc] A minimal named.conf man page.
3579 1700. [func] nslookup is no longer to be treated as deprecated.
3580 Remove "deprecated" warning message. Add man page.
3582 1699. [bug] dnssec-signzone can generate "not exact" errors
3583 when resigning. [RT #12281]
3585 1698. [doc] Use reserved IPv6 documentation prefix.
3587 1697. [bug] xxx-source{,-v6} was not effective when it
3588 specified one of listening addresses and a
3589 different port than the listening port. [RT #12257]
3591 1696. [bug] dnssec-signzone failed to clean out nodes that
3592 consisted of only NSEC and RRSIG records.
3595 1695. [bug] DS records when forwarding require special handling.
3598 1694. [bug] Report if the builtin views of "_default" / "_bind"
3599 are defined in named.conf. [RT #12023]
3601 1693. [bug] max-journal-size was not effective for master zones
3602 with ixfr-from-differences set. [RT# 12024]
3604 1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
3605 /usr/lib. [RT #11971]
3607 1691. [bug] sdb's attachversion was not complete. [RT #11990]
3609 1690. [bug] Delay detaching view from the client until UPDATE
3610 processing completes when shutting down. [RT #11714]
3612 1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
3613 contained gratuitous semicolons. [RT #11707]
3615 1688. [bug] LDFLAGS was not supported.
3617 1687. [bug] Race condition in dispatch. [RT #10272]
3619 1686. [bug] Named sent a extraneous NOTIFY when it received a
3620 redundant UPDATE request. [RT #11943]
3622 1685. [bug] Change #1679 loop tests weren't quite right.
3624 1684. [func] ixfr-from-differences now takes master and slave in
3625 addition to yes and no at the options and view levels.
3627 1683. [bug] dig +sigchase could leak memory. [RT #11445]
3629 1682. [port] Update configure test for (long long) printf format.
3632 1681. [bug] Only set SO_REUSEADDR when a port is specified in
3633 isc_socket_bind(). [RT #11742]
3635 1680. [func] rndc: the source address can now be specified.
3637 1679. [bug] When there was a single nameserver with multiple
3638 addresses for a zone not all addresses were tried.
3641 1678. [bug] RRSIG should use TYPEXXXXX for unknown types.
3643 1677. [bug] dig: +aaonly didn't work, +aaflag undocumented.
3645 1676. [func] New option "allow-query-cache". This lets
3646 allow-query be used to specify the default zone
3647 access level rather than having to have every
3648 zone override the global value. allow-query-cache
3649 can be set at both the options and view levels.
3650 If allow-query-cache is not set allow-query applies.
3652 1675. [bug] named would sometimes add extra NSEC records to
3653 the authority section.
3655 1674. [port] linux: increase buffer size used to scan
3658 1673. [port] linux: issue a error messages if IPv6 interface
3661 1672. [cleanup] Tests which only function in a threaded build
3662 now return R:THREADONLY (rather than R:UNTESTED)
3663 in a non-threaded build.
3665 1671. [contrib] queryperf: add NAPTR to the list of known types.
3667 1670. [func] Log UPDATE requests to slave zones without an acl as
3668 "disabled" at debug level 3. [RT# 11657]
3672 1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
3674 1667. [port] linux: not all versions have IF_NAMESIZE.
3676 1666. [bug] The optional port on hostnames in dual-stack-servers
3679 1665. [func] rndc now allows addresses to be set in the
3682 1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.
3684 1663. [func] Look for OpenSSL by default.
3686 1662. [bug] Change #1658 failed to change one use of 'type'
3689 1661. [bug] Restore dns_name_concatenate() call in
3690 adb.c:set_target(). [RT #11582]
3692 1660. [bug] win32: connection_reset_fix() was being called
3693 unconditionally. [RT #11595]
3695 1659. [cleanup] Cleanup some messages that were referring to KEY vs
3696 DNSKEY, NXT vs NSEC and SIG vs RRSIG.
3698 1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
3699 and DH. Tighten which options apply to KEY and
3702 1657. [doc] ARM: document query log output.
3704 1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
3705 DNSKEY and RRSIG. [RT #11542]
3707 1655. [bug] Logging multiple versions w/o a size was broken.
3710 1654. [bug] isc_result_totext() contained array bounds read
3713 1653. [func] Add key type checking to dst_key_fromfilename(),
3714 DST_TYPE_KEY should be used to read TSIG, TKEY and
3717 1652. [bug] TKEY still uses KEY.
3719 1651. [bug] dig: process multiple dash options.
3721 1650. [bug] dig, nslookup: flush standard out after each command.
3723 1649. [bug] Silence "unexpected non-minimal diff" message.
3726 1648. [func] Update dnssec-lookaside named.conf syntax to support
3727 multiple dnssec-lookaside namespaces (not yet
3730 1647. [bug] It was possible trigger a INSIST when chasing a DS
3731 record that required walking back over a empty node.
3734 1646. [bug] win32: logging file versions didn't work with
3735 non-UNC filenames. [RT#11486]
3737 1645. [bug] named could trigger a REQUIRE failure if multiple
3738 masters with keys are specified.
3740 1644. [bug] Update the journal modification time after a
3741 successful refresh query. [RT #11436]
3743 1643. [bug] dns_db_closeversion() could leak memory / node
3744 references. [RT #11163]
3746 1642. [port] Support OpenSSL implementations which don't have
3747 DSA support. [RT #11360]
3749 1641. [bug] Update the check-names description in ARM. [RT #11389]
3751 1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
3752 incorrectly closing the socket. [RT #11291]
3754 1639. [func] Initial dlv system test.
3756 1638. [bug] "ixfr-from-differences" could generate a REQUIRE
3757 failure if the journal open failed. [RT #11347]
3759 1637. [bug] Node reference leak on error in addnoqname().
3761 1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
3762 a error had occurred. The database version no longer
3763 matched the version of the database that was dumped.
3765 1635. [bug] Memory leak on error in query_addds().
3767 1634. [bug] named didn't supply a useful error message when it
3768 detected duplicate views. [RT #11208]
3770 1633. [bug] named should return NOTIMP to update requests to a
3771 slaves without a allow-update-forwarding acl specified.
3774 1632. [bug] nsupdate failed to send prerequisite only UPDATE
3775 messages. [RT #11288]
3777 1631. [bug] dns_journal_compact() could sometimes corrupt the
3778 journal. [RT #11124]
3780 1630. [contrib] queryperf: add support for IPv6 transport.
3782 1629. [func] dig now supports IPv6 scoped addresses with the
3783 extended format in the local-server part. [RT #8753]
3785 1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]
3787 1627. [bug] win32: sockets were not being closed when the
3788 last external reference was removed. [RT# 11179]
3790 1626. [bug] --enable-getifaddrs was broken. [RT#11259]
3792 1625. [bug] named failed to load/transfer RFC2535 signed zones
3793 which contained CNAMES. [RT# 11237]
3795 1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
3797 1623. [bug] A serial number of zero was being displayed in the
3798 "sending notifies" log message when also-notify was
3801 1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
3802 available, and suppress wildcard binding if not.
3804 1621. [bug] match-destinations did not work for IPv6 TCP queries.
3807 1620. [func] When loading a zone report if it is signed. [RT #11149]
3809 1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
3812 1618. [bug] Fencepost errors in dns_name_ishostname() and
3813 dns_name_ismailbox() could trigger a INSIST().
3815 1617. [port] win32: VC++ 6.0 support.
3817 1616. [compat] Ensure that named's version is visible in the core
3820 1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
3823 1614. [port] win32: silence resource limit messages. [RT# 11101]
3825 1613. [bug] Builds would fail on machines w/o a if_nametoindex().
3826 Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
3829 1612. [bug] check-names at the option/view level could trigger
3830 an INSIST. [RT# 11116]
3832 1611. [bug] solaris: IPv6 interface scanning failed to cope with
3833 no active IPv6 interfaces.
3835 1610. [bug] On dual stack machines "dig -b" failed to set the
3836 address type to be looked up with "@server".
3839 1609. [func] dig now has support to chase DNSSEC signature chains.
3840 Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.
3842 DNSSEC validation code in dig coded by Olivier Courtay
3843 (olivier.courtay@irisa.fr) for the IDsA project
3844 (http://idsa.irisa.fr).
3846 1608. [func] dig and host now accept -4/-6 to select IP transport
3847 to use when making queries.
3849 1607. [bug] dig, host and nslookup were still using random()
3850 to generate query ids. [RT# 11013]
3852 1606. [bug] DLV insecurity proof was failing.
3854 1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
3856 1604. [bug] A xfrout_ctx_create() failure would result in
3857 xfrout_ctx_destroy() being called with a
3858 partially initialized structure.
3860 1603. [bug] nsupdate: set interactive based on isatty().
3863 1602. [bug] Logging to a file failed unless a size was specified.
3866 1601. [bug] Silence spurious warning 'both "recursion no;" and
3867 "allow-recursion" active' warning from view "_bind".
3870 1600. [bug] Duplicate zone pre-load checks were not case
3873 1599. [bug] Fix memory leak on error path when checking named.conf.
3875 1598. [func] Specify that certain parts of the namespace must
3876 be secure (dnssec-must-be-secure).
3878 1597. [func] Allow notify-source and query-source to be specified
3879 on a per server basis similar to transfer-source.
3882 1596. [func] Accept 'notify-source' style syntax for query-source.
3884 1595. [func] New notify type 'master-only'. Enable notify for
3887 1594. [bug] 'rndc dumpdb' could prevent named from answering
3888 queries while the dump was in progress. [RT #10565]
3890 1593. [bug] rndc should return "unknown command" to unknown
3891 commands. [RT# 10642]
3893 1592. [bug] configure_view() could leak a dispatch. [RT# 10675]
3895 1591. [bug] libbind: updated to BIND 8.4.5.
3897 1590. [port] netbsd: update thread support.
3899 1589. [func] DNSSEC lookaside validation.
3901 1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
3903 1587. [bug] dns_message_settsigkey() failed to clear existing key.
3906 1586. [func] "check-names" is now implemented.
3910 1584. [bug] "make test" failed with a read only source tree.
3913 1583. [bug] Records add via UPDATE failed to get the correct trust
3916 1582. [bug] rrset-order failed to work on RRsets with more
3917 than 32 elements. [RT #10381]
3919 1581. [func] Disable DNSSEC support by default. To enable
3920 DNSSEC specify "dnssec-enable yes;" in named.conf.
3922 1580. [bug] Zone destruction on final detach takes a long time.
3925 1579. [bug] Multiple task managers could not be created.
3927 1578. [bug] Don't use CLASS E IPv4 addresses when resolving.
3930 1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug
3931 workaround code. [RT #10331]
3933 1576. [bug] Race condition in dns_dispatch_addresponse().
3936 1575. [func] Log TSIG name on TSIG verify failure. [RT #4404]
3938 1574. [bug] Don't attempt to open the controls socket(s) when
3939 running tests. [RT #9091]
3941 1573. [port] linux: update to libtool 1.5.2 so that
3942 "make install DESTDIR=/xx" works with
3943 "configure --with-libtool". [RT #9941]
3945 1572. [bug] nsupdate: sign the soa query to find the enclosing
3946 zone if the server is specified. [RT #10148]
3948 1571. [bug] rbt:hash_node() could fail leaving the hash table
3949 in an inconsistent state. [RT #10208]
3951 1570. [bug] nsupdate failed to handle classes other than IN.
3952 New keyword 'class' which sets the default class.
3955 1569. [func] nsupdate new command 'answer' which displays the
3956 complete answer message to the last update.
3958 1568. [bug] nsupdate now reports that the update failed in
3959 interactive mode. [RT# 10236]
3961 1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
3963 1566. [port] Support for the cmsg framework on Solaris and HP/UX.
3964 This also solved the problem that match-destinations
3965 for IPv6 addresses did not work on these systems.
3968 1565. [bug] CD flag should be copied to outgoing queries unless
3969 the query is under a secure entry point in which case
3972 1564. [func] Attempt to provide a fallback entropy source to be
3973 used if named is running chrooted and named is unable
3974 to open entropy source within the chroot area.
3977 1563. [bug] Gracefully fail when unable to obtain neither an IPv4
3978 nor an IPv6 dispatch. [RT #10230]
3980 1562. [bug] isc_socket_create() and isc_socket_accept() could
3981 leak memory under error conditions. [RT #10230]
3983 1561. [bug] It was possible to release the same name twice if
3984 named ran out of memory. [RT #10197]
3986 1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
3987 and EAI_NONAME to the same value.
3989 1559. [port] named should ignore SIGFSZ.
3991 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
3992 child zones for which we don't have a supported
3993 algorithm. Such child zones are treated as unsigned.
3995 1557. [func] Implement missing DNSSEC tests for
3996 * NOQNAME proof with wildcard answers.
3997 * NOWILDARD proof with NXDOMAIN.
3998 Cache and return NOQNAME with wildcard answers.
4000 1556. [bug] nsupdate now treats all names as fully qualified.
4003 1555. [func] 'rrset-order cyclic' no longer has a random starting
4004 point per query. [RT #7572]
4006 1554. [bug] dig, host, nslookup failed when no nameservers
4007 were specified in /etc/resolv.conf. [RT #8232]
4009 1553. [bug] The windows socket code could stop accepting
4010 connections. [RT#10115]
4012 1552. [bug] Accept NOTIFY requests from mapped masters if
4013 matched-mapped is set. [RT #10049]
4015 1551. [port] Open "/dev/null" before calling chroot().
4017 1550. [port] Call tzset(), if available, before calling chroot().
4019 1549. [func] named-checkzone can now write out the zone contents
4020 in a easily parsable format (-D and -o).
4022 1548. [bug] When parsing APL records it was possible to silently
4023 accept out of range ADDRESSFAMILY values. [RT# 9979]
4025 1547. [bug] Named wasted memory recording duplicate lame zone
4028 1546. [bug] We were rejecting valid secure CNAME to negative
4031 1545. [bug] It was possible to leak memory if named was unable to
4032 bind to the specified transfer source and TSIG was
4033 being used. [RT #10120]
4035 1544. [bug] Named would logged a single entry to a file despite it
4036 being over the specified size limit.
4038 1543. [bug] Logging using "versions unlimited" did not work.
4042 1541. [func] NSEC now uses new bitmap format.
4044 1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
4047 1539. [bug] Open UDP sockets for notify-source and transfer-source
4048 that use reserved ports at startup. [RT #9475]
4050 1538. [placeholder] rt9997
4052 1537. [func] New option "querylog". If set specify whether query
4053 logging is to be enabled or disabled at startup.
4055 1536. [bug] Windows socket code failed to log a error description
4056 when returning ISC_R_UNEXPECTED. [RT #9998]
4060 1534. [bug] Race condition when priming cache. [RT# 9940]
4062 1533. [func] Warn if both "recursion no;" and "allow-recursion"
4063 are active. [RT# 4389]
4065 1532. [port] netbsd: the configure test for <sys/sysctl.h>
4066 requires <sys/param.h>.
4068 1531. [port] AIX more libtool fixes.
4070 1530. [bug] It was possible to trigger a INSIST() failure if a
4071 slave master file was removed at just the correct
4074 1529. [bug] "notify explicit;" failed to log that NOTIFY messages
4075 were being sent for the zone. [RT# 9442]
4077 1528. [cleanup] Simplify some dns_name_ functions based on the
4078 deprecation of bitstring labels.
4080 1527. [cleanup] Reduce the number of gettimeofday() calls without
4081 losing necessary timer granularity.
4083 1526. [func] Implemented "additional section caching (or acache)",
4084 an internal cache framework for additional section
4085 content to improve response performance. Several
4086 configuration options were provided to control the
4089 1525. [bug] dns_cache_create() could trigger a REQUIRE
4090 failure in isc_mem_put() during error cleanup.
4093 1524. [port] AIX needs to be able to resolve all symbols when
4094 creating shared libraries (--with-libtool).
4096 1523. [bug] Fix race condition in rbtdb. [RT# 9189]
4098 1522. [bug] dns_db_findnode() relax the requirements on 'name'.
4101 1521. [bug] dns_view_createresolver() failed to check the
4102 result from isc_mem_create(). [RT# 9294]
4104 1520. [protocol] Add SSHFP (SSH Finger Print) type.
4106 1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
4107 length of the new bitmap.
4109 1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(),
4110 contained a off-by-one error when working out the
4111 number of octets in the bitmap.
4113 1517. [port] Support for IPv6 interface scanning on HP/UX and
4116 1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
4118 1515. [func] Allow transfer source to be set in a server statement.
4121 1514. [bug] named: isc_hash_destroy() was being called too early.
4124 1513. [doc] Add "US" to root-delegation-only exclude list.
4126 1512. [bug] Extend the delegation-only logging to return query
4127 type, class and responding nameserver.
4129 1511. [bug] delegation-only was generating false positives
4130 on negative answers from sub-zones.
4132 1510. [func] New view option "root-delegation-only". Apply
4133 delegation-only check to all TLDs and root.
4134 Note there are some TLDs that are NOT delegation
4135 only (e.g. DE, LV, US and MUSEUM) these can be excluded
4136 from the checks by using exclude.
4138 root-delegation-only exclude {
4139 "DE"; "LV"; "US"; "MUSEUM";
4142 1509. [bug] Hint zones should accept delegation-only. Forward
4143 zone should not accept delegation-only.
4145 1508. [bug] Don't apply delegation-only checks to answers from
4148 1507. [bug] Handle BIND 8 style returns to NS queries to parents
4149 when making delegation-only checks.
4151 1506. [bug] Wrong return type for dns_view_isdelegationonly().
4153 1505. [bug] Uninitialized rdataset in sdb. [RT #8750]
4155 1504. [func] New zone type "delegation-only".
4157 1503. [port] win32: install libeay32.dll outside of system32.
4159 1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP.
4161 1501. [func] Allow TCP queue length to be specified via
4162 named.conf, tcp-listen-queue.
4164 1500. [bug] host failed to lookup MX records. Also look up
4167 1499. [bug] isc_random need to be seeded better if arc4random()
4170 1498. [port] bsdos: 5.x support.
4174 1496. [port] test for pthread_attr_setstacksize().
4176 1495. [cleanup] Replace hash functions with universal hash.
4178 1494. [security] Turn on RSA BLINDING as a precaution.
4182 1492. [cleanup] Preserve rwlock quota context when upgrading /
4183 downgrading. [RT #5599]
4185 1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
4188 1490. [bug] Accept reading state as well as working state in
4189 ns_client_next(). [RT #6813]
4191 1489. [compat] Treat 'allow-update' on slave zones as a warning.
4194 1488. [bug] Don't override trust levels for glue addresses.
4197 1487. [bug] A REQUIRE() failure could be triggered if a zone was
4198 queued for transfer and the zone was then removed.
4201 1486. [bug] isc_print_snprintf() '%%' consumed one too many format
4202 characters. [RT# 8230]
4204 1485. [bug] gen failed to handle high type values. [RT #6225]
4206 1484. [bug] The number of records reported after a AXFR was wrong.
4209 1483. [bug] dig axfr failed if the message id in the answer failed
4210 to match that in the request. Only the id in the first
4211 message is required to match. [RT #8138]
4213 1482. [bug] named could fail to start if the kernel supports
4214 IPv6 but no interfaces are configured. Similarly
4215 for IPv4. [RT #6229]
4217 1481. [bug] Refresh and stub queries failed to use masters keys
4218 if specified. [RT #7391]
4220 1480. [bug] Provide replay protection for rndc commands. Full
4221 replay protection requires both rndc and named to
4222 be updated. Partial replay protection (limited
4223 exposure after restart) is provided if just named
4226 1479. [bug] cfg_create_tuple() failed to handle out of
4227 memory cleanup. parse_list() would leak memory
4230 1478. [port] ifconfig.sh didn't account for other virtual
4231 interfaces. It now takes a optional argument
4232 to specify the first interface number. [RT #3907]
4234 1477. [bug] memory leak using stub zones and TSIG.
4238 1475. [port] Probe for old sprintf().
4240 1474. [port] Provide strtoul() and memmove() for platforms
4243 1473. [bug] create_map() and create_string() failed to handle out
4244 of memory cleanup. [RT #6813]
4246 1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
4248 1471. [bug] libbind: updated to BIND 8.4.0.
4250 1470. [bug] Incorrect length passed to snprintf. [RT #5966]
4252 1469. [func] Log end of outgoing zone transfer at same level
4253 as the start of transfer is logged. [RT #4441]
4255 1468. [func] Internal zones are no longer counted for
4256 'rndc status'. [RT #4706]
4258 1467. [func] $GENERATES now supports optional class and ttl.
4260 1466. [bug] lwresd configuration errors resulted in memory
4261 and lock leaks. [RT #5228]
4263 1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
4264 failed to check that trailing bits were zero allowing
4265 some invalid base64 strings to be accepted. [RT #5397]
4267 1464. [bug] Preserve "out of zone" data for outgoing zone
4268 transfers. [RT #5192]
4270 1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
4271 NXT bit maps. [RT #5577]
4273 1462. [bug] parse_sizeval() failed to check the token type.
4276 1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
4278 1460. [bug] inet_pton() failed to reject certain malformed
4283 1458. [cleanup] sprintf() -> snprintf().
4285 1457. [port] Provide strlcat() and strlcpy() for platforms without
4288 1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
4290 1455. [bug] <netaddr> missing from server grammar in
4291 doc/misc/options. [RT #5616]
4293 1454. [port] Use getifaddrs() if available for interface scanning.
4294 --disable-getifaddrs to override. Glibc currently
4295 has a getifaddrs() that does not support IPv6.
4296 Use --enable-getifaddrs=glibc to force the use of
4297 this version under linux machines.
4299 1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
4303 1451. [bug] rndc-confgen didn't exit with a error code for all
4304 failures. [RT #5209]
4306 1450. [bug] Fetching expired glue failed under certain
4307 circumstances. [RT #5124]
4309 1449. [bug] query_addbestns() didn't handle running out of memory
4312 1448. [bug] Handle empty wildcards labels.
4314 1447. [bug] We were casting (unsigned int) to and from (void *).
4315 rdataset->private4 is now rdataset->privateuint4
4316 to reflect a type change.
4318 1446. [func] Implemented undocumented alternate transfer sources
4319 from BIND 8. See use-alt-transfer-source,
4320 alt-transfer-source and alt-transfer-source-v6.
4322 SECURITY: use-alt-transfer-source is ENABLED unless
4323 you are using views. This may cause a security risk
4324 resulting in accidental disclosure of wrong zone
4325 content if the master supplying different source
4326 content based on IP address. If you are not certain
4327 ISC recommends setting use-alt-transfer-source no;
4329 1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
4330 been replaced with DNS_ADBFIND_STARTATZONE which
4331 causes the search to start using the closest zone.
4333 1444. [func] dns_view_findzonecut2() allows you to specify if the
4334 cache should be searched for zone cuts.
4336 1443. [func] Masters lists can now be specified and referenced
4337 in zone masters clauses and other masters lists.
4339 1442. [func] New functions for manipulating port lists:
4340 dns_portlist_create(), dns_portlist_add(),
4341 dns_portlist_remove(), dns_portlist_match(),
4342 dns_portlist_attach() and dns_portlist_detach().
4344 1441. [func] It is now possible to tell dig to bind to a specific
4347 1440. [func] It is now possible to tell named to avoid using
4348 certain source ports (avoid-v4-udp-ports,
4349 avoid-v6-udp-ports).
4351 1439. [bug] Named could return NOERROR with certain NOTIFY
4352 failures. Return NOTAUTH if the NOTIFY zone is
4355 1438. [func] Log TSIG (if any) when logging NOTIFY requests.
4357 1437. [bug] Leave space for stdio to work in. [RT #5033]
4359 1436. [func] dns_zonemgr_resumexfrs() can be used to restart
4362 1435. [bug] zmgr_resume_xfrs() was being called read locked
4363 rather than write locked. zmgr_resume_xfrs()
4364 was not being called if the zone was being
4367 1434. [bug] "rndc reconfig" failed to initiate the initial
4368 zone transfer of new slave zones.
4370 1433. [bug] named could trigger a REQUIRE failure if it could
4371 not get a file descriptor when attempting to write
4372 a master file. [RT #4347]
4374 1432. [func] The advertised EDNS UDP buffer size can now be set
4375 via named.conf (edns-udp-size).
4377 1431. [bug] isc_print_snprintf() "%s" with precision could walk off
4378 end of argument. [RT #5191]
4380 1430. [port] linux: IPv6 interface scanning support.
4382 1429. [bug] Prevent the cache getting locked to old servers.
4386 1427. [bug] Race condition in adb with threaded build.
4390 1425. [port] linux/libbind: define __USE_MISC when testing *_r()
4391 function prototypes in netdb.h. [RT #4921]
4393 1424. [bug] EDNS version not being correctly printed.
4395 1423. [contrib] queryperf: added A6 and SRV.
4397 1422. [func] Log name/type/class when denying a query. [RT #4663]
4399 1421. [func] Differentiate updates that don't succeed due to
4400 prerequisites (unsuccessful) vs other reasons
4403 1420. [port] solaris: work around gcc optimizer bug.
4405 1419. [port] openbsd: use /dev/arandom. [RT #4950]
4407 1418. [bug] 'rndc reconfig' did not cause new slaves to load.
4409 1417. [func] ID.SERVER/CHAOS is now a built in zone.
4410 See "server-id" for how to configure.
4412 1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
4415 1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
4418 1414. [func] Support for KSK flag.
4420 1413. [func] Explicitly request the (re-)generation of DS records
4421 from keysets (dnssec-signzone -g).
4423 1412. [func] You can now specify servers to be tried if a nameserver
4424 has IPv6 address and you only support IPv4 or the
4425 reverse. See dual-stack-servers.
4427 1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
4429 1410. [func] Handle records that live in the parent zone, e.g. DS.
4431 1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
4433 1408. [bug] "make distclean" was not complete. [RT #4700]
4435 1407. [bug] lfsr incorrectly implements the shift register.
4438 1406. [bug] dispatch initializes one of the LFSR's with a incorrect
4439 polynomial. [RT #4617]
4441 1405. [func] Use arc4random() if available.
4443 1404. [bug] libbind: ns_name_ntol() could overwrite a zero length
4446 1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset
4447 dnssec-signkey now report their version in the
4450 1402. [cleanup] A6 has been moved to experimental and is no longer
4453 1401. [bug] adb wasn't clearing state when the timer expired.
4455 1400. [bug] Block the addition of wildcard NS records by IXFR
4456 or UPDATE. [RT #3502]
4458 1399. [bug] Use serial number arithmetic when testing SIG
4459 timestamps. [RT #4268]
4461 1398. [doc] ARM: notify-also should have been also-notify.
4464 1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
4466 1396. [func] dnssec-signzone: adjust the default signing time by
4467 1 hour to allow for clock skew.
4469 1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
4470 have a working implementation. [RT #4079]
4472 1394. [func] It is now possible to check if a particular element is
4473 in a acl. Remove duplicate entries from the localnets
4476 1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
4477 is not available in the kernel to prevent accidently
4478 listening on IPv4 interfaces.
4480 1392. [bug] named-checkzone: update usage.
4482 1391. [func] Add support for IPv6 scoped addresses in named.
4484 1390. [func] host now supports ixfr.
4486 1389. [bug] named could fail to rotate long log files. [RT #3666]
4488 1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
4489 defining HAVE_IFLIST_SYSCTL. [RT #3770]
4491 1387. [bug] named could crash due to an access to invalid memory
4492 space (which caused an assertion failure) in
4493 incremental cleaning. [RT #3588]
4495 1386. [bug] named-checkzone -z stopped on errors in a zone.
4498 1385. [bug] Setting serial-query-rate to 10 would trigger a
4501 1384. [bug] host was incompatible with BIND 8 in its exit code and
4502 in the output with the -l option. [RT #3536]
4504 1383. [func] Track the serial number in a IXFR response and log if
4505 a mismatch occurs. This is a more specific error than
4506 "not exact". [RT #3445]
4508 1382. [bug] make install failed with --enable-libbind. [RT #3656]
4510 1381. [bug] named failed to correctly process answers that
4511 contained DNAME records where the resulting CNAME
4512 resulted in a negative answer.
4514 1380. [func] 'rndc recursing' dump recursing queries to
4515 'recursing-file = "named.recursing";'.
4517 1379. [func] 'rndc status' now reports tcp and recursion quota
4520 1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
4522 1377. [func] dns_zone_load{new}() now reports if the zone was
4523 loaded, queued for loading to up to date.
4525 1376. [func] New function dns_zone_logc() to log to specified
4528 1375. [func] 'rndc dumpdb' now dumps the adb cache along with the
4531 1374. [func] dns_adb_dump() now logs the lame zones associated
4534 1373. [bug] Recovery from expired glue failed under certain
4537 1372. [bug] named crashes with an assertion failure on exit when
4538 sharing the same port for listening and querying, and
4539 changing listening addresses several times. [RT# 3509]
4541 1371. [bug] notify-source-v6, transfer-source-v6 and
4542 query-source-v6 with explicit addresses and using the
4543 same ports as named was listening on could interfere
4544 with named's ability to answer queries sent to those
4547 1370. [bug] dig '+[no]recurse' was incorrectly documented.
4549 1369. [bug] Adding an NS record as the lexicographically last
4550 record in a secure zone didn't work.
4552 1368. [func] remove support for bitstring labels.
4554 1367. [func] Use response times to select forwarders.
4556 1366. [contrib] queryperf usage was incomplete. Add '-h' for help.
4558 1365. [func] "localhost" and "localnets" acls now include IPv6
4559 addresses / prefixes.
4561 1364. [func] Log file name when unable to open memory statistics
4562 and dump database files. [RT# 3437]
4564 1363. [func] Listen-on-v6 now supports specific addresses.
4566 1362. [bug] remove IFF_RUNNING test when scanning interfaces.
4568 1361. [func] log the reason for rejecting a server when resolving
4571 1360. [bug] --enable-libbind would fail when not built in the
4572 source tree for certain OS's.
4574 1359. [security] Support patches OpenSSL libraries.
4575 http://www.cert.org/advisories/CA-2002-23.html
4577 1358. [bug] It was possible to trigger a INSIST when debugging
4578 large dynamic updates. [RT #3390]
4580 1357. [bug] nsupdate was extremely wasteful of memory.
4582 1356. [tuning] Reduce the number of events / quantum for zone tasks.
4584 1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
4586 1354. [doc] lwres man pages had illegal nroff.
4588 1353. [contrib] sdb/ldap to version 0.9.
4590 1352. [bug] dig, host, nslookup when falling back to TCP use the
4591 current search entry (if any). [RT #3374]
4593 1351. [bug] lwres_getipnodebyname() returned the wrong name
4594 when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
4597 1350. [bug] dns_name_fromtext() failed to handle too many labels
4600 1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
4601 http://www.cert.org/advisories/CA-2002-23.html
4603 1348. [port] win32: Rewrote code to use I/O Completion Ports
4604 in socket.c and eliminating a host of socket
4605 errors. Performance is enhanced.
4611 1345. [port] Use a explicit -Wformat with gcc. Not all versions
4612 include it in -Wall.
4614 1344. [func] Log if the serial number on the master has gone
4616 If you have multiple machines specified in the masters
4617 clause you may want to set 'multi-master yes;' to
4618 suppress this warning.
4620 1343. [func] Log successful notifies received (info). Adjust log
4621 level for failed notifies to notice.
4623 1342. [func] Log remote address with TCP dispatch failures.
4625 1341. [func] Allow a rate limiter to be stalled.
4627 1340. [bug] Delay and spread out the startup refresh load.
4629 1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
4630 lookups. Bit string lookups are no longer attempted.
4636 1336. [func] Nibble lookups under IP6.ARPA are now supported by
4637 dns_byaddr_create(). dns_byaddr_createptrname() is
4638 deprecated, use dns_byaddr_createptrname2() instead.
4640 1335. [bug] When performing a nonexistence proof, the validator
4641 should discard parent NXTs from higher in the DNS.
4643 1334. [bug] When signing/verifying rdatasets, duplicate rdatas
4644 need to be suppressed.
4646 1333. [contrib] queryperf now reports a summary of returned
4647 rcodes (-c), rcodes are printed in mnemonic form (-v).
4649 1332. [func] Report the current serial with periodic commits when
4650 rolling forward the journal.
4652 1331. [func] Generate DNSSEC wildcard proofs.
4654 1330. [bug] When processing events (non-threaded) only allow
4655 the task one chance to use to use its quantum.
4657 1329. [func] named-checkzone will now check if nameservers that
4658 appear to be IP addresses. Available modes "fail",
4659 "warn" (default) and "ignore" the results of the
4662 1328. [bug] The validator could incorrectly verify an invalid
4665 1327. [bug] The validator would incorrectly mark data as insecure
4666 when seeing a bogus signature before a correct
4669 1326. [bug] DNAME/CNAME signatures were not being cached when
4670 validation was not being performed. [RT #3284]
4672 1325. [bug] If the tcpquota was exhausted it was possible to
4673 to trigger a INSIST() failure.
4675 1324. [port] darwin: ifconfig.sh now supports darwin.
4677 1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
4679 1322. [bug] dnssec-signzone usage message was misleading.
4681 1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
4682 would incorrectly duplicate its output and sign it.
4684 1320. [doc] query-source-v6 was missing from options section.
4687 1319. [func] libbind: log attempts to exploit #1318.
4689 1318. [bug] libbind: Remote buffer overrun.
4691 1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
4694 1316. [bug] libbind: gethostans() could get out of sync parsing
4695 the response if there was a very long CNAME chain.
4697 1315. [bug] Options should apply to the internal _bind view.
4699 1314. [port] Handle ECONNRESET from sendmsg() [unix].
4701 1313. [func] Query log now says if the query was signed (S) or
4702 if EDNS was used (E).
4704 1312. [func] Log TSIG key used w/ outgoing zone transfers.
4706 1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
4708 1310. [bug] 'rndc stop' failed to cause zones to be flushed
4709 sometimes. [RT #3157]
4711 1309. [func] Log that a zone transfer was covered by a TSIG.
4713 1308. [func] DS (delegation signer) support.
4715 1307. [bug] nsupdate: allow white space base64 key data.
4717 1306. [bug] Badly encoded LOC record when the size, horizontal
4718 precision or vertical precision was 0.1m.
4720 1305. [bug] Document that internal zones are included in the
4721 rndc status results.
4723 1304. [func] New function: dns_zone_name().
4725 1303. [func] Option 'flush-zones-on-shutdown <boolean>;'.
4727 1302. [func] Extended rndc dumpdb to support dumping of zones and
4728 view selection: 'dumpdb [-all|-zones|-cache] [view]'.
4730 1301. [func] New category 'update-security'.
4732 1300. [port] Compaq Trucluster support.
4734 1299. [bug] Set AI_ADDRCONFIG when looking up addresses
4735 via getaddrinfo() (affects dig, host, nslookup, rndc
4738 1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
4739 could be left with a trailing "\" after configure
4742 1297. [port] linux: make handling EINVAL from socket() no longer
4743 conditional on #ifdef LINUX.
4745 1296. [bug] isc_log_closefilelogs() needed to lock the log
4748 1295. [bug] isc_log_setdebuglevel() needed to lock the log
4751 1294. [func] libbind: no longer attempts bit string labels for
4752 IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
4753 for nibble style resolution.
4755 1293. [func] Entropy can now be retrieved from EGDs. [RT #2438]
4757 1292. [func] Enable IPv6 support when using ioctl style interface
4758 scanning and OS supports SIOCGLIFADDR using struct
4761 1291. [func] Enable IPv6 support when using sysctl style interface
4764 1290. [func] "dig axfr" now reports the number of messages
4765 as well as the number of records.
4767 1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
4769 1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
4770 reflect written requirements.
4772 1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
4773 a rdataset to a zone db in the rbtdb implementation of
4776 1286. [bug] dns_name_downcase() enforce requirement that
4777 target != NULL or name->buffer != NULL.
4779 1285. [func] lwres: probe the system to see what address families
4780 are currently in use.
4782 1284. [bug] The RTT estimate on unused servers was not aged.
4785 1283. [func] Use "dataready" accept filter if available.
4787 1282. [port] libbind: hpux 11.11 interface scanning.
4789 1281. [func] Log zone when unable to get private keys to update
4790 zone. Log zone when NXT records are missing from
4793 1280. [bug] libbind: escape '(' and ')' when converting to
4796 1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
4798 1278. [func] dig: now supports +[no]cl +[no]ttlid.
4800 1277. [func] You can now create your own customized printing
4801 styles: dns_master_stylecreate() and
4802 dns_master_styledestroy().
4804 1276. [bug] libbind: const pointer conflicts in res_debug.c.
4806 1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
4808 1274. [bug] Memory leak in lwres_gnbarequest_parse().
4810 1273. [port] libbind: solaris: 64 bit binary compatibility.
4812 1272. [contrib] Berkeley DB 4.0 sdb implementation from
4813 Nuno Miguel Rodrigues <nmr@co.sapo.pt>.
4815 1271. [bug] "recursion available: {denied,approved}" was too
4818 1270. [bug] Check that system inet_pton() and inet_ntop() support
4821 1269. [port] Openserver: ifconfig.sh support.
4823 1268. [port] Openserver: the value FD_SETSIZE depends on whether
4824 <sys/param.h> is included or not. Be consistent.
4826 1267. [func] isc_file_openunique() now creates file using mode
4827 0666 rather than 0600.
4829 1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
4830 __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
4831 are not C++ compatible, use *_TYPE versions instead.
4833 1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
4834 C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
4838 1263. [bug] Reference after free error if dns_dispatchmgr_create()
4841 1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
4843 1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
4844 support for compressed TSIG owner names.
4846 1260. [func] libbind: res_update can now update IPv6 servers,
4847 new function res_findzonecut2().
4849 1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
4852 1258. [bug] libbind: res_nametotype() and res_nametoclass() were
4855 1257. [bug] Failure to write pid-file should not be fatal on
4858 1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
4860 1255. [bug] When verifying that an NXT proves nonexistence, check
4861 the rcode of the message and only do the matching NXT
4862 check. That is, for NXDOMAIN responses, check that
4863 the name is in the range between the NXT owner and
4864 next name, and for NOERROR NODATA responses, check
4865 that the type is not present in the NXT bitmap.
4867 1254. [func] preferred-glue option from BIND 8.3.
4869 1253. [bug] The dnssec system test failed to remove the correct
4872 1252. [bug] Dig, host and nslookup were not checking the address
4873 the answer was coming from against the address it was
4876 1251. [port] win32: a make file contained absolute version specific
4879 1250. [func] Nsupdate will report the address the update was
4882 1249. [bug] Missing masters clause was not handled gracefully.
4885 1248. [bug] DESTDIR was not being propagated between makes.
4887 1247. [bug] Don't reset the interface index for link/site local
4888 addresses. [RT #2576]
4890 1246. [func] New functions isc_sockaddr_issitelocal(),
4891 isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
4892 and isc_netaddr_islinklocal().
4894 1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
4897 1244. [bug] Receiving a TCP message from a blackhole address would
4898 prevent further messages being received over that
4901 1243. [bug] It was possible to trigger a REQUIRE() in
4902 dns_message_findtype(). [RT #2659]
4904 1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
4906 1241. [bug] Drop received UDP messages with a zero source port
4907 as these are invariably forged. [RT #2621]
4909 1240. [bug] It was possible to leak zone references by
4910 specifying an incorrect zone to rndc.
4912 1239. [bug] Under certain circumstances named could continue to
4913 use a name after it had been freed triggering
4914 INSIST() failures. [RT #2614]
4916 1238. [bug] It is possible to lockup the server when shutting down
4917 if notifies were being processed. [RT #2591]
4919 1237. [bug] nslookup: "set q=type" failed.
4921 1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
4922 NULL terminated text regions. [RT #2588]
4924 1235. [func] Report 'out of memory' errors from openssl.
4926 1234. [bug] contrib/sdb: 'zonetodb' failed to call
4927 dns_result_register(). DNS_R_SEENINCLUDE should not
4930 1233. [bug] The flags field of a KEY record can be expressed in
4931 hex as well as decimal.
4933 1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
4935 1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
4937 1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
4939 1229. [bug] named would crash if it received a TSIG signed
4940 query as part of an AXFR response. [RT #2570]
4942 1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
4944 1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
4945 if a number was expected and some other token was
4948 1226. [func] Use EDNS for zone refresh queries. [RT #2551]
4950 1225. [func] dns_message_setopt() no longer requires that
4951 dns_message_renderbegin() to have been called.
4953 1224. [bug] 'rrset-order' and 'sortlist' should be additive
4956 1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
4959 1222. [bug] Specifying 'port *' did not always result in a system
4960 selected (non-reserved) port being used. [RT #2537]
4962 1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
4963 compared case insensitively. [RT #2542]
4965 1220. [func] Support for APL rdata type.
4967 1219. [func] Named now reports the TSIG extended error code when
4968 signature verification fails. [RT #1651]
4970 1218. [bug] Named incorrectly returned SERVFAIL rather than
4971 NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
4973 1217. [func] Report locations of previous key definition when a
4974 duplicate is detected.
4976 1216. [bug] Multiple server clauses for the same server were not
4977 reported. [RT #2514]
4979 1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
4981 1214. [bug] Win32: isc_file_renameunique() could leave zero length
4984 1213. [func] Report view associated with client if it is not a
4985 standard view (_default or _bind).
4987 1212. [port] libbind: 64k answer buffers were causing stack space
4988 to be exceeded for certain OS. Use heap space instead.
4990 1211. [bug] dns_name_fromtext() incorrectly handled certain
4991 valid octal bitlabels. [RT #2483]
4993 1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
4994 compatible addresses. [RT #2461]
4996 1209. [bug] Dig, host, nslookup were not checking the message ids
4997 on the responses. [RT #2454]
4999 1208. [bug] dns_master_load*() failed to log a error message if
5000 an error was detected when parsing the ownername of
5001 a record. [RT #2448]
5003 1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
5006 1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
5007 trigger a non-EDNS retry.
5009 1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
5010 of the message. [RT #2449]
5012 1204. [bug] libbind: res_nupdate() failed to update the name
5013 server addresses before sending the update.
5015 1203. [func] Report locations of previous acl and zone definitions
5016 when a duplicate is detected.
5018 1202. [func] New functions: cfg_obj_line() and cfg_obj_file().
5020 1201. [bug] Require that if 'callbacks' is passed to
5021 dns_rdata_fromtext(), callbacks->error and
5022 callbacks->warn are initialized.
5024 1200. [bug] Log 'errno' that we are unable to convert to
5025 isc_result_t. [RT #2404]
5027 1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
5030 1198. [bug] OPT printing style was not consistent with the way the
5031 header fields are printed. The DO bit was not reported
5032 if set. Report if any of the MBZ bits are set.
5034 1197. [bug] Attempts to define the same acl multiple times were not
5037 1196. [contrib] update mdnkit to 2.2.3.
5039 1195. [bug] Attempts to redefine builtin acls should be caught.
5042 1194. [bug] Not all duplicate zone definitions were being detected
5043 at the named.conf checking stage. [RT #2431]
5045 1193. [bug] dig +besteffort parsing didn't handle packet
5046 truncation. dns_message_parse() has new flag
5047 DNS_MESSAGE_IGNORETRUNCATION.
5049 1192. [bug] The seconds fields in LOC records were restricted
5050 to three decimal places. More decimal places should
5051 be allowed but warned about.
5053 1191. [bug] A dynamic update removing the last non-apex name in
5054 a secure zone would fail. [RT #2399]
5056 1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands.
5059 1189. [bug] On some systems, malloc(0) returns NULL, which
5060 could cause the caller to report an out of memory
5063 1188. [bug] Dynamic updates of a signed zone would fail if
5064 some of the zone private keys were unavailable.
5066 1187. [bug] named was incorrectly returning DNSSEC records
5067 in negative responses when the DO bit was not set.
5069 1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
5070 EOL token when reading to end of line.
5072 1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
5073 unless RES_INIT is set when calling res_*init().
5075 1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
5076 when res_*init() is called.
5078 1183. [bug] Handle ENOSR error when writing to the internal
5079 control pipe. [RT #2395]
5081 1182. [bug] The server could throw an assertion failure when
5082 constructing a negative response packet.
5084 1181. [func] Add the "key-directory" configuration statement,
5085 which allows the server to look for online signing
5086 keys in alternate directories.
5088 1180. [func] dnssec-keygen should always generate keys with
5089 protocol 3 (DNSSEC), since it's less confusing
5092 1179. [func] Add SIG(0) support to nsupdate.
5094 1178. [bug] Follow and cache (if appropriate) A6 and other
5095 data chains to completion in the additional section.
5097 1177. [func] Report view when loading zones if it is not a
5098 standard view (_default or _bind). [RT #2270]
5100 1176. [doc] Document that allow-v6-synthesis is only performed
5101 for clients that are supplied recursive service.
5104 1175. [bug] named-checkzone and named-checkconf failed to call
5105 dns_result_register() at startup which could
5106 result in runtime exceptions when printing
5107 "out of memory" errors. [RT #2335]
5109 1174. [bug] Win32: add WSAECONNRESET to the expected errors
5110 from connect(). [RT #2308]
5112 1173. [bug] Potential memory leaks in isc_log_create() and
5113 isc_log_settag(). [RT #2336]
5115 1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
5116 table of RR types in ARM.
5118 1171. [func] Added function isc_region_compare(), updated files in
5119 lib/dns to use this function instead of local one.
5121 1170. [bug] Don't attempt to print the token when a I/O error
5122 occurs when parsing named.conf. [RT #2275]
5124 1169. [func] Identify recursive queries in the query log.
5126 1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
5128 1167. [contrib] nslint-2.1a3 (from author).
5130 1166. [bug] "Not Implemented" should be reported as NOTIMP,
5131 not NOTIMPL. [RT #2281]
5133 1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
5135 1164. [bug] Empty masters clauses in slave / stub zones were not
5136 handled gracefully. [RT #2262]
5138 1163. [func] isc_time_formattimestamp() now includes the year.
5140 1162. [bug] The allow-notify option was not accepted in slave
5143 1161. [bug] named-checkzone looped on unbalanced brackets.
5146 1160. [bug] Generating Diffie-Hellman keys longer than 1024
5147 bits could fail. [RT #2241]
5149 1159. [bug] MD and MF are not permitted to be loaded by RFC1123.
5151 1158. [func] Report the client's address when logging notify
5154 1157. [func] match-clients and match-destinations now accept
5157 1156. [port] The configure test for strsep() incorrectly
5158 succeeded on certain patched versions of
5159 AIX 4.3.3. [RT #2190]
5161 1155. [func] Recover from master files being removed from under
5164 1154. [bug] Don't attempt to obtain the netmask of a interface
5165 if there is no address configured. [RT #2176]
5167 1153. [func] 'rndc {stop|halt} -p' now reports the process id
5168 of the instance of named being shutdown.
5170 1152. [bug] libbind: read buffer overflows.
5172 1151. [bug] nslookup failed to check that the arguments to
5173 the port, timeout, and retry options were
5174 valid integers and in range. [RT #2099]
5176 1150. [bug] named incorrectly accepted TTL values
5177 containing plus or minus signs, such as
5180 1149. [func] New function isc_parse_uint32().
5182 1148. [func] 'rndc-confgen -a' now provides positive feedback.
5184 1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by
5185 the OS. listen-on-v6 { any; }; should no longer
5186 result in IPv4 queries be accepted. Similarly
5187 control { inet :: ... }; should no longer result
5188 in IPv4 connections being accepted. This can be
5189 overridden at compile time by defining
5192 1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
5193 supported by the OS by a new function
5194 isc_socket_ipv6only().
5196 1145. [func] "host" no longer reports a NOERROR/NODATA response
5197 by printing nothing. [RT #2065]
5199 1144. [bug] rndc-confgen would crash if both the -a and -t
5200 options were specified. [RT #2159]
5202 1143. [bug] When a trusted-keys statement was present and named
5203 was built without crypto support, it would leak memory.
5205 1142. [bug] dnssec-signzone would fail to delete temporary files
5206 in some failure cases. [RT #2144]
5208 1141. [bug] When named rejected a control message, it would
5209 leak a file descriptor and memory. It would also
5210 fail to respond, causing rndc to hang.
5213 1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
5214 to the -s option. [RT #2138]
5216 1139. [func] It is now possible to flush a given name from the
5217 cache(s) via 'rndc flushname name [view]'. [RT #2051]
5219 1138. [func] It is now possible to flush a given name from the
5220 cache by calling the new function
5221 dns_cache_flushname().
5223 1137. [func] It is now possible to flush a given name from the
5224 ADB by calling the new function dns_adb_flushname().
5226 1136. [bug] CNAME records synthesized from DNAMEs did not
5227 have a TTL of zero as required by RFC2672.
5230 1135. [func] You can now override the default syslog() facility for
5231 named/lwresd at compile time. [RT #1982]
5233 1134. [bug] Multi-threaded servers could deadlock in ferror()
5234 when reloading zone files. [RT #1951, #1998]
5236 1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on
5237 platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]
5239 1132. [func] Improve UPDATE prerequisite failure diagnostic messages.
5241 1131. [bug] The match-destinations view option did not work with
5242 IPv6 destinations. [RT #2073, #2074]
5244 1130. [bug] Log messages reporting an out-of-range serial number
5245 did not include the out-of-range number but the
5246 following token. [RT #2076]
5248 1129. [bug] Multi-threaded servers could crash under heavy
5249 resolution load due to a race condition. [RT #2018]
5251 1128. [func] sdb drivers can now provide RR data in either text
5252 or wire format, the latter using the new functions
5253 dns_sdb_putrdata() and dns_sdb_putnamedrdata().
5255 1127. [func] rndc: If the server to contact has multiple addresses,
5258 1126. [bug] The server could access a freed event if shut
5259 down while a client start event was pending
5260 delivery. [RT #2061]
5262 1125. [bug] rndc: -k option was missing from usage message.
5265 1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
5266 are now documented. [RT #2052]
5268 1123. [bug] dig +[no]fail did not match description. [RT #2052]
5270 1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
5273 1121. [bug] The server could attempt to access a NULL zone
5274 table if shut down while resolving.
5277 1120. [bug] Errors in options were not fatal. [RT #2002]
5279 1119. [func] Added support in Win32 for NTFS file/directory ACL's
5282 1118. [bug] On multi-threaded servers, a race condition
5283 could cause an assertion failure in resolver.c
5284 during resolver shutdown. [RT #2029]
5286 1117. [port] The configure check for in6addr_loopback incorrectly
5287 succeeded on AIX 4.3 when compiling with -O2
5288 because the test code was optimized away.
5291 1116. [bug] Setting transfers in a server clause, transfers-in,
5292 or transfers-per-ns to a value greater than
5293 2147483647 disabled transfers. [RT #2002]
5295 1115. [func] Set maximum values for cleaning-interval,
5296 heartbeat-interval, interface-interval,
5297 max-transfer-idle-in, max-transfer-idle-out,
5298 max-transfer-time-in, max-transfer-time-out,
5299 statistics-interval of 28 days and
5300 sig-validity-interval of 3660 days. [RT #2002]
5302 1114. [port] Ignore more accept() errors. [RT #2021]
5304 1113. [bug] The allow-update-forwarding option was ignored
5305 when specified in a view. [RT #2014]
5309 1111. [bug] Multi-threaded servers could deadlock processing
5310 recursive queries due to a locking hierarchy
5311 violation in adb.c. [RT #2017]
5313 1110. [bug] dig should only accept valid abbreviations of +options.
5316 1109. [bug] nsupdate accepted illegal ttl values.
5318 1108. [bug] On Win32, rndc was hanging when named was not running
5319 due to failure to select for exceptional conditions
5320 in select(). [RT #1870]
5322 1107. [bug] nsupdate could catch an assertion failure if an
5323 invalid domain name was given as the argument to
5326 1106. [bug] After seeing an out of range TTL, nsupdate would
5327 treat all TTLs as out of range. [RT #2001]
5329 1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
5331 1104. [bug] Invalid arguments to the transfer-format option
5332 could cause an assertion failure. [RT #1995]
5334 1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
5336 1102. [doc] Note that query logging is enabled by directing the
5337 queries category to a channel.
5339 1101. [bug] Array bounds read error in lwres_gai_strerror.
5341 1100. [bug] libbind: DNSSEC key ids were computed incorrectly.
5343 1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
5344 compile time errors.
5346 1098. [bug] libbind: HMAC-MD5 key files are now mode 0600.
5348 1097. [func] libbind: RES_PRF_TRUNC for dig.
5350 1096. [func] libbind: "DNSSEC OK" (DO) support.
5352 1095. [func] libbind: resolver option: no-tld-query. disables
5353 trying unqualified as a tld. no_tld_query is also
5354 supported for FreeBSD compatibility.
5356 1094. [func] libbind: add support gcc's format string checking.
5358 1093. [doc] libbind: miscellaneous nroff fixes.
5360 1092. [bug] libbind: get*by*() failed to check if res_init() had
5363 1091. [bug] libbind: misplaced va_end().
5365 1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
5366 the amount of memory consumed resulting in garbage
5367 address being returned. Alignment calculations were
5368 wasting space. We weren't suppressing duplicate
5371 1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
5374 1088. [port] libbind: MPE/iX C.70 (incomplete)
5376 1087. [bug] libbind: struct __res_state too large on 64 bit arch.
5378 1086. [port] libbind: sunos: old sprintf.
5380 1085. [port] libbind: solaris: sys_nerr and sys_errlist do not
5381 exist when compiling in 64 bit mode.
5383 1084. [cleanup] libbind: gai_strerror() rewritten.
5385 1083. [bug] The default control channel listened on the
5386 wildcard address, not the loopback as documented.
5389 1082. [bug] The -g option to named incorrectly caused logging
5390 to be sent to syslog in addition to stderr.
5393 1081. [bug] Multicast queries were incorrectly identified
5394 based on the source address, not the destination
5397 1080. [bug] BIND 8 compatibility: accept bare IP prefixes
5398 as the second element of a two-element top level
5399 sort list statement. [RT #1964]
5401 1079. [bug] BIND 8 compatibility: accept bare elements at top
5402 level of sort list treating them as if they were
5403 a single element list. [RT #1963]
5405 1078. [bug] We failed to correct bad tv_usec values in one case.
5408 1077. [func] Do not accept further recursive clients when
5409 the total number of recursive lookups being
5410 processed exceeds max-recursive-clients, even
5411 if some of the lookups are internally generated.
5414 1076. [bug] A badly defined global key could trigger an assertion
5415 on load/reload if views were used. [RT #1947]
5417 1075. [bug] Out-of-range network prefix lengths were not
5418 reported. [RT #1954]
5420 1074. [bug] Running out of memory in dump_rdataset() could
5421 cause an assertion failure. [RT #1946]
5423 1073. [bug] The ADB cache cleaning should also be space driven.
5426 1072. [bug] The TCP client quota could be exceeded when
5427 recursion occurred. [RT #1937]
5429 1071. [bug] Sockets listening for TCP DNS connections
5430 specified an excessive listen backlog. [RT #1937]
5432 1070. [bug] Copy DNSSEC OK (DO) to response as specified by
5433 draft-ietf-dnsext-dnssec-okbit-03.txt.
5437 1068. [bug] errno could be overwritten by catgets(). [RT #1921]
5439 1067. [func] Allow quotas to be soft, isc_quota_soft().
5441 1066. [bug] Provide a thread safe wrapper for strerror().
5444 1065. [func] Runtime support to select new / old style interface
5445 scanning using ioctls.
5447 1064. [bug] Do not shut down active network interfaces if we
5448 are unable to scan the interface list. [RT #1921]
5450 1063. [bug] libbind: "make install" was failing on IRIX.
5453 1062. [bug] If the control channel listener socket was shut
5454 down before server exit, the listener object could
5455 be freed twice. [RT #1916]
5457 1061. [bug] If periodic cache cleaning happened to start
5458 while cleaning due to reaching the configured
5459 maximum cache size was in progress, the server
5460 could catch an assertion failure. [RT #1912]
5462 1060. [func] Move refresh, stub and notify UDP retry processing
5465 1059. [func] dns_request now support will now retry UDP queries,
5466 dns_request_createvia2() and dns_request_createraw2().
5468 1058. [func] Limited lifetime ticker timers are now available,
5469 isc_timertype_limited.
5471 1057. [bug] Reloading the server after adding a "file" clause
5472 to a zone statement could cause the server to
5473 crash due to a typo in change 1016.
5475 1056. [bug] Rndc could catch an assertion failure on SIGINT due
5476 to an uninitialized variable. [RT #1908]
5478 1055. [func] Version and hostname queries can now be disabled
5479 using "version none;" and "hostname none;",
5482 1054. [bug] On Win32, cfg_categories and cfg_modules need to be
5483 exported from the libisccfg DLL.
5485 1053. [bug] Dig did not increase its timeout when receiving
5486 AXFRs unless the +time option was used. [RT #1904]
5488 1052. [bug] Journals were not being created in binary mode
5489 resulting in "journal format not recognized" error
5490 under Win32. [RT #1889]
5492 1051. [bug] Do not ignore a network interface completely just
5493 because it has a noncontiguous netmask. Instead,
5494 omit it from the localnets ACL and issue a warning.
5497 1050. [bug] Log messages reporting malformed IP addresses in
5498 address lists such as that of the forwarders option
5499 failed to include the correct error code, file
5500 name, and line number. [RT #1890]
5502 1049. [func] "pid-file none;" will disable writing a pid file.
5505 1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
5508 1047. [bug] named was incorrectly refusing all requests signed
5509 with a TSIG key derived from an unsigned TKEY
5510 negotiation with a NOERROR response. [RT #1886]
5512 1046. [bug] The help message for the --with-openssl configure
5513 option was inaccurate. [RT #1880]
5515 1045. [bug] It was possible to skip saving glue for a nameserver
5518 1044. [bug] Specifying allow-transfer, notify-source, or
5519 notify-source-v6 in a stub zone was not treated
5522 1043. [bug] Specifying a transfer-source or transfer-source-v6
5523 option in the zone statement for a master zone was
5524 not treated as an error. [RT #1876]
5526 1042. [bug] The "config" logging category did not work properly.
5529 1041. [bug] Dig/host/nslookup could catch an assertion failure
5530 on SIGINT due to an uninitialized variable. [RT #1867]
5532 1040. [bug] Multiple listen-on-v6 options with different ports
5533 were not accepted. [RT #1875]
5535 1039. [bug] Negative responses with CNAMEs in the answer section
5536 were cached incorrectly. [RT #1862]
5538 1038. [bug] In servers configured with a tkey-domain option,
5539 TKEY queries with an owner name other than the root
5540 could cause an assertion failure. [RT #1866, #1869]
5542 1037. [bug] Negative responses whose authority section contain
5543 SOA or NS records whose owner names are not equal
5544 equal to or parents of the query name should be
5545 rejected. [RT #1862]
5547 1036. [func] Silently drop requests received via multicast as
5548 long as there is no final multicast DNS standard.
5550 1035. [bug] If we respond to multicast queries (which we
5551 currently do not), respond from a unicast address
5552 as specified in RFC 1123. [RT #137]
5554 1034. [bug] Ignore the RD bit on multicast queries as specified
5555 in RFC 1123. [RT #137]
5557 1033. [bug] Always respond to requests with an unsupported opcode
5558 with NOTIMP, even if we don't have a matching view
5559 or cannot determine the class.
5561 1032. [func] hostname.bind/txt/chaos now returns the name of
5562 the machine hosting the nameserver. This is useful
5563 in diagnosing problems with anycast servers.
5565 1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
5568 1030. [bug] On systems with no resolv.conf file, nsupdate
5569 exited with an error rather than defaulting
5570 to using the loopback address. [RT #1836]
5572 1029. [bug] Some named.conf errors did not cause the loading
5573 of the configuration file to return a failure
5574 status even though they were logged. [RT #1847]
5576 1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf
5577 in the wrong directory. [RT #1833]
5579 1027. [bug] RRs having the reserved type 0 should be rejected.
5584 1025. [bug] Don't use multicast addresses to resolve iterative
5587 1024. [port] Compilation failed on HP-UX 11.11 due to
5588 incompatible use of the SIOCGLIFCONF macro
5591 1023. [func] Accept hints without TTLs.
5593 1022. [bug] Don't report empty root hints as "extra data".
5596 1021. [bug] On Win32, log message timestamps were one month
5597 later than they should have been, and the server
5598 would exhibit unspecified behavior in December.
5600 1020. [bug] IXFR log messages did not distinguish between
5601 true IXFRs, AXFR-style IXFRs, and mere version
5604 1019. [bug] The value of the lame-ttl option was limited to 18000
5605 seconds, not 1800 seconds as documented. [RT #1803]
5607 1018. [bug] The default log channel was not always initialized
5608 correctly. [RT #1813]
5610 1017. [bug] When specifying TSIG keys to dig and nsupdate using
5611 the -k option, they must be HMAC-MD5 keys. [RT #1810]
5613 1016. [bug] Slave zones with no backup file were re-transferred
5614 on every server reload.
5616 1015. [bug] Log channels that had a "versions" option but no
5617 "size" option failed to create numbered log
5620 1014. [bug] Some queries would cause statistics counters to
5621 increment more than once or not at all. [RT #1321]
5623 1013. [bug] It was possible to cancel a query twice when marking
5624 a server as bogus or by having a blackhole acl.
5627 1012. [bug] The -p option to named did not behave as documented.
5629 1011. [cleanup] Removed isc_dir_current().
5631 1010. [bug] The server could attempt to execute a command channel
5632 command after initiating server shutdown, causing
5633 an assertion failure. [RT #1766]
5635 1009. [port] OpenUNIX 8 support. [RT #1728]
5637 1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2.
5639 1007. [port] config.guess, config.sub from autoconf-2.52.
5641 1006. [bug] If a KEY RR was found missing during DNSSEC validation,
5642 an assertion failure could subsequently be triggered
5643 in the resolver. [RT #1763]
5645 1005. [bug] Don't copy nonzero RCODEs from request to response.
5648 1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770]
5650 1003. [func] Add the +retry option to dig.
5652 1002. [bug] When reporting an unknown class name in named.conf,
5653 including the file name and line number. [RT #1759]
5655 1001. [bug] win32 socket code doio_recv was not catching a
5656 WSACONNRESET error when a client was timing out
5657 the request and closing its socket. [RT #1745]
5659 1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias
5660 for class "HS". [RT #1759]
5662 999. [func] "rndc retransfer zone [class [view]]" added.
5665 998. [func] named-checkzone now has arguments to specify the
5666 chroot directory (-t) and working directory (-w).
5669 997. [func] Add support for RSA-SHA1 keys (RFC3110).
5671 996. [func] Issue warning if the configuration filename contains
5674 995. [bug] dig, host, nslookup: using a raw IPv6 address as a
5675 target address should be fatal on a IPv4 only system.
5677 994. [func] Treat non-authoritative responses to queries for type
5678 NS as referrals even if the NS records are in the
5679 answer section, because BIND 8 servers incorrectly
5680 send them that way. This is necessary for DNSSEC
5681 validation of the NS records of a secure zone to
5682 succeed when the parent is a BIND 8 server. [RT #1706]
5684 993. [func] dig: -v now reports the version.
5686 992. [doc] dig: ~/.digrc is now documented.
5688 991. [func] Lower UDP refresh timeout messages to level
5691 990. [bug] The rndc-confgen man page was not installed.
5693 989. [bug] Report filename if $INCLUDE fails for file related
5696 988. [bug] 'additional-from-auth no;' did not work reliably
5697 in the case of queries answered from the cache.
5700 987. [bug] "dig -help" didn't show "+[no]stats".
5702 986. [bug] "dig +noall" failed to clear stats and command
5705 985. [func] Consider network interfaces to be up iff they have
5706 a nonzero IP address rather than based on the
5707 IFF_UP flag. [RT #1160]
5709 984. [bug] Multi-threading should be enabled by default on
5710 Solaris 2.7 and newer, but it wasn't.
5712 983. [func] The server now supports generating IXFR difference
5713 sequences for non-dynamic zones by comparing zone
5714 versions, when enabled using the new config
5715 option "ixfr-from-differences". [RT #1727]
5717 982. [func] If "memstatistics-file" is set in options the memory
5718 statistics will be written to it.
5720 981. [func] The dnssec tools can now take multiple '-r randomfile'
5723 980. [bug] Incoming zone transfers restarting after an error
5724 could trigger an assertion failure. [RT #1692]
5726 979. [func] Incremental master file dumping. dns_master_dumpinc(),
5727 dns_master_dumptostreaminc(), dns_dumpctx_attach(),
5728 dns_dumpctx_detach(), dns_dumpctx_cancel(),
5729 dns_dumpctx_db() and dns_dumpctx_version().
5731 978. [bug] dns_db_attachversion() had an invalid REQUIRE()
5734 977. [bug] Improve "not at top of zone" error message.
5736 976. [func] named-checkconf can now test load master zones
5737 (named-checkconf -z). [RT #1468]
5739 975. [bug] "max-cache-size default;" as a view option
5740 caused an assertion failure.
5742 974. [bug] "max-cache-size unlimited;" as a global option
5745 973. [bug] Failed to log the question name when logging:
5746 "bad zone transfer request: non-authoritative zone
5749 972. [bug] The file modification time code in zone.c was using the
5750 wrong epoch. [RT #1667]
5754 970. [func] 'max-journal-size' can now be used to set a target
5757 969. [func] dig now supports the undocumented dig 8 feature
5758 of allowing arbitrary labels, not just dotted
5759 decimal quads, with the -x option. This can be
5760 used to conveniently look up RFC2317 names as in
5761 "dig -x 10.0.0.0-127". [RT #827, #1576, #1598]
5763 968. [bug] On win32, the isc_time_now() function was unnecessarily
5764 calling strtime(). [RT #1671]
5766 967. [bug] On win32, the link for bindevt was not including the
5767 required resource file to enable the event viewer
5768 to interpret the error messages in the event log,
5773 965. [bug] Including data other than root server NS and A
5774 records in the root hint file could cause a rbtdb
5775 node reference leak. [RT #1581, #1618]
5777 964. [func] Warn if data other than root server NS and A records
5778 are found in the root hint file. [RT #1581, #1618]
5780 963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
5782 962. [bug] libbind: bad "#undef", don't attempt to install
5783 non-existent nlist.h. [RT #1640]
5785 961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
5786 was not defined. [RT #1482]
5788 960. [port] liblwres failed to build on systems with support for
5789 getrrsetbyname() in the OS. [RT #1592]
5791 959. [port] On FreeBSD, determine the number of CPUs by calling
5792 sysctlbyname(). [RT #1584]
5794 958. [port] ssize_t is not available on all platforms. [RT #1607]
5796 957. [bug] sys/select.h inclusion was broken on older platforms.
5799 956. [bug] ns_g_autorndcfile changed to ns_g_keyfile
5800 in named/win32/os.c due to code changes in
5801 change #953. win32 .make file for rndc-confgen
5802 updated to add include path for os.h header.
5804 --- 9.2.0rc1 released ---
5806 955. [bug] When using views, the zone's class was not being
5807 inherited from the view's class. [RT #1583]
5809 954. [bug] When requesting AXFRs or IXFRs using dig, host, or
5810 nslookup, the RD bit should not be set as zone
5811 transfers are inherently non-recursive. [RT #1575]
5813 953. [func] The /var/run/named.key file from change #843
5814 has been replaced by /etc/rndc.key. Both
5815 named and rndc will look for this file and use
5816 it to configure a default control channel key
5817 if not already configured using a different
5818 method (rndc.conf / controls). Unlike
5819 named.key, rndc.key is not created automatically;
5820 it must be created by manually running
5823 952. [bug] The server required manual intervention to serve the
5824 affected zones if it died between creating a journal
5825 and committing the first change to it.
5827 951. [bug] CFLAGS was not passed to the linker when
5828 linking some of the test programs under
5829 bin/tests. [RT #1555].
5831 950. [bug] Explicit TTLs did not properly override $TTL
5832 due to a bug in change 834. [RT #1558]
5834 949. [bug] host was unable to print records larger than 512
5837 --- 9.2.0b2 released ---
5839 948. [port] Integrated support for building on Windows NT /
5842 947. [bug] dns_rdata_soa_t had a badly named element "mname" which
5843 was really the RNAME field from RFC1035. To avoid
5844 confusion and silent errors that would occur it the
5845 "origin" and "mname" elements were given their correct
5846 names "mname" and "rname" respectively, the "mname"
5847 element is renamed to "contact".
5849 946. [cleanup] doc/misc/options is now machine-generated from the
5850 configuration parser syntax tables, and therefore
5851 more likely to be correct.
5853 945. [func] Add the new view-specific options
5854 "match-destinations" and "match-recursive-only".
5856 944. [func] Check for expired signatures on load.
5858 943. [bug] The server could crash when receiving a command
5859 via rndc if the configuration file listed only
5860 nonexistent keys in the controls statement. [RT #1530]
5862 942. [port] libbind: GETNETBYADDR_ADDR_T was not correctly
5863 defined on some platforms.
5865 941. [bug] The configuration checker crashed if a slave
5866 zone didn't contain a masters statement. [RT #1514]
5868 940. [bug] Double zone locking failure on error path. [RT #1510]
5870 --- 9.2.0b1 released ---
5872 939. [port] Add the --disable-linux-caps option to configure for
5873 systems that manage capabilities outside of named.
5878 937. [bug] A race when shutting down a zone could trigger a
5879 INSIST() failure. [RT #1034]
5881 936. [func] Warn about IPv4 addresses that are not complete
5882 dotted quads. [RT #1084]
5884 935. [bug] inet_pton failed to reject leading zeros.
5886 934. [port] Deal with systems where accept() spuriously returns
5889 933. [bug] configure failed doing libbind on platforms not
5890 supported by BIND 8. [RT #1496]
5892 --- 9.2.0a3 released ---
5894 932. [bug] Use INSTALL_SCRIPT, not INSTALL_PROGRAM,
5895 when installing isc-config.sh.
5898 931. [bug] The controls statement only attempted to verify
5899 messages using the first key in the key list.
5902 930. [func] Query performance testing tool added as
5907 928. [bug] nsupdate would send empty update packets if the
5908 send (or empty line) command was run after
5909 another send but before any new updates or
5910 prerequisites were specified. It should simply
5911 ignore this command.
5913 927. [bug] Don't hold the zone lock for the entire dump to disk.
5916 926. [bug] The resolver could deadlock with the ADB when
5917 shutting down (multi-threaded builds only).
5920 925. [cleanup] Remove openssl from the distribution; require that
5921 --with-openssl be specified if DNSSEC is needed.
5923 924. [port] Extend support for pre-RFC2133 IPv6 implementation.
5926 923. [bug] Multiline TSIG secrets (and other multiline strings)
5927 were not accepted in named.conf. [RT #1469]
5929 922. [func] Added two new lwres_getrrsetbyname() result codes,
5930 ERR_NONAME and ERR_NODATA.
5932 921. [bug] lwres returned an incorrect error code if it received
5933 a truncated message.
5935 920. [func] Increase the lwres receive buffer size to 16K.
5940 918. [func] In nsupdate, TSIG errors are no longer treated as
5943 917. [func] New nsupdate command 'key', allowing TSIG keys to
5944 be specified in the nsupdate command stream rather
5945 than the command line.
5947 916. [bug] Specifying type ixfr to dig without specifying
5948 a serial number failed in unexpected ways.
5950 915. [func] The named-checkconf and named-checkzone programs
5951 now have a '-v' option for printing their version.
5954 914. [bug] Global 'server' statements were rejected when
5955 using views, even though they were accepted
5958 913. [bug] Cache cleaning was not sufficiently aggressive.
5961 912. [bug] Attempts to set the 'additional-from-cache' or
5962 'additional-from-auth' option to 'no' in a
5963 server with recursion enabled will now
5964 be ignored and cause a warning message.
5969 910. [port] Some pre-RFC2133 IPv6 implementations do not define
5970 IN6ADDR_ANY_INIT. [RT #1416]
5974 908. [func] New program, rndc-confgen, to simplify setting up rndc.
5976 907. [func] The ability to get entropy from either the
5977 random device, a user-provided file or from
5978 the keyboard was migrated from the DNSSEC tools
5979 to libisc as isc_entropy_usebestsource().
5981 906. [port] Separated the system independent portion of
5982 lib/isc/unix/entropy.c into lib/isc/entropy.c
5983 and added lib/isc/win32/entropy.c.
5985 905. [bug] Configuring a forward "zone" for the root domain
5986 did not work. [RT #1418]
5988 904. [bug] The server would leak memory if attempting to use
5989 an expired TSIG key. [RT #1406]
5991 903. [bug] dig should not crash when receiving a TCP packet
5994 902. [bug] The -d option was ignored if both -t and -g were also
5999 900. [bug] A config.guess update changed the system identification
6000 string of FreeBSD systems; configure and
6001 bin/tests/system/ifconfig.sh now recognize the new
6004 --- 9.2.0a2 released ---
6006 899. [bug] lib/dns/soa.c failed to compile on many platforms
6007 due to inappropriate use of a void value.
6008 [RT #1372, #1373, #1386, #1387, #1395]
6010 898. [bug] "dig" failed to set a nonzero exit status
6011 on UDP query timeout. [RT #1323]
6013 897. [bug] A config.guess update changed the system identification
6014 string of UnixWare systems; configure now recognizes
6017 896. [bug] If a configuration file is set on named's command line
6018 and it has a relative pathname, the current directory
6019 (after any possible jailing resulting from named -t)
6020 will be prepended to it so that reloading works
6021 properly even when a directory option is present.
6023 895. [func] New function, isc_dir_current(), akin to POSIX's
6026 894. [bug] When using the DNSSEC tools, a message intended to warn
6027 when the keyboard was being used because of the lack
6028 of a suitable random device was not being printed.
6030 893. [func] Removed isc_file_test() and added isc_file_exists()
6031 for the basic functionality that was being added
6032 with isc_file_test().
6036 891. [bug] Return an error when a SIG(0) signed response to
6037 an unsigned query is seen. This should actually
6038 do the verification, but it's not currently
6039 possible. [RT #1391]
6041 890. [cleanup] The man pages no longer require the mandoc macros
6042 and should now format cleanly using most versions of
6043 nroff, and HTML versions of the man pages have been
6044 added. Both are generated from DocBook source.
6046 889. [port] Eliminated blank lines before .TH in nroff man
6047 pages since they cause problems with some versions
6048 of nroff. [RT #1390]
6050 888. [bug] Don't die when using TKEY to delete a nonexistent
6051 TSIG key. [RT #1392]
6053 887. [port] Detect broken compilers that can't call static
6054 functions from inline functions. [RT #1212]
6096 866. [func] Close debug only file channels when debug is set to
6099 865. [bug] The new configuration parser did not allow
6100 the optional debug level in a "severity debug"
6101 clause of a logging channel to be omitted.
6102 This is now allowed and treated as "severity
6103 debug 1;" like it does in BIND 8.2.4, not as
6104 "severity debug 0;" like it did in BIND 9.1.
6107 864. [cleanup] Multi-threading is now enabled by default on
6108 OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.
6110 863. [bug] If an error occurred while an outgoing zone transfer
6111 was starting up, the server could access a domain
6112 name that had already been freed when logging a
6113 message saying that the transfer was starting.
6116 862. [bug] Use after realloc(), non portable pointer arithmetic in
6119 861. [port] Add support for Mac OS X, by making it equivalent
6120 to Darwin. This was derived from the config.guess
6121 file shipped with Mac OS X. [RT #1355]
6123 860. [func] Drop cross class glue in zone transfers.
6125 859. [bug] Cache cleaning now won't swamp the CPU if there
6126 is a persistent over limit condition.
6128 858. [func] isc_mem_setwater() no longer requires that when the
6129 callback function is non-NULL then its hi_water
6130 argument must be greater than its lo_water argument
6131 (they can now be equal) or that they be non-zero.
6133 857. [cleanup] Use ISC_MAGIC() to define all magic numbers for
6134 structs, for our friends in EBCDIC-land.
6136 856. [func] Allow partial rdatasets to be returned in answer and
6137 authority sections to help non-TCP capable clients
6138 recover from truncation. [RT #1301]
6140 855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings.
6142 854. [bug] The config parser didn't properly handle config
6143 options that were specified in units of time other
6144 than seconds. [RT #1372]
6146 853. [bug] configure_view_acl() failed to detach existing acls.
6149 852. [bug] Handle responses from servers which do not know
6152 851. [cleanup] The obsolete support-ixfr option was not properly
6155 --- 9.2.0a1 released ---
6157 850. [bug] dns_rbt_findnode() would not find nodes that were
6158 split on a bitstring label somewhere other than in
6159 the last label of the node. [RT #1351]
6161 849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
6163 848. [func] A minimum max-cache-size of two megabytes is enforced
6164 by the cache cleaner.
6166 847. [func] Added isc_file_test(), which currently only has
6167 some very basic functionality to test for the
6168 existence of a file, whether a pathname is absolute,
6169 or whether a pathname is the fundamental representation
6170 of the current directory. It is intended that this
6171 function can be expanded to test other things a
6172 programmer might want to know about a file.
6174 846. [func] A non-zero 'param' to dst_key_generate() when making an
6175 hmac-md5 key means that good entropy is not required.
6177 845. [bug] The access rights on the public file of a symmetric
6178 key are now restricted as soon as the file is opened,
6179 rather than after it has been written and closed.
6181 844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
6182 just as <lwres/net.h> does.
6184 843. [func] If no controls statement is present in named.conf,
6185 or if any inet phrase of a controls statement is
6186 lacking a keys clause, then a key will be automatically
6187 generated by named and an rndc.conf-style file
6188 named named.key will be written that uses it. rndc
6189 will use this file only if its normal configuration
6190 file, or one provided on the command line, does not
6193 842. [func] 'rndc flush' now takes an optional view.
6195 841. [bug] When sdb modules were not declared threadsafe, their
6196 create and destroy functions were not serialized.
6198 840. [bug] The config file parser could print the wrong file
6199 name if an error was detected after an included file
6200 was parsed. [RT #1353]
6202 839. [func] Dump packets for which there was no view or that the
6203 class could not be determined to category "unmatched".
6205 838. [port] UnixWare 7.x.x is now suported by
6206 bin/tests/system/ifconfig.sh.
6208 837. [cleanup] Multi-threading is now enabled by default only on
6209 OSF1, Solaris 2.7 and newer, and AIX.
6211 836. [func] Upgraded libtool to 1.4.
6213 835. [bug] The dispatcher could enter a busy loop if
6214 it got an I/O error receiving on a UDP socket.
6217 834. [func] Accept (but warn about) master files beginning with
6218 an SOA record without an explicit TTL field and
6219 lacking a $TTL directive, by using the SOA MINTTL
6220 as a default TTL. This is for backwards compatibility
6221 with old versions of BIND 8, which accepted such
6222 files without warning although they are illegal
6223 according to RFC1035.
6225 833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
6226 <dns/soa.h>, and extended them to support
6227 all the integer-valued fields of the SOA RR.
6229 832. [bug] The default location for named.conf in named-checkconf
6230 should depend on --sysconfdir like it does in named.
6235 830. [func] Implement 'rndc status'.
6237 829. [bug] The DNS_R_ZONECUT result code should only be returned
6238 when an ANY query is made with DNS_DBFIND_GLUEOK set.
6239 In all other ANY query cases, returning the delegation
6242 828. [bug] The errno value from recvfrom() could be overwritten
6243 by logging code. [RT #1293]
6245 827. [bug] When an IXFR protocol error occurs, the slave
6246 should retry with AXFR.
6248 826. [bug] Some IXFR protocol errors were not detected.
6250 825. [bug] zone.c:ns_query() detached from the wrong zone
6251 reference. [RT #1264]
6253 824. [bug] Correct line numbers reported by dns_master_load().
6256 823. [func] The output of "dig -h" now goes to stdout so that it
6257 can easily be piped through "more". [RT #1254]
6259 822. [bug] Sending nxrrset prerequisites would crash nsupdate.
6262 821. [bug] The program name used when logging to syslog should
6263 be stripped of leading path components.
6266 820. [bug] Name server address lookups failed to follow
6267 A6 chains into the glue of local authoritative
6270 819. [bug] In certain cases, the resolver's attempts to
6271 restart an address lookup at the root could cause
6272 the fetch to deadlock (with itself) instead of
6273 restarting. [RT #1225]
6275 818. [bug] Certain pathological responses to ANY queries could
6276 cause an assertion failure. [RT #1218]
6278 817. [func] Adjust timeouts for dialup zone queries.
6280 816. [bug] Report potential problems with log file accessibility
6281 at configuration time, since such problems can't
6282 reliably be reported at the time they actually occur.
6284 815. [bug] If a log file was specified with a path separator
6285 character (i.e. "/") in its name and the directory
6286 did not exist, the log file's name was treated as
6287 though it were the directory name. [RT #1189]
6289 814. [bug] Socket objects left over from accept() failures
6290 were incorrectly destroyed, causing corruption
6291 of socket manager data structures.
6293 813. [bug] File descriptors exceeding FD_SETSIZE were handled
6296 812. [bug] dig sometimes printed incomplete IXFR responses
6297 due to an uninitialized variable. [RT #1188]
6299 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
6301 810. [bug] The signer name in SIG records was not properly
6302 down-cased when signing/verifying records. [RT #1186]
6304 809. [bug] Configuring a non-local address as a transfer-source
6305 could cause an assertion failure during load.
6307 808. [func] Add 'rndc flush' to flush the server's cache.
6309 807. [bug] When setting up TCP connections for incoming zone
6310 transfers, the transfer-source port was not
6311 ignored like it should be.
6313 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
6314 the calling stack to the zone maintenance level,
6315 causing zones to not reload when an included file was
6316 touched but the top-level zone file was not.
6318 805. [bug] When using "forward only", missing root hints should
6319 not cause queries to fail. [RT #1143]
6321 804. [bug] Attempting to obtain entropy could fail in some
6322 situations. This would be most common on systems
6323 with user-space threads. [RT #1131]
6325 803. [bug] Treat all SIG queries as if they have the CD bit set,
6326 otherwise no data will be returned [RT #749]
6328 802. [bug] DNSSEC key tags were computed incorrectly in almost
6329 all cases. [RT #1146]
6331 801. [bug] nsupdate should treat lines beginning with ';' as
6332 comments. [RT #1139]
6334 800. [bug] dnssec-signzone produced incorrect statistics for
6335 large zones. [RT #1133]
6337 799. [bug] The ADB didn't find AAAA glue in a zone unless A6
6338 glue was also present.
6340 798. [bug] nsupdate should be able to reject bad input lines
6341 and continue. [RT #1130]
6343 797. [func] Issue a warning if the 'directory' option contains
6344 a relative path. [RT #269]
6346 796. [func] When a size limit is associated with a log file,
6347 only roll it when the size is reached, not every
6348 time the log file is opened. [RT #1096]
6350 795. [func] Add the +multiline option to dig. [RT #1095]
6352 794. [func] Implement the "port" and "default-port" statements
6355 793. [cleanup] The DNSSEC tools could create filenames that were
6356 illegal or contained shell meta-characters. They
6357 now use a different text encoding of names that
6358 doesn't have these problems. [RT #1101]
6360 792. [cleanup] Replace the OMAPI command channel protocol with a
6363 791. [bug] The command channel now works over IPv6.
6365 790. [bug] Wildcards created using dynamic update or IXFR
6366 could fail to match. [RT #1111]
6368 789. [bug] The "localhost" and "localnets" ACLs did not match
6369 when used as the second element of a two-element
6372 788. [func] Add the "match-mapped-addresses" option, which
6373 causes IPv6 v4mapped addresses to be treated as
6374 IPv4 addresses for the purpose of acl matching.
6376 787. [bug] The DNSSEC tools failed to downcase domain
6377 names when mapping them into file names.
6379 786. [bug] When DNSSEC signing/verifying data, owner names were
6380 not properly down-cased.
6382 785. [bug] A race condition in the resolver could cause
6383 an assertion failure. [RT #673, #872, #1048]
6385 784. [bug] nsupdate and other programs would not quit properly
6386 if some signals were blocked by the caller. [RT #1081]
6388 783. [bug] Following CNAMEs could cause an assertion failure
6389 when either using an sdb database or under very
6392 782. [func] Implement the "serial-query-rate" option.
6394 781. [func] Avoid error packet loops by dropping duplicate FORMERR
6395 responses. [RT #1006]
6397 780. [bug] Error handling code dealing with out of memory or
6398 other rare errors could lead to assertion failures
6399 by calling functions on uninitialized names. [RT #1065]
6401 779. [func] Added the "minimal-responses" option.
6403 778. [bug] When starting cache cleaning, cleaning_timer_action()
6404 returned without first pausing the iterator, which
6405 could cause deadlock. [RT #998]
6407 777. [bug] An empty forwarders list in a zone failed to override
6408 global forwarders. [RT #995]
6410 776. [func] Improved error reporting in denied messages. [RT #252]
6414 774. [func] max-cache-size is implemented.
6416 773. [func] Added isc_rwlock_trylock() to attempt to lock without
6419 772. [bug] Owner names could be incorrectly omitted from cache
6420 dumps in the presence of negative caching entries.
6423 771. [cleanup] TSIG errors related to unsynchronized clocks
6424 are logged better. [RT #919]
6426 770. [func] Add the "edns yes_or_no" statement to the server
6429 769. [func] Improved error reporting when parsing rdata. [RT #740]
6431 768. [bug] The server did not emit an SOA when a CNAME
6432 or DNAME chain ended in NXDOMAIN in an
6437 766. [bug] A few cases in query_find() could leak fname.
6438 This would trigger the mpctx->allocated == 0
6439 assertion when the server exited.
6440 [RT #739, #776, #798, #812, #818, #821, #845,
6443 765. [func] ACL names are once again case insensitive, like
6444 in BIND 8. [RT #252]
6446 764. [func] Configuration files now allow "include" directives
6447 in more places, such as inside the "view" statement.
6448 [RT #377, #728, #860]
6450 763. [func] Configuration files no longer have reserved words.
6453 762. [cleanup] The named.conf and rndc.conf file parsers have
6454 been completely rewritten.
6456 761. [bug] _REENTRANT was still defined when building with
6459 760. [contrib] Significant enhancements to the pgsql sdb driver.
6461 759. [bug] The resolver didn't turn off "avoid fetches" mode
6462 when restarting, possibly causing resolution
6463 to fail when it should not. This bug only affected
6464 platforms which support both IPv4 and IPv6. [RT #927]
6466 758. [bug] The "avoid fetches" code did not treat negative
6467 cache entries correctly, causing fetches that would
6468 be useful to be avoided. This bug only affected
6469 platforms which support both IPv4 and IPv6. [RT #927]
6471 757. [func] Log zone transfers.
6473 756. [bug] dns_zone_load() could "return" success when no master
6474 file was configured.
6476 755. [bug] Fix incorrectly formatted log messages in zone.c.
6478 754. [bug] Certain failure conditions sending UDP packets
6479 could cause the server to retry the transmission
6480 indefinitely. [RT #902]
6482 753. [bug] dig, host, and nslookup would fail to contact a
6483 remote server if getaddrinfo() returned an IPv6
6484 address on a system that doesn't support IPv6.
6487 752. [func] Correct bad tv_usec elements returned by
6490 751. [func] Log successful zone loads / transfers. [RT #898]
6492 750. [bug] A query should not match a DNAME whose trust level
6493 is pending. [RT #916]
6495 749. [bug] When a query matched a DNAME in a secure zone, the
6496 server did not return the signature of the DNAME.
6499 748. [doc] List supported RFCs in doc/misc/rfc-compliance.
6502 747. [bug] The code to determine whether an IXFR was possible
6503 did not properly check for a database that could
6504 not have a journal. [RT #865, #908]
6506 746. [bug] The sdb didn't clone rdatasets properly, causing
6507 a crash when the server followed delegations. [RT #905]
6509 745. [func] Report the owner name of records that fail
6510 semantic checks while loading.
6512 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the
6513 result of an ANY or SIG query, the resolver failed
6514 to setup the return event's rdatasets, causing an
6515 assertion failure in the query code. [RT #881]
6517 743. [bug] Receiving a large number of certain malformed
6518 answers could cause named to stop responding.
6523 741. [port] Support openssl-engine. [RT #709]
6525 740. [port] Handle openssl library mismatches slightly better.
6527 739. [port] Look for /dev/random in configure, rather than
6528 assuming it will be there for only a predefined
6531 738. [bug] If a non-threadsafe sdb driver supported AXFR and
6532 received an AXFR request, it would deadlock or die
6533 with an assertion failure. [RT #852]
6535 737. [port] stdtime.c failed to compile on certain platforms.
6537 736. [func] New functions isc_task_{begin,end}exclusive().
6539 735. [doc] Add BIND 4 migration notes.
6541 734. [bug] An attempt to re-lock the zone lock could occur if
6542 the server was shutdown during a zone transfer.
6545 733. [bug] Reference counts of dns_acl_t objects need to be
6546 locked but were not. [RT #801, #821]
6548 732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828]
6550 731. [bug] Certain zone errors could cause named-checkzone to
6551 fail ungracefully. [RT #819]
6553 730. [bug] lwres_getaddrinfo() returns the correct result when
6554 it fails to contact a server. [RT #768]
6556 729. [port] pthread_setconcurrency() needs to be called on Solaris.
6558 728. [bug] Fix comment processing on master file directives.
6561 727. [port] Work around OS bug where accept() succeeds but
6562 fails to fill in the peer address of the accepted
6563 connection, by treating it as an error rather than
6564 an assertion failure. [RT #809]
6566 726. [func] Implement the "trace" and "notrace" commands in rndc.
6568 725. [bug] Installing man pages could fail.
6570 724. [func] New libisc functions isc_netaddr_any(),
6573 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
6574 to return DNS_R_SERVFAIL. [RT #783]
6576 722. [func] Allow incremental loads to be canceled.
6578 721. [cleanup] Load manager and dns_master_loadfilequota() are no
6581 720. [bug] Server could enter infinite loop in
6582 dispatch.c:do_cancel(). [RT #733]
6584 719. [bug] Rapid reloads could trigger an assertion failure.
6587 718. [cleanup] "internal" is no longer a reserved word in named.conf.
6590 717. [bug] Certain TKEY processing failure modes could
6591 reference an uninitialized variable, causing the
6592 server to crash. [RT #750]
6594 716. [bug] The first line of a $INCLUDE master file was lost if
6595 an origin was specified. [RT #744]
6597 715. [bug] Resolving some A6 chains could cause an assertion
6598 failure in adb.c. [RT #738]
6600 714. [bug] Preserve interval timers across reloads unless changed.
6603 713. [func] named-checkconf takes '-t directory' similar to named.
6606 712. [bug] Sending a large signed update message caused an
6607 assertion failure. [RT #718]
6609 711. [bug] The libisc and liblwres implementations of
6610 inet_ntop contained an off by one error.
6612 710. [func] The forwarders statement now takes an optional
6615 709. [bug] ANY or SIG queries for data with a TTL of 0
6616 would return SERVFAIL. [RT #620]
6618 708. [bug] When building with --with-openssl, the openssl headers
6619 included with BIND 9 should not be used. [RT #702]
6621 707. [func] The "filename" argument to named-checkzone is no
6622 longer optional, to reduce confusion. [RT #612]
6624 706. [bug] Zones with an explicit "allow-update { none; };"
6625 were considered dynamic and therefore not reloaded
6626 on SIGHUP or "rndc reload".
6628 705. [port] Work out resource limit type for use where rlim_t is
6629 not available. [RT #695]
6631 704. [port] RLIMIT_NOFILE is not available on all platforms.
6634 703. [port] sys/select.h is needed on older platforms. [RT #695]
6636 702. [func] If the address 0.0.0.0 is seen in resolv.conf,
6637 use 127.0.0.1 instead. [RT #693]
6639 701. [func] Root hints are now fully optional. Class IN
6640 views use compiled-in hints by default, as
6641 before. Non-IN views with no root hints now
6642 provide authoritative service but not recursion.
6643 A warning is logged if a view has neither root
6644 hints nor authoritative data for the root. [RT #696]
6646 700. [bug] $GENERATE range check was wrong. [RT #688]
6648 699. [bug] The lexer mishandled empty quoted strings. [RT #694]
6650 698. [bug] Aborting nsupdate with ^C would lead to several
6653 697. [bug] nsupdate was not compatible with the undocumented
6654 BIND 8 behavior of ignoring TTLs in "update delete"
6657 696. [bug] lwresd would die with an assertion failure when passed
6658 a zero-length name. [RT #692]
6660 695. [bug] If the resolver attempted to query a blackholed or
6661 bogus server, the resolution would fail immediately.
6663 694. [bug] $GENERATE did not produce the last entry.
6666 693. [bug] An empty lwres statement in named.conf caused
6667 the server to crash while loading.
6669 692. [bug] Deal with systems that have getaddrinfo() but not
6670 gai_strerror(). [RT #679]
6672 691. [bug] Configuring per-view forwarders caused an assertion
6673 failure. [RT #675, #734]
6675 690. [func] $GENERATE now supports DNAME. [RT #654]
6677 689. [doc] man pages are now installed. [RT #210]
6679 688. [func] "make tags" now works on systems with the
6680 "Exuberant Ctags" etags.
6682 687. [bug] Only say we have IPv6, with sufficient functionality,
6683 if it has actually been tested. [RT #586]
6685 686. [bug] dig and nslookup can now be properly aborted during
6686 blocking operations. [RT #568]
6688 685. [bug] nslookup should use the search list/domain options
6689 from resolv.conf by default. [RT #405, #630]
6691 684. [bug] Memory leak with view forwarders. [RT #656]
6693 683. [bug] File descriptor leak in isc_lex_openfile().
6695 682. [bug] nslookup displayed SOA records incorrectly. [RT #665]
6697 681. [bug] $GENERATE specifying output format was broken. [RT #653]
6699 680. [bug] dns_rdata_fromstruct() mishandled options bigger
6702 679. [bug] $INCLUDE could leak memory and file descriptors on
6705 678. [bug] "transfer-format one-answer;" could trigger an assertion
6708 677. [bug] dnssec-signzone would occasionally use the wrong ttl
6709 for database operations and fail. [RT #643]
6711 676. [bug] Log messages about lame servers to category
6712 'lame-servers' rather than 'resolver', so as not
6713 to be gratuitously incompatible with BIND 8.
6715 675. [bug] TKEY queries could cause the server to leak
6718 674. [func] Allow messages to be TSIG signed / verified using
6719 a offset from the current time.
6721 673. [func] The server can now convert RFC1886-style recursive
6722 lookup requests into RFC2874-style lookups, when
6723 enabled using the new option "allow-v6-synthesis".
6725 672. [bug] The wrong time was in the "time signed" field when
6726 replying with BADTIME error.
6728 671. [bug] The message code was failing to parse a message with
6729 no question section and a TSIG record. [RT #628]
6731 670. [bug] The lwres replacements for getaddrinfo and
6732 getipnodebyname didn't properly check for the
6733 existence of the sockaddr sa_len field.
6735 669. [bug] dnssec-keygen now makes the public key file
6736 non-world-readable for symmetric keys. [RT #403]
6738 668. [func] named-checkzone now reports multiple errors in master
6741 667. [bug] On Linux, running named with the -u option and a
6742 non-world-readable configuration file didn't work.
6745 666. [bug] If a request sent by dig is longer than 512 bytes,
6748 665. [bug] Signed responses were not sent when the size of the
6749 TSIG + question exceeded the maximum message size.
6752 664. [bug] The t_tasks and t_timers module tests are now skipped
6753 when building without threads, since they require
6756 663. [func] Accept a size_spec, not just an integer, in the
6757 (unimplemented and ignored) max-ixfr-log-size option
6758 for compatibility with recent versions of BIND 8.
6761 662. [bug] dns_rdata_fromtext() failed to log certain errors.
6763 661. [bug] Certain UDP IXFR requests caused an assertion failure
6764 (mpctx->allocated == 0). [RT #355, #394, #623]
6766 660. [port] Detect multiple CPUs on HP-UX and IRIX.
6768 659. [performance] Rewrite the name compression code to be much faster.
6770 658. [cleanup] Remove all vestiges of 16 bit global compression.
6772 657. [bug] When a listen-on statement in an lwres block does not
6773 specify a port, use 921, not 53. Also update the
6774 listen-on documentation. [RT #616]
6776 656. [func] Treat an unescaped newline in a quoted string as
6777 an error. This means that TXT records with missing
6778 close quotes should have meaningful errors printed.
6780 655. [bug] Improve error reporting on unexpected eof when loading
6783 654. [bug] Origin was being forgotten in TCP retries in dig.
6786 653. [bug] +defname option in dig was reversed in sense.
6789 652. [bug] zone_saveunique() did not report the new name.
6791 651. [func] The AD bit in responses now has the meaning
6792 specified in <draft-ietf-dnsext-ad-is-secure>.
6794 650. [bug] SIG(0) records were being generated and verified
6795 incorrectly. [RT #606]
6797 649. [bug] It was possible to join to an already running fctx
6798 after it had "cloned" its events, but before it sent
6799 them. In this case, the event of the newly joined
6800 fetch would not contain the answer, and would
6801 trigger the INSIST() in fctx_sendevents(). In
6802 BIND 9.0, this bug did not trigger an INSIST(), but
6803 caused the fetch to fail with a SERVFAIL result.
6804 [RT #588, #597, #605, #607]
6806 648. [port] Add support for pre-RFC2133 IPv6 implementations.
6808 647. [bug] Resolver queries sent after following multiple
6809 referrals had excessively long retransmission
6810 timeouts due to incorrectly counting the referrals
6813 646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
6814 didn't _cleanly_ fix the problem it was trying to fix.
6816 645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
6818 644. [bug] #622 needed more work. [RT #562]
6820 643. [bug] xfrin error messages made more verbose, added class
6821 of the zone. [RT# 599]
6823 642. [bug] Break the exit_check() race in the zone module.
6826 --- 9.1.0b2 released ---
6828 641. [bug] $GENERATE caused a uninitialized link to be used.
6831 640. [bug] Memory leak in error path could cause
6832 "mpctx->allocated == 0" failure. [RT #584]
6834 639. [bug] Reading entropy from the keyboard would sometimes fail.
6837 638. [port] lib/isc/random.c needed to explicitly include time.h
6838 to get a prototype for time() when pthreads was not
6839 being used. [RT #592]
6841 637. [port] Use isc_u?int64_t instead of (unsigned) long long in
6842 lib/isc/print.c. Also allow lib/isc/print.c to
6843 be compiled even if the platform does not need it.
6846 636. [port] Shut up MSVC++ about a possible loss of precision
6847 in the ISC__BUFFER_PUTUINT*() macros. [RT #592]
6849 635. [bug] Reloading a server with a configured blackhole list
6850 would cause an assertion. [RT #590]
6852 634. [bug] A log file will completely stop being written when
6853 it reaches the maximum size in all cases, not just
6854 when versioning is also enabled. [RT #570]
6856 633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
6858 632. [bug] The index array of the journal file was
6859 corrupted as it was written to disk.
6861 631. [port] Build without thread support on systems without
6864 630. [bug] Locking failure in zone code. [RT #582]
6866 629. [bug] 9.1.0b1 dereferenced a null pointer and crashed
6867 when responding to a UDP IXFR request.
6869 628. [bug] If the root hints contained only AAAA addresses,
6870 named would be unable to perform resolution.
6872 627. [bug] The EDNS0 blackhole detection code of change 324
6873 waited for three retransmissions to each server,
6874 which takes much too long when a domain has many
6875 name servers and all of them drop EDNS0 queries.
6876 Now we retry without EDNS0 after three consecutive
6877 timeouts, even if they are all from different
6880 626. [bug] The lightweight resolver daemon no longer crashes
6881 when asked for a SIG rrset. [RT #558]
6883 625. [func] Zones now inherit their class from the enclosing view.
6885 624. [bug] The zone object could get timer events after it had
6886 been destroyed, causing a server crash. [RT #571]
6888 623. [func] Added "named-checkconf" and "named-checkzone" program
6889 for syntax checking named.conf files and zone files,
6892 622. [bug] A canceled request could be destroyed before
6893 dns_request_destroy() was called. [RT #562]
6895 621. [port] Disable IPv6 at runtime if IPv6 sockets are unusable.
6896 This mostly affects Red Hat Linux 7.0, which has
6897 conflicts between libc and the kernel.
6899 620. [bug] dns_master_load*inc() now require 'task' and 'load'
6900 to be non-null. Also 'done' will not be called if
6901 dns_master_load*inc() fails immediately. [RT #565]
6905 618. [bug] Queries to a signed zone could sometimes cause
6906 an assertion failure.
6908 617. [bug] When using dynamic update to add a new RR to an
6909 existing RRset with a different TTL, the journal
6910 entries generated from the update did not include
6911 explicit deletions and re-additions of the existing
6912 RRs to update their TTL to the new value.
6914 616. [func] dnssec-signzone -t output now includes performance
6917 615. [bug] dnssec-signzone did not like child keysets signed
6920 614. [bug] Checks for uninitialized link fields were prone
6921 to false positives, causing assertion failures.
6922 The checks are now disabled by default and may
6923 be re-enabled by defining ISC_LIST_CHECKINIT.
6925 613. [bug] "rndc reload zone" now reloads primary zones.
6926 It previously only updated slave and stub zones,
6927 if an SOA query indicated an out of date serial.
6929 612. [cleanup] Shutup a ridiculously noisy HP-UX compiler that
6930 complains relentlessly about how its treatment
6931 of 'const' has changed as well as how casting
6932 sometimes tightens alignment constraints.
6934 611. [func] allow-notify can be used to permit processing of
6935 notify messages from hosts other than a slave's
6938 610. [func] rndc dumpdb is now supported.
6940 609. [bug] getrrsetbyname() would crash lwresd if the server
6941 found more SIGs than answers. [RT #554]
6943 608. [func] dnssec-signzone now adds a comment to the zone
6944 with the time the file was signed.
6946 607. [bug] nsupdate would fail if it encountered a CNAME or
6947 DNAME in a response to an SOA query. [RT #515]
6949 606. [bug] Compiling with --disable-threads failed due
6950 to isc_thread_self() being incorrectly defined
6951 as an integer rather than a function.
6953 605. [func] New function isc_lex_getlasttokentext().
6955 604. [bug] The named.conf parser could print incorrect line
6956 numbers when long comments were present.
6958 603. [bug] Make dig handle multiple types or classes on the same
6959 query more correctly.
6961 602. [func] Cope automatically with UnixWare's broken
6962 IN6_IS_ADDR_* macros. [RT #539]
6964 601. [func] Return a non-zero exit code if an update fails
6967 600. [bug] Reverse lookups sometimes failed in dig, etc...
6969 599. [func] Added four new functions to the libisc log API to
6970 support i18n messages. isc_log_iwrite(),
6971 isc_log_ivwrite(), isc_log_iwrite1() and
6972 isc_log_ivwrite1() were added.
6974 598. [bug] An update-policy statement would cause the server
6975 to assert while loading. [RT #536]
6977 597. [func] dnssec-signzone is now multi-threaded.
6979 596. [bug] DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
6980 not mutually exclusive.
6982 595. [port] On Linux 2.2, socket() returns EINVAL when it
6983 should return EAFNOSUPPORT. Work around this.
6986 594. [func] sdb drivers are now assumed to not be thread-safe
6987 unless the DNS_SDBFLAG_THREADSAFE flag is supplied.
6989 593. [bug] If a secure zone was missing all its NXTs and
6990 a dynamic update was attempted, the server entered
6993 592. [bug] The sig-validity-interval option now specifies a
6994 number of days, not seconds. This matches the
6995 documentation. [RT #529]
6997 --- 9.1.0b1 released ---
6999 591. [bug] Work around non-reentrancy in openssl by disabling
7000 pre-computation in keys.
7002 590. [doc] There are now man pages for the lwres library in
7005 589. [bug] The server could deadlock if a zone was updated
7006 while being transferred out.
7008 588. [bug] ctx->in_use was not being correctly initialized when
7009 when pushing a file for $INCLUDE. [RT #523]
7011 587. [func] A warning is now printed if the "allow-update"
7012 option allows updates based on the source IP
7013 address, to alert users to the fact that this
7014 is insecure and becoming increasingly so as
7015 servers capable of update forwarding are being
7018 586. [bug] multiple views with the same name were fatal. [RT #516]
7020 585. [func] dns_db_addrdataset() and and dns_rdataslab_merge()
7021 now support 'exact' additions in a similar manner to
7022 dns_db_subtractrdataset() and dns_rdataslab_subtract().
7024 584. [func] You can now say 'notify explicit'; to suppress
7025 notification of the servers listed in NS records
7026 and notify only those servers listed in the
7027 'also-notify' option.
7029 583. [func] "rndc querylog" will now toggle logging of
7030 queries, like "ndc querylog" in BIND 8.
7032 582. [bug] dns_zone_idetach() failed to lock the zone.
7035 581. [bug] log severity was not being correctly processed.
7038 580. [func] Ignore trailing garbage on incoming DNS packets,
7039 for interoperability with broken server
7040 implementations. [RT #491]
7042 579. [bug] nsupdate did not take a filename to read update from.
7045 578. [func] New config option "notify-source", to specify the
7046 source address for notify messages.
7048 577. [func] Log illegal RDATA combinations. e.g. multiple
7049 singleton types, cname and other data.
7051 576. [doc] isc_log_create() description did not match reality.
7053 575. [bug] isc_log_create() was not setting internal state
7054 correctly to reflect the default channels created.
7056 574. [bug] TSIG signed queries sent by the resolver would fail to
7057 have their responses validated and would leak memory.
7059 573. [bug] The journal files of IXFRed slave zones were
7060 inadvertently discarded on server reload, causing
7061 "journal out of sync with zone" errors on subsequent
7064 572. [bug] Quoted strings were not accepted as key names in
7065 address match lists.
7067 571. [bug] It was possible to create an rdataset of singleton
7068 type which had more than one rdata. [RT #154]
7071 570. [bug] rbtdb.c allowed zones containing nodes which had
7072 both a CNAME and "other data". [RT #154]
7074 569. [func] The DNSSEC AD bit will not be set on queries which
7075 have not requested a DNSSEC response.
7077 568. [func] Add sample simple database drivers in contrib/sdb.
7079 567. [bug] Setting the zone transfer timeout to zero caused an
7080 assertion failure. [RT #302]
7082 566. [func] New public function dns_timer_setidle().
7084 565. [func] Log queries more like BIND 8: query logging is now
7085 done to category "queries", level "info". [RT #169]
7087 564. [func] Add sortlist support to lwresd.
7089 563. [func] New public functions dns_rdatatype_format() and
7090 dns_rdataclass_format(), for convenient formatting
7091 of rdata type/class mnemonics in log messages.
7093 562. [cleanup] Moved lib/dns/*conf.c to bin/named where they belong.
7095 561. [func] The 'datasize', 'stacksize', 'coresize' and 'files'
7096 clauses of the options{} statement are now implemented.
7098 560. [bug] dns_name_split did not properly the resulting prefix
7099 when a maximal length bitstring label was split which
7100 was preceded by another bitstring label. [RT #429]
7102 559. [bug] dns_name_split did not properly create the suffix
7103 when splitting within a maximal length bitstring label.
7105 558. [func] New functions, isc_resource_getlimit and
7106 isc_resource_setlimit.
7108 557. [func] Symbolic constants for libisc integral types.
7110 556. [func] The DNSSEC OK bit in the EDNS extended flags
7111 is now implemented. Responses to queries without
7112 this bit set will not contain any DNSSEC records.
7114 555. [bug] A slave server attempting a zone transfer could
7115 crash with an assertion failure on certain
7116 malformed responses from the master. [RT #457]
7118 554. [bug] In some cases, not all of the dnssec tools were
7121 553. [bug] Incoming zone transfers deferred due to quota
7122 were not started when quota was increased but
7123 only when a transfer in progress finished. [RT #456]
7125 552. [bug] We were not correctly detecting the end of all c-style
7128 551. [func] Implemented the 'sortlist' option.
7130 550. [func] Support unknown rdata types and classes.
7132 549. [bug] "make" did not immediately abort the build when a
7133 subdirectory make failed [RT #450].
7135 548. [func] The lexer now ungets tokens more correctly.
7139 546. [func] Option 'lame-ttl' is now implemented.
7141 545. [func] Name limit and counting options removed from dig;
7142 they didn't work properly, and cannot be correctly
7143 implemented without significant changes.
7145 544. [func] Add statistics option, enable statistics-file option,
7146 add RNDC option "dump-statistics" to write out a
7147 query statistics file.
7149 543. [doc] The 'port' option is now documented.
7151 542. [func] Add support for update forwarding as required for
7152 full compliance with RFC2136. It is turned off
7153 by default and can be enabled using the
7154 'allow-update-forwarding' option.
7156 541. [func] Add bogus server support.
7158 540. [func] Add dialup support.
7160 539. [func] Support the blackhole option.
7162 538. [bug] fix buffer overruns by 1 in lwres_getnameinfo().
7166 536. [func] Use transfer-source{-v6} when sending refresh queries.
7167 Transfer-source{-v6} now take a optional port
7168 parameter for setting the UDP source port. The port
7169 parameter is ignored for TCP.
7171 535. [func] Use transfer-source{-v6} when forwarding update
7174 534. [func] Ancestors have been removed from RBT chains. Ancestor
7175 information can be discerned via node parent pointers.
7177 533. [func] Incorporated name hashing into the RBT database to
7178 improve search speed.
7180 532. [func] Implement DNS UPDATE pseudo records using
7181 DNS_RDATA_UPDATE flag.
7183 531. [func] Rdata really should be initialized before being assigned
7184 to (dns_rdata_fromwire(), dns_rdata_fromtext(),
7185 dns_rdata_clone(), dns_rdata_fromregion()),
7188 530. [func] New function dns_rdata_invalidate().
7190 529. [bug] 521 contained a bug which caused zones to always
7193 528. [func] The ISC_LIST_XXXX macros now perform sanity checks
7194 on their arguments. ISC_LIST_XXXXUNSAFE can be use
7195 to skip the checks however use with caution.
7197 527. [func] New function dns_rdata_clone().
7199 526. [bug] nsupdate incorrectly refused to add RRs with a TTL
7202 525. [func] New arguments 'options' for dns_db_subtractrdataset(),
7203 and 'flags' for dns_rdataslab_subtract() allowing you
7204 to request that the RR's must exist prior to deletion.
7205 DNS_R_NOTEXACT is returned if the condition is not met.
7207 524. [func] The 'forward' and 'forwarders' statement in
7208 non-forward zones should work now.
7210 523. [doc] The source to the Administrator Reference Manual is
7211 now an XML file using the DocBook DTD, and is included
7212 in the distribution. The plain text version of the
7213 ARM is temporarily unavailable while we figure out
7214 how to generate readable plain text from the XML.
7216 522. [func] The lightweight resolver daemon can now use
7217 a real configuration file, and its functionality
7218 can be provided by a name server. Also, the -p and -P
7219 options to lwresd have been reversed.
7221 521. [bug] Detect master files which contain $INCLUDE and always
7224 520. [bug] Upgraded libtool to 1.3.5, which makes shared
7225 library builds almost work on AIX (and possibly
7228 519. [bug] dns_name_split() would improperly split some bitstring
7229 labels, zeroing a few of the least significant bits in
7230 the prefix part. When such an improperly created
7231 prefix was returned to the RBT database, the bogus
7232 label was dutifully stored, corrupting the tree.
7235 518. [bug] The resolver did not realize that a DNAME which was
7236 "the answer" to the client's query was "the answer",
7237 and such queries would fail. [RT #399]
7239 517. [bug] The resolver's DNAME code would trigger an assertion
7240 if there was more than one DNAME in the chain.
7243 516. [bug] Cache lookups which had a NULL node pointer, e.g.
7244 those by dns_view_find(), and which would match a
7245 DNAME, would trigger an INSIST(!search.need_cleanup)
7246 assertion. [RT #399]
7248 515. [bug] The ssu table was not being attached / detached
7249 by dns_zone_[sg]etssutable. [RT#397]
7251 514. [func] Retry refresh and notify queries if they timeout.
7254 513. [func] New functionality added to rdnc and server to allow
7255 individual zones to be refreshed or reloaded.
7257 512. [bug] The zone transfer code could throw an exception with
7258 an invalid IXFR stream.
7260 511. [bug] The message code could throw an assertion on an
7261 out of memory failure. [RT #392]
7263 510. [bug] Remove spurious view notify warning. [RT #376]
7265 509. [func] Add support for write of zone files on shutdown.
7267 508. [func] dns_message_parse() can now do a best-effort
7268 attempt, which should allow dig to print more invalid
7271 507. [func] New functions dns_zone_flush(), dns_zt_flushanddetach()
7272 and dns_view_flushanddetach().
7274 506. [func] Do not fail to start on errors in zone files.
7276 505. [bug] nsupdate was printing "unknown result code". [RT #373]
7278 504. [bug] The zone was not being marked as dirty when updated via
7281 503. [bug] dumptime was not being set along with
7282 DNS_ZONEFLG_NEEDDUMP.
7284 502. [func] On a SERVFAIL reply, DiG will now try the next server
7285 in the list, unless the +fail option is specified.
7287 501. [bug] Incorrect port numbers were being displayed by
7290 500. [func] Nearly useless +details option removed from DiG.
7292 499. [func] In DiG, specifying a class with -c or type with -t
7293 changes command-line parsing so that classes and
7294 types are only recognized if following -c or -t.
7295 This allows hosts with the same name as a class or
7296 type to be looked up.
7298 498. [doc] There is now a man page for "dig"
7299 in doc/man/bin/dig.1.
7301 497. [bug] The error messages printed when an IP match list
7302 contained a network address with a nonzero host
7303 part where not sufficiently detailed. [RT #365]
7305 496. [bug] named didn't sanity check numeric parameters. [RT #361]
7307 495. [bug] nsupdate was unable to handle large records. [RT #368]
7309 494. [func] Do not cache NXDOMAIN responses for SOA queries.
7311 493. [func] Return non-cachable (ttl = 0) NXDOMAIN responses
7312 for SOA queries. This makes it easier to locate
7313 the containing zone without polluting intermediate
7316 492. [bug] attempting to reload a zone caused the server fail
7317 to shutdown cleanly. [RT #360]
7319 491. [bug] nsupdate would segfault when sending certain
7320 prerequisites with empty RDATA. [RT #356]
7322 490. [func] When a slave/stub zone has not yet successfully
7323 obtained an SOA containing the zone's configured
7324 retry time, perform the SOA query retries using
7325 exponential backoff. [RT #337]
7327 489. [func] The zone manager now has a "i/o" queue.
7329 488. [bug] Locks weren't properly destroyed in some cases.
7331 487. [port] flockfile() is not defined on all systems.
7333 486. [bug] nslookup: "set all" and "server" commands showed
7334 the incorrect port number if a port other than 53
7335 was specified. [RT #352]
7337 485. [func] When dig had more than one server to query, it would
7338 send all of the messages at the same time. Add
7339 rate limiting of the transmitted messages.
7341 484. [bug] When the server was reloaded after removing addresses
7342 from the named.conf "listen-on" statement, sockets
7343 were still listening on the removed addresses due
7344 to reference count loops. [RT #325]
7346 483. [bug] nslookup: "set all" showed a "search" option but it
7349 482. [bug] nslookup: a plain "server" or "lserver" should be
7350 treated as a lookup.
7352 481. [bug] nslookup:get_next_command() stack size could exceed
7355 480. [bug] strtok() is not thread safe. [RT #349]
7357 479. [func] The test suite can now be run by typing "make check"
7358 or "make test" at the top level.
7360 478. [bug] "make install" failed if the directory specified with
7361 --prefix did not already exist.
7363 477. [bug] The the isc-config.sh script could be installed before
7364 its directory was created. [RT #324]
7366 476. [bug] A zone could expire while a zone transfer was in
7367 progress triggering a INSIST failure. [RT #329]
7369 475. [bug] query_getzonedb() sometimes returned a non-null version
7370 on failure. This caused assertion failures when
7371 generating query responses where names subject to
7372 additional section processing pointed to a zone
7373 to which access had been denied by means of the
7374 allow-query option. [RT #336]
7376 474. [bug] The mnemonic of the CHAOS class is CH according to
7377 RFC1035, but it was printed and read only as CHAOS.
7378 We now accept both forms as input, and print it
7381 473. [bug] nsupdate overran the end of the list of name servers
7382 when no servers could be reached, typically causing
7383 it to print the error message "dns_request_create:
7386 472. [bug] Off-by-one error caused isc_time_add() to sometimes
7387 produce invalid time values.
7389 471. [bug] nsupdate didn't compile on HP/UX 10.20
7391 470. [func] $GENERATE is now supported. See also
7394 469. [bug] "query-source address * port 53;" now works.
7396 468. [bug] dns_master_load*() failed to report file and line
7397 number in certain error conditions.
7399 467. [bug] dns_master_load*() failed to log an error if
7402 466. [bug] dns_master_load*() could return success when it failed.
7404 465. [cleanup] Allow 0 to be set as an omapi_value_t value by
7405 omapi_value_storeint().
7407 464. [cleanup] Build with openssl's RSA code instead of dnssafe.
7409 463. [bug] nsupdate sent malformed SOA queries to the second
7410 and subsequent name servers in resolv.conf if the
7411 query sent to the first one failed.
7413 462. [bug] --disable-ipv6 should work now.
7415 461. [bug] Specifying an unknown key in the "keys" clause of the
7416 "controls" statement caused a NULL pointer dereference.
7419 460. [bug] Much of the DNSSEC code only worked with class IN.
7421 459. [bug] Nslookup processed the "set" command incorrectly.
7423 458. [bug] Nslookup didn't properly check class and type values.
7426 457. [bug] Dig/host/hslookup didn't properly handle connect
7427 timeouts in certain situations, causing an
7428 unnecessary warning message to be printed.
7430 456. [bug] Stub zones were not resetting the refresh and expire
7431 counters, loadtime or clearing the DNS_ZONE_REFRESH
7432 (refresh in progress) flag upon successful update.
7433 This disabled further refreshing of the stub zone,
7434 causing it to eventually expire. [RT #300]
7436 455. [doc] Document IPv4 prefix notation does not require a
7437 dotted decimal quad but may be just dotted decimal.
7439 454. [bug] Enforce dotted decimal and dotted decimal quad where
7440 documented as such in named.conf. [RT #304, RT #311]
7442 453. [bug] Warn if the obsolete option "maintain-ixfr-base"
7443 is specified in named.conf. [RT #306]
7445 452. [bug] Warn if the unimplemented option "statistics-file"
7446 is specified in named.conf. [RT #301]
7448 451. [func] Update forwarding implemented.
7450 450. [func] New function ns_client_sendraw().
7452 449. [bug] isc_bitstring_copy() only works correctly if the
7453 two bitstrings have the same lsb0 value, but this
7454 requirement was not documented, nor was there a
7457 448. [bug] Host output formatting change, to match v8. [RT #255]
7459 447. [bug] Dig didn't properly retry in TCP mode after
7460 a truncated reply. [RT #277]
7462 446. [bug] Confusing notify log message. [RT #298]
7464 445. [bug] Doing a 0 bit isc_bitstring_copy() of an lsb0
7465 bitstring triggered a REQUIRE statement. The REQUIRE
7466 statement was incorrect. [RT #297]
7468 444. [func] "recursion denied" messages are always logged at
7469 debug level 1, now, rather than sometimes at ERROR.
7470 This silences these warnings in the usual case, where
7471 some clients set the RD bit in all queries.
7473 443. [bug] When loading a master file failed because of an
7474 unrecognized RR type name, the error message
7475 did not include the file name and line number.
7478 442. [bug] TSIG signed messages that did not match any view
7479 crashed the server. [RT #290]
7481 441. [bug] Nodes obscured by a DNAME were inaccessible even
7482 when DNS_DBFIND_GLUEOK was set.
7484 440. [func] New function dns_zone_forwardupdate().
7486 439. [func] New function dns_request_createraw().
7488 438. [func] New function dns_message_getrawmessage().
7490 437. [func] Log NOTIFY activity to the notify channel.
7492 436. [bug] If recvmsg() returned EHOSTUNREACH or ENETUNREACH,
7493 which sometimes happens on Linux, named would enter
7494 a busy loop. Also, unexpected socket errors were
7495 not logged at a high enough logging level to be
7496 useful in diagnosing this situation. [RT #275]
7498 435. [bug] dns_zone_dump() overwrote existing zone files
7499 rather than writing to a temporary file and
7500 renaming. This could lead to empty or partial
7501 zone files being left around in certain error
7502 conditions involving the initial transfer of a
7503 slave zone, interfering with subsequent server
7506 434. [func] New function isc_file_isabsolute().
7508 433. [func] isc_base64_decodestring() now accepts newlines
7509 within the base64 data. This makes it possible
7510 to break up the key data in a "trusted-keys"
7511 statement into multiple lines. [RT #284]
7513 432. [func] Added refresh/retry jitter. The actual refresh/
7514 retry time is now a random value between 75% and
7515 100% of the configured value.
7517 431. [func] Log at ISC_LOG_INFO when a zone is successfully
7520 430. [bug] Rewrote the lightweight resolver client management
7521 code to handle shutdown correctly and general
7524 429. [bug] The space reserved for a TSIG record in a response
7525 was 2 bytes too short, leading to message
7526 generation failures.
7528 428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
7529 DNS_R_BADDB for nodes which had neither NXT nor SIG NXT
7530 (e.g. glue). This could cause SERVFAILs when
7531 generating negative responses in a secure zone.
7533 427. [bug] Avoid going into an infinite loop when the validator
7534 gets a negative response to a key query where the
7535 records are signed by the missing key.
7537 426. [bug] Attempting to generate an oversized RSA key could
7538 cause dnssec-keygen to dump core.
7540 425. [bug] Warn about the auth-nxdomain default value change
7541 if there is no auth-nxdomain statement in the
7542 config file. [RT #287]
7544 424. [bug] notify_createmessage() could trigger an assertion
7545 failure when creating the notify message failed,
7546 e.g. due to corrupt zones with multiple SOA records.
7549 423. [bug] When responding to a recursive query, errors that occur
7550 after following a CNAME should cause the query to fail.
7553 422. [func] get rid of isc_random_t, and make isc_random_get()
7554 and isc_random_jitter() use rand() internally
7555 instead of local state. Note that isc_random_*()
7556 functions are only for weak, non-critical "randomness"
7557 such as timing jitter and such.
7559 421. [bug] nslookup would exit when given a blank line as input.
7561 420. [bug] nslookup failed to implement the "exit" command.
7563 419. [bug] The certificate type PKIX was misspelled as SKIX.
7565 418. [bug] At debug levels >= 10, getting an unexpected
7566 socket receive error would crash the server
7567 while trying to log the error message.
7569 417. [func] Add isc_app_block() and isc_app_unblock(), which
7570 allow an application to handle signals while
7573 416. [bug] Slave zones with no master file tried to use a
7574 NULL pointer for a journal file name when they
7575 received an IXFR. [RT #273]
7577 415. [bug] The logging code leaked file descriptors.
7579 414. [bug] Server did not shut down until all incoming zone
7580 transfers were finished.
7582 413. [bug] Notify could attempt to use the zone database after
7583 it had been unloaded. [RT#267]
7585 412. [bug] named -v didn't print the version.
7587 411. [bug] A typo in the HS A code caused an assertion failure.
7589 410. [bug] lwres_gethostbyname() and company set lwres_h_errno
7590 to a random value on success.
7592 409. [bug] If named was shut down early in the startup
7593 process, ns_omapi_shutdown() would attempt to lock
7594 an uninitialized mutex. [RT #262]
7596 408. [bug] stub zones could leak memory and reference counts if
7597 all the masters were unreachable.
7599 407. [bug] isc_rwlock_lock() would needlessly block
7600 readers when it reached the read quota even
7601 if no writers were waiting.
7603 406. [bug] Log messages were occasionally lost or corrupted
7604 due to a race condition in isc_log_doit().
7606 405. [func] Add support for selective forwarding (forward zones)
7608 404. [bug] The request library didn't completely work with IPv6.
7610 403. [bug] "host" did not use the search list.
7612 402. [bug] Treat undefined acls as errors, rather than
7613 warning and then later throwing an assertion.
7616 401. [func] Added simple database API.
7618 400. [bug] SIG(0) signing and verifying was done incorrectly.
7621 399. [bug] When reloading the server with a config file
7622 containing a syntax error, it could catch an
7623 assertion failure trying to perform zone
7624 maintenance on, or sending notifies from,
7625 tentatively created zones whose views were
7626 never fully configured and lacked an address
7627 database and request manager.
7629 398. [bug] "dig" sometimes caught an assertion failure when
7630 using TSIG, depending on the key length.
7632 397. [func] Added utility functions dns_view_gettsig() and
7633 dns_view_getpeertsig().
7635 396. [doc] There is now a man page for "nsupdate"
7636 in doc/man/bin/nsupdate.8.
7638 395. [bug] nslookup printed incorrect RR type mnemonics
7639 for RRs of type >= 21 [RT #237].
7641 394. [bug] Current name was not propagated via $INCLUDE.
7643 393. [func] Initial answer while loading (awl) support.
7644 Entry points: dns_master_loadfileinc(),
7645 dns_master_loadstreaminc(), dns_master_loadbufferinc().
7646 Note: calls to dns_master_load*inc() should be rate
7647 be rate limited so as to not use up all file
7650 392. [func] Add ISC_R_FAMILYNOSUPPORT. Returned when OS does
7651 not support the given address family requested.
7653 391. [clarity] ISC_R_FAMILY -> ISC_R_FAMILYMISMATCH.
7655 390. [func] The function dns_zone_setdbtype() now takes
7656 an argc/argv style vector of words and sets
7657 both the zone database type and its arguments,
7658 making the functions dns_zone_adddbarg()
7659 and dns_zone_cleardbargs() unnecessary.
7661 389. [bug] Attempting to send a request over IPv6 using
7662 dns_request_create() on a system without IPv6
7663 support caused an assertion failure [RT #235].
7665 388. [func] dig and host can now do reverse ipv6 lookups.
7667 387. [func] Add dns_byaddr_createptrname(), which converts
7668 an address into the name used by a PTR query.
7670 386. [bug] Missing strdup() of ACL name caused random
7671 ACL matching failures [RT #228].
7673 385. [cleanup] Removed functions dns_zone_equal(), dns_zone_print(),
7676 384. [bug] nsupdate was incorrectly limiting TTLs to 65535 instead
7679 383. [func] When writing a master file, print the SOA and NS
7680 records (and their SIGs) before other records.
7682 382. [bug] named -u failed on many Linux systems where the
7683 libc provided kernel headers do not match
7686 381. [bug] Check for IPV6_RECVPKTINFO and use it instead of
7687 IPV6_PKTINFO if found. [RT #229]
7689 380. [bug] nsupdate didn't work with IPv6.
7691 379. [func] New library function isc_sockaddr_anyofpf().
7693 378. [func] named and lwresd will log the command line arguments
7694 they were started with in the "starting ..." message.
7696 377. [bug] When additional data lookups were refused due to
7697 "allow-query", the databases were still being
7698 attached causing reference leaks.
7700 376. [bug] The server should always use good entropy when
7701 performing cryptographic functions needing entropy.
7703 375. [bug] Per-zone "allow-query" did not properly override the
7704 view/global one for CNAME targets and additional
7707 374. [bug] SOA in authoritative negative responses had wrong TTL.
7709 373. [func] nslookup is now installed by "make install".
7711 372. [bug] Deal with Microsoft DNS servers appending two bytes of
7712 garbage to zone transfer requests.
7714 371. [bug] At high debug levels, doing an outgoing zone transfer
7715 of a very large RRset could cause an assertion failure
7718 370. [bug] The error messages for roll-forward failures were
7721 369. [func] Support new named.conf options, view and zone
7724 max-retry-time, min-retry-time,
7725 max-refresh-time, min-refresh-time.
7727 368. [func] Restructure the internal ".bind" view so that more
7728 zones can be added to it.
7730 367. [bug] Allow proper selection of server on nslookup command
7733 366. [func] Allow use of '-' batch file in dig for stdin.
7735 365. [bug] nsupdate -k leaked memory.
7737 364. [func] Added additional-from-{cache,auth}
7741 362. [bug] rndc no longer aborts if the configuration file is
7742 missing an options statement. [RT #209]
7744 361. [func] When the RBT find or chain functions set the name and
7745 origin for a node that stores the root label
7746 the name is now set to an empty name, instead of ".",
7747 to simplify later use of the name and origin by
7748 dns_name_concatenate(), dns_name_totext() or
7751 360. [func] dns_name_totext() and dns_name_format() now allow
7752 an empty name to be passed, which is formatted as "@".
7754 359. [bug] dnssec-signzone occasionally signed glue records.
7756 358. [cleanup] Rename the intermediate files used by the dnssec
7759 357. [bug] The zone file parser crashed if the argument
7760 to $INCLUDE was a quoted string.
7762 356. [cleanup] isc_task_send no longer requires event->sender to
7765 355. [func] Added isc_dir_createunique(), similar to mkdtemp().
7767 354. [doc] Man pages for the dnssec tools are now included in
7768 the distribution, in doc/man/dnssec.
7770 353. [bug] double increment in lwres/gethost.c:copytobuf().
7773 352. [bug] Race condition in dns_client_t startup could cause
7774 an assertion failure.
7776 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG
7777 signed query could crash the server.
7779 350. [bug] Also-notify lists specified in the global options
7780 block were not correctly reference counted, causing
7783 349. [bug] Processing a query with the CD bit set now works
7786 348. [func] New boolean named.conf options 'additional-from-auth'
7787 and 'additional-from-cache' now supported in view and
7788 global options statement.
7790 347. [bug] Don't crash if an argument is left off options in dig.
7794 345. [bug] Large-scale changes/cleanups to dig:
7795 * Significantly improve structure handling
7796 * Don't pre-load entire batch files
7797 * Add name/rr counting/limiting
7798 * Fix SIGINT handling
7799 * Shorten timeouts to match v8's behavior
7801 344. [bug] When shutting down, lwresd sometimes tried
7802 to shut down its client tasks twice,
7803 triggering an assertion.
7805 343. [bug] Although zone maintenance SOA queries and
7806 notify requests were signed with TSIG keys
7807 when configured for the server in case,
7808 the TSIG was not verified on the response.
7810 342. [bug] The wrong name was being passed to
7811 dns_name_dup() when generating a TSIG
7814 341. [func] Support 'key' clause in named.conf zone masters
7815 statement to allow authentication via TSIG keys:
7818 10.0.0.1 port 5353 key "foo";
7822 340. [bug] The top-level COPYRIGHT file was missing from
7825 339. [bug] DNSSEC validation of the response to an ANY
7826 query at a name with a CNAME RR in a secure
7827 zone triggered an assertion failure.
7829 338. [bug] lwresd logged to syslog as named, not lwresd.
7831 337. [bug] "dig" did not recognize "nsap-ptr" as an RR type
7832 on the command line.
7834 336. [bug] "dig -f" used 64 k of memory for each line in
7835 the file. It now uses much less, though still
7836 proportionally to the file size.
7838 335. [bug] named would occasionally attempt recursion when
7839 it was disallowed or undesired.
7841 334. [func] Added hmac-md5 to libisc.
7843 333. [bug] The resolver incorrectly accepted referrals to
7844 domains that were not parents of the query name,
7845 causing assertion failures.
7847 332. [func] New function dns_name_reset().
7849 331. [bug] Only log "recursion denied" if RD is set. [RT #178]
7851 330. [bug] Many debugging messages were partially formatted
7852 even when debugging was turned off, causing a
7853 significant decrease in query performance.
7855 329. [func] omapi_auth_register() now takes a size_t argument for
7856 the length of a key's secret data. Previously
7857 OMAPI only stored secrets up to the first NUL byte.
7859 328. [func] Added isc_base64_decodestring().
7861 327. [bug] rndc.conf parser wasn't correctly recognizing an IP
7862 address where a host specification was required.
7864 326. [func] 'keys' in an 'inet' control statement is now
7865 required and must have at least one item in it.
7866 A "not supported" warning is now issued if a 'unix'
7867 control channel is defined.
7869 325. [bug] isc_lex_gettoken was processing octal strings when
7870 ISC_LEXOPT_CNUMBER was not set.
7872 324. [func] In the resolver, turn EDNS0 off if there is no
7873 response after a number of retransmissions.
7874 This is to allow queries some chance of succeeding
7875 even if all the authoritative servers of a zone
7876 silently discard EDNS0 requests instead of
7877 sending an error response like they ought to.
7879 323. [bug] dns_rbt_findname() did not ignore empty rbt nodes.
7880 Because of this, servers authoritative for a parent
7881 and grandchild zone but not authoritative for the
7882 intervening child zone did not correctly issue
7883 referrals to the servers of the child zone.
7885 322. [bug] Queries for KEY RRs are now sent to the parent
7886 server before the authoritative one, making
7887 DNSSEC insecurity proofs work in many cases
7888 where they previously didn't.
7890 321. [bug] When synthesizing a CNAME RR for a DNAME
7891 response, query_addcname() failed to initialize
7892 the type and class of the CNAME dns_rdata_t,
7893 causing random failures.
7895 320. [func] Multiple rndc changes: parses an rndc.conf file,
7896 uses authentication to talk to named, command
7897 line syntax changed. This will all be described
7900 319. [func] The named.conf "controls" statement is now used
7901 to configure the OMAPI command channel.
7903 318. [func] dns_c_ndcctx_destroy() could never return anything
7904 except ISC_R_SUCCESS; made it have void return instead.
7906 317. [func] Use callbacks from libomapi to determine if a
7907 new connection is valid, and if a key requested
7908 to be used with that connection is valid.
7910 316. [bug] Generate a warning if we detect an unexpected <eof>
7911 but treat as <eol><eof>.
7913 315. [bug] Handle non-empty blanks lines. [RT #163]
7915 314. [func] The named.conf controls statement can now have
7916 more than one key specified for the inet clause.
7918 313. [bug] When parsing resolv.conf, don't terminate on an
7919 error. Instead, parse as much as possible, but
7920 still return an error if one was found.
7922 312. [bug] Increase the number of allowed elements in the
7923 resolv.conf search path from 6 to 8. If there
7924 are more than this, ignore the remainder rather
7925 than returning a failure in lwres_conf_parse.
7927 311. [bug] lwres_conf_parse failed when the first line of
7928 resolv.conf was empty or a comment.
7930 310. [func] Changes to named.conf "controls" statement (inet
7933 - support "keys" clause
7937 allow { any; } keys { "foo"; }
7940 - allow "port xxx" to be left out of statement,
7941 in which case it defaults to omapi's default port
7944 309. [bug] When sending a referral, the server did not look
7945 for name server addresses as glue in the zone
7946 holding the NS RRset in the case where this zone
7947 was not the same as the one where it looked for
7948 name server addresses as authoritative data.
7950 308. [bug] Treat a SOA record not at top of zone as an error
7951 when loading a zone. [RT #154]
7953 307. [bug] When canceling a query, the resolver didn't check for
7954 isc_socket_sendto() calls that did not yet have their
7955 completion events posted, so it could (rarely) end up
7956 destroying the query context and then want to use
7957 it again when the send event posted, triggering an
7958 assertion as it tried to cancel an already-canceled
7961 306. [bug] Reading HMAC-MD5 private key files didn't work.
7963 305. [bug] When reloading the server with a config file
7964 containing a syntax error, it could catch an
7965 assertion failure trying to perform zone
7966 maintenance on tentatively created zones whose
7967 views were never fully configured and lacked
7968 an address database.
7970 304. [bug] If more than LWRES_CONFMAXNAMESERVERS servers
7971 are listed in resolv.conf, silently ignore them
7972 instead of returning failure.
7974 303. [bug] Add additional sanity checks to differentiate a AXFR
7975 response vs a IXFR response. [RT #157]
7977 302. [bug] In dig, host, and nslookup, MXNAME should be large
7978 enough to hold any legal domain name in presentation
7979 format + terminating NULL.
7981 301. [bug] Uninitialized pointer in host:printmessage(). [RT #159]
7983 300. [bug] Using both <isc/net.h> and <lwres/net.h> didn't work
7984 on platforms lacking IPv6 because each included their
7985 own ipv6 header file for the missing definitions. Now
7986 each library's ipv6.h defines the wrapper symbol of
7987 the other (ISC_IPV6_H and LWRES_IPV6_H).
7989 299. [cleanup] Get the user and group information before changing the
7990 root directory, so the administrator does not need to
7991 keep a copy of the user and group databases in the
7992 chroot'ed environment. Suggested by Hakan Olsson.
7994 298. [bug] A mutex deadlock occurred during shutdown of the
7995 interface manager under certain conditions.
7996 Digital Unix systems were the most affected.
7998 297. [bug] Specifying a key name that wasn't fully qualified
7999 in certain parts of the config file could cause
8000 an assertion failure.
8002 296. [bug] "make install" from a separate build directory
8003 failed unless configure had been run in the source
8006 295. [bug] When invoked with type==CNAME and a message
8007 not constructed by dns_message_parse(),
8008 dns_message_findname() failed to find anything
8009 due to checking for attribute bits that are set
8010 only in dns_message_parse(). This caused an
8011 infinite loop when constructing the response to
8012 an ANY query at a CNAME in a secure zone.
8014 294. [bug] If we run out of space in while processing glue
8015 when reading a master file and commit "current name"
8016 reverts to "name_current" instead of staying as
8019 293. [port] Add support for FreeBSD 4.0 system tests.
8021 292. [bug] Due to problems with the way some operating systems
8022 handle simultaneous listening on IPv4 and IPv6
8023 addresses, the server no longer listens on IPv6
8024 addresses by default. To revert to the previous
8025 behavior, specify "listen-on-v6 { any; };" in
8028 291. [func] Caching servers no longer send outgoing queries
8029 over TCP just because the incoming recursive query
8032 290. [cleanup] +twiddle option to dig (for testing only) removed.
8034 289. [cleanup] dig is now installed in $bindir instead of $sbindir.
8035 host is now installed in $bindir. (Be sure to remove
8036 any $sbindir/dig from a previous release.)
8038 288. [func] rndc is now installed by "make install" into $sbindir.
8040 287. [bug] rndc now works again as "rndc 127.1 reload" (for
8041 only that task). Parsing its configuration file and
8042 using digital signatures for authentication has been
8043 disabled until named supports the "controls" statement,
8046 286. [bug] On Solaris 2, when named inherited a signal state
8047 where SIGHUP had the SIG_IGN action, SIGHUP would
8048 be ignored rather than causing the server to reload
8051 285. [bug] A change made to the dst API for beta4 inadvertently
8052 broke OMAPI's creation of a dst key from an incoming
8053 message, causing an assertion to be triggered. Fixed.
8055 284. [func] The DNSSEC key generation and signing tools now
8056 generate randomness from keyboard input on systems
8057 that lack /dev/random.
8059 283. [cleanup] The 'lwresd' program is now a link to 'named'.
8061 282. [bug] The lexer now returns ISC_R_RANGE if parsed integer is
8062 too big for an unsigned long.
8064 281. [bug] Fixed list of recognized config file category names.
8066 280. [func] Add isc-config.sh, which can be used to more
8067 easily build applications that link with
8070 279. [bug] Private omapi function symbols shared between
8071 two or more files in libomapi.a were not namespace
8072 protected using the ISC convention of starting with
8073 the library name and two underscores ("omapi__"...)
8075 278. [bug] bin/named/logconf.c:category_fromconf() didn't take
8076 note of when isc_log_categorybyname() wasn't able
8077 to find the category name and would then apply the
8078 channel list of the unknown category to all categories.
8080 277. [bug] isc_log_categorybyname() and isc_log_modulebyname()
8081 would fail to find the first member of any category
8082 or module array apart from the internal defaults.
8083 Thus, for example, the "notify" category was improperly
8084 configured by named.
8086 276. [bug] dig now supports maximum sized TCP messages.
8088 275. [bug] The definition of lwres_gai_strerror() was missing
8091 274. [bug] TSIG AXFR verify failed when talking to a BIND 8
8094 273. [func] The default for the 'transfer-format' option is
8095 now 'many-answers'. This will break zone transfers
8096 to BIND 4.9.5 and older unless there is an explicit
8097 'one-answer' configuration.
8099 272. [bug] The sending of large TCP responses was canceled
8100 in mid-transmission due to a race condition
8101 caused by the failure to set the client object's
8102 "newstate" variable correctly when transitioning
8103 to the "working" state.
8105 271. [func] Attempt to probe the number of cpus in named
8106 if unspecified rather than defaulting to 1.
8108 270. [func] Allow maximum sized TCP answers.
8110 269. [bug] Failed DNSSEC validations could cause an assertion
8111 failure by causing clone_results() to be called with
8112 with hevent->node == NULL.
8114 268. [doc] A plain text version of the Administrator
8115 Reference Manual is now included in the distribution,
8116 as doc/arm/Bv9ARM.txt.
8118 267. [func] Nsupdate is now provided in the distribution.
8120 266. [bug] zone.c:save_nsrrset() node was not initialized.
8122 265. [bug] dns_request_create() now works for TCP.
8124 264. [func] Dispatch can not take TCP sockets in connecting
8125 state. Set DNS_DISPATCHATTR_CONNECTED when calling
8126 dns_dispatch_createtcp() for connected TCP sockets
8127 or call dns_dispatch_starttcp() when the socket is
8130 263. [func] New logging channel type 'stderr'
8137 262. [bug] 'master' was not initialized in zone.c:stub_callback().
8139 261. [func] Add dns_zone_markdirty().
8141 260. [bug] Running named as a non-root user failed on Linux
8142 kernels new enough to support retaining capabilities
8145 259. [func] New random-device and random-seed-file statements
8146 for global options block of named.conf. Both accept
8147 a single string argument.
8149 258. [bug] Fixed printing of lwres_addr_t.address field.
8151 257. [bug] The server detached the last zone manager reference
8152 too early, while it could still be in use by queries.
8153 This manifested itself as assertion failures during the
8154 shutdown process for busy name servers. [RT #133]
8156 256. [func] isc_ratelimiter_t now has attach/detach semantics, and
8157 isc_ratelimiter_shutdown guarantees that the rate
8158 limiter is detached from its task.
8160 255. [func] New function dns_zonemgr_attach().
8162 254. [bug] Suppress "query denied" messages on additional data
8165 --- 9.0.0b4 released ---
8167 253. [func] resolv.conf parser now recognizes ';' and '#' as
8168 comments (anywhere in line, not just as the beginning).
8170 252. [bug] resolv.conf parser mishandled masks on sortlists.
8171 It also aborted when an unrecognized keyword was seen,
8172 now it silently ignores the entire line.
8174 251. [bug] lwresd caught an assertion failure on startup.
8176 250. [bug] fixed handling of size+unit when value would be too
8177 large for internal representation.
8179 249. [cleanup] max-cache-size config option now takes a size-spec
8180 like 'datasize', except 'default' is not allowed.
8182 248. [bug] global lame-ttl option was not being printed when
8183 config structures were written out.
8185 247. [cleanup] Rename cache-size config option to max-cache-size.
8187 246. [func] Rename global option cachesize to cache-size and
8188 add corresponding option to view statement.
8190 245. [bug] If an uncompressed name will take more than 255
8191 bytes and the buffer is sufficiently long,
8192 dns_name_fromwire should return DNS_R_FORMERR,
8193 not ISC_R_NOSPACE. This bug caused cause the
8194 server to catch an assertion failure when it
8195 received a query for a name longer than 255
8198 244. [bug] empty named.conf file and empty options statement are
8199 now parsed properly.
8201 243. [func] new cachesize option for named.conf
8203 242. [cleanup] fixed incorrect warning about auth-nxdomain usage.
8205 241. [cleanup] nscount and soacount have been removed from the
8206 dns_master_*() argument lists.
8208 240. [func] databases now come in three flavours: zone, cache
8211 239. [func] If ISC_MEM_DEBUG is enabled, the variable
8212 isc_mem_debugging controls whether messages
8215 238. [cleanup] A few more compilation warnings have been quieted:
8216 + missing sigwait prototype on BSD/OS 4.0/4.0.1.
8217 + PTHREAD_ONCE_INIT unbraced initializer warnings on
8219 + IN6ADDR_ANY_INIT unbraced initializer warnings on
8220 BSD/OS 4.*, Linux and Solaris 2.8.
8222 237. [bug] If connect() returned ENOBUFS when the resolver was
8223 initiating a TCP query, the socket didn't get
8224 destroyed, and the server did not shut down cleanly.
8226 236. [func] Added new listen-on-v6 config file statement.
8228 235. [func] Consider it a config file error if a listen-on
8229 statement has an IPv6 address in it, or a
8230 listen-on-v6 statement has an IPv4 address in it.
8232 234. [bug] Allow a trusted-key's first field (domain-name) be
8233 either a quoted or an unquoted string, instead of
8234 requiring a quoted string.
8236 233. [cleanup] Convert all config structure integer values to unsigned
8237 integer (isc_uint32_t) to match grammar.
8239 232. [bug] Allow slave zones to not have a file.
8241 231. [func] Support new 'port' clause in config file options
8242 section. Causes 'listen-on', 'masters' and
8243 'also-notify' statements to use its value instead of
8246 230. [func] Replace the dst sign/verify API with a cleaner one.
8248 229. [func] Support config file sig-validity-interval statement
8249 in options, views and zone statements (master
8252 228. [cleanup] Logging messages in config module stripped of
8255 227. [cleanup] The enumerated identifiers dns_rdataclass_*,
8256 dns_rcode_*, dns_opcode_*, and dns_trust_* are
8257 also now cast to their appropriate types, as with
8258 dns_rdatatype_* in item number 225 below.
8260 226. [func] dns_name_totext() now always prints the root name as
8261 '.', even when omit_final_dot is true.
8263 225. [cleanup] The enumerated dns_rdatatype_* identifiers are now
8264 cast to dns_rdatatype_t via macros of their same name
8265 so that they are of the proper integral type wherever
8266 a dns_rdatatype_t is needed.
8268 224. [cleanup] The entire project builds cleanly with gcc's
8269 -Wcast-qual and -Wwrite-strings warnings enabled,
8270 which is now the default when using gcc. (Warnings
8271 from confparser.c, because of yacc's code, are
8272 unfortunately to be expected.)
8274 223. [func] Several functions were re-prototyped to qualify one
8275 or more of their arguments with "const". Similarly,
8276 several functions that return pointers now have
8277 those pointers qualified with const.
8279 222. [bug] The global 'also-notify' option was ignored.
8281 221. [bug] An uninitialized variable was sometimes passed to
8282 dns_rdata_freestruct() when loading a zone, causing
8283 an assertion failure.
8285 220. [cleanup] Set the default outgoing port in the view, and
8286 set it in sockaddrs returned from the ADB.
8287 [31-May-2000 explorer]
8289 219. [bug] Signed truncated messages more correctly follow
8290 the respective specs.
8292 218. [func] When an rdataset is signed, its ttl is normalized
8293 based on the signature validity period.
8295 217. [func] Also-notify and trusted-keys can now be used in
8296 the 'view' statement.
8298 216. [func] The 'max-cache-ttl' and 'max-ncache-ttl' options
8301 215. [bug] Failures at certain points in request processing
8302 could cause the assertion INSIST(client->lockview
8303 == NULL) to be triggered.
8305 214. [func] New public function isc_netaddr_format(), for
8306 formatting network addresses in log messages.
8308 213. [bug] Don't leak memory when reloading the zone if
8309 an update-policy clause was present in the old zone.
8311 212. [func] Added dns_message_get/settsigkey, to make TSIG
8312 key management reasonable.
8314 211. [func] The 'key' and 'server' statements can now occur
8315 inside 'view' statements.
8317 210. [bug] The 'allow-transfer' option was ignored for slave
8318 zones, and the 'transfers-per-ns' option was
8319 was ignored for all zones.
8321 209. [cleanup] Upgraded openssl files to new version 0.9.5a
8323 208. [func] Added ISC_OFFSET_MAXIMUM for the maximum value
8326 207. [func] The dnssec tools properly use the logging subsystem.
8328 206. [cleanup] dst now stores the key name as a dns_name_t, not
8331 205. [cleanup] On IRIX, turn off the mostly harmless warnings 1692
8332 ("prototyped function redeclared without prototype")
8333 and 1552 ("variable ... set but not used") when
8334 compiling in the lib/dns/sec/{dnssafe,openssl}
8335 directories, which contain code imported from outside
8338 204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
8339 to quiet the warnings that "The linked output may not
8340 run on a PA 1.x system."
8342 203. [func] notify and zone soa queries are now tsig signed when
8345 202. [func] isc_lex_getsourceline() changed from returning int
8346 to returning unsigned long, the type of its underlying
8349 201. [cleanup] Removed the test/sdig program, it has been
8350 replaced by bin/dig/dig.
8352 --- 9.0.0b3 released ---
8354 200. [bug] Failures in sending query responses to clients
8355 (e.g., running out of network buffers) were
8358 199. [bug] isc_heap_delete() sometimes violated the heap
8359 invariant, causing timer events not to be posted
8362 198. [func] Dispatch managers hold memory pools which
8363 any managed dispatcher may use. This allows
8364 us to avoid dipping into the memory context for
8365 most allocations. [19-May-2000 explorer]
8367 197. [bug] When an incoming AXFR or IXFR completes, the
8368 zone's internal state is refreshed from the
8369 SOA data. [19-May-2000 explorer]
8371 196. [func] Dispatchers can be shared easily between views
8372 and/or interfaces. [19-May-2000 explorer]
8374 195. [bug] Including the NXT record of the root domain
8375 in a negative response caused an assertion
8378 194. [doc] The PDF version of the Administrator's Reference
8379 Manual is no longer included in the ISC BIND9
8382 193. [func] changed dst_key_free() prototype.
8384 192. [bug] Zone configuration validation is now done at end
8385 of config file parsing, and before loading
8388 191. [func] Patched to compile on UnixWare 7.x. This platform
8389 is not directly supported by the ISC.
8391 190. [cleanup] The DNSSEC tools have been moved to a separate
8392 directory dnssec/ and given the following new,
8393 more descriptive names:
8400 Their command line arguments have also been changed to
8401 be more consistent. dnssec-keygen now prints the
8402 name of the generated key files (sans extension)
8403 on standard output to simplify its use in automated
8406 189. [func] isc_time_secondsastimet(), a new function, will ensure
8407 that the number of seconds in an isc_time_t does not
8408 exceed the range of a time_t, or return ISC_R_RANGE.
8409 Similarly, isc_time_now(), isc_time_nowplusinterval(),
8410 isc_time_add() and isc_time_subtract() now check the
8411 range for overflow/underflow. In the case of
8412 isc_time_subtract, this changed a calling requirement
8413 (ie, something that could generate an assertion)
8414 into merely a condition that returns an error result.
8415 isc_time_add() and isc_time_subtract() were void-
8416 valued before but now return isc_result_t.
8418 188. [func] Log a warning message when an incoming zone transfer
8419 contains out-of-zone data.
8421 187. [func] isc_ratelimiter_enqueue() has an additional argument
8424 186. [func] dns_request_getresponse() has an additional argument
8427 185. [bug] Fixed up handling of ISC_MEMCLUSTER_LEGACY. Several
8428 public functions did not have an isc__ prefix, and
8429 referred to functions that had previously been
8432 184. [cleanup] Variables/functions which began with two leading
8433 underscores were made to conform to the ANSI/ISO
8434 standard, which says that such names are reserved.
8436 183. [func] ISC_LOG_PRINTTAG option for log channels. Useful
8437 for logging the program name or other identifier.
8439 182. [cleanup] New command-line parameters for dnssec tools
8441 181. [func] Added dst_key_buildfilename and dst_key_parsefilename
8443 180. [func] New isc_result_t ISC_R_RANGE. Supersedes DNS_R_RANGE.
8445 179. [func] options named.conf statement *must* now come
8446 before any zone or view statements.
8448 178. [func] Post-load of named.conf check verifies a slave zone
8449 has non-empty list of masters defined.
8451 177. [func] New per-zone boolean:
8453 enable-zone yes | no ;
8455 intended to let a zone be disabled without having
8456 to comment out the entire zone statement.
8458 176. [func] New global and per-view option:
8460 max-cache-ttl number
8462 175. [func] New global and per-view option:
8464 additional-data internal | minimal | maximal;
8466 174. [func] New public function isc_sockaddr_format(), for
8467 formatting socket addresses in log messages.
8469 173. [func] Keep a queue of zones waiting for zone transfer
8470 quota so that a new transfer can be dispatched
8471 immediately whenever quota becomes available.
8473 172. [bug] $TTL directive was sometimes missing from dumped
8474 master files because totext_ctx_init() failed to
8475 initialize ctx->current_ttl_valid.
8477 171. [cleanup] On NetBSD systems, the mit-pthreads or
8478 unproven-pthreads library is now always used
8479 unless --with-ptl2 is explicitly specified on
8480 the configure command line. The
8481 --with-mit-pthreads option is no longer needed
8482 and has been removed.
8484 170. [cleanup] Remove inter server consistency checks from zone,
8485 these should return as a separate module in 9.1.
8486 dns_zone_checkservers(), dns_zone_checkparents(),
8487 dns_zone_checkchildren(), dns_zone_checkglue().
8489 Remove dns_zone_setadb(), dns_zone_setresolver(),
8490 dns_zone_setrequestmgr() these should now be found
8493 169. [func] ratelimiter can now process N events per interval.
8495 168. [bug] include statements in named.conf caused syntax errors
8496 due to not consuming the semicolon ending the include
8497 statement before switching input streams.
8499 167. [bug] Make lack of masters for a slave zone a soft error.
8501 166. [bug] Keygen was overwriting existing keys if key_id
8502 conflicted, now it will retry, and non-null keys
8503 with key_id == 0 are not generated anymore. Key
8504 was not able to generate NOAUTHCONF DSA key,
8505 increased RSA key size to 2048 bits.
8507 165. [cleanup] Silence "end-of-loop condition not reached" warnings
8508 from Solaris compiler.
8510 164. [func] Added functions isc_stdio_open(), isc_stdio_close(),
8511 isc_stdio_seek(), isc_stdio_read(), isc_stdio_write(),
8512 isc_stdio_flush(), isc_stdio_sync(), isc_file_remove()
8513 to encapsulate nonportable usage of errno and sync.
8515 163. [func] Added result codes ISC_R_FILENOTFOUND and
8518 162. [bug] Ensure proper range for arguments to ctype.h functions.
8520 161. [cleanup] error in yyparse prototype that only HPUX caught.
8522 160. [cleanup] getnet*() are not going to be implemented at this
8525 159. [func] Redefinition of config file elements is now an
8526 error (instead of a warning).
8528 158. [bug] Log channel and category list copy routines
8529 weren't assigning properly to output parameter.
8531 157. [port] Fix missing prototype for getopt().
8533 156. [func] Support new 'database' statement in zone.
8535 database "quoted-string";
8537 155. [bug] ns_notify_start() was not detaching the found zone.
8539 154. [func] The signer now logs libdns warnings to stderr even when
8540 not verbose, and in a nicer format.
8542 153. [func] dns_rdata_tostruct() 'mctx' is now optional. If 'mctx'
8543 is NULL then you need to preserve the 'rdata' until
8544 you have finished using the structure as there may be
8545 references to the associated memory. If 'mctx' is
8546 non-NULL it is guaranteed that there are no references
8547 to memory associated with 'rdata'.
8549 dns_rdata_freestruct() must be called if 'mctx' was
8550 non-NULL and may safely be called if 'mctx' was NULL.
8552 152. [bug] keygen dumped core if domain name argument was omitted
8555 151. [func] Support 'disabled' statement in zone config (causes
8556 zone to be parsed and then ignored). Currently must
8557 come after the 'type' clause.
8559 150. [func] Support optional ports in masters and also-notify
8562 masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
8564 149. [cleanup] Removed unused argument 'olist' from
8565 dns_c_view_unsetordering().
8567 148. [cleanup] Stop issuing some warnings about some configuration
8568 file statements that were not implemented, but now are.
8570 147. [bug] Changed yacc union size to be smaller for yaccs that
8571 put yacc-stack on the real stack.
8573 146. [cleanup] More general redundant header file cleanup. Rather
8574 than continuing to itemize every header which changed,
8575 this changelog entry just notes that if a header file
8576 did not need another header file that it was including
8577 in order to provide its advertised functionality, the
8578 inclusion of the other header file was removed. See
8579 util/check-includes for how this was tested.
8581 145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
8582 ISC_LANG_ENDDECLS to header files that had function
8583 prototypes, and removed it from those that did not.
8585 144. [cleanup] libdns header files too numerous to name were made
8586 to conform to the same style for multiple inclusion
8589 143. [func] Added function dns_rdatatype_isknown().
8591 142. [cleanup] <isc/stdtime.h> does not need <time.h> or
8594 141. [bug] Corrupt requests with multiple questions could
8595 cause an assertion failure.
8597 140. [cleanup] <isc/time.h> does not need <time.h> or <isc/result.h>.
8599 139. [cleanup] <isc/net.h> now includes <isc/types.h> instead of
8600 <isc/int.h> and <isc/result.h>.
8602 138. [cleanup] isc_strtouq moved from str.[ch] to string.[ch] and
8603 renamed isc_string_touint64. isc_strsep moved from
8604 strsep.c to string.c and renamed isc_string_separate.
8606 137. [cleanup] <isc/commandline.h>, <isc/mem.h>, <isc/print.h>
8607 <isc/serial.h>, <isc/string.h> and <isc/offset.h>
8608 made to conform to the same style for multiple
8609 inclusion protection.
8611 136. [cleanup] <isc/commandline.h>, <isc/interfaceiter.h>,
8612 <isc/net.h> and Win32's <isc/thread.h> needed
8613 ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS.
8615 135. [cleanup] Win32's <isc/condition.h> did not need <isc/result.h>
8616 or <isc/boolean.h>, now uses <isc/types.h> in place
8617 of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
8618 and ISC_LANG_ENDDECLS.
8620 134. [cleanup] <isc/dir.h> does not need <limits.h>.
8622 133. [cleanup] <isc/ipv6.h> needs <isc/platform.h>.
8624 132. [cleanup] <isc/app.h> does not need <isc/task.h>, but does
8625 need <isc/eventclass.h>.
8627 131. [cleanup] <isc/mutex.h> and <isc/util.h> need <isc/result.h>
8628 for ISC_R_* codes used in macros.
8630 130. [cleanup] <isc/condition.h> does not need <pthread.h> or
8631 <isc/boolean.h>, and now includes <isc/types.h>
8632 instead of <isc/time.h>.
8634 129. [bug] The 'default_debug' log channel was not set up when
8635 'category default' was present in the config file
8637 128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
8638 ISC_LANG_ENDDECLS at end of header.
8640 127. [cleanup] The contracts for the comparison routines
8641 dns_name_fullcompare(), dns_name_compare(),
8642 dns_name_rdatacompare(), and dns_rdata_compare() now
8643 specify that the order value returned is < 0, 0, or > 0
8644 instead of -1, 0, or 1.
8646 126. [cleanup] <isc/quota.h> and <isc/taskpool.h> need <isc/lang.h>.
8648 125. [cleanup] <isc/eventclass.h>, <isc/ipv6.h>, <isc/magic.h>,
8649 <isc/mutex.h>, <isc/once.h>, <isc/region.h>, and
8650 <isc/resultclass.h> do not need <isc/lang.h>.
8652 124. [func] signer now imports parent's zone key signature
8653 and creates null keys/sets zone status bit for
8654 children when necessary
8656 123. [cleanup] <isc/event.h> does not need <stddef.h>.
8658 122. [cleanup] <isc/task.h> does not need <isc/mem.h> or
8661 121. [cleanup] <isc/symtab.h> does not need <isc/mem.h> or
8662 <isc/result.h>. Multiple inclusion protection
8663 symbol fixed from ISC_SYMBOL_H to ISC_SYMTAB_H.
8664 isc_symtab_t moved to <isc/types.h>.
8666 120. [cleanup] <isc/socket.h> does not need <isc/boolean.h>,
8667 <isc/bufferlist.h>, <isc/task.h>, <isc/mem.h> or
8670 119. [cleanup] structure definitions for generic rdata structures do
8671 not have _generic_ in their names.
8673 118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
8674 YACC crust (yyparse, etc) [2000-apr-27 explorer]
8676 117. [cleanup] libdns.a changes:
8677 dns_zone_clearnotify() and dns_zone_addnotify()
8678 are replaced by dns_zone_setnotifyalso().
8679 dns_zone_clearmasters() and dns_zone_addmaster()
8680 are replaced by dns_zone_setmasters().
8682 116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
8685 115. [port] Shut up the -Wmissing-declarations warning about
8686 <stdio.h>'s __sputaux on BSD/OS pre-4.1.
8688 114. [cleanup] <isc/sockaddr.h> does not need <isc/buffer.h> or
8691 113. [func] Utility programs dig and host added.
8693 112. [cleanup] <isc/serial.h> does not need <isc/boolean.h>.
8695 111. [cleanup] <isc/rwlock.h> does not need <isc/result.h> or
8698 110. [cleanup] <isc/result.h> does not need <isc/boolean.h> or
8701 109. [bug] "make depend" did nothing for
8702 bin/tests/{db,mem,sockaddr,tasks,timers}/.
8704 108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
8705 <dns/types.h> to <dns/bit.h> and renamed to
8706 DNS_BIT_SET/DNS_BIT_GET/DNS_BIT_CLEAR.
8708 107. [func] Add keysigner and keysettool.
8710 106. [func] Allow dnssec verifications to ignore the validity
8711 period. Used by several of the dnssec tools.
8713 105. [doc] doc/dev/coding.html expanded with other
8714 implicit conventions the developers have used.
8716 104. [bug] Made compress_add and compress_find static to
8719 103. [func] libisc buffer API changes for <isc/buffer.h>:
8721 isc_buffer_base(b) (pointer)
8722 isc_buffer_current(b) (pointer)
8723 isc_buffer_active(b) (pointer)
8724 isc_buffer_used(b) (pointer)
8725 isc_buffer_length(b) (int)
8726 isc_buffer_usedlength(b) (int)
8727 isc_buffer_consumedlength(b) (int)
8728 isc_buffer_remaininglength(b) (int)
8729 isc_buffer_activelength(b) (int)
8730 isc_buffer_availablelength(b) (int)
8732 ISC_BUFFER_USEDCOUNT(b)
8733 ISC_BUFFER_AVAILABLECOUNT(b)
8736 isc_buffer_used(b, r) ->
8737 isc_buffer_usedregion(b, r)
8738 isc_buffer_available(b, r) ->
8739 isc_buffer_available_region(b, r)
8740 isc_buffer_consumed(b, r) ->
8741 isc_buffer_consumedregion(b, r)
8742 isc_buffer_active(b, r) ->
8743 isc_buffer_activeregion(b, r)
8744 isc_buffer_remaining(b, r) ->
8745 isc_buffer_remainingregion(b, r)
8747 Buffer types were removed, so the ISC_BUFFERTYPE_*
8748 macros are no more, and the type argument to
8749 isc_buffer_init and isc_buffer_allocate were removed.
8750 isc_buffer_putstr is now void (instead of isc_result_t)
8751 and requires that the caller ensure that there
8752 is enough available buffer space for the string.
8754 102. [port] Correctly detect inet_aton, inet_pton and inet_ptop
8757 101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
8759 100. [cleanup] <isc/random.h> does not need <isc/int.h> or
8760 <isc/mutex.h>. isc_random_t moved to <isc/types.h>.
8762 99. [cleanup] Rate limiter now has separate shutdown() and
8763 destroy() functions, and it guarantees that all
8764 queued events are delivered even in the shutdown case.
8766 98. [cleanup] <isc/print.h> does not need <stdarg.h> or <stddef.h>
8767 unless ISC_PLATFORM_NEEDVSNPRINTF is defined.
8769 97. [cleanup] <isc/ondestroy.h> does not need <stddef.h> or
8772 96. [cleanup] <isc/mutex.h> does not need <isc/result.h>.
8774 95. [cleanup] <isc/mutexblock.h> does not need <isc/result.h>.
8776 94. [cleanup] Some installed header files did not compile as C++.
8778 93. [cleanup] <isc/msgcat.h> does not need <isc/result.h>.
8780 92. [cleanup] <isc/mem.h> does not need <stddef.h>, <isc/boolean.h>,
8783 91. [cleanup] <isc/log.h> does not need <sys/types.h> or
8786 90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
8787 from <named/listenlist.h>.
8789 89. [cleanup] <isc/lex.h> does not need <stddef.h>.
8791 88. [cleanup] <isc/interfaceiter.h> does not need <isc/result.h> or
8792 <isc/mem.h>. isc_interface_t and isc_interfaceiter_t
8793 moved to <isc/types.h>.
8795 87. [cleanup] <isc/heap.h> does not need <isc/boolean.h>,
8796 <isc/mem.h> or <isc/result.h>.
8798 86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
8801 85. [cleanup] <isc/bufferlist.h> does not need <isc/buffer.h>,
8802 <isc/list.h>, <isc/mem.h>, <isc/region.h> or
8805 84. [func] allow-query ACL checks now apply to all data
8806 added to a response.
8808 83. [func] If the server is authoritative for both a
8809 delegating zone and its (nonsecure) delegatee, and
8810 a query is made for a KEY RR at the top of the
8811 delegatee, then the server will look for a KEY
8812 in the delegator if it is not found in the delegatee.
8814 82. [cleanup] <isc/buffer.h> does not need <isc/list.h>.
8816 81. [cleanup] <isc/int.h> and <isc/boolean.h> do not need
8819 80. [cleanup] <isc/print.h> does not need <stdio.h> or <stdlib.h>.
8821 79. [cleanup] <dns/callbacks.h> does not need <stdio.h>.
8823 78. [cleanup] lwres_conftest renamed to lwresconf_test for
8824 consistency with other *_test programs.
8826 77. [cleanup] typedef of isc_time_t and isc_interval_t moved from
8827 <isc/time.h> to <isc/types.h>.
8829 76. [cleanup] Rewrote keygen.
8831 75. [func] Don't load a zone if its database file is older
8832 than the last time the zone was loaded.
8834 74. [cleanup] Removed mktemplate.o and ufile.o from libisc.a,
8837 73. [func] New "file" API in libisc, including new function
8838 isc_file_getmodtime, isc_mktemplate renamed to
8839 isc_file_mktemplate and isc_ufile renamed to
8840 isc_file_openunique. By no means an exhaustive API,
8841 it is just what's needed for now.
8843 72. [func] DNS_RBTFIND_NOPREDECESSOR and DNS_RBTFIND_NOOPTIONS
8844 added for dns_rbt_findnode, the former to disable the
8845 setting of the chain to the predecessor, and the
8846 latter to make clear when no options are set.
8848 71. [cleanup] Made explicit the implicit REQUIREs of
8849 isc_time_seconds, isc_time_nanoseconds, and
8852 70. [func] isc_time_set() added.
8854 69. [bug] The zone object's master and also-notify lists grew
8855 longer with each server reload.
8857 68. [func] Partial support for SIG(0) on incoming messages.
8859 67. [performance] Allow use of alternate (compile-time supplied)
8860 OpenSSL libraries/headers.
8862 66. [func] Data in authoritative zones should have a trust level
8865 65. [cleanup] Removed obsolete typedef of dns_zone_callbackarg_t
8868 64. [func] The RBT, DB, and zone table APIs now allow the
8869 caller find the most-enclosing superdomain of
8872 63. [func] Generate NOTIFY messages.
8874 62. [func] Add UDP refresh support.
8876 61. [cleanup] Use single quotes consistently in log messages.
8878 60. [func] Catch and disallow singleton types on message
8881 59. [bug] Cause net/host unreachable to be a hard error
8882 when sending and receiving.
8884 58. [bug] bin/named/query.c could sometimes trigger the
8885 (client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
8886 == 0 assertion in query_newname().
8888 57. [func] Added dns_nxt_typepresent()
8890 56. [bug] SIG records were not properly returned in cached
8893 55. [bug] Responses containing multiple names in the authority
8894 section were not negatively cached.
8896 54. [bug] If a fetch with sigrdataset==NULL joined one with
8897 sigrdataset!=NULL or vice versa, the resolver
8898 could catch an assertion or lose signature data,
8901 53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
8904 52. [bug] rndc: taskmgr and socketmgr were not initialized
8907 51. [cleanup] dns/compress.h and dns/zt.h did not need to include
8908 dns/rbt.h; it was needed only by compress.c and zt.c.
8910 50. [func] RBT deletion no longer requires a valid chain to work,
8911 and dns_rbt_deletenode was added.
8913 49. [func] Each cache now has its own mctx.
8915 48. [func] isc_task_create() no longer takes an mctx.
8916 isc_task_mem() has been eliminated.
8918 47. [func] A number of modules now use memory context reference
8921 46. [func] Memory contexts are now reference counted.
8922 Added isc_mem_inuse() and isc_mem_preallocate().
8923 Renamed isc_mem_destroy_check() to
8924 isc_mem_setdestroycheck().
8926 45. [bug] The trusted-key statement incorrectly loaded keys.
8928 44. [bug] Don't include authority data if it would force us
8929 to unset the AD bit in the message.
8931 43. [bug] DNSSEC verification of cached rdatasets was failing.
8933 42. [cleanup] Simplified logging of messages with embedded domain
8934 names by introducing a new convenience function
8937 41. [func] Use PR_SET_KEEPCAPS on Linux 2.3.99-pre3 and later
8938 to allow 'named' to run as a non-root user while
8939 retaining the ability to bind() to privileged
8942 40. [func] Introduced new logging category "dnssec" and
8943 logging module "dns/validator".
8945 39. [cleanup] Moved the typedefs for isc_region_t, isc_textregion_t,
8946 and isc_lex_t to <isc/types.h>.
8948 38. [bug] TSIG signed incoming zone transfers work now.
8950 37. [bug] If the first RR in an incoming zone transfer was
8951 not an SOA, the server died with an assertion failure
8952 instead of just reporting an error.
8954 36. [cleanup] Change DNS_R_SUCCESS (and others) to ISC_R_SUCCESS
8956 35. [performance] Log messages which are of a level too high to be
8957 logged by any channel in the logging configuration
8958 will not cause the log mutex to be locked.
8960 34. [bug] Recursion was allowed even with 'recursion no'.
8962 33. [func] The RBT now maintains a parent pointer at each node.
8964 32. [cleanup] bin/lwresd/client.c needs <string.h> for memset()
8967 31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
8969 30. [func] config file grammar change to support optional
8970 class type for a view.
8972 29. [func] support new config file view options:
8974 auth-nxdomain recursion query-source
8975 query-source-v6 transfer-source
8976 transfer-source-v6 max-transfer-time-out
8977 max-transfer-idle-out transfer-format
8978 request-ixfr provide-ixfr cleaning-interval
8979 fetch-glue notify rfc2308-type1 lame-ttl
8980 max-ncache-ttl min-roots
8982 28. [func] support lame-ttl, min-roots and serial-queries
8983 config global options.
8985 27. [bug] Only include <netinet6/in6.h> on BSD/OS 4.[01]*.
8986 Including it on other platforms (eg, NetBSD) can
8987 cause a forced #error from the C preprocessor.
8989 26. [func] new match-clients statement in config file view.
8991 25. [bug] make install failed to install <isc/log.h> and
8994 24. [cleanup] Eliminate some unnecessary #includes of header
8995 files from header files.
8997 23. [cleanup] Provide more context in log messages about client
8998 requests, using a new function ns_client_log().
9000 22. [bug] SIGs weren't returned in the answer section when
9001 the query resulted in a fetch.
9003 21. [port] Look at STD_CINCLUDES after CINCLUDES during
9004 compilation, so additional system include directories
9005 can be searched but header files in the bind9 source
9006 tree with conflicting names take precedence. This
9007 avoids issues with installed versions of dnssafe and
9010 20. [func] Configuration file post-load validation of zones
9011 failed if there were no zones.
9013 19. [bug] dns_zone_notifyreceive() failed to unlock the zone
9014 lock in certain error cases.
9016 18. [bug] Use AC_TRY_LINK rather than AC_TRY_COMPILE in
9017 configure.in to check for presence of in6addr_any.
9019 17. [func] Do configuration file post-load validation of zones.
9021 16. [bug] put quotes around key names on config file
9022 output to avoid possible keyword clashes.
9024 15. [func] Add dns_name_dupwithoffsets(). This function is
9025 improves comparison performance for duped names.
9027 14. [bug] free_rbtdb() could have 'put' unallocated memory in
9028 an unlikely error path.
9030 13. [bug] lib/dns/master.c and lib/dns/xfrin.c didn't ignore
9033 12. [bug] Fixed possible uninitialized variable error.
9035 11. [bug] axfr_rrstream_first() didn't check the result code of
9036 db_rr_iterator_first(), possibly causing an assertion
9037 to be triggered later.
9039 10. [bug] A bug in the code which makes EDNS0 OPT records in
9040 bin/named/client.c and lib/dns/resolver.c could
9041 trigger an assertion.
9043 9. [cleanup] replaced bit-setting code in confctx.c and replaced
9044 repeated code with macro calls.
9046 8. [bug] Shutdown of incoming zone transfer accessed
9049 7. [cleanup] removed 'listen-on' from view statement.
9051 6. [bug] quote RR names when generating config file to
9052 prevent possible clash with config file keywords
9055 5. [func] syntax change to named.conf file: new ssu grant/deny
9056 statements must now be enclosed by an 'update-policy'
9059 4. [port] bin/named/unix/os.c didn't compile on systems with
9060 linux 2.3 kernel includes due to conflicts between
9061 C library includes and the kernel includes. We now
9062 get only what we need from <linux/capability.h>, and
9063 avoid pulling in other linux kernel .h files.
9065 3. [bug] TKEYs go in the answer section of responses, not
9066 the additional section.
9068 2. [bug] Generating cryptographic randomness failed on
9069 systems without /dev/random.
9071 1. [bug] The installdirs rule in
9072 lib/isc/unix/include/isc/Makefile.in had a typo which
9073 prevented the isc directory from being created if it
9076 --- 9.0.0b2 released ---
9078 # This tells Emacs to use hard tabs in this file.
9080 # indent-tabs-mode: t