4 2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
6 2104. [port] Fix Solaris SMF error message.
8 2103. [port] Add /usr/sfw to list of locations for OpenSSL
11 2102. [port] Silence solaris 10 warnings.
13 2101. [bug] OpenSSL version checks were not quite right.
16 2100. [port] win32: copy libeay32.dll to Build\Debug.
18 2099. [port] win32: more manifiest issues.
20 --- 9.3.3rc3 released ---
22 2096. [bug] libbind: handle applications that fail to detect
23 res_init() failures better.
25 2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
26 net_cidr_ntop_ipv6(). [RT #16388]
28 2094. [contrib] Update named-bootconf. [RT# 16404]
30 2092. [bug] win32: dig, host, nslookup. Use registry config
31 if resolv.conf does not exist or no nameservers
34 2091. [port] dighost.c: race condition on cleanup. [RT #16417]
36 2090. [port] win32: Visual C++ 2005 command line manifest support.
39 2089. [security] Raise the minimum safe OpenSSL versions to
40 OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
41 prior to these have known security flaws which
42 are (potentially) exploitable in named. [RT #16391]
44 2088. [security] Change the default RSA exponent from 3 to 65537.
47 2086. [port] libbind: FreeBSD now has get*by*_r() functions.
50 2085. [doc] win32: added index.html and README to zip. [RT #16201]
52 2084. [contrib] dbus update for 9.3.3rc2.
54 2083. [port] win32: Visual C++ 2005 support.
56 2082. [doc] Document 'cache-file' as a test only option.
58 --- 9.3.3rc2 released ---
60 2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
63 2080. [port] libbind: res_init.c did not compile on older versions
64 of Solaris. [RT #16363]
66 2076. [bug] Several files were missing #include <config.h>
67 causing build failures on OSF. [RT #16341]
69 2074. [bug] dns_request_createvia2(), dns_request_createvia3(),
70 dns_request_createraw2() and dns_request_createraw3()
71 failed to send multiple UDP requests. [RT #16349]
73 2066. [security] Handle SIG queries gracefully. [RT #16300]
75 --- 9.3.3rc1 released ---
77 2071. [port] Test whether gcc accepts -fno-strict-aliasing.
80 2070. [bug] The remote address was not always displayed when
81 reporting dispatch failures. [RT #16315]
83 2069. [bug] Cross compiling was not working. [RT #16330]
85 2067. [bug] 'rndc' could close the socket too early triggering
86 a INSIST under Windows. [RT #16317]
88 2065. [bug] libbind: probe for HPUX prototypes for
89 endprotoent_r() and endservent_r(). [RT 16313]
91 2064. [bug] libbind: silence AIX compiler warnings. [RT #16218]
93 2063. [bug] Change #1955 introduced a bug which caused the first
94 'rndc flush' call to not free memory. [RT #16244]
96 2062. [bug] 'dig +nssearch' was reusing a buffer before it had
97 been returned by the socket code. [RT #16307]
99 2057. [bug] Make setting "ra" dependent on both allow-query and
100 allow-recursion. [RT #16290]
102 2056. [bug] dig: ixfr= was not being treated case insensitively
103 at all times. [RT #15955]
105 2055. [bug] Missing goto after dropping multicast query.
108 2054. [port] freebsd: do not explicitly link against -lpthread.
111 2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220]
113 2052. [bug] 'rndc' improve connect failed message to report
114 the failing address. [RT #15978]
116 2051. [port] More strtol() fixes. [RT #16249]
118 2050. [bug] Parsing of NSAP records was not case insensitive.
121 2049. [bug] Restore SOA before AXFR when falling back from
122 a attempted IXFR when transfering in a zone.
123 Allow a initial SOA query before attempting
124 a AXFR to be requested. [RT #16156]
126 2048. [bug] It was possible to loop forever when using
127 avoid-v4-udp-ports / avoid-v6-udp-ports when
128 the OS always returned the same local port.
131 2047. [bug] Failed to initialise the interface flags to zero.
134 2043. [port] nsupdate/nslookup: Force the flushing of the prompt
135 for interactive sessions. [RT#16148]
137 2038. [bug] dig/nslookup/host was unlinking from wrong list
138 when handling errors. [RT #16122]
140 2037. [func] When unlinking the first or last element in a list
141 check that the list head points to the element to
142 be unlinked. [RT #15959]
144 2036. [bug] 'rndc recursing' could cause trigger a REQUIRE.
147 2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
149 --- 9.3.3b1 released ---
151 2031. [bug] Emit a error message when "rndc refresh" is called on
152 a non slave/stub zone. [RT # 16073]
154 2030. [bug] We were being overly conservative when disabling
155 openssl engine support. [RT #16030]
157 2029. [bug] host printed out the server multiple times when
158 specified on the command line. [RT #15992]
160 2028. [port] linux: socket.c compatability for old systems.
163 2027. [port] libbind: Solaris x86 support. [RT #16020]
165 2026. [bug] Rate limit the two recursive client exceeded messages.
168 2024. [bug] named emited spurious "zone serial unchanged"
169 messages on reload. [RT #16027]
171 2023. [bug] "make install" should create ${localstatedir}/run and
172 ${sysconfdir} if they do not exist. [RT #16033]
174 2016. [bug] Return a partial answer if recursion is not
175 allowed but requested and we had the answer
176 to the original qname. [RT #15945]
178 2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
179 responses more gracefully. [RT #15941]
181 2009. [bug] libbind: coverity fixes. [RT #15808]
183 2005. [bug] libbind: Retransmission timeouts should be
184 based on which attempt it is to the nameserver
185 and not the nameserver itself. [RT #13548]
187 2004. [bug] dns_tsig_sign() could pass a NULL pointer to
188 dst_context_destroy() when cleaning up after a
191 2003. [bug] libbind: The DNS name/address lookup functions could
192 occasionally follow a random pointer due to
193 structures not being completely zeroed. [RT #15806]
195 2002. [bug] libbind: tighten the constraints on when
196 struct addrinfo._ai_pad exists. [RT #15783]
198 2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812]
200 1998. [bug] Restrict handling of fifos as sockets to just SunOS.
201 This allows named to connect to entropy gathering
202 daemons that use fifos instead of sockets. [RT #15840]
204 1997. [bug] Named was failing to replace negative cache entries
205 when a positive one for the type was learnt.
208 1995. [bug] 'host' was reporting multiple "is an alias" messages.
211 1994. [port] OpenSSL 0.9.8 support. [RT #15694]
213 1993. [bug] Log messsage, via syslog, were missing the space
214 after the timestamp if "print-time yes" was specified.
217 1991. [cleanup] The configuration data, once read, should be treated
218 as readonly. Expand the use of const to enforce this
219 at compile time. [RT #15813]
221 1990. [bug] libbind: isc's override of broken gettimeofday()
222 implementions was not always effective.
225 1989. [bug] win32: don't check the service password when
226 re-installing. [RT #15882]
228 1985. [protocol] DLV has now been assigned a official type code of
231 Note: care should be taken to ensure you upgrade
232 both named and dnssec-signzone at the same time for
233 zones with DLV records where named is the master
234 server for the zone. Also any zones that contain
235 DLV records should be removed when upgrading a slave
236 zone. You do not however have to upgrade all
237 servers for a zone with DLV records simultaniously.
239 1982. [bug] DNSKEY was being accepted on the parent side of
240 a delegation. KEY is still accepted there for
241 RFC 3007 validated updates. [RT #15620]
243 1981. [bug] win32: condition.c:wait() could fail to reattain
246 1979. [port] linux: allow named to drop core after changing
247 user ids. [RT #15753]
249 1978. [port] Handle systems which have a broken recvmsg().
252 1977. [bug] Silence noisy log message. [RT #15704]
254 1976. [bug] Handle systems with no IPv4 addresses. [RT #15695]
256 1975. [bug] libbind: isc_gethexstring() could misparse multi-line
257 hex strings with comments. [RT #15814]
259 1974. [doc] List each of the zone types and associated zone
260 options seperately in the ARM.
262 1972. [contrib] DBUS dynamic forwarders integation from
263 Jason Vas Dias <jvdias@redhat.com>.
265 1971. [port] linux: make detection of missing IF_NAMESIZE more
268 1970. [bug] nsupdate: adjust UDP timeout when falling back to
269 unsigned SOA query. [RT #15775]
271 1969. [bug] win32: the socket code was freeing the socket
272 structure too early. [RT #15776]
274 1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
276 1966. [bug] Don't set CD when we have fallen back to plain DNS.
279 1963. [port] Tru64 4.0E doesn't support send() and recv().
282 1962. [bug] Named failed to clear old update-policy when it
283 was removed. [RT #15491]
285 1961. [bug] Check the port and address of responses forwarded
286 to dispatch. [RT #15474]
288 1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
291 1958. [bug] Named failed to update the zone's secure state
292 until the zone was reloaded. [RT #15412]
294 1957. [bug] Dig mishandled responses to class ANY queries.
297 1956. [bug] Improve cross compile support, 'gen' is now built
298 by native compiler. See README for additional
299 cross compile support information. [RT #15148]
301 1955. [bug] Pre-allocate the cache cleaning interator. [RT #14998]
303 1952. [port] hpux: tell the linker to build a runtime link
304 path "-Wl,+b:". [RT #14816].
306 1951. [security] Drop queries from particular well known ports.
307 Don't return FORMERR to queries from particular
308 well known ports. [RT #15636]
310 1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
311 a TCP socket. This prevents the source address being
312 set for TCP connections. [RT #15628]
314 1948. [bug] If was possible to trigger a REQUIRE failure in
315 xfrin.c:maybe_free() if named ran out of memory.
318 1946. [bug] resume_dslookup() could trigger a REQUIRE failure
319 when using forwarders. [RT #15549]
321 1944. [cleanup] isc_hash_create() does not need a read/write lock.
324 1943. [bug] Set the loadtime after rolling forward the journal.
327 1942. [bug] If the name of a DNSKEY match that of one in
328 trusted-keys do not attempt to validate the DNSKEY
329 using the parents DS RRset. [RT #15649]
331 1941. [bug] ncache_adderesult() should set eresult even if no
332 rdataset is passed to it. [RT #15642]
334 1940. [bug] Fixed a number of error conditions reported by
337 1939. [bug] The resolver could dereference a null pointer after
338 validation if all the queries have timed out.
341 1938. [bug] The validator was not correctly handling unsecure
342 negative responses at or below a SEP. [RT #15528]
344 1919. [contrib] queryperf: a set of new features: collecting/printing
345 response delays, printing intermediate results, and
346 adjusting query rate for the "target" qps.
348 --- 9.3.2 released ---
350 --- 9.3.2rc1 released ---
352 1936. [bug] The validator could leak memory. [RT #15544]
354 1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
356 --- 9.3.2b2 released ---
358 1930. [port] HPUX: ia64 support. [RT #15473]
360 1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
362 1926. [bug] The Windows installer did not check for empty
363 passwords. BINDinstall was being installed in
364 the wrong place. [RT #15483]
366 1925. [port] All outer level AC_TRY_RUNs need cross compiling
367 defaults. [RT #15469]
369 1924. [port] libbind: hpux ia64 support. [RT #15473]
371 1923. [bug] ns_client_detach() called too early. [RT #15499]
373 --- 9.3.2b1 released ---
375 1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
376 when generating man pages. [RT #15385]
378 1915. [bug] dig +ndots was broken. [RT #15215]
380 1914. [protocol] DS is required to accept mnemonic algorithms
381 (RFC 4034). Still emit numeric algorithms for
382 compatability with RFC 3658. [RT #15354]
384 1911. [bug] Update windows socket code. [RT #14965]
386 1910. [bug] dig's +sigchase code overhauled. [RT #14933]
388 1909. [bug] The DLV code has been re-worked to make no longer
389 query order sensitive. [RT #14933]
391 1905. [bug] Strings returned from cfg_obj_asstring() should be
392 treated as read-only. [RT #15256]
394 1901. [cleanup] Don't add DNSKEY records to the additional section.
396 1900. [bug] ixfr-from-differences failed to ensure that the
397 serial number increased. [RT #15036]
399 1896. [bug] Extend ISC_SOCKADDR_FORMATSIZE and
400 ISC_NETADDR_FORMATSIZE to allow for scope details.
402 1894. [bug] Recursive clients soft quota support wasn't working
403 as expected. [RT #15103]
405 1893. [bug] A escaped character is, potentially, converted to
406 the output character set too early. [RT #14666]
408 1892. [port] Use uintptr_t if available. [RT #14606]
410 1889. [port] sunos: non blocking i/o support. [RT #14951]
412 1887. [bug] The cache could delete expired records too fast for
413 clients with a virtual time in the past. [RT #14991]
415 1886. [bug] fctx_create() could return success even though it
418 1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>.
420 1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug
423 1881. [func] Add a system test for named-checkconf. [RT #14931]
425 1877. [bug] Fix unreasonably low quantum on call to
426 dns_rbt_destroy2(). Remove unnecessay unhash_node()
429 1875. [bug] process_dhtkey() was using the wrong memory context
430 to free some memory. [RT #14890]
432 1874. [port] sunos: portability fixes. [RT #14814]
434 1873. [port] win32: isc__errno2result() now reports its caller.
437 1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
439 1867. [bug] It was possible to trigger a INSIST in
440 dlv_validatezonekey(). [RT #14846]
442 1866. [bug] resolv.conf parse errors were being ignored by
443 dig/host/nslookup. [RT #14841]
445 1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
446 bad addresses. [RT #14841]
448 1864. [bug] Don't try the alternative transfer source if you
449 got a answer / transfer with the main source
452 1863. [bug] rrset-order "fixed" error messages not complete.
454 1861. [bug] dig could trigger a INSIST on certain malformed
455 responses. [RT #14801]
457 1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
458 incorrectly set. [RT #14775]
460 1858. [bug] The flush-zones-on-shutdown option wasn't being
463 1857. [bug] named could trigger a INSIST() if reconfigured /
464 reloaded too fast. [RT #14673]
466 1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
469 1855. [bug] ixfr-from-differences was failing to detect changes
470 of ttl due to dns_diff_subtract() was ignoring the ttl
471 of records. [RT #14616]
473 1854. [bug] lwres also needs to know the print format for
474 (long long). [RT #13754]
476 1853. [bug] Rework how DLV interacts with proveunsecure().
479 1852. [cleanup] Remove last vestiges of dnssec-signkey and
480 dnssec-makekeyset (removed from Makefile years ago).
482 1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
484 1849. [doc] All forms of the man pages (docbook, man, html) should
485 have consistant copyright dates.
487 1848. [bug] Improve SMF integration. [RT #13238]
489 1847. [bug] isc_ondestroy_init() is called too late in
490 dns_rbtdb_create()/dns_rbtdb64_create().
493 1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
496 1845. [bug] Improve error reporting to distingish between
497 accept()/fcntl() and socket()/fcntl() errors.
500 1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
501 for each 16 bit piece of the IPv6 address. The text
502 representation of a IPv6 address has been tighted
503 to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
506 1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps
507 when CFLAGS contains "-I /usr/local/include"
508 resulting in old header files being used.
510 1842. [port] cmsg_len() could produce incorrect results on
511 some platform. [RT #13744]
513 1841. [bug] "dig +nssearch" now makes a recursive query to
514 find the list of nameservers to query. [RT #13694]
516 1839. [bug] <isc/hash.h> was not being installed.
518 1838. [cleanup] Don't allow Linux capabilities to be inherited.
521 1837. [bug] Compile time option ISC_FACILITY was not effective
522 for 'named -u <user>'. [RT #13714]
524 1836. [cleanup] Silence compiler warnings in hash_test.c.
526 1835. [bug] Update dnssec-signzone's usage message. [RT #13657]
528 1834. [bug] Bad memset in rdata_test.c. [RT #13658]
530 1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660]
532 1832. [bug] named fails to return BADKEY on unknown TSIG algorithm.
535 1831. [doc] Update named-checkzone documentation. [RT#13604]
537 1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
539 1829. [bug] win32: "pid-file none;" broken. [RT #13563]
541 1828. [bug] isc_rwlock_init() failed to properly cleanup if it
542 encountered a error. [RT #13549]
544 1827. [bug] host: update usage message for '-a'. [RT #37116]
546 1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out
547 of memory error. [RT #13537]
549 1825. [bug] Missing UNLOCK() on out of memory error from in
550 rbtdb.c:subtractrdataset(). [RT #13519]
552 1824. [bug] Memory leak on dns_zone_setdbtype() failure.
555 1823. [bug] Wrong macro used to check for point to point interface.
558 1822. [bug] check-names test for RT was reversed. [RT #13382]
560 1821. [doc] acls definitions are no longer required to be
561 in named.conf prior to reference. They can be
562 defined after being referenced.
564 1820. [bug] Gracefully handle acl loops. [RT #13659]
566 1819. [bug] The validator needed to check both the algorithm and
567 digest types of the DS to determine if it could be
568 used to introduce a secure zone. [RT #13593]
570 1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
573 1815. [bug] nsupdate triggered a REQUIRE if the server was set
574 without also setting the zone and it encountered
575 a CNAME and was using TSIG. [RT #13086]
577 1810. [bug] configure, lib/bind/configure make different default
578 decisions about whether to do a threaded build.
581 1809. [bug] "make distclean" failed for libbind if the platform
584 1807. [bug] When forwarding (forward only) set the active domain
585 from the forward zone name. [RT #13526]
587 1804. [bug] Ensure that if we are queried for glue that it fits
588 in the additional section or TC is set to tell the
589 client to retry using TCP. [RT #10114]
591 1803. [bug] dnssec-signzone sometimes failed to remove old
594 1802. [bug] Handle connection resets better. [RT #11280]
596 1799. [bug] 'rndc flushname' failed to flush negative cache
599 1795. [bug] "rndc dumpdb" was not fully documented. Minor
600 formating issues with "rndc dumpdb -all". [RT #13396]
602 1791. [bug] 'host -t a' still printed out AAAA and MX records.
605 --- 9.3.1 released ---
607 1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599]
609 --- 9.3.1rc1 released ---
611 1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
614 1808. [bug] zone.c:notify_zone() contained a race condition,
615 zone->db could change underneath it. [RT #13511]
617 1806. [bug] The resolver returned the wrong result when a CNAME /
618 DNAME was encountered when fetching glue from a
619 secure namespace. [RT #13501]
621 1805. [bug] Pending status was not being cleared when DLV was
624 --- 9.3.1beta2 released ---
626 1800. [bug] Changes #1719 allowed a INSIST to be triggered.
629 --- 9.3.1beta1 released ---
631 1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
632 allow parallel make to succeed.
634 1789. [bug] Prerequisite test for tkey and dnssec could fail
635 with "configure --with-libtool".
637 1788. [bug] libbind9.la/libbind9.so needs to link against
638 libisccfg.la/libisccfg.so.
640 1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.
642 1786. [port] AIX: libt_api needs to be taught to look for
643 T_testlist in the main executable (--with-libtool).
646 1785. [bug] libbind9.la/libbind9.so needs to link against
649 1784. [cleanup] "libtool -allow-undefined" is the default.
650 Leave hooks in configure to allow it to be set
651 if needed in the future.
653 1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the
656 1782. [port] OSX: --with-libtool + --enable-libbind broke on
657 __evOptMonoTime. [RT #13219]
659 1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
661 1780. [bug] Update libtool to 1.5.10.
663 1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
665 1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
666 IN6ADDR_LOOPBACK_INIT macros.
668 1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
669 IN6ADDR_LOOPBACK_INIT macros.
671 1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
672 IN6ADDR_LOOPBACK_INIT macros.
674 1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
676 1774. [port] Aix: Silence compiler warnings / build failures.
679 1773. [bug] Fast retry on host / net unreachable. [RT #13153]
681 1770. [bug] named-checkconf failed to report missing a missing
682 file clause for rbt{64} master/hint zones. [RT#13009]
684 1769. [port] win32: change compiler flags /MTd ==> /MDd,
687 1768. [bug] nsecnoexistnodata() could be called with a non-NSEC
688 rdataset. [RT #12907]
690 1767. [port] Builds on IPv6 platforms without IPv6 Advanced API
691 support for (struct in6_pktinfo) failed. [RT #13077]
693 1766. [bug] Update the master file timestamp on successful refresh
694 as well as the journal's timestamp. [RT# 13062]
696 1765. [bug] configure --with-openssl=auto failed. [RT #12937]
698 1764. [bug] dns_zone_replacedb failed to emit a error message
699 if there was no SOA record in the replacment db.
702 1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS
703 even when it failed. [RT #12995]
705 1761. [bug] 'rndc dumpdb' didn't report unassociated entries.
708 1760. [bug] Host / net unreachable was not penalising rtt
709 estimates. [RT #12970]
711 1759. [bug] Named failed to startup if the OS supported IPv6
712 but had no IPv6 interfaces configured. [RT #12942]
714 1754. [bug] We wern't always attempting to query the parent
715 server for the DS records at the zone cut.
718 1753. [bug] Don't serve a slave zone which has no NS records.
721 1752. [port] Move isc_app_start() to after ns_os_daemonise()
722 as some fork() implementations unblock the signals
723 that are blocked by isc_app_start(). [RT #12810]
725 1751. [bug] --enable-getifaddrs failed under linux. [RT #12867]
727 1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
730 1749. [bug] 'check-names response ignore;' failed to ignore.
733 1747. [bug] BIND 8 compatability: named/named-checkconf failed
734 to parse "host-statistics-max" in named.conf.
736 1745. [bug] Dig/host/nslookup accept replies from link locals
737 regardless of scope if no scope was specified when
738 query was sent. [RT #12745]
740 1744. [bug] If tuple2msgname() failed to convert a tuple to
741 a name a REQUIRE could be triggered. [RT #12796]
743 1743. [bug] If isc_taskmgr_create() was not able to create the
744 requested number of worker threads then destruction
745 of the manager would trigger an INSIST() failure.
748 1742. [bug] Deleting all records at a node then adding a
749 previously existing record, in a single UPDATE
750 transaction, failed to leave / regenerate the
751 associated RRSIG records. [RT #12788]
753 1741. [bug] Deleting all records at a node in a secure zone
754 using a update-policy grant failed. [RT #12787]
756 1740. [bug] Replace rbt's hash algorithm as it performed badly
757 with certain zones. [RT #12729]
759 NOTE: a hash context now needs to be established
760 via isc_hash_create() if the application was not
763 1739. [bug] dns_rbt_deletetree() could incorrectly return
764 ISC_R_QUOTA. [RT #12695]
766 1738. [bug] Enable overrun checking by default. [RT #12695]
768 1737. [bug] named failed if more than 16 masters were specified.
771 1736. [bug] dst_key_fromnamedfile() could fail to read a
772 public key. [RT #12687]
774 1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
777 1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path.
780 1733. [bug] Return non-zero exit status on initial load failure.
783 1732. [bug] 'rrset-order name "*"' wasn't being applied to ".".
786 1731. [port] darwin: relax version test in ifconfig.sh.
789 1730. [port] Determine the length type used by the socket API.
792 1728. [doc] Update check-names documentation.
794 1727. [bug] named-checkzone: check-names support didn't match
797 1726. [port] aix5: add support for aix5.
799 1725. [port] linux: update error message on interaction of threads,
800 capabilities and setuid support (named -u). [RT #12541]
802 1724. [bug] Look for DNSKEY records with "dig +sigtrace".
805 1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
807 1722. [bug] Don't commit the journal on malformed ixfr streams.
810 1721. [bug] Error message from the journal processing were not
811 always identifing the relevent journal. [RT #12519]
813 1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1
814 negative response. [RT #12506]
816 1719. [bug] named was not correctly caching a RFC 2308 Type 1
817 negative response. [RT #12506]
819 1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative
820 responses when looking for the zone / master server.
823 1717. [port] solaris: ifconfig.sh did not support Solaris 10.
824 "ifconfig.sh down" didn't work for Solaris 9.
826 1716. [doc] named.conf(5) was being installed in the wrong
827 location. [RT# 12441]
829 1714. [bug] dig/host/nslookup were only trying the first
830 address when a nameserver was specified by name.
833 1713. [port] linux: extend capset failure message to say:
834 please ensure that the capset kernel module is
835 loaded. see insmod(8)
837 1712. [bug] Missing FULLCHECK for "trusted-key" in dig.
839 --- 9.3.0 released ---
841 1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'.
843 --- 9.3.0rc4 released ---
845 1709. [port] solaris: add SMF support.
847 1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
848 for conformance to the name space convention. Binary
849 backward compatibility to the old function name is
850 provided. [RT #12376]
852 1707. [contrib] sdb/ldap updated to version 1.0-beta.
854 1706. [bug] 'rndc stop' failed to cause zones to be flushed
855 sometimes. [RT #12328]
857 1704. [port] lwres needed a snprintf() implementation for
858 platforms without snprintf(). Add missing
859 "#include <isc/print.h>". [RT #12321]
861 1703. [bug] named would loop sending NOTIFY messages when it
862 failed to receive a response. [RT #12322]
864 1702. [bug] also-notify should not be applied to builtin zones.
867 1701. [doc] A minimal named.conf man page.
869 1700. [func] nslookup is no longer to be treated as deprecated.
870 Remove "deprecated" warning message. Add man page.
872 1699. [bug] dnssec-signzone can generate "not exact" errors
873 when resigning. [RT #12281]
875 1698. [doc] Use reserved IPv6 documentation prefix.
877 1697. [bug] xxx-source{,-v6} was not effective when it
878 specified one of listening addresses and a
879 different port than the listening port. [RT #12257]
881 --- 9.3.0rc3 released ---
883 1696. [bug] dnssec-signzone failed to clean out nodes that
884 consisted of only NSEC and RRSIG records.
887 1695. [bug] DS records when forwarding require special handling.
890 1694. [bug] Report if the builtin views of "_default" / "_bind"
891 are defined in named.conf. [RT #12023]
893 1693. [bug] max-journal-size was not effective for master zones
894 with ixfr-from-differences set. [RT# 12024]
896 1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
897 /usr/lib. [RT #11971]
899 1691. [bug] sdb's attachversion was not complete. [RT #11990]
901 1690. [bug] Delay detaching view from the client until UPDATE
902 processing completes when shutting down. [RT #11714]
904 1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
905 contained gratuitous semicolons. [RT #11707]
907 1688. [bug] LDFLAGS was not supported.
909 1687. [bug] Race condition in dispatch. [RT #10272]
911 1686. [bug] Named sent a extraneous NOTIFY when it received a
912 redundant UPDATE request. [RT #11943]
914 --- 9.3.0rc2 released ---
916 1685. [bug] Change #1679 loop tests weren't quite right.
918 1683. [bug] dig +sigchase could leak memory. [RT #11445]
920 1682. [port] Update configure test for (long long) printf format.
923 1681. [bug] Only set SO_REUSEADDR when a port is specified in
924 isc_socket_bind(). [RT #11742]
926 1679. [bug] When there was a single nameserver with multiple
927 addresses for a zone not all addresses were tried.
930 1678. [bug] RRSIG should use TYPEXXXXX for unknown types.
932 1677. [bug] dig: +aaonly didn't work, +aaflag undocumented.
934 1675. [bug] named would sometimes add extra NSEC records to
935 the authority section.
937 1674. [port] linux: increase buffer size used to scan
940 1673. [port] linux: issue a error messages if IPv6 interface
943 1672. [cleanup] Tests which only function in a threaded build
944 now return R:THREADONLY (rather than R:UNTESTED)
945 in a non-threaded build.
947 1671. [contrib] queryperf: add NAPTR to the list of known types.
949 1670. [func] Log UPDATE requests to slave zones without an acl as
950 "disabled" at debug level 3. [RT# 11657]
952 1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
954 1667. [port] linux: not all versions have IF_NAMESIZE.
956 1666. [bug] The optional port on hostnames in dual-stack-servers
959 1663. [func] Look for OpenSSL by default.
961 1661. [bug] Restore dns_name_concatenate() call in
962 adb.c:set_target(). [RT #11582]
964 1660. [bug] win32: connection_reset_fix() was being called
965 unconditionally. [RT #11595]
967 --- 9.3.0rc1 released ---
969 1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.
971 1662. [bug] Change #1658 failed to change one use of 'type'
974 1659. [cleanup] Cleanup some messages that were referring to KEY vs
975 DNSKEY, NXT vs NSEC and SIG vs RRSIG.
977 1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
978 and DH. Tighten which options apply to KEY and
981 1657. [doc] ARM: document query log output.
983 1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
984 DNSKEY and RRSIG. [RT #11542]
986 1655. [bug] Logging multiple versions w/o a size was broken.
989 1654. [bug] isc_result_totext() contained array bounds read
992 1653. [func] Add key type checking to dst_key_fromfilename(),
993 DST_TYPE_KEY should be used to read TSIG, TKEY and
996 1652. [bug] TKEY still uses KEY.
998 1651. [bug] dig: process multiple dash options.
1000 1650. [bug] dig, nslookup: flush standard out after each command.
1002 1649. [bug] Silence "unexpected non-minimal diff" message.
1005 1648. [func] Update dnssec-lookaside named.conf syntax to support
1006 multiple dnssec-lookaside namespaces (not yet
1009 1647. [bug] It was possible trigger a INSIST when chasing a DS
1010 record that required walking back over a empty node.
1013 1646. [bug] win32: logging file versions didn't work with
1014 non-UNC filenames. [RT#11486]
1016 1645. [bug] named could trigger a REQUIRE failure if multiple
1017 masters with keys are specified.
1019 1644. [bug] Update the journal modification time after a
1020 sucessfull refresh query. [RT #11436]
1022 1643. [bug] dns_db_closeversion() could leak memory / node
1023 references. [RT #11163]
1025 1642. [port] Support OpenSSL implementations which don't have
1026 DSA support. [RT #11360]
1028 1641. [bug] Update the check-names description in ARM. [RT #11389]
1030 --- 9.3.0beta4 released ---
1032 1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
1033 incorrectly closing the socket. [RT #11291]
1035 1639. [func] Initial dlv system test.
1037 1638. [bug] "ixfr-from-differences" could generate a REQUIRE
1038 failure if the journal open failed. [RT #11347]
1040 1637. [bug] Node reference leak on error in addnoqname().
1042 1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
1043 a error had occured. The database version no longer
1044 matched the version of the database that was dumped.
1046 1635. [bug] Memory leak on error in query_addds().
1048 1634. [bug] named didn't supply a useful error message when it
1049 detected duplicate views. [RT #11208]
1051 1633. [bug] named should return NOTIMP to update requests to a
1052 slaves without a allow-update-forwarding acl specified.
1055 1632. [bug] nsupdate failed to send prerequisite only UPDATE
1056 messages. [RT #11288]
1058 1631. [bug] dns_journal_compact() could sometimes corrupt the
1059 journal. [RT #11124]
1061 1630. [contrib] queryperf: add support for IPv6 transport.
1063 1629. [func] dig now supports IPv6 scoped addresses with the
1064 extended format in the local-server part. [RT #8753]
1066 1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]
1068 1627. [bug] win32: sockets were not being closed when the
1069 last external reference was removed. [RT# 11179]
1071 1626. [bug] --enable-getifaddrs was broken. [RT#11259]
1073 1625. [bug] named failed to load/transfer RFC2535 signed zones
1074 which contained CNAMES. [RT# 11237]
1076 1606. [bug] DLV insecurity proof was failing.
1078 1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
1080 --- 9.3.0beta3 released ---
1082 1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
1084 1623. [bug] A serial number of zero was being displayed in the
1085 "sending notifies" log message when also-notify was
1088 1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
1089 available, and suppress wildcard binding if not.
1091 1621. [bug] match-destinations did not work for IPv6 TCP queries.
1094 1620. [func] When loading a zone report if it is signed. [RT #11149]
1096 1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
1099 1618. [bug] Fencepost errors in dns_name_ishostname() and
1100 dns_name_ismailbox() could trigger a INSIST().
1102 1617. [port] win32: VC++ 6.0 support.
1104 1616. [compat] Ensure that named's version is visible in the core
1107 1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
1110 1614. [port] win32: silence resource limit messages. [RT# 11101]
1112 1613. [bug] Builds would fail on machines w/o a if_nametoindex().
1113 Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
1116 1612. [bug] check-names at the option/view level could trigger
1117 an INSIST. [RT# 11116]
1119 1611. [bug] solaris: IPv6 interface scanning failed to cope with
1120 no active IPv6 interfaces.
1122 1610. [bug] On dual stack machines "dig -b" failed to set the
1123 address type to be looked up with "@server".
1126 1600. [bug] Duplicate zone pre-load checks were not case
1129 1599. [bug] Fix memory leak on error path when checking named.conf.
1131 1598. [func] Specify that certain parts of the namespace must
1132 be secure (dnssec-must-be-secure).
1134 --- 9.3.0beta2 released ---
1136 1609. [func] dig now has support to chase DNSSEC signature chains.
1137 Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.
1139 DNSSEC validation code in dig coded by Olivier Courtay
1140 (olivier.courtay@irisa.fr) for the IDsA project
1141 (http://idsa.irisa.fr).
1143 1608. [func] dig and host now accept -4/-6 to select IP transport
1144 to use when making queries.
1146 1607. [bug] dig, host and nslookup were still using random()
1147 to generate query ids. [RT# 11013]
1149 1604. [bug] A xfrout_ctx_create() failure would result in
1150 xfrout_ctx_destroy() being called with a
1151 partially initialized structure.
1153 1603. [bug] nsupdate: set interactive based on isatty().
1156 1602. [bug] Logging to a file failed unless a size was specified.
1159 1601. [bug] Silence spurious warning 'both "recursion no;" and
1160 "allow-recursion" active' warning from view "_bind".
1163 1594. [bug] 'rndc dumpdb' could prevent named from answering
1164 queries while the dump was in progress. [RT #10565]
1166 1593. [bug] rndc should return "unknown command" to unknown
1167 commands. [RT# 10642]
1169 --- 9.3.0beta1 released ---
1171 1592. [bug] configure_view() could leak a dispatch. [RT #10675]
1173 1591. [bug] libbind: updated to BIND 8.4.5.
1175 1590. [port] netbsd: update thread support.
1177 1589. [func] DNSSEC lookaside validation.
1179 1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
1181 1587. [bug] dns_message_settsigkey() failed to clear existing key.
1184 1586. [func] "check-names" is now implemented.
1186 1584. [bug] "make test" failed with a read only source tree.
1189 1583. [bug] Records add via UPDATE failed to get the correct trust
1192 1582. [bug] rrset-order failed to work on RRsets with more
1193 than 32 elements. [RT #10381]
1195 1581. [func] Disable DNSSEC support by default. To enable
1196 DNSSEC specify "dnssec-enable yes;" in named.conf.
1198 1580. [bug] Zone destruction on final detach takes a long time.
1201 1579. [bug] Multiple task managers could not be created.
1203 1578. [bug] Don't use CLASS E IPv4 addresses when resolving.
1206 1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug
1207 workaround code. [RT #10331]
1209 1576. [bug] Race condition in dns_dispatch_addresponse().
1212 1575. [func] Log TSIG name on TSIG verify failure. [RT #4404]
1214 1574. [bug] Don't attempt to open the controls socket(s) when
1215 running tests. [RT #9091]
1217 1573. [port] linux: update to libtool 1.5.2 so that
1218 "make install DESTDIR=/xx" works with
1219 "configure --with-libtool". [RT #9941]
1221 1572. [bug] nsupdate: sign the soa query to find the enclosing
1222 zone if the server is specified. [RT #10148]
1224 1571. [bug] rbt:hash_node() could fail leaving the hash table
1225 in an inconsistent state. [RT #10208]
1227 1570. [bug] nsupdate failed to handle classes other than IN.
1228 New keyword 'class' which sets the default class.
1231 1569. [func] nsupdate new command 'answer' which displays the
1232 complete answer message to the last update.
1234 1568. [bug] nsupdate now reports that the update failed in
1235 interactive mode. [RT# 10236]
1237 1567. [bug] B.ROOT-SERVERS.NET is now 192.228.79.201.
1239 1566. [port] Support for the cmsg framework on Solaris and HP/UX.
1240 This also solved the problem that match-destinations
1241 for IPv6 addresses did not work on these systems.
1244 1565. [bug] CD flag should be copied to outgoing queries unless
1245 the query is under a secure entry point in which case
1248 1564. [func] Attempt to provide a fallback entropy source to be
1249 used if named is running chrooted and named is unable
1250 to open entropy source within the chroot area.
1253 1563. [bug] Gracefully fail when unable to obtain neither an IPv4
1254 nor an IPv6 dispatch. [RT #10230]
1256 1562. [bug] isc_socket_create() and isc_socket_accept() could
1257 leak memory under error conditions. [RT #10230]
1259 1561. [bug] It was possible to release the same name twice if
1260 named ran out of memory. [RT #10197]
1262 1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
1263 and EAI_NONAME to the same value.
1265 1559. [port] named should ignore SIGFSZ.
1267 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
1268 child zones for which we don't have a supported
1269 algorithm. Such child zones are treated as unsigned.
1271 1557. [func] Implement missing DNSSEC tests for
1272 * NOQNAME proof with wildcard answers.
1273 * NOWILDARD proof with NXDOMAIN.
1274 Cache and return NOQNAME with wildcard answers.
1276 1556. [bug] nsupdate now treats all names as fully qualified.
1279 1555. [func] 'rrset-order cyclic' no longer has a random starting
1282 1554. [bug] dig, host, nslookup failed when no nameservers
1283 were specified in /etc/resolv.conf. [RT #8232]
1285 1553. [bug] The windows socket code could stop accepting
1286 connections. [RT#10115]
1288 1552. [bug] Accept NOTIFY requests from mapped masters if
1289 matched-mapped is set. [RT #10049]
1291 1551. [port] Open "/dev/null" before calling chroot().
1293 1550. [port] Call tzset(), if available, before calling chroot().
1295 1549. [func] named-checkzone can now write out the zone contents
1296 in a easily parsable format (-D and -o).
1298 1548. [bug] When parsing APL records it was possible to silently
1299 accept out of range ADDRESSFAMILY values. [RT# 9979]
1301 1547. [bug] Named wasted memory recording duplicate lame zone
1304 1546. [bug] We were rejecting valid secure CNAME to negative
1307 1545. [bug] It was possible to leak memory if named was unable to
1308 bind to the specified transfer source and TSIG was
1309 being used. [RT #10120]
1311 1544. [bug] Named would logged a single entry to a file despite it
1312 being over the specified size limit.
1314 1543. [bug] Logging using "versions unlimited" did not work.
1316 1541. [func] NSEC now uses new bitmap format.
1318 1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
1321 1539. [bug] Open UDP sockets for notify-source and transfer-source
1322 that use reserved ports at startup. [RT #9475]
1324 1537. [func] New option "querylog". If set specify whether query
1325 logging is to be enabled or disabled at startup.
1327 1536. [bug] Windows socket code failed to log a error description
1328 when returning ISC_R_UNEXPECTED. [RT #9998]
1330 1534. [bug] Race condition when priming cache. [RT# 9940]
1332 1533. [func] Warn if both "recursion no;" and "allow-recursion"
1333 are active. [RT# 4389]
1335 1532. [port] netbsd: the configure test for <sys/sysctl.h>
1336 requires <sys/param.h>.
1338 1531. [port] AIX more libtool fixes.
1340 1530. [bug] It was possible to trigger a INSIST() failure if a
1341 slave master file was removed at just the correct
1344 1529. [bug] "notify explicit;" failed to log that NOTIFY messages
1345 were being sent for the zone. [RT# 9442]
1347 1528. [cleanup] Simplify some dns_name_ functions based on the
1348 deprecation of bitstring labels.
1350 1527. [cleanup] Reduce the number of gettimeofday() calls without
1351 losing necessary timer granularity.
1353 1525. [bug] dns_cache_create() could trigger a REQUIRE
1354 failure in isc_mem_put() during error cleanup.
1357 1524. [port] AIX needs to be able to resolve all symbols when
1358 creating shared libraries (--with-libtool).
1360 1523. [bug] Fix race condition in rbtdb. [RT# 9189]
1362 1522. [bug] dns_db_findnode() relax the requirements on 'name'.
1365 1521. [bug] dns_view_createresolver() failed to check the
1366 result from isc_mem_create(). [RT# 9294]
1368 1520. [protocol] Add SSHFP (SSH Finger Print) type.
1370 1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
1371 length of the new bitmap.
1373 1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(),
1374 contained a off-by-one error when working out the
1375 number of octets in the bitmap.
1377 1517. [port] Support for IPv6 interface scanning on HP/UX and
1380 1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
1382 1515. [func] Allow transfer source to be set in a server statement.
1385 1514. [bug] named: isc_hash_destroy() was being called too early.
1388 1513. [doc] Add "US" to root-delegation-only exclude list.
1390 1512. [bug] Extend the delegation-only logging to return query
1391 type, class and responding nameserver.
1393 1511. [bug] delegation-only was generating false positives
1394 on negative answers from subzones.
1396 1510. [func] New view option "root-delegation-only". Apply
1397 delegation-only check to all TLDs and root.
1398 Note there are some TLDs that are NOT delegation
1399 only (e.g. DE, LV, US and MUSEUM) these can be excluded
1400 from the checks by using exclude.
1402 root-delegation-only exclude {
1403 "DE"; "LV"; "US"; "MUSEUM";
1406 1509. [bug] Hint zones should accept delegation-only. Forward
1407 zone should not accept delegation-only.
1409 1508. [bug] Don't apply delegation-only checks to answers from
1412 1507. [bug] Handle BIND 8 style returns to NS queries to parents
1413 when making delegation-only checks.
1415 1506. [bug] Wrong return type for dns_view_isdelegationonly().
1417 1505. [bug] Uninitialized rdataset in sdb. [RT #8750]
1419 1504. [func] New zone type "delegation-only".
1421 1503. [port] win32: install libeay32.dll outside of system32.
1423 1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP.
1425 1501. [func] Allow TCP queue length to be specified via
1426 named.conf, tcp-listen-queue.
1428 1500. [bug] host failed to lookup MX records. Also look up
1431 1475. [port] Probe for old sprintf().
1433 1474. [port] Provide strtoul() and memmove() for platforms
1436 1469. [func] Log end of outgoing zone transfer at same level
1437 as the start of transfer is logged. [RT #4441]
1439 1468. [func] Internal zones are no longer counted for
1440 'rndc status'. [RT #4706]
1442 1467. [func] $GENERATES now supports optional class and ttl.
1444 1458. [cleanup] sprintf() -> snprintf().
1446 1457. [port] Provide strlcat() and strlcpy() for platforms without
1449 1455. [bug] <netaddr> missing from server grammar in
1450 doc/misc/options. [RT #5616]
1452 1454. [port] Use getifaddrs() if available for interface scanning.
1453 --disable-getifaddrs to override. Glibc currently
1454 has a getifaddrs() that does not support IPv6.
1455 Use --enable-getifaddrs=glibc to force the use of
1456 this version under linux machines.
1458 1446. [func] Implemented undocumented alternate transfer sources
1459 from BIND 8. See use-alt-transfer-source,
1460 alt-transfer-source and alt-transfer-source-v6.
1462 SECURITY: use-alt-transfer-source is ENABLED unless
1463 you are using views. This may cause a security risk
1464 resulting in accidental disclosure of wrong zone
1465 content if the master supplying different source
1466 content based on IP address. If you are not certain
1467 ISC recommends setting use-alt-transfer-source no;
1469 1444. [func] dns_view_findzonecut2() allows you to specify if the
1470 cache should be searched for zone cuts.
1472 1443. [func] Masters lists can now be specified and referenced
1473 in zone masters clauses and other masters lists.
1475 1442. [func] New functions for manipulating port lists:
1476 dns_portlist_create(), dns_portlist_add(),
1477 dns_portlist_remove(), dns_portlist_match(),
1478 dns_portlist_attach() and dns_portlist_detach().
1480 1441. [func] It is now possible to tell dig to bind to a specific
1483 1440. [func] It is now possible to tell named to avoid using
1484 certain source ports (avoid-v4-udp-ports,
1485 avoid-v6-udp-ports).
1487 1438. [func] Log TSIG (if any) when logging NOTIFY requests.
1489 1436. [func] dns_zonemgr_resumexfrs() can be used to restart
1492 1433. [bug] named could trigger a REQUIRE failure if it could
1493 not get a file descriptor when attempting to write
1494 a master file. [RT #4347]
1496 1432. [func] The advertised EDNS UDP buffer size can now be set
1497 via named.conf (edns-udp-size).
1499 1430. [port] linux: IPv6 interface scanning support.
1501 1422. [func] Log name/type/class when denying a query. [RT #4663]
1503 1421. [func] Differentiate updates that don't succeed due to
1504 prerequisites (unsuccessful) vs other reasons
1507 1417. [func] ID.SERVER/CHAOS is now a built in zone.
1508 See "server-id" for how to configure.
1510 1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
1513 1414. [func] Support for KSK flag.
1515 1413. [func] Explicitly request the (re-)generation of DS records
1516 from keysets (dnssec-signzone -g).
1518 1412. [func] You can now specify servers to be tried if a nameserver
1519 has IPv6 address and you only support IPv4 or the
1520 reverse. See dual-stack-servers.
1522 1410. [func] Handle records that live in the parent zone, e.g. DS.
1524 1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
1526 1404. [bug] libbind: ns_name_ntol() could overwrite a zero length
1529 1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset
1530 dnssec-signkey now report their version in the
1533 1402. [cleanup] A6 has been moved to experimental and is no longer
1536 1400. [bug] Block the addition of wildcard NS records by IXFR
1537 or UPDATE. [RT #3502]
1539 1398. [doc] ARM: notify-also should have been also-notify.
1542 1396. [func] dnssec-signzone: adjust the default signing time by
1543 1 hour to allow for clock skew.
1545 1394. [func] It is now possible to check if a particular element is
1546 in a acl. Remove duplicate entries from the localnets
1549 1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
1550 is not available in the kernel to prevent accidently
1551 listening on IPv4 interfaces.
1553 1392. [bug] named-checkzone: update usage.
1555 1391. [func] Add support for IPv6 scoped addresses in named.
1557 1390. [func] host now supports ixfr.
1559 1386. [bug] named-checkzone -z stopped on errors in a zone.
1562 1383. [func] Track the serial number in a IXFR response and log if
1563 a mismatch occurs. This is a more specific error than
1564 "not exact". [RT #3445]
1566 1380. [func] 'rndc recursing' dump recursing queries to
1567 'recursing-file = "named.recursing";'.
1569 1379. [func] 'rndc status' now reports tcp and recursion quota
1572 1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
1574 1377. [func] dns_zone_load{new}() now reports if the zone was
1575 loaded, queued for loading to up to date.
1577 1376. [func] New function dns_zone_logc() to log to specified
1580 1375. [func] 'rndc dumpdb' now dumps the adb cache along with the
1583 1374. [func] dns_adb_dump() now logs the lame zones associated
1586 1371. [bug] notify-source-v6, transfer-source-v6 and
1587 query-source-v6 with explicit addresses and using the
1588 same ports as named was listening on could interfere
1589 with named's ability to answer queries sent to those
1592 1368. [func] remove support for bitstring labels.
1594 1367. [func] Use response times to select forwarders.
1596 1365. [func] "localhost" and "localnets" acls now include IPv6
1597 addresses / prefixes.
1599 1364. [func] Log file name when unable to open memory statistics
1600 and dump database files. [RT# 3437]
1602 1363. [func] Listen-on-v6 now supports specific addresses.
1604 1362. [bug] remove IFF_RUNNING test when scanning interfaces.
1606 1361. [func] log the reason for rejecting a server when resolving
1609 1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
1611 1344. [func] Log if the serial number on the master has gone
1613 If you have multiple machines specified in the masters
1614 clause you may want to set 'multi-master yes;' to
1615 suppress this warning.
1617 1343. [func] Log successful notifies received (info). Adjust log
1618 level for failed notifies to notice.
1620 1342. [func] Log remote address with TCP dispatch failures.
1622 1341. [func] Allow a rate limiter to be stalled.
1624 1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
1625 lookups. Bit string lookups are no longer attempted.
1627 1336. [func] Nibble lookups under IP6.ARPA are now supported by
1628 dns_byaddr_create(). dns_byaddr_createptrname() is
1629 deprecated, use dns_byaddr_createptrname2() instead.
1631 1332. [func] Report the current serial with periodic commits when
1632 rolling forward the journal.
1634 1331. [func] Generate DNSSEC wildcard proofs.
1636 1329. [func] named-checkzone will now check if nameservers that
1637 appear to be IP addresses. Available modes "fail",
1638 "warn" (default) and "ignore" the results of the
1641 1328. [bug] The validator could incorrectly verify an invalid
1644 1322. [bug] dnssec-signzone usage message was misleading.
1646 1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
1647 would incorrectly duplicate its output and sign it.
1649 1313. [func] Query log now says if the query was signed (S) or
1650 if EDNS was used (E).
1652 1312. [func] Log TSIG key used w/ outgoing zone transfers.
1654 1309. [func] Log that a zone transfer was covered by a TSIG.
1656 1308. [func] DS (delegation signer) support.
1658 1304. [func] New function: dns_zone_name().
1660 1303. [func] Option 'flush-zones-on-shutdown <boolean>;'.
1662 1302. [func] Extended rndc dumpdb to support dumping of zones and
1663 view selection: 'dumpdb [-all|-zones|-cache] [view]'.
1665 1301. [func] New category 'update-security'.
1667 1300. [port] Compaq Trucluster support.
1669 1293. [func] Entropy can now be retrieved from EGDs. [RT #2438]
1671 1292. [func] Enable IPv6 support when using ioctl style interface
1672 scanning and OS supports SIOCGLIFADDR using struct
1675 1291. [func] Enable IPv6 support when using sysctl style interface
1678 1290. [func] "dig axfr" now reports the number of messages
1679 as well as the number of records.
1681 1285. [func] lwres: probe the system to see what address families
1682 are currently in use.
1684 1283. [func] Use "dataready" accept filter if available.
1686 1281. [func] Log zone when unable to get private keys to update
1687 zone. Log zone when NXT records are missing from
1690 1278. [func] dig: now supports +[no]cl +[no]ttlid.
1692 1277. [func] You can now create your own customized printing
1693 styles: dns_master_stylecreate() and
1694 dns_master_styledestroy().
1696 1271. [bug] "recursion available: {denied,approved}" was too
1699 1267. [func] isc_file_openunique() now creates file using mode
1700 0666 rather than 0600.
1702 1254. [func] preferred-glue option from BIND 8.3.
1704 1250. [func] Nsupdate will report the address the update was
1707 1247. [bug] Don't reset the interface index for link/site local
1708 addresses. [RT #2576]
1710 1246. [func] New functions isc_sockaddr_issitelocal(),
1711 isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
1712 and isc_netaddr_islinklocal().
1714 1243. [bug] It was possible to trigger a REQUIRE() in
1715 dns_message_findtype(). [RT #2659]
1717 1235. [func] Report 'out of memory' errors from openssl.
1719 1234. [bug] contrib/sdb: 'zonetodb' failed to call
1720 dns_result_register(). DNS_R_SEENINCLUDE should not
1723 1233. [bug] The flags field of a KEY record can be expressed in
1724 hex as well as decimal.
1726 1226. [func] Use EDNS for zone refresh queries. [RT #2551]
1728 1225. [func] dns_message_setopt() no longer requires that
1729 dns_message_renderbegin() to have been called.
1731 1224. [bug] 'rrset-order' and 'sortlist' should be additive
1734 1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
1737 1220. [func] Support for APL rdata type.
1739 1219. [func] Named now reports the TSIG extended error code when
1740 signature verification fails. [RT #1651]
1742 1217. [func] Report locations of previous key definition when a
1743 duplicate is detected.
1745 1213. [func] Report view associated with client if it is not a
1746 standard view (_default or _bind).
1748 1203. [func] Report locations of previous acl and zone definitions
1749 when a duplicate is detected.
1751 1202. [func] New functions: cfg_obj_line() and cfg_obj_file().
1753 1192. [bug] The seconds fields in LOC records were restricted
1754 to three decimal places. More decimal places should
1755 be allowed but warned about.
1757 1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands.
1760 1187. [bug] named was incorrectly returning DNSSEC records
1761 in negative responses when the DO bit was not set.
1763 1181. [func] Add the "key-directory" configuration statement,
1764 which allows the server to look for online signing
1765 keys in alternate directories.
1767 1180. [func] dnssec-keygen should always generate keys with
1768 protocol 3 (DNSSEC), since it's less confusing
1771 1179. [func] Add SIG(0) support to nsupdate.
1773 1177. [func] Report view when loading zones if it is not a
1774 standard view (_default or _bind). [RT #2270]
1776 1171. [func] Added function isc_region_compare(), updated files in
1777 lib/dns to use this function instead of local one.
1779 1169. [func] Identify recursive queries in the query log.
1781 1163. [func] isc_time_formattimestamp() now includes the year.
1783 1159. [bug] MD and MF are not permitted to be loaded by RFC1123.
1785 1158. [func] Report the client's address when logging notify
1788 1157. [func] match-clients and match-destinations now accept
1791 1155. [func] Recover from master files being removed from under
1794 1153. [func] 'rndc {stop|halt} -p' now reports the process id
1795 of the instance of named being shutdown.
1797 1151. [bug] nslookup failed to check that the arguments to
1798 the port, timeout, and retry options were
1799 valid integers and in range. [RT #2099]
1801 1150. [bug] named incorrectly accepted TTL values
1802 containing plus or minus signs, such as
1805 1149. [func] New function isc_parse_uint32().
1807 1148. [func] 'rndc-confgen -a' now provides positive feedback.
1809 1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by
1810 the OS. listen-on-v6 { any; }; should no longer
1811 result in IPv4 queries be accepted. Similarly
1812 control { inet :: ... }; should no longer result
1813 in IPv4 connections being accepted. This can be
1814 overridden at compile time by defining
1817 1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
1818 supported by the OS by a new function
1819 isc_socket_ipv6only().
1821 1145. [func] "host" no longer reports a NOERROR/NODATA response
1822 by printing nothing. [RT #2065]
1824 1143. [bug] When a trusted-keys statement was present and named
1825 was built without crypto support, it would leak memory.
1827 1139. [func] It is now possible to flush a given name from the
1828 cache(s) via 'rndc flushname name [view]'. [RT #2051]
1830 1138. [func] It is now possible to flush a given name from the
1831 cache by calling the new function
1832 dns_cache_flushname().
1834 1137. [func] It is now possible to flush a given name from the
1835 ADB by calling the new function dns_adb_flushname().
1837 1135. [func] You can now override the default syslog() facility for
1838 named/lwresd at compile time. [RT #1982]
1840 1132. [func] Improve UPDATE prerequisite failure diagnostic messages.
1842 1128. [func] sdb drivers can now provide RR data in either text
1843 or wire format, the latter using the new functions
1844 dns_sdb_putrdata() and dns_sdb_putnamedrdata().
1846 1127. [func] rndc: If the server to contact has multiple addresses,
1849 1119. [func] Added support in Win32 for NTFS file/directory ACL's
1852 1115. [func] Set maximum values for cleaning-interval,
1853 heartbeat-interval, interface-interval,
1854 max-transfer-idle-in, max-transfer-idle-out,
1855 max-transfer-time-in, max-transfer-time-out,
1856 statistics-interval of 28 days and
1857 sig-validity-interval of 3660 days. [RT #2002]
1859 1110. [bug] dig should only accept valid abbreviations of +options.
1862 1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
1864 1080. [bug] BIND 8 compatibility: accept bare IP prefixes
1865 as the second element of a two-element top level
1866 sort list statement. [RT #1964]
1868 1079. [bug] BIND 8 compatibility: accept bare elements at top
1869 level of sort list treating them as if they were
1870 a single element list. [RT #1963]
1872 1077. [func] Do not accept further recursive clients when
1873 the total number of recursive lookups being
1874 processed exceeds max-recursive-clients, even
1875 if some of the lookups are internally generated.
1878 1073. [bug] The ADB cache cleaning should also be space driven.
1881 1067. [func] Allow quotas to be soft, isc_quota_soft().
1883 1065. [func] Runtime support to select new / old style interface
1884 scanning using ioctls.
1886 1060. [func] Move refresh, stub and notify UDP retry processing
1889 1059. [func] dns_request now support will now retry UDP queries,
1890 dns_request_createvia2() and dns_request_createraw2().
1892 1058. [func] Limited lifetime ticker timers are now available,
1893 isc_timertype_limited.
1895 1055. [func] Version and hostname queries can now be disabled
1896 using "version none;" and "hostname none;",
1899 1049. [func] "pid-file none;" will disable writing a pid file.
1902 1037. [bug] Negative responses whose authority section contain
1903 SOA or NS records whose owner names are not equal
1904 equal to or parents of the query name should be
1905 rejected. [RT #1862]
1907 1036. [func] Silently drop requests received via multicast as
1908 long as there is no final multicast DNS standard.
1910 1035. [bug] If we respond to multicast queries (which we
1911 currently do not), respond from a unicast address
1912 as specified in RFC 1123. [RT #137]
1914 1034. [bug] Ignore the RD bit on multicast queries as specified
1915 in RFC 1123. [RT #137]
1917 1032. [func] hostname.bind/txt/chaos now returns the name of
1918 the machine hosting the nameserver. This is useful
1919 in diagnosing problems with anycast servers.
1921 1025. [bug] Don't use multicast addresses to resolve iterative
1924 1024. [port] Compilation failed on HP-UX 11.11 due to
1925 incompatible use of the SIOCGLIFCONF macro
1928 1023. [func] Accept hints without TTLs.
1930 1011. [cleanup] Removed isc_dir_current().
1932 1009. [port] OpenUNIX 8 support. [RT #1728]
1934 1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2.
1936 1007. [port] config.guess, config.sub from autoconf-2.52.
1938 1003. [func] Add the +retry option to dig.
1940 999. [func] "rndc retransfer zone [class [view]]" added.
1943 998. [func] named-checkzone now has arguments to specify the
1944 chroot directory (-t) and working directory (-w).
1947 997. [func] Add support for RSA-SHA1 keys (RFC3110).
1949 996. [func] Issue warning if the configuration filename contains
1952 994. [func] Treat non-authoritative responses to queries for type
1953 NS as referrals even if the NS records are in the
1954 answer section, because BIND 8 servers incorrectly
1955 send them that way. This is necessary for DNSSEC
1956 validation of the NS records of a secure zone to
1957 succeed when the parent is a BIND 8 server. [RT #1706]
1959 993. [func] dig: -v now reports the version.
1961 991. [func] Lower UDP refresh timeout messages to level
1964 985. [func] Consider network interfaces to be up iff they have
1965 a nonzero IP address rather than based on the
1966 IFF_UP flag. [RT #1160]
1968 983. [func] The server now supports generating IXFR difference
1969 sequences for non-dynamic zones by comparing zone
1970 versions, when enabled using the new config
1971 option "ixfr-from-differences". [RT #1727]
1973 982. [func] If "memstatistics-file" is set in options the memory
1974 statistics will be written to it.
1976 981. [func] The dnssec tools can now take multiple '-r randomfile'
1979 979. [func] Incremental master file dumping. dns_master_dumpinc(),
1980 dns_master_dumptostreaminc(), dns_dumpctx_attach(),
1981 dns_dumpctx_detach(), dns_dumpctx_cancel(),
1982 dns_dumpctx_db() and dns_dumpctx_version().
1984 976. [func] named-checkconf can now test load master zones
1985 (named-checkconf -z). [RT #1468]
1987 970. [func] 'max-journal-size' can now be used to set a target
1990 969. [func] dig now supports the undocumented dig 8 feature
1991 of allowing arbitrary labels, not just dotted
1992 decimal quads, with the -x option. This can be
1993 used to conveniently look up RFC2317 names as in
1994 "dig -x 10.0.0.0-127". [RT #827, #1576, #1598]
1996 --- 9.2.3rc1 released ---
1998 1499. [bug] isc_random need to be seeded better if arc4random()
2001 1498. [port] bsdos: 5.x support.
2003 1497. [protocol] dig, nslookup and host now perform nibble lookups
2004 under IP6.ARPA, use -i for IP6.INT (dig and host).
2005 lwres now uses IP6.ARPA.
2007 1496. [port] test for pthread_attr_setstacksize().
2009 1495. [cleanup] Replace hash functions with universal hash.
2011 1494. [security] Turn on RSA BLINDING as a precaution.
2013 1493. [doc] A6 and "bitstring" labels are now experimental.
2015 1492. [cleanup] Preserve rwlock quota context when upgrading /
2016 downgrading. [RT #5599]
2018 1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
2021 1490. [bug] Accept reading state as well as working state in
2022 ns_client_next(). [RT #6813]
2024 1489. [compat] Treat 'allow-update' on slave zones as a warning.
2027 1488. [bug] Don't override trust levels for glue addresses.
2030 1487. [bug] A REQUIRE() failure could be triggered if a zone was
2031 queued for transfer and the zone was then removed.
2034 1486. [bug] isc_print_snprintf() '%%' consumed one too many format
2035 characters. [RT# 8230]
2037 1485. [bug] gen failed to handle high type values. [RT #6225]
2039 1484. [bug] The number of records reported after a AXFR was wrong.
2042 1483. [bug] dig axfr failed if the message id in the answer failed
2043 to match that in the request. Only the id in the first
2044 message is required to match. [RT #8138]
2046 1482. [bug] named could fail to start if the kernel supports
2047 IPv6 but no interfaces are configured. Similarly
2048 for IPv4. [RT #6229]
2050 1481. [bug] Refresh and stub queries failed to use masters keys
2051 if specified. [RT #7391]
2053 1480. [bug] Provide replay protection for rndc commands. Full
2054 replay protection requires both rndc and named to
2055 be updated. Partial replay protection (limited
2056 exposure after restart) is provided if just named
2059 1479. [bug] cfg_create_tuple() failed to handle out of
2060 memory cleanup. parse_list() would leak memory
2063 1478. [port] ifconfig.sh didn't account for other virtual
2064 interfaces. It now takes a optional argument
2065 to specify the first interface number. [RT #3907]
2067 1477. [bug] memory leak using stub zones and TSIG.
2069 1476. [port] win32: port unreachables were blocking further i/o
2070 on sockets (Windows 2000 SP2 and later).
2072 1473. [bug] create_map() and create_string() failed to handle out
2073 of memory cleanup. [RT #6813]
2075 1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
2077 1471. [bug] libbind: updated to BIND 8.4.0.
2079 1470. [bug] Incorrect length passed to snprintf. [RT #5966]
2081 1466. [bug] lwresd configuration errors resulted in memory
2082 and lock leaks. [RT #5228]
2084 1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
2085 failed to check that trailing bits were zero allowing
2086 some invalid base64 strings to be accepted. [RT #5397]
2088 1464. [bug] Preserve "out of zone" data for outgoing zone
2089 transfers. [RT #5192]
2091 1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
2092 NXT bit maps. [RT #5577]
2094 1462. [bug] parse_sizeval() failed to check the token type.
2097 1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
2099 1460. [bug] inet_pton() failed to reject certain malformed
2102 1459. [bug] win32: we were leaking a bits in the exception
2103 fd_set resulting in "Socket operation on non-socket"
2104 errors from select(). [RT #2966]
2106 1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
2108 1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
2110 1452. [bug] Bad #ifdef, ISC_RFC2335 -> ISC_RFC2535.
2112 1451. [bug] rndc-confgen didn't exit with a error code for all
2113 failures. [RT #5209]
2115 1450. [bug] Fetching expired glue failed under certain
2116 circumstances. [RT #5124]
2118 1449. [bug] query_addbestns() didn't handle running out of memory
2121 1448. [bug] Handle empty wildcards labels.
2123 1447. [bug] We were casting (unsigned int) to and from (void *).
2124 rdataset->private4 is now rdataset->privateuint4
2125 to reflect a type change.
2127 1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
2128 been replaced with DNS_ADBFIND_STARTATZONE which
2129 causes the search to start using the closest zone.
2131 1439. [bug] Named could return NOERROR with certain NOTIFY
2132 failures. Return NOTAUTH if the NOTIFY zone is
2135 1435. [bug] zmgr_resume_xfrs() was being called read locked
2136 rather than write locked. zmgr_resume_xfrs()
2137 was not being called if the zone was being
2140 1437. [bug] Leave space for stdio to work in. [RT #5033]
2142 1434. [bug] "rndc reconfig" failed to initiate the initial
2143 zone transfer of new slave zones.
2145 1431. [bug] isc_print_snprintf() "%s" with precision could walk off
2146 end of argument. [RT #5191]
2148 1429. [bug] Prevent the cache getting locked to old servers.
2150 1424. [bug] EDNS version not being correctly printed.
2152 1423. [contrib] queryperf: added A6 and SRV.
2154 1420. [port] solaris: work around gcc optimizer bug.
2156 1419. [port] openbsd: use /dev/arandom. [RT #4950]
2158 1418. [bug] 'rndc reconfig' did not cause new slaves to load.
2160 1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
2163 1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
2165 1408. [bug] "make distclean" was not complete. [RT #4700]
2167 1407. [bug] lfsr incorrectly implements the shift register.
2170 1406. [bug] dispatch initializes one of the LFSR's with a incorrect
2171 polynomial. [RT #4617]
2173 1405. [func] Use arc4random() if available.
2175 1401. [bug] adb wasn't clearing state when the timer expired.
2177 1399. [bug] Use serial number arithmetic when testing SIG
2178 timestamps. [RT #4268]
2180 1397. [bug] J.ROOT-SERVERS.NET is now 192.58.128.30.
2182 1389. [bug] named could fail to rotate long log files. [RT #3666]
2184 1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
2185 defining HAVE_IFLIST_SYSCTL. [RT #3770]
2187 1387. [bug] named could crash due to an access to invalid memory
2188 space (which caused an assertion failure) in
2189 incremental cleaning. [RT #3588]
2191 1385. [bug] Setting serial-query-rate to 10 would trigger a
2194 1384. [bug] host was incompatible with BIND 8 in its exit code and
2195 in the output with the -l option. [RT #3536]
2197 1373. [bug] Recovery from expired glue failed under certain
2200 1372. [bug] named crashes with an assertion failure on exit when
2201 sharing the same port for listening and querying, and
2202 changing listening addresses several times. [RT# 3509]
2204 1370. [bug] dig '+[no]recurse' was incorrectly documented.
2206 1369. [bug] Adding an NS record as the lexicographically last
2207 record in a secure zone didn't work.
2209 1366. [contrib] queryperf usage was incomplete. Add '-h' for help.
2211 1348. [port] win32: Rewrote code to use I/O Completion Ports
2212 in socket.c and eliminating a host of socket
2213 errors. Performance is enhanced.
2215 1333. [contrib] queryperf now reports a summary of returned
2216 rcodes (-c), rcodes are printed in mnemonic form (-v).
2218 1299. [bug] Set AI_ADDRCONFIG when looking up addresses
2219 via getaddrinfo() (affects dig, host, nslookup, rndc
2222 1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
2225 1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
2228 992. [doc] dig: ~/.digrc is now documented.
2230 --- 9.2.2 released ---
2232 1428. [port] hpux: temporary work around of hpux 11.11 interface
2235 1427. [bug] Race condition in adb with threaded build.
2237 1426. [cleanup] Disable RFC2535 style DNSSEC. This is incompatible
2238 with the forthcoming DS style DNSSEC.
2240 1425. [port] linux/libbind: define __USE_MISC when testing *_r()
2241 function prototypes in netdb.h. [RT #4921]
2243 1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
2244 have a working implementation. [RT #4079]
2246 1382. [bug] make install failed with --enable-libbind. [RT #3656]
2248 1381. [bug] named failed to correctly process answers that
2249 contained DNAME records where the resulting CNAME
2250 resulted in a negative answer.
2252 --- 9.2.2rc1 released ---
2254 1360. [bug] --enable-libbind would fail when not built in the
2255 source tree for certain OS's.
2257 1359. [security] Support patches OpenSSL libraries.
2258 http://www.cert.org/advisories/CA-2002-23.html
2260 1358. [bug] It was possible to trigger a INSIST when debugging
2261 large dynamic updates. [RT #3390]
2263 1357. [bug] nsupdate was extremely wasteful of memory.
2265 1356. [tuning] Reduce the number of events / quantum for zone tasks.
2267 1354. [doc] lwres man pages had illegal nroff.
2269 1353. [contrib] sdb/ldap to version 0.9.
2271 1352. [bug] dig, host, nslookup when falling back to TCP use the
2272 current search entry (if any). [RT #3374]
2274 1351. [bug] lwres_getipnodebyname() returned the wrong name
2275 when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
2278 1350. [bug] dns_name_fromtext() failed to handle too many labels
2281 1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
2282 http://www.cert.org/advisories/CA-2002-23.html
2284 1346. [bug] Win32: select timeout in socket.c was too small
2285 as value given was meant to be milliseconds and
2286 timeval structure requires microseconds. This
2287 caused high CPU loads with a compute bound loop.
2290 1345. [port] Use a explicit -Wformat with gcc. Not all versions
2291 include it in -Wall.
2293 1340. [bug] Delay and spread out the startup refresh load.
2295 1335. [bug] When performing a nonexistence proof, the validator
2296 should discard parent NXTs from higher in the DNS.
2298 1334. [bug] When signing/verifying rdatasets, duplicate rdatas
2299 need to be suppressed.
2301 1330. [bug] When processing events (non-threaded) only allow
2302 the task one chance to use to use its quantum.
2304 1327. [bug] The validator would incorrectly mark data as insecure
2305 when seeing a bogus signature before a correct
2308 1326. [bug] DNAME/CNAME signatures were not being cached when
2309 validation was not being performed. [RT #3284]
2311 1325. [bug] If the tcpquota was exhausted it was possible to
2312 to trigger a INSIST() failure.
2314 1324. [port] darwin: ifconfig.sh now supports darwin.
2316 1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
2318 1320. [doc] query-source-v6 was missing from options section.
2321 1319. [func] libbind: log attempts to exploit #1318.
2323 1318. [bug] libbind: Remote buffer overrun.
2325 1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
2328 1316. [bug] libbind: gethostans() could get out of sync parsing
2329 the response if there was a very long CNAME chain.
2331 1315. [bug] Options should apply to the internal _bind view.
2333 1314. [port] Handle ECONNRESET from sendmsg() [unix].
2335 1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
2337 1310. [bug] 'rndc stop' failed to cause zones to be flushed
2338 sometimes. [RT #3157]
2340 1307. [bug] nsupdate: allow white space base64 key data.
2342 1306. [bug] Badly encoded LOC record when the size, horizontal
2343 precision or vertical precision was 0.1m.
2345 1305. [bug] Document that internal zones are included in the
2346 rndc status results.
2348 1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
2349 could be left with a trailing "\" after configure
2352 1297. [port] linux: make handling EINVAL from socket() no longer
2353 conditional on #ifdef LINUX.
2355 1296. [bug] isc_log_closefilelogs() needed to lock the log
2358 1295. [bug] isc_log_setdebuglevel() needed to lock the log
2361 1294. [func] libbind: no longer attempts bit string labels for
2362 IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
2363 for nibble style resolution.
2365 1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
2367 1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
2368 reflect written requirements.
2370 1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
2371 a rdataset to a zone db in the rbtdb implementation of
2374 1286. [bug] dns_name_downcase() enforce requirement that
2375 target != NULL or name->buffer != NULL.
2377 1284. [bug] The RTT estimate on unused servers was not aged.
2380 1282. [port] libbind: hpux 11.11 interface scanning.
2382 1280. [bug] libbind: escape '(' and ')' when converting to
2385 1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
2387 1276. [bug] libbind: const pointer conflicts in res_debug.c.
2389 1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
2391 1274. [bug] Memory leak in lwres_gnbarequest_parse().
2393 1273. [port] libbind: solaris: 64 bit binary compatibility.
2395 1272. [contrib] Berkeley DB 4.0 sdb implementation from
2396 Nuno Miguel Rodrigues <nmr@co.sapo.pt>.
2398 1270. [bug] Check that system inet_pton() and inet_ntop() support
2401 1269. [port] Openserver: ifconfig.sh support.
2403 1268. [port] Openserver: the value FD_SETSIZE depends on whether
2404 <sys/param.h> is included or not. Be consistent.
2406 1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
2407 __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
2408 are not C++ compatible, use *_TYPE versions instead.
2410 1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
2411 C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
2413 1263. [bug] Reference after free error if dns_dispatchmgr_create()
2416 1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
2418 1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
2419 support for compressed TSIG owner names.
2421 1260. [func] libbind: res_update can now update IPv6 servers,
2422 new function res_findzonecut2().
2424 1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
2427 1258. [bug] libbind: res_nametotype() and res_nametoclass() were
2430 1257. [bug] Failure to write pid-file should not be fatal on
2433 1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
2435 1255. [bug] When verifying that an NXT proves nonexistence, check
2436 the rcode of the message and only do the matching NXT
2437 check. That is, for NXDOMAIN responses, check that
2438 the name is in the range between the NXT owner and
2439 next name, and for NOERROR NODATA responses, check
2440 that the type is not present in the NXT bitmap.
2442 1253. [bug] The dnssec system test failed to remove the correct
2445 1252. [bug] Dig, host and nslookup were not checking the address
2446 the answer was coming from against the address it was
2449 1248. [bug] DESTDIR was not being propagated between makes.
2451 1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
2454 1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
2456 1241. [bug] Drop received UDP messages with a zero source port
2457 as these are invariably forged. [RT #2621]
2459 1209. [bug] Dig, host, nslookup were not checking the message ids
2460 on the responses. [RT #2454]
2462 1097. [func] libbind: RES_PRF_TRUNC for dig.
2464 1096. [func] libbind: "DNSSEC OK" (DO) support.
2466 1095. [func] libbind: resolver option: no-tld-query. disables
2467 trying unqualified as a tld. no_tld_query is also
2468 supported for FreeBSD compatibility.
2470 1094. [func] libbind: add support gcc's format string checking.
2472 1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
2475 --- 9.2.1 released ---
2477 1251. [port] win32: a make file contained absolute version specific
2480 1249. [bug] Missing masters clause was not handled gracefully.
2483 1244. [bug] Receiving a TCP message from a blackhole address would
2484 prevent further messages being received over that
2487 1178. [bug] Follow and cache (if appropriate) A6 and other
2488 data chains to completion in the additional section.
2490 --- 9.2.1rc2 released ---
2492 1240. [bug] It was possible to leak zone references by
2493 specifying an incorrect zone to rndc.
2495 1239. [bug] Under certain circumstances named could continue to
2496 use a name after it had been freed triggering
2497 INSIST() failures. [RT #2614]
2499 1238. [bug] It is possible to lockup the server when shutting down
2500 if notifies were being processed. [RT #2591]
2502 1237. [bug] nslookup: "set q=type" failed.
2504 1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
2505 NULL terminated text regions. [RT #2588]
2507 1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
2509 1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
2511 1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
2513 1229. [bug] named would crash if it received a TSIG signed
2514 query as part of an AXFR response. [RT #2570]
2516 1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
2518 1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
2519 if a number was expected and some other token was
2522 1222. [bug] Specifying 'port *' did not always result in a system
2523 selected (non-reserved) port being used. [RT #2537]
2525 1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
2526 compared case insensitively. [RT #2542]
2528 1218. [bug] Named incorrectly returned SERVFAIL rather than
2529 NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
2531 1216. [bug] Multiple server clauses for the same server were not
2532 reported. [RT #2514]
2534 1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
2536 1214. [bug] Win32: isc_file_renameunique() could leave zero length
2539 1212. [port] libbind: 64k answer buffers were causing stack space
2540 to be exceeded for certain OS. Use heap space instead.
2542 1211. [bug] dns_name_fromtext() incorrectly handled certain
2543 valid octal bitlabels. [RT #2483]
2545 1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
2546 compatible addresses. [RT #2461]
2548 1208. [bug] dns_master_load*() failed to log a error message if
2549 an error was detected when parsing the ownername of
2550 a record. [RT #2448]
2552 --- 9.2.1rc1 released ---
2554 1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
2557 1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
2558 trigger a non-EDNS retry.
2560 1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
2561 of the message. [RT #2449]
2563 1204. [bug] libbind: res_nupdate() failed to update the name
2564 server addresses before sending the update.
2566 1201. [bug] Require that if 'callbacks' is passed to
2567 dns_rdata_fromtext(), callbacks->error and
2568 callbacks->warn are initialized.
2570 1200. [bug] Log 'errno' that we are unable to convert to
2571 isc_result_t. [RT #2404]
2573 1198. [bug] OPT printing style was not consistent with the way the
2574 header fields are printed. The DO bit was not reported
2575 if set. Report if any of the MBZ bits are set.
2577 1197. [bug] Attempts to define the same acl multiple times were not
2580 1196. [contrib] update mdnkit to 2.2.3.
2582 1195. [bug] Attempts to redefine builtin acls should be caught.
2585 1194. [bug] Not all duplicate zone definitions were being detected
2586 at the named.conf checking stage. [RT #2431]
2588 1193. [bug] Best effort parsing didn't handle packet truncation.
2590 1191. [bug] A dynamic update removing the last non-apex name in
2591 a secure zone would fail. [RT #2399]
2593 1189. [bug] On some systems, malloc(0) returns NULL, which
2594 could cause the caller to report an out of memory
2597 1188. [bug] Dynamic updates of a signed zone would fail if
2598 some of the zone private keys were unavailable.
2600 1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
2601 EOL token when reading to end of line.
2603 1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
2604 unless RES_INIT is set when calling res_*init().
2606 1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
2607 when res_*init() is called.
2609 1183. [bug] Handle ENOSR error when writing to the internal
2610 control pipe. [RT #2395]
2612 1182. [bug] The server could throw an assertion failure when
2613 constructing a negative response packet.
2615 1176. [doc] Document that allow-v6-synthesis is only performed
2616 for clients that are supplied recursive service.
2619 1175. [bug] named-checkzone failed to call dns_result_register()
2620 at startup which could result in runtime
2621 exceptions when printing "out of memory" errors.
2624 1174. [bug] Win32: add WSAECONNRESET to the expected errors
2625 from connect(). [RT #2308]
2627 1173. [bug] Potential memory leaks in isc_log_create() and
2628 isc_log_settag(). [RT #2336]
2630 1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
2631 table of RR types in ARM.
2633 1170. [bug] Don't attempt to print the token when a I/O error
2634 occurs when parsing named.conf. [RT #2275]
2636 1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
2638 1167. [contrib] nslint-2.1a3 (from author).
2640 1166. [bug] "Not Implemented" should be reported as NOTIMP,
2641 not NOTIMPL. [RT #2281]
2643 1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
2645 1164. [bug] Empty masters clauses in slave / stub zones were not
2646 handled gracefully. [RT #2262]
2648 1162. [bug] The allow-notify option was not accepted in slave
2651 1161. [bug] named-checkzone looped on unbalanced brackets.
2654 1160. [bug] Generating Diffie-Hellman keys longer than 1024
2655 bits could fail. [RT #2241]
2657 1156. [port] The configure test for strsep() incorrectly
2658 succeeded on certain patched versions of
2659 AIX 4.3.3. [RT #2190]
2661 1154. [bug] Don't attempt to obtain the netmask of a interface
2662 if there is no address configured. [RT #2176]
2664 1152. [bug] libbind: read buffer overflows.
2666 1144. [bug] rndc-confgen would crash if both the -a and -t
2667 options were specified. [RT #2159]
2669 1142. [bug] dnssec-signzone would fail to delete temporary files
2670 in some failure cases. [RT #2144]
2672 1141. [bug] When named rejected a control message, it would
2673 leak a file descriptor and memory. It would also
2674 fail to respond, causing rndc to hang.
2677 1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
2678 to the -s option. [RT #2138]
2680 1136. [bug] CNAME records synthesized from DNAMEs did not
2681 have a TTL of zero as required by RFC2672.
2684 1125. [bug] rndc: -k option was missing from usage message.
2687 1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
2688 are now documented. [RT #2052]
2690 1123. [bug] dig +[no]fail did not match description. [RT #2052]
2692 1109. [bug] nsupdate accepted illegal ttl values.
2694 1108. [bug] On Win32, rndc was hanging when named was not running
2695 due to failure to select for exceptional conditions
2696 in select(). [RT #1870]
2698 1081. [bug] Multicast queries were incorrectly identified
2699 based on the source address, not the destination
2702 1072. [bug] The TCP client quota could be exceeded when
2703 recursion occurred. [RT #1937]
2705 1071. [bug] Sockets listening for TCP DNS connections
2706 specified an excessive listen backlog. [RT #1937]
2708 1070. [bug] Copy DNSSEC OK (DO) to response as specified by
2709 draft-ietf-dnsext-dnssec-okbit-03.txt.
2711 1014. [bug] Some queries would cause statistics counters to
2712 increment more than once or not at all. [RT #1321]
2714 1012. [bug] The -p option to named did not behave as documented.
2716 988. [bug] 'additional-from-auth no;' did not work reliably
2717 in the case of queries answered from the cache.
2720 995. [bug] dig, host, nslookup: using a raw IPv6 address as a
2721 target address should be fatal on a IPv4 only system.
2723 --- 9.2.0 released ---
2725 1134. [bug] Multi-threaded servers could deadlock in ferror()
2726 when reloading zone files. [RT #1951, #1998]
2728 1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on
2729 platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]
2731 --- 9.2.0rc10 released ---
2733 1131. [bug] The match-destinations view option did not work with
2734 IPv6 destinations. [RT #2073, #2074]
2736 1130. [bug] Log messages reporting an out-of-range serial number
2737 did not include the out-of-range number but the
2738 following token. [RT #2076]
2740 1129. [bug] Multi-threaded servers could crash under heavy
2741 resolution load due to a race condition. [RT #2018]
2743 1126. [bug] The server could access a freed event if shut
2744 down while a client start event was pending
2745 delivery. [RT #2061]
2747 1121. [bug] The server could attempt to access a NULL zone
2748 table if shut down while resolving.
2751 1120. [bug] Errors in options were not fatal. [RT #2002]
2753 1118. [bug] On multi-threaded servers, a race condition
2754 could cause an assertion failure in resolver.c
2755 during resolver shutdown. [RT #2029]
2757 1117. [port] The configure check for in6addr_loopback incorrectly
2758 succeeded on AIX 4.3 when compiling with -O2
2759 because the test code was optimized away.
2762 1116. [bug] Setting transfers in a server clause, transfers-in,
2763 or transfers-per-ns to a value greater than
2764 2147483647 disabled transfers. [RT #2002]
2766 1114. [port] Ignore more accept() errors. [RT #2021]
2768 1113. [bug] The allow-update-forwarding option was ignored
2769 when specified in a view. [RT #2014]
2771 1111. [bug] Multi-threaded servers could deadlock processing
2772 recursive queries due to a locking hierarchy
2773 violation in adb.c. [RT #2017]
2775 --- 9.2.0rc9 released ---
2777 1107. [bug] nsupdate could catch an assertion failure if an
2778 invalid domain name was given as the argument to
2781 1106. [bug] After seeing an out of range TTL, nsupdate would
2782 treat all TTLs as out of range. [RT #2001]
2784 1104. [bug] Invalid arguments to the transfer-format option
2785 could cause an assertion failure. [RT #1995]
2787 1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
2789 1102. [doc] Note that query logging is enabled by directing the
2790 queries category to a channel.
2792 1101. [bug] Array bounds read error in lwres_gai_strerror.
2794 1100. [bug] libbind: DNSSEC key ids were computed incorrectly.
2796 1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
2797 compile time errors.
2799 1098. [bug] libbind: HMAC-MD5 key files are now mode 0600.
2801 1093. [doc] libbind: miscellaneous nroff fixes.
2803 1092. [bug] libbind: get*by*() failed to check if res_init() had
2806 1091. [bug] libbind: misplaced va_end().
2808 1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
2809 the amount of memory consumed resulting in garbage
2810 address being returned. Alignment calculations were
2811 wasting space. We weren't suppressing duplicate
2814 1088. [port] libbind: MPE/iX C.70 (incomplete)
2816 1087. [bug] libbind: struct __res_state too large on 64 bit arch.
2818 1086. [port] libbind: sunos: old sprintf.
2820 1085. [port] libbind: solaris: sys_nerr and sys_errlist do not
2821 exist when compiling in 64 bit mode.
2823 1084. [cleanup] libbind: gai_strerror() rewritten.
2825 1083. [bug] The default control channel listened on the
2826 wildcard address, not the loopback as documented.
2829 1082. [bug] The -g option to named incorrectly caused logging
2830 to be sent to syslog in addition to stderr.
2833 1078. [bug] We failed to correct bad tv_usec values in one case.
2836 1076. [bug] A badly defined global key could trigger an assertion
2837 on load/reload if views were used. [RT #1947]
2839 1075. [bug] Out-of-range network prefix lengths were not
2840 reported. [RT #1954]
2842 1074. [bug] Running out of memory in dump_rdataset() could
2843 cause an assertion failure. [RT #1946]
2845 --- 9.2.0rc8 released ---
2847 1068. [bug] errno could be overwritten by catgets(). [RT #1921]
2849 1066. [bug] Provide a thread safe wrapper for strerror().
2852 1064. [bug] Do not shut down active network interfaces if we
2853 are unable to scan the interface list. [RT #1921]
2855 1063. [bug] libbind: "make install" was failing on IRIX.
2858 1062. [bug] If the control channel listener socket was shut
2859 down before server exit, the listener object could
2860 be freed twice. [RT #1916]
2862 1061. [bug] If periodic cache cleaning happened to start
2863 while cleaning due to reaching the configured
2864 maximum cache size was in progress, the server
2865 could catch an assertion failure. [RT #1912]
2867 1057. [bug] Reloading the server after adding a "file" clause
2868 to a zone statement could cause the server to
2869 crash due to a typo in change 1016.
2871 1056. [bug] Rndc could catch an assertion failure on SIGINT due
2872 to an uninitialized variable. [RT #1908]
2874 --- 9.2.0rc7 released ---
2876 1054. [bug] On Win32, cfg_categories and cfg_modules need to be
2877 exported from the libisccfg DLL.
2879 1053. [bug] Dig did not increase its timeout when receiving
2880 AXFRs unless the +time option was used. [RT #1904]
2882 1052. [bug] Journals were not being created in binary mode
2883 resulting in "journal format not recognized" error
2884 under Win32. [RT #1889]
2886 1051. [bug] Do not ignore a network interface completely just
2887 because it has a noncontiguous netmask. Instead,
2888 omit it from the localnets ACL and issue a warning.
2891 1050. [bug] Log messages reporting malformed IP addresses in
2892 address lists such as that of the forwarders option
2893 failed to include the correct error code, file
2894 name, and line number. [RT #1890]
2896 1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
2899 1047. [bug] named was incorrectly refusing all requests signed
2900 with a TSIG key derived from an unsigned TKEY
2901 negotiation with a NOERROR response. [RT #1886]
2903 1046. [bug] The help message for the --with-openssl configure
2904 option was inaccurate. [RT #1880]
2906 1045. [bug] It was possible to skip saving glue for a nameserver
2909 1044. [bug] Specifying allow-transfer, notify-source, or
2910 notify-source-v6 in a stub zone was not treated
2913 1043. [bug] Specifying a transfer-source or transfer-source-v6
2914 option in the zone statement for a master zone was
2915 not treated as an error. [RT #1876]
2917 1042. [bug] The "config" logging category did not work properly.
2920 1041. [bug] Dig/host/nslookup could catch an assertion failure
2921 on SIGINT due to an uninitialized variable. [RT #1867]
2923 1040. [bug] Multiple listen-on-v6 options with different ports
2924 were not accepted. [RT #1875]
2926 1039. [bug] Negative responses with CNAMEs in the answer section
2927 were cached incorrectly. [RT #1862]
2929 1038. [bug] In servers configured with a tkey-domain option,
2930 TKEY queries with an owner name other than the root
2931 could cause an assertion failure. [RT #1866, #1869]
2933 1033. [bug] Always respond to requests with an unsupported opcode
2934 with NOTIMP, even if we don't have a matching view
2935 or cannot determine the class.
2937 --- 9.2.0rc6 released ---
2939 1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
2942 1030. [bug] On systems with no resolv.conf file, nsupdate
2943 exited with an error rather than defaulting
2944 to using the loopback address. [RT #1836]
2946 1029. [bug] Some named.conf errors did not cause the loading
2947 of the configuration file to return a failure
2948 status even though they were logged. [RT #1847]
2950 1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf
2951 in the wrong directory. [RT #1833]
2953 1027. [bug] RRs having the reserved type 0 should be rejected.
2956 1026. [port] Recognize OpenUNIX 8 in config.guess. [RT #1830]
2958 1022. [bug] Don't report empty root hints as "extra data".
2961 --- 9.2.0rc5 released ---
2963 1021. [bug] On Win32, log message timestamps were one month
2964 later than they should have been, and the server
2965 would exhibit unspecified behavior in December.
2967 1020. [bug] IXFR log messages did not distinguish between
2968 true IXFRs, AXFR-style IXFRs, and mere version
2971 1019. [bug] The value of the lame-ttl option was limited to 18000
2972 seconds, not 1800 seconds as documented. [RT #1803]
2974 1018. [bug] The default log channel was not always initialized
2975 correctly. [RT #1813]
2977 1017. [bug] When specifying TSIG keys to dig and nsupdate using
2978 the -k option, they must be HMAC-MD5 keys. [RT #1810]
2980 1016. [bug] Slave zones with no backup file were re-transferred
2981 on every server reload.
2983 1015. [bug] Log channels that had a "versions" option but no
2984 "size" option failed to create numbered log
2987 --- 9.2.0rc4 released ---
2989 1013. [bug] It was possible to cancel a query twice when marking
2990 a server as bogus or by having a blackhole acl.
2993 1010. [bug] The server could attempt to execute a command channel
2994 command after initiating server shutdown, causing
2995 an assertion failure. [RT #1766]
2997 1006. [bug] If a KEY RR was found missing during DNSSEC validation,
2998 an assertion failure could subsequently be triggered
2999 in the resolver. [RT #1763]
3001 1005. [bug] Don't copy nonzero RCODEs from request to response.
3004 1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770]
3006 1002. [bug] When reporting an unknown class name in named.conf,
3007 including the file name and line number. [RT #1759]
3009 1001. [bug] win32 socket code doio_recv was not catching a
3010 WSACONNRESET error when a client was timing out
3011 the request and closing its socket. [RT #1745]
3013 1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias
3014 for class "HS". [RT #1759]
3016 --- 9.2.0rc3 released ---
3018 990. [bug] The rndc-confgen man page was not installed.
3020 989. [bug] Report filename if $INCLUDE fails for file related
3023 987. [bug] "dig -help" didn't show "+[no]stats".
3025 986. [bug] "dig +noall" failed to clear stats and command
3028 984. [bug] Multi-threading should be enabled by default on
3029 Solaris 2.7 and newer, but it wasn't.
3031 --- 9.2.0rc2 released ---
3033 980. [bug] Incoming zone transfers restarting after an error
3034 could trigger an assertion failure. [RT #1692]
3036 978. [bug] dns_db_attachversion() had an invalid REQUIRE()
3039 977. [bug] Improve "not at top of zone" error message.
3041 975. [bug] "max-cache-size default;" as a view option
3042 caused an assertion failure.
3044 974. [bug] "max-cache-size unlimited;" as a global option
3047 973. [bug] Failed to log the question name when logging:
3048 "bad zone transfer request: non-authoritative zone
3051 972. [bug] The file modification time code in zone.c was using the
3052 wrong epoch. [RT #1667]
3054 968. [bug] On win32, the isc_time_now() function was unnecessarily
3055 calling strtime(). [RT #1671]
3057 967. [bug] On win32, the link for bindevt was not including the
3058 required resource file to enable the event viewer
3059 to interpret the error messages in the event log,
3064 965. [bug] Including data other than root server NS and A
3065 records in the root hint file could cause a rbtdb
3066 node reference leak. [RT #1581, #1618]
3068 964. [func] Warn if data other than root server NS and A records
3069 are found in the root hint file. [RT #1581, #1618]
3071 963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
3073 962. [bug] libbind: bad "#undef", don't attempt to install
3074 non-existant nlist.h. [RT #1640]
3076 961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
3077 was not defined. [RT #1482]
3079 960. [port] liblwres failed to build on systems with support for
3080 getrrsetbyname() in the OS. [RT #1592]
3082 959. [port] On FreeBSD, determine the number of CPUs by calling
3083 sysctlbyname(). [RT #1584]
3085 958. [port] ssize_t is not available on all platforms. [RT #1607]
3087 957. [bug] sys/select.h inclusion was broken on older platforms.
3090 956. [bug] ns_g_autorndcfile changed to ns_g_keyfile
3091 in named/win32/os.c due to code changes in
3092 change #953. win32 .make file for rndc-confgen
3093 updated to add include path for os.h header.
3095 --- 9.2.0rc1 released ---
3097 955. [bug] When using views, the zone's class was not being
3098 inherited from the view's class. [RT #1583]
3100 954. [bug] When requesting AXFRs or IXFRs using dig, host, or
3101 nslookup, the RD bit should not be set as zone
3102 transfers are inherently nonrecursive. [RT #1575]
3104 953. [func] The /var/run/named.key file from change #843
3105 has been replaced by /etc/rndc.key. Both
3106 named and rndc will look for this file and use
3107 it to configure a default control channel key
3108 if not already configured using a different
3109 method (rndc.conf / controls). Unlike
3110 named.key, rndc.key is not created automatically;
3111 it must be created by manually running
3114 952. [bug] The server required manual intervention to serve the
3115 affected zones if it died between creating a journal
3116 and committing the first change to it.
3118 951. [bug] CFLAGS was not passed to the linker when
3119 linking some of the test programs under
3120 bin/tests. [RT #1555].
3122 950. [bug] Explicit TTLs did not properly override $TTL
3123 due to a bug in change 834. [RT #1558]
3125 949. [bug] host was unable to print records larger than 512
3128 --- 9.2.0b2 released ---
3130 948. [port] Integrated support for building on Windows NT /
3133 947. [bug] dns_rdata_soa_t had a badly named element "mname" which
3134 was really the RNAME field from RFC1035. To avoid
3135 confusion and silent errors that would occur it the
3136 "origin" and "mname" elements were given their correct
3137 names "mname" and "rname" respectively, the "mname"
3138 element is renamed to "contact".
3140 946. [cleanup] doc/misc/options is now machine-generated from the
3141 configuration parser syntax tables, and therefore
3142 more likely to be correct.
3144 945. [func] Add the new view-specific options
3145 "match-destinations" and "match-recursive-only".
3147 944. [func] Check for expired signatures on load.
3149 943. [bug] The server could crash when receiving a command
3150 via rndc if the configuration file listed only
3151 nonexistent keys in the controls statement. [RT #1530]
3153 942. [port] libbind: GETNETBYADDR_ADDR_T was not correctly
3154 defined on some platforms.
3156 941. [bug] The configuration checker crashed if a slave
3157 zone didn't contain a masters statement. [RT #1514]
3159 940. [bug] Double zone locking failure on error path. [RT #1510]
3161 --- 9.2.0b1 released ---
3163 939. [port] Add the --disable-linux-caps option to configure for
3164 systems that manage capabilities outside of named.
3169 937. [bug] A race when shutting down a zone could trigger a
3170 INSIST() failure. [RT #1034]
3172 936. [func] Warn about IPv4 addresses that are not complete
3173 dotted quads. [RT #1084]
3175 935. [bug] inet_pton failed to reject leading zeros.
3177 934. [port] Deal with systems where accept() spuriously returns
3180 933. [bug] configure failed doing libbind on platforms not
3181 supported by BIND 8. [RT #1496]
3183 --- 9.2.0a3 released ---
3185 932. [bug] Use INSTALL_SCRIPT, not INSTALL_PROGRAM,
3186 when installing isc-config.sh.
3189 931. [bug] The controls statement only attempted to verify
3190 messages using the first key in the key list.
3193 930. [func] Query performance testing tool added as
3198 928. [bug] nsupdate would send empty update packets if the
3199 send (or empty line) command was run after
3200 another send but before any new updates or
3201 prerequisites were specified. It should simply
3202 ignore this command.
3204 927. [bug] Don't hold the zone lock for the entire dump to disk.
3207 926. [bug] The resolver could deadlock with the ADB when
3208 shutting down (multi-threaded builds only).
3211 925. [cleanup] Remove openssl from the distribution; require that
3212 --with-openssl be specified if DNSSEC is needed.
3214 924. [port] Extend support for pre-RFC2133 IPv6 implementation.
3217 923. [bug] Multiline TSIG secrets (and other multiline strings)
3218 were not accepted in named.conf. [RT #1469]
3220 922. [func] Added two new lwres_getrrsetbyname() result codes,
3221 ERR_NONAME and ERR_NODATA.
3223 921. [bug] lwres returned an incorrect error code if it received
3224 a truncated message.
3226 920. [func] Increase the lwres receive buffer size to 16K.
3231 918. [func] In nsupdate, TSIG errors are no longer treated as
3234 917. [func] New nsupdate command 'key', allowing TSIG keys to
3235 be specified in the nsupdate command stream rather
3236 than the command line.
3238 916. [bug] Specifying type ixfr to dig without specifying
3239 a serial number failed in unexpected ways.
3241 915. [func] The named-checkconf and named-checkzone programs
3242 now have a '-v' option for printing their version.
3245 914. [bug] Global 'server' statements were rejected when
3246 using views, even though they were accepted
3249 913. [bug] Cache cleaning was not sufficiently aggressive.
3252 912. [bug] Attempts to set the 'additional-from-cache' or
3253 'additional-from-auth' option to 'no' in a
3254 server with recursion enabled will now
3255 be ignored and cause a warning message.
3260 910. [port] Some pre-RFC2133 IPv6 implementations do not define
3261 IN6ADDR_ANY_INIT. [RT #1416]
3263 908. [func] New program, rndc-confgen, to simplify setting up rndc.
3265 907. [func] The ability to get entropy from either the
3266 random device, a user-provided file or from
3267 the keyboard was migrated from the DNSSEC tools
3268 to libisc as isc_entropy_usebestsource().
3270 906. [port] Separated the system independent portion of
3271 lib/isc/unix/entropy.c into lib/isc/entropy.c
3272 and added lib/isc/win32/entropy.c.
3274 905. [bug] Configuring a forward "zone" for the root domain
3275 did not work. [RT #1418]
3277 904. [bug] The server would leak memory if attempting to use
3278 an expired TSIG key. [RT #1406]
3280 903. [bug] dig should not crash when receiving a TCP packet
3283 902. [bug] The -d option was ignored if both -t and -g were also
3288 900. [bug] A config.guess update changed the system identification
3289 string of FreeBSD systems; configure and
3290 bin/tests/system/ifconfig.sh now recognize the new
3293 --- 9.2.0a2 released ---
3295 899. [bug] lib/dns/soa.c failed to compile on many platforms
3296 due to inappropriate use of a void value.
3297 [RT #1372, #1373, #1386, #1387, #1395]
3299 898. [bug] "dig" failed to set a nonzero exit status
3300 on UDP query timeout. [RT #1323]
3302 897. [bug] A config.guess update changed the system identification
3303 string of UnixWare systems; configure now recognizes
3306 896. [bug] If a configuration file is set on named's command line
3307 and it has a relative pathname, the current directory
3308 (after any possible jailing resulting from named -t)
3309 will be prepended to it so that reloading works
3310 properly even when a directory option is present.
3312 895. [func] New function, isc_dir_current(), akin to POSIX's
3315 894. [bug] When using the DNSSEC tools, a message intended to warn
3316 when the keyboard was being used because of the lack
3317 of a suitable random device was not being printed.
3319 893. [func] Removed isc_file_test() and added isc_file_exists()
3320 for the basic functionality that was being added
3321 with isc_file_test().
3325 891. [bug] Return an error when a SIG(0) signed response to
3326 an unsigned query is seen. This should actually
3327 do the verification, but it's not currently
3328 possible. [RT #1391]
3330 890. [cleanup] The man pages no longer require the mandoc macros
3331 and should now format cleanly using most versions of
3332 nroff, and HTML versions of the man pages have been
3333 added. Both are generated from DocBook source.
3335 889. [port] Eliminated blank lines before .TH in nroff man
3336 pages since they cause problems with some versions
3337 of nroff. [RT #1390]
3339 888. [bug] Don't die when using TKEY to delete a nonexistent
3340 TSIG key. [RT #1392]
3342 887. [port] Detect broken compilers that can't call static
3343 functions from inline functions. [RT #1212]
3345 866. [func] Close debug only file channels when debug is set to
3348 865. [bug] The new configuration parser did not allow
3349 the optional debug level in a "severity debug"
3350 clause of a logging channel to be omitted.
3351 This is now allowed and treated as "severity
3352 debug 1;" like it does in BIND 8.2.4, not as
3353 "severity debug 0;" like it did in BIND 9.1.
3356 864. [cleanup] Multi-threading is now enabled by default on
3357 OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.
3359 863. [bug] If an error occurred while an outgoing zone transfer
3360 was starting up, the server could access a domain
3361 name that had already been freed when logging a
3362 message saying that the transfer was starting.
3365 862. [bug] Use after realloc(), non portable pointer arithmetic in
3368 861. [port] Add support for Mac OS X, by making it equivalent
3369 to Darwin. This was derived from the config.guess
3370 file shipped with Mac OS X. [RT #1355]
3372 860. [func] Drop cross class glue in zone transfers.
3374 859. [bug] Cache cleaning now won't swamp the CPU if there
3375 is a persistent overlimit condition.
3377 858. [func] isc_mem_setwater() no longer requires that when the
3378 callback function is non-NULL then its hi_water
3379 argument must be greater than its lo_water argument
3380 (they can now be equal) or that they be non-zero.
3382 857. [cleanup] Use ISC_MAGIC() to define all magic numbers for
3383 structs, for our friends in EBCDIC-land.
3385 856. [func] Allow partial rdatasets to be returned in answer and
3386 authority sections to help non-TCP capable clients
3387 recover from truncation. [RT #1301]
3389 855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings.
3391 854. [bug] The config parser didn't properly handle config
3392 options that were specified in units of time other
3393 than seconds. [RT #1372]
3395 853. [bug] configure_view_acl() failed to detach existing acls.
3398 852. [bug] Handle responses from servers which do not know
3401 851. [cleanup] The obsolete support-ixfr option was not properly
3404 --- 9.2.0a1 released ---
3406 850. [bug] dns_rbt_findnode() would not find nodes that were
3407 split on a bitstring label somewhere other than in
3408 the last label of the node. [RT #1351]
3410 849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
3412 848. [func] A minimum max-cache-size of two megabytes is enforced
3413 by the cache cleaner.
3415 847. [func] Added isc_file_test(), which currently only has
3416 some very basic functionality to test for the
3417 existence of a file, whether a pathname is absolute,
3418 or whether a pathname is the fundamental representation
3419 of the current directory. It is intended that this
3420 function can be expanded to test other things a
3421 programmer might want to know about a file.
3423 846. [func] A non-zero 'param' to dst_key_generate() when making an
3424 hmac-md5 key means that good entropy is not required.
3426 845. [bug] The access rights on the public file of a symmetric
3427 key are now restricted as soon as the file is opened,
3428 rather than after it has been written and closed.
3430 844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
3431 just as <lwres/net.h> does.
3433 843. [func] If no controls statement is present in named.conf,
3434 or if any inet phrase of a controls statement is
3435 lacking a keys clause, then a key will be automatically
3436 generated by named and an rndc.conf-style file
3437 named named.key will be written that uses it. rndc
3438 will use this file only if its normal configuration
3439 file, or one provided on the command line, does not
3442 842. [func] 'rndc flush' now takes an optional view.
3444 841. [bug] When sdb modules were not declared threadsafe, their
3445 create and destroy functions were not serialized.
3447 840. [bug] The config file parser could print the wrong file
3448 name if an error was detected after an included file
3449 was parsed. [RT #1353]
3451 839. [func] Dump packets for which there was no view or that the
3452 class could not be determined to category "unmatched".
3454 838. [port] UnixWare 7.x.x is now suported by
3455 bin/tests/system/ifconfig.sh.
3457 837. [cleanup] Multi-threading is now enabled by default only on
3458 OSF1, Solaris 2.7 and newer, and AIX.
3460 836. [func] Upgraded libtool to 1.4.
3462 835. [bug] The dispatcher could enter a busy loop if
3463 it got an I/O error receiving on a UDP socket.
3466 834. [func] Accept (but warn about) master files beginning with
3467 an SOA record without an explicit TTL field and
3468 lacking a $TTL directive, by using the SOA MINTTL
3469 as a default TTL. This is for backwards compatibility
3470 with old versions of BIND 8, which accepted such
3471 files without warning although they are illegal
3472 according to RFC1035.
3474 833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
3475 <dns/soa.h>, and extended them to support
3476 all the integer-valued fields of the SOA RR.
3478 832. [bug] The default location for named.conf in named-checkconf
3479 should depend on --sysconfdir like it does in named.
3484 830. [func] Implement 'rndc status'.
3486 829. [bug] The DNS_R_ZONECUT result code should only be returned
3487 when an ANY query is made with DNS_DBFIND_GLUEOK set.
3488 In all other ANY query cases, returning the delegation
3491 828. [bug] The errno value from recvfrom() could be overwritten
3492 by logging code. [RT #1293]
3494 827. [bug] When an IXFR protocol error occurs, the slave
3495 should retry with AXFR.
3497 826. [bug] Some IXFR protocol errors were not detected.
3499 825. [bug] zone.c:ns_query() detached from the wrong zone
3500 reference. [RT #1264]
3502 824. [bug] Correct line numbers reported by dns_master_load().
3505 823. [func] The output of "dig -h" now goes to stdout so that it
3506 can easily be piped through "more". [RT #1254]
3508 822. [bug] Sending nxrrset prerequisites would crash nsupdate.
3511 821. [bug] The program name used when logging to syslog should
3512 be stripped of leading path components.
3515 820. [bug] Name server address lookups failed to follow
3516 A6 chains into the glue of local authoritative
3519 819. [bug] In certain cases, the resolver's attempts to
3520 restart an address lookup at the root could cause
3521 the fetch to deadlock (with itself) instead of
3522 restarting. [RT #1225]
3524 818. [bug] Certain pathological responses to ANY queries could
3525 cause an assertion failure. [RT #1218]
3527 817. [func] Adjust timeouts for dialup zone queries.
3529 816. [bug] Report potential problems with log file accessibility
3530 at configuration time, since such problems can't
3531 reliably be reported at the time they actually occur.
3533 815. [bug] If a log file was specified with a path separator
3534 character (i.e. "/") in its name and the directory
3535 did not exist, the log file's name was treated as
3536 though it were the directory name. [RT #1189]
3538 814. [bug] Socket objects left over from accept() failures
3539 were incorrectly destroyed, causing corruption
3540 of socket manager data structures.
3542 813. [bug] File descriptors exceeding FD_SETSIZE were handled
3545 812. [bug] dig sometimes printed incomplete IXFR responses
3546 due to an uninitialized variable. [RT #1188]
3548 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
3550 810. [bug] The signer name in SIG records was not properly
3551 downcased when signing/verifying records. [RT #1186]
3553 809. [bug] Configuring a non-local address as a transfer-source
3554 could cause an assertion failure during load.
3556 808. [func] Add 'rndc flush' to flush the server's cache.
3558 807. [bug] When setting up TCP connections for incoming zone
3559 transfers, the transfer-source port was not
3560 ignored like it should be.
3562 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
3563 the calling stack to the zone maintence level, causing
3564 zones to not reload when an included file was touched
3565 but the top-level zone file was not.
3567 805. [bug] When using "forward only", missing root hints should
3568 not cause queries to fail. [RT #1143]
3570 804. [bug] Attempting to obtain entropy could fail in some
3571 situations. This would be most common on systems
3572 with user-space threads. [RT #1131]
3574 803. [bug] Treat all SIG queries as if they have the CD bit set,
3575 otherwise no data will be returned [RT #749]
3577 802. [bug] DNSSEC key tags were computed incorrectly in almost
3578 all cases. [RT #1146]
3580 801. [bug] nsupdate should treat lines beginning with ';' as
3581 comments. [RT #1139]
3583 800. [bug] dnssec-signzone produced incorrect statistics for
3584 large zones. [RT #1133]
3586 799. [bug] The ADB didn't find AAAA glue in a zone unless A6
3587 glue was also present.
3589 798. [bug] nsupdate should be able to reject bad input lines
3590 and continue. [RT #1130]
3592 797. [func] Issue a warning if the 'directory' option contains
3593 a relative path. [RT #269]
3595 796. [func] When a size limit is associated with a log file,
3596 only roll it when the size is reached, not every
3597 time the log file is opened. [RT #1096]
3599 795. [func] Add the +multiline option to dig. [RT #1095]
3601 794. [func] Implement the "port" and "default-port" statements
3604 793. [cleanup] The DNSSEC tools could create filenames that were
3605 illegal or contained shell metacharacters. They
3606 now use a different text encoding of names that
3607 doesn't have these problems. [RT #1101]
3609 792. [cleanup] Replace the OMAPI command channel protocol with a
3612 791. [bug] The command channel now works over IPv6.
3614 790. [bug] Wildcards created using dynamic update or IXFR
3615 could fail to match. [RT #1111]
3617 789. [bug] The "localhost" and "localnets" ACLs did not match
3618 when used as the second element of a two-element
3621 788. [func] Add the "match-mapped-addresses" option, which
3622 causes IPv6 v4mapped addresses to be treated as
3623 IPv4 addresses for the purpose of acl matching.
3625 787. [bug] The DNSSEC tools failed to downcase domain
3626 names when mapping them into file names.
3628 786. [bug] When DNSSEC signing/verifying data, owner names were
3629 not properly downcased.
3631 785. [bug] A race condition in the resolver could cause
3632 an assertion failure. [RT #673, #872, #1048]
3634 784. [bug] nsupdate and other programs would not quit properly
3635 if some signals were blocked by the caller. [RT #1081]
3637 783. [bug] Following CNAMEs could cause an assertion failure
3638 when either using an sdb database or under very
3641 782. [func] Implement the "serial-query-rate" option.
3643 781. [func] Avoid error packet loops by dropping duplicate FORMERR
3644 responses. [RT #1006]
3646 780. [bug] Error handling code dealing with out of memory or
3647 other rare errors could lead to assertion failures
3648 by calling functions on unitialized names. [RT #1065]
3650 779. [func] Added the "minimal-responses" option.
3652 778. [bug] When starting cache cleaning, cleaning_timer_action()
3653 returned without first pausing the iterator, which
3654 could cause deadlock. [RT #998]
3656 777. [bug] An empty forwarders list in a zone failed to override
3657 global forwarders. [RT #995]
3659 776. [func] Improved error reporting in denied messages. [RT #252]
3663 774. [func] max-cache-size is implemented.
3665 773. [func] Added isc_rwlock_trylock() to attempt to lock without
3668 772. [bug] Owner names could be incorrectly omitted from cache
3669 dumps in the presence of negative caching entries.
3672 771. [cleanup] TSIG errors related to unsynchronized clocks
3673 are logged better. [RT #919]
3675 770. [func] Add the "edns yes_or_no" statement to the server
3678 769. [func] Improved error reporting when parsing rdata. [RT #740]
3680 768. [bug] The server did not emit an SOA when a CNAME
3681 or DNAME chain ended in NXDOMAIN in an
3686 766. [bug] A few cases in query_find() could leak fname.
3687 This would trigger the mpctx->allocated == 0
3688 assertion when the server exited.
3689 [RT #739, #776, #798, #812, #818, #821, #845,
3692 765. [func] ACL names are once again case insensitive, like
3693 in BIND 8. [RT #252]
3695 764. [func] Configuration files now allow "include" directives
3696 in more places, such as inside the "view" statement.
3697 [RT #377, #728, #860]
3699 763. [func] Configuration files no longer have reserved words.
3702 762. [cleanup] The named.conf and rndc.conf file parsers have
3703 been completely rewritten.
3705 761. [bug] _REENTRANT was still defined when building with
3708 760. [contrib] Significant enhancements to the pgsql sdb driver.
3710 759. [bug] The resolver didn't turn off "avoid fetches" mode
3711 when restarting, possibly causing resolution
3712 to fail when it should not. This bug only affected
3713 platforms which support both IPv4 and IPv6. [RT #927]
3715 758. [bug] The "avoid fetches" code did not treat negative
3716 cache entries correctly, causing fetches that would
3717 be useful to be avoided. This bug only affected
3718 platforms which support both IPv4 and IPv6. [RT #927]
3720 757. [func] Log zone transfers.
3722 756. [bug] dns_zone_load() could "return" success when no master
3723 file was configured.
3725 755. [bug] Fix incorrectly formatted log messages in zone.c.
3727 754. [bug] Certain failure conditions sending UDP packets
3728 could cause the server to retry the transmission
3729 indefinitely. [RT #902]
3731 753. [bug] dig, host, and nslookup would fail to contact a
3732 remote server if getaddrinfo() returned an IPv6
3733 address on a system that doesn't support IPv6.
3736 752. [func] Correct bad tv_usec elements returned by
3739 751. [func] Log successful zone loads / transfers. [RT #898]
3741 750. [bug] A query should not match a DNAME whose trust level
3742 is pending. [RT #916]
3744 749. [bug] When a query matched a DNAME in a secure zone, the
3745 server did not return the signature of the DNAME.
3748 748. [doc] List supported RFCs in doc/misc/rfc-compliance.
3751 747. [bug] The code to determine whether an IXFR was possible
3752 did not properly check for a database that could
3753 not have a journal. [RT #865, #908]
3755 746. [bug] The sdb didn't clone rdatasets properly, causing
3756 a crash when the server followed delegations. [RT #905]
3758 745. [func] Report the owner name of records that fail
3759 semantic checks while loading.
3761 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the
3762 result of an ANY or SIG query, the resolver failed
3763 to setup the return event's rdatasets, causing an
3764 assertion failure in the query code. [RT #881]
3766 743. [bug] Receiving a large number of certain malformed
3767 answers could cause named to stop responding.
3772 741. [port] Support openssl-engine. [RT #709]
3774 740. [port] Handle openssl library mismatches slightly better.
3776 739. [port] Look for /dev/random in configure, rather than
3777 assuming it will be there for only a predefined
3780 738. [bug] If a non-threadsafe sdb driver supported AXFR and
3781 received an AXFR request, it would deadlock or die
3782 with an assertion failure. [RT #852]
3784 737. [port] stdtime.c failed to compile on certain platforms.
3786 736. [func] New functions isc_task_{begin,end}exclusive().
3788 735. [doc] Add BIND 4 migration notes.
3790 734. [bug] An attempt to re-lock the zone lock could occur if
3791 the server was shutdown during a zone tranfer.
3794 733. [bug] Reference counts of dns_acl_t objects need to be
3795 locked but were not. [RT #801, #821]
3797 732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828]
3799 731. [bug] Certain zone errors could cause named-checkzone to
3800 fail ungracefully. [RT #819]
3802 730. [bug] lwres_getaddrinfo() returns the correct result when
3803 it fails to contact a server. [RT #768]
3805 729. [port] pthread_setconcurrency() needs to be called on Solaris.
3807 728. [bug] Fix comment processing on master file directives.
3810 727. [port] Work around OS bug where accept() succeeds but
3811 fails to fill in the peer address of the accepted
3812 connection, by treating it as an error rather than
3813 an assertion failure. [RT #809]
3815 726. [func] Implement the "trace" and "notrace" commands in rndc.
3817 725. [bug] Installing man pages could fail.
3819 724. [func] New libisc functions isc_netaddr_any(),
3822 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
3823 to return DNS_R_SERVFAIL. [RT #783]
3825 722. [func] Allow incremental loads to be canceled.
3827 721. [cleanup] Load manager and dns_master_loadfilequota() are no
3830 720. [bug] Server could enter infinite loop in
3831 dispatch.c:do_cancel(). [RT #733]
3833 719. [bug] Rapid reloads could trigger an assertion failure.
3836 718. [cleanup] "internal" is no longer a reserved word in named.conf.
3839 717. [bug] Certain TKEY processing failure modes could
3840 reference an uninitialized variable, causing the
3841 server to crash. [RT #750]
3843 716. [bug] The first line of a $INCLUDE master file was lost if
3844 an origin was specified. [RT #744]
3846 715. [bug] Resolving some A6 chains could cause an assertion
3847 failure in adb.c. [RT #738]
3849 714. [bug] Preserve interval timers across reloads unless changed.
3852 713. [func] named-checkconf takes '-t directory' similar to named.
3855 712. [bug] Sending a large signed update message caused an
3856 assertion failure. [RT #718]
3858 711. [bug] The libisc and liblwres implementations of
3859 inet_ntop contained an off by one error.
3861 710. [func] The forwarders statement now takes an optional
3864 709. [bug] ANY or SIG queries for data with a TTL of 0
3865 would return SERVFAIL. [RT #620]
3867 708. [bug] When building with --with-openssl, the openssl headers
3868 included with BIND 9 should not be used. [RT #702]
3870 707. [func] The "filename" argument to named-checkzone is no
3871 longer optional, to reduce confusion. [RT #612]
3873 706. [bug] Zones with an explicit "allow-update { none; };"
3874 were considered dynamic and therefore not reloaded
3875 on SIGHUP or "rndc reload".
3877 705. [port] Work out resource limit type for use where rlim_t is
3878 not available. [RT #695]
3880 704. [port] RLIMIT_NOFILE is not available on all platforms.
3883 703. [port] sys/select.h is needed on older platforms. [RT #695]
3885 702. [func] If the address 0.0.0.0 is seen in resolv.conf,
3886 use 127.0.0.1 instead. [RT #693]
3888 701. [func] Root hints are now fully optional. Class IN
3889 views use compiled-in hints by default, as
3890 before. Non-IN views with no root hints now
3891 provide authoritative service but not recursion.
3892 A warning is logged if a view has neither root
3893 hints nor authoritative data for the root. [RT #696]
3895 700. [bug] $GENERATE range check was wrong. [RT #688]
3897 699. [bug] The lexer mishandled empty quoted strings. [RT #694]
3899 698. [bug] Aborting nsupdate with ^C would lead to several
3902 697. [bug] nsupdate was not compatible with the undocumented
3903 BIND 8 behavior of ignoring TTLs in "update delete"
3906 696. [bug] lwresd would die with an assertion failure when passed
3907 a zero-length name. [RT #692]
3909 695. [bug] If the resolver attempted to query a blackholed or
3910 bogus server, the resolution would fail immediately.
3912 694. [bug] $GENERATE did not produce the last entry.
3915 693. [bug] An empty lwres statement in named.conf caused
3916 the server to crash while loading.
3918 692. [bug] Deal with systems that have getaddrinfo() but not
3919 gai_strerror(). [RT #679]
3921 691. [bug] Configuring per-view forwarders caused an assertion
3922 failure. [RT #675, #734]
3924 690. [func] $GENERATE now supports DNAME. [RT #654]
3926 689. [doc] man pages are now installed. [RT #210]
3928 688. [func] "make tags" now works on systems with the
3929 "Exuberant Ctags" etags.
3931 687. [bug] Only say we have IPv6, with sufficent functionality,
3932 if it has actually been tested. [RT #586]
3934 686. [bug] dig and nslookup can now be properly aborted during
3935 blocking operations. [RT #568]
3937 685. [bug] nslookup should use the search list/domain options
3938 from resolv.conf by default. [RT #405, #630]
3940 684. [bug] Memory leak with view forwarders. [RT #656]
3942 683. [bug] File descriptor leak in isc_lex_openfile().
3944 682. [bug] nslookup displayed SOA records incorrectly. [RT #665]
3946 681. [bug] $GENERATE specifying output format was broken. [RT #653]
3948 680. [bug] dns_rdata_fromstruct() mishandled options bigger
3951 679. [bug] $INCLUDE could leak memory and file descriptors on
3954 678. [bug] "transfer-format one-answer;" could trigger an assertion
3957 677. [bug] dnssec-signzone would occasionally use the wrong ttl
3958 for database operations and fail. [RT #643]
3960 676. [bug] Log messages about lame servers to category
3961 'lame-servers' rather than 'resolver', so as not
3962 to be gratuitously incompatible with BIND 8.
3964 675. [bug] TKEY queries could cause the server to leak
3967 674. [func] Allow messages to be TSIG signed / verified using
3968 a offset from the current time.
3970 673. [func] The server can now convert RFC1886-style recursive
3971 lookup requests into RFC2874-style lookups, when
3972 enabled using the new option "allow-v6-synthesis".
3974 672. [bug] The wrong time was in the "time signed" field when
3975 replying with BADTIME error.
3977 671. [bug] The message code was failing to parse a message with
3978 no question section and a TSIG record. [RT #628]
3980 670. [bug] The lwres replacements for getaddrinfo and
3981 getipnodebyname didn't properly check for the
3982 existence of the sockaddr sa_len field.
3984 669. [bug] dnssec-keygen now makes the public key file
3985 non-world-readable for symmetric keys. [RT #403]
3987 668. [func] named-checkzone now reports multiple errors in master
3990 667. [bug] On Linux, running named with the -u option and a
3991 non-world-readable configuration file didn't work.
3994 666. [bug] If a request sent by dig is longer than 512 bytes,
3997 665. [bug] Signed responses were not sent when the size of the
3998 TSIG + question exceeded the maximum message size.
4001 664. [bug] The t_tasks and t_timers module tests are now skipped
4002 when building without threads, since they require
4005 663. [func] Accept a size_spec, not just an integer, in the
4006 (unimplemented and ignored) max-ixfr-log-size option
4007 for compatibility with recent versions of BIND 8.
4010 662. [bug] dns_rdata_fromtext() failed to log certain errors.
4012 661. [bug] Certain UDP IXFR requests caused an assertion failure
4013 (mpctx->allocated == 0). [RT #355, #394, #623]
4015 660. [port] Detect multiple CPUs on HP-UX and IRIX.
4017 659. [performance] Rewrite the name compression code to be much faster.
4019 658. [cleanup] Remove all vestiges of 16 bit global compression.
4021 657. [bug] When a listen-on statement in an lwres block does not
4022 specify a port, use 921, not 53. Also update the
4023 listen-on documentation. [RT #616]
4025 656. [func] Treat an unescaped newline in a quoted string as
4026 an error. This means that TXT records with missing
4027 close quotes should have meaningful errors printed.
4029 655. [bug] Improve error reporting on unexpected eof when loading
4032 654. [bug] Origin was being forgotten in TCP retries in dig.
4035 653. [bug] +defname option in dig was reversed in sense.
4038 652. [bug] zone_saveunique() did not report the new name.
4040 651. [func] The AD bit in responses now has the meaning
4041 specified in <draft-ietf-dnsext-ad-is-secure>.
4043 650. [bug] SIG(0) records were being generated and verified
4044 incorrectly. [RT #606]
4046 649. [bug] It was possible to join to an already running fctx
4047 after it had "cloned" its events, but before it sent
4048 them. In this case, the event of the newly joined
4049 fetch would not contain the answer, and would
4050 trigger the INSIST() in fctx_sendevents(). In
4051 BIND 9.0, this bug did not trigger an INSIST(), but
4052 caused the fetch to fail with a SERVFAIL result.
4053 [RT #588, #597, #605, #607]
4055 648. [port] Add support for pre-RFC2133 IPv6 implementations.
4057 647. [bug] Resolver queries sent after following multiple
4058 referrals had excessively long retransmission
4059 timeouts due to incorrectly counting the referrals
4062 646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
4063 didn't _cleanly_ fix the problem it was trying to fix.
4065 645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
4067 644. [bug] #622 needed more work. [RT #562]
4069 643. [bug] xfrin error messages made more verbose, added class
4070 of the zone. [RT# 599]
4072 642. [bug] Break the exit_check() race in the zone module.
4075 --- 9.1.0b2 released ---
4077 641. [bug] $GENERATE caused a uninitialized link to be used.
4080 640. [bug] Memory leak in error path could cause
4081 "mpctx->allocated == 0" failure. [RT #584]
4083 639. [bug] Reading entropy from the keyboard would sometimes fail.
4086 638. [port] lib/isc/random.c needed to explicitly include time.h
4087 to get a prototype for time() when pthreads was not
4088 being used. [RT #592]
4090 637. [port] Use isc_u?int64_t instead of (unsigned) long long in
4091 lib/isc/print.c. Also allow lib/isc/print.c to
4092 be compiled even if the platform does not need it.
4095 636. [port] Shut up MSVC++ about a possible loss of precision
4096 in the ISC__BUFFER_PUTUINT*() macros. [RT #592]
4098 635. [bug] Reloading a server with a configured blackhole list
4099 would cause an assertion. [RT #590]
4101 634. [bug] A log file will completely stop being written when
4102 it reaches the maximum size in all cases, not just
4103 when versioning is also enabled. [RT #570]
4105 633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
4107 632. [bug] The index array of the journal file was
4108 corrupted as it was written to disk.
4110 631. [port] Build without thread support on systems without
4113 630. [bug] Locking failure in zone code. [RT #582]
4115 629. [bug] 9.1.0b1 dereferenced a null pointer and crashed
4116 when responding to a UDP IXFR request.
4118 628. [bug] If the root hints contained only AAAA addresses,
4119 named would be unable to perform resolution.
4121 627. [bug] The EDNS0 blackhole detection code of change 324
4122 waited for three retransmissions to each server,
4123 which takes much too long when a domain has many
4124 name servers and all of them drop EDNS0 queries.
4125 Now we retry without EDNS0 after three consecutive
4126 timeouts, even if they are all from different
4129 626. [bug] The lightweight resolver daemon no longer crashes
4130 when asked for a SIG rrset. [RT #558]
4132 625. [func] Zones now inherit their class from the enclosing view.
4134 624. [bug] The zone object could get timer events after it had
4135 been destroyed, causing a server crash. [RT #571]
4137 623. [func] Added "named-checkconf" and "named-checkzone" program
4138 for syntax checking named.conf files and zone files,
4141 622. [bug] A canceled request could be destroyed before
4142 dns_request_destroy() was called. [RT #562]
4144 621. [port] Disable IPv6 at runtime if IPv6 sockets are unusable.
4145 This mostly affects Red Hat Linux 7.0, which has
4146 conflicts between libc and the kernel.
4148 620. [bug] dns_master_load*inc() now require 'task' and 'load'
4149 to be non-null. Also 'done' will not be called if
4150 dns_master_load*inc() fails immediately. [RT #565]
4152 618. [bug] Queries to a signed zone could sometimes cause
4153 an assertion failure.
4155 617. [bug] When using dynamic update to add a new RR to an
4156 existing RRset with a different TTL, the journal
4157 entries generated from the update did not include
4158 explicit deletions and re-additions of the existing
4159 RRs to update their TTL to the new value.
4161 616. [func] dnssec-signzone -t output now includes performance
4164 615. [bug] dnssec-signzone did not like child keysets signed
4167 614. [bug] Checks for uninitialized link fields were prone
4168 to false positives, causing assertion failures.
4169 The checks are now disabled by default and may
4170 be re-enabled by defining ISC_LIST_CHECKINIT.
4172 613. [bug] "rndc reload zone" now reloads primary zones.
4173 It previously only updated slave and stub zones,
4174 if an SOA query indicated an out of date serial.
4176 612. [cleanup] Shutup a ridiculously noisy HP-UX compiler that
4177 complains relentlessly about how its treatment
4178 of 'const' has changed as well as how casting
4179 sometimes tightens alignment constraints.
4181 611. [func] allow-notify can be used to permit processing of
4182 notify messages from hosts other than a slave's
4185 610. [func] rndc dumpdb is now supported.
4187 609. [bug] getrrsetbyname() would crash lwresd if the server
4188 found more SIGs than answers. [RT #554]
4190 608. [func] dnssec-signzone now adds a comment to the zone
4191 with the time the file was signed.
4193 607. [bug] nsupdate would fail if it encountered a CNAME or
4194 DNAME in a response to an SOA query. [RT #515]
4196 606. [bug] Compiling with --disable-threads failed due
4197 to isc_thread_self() being incorrectly defined
4198 as an integer rather than a function.
4200 605. [func] New function isc_lex_getlasttokentext().
4202 604. [bug] The named.conf parser could print incorrect line
4203 numbers when long comments were present.
4205 603. [bug] Make dig handle multiple types or classes on the same
4206 query more correctly.
4208 602. [func] Cope automatically with UnixWare's broken
4209 IN6_IS_ADDR_* macros. [RT #539]
4211 601. [func] Return a non-zero exit code if an update fails
4214 600. [bug] Reverse lookups sometimes failed in dig, etc...
4216 599. [func] Added four new functions to the libisc log API to
4217 support i18n messages. isc_log_iwrite(),
4218 isc_log_ivwrite(), isc_log_iwrite1() and
4219 isc_log_ivwrite1() were added.
4221 598. [bug] An update-policy statement would cause the server
4222 to assert while loading. [RT #536]
4224 597. [func] dnssec-signzone is now multi-threaded.
4226 596. [bug] DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
4227 not mutually exclusive.
4229 595. [port] On Linux 2.2, socket() returns EINVAL when it
4230 should return EAFNOSUPPORT. Work around this.
4233 594. [func] sdb drivers are now assumed to not be thread-safe
4234 unless the DNS_SDBFLAG_THREADSAFE flag is supplied.
4236 593. [bug] If a secure zone was missing all its NXTs and
4237 a dynamic update was attempted, the server entered
4240 592. [bug] The sig-validity-interval option now specifies a
4241 number of days, not seconds. This matches the
4242 documentation. [RT #529]
4244 --- 9.1.0b1 released ---
4246 591. [bug] Work around non-reentrancy in openssl by disabling
4247 precomputation in keys.
4249 590. [doc] There are now man pages for the lwres library in
4252 589. [bug] The server could deadlock if a zone was updated
4253 while being transferred out.
4255 588. [bug] ctx->in_use was not being correctly initialized when
4256 when pushing a file for $INCLUDE. [RT #523]
4258 587. [func] A warning is now printed if the "allow-update"
4259 option allows updates based on the source IP
4260 address, to alert users to the fact that this
4261 is insecure and becoming increasingly so as
4262 servers capable of update forwarding are being
4265 586. [bug] multiple views with the same name were fatal. [RT #516]
4267 585. [func] dns_db_addrdataset() and and dns_rdataslab_merge()
4268 now support 'exact' additions in a similar manner to
4269 dns_db_subtractrdataset() and dns_rdataslab_subtract().
4271 584. [func] You can now say 'notify explicit'; to suppress
4272 notification of the servers listed in NS records
4273 and notify only those servers listed in the
4274 'also-notify' option.
4276 583. [func] "rndc querylog" will now toggle logging of
4277 queries, like "ndc querylog" in BIND 8.
4279 582. [bug] dns_zone_idetach() failed to lock the zone.
4282 581. [bug] log severity was not being correctly processed.
4285 580. [func] Ignore trailing garbage on incoming DNS packets,
4286 for interoperability with broken server
4287 implementations. [RT #491]
4289 579. [bug] nsupdate did not take a filename to read update from.
4292 578. [func] New config option "notify-source", to specify the
4293 source address for notify messages.
4295 577. [func] Log illegal RDATA combinations. e.g. multiple
4296 singlton types, cname and other data.
4298 576. [doc] isc_log_create() description did not match reality.
4300 575. [bug] isc_log_create() was not setting internal state
4301 correctly to reflect the default channels created.
4303 574. [bug] TSIG signed queries sent by the resolver would fail to
4304 have their responses validated and would leak memory.
4306 573. [bug] The journal files of IXFRed slave zones were
4307 inadvertantly discarded on server reload, causing
4308 "journal out of sync with zone" errors on subsequent
4311 572. [bug] Quoted strings were not accepted as key names in
4312 address match lists.
4314 571. [bug] It was possible to create an rdataset of singleton
4315 type which had more than one rdata. [RT #154]
4318 570. [bug] rbtdb.c allowed zones containing nodes which had
4319 both a CNAME and "other data". [RT #154]
4321 569. [func] The DNSSEC AD bit will not be set on queries which
4322 have not requested a DNSSEC response.
4324 568. [func] Add sample simple database drivers in contrib/sdb.
4326 567. [bug] Setting the zone transfer timeout to zero caused an
4327 assertion failure. [RT #302]
4329 566. [func] New public function dns_timer_setidle().
4331 565. [func] Log queries more like BIND 8: query logging is now
4332 done to category "queries", level "info". [RT #169]
4334 564. [func] Add sortlist support to lwresd.
4336 563. [func] New public functions dns_rdatatype_format() and
4337 dns_rdataclass_format(), for convenient formatting
4338 of rdata type/class mnemonics in log messages.
4340 562. [cleanup] Moved lib/dns/*conf.c to bin/named where they belong.
4342 561. [func] The 'datasize', 'stacksize', 'coresize' and 'files'
4343 clauses of the options{} statement are now implemented.
4345 560. [bug] dns_name_split did not properly the resulting prefix
4346 when a maximal length bitstring label was split which
4347 was preceded by another bitstring label. [RT #429]
4349 559. [bug] dns_name_split did not properly create the suffix
4350 when splitting within a maximal length bitstring label.
4352 558. [func] New functions, isc_resource_getlimit and
4353 isc_resource_setlimit.
4355 557. [func] Symbolic constants for libisc integral types.
4357 556. [func] The DNSSEC OK bit in the EDNS extended flags
4358 is now implemented. Responses to queries without
4359 this bit set will not contain any DNSSEC records.
4361 555. [bug] A slave server attempting a zone transfer could
4362 crash with an assertion failure on certain
4363 malformed responses from the master. [RT #457]
4365 554. [bug] In some cases, not all of the dnssec tools were
4368 553. [bug] Incoming zone transfers deferred due to quota
4369 were not started when quota was increased but
4370 only when a transfer in progress finished. [RT #456]
4372 552. [bug] We were not correctly detecting the end of all c-style
4375 551. [func] Implemented the 'sortlist' option.
4377 550. [func] Support unknown rdata types and classes.
4379 549. [bug] "make" did not immediately abort the build when a
4380 subdirectory make failed [RT #450].
4382 548. [func] The lexer now ungets tokens more correctly.
4384 546. [func] Option 'lame-ttl' is now implemented.
4386 545. [func] Name limit and counting options removed from dig;
4387 they didn't work properly, and cannot be correctly
4388 implemented without significant changes.
4390 544. [func] Add statistics option, enable statistics-file option,
4391 add RNDC option "dump-statistics" to write out a
4392 query statistics file.
4394 543. [doc] The 'port' option is now documented.
4396 542. [func] Add support for update forwarding as required for
4397 full compliance with RFC2136. It is turned off
4398 by default and can be enabled using the
4399 'allow-update-forwarding' option.
4401 541. [func] Add bogus server support.
4403 540. [func] Add dialup support.
4405 539. [func] Support the blackhole option.
4407 538. [bug] fix buffer overruns by 1 in lwres_getnameinfo().
4409 536. [func] Use transfer-source{-v6} when sending refresh queries.
4410 Transfer-source{-v6} now take a optional port
4411 parameter for setting the UDP source port. The port
4412 parameter is ignored for TCP.
4414 535. [func] Use transfer-source{-v6} when forwarding update
4417 534. [func] Ancestors have been removed from RBT chains. Ancestor
4418 information can be discerned via node parent pointers.
4420 533. [func] Incorporated name hashing into the RBT database to
4421 improve search speed.
4423 532. [func] Implement DNS UPDATE pseudo records using
4424 DNS_RDATA_UPDATE flag.
4426 531. [func] Rdata really should be initialized before being assigned
4427 to (dns_rdata_fromwire(), dns_rdata_fromtext(),
4428 dns_rdata_clone(), dns_rdata_fromregion()),
4431 530. [func] New function dns_rdata_invalidate().
4433 529. [bug] 521 contained a bug which caused zones to always
4436 528. [func] The ISC_LIST_XXXX macros now perform sanity checks
4437 on their arguments. ISC_LIST_XXXXUNSAFE can be use
4438 to skip the checks however use with caution.
4440 527. [func] New function dns_rdata_clone().
4442 526. [bug] nsupdate incorrectly refused to add RRs with a TTL
4445 525. [func] New arguments 'options' for dns_db_subtractrdataset(),
4446 and 'flags' for dns_rdataslab_subtract() allowing you
4447 to request that the RR's must exist prior to deletion.
4448 DNS_R_NOTEXACT is returned if the condition is not met.
4450 524. [func] The 'forward' and 'forwarders' statement in
4451 non-forward zones should work now.
4453 523. [doc] The source to the Administrator Reference Manual is
4454 now an XML file using the DocBook DTD, and is included
4455 in the distribution. The plain text version of the
4456 ARM is temporarily unavailable while we figure out
4457 how to generate readable plain text from the XML.
4459 522. [func] The lightweight resolver daemon can now use
4460 a real configuration file, and its functionality
4461 can be provided by a name server. Also, the -p and -P
4462 options to lwresd have been reversed.
4464 521. [bug] Detect master files which contain $INCLUDE and always
4467 520. [bug] Upgraded libtool to 1.3.5, which makes shared
4468 library builds almost work on AIX (and possibly
4471 519. [bug] dns_name_split() would improperly split some bitstring
4472 labels, zeroing a few of the least signficant bits in
4473 the prefix part. When such an improperly created
4474 prefix was returned to the RBT database, the bogus
4475 label was dutifully stored, corrupting the tree.
4478 518. [bug] The resolver did not realize that a DNAME which was
4479 "the answer" to the client's query was "the answer",
4480 and such queries would fail. [RT #399]
4482 517. [bug] The resolver's DNAME code would trigger an assertion
4483 if there was more than one DNAME in the chain.
4486 516. [bug] Cache lookups which had a NULL node pointer, e.g.
4487 those by dns_view_find(), and which would match a
4488 DNAME, would trigger an INSIST(!search.need_cleanup)
4489 assertion. [RT #399]
4491 515. [bug] The ssu table was not being attached / detached
4492 by dns_zone_[sg]etssutable. [RT#397]
4494 514. [func] Retry refresh and notify queries if they timeout.
4497 513. [func] New functionality added to rdnc and server to allow
4498 individual zones to be refreshed or reloaded.
4500 512. [bug] The zone transfer code could throw an execption with
4501 an invalid IXFR stream.
4503 511. [bug] The message code could throw an assertion on an
4504 out of memory failure. [RT #392]
4506 510. [bug] Remove spurious view notify warning. [RT #376]
4508 509. [func] Add support for write of zone files on shutdown.
4510 508. [func] dns_message_parse() can now do a best-effort
4511 attempt, which should allow dig to print more invalid
4514 507. [func] New functions dns_zone_flush(), dns_zt_flushanddetach()
4515 and dns_view_flushanddetach().
4517 506. [func] Do not fail to start on errors in zone files.
4519 505. [bug] nsupdate was printing "unknown result code". [RT #373]
4521 504. [bug] The zone was not being marked as dirty when updated via
4524 503. [bug] dumptime was not being set along with
4525 DNS_ZONEFLG_NEEDDUMP.
4527 502. [func] On a SERVFAIL reply, DiG will now try the next server
4528 in the list, unless the +fail option is specified.
4530 501. [bug] Incorrect port numbers were being displayed by
4533 500. [func] Nearly useless +details option removed from DiG.
4535 499. [func] In DiG, specifying a class with -c or type with -t
4536 changes command-line parsing so that classes and
4537 types are only recognized if following -c or -t.
4538 This allows hosts with the same name as a class or
4539 type to be looked up.
4541 498. [doc] There is now a man page for "dig"
4542 in doc/man/bin/dig.1.
4544 497. [bug] The error messages printed when an IP match list
4545 contained a network address with a nonzero host
4546 part where not sufficiently detailed. [RT #365]
4548 496. [bug] named didn't sanity check numeric parameters. [RT #361]
4550 495. [bug] nsupdate was unable to handle large records. [RT #368]
4552 494. [func] Do not cache NXDOMAIN responses for SOA queries.
4554 493. [func] Return non-cachable (ttl = 0) NXDOMAIN responses
4555 for SOA queries. This makes it easier to locate
4556 the containing zone without polluting intermediate
4559 492. [bug] attempting to reload a zone caused the server fail
4560 to shutdown cleanly. [RT #360]
4562 491. [bug] nsupdate would segfault when sending certain
4563 prerequisites with empty RDATA. [RT #356]
4565 490. [func] When a slave/stub zone has not yet successfully
4566 obtained an SOA containing the zone's configured
4567 retry time, perform the SOA query retries using
4568 exponential backoff. [RT #337]
4570 489. [func] The zone manager now has a "i/o" queue.
4572 488. [bug] Locks weren't properly destroyed in some cases.
4574 487. [port] flockfile() is not defined on all systems.
4576 486. [bug] nslookup: "set all" and "server" commands showed
4577 the incorrect port number if a port other than 53
4578 was specified. [RT #352]
4580 485. [func] When dig had more than one server to query, it would
4581 send all of the messages at the same time. Add
4582 rate limiting of the transmitted messages.
4584 484. [bug] When the server was reloaded after removing addresses
4585 from the named.conf "listen-on" statement, sockets
4586 were still listening on the removed addresses due
4587 to reference count loops. [RT #325]
4589 483. [bug] nslookup: "set all" showed a "search" option but it
4592 482. [bug] nslookup: a plain "server" or "lserver" should be
4593 treated as a lookup.
4595 481. [bug] nslookup:get_next_command() stack size could exceed
4598 480. [bug] strtok() is not thread safe. [RT #349]
4600 479. [func] The test suite can now be run by typing "make check"
4601 or "make test" at the top level.
4603 478. [bug] "make install" failed if the directory specified with
4604 --prefix did not already exist.
4606 477. [bug] The the isc-config.sh script could be installed before
4607 its directory was created. [RT #324]
4609 476. [bug] A zone could expire while a zone transfer was in
4610 progress triggering a INSIST failure. [RT #329]
4612 475. [bug] query_getzonedb() sometimes returned a non-null version
4613 on failure. This caused assertion failures when
4614 generating query responses where names subject to
4615 additional section processing pointed to a zone
4616 to which access had been denied by means of the
4617 allow-query option. [RT #336]
4619 474. [bug] The mnemonic of the CHAOS class is CH according to
4620 RFC1035, but it was printed and read only as CHAOS.
4621 We now accept both forms as input, and print it
4624 473. [bug] nsupdate overran the end of the list of name servers
4625 when no servers could be reached, typically causing
4626 it to print the error message "dns_request_create:
4629 472. [bug] Off-by-one error caused isc_time_add() to sometimes
4630 produce invalid time values.
4632 471. [bug] nsupdate didn't compile on HP/UX 10.20
4634 470. [func] $GENERATE is now supported. See also
4637 469. [bug] "query-source address * port 53;" now works.
4639 468. [bug] dns_master_load*() failed to report file and line
4640 number in certain error conditions.
4642 467. [bug] dns_master_load*() failed to log an error if
4645 466. [bug] dns_master_load*() could return success when it failed.
4647 465. [cleanup] Allow 0 to be set as an omapi_value_t value by
4648 omapi_value_storeint().
4650 464. [cleanup] Build with openssl's RSA code instead of dnssafe.
4652 463. [bug] nsupdate sent malformed SOA queries to the second
4653 and subsequent name servers in resolv.conf if the
4654 query sent to the first one failed.
4656 462. [bug] --disable-ipv6 should work now.
4658 461. [bug] Specifying an unknown key in the "keys" clause of the
4659 "controls" statement caused a NULL pointer dereference.
4662 460. [bug] Much of the DNSSEC code only worked with class IN.
4664 459. [bug] Nslookup processed the "set" command incorrectly.
4666 458. [bug] Nslookup didn't properly check class and type values.
4669 457. [bug] Dig/host/hslookup didn't properly handle connect
4670 timeouts in certain situations, causing an
4671 unnecessary warning message to be printed.
4673 456. [bug] Stub zones were not resetting the refresh and expire
4674 counters, loadtime or clearing the DNS_ZONE_REFRESH
4675 (refresh in progress) flag upon successful update.
4676 This disabled further refreshing of the stub zone,
4677 causing it to eventually expire. [RT #300]
4679 455. [doc] Document IPv4 prefix notation does not require a
4680 dotted decimal quad but may be just dotted decimal.
4682 454. [bug] Enforce dotted decimal and dotted decimal quad where
4683 documented as such in named.conf. [RT #304, RT #311]
4685 453. [bug] Warn if the obsolete option "maintain-ixfr-base"
4686 is specified in named.conf. [RT #306]
4688 452. [bug] Warn if the unimplemented option "statistics-file"
4689 is specified in named.conf. [RT #301]
4691 451. [func] Update forwarding implememted.
4693 450. [func] New function ns_client_sendraw().
4695 449. [bug] isc_bitstring_copy() only works correctly if the
4696 two bitstrings have the same lsb0 value, but this
4697 requirement was not documented, nor was there a
4700 448. [bug] Host output formatting change, to match v8. [RT #255]
4702 447. [bug] Dig didn't properly retry in TCP mode after
4703 a truncated reply. [RT #277]
4705 446. [bug] Confusing notify log message. [RT #298]
4707 445. [bug] Doing a 0 bit isc_bitstring_copy() of an lsb0
4708 bitstring triggered a REQUIRE statement. The REQUIRE
4709 statement was incorrect. [RT #297]
4711 444. [func] "recursion denied" messages are always logged at
4712 debug level 1, now, rather than sometimes at ERROR.
4713 This silences these warnings in the usual case, where
4714 some clients set the RD bit in all queries.
4716 443. [bug] When loading a master file failed because of an
4717 unrecognized RR type name, the error message
4718 did not include the file name and line number.
4721 442. [bug] TSIG signed messages that did not match any view
4722 crashed the server. [RT #290]
4724 441. [bug] Nodes obscured by a DNAME were inaccessible even
4725 when DNS_DBFIND_GLUEOK was set.
4727 440. [func] New function dns_zone_forwardupdate().
4729 439. [func] New function dns_request_createraw().
4731 438. [func] New function dns_message_getrawmessage().
4733 437. [func] Log NOTIFY activity to the notify channel.
4735 436. [bug] If recvmsg() returned EHOSTUNREACH or ENETUNREACH,
4736 which sometimes happens on Linux, named would enter
4737 a busy loop. Also, unexpected socket errors were
4738 not logged at a high enough logging level to be
4739 useful in diagnosing this situation. [RT #275]
4741 435. [bug] dns_zone_dump() overwrote existing zone files
4742 rather than writing to a temporary file and
4743 renaming. This could lead to empty or partial
4744 zone files being left around in certain error
4745 conditions involving the initial transfer of a
4746 slave zone, interfering with subsequent server
4749 434. [func] New function isc_file_isabsolute().
4751 433. [func] isc_base64_decodestring() now accepts newlines
4752 within the base64 data. This makes it possible
4753 to break up the key data in a "trusted-keys"
4754 statement into multiple lines. [RT #284]
4756 432. [func] Added refresh/retry jitter. The actual refresh/
4757 retry time is now a random value between 75% and
4758 100% of the configured value.
4760 431. [func] Log at ISC_LOG_INFO when a zone is successfully
4763 430. [bug] Rewrote the lightweight resolver client management
4764 code to handle shutdown correctly and general
4767 429. [bug] The space reserved for a TSIG record in a response
4768 was 2 bytes too short, leading to message
4769 generation failures.
4771 428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
4772 DNS_R_BADDB for nodes which had neither NXT nor SIG NXT
4773 (e.g. glue). This could cause SERVFAILs when
4774 generating negative responses in a secure zone.
4776 427. [bug] Avoid going into an infinite loop when the validator
4777 gets a negative response to a key query where the
4778 records are signed by the missing key.
4780 426. [bug] Attempting to generate an oversized RSA key could
4781 cause dnssec-keygen to dump core.
4783 425. [bug] Warn about the auth-nxdomain default value change
4784 if there is no auth-nxdomain statement in the
4785 config file. [RT #287]
4787 424. [bug] notify_createmessage() could trigger an assertion
4788 failure when creating the notify message failed,
4789 e.g. due to corrupt zones with multiple SOA records.
4792 423. [bug] When responding to a recusive query, errors that occur
4793 after following a CNAME should cause the query to fail.
4796 422. [func] get rid of isc_random_t, and make isc_random_get()
4797 and isc_random_jitter() use rand() internally
4798 instead of local state. Note that isc_random_*()
4799 functions are only for weak, non-critical "randomness"
4800 such as timing jitter and such.
4802 421. [bug] nslookup would exit when given a blank line as input.
4804 420. [bug] nslookup failed to implement the "exit" command.
4806 419. [bug] The certificate type PKIX was misspelled as SKIX.
4808 418. [bug] At debug levels >= 10, getting an unexpected
4809 socket receive error would crash the server
4810 while trying to log the error message.
4812 417. [func] Add isc_app_block() and isc_app_unblock(), which
4813 allow an application to handle signals while
4816 416. [bug] Slave zones with no master file tried to use a
4817 NULL pointer for a journal file name when they
4818 received an IXFR. [RT #273]
4820 415. [bug] The logging code leaked file descriptors.
4822 414. [bug] Server did not shut down until all incoming zone
4823 transfers were finished.
4825 413. [bug] Notify could attempt to use the zone database after
4826 it had been unloaded. [RT#267]
4828 412. [bug] named -v didn't print the version.
4830 411. [bug] A typo in the HS A code caused an assertion failure.
4832 410. [bug] lwres_gethostbyname() and company set lwres_h_errno
4833 to a random value on success.
4835 409. [bug] If named was shut down early in the startup
4836 process, ns_omapi_shutdown() would attempt to lock
4837 an unintialized mutex. [RT #262]
4839 408. [bug] stub zones could leak memory and reference counts if
4840 all the masters were unreachable.
4842 407. [bug] isc_rwlock_lock() would needlessly block
4843 readers when it reached the read quota even
4844 if no writers were waiting.
4846 406. [bug] Log messages were occasionally lost or corrupted
4847 due to a race condition in isc_log_doit().
4849 405. [func] Add support for selective forwarding (forward zones)
4851 404. [bug] The request library didn't completely work with IPv6.
4853 403. [bug] "host" did not use the search list.
4855 402. [bug] Treat undefined acls as errors, rather than
4856 warning and then later throwing an assertion.
4859 401. [func] Added simple database API.
4861 400. [bug] SIG(0) signing and verifying was done incorrectly.
4864 399. [bug] When reloading the server with a config file
4865 containing a syntax error, it could catch an
4866 assertion failure trying to perform zone
4867 maintenance on, or sending notifies from,
4868 tentatively created zones whose views were
4869 never fully configured and lacked an address
4870 database and request manager.
4872 398. [bug] "dig" sometimes caught an assertion failure when
4873 using TSIG, depending on the key length.
4875 397. [func] Added utility functions dns_view_gettsig() and
4876 dns_view_getpeertsig().
4878 396. [doc] There is now a man page for "nsupdate"
4879 in doc/man/bin/nsupdate.8.
4881 395. [bug] nslookup printed incorrect RR type mnemonics
4882 for RRs of type >= 21 [RT #237].
4884 394. [bug] Current name was not propagated via $INCLUDE.
4886 393. [func] Initial answer while loading (awl) support.
4887 Entry points: dns_master_loadfileinc(),
4888 dns_master_loadstreaminc(), dns_master_loadbufferinc().
4889 Note: calls to dns_master_load*inc() should be rate
4890 be rate limited so as to not use up all file
4893 392. [func] Add ISC_R_FAMILYNOSUPPORT. Returned when OS does
4894 not support the given address family requested.
4896 391. [clarity] ISC_R_FAMILY -> ISC_R_FAMILYMISMATCH.
4898 390. [func] The function dns_zone_setdbtype() now takes
4899 an argc/argv style vector of words and sets
4900 both the zone database type and its arguments,
4901 making the functions dns_zone_adddbarg()
4902 and dns_zone_cleardbargs() unnecessary.
4904 389. [bug] Attempting to send a reqeust over IPv6 using
4905 dns_request_create() on a system without IPv6
4906 support caused an assertion failure [RT #235].
4908 388. [func] dig and host can now do reverse ipv6 lookups.
4910 387. [func] Add dns_byaddr_createptrname(), which converts
4911 an address into the name used by a PTR query.
4913 386. [bug] Missing strdup() of ACL name caused random
4914 ACL matching failures [RT #228].
4916 385. [cleanup] Removed functions dns_zone_equal(), dns_zone_print(),
4919 384. [bug] nsupdate was incorrectly limiting TTLs to 65535 instead
4922 383. [func] When writing a master file, print the SOA and NS
4923 records (and their SIGs) before other records.
4925 382. [bug] named -u failed on many Linux systems where the
4926 libc provided kernel headers do not match
4929 381. [bug] Check for IPV6_RECVPKTINFO and use it instead of
4930 IPV6_PKTINFO if found. [RT #229]
4932 380. [bug] nsupdate didn't work with IPv6.
4934 379. [func] New library function isc_sockaddr_anyofpf().
4936 378. [func] named and lwresd will log the command line arguments
4937 they were started with in the "starting ..." message.
4939 377. [bug] When additional data lookups were refused due to
4940 "allow-query", the databases were still being
4941 attached causing reference leaks.
4943 376. [bug] The server should always use good entropy when
4944 performing cryptographic functions needing entropy.
4946 375. [bug] Per-zone "allow-query" did not properly override the
4947 view/global one for CNAME targets and additional
4950 374. [bug] SOA in authoritative negative responses had wrong TTL.
4952 373. [func] nslookup is now installed by "make install".
4954 372. [bug] Deal with Microsoft DNS servers appending two bytes of
4955 garbage to zone transfer requests.
4957 371. [bug] At high debug levels, doing an outgoing zone transfer
4958 of a very large RRset could cause an assertion failure
4961 370. [bug] The error messages for rollforward failures were
4964 369. [func] Support new named.conf options, view and zone
4967 max-retry-time, min-retry-time,
4968 max-refresh-time, min-refresh-time.
4970 368. [func] Restructure the internal ".bind" view so that more
4971 zones can be added to it.
4973 367. [bug] Allow proper selection of server on nslookup command
4976 366. [func] Allow use of '-' batch file in dig for stdin.
4978 365. [bug] nsupdate -k leaked memory.
4980 364. [func] Added additional-from-{cache,auth}
4982 362. [bug] rndc no longer aborts if the configuration file is
4983 missing an options statement. [RT #209]
4985 361. [func] When the RBT find or chain functions set the name and
4986 origin for a node that stores the root label
4987 the name is now set to an empty name, instead of ".",
4988 to simplify later use of the name and origin by
4989 dns_name_concatenate(), dns_name_totext() or
4992 360. [func] dns_name_totext() and dns_name_format() now allow
4993 an empty name to be passed, which is formatted as "@".
4995 359. [bug] dnssec-signzone occasionally signed glue records.
4997 358. [cleanup] Rename the intermediate files used by the dnssec
5000 357. [bug] The zone file parser crashed if the argument
5001 to $INCLUDE was a quoted string.
5003 356. [cleanup] isc_task_send no longer requires event->sender to
5006 355. [func] Added isc_dir_createunique(), similar to mkdtemp().
5008 354. [doc] Man pages for the dnssec tools are now included in
5009 the distribution, in doc/man/dnssec.
5011 353. [bug] double increment in lwres/gethost.c:copytobuf().
5014 352. [bug] Race condition in dns_client_t startup could cause
5015 an assertion failure.
5017 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG
5018 signed query could crash the server.
5020 350. [bug] Also-notify lists specified in the global options
5021 block were not correctly reference counted, causing
5024 349. [bug] Processing a query with the CD bit set now works
5027 348. [func] New boolean named.conf options 'additional-from-auth'
5028 and 'additional-from-cache' now supported in view and
5029 global options statement.
5031 347. [bug] Don't crash if an argument is left off options in dig.
5033 346. [func] Add support for .digrc config file, in the
5034 user's current directory.
5036 345. [bug] Large-scale changes/cleanups to dig:
5037 * Significantly improve structure handling
5038 * Don't pre-load entire batch files
5039 * Add name/rr counting/limiting
5040 * Fix SIGINT handling
5041 * Shorten timeouts to match v8's behavior
5043 344. [bug] When shutting down, lwresd sometimes tried
5044 to shut down its client tasks twice,
5045 triggering an assertion.
5047 343. [bug] Although zone maintenance SOA queries and
5048 notify requests were signed with TSIG keys
5049 when configured for the server in case,
5050 the TSIG was not verified on the response.
5052 342. [bug] The wrong name was being passed to
5053 dns_name_dup() when generating a TSIG
5056 341. [func] Support 'key' clause in named.conf zone masters
5057 statement to allow authentication via TSIG keys:
5060 10.0.0.1 port 5353 key "foo";
5064 340. [bug] The top-level COPYRIGHT file was missing from
5067 339. [bug] DNSSEC validation of the response to an ANY
5068 query at a name with a CNAME RR in a secure
5069 zone triggered an assertion failure.
5071 338. [bug] lwresd logged to syslog as named, not lwresd.
5073 337. [bug] "dig" did not recognize "nsap-ptr" as an RR type
5074 on the command line.
5076 336. [bug] "dig -f" used 64 k of memory for each line in
5077 the file. It now uses much less, though still
5078 proportionally to the file size.
5080 335. [bug] named would occasionally attempt recursion when
5081 it was disallowed or undesired.
5083 334. [func] Added hmac-md5 to libisc.
5085 333. [bug] The resolver incorrectly accepted referrals to
5086 domains that were not parents of the query name,
5087 causing assertion failures.
5089 332. [func] New function dns_name_reset().
5091 331. [bug] Only log "recursion denied" if RD is set. [RT #178]
5093 330. [bug] Many debugging messages were partially formatted
5094 even when debugging was turned off, causing a
5095 significant decrease in query performance.
5097 329. [func] omapi_auth_register() now takes a size_t argument for
5098 the length of a key's secret data. Previously
5099 OMAPI only stored secrets up to the first NUL byte.
5101 328. [func] Added isc_base64_decodestring().
5103 327. [bug] rndc.conf parser wasn't correctly recognising an IP
5104 address where a host specification was required.
5106 326. [func] 'keys' in an 'inet' control statement is now
5107 required and must have at least one item in it.
5108 A "not supported" warning is now issued if a 'unix'
5109 control channel is defined.
5111 325. [bug] isc_lex_gettoken was processing octal strings when
5112 ISC_LEXOPT_CNUMBER was not set.
5114 324. [func] In the resolver, turn EDNS0 off if there is no
5115 response after a number of retransmissions.
5116 This is to allow queries some chance of succeeding
5117 even if all the authoritative servers of a zone
5118 silently discard EDNS0 requests instead of
5119 sending an error response like they ought to.
5121 323. [bug] dns_rbt_findname() did not ignore empty rbt nodes.
5122 Because of this, servers authoritative for a parent
5123 and grandchild zone but not authoritative for the
5124 intervening child zone did not correctly issue
5125 referrals to the servers of the child zone.
5127 322. [bug] Queries for KEY RRs are now sent to the parent
5128 server before the authoritative one, making
5129 DNSSEC insecurity proofs work in many cases
5130 where they previously didn't.
5132 321. [bug] When synthesizing a CNAME RR for a DNAME
5133 response, query_addcname() failed to intitialize
5134 the type and class of the CNAME dns_rdata_t,
5135 causing random failures.
5137 320. [func] Multiple rndc changes: parses an rndc.conf file,
5138 uses authentication to talk to named, command
5139 line syntax changed. This will all be described
5142 319. [func] The named.conf "controls" statement is now used
5143 to configure the OMAPI command channel.
5145 318. [func] dns_c_ndcctx_destroy() could never return anything
5146 except ISC_R_SUCCESS; made it have void return instead.
5148 317. [func] Use callbacks from libomapi to determine if a
5149 new connection is valid, and if a key requested
5150 to be used with that connection is valid.
5152 316. [bug] Generate a warning if we detect an unexpected <eof>
5153 but treat as <eol><eof>.
5155 315. [bug] Handle non-empty blanks lines. [RT #163]
5157 314. [func] The named.conf controls statement can now have
5158 more than one key specified for the inet clause.
5160 313. [bug] When parsing resolv.conf, don't terminate on an
5161 error. Instead, parse as much as possible, but
5162 still return an error if one was found.
5164 312. [bug] Increase the number of allowed elements in the
5165 resolv.conf search path from 6 to 8. If there
5166 are more than this, ignore the remainder rather
5167 than returning a failure in lwres_conf_parse.
5169 311. [bug] lwres_conf_parse failed when the first line of
5170 resolv.conf was empty or a comment.
5172 310. [func] Changes to named.conf "controls" statement (inet
5175 - support "keys" clause
5179 allow { any; } keys { "foo"; }
5182 - allow "port xxx" to be left out of statement,
5183 in which case it defaults to omapi's default port
5186 309. [bug] When sending a referral, the server did not look
5187 for name server addresses as glue in the zone
5188 holding the NS RRset in the case where this zone
5189 was not the same as the one where it looked for
5190 name server addresses as authoritative data.
5192 308. [bug] Treat a SOA record not at top of zone as an error
5193 when loading a zone. [RT #154]
5195 307. [bug] When canceling a query, the resolver didn't check for
5196 isc_socket_sendto() calls that did not yet have their
5197 completion events posted, so it could (rarely) end up
5198 destroying the query context and then want to use
5199 it again when the send event posted, triggering an
5200 assertion as it tried to cancel an already-canceled
5203 306. [bug] Reading HMAC-MD5 private key files didn't work.
5205 305. [bug] When reloading the server with a config file
5206 containing a syntax error, it could catch an
5207 assertion failure trying to perform zone
5208 maintenance on tentatively created zones whose
5209 views were never fully configured and lacked
5210 an address database.
5212 304. [bug] If more than LWRES_CONFMAXNAMESERVERS servers
5213 are listed in resolv.conf, silently ignore them
5214 instead of returning failure.
5216 303. [bug] Add additional sanity checks to differentiate a AXFR
5217 response vs a IXFR response. [RT #157]
5219 302. [bug] In dig, host, and nslookup, MXNAME should be large
5220 enough to hold any legal domain name in presentation
5221 format + terminating NULL.
5223 301. [bug] Uninitialized pointer in host:printmessage(). [RT #159]
5225 300. [bug] Using both <isc/net.h> and <lwres/net.h> didn't work
5226 on platforms lacking IPv6 because each included their
5227 own ipv6 header file for the missing definitions. Now
5228 each library's ipv6.h defines the wrapper symbol of
5229 the other (ISC_IPV6_H and LWRES_IPV6_H).
5231 299. [cleanup] Get the user and group information before changing the
5232 root directory, so the administrator does not need to
5233 keep a copy of the user and group databases in the
5234 chroot'ed environment. Suggested by Hakan Olsson.
5236 298. [bug] A mutex deadlock occurred during shutdown of the
5237 interface manager under certain conditions.
5238 Digital Unix systems were the most affected.
5240 297. [bug] Specifying a key name that wasn't fully qualified
5241 in certain parts of the config file could cause
5242 an assertion failure.
5244 296. [bug] "make install" from a separate build directory
5245 failed unless configure had been run in the source
5248 295. [bug] When invoked with type==CNAME and a message
5249 not constructed by dns_message_parse(),
5250 dns_message_findname() failed to find anything
5251 due to checking for attribute bits that are set
5252 only in dns_message_parse(). This caused an
5253 infinite loop when constructing the response to
5254 an ANY query at a CNAME in a secure zone.
5256 294. [bug] If we run out of space in while processing glue
5257 when reading a master file and commit "current name"
5258 reverts to "name_current" instead of staying as
5261 293. [port] Add support for FreeBSD 4.0 system tests.
5263 292. [bug] Due to problems with the way some operating systems
5264 handle simultaneous listening on IPv4 and IPv6
5265 addresses, the server no longer listens on IPv6
5266 addresses by default. To revert to the previous
5267 behavior, specify "listen-on-v6 { any; };" in
5270 291. [func] Caching servers no longer send outgoing queries
5271 over TCP just because the incoming recursive query
5274 290. [cleanup] +twiddle option to dig (for testing only) removed.
5276 289. [cleanup] dig is now installed in $bindir instead of $sbindir.
5277 host is now installed in $bindir. (Be sure to remove
5278 any $sbindir/dig from a previous release.)
5280 288. [func] rndc is now installed by "make install" into $sbindir.
5282 287. [bug] rndc now works again as "rndc 127.1 reload" (for
5283 only that task). Parsing its configuration file and
5284 using digital signatures for authentication has been
5285 disabled until named supports the "controls" statement,
5288 286. [bug] On Solaris 2, when named inherited a signal state
5289 where SIGHUP had the SIG_IGN action, SIGHUP would
5290 be ignored rather than causing the server to reload
5293 285. [bug] A change made to the dst API for beta4 inadvertently
5294 broke OMAPI's creation of a dst key from an incoming
5295 message, causing an assertion to be triggered. Fixed.
5297 284. [func] The DNSSEC key generation and signing tools now
5298 generate randomness from keyboard input on systems
5299 that lack /dev/random.
5301 283. [cleanup] The 'lwresd' program is now a link to 'named'.
5303 282. [bug] The lexer now returns ISC_R_RANGE if parsed integer is
5304 too big for an unsigned long.
5306 281. [bug] Fixed list of recognized config file category names.
5308 280. [func] Add isc-config.sh, which can be used to more
5309 easily build applications that link with
5312 279. [bug] Private omapi function symbols shared between
5313 two or more files in libomapi.a were not namespace
5314 protected using the ISC convention of starting with
5315 the library name and two underscores ("omapi__"...)
5317 278. [bug] bin/named/logconf.c:category_fromconf() didn't take
5318 note of when isc_log_categorybyname() wasn't able
5319 to find the category name and would then apply the
5320 channel list of the unknown category to all categories.
5322 277. [bug] isc_log_categorybyname() and isc_log_modulebyname()
5323 would fail to find the first member of any category
5324 or module array apart from the internal defaults.
5325 Thus, for example, the "notify" category was improperly
5326 configured by named.
5328 276. [bug] dig now supports maximum sized TCP messages.
5330 275. [bug] The definition of lwres_gai_strerror() was missing
5333 274. [bug] TSIG AXFR verify failed when talking to a BIND 8
5336 273. [func] The default for the 'transfer-format' option is
5337 now 'many-answers'. This will break zone transfers
5338 to BIND 4.9.5 and older unless there is an explicit
5339 'one-answer' configuration.
5341 272. [bug] The sending of large TCP responses was canceled
5342 in mid-transmission due to a race condition
5343 caused by the failure to set the client object's
5344 "newstate" variable correctly when transitioning
5345 to the "working" state.
5347 271. [func] Attempt to probe the number of cpus in named
5348 if unspecified rather than defaulting to 1.
5350 270. [func] Allow maximum sized TCP answers.
5352 269. [bug] Failed DNSSEC validations could cause an assertion
5353 failure by causing clone_results() to be called with
5354 with hevent->node == NULL.
5356 268. [doc] A plain text version of the Administrator
5357 Reference Manual is now included in the distribution,
5358 as doc/arm/Bv9ARM.txt.
5360 267. [func] Nsupdate is now provided in the distribution.
5362 266. [bug] zone.c:save_nsrrset() node was not initialized.
5364 265. [bug] dns_request_create() now works for TCP.
5366 264. [func] Dispatch can not take TCP sockets in connecting
5367 state. Set DNS_DISPATCHATTR_CONNECTED when calling
5368 dns_dispatch_createtcp() for connected TCP sockets
5369 or call dns_dispatch_starttcp() when the socket is
5372 263. [func] New logging channel type 'stderr'
5379 262. [bug] 'master' was not initialized in zone.c:stub_callback().
5381 261. [func] Add dns_zone_markdirty().
5383 260. [bug] Running named as a non-root user failed on Linux
5384 kernels new enough to support retaining capabilities
5387 259. [func] New random-device and random-seed-file statements
5388 for global options block of named.conf. Both accept
5389 a single string argument.
5391 258. [bug] Fixed printing of lwres_addr_t.address field.
5393 257. [bug] The server detached the last zone manager reference
5394 too early, while it could still be in use by queries.
5395 This manifested itself as assertion failures during the
5396 shutdown process for busy name servers. [RT #133]
5398 256. [func] isc_ratelimiter_t now has attach/detach semantics, and
5399 isc_ratelimiter_shutdown guarantees that the rate
5400 limiter is detached from its task.
5402 255. [func] New function dns_zonemgr_attach().
5404 254. [bug] Suppress "query denied" messages on additional data
5407 --- 9.0.0b4 released ---
5409 253. [func] resolv.conf parser now recognises ';' and '#' as
5410 comments (anywhere in line, not just as the beginning).
5412 252. [bug] resolv.conf parser mishandled masks on sortlists.
5413 It also aborted when an unrecognized keyword was seen,
5414 now it silently ignores the entire line.
5416 251. [bug] lwresd caught an assertion failure on startup.
5418 250. [bug] fixed handling of size+unit when value would be too
5419 large for internal representation.
5421 249. [cleanup] max-cache-size config option now takes a size-spec
5422 like 'datasize', except 'default' is not allowed.
5424 248. [bug] global lame-ttl option was not being printed when
5425 config structures were written out.
5427 247. [cleanup] Rename cache-size config option to max-cache-size.
5429 246. [func] Rename global option cachesize to cache-size and
5430 add corresponding option to view statement.
5432 245. [bug] If an uncompressed name will take more than 255
5433 bytes and the buffer is sufficiently long,
5434 dns_name_fromwire should return DNS_R_FORMERR,
5435 not ISC_R_NOSPACE. This bug caused cause the
5436 server to catch an assertion failure when it
5437 received a query for a name longer than 255
5440 244. [bug] empty named.conf file and empty options statement are
5441 now parsed properly.
5443 243. [func] new cachesize option for named.conf
5445 242. [cleanup] fixed incorrect warning about auth-nxdomain usage.
5447 241. [cleanup] nscount and soacount have been removed from the
5448 dns_master_*() argument lists.
5450 240. [func] databases now come in three flavours: zone, cache
5453 239. [func] If ISC_MEM_DEBUG is enabled, the variable
5454 isc_mem_debugging controls whether messages
5457 238. [cleanup] A few more compilation warnings have been quieted:
5458 + missing sigwait prototype on BSD/OS 4.0/4.0.1.
5459 + PTHREAD_ONCE_INIT unbraced initializer warnings on
5461 + IN6ADDR_ANY_INIT unbraced initializer warnings on
5462 BSD/OS 4.*, Linux and Solaris 2.8.
5464 237. [bug] If connect() returned ENOBUFS when the resolver was
5465 initiating a TCP query, the socket didn't get
5466 destroyed, and the server did not shut down cleanly.
5468 236. [func] Added new listen-on-v6 config file statement.
5470 235. [func] Consider it a config file error if a listen-on
5471 statement has an IPv6 address in it, or a
5472 listen-on-v6 statement has an IPv4 address in it.
5474 234. [bug] Allow a trusted-key's first field (domain-name) be
5475 either a quoted or an unquoted string, instead of
5476 requiring a quoted string.
5478 233. [cleanup] Convert all config structure integer values to unsigned
5479 integer (isc_uint32_t) to match grammer.
5481 232. [bug] Allow slave zones to not have a file.
5483 231. [func] Support new 'port' clause in config file options
5484 section. Causes 'listen-on', 'masters' and
5485 'also-notify' statements to use its value instead of
5488 230. [func] Replace the dst sign/verify API with a cleaner one.
5490 229. [func] Support config file sig-validity-interval statement
5491 in options, views and zone statements (master
5494 228. [cleanup] Logging messages in config module stripped of
5497 227. [cleanup] The enumerated identifiers dns_rdataclass_*,
5498 dns_rcode_*, dns_opcode_*, and dns_trust_* are
5499 also now cast to their appropriate types, as with
5500 dns_rdatatype_* in item number 225 below.
5502 226. [func] dns_name_totext() now always prints the root name as
5503 '.', even when omit_final_dot is true.
5505 225. [cleanup] The enumerated dns_rdatatype_* identifiers are now
5506 cast to dns_rdatatype_t via macros of their same name
5507 so that they are of the proper integral type wherever
5508 a dns_rdatatype_t is needed.
5510 224. [cleanup] The entire project builds cleanly with gcc's
5511 -Wcast-qual and -Wwrite-strings warnings enabled,
5512 which is now the default when using gcc. (Warnings
5513 from confparser.c, because of yacc's code, are
5514 unfortunately to be expected.)
5516 223. [func] Several functions were reprototyped to qualify one
5517 or more of their arguments with "const". Similarly,
5518 several functions that return pointers now have
5519 those pointers qualified with const.
5521 222. [bug] The global 'also-notify' option was ignored.
5523 221. [bug] An uninitialized variable was sometimes passed to
5524 dns_rdata_freestruct() when loading a zone, causing
5525 an assertion failure.
5527 220. [cleanup] Set the default outgoing port in the view, and
5528 set it in sockaddrs returned from the ADB.
5529 [31-May-2000 explorer]
5531 219. [bug] Signed truncated messages more correctly follow
5532 the respective specs.
5534 218. [func] When an rdataset is signed, its ttl is normalized
5535 based on the signature validity period.
5537 217. [func] Also-notify and trusted-keys can now be used in
5538 the 'view' statement.
5540 216. [func] The 'max-cache-ttl' and 'max-ncache-ttl' options
5543 215. [bug] Failures at certain points in request processing
5544 could cause the assertion INSIST(client->lockview
5545 == NULL) to be triggered.
5547 214. [func] New public function isc_netaddr_format(), for
5548 formatting network addresses in log messages.
5550 213. [bug] Don't leak memory when reloading the zone if
5551 an update-policy clause was present in the old zone.
5553 212. [func] Added dns_message_get/settsigkey, to make TSIG
5554 key management reasonable.
5556 211. [func] The 'key' and 'server' statements can now occur
5557 inside 'view' statements.
5559 210. [bug] The 'allow-transfer' option was ignored for slave
5560 zones, and the 'transfers-per-ns' option was
5561 was ignored for all zones.
5563 209. [cleanup] Upgraded openssl files to new version 0.9.5a
5565 208. [func] Added ISC_OFFSET_MAXIMUM for the maximum value
5568 207. [func] The dnssec tools properly use the logging subsystem.
5570 206. [cleanup] dst now stores the key name as a dns_name_t, not
5573 205. [cleanup] On IRIX, turn off the mostly harmless warnings 1692
5574 ("prototyped function redeclared without prototype")
5575 and 1552 ("variable ... set but not used") when
5576 compiling in the lib/dns/sec/{dnssafe,openssl}
5577 directories, which contain code imported from outside
5580 204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
5581 to quiet the warnings that "The linked output may not
5582 run on a PA 1.x system."
5584 203. [func] notify and zone soa queries are now tsig signed when
5587 202. [func] isc_lex_getsourceline() changed from returning int
5588 to returning unsigned long, the type of its underlying
5591 201. [cleanup] Removed the test/sdig program, it has been
5592 replaced by bin/dig/dig.
5595 --- 9.0.0b3 released ---
5597 200. [bug] Failures in sending query responses to clients
5598 (e.g., running out of network buffers) were
5601 199. [bug] isc_heap_delete() sometimes violated the heap
5602 invariant, causing timer events not to be posted
5605 198. [func] Dispatch managers hold memory pools which
5606 any managed dispatcher may use. This allows
5607 us to avoid dipping into the memory context for
5608 most allocations. [19-May-2000 explorer]
5610 197. [bug] When an incoming AXFR or IXFR completes, the
5611 zone's internal state is refreshed from the
5612 SOA data. [19-May-2000 explorer]
5614 196. [func] Dispatchers can be shared easily between views
5615 and/or interfaces. [19-May-2000 explorer]
5617 195. [bug] Including the NXT record of the root domain
5618 in a negative response caused an assertion
5621 194. [doc] The PDF version of the Administrator's Reference
5622 Manual is no longer included in the ISC BIND9
5625 193. [func] changed dst_key_free() prototype.
5627 192. [bug] Zone configuration validation is now done at end
5628 of config file parsing, and before loading
5631 191. [func] Patched to compile on UnixWare 7.x. This platform
5632 is not directly supported by the ISC.
5634 190. [cleanup] The DNSSEC tools have been moved to a separate
5635 directory dnssec/ and given the following new,
5636 more descriptive names:
5643 Their command line arguments have also been changed to
5644 be more consistent. dnssec-keygen now prints the
5645 name of the generated key files (sans extension)
5646 on standard output to simplify its use in automated
5649 189. [func] isc_time_secondsastimet(), a new function, will ensure
5650 that the number of seconds in an isc_time_t does not
5651 exceed the range of a time_t, or return ISC_R_RANGE.
5652 Similarly, isc_time_now(), isc_time_nowplusinterval(),
5653 isc_time_add() and isc_time_subtract() now check the
5654 range for overflow/underflow. In the case of
5655 isc_time_subtract, this changed a calling requirement
5656 (ie, something that could generate an assertion)
5657 into merely a condition that returns an error result.
5658 isc_time_add() and isc_time_subtract() were void-
5659 valued before but now return isc_result_t.
5661 188. [func] Log a warning message when an incoming zone transfer
5662 contains out-of-zone data.
5664 187. [func] isc_ratelimter_enqueue() has an additional argument
5667 186. [func] dns_request_getresponse() has an additional argument
5670 185. [bug] Fixed up handling of ISC_MEMCLUSTER_LEGACY. Several
5671 public functions did not have an isc__ prefix, and
5672 referred to functions that had previously been
5675 184. [cleanup] Variables/functions which began with two leading
5676 underscores were made to conform to the ANSI/ISO
5677 standard, which says that such names are reserved.
5679 183. [func] ISC_LOG_PRINTTAG option for log channels. Useful
5680 for logging the program name or other identifier.
5682 182. [cleanup] New commandline parameters for dnssec tools
5684 181. [func] Added dst_key_buildfilename and dst_key_parsefilename
5686 180. [func] New isc_result_t ISC_R_RANGE. Supersedes DNS_R_RANGE.
5688 179. [func] options named.conf statement *must* now come
5689 before any zone or view statements.
5691 178. [func] Post-load of named.conf check verifies a slave zone
5692 has non-empty list of masters defined.
5694 177. [func] New per-zone boolean:
5696 enable-zone yes | no ;
5698 intended to let a zone be disabled without having
5699 to comment out the entire zone statement.
5701 176. [func] New global and per-view option:
5703 max-cache-ttl number
5705 175. [func] New global and per-view option:
5707 additional-data internal | minimal | maximal;
5709 174. [func] New public function isc_sockaddr_format(), for
5710 formatting socket addresses in log messages.
5712 173. [func] Keep a queue of zones waiting for zone transfer
5713 quota so that a new transfer can be dispatched
5714 immediately whenever quota becomes available.
5716 172. [bug] $TTL directive was sometimes missing from dumped
5717 master files because totext_ctx_init() failed to
5718 initialize ctx->current_ttl_valid.
5720 171. [cleanup] On NetBSD systems, the mit-pthreads or
5721 unproven-pthreads library is now always used
5722 unless --with-ptl2 is explicitly specified on
5723 the configure command line. The
5724 --with-mit-pthreads option is no longer needed
5725 and has been removed.
5727 170. [cleanup] Remove inter server consistancy checks from zone,
5728 these should return as a seperate module in 9.1.
5729 dns_zone_checkservers(), dns_zone_checkparents(),
5730 dns_zone_checkchildren(), dns_zone_checkglue().
5732 Remove dns_zone_setadb(), dns_zone_setresolver(),
5733 dns_zone_setrequestmgr() these should now be found
5736 169. [func] ratelimiter can now process N events per interval.
5738 168. [bug] include statements in named.conf caused syntax errors
5739 due to not consuming the semicolon ending the include
5740 statement before switching input streams.
5742 167. [bug] Make lack of masters for a slave zone a soft error.
5744 166. [bug] Keygen was overwriting existing keys if key_id
5745 conflicted, now it will retry, and non-null keys
5746 with key_id == 0 are not generated anymore. Key
5747 was not able to generate NOAUTHCONF DSA key,
5748 increased RSA key size to 2048 bits.
5750 165. [cleanup] Silence "end-of-loop condition not reached" warnings
5751 from Solaris compiler.
5753 164. [func] Added functions isc_stdio_open(), isc_stdio_close(),
5754 isc_stdio_seek(), isc_stdio_read(), isc_stdio_write(),
5755 isc_stdio_flush(), isc_stdio_sync(), isc_file_remove()
5756 to encapsulate nonportable usage of errno and sync.
5758 163. [func] Added result codes ISC_R_FILENOTFOUND and
5761 162. [bug] Ensure proper range for arguments to ctype.h functions.
5763 161. [cleanup] error in yyparse prototype that only HPUX caught.
5765 160. [cleanup] getnet*() are not going to be implemented at this
5768 159. [func] Redefinition of config file elements is now an
5769 error (instead of a warning).
5771 158. [bug] Log channel and category list copy routines
5772 weren't assigning properly to output parameter.
5774 157. [port] Fix missing prototype for getopt().
5776 156. [func] Support new 'database' statement in zone.
5778 database "quoted-string";
5780 155. [bug] ns_notify_start() was not detaching the found zone.
5782 154. [func] The signer now logs libdns warnings to stderr even when
5783 not verbose, and in a nicer format.
5785 153. [func] dns_rdata_tostruct() 'mctx' is now optional. If 'mctx'
5786 is NULL then you need to preserve the 'rdata' until
5787 you have finished using the structure as there may be
5788 references to the associated memory. If 'mctx' is
5789 non-NULL it is guaranteed that there are no references
5790 to memory associated with 'rdata'.
5792 dns_rdata_freestruct() must be called if 'mctx' was
5793 non-NULL and may safely be called if 'mctx' was NULL.
5795 152. [bug] keygen dumped core if domain name argument was omitted
5798 151. [func] Support 'disabled' statement in zone config (causes
5799 zone to be parsed and then ignored). Currently must
5800 come after the 'type' clause.
5802 150. [func] Support optional ports in masters and also-notify
5805 masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
5807 149. [cleanup] Removed usused argument 'olist' from
5808 dns_c_view_unsetordering().
5810 148. [cleanup] Stop issuing some warnings about some configuration
5811 file statements that were not implemented, but now are.
5813 147. [bug] Changed yacc union size to be smaller for yaccs that
5814 put yacc-stack on the real stack.
5816 146. [cleanup] More general redundant header file cleanup. Rather
5817 than continuing to itemize every header which changed,
5818 this changelog entry just notes that if a header file
5819 did not need another header file that it was including
5820 in order to provide its advertized functionality, the
5821 inclusion of the other header file was removed. See
5822 util/check-includes for how this was tested.
5824 145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
5825 ISC_LANG_ENDDECLS to header files that had function
5826 prototypes, and removed it from those that did not.
5828 144. [cleanup] libdns header files too numerous to name were made
5829 to conform to the same style for multiple inclusion
5832 143. [func] Added function dns_rdatatype_isknown().
5834 142. [cleanup] <isc/stdtime.h> does not need <time.h> or
5837 141. [bug] Corrupt requests with multiple questions could
5838 cause an assertion failure.
5840 140. [cleanup] <isc/time.h> does not need <time.h> or <isc/result.h>.
5842 139. [cleanup] <isc/net.h> now includes <isc/types.h> instead of
5843 <isc/int.h> and <isc/result.h>.
5845 138. [cleanup] isc_strtouq moved from str.[ch] to string.[ch] and
5846 renamed isc_string_touint64. isc_strsep moved from
5847 strsep.c to string.c and renamed isc_string_separate.
5849 137. [cleanup] <isc/commandline.h>, <isc/mem.h>, <isc/print.h>
5850 <isc/serial.h>, <isc/string.h> and <isc/offset.h>
5851 made to conform to the same style for multiple
5852 inclusion protection.
5854 136. [cleanup] <isc/commandline.h>, <isc/interfaceiter.h>,
5855 <isc/net.h> and Win32's <isc/thread.h> needed
5856 ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS.
5858 135. [cleanup] Win32's <isc/condition.h> did not need <isc/result.h>
5859 or <isc/boolean.h>, now uses <isc/types.h> in place
5860 of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
5861 and ISC_LANG_ENDDECLS.
5863 134. [cleanup] <isc/dir.h> does not need <limits.h>.
5865 133. [cleanup] <isc/ipv6.h> needs <isc/platform.h>.
5867 132. [cleanup] <isc/app.h> does not need <isc/task.h>, but does
5868 need <isc/eventclass.h>.
5870 131. [cleanup] <isc/mutex.h> and <isc/util.h> need <isc/result.h>
5871 for ISC_R_* codes used in macros.
5873 130. [cleanup] <isc/condition.h> does not need <pthread.h> or
5874 <isc/boolean.h>, and now includes <isc/types.h>
5875 instead of <isc/time.h>.
5877 129. [bug] The 'default_debug' log channel was not set up when
5878 'category default' was present in the config file
5880 128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
5881 ISC_LANG_ENDDECLS at end of header.
5883 127. [cleanup] The contracts for the comparision routines
5884 dns_name_fullcompare(), dns_name_compare(),
5885 dns_name_rdatacompare(), and dns_rdata_compare() now
5886 specify that the order value returned is < 0, 0, or > 0
5887 instead of -1, 0, or 1.
5889 126. [cleanup] <isc/quota.h> and <isc/taskpool.h> need <isc/lang.h>.
5891 125. [cleanup] <isc/eventclass.h>, <isc/ipv6.h>, <isc/magic.h>,
5892 <isc/mutex.h>, <isc/once.h>, <isc/region.h>, and
5893 <isc/resultclass.h> do not need <isc/lang.h>.
5895 124. [func] signer now imports parent's zone key signature
5896 and creates null keys/sets zone status bit for
5897 children when necessary
5899 123. [cleanup] <isc/event.h> does not need <stddef.h>.
5901 122. [cleanup] <isc/task.h> does not need <isc/mem.h> or
5904 121. [cleanup] <isc/symtab.h> does not need <isc/mem.h> or
5905 <isc/result.h>. Multiple inclusion protection
5906 symbol fixed from ISC_SYMBOL_H to ISC_SYMTAB_H.
5907 isc_symtab_t moved to <isc/types.h>.
5909 120. [cleanup] <isc/socket.h> does not need <isc/boolean.h>,
5910 <isc/bufferlist.h>, <isc/task.h>, <isc/mem.h> or
5913 119. [cleanup] structure definitions for generic rdata structures do
5914 not have _generic_ in their names.
5916 118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
5917 YACC crust (yyparse, etc) [2000-apr-27 explorer]
5919 117. [cleanup] libdns.a changes:
5920 dns_zone_clearnotify() and dns_zone_addnotify()
5921 are replaced by dns_zone_setnotifyalso().
5922 dns_zone_clearmasters() and dns_zone_addmaster()
5923 are replaced by dns_zone_setmasters().
5925 116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
5928 115. [port] Shut up the -Wmissing-declarations warning about
5929 <stdio.h>'s __sputaux on BSD/OS pre-4.1.
5931 114. [cleanup] <isc/sockaddr.h> does not need <isc/buffer.h> or
5934 113. [func] Utility programs dig and host added.
5936 112. [cleanup] <isc/serial.h> does not need <isc/boolean.h>.
5938 111. [cleanup] <isc/rwlock.h> does not need <isc/result.h> or
5941 110. [cleanup] <isc/result.h> does not need <isc/boolean.h> or
5944 109. [bug] "make depend" did nothing for
5945 bin/tests/{db,mem,sockaddr,tasks,timers}/.
5947 108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
5948 <dns/types.h> to <dns/bit.h> and renamed to
5949 DNS_BIT_SET/DNS_BIT_GET/DNS_BIT_CLEAR.
5951 107. [func] Add keysigner and keysettool.
5953 106. [func] Allow dnssec verifications to ignore the validity
5954 period. Used by several of the dnssec tools.
5956 105. [doc] doc/dev/coding.html expanded with other
5957 implicit conventions the developers have used.
5959 104. [bug] Made compress_add and compress_find static to
5962 103. [func] libisc buffer API changes for <isc/buffer.h>:
5964 isc_buffer_base(b) (pointer)
5965 isc_buffer_current(b) (pointer)
5966 isc_buffer_active(b) (pointer)
5967 isc_buffer_used(b) (pointer)
5968 isc_buffer_length(b) (int)
5969 isc_buffer_usedlength(b) (int)
5970 isc_buffer_consumedlength(b) (int)
5971 isc_buffer_remaininglength(b) (int)
5972 isc_buffer_activelength(b) (int)
5973 isc_buffer_availablelength(b) (int)
5975 ISC_BUFFER_USEDCOUNT(b)
5976 ISC_BUFFER_AVAILABLECOUNT(b)
5979 isc_buffer_used(b, r) ->
5980 isc_buffer_usedregion(b, r)
5981 isc_buffer_available(b, r) ->
5982 isc_buffer_available_region(b, r)
5983 isc_buffer_consumed(b, r) ->
5984 isc_buffer_consumedregion(b, r)
5985 isc_buffer_active(b, r) ->
5986 isc_buffer_activeregion(b, r)
5987 isc_buffer_remaining(b, r) ->
5988 isc_buffer_remainingregion(b, r)
5990 Buffer types were removed, so the ISC_BUFFERTYPE_*
5991 macros are no more, and the type argument to
5992 isc_buffer_init and isc_buffer_allocate were removed.
5993 isc_buffer_putstr is now void (instead of isc_result_t)
5994 and requires that the caller ensure that there
5995 is enough available buffer space for the string.
5997 102. [port] Correctly detect inet_aton, inet_pton and inet_ptop
6000 101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
6002 100. [cleanup] <isc/random.h> does not need <isc/int.h> or
6003 <isc/mutex.h>. isc_random_t moved to <isc/types.h>.
6005 99. [cleanup] Rate limiter now has separate shutdown() and
6006 destroy() functions, and it guarantees that all
6007 queued events are delivered even in the shutdown case.
6009 98. [cleanup] <isc/print.h> does not need <stdarg.h> or <stddef.h>
6010 unless ISC_PLATFORM_NEEDVSNPRINTF is defined.
6012 97. [cleanup] <isc/ondestroy.h> does not need <stddef.h> or
6015 96. [cleanup] <isc/mutex.h> does not need <isc/result.h>.
6017 95. [cleanup] <isc/mutexblock.h> does not need <isc/result.h>.
6019 94. [cleanup] Some installed header files did not compile as C++.
6021 93. [cleanup] <isc/msgcat.h> does not need <isc/result.h>.
6023 92. [cleanup] <isc/mem.h> does not need <stddef.h>, <isc/boolean.h>,
6026 91. [cleanup] <isc/log.h> does not need <sys/types.h> or
6029 90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
6030 from <named/listenlist.h>.
6032 89. [cleanup] <isc/lex.h> does not need <stddef.h>.
6034 88. [cleanup] <isc/interfaceiter.h> does not need <isc/result.h> or
6035 <isc/mem.h>. isc_interface_t and isc_interfaceiter_t
6036 moved to <isc/types.h>.
6038 87. [cleanup] <isc/heap.h> does not need <isc/boolean.h>,
6039 <isc/mem.h> or <isc/result.h>.
6041 86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
6044 85. [cleanup] <isc/bufferlist.h> does not need <isc/buffer.h>,
6045 <isc/list.h>, <isc/mem.h>, <isc/region.h> or
6048 84. [func] allow-query ACL checks now apply to all data
6049 added to a response.
6051 83. [func] If the server is authoritative for both a
6052 delegating zone and its (nonsecure) delegatee, and
6053 a query is made for a KEY RR at the top of the
6054 delegatee, then the server will look for a KEY
6055 in the delegator if it is not found in the delegatee.
6057 82. [cleanup] <isc/buffer.h> does not need <isc/list.h>.
6059 81. [cleanup] <isc/int.h> and <isc/boolean.h> do not need
6062 80. [cleanup] <isc/print.h> does not need <stdio.h> or <stdlib.h>.
6064 79. [cleanup] <dns/callbacks.h> does not need <stdio.h>.
6066 78. [cleanup] lwres_conftest renamed to lwresconf_test for
6067 consistency with other *_test programs.
6069 77. [cleanup] typedef of isc_time_t and isc_interval_t moved from
6070 <isc/time.h> to <isc/types.h>.
6072 76. [cleanup] Rewrote keygen.
6074 75. [func] Don't load a zone if its database file is older
6075 than the last time the zone was loaded.
6077 74. [cleanup] Removed mktemplate.o and ufile.o from libisc.a,
6080 73. [func] New "file" API in libisc, including new function
6081 isc_file_getmodtime, isc_mktemplate renamed to
6082 isc_file_mktemplate and isc_ufile renamed to
6083 isc_file_openunique. By no means an exhaustive API,
6084 it is just what's needed for now.
6086 72. [func] DNS_RBTFIND_NOPREDECESSOR and DNS_RBTFIND_NOOPTIONS
6087 added for dns_rbt_findnode, the former to disable the
6088 setting of the chain to the predecessor, and the
6089 latter to make clear when no options are set.
6091 71. [cleanup] Made explicit the implicit REQUIREs of
6092 isc_time_seconds, isc_time_nanoseconds, and
6095 70. [func] isc_time_set() added.
6097 69. [bug] The zone object's master and also-notify lists grew
6098 longer with each server reload.
6100 68. [func] Partial support for SIG(0) on incoming messages.
6102 67. [performance] Allow use of alternate (compile-time supplied)
6103 OpenSSL libraries/headers.
6105 66. [func] Data in authoritative zones should have a trust level
6108 65. [cleanup] Removed obsolete typedef of dns_zone_callbackarg_t
6111 64. [func] The RBT, DB, and zone table APIs now allow the
6112 caller find the most-enclosing superdomain of
6115 63. [func] Generate NOTIFY messages.
6117 62. [func] Add UDP refresh support.
6119 61. [cleanup] Use single quotes consistently in log messages.
6121 60. [func] Catch and disallow singleton types on message
6124 59. [bug] Cause net/host unreachable to be a hard error
6125 when sending and receiving.
6127 58. [bug] bin/named/query.c could sometimes trigger the
6128 (client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
6129 == 0 assertion in query_newname().
6131 57. [func] Added dns_nxt_typepresent()
6133 56. [bug] SIG records were not properly returned in cached
6136 55. [bug] Responses containing multiple names in the authority
6137 section were not negatively cached.
6139 54. [bug] If a fetch with sigrdataset==NULL joined one with
6140 sigrdataset!=NULL or vice versa, the resolver
6141 could catch an assertion or lose signature data,
6144 53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
6147 52. [bug] rndc: taskmgr and socketmgr were not initialized
6150 51. [cleanup] dns/compress.h and dns/zt.h did not need to include
6151 dns/rbt.h; it was needed only by compress.c and zt.c.
6153 50. [func] RBT deletion no longer requires a valid chain to work,
6154 and dns_rbt_deletenode was added.
6156 49. [func] Each cache now has its own mctx.
6158 48. [func] isc_task_create() no longer takes an mctx.
6159 isc_task_mem() has been eliminated.
6161 47. [func] A number of modules now use memory context reference
6164 46. [func] Memory contexts are now reference counted.
6165 Added isc_mem_inuse() and isc_mem_preallocate().
6166 Renamed isc_mem_destroy_check() to
6167 isc_mem_setdestroycheck().
6169 45. [bug] The trusted-key statement incorrectly loaded keys.
6171 44. [bug] Don't include authority data if it would force us
6172 to unset the AD bit in the message.
6174 43. [bug] DNSSEC verification of cached rdatasets was failing.
6176 42. [cleanup] Simplified logging of messages with embedded domain
6177 names by introducing a new convenience function
6180 41. [func] Use PR_SET_KEEPCAPS on Linux 2.3.99-pre3 and later
6181 to allow 'named' to run as a non-root user while
6182 retaining the ability to bind() to privileged
6185 40. [func] Introduced new logging category "dnssec" and
6186 logging module "dns/validator".
6188 39. [cleanup] Moved the typedefs for isc_region_t, isc_textregion_t,
6189 and isc_lex_t to <isc/types.h>.
6191 38. [bug] TSIG signed incoming zone transfers work now.
6193 37. [bug] If the first RR in an incoming zone transfer was
6194 not an SOA, the server died with an assertion failure
6195 instead of just reporting an error.
6197 36. [cleanup] Change DNS_R_SUCCESS (and others) to ISC_R_SUCCESS
6199 35. [performance] Log messages which are of a level too high to be
6200 logged by any channel in the logging configuration
6201 will not cause the log mutex to be locked.
6203 34. [bug] Recursion was allowed even with 'recursion no'.
6205 33. [func] The RBT now maintains a parent pointer at each node.
6207 32. [cleanup] bin/lwresd/client.c needs <string.h> for memset()
6210 31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
6212 30. [func] config file grammer change to support optional
6213 class type for a view.
6215 29. [func] support new config file view options:
6217 auth-nxdomain recursion query-source
6218 query-source-v6 transfer-source
6219 transfer-source-v6 max-transfer-time-out
6220 max-transfer-idle-out transfer-format
6221 request-ixfr provide-ixfr cleaning-interval
6222 fetch-glue notify rfc2308-type1 lame-ttl
6223 max-ncache-ttl min-roots
6225 28. [func] support lame-ttl, min-roots and serial-queries
6226 config global options.
6228 27. [bug] Only include <netinet6/in6.h> on BSD/OS 4.[01]*.
6229 Including it on other platforms (eg, NetBSD) can
6230 cause a forced #error from the C preprocessor.
6232 26. [func] new match-clients statement in config file view.
6234 25. [bug] make install failed to install <isc/log.h> and
6237 24. [cleanup] Eliminate some unnecessary #includes of header
6238 files from header files.
6240 23. [cleanup] Provide more context in log messages about client
6241 requests, using a new function ns_client_log().
6243 22. [bug] SIGs weren't returned in the answer section when
6244 the query resulted in a fetch.
6246 21. [port] Look at STD_CINCLUDES after CINCLUDES during
6247 compilation, so additional system include directories
6248 can be searched but header files in the bind9 source
6249 tree with conflicting names take precedence. This
6250 avoids issues with installed versions of dnssafe and
6253 20. [func] Configuration file post-load validation of zones
6254 failed if there were no zones.
6256 19. [bug] dns_zone_notifyreceive() failed to unlock the zone
6257 lock in certain error cases.
6259 18. [bug] Use AC_TRY_LINK rather than AC_TRY_COMPILE in
6260 configure.in to check for presence of in6addr_any.
6262 17. [func] Do configuration file post-load validation of zones.
6264 16. [bug] put quotes around key names on config file
6265 output to avoid possible keyword clashes.
6267 15. [func] Add dns_name_dupwithoffsets(). This function is
6268 improves comparison performance for duped names.
6270 14. [bug] free_rbtdb() could have 'put' unallocated memory in
6271 an unlikely error path.
6273 13. [bug] lib/dns/master.c and lib/dns/xfrin.c didn't ignore
6276 12. [bug] Fixed possible unitialized variable error.
6278 11. [bug] axfr_rrstream_first() didn't check the result code of
6279 db_rr_iterator_first(), possibly causing an assertion
6280 to be triggered later.
6282 10. [bug] A bug in the code which makes EDNS0 OPT records in
6283 bin/named/client.c and lib/dns/resolver.c could
6284 trigger an assertion.
6286 9. [cleanup] replaced bit-setting code in confctx.c and replaced
6287 repeated code with macro calls.
6289 8. [bug] Shutdown of incoming zone transfer accessed
6292 7. [cleanup] removed 'listen-on' from view statement.
6294 6. [bug] quote RR names when generating config file to
6295 prevent possible clash with config file keywords
6298 5. [func] syntax change to named.conf file: new ssu grant/deny
6299 statements must now be enclosed by an 'update-policy'
6302 4. [port] bin/named/unix/os.c didn't compile on systems with
6303 linux 2.3 kernel includes due to conflicts between
6304 C library includes and the kernel includes. We now
6305 get only what we need from <linux/capability.h>, and
6306 avoid pulling in other linux kernel .h files.
6308 3. [bug] TKEYs go in the answer section of responses, not
6309 the additional section.
6311 2. [bug] Generating cryptographic randomness failed on
6312 systems without /dev/random.
6314 1. [bug] The installdirs rule in
6315 lib/isc/unix/include/isc/Makefile.in had a typo which
6316 prevented the isc directory from being created if it
6319 --- 9.0.0b2 released ---
6321 # This tells Emacs to use hard tabs in this file.
6323 # indent-tabs-mode: t