1 --- 9.6.1-P2 released ---
3 2772. [security] When validating, track whether pending data was from
4 the additional section or not and only return it if
5 validates as secure. [RT #20438]
7 --- 9.6.1-P1 released ---
9 2640. [security] A specially crafted update packet will cause named
12 --- 9.6.1 released ---
14 2607. [bug] named could incorrectly delete NSEC3 records for
15 empty nodes when processing a update request.
18 2606. [bug] "delegation-only" was not being accepted in
19 delegation-only type zones. [RT #19717]
21 2605. [bug] Accept DS responses from delegation only zones.
24 2603. [port] win32: handle .exe extension of named-checkzone and
25 named-comilezone argv[0] names under windows.
28 2602. [port] win32: fix debugging command line build of libisccfg.
31 --- 9.6.1rc1 released ---
33 2599. [bug] Address rapid memory growth when validation fails.
36 2597. [bug] Handle a validation failure with a insecure delegation
37 from a NSEC3 signed master/slave zone. [RT #19464]
39 2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
40 long, leading to inefficient memory usage or rejecting
41 newer cache entries in the worst case. [RT #19563]
43 2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
45 2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
47 2591. [bug] named could die when processing a update in
48 removed_orphaned_ds(). [RT #19507]
50 2588. [bug] SO_REUSEADDR could be set unconditionally after failure
51 of bind(2) call. This should be rare and mostly
52 harmless, but may cause interference with other
53 processes that happen to use the same port. [RT #19642]
55 2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
58 2585. [bug] Uninitialized socket name could be referenced via a
59 statistics channel, triggering an assertion failure in
60 XML rendering. [RT #19427]
62 2584. [bug] alpha: gcc optimization could break atomic operations.
65 2583. [port] netbsd: provide a control to not add the compile
66 date to the version string, -DNO_VERSION_DATE.
68 2582. [bug] Don't emit warning log message when we attempt to
69 remove non-existant journal. [RT #19516]
71 2579. [bug] DNSSEC lookaside validation failed to handle unknown
72 algorithms. [RT #19479]
74 2578. [bug] Changed default sig-signing-type to 65534, because
75 65535 turns out to be reserved. [RT #19477]
77 2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
80 --- 9.6.1b1 released ---
82 2577. [doc] Clarified some statistics counters. [RT #19454]
84 2576. [bug] NSEC record were not being correctly signed when
85 a zone transitions from insecure to secure.
86 Handle such incorrectly signed zones. [RT #19114]
88 2574. [doc] Document nsupdate -g and -o. [RT #19351]
90 2573. [bug] Replacing a non-CNAME record with a CNAME record in a
91 single transaction in a signed zone failed. [RT #19397]
93 2568. [bug] Report when the write to indicate a otherwise
94 successful start fails. [RT #19360]
96 2567. [bug] dst__privstruct_writefile() could miss write errors.
97 write_public_key() could miss write errors.
98 dnssec-dsfromkey could miss write errors.
101 2564. [bug] Only take EDNS fallback steps when processing timeouts.
104 2563. [bug] Dig could leak a socket causing it to wait forever
107 2562. [doc] ARM: miscellaneous improvements, reorganization,
108 and some new content.
110 2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
112 2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
114 2559. [bug] dnssec-dsfromkey could compute bad DS records when
115 reading from a K* files. [RT #19357]
117 2557. [cleanup] PCI compliance:
118 * new libisc log module file
119 * isc_dir_chroot() now also changes the working
122 * additional logging when files can't be removed.
124 2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
125 error checks in the correct order resulting in the
126 wrong error code sometimes being returned. [RT #19249]
128 2554. [bug] Validation of uppercase queries from NSEC3 zones could
131 2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
133 2552. [bug] zero-no-soa-ttl-cache was not being honoured.
136 2551. [bug] Potential Reference leak on return. [RT #19341]
138 2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
141 2549. [port] linux: define NR_OPEN if not currently defined.
144 2548. [bug] Install iterated_hash.h. [RT #19335]
146 2547. [bug] openssl_link.c:mem_realloc() could reference an
147 out-of-range area of the source buffer. New public
148 function isc_mem_reallocate() was introduced to address
149 this bug. [RT #19313]
151 2545. [doc] ARM: Legal hostname checking (check-names) is
152 for SRV RDATA too. [RT #19304]
154 2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
156 2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
158 2542. [doc] Update the description of dig +adflag. [RT #19290]
160 2541. [bug] Conditionally update dispatch manager statistics.
163 2539. [security] Update the interaction between recursion, allow-query,
164 allow-query-cache and allow-recursion. [RT #19198]
166 2538. [bug] cache/ADB memory could grow over max-cache-size,
167 especially with threads and smaller max-cache-size
170 2537. [experimental] Added more statistics counters including those on socket
171 I/O events and query RTT histograms. [RT #18802]
173 2536. [cleanup] Silence some warnings when -Werror=format-security is
174 specified. [RT #19083]
176 2535. [bug] dig +showsearh and +trace interacted badly. [RT #19091]
178 2532. [bug] dig: check the question section of the response to
179 see if it matches the asked question. [RT #18495]
181 2531. [bug] Change #2207 was incomplete. [RT #19098]
183 2530. [bug] named failed to reject insecure to secure transitions
184 via UPDATE. [RT #19101]
186 2529. [cleanup] Upgrade libtool to silence complaints from recent
187 version of autoconf. [RT #18657]
189 2528. [cleanup] Silence spurious configure warning about
190 --datarootdir [RT #19096]
192 2527. [bug] named could reuse cache on reload with
193 enabling/disabling validation. [RT #19119]
195 2525. [experimental] New logging category "query-errors" to provide detailed
196 internal information about query failures, especially
197 about server failures. [RT #19027]
199 2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
201 2523. [bug] Random type rdata freed by dns_nsec_typepresent().
204 2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
206 2521. [bug] Improve epoll cross compilation support. [RT #19047]
208 2519. [bug] dig/host with -4 or -6 didn't work if more than two
209 nameserver addresses of the excluded address family
210 preceded in resolv.conf. [RT #19081]
212 2517. [bug] dig +trace with -4 or -6 failed when it chose a
213 nameserver address of the excluded address.
216 2516. [bug] glue sort for responses was performed even when not
219 2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
220 a nameserver of the excluded address family.
223 2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
226 2506. [port] solaris: Check at configure time if
227 hack_shutup_pthreadonceinit is needed. [RT #19037]
229 2505. [port] Treat amd64 similarly to x86_64 when determining
230 atomic operation support. [RT #19031]
232 2503. [port] linux: improve compatibility with Linux Standard
235 2502. [cleanup] isc_radix: Improve compliance with coding style,
236 document function in <isc/radix.h>. [RT #18534]
238 --- 9.6.0 released ---
240 2520. [bug] Update xml statistics version number to 2.0 as change
241 #2388 made the schema incompatible to the previous
244 --- 9.6.0rc2 released ---
246 2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
249 2513 [bug] Fix windows cli build. [RT #19062]
251 2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
254 2509. [bug] Specifying a fixed query source port was broken.
257 2504. [bug] Address race condition in the socket code. [RT #18899]
259 --- 9.6.0rc1 released ---
261 2498. [bug] Removed a bogus function argument used with
262 ISC_SOCKET_USE_POLLWATCH: it could cause compiler
263 warning or crash named with the debug 1 level
264 of logging. [RT #18917]
266 2497. [bug] Don't add RRSIG bit to NSEC3 bit map for insecure
269 2496. [bug] Add sanity length checks to NSID option. [RT #18813]
271 2495. [bug] Tighten RRSIG checks. [RT #18795]
273 2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
274 installed. [RT #18826]
276 2493. [bug] The linux capabilities code was not correctly cleaning
277 up after itself. [RT #18767]
279 2492. [func] Rndc status now reports the number of cpus discovered
280 and the number of worker threads when running
281 multi-threaded. [RT #18273]
283 2491. [func] Attempt to re-use a local port if we are already using
284 the port. [RT #18548]
286 2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
287 is cleared when IPV6_V6ONLY is set. [RT #18785]
289 2489. [port] solaris: Workaround Solaris's kernel bug about
291 http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
292 Define ISC_SOCKET_USE_POLLWATCH at build time to enable
293 this workaround. [RT #18870]
295 2488. [func] Added a tool, dnssec-dsfromkey, to generate DS records
296 from keyset and .key files. [RT #18694]
298 2487. [bug] Give TCP connections longer to complete. [RT #18675]
300 2486. [func] The default locations for named.pid and lwresd.pid
301 are now /var/run/named/named.pid and
302 /var/run/lwresd/lwresd.pid respectively.
304 This allows the owner of the containing directory
305 to be set, for "named -u" support, and allows there
306 to be a permanent symbolic link in the path, for
307 "named -t" support. [RT #18306]
309 2485. [bug] Change update's the handling of obscured RRSIG
310 records. Not all orphaned DS records were being
313 2484. [bug] It was possible to trigger a REQUIRE failure when
314 adding NSEC3 proofs to the response in
315 query_addwildcardproof(). [RT #18828]
317 2483. [port] win32: chroot() is not supported. [RT #18805]
319 2482. [port] libxml2: support versions 2.7.* in addition
320 to 2.6.*. [RT #18806]
322 --- 9.6.0b1 released ---
324 2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
325 collisions. [RT #18812]
327 2480. [bug] named could fail to emit all the required NSEC3
330 2479. [bug] xfrout:covers was not properly initialized. [RT #18801]
332 2478. [bug] 'addresses' could be used uninitialized in
333 configure_forward(). [RT #18800]
335 2477. [bug] dig: the global option to print the command line is
336 +cmd not print_cmd. Update the output to reflect
339 2476. [doc] ARM: improve documentation for max-journal-size and
340 ixfr-from-differences. [RT #15909] [RT #18541]
342 2475. [bug] LRU cache cleanup under overmem condition could purge
343 particular entries more aggressively. [RT #17628]
345 2474. [bug] ACL structures could be allocated with insufficient
346 space, causing an array overrun. [RT #18765]
348 2473. [port] linux: raise the limit on open files to the possible
349 maximum value before spawning threads; 'files'
350 specified in named.conf doesn't seem to work with
351 threads as expected. [RT #18784]
353 2472. [port] linux: check the number of available cpu's before
354 calling chroot as it depends on "/proc". [RT #16923]
356 2471. [bug] named-checkzone was not reporting missing mandatory
357 glue when sibling checks were disabled. [RT #18768]
359 2470. [bug] Elements of the isc_radix_node_t could be incorrectly
360 overwritten. [RT# 18719]
362 2469. [port] solaris: Work around Solaris's select() limitations.
365 2468. [bug] Resolver could try unreachable servers multiple times.
368 2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
370 2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
373 2465. [bug] Adb's handling of lame addresses was different
374 for IPv4 and IPv6. [RT #18738]
376 2464. [port] linux: check that a capability is present before
377 trying to set it. [RT #18135]
379 2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
380 API and glibc hides parts of the IPv6 Advanced Socket
381 API as a result. This is stupid as it breaks how the
382 two halves (Basic and Advanced) of the IPv6 Socket API
383 were designed to be used but we have to live with it.
384 Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
387 2462. [doc] Document -m (enable memory usage debugging)
388 option for dig. [RT #18757]
390 2461. [port] sunos: Change #2363 was not complete. [RT #17513]
392 --- 9.6.0a1 released ---
394 2460. [bug] Don't call dns_db_getnsec3parameters() on the cache.
397 2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
399 2458. [doc] ARM: update and correction for max-cache-size.
402 2457. [tuning] max-cache-size is reverted to 0, the previous
403 default. It should be safe because expired cache
404 entries are also purged. [RT #18684]
406 2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
407 address, regardless of family. They now correctly
408 distinguish IPv4 from IPv6. [RT #18559]
410 2455. [bug] Stop metadata being transferred via axfr/ixfr.
413 2454. [func] nsupdate: you can now set a default ttl. [RT #18317]
415 2453. [bug] Remove NULL pointer dereference in dns_journal_print().
418 2452. [func] Improve bin/test/journalprint. [RT #18316]
420 2451. [port] solaris: handle runtime linking better. [RT #18356]
422 2450. [doc] Fix lwresd docbook problem for manual page.
427 2448. [func] Add NSEC3 support. [RT #15452]
429 2447. [cleanup] libbind has been split out as a separate product.
431 2446. [func] Add a new log message about build options on startup.
432 A new command-line option '-V' for named is also
433 provided to show this information. [RT# 18645]
435 2445. [doc] ARM out-of-date on empty reverse zones (list includes
436 RFC1918 address, but these are not yet compiled in).
439 2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
440 (clear DF) for UDP responses and requests.
442 2443. [bug] win32: UDP connect() would not generate an event,
443 and so connected UDP sockets would never clean up.
444 Fix this by doing an immediate WSAConnect() rather
445 than an io completion port type for UDP.
447 2442. [bug] A lock could be destroyed twice. [RT# 18626]
449 2441. [bug] isc_radix_insert() could copy radix tree nodes
450 incompletely. [RT #18573]
452 2440. [bug] named-checkconf used an incorrect test to determine
453 if an ACL was set to none.
455 2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
458 2438. [bug] Timeouts could be logged incorrectly under win32.
460 2437. [bug] Sockets could be closed too early, leading to
461 inconsistent states in the socket module. [RT #18298]
463 2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
465 2435. [bug] Fixed an ACL memory leak affecting win32.
467 2434. [bug] Fixed a minor error-reporting bug in
468 lib/isc/win32/socket.c.
470 2433. [tuning] Set initial timeout to 800ms.
472 2432. [bug] More Windows socket handling improvements. Stop
473 using I/O events and use IO Completion Ports
474 throughout. Rewrite the receive path logic to make
475 it easier to support multiple simultaneous
476 requesters in the future. Add stricter consistency
477 checking as a compile-time option (define
478 ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
480 2431. [bug] Acl processing could leak memory. [RT #18323]
482 2430. [bug] win32: isc_interval_set() could round down to
483 zero if the input was less than NS_INTERVAL
484 nanoseconds. Round up instead. [RT #18549]
486 2429. [doc] nsupdate should be in section 1 of the man pages.
489 2428. [bug] dns_iptable_merge() mishandled merges of negative
492 2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
495 2426. [bug] libbind: inet_net_pton() can sometimes return the
496 wrong value if excessively large net masks are
497 supplied. [RT #18512]
499 2425. [bug] named didn't detect unavailable query source addresses
500 at load time. [RT #18536]
502 2424. [port] configure now probes for a working epoll
503 implementation. Allow the use of kqueue,
504 epoll and /dev/poll to be selected at compile
507 2423. [security] Randomize server selection on queries, so as to
508 make forgery a little more difficult. Instead of
509 always preferring the server with the lowest RTT,
510 pick a server with RTT within the same 128
511 millisecond band. [RT #18441]
513 2422. [bug] Handle the special return value of a empty node as
514 if it was a NXRRSET in the validator. [RT #18447]
516 2421. [func] Add new command line option '-S' for named to specify
517 the max number of sockets. [RT #18493]
518 Use caution: this option may not work for some
519 operating systems without rebuilding named.
521 2420. [bug] Windows socket handling cleanup. Let the io
522 completion event send out canceled read/write
523 done events, which keeps us from writing to memory
524 we no longer have ownership of. Add debugging
525 socket_log() function. Rework TCP socket handling
528 2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
529 should not be used for isc_sockettype_fdwatch sockets.
532 2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
535 2417. [bug] Connecting UDP sockets for outgoing queries could
536 unexpectedly fail with an 'address already in use'
539 2416. [func] Log file descriptors that cause exceeding the
540 internal maximum. [RT #18460]
542 2415. [bug] 'rndc dumpdb' could trigger various assertion failures
543 in rbtdb.c. [RT #18455]
545 2414. [bug] A masterdump context held the database lock too long,
546 causing various troubles such as dead lock and
547 recursive lock acquisition. [RT #18311, #18456]
549 2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
551 2412. [bug] win32: address a resource leak. [RT #18374]
553 2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
554 for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
555 at compilation time. [RT #18433]
557 Note: with changes #2469 and #2421 above, there is no
558 need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
561 2410. [bug] Correctly delete m_versionInfo. [RT #18432]
563 2409. [bug] Only log that we disabled EDNS processing if we were
564 subsequently successful. [RT #18029]
566 2408. [bug] A duplicate TCP dispatch event could be sent, which
567 could then trigger an assertion failure in
568 resquery_response(). [RT #18275]
570 2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
574 2405. [cleanup] The default value for dnssec-validation was changed to
575 "yes" in 9.5.0-P1 and all subsequent releases; this
576 was inadvertently omitted from CHANGES at the time.
578 2404. [port] hpux: files unlimited support.
580 2403. [bug] TSIG context leak. [RT #18341]
582 2402. [port] Support Solaris 2.11 and over. [RT #18362]
584 2401. [bug] Expect to get E[MN]FILE errno internal_accept()
585 (from accept() or fcntl() system calls). [RT #18358]
587 2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
592 2398. [bug] Improve file descriptor management. New,
593 temporary, named.conf option reserved-sockets,
594 default 512. [RT #18344]
596 2397. [bug] gssapi_functions had too many elements. [RT #18355]
598 2396. [bug] Don't set SO_REUSEADDR for randomized ports.
601 2395. [port] Avoid warning and no effect from "files unlimited"
602 on Linux when running as root. [RT #18335]
604 2394. [bug] Default configuration options set the limit for
605 open files to 'unlimited' as described in the
606 documentation. [RT #18331]
608 2393. [bug] nested acls containing keys could trigger an
609 assertion in acl.c. [RT #18166]
611 2392. [bug] remove 'grep -q' from acl test script, some platforms
612 don't support it. [RT #18253]
614 2391. [port] hpux: cover additional recvmsg() error codes.
617 2390. [bug] dispatch.c could make a false warning on 'odd socket'.
620 2389. [bug] Move the "working directory writable" check to after
621 the ns_os_changeuser() call. [RT #18326]
623 2388. [bug] Avoid using tables for layout purposes in
624 statistics XSL [RT #18159].
626 2387. [bug] Silence compiler warnings in lib/isc/radix.c.
627 [RT #18147] [RT #18258]
629 2386. [func] Add warning about too small 'open files' limit.
632 2385. [bug] A condition variable in socket.c could leak in
633 rare error handling [RT #17968].
635 2384. [security] Fully randomize UDP query ports to improve
636 forgery resilience. [RT #17949, #18098]
638 2383. [bug] named could double queries when they resulted in
639 SERVFAIL due to overkilling EDNS0 failure detection.
642 2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
645 2381. [port] dlz/mysql: support multiple install layouts for
646 mysql. <prefix>/include/{,mysql/}mysql.h and
647 <prefix>/lib/{,mysql/}. [RT #18152]
649 2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
650 proofs which, in turn, caused validation failures
651 for insecure zones immediately below a secure zone
652 the server was authoritative for. [RT #18112]
654 2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
655 TLDs and supported RRs with TTLs [RT #17972]
657 2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
660 2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
662 2376. [bug] Change #2144 was not complete.
666 2374. [bug] "blackhole" ACLs could cause named to segfault due
667 to some uninitialized memory. [RT #18095]
669 2373. [bug] Default values of zone ACLs were re-parsed each time a
670 new zone was configured, causing an overconsumption
671 of memory. [RT #18092]
673 2372. [bug] Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
675 2371. [doc] Add +nsid option to dig man page. [RT #18039]
677 2370. [bug] "rndc freeze" could trigger an assertion in named
678 when called on a nonexistent zone. [RT #18050]
680 2369. [bug] libbind: Array bounds overrun on read in bitncmp().
683 2368. [port] Linux: use libcap for capability management if
684 possible. [RT# 18026]
686 2367. [bug] Improve counting of dns_resstatscounter_retry
689 2366. [bug] Adb shutdown race. [RT #18021]
691 2365. [bug] Fix a bug that caused dns_acl_isany() to return
692 spurious results. [RT #18000]
694 2364. [bug] named could trigger a assertion when serving a
695 malformed signed zone. [RT #17828]
697 2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
700 2362. [cleanup] Make "rrset-order fixed" a compile-time option.
701 settable by "./configure --enable-fixed-rrset".
702 Disabled by default. [RT #17977]
704 2361. [bug] "recursion" statistics counter could be counted
705 multiple times for a single query. [RT #17990]
707 2360. [bug] Fix a condition where we release a database version
708 (which may acquire a lock) while holding the lock.
710 2359. [bug] Fix NSID bug. [RT #17942]
712 2358. [doc] Update host's default query description. [RT #17934]
714 2357. [port] Don't use OpenSSL's engine support in versions before
715 OpenSSL 0.9.7f. [RT #17922]
717 2356. [bug] Built in mutex profiler was not scalable enough.
720 2355. [func] Extend the number statistics counters available.
723 2354. [bug] Failed to initialize some rdatasetheader_t elements.
726 2353. [func] Add support for Name Server ID (RFC 5001).
727 'dig +nsid' requests NSID from server.
728 'request-nsid yes;' causes recursive server to send
729 NSID requests to upstream servers. Server responds
730 to NSID requests with the string configured by
731 'server-id' option. [RT #17091]
733 2352. [bug] Various GSS_API fixups. [RT #17729]
735 2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
737 2350. [port] win32: IPv6 support. [RT #17797]
739 2349. [func] Provide incremental re-signing support for secure
740 dynamic zones. [RT #1091]
742 2348. [func] Use the EVP interface to OpenSSL. Add PKCS#11 support.
743 Documentation is in the new README.pkcs11 file.
744 New tool, dnssec-keyfromlabel, which takes the
745 label of a key pair in a HSM and constructs a DNS
746 key pair for use by named and dnssec-signzone.
749 2347. [bug] Delete now traverses the RB tree in the canonical
752 2346. [func] Memory statistics now cover all active memory contexts
753 in increased detail. [RT #17580]
755 2345. [bug] named-checkconf failed to detect when forwarders
756 were set at both the options/view level and in
757 a root zone. [RT #17671]
759 2344. [bug] Improve "logging{ file ...; };" documentation.
762 2343. [bug] (Seemingly) duplicate IPv6 entries could be
763 created in ADB. [RT #17837]
765 2342. [func] Use getifaddrs() if available under Linux. [RT #17224]
767 2341. [bug] libbind: add missing -I../include for off source
768 tree builds. [RT #17606]
770 2340. [port] openbsd: interface configuration. [RT #17700]
772 2339. [port] tru64: support for libbind. [RT #17589]
774 2338. [bug] check_ds() could be called with a non DS rdataset.
777 2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
779 2336. [func] If "named -6" is specified then listen on all IPv6
780 interfaces if there are not listen-on-v6 clauses in
781 named.conf. [RT #17581]
783 2335. [port] sunos: libbind and *printf() support for long long.
786 2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
787 bug in fromstruct_txt(). [RT #17609]
789 2333. [bug] Fix off by one error in isc_time_nowplusinterval().
792 2332. [contrib] query-loc-0.4.0. [RT #17602]
794 2331. [bug] Failure to regenerate any signatures was not being
795 reported nor being past back to the UPDATE client.
798 2330. [bug] Remove potential race condition when handling
799 over memory events. [RT #17572]
801 WARNING: API CHANGE: over memory callback
802 function now needs to call isc_mem_waterack().
803 See <isc/mem.h> for details.
805 2329. [bug] Clearer help text for dig's '-x' and '-i' options.
807 2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
808 F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
809 J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
812 2327. [bug] It was possible to dereference a NULL pointer in
813 rbtdb.c. Implement dead node processing in zones as
814 we do for caches. [RT #17312]
816 2326. [bug] It was possible to trigger a INSIST in the acache
819 2325. [port] Linux: use capset() function if available. [RT #17557]
821 2324. [bug] Fix IPv6 matching against "any;". [RT #17533]
823 2323. [port] tru64: namespace clash. [RT #17547]
825 2322. [port] MacOS: work around the limitation of setrlimit()
826 for RLIMIT_NOFILE. [RT #17526]
830 2320. [func] Make statistics counters thread-safe for platforms
831 that support certain atomic operations. [RT #17466]
833 2319. [bug] Silence Coverity warnings in
834 lib/dns/rdata/in_1/apl_42.c. [RT #17469]
836 2318. [port] sunos fixes for libbind. [RT #17514]
838 2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
840 2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
843 2315. [bug] Used incorrect address family for mapped IPv4
844 addresses in acl.c. [RT #17519]
846 2314. [bug] Uninitialized memory use on error path in
847 bin/named/lwdnoop.c. [RT #17476]
849 2313. [cleanup] Silence Coverity warnings. Handle private stacks.
850 [RT #17447] [RT #17478]
852 2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
855 2311. [bug] IPv6 addresses could match IPv4 ACL entries and
856 vice versa. [RT #17462]
858 2310. [bug] dig, host, nslookup: flush stdout before emitting
859 debug/fatal messages. [RT #17501]
861 2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
864 2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
867 2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
869 2306. [bug] Remove potential race from lib/dns/resolver.c.
872 2305. [security] inet_network() buffer overflow. CVE-2008-0122.
874 2304. [bug] Check returns from all dns_rdata_tostruct() calls.
877 2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
880 2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
882 2301. [bug] Remove resource leak and fix error messages in
883 bin/tests/system/lwresd/lwtest.c. [RT #17474]
885 2300. [bug] Fixed failure to close open file in
886 bin/tests/names/t_names.c. [RT #17473]
888 2299. [bug] Remove unnecessary NULL check in
889 bin/nsupdate/nsupdate.c. [RT #17475]
891 2298. [bug] isc_mutex_lock() failure not caught in
892 bin/tests/timers/t_timers.c. [RT #17468]
894 2297. [bug] isc_entropy_createfilesource() failure not caught in
895 bin/tests/dst/t_dst.c. [RT #17467]
897 2296. [port] Allow docbook stylesheet location to be specified to
898 configure. [RT #17457]
900 2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
903 2294. [func] Allow the experimental statistics channels to have
904 multiple connections and ACL.
905 Note: the stats-server and stats-server-v6 options
906 available in the previous beta releases are replaced
907 with the generic statistics-channels statement.
909 2293. [func] Add ACL regression test. [RT #17375]
911 2292. [bug] Log if the working directory is not writable.
914 2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
915 failure to set PR_SET_DUMPABLE. [RT #17312]
917 2290. [bug] Let AD in the query signal that the client wants AD
918 set in the response. [RT #17301]
920 2289. [func] named-checkzone now reports the out-of-zone CNAME
923 2288. [port] win32: mark service as running when we have finished
926 2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
928 2286. [func] Allow a TCP connection to be used as a weak
929 authentication method for reverse zones.
930 New update-policy methods tcp-self and 6to4-self.
933 2285. [func] Test framework for client memory context management.
936 2284. [bug] Memory leak in UPDATE prerequisite processing.
939 2283. [bug] TSIG keys were not attaching to the memory
940 context. TSIG keys should use the rings
941 memory context rather than the clients memory
944 2282. [bug] Acl code fixups. [RT #17346] [RT #17374]
946 2281. [bug] Attempts to use undefined acls were not being logged.
949 2280. [func] Allow the experimental http server to be reached
950 over IPv6 as well as IPv4. [RT #17332]
952 2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
953 to protect applications from receiving spurious
954 SIGPIPE signals when using the resolver.
956 2278. [bug] win32: handle the case where Windows returns no
957 search list or DNS suffix. [RT #17354]
959 2277. [bug] Empty zone names were not correctly being caught at
960 in the post parse checks. [RT #17357]
962 2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
964 2275. [func] Add support to dig to perform IXFR queries over UDP.
967 2274. [func] Log zone transfer statistics. [RT #17336]
969 2273. [bug] Adjust log level to WARNING when saving inconsistent
970 stub/slave master and journal files. [RT# 17279]
972 2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
975 2271. [bug] Fix a memory leak in http server code [RT #17100]
977 2270. [bug] dns_db_closeversion() version->writer could be reset
978 before it is tested. [RT #17290]
980 2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
982 2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
985 --- 9.5.0b1 released ---
987 2267. [bug] Radix tree node_num value could be set incorrectly,
988 causing positive ACL matches to look like negative
991 2266. [bug] client.c:get_clientmctx() returned the same mctx
992 once the pool of mctx's was filled. [RT #17218]
994 2265. [bug] Test that the memory context's basic_table is non NULL
995 before freeing. [RT #17265]
997 2264. [bug] Server prefix length was being ignored. [RT #17308]
999 2263. [bug] "named-checkconf -z" failed to set default value
1000 for "check-integrity". [RT #17306]
1002 2262. [bug] Error status from all but the last view could be
1005 2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
1007 2260. [bug] Reported wrong clients-per-query when increasing the
1012 --- 9.5.0a7 released ---
1014 2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
1017 2257. [bug] win32: Use the full path to vcredist_x86.exe when
1018 calling it. [RT #17222]
1020 2256. [bug] win32: Correctly register the installation location of
1021 bindevt.dll. [RT #17159]
1023 2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
1025 2254. [bug] timer.c:dispatch() failed to lock timer->lock
1026 when reading timer->idle allowing it to see
1027 intermediate values as timer->idle was reset by
1028 isc_timer_touch(). [RT #17243]
1030 2253. [func] "max-cache-size" defaults to 32M.
1031 "max-acache-size" defaults to 16M.
1033 2252. [bug] Fixed errors in sortlist code [RT #17216]
1037 2250. [func] New flag 'memstatistics' to state whether the
1038 memory statistics file should be written or not.
1039 Additionally named's -m option will cause the
1040 statistics file to be written. [RT #17113]
1042 2249. [bug] Only set Authentic Data bit if client requested
1043 DNSSEC, per RFC 3655 [RT #17175]
1045 2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
1047 2247. [doc] Sort doc/misc/options. [RT #17067]
1049 2246. [bug] Make the startup of test servers (ans.pl) more
1052 2245. [bug] Validating lack of DS records at trust anchors wasn't
1053 working. [RT #17151]
1055 2244. [func] Allow the check of nameserver names against the
1056 SOA MNAME field to be disabled by specifying
1057 'notify-to-soa yes;'. [RT #17073]
1059 2243. [func] Configuration files without a newline at the end now
1060 parse without error. [RT #17120]
1062 2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
1063 library could require a source of random data.
1066 2241. [func] nsupdate: add a interactive 'help' command. [RT #17099]
1068 2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
1069 a number of INSIST()s into plain fatal() errors
1070 which report the triggering result code.
1071 The 'key' command wasn't disabling GSS-TSIG.
1074 2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
1076 2238. [bug] It was possible to trigger a REQUIRE when a
1077 validation was canceled. [RT #17106]
1079 2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
1081 2236. [bug] dnssec-signzone failed to preserve the case of
1082 of wildcard owner names. [RT #17085]
1084 2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
1086 2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
1088 2233. [func] Add support for O(1) ACL processing, based on
1089 radix tree code originally written by Kevin
1090 Brintnall. [RT #16288]
1092 2232. [bug] dns_adb_findaddrinfo() could fail and return
1093 ISC_R_SUCCESS. [RT #17137]
1095 2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
1098 2230. [bug] We could INSIST reading a corrupted journal.
1101 2229. [bug] Null pointer dereference on query pool creation
1102 failure. [RT #17133]
1104 2228. [contrib] contrib: Change 2188 was incomplete.
1106 2227. [cleanup] Tidied up the FAQ. [RT #17121]
1110 2225. [bug] More support for systems with no IPv4 addresses.
1113 2224. [bug] Defer journal compaction if a xfrin is in progress.
1116 2223. [bug] Make a new journal when compacting. [RT #17119]
1118 2222. [func] named-checkconf now checks server key references.
1121 2221. [bug] Set the event result code to reflect the actual
1122 record turned to caller when a cache update is
1123 rejected due to a more credible answer existing.
1126 2220. [bug] win32: Address a race condition in final shutdown of
1127 the Windows socket code. [RT #17028]
1129 2219. [bug] Apply zone consistency checks to additions, not
1130 removals, when updating. [RT #17049]
1132 2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
1135 2217. [func] Adjust update log levels. [RT #17092]
1137 2216. [cleanup] Fix a number of errors reported by Coverity.
1140 2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
1142 2214. [bug] Deregister OpenSSL lock callback when cleaning
1143 up. Reorder OpenSSL cleanup so that RAND_cleanup()
1144 is called before the locks are destroyed. [RT #17098]
1146 2213. [bug] SIG0 diagnostic failure messages were looking at the
1147 wrong status code. [RT #17101]
1149 2212. [func] 'host -m' now causes memory statistics and active
1150 memory to be printed at exit. [RT 17028]
1152 2211. [func] Update "dynamic update temporarily disabled" message.
1155 2210. [bug] Deleting class specific records via UPDATE could
1158 2209. [port] osx: linking against user supplied static OpenSSL
1159 libraries failed as the system ones were still being
1162 2208. [port] win32: make sure both build methods produce the
1163 same output. [RT #17058]
1165 2207. [port] Some implementations of getaddrinfo() fail to set
1166 ai_canonname correctly. [RT #17061]
1168 --- 9.5.0a6 released ---
1170 2206. [security] "allow-query-cache" and "allow-recursion" now
1171 cross inherit from each other.
1173 If allow-query-cache is not set in named.conf then
1174 allow-recursion is used if set, otherwise allow-query
1175 is used if set, otherwise the default (localnets;
1176 localhost;) is used.
1178 If allow-recursion is not set in named.conf then
1179 allow-query-cache is used if set, otherwise allow-query
1180 is used if set, otherwise the default (localnets;
1181 localhost;) is used.
1185 2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
1187 2204. [bug] "rndc flushanme name unknown-view" caused named
1188 to crash. [RT #16984]
1190 2203. [security] Query id generation was cryptographically weak.
1193 2202. [security] The default acls for allow-query-cache and
1194 allow-recursion were not being applied. [RT #16960]
1196 2201. [bug] The build failed in a separate object directory.
1199 2200. [bug] The search for cached NSEC records was stopping to
1200 early leading to excessive DLV queries. [RT #16930]
1202 2199. [bug] win32: don't call WSAStartup() while loading dlls.
1205 2198. [bug] win32: RegCloseKey() could be called when
1206 RegOpenKeyEx() failed. [RT #16911]
1208 2197. [bug] Add INSIST to catch negative responses which are
1209 not setting the event result code appropriately.
1212 2196. [port] win32: yield processor while waiting for once to
1213 to complete. [RT #16958]
1215 2195. [func] dnssec-keygen now defaults to nametype "ZONE"
1216 when generating DNSKEYs. [RT #16954]
1218 2194. [bug] Close journal before calling 'done' in xfrin.c.
1220 --- 9.5.0a5 released ---
1222 2193. [port] win32: BINDInstall.exe is now linked statically.
1225 2192. [port] win32: use vcredist_x86.exe to install Visual
1226 Studio's redistributable dlls if building with
1227 Visual Stdio 2005 or later.
1229 2191. [func] named-checkzone now allows dumping to stdout (-).
1230 named-checkconf now has -h for help.
1231 named-checkzone now has -h for help.
1232 rndc now has -h for help.
1233 Better handling of '-?' for usage summaries.
1236 2190. [func] Make fallback to plain DNS from EDNS due to timeouts
1237 more visible. New logging category "edns-disabled".
1240 2189. [bug] Handle socket() returning EINTR. [RT #15949]
1242 2188. [contrib] queryperf: autoconf changes to make the search for
1243 libresolv or libbind more robust. [RT #16299]
1245 2187. [bug] query_addds(), query_addwildcardproof() and
1246 query_addnxrrsetnsec() should take a version
1247 argument. [RT #16368]
1249 2186. [port] cygwin: libbind: check for struct sockaddr_storage
1250 independently of IPv6. [RT #16482]
1252 2185. [port] sunos: libbind: check for ssize_t, memmove() and
1253 memchr(). [RT #16463]
1255 2184. [bug] bind9.xsl.h didn't build out of the source tree.
1258 2183. [bug] dnssec-signzone didn't handle offline private keys
1261 2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
1262 could return ISC_R_SUCCESS when they ran out of
1265 2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
1267 2180. [cleanup] Remove bit test from 'compress_test' as they
1268 are no longer needed. [RT #16497]
1270 2179. [func] 'rndc command zone' will now find 'zone' if it is
1271 unique to all the views. [RT #16821]
1273 2178. [bug] 'rndc reload' of a slave or stub zone resulted in
1274 a reference leak. [RT #16867]
1276 2177. [bug] Array bounds overrun on read (rcodetext) at
1277 debug level 10+. [RT #16798]
1279 2176. [contrib] dbus update to handle race condition during
1280 initialization (Bugzilla 235809). [RT #16842]
1282 2175. [bug] win32: windows broadcast condition variable support
1283 was broken. [RT #16592]
1285 2174. [bug] I/O errors should always be fatal when reading
1286 master files. [RT #16825]
1288 2173. [port] win32: When compiling with MSVS 2005 SP1 we also
1289 need to ship Microsoft.VC80.MFCLOC.
1291 --- 9.5.0a4 released ---
1293 2172. [bug] query_addsoa() was being called with a non zone db.
1296 2171. [bug] Handle breaks in DNSSEC trust chains where the parent
1297 servers are not DS aware (DS queries to the parent
1298 return a referral to the child).
1300 2170. [func] Add acache processing to test suite. [RT #16711]
1302 2169. [bug] host, nslookup: when reporting NXDOMAIN report the
1303 given name and not the last name searched for.
1306 2168. [bug] nsupdate: in non-interactive mode treat syntax errors
1307 as fatal errors. [RT #16785]
1309 2167. [bug] When re-using a automatic zone named failed to
1310 attach it to the new view. [RT #16786]
1312 --- 9.5.0a3 released ---
1314 2166. [bug] When running in batch mode, dig could misinterpret
1315 a server address as a name to be looked up, causing
1316 unexpected output. [RT #16743]
1318 2165. [func] Allow the destination address of a query to determine
1319 if we will answer the query or recurse.
1320 allow-query-on, allow-recursion-on and
1321 allow-query-cache-on. [RT #16291]
1323 2164. [bug] The code to determine how named-checkzone /
1324 named-compilezone was called failed under windows.
1327 2163. [bug] If only one of query-source and query-source-v6
1328 specified a port the query pools code broke (change
1331 2162. [func] Allow "rrset-order fixed" to be disabled at compile
1334 2161. [bug] Fix which log messages are emitted for 'rndc flush'.
1337 2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
1338 from getifaddrs(). [RT #16708]
1340 --- 9.5.0a2 released ---
1342 2159. [bug] Array bounds overrun in acache processing. [RT #16710]
1344 2158. [bug] ns_client_isself() failed to initialize key
1345 leading to a REQUIRE failure. [RT #16688]
1347 2157. [func] dns_db_transfernode() created. [RT #16685]
1349 2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
1350 resolver.c:validated() and resolver.c:cache_name().
1351 Fix a memory leak in rbtdb.c:free_noqname().
1352 Make lookup.c:lookup_find() robust against
1353 event leaks. [RT #16685]
1355 2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com.
1358 2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
1359 matched in acls by omitting the scope. [RT #16599]
1361 2153. [bug] nsupdate could leak memory. [RT #16691]
1363 2152. [cleanup] Use sizeof(buf) instead of fixed number in
1364 dighost.c:get_trusted_key(). [RT #16678]
1366 2151. [bug] Missing newline in usage message for journalprint.
1369 2150. [bug] 'rrset-order cyclic' uniformly distribute the
1370 starting point for the first response for a given
1373 2149. [bug] isc_mem_checkdestroyed() failed to abort on
1374 if there were still active memory contexts.
1377 2148. [func] Add positive logging for rndc commands. [RT #14623]
1379 2147. [bug] libbind: remove potential buffer overflow from
1380 hmac_link.c. [RT #16437]
1382 2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
1383 SO_BSDCOMPAT" message. [RT #16641]
1385 2145. [bug] Check DS/DLV digest lengths for known digests.
1388 2144. [cleanup] Suppress logging of SERVFAIL from forwarders.
1391 2143. [bug] We failed to restart the IPv6 client when the
1392 kernel failed to return the destination the
1393 packet was sent to. [RT #16613]
1395 2142. [bug] Handle master files with a modification time that
1396 matches the epoch. [RT# 16612]
1398 2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
1399 equivalent of LDH checks). [RT #16609]
1401 2140. [bug] libbind: missing unlock on pthread_key_create()
1402 failures. [RT #16654]
1404 2139. [bug] dns_view_find() was being called with wrong type
1405 in adb.c. [RT #16670]
1407 2138. [bug] Lock order reversal in resolver.c. [RT #16653]
1409 2137. [port] Mips little endian and/or mips 64 bit are now
1410 supported for atomic operations. [RT#16648]
1412 2136. [bug] nslookup/host looped if there was no search list
1413 and the host didn't exist. [RT #16657]
1415 2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
1417 2134. [func] Additional statistics support. [RT #16666]
1419 2133. [port] powerpc: Support both IBM and MacOS Power PC
1420 assembler syntaxes. [RT #16647]
1422 2132. [bug] Missing unlock on out of memory in
1423 dns_dispatchmgr_setudp().
1425 2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
1427 2130. [func] Log if CD or DO were set. [RT #16640]
1429 2129. [func] Provide a pool of UDP sockets for queries to be
1430 made over. See use-queryport-pool, queryport-pool-ports
1431 and queryport-pool-updateinterval. [RT #16415]
1433 2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
1435 2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
1437 2126. [security] Serialize validation of type ANY responses. [RT #16555]
1439 2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ
1440 was defined. [RT #16574]
1442 2124. [security] It was possible to dereference a freed fetch
1443 context. [RT #16584]
1445 --- 9.5.0a1 released ---
1447 2123. [func] Use Doxygen to generate internal documentation.
1450 2122. [func] Experimental http server and statistics support
1453 2121. [func] Add a 10 slot dead masters cache (LRU) with a 600
1454 second timeout. [RT #16553]
1456 2120. [doc] Fix markup on nsupdate man page. [RT #16556]
1458 2119. [compat] libbind: allow res_init() to succeed enough to
1459 return the default domain even if it was unable
1462 2118. [bug] Handle response with long chains of domain name
1463 compression pointers which point to other compression
1464 pointers. [RT #16427]
1466 2117. [bug] DNSSEC fixes: named could fail to cache NSEC records
1467 which could lead to validation failures. named didn't
1468 handle negative DS responses that were in the process
1469 of being validated. Check CNAME bit before accepting
1470 NODATA proof. To be able to ignore a child NSEC there
1471 must be SOA (and NS) set in the bitmap. [RT #16399]
1473 2116. [bug] 'rndc reload' could cause the cache to continually
1474 be cleaned. [RT #16401]
1476 2115. [bug] 'rndc reconfig' could trigger a INSIST if the
1477 number of masters for a zone was reduced. [RT #16444]
1479 2114. [bug] dig/host/nslookup: searches for names with multiple
1480 labels were failing. [RT #16447]
1482 2113. [bug] nsupdate: if a zone is specified it should be used
1483 for server discover. [RT# 16455]
1485 2112. [security] Warn if weak RSA exponent is used. [RT #16460]
1487 2111. [bug] Fix a number of errors reported by Coverity.
1490 2110. [bug] "minimal-responses yes;" interacted badly with BIND 8
1491 priming queries. [RT #16491]
1493 2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
1495 2108. [func] DHCID support. [RT #16456]
1497 2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
1499 2106. [func] 'rndc status' now reports named's version. [RT #16426]
1501 2105. [func] GSS-TSIG support (RFC 3645).
1503 2104. [port] Fix Solaris SMF error message.
1505 2103. [port] Add /usr/sfw to list of locations for OpenSSL
1508 2102. [port] Silence Solaris 10 warnings.
1510 2101. [bug] OpenSSL version checks were not quite right.
1513 2100. [port] win32: copy libeay32.dll to Build\Debug.
1514 Copy Debug\named-checkzone to Debug\named-compilezone.
1516 2099. [port] win32: more manifest issues.
1518 2098. [bug] Race in rbtdb.c:no_references(), which occasionally
1519 triggered an INSIST failure about the node lock
1520 reference. [RT #16411]
1522 2097. [bug] named could reference a destroyed memory context
1523 after being reloaded / reconfigured. [RT #16428]
1525 2096. [bug] libbind: handle applications that fail to detect
1526 res_init() failures better.
1528 2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
1529 net_cidr_ntop_ipv6(). [RT #16388]
1531 2094. [contrib] Update named-bootconf. [RT# 16404]
1533 2093. [bug] named-checkzone -s was broken.
1535 2092. [bug] win32: dig, host, nslookup. Use registry config
1536 if resolv.conf does not exist or no nameservers
1539 2091. [port] dighost.c: race condition on cleanup. [RT #16417]
1541 2090. [port] win32: Visual C++ 2005 command line manifest support.
1544 2089. [security] Raise the minimum safe OpenSSL versions to
1545 OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
1546 prior to these have known security flaws which
1547 are (potentially) exploitable in named. [RT #16391]
1549 2088. [security] Change the default RSA exponent from 3 to 65537.
1552 2087. [port] libisc failed to compile on OS's w/o a vsnprintf.
1555 2086. [port] libbind: FreeBSD now has get*by*_r() functions.
1558 2085. [doc] win32: added index.html and README to zip. [RT #16201]
1560 2084. [contrib] dbus update for 9.3.3rc2.
1562 2083. [port] win32: Visual C++ 2005 support.
1564 2082. [doc] Document 'cache-file' as a test only option.
1566 2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
1569 2080. [port] libbind: res_init.c did not compile on older versions
1570 of Solaris. [RT #16363]
1572 2079. [bug] The lame cache was not handling multiple types
1573 correctly. [RT #16361]
1575 2078. [bug] dnssec-checkzone output style "default" was badly
1576 named. It is now called "relative". [RT #16326]
1578 2077. [bug] 'dnssec-signzone -O raw' wasn't outputting the
1579 complete signed zone. [RT #16326]
1581 2076. [bug] Several files were missing #include <config.h>
1582 causing build failures on OSF. [RT #16341]
1584 2075. [bug] The spillat timer event hander could leak memory.
1587 2074. [bug] dns_request_createvia2(), dns_request_createvia3(),
1588 dns_request_createraw2() and dns_request_createraw3()
1589 failed to send multiple UDP requests. [RT #16349]
1591 2073. [bug] Incorrect semantics check for update policy "wildcard".
1594 2072. [bug] We were not generating valid HMAC SHA digests.
1597 2071. [port] Test whether gcc accepts -fno-strict-aliasing.
1600 2070. [bug] The remote address was not always displayed when
1601 reporting dispatch failures. [RT #16315]
1603 2069. [bug] Cross compiling was not working. [RT #16330]
1605 2068. [cleanup] Lower incremental tuning message to debug 1.
1608 2067. [bug] 'rndc' could close the socket too early triggering
1609 a INSIST under Windows. [RT #16317]
1611 2066. [security] Handle SIG queries gracefully. [RT #16300]
1613 2065. [bug] libbind: probe for HPUX prototypes for
1614 endprotoent_r() and endservent_r(). [RT 16313]
1616 2064. [bug] libbind: silence AIX compiler warnings. [RT #16218]
1618 2063. [bug] Change #1955 introduced a bug which caused the first
1619 'rndc flush' call to not free memory. [RT #16244]
1621 2062. [bug] 'dig +nssearch' was reusing a buffer before it had
1622 been returned by the socket code. [RT #16307]
1624 2061. [bug] Accept expired wildcard message reversed. [RT #16296]
1626 2060. [bug] Enabling DLZ support could leave views partially
1627 configured. [RT #16295]
1629 2059. [bug] Search into cache rbtdb could trigger an INSIST
1630 failure while cleaning up a stale rdataset.
1633 2058. [bug] Adjust how we calculate rtt estimates in the presence
1634 of authoritative servers that drop EDNS and/or CD
1635 requests. Also fallback to EDNS/512 and plain DNS
1636 faster for zones with less than 3 servers. [RT #16187]
1638 2057. [bug] Make setting "ra" dependent on both allow-query-cache
1639 and allow-recursion. [RT #16290]
1641 2056. [bug] dig: ixfr= was not being treated case insensitively
1642 at all times. [RT #15955]
1644 2055. [bug] Missing goto after dropping multicast query.
1647 2054. [port] freebsd: do not explicitly link against -lpthread.
1650 2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220]
1652 2052. [bug] 'rndc' improve connect failed message to report
1653 the failing address. [RT #15978]
1655 2051. [port] More strtol() fixes. [RT #16249]
1657 2050. [bug] Parsing of NSAP records was not case insensitive.
1660 2049. [bug] Restore SOA before AXFR when falling back from
1661 a attempted IXFR when transferring in a zone.
1662 Allow a initial SOA query before attempting
1663 a AXFR to be requested. [RT #16156]
1665 2048. [bug] It was possible to loop forever when using
1666 avoid-v4-udp-ports / avoid-v6-udp-ports when
1667 the OS always returned the same local port.
1670 2047. [bug] Failed to initialize the interface flags to zero.
1673 2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
1674 cleanup [RT #16247].
1676 2045. [func] Use lock buckets for acache entries to limit memory
1677 consumption. [RT #16183]
1679 2044. [port] Add support for atomic operations for Itanium.
1682 2043. [port] nsupdate/nslookup: Force the flushing of the prompt
1683 for interactive sessions. [RT#16148]
1685 2042. [bug] named-checkconf was incorrectly rejecting the
1686 logging category "config". [RT #16117]
1688 2041. [bug] "configure --with-dlz-bdb=yes" produced a bad
1689 set of libraries to be linked. [RT #16129]
1691 2040. [bug] rbtdb no_references() could trigger an INSIST
1692 failure with --enable-atomic. [RT #16022]
1694 2039. [func] Check that all buffers passed to the socket code
1695 have been retrieved when the socket event is freed.
1698 2038. [bug] dig/nslookup/host was unlinking from wrong list
1699 when handling errors. [RT #16122]
1701 2037. [func] When unlinking the first or last element in a list
1702 check that the list head points to the element to
1703 be unlinked. [RT #15959]
1705 2036. [bug] 'rndc recursing' could cause trigger a REQUIRE.
1708 2035. [func] Make falling back to TCP on UDP refresh failure
1709 optional. Default "try-tcp-refresh yes;" for BIND 8
1710 compatibility. [RT #16123]
1712 2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
1714 2033. [bug] We weren't creating multiple client memory contexts
1715 on demand as expected. [RT #16095]
1717 2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074]
1719 2031. [bug] Emit a error message when "rndc refresh" is called on
1720 a non slave/stub zone. [RT # 16073]
1722 2030. [bug] We were being overly conservative when disabling
1723 openssl engine support. [RT #16030]
1725 2029. [bug] host printed out the server multiple times when
1726 specified on the command line. [RT #15992]
1728 2028. [port] linux: socket.c compatibility for old systems.
1731 2027. [port] libbind: Solaris x86 support. [RT #16020]
1733 2026. [bug] Rate limit the two recursive client exceeded messages.
1736 2025. [func] Update "zone serial unchanged" message. [RT #16026]
1738 2024. [bug] named emitted spurious "zone serial unchanged"
1739 messages on reload. [RT #16027]
1741 2023. [bug] "make install" should create ${localstatedir}/run and
1742 ${sysconfdir} if they do not exist. [RT #16033]
1744 2022. [bug] If dnssec validation is disabled only assert CD if
1745 CD was requested. [RT #16037]
1747 2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037]
1749 2020. [bug] rdataset_setadditional() could leak memory. [RT #16034]
1751 2019. [tuning] Reduce the amount of work performed per quantum
1752 when cleaning the cache. [RT #15986]
1754 2018. [bug] Checking if the HMAC MD5 private file was broken.
1757 2017. [bug] allow-query default was not correct. [RT #15946]
1759 2016. [bug] Return a partial answer if recursion is not
1760 allowed but requested and we had the answer
1761 to the original qname. [RT #15945]
1763 2015. [cleanup] use-additional-cache is now acache-enable for
1764 consistency. Default acache-enable off in BIND 9.4
1765 as it requires memory usage to be configured.
1766 It may be enabled by default in BIND 9.5 once we
1767 have more experience with it.
1769 2014. [func] Statistics about acache now recorded and sent
1772 2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
1773 responses more gracefully. [RT #15941]
1775 2012. [func] Don't insert new acache entries if acache is full.
1778 2011. [func] dnssec-signzone can now update the SOA record of
1779 the signed zone, either as an increment or as the
1780 system time(). [RT #15633]
1782 2010. [placeholder] rt15958
1784 2009. [bug] libbind: Coverity fixes. [RT #15808]
1786 2008. [func] It is now possible to enable/disable DNSSEC
1787 validation from rndc. This is useful for the
1788 mobile hosts where the current connection point
1789 breaks DNSSEC (firewall/proxy). [RT #15592]
1791 rndc validation newstate [view]
1793 2007. [func] It is now possible to explicitly enable DNSSEC
1794 validation. default dnssec-validation no; to
1795 be changed to yes in 9.5.0. [RT #15674]
1797 2006. [security] Allow-query-cache and allow-recursion now default
1798 to the built in acls "localnets" and "localhost".
1800 This is being done to make caching servers less
1801 attractive as reflective amplifying targets for
1802 spoofed traffic. This still leave authoritative
1805 The best fix is for full BCP 38 deployment to
1806 remove spoofed traffic.
1808 2005. [bug] libbind: Retransmission timeouts should be
1809 based on which attempt it is to the nameserver
1810 and not the nameserver itself. [RT #13548]
1812 2004. [bug] dns_tsig_sign() could pass a NULL pointer to
1813 dst_context_destroy() when cleaning up after a
1816 2003. [bug] libbind: The DNS name/address lookup functions could
1817 occasionally follow a random pointer due to
1818 structures not being completely zeroed. [RT #15806]
1820 2002. [bug] libbind: tighten the constraints on when
1821 struct addrinfo._ai_pad exists. [RT #15783]
1823 2001. [func] Check the KSK flag when updating a secure dynamic zone.
1824 New zone option "update-check-ksk yes;". [RT #15817]
1826 2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812]
1828 1999. [func] Implement "rrset-order fixed". [RT #13662]
1830 1998. [bug] Restrict handling of fifos as sockets to just SunOS.
1831 This allows named to connect to entropy gathering
1832 daemons that use fifos instead of sockets. [RT #15840]
1834 1997. [bug] Named was failing to replace negative cache entries
1835 when a positive one for the type was learnt.
1838 1996. [bug] nsupdate: if a zone has been specified it should
1839 appear in the output of 'show'. [RT #15797]
1841 1995. [bug] 'host' was reporting multiple "is an alias" messages.
1844 1994. [port] OpenSSL 0.9.8 support. [RT #15694]
1846 1993. [bug] Log messages, via syslog, were missing the space
1847 after the timestamp if "print-time yes" was specified.
1850 1992. [bug] Not all incoming zone transfer messages included the
1853 1991. [cleanup] The configuration data, once read, should be treated
1854 as read only. Expand the use of const to enforce this
1855 at compile time. [RT #15813]
1857 1990. [bug] libbind: isc's override of broken gettimeofday()
1858 implementations was not always effective.
1861 1989. [bug] win32: don't check the service password when
1862 re-installing. [RT #15882]
1864 1988. [bug] Remove a bus error from the SHA256/SHA512 support.
1867 1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
1869 1986. [func] Report when a zone is removed. [RT #15849]
1871 1985. [protocol] DLV has now been assigned a official type code of
1874 Note: care should be taken to ensure you upgrade
1875 both named and dnssec-signzone at the same time for
1876 zones with DLV records where named is the master
1877 server for the zone. Also any zones that contain
1878 DLV records should be removed when upgrading a slave
1879 zone. You do not however have to upgrade all
1880 servers for a zone with DLV records simultaneously.
1882 1984. [func] dig, nslookup and host now advertise a 4096 byte
1883 EDNS UDP buffer size by default. [RT #15855]
1885 1983. [func] Two new update policies. "selfsub" and "selfwild".
1888 1982. [bug] DNSKEY was being accepted on the parent side of
1889 a delegation. KEY is still accepted there for
1890 RFC 3007 validated updates. [RT #15620]
1892 1981. [bug] win32: condition.c:wait() could fail to reattain
1895 1980. [func] dnssec-signzone: output the SOA record as the
1896 first record in the signed zone. [RT #15758]
1898 1979. [port] linux: allow named to drop core after changing
1899 user ids. [RT #15753]
1901 1978. [port] Handle systems which have a broken recvmsg().
1904 1977. [bug] Silence noisy log message. [RT #15704]
1906 1976. [bug] Handle systems with no IPv4 addresses. [RT #15695]
1908 1975. [bug] libbind: isc_gethexstring() could misparse multi-line
1909 hex strings with comments. [RT #15814]
1911 1974. [doc] List each of the zone types and associated zone
1912 options separately in the ARM.
1914 1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
1915 HMACSHA512 support. [RT #13606]
1917 1972. [contrib] DBUS dynamic forwarders integration from
1918 Jason Vas Dias <jvdias@redhat.com>.
1920 1971. [port] linux: make detection of missing IF_NAMESIZE more
1923 1970. [bug] nsupdate: adjust UDP timeout when falling back to
1924 unsigned SOA query. [RT #15775]
1926 1969. [bug] win32: the socket code was freeing the socket
1927 structure too early. [RT #15776]
1929 1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
1931 1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
1933 1966. [bug] Don't set CD when we have fallen back to plain DNS.
1936 1965. [func] Suppress spurious "recursion requested but not
1937 available" warning with 'dig +qr'. [RT #15780].
1939 1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
1941 1963. [port] Tru64 4.0E doesn't support send() and recv().
1944 1962. [bug] Named failed to clear old update-policy when it
1945 was removed. [RT #15491]
1947 1961. [bug] Check the port and address of responses forwarded
1948 to dispatch. [RT #15474]
1950 1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
1953 1959. [func] Control the zeroing of the negative response TTL to
1954 a soa query. Defaults "zero-no-soa-ttl yes;" and
1955 "zero-no-soa-ttl-cache no;". [RT #15460]
1957 1958. [bug] Named failed to update the zone's secure state
1958 until the zone was reloaded. [RT #15412]
1960 1957. [bug] Dig mishandled responses to class ANY queries.
1963 1956. [bug] Improve cross compile support, 'gen' is now built
1964 by native compiler. See README for additional
1965 cross compile support information. [RT #15148]
1967 1955. [bug] Pre-allocate the cache cleaning iterator. [RT #14998]
1969 1954. [func] Named now falls back to advertising EDNS with a
1970 512 byte receive buffer if the initial EDNS queries
1973 1953. [func] The maximum EDNS UDP response named will send can
1974 now be set in named.conf (max-udp-size). This is
1975 independent of the advertised receive buffer
1976 (edns-udp-size). [RT #14852]
1978 1952. [port] hpux: tell the linker to build a runtime link
1979 path "-Wl,+b:". [RT #14816].
1981 1951. [security] Drop queries from particular well known ports.
1982 Don't return FORMERR to queries from particular
1983 well known ports. [RT #15636]
1985 1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
1986 a TCP socket. This prevents the source address being
1987 set for TCP connections. [RT #15628]
1989 1949. [func] Addition memory leakage checks. [RT #15544]
1991 1948. [bug] If was possible to trigger a REQUIRE failure in
1992 xfrin.c:maybe_free() if named ran out of memory.
1995 1947. [func] It is now possible to configure named to accept
1996 expired RRSIGs. Default "dnssec-accept-expired no;".
1997 Setting "dnssec-accept-expired yes;" leaves named
1998 vulnerable to replay attacks. [RT #14685]
2000 1946. [bug] resume_dslookup() could trigger a REQUIRE failure
2001 when using forwarders. [RT #15549]
2003 1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
2004 To generate a RSAMD5 key you must explicitly request
2007 1944. [cleanup] isc_hash_create() does not need a read/write lock.
2010 1943. [bug] Set the loadtime after rolling forward the journal.
2013 1942. [bug] If the name of a DNSKEY match that of one in
2014 trusted-keys do not attempt to validate the DNSKEY
2015 using the parents DS RRset. [RT #15649]
2017 1941. [bug] ncache_adderesult() should set eresult even if no
2018 rdataset is passed to it. [RT #15642]
2020 1940. [bug] Fixed a number of error conditions reported by
2023 1939. [bug] The resolver could dereference a null pointer after
2024 validation if all the queries have timed out.
2027 1938. [bug] The validator was not correctly handling unsecure
2028 negative responses at or below a SEP. [RT #15528]
2030 1937. [bug] sdlz doesn't handle RRSIG records. [RT #15564]
2032 1936. [bug] The validator could leak memory. [RT #15544]
2034 1935. [bug] 'acache' was DO sensitive. [RT #15430]
2036 1934. [func] Validate pending NS RRsets, in the authority section,
2037 prior to returning them if it can be done without
2038 requiring DNSKEYs to be fetched. [RT #15430]
2040 1933. [bug] dump_rdataset_raw() had a incorrect INSIST. [RT #15534]
2042 1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
2044 1931. [bug] Per-client mctx could require a huge amount of memory,
2045 particularly for a busy caching server. [RT #15519]
2047 1930. [port] HPUX: ia64 support. [RT #15473]
2049 1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
2051 1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
2053 1927. [bug] Access to soanode or nsnode in rbtdb violated the
2054 lock order rule and could cause a dead lock.
2057 1926. [bug] The Windows installer did not check for empty
2058 passwords. BINDinstall was being installed in
2059 the wrong place. [RT #15483]
2061 1925. [port] All outer level AC_TRY_RUNs need cross compiling
2062 defaults. [RT #15469]
2064 1924. [port] libbind: hpux ia64 support. [RT #15473]
2066 1923. [bug] ns_client_detach() called too early. [RT #15499]
2068 1922. [bug] check-tool.c:setup_logging() missing call to
2069 dns_log_setcontext().
2071 1921. [bug] Client memory contexts were not using internal
2074 1920. [bug] The cache rbtdb lock array was too small to
2075 have the desired performance characteristics.
2078 1919. [contrib] queryperf: a set of new features: collecting/printing
2079 response delays, printing intermediate results, and
2080 adjusting query rate for the "target" qps.
2082 1918. [bug] Memory leak when checking acls. [RT #15391]
2084 1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
2085 when generating man pages. [RT #15385]
2087 1916. [func] Integrate contributed IDN code from JPNIC. [RT #15383]
2089 1915. [bug] dig +ndots was broken. [RT #15215]
2091 1914. [protocol] DS is required to accept mnemonic algorithms
2092 (RFC 4034). Still emit numeric algorithms for
2093 compatibility with RFC 3658. [RT #15354]
2095 1913. [func] Integrate contributed DLZ code into named. [RT #11382]
2097 1912. [port] aix: atomic locking for powerpc. [RT #15020]
2099 1911. [bug] Update windows socket code. [RT #14965]
2101 1910. [bug] dig's +sigchase code overhauled. [RT #14933]
2103 1909. [bug] The DLV code has been re-worked to make no longer
2104 query order sensitive. [RT #14933]
2106 1908. [func] dig now warns if 'RA' is not set in the answer when
2107 'RD' was set in the query. host/nslookup skip servers
2108 that fail to set 'RA' when 'RD' is set unless a server
2109 is explicitly set. [RT #15005]
2111 1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
2114 1906. [func] dig now has a '-q queryname' and '+showsearch' options.
2117 1905. [bug] Strings returned from cfg_obj_asstring() should be
2118 treated as read-only. The prototype for
2119 cfg_obj_asstring() has been updated to reflect this.
2122 1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
2123 friends. Note: RFC 1918 zones are not yet covered by
2124 this but are likely to be in a future release.
2126 New options: empty-server, empty-contact,
2127 empty-zones-enable and disable-empty-zone.
2129 1903. [func] ISC string copy API.
2131 1902. [func] Attempt to make the amount of work performed in a
2132 iteration self tuning. The covers nodes clean from
2133 the cache per iteration, nodes written to disk when
2134 rewriting a master file and nodes destroyed per
2135 iteration when destroying a zone or a cache.
2138 1901. [cleanup] Don't add DNSKEY records to the additional section.
2140 1900. [bug] ixfr-from-differences failed to ensure that the
2141 serial number increased. [RT #15036]
2143 1899. [func] named-checkconf now validates update-policy entries.
2146 1898. [bug] Extend ISC_SOCKADDR_FORMATSIZE and
2147 ISC_NETADDR_FORMATSIZE to allow for scope details.
2149 1897. [func] x86 and x86_64 now have separate atomic locking
2152 1896. [bug] Recursive clients soft quota support wasn't working
2153 as expected. [RT #15103]
2155 1895. [bug] A escaped character is, potentially, converted to
2156 the output character set too early. [RT #14666]
2158 1894. [doc] Review ARM for BIND 9.4.
2160 1893. [port] Use uintptr_t if available. [RT #14606]
2162 1892. [func] Support for SPF rdata type. [RT #15033]
2164 1891. [port] freebsd: pthread_mutex_init can fail if it runs out
2165 of memory. [RT #14995]
2167 1890. [func] Raise the UDP receive buffer size to 32k if it is
2168 less than 32k. [RT #14953]
2170 1889. [port] sunos: non blocking i/o support. [RT #14951]
2172 1888. [func] Support for IPSECKEY rdata type. [RT #14967]
2174 1887. [bug] The cache could delete expired records too fast for
2175 clients with a virtual time in the past. [RT #14991]
2177 1886. [bug] fctx_create() could return success even though it
2180 1885. [func] dig: report the number of extra bytes still left in
2181 the packet after processing all the records.
2183 1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>.
2185 1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug
2188 1882. [func] Limit the number of recursive clients that can be
2189 waiting for a single query (<qname,qtype,qclass>) to
2190 resolve. New options clients-per-query and
2191 max-clients-per-query.
2193 1881. [func] Add a system test for named-checkconf. [RT #14931]
2195 1880. [func] The lame cache is now done on a <qname,qclass,qtype>
2196 basis as some servers only appear to be lame for
2197 certain query types. [RT #14916]
2199 1879. [func] "USE INTERNAL MALLOC" is now runtime selectable.
2202 1878. [func] Detect duplicates of UDP queries we are recursing on
2203 and drop them. New stats category "duplicate".
2206 1877. [bug] Fix unreasonably low quantum on call to
2207 dns_rbt_destroy2(). Remove unnecessary unhash_node()
2210 1876. [func] Additional memory debugging support to track size
2211 and mctx arguments. [RT #14814]
2213 1875. [bug] process_dhtkey() was using the wrong memory context
2214 to free some memory. [RT #14890]
2216 1874. [port] sunos: portability fixes. [RT #14814]
2218 1873. [port] win32: isc__errno2result() now reports its caller.
2221 1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
2225 1870. [func] Added framework for handling multiple EDNS versions.
2228 1869. [func] dig can now specify the EDNS version when making
2229 a query. [RT #14873]
2231 1868. [func] edns-udp-size can now be overridden on a per
2232 server basis. [RT #14851]
2234 1867. [bug] It was possible to trigger a INSIST in
2235 dlv_validatezonekey(). [RT #14846]
2237 1866. [bug] resolv.conf parse errors were being ignored by
2238 dig/host/nslookup. [RT #14841]
2240 1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
2241 bad addresses. [RT #14841]
2243 1864. [bug] Don't try the alternative transfer source if you
2244 got a answer / transfer with the main source
2245 address. [RT #14802]
2247 1863. [bug] rrset-order "fixed" error messages not complete.
2249 1862. [func] Add additional zone data constancy checks.
2250 named-checkzone has extended checking of NS, MX and
2251 SRV record and the hosts they reference.
2252 named has extended post zone load checks.
2253 New zone options: check-mx and integrity-check.
2256 1861. [bug] dig could trigger a INSIST on certain malformed
2257 responses. [RT #14801]
2259 1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
2260 incorrectly set. [RT #14775]
2262 1859. [func] Add support for CH A record. [RT #14695]
2264 1858. [bug] The flush-zones-on-shutdown option wasn't being
2267 1857. [bug] named could trigger a INSIST() if reconfigured /
2268 reloaded too fast. [RT #14673]
2270 1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
2273 1855. [bug] ixfr-from-differences was failing to detect changes
2274 of ttl due to dns_diff_subtract() was ignoring the ttl
2275 of records. [RT #14616]
2277 1854. [bug] lwres also needs to know the print format for
2278 (long long). [RT #13754]
2280 1853. [bug] Rework how DLV interacts with proveunsecure().
2283 1852. [cleanup] Remove last vestiges of dnssec-signkey and
2284 dnssec-makekeyset (removed from Makefile years ago).
2286 1851. [doc] Doxygen comment markup. [RT #11398]
2288 1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
2290 1849. [doc] All forms of the man pages (docbook, man, html) should
2291 have consistent copyright dates.
2293 1848. [bug] Improve SMF integration. [RT #13238]
2295 1847. [bug] isc_ondestroy_init() is called too late in
2296 dns_rbtdb_create()/dns_rbtdb64_create().
2299 1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
2300 <bortzmeyer@nic.fr>.
2302 1845. [bug] Improve error reporting to distinguish between
2303 accept()/fcntl() and socket()/fcntl() errors.
2306 1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
2307 for each 16 bit piece of the IPv6 address. The text
2308 representation of a IPv6 address has been tightened
2309 to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
2312 1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps
2313 when CFLAGS contains "-I /usr/local/include"
2314 resulting in old header files being used.
2316 1842. [port] cmsg_len() could produce incorrect results on
2317 some platform. [RT #13744]
2319 1841. [bug] "dig +nssearch" now makes a recursive query to
2320 find the list of nameservers to query. [RT #13694]
2322 1840. [func] dnssec-signzone can now randomize signature end times
2323 (dnssec-signzone -j jitter). [RT #13609]
2325 1839. [bug] <isc/hash.h> was not being installed.
2327 1838. [cleanup] Don't allow Linux capabilities to be inherited.
2330 1837. [bug] Compile time option ISC_FACILITY was not effective
2331 for 'named -u <user>'. [RT #13714]
2333 1836. [cleanup] Silence compiler warnings in hash_test.c.
2335 1835. [bug] Update dnssec-signzone's usage message. [RT #13657]
2337 1834. [bug] Bad memset in rdata_test.c. [RT #13658]
2339 1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660]
2341 1832. [bug] named fails to return BADKEY on unknown TSIG algorithm.
2344 1831. [doc] Update named-checkzone documentation. [RT#13604]
2346 1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
2348 1829. [bug] win32: "pid-file none;" broken. [RT #13563]
2350 1828. [bug] isc_rwlock_init() failed to properly cleanup if it
2351 encountered a error. [RT #13549]
2353 1827. [bug] host: update usage message for '-a'. [RT #37116]
2355 1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out
2356 of memory error. [RT #13537]
2358 1825. [bug] Missing UNLOCK() on out of memory error from in
2359 rbtdb.c:subtractrdataset(). [RT #13519]
2361 1824. [bug] Memory leak on dns_zone_setdbtype() failure.
2364 1823. [bug] Wrong macro used to check for point to point interface.
2367 1822. [bug] check-names test for RT was reversed. [RT #13382]
2371 1820. [bug] Gracefully handle acl loops. [RT #13659]
2373 1819. [bug] The validator needed to check both the algorithm and
2374 digest types of the DS to determine if it could be
2375 used to introduce a secure zone. [RT #13593]
2377 1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599]
2379 1817. [func] Add support for additional zone file formats for
2380 improving loading performance. The masterfile-format
2381 option in named.conf can be used to specify a
2382 non-default format. A separate command
2383 named-compilezone was provided to generate zone files
2384 in the new format. Additionally, the -I and -O options
2385 for dnssec-signzone specify the input and output
2388 1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
2391 1815. [bug] nsupdate triggered a REQUIRE if the server was set
2392 without also setting the zone and it encountered
2393 a CNAME and was using TSIG. [RT #13086]
2395 1814. [func] UNIX domain controls are now supported.
2397 1813. [func] Restructured the data locking framework using
2398 architecture dependent atomic operations (when
2399 available), improving response performance on
2400 multi-processor machines significantly.
2401 x86, x86_64, alpha, powerpc, and mips are currently
2404 1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
2407 1811. [func] Preserve the case of domain names in rdata during
2408 zone transfers. [RT #13547]
2410 1810. [bug] configure, lib/bind/configure make different default
2411 decisions about whether to do a threaded build.
2414 1809. [bug] "make distclean" failed for libbind if the platform
2417 1808. [bug] zone.c:notify_zone() contained a race condition,
2418 zone->db could change underneath it. [RT #13511]
2420 1807. [bug] When forwarding (forward only) set the active domain
2421 from the forward zone name. [RT #13526]
2423 1806. [bug] The resolver returned the wrong result when a CNAME /
2424 DNAME was encountered when fetching glue from a
2425 secure namespace. [RT #13501]
2427 1805. [bug] Pending status was not being cleared when DLV was
2430 1804. [bug] Ensure that if we are queried for glue that it fits
2431 in the additional section or TC is set to tell the
2432 client to retry using TCP. [RT #10114]
2434 1803. [bug] dnssec-signzone sometimes failed to remove old
2437 1802. [bug] Handle connection resets better. [RT #11280]
2439 1801. [func] Report differences between hints and real NS rrset
2440 and associated address records.
2442 1800. [bug] Changes #1719 allowed a INSIST to be triggered.
2445 1799. [bug] 'rndc flushname' failed to flush negative cache
2446 entries. [RT #13438]
2448 1798. [func] The server syntax has been extended to support a
2449 range of servers. [RT #11132]
2451 1797. [func] named-checkconf now check acls to verify that they
2452 only refer to existing acls. [RT #13101]
2454 1796. [func] "rndc freeze/thaw" now freezes/thaws all zones.
2456 1795. [bug] "rndc dumpdb" was not fully documented. Minor
2457 formating issues with "rndc dumpdb -all". [RT #13396]
2459 1794. [func] Named and named-checkzone can now both check for
2460 non-terminal wildcard records.
2462 1793. [func] Extend adjusting TTL warning messages. [RT #13378]
2464 1792. [func] New zone option "notify-delay". Specify a minimum
2465 delay between sets of NOTIFY messages.
2467 1791. [bug] 'host -t a' still printed out AAAA and MX records.
2470 1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
2471 allow parallel make to succeed.
2473 1789. [bug] Prerequisite test for tkey and dnssec could fail
2474 with "configure --with-libtool".
2476 1788. [bug] libbind9.la/libbind9.so needs to link against
2477 libisccfg.la/libisccfg.so.
2479 1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.
2481 1786. [port] AIX: libt_api needs to be taught to look for
2482 T_testlist in the main executable (--with-libtool).
2485 1785. [bug] libbind9.la/libbind9.so needs to link against
2486 libisc.la/libisc.so.
2488 1784. [cleanup] "libtool -allow-undefined" is the default.
2489 Leave hooks in configure to allow it to be set
2490 if needed in the future.
2492 1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the
2495 1782. [port] OSX: --with-libtool + --enable-libbind broke on
2496 __evOptMonoTime. [RT #13219]
2498 1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
2500 1780. [bug] Update libtool to 1.5.10.
2502 1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
2504 1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
2505 IN6ADDR_LOOPBACK_INIT macros.
2507 1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
2508 IN6ADDR_LOOPBACK_INIT macros.
2510 1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
2511 IN6ADDR_LOOPBACK_INIT macros.
2513 1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
2515 1774. [port] Aix: Silence compiler warnings / build failures.
2518 1773. [bug] Fast retry on host / net unreachable. [RT #13153]
2524 1770. [bug] named-checkconf failed to report missing a missing
2525 file clause for rbt{64} master/hint zones. [RT#13009]
2527 1769. [port] win32: change compiler flags /MTd ==> /MDd,
2530 1768. [bug] nsecnoexistnodata() could be called with a non-NSEC
2531 rdataset. [RT #12907]
2533 1767. [port] Builds on IPv6 platforms without IPv6 Advanced API
2534 support for (struct in6_pktinfo) failed. [RT #13077]
2536 1766. [bug] Update the master file timestamp on successful refresh
2537 as well as the journal's timestamp. [RT# 13062]
2539 1765. [bug] configure --with-openssl=auto failed. [RT #12937]
2541 1764. [bug] dns_zone_replacedb failed to emit a error message
2542 if there was no SOA record in the replacement db.
2545 1763. [func] Perform sanity checks on NS records which refer to
2546 'in zone' names. [RT #13002]
2548 1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS
2549 even when it failed. [RT #12995]
2551 1761. [bug] 'rndc dumpdb' didn't report unassociated entries.
2554 1760. [bug] Host / net unreachable was not penalising rtt
2555 estimates. [RT #12970]
2557 1759. [bug] Named failed to startup if the OS supported IPv6
2558 but had no IPv6 interfaces configured. [RT #12942]
2560 1758. [func] Don't send notify messages to self. [RT #12933]
2562 1757. [func] host now can turn on memory debugging flags with '-m'.
2564 1756. [func] named-checkconf now checks the logging configuration.
2567 1755. [func] allow-update is now settable at the options / view
2570 1754. [bug] We weren't always attempting to query the parent
2571 server for the DS records at the zone cut.
2574 1753. [bug] Don't serve a slave zone which has no NS records.
2577 1752. [port] Move isc_app_start() to after ns_os_daemonise()
2578 as some fork() implementations unblock the signals
2579 that are blocked by isc_app_start(). [RT #12810]
2581 1751. [bug] --enable-getifaddrs failed under linux. [RT #12867]
2583 1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
2586 1749. [bug] 'check-names response ignore;' failed to ignore.
2589 1748. [func] dig now returns the byte count for axfr/ixfr.
2591 1747. [bug] BIND 8 compatibility: named/named-checkconf failed
2592 to parse "host-statistics-max" in named.conf.
2594 1746. [func] Make public the function to read a key file,
2595 dst_key_read_public(). [RT #12450]
2597 1745. [bug] Dig/host/nslookup accept replies from link locals
2598 regardless of scope if no scope was specified when
2599 query was sent. [RT #12745]
2601 1744. [bug] If tuple2msgname() failed to convert a tuple to
2602 a name a REQUIRE could be triggered. [RT #12796]
2604 1743. [bug] If isc_taskmgr_create() was not able to create the
2605 requested number of worker threads then destruction
2606 of the manager would trigger an INSIST() failure.
2609 1742. [bug] Deleting all records at a node then adding a
2610 previously existing record, in a single UPDATE
2611 transaction, failed to leave / regenerate the
2612 associated RRSIG records. [RT #12788]
2614 1741. [bug] Deleting all records at a node in a secure zone
2615 using a update-policy grant failed. [RT #12787]
2617 1740. [bug] Replace rbt's hash algorithm as it performed badly
2618 with certain zones. [RT #12729]
2620 NOTE: a hash context now needs to be established
2621 via isc_hash_create() if the application was not
2624 1739. [bug] dns_rbt_deletetree() could incorrectly return
2625 ISC_R_QUOTA. [RT #12695]
2627 1738. [bug] Enable overrun checking by default. [RT #12695]
2629 1737. [bug] named failed if more than 16 masters were specified.
2632 1736. [bug] dst_key_fromnamedfile() could fail to read a
2633 public key. [RT #12687]
2635 1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
2638 1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path.
2641 1733. [bug] Return non-zero exit status on initial load failure.
2644 1732. [bug] 'rrset-order name "*"' wasn't being applied to ".".
2647 1731. [port] darwin: relax version test in ifconfig.sh.
2650 1730. [port] Determine the length type used by the socket API.
2653 1729. [func] Improve check-names error messages.
2655 1728. [doc] Update check-names documentation.
2657 1727. [bug] named-checkzone: check-names support didn't match
2660 1726. [port] aix5: add support for aix5.
2662 1725. [port] linux: update error message on interaction of threads,
2663 capabilities and setuid support (named -u). [RT #12541]
2665 1724. [bug] Look for DNSKEY records with "dig +sigtrace".
2668 1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
2670 1722. [bug] Don't commit the journal on malformed ixfr streams.
2673 1721. [bug] Error message from the journal processing were not
2674 always identifying the relevant journal. [RT #12519]
2676 1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1
2677 negative response. [RT #12506]
2679 1719. [bug] named was not correctly caching a RFC 2308 Type 1
2680 negative response. [RT #12506]
2682 1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative
2683 responses when looking for the zone / master server.
2686 1717. [port] solaris: ifconfig.sh did not support Solaris 10.
2687 "ifconfig.sh down" didn't work for Solaris 9.
2689 1716. [doc] named.conf(5) was being installed in the wrong
2690 location. [RT# 12441]
2692 1715. [func] 'dig +trace' now randomly selects the next servers
2693 to try. Report if there is a bad delegation.
2695 1714. [bug] dig/host/nslookup were only trying the first
2696 address when a nameserver was specified by name.
2699 1713. [port] linux: extend capset failure message to say:
2700 please ensure that the capset kernel module is
2701 loaded. see insmod(8)
2703 1712. [bug] Missing FULLCHECK for "trusted-key" in dig.
2705 1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'.
2707 1710. [func] 'rndc notify zone [class [view]]' resend the NOTIFY
2708 messages for the specified zone. [RT #9479]
2710 1709. [port] solaris: add SMF support from Sun.
2712 1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
2713 for conformance to the name space convention. Binary
2714 backward compatibility to the old function name is
2715 provided. [RT #12376]
2717 1707. [contrib] sdb/ldap updated to version 1.0-beta.
2719 1706. [bug] 'rndc stop' failed to cause zones to be flushed
2720 sometimes. [RT #12328]
2722 1705. [func] Allow the journal's name to be changed via named.conf.
2724 1704. [port] lwres needed a snprintf() implementation for
2725 platforms without snprintf(). Add missing
2726 "#include <isc/print.h>". [RT #12321]
2728 1703. [bug] named would loop sending NOTIFY messages when it
2729 failed to receive a response. [RT #12322]
2731 1702. [bug] also-notify should not be applied to built in zones.
2734 1701. [doc] A minimal named.conf man page.
2736 1700. [func] nslookup is no longer to be treated as deprecated.
2737 Remove "deprecated" warning message. Add man page.
2739 1699. [bug] dnssec-signzone can generate "not exact" errors
2740 when resigning. [RT #12281]
2742 1698. [doc] Use reserved IPv6 documentation prefix.
2744 1697. [bug] xxx-source{,-v6} was not effective when it
2745 specified one of listening addresses and a
2746 different port than the listening port. [RT #12257]
2748 1696. [bug] dnssec-signzone failed to clean out nodes that
2749 consisted of only NSEC and RRSIG records.
2752 1695. [bug] DS records when forwarding require special handling.
2755 1694. [bug] Report if the builtin views of "_default" / "_bind"
2756 are defined in named.conf. [RT #12023]
2758 1693. [bug] max-journal-size was not effective for master zones
2759 with ixfr-from-differences set. [RT# 12024]
2761 1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
2762 /usr/lib. [RT #11971]
2764 1691. [bug] sdb's attachversion was not complete. [RT #11990]
2766 1690. [bug] Delay detaching view from the client until UPDATE
2767 processing completes when shutting down. [RT #11714]
2769 1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
2770 contained gratuitous semicolons. [RT #11707]
2772 1688. [bug] LDFLAGS was not supported.
2774 1687. [bug] Race condition in dispatch. [RT #10272]
2776 1686. [bug] Named sent a extraneous NOTIFY when it received a
2777 redundant UPDATE request. [RT #11943]
2779 1685. [bug] Change #1679 loop tests weren't quite right.
2781 1684. [func] ixfr-from-differences now takes master and slave in
2782 addition to yes and no at the options and view levels.
2784 1683. [bug] dig +sigchase could leak memory. [RT #11445]
2786 1682. [port] Update configure test for (long long) printf format.
2789 1681. [bug] Only set SO_REUSEADDR when a port is specified in
2790 isc_socket_bind(). [RT #11742]
2792 1680. [func] rndc: the source address can now be specified.
2794 1679. [bug] When there was a single nameserver with multiple
2795 addresses for a zone not all addresses were tried.
2798 1678. [bug] RRSIG should use TYPEXXXXX for unknown types.
2800 1677. [bug] dig: +aaonly didn't work, +aaflag undocumented.
2802 1676. [func] New option "allow-query-cache". This lets
2803 allow-query be used to specify the default zone
2804 access level rather than having to have every
2805 zone override the global value. allow-query-cache
2806 can be set at both the options and view levels.
2807 If allow-query-cache is not set allow-query applies.
2809 1675. [bug] named would sometimes add extra NSEC records to
2810 the authority section.
2812 1674. [port] linux: increase buffer size used to scan
2815 1673. [port] linux: issue a error messages if IPv6 interface
2818 1672. [cleanup] Tests which only function in a threaded build
2819 now return R:THREADONLY (rather than R:UNTESTED)
2820 in a non-threaded build.
2822 1671. [contrib] queryperf: add NAPTR to the list of known types.
2824 1670. [func] Log UPDATE requests to slave zones without an acl as
2825 "disabled" at debug level 3. [RT# 11657]
2829 1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
2831 1667. [port] linux: not all versions have IF_NAMESIZE.
2833 1666. [bug] The optional port on hostnames in dual-stack-servers
2836 1665. [func] rndc now allows addresses to be set in the
2839 1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.
2841 1663. [func] Look for OpenSSL by default.
2843 1662. [bug] Change #1658 failed to change one use of 'type'
2846 1661. [bug] Restore dns_name_concatenate() call in
2847 adb.c:set_target(). [RT #11582]
2849 1660. [bug] win32: connection_reset_fix() was being called
2850 unconditionally. [RT #11595]
2852 1659. [cleanup] Cleanup some messages that were referring to KEY vs
2853 DNSKEY, NXT vs NSEC and SIG vs RRSIG.
2855 1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
2856 and DH. Tighten which options apply to KEY and
2859 1657. [doc] ARM: document query log output.
2861 1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
2862 DNSKEY and RRSIG. [RT #11542]
2864 1655. [bug] Logging multiple versions w/o a size was broken.
2867 1654. [bug] isc_result_totext() contained array bounds read
2870 1653. [func] Add key type checking to dst_key_fromfilename(),
2871 DST_TYPE_KEY should be used to read TSIG, TKEY and
2874 1652. [bug] TKEY still uses KEY.
2876 1651. [bug] dig: process multiple dash options.
2878 1650. [bug] dig, nslookup: flush standard out after each command.
2880 1649. [bug] Silence "unexpected non-minimal diff" message.
2883 1648. [func] Update dnssec-lookaside named.conf syntax to support
2884 multiple dnssec-lookaside namespaces (not yet
2887 1647. [bug] It was possible trigger a INSIST when chasing a DS
2888 record that required walking back over a empty node.
2891 1646. [bug] win32: logging file versions didn't work with
2892 non-UNC filenames. [RT#11486]
2894 1645. [bug] named could trigger a REQUIRE failure if multiple
2895 masters with keys are specified.
2897 1644. [bug] Update the journal modification time after a
2898 successful refresh query. [RT #11436]
2900 1643. [bug] dns_db_closeversion() could leak memory / node
2901 references. [RT #11163]
2903 1642. [port] Support OpenSSL implementations which don't have
2904 DSA support. [RT #11360]
2906 1641. [bug] Update the check-names description in ARM. [RT #11389]
2908 1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
2909 incorrectly closing the socket. [RT #11291]
2911 1639. [func] Initial dlv system test.
2913 1638. [bug] "ixfr-from-differences" could generate a REQUIRE
2914 failure if the journal open failed. [RT #11347]
2916 1637. [bug] Node reference leak on error in addnoqname().
2918 1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
2919 a error had occurred. The database version no longer
2920 matched the version of the database that was dumped.
2922 1635. [bug] Memory leak on error in query_addds().
2924 1634. [bug] named didn't supply a useful error message when it
2925 detected duplicate views. [RT #11208]
2927 1633. [bug] named should return NOTIMP to update requests to a
2928 slaves without a allow-update-forwarding acl specified.
2931 1632. [bug] nsupdate failed to send prerequisite only UPDATE
2932 messages. [RT #11288]
2934 1631. [bug] dns_journal_compact() could sometimes corrupt the
2935 journal. [RT #11124]
2937 1630. [contrib] queryperf: add support for IPv6 transport.
2939 1629. [func] dig now supports IPv6 scoped addresses with the
2940 extended format in the local-server part. [RT #8753]
2942 1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]
2944 1627. [bug] win32: sockets were not being closed when the
2945 last external reference was removed. [RT# 11179]
2947 1626. [bug] --enable-getifaddrs was broken. [RT#11259]
2949 1625. [bug] named failed to load/transfer RFC2535 signed zones
2950 which contained CNAMES. [RT# 11237]
2952 1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
2954 1623. [bug] A serial number of zero was being displayed in the
2955 "sending notifies" log message when also-notify was
2958 1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
2959 available, and suppress wildcard binding if not.
2961 1621. [bug] match-destinations did not work for IPv6 TCP queries.
2964 1620. [func] When loading a zone report if it is signed. [RT #11149]
2966 1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
2969 1618. [bug] Fencepost errors in dns_name_ishostname() and
2970 dns_name_ismailbox() could trigger a INSIST().
2972 1617. [port] win32: VC++ 6.0 support.
2974 1616. [compat] Ensure that named's version is visible in the core
2977 1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
2980 1614. [port] win32: silence resource limit messages. [RT# 11101]
2982 1613. [bug] Builds would fail on machines w/o a if_nametoindex().
2983 Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
2986 1612. [bug] check-names at the option/view level could trigger
2987 an INSIST. [RT# 11116]
2989 1611. [bug] solaris: IPv6 interface scanning failed to cope with
2990 no active IPv6 interfaces.
2992 1610. [bug] On dual stack machines "dig -b" failed to set the
2993 address type to be looked up with "@server".
2996 1609. [func] dig now has support to chase DNSSEC signature chains.
2997 Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.
2999 DNSSEC validation code in dig coded by Olivier Courtay
3000 (olivier.courtay@irisa.fr) for the IDsA project
3001 (http://idsa.irisa.fr).
3003 1608. [func] dig and host now accept -4/-6 to select IP transport
3004 to use when making queries.
3006 1607. [bug] dig, host and nslookup were still using random()
3007 to generate query ids. [RT# 11013]
3009 1606. [bug] DLV insecurity proof was failing.
3011 1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
3013 1604. [bug] A xfrout_ctx_create() failure would result in
3014 xfrout_ctx_destroy() being called with a
3015 partially initialized structure.
3017 1603. [bug] nsupdate: set interactive based on isatty().
3020 1602. [bug] Logging to a file failed unless a size was specified.
3023 1601. [bug] Silence spurious warning 'both "recursion no;" and
3024 "allow-recursion" active' warning from view "_bind".
3027 1600. [bug] Duplicate zone pre-load checks were not case
3030 1599. [bug] Fix memory leak on error path when checking named.conf.
3032 1598. [func] Specify that certain parts of the namespace must
3033 be secure (dnssec-must-be-secure).
3035 1597. [func] Allow notify-source and query-source to be specified
3036 on a per server basis similar to transfer-source.
3039 1596. [func] Accept 'notify-source' style syntax for query-source.
3041 1595. [func] New notify type 'master-only'. Enable notify for
3044 1594. [bug] 'rndc dumpdb' could prevent named from answering
3045 queries while the dump was in progress. [RT #10565]
3047 1593. [bug] rndc should return "unknown command" to unknown
3048 commands. [RT# 10642]
3050 1592. [bug] configure_view() could leak a dispatch. [RT# 10675]
3052 1591. [bug] libbind: updated to BIND 8.4.5.
3054 1590. [port] netbsd: update thread support.
3056 1589. [func] DNSSEC lookaside validation.
3058 1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
3060 1587. [bug] dns_message_settsigkey() failed to clear existing key.
3063 1586. [func] "check-names" is now implemented.
3067 1584. [bug] "make test" failed with a read only source tree.
3070 1583. [bug] Records add via UPDATE failed to get the correct trust
3073 1582. [bug] rrset-order failed to work on RRsets with more
3074 than 32 elements. [RT #10381]
3076 1581. [func] Disable DNSSEC support by default. To enable
3077 DNSSEC specify "dnssec-enable yes;" in named.conf.
3079 1580. [bug] Zone destruction on final detach takes a long time.
3082 1579. [bug] Multiple task managers could not be created.
3084 1578. [bug] Don't use CLASS E IPv4 addresses when resolving.
3087 1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug
3088 workaround code. [RT #10331]
3090 1576. [bug] Race condition in dns_dispatch_addresponse().
3093 1575. [func] Log TSIG name on TSIG verify failure. [RT #4404]
3095 1574. [bug] Don't attempt to open the controls socket(s) when
3096 running tests. [RT #9091]
3098 1573. [port] linux: update to libtool 1.5.2 so that
3099 "make install DESTDIR=/xx" works with
3100 "configure --with-libtool". [RT #9941]
3102 1572. [bug] nsupdate: sign the soa query to find the enclosing
3103 zone if the server is specified. [RT #10148]
3105 1571. [bug] rbt:hash_node() could fail leaving the hash table
3106 in an inconsistent state. [RT #10208]
3108 1570. [bug] nsupdate failed to handle classes other than IN.
3109 New keyword 'class' which sets the default class.
3112 1569. [func] nsupdate new command 'answer' which displays the
3113 complete answer message to the last update.
3115 1568. [bug] nsupdate now reports that the update failed in
3116 interactive mode. [RT# 10236]
3118 1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
3120 1566. [port] Support for the cmsg framework on Solaris and HP/UX.
3121 This also solved the problem that match-destinations
3122 for IPv6 addresses did not work on these systems.
3125 1565. [bug] CD flag should be copied to outgoing queries unless
3126 the query is under a secure entry point in which case
3129 1564. [func] Attempt to provide a fallback entropy source to be
3130 used if named is running chrooted and named is unable
3131 to open entropy source within the chroot area.
3134 1563. [bug] Gracefully fail when unable to obtain neither an IPv4
3135 nor an IPv6 dispatch. [RT #10230]
3137 1562. [bug] isc_socket_create() and isc_socket_accept() could
3138 leak memory under error conditions. [RT #10230]
3140 1561. [bug] It was possible to release the same name twice if
3141 named ran out of memory. [RT #10197]
3143 1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
3144 and EAI_NONAME to the same value.
3146 1559. [port] named should ignore SIGFSZ.
3148 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
3149 child zones for which we don't have a supported
3150 algorithm. Such child zones are treated as unsigned.
3152 1557. [func] Implement missing DNSSEC tests for
3153 * NOQNAME proof with wildcard answers.
3154 * NOWILDARD proof with NXDOMAIN.
3155 Cache and return NOQNAME with wildcard answers.
3157 1556. [bug] nsupdate now treats all names as fully qualified.
3160 1555. [func] 'rrset-order cyclic' no longer has a random starting
3161 point per query. [RT #7572]
3163 1554. [bug] dig, host, nslookup failed when no nameservers
3164 were specified in /etc/resolv.conf. [RT #8232]
3166 1553. [bug] The windows socket code could stop accepting
3167 connections. [RT#10115]
3169 1552. [bug] Accept NOTIFY requests from mapped masters if
3170 matched-mapped is set. [RT #10049]
3172 1551. [port] Open "/dev/null" before calling chroot().
3174 1550. [port] Call tzset(), if available, before calling chroot().
3176 1549. [func] named-checkzone can now write out the zone contents
3177 in a easily parsable format (-D and -o).
3179 1548. [bug] When parsing APL records it was possible to silently
3180 accept out of range ADDRESSFAMILY values. [RT# 9979]
3182 1547. [bug] Named wasted memory recording duplicate lame zone
3185 1546. [bug] We were rejecting valid secure CNAME to negative
3188 1545. [bug] It was possible to leak memory if named was unable to
3189 bind to the specified transfer source and TSIG was
3190 being used. [RT #10120]
3192 1544. [bug] Named would logged a single entry to a file despite it
3193 being over the specified size limit.
3195 1543. [bug] Logging using "versions unlimited" did not work.
3199 1541. [func] NSEC now uses new bitmap format.
3201 1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
3204 1539. [bug] Open UDP sockets for notify-source and transfer-source
3205 that use reserved ports at startup. [RT #9475]
3207 1538. [placeholder] rt9997
3209 1537. [func] New option "querylog". If set specify whether query
3210 logging is to be enabled or disabled at startup.
3212 1536. [bug] Windows socket code failed to log a error description
3213 when returning ISC_R_UNEXPECTED. [RT #9998]
3217 1534. [bug] Race condition when priming cache. [RT# 9940]
3219 1533. [func] Warn if both "recursion no;" and "allow-recursion"
3220 are active. [RT# 4389]
3222 1532. [port] netbsd: the configure test for <sys/sysctl.h>
3223 requires <sys/param.h>.
3225 1531. [port] AIX more libtool fixes.
3227 1530. [bug] It was possible to trigger a INSIST() failure if a
3228 slave master file was removed at just the correct
3231 1529. [bug] "notify explicit;" failed to log that NOTIFY messages
3232 were being sent for the zone. [RT# 9442]
3234 1528. [cleanup] Simplify some dns_name_ functions based on the
3235 deprecation of bitstring labels.
3237 1527. [cleanup] Reduce the number of gettimeofday() calls without
3238 losing necessary timer granularity.
3240 1526. [func] Implemented "additional section caching (or acache)",
3241 an internal cache framework for additional section
3242 content to improve response performance. Several
3243 configuration options were provided to control the
3246 1525. [bug] dns_cache_create() could trigger a REQUIRE
3247 failure in isc_mem_put() during error cleanup.
3250 1524. [port] AIX needs to be able to resolve all symbols when
3251 creating shared libraries (--with-libtool).
3253 1523. [bug] Fix race condition in rbtdb. [RT# 9189]
3255 1522. [bug] dns_db_findnode() relax the requirements on 'name'.
3258 1521. [bug] dns_view_createresolver() failed to check the
3259 result from isc_mem_create(). [RT# 9294]
3261 1520. [protocol] Add SSHFP (SSH Finger Print) type.
3263 1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
3264 length of the new bitmap.
3266 1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(),
3267 contained a off-by-one error when working out the
3268 number of octets in the bitmap.
3270 1517. [port] Support for IPv6 interface scanning on HP/UX and
3273 1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
3275 1515. [func] Allow transfer source to be set in a server statement.
3278 1514. [bug] named: isc_hash_destroy() was being called too early.
3281 1513. [doc] Add "US" to root-delegation-only exclude list.
3283 1512. [bug] Extend the delegation-only logging to return query
3284 type, class and responding nameserver.
3286 1511. [bug] delegation-only was generating false positives
3287 on negative answers from sub-zones.
3289 1510. [func] New view option "root-delegation-only". Apply
3290 delegation-only check to all TLDs and root.
3291 Note there are some TLDs that are NOT delegation
3292 only (e.g. DE, LV, US and MUSEUM) these can be excluded
3293 from the checks by using exclude.
3295 root-delegation-only exclude {
3296 "DE"; "LV"; "US"; "MUSEUM";
3299 1509. [bug] Hint zones should accept delegation-only. Forward
3300 zone should not accept delegation-only.
3302 1508. [bug] Don't apply delegation-only checks to answers from
3305 1507. [bug] Handle BIND 8 style returns to NS queries to parents
3306 when making delegation-only checks.
3308 1506. [bug] Wrong return type for dns_view_isdelegationonly().
3310 1505. [bug] Uninitialized rdataset in sdb. [RT #8750]
3312 1504. [func] New zone type "delegation-only".
3314 1503. [port] win32: install libeay32.dll outside of system32.
3316 1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP.
3318 1501. [func] Allow TCP queue length to be specified via
3319 named.conf, tcp-listen-queue.
3321 1500. [bug] host failed to lookup MX records. Also look up
3324 1499. [bug] isc_random need to be seeded better if arc4random()
3327 1498. [port] bsdos: 5.x support.
3331 1496. [port] test for pthread_attr_setstacksize().
3333 1495. [cleanup] Replace hash functions with universal hash.
3335 1494. [security] Turn on RSA BLINDING as a precaution.
3339 1492. [cleanup] Preserve rwlock quota context when upgrading /
3340 downgrading. [RT #5599]
3342 1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
3345 1490. [bug] Accept reading state as well as working state in
3346 ns_client_next(). [RT #6813]
3348 1489. [compat] Treat 'allow-update' on slave zones as a warning.
3351 1488. [bug] Don't override trust levels for glue addresses.
3354 1487. [bug] A REQUIRE() failure could be triggered if a zone was
3355 queued for transfer and the zone was then removed.
3358 1486. [bug] isc_print_snprintf() '%%' consumed one too many format
3359 characters. [RT# 8230]
3361 1485. [bug] gen failed to handle high type values. [RT #6225]
3363 1484. [bug] The number of records reported after a AXFR was wrong.
3366 1483. [bug] dig axfr failed if the message id in the answer failed
3367 to match that in the request. Only the id in the first
3368 message is required to match. [RT #8138]
3370 1482. [bug] named could fail to start if the kernel supports
3371 IPv6 but no interfaces are configured. Similarly
3372 for IPv4. [RT #6229]
3374 1481. [bug] Refresh and stub queries failed to use masters keys
3375 if specified. [RT #7391]
3377 1480. [bug] Provide replay protection for rndc commands. Full
3378 replay protection requires both rndc and named to
3379 be updated. Partial replay protection (limited
3380 exposure after restart) is provided if just named
3383 1479. [bug] cfg_create_tuple() failed to handle out of
3384 memory cleanup. parse_list() would leak memory
3387 1478. [port] ifconfig.sh didn't account for other virtual
3388 interfaces. It now takes a optional argument
3389 to specify the first interface number. [RT #3907]
3391 1477. [bug] memory leak using stub zones and TSIG.
3395 1475. [port] Probe for old sprintf().
3397 1474. [port] Provide strtoul() and memmove() for platforms
3400 1473. [bug] create_map() and create_string() failed to handle out
3401 of memory cleanup. [RT #6813]
3403 1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
3405 1471. [bug] libbind: updated to BIND 8.4.0.
3407 1470. [bug] Incorrect length passed to snprintf. [RT #5966]
3409 1469. [func] Log end of outgoing zone transfer at same level
3410 as the start of transfer is logged. [RT #4441]
3412 1468. [func] Internal zones are no longer counted for
3413 'rndc status'. [RT #4706]
3415 1467. [func] $GENERATES now supports optional class and ttl.
3417 1466. [bug] lwresd configuration errors resulted in memory
3418 and lock leaks. [RT #5228]
3420 1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
3421 failed to check that trailing bits were zero allowing
3422 some invalid base64 strings to be accepted. [RT #5397]
3424 1464. [bug] Preserve "out of zone" data for outgoing zone
3425 transfers. [RT #5192]
3427 1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
3428 NXT bit maps. [RT #5577]
3430 1462. [bug] parse_sizeval() failed to check the token type.
3433 1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
3435 1460. [bug] inet_pton() failed to reject certain malformed
3440 1458. [cleanup] sprintf() -> snprintf().
3442 1457. [port] Provide strlcat() and strlcpy() for platforms without
3445 1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
3447 1455. [bug] <netaddr> missing from server grammar in
3448 doc/misc/options. [RT #5616]
3450 1454. [port] Use getifaddrs() if available for interface scanning.
3451 --disable-getifaddrs to override. Glibc currently
3452 has a getifaddrs() that does not support IPv6.
3453 Use --enable-getifaddrs=glibc to force the use of
3454 this version under linux machines.
3456 1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
3460 1451. [bug] rndc-confgen didn't exit with a error code for all
3461 failures. [RT #5209]
3463 1450. [bug] Fetching expired glue failed under certain
3464 circumstances. [RT #5124]
3466 1449. [bug] query_addbestns() didn't handle running out of memory
3469 1448. [bug] Handle empty wildcards labels.
3471 1447. [bug] We were casting (unsigned int) to and from (void *).
3472 rdataset->private4 is now rdataset->privateuint4
3473 to reflect a type change.
3475 1446. [func] Implemented undocumented alternate transfer sources
3476 from BIND 8. See use-alt-transfer-source,
3477 alt-transfer-source and alt-transfer-source-v6.
3479 SECURITY: use-alt-transfer-source is ENABLED unless
3480 you are using views. This may cause a security risk
3481 resulting in accidental disclosure of wrong zone
3482 content if the master supplying different source
3483 content based on IP address. If you are not certain
3484 ISC recommends setting use-alt-transfer-source no;
3486 1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
3487 been replaced with DNS_ADBFIND_STARTATZONE which
3488 causes the search to start using the closest zone.
3490 1444. [func] dns_view_findzonecut2() allows you to specify if the
3491 cache should be searched for zone cuts.
3493 1443. [func] Masters lists can now be specified and referenced
3494 in zone masters clauses and other masters lists.
3496 1442. [func] New functions for manipulating port lists:
3497 dns_portlist_create(), dns_portlist_add(),
3498 dns_portlist_remove(), dns_portlist_match(),
3499 dns_portlist_attach() and dns_portlist_detach().
3501 1441. [func] It is now possible to tell dig to bind to a specific
3504 1440. [func] It is now possible to tell named to avoid using
3505 certain source ports (avoid-v4-udp-ports,
3506 avoid-v6-udp-ports).
3508 1439. [bug] Named could return NOERROR with certain NOTIFY
3509 failures. Return NOTAUTH if the NOTIFY zone is
3512 1438. [func] Log TSIG (if any) when logging NOTIFY requests.
3514 1437. [bug] Leave space for stdio to work in. [RT #5033]
3516 1436. [func] dns_zonemgr_resumexfrs() can be used to restart
3519 1435. [bug] zmgr_resume_xfrs() was being called read locked
3520 rather than write locked. zmgr_resume_xfrs()
3521 was not being called if the zone was being
3524 1434. [bug] "rndc reconfig" failed to initiate the initial
3525 zone transfer of new slave zones.
3527 1433. [bug] named could trigger a REQUIRE failure if it could
3528 not get a file descriptor when attempting to write
3529 a master file. [RT #4347]
3531 1432. [func] The advertised EDNS UDP buffer size can now be set
3532 via named.conf (edns-udp-size).
3534 1431. [bug] isc_print_snprintf() "%s" with precision could walk off
3535 end of argument. [RT #5191]
3537 1430. [port] linux: IPv6 interface scanning support.
3539 1429. [bug] Prevent the cache getting locked to old servers.
3543 1427. [bug] Race condition in adb with threaded build.
3547 1425. [port] linux/libbind: define __USE_MISC when testing *_r()
3548 function prototypes in netdb.h. [RT #4921]
3550 1424. [bug] EDNS version not being correctly printed.
3552 1423. [contrib] queryperf: added A6 and SRV.
3554 1422. [func] Log name/type/class when denying a query. [RT #4663]
3556 1421. [func] Differentiate updates that don't succeed due to
3557 prerequisites (unsuccessful) vs other reasons
3560 1420. [port] solaris: work around gcc optimizer bug.
3562 1419. [port] openbsd: use /dev/arandom. [RT #4950]
3564 1418. [bug] 'rndc reconfig' did not cause new slaves to load.
3566 1417. [func] ID.SERVER/CHAOS is now a built in zone.
3567 See "server-id" for how to configure.
3569 1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
3572 1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
3575 1414. [func] Support for KSK flag.
3577 1413. [func] Explicitly request the (re-)generation of DS records
3578 from keysets (dnssec-signzone -g).
3580 1412. [func] You can now specify servers to be tried if a nameserver
3581 has IPv6 address and you only support IPv4 or the
3582 reverse. See dual-stack-servers.
3584 1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
3586 1410. [func] Handle records that live in the parent zone, e.g. DS.
3588 1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
3590 1408. [bug] "make distclean" was not complete. [RT #4700]
3592 1407. [bug] lfsr incorrectly implements the shift register.
3595 1406. [bug] dispatch initializes one of the LFSR's with a incorrect
3596 polynomial. [RT #4617]
3598 1405. [func] Use arc4random() if available.
3600 1404. [bug] libbind: ns_name_ntol() could overwrite a zero length
3603 1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset
3604 dnssec-signkey now report their version in the
3607 1402. [cleanup] A6 has been moved to experimental and is no longer
3610 1401. [bug] adb wasn't clearing state when the timer expired.
3612 1400. [bug] Block the addition of wildcard NS records by IXFR
3613 or UPDATE. [RT #3502]
3615 1399. [bug] Use serial number arithmetic when testing SIG
3616 timestamps. [RT #4268]
3618 1398. [doc] ARM: notify-also should have been also-notify.
3621 1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
3623 1396. [func] dnssec-signzone: adjust the default signing time by
3624 1 hour to allow for clock skew.
3626 1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
3627 have a working implementation. [RT #4079]
3629 1394. [func] It is now possible to check if a particular element is
3630 in a acl. Remove duplicate entries from the localnets
3633 1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
3634 is not available in the kernel to prevent accidently
3635 listening on IPv4 interfaces.
3637 1392. [bug] named-checkzone: update usage.
3639 1391. [func] Add support for IPv6 scoped addresses in named.
3641 1390. [func] host now supports ixfr.
3643 1389. [bug] named could fail to rotate long log files. [RT #3666]
3645 1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
3646 defining HAVE_IFLIST_SYSCTL. [RT #3770]
3648 1387. [bug] named could crash due to an access to invalid memory
3649 space (which caused an assertion failure) in
3650 incremental cleaning. [RT #3588]
3652 1386. [bug] named-checkzone -z stopped on errors in a zone.
3655 1385. [bug] Setting serial-query-rate to 10 would trigger a
3658 1384. [bug] host was incompatible with BIND 8 in its exit code and
3659 in the output with the -l option. [RT #3536]
3661 1383. [func] Track the serial number in a IXFR response and log if
3662 a mismatch occurs. This is a more specific error than
3663 "not exact". [RT #3445]
3665 1382. [bug] make install failed with --enable-libbind. [RT #3656]
3667 1381. [bug] named failed to correctly process answers that
3668 contained DNAME records where the resulting CNAME
3669 resulted in a negative answer.
3671 1380. [func] 'rndc recursing' dump recursing queries to
3672 'recursing-file = "named.recursing";'.
3674 1379. [func] 'rndc status' now reports tcp and recursion quota
3677 1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
3679 1377. [func] dns_zone_load{new}() now reports if the zone was
3680 loaded, queued for loading to up to date.
3682 1376. [func] New function dns_zone_logc() to log to specified
3685 1375. [func] 'rndc dumpdb' now dumps the adb cache along with the
3688 1374. [func] dns_adb_dump() now logs the lame zones associated
3691 1373. [bug] Recovery from expired glue failed under certain
3694 1372. [bug] named crashes with an assertion failure on exit when
3695 sharing the same port for listening and querying, and
3696 changing listening addresses several times. [RT# 3509]
3698 1371. [bug] notify-source-v6, transfer-source-v6 and
3699 query-source-v6 with explicit addresses and using the
3700 same ports as named was listening on could interfere
3701 with named's ability to answer queries sent to those
3704 1370. [bug] dig '+[no]recurse' was incorrectly documented.
3706 1369. [bug] Adding an NS record as the lexicographically last
3707 record in a secure zone didn't work.
3709 1368. [func] remove support for bitstring labels.
3711 1367. [func] Use response times to select forwarders.
3713 1366. [contrib] queryperf usage was incomplete. Add '-h' for help.
3715 1365. [func] "localhost" and "localnets" acls now include IPv6
3716 addresses / prefixes.
3718 1364. [func] Log file name when unable to open memory statistics
3719 and dump database files. [RT# 3437]
3721 1363. [func] Listen-on-v6 now supports specific addresses.
3723 1362. [bug] remove IFF_RUNNING test when scanning interfaces.
3725 1361. [func] log the reason for rejecting a server when resolving
3728 1360. [bug] --enable-libbind would fail when not built in the
3729 source tree for certain OS's.
3731 1359. [security] Support patches OpenSSL libraries.
3732 http://www.cert.org/advisories/CA-2002-23.html
3734 1358. [bug] It was possible to trigger a INSIST when debugging
3735 large dynamic updates. [RT #3390]
3737 1357. [bug] nsupdate was extremely wasteful of memory.
3739 1356. [tuning] Reduce the number of events / quantum for zone tasks.
3741 1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
3743 1354. [doc] lwres man pages had illegal nroff.
3745 1353. [contrib] sdb/ldap to version 0.9.
3747 1352. [bug] dig, host, nslookup when falling back to TCP use the
3748 current search entry (if any). [RT #3374]
3750 1351. [bug] lwres_getipnodebyname() returned the wrong name
3751 when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
3754 1350. [bug] dns_name_fromtext() failed to handle too many labels
3757 1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
3758 http://www.cert.org/advisories/CA-2002-23.html
3760 1348. [port] win32: Rewrote code to use I/O Completion Ports
3761 in socket.c and eliminating a host of socket
3762 errors. Performance is enhanced.
3768 1345. [port] Use a explicit -Wformat with gcc. Not all versions
3769 include it in -Wall.
3771 1344. [func] Log if the serial number on the master has gone
3773 If you have multiple machines specified in the masters
3774 clause you may want to set 'multi-master yes;' to
3775 suppress this warning.
3777 1343. [func] Log successful notifies received (info). Adjust log
3778 level for failed notifies to notice.
3780 1342. [func] Log remote address with TCP dispatch failures.
3782 1341. [func] Allow a rate limiter to be stalled.
3784 1340. [bug] Delay and spread out the startup refresh load.
3786 1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
3787 lookups. Bit string lookups are no longer attempted.
3793 1336. [func] Nibble lookups under IP6.ARPA are now supported by
3794 dns_byaddr_create(). dns_byaddr_createptrname() is
3795 deprecated, use dns_byaddr_createptrname2() instead.
3797 1335. [bug] When performing a nonexistence proof, the validator
3798 should discard parent NXTs from higher in the DNS.
3800 1334. [bug] When signing/verifying rdatasets, duplicate rdatas
3801 need to be suppressed.
3803 1333. [contrib] queryperf now reports a summary of returned
3804 rcodes (-c), rcodes are printed in mnemonic form (-v).
3806 1332. [func] Report the current serial with periodic commits when
3807 rolling forward the journal.
3809 1331. [func] Generate DNSSEC wildcard proofs.
3811 1330. [bug] When processing events (non-threaded) only allow
3812 the task one chance to use to use its quantum.
3814 1329. [func] named-checkzone will now check if nameservers that
3815 appear to be IP addresses. Available modes "fail",
3816 "warn" (default) and "ignore" the results of the
3819 1328. [bug] The validator could incorrectly verify an invalid
3822 1327. [bug] The validator would incorrectly mark data as insecure
3823 when seeing a bogus signature before a correct
3826 1326. [bug] DNAME/CNAME signatures were not being cached when
3827 validation was not being performed. [RT #3284]
3829 1325. [bug] If the tcpquota was exhausted it was possible to
3830 to trigger a INSIST() failure.
3832 1324. [port] darwin: ifconfig.sh now supports darwin.
3834 1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
3836 1322. [bug] dnssec-signzone usage message was misleading.
3838 1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
3839 would incorrectly duplicate its output and sign it.
3841 1320. [doc] query-source-v6 was missing from options section.
3844 1319. [func] libbind: log attempts to exploit #1318.
3846 1318. [bug] libbind: Remote buffer overrun.
3848 1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
3851 1316. [bug] libbind: gethostans() could get out of sync parsing
3852 the response if there was a very long CNAME chain.
3854 1315. [bug] Options should apply to the internal _bind view.
3856 1314. [port] Handle ECONNRESET from sendmsg() [unix].
3858 1313. [func] Query log now says if the query was signed (S) or
3859 if EDNS was used (E).
3861 1312. [func] Log TSIG key used w/ outgoing zone transfers.
3863 1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
3865 1310. [bug] 'rndc stop' failed to cause zones to be flushed
3866 sometimes. [RT #3157]
3868 1309. [func] Log that a zone transfer was covered by a TSIG.
3870 1308. [func] DS (delegation signer) support.
3872 1307. [bug] nsupdate: allow white space base64 key data.
3874 1306. [bug] Badly encoded LOC record when the size, horizontal
3875 precision or vertical precision was 0.1m.
3877 1305. [bug] Document that internal zones are included in the
3878 rndc status results.
3880 1304. [func] New function: dns_zone_name().
3882 1303. [func] Option 'flush-zones-on-shutdown <boolean>;'.
3884 1302. [func] Extended rndc dumpdb to support dumping of zones and
3885 view selection: 'dumpdb [-all|-zones|-cache] [view]'.
3887 1301. [func] New category 'update-security'.
3889 1300. [port] Compaq Trucluster support.
3891 1299. [bug] Set AI_ADDRCONFIG when looking up addresses
3892 via getaddrinfo() (affects dig, host, nslookup, rndc
3895 1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
3896 could be left with a trailing "\" after configure
3899 1297. [port] linux: make handling EINVAL from socket() no longer
3900 conditional on #ifdef LINUX.
3902 1296. [bug] isc_log_closefilelogs() needed to lock the log
3905 1295. [bug] isc_log_setdebuglevel() needed to lock the log
3908 1294. [func] libbind: no longer attempts bit string labels for
3909 IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
3910 for nibble style resolution.
3912 1293. [func] Entropy can now be retrieved from EGDs. [RT #2438]
3914 1292. [func] Enable IPv6 support when using ioctl style interface
3915 scanning and OS supports SIOCGLIFADDR using struct
3918 1291. [func] Enable IPv6 support when using sysctl style interface
3921 1290. [func] "dig axfr" now reports the number of messages
3922 as well as the number of records.
3924 1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
3926 1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
3927 reflect written requirements.
3929 1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
3930 a rdataset to a zone db in the rbtdb implementation of
3933 1286. [bug] dns_name_downcase() enforce requirement that
3934 target != NULL or name->buffer != NULL.
3936 1285. [func] lwres: probe the system to see what address families
3937 are currently in use.
3939 1284. [bug] The RTT estimate on unused servers was not aged.
3942 1283. [func] Use "dataready" accept filter if available.
3944 1282. [port] libbind: hpux 11.11 interface scanning.
3946 1281. [func] Log zone when unable to get private keys to update
3947 zone. Log zone when NXT records are missing from
3950 1280. [bug] libbind: escape '(' and ')' when converting to
3953 1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
3955 1278. [func] dig: now supports +[no]cl +[no]ttlid.
3957 1277. [func] You can now create your own customized printing
3958 styles: dns_master_stylecreate() and
3959 dns_master_styledestroy().
3961 1276. [bug] libbind: const pointer conflicts in res_debug.c.
3963 1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
3965 1274. [bug] Memory leak in lwres_gnbarequest_parse().
3967 1273. [port] libbind: solaris: 64 bit binary compatibility.
3969 1272. [contrib] Berkeley DB 4.0 sdb implementation from
3970 Nuno Miguel Rodrigues <nmr@co.sapo.pt>.
3972 1271. [bug] "recursion available: {denied,approved}" was too
3975 1270. [bug] Check that system inet_pton() and inet_ntop() support
3978 1269. [port] Openserver: ifconfig.sh support.
3980 1268. [port] Openserver: the value FD_SETSIZE depends on whether
3981 <sys/param.h> is included or not. Be consistent.
3983 1267. [func] isc_file_openunique() now creates file using mode
3984 0666 rather than 0600.
3986 1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
3987 __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
3988 are not C++ compatible, use *_TYPE versions instead.
3990 1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
3991 C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
3995 1263. [bug] Reference after free error if dns_dispatchmgr_create()
3998 1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
4000 1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
4001 support for compressed TSIG owner names.
4003 1260. [func] libbind: res_update can now update IPv6 servers,
4004 new function res_findzonecut2().
4006 1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
4009 1258. [bug] libbind: res_nametotype() and res_nametoclass() were
4012 1257. [bug] Failure to write pid-file should not be fatal on
4015 1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
4017 1255. [bug] When verifying that an NXT proves nonexistence, check
4018 the rcode of the message and only do the matching NXT
4019 check. That is, for NXDOMAIN responses, check that
4020 the name is in the range between the NXT owner and
4021 next name, and for NOERROR NODATA responses, check
4022 that the type is not present in the NXT bitmap.
4024 1254. [func] preferred-glue option from BIND 8.3.
4026 1253. [bug] The dnssec system test failed to remove the correct
4029 1252. [bug] Dig, host and nslookup were not checking the address
4030 the answer was coming from against the address it was
4033 1251. [port] win32: a make file contained absolute version specific
4036 1250. [func] Nsupdate will report the address the update was
4039 1249. [bug] Missing masters clause was not handled gracefully.
4042 1248. [bug] DESTDIR was not being propagated between makes.
4044 1247. [bug] Don't reset the interface index for link/site local
4045 addresses. [RT #2576]
4047 1246. [func] New functions isc_sockaddr_issitelocal(),
4048 isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
4049 and isc_netaddr_islinklocal().
4051 1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
4054 1244. [bug] Receiving a TCP message from a blackhole address would
4055 prevent further messages being received over that
4058 1243. [bug] It was possible to trigger a REQUIRE() in
4059 dns_message_findtype(). [RT #2659]
4061 1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
4063 1241. [bug] Drop received UDP messages with a zero source port
4064 as these are invariably forged. [RT #2621]
4066 1240. [bug] It was possible to leak zone references by
4067 specifying an incorrect zone to rndc.
4069 1239. [bug] Under certain circumstances named could continue to
4070 use a name after it had been freed triggering
4071 INSIST() failures. [RT #2614]
4073 1238. [bug] It is possible to lockup the server when shutting down
4074 if notifies were being processed. [RT #2591]
4076 1237. [bug] nslookup: "set q=type" failed.
4078 1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
4079 NULL terminated text regions. [RT #2588]
4081 1235. [func] Report 'out of memory' errors from openssl.
4083 1234. [bug] contrib/sdb: 'zonetodb' failed to call
4084 dns_result_register(). DNS_R_SEENINCLUDE should not
4087 1233. [bug] The flags field of a KEY record can be expressed in
4088 hex as well as decimal.
4090 1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
4092 1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
4094 1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
4096 1229. [bug] named would crash if it received a TSIG signed
4097 query as part of an AXFR response. [RT #2570]
4099 1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
4101 1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
4102 if a number was expected and some other token was
4105 1226. [func] Use EDNS for zone refresh queries. [RT #2551]
4107 1225. [func] dns_message_setopt() no longer requires that
4108 dns_message_renderbegin() to have been called.
4110 1224. [bug] 'rrset-order' and 'sortlist' should be additive
4113 1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
4116 1222. [bug] Specifying 'port *' did not always result in a system
4117 selected (non-reserved) port being used. [RT #2537]
4119 1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
4120 compared case insensitively. [RT #2542]
4122 1220. [func] Support for APL rdata type.
4124 1219. [func] Named now reports the TSIG extended error code when
4125 signature verification fails. [RT #1651]
4127 1218. [bug] Named incorrectly returned SERVFAIL rather than
4128 NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
4130 1217. [func] Report locations of previous key definition when a
4131 duplicate is detected.
4133 1216. [bug] Multiple server clauses for the same server were not
4134 reported. [RT #2514]
4136 1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
4138 1214. [bug] Win32: isc_file_renameunique() could leave zero length
4141 1213. [func] Report view associated with client if it is not a
4142 standard view (_default or _bind).
4144 1212. [port] libbind: 64k answer buffers were causing stack space
4145 to be exceeded for certain OS. Use heap space instead.
4147 1211. [bug] dns_name_fromtext() incorrectly handled certain
4148 valid octal bitlabels. [RT #2483]
4150 1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
4151 compatible addresses. [RT #2461]
4153 1209. [bug] Dig, host, nslookup were not checking the message ids
4154 on the responses. [RT #2454]
4156 1208. [bug] dns_master_load*() failed to log a error message if
4157 an error was detected when parsing the ownername of
4158 a record. [RT #2448]
4160 1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
4163 1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
4164 trigger a non-EDNS retry.
4166 1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
4167 of the message. [RT #2449]
4169 1204. [bug] libbind: res_nupdate() failed to update the name
4170 server addresses before sending the update.
4172 1203. [func] Report locations of previous acl and zone definitions
4173 when a duplicate is detected.
4175 1202. [func] New functions: cfg_obj_line() and cfg_obj_file().
4177 1201. [bug] Require that if 'callbacks' is passed to
4178 dns_rdata_fromtext(), callbacks->error and
4179 callbacks->warn are initialized.
4181 1200. [bug] Log 'errno' that we are unable to convert to
4182 isc_result_t. [RT #2404]
4184 1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
4187 1198. [bug] OPT printing style was not consistent with the way the
4188 header fields are printed. The DO bit was not reported
4189 if set. Report if any of the MBZ bits are set.
4191 1197. [bug] Attempts to define the same acl multiple times were not
4194 1196. [contrib] update mdnkit to 2.2.3.
4196 1195. [bug] Attempts to redefine builtin acls should be caught.
4199 1194. [bug] Not all duplicate zone definitions were being detected
4200 at the named.conf checking stage. [RT #2431]
4202 1193. [bug] dig +besteffort parsing didn't handle packet
4203 truncation. dns_message_parse() has new flag
4204 DNS_MESSAGE_IGNORETRUNCATION.
4206 1192. [bug] The seconds fields in LOC records were restricted
4207 to three decimal places. More decimal places should
4208 be allowed but warned about.
4210 1191. [bug] A dynamic update removing the last non-apex name in
4211 a secure zone would fail. [RT #2399]
4213 1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands.
4216 1189. [bug] On some systems, malloc(0) returns NULL, which
4217 could cause the caller to report an out of memory
4220 1188. [bug] Dynamic updates of a signed zone would fail if
4221 some of the zone private keys were unavailable.
4223 1187. [bug] named was incorrectly returning DNSSEC records
4224 in negative responses when the DO bit was not set.
4226 1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
4227 EOL token when reading to end of line.
4229 1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
4230 unless RES_INIT is set when calling res_*init().
4232 1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
4233 when res_*init() is called.
4235 1183. [bug] Handle ENOSR error when writing to the internal
4236 control pipe. [RT #2395]
4238 1182. [bug] The server could throw an assertion failure when
4239 constructing a negative response packet.
4241 1181. [func] Add the "key-directory" configuration statement,
4242 which allows the server to look for online signing
4243 keys in alternate directories.
4245 1180. [func] dnssec-keygen should always generate keys with
4246 protocol 3 (DNSSEC), since it's less confusing
4249 1179. [func] Add SIG(0) support to nsupdate.
4251 1178. [bug] Follow and cache (if appropriate) A6 and other
4252 data chains to completion in the additional section.
4254 1177. [func] Report view when loading zones if it is not a
4255 standard view (_default or _bind). [RT #2270]
4257 1176. [doc] Document that allow-v6-synthesis is only performed
4258 for clients that are supplied recursive service.
4261 1175. [bug] named-checkzone and named-checkconf failed to call
4262 dns_result_register() at startup which could
4263 result in runtime exceptions when printing
4264 "out of memory" errors. [RT #2335]
4266 1174. [bug] Win32: add WSAECONNRESET to the expected errors
4267 from connect(). [RT #2308]
4269 1173. [bug] Potential memory leaks in isc_log_create() and
4270 isc_log_settag(). [RT #2336]
4272 1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
4273 table of RR types in ARM.
4275 1171. [func] Added function isc_region_compare(), updated files in
4276 lib/dns to use this function instead of local one.
4278 1170. [bug] Don't attempt to print the token when a I/O error
4279 occurs when parsing named.conf. [RT #2275]
4281 1169. [func] Identify recursive queries in the query log.
4283 1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
4285 1167. [contrib] nslint-2.1a3 (from author).
4287 1166. [bug] "Not Implemented" should be reported as NOTIMP,
4288 not NOTIMPL. [RT #2281]
4290 1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
4292 1164. [bug] Empty masters clauses in slave / stub zones were not
4293 handled gracefully. [RT #2262]
4295 1163. [func] isc_time_formattimestamp() now includes the year.
4297 1162. [bug] The allow-notify option was not accepted in slave
4300 1161. [bug] named-checkzone looped on unbalanced brackets.
4303 1160. [bug] Generating Diffie-Hellman keys longer than 1024
4304 bits could fail. [RT #2241]
4306 1159. [bug] MD and MF are not permitted to be loaded by RFC1123.
4308 1158. [func] Report the client's address when logging notify
4311 1157. [func] match-clients and match-destinations now accept
4314 1156. [port] The configure test for strsep() incorrectly
4315 succeeded on certain patched versions of
4316 AIX 4.3.3. [RT #2190]
4318 1155. [func] Recover from master files being removed from under
4321 1154. [bug] Don't attempt to obtain the netmask of a interface
4322 if there is no address configured. [RT #2176]
4324 1153. [func] 'rndc {stop|halt} -p' now reports the process id
4325 of the instance of named being shutdown.
4327 1152. [bug] libbind: read buffer overflows.
4329 1151. [bug] nslookup failed to check that the arguments to
4330 the port, timeout, and retry options were
4331 valid integers and in range. [RT #2099]
4333 1150. [bug] named incorrectly accepted TTL values
4334 containing plus or minus signs, such as
4337 1149. [func] New function isc_parse_uint32().
4339 1148. [func] 'rndc-confgen -a' now provides positive feedback.
4341 1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by
4342 the OS. listen-on-v6 { any; }; should no longer
4343 result in IPv4 queries be accepted. Similarly
4344 control { inet :: ... }; should no longer result
4345 in IPv4 connections being accepted. This can be
4346 overridden at compile time by defining
4349 1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
4350 supported by the OS by a new function
4351 isc_socket_ipv6only().
4353 1145. [func] "host" no longer reports a NOERROR/NODATA response
4354 by printing nothing. [RT #2065]
4356 1144. [bug] rndc-confgen would crash if both the -a and -t
4357 options were specified. [RT #2159]
4359 1143. [bug] When a trusted-keys statement was present and named
4360 was built without crypto support, it would leak memory.
4362 1142. [bug] dnssec-signzone would fail to delete temporary files
4363 in some failure cases. [RT #2144]
4365 1141. [bug] When named rejected a control message, it would
4366 leak a file descriptor and memory. It would also
4367 fail to respond, causing rndc to hang.
4370 1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
4371 to the -s option. [RT #2138]
4373 1139. [func] It is now possible to flush a given name from the
4374 cache(s) via 'rndc flushname name [view]'. [RT #2051]
4376 1138. [func] It is now possible to flush a given name from the
4377 cache by calling the new function
4378 dns_cache_flushname().
4380 1137. [func] It is now possible to flush a given name from the
4381 ADB by calling the new function dns_adb_flushname().
4383 1136. [bug] CNAME records synthesized from DNAMEs did not
4384 have a TTL of zero as required by RFC2672.
4387 1135. [func] You can now override the default syslog() facility for
4388 named/lwresd at compile time. [RT #1982]
4390 1134. [bug] Multi-threaded servers could deadlock in ferror()
4391 when reloading zone files. [RT #1951, #1998]
4393 1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on
4394 platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]
4396 1132. [func] Improve UPDATE prerequisite failure diagnostic messages.
4398 1131. [bug] The match-destinations view option did not work with
4399 IPv6 destinations. [RT #2073, #2074]
4401 1130. [bug] Log messages reporting an out-of-range serial number
4402 did not include the out-of-range number but the
4403 following token. [RT #2076]
4405 1129. [bug] Multi-threaded servers could crash under heavy
4406 resolution load due to a race condition. [RT #2018]
4408 1128. [func] sdb drivers can now provide RR data in either text
4409 or wire format, the latter using the new functions
4410 dns_sdb_putrdata() and dns_sdb_putnamedrdata().
4412 1127. [func] rndc: If the server to contact has multiple addresses,
4415 1126. [bug] The server could access a freed event if shut
4416 down while a client start event was pending
4417 delivery. [RT #2061]
4419 1125. [bug] rndc: -k option was missing from usage message.
4422 1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
4423 are now documented. [RT #2052]
4425 1123. [bug] dig +[no]fail did not match description. [RT #2052]
4427 1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
4430 1121. [bug] The server could attempt to access a NULL zone
4431 table if shut down while resolving.
4434 1120. [bug] Errors in options were not fatal. [RT #2002]
4436 1119. [func] Added support in Win32 for NTFS file/directory ACL's
4439 1118. [bug] On multi-threaded servers, a race condition
4440 could cause an assertion failure in resolver.c
4441 during resolver shutdown. [RT #2029]
4443 1117. [port] The configure check for in6addr_loopback incorrectly
4444 succeeded on AIX 4.3 when compiling with -O2
4445 because the test code was optimized away.
4448 1116. [bug] Setting transfers in a server clause, transfers-in,
4449 or transfers-per-ns to a value greater than
4450 2147483647 disabled transfers. [RT #2002]
4452 1115. [func] Set maximum values for cleaning-interval,
4453 heartbeat-interval, interface-interval,
4454 max-transfer-idle-in, max-transfer-idle-out,
4455 max-transfer-time-in, max-transfer-time-out,
4456 statistics-interval of 28 days and
4457 sig-validity-interval of 3660 days. [RT #2002]
4459 1114. [port] Ignore more accept() errors. [RT #2021]
4461 1113. [bug] The allow-update-forwarding option was ignored
4462 when specified in a view. [RT #2014]
4466 1111. [bug] Multi-threaded servers could deadlock processing
4467 recursive queries due to a locking hierarchy
4468 violation in adb.c. [RT #2017]
4470 1110. [bug] dig should only accept valid abbreviations of +options.
4473 1109. [bug] nsupdate accepted illegal ttl values.
4475 1108. [bug] On Win32, rndc was hanging when named was not running
4476 due to failure to select for exceptional conditions
4477 in select(). [RT #1870]
4479 1107. [bug] nsupdate could catch an assertion failure if an
4480 invalid domain name was given as the argument to
4483 1106. [bug] After seeing an out of range TTL, nsupdate would
4484 treat all TTLs as out of range. [RT #2001]
4486 1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
4488 1104. [bug] Invalid arguments to the transfer-format option
4489 could cause an assertion failure. [RT #1995]
4491 1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
4493 1102. [doc] Note that query logging is enabled by directing the
4494 queries category to a channel.
4496 1101. [bug] Array bounds read error in lwres_gai_strerror.
4498 1100. [bug] libbind: DNSSEC key ids were computed incorrectly.
4500 1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
4501 compile time errors.
4503 1098. [bug] libbind: HMAC-MD5 key files are now mode 0600.
4505 1097. [func] libbind: RES_PRF_TRUNC for dig.
4507 1096. [func] libbind: "DNSSEC OK" (DO) support.
4509 1095. [func] libbind: resolver option: no-tld-query. disables
4510 trying unqualified as a tld. no_tld_query is also
4511 supported for FreeBSD compatibility.
4513 1094. [func] libbind: add support gcc's format string checking.
4515 1093. [doc] libbind: miscellaneous nroff fixes.
4517 1092. [bug] libbind: get*by*() failed to check if res_init() had
4520 1091. [bug] libbind: misplaced va_end().
4522 1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
4523 the amount of memory consumed resulting in garbage
4524 address being returned. Alignment calculations were
4525 wasting space. We weren't suppressing duplicate
4528 1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
4531 1088. [port] libbind: MPE/iX C.70 (incomplete)
4533 1087. [bug] libbind: struct __res_state too large on 64 bit arch.
4535 1086. [port] libbind: sunos: old sprintf.
4537 1085. [port] libbind: solaris: sys_nerr and sys_errlist do not
4538 exist when compiling in 64 bit mode.
4540 1084. [cleanup] libbind: gai_strerror() rewritten.
4542 1083. [bug] The default control channel listened on the
4543 wildcard address, not the loopback as documented.
4546 1082. [bug] The -g option to named incorrectly caused logging
4547 to be sent to syslog in addition to stderr.
4550 1081. [bug] Multicast queries were incorrectly identified
4551 based on the source address, not the destination
4554 1080. [bug] BIND 8 compatibility: accept bare IP prefixes
4555 as the second element of a two-element top level
4556 sort list statement. [RT #1964]
4558 1079. [bug] BIND 8 compatibility: accept bare elements at top
4559 level of sort list treating them as if they were
4560 a single element list. [RT #1963]
4562 1078. [bug] We failed to correct bad tv_usec values in one case.
4565 1077. [func] Do not accept further recursive clients when
4566 the total number of recursive lookups being
4567 processed exceeds max-recursive-clients, even
4568 if some of the lookups are internally generated.
4571 1076. [bug] A badly defined global key could trigger an assertion
4572 on load/reload if views were used. [RT #1947]
4574 1075. [bug] Out-of-range network prefix lengths were not
4575 reported. [RT #1954]
4577 1074. [bug] Running out of memory in dump_rdataset() could
4578 cause an assertion failure. [RT #1946]
4580 1073. [bug] The ADB cache cleaning should also be space driven.
4583 1072. [bug] The TCP client quota could be exceeded when
4584 recursion occurred. [RT #1937]
4586 1071. [bug] Sockets listening for TCP DNS connections
4587 specified an excessive listen backlog. [RT #1937]
4589 1070. [bug] Copy DNSSEC OK (DO) to response as specified by
4590 draft-ietf-dnsext-dnssec-okbit-03.txt.
4594 1068. [bug] errno could be overwritten by catgets(). [RT #1921]
4596 1067. [func] Allow quotas to be soft, isc_quota_soft().
4598 1066. [bug] Provide a thread safe wrapper for strerror().
4601 1065. [func] Runtime support to select new / old style interface
4602 scanning using ioctls.
4604 1064. [bug] Do not shut down active network interfaces if we
4605 are unable to scan the interface list. [RT #1921]
4607 1063. [bug] libbind: "make install" was failing on IRIX.
4610 1062. [bug] If the control channel listener socket was shut
4611 down before server exit, the listener object could
4612 be freed twice. [RT #1916]
4614 1061. [bug] If periodic cache cleaning happened to start
4615 while cleaning due to reaching the configured
4616 maximum cache size was in progress, the server
4617 could catch an assertion failure. [RT #1912]
4619 1060. [func] Move refresh, stub and notify UDP retry processing
4622 1059. [func] dns_request now support will now retry UDP queries,
4623 dns_request_createvia2() and dns_request_createraw2().
4625 1058. [func] Limited lifetime ticker timers are now available,
4626 isc_timertype_limited.
4628 1057. [bug] Reloading the server after adding a "file" clause
4629 to a zone statement could cause the server to
4630 crash due to a typo in change 1016.
4632 1056. [bug] Rndc could catch an assertion failure on SIGINT due
4633 to an uninitialized variable. [RT #1908]
4635 1055. [func] Version and hostname queries can now be disabled
4636 using "version none;" and "hostname none;",
4639 1054. [bug] On Win32, cfg_categories and cfg_modules need to be
4640 exported from the libisccfg DLL.
4642 1053. [bug] Dig did not increase its timeout when receiving
4643 AXFRs unless the +time option was used. [RT #1904]
4645 1052. [bug] Journals were not being created in binary mode
4646 resulting in "journal format not recognized" error
4647 under Win32. [RT #1889]
4649 1051. [bug] Do not ignore a network interface completely just
4650 because it has a noncontiguous netmask. Instead,
4651 omit it from the localnets ACL and issue a warning.
4654 1050. [bug] Log messages reporting malformed IP addresses in
4655 address lists such as that of the forwarders option
4656 failed to include the correct error code, file
4657 name, and line number. [RT #1890]
4659 1049. [func] "pid-file none;" will disable writing a pid file.
4662 1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
4665 1047. [bug] named was incorrectly refusing all requests signed
4666 with a TSIG key derived from an unsigned TKEY
4667 negotiation with a NOERROR response. [RT #1886]
4669 1046. [bug] The help message for the --with-openssl configure
4670 option was inaccurate. [RT #1880]
4672 1045. [bug] It was possible to skip saving glue for a nameserver
4675 1044. [bug] Specifying allow-transfer, notify-source, or
4676 notify-source-v6 in a stub zone was not treated
4679 1043. [bug] Specifying a transfer-source or transfer-source-v6
4680 option in the zone statement for a master zone was
4681 not treated as an error. [RT #1876]
4683 1042. [bug] The "config" logging category did not work properly.
4686 1041. [bug] Dig/host/nslookup could catch an assertion failure
4687 on SIGINT due to an uninitialized variable. [RT #1867]
4689 1040. [bug] Multiple listen-on-v6 options with different ports
4690 were not accepted. [RT #1875]
4692 1039. [bug] Negative responses with CNAMEs in the answer section
4693 were cached incorrectly. [RT #1862]
4695 1038. [bug] In servers configured with a tkey-domain option,
4696 TKEY queries with an owner name other than the root
4697 could cause an assertion failure. [RT #1866, #1869]
4699 1037. [bug] Negative responses whose authority section contain
4700 SOA or NS records whose owner names are not equal
4701 equal to or parents of the query name should be
4702 rejected. [RT #1862]
4704 1036. [func] Silently drop requests received via multicast as
4705 long as there is no final multicast DNS standard.
4707 1035. [bug] If we respond to multicast queries (which we
4708 currently do not), respond from a unicast address
4709 as specified in RFC 1123. [RT #137]
4711 1034. [bug] Ignore the RD bit on multicast queries as specified
4712 in RFC 1123. [RT #137]
4714 1033. [bug] Always respond to requests with an unsupported opcode
4715 with NOTIMP, even if we don't have a matching view
4716 or cannot determine the class.
4718 1032. [func] hostname.bind/txt/chaos now returns the name of
4719 the machine hosting the nameserver. This is useful
4720 in diagnosing problems with anycast servers.
4722 1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
4725 1030. [bug] On systems with no resolv.conf file, nsupdate
4726 exited with an error rather than defaulting
4727 to using the loopback address. [RT #1836]
4729 1029. [bug] Some named.conf errors did not cause the loading
4730 of the configuration file to return a failure
4731 status even though they were logged. [RT #1847]
4733 1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf
4734 in the wrong directory. [RT #1833]
4736 1027. [bug] RRs having the reserved type 0 should be rejected.
4741 1025. [bug] Don't use multicast addresses to resolve iterative
4744 1024. [port] Compilation failed on HP-UX 11.11 due to
4745 incompatible use of the SIOCGLIFCONF macro
4748 1023. [func] Accept hints without TTLs.
4750 1022. [bug] Don't report empty root hints as "extra data".
4753 1021. [bug] On Win32, log message timestamps were one month
4754 later than they should have been, and the server
4755 would exhibit unspecified behavior in December.
4757 1020. [bug] IXFR log messages did not distinguish between
4758 true IXFRs, AXFR-style IXFRs, and mere version
4761 1019. [bug] The value of the lame-ttl option was limited to 18000
4762 seconds, not 1800 seconds as documented. [RT #1803]
4764 1018. [bug] The default log channel was not always initialized
4765 correctly. [RT #1813]
4767 1017. [bug] When specifying TSIG keys to dig and nsupdate using
4768 the -k option, they must be HMAC-MD5 keys. [RT #1810]
4770 1016. [bug] Slave zones with no backup file were re-transferred
4771 on every server reload.
4773 1015. [bug] Log channels that had a "versions" option but no
4774 "size" option failed to create numbered log
4777 1014. [bug] Some queries would cause statistics counters to
4778 increment more than once or not at all. [RT #1321]
4780 1013. [bug] It was possible to cancel a query twice when marking
4781 a server as bogus or by having a blackhole acl.
4784 1012. [bug] The -p option to named did not behave as documented.
4786 1011. [cleanup] Removed isc_dir_current().
4788 1010. [bug] The server could attempt to execute a command channel
4789 command after initiating server shutdown, causing
4790 an assertion failure. [RT #1766]
4792 1009. [port] OpenUNIX 8 support. [RT #1728]
4794 1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2.
4796 1007. [port] config.guess, config.sub from autoconf-2.52.
4798 1006. [bug] If a KEY RR was found missing during DNSSEC validation,
4799 an assertion failure could subsequently be triggered
4800 in the resolver. [RT #1763]
4802 1005. [bug] Don't copy nonzero RCODEs from request to response.
4805 1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770]
4807 1003. [func] Add the +retry option to dig.
4809 1002. [bug] When reporting an unknown class name in named.conf,
4810 including the file name and line number. [RT #1759]
4812 1001. [bug] win32 socket code doio_recv was not catching a
4813 WSACONNRESET error when a client was timing out
4814 the request and closing its socket. [RT #1745]
4816 1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias
4817 for class "HS". [RT #1759]
4819 999. [func] "rndc retransfer zone [class [view]]" added.
4822 998. [func] named-checkzone now has arguments to specify the
4823 chroot directory (-t) and working directory (-w).
4826 997. [func] Add support for RSA-SHA1 keys (RFC3110).
4828 996. [func] Issue warning if the configuration filename contains
4831 995. [bug] dig, host, nslookup: using a raw IPv6 address as a
4832 target address should be fatal on a IPv4 only system.
4834 994. [func] Treat non-authoritative responses to queries for type
4835 NS as referrals even if the NS records are in the
4836 answer section, because BIND 8 servers incorrectly
4837 send them that way. This is necessary for DNSSEC
4838 validation of the NS records of a secure zone to
4839 succeed when the parent is a BIND 8 server. [RT #1706]
4841 993. [func] dig: -v now reports the version.
4843 992. [doc] dig: ~/.digrc is now documented.
4845 991. [func] Lower UDP refresh timeout messages to level
4848 990. [bug] The rndc-confgen man page was not installed.
4850 989. [bug] Report filename if $INCLUDE fails for file related
4853 988. [bug] 'additional-from-auth no;' did not work reliably
4854 in the case of queries answered from the cache.
4857 987. [bug] "dig -help" didn't show "+[no]stats".
4859 986. [bug] "dig +noall" failed to clear stats and command
4862 985. [func] Consider network interfaces to be up iff they have
4863 a nonzero IP address rather than based on the
4864 IFF_UP flag. [RT #1160]
4866 984. [bug] Multi-threading should be enabled by default on
4867 Solaris 2.7 and newer, but it wasn't.
4869 983. [func] The server now supports generating IXFR difference
4870 sequences for non-dynamic zones by comparing zone
4871 versions, when enabled using the new config
4872 option "ixfr-from-differences". [RT #1727]
4874 982. [func] If "memstatistics-file" is set in options the memory
4875 statistics will be written to it.
4877 981. [func] The dnssec tools can now take multiple '-r randomfile'
4880 980. [bug] Incoming zone transfers restarting after an error
4881 could trigger an assertion failure. [RT #1692]
4883 979. [func] Incremental master file dumping. dns_master_dumpinc(),
4884 dns_master_dumptostreaminc(), dns_dumpctx_attach(),
4885 dns_dumpctx_detach(), dns_dumpctx_cancel(),
4886 dns_dumpctx_db() and dns_dumpctx_version().
4888 978. [bug] dns_db_attachversion() had an invalid REQUIRE()
4891 977. [bug] Improve "not at top of zone" error message.
4893 976. [func] named-checkconf can now test load master zones
4894 (named-checkconf -z). [RT #1468]
4896 975. [bug] "max-cache-size default;" as a view option
4897 caused an assertion failure.
4899 974. [bug] "max-cache-size unlimited;" as a global option
4902 973. [bug] Failed to log the question name when logging:
4903 "bad zone transfer request: non-authoritative zone
4906 972. [bug] The file modification time code in zone.c was using the
4907 wrong epoch. [RT #1667]
4911 970. [func] 'max-journal-size' can now be used to set a target
4914 969. [func] dig now supports the undocumented dig 8 feature
4915 of allowing arbitrary labels, not just dotted
4916 decimal quads, with the -x option. This can be
4917 used to conveniently look up RFC2317 names as in
4918 "dig -x 10.0.0.0-127". [RT #827, #1576, #1598]
4920 968. [bug] On win32, the isc_time_now() function was unnecessarily
4921 calling strtime(). [RT #1671]
4923 967. [bug] On win32, the link for bindevt was not including the
4924 required resource file to enable the event viewer
4925 to interpret the error messages in the event log,
4930 965. [bug] Including data other than root server NS and A
4931 records in the root hint file could cause a rbtdb
4932 node reference leak. [RT #1581, #1618]
4934 964. [func] Warn if data other than root server NS and A records
4935 are found in the root hint file. [RT #1581, #1618]
4937 963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
4939 962. [bug] libbind: bad "#undef", don't attempt to install
4940 non-existent nlist.h. [RT #1640]
4942 961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
4943 was not defined. [RT #1482]
4945 960. [port] liblwres failed to build on systems with support for
4946 getrrsetbyname() in the OS. [RT #1592]
4948 959. [port] On FreeBSD, determine the number of CPUs by calling
4949 sysctlbyname(). [RT #1584]
4951 958. [port] ssize_t is not available on all platforms. [RT #1607]
4953 957. [bug] sys/select.h inclusion was broken on older platforms.
4956 956. [bug] ns_g_autorndcfile changed to ns_g_keyfile
4957 in named/win32/os.c due to code changes in
4958 change #953. win32 .make file for rndc-confgen
4959 updated to add include path for os.h header.
4961 --- 9.2.0rc1 released ---
4963 955. [bug] When using views, the zone's class was not being
4964 inherited from the view's class. [RT #1583]
4966 954. [bug] When requesting AXFRs or IXFRs using dig, host, or
4967 nslookup, the RD bit should not be set as zone
4968 transfers are inherently non-recursive. [RT #1575]
4970 953. [func] The /var/run/named.key file from change #843
4971 has been replaced by /etc/rndc.key. Both
4972 named and rndc will look for this file and use
4973 it to configure a default control channel key
4974 if not already configured using a different
4975 method (rndc.conf / controls). Unlike
4976 named.key, rndc.key is not created automatically;
4977 it must be created by manually running
4980 952. [bug] The server required manual intervention to serve the
4981 affected zones if it died between creating a journal
4982 and committing the first change to it.
4984 951. [bug] CFLAGS was not passed to the linker when
4985 linking some of the test programs under
4986 bin/tests. [RT #1555].
4988 950. [bug] Explicit TTLs did not properly override $TTL
4989 due to a bug in change 834. [RT #1558]
4991 949. [bug] host was unable to print records larger than 512
4994 --- 9.2.0b2 released ---
4996 948. [port] Integrated support for building on Windows NT /
4999 947. [bug] dns_rdata_soa_t had a badly named element "mname" which
5000 was really the RNAME field from RFC1035. To avoid
5001 confusion and silent errors that would occur it the
5002 "origin" and "mname" elements were given their correct
5003 names "mname" and "rname" respectively, the "mname"
5004 element is renamed to "contact".
5006 946. [cleanup] doc/misc/options is now machine-generated from the
5007 configuration parser syntax tables, and therefore
5008 more likely to be correct.
5010 945. [func] Add the new view-specific options
5011 "match-destinations" and "match-recursive-only".
5013 944. [func] Check for expired signatures on load.
5015 943. [bug] The server could crash when receiving a command
5016 via rndc if the configuration file listed only
5017 nonexistent keys in the controls statement. [RT #1530]
5019 942. [port] libbind: GETNETBYADDR_ADDR_T was not correctly
5020 defined on some platforms.
5022 941. [bug] The configuration checker crashed if a slave
5023 zone didn't contain a masters statement. [RT #1514]
5025 940. [bug] Double zone locking failure on error path. [RT #1510]
5027 --- 9.2.0b1 released ---
5029 939. [port] Add the --disable-linux-caps option to configure for
5030 systems that manage capabilities outside of named.
5035 937. [bug] A race when shutting down a zone could trigger a
5036 INSIST() failure. [RT #1034]
5038 936. [func] Warn about IPv4 addresses that are not complete
5039 dotted quads. [RT #1084]
5041 935. [bug] inet_pton failed to reject leading zeros.
5043 934. [port] Deal with systems where accept() spuriously returns
5046 933. [bug] configure failed doing libbind on platforms not
5047 supported by BIND 8. [RT #1496]
5049 --- 9.2.0a3 released ---
5051 932. [bug] Use INSTALL_SCRIPT, not INSTALL_PROGRAM,
5052 when installing isc-config.sh.
5055 931. [bug] The controls statement only attempted to verify
5056 messages using the first key in the key list.
5059 930. [func] Query performance testing tool added as
5064 928. [bug] nsupdate would send empty update packets if the
5065 send (or empty line) command was run after
5066 another send but before any new updates or
5067 prerequisites were specified. It should simply
5068 ignore this command.
5070 927. [bug] Don't hold the zone lock for the entire dump to disk.
5073 926. [bug] The resolver could deadlock with the ADB when
5074 shutting down (multi-threaded builds only).
5077 925. [cleanup] Remove openssl from the distribution; require that
5078 --with-openssl be specified if DNSSEC is needed.
5080 924. [port] Extend support for pre-RFC2133 IPv6 implementation.
5083 923. [bug] Multiline TSIG secrets (and other multiline strings)
5084 were not accepted in named.conf. [RT #1469]
5086 922. [func] Added two new lwres_getrrsetbyname() result codes,
5087 ERR_NONAME and ERR_NODATA.
5089 921. [bug] lwres returned an incorrect error code if it received
5090 a truncated message.
5092 920. [func] Increase the lwres receive buffer size to 16K.
5097 918. [func] In nsupdate, TSIG errors are no longer treated as
5100 917. [func] New nsupdate command 'key', allowing TSIG keys to
5101 be specified in the nsupdate command stream rather
5102 than the command line.
5104 916. [bug] Specifying type ixfr to dig without specifying
5105 a serial number failed in unexpected ways.
5107 915. [func] The named-checkconf and named-checkzone programs
5108 now have a '-v' option for printing their version.
5111 914. [bug] Global 'server' statements were rejected when
5112 using views, even though they were accepted
5115 913. [bug] Cache cleaning was not sufficiently aggressive.
5118 912. [bug] Attempts to set the 'additional-from-cache' or
5119 'additional-from-auth' option to 'no' in a
5120 server with recursion enabled will now
5121 be ignored and cause a warning message.
5126 910. [port] Some pre-RFC2133 IPv6 implementations do not define
5127 IN6ADDR_ANY_INIT. [RT #1416]
5131 908. [func] New program, rndc-confgen, to simplify setting up rndc.
5133 907. [func] The ability to get entropy from either the
5134 random device, a user-provided file or from
5135 the keyboard was migrated from the DNSSEC tools
5136 to libisc as isc_entropy_usebestsource().
5138 906. [port] Separated the system independent portion of
5139 lib/isc/unix/entropy.c into lib/isc/entropy.c
5140 and added lib/isc/win32/entropy.c.
5142 905. [bug] Configuring a forward "zone" for the root domain
5143 did not work. [RT #1418]
5145 904. [bug] The server would leak memory if attempting to use
5146 an expired TSIG key. [RT #1406]
5148 903. [bug] dig should not crash when receiving a TCP packet
5151 902. [bug] The -d option was ignored if both -t and -g were also
5156 900. [bug] A config.guess update changed the system identification
5157 string of FreeBSD systems; configure and
5158 bin/tests/system/ifconfig.sh now recognize the new
5161 --- 9.2.0a2 released ---
5163 899. [bug] lib/dns/soa.c failed to compile on many platforms
5164 due to inappropriate use of a void value.
5165 [RT #1372, #1373, #1386, #1387, #1395]
5167 898. [bug] "dig" failed to set a nonzero exit status
5168 on UDP query timeout. [RT #1323]
5170 897. [bug] A config.guess update changed the system identification
5171 string of UnixWare systems; configure now recognizes
5174 896. [bug] If a configuration file is set on named's command line
5175 and it has a relative pathname, the current directory
5176 (after any possible jailing resulting from named -t)
5177 will be prepended to it so that reloading works
5178 properly even when a directory option is present.
5180 895. [func] New function, isc_dir_current(), akin to POSIX's
5183 894. [bug] When using the DNSSEC tools, a message intended to warn
5184 when the keyboard was being used because of the lack
5185 of a suitable random device was not being printed.
5187 893. [func] Removed isc_file_test() and added isc_file_exists()
5188 for the basic functionality that was being added
5189 with isc_file_test().
5193 891. [bug] Return an error when a SIG(0) signed response to
5194 an unsigned query is seen. This should actually
5195 do the verification, but it's not currently
5196 possible. [RT #1391]
5198 890. [cleanup] The man pages no longer require the mandoc macros
5199 and should now format cleanly using most versions of
5200 nroff, and HTML versions of the man pages have been
5201 added. Both are generated from DocBook source.
5203 889. [port] Eliminated blank lines before .TH in nroff man
5204 pages since they cause problems with some versions
5205 of nroff. [RT #1390]
5207 888. [bug] Don't die when using TKEY to delete a nonexistent
5208 TSIG key. [RT #1392]
5210 887. [port] Detect broken compilers that can't call static
5211 functions from inline functions. [RT #1212]
5253 866. [func] Close debug only file channels when debug is set to
5256 865. [bug] The new configuration parser did not allow
5257 the optional debug level in a "severity debug"
5258 clause of a logging channel to be omitted.
5259 This is now allowed and treated as "severity
5260 debug 1;" like it does in BIND 8.2.4, not as
5261 "severity debug 0;" like it did in BIND 9.1.
5264 864. [cleanup] Multi-threading is now enabled by default on
5265 OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.
5267 863. [bug] If an error occurred while an outgoing zone transfer
5268 was starting up, the server could access a domain
5269 name that had already been freed when logging a
5270 message saying that the transfer was starting.
5273 862. [bug] Use after realloc(), non portable pointer arithmetic in
5276 861. [port] Add support for Mac OS X, by making it equivalent
5277 to Darwin. This was derived from the config.guess
5278 file shipped with Mac OS X. [RT #1355]
5280 860. [func] Drop cross class glue in zone transfers.
5282 859. [bug] Cache cleaning now won't swamp the CPU if there
5283 is a persistent over limit condition.
5285 858. [func] isc_mem_setwater() no longer requires that when the
5286 callback function is non-NULL then its hi_water
5287 argument must be greater than its lo_water argument
5288 (they can now be equal) or that they be non-zero.
5290 857. [cleanup] Use ISC_MAGIC() to define all magic numbers for
5291 structs, for our friends in EBCDIC-land.
5293 856. [func] Allow partial rdatasets to be returned in answer and
5294 authority sections to help non-TCP capable clients
5295 recover from truncation. [RT #1301]
5297 855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings.
5299 854. [bug] The config parser didn't properly handle config
5300 options that were specified in units of time other
5301 than seconds. [RT #1372]
5303 853. [bug] configure_view_acl() failed to detach existing acls.
5306 852. [bug] Handle responses from servers which do not know
5309 851. [cleanup] The obsolete support-ixfr option was not properly
5312 --- 9.2.0a1 released ---
5314 850. [bug] dns_rbt_findnode() would not find nodes that were
5315 split on a bitstring label somewhere other than in
5316 the last label of the node. [RT #1351]
5318 849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
5320 848. [func] A minimum max-cache-size of two megabytes is enforced
5321 by the cache cleaner.
5323 847. [func] Added isc_file_test(), which currently only has
5324 some very basic functionality to test for the
5325 existence of a file, whether a pathname is absolute,
5326 or whether a pathname is the fundamental representation
5327 of the current directory. It is intended that this
5328 function can be expanded to test other things a
5329 programmer might want to know about a file.
5331 846. [func] A non-zero 'param' to dst_key_generate() when making an
5332 hmac-md5 key means that good entropy is not required.
5334 845. [bug] The access rights on the public file of a symmetric
5335 key are now restricted as soon as the file is opened,
5336 rather than after it has been written and closed.
5338 844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
5339 just as <lwres/net.h> does.
5341 843. [func] If no controls statement is present in named.conf,
5342 or if any inet phrase of a controls statement is
5343 lacking a keys clause, then a key will be automatically
5344 generated by named and an rndc.conf-style file
5345 named named.key will be written that uses it. rndc
5346 will use this file only if its normal configuration
5347 file, or one provided on the command line, does not
5350 842. [func] 'rndc flush' now takes an optional view.
5352 841. [bug] When sdb modules were not declared threadsafe, their
5353 create and destroy functions were not serialized.
5355 840. [bug] The config file parser could print the wrong file
5356 name if an error was detected after an included file
5357 was parsed. [RT #1353]
5359 839. [func] Dump packets for which there was no view or that the
5360 class could not be determined to category "unmatched".
5362 838. [port] UnixWare 7.x.x is now suported by
5363 bin/tests/system/ifconfig.sh.
5365 837. [cleanup] Multi-threading is now enabled by default only on
5366 OSF1, Solaris 2.7 and newer, and AIX.
5368 836. [func] Upgraded libtool to 1.4.
5370 835. [bug] The dispatcher could enter a busy loop if
5371 it got an I/O error receiving on a UDP socket.
5374 834. [func] Accept (but warn about) master files beginning with
5375 an SOA record without an explicit TTL field and
5376 lacking a $TTL directive, by using the SOA MINTTL
5377 as a default TTL. This is for backwards compatibility
5378 with old versions of BIND 8, which accepted such
5379 files without warning although they are illegal
5380 according to RFC1035.
5382 833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
5383 <dns/soa.h>, and extended them to support
5384 all the integer-valued fields of the SOA RR.
5386 832. [bug] The default location for named.conf in named-checkconf
5387 should depend on --sysconfdir like it does in named.
5392 830. [func] Implement 'rndc status'.
5394 829. [bug] The DNS_R_ZONECUT result code should only be returned
5395 when an ANY query is made with DNS_DBFIND_GLUEOK set.
5396 In all other ANY query cases, returning the delegation
5399 828. [bug] The errno value from recvfrom() could be overwritten
5400 by logging code. [RT #1293]
5402 827. [bug] When an IXFR protocol error occurs, the slave
5403 should retry with AXFR.
5405 826. [bug] Some IXFR protocol errors were not detected.
5407 825. [bug] zone.c:ns_query() detached from the wrong zone
5408 reference. [RT #1264]
5410 824. [bug] Correct line numbers reported by dns_master_load().
5413 823. [func] The output of "dig -h" now goes to stdout so that it
5414 can easily be piped through "more". [RT #1254]
5416 822. [bug] Sending nxrrset prerequisites would crash nsupdate.
5419 821. [bug] The program name used when logging to syslog should
5420 be stripped of leading path components.
5423 820. [bug] Name server address lookups failed to follow
5424 A6 chains into the glue of local authoritative
5427 819. [bug] In certain cases, the resolver's attempts to
5428 restart an address lookup at the root could cause
5429 the fetch to deadlock (with itself) instead of
5430 restarting. [RT #1225]
5432 818. [bug] Certain pathological responses to ANY queries could
5433 cause an assertion failure. [RT #1218]
5435 817. [func] Adjust timeouts for dialup zone queries.
5437 816. [bug] Report potential problems with log file accessibility
5438 at configuration time, since such problems can't
5439 reliably be reported at the time they actually occur.
5441 815. [bug] If a log file was specified with a path separator
5442 character (i.e. "/") in its name and the directory
5443 did not exist, the log file's name was treated as
5444 though it were the directory name. [RT #1189]
5446 814. [bug] Socket objects left over from accept() failures
5447 were incorrectly destroyed, causing corruption
5448 of socket manager data structures.
5450 813. [bug] File descriptors exceeding FD_SETSIZE were handled
5453 812. [bug] dig sometimes printed incomplete IXFR responses
5454 due to an uninitialized variable. [RT #1188]
5456 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
5458 810. [bug] The signer name in SIG records was not properly
5459 down-cased when signing/verifying records. [RT #1186]
5461 809. [bug] Configuring a non-local address as a transfer-source
5462 could cause an assertion failure during load.
5464 808. [func] Add 'rndc flush' to flush the server's cache.
5466 807. [bug] When setting up TCP connections for incoming zone
5467 transfers, the transfer-source port was not
5468 ignored like it should be.
5470 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
5471 the calling stack to the zone maintenance level,
5472 causing zones to not reload when an included file was
5473 touched but the top-level zone file was not.
5475 805. [bug] When using "forward only", missing root hints should
5476 not cause queries to fail. [RT #1143]
5478 804. [bug] Attempting to obtain entropy could fail in some
5479 situations. This would be most common on systems
5480 with user-space threads. [RT #1131]
5482 803. [bug] Treat all SIG queries as if they have the CD bit set,
5483 otherwise no data will be returned [RT #749]
5485 802. [bug] DNSSEC key tags were computed incorrectly in almost
5486 all cases. [RT #1146]
5488 801. [bug] nsupdate should treat lines beginning with ';' as
5489 comments. [RT #1139]
5491 800. [bug] dnssec-signzone produced incorrect statistics for
5492 large zones. [RT #1133]
5494 799. [bug] The ADB didn't find AAAA glue in a zone unless A6
5495 glue was also present.
5497 798. [bug] nsupdate should be able to reject bad input lines
5498 and continue. [RT #1130]
5500 797. [func] Issue a warning if the 'directory' option contains
5501 a relative path. [RT #269]
5503 796. [func] When a size limit is associated with a log file,
5504 only roll it when the size is reached, not every
5505 time the log file is opened. [RT #1096]
5507 795. [func] Add the +multiline option to dig. [RT #1095]
5509 794. [func] Implement the "port" and "default-port" statements
5512 793. [cleanup] The DNSSEC tools could create filenames that were
5513 illegal or contained shell meta-characters. They
5514 now use a different text encoding of names that
5515 doesn't have these problems. [RT #1101]
5517 792. [cleanup] Replace the OMAPI command channel protocol with a
5520 791. [bug] The command channel now works over IPv6.
5522 790. [bug] Wildcards created using dynamic update or IXFR
5523 could fail to match. [RT #1111]
5525 789. [bug] The "localhost" and "localnets" ACLs did not match
5526 when used as the second element of a two-element
5529 788. [func] Add the "match-mapped-addresses" option, which
5530 causes IPv6 v4mapped addresses to be treated as
5531 IPv4 addresses for the purpose of acl matching.
5533 787. [bug] The DNSSEC tools failed to downcase domain
5534 names when mapping them into file names.
5536 786. [bug] When DNSSEC signing/verifying data, owner names were
5537 not properly down-cased.
5539 785. [bug] A race condition in the resolver could cause
5540 an assertion failure. [RT #673, #872, #1048]
5542 784. [bug] nsupdate and other programs would not quit properly
5543 if some signals were blocked by the caller. [RT #1081]
5545 783. [bug] Following CNAMEs could cause an assertion failure
5546 when either using an sdb database or under very
5549 782. [func] Implement the "serial-query-rate" option.
5551 781. [func] Avoid error packet loops by dropping duplicate FORMERR
5552 responses. [RT #1006]
5554 780. [bug] Error handling code dealing with out of memory or
5555 other rare errors could lead to assertion failures
5556 by calling functions on uninitialized names. [RT #1065]
5558 779. [func] Added the "minimal-responses" option.
5560 778. [bug] When starting cache cleaning, cleaning_timer_action()
5561 returned without first pausing the iterator, which
5562 could cause deadlock. [RT #998]
5564 777. [bug] An empty forwarders list in a zone failed to override
5565 global forwarders. [RT #995]
5567 776. [func] Improved error reporting in denied messages. [RT #252]
5571 774. [func] max-cache-size is implemented.
5573 773. [func] Added isc_rwlock_trylock() to attempt to lock without
5576 772. [bug] Owner names could be incorrectly omitted from cache
5577 dumps in the presence of negative caching entries.
5580 771. [cleanup] TSIG errors related to unsynchronized clocks
5581 are logged better. [RT #919]
5583 770. [func] Add the "edns yes_or_no" statement to the server
5586 769. [func] Improved error reporting when parsing rdata. [RT #740]
5588 768. [bug] The server did not emit an SOA when a CNAME
5589 or DNAME chain ended in NXDOMAIN in an
5594 766. [bug] A few cases in query_find() could leak fname.
5595 This would trigger the mpctx->allocated == 0
5596 assertion when the server exited.
5597 [RT #739, #776, #798, #812, #818, #821, #845,
5600 765. [func] ACL names are once again case insensitive, like
5601 in BIND 8. [RT #252]
5603 764. [func] Configuration files now allow "include" directives
5604 in more places, such as inside the "view" statement.
5605 [RT #377, #728, #860]
5607 763. [func] Configuration files no longer have reserved words.
5610 762. [cleanup] The named.conf and rndc.conf file parsers have
5611 been completely rewritten.
5613 761. [bug] _REENTRANT was still defined when building with
5616 760. [contrib] Significant enhancements to the pgsql sdb driver.
5618 759. [bug] The resolver didn't turn off "avoid fetches" mode
5619 when restarting, possibly causing resolution
5620 to fail when it should not. This bug only affected
5621 platforms which support both IPv4 and IPv6. [RT #927]
5623 758. [bug] The "avoid fetches" code did not treat negative
5624 cache entries correctly, causing fetches that would
5625 be useful to be avoided. This bug only affected
5626 platforms which support both IPv4 and IPv6. [RT #927]
5628 757. [func] Log zone transfers.
5630 756. [bug] dns_zone_load() could "return" success when no master
5631 file was configured.
5633 755. [bug] Fix incorrectly formatted log messages in zone.c.
5635 754. [bug] Certain failure conditions sending UDP packets
5636 could cause the server to retry the transmission
5637 indefinitely. [RT #902]
5639 753. [bug] dig, host, and nslookup would fail to contact a
5640 remote server if getaddrinfo() returned an IPv6
5641 address on a system that doesn't support IPv6.
5644 752. [func] Correct bad tv_usec elements returned by
5647 751. [func] Log successful zone loads / transfers. [RT #898]
5649 750. [bug] A query should not match a DNAME whose trust level
5650 is pending. [RT #916]
5652 749. [bug] When a query matched a DNAME in a secure zone, the
5653 server did not return the signature of the DNAME.
5656 748. [doc] List supported RFCs in doc/misc/rfc-compliance.
5659 747. [bug] The code to determine whether an IXFR was possible
5660 did not properly check for a database that could
5661 not have a journal. [RT #865, #908]
5663 746. [bug] The sdb didn't clone rdatasets properly, causing
5664 a crash when the server followed delegations. [RT #905]
5666 745. [func] Report the owner name of records that fail
5667 semantic checks while loading.
5669 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the
5670 result of an ANY or SIG query, the resolver failed
5671 to setup the return event's rdatasets, causing an
5672 assertion failure in the query code. [RT #881]
5674 743. [bug] Receiving a large number of certain malformed
5675 answers could cause named to stop responding.
5680 741. [port] Support openssl-engine. [RT #709]
5682 740. [port] Handle openssl library mismatches slightly better.
5684 739. [port] Look for /dev/random in configure, rather than
5685 assuming it will be there for only a predefined
5688 738. [bug] If a non-threadsafe sdb driver supported AXFR and
5689 received an AXFR request, it would deadlock or die
5690 with an assertion failure. [RT #852]
5692 737. [port] stdtime.c failed to compile on certain platforms.
5694 736. [func] New functions isc_task_{begin,end}exclusive().
5696 735. [doc] Add BIND 4 migration notes.
5698 734. [bug] An attempt to re-lock the zone lock could occur if
5699 the server was shutdown during a zone transfer.
5702 733. [bug] Reference counts of dns_acl_t objects need to be
5703 locked but were not. [RT #801, #821]
5705 732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828]
5707 731. [bug] Certain zone errors could cause named-checkzone to
5708 fail ungracefully. [RT #819]
5710 730. [bug] lwres_getaddrinfo() returns the correct result when
5711 it fails to contact a server. [RT #768]
5713 729. [port] pthread_setconcurrency() needs to be called on Solaris.
5715 728. [bug] Fix comment processing on master file directives.
5718 727. [port] Work around OS bug where accept() succeeds but
5719 fails to fill in the peer address of the accepted
5720 connection, by treating it as an error rather than
5721 an assertion failure. [RT #809]
5723 726. [func] Implement the "trace" and "notrace" commands in rndc.
5725 725. [bug] Installing man pages could fail.
5727 724. [func] New libisc functions isc_netaddr_any(),
5730 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
5731 to return DNS_R_SERVFAIL. [RT #783]
5733 722. [func] Allow incremental loads to be canceled.
5735 721. [cleanup] Load manager and dns_master_loadfilequota() are no
5738 720. [bug] Server could enter infinite loop in
5739 dispatch.c:do_cancel(). [RT #733]
5741 719. [bug] Rapid reloads could trigger an assertion failure.
5744 718. [cleanup] "internal" is no longer a reserved word in named.conf.
5747 717. [bug] Certain TKEY processing failure modes could
5748 reference an uninitialized variable, causing the
5749 server to crash. [RT #750]
5751 716. [bug] The first line of a $INCLUDE master file was lost if
5752 an origin was specified. [RT #744]
5754 715. [bug] Resolving some A6 chains could cause an assertion
5755 failure in adb.c. [RT #738]
5757 714. [bug] Preserve interval timers across reloads unless changed.
5760 713. [func] named-checkconf takes '-t directory' similar to named.
5763 712. [bug] Sending a large signed update message caused an
5764 assertion failure. [RT #718]
5766 711. [bug] The libisc and liblwres implementations of
5767 inet_ntop contained an off by one error.
5769 710. [func] The forwarders statement now takes an optional
5772 709. [bug] ANY or SIG queries for data with a TTL of 0
5773 would return SERVFAIL. [RT #620]
5775 708. [bug] When building with --with-openssl, the openssl headers
5776 included with BIND 9 should not be used. [RT #702]
5778 707. [func] The "filename" argument to named-checkzone is no
5779 longer optional, to reduce confusion. [RT #612]
5781 706. [bug] Zones with an explicit "allow-update { none; };"
5782 were considered dynamic and therefore not reloaded
5783 on SIGHUP or "rndc reload".
5785 705. [port] Work out resource limit type for use where rlim_t is
5786 not available. [RT #695]
5788 704. [port] RLIMIT_NOFILE is not available on all platforms.
5791 703. [port] sys/select.h is needed on older platforms. [RT #695]
5793 702. [func] If the address 0.0.0.0 is seen in resolv.conf,
5794 use 127.0.0.1 instead. [RT #693]
5796 701. [func] Root hints are now fully optional. Class IN
5797 views use compiled-in hints by default, as
5798 before. Non-IN views with no root hints now
5799 provide authoritative service but not recursion.
5800 A warning is logged if a view has neither root
5801 hints nor authoritative data for the root. [RT #696]
5803 700. [bug] $GENERATE range check was wrong. [RT #688]
5805 699. [bug] The lexer mishandled empty quoted strings. [RT #694]
5807 698. [bug] Aborting nsupdate with ^C would lead to several
5810 697. [bug] nsupdate was not compatible with the undocumented
5811 BIND 8 behavior of ignoring TTLs in "update delete"
5814 696. [bug] lwresd would die with an assertion failure when passed
5815 a zero-length name. [RT #692]
5817 695. [bug] If the resolver attempted to query a blackholed or
5818 bogus server, the resolution would fail immediately.
5820 694. [bug] $GENERATE did not produce the last entry.
5823 693. [bug] An empty lwres statement in named.conf caused
5824 the server to crash while loading.
5826 692. [bug] Deal with systems that have getaddrinfo() but not
5827 gai_strerror(). [RT #679]
5829 691. [bug] Configuring per-view forwarders caused an assertion
5830 failure. [RT #675, #734]
5832 690. [func] $GENERATE now supports DNAME. [RT #654]
5834 689. [doc] man pages are now installed. [RT #210]
5836 688. [func] "make tags" now works on systems with the
5837 "Exuberant Ctags" etags.
5839 687. [bug] Only say we have IPv6, with sufficient functionality,
5840 if it has actually been tested. [RT #586]
5842 686. [bug] dig and nslookup can now be properly aborted during
5843 blocking operations. [RT #568]
5845 685. [bug] nslookup should use the search list/domain options
5846 from resolv.conf by default. [RT #405, #630]
5848 684. [bug] Memory leak with view forwarders. [RT #656]
5850 683. [bug] File descriptor leak in isc_lex_openfile().
5852 682. [bug] nslookup displayed SOA records incorrectly. [RT #665]
5854 681. [bug] $GENERATE specifying output format was broken. [RT #653]
5856 680. [bug] dns_rdata_fromstruct() mishandled options bigger
5859 679. [bug] $INCLUDE could leak memory and file descriptors on
5862 678. [bug] "transfer-format one-answer;" could trigger an assertion
5865 677. [bug] dnssec-signzone would occasionally use the wrong ttl
5866 for database operations and fail. [RT #643]
5868 676. [bug] Log messages about lame servers to category
5869 'lame-servers' rather than 'resolver', so as not
5870 to be gratuitously incompatible with BIND 8.
5872 675. [bug] TKEY queries could cause the server to leak
5875 674. [func] Allow messages to be TSIG signed / verified using
5876 a offset from the current time.
5878 673. [func] The server can now convert RFC1886-style recursive
5879 lookup requests into RFC2874-style lookups, when
5880 enabled using the new option "allow-v6-synthesis".
5882 672. [bug] The wrong time was in the "time signed" field when
5883 replying with BADTIME error.
5885 671. [bug] The message code was failing to parse a message with
5886 no question section and a TSIG record. [RT #628]
5888 670. [bug] The lwres replacements for getaddrinfo and
5889 getipnodebyname didn't properly check for the
5890 existence of the sockaddr sa_len field.
5892 669. [bug] dnssec-keygen now makes the public key file
5893 non-world-readable for symmetric keys. [RT #403]
5895 668. [func] named-checkzone now reports multiple errors in master
5898 667. [bug] On Linux, running named with the -u option and a
5899 non-world-readable configuration file didn't work.
5902 666. [bug] If a request sent by dig is longer than 512 bytes,
5905 665. [bug] Signed responses were not sent when the size of the
5906 TSIG + question exceeded the maximum message size.
5909 664. [bug] The t_tasks and t_timers module tests are now skipped
5910 when building without threads, since they require
5913 663. [func] Accept a size_spec, not just an integer, in the
5914 (unimplemented and ignored) max-ixfr-log-size option
5915 for compatibility with recent versions of BIND 8.
5918 662. [bug] dns_rdata_fromtext() failed to log certain errors.
5920 661. [bug] Certain UDP IXFR requests caused an assertion failure
5921 (mpctx->allocated == 0). [RT #355, #394, #623]
5923 660. [port] Detect multiple CPUs on HP-UX and IRIX.
5925 659. [performance] Rewrite the name compression code to be much faster.
5927 658. [cleanup] Remove all vestiges of 16 bit global compression.
5929 657. [bug] When a listen-on statement in an lwres block does not
5930 specify a port, use 921, not 53. Also update the
5931 listen-on documentation. [RT #616]
5933 656. [func] Treat an unescaped newline in a quoted string as
5934 an error. This means that TXT records with missing
5935 close quotes should have meaningful errors printed.
5937 655. [bug] Improve error reporting on unexpected eof when loading
5940 654. [bug] Origin was being forgotten in TCP retries in dig.
5943 653. [bug] +defname option in dig was reversed in sense.
5946 652. [bug] zone_saveunique() did not report the new name.
5948 651. [func] The AD bit in responses now has the meaning
5949 specified in <draft-ietf-dnsext-ad-is-secure>.
5951 650. [bug] SIG(0) records were being generated and verified
5952 incorrectly. [RT #606]
5954 649. [bug] It was possible to join to an already running fctx
5955 after it had "cloned" its events, but before it sent
5956 them. In this case, the event of the newly joined
5957 fetch would not contain the answer, and would
5958 trigger the INSIST() in fctx_sendevents(). In
5959 BIND 9.0, this bug did not trigger an INSIST(), but
5960 caused the fetch to fail with a SERVFAIL result.
5961 [RT #588, #597, #605, #607]
5963 648. [port] Add support for pre-RFC2133 IPv6 implementations.
5965 647. [bug] Resolver queries sent after following multiple
5966 referrals had excessively long retransmission
5967 timeouts due to incorrectly counting the referrals
5970 646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
5971 didn't _cleanly_ fix the problem it was trying to fix.
5973 645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
5975 644. [bug] #622 needed more work. [RT #562]
5977 643. [bug] xfrin error messages made more verbose, added class
5978 of the zone. [RT# 599]
5980 642. [bug] Break the exit_check() race in the zone module.
5983 --- 9.1.0b2 released ---
5985 641. [bug] $GENERATE caused a uninitialized link to be used.
5988 640. [bug] Memory leak in error path could cause
5989 "mpctx->allocated == 0" failure. [RT #584]
5991 639. [bug] Reading entropy from the keyboard would sometimes fail.
5994 638. [port] lib/isc/random.c needed to explicitly include time.h
5995 to get a prototype for time() when pthreads was not
5996 being used. [RT #592]
5998 637. [port] Use isc_u?int64_t instead of (unsigned) long long in
5999 lib/isc/print.c. Also allow lib/isc/print.c to
6000 be compiled even if the platform does not need it.
6003 636. [port] Shut up MSVC++ about a possible loss of precision
6004 in the ISC__BUFFER_PUTUINT*() macros. [RT #592]
6006 635. [bug] Reloading a server with a configured blackhole list
6007 would cause an assertion. [RT #590]
6009 634. [bug] A log file will completely stop being written when
6010 it reaches the maximum size in all cases, not just
6011 when versioning is also enabled. [RT #570]
6013 633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
6015 632. [bug] The index array of the journal file was
6016 corrupted as it was written to disk.
6018 631. [port] Build without thread support on systems without
6021 630. [bug] Locking failure in zone code. [RT #582]
6023 629. [bug] 9.1.0b1 dereferenced a null pointer and crashed
6024 when responding to a UDP IXFR request.
6026 628. [bug] If the root hints contained only AAAA addresses,
6027 named would be unable to perform resolution.
6029 627. [bug] The EDNS0 blackhole detection code of change 324
6030 waited for three retransmissions to each server,
6031 which takes much too long when a domain has many
6032 name servers and all of them drop EDNS0 queries.
6033 Now we retry without EDNS0 after three consecutive
6034 timeouts, even if they are all from different
6037 626. [bug] The lightweight resolver daemon no longer crashes
6038 when asked for a SIG rrset. [RT #558]
6040 625. [func] Zones now inherit their class from the enclosing view.
6042 624. [bug] The zone object could get timer events after it had
6043 been destroyed, causing a server crash. [RT #571]
6045 623. [func] Added "named-checkconf" and "named-checkzone" program
6046 for syntax checking named.conf files and zone files,
6049 622. [bug] A canceled request could be destroyed before
6050 dns_request_destroy() was called. [RT #562]
6052 621. [port] Disable IPv6 at runtime if IPv6 sockets are unusable.
6053 This mostly affects Red Hat Linux 7.0, which has
6054 conflicts between libc and the kernel.
6056 620. [bug] dns_master_load*inc() now require 'task' and 'load'
6057 to be non-null. Also 'done' will not be called if
6058 dns_master_load*inc() fails immediately. [RT #565]
6062 618. [bug] Queries to a signed zone could sometimes cause
6063 an assertion failure.
6065 617. [bug] When using dynamic update to add a new RR to an
6066 existing RRset with a different TTL, the journal
6067 entries generated from the update did not include
6068 explicit deletions and re-additions of the existing
6069 RRs to update their TTL to the new value.
6071 616. [func] dnssec-signzone -t output now includes performance
6074 615. [bug] dnssec-signzone did not like child keysets signed
6077 614. [bug] Checks for uninitialized link fields were prone
6078 to false positives, causing assertion failures.
6079 The checks are now disabled by default and may
6080 be re-enabled by defining ISC_LIST_CHECKINIT.
6082 613. [bug] "rndc reload zone" now reloads primary zones.
6083 It previously only updated slave and stub zones,
6084 if an SOA query indicated an out of date serial.
6086 612. [cleanup] Shutup a ridiculously noisy HP-UX compiler that
6087 complains relentlessly about how its treatment
6088 of 'const' has changed as well as how casting
6089 sometimes tightens alignment constraints.
6091 611. [func] allow-notify can be used to permit processing of
6092 notify messages from hosts other than a slave's
6095 610. [func] rndc dumpdb is now supported.
6097 609. [bug] getrrsetbyname() would crash lwresd if the server
6098 found more SIGs than answers. [RT #554]
6100 608. [func] dnssec-signzone now adds a comment to the zone
6101 with the time the file was signed.
6103 607. [bug] nsupdate would fail if it encountered a CNAME or
6104 DNAME in a response to an SOA query. [RT #515]
6106 606. [bug] Compiling with --disable-threads failed due
6107 to isc_thread_self() being incorrectly defined
6108 as an integer rather than a function.
6110 605. [func] New function isc_lex_getlasttokentext().
6112 604. [bug] The named.conf parser could print incorrect line
6113 numbers when long comments were present.
6115 603. [bug] Make dig handle multiple types or classes on the same
6116 query more correctly.
6118 602. [func] Cope automatically with UnixWare's broken
6119 IN6_IS_ADDR_* macros. [RT #539]
6121 601. [func] Return a non-zero exit code if an update fails
6124 600. [bug] Reverse lookups sometimes failed in dig, etc...
6126 599. [func] Added four new functions to the libisc log API to
6127 support i18n messages. isc_log_iwrite(),
6128 isc_log_ivwrite(), isc_log_iwrite1() and
6129 isc_log_ivwrite1() were added.
6131 598. [bug] An update-policy statement would cause the server
6132 to assert while loading. [RT #536]
6134 597. [func] dnssec-signzone is now multi-threaded.
6136 596. [bug] DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
6137 not mutually exclusive.
6139 595. [port] On Linux 2.2, socket() returns EINVAL when it
6140 should return EAFNOSUPPORT. Work around this.
6143 594. [func] sdb drivers are now assumed to not be thread-safe
6144 unless the DNS_SDBFLAG_THREADSAFE flag is supplied.
6146 593. [bug] If a secure zone was missing all its NXTs and
6147 a dynamic update was attempted, the server entered
6150 592. [bug] The sig-validity-interval option now specifies a
6151 number of days, not seconds. This matches the
6152 documentation. [RT #529]
6154 --- 9.1.0b1 released ---
6156 591. [bug] Work around non-reentrancy in openssl by disabling
6157 pre-computation in keys.
6159 590. [doc] There are now man pages for the lwres library in
6162 589. [bug] The server could deadlock if a zone was updated
6163 while being transferred out.
6165 588. [bug] ctx->in_use was not being correctly initialized when
6166 when pushing a file for $INCLUDE. [RT #523]
6168 587. [func] A warning is now printed if the "allow-update"
6169 option allows updates based on the source IP
6170 address, to alert users to the fact that this
6171 is insecure and becoming increasingly so as
6172 servers capable of update forwarding are being
6175 586. [bug] multiple views with the same name were fatal. [RT #516]
6177 585. [func] dns_db_addrdataset() and and dns_rdataslab_merge()
6178 now support 'exact' additions in a similar manner to
6179 dns_db_subtractrdataset() and dns_rdataslab_subtract().
6181 584. [func] You can now say 'notify explicit'; to suppress
6182 notification of the servers listed in NS records
6183 and notify only those servers listed in the
6184 'also-notify' option.
6186 583. [func] "rndc querylog" will now toggle logging of
6187 queries, like "ndc querylog" in BIND 8.
6189 582. [bug] dns_zone_idetach() failed to lock the zone.
6192 581. [bug] log severity was not being correctly processed.
6195 580. [func] Ignore trailing garbage on incoming DNS packets,
6196 for interoperability with broken server
6197 implementations. [RT #491]
6199 579. [bug] nsupdate did not take a filename to read update from.
6202 578. [func] New config option "notify-source", to specify the
6203 source address for notify messages.
6205 577. [func] Log illegal RDATA combinations. e.g. multiple
6206 singleton types, cname and other data.
6208 576. [doc] isc_log_create() description did not match reality.
6210 575. [bug] isc_log_create() was not setting internal state
6211 correctly to reflect the default channels created.
6213 574. [bug] TSIG signed queries sent by the resolver would fail to
6214 have their responses validated and would leak memory.
6216 573. [bug] The journal files of IXFRed slave zones were
6217 inadvertently discarded on server reload, causing
6218 "journal out of sync with zone" errors on subsequent
6221 572. [bug] Quoted strings were not accepted as key names in
6222 address match lists.
6224 571. [bug] It was possible to create an rdataset of singleton
6225 type which had more than one rdata. [RT #154]
6228 570. [bug] rbtdb.c allowed zones containing nodes which had
6229 both a CNAME and "other data". [RT #154]
6231 569. [func] The DNSSEC AD bit will not be set on queries which
6232 have not requested a DNSSEC response.
6234 568. [func] Add sample simple database drivers in contrib/sdb.
6236 567. [bug] Setting the zone transfer timeout to zero caused an
6237 assertion failure. [RT #302]
6239 566. [func] New public function dns_timer_setidle().
6241 565. [func] Log queries more like BIND 8: query logging is now
6242 done to category "queries", level "info". [RT #169]
6244 564. [func] Add sortlist support to lwresd.
6246 563. [func] New public functions dns_rdatatype_format() and
6247 dns_rdataclass_format(), for convenient formatting
6248 of rdata type/class mnemonics in log messages.
6250 562. [cleanup] Moved lib/dns/*conf.c to bin/named where they belong.
6252 561. [func] The 'datasize', 'stacksize', 'coresize' and 'files'
6253 clauses of the options{} statement are now implemented.
6255 560. [bug] dns_name_split did not properly the resulting prefix
6256 when a maximal length bitstring label was split which
6257 was preceded by another bitstring label. [RT #429]
6259 559. [bug] dns_name_split did not properly create the suffix
6260 when splitting within a maximal length bitstring label.
6262 558. [func] New functions, isc_resource_getlimit and
6263 isc_resource_setlimit.
6265 557. [func] Symbolic constants for libisc integral types.
6267 556. [func] The DNSSEC OK bit in the EDNS extended flags
6268 is now implemented. Responses to queries without
6269 this bit set will not contain any DNSSEC records.
6271 555. [bug] A slave server attempting a zone transfer could
6272 crash with an assertion failure on certain
6273 malformed responses from the master. [RT #457]
6275 554. [bug] In some cases, not all of the dnssec tools were
6278 553. [bug] Incoming zone transfers deferred due to quota
6279 were not started when quota was increased but
6280 only when a transfer in progress finished. [RT #456]
6282 552. [bug] We were not correctly detecting the end of all c-style
6285 551. [func] Implemented the 'sortlist' option.
6287 550. [func] Support unknown rdata types and classes.
6289 549. [bug] "make" did not immediately abort the build when a
6290 subdirectory make failed [RT #450].
6292 548. [func] The lexer now ungets tokens more correctly.
6296 546. [func] Option 'lame-ttl' is now implemented.
6298 545. [func] Name limit and counting options removed from dig;
6299 they didn't work properly, and cannot be correctly
6300 implemented without significant changes.
6302 544. [func] Add statistics option, enable statistics-file option,
6303 add RNDC option "dump-statistics" to write out a
6304 query statistics file.
6306 543. [doc] The 'port' option is now documented.
6308 542. [func] Add support for update forwarding as required for
6309 full compliance with RFC2136. It is turned off
6310 by default and can be enabled using the
6311 'allow-update-forwarding' option.
6313 541. [func] Add bogus server support.
6315 540. [func] Add dialup support.
6317 539. [func] Support the blackhole option.
6319 538. [bug] fix buffer overruns by 1 in lwres_getnameinfo().
6323 536. [func] Use transfer-source{-v6} when sending refresh queries.
6324 Transfer-source{-v6} now take a optional port
6325 parameter for setting the UDP source port. The port
6326 parameter is ignored for TCP.
6328 535. [func] Use transfer-source{-v6} when forwarding update
6331 534. [func] Ancestors have been removed from RBT chains. Ancestor
6332 information can be discerned via node parent pointers.
6334 533. [func] Incorporated name hashing into the RBT database to
6335 improve search speed.
6337 532. [func] Implement DNS UPDATE pseudo records using
6338 DNS_RDATA_UPDATE flag.
6340 531. [func] Rdata really should be initialized before being assigned
6341 to (dns_rdata_fromwire(), dns_rdata_fromtext(),
6342 dns_rdata_clone(), dns_rdata_fromregion()),
6345 530. [func] New function dns_rdata_invalidate().
6347 529. [bug] 521 contained a bug which caused zones to always
6350 528. [func] The ISC_LIST_XXXX macros now perform sanity checks
6351 on their arguments. ISC_LIST_XXXXUNSAFE can be use
6352 to skip the checks however use with caution.
6354 527. [func] New function dns_rdata_clone().
6356 526. [bug] nsupdate incorrectly refused to add RRs with a TTL
6359 525. [func] New arguments 'options' for dns_db_subtractrdataset(),
6360 and 'flags' for dns_rdataslab_subtract() allowing you
6361 to request that the RR's must exist prior to deletion.
6362 DNS_R_NOTEXACT is returned if the condition is not met.
6364 524. [func] The 'forward' and 'forwarders' statement in
6365 non-forward zones should work now.
6367 523. [doc] The source to the Administrator Reference Manual is
6368 now an XML file using the DocBook DTD, and is included
6369 in the distribution. The plain text version of the
6370 ARM is temporarily unavailable while we figure out
6371 how to generate readable plain text from the XML.
6373 522. [func] The lightweight resolver daemon can now use
6374 a real configuration file, and its functionality
6375 can be provided by a name server. Also, the -p and -P
6376 options to lwresd have been reversed.
6378 521. [bug] Detect master files which contain $INCLUDE and always
6381 520. [bug] Upgraded libtool to 1.3.5, which makes shared
6382 library builds almost work on AIX (and possibly
6385 519. [bug] dns_name_split() would improperly split some bitstring
6386 labels, zeroing a few of the least significant bits in
6387 the prefix part. When such an improperly created
6388 prefix was returned to the RBT database, the bogus
6389 label was dutifully stored, corrupting the tree.
6392 518. [bug] The resolver did not realize that a DNAME which was
6393 "the answer" to the client's query was "the answer",
6394 and such queries would fail. [RT #399]
6396 517. [bug] The resolver's DNAME code would trigger an assertion
6397 if there was more than one DNAME in the chain.
6400 516. [bug] Cache lookups which had a NULL node pointer, e.g.
6401 those by dns_view_find(), and which would match a
6402 DNAME, would trigger an INSIST(!search.need_cleanup)
6403 assertion. [RT #399]
6405 515. [bug] The ssu table was not being attached / detached
6406 by dns_zone_[sg]etssutable. [RT#397]
6408 514. [func] Retry refresh and notify queries if they timeout.
6411 513. [func] New functionality added to rdnc and server to allow
6412 individual zones to be refreshed or reloaded.
6414 512. [bug] The zone transfer code could throw an exception with
6415 an invalid IXFR stream.
6417 511. [bug] The message code could throw an assertion on an
6418 out of memory failure. [RT #392]
6420 510. [bug] Remove spurious view notify warning. [RT #376]
6422 509. [func] Add support for write of zone files on shutdown.
6424 508. [func] dns_message_parse() can now do a best-effort
6425 attempt, which should allow dig to print more invalid
6428 507. [func] New functions dns_zone_flush(), dns_zt_flushanddetach()
6429 and dns_view_flushanddetach().
6431 506. [func] Do not fail to start on errors in zone files.
6433 505. [bug] nsupdate was printing "unknown result code". [RT #373]
6435 504. [bug] The zone was not being marked as dirty when updated via
6438 503. [bug] dumptime was not being set along with
6439 DNS_ZONEFLG_NEEDDUMP.
6441 502. [func] On a SERVFAIL reply, DiG will now try the next server
6442 in the list, unless the +fail option is specified.
6444 501. [bug] Incorrect port numbers were being displayed by
6447 500. [func] Nearly useless +details option removed from DiG.
6449 499. [func] In DiG, specifying a class with -c or type with -t
6450 changes command-line parsing so that classes and
6451 types are only recognized if following -c or -t.
6452 This allows hosts with the same name as a class or
6453 type to be looked up.
6455 498. [doc] There is now a man page for "dig"
6456 in doc/man/bin/dig.1.
6458 497. [bug] The error messages printed when an IP match list
6459 contained a network address with a nonzero host
6460 part where not sufficiently detailed. [RT #365]
6462 496. [bug] named didn't sanity check numeric parameters. [RT #361]
6464 495. [bug] nsupdate was unable to handle large records. [RT #368]
6466 494. [func] Do not cache NXDOMAIN responses for SOA queries.
6468 493. [func] Return non-cachable (ttl = 0) NXDOMAIN responses
6469 for SOA queries. This makes it easier to locate
6470 the containing zone without polluting intermediate
6473 492. [bug] attempting to reload a zone caused the server fail
6474 to shutdown cleanly. [RT #360]
6476 491. [bug] nsupdate would segfault when sending certain
6477 prerequisites with empty RDATA. [RT #356]
6479 490. [func] When a slave/stub zone has not yet successfully
6480 obtained an SOA containing the zone's configured
6481 retry time, perform the SOA query retries using
6482 exponential backoff. [RT #337]
6484 489. [func] The zone manager now has a "i/o" queue.
6486 488. [bug] Locks weren't properly destroyed in some cases.
6488 487. [port] flockfile() is not defined on all systems.
6490 486. [bug] nslookup: "set all" and "server" commands showed
6491 the incorrect port number if a port other than 53
6492 was specified. [RT #352]
6494 485. [func] When dig had more than one server to query, it would
6495 send all of the messages at the same time. Add
6496 rate limiting of the transmitted messages.
6498 484. [bug] When the server was reloaded after removing addresses
6499 from the named.conf "listen-on" statement, sockets
6500 were still listening on the removed addresses due
6501 to reference count loops. [RT #325]
6503 483. [bug] nslookup: "set all" showed a "search" option but it
6506 482. [bug] nslookup: a plain "server" or "lserver" should be
6507 treated as a lookup.
6509 481. [bug] nslookup:get_next_command() stack size could exceed
6512 480. [bug] strtok() is not thread safe. [RT #349]
6514 479. [func] The test suite can now be run by typing "make check"
6515 or "make test" at the top level.
6517 478. [bug] "make install" failed if the directory specified with
6518 --prefix did not already exist.
6520 477. [bug] The the isc-config.sh script could be installed before
6521 its directory was created. [RT #324]
6523 476. [bug] A zone could expire while a zone transfer was in
6524 progress triggering a INSIST failure. [RT #329]
6526 475. [bug] query_getzonedb() sometimes returned a non-null version
6527 on failure. This caused assertion failures when
6528 generating query responses where names subject to
6529 additional section processing pointed to a zone
6530 to which access had been denied by means of the
6531 allow-query option. [RT #336]
6533 474. [bug] The mnemonic of the CHAOS class is CH according to
6534 RFC1035, but it was printed and read only as CHAOS.
6535 We now accept both forms as input, and print it
6538 473. [bug] nsupdate overran the end of the list of name servers
6539 when no servers could be reached, typically causing
6540 it to print the error message "dns_request_create:
6543 472. [bug] Off-by-one error caused isc_time_add() to sometimes
6544 produce invalid time values.
6546 471. [bug] nsupdate didn't compile on HP/UX 10.20
6548 470. [func] $GENERATE is now supported. See also
6551 469. [bug] "query-source address * port 53;" now works.
6553 468. [bug] dns_master_load*() failed to report file and line
6554 number in certain error conditions.
6556 467. [bug] dns_master_load*() failed to log an error if
6559 466. [bug] dns_master_load*() could return success when it failed.
6561 465. [cleanup] Allow 0 to be set as an omapi_value_t value by
6562 omapi_value_storeint().
6564 464. [cleanup] Build with openssl's RSA code instead of dnssafe.
6566 463. [bug] nsupdate sent malformed SOA queries to the second
6567 and subsequent name servers in resolv.conf if the
6568 query sent to the first one failed.
6570 462. [bug] --disable-ipv6 should work now.
6572 461. [bug] Specifying an unknown key in the "keys" clause of the
6573 "controls" statement caused a NULL pointer dereference.
6576 460. [bug] Much of the DNSSEC code only worked with class IN.
6578 459. [bug] Nslookup processed the "set" command incorrectly.
6580 458. [bug] Nslookup didn't properly check class and type values.
6583 457. [bug] Dig/host/hslookup didn't properly handle connect
6584 timeouts in certain situations, causing an
6585 unnecessary warning message to be printed.
6587 456. [bug] Stub zones were not resetting the refresh and expire
6588 counters, loadtime or clearing the DNS_ZONE_REFRESH
6589 (refresh in progress) flag upon successful update.
6590 This disabled further refreshing of the stub zone,
6591 causing it to eventually expire. [RT #300]
6593 455. [doc] Document IPv4 prefix notation does not require a
6594 dotted decimal quad but may be just dotted decimal.
6596 454. [bug] Enforce dotted decimal and dotted decimal quad where
6597 documented as such in named.conf. [RT #304, RT #311]
6599 453. [bug] Warn if the obsolete option "maintain-ixfr-base"
6600 is specified in named.conf. [RT #306]
6602 452. [bug] Warn if the unimplemented option "statistics-file"
6603 is specified in named.conf. [RT #301]
6605 451. [func] Update forwarding implemented.
6607 450. [func] New function ns_client_sendraw().
6609 449. [bug] isc_bitstring_copy() only works correctly if the
6610 two bitstrings have the same lsb0 value, but this
6611 requirement was not documented, nor was there a
6614 448. [bug] Host output formatting change, to match v8. [RT #255]
6616 447. [bug] Dig didn't properly retry in TCP mode after
6617 a truncated reply. [RT #277]
6619 446. [bug] Confusing notify log message. [RT #298]
6621 445. [bug] Doing a 0 bit isc_bitstring_copy() of an lsb0
6622 bitstring triggered a REQUIRE statement. The REQUIRE
6623 statement was incorrect. [RT #297]
6625 444. [func] "recursion denied" messages are always logged at
6626 debug level 1, now, rather than sometimes at ERROR.
6627 This silences these warnings in the usual case, where
6628 some clients set the RD bit in all queries.
6630 443. [bug] When loading a master file failed because of an
6631 unrecognized RR type name, the error message
6632 did not include the file name and line number.
6635 442. [bug] TSIG signed messages that did not match any view
6636 crashed the server. [RT #290]
6638 441. [bug] Nodes obscured by a DNAME were inaccessible even
6639 when DNS_DBFIND_GLUEOK was set.
6641 440. [func] New function dns_zone_forwardupdate().
6643 439. [func] New function dns_request_createraw().
6645 438. [func] New function dns_message_getrawmessage().
6647 437. [func] Log NOTIFY activity to the notify channel.
6649 436. [bug] If recvmsg() returned EHOSTUNREACH or ENETUNREACH,
6650 which sometimes happens on Linux, named would enter
6651 a busy loop. Also, unexpected socket errors were
6652 not logged at a high enough logging level to be
6653 useful in diagnosing this situation. [RT #275]
6655 435. [bug] dns_zone_dump() overwrote existing zone files
6656 rather than writing to a temporary file and
6657 renaming. This could lead to empty or partial
6658 zone files being left around in certain error
6659 conditions involving the initial transfer of a
6660 slave zone, interfering with subsequent server
6663 434. [func] New function isc_file_isabsolute().
6665 433. [func] isc_base64_decodestring() now accepts newlines
6666 within the base64 data. This makes it possible
6667 to break up the key data in a "trusted-keys"
6668 statement into multiple lines. [RT #284]
6670 432. [func] Added refresh/retry jitter. The actual refresh/
6671 retry time is now a random value between 75% and
6672 100% of the configured value.
6674 431. [func] Log at ISC_LOG_INFO when a zone is successfully
6677 430. [bug] Rewrote the lightweight resolver client management
6678 code to handle shutdown correctly and general
6681 429. [bug] The space reserved for a TSIG record in a response
6682 was 2 bytes too short, leading to message
6683 generation failures.
6685 428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
6686 DNS_R_BADDB for nodes which had neither NXT nor SIG NXT
6687 (e.g. glue). This could cause SERVFAILs when
6688 generating negative responses in a secure zone.
6690 427. [bug] Avoid going into an infinite loop when the validator
6691 gets a negative response to a key query where the
6692 records are signed by the missing key.
6694 426. [bug] Attempting to generate an oversized RSA key could
6695 cause dnssec-keygen to dump core.
6697 425. [bug] Warn about the auth-nxdomain default value change
6698 if there is no auth-nxdomain statement in the
6699 config file. [RT #287]
6701 424. [bug] notify_createmessage() could trigger an assertion
6702 failure when creating the notify message failed,
6703 e.g. due to corrupt zones with multiple SOA records.
6706 423. [bug] When responding to a recursive query, errors that occur
6707 after following a CNAME should cause the query to fail.
6710 422. [func] get rid of isc_random_t, and make isc_random_get()
6711 and isc_random_jitter() use rand() internally
6712 instead of local state. Note that isc_random_*()
6713 functions are only for weak, non-critical "randomness"
6714 such as timing jitter and such.
6716 421. [bug] nslookup would exit when given a blank line as input.
6718 420. [bug] nslookup failed to implement the "exit" command.
6720 419. [bug] The certificate type PKIX was misspelled as SKIX.
6722 418. [bug] At debug levels >= 10, getting an unexpected
6723 socket receive error would crash the server
6724 while trying to log the error message.
6726 417. [func] Add isc_app_block() and isc_app_unblock(), which
6727 allow an application to handle signals while
6730 416. [bug] Slave zones with no master file tried to use a
6731 NULL pointer for a journal file name when they
6732 received an IXFR. [RT #273]
6734 415. [bug] The logging code leaked file descriptors.
6736 414. [bug] Server did not shut down until all incoming zone
6737 transfers were finished.
6739 413. [bug] Notify could attempt to use the zone database after
6740 it had been unloaded. [RT#267]
6742 412. [bug] named -v didn't print the version.
6744 411. [bug] A typo in the HS A code caused an assertion failure.
6746 410. [bug] lwres_gethostbyname() and company set lwres_h_errno
6747 to a random value on success.
6749 409. [bug] If named was shut down early in the startup
6750 process, ns_omapi_shutdown() would attempt to lock
6751 an uninitialized mutex. [RT #262]
6753 408. [bug] stub zones could leak memory and reference counts if
6754 all the masters were unreachable.
6756 407. [bug] isc_rwlock_lock() would needlessly block
6757 readers when it reached the read quota even
6758 if no writers were waiting.
6760 406. [bug] Log messages were occasionally lost or corrupted
6761 due to a race condition in isc_log_doit().
6763 405. [func] Add support for selective forwarding (forward zones)
6765 404. [bug] The request library didn't completely work with IPv6.
6767 403. [bug] "host" did not use the search list.
6769 402. [bug] Treat undefined acls as errors, rather than
6770 warning and then later throwing an assertion.
6773 401. [func] Added simple database API.
6775 400. [bug] SIG(0) signing and verifying was done incorrectly.
6778 399. [bug] When reloading the server with a config file
6779 containing a syntax error, it could catch an
6780 assertion failure trying to perform zone
6781 maintenance on, or sending notifies from,
6782 tentatively created zones whose views were
6783 never fully configured and lacked an address
6784 database and request manager.
6786 398. [bug] "dig" sometimes caught an assertion failure when
6787 using TSIG, depending on the key length.
6789 397. [func] Added utility functions dns_view_gettsig() and
6790 dns_view_getpeertsig().
6792 396. [doc] There is now a man page for "nsupdate"
6793 in doc/man/bin/nsupdate.8.
6795 395. [bug] nslookup printed incorrect RR type mnemonics
6796 for RRs of type >= 21 [RT #237].
6798 394. [bug] Current name was not propagated via $INCLUDE.
6800 393. [func] Initial answer while loading (awl) support.
6801 Entry points: dns_master_loadfileinc(),
6802 dns_master_loadstreaminc(), dns_master_loadbufferinc().
6803 Note: calls to dns_master_load*inc() should be rate
6804 be rate limited so as to not use up all file
6807 392. [func] Add ISC_R_FAMILYNOSUPPORT. Returned when OS does
6808 not support the given address family requested.
6810 391. [clarity] ISC_R_FAMILY -> ISC_R_FAMILYMISMATCH.
6812 390. [func] The function dns_zone_setdbtype() now takes
6813 an argc/argv style vector of words and sets
6814 both the zone database type and its arguments,
6815 making the functions dns_zone_adddbarg()
6816 and dns_zone_cleardbargs() unnecessary.
6818 389. [bug] Attempting to send a request over IPv6 using
6819 dns_request_create() on a system without IPv6
6820 support caused an assertion failure [RT #235].
6822 388. [func] dig and host can now do reverse ipv6 lookups.
6824 387. [func] Add dns_byaddr_createptrname(), which converts
6825 an address into the name used by a PTR query.
6827 386. [bug] Missing strdup() of ACL name caused random
6828 ACL matching failures [RT #228].
6830 385. [cleanup] Removed functions dns_zone_equal(), dns_zone_print(),
6833 384. [bug] nsupdate was incorrectly limiting TTLs to 65535 instead
6836 383. [func] When writing a master file, print the SOA and NS
6837 records (and their SIGs) before other records.
6839 382. [bug] named -u failed on many Linux systems where the
6840 libc provided kernel headers do not match
6843 381. [bug] Check for IPV6_RECVPKTINFO and use it instead of
6844 IPV6_PKTINFO if found. [RT #229]
6846 380. [bug] nsupdate didn't work with IPv6.
6848 379. [func] New library function isc_sockaddr_anyofpf().
6850 378. [func] named and lwresd will log the command line arguments
6851 they were started with in the "starting ..." message.
6853 377. [bug] When additional data lookups were refused due to
6854 "allow-query", the databases were still being
6855 attached causing reference leaks.
6857 376. [bug] The server should always use good entropy when
6858 performing cryptographic functions needing entropy.
6860 375. [bug] Per-zone "allow-query" did not properly override the
6861 view/global one for CNAME targets and additional
6864 374. [bug] SOA in authoritative negative responses had wrong TTL.
6866 373. [func] nslookup is now installed by "make install".
6868 372. [bug] Deal with Microsoft DNS servers appending two bytes of
6869 garbage to zone transfer requests.
6871 371. [bug] At high debug levels, doing an outgoing zone transfer
6872 of a very large RRset could cause an assertion failure
6875 370. [bug] The error messages for roll-forward failures were
6878 369. [func] Support new named.conf options, view and zone
6881 max-retry-time, min-retry-time,
6882 max-refresh-time, min-refresh-time.
6884 368. [func] Restructure the internal ".bind" view so that more
6885 zones can be added to it.
6887 367. [bug] Allow proper selection of server on nslookup command
6890 366. [func] Allow use of '-' batch file in dig for stdin.
6892 365. [bug] nsupdate -k leaked memory.
6894 364. [func] Added additional-from-{cache,auth}
6898 362. [bug] rndc no longer aborts if the configuration file is
6899 missing an options statement. [RT #209]
6901 361. [func] When the RBT find or chain functions set the name and
6902 origin for a node that stores the root label
6903 the name is now set to an empty name, instead of ".",
6904 to simplify later use of the name and origin by
6905 dns_name_concatenate(), dns_name_totext() or
6908 360. [func] dns_name_totext() and dns_name_format() now allow
6909 an empty name to be passed, which is formatted as "@".
6911 359. [bug] dnssec-signzone occasionally signed glue records.
6913 358. [cleanup] Rename the intermediate files used by the dnssec
6916 357. [bug] The zone file parser crashed if the argument
6917 to $INCLUDE was a quoted string.
6919 356. [cleanup] isc_task_send no longer requires event->sender to
6922 355. [func] Added isc_dir_createunique(), similar to mkdtemp().
6924 354. [doc] Man pages for the dnssec tools are now included in
6925 the distribution, in doc/man/dnssec.
6927 353. [bug] double increment in lwres/gethost.c:copytobuf().
6930 352. [bug] Race condition in dns_client_t startup could cause
6931 an assertion failure.
6933 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG
6934 signed query could crash the server.
6936 350. [bug] Also-notify lists specified in the global options
6937 block were not correctly reference counted, causing
6940 349. [bug] Processing a query with the CD bit set now works
6943 348. [func] New boolean named.conf options 'additional-from-auth'
6944 and 'additional-from-cache' now supported in view and
6945 global options statement.
6947 347. [bug] Don't crash if an argument is left off options in dig.
6951 345. [bug] Large-scale changes/cleanups to dig:
6952 * Significantly improve structure handling
6953 * Don't pre-load entire batch files
6954 * Add name/rr counting/limiting
6955 * Fix SIGINT handling
6956 * Shorten timeouts to match v8's behavior
6958 344. [bug] When shutting down, lwresd sometimes tried
6959 to shut down its client tasks twice,
6960 triggering an assertion.
6962 343. [bug] Although zone maintenance SOA queries and
6963 notify requests were signed with TSIG keys
6964 when configured for the server in case,
6965 the TSIG was not verified on the response.
6967 342. [bug] The wrong name was being passed to
6968 dns_name_dup() when generating a TSIG
6971 341. [func] Support 'key' clause in named.conf zone masters
6972 statement to allow authentication via TSIG keys:
6975 10.0.0.1 port 5353 key "foo";
6979 340. [bug] The top-level COPYRIGHT file was missing from
6982 339. [bug] DNSSEC validation of the response to an ANY
6983 query at a name with a CNAME RR in a secure
6984 zone triggered an assertion failure.
6986 338. [bug] lwresd logged to syslog as named, not lwresd.
6988 337. [bug] "dig" did not recognize "nsap-ptr" as an RR type
6989 on the command line.
6991 336. [bug] "dig -f" used 64 k of memory for each line in
6992 the file. It now uses much less, though still
6993 proportionally to the file size.
6995 335. [bug] named would occasionally attempt recursion when
6996 it was disallowed or undesired.
6998 334. [func] Added hmac-md5 to libisc.
7000 333. [bug] The resolver incorrectly accepted referrals to
7001 domains that were not parents of the query name,
7002 causing assertion failures.
7004 332. [func] New function dns_name_reset().
7006 331. [bug] Only log "recursion denied" if RD is set. [RT #178]
7008 330. [bug] Many debugging messages were partially formatted
7009 even when debugging was turned off, causing a
7010 significant decrease in query performance.
7012 329. [func] omapi_auth_register() now takes a size_t argument for
7013 the length of a key's secret data. Previously
7014 OMAPI only stored secrets up to the first NUL byte.
7016 328. [func] Added isc_base64_decodestring().
7018 327. [bug] rndc.conf parser wasn't correctly recognizing an IP
7019 address where a host specification was required.
7021 326. [func] 'keys' in an 'inet' control statement is now
7022 required and must have at least one item in it.
7023 A "not supported" warning is now issued if a 'unix'
7024 control channel is defined.
7026 325. [bug] isc_lex_gettoken was processing octal strings when
7027 ISC_LEXOPT_CNUMBER was not set.
7029 324. [func] In the resolver, turn EDNS0 off if there is no
7030 response after a number of retransmissions.
7031 This is to allow queries some chance of succeeding
7032 even if all the authoritative servers of a zone
7033 silently discard EDNS0 requests instead of
7034 sending an error response like they ought to.
7036 323. [bug] dns_rbt_findname() did not ignore empty rbt nodes.
7037 Because of this, servers authoritative for a parent
7038 and grandchild zone but not authoritative for the
7039 intervening child zone did not correctly issue
7040 referrals to the servers of the child zone.
7042 322. [bug] Queries for KEY RRs are now sent to the parent
7043 server before the authoritative one, making
7044 DNSSEC insecurity proofs work in many cases
7045 where they previously didn't.
7047 321. [bug] When synthesizing a CNAME RR for a DNAME
7048 response, query_addcname() failed to initialize
7049 the type and class of the CNAME dns_rdata_t,
7050 causing random failures.
7052 320. [func] Multiple rndc changes: parses an rndc.conf file,
7053 uses authentication to talk to named, command
7054 line syntax changed. This will all be described
7057 319. [func] The named.conf "controls" statement is now used
7058 to configure the OMAPI command channel.
7060 318. [func] dns_c_ndcctx_destroy() could never return anything
7061 except ISC_R_SUCCESS; made it have void return instead.
7063 317. [func] Use callbacks from libomapi to determine if a
7064 new connection is valid, and if a key requested
7065 to be used with that connection is valid.
7067 316. [bug] Generate a warning if we detect an unexpected <eof>
7068 but treat as <eol><eof>.
7070 315. [bug] Handle non-empty blanks lines. [RT #163]
7072 314. [func] The named.conf controls statement can now have
7073 more than one key specified for the inet clause.
7075 313. [bug] When parsing resolv.conf, don't terminate on an
7076 error. Instead, parse as much as possible, but
7077 still return an error if one was found.
7079 312. [bug] Increase the number of allowed elements in the
7080 resolv.conf search path from 6 to 8. If there
7081 are more than this, ignore the remainder rather
7082 than returning a failure in lwres_conf_parse.
7084 311. [bug] lwres_conf_parse failed when the first line of
7085 resolv.conf was empty or a comment.
7087 310. [func] Changes to named.conf "controls" statement (inet
7090 - support "keys" clause
7094 allow { any; } keys { "foo"; }
7097 - allow "port xxx" to be left out of statement,
7098 in which case it defaults to omapi's default port
7101 309. [bug] When sending a referral, the server did not look
7102 for name server addresses as glue in the zone
7103 holding the NS RRset in the case where this zone
7104 was not the same as the one where it looked for
7105 name server addresses as authoritative data.
7107 308. [bug] Treat a SOA record not at top of zone as an error
7108 when loading a zone. [RT #154]
7110 307. [bug] When canceling a query, the resolver didn't check for
7111 isc_socket_sendto() calls that did not yet have their
7112 completion events posted, so it could (rarely) end up
7113 destroying the query context and then want to use
7114 it again when the send event posted, triggering an
7115 assertion as it tried to cancel an already-canceled
7118 306. [bug] Reading HMAC-MD5 private key files didn't work.
7120 305. [bug] When reloading the server with a config file
7121 containing a syntax error, it could catch an
7122 assertion failure trying to perform zone
7123 maintenance on tentatively created zones whose
7124 views were never fully configured and lacked
7125 an address database.
7127 304. [bug] If more than LWRES_CONFMAXNAMESERVERS servers
7128 are listed in resolv.conf, silently ignore them
7129 instead of returning failure.
7131 303. [bug] Add additional sanity checks to differentiate a AXFR
7132 response vs a IXFR response. [RT #157]
7134 302. [bug] In dig, host, and nslookup, MXNAME should be large
7135 enough to hold any legal domain name in presentation
7136 format + terminating NULL.
7138 301. [bug] Uninitialized pointer in host:printmessage(). [RT #159]
7140 300. [bug] Using both <isc/net.h> and <lwres/net.h> didn't work
7141 on platforms lacking IPv6 because each included their
7142 own ipv6 header file for the missing definitions. Now
7143 each library's ipv6.h defines the wrapper symbol of
7144 the other (ISC_IPV6_H and LWRES_IPV6_H).
7146 299. [cleanup] Get the user and group information before changing the
7147 root directory, so the administrator does not need to
7148 keep a copy of the user and group databases in the
7149 chroot'ed environment. Suggested by Hakan Olsson.
7151 298. [bug] A mutex deadlock occurred during shutdown of the
7152 interface manager under certain conditions.
7153 Digital Unix systems were the most affected.
7155 297. [bug] Specifying a key name that wasn't fully qualified
7156 in certain parts of the config file could cause
7157 an assertion failure.
7159 296. [bug] "make install" from a separate build directory
7160 failed unless configure had been run in the source
7163 295. [bug] When invoked with type==CNAME and a message
7164 not constructed by dns_message_parse(),
7165 dns_message_findname() failed to find anything
7166 due to checking for attribute bits that are set
7167 only in dns_message_parse(). This caused an
7168 infinite loop when constructing the response to
7169 an ANY query at a CNAME in a secure zone.
7171 294. [bug] If we run out of space in while processing glue
7172 when reading a master file and commit "current name"
7173 reverts to "name_current" instead of staying as
7176 293. [port] Add support for FreeBSD 4.0 system tests.
7178 292. [bug] Due to problems with the way some operating systems
7179 handle simultaneous listening on IPv4 and IPv6
7180 addresses, the server no longer listens on IPv6
7181 addresses by default. To revert to the previous
7182 behavior, specify "listen-on-v6 { any; };" in
7185 291. [func] Caching servers no longer send outgoing queries
7186 over TCP just because the incoming recursive query
7189 290. [cleanup] +twiddle option to dig (for testing only) removed.
7191 289. [cleanup] dig is now installed in $bindir instead of $sbindir.
7192 host is now installed in $bindir. (Be sure to remove
7193 any $sbindir/dig from a previous release.)
7195 288. [func] rndc is now installed by "make install" into $sbindir.
7197 287. [bug] rndc now works again as "rndc 127.1 reload" (for
7198 only that task). Parsing its configuration file and
7199 using digital signatures for authentication has been
7200 disabled until named supports the "controls" statement,
7203 286. [bug] On Solaris 2, when named inherited a signal state
7204 where SIGHUP had the SIG_IGN action, SIGHUP would
7205 be ignored rather than causing the server to reload
7208 285. [bug] A change made to the dst API for beta4 inadvertently
7209 broke OMAPI's creation of a dst key from an incoming
7210 message, causing an assertion to be triggered. Fixed.
7212 284. [func] The DNSSEC key generation and signing tools now
7213 generate randomness from keyboard input on systems
7214 that lack /dev/random.
7216 283. [cleanup] The 'lwresd' program is now a link to 'named'.
7218 282. [bug] The lexer now returns ISC_R_RANGE if parsed integer is
7219 too big for an unsigned long.
7221 281. [bug] Fixed list of recognized config file category names.
7223 280. [func] Add isc-config.sh, which can be used to more
7224 easily build applications that link with
7227 279. [bug] Private omapi function symbols shared between
7228 two or more files in libomapi.a were not namespace
7229 protected using the ISC convention of starting with
7230 the library name and two underscores ("omapi__"...)
7232 278. [bug] bin/named/logconf.c:category_fromconf() didn't take
7233 note of when isc_log_categorybyname() wasn't able
7234 to find the category name and would then apply the
7235 channel list of the unknown category to all categories.
7237 277. [bug] isc_log_categorybyname() and isc_log_modulebyname()
7238 would fail to find the first member of any category
7239 or module array apart from the internal defaults.
7240 Thus, for example, the "notify" category was improperly
7241 configured by named.
7243 276. [bug] dig now supports maximum sized TCP messages.
7245 275. [bug] The definition of lwres_gai_strerror() was missing
7248 274. [bug] TSIG AXFR verify failed when talking to a BIND 8
7251 273. [func] The default for the 'transfer-format' option is
7252 now 'many-answers'. This will break zone transfers
7253 to BIND 4.9.5 and older unless there is an explicit
7254 'one-answer' configuration.
7256 272. [bug] The sending of large TCP responses was canceled
7257 in mid-transmission due to a race condition
7258 caused by the failure to set the client object's
7259 "newstate" variable correctly when transitioning
7260 to the "working" state.
7262 271. [func] Attempt to probe the number of cpus in named
7263 if unspecified rather than defaulting to 1.
7265 270. [func] Allow maximum sized TCP answers.
7267 269. [bug] Failed DNSSEC validations could cause an assertion
7268 failure by causing clone_results() to be called with
7269 with hevent->node == NULL.
7271 268. [doc] A plain text version of the Administrator
7272 Reference Manual is now included in the distribution,
7273 as doc/arm/Bv9ARM.txt.
7275 267. [func] Nsupdate is now provided in the distribution.
7277 266. [bug] zone.c:save_nsrrset() node was not initialized.
7279 265. [bug] dns_request_create() now works for TCP.
7281 264. [func] Dispatch can not take TCP sockets in connecting
7282 state. Set DNS_DISPATCHATTR_CONNECTED when calling
7283 dns_dispatch_createtcp() for connected TCP sockets
7284 or call dns_dispatch_starttcp() when the socket is
7287 263. [func] New logging channel type 'stderr'
7294 262. [bug] 'master' was not initialized in zone.c:stub_callback().
7296 261. [func] Add dns_zone_markdirty().
7298 260. [bug] Running named as a non-root user failed on Linux
7299 kernels new enough to support retaining capabilities
7302 259. [func] New random-device and random-seed-file statements
7303 for global options block of named.conf. Both accept
7304 a single string argument.
7306 258. [bug] Fixed printing of lwres_addr_t.address field.
7308 257. [bug] The server detached the last zone manager reference
7309 too early, while it could still be in use by queries.
7310 This manifested itself as assertion failures during the
7311 shutdown process for busy name servers. [RT #133]
7313 256. [func] isc_ratelimiter_t now has attach/detach semantics, and
7314 isc_ratelimiter_shutdown guarantees that the rate
7315 limiter is detached from its task.
7317 255. [func] New function dns_zonemgr_attach().
7319 254. [bug] Suppress "query denied" messages on additional data
7322 --- 9.0.0b4 released ---
7324 253. [func] resolv.conf parser now recognizes ';' and '#' as
7325 comments (anywhere in line, not just as the beginning).
7327 252. [bug] resolv.conf parser mishandled masks on sortlists.
7328 It also aborted when an unrecognized keyword was seen,
7329 now it silently ignores the entire line.
7331 251. [bug] lwresd caught an assertion failure on startup.
7333 250. [bug] fixed handling of size+unit when value would be too
7334 large for internal representation.
7336 249. [cleanup] max-cache-size config option now takes a size-spec
7337 like 'datasize', except 'default' is not allowed.
7339 248. [bug] global lame-ttl option was not being printed when
7340 config structures were written out.
7342 247. [cleanup] Rename cache-size config option to max-cache-size.
7344 246. [func] Rename global option cachesize to cache-size and
7345 add corresponding option to view statement.
7347 245. [bug] If an uncompressed name will take more than 255
7348 bytes and the buffer is sufficiently long,
7349 dns_name_fromwire should return DNS_R_FORMERR,
7350 not ISC_R_NOSPACE. This bug caused cause the
7351 server to catch an assertion failure when it
7352 received a query for a name longer than 255
7355 244. [bug] empty named.conf file and empty options statement are
7356 now parsed properly.
7358 243. [func] new cachesize option for named.conf
7360 242. [cleanup] fixed incorrect warning about auth-nxdomain usage.
7362 241. [cleanup] nscount and soacount have been removed from the
7363 dns_master_*() argument lists.
7365 240. [func] databases now come in three flavours: zone, cache
7368 239. [func] If ISC_MEM_DEBUG is enabled, the variable
7369 isc_mem_debugging controls whether messages
7372 238. [cleanup] A few more compilation warnings have been quieted:
7373 + missing sigwait prototype on BSD/OS 4.0/4.0.1.
7374 + PTHREAD_ONCE_INIT unbraced initializer warnings on
7376 + IN6ADDR_ANY_INIT unbraced initializer warnings on
7377 BSD/OS 4.*, Linux and Solaris 2.8.
7379 237. [bug] If connect() returned ENOBUFS when the resolver was
7380 initiating a TCP query, the socket didn't get
7381 destroyed, and the server did not shut down cleanly.
7383 236. [func] Added new listen-on-v6 config file statement.
7385 235. [func] Consider it a config file error if a listen-on
7386 statement has an IPv6 address in it, or a
7387 listen-on-v6 statement has an IPv4 address in it.
7389 234. [bug] Allow a trusted-key's first field (domain-name) be
7390 either a quoted or an unquoted string, instead of
7391 requiring a quoted string.
7393 233. [cleanup] Convert all config structure integer values to unsigned
7394 integer (isc_uint32_t) to match grammar.
7396 232. [bug] Allow slave zones to not have a file.
7398 231. [func] Support new 'port' clause in config file options
7399 section. Causes 'listen-on', 'masters' and
7400 'also-notify' statements to use its value instead of
7403 230. [func] Replace the dst sign/verify API with a cleaner one.
7405 229. [func] Support config file sig-validity-interval statement
7406 in options, views and zone statements (master
7409 228. [cleanup] Logging messages in config module stripped of
7412 227. [cleanup] The enumerated identifiers dns_rdataclass_*,
7413 dns_rcode_*, dns_opcode_*, and dns_trust_* are
7414 also now cast to their appropriate types, as with
7415 dns_rdatatype_* in item number 225 below.
7417 226. [func] dns_name_totext() now always prints the root name as
7418 '.', even when omit_final_dot is true.
7420 225. [cleanup] The enumerated dns_rdatatype_* identifiers are now
7421 cast to dns_rdatatype_t via macros of their same name
7422 so that they are of the proper integral type wherever
7423 a dns_rdatatype_t is needed.
7425 224. [cleanup] The entire project builds cleanly with gcc's
7426 -Wcast-qual and -Wwrite-strings warnings enabled,
7427 which is now the default when using gcc. (Warnings
7428 from confparser.c, because of yacc's code, are
7429 unfortunately to be expected.)
7431 223. [func] Several functions were re-prototyped to qualify one
7432 or more of their arguments with "const". Similarly,
7433 several functions that return pointers now have
7434 those pointers qualified with const.
7436 222. [bug] The global 'also-notify' option was ignored.
7438 221. [bug] An uninitialized variable was sometimes passed to
7439 dns_rdata_freestruct() when loading a zone, causing
7440 an assertion failure.
7442 220. [cleanup] Set the default outgoing port in the view, and
7443 set it in sockaddrs returned from the ADB.
7444 [31-May-2000 explorer]
7446 219. [bug] Signed truncated messages more correctly follow
7447 the respective specs.
7449 218. [func] When an rdataset is signed, its ttl is normalized
7450 based on the signature validity period.
7452 217. [func] Also-notify and trusted-keys can now be used in
7453 the 'view' statement.
7455 216. [func] The 'max-cache-ttl' and 'max-ncache-ttl' options
7458 215. [bug] Failures at certain points in request processing
7459 could cause the assertion INSIST(client->lockview
7460 == NULL) to be triggered.
7462 214. [func] New public function isc_netaddr_format(), for
7463 formatting network addresses in log messages.
7465 213. [bug] Don't leak memory when reloading the zone if
7466 an update-policy clause was present in the old zone.
7468 212. [func] Added dns_message_get/settsigkey, to make TSIG
7469 key management reasonable.
7471 211. [func] The 'key' and 'server' statements can now occur
7472 inside 'view' statements.
7474 210. [bug] The 'allow-transfer' option was ignored for slave
7475 zones, and the 'transfers-per-ns' option was
7476 was ignored for all zones.
7478 209. [cleanup] Upgraded openssl files to new version 0.9.5a
7480 208. [func] Added ISC_OFFSET_MAXIMUM for the maximum value
7483 207. [func] The dnssec tools properly use the logging subsystem.
7485 206. [cleanup] dst now stores the key name as a dns_name_t, not
7488 205. [cleanup] On IRIX, turn off the mostly harmless warnings 1692
7489 ("prototyped function redeclared without prototype")
7490 and 1552 ("variable ... set but not used") when
7491 compiling in the lib/dns/sec/{dnssafe,openssl}
7492 directories, which contain code imported from outside
7495 204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
7496 to quiet the warnings that "The linked output may not
7497 run on a PA 1.x system."
7499 203. [func] notify and zone soa queries are now tsig signed when
7502 202. [func] isc_lex_getsourceline() changed from returning int
7503 to returning unsigned long, the type of its underlying
7506 201. [cleanup] Removed the test/sdig program, it has been
7507 replaced by bin/dig/dig.
7509 --- 9.0.0b3 released ---
7511 200. [bug] Failures in sending query responses to clients
7512 (e.g., running out of network buffers) were
7515 199. [bug] isc_heap_delete() sometimes violated the heap
7516 invariant, causing timer events not to be posted
7519 198. [func] Dispatch managers hold memory pools which
7520 any managed dispatcher may use. This allows
7521 us to avoid dipping into the memory context for
7522 most allocations. [19-May-2000 explorer]
7524 197. [bug] When an incoming AXFR or IXFR completes, the
7525 zone's internal state is refreshed from the
7526 SOA data. [19-May-2000 explorer]
7528 196. [func] Dispatchers can be shared easily between views
7529 and/or interfaces. [19-May-2000 explorer]
7531 195. [bug] Including the NXT record of the root domain
7532 in a negative response caused an assertion
7535 194. [doc] The PDF version of the Administrator's Reference
7536 Manual is no longer included in the ISC BIND9
7539 193. [func] changed dst_key_free() prototype.
7541 192. [bug] Zone configuration validation is now done at end
7542 of config file parsing, and before loading
7545 191. [func] Patched to compile on UnixWare 7.x. This platform
7546 is not directly supported by the ISC.
7548 190. [cleanup] The DNSSEC tools have been moved to a separate
7549 directory dnssec/ and given the following new,
7550 more descriptive names:
7557 Their command line arguments have also been changed to
7558 be more consistent. dnssec-keygen now prints the
7559 name of the generated key files (sans extension)
7560 on standard output to simplify its use in automated
7563 189. [func] isc_time_secondsastimet(), a new function, will ensure
7564 that the number of seconds in an isc_time_t does not
7565 exceed the range of a time_t, or return ISC_R_RANGE.
7566 Similarly, isc_time_now(), isc_time_nowplusinterval(),
7567 isc_time_add() and isc_time_subtract() now check the
7568 range for overflow/underflow. In the case of
7569 isc_time_subtract, this changed a calling requirement
7570 (ie, something that could generate an assertion)
7571 into merely a condition that returns an error result.
7572 isc_time_add() and isc_time_subtract() were void-
7573 valued before but now return isc_result_t.
7575 188. [func] Log a warning message when an incoming zone transfer
7576 contains out-of-zone data.
7578 187. [func] isc_ratelimiter_enqueue() has an additional argument
7581 186. [func] dns_request_getresponse() has an additional argument
7584 185. [bug] Fixed up handling of ISC_MEMCLUSTER_LEGACY. Several
7585 public functions did not have an isc__ prefix, and
7586 referred to functions that had previously been
7589 184. [cleanup] Variables/functions which began with two leading
7590 underscores were made to conform to the ANSI/ISO
7591 standard, which says that such names are reserved.
7593 183. [func] ISC_LOG_PRINTTAG option for log channels. Useful
7594 for logging the program name or other identifier.
7596 182. [cleanup] New command-line parameters for dnssec tools
7598 181. [func] Added dst_key_buildfilename and dst_key_parsefilename
7600 180. [func] New isc_result_t ISC_R_RANGE. Supersedes DNS_R_RANGE.
7602 179. [func] options named.conf statement *must* now come
7603 before any zone or view statements.
7605 178. [func] Post-load of named.conf check verifies a slave zone
7606 has non-empty list of masters defined.
7608 177. [func] New per-zone boolean:
7610 enable-zone yes | no ;
7612 intended to let a zone be disabled without having
7613 to comment out the entire zone statement.
7615 176. [func] New global and per-view option:
7617 max-cache-ttl number
7619 175. [func] New global and per-view option:
7621 additional-data internal | minimal | maximal;
7623 174. [func] New public function isc_sockaddr_format(), for
7624 formatting socket addresses in log messages.
7626 173. [func] Keep a queue of zones waiting for zone transfer
7627 quota so that a new transfer can be dispatched
7628 immediately whenever quota becomes available.
7630 172. [bug] $TTL directive was sometimes missing from dumped
7631 master files because totext_ctx_init() failed to
7632 initialize ctx->current_ttl_valid.
7634 171. [cleanup] On NetBSD systems, the mit-pthreads or
7635 unproven-pthreads library is now always used
7636 unless --with-ptl2 is explicitly specified on
7637 the configure command line. The
7638 --with-mit-pthreads option is no longer needed
7639 and has been removed.
7641 170. [cleanup] Remove inter server consistency checks from zone,
7642 these should return as a separate module in 9.1.
7643 dns_zone_checkservers(), dns_zone_checkparents(),
7644 dns_zone_checkchildren(), dns_zone_checkglue().
7646 Remove dns_zone_setadb(), dns_zone_setresolver(),
7647 dns_zone_setrequestmgr() these should now be found
7650 169. [func] ratelimiter can now process N events per interval.
7652 168. [bug] include statements in named.conf caused syntax errors
7653 due to not consuming the semicolon ending the include
7654 statement before switching input streams.
7656 167. [bug] Make lack of masters for a slave zone a soft error.
7658 166. [bug] Keygen was overwriting existing keys if key_id
7659 conflicted, now it will retry, and non-null keys
7660 with key_id == 0 are not generated anymore. Key
7661 was not able to generate NOAUTHCONF DSA key,
7662 increased RSA key size to 2048 bits.
7664 165. [cleanup] Silence "end-of-loop condition not reached" warnings
7665 from Solaris compiler.
7667 164. [func] Added functions isc_stdio_open(), isc_stdio_close(),
7668 isc_stdio_seek(), isc_stdio_read(), isc_stdio_write(),
7669 isc_stdio_flush(), isc_stdio_sync(), isc_file_remove()
7670 to encapsulate nonportable usage of errno and sync.
7672 163. [func] Added result codes ISC_R_FILENOTFOUND and
7675 162. [bug] Ensure proper range for arguments to ctype.h functions.
7677 161. [cleanup] error in yyparse prototype that only HPUX caught.
7679 160. [cleanup] getnet*() are not going to be implemented at this
7682 159. [func] Redefinition of config file elements is now an
7683 error (instead of a warning).
7685 158. [bug] Log channel and category list copy routines
7686 weren't assigning properly to output parameter.
7688 157. [port] Fix missing prototype for getopt().
7690 156. [func] Support new 'database' statement in zone.
7692 database "quoted-string";
7694 155. [bug] ns_notify_start() was not detaching the found zone.
7696 154. [func] The signer now logs libdns warnings to stderr even when
7697 not verbose, and in a nicer format.
7699 153. [func] dns_rdata_tostruct() 'mctx' is now optional. If 'mctx'
7700 is NULL then you need to preserve the 'rdata' until
7701 you have finished using the structure as there may be
7702 references to the associated memory. If 'mctx' is
7703 non-NULL it is guaranteed that there are no references
7704 to memory associated with 'rdata'.
7706 dns_rdata_freestruct() must be called if 'mctx' was
7707 non-NULL and may safely be called if 'mctx' was NULL.
7709 152. [bug] keygen dumped core if domain name argument was omitted
7712 151. [func] Support 'disabled' statement in zone config (causes
7713 zone to be parsed and then ignored). Currently must
7714 come after the 'type' clause.
7716 150. [func] Support optional ports in masters and also-notify
7719 masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
7721 149. [cleanup] Removed unused argument 'olist' from
7722 dns_c_view_unsetordering().
7724 148. [cleanup] Stop issuing some warnings about some configuration
7725 file statements that were not implemented, but now are.
7727 147. [bug] Changed yacc union size to be smaller for yaccs that
7728 put yacc-stack on the real stack.
7730 146. [cleanup] More general redundant header file cleanup. Rather
7731 than continuing to itemize every header which changed,
7732 this changelog entry just notes that if a header file
7733 did not need another header file that it was including
7734 in order to provide its advertised functionality, the
7735 inclusion of the other header file was removed. See
7736 util/check-includes for how this was tested.
7738 145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
7739 ISC_LANG_ENDDECLS to header files that had function
7740 prototypes, and removed it from those that did not.
7742 144. [cleanup] libdns header files too numerous to name were made
7743 to conform to the same style for multiple inclusion
7746 143. [func] Added function dns_rdatatype_isknown().
7748 142. [cleanup] <isc/stdtime.h> does not need <time.h> or
7751 141. [bug] Corrupt requests with multiple questions could
7752 cause an assertion failure.
7754 140. [cleanup] <isc/time.h> does not need <time.h> or <isc/result.h>.
7756 139. [cleanup] <isc/net.h> now includes <isc/types.h> instead of
7757 <isc/int.h> and <isc/result.h>.
7759 138. [cleanup] isc_strtouq moved from str.[ch] to string.[ch] and
7760 renamed isc_string_touint64. isc_strsep moved from
7761 strsep.c to string.c and renamed isc_string_separate.
7763 137. [cleanup] <isc/commandline.h>, <isc/mem.h>, <isc/print.h>
7764 <isc/serial.h>, <isc/string.h> and <isc/offset.h>
7765 made to conform to the same style for multiple
7766 inclusion protection.
7768 136. [cleanup] <isc/commandline.h>, <isc/interfaceiter.h>,
7769 <isc/net.h> and Win32's <isc/thread.h> needed
7770 ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS.
7772 135. [cleanup] Win32's <isc/condition.h> did not need <isc/result.h>
7773 or <isc/boolean.h>, now uses <isc/types.h> in place
7774 of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
7775 and ISC_LANG_ENDDECLS.
7777 134. [cleanup] <isc/dir.h> does not need <limits.h>.
7779 133. [cleanup] <isc/ipv6.h> needs <isc/platform.h>.
7781 132. [cleanup] <isc/app.h> does not need <isc/task.h>, but does
7782 need <isc/eventclass.h>.
7784 131. [cleanup] <isc/mutex.h> and <isc/util.h> need <isc/result.h>
7785 for ISC_R_* codes used in macros.
7787 130. [cleanup] <isc/condition.h> does not need <pthread.h> or
7788 <isc/boolean.h>, and now includes <isc/types.h>
7789 instead of <isc/time.h>.
7791 129. [bug] The 'default_debug' log channel was not set up when
7792 'category default' was present in the config file
7794 128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
7795 ISC_LANG_ENDDECLS at end of header.
7797 127. [cleanup] The contracts for the comparison routines
7798 dns_name_fullcompare(), dns_name_compare(),
7799 dns_name_rdatacompare(), and dns_rdata_compare() now
7800 specify that the order value returned is < 0, 0, or > 0
7801 instead of -1, 0, or 1.
7803 126. [cleanup] <isc/quota.h> and <isc/taskpool.h> need <isc/lang.h>.
7805 125. [cleanup] <isc/eventclass.h>, <isc/ipv6.h>, <isc/magic.h>,
7806 <isc/mutex.h>, <isc/once.h>, <isc/region.h>, and
7807 <isc/resultclass.h> do not need <isc/lang.h>.
7809 124. [func] signer now imports parent's zone key signature
7810 and creates null keys/sets zone status bit for
7811 children when necessary
7813 123. [cleanup] <isc/event.h> does not need <stddef.h>.
7815 122. [cleanup] <isc/task.h> does not need <isc/mem.h> or
7818 121. [cleanup] <isc/symtab.h> does not need <isc/mem.h> or
7819 <isc/result.h>. Multiple inclusion protection
7820 symbol fixed from ISC_SYMBOL_H to ISC_SYMTAB_H.
7821 isc_symtab_t moved to <isc/types.h>.
7823 120. [cleanup] <isc/socket.h> does not need <isc/boolean.h>,
7824 <isc/bufferlist.h>, <isc/task.h>, <isc/mem.h> or
7827 119. [cleanup] structure definitions for generic rdata structures do
7828 not have _generic_ in their names.
7830 118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
7831 YACC crust (yyparse, etc) [2000-apr-27 explorer]
7833 117. [cleanup] libdns.a changes:
7834 dns_zone_clearnotify() and dns_zone_addnotify()
7835 are replaced by dns_zone_setnotifyalso().
7836 dns_zone_clearmasters() and dns_zone_addmaster()
7837 are replaced by dns_zone_setmasters().
7839 116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
7842 115. [port] Shut up the -Wmissing-declarations warning about
7843 <stdio.h>'s __sputaux on BSD/OS pre-4.1.
7845 114. [cleanup] <isc/sockaddr.h> does not need <isc/buffer.h> or
7848 113. [func] Utility programs dig and host added.
7850 112. [cleanup] <isc/serial.h> does not need <isc/boolean.h>.
7852 111. [cleanup] <isc/rwlock.h> does not need <isc/result.h> or
7855 110. [cleanup] <isc/result.h> does not need <isc/boolean.h> or
7858 109. [bug] "make depend" did nothing for
7859 bin/tests/{db,mem,sockaddr,tasks,timers}/.
7861 108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
7862 <dns/types.h> to <dns/bit.h> and renamed to
7863 DNS_BIT_SET/DNS_BIT_GET/DNS_BIT_CLEAR.
7865 107. [func] Add keysigner and keysettool.
7867 106. [func] Allow dnssec verifications to ignore the validity
7868 period. Used by several of the dnssec tools.
7870 105. [doc] doc/dev/coding.html expanded with other
7871 implicit conventions the developers have used.
7873 104. [bug] Made compress_add and compress_find static to
7876 103. [func] libisc buffer API changes for <isc/buffer.h>:
7878 isc_buffer_base(b) (pointer)
7879 isc_buffer_current(b) (pointer)
7880 isc_buffer_active(b) (pointer)
7881 isc_buffer_used(b) (pointer)
7882 isc_buffer_length(b) (int)
7883 isc_buffer_usedlength(b) (int)
7884 isc_buffer_consumedlength(b) (int)
7885 isc_buffer_remaininglength(b) (int)
7886 isc_buffer_activelength(b) (int)
7887 isc_buffer_availablelength(b) (int)
7889 ISC_BUFFER_USEDCOUNT(b)
7890 ISC_BUFFER_AVAILABLECOUNT(b)
7893 isc_buffer_used(b, r) ->
7894 isc_buffer_usedregion(b, r)
7895 isc_buffer_available(b, r) ->
7896 isc_buffer_available_region(b, r)
7897 isc_buffer_consumed(b, r) ->
7898 isc_buffer_consumedregion(b, r)
7899 isc_buffer_active(b, r) ->
7900 isc_buffer_activeregion(b, r)
7901 isc_buffer_remaining(b, r) ->
7902 isc_buffer_remainingregion(b, r)
7904 Buffer types were removed, so the ISC_BUFFERTYPE_*
7905 macros are no more, and the type argument to
7906 isc_buffer_init and isc_buffer_allocate were removed.
7907 isc_buffer_putstr is now void (instead of isc_result_t)
7908 and requires that the caller ensure that there
7909 is enough available buffer space for the string.
7911 102. [port] Correctly detect inet_aton, inet_pton and inet_ptop
7914 101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
7916 100. [cleanup] <isc/random.h> does not need <isc/int.h> or
7917 <isc/mutex.h>. isc_random_t moved to <isc/types.h>.
7919 99. [cleanup] Rate limiter now has separate shutdown() and
7920 destroy() functions, and it guarantees that all
7921 queued events are delivered even in the shutdown case.
7923 98. [cleanup] <isc/print.h> does not need <stdarg.h> or <stddef.h>
7924 unless ISC_PLATFORM_NEEDVSNPRINTF is defined.
7926 97. [cleanup] <isc/ondestroy.h> does not need <stddef.h> or
7929 96. [cleanup] <isc/mutex.h> does not need <isc/result.h>.
7931 95. [cleanup] <isc/mutexblock.h> does not need <isc/result.h>.
7933 94. [cleanup] Some installed header files did not compile as C++.
7935 93. [cleanup] <isc/msgcat.h> does not need <isc/result.h>.
7937 92. [cleanup] <isc/mem.h> does not need <stddef.h>, <isc/boolean.h>,
7940 91. [cleanup] <isc/log.h> does not need <sys/types.h> or
7943 90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
7944 from <named/listenlist.h>.
7946 89. [cleanup] <isc/lex.h> does not need <stddef.h>.
7948 88. [cleanup] <isc/interfaceiter.h> does not need <isc/result.h> or
7949 <isc/mem.h>. isc_interface_t and isc_interfaceiter_t
7950 moved to <isc/types.h>.
7952 87. [cleanup] <isc/heap.h> does not need <isc/boolean.h>,
7953 <isc/mem.h> or <isc/result.h>.
7955 86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
7958 85. [cleanup] <isc/bufferlist.h> does not need <isc/buffer.h>,
7959 <isc/list.h>, <isc/mem.h>, <isc/region.h> or
7962 84. [func] allow-query ACL checks now apply to all data
7963 added to a response.
7965 83. [func] If the server is authoritative for both a
7966 delegating zone and its (nonsecure) delegatee, and
7967 a query is made for a KEY RR at the top of the
7968 delegatee, then the server will look for a KEY
7969 in the delegator if it is not found in the delegatee.
7971 82. [cleanup] <isc/buffer.h> does not need <isc/list.h>.
7973 81. [cleanup] <isc/int.h> and <isc/boolean.h> do not need
7976 80. [cleanup] <isc/print.h> does not need <stdio.h> or <stdlib.h>.
7978 79. [cleanup] <dns/callbacks.h> does not need <stdio.h>.
7980 78. [cleanup] lwres_conftest renamed to lwresconf_test for
7981 consistency with other *_test programs.
7983 77. [cleanup] typedef of isc_time_t and isc_interval_t moved from
7984 <isc/time.h> to <isc/types.h>.
7986 76. [cleanup] Rewrote keygen.
7988 75. [func] Don't load a zone if its database file is older
7989 than the last time the zone was loaded.
7991 74. [cleanup] Removed mktemplate.o and ufile.o from libisc.a,
7994 73. [func] New "file" API in libisc, including new function
7995 isc_file_getmodtime, isc_mktemplate renamed to
7996 isc_file_mktemplate and isc_ufile renamed to
7997 isc_file_openunique. By no means an exhaustive API,
7998 it is just what's needed for now.
8000 72. [func] DNS_RBTFIND_NOPREDECESSOR and DNS_RBTFIND_NOOPTIONS
8001 added for dns_rbt_findnode, the former to disable the
8002 setting of the chain to the predecessor, and the
8003 latter to make clear when no options are set.
8005 71. [cleanup] Made explicit the implicit REQUIREs of
8006 isc_time_seconds, isc_time_nanoseconds, and
8009 70. [func] isc_time_set() added.
8011 69. [bug] The zone object's master and also-notify lists grew
8012 longer with each server reload.
8014 68. [func] Partial support for SIG(0) on incoming messages.
8016 67. [performance] Allow use of alternate (compile-time supplied)
8017 OpenSSL libraries/headers.
8019 66. [func] Data in authoritative zones should have a trust level
8022 65. [cleanup] Removed obsolete typedef of dns_zone_callbackarg_t
8025 64. [func] The RBT, DB, and zone table APIs now allow the
8026 caller find the most-enclosing superdomain of
8029 63. [func] Generate NOTIFY messages.
8031 62. [func] Add UDP refresh support.
8033 61. [cleanup] Use single quotes consistently in log messages.
8035 60. [func] Catch and disallow singleton types on message
8038 59. [bug] Cause net/host unreachable to be a hard error
8039 when sending and receiving.
8041 58. [bug] bin/named/query.c could sometimes trigger the
8042 (client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
8043 == 0 assertion in query_newname().
8045 57. [func] Added dns_nxt_typepresent()
8047 56. [bug] SIG records were not properly returned in cached
8050 55. [bug] Responses containing multiple names in the authority
8051 section were not negatively cached.
8053 54. [bug] If a fetch with sigrdataset==NULL joined one with
8054 sigrdataset!=NULL or vice versa, the resolver
8055 could catch an assertion or lose signature data,
8058 53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
8061 52. [bug] rndc: taskmgr and socketmgr were not initialized
8064 51. [cleanup] dns/compress.h and dns/zt.h did not need to include
8065 dns/rbt.h; it was needed only by compress.c and zt.c.
8067 50. [func] RBT deletion no longer requires a valid chain to work,
8068 and dns_rbt_deletenode was added.
8070 49. [func] Each cache now has its own mctx.
8072 48. [func] isc_task_create() no longer takes an mctx.
8073 isc_task_mem() has been eliminated.
8075 47. [func] A number of modules now use memory context reference
8078 46. [func] Memory contexts are now reference counted.
8079 Added isc_mem_inuse() and isc_mem_preallocate().
8080 Renamed isc_mem_destroy_check() to
8081 isc_mem_setdestroycheck().
8083 45. [bug] The trusted-key statement incorrectly loaded keys.
8085 44. [bug] Don't include authority data if it would force us
8086 to unset the AD bit in the message.
8088 43. [bug] DNSSEC verification of cached rdatasets was failing.
8090 42. [cleanup] Simplified logging of messages with embedded domain
8091 names by introducing a new convenience function
8094 41. [func] Use PR_SET_KEEPCAPS on Linux 2.3.99-pre3 and later
8095 to allow 'named' to run as a non-root user while
8096 retaining the ability to bind() to privileged
8099 40. [func] Introduced new logging category "dnssec" and
8100 logging module "dns/validator".
8102 39. [cleanup] Moved the typedefs for isc_region_t, isc_textregion_t,
8103 and isc_lex_t to <isc/types.h>.
8105 38. [bug] TSIG signed incoming zone transfers work now.
8107 37. [bug] If the first RR in an incoming zone transfer was
8108 not an SOA, the server died with an assertion failure
8109 instead of just reporting an error.
8111 36. [cleanup] Change DNS_R_SUCCESS (and others) to ISC_R_SUCCESS
8113 35. [performance] Log messages which are of a level too high to be
8114 logged by any channel in the logging configuration
8115 will not cause the log mutex to be locked.
8117 34. [bug] Recursion was allowed even with 'recursion no'.
8119 33. [func] The RBT now maintains a parent pointer at each node.
8121 32. [cleanup] bin/lwresd/client.c needs <string.h> for memset()
8124 31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
8126 30. [func] config file grammar change to support optional
8127 class type for a view.
8129 29. [func] support new config file view options:
8131 auth-nxdomain recursion query-source
8132 query-source-v6 transfer-source
8133 transfer-source-v6 max-transfer-time-out
8134 max-transfer-idle-out transfer-format
8135 request-ixfr provide-ixfr cleaning-interval
8136 fetch-glue notify rfc2308-type1 lame-ttl
8137 max-ncache-ttl min-roots
8139 28. [func] support lame-ttl, min-roots and serial-queries
8140 config global options.
8142 27. [bug] Only include <netinet6/in6.h> on BSD/OS 4.[01]*.
8143 Including it on other platforms (eg, NetBSD) can
8144 cause a forced #error from the C preprocessor.
8146 26. [func] new match-clients statement in config file view.
8148 25. [bug] make install failed to install <isc/log.h> and
8151 24. [cleanup] Eliminate some unnecessary #includes of header
8152 files from header files.
8154 23. [cleanup] Provide more context in log messages about client
8155 requests, using a new function ns_client_log().
8157 22. [bug] SIGs weren't returned in the answer section when
8158 the query resulted in a fetch.
8160 21. [port] Look at STD_CINCLUDES after CINCLUDES during
8161 compilation, so additional system include directories
8162 can be searched but header files in the bind9 source
8163 tree with conflicting names take precedence. This
8164 avoids issues with installed versions of dnssafe and
8167 20. [func] Configuration file post-load validation of zones
8168 failed if there were no zones.
8170 19. [bug] dns_zone_notifyreceive() failed to unlock the zone
8171 lock in certain error cases.
8173 18. [bug] Use AC_TRY_LINK rather than AC_TRY_COMPILE in
8174 configure.in to check for presence of in6addr_any.
8176 17. [func] Do configuration file post-load validation of zones.
8178 16. [bug] put quotes around key names on config file
8179 output to avoid possible keyword clashes.
8181 15. [func] Add dns_name_dupwithoffsets(). This function is
8182 improves comparison performance for duped names.
8184 14. [bug] free_rbtdb() could have 'put' unallocated memory in
8185 an unlikely error path.
8187 13. [bug] lib/dns/master.c and lib/dns/xfrin.c didn't ignore
8190 12. [bug] Fixed possible uninitialized variable error.
8192 11. [bug] axfr_rrstream_first() didn't check the result code of
8193 db_rr_iterator_first(), possibly causing an assertion
8194 to be triggered later.
8196 10. [bug] A bug in the code which makes EDNS0 OPT records in
8197 bin/named/client.c and lib/dns/resolver.c could
8198 trigger an assertion.
8200 9. [cleanup] replaced bit-setting code in confctx.c and replaced
8201 repeated code with macro calls.
8203 8. [bug] Shutdown of incoming zone transfer accessed
8206 7. [cleanup] removed 'listen-on' from view statement.
8208 6. [bug] quote RR names when generating config file to
8209 prevent possible clash with config file keywords
8212 5. [func] syntax change to named.conf file: new ssu grant/deny
8213 statements must now be enclosed by an 'update-policy'
8216 4. [port] bin/named/unix/os.c didn't compile on systems with
8217 linux 2.3 kernel includes due to conflicts between
8218 C library includes and the kernel includes. We now
8219 get only what we need from <linux/capability.h>, and
8220 avoid pulling in other linux kernel .h files.
8222 3. [bug] TKEYs go in the answer section of responses, not
8223 the additional section.
8225 2. [bug] Generating cryptographic randomness failed on
8226 systems without /dev/random.
8228 1. [bug] The installdirs rule in
8229 lib/isc/unix/include/isc/Makefile.in had a typo which
8230 prevented the isc directory from being created if it
8233 --- 9.0.0b2 released ---
8235 # This tells Emacs to use hard tabs in this file.
8237 # indent-tabs-mode: t