1 --- 9.6-ESV-R4-P3 released ---
3 3124. [bug] Use an rdataset attribute flag to indicate
4 negative-cache records rather than using rrtype 0;
5 this will prevent problems when that rrtype is
6 used in actual DNS packets. [RT #24777]
8 --- 9.6-ESV-R4-P2 released (withdrawn) ---
10 3123. [security] Change #2912 exposed a latent flaw in
11 dns_rdataset_totext() that could cause named to
12 crash with an assertion failure. [RT #24777]
14 --- 9.6-ESV-R4-P1 released ---
16 3121. [security] An authoritative name server sending a negative
17 response containing a very large RRset could
18 trigger an off-by-one error in the ncache code
19 and crash named. [RT #24650]
21 3120. [bug] Named could fail to validate zones listed in a DLV
22 that validated insecure without using DLV and had
23 DS records in the parent zone. [RT #24631]
25 --- 9.6-ESV-R4 released ---
27 --- 9.6.3 released ---
29 3009. [bug] clients-per-query code didn't work as expected with
30 particular query patterns. [RT #22972]
32 --- 9.6.3rc1 released ---
34 3007. [bug] Named failed to preserve the case of domain names in
35 rdata which is not compressible when writing master
38 3002. [bug] isc_mutex_init_errcheck() failed to destroy attr.
41 2996. [security] Temporarily disable SO_ACCEPTFILTER support.
44 2995. [bug] The Kerberos realm was not being correctly extracted
45 from the signer's identity. [RT #22770]
47 2994. [port] NetBSD: use pthreads by default on NetBSD >= 5.0, and
48 do not use threads on earlier versions. Also kill
49 the unproven-pthreads, mit-pthreads, and ptl2 support.
51 2984. [bug] Don't run MX checks when the target of the MX record
54 2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
57 --- 9.6.3b1 released ---
59 2982. [bug] Reference count dst keys. dst_key_attach() can be used
60 increment the reference count.
62 Note: dns_tsigkey_createfromkey() callers should now
63 always call dst_key_free() rather than setting it
64 to NULL on success. [RT #22672]
66 2979. [bug] named could deadlock during shutdown if two
67 "rndc stop" commands were issued at the same
70 2978. [port] hpux: look for <devpoll.h> [RT #21919]
72 2976. [bug] named could die on exit after negotiating a GSS-TSIG
75 2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() aquired the
76 wrong lock which could lead to server deadlock.
79 2965. [func] Test HMAC functions using test data from RFC 2104 and
82 2960. [func] Check that named accepts non-authoritative answers.
85 2959. [func] Check that named starts with a missing masterfile.
88 2957. [bug] entropy_get() and entropy_getpseudo() failed to match
89 the API for RAND_bytes() and RAND_pseudo_bytes()
90 respectively. [RT #21962]
92 2956. [port] Enable atomic operations on the PowerPC64. [RT #21899]
94 2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
95 build_sqldbinstance failure. [RT #21623]
97 2953. [bug] Silence spurious "expected covering NSEC3, got an
98 exact match" message when returning a wildcard
99 no data response. [RT #21744]
101 2950. [bug] named failed to perform a SOA up to date check when
102 falling back to TCP on UDP timeouts when
103 ixfr-from-differences was set. [RT #21595]
105 2946. [doc] Document the default values for the minimum and maximum
106 zone refresh and retry values in the ARM. [RT #21886]
108 2945. [doc] Update empty-zones list in ARM. [RT #21772]
110 2944. [maint] Remove ORCHID prefix from built in empty zones.
113 2942. [contrib] zone2sqlite failed to setup the entropy sources.
116 2941. [bug] sdb and sdlz (dlz's zone database) failed to support
117 DNAME at the zone apex. [RT #21610]
119 2935. [bug] nsupdate: improve 'file not found' error message.
122 2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
125 2933. [bug] 'dig +nsid' used stack memory after it went out of
126 scope. This could potentially result in a unknown,
127 potentially malformed, EDNS option being sent instead
128 of the desired NSID option. [RT #21781]
130 2932. [cleanup] Corrected a numbering error in the "dnssec" test.
133 2931. [bug] Temporarily and partially disable change 2864
134 because it would cause infinite attempts of RRSIG
135 queries. This is an urgent care fix; we'll
136 revisit the issue and complete the fix later.
139 2929. [bug] Improved handling of GSS security contexts:
140 - added LRU expiration for generated TSIGs
141 - added the ability to use a non-default realm
142 - added new "realm" keyword in nsupdate
143 - limited lifetime of generated keys to 1 hour
144 or the lifetime of the context (whichever is
148 2923. [bug] 'dig +trace' could drop core after "connection
149 timeout". [RT #21514]
151 2922. [contrib] Update zkt to version 1.0.
153 2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
155 2916. [func] Add framework to use IPv6 in tests.
156 fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
158 2915. [cleanup] Be smarter about which objects we attempt to compile
159 based on configure options. [RT #21444]
161 2912. [func] Windows clients don't like UPDATE responses that clear
162 the zone section. [RT #20986]
164 2911. [bug] dnssec-signzone didn't handle out of zone records well.
167 2910. [func] Sanity check Kerberos credentials. [RT #20986]
169 2908. [bug] It was possible for re-signing to stop after removing
170 a DNSKEY. [RT #21384]
172 2905. [port] aix: set use_atomic=yes with native compiler.
175 2904. [bug] When using DLV, sub-zones of the zones in the DLV,
176 could be incorrectly marked as insecure instead of
177 secure leading to negative proofs failing. This was
178 a unintended outcome from change 2890. [RT# 21392]
180 2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
182 2899. [port] win32: Support linking against OpenSSL 1.0.0.
184 2898. [bug] nslookup leaked memory when -domain=value was
185 specified. [RT #21301]
187 2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
189 2891. [maint] Update empty-zones list to match
190 draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
192 2889. [bug] Elements of the grammar where not properly reported.
195 2888. [bug] Only the first EDNS option was displayed. [RT #21273]
197 2885. [bug] Improve -fno-strict-aliasing support probing in
198 configure. [RT #21080]
200 2884. [bug] Insufficient validation in dns_name_getlabelsequence().
203 2883. [bug] 'dig +short' failed to handle really large datasets.
206 2882. [bug] Remove memory context from list of active contexts
207 before clearing 'magic'. [RT #21274]
209 2881. [bug] Reduce the amount of time the rbtdb write lock
210 is held when closing a version. [RT #21198]
212 2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
215 2877. [bug] The validator failed to skip obviously mismatching
218 2875. [bug] dns_time64_fromtext() could accept non digits.
221 2874. [bug] Cache lack of EDNS support only after the server
222 successfully responds to the query using plain DNS.
225 2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
227 2868. [cleanup] Run "make clean" at the end of configure to ensure
228 any changes made by configure are integrated.
229 Use --with-make-clean=no to disable. [RT #20994]
231 2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
232 don't like it. [RT #20986]
234 2866. [bug] Windows does not like the TSIG name being compressed.
237 2865. [bug] memset to zero event.data. [RT #20986]
239 2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
242 2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
245 2862. [bug] nsupdate didn't default to the parent zone when
246 updating DS records. [RT #20896]
248 2859. [bug] When cancelling validation it was possible to leak
251 2858. [bug] RTT estimates were not being adjusted on ICMP errors.
254 2857. [bug] named-checkconf did not fail on a bad trusted key.
257 2856. [bug] The size of a memory allocation was not always properly
258 recorded. [RT #20927]
260 2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
262 2851. [doc] nslookup.1, removed <informalexample> from the docbook
263 source as it produced bad nroff. [RT #21007]
265 --- 9.6-ESV-R3 released ---
267 2972. [bug] win32: address windows socket errors. [RT #21906]
269 2971. [bug] Fixed a bug that caused journal files not to be
270 compacted on Windows systems as a result of
271 non-POSIX-compliant rename() semantics. [RT #22434]
273 2970. [security] Adding a NO DATA negative cache entry failed to clear
274 any matching RRSIG records. A subsequent lookup of
275 of NO DATA cache entry could trigger a INSIST when the
276 unexpected RRSIG was also returned with the NO DATA
279 CVE-2010-3613, VU#706148. [RT #22288]
281 2969. [security] Fix acl type processing so that allow-query works
282 in options and view statements. Also add a new
283 set of tests to verify proper functioning.
285 CVE-2010-3615, VU#510208. [RT #22418]
287 2968. [security] Named could fail to prove a data set was insecure
288 before marking it as insecure. One set of conditions
289 that can trigger this occurs naturally when rolling
292 CVE-2010-3614, VU#837744. [RT #22309]
294 2967. [bug] 'host -D' now turns on debugging messages earlier.
297 2966. [bug] isc_print_vsnprintf() failed to check if there was
298 space available in the buffer when adding a left
299 justified character with a non zero width,
300 (e.g. "%-1c"). [RT #22270]
302 2964. [bug] view->queryacl was being overloaded. Seperate the
303 usage into view->queryacl, view->cacheacl and
304 view->queryonacl. [RT #22114]
306 2962. [port] win32: add more dependencies to BINDBuild.dsw.
309 2952. [port] win32: named-checkzone and named-checkconf failed
310 to initialise winsock. [RT #21932]
312 2951. [bug] named failed to generate a correct signed response
313 in a optout, delegation only zone with no secure
314 delegations. [RT #22007]
316 --- 9.6-ESV-R2 released ---
318 2939. [func] Check that named successfully skips NSEC3 records
319 that fail to match the NSEC3PARAM record currently
322 2937. [bug] Worked around an apparent race condition in over
323 memory conditions. Without this fix a DNS cache DB or
324 ADB could incorrectly stay in an over memory state,
325 effectively refusing further caching, which
326 subsequently made a BIND 9 caching server unworkable.
327 This fix prevents this problem from happening by
328 polling the state of the memory context, rather than
329 making a copy of the state, which appeared to cause
330 a race. This is a "workaround" in that it doesn't
331 solve the possible race per se, but several experiments
332 proved this change solves the symptom. Also, the
333 polling overhead hasn't been reported to be an issue.
334 This bug should only affect a caching server that
335 specifies a finite max-cache-size. It's also quite
336 likely that the bug happens only when enabling threads,
337 but it's not confirmed yet. [RT #21818]
339 2925. [bug] Named failed to accept uncachable negative responses
340 from insecure zones. [RT# 21555]
342 2921. [bug] The resolver could attempt to destroy a fetch context
343 too soon. [RT #19878]
345 2900. [bug] The placeholder negative caching element was not
346 properly constructed triggering a INSIST in
347 dns_ncache_towire(). [RT #21346]
349 2890. [bug] Handle the introduction of new trusted-keys and
350 DS, DLV RRsets better. [RT #21097]
352 2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
355 --- 9.6-ESV-R1 released ---
357 2876. [bug] Named could return SERVFAIL for negative responses
358 from unsigned zones. [RT #21131]
360 --- 9.6-ESV released ---
362 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
364 --- 9.6.2 released ---
366 2850. [bug] If isc_heap_insert() failed due to memory shortage
367 the heap would have corrupted entries. [RT #20951]
369 2849. [bug] Don't treat errors from the xml2 library as fatal.
372 2846. [bug] EOF on unix domain sockets was not being handled
373 correctly. [RT #20731]
375 2844. [doc] notify-delay default in ARM was wrong. It should have
376 been five (5) seconds.
378 --- 9.6.2rc1 released ---
380 2838. [func] Backport support for SHA-2 DNSSEC algorithms,
381 RSASHA256 and RSASHA512, from BIND 9.7. (This
382 incorporates changes 2726 and 2738 from that
383 release branch.) [RT #20871]
385 2837. [port] Prevent Linux spurious warnings about fwrite().
388 2831. [security] Do not attempt to validate or cache
389 out-of-bailiwick data returned with a secure
390 answer; it must be re-fetched from its original
391 source and validated in that context. [RT #20819]
393 2828. [security] Cached CNAME or DNAME RR could be returned to clients
394 without DNSSEC validation. [RT #20737]
396 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
398 2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
399 was in the process of being created was not properly
400 recorded in the zone. [RT #20786]
402 2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
404 2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define.
407 2818. [cleanup] rndc could return an incorrect error code
408 when a zone was not found. [RT #20767]
410 2815. [bug] Exclusively lock the task when freezing a zone.
413 2814. [func] Provide a definitive error message when a master
414 zone is not loaded. [RT #20757]
416 --- 9.6.2b1 released ---
418 2797. [bug] Don't decrement the dispatch manager's maxbuffers.
421 2790. [bug] Handle DS queries to stub zones. [RT #20440]
423 2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
425 2786. [bug] Additional could be promoted to answer. [RT #20663]
427 2784. [bug] TC was not always being set when required glue was
430 2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
431 buffer size of 512 or less. [RT #20654]
433 2782. [port] win32: use getaddrinfo() for hostname lookups.
436 2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
438 2772. [security] When validating, track whether pending data was from
439 the additional section or not and only return it if
440 validates as secure. [RT #20438]
442 2765. [bug] Skip masters for which the TSIG key cannot be found.
445 2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
447 2759. [doc] Add information about .jbk/.jnw files to
450 2758. [bug] win32: Added a workaround for a windows 2008 bug
451 that could cause the UDP client handler to shut
454 2757. [bug] dig: assertion failure could occur in connect
457 2755. [doc] Clarify documentation of keyset- files in
458 dnssec-signzone man page. [RT #19810]
460 2754. [bug] Secure-to-insecure transitions failed when zone
461 was signed with NSEC3. [RT #20587]
463 2750. [bug] dig: assertion failure could occur when a server
464 didn't have an address. [RT #20579]
466 2749. [bug] ixfr-from-differences generated a non-minimal ixfr
467 for NSEC3 signed zones. [RT #20452]
469 2747. [bug] Journal roll forwards failed to set the re-signing
470 time of RRSIGs correctly. [RT #20541]
472 2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
473 for a insecure delegation.
475 2729. [func] When constructing a CNAME from a DNAME use the DNAME
478 2723. [bug] isc_base32_totext(), isc_base32hex_totext(), and
479 isc_base64_totext(), didn't always mark regions of
480 memory as fully consumed after conversion. [RT #20445]
482 2722. [bug] Ensure that the memory associated with the name of
483 a node in a rbt tree is not altered during the life
484 of the node. [RT #20431]
486 2721. [port] Have dst__entropy_status() prime the random number
487 generator. [RT #20369]
489 2718. [bug] The space calculations in opensslrsa_todns() were
490 incorrect. [RT #20394]
492 2716. [bug] nslookup debug mode didn't return the ttl. [RT #20414]
494 2715. [bug] Require OpenSSL support to be explicitly disabled.
497 2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
500 2713. [bug] powerpc: atomic operations missing asm("ics") /
503 2706. [bug] Loading a zone with a very large NSEC3 salt could
504 trigger an assert. [RT #20368]
506 2705. [bug] Reconcile the XML stats version number with a later
507 BIND9 release, by adding a "name" attribute to
508 "cache" elements and increasing the version number
509 to 2.2. (This is a minor version change, but may
510 affect XML parsers if they assume the cache element
511 doesn't take an attribute.)
513 2704. [bug] Serial of dynamic and stub zones could be inconsistent
514 with their SOA serial. [RT #19387]
516 2701. [doc] Correction to ARM: hmac-md5 is no longer the only
517 supported TSIG key algorithm. [RT #18046]
519 2700. [doc] The match-mapped-addresses option is discouraged.
522 2699. [bug] Missing lock in rbtdb.c. [RT #20037]
524 2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
525 S_IFREG are defined after including <isc/stat.h>.
528 2696. [bug] named failed to successfully process some valid
529 acl constructs. [RT #20308]
531 2692. [port] win32: 32/64 bit cleanups. [RT #20335]
533 2690. [bug] win32: fix isc_thread_key_getspecific() prototype.
536 2689. [bug] Correctly handle snprintf result. [RT #20306]
538 2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
539 to decide to fetch the destination address. [RT #20305]
541 2686. [bug] dnssec-signzone should clean the old NSEC chain when
542 signing with NSEC3 and vice versa. [RT #20301]
544 2683. [bug] dnssec-signzone should clean out old NSEC3 chains when
545 the NSEC3 parameters used to sign the zone change.
548 2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
551 2678. [func] Treat DS queries as if "minimal-response yes;"
554 2672. [bug] Don't enable searching in 'host' when doing reverse
557 2670. [bug] Unexpected connect failures failed to log enough
558 information to be useful. [RT #20205]
560 2663. [func] win32: allow named to run as a service using
561 "NT AUTHORITY\LocalService" as the account. [RT #19977]
563 2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
564 returned a misleading error code when lwresd was
567 2661. [bug] Check whether socket fd exceeds FD_SETSIZE when
568 creating lwres context. [RT #20029]
570 2659. [doc] Clarify dnssec-keygen doc: key name must match zone
571 name for DNSSEC keys. [RT #19938]
573 2656. [func] win32: add a "tools only" check box to the installer
574 which causes it to only install dig, host, nslookup,
575 nsupdate and relevant DLLs. [RT #19998]
577 2655. [doc] Document that key-directory does not affect
578 rndc.key. [RT #20155]
580 2653. [bug] Treat ENGINE_load_private_key() failures as key
581 not found rather than out of memory. [RT #18033]
583 2649. [bug] Set the domain for forward only zones. [RT #19944]
585 2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
587 2647. [bug] Remove unnecessary SOA updates when a new KSK is
590 2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
592 2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
593 which default to 64 bits. [RT #19927]
595 2643. [bug] Stub zones interacted badly with NSEC3 support.
598 2642. [bug] nsupdate could dump core on solaris when reading
599 improperly formatted key files. [RT #20015]
601 2640. [security] A specially crafted update packet will cause named
604 2639. [bug] Silence compiler warnings in gssapi code. [RT #19954]
606 2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
609 2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
612 2633. [bug] Handle 15 bit rand() functions. [RT #19783]
614 2632. [func] util/kit.sh: warn if documentation appears to be out of
617 2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
619 2623. [bug] Named started seaches for DS non-optimally. [RT #19915]
621 2621. [doc] Made copyright boilterplate consistent. [RT #19833]
623 2620. [bug] Delay thawing the zone until the reload of it has
624 completed successfully. [RT #19750]
626 2618. [bug] The sdb and sdlz db_interator_seek() methods could
627 loop infinitely. [RT #19847]
629 2617. [bug] ifconfig.sh failed to emit an error message when
630 run from the wrong location. [RT #19375]
632 2616. [bug] 'host' used the nameservers from resolv.conf even
633 when a explicit nameserver was specified. [RT #19852]
635 2615. [bug] "__attribute__((unused))" was in the wrong place
636 for ia64 gcc builds. [RT #19854]
638 2614. [port] win32: 'named -v' should automatically be executed
639 in the foreground. [RT #19844]
641 2613. [bug] Option argument validation was missing for
642 dnssec-dsfromkey. [RT #19828]
644 2610. [port] sunos: Change #2363 was not complete. [RT #19796]
646 2608. [func] Perform post signing verification checks in
647 dnssec-signzone. These can be disabled with -P.
649 The post sign verification test ensures that for each
650 algorithm in use there is at least one non revoked
651 self signed KSK key. That all revoked KSK keys are
652 self signed. That all records in the zone are signed
653 by the algorithm. [RT #19653]
655 2601. [doc] Mention file creation mode mask in the
658 2593. [bug] Improve a corner source of SERVFAILs [RT #19632]
660 2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
663 2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
664 Requires MySQL 5.0.19 or later. [RT #19084]
666 2580. [bug] UpdateRej statistics counter could be incremented twice
667 for one rejection. [RT #19476]
669 2533. [doc] ARM: document @ (at-sign). [RT #17144]
671 2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
672 function. [RT #18582]
674 --- 9.6.1 released ---
676 2607. [bug] named could incorrectly delete NSEC3 records for
677 empty nodes when processing a update request.
680 2606. [bug] "delegation-only" was not being accepted in
681 delegation-only type zones. [RT #19717]
683 2605. [bug] Accept DS responses from delegation only zones.
686 2603. [port] win32: handle .exe extension of named-checkzone and
687 named-comilezone argv[0] names under windows.
690 2602. [port] win32: fix debugging command line build of libisccfg.
693 --- 9.6.1rc1 released ---
695 2599. [bug] Address rapid memory growth when validation fails.
698 2597. [bug] Handle a validation failure with a insecure delegation
699 from a NSEC3 signed master/slave zone. [RT #19464]
701 2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
702 long, leading to inefficient memory usage or rejecting
703 newer cache entries in the worst case. [RT #19563]
705 2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
707 2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
709 2591. [bug] named could die when processing a update in
710 removed_orphaned_ds(). [RT #19507]
712 2588. [bug] SO_REUSEADDR could be set unconditionally after failure
713 of bind(2) call. This should be rare and mostly
714 harmless, but may cause interference with other
715 processes that happen to use the same port. [RT #19642]
717 2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
720 2585. [bug] Uninitialized socket name could be referenced via a
721 statistics channel, triggering an assertion failure in
722 XML rendering. [RT #19427]
724 2584. [bug] alpha: gcc optimization could break atomic operations.
727 2583. [port] netbsd: provide a control to not add the compile
728 date to the version string, -DNO_VERSION_DATE.
730 2582. [bug] Don't emit warning log message when we attempt to
731 remove non-existent journal. [RT #19516]
733 2579. [bug] DNSSEC lookaside validation failed to handle unknown
734 algorithms. [RT #19479]
736 2578. [bug] Changed default sig-signing-type to 65534, because
737 65535 turns out to be reserved. [RT #19477]
739 2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
742 --- 9.6.1b1 released ---
744 2577. [doc] Clarified some statistics counters. [RT #19454]
746 2576. [bug] NSEC record were not being correctly signed when
747 a zone transitions from insecure to secure.
748 Handle such incorrectly signed zones. [RT #19114]
750 2574. [doc] Document nsupdate -g and -o. [RT #19351]
752 2573. [bug] Replacing a non-CNAME record with a CNAME record in a
753 single transaction in a signed zone failed. [RT #19397]
755 2568. [bug] Report when the write to indicate a otherwise
756 successful start fails. [RT #19360]
758 2567. [bug] dst__privstruct_writefile() could miss write errors.
759 write_public_key() could miss write errors.
760 dnssec-dsfromkey could miss write errors.
763 2564. [bug] Only take EDNS fallback steps when processing timeouts.
766 2563. [bug] Dig could leak a socket causing it to wait forever
769 2562. [doc] ARM: miscellaneous improvements, reorganization,
770 and some new content.
772 2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
774 2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
776 2559. [bug] dnssec-dsfromkey could compute bad DS records when
777 reading from a K* files. [RT #19357]
779 2557. [cleanup] PCI compliance:
780 * new libisc log module file
781 * isc_dir_chroot() now also changes the working
784 * additional logging when files can't be removed.
786 2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
787 error checks in the correct order resulting in the
788 wrong error code sometimes being returned. [RT #19249]
790 2554. [bug] Validation of uppercase queries from NSEC3 zones could
793 2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
795 2552. [bug] zero-no-soa-ttl-cache was not being honoured.
798 2551. [bug] Potential Reference leak on return. [RT #19341]
800 2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
803 2549. [port] linux: define NR_OPEN if not currently defined.
806 2548. [bug] Install iterated_hash.h. [RT #19335]
808 2547. [bug] openssl_link.c:mem_realloc() could reference an
809 out-of-range area of the source buffer. New public
810 function isc_mem_reallocate() was introduced to address
811 this bug. [RT #19313]
813 2545. [doc] ARM: Legal hostname checking (check-names) is
814 for SRV RDATA too. [RT #19304]
816 2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
818 2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
820 2542. [doc] Update the description of dig +adflag. [RT #19290]
822 2541. [bug] Conditionally update dispatch manager statistics.
825 2539. [security] Update the interaction between recursion, allow-query,
826 allow-query-cache and allow-recursion. [RT #19198]
828 2538. [bug] cache/ADB memory could grow over max-cache-size,
829 especially with threads and smaller max-cache-size
832 2537. [experimental] Added more statistics counters including those on socket
833 I/O events and query RTT histograms. [RT #18802]
835 2536. [cleanup] Silence some warnings when -Werror=format-security is
836 specified. [RT #19083]
838 2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
840 2532. [bug] dig: check the question section of the response to
841 see if it matches the asked question. [RT #18495]
843 2531. [bug] Change #2207 was incomplete. [RT #19098]
845 2530. [bug] named failed to reject insecure to secure transitions
846 via UPDATE. [RT #19101]
848 2529. [cleanup] Upgrade libtool to silence complaints from recent
849 version of autoconf. [RT #18657]
851 2528. [cleanup] Silence spurious configure warning about
852 --datarootdir [RT #19096]
854 2527. [bug] named could reuse cache on reload with
855 enabling/disabling validation. [RT #19119]
857 2525. [experimental] New logging category "query-errors" to provide detailed
858 internal information about query failures, especially
859 about server failures. [RT #19027]
861 2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
863 2523. [bug] Random type rdata freed by dns_nsec_typepresent().
866 2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
868 2521. [bug] Improve epoll cross compilation support. [RT #19047]
870 2519. [bug] dig/host with -4 or -6 didn't work if more than two
871 nameserver addresses of the excluded address family
872 preceded in resolv.conf. [RT #19081]
874 2517. [bug] dig +trace with -4 or -6 failed when it chose a
875 nameserver address of the excluded address type.
878 2516. [bug] glue sort for responses was performed even when not
881 2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
882 a nameserver of the excluded address family.
885 2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
888 2506. [port] solaris: Check at configure time if
889 hack_shutup_pthreadonceinit is needed. [RT #19037]
891 2505. [port] Treat amd64 similarly to x86_64 when determining
892 atomic operation support. [RT #19031]
894 2503. [port] linux: improve compatibility with Linux Standard
897 2502. [cleanup] isc_radix: Improve compliance with coding style,
898 document function in <isc/radix.h>. [RT #18534]
900 --- 9.6.0 released ---
902 2520. [bug] Update xml statistics version number to 2.0 as change
903 #2388 made the schema incompatible to the previous
906 --- 9.6.0rc2 released ---
908 2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
911 2513. [bug] Fix windows cli build. [RT #19062]
913 2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
916 2509. [bug] Specifying a fixed query source port was broken.
919 2504. [bug] Address race condition in the socket code. [RT #18899]
921 --- 9.6.0rc1 released ---
923 2498. [bug] Removed a bogus function argument used with
924 ISC_SOCKET_USE_POLLWATCH: it could cause compiler
925 warning or crash named with the debug 1 level
926 of logging. [RT #18917]
928 2497. [bug] Don't add RRSIG bit to NSEC3 bit map for insecure
931 2496. [bug] Add sanity length checks to NSID option. [RT #18813]
933 2495. [bug] Tighten RRSIG checks. [RT #18795]
935 2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
936 installed. [RT #18826]
938 2493. [bug] The linux capabilities code was not correctly cleaning
939 up after itself. [RT #18767]
941 2492. [func] Rndc status now reports the number of cpus discovered
942 and the number of worker threads when running
943 multi-threaded. [RT #18273]
945 2491. [func] Attempt to re-use a local port if we are already using
946 the port. [RT #18548]
948 2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
949 is cleared when IPV6_V6ONLY is set. [RT #18785]
951 2489. [port] solaris: Workaround Solaris's kernel bug about
953 http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
954 Define ISC_SOCKET_USE_POLLWATCH at build time to enable
955 this workaround. [RT #18870]
957 2488. [func] Added a tool, dnssec-dsfromkey, to generate DS records
958 from keyset and .key files. [RT #18694]
960 2487. [bug] Give TCP connections longer to complete. [RT #18675]
962 2486. [func] The default locations for named.pid and lwresd.pid
963 are now /var/run/named/named.pid and
964 /var/run/lwresd/lwresd.pid respectively.
966 This allows the owner of the containing directory
967 to be set, for "named -u" support, and allows there
968 to be a permanent symbolic link in the path, for
969 "named -t" support. [RT #18306]
971 2485. [bug] Change update's the handling of obscured RRSIG
972 records. Not all orphaned DS records were being
975 2484. [bug] It was possible to trigger a REQUIRE failure when
976 adding NSEC3 proofs to the response in
977 query_addwildcardproof(). [RT #18828]
979 2483. [port] win32: chroot() is not supported. [RT #18805]
981 2482. [port] libxml2: support versions 2.7.* in addition
982 to 2.6.*. [RT #18806]
984 --- 9.6.0b1 released ---
986 2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
987 collisions. [RT #18812]
989 2480. [bug] named could fail to emit all the required NSEC3
992 2479. [bug] xfrout:covers was not properly initialized. [RT #18801]
994 2478. [bug] 'addresses' could be used uninitialized in
995 configure_forward(). [RT #18800]
997 2477. [bug] dig: the global option to print the command line is
998 +cmd not print_cmd. Update the output to reflect
1001 2476. [doc] ARM: improve documentation for max-journal-size and
1002 ixfr-from-differences. [RT #15909] [RT #18541]
1004 2475. [bug] LRU cache cleanup under overmem condition could purge
1005 particular entries more aggressively. [RT #17628]
1007 2474. [bug] ACL structures could be allocated with insufficient
1008 space, causing an array overrun. [RT #18765]
1010 2473. [port] linux: raise the limit on open files to the possible
1011 maximum value before spawning threads; 'files'
1012 specified in named.conf doesn't seem to work with
1013 threads as expected. [RT #18784]
1015 2472. [port] linux: check the number of available cpu's before
1016 calling chroot as it depends on "/proc". [RT #16923]
1018 2471. [bug] named-checkzone was not reporting missing mandatory
1019 glue when sibling checks were disabled. [RT #18768]
1021 2470. [bug] Elements of the isc_radix_node_t could be incorrectly
1022 overwritten. [RT# 18719]
1024 2469. [port] solaris: Work around Solaris's select() limitations.
1027 2468. [bug] Resolver could try unreachable servers multiple times.
1030 2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
1032 2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
1035 2465. [bug] Adb's handling of lame addresses was different
1036 for IPv4 and IPv6. [RT #18738]
1038 2464. [port] linux: check that a capability is present before
1039 trying to set it. [RT #18135]
1041 2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
1042 API and glibc hides parts of the IPv6 Advanced Socket
1043 API as a result. This is stupid as it breaks how the
1044 two halves (Basic and Advanced) of the IPv6 Socket API
1045 were designed to be used but we have to live with it.
1046 Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
1049 2462. [doc] Document -m (enable memory usage debugging)
1050 option for dig. [RT #18757]
1052 2461. [port] sunos: Change #2363 was not complete. [RT #17513]
1054 --- 9.6.0a1 released ---
1056 2460. [bug] Don't call dns_db_getnsec3parameters() on the cache.
1059 2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
1061 2458. [doc] ARM: update and correction for max-cache-size.
1064 2457. [tuning] max-cache-size is reverted to 0, the previous
1065 default. It should be safe because expired cache
1066 entries are also purged. [RT #18684]
1068 2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
1069 address, regardless of family. They now correctly
1070 distinguish IPv4 from IPv6. [RT #18559]
1072 2455. [bug] Stop metadata being transferred via axfr/ixfr.
1075 2454. [func] nsupdate: you can now set a default ttl. [RT #18317]
1077 2453. [bug] Remove NULL pointer dereference in dns_journal_print().
1080 2452. [func] Improve bin/test/journalprint. [RT #18316]
1082 2451. [port] solaris: handle runtime linking better. [RT #18356]
1084 2450. [doc] Fix lwresd docbook problem for manual page.
1089 2448. [func] Add NSEC3 support. [RT #15452]
1091 2447. [cleanup] libbind has been split out as a separate product.
1093 2446. [func] Add a new log message about build options on startup.
1094 A new command-line option '-V' for named is also
1095 provided to show this information. [RT# 18645]
1097 2445. [doc] ARM out-of-date on empty reverse zones (list includes
1098 RFC1918 address, but these are not yet compiled in).
1101 2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
1102 (clear DF) for UDP responses and requests.
1104 2443. [bug] win32: UDP connect() would not generate an event,
1105 and so connected UDP sockets would never clean up.
1106 Fix this by doing an immediate WSAConnect() rather
1107 than an io completion port type for UDP.
1109 2442. [bug] A lock could be destroyed twice. [RT# 18626]
1111 2441. [bug] isc_radix_insert() could copy radix tree nodes
1112 incompletely. [RT #18573]
1114 2440. [bug] named-checkconf used an incorrect test to determine
1115 if an ACL was set to none.
1117 2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
1120 2438. [bug] Timeouts could be logged incorrectly under win32.
1122 2437. [bug] Sockets could be closed too early, leading to
1123 inconsistent states in the socket module. [RT #18298]
1125 2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
1127 2435. [bug] Fixed an ACL memory leak affecting win32.
1129 2434. [bug] Fixed a minor error-reporting bug in
1130 lib/isc/win32/socket.c.
1132 2433. [tuning] Set initial timeout to 800ms.
1134 2432. [bug] More Windows socket handling improvements. Stop
1135 using I/O events and use IO Completion Ports
1136 throughout. Rewrite the receive path logic to make
1137 it easier to support multiple simultaneous
1138 requesters in the future. Add stricter consistency
1139 checking as a compile-time option (define
1140 ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
1142 2431. [bug] Acl processing could leak memory. [RT #18323]
1144 2430. [bug] win32: isc_interval_set() could round down to
1145 zero if the input was less than NS_INTERVAL
1146 nanoseconds. Round up instead. [RT #18549]
1148 2429. [doc] nsupdate should be in section 1 of the man pages.
1151 2428. [bug] dns_iptable_merge() mishandled merges of negative
1154 2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
1155 was set. [RT #18528]
1157 2426. [bug] libbind: inet_net_pton() can sometimes return the
1158 wrong value if excessively large net masks are
1159 supplied. [RT #18512]
1161 2425. [bug] named didn't detect unavailable query source addresses
1162 at load time. [RT #18536]
1164 2424. [port] configure now probes for a working epoll
1165 implementation. Allow the use of kqueue,
1166 epoll and /dev/poll to be selected at compile
1169 2423. [security] Randomize server selection on queries, so as to
1170 make forgery a little more difficult. Instead of
1171 always preferring the server with the lowest RTT,
1172 pick a server with RTT within the same 128
1173 millisecond band. [RT #18441]
1175 2422. [bug] Handle the special return value of a empty node as
1176 if it was a NXRRSET in the validator. [RT #18447]
1178 2421. [func] Add new command line option '-S' for named to specify
1179 the max number of sockets. [RT #18493]
1180 Use caution: this option may not work for some
1181 operating systems without rebuilding named.
1183 2420. [bug] Windows socket handling cleanup. Let the io
1184 completion event send out canceled read/write
1185 done events, which keeps us from writing to memory
1186 we no longer have ownership of. Add debugging
1187 socket_log() function. Rework TCP socket handling
1188 to not leak sockets.
1190 2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
1191 should not be used for isc_sockettype_fdwatch sockets.
1194 2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
1197 2417. [bug] Connecting UDP sockets for outgoing queries could
1198 unexpectedly fail with an 'address already in use'
1201 2416. [func] Log file descriptors that cause exceeding the
1202 internal maximum. [RT #18460]
1204 2415. [bug] 'rndc dumpdb' could trigger various assertion failures
1205 in rbtdb.c. [RT #18455]
1207 2414. [bug] A masterdump context held the database lock too long,
1208 causing various troubles such as dead lock and
1209 recursive lock acquisition. [RT #18311, #18456]
1211 2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
1213 2412. [bug] win32: address a resource leak. [RT #18374]
1215 2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
1216 for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
1217 at compilation time. [RT #18433]
1219 Note: with changes #2469 and #2421 above, there is no
1220 need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
1223 2410. [bug] Correctly delete m_versionInfo. [RT #18432]
1225 2409. [bug] Only log that we disabled EDNS processing if we were
1226 subsequently successful. [RT #18029]
1228 2408. [bug] A duplicate TCP dispatch event could be sent, which
1229 could then trigger an assertion failure in
1230 resquery_response(). [RT #18275]
1232 2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
1236 2405. [cleanup] The default value for dnssec-validation was changed to
1237 "yes" in 9.5.0-P1 and all subsequent releases; this
1238 was inadvertently omitted from CHANGES at the time.
1240 2404. [port] hpux: files unlimited support.
1242 2403. [bug] TSIG context leak. [RT #18341]
1244 2402. [port] Support Solaris 2.11 and over. [RT #18362]
1246 2401. [bug] Expect to get E[MN]FILE errno internal_accept()
1247 (from accept() or fcntl() system calls). [RT #18358]
1249 2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
1254 2398. [bug] Improve file descriptor management. New,
1255 temporary, named.conf option reserved-sockets,
1256 default 512. [RT #18344]
1258 2397. [bug] gssapi_functions had too many elements. [RT #18355]
1260 2396. [bug] Don't set SO_REUSEADDR for randomized ports.
1263 2395. [port] Avoid warning and no effect from "files unlimited"
1264 on Linux when running as root. [RT #18335]
1266 2394. [bug] Default configuration options set the limit for
1267 open files to 'unlimited' as described in the
1268 documentation. [RT #18331]
1270 2393. [bug] nested acls containing keys could trigger an
1271 assertion in acl.c. [RT #18166]
1273 2392. [bug] remove 'grep -q' from acl test script, some platforms
1274 don't support it. [RT #18253]
1276 2391. [port] hpux: cover additional recvmsg() error codes.
1279 2390. [bug] dispatch.c could make a false warning on 'odd socket'.
1282 2389. [bug] Move the "working directory writable" check to after
1283 the ns_os_changeuser() call. [RT #18326]
1285 2388. [bug] Avoid using tables for layout purposes in
1286 statistics XSL [RT #18159].
1288 2387. [bug] Silence compiler warnings in lib/isc/radix.c.
1289 [RT #18147] [RT #18258]
1291 2386. [func] Add warning about too small 'open files' limit.
1294 2385. [bug] A condition variable in socket.c could leak in
1295 rare error handling [RT #17968].
1297 2384. [security] Fully randomize UDP query ports to improve
1298 forgery resilience. [RT #17949, #18098]
1300 2383. [bug] named could double queries when they resulted in
1301 SERVFAIL due to overkilling EDNS0 failure detection.
1304 2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
1307 2381. [port] dlz/mysql: support multiple install layouts for
1308 mysql. <prefix>/include/{,mysql/}mysql.h and
1309 <prefix>/lib/{,mysql/}. [RT #18152]
1311 2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
1312 proofs which, in turn, caused validation failures
1313 for insecure zones immediately below a secure zone
1314 the server was authoritative for. [RT #18112]
1316 2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
1317 TLDs and supported RRs with TTLs [RT #17972]
1319 2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
1322 2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
1324 2376. [bug] Change #2144 was not complete.
1328 2374. [bug] "blackhole" ACLs could cause named to segfault due
1329 to some uninitialized memory. [RT #18095]
1331 2373. [bug] Default values of zone ACLs were re-parsed each time a
1332 new zone was configured, causing an overconsumption
1333 of memory. [RT #18092]
1335 2372. [bug] Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
1337 2371. [doc] Add +nsid option to dig man page. [RT #18039]
1339 2370. [bug] "rndc freeze" could trigger an assertion in named
1340 when called on a nonexistent zone. [RT #18050]
1342 2369. [bug] libbind: Array bounds overrun on read in bitncmp().
1345 2368. [port] Linux: use libcap for capability management if
1346 possible. [RT# 18026]
1348 2367. [bug] Improve counting of dns_resstatscounter_retry
1351 2366. [bug] Adb shutdown race. [RT #18021]
1353 2365. [bug] Fix a bug that caused dns_acl_isany() to return
1354 spurious results. [RT #18000]
1356 2364. [bug] named could trigger a assertion when serving a
1357 malformed signed zone. [RT #17828]
1359 2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
1362 2362. [cleanup] Make "rrset-order fixed" a compile-time option.
1363 settable by "./configure --enable-fixed-rrset".
1364 Disabled by default. [RT #17977]
1366 2361. [bug] "recursion" statistics counter could be counted
1367 multiple times for a single query. [RT #17990]
1369 2360. [bug] Fix a condition where we release a database version
1370 (which may acquire a lock) while holding the lock.
1372 2359. [bug] Fix NSID bug. [RT #17942]
1374 2358. [doc] Update host's default query description. [RT #17934]
1376 2357. [port] Don't use OpenSSL's engine support in versions before
1377 OpenSSL 0.9.7f. [RT #17922]
1379 2356. [bug] Built in mutex profiler was not scalable enough.
1382 2355. [func] Extend the number statistics counters available.
1385 2354. [bug] Failed to initialize some rdatasetheader_t elements.
1388 2353. [func] Add support for Name Server ID (RFC 5001).
1389 'dig +nsid' requests NSID from server.
1390 'request-nsid yes;' causes recursive server to send
1391 NSID requests to upstream servers. Server responds
1392 to NSID requests with the string configured by
1393 'server-id' option. [RT #17091]
1395 2352. [bug] Various GSS_API fixups. [RT #17729]
1397 2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
1399 2350. [port] win32: IPv6 support. [RT #17797]
1401 2349. [func] Provide incremental re-signing support for secure
1402 dynamic zones. [RT #1091]
1404 2348. [func] Use the EVP interface to OpenSSL. Add PKCS#11 support.
1405 Documentation is in the new README.pkcs11 file.
1406 New tool, dnssec-keyfromlabel, which takes the
1407 label of a key pair in a HSM and constructs a DNS
1408 key pair for use by named and dnssec-signzone.
1411 2347. [bug] Delete now traverses the RB tree in the canonical
1414 2346. [func] Memory statistics now cover all active memory contexts
1415 in increased detail. [RT #17580]
1417 2345. [bug] named-checkconf failed to detect when forwarders
1418 were set at both the options/view level and in
1419 a root zone. [RT #17671]
1421 2344. [bug] Improve "logging{ file ...; };" documentation.
1424 2343. [bug] (Seemingly) duplicate IPv6 entries could be
1425 created in ADB. [RT #17837]
1427 2342. [func] Use getifaddrs() if available under Linux. [RT #17224]
1429 2341. [bug] libbind: add missing -I../include for off source
1430 tree builds. [RT #17606]
1432 2340. [port] openbsd: interface configuration. [RT #17700]
1434 2339. [port] tru64: support for libbind. [RT #17589]
1436 2338. [bug] check_ds() could be called with a non DS rdataset.
1439 2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
1441 2336. [func] If "named -6" is specified then listen on all IPv6
1442 interfaces if there are not listen-on-v6 clauses in
1443 named.conf. [RT #17581]
1445 2335. [port] sunos: libbind and *printf() support for long long.
1448 2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
1449 bug in fromstruct_txt(). [RT #17609]
1451 2333. [bug] Fix off by one error in isc_time_nowplusinterval().
1454 2332. [contrib] query-loc-0.4.0. [RT #17602]
1456 2331. [bug] Failure to regenerate any signatures was not being
1457 reported nor being past back to the UPDATE client.
1460 2330. [bug] Remove potential race condition when handling
1461 over memory events. [RT #17572]
1463 WARNING: API CHANGE: over memory callback
1464 function now needs to call isc_mem_waterack().
1465 See <isc/mem.h> for details.
1467 2329. [bug] Clearer help text for dig's '-x' and '-i' options.
1469 2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
1470 F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
1471 J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
1474 2327. [bug] It was possible to dereference a NULL pointer in
1475 rbtdb.c. Implement dead node processing in zones as
1476 we do for caches. [RT #17312]
1478 2326. [bug] It was possible to trigger a INSIST in the acache
1481 2325. [port] Linux: use capset() function if available. [RT #17557]
1483 2324. [bug] Fix IPv6 matching against "any;". [RT #17533]
1485 2323. [port] tru64: namespace clash. [RT #17547]
1487 2322. [port] MacOS: work around the limitation of setrlimit()
1488 for RLIMIT_NOFILE. [RT #17526]
1492 2320. [func] Make statistics counters thread-safe for platforms
1493 that support certain atomic operations. [RT #17466]
1495 2319. [bug] Silence Coverity warnings in
1496 lib/dns/rdata/in_1/apl_42.c. [RT #17469]
1498 2318. [port] sunos fixes for libbind. [RT #17514]
1500 2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
1502 2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
1505 2315. [bug] Used incorrect address family for mapped IPv4
1506 addresses in acl.c. [RT #17519]
1508 2314. [bug] Uninitialized memory use on error path in
1509 bin/named/lwdnoop.c. [RT #17476]
1511 2313. [cleanup] Silence Coverity warnings. Handle private stacks.
1512 [RT #17447] [RT #17478]
1514 2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
1517 2311. [bug] IPv6 addresses could match IPv4 ACL entries and
1518 vice versa. [RT #17462]
1520 2310. [bug] dig, host, nslookup: flush stdout before emitting
1521 debug/fatal messages. [RT #17501]
1523 2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
1526 2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
1529 2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
1531 2306. [bug] Remove potential race from lib/dns/resolver.c.
1534 2305. [security] inet_network() buffer overflow. CVE-2008-0122.
1536 2304. [bug] Check returns from all dns_rdata_tostruct() calls.
1539 2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
1542 2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
1544 2301. [bug] Remove resource leak and fix error messages in
1545 bin/tests/system/lwresd/lwtest.c. [RT #17474]
1547 2300. [bug] Fixed failure to close open file in
1548 bin/tests/names/t_names.c. [RT #17473]
1550 2299. [bug] Remove unnecessary NULL check in
1551 bin/nsupdate/nsupdate.c. [RT #17475]
1553 2298. [bug] isc_mutex_lock() failure not caught in
1554 bin/tests/timers/t_timers.c. [RT #17468]
1556 2297. [bug] isc_entropy_createfilesource() failure not caught in
1557 bin/tests/dst/t_dst.c. [RT #17467]
1559 2296. [port] Allow docbook stylesheet location to be specified to
1560 configure. [RT #17457]
1562 2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
1565 2294. [func] Allow the experimental statistics channels to have
1566 multiple connections and ACL.
1567 Note: the stats-server and stats-server-v6 options
1568 available in the previous beta releases are replaced
1569 with the generic statistics-channels statement.
1571 2293. [func] Add ACL regression test. [RT #17375]
1573 2292. [bug] Log if the working directory is not writable.
1576 2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
1577 failure to set PR_SET_DUMPABLE. [RT #17312]
1579 2290. [bug] Let AD in the query signal that the client wants AD
1580 set in the response. [RT #17301]
1582 2289. [func] named-checkzone now reports the out-of-zone CNAME
1585 2288. [port] win32: mark service as running when we have finished
1586 loading. [RT #17441]
1588 2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
1590 2286. [func] Allow a TCP connection to be used as a weak
1591 authentication method for reverse zones.
1592 New update-policy methods tcp-self and 6to4-self.
1595 2285. [func] Test framework for client memory context management.
1598 2284. [bug] Memory leak in UPDATE prerequisite processing.
1601 2283. [bug] TSIG keys were not attaching to the memory
1602 context. TSIG keys should use the rings
1603 memory context rather than the clients memory
1604 context. [RT #17377]
1606 2282. [bug] Acl code fixups. [RT #17346] [RT #17374]
1608 2281. [bug] Attempts to use undefined acls were not being logged.
1611 2280. [func] Allow the experimental http server to be reached
1612 over IPv6 as well as IPv4. [RT #17332]
1614 2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
1615 to protect applications from receiving spurious
1616 SIGPIPE signals when using the resolver.
1618 2278. [bug] win32: handle the case where Windows returns no
1619 search list or DNS suffix. [RT #17354]
1621 2277. [bug] Empty zone names were not correctly being caught at
1622 in the post parse checks. [RT #17357]
1624 2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
1626 2275. [func] Add support to dig to perform IXFR queries over UDP.
1629 2274. [func] Log zone transfer statistics. [RT #17336]
1631 2273. [bug] Adjust log level to WARNING when saving inconsistent
1632 stub/slave master and journal files. [RT# 17279]
1634 2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
1637 2271. [bug] Fix a memory leak in http server code [RT #17100]
1639 2270. [bug] dns_db_closeversion() version->writer could be reset
1640 before it is tested. [RT #17290]
1642 2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
1644 2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
1647 --- 9.5.0b1 released ---
1649 2267. [bug] Radix tree node_num value could be set incorrectly,
1650 causing positive ACL matches to look like negative
1653 2266. [bug] client.c:get_clientmctx() returned the same mctx
1654 once the pool of mctx's was filled. [RT #17218]
1656 2265. [bug] Test that the memory context's basic_table is non NULL
1657 before freeing. [RT #17265]
1659 2264. [bug] Server prefix length was being ignored. [RT #17308]
1661 2263. [bug] "named-checkconf -z" failed to set default value
1662 for "check-integrity". [RT #17306]
1664 2262. [bug] Error status from all but the last view could be
1667 2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
1669 2260. [bug] Reported wrong clients-per-query when increasing the
1674 --- 9.5.0a7 released ---
1676 2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
1679 2257. [bug] win32: Use the full path to vcredist_x86.exe when
1680 calling it. [RT #17222]
1682 2256. [bug] win32: Correctly register the installation location of
1683 bindevt.dll. [RT #17159]
1685 2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
1687 2254. [bug] timer.c:dispatch() failed to lock timer->lock
1688 when reading timer->idle allowing it to see
1689 intermediate values as timer->idle was reset by
1690 isc_timer_touch(). [RT #17243]
1692 2253. [func] "max-cache-size" defaults to 32M.
1693 "max-acache-size" defaults to 16M.
1695 2252. [bug] Fixed errors in sortlist code [RT #17216]
1699 2250. [func] New flag 'memstatistics' to state whether the
1700 memory statistics file should be written or not.
1701 Additionally named's -m option will cause the
1702 statistics file to be written. [RT #17113]
1704 2249. [bug] Only set Authentic Data bit if client requested
1705 DNSSEC, per RFC 3655 [RT #17175]
1707 2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
1709 2247. [doc] Sort doc/misc/options. [RT #17067]
1711 2246. [bug] Make the startup of test servers (ans.pl) more
1714 2245. [bug] Validating lack of DS records at trust anchors wasn't
1715 working. [RT #17151]
1717 2244. [func] Allow the check of nameserver names against the
1718 SOA MNAME field to be disabled by specifying
1719 'notify-to-soa yes;'. [RT #17073]
1721 2243. [func] Configuration files without a newline at the end now
1722 parse without error. [RT #17120]
1724 2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
1725 library could require a source of random data.
1728 2241. [func] nsupdate: add a interactive 'help' command. [RT #17099]
1730 2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
1731 a number of INSIST()s into plain fatal() errors
1732 which report the triggering result code.
1733 The 'key' command wasn't disabling GSS-TSIG.
1736 2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
1738 2238. [bug] It was possible to trigger a REQUIRE when a
1739 validation was canceled. [RT #17106]
1741 2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
1743 2236. [bug] dnssec-signzone failed to preserve the case of
1744 of wildcard owner names. [RT #17085]
1746 2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
1748 2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
1750 2233. [func] Add support for O(1) ACL processing, based on
1751 radix tree code originally written by Kevin
1752 Brintnall. [RT #16288]
1754 2232. [bug] dns_adb_findaddrinfo() could fail and return
1755 ISC_R_SUCCESS. [RT #17137]
1757 2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
1760 2230. [bug] We could INSIST reading a corrupted journal.
1763 2229. [bug] Null pointer dereference on query pool creation
1764 failure. [RT #17133]
1766 2228. [contrib] contrib: Change 2188 was incomplete.
1768 2227. [cleanup] Tidied up the FAQ. [RT #17121]
1772 2225. [bug] More support for systems with no IPv4 addresses.
1775 2224. [bug] Defer journal compaction if a xfrin is in progress.
1778 2223. [bug] Make a new journal when compacting. [RT #17119]
1780 2222. [func] named-checkconf now checks server key references.
1783 2221. [bug] Set the event result code to reflect the actual
1784 record turned to caller when a cache update is
1785 rejected due to a more credible answer existing.
1788 2220. [bug] win32: Address a race condition in final shutdown of
1789 the Windows socket code. [RT #17028]
1791 2219. [bug] Apply zone consistency checks to additions, not
1792 removals, when updating. [RT #17049]
1794 2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
1797 2217. [func] Adjust update log levels. [RT #17092]
1799 2216. [cleanup] Fix a number of errors reported by Coverity.
1802 2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
1804 2214. [bug] Deregister OpenSSL lock callback when cleaning
1805 up. Reorder OpenSSL cleanup so that RAND_cleanup()
1806 is called before the locks are destroyed. [RT #17098]
1808 2213. [bug] SIG0 diagnostic failure messages were looking at the
1809 wrong status code. [RT #17101]
1811 2212. [func] 'host -m' now causes memory statistics and active
1812 memory to be printed at exit. [RT 17028]
1814 2211. [func] Update "dynamic update temporarily disabled" message.
1817 2210. [bug] Deleting class specific records via UPDATE could
1820 2209. [port] osx: linking against user supplied static OpenSSL
1821 libraries failed as the system ones were still being
1824 2208. [port] win32: make sure both build methods produce the
1825 same output. [RT #17058]
1827 2207. [port] Some implementations of getaddrinfo() fail to set
1828 ai_canonname correctly. [RT #17061]
1830 --- 9.5.0a6 released ---
1832 2206. [security] "allow-query-cache" and "allow-recursion" now
1833 cross inherit from each other.
1835 If allow-query-cache is not set in named.conf then
1836 allow-recursion is used if set, otherwise allow-query
1837 is used if set, otherwise the default (localnets;
1838 localhost;) is used.
1840 If allow-recursion is not set in named.conf then
1841 allow-query-cache is used if set, otherwise allow-query
1842 is used if set, otherwise the default (localnets;
1843 localhost;) is used.
1847 2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
1849 2204. [bug] "rndc flushanme name unknown-view" caused named
1850 to crash. [RT #16984]
1852 2203. [security] Query id generation was cryptographically weak.
1855 2202. [security] The default acls for allow-query-cache and
1856 allow-recursion were not being applied. [RT #16960]
1858 2201. [bug] The build failed in a separate object directory.
1861 2200. [bug] The search for cached NSEC records was stopping to
1862 early leading to excessive DLV queries. [RT #16930]
1864 2199. [bug] win32: don't call WSAStartup() while loading dlls.
1867 2198. [bug] win32: RegCloseKey() could be called when
1868 RegOpenKeyEx() failed. [RT #16911]
1870 2197. [bug] Add INSIST to catch negative responses which are
1871 not setting the event result code appropriately.
1874 2196. [port] win32: yield processor while waiting for once to
1875 to complete. [RT #16958]
1877 2195. [func] dnssec-keygen now defaults to nametype "ZONE"
1878 when generating DNSKEYs. [RT #16954]
1880 2194. [bug] Close journal before calling 'done' in xfrin.c.
1882 --- 9.5.0a5 released ---
1884 2193. [port] win32: BINDInstall.exe is now linked statically.
1887 2192. [port] win32: use vcredist_x86.exe to install Visual
1888 Studio's redistributable dlls if building with
1889 Visual Stdio 2005 or later.
1891 2191. [func] named-checkzone now allows dumping to stdout (-).
1892 named-checkconf now has -h for help.
1893 named-checkzone now has -h for help.
1894 rndc now has -h for help.
1895 Better handling of '-?' for usage summaries.
1898 2190. [func] Make fallback to plain DNS from EDNS due to timeouts
1899 more visible. New logging category "edns-disabled".
1902 2189. [bug] Handle socket() returning EINTR. [RT #15949]
1904 2188. [contrib] queryperf: autoconf changes to make the search for
1905 libresolv or libbind more robust. [RT #16299]
1907 2187. [bug] query_addds(), query_addwildcardproof() and
1908 query_addnxrrsetnsec() should take a version
1909 argument. [RT #16368]
1911 2186. [port] cygwin: libbind: check for struct sockaddr_storage
1912 independently of IPv6. [RT #16482]
1914 2185. [port] sunos: libbind: check for ssize_t, memmove() and
1915 memchr(). [RT #16463]
1917 2184. [bug] bind9.xsl.h didn't build out of the source tree.
1920 2183. [bug] dnssec-signzone didn't handle offline private keys
1923 2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
1924 could return ISC_R_SUCCESS when they ran out of
1927 2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
1929 2180. [cleanup] Remove bit test from 'compress_test' as they
1930 are no longer needed. [RT #16497]
1932 2179. [func] 'rndc command zone' will now find 'zone' if it is
1933 unique to all the views. [RT #16821]
1935 2178. [bug] 'rndc reload' of a slave or stub zone resulted in
1936 a reference leak. [RT #16867]
1938 2177. [bug] Array bounds overrun on read (rcodetext) at
1939 debug level 10+. [RT #16798]
1941 2176. [contrib] dbus update to handle race condition during
1942 initialization (Bugzilla 235809). [RT #16842]
1944 2175. [bug] win32: windows broadcast condition variable support
1945 was broken. [RT #16592]
1947 2174. [bug] I/O errors should always be fatal when reading
1948 master files. [RT #16825]
1950 2173. [port] win32: When compiling with MSVS 2005 SP1 we also
1951 need to ship Microsoft.VC80.MFCLOC.
1953 --- 9.5.0a4 released ---
1955 2172. [bug] query_addsoa() was being called with a non zone db.
1958 2171. [bug] Handle breaks in DNSSEC trust chains where the parent
1959 servers are not DS aware (DS queries to the parent
1960 return a referral to the child).
1962 2170. [func] Add acache processing to test suite. [RT #16711]
1964 2169. [bug] host, nslookup: when reporting NXDOMAIN report the
1965 given name and not the last name searched for.
1968 2168. [bug] nsupdate: in non-interactive mode treat syntax errors
1969 as fatal errors. [RT #16785]
1971 2167. [bug] When re-using a automatic zone named failed to
1972 attach it to the new view. [RT #16786]
1974 --- 9.5.0a3 released ---
1976 2166. [bug] When running in batch mode, dig could misinterpret
1977 a server address as a name to be looked up, causing
1978 unexpected output. [RT #16743]
1980 2165. [func] Allow the destination address of a query to determine
1981 if we will answer the query or recurse.
1982 allow-query-on, allow-recursion-on and
1983 allow-query-cache-on. [RT #16291]
1985 2164. [bug] The code to determine how named-checkzone /
1986 named-compilezone was called failed under windows.
1989 2163. [bug] If only one of query-source and query-source-v6
1990 specified a port the query pools code broke (change
1993 2162. [func] Allow "rrset-order fixed" to be disabled at compile
1996 2161. [bug] Fix which log messages are emitted for 'rndc flush'.
1999 2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
2000 from getifaddrs(). [RT #16708]
2002 --- 9.5.0a2 released ---
2004 2159. [bug] Array bounds overrun in acache processing. [RT #16710]
2006 2158. [bug] ns_client_isself() failed to initialize key
2007 leading to a REQUIRE failure. [RT #16688]
2009 2157. [func] dns_db_transfernode() created. [RT #16685]
2011 2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
2012 resolver.c:validated() and resolver.c:cache_name().
2013 Fix a memory leak in rbtdb.c:free_noqname().
2014 Make lookup.c:lookup_find() robust against
2015 event leaks. [RT #16685]
2017 2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com.
2020 2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
2021 matched in acls by omitting the scope. [RT #16599]
2023 2153. [bug] nsupdate could leak memory. [RT #16691]
2025 2152. [cleanup] Use sizeof(buf) instead of fixed number in
2026 dighost.c:get_trusted_key(). [RT #16678]
2028 2151. [bug] Missing newline in usage message for journalprint.
2031 2150. [bug] 'rrset-order cyclic' uniformly distribute the
2032 starting point for the first response for a given
2035 2149. [bug] isc_mem_checkdestroyed() failed to abort on
2036 if there were still active memory contexts.
2039 2148. [func] Add positive logging for rndc commands. [RT #14623]
2041 2147. [bug] libbind: remove potential buffer overflow from
2042 hmac_link.c. [RT #16437]
2044 2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
2045 SO_BSDCOMPAT" message. [RT #16641]
2047 2145. [bug] Check DS/DLV digest lengths for known digests.
2050 2144. [cleanup] Suppress logging of SERVFAIL from forwarders.
2053 2143. [bug] We failed to restart the IPv6 client when the
2054 kernel failed to return the destination the
2055 packet was sent to. [RT #16613]
2057 2142. [bug] Handle master files with a modification time that
2058 matches the epoch. [RT# 16612]
2060 2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
2061 equivalent of LDH checks). [RT #16609]
2063 2140. [bug] libbind: missing unlock on pthread_key_create()
2064 failures. [RT #16654]
2066 2139. [bug] dns_view_find() was being called with wrong type
2067 in adb.c. [RT #16670]
2069 2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2071 2137. [port] Mips little endian and/or mips 64 bit are now
2072 supported for atomic operations. [RT#16648]
2074 2136. [bug] nslookup/host looped if there was no search list
2075 and the host didn't exist. [RT #16657]
2077 2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
2079 2134. [func] Additional statistics support. [RT #16666]
2081 2133. [port] powerpc: Support both IBM and MacOS Power PC
2082 assembler syntaxes. [RT #16647]
2084 2132. [bug] Missing unlock on out of memory in
2085 dns_dispatchmgr_setudp().
2087 2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
2089 2130. [func] Log if CD or DO were set. [RT #16640]
2091 2129. [func] Provide a pool of UDP sockets for queries to be
2092 made over. See use-queryport-pool, queryport-pool-ports
2093 and queryport-pool-updateinterval. [RT #16415]
2095 2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
2097 2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
2099 2126. [security] Serialize validation of type ANY responses. [RT #16555]
2101 2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ
2102 was defined. [RT #16574]
2104 2124. [security] It was possible to dereference a freed fetch
2105 context. [RT #16584]
2107 --- 9.5.0a1 released ---
2109 2123. [func] Use Doxygen to generate internal documentation.
2112 2122. [func] Experimental http server and statistics support
2115 2121. [func] Add a 10 slot dead masters cache (LRU) with a 600
2116 second timeout. [RT #16553]
2118 2120. [doc] Fix markup on nsupdate man page. [RT #16556]
2120 2119. [compat] libbind: allow res_init() to succeed enough to
2121 return the default domain even if it was unable
2124 2118. [bug] Handle response with long chains of domain name
2125 compression pointers which point to other compression
2126 pointers. [RT #16427]
2128 2117. [bug] DNSSEC fixes: named could fail to cache NSEC records
2129 which could lead to validation failures. named didn't
2130 handle negative DS responses that were in the process
2131 of being validated. Check CNAME bit before accepting
2132 NODATA proof. To be able to ignore a child NSEC there
2133 must be SOA (and NS) set in the bitmap. [RT #16399]
2135 2116. [bug] 'rndc reload' could cause the cache to continually
2136 be cleaned. [RT #16401]
2138 2115. [bug] 'rndc reconfig' could trigger a INSIST if the
2139 number of masters for a zone was reduced. [RT #16444]
2141 2114. [bug] dig/host/nslookup: searches for names with multiple
2142 labels were failing. [RT #16447]
2144 2113. [bug] nsupdate: if a zone is specified it should be used
2145 for server discover. [RT# 16455]
2147 2112. [security] Warn if weak RSA exponent is used. [RT #16460]
2149 2111. [bug] Fix a number of errors reported by Coverity.
2152 2110. [bug] "minimal-responses yes;" interacted badly with BIND 8
2153 priming queries. [RT #16491]
2155 2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
2157 2108. [func] DHCID support. [RT #16456]
2159 2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
2161 2106. [func] 'rndc status' now reports named's version. [RT #16426]
2163 2105. [func] GSS-TSIG support (RFC 3645).
2165 2104. [port] Fix Solaris SMF error message.
2167 2103. [port] Add /usr/sfw to list of locations for OpenSSL
2170 2102. [port] Silence Solaris 10 warnings.
2172 2101. [bug] OpenSSL version checks were not quite right.
2175 2100. [port] win32: copy libeay32.dll to Build\Debug.
2176 Copy Debug\named-checkzone to Debug\named-compilezone.
2178 2099. [port] win32: more manifest issues.
2180 2098. [bug] Race in rbtdb.c:no_references(), which occasionally
2181 triggered an INSIST failure about the node lock
2182 reference. [RT #16411]
2184 2097. [bug] named could reference a destroyed memory context
2185 after being reloaded / reconfigured. [RT #16428]
2187 2096. [bug] libbind: handle applications that fail to detect
2188 res_init() failures better.
2190 2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
2191 net_cidr_ntop_ipv6(). [RT #16388]
2193 2094. [contrib] Update named-bootconf. [RT# 16404]
2195 2093. [bug] named-checkzone -s was broken.
2197 2092. [bug] win32: dig, host, nslookup. Use registry config
2198 if resolv.conf does not exist or no nameservers
2201 2091. [port] dighost.c: race condition on cleanup. [RT #16417]
2203 2090. [port] win32: Visual C++ 2005 command line manifest support.
2206 2089. [security] Raise the minimum safe OpenSSL versions to
2207 OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
2208 prior to these have known security flaws which
2209 are (potentially) exploitable in named. [RT #16391]
2211 2088. [security] Change the default RSA exponent from 3 to 65537.
2214 2087. [port] libisc failed to compile on OS's w/o a vsnprintf.
2217 2086. [port] libbind: FreeBSD now has get*by*_r() functions.
2220 2085. [doc] win32: added index.html and README to zip. [RT #16201]
2222 2084. [contrib] dbus update for 9.3.3rc2.
2224 2083. [port] win32: Visual C++ 2005 support.
2226 2082. [doc] Document 'cache-file' as a test only option.
2228 2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
2231 2080. [port] libbind: res_init.c did not compile on older versions
2232 of Solaris. [RT #16363]
2234 2079. [bug] The lame cache was not handling multiple types
2235 correctly. [RT #16361]
2237 2078. [bug] dnssec-checkzone output style "default" was badly
2238 named. It is now called "relative". [RT #16326]
2240 2077. [bug] 'dnssec-signzone -O raw' wasn't outputting the
2241 complete signed zone. [RT #16326]
2243 2076. [bug] Several files were missing #include <config.h>
2244 causing build failures on OSF. [RT #16341]
2246 2075. [bug] The spillat timer event hander could leak memory.
2249 2074. [bug] dns_request_createvia2(), dns_request_createvia3(),
2250 dns_request_createraw2() and dns_request_createraw3()
2251 failed to send multiple UDP requests. [RT #16349]
2253 2073. [bug] Incorrect semantics check for update policy "wildcard".
2256 2072. [bug] We were not generating valid HMAC SHA digests.
2259 2071. [port] Test whether gcc accepts -fno-strict-aliasing.
2262 2070. [bug] The remote address was not always displayed when
2263 reporting dispatch failures. [RT #16315]
2265 2069. [bug] Cross compiling was not working. [RT #16330]
2267 2068. [cleanup] Lower incremental tuning message to debug 1.
2270 2067. [bug] 'rndc' could close the socket too early triggering
2271 a INSIST under Windows. [RT #16317]
2273 2066. [security] Handle SIG queries gracefully. [RT #16300]
2275 2065. [bug] libbind: probe for HPUX prototypes for
2276 endprotoent_r() and endservent_r(). [RT 16313]
2278 2064. [bug] libbind: silence AIX compiler warnings. [RT #16218]
2280 2063. [bug] Change #1955 introduced a bug which caused the first
2281 'rndc flush' call to not free memory. [RT #16244]
2283 2062. [bug] 'dig +nssearch' was reusing a buffer before it had
2284 been returned by the socket code. [RT #16307]
2286 2061. [bug] Accept expired wildcard message reversed. [RT #16296]
2288 2060. [bug] Enabling DLZ support could leave views partially
2289 configured. [RT #16295]
2291 2059. [bug] Search into cache rbtdb could trigger an INSIST
2292 failure while cleaning up a stale rdataset.
2295 2058. [bug] Adjust how we calculate rtt estimates in the presence
2296 of authoritative servers that drop EDNS and/or CD
2297 requests. Also fallback to EDNS/512 and plain DNS
2298 faster for zones with less than 3 servers. [RT #16187]
2300 2057. [bug] Make setting "ra" dependent on both allow-query-cache
2301 and allow-recursion. [RT #16290]
2303 2056. [bug] dig: ixfr= was not being treated case insensitively
2304 at all times. [RT #15955]
2306 2055. [bug] Missing goto after dropping multicast query.
2309 2054. [port] freebsd: do not explicitly link against -lpthread.
2312 2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220]
2314 2052. [bug] 'rndc' improve connect failed message to report
2315 the failing address. [RT #15978]
2317 2051. [port] More strtol() fixes. [RT #16249]
2319 2050. [bug] Parsing of NSAP records was not case insensitive.
2322 2049. [bug] Restore SOA before AXFR when falling back from
2323 a attempted IXFR when transferring in a zone.
2324 Allow a initial SOA query before attempting
2325 a AXFR to be requested. [RT #16156]
2327 2048. [bug] It was possible to loop forever when using
2328 avoid-v4-udp-ports / avoid-v6-udp-ports when
2329 the OS always returned the same local port.
2332 2047. [bug] Failed to initialize the interface flags to zero.
2335 2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
2336 cleanup [RT #16247].
2338 2045. [func] Use lock buckets for acache entries to limit memory
2339 consumption. [RT #16183]
2341 2044. [port] Add support for atomic operations for Itanium.
2344 2043. [port] nsupdate/nslookup: Force the flushing of the prompt
2345 for interactive sessions. [RT#16148]
2347 2042. [bug] named-checkconf was incorrectly rejecting the
2348 logging category "config". [RT #16117]
2350 2041. [bug] "configure --with-dlz-bdb=yes" produced a bad
2351 set of libraries to be linked. [RT #16129]
2353 2040. [bug] rbtdb no_references() could trigger an INSIST
2354 failure with --enable-atomic. [RT #16022]
2356 2039. [func] Check that all buffers passed to the socket code
2357 have been retrieved when the socket event is freed.
2360 2038. [bug] dig/nslookup/host was unlinking from wrong list
2361 when handling errors. [RT #16122]
2363 2037. [func] When unlinking the first or last element in a list
2364 check that the list head points to the element to
2365 be unlinked. [RT #15959]
2367 2036. [bug] 'rndc recursing' could cause trigger a REQUIRE.
2370 2035. [func] Make falling back to TCP on UDP refresh failure
2371 optional. Default "try-tcp-refresh yes;" for BIND 8
2372 compatibility. [RT #16123]
2374 2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
2376 2033. [bug] We weren't creating multiple client memory contexts
2377 on demand as expected. [RT #16095]
2379 2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074]
2381 2031. [bug] Emit a error message when "rndc refresh" is called on
2382 a non slave/stub zone. [RT # 16073]
2384 2030. [bug] We were being overly conservative when disabling
2385 openssl engine support. [RT #16030]
2387 2029. [bug] host printed out the server multiple times when
2388 specified on the command line. [RT #15992]
2390 2028. [port] linux: socket.c compatibility for old systems.
2393 2027. [port] libbind: Solaris x86 support. [RT #16020]
2395 2026. [bug] Rate limit the two recursive client exceeded messages.
2398 2025. [func] Update "zone serial unchanged" message. [RT #16026]
2400 2024. [bug] named emitted spurious "zone serial unchanged"
2401 messages on reload. [RT #16027]
2403 2023. [bug] "make install" should create ${localstatedir}/run and
2404 ${sysconfdir} if they do not exist. [RT #16033]
2406 2022. [bug] If dnssec validation is disabled only assert CD if
2407 CD was requested. [RT #16037]
2409 2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037]
2411 2020. [bug] rdataset_setadditional() could leak memory. [RT #16034]
2413 2019. [tuning] Reduce the amount of work performed per quantum
2414 when cleaning the cache. [RT #15986]
2416 2018. [bug] Checking if the HMAC MD5 private file was broken.
2419 2017. [bug] allow-query default was not correct. [RT #15946]
2421 2016. [bug] Return a partial answer if recursion is not
2422 allowed but requested and we had the answer
2423 to the original qname. [RT #15945]
2425 2015. [cleanup] use-additional-cache is now acache-enable for
2426 consistency. Default acache-enable off in BIND 9.4
2427 as it requires memory usage to be configured.
2428 It may be enabled by default in BIND 9.5 once we
2429 have more experience with it.
2431 2014. [func] Statistics about acache now recorded and sent
2434 2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
2435 responses more gracefully. [RT #15941]
2437 2012. [func] Don't insert new acache entries if acache is full.
2440 2011. [func] dnssec-signzone can now update the SOA record of
2441 the signed zone, either as an increment or as the
2442 system time(). [RT #15633]
2444 2010. [placeholder] rt15958
2446 2009. [bug] libbind: Coverity fixes. [RT #15808]
2448 2008. [func] It is now possible to enable/disable DNSSEC
2449 validation from rndc. This is useful for the
2450 mobile hosts where the current connection point
2451 breaks DNSSEC (firewall/proxy). [RT #15592]
2453 rndc validation newstate [view]
2455 2007. [func] It is now possible to explicitly enable DNSSEC
2456 validation. default dnssec-validation no; to
2457 be changed to yes in 9.5.0. [RT #15674]
2459 2006. [security] Allow-query-cache and allow-recursion now default
2460 to the built in acls "localnets" and "localhost".
2462 This is being done to make caching servers less
2463 attractive as reflective amplifying targets for
2464 spoofed traffic. This still leave authoritative
2467 The best fix is for full BCP 38 deployment to
2468 remove spoofed traffic.
2470 2005. [bug] libbind: Retransmission timeouts should be
2471 based on which attempt it is to the nameserver
2472 and not the nameserver itself. [RT #13548]
2474 2004. [bug] dns_tsig_sign() could pass a NULL pointer to
2475 dst_context_destroy() when cleaning up after a
2478 2003. [bug] libbind: The DNS name/address lookup functions could
2479 occasionally follow a random pointer due to
2480 structures not being completely zeroed. [RT #15806]
2482 2002. [bug] libbind: tighten the constraints on when
2483 struct addrinfo._ai_pad exists. [RT #15783]
2485 2001. [func] Check the KSK flag when updating a secure dynamic zone.
2486 New zone option "update-check-ksk yes;". [RT #15817]
2488 2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812]
2490 1999. [func] Implement "rrset-order fixed". [RT #13662]
2492 1998. [bug] Restrict handling of fifos as sockets to just SunOS.
2493 This allows named to connect to entropy gathering
2494 daemons that use fifos instead of sockets. [RT #15840]
2496 1997. [bug] Named was failing to replace negative cache entries
2497 when a positive one for the type was learnt.
2500 1996. [bug] nsupdate: if a zone has been specified it should
2501 appear in the output of 'show'. [RT #15797]
2503 1995. [bug] 'host' was reporting multiple "is an alias" messages.
2506 1994. [port] OpenSSL 0.9.8 support. [RT #15694]
2508 1993. [bug] Log messages, via syslog, were missing the space
2509 after the timestamp if "print-time yes" was specified.
2512 1992. [bug] Not all incoming zone transfer messages included the
2515 1991. [cleanup] The configuration data, once read, should be treated
2516 as read only. Expand the use of const to enforce this
2517 at compile time. [RT #15813]
2519 1990. [bug] libbind: isc's override of broken gettimeofday()
2520 implementations was not always effective.
2523 1989. [bug] win32: don't check the service password when
2524 re-installing. [RT #15882]
2526 1988. [bug] Remove a bus error from the SHA256/SHA512 support.
2529 1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
2531 1986. [func] Report when a zone is removed. [RT #15849]
2533 1985. [protocol] DLV has now been assigned a official type code of
2536 Note: care should be taken to ensure you upgrade
2537 both named and dnssec-signzone at the same time for
2538 zones with DLV records where named is the master
2539 server for the zone. Also any zones that contain
2540 DLV records should be removed when upgrading a slave
2541 zone. You do not however have to upgrade all
2542 servers for a zone with DLV records simultaneously.
2544 1984. [func] dig, nslookup and host now advertise a 4096 byte
2545 EDNS UDP buffer size by default. [RT #15855]
2547 1983. [func] Two new update policies. "selfsub" and "selfwild".
2550 1982. [bug] DNSKEY was being accepted on the parent side of
2551 a delegation. KEY is still accepted there for
2552 RFC 3007 validated updates. [RT #15620]
2554 1981. [bug] win32: condition.c:wait() could fail to reattain
2557 1980. [func] dnssec-signzone: output the SOA record as the
2558 first record in the signed zone. [RT #15758]
2560 1979. [port] linux: allow named to drop core after changing
2561 user ids. [RT #15753]
2563 1978. [port] Handle systems which have a broken recvmsg().
2566 1977. [bug] Silence noisy log message. [RT #15704]
2568 1976. [bug] Handle systems with no IPv4 addresses. [RT #15695]
2570 1975. [bug] libbind: isc_gethexstring() could misparse multi-line
2571 hex strings with comments. [RT #15814]
2573 1974. [doc] List each of the zone types and associated zone
2574 options separately in the ARM.
2576 1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
2577 HMACSHA512 support. [RT #13606]
2579 1972. [contrib] DBUS dynamic forwarders integration from
2580 Jason Vas Dias <jvdias@redhat.com>.
2582 1971. [port] linux: make detection of missing IF_NAMESIZE more
2585 1970. [bug] nsupdate: adjust UDP timeout when falling back to
2586 unsigned SOA query. [RT #15775]
2588 1969. [bug] win32: the socket code was freeing the socket
2589 structure too early. [RT #15776]
2591 1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
2593 1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
2595 1966. [bug] Don't set CD when we have fallen back to plain DNS.
2598 1965. [func] Suppress spurious "recursion requested but not
2599 available" warning with 'dig +qr'. [RT #15780].
2601 1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
2603 1963. [port] Tru64 4.0E doesn't support send() and recv().
2606 1962. [bug] Named failed to clear old update-policy when it
2607 was removed. [RT #15491]
2609 1961. [bug] Check the port and address of responses forwarded
2610 to dispatch. [RT #15474]
2612 1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
2615 1959. [func] Control the zeroing of the negative response TTL to
2616 a soa query. Defaults "zero-no-soa-ttl yes;" and
2617 "zero-no-soa-ttl-cache no;". [RT #15460]
2619 1958. [bug] Named failed to update the zone's secure state
2620 until the zone was reloaded. [RT #15412]
2622 1957. [bug] Dig mishandled responses to class ANY queries.
2625 1956. [bug] Improve cross compile support, 'gen' is now built
2626 by native compiler. See README for additional
2627 cross compile support information. [RT #15148]
2629 1955. [bug] Pre-allocate the cache cleaning iterator. [RT #14998]
2631 1954. [func] Named now falls back to advertising EDNS with a
2632 512 byte receive buffer if the initial EDNS queries
2635 1953. [func] The maximum EDNS UDP response named will send can
2636 now be set in named.conf (max-udp-size). This is
2637 independent of the advertised receive buffer
2638 (edns-udp-size). [RT #14852]
2640 1952. [port] hpux: tell the linker to build a runtime link
2641 path "-Wl,+b:". [RT #14816].
2643 1951. [security] Drop queries from particular well known ports.
2644 Don't return FORMERR to queries from particular
2645 well known ports. [RT #15636]
2647 1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
2648 a TCP socket. This prevents the source address being
2649 set for TCP connections. [RT #15628]
2651 1949. [func] Addition memory leakage checks. [RT #15544]
2653 1948. [bug] If was possible to trigger a REQUIRE failure in
2654 xfrin.c:maybe_free() if named ran out of memory.
2657 1947. [func] It is now possible to configure named to accept
2658 expired RRSIGs. Default "dnssec-accept-expired no;".
2659 Setting "dnssec-accept-expired yes;" leaves named
2660 vulnerable to replay attacks. [RT #14685]
2662 1946. [bug] resume_dslookup() could trigger a REQUIRE failure
2663 when using forwarders. [RT #15549]
2665 1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
2666 To generate a RSAMD5 key you must explicitly request
2669 1944. [cleanup] isc_hash_create() does not need a read/write lock.
2672 1943. [bug] Set the loadtime after rolling forward the journal.
2675 1942. [bug] If the name of a DNSKEY match that of one in
2676 trusted-keys do not attempt to validate the DNSKEY
2677 using the parents DS RRset. [RT #15649]
2679 1941. [bug] ncache_adderesult() should set eresult even if no
2680 rdataset is passed to it. [RT #15642]
2682 1940. [bug] Fixed a number of error conditions reported by
2685 1939. [bug] The resolver could dereference a null pointer after
2686 validation if all the queries have timed out.
2689 1938. [bug] The validator was not correctly handling unsecure
2690 negative responses at or below a SEP. [RT #15528]
2692 1937. [bug] sdlz doesn't handle RRSIG records. [RT #15564]
2694 1936. [bug] The validator could leak memory. [RT #15544]
2696 1935. [bug] 'acache' was DO sensitive. [RT #15430]
2698 1934. [func] Validate pending NS RRsets, in the authority section,
2699 prior to returning them if it can be done without
2700 requiring DNSKEYs to be fetched. [RT #15430]
2702 1933. [bug] dump_rdataset_raw() had a incorrect INSIST. [RT #15534]
2704 1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
2706 1931. [bug] Per-client mctx could require a huge amount of memory,
2707 particularly for a busy caching server. [RT #15519]
2709 1930. [port] HPUX: ia64 support. [RT #15473]
2711 1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
2713 1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
2715 1927. [bug] Access to soanode or nsnode in rbtdb violated the
2716 lock order rule and could cause a dead lock.
2719 1926. [bug] The Windows installer did not check for empty
2720 passwords. BINDinstall was being installed in
2721 the wrong place. [RT #15483]
2723 1925. [port] All outer level AC_TRY_RUNs need cross compiling
2724 defaults. [RT #15469]
2726 1924. [port] libbind: hpux ia64 support. [RT #15473]
2728 1923. [bug] ns_client_detach() called too early. [RT #15499]
2730 1922. [bug] check-tool.c:setup_logging() missing call to
2731 dns_log_setcontext().
2733 1921. [bug] Client memory contexts were not using internal
2736 1920. [bug] The cache rbtdb lock array was too small to
2737 have the desired performance characteristics.
2740 1919. [contrib] queryperf: a set of new features: collecting/printing
2741 response delays, printing intermediate results, and
2742 adjusting query rate for the "target" qps.
2744 1918. [bug] Memory leak when checking acls. [RT #15391]
2746 1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
2747 when generating man pages. [RT #15385]
2749 1916. [func] Integrate contributed IDN code from JPNIC. [RT #15383]
2751 1915. [bug] dig +ndots was broken. [RT #15215]
2753 1914. [protocol] DS is required to accept mnemonic algorithms
2754 (RFC 4034). Still emit numeric algorithms for
2755 compatibility with RFC 3658. [RT #15354]
2757 1913. [func] Integrate contributed DLZ code into named. [RT #11382]
2759 1912. [port] aix: atomic locking for powerpc. [RT #15020]
2761 1911. [bug] Update windows socket code. [RT #14965]
2763 1910. [bug] dig's +sigchase code overhauled. [RT #14933]
2765 1909. [bug] The DLV code has been re-worked to make no longer
2766 query order sensitive. [RT #14933]
2768 1908. [func] dig now warns if 'RA' is not set in the answer when
2769 'RD' was set in the query. host/nslookup skip servers
2770 that fail to set 'RA' when 'RD' is set unless a server
2771 is explicitly set. [RT #15005]
2773 1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
2776 1906. [func] dig now has a '-q queryname' and '+showsearch' options.
2779 1905. [bug] Strings returned from cfg_obj_asstring() should be
2780 treated as read-only. The prototype for
2781 cfg_obj_asstring() has been updated to reflect this.
2784 1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
2785 friends. Note: RFC 1918 zones are not yet covered by
2786 this but are likely to be in a future release.
2788 New options: empty-server, empty-contact,
2789 empty-zones-enable and disable-empty-zone.
2791 1903. [func] ISC string copy API.
2793 1902. [func] Attempt to make the amount of work performed in a
2794 iteration self tuning. The covers nodes clean from
2795 the cache per iteration, nodes written to disk when
2796 rewriting a master file and nodes destroyed per
2797 iteration when destroying a zone or a cache.
2800 1901. [cleanup] Don't add DNSKEY records to the additional section.
2802 1900. [bug] ixfr-from-differences failed to ensure that the
2803 serial number increased. [RT #15036]
2805 1899. [func] named-checkconf now validates update-policy entries.
2808 1898. [bug] Extend ISC_SOCKADDR_FORMATSIZE and
2809 ISC_NETADDR_FORMATSIZE to allow for scope details.
2811 1897. [func] x86 and x86_64 now have separate atomic locking
2814 1896. [bug] Recursive clients soft quota support wasn't working
2815 as expected. [RT #15103]
2817 1895. [bug] A escaped character is, potentially, converted to
2818 the output character set too early. [RT #14666]
2820 1894. [doc] Review ARM for BIND 9.4.
2822 1893. [port] Use uintptr_t if available. [RT #14606]
2824 1892. [func] Support for SPF rdata type. [RT #15033]
2826 1891. [port] freebsd: pthread_mutex_init can fail if it runs out
2827 of memory. [RT #14995]
2829 1890. [func] Raise the UDP receive buffer size to 32k if it is
2830 less than 32k. [RT #14953]
2832 1889. [port] sunos: non blocking i/o support. [RT #14951]
2834 1888. [func] Support for IPSECKEY rdata type. [RT #14967]
2836 1887. [bug] The cache could delete expired records too fast for
2837 clients with a virtual time in the past. [RT #14991]
2839 1886. [bug] fctx_create() could return success even though it
2842 1885. [func] dig: report the number of extra bytes still left in
2843 the packet after processing all the records.
2845 1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>.
2847 1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug
2850 1882. [func] Limit the number of recursive clients that can be
2851 waiting for a single query (<qname,qtype,qclass>) to
2852 resolve. New options clients-per-query and
2853 max-clients-per-query.
2855 1881. [func] Add a system test for named-checkconf. [RT #14931]
2857 1880. [func] The lame cache is now done on a <qname,qclass,qtype>
2858 basis as some servers only appear to be lame for
2859 certain query types. [RT #14916]
2861 1879. [func] "USE INTERNAL MALLOC" is now runtime selectable.
2864 1878. [func] Detect duplicates of UDP queries we are recursing on
2865 and drop them. New stats category "duplicate".
2868 1877. [bug] Fix unreasonably low quantum on call to
2869 dns_rbt_destroy2(). Remove unnecessary unhash_node()
2872 1876. [func] Additional memory debugging support to track size
2873 and mctx arguments. [RT #14814]
2875 1875. [bug] process_dhtkey() was using the wrong memory context
2876 to free some memory. [RT #14890]
2878 1874. [port] sunos: portability fixes. [RT #14814]
2880 1873. [port] win32: isc__errno2result() now reports its caller.
2883 1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
2887 1870. [func] Added framework for handling multiple EDNS versions.
2890 1869. [func] dig can now specify the EDNS version when making
2891 a query. [RT #14873]
2893 1868. [func] edns-udp-size can now be overridden on a per
2894 server basis. [RT #14851]
2896 1867. [bug] It was possible to trigger a INSIST in
2897 dlv_validatezonekey(). [RT #14846]
2899 1866. [bug] resolv.conf parse errors were being ignored by
2900 dig/host/nslookup. [RT #14841]
2902 1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
2903 bad addresses. [RT #14841]
2905 1864. [bug] Don't try the alternative transfer source if you
2906 got a answer / transfer with the main source
2907 address. [RT #14802]
2909 1863. [bug] rrset-order "fixed" error messages not complete.
2911 1862. [func] Add additional zone data constancy checks.
2912 named-checkzone has extended checking of NS, MX and
2913 SRV record and the hosts they reference.
2914 named has extended post zone load checks.
2915 New zone options: check-mx and integrity-check.
2918 1861. [bug] dig could trigger a INSIST on certain malformed
2919 responses. [RT #14801]
2921 1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
2922 incorrectly set. [RT #14775]
2924 1859. [func] Add support for CH A record. [RT #14695]
2926 1858. [bug] The flush-zones-on-shutdown option wasn't being
2929 1857. [bug] named could trigger a INSIST() if reconfigured /
2930 reloaded too fast. [RT #14673]
2932 1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
2935 1855. [bug] ixfr-from-differences was failing to detect changes
2936 of ttl due to dns_diff_subtract() was ignoring the ttl
2937 of records. [RT #14616]
2939 1854. [bug] lwres also needs to know the print format for
2940 (long long). [RT #13754]
2942 1853. [bug] Rework how DLV interacts with proveunsecure().
2945 1852. [cleanup] Remove last vestiges of dnssec-signkey and
2946 dnssec-makekeyset (removed from Makefile years ago).
2948 1851. [doc] Doxygen comment markup. [RT #11398]
2950 1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
2952 1849. [doc] All forms of the man pages (docbook, man, html) should
2953 have consistent copyright dates.
2955 1848. [bug] Improve SMF integration. [RT #13238]
2957 1847. [bug] isc_ondestroy_init() is called too late in
2958 dns_rbtdb_create()/dns_rbtdb64_create().
2961 1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
2962 <bortzmeyer@nic.fr>.
2964 1845. [bug] Improve error reporting to distinguish between
2965 accept()/fcntl() and socket()/fcntl() errors.
2968 1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
2969 for each 16 bit piece of the IPv6 address. The text
2970 representation of a IPv6 address has been tightened
2971 to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
2974 1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps
2975 when CFLAGS contains "-I /usr/local/include"
2976 resulting in old header files being used.
2978 1842. [port] cmsg_len() could produce incorrect results on
2979 some platform. [RT #13744]
2981 1841. [bug] "dig +nssearch" now makes a recursive query to
2982 find the list of nameservers to query. [RT #13694]
2984 1840. [func] dnssec-signzone can now randomize signature end times
2985 (dnssec-signzone -j jitter). [RT #13609]
2987 1839. [bug] <isc/hash.h> was not being installed.
2989 1838. [cleanup] Don't allow Linux capabilities to be inherited.
2992 1837. [bug] Compile time option ISC_FACILITY was not effective
2993 for 'named -u <user>'. [RT #13714]
2995 1836. [cleanup] Silence compiler warnings in hash_test.c.
2997 1835. [bug] Update dnssec-signzone's usage message. [RT #13657]
2999 1834. [bug] Bad memset in rdata_test.c. [RT #13658]
3001 1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660]
3003 1832. [bug] named fails to return BADKEY on unknown TSIG algorithm.
3006 1831. [doc] Update named-checkzone documentation. [RT#13604]
3008 1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
3010 1829. [bug] win32: "pid-file none;" broken. [RT #13563]
3012 1828. [bug] isc_rwlock_init() failed to properly cleanup if it
3013 encountered a error. [RT #13549]
3015 1827. [bug] host: update usage message for '-a'. [RT #37116]
3017 1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out
3018 of memory error. [RT #13537]
3020 1825. [bug] Missing UNLOCK() on out of memory error from in
3021 rbtdb.c:subtractrdataset(). [RT #13519]
3023 1824. [bug] Memory leak on dns_zone_setdbtype() failure.
3026 1823. [bug] Wrong macro used to check for point to point interface.
3029 1822. [bug] check-names test for RT was reversed. [RT #13382]
3033 1820. [bug] Gracefully handle acl loops. [RT #13659]
3035 1819. [bug] The validator needed to check both the algorithm and
3036 digest types of the DS to determine if it could be
3037 used to introduce a secure zone. [RT #13593]
3039 1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599]
3041 1817. [func] Add support for additional zone file formats for
3042 improving loading performance. The masterfile-format
3043 option in named.conf can be used to specify a
3044 non-default format. A separate command
3045 named-compilezone was provided to generate zone files
3046 in the new format. Additionally, the -I and -O options
3047 for dnssec-signzone specify the input and output
3050 1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
3053 1815. [bug] nsupdate triggered a REQUIRE if the server was set
3054 without also setting the zone and it encountered
3055 a CNAME and was using TSIG. [RT #13086]
3057 1814. [func] UNIX domain controls are now supported.
3059 1813. [func] Restructured the data locking framework using
3060 architecture dependent atomic operations (when
3061 available), improving response performance on
3062 multi-processor machines significantly.
3063 x86, x86_64, alpha, powerpc, and mips are currently
3066 1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
3069 1811. [func] Preserve the case of domain names in rdata during
3070 zone transfers. [RT #13547]
3072 1810. [bug] configure, lib/bind/configure make different default
3073 decisions about whether to do a threaded build.
3076 1809. [bug] "make distclean" failed for libbind if the platform
3079 1808. [bug] zone.c:notify_zone() contained a race condition,
3080 zone->db could change underneath it. [RT #13511]
3082 1807. [bug] When forwarding (forward only) set the active domain
3083 from the forward zone name. [RT #13526]
3085 1806. [bug] The resolver returned the wrong result when a CNAME /
3086 DNAME was encountered when fetching glue from a
3087 secure namespace. [RT #13501]
3089 1805. [bug] Pending status was not being cleared when DLV was
3092 1804. [bug] Ensure that if we are queried for glue that it fits
3093 in the additional section or TC is set to tell the
3094 client to retry using TCP. [RT #10114]
3096 1803. [bug] dnssec-signzone sometimes failed to remove old
3099 1802. [bug] Handle connection resets better. [RT #11280]
3101 1801. [func] Report differences between hints and real NS rrset
3102 and associated address records.
3104 1800. [bug] Changes #1719 allowed a INSIST to be triggered.
3107 1799. [bug] 'rndc flushname' failed to flush negative cache
3108 entries. [RT #13438]
3110 1798. [func] The server syntax has been extended to support a
3111 range of servers. [RT #11132]
3113 1797. [func] named-checkconf now check acls to verify that they
3114 only refer to existing acls. [RT #13101]
3116 1796. [func] "rndc freeze/thaw" now freezes/thaws all zones.
3118 1795. [bug] "rndc dumpdb" was not fully documented. Minor
3119 formating issues with "rndc dumpdb -all". [RT #13396]
3121 1794. [func] Named and named-checkzone can now both check for
3122 non-terminal wildcard records.
3124 1793. [func] Extend adjusting TTL warning messages. [RT #13378]
3126 1792. [func] New zone option "notify-delay". Specify a minimum
3127 delay between sets of NOTIFY messages.
3129 1791. [bug] 'host -t a' still printed out AAAA and MX records.
3132 1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
3133 allow parallel make to succeed.
3135 1789. [bug] Prerequisite test for tkey and dnssec could fail
3136 with "configure --with-libtool".
3138 1788. [bug] libbind9.la/libbind9.so needs to link against
3139 libisccfg.la/libisccfg.so.
3141 1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.
3143 1786. [port] AIX: libt_api needs to be taught to look for
3144 T_testlist in the main executable (--with-libtool).
3147 1785. [bug] libbind9.la/libbind9.so needs to link against
3148 libisc.la/libisc.so.
3150 1784. [cleanup] "libtool -allow-undefined" is the default.
3151 Leave hooks in configure to allow it to be set
3152 if needed in the future.
3154 1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the
3157 1782. [port] OSX: --with-libtool + --enable-libbind broke on
3158 __evOptMonoTime. [RT #13219]
3160 1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
3162 1780. [bug] Update libtool to 1.5.10.
3164 1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
3166 1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
3167 IN6ADDR_LOOPBACK_INIT macros.
3169 1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
3170 IN6ADDR_LOOPBACK_INIT macros.
3172 1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
3173 IN6ADDR_LOOPBACK_INIT macros.
3175 1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
3177 1774. [port] Aix: Silence compiler warnings / build failures.
3180 1773. [bug] Fast retry on host / net unreachable. [RT #13153]
3186 1770. [bug] named-checkconf failed to report missing a missing
3187 file clause for rbt{64} master/hint zones. [RT#13009]
3189 1769. [port] win32: change compiler flags /MTd ==> /MDd,
3192 1768. [bug] nsecnoexistnodata() could be called with a non-NSEC
3193 rdataset. [RT #12907]
3195 1767. [port] Builds on IPv6 platforms without IPv6 Advanced API
3196 support for (struct in6_pktinfo) failed. [RT #13077]
3198 1766. [bug] Update the master file timestamp on successful refresh
3199 as well as the journal's timestamp. [RT# 13062]
3201 1765. [bug] configure --with-openssl=auto failed. [RT #12937]
3203 1764. [bug] dns_zone_replacedb failed to emit a error message
3204 if there was no SOA record in the replacement db.
3207 1763. [func] Perform sanity checks on NS records which refer to
3208 'in zone' names. [RT #13002]
3210 1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS
3211 even when it failed. [RT #12995]
3213 1761. [bug] 'rndc dumpdb' didn't report unassociated entries.
3216 1760. [bug] Host / net unreachable was not penalising rtt
3217 estimates. [RT #12970]
3219 1759. [bug] Named failed to startup if the OS supported IPv6
3220 but had no IPv6 interfaces configured. [RT #12942]
3222 1758. [func] Don't send notify messages to self. [RT #12933]
3224 1757. [func] host now can turn on memory debugging flags with '-m'.
3226 1756. [func] named-checkconf now checks the logging configuration.
3229 1755. [func] allow-update is now settable at the options / view
3232 1754. [bug] We weren't always attempting to query the parent
3233 server for the DS records at the zone cut.
3236 1753. [bug] Don't serve a slave zone which has no NS records.
3239 1752. [port] Move isc_app_start() to after ns_os_daemonise()
3240 as some fork() implementations unblock the signals
3241 that are blocked by isc_app_start(). [RT #12810]
3243 1751. [bug] --enable-getifaddrs failed under linux. [RT #12867]
3245 1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
3248 1749. [bug] 'check-names response ignore;' failed to ignore.
3251 1748. [func] dig now returns the byte count for axfr/ixfr.
3253 1747. [bug] BIND 8 compatibility: named/named-checkconf failed
3254 to parse "host-statistics-max" in named.conf.
3256 1746. [func] Make public the function to read a key file,
3257 dst_key_read_public(). [RT #12450]
3259 1745. [bug] Dig/host/nslookup accept replies from link locals
3260 regardless of scope if no scope was specified when
3261 query was sent. [RT #12745]
3263 1744. [bug] If tuple2msgname() failed to convert a tuple to
3264 a name a REQUIRE could be triggered. [RT #12796]
3266 1743. [bug] If isc_taskmgr_create() was not able to create the
3267 requested number of worker threads then destruction
3268 of the manager would trigger an INSIST() failure.
3271 1742. [bug] Deleting all records at a node then adding a
3272 previously existing record, in a single UPDATE
3273 transaction, failed to leave / regenerate the
3274 associated RRSIG records. [RT #12788]
3276 1741. [bug] Deleting all records at a node in a secure zone
3277 using a update-policy grant failed. [RT #12787]
3279 1740. [bug] Replace rbt's hash algorithm as it performed badly
3280 with certain zones. [RT #12729]
3282 NOTE: a hash context now needs to be established
3283 via isc_hash_create() if the application was not
3286 1739. [bug] dns_rbt_deletetree() could incorrectly return
3287 ISC_R_QUOTA. [RT #12695]
3289 1738. [bug] Enable overrun checking by default. [RT #12695]
3291 1737. [bug] named failed if more than 16 masters were specified.
3294 1736. [bug] dst_key_fromnamedfile() could fail to read a
3295 public key. [RT #12687]
3297 1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
3300 1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path.
3303 1733. [bug] Return non-zero exit status on initial load failure.
3306 1732. [bug] 'rrset-order name "*"' wasn't being applied to ".".
3309 1731. [port] darwin: relax version test in ifconfig.sh.
3312 1730. [port] Determine the length type used by the socket API.
3315 1729. [func] Improve check-names error messages.
3317 1728. [doc] Update check-names documentation.
3319 1727. [bug] named-checkzone: check-names support didn't match
3322 1726. [port] aix5: add support for aix5.
3324 1725. [port] linux: update error message on interaction of threads,
3325 capabilities and setuid support (named -u). [RT #12541]
3327 1724. [bug] Look for DNSKEY records with "dig +sigtrace".
3330 1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
3332 1722. [bug] Don't commit the journal on malformed ixfr streams.
3335 1721. [bug] Error message from the journal processing were not
3336 always identifying the relevant journal. [RT #12519]
3338 1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1
3339 negative response. [RT #12506]
3341 1719. [bug] named was not correctly caching a RFC 2308 Type 1
3342 negative response. [RT #12506]
3344 1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative
3345 responses when looking for the zone / master server.
3348 1717. [port] solaris: ifconfig.sh did not support Solaris 10.
3349 "ifconfig.sh down" didn't work for Solaris 9.
3351 1716. [doc] named.conf(5) was being installed in the wrong
3352 location. [RT# 12441]
3354 1715. [func] 'dig +trace' now randomly selects the next servers
3355 to try. Report if there is a bad delegation.
3357 1714. [bug] dig/host/nslookup were only trying the first
3358 address when a nameserver was specified by name.
3361 1713. [port] linux: extend capset failure message to say:
3362 please ensure that the capset kernel module is
3363 loaded. see insmod(8)
3365 1712. [bug] Missing FULLCHECK for "trusted-key" in dig.
3367 1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'.
3369 1710. [func] 'rndc notify zone [class [view]]' resend the NOTIFY
3370 messages for the specified zone. [RT #9479]
3372 1709. [port] solaris: add SMF support from Sun.
3374 1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
3375 for conformance to the name space convention. Binary
3376 backward compatibility to the old function name is
3377 provided. [RT #12376]
3379 1707. [contrib] sdb/ldap updated to version 1.0-beta.
3381 1706. [bug] 'rndc stop' failed to cause zones to be flushed
3382 sometimes. [RT #12328]
3384 1705. [func] Allow the journal's name to be changed via named.conf.
3386 1704. [port] lwres needed a snprintf() implementation for
3387 platforms without snprintf(). Add missing
3388 "#include <isc/print.h>". [RT #12321]
3390 1703. [bug] named would loop sending NOTIFY messages when it
3391 failed to receive a response. [RT #12322]
3393 1702. [bug] also-notify should not be applied to built in zones.
3396 1701. [doc] A minimal named.conf man page.
3398 1700. [func] nslookup is no longer to be treated as deprecated.
3399 Remove "deprecated" warning message. Add man page.
3401 1699. [bug] dnssec-signzone can generate "not exact" errors
3402 when resigning. [RT #12281]
3404 1698. [doc] Use reserved IPv6 documentation prefix.
3406 1697. [bug] xxx-source{,-v6} was not effective when it
3407 specified one of listening addresses and a
3408 different port than the listening port. [RT #12257]
3410 1696. [bug] dnssec-signzone failed to clean out nodes that
3411 consisted of only NSEC and RRSIG records.
3414 1695. [bug] DS records when forwarding require special handling.
3417 1694. [bug] Report if the builtin views of "_default" / "_bind"
3418 are defined in named.conf. [RT #12023]
3420 1693. [bug] max-journal-size was not effective for master zones
3421 with ixfr-from-differences set. [RT# 12024]
3423 1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
3424 /usr/lib. [RT #11971]
3426 1691. [bug] sdb's attachversion was not complete. [RT #11990]
3428 1690. [bug] Delay detaching view from the client until UPDATE
3429 processing completes when shutting down. [RT #11714]
3431 1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
3432 contained gratuitous semicolons. [RT #11707]
3434 1688. [bug] LDFLAGS was not supported.
3436 1687. [bug] Race condition in dispatch. [RT #10272]
3438 1686. [bug] Named sent a extraneous NOTIFY when it received a
3439 redundant UPDATE request. [RT #11943]
3441 1685. [bug] Change #1679 loop tests weren't quite right.
3443 1684. [func] ixfr-from-differences now takes master and slave in
3444 addition to yes and no at the options and view levels.
3446 1683. [bug] dig +sigchase could leak memory. [RT #11445]
3448 1682. [port] Update configure test for (long long) printf format.
3451 1681. [bug] Only set SO_REUSEADDR when a port is specified in
3452 isc_socket_bind(). [RT #11742]
3454 1680. [func] rndc: the source address can now be specified.
3456 1679. [bug] When there was a single nameserver with multiple
3457 addresses for a zone not all addresses were tried.
3460 1678. [bug] RRSIG should use TYPEXXXXX for unknown types.
3462 1677. [bug] dig: +aaonly didn't work, +aaflag undocumented.
3464 1676. [func] New option "allow-query-cache". This lets
3465 allow-query be used to specify the default zone
3466 access level rather than having to have every
3467 zone override the global value. allow-query-cache
3468 can be set at both the options and view levels.
3469 If allow-query-cache is not set allow-query applies.
3471 1675. [bug] named would sometimes add extra NSEC records to
3472 the authority section.
3474 1674. [port] linux: increase buffer size used to scan
3477 1673. [port] linux: issue a error messages if IPv6 interface
3480 1672. [cleanup] Tests which only function in a threaded build
3481 now return R:THREADONLY (rather than R:UNTESTED)
3482 in a non-threaded build.
3484 1671. [contrib] queryperf: add NAPTR to the list of known types.
3486 1670. [func] Log UPDATE requests to slave zones without an acl as
3487 "disabled" at debug level 3. [RT# 11657]
3491 1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
3493 1667. [port] linux: not all versions have IF_NAMESIZE.
3495 1666. [bug] The optional port on hostnames in dual-stack-servers
3498 1665. [func] rndc now allows addresses to be set in the
3501 1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.
3503 1663. [func] Look for OpenSSL by default.
3505 1662. [bug] Change #1658 failed to change one use of 'type'
3508 1661. [bug] Restore dns_name_concatenate() call in
3509 adb.c:set_target(). [RT #11582]
3511 1660. [bug] win32: connection_reset_fix() was being called
3512 unconditionally. [RT #11595]
3514 1659. [cleanup] Cleanup some messages that were referring to KEY vs
3515 DNSKEY, NXT vs NSEC and SIG vs RRSIG.
3517 1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
3518 and DH. Tighten which options apply to KEY and
3521 1657. [doc] ARM: document query log output.
3523 1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
3524 DNSKEY and RRSIG. [RT #11542]
3526 1655. [bug] Logging multiple versions w/o a size was broken.
3529 1654. [bug] isc_result_totext() contained array bounds read
3532 1653. [func] Add key type checking to dst_key_fromfilename(),
3533 DST_TYPE_KEY should be used to read TSIG, TKEY and
3536 1652. [bug] TKEY still uses KEY.
3538 1651. [bug] dig: process multiple dash options.
3540 1650. [bug] dig, nslookup: flush standard out after each command.
3542 1649. [bug] Silence "unexpected non-minimal diff" message.
3545 1648. [func] Update dnssec-lookaside named.conf syntax to support
3546 multiple dnssec-lookaside namespaces (not yet
3549 1647. [bug] It was possible trigger a INSIST when chasing a DS
3550 record that required walking back over a empty node.
3553 1646. [bug] win32: logging file versions didn't work with
3554 non-UNC filenames. [RT#11486]
3556 1645. [bug] named could trigger a REQUIRE failure if multiple
3557 masters with keys are specified.
3559 1644. [bug] Update the journal modification time after a
3560 successful refresh query. [RT #11436]
3562 1643. [bug] dns_db_closeversion() could leak memory / node
3563 references. [RT #11163]
3565 1642. [port] Support OpenSSL implementations which don't have
3566 DSA support. [RT #11360]
3568 1641. [bug] Update the check-names description in ARM. [RT #11389]
3570 1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
3571 incorrectly closing the socket. [RT #11291]
3573 1639. [func] Initial dlv system test.
3575 1638. [bug] "ixfr-from-differences" could generate a REQUIRE
3576 failure if the journal open failed. [RT #11347]
3578 1637. [bug] Node reference leak on error in addnoqname().
3580 1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
3581 a error had occurred. The database version no longer
3582 matched the version of the database that was dumped.
3584 1635. [bug] Memory leak on error in query_addds().
3586 1634. [bug] named didn't supply a useful error message when it
3587 detected duplicate views. [RT #11208]
3589 1633. [bug] named should return NOTIMP to update requests to a
3590 slaves without a allow-update-forwarding acl specified.
3593 1632. [bug] nsupdate failed to send prerequisite only UPDATE
3594 messages. [RT #11288]
3596 1631. [bug] dns_journal_compact() could sometimes corrupt the
3597 journal. [RT #11124]
3599 1630. [contrib] queryperf: add support for IPv6 transport.
3601 1629. [func] dig now supports IPv6 scoped addresses with the
3602 extended format in the local-server part. [RT #8753]
3604 1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]
3606 1627. [bug] win32: sockets were not being closed when the
3607 last external reference was removed. [RT# 11179]
3609 1626. [bug] --enable-getifaddrs was broken. [RT#11259]
3611 1625. [bug] named failed to load/transfer RFC2535 signed zones
3612 which contained CNAMES. [RT# 11237]
3614 1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
3616 1623. [bug] A serial number of zero was being displayed in the
3617 "sending notifies" log message when also-notify was
3620 1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
3621 available, and suppress wildcard binding if not.
3623 1621. [bug] match-destinations did not work for IPv6 TCP queries.
3626 1620. [func] When loading a zone report if it is signed. [RT #11149]
3628 1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
3631 1618. [bug] Fencepost errors in dns_name_ishostname() and
3632 dns_name_ismailbox() could trigger a INSIST().
3634 1617. [port] win32: VC++ 6.0 support.
3636 1616. [compat] Ensure that named's version is visible in the core
3639 1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
3642 1614. [port] win32: silence resource limit messages. [RT# 11101]
3644 1613. [bug] Builds would fail on machines w/o a if_nametoindex().
3645 Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
3648 1612. [bug] check-names at the option/view level could trigger
3649 an INSIST. [RT# 11116]
3651 1611. [bug] solaris: IPv6 interface scanning failed to cope with
3652 no active IPv6 interfaces.
3654 1610. [bug] On dual stack machines "dig -b" failed to set the
3655 address type to be looked up with "@server".
3658 1609. [func] dig now has support to chase DNSSEC signature chains.
3659 Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.
3661 DNSSEC validation code in dig coded by Olivier Courtay
3662 (olivier.courtay@irisa.fr) for the IDsA project
3663 (http://idsa.irisa.fr).
3665 1608. [func] dig and host now accept -4/-6 to select IP transport
3666 to use when making queries.
3668 1607. [bug] dig, host and nslookup were still using random()
3669 to generate query ids. [RT# 11013]
3671 1606. [bug] DLV insecurity proof was failing.
3673 1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
3675 1604. [bug] A xfrout_ctx_create() failure would result in
3676 xfrout_ctx_destroy() being called with a
3677 partially initialized structure.
3679 1603. [bug] nsupdate: set interactive based on isatty().
3682 1602. [bug] Logging to a file failed unless a size was specified.
3685 1601. [bug] Silence spurious warning 'both "recursion no;" and
3686 "allow-recursion" active' warning from view "_bind".
3689 1600. [bug] Duplicate zone pre-load checks were not case
3692 1599. [bug] Fix memory leak on error path when checking named.conf.
3694 1598. [func] Specify that certain parts of the namespace must
3695 be secure (dnssec-must-be-secure).
3697 1597. [func] Allow notify-source and query-source to be specified
3698 on a per server basis similar to transfer-source.
3701 1596. [func] Accept 'notify-source' style syntax for query-source.
3703 1595. [func] New notify type 'master-only'. Enable notify for
3706 1594. [bug] 'rndc dumpdb' could prevent named from answering
3707 queries while the dump was in progress. [RT #10565]
3709 1593. [bug] rndc should return "unknown command" to unknown
3710 commands. [RT# 10642]
3712 1592. [bug] configure_view() could leak a dispatch. [RT# 10675]
3714 1591. [bug] libbind: updated to BIND 8.4.5.
3716 1590. [port] netbsd: update thread support.
3718 1589. [func] DNSSEC lookaside validation.
3720 1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
3722 1587. [bug] dns_message_settsigkey() failed to clear existing key.
3725 1586. [func] "check-names" is now implemented.
3729 1584. [bug] "make test" failed with a read only source tree.
3732 1583. [bug] Records add via UPDATE failed to get the correct trust
3735 1582. [bug] rrset-order failed to work on RRsets with more
3736 than 32 elements. [RT #10381]
3738 1581. [func] Disable DNSSEC support by default. To enable
3739 DNSSEC specify "dnssec-enable yes;" in named.conf.
3741 1580. [bug] Zone destruction on final detach takes a long time.
3744 1579. [bug] Multiple task managers could not be created.
3746 1578. [bug] Don't use CLASS E IPv4 addresses when resolving.
3749 1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug
3750 workaround code. [RT #10331]
3752 1576. [bug] Race condition in dns_dispatch_addresponse().
3755 1575. [func] Log TSIG name on TSIG verify failure. [RT #4404]
3757 1574. [bug] Don't attempt to open the controls socket(s) when
3758 running tests. [RT #9091]
3760 1573. [port] linux: update to libtool 1.5.2 so that
3761 "make install DESTDIR=/xx" works with
3762 "configure --with-libtool". [RT #9941]
3764 1572. [bug] nsupdate: sign the soa query to find the enclosing
3765 zone if the server is specified. [RT #10148]
3767 1571. [bug] rbt:hash_node() could fail leaving the hash table
3768 in an inconsistent state. [RT #10208]
3770 1570. [bug] nsupdate failed to handle classes other than IN.
3771 New keyword 'class' which sets the default class.
3774 1569. [func] nsupdate new command 'answer' which displays the
3775 complete answer message to the last update.
3777 1568. [bug] nsupdate now reports that the update failed in
3778 interactive mode. [RT# 10236]
3780 1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
3782 1566. [port] Support for the cmsg framework on Solaris and HP/UX.
3783 This also solved the problem that match-destinations
3784 for IPv6 addresses did not work on these systems.
3787 1565. [bug] CD flag should be copied to outgoing queries unless
3788 the query is under a secure entry point in which case
3791 1564. [func] Attempt to provide a fallback entropy source to be
3792 used if named is running chrooted and named is unable
3793 to open entropy source within the chroot area.
3796 1563. [bug] Gracefully fail when unable to obtain neither an IPv4
3797 nor an IPv6 dispatch. [RT #10230]
3799 1562. [bug] isc_socket_create() and isc_socket_accept() could
3800 leak memory under error conditions. [RT #10230]
3802 1561. [bug] It was possible to release the same name twice if
3803 named ran out of memory. [RT #10197]
3805 1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
3806 and EAI_NONAME to the same value.
3808 1559. [port] named should ignore SIGFSZ.
3810 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
3811 child zones for which we don't have a supported
3812 algorithm. Such child zones are treated as unsigned.
3814 1557. [func] Implement missing DNSSEC tests for
3815 * NOQNAME proof with wildcard answers.
3816 * NOWILDARD proof with NXDOMAIN.
3817 Cache and return NOQNAME with wildcard answers.
3819 1556. [bug] nsupdate now treats all names as fully qualified.
3822 1555. [func] 'rrset-order cyclic' no longer has a random starting
3823 point per query. [RT #7572]
3825 1554. [bug] dig, host, nslookup failed when no nameservers
3826 were specified in /etc/resolv.conf. [RT #8232]
3828 1553. [bug] The windows socket code could stop accepting
3829 connections. [RT#10115]
3831 1552. [bug] Accept NOTIFY requests from mapped masters if
3832 matched-mapped is set. [RT #10049]
3834 1551. [port] Open "/dev/null" before calling chroot().
3836 1550. [port] Call tzset(), if available, before calling chroot().
3838 1549. [func] named-checkzone can now write out the zone contents
3839 in a easily parsable format (-D and -o).
3841 1548. [bug] When parsing APL records it was possible to silently
3842 accept out of range ADDRESSFAMILY values. [RT# 9979]
3844 1547. [bug] Named wasted memory recording duplicate lame zone
3847 1546. [bug] We were rejecting valid secure CNAME to negative
3850 1545. [bug] It was possible to leak memory if named was unable to
3851 bind to the specified transfer source and TSIG was
3852 being used. [RT #10120]
3854 1544. [bug] Named would logged a single entry to a file despite it
3855 being over the specified size limit.
3857 1543. [bug] Logging using "versions unlimited" did not work.
3861 1541. [func] NSEC now uses new bitmap format.
3863 1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
3866 1539. [bug] Open UDP sockets for notify-source and transfer-source
3867 that use reserved ports at startup. [RT #9475]
3869 1538. [placeholder] rt9997
3871 1537. [func] New option "querylog". If set specify whether query
3872 logging is to be enabled or disabled at startup.
3874 1536. [bug] Windows socket code failed to log a error description
3875 when returning ISC_R_UNEXPECTED. [RT #9998]
3879 1534. [bug] Race condition when priming cache. [RT# 9940]
3881 1533. [func] Warn if both "recursion no;" and "allow-recursion"
3882 are active. [RT# 4389]
3884 1532. [port] netbsd: the configure test for <sys/sysctl.h>
3885 requires <sys/param.h>.
3887 1531. [port] AIX more libtool fixes.
3889 1530. [bug] It was possible to trigger a INSIST() failure if a
3890 slave master file was removed at just the correct
3893 1529. [bug] "notify explicit;" failed to log that NOTIFY messages
3894 were being sent for the zone. [RT# 9442]
3896 1528. [cleanup] Simplify some dns_name_ functions based on the
3897 deprecation of bitstring labels.
3899 1527. [cleanup] Reduce the number of gettimeofday() calls without
3900 losing necessary timer granularity.
3902 1526. [func] Implemented "additional section caching (or acache)",
3903 an internal cache framework for additional section
3904 content to improve response performance. Several
3905 configuration options were provided to control the
3908 1525. [bug] dns_cache_create() could trigger a REQUIRE
3909 failure in isc_mem_put() during error cleanup.
3912 1524. [port] AIX needs to be able to resolve all symbols when
3913 creating shared libraries (--with-libtool).
3915 1523. [bug] Fix race condition in rbtdb. [RT# 9189]
3917 1522. [bug] dns_db_findnode() relax the requirements on 'name'.
3920 1521. [bug] dns_view_createresolver() failed to check the
3921 result from isc_mem_create(). [RT# 9294]
3923 1520. [protocol] Add SSHFP (SSH Finger Print) type.
3925 1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
3926 length of the new bitmap.
3928 1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(),
3929 contained a off-by-one error when working out the
3930 number of octets in the bitmap.
3932 1517. [port] Support for IPv6 interface scanning on HP/UX and
3935 1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
3937 1515. [func] Allow transfer source to be set in a server statement.
3940 1514. [bug] named: isc_hash_destroy() was being called too early.
3943 1513. [doc] Add "US" to root-delegation-only exclude list.
3945 1512. [bug] Extend the delegation-only logging to return query
3946 type, class and responding nameserver.
3948 1511. [bug] delegation-only was generating false positives
3949 on negative answers from sub-zones.
3951 1510. [func] New view option "root-delegation-only". Apply
3952 delegation-only check to all TLDs and root.
3953 Note there are some TLDs that are NOT delegation
3954 only (e.g. DE, LV, US and MUSEUM) these can be excluded
3955 from the checks by using exclude.
3957 root-delegation-only exclude {
3958 "DE"; "LV"; "US"; "MUSEUM";
3961 1509. [bug] Hint zones should accept delegation-only. Forward
3962 zone should not accept delegation-only.
3964 1508. [bug] Don't apply delegation-only checks to answers from
3967 1507. [bug] Handle BIND 8 style returns to NS queries to parents
3968 when making delegation-only checks.
3970 1506. [bug] Wrong return type for dns_view_isdelegationonly().
3972 1505. [bug] Uninitialized rdataset in sdb. [RT #8750]
3974 1504. [func] New zone type "delegation-only".
3976 1503. [port] win32: install libeay32.dll outside of system32.
3978 1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP.
3980 1501. [func] Allow TCP queue length to be specified via
3981 named.conf, tcp-listen-queue.
3983 1500. [bug] host failed to lookup MX records. Also look up
3986 1499. [bug] isc_random need to be seeded better if arc4random()
3989 1498. [port] bsdos: 5.x support.
3993 1496. [port] test for pthread_attr_setstacksize().
3995 1495. [cleanup] Replace hash functions with universal hash.
3997 1494. [security] Turn on RSA BLINDING as a precaution.
4001 1492. [cleanup] Preserve rwlock quota context when upgrading /
4002 downgrading. [RT #5599]
4004 1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
4007 1490. [bug] Accept reading state as well as working state in
4008 ns_client_next(). [RT #6813]
4010 1489. [compat] Treat 'allow-update' on slave zones as a warning.
4013 1488. [bug] Don't override trust levels for glue addresses.
4016 1487. [bug] A REQUIRE() failure could be triggered if a zone was
4017 queued for transfer and the zone was then removed.
4020 1486. [bug] isc_print_snprintf() '%%' consumed one too many format
4021 characters. [RT# 8230]
4023 1485. [bug] gen failed to handle high type values. [RT #6225]
4025 1484. [bug] The number of records reported after a AXFR was wrong.
4028 1483. [bug] dig axfr failed if the message id in the answer failed
4029 to match that in the request. Only the id in the first
4030 message is required to match. [RT #8138]
4032 1482. [bug] named could fail to start if the kernel supports
4033 IPv6 but no interfaces are configured. Similarly
4034 for IPv4. [RT #6229]
4036 1481. [bug] Refresh and stub queries failed to use masters keys
4037 if specified. [RT #7391]
4039 1480. [bug] Provide replay protection for rndc commands. Full
4040 replay protection requires both rndc and named to
4041 be updated. Partial replay protection (limited
4042 exposure after restart) is provided if just named
4045 1479. [bug] cfg_create_tuple() failed to handle out of
4046 memory cleanup. parse_list() would leak memory
4049 1478. [port] ifconfig.sh didn't account for other virtual
4050 interfaces. It now takes a optional argument
4051 to specify the first interface number. [RT #3907]
4053 1477. [bug] memory leak using stub zones and TSIG.
4057 1475. [port] Probe for old sprintf().
4059 1474. [port] Provide strtoul() and memmove() for platforms
4062 1473. [bug] create_map() and create_string() failed to handle out
4063 of memory cleanup. [RT #6813]
4065 1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
4067 1471. [bug] libbind: updated to BIND 8.4.0.
4069 1470. [bug] Incorrect length passed to snprintf. [RT #5966]
4071 1469. [func] Log end of outgoing zone transfer at same level
4072 as the start of transfer is logged. [RT #4441]
4074 1468. [func] Internal zones are no longer counted for
4075 'rndc status'. [RT #4706]
4077 1467. [func] $GENERATES now supports optional class and ttl.
4079 1466. [bug] lwresd configuration errors resulted in memory
4080 and lock leaks. [RT #5228]
4082 1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
4083 failed to check that trailing bits were zero allowing
4084 some invalid base64 strings to be accepted. [RT #5397]
4086 1464. [bug] Preserve "out of zone" data for outgoing zone
4087 transfers. [RT #5192]
4089 1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
4090 NXT bit maps. [RT #5577]
4092 1462. [bug] parse_sizeval() failed to check the token type.
4095 1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
4097 1460. [bug] inet_pton() failed to reject certain malformed
4102 1458. [cleanup] sprintf() -> snprintf().
4104 1457. [port] Provide strlcat() and strlcpy() for platforms without
4107 1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
4109 1455. [bug] <netaddr> missing from server grammar in
4110 doc/misc/options. [RT #5616]
4112 1454. [port] Use getifaddrs() if available for interface scanning.
4113 --disable-getifaddrs to override. Glibc currently
4114 has a getifaddrs() that does not support IPv6.
4115 Use --enable-getifaddrs=glibc to force the use of
4116 this version under linux machines.
4118 1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
4122 1451. [bug] rndc-confgen didn't exit with a error code for all
4123 failures. [RT #5209]
4125 1450. [bug] Fetching expired glue failed under certain
4126 circumstances. [RT #5124]
4128 1449. [bug] query_addbestns() didn't handle running out of memory
4131 1448. [bug] Handle empty wildcards labels.
4133 1447. [bug] We were casting (unsigned int) to and from (void *).
4134 rdataset->private4 is now rdataset->privateuint4
4135 to reflect a type change.
4137 1446. [func] Implemented undocumented alternate transfer sources
4138 from BIND 8. See use-alt-transfer-source,
4139 alt-transfer-source and alt-transfer-source-v6.
4141 SECURITY: use-alt-transfer-source is ENABLED unless
4142 you are using views. This may cause a security risk
4143 resulting in accidental disclosure of wrong zone
4144 content if the master supplying different source
4145 content based on IP address. If you are not certain
4146 ISC recommends setting use-alt-transfer-source no;
4148 1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
4149 been replaced with DNS_ADBFIND_STARTATZONE which
4150 causes the search to start using the closest zone.
4152 1444. [func] dns_view_findzonecut2() allows you to specify if the
4153 cache should be searched for zone cuts.
4155 1443. [func] Masters lists can now be specified and referenced
4156 in zone masters clauses and other masters lists.
4158 1442. [func] New functions for manipulating port lists:
4159 dns_portlist_create(), dns_portlist_add(),
4160 dns_portlist_remove(), dns_portlist_match(),
4161 dns_portlist_attach() and dns_portlist_detach().
4163 1441. [func] It is now possible to tell dig to bind to a specific
4166 1440. [func] It is now possible to tell named to avoid using
4167 certain source ports (avoid-v4-udp-ports,
4168 avoid-v6-udp-ports).
4170 1439. [bug] Named could return NOERROR with certain NOTIFY
4171 failures. Return NOTAUTH if the NOTIFY zone is
4174 1438. [func] Log TSIG (if any) when logging NOTIFY requests.
4176 1437. [bug] Leave space for stdio to work in. [RT #5033]
4178 1436. [func] dns_zonemgr_resumexfrs() can be used to restart
4181 1435. [bug] zmgr_resume_xfrs() was being called read locked
4182 rather than write locked. zmgr_resume_xfrs()
4183 was not being called if the zone was being
4186 1434. [bug] "rndc reconfig" failed to initiate the initial
4187 zone transfer of new slave zones.
4189 1433. [bug] named could trigger a REQUIRE failure if it could
4190 not get a file descriptor when attempting to write
4191 a master file. [RT #4347]
4193 1432. [func] The advertised EDNS UDP buffer size can now be set
4194 via named.conf (edns-udp-size).
4196 1431. [bug] isc_print_snprintf() "%s" with precision could walk off
4197 end of argument. [RT #5191]
4199 1430. [port] linux: IPv6 interface scanning support.
4201 1429. [bug] Prevent the cache getting locked to old servers.
4205 1427. [bug] Race condition in adb with threaded build.
4209 1425. [port] linux/libbind: define __USE_MISC when testing *_r()
4210 function prototypes in netdb.h. [RT #4921]
4212 1424. [bug] EDNS version not being correctly printed.
4214 1423. [contrib] queryperf: added A6 and SRV.
4216 1422. [func] Log name/type/class when denying a query. [RT #4663]
4218 1421. [func] Differentiate updates that don't succeed due to
4219 prerequisites (unsuccessful) vs other reasons
4222 1420. [port] solaris: work around gcc optimizer bug.
4224 1419. [port] openbsd: use /dev/arandom. [RT #4950]
4226 1418. [bug] 'rndc reconfig' did not cause new slaves to load.
4228 1417. [func] ID.SERVER/CHAOS is now a built in zone.
4229 See "server-id" for how to configure.
4231 1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
4234 1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
4237 1414. [func] Support for KSK flag.
4239 1413. [func] Explicitly request the (re-)generation of DS records
4240 from keysets (dnssec-signzone -g).
4242 1412. [func] You can now specify servers to be tried if a nameserver
4243 has IPv6 address and you only support IPv4 or the
4244 reverse. See dual-stack-servers.
4246 1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
4248 1410. [func] Handle records that live in the parent zone, e.g. DS.
4250 1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
4252 1408. [bug] "make distclean" was not complete. [RT #4700]
4254 1407. [bug] lfsr incorrectly implements the shift register.
4257 1406. [bug] dispatch initializes one of the LFSR's with a incorrect
4258 polynomial. [RT #4617]
4260 1405. [func] Use arc4random() if available.
4262 1404. [bug] libbind: ns_name_ntol() could overwrite a zero length
4265 1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset
4266 dnssec-signkey now report their version in the
4269 1402. [cleanup] A6 has been moved to experimental and is no longer
4272 1401. [bug] adb wasn't clearing state when the timer expired.
4274 1400. [bug] Block the addition of wildcard NS records by IXFR
4275 or UPDATE. [RT #3502]
4277 1399. [bug] Use serial number arithmetic when testing SIG
4278 timestamps. [RT #4268]
4280 1398. [doc] ARM: notify-also should have been also-notify.
4283 1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
4285 1396. [func] dnssec-signzone: adjust the default signing time by
4286 1 hour to allow for clock skew.
4288 1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
4289 have a working implementation. [RT #4079]
4291 1394. [func] It is now possible to check if a particular element is
4292 in a acl. Remove duplicate entries from the localnets
4295 1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
4296 is not available in the kernel to prevent accidently
4297 listening on IPv4 interfaces.
4299 1392. [bug] named-checkzone: update usage.
4301 1391. [func] Add support for IPv6 scoped addresses in named.
4303 1390. [func] host now supports ixfr.
4305 1389. [bug] named could fail to rotate long log files. [RT #3666]
4307 1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
4308 defining HAVE_IFLIST_SYSCTL. [RT #3770]
4310 1387. [bug] named could crash due to an access to invalid memory
4311 space (which caused an assertion failure) in
4312 incremental cleaning. [RT #3588]
4314 1386. [bug] named-checkzone -z stopped on errors in a zone.
4317 1385. [bug] Setting serial-query-rate to 10 would trigger a
4320 1384. [bug] host was incompatible with BIND 8 in its exit code and
4321 in the output with the -l option. [RT #3536]
4323 1383. [func] Track the serial number in a IXFR response and log if
4324 a mismatch occurs. This is a more specific error than
4325 "not exact". [RT #3445]
4327 1382. [bug] make install failed with --enable-libbind. [RT #3656]
4329 1381. [bug] named failed to correctly process answers that
4330 contained DNAME records where the resulting CNAME
4331 resulted in a negative answer.
4333 1380. [func] 'rndc recursing' dump recursing queries to
4334 'recursing-file = "named.recursing";'.
4336 1379. [func] 'rndc status' now reports tcp and recursion quota
4339 1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
4341 1377. [func] dns_zone_load{new}() now reports if the zone was
4342 loaded, queued for loading to up to date.
4344 1376. [func] New function dns_zone_logc() to log to specified
4347 1375. [func] 'rndc dumpdb' now dumps the adb cache along with the
4350 1374. [func] dns_adb_dump() now logs the lame zones associated
4353 1373. [bug] Recovery from expired glue failed under certain
4356 1372. [bug] named crashes with an assertion failure on exit when
4357 sharing the same port for listening and querying, and
4358 changing listening addresses several times. [RT# 3509]
4360 1371. [bug] notify-source-v6, transfer-source-v6 and
4361 query-source-v6 with explicit addresses and using the
4362 same ports as named was listening on could interfere
4363 with named's ability to answer queries sent to those
4366 1370. [bug] dig '+[no]recurse' was incorrectly documented.
4368 1369. [bug] Adding an NS record as the lexicographically last
4369 record in a secure zone didn't work.
4371 1368. [func] remove support for bitstring labels.
4373 1367. [func] Use response times to select forwarders.
4375 1366. [contrib] queryperf usage was incomplete. Add '-h' for help.
4377 1365. [func] "localhost" and "localnets" acls now include IPv6
4378 addresses / prefixes.
4380 1364. [func] Log file name when unable to open memory statistics
4381 and dump database files. [RT# 3437]
4383 1363. [func] Listen-on-v6 now supports specific addresses.
4385 1362. [bug] remove IFF_RUNNING test when scanning interfaces.
4387 1361. [func] log the reason for rejecting a server when resolving
4390 1360. [bug] --enable-libbind would fail when not built in the
4391 source tree for certain OS's.
4393 1359. [security] Support patches OpenSSL libraries.
4394 http://www.cert.org/advisories/CA-2002-23.html
4396 1358. [bug] It was possible to trigger a INSIST when debugging
4397 large dynamic updates. [RT #3390]
4399 1357. [bug] nsupdate was extremely wasteful of memory.
4401 1356. [tuning] Reduce the number of events / quantum for zone tasks.
4403 1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
4405 1354. [doc] lwres man pages had illegal nroff.
4407 1353. [contrib] sdb/ldap to version 0.9.
4409 1352. [bug] dig, host, nslookup when falling back to TCP use the
4410 current search entry (if any). [RT #3374]
4412 1351. [bug] lwres_getipnodebyname() returned the wrong name
4413 when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
4416 1350. [bug] dns_name_fromtext() failed to handle too many labels
4419 1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
4420 http://www.cert.org/advisories/CA-2002-23.html
4422 1348. [port] win32: Rewrote code to use I/O Completion Ports
4423 in socket.c and eliminating a host of socket
4424 errors. Performance is enhanced.
4430 1345. [port] Use a explicit -Wformat with gcc. Not all versions
4431 include it in -Wall.
4433 1344. [func] Log if the serial number on the master has gone
4435 If you have multiple machines specified in the masters
4436 clause you may want to set 'multi-master yes;' to
4437 suppress this warning.
4439 1343. [func] Log successful notifies received (info). Adjust log
4440 level for failed notifies to notice.
4442 1342. [func] Log remote address with TCP dispatch failures.
4444 1341. [func] Allow a rate limiter to be stalled.
4446 1340. [bug] Delay and spread out the startup refresh load.
4448 1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
4449 lookups. Bit string lookups are no longer attempted.
4455 1336. [func] Nibble lookups under IP6.ARPA are now supported by
4456 dns_byaddr_create(). dns_byaddr_createptrname() is
4457 deprecated, use dns_byaddr_createptrname2() instead.
4459 1335. [bug] When performing a nonexistence proof, the validator
4460 should discard parent NXTs from higher in the DNS.
4462 1334. [bug] When signing/verifying rdatasets, duplicate rdatas
4463 need to be suppressed.
4465 1333. [contrib] queryperf now reports a summary of returned
4466 rcodes (-c), rcodes are printed in mnemonic form (-v).
4468 1332. [func] Report the current serial with periodic commits when
4469 rolling forward the journal.
4471 1331. [func] Generate DNSSEC wildcard proofs.
4473 1330. [bug] When processing events (non-threaded) only allow
4474 the task one chance to use to use its quantum.
4476 1329. [func] named-checkzone will now check if nameservers that
4477 appear to be IP addresses. Available modes "fail",
4478 "warn" (default) and "ignore" the results of the
4481 1328. [bug] The validator could incorrectly verify an invalid
4484 1327. [bug] The validator would incorrectly mark data as insecure
4485 when seeing a bogus signature before a correct
4488 1326. [bug] DNAME/CNAME signatures were not being cached when
4489 validation was not being performed. [RT #3284]
4491 1325. [bug] If the tcpquota was exhausted it was possible to
4492 to trigger a INSIST() failure.
4494 1324. [port] darwin: ifconfig.sh now supports darwin.
4496 1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
4498 1322. [bug] dnssec-signzone usage message was misleading.
4500 1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
4501 would incorrectly duplicate its output and sign it.
4503 1320. [doc] query-source-v6 was missing from options section.
4506 1319. [func] libbind: log attempts to exploit #1318.
4508 1318. [bug] libbind: Remote buffer overrun.
4510 1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
4513 1316. [bug] libbind: gethostans() could get out of sync parsing
4514 the response if there was a very long CNAME chain.
4516 1315. [bug] Options should apply to the internal _bind view.
4518 1314. [port] Handle ECONNRESET from sendmsg() [unix].
4520 1313. [func] Query log now says if the query was signed (S) or
4521 if EDNS was used (E).
4523 1312. [func] Log TSIG key used w/ outgoing zone transfers.
4525 1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
4527 1310. [bug] 'rndc stop' failed to cause zones to be flushed
4528 sometimes. [RT #3157]
4530 1309. [func] Log that a zone transfer was covered by a TSIG.
4532 1308. [func] DS (delegation signer) support.
4534 1307. [bug] nsupdate: allow white space base64 key data.
4536 1306. [bug] Badly encoded LOC record when the size, horizontal
4537 precision or vertical precision was 0.1m.
4539 1305. [bug] Document that internal zones are included in the
4540 rndc status results.
4542 1304. [func] New function: dns_zone_name().
4544 1303. [func] Option 'flush-zones-on-shutdown <boolean>;'.
4546 1302. [func] Extended rndc dumpdb to support dumping of zones and
4547 view selection: 'dumpdb [-all|-zones|-cache] [view]'.
4549 1301. [func] New category 'update-security'.
4551 1300. [port] Compaq Trucluster support.
4553 1299. [bug] Set AI_ADDRCONFIG when looking up addresses
4554 via getaddrinfo() (affects dig, host, nslookup, rndc
4557 1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
4558 could be left with a trailing "\" after configure
4561 1297. [port] linux: make handling EINVAL from socket() no longer
4562 conditional on #ifdef LINUX.
4564 1296. [bug] isc_log_closefilelogs() needed to lock the log
4567 1295. [bug] isc_log_setdebuglevel() needed to lock the log
4570 1294. [func] libbind: no longer attempts bit string labels for
4571 IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
4572 for nibble style resolution.
4574 1293. [func] Entropy can now be retrieved from EGDs. [RT #2438]
4576 1292. [func] Enable IPv6 support when using ioctl style interface
4577 scanning and OS supports SIOCGLIFADDR using struct
4580 1291. [func] Enable IPv6 support when using sysctl style interface
4583 1290. [func] "dig axfr" now reports the number of messages
4584 as well as the number of records.
4586 1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
4588 1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
4589 reflect written requirements.
4591 1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
4592 a rdataset to a zone db in the rbtdb implementation of
4595 1286. [bug] dns_name_downcase() enforce requirement that
4596 target != NULL or name->buffer != NULL.
4598 1285. [func] lwres: probe the system to see what address families
4599 are currently in use.
4601 1284. [bug] The RTT estimate on unused servers was not aged.
4604 1283. [func] Use "dataready" accept filter if available.
4606 1282. [port] libbind: hpux 11.11 interface scanning.
4608 1281. [func] Log zone when unable to get private keys to update
4609 zone. Log zone when NXT records are missing from
4612 1280. [bug] libbind: escape '(' and ')' when converting to
4615 1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
4617 1278. [func] dig: now supports +[no]cl +[no]ttlid.
4619 1277. [func] You can now create your own customized printing
4620 styles: dns_master_stylecreate() and
4621 dns_master_styledestroy().
4623 1276. [bug] libbind: const pointer conflicts in res_debug.c.
4625 1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
4627 1274. [bug] Memory leak in lwres_gnbarequest_parse().
4629 1273. [port] libbind: solaris: 64 bit binary compatibility.
4631 1272. [contrib] Berkeley DB 4.0 sdb implementation from
4632 Nuno Miguel Rodrigues <nmr@co.sapo.pt>.
4634 1271. [bug] "recursion available: {denied,approved}" was too
4637 1270. [bug] Check that system inet_pton() and inet_ntop() support
4640 1269. [port] Openserver: ifconfig.sh support.
4642 1268. [port] Openserver: the value FD_SETSIZE depends on whether
4643 <sys/param.h> is included or not. Be consistent.
4645 1267. [func] isc_file_openunique() now creates file using mode
4646 0666 rather than 0600.
4648 1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
4649 __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
4650 are not C++ compatible, use *_TYPE versions instead.
4652 1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
4653 C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
4657 1263. [bug] Reference after free error if dns_dispatchmgr_create()
4660 1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
4662 1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
4663 support for compressed TSIG owner names.
4665 1260. [func] libbind: res_update can now update IPv6 servers,
4666 new function res_findzonecut2().
4668 1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
4671 1258. [bug] libbind: res_nametotype() and res_nametoclass() were
4674 1257. [bug] Failure to write pid-file should not be fatal on
4677 1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
4679 1255. [bug] When verifying that an NXT proves nonexistence, check
4680 the rcode of the message and only do the matching NXT
4681 check. That is, for NXDOMAIN responses, check that
4682 the name is in the range between the NXT owner and
4683 next name, and for NOERROR NODATA responses, check
4684 that the type is not present in the NXT bitmap.
4686 1254. [func] preferred-glue option from BIND 8.3.
4688 1253. [bug] The dnssec system test failed to remove the correct
4691 1252. [bug] Dig, host and nslookup were not checking the address
4692 the answer was coming from against the address it was
4695 1251. [port] win32: a make file contained absolute version specific
4698 1250. [func] Nsupdate will report the address the update was
4701 1249. [bug] Missing masters clause was not handled gracefully.
4704 1248. [bug] DESTDIR was not being propagated between makes.
4706 1247. [bug] Don't reset the interface index for link/site local
4707 addresses. [RT #2576]
4709 1246. [func] New functions isc_sockaddr_issitelocal(),
4710 isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
4711 and isc_netaddr_islinklocal().
4713 1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
4716 1244. [bug] Receiving a TCP message from a blackhole address would
4717 prevent further messages being received over that
4720 1243. [bug] It was possible to trigger a REQUIRE() in
4721 dns_message_findtype(). [RT #2659]
4723 1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
4725 1241. [bug] Drop received UDP messages with a zero source port
4726 as these are invariably forged. [RT #2621]
4728 1240. [bug] It was possible to leak zone references by
4729 specifying an incorrect zone to rndc.
4731 1239. [bug] Under certain circumstances named could continue to
4732 use a name after it had been freed triggering
4733 INSIST() failures. [RT #2614]
4735 1238. [bug] It is possible to lockup the server when shutting down
4736 if notifies were being processed. [RT #2591]
4738 1237. [bug] nslookup: "set q=type" failed.
4740 1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
4741 NULL terminated text regions. [RT #2588]
4743 1235. [func] Report 'out of memory' errors from openssl.
4745 1234. [bug] contrib/sdb: 'zonetodb' failed to call
4746 dns_result_register(). DNS_R_SEENINCLUDE should not
4749 1233. [bug] The flags field of a KEY record can be expressed in
4750 hex as well as decimal.
4752 1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
4754 1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
4756 1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
4758 1229. [bug] named would crash if it received a TSIG signed
4759 query as part of an AXFR response. [RT #2570]
4761 1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
4763 1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
4764 if a number was expected and some other token was
4767 1226. [func] Use EDNS for zone refresh queries. [RT #2551]
4769 1225. [func] dns_message_setopt() no longer requires that
4770 dns_message_renderbegin() to have been called.
4772 1224. [bug] 'rrset-order' and 'sortlist' should be additive
4775 1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
4778 1222. [bug] Specifying 'port *' did not always result in a system
4779 selected (non-reserved) port being used. [RT #2537]
4781 1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
4782 compared case insensitively. [RT #2542]
4784 1220. [func] Support for APL rdata type.
4786 1219. [func] Named now reports the TSIG extended error code when
4787 signature verification fails. [RT #1651]
4789 1218. [bug] Named incorrectly returned SERVFAIL rather than
4790 NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
4792 1217. [func] Report locations of previous key definition when a
4793 duplicate is detected.
4795 1216. [bug] Multiple server clauses for the same server were not
4796 reported. [RT #2514]
4798 1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
4800 1214. [bug] Win32: isc_file_renameunique() could leave zero length
4803 1213. [func] Report view associated with client if it is not a
4804 standard view (_default or _bind).
4806 1212. [port] libbind: 64k answer buffers were causing stack space
4807 to be exceeded for certain OS. Use heap space instead.
4809 1211. [bug] dns_name_fromtext() incorrectly handled certain
4810 valid octal bitlabels. [RT #2483]
4812 1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
4813 compatible addresses. [RT #2461]
4815 1209. [bug] Dig, host, nslookup were not checking the message ids
4816 on the responses. [RT #2454]
4818 1208. [bug] dns_master_load*() failed to log a error message if
4819 an error was detected when parsing the ownername of
4820 a record. [RT #2448]
4822 1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
4825 1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
4826 trigger a non-EDNS retry.
4828 1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
4829 of the message. [RT #2449]
4831 1204. [bug] libbind: res_nupdate() failed to update the name
4832 server addresses before sending the update.
4834 1203. [func] Report locations of previous acl and zone definitions
4835 when a duplicate is detected.
4837 1202. [func] New functions: cfg_obj_line() and cfg_obj_file().
4839 1201. [bug] Require that if 'callbacks' is passed to
4840 dns_rdata_fromtext(), callbacks->error and
4841 callbacks->warn are initialized.
4843 1200. [bug] Log 'errno' that we are unable to convert to
4844 isc_result_t. [RT #2404]
4846 1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
4849 1198. [bug] OPT printing style was not consistent with the way the
4850 header fields are printed. The DO bit was not reported
4851 if set. Report if any of the MBZ bits are set.
4853 1197. [bug] Attempts to define the same acl multiple times were not
4856 1196. [contrib] update mdnkit to 2.2.3.
4858 1195. [bug] Attempts to redefine builtin acls should be caught.
4861 1194. [bug] Not all duplicate zone definitions were being detected
4862 at the named.conf checking stage. [RT #2431]
4864 1193. [bug] dig +besteffort parsing didn't handle packet
4865 truncation. dns_message_parse() has new flag
4866 DNS_MESSAGE_IGNORETRUNCATION.
4868 1192. [bug] The seconds fields in LOC records were restricted
4869 to three decimal places. More decimal places should
4870 be allowed but warned about.
4872 1191. [bug] A dynamic update removing the last non-apex name in
4873 a secure zone would fail. [RT #2399]
4875 1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands.
4878 1189. [bug] On some systems, malloc(0) returns NULL, which
4879 could cause the caller to report an out of memory
4882 1188. [bug] Dynamic updates of a signed zone would fail if
4883 some of the zone private keys were unavailable.
4885 1187. [bug] named was incorrectly returning DNSSEC records
4886 in negative responses when the DO bit was not set.
4888 1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
4889 EOL token when reading to end of line.
4891 1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
4892 unless RES_INIT is set when calling res_*init().
4894 1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
4895 when res_*init() is called.
4897 1183. [bug] Handle ENOSR error when writing to the internal
4898 control pipe. [RT #2395]
4900 1182. [bug] The server could throw an assertion failure when
4901 constructing a negative response packet.
4903 1181. [func] Add the "key-directory" configuration statement,
4904 which allows the server to look for online signing
4905 keys in alternate directories.
4907 1180. [func] dnssec-keygen should always generate keys with
4908 protocol 3 (DNSSEC), since it's less confusing
4911 1179. [func] Add SIG(0) support to nsupdate.
4913 1178. [bug] Follow and cache (if appropriate) A6 and other
4914 data chains to completion in the additional section.
4916 1177. [func] Report view when loading zones if it is not a
4917 standard view (_default or _bind). [RT #2270]
4919 1176. [doc] Document that allow-v6-synthesis is only performed
4920 for clients that are supplied recursive service.
4923 1175. [bug] named-checkzone and named-checkconf failed to call
4924 dns_result_register() at startup which could
4925 result in runtime exceptions when printing
4926 "out of memory" errors. [RT #2335]
4928 1174. [bug] Win32: add WSAECONNRESET to the expected errors
4929 from connect(). [RT #2308]
4931 1173. [bug] Potential memory leaks in isc_log_create() and
4932 isc_log_settag(). [RT #2336]
4934 1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
4935 table of RR types in ARM.
4937 1171. [func] Added function isc_region_compare(), updated files in
4938 lib/dns to use this function instead of local one.
4940 1170. [bug] Don't attempt to print the token when a I/O error
4941 occurs when parsing named.conf. [RT #2275]
4943 1169. [func] Identify recursive queries in the query log.
4945 1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
4947 1167. [contrib] nslint-2.1a3 (from author).
4949 1166. [bug] "Not Implemented" should be reported as NOTIMP,
4950 not NOTIMPL. [RT #2281]
4952 1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
4954 1164. [bug] Empty masters clauses in slave / stub zones were not
4955 handled gracefully. [RT #2262]
4957 1163. [func] isc_time_formattimestamp() now includes the year.
4959 1162. [bug] The allow-notify option was not accepted in slave
4962 1161. [bug] named-checkzone looped on unbalanced brackets.
4965 1160. [bug] Generating Diffie-Hellman keys longer than 1024
4966 bits could fail. [RT #2241]
4968 1159. [bug] MD and MF are not permitted to be loaded by RFC1123.
4970 1158. [func] Report the client's address when logging notify
4973 1157. [func] match-clients and match-destinations now accept
4976 1156. [port] The configure test for strsep() incorrectly
4977 succeeded on certain patched versions of
4978 AIX 4.3.3. [RT #2190]
4980 1155. [func] Recover from master files being removed from under
4983 1154. [bug] Don't attempt to obtain the netmask of a interface
4984 if there is no address configured. [RT #2176]
4986 1153. [func] 'rndc {stop|halt} -p' now reports the process id
4987 of the instance of named being shutdown.
4989 1152. [bug] libbind: read buffer overflows.
4991 1151. [bug] nslookup failed to check that the arguments to
4992 the port, timeout, and retry options were
4993 valid integers and in range. [RT #2099]
4995 1150. [bug] named incorrectly accepted TTL values
4996 containing plus or minus signs, such as
4999 1149. [func] New function isc_parse_uint32().
5001 1148. [func] 'rndc-confgen -a' now provides positive feedback.
5003 1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by
5004 the OS. listen-on-v6 { any; }; should no longer
5005 result in IPv4 queries be accepted. Similarly
5006 control { inet :: ... }; should no longer result
5007 in IPv4 connections being accepted. This can be
5008 overridden at compile time by defining
5011 1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
5012 supported by the OS by a new function
5013 isc_socket_ipv6only().
5015 1145. [func] "host" no longer reports a NOERROR/NODATA response
5016 by printing nothing. [RT #2065]
5018 1144. [bug] rndc-confgen would crash if both the -a and -t
5019 options were specified. [RT #2159]
5021 1143. [bug] When a trusted-keys statement was present and named
5022 was built without crypto support, it would leak memory.
5024 1142. [bug] dnssec-signzone would fail to delete temporary files
5025 in some failure cases. [RT #2144]
5027 1141. [bug] When named rejected a control message, it would
5028 leak a file descriptor and memory. It would also
5029 fail to respond, causing rndc to hang.
5032 1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
5033 to the -s option. [RT #2138]
5035 1139. [func] It is now possible to flush a given name from the
5036 cache(s) via 'rndc flushname name [view]'. [RT #2051]
5038 1138. [func] It is now possible to flush a given name from the
5039 cache by calling the new function
5040 dns_cache_flushname().
5042 1137. [func] It is now possible to flush a given name from the
5043 ADB by calling the new function dns_adb_flushname().
5045 1136. [bug] CNAME records synthesized from DNAMEs did not
5046 have a TTL of zero as required by RFC2672.
5049 1135. [func] You can now override the default syslog() facility for
5050 named/lwresd at compile time. [RT #1982]
5052 1134. [bug] Multi-threaded servers could deadlock in ferror()
5053 when reloading zone files. [RT #1951, #1998]
5055 1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on
5056 platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]
5058 1132. [func] Improve UPDATE prerequisite failure diagnostic messages.
5060 1131. [bug] The match-destinations view option did not work with
5061 IPv6 destinations. [RT #2073, #2074]
5063 1130. [bug] Log messages reporting an out-of-range serial number
5064 did not include the out-of-range number but the
5065 following token. [RT #2076]
5067 1129. [bug] Multi-threaded servers could crash under heavy
5068 resolution load due to a race condition. [RT #2018]
5070 1128. [func] sdb drivers can now provide RR data in either text
5071 or wire format, the latter using the new functions
5072 dns_sdb_putrdata() and dns_sdb_putnamedrdata().
5074 1127. [func] rndc: If the server to contact has multiple addresses,
5077 1126. [bug] The server could access a freed event if shut
5078 down while a client start event was pending
5079 delivery. [RT #2061]
5081 1125. [bug] rndc: -k option was missing from usage message.
5084 1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
5085 are now documented. [RT #2052]
5087 1123. [bug] dig +[no]fail did not match description. [RT #2052]
5089 1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
5092 1121. [bug] The server could attempt to access a NULL zone
5093 table if shut down while resolving.
5096 1120. [bug] Errors in options were not fatal. [RT #2002]
5098 1119. [func] Added support in Win32 for NTFS file/directory ACL's
5101 1118. [bug] On multi-threaded servers, a race condition
5102 could cause an assertion failure in resolver.c
5103 during resolver shutdown. [RT #2029]
5105 1117. [port] The configure check for in6addr_loopback incorrectly
5106 succeeded on AIX 4.3 when compiling with -O2
5107 because the test code was optimized away.
5110 1116. [bug] Setting transfers in a server clause, transfers-in,
5111 or transfers-per-ns to a value greater than
5112 2147483647 disabled transfers. [RT #2002]
5114 1115. [func] Set maximum values for cleaning-interval,
5115 heartbeat-interval, interface-interval,
5116 max-transfer-idle-in, max-transfer-idle-out,
5117 max-transfer-time-in, max-transfer-time-out,
5118 statistics-interval of 28 days and
5119 sig-validity-interval of 3660 days. [RT #2002]
5121 1114. [port] Ignore more accept() errors. [RT #2021]
5123 1113. [bug] The allow-update-forwarding option was ignored
5124 when specified in a view. [RT #2014]
5128 1111. [bug] Multi-threaded servers could deadlock processing
5129 recursive queries due to a locking hierarchy
5130 violation in adb.c. [RT #2017]
5132 1110. [bug] dig should only accept valid abbreviations of +options.
5135 1109. [bug] nsupdate accepted illegal ttl values.
5137 1108. [bug] On Win32, rndc was hanging when named was not running
5138 due to failure to select for exceptional conditions
5139 in select(). [RT #1870]
5141 1107. [bug] nsupdate could catch an assertion failure if an
5142 invalid domain name was given as the argument to
5145 1106. [bug] After seeing an out of range TTL, nsupdate would
5146 treat all TTLs as out of range. [RT #2001]
5148 1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
5150 1104. [bug] Invalid arguments to the transfer-format option
5151 could cause an assertion failure. [RT #1995]
5153 1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
5155 1102. [doc] Note that query logging is enabled by directing the
5156 queries category to a channel.
5158 1101. [bug] Array bounds read error in lwres_gai_strerror.
5160 1100. [bug] libbind: DNSSEC key ids were computed incorrectly.
5162 1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
5163 compile time errors.
5165 1098. [bug] libbind: HMAC-MD5 key files are now mode 0600.
5167 1097. [func] libbind: RES_PRF_TRUNC for dig.
5169 1096. [func] libbind: "DNSSEC OK" (DO) support.
5171 1095. [func] libbind: resolver option: no-tld-query. disables
5172 trying unqualified as a tld. no_tld_query is also
5173 supported for FreeBSD compatibility.
5175 1094. [func] libbind: add support gcc's format string checking.
5177 1093. [doc] libbind: miscellaneous nroff fixes.
5179 1092. [bug] libbind: get*by*() failed to check if res_init() had
5182 1091. [bug] libbind: misplaced va_end().
5184 1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
5185 the amount of memory consumed resulting in garbage
5186 address being returned. Alignment calculations were
5187 wasting space. We weren't suppressing duplicate
5190 1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
5193 1088. [port] libbind: MPE/iX C.70 (incomplete)
5195 1087. [bug] libbind: struct __res_state too large on 64 bit arch.
5197 1086. [port] libbind: sunos: old sprintf.
5199 1085. [port] libbind: solaris: sys_nerr and sys_errlist do not
5200 exist when compiling in 64 bit mode.
5202 1084. [cleanup] libbind: gai_strerror() rewritten.
5204 1083. [bug] The default control channel listened on the
5205 wildcard address, not the loopback as documented.
5208 1082. [bug] The -g option to named incorrectly caused logging
5209 to be sent to syslog in addition to stderr.
5212 1081. [bug] Multicast queries were incorrectly identified
5213 based on the source address, not the destination
5216 1080. [bug] BIND 8 compatibility: accept bare IP prefixes
5217 as the second element of a two-element top level
5218 sort list statement. [RT #1964]
5220 1079. [bug] BIND 8 compatibility: accept bare elements at top
5221 level of sort list treating them as if they were
5222 a single element list. [RT #1963]
5224 1078. [bug] We failed to correct bad tv_usec values in one case.
5227 1077. [func] Do not accept further recursive clients when
5228 the total number of recursive lookups being
5229 processed exceeds max-recursive-clients, even
5230 if some of the lookups are internally generated.
5233 1076. [bug] A badly defined global key could trigger an assertion
5234 on load/reload if views were used. [RT #1947]
5236 1075. [bug] Out-of-range network prefix lengths were not
5237 reported. [RT #1954]
5239 1074. [bug] Running out of memory in dump_rdataset() could
5240 cause an assertion failure. [RT #1946]
5242 1073. [bug] The ADB cache cleaning should also be space driven.
5245 1072. [bug] The TCP client quota could be exceeded when
5246 recursion occurred. [RT #1937]
5248 1071. [bug] Sockets listening for TCP DNS connections
5249 specified an excessive listen backlog. [RT #1937]
5251 1070. [bug] Copy DNSSEC OK (DO) to response as specified by
5252 draft-ietf-dnsext-dnssec-okbit-03.txt.
5256 1068. [bug] errno could be overwritten by catgets(). [RT #1921]
5258 1067. [func] Allow quotas to be soft, isc_quota_soft().
5260 1066. [bug] Provide a thread safe wrapper for strerror().
5263 1065. [func] Runtime support to select new / old style interface
5264 scanning using ioctls.
5266 1064. [bug] Do not shut down active network interfaces if we
5267 are unable to scan the interface list. [RT #1921]
5269 1063. [bug] libbind: "make install" was failing on IRIX.
5272 1062. [bug] If the control channel listener socket was shut
5273 down before server exit, the listener object could
5274 be freed twice. [RT #1916]
5276 1061. [bug] If periodic cache cleaning happened to start
5277 while cleaning due to reaching the configured
5278 maximum cache size was in progress, the server
5279 could catch an assertion failure. [RT #1912]
5281 1060. [func] Move refresh, stub and notify UDP retry processing
5284 1059. [func] dns_request now support will now retry UDP queries,
5285 dns_request_createvia2() and dns_request_createraw2().
5287 1058. [func] Limited lifetime ticker timers are now available,
5288 isc_timertype_limited.
5290 1057. [bug] Reloading the server after adding a "file" clause
5291 to a zone statement could cause the server to
5292 crash due to a typo in change 1016.
5294 1056. [bug] Rndc could catch an assertion failure on SIGINT due
5295 to an uninitialized variable. [RT #1908]
5297 1055. [func] Version and hostname queries can now be disabled
5298 using "version none;" and "hostname none;",
5301 1054. [bug] On Win32, cfg_categories and cfg_modules need to be
5302 exported from the libisccfg DLL.
5304 1053. [bug] Dig did not increase its timeout when receiving
5305 AXFRs unless the +time option was used. [RT #1904]
5307 1052. [bug] Journals were not being created in binary mode
5308 resulting in "journal format not recognized" error
5309 under Win32. [RT #1889]
5311 1051. [bug] Do not ignore a network interface completely just
5312 because it has a noncontiguous netmask. Instead,
5313 omit it from the localnets ACL and issue a warning.
5316 1050. [bug] Log messages reporting malformed IP addresses in
5317 address lists such as that of the forwarders option
5318 failed to include the correct error code, file
5319 name, and line number. [RT #1890]
5321 1049. [func] "pid-file none;" will disable writing a pid file.
5324 1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
5327 1047. [bug] named was incorrectly refusing all requests signed
5328 with a TSIG key derived from an unsigned TKEY
5329 negotiation with a NOERROR response. [RT #1886]
5331 1046. [bug] The help message for the --with-openssl configure
5332 option was inaccurate. [RT #1880]
5334 1045. [bug] It was possible to skip saving glue for a nameserver
5337 1044. [bug] Specifying allow-transfer, notify-source, or
5338 notify-source-v6 in a stub zone was not treated
5341 1043. [bug] Specifying a transfer-source or transfer-source-v6
5342 option in the zone statement for a master zone was
5343 not treated as an error. [RT #1876]
5345 1042. [bug] The "config" logging category did not work properly.
5348 1041. [bug] Dig/host/nslookup could catch an assertion failure
5349 on SIGINT due to an uninitialized variable. [RT #1867]
5351 1040. [bug] Multiple listen-on-v6 options with different ports
5352 were not accepted. [RT #1875]
5354 1039. [bug] Negative responses with CNAMEs in the answer section
5355 were cached incorrectly. [RT #1862]
5357 1038. [bug] In servers configured with a tkey-domain option,
5358 TKEY queries with an owner name other than the root
5359 could cause an assertion failure. [RT #1866, #1869]
5361 1037. [bug] Negative responses whose authority section contain
5362 SOA or NS records whose owner names are not equal
5363 equal to or parents of the query name should be
5364 rejected. [RT #1862]
5366 1036. [func] Silently drop requests received via multicast as
5367 long as there is no final multicast DNS standard.
5369 1035. [bug] If we respond to multicast queries (which we
5370 currently do not), respond from a unicast address
5371 as specified in RFC 1123. [RT #137]
5373 1034. [bug] Ignore the RD bit on multicast queries as specified
5374 in RFC 1123. [RT #137]
5376 1033. [bug] Always respond to requests with an unsupported opcode
5377 with NOTIMP, even if we don't have a matching view
5378 or cannot determine the class.
5380 1032. [func] hostname.bind/txt/chaos now returns the name of
5381 the machine hosting the nameserver. This is useful
5382 in diagnosing problems with anycast servers.
5384 1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
5387 1030. [bug] On systems with no resolv.conf file, nsupdate
5388 exited with an error rather than defaulting
5389 to using the loopback address. [RT #1836]
5391 1029. [bug] Some named.conf errors did not cause the loading
5392 of the configuration file to return a failure
5393 status even though they were logged. [RT #1847]
5395 1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf
5396 in the wrong directory. [RT #1833]
5398 1027. [bug] RRs having the reserved type 0 should be rejected.
5403 1025. [bug] Don't use multicast addresses to resolve iterative
5406 1024. [port] Compilation failed on HP-UX 11.11 due to
5407 incompatible use of the SIOCGLIFCONF macro
5410 1023. [func] Accept hints without TTLs.
5412 1022. [bug] Don't report empty root hints as "extra data".
5415 1021. [bug] On Win32, log message timestamps were one month
5416 later than they should have been, and the server
5417 would exhibit unspecified behavior in December.
5419 1020. [bug] IXFR log messages did not distinguish between
5420 true IXFRs, AXFR-style IXFRs, and mere version
5423 1019. [bug] The value of the lame-ttl option was limited to 18000
5424 seconds, not 1800 seconds as documented. [RT #1803]
5426 1018. [bug] The default log channel was not always initialized
5427 correctly. [RT #1813]
5429 1017. [bug] When specifying TSIG keys to dig and nsupdate using
5430 the -k option, they must be HMAC-MD5 keys. [RT #1810]
5432 1016. [bug] Slave zones with no backup file were re-transferred
5433 on every server reload.
5435 1015. [bug] Log channels that had a "versions" option but no
5436 "size" option failed to create numbered log
5439 1014. [bug] Some queries would cause statistics counters to
5440 increment more than once or not at all. [RT #1321]
5442 1013. [bug] It was possible to cancel a query twice when marking
5443 a server as bogus or by having a blackhole acl.
5446 1012. [bug] The -p option to named did not behave as documented.
5448 1011. [cleanup] Removed isc_dir_current().
5450 1010. [bug] The server could attempt to execute a command channel
5451 command after initiating server shutdown, causing
5452 an assertion failure. [RT #1766]
5454 1009. [port] OpenUNIX 8 support. [RT #1728]
5456 1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2.
5458 1007. [port] config.guess, config.sub from autoconf-2.52.
5460 1006. [bug] If a KEY RR was found missing during DNSSEC validation,
5461 an assertion failure could subsequently be triggered
5462 in the resolver. [RT #1763]
5464 1005. [bug] Don't copy nonzero RCODEs from request to response.
5467 1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770]
5469 1003. [func] Add the +retry option to dig.
5471 1002. [bug] When reporting an unknown class name in named.conf,
5472 including the file name and line number. [RT #1759]
5474 1001. [bug] win32 socket code doio_recv was not catching a
5475 WSACONNRESET error when a client was timing out
5476 the request and closing its socket. [RT #1745]
5478 1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias
5479 for class "HS". [RT #1759]
5481 999. [func] "rndc retransfer zone [class [view]]" added.
5484 998. [func] named-checkzone now has arguments to specify the
5485 chroot directory (-t) and working directory (-w).
5488 997. [func] Add support for RSA-SHA1 keys (RFC3110).
5490 996. [func] Issue warning if the configuration filename contains
5493 995. [bug] dig, host, nslookup: using a raw IPv6 address as a
5494 target address should be fatal on a IPv4 only system.
5496 994. [func] Treat non-authoritative responses to queries for type
5497 NS as referrals even if the NS records are in the
5498 answer section, because BIND 8 servers incorrectly
5499 send them that way. This is necessary for DNSSEC
5500 validation of the NS records of a secure zone to
5501 succeed when the parent is a BIND 8 server. [RT #1706]
5503 993. [func] dig: -v now reports the version.
5505 992. [doc] dig: ~/.digrc is now documented.
5507 991. [func] Lower UDP refresh timeout messages to level
5510 990. [bug] The rndc-confgen man page was not installed.
5512 989. [bug] Report filename if $INCLUDE fails for file related
5515 988. [bug] 'additional-from-auth no;' did not work reliably
5516 in the case of queries answered from the cache.
5519 987. [bug] "dig -help" didn't show "+[no]stats".
5521 986. [bug] "dig +noall" failed to clear stats and command
5524 985. [func] Consider network interfaces to be up iff they have
5525 a nonzero IP address rather than based on the
5526 IFF_UP flag. [RT #1160]
5528 984. [bug] Multi-threading should be enabled by default on
5529 Solaris 2.7 and newer, but it wasn't.
5531 983. [func] The server now supports generating IXFR difference
5532 sequences for non-dynamic zones by comparing zone
5533 versions, when enabled using the new config
5534 option "ixfr-from-differences". [RT #1727]
5536 982. [func] If "memstatistics-file" is set in options the memory
5537 statistics will be written to it.
5539 981. [func] The dnssec tools can now take multiple '-r randomfile'
5542 980. [bug] Incoming zone transfers restarting after an error
5543 could trigger an assertion failure. [RT #1692]
5545 979. [func] Incremental master file dumping. dns_master_dumpinc(),
5546 dns_master_dumptostreaminc(), dns_dumpctx_attach(),
5547 dns_dumpctx_detach(), dns_dumpctx_cancel(),
5548 dns_dumpctx_db() and dns_dumpctx_version().
5550 978. [bug] dns_db_attachversion() had an invalid REQUIRE()
5553 977. [bug] Improve "not at top of zone" error message.
5555 976. [func] named-checkconf can now test load master zones
5556 (named-checkconf -z). [RT #1468]
5558 975. [bug] "max-cache-size default;" as a view option
5559 caused an assertion failure.
5561 974. [bug] "max-cache-size unlimited;" as a global option
5564 973. [bug] Failed to log the question name when logging:
5565 "bad zone transfer request: non-authoritative zone
5568 972. [bug] The file modification time code in zone.c was using the
5569 wrong epoch. [RT #1667]
5573 970. [func] 'max-journal-size' can now be used to set a target
5576 969. [func] dig now supports the undocumented dig 8 feature
5577 of allowing arbitrary labels, not just dotted
5578 decimal quads, with the -x option. This can be
5579 used to conveniently look up RFC2317 names as in
5580 "dig -x 10.0.0.0-127". [RT #827, #1576, #1598]
5582 968. [bug] On win32, the isc_time_now() function was unnecessarily
5583 calling strtime(). [RT #1671]
5585 967. [bug] On win32, the link for bindevt was not including the
5586 required resource file to enable the event viewer
5587 to interpret the error messages in the event log,
5592 965. [bug] Including data other than root server NS and A
5593 records in the root hint file could cause a rbtdb
5594 node reference leak. [RT #1581, #1618]
5596 964. [func] Warn if data other than root server NS and A records
5597 are found in the root hint file. [RT #1581, #1618]
5599 963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
5601 962. [bug] libbind: bad "#undef", don't attempt to install
5602 non-existent nlist.h. [RT #1640]
5604 961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
5605 was not defined. [RT #1482]
5607 960. [port] liblwres failed to build on systems with support for
5608 getrrsetbyname() in the OS. [RT #1592]
5610 959. [port] On FreeBSD, determine the number of CPUs by calling
5611 sysctlbyname(). [RT #1584]
5613 958. [port] ssize_t is not available on all platforms. [RT #1607]
5615 957. [bug] sys/select.h inclusion was broken on older platforms.
5618 956. [bug] ns_g_autorndcfile changed to ns_g_keyfile
5619 in named/win32/os.c due to code changes in
5620 change #953. win32 .make file for rndc-confgen
5621 updated to add include path for os.h header.
5623 --- 9.2.0rc1 released ---
5625 955. [bug] When using views, the zone's class was not being
5626 inherited from the view's class. [RT #1583]
5628 954. [bug] When requesting AXFRs or IXFRs using dig, host, or
5629 nslookup, the RD bit should not be set as zone
5630 transfers are inherently non-recursive. [RT #1575]
5632 953. [func] The /var/run/named.key file from change #843
5633 has been replaced by /etc/rndc.key. Both
5634 named and rndc will look for this file and use
5635 it to configure a default control channel key
5636 if not already configured using a different
5637 method (rndc.conf / controls). Unlike
5638 named.key, rndc.key is not created automatically;
5639 it must be created by manually running
5642 952. [bug] The server required manual intervention to serve the
5643 affected zones if it died between creating a journal
5644 and committing the first change to it.
5646 951. [bug] CFLAGS was not passed to the linker when
5647 linking some of the test programs under
5648 bin/tests. [RT #1555].
5650 950. [bug] Explicit TTLs did not properly override $TTL
5651 due to a bug in change 834. [RT #1558]
5653 949. [bug] host was unable to print records larger than 512
5656 --- 9.2.0b2 released ---
5658 948. [port] Integrated support for building on Windows NT /
5661 947. [bug] dns_rdata_soa_t had a badly named element "mname" which
5662 was really the RNAME field from RFC1035. To avoid
5663 confusion and silent errors that would occur it the
5664 "origin" and "mname" elements were given their correct
5665 names "mname" and "rname" respectively, the "mname"
5666 element is renamed to "contact".
5668 946. [cleanup] doc/misc/options is now machine-generated from the
5669 configuration parser syntax tables, and therefore
5670 more likely to be correct.
5672 945. [func] Add the new view-specific options
5673 "match-destinations" and "match-recursive-only".
5675 944. [func] Check for expired signatures on load.
5677 943. [bug] The server could crash when receiving a command
5678 via rndc if the configuration file listed only
5679 nonexistent keys in the controls statement. [RT #1530]
5681 942. [port] libbind: GETNETBYADDR_ADDR_T was not correctly
5682 defined on some platforms.
5684 941. [bug] The configuration checker crashed if a slave
5685 zone didn't contain a masters statement. [RT #1514]
5687 940. [bug] Double zone locking failure on error path. [RT #1510]
5689 --- 9.2.0b1 released ---
5691 939. [port] Add the --disable-linux-caps option to configure for
5692 systems that manage capabilities outside of named.
5697 937. [bug] A race when shutting down a zone could trigger a
5698 INSIST() failure. [RT #1034]
5700 936. [func] Warn about IPv4 addresses that are not complete
5701 dotted quads. [RT #1084]
5703 935. [bug] inet_pton failed to reject leading zeros.
5705 934. [port] Deal with systems where accept() spuriously returns
5708 933. [bug] configure failed doing libbind on platforms not
5709 supported by BIND 8. [RT #1496]
5711 --- 9.2.0a3 released ---
5713 932. [bug] Use INSTALL_SCRIPT, not INSTALL_PROGRAM,
5714 when installing isc-config.sh.
5717 931. [bug] The controls statement only attempted to verify
5718 messages using the first key in the key list.
5721 930. [func] Query performance testing tool added as
5726 928. [bug] nsupdate would send empty update packets if the
5727 send (or empty line) command was run after
5728 another send but before any new updates or
5729 prerequisites were specified. It should simply
5730 ignore this command.
5732 927. [bug] Don't hold the zone lock for the entire dump to disk.
5735 926. [bug] The resolver could deadlock with the ADB when
5736 shutting down (multi-threaded builds only).
5739 925. [cleanup] Remove openssl from the distribution; require that
5740 --with-openssl be specified if DNSSEC is needed.
5742 924. [port] Extend support for pre-RFC2133 IPv6 implementation.
5745 923. [bug] Multiline TSIG secrets (and other multiline strings)
5746 were not accepted in named.conf. [RT #1469]
5748 922. [func] Added two new lwres_getrrsetbyname() result codes,
5749 ERR_NONAME and ERR_NODATA.
5751 921. [bug] lwres returned an incorrect error code if it received
5752 a truncated message.
5754 920. [func] Increase the lwres receive buffer size to 16K.
5759 918. [func] In nsupdate, TSIG errors are no longer treated as
5762 917. [func] New nsupdate command 'key', allowing TSIG keys to
5763 be specified in the nsupdate command stream rather
5764 than the command line.
5766 916. [bug] Specifying type ixfr to dig without specifying
5767 a serial number failed in unexpected ways.
5769 915. [func] The named-checkconf and named-checkzone programs
5770 now have a '-v' option for printing their version.
5773 914. [bug] Global 'server' statements were rejected when
5774 using views, even though they were accepted
5777 913. [bug] Cache cleaning was not sufficiently aggressive.
5780 912. [bug] Attempts to set the 'additional-from-cache' or
5781 'additional-from-auth' option to 'no' in a
5782 server with recursion enabled will now
5783 be ignored and cause a warning message.
5788 910. [port] Some pre-RFC2133 IPv6 implementations do not define
5789 IN6ADDR_ANY_INIT. [RT #1416]
5793 908. [func] New program, rndc-confgen, to simplify setting up rndc.
5795 907. [func] The ability to get entropy from either the
5796 random device, a user-provided file or from
5797 the keyboard was migrated from the DNSSEC tools
5798 to libisc as isc_entropy_usebestsource().
5800 906. [port] Separated the system independent portion of
5801 lib/isc/unix/entropy.c into lib/isc/entropy.c
5802 and added lib/isc/win32/entropy.c.
5804 905. [bug] Configuring a forward "zone" for the root domain
5805 did not work. [RT #1418]
5807 904. [bug] The server would leak memory if attempting to use
5808 an expired TSIG key. [RT #1406]
5810 903. [bug] dig should not crash when receiving a TCP packet
5813 902. [bug] The -d option was ignored if both -t and -g were also
5818 900. [bug] A config.guess update changed the system identification
5819 string of FreeBSD systems; configure and
5820 bin/tests/system/ifconfig.sh now recognize the new
5823 --- 9.2.0a2 released ---
5825 899. [bug] lib/dns/soa.c failed to compile on many platforms
5826 due to inappropriate use of a void value.
5827 [RT #1372, #1373, #1386, #1387, #1395]
5829 898. [bug] "dig" failed to set a nonzero exit status
5830 on UDP query timeout. [RT #1323]
5832 897. [bug] A config.guess update changed the system identification
5833 string of UnixWare systems; configure now recognizes
5836 896. [bug] If a configuration file is set on named's command line
5837 and it has a relative pathname, the current directory
5838 (after any possible jailing resulting from named -t)
5839 will be prepended to it so that reloading works
5840 properly even when a directory option is present.
5842 895. [func] New function, isc_dir_current(), akin to POSIX's
5845 894. [bug] When using the DNSSEC tools, a message intended to warn
5846 when the keyboard was being used because of the lack
5847 of a suitable random device was not being printed.
5849 893. [func] Removed isc_file_test() and added isc_file_exists()
5850 for the basic functionality that was being added
5851 with isc_file_test().
5855 891. [bug] Return an error when a SIG(0) signed response to
5856 an unsigned query is seen. This should actually
5857 do the verification, but it's not currently
5858 possible. [RT #1391]
5860 890. [cleanup] The man pages no longer require the mandoc macros
5861 and should now format cleanly using most versions of
5862 nroff, and HTML versions of the man pages have been
5863 added. Both are generated from DocBook source.
5865 889. [port] Eliminated blank lines before .TH in nroff man
5866 pages since they cause problems with some versions
5867 of nroff. [RT #1390]
5869 888. [bug] Don't die when using TKEY to delete a nonexistent
5870 TSIG key. [RT #1392]
5872 887. [port] Detect broken compilers that can't call static
5873 functions from inline functions. [RT #1212]
5915 866. [func] Close debug only file channels when debug is set to
5918 865. [bug] The new configuration parser did not allow
5919 the optional debug level in a "severity debug"
5920 clause of a logging channel to be omitted.
5921 This is now allowed and treated as "severity
5922 debug 1;" like it does in BIND 8.2.4, not as
5923 "severity debug 0;" like it did in BIND 9.1.
5926 864. [cleanup] Multi-threading is now enabled by default on
5927 OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.
5929 863. [bug] If an error occurred while an outgoing zone transfer
5930 was starting up, the server could access a domain
5931 name that had already been freed when logging a
5932 message saying that the transfer was starting.
5935 862. [bug] Use after realloc(), non portable pointer arithmetic in
5938 861. [port] Add support for Mac OS X, by making it equivalent
5939 to Darwin. This was derived from the config.guess
5940 file shipped with Mac OS X. [RT #1355]
5942 860. [func] Drop cross class glue in zone transfers.
5944 859. [bug] Cache cleaning now won't swamp the CPU if there
5945 is a persistent over limit condition.
5947 858. [func] isc_mem_setwater() no longer requires that when the
5948 callback function is non-NULL then its hi_water
5949 argument must be greater than its lo_water argument
5950 (they can now be equal) or that they be non-zero.
5952 857. [cleanup] Use ISC_MAGIC() to define all magic numbers for
5953 structs, for our friends in EBCDIC-land.
5955 856. [func] Allow partial rdatasets to be returned in answer and
5956 authority sections to help non-TCP capable clients
5957 recover from truncation. [RT #1301]
5959 855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings.
5961 854. [bug] The config parser didn't properly handle config
5962 options that were specified in units of time other
5963 than seconds. [RT #1372]
5965 853. [bug] configure_view_acl() failed to detach existing acls.
5968 852. [bug] Handle responses from servers which do not know
5971 851. [cleanup] The obsolete support-ixfr option was not properly
5974 --- 9.2.0a1 released ---
5976 850. [bug] dns_rbt_findnode() would not find nodes that were
5977 split on a bitstring label somewhere other than in
5978 the last label of the node. [RT #1351]
5980 849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
5982 848. [func] A minimum max-cache-size of two megabytes is enforced
5983 by the cache cleaner.
5985 847. [func] Added isc_file_test(), which currently only has
5986 some very basic functionality to test for the
5987 existence of a file, whether a pathname is absolute,
5988 or whether a pathname is the fundamental representation
5989 of the current directory. It is intended that this
5990 function can be expanded to test other things a
5991 programmer might want to know about a file.
5993 846. [func] A non-zero 'param' to dst_key_generate() when making an
5994 hmac-md5 key means that good entropy is not required.
5996 845. [bug] The access rights on the public file of a symmetric
5997 key are now restricted as soon as the file is opened,
5998 rather than after it has been written and closed.
6000 844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
6001 just as <lwres/net.h> does.
6003 843. [func] If no controls statement is present in named.conf,
6004 or if any inet phrase of a controls statement is
6005 lacking a keys clause, then a key will be automatically
6006 generated by named and an rndc.conf-style file
6007 named named.key will be written that uses it. rndc
6008 will use this file only if its normal configuration
6009 file, or one provided on the command line, does not
6012 842. [func] 'rndc flush' now takes an optional view.
6014 841. [bug] When sdb modules were not declared threadsafe, their
6015 create and destroy functions were not serialized.
6017 840. [bug] The config file parser could print the wrong file
6018 name if an error was detected after an included file
6019 was parsed. [RT #1353]
6021 839. [func] Dump packets for which there was no view or that the
6022 class could not be determined to category "unmatched".
6024 838. [port] UnixWare 7.x.x is now suported by
6025 bin/tests/system/ifconfig.sh.
6027 837. [cleanup] Multi-threading is now enabled by default only on
6028 OSF1, Solaris 2.7 and newer, and AIX.
6030 836. [func] Upgraded libtool to 1.4.
6032 835. [bug] The dispatcher could enter a busy loop if
6033 it got an I/O error receiving on a UDP socket.
6036 834. [func] Accept (but warn about) master files beginning with
6037 an SOA record without an explicit TTL field and
6038 lacking a $TTL directive, by using the SOA MINTTL
6039 as a default TTL. This is for backwards compatibility
6040 with old versions of BIND 8, which accepted such
6041 files without warning although they are illegal
6042 according to RFC1035.
6044 833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
6045 <dns/soa.h>, and extended them to support
6046 all the integer-valued fields of the SOA RR.
6048 832. [bug] The default location for named.conf in named-checkconf
6049 should depend on --sysconfdir like it does in named.
6054 830. [func] Implement 'rndc status'.
6056 829. [bug] The DNS_R_ZONECUT result code should only be returned
6057 when an ANY query is made with DNS_DBFIND_GLUEOK set.
6058 In all other ANY query cases, returning the delegation
6061 828. [bug] The errno value from recvfrom() could be overwritten
6062 by logging code. [RT #1293]
6064 827. [bug] When an IXFR protocol error occurs, the slave
6065 should retry with AXFR.
6067 826. [bug] Some IXFR protocol errors were not detected.
6069 825. [bug] zone.c:ns_query() detached from the wrong zone
6070 reference. [RT #1264]
6072 824. [bug] Correct line numbers reported by dns_master_load().
6075 823. [func] The output of "dig -h" now goes to stdout so that it
6076 can easily be piped through "more". [RT #1254]
6078 822. [bug] Sending nxrrset prerequisites would crash nsupdate.
6081 821. [bug] The program name used when logging to syslog should
6082 be stripped of leading path components.
6085 820. [bug] Name server address lookups failed to follow
6086 A6 chains into the glue of local authoritative
6089 819. [bug] In certain cases, the resolver's attempts to
6090 restart an address lookup at the root could cause
6091 the fetch to deadlock (with itself) instead of
6092 restarting. [RT #1225]
6094 818. [bug] Certain pathological responses to ANY queries could
6095 cause an assertion failure. [RT #1218]
6097 817. [func] Adjust timeouts for dialup zone queries.
6099 816. [bug] Report potential problems with log file accessibility
6100 at configuration time, since such problems can't
6101 reliably be reported at the time they actually occur.
6103 815. [bug] If a log file was specified with a path separator
6104 character (i.e. "/") in its name and the directory
6105 did not exist, the log file's name was treated as
6106 though it were the directory name. [RT #1189]
6108 814. [bug] Socket objects left over from accept() failures
6109 were incorrectly destroyed, causing corruption
6110 of socket manager data structures.
6112 813. [bug] File descriptors exceeding FD_SETSIZE were handled
6115 812. [bug] dig sometimes printed incomplete IXFR responses
6116 due to an uninitialized variable. [RT #1188]
6118 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
6120 810. [bug] The signer name in SIG records was not properly
6121 down-cased when signing/verifying records. [RT #1186]
6123 809. [bug] Configuring a non-local address as a transfer-source
6124 could cause an assertion failure during load.
6126 808. [func] Add 'rndc flush' to flush the server's cache.
6128 807. [bug] When setting up TCP connections for incoming zone
6129 transfers, the transfer-source port was not
6130 ignored like it should be.
6132 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
6133 the calling stack to the zone maintenance level,
6134 causing zones to not reload when an included file was
6135 touched but the top-level zone file was not.
6137 805. [bug] When using "forward only", missing root hints should
6138 not cause queries to fail. [RT #1143]
6140 804. [bug] Attempting to obtain entropy could fail in some
6141 situations. This would be most common on systems
6142 with user-space threads. [RT #1131]
6144 803. [bug] Treat all SIG queries as if they have the CD bit set,
6145 otherwise no data will be returned [RT #749]
6147 802. [bug] DNSSEC key tags were computed incorrectly in almost
6148 all cases. [RT #1146]
6150 801. [bug] nsupdate should treat lines beginning with ';' as
6151 comments. [RT #1139]
6153 800. [bug] dnssec-signzone produced incorrect statistics for
6154 large zones. [RT #1133]
6156 799. [bug] The ADB didn't find AAAA glue in a zone unless A6
6157 glue was also present.
6159 798. [bug] nsupdate should be able to reject bad input lines
6160 and continue. [RT #1130]
6162 797. [func] Issue a warning if the 'directory' option contains
6163 a relative path. [RT #269]
6165 796. [func] When a size limit is associated with a log file,
6166 only roll it when the size is reached, not every
6167 time the log file is opened. [RT #1096]
6169 795. [func] Add the +multiline option to dig. [RT #1095]
6171 794. [func] Implement the "port" and "default-port" statements
6174 793. [cleanup] The DNSSEC tools could create filenames that were
6175 illegal or contained shell meta-characters. They
6176 now use a different text encoding of names that
6177 doesn't have these problems. [RT #1101]
6179 792. [cleanup] Replace the OMAPI command channel protocol with a
6182 791. [bug] The command channel now works over IPv6.
6184 790. [bug] Wildcards created using dynamic update or IXFR
6185 could fail to match. [RT #1111]
6187 789. [bug] The "localhost" and "localnets" ACLs did not match
6188 when used as the second element of a two-element
6191 788. [func] Add the "match-mapped-addresses" option, which
6192 causes IPv6 v4mapped addresses to be treated as
6193 IPv4 addresses for the purpose of acl matching.
6195 787. [bug] The DNSSEC tools failed to downcase domain
6196 names when mapping them into file names.
6198 786. [bug] When DNSSEC signing/verifying data, owner names were
6199 not properly down-cased.
6201 785. [bug] A race condition in the resolver could cause
6202 an assertion failure. [RT #673, #872, #1048]
6204 784. [bug] nsupdate and other programs would not quit properly
6205 if some signals were blocked by the caller. [RT #1081]
6207 783. [bug] Following CNAMEs could cause an assertion failure
6208 when either using an sdb database or under very
6211 782. [func] Implement the "serial-query-rate" option.
6213 781. [func] Avoid error packet loops by dropping duplicate FORMERR
6214 responses. [RT #1006]
6216 780. [bug] Error handling code dealing with out of memory or
6217 other rare errors could lead to assertion failures
6218 by calling functions on uninitialized names. [RT #1065]
6220 779. [func] Added the "minimal-responses" option.
6222 778. [bug] When starting cache cleaning, cleaning_timer_action()
6223 returned without first pausing the iterator, which
6224 could cause deadlock. [RT #998]
6226 777. [bug] An empty forwarders list in a zone failed to override
6227 global forwarders. [RT #995]
6229 776. [func] Improved error reporting in denied messages. [RT #252]
6233 774. [func] max-cache-size is implemented.
6235 773. [func] Added isc_rwlock_trylock() to attempt to lock without
6238 772. [bug] Owner names could be incorrectly omitted from cache
6239 dumps in the presence of negative caching entries.
6242 771. [cleanup] TSIG errors related to unsynchronized clocks
6243 are logged better. [RT #919]
6245 770. [func] Add the "edns yes_or_no" statement to the server
6248 769. [func] Improved error reporting when parsing rdata. [RT #740]
6250 768. [bug] The server did not emit an SOA when a CNAME
6251 or DNAME chain ended in NXDOMAIN in an
6256 766. [bug] A few cases in query_find() could leak fname.
6257 This would trigger the mpctx->allocated == 0
6258 assertion when the server exited.
6259 [RT #739, #776, #798, #812, #818, #821, #845,
6262 765. [func] ACL names are once again case insensitive, like
6263 in BIND 8. [RT #252]
6265 764. [func] Configuration files now allow "include" directives
6266 in more places, such as inside the "view" statement.
6267 [RT #377, #728, #860]
6269 763. [func] Configuration files no longer have reserved words.
6272 762. [cleanup] The named.conf and rndc.conf file parsers have
6273 been completely rewritten.
6275 761. [bug] _REENTRANT was still defined when building with
6278 760. [contrib] Significant enhancements to the pgsql sdb driver.
6280 759. [bug] The resolver didn't turn off "avoid fetches" mode
6281 when restarting, possibly causing resolution
6282 to fail when it should not. This bug only affected
6283 platforms which support both IPv4 and IPv6. [RT #927]
6285 758. [bug] The "avoid fetches" code did not treat negative
6286 cache entries correctly, causing fetches that would
6287 be useful to be avoided. This bug only affected
6288 platforms which support both IPv4 and IPv6. [RT #927]
6290 757. [func] Log zone transfers.
6292 756. [bug] dns_zone_load() could "return" success when no master
6293 file was configured.
6295 755. [bug] Fix incorrectly formatted log messages in zone.c.
6297 754. [bug] Certain failure conditions sending UDP packets
6298 could cause the server to retry the transmission
6299 indefinitely. [RT #902]
6301 753. [bug] dig, host, and nslookup would fail to contact a
6302 remote server if getaddrinfo() returned an IPv6
6303 address on a system that doesn't support IPv6.
6306 752. [func] Correct bad tv_usec elements returned by
6309 751. [func] Log successful zone loads / transfers. [RT #898]
6311 750. [bug] A query should not match a DNAME whose trust level
6312 is pending. [RT #916]
6314 749. [bug] When a query matched a DNAME in a secure zone, the
6315 server did not return the signature of the DNAME.
6318 748. [doc] List supported RFCs in doc/misc/rfc-compliance.
6321 747. [bug] The code to determine whether an IXFR was possible
6322 did not properly check for a database that could
6323 not have a journal. [RT #865, #908]
6325 746. [bug] The sdb didn't clone rdatasets properly, causing
6326 a crash when the server followed delegations. [RT #905]
6328 745. [func] Report the owner name of records that fail
6329 semantic checks while loading.
6331 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the
6332 result of an ANY or SIG query, the resolver failed
6333 to setup the return event's rdatasets, causing an
6334 assertion failure in the query code. [RT #881]
6336 743. [bug] Receiving a large number of certain malformed
6337 answers could cause named to stop responding.
6342 741. [port] Support openssl-engine. [RT #709]
6344 740. [port] Handle openssl library mismatches slightly better.
6346 739. [port] Look for /dev/random in configure, rather than
6347 assuming it will be there for only a predefined
6350 738. [bug] If a non-threadsafe sdb driver supported AXFR and
6351 received an AXFR request, it would deadlock or die
6352 with an assertion failure. [RT #852]
6354 737. [port] stdtime.c failed to compile on certain platforms.
6356 736. [func] New functions isc_task_{begin,end}exclusive().
6358 735. [doc] Add BIND 4 migration notes.
6360 734. [bug] An attempt to re-lock the zone lock could occur if
6361 the server was shutdown during a zone transfer.
6364 733. [bug] Reference counts of dns_acl_t objects need to be
6365 locked but were not. [RT #801, #821]
6367 732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828]
6369 731. [bug] Certain zone errors could cause named-checkzone to
6370 fail ungracefully. [RT #819]
6372 730. [bug] lwres_getaddrinfo() returns the correct result when
6373 it fails to contact a server. [RT #768]
6375 729. [port] pthread_setconcurrency() needs to be called on Solaris.
6377 728. [bug] Fix comment processing on master file directives.
6380 727. [port] Work around OS bug where accept() succeeds but
6381 fails to fill in the peer address of the accepted
6382 connection, by treating it as an error rather than
6383 an assertion failure. [RT #809]
6385 726. [func] Implement the "trace" and "notrace" commands in rndc.
6387 725. [bug] Installing man pages could fail.
6389 724. [func] New libisc functions isc_netaddr_any(),
6392 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
6393 to return DNS_R_SERVFAIL. [RT #783]
6395 722. [func] Allow incremental loads to be canceled.
6397 721. [cleanup] Load manager and dns_master_loadfilequota() are no
6400 720. [bug] Server could enter infinite loop in
6401 dispatch.c:do_cancel(). [RT #733]
6403 719. [bug] Rapid reloads could trigger an assertion failure.
6406 718. [cleanup] "internal" is no longer a reserved word in named.conf.
6409 717. [bug] Certain TKEY processing failure modes could
6410 reference an uninitialized variable, causing the
6411 server to crash. [RT #750]
6413 716. [bug] The first line of a $INCLUDE master file was lost if
6414 an origin was specified. [RT #744]
6416 715. [bug] Resolving some A6 chains could cause an assertion
6417 failure in adb.c. [RT #738]
6419 714. [bug] Preserve interval timers across reloads unless changed.
6422 713. [func] named-checkconf takes '-t directory' similar to named.
6425 712. [bug] Sending a large signed update message caused an
6426 assertion failure. [RT #718]
6428 711. [bug] The libisc and liblwres implementations of
6429 inet_ntop contained an off by one error.
6431 710. [func] The forwarders statement now takes an optional
6434 709. [bug] ANY or SIG queries for data with a TTL of 0
6435 would return SERVFAIL. [RT #620]
6437 708. [bug] When building with --with-openssl, the openssl headers
6438 included with BIND 9 should not be used. [RT #702]
6440 707. [func] The "filename" argument to named-checkzone is no
6441 longer optional, to reduce confusion. [RT #612]
6443 706. [bug] Zones with an explicit "allow-update { none; };"
6444 were considered dynamic and therefore not reloaded
6445 on SIGHUP or "rndc reload".
6447 705. [port] Work out resource limit type for use where rlim_t is
6448 not available. [RT #695]
6450 704. [port] RLIMIT_NOFILE is not available on all platforms.
6453 703. [port] sys/select.h is needed on older platforms. [RT #695]
6455 702. [func] If the address 0.0.0.0 is seen in resolv.conf,
6456 use 127.0.0.1 instead. [RT #693]
6458 701. [func] Root hints are now fully optional. Class IN
6459 views use compiled-in hints by default, as
6460 before. Non-IN views with no root hints now
6461 provide authoritative service but not recursion.
6462 A warning is logged if a view has neither root
6463 hints nor authoritative data for the root. [RT #696]
6465 700. [bug] $GENERATE range check was wrong. [RT #688]
6467 699. [bug] The lexer mishandled empty quoted strings. [RT #694]
6469 698. [bug] Aborting nsupdate with ^C would lead to several
6472 697. [bug] nsupdate was not compatible with the undocumented
6473 BIND 8 behavior of ignoring TTLs in "update delete"
6476 696. [bug] lwresd would die with an assertion failure when passed
6477 a zero-length name. [RT #692]
6479 695. [bug] If the resolver attempted to query a blackholed or
6480 bogus server, the resolution would fail immediately.
6482 694. [bug] $GENERATE did not produce the last entry.
6485 693. [bug] An empty lwres statement in named.conf caused
6486 the server to crash while loading.
6488 692. [bug] Deal with systems that have getaddrinfo() but not
6489 gai_strerror(). [RT #679]
6491 691. [bug] Configuring per-view forwarders caused an assertion
6492 failure. [RT #675, #734]
6494 690. [func] $GENERATE now supports DNAME. [RT #654]
6496 689. [doc] man pages are now installed. [RT #210]
6498 688. [func] "make tags" now works on systems with the
6499 "Exuberant Ctags" etags.
6501 687. [bug] Only say we have IPv6, with sufficient functionality,
6502 if it has actually been tested. [RT #586]
6504 686. [bug] dig and nslookup can now be properly aborted during
6505 blocking operations. [RT #568]
6507 685. [bug] nslookup should use the search list/domain options
6508 from resolv.conf by default. [RT #405, #630]
6510 684. [bug] Memory leak with view forwarders. [RT #656]
6512 683. [bug] File descriptor leak in isc_lex_openfile().
6514 682. [bug] nslookup displayed SOA records incorrectly. [RT #665]
6516 681. [bug] $GENERATE specifying output format was broken. [RT #653]
6518 680. [bug] dns_rdata_fromstruct() mishandled options bigger
6521 679. [bug] $INCLUDE could leak memory and file descriptors on
6524 678. [bug] "transfer-format one-answer;" could trigger an assertion
6527 677. [bug] dnssec-signzone would occasionally use the wrong ttl
6528 for database operations and fail. [RT #643]
6530 676. [bug] Log messages about lame servers to category
6531 'lame-servers' rather than 'resolver', so as not
6532 to be gratuitously incompatible with BIND 8.
6534 675. [bug] TKEY queries could cause the server to leak
6537 674. [func] Allow messages to be TSIG signed / verified using
6538 a offset from the current time.
6540 673. [func] The server can now convert RFC1886-style recursive
6541 lookup requests into RFC2874-style lookups, when
6542 enabled using the new option "allow-v6-synthesis".
6544 672. [bug] The wrong time was in the "time signed" field when
6545 replying with BADTIME error.
6547 671. [bug] The message code was failing to parse a message with
6548 no question section and a TSIG record. [RT #628]
6550 670. [bug] The lwres replacements for getaddrinfo and
6551 getipnodebyname didn't properly check for the
6552 existence of the sockaddr sa_len field.
6554 669. [bug] dnssec-keygen now makes the public key file
6555 non-world-readable for symmetric keys. [RT #403]
6557 668. [func] named-checkzone now reports multiple errors in master
6560 667. [bug] On Linux, running named with the -u option and a
6561 non-world-readable configuration file didn't work.
6564 666. [bug] If a request sent by dig is longer than 512 bytes,
6567 665. [bug] Signed responses were not sent when the size of the
6568 TSIG + question exceeded the maximum message size.
6571 664. [bug] The t_tasks and t_timers module tests are now skipped
6572 when building without threads, since they require
6575 663. [func] Accept a size_spec, not just an integer, in the
6576 (unimplemented and ignored) max-ixfr-log-size option
6577 for compatibility with recent versions of BIND 8.
6580 662. [bug] dns_rdata_fromtext() failed to log certain errors.
6582 661. [bug] Certain UDP IXFR requests caused an assertion failure
6583 (mpctx->allocated == 0). [RT #355, #394, #623]
6585 660. [port] Detect multiple CPUs on HP-UX and IRIX.
6587 659. [performance] Rewrite the name compression code to be much faster.
6589 658. [cleanup] Remove all vestiges of 16 bit global compression.
6591 657. [bug] When a listen-on statement in an lwres block does not
6592 specify a port, use 921, not 53. Also update the
6593 listen-on documentation. [RT #616]
6595 656. [func] Treat an unescaped newline in a quoted string as
6596 an error. This means that TXT records with missing
6597 close quotes should have meaningful errors printed.
6599 655. [bug] Improve error reporting on unexpected eof when loading
6602 654. [bug] Origin was being forgotten in TCP retries in dig.
6605 653. [bug] +defname option in dig was reversed in sense.
6608 652. [bug] zone_saveunique() did not report the new name.
6610 651. [func] The AD bit in responses now has the meaning
6611 specified in <draft-ietf-dnsext-ad-is-secure>.
6613 650. [bug] SIG(0) records were being generated and verified
6614 incorrectly. [RT #606]
6616 649. [bug] It was possible to join to an already running fctx
6617 after it had "cloned" its events, but before it sent
6618 them. In this case, the event of the newly joined
6619 fetch would not contain the answer, and would
6620 trigger the INSIST() in fctx_sendevents(). In
6621 BIND 9.0, this bug did not trigger an INSIST(), but
6622 caused the fetch to fail with a SERVFAIL result.
6623 [RT #588, #597, #605, #607]
6625 648. [port] Add support for pre-RFC2133 IPv6 implementations.
6627 647. [bug] Resolver queries sent after following multiple
6628 referrals had excessively long retransmission
6629 timeouts due to incorrectly counting the referrals
6632 646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
6633 didn't _cleanly_ fix the problem it was trying to fix.
6635 645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
6637 644. [bug] #622 needed more work. [RT #562]
6639 643. [bug] xfrin error messages made more verbose, added class
6640 of the zone. [RT# 599]
6642 642. [bug] Break the exit_check() race in the zone module.
6645 --- 9.1.0b2 released ---
6647 641. [bug] $GENERATE caused a uninitialized link to be used.
6650 640. [bug] Memory leak in error path could cause
6651 "mpctx->allocated == 0" failure. [RT #584]
6653 639. [bug] Reading entropy from the keyboard would sometimes fail.
6656 638. [port] lib/isc/random.c needed to explicitly include time.h
6657 to get a prototype for time() when pthreads was not
6658 being used. [RT #592]
6660 637. [port] Use isc_u?int64_t instead of (unsigned) long long in
6661 lib/isc/print.c. Also allow lib/isc/print.c to
6662 be compiled even if the platform does not need it.
6665 636. [port] Shut up MSVC++ about a possible loss of precision
6666 in the ISC__BUFFER_PUTUINT*() macros. [RT #592]
6668 635. [bug] Reloading a server with a configured blackhole list
6669 would cause an assertion. [RT #590]
6671 634. [bug] A log file will completely stop being written when
6672 it reaches the maximum size in all cases, not just
6673 when versioning is also enabled. [RT #570]
6675 633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
6677 632. [bug] The index array of the journal file was
6678 corrupted as it was written to disk.
6680 631. [port] Build without thread support on systems without
6683 630. [bug] Locking failure in zone code. [RT #582]
6685 629. [bug] 9.1.0b1 dereferenced a null pointer and crashed
6686 when responding to a UDP IXFR request.
6688 628. [bug] If the root hints contained only AAAA addresses,
6689 named would be unable to perform resolution.
6691 627. [bug] The EDNS0 blackhole detection code of change 324
6692 waited for three retransmissions to each server,
6693 which takes much too long when a domain has many
6694 name servers and all of them drop EDNS0 queries.
6695 Now we retry without EDNS0 after three consecutive
6696 timeouts, even if they are all from different
6699 626. [bug] The lightweight resolver daemon no longer crashes
6700 when asked for a SIG rrset. [RT #558]
6702 625. [func] Zones now inherit their class from the enclosing view.
6704 624. [bug] The zone object could get timer events after it had
6705 been destroyed, causing a server crash. [RT #571]
6707 623. [func] Added "named-checkconf" and "named-checkzone" program
6708 for syntax checking named.conf files and zone files,
6711 622. [bug] A canceled request could be destroyed before
6712 dns_request_destroy() was called. [RT #562]
6714 621. [port] Disable IPv6 at runtime if IPv6 sockets are unusable.
6715 This mostly affects Red Hat Linux 7.0, which has
6716 conflicts between libc and the kernel.
6718 620. [bug] dns_master_load*inc() now require 'task' and 'load'
6719 to be non-null. Also 'done' will not be called if
6720 dns_master_load*inc() fails immediately. [RT #565]
6724 618. [bug] Queries to a signed zone could sometimes cause
6725 an assertion failure.
6727 617. [bug] When using dynamic update to add a new RR to an
6728 existing RRset with a different TTL, the journal
6729 entries generated from the update did not include
6730 explicit deletions and re-additions of the existing
6731 RRs to update their TTL to the new value.
6733 616. [func] dnssec-signzone -t output now includes performance
6736 615. [bug] dnssec-signzone did not like child keysets signed
6739 614. [bug] Checks for uninitialized link fields were prone
6740 to false positives, causing assertion failures.
6741 The checks are now disabled by default and may
6742 be re-enabled by defining ISC_LIST_CHECKINIT.
6744 613. [bug] "rndc reload zone" now reloads primary zones.
6745 It previously only updated slave and stub zones,
6746 if an SOA query indicated an out of date serial.
6748 612. [cleanup] Shutup a ridiculously noisy HP-UX compiler that
6749 complains relentlessly about how its treatment
6750 of 'const' has changed as well as how casting
6751 sometimes tightens alignment constraints.
6753 611. [func] allow-notify can be used to permit processing of
6754 notify messages from hosts other than a slave's
6757 610. [func] rndc dumpdb is now supported.
6759 609. [bug] getrrsetbyname() would crash lwresd if the server
6760 found more SIGs than answers. [RT #554]
6762 608. [func] dnssec-signzone now adds a comment to the zone
6763 with the time the file was signed.
6765 607. [bug] nsupdate would fail if it encountered a CNAME or
6766 DNAME in a response to an SOA query. [RT #515]
6768 606. [bug] Compiling with --disable-threads failed due
6769 to isc_thread_self() being incorrectly defined
6770 as an integer rather than a function.
6772 605. [func] New function isc_lex_getlasttokentext().
6774 604. [bug] The named.conf parser could print incorrect line
6775 numbers when long comments were present.
6777 603. [bug] Make dig handle multiple types or classes on the same
6778 query more correctly.
6780 602. [func] Cope automatically with UnixWare's broken
6781 IN6_IS_ADDR_* macros. [RT #539]
6783 601. [func] Return a non-zero exit code if an update fails
6786 600. [bug] Reverse lookups sometimes failed in dig, etc...
6788 599. [func] Added four new functions to the libisc log API to
6789 support i18n messages. isc_log_iwrite(),
6790 isc_log_ivwrite(), isc_log_iwrite1() and
6791 isc_log_ivwrite1() were added.
6793 598. [bug] An update-policy statement would cause the server
6794 to assert while loading. [RT #536]
6796 597. [func] dnssec-signzone is now multi-threaded.
6798 596. [bug] DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
6799 not mutually exclusive.
6801 595. [port] On Linux 2.2, socket() returns EINVAL when it
6802 should return EAFNOSUPPORT. Work around this.
6805 594. [func] sdb drivers are now assumed to not be thread-safe
6806 unless the DNS_SDBFLAG_THREADSAFE flag is supplied.
6808 593. [bug] If a secure zone was missing all its NXTs and
6809 a dynamic update was attempted, the server entered
6812 592. [bug] The sig-validity-interval option now specifies a
6813 number of days, not seconds. This matches the
6814 documentation. [RT #529]
6816 --- 9.1.0b1 released ---
6818 591. [bug] Work around non-reentrancy in openssl by disabling
6819 pre-computation in keys.
6821 590. [doc] There are now man pages for the lwres library in
6824 589. [bug] The server could deadlock if a zone was updated
6825 while being transferred out.
6827 588. [bug] ctx->in_use was not being correctly initialized when
6828 when pushing a file for $INCLUDE. [RT #523]
6830 587. [func] A warning is now printed if the "allow-update"
6831 option allows updates based on the source IP
6832 address, to alert users to the fact that this
6833 is insecure and becoming increasingly so as
6834 servers capable of update forwarding are being
6837 586. [bug] multiple views with the same name were fatal. [RT #516]
6839 585. [func] dns_db_addrdataset() and and dns_rdataslab_merge()
6840 now support 'exact' additions in a similar manner to
6841 dns_db_subtractrdataset() and dns_rdataslab_subtract().
6843 584. [func] You can now say 'notify explicit'; to suppress
6844 notification of the servers listed in NS records
6845 and notify only those servers listed in the
6846 'also-notify' option.
6848 583. [func] "rndc querylog" will now toggle logging of
6849 queries, like "ndc querylog" in BIND 8.
6851 582. [bug] dns_zone_idetach() failed to lock the zone.
6854 581. [bug] log severity was not being correctly processed.
6857 580. [func] Ignore trailing garbage on incoming DNS packets,
6858 for interoperability with broken server
6859 implementations. [RT #491]
6861 579. [bug] nsupdate did not take a filename to read update from.
6864 578. [func] New config option "notify-source", to specify the
6865 source address for notify messages.
6867 577. [func] Log illegal RDATA combinations. e.g. multiple
6868 singleton types, cname and other data.
6870 576. [doc] isc_log_create() description did not match reality.
6872 575. [bug] isc_log_create() was not setting internal state
6873 correctly to reflect the default channels created.
6875 574. [bug] TSIG signed queries sent by the resolver would fail to
6876 have their responses validated and would leak memory.
6878 573. [bug] The journal files of IXFRed slave zones were
6879 inadvertently discarded on server reload, causing
6880 "journal out of sync with zone" errors on subsequent
6883 572. [bug] Quoted strings were not accepted as key names in
6884 address match lists.
6886 571. [bug] It was possible to create an rdataset of singleton
6887 type which had more than one rdata. [RT #154]
6890 570. [bug] rbtdb.c allowed zones containing nodes which had
6891 both a CNAME and "other data". [RT #154]
6893 569. [func] The DNSSEC AD bit will not be set on queries which
6894 have not requested a DNSSEC response.
6896 568. [func] Add sample simple database drivers in contrib/sdb.
6898 567. [bug] Setting the zone transfer timeout to zero caused an
6899 assertion failure. [RT #302]
6901 566. [func] New public function dns_timer_setidle().
6903 565. [func] Log queries more like BIND 8: query logging is now
6904 done to category "queries", level "info". [RT #169]
6906 564. [func] Add sortlist support to lwresd.
6908 563. [func] New public functions dns_rdatatype_format() and
6909 dns_rdataclass_format(), for convenient formatting
6910 of rdata type/class mnemonics in log messages.
6912 562. [cleanup] Moved lib/dns/*conf.c to bin/named where they belong.
6914 561. [func] The 'datasize', 'stacksize', 'coresize' and 'files'
6915 clauses of the options{} statement are now implemented.
6917 560. [bug] dns_name_split did not properly the resulting prefix
6918 when a maximal length bitstring label was split which
6919 was preceded by another bitstring label. [RT #429]
6921 559. [bug] dns_name_split did not properly create the suffix
6922 when splitting within a maximal length bitstring label.
6924 558. [func] New functions, isc_resource_getlimit and
6925 isc_resource_setlimit.
6927 557. [func] Symbolic constants for libisc integral types.
6929 556. [func] The DNSSEC OK bit in the EDNS extended flags
6930 is now implemented. Responses to queries without
6931 this bit set will not contain any DNSSEC records.
6933 555. [bug] A slave server attempting a zone transfer could
6934 crash with an assertion failure on certain
6935 malformed responses from the master. [RT #457]
6937 554. [bug] In some cases, not all of the dnssec tools were
6940 553. [bug] Incoming zone transfers deferred due to quota
6941 were not started when quota was increased but
6942 only when a transfer in progress finished. [RT #456]
6944 552. [bug] We were not correctly detecting the end of all c-style
6947 551. [func] Implemented the 'sortlist' option.
6949 550. [func] Support unknown rdata types and classes.
6951 549. [bug] "make" did not immediately abort the build when a
6952 subdirectory make failed [RT #450].
6954 548. [func] The lexer now ungets tokens more correctly.
6958 546. [func] Option 'lame-ttl' is now implemented.
6960 545. [func] Name limit and counting options removed from dig;
6961 they didn't work properly, and cannot be correctly
6962 implemented without significant changes.
6964 544. [func] Add statistics option, enable statistics-file option,
6965 add RNDC option "dump-statistics" to write out a
6966 query statistics file.
6968 543. [doc] The 'port' option is now documented.
6970 542. [func] Add support for update forwarding as required for
6971 full compliance with RFC2136. It is turned off
6972 by default and can be enabled using the
6973 'allow-update-forwarding' option.
6975 541. [func] Add bogus server support.
6977 540. [func] Add dialup support.
6979 539. [func] Support the blackhole option.
6981 538. [bug] fix buffer overruns by 1 in lwres_getnameinfo().
6985 536. [func] Use transfer-source{-v6} when sending refresh queries.
6986 Transfer-source{-v6} now take a optional port
6987 parameter for setting the UDP source port. The port
6988 parameter is ignored for TCP.
6990 535. [func] Use transfer-source{-v6} when forwarding update
6993 534. [func] Ancestors have been removed from RBT chains. Ancestor
6994 information can be discerned via node parent pointers.
6996 533. [func] Incorporated name hashing into the RBT database to
6997 improve search speed.
6999 532. [func] Implement DNS UPDATE pseudo records using
7000 DNS_RDATA_UPDATE flag.
7002 531. [func] Rdata really should be initialized before being assigned
7003 to (dns_rdata_fromwire(), dns_rdata_fromtext(),
7004 dns_rdata_clone(), dns_rdata_fromregion()),
7007 530. [func] New function dns_rdata_invalidate().
7009 529. [bug] 521 contained a bug which caused zones to always
7012 528. [func] The ISC_LIST_XXXX macros now perform sanity checks
7013 on their arguments. ISC_LIST_XXXXUNSAFE can be use
7014 to skip the checks however use with caution.
7016 527. [func] New function dns_rdata_clone().
7018 526. [bug] nsupdate incorrectly refused to add RRs with a TTL
7021 525. [func] New arguments 'options' for dns_db_subtractrdataset(),
7022 and 'flags' for dns_rdataslab_subtract() allowing you
7023 to request that the RR's must exist prior to deletion.
7024 DNS_R_NOTEXACT is returned if the condition is not met.
7026 524. [func] The 'forward' and 'forwarders' statement in
7027 non-forward zones should work now.
7029 523. [doc] The source to the Administrator Reference Manual is
7030 now an XML file using the DocBook DTD, and is included
7031 in the distribution. The plain text version of the
7032 ARM is temporarily unavailable while we figure out
7033 how to generate readable plain text from the XML.
7035 522. [func] The lightweight resolver daemon can now use
7036 a real configuration file, and its functionality
7037 can be provided by a name server. Also, the -p and -P
7038 options to lwresd have been reversed.
7040 521. [bug] Detect master files which contain $INCLUDE and always
7043 520. [bug] Upgraded libtool to 1.3.5, which makes shared
7044 library builds almost work on AIX (and possibly
7047 519. [bug] dns_name_split() would improperly split some bitstring
7048 labels, zeroing a few of the least significant bits in
7049 the prefix part. When such an improperly created
7050 prefix was returned to the RBT database, the bogus
7051 label was dutifully stored, corrupting the tree.
7054 518. [bug] The resolver did not realize that a DNAME which was
7055 "the answer" to the client's query was "the answer",
7056 and such queries would fail. [RT #399]
7058 517. [bug] The resolver's DNAME code would trigger an assertion
7059 if there was more than one DNAME in the chain.
7062 516. [bug] Cache lookups which had a NULL node pointer, e.g.
7063 those by dns_view_find(), and which would match a
7064 DNAME, would trigger an INSIST(!search.need_cleanup)
7065 assertion. [RT #399]
7067 515. [bug] The ssu table was not being attached / detached
7068 by dns_zone_[sg]etssutable. [RT#397]
7070 514. [func] Retry refresh and notify queries if they timeout.
7073 513. [func] New functionality added to rdnc and server to allow
7074 individual zones to be refreshed or reloaded.
7076 512. [bug] The zone transfer code could throw an exception with
7077 an invalid IXFR stream.
7079 511. [bug] The message code could throw an assertion on an
7080 out of memory failure. [RT #392]
7082 510. [bug] Remove spurious view notify warning. [RT #376]
7084 509. [func] Add support for write of zone files on shutdown.
7086 508. [func] dns_message_parse() can now do a best-effort
7087 attempt, which should allow dig to print more invalid
7090 507. [func] New functions dns_zone_flush(), dns_zt_flushanddetach()
7091 and dns_view_flushanddetach().
7093 506. [func] Do not fail to start on errors in zone files.
7095 505. [bug] nsupdate was printing "unknown result code". [RT #373]
7097 504. [bug] The zone was not being marked as dirty when updated via
7100 503. [bug] dumptime was not being set along with
7101 DNS_ZONEFLG_NEEDDUMP.
7103 502. [func] On a SERVFAIL reply, DiG will now try the next server
7104 in the list, unless the +fail option is specified.
7106 501. [bug] Incorrect port numbers were being displayed by
7109 500. [func] Nearly useless +details option removed from DiG.
7111 499. [func] In DiG, specifying a class with -c or type with -t
7112 changes command-line parsing so that classes and
7113 types are only recognized if following -c or -t.
7114 This allows hosts with the same name as a class or
7115 type to be looked up.
7117 498. [doc] There is now a man page for "dig"
7118 in doc/man/bin/dig.1.
7120 497. [bug] The error messages printed when an IP match list
7121 contained a network address with a nonzero host
7122 part where not sufficiently detailed. [RT #365]
7124 496. [bug] named didn't sanity check numeric parameters. [RT #361]
7126 495. [bug] nsupdate was unable to handle large records. [RT #368]
7128 494. [func] Do not cache NXDOMAIN responses for SOA queries.
7130 493. [func] Return non-cachable (ttl = 0) NXDOMAIN responses
7131 for SOA queries. This makes it easier to locate
7132 the containing zone without polluting intermediate
7135 492. [bug] attempting to reload a zone caused the server fail
7136 to shutdown cleanly. [RT #360]
7138 491. [bug] nsupdate would segfault when sending certain
7139 prerequisites with empty RDATA. [RT #356]
7141 490. [func] When a slave/stub zone has not yet successfully
7142 obtained an SOA containing the zone's configured
7143 retry time, perform the SOA query retries using
7144 exponential backoff. [RT #337]
7146 489. [func] The zone manager now has a "i/o" queue.
7148 488. [bug] Locks weren't properly destroyed in some cases.
7150 487. [port] flockfile() is not defined on all systems.
7152 486. [bug] nslookup: "set all" and "server" commands showed
7153 the incorrect port number if a port other than 53
7154 was specified. [RT #352]
7156 485. [func] When dig had more than one server to query, it would
7157 send all of the messages at the same time. Add
7158 rate limiting of the transmitted messages.
7160 484. [bug] When the server was reloaded after removing addresses
7161 from the named.conf "listen-on" statement, sockets
7162 were still listening on the removed addresses due
7163 to reference count loops. [RT #325]
7165 483. [bug] nslookup: "set all" showed a "search" option but it
7168 482. [bug] nslookup: a plain "server" or "lserver" should be
7169 treated as a lookup.
7171 481. [bug] nslookup:get_next_command() stack size could exceed
7174 480. [bug] strtok() is not thread safe. [RT #349]
7176 479. [func] The test suite can now be run by typing "make check"
7177 or "make test" at the top level.
7179 478. [bug] "make install" failed if the directory specified with
7180 --prefix did not already exist.
7182 477. [bug] The the isc-config.sh script could be installed before
7183 its directory was created. [RT #324]
7185 476. [bug] A zone could expire while a zone transfer was in
7186 progress triggering a INSIST failure. [RT #329]
7188 475. [bug] query_getzonedb() sometimes returned a non-null version
7189 on failure. This caused assertion failures when
7190 generating query responses where names subject to
7191 additional section processing pointed to a zone
7192 to which access had been denied by means of the
7193 allow-query option. [RT #336]
7195 474. [bug] The mnemonic of the CHAOS class is CH according to
7196 RFC1035, but it was printed and read only as CHAOS.
7197 We now accept both forms as input, and print it
7200 473. [bug] nsupdate overran the end of the list of name servers
7201 when no servers could be reached, typically causing
7202 it to print the error message "dns_request_create:
7205 472. [bug] Off-by-one error caused isc_time_add() to sometimes
7206 produce invalid time values.
7208 471. [bug] nsupdate didn't compile on HP/UX 10.20
7210 470. [func] $GENERATE is now supported. See also
7213 469. [bug] "query-source address * port 53;" now works.
7215 468. [bug] dns_master_load*() failed to report file and line
7216 number in certain error conditions.
7218 467. [bug] dns_master_load*() failed to log an error if
7221 466. [bug] dns_master_load*() could return success when it failed.
7223 465. [cleanup] Allow 0 to be set as an omapi_value_t value by
7224 omapi_value_storeint().
7226 464. [cleanup] Build with openssl's RSA code instead of dnssafe.
7228 463. [bug] nsupdate sent malformed SOA queries to the second
7229 and subsequent name servers in resolv.conf if the
7230 query sent to the first one failed.
7232 462. [bug] --disable-ipv6 should work now.
7234 461. [bug] Specifying an unknown key in the "keys" clause of the
7235 "controls" statement caused a NULL pointer dereference.
7238 460. [bug] Much of the DNSSEC code only worked with class IN.
7240 459. [bug] Nslookup processed the "set" command incorrectly.
7242 458. [bug] Nslookup didn't properly check class and type values.
7245 457. [bug] Dig/host/hslookup didn't properly handle connect
7246 timeouts in certain situations, causing an
7247 unnecessary warning message to be printed.
7249 456. [bug] Stub zones were not resetting the refresh and expire
7250 counters, loadtime or clearing the DNS_ZONE_REFRESH
7251 (refresh in progress) flag upon successful update.
7252 This disabled further refreshing of the stub zone,
7253 causing it to eventually expire. [RT #300]
7255 455. [doc] Document IPv4 prefix notation does not require a
7256 dotted decimal quad but may be just dotted decimal.
7258 454. [bug] Enforce dotted decimal and dotted decimal quad where
7259 documented as such in named.conf. [RT #304, RT #311]
7261 453. [bug] Warn if the obsolete option "maintain-ixfr-base"
7262 is specified in named.conf. [RT #306]
7264 452. [bug] Warn if the unimplemented option "statistics-file"
7265 is specified in named.conf. [RT #301]
7267 451. [func] Update forwarding implemented.
7269 450. [func] New function ns_client_sendraw().
7271 449. [bug] isc_bitstring_copy() only works correctly if the
7272 two bitstrings have the same lsb0 value, but this
7273 requirement was not documented, nor was there a
7276 448. [bug] Host output formatting change, to match v8. [RT #255]
7278 447. [bug] Dig didn't properly retry in TCP mode after
7279 a truncated reply. [RT #277]
7281 446. [bug] Confusing notify log message. [RT #298]
7283 445. [bug] Doing a 0 bit isc_bitstring_copy() of an lsb0
7284 bitstring triggered a REQUIRE statement. The REQUIRE
7285 statement was incorrect. [RT #297]
7287 444. [func] "recursion denied" messages are always logged at
7288 debug level 1, now, rather than sometimes at ERROR.
7289 This silences these warnings in the usual case, where
7290 some clients set the RD bit in all queries.
7292 443. [bug] When loading a master file failed because of an
7293 unrecognized RR type name, the error message
7294 did not include the file name and line number.
7297 442. [bug] TSIG signed messages that did not match any view
7298 crashed the server. [RT #290]
7300 441. [bug] Nodes obscured by a DNAME were inaccessible even
7301 when DNS_DBFIND_GLUEOK was set.
7303 440. [func] New function dns_zone_forwardupdate().
7305 439. [func] New function dns_request_createraw().
7307 438. [func] New function dns_message_getrawmessage().
7309 437. [func] Log NOTIFY activity to the notify channel.
7311 436. [bug] If recvmsg() returned EHOSTUNREACH or ENETUNREACH,
7312 which sometimes happens on Linux, named would enter
7313 a busy loop. Also, unexpected socket errors were
7314 not logged at a high enough logging level to be
7315 useful in diagnosing this situation. [RT #275]
7317 435. [bug] dns_zone_dump() overwrote existing zone files
7318 rather than writing to a temporary file and
7319 renaming. This could lead to empty or partial
7320 zone files being left around in certain error
7321 conditions involving the initial transfer of a
7322 slave zone, interfering with subsequent server
7325 434. [func] New function isc_file_isabsolute().
7327 433. [func] isc_base64_decodestring() now accepts newlines
7328 within the base64 data. This makes it possible
7329 to break up the key data in a "trusted-keys"
7330 statement into multiple lines. [RT #284]
7332 432. [func] Added refresh/retry jitter. The actual refresh/
7333 retry time is now a random value between 75% and
7334 100% of the configured value.
7336 431. [func] Log at ISC_LOG_INFO when a zone is successfully
7339 430. [bug] Rewrote the lightweight resolver client management
7340 code to handle shutdown correctly and general
7343 429. [bug] The space reserved for a TSIG record in a response
7344 was 2 bytes too short, leading to message
7345 generation failures.
7347 428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
7348 DNS_R_BADDB for nodes which had neither NXT nor SIG NXT
7349 (e.g. glue). This could cause SERVFAILs when
7350 generating negative responses in a secure zone.
7352 427. [bug] Avoid going into an infinite loop when the validator
7353 gets a negative response to a key query where the
7354 records are signed by the missing key.
7356 426. [bug] Attempting to generate an oversized RSA key could
7357 cause dnssec-keygen to dump core.
7359 425. [bug] Warn about the auth-nxdomain default value change
7360 if there is no auth-nxdomain statement in the
7361 config file. [RT #287]
7363 424. [bug] notify_createmessage() could trigger an assertion
7364 failure when creating the notify message failed,
7365 e.g. due to corrupt zones with multiple SOA records.
7368 423. [bug] When responding to a recursive query, errors that occur
7369 after following a CNAME should cause the query to fail.
7372 422. [func] get rid of isc_random_t, and make isc_random_get()
7373 and isc_random_jitter() use rand() internally
7374 instead of local state. Note that isc_random_*()
7375 functions are only for weak, non-critical "randomness"
7376 such as timing jitter and such.
7378 421. [bug] nslookup would exit when given a blank line as input.
7380 420. [bug] nslookup failed to implement the "exit" command.
7382 419. [bug] The certificate type PKIX was misspelled as SKIX.
7384 418. [bug] At debug levels >= 10, getting an unexpected
7385 socket receive error would crash the server
7386 while trying to log the error message.
7388 417. [func] Add isc_app_block() and isc_app_unblock(), which
7389 allow an application to handle signals while
7392 416. [bug] Slave zones with no master file tried to use a
7393 NULL pointer for a journal file name when they
7394 received an IXFR. [RT #273]
7396 415. [bug] The logging code leaked file descriptors.
7398 414. [bug] Server did not shut down until all incoming zone
7399 transfers were finished.
7401 413. [bug] Notify could attempt to use the zone database after
7402 it had been unloaded. [RT#267]
7404 412. [bug] named -v didn't print the version.
7406 411. [bug] A typo in the HS A code caused an assertion failure.
7408 410. [bug] lwres_gethostbyname() and company set lwres_h_errno
7409 to a random value on success.
7411 409. [bug] If named was shut down early in the startup
7412 process, ns_omapi_shutdown() would attempt to lock
7413 an uninitialized mutex. [RT #262]
7415 408. [bug] stub zones could leak memory and reference counts if
7416 all the masters were unreachable.
7418 407. [bug] isc_rwlock_lock() would needlessly block
7419 readers when it reached the read quota even
7420 if no writers were waiting.
7422 406. [bug] Log messages were occasionally lost or corrupted
7423 due to a race condition in isc_log_doit().
7425 405. [func] Add support for selective forwarding (forward zones)
7427 404. [bug] The request library didn't completely work with IPv6.
7429 403. [bug] "host" did not use the search list.
7431 402. [bug] Treat undefined acls as errors, rather than
7432 warning and then later throwing an assertion.
7435 401. [func] Added simple database API.
7437 400. [bug] SIG(0) signing and verifying was done incorrectly.
7440 399. [bug] When reloading the server with a config file
7441 containing a syntax error, it could catch an
7442 assertion failure trying to perform zone
7443 maintenance on, or sending notifies from,
7444 tentatively created zones whose views were
7445 never fully configured and lacked an address
7446 database and request manager.
7448 398. [bug] "dig" sometimes caught an assertion failure when
7449 using TSIG, depending on the key length.
7451 397. [func] Added utility functions dns_view_gettsig() and
7452 dns_view_getpeertsig().
7454 396. [doc] There is now a man page for "nsupdate"
7455 in doc/man/bin/nsupdate.8.
7457 395. [bug] nslookup printed incorrect RR type mnemonics
7458 for RRs of type >= 21 [RT #237].
7460 394. [bug] Current name was not propagated via $INCLUDE.
7462 393. [func] Initial answer while loading (awl) support.
7463 Entry points: dns_master_loadfileinc(),
7464 dns_master_loadstreaminc(), dns_master_loadbufferinc().
7465 Note: calls to dns_master_load*inc() should be rate
7466 be rate limited so as to not use up all file
7469 392. [func] Add ISC_R_FAMILYNOSUPPORT. Returned when OS does
7470 not support the given address family requested.
7472 391. [clarity] ISC_R_FAMILY -> ISC_R_FAMILYMISMATCH.
7474 390. [func] The function dns_zone_setdbtype() now takes
7475 an argc/argv style vector of words and sets
7476 both the zone database type and its arguments,
7477 making the functions dns_zone_adddbarg()
7478 and dns_zone_cleardbargs() unnecessary.
7480 389. [bug] Attempting to send a request over IPv6 using
7481 dns_request_create() on a system without IPv6
7482 support caused an assertion failure [RT #235].
7484 388. [func] dig and host can now do reverse ipv6 lookups.
7486 387. [func] Add dns_byaddr_createptrname(), which converts
7487 an address into the name used by a PTR query.
7489 386. [bug] Missing strdup() of ACL name caused random
7490 ACL matching failures [RT #228].
7492 385. [cleanup] Removed functions dns_zone_equal(), dns_zone_print(),
7495 384. [bug] nsupdate was incorrectly limiting TTLs to 65535 instead
7498 383. [func] When writing a master file, print the SOA and NS
7499 records (and their SIGs) before other records.
7501 382. [bug] named -u failed on many Linux systems where the
7502 libc provided kernel headers do not match
7505 381. [bug] Check for IPV6_RECVPKTINFO and use it instead of
7506 IPV6_PKTINFO if found. [RT #229]
7508 380. [bug] nsupdate didn't work with IPv6.
7510 379. [func] New library function isc_sockaddr_anyofpf().
7512 378. [func] named and lwresd will log the command line arguments
7513 they were started with in the "starting ..." message.
7515 377. [bug] When additional data lookups were refused due to
7516 "allow-query", the databases were still being
7517 attached causing reference leaks.
7519 376. [bug] The server should always use good entropy when
7520 performing cryptographic functions needing entropy.
7522 375. [bug] Per-zone "allow-query" did not properly override the
7523 view/global one for CNAME targets and additional
7526 374. [bug] SOA in authoritative negative responses had wrong TTL.
7528 373. [func] nslookup is now installed by "make install".
7530 372. [bug] Deal with Microsoft DNS servers appending two bytes of
7531 garbage to zone transfer requests.
7533 371. [bug] At high debug levels, doing an outgoing zone transfer
7534 of a very large RRset could cause an assertion failure
7537 370. [bug] The error messages for roll-forward failures were
7540 369. [func] Support new named.conf options, view and zone
7543 max-retry-time, min-retry-time,
7544 max-refresh-time, min-refresh-time.
7546 368. [func] Restructure the internal ".bind" view so that more
7547 zones can be added to it.
7549 367. [bug] Allow proper selection of server on nslookup command
7552 366. [func] Allow use of '-' batch file in dig for stdin.
7554 365. [bug] nsupdate -k leaked memory.
7556 364. [func] Added additional-from-{cache,auth}
7560 362. [bug] rndc no longer aborts if the configuration file is
7561 missing an options statement. [RT #209]
7563 361. [func] When the RBT find or chain functions set the name and
7564 origin for a node that stores the root label
7565 the name is now set to an empty name, instead of ".",
7566 to simplify later use of the name and origin by
7567 dns_name_concatenate(), dns_name_totext() or
7570 360. [func] dns_name_totext() and dns_name_format() now allow
7571 an empty name to be passed, which is formatted as "@".
7573 359. [bug] dnssec-signzone occasionally signed glue records.
7575 358. [cleanup] Rename the intermediate files used by the dnssec
7578 357. [bug] The zone file parser crashed if the argument
7579 to $INCLUDE was a quoted string.
7581 356. [cleanup] isc_task_send no longer requires event->sender to
7584 355. [func] Added isc_dir_createunique(), similar to mkdtemp().
7586 354. [doc] Man pages for the dnssec tools are now included in
7587 the distribution, in doc/man/dnssec.
7589 353. [bug] double increment in lwres/gethost.c:copytobuf().
7592 352. [bug] Race condition in dns_client_t startup could cause
7593 an assertion failure.
7595 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG
7596 signed query could crash the server.
7598 350. [bug] Also-notify lists specified in the global options
7599 block were not correctly reference counted, causing
7602 349. [bug] Processing a query with the CD bit set now works
7605 348. [func] New boolean named.conf options 'additional-from-auth'
7606 and 'additional-from-cache' now supported in view and
7607 global options statement.
7609 347. [bug] Don't crash if an argument is left off options in dig.
7613 345. [bug] Large-scale changes/cleanups to dig:
7614 * Significantly improve structure handling
7615 * Don't pre-load entire batch files
7616 * Add name/rr counting/limiting
7617 * Fix SIGINT handling
7618 * Shorten timeouts to match v8's behavior
7620 344. [bug] When shutting down, lwresd sometimes tried
7621 to shut down its client tasks twice,
7622 triggering an assertion.
7624 343. [bug] Although zone maintenance SOA queries and
7625 notify requests were signed with TSIG keys
7626 when configured for the server in case,
7627 the TSIG was not verified on the response.
7629 342. [bug] The wrong name was being passed to
7630 dns_name_dup() when generating a TSIG
7633 341. [func] Support 'key' clause in named.conf zone masters
7634 statement to allow authentication via TSIG keys:
7637 10.0.0.1 port 5353 key "foo";
7641 340. [bug] The top-level COPYRIGHT file was missing from
7644 339. [bug] DNSSEC validation of the response to an ANY
7645 query at a name with a CNAME RR in a secure
7646 zone triggered an assertion failure.
7648 338. [bug] lwresd logged to syslog as named, not lwresd.
7650 337. [bug] "dig" did not recognize "nsap-ptr" as an RR type
7651 on the command line.
7653 336. [bug] "dig -f" used 64 k of memory for each line in
7654 the file. It now uses much less, though still
7655 proportionally to the file size.
7657 335. [bug] named would occasionally attempt recursion when
7658 it was disallowed or undesired.
7660 334. [func] Added hmac-md5 to libisc.
7662 333. [bug] The resolver incorrectly accepted referrals to
7663 domains that were not parents of the query name,
7664 causing assertion failures.
7666 332. [func] New function dns_name_reset().
7668 331. [bug] Only log "recursion denied" if RD is set. [RT #178]
7670 330. [bug] Many debugging messages were partially formatted
7671 even when debugging was turned off, causing a
7672 significant decrease in query performance.
7674 329. [func] omapi_auth_register() now takes a size_t argument for
7675 the length of a key's secret data. Previously
7676 OMAPI only stored secrets up to the first NUL byte.
7678 328. [func] Added isc_base64_decodestring().
7680 327. [bug] rndc.conf parser wasn't correctly recognizing an IP
7681 address where a host specification was required.
7683 326. [func] 'keys' in an 'inet' control statement is now
7684 required and must have at least one item in it.
7685 A "not supported" warning is now issued if a 'unix'
7686 control channel is defined.
7688 325. [bug] isc_lex_gettoken was processing octal strings when
7689 ISC_LEXOPT_CNUMBER was not set.
7691 324. [func] In the resolver, turn EDNS0 off if there is no
7692 response after a number of retransmissions.
7693 This is to allow queries some chance of succeeding
7694 even if all the authoritative servers of a zone
7695 silently discard EDNS0 requests instead of
7696 sending an error response like they ought to.
7698 323. [bug] dns_rbt_findname() did not ignore empty rbt nodes.
7699 Because of this, servers authoritative for a parent
7700 and grandchild zone but not authoritative for the
7701 intervening child zone did not correctly issue
7702 referrals to the servers of the child zone.
7704 322. [bug] Queries for KEY RRs are now sent to the parent
7705 server before the authoritative one, making
7706 DNSSEC insecurity proofs work in many cases
7707 where they previously didn't.
7709 321. [bug] When synthesizing a CNAME RR for a DNAME
7710 response, query_addcname() failed to initialize
7711 the type and class of the CNAME dns_rdata_t,
7712 causing random failures.
7714 320. [func] Multiple rndc changes: parses an rndc.conf file,
7715 uses authentication to talk to named, command
7716 line syntax changed. This will all be described
7719 319. [func] The named.conf "controls" statement is now used
7720 to configure the OMAPI command channel.
7722 318. [func] dns_c_ndcctx_destroy() could never return anything
7723 except ISC_R_SUCCESS; made it have void return instead.
7725 317. [func] Use callbacks from libomapi to determine if a
7726 new connection is valid, and if a key requested
7727 to be used with that connection is valid.
7729 316. [bug] Generate a warning if we detect an unexpected <eof>
7730 but treat as <eol><eof>.
7732 315. [bug] Handle non-empty blanks lines. [RT #163]
7734 314. [func] The named.conf controls statement can now have
7735 more than one key specified for the inet clause.
7737 313. [bug] When parsing resolv.conf, don't terminate on an
7738 error. Instead, parse as much as possible, but
7739 still return an error if one was found.
7741 312. [bug] Increase the number of allowed elements in the
7742 resolv.conf search path from 6 to 8. If there
7743 are more than this, ignore the remainder rather
7744 than returning a failure in lwres_conf_parse.
7746 311. [bug] lwres_conf_parse failed when the first line of
7747 resolv.conf was empty or a comment.
7749 310. [func] Changes to named.conf "controls" statement (inet
7752 - support "keys" clause
7756 allow { any; } keys { "foo"; }
7759 - allow "port xxx" to be left out of statement,
7760 in which case it defaults to omapi's default port
7763 309. [bug] When sending a referral, the server did not look
7764 for name server addresses as glue in the zone
7765 holding the NS RRset in the case where this zone
7766 was not the same as the one where it looked for
7767 name server addresses as authoritative data.
7769 308. [bug] Treat a SOA record not at top of zone as an error
7770 when loading a zone. [RT #154]
7772 307. [bug] When canceling a query, the resolver didn't check for
7773 isc_socket_sendto() calls that did not yet have their
7774 completion events posted, so it could (rarely) end up
7775 destroying the query context and then want to use
7776 it again when the send event posted, triggering an
7777 assertion as it tried to cancel an already-canceled
7780 306. [bug] Reading HMAC-MD5 private key files didn't work.
7782 305. [bug] When reloading the server with a config file
7783 containing a syntax error, it could catch an
7784 assertion failure trying to perform zone
7785 maintenance on tentatively created zones whose
7786 views were never fully configured and lacked
7787 an address database.
7789 304. [bug] If more than LWRES_CONFMAXNAMESERVERS servers
7790 are listed in resolv.conf, silently ignore them
7791 instead of returning failure.
7793 303. [bug] Add additional sanity checks to differentiate a AXFR
7794 response vs a IXFR response. [RT #157]
7796 302. [bug] In dig, host, and nslookup, MXNAME should be large
7797 enough to hold any legal domain name in presentation
7798 format + terminating NULL.
7800 301. [bug] Uninitialized pointer in host:printmessage(). [RT #159]
7802 300. [bug] Using both <isc/net.h> and <lwres/net.h> didn't work
7803 on platforms lacking IPv6 because each included their
7804 own ipv6 header file for the missing definitions. Now
7805 each library's ipv6.h defines the wrapper symbol of
7806 the other (ISC_IPV6_H and LWRES_IPV6_H).
7808 299. [cleanup] Get the user and group information before changing the
7809 root directory, so the administrator does not need to
7810 keep a copy of the user and group databases in the
7811 chroot'ed environment. Suggested by Hakan Olsson.
7813 298. [bug] A mutex deadlock occurred during shutdown of the
7814 interface manager under certain conditions.
7815 Digital Unix systems were the most affected.
7817 297. [bug] Specifying a key name that wasn't fully qualified
7818 in certain parts of the config file could cause
7819 an assertion failure.
7821 296. [bug] "make install" from a separate build directory
7822 failed unless configure had been run in the source
7825 295. [bug] When invoked with type==CNAME and a message
7826 not constructed by dns_message_parse(),
7827 dns_message_findname() failed to find anything
7828 due to checking for attribute bits that are set
7829 only in dns_message_parse(). This caused an
7830 infinite loop when constructing the response to
7831 an ANY query at a CNAME in a secure zone.
7833 294. [bug] If we run out of space in while processing glue
7834 when reading a master file and commit "current name"
7835 reverts to "name_current" instead of staying as
7838 293. [port] Add support for FreeBSD 4.0 system tests.
7840 292. [bug] Due to problems with the way some operating systems
7841 handle simultaneous listening on IPv4 and IPv6
7842 addresses, the server no longer listens on IPv6
7843 addresses by default. To revert to the previous
7844 behavior, specify "listen-on-v6 { any; };" in
7847 291. [func] Caching servers no longer send outgoing queries
7848 over TCP just because the incoming recursive query
7851 290. [cleanup] +twiddle option to dig (for testing only) removed.
7853 289. [cleanup] dig is now installed in $bindir instead of $sbindir.
7854 host is now installed in $bindir. (Be sure to remove
7855 any $sbindir/dig from a previous release.)
7857 288. [func] rndc is now installed by "make install" into $sbindir.
7859 287. [bug] rndc now works again as "rndc 127.1 reload" (for
7860 only that task). Parsing its configuration file and
7861 using digital signatures for authentication has been
7862 disabled until named supports the "controls" statement,
7865 286. [bug] On Solaris 2, when named inherited a signal state
7866 where SIGHUP had the SIG_IGN action, SIGHUP would
7867 be ignored rather than causing the server to reload
7870 285. [bug] A change made to the dst API for beta4 inadvertently
7871 broke OMAPI's creation of a dst key from an incoming
7872 message, causing an assertion to be triggered. Fixed.
7874 284. [func] The DNSSEC key generation and signing tools now
7875 generate randomness from keyboard input on systems
7876 that lack /dev/random.
7878 283. [cleanup] The 'lwresd' program is now a link to 'named'.
7880 282. [bug] The lexer now returns ISC_R_RANGE if parsed integer is
7881 too big for an unsigned long.
7883 281. [bug] Fixed list of recognized config file category names.
7885 280. [func] Add isc-config.sh, which can be used to more
7886 easily build applications that link with
7889 279. [bug] Private omapi function symbols shared between
7890 two or more files in libomapi.a were not namespace
7891 protected using the ISC convention of starting with
7892 the library name and two underscores ("omapi__"...)
7894 278. [bug] bin/named/logconf.c:category_fromconf() didn't take
7895 note of when isc_log_categorybyname() wasn't able
7896 to find the category name and would then apply the
7897 channel list of the unknown category to all categories.
7899 277. [bug] isc_log_categorybyname() and isc_log_modulebyname()
7900 would fail to find the first member of any category
7901 or module array apart from the internal defaults.
7902 Thus, for example, the "notify" category was improperly
7903 configured by named.
7905 276. [bug] dig now supports maximum sized TCP messages.
7907 275. [bug] The definition of lwres_gai_strerror() was missing
7910 274. [bug] TSIG AXFR verify failed when talking to a BIND 8
7913 273. [func] The default for the 'transfer-format' option is
7914 now 'many-answers'. This will break zone transfers
7915 to BIND 4.9.5 and older unless there is an explicit
7916 'one-answer' configuration.
7918 272. [bug] The sending of large TCP responses was canceled
7919 in mid-transmission due to a race condition
7920 caused by the failure to set the client object's
7921 "newstate" variable correctly when transitioning
7922 to the "working" state.
7924 271. [func] Attempt to probe the number of cpus in named
7925 if unspecified rather than defaulting to 1.
7927 270. [func] Allow maximum sized TCP answers.
7929 269. [bug] Failed DNSSEC validations could cause an assertion
7930 failure by causing clone_results() to be called with
7931 with hevent->node == NULL.
7933 268. [doc] A plain text version of the Administrator
7934 Reference Manual is now included in the distribution,
7935 as doc/arm/Bv9ARM.txt.
7937 267. [func] Nsupdate is now provided in the distribution.
7939 266. [bug] zone.c:save_nsrrset() node was not initialized.
7941 265. [bug] dns_request_create() now works for TCP.
7943 264. [func] Dispatch can not take TCP sockets in connecting
7944 state. Set DNS_DISPATCHATTR_CONNECTED when calling
7945 dns_dispatch_createtcp() for connected TCP sockets
7946 or call dns_dispatch_starttcp() when the socket is
7949 263. [func] New logging channel type 'stderr'
7956 262. [bug] 'master' was not initialized in zone.c:stub_callback().
7958 261. [func] Add dns_zone_markdirty().
7960 260. [bug] Running named as a non-root user failed on Linux
7961 kernels new enough to support retaining capabilities
7964 259. [func] New random-device and random-seed-file statements
7965 for global options block of named.conf. Both accept
7966 a single string argument.
7968 258. [bug] Fixed printing of lwres_addr_t.address field.
7970 257. [bug] The server detached the last zone manager reference
7971 too early, while it could still be in use by queries.
7972 This manifested itself as assertion failures during the
7973 shutdown process for busy name servers. [RT #133]
7975 256. [func] isc_ratelimiter_t now has attach/detach semantics, and
7976 isc_ratelimiter_shutdown guarantees that the rate
7977 limiter is detached from its task.
7979 255. [func] New function dns_zonemgr_attach().
7981 254. [bug] Suppress "query denied" messages on additional data
7984 --- 9.0.0b4 released ---
7986 253. [func] resolv.conf parser now recognizes ';' and '#' as
7987 comments (anywhere in line, not just as the beginning).
7989 252. [bug] resolv.conf parser mishandled masks on sortlists.
7990 It also aborted when an unrecognized keyword was seen,
7991 now it silently ignores the entire line.
7993 251. [bug] lwresd caught an assertion failure on startup.
7995 250. [bug] fixed handling of size+unit when value would be too
7996 large for internal representation.
7998 249. [cleanup] max-cache-size config option now takes a size-spec
7999 like 'datasize', except 'default' is not allowed.
8001 248. [bug] global lame-ttl option was not being printed when
8002 config structures were written out.
8004 247. [cleanup] Rename cache-size config option to max-cache-size.
8006 246. [func] Rename global option cachesize to cache-size and
8007 add corresponding option to view statement.
8009 245. [bug] If an uncompressed name will take more than 255
8010 bytes and the buffer is sufficiently long,
8011 dns_name_fromwire should return DNS_R_FORMERR,
8012 not ISC_R_NOSPACE. This bug caused cause the
8013 server to catch an assertion failure when it
8014 received a query for a name longer than 255
8017 244. [bug] empty named.conf file and empty options statement are
8018 now parsed properly.
8020 243. [func] new cachesize option for named.conf
8022 242. [cleanup] fixed incorrect warning about auth-nxdomain usage.
8024 241. [cleanup] nscount and soacount have been removed from the
8025 dns_master_*() argument lists.
8027 240. [func] databases now come in three flavours: zone, cache
8030 239. [func] If ISC_MEM_DEBUG is enabled, the variable
8031 isc_mem_debugging controls whether messages
8034 238. [cleanup] A few more compilation warnings have been quieted:
8035 + missing sigwait prototype on BSD/OS 4.0/4.0.1.
8036 + PTHREAD_ONCE_INIT unbraced initializer warnings on
8038 + IN6ADDR_ANY_INIT unbraced initializer warnings on
8039 BSD/OS 4.*, Linux and Solaris 2.8.
8041 237. [bug] If connect() returned ENOBUFS when the resolver was
8042 initiating a TCP query, the socket didn't get
8043 destroyed, and the server did not shut down cleanly.
8045 236. [func] Added new listen-on-v6 config file statement.
8047 235. [func] Consider it a config file error if a listen-on
8048 statement has an IPv6 address in it, or a
8049 listen-on-v6 statement has an IPv4 address in it.
8051 234. [bug] Allow a trusted-key's first field (domain-name) be
8052 either a quoted or an unquoted string, instead of
8053 requiring a quoted string.
8055 233. [cleanup] Convert all config structure integer values to unsigned
8056 integer (isc_uint32_t) to match grammar.
8058 232. [bug] Allow slave zones to not have a file.
8060 231. [func] Support new 'port' clause in config file options
8061 section. Causes 'listen-on', 'masters' and
8062 'also-notify' statements to use its value instead of
8065 230. [func] Replace the dst sign/verify API with a cleaner one.
8067 229. [func] Support config file sig-validity-interval statement
8068 in options, views and zone statements (master
8071 228. [cleanup] Logging messages in config module stripped of
8074 227. [cleanup] The enumerated identifiers dns_rdataclass_*,
8075 dns_rcode_*, dns_opcode_*, and dns_trust_* are
8076 also now cast to their appropriate types, as with
8077 dns_rdatatype_* in item number 225 below.
8079 226. [func] dns_name_totext() now always prints the root name as
8080 '.', even when omit_final_dot is true.
8082 225. [cleanup] The enumerated dns_rdatatype_* identifiers are now
8083 cast to dns_rdatatype_t via macros of their same name
8084 so that they are of the proper integral type wherever
8085 a dns_rdatatype_t is needed.
8087 224. [cleanup] The entire project builds cleanly with gcc's
8088 -Wcast-qual and -Wwrite-strings warnings enabled,
8089 which is now the default when using gcc. (Warnings
8090 from confparser.c, because of yacc's code, are
8091 unfortunately to be expected.)
8093 223. [func] Several functions were re-prototyped to qualify one
8094 or more of their arguments with "const". Similarly,
8095 several functions that return pointers now have
8096 those pointers qualified with const.
8098 222. [bug] The global 'also-notify' option was ignored.
8100 221. [bug] An uninitialized variable was sometimes passed to
8101 dns_rdata_freestruct() when loading a zone, causing
8102 an assertion failure.
8104 220. [cleanup] Set the default outgoing port in the view, and
8105 set it in sockaddrs returned from the ADB.
8106 [31-May-2000 explorer]
8108 219. [bug] Signed truncated messages more correctly follow
8109 the respective specs.
8111 218. [func] When an rdataset is signed, its ttl is normalized
8112 based on the signature validity period.
8114 217. [func] Also-notify and trusted-keys can now be used in
8115 the 'view' statement.
8117 216. [func] The 'max-cache-ttl' and 'max-ncache-ttl' options
8120 215. [bug] Failures at certain points in request processing
8121 could cause the assertion INSIST(client->lockview
8122 == NULL) to be triggered.
8124 214. [func] New public function isc_netaddr_format(), for
8125 formatting network addresses in log messages.
8127 213. [bug] Don't leak memory when reloading the zone if
8128 an update-policy clause was present in the old zone.
8130 212. [func] Added dns_message_get/settsigkey, to make TSIG
8131 key management reasonable.
8133 211. [func] The 'key' and 'server' statements can now occur
8134 inside 'view' statements.
8136 210. [bug] The 'allow-transfer' option was ignored for slave
8137 zones, and the 'transfers-per-ns' option was
8138 was ignored for all zones.
8140 209. [cleanup] Upgraded openssl files to new version 0.9.5a
8142 208. [func] Added ISC_OFFSET_MAXIMUM for the maximum value
8145 207. [func] The dnssec tools properly use the logging subsystem.
8147 206. [cleanup] dst now stores the key name as a dns_name_t, not
8150 205. [cleanup] On IRIX, turn off the mostly harmless warnings 1692
8151 ("prototyped function redeclared without prototype")
8152 and 1552 ("variable ... set but not used") when
8153 compiling in the lib/dns/sec/{dnssafe,openssl}
8154 directories, which contain code imported from outside
8157 204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
8158 to quiet the warnings that "The linked output may not
8159 run on a PA 1.x system."
8161 203. [func] notify and zone soa queries are now tsig signed when
8164 202. [func] isc_lex_getsourceline() changed from returning int
8165 to returning unsigned long, the type of its underlying
8168 201. [cleanup] Removed the test/sdig program, it has been
8169 replaced by bin/dig/dig.
8171 --- 9.0.0b3 released ---
8173 200. [bug] Failures in sending query responses to clients
8174 (e.g., running out of network buffers) were
8177 199. [bug] isc_heap_delete() sometimes violated the heap
8178 invariant, causing timer events not to be posted
8181 198. [func] Dispatch managers hold memory pools which
8182 any managed dispatcher may use. This allows
8183 us to avoid dipping into the memory context for
8184 most allocations. [19-May-2000 explorer]
8186 197. [bug] When an incoming AXFR or IXFR completes, the
8187 zone's internal state is refreshed from the
8188 SOA data. [19-May-2000 explorer]
8190 196. [func] Dispatchers can be shared easily between views
8191 and/or interfaces. [19-May-2000 explorer]
8193 195. [bug] Including the NXT record of the root domain
8194 in a negative response caused an assertion
8197 194. [doc] The PDF version of the Administrator's Reference
8198 Manual is no longer included in the ISC BIND9
8201 193. [func] changed dst_key_free() prototype.
8203 192. [bug] Zone configuration validation is now done at end
8204 of config file parsing, and before loading
8207 191. [func] Patched to compile on UnixWare 7.x. This platform
8208 is not directly supported by the ISC.
8210 190. [cleanup] The DNSSEC tools have been moved to a separate
8211 directory dnssec/ and given the following new,
8212 more descriptive names:
8219 Their command line arguments have also been changed to
8220 be more consistent. dnssec-keygen now prints the
8221 name of the generated key files (sans extension)
8222 on standard output to simplify its use in automated
8225 189. [func] isc_time_secondsastimet(), a new function, will ensure
8226 that the number of seconds in an isc_time_t does not
8227 exceed the range of a time_t, or return ISC_R_RANGE.
8228 Similarly, isc_time_now(), isc_time_nowplusinterval(),
8229 isc_time_add() and isc_time_subtract() now check the
8230 range for overflow/underflow. In the case of
8231 isc_time_subtract, this changed a calling requirement
8232 (ie, something that could generate an assertion)
8233 into merely a condition that returns an error result.
8234 isc_time_add() and isc_time_subtract() were void-
8235 valued before but now return isc_result_t.
8237 188. [func] Log a warning message when an incoming zone transfer
8238 contains out-of-zone data.
8240 187. [func] isc_ratelimiter_enqueue() has an additional argument
8243 186. [func] dns_request_getresponse() has an additional argument
8246 185. [bug] Fixed up handling of ISC_MEMCLUSTER_LEGACY. Several
8247 public functions did not have an isc__ prefix, and
8248 referred to functions that had previously been
8251 184. [cleanup] Variables/functions which began with two leading
8252 underscores were made to conform to the ANSI/ISO
8253 standard, which says that such names are reserved.
8255 183. [func] ISC_LOG_PRINTTAG option for log channels. Useful
8256 for logging the program name or other identifier.
8258 182. [cleanup] New command-line parameters for dnssec tools
8260 181. [func] Added dst_key_buildfilename and dst_key_parsefilename
8262 180. [func] New isc_result_t ISC_R_RANGE. Supersedes DNS_R_RANGE.
8264 179. [func] options named.conf statement *must* now come
8265 before any zone or view statements.
8267 178. [func] Post-load of named.conf check verifies a slave zone
8268 has non-empty list of masters defined.
8270 177. [func] New per-zone boolean:
8272 enable-zone yes | no ;
8274 intended to let a zone be disabled without having
8275 to comment out the entire zone statement.
8277 176. [func] New global and per-view option:
8279 max-cache-ttl number
8281 175. [func] New global and per-view option:
8283 additional-data internal | minimal | maximal;
8285 174. [func] New public function isc_sockaddr_format(), for
8286 formatting socket addresses in log messages.
8288 173. [func] Keep a queue of zones waiting for zone transfer
8289 quota so that a new transfer can be dispatched
8290 immediately whenever quota becomes available.
8292 172. [bug] $TTL directive was sometimes missing from dumped
8293 master files because totext_ctx_init() failed to
8294 initialize ctx->current_ttl_valid.
8296 171. [cleanup] On NetBSD systems, the mit-pthreads or
8297 unproven-pthreads library is now always used
8298 unless --with-ptl2 is explicitly specified on
8299 the configure command line. The
8300 --with-mit-pthreads option is no longer needed
8301 and has been removed.
8303 170. [cleanup] Remove inter server consistency checks from zone,
8304 these should return as a separate module in 9.1.
8305 dns_zone_checkservers(), dns_zone_checkparents(),
8306 dns_zone_checkchildren(), dns_zone_checkglue().
8308 Remove dns_zone_setadb(), dns_zone_setresolver(),
8309 dns_zone_setrequestmgr() these should now be found
8312 169. [func] ratelimiter can now process N events per interval.
8314 168. [bug] include statements in named.conf caused syntax errors
8315 due to not consuming the semicolon ending the include
8316 statement before switching input streams.
8318 167. [bug] Make lack of masters for a slave zone a soft error.
8320 166. [bug] Keygen was overwriting existing keys if key_id
8321 conflicted, now it will retry, and non-null keys
8322 with key_id == 0 are not generated anymore. Key
8323 was not able to generate NOAUTHCONF DSA key,
8324 increased RSA key size to 2048 bits.
8326 165. [cleanup] Silence "end-of-loop condition not reached" warnings
8327 from Solaris compiler.
8329 164. [func] Added functions isc_stdio_open(), isc_stdio_close(),
8330 isc_stdio_seek(), isc_stdio_read(), isc_stdio_write(),
8331 isc_stdio_flush(), isc_stdio_sync(), isc_file_remove()
8332 to encapsulate nonportable usage of errno and sync.
8334 163. [func] Added result codes ISC_R_FILENOTFOUND and
8337 162. [bug] Ensure proper range for arguments to ctype.h functions.
8339 161. [cleanup] error in yyparse prototype that only HPUX caught.
8341 160. [cleanup] getnet*() are not going to be implemented at this
8344 159. [func] Redefinition of config file elements is now an
8345 error (instead of a warning).
8347 158. [bug] Log channel and category list copy routines
8348 weren't assigning properly to output parameter.
8350 157. [port] Fix missing prototype for getopt().
8352 156. [func] Support new 'database' statement in zone.
8354 database "quoted-string";
8356 155. [bug] ns_notify_start() was not detaching the found zone.
8358 154. [func] The signer now logs libdns warnings to stderr even when
8359 not verbose, and in a nicer format.
8361 153. [func] dns_rdata_tostruct() 'mctx' is now optional. If 'mctx'
8362 is NULL then you need to preserve the 'rdata' until
8363 you have finished using the structure as there may be
8364 references to the associated memory. If 'mctx' is
8365 non-NULL it is guaranteed that there are no references
8366 to memory associated with 'rdata'.
8368 dns_rdata_freestruct() must be called if 'mctx' was
8369 non-NULL and may safely be called if 'mctx' was NULL.
8371 152. [bug] keygen dumped core if domain name argument was omitted
8374 151. [func] Support 'disabled' statement in zone config (causes
8375 zone to be parsed and then ignored). Currently must
8376 come after the 'type' clause.
8378 150. [func] Support optional ports in masters and also-notify
8381 masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
8383 149. [cleanup] Removed unused argument 'olist' from
8384 dns_c_view_unsetordering().
8386 148. [cleanup] Stop issuing some warnings about some configuration
8387 file statements that were not implemented, but now are.
8389 147. [bug] Changed yacc union size to be smaller for yaccs that
8390 put yacc-stack on the real stack.
8392 146. [cleanup] More general redundant header file cleanup. Rather
8393 than continuing to itemize every header which changed,
8394 this changelog entry just notes that if a header file
8395 did not need another header file that it was including
8396 in order to provide its advertised functionality, the
8397 inclusion of the other header file was removed. See
8398 util/check-includes for how this was tested.
8400 145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
8401 ISC_LANG_ENDDECLS to header files that had function
8402 prototypes, and removed it from those that did not.
8404 144. [cleanup] libdns header files too numerous to name were made
8405 to conform to the same style for multiple inclusion
8408 143. [func] Added function dns_rdatatype_isknown().
8410 142. [cleanup] <isc/stdtime.h> does not need <time.h> or
8413 141. [bug] Corrupt requests with multiple questions could
8414 cause an assertion failure.
8416 140. [cleanup] <isc/time.h> does not need <time.h> or <isc/result.h>.
8418 139. [cleanup] <isc/net.h> now includes <isc/types.h> instead of
8419 <isc/int.h> and <isc/result.h>.
8421 138. [cleanup] isc_strtouq moved from str.[ch] to string.[ch] and
8422 renamed isc_string_touint64. isc_strsep moved from
8423 strsep.c to string.c and renamed isc_string_separate.
8425 137. [cleanup] <isc/commandline.h>, <isc/mem.h>, <isc/print.h>
8426 <isc/serial.h>, <isc/string.h> and <isc/offset.h>
8427 made to conform to the same style for multiple
8428 inclusion protection.
8430 136. [cleanup] <isc/commandline.h>, <isc/interfaceiter.h>,
8431 <isc/net.h> and Win32's <isc/thread.h> needed
8432 ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS.
8434 135. [cleanup] Win32's <isc/condition.h> did not need <isc/result.h>
8435 or <isc/boolean.h>, now uses <isc/types.h> in place
8436 of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
8437 and ISC_LANG_ENDDECLS.
8439 134. [cleanup] <isc/dir.h> does not need <limits.h>.
8441 133. [cleanup] <isc/ipv6.h> needs <isc/platform.h>.
8443 132. [cleanup] <isc/app.h> does not need <isc/task.h>, but does
8444 need <isc/eventclass.h>.
8446 131. [cleanup] <isc/mutex.h> and <isc/util.h> need <isc/result.h>
8447 for ISC_R_* codes used in macros.
8449 130. [cleanup] <isc/condition.h> does not need <pthread.h> or
8450 <isc/boolean.h>, and now includes <isc/types.h>
8451 instead of <isc/time.h>.
8453 129. [bug] The 'default_debug' log channel was not set up when
8454 'category default' was present in the config file
8456 128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
8457 ISC_LANG_ENDDECLS at end of header.
8459 127. [cleanup] The contracts for the comparison routines
8460 dns_name_fullcompare(), dns_name_compare(),
8461 dns_name_rdatacompare(), and dns_rdata_compare() now
8462 specify that the order value returned is < 0, 0, or > 0
8463 instead of -1, 0, or 1.
8465 126. [cleanup] <isc/quota.h> and <isc/taskpool.h> need <isc/lang.h>.
8467 125. [cleanup] <isc/eventclass.h>, <isc/ipv6.h>, <isc/magic.h>,
8468 <isc/mutex.h>, <isc/once.h>, <isc/region.h>, and
8469 <isc/resultclass.h> do not need <isc/lang.h>.
8471 124. [func] signer now imports parent's zone key signature
8472 and creates null keys/sets zone status bit for
8473 children when necessary
8475 123. [cleanup] <isc/event.h> does not need <stddef.h>.
8477 122. [cleanup] <isc/task.h> does not need <isc/mem.h> or
8480 121. [cleanup] <isc/symtab.h> does not need <isc/mem.h> or
8481 <isc/result.h>. Multiple inclusion protection
8482 symbol fixed from ISC_SYMBOL_H to ISC_SYMTAB_H.
8483 isc_symtab_t moved to <isc/types.h>.
8485 120. [cleanup] <isc/socket.h> does not need <isc/boolean.h>,
8486 <isc/bufferlist.h>, <isc/task.h>, <isc/mem.h> or
8489 119. [cleanup] structure definitions for generic rdata structures do
8490 not have _generic_ in their names.
8492 118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
8493 YACC crust (yyparse, etc) [2000-apr-27 explorer]
8495 117. [cleanup] libdns.a changes:
8496 dns_zone_clearnotify() and dns_zone_addnotify()
8497 are replaced by dns_zone_setnotifyalso().
8498 dns_zone_clearmasters() and dns_zone_addmaster()
8499 are replaced by dns_zone_setmasters().
8501 116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
8504 115. [port] Shut up the -Wmissing-declarations warning about
8505 <stdio.h>'s __sputaux on BSD/OS pre-4.1.
8507 114. [cleanup] <isc/sockaddr.h> does not need <isc/buffer.h> or
8510 113. [func] Utility programs dig and host added.
8512 112. [cleanup] <isc/serial.h> does not need <isc/boolean.h>.
8514 111. [cleanup] <isc/rwlock.h> does not need <isc/result.h> or
8517 110. [cleanup] <isc/result.h> does not need <isc/boolean.h> or
8520 109. [bug] "make depend" did nothing for
8521 bin/tests/{db,mem,sockaddr,tasks,timers}/.
8523 108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
8524 <dns/types.h> to <dns/bit.h> and renamed to
8525 DNS_BIT_SET/DNS_BIT_GET/DNS_BIT_CLEAR.
8527 107. [func] Add keysigner and keysettool.
8529 106. [func] Allow dnssec verifications to ignore the validity
8530 period. Used by several of the dnssec tools.
8532 105. [doc] doc/dev/coding.html expanded with other
8533 implicit conventions the developers have used.
8535 104. [bug] Made compress_add and compress_find static to
8538 103. [func] libisc buffer API changes for <isc/buffer.h>:
8540 isc_buffer_base(b) (pointer)
8541 isc_buffer_current(b) (pointer)
8542 isc_buffer_active(b) (pointer)
8543 isc_buffer_used(b) (pointer)
8544 isc_buffer_length(b) (int)
8545 isc_buffer_usedlength(b) (int)
8546 isc_buffer_consumedlength(b) (int)
8547 isc_buffer_remaininglength(b) (int)
8548 isc_buffer_activelength(b) (int)
8549 isc_buffer_availablelength(b) (int)
8551 ISC_BUFFER_USEDCOUNT(b)
8552 ISC_BUFFER_AVAILABLECOUNT(b)
8555 isc_buffer_used(b, r) ->
8556 isc_buffer_usedregion(b, r)
8557 isc_buffer_available(b, r) ->
8558 isc_buffer_available_region(b, r)
8559 isc_buffer_consumed(b, r) ->
8560 isc_buffer_consumedregion(b, r)
8561 isc_buffer_active(b, r) ->
8562 isc_buffer_activeregion(b, r)
8563 isc_buffer_remaining(b, r) ->
8564 isc_buffer_remainingregion(b, r)
8566 Buffer types were removed, so the ISC_BUFFERTYPE_*
8567 macros are no more, and the type argument to
8568 isc_buffer_init and isc_buffer_allocate were removed.
8569 isc_buffer_putstr is now void (instead of isc_result_t)
8570 and requires that the caller ensure that there
8571 is enough available buffer space for the string.
8573 102. [port] Correctly detect inet_aton, inet_pton and inet_ptop
8576 101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
8578 100. [cleanup] <isc/random.h> does not need <isc/int.h> or
8579 <isc/mutex.h>. isc_random_t moved to <isc/types.h>.
8581 99. [cleanup] Rate limiter now has separate shutdown() and
8582 destroy() functions, and it guarantees that all
8583 queued events are delivered even in the shutdown case.
8585 98. [cleanup] <isc/print.h> does not need <stdarg.h> or <stddef.h>
8586 unless ISC_PLATFORM_NEEDVSNPRINTF is defined.
8588 97. [cleanup] <isc/ondestroy.h> does not need <stddef.h> or
8591 96. [cleanup] <isc/mutex.h> does not need <isc/result.h>.
8593 95. [cleanup] <isc/mutexblock.h> does not need <isc/result.h>.
8595 94. [cleanup] Some installed header files did not compile as C++.
8597 93. [cleanup] <isc/msgcat.h> does not need <isc/result.h>.
8599 92. [cleanup] <isc/mem.h> does not need <stddef.h>, <isc/boolean.h>,
8602 91. [cleanup] <isc/log.h> does not need <sys/types.h> or
8605 90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
8606 from <named/listenlist.h>.
8608 89. [cleanup] <isc/lex.h> does not need <stddef.h>.
8610 88. [cleanup] <isc/interfaceiter.h> does not need <isc/result.h> or
8611 <isc/mem.h>. isc_interface_t and isc_interfaceiter_t
8612 moved to <isc/types.h>.
8614 87. [cleanup] <isc/heap.h> does not need <isc/boolean.h>,
8615 <isc/mem.h> or <isc/result.h>.
8617 86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
8620 85. [cleanup] <isc/bufferlist.h> does not need <isc/buffer.h>,
8621 <isc/list.h>, <isc/mem.h>, <isc/region.h> or
8624 84. [func] allow-query ACL checks now apply to all data
8625 added to a response.
8627 83. [func] If the server is authoritative for both a
8628 delegating zone and its (nonsecure) delegatee, and
8629 a query is made for a KEY RR at the top of the
8630 delegatee, then the server will look for a KEY
8631 in the delegator if it is not found in the delegatee.
8633 82. [cleanup] <isc/buffer.h> does not need <isc/list.h>.
8635 81. [cleanup] <isc/int.h> and <isc/boolean.h> do not need
8638 80. [cleanup] <isc/print.h> does not need <stdio.h> or <stdlib.h>.
8640 79. [cleanup] <dns/callbacks.h> does not need <stdio.h>.
8642 78. [cleanup] lwres_conftest renamed to lwresconf_test for
8643 consistency with other *_test programs.
8645 77. [cleanup] typedef of isc_time_t and isc_interval_t moved from
8646 <isc/time.h> to <isc/types.h>.
8648 76. [cleanup] Rewrote keygen.
8650 75. [func] Don't load a zone if its database file is older
8651 than the last time the zone was loaded.
8653 74. [cleanup] Removed mktemplate.o and ufile.o from libisc.a,
8656 73. [func] New "file" API in libisc, including new function
8657 isc_file_getmodtime, isc_mktemplate renamed to
8658 isc_file_mktemplate and isc_ufile renamed to
8659 isc_file_openunique. By no means an exhaustive API,
8660 it is just what's needed for now.
8662 72. [func] DNS_RBTFIND_NOPREDECESSOR and DNS_RBTFIND_NOOPTIONS
8663 added for dns_rbt_findnode, the former to disable the
8664 setting of the chain to the predecessor, and the
8665 latter to make clear when no options are set.
8667 71. [cleanup] Made explicit the implicit REQUIREs of
8668 isc_time_seconds, isc_time_nanoseconds, and
8671 70. [func] isc_time_set() added.
8673 69. [bug] The zone object's master and also-notify lists grew
8674 longer with each server reload.
8676 68. [func] Partial support for SIG(0) on incoming messages.
8678 67. [performance] Allow use of alternate (compile-time supplied)
8679 OpenSSL libraries/headers.
8681 66. [func] Data in authoritative zones should have a trust level
8684 65. [cleanup] Removed obsolete typedef of dns_zone_callbackarg_t
8687 64. [func] The RBT, DB, and zone table APIs now allow the
8688 caller find the most-enclosing superdomain of
8691 63. [func] Generate NOTIFY messages.
8693 62. [func] Add UDP refresh support.
8695 61. [cleanup] Use single quotes consistently in log messages.
8697 60. [func] Catch and disallow singleton types on message
8700 59. [bug] Cause net/host unreachable to be a hard error
8701 when sending and receiving.
8703 58. [bug] bin/named/query.c could sometimes trigger the
8704 (client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
8705 == 0 assertion in query_newname().
8707 57. [func] Added dns_nxt_typepresent()
8709 56. [bug] SIG records were not properly returned in cached
8712 55. [bug] Responses containing multiple names in the authority
8713 section were not negatively cached.
8715 54. [bug] If a fetch with sigrdataset==NULL joined one with
8716 sigrdataset!=NULL or vice versa, the resolver
8717 could catch an assertion or lose signature data,
8720 53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
8723 52. [bug] rndc: taskmgr and socketmgr were not initialized
8726 51. [cleanup] dns/compress.h and dns/zt.h did not need to include
8727 dns/rbt.h; it was needed only by compress.c and zt.c.
8729 50. [func] RBT deletion no longer requires a valid chain to work,
8730 and dns_rbt_deletenode was added.
8732 49. [func] Each cache now has its own mctx.
8734 48. [func] isc_task_create() no longer takes an mctx.
8735 isc_task_mem() has been eliminated.
8737 47. [func] A number of modules now use memory context reference
8740 46. [func] Memory contexts are now reference counted.
8741 Added isc_mem_inuse() and isc_mem_preallocate().
8742 Renamed isc_mem_destroy_check() to
8743 isc_mem_setdestroycheck().
8745 45. [bug] The trusted-key statement incorrectly loaded keys.
8747 44. [bug] Don't include authority data if it would force us
8748 to unset the AD bit in the message.
8750 43. [bug] DNSSEC verification of cached rdatasets was failing.
8752 42. [cleanup] Simplified logging of messages with embedded domain
8753 names by introducing a new convenience function
8756 41. [func] Use PR_SET_KEEPCAPS on Linux 2.3.99-pre3 and later
8757 to allow 'named' to run as a non-root user while
8758 retaining the ability to bind() to privileged
8761 40. [func] Introduced new logging category "dnssec" and
8762 logging module "dns/validator".
8764 39. [cleanup] Moved the typedefs for isc_region_t, isc_textregion_t,
8765 and isc_lex_t to <isc/types.h>.
8767 38. [bug] TSIG signed incoming zone transfers work now.
8769 37. [bug] If the first RR in an incoming zone transfer was
8770 not an SOA, the server died with an assertion failure
8771 instead of just reporting an error.
8773 36. [cleanup] Change DNS_R_SUCCESS (and others) to ISC_R_SUCCESS
8775 35. [performance] Log messages which are of a level too high to be
8776 logged by any channel in the logging configuration
8777 will not cause the log mutex to be locked.
8779 34. [bug] Recursion was allowed even with 'recursion no'.
8781 33. [func] The RBT now maintains a parent pointer at each node.
8783 32. [cleanup] bin/lwresd/client.c needs <string.h> for memset()
8786 31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
8788 30. [func] config file grammar change to support optional
8789 class type for a view.
8791 29. [func] support new config file view options:
8793 auth-nxdomain recursion query-source
8794 query-source-v6 transfer-source
8795 transfer-source-v6 max-transfer-time-out
8796 max-transfer-idle-out transfer-format
8797 request-ixfr provide-ixfr cleaning-interval
8798 fetch-glue notify rfc2308-type1 lame-ttl
8799 max-ncache-ttl min-roots
8801 28. [func] support lame-ttl, min-roots and serial-queries
8802 config global options.
8804 27. [bug] Only include <netinet6/in6.h> on BSD/OS 4.[01]*.
8805 Including it on other platforms (eg, NetBSD) can
8806 cause a forced #error from the C preprocessor.
8808 26. [func] new match-clients statement in config file view.
8810 25. [bug] make install failed to install <isc/log.h> and
8813 24. [cleanup] Eliminate some unnecessary #includes of header
8814 files from header files.
8816 23. [cleanup] Provide more context in log messages about client
8817 requests, using a new function ns_client_log().
8819 22. [bug] SIGs weren't returned in the answer section when
8820 the query resulted in a fetch.
8822 21. [port] Look at STD_CINCLUDES after CINCLUDES during
8823 compilation, so additional system include directories
8824 can be searched but header files in the bind9 source
8825 tree with conflicting names take precedence. This
8826 avoids issues with installed versions of dnssafe and
8829 20. [func] Configuration file post-load validation of zones
8830 failed if there were no zones.
8832 19. [bug] dns_zone_notifyreceive() failed to unlock the zone
8833 lock in certain error cases.
8835 18. [bug] Use AC_TRY_LINK rather than AC_TRY_COMPILE in
8836 configure.in to check for presence of in6addr_any.
8838 17. [func] Do configuration file post-load validation of zones.
8840 16. [bug] put quotes around key names on config file
8841 output to avoid possible keyword clashes.
8843 15. [func] Add dns_name_dupwithoffsets(). This function is
8844 improves comparison performance for duped names.
8846 14. [bug] free_rbtdb() could have 'put' unallocated memory in
8847 an unlikely error path.
8849 13. [bug] lib/dns/master.c and lib/dns/xfrin.c didn't ignore
8852 12. [bug] Fixed possible uninitialized variable error.
8854 11. [bug] axfr_rrstream_first() didn't check the result code of
8855 db_rr_iterator_first(), possibly causing an assertion
8856 to be triggered later.
8858 10. [bug] A bug in the code which makes EDNS0 OPT records in
8859 bin/named/client.c and lib/dns/resolver.c could
8860 trigger an assertion.
8862 9. [cleanup] replaced bit-setting code in confctx.c and replaced
8863 repeated code with macro calls.
8865 8. [bug] Shutdown of incoming zone transfer accessed
8868 7. [cleanup] removed 'listen-on' from view statement.
8870 6. [bug] quote RR names when generating config file to
8871 prevent possible clash with config file keywords
8874 5. [func] syntax change to named.conf file: new ssu grant/deny
8875 statements must now be enclosed by an 'update-policy'
8878 4. [port] bin/named/unix/os.c didn't compile on systems with
8879 linux 2.3 kernel includes due to conflicts between
8880 C library includes and the kernel includes. We now
8881 get only what we need from <linux/capability.h>, and
8882 avoid pulling in other linux kernel .h files.
8884 3. [bug] TKEYs go in the answer section of responses, not
8885 the additional section.
8887 2. [bug] Generating cryptographic randomness failed on
8888 systems without /dev/random.
8890 1. [bug] The installdirs rule in
8891 lib/isc/unix/include/isc/Makefile.in had a typo which
8892 prevented the isc directory from being created if it
8895 --- 9.0.0b2 released ---
8897 # This tells Emacs to use hard tabs in this file.
8899 # indent-tabs-mode: t