2 * bugfix #183: Assertion failure with OPT record without rdata.
3 This caused packet creation with only a DO bit (for DNSSEC OK)
4 to crash. Thanks Anand Buddhdev and others for reporting this
6 * Fix for syntax error in pyldns
9 * bugfix #147: Allow for tabs in whitespace before quoted rdata
10 fields. Thanks Felipe Gasper
11 * bugfix #149: Add some missing [out] annotations to doxygen
12 parameters. Thanks aldot.
13 * Fix build error on Solaris 10 with inet_ntop redeclaration error.
14 * Fix -U flag with ldns-signzone. Thanks Ulrich and Jonathan
15 * Enable compile of SVCB and HTTPS support by default.
16 * bugfix #179: Free line memory even if zone file parsing fails
17 Thanks Claudius Zingerli
18 * bugfix #166: Grow buffer when writing chars and fixed size
19 strings when converting to presentation format, preventing
20 potential assersion errors.
21 * bugfix #46: Print network errors when secure tracing.
23 * EDNS0 Option handling and conversion into presentation format.
24 * bugfix #145: ldns-verify-zone should not call occluded records
28 * bugfix #146: ldns-1.7.1 had soname 3.0, so ldns-1.8.x soname
29 needs to larger. Thanks Leah Neukirchen & Felipe Gasper
30 * Undo PR#123 fix ldns.pc installation when building out-of-source
34 * bugfix #38: Print "line" before line number when printing
35 zone parse errors. Thanks Petr Špaček.
36 * bugfix: Revert unused variables in ldns-config removal patch.
37 * bugfix #50: heap Out-of-bound Read vulnerability in
38 rr_frm_str_internal reported by pokerfacett.
39 * bugfix #51: Heap Out-of-bound Read vulnerability in
40 ldns_nsec3_salt_data reported by pokerfacett.
41 * Fix memory leak in examples/ldns-testns handle_tcp routine.
42 * Detect fixed time memory compare for openssl 0.9.8.
43 * Fix compile warning by variable initialisation for older gcc.
44 * Fix #92: ldns-testns.c:429:15: error: 'fork' is unavailable: not
46 * Fix for #93: fix packaging/libldns.pc Makefile rule.
47 * ZONEMD support in ldns-signzone and ldns-verify-zone
48 * ldns-testns can answer several queries over one tcp connection,
49 if they arrive within 100msec of each other.
50 * Fix so that ldns-testns does not leak sockets if the read fails.
51 * SVCB and HTTPS draft rrtypes.
52 Enable with --enable-rrtype-svcb-https.
53 * bugfix #117: Assertion failure with DNSSEC validating of
54 non existence of RR types at the root. Thanks ZjYwMj
55 * Set NSEC(3) ttls to the minimum of the MINIMUM field of the SOA
56 record and the TTL of the SOA itself. draft-ietf-dnsop-nsec-ttl
57 * bugfix #119: Let example tools read longer RR's than
59 * Add SVCPARAMS to python ldns_rdf_type2str function.
60 * PR #134 Miscellaneous spelling fixes. Thanks jsoref!
61 * Fix that ldns-read-zone and ldns_zone_new_frm_fp_l properly return
62 the $INCLUDE not implemented error.
63 * Fix that ldns-read-zone and ldns_zone_new_frm_fp_l count the line
64 number for an empty line after a comment.
65 * Fix #135: Fix compile with OpenSSL-3.0.0-beta2.
66 * PR #107: Added ldns_pkt2buffer_wire_compress() to make dname
67 compression optional when converting packets to wire format.
69 * Option to ldns-keygen to create symlinks with known names
70 (i.e. without the key id) to the created files.
71 Thanks Andreas Schulze
72 * Fix #121: Correct handling of centimetres by LOC parser.
74 * PR #126: Link with libldns.la in Makefile.in.
76 * PR #127: Added option -Q to drill to give short answer.
78 * PR #133: Update m4 files for python modules.
80 * Bufix CAA value fields may be empty: Thanks Robert Mortimer
81 * PR #108: Fix for ldns-compare-zones net detecting when first zone
82 has a RRset that shrinks from two to one RRs, or grows from one
83 to two RRs. Thanks Emilio Caballero
84 * Fix #131: Drill sig chasing breaks with gcc-11 and
85 strict-aliasing. Thanks Stanislav Levin
86 * Fix #130: Unless $TLL is defined, ttl defaults to the last
87 explicitly stated value. Thanks Benno
88 * Fix #48: Missing UNSIGNED legend with drill. Thanks reedjc
89 * Fix #143: EVP_PKEY_base_id became a macro with OpenSSL > 3.0
91 * Let ldns-signzone warn for high NSEC3 iteration counts.
92 Thanks Andreas Schulze
95 * bugfix: Manage verification paths for OpenSSL >= 1.1.0
97 * bugfix #4106: find the SDK on MacOS X <= 10.6
99 * bugfix #4155: ldns-config contains never used variables
101 * bugfix #4221: drill -x crashes with malformed IPv4 address
102 Thanks Oleksandr Tymoshenko
103 * bugfix #3437: CDS & CDNSKEY RRsets should be signed with the KSK
105 * bugfix #1566, #1568, #1569, #1570: Potential NULL Dereferences
107 * bugfix #1260: Anticipate strchr returning NULL on unfound char
108 Thanks Stephan Zeisberg
109 * bugfix #1257: Free after reallocing to 0 size (CVE-2017-1000232)
110 Thanks Stephan Zeisberg
111 * bugfix #1256: Check parse limit before t increment (CVE-2017-1000231)
112 Thanks Stephan Zeisberg
113 * bugfix #1245: Only one signature per RRset needs to be valid with
114 ldns-verify-zone. Thanks Emil Natan.
115 * ldns-notify can use all supported hash algorithms with -y.
116 * bugfix #1209: make install ldns.pc file
117 Thanks Oleksandr Natalenko
118 * bugfix #1218: Only chase DS if signer is parent of owner.
120 * bugfix #617: Retry WKS service and protocol names lower case.
122 * Spelling errors in binaries and man pages
123 Thanks Andreas Schulze
124 * removed duplicate condition in ldns_udp_send_query.
125 * ldns_wire2pkt: fix null pointer dereference if pkt allocation fails
126 and fix memory leak with more EDNS sections
128 * bugfix #1399: ldns_pkt2wire() Python binding is broken.
130 * ED25519 and ED448 support. Default is to autodetect support in
131 OpenSSL. Disable with --disable-ed25519 and --disable-ed448.
132 * ldns-notify: can have IPv6 address as argument.
133 * Fix time sensitive TSIG compare vulnerability.
134 * Fix that ldns-testns ignores sigpipe.
135 * Fix that ldns-notify sets the query RR as question RR, this
136 removes the wrong TTL and 0 rdata from the packet printout.
137 * Allow -T flag to be used together with drill -x
138 * Python bindings compile with swig 4.0
139 Thanks Jitka Plesníková
140 * bugfix #4248: drill -DT fails for CNAME domain
142 * bugfix #4214: Various fixes and leaks found by coverity.
144 * Feature #3394: An -I option to ldns-notify to specify a source
145 IP address to send to notify from. Thanks Geert Hendrickx
146 * Bugfix #279: New API functions ldns_udp_connect2,
147 ldns_tcp_connect2, ldns_udp_bgsend2 and ldns_tcp_bgsend2,
148 that return -1 on failure and allow socket number 0
149 to be returned too. Thanks Joerg Sonnenberger
150 * Bugfix #1447: More verbose reporting of chasing problems with
151 ldns-verify-zone. Thanks Stephane Guedon
152 * OpenSSL engine support with ldns-signzone.
153 See also https://penzin.net/ldns-signzone/
154 Many thanks Vadim Penzin.
155 * Various improvements found with shellcheck.
156 Thanks Jeffrey Walton
157 * PR #36 Update manpage of ldns-notify to mention algorithm
158 support with TSIG. Thanks Anand Buddhdev
159 * Compile warnings with signed char input to to_lower()
160 and is_digit() with NetBSD. Thanks Håvard Eidnes
161 * Missing Makefile.PL in DNS-LDNS perl module contribution.
162 Thanks Jaap Akkerhuis
165 * Fix lookup of relative names in ldns_resolver_search.
166 * bugfix #548: Double free for answers > 4096 in ldns_resolver_send_pkt
167 * Follow CNAME's when tracing with drill (TODO dnssec trace)
168 * Fix #551 change Regent to Copyright holder in BSD license in
169 some of the headings of the file, to match the opensource.org
171 * -e option makes ldns-compare-zones exit with status code 2 on difference
172 * Filter out specified RR types with ldns-read-zone -e and -E options
173 * bugfix #563: Correct DNSKEY from DSA private key. Thanks Peter Koch.
174 * bugfix #562: ldns-keygen match DSA key maximum size with library.
175 And check keysizes with all algorithms. Thanks Peter Koch.
176 * ldns-verify-zone accepts only one single zonefile as argument.
177 * bugfix #573: ldns-keygen write private keys with mode 0600.
179 * Fix configure to make ldns compile with LibreSSL 2.0
180 * drill now also accepts dig style -y option
181 (-y <[algo:]name:key> i.s.o. -y <name:key[:algo]>)
182 * OPENPGPKEY draft rr types. Enable with: --enable-rrtype-openpgpkey
183 * bugfix #608: Correct comment about escaped characters
184 * CDS and CDNSKEY rr type from RFC 7344.
185 --enable-rrtype-cds configure option removed
186 * fix: Memory leak in ldns_pkt_rr_list_by_name()
188 * fix: Memory leak in ldns_dname2buffer_wire_compress()
190 * bugfix #613: Allow tab as whitespace too in last rdata field of types
191 of variable length. Thanks Xiali Yan
192 * bugfix: strip trailing whitespace from $ORIGIN lines in zone files
193 * Let ldns-keygen output .ds files only for KSK keys
194 * Parse RFC7218 TLSA mnemonics, but do not output them
195 * Let ldns-dane use SPKI as the default selector i.s.o. Cert
196 * bugfix: Fit left over NSEC3s once more before adding empty non
197 terminals. Thanks Stuart Browne
198 * bugfix #605: Determine default trust anchor location at compile time
200 * bugfix #697: Double free with ldns-dane create
201 Thanks Carsten Strotmann
202 * bugfix #623: Do not redefine bool type and boolean values
203 Thanks Jakob Petsovits
204 * bugfix #570: Add TLSA, CDS, CDNSKEY and OPENPGPKEY RR types to ldnsx
206 * bugfix #575: ldns_pkt_clone() does not copy timestamp field
207 Thanks Calle Dybedahl
208 * bugfix #584: ldns-update fixes. Send update to port 53, bring manpage
209 in sync with the usage text, and don't alter the ldns_resolver passed
210 to ldns_update_soa_zone_mname(). Created a ldns_resolver_clone()
211 function in the process. Thanks Nicholas Riley.
212 * bugfix #633: ldns_pkt_clone() parameter isn't const.
213 Thanks Jakop Petsovits
214 * bugfix: ldns-dane manpage correction
216 * Spelling fixes. Thanks Andreas Schulze
217 * Hyphen used as minus in manpages. Thanks Andreas Schulze.
218 * RFC7553 RR Type URI is supported by default.
219 * Fix ECDSA signature generation, do not omit leading zeroes.
220 * bugfix: Get rid of superfluous newline in ldns-keyfetcher
222 * bugfix: -U option to ldns-signzone to sign with every algorithm
224 * const function parameters whenever possible.
226 * bugfix #725: allow RR-types on the type bitmap window border
228 * bugfix #726: 2 typos in drill manpage.
230 * Add type CSYNC support, RFC 7477.
231 * Prepare for ED25519, ED448 support: todo convert* routines in
232 dnssec.h, once openssl has support for signing with these algorithms.
233 The dns algorithm number is not yet allocated. These features are
234 not fully implemented yet, openssl (1.1) does not support the
235 algorithms enough to generate keys and sign and verify with them.
236 * Fix _answerfrom comment in ldns_struct_pkt.
237 * Fix drill axfr ipv4/ipv6 queries.
238 * Fix comment referring to mk_query in packet.h to pkt_query_new.
239 * Fix description of QR flag in packet.h.
240 * Fix for openssl 1.1.0 API changes.
241 * Remove commented out macro. Thanks Thiago Farina
242 * bugfix #641: Include install-sh in .gitignore
243 * bugfix #825: Module import breaks with newer SWIG versions.
244 Thanks Christoph Egger
245 * bugfix #796 - #792: Fix miscellaneous compiler warning issues.
247 * bugfix #769: Add support for :: in an IPv6 address
248 Thanks Hajimu UMEMOTO
249 * bugfix #760: Detect superfluous text in presentation format
251 * bugfix #708: warnings and errors with xcode 6.1/7.0
252 * bugfix #754: Memory leak in ldns_str2rdf_ipseckey
254 * bugfix #661: Fail NSEC3 signing when NSEC domainname length
255 would overflow. Thanks Jan-Piet Mens.
256 * bugfix #771: hmac-sha224, hmac-sha384 and hmac-sha512 keys.
258 * bugfix #680: ldns fails to reject invalidly formatted
259 RFC 7553 URI RRs. Thanks Robert Edmonds
260 * bugfix #678: Use poll i.s.o. select to support > 1024 fds
262 * Use OpenSSL DANE functions for verification (unless explicitly
263 disabled with --disable-dane-ta-usage).
265 * Include OPENPGPKEY RR type by default
266 * rdata processing for SMIMEA RR type
267 * Fix crash in displaying TLSA RR's.
268 Thanks Andreas Schulze
269 * Update ldns-key2ds man page to mention GOST and SHA384 hash
270 functions. Thanks Harald Jenny
271 * Add sha384 and sha512 tsig algorithm. Thanks Michael Weiser
272 * Clarify data ownership with consts for tsig parameters.
273 Thanks Michael Weiser
274 * bugfix: Fix detection of DSA support with OpenSSL >= 1.1.0
275 * bugfix #1160: Provide sha256 for release tarballs
276 * --enable-gost-anyway compiles GOST support with OpenSSL >= 1.1.0
277 even when the GOST engine is not available.
280 * Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a
281 zone to be an NSEC3 (or its RRSIG) covering an empty non terminal.
282 * Add --disable-dane option to configure and check availability of the
283 for dane needed X509_check_ca function in openssl.
284 * bugfix #490: Get rid of type-punned pointer warnings.
286 * Make sure executables are linked against libcrypto with the
287 LIBSSL_LDFLAGS. Thanks Leo Baltus.
288 * Miscellaneous prototype fixes. Thanks Dag-Erling Smørgrav.
289 * README now shows preferred way to configure for examples and drill.
290 * Bind to source address for resolvers. drill binds to source with -I.
292 * -T option for ldns-dane that has specific exit status for PKIX
293 validated connections without (secure) TLSA records.
294 * Fix b{32,64}_{ntop,pton} detection and handling.
295 * New RR type TKEY, but without operational practice.
296 * New RR types HIP, NINFO, RKEY, CDS, EUI48, EUI64, URI, CAA and TA.
297 * New output format flag (and accompanying functions) to print certain
299 * -u and -U parameter for ldns-read-zone to mark/unmark a RR type
300 for printing as unknown type
301 * bugfix #504: GPOS RR has three rdata fields. Thanks Jelte Jansen.
302 * bugfix #497: Properly test for EOF when reading key files with drill.
303 * New functions: ldns_pkt_ixfr_request_new and
304 ldns_pkt_ixfr_request_new_frm_str.
305 * Use SNI with ldns-dane
306 * bugfix #507: ldnsx Fix use of non-existent variables and not
307 properly referring to instance variable. Patch from shussain.
308 * bugfix #508: ldnsx Adding NSEC3PARAM to known/allowable RR type
309 dictionary. Patch from shussain.
310 * bugfix #517: ldns_resolver_new_frm_fp error when invoked using a NULL
312 * Fix memory leak in contrib/python: ldns_pkt.new_query.
313 * Fix buffer overflow in fget_token and bget_token.
314 * ldns-verify-zone NSEC3 checking from quadratic to linear performance.
315 Thanks NIC MX (nicmexico.mx)
316 * ldns-dane setup new ssl session for each new connect to prevent hangs
317 * bugfix #521: drill trace continue on empty non-terminals with NSEC3
318 * bugfix #525: Fix documentation of ldns_resolver_set_retry
319 * Remove unused LDNS_RDF_TYPE_TSIG and associated functions.
320 * Fix ldns_nsec_covers_name for zones with an apex only. Thanks Miek.
321 * Configure option to build perl bindings: --with-p5-dns-ldns
322 (DNS::LDNS is a contribution from Erik Ostlyngen)
323 * bugfix #527: Move -lssl before -lcrypto when linking
324 * Optimize TSIG digest function name comparison (Thanks Marc Buijsman)
325 * Compare names case insensitive with ldns_pkt_rr_list_by_name and
326 ldns_pkt_rr_list_by_name_and_type (thanks Johannes Naab)
327 * A separate --enable for each draft RR type: --enable-rrtype-ninfo,
328 --enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and
330 * bugfix #530: Don't sign and verify duplicate RRs (Thanks Jelte Jansen)
331 * bugfix #505: Manpage and usage output fixes (Thanks Tomas Hozza)
332 * Adjust ldns_sha1() so that the input data is not modified (Thanks
334 * Messages to stderr are now off by default and can be re-enabled with
335 the --enable-stderr-msgs configure option.
338 * Fix Makefile to build pyldns with BSD make
339 * Fix typo in exporting b32_* symbols to make pyldns load again
340 * Allow leaving the RR owner name empty in ldns-testns datafiles.
341 * Fix fail to create NSEC3 bitmap for empty non-terminal (bug
342 introduced in 1.6.14).
345 * Remove LDNS_STATUS_EXISTS_ERR from ldns/error.h to make ldns
346 binary compatible with earlier releases again.
349 * DANE support (RFC6698), including ldns-dane example tool.
350 * Configurable default CA certificate repository for ldns-dane with
351 --with-ca-file=CAFILE and --with-ca-path=CAPATH
352 * Configurable default trust anchor with --with-trust-anchor=FILE
353 for drill, ldns-verify-zone and ldns-dane
354 * bugfix #474: Define socklen_t when undefined (like in Win32)
355 * bugfix #473: Dead code removal and resource leak fix in drill
356 * bugfix #471: Let ldns_resolver_push_dnssec_anchor accept DS RR's too.
357 * Various bugfixes from code reviews from CZ.NIC and Paul Wouters
358 * ldns-notify TSIG option argument checking
359 * Let ldns_resolver_nameservers_randomize keep nameservers and rtt's
361 * Let ldns_pkt_push_rr now return false on (memory) errors.
362 * Make buffer_export comply to documentation and fix buffer2str
363 * Various improvements and fixes of pyldns from Karel Slany
364 now documented in their own Changelog.
365 * bugfix: Make ldns_resolver_pop_nameserver clear the array when
367 * bugfix #459: Remove ldns_symbols and export symbols based on regex
368 * bugfix #458: Track all newly created signatures when signing.
369 * bugfix #454: Only set -g and -O2 CFLAGS when no CFLAGS was given.
370 * bugfix #457: Memory leak fix for ldns_key_new_frm_algorithm.
371 * pyldns memory handling fixes and the python3/ldns-signzone.py
372 examples script contribution from Karel Slany.
373 * bugfix #450: Base # bytes for P, G and Y (T) on the guaranteed
374 to be bigger (or equal) P in ldns_key_dsa2bin.
375 * bugfix #449: Deep free cloned rdf's in ldns_tsig_mac_new.
376 * bugfix #448: Copy nameserver value (in stead of reference) of the
377 answering nameserver to the answer packet in ldns_send_buffer, so
378 the original value may be deep freed with the ldns_resolver struct.
379 * New -0 option for ldns-read-zone to replace inception, expiration
380 and signature rdata fields with (null). Thanks Paul Wouters.
381 * New -p option for ldns-read-zone to prepend-pad SOA serial to take
383 * Return error if printing RR fails due to unknown/null RDATA.
386 * New -S option for ldns-verify-zone to chase signatures online.
387 * New -k option for ldns-verify-zone to validate using a trusted key.
388 * New inception and expiration margin options (-i and -e) to
390 * New ldns_dnssec_zone_new_frm_fp and ldns_dnssec_zone_new_frm_fp_l
392 * New ldns_duration* functions (copied from OpenDNSSEC source)
393 * fix ldns-verify-zone to allow NSEC3 signatures to come before
394 the NSEC3 RR in all cases. Thanks Wolfgang Nagele.
395 * Zero the correct flag (opt-out) when creating NSEC3PARAMS.
396 Thanks Peter van Dijk.
397 * Canonicalize RRSIG's Signer's name too when validating, because
398 bind and unbound do that too. Thanks Peter van Dijk.
399 * bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label
400 * bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free
401 * bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT
402 * bugfix #427: Explicitly link ssl with the programs that use it.
403 * Fix reading \DDD: Error on values that are outside range (>255).
404 * bugfix #429: fix doxyparse.pl fails on NetBSD because specified
406 * New ECDSA support (RFC 6605), use --disable-ecdsa for older openssl.
407 * fix verifying denial of existence for DS's in NSEC3 Opt-Out zones.
411 * bugfix #413: Fix manpage source for srcdir != builddir
412 * Canonicalize the signers name rdata field in RRSIGs when signing
413 * Ignore minor version of Private-key-format (so v1.3 may be used)
414 * Allow a check_time to be given in stead of always checking against
415 the current time. With ldns-verify-zone the check_time can be set
417 * Added functions for updating and manipulating SOA serial numbers.
418 ldns-read-zone has an option -S for updating and manipulating the
420 * The library Makefile is now GNU and BSD make compatible.
421 * bugfix #419: NSEC3 validation of a name covered by a wildcard with
423 * Two new options (--with-drill and --with-examples) to the main
424 configure script (in the root of the source tree) to build drill
426 * Fix days_since_epoch to year_yday calculation on 32bits systems.
429 * bugfix #394: Fix socket leak on errors
430 * bugfix #392: Apex only and percentage checks for ldns-verify-zone
432 * bugfix #398: Allow NSEC RRSIGs before the NSEC3 in ldns-verify-zone
433 * Fix python site package path from sitelib to sitearch for pyldns.
434 * Fix python api to support python2 and python3 (thanks Karel Slany).
435 * bugfix #401: Correction of date/time functions algorithm and
436 prevention of an infinite loop therein
437 * bugfix #402: Correct the minimum and maximum number of rdata fields
438 in TSIG. (thanks David Keeler)
439 * bugfix #403: Fix heap overflow (thanks David Keeler)
440 * bugfix #404: Make parsing APL strings more robust
441 (thanks David Keeler)
442 * bugfix #391: Complete library assessment to prevent assertion errors
443 through ldns_rdf_size usage.
444 * Slightly more specific error messaging on wrong number of rdata
445 fields with the LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG and
446 LDNS_STATUS_MISSING_RDATA_FIELDS_KEY result codes.
447 * bugfix #406: More rigorous openssl result code handling to prevent
448 future crashes within openssl.
449 * Fix ldns_fetch_valid_domain_keys to search deeper than just one level
450 for a DNSKEY that signed a DS RR. (this function was used in the
451 check_dnssec_trace nagios module)
452 * bugfix #407: Canonicalize TSIG dnames and algorithm fields
453 * A new output specifier to accommodate configuration of what to show
454 in comment texts when converting host and/or wire-format data to
455 string. All conversion to string and printing functions have a new
456 version that have such a format specifier as an extra argument.
457 The default is changed so that only DNSKEY RR's are annotated with
458 an comment show the Key Tag of the DNSKEY.
459 * Fixed the ldns resolver to not mark a nameserver unreachable when
460 edns0 is tried unsuccessfully with size 4096 (no return packet came),
461 but to still try TCP. A big UDP packet might have been corrupted by
462 fragments dropping firewalls.
463 * Update of libdns.vim (thanks Miek Gieben)
464 * Added the ldnsx Python module to our contrib section, which adds even
465 more pythonisticism to the usage of ldns with Python. (Many thanks
466 to Christopher Olah and Paul Wouters)
467 The ldnsx module is automatically installed when --with-pyldns is
468 used with configuring, but may explicitly be excluded with the
469 --without-pyldnsx option to configure.
470 * bugfix #410: Fix clearing out temporary data on stack in sha2.c
471 * bugfix #411: Don't let empty non-terminal NSEC3s cause assertion failure.
474 * New example tool added: ldns-gen-zone.
475 * bugfix #359: Serial-arithmetic for the inception and expiration
476 fields of a RRSIG and correctly converting them to broken-out time
478 * bugfix #364: Slight performance increase of ldns-verifyzone.
479 * bugfix #367: Fix to allow glue records with the same name as the
481 * Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and*
482 glue when the zone is opt-out.
483 * bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations,
484 ldns_nsec3_flags and ldns_nsec3_algorithm to work for NSEC3PARAMS too.
485 * pyldns memory leaks fixed by Bedrich Kosata (at the cost of a bit
487 * Better handling of reference variables in ldns_rr_new_frm_fp_l from
488 pyldns, with a very nice generator function by Bedrich Kosata.
489 * Decoupling of the rdfs in rrs in the python wrappers to enable
490 the python garbage collector by Bedrich Kosata.
491 * bugfix #380: Minimizing effect of discrepancies in sizeof(bool) at
492 build time and when used.
493 * bugfix #383: Fix detection of empty nonterminals of multiple labels.
494 * Fixed the omission of rrsets in nsec(3)s and rrsigs to all occluded
495 names (in stead of just the ones that contain glue only) and all
496 occluded records on the delegation points (in stead of just the glue).
497 * Clarify the operation of ldns_dnssec_mark_glue and the usage of
498 ldns_dnssec_node_next_nonglue functions in the documentation.
499 * Added function ldns_dnssec_mark_and_get_glue as an real fast
500 alternative for ldns_zone_glue_rr_list.
501 * Fix parse buffer overflow for max length domain names.
502 * Fix Makefile for U in environment, since wrong U is more common than
503 deansification necessity.
506 * Fix creating NSEC(3) bitmaps: make array size 65536,
508 * Fix printout of escaped binary in TXT records.
509 * Parsing TXT records: don't skip starting whitespace that is quoted.
510 * bugfix #358: Check if memory was successfully allocated in
512 * Added more memory allocation checks in host2str.c
513 * python wrapper for ldns_fetch_valid_domain_keys by Bedrich Kosata.
514 * fix to compile python wrapper with swig 2.0.2.
515 * Don't fallback to SHA-1 when creating NSEC3 hash with another
516 algorithm identifier, fail instead (no other algorithm identifiers
520 * Fix ldns zone, so that $TTL definition match RFC 2308.
521 * Fix lots of missing checks on allocation failures and parse of
522 NSEC with many types and max parse length in hosts_frm_fp routine
523 and off by one in read_anchor_file routine (thanks Dan Kaminsky and
525 * bugfix #335: Drill: Print both SHA-1 and SHA-256 corresponding DS
527 * Print correct WHEN in query packet (is not always 1-1-1970)
528 * ldns-test-edns: new example tool that detects EDNS support.
529 * fix ldns_resolver_send without openssl.
530 * bugfix #342: patch for support for more CERT key types (RFC4398).
531 * bugfix #351: fix udp_send hang if UDP checksum error.
532 * fix set_bit (from NSEC3 sign) patch from Jan Komissar.
535 * EXPERIMENTAL ecdsa implementation, please do not enable on real
537 * GOST code enabled by default (RFC 5933).
538 * bugfix #326: ignore whitespace between directives and their values.
539 * Header comment to advertise ldns_axfr_complete to check for
540 successfully completed zone transfers.
541 * read resolv.conf skips interface labels, e.g. %eth0.
542 * Fix drill verify NSEC3 denials.
543 * Use closesocket() on windows.
544 * Add ldns_get_signing_algorithm_by_name that understand aliases,
545 names changed to RFC names and aliases for compatibility added.
546 * bugfix: don't print final dot if the domain is relative.
547 * bugfix: resolver search continue when packet rcode != NOERROR.
548 * bugfix: resolver push all domains in search directive to list.
549 * bugfix: resolver search by default includes the root domain.
550 * bugfix: tcp read could fail on single octet recv.
551 * bugfix: read of RR in unknown syntax with missing fields.
552 * added ldns_pkt_tsig_sign_next() and ldns_pkt_tsig_verify_next()
553 to sign and verify TSIG RRs on subsequent messages
554 (section 4.4, RFC 2845, thanks to Michael Sheldon).
555 * bugfix: signer sigs nsecs with zsks only.
556 * bugfix #333: fix ldns_dname_absolute for name ending with backslash.
559 * Fix ldns_rr_clone to copy question rrs properly.
560 * Fix ldns_sign_zone(_nsec3) to clone the soa for the new zone.
561 * Fix ldns_wire2dname size check from reading 1 byte beyond buffer end.
562 * Fix ldns_wire2dname from reading 1 byte beyond end for pointer.
563 * Fix crash using GOST for particular platform configurations.
564 * extern C declarations used in the header file.
565 * Removed debug fprintf from resolver.c.
566 * ldns-signzone checks if public key file is for the right zone.
567 * NETLDNS, .NET port of ldns functionality, by Alex Nicoll, in contrib.
568 * Fix handling of comments in resolv.conf parse.
569 * GOST code enabled if SSL recent, RFC 5933.
570 * bugfix #317: segfault util.c ldns_init_random() fixed.
571 * Fix ldns_tsig_mac_new: allocate enough memory for the hash, fix use of
572 b64_pton_calculate_size.
573 * Fix ldns_dname_cat: size calculation and handling of realloc().
574 * Fix ldns_rr_pop_rdf: fix handling of realloc().
575 * Fix ldns-signzone for single type key scheme: sign whole zone if there
577 * Fix ldns_resolver: also close socket if AXFR failed (if you don't,
578 it would block subsequent transfers (thanks Roland van Rijswijk).
579 * Fix drill: allow for a secure trace if you use DS records as trust
580 anchors (thanks Jan Komissar).
583 * Catch \X where X is a digit as an error.
584 * Fix segfault when ip6 ldns resolver only has ip4 servers.
585 * Fix NSEC record after DNSKEY at zone apex not properly signed.
586 * Fix syntax error if last label too long and no dot at end of domain.
587 * Fix parse of \# syntax with space for type LOC.
588 * Fix ldns_dname_absolute for escape sequences, fixes some parse errs.
589 * bugfix #297: linking ssl, bug due to patch submitted as #296.
590 * bugfix #299: added missing declarations to host2str.h
591 * ldns-compare-zones -s to not exclude SOA record from comparison.
592 * --disable-rpath fix
593 * fix ldns_pkt_empty(), reported by Alex Nicoll.
594 * fix ldns_resolver_new_frm_fp not ignore lines after a comment.
595 * python code for ldns_rr.new_question_frm_str()
596 * Fix ldns_dnssec_verify_denial: the signature selection routine.
597 * Type TALINK parsed (draft-ietf-dnsop-trust-history).
598 * bugfix #304: fixed dead loop in ldns_tcp_read_wire() and
599 ldns_tcp_read_wire_timeout().
600 * GOST support with correct algorithm numbers. The plan is to make it
601 enabled if openssl support is detected, but it is disabled by
602 default in this release because the RFC is not ready.
603 * Fixed comment in rbtree.h about being first member and data ptr.
604 * Fixed possibly leak in case of out of memory in ldns_native2rdf...
605 * ldns_dname_is_wildcard added.
606 * Fixed: signatures over wildcards had the wrong labelcount.
607 * Fixed ldns_verify() inconsistent return values.
608 * Fixed ldns_resolver to copy and free tsig name, data and algorithm.
609 * Fixed ldns_resolver to push search onto searchlist.
610 * A ldns resolver now defaults to a non-recursive resolver that handles
612 * ldns_resolver_print() prints more details.
613 * Fixed ldns_rdf2buffer_str_time(), which did not print timestamps
615 * Make ldns_resolver_nameservers_randomize() more random.
616 * bugfix #310: POSIX specifies NULL second argument of gettimeofday.
617 * fix compiler warnings from llvm clang compiler.
618 * bugfix #309: ldns_pkt_clone did not clone the tsig_rr.
619 * Fix gentoo ebuild for drill, 'no m4 directory'.
620 * bugfix #313: drill trace on an empty nonterminal continuation.
623 * Imported pyldns contribution by Zdenek Vasicek and Karel Slany.
624 Changed its configure and Makefile to fit into ldns.
625 Added its dname_* methods to the rdf_* class (as is the ldns API).
626 Changed swig destroy of ldns_buffer class to ldns_buffer_free.
627 Declared ldns_pkt_all and ldns_pkt_all_noquestion so swig sees them.
628 * Bugfix: parse PTR target of .tomhendrikx.nl with error not crash.
629 * Bugfix: handle escaped characters in TXT rdata.
630 * bug292: no longer crash on malformed domain names where a label is
631 on position 255, which was a buffer overflow by one.
632 * Fix ldns_get_rr_list_hosts_frm_fp_l (strncpy to strlcpy change),
633 which fixes resolv.conf reading badly terminated string buffers.
634 * Fix ldns_pkt_set_random_id to be more random, and a little faster,
635 it did not do value 0 statistically correctly.
636 * Fix ldns_rdf2native_sockaddr_storage to set sockaddr type to zeroes,
638 * bug295: nsec3-hash routine no longer case sensitive.
639 * bug298: drill failed nsec3 denial of existence proof.
642 * Bugfix: allow for unknown resource records in zonefile with rdlen=0.
643 * Bugfix: also mark an RR as question if it comes from the wire
644 * Bugfix: NSEC3 bitmap contained NSEC
645 * Bugfix: Inherit class when creating signatures
648 * Fix Makefile patch from Havard Eidnes, better install.sh usage.
649 * Fix parse error on SOA serial of 2910532839.
650 Fix print of ';' and readback of '\;' in names, also for '\\'.
651 Fix parse of '\(' and '\)' in names. Also for file read. Also '\.'
652 * Fix signature creation when TTLs are different for RRs in RRset.
653 * bug273: fix so EDNS rdata is included in pkt to wire conversion.
654 * bug274: fix use of c++ keyword 'class' for RR class in the code.
655 * bug275: fix memory leak of packet edns rdata.
656 * Fix timeout procedure for TCP and AXFR on Solaris.
657 * Fix occasional NSEC bitmap bogus
658 * Fix rr comparing (was in reversed order since 1.6.0)
659 * bug278: fix parsing HINFO rdata (and other cases).
660 * Fix previous owner name: also pick up if owner name is @.
661 * RFC5702: enabled sha2 functions by default. This requires OpenSSL 0.9.8 or higher.
662 Reason for this default is the root to be signed with RSASHA256.
663 * Fix various LDNS RR parsing issues: IPSECKEY, WKS, NSAP, very long lines
664 * Fix: Make ldns_dname_is_subdomain case insensitive.
665 * Fix ldns-verify-zone so that address records at zone NS set are not considered glue
666 (Or glue records fall below delegation)
667 * Fix LOC RR altitude printing.
668 * Feature: Added period (e.g. '3m6d') support at explicit TTLs.
669 * Feature: DNSKEY rrset by default signed with minimal signatures
670 but -A option for ldns-signzone to sign it with all keys.
671 This makes the DNSKEY responses smaller for signed domains.
674 * --enable-gost : use the GOST algorithm (experimental).
675 * Added some missing options to drill manpage
676 * Some fixes to --without-ssl option
677 * Fixed quote parsing within strings
678 * Bitmask fix in EDNS handling
679 * Fixed non-fqdn domain name completion for rdata field domain
681 * Fixed chain validation with SHA256 DS records
685 * Addition of an ldns-config script which gives cflags and libs
686 values, for use in configure scripts for applications that use
687 use ldns. Can be disabled with ./configure --disable-ldns-config
688 * Added direct sha1, sha256, and sha512 support in ldns.
689 With these functions, all NSEC3 functionality can still be
690 used, even if ldns is built without OpenSSL. Thanks to OpenBSD,
691 Steve Reid, and Aaron D. Gifford for the code.
692 * Added reading/writing support for the SPF Resource Record
693 * Base32 functions are now exported
695 * ldns_is_rrset did not go through the complete rrset, but
696 only compared the first two records. Thanks to Olafur
697 Gudmundsson for report and patch
698 * Fixed a small memory bug in ldns_rr_list_subtype_by_rdf(),
699 thanks to Marius Rieder for finding an patching this.
700 * --without-ssl should now work. Make sure that examples/ and
701 drill also get the --without-ssl flag on their configure, if
703 * Some malloc() return value checks have been added
704 * NSEC3 creation has been improved wrt to empty nonterminals,
706 * Fixed a bug in the parser when reading large NSEC3 salt
708 * Made the allowed length for domain names on wire
709 and presentation format the same.
711 * ldns-key2ds can now also generate DS records for keys without
713 * ldns-signzone now equalizes the TTL of the DNSKEY RRset (to
714 the first non-default DNSKEY TTL value it sees)
718 * ldns-signzone was broken in 1.5.0 for multiple keys, this
722 * Removed a small erroneous output warning in
723 examples/configure and drill/configure
727 * fixed a possible memory overflow in the RR parser
728 * build flag fix for Sun Studio
729 * fixed a building race condition in the copying of header
731 * EDNS0 extended rcode; the correct assembled code number
732 is now printed (still in the EDNS0 field, though)
733 * ldns_pkt_rr no longer leaks memory (in fact, it no longer
737 * ldns_key now has support for 'external' data, in which
738 case the OpenSSL EVP structures are not used;
739 ldns_key_set_external_key() and ldns_key_external_key()
740 * added ldns_key_get_file_base_name() which creates a
741 'default' filename base string for key storage, of the
742 form "K<zone>+<algorithm>+<keytag>"
743 * the ldns_dnssec_* family of structures now have deep_free()
744 functions, which also free the ldns_rr's contained in them
745 * there is now an ldns_match_wildcard() function, which checks
746 whether a domain name matches a wildcard name
747 * ldns_sign_public has been split up; this resulted in the
748 addition of ldns_create_empty_rrsig() and
749 ldns_sign_public_buffer()
752 * ldns-signzone can now automatically add DNSKEY records when
753 using an OpenSSL engine, as it already did when using key
755 * added new example tool: ldns-nsec3-hash
756 * ldns-dpa can now filter on specific query name and types
757 * ldnsd has fixes for the zone name, a fix for the return
758 value of recvfrom(), and an memory initialization fix
759 (Thanks to Colm MacCárthaigh for the patch)
760 * Fixed memory leaks in ldnsd
766 * fixed a build issue where ldns lib existence was done too early
767 * removed unnecessary check for pcap.h
768 * NSEC3 optout flag now correctly printed in string output
769 * inttypes.h moved to configured inclusion
770 * fixed NSEC3 type bitmaps for empty nonterminals and unsigned
774 * for that last fix, we added a new function
775 ldns_dname_add_from() that can clone parts of a dname
779 * sig chase return code fix (patch from Rafael Justo, bug id 189)
780 * rdata.c memory leaks on error and allocation checks fixed (patch
781 from Shane Kerr, bug id 188)
782 * zone.c memory leaks on error and allocation checks fixed (patch
783 from Shane Kerr, bug id 189)
784 * ldns-zsplit output and error messages fixed (patch from Shane Kerr,
786 * Fixed potential buffer overflow in ldns_str2rdf_dname
787 * Signing code no longer signs delegation NS rrsets
788 * Some minor configure/makefile updates
789 * Fixed a bug in the randomness initialization
790 * Fixed a bug in the reading of resolv.conf
791 * Fixed a bug concerning whitespace in zone data (with patch from Ondrej
793 * Fixed a small fallback problem in axfr client code
796 * added 2str convenience functions:
799 - ldns_rr_type2buffer_str
800 - ldns_rr_class2buffer_str
801 * buffer2str() is now called ldns_buffer2str
802 * base32 and base64 function names are now also prepended with ldns_
803 * ldns_rr_new_frm_str() now returns an error on missing RDATA fields.
804 Since you cannot read QUESTION section RRs with this anymore,
805 there is now a function called ldns_rr_new_question_frm_str()
808 * DS RRs string representation now add bubblebabble in a comment
809 (patch from Jakob Schlyter)
811 * TCP fallback system has been improved
812 * HMAC-SHA256 TSIG support has been added.
813 * TTLS are now correctly set in NSEC(3) records when signing zones
816 * New example: ldns-revoke to revoke DNSKEYs according to RFC5011
817 * ldns-testpkts has been fixed and updated
818 * ldns-signzone now has the option to not add the DNSKEY
819 * ldns-signzone now has an (full zone only) opt-out option for
821 * ldns-keygen can create HMAC-SHA1 and HMAC-SHA256 symmetric keys
822 * ldns-walk output has been fixed
823 * ldns-compare-zones has been fixed, and now has an option
824 to show all differences (-a)
825 * ldns-read-zone now has an option to print DNSSEC records only
830 * Added a new family of functions based around ldns_dnssec_zone,
831 which is a new structure that keeps a zone sorted through an
832 rbtree and links signatures and NSEC(3) records directly to their
833 RRset. These functions all start with ldns_dnssec_
835 * ldns_zone_sign and ldns_zone_sign_nsec3 are now deprecated, but
836 have been changed to internally use the new
837 ldns_dnssec_zone_sign(_nsec3)
839 * Moved some ldns_buffer functions inline, so a clean rebuild of
840 applications relying on those is needed (otherwise you'll get
842 * ldns_dname_label now returns one extra (zero)
843 byte, so it can be seen as an fqdn.
844 * NSEC3 type code update for signing algorithms.
845 * DSA key generation of DNSKEY RRs fixed (one byte too small).
847 * Added support for RSA/SHA256 and RSA/SHA512, as specified in
848 draft-ietf-dnsext-dnssec-rsasha256-04. The typecodes are not
849 final, and this feature is not enabled by default. It can be
850 enabled at compilation time with the flag --with-sha2
852 * Added 2wire_canonical family of functions that lowercase dnames
853 in rdata fields in resource records of the types in the list in
856 * Added base32 conversion functions.
858 * Fixed DSA RRSIG conversion when calling OpenSSL
862 * Chase output is completely different, it shows, in ascii, the
863 relations in the trust hierarchy.
866 * Added ldns-verify-zone, that can verify the internal DNSSEC records
867 of a signed BIND-style zone file
869 * ldns-keygen now takes an -a argument specifying the algorithm,
870 instead of -R or -D. -a list show a list of supported algorithms
872 * ldns-keygen now defaults to the exponent RSA_F4 instead of RSA_3
873 for RSA key generation
875 * ldns-signzone now has support for HSMs
876 * ldns-signzone uses the new ldns_dnssec_ structures and functions
877 which improves its speed, and output; RRSIGS are now placed
878 directly after their RRset, NSEC(3) records directly after the
882 * new contrib/ dir with user contributions
883 * added compilation script for solaris (thanks to Jakob Schlyter)
886 * Added support for HMAC-MD5 keys in generator
887 * Added a new example tool (written by Ondrej Sury): ldns-compare-zones
888 * ldns-keygen now checks key sizes for rfc conformance
889 * ldns-signzone outputs SSL error if present
890 * Fixed manpages (thanks to Ondrej Sury)
891 * Fixed Makefile for -j <x>
892 * Fixed a $ORIGIN error when reading zones
893 * Fixed another off-by-one error
896 * Fixed an offset error in rr comparison
897 * Fixed ldns-read-zone exit code
898 * Added check for availability of SHA256 hashing algorithm
899 * Fixed ldns-key2ds -2 argument
900 * Fixed $ORIGIN bug in .key files
901 * Output algorithms as an integer instead of their mnemonic
902 * Fixed a memory leak in dnssec code when SHA256 is not available
903 * Updated fedora .spec file
906 * canonicalization of rdata in DNSSEC functions now adheres to the
907 rr type list in rfc3597, not rfc4035, which will be updated
908 (see http://www.ops.ietf.org/lists/namedroppers/namedroppers.2007/msg00183.html)
909 * ldns-walk now support dnames with maximum label length
910 * ldnsd now takes an extra argument containing the address to listen on
911 * signing no longer signs every rrset with KSK's, but only the DNSKEY rrset
912 * ported to Solaris 10
913 * added ldns_send_buffer() function
914 * added ldns-testpkts fake packet server
915 * added ldns-notify to send NOTIFY packets
916 * ldns-dpa can now accurately calculate the number of matches per
918 * libtool is now used for compilation too (still gcc, but not directly)
920 - TSIG signing buffer size
921 - resolv.conf reading (comments)
922 - dname comparison off by one error
923 - typo in keyfetchers output file name fixed (a . too much)
924 - fixed zone file parser when comments contain ( or )
929 * drill prints error on failed axfr.
930 * drill now accepts mangled packets with -f
931 * old -c option (use tcp) changed to -t
932 * -c option to specify alternative resolv.conf file added
933 * feedback of signature chase improved
934 * chaser now stops at root when no trusted keys are found
935 instead of looping forever trying to find the DS for .
937 - wildcard on multiple labels signature verification
938 - error in -f packet writing for malformed packets
939 - made KSK check more resilient
941 7 Jul 2006: 1.1.0: ldns-team
942 * Added tutorials and an introduction to the documentation
943 * Added include/ and lib/ dirs so that you can compile against ldns
944 without installing ldns on your system
946 * Starting usage of assert throughout the library to catch illegal calls
947 * Solaris 9 testing was carried out. Ldns now compiles on that
948 platform; some gnuism were identified and fixed.
949 * The ldns_zone structure was stress tested. The current setup
950 (ie. just a list of rrs) can scale to zone file in order of
951 megabytes. Sorting such zone is still difficult.
952 * Reading multiline b64 encoded rdata works.
953 * OpenSSL was made optional, configure --without-ssl.
954 Ofcourse all dnssec/tsig related functions are disabled
955 * Building of examples and drill now happens with the same
956 defines as the building of ldns itself.
957 * Preliminary sha-256 support was added. Currently is your
958 OpenSSL supports it, it is supported in the DS creation.
959 * ldns_resolver_search was implemented
960 * Fixed a lot of bugs
963 * -r was killed in favor of -o <header bit mnemonic> which
964 allows for a header bits setting (and maybe more in the
966 * DNSSEC is never automatically set, even when you query
967 for DNSKEY/RRSIG or DS.
968 * Implement a crude RTT check, it now distinguishes between
969 reachable and unreachable.
970 * A form of secure tracing was added
971 * Secure Chasing has been improved
972 * -x does a reverse lookup for the given IP address
975 * ldns-dpa was added to the examples - this is the Dns Packet
977 * ldnsd - as very, very simple nameserver impl.
978 * ldns-zsplit - split zones for parallel signing
979 * ldns-zcat - cat split zones back together
980 * ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong,
981 non-DNSSEC) anti-spoofing techniques.
982 * ldns-walk - 'Walks' a DNSSEC signed zone
983 * Added an all-static target to the makefile so you can use examples
984 without installing the library
985 * When building in the source tree or in a direct subdirectory of
986 the build dir, configure does not need --with-ldns=../ anymore
989 * All networking code was moved to net.c
990 * rdata.c: added asserts to the rdf set/get functions
991 * const keyword was added to pointer arguments that
996 * renamed ldns/dns.h to ldns/ldns.h
997 * ldns_rr_new_frm_str() is extended with an extra variable which
998 in common use may be NULL. This trickles through to:
1000 o ldns_rr_new_frm_fp_l
1001 Which also get an extra variable
1002 Also the function has been changed to return a status message.
1003 The compiled RR is returned in the first argument.
1004 * ldns_zone_new_frm_fp_l() and ldns_zone_new_frm_fp() are
1005 changed to return a status msg.
1006 * ldns_key_new_frm_fp is changed to return ldns_status and
1007 the actual key list in the first argument
1008 * ldns_rdata_new_frm_fp[_l]() are changed to return a status.
1009 the rdf is return in the first argument
1010 * ldns_resolver_new_frm_fp: same treatment: return status and
1011 the new resolver in the first argument
1012 * ldns_pkt_query_new_frm_str(): same: return status and the
1013 packet in the first arg
1014 * tsig.h: internal used functions are now static:
1015 ldns_digest_name and ldns_tsig_mac_new
1016 * ldns_key_rr2ds has an extra argument to specify the hash to
1018 * ldns_pkt_rcode() is renamed to ldns_pkt_get_rcode, ldns_pkt_rcode
1019 is now the rcode type, like ldns_pkt_opcode
1021 * ldns_resolver_searchlist_count: return the searchlist counter
1022 * ldns_zone_sort: Sort a zone
1023 * ldns_bgsend(): background send, returns a socket.
1024 * ldns_pkt_empty(): check is a packet is empty
1025 * ldns_rr_list_pop_rr_list(): pop multiple rr's from another rr_list
1026 * ldns_rr_list_push_rr_list(): push multiple rr's to an rr_list
1027 * ldns_rr_list_compare(): compare 2 ldns_rr_lists
1028 * ldns_pkt_push_rr_list: rr_list equiv for rr
1029 * ldns_pkt_safe_push_rr_list: rr_list equiv for rr
1031 * ldns_resolver_bgsend(): was not used in 1.0.0 and is not used now
1032 * ldns_udp_server_connect(): was faulty and isn't really part of
1033 the core ldns idea any how.
1034 * ldns_rr_list_insert_rr(): obsoleted, because not used.
1035 * char *_when was removed from the ldns_pkt structure
1037 18 Oct 2005: 1.0.0: ldns-team
1038 * Committed a patch from Håkan Olsson
1039 * Added UPDATE support (Jakob Schlyter and Håkan Olsson)
1040 * License change: ldns is now BSD licensed
1041 * ldns now depends on SSL
1042 * Networking code cleanup, added (some) server udp/tcp support
1043 * A zone type is introduced. Currently this is a list
1044 of RRs, so it will not scale well.
1045 * [beta] Zonefile parsing was added
1046 * [tools] Drill was added to ldns - see drill/
1047 * [tools] experimental signer was added
1048 * [building] better check for ssl
1049 * [building] major revision of build system
1050 * [building] added rpm .spec in packaging/ (thanks to Paul Wouters)
1051 * [building] A lot of cleanup in the build scripts (thanks to Jakob Schlyter
1054 28 Jul 2005: 0.70: ldns-team
1055 * [func] ldns_pkt_get_section now returns copies from the rrlists
1056 in the packet. This can be freed by the user program
1057 * [code] added ldns_ prefixes to function from util.h
1058 * [inst] removed documentation from default make install
1059 * Usual fixes in documentation and code
1061 20 Jun 2005: 0.66: ldns-team
1062 Rel. Focus: drill-pre2 uses some functions which are
1064 * dnssec_cd bit function was added
1065 * Zone infrastructure was added
1066 * Usual fixes in documentation and code
1068 13 Jun 2005: 0.65: ldns-team
1069 * Repository is online at:
1070 http://www.nlnetlabs.nl/ldns/svn/
1071 * Apply reference copying throughout ldns, except in 2
1072 places in the ldns_resolver structure (._domain and
1074 * Usual array of bugfixes
1075 * Documentation added
1076 * keygen.c added as an example for DNSSEC programming
1078 23 May 2005: 0.60: ldns-team
1079 * Removed config.h from the header installed files
1080 (you're not supposed to include that in a library)
1082 - DNSSEC signing/verification works
1083 - Assorted bug fixes and tweaks (memory management)
1085 May 2005: 0.50: ldns-team
1086 * First usable release
1087 * Basic DNS functionality works
1088 * DNSSEC validation works