--- /dev/null
+
+ --- 9.3.2-P1 released ---
+
+2066. [security] Handle SIG queries gracefully. [RT #16300]
+
+1941. [bug] ncache_adderesult() should set eresult even if no
+ rdataset is passed to it. [RT #15642]
+
+ --- 9.3.2 released ---
+
+ --- 9.3.2rc1 released ---
+
+1936. [bug] The validator could leak memory. [RT #15544]
+
+1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
+
+ --- 9.3.2b2 released ---
+
+1930. [port] HPUX: ia64 support. [RT #15473]
+
+1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
+
+1926. [bug] The Windows installer did not check for empty
+ passwords. BINDinstall was being installed in
+ the wrong place. [RT #15483]
+
+1925. [port] All outer level AC_TRY_RUNs need cross compiling
+ defaults. [RT #15469]
+
+1924. [port] libbind: hpux ia64 support. [RT #15473]
+
+1923. [bug] ns_client_detach() called too early. [RT #15499]
+
+ --- 9.3.2b1 released ---
+
+1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
+ when generating man pages. [RT #15385]
+
+1915. [bug] dig +ndots was broken. [RT #15215]
+
+1914. [protocol] DS is required to accept mnemonic algorithms
+ (RFC 4034). Still emit numeric algorithms for
+ compatability with RFC 3658. [RT #15354]
+
+1911. [bug] Update windows socket code. [RT #14965]
+
+1910. [bug] dig's +sigchase code overhauled. [RT #14933]
+
+1909. [bug] The DLV code has been re-worked to make no longer
+ query order sensitive. [RT #14933]
+
+1905. [bug] Strings returned from cfg_obj_asstring() should be
+ treated as read-only. [RT #15256]
+
+1901. [cleanup] Don't add DNSKEY records to the additional section.
+
+1900. [bug] ixfr-from-differences failed to ensure that the
+ serial number increased. [RT #15036]
+
+1896. [bug] Extend ISC_SOCKADDR_FORMATSIZE and
+ ISC_NETADDR_FORMATSIZE to allow for scope details.
+
+1894. [bug] Recursive clients soft quota support wasn't working
+ as expected. [RT #15103]
+
+1893. [bug] A escaped character is, potentially, converted to
+ the output character set too early. [RT #14666]
+
+1892. [port] Use uintptr_t if available. [RT #14606]
+
+1889. [port] sunos: non blocking i/o support. [RT #14951]
+
+1887. [bug] The cache could delete expired records too fast for
+ clients with a virtual time in the past. [RT #14991]
+
+1886. [bug] fctx_create() could return success even though it
+ failed. [RT #14993]
+
+1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>.
+
+1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug
+ levels. [RT #14962]
+
+1881. [func] Add a system test for named-checkconf. [RT #14931]
+
+1877. [bug] Fix unreasonably low quantum on call to
+ dns_rbt_destroy2(). Remove unnecessay unhash_node()
+ call. [RT #14919]
+
+1875. [bug] process_dhtkey() was using the wrong memory context
+ to free some memory. [RT #14890]
+
+1874. [port] sunos: portability fixes. [RT #14814]
+
+1873. [port] win32: isc__errno2result() now reports its caller.
+ [RT #13753]
+
+1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
+
+1867. [bug] It was possible to trigger a INSIST in
+ dlv_validatezonekey(). [RT #14846]
+
+1866. [bug] resolv.conf parse errors were being ignored by
+ dig/host/nslookup. [RT #14841]
+
+1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
+ bad addresses. [RT #14841]
+
+1864. [bug] Don't try the alternative transfer source if you
+ got a answer / transfer with the main source
+ address. [RT #14802]
+
+1863. [bug] rrset-order "fixed" error messages not complete.
+
+1861. [bug] dig could trigger a INSIST on certain malformed
+ responses. [RT #14801]
+
+1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
+ incorrectly set. [RT #14775]
+
+1858. [bug] The flush-zones-on-shutdown option wasn't being
+ parsed. [RT #14686]
+
+1857. [bug] named could trigger a INSIST() if reconfigured /
+ reloaded too fast. [RT #14673]
+
+1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
+ [RT #11398]
+
+1855. [bug] ixfr-from-differences was failing to detect changes
+ of ttl due to dns_diff_subtract() was ignoring the ttl
+ of records. [RT #14616]
+
+1854. [bug] lwres also needs to know the print format for
+ (long long). [RT #13754]
+
+1853. [bug] Rework how DLV interacts with proveunsecure().
+ [RT #13605]
+
+1852. [cleanup] Remove last vestiges of dnssec-signkey and
+ dnssec-makekeyset (removed from Makefile years ago).
+
+1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
+
+1849. [doc] All forms of the man pages (docbook, man, html) should
+ have consistant copyright dates.
+
+1848. [bug] Improve SMF integration. [RT #13238]
+
+1847. [bug] isc_ondestroy_init() is called too late in
+ dns_rbtdb_create()/dns_rbtdb64_create().
+ [RT #13661]
+
+1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
+ <bortzmeyer@nic.fr>.
+
+1845. [bug] Improve error reporting to distingish between
+ accept()/fcntl() and socket()/fcntl() errors.
+ [RT #13745]
+
+1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
+ for each 16 bit piece of the IPv6 address. The text
+ representation of a IPv6 address has been tighted
+ to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
+ [RT #5662]
+
+1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps
+ when CFLAGS contains "-I /usr/local/include"
+ resulting in old header files being used.
+
+1842. [port] cmsg_len() could produce incorrect results on
+ some platform. [RT #13744]
+
+1841. [bug] "dig +nssearch" now makes a recursive query to
+ find the list of nameservers to query. [RT #13694]
+
+1839. [bug] <isc/hash.h> was not being installed.
+
+1838. [cleanup] Don't allow Linux capabilities to be inherited.
+ [RT #13707]
+
+1837. [bug] Compile time option ISC_FACILITY was not effective
+ for 'named -u <user>'. [RT #13714]
+
+1836. [cleanup] Silence compiler warnings in hash_test.c.
+
+1835. [bug] Update dnssec-signzone's usage message. [RT #13657]
+
+1834. [bug] Bad memset in rdata_test.c. [RT #13658]
+
+1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660]
+
+1832. [bug] named fails to return BADKEY on unknown TSIG algorithm.
+ [RT #13620]
+
+1831. [doc] Update named-checkzone documentation. [RT#13604]
+
+1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
+
+1829. [bug] win32: "pid-file none;" broken. [RT #13563]
+
+1828. [bug] isc_rwlock_init() failed to properly cleanup if it
+ encountered a error. [RT #13549]
+
+1827. [bug] host: update usage message for '-a'. [RT #37116]
+
+1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out
+ of memory error. [RT #13537]
+
+1825. [bug] Missing UNLOCK() on out of memory error from in
+ rbtdb.c:subtractrdataset(). [RT #13519]
+
+1824. [bug] Memory leak on dns_zone_setdbtype() failure.
+ [RT #13510]
+
+1823. [bug] Wrong macro used to check for point to point interface.
+ [RT#13418]
+
+1822. [bug] check-names test for RT was reversed. [RT #13382]
+
+1821. [doc] acls definitions are no longer required to be
+ in named.conf prior to reference. They can be
+ defined after being referenced.
+
+1820. [bug] Gracefully handle acl loops. [RT #13659]
+
+1819. [bug] The validator needed to check both the algorithm and
+ digest types of the DS to determine if it could be
+ used to introduce a secure zone. [RT #13593]
+
+1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
+ [RT #13597]
+
+1815. [bug] nsupdate triggered a REQUIRE if the server was set
+ without also setting the zone and it encountered
+ a CNAME and was using TSIG. [RT #13086]
+
+1810. [bug] configure, lib/bind/configure make different default
+ decisions about whether to do a threaded build.
+ [RT #13212]
+
+1809. [bug] "make distclean" failed for libbind if the platform
+ is not supported.
+
+1807. [bug] When forwarding (forward only) set the active domain
+ from the forward zone name. [RT #13526]
+
+1804. [bug] Ensure that if we are queried for glue that it fits
+ in the additional section or TC is set to tell the
+ client to retry using TCP. [RT #10114]
+
+1803. [bug] dnssec-signzone sometimes failed to remove old
+ RRSIGs. [RT #13483]
+
+1802. [bug] Handle connection resets better. [RT #11280]
+
+1799. [bug] 'rndc flushname' failed to flush negative cache
+ entries. [RT #13438]
+
+1795. [bug] "rndc dumpdb" was not fully documented. Minor
+ formating issues with "rndc dumpdb -all". [RT #13396]
+
+1791. [bug] 'host -t a' still printed out AAAA and MX records.
+ [RT #13230]
+
+ --- 9.3.1 released ---
+
+1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599]
+
+ --- 9.3.1rc1 released ---
+
+1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
+ [RT #13453]
+
+1808. [bug] zone.c:notify_zone() contained a race condition,
+ zone->db could change underneath it. [RT #13511]
+
+1806. [bug] The resolver returned the wrong result when a CNAME /
+ DNAME was encountered when fetching glue from a
+ secure namespace. [RT #13501]
+
+1805. [bug] Pending status was not being cleared when DLV was
+ active. [RT #13501]
+
+ --- 9.3.1beta2 released ---
+
+1800. [bug] Changes #1719 allowed a INSIST to be triggered.
+ [RT #13428]
+
+ --- 9.3.1beta1 released ---
+
+1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
+ allow parallel make to succeed.
+
+1789. [bug] Prerequisite test for tkey and dnssec could fail
+ with "configure --with-libtool".
+
+1788. [bug] libbind9.la/libbind9.so needs to link against
+ libisccfg.la/libisccfg.so.
+
+1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.
+
+1786. [port] AIX: libt_api needs to be taught to look for
+ T_testlist in the main executable (--with-libtool).
+ [RT #13239]
+
+1785. [bug] libbind9.la/libbind9.so needs to link against
+ libisc.la/libisc.so.
+
+1784. [cleanup] "libtool -allow-undefined" is the default.
+ Leave hooks in configure to allow it to be set
+ if needed in the future.
+
+1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the
+ source tree.
+
+1782. [port] OSX: --with-libtool + --enable-libbind broke on
+ __evOptMonoTime. [RT #13219]
+
+1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
+
+1780. [bug] Update libtool to 1.5.10.
+
+1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
+
+1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
+ IN6ADDR_LOOPBACK_INIT macros.
+
+1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
+ IN6ADDR_LOOPBACK_INIT macros.
+
+1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
+ IN6ADDR_LOOPBACK_INIT macros.
+
+1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
+
+1774. [port] Aix: Silence compiler warnings / build failures.
+ [RT #13154]
+
+1773. [bug] Fast retry on host / net unreachable. [RT #13153]
+
+1770. [bug] named-checkconf failed to report missing a missing
+ file clause for rbt{64} master/hint zones. [RT#13009]
+
+1769. [port] win32: change compiler flags /MTd ==> /MDd,
+ /MT ==> /MD.
+
+1768. [bug] nsecnoexistnodata() could be called with a non-NSEC
+ rdataset. [RT #12907]
+
+1767. [port] Builds on IPv6 platforms without IPv6 Advanced API
+ support for (struct in6_pktinfo) failed. [RT #13077]
+
+1766. [bug] Update the master file timestamp on successful refresh
+ as well as the journal's timestamp. [RT# 13062]
+
+1765. [bug] configure --with-openssl=auto failed. [RT #12937]
+
+1764. [bug] dns_zone_replacedb failed to emit a error message
+ if there was no SOA record in the replacment db.
+ [RT #13016]
+
+1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS
+ even when it failed. [RT #12995]
+
+1761. [bug] 'rndc dumpdb' didn't report unassociated entries.
+ [RT #12971]
+
+1760. [bug] Host / net unreachable was not penalising rtt
+ estimates. [RT #12970]
+
+1759. [bug] Named failed to startup if the OS supported IPv6
+ but had no IPv6 interfaces configured. [RT #12942]
+
+1754. [bug] We wern't always attempting to query the parent
+ server for the DS records at the zone cut.
+ [RT #12774]
+
+1753. [bug] Don't serve a slave zone which has no NS records.
+ [RT #12894]
+
+1752. [port] Move isc_app_start() to after ns_os_daemonise()
+ as some fork() implementations unblock the signals
+ that are blocked by isc_app_start(). [RT #12810]
+
+1751. [bug] --enable-getifaddrs failed under linux. [RT #12867]
+
+1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
+ [RT #12864]
+
+1749. [bug] 'check-names response ignore;' failed to ignore.
+ [RT #12866]
+
+1747. [bug] BIND 8 compatability: named/named-checkconf failed
+ to parse "host-statistics-max" in named.conf.
+
+1745. [bug] Dig/host/nslookup accept replies from link locals
+ regardless of scope if no scope was specified when
+ query was sent. [RT #12745]
+
+1744. [bug] If tuple2msgname() failed to convert a tuple to
+ a name a REQUIRE could be triggered. [RT #12796]
+
+1743. [bug] If isc_taskmgr_create() was not able to create the
+ requested number of worker threads then destruction
+ of the manager would trigger an INSIST() failure.
+ [RT #12790]
+
+1742. [bug] Deleting all records at a node then adding a
+ previously existing record, in a single UPDATE
+ transaction, failed to leave / regenerate the
+ associated RRSIG records. [RT #12788]
+
+1741. [bug] Deleting all records at a node in a secure zone
+ using a update-policy grant failed. [RT #12787]
+
+1740. [bug] Replace rbt's hash algorithm as it performed badly
+ with certain zones. [RT #12729]
+
+ NOTE: a hash context now needs to be established
+ via isc_hash_create() if the application was not
+ already doing this.
+
+1739. [bug] dns_rbt_deletetree() could incorrectly return
+ ISC_R_QUOTA. [RT #12695]
+
+1738. [bug] Enable overrun checking by default. [RT #12695]
+
+1737. [bug] named failed if more than 16 masters were specified.
+ [RT #12627]
+
+1736. [bug] dst_key_fromnamedfile() could fail to read a
+ public key. [RT #12687]
+
+1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
+ [RE #12688]
+
+1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path.
+ [RT #12588]
+
+1733. [bug] Return non-zero exit status on initial load failure.
+ [RT #12658]
+
+1732. [bug] 'rrset-order name "*"' wasn't being applied to ".".
+ [RT #12467]
+
+1731. [port] darwin: relax version test in ifconfig.sh.
+ [RT #12581]
+
+1730. [port] Determine the length type used by the socket API.
+ [RT #12581]
+
+1728. [doc] Update check-names documentation.
+
+1727. [bug] named-checkzone: check-names support didn't match
+ documentation.
+
+1726. [port] aix5: add support for aix5.
+
+1725. [port] linux: update error message on interaction of threads,
+ capabilities and setuid support (named -u). [RT #12541]
+
+1724. [bug] Look for DNSKEY records with "dig +sigtrace".
+ [RT #12557]
+
+1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
+
+1722. [bug] Don't commit the journal on malformed ixfr streams.
+ [RT #12519]
+
+1721. [bug] Error message from the journal processing were not
+ always identifing the relevent journal. [RT #12519]
+
+1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1
+ negative response. [RT #12506]
+
+1719. [bug] named was not correctly caching a RFC 2308 Type 1
+ negative response. [RT #12506]
+
+1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative
+ responses when looking for the zone / master server.
+ [RT #12506]
+
+1717. [port] solaris: ifconfig.sh did not support Solaris 10.
+ "ifconfig.sh down" didn't work for Solaris 9.
+
+1716. [doc] named.conf(5) was being installed in the wrong
+ location. [RT# 12441]
+
+1714. [bug] dig/host/nslookup were only trying the first
+ address when a nameserver was specified by name.
+ [RT #12286]
+
+1713. [port] linux: extend capset failure message to say:
+ please ensure that the capset kernel module is
+ loaded. see insmod(8)
+
+1712. [bug] Missing FULLCHECK for "trusted-key" in dig.
+
+ --- 9.3.0 released ---
+
+1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'.
+
+ --- 9.3.0rc4 released ---
+
+1709. [port] solaris: add SMF support.
+
+1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
+ for conformance to the name space convention. Binary
+ backward compatibility to the old function name is
+ provided. [RT #12376]
+
+1707. [contrib] sdb/ldap updated to version 1.0-beta.
+
+1706. [bug] 'rndc stop' failed to cause zones to be flushed
+ sometimes. [RT #12328]
+
+1704. [port] lwres needed a snprintf() implementation for
+ platforms without snprintf(). Add missing
+ "#include <isc/print.h>". [RT #12321]
+
+1703. [bug] named would loop sending NOTIFY messages when it
+ failed to receive a response. [RT #12322]
+
+1702. [bug] also-notify should not be applied to builtin zones.
+ [RT #12323]
+
+1701. [doc] A minimal named.conf man page.
+
+1700. [func] nslookup is no longer to be treated as deprecated.
+ Remove "deprecated" warning message. Add man page.
+
+1699. [bug] dnssec-signzone can generate "not exact" errors
+ when resigning. [RT #12281]
+
+1698. [doc] Use reserved IPv6 documentation prefix.
+
+1697. [bug] xxx-source{,-v6} was not effective when it
+ specified one of listening addresses and a
+ different port than the listening port. [RT #12257]
+
+ --- 9.3.0rc3 released ---
+
+1696. [bug] dnssec-signzone failed to clean out nodes that
+ consisted of only NSEC and RRSIG records.
+ [RT #12154]
+
+1695. [bug] DS records when forwarding require special handling.
+ [RT #12133]
+
+1694. [bug] Report if the builtin views of "_default" / "_bind"
+ are defined in named.conf. [RT #12023]
+
+1693. [bug] max-journal-size was not effective for master zones
+ with ixfr-from-differences set. [RT# 12024]
+
+1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
+ /usr/lib. [RT #11971]
+
+1691. [bug] sdb's attachversion was not complete. [RT #11990]
+
+1690. [bug] Delay detaching view from the client until UPDATE
+ processing completes when shutting down. [RT #11714]
+
+1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
+ contained gratuitous semicolons. [RT #11707]
+
+1688. [bug] LDFLAGS was not supported.
+
+1687. [bug] Race condition in dispatch. [RT #10272]
+
+1686. [bug] Named sent a extraneous NOTIFY when it received a
+ redundant UPDATE request. [RT #11943]
+
+ --- 9.3.0rc2 released ---
+
+1685. [bug] Change #1679 loop tests weren't quite right.
+
+1683. [bug] dig +sigchase could leak memory. [RT #11445]
+
+1682. [port] Update configure test for (long long) printf format.
+ [RT #5066]
+
+1681. [bug] Only set SO_REUSEADDR when a port is specified in
+ isc_socket_bind(). [RT #11742]
+
+1679. [bug] When there was a single nameserver with multiple
+ addresses for a zone not all addresses were tried.
+ [RT #11706]
+
+1678. [bug] RRSIG should use TYPEXXXXX for unknown types.
+
+1677. [bug] dig: +aaonly didn't work, +aaflag undocumented.
+
+1675. [bug] named would sometimes add extra NSEC records to
+ the authority section.
+
+1674. [port] linux: increase buffer size used to scan
+ /proc/net/if_inet6.
+
+1673. [port] linux: issue a error messages if IPv6 interface
+ scans fails.
+
+1672. [cleanup] Tests which only function in a threaded build
+ now return R:THREADONLY (rather than R:UNTESTED)
+ in a non-threaded build.
+
+1671. [contrib] queryperf: add NAPTR to the list of known types.
+
+1670. [func] Log UPDATE requests to slave zones without an acl as
+ "disabled" at debug level 3. [RT# 11657]
+
+1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
+
+1667. [port] linux: not all versions have IF_NAMESIZE.
+
+1666. [bug] The optional port on hostnames in dual-stack-servers
+ was being ignored.
+
+1663. [func] Look for OpenSSL by default.
+
+1661. [bug] Restore dns_name_concatenate() call in
+ adb.c:set_target(). [RT #11582]
+
+1660. [bug] win32: connection_reset_fix() was being called
+ unconditionally. [RT #11595]
+
+ --- 9.3.0rc1 released ---
+
+1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.
+
+1662. [bug] Change #1658 failed to change one use of 'type'
+ to 'keytype'.
+
+1659. [cleanup] Cleanup some messages that were referring to KEY vs
+ DNSKEY, NXT vs NSEC and SIG vs RRSIG.
+
+1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
+ and DH. Tighten which options apply to KEY and
+ DNSKEY records.
+
+1657. [doc] ARM: document query log output.
+
+1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
+ DNSKEY and RRSIG. [RT #11542]
+
+1655. [bug] Logging multiple versions w/o a size was broken.
+ [RT #11446]
+
+1654. [bug] isc_result_totext() contained array bounds read
+ error.
+
+1653. [func] Add key type checking to dst_key_fromfilename(),
+ DST_TYPE_KEY should be used to read TSIG, TKEY and
+ SIG(0) keys.
+
+1652. [bug] TKEY still uses KEY.
+
+1651. [bug] dig: process multiple dash options.
+
+1650. [bug] dig, nslookup: flush standard out after each command.
+
+1649. [bug] Silence "unexpected non-minimal diff" message.
+ [RT #11206]
+
+1648. [func] Update dnssec-lookaside named.conf syntax to support
+ multiple dnssec-lookaside namespaces (not yet
+ implemented).
+
+1647. [bug] It was possible trigger a INSIST when chasing a DS
+ record that required walking back over a empty node.
+ [RT #11445]
+
+1646. [bug] win32: logging file versions didn't work with
+ non-UNC filenames. [RT#11486]
+
+1645. [bug] named could trigger a REQUIRE failure if multiple
+ masters with keys are specified.
+
+1644. [bug] Update the journal modification time after a
+ sucessfull refresh query. [RT #11436]
+
+1643. [bug] dns_db_closeversion() could leak memory / node
+ references. [RT #11163]
+
+1642. [port] Support OpenSSL implementations which don't have
+ DSA support. [RT #11360]
+
+1641. [bug] Update the check-names description in ARM. [RT #11389]
+
+ --- 9.3.0beta4 released ---
+
+1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
+ incorrectly closing the socket. [RT #11291]
+
+1639. [func] Initial dlv system test.
+
+1638. [bug] "ixfr-from-differences" could generate a REQUIRE
+ failure if the journal open failed. [RT #11347]
+
+1637. [bug] Node reference leak on error in addnoqname().
+
+1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
+ a error had occured. The database version no longer
+ matched the version of the database that was dumped.
+
+1635. [bug] Memory leak on error in query_addds().
+
+1634. [bug] named didn't supply a useful error message when it
+ detected duplicate views. [RT #11208]
+
+1633. [bug] named should return NOTIMP to update requests to a
+ slaves without a allow-update-forwarding acl specified.
+ [RT #11331]
+
+1632. [bug] nsupdate failed to send prerequisite only UPDATE
+ messages. [RT #11288]
+
+1631. [bug] dns_journal_compact() could sometimes corrupt the
+ journal. [RT #11124]
+
+1630. [contrib] queryperf: add support for IPv6 transport.
+
+1629. [func] dig now supports IPv6 scoped addresses with the
+ extended format in the local-server part. [RT #8753]
+
+1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]
+
+1627. [bug] win32: sockets were not being closed when the
+ last external reference was removed. [RT# 11179]
+
+1626. [bug] --enable-getifaddrs was broken. [RT#11259]
+
+1625. [bug] named failed to load/transfer RFC2535 signed zones
+ which contained CNAMES. [RT# 11237]
+
+1606. [bug] DLV insecurity proof was failing.
+
+1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
+
+ --- 9.3.0beta3 released ---
+
+1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
+
+1623. [bug] A serial number of zero was being displayed in the
+ "sending notifies" log message when also-notify was
+ used. [RT #11177]
+
+1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
+ available, and suppress wildcard binding if not.
+
+1621. [bug] match-destinations did not work for IPv6 TCP queries.
+ [RT# 11156]
+
+1620. [func] When loading a zone report if it is signed. [RT #11149]
+
+1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
+ [RT# 11118]
+
+1618. [bug] Fencepost errors in dns_name_ishostname() and
+ dns_name_ismailbox() could trigger a INSIST().
+
+1617. [port] win32: VC++ 6.0 support.
+
+1616. [compat] Ensure that named's version is visible in the core
+ dump. [RT #11127]
+
+1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
+ it is defined.
+
+1614. [port] win32: silence resource limit messages. [RT# 11101]
+
+1613. [bug] Builds would fail on machines w/o a if_nametoindex().
+ Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
+ [RT #11119]
+
+1612. [bug] check-names at the option/view level could trigger
+ an INSIST. [RT# 11116]
+
+1611. [bug] solaris: IPv6 interface scanning failed to cope with
+ no active IPv6 interfaces.
+
+1610. [bug] On dual stack machines "dig -b" failed to set the
+ address type to be looked up with "@server".
+ [RT #11069]
+
+1600. [bug] Duplicate zone pre-load checks were not case
+ insensitive.
+
+1599. [bug] Fix memory leak on error path when checking named.conf.
+
+1598. [func] Specify that certain parts of the namespace must
+ be secure (dnssec-must-be-secure).
+
+ --- 9.3.0beta2 released ---
+
+1609. [func] dig now has support to chase DNSSEC signature chains.
+ Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.
+
+ DNSSEC validation code in dig coded by Olivier Courtay
+ (olivier.courtay@irisa.fr) for the IDsA project
+ (http://idsa.irisa.fr).
+
+1608. [func] dig and host now accept -4/-6 to select IP transport
+ to use when making queries.
+
+1607. [bug] dig, host and nslookup were still using random()
+ to generate query ids. [RT# 11013]
+
+1604. [bug] A xfrout_ctx_create() failure would result in
+ xfrout_ctx_destroy() being called with a
+ partially initialized structure.
+
+1603. [bug] nsupdate: set interactive based on isatty().
+ [RT# 10929]
+
+1602. [bug] Logging to a file failed unless a size was specified.
+ [RT# 10925]
+
+1601. [bug] Silence spurious warning 'both "recursion no;" and
+ "allow-recursion" active' warning from view "_bind".
+ [RT# 10920]
+
+1594. [bug] 'rndc dumpdb' could prevent named from answering
+ queries while the dump was in progress. [RT #10565]
+
+1593. [bug] rndc should return "unknown command" to unknown
+ commands. [RT# 10642]
+
+ --- 9.3.0beta1 released ---
+
+1592. [bug] configure_view() could leak a dispatch. [RT #10675]
+
+1591. [bug] libbind: updated to BIND 8.4.5.
+
+1590. [port] netbsd: update thread support.
+
+1589. [func] DNSSEC lookaside validation.
+
+1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
+
+1587. [bug] dns_message_settsigkey() failed to clear existing key.
+ [RT #10590]
+
+1586. [func] "check-names" is now implemented.
+
+1584. [bug] "make test" failed with a read only source tree.
+ [RT #10461]
+
+1583. [bug] Records add via UPDATE failed to get the correct trust
+ level. [RT #10452]
+
+1582. [bug] rrset-order failed to work on RRsets with more
+ than 32 elements. [RT #10381]
+
+1581. [func] Disable DNSSEC support by default. To enable
+ DNSSEC specify "dnssec-enable yes;" in named.conf.
+
+1580. [bug] Zone destruction on final detach takes a long time.
+ [RT #3746]
+
+1579. [bug] Multiple task managers could not be created.
+
+1578. [bug] Don't use CLASS E IPv4 addresses when resolving.
+ [RT #10346]
+
+1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug
+ workaround code. [RT #10331]
+
+1576. [bug] Race condition in dns_dispatch_addresponse().
+ [RT# 10272]
+
+1575. [func] Log TSIG name on TSIG verify failure. [RT #4404]
+
+1574. [bug] Don't attempt to open the controls socket(s) when
+ running tests. [RT #9091]
+
+1573. [port] linux: update to libtool 1.5.2 so that
+ "make install DESTDIR=/xx" works with
+ "configure --with-libtool". [RT #9941]
+
+1572. [bug] nsupdate: sign the soa query to find the enclosing
+ zone if the server is specified. [RT #10148]
+
+1571. [bug] rbt:hash_node() could fail leaving the hash table
+ in an inconsistent state. [RT #10208]
+
+1570. [bug] nsupdate failed to handle classes other than IN.
+ New keyword 'class' which sets the default class.
+ [RT #10202]
+
+1569. [func] nsupdate new command 'answer' which displays the
+ complete answer message to the last update.
+
+1568. [bug] nsupdate now reports that the update failed in
+ interactive mode. [RT# 10236]
+
+1567. [bug] B.ROOT-SERVERS.NET is now 192.228.79.201.
+
+1566. [port] Support for the cmsg framework on Solaris and HP/UX.
+ This also solved the problem that match-destinations
+ for IPv6 addresses did not work on these systems.
+ [RT #10221]
+
+1565. [bug] CD flag should be copied to outgoing queries unless
+ the query is under a secure entry point in which case
+ CD should be set.
+
+1564. [func] Attempt to provide a fallback entropy source to be
+ used if named is running chrooted and named is unable
+ to open entropy source within the chroot area.
+ [RT #10133]
+
+1563. [bug] Gracefully fail when unable to obtain neither an IPv4
+ nor an IPv6 dispatch. [RT #10230]
+
+1562. [bug] isc_socket_create() and isc_socket_accept() could
+ leak memory under error conditions. [RT #10230]
+
+1561. [bug] It was possible to release the same name twice if
+ named ran out of memory. [RT #10197]
+
+1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
+ and EAI_NONAME to the same value.
+
+1559. [port] named should ignore SIGFSZ.
+
+1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
+ child zones for which we don't have a supported
+ algorithm. Such child zones are treated as unsigned.
+
+1557. [func] Implement missing DNSSEC tests for
+ * NOQNAME proof with wildcard answers.
+ * NOWILDARD proof with NXDOMAIN.
+ Cache and return NOQNAME with wildcard answers.
+
+1556. [bug] nsupdate now treats all names as fully qualified.
+ [RT #6427]
+
+1555. [func] 'rrset-order cyclic' no longer has a random starting
+ point. [RT #7572]
+
+1554. [bug] dig, host, nslookup failed when no nameservers
+ were specified in /etc/resolv.conf. [RT #8232]
+
+1553. [bug] The windows socket code could stop accepting
+ connections. [RT#10115]
+
+1552. [bug] Accept NOTIFY requests from mapped masters if
+ matched-mapped is set. [RT #10049]
+
+1551. [port] Open "/dev/null" before calling chroot().
+
+1550. [port] Call tzset(), if available, before calling chroot().
+
+1549. [func] named-checkzone can now write out the zone contents
+ in a easily parsable format (-D and -o).
+
+1548. [bug] When parsing APL records it was possible to silently
+ accept out of range ADDRESSFAMILY values. [RT# 9979]
+
+1547. [bug] Named wasted memory recording duplicate lame zone
+ entries. [RT #9341]
+
+1546. [bug] We were rejecting valid secure CNAME to negative
+ answers.
+
+1545. [bug] It was possible to leak memory if named was unable to
+ bind to the specified transfer source and TSIG was
+ being used. [RT #10120]
+
+1544. [bug] Named would logged a single entry to a file despite it
+ being over the specified size limit.
+
+1543. [bug] Logging using "versions unlimited" did not work.
+
+1541. [func] NSEC now uses new bitmap format.
+
+1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
+ [RT #8934]
+
+1539. [bug] Open UDP sockets for notify-source and transfer-source
+ that use reserved ports at startup. [RT #9475]
+
+1537. [func] New option "querylog". If set specify whether query
+ logging is to be enabled or disabled at startup.
+
+1536. [bug] Windows socket code failed to log a error description
+ when returning ISC_R_UNEXPECTED. [RT #9998]
+
+1534. [bug] Race condition when priming cache. [RT# 9940]
+
+1533. [func] Warn if both "recursion no;" and "allow-recursion"
+ are active. [RT# 4389]
+
+1532. [port] netbsd: the configure test for <sys/sysctl.h>
+ requires <sys/param.h>.
+
+1531. [port] AIX more libtool fixes.
+
+1530. [bug] It was possible to trigger a INSIST() failure if a
+ slave master file was removed at just the correct
+ moment. [RT #9462]
+
+1529. [bug] "notify explicit;" failed to log that NOTIFY messages
+ were being sent for the zone. [RT# 9442]
+
+1528. [cleanup] Simplify some dns_name_ functions based on the
+ deprecation of bitstring labels.
+
+1527. [cleanup] Reduce the number of gettimeofday() calls without
+ losing necessary timer granularity.
+
+1525. [bug] dns_cache_create() could trigger a REQUIRE
+ failure in isc_mem_put() during error cleanup.
+ [RT# 9360]
+
+1524. [port] AIX needs to be able to resolve all symbols when
+ creating shared libraries (--with-libtool).
+
+1523. [bug] Fix race condition in rbtdb. [RT# 9189]
+
+1522. [bug] dns_db_findnode() relax the requirements on 'name'.
+ [RT# 9286]
+
+1521. [bug] dns_view_createresolver() failed to check the
+ result from isc_mem_create(). [RT# 9294]
+
+1520. [protocol] Add SSHFP (SSH Finger Print) type.
+
+1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
+ length of the new bitmap.
+
+1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(),
+ contained a off-by-one error when working out the
+ number of octets in the bitmap.
+
+1517. [port] Support for IPv6 interface scanning on HP/UX and
+ TrueUNIX 5.1.
+
+1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
+
+1515. [func] Allow transfer source to be set in a server statement.
+ [RT #6496]
+
+1514. [bug] named: isc_hash_destroy() was being called too early.
+ [RT #9160]
+
+1513. [doc] Add "US" to root-delegation-only exclude list.
+
+1512. [bug] Extend the delegation-only logging to return query
+ type, class and responding nameserver.
+
+1511. [bug] delegation-only was generating false positives
+ on negative answers from subzones.
+
+1510. [func] New view option "root-delegation-only". Apply
+ delegation-only check to all TLDs and root.
+ Note there are some TLDs that are NOT delegation
+ only (e.g. DE, LV, US and MUSEUM) these can be excluded
+ from the checks by using exclude.
+
+ root-delegation-only exclude {
+ "DE"; "LV"; "US"; "MUSEUM";
+ };
+
+1509. [bug] Hint zones should accept delegation-only. Forward
+ zone should not accept delegation-only.
+
+1508. [bug] Don't apply delegation-only checks to answers from
+ forwarders.
+
+1507. [bug] Handle BIND 8 style returns to NS queries to parents
+ when making delegation-only checks.
+
+1506. [bug] Wrong return type for dns_view_isdelegationonly().
+
+1505. [bug] Uninitialized rdataset in sdb. [RT #8750]
+
+1504. [func] New zone type "delegation-only".
+
+1503. [port] win32: install libeay32.dll outside of system32.
+
+1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP.
+
+1501. [func] Allow TCP queue length to be specified via
+ named.conf, tcp-listen-queue.
+
+1500. [bug] host failed to lookup MX records. Also look up
+ AAAA records.
+
+1475. [port] Probe for old sprintf().
+
+1474. [port] Provide strtoul() and memmove() for platforms
+ without them.
+
+1469. [func] Log end of outgoing zone transfer at same level
+ as the start of transfer is logged. [RT #4441]
+
+1468. [func] Internal zones are no longer counted for
+ 'rndc status'. [RT #4706]
+
+1467. [func] $GENERATES now supports optional class and ttl.
+
+1458. [cleanup] sprintf() -> snprintf().
+
+1457. [port] Provide strlcat() and strlcpy() for platforms without
+ them.
+
+1455. [bug] <netaddr> missing from server grammar in
+ doc/misc/options. [RT #5616]
+
+1454. [port] Use getifaddrs() if available for interface scanning.
+ --disable-getifaddrs to override. Glibc currently
+ has a getifaddrs() that does not support IPv6.
+ Use --enable-getifaddrs=glibc to force the use of
+ this version under linux machines.
+
+1446. [func] Implemented undocumented alternate transfer sources
+ from BIND 8. See use-alt-transfer-source,
+ alt-transfer-source and alt-transfer-source-v6.
+
+ SECURITY: use-alt-transfer-source is ENABLED unless
+ you are using views. This may cause a security risk
+ resulting in accidental disclosure of wrong zone
+ content if the master supplying different source
+ content based on IP address. If you are not certain
+ ISC recommends setting use-alt-transfer-source no;
+
+1444. [func] dns_view_findzonecut2() allows you to specify if the
+ cache should be searched for zone cuts.
+
+1443. [func] Masters lists can now be specified and referenced
+ in zone masters clauses and other masters lists.
+
+1442. [func] New functions for manipulating port lists:
+ dns_portlist_create(), dns_portlist_add(),
+ dns_portlist_remove(), dns_portlist_match(),
+ dns_portlist_attach() and dns_portlist_detach().
+
+1441. [func] It is now possible to tell dig to bind to a specific
+ source port.
+
+1440. [func] It is now possible to tell named to avoid using
+ certain source ports (avoid-v4-udp-ports,
+ avoid-v6-udp-ports).
+
+1438. [func] Log TSIG (if any) when logging NOTIFY requests.
+
+1436. [func] dns_zonemgr_resumexfrs() can be used to restart
+ stalled transfers.
+
+1433. [bug] named could trigger a REQUIRE failure if it could
+ not get a file descriptor when attempting to write
+ a master file. [RT #4347]
+
+1432. [func] The advertised EDNS UDP buffer size can now be set
+ via named.conf (edns-udp-size).
+
+1430. [port] linux: IPv6 interface scanning support.
+
+1422. [func] Log name/type/class when denying a query. [RT #4663]
+
+1421. [func] Differentiate updates that don't succeed due to
+ prerequisites (unsuccessful) vs other reasons
+ (failed).
+
+1417. [func] ID.SERVER/CHAOS is now a built in zone.
+ See "server-id" for how to configure.
+
+1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
+ from SOA MINIMUM.
+
+1414. [func] Support for KSK flag.
+
+1413. [func] Explictly request the (re-)generation of DS records from
+ keysets (dnssec-signzone -g).
+
+1412. [func] You can now specify servers to be tried if a nameserver
+ has IPv6 address and you only support IPv4 or the
+ reverse. See dual-stack-servers.
+
+1410. [func] Handle records that live in the parent zone, e.g. DS.
+
+1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
+
+1404. [bug] libbind: ns_name_ntol() could overwrite a zero length
+ buffer.
+
+1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset
+ dnssec-signkey now report their version in the
+ usage message.
+
+1402. [cleanup] A6 has been moved to experimental and is no longer
+ fully supported.
+
+1400. [bug] Block the addition of wildcard NS records by IXFR
+ or UPDATE. [RT #3502]
+
+1398. [doc] ARM: notify-also should have been also-notify.
+ [RT #4345]
+
+1396. [func] dnssec-signzone: adjust the default signing time by
+ 1 hour to allow for clock skew.
+
+1394. [func] It is now possible to check if a particular element is
+ in a acl. Remove duplicate entries from the localnets
+ acl.
+
+1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
+ is not available in the kernel to prevent accidently
+ listening on IPv4 interfaces.
+
+1392. [bug] named-checkzone: update usage.
+
+1391. [func] Add support for IPv6 scoped addresses in named.
+
+1390. [func] host now supports ixfr.
+
+1386. [bug] named-checkzone -z stopped on errors in a zone.
+ [RT #3653]
+
+1383. [func] Track the serial number in a IXFR response and log if
+ a mismatch occurs. This is a more specific error than
+ "not exact". [RT #3445]
+
+1380. [func] 'rndc recursing' dump recursing queries to
+ 'recursing-file = "named.recursing";'.
+
+1379. [func] 'rndc status' now reports tcp and recursion quota
+ states.
+
+1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
+
+1377. [func] dns_zone_load{new}() now reports if the zone was
+ loaded, queued for loading to up to date.
+
+1376. [func] New function dns_zone_logc() to log to specified
+ category.
+
+1375. [func] 'rndc dumpdb' now dumps the adb cache along with the
+ data cache.
+
+1374. [func] dns_adb_dump() now logs the lame zones associated
+ with each server.
+
+1371. [bug] notify-source-v6, transfer-source-v6 and
+ query-source-v6 with explicit addresses and using the
+ same ports as named was listening on could interfere
+ with named's ability to answer queries sent to those
+ addresses.
+
+1368. [func] remove support for bitstring labels.
+
+1367. [func] Use response times to select forwarders.
+
+1365. [func] "localhost" and "localnets" acls now include IPv6
+ addresses / prefixes.
+
+1364. [func] Log file name when unable to open memory statistics
+ and dump database files. [RT# 3437]
+
+1363. [func] Listen-on-v6 now supports specific addresses.
+
+1362. [bug] remove IFF_RUNNING test when scanning interfaces.
+
+1361. [func] log the reason for rejecting a server when resolving
+ queries.
+
+1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
+
+1344. [func] Log if the serial number on the master has gone
+ backwards.
+ If you have multiple machines specified in the masters
+ clause you may want to set 'multi-master yes;' to
+ suppress this warning.
+
+1343. [func] Log successful notifies received (info). Adjust log
+ level for failed notifies to notice.
+
+1342. [func] Log remote address with TCP dispatch failures.
+
+1341. [func] Allow a rate limiter to be stalled.
+
+1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
+ lookups. Bit string lookups are no longer attempted.
+
+1336. [func] Nibble lookups under IP6.ARPA are now supported by
+ dns_byaddr_create(). dns_byaddr_createptrname() is
+ deprecated, use dns_byaddr_createptrname2() instead.
+
+1332. [func] Report the current serial with periodic commits when
+ rolling forward the journal.
+
+1331. [func] Generate DNSSEC wildcard proofs.
+
+1329. [func] named-checkzone will now check if nameservers that
+ appear to be IP addresses. Available modes "fail",
+ "warn" (default) and "ignore" the results of the
+ check.
+
+1328. [bug] The validator could incorrectly verify an invalid
+ negative proof.
+
+1322. [bug] dnssec-signzone usage message was misleading.
+
+1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
+ would incorrectly duplicate its output and sign it.
+
+1313. [func] Query log now says if the query was signed (S) or
+ if EDNS was used (E).
+
+1312. [func] Log TSIG key used w/ outgoing zone transfers.
+
+1309. [func] Log that a zone transfer was covered by a TSIG.
+
+1308. [func] DS (delegation signer) support.
+
+1304. [func] New function: dns_zone_name().
+
+1303. [func] Option 'flush-zones-on-shutdown <boolean>;'.
+
+1302. [func] Extended rndc dumpdb to support dumping of zones and
+ view selection: 'dumpdb [-all|-zones|-cache] [view]'.
+
+1301. [func] New category 'update-security'.
+
+1300. [port] Compaq Trucluster support.
+
+1293. [func] Entropy can now be retrieved from EGDs. [RT #2438]
+
+1292. [func] Enable IPv6 support when using ioctl style interface
+ scanning and OS supports SIOCGLIFADDR using struct
+ if_laddrreq.
+
+1291. [func] Enable IPv6 support when using sysctl style interface
+ scanning.
+
+1290. [func] "dig axfr" now reports the number of messages
+ as well as the number of records.
+
+1285. [func] lwres: probe the system to see what address families
+ are currently in use.
+
+1283. [func] Use "dataready" accept filter if available.
+
+1281. [func] Log zone when unable to get private keys to update
+ zone. Log zone when NXT records are missing from
+ secure zone.
+
+1278. [func] dig: now supports +[no]cl +[no]ttlid.
+
+1277. [func] You can now create your own customized printing
+ styles: dns_master_stylecreate() and
+ dns_master_styledestroy().
+
+1271. [bug] "recursion available: {denied,approved}" was too
+ confusing.
+
+1267. [func] isc_file_openunique() now creates file using mode
+ 0666 rather than 0600.
+
+1254. [func] preferred-glue option from BIND 8.3.
+
+1250. [func] Nsupdate will report the address the update was
+ sent to.
+
+1247. [bug] Don't reset the interface index for link/site local
+ addresses. [RT #2576]
+
+1246. [func] New functions isc_sockaddr_issitelocal(),
+ isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
+ and isc_netaddr_islinklocal().
+
+1243. [bug] It was possible to trigger a REQUIRE() in
+ dns_message_findtype(). [RT #2659]
+
+1235. [func] Report 'out of memory' errors from openssl.
+
+1234. [bug] contrib/sdb: 'zonetodb' failed to call
+ dns_result_register(). DNS_R_SEENINCLUDE should not
+ be fatal.
+
+1233. [bug] The flags field of a KEY record can be expressed in
+ hex as well as decimal.
+
+1226. [func] Use EDNS for zone refresh queries. [RT #2551]
+
+1225. [func] dns_message_setopt() no longer requires that
+ dns_message_renderbegin() to have been called.
+
+1224. [bug] 'rrset-order' and 'sortlist' should be additive
+ not exclusive.
+
+1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
+ are supported.
+
+1220. [func] Support for APL rdata type.
+
+1219. [func] Named now reports the TSIG extended error code when
+ signature verification fails. [RT #1651]
+
+1217. [func] Report locations of previous key definition when a
+ duplicate is detected.
+
+1213. [func] Report view associated with client if it is not a
+ standard view (_default or _bind).
+
+1203. [func] Report locations of previous acl and zone definitions
+ when a duplicate is detected.
+
+1202. [func] New functions: cfg_obj_line() and cfg_obj_file().
+
+1192. [bug] The seconds fields in LOC records were restricted
+ to three decimal places. More decimal places should
+ be allowed but warned about.
+
+1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands.
+ [RT #2394]
+
+1187. [bug] named was incorrectly returning DNSSEC records
+ in negative responses when the DO bit was not set.
+
+1181. [func] Add the "key-directory" configuration statement,
+ which allows the server to look for online signing
+ keys in alternate directories.
+
+1180. [func] dnssec-keygen should always generate keys with
+ protocol 3 (DNSSEC), since it's less confusing
+ that way.
+
+1179. [func] Add SIG(0) support to nsupdate.
+
+1177. [func] Report view when loading zones if it is not a
+ standard view (_default or _bind). [RT #2270]
+
+1171. [func] Added function isc_region_compare(), updated files in
+ lib/dns to use this function instead of local one.
+
+1169. [func] Identify recursive queries in the query log.
+
+1163. [func] isc_time_formattimestamp() now includes the year.
+
+1159. [bug] MD and MF are not permitted to be loaded by RFC1123.
+
+1158. [func] Report the client's address when logging notify
+ messages.
+
+1157. [func] match-clients and match-destinations now accept
+ keys. [RT #2045]
+
+1155. [func] Recover from master files being removed from under
+ us.
+
+1153. [func] 'rndc {stop|halt} -p' now reports the process id
+ of the instance of named being shutdown.
+
+1151. [bug] nslookup failed to check that the arguments to
+ the port, timeout, and retry options were
+ valid integers and in range. [RT #2099]
+
+1150. [bug] named incorrectly accepted TTL values
+ containing plus or minus signs, such as
+ 1d+1h-1s.
+
+1149. [func] New function isc_parse_uint32().
+
+1148. [func] 'rndc-confgen -a' now provides positive feedback.
+
+1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by
+ the OS. listen-on-v6 { any; }; should no longer
+ result in IPv4 queries be accepted. Similarly
+ control { inet :: ... }; should no longer result
+ in IPv4 connections being accepted. This can be
+ overridden at compile time by defining
+ ISC_ALLOW_MAPPED=1.
+
+1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
+ supported by the OS by a new function
+ isc_socket_ipv6only().
+
+1145. [func] "host" no longer reports a NOERROR/NODATA response
+ by printing nothing. [RT #2065]
+
+1143. [bug] When a trusted-keys statement was present and named
+ was built without crypto support, it would leak memory.
+
+1139. [func] It is now possible to flush a given name from the
+ cache(s) via 'rndc flushname name [view]'. [RT #2051]
+
+1138. [func] It is now possible to flush a given name from the
+ cache by calling the new function
+ dns_cache_flushname().
+
+1137. [func] It is now possible to flush a given name from the
+ ADB by calling the new function dns_adb_flushname().
+
+1135. [func] You can now override the default syslog() facility for
+ named/lwresd at compile time. [RT #1982]
+
+1132. [func] Improve UPDATE prerequisite failure diagnostic messages.
+
+1128. [func] sdb drivers can now provide RR data in either text
+ or wire format, the latter using the new functions
+ dns_sdb_putrdata() and dns_sdb_putnamedrdata().
+
+1127. [func] rndc: If the server to contact has multiple addresses,
+ try all of them.
+
+1119. [func] Added support in Win32 for NTFS file/directory ACL's
+ for access control.
+
+1115. [func] Set maximum values for cleaning-interval,
+ heartbeat-interval, interface-interval,
+ max-transfer-idle-in, max-transfer-idle-out,
+ max-transfer-time-in, max-transfer-time-out,
+ statistics-interval of 28 days and
+ sig-validity-interval of 3660 days. [RT #2002]
+
+1110. [bug] dig should only accept valid abbreviations of +options.
+ [RT #2003]
+
+1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
+
+1080. [bug] BIND 8 compatibility: accept bare IP prefixes
+ as the second element of a two-element top level
+ sort list statement. [RT #1964]
+
+1079. [bug] BIND 8 compatibility: accept bare elements at top
+ level of sort list treating them as if they were
+ a single element list. [RT #1963]
+
+1077. [func] Do not accept further recursive clients when
+ the total number of recursive lookups being
+ processed exceeds max-recursive-clients, even
+ if some of the lookups are internally generated.
+ [RT #1915, #1938]
+
+1073. [bug] The ADB cache cleaning should also be space driven.
+ [RT #1915, #1938]
+
+1067. [func] Allow quotas to be soft, isc_quota_soft().
+
+1065. [func] Runtime support to select new / old style interface
+ scanning using ioctls.
+
+1060. [func] Move refresh, stub and notify UDP retry processing
+ into dns_request.
+
+1059. [func] dns_request now support will now retry UDP queries,
+ dns_request_createvia2() and dns_request_createraw2().
+
+1058. [func] Limited lifetime ticker timers are now available,
+ isc_timertype_limited.
+
+1055. [func] Version and hostname queries can now be disabled
+ using "version none;" and "hostname none;",
+ respectively.
+
+1049. [func] "pid-file none;" will disable writing a pid file.
+ [RT #1848]
+
+1037. [bug] Negative responses whose authority section contain
+ SOA or NS records whose owner names are not equal
+ equal to or parents of the query name should be
+ rejected. [RT #1862]
+
+1036. [func] Silently drop requests received via multicast as
+ long as there is no final multicast DNS standard.
+
+1035. [bug] If we respond to multicast queries (which we
+ currently do not), respond from a unicast address
+ as specified in RFC 1123. [RT #137]
+
+1034. [bug] Ignore the RD bit on multicast queries as specified
+ in RFC 1123. [RT #137]
+
+1032. [func] hostname.bind/txt/chaos now returns the name of
+ the machine hosting the nameserver. This is useful
+ in diagnosing problems with anycast servers.
+
+1025. [bug] Don't use multicast addresses to resolve iterative
+ queries. [RT #101]
+
+1024. [port] Compilation failed on HP-UX 11.11 due to
+ incompatible use of the SIOCGLIFCONF macro
+ name. [RT #1831]
+
+1023. [func] Accept hints without TTLs.
+
+1011. [cleanup] Removed isc_dir_current().
+
+1009. [port] OpenUNIX 8 support. [RT #1728]
+
+1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2.
+
+1007. [port] config.guess, config.sub from autoconf-2.52.
+
+1003. [func] Add the +retry option to dig.
+
+ 999. [func] "rndc retransfer zone [class [view]]" added.
+ [RT #1752]
+
+ 998. [func] named-checkzone now has arguments to specify the
+ chroot directory (-t) and working directory (-w).
+ [RT #1755]
+
+ 997. [func] Add support for RSA-SHA1 keys (RFC3110).
+
+ 996. [func] Issue warning if the configuration filename contains
+ the chroot path.
+
+ 994. [func] Treat non-authoritative responses to queries for type
+ NS as referrals even if the NS records are in the
+ answer section, because BIND 8 servers incorrectly
+ send them that way. This is necessary for DNSSEC
+ validation of the NS records of a secure zone to
+ succeed when the parent is a BIND 8 server. [RT #1706]
+
+ 993. [func] dig: -v now reports the version.
+
+ 991. [func] Lower UDP refresh timeout messages to level
+ debug 1.
+
+ 985. [func] Consider network interfaces to be up iff they have
+ a nonzero IP address rather than based on the
+ IFF_UP flag. [RT #1160]
+
+ 983. [func] The server now supports generating IXFR difference
+ sequences for non-dynamic zones by comparing zone
+ versions, when enabled using the new config
+ option "ixfr-from-differences". [RT #1727]
+
+ 982. [func] If "memstatistics-file" is set in options the memory
+ statistics will be written to it.
+
+ 981. [func] The dnssec tools can now take multiple '-r randomfile'
+ arguments.
+
+ 979. [func] Incremental master file dumping. dns_master_dumpinc(),
+ dns_master_dumptostreaminc(), dns_dumpctx_attach(),
+ dns_dumpctx_detach(), dns_dumpctx_cancel(),
+ dns_dumpctx_db() and dns_dumpctx_version().
+
+ 976. [func] named-checkconf can now test load master zones
+ (named-checkconf -z). [RT #1468]
+
+ 970. [func] 'max-journal-size' can now be used to set a target
+ size for a journal.
+
+ 969. [func] dig now supports the undocumented dig 8 feature
+ of allowing arbitrary labels, not just dotted
+ decimal quads, with the -x option. This can be
+ used to conveniently look up RFC2317 names as in
+ "dig -x 10.0.0.0-127". [RT #827, #1576, #1598]
+
+ --- 9.2.3rc1 released ---
+
+1499. [bug] isc_random need to be seeded better if arc4random()
+ is not used.
+
+1498. [port] bsdos: 5.x support.
+
+1497. [protocol] dig, nslookup and host now perform nibble lookups
+ under IP6.ARPA, use -i for IP6.INT (dig and host).
+ lwres now uses IP6.ARPA.
+
+1496. [port] test for pthread_attr_setstacksize().
+
+1495. [cleanup] Replace hash functions with universal hash.
+
+1494. [security] Turn on RSA BLINDING as a precaution.
+
+1493. [doc] A6 and "bitstring" labels are now experimental.
+
+1492. [cleanup] Preserve rwlock quota context when upgrading /
+ downgrading. [RT #5599]
+
+1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
+ lines. [RT #6206]
+
+1490. [bug] Accept reading state as well as working state in
+ ns_client_next(). [RT #6813]
+
+1489. [compat] Treat 'allow-update' on slave zones as a warning.
+ [RT #3469]
+
+1488. [bug] Don't override trust levels for glue addresses.
+ [RT #5764]
+
+1487. [bug] A REQUIRE() failure could be triggered if a zone was
+ queued for transfer and the zone was then removed.
+ [RT #6189]
+
+1486. [bug] isc_print_snprintf() '%%' consumed one too many format
+ characters. [RT# 8230]
+
+1485. [bug] gen failed to handle high type values. [RT #6225]
+
+1484. [bug] The number of records reported after a AXFR was wrong.
+ [RT #6229]
+
+1483. [bug] dig axfr failed if the message id in the answer failed
+ to match that in the request. Only the id in the first
+ message is required to match. [RT #8138]
+
+1482. [bug] named could fail to start if the kernel supports
+ IPv6 but no interfaces are configured. Similarly
+ for IPv4. [RT #6229]
+
+1481. [bug] Refresh and stub queries failed to use masters keys
+ if specified. [RT #7391]
+
+1480. [bug] Provide replay protection for rndc commands. Full
+ replay protection requires both rndc and named to
+ be updated. Partial replay protection (limited
+ exposure after restart) is provided if just named
+ is updated.
+
+1479. [bug] cfg_create_tuple() failed to handle out of
+ memory cleanup. parse_list() would leak memory
+ on syntax errors.
+
+1478. [port] ifconfig.sh didn't account for other virtual
+ interfaces. It now takes a optional argument
+ to specify the first interface number. [RT #3907]
+
+1477. [bug] memory leak using stub zones and TSIG.
+
+1476. [port] win32: port unreachables were blocking further i/o
+ on sockets (Windows 2000 SP2 and later).
+
+1473. [bug] create_map() and create_string() failed to handle out
+ of memory cleanup. [RT #6813]
+
+1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
+
+1471. [bug] libbind: updated to BIND 8.4.0.
+
+1470. [bug] Incorrect length passed to snprintf. [RT #5966]
+
+1466. [bug] lwresd configuration errors resulted in memory
+ and lock leaks. [RT #5228]
+
+1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
+ failed to check that trailing bits were zero allowing
+ some invalid base64 strings to be accepted. [RT #5397]
+
+1464. [bug] Preserve "out of zone" data for outgoing zone
+ transfers. [RT #5192]
+
+1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
+ NXT bit maps. [RT #5577]
+
+1462. [bug] parse_sizeval() failed to check the token type.
+ [RT #5586]
+
+1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
+
+1460. [bug] inet_pton() failed to reject certain malformed
+ IPv6 literals.
+
+1459. [bug] win32: we were leaking a bits in the exception
+ fd_set resulting in "Socket operation on non-socket"
+ errors from select(). [RT #2966]
+
+1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
+
+1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
+
+1452. [bug] Bad #ifdef, ISC_RFC2335 -> ISC_RFC2535.
+
+1451. [bug] rndc-confgen didn't exit with a error code for all
+ failures. [RT #5209]
+
+1450. [bug] Fetching expired glue failed under certain
+ circumstances. [RT #5124]
+
+1449. [bug] query_addbestns() didn't handle running out of memory
+ gracefully.
+
+1448. [bug] Handle empty wildcards labels.
+
+1447. [bug] We were casting (unsigned int) to and from (void *).
+ rdataset->private4 is now rdataset->privateuint4
+ to reflect a type change.
+
+1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
+ been replaced with DNS_ADBFIND_STARTATZONE which
+ causes the search to start using the closest zone.
+
+1439. [bug] Named could return NOERROR with certain NOTIFY
+ failures. Return NOTAUTH if the NOTIFY zone is
+ not being served.
+
+1435. [bug] zmgr_resume_xfrs() was being called read locked
+ rather than write locked. zmgr_resume_xfrs()
+ was not being called if the zone was being
+ shutdown.
+
+1437. [bug] Leave space for stdio to work in. [RT #5033]
+
+1434. [bug] "rndc reconfig" failed to initiate the initial
+ zone transfer of new slave zones.
+
+1431. [bug] isc_print_snprintf() "%s" with precision could walk off
+ end of argument. [RT #5191]
+
+1429. [bug] Prevent the cache getting locked to old servers.
+
+1424. [bug] EDNS version not being correctly printed.
+
+1423. [contrib] queryperf: added A6 and SRV.
+
+1420. [port] solaris: work around gcc optimizer bug.
+
+1419. [port] openbsd: use /dev/arandom. [RT #4950]
+
+1418. [bug] 'rndc reconfig' did not cause new slaves to load.
+
+1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
+ [RT #4715]
+
+1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
+
+1408. [bug] "make distclean" was not complete. [RT #4700]
+
+1407. [bug] lfsr incorrectly implements the shift register.
+ [RT #4617]
+
+1406. [bug] dispatch initializes one of the LFSR's with a incorrect
+ polynomial. [RT #4617]
+
+1405. [func] Use arc4random() if available.
+
+1401. [bug] adb wasn't clearing state when the timer expired.
+
+1399. [bug] Use serial number arithmetic when testing SIG
+ timestamps. [RT #4268]
+
+1397. [bug] J.ROOT-SERVERS.NET is now 192.58.128.30.
+
+1389. [bug] named could fail to rotate long log files. [RT #3666]
+
+1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
+ defining HAVE_IFLIST_SYSCTL. [RT #3770]
+
+1387. [bug] named could crash due to an access to invalid memory
+ space (which caused an assertion failure) in
+ incremental cleaning. [RT #3588]
+
+1385. [bug] Setting serial-query-rate to 10 would trigger a
+ REQUIRE failure.
+
+1384. [bug] host was incompatible with BIND 8 in its exit code and
+ in the output with the -l option. [RT #3536]
+
+1373. [bug] Recovery from expired glue failed under certain
+ circumstances.
+
+1372. [bug] named crashes with an assertion failure on exit when
+ sharing the same port for listening and querying, and
+ changing listening addresses several times. [RT# 3509]
+
+1370. [bug] dig '+[no]recurse' was incorrectly documented.
+
+1369. [bug] Adding an NS record as the lexicographically last
+ record in a secure zone didn't work.
+
+1366. [contrib] queryperf usage was incomplete. Add '-h' for help.
+
+1348. [port] win32: Rewrote code to use I/O Completion Ports
+ in socket.c and eliminating a host of socket
+ errors. Performance is enhanced.
+
+1333. [contrib] queryperf now reports a summary of returned
+ rcodes (-c), rcodes are printed in mnemonic form (-v).
+
+1299. [bug] Set AI_ADDRCONFIG when looking up addresses
+ via getaddrinfo() (affects dig, host, nslookup, rndc
+ and nsupdate).
+
+1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
+ [RT #2436]
+
+1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
+ [RT #2046]
+
+ 992. [doc] dig: ~/.digrc is now documented.
+
+ --- 9.2.2 released ---
+
+1428. [port] hpux: temporary work around of hpux 11.11 interface
+ scanning.
+
+1427. [bug] Race condition in adb with threaded build.
+
+1426. [cleanup] Disable RFC2535 style DNSSEC. This is incompatible
+ with the forthcoming DS style DNSSEC.
+
+1425. [port] linux/libbind: define __USE_MISC when testing *_r()
+ function prototypes in netdb.h. [RT #4921]
+
+1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
+ have a working implementation. [RT #4079]
+
+1382. [bug] make install failed with --enable-libbind. [RT #3656]
+
+1381. [bug] named failed to correctly process answers that
+ contained DNAME records where the resulting CNAME
+ resulted in a negative answer.
+
+ --- 9.2.2rc1 released ---
+
+1360. [bug] --enable-libbind would fail when not built in the
+ source tree for certain OS's.
+
+1359. [security] Support patches OpenSSL libraries.
+ http://www.cert.org/advisories/CA-2002-23.html
+
+1358. [bug] It was possible to trigger a INSIST when debugging
+ large dynamic updates. [RT #3390]
+
+1357. [bug] nsupdate was extremely wasteful of memory.
+
+1356. [tuning] Reduce the number of events / quantum for zone tasks.
+
+1354. [doc] lwres man pages had illegal nroff.
+
+1353. [contrib] sdb/ldap to version 0.9.
+
+1352. [bug] dig, host, nslookup when falling back to TCP use the
+ current search entry (if any). [RT #3374]
+
+1351. [bug] lwres_getipnodebyname() returned the wrong name
+ when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
+ was set.
+
+1350. [bug] dns_name_fromtext() failed to handle too many labels
+ gracefully.
+
+1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
+ http://www.cert.org/advisories/CA-2002-23.html
+
+1346. [bug] Win32: select timeout in socket.c was too small
+ as value given was meant to be milliseconds and
+ timeval structure requires microseconds. This
+ caused high CPU loads with a compute bound loop.
+ [RT #3358]
+
+1345. [port] Use a explicit -Wformat with gcc. Not all versions
+ include it in -Wall.
+
+1340. [bug] Delay and spread out the startup refresh load.
+
+1335. [bug] When performing a nonexistence proof, the validator
+ should discard parent NXTs from higher in the DNS.
+
+1334. [bug] When signing/verifying rdatasets, duplicate rdatas
+ need to be suppressed.
+
+1330. [bug] When processing events (non-threaded) only allow
+ the task one chance to use to use its quantum.
+
+1327. [bug] The validator would incorrectly mark data as insecure
+ when seeing a bogus signature before a correct
+ signature.
+
+1326. [bug] DNAME/CNAME signatures were not being cached when
+ validation was not being performed. [RT #3284]
+
+1325. [bug] If the tcpquota was exhausted it was possible to
+ to trigger a INSIST() failure.
+
+1324. [port] darwin: ifconfig.sh now supports darwin.
+
+1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
+
+1320. [doc] query-source-v6 was missing from options section.
+ [RT #3218]
+
+1319. [func] libbind: log attempts to exploit #1318.
+
+1318. [bug] libbind: Remote buffer overrun.
+
+1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
+ element name.
+
+1316. [bug] libbind: gethostans() could get out of sync parsing
+ the response if there was a very long CNAME chain.
+
+1315. [bug] Options should apply to the internal _bind view.
+
+1314. [port] Handle ECONNRESET from sendmsg() [unix].
+
+1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
+
+1310. [bug] 'rndc stop' failed to cause zones to be flushed
+ sometimes. [RT #3157]
+
+1307. [bug] nsupdate: allow white space base64 key data.
+
+1306. [bug] Badly encoded LOC record when the size, horizontal
+ precision or vertical precision was 0.1m.
+
+1305. [bug] Document that internal zones are included in the
+ rndc status results.
+
+1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
+ could be left with a trailing "\" after configure
+ has been run.
+
+1297. [port] linux: make handling EINVAL from socket() no longer
+ conditional on #ifdef LINUX.
+
+1296. [bug] isc_log_closefilelogs() needed to lock the log
+ context.
+
+1295. [bug] isc_log_setdebuglevel() needed to lock the log
+ context.
+
+1294. [func] libbind: no longer attempts bit string labels for
+ IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
+ for nibble style resolution.
+
+1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
+
+1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
+ reflect written requirements.
+
+1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
+ a rdataset to a zone db in the rbtdb implementation of
+ addrdataset.
+
+1286. [bug] dns_name_downcase() enforce requirement that
+ target != NULL or name->buffer != NULL.
+
+1284. [bug] The RTT estimate on unused servers was not aged.
+ [RT #2569]
+
+1282. [port] libbind: hpux 11.11 interface scanning.
+
+1280. [bug] libbind: escape '(' and ')' when converting to
+ presentation form.
+
+1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
+
+1276. [bug] libbind: const pointer conflicts in res_debug.c.
+
+1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
+
+1274. [bug] Memory leak in lwres_gnbarequest_parse().
+
+1273. [port] libbind: solaris: 64 bit binary compatibility.
+
+1272. [contrib] Berkeley DB 4.0 sdb implementation from
+ Nuno Miguel Rodrigues <nmr@co.sapo.pt>.
+
+1270. [bug] Check that system inet_pton() and inet_ntop() support
+ AF_INET6.
+
+1269. [port] Openserver: ifconfig.sh support.
+
+1268. [port] Openserver: the value FD_SETSIZE depends on whether
+ <sys/param.h> is included or not. Be consistent.
+
+1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
+ __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
+ are not C++ compatible, use *_TYPE versions instead.
+
+1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
+ C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
+
+1263. [bug] Reference after free error if dns_dispatchmgr_create()
+ failed.
+
+1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
+
+1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
+ support for compressed TSIG owner names.
+
+1260. [func] libbind: res_update can now update IPv6 servers,
+ new function res_findzonecut2().
+
+1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
+ w/o sa_len.
+
+1258. [bug] libbind: res_nametotype() and res_nametoclass() were
+ broken.
+
+1257. [bug] Failure to write pid-file should not be fatal on
+ reload. [RT #2861]
+
+1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
+
+1255. [bug] When verifying that an NXT proves nonexistence, check
+ the rcode of the message and only do the matching NXT
+ check. That is, for NXDOMAIN responses, check that
+ the name is in the range between the NXT owner and
+ next name, and for NOERROR NODATA responses, check
+ that the type is not present in the NXT bitmap.
+
+1253. [bug] The dnssec system test failed to remove the correct
+ files.
+
+1252. [bug] Dig, host and nslookup were not checking the address
+ the answer was coming from against the address it was
+ sent to. [RT# 2692]
+
+1248. [bug] DESTDIR was not being propagated between makes.
+
+1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
+ accept().
+
+1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
+
+1241. [bug] Drop received UDP messages with a zero source port
+ as these are invariably forged. [RT #2621]
+
+1209. [bug] Dig, host, nslookup were not checking the message ids
+ on the responses. [RT #2454]
+
+1097. [func] libbind: RES_PRF_TRUNC for dig.
+
+1096. [func] libbind: "DNSSEC OK" (DO) support.
+
+1095. [func] libbind: resolver option: no-tld-query. disables
+ trying unqualified as a tld. no_tld_query is also
+ supported for FreeBSD compatibility.
+
+1094. [func] libbind: add support gcc's format string checking.
+
+1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
+ support.
+
+ --- 9.2.1 released ---
+
+1251. [port] win32: a make file contained absolute version specific
+ references.
+
+1249. [bug] Missing masters clause was not handled gracefully.
+ [RT #2703]
+
+1244. [bug] Receiving a TCP message from a blackhole address would
+ prevent further messages being received over that
+ interface.
+
+1178. [bug] Follow and cache (if appropriate) A6 and other
+ data chains to completion in the additional section.
+
+ --- 9.2.1rc2 released ---
+
+1240. [bug] It was possible to leak zone references by
+ specifying an incorrect zone to rndc.
+
+1239. [bug] Under certain circumstances named could continue to
+ use a name after it had been freed triggering
+ INSIST() failures. [RT #2614]
+
+1238. [bug] It is possible to lockup the server when shutting down
+ if notifies were being processed. [RT #2591]
+
+1237. [bug] nslookup: "set q=type" failed.
+
+1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
+ NULL terminated text regions. [RT #2588]
+
+1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
+
+1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
+
+1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
+
+1229. [bug] named would crash if it received a TSIG signed
+ query as part of an AXFR response. [RT #2570]
+
+1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
+
+1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
+ if a number was expected and some other token was
+ found. [RT#2532]
+
+1222. [bug] Specifying 'port *' did not always result in a system
+ selected (non-reserved) port being used. [RT #2537]
+
+1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
+ compared case insensitively. [RT #2542]
+
+1218. [bug] Named incorrectly returned SERVFAIL rather than
+ NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
+
+1216. [bug] Multiple server clauses for the same server were not
+ reported. [RT #2514]
+
+1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
+
+1214. [bug] Win32: isc_file_renameunique() could leave zero length
+ files behind.
+
+1212. [port] libbind: 64k answer buffers were causing stack space
+ to be exceeded for certain OS. Use heap space instead.
+
+1211. [bug] dns_name_fromtext() incorrectly handled certain
+ valid octal bitlabels. [RT #2483]
+
+1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
+ compatible addresses. [RT #2461]
+
+1208. [bug] dns_master_load*() failed to log a error message if
+ an error was detected when parsing the ownername of
+ a record. [RT #2448]
+
+ --- 9.2.1rc1 released ---
+
+1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
+ an invalid pointer.
+
+1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
+ trigger a non-EDNS retry.
+
+1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
+ of the message. [RT #2449]
+
+1204. [bug] libbind: res_nupdate() failed to update the name
+ server addresses before sending the update.
+
+1201. [bug] Require that if 'callbacks' is passed to
+ dns_rdata_fromtext(), callbacks->error and
+ callbacks->warn are initialized.
+
+1200. [bug] Log 'errno' that we are unable to convert to
+ isc_result_t. [RT #2404]
+
+1198. [bug] OPT printing style was not consistent with the way the
+ header fields are printed. The DO bit was not reported
+ if set. Report if any of the MBZ bits are set.
+
+1197. [bug] Attempts to define the same acl multiple times were not
+ detected.
+
+1196. [contrib] update mdnkit to 2.2.3.
+
+1195. [bug] Attempts to redefine builtin acls should be caught.
+ [RT #2403]
+
+1194. [bug] Not all duplicate zone definitions were being detected
+ at the named.conf checking stage. [RT #2431]
+
+1193. [bug] Best effort parsing didn't handle packet truncation.
+
+1191. [bug] A dynamic update removing the last non-apex name in
+ a secure zone would fail. [RT #2399]
+
+1189. [bug] On some systems, malloc(0) returns NULL, which
+ could cause the caller to report an out of memory
+ error. [RT #2398]
+
+1188. [bug] Dynamic updates of a signed zone would fail if
+ some of the zone private keys were unavailable.
+
+1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
+ EOL token when reading to end of line.
+
+1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
+ unless RES_INIT is set when calling res_*init().
+
+1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
+ when res_*init() is called.
+
+1183. [bug] Handle ENOSR error when writing to the internal
+ control pipe. [RT #2395]
+
+1182. [bug] The server could throw an assertion failure when
+ constructing a negative response packet.
+
+1176. [doc] Document that allow-v6-synthesis is only performed
+ for clients that are supplied recursive service.
+ [RT #2260]
+
+1175. [bug] named-checkzone failed to call dns_result_register()
+ at startup which could result in runtime
+ exceptions when printing "out of memory" errors.
+ [RT #2335]
+
+1174. [bug] Win32: add WSAECONNRESET to the expected errors
+ from connect(). [RT #2308]
+
+1173. [bug] Potential memory leaks in isc_log_create() and
+ isc_log_settag(). [RT #2336]
+
+1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
+ table of RR types in ARM.
+
+1170. [bug] Don't attempt to print the token when a I/O error
+ occurs when parsing named.conf. [RT #2275]
+
+1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
+
+1167. [contrib] nslint-2.1a3 (from author).
+
+1166. [bug] "Not Implemented" should be reported as NOTIMP,
+ not NOTIMPL. [RT #2281]
+
+1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
+
+1164. [bug] Empty masters clauses in slave / stub zones were not
+ handled gracefully. [RT #2262]
+
+1162. [bug] The allow-notify option was not accepted in slave
+ zone statements.
+
+1161. [bug] named-checkzone looped on unbalanced brackets.
+ [RT #2248]
+
+1160. [bug] Generating Diffie-Hellman keys longer than 1024
+ bits could fail. [RT #2241]
+
+1156. [port] The configure test for strsep() incorrectly
+ succeeded on certain patched versions of
+ AIX 4.3.3. [RT #2190]
+
+1154. [bug] Don't attempt to obtain the netmask of a interface
+ if there is no address configured. [RT #2176]
+
+1152. [bug] libbind: read buffer overflows.
+
+1144. [bug] rndc-confgen would crash if both the -a and -t
+ options were specified. [RT #2159]
+
+1142. [bug] dnssec-signzone would fail to delete temporary files
+ in some failure cases. [RT #2144]
+
+1141. [bug] When named rejected a control message, it would
+ leak a file descriptor and memory. It would also
+ fail to respond, causing rndc to hang.
+ [RT #2139, #2164]
+
+1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
+ to the -s option. [RT #2138]
+
+1136. [bug] CNAME records synthesized from DNAMEs did not
+ have a TTL of zero as required by RFC2672.
+ [RT #2129]
+
+1125. [bug] rndc: -k option was missing from usage message.
+ [RT #2057]
+
+1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
+ are now documented. [RT #2052]
+
+1123. [bug] dig +[no]fail did not match description. [RT #2052]
+
+1109. [bug] nsupdate accepted illegal ttl values.
+
+1108. [bug] On Win32, rndc was hanging when named was not running
+ due to failure to select for exceptional conditions
+ in select(). [RT #1870]
+
+1081. [bug] Multicast queries were incorrectly identified
+ based on the source address, not the destination
+ address.
+
+1072. [bug] The TCP client quota could be exceeded when
+ recursion occurred. [RT #1937]
+
+1071. [bug] Sockets listening for TCP DNS connections
+ specified an excessive listen backlog. [RT #1937]
+
+1070. [bug] Copy DNSSEC OK (DO) to response as specified by
+ draft-ietf-dnsext-dnssec-okbit-03.txt.
+
+1014. [bug] Some queries would cause statistics counters to
+ increment more than once or not at all. [RT #1321]
+
+1012. [bug] The -p option to named did not behave as documented.
+
+ 988. [bug] 'additional-from-auth no;' did not work reliably
+ in the case of queries answered from the cache.
+ [RT #1436]
+
+ 995. [bug] dig, host, nslookup: using a raw IPv6 address as a
+ target address should be fatal on a IPv4 only system.
+
+ --- 9.2.0 released ---
+
+1134. [bug] Multi-threaded servers could deadlock in ferror()
+ when reloading zone files. [RT #1951, #1998]
+
+1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on
+ platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]
+
+ --- 9.2.0rc10 released ---
+
+1131. [bug] The match-destinations view option did not work with
+ IPv6 destinations. [RT #2073, #2074]
+
+1130. [bug] Log messages reporting an out-of-range serial number
+ did not include the out-of-range number but the
+ following token. [RT #2076]
+
+1129. [bug] Multi-threaded servers could crash under heavy
+ resolution load due to a race condition. [RT #2018]
+
+1126. [bug] The server could access a freed event if shut
+ down while a client start event was pending
+ delivery. [RT #2061]
+
+1121. [bug] The server could attempt to access a NULL zone
+ table if shut down while resolving.
+ [RT #1587, #2054]
+
+1120. [bug] Errors in options were not fatal. [RT #2002]
+
+1118. [bug] On multi-threaded servers, a race condition
+ could cause an assertion failure in resolver.c
+ during resolver shutdown. [RT #2029]
+
+1117. [port] The configure check for in6addr_loopback incorrectly
+ succeeded on AIX 4.3 when compiling with -O2
+ because the test code was optimized away.
+ [RT #2016]
+
+1116. [bug] Setting transfers in a server clause, transfers-in,
+ or transfers-per-ns to a value greater than
+ 2147483647 disabled transfers. [RT #2002]
+
+1114. [port] Ignore more accept() errors. [RT #2021]
+
+1113. [bug] The allow-update-forwarding option was ignored
+ when specified in a view. [RT #2014]
+
+1111. [bug] Multi-threaded servers could deadlock processing
+ recursive queries due to a locking hierarchy
+ violation in adb.c. [RT #2017]
+
+ --- 9.2.0rc9 released ---
+
+1107. [bug] nsupdate could catch an assertion failure if an
+ invalid domain name was given as the argument to
+ the "zone" command.
+
+1106. [bug] After seeing an out of range TTL, nsupdate would
+ treat all TTLs as out of range. [RT #2001]
+
+1104. [bug] Invalid arguments to the transfer-format option
+ could cause an assertion failure. [RT #1995]
+
+1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
+
+1102. [doc] Note that query logging is enabled by directing the
+ queries category to a channel.
+
+1101. [bug] Array bounds read error in lwres_gai_strerror.
+
+1100. [bug] libbind: DNSSEC key ids were computed incorrectly.
+
+1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
+ compile time errors.
+
+1098. [bug] libbind: HMAC-MD5 key files are now mode 0600.
+
+1093. [doc] libbind: miscellaneous nroff fixes.
+
+1092. [bug] libbind: get*by*() failed to check if res_init() had
+ been called.
+
+1091. [bug] libbind: misplaced va_end().
+
+1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
+ the amount of memory consumed resulting in garbage
+ address being returned. Alignment calculations were
+ wasting space. We weren't suppressing duplicate
+ addresses.
+
+1088. [port] libbind: MPE/iX C.70 (incomplete)
+
+1087. [bug] libbind: struct __res_state too large on 64 bit arch.
+
+1086. [port] libbind: sunos: old sprintf.
+
+1085. [port] libbind: solaris: sys_nerr and sys_errlist do not
+ exist when compiling in 64 bit mode.
+
+1084. [cleanup] libbind: gai_strerror() rewritten.
+
+1083. [bug] The default control channel listened on the
+ wildcard address, not the loopback as documented.
+ [RT #1975]
+
+1082. [bug] The -g option to named incorrectly caused logging
+ to be sent to syslog in addition to stderr.
+ [RT #1974]
+
+1078. [bug] We failed to correct bad tv_usec values in one case.
+ [RT #1966]
+
+1076. [bug] A badly defined global key could trigger an assertion
+ on load/reload if views were used. [RT #1947]
+
+1075. [bug] Out-of-range network prefix lengths were not
+ reported. [RT #1954]
+
+1074. [bug] Running out of memory in dump_rdataset() could
+ cause an assertion failure. [RT #1946]
+
+ --- 9.2.0rc8 released ---
+
+1068. [bug] errno could be overwritten by catgets(). [RT #1921]
+
+1066. [bug] Provide a thread safe wrapper for strerror().
+ [RT #1689]
+
+1064. [bug] Do not shut down active network interfaces if we
+ are unable to scan the interface list. [RT #1921]
+
+1063. [bug] libbind: "make install" was failing on IRIX.
+ [RT #1919]
+
+1062. [bug] If the control channel listener socket was shut
+ down before server exit, the listener object could
+ be freed twice. [RT #1916]
+
+1061. [bug] If periodic cache cleaning happened to start
+ while cleaning due to reaching the configured
+ maximum cache size was in progress, the server
+ could catch an assertion failure. [RT #1912]
+
+1057. [bug] Reloading the server after adding a "file" clause
+ to a zone statement could cause the server to
+ crash due to a typo in change 1016.
+
+1056. [bug] Rndc could catch an assertion failure on SIGINT due
+ to an uninitialized variable. [RT #1908]
+
+ --- 9.2.0rc7 released ---
+
+1054. [bug] On Win32, cfg_categories and cfg_modules need to be
+ exported from the libisccfg DLL.
+
+1053. [bug] Dig did not increase its timeout when receiving
+ AXFRs unless the +time option was used. [RT #1904]
+
+1052. [bug] Journals were not being created in binary mode
+ resulting in "journal format not recognized" error
+ under Win32. [RT #1889]
+
+1051. [bug] Do not ignore a network interface completely just
+ because it has a noncontiguous netmask. Instead,
+ omit it from the localnets ACL and issue a warning.
+ [RT #1891]
+
+1050. [bug] Log messages reporting malformed IP addresses in
+ address lists such as that of the forwarders option
+ failed to include the correct error code, file
+ name, and line number. [RT #1890]
+
+1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
+ didn't work.
+
+1047. [bug] named was incorrectly refusing all requests signed
+ with a TSIG key derived from an unsigned TKEY
+ negotiation with a NOERROR response. [RT #1886]
+
+1046. [bug] The help message for the --with-openssl configure
+ option was inaccurate. [RT #1880]
+
+1045. [bug] It was possible to skip saving glue for a nameserver
+ for a stub zone.
+
+1044. [bug] Specifying allow-transfer, notify-source, or
+ notify-source-v6 in a stub zone was not treated
+ as an error.
+
+1043. [bug] Specifying a transfer-source or transfer-source-v6
+ option in the zone statement for a master zone was
+ not treated as an error. [RT #1876]
+
+1042. [bug] The "config" logging category did not work properly.
+ [RT #1873]
+
+1041. [bug] Dig/host/nslookup could catch an assertion failure
+ on SIGINT due to an uninitialized variable. [RT #1867]
+
+1040. [bug] Multiple listen-on-v6 options with different ports
+ were not accepted. [RT #1875]
+
+1039. [bug] Negative responses with CNAMEs in the answer section
+ were cached incorrectly. [RT #1862]
+
+1038. [bug] In servers configured with a tkey-domain option,
+ TKEY queries with an owner name other than the root
+ could cause an assertion failure. [RT #1866, #1869]
+
+1033. [bug] Always respond to requests with an unsupported opcode
+ with NOTIMP, even if we don't have a matching view
+ or cannot determine the class.
+
+ --- 9.2.0rc6 released ---
+
+1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
+ [RT #1858]
+
+1030. [bug] On systems with no resolv.conf file, nsupdate
+ exited with an error rather than defaulting
+ to using the loopback address. [RT #1836]
+
+1029. [bug] Some named.conf errors did not cause the loading
+ of the configuration file to return a failure
+ status even though they were logged. [RT #1847]
+
+1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf
+ in the wrong directory. [RT #1833]
+
+1027. [bug] RRs having the reserved type 0 should be rejected.
+ [RT #1471]
+
+1026. [port] Recognize OpenUNIX 8 in config.guess. [RT #1830]
+
+1022. [bug] Don't report empty root hints as "extra data".
+ [RT #1802]
+
+ --- 9.2.0rc5 released ---
+
+1021. [bug] On Win32, log message timestamps were one month
+ later than they should have been, and the server
+ would exhibit unspecified behavior in December.
+
+1020. [bug] IXFR log messages did not distinguish between
+ true IXFRs, AXFR-style IXFRs, and mere version
+ polls. [RT #1811]
+
+1019. [bug] The value of the lame-ttl option was limited to 18000
+ seconds, not 1800 seconds as documented. [RT #1803]
+
+1018. [bug] The default log channel was not always initialized
+ correctly. [RT #1813]
+
+1017. [bug] When specifying TSIG keys to dig and nsupdate using
+ the -k option, they must be HMAC-MD5 keys. [RT #1810]
+
+1016. [bug] Slave zones with no backup file were re-transferred
+ on every server reload.
+
+1015. [bug] Log channels that had a "versions" option but no
+ "size" option failed to create numbered log
+ files. [RT #1783]
+
+ --- 9.2.0rc4 released ---
+
+1013. [bug] It was possible to cancel a query twice when marking
+ a server as bogus or by having a blackhole acl.
+ [RT #1776]
+
+1010. [bug] The server could attempt to execute a command channel
+ command after initiating server shutdown, causing
+ an assertion failure. [RT #1766]
+
+1006. [bug] If a KEY RR was found missing during DNSSEC validation,
+ an assertion failure could subsequently be triggered
+ in the resolver. [RT #1763]
+
+1005. [bug] Don't copy nonzero RCODEs from request to response.
+ [RT #1765]
+
+1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770]
+
+1002. [bug] When reporting an unknown class name in named.conf,
+ including the file name and line number. [RT #1759]
+
+1001. [bug] win32 socket code doio_recv was not catching a
+ WSACONNRESET error when a client was timing out
+ the request and closing its socket. [RT #1745]
+
+1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias
+ for class "HS". [RT #1759]
+
+ --- 9.2.0rc3 released ---
+
+ 990. [bug] The rndc-confgen man page was not installed.
+
+ 989. [bug] Report filename if $INCLUDE fails for file related
+ errors. [RT #1736]
+
+ 987. [bug] "dig -help" didn't show "+[no]stats".
+
+ 986. [bug] "dig +noall" failed to clear stats and command
+ printing.
+
+ 984. [bug] Multi-threading should be enabled by default on
+ Solaris 2.7 and newer, but it wasn't.
+
+ --- 9.2.0rc2 released ---
+
+ 980. [bug] Incoming zone transfers restarting after an error
+ could trigger an assertion failure. [RT #1692]
+
+ 978. [bug] dns_db_attachversion() had an invalid REQUIRE()
+ condition.
+
+ 977. [bug] Improve "not at top of zone" error message.
+
+ 975. [bug] "max-cache-size default;" as a view option
+ caused an assertion failure.
+
+ 974. [bug] "max-cache-size unlimited;" as a global option
+ was not accepted.
+
+ 973. [bug] Failed to log the question name when logging:
+ "bad zone transfer request: non-authoritative zone
+ (NOTAUTH)".
+
+ 972. [bug] The file modification time code in zone.c was using the
+ wrong epoch. [RT #1667]
+
+ 968. [bug] On win32, the isc_time_now() function was unnecessarily
+ calling strtime(). [RT #1671]
+
+ 967. [bug] On win32, the link for bindevt was not including the
+ required resource file to enable the event viewer
+ to interpret the error messages in the event log,
+ [RT #1668]
+
+ 966. [placeholder]
+
+ 965. [bug] Including data other than root server NS and A
+ records in the root hint file could cause a rbtdb
+ node reference leak. [RT #1581, #1618]
+
+ 964. [func] Warn if data other than root server NS and A records
+ are found in the root hint file. [RT #1581, #1618]
+
+ 963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
+
+ 962. [bug] libbind: bad "#undef", don't attempt to install
+ non-existant nlist.h. [RT #1640]
+
+ 961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
+ was not defined. [RT #1482]
+
+ 960. [port] liblwres failed to build on systems with support for
+ getrrsetbyname() in the OS. [RT #1592]
+
+ 959. [port] On FreeBSD, determine the number of CPUs by calling
+ sysctlbyname(). [RT #1584]
+
+ 958. [port] ssize_t is not available on all platforms. [RT #1607]
+
+ 957. [bug] sys/select.h inclusion was broken on older platforms.
+ [RT #1607]
+
+ 956. [bug] ns_g_autorndcfile changed to ns_g_keyfile
+ in named/win32/os.c due to code changes in
+ change #953. win32 .make file for rndc-confgen
+ updated to add include path for os.h header.
+
+ --- 9.2.0rc1 released ---
+
+ 955. [bug] When using views, the zone's class was not being
+ inherited from the view's class. [RT #1583]
+
+ 954. [bug] When requesting AXFRs or IXFRs using dig, host, or
+ nslookup, the RD bit should not be set as zone
+ transfers are inherently nonrecursive. [RT #1575]
+
+ 953. [func] The /var/run/named.key file from change #843
+ has been replaced by /etc/rndc.key. Both
+ named and rndc will look for this file and use
+ it to configure a default control channel key
+ if not already configured using a different
+ method (rndc.conf / controls). Unlike
+ named.key, rndc.key is not created automatically;
+ it must be created by manually running
+ "rndc-confgen -a".
+
+ 952. [bug] The server required manual intervention to serve the
+ affected zones if it died between creating a journal
+ and committing the first change to it.
+
+ 951. [bug] CFLAGS was not passed to the linker when
+ linking some of the test programs under
+ bin/tests. [RT #1555].
+
+ 950. [bug] Explicit TTLs did not properly override $TTL
+ due to a bug in change 834. [RT #1558]
+
+ 949. [bug] host was unable to print records larger than 512
+ bytes. [RT #1557]
+
+ --- 9.2.0b2 released ---
+
+ 948. [port] Integrated support for building on Windows NT /
+ Windows 2000.
+
+ 947. [bug] dns_rdata_soa_t had a badly named element "mname" which
+ was really the RNAME field from RFC1035. To avoid
+ confusion and silent errors that would occur it the
+ "origin" and "mname" elements were given their correct
+ names "mname" and "rname" respectively, the "mname"
+ element is renamed to "contact".
+
+ 946. [cleanup] doc/misc/options is now machine-generated from the
+ configuration parser syntax tables, and therefore
+ more likely to be correct.
+
+ 945. [func] Add the new view-specific options
+ "match-destinations" and "match-recursive-only".
+
+ 944. [func] Check for expired signatures on load.
+
+ 943. [bug] The server could crash when receiving a command
+ via rndc if the configuration file listed only
+ nonexistent keys in the controls statement. [RT #1530]
+
+ 942. [port] libbind: GETNETBYADDR_ADDR_T was not correctly
+ defined on some platforms.
+
+ 941. [bug] The configuration checker crashed if a slave
+ zone didn't contain a masters statement. [RT #1514]
+
+ 940. [bug] Double zone locking failure on error path. [RT #1510]
+
+ --- 9.2.0b1 released ---
+
+ 939. [port] Add the --disable-linux-caps option to configure for
+ systems that manage capabilities outside of named.
+ [RT #1503]
+
+ 938. [placeholder]
+
+ 937. [bug] A race when shutting down a zone could trigger a
+ INSIST() failure. [RT #1034]
+
+ 936. [func] Warn about IPv4 addresses that are not complete
+ dotted quads. [RT #1084]
+
+ 935. [bug] inet_pton failed to reject leading zeros.
+
+ 934. [port] Deal with systems where accept() spuriously returns
+ ECONNRESET.
+
+ 933. [bug] configure failed doing libbind on platforms not
+ supported by BIND 8. [RT #1496]
+
+ --- 9.2.0a3 released ---
+
+ 932. [bug] Use INSTALL_SCRIPT, not INSTALL_PROGRAM,
+ when installing isc-config.sh.
+ [RT #198, #1466]
+
+ 931. [bug] The controls statement only attempted to verify
+ messages using the first key in the key list.
+ (9.2.0a1/a2 only).
+
+ 930. [func] Query performance testing tool added as
+ contrib/queryperf.
+
+ 929. [placeholder]
+
+ 928. [bug] nsupdate would send empty update packets if the
+ send (or empty line) command was run after
+ another send but before any new updates or
+ prerequisites were specified. It should simply
+ ignore this command.
+
+ 927. [bug] Don't hold the zone lock for the entire dump to disk.
+ [RT #1423]
+
+ 926. [bug] The resolver could deadlock with the ADB when
+ shutting down (multi-threaded builds only).
+ [RT #1324]
+
+ 925. [cleanup] Remove openssl from the distribution; require that
+ --with-openssl be specified if DNSSEC is needed.
+
+ 924. [port] Extend support for pre-RFC2133 IPv6 implementation.
+ [RT #987]
+
+ 923. [bug] Multiline TSIG secrets (and other multiline strings)
+ were not accepted in named.conf. [RT #1469]
+
+ 922. [func] Added two new lwres_getrrsetbyname() result codes,
+ ERR_NONAME and ERR_NODATA.
+
+ 921. [bug] lwres returned an incorrect error code if it received
+ a truncated message.
+
+ 920. [func] Increase the lwres receive buffer size to 16K.
+ [RT #1451]
+
+ 919. [placeholder]
+
+ 918. [func] In nsupdate, TSIG errors are no longer treated as
+ fatal errors.
+
+ 917. [func] New nsupdate command 'key', allowing TSIG keys to
+ be specified in the nsupdate command stream rather
+ than the command line.
+
+ 916. [bug] Specifying type ixfr to dig without specifying
+ a serial number failed in unexpected ways.
+
+ 915. [func] The named-checkconf and named-checkzone programs
+ now have a '-v' option for printing their version.
+ [RT #1151]
+
+ 914. [bug] Global 'server' statements were rejected when
+ using views, even though they were accepted
+ in 9.1. [RT #1368]
+
+ 913. [bug] Cache cleaning was not sufficiently aggressive.
+ [RT #1441, #1444]
+
+ 912. [bug] Attempts to set the 'additional-from-cache' or
+ 'additional-from-auth' option to 'no' in a
+ server with recursion enabled will now
+ be ignored and cause a warning message.
+ [RT #1145]
+
+ 911. [placeholder]
+
+ 910. [port] Some pre-RFC2133 IPv6 implementations do not define
+ IN6ADDR_ANY_INIT. [RT #1416]
+
+ 908. [func] New program, rndc-confgen, to simplify setting up rndc.
+
+ 907. [func] The ability to get entropy from either the
+ random device, a user-provided file or from
+ the keyboard was migrated from the DNSSEC tools
+ to libisc as isc_entropy_usebestsource().
+
+ 906. [port] Separated the system independent portion of
+ lib/isc/unix/entropy.c into lib/isc/entropy.c
+ and added lib/isc/win32/entropy.c.
+
+ 905. [bug] Configuring a forward "zone" for the root domain
+ did not work. [RT #1418]
+
+ 904. [bug] The server would leak memory if attempting to use
+ an expired TSIG key. [RT #1406]
+
+ 903. [bug] dig should not crash when receiving a TCP packet
+ of length 0.
+
+ 902. [bug] The -d option was ignored if both -t and -g were also
+ specified.
+
+ 901. [placeholder]
+
+ 900. [bug] A config.guess update changed the system identification
+ string of FreeBSD systems; configure and
+ bin/tests/system/ifconfig.sh now recognize the new
+ string.
+
+ --- 9.2.0a2 released ---
+
+ 899. [bug] lib/dns/soa.c failed to compile on many platforms
+ due to inappropriate use of a void value.
+ [RT #1372, #1373, #1386, #1387, #1395]
+
+ 898. [bug] "dig" failed to set a nonzero exit status
+ on UDP query timeout. [RT #1323]
+
+ 897. [bug] A config.guess update changed the system identification
+ string of UnixWare systems; configure now recognizes
+ the new string.
+
+ 896. [bug] If a configuration file is set on named's command line
+ and it has a relative pathname, the current directory
+ (after any possible jailing resulting from named -t)
+ will be prepended to it so that reloading works
+ properly even when a directory option is present.
+
+ 895. [func] New function, isc_dir_current(), akin to POSIX's
+ getcwd().
+
+ 894. [bug] When using the DNSSEC tools, a message intended to warn
+ when the keyboard was being used because of the lack
+ of a suitable random device was not being printed.
+
+ 893. [func] Removed isc_file_test() and added isc_file_exists()
+ for the basic functionality that was being added
+ with isc_file_test().
+
+ 892. [placeholder]
+
+ 891. [bug] Return an error when a SIG(0) signed response to
+ an unsigned query is seen. This should actually
+ do the verification, but it's not currently
+ possible. [RT #1391]
+
+ 890. [cleanup] The man pages no longer require the mandoc macros
+ and should now format cleanly using most versions of
+ nroff, and HTML versions of the man pages have been
+ added. Both are generated from DocBook source.
+
+ 889. [port] Eliminated blank lines before .TH in nroff man
+ pages since they cause problems with some versions
+ of nroff. [RT #1390]
+
+ 888. [bug] Don't die when using TKEY to delete a nonexistent
+ TSIG key. [RT #1392]
+
+ 887. [port] Detect broken compilers that can't call static
+ functions from inline functions. [RT #1212]
+
+ 866. [func] Close debug only file channels when debug is set to
+ zero. [RT #1246]
+
+ 865. [bug] The new configuration parser did not allow
+ the optional debug level in a "severity debug"
+ clause of a logging channel to be omitted.
+ This is now allowed and treated as "severity
+ debug 1;" like it does in BIND 8.2.4, not as
+ "severity debug 0;" like it did in BIND 9.1.
+ [RT #1367]
+
+ 864. [cleanup] Multi-threading is now enabled by default on
+ OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.
+
+ 863. [bug] If an error occurred while an outgoing zone transfer
+ was starting up, the server could access a domain
+ name that had already been freed when logging a
+ message saying that the transfer was starting.
+ [RT #1383]
+
+ 862. [bug] Use after realloc(), non portable pointer arithmetic in
+ grmerge().
+
+ 861. [port] Add support for Mac OS X, by making it equivalent
+ to Darwin. This was derived from the config.guess
+ file shipped with Mac OS X. [RT #1355]
+
+ 860. [func] Drop cross class glue in zone transfers.
+
+ 859. [bug] Cache cleaning now won't swamp the CPU if there
+ is a persistent overlimit condition.
+
+ 858. [func] isc_mem_setwater() no longer requires that when the
+ callback function is non-NULL then its hi_water
+ argument must be greater than its lo_water argument
+ (they can now be equal) or that they be non-zero.
+
+ 857. [cleanup] Use ISC_MAGIC() to define all magic numbers for
+ structs, for our friends in EBCDIC-land.
+
+ 856. [func] Allow partial rdatasets to be returned in answer and
+ authority sections to help non-TCP capable clients
+ recover from truncation. [RT #1301]
+
+ 855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings.
+
+ 854. [bug] The config parser didn't properly handle config
+ options that were specified in units of time other
+ than seconds. [RT #1372]
+
+ 853. [bug] configure_view_acl() failed to detach existing acls.
+ [RT #1374]
+
+ 852. [bug] Handle responses from servers which do not know
+ about IXFR.
+
+ 851. [cleanup] The obsolete support-ixfr option was not properly
+ ignored.
+
+ --- 9.2.0a1 released ---
+
+ 850. [bug] dns_rbt_findnode() would not find nodes that were
+ split on a bitstring label somewhere other than in
+ the last label of the node. [RT #1351]
+
+ 849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
+
+ 848. [func] A minimum max-cache-size of two megabytes is enforced
+ by the cache cleaner.
+
+ 847. [func] Added isc_file_test(), which currently only has
+ some very basic functionality to test for the
+ existence of a file, whether a pathname is absolute,
+ or whether a pathname is the fundamental representation
+ of the current directory. It is intended that this
+ function can be expanded to test other things a
+ programmer might want to know about a file.
+
+ 846. [func] A non-zero 'param' to dst_key_generate() when making an
+ hmac-md5 key means that good entropy is not required.
+
+ 845. [bug] The access rights on the public file of a symmetric
+ key are now restricted as soon as the file is opened,
+ rather than after it has been written and closed.
+
+ 844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
+ just as <lwres/net.h> does.
+
+ 843. [func] If no controls statement is present in named.conf,
+ or if any inet phrase of a controls statement is
+ lacking a keys clause, then a key will be automatically
+ generated by named and an rndc.conf-style file
+ named named.key will be written that uses it. rndc
+ will use this file only if its normal configuration
+ file, or one provided on the command line, does not
+ exist.
+
+ 842. [func] 'rndc flush' now takes an optional view.
+
+ 841. [bug] When sdb modules were not declared threadsafe, their
+ create and destroy functions were not serialized.
+
+ 840. [bug] The config file parser could print the wrong file
+ name if an error was detected after an included file
+ was parsed. [RT #1353]
+
+ 839. [func] Dump packets for which there was no view or that the
+ class could not be determined to category "unmatched".
+
+ 838. [port] UnixWare 7.x.x is now suported by
+ bin/tests/system/ifconfig.sh.
+
+ 837. [cleanup] Multi-threading is now enabled by default only on
+ OSF1, Solaris 2.7 and newer, and AIX.
+
+ 836. [func] Upgraded libtool to 1.4.
+
+ 835. [bug] The dispatcher could enter a busy loop if
+ it got an I/O error receiving on a UDP socket.
+ [RT #1293]
+
+ 834. [func] Accept (but warn about) master files beginning with
+ an SOA record without an explicit TTL field and
+ lacking a $TTL directive, by using the SOA MINTTL
+ as a default TTL. This is for backwards compatibility
+ with old versions of BIND 8, which accepted such
+ files without warning although they are illegal
+ according to RFC1035.
+
+ 833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
+ <dns/soa.h>, and extended them to support
+ all the integer-valued fields of the SOA RR.
+
+ 832. [bug] The default location for named.conf in named-checkconf
+ should depend on --sysconfdir like it does in named.
+ [RT #1258]
+
+ 831. [placeholder]
+
+ 830. [func] Implement 'rndc status'.
+
+ 829. [bug] The DNS_R_ZONECUT result code should only be returned
+ when an ANY query is made with DNS_DBFIND_GLUEOK set.
+ In all other ANY query cases, returning the delegation
+ is better.
+
+ 828. [bug] The errno value from recvfrom() could be overwritten
+ by logging code. [RT #1293]
+
+ 827. [bug] When an IXFR protocol error occurs, the slave
+ should retry with AXFR.
+
+ 826. [bug] Some IXFR protocol errors were not detected.
+
+ 825. [bug] zone.c:ns_query() detached from the wrong zone
+ reference. [RT #1264]
+
+ 824. [bug] Correct line numbers reported by dns_master_load().
+ [RT #1263]
+
+ 823. [func] The output of "dig -h" now goes to stdout so that it
+ can easily be piped through "more". [RT #1254]
+
+ 822. [bug] Sending nxrrset prerequisites would crash nsupdate.
+ [RT #1248]
+
+ 821. [bug] The program name used when logging to syslog should
+ be stripped of leading path components.
+ [RT #1178, #1232]
+
+ 820. [bug] Name server address lookups failed to follow
+ A6 chains into the glue of local authoritative
+ zones.
+
+ 819. [bug] In certain cases, the resolver's attempts to
+ restart an address lookup at the root could cause
+ the fetch to deadlock (with itself) instead of
+ restarting. [RT #1225]
+
+ 818. [bug] Certain pathological responses to ANY queries could
+ cause an assertion failure. [RT #1218]
+
+ 817. [func] Adjust timeouts for dialup zone queries.
+
+ 816. [bug] Report potential problems with log file accessibility
+ at configuration time, since such problems can't
+ reliably be reported at the time they actually occur.
+
+ 815. [bug] If a log file was specified with a path separator
+ character (i.e. "/") in its name and the directory
+ did not exist, the log file's name was treated as
+ though it were the directory name. [RT #1189]
+
+ 814. [bug] Socket objects left over from accept() failures
+ were incorrectly destroyed, causing corruption
+ of socket manager data structures.
+
+ 813. [bug] File descriptors exceeding FD_SETSIZE were handled
+ badly. [RT #1192]
+
+ 812. [bug] dig sometimes printed incomplete IXFR responses
+ due to an uninitialized variable. [RT #1188]
+
+ 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
+
+ 810. [bug] The signer name in SIG records was not properly
+ downcased when signing/verifying records. [RT #1186]
+
+ 809. [bug] Configuring a non-local address as a transfer-source
+ could cause an assertion failure during load.
+
+ 808. [func] Add 'rndc flush' to flush the server's cache.
+
+ 807. [bug] When setting up TCP connections for incoming zone
+ transfers, the transfer-source port was not
+ ignored like it should be.
+
+ 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
+ the calling stack to the zone maintence level, causing
+ zones to not reload when an included file was touched
+ but the top-level zone file was not.
+
+ 805. [bug] When using "forward only", missing root hints should
+ not cause queries to fail. [RT #1143]
+
+ 804. [bug] Attempting to obtain entropy could fail in some
+ situations. This would be most common on systems
+ with user-space threads. [RT #1131]
+
+ 803. [bug] Treat all SIG queries as if they have the CD bit set,
+ otherwise no data will be returned [RT #749]
+
+ 802. [bug] DNSSEC key tags were computed incorrectly in almost
+ all cases. [RT #1146]
+
+ 801. [bug] nsupdate should treat lines beginning with ';' as
+ comments. [RT #1139]
+
+ 800. [bug] dnssec-signzone produced incorrect statistics for
+ large zones. [RT #1133]
+
+ 799. [bug] The ADB didn't find AAAA glue in a zone unless A6
+ glue was also present.
+
+ 798. [bug] nsupdate should be able to reject bad input lines
+ and continue. [RT #1130]
+
+ 797. [func] Issue a warning if the 'directory' option contains
+ a relative path. [RT #269]
+
+ 796. [func] When a size limit is associated with a log file,
+ only roll it when the size is reached, not every
+ time the log file is opened. [RT #1096]
+
+ 795. [func] Add the +multiline option to dig. [RT #1095]
+
+ 794. [func] Implement the "port" and "default-port" statements
+ in rndc.conf.
+
+ 793. [cleanup] The DNSSEC tools could create filenames that were
+ illegal or contained shell metacharacters. They
+ now use a different text encoding of names that
+ doesn't have these problems. [RT #1101]
+
+ 792. [cleanup] Replace the OMAPI command channel protocol with a
+ simpler one.
+
+ 791. [bug] The command channel now works over IPv6.
+
+ 790. [bug] Wildcards created using dynamic update or IXFR
+ could fail to match. [RT #1111]
+
+ 789. [bug] The "localhost" and "localnets" ACLs did not match
+ when used as the second element of a two-element
+ sortlist item.
+
+ 788. [func] Add the "match-mapped-addresses" option, which
+ causes IPv6 v4mapped addresses to be treated as
+ IPv4 addresses for the purpose of acl matching.
+
+ 787. [bug] The DNSSEC tools failed to downcase domain
+ names when mapping them into file names.
+
+ 786. [bug] When DNSSEC signing/verifying data, owner names were
+ not properly downcased.
+
+ 785. [bug] A race condition in the resolver could cause
+ an assertion failure. [RT #673, #872, #1048]
+
+ 784. [bug] nsupdate and other programs would not quit properly
+ if some signals were blocked by the caller. [RT #1081]
+
+ 783. [bug] Following CNAMEs could cause an assertion failure
+ when either using an sdb database or under very
+ rare conditions.
+
+ 782. [func] Implement the "serial-query-rate" option.
+
+ 781. [func] Avoid error packet loops by dropping duplicate FORMERR
+ responses. [RT #1006]
+
+ 780. [bug] Error handling code dealing with out of memory or
+ other rare errors could lead to assertion failures
+ by calling functions on unitialized names. [RT #1065]
+
+ 779. [func] Added the "minimal-responses" option.
+
+ 778. [bug] When starting cache cleaning, cleaning_timer_action()
+ returned without first pausing the iterator, which
+ could cause deadlock. [RT #998]
+
+ 777. [bug] An empty forwarders list in a zone failed to override
+ global forwarders. [RT #995]
+
+ 776. [func] Improved error reporting in denied messages. [RT #252]
+
+ 775. [placeholder]
+
+ 774. [func] max-cache-size is implemented.
+
+ 773. [func] Added isc_rwlock_trylock() to attempt to lock without
+ blocking.
+
+ 772. [bug] Owner names could be incorrectly omitted from cache
+ dumps in the presence of negative caching entries.
+ [RT #991]
+
+ 771. [cleanup] TSIG errors related to unsynchronized clocks
+ are logged better. [RT #919]
+
+ 770. [func] Add the "edns yes_or_no" statement to the server
+ clause. [RT #524]
+
+ 769. [func] Improved error reporting when parsing rdata. [RT #740]
+
+ 768. [bug] The server did not emit an SOA when a CNAME
+ or DNAME chain ended in NXDOMAIN in an
+ authoritative zone.
+
+ 767. [placeholder]
+
+ 766. [bug] A few cases in query_find() could leak fname.
+ This would trigger the mpctx->allocated == 0
+ assertion when the server exited.
+ [RT #739, #776, #798, #812, #818, #821, #845,
+ #892, #935, #966]
+
+ 765. [func] ACL names are once again case insensitive, like
+ in BIND 8. [RT #252]
+
+ 764. [func] Configuration files now allow "include" directives
+ in more places, such as inside the "view" statement.
+ [RT #377, #728, #860]
+
+ 763. [func] Configuration files no longer have reserved words.
+ [RT #731, #753]
+
+ 762. [cleanup] The named.conf and rndc.conf file parsers have
+ been completely rewritten.
+
+ 761. [bug] _REENTRANT was still defined when building with
+ --disable-threads.
+
+ 760. [contrib] Significant enhancements to the pgsql sdb driver.
+
+ 759. [bug] The resolver didn't turn off "avoid fetches" mode
+ when restarting, possibly causing resolution
+ to fail when it should not. This bug only affected
+ platforms which support both IPv4 and IPv6. [RT #927]
+
+ 758. [bug] The "avoid fetches" code did not treat negative
+ cache entries correctly, causing fetches that would
+ be useful to be avoided. This bug only affected
+ platforms which support both IPv4 and IPv6. [RT #927]
+
+ 757. [func] Log zone transfers.
+
+ 756. [bug] dns_zone_load() could "return" success when no master
+ file was configured.
+
+ 755. [bug] Fix incorrectly formatted log messages in zone.c.
+
+ 754. [bug] Certain failure conditions sending UDP packets
+ could cause the server to retry the transmission
+ indefinitely. [RT #902]
+
+ 753. [bug] dig, host, and nslookup would fail to contact a
+ remote server if getaddrinfo() returned an IPv6
+ address on a system that doesn't support IPv6.
+ [RT #917]
+
+ 752. [func] Correct bad tv_usec elements returned by
+ gettimeofday().
+
+ 751. [func] Log successful zone loads / transfers. [RT #898]
+
+ 750. [bug] A query should not match a DNAME whose trust level
+ is pending. [RT #916]
+
+ 749. [bug] When a query matched a DNAME in a secure zone, the
+ server did not return the signature of the DNAME.
+ [RT #915]
+
+ 748. [doc] List supported RFCs in doc/misc/rfc-compliance.
+ [RT #781]
+
+ 747. [bug] The code to determine whether an IXFR was possible
+ did not properly check for a database that could
+ not have a journal. [RT #865, #908]
+
+ 746. [bug] The sdb didn't clone rdatasets properly, causing
+ a crash when the server followed delegations. [RT #905]
+
+ 745. [func] Report the owner name of records that fail
+ semantic checks while loading.
+
+ 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the
+ result of an ANY or SIG query, the resolver failed
+ to setup the return event's rdatasets, causing an
+ assertion failure in the query code. [RT #881]
+
+ 743. [bug] Receiving a large number of certain malformed
+ answers could cause named to stop responding.
+ [RT #861]
+
+ 742. [placeholder]
+
+ 741. [port] Support openssl-engine. [RT #709]
+
+ 740. [port] Handle openssl library mismatches slightly better.
+
+ 739. [port] Look for /dev/random in configure, rather than
+ assuming it will be there for only a predefined
+ set of OSes.
+
+ 738. [bug] If a non-threadsafe sdb driver supported AXFR and
+ received an AXFR request, it would deadlock or die
+ with an assertion failure. [RT #852]
+
+ 737. [port] stdtime.c failed to compile on certain platforms.
+
+ 736. [func] New functions isc_task_{begin,end}exclusive().
+
+ 735. [doc] Add BIND 4 migration notes.
+
+ 734. [bug] An attempt to re-lock the zone lock could occur if
+ the server was shutdown during a zone tranfer.
+ [RT #830]
+
+ 733. [bug] Reference counts of dns_acl_t objects need to be
+ locked but were not. [RT #801, #821]
+
+ 732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828]
+
+ 731. [bug] Certain zone errors could cause named-checkzone to
+ fail ungracefully. [RT #819]
+
+ 730. [bug] lwres_getaddrinfo() returns the correct result when
+ it fails to contact a server. [RT #768]
+
+ 729. [port] pthread_setconcurrency() needs to be called on Solaris.
+
+ 728. [bug] Fix comment processing on master file directives.
+ [RT# 757]
+
+ 727. [port] Work around OS bug where accept() succeeds but
+ fails to fill in the peer address of the accepted
+ connection, by treating it as an error rather than
+ an assertion failure. [RT #809]
+
+ 726. [func] Implement the "trace" and "notrace" commands in rndc.
+
+ 725. [bug] Installing man pages could fail.
+
+ 724. [func] New libisc functions isc_netaddr_any(),
+ isc_netaddr_any6().
+
+ 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
+ to return DNS_R_SERVFAIL. [RT #783]
+
+ 722. [func] Allow incremental loads to be canceled.
+
+ 721. [cleanup] Load manager and dns_master_loadfilequota() are no
+ more.
+
+ 720. [bug] Server could enter infinite loop in
+ dispatch.c:do_cancel(). [RT #733]
+
+ 719. [bug] Rapid reloads could trigger an assertion failure.
+ [RT #743, #763]
+
+ 718. [cleanup] "internal" is no longer a reserved word in named.conf.
+ [RT #753, #731]
+
+ 717. [bug] Certain TKEY processing failure modes could
+ reference an uninitialized variable, causing the
+ server to crash. [RT #750]
+
+ 716. [bug] The first line of a $INCLUDE master file was lost if
+ an origin was specified. [RT #744]
+
+ 715. [bug] Resolving some A6 chains could cause an assertion
+ failure in adb.c. [RT #738]
+
+ 714. [bug] Preserve interval timers across reloads unless changed.
+ [RT# 729]
+
+ 713. [func] named-checkconf takes '-t directory' similar to named.
+ [RT #726]
+
+ 712. [bug] Sending a large signed update message caused an
+ assertion failure. [RT #718]
+
+ 711. [bug] The libisc and liblwres implementations of
+ inet_ntop contained an off by one error.
+
+ 710. [func] The forwarders statement now takes an optional
+ port. [RT #418]
+
+ 709. [bug] ANY or SIG queries for data with a TTL of 0
+ would return SERVFAIL. [RT #620]
+
+ 708. [bug] When building with --with-openssl, the openssl headers
+ included with BIND 9 should not be used. [RT #702]
+
+ 707. [func] The "filename" argument to named-checkzone is no
+ longer optional, to reduce confusion. [RT #612]
+
+ 706. [bug] Zones with an explicit "allow-update { none; };"
+ were considered dynamic and therefore not reloaded
+ on SIGHUP or "rndc reload".
+
+ 705. [port] Work out resource limit type for use where rlim_t is
+ not available. [RT #695]
+
+ 704. [port] RLIMIT_NOFILE is not available on all platforms.
+ [RT #695]
+
+ 703. [port] sys/select.h is needed on older platforms. [RT #695]
+
+ 702. [func] If the address 0.0.0.0 is seen in resolv.conf,
+ use 127.0.0.1 instead. [RT #693]
+
+ 701. [func] Root hints are now fully optional. Class IN
+ views use compiled-in hints by default, as
+ before. Non-IN views with no root hints now
+ provide authoritative service but not recursion.
+ A warning is logged if a view has neither root
+ hints nor authoritative data for the root. [RT #696]
+
+ 700. [bug] $GENERATE range check was wrong. [RT #688]
+
+ 699. [bug] The lexer mishandled empty quoted strings. [RT #694]
+
+ 698. [bug] Aborting nsupdate with ^C would lead to several
+ race conditions.
+
+ 697. [bug] nsupdate was not compatible with the undocumented
+ BIND 8 behavior of ignoring TTLs in "update delete"
+ commands. [RT #693]
+
+ 696. [bug] lwresd would die with an assertion failure when passed
+ a zero-length name. [RT #692]
+
+ 695. [bug] If the resolver attempted to query a blackholed or
+ bogus server, the resolution would fail immediately.
+
+ 694. [bug] $GENERATE did not produce the last entry.
+ [RT #682, #683]
+
+ 693. [bug] An empty lwres statement in named.conf caused
+ the server to crash while loading.
+
+ 692. [bug] Deal with systems that have getaddrinfo() but not
+ gai_strerror(). [RT #679]
+
+ 691. [bug] Configuring per-view forwarders caused an assertion
+ failure. [RT #675, #734]
+
+ 690. [func] $GENERATE now supports DNAME. [RT #654]
+
+ 689. [doc] man pages are now installed. [RT #210]
+
+ 688. [func] "make tags" now works on systems with the
+ "Exuberant Ctags" etags.
+
+ 687. [bug] Only say we have IPv6, with sufficent functionality,
+ if it has actually been tested. [RT #586]
+
+ 686. [bug] dig and nslookup can now be properly aborted during
+ blocking operations. [RT #568]
+
+ 685. [bug] nslookup should use the search list/domain options
+ from resolv.conf by default. [RT #405, #630]
+
+ 684. [bug] Memory leak with view forwarders. [RT #656]
+
+ 683. [bug] File descriptor leak in isc_lex_openfile().
+
+ 682. [bug] nslookup displayed SOA records incorrectly. [RT #665]
+
+ 681. [bug] $GENERATE specifying output format was broken. [RT #653]
+
+ 680. [bug] dns_rdata_fromstruct() mishandled options bigger
+ than 255 octets.
+
+ 679. [bug] $INCLUDE could leak memory and file descriptors on
+ reload. [RT #639]
+
+ 678. [bug] "transfer-format one-answer;" could trigger an assertion
+ failure. [RT #646]
+
+ 677. [bug] dnssec-signzone would occasionally use the wrong ttl
+ for database operations and fail. [RT #643]
+
+ 676. [bug] Log messages about lame servers to category
+ 'lame-servers' rather than 'resolver', so as not
+ to be gratuitously incompatible with BIND 8.
+
+ 675. [bug] TKEY queries could cause the server to leak
+ memory.
+
+ 674. [func] Allow messages to be TSIG signed / verified using
+ a offset from the current time.
+
+ 673. [func] The server can now convert RFC1886-style recursive
+ lookup requests into RFC2874-style lookups, when
+ enabled using the new option "allow-v6-synthesis".
+
+ 672. [bug] The wrong time was in the "time signed" field when
+ replying with BADTIME error.
+
+ 671. [bug] The message code was failing to parse a message with
+ no question section and a TSIG record. [RT #628]
+
+ 670. [bug] The lwres replacements for getaddrinfo and
+ getipnodebyname didn't properly check for the
+ existence of the sockaddr sa_len field.
+
+ 669. [bug] dnssec-keygen now makes the public key file
+ non-world-readable for symmetric keys. [RT #403]
+
+ 668. [func] named-checkzone now reports multiple errors in master
+ files.
+
+ 667. [bug] On Linux, running named with the -u option and a
+ non-world-readable configuration file didn't work.
+ [RT #626]
+
+ 666. [bug] If a request sent by dig is longer than 512 bytes,
+ use TCP.
+
+ 665. [bug] Signed responses were not sent when the size of the
+ TSIG + question exceeded the maximum message size.
+ [RT #628]
+
+ 664. [bug] The t_tasks and t_timers module tests are now skipped
+ when building without threads, since they require
+ threads.
+
+ 663. [func] Accept a size_spec, not just an integer, in the
+ (unimplemented and ignored) max-ixfr-log-size option
+ for compatibility with recent versions of BIND 8.
+ [RT #613]
+
+ 662. [bug] dns_rdata_fromtext() failed to log certain errors.
+
+ 661. [bug] Certain UDP IXFR requests caused an assertion failure
+ (mpctx->allocated == 0). [RT #355, #394, #623]
+
+ 660. [port] Detect multiple CPUs on HP-UX and IRIX.
+
+ 659. [performance] Rewrite the name compression code to be much faster.
+
+ 658. [cleanup] Remove all vestiges of 16 bit global compression.
+
+ 657. [bug] When a listen-on statement in an lwres block does not
+ specify a port, use 921, not 53. Also update the
+ listen-on documentation. [RT #616]
+
+ 656. [func] Treat an unescaped newline in a quoted string as
+ an error. This means that TXT records with missing
+ close quotes should have meaningful errors printed.
+
+ 655. [bug] Improve error reporting on unexpected eof when loading
+ zones. [RT #611]
+
+ 654. [bug] Origin was being forgotten in TCP retries in dig.
+ [RT #574]
+
+ 653. [bug] +defname option in dig was reversed in sense.
+ [RT #549]
+
+ 652. [bug] zone_saveunique() did not report the new name.
+
+ 651. [func] The AD bit in responses now has the meaning
+ specified in <draft-ietf-dnsext-ad-is-secure>.
+
+ 650. [bug] SIG(0) records were being generated and verified
+ incorrectly. [RT #606]
+
+ 649. [bug] It was possible to join to an already running fctx
+ after it had "cloned" its even
lentferj's projects / dragonfly.git / commitdiff