2 * Fix creating NSEC(3) bitmaps: make array size 65536,
4 * Fix printout of escaped binary in TXT records.
5 * Parsing TXT records: don't skip starting whitespace that is quoted.
6 * bugfix #358: Check if memory was successfully allocated in
8 * Added more memory allocation checks in host2str.c
9 * python wrapper for ldns_fetch_valid_domain_keys by Bedrich Kosata.
10 * fix to compile python wrapper with swig 2.0.2.
11 * Don't fallback to SHA-1 when creating NSEC3 hash with another
12 algorithm identifier, fail instead (no other algorithm identifiers
16 * Fix ldns zone, so that $TTL definition match RFC 2308.
17 * Fix lots of missing checks on allocation failures and parse of
18 NSEC with many types and max parse length in hosts_frm_fp routine
19 and off by one in read_anchor_file routine (thanks Dan Kaminsky and
21 * bugfix #335: Drill: Print both SHA-1 and SHA-256 corresponding DS
23 * Print correct WHEN in query packet (is not always 1-1-1970)
24 * ldns-test-edns: new example tool that detects EDNS support.
25 * fix ldns_resolver_send without openssl.
26 * bugfix #342: patch for support for more CERT key types (RFC4398).
27 * bugfix #351: fix udp_send hang if UDP checksum error.
28 * fix set_bit (from NSEC3 sign) patch from Jan Komissar.
31 * EXPERIMENTAL ecdsa implementation, please do not enable on real
33 * GOST code enabled by default (RFC 5933).
34 * bugfix #326: ignore whitespace between directives and their values.
35 * Header comment to advertise ldns_axfr_complete to check for
36 successfully completed zone transfers.
37 * read resolv.conf skips interface labels, e.g. %eth0.
38 * Fix drill verify NSEC3 denials.
39 * Use closesocket() on windows.
40 * Add ldns_get_signing_algorithm_by_name that understand aliases,
41 names changed to RFC names and aliases for compatibility added.
42 * bugfix: don't print final dot if the domain is relative.
43 * bugfix: resolver search continue when packet rcode != NOERROR.
44 * bugfix: resolver push all domains in search directive to list.
45 * bugfix: resolver search by default includes the root domain.
46 * bugfix: tcp read could fail on single octet recv.
47 * bugfix: read of RR in unknown syntax with missing fields.
48 * added ldns_pkt_tsig_sign_next() and ldns_pkt_tsig_verify_next()
49 to sign and verify TSIG RRs on subsequent messages
50 (section 4.4, RFC 2845, thanks to Michael Sheldon).
51 * bugfix: signer sigs nsecs with zsks only.
52 * bugfix #333: fix ldns_dname_absolute for name ending with backslash.
55 * Fix ldns_rr_clone to copy question rrs properly.
56 * Fix ldns_sign_zone(_nsec3) to clone the soa for the new zone.
57 * Fix ldns_wire2dname size check from reading 1 byte beyond buffer end.
58 * Fix ldns_wire2dname from reading 1 byte beyond end for pointer.
59 * Fix crash using GOST for particular platform configurations.
60 * extern C declarations used in the header file.
61 * Removed debug fprintf from resolver.c.
62 * ldns-signzone checks if public key file is for the right zone.
63 * NETLDNS, .NET port of ldns functionality, by Alex Nicoll, in contrib.
64 * Fix handling of comments in resolv.conf parse.
65 * GOST code enabled if SSL recent, RFC 5933.
66 * bugfix #317: segfault util.c ldns_init_random() fixed.
67 * Fix ldns_tsig_mac_new: allocate enough memory for the hash, fix use of
68 b64_pton_calculate_size.
69 * Fix ldns_dname_cat: size calculation and handling of realloc().
70 * Fix ldns_rr_pop_rdf: fix handling of realloc().
71 * Fix ldns-signzone for single type key scheme: sign whole zone if there
73 * Fix ldns_resolver: also close socket if AXFR failed (if you don't,
74 it would block subsequent transfers (thanks Roland van Rijswijk).
75 * Fix drill: allow for a secure trace if you use DS records as trust
76 anchors (thanks Jan Komissar).
79 * Catch \X where X is a digit as an error.
80 * Fix segfault when ip6 ldns resolver only has ip4 servers.
81 * Fix NSEC record after DNSKEY at zone apex not properly signed.
82 * Fix syntax error if last label too long and no dot at end of domain.
83 * Fix parse of \# syntax with space for type LOC.
84 * Fix ldns_dname_absolute for escape sequences, fixes some parse errs.
85 * bugfix #297: linking ssl, bug due to patch submitted as #296.
86 * bugfix #299: added missing declarations to host2str.h
87 * ldns-compare-zones -s to not exclude SOA record from comparison.
89 * fix ldns_pkt_empty(), reported by Alex Nicoll.
90 * fix ldns_resolver_new_frm_fp not ignore lines after a comment.
91 * python code for ldns_rr.new_question_frm_str()
92 * Fix ldns_dnssec_verify_denial: the signature selection routine.
93 * Type TALINK parsed (draft-ietf-dnsop-trust-history).
94 * bugfix #304: fixed dead loop in ldns_tcp_read_wire() and
95 ldns_tcp_read_wire_timeout().
96 * GOST support with correct algorithm numbers. The plan is to make it
97 enabled if openssl support is detected, but it is disabled by
98 default in this release because the RFC is not ready.
99 * Fixed comment in rbtree.h about being first member and data ptr.
100 * Fixed possibly leak in case of out of memory in ldns_native2rdf...
101 * ldns_dname_is_wildcard added.
102 * Fixed: signatures over wildcards had the wrong labelcount.
103 * Fixed ldns_verify() inconsistent return values.
104 * Fixed ldns_resolver to copy and free tsig name, data and algorithm.
105 * Fixed ldns_resolver to push search onto searchlist.
106 * A ldns resolver now defaults to a non-recursive resolver that handles
108 * ldns_resolver_print() prints more details.
109 * Fixed ldns_rdf2buffer_str_time(), which did not print timestamps
111 * Make ldns_resolver_nameservers_randomize() more random.
112 * bugfix #310: POSIX specifies NULL second argument of gettimeofday.
113 * fix compiler warnings from llvm clang compiler.
114 * bugfix #309: ldns_pkt_clone did not clone the tsig_rr.
115 * Fix gentoo ebuild for drill, 'no m4 directory'.
116 * bugfix #313: drill trace on an empty nonterminal continuation.
119 * Imported pyldns contribution by Zdenek Vasicek and Karel Slany.
120 Changed its configure and Makefile to fit into ldns.
121 Added its dname_* methods to the rdf_* class (as is the ldns API).
122 Changed swig destroy of ldns_buffer class to ldns_buffer_free.
123 Declared ldns_pkt_all and ldns_pkt_all_noquestion so swig sees them.
124 * Bugfix: parse PTR target of .tomhendrikx.nl with error not crash.
125 * Bugfix: handle escaped characters in TXT rdata.
126 * bug292: no longer crash on malformed domain names where a label is
127 on position 255, which was a buffer overflow by one.
128 * Fix ldns_get_rr_list_hosts_frm_fp_l (strncpy to strlcpy change),
129 which fixes resolv.conf reading badly terminated string buffers.
130 * Fix ldns_pkt_set_random_id to be more random, and a little faster,
131 it did not do value 0 statistically correctly.
132 * Fix ldns_rdf2native_sockaddr_storage to set sockaddr type to zeroes,
134 * bug295: nsec3-hash routine no longer case sensitive.
135 * bug298: drill failed nsec3 denial of existence proof.
138 * Bugfix: allow for unknown resource records in zonefile with rdlen=0.
139 * Bugfix: also mark an RR as question if it comes from the wire
140 * Bugfix: NSEC3 bitmap contained NSEC
141 * Bugfix: Inherit class when creating signatures
144 * Fix Makefile patch from Havard Eidnes, better install.sh usage.
145 * Fix parse error on SOA serial of 2910532839.
146 Fix print of ';' and readback of '\;' in names, also for '\\'.
147 Fix parse of '\(' and '\)' in names. Also for file read. Also '\.'
148 * Fix signature creation when TTLs are different for RRs in RRset.
149 * bug273: fix so EDNS rdata is included in pkt to wire conversion.
150 * bug274: fix use of c++ keyword 'class' for RR class in the code.
151 * bug275: fix memory leak of packet edns rdata.
152 * Fix timeout procedure for TCP and AXFR on Solaris.
153 * Fix occasional NSEC bitmap bogus
154 * Fix rr comparing (was in reversed order since 1.6.0)
155 * bug278: fix parsing HINFO rdata (and other cases).
156 * Fix previous owner name: also pick up if owner name is @.
157 * RFC5702: enabled sha2 functions by default. This requires OpenSSL 0.9.8 or higher.
158 Reason for this default is the root to be signed with RSASHA256.
159 * Fix various LDNS RR parsing issues: IPSECKEY, WKS, NSAP, very long lines
160 * Fix: Make ldns_dname_is_subdomain case insensitive.
161 * Fix ldns-verify-zone so that address records at zone NS set are not considered glue
162 (Or glue records fall below delegation)
163 * Fix LOC RR altitude printing.
164 * Feature: Added period (e.g. '3m6d') support at explicit TTLs.
165 * Feature: DNSKEY rrset by default signed with minimal signatures
166 but -A option for ldns-signzone to sign it with all keys.
167 This makes the DNSKEY responses smaller for signed domains.
170 * --enable-gost : use the GOST algorithm (experimental).
171 * Added some missing options to drill manpage
172 * Some fixes to --without-ssl option
173 * Fixed quote parsing withing strings
174 * Bitmask fix in EDNS handling
175 * Fixed non-fqdn domain name completion for rdata field domain
177 * Fixed chain validation with SHA256 DS records
181 * Addition of an ldns-config script which gives cflags and libs
182 values, for use in configure scripts for applications that use
183 use ldns. Can be disabled with ./configure --disable-ldns-config
184 * Added direct sha1, sha256, and sha512 support in ldns.
185 With these functions, all NSEC3 functionality can still be
186 used, even if ldns is built without OpenSSL. Thanks to OpenBSD,
187 Steve Reid, and Aaron D. Gifford for the code.
188 * Added reading/writing support for the SPF Resource Record
189 * Base32 functions are now exported
191 * ldns_is_rrset did not go through the complete rrset, but
192 only compared the first two records. Thanks to Olafur
193 Gudmundsson for report and patch
194 * Fixed a small memory bug in ldns_rr_list_subtype_by_rdf(),
195 thanks to Marius Rieder for finding an patching this.
196 * --without-ssl should now work. Make sure that examples/ and
197 drill also get the --without-ssl flag on their configure, if
199 * Some malloc() return value checks have been added
200 * NSEC3 creation has been improved wrt to empty nonterminals,
202 * Fixed a bug in the parser when reading large NSEC3 salt
204 * Made the allowed length for domain names on wire
205 and presentation format the same.
207 * ldns-key2ds can now also generate DS records for keys without
209 * ldns-signzone now equalizes the TTL of the DNSKEY RRset (to
210 the first non-default DNSKEY TTL value it sees)
214 * ldns-signzone was broken in 1.5.0 for multiple keys, this
218 * Removed a small erroneous output warning in
219 examples/configure and drill/configure
223 * fixed a possible memory overflow in the RR parser
224 * build flag fix for Sun Studio
225 * fixed a building race condition in the copying of header
227 * EDNS0 extended rcode; the correct assembled code number
228 is now printed (still in the EDNS0 field, though)
229 * ldns_pkt_rr no longer leaks memory (in fact, it no longer
233 * ldns_key now has support for 'external' data, in which
234 case the OpenSSL EVP structures are not used;
235 ldns_key_set_external_key() and ldns_key_external_key()
236 * added ldns_key_get_file_base_name() which creates a
237 'default' filename base string for key storage, of the
238 form "K<zone>+<algorithm>+<keytag>"
239 * the ldns_dnssec_* family of structures now have deep_free()
240 functions, which also free the ldns_rr's contained in them
241 * there is now an ldns_match_wildcard() function, which checks
242 whether a domain name matches a wildcard name
243 * ldns_sign_public has been split up; this resulted in the
244 addition of ldns_create_empty_rrsig() and
245 ldns_sign_public_buffer()
248 * ldns-signzone can now automatically add DNSKEY records when
249 using an OpenSSL engine, as it already did when using key
251 * added new example tool: ldns-nsec3-hash
252 * ldns-dpa can now filter on specific query name and types
253 * ldnsd has fixes for the zone name, a fix for the return
254 value of recvfrom(), and an memory initialization fix
255 (Thanks to Colm MacCárthaigh for the patch)
256 * Fixed memory leaks in ldnsd
262 * fixed a build issue where ldns lib existence was done too early
263 * removed unnecessary check for pcap.h
264 * NSEC3 optout flag now correctly printed in string output
265 * inttypes.h moved to configured inclusion
266 * fixed NSEC3 type bitmaps for empty nonterminals and unsigned
270 * for that last fix, we added a new function
271 ldns_dname_add_from() that can clone parts of a dname
275 * sig chase return code fix (patch from Rafael Justo, bug id 189)
276 * rdata.c memory leaks on error and allocation checks fixed (patch
277 from Shane Kerr, bug id 188)
278 * zone.c memory leaks on error and allocation checks fixed (patch
279 from Shane Kerr, bug id 189)
280 * ldns-zplit output and error messages fixed (patch from Shane Kerr,
282 * Fixed potential buffer overflow in ldns_str2rdf_dname
283 * Signing code no longer signs delegation NS rrsets
284 * Some minor configure/makefile updates
285 * Fixed a bug in the randomness initialization
286 * Fixed a bug in the reading of resolv.conf
287 * Fixed a bug concerning whitespace in zone data (with patch from Ondrej
289 * Fixed a small fallback problem in axfr client code
292 * added 2str convenience functions:
295 - ldns_rr_type2buffer_str
296 - ldns_rr_class2buffer_str
297 * buffer2str() is now called ldns_buffer2str
298 * base32 and base64 function names are now also prepended with ldns_
299 * ldns_rr_new_frm_str() now returns an error on missing RDATA fields.
300 Since you cannot read QUESTION section RRs with this anymore,
301 there is now a function called ldns_rr_new_question_frm_str()
304 * DS RRs string representation now add bubblebabble in a comment
305 (patch from Jakob Schlyter)
307 * TCP fallback system has been improved
308 * HMAC-SHA256 TSIG support has been added.
309 * TTLS are now correcly set in NSEC(3) records when signing zones
312 * New example: ldns-revoke to revoke DNSKEYs according to RFC5011
313 * ldns-testpkts has been fixed and updated
314 * ldns-signzone now has the option to not add the DNSKEY
315 * ldns-signzone now has an (full zone only) opt-out option for
317 * ldns-keygen can create HMAC-SHA1 and HMAC-SHA256 symmetric keys
318 * ldns-walk output has been fixed
319 * ldns-compare-zones has been fixed, and now has an option
320 to show all differences (-a)
321 * ldns-read-zone now has an option to print DNSSEC records only
326 * Added a new family of functions based around ldns_dnssec_zone,
327 which is a new structure that keeps a zone sorted through an
328 rbtree and links signatures and NSEC(3) records directly to their
329 RRset. These functions all start with ldns_dnssec_
331 * ldns_zone_sign and ldns_zone_sign_nsec3 are now deprecated, but
332 have been changed to internally use the new
333 ldns_dnssec_zone_sign(_nsec3)
335 * Moved some ldns_buffer functions inline, so a clean rebuild of
336 applications relying on those is needed (otherwise you'll get
338 * ldns_dname_label now returns one extra (zero)
339 byte, so it can be seen as an fqdn.
340 * NSEC3 type code update for signing algorithms.
341 * DSA key generation of DNSKEY RRs fixed (one byte too small).
343 * Added support for RSA/SHA256 and RSA/SHA512, as specified in
344 draft-ietf-dnsext-dnssec-rsasha256-04. The typecodes are not
345 final, and this feature is not enabled by default. It can be
346 enabled at compilation time with the flag --with-sha2
348 * Added 2wire_canonical family of functions that lowercase dnames
349 in rdata fields in resource records of the types in the list in
352 * Added base32 conversion functions.
354 * Fixed DSA RRSIG conversion when calling OpenSSL
358 * Chase output is completely different, it shows, in ascii, the
359 relations in the trust hierarchy.
362 * Added ldns-verify-zone, that can verify the internal DNSSEC records
363 of a signed BIND-style zone file
365 * ldns-keygen now takes an -a argument specifying the algorithm,
366 instead of -R or -D. -a list show a list of supported algorithms
368 * ldns-keygen now defaults to the exponent RSA_F4 instead of RSA_3
369 for RSA key generation
371 * ldns-signzone now has support for HSMs
372 * ldns-signzone uses the new ldns_dnssec_ structures and functions
373 which improves its speed, and output; RRSIGS are now placed
374 directly after their RRset, NSEC(3) records directly after the
378 * new contrib/ dir with user contributions
379 * added compilation script for solaris (thanks to Jakob Schlyter)
382 * Added support for HMAC-MD5 keys in generator
383 * Added a new example tool (written by Ondrej Sury): ldns-compare-zones
384 * ldns-keygen now checks key sizes for rfc conformancy
385 * ldns-signzone outputs SSL error if present
386 * Fixed manpages (thanks to Ondrej Sury)
387 * Fixed Makefile for -j <x>
388 * Fixed a $ORIGIN error when reading zones
389 * Fixed another off-by-one error
392 * Fixed an offset error in rr comparison
393 * Fixed ldns-read-zone exit code
394 * Added check for availability of SHA256 hashing algorithm
395 * Fixed ldns-key2ds -2 argument
396 * Fixed $ORIGIN bug in .key files
397 * Output algorithms as an integer instead of their mnemonic
398 * Fixed a memory leak in dnssec code when SHA256 is not available
399 * Updated fedora .spec file
402 * canonicalization of rdata in DNSSEC functions now adheres to the
403 rr type list in rfc3597, not rfc4035, which will be updated
404 (see http://www.ops.ietf.org/lists/namedroppers/namedroppers.2007/msg00183.html)
405 * ldns-walk now support dnames with maximum label length
406 * ldnsd now takes an extra argument containing the address to listen on
407 * signing no longer signs every rrset with KSK's, but only the DNSKEY rrset
408 * ported to Solaris 10
409 * added ldns_send_buffer() function
410 * added ldns-testpkts fake packet server
411 * added ldns-notify to send NOTIFY packets
412 * ldns-dpa can now accurately calculate the number of matches per
414 * libtool is now used for compilation too (still gcc, but not directly)
416 - TSIG signing buffer size
417 - resolv.conf reading (comments)
418 - dname comparison off by one error
419 - typo in keyfetchers output file name fixed (a . too much)
420 - fixed zone file parser when comments contain ( or )
425 * drill prints error on failed axfr.
426 * drill now accepts mangled packets with -f
427 * old -c option (use tcp) changed to -t
428 * -c option to specify alternative resolv.conf file added
429 * feedback of signature chase improved
430 * chaser now stops at root when no trusted keys are found
431 instead of looping forever trying to find the DS for .
433 - wildcard on multiple labels signature verification
434 - error in -f packet writing for malformed packets
435 - made KSK check more resilient
437 7 Jul 2006: 1.1.0: ldns-team
438 * Added tutorials and an introduction to the documentation
439 * Added include/ and lib/ dirs so that you can compile against ldns
440 without installing ldns on your system
442 * Starting usage of assert throughout the library to catch illegal calls
443 * Solaris 9 testing was carried out. Ldns now compiles on that
444 platform; some gnuism were identified and fixed.
445 * The ldns_zone structure was stress tested. The current setup
446 (ie. just a list of rrs) can scale to zone file in order of
447 megabytes. Sorting such zone is still difficult.
448 * Reading multiline b64 encoded rdata works.
449 * OpenSSL was made optional, configure --without-ssl.
450 Ofcourse all dnssec/tsig related functions are disabled
451 * Building of examples and drill now happens with the same
452 defines as the building of ldns itself.
453 * Preliminary sha-256 support was added. Currently is your
454 OpenSSL supports it, it is supported in the DS creation.
455 * ldns_resolver_search was implemented
456 * Fixed a lot of bugs
459 * -r was killed in favor of -o <header bit mnemonic> which
460 allows for a header bits setting (and maybe more in the
462 * DNSSEC is never automaticaly set, even when you query
463 for DNSKEY/RRSIG or DS.
464 * Implement a crude RTT check, it now distinguishes between
465 reachable and unreachable.
466 * A form of secure tracing was added
467 * Secure Chasing has been improved
468 * -x does a reverse lookup for the given IP address
471 * ldns-dpa was added to the examples - this is the Dns Packet
473 * ldnsd - as very, very simple nameserver impl.
474 * ldns-zsplit - split zones for parrallel signing
475 * ldns-zcat - cat split zones back together
476 * ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong,
477 non-DNSSEC) anti-spoofing techniques.
478 * ldns-walk - 'Walks' a DNSSEC signed zone
479 * Added an all-static target to the makefile so you can use examples
480 without installing the library
481 * When building in the source tree or in a direct subdirectory of
482 the build dir, configure does not need --with-ldns=../ anymore
485 * All networking code was moved to net.c
486 * rdata.c: added asserts to the rdf set/get functions
487 * const keyword was added to pointer arguments that
492 * renamed ldns/dns.h to ldns/ldns.h
493 * ldns_rr_new_frm_str() is extented with an extra variable which
494 in common use may be NULL. This trickles through to:
496 o ldns_rr_new_frm_fp_l
497 Which also get an extra variable
498 Also the function has been changed to return a status message.
499 The compiled RR is returned in the first argument.
500 * ldns_zone_new_frm_fp_l() and ldns_zone_new_frm_fp() are
501 changed to return a status msg.
502 * ldns_key_new_frm_fp is changed to return ldns_status and
503 the actual key list in the first argument
504 * ldns_rdata_new_frm_fp[_l]() are changed to return a status.
505 the rdf is return in the first argument
506 * ldns_resolver_new_frm_fp: same treatment: return status and
507 the new resolver in the first argument
508 * ldns_pkt_query_new_frm_str(): same: return status and the
509 packet in the first arg
510 * tsig.h: internal used functions are now static:
511 ldns_digest_name and ldns_tsig_mac_new
512 * ldns_key_rr2ds has an extra argument to specify the hash to
514 * ldns_pkt_rcode() is renamed to ldns_pkt_get_rcode, ldns_pkt_rcode
515 is now the rcode type, like ldns_pkt_opcode
517 * ldns_resolver_searchlist_count: return the searchlist counter
518 * ldns_zone_sort: Sort a zone
519 * ldns_bgsend(): background send, returns a socket.
520 * ldns_pkt_empty(): check is a packet is empty
521 * ldns_rr_list_pop_rr_list(): pop multiple rr's from another rr_list
522 * ldns_rr_list_push_rr_list(): push multiple rr's to an rr_list
523 * ldns_rr_list_compare(): compare 2 ldns_rr_lists
524 * ldns_pkt_push_rr_list: rr_list equiv for rr
525 * ldns_pkt_safe_push_rr_list: rr_list equiv for rr
527 * ldns_resolver_bgsend(): was not used in 1.0.0 and is not used now
528 * ldns_udp_server_connect(): was faulty and isn't really part of
529 the core ldns idea any how.
530 * ldns_rr_list_insert_rr(): obsoleted, because not used.
531 * char *_when was removed from the ldns_pkt structure
533 18 Oct 2005: 1.0.0: ldns-team
534 * Commited a patch from Håkan Olsson
535 * Added UPDATE support (Jakob Schlyter and Håkan Olsson)
536 * License change: ldns is now BSD licensed
537 * ldns now depends on SSL
538 * Networking code cleanup, added (some) server udp/tcp support
539 * A zone type is introduced. Currently this is a list
540 of RRs, so it will not scale well.
541 * [beta] Zonefile parsing was added
542 * [tools] Drill was added to ldns - see drill/
543 * [tools] experimental signer was added
544 * [building] better check for ssl
545 * [building] major revision of build system
546 * [building] added rpm .spec in packaging/ (thanks to Paul Wouters)
547 * [building] A lot of cleanup in the build scripts (thanks to Jakob Schlyter
550 28 Jul 2005: 0.70: ldns-team
551 * [func] ldns_pkt_get_section now returns copies from the rrlists
552 in the packet. This can be freed by the user program
553 * [code] added ldns_ prefixes to function from util.h
554 * [inst] removed documentation from default make install
555 * Usual fixes in documentation and code
557 20 Jun 2005: 0.66: ldns-team
558 Rel. Focus: drill-pre2 uses some functions which are
560 * dnssec_cd bit function was added
561 * Zone infrastructure was added
562 * Usual fixes in documentation and code
564 13 Jun 2005: 0.65: ldns-team
565 * Repository is online at:
566 http://www.nlnetlabs.nl/ldns/svn/
567 * Apply reference copying throuhgout ldns, except in 2
568 places in the ldns_resolver structure (._domain and
570 * Usual array of bugfixes
571 * Documentation added
572 * keygen.c added as an example for DNSSEC programming
574 23 May 2005: 0.60: ldns-team
575 * Removed config.h from the header installed files
576 (you're not supposed to include that in a libary)
578 - DNSSEC signing/verification works
579 - Assorted bug fixes and tweaks (memory management)
581 May 2005: 0.50: ldns-team
582 * First usable release
583 * Basic DNS functionality works
584 * DNSSEC validation works