--- /dev/null
+
+ --- 9.5.2 released ---
+
+2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
+ decoded. [RT #20269]
+
+2678. [func] Treat DS queries as if "minimal-response yes;"
+ was set. [RT #20258]
+
+2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
+ was set. [RT #18528]
+
+ --- 9.5.2rc1 released ---
+
+2672. [bug] Don't enable searching in 'host' when doing reverse
+ lookups. [RT #20218]
+
+2670. [bug] Unexpected connect failures failed to log enough
+ information to be useful. [RT #20205]
+
+2663. [func] win32: allow named to run as a service using
+ "NT AUTHORITY\LocalService" as the account. [RT #19977]
+
+2656. [func] win32: add a "tools only" check box to the installer
+ which causes it to only install dig, host, nslookup,
+ nsupdate and relevent dlls. [RT #19998]
+
+2655. [doc] Document that key-directory does not affect
+ rndc.key. [RT #20155]
+
+ --- 9.5.2b1 released ---
+
+2649. [bug] Set the domain for forward only zones. [RT #19944]
+
+2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
+
+2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
+
+2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
+ which default to 64 bits. [RT #19927]
+
+2642. [bug] nsupdate could dump core on solaris when reading
+ improperly formatted key files. [RT #20015]
+
+2640. [security] A specially crafted update packet will cause named
+ to exit. [RT #20000]
+
+2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
+ [RT #19959]
+
+2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
+ [RT #19716]
+
+2633. [bug] Handle 15 bit rand() functions. [RT #19783]
+
+2632. [func] util/kit.sh: warn if documentation appears to be out of
+ date. [RT #19922]
+
+2623. [bug] Named started seaches for DS non-optimally. [RT #19915]
+
+2621. [doc] Made copyright boilterplate consistent. [RT #19833]
+
+2920. [bug] Delay thawing the zone until the reload of it has
+ completed successfully. [RT #19750]
+
+2618. [bug] The sdb and sdlz db_interator_seek() methods could
+ loop infinitely. [RT #19847]
+
+2617. [bug] ifconfig.sh failed to emit an error message when
+ run from the wrong location. [RT #19375]
+
+2616. [bug] 'host' used the nameservers from resolv.conf even
+ when a explicit nameserver was specified. [RT #19852]
+
+2615. [bug] "__attribute__((unused))" was in the wrong place
+ for ia64 gcc builds. [RT #19854]
+
+2614. [port] win32: 'named -v' should automatically be executed
+ in the foreground. [RT #19844]
+
+2610. [port] sunos: Change #2363 was not complete. [RT #19796]
+
+2606. [bug] "delegation-only" was not being accepted in
+ delegation-only type zones. [RT #19717]
+
+2605. [bug] Accept DS responses from delegation only zones.
+ [RT # 19296]
+
+2603. [port] win32: handle .exe extension of named-checkzone and
+ named-comilezone argv[0] names under windows.
+ [RT #19767]
+
+2602. [port] win32: fix debugging command line build of libisccfg.
+ [RT #19767]
+
+2599. [bug] Address rapid memory growth when validation fails.
+ [RT #19654]
+
+2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
+ long, leading to inefficient memory usage or rejecting
+ newer cache entries in the worst case. [RT #19563]
+
+2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
+
+2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
+
+2591. [bug] named could die when processing a update in
+ removed_orphaned_ds(). [RT #19507]
+
+2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
+ [RT #19626]
+
+2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
+ or SDB. [RT #19577]
+
+2585. [bug] Uninitialized socket name could be referenced via a
+ statistics channel, triggering an assertion failure in
+ XML rendering. [RT #19427]
+
+2584. [bug] alpha: gcc optimization could break atomic operations.
+ [RT #19227]
+
+2583. [port] netbsd: provide a control to not add the compile
+ date to the version string, -DNO_VERSION_DATE.
+
+2582. [bug] Don't emit warning log message when we attempt to
+ remove non-existant journal. [RT #19516]
+
+2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
+ Requires MySQL 5.0.19 or later. [RT #19084]
+
+2580. [bug] UpdateRej statistics counter could be incremented twice
+ for one rejection. [RT #19476]
+
+2579. [bug] DNSSEC lookaside validation failed to handle unknown
+ algorithms. [RT #19479]
+
+2577. [doc] Clarified some statistics counters. [RT #19454]
+
+2573. [bug] Replacing a non-CNAME record with a CNAME record in a
+ single transaction in a signed zone failed. [RT #19397]
+
+2568. [bug] Report when the write to indicate a otherwise
+ successful start fails. [RT #19360]
+
+2567. [bug] dst__privstruct_writefile() could miss write errors.
+ write_public_key() could miss write errors.
+ [RT #19360]
+
+2564. [bug] Only take EDNS fallback steps when processing timeouts.
+ [RT #19405]
+
+2563. [bug] Dig could leak a socket causing it to wait forever
+ to exit. [RT #19359]
+
+2562. [doc] ARM: miscellaneous improvements, reorganization,
+ and some new content.
+
+2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
+
+2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
+
+2557. [cleanup] PCI compliance:
+ * new libisc log module file
+ * isc_dir_chroot() now also changes the working
+ directory to "/".
+ * additional INSISTs
+ * additional logging when files can't be removed.
+
+2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
+
+2552. [bug] zero-no-soa-ttl-cache was not being honoured.
+ [RT #19340]
+
+2551. [bug] Potential Reference leak on return. [RT #19341]
+
+2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
+ [RT #19343]
+
+2549. [port] linux: define NR_OPEN if not currently defined.
+ [RT #19344]
+
+2547. [bug] openssl_link.c:mem_realloc() could reference an
+ out-of-range area of the source buffer. New public
+ function isc_mem_reallocate() was introduced to address
+ this bug. [RT #19313]
+
+2545. [doc] ARM: Legal hostname checking (check-names) is
+ for SRV RDATA too. [RT #19304]
+
+2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
+
+2542. [doc] Update the description of dig +adflag. [RT #19290]
+
+2541. [bug] Conditionally update dispatch manager statistics.
+ [RT #19247]
+
+2539. [security] Update the interaction between recursion, allow-query,
+ allow-query-cache and allow-recursion. [RT #19198]
+
+2538. [bug] cache/ADB memory could grow over max-cache-size,
+ especially with threads and smaller max-cache-size
+ values. [RT #19240]
+
+2537. [experimental] Added more statistics counters including those on socket
+ I/O events and query RTT histograms. [RT #18802]
+
+2536. [cleanup] Silence some warnings when -Werror=format-security is
+ specified. [RT #19083]
+
+2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
+
+2532. [bug] dig: check the question section of the response to
+ see if it matches the asked question. [RT #18495]
+
+2531. [bug] Change #2207 was incomplete. [RT #19098]
+
+2529. [cleanup] Upgrade libtool to silence complaints from recent
+ version of autoconf. [RT #18657]
+
+2528. [cleanup] Silence spurious configure warning about
+ --datarootdir [RT #19096]
+
+2527. [bug] named could reuse cache on reload with
+ enabling/disabling validation. [RT #19119]
+
+2525. [experimental] New logging category "query-errors" to provide detailed
+ internal information about query failures, especially
+ about server failures. [RT #19027]
+
+2523. [bug] Random type rdata freed by dns_nsec_typepresent().
+ [RT #19112]
+
+2522. [security] Handle -1 from DSA_do_verify().
+
+2521. [bug] Improve epoll cross compilation support. [RT #19047]
+
+2519. [bug] dig/host with -4 or -6 didn't work if more than two
+ nameserver addresses of the excluded address family
+ preceded in resolv.conf. [RT #19081]
+
+2517. [bug] dig +trace with -4 or -6 failed when it chose a
+ nameserver address of the excluded address type.
+ [RT #18843]
+
+2516. [bug] glue sort for responses was performed even when not
+ needed. [RT #19039]
+
+2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
+ a nameserver of the excluded address family.
+ [RT #18848]
+
+2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
+ [RT #18885]
+
+2506. [port] solaris: Check at configure time if
+ hack_shutup_pthreadonceinit is needed. [RT #19037]
+
+2505. [port] Treat amd64 similarly to x86_64 when determining
+ atomic operation support. [RT #19031]
+
+2503. [port] linux: improve compatibility with Linux Standard
+ Base. [RT #18793]
+
+2502. [cleanup] isc_radix: Improve compliance with coding style,
+ document function in <isc/radix.h>. [RT #18534]
+
+2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
+ function. [RT #18582]
+
+2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
+ [RT #18837]
+
+ --- 9.5.1 released ---
+
+2520. [bug] Update xml statistics version number to 2.0 as change
+ #2388 made the schema incompatible to the previous
+ version. [RT #19080]
+
+ --- 9.5.1rc2 released ---
+
+2513 [bug] Fix windows cli build. [RT #19062]
+
+2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
+ [RT #19033]
+
+2509. [bug] Specifying a fixed query source port was broken.
+ [RT #19051]
+
+2504. [bug] Address race condition in the socket code. [RT #18899]
+
+ --- 9.5.1rc1 released ---
+
+2498. [bug] Removed a bogus function argument used with
+ ISC_SOCKET_USE_POLLWATCH: it could cause compiler
+ warning or crash named with the debug 1 level
+ of logging. [RT #18917]
+
+2496. [bug] Add sanity length checks to NSID option. [RT #18813]
+
+2495. [bug] Tighten RRSIG checks. [RT #18795]
+
+2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
+ installed. [RT #18826]
+
+2493. [bug] The linux capabilites code was not correctly cleaning
+ up after itself. [RT #18767]
+
+2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
+ is cleared when IPV6_V6ONLY is set. [RT #18785]
+
+2489. [port] solaris: Workaround Solaris's kernel bug about
+ /dev/poll:
+ http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
+ Define ISC_SOCKET_USE_POLLWATCH at build time to enable
+ this workaround. [RT #18870]
+
+2487. [bug] Give TCP connections longer to complete. [RT #18675]
+
+2485. [bug] Change update's the handling of obscured RRSIG
+ records. Not all orphand DS records were being
+ removed. [RT #18828]
+
+2482. [port] libxml2: support versions 2.7.* in addition
+ to 2.6.*. [RT #18806]
+
+2479. [bug] xfrout:covers was not properly initalized. [RT #18801]
+
+2478. [bug] 'addresses' could be used uninitalized in
+ configure_forward(). [RT #18800]
+
+2476. [doc] ARM: improve documentation for max-journal-size and
+ ixfr-from-differences. [RT #15909] [RT #18541]
+
+ --- 9.5.1b3 released ---
+
+2475. [bug] LRU cache cleanup under overmem condition could purge
+ particular entries more aggressively. [RT #17628]
+
+2474. [bug] ACL structures could be allocated with insufficient
+ space, causing an array overrun. [RT #18765]
+
+2473. [port] linux: raise the limit on open files to the possible
+ maximum value before spawning threads; 'files'
+ specified in named.conf doesn't seem to work with
+ threads as expected. [RT #18784]
+
+2472. [port] linux: check the number of available cpu's before
+ calling chroot as it depends on "/proc". [RT #16923]
+
+2471. [bug] named-checkzone was not reporting missing mandatory
+ glue when sibling checks were disabled. [RT #18768]
+
+2470. [bug] Elements of the isc_radix_node_t could be incorrectly
+ overwritten. [RT# 18719]
+
+2469. [port] solaris: Work around Solaris's select() limitations.
+ [RT #18769]
+
+2468. [bug] Resolver could try unreachable servers multiple times.
+ [RT #18739]
+
+2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
+
+2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
+ [RT #18302]
+
+2465. [bug] Adb's handling of lame addresses was different
+ for IPv4 and IPv6. [RT #18738]
+
+2464. [port] linux: check that a capability is present before
+ trying to set it. [RT #18135]
+
+2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
+ API and glibc hides parts of the IPv6 Advanced Socket
+ API as a result. This is stupid as it breaks how the
+ two halves (Basic and Advanced) of the IPv6 Socket API
+ were designed to be used but we have to live with it.
+ Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
+ API. [RT #18388]
+
+2462. [doc] Document -m (enable memory usage debugging)
+ option for dig. [RT #18757]
+
+2461. [port] sunos: Change #2363 was not complete. [RT #17513]
+
+2458. [doc] ARM: update and correction for max-cache-size.
+ [RT #18294]
+
+2457. [tuning] max-cache-size is reverted to 0, the previous
+ default. It should be safe because expired cache
+ entries are also purged. [RT #18684]
+
+2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
+ address, regardless of family. They now correctly
+ distinguish IPv4 from IPv6. [RT #18559]
+
+2455. [bug] Stop metadata being transferred via axfr/ixfr.
+ [RT #18639]
+
+2453. [bug] Remove NULL pointer dereference in dns_journal_print().
+ [RT #18316]
+
+2451. [port] solaris: handle runtime linking better. [RT #18356]
+
+2449. [bug] libbind: Out of bounds reference in dns_ho.c:addrsort.
+ [RT #18044]
+
+2445. [doc] ARM out-of-date on empty reverse zones (list includes
+ RFC1918 address, but these are not yet compiled in).
+ [RT #18578]
+
+2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
+ (clear DF) for UDP responses and requests.
+
+2387. [bug] Silence compiler warnings in lib/isc/radix.c.
+ [RT #18147] [RT #18258]
+
+2369. [bug] libbind: Array bounds overrun on read in bitncmp().
+ [RT #18054]
+
+ --- 9.5.1b2 released ---
+
+2443. [bug] win32: UDP connect() would not generate an event,
+ and so connected UDP sockets would never clean up.
+ Fix this by doing an immediate WSAConnect() rather
+ than an io completion port type for UDP.
+
+2442. [bug] A lock could be destroyed twice. [RT# 18626]
+
+2441. [bug] isc_radix_insert() could copy radix tree nodes
+ incompletely. [RT #18573]
+
+2440. [bug] named-checkconf used an incorrect test to determine
+ if an ACL was set to none.
+
+2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
+ [RT #18559]
+
+2438. [bug] Timeouts could be logged incorrectly under win32.
+ [RT #18617]
+
+2437. [bug] Sockets could be closed too early, leading to
+ inconsistent states in the socket module. [RT #18298]
+
+2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
+
+2435. [bug] Fixed an ACL memory leak affecting win32.
+
+2434. [bug] Fixed a minor error-reporting bug in
+ lib/isc/win32/socket.c.
+
+2433. [tuning] Set initial timeout to 800ms.
+
+2432. [bug] More Windows socket handling improvements. Stop
+ using I/O events and use IO Completion Ports
+ throughout. Rewrite the receive path logic to make
+ it easier to support multiple simultaneous
+ requesters in the future. Add stricter consistency
+ checking as a compile-time option (define
+ ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
+
+2431. [bug] Acl processing could leak memory. [RT #18323]
+
+2430. [bug] win32: isc_interval_set() could round down to
+ zero if the input was less than NS_INTERVAL
+ nanoseconds. Round up instead. [RT #18549]
+
+2429. [doc] nsupdate should be in section 1 of the man pages.
+ [RT #18283]
+
+2428. [bug] dns_iptable_merge() mishandled merges of negative
+ tables. [RT #18409]
+
+2426. [bug] libbind: inet_net_pton() can sometimes return the
+ wrong value if excessively large net masks are
+ supplied. [RT #18512]
+
+2425. [bug] named didn't detect unavailable query source addresses
+ at load time. [RT #18536]
+
+2424. [port] configure now probes for a working epoll
+ implementation. Allow the use of kqueue,
+ epoll and /dev/poll to be selected at compile
+ time. [RT #18277]
+
+2422. [bug] Handle the special return value of a empty node as
+ if it was a NXRRSET in the validator. [RT #18447]
+
+2421. [func] Add new command line option '-S' for named to specify
+ the max number of sockets. [RT #18493]
+ Use caution: this option may not work for some
+ operating systems without rebuilding named.
+
+2420. [bug] Windows socket handling cleanup. Let the io
+ completion event send out cancelled read/write
+ done events, which keeps us from writing to memory
+ we no longer have ownership of. Add debugging
+ socket_log() function. Rework TCP socket handling
+ to not leak sockets.
+
+2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
+ should not be used for isc_sockettype_fdwatch sockets.
+ [RT #18521]
+
+2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
+ [RT #18430]
+
+2417. [bug] Connecting UDP sockets for outgoing queries could
+ unexpectedly fail with an 'address already in use'
+ error. [RT #18411]
+
+2416. [func] Log file descriptors that cause exceeding the
+ internal maximum. [RT #18460]
+
+2415. [bug] 'rndc dumpdb' could trigger various assertion failures
+ in rbtdb.c. [RT #18455]
+
+2414. [bug] A masterdump context held the database lock too long,
+ causing various troubles such as dead lock and
+ recursive lock acquisition. [RT #18311, #18456]
+
+2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
+
+2412. [bug] win32: address a resourse leak. [RT #18374]
+
+2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
+ for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
+ at compilation time. [RT #18433]
+
+ Note: with changes #2469 and #2421 above, there is no
+ need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
+ any more.
+
+2410. [bug] Correctly delete m_versionInfo. [RT #18432]
+
+2409. [bug] Only log that we disabled EDNS processing if we were
+ subsequently successful. [RT #18029]
+
+2408. [bug] A duplicate TCP dispatch event could be sent, which
+ could then trigger an assertion failure in
+ resquery_response(). [RT #18275]
+
+2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
+
+2405. [cleanup] The default value for dnssec-validation was changed to
+ "yes" in 9.5.0-P1 and all subsequent releases; this
+ was inadvertently omitted from CHANGES at the time.
+
+2404. [port] hpux: files unlimited support.
+
+2403. [bug] TSIG context leak. [RT #18341]
+
+2402. [port] Support Solaris 2.11 and over. [RT #18362]
+
+2401. [bug] Expect to get E[MN]FILE errno internal_accept()
+ (from accept() or fcntl() system calls). [RT #18358]
+
+2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
+ [RT #18297]
+
+2398. [bug] Improve file descriptor management. New,
+ temporary, named.conf option reserved-sockets,
+ default 512. [RT #18344]
+
+2397. [bug] gssapi_functions bad declaration. [RT #18355]
+
+2396. [bug] Don't set SO_REUSEADDR for randomized ports.
+ [RT #18336]
+
+2395. [port] Avoid warning and no effect from "files unlimited"
+ on Linux when running as root. [RT #18335]
+
+2394. [bug] Default configuration options set the limit for
+ open files to 'unlimited' as described in the
+ documentation. [RT #18331]
+
+2393. [bug] nested acls containing keys could trigger an
+ assertion in acl.c. [RT #18166]
+
+2392. [bug] remove 'grep -q' from acl test script, some platforms
+ don't support it. [RT #18253]
+
+2391. [port] hpux: cover additional recvmsg() error codes.
+ [RT #18301]
+
+2390. [bug] dispatch.c could make a false warning on 'odd socket'.
+ [RT #18301].
+
+2389. [bug] Move the "working directory writable" check to after
+ the ns_os_changeuser() call. [RT #18326]
+
+2388. [bug] Avoid using tables for layout purposes in
+ statistics XSL [RT #18159].
+
+2386. [func] Add warning about too small 'open files' limit.
+ [RT #18269]
+
+ --- 9.5.1b1 released ---
+
+2385. [bug] A condition variable in socket.c could leak in
+ rare error handling [RT #17968].
+
+2384. [security] Additional support for query port randomization (change
+ #2375) including performance improvement and port range
+ specification. [RT #17949, #18098]
+
+2383. [bug] named could double queries when they resulted in
+ SERVFAIL due to overkilling EDNS0 failure detection.
+ [RT #18182]
+
+2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
+ to ARM.
+
+2381. [port] dlz/mysql: support multiple install layouts for
+ mysql. <prefix>/include/{,mysql/}mysql.h and
+ <prefix>/lib/{,mysql/}. [RT #18152]
+
+2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
+ proofs which, in turn, caused validation failures
+ for insecure zones immediately below a secure zone
+ the server was authoritative for. [RT #18112]
+
+2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
+ TLDs and supported RRs with TTLs [RT #17972]
+
+2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
+ [RT #18169]
+
+2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
+
+2376. [bug] Change #2144 was not complete.
+
+2375. [security] Fully randomize UDP query ports to improve
+ forgery resilience. [RT #17949]
+
+2373. [bug] Default values of zone ACLs were re-parsed each time a
+ new zone was configured, causing an overconsumption
+ of memory. [RT #18092]
+
+ --- 9.5.0 released ---
+
+2374. [bug] "blackhole" ACLs could cause named to segfault due
+ to some uninitialized memory. [RT #18095]
+
+2372. [bug] fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
+
+2371. [doc] add +nsid option to dig man page. [RT #18039]
+
+2370. [bug] "rndc freeze" could trigger an assertion in named
+ when called on a nonexistent zone. [RT #18050]
+
+ --- 9.5.0rc1 released ---
+
+2368. [port] Linux: use libcap for capability management if
+ possible. [RT# 18026]
+
+2367. [bug] Improve counting of dns_resstatscounter_retry
+ [RT #18030]
+
+2366. [bug] Adb shutdown race. [RT #18021]
+
+2365. [bug] Fix a bug that caused dns_acl_isany() to return
+ spurious results. [RT #18000]
+
+2364. [bug] named could trigger an assertion when serving a
+ malformed signed zone. [RT #17828]
+
+2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
+ [RT #17513]
+
+2362. [cleanup] Make "rrset-order fixed" a compile-time option.
+ settable by "./configure --enable-fixed-rrset".
+ Disabled by default. [RT #17977]
+
+2361. [bug] "recursion" statistics counter could be counted
+ multiple times for a single query. [RT #17990]
+
+ --- 9.5.0b3 released ---
+
+2360. [bug] Fix a condition where we release a database version
+ (which may acquire a lock) while holding the lock.
+
+2359. [bug] Fix NSID bug. [RT #17942]
+
+2358. [doc] Update host's default query description. [RT #17934]
+
+2356. [bug] Built in mutex profiler was not scalable enough.
+ [RT #17436]
+
+2355. [func] Extend the number statistics counters available.
+ [RT #17590]
+
+2354. [bug] Failed to initialize some rdatasetheader_t elements.
+ [RT #17927]
+
+2353. [func] Add support for Name Server ID (RFC 5001).
+ 'dig +nsid' requests NSID from server.
+ 'request-nsid yes;' causes recursive server to send
+ NSID requests to upstream servers. Server responds
+ to NSID requests with the string configured by
+ 'server-id' option. [RT #17091]
+
+2352. [bug] Various GSS_API fixups. [RT #17729]
+
+2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
+
+2350. [port] win32: IPv6 support. [RT #17797]
+
+2347. [bug] Delete now traverses the RB tree in the canonical
+ order. [RT #17451]
+
+2346. [func] Memory statistics now cover all active memory contexts
+ in increased detail. [RT #17580]
+
+2345. [bug] named-checkconf failed to detect when forwarders
+ were set at both the options/view level and in
+ a root zone. [RT #17671]
+
+2344. [bug] Improve "logging{ file ...; };" documentation.
+ [RT #17888]
+
+2343. [bug] (Seemingly) duplicate IPv6 entries could be
+ created in ADB. [RT #17837]
+
+2341. [bug] libbind: add missing -I../include for off source
+ tree builds. [RT #17606]
+
+2340. [port] openbsd: interface configuration. [RT #17700]
+
+2339. [port] tru64: support for libbind. [RT #17589]
+
+2338. [bug] check_ds() could be called with a non DS rdataset.
+ [RT #17598]
+
+2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
+
+2335. [port] sunos: libbind and *printf() support for long long.
+ [RT #17513]
+
+2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
+ bug in fromstruct_txt(). [RT #17609]
+
+2333. [bug] Fix off by one error in isc_time_nowplusinterval().
+ [RT #17608]
+
+2332. [contrib] query-loc-0.4.0. [RT #17602]
+
+2331. [bug] Failure to regenerate any signatures was not being
+ reported nor being past back to the UPDATE client.
+ [RT #17570]
+
+2330. [bug] Remove potential race condition when handling
+ over memory events. [RT #17572]
+
+ WARNING: API CHANGE: over memory callback
+ function now needs to call isc_mem_waterack().
+ See <isc/mem.h> for details.
+
+2329. [bug] Clearer help text for dig's '-x' and '-i' options.
+
+2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
+ F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
+ J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
+ M.ROOT-SERVERS.NET.
+
+2327. [bug] It was possible to dereference a NULL pointer in
+ rbtdb.c. Implement dead node processing in zones as
+ we do for caches. [RT #17312]
+
+2326. [bug] It was possible to trigger a INSIST in the acache
+ processing.
+
+2325. [port] Linux: use capset() function if available. [RT #17557]
+
+ --- 9.5.0b2 released ---
+
+2324. [bug] Fix IPv6 matching against "any;". [RT #17533]
+
+2323. [port] tru64: namespace clash. [RT #17547]
+
+2322. [port] MacOS: work around the limitation of setrlimit()
+ for RLIMIT_NOFILE. [RT #17526]
+
+2320. [func] Make statistics counters thread-safe for platforms
+ that support certain atomic operations. [RT #17466]
+
+2319. [bug] Silence Coverity warnings in
+ lib/dns/rdata/in_1/apl_42.c. [RT #17469]
+
+2318. [port] sunos fixes for libbind. [RT #17514]
+
+2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
+
+2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
+ [RT #17513]
+
+2315. [bug] Used incorrect address family for mapped IPv4
+ addresses in acl.c. [RT #17519]
+
+2314. [bug] Uninitialized memory use on error path in
+ bin/named/lwdnoop.c. [RT #17476]
+
+2313. [cleanup] Silence Coverity warnings. Handle private stacks.
+ [RT #17447] [RT #17478]
+
+2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
+ [RT #17458]
+
+2311. [bug] IPv6 addresses could match IPv4 ACL entries and
+ vice versa. [RT #17462]
+
+2310. [bug] dig, host, nslookup: flush stdout before emitting
+ debug/fatal messages. [RT #17501]
+
+2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
+ [RT #17455]
+
+2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
+ [RT #17495]
+
+2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
+
+2306. [bug] Remove potential race from lib/dns/resolver.c.
+ [RT #17470]
+
+2305. [security] inet_network() buffer overflow. CVE-2008-0122.
+
+2304. [bug] Check returns from all dns_rdata_tostruct() calls.
+ [RT #17460]
+
+2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
+ [RT #17471]
+
+2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
+
+2301. [bug] Remove resource leak and fix error messages in
+ bin/tests/system/lwresd/lwtest.c. [RT #17474]
+
+2300. [bug] Fixed failure to close open file in
+ bin/tests/names/t_names.c. [RT #17473]
+
+2299. [bug] Remove unnecessary NULL check in
+ bin/nsupdate/nsupdate.c. [RT #17475]
+
+2298. [bug] isc_mutex_lock() failure not caught in
+ bin/tests/timers/t_timers.c. [RT #17468]
+
+2297. [bug] isc_entropy_createfilesource() failure not caught in
+ bin/tests/dst/t_dst.c. [RT #17467]
+
+2296. [port] Allow docbook stylesheet location to be specified to
+ configure. [RT #17457]
+
+2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
+ [RT #17459]
+
+2294. [func] Allow the experimental statistics channels to have
+ multiple connections and ACL.
+ Note: the stats-server and stats-server-v6 options
+ available in the previous beta releases are replaced
+ with the generic statistics-channels statement.
+
+2293. [func] Add ACL regression test. [RT #17375]
+
+2292. [bug] Log if the working directory is not writable.
+ [RT #17312]
+
+2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
+ failure to set PR_SET_DUMPABLE. [RT #17312]
+
+2290. [bug] Let AD in the query signal that the client wants AD
+ set in the response. [RT #17301]
+
+2288. [port] win32: mark service as running when we have finished
+ loading. [RT #17441]
+
+2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
+
+2284. [bug] Memory leak in UPDATE prerequisite processing.
+ [RT #17377]
+
+2283. [bug] TSIG keys were not attaching to the memory
+ context. TSIG keys should use the rings
+ memory context rather than the clients memory
+ context. [RT #17377]
+
+2282. [bug] Acl code fixups. [RT #17346] [RT #17374]
+
+2281. [bug] Attempts to use undefined acls were not being logged.
+ [RT #17307]
+
+2280. [func] Allow the experimental http server to be reached
+ over IPv6 as well as IPv4. [RT #17332]
+
+2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
+ to protect applications from receiving spurious
+ SIGPIPE signals when using the resolver.
+
+2278. [bug] win32: handle the case where Windows returns no
+ search list or DNS suffix. [RT #17354]
+
+2277. [bug] Empty zone names were not correctly being caught at
+ in the post parse checks. [RT #17357]
+
+2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
+
+2275. [func] Add support to dig to perform IXFR queries over UDP.
+ [RT #17235]
+
+2274. [func] Log zone transfer statistics. [RT #17336]
+
+2273. [bug] Adjust log level to WARNING when saving inconsistent
+ stub/slave master and journal files. [RT# 17279]
+
+2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
+ [RT #17262]
+
+2271. [bug] Fix a memory leak in http server code [RT #17100]
+
+2270. [bug] dns_db_closeversion() version->writer could be reset
+ before it is tested. [RT #17290]
+
+2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
+
+2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
+ list.
+
+ --- 9.5.0b1 released ---
+
+2267. [bug] Radix tree node_num value could be set incorrectly,
+ causing positive ACL matches to look like negative
+ ones. [RT #17311]
+
+2266. [bug] client.c:get_clientmctx() returned the same mctx
+ once the pool of mctx's was filled. [RT #17218]
+
+2265. [bug] Test that the memory context's basic_table is non NULL
+ before freeing. [RT #17265]
+
+2264. [bug] Server prefix length was being ignored. [RT #17308]
+
+2263. [bug] "named-checkconf -z" failed to set default value
+ for "check-integrity". [RT #17306]
+
+2262. [bug] Error status from all but the last view could be
+ lost. [RT #17292]
+
+2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
+
+2260. [bug] Reported wrong clients-per-query when increasing the
+ value. [RT #17236]
+
+2259. [placeholder]
+
+ --- 9.5.0a7 released ---
+
+2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
+ [RT #17241]
+
+2257. [bug] win32: Use the full path to vcredist_x86.exe when
+ calling it. [RT #17222]
+
+2256. [bug] win32: Correctly register the installation location of
+ bindevt.dll. [RT #17159]
+
+2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
+
+2254. [bug] timer.c:dispatch() failed to lock timer->lock
+ when reading timer->idle allowing it to see
+ intermediate values as timer->idle was reset by
+ isc_timer_touch(). [RT #17243]
+
+2253. [func] "max-cache-size" defaults to 32M.
+ "max-acache-size" defaults to 16M.
+
+2252. [bug] Fixed errors in sortlist code [RT #17216]
+
+2251. [placeholder]
+
+2250. [func] New flag 'memstatistics' to state whether the
+ memory statistics file should be written or not.
+ Additionally named's -m option will cause the
+ statistics file to be written. [RT #17113]
+
+2249. [bug] Only set Authentic Data bit if client requested
+ DNSSEC, per RFC 3655 [RT #17175]
+
+2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
+
+2247. [doc] Sort doc/misc/options. [RT #17067]
+
+2246. [bug] Make the startup of test servers (ans.pl) more
+ robust. [RT #17147]
+
+2245. [bug] Validating lack of DS records at trust anchors wasn't
+ working. [RT #17151]
+
+2244. [func] Allow the check of nameserver names against the
+ SOA MNAME field to be disabled by specifying
+ 'notify-to-soa yes;'. [RT #17073]
+
+2243. [func] Configuration files without a newline at the end now
+ parse without error. [RT #17120]
+
+2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
+ library could require a source of random data.
+ [RT #17127]
+
+2241. [func] nsupdate: add a interactive 'help' command. [RT #17099]
+
+2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
+ a number of INSIST()s into plain fatal() errors
+ which report the triggering result code.
+ The 'key' command wasn't disabling GSS-TSIG.
+ [RT #17099]
+
+2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
+
+2238. [bug] It was possible to trigger a REQUIRE when a
+ validation was canceled. [RT #17106]
+
+2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
+
+2236. [bug] dnssec-signzone failed to preserve the case of
+ of wildcard owner names. [RT #17085]
+
+2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
+
+2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
+
+2233. [func] Add support for O(1) ACL processing, based on
+ radix tree code originally written by Kevin
+ Brintnall. [RT #16288]
+
+2232. [bug] dns_adb_findaddrinfo() could fail and return
+ ISC_R_SUCCESS. [RT #17137]
+
+2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
+ [RT #17088]
+
+2230. [bug] We could INSIST reading a corrupted journal.
+ [RT #17132]
+
+2229. [bug] Null pointer dereference on query pool creation
+ failure. [RT #17133]
+
+2228. [contrib] contrib: Change 2188 was incomplete.
+
+2227. [cleanup] Tidied up the FAQ. [RT #17121]
+
+2226. [placeholder]
+
+2225. [bug] More support for systems with no IPv4 addresses.
+ [RT #17111]
+
+2224. [bug] Defer journal compaction if a xfrin is in progress.
+ [RT #17119]
+
+2223. [bug] Make a new journal when compacting. [RT #17119]
+
+2222. [func] named-checkconf now checks server key references.
+ [RT #17097]
+
+2221. [bug] Set the event result code to reflect the actual
+ record turned to caller when a cache update is
+ rejected due to a more credible answer existing.
+ [RT #17017]
+
+2220. [bug] win32: Address a race condition in final shutdown of
+ the Windows socket code. [RT #17028]
+
+2219. [bug] Apply zone consistency checks to additions, not
+ removals, when updating. [RT #17049]
+
+2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
+ [RT #16976]
+
+2217. [func] Adjust update log levels. [RT #17092]
+
+2216. [cleanup] Fix a number of errors reported by Coverity.
+ [RT #17094]
+
+2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
+
+2214. [bug] Deregister OpenSSL lock callback when cleaning
+ up. Reorder OpenSSL cleanup so that RAND_cleanup()
+ is called before the locks are destroyed. [RT #17098]
+
+2213. [bug] SIG0 diagnostic failure messages were looking at the
+ wrong status code. [RT #17101]
+
+2212. [func] 'host -m' now causes memory statistics and active
+ memory to be printed at exit. [RT 17028]
+
+2211. [func] Update "dynamic update temporarily disabled" message.
+ [RT #17065]
+
+2210. [bug] Deleting class specific records via UPDATE could
+ fail. [RT #17074]
+
+2209. [port] osx: linking against user supplied static OpenSSL
+ libraries failed as the system ones were still being
+ found. [RT #17078]
+
+2208. [port] win32: make sure both build methods produce the
+ same output. [RT #17058]
+
+2207. [port] Some implementations of getaddrinfo() fail to set
+ ai_canonname correctly. [RT #17061]
+
+ --- 9.5.0a6 released ---
+
+2206. [security] "allow-query-cache" and "allow-recursion" now
+ cross inherit from each other.
+
+ If allow-query-cache is not set in named.conf then
+ allow-recursion is used if set, otherwise allow-query
+ is used if set, otherwise the default (localnets;
+ localhost;) is used.
+
+ If allow-recursion is not set in named.conf then
+ allow-query-cache is used if set, otherwise allow-query
+ is used if set, otherwise the default (localnets;
+ localhost;) is used.
+
+ [RT #16987]
+
+2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
+
+2204. [bug] "rndc flushanme name unknown-view" caused named
+ to crash. [RT #16984]
+
+2203. [security] Query id generation was cryptographically weak.
+ [RT # 16915]
+
+2202. [security] The default acls for allow-query-cache and
+ allow-recursion were not being applied. [RT #16960]
+
+2201. [bug] The build failed in a separate object directory.
+ [RT #16943]
+
+2200. [bug] The search for cached NSEC records was stopping to
+ early leading to excessive DLV queries. [RT #16930]
+
+2199. [bug] win32: don't call WSAStartup() while loading dlls.
+ [RT #16911]
+
+2198. [bug] win32: RegCloseKey() could be called when
+ RegOpenKeyEx() failed. [RT #16911]
+
+2197. [bug] Add INSIST to catch negative responses which are
+ not setting the event result code appropriately.
+ [RT #16909]
+
+2196. [port] win32: yield processor while waiting for once to
+ to complete. [RT #16958]
+
+2195. [func] dnssec-keygen now defaults to nametype "ZONE"
+ when generating DNSKEYs. [RT #16954]
+
+2194. [bug] Close journal before calling 'done' in xfrin.c.
+
+ --- 9.5.0a5 released ---
+
+2193. [port] win32: BINDInstall.exe is now linked statically.
+ [RT #16906]
+
+2192. [port] win32: use vcredist_x86.exe to install Visual
+ Studio's redistributable dlls if building with
+ Visual Stdio 2005 or later.
+
+2191. [func] named-checkzone now allows dumping to stdout (-).
+ named-checkconf now has -h for help.
+ named-checkzone now has -h for help.
+ rndc now has -h for help.
+ Better handling of '-?' for usage summaries.
+ [RT #16707]
+
+2190. [func] Make fallback to plain DNS from EDNS due to timeouts
+ more visible. New logging category "edns-disabled".
+ [RT #16871]
+
+2189. [bug] Handle socket() returning EINTR. [RT #15949]
+
+2188. [contrib] queryperf: autoconf changes to make the search for
+ libresolv or libbind more robust. [RT #16299]
+
+2187. [bug] query_addds(), query_addwildcardproof() and
+ query_addnxrrsetnsec() should take a version
+ argument. [RT #16368]
+
+2186. [port] cygwin: libbind: check for struct sockaddr_storage
+ independently of IPv6. [RT #16482]
+
+2185. [port] sunos: libbind: check for ssize_t, memmove() and
+ memchr(). [RT #16463]
+
+2184. [bug] bind9.xsl.h didn't build out of the source tree.
+ [RT #16830]
+
+2183. [bug] dnssec-signzone didn't handle offline private keys
+ well. [RT #16832]
+
+2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
+ could return ISC_R_SUCCESS when they ran out of
+ memory. [RT #16365]
+
+2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
+
+2180. [cleanup] Remove bit test from 'compress_test' as they
+ are no longer needed. [RT #16497]
+
+2179. [func] 'rndc command zone' will now find 'zone' if it is
+ unique to all the views. [RT #16821]
+
+2178. [bug] 'rndc reload' of a slave or stub zone resulted in
+ a reference leak. [RT #16867]
+
+2177. [bug] Array bounds overrun on read (rcodetext) at
+ debug level 10+. [RT #16798]
+
+2176. [contrib] dbus update to handle race condition during
+ initialization (Bugzilla 235809). [RT #16842]
+
+2175. [bug] win32: windows broadcast condition variable support
+ was broken. [RT #16592]
+
+2174. [bug] I/O errors should always be fatal when reading
+ master files. [RT #16825]
+
+2173. [port] win32: When compiling with MSVS 2005 SP1 we also
+ need to ship Microsoft.VC80.MFCLOC.
+
+ --- 9.5.0a4 released ---
+
+2172. [bug] query_addsoa() was being called with a non zone db.
+ [RT #16834]
+
+2171. [bug] Handle breaks in DNSSEC trust chains where the parent
+ servers are not DS aware (DS queries to the parent
+ return a referral to the child).
+
+2170. [func] Add acache processing to test suite. [RT #16711]
+
+2169. [bug] host, nslookup: when reporting NXDOMAIN report the
+ given name and not the last name searched for.
+ [RT #16763]
+
+2168. [bug] nsupdate: in non-interactive mode treat syntax errors
+ as fatal errors. [RT #16785]
+
+2167. [bug] When re-using a automatic zone named failed to
+ attach it to the new view. [RT #16786]
+
+ --- 9.5.0a3 released ---
+
+2166. [bug] When running in batch mode, dig could misinterpret
+ a server address as a name to be looked up, causing
+ unexpected output. [RT #16743]
+
+2165. [func] Allow the destination address of a query to determine
+ if we will answer the query or recurse.
+ allow-query-on, allow-recursion-on and
+ allow-query-cache-on. [RT #16291]
+
+2164. [bug] The code to determine how named-checkzone /
+ named-compilezone was called failed under windows.
+ [RT #16764]
+
+2163. [bug] If only one of query-source and query-source-v6
+ specified a port the query pools code broke (change
+ 2129). [RT #16768]
+
+2162. [func] Allow "rrset-order fixed" to be disabled at compile
+ time. [RT #16665]
+
+2161. [bug] Fix which log messages are emitted for 'rndc flush'.
+ [RT #16698]
+
+2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
+ from getifaddrs(). [RT #16708]
+
+ --- 9.5.0a2 released ---
+
+2159. [bug] Array bounds overrun in acache processing. [RT #16710]
+
+2158. [bug] ns_client_isself() failed to initialize key
+ leading to a REQUIRE failure. [RT #16688]
+
+2157. [func] dns_db_transfernode() created. [RT #16685]
+
+2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
+ resolver.c:validated() and resolver.c:cache_name().
+ Fix a memory leak in rbtdb.c:free_noqname().
+ Make lookup.c:lookup_find() robust against
+ event leaks. [RT #16685]
+
+2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com.
+ [RT #16694]
+
+2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
+ matched in acls by omitting the scope. [RT #16599]
+
+2153. [bug] nsupdate could leak memory. [RT #16691]
+
+2152. [cleanup] Use sizeof(buf) instead of fixed number in
+ dighost.c:get_trusted_key(). [RT #16678]
+
+2151. [bug] Missing newline in usage message for journalprint.
+ [RT #16679]
+
+2150. [bug] 'rrset-order cyclic' uniformly distribute the
+ starting point for the first response for a given
+ RRset. [RT #16655]
+
+2149. [bug] isc_mem_checkdestroyed() failed to abort on
+ if there were still active memory contexts.
+ [RT #16672]
+
+2148. [func] Add positive logging for rndc commands. [RT #14623]
+
+2147. [bug] libbind: remove potential buffer overflow from
+ hmac_link.c. [RT #16437]
+
+2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
+ SO_BSDCOMPAT" message. [RT #16641]
+
+2145. [bug] Check DS/DLV digest lengths for known digests.
+ [RT #16622]
+
+2144. [cleanup] Suppress logging of SERVFAIL from forwarders.
+ [RT #16619]
+
+2143. [bug] We failed to restart the IPv6 client when the
+ kernel failed to return the destination the
+ packet was sent to. [RT #16613]
+
+2142. [bug] Handle master files with a modification time that
+ matches the epoch. [RT# 16612]
+
+2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
+ equivalent of LDH checks). [RT #16609]
+
+2140. [bug] libbind: missing unlock on pthread_key_create()
+ failures. [RT #16654]
+
+2139. [bug] dns_view_find() was being called with wrong type
+ in adb.c. [RT #16670]
+
+2138. [bug] Lock order reversal in resolver.c. [RT #16653]
+
+2137. [port] Mips little endian and/or mips 64 bit are now
+ supported for atomic operations. [RT#16648]
+
+2136. [bug] nslookup/host looped if there was no search list
+ and the host didn't exist. [RT #16657]
+
+2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
+
+2134. [func] Additional statistics support. [RT #16666]
+
+2133. [port] powerpc: Support both IBM and MacOS Power PC
+ assembler syntaxes. [RT #16647]
+
+2132. [bug] Missing unlock on out of memory in
+ dns_dispatchmgr_setudp().
+
+2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
+
+2130. [func] Log if CD or DO were set. [RT #16640]
+
+2129. [func] Provide a pool of UDP sockets for queries to be
+ made over. See use-queryport-pool, queryport-pool-ports
+ and queryport-pool-updateinterval. [RT #16415]
+
+2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
+
+2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
+
+2126. [security] Serialize validation of type ANY responses. [RT #16555]
+
+2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ
+ was defined. [RT #16574]
+
+2124. [security] It was possible to dereference a freed fetch
+ context. [RT #16584]
+
+ --- 9.5.0a1 released ---
+
+2123. [func] Use Doxygen to generate internal documentation.
+ [RT #11398]
+
+2122. [func] Experimental http server and statistics support
+ for named via xml.
+
+2121. [func] Add a 10 slot dead masters cache (LRU) with a 600
+ second timeout. [RT #16553]
+
+2120. [doc] Fix markup on nsupdate man page. [RT #16556]
+
+2119. [compat] libbind: allow res_init() to succeed enough to
+ return the default domain even if it was unable
+ to allocate memory.
+
+2118. [bug] Handle response with long chains of domain name
+ compression pointers which point to other compression
+ pointers. [RT #16427]
+
+2117. [bug] DNSSEC fixes: named could fail to cache NSEC records
+ which could lead to validation failures. named didn't
+ handle negative DS responses that were in the process
+ of being validated. Check CNAME bit before accepting
+ NODATA proof. To be able to ignore a child NSEC there
+ must be SOA (and NS) set in the bitmap. [RT #16399]
+
+2116. [bug] 'rndc reload' could cause the cache to continually
+ be cleaned. [RT #16401]
+
+2115. [bug] 'rndc reconfig' could trigger a INSIST if the
+ number of masters for a zone was reduced. [RT #16444]
+
+2114. [bug] dig/host/nslookup: searches for names with multiple
+ labels were failing. [RT #16447]
+
+2113. [bug] nsupdate: if a zone is specified it should be used
+ for server discover. [RT# 16455]
+
+2112. [security] Warn if weak RSA exponent is used. [RT #16460]
+
+2111. [bug] Fix a number of errors reported by Coverity.
+ [RT #16507]
+
+2110. [bug] "minimal-responses yes;" interacted badly with BIND 8
+ priming queries. [RT #16491]
+
+2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
+
+2108. [func] DHCID support. [RT #16456]
+
+2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
+
+2106. [func] 'rndc status' now reports named's version. [RT #16426]
+
+2105. [func] GSS-TSIG support (RFC 3645).
+
+2104. [port] Fix Solaris SMF error message.
+
+2103. [port] Add /usr/sfw to list of locations for OpenSSL
+ under Solaris.
+
+2102. [port] Silence Solaris 10 warnings.
+
+2101. [bug] OpenSSL version checks were not quite right.
+ [RT #16476]
+
+2100. [port] win32: copy libeay32.dll to Build\Debug.
+ Copy Debug\named-checkzone to Debug\named-compilezone.
+
+2099. [port] win32: more manifest issues.
+
+2098. [bug] Race in rbtdb.c:no_references(), which occasionally
+ triggered an INSIST failure about the node lock
+ reference. [RT #16411]
+
+2097. [bug] named could reference a destroyed memory context
+ after being reloaded / reconfigured. [RT #16428]
+
+2096. [bug] libbind: handle applications that fail to detect
+ res_init() failures better.
+
+2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
+ net_cidr_ntop_ipv6(). [RT #16388]
+
+2094. [contrib] Update named-bootconf. [RT# 16404]
+
+2093. [bug] named-checkzone -s was broken.
+
+2092. [bug] win32: dig, host, nslookup. Use registry config
+ if resolv.conf does not exist or no nameservers
+ listed. [RT #15877]
+
+2091. [port] dighost.c: race condition on cleanup. [RT #16417]
+
+2090. [port] win32: Visual C++ 2005 command line manifest support.
+ [RT #16417]
+
+2089. [security] Raise the minimum safe OpenSSL versions to
+ OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
+ prior to these have known security flaws which
+ are (potentially) exploitable in named. [RT #16391]
+
+2088. [security] Change the default RSA exponent from 3 to 65537.
+ [RT #16391]
+
+2087. [port] libisc failed to compile on OS's w/o a vsnprintf.
+ [RT #16382]
+
+2086. [port] libbind: FreeBSD now has get*by*_r() functions.
+ [RT #16403]
+
+2085. [doc] win32: added index.html and README to zip. [RT #16201]
+
+2084. [contrib] dbus update for 9.3.3rc2.
+
+2083. [port] win32: Visual C++ 2005 support.
+
+2082. [doc] Document 'cache-file' as a test only option.
+
+2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
+ [RT #16360]
+
+2080. [port] libbind: res_init.c did not compile on older versions
+ of Solaris. [RT #16363]
+
+2079. [bug] The lame cache was not handling multiple types
+ correctly. [RT #16361]
+
+2078. [bug] dnssec-checkzone output style "default" was badly
+ named. It is now called "relative". [RT #16326]
+
+2077. [bug] 'dnssec-signzone -O raw' wasn't outputting the
+ complete signed zone. [RT #16326]
+
+2076. [bug] Several files were missing #include <config.h>
+ causing build failures on OSF. [RT #16341]
+
+2075. [bug] The spillat timer event hander could leak memory.
+ [RT #16357]
+
+2074. [bug] dns_request_createvia2(), dns_request_createvia3(),
+ dns_request_createraw2() and dns_request_createraw3()
+ failed to send multiple UDP requests. [RT #16349]
+
+2073. [bug] Incorrect semantics check for update policy "wildcard".
+ [RT #16353]
+
+2072. [bug] We were not generating valid HMAC SHA digests.
+ [RT #16320]
+
+2071. [port] Test whether gcc accepts -fno-strict-aliasing.
+ [RT #16324]
+
+2070. [bug] The remote address was not always displayed when
+ reporting dispatch failures. [RT #16315]
+
+2069. [bug] Cross compiling was not working. [RT #16330]
+
+2068. [cleanup] Lower incremental tuning message to debug 1.
+ [RT #16319]
+
+2067. [bug] 'rndc' could close the socket too early triggering
+ a INSIST under Windows. [RT #16317]
+
+2066. [security] Handle SIG queries gracefully. [RT #16300]
+
+2065. [bug] libbind: probe for HPUX prototypes for
+ endprotoent_r() and endservent_r(). [RT 16313]
+
+2064. [bug] libbind: silence AIX compiler warnings. [RT #16218]
+
+2063. [bug] Change #1955 introduced a bug which caused the first
+ 'rndc flush' call to not free memory. [RT #16244]
+
+2062. [bug] 'dig +nssearch' was reusing a buffer before it had
+ been returned by the socket code. [RT #16307]
+
+2061. [bug] Accept expired wildcard message reversed. [RT #16296]
+
+2060. [bug] Enabling DLZ support could leave views partially
+ configured. [RT #16295]
+
+2059. [bug] Search into cache rbtdb could trigger an INSIST
+ failure while cleaning up a stale rdataset.
+ [RT #16292]
+
+2058. [bug] Adjust how we calculate rtt estimates in the presence
+ of authoritative servers that drop EDNS and/or CD
+ requests. Also fallback to EDNS/512 and plain DNS
+ faster for zones with less than 3 servers. [RT #16187]
+
+2057. [bug] Make setting "ra" dependent on both allow-query-cache
+ and allow-recursion. [RT #16290]
+
+2056. [bug] dig: ixfr= was not being treated case insensitively
+ at all times. [RT #15955]
+
+2055. [bug] Missing goto after dropping multicast query.
+ [RT #15944]
+
+2054. [port] freebsd: do not explicitly link against -lpthread.
+ [RT #16170]
+
+2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220]
+
+2052. [bug] 'rndc' improve connect failed message to report
+ the failing address. [RT #15978]
+
+2051. [port] More strtol() fixes. [RT #16249]
+
+2050. [bug] Parsing of NSAP records was not case insensitive.
+ [RT #16287]
+
+2049. [bug] Restore SOA before AXFR when falling back from
+ a attempted IXFR when transferring in a zone.
+ Allow a initial SOA query before attempting
+ a AXFR to be requested. [RT #16156]
+
+2048. [bug] It was possible to loop forever when using
+ avoid-v4-udp-ports / avoid-v6-udp-ports when
+ the OS always returned the same local port.
+ [RT #16182]
+
+2047. [bug] Failed to initialize the interface flags to zero.
+ [RT #16245]
+
+2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
+ cleanup [RT #16247].
+
+2045. [func] Use lock buckets for acache entries to limit memory
+ consumption. [RT #16183]
+
+2044. [port] Add support for atomic operations for Itanium.
+ [RT #16179]
+
+2043. [port] nsupdate/nslookup: Force the flushing of the prompt
+ for interactive sessions. [RT#16148]
+
+2042. [bug] named-checkconf was incorrectly rejecting the
+ logging category "config". [RT #16117]
+
+2041. [bug] "configure --with-dlz-bdb=yes" produced a bad
+ set of libraries to be linked. [RT #16129]
+
+2040. [bug] rbtdb no_references() could trigger an INSIST
+ failure with --enable-atomic. [RT #16022]
+
+2039. [func] Check that all buffers passed to the socket code
+ have been retrieved when the socket event is freed.
+ [RT #16122]
+
+2038. [bug] dig/nslookup/host was unlinking from wrong list
+ when handling errors. [RT #16122]
+
+2037. [func] When unlinking the first or last element in a list
+ check that the list head points to the element to
+ be unlinked. [RT #15959]
+
+2036. [bug] 'rndc recursing' could cause trigger a REQUIRE.
+ [RT #16075]
+
+2035. [func] Make falling back to TCP on UDP refresh failure
+ optional. Default "try-tcp-refresh yes;" for BIND 8
+ compatibility. [RT #16123]
+
+2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
+
+2033. [bug] We weren't creating multiple client memory contexts
+ on demand as expected. [RT #16095]
+
+2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074]
+
+2031. [bug] Emit a error message when "rndc refresh" is called on
+ a non slave/stub zone. [RT # 16073]
+
+2030. [bug] We were being overly conservative when disabling
+ openssl engine support. [RT #16030]
+
+2029. [bug] host printed out the server multiple times when
+ specified on the command line. [RT #15992]
+
+2028. [port] linux: socket.c compatibility for old systems.
+ [RT #16015]
+
+2027. [port] libbind: Solaris x86 support. [RT #16020]
+
+2026. [bug] Rate limit the two recursive client exceeded messages.
+ [RT #16044]
+
+2025. [func] Update "zone serial unchanged" message. [RT #16026]
+
+2024. [bug] named emitted spurious "zone serial unchanged"
+ messages on reload. [RT #16027]
+
+2023. [bug] "make install" should create ${localstatedir}/run and
+ ${sysconfdir} if they do not exist. [RT #16033]
+
+2022. [bug] If dnssec validation is disabled only assert CD if
+ CD was requested. [RT #16037]
+
+2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037]
+
+2020. [bug] rdataset_setadditional() could leak memory. [RT #16034]
+
+2019. [tuning] Reduce the amount of work performed per quantum
+ when cleaning the cache. [RT #15986]
+
+2018. [bug] Checking if the HMAC MD5 private file was broken.
+ [RT #15960]
+
+2017. [bug] allow-query default was not correct. [RT #15946]
+
+2016. [bug] Return a partial answer if recursion is not
+ allowed but requested and we had the answer
+ to the original qname. [RT #15945]
+
+2015. [cleanup] use-additional-cache is now acache-enable for
+ consistency. Default acache-enable off in BIND 9.4
+ as it requires memory usage to be configured.
+ It may be enabled by default in BIND 9.5 once we
+ have more experience with it.
+
+2014. [func] Statistics about acache now recorded and sent
+ to log. [RT #15976]
+
+2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
+ responses more gracefully. [RT #15941]
+
+2012. [func] Don't insert new acache entries if acache is full.
+ [RT #15970]
+
+2011. [func] dnssec-signzone can now update the SOA record of
+ the signed zone, either as an increment or as the
+ system time(). [RT #15633]
+
+2010. [placeholder] rt15958
+
+2009. [bug] libbind: Coverity fixes. [RT #15808]
+
+2008. [func] It is now possible to enable/disable DNSSEC
+ validation from rndc. This is useful for the
+ mobile hosts where the current connection point
+ breaks DNSSEC (firewall/proxy). [RT #15592]
+
+ rndc validation newstate [view]
+
+2007. [func] It is now possible to explicitly enable DNSSEC
+ validation. default dnssec-validation no; to
+ be changed to yes in 9.5.0. [RT #15674]
+
+2006. [security] Allow-query-cache and allow-recursion now default
+ to the built in acls "localnets" and "localhost".
+
+ This is being done to make caching servers less
+ attractive as reflective amplifying targets for
+ spoofed traffic. This still leave authoritative
+ servers exposed.
+
+ The best fix is for full BCP 38 deployment to
+ remove spoofed traffic.
+
+2005. [bug] libbind: Retransmission timeouts should be
+ based on which attempt it is to the nameserver
+ and not the nameserver itself. [RT #13548]
+
+2004. [bug] dns_tsig_sign() could pass a NULL pointer to
+ dst_context_destroy() when cleaning up after a
+ error. [RT #15835]
+
+2003. [bug] libbind: The DNS name/address lookup functions could
+ occasionally follow a random pointer due to
+ structures not being completely zeroed. [RT #15806]
+
+2002. [bug] libbind: tighten the constraints on when
+ struct addrinfo._ai_pad exists. [RT #15783]
+
+2001. [func] Check the KSK flag when updating a secure dynamic zone.
+ New zone option "update-check-ksk yes;". [RT #15817]
+
+2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812]
+
+1999. [func] Implement "rrset-order fixed". [RT #13662]
+
+1998. [bug] Restrict handling of fifos as sockets to just SunOS.
+ This allows named to connect to entropy gathering
+ daemons that use fifos instead of sockets. [RT #15840]
+
+1997. [bug] Named was failing to replace negative cache entries
+ when a positive one for the type was learnt.
+ [RT #15818]
+
+1996. [bug] nsupdate: if a zone has been specified it should
+ appear in the output of 'show'. [RT #15797]
+
+1995. [bug] 'host' was reporting multiple "is an alias" messages.
+ [RT #15702]
+
+1994. [port] OpenSSL 0.9.8 support. [RT #15694]
+
+1993. [bug] Log messages, via syslog, were missing the space
+ after the timestamp if "print-time yes" was specified.
+ [RT #15844]
+
+1992. [bug] Not all incoming zone transfer messages included the
+ view. [RT #15825]
+
+1991. [cleanup] The configuration data, once read, should be treated
+ as read only. Expand the use of const to enforce this
+ at compile time. [RT #15813]
+
+1990. [bug] libbind: isc's override of broken gettimeofday()
+ implementations was not always effective.
+ [RT #15709]
+
+1989. [bug] win32: don't check the service password when
+ re-installing. [RT #15882]
+
+1988. [bug] Remove a bus error from the SHA256/SHA512 support.
+ [RT #15878]
+
+1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
+
+1986. [func] Report when a zone is removed. [RT #15849]
+
+1985. [protocol] DLV has now been assigned a official type code of
+ 32769. [RT #15807]
+
+ Note: care should be taken to ensure you upgrade
+ both named and dnssec-signzone at the same time for
+ zones with DLV records where named is the master
+ server for the zone. Also any zones that contain
+ DLV records should be removed when upgrading a slave
+ zone. You do not however have to upgrade all
+ servers for a zone with DLV records simultaneously.
+
+1984. [func] dig, nslookup and host now advertise a 4096 byte
+ EDNS UDP buffer size by default. [RT #15855]
+
+1983. [func] Two new update policies. "selfsub" and "selfwild".
+ [RT #12895]
+
+1982. [bug] DNSKEY was being accepted on the parent side of
+ a delegation. KEY is still accepted there for
+ RFC 3007 validated updates. [RT #15620]
+
+1981. [bug] win32: condition.c:wait() could fail to reattain
+ the mutex lock.
+
+1980. [func] dnssec-signzone: output the SOA record as the
+ first record in the signed zone. [RT #15758]
+
+1979. [port] linux: allow named to drop core after changing
+ user ids. [RT #15753]
+
+1978. [port] Handle systems which have a broken recvmsg().
+ [RT #15742]
+
+1977. [bug] Silence noisy log message. [RT #15704]
+
+1976. [bug] Handle systems with no IPv4 addresses. [RT #15695]
+
+1975. [bug] libbind: isc_gethexstring() could misparse multi-line
+ hex strings with comments. [RT #15814]
+
+1974. [doc] List each of the zone types and associated zone
+ options separately in the ARM.
+
+1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
+ HMACSHA512 support. [RT #13606]
+
+1972. [contrib] DBUS dynamic forwarders integration from
+ Jason Vas Dias <jvdias@redhat.com>.
+
+1971. [port] linux: make detection of missing IF_NAMESIZE more
+ robust. [RT #15443]
+
+1970. [bug] nsupdate: adjust UDP timeout when falling back to
+ unsigned SOA query. [RT #15775]
+
+1969. [bug] win32: the socket code was freeing the socket
+ structure too early. [RT #15776]
+
+1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
+
+1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
+
+1966. [bug] Don't set CD when we have fallen back to plain DNS.
+ [RT #15727]
+
+1965. [func] Suppress spurious "recusion requested but not
+ available" warning with 'dig +qr'. [RT #15780].
+
+1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
+
+1963. [port] Tru64 4.0E doesn't support send() and recv().
+ [RT #15586]
+
+1962. [bug] Named failed to clear old update-policy when it
+ was removed. [RT #15491]
+
+1961. [bug] Check the port and address of responses forwarded
+ to dispatch. [RT #15474]
+
+1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
+ [RT #15465]
+
+1959. [func] Control the zeroing of the negative response TTL to
+ a soa query. Defaults "zero-no-soa-ttl yes;" and
+ "zero-no-soa-ttl-cache no;". [RT #15460]
+
+1958. [bug] Named failed to update the zone's secure state
+ until the zone was reloaded. [RT #15412]
+
+1957. [bug] Dig mishandled responses to class ANY queries.
+ [RT #15402]
+
+1956. [bug] Improve cross compile support, 'gen' is now built
+ by native compiler. See README for additional
+ cross compile support information. [RT #15148]
+
+1955. [bug] Pre-allocate the cache cleaning iterator. [RT #14998]
+
+1954. [func] Named now falls back to advertising EDNS with a
+ 512 byte receive buffer if the initial EDNS queries
+ fail. [RT #14852]
+
+1953. [func] The maximum EDNS UDP response named will send can
+ now be set in named.conf (max-udp-size). This is
+ independent of the advertised receive buffer
+ (edns-udp-size). [RT #14852]
+
+1952. [port] hpux: tell the linker to build a runtime link
+ path "-Wl,+b:". [RT #14816].
+
+1951. [security] Drop queries from particular well known ports.
+ Don't return FORMERR to queries from particular
+ well known ports. [RT #15636]
+
+1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
+ a TCP socket. This prevents the source address being
+ set for TCP connections. [RT #15628]
+
+1949. [func] Addition memory leakage checks. [RT #15544]
+
+1948. [bug] If was possible to trigger a REQUIRE failure in
+ xfrin.c:maybe_free() if named ran out of memory.
+ [RT #15568]
+
+1947. [func] It is now possible to configure named to accept
+ expired RRSIGs. Default "dnssec-accept-expired no;".
+ Setting "dnssec-accept-expired yes;" leaves named
+ vulnerable to replay attacks. [RT #14685]
+
+1946. [bug] resume_dslookup() could trigger a REQUIRE failure
+ when using forwarders. [RT #15549]
+
+1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
+ To generate a RSAMD5 key you must explicitly request
+ RSAMD5. [RT #13780]
+
+1944. [cleanup] isc_hash_create() does not need a read/write lock.
+ [RT #15522]
+
+1943. [bug] Set the loadtime after rolling forward the journal.
+ [RT #15647]
+
+1942. [bug] If the name of a DNSKEY match that of one in
+ trusted-keys do not attempt to validate the DNSKEY
+ using the parents DS RRset. [RT #15649]
+
+1941. [bug] ncache_adderesult() should set eresult even if no
+ rdataset is passed to it. [RT #15642]
+
+1940. [bug] Fixed a number of error conditions reported by
+ Coverity.
+
+1939. [bug] The resolver could dereference a null pointer after
+ validation if all the queries have timed out.
+ [RT #15528]
+
+1938. [bug] The validator was not correctly handling unsecure
+ negative responses at or below a SEP. [RT #15528]
+
+1937. [bug] sdlz doesn't handle RRSIG records. [RT #15564]
+
+1936. [bug] The validator could leak memory. [RT #15544]
+
+1935. [bug] 'acache' was DO sensitive. [RT #15430]
+
+1934. [func] Validate pending NS RRsets, in the authority section,
+ prior to returning them if it can be done without
+ requiring DNSKEYs to be fetched. [RT #15430]
+
+1933. [bug] dump_rdataset_raw() had a incorrect INSIST. [RT #15534]
+
+1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
+
+1931. [bug] Per-client mctx could require a huge amount of memory,
+ particularly for a busy caching server. [RT #15519]
+
+1930. [port] HPUX: ia64 support. [RT #15473]
+
+1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
+
+1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
+
+1927. [bug] Access to soanode or nsnode in rbtdb violated the
+ lock order rule and could cause a dead lock.
+ [RT# 15518]
+
+1926. [bug] The Windows installer did not check for empty
+ passwords. BINDinstall was being installed in
+ the wrong place. [RT #15483]
+
+1925. [port] All outer level AC_TRY_RUNs need cross compiling
+ defaults. [RT #15469]
+
+1924. [port] libbind: hpux ia64 support. [RT #15473]
+
+1923. [bug] ns_client_detach() called too early. [RT #15499]
+
+1922. [bug] check-tool.c:setup_logging() missing call to
+ dns_log_setcontext().
+
+1921. [bug] Client memory contexts were not using internal
+ malloc. [RT# 15434]
+
+1920. [bug] The cache rbtdb lock array was too small to
+ have the desired performance characteristics.
+ [RT #15454]
+
+1919. [contrib] queryperf: a set of new features: collecting/printing
+ response delays, printing intermediate results, and
+ adjusting query rate for the "target" qps.
+
+1918. [bug] Memory leak when checking acls. [RT #15391]
+
+1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
+ when generating man pages. [RT #15385]
+
+1916. [func] Integrate contributed IDN code from JPNIC. [RT #15383]
+
+1915. [bug] dig +ndots was broken. [RT #15215]
+
+1914. [protocol] DS is required to accept mnemonic algorithms
+ (RFC 4034). Still emit numeric algorithms for
+ compatibility with RFC 3658. [RT #15354]
+
+1913. [func] Integrate contributed DLZ code into named. [RT #11382]
+
+1912. [port] aix: atomic locking for powerpc. [RT #15020]
+
+1911. [bug] Update windows socket code. [RT #14965]
+
+1910. [bug] dig's +sigchase code overhauled. [RT #14933]
+
+1909. [bug] The DLV code has been re-worked to make no longer
+ query order sensitive. [RT #14933]
+
+1908. [func] dig now warns if 'RA' is not set in the answer when
+ 'RD' was set in the query. host/nslookup skip servers
+ that fail to set 'RA' when 'RD' is set unless a server
+ is explicitly set. [RT #15005]
+
+1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
+ [RT #15006]
+
+1906. [func] dig now has a '-q queryname' and '+showsearch' options.
+ [RT #15034]
+
+1905. [bug] Strings returned from cfg_obj_asstring() should be
+ treated as read-only. The prototype for
+ cfg_obj_asstring() has been updated to reflect this.
+ [RT #15256]
+
+1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
+ friends. Note: RFC 1918 zones are not yet covered by
+ this but are likely to be in a future release.
+
+ New options: empty-server, empty-contact,
+ empty-zones-enable and disable-empty-zone.
+
+1903. [func] ISC string copy API.
+
+1902. [func] Attempt to make the amount of work performed in a
+ iteration self tuning. The covers nodes clean from
+ the cache per iteration, nodes written to disk when
+ rewriting a master file and nodes destroyed per
+ iteration when destroying a zone or a cache.
+ [RT #14996]
+
+1901. [cleanup] Don't add DNSKEY records to the additional section.
+
+1900. [bug] ixfr-from-differences failed to ensure that the
+ serial number increased. [RT #15036]
+
+1899. [func] named-checkconf now validates update-policy entries.
+ [RT #14963]
+
+1898. [bug] Extend ISC_SOCKADDR_FORMATSIZE and
+ ISC_NETADDR_FORMATSIZE to allow for scope details.
+
+1897. [func] x86 and x86_64 now have separate atomic locking
+ implementations.
+
+1896. [bug] Recursive clients soft quota support wasn't working
+ as expected. [RT #15103]
+
+1895. [bug] A escaped character is, potentially, converted to
+ the output character set too early. [RT #14666]
+
+1894. [doc] Review ARM for BIND 9.4.
+
+1893. [port] Use uintptr_t if available. [RT #14606]
+
+1892. [func] Support for SPF rdata type. [RT #15033]
+
+1891. [port] freebsd: pthread_mutex_init can fail if it runs out
+ of memory. [RT #14995]
+
+1890. [func] Raise the UDP receive buffer size to 32k if it is
+ less than 32k. [RT #14953]
+
+1889. [port] sunos: non blocking i/o support. [RT #14951]
+
+1888. [func] Support for IPSECKEY rdata type. [RT #14967]
+
+1887. [bug] The cache could delete expired records too fast for
+ clients with a virtual time in the past. [RT #14991]
+
+1886. [bug] fctx_create() could return success even though it
+ failed. [RT #14993]
+
+1885. [func] dig: report the number of extra bytes still left in
+ the packet after processing all the records.
+
+1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>.
+
+1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug
+ levels. [RT #14962]
+
+1882. [func] Limit the number of recursive clients that can be
+ waiting for a single query (<qname,qtype,qclass>) to
+ resolve. New options clients-per-query and
+ max-clients-per-query.
+
+1881. [func] Add a system test for named-checkconf. [RT #14931]
+
+1880. [func] The lame cache is now done on a <qname,qclass,qtype>
+ basis as some servers only appear to be lame for
+ certain query types. [RT #14916]
+
+1879. [func] "USE INTERNAL MALLOC" is now runtime selectable.
+ [RT #14892]
+
+1878. [func] Detect duplicates of UDP queries we are recursing on
+ and drop them. New stats category "duplicate".
+ [RT #2471]
+
+1877. [bug] Fix unreasonably low quantum on call to
+ dns_rbt_destroy2(). Remove unnecessary unhash_node()
+ call. [RT #14919]
+
+1876. [func] Additional memory debugging support to track size
+ and mctx arguments. [RT #14814]
+
+1875. [bug] process_dhtkey() was using the wrong memory context
+ to free some memory. [RT #14890]
+
+1874. [port] sunos: portability fixes. [RT #14814]
+
+1873. [port] win32: isc__errno2result() now reports its caller.
+ [RT #13753]
+
+1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
+
+1871. [placeholder]
+
+1870. [func] Added framework for handling multiple EDNS versions.
+ [RT #14873]
+
+1869. [func] dig can now specify the EDNS version when making
+ a query. [RT #14873]
+
+1868. [func] edns-udp-size can now be overridden on a per
+ server basis. [RT #14851]
+
+1867. [bug] It was possible to trigger a INSIST in
+ dlv_validatezonekey(). [RT #14846]
+
+1866. [bug] resolv.conf parse errors were being ignored by
+ dig/host/nslookup. [RT #14841]
+
+1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
+ bad addresses. [RT #14841]
+
+1864. [bug] Don't try the alternative transfer source if you
+ got a answer / transfer with the main source
+ address. [RT #14802]
+
+1863. [bug] rrset-order "fixed" error messages not complete.
+
+1862. [func] Add additional zone data constancy checks.
+ named-checkzone has extended checking of NS, MX and
+ SRV record and the hosts they reference.
+ named has extended post zone load checks.
+ New zone options: check-mx and integrity-check.
+ [RT #4940]
+
+1861. [bug] dig could trigger a INSIST on certain malformed
+ responses. [RT #14801]
+
+1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
+ incorrectly set. [RT #14775]
+
+1859. [func] Add support for CH A record. [RT #14695]
+
+1858. [bug] The flush-zones-on-shutdown option wasn't being
+ parsed. [RT #14686]
+
+1857. [bug] named could trigger a INSIST() if reconfigured /
+ reloaded too fast. [RT #14673]
+
+1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
+ [RT #11398]
+
+1855. [bug] ixfr-from-differences was failing to detect changes
+ of ttl due to dns_diff_subtract() was ignoring the ttl
+ of records. [RT #14616]
+
+1854. [bug] lwres also needs to know the print format for
+ (long long). [RT #13754]
+
+1853. [bug] Rework how DLV interacts with proveunsecure().
+ [RT #13605]
+
+1852. [cleanup] Remove last vestiges of dnssec-signkey and
+ dnssec-makekeyset (removed from Makefile years ago).
+
+1851. [doc] Doxygen comment markup. [RT #11398]
+
+1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
+
+1849. [doc] All forms of the man pages (docbook, man, html) should
+ have consistent copyright dates.
+
+1848. [bug] Improve SMF integration. [RT #13238]
+
+1847. [bug] isc_ondestroy_init() is called too late in
+ dns_rbtdb_create()/dns_rbtdb64_create().
+ [RT #13661]
+
+1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
+ <bortzmeyer@nic.fr>.
+
+1845. [bug] Improve error reporting to distinguish between
+ accept()/fcntl() and socket()/fcntl() errors.
+ [RT #13745]
+
+1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
+ for each 16 bit piece of the IPv6 address. The text
+ representation of a IPv6 address has been tightened
+ to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
+ [RT #5662]
+
+1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps
+ when CFLAGS contains "-I /usr/local/include"
+ resulting in old header files being used.
+
+1842. [port] cmsg_len() could produce incorrect results on
+ some platform. [RT #13744]
+
+1841. [bug] "dig +nssearch" now makes a recursive query to
+ find the list of nameservers to query. [RT #13694]
+
+1840. [func] dnssec-signzone can now randomize signature end times
+ (dnssec-signzone -j jitter). [RT #13609]
+
+1839. [bug] <isc/hash.h> was not being installed.
+
+1838. [cleanup] Don't allow Linux capabilities to be inherited.
+ [RT #13707]
+
+1837. [bug] Compile time option ISC_FACILITY was not effective
+ for 'named -u <user>'. [RT #13714]
+
+1836. [cleanup] Silence compiler warnings in hash_test.c.
+
+1835. [bug] Update dnssec-signzone's usage message. [RT #13657]
+
+1834. [bug] Bad memset in rdata_test.c. [RT #13658]
+
+1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660]
+
+1832. [bug] named fails to return BADKEY on unknown TSIG algorithm.
+ [RT #13620]
+
+1831. [doc] Update named-checkzone documentation. [RT#13604]
+
+1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
+
+1829. [bug] win32: "pid-file none;" broken. [RT #13563]
+
+1828. [bug] isc_rwlock_init() failed to properly cleanup if it
+ encountered a error. [RT #13549]
+
+1827. [bug] host: update usage message for '-a'. [RT #37116]
+
+1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out
+ of memory error. [RT #13537]
+
+1825. [bug] Missing UNLOCK() on out of memory error from in
+ rbtdb.c:subtractrdataset(). [RT #13519]
+
+1824. [bug] Memory leak on dns_zone_setdbtype() failure.
+ [RT #13510]
+
+1823. [bug] Wrong macro used to check for point to point interface.
+ [RT#13418]
+
+1822. [bug] check-names test for RT was reversed. [RT #13382]
+
+1821. [placeholder]
+
+1820. [bug] Gracefully handle acl loops. [RT #13659]
+
+1819. [bug] The validator needed to check both the algorithm and
+ digest types of the DS to determine if it could be
+ used to introduce a secure zone. [RT #13593]
+
+1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599]
+
+1817. [func] Add support for additional zone file formats for
+ improving loading performance. The masterfile-format
+ option in named.conf can be used to specify a
+ non-default format. A separate command
+ named-compilezone was provided to generate zone files
+ in the new format. Additionally, the -I and -O options
+ for dnssec-signzone specify the input and output
+ formats.
+
+1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
+ [RT #13597]
+
+1815. [bug] nsupdate triggered a REQUIRE if the server was set
+ without also setting the zone and it encountered
+ a CNAME and was using TSIG. [RT #13086]
+
+1814. [func] UNIX domain controls are now supported.
+
+1813. [func] Restructured the data locking framework using
+ architecture dependent atomic operations (when
+ available), improving response performance on
+ multi-processor machines significantly.
+ x86, x86_64, alpha, powerpc, and mips are currently
+ supported.
+
+1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
+ [RT #13453]
+
+1811. [func] Preserve the case of domain names in rdata during
+ zone transfers. [RT #13547]
+
+1810. [bug] configure, lib/bind/configure make different default
+ decisions about whether to do a threaded build.
+ [RT #13212]
+
+1809. [bug] "make distclean" failed for libbind if the platform
+ is not supported.
+
+1808. [bug] zone.c:notify_zone() contained a race condition,
+ zone->db could change underneath it. [RT #13511]
+
+1807. [bug] When forwarding (forward only) set the active domain
+ from the forward zone name. [RT #13526]
+
+1806. [bug] The resolver returned the wrong result when a CNAME /
+ DNAME was encountered when fetching glue from a
+ secure namespace. [RT #13501]
+
+1805. [bug] Pending status was not being cleared when DLV was
+ active. [RT #13501]
+
+1804. [bug] Ensure that if we are queried for glue that it fits
+ in the additional section or TC is set to tell the
+ client to retry using TCP. [RT #10114]
+
+1803. [bug] dnssec-signzone sometimes failed to remove old
+ RRSIGs. [RT #13483]
+
+1802. [bug] Handle connection resets better. [RT #11280]
+
+1801. [func] Report differences between hints and real NS rrset
+ and associated address records.
+
+1800. [bug] Changes #1719 allowed a INSIST to be triggered.
+ [RT #13428]
+
+1799. [bug] 'rndc flushname' failed to flush negative cache
+ entries. [RT #13438]
+
+1798. [func] The server syntax has been extended to support a
+ range of servers. [RT #11132]
+
+1797. [func] named-checkconf now check acls to verify that they
+ only refer to existing acls. [RT #13101]
+
+1796. [func] "rndc freeze/thaw" now freezes/thaws all zones.
+
+1795. [bug] "rndc dumpdb" was not fully documented. Minor
+ formating issues with "rndc dumpdb -all". [RT #13396]
+
+1794. [func] Named and named-checkzone can now both check for
+ non-terminal wildcard records.
+
+1793. [func] Extend adjusting TTL warning messages. [RT #13378]
+
+1792. [func] New zone option "notify-delay". Specify a minimum
+ delay between sets of NOTIFY messages.
+
+1791. [bug] 'host -t a' still printed out AAAA and MX records.
+ [RT #13230]
+
+1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
+ allow parallel make to succeed.
+
+1789. [bug] Prerequisite test for tkey and dnssec could fail
+ with "configure --with-libtool".
+
+1788. [bug] libbind9.la/libbind9.so needs to link against
+ libisccfg.la/libisccfg.so.
+
+1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.
+
+1786. [port] AIX: libt_api needs to be taught to look for
+ T_testlist in the main executable (--with-libtool).
+ [RT #13239]
+
+1785. [bug] libbind9.la/libbind9.so needs to link against
+ libisc.la/libisc.so.
+
+1784. [cleanup] "libtool -allow-undefined" is the default.
+ Leave hooks in configure to allow it to be set
+ if needed in the future.
+
+1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the
+ source tree.
+
+1782. [port] OSX: --with-libtool + --enable-libbind broke on
+ __evOptMonoTime. [RT #13219]
+
+1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
+
+1780. [bug] Update libtool to 1.5.10.
+
+1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
+
+1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
+ IN6ADDR_LOOPBACK_INIT macros.
+
+1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
+ IN6ADDR_LOOPBACK_INIT macros.
+
+1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
+ IN6ADDR_LOOPBACK_INIT macros.
+
+1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
+
+1774. [port] Aix: Silence compiler warnings / build failures.
+ [RT #13154]
+
+1773. [bug] Fast retry on host / net unreachable. [RT #13153]
+
+1772. [placeholder]
+
+1771. [placeholder]
+
+1770. [bug] named-checkconf failed to report missing a missing
+ file clause for rbt{64} master/hint zones. [RT#13009]
+
+1769. [port] win32: change compiler flags /MTd ==> /MDd,
+ /MT ==> /MD.
+
+1768. [bug] nsecnoexistnodata() could be called with a non-NSEC
+ rdataset. [RT #12907]
+
+1767. [port] Builds on IPv6 platforms without IPv6 Advanced API
+ support for (struct in6_pktinfo) failed. [RT #13077]
+
+1766. [bug] Update the master file timestamp on successful refresh
+ as well as the journal's timestamp. [RT# 13062]
+
+1765. [bug] configure --with-openssl=auto failed. [RT #12937]
+
+1764. [bug] dns_zone_replacedb failed to emit a error message
+ if there was no SOA record in the replacement db.
+ [RT #13016]
+
+1763. [func] Perform sanity checks on NS records which refer to
+ 'in zone' names. [RT #13002]
+
+1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS
+ even when it failed. [RT #12995]
+
+1761. [bug] 'rndc dumpdb' didn't report unassociated entries.
+ [RT #12971]
+
+1760. [bug] Host / net unreachable was not penalising rtt
+ estimates. [RT #12970]
+
+1759. [bug] Named failed to startup if the OS supported IPv6
+ but had no IPv6 interfaces configured. [RT #12942]
+
+1758. [func] Don't send notify messages to self. [RT #12933]
+
+1757. [func] host now can turn on memory debugging flags with '-m'.
+
+1756. [func] named-checkconf now checks the logging configuration.
+ [RT #12352]
+
+1755. [func] allow-update is now settable at the options / view
+ level. [RT #6636]
+
+1754. [bug] We weren't always attempting to query the parent
+ server for the DS records at the zone cut.
+ [RT #12774]
+
+1753. [bug] Don't serve a slave zone which has no NS records.
+ [RT #12894]
+
+1752. [port] Move isc_app_start() to after ns_os_daemonise()
+ as some fork() implementations unblock the signals
+ that are blocked by isc_app_start(). [RT #12810]
+
+1751. [bug] --enable-getifaddrs failed under linux. [RT #12867]
+
+1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
+ [RT #12864]
+
+1749. [bug] 'check-names response ignore;' failed to ignore.
+ [RT #12866]
+
+1748. [func] dig now returns the byte count for axfr/ixfr.
+
+1747. [bug] BIND 8 compatibility: named/named-checkconf failed
+ to parse "host-statistics-max" in named.conf.
+
+1746. [func] Make public the function to read a key file,
+ dst_key_read_public(). [RT #12450]
+
+1745. [bug] Dig/host/nslookup accept replies from link locals
+ regardless of scope if no scope was specified when
+ query was sent. [RT #12745]
+
+1744. [bug] If tuple2msgname() failed to convert a tuple to
+ a name a REQUIRE could be triggered. [RT #12796]
+
+1743. [bug] If isc_taskmgr_create() was not able to create the
+ requested number of worker threads then destruction
+ of the manager would trigger an INSIST() failure.
+ [RT #12790]
+
+1742. [bug] Deleting all records at a node then adding a
+ previously existing record, in a single UPDATE
+ transaction, failed to leave / regenerate the
+ associated RRSIG records. [RT #12788]
+
+1741. [bug] Deleting all records at a node in a secure zone
+ using a update-policy grant failed. [RT #12787]
+
+1740. [bug] Replace rbt's hash algorithm as it performed badly
+ with certain zones. [RT #12729]
+
+ NOTE: a hash context now needs to be established
+ via isc_hash_create() if the application was not
+ already doing this.
+
+1739. [bug] dns_rbt_deletetree() could incorrectly return
+ ISC_R_QUOTA. [RT #12695]
+
+1738. [bug] Enable overrun checking by default. [RT #12695]
+
+1737. [bug] named failed if more than 16 masters were specified.
+ [RT #12627]
+
+1736. [bug] dst_key_fromnamedfile() could fail to read a
+ public key. [RT #12687]
+
+1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
+ [RE #12688]
+
+1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path.
+ [RT #12588]
+
+1733. [bug] Return non-zero exit status on initial load failure.
+ [RT #12658]
+
+1732. [bug] 'rrset-order name "*"' wasn't being applied to ".".
+ [RT #12467]
+
+1731. [port] darwin: relax version test in ifconfig.sh.
+ [RT #12581]
+
+1730. [port] Determine the length type used by the socket API.
+ [RT #12581]
+
+1729. [func] Improve check-names error messages.
+
+1728. [doc] Update check-names documentation.
+
+1727. [bug] named-checkzone: check-names support didn't match
+ documentation.
+
+1726. [port] aix5: add support for aix5.
+
+1725. [port] linux: update error message on interaction of threads,
+ capabilities and setuid support (named -u). [RT #12541]
+
+1724. [bug] Look for DNSKEY records with "dig +sigtrace".
+ [RT #12557]
+
+1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
+
+1722. [bug] Don't commit the journal on malformed ixfr streams.
+ [RT #12519]
+
+1721. [bug] Error message from the journal processing were not
+ always identifying the relevant journal. [RT #12519]
+
+1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1
+ negative response. [RT #12506]
+
+1719. [bug] named was not correctly caching a RFC 2308 Type 1
+ negative response. [RT #12506]
+
+1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative
+ responses when looking for the zone / master server.
+ [RT #12506]
+
+1717. [port] solaris: ifconfig.sh did not support Solaris 10.
+ "ifconfig.sh down" didn't work for Solaris 9.
+
+1716. [doc] named.conf(5) was being installed in the wrong
+ location. [RT# 12441]
+
+1715. [func] 'dig +trace' now randomly selects the next servers
+ to try. Report if there is a bad delegation.
+
+1714. [bug] dig/host/nslookup were only trying the first
+ address when a nameserver was specified by name.
+ [RT #12286]
+
+1713. [port] linux: extend capset failure message to say:
+ please ensure that the capset kernel module is
+ loaded. see insmod(8)
+
+1712. [bug] Missing FULLCHECK for "trusted-key" in dig.
+
+1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'.
+
+1710. [func] 'rndc notify zone [class [view]]' resend the NOTIFY
+ messages for the specified zone. [RT #9479]
+
+1709. [port] solaris: add SMF support from Sun.
+
+1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
+ for conformance to the name space convention. Binary
+ backward compatibility to the old function name is
+ provided. [RT #12376]
+
+1707. [contrib] sdb/ldap updated to version 1.0-beta.
+
+1706. [bug] 'rndc stop' failed to cause zones to be flushed
+ sometimes. [RT #12328]
+
+1705. [func] Allow the journal's name to be changed via named.conf.
+
+1704. [port] lwres needed a snprintf() implementation for
+ platforms without snprintf(). Add missing
+ "#include <isc/print.h>". [RT #12321]
+
+1703. [bug] named would loop sending NOTIFY messages when it
+ failed to receive a response. [RT #12322]
+
+1702. [bug] also-notify should not be applied to built in zones.
+ [RT #12323]
+
+1701. [doc] A minimal named.conf man page.
+
+1700. [func] nslookup is no longer to be treated as deprecated.
+ Remove "deprecated" warning message. Add man page.
+
+1699. [bug] dnssec-signzone can generate "not exact" errors
+ when resigning. [RT #12281]
+
+1698. [doc] Use reserved IPv6 documentation prefix.
+
+1697. [bug] xxx-source{,-v6} was not effective when it
+ specified one of listening addresses and a
+ different port than the listening port. [RT #12257]
+
+1696. [bug] dnssec-signzone failed to clean out nodes that
+ consisted of only NSEC and RRSIG records.
+ [RT #12154]
+
+1695. [bug] DS records when forwarding require special handling.
+ [RT #12133]
+
+1694. [bug] Report if the builtin views of "_default" / "_bind"
+ are defined in named.conf. [RT #12023]
+
+1693. [bug] max-journal-size was not effective for master zones
+ with ixfr-from-differences set. [RT# 12024]
+
+1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
+ /usr/lib. [RT #11971]
+
+1691. [bug] sdb's attachversion was not complete. [RT #11990]
+
+1690. [bug] Delay detaching view from the client until UPDATE
+ processing completes when shutting down. [RT #11714]
+
+1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
+ contained gratuitous semicolons. [RT #11707]
+
+1688. [bug] LDFLAGS was not supported.
+
+1687. [bug] Race condition in dispatch. [RT #10272]
+
+1686. [bug] Named sent a extraneous NOTIFY when it received a
+ redundant UPDATE request. [RT #11943]
+
+1685. [bug] Change #1679 loop tests weren't quite right.
+
+1684. [func] ixfr-from-differences now takes master and slave in
+ addition to yes and no at the options and view levels.
+
+1683. [bug] dig +sigchase could leak memory. [RT #11445]
+
+1682. [port] Update configure test for (long long) printf format.
+ [RT #5066]
+
+1681. [bug] Only set SO_REUSEADDR when a port is specified in
+ isc_socket_bind(). [RT #11742]
+
+1680. [func] rndc: the source address can now be specified.
+
+1679. [bug] When there was a single nameserver with multiple
+ addresses for a zone not all addresses were tried.
+ [RT #11706]
+
+1678. [bug] RRSIG should use TYPEXXXXX for unknown types.
+
+1677. [bug] dig: +aaonly didn't work, +aaflag undocumented.
+
+1676. [func] New option "allow-query-cache". This lets
+ allow-query be used to specify the default zone
+ access level rather than having to have every
+ zone override the global value. allow-query-cache
+ can be set at both the options and view levels.
+ If allow-query-cache is not set allow-query applies.
+
+1675. [bug] named would sometimes add extra NSEC records to
+ the authority section.
+
+1674. [port] linux: increase buffer size used to scan
+ /proc/net/if_inet6.
+
+1673. [port] linux: issue a error messages if IPv6 interface
+ scans fails.
+
+1672. [cleanup] Tests which only function in a threaded build
+ now return R:THREADONLY (rather than R:UNTESTED)
+ in a non-threaded build.
+
+1671. [contrib] queryperf: add NAPTR to the list of known types.
+
+1670. [func] Log UPDATE requests to slave zones without an acl as
+ "disabled" at debug level 3. [RT# 11657]
+
+1669. [placeholder]
+
+1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
+
+1667. [port] linux: not all versions have IF_NAMESIZE.
+
+1666. [bug] The optional port on hostnames in dual-stack-servers
+ was being ignored.
+
+1665. [func] rndc now allows addresses to be set in the
+ server clauses.
+
+1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.
+
+1663. [func] Look for OpenSSL by default.
+
+1662. [bug] Change #1658 failed to change one use of 'type'
+ to 'keytype'.
+
+1661. [bug] Restore dns_name_concatenate() call in
+ adb.c:set_target(). [RT #11582]
+
+1660. [bug] win32: connection_reset_fix() was being called
+ unconditionally. [RT #11595]
+
+1659. [cleanup] Cleanup some messages that were referring to KEY vs
+ DNSKEY, NXT vs NSEC and SIG vs RRSIG.
+
+1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
+ and DH. Tighten which options apply to KEY and
+ DNSKEY records.
+
+1657. [doc] ARM: document query log output.
+
+1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
+ DNSKEY and RRSIG. [RT #11542]
+
+1655. [bug] Logging multiple versions w/o a size was broken.
+ [RT #11446]
+
+1654. [bug] isc_result_totext() contained array bounds read
+ error.
+
+1653. [func] Add key type checking to dst_key_fromfilename(),
+ DST_TYPE_KEY should be used to read TSIG, TKEY and
+ SIG(0) keys.
+
+1652. [bug] TKEY still uses KEY.
+
+1651. [bug] dig: process multiple dash options.
+
+1650. [bug] dig, nslookup: flush standard out after each command.
+
+1649. [bug] Silence "unexpected non-minimal diff" message.
+ [RT #11206]
+
+1648. [func] Update dnssec-lookaside named.conf syntax to support
+ multiple dnssec-lookaside namespaces (not yet
+ implemented).
+
+1647. [bug] It was possible trigger a INSIST when chasing a DS
+ record that required walking back over a empty node.
+ [RT #11445]
+
+1646. [bug] win32: logging file versions didn't work with
+ non-UNC filenames. [RT#11486]
+
+1645. [bug] named could trigger a REQUIRE failure if multiple
+ masters with keys are specified.
+
+1644. [bug] Update the journal modification time after a
+ successful refresh query. [RT #11436]
+
+1643. [bug] dns_db_closeversion() could leak memory / node
+ references. [RT #11163]
+
+1642. [port] Support OpenSSL implementations which don't have
+ DSA support. [RT #11360]
+
+1641. [bug] Update the check-names description in ARM. [RT #11389]
+
+1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
+ incorrectly closing the socket. [RT #11291]
+
+1639. [func] Initial dlv system test.
+
+1638. [bug] "ixfr-from-differences" could generate a REQUIRE
+ failure if the journal open failed. [RT #11347]
+
+1637. [bug] Node reference leak on error in addnoqname().
+
+1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
+ a error had occurred. The database version no longer
+ matched the version of the database that was dumped.
+
+1635. [bug] Memory leak on error in query_addds().
+
+1634. [bug] named didn't supply a useful error message when it
+ detected duplicate views. [RT #11208]
+
+1633. [bug] named should return NOTIMP to update requests to a
+ slaves without a allow-update-forwarding acl specified.
+ [RT #11331]
+
+1632. [bug] nsupdate failed to send prerequisite only UPDATE
+ messages. [RT #11288]
+
+1631. [bug] dns_journal_compact() could sometimes corrupt the
+ journal. [RT #11124]
+
+1630. [contrib] queryperf: add support for IPv6 transport.
+
+1629. [func] dig now supports IPv6 scoped addresses with the
+ extended format in the local-server part. [RT #8753]
+
+1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]
+
+1627. [bug] win32: sockets were not being closed when the
+ last external reference was removed. [RT# 11179]
+
+1626. [bug] --enable-getifaddrs was broken. [RT#11259]
+
+1625. [bug] named failed to load/transfer RFC2535 signed zones
+ which contained CNAMES. [RT# 11237]
+
+1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
+
+1623. [bug] A serial number of zero was being displayed in the
+ "sending notifies" log message when also-notify was
+ used. [RT #11177]
+
+1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
+ available, and suppress wildcard binding if not.
+
+1621. [bug] match-destinations did not work for IPv6 TCP queries.
+ [RT# 11156]
+
+1620. [func] When loading a zone report if it is signed. [RT #11149]
+
+1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
+ [RT# 11118]
+
+1618. [bug] Fencepost errors in dns_name_ishostname() and
+ dns_name_ismailbox() could trigger a INSIST().
+
+1617. [port] win32: VC++ 6.0 support.
+
+1616. [compat] Ensure that named's version is visible in the core
+ dump. [RT #11127]
+
+1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
+ it is defined.
+
+1614. [port] win32: silence resource limit messages. [RT# 11101]
+
+1613. [bug] Builds would fail on machines w/o a if_nametoindex().
+ Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
+ [RT #11119]
+
+1612. [bug] check-names at the option/view level could trigger
+ an INSIST. [RT# 11116]
+
+1611. [bug] solaris: IPv6 interface scanning failed to cope with
+ no active IPv6 interfaces.
+
+1610. [bug] On dual stack machines "dig -b" failed to set the
+ address type to be looked up with "@server".
+ [RT #11069]
+
+1609. [func] dig now has support to chase DNSSEC signature chains.
+ Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.
+
+ DNSSEC validation code in dig coded by Olivier Courtay
+ (olivier.courtay@irisa.fr) for the IDsA project
+ (http://idsa.irisa.fr).
+
+1608. [func] dig and host now accept -4/-6 to select IP transport
+ to use when making queries.
+
+1607. [bug] dig, host and nslookup were still using random()
+ to generate query ids. [RT# 11013]
+
+1606. [bug] DLV insecurity proof was failing.
+
+1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
+
+1604. [bug] A xfrout_ctx_create() failure would result in
+ xfrout_ctx_destroy() being called with a
+ partially initialized structure.
+
+1603. [bug] nsupdate: set interactive based on isatty().
+ [RT# 10929]
+
+1602. [bug] Logging to a file failed unless a size was specified.
+ [RT# 10925]
+
+1601. [bug] Silence spurious warning 'both "recursion no;" and
+ "allow-recursion" active' warning from view "_bind".
+ [RT# 10920]
+
+1600. [bug] Duplicate zone pre-load checks were not case
+ insensitive.
+
+1599. [bug] Fix memory leak on error path when checking named.conf.
+
+1598. [func] Specify that certain parts of the namespace must
+ be secure (dnssec-must-be-secure).
+
+1597. [func] Allow notify-source and query-source to be specified
+ on a per server basis similar to transfer-source.
+ [RT #6496]
+
+1596. [func] Accept 'notify-source' style syntax for query-source.
+
+1595. [func] New notify type 'master-only'. Enable notify for
+ master zones only.
+
+1594. [bug] 'rndc dumpdb' could prevent named from answering
+ queries while the dump was in progress. [RT #10565]
+
+1593. [bug] rndc should return "unknown command" to unknown
+ commands. [RT# 10642]
+
+1592. [bug] configure_view() could leak a dispatch. [RT# 10675]
+
+1591. [bug] libbind: updated to BIND 8.4.5.
+
+1590. [port] netbsd: update thread support.
+
+1589. [func] DNSSEC lookaside validation.
+
+1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
+
+1587. [bug] dns_message_settsigkey() failed to clear existing key.
+ [RT #10590]
+
+1586. [func] "check-names" is now implemented.
+
+1585. [placeholder]
+
+1584. [bug] "make test" failed with a read only source tree.
+ [RT #10461]
+
+1583. [bug] Records add via UPDATE failed to get the correct trust
+ level. [RT #10452]
+
+1582. [bug] rrset-order failed to work on RRsets with more
+ than 32 elements. [RT #10381]
+
+1581. [func] Disable DNSSEC support by default. To enable
+ DNSSEC specify "dnssec-enable yes;" in named.conf.
+
+1580. [bug] Zone destruction on final detach takes a long time.
+ [RT #3746]
+
+1579. [bug] Multiple task managers could not be created.
+
+1578. [bug] Don't use CLASS E IPv4 addresses when resolving.
+ [RT #10346]
+
+1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug
+ workaround code. [RT #10331]
+
+1576. [bug] Race condition in dns_dispatch_addresponse().
+ [RT# 10272]
+
+1575. [func] Log TSIG name on TSIG verify failure. [RT #4404]
+
+1574. [bug] Don't attempt to open the controls socket(s) when
+ running tests. [RT #9091]
+
+1573. [port] linux: update to libtool 1.5.2 so that
+ "make install DESTDIR=/xx" works with
+ "configure --with-libtool". [RT #9941]
+
+1572. [bug] nsupdate: sign the soa query to find the enclosing
+ zone if the server is specified. [RT #10148]
+
+1571. [bug] rbt:hash_node() could fail leaving the hash table
+ in an inconsistent state. [RT #10208]
+
+1570. [bug] nsupdate failed to handle classes other than IN.
+ New keyword 'class' which sets the default class.
+ [RT #10202]
+
+1569. [func] nsupdate new command 'answer' which displays the
+ complete answer message to the last update.
+
+1568. [bug] nsupdate now reports that the update failed in
+ interactive mode. [RT# 10236]
+
+1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
+
+1566. [port] Support for the cmsg framework on Solaris and HP/UX.
+ This also solved the problem that match-destinations
+ for IPv6 addresses did not work on these systems.
+ [RT #10221]
+
+1565. [bug] CD flag should be copied to outgoing queries unless
+ the query is under a secure entry point in which case
+ CD should be set.
+
+1564. [func] Attempt to provide a fallback entropy source to be
+ used if named is running chrooted and named is unable
+ to open entropy source within the chroot area.
+ [RT #10133]
+
+1563. [bug] Gracefully fail when unable to obtain neither an IPv4
+ nor an IPv6 dispatch. [RT #10230]
+
+1562. [bug] isc_socket_create() and isc_socket_accept() could
+ leak memory under error conditions. [RT #10230]
+
+1561. [bug] It was possible to release the same name twice if
+ named ran out of memory. [RT #10197]
+
+1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
+ and EAI_NONAME to the same value.
+
+1559. [port] named should ignore SIGFSZ.
+
+1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
+ child zones for which we don't have a supported
+ algorithm. Such child zones are treated as unsigned.
+
+1557. [func] Implement missing DNSSEC tests for
+ * NOQNAME proof with wildcard answers.
+ * NOWILDARD proof with NXDOMAIN.
+ Cache and return NOQNAME with wildcard answers.
+
+1556. [bug] nsupdate now treats all names as fully qualified.
+ [RT #6427]
+
+1555. [func] 'rrset-order cyclic' no longer has a random starting
+ point per query. [RT #7572]
+
+1554. [bug] dig, host, nslookup failed when no nameservers
+ were specified in /etc/resolv.conf. [RT #8232]
+
+1553. [bug] The windows socket code could stop accepting
+ connections. [RT#10115]
+
+1552. [bug] Accept NOTIFY requests from mapped masters if
+ matched-mapped is set. [RT #10049]
+
+1551. [port] Open "/dev/null" before calling chroot().
+
+1550. [port] Call tzset(), if available, before calling chroot().
+
+1549. [func] named-checkzone can now write out the zone contents
+ in a easily parsable format (-D and -o).
+
+1548. [bug] When parsing APL records it was possible to silently
+ accept out of range ADDRESSFAMILY values. [RT# 9979]
+
+1547. [bug] Named wasted memory recording duplicate lame zone
+ entries. [RT #9341]
+
+1546. [bug] We were rejecting valid secure CNAME to negative
+ answers.
+
+1545. [bug] It was possible to leak memory if named was unable to
+ bind to the specified transfer source and TSIG was
+ being used. [RT #10120]
+
+1544. [bug] Named would logged a single entry to a file despite it
+ being over the specified size limit.
+
+1543. [bug] Logging using "versions unlimited" did not work.
+
+1542. [placeholder]
+
+1541. [func] NSEC now uses new bitmap format.
+
+1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
+ [RT #8934]
+
+1539. [bug] Open UDP sockets for notify-source and transfer-source
+ that use reserved ports at startup. [RT #9475]
+
+1538. [placeholder] rt9997
+
+1537. [func] New option "querylog". If set specify whether query
+ logging is to be enabled or disabled at startup.
+
+1536. [bug] Windows socket code failed to log a error description
+ when returning ISC_R_UNEXPECTED. [RT #9998]
+
+1535. [placeholder]
+
+1534. [bug] Race condition when priming cache. [RT# 9940]
+
+1533. [func] Warn if both "recursion no;" and "allow-recursion"
+ are active. [RT# 4389]
+
+1532. [port] netbsd: the configure test for <sys/sysctl.h>
+ requires <sys/param.h>.
+
+1531. [port] AIX more libtool fixes.
+
+1530. [bug] It was possible to trigger a INSIST() failure if a
+ slave master file was removed at just the correct
+ moment. [RT #9462]
+
+1529. [bug] "notify explicit;" failed to log that NOTIFY messages
+ were being sent for the zone. [RT# 9442]
+
+1528. [cleanup] Simplify some dns_name_ functions based on the
+ deprecation of bitstring labels.
+
+1527. [cleanup] Reduce the number of gettimeofday() calls without
+ losing necessary timer granularity.
+
+1526. [func] Implemented "additional section caching (or acache)",
+ an internal cache framework for additional section
+ content to improve response performance. Several
+ configuration options were provided to control the
+ behavior.
+
+1525. [bug] dns_cache_create() could trigger a REQUIRE
+ failure in isc_mem_put() during error cleanup.
+ [RT# 9360]
+
+1524. [port] AIX needs to be able to resolve all symbols when
+ creating shared libraries (--with-libtool).
+
+1523. [bug] Fix race condition in rbtdb. [RT# 9189]
+
+1522. [bug] dns_db_findnode() relax the requirements on 'name'.
+ [RT# 9286]
+
+1521. [bug] dns_view_createresolver() failed to check the
+ result from isc_mem_create(). [RT# 9294]
+
+1520. [protocol] Add SSHFP (SSH Finger Print) type.
+
+1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
+ length of the new bitmap.
+
+1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(),
+ contained a off-by-one error when working out the
+ number of octets in the bitmap.
+
+1517. [port] Support for IPv6 interface scanning on HP/UX and
+ TrueUNIX 5.1.
+
+1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
+
+1515. [func] Allow transfer source to be set in a server statement.
+ [RT #6496]
+
+1514. [bug] named: isc_hash_destroy() was being called too early.
+ [RT #9160]
+
+1513. [doc] Add "US" to root-delegation-only exclude list.
+
+1512. [bug] Extend the delegation-only logging to return query
+ type, class and responding nameserver.
+
+1511. [bug] delegation-only was generating false positives
+ on negative answers from sub-zones.
+
+1510. [func] New view option "root-delegation-only". Apply
+ delegation-only check to all TLDs and root.
+ Note there are some TLDs that are NOT delegation
+ only (e.g. DE, LV, US and MUSEUM) these can be excluded
+ from the checks by using exclude.
+
+ root-delegation-only exclude {
+ "DE"; "LV"; "US"; "MUSEUM";
+ };
+
+1509. [bug] Hint zones should accept delegation-only. Forward
+ zone should not accept delegation-only.
+
+1508. [bug] Don't apply delegation-only checks to answers from
+ forwarders.
+
+1507. [bug] Handle BIND 8 style returns to NS queries to parents
+ when making delegation-only checks.
+
+1506. [bug] Wrong return type for dns_view_isdelegationonly().
+
+1505. [bug] Uninitialized rdataset in sdb. [RT #8750]
+
+1504. [func] New zone type "delegation-only".
+
+1503. [port] win32: install libeay32.dll outside of system32.
+
+1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP.
+
+1501. [func] Allow TCP queue length to be specified via
+ named.conf, tcp-listen-queue.
+
+1500. [bug] host failed to lookup MX records. Also look up
+ AAAA records.
+
+1499. [bug] isc_random need to be seeded better if arc4random()
+ is not used.
+
+1498. [port] bsdos: 5.x support.
+
+1497. [placeholder]
+
+1496. [port] test for pthread_attr_setstacksize().
+
+1495. [cleanup] Replace hash functions with universal hash.
+
+1494. [security] Turn on RSA BLINDING as a precaution.
+
+1493. [placeholder]
+
+1492. [cleanup] Preserve rwlock quota context when upgrading /
+ downgrading. [RT #5599]
+
+1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
+ lines. [RT #6206]
+
+1490. [bug] Accept reading state as well as working state in
+ ns_client_next(). [RT #6813]
+
+1489. [compat] Treat 'allow-update' on slave zones as a warning.
+ [RT #3469]
+
+1488. [bug] Don't override trust levels for glue addresses.
+ [RT #5764]
+
+1487. [bug] A REQUIRE() failure could be triggered if a zone was
+ queued for transfer and the zone was then removed.
+ [RT #6189]
+
+1486. [bug] isc_print_snprintf() '%%' consumed one too many format
+ characters. [RT# 8230]
+
+1485. [bug] gen failed to handle high type values. [RT #6225]
+
+1484. [bug] The number of records reported after a AXFR was wrong.
+ [RT #6229]
+
+1483. [bug] dig axfr failed if the message id in the answer failed
+ to match that in the request. Only the id in the first
+ message is required to match. [RT #8138]
+
+1482. [bug] named could fail to start if the kernel supports
+ IPv6 but no interfaces are configured. Similarly
+ for IPv4. [RT #6229]
+
+1481. [bug] Refresh and stub queries failed to use masters keys
+ if specified. [RT #7391]
+
+1480. [bug] Provide replay protection for rndc commands. Full
+ replay protection requires both rndc and named to
+ be updated. Partial replay protection (limited
+ exposure after restart) is provided if just named
+ is updated.
+
+1479. [bug] cfg_create_tuple() failed to handle out of
+ memory cleanup. parse_list() would leak memory
+ on syntax errors.
+
+1478. [port] ifconfig.sh didn't account for other virtual
+ interfaces. It now takes a optional argument
+ to specify the first interface number. [RT #3907]
+
+1477. [bug] memory leak using stub zones and TSIG.
+
+1476. [placeholder]
+
+1475. [port] Probe for old sprintf().
+
+1474. [port] Provide strtoul() and memmove() for platforms
+ without them.
+
+1473. [bug] create_map() and create_string() failed to handle out
+ of memory cleanup. [RT #6813]
+
+1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
+
+1471. [bug] libbind: updated to BIND 8.4.0.
+
+1470. [bug] Incorrect length passed to snprintf. [RT #5966]
+
+1469. [func] Log end of outgoing zone transfer at same level
+ as the start of transfer is logged. [RT #4441]
+
+1468. [func] Internal zones are no longer counted for
+ 'rndc status'. [RT #4706]
+
+1467. [func] $GENERATES now supports optional class and ttl.
+
+1466. [bug] lwresd configuration errors resulted in memory
+ and lock leaks. [RT #5228]
+
+1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
+ failed to check that trailing bits were zero allowing
+ some invalid base64 strings to be accepted. [RT #5397]
+
+1464. [bug] Preserve "out of zone" data for outgoing zone
+ transfers. [RT #5192]
+
+1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
+ NXT bit maps. [RT #5577]
+
+1462. [bug] parse_sizeval() failed to check the token type.
+ [RT #5586]
+
+1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
+
+1460. [bug] inet_pton() failed to reject certain malformed
+ IPv6 literals.
+
+1459. [placeholder]
+
+1458. [cleanup] sprintf() -> snprintf().
+
+1457. [port] Provide strlcat() and strlcpy() for platforms without
+ them.
+
+1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
+
+1455. [bug] <netaddr> missing from server grammar in
+ doc/misc/options. [RT #5616]
+
+1454. [port] Use getifaddrs() if available for interface scanning.
+ --disable-getifaddrs to override. Glibc currently
+ has a getifaddrs() that does not support IPv6.
+ Use --enable-getifaddrs=glibc to force the use of
+ this version under linux machines.
+
+1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
+
+1452. [placeholder]
+
+1451. [bug] rndc-confgen didn't exit with a error code for all
+ failures. [RT #5209]
+
+1450. [bug] Fetching expired glue failed under certain
+ circumstances. [RT #5124]
+
+1449. [bug] query_addbestns() didn't handle running out of memory
+ gracefully.
+
+1448. [bug] Handle empty wildcards labels.
+
+1447. [bug] We were casting (unsigned int) to and from (void *).
+ rdataset->private4 is now rdataset->privateuint4
+ to reflect a type change.
+
+1446. [func] Implemented undocumented alternate transfer sources
+ from BIND 8. See use-alt-transfer-source,
+ alt-transfer-source and alt-transfer-source-v6.
+
+ SECURITY: use-alt-transfer-source is ENABLED unless
+ you are using views. This may cause a security risk
+ resulting in accidental disclosure of wrong zone
+ content if the master supplying different source
+ content based on IP address. If you are not certain
+ ISC recommends setting use-alt-transfer-source no;
+
+1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
+ been replaced with DNS_ADBFIND_STARTATZONE which
+ causes the search to start using the closest zone.
+
+1444. [func] dns_view_findzonecut2() allows you to specify if the
+ cache should be searched for zone cuts.
+
+1443. [func] Masters lists can now be specified and referenced
+ in zone masters clauses and other masters lists.
+
+1442. [func] New functions for manipulating port lists:
+ dns_portlist_create(), dns_portlist_add(),
+ dns_portlist_remove(), dns_portlist_match(),
+ dns_portlist_attach() and dns_portlist_detach().
+
+1441. [func] It is now possible to tell dig to bind to a specific
+ source port.
+
+1440. [func] It is now possible to tell named to avoid using
+ certain source ports (avoid-v4-udp-ports,
+ avoid-v6-udp-ports).
+
+1439. [bug] Named could return NOERROR with certain NOTIFY
+ failures. Return NOTAUTH if the NOTIFY zone is
+ not being served.
+
+1438. [func] Log TSIG (if any) when logging NOTIFY requests.
+
+1437. [bug] Leave space for stdio to work in. [RT #5033]
+
+1436. [func] dns_zonemgr_resumexfrs() can be used to restart
+ stalled transfers.
+
+1435. [bug] zmgr_resume_xfrs() was being called read locked
+ rather than write locked. zmgr_resume_xfrs()
+ was not being called if the zone was being
+ shutdown.
+
+1434. [bug] "rndc reconfig" failed to initiate the initial
+ zone transfer of new slave zones.
+
+1433. [bug] named could trigger a REQUIRE failure if it could
+ not get a file descriptor when attempting to write
+ a master file. [RT #4347]
+
+1432. [func] The advertised EDNS UDP buffer size can now be set
+ via named.conf (edns-udp-size).
+
+1431. [bug] isc_print_snprintf() "%s" with precision could walk off
+ end of argument. [RT #5191]
+
+1430. [port] linux: IPv6 interface scanning support.
+
+1429. [bug] Prevent the cache getting locked to old servers.
+
+1428. [placeholder]
+
+1427. [bug] Race condition in adb with threaded build.
+
+1426. [placeholder]
+
+1425. [port] linux/libbind: define __USE_MISC when testing *_r()
+ function prototypes in netdb.h. [RT #4921]
+
+1424. [bug] EDNS version not being correctly printed.
+
+1423. [contrib] queryperf: added A6 and SRV.
+
+1422. [func] Log name/type/class when denying a query. [RT #4663]
+
+1421. [func] Differentiate updates that don't succeed due to
+ prerequisites (unsuccessful) vs other reasons
+ (failed).
+
+1420. [port] solaris: work around gcc optimizer bug.
+
+1419. [port] openbsd: use /dev/arandom. [RT #4950]
+
+1418. [bug] 'rndc reconfig' did not cause new slaves to load.
+
+1417. [func] ID.SERVER/CHAOS is now a built in zone.
+ See "server-id" for how to configure.
+
+1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
+ [RT #4715]
+
+1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
+ from SOA MINIMUM.
+
+1414. [func] Support for KSK flag.
+
+1413. [func] Explicitly request the (re-)generation of DS records
+ from keysets (dnssec-signzone -g).
+
+1412. [func] You can now specify servers to be tried if a nameserver
+ has IPv6 address and you only support IPv4 or the
+ reverse. See dual-stack-servers.
+
+1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
+
+1410. [func] Handle records that live in the parent zone, e.g. DS.
+
+1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
+
+1408. [bug] "make distclean" was not complete. [RT #4700]
+
+1407. [bug] lfsr incorrectly implements the shift register.
+ [RT #4617]
+
+1406. [bug] dispatch initializes one of the LFSR's with a incorrect
+ polynomial. [RT #4617]
+
+1405. [func] Use arc4random() if available.
+
+1404. [bug] libbind: ns_name_ntol() could overwrite a zero length
+ buffer.
+
+1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset
+ dnssec-signkey now report their version in the
+ usage message.
+
+1402. [cleanup] A6 has been moved to experimental and is no longer
+ fully supported.
+
+1401. [bug] adb wasn't clearing state when the timer expired.
+
+1400. [bug] Block the addition of wildcard NS records by IXFR
+ or UPDATE. [RT #3502]
+
+1399. [bug] Use serial number arithmetic when testing SIG
+ timestamps. [RT #4268]
+
+1398. [doc] ARM: notify-also should have been also-notify.
+ [RT #4345]
+
+1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
+
+1396. [func] dnssec-signzone: adjust the default signing time by
+ 1 hour to allow for clock skew.
+
+1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
+ have a working implementation. [RT #4079]
+
+1394. [func] It is now possible to check if a particular element is
+ in a acl. Remove duplicate entries from the localnets
+ acl.
+
+1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
+ is not available in the kernel to prevent accidently
+ listening on IPv4 interfaces.
polachok's projects / dragonfly.git / commitdiff