2 * bugfix #394: Fix socket leak on errors
3 * bugfix #392: Apex only and percentage checks for ldns-verify-zone
5 * bugfix #398: Allow NSEC RRSIGs before the NSEC3 in ldns-verify-zone
6 * Fix python site package path from sitelib to sitearch for pyldns.
7 * Fix python api to support python2 and python3 (thanks Karel Slany).
8 * bugfix #401: Correction of date/time functions algorithm and
9 prevention of an infinite loop therein
10 * bugfix #402: Correct the minimum and maximum number of rdata fields
11 in TSIG. (thanks David Keeler)
12 * bugfix #403: Fix heap overflow (thanks David Keeler)
13 * bugfix #404: Make parsing APL strings more robust
15 * bugfix #391: Complete library assessment to prevent assertion errors
16 through ldns_rdf_size usage.
17 * Slightly more specific error messaging on wrong number of rdata
18 fields with the LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG and
19 LDNS_STATUS_MISSING_RDATA_FIELDS_KEY result codes.
20 * bugfix #406: More rigorous openssl result code handling to prevent
21 future crashes within openssl.
22 * Fix ldns_fetch_valid_domain_keys to search deeper than just one level
23 for a DNSKEY that signed a DS RR. (this function was used in the
24 check_dnssec_trace nagios module)
25 * bugfix #407: Canonicalize TSIG dnames and algorithm fields
26 * A new output specifier to accommodate configuration of what to show
27 in comment texts when converting host and/or wire-format data to
28 string. All conversion to string and printing functions have a new
29 version that have such a format specifier as an extra argument.
30 The default is changed so that only DNSKEY RR's are annotated with
31 an comment show the Key Tag of the DNSKEY.
32 * Fixed the ldns resolver to not mark a nameserver unreachable when
33 edns0 is tried unsuccessfully with size 4096 (no return packet came),
34 but to still try TCP. A big UDP packet might have been corrupted by
35 fragments dropping firewalls.
36 * Update of libdns.vim (thanks Miek Gieben)
37 * Added the ldnsx Python module to our contrib section, which adds even
38 more pythonisticism to the usage of ldns with Python. (Many thanks
39 to Christpher Olah and Paul Wouters)
40 The ldnsx module is automatically installed when --with-pyldns is
41 used with configuring, but may explicitly be excluded with the
42 --without-pyldnsx option to configure.
43 * bugfix #410: Fix clearing out temporary data on stack in sha2.c
44 * bugfix #411: Don't let empty non-terminal NSEC3s cause assertion failure.
47 * New example tool added: ldns-gen-zone.
48 * bugfix #359: Serial-arithmetic for the inception and expiration
49 fields of a RRSIG and correctly converting them to broken-out time
51 * bugfix #364: Slight performance increase of ldns-verifyzone.
52 * bugfix #367: Fix to allow glue records with the same name as the
54 * Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and*
55 glue when the zone is opt-out.
56 * bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations,
57 ldns_nsec3_flags and ldns_nsec3_algorithm to work for NSEC3PARAMS too.
58 * pyldns memory leaks fixed by Bedrich Kosata (at the cost of a bit
60 * Better handling of reference variables in ldns_rr_new_frm_fp_l from
61 pyldns, with a very nice generator function by Bedrich Kosata.
62 * Decoupling of the rdfs in rrs in the python wrappers to enable
63 the python garbage collector by Bedrich Kosata.
64 * bugfix #380: Minimizing effect of discrepancies in sizeof(bool) at
65 build time and when used.
66 * bugfix #383: Fix detection of empty nonterminals of multiple labels.
67 * Fixed the ommission of rrsets in nsec(3)s and rrsigs to all occluded
68 names (in stead of just the ones that contain glue only) and all
69 occluded records on the delegation points (in stead of just the glue).
70 * Clarify the operation of ldns_dnssec_mark_glue and the usage of
71 ldns_dnssec_node_next_nonglue functions in the documentation.
72 * Added function ldns_dnssec_mark_and_get_glue as an real fast
73 alternative for ldns_zone_glue_rr_list.
74 * Fix parse buffer overflow for max length domain names.
75 * Fix Makefile for U in environment, since wrong U is more common than
76 deansification necessity.
79 * Fix creating NSEC(3) bitmaps: make array size 65536,
81 * Fix printout of escaped binary in TXT records.
82 * Parsing TXT records: don't skip starting whitespace that is quoted.
83 * bugfix #358: Check if memory was successfully allocated in
85 * Added more memory allocation checks in host2str.c
86 * python wrapper for ldns_fetch_valid_domain_keys by Bedrich Kosata.
87 * fix to compile python wrapper with swig 2.0.2.
88 * Don't fallback to SHA-1 when creating NSEC3 hash with another
89 algorithm identifier, fail instead (no other algorithm identifiers
93 * Fix ldns zone, so that $TTL definition match RFC 2308.
94 * Fix lots of missing checks on allocation failures and parse of
95 NSEC with many types and max parse length in hosts_frm_fp routine
96 and off by one in read_anchor_file routine (thanks Dan Kaminsky and
98 * bugfix #335: Drill: Print both SHA-1 and SHA-256 corresponding DS
100 * Print correct WHEN in query packet (is not always 1-1-1970)
101 * ldns-test-edns: new example tool that detects EDNS support.
102 * fix ldns_resolver_send without openssl.
103 * bugfix #342: patch for support for more CERT key types (RFC4398).
104 * bugfix #351: fix udp_send hang if UDP checksum error.
105 * fix set_bit (from NSEC3 sign) patch from Jan Komissar.
108 * EXPERIMENTAL ecdsa implementation, please do not enable on real
110 * GOST code enabled by default (RFC 5933).
111 * bugfix #326: ignore whitespace between directives and their values.
112 * Header comment to advertise ldns_axfr_complete to check for
113 successfully completed zone transfers.
114 * read resolv.conf skips interface labels, e.g. %eth0.
115 * Fix drill verify NSEC3 denials.
116 * Use closesocket() on windows.
117 * Add ldns_get_signing_algorithm_by_name that understand aliases,
118 names changed to RFC names and aliases for compatibility added.
119 * bugfix: don't print final dot if the domain is relative.
120 * bugfix: resolver search continue when packet rcode != NOERROR.
121 * bugfix: resolver push all domains in search directive to list.
122 * bugfix: resolver search by default includes the root domain.
123 * bugfix: tcp read could fail on single octet recv.
124 * bugfix: read of RR in unknown syntax with missing fields.
125 * added ldns_pkt_tsig_sign_next() and ldns_pkt_tsig_verify_next()
126 to sign and verify TSIG RRs on subsequent messages
127 (section 4.4, RFC 2845, thanks to Michael Sheldon).
128 * bugfix: signer sigs nsecs with zsks only.
129 * bugfix #333: fix ldns_dname_absolute for name ending with backslash.
132 * Fix ldns_rr_clone to copy question rrs properly.
133 * Fix ldns_sign_zone(_nsec3) to clone the soa for the new zone.
134 * Fix ldns_wire2dname size check from reading 1 byte beyond buffer end.
135 * Fix ldns_wire2dname from reading 1 byte beyond end for pointer.
136 * Fix crash using GOST for particular platform configurations.
137 * extern C declarations used in the header file.
138 * Removed debug fprintf from resolver.c.
139 * ldns-signzone checks if public key file is for the right zone.
140 * NETLDNS, .NET port of ldns functionality, by Alex Nicoll, in contrib.
141 * Fix handling of comments in resolv.conf parse.
142 * GOST code enabled if SSL recent, RFC 5933.
143 * bugfix #317: segfault util.c ldns_init_random() fixed.
144 * Fix ldns_tsig_mac_new: allocate enough memory for the hash, fix use of
145 b64_pton_calculate_size.
146 * Fix ldns_dname_cat: size calculation and handling of realloc().
147 * Fix ldns_rr_pop_rdf: fix handling of realloc().
148 * Fix ldns-signzone for single type key scheme: sign whole zone if there
150 * Fix ldns_resolver: also close socket if AXFR failed (if you don't,
151 it would block subsequent transfers (thanks Roland van Rijswijk).
152 * Fix drill: allow for a secure trace if you use DS records as trust
153 anchors (thanks Jan Komissar).
156 * Catch \X where X is a digit as an error.
157 * Fix segfault when ip6 ldns resolver only has ip4 servers.
158 * Fix NSEC record after DNSKEY at zone apex not properly signed.
159 * Fix syntax error if last label too long and no dot at end of domain.
160 * Fix parse of \# syntax with space for type LOC.
161 * Fix ldns_dname_absolute for escape sequences, fixes some parse errs.
162 * bugfix #297: linking ssl, bug due to patch submitted as #296.
163 * bugfix #299: added missing declarations to host2str.h
164 * ldns-compare-zones -s to not exclude SOA record from comparison.
165 * --disable-rpath fix
166 * fix ldns_pkt_empty(), reported by Alex Nicoll.
167 * fix ldns_resolver_new_frm_fp not ignore lines after a comment.
168 * python code for ldns_rr.new_question_frm_str()
169 * Fix ldns_dnssec_verify_denial: the signature selection routine.
170 * Type TALINK parsed (draft-ietf-dnsop-trust-history).
171 * bugfix #304: fixed dead loop in ldns_tcp_read_wire() and
172 ldns_tcp_read_wire_timeout().
173 * GOST support with correct algorithm numbers. The plan is to make it
174 enabled if openssl support is detected, but it is disabled by
175 default in this release because the RFC is not ready.
176 * Fixed comment in rbtree.h about being first member and data ptr.
177 * Fixed possibly leak in case of out of memory in ldns_native2rdf...
178 * ldns_dname_is_wildcard added.
179 * Fixed: signatures over wildcards had the wrong labelcount.
180 * Fixed ldns_verify() inconsistent return values.
181 * Fixed ldns_resolver to copy and free tsig name, data and algorithm.
182 * Fixed ldns_resolver to push search onto searchlist.
183 * A ldns resolver now defaults to a non-recursive resolver that handles
185 * ldns_resolver_print() prints more details.
186 * Fixed ldns_rdf2buffer_str_time(), which did not print timestamps
188 * Make ldns_resolver_nameservers_randomize() more random.
189 * bugfix #310: POSIX specifies NULL second argument of gettimeofday.
190 * fix compiler warnings from llvm clang compiler.
191 * bugfix #309: ldns_pkt_clone did not clone the tsig_rr.
192 * Fix gentoo ebuild for drill, 'no m4 directory'.
193 * bugfix #313: drill trace on an empty nonterminal continuation.
196 * Imported pyldns contribution by Zdenek Vasicek and Karel Slany.
197 Changed its configure and Makefile to fit into ldns.
198 Added its dname_* methods to the rdf_* class (as is the ldns API).
199 Changed swig destroy of ldns_buffer class to ldns_buffer_free.
200 Declared ldns_pkt_all and ldns_pkt_all_noquestion so swig sees them.
201 * Bugfix: parse PTR target of .tomhendrikx.nl with error not crash.
202 * Bugfix: handle escaped characters in TXT rdata.
203 * bug292: no longer crash on malformed domain names where a label is
204 on position 255, which was a buffer overflow by one.
205 * Fix ldns_get_rr_list_hosts_frm_fp_l (strncpy to strlcpy change),
206 which fixes resolv.conf reading badly terminated string buffers.
207 * Fix ldns_pkt_set_random_id to be more random, and a little faster,
208 it did not do value 0 statistically correctly.
209 * Fix ldns_rdf2native_sockaddr_storage to set sockaddr type to zeroes,
211 * bug295: nsec3-hash routine no longer case sensitive.
212 * bug298: drill failed nsec3 denial of existence proof.
215 * Bugfix: allow for unknown resource records in zonefile with rdlen=0.
216 * Bugfix: also mark an RR as question if it comes from the wire
217 * Bugfix: NSEC3 bitmap contained NSEC
218 * Bugfix: Inherit class when creating signatures
221 * Fix Makefile patch from Havard Eidnes, better install.sh usage.
222 * Fix parse error on SOA serial of 2910532839.
223 Fix print of ';' and readback of '\;' in names, also for '\\'.
224 Fix parse of '\(' and '\)' in names. Also for file read. Also '\.'
225 * Fix signature creation when TTLs are different for RRs in RRset.
226 * bug273: fix so EDNS rdata is included in pkt to wire conversion.
227 * bug274: fix use of c++ keyword 'class' for RR class in the code.
228 * bug275: fix memory leak of packet edns rdata.
229 * Fix timeout procedure for TCP and AXFR on Solaris.
230 * Fix occasional NSEC bitmap bogus
231 * Fix rr comparing (was in reversed order since 1.6.0)
232 * bug278: fix parsing HINFO rdata (and other cases).
233 * Fix previous owner name: also pick up if owner name is @.
234 * RFC5702: enabled sha2 functions by default. This requires OpenSSL 0.9.8 or higher.
235 Reason for this default is the root to be signed with RSASHA256.
236 * Fix various LDNS RR parsing issues: IPSECKEY, WKS, NSAP, very long lines
237 * Fix: Make ldns_dname_is_subdomain case insensitive.
238 * Fix ldns-verify-zone so that address records at zone NS set are not considered glue
239 (Or glue records fall below delegation)
240 * Fix LOC RR altitude printing.
241 * Feature: Added period (e.g. '3m6d') support at explicit TTLs.
242 * Feature: DNSKEY rrset by default signed with minimal signatures
243 but -A option for ldns-signzone to sign it with all keys.
244 This makes the DNSKEY responses smaller for signed domains.
247 * --enable-gost : use the GOST algorithm (experimental).
248 * Added some missing options to drill manpage
249 * Some fixes to --without-ssl option
250 * Fixed quote parsing withing strings
251 * Bitmask fix in EDNS handling
252 * Fixed non-fqdn domain name completion for rdata field domain
254 * Fixed chain validation with SHA256 DS records
258 * Addition of an ldns-config script which gives cflags and libs
259 values, for use in configure scripts for applications that use
260 use ldns. Can be disabled with ./configure --disable-ldns-config
261 * Added direct sha1, sha256, and sha512 support in ldns.
262 With these functions, all NSEC3 functionality can still be
263 used, even if ldns is built without OpenSSL. Thanks to OpenBSD,
264 Steve Reid, and Aaron D. Gifford for the code.
265 * Added reading/writing support for the SPF Resource Record
266 * Base32 functions are now exported
268 * ldns_is_rrset did not go through the complete rrset, but
269 only compared the first two records. Thanks to Olafur
270 Gudmundsson for report and patch
271 * Fixed a small memory bug in ldns_rr_list_subtype_by_rdf(),
272 thanks to Marius Rieder for finding an patching this.
273 * --without-ssl should now work. Make sure that examples/ and
274 drill also get the --without-ssl flag on their configure, if
276 * Some malloc() return value checks have been added
277 * NSEC3 creation has been improved wrt to empty nonterminals,
279 * Fixed a bug in the parser when reading large NSEC3 salt
281 * Made the allowed length for domain names on wire
282 and presentation format the same.
284 * ldns-key2ds can now also generate DS records for keys without
286 * ldns-signzone now equalizes the TTL of the DNSKEY RRset (to
287 the first non-default DNSKEY TTL value it sees)
291 * ldns-signzone was broken in 1.5.0 for multiple keys, this
295 * Removed a small erroneous output warning in
296 examples/configure and drill/configure
300 * fixed a possible memory overflow in the RR parser
301 * build flag fix for Sun Studio
302 * fixed a building race condition in the copying of header
304 * EDNS0 extended rcode; the correct assembled code number
305 is now printed (still in the EDNS0 field, though)
306 * ldns_pkt_rr no longer leaks memory (in fact, it no longer
310 * ldns_key now has support for 'external' data, in which
311 case the OpenSSL EVP structures are not used;
312 ldns_key_set_external_key() and ldns_key_external_key()
313 * added ldns_key_get_file_base_name() which creates a
314 'default' filename base string for key storage, of the
315 form "K<zone>+<algorithm>+<keytag>"
316 * the ldns_dnssec_* family of structures now have deep_free()
317 functions, which also free the ldns_rr's contained in them
318 * there is now an ldns_match_wildcard() function, which checks
319 whether a domain name matches a wildcard name
320 * ldns_sign_public has been split up; this resulted in the
321 addition of ldns_create_empty_rrsig() and
322 ldns_sign_public_buffer()
325 * ldns-signzone can now automatically add DNSKEY records when
326 using an OpenSSL engine, as it already did when using key
328 * added new example tool: ldns-nsec3-hash
329 * ldns-dpa can now filter on specific query name and types
330 * ldnsd has fixes for the zone name, a fix for the return
331 value of recvfrom(), and an memory initialization fix
332 (Thanks to Colm MacCárthaigh for the patch)
333 * Fixed memory leaks in ldnsd
339 * fixed a build issue where ldns lib existence was done too early
340 * removed unnecessary check for pcap.h
341 * NSEC3 optout flag now correctly printed in string output
342 * inttypes.h moved to configured inclusion
343 * fixed NSEC3 type bitmaps for empty nonterminals and unsigned
347 * for that last fix, we added a new function
348 ldns_dname_add_from() that can clone parts of a dname
352 * sig chase return code fix (patch from Rafael Justo, bug id 189)
353 * rdata.c memory leaks on error and allocation checks fixed (patch
354 from Shane Kerr, bug id 188)
355 * zone.c memory leaks on error and allocation checks fixed (patch
356 from Shane Kerr, bug id 189)
357 * ldns-zplit output and error messages fixed (patch from Shane Kerr,
359 * Fixed potential buffer overflow in ldns_str2rdf_dname
360 * Signing code no longer signs delegation NS rrsets
361 * Some minor configure/makefile updates
362 * Fixed a bug in the randomness initialization
363 * Fixed a bug in the reading of resolv.conf
364 * Fixed a bug concerning whitespace in zone data (with patch from Ondrej
366 * Fixed a small fallback problem in axfr client code
369 * added 2str convenience functions:
372 - ldns_rr_type2buffer_str
373 - ldns_rr_class2buffer_str
374 * buffer2str() is now called ldns_buffer2str
375 * base32 and base64 function names are now also prepended with ldns_
376 * ldns_rr_new_frm_str() now returns an error on missing RDATA fields.
377 Since you cannot read QUESTION section RRs with this anymore,
378 there is now a function called ldns_rr_new_question_frm_str()
381 * DS RRs string representation now add bubblebabble in a comment
382 (patch from Jakob Schlyter)
384 * TCP fallback system has been improved
385 * HMAC-SHA256 TSIG support has been added.
386 * TTLS are now correcly set in NSEC(3) records when signing zones
389 * New example: ldns-revoke to revoke DNSKEYs according to RFC5011
390 * ldns-testpkts has been fixed and updated
391 * ldns-signzone now has the option to not add the DNSKEY
392 * ldns-signzone now has an (full zone only) opt-out option for
394 * ldns-keygen can create HMAC-SHA1 and HMAC-SHA256 symmetric keys
395 * ldns-walk output has been fixed
396 * ldns-compare-zones has been fixed, and now has an option
397 to show all differences (-a)
398 * ldns-read-zone now has an option to print DNSSEC records only
403 * Added a new family of functions based around ldns_dnssec_zone,
404 which is a new structure that keeps a zone sorted through an
405 rbtree and links signatures and NSEC(3) records directly to their
406 RRset. These functions all start with ldns_dnssec_
408 * ldns_zone_sign and ldns_zone_sign_nsec3 are now deprecated, but
409 have been changed to internally use the new
410 ldns_dnssec_zone_sign(_nsec3)
412 * Moved some ldns_buffer functions inline, so a clean rebuild of
413 applications relying on those is needed (otherwise you'll get
415 * ldns_dname_label now returns one extra (zero)
416 byte, so it can be seen as an fqdn.
417 * NSEC3 type code update for signing algorithms.
418 * DSA key generation of DNSKEY RRs fixed (one byte too small).
420 * Added support for RSA/SHA256 and RSA/SHA512, as specified in
421 draft-ietf-dnsext-dnssec-rsasha256-04. The typecodes are not
422 final, and this feature is not enabled by default. It can be
423 enabled at compilation time with the flag --with-sha2
425 * Added 2wire_canonical family of functions that lowercase dnames
426 in rdata fields in resource records of the types in the list in
429 * Added base32 conversion functions.
431 * Fixed DSA RRSIG conversion when calling OpenSSL
435 * Chase output is completely different, it shows, in ascii, the
436 relations in the trust hierarchy.
439 * Added ldns-verify-zone, that can verify the internal DNSSEC records
440 of a signed BIND-style zone file
442 * ldns-keygen now takes an -a argument specifying the algorithm,
443 instead of -R or -D. -a list show a list of supported algorithms
445 * ldns-keygen now defaults to the exponent RSA_F4 instead of RSA_3
446 for RSA key generation
448 * ldns-signzone now has support for HSMs
449 * ldns-signzone uses the new ldns_dnssec_ structures and functions
450 which improves its speed, and output; RRSIGS are now placed
451 directly after their RRset, NSEC(3) records directly after the
455 * new contrib/ dir with user contributions
456 * added compilation script for solaris (thanks to Jakob Schlyter)
459 * Added support for HMAC-MD5 keys in generator
460 * Added a new example tool (written by Ondrej Sury): ldns-compare-zones
461 * ldns-keygen now checks key sizes for rfc conformancy
462 * ldns-signzone outputs SSL error if present
463 * Fixed manpages (thanks to Ondrej Sury)
464 * Fixed Makefile for -j <x>
465 * Fixed a $ORIGIN error when reading zones
466 * Fixed another off-by-one error
469 * Fixed an offset error in rr comparison
470 * Fixed ldns-read-zone exit code
471 * Added check for availability of SHA256 hashing algorithm
472 * Fixed ldns-key2ds -2 argument
473 * Fixed $ORIGIN bug in .key files
474 * Output algorithms as an integer instead of their mnemonic
475 * Fixed a memory leak in dnssec code when SHA256 is not available
476 * Updated fedora .spec file
479 * canonicalization of rdata in DNSSEC functions now adheres to the
480 rr type list in rfc3597, not rfc4035, which will be updated
481 (see http://www.ops.ietf.org/lists/namedroppers/namedroppers.2007/msg00183.html)
482 * ldns-walk now support dnames with maximum label length
483 * ldnsd now takes an extra argument containing the address to listen on
484 * signing no longer signs every rrset with KSK's, but only the DNSKEY rrset
485 * ported to Solaris 10
486 * added ldns_send_buffer() function
487 * added ldns-testpkts fake packet server
488 * added ldns-notify to send NOTIFY packets
489 * ldns-dpa can now accurately calculate the number of matches per
491 * libtool is now used for compilation too (still gcc, but not directly)
493 - TSIG signing buffer size
494 - resolv.conf reading (comments)
495 - dname comparison off by one error
496 - typo in keyfetchers output file name fixed (a . too much)
497 - fixed zone file parser when comments contain ( or )
502 * drill prints error on failed axfr.
503 * drill now accepts mangled packets with -f
504 * old -c option (use tcp) changed to -t
505 * -c option to specify alternative resolv.conf file added
506 * feedback of signature chase improved
507 * chaser now stops at root when no trusted keys are found
508 instead of looping forever trying to find the DS for .
510 - wildcard on multiple labels signature verification
511 - error in -f packet writing for malformed packets
512 - made KSK check more resilient
514 7 Jul 2006: 1.1.0: ldns-team
515 * Added tutorials and an introduction to the documentation
516 * Added include/ and lib/ dirs so that you can compile against ldns
517 without installing ldns on your system
519 * Starting usage of assert throughout the library to catch illegal calls
520 * Solaris 9 testing was carried out. Ldns now compiles on that
521 platform; some gnuism were identified and fixed.
522 * The ldns_zone structure was stress tested. The current setup
523 (ie. just a list of rrs) can scale to zone file in order of
524 megabytes. Sorting such zone is still difficult.
525 * Reading multiline b64 encoded rdata works.
526 * OpenSSL was made optional, configure --without-ssl.
527 Ofcourse all dnssec/tsig related functions are disabled
528 * Building of examples and drill now happens with the same
529 defines as the building of ldns itself.
530 * Preliminary sha-256 support was added. Currently is your
531 OpenSSL supports it, it is supported in the DS creation.
532 * ldns_resolver_search was implemented
533 * Fixed a lot of bugs
536 * -r was killed in favor of -o <header bit mnemonic> which
537 allows for a header bits setting (and maybe more in the
539 * DNSSEC is never automaticaly set, even when you query
540 for DNSKEY/RRSIG or DS.
541 * Implement a crude RTT check, it now distinguishes between
542 reachable and unreachable.
543 * A form of secure tracing was added
544 * Secure Chasing has been improved
545 * -x does a reverse lookup for the given IP address
548 * ldns-dpa was added to the examples - this is the Dns Packet
550 * ldnsd - as very, very simple nameserver impl.
551 * ldns-zsplit - split zones for parrallel signing
552 * ldns-zcat - cat split zones back together
553 * ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong,
554 non-DNSSEC) anti-spoofing techniques.
555 * ldns-walk - 'Walks' a DNSSEC signed zone
556 * Added an all-static target to the makefile so you can use examples
557 without installing the library
558 * When building in the source tree or in a direct subdirectory of
559 the build dir, configure does not need --with-ldns=../ anymore
562 * All networking code was moved to net.c
563 * rdata.c: added asserts to the rdf set/get functions
564 * const keyword was added to pointer arguments that
569 * renamed ldns/dns.h to ldns/ldns.h
570 * ldns_rr_new_frm_str() is extented with an extra variable which
571 in common use may be NULL. This trickles through to:
573 o ldns_rr_new_frm_fp_l
574 Which also get an extra variable
575 Also the function has been changed to return a status message.
576 The compiled RR is returned in the first argument.
577 * ldns_zone_new_frm_fp_l() and ldns_zone_new_frm_fp() are
578 changed to return a status msg.
579 * ldns_key_new_frm_fp is changed to return ldns_status and
580 the actual key list in the first argument
581 * ldns_rdata_new_frm_fp[_l]() are changed to return a status.
582 the rdf is return in the first argument
583 * ldns_resolver_new_frm_fp: same treatment: return status and
584 the new resolver in the first argument
585 * ldns_pkt_query_new_frm_str(): same: return status and the
586 packet in the first arg
587 * tsig.h: internal used functions are now static:
588 ldns_digest_name and ldns_tsig_mac_new
589 * ldns_key_rr2ds has an extra argument to specify the hash to
591 * ldns_pkt_rcode() is renamed to ldns_pkt_get_rcode, ldns_pkt_rcode
592 is now the rcode type, like ldns_pkt_opcode
594 * ldns_resolver_searchlist_count: return the searchlist counter
595 * ldns_zone_sort: Sort a zone
596 * ldns_bgsend(): background send, returns a socket.
597 * ldns_pkt_empty(): check is a packet is empty
598 * ldns_rr_list_pop_rr_list(): pop multiple rr's from another rr_list
599 * ldns_rr_list_push_rr_list(): push multiple rr's to an rr_list
600 * ldns_rr_list_compare(): compare 2 ldns_rr_lists
601 * ldns_pkt_push_rr_list: rr_list equiv for rr
602 * ldns_pkt_safe_push_rr_list: rr_list equiv for rr
604 * ldns_resolver_bgsend(): was not used in 1.0.0 and is not used now
605 * ldns_udp_server_connect(): was faulty and isn't really part of
606 the core ldns idea any how.
607 * ldns_rr_list_insert_rr(): obsoleted, because not used.
608 * char *_when was removed from the ldns_pkt structure
610 18 Oct 2005: 1.0.0: ldns-team
611 * Commited a patch from Håkan Olsson
612 * Added UPDATE support (Jakob Schlyter and Håkan Olsson)
613 * License change: ldns is now BSD licensed
614 * ldns now depends on SSL
615 * Networking code cleanup, added (some) server udp/tcp support
616 * A zone type is introduced. Currently this is a list
617 of RRs, so it will not scale well.
618 * [beta] Zonefile parsing was added
619 * [tools] Drill was added to ldns - see drill/
620 * [tools] experimental signer was added
621 * [building] better check for ssl
622 * [building] major revision of build system
623 * [building] added rpm .spec in packaging/ (thanks to Paul Wouters)
624 * [building] A lot of cleanup in the build scripts (thanks to Jakob Schlyter
627 28 Jul 2005: 0.70: ldns-team
628 * [func] ldns_pkt_get_section now returns copies from the rrlists
629 in the packet. This can be freed by the user program
630 * [code] added ldns_ prefixes to function from util.h
631 * [inst] removed documentation from default make install
632 * Usual fixes in documentation and code
634 20 Jun 2005: 0.66: ldns-team
635 Rel. Focus: drill-pre2 uses some functions which are
637 * dnssec_cd bit function was added
638 * Zone infrastructure was added
639 * Usual fixes in documentation and code
641 13 Jun 2005: 0.65: ldns-team
642 * Repository is online at:
643 http://www.nlnetlabs.nl/ldns/svn/
644 * Apply reference copying throuhgout ldns, except in 2
645 places in the ldns_resolver structure (._domain and
647 * Usual array of bugfixes
648 * Documentation added
649 * keygen.c added as an example for DNSSEC programming
651 23 May 2005: 0.60: ldns-team
652 * Removed config.h from the header installed files
653 (you're not supposed to include that in a libary)
655 - DNSSEC signing/verification works
656 - Assorted bug fixes and tweaks (memory management)
658 May 2005: 0.50: ldns-team
659 * First usable release
660 * Basic DNS functionality works
661 * DNSSEC validation works