1 --- 9.5.2-P1 released ---
3 2772. [security] When validating, track whether pending data was from
4 the additional section or not and only return it if
5 validates as secure. [RT #20438]
9 2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
12 2678. [func] Treat DS queries as if "minimal-response yes;"
15 2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
18 --- 9.5.2rc1 released ---
20 2672. [bug] Don't enable searching in 'host' when doing reverse
23 2670. [bug] Unexpected connect failures failed to log enough
24 information to be useful. [RT #20205]
26 2663. [func] win32: allow named to run as a service using
27 "NT AUTHORITY\LocalService" as the account. [RT #19977]
29 2656. [func] win32: add a "tools only" check box to the installer
30 which causes it to only install dig, host, nslookup,
31 nsupdate and relevent dlls. [RT #19998]
33 2655. [doc] Document that key-directory does not affect
36 --- 9.5.2b1 released ---
38 2649. [bug] Set the domain for forward only zones. [RT #19944]
40 2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
42 2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
44 2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
45 which default to 64 bits. [RT #19927]
47 2642. [bug] nsupdate could dump core on solaris when reading
48 improperly formatted key files. [RT #20015]
50 2640. [security] A specially crafted update packet will cause named
53 2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
56 2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
59 2633. [bug] Handle 15 bit rand() functions. [RT #19783]
61 2632. [func] util/kit.sh: warn if documentation appears to be out of
64 2623. [bug] Named started seaches for DS non-optimally. [RT #19915]
66 2621. [doc] Made copyright boilterplate consistent. [RT #19833]
68 2920. [bug] Delay thawing the zone until the reload of it has
69 completed successfully. [RT #19750]
71 2618. [bug] The sdb and sdlz db_interator_seek() methods could
72 loop infinitely. [RT #19847]
74 2617. [bug] ifconfig.sh failed to emit an error message when
75 run from the wrong location. [RT #19375]
77 2616. [bug] 'host' used the nameservers from resolv.conf even
78 when a explicit nameserver was specified. [RT #19852]
80 2615. [bug] "__attribute__((unused))" was in the wrong place
81 for ia64 gcc builds. [RT #19854]
83 2614. [port] win32: 'named -v' should automatically be executed
84 in the foreground. [RT #19844]
86 2610. [port] sunos: Change #2363 was not complete. [RT #19796]
88 2606. [bug] "delegation-only" was not being accepted in
89 delegation-only type zones. [RT #19717]
91 2605. [bug] Accept DS responses from delegation only zones.
94 2603. [port] win32: handle .exe extension of named-checkzone and
95 named-comilezone argv[0] names under windows.
98 2602. [port] win32: fix debugging command line build of libisccfg.
101 2599. [bug] Address rapid memory growth when validation fails.
104 2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
105 long, leading to inefficient memory usage or rejecting
106 newer cache entries in the worst case. [RT #19563]
108 2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
110 2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
112 2591. [bug] named could die when processing a update in
113 removed_orphaned_ds(). [RT #19507]
115 2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
118 2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
121 2585. [bug] Uninitialized socket name could be referenced via a
122 statistics channel, triggering an assertion failure in
123 XML rendering. [RT #19427]
125 2584. [bug] alpha: gcc optimization could break atomic operations.
128 2583. [port] netbsd: provide a control to not add the compile
129 date to the version string, -DNO_VERSION_DATE.
131 2582. [bug] Don't emit warning log message when we attempt to
132 remove non-existant journal. [RT #19516]
134 2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
135 Requires MySQL 5.0.19 or later. [RT #19084]
137 2580. [bug] UpdateRej statistics counter could be incremented twice
138 for one rejection. [RT #19476]
140 2579. [bug] DNSSEC lookaside validation failed to handle unknown
141 algorithms. [RT #19479]
143 2577. [doc] Clarified some statistics counters. [RT #19454]
145 2573. [bug] Replacing a non-CNAME record with a CNAME record in a
146 single transaction in a signed zone failed. [RT #19397]
148 2568. [bug] Report when the write to indicate a otherwise
149 successful start fails. [RT #19360]
151 2567. [bug] dst__privstruct_writefile() could miss write errors.
152 write_public_key() could miss write errors.
155 2564. [bug] Only take EDNS fallback steps when processing timeouts.
158 2563. [bug] Dig could leak a socket causing it to wait forever
161 2562. [doc] ARM: miscellaneous improvements, reorganization,
162 and some new content.
164 2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
166 2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
168 2557. [cleanup] PCI compliance:
169 * new libisc log module file
170 * isc_dir_chroot() now also changes the working
173 * additional logging when files can't be removed.
175 2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
177 2552. [bug] zero-no-soa-ttl-cache was not being honoured.
180 2551. [bug] Potential Reference leak on return. [RT #19341]
182 2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
185 2549. [port] linux: define NR_OPEN if not currently defined.
188 2547. [bug] openssl_link.c:mem_realloc() could reference an
189 out-of-range area of the source buffer. New public
190 function isc_mem_reallocate() was introduced to address
191 this bug. [RT #19313]
193 2545. [doc] ARM: Legal hostname checking (check-names) is
194 for SRV RDATA too. [RT #19304]
196 2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
198 2542. [doc] Update the description of dig +adflag. [RT #19290]
200 2541. [bug] Conditionally update dispatch manager statistics.
203 2539. [security] Update the interaction between recursion, allow-query,
204 allow-query-cache and allow-recursion. [RT #19198]
206 2538. [bug] cache/ADB memory could grow over max-cache-size,
207 especially with threads and smaller max-cache-size
210 2537. [experimental] Added more statistics counters including those on socket
211 I/O events and query RTT histograms. [RT #18802]
213 2536. [cleanup] Silence some warnings when -Werror=format-security is
214 specified. [RT #19083]
216 2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
218 2532. [bug] dig: check the question section of the response to
219 see if it matches the asked question. [RT #18495]
221 2531. [bug] Change #2207 was incomplete. [RT #19098]
223 2529. [cleanup] Upgrade libtool to silence complaints from recent
224 version of autoconf. [RT #18657]
226 2528. [cleanup] Silence spurious configure warning about
227 --datarootdir [RT #19096]
229 2527. [bug] named could reuse cache on reload with
230 enabling/disabling validation. [RT #19119]
232 2525. [experimental] New logging category "query-errors" to provide detailed
233 internal information about query failures, especially
234 about server failures. [RT #19027]
236 2523. [bug] Random type rdata freed by dns_nsec_typepresent().
239 2522. [security] Handle -1 from DSA_do_verify().
241 2521. [bug] Improve epoll cross compilation support. [RT #19047]
243 2519. [bug] dig/host with -4 or -6 didn't work if more than two
244 nameserver addresses of the excluded address family
245 preceded in resolv.conf. [RT #19081]
247 2517. [bug] dig +trace with -4 or -6 failed when it chose a
248 nameserver address of the excluded address type.
251 2516. [bug] glue sort for responses was performed even when not
254 2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
255 a nameserver of the excluded address family.
258 2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
261 2506. [port] solaris: Check at configure time if
262 hack_shutup_pthreadonceinit is needed. [RT #19037]
264 2505. [port] Treat amd64 similarly to x86_64 when determining
265 atomic operation support. [RT #19031]
267 2503. [port] linux: improve compatibility with Linux Standard
270 2502. [cleanup] isc_radix: Improve compliance with coding style,
271 document function in <isc/radix.h>. [RT #18534]
273 2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
274 function. [RT #18582]
276 2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
279 --- 9.5.1 released ---
281 2520. [bug] Update xml statistics version number to 2.0 as change
282 #2388 made the schema incompatible to the previous
285 --- 9.5.1rc2 released ---
287 2513 [bug] Fix windows cli build. [RT #19062]
289 2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
292 2509. [bug] Specifying a fixed query source port was broken.
295 2504. [bug] Address race condition in the socket code. [RT #18899]
297 --- 9.5.1rc1 released ---
299 2498. [bug] Removed a bogus function argument used with
300 ISC_SOCKET_USE_POLLWATCH: it could cause compiler
301 warning or crash named with the debug 1 level
302 of logging. [RT #18917]
304 2496. [bug] Add sanity length checks to NSID option. [RT #18813]
306 2495. [bug] Tighten RRSIG checks. [RT #18795]
308 2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
309 installed. [RT #18826]
311 2493. [bug] The linux capabilites code was not correctly cleaning
312 up after itself. [RT #18767]
314 2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
315 is cleared when IPV6_V6ONLY is set. [RT #18785]
317 2489. [port] solaris: Workaround Solaris's kernel bug about
319 http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
320 Define ISC_SOCKET_USE_POLLWATCH at build time to enable
321 this workaround. [RT #18870]
323 2487. [bug] Give TCP connections longer to complete. [RT #18675]
325 2485. [bug] Change update's the handling of obscured RRSIG
326 records. Not all orphand DS records were being
329 2482. [port] libxml2: support versions 2.7.* in addition
330 to 2.6.*. [RT #18806]
332 2479. [bug] xfrout:covers was not properly initalized. [RT #18801]
334 2478. [bug] 'addresses' could be used uninitalized in
335 configure_forward(). [RT #18800]
337 2476. [doc] ARM: improve documentation for max-journal-size and
338 ixfr-from-differences. [RT #15909] [RT #18541]
340 --- 9.5.1b3 released ---
342 2475. [bug] LRU cache cleanup under overmem condition could purge
343 particular entries more aggressively. [RT #17628]
345 2474. [bug] ACL structures could be allocated with insufficient
346 space, causing an array overrun. [RT #18765]
348 2473. [port] linux: raise the limit on open files to the possible
349 maximum value before spawning threads; 'files'
350 specified in named.conf doesn't seem to work with
351 threads as expected. [RT #18784]
353 2472. [port] linux: check the number of available cpu's before
354 calling chroot as it depends on "/proc". [RT #16923]
356 2471. [bug] named-checkzone was not reporting missing mandatory
357 glue when sibling checks were disabled. [RT #18768]
359 2470. [bug] Elements of the isc_radix_node_t could be incorrectly
360 overwritten. [RT# 18719]
362 2469. [port] solaris: Work around Solaris's select() limitations.
365 2468. [bug] Resolver could try unreachable servers multiple times.
368 2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
370 2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
373 2465. [bug] Adb's handling of lame addresses was different
374 for IPv4 and IPv6. [RT #18738]
376 2464. [port] linux: check that a capability is present before
377 trying to set it. [RT #18135]
379 2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
380 API and glibc hides parts of the IPv6 Advanced Socket
381 API as a result. This is stupid as it breaks how the
382 two halves (Basic and Advanced) of the IPv6 Socket API
383 were designed to be used but we have to live with it.
384 Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
387 2462. [doc] Document -m (enable memory usage debugging)
388 option for dig. [RT #18757]
390 2461. [port] sunos: Change #2363 was not complete. [RT #17513]
392 2458. [doc] ARM: update and correction for max-cache-size.
395 2457. [tuning] max-cache-size is reverted to 0, the previous
396 default. It should be safe because expired cache
397 entries are also purged. [RT #18684]
399 2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
400 address, regardless of family. They now correctly
401 distinguish IPv4 from IPv6. [RT #18559]
403 2455. [bug] Stop metadata being transferred via axfr/ixfr.
406 2453. [bug] Remove NULL pointer dereference in dns_journal_print().
409 2451. [port] solaris: handle runtime linking better. [RT #18356]
411 2449. [bug] libbind: Out of bounds reference in dns_ho.c:addrsort.
414 2445. [doc] ARM out-of-date on empty reverse zones (list includes
415 RFC1918 address, but these are not yet compiled in).
418 2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
419 (clear DF) for UDP responses and requests.
421 2387. [bug] Silence compiler warnings in lib/isc/radix.c.
422 [RT #18147] [RT #18258]
424 2369. [bug] libbind: Array bounds overrun on read in bitncmp().
427 --- 9.5.1b2 released ---
429 2443. [bug] win32: UDP connect() would not generate an event,
430 and so connected UDP sockets would never clean up.
431 Fix this by doing an immediate WSAConnect() rather
432 than an io completion port type for UDP.
434 2442. [bug] A lock could be destroyed twice. [RT# 18626]
436 2441. [bug] isc_radix_insert() could copy radix tree nodes
437 incompletely. [RT #18573]
439 2440. [bug] named-checkconf used an incorrect test to determine
440 if an ACL was set to none.
442 2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
445 2438. [bug] Timeouts could be logged incorrectly under win32.
448 2437. [bug] Sockets could be closed too early, leading to
449 inconsistent states in the socket module. [RT #18298]
451 2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
453 2435. [bug] Fixed an ACL memory leak affecting win32.
455 2434. [bug] Fixed a minor error-reporting bug in
456 lib/isc/win32/socket.c.
458 2433. [tuning] Set initial timeout to 800ms.
460 2432. [bug] More Windows socket handling improvements. Stop
461 using I/O events and use IO Completion Ports
462 throughout. Rewrite the receive path logic to make
463 it easier to support multiple simultaneous
464 requesters in the future. Add stricter consistency
465 checking as a compile-time option (define
466 ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
468 2431. [bug] Acl processing could leak memory. [RT #18323]
470 2430. [bug] win32: isc_interval_set() could round down to
471 zero if the input was less than NS_INTERVAL
472 nanoseconds. Round up instead. [RT #18549]
474 2429. [doc] nsupdate should be in section 1 of the man pages.
477 2428. [bug] dns_iptable_merge() mishandled merges of negative
480 2426. [bug] libbind: inet_net_pton() can sometimes return the
481 wrong value if excessively large net masks are
482 supplied. [RT #18512]
484 2425. [bug] named didn't detect unavailable query source addresses
485 at load time. [RT #18536]
487 2424. [port] configure now probes for a working epoll
488 implementation. Allow the use of kqueue,
489 epoll and /dev/poll to be selected at compile
492 2422. [bug] Handle the special return value of a empty node as
493 if it was a NXRRSET in the validator. [RT #18447]
495 2421. [func] Add new command line option '-S' for named to specify
496 the max number of sockets. [RT #18493]
497 Use caution: this option may not work for some
498 operating systems without rebuilding named.
500 2420. [bug] Windows socket handling cleanup. Let the io
501 completion event send out cancelled read/write
502 done events, which keeps us from writing to memory
503 we no longer have ownership of. Add debugging
504 socket_log() function. Rework TCP socket handling
507 2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
508 should not be used for isc_sockettype_fdwatch sockets.
511 2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
514 2417. [bug] Connecting UDP sockets for outgoing queries could
515 unexpectedly fail with an 'address already in use'
518 2416. [func] Log file descriptors that cause exceeding the
519 internal maximum. [RT #18460]
521 2415. [bug] 'rndc dumpdb' could trigger various assertion failures
522 in rbtdb.c. [RT #18455]
524 2414. [bug] A masterdump context held the database lock too long,
525 causing various troubles such as dead lock and
526 recursive lock acquisition. [RT #18311, #18456]
528 2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
530 2412. [bug] win32: address a resourse leak. [RT #18374]
532 2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
533 for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
534 at compilation time. [RT #18433]
536 Note: with changes #2469 and #2421 above, there is no
537 need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
540 2410. [bug] Correctly delete m_versionInfo. [RT #18432]
542 2409. [bug] Only log that we disabled EDNS processing if we were
543 subsequently successful. [RT #18029]
545 2408. [bug] A duplicate TCP dispatch event could be sent, which
546 could then trigger an assertion failure in
547 resquery_response(). [RT #18275]
549 2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
551 2405. [cleanup] The default value for dnssec-validation was changed to
552 "yes" in 9.5.0-P1 and all subsequent releases; this
553 was inadvertently omitted from CHANGES at the time.
555 2404. [port] hpux: files unlimited support.
557 2403. [bug] TSIG context leak. [RT #18341]
559 2402. [port] Support Solaris 2.11 and over. [RT #18362]
561 2401. [bug] Expect to get E[MN]FILE errno internal_accept()
562 (from accept() or fcntl() system calls). [RT #18358]
564 2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
567 2398. [bug] Improve file descriptor management. New,
568 temporary, named.conf option reserved-sockets,
569 default 512. [RT #18344]
571 2397. [bug] gssapi_functions bad declaration. [RT #18355]
573 2396. [bug] Don't set SO_REUSEADDR for randomized ports.
576 2395. [port] Avoid warning and no effect from "files unlimited"
577 on Linux when running as root. [RT #18335]
579 2394. [bug] Default configuration options set the limit for
580 open files to 'unlimited' as described in the
581 documentation. [RT #18331]
583 2393. [bug] nested acls containing keys could trigger an
584 assertion in acl.c. [RT #18166]
586 2392. [bug] remove 'grep -q' from acl test script, some platforms
587 don't support it. [RT #18253]
589 2391. [port] hpux: cover additional recvmsg() error codes.
592 2390. [bug] dispatch.c could make a false warning on 'odd socket'.
595 2389. [bug] Move the "working directory writable" check to after
596 the ns_os_changeuser() call. [RT #18326]
598 2388. [bug] Avoid using tables for layout purposes in
599 statistics XSL [RT #18159].
601 2386. [func] Add warning about too small 'open files' limit.
604 --- 9.5.1b1 released ---
606 2385. [bug] A condition variable in socket.c could leak in
607 rare error handling [RT #17968].
609 2384. [security] Additional support for query port randomization (change
610 #2375) including performance improvement and port range
611 specification. [RT #17949, #18098]
613 2383. [bug] named could double queries when they resulted in
614 SERVFAIL due to overkilling EDNS0 failure detection.
617 2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
620 2381. [port] dlz/mysql: support multiple install layouts for
621 mysql. <prefix>/include/{,mysql/}mysql.h and
622 <prefix>/lib/{,mysql/}. [RT #18152]
624 2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
625 proofs which, in turn, caused validation failures
626 for insecure zones immediately below a secure zone
627 the server was authoritative for. [RT #18112]
629 2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
630 TLDs and supported RRs with TTLs [RT #17972]
632 2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
635 2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
637 2376. [bug] Change #2144 was not complete.
639 2375. [security] Fully randomize UDP query ports to improve
640 forgery resilience. [RT #17949]
642 2373. [bug] Default values of zone ACLs were re-parsed each time a
643 new zone was configured, causing an overconsumption
644 of memory. [RT #18092]
646 --- 9.5.0 released ---
648 2374. [bug] "blackhole" ACLs could cause named to segfault due
649 to some uninitialized memory. [RT #18095]
651 2372. [bug] fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
653 2371. [doc] add +nsid option to dig man page. [RT #18039]
655 2370. [bug] "rndc freeze" could trigger an assertion in named
656 when called on a nonexistent zone. [RT #18050]
658 --- 9.5.0rc1 released ---
660 2368. [port] Linux: use libcap for capability management if
661 possible. [RT# 18026]
663 2367. [bug] Improve counting of dns_resstatscounter_retry
666 2366. [bug] Adb shutdown race. [RT #18021]
668 2365. [bug] Fix a bug that caused dns_acl_isany() to return
669 spurious results. [RT #18000]
671 2364. [bug] named could trigger an assertion when serving a
672 malformed signed zone. [RT #17828]
674 2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
677 2362. [cleanup] Make "rrset-order fixed" a compile-time option.
678 settable by "./configure --enable-fixed-rrset".
679 Disabled by default. [RT #17977]
681 2361. [bug] "recursion" statistics counter could be counted
682 multiple times for a single query. [RT #17990]
684 --- 9.5.0b3 released ---
686 2360. [bug] Fix a condition where we release a database version
687 (which may acquire a lock) while holding the lock.
689 2359. [bug] Fix NSID bug. [RT #17942]
691 2358. [doc] Update host's default query description. [RT #17934]
693 2356. [bug] Built in mutex profiler was not scalable enough.
696 2355. [func] Extend the number statistics counters available.
699 2354. [bug] Failed to initialize some rdatasetheader_t elements.
702 2353. [func] Add support for Name Server ID (RFC 5001).
703 'dig +nsid' requests NSID from server.
704 'request-nsid yes;' causes recursive server to send
705 NSID requests to upstream servers. Server responds
706 to NSID requests with the string configured by
707 'server-id' option. [RT #17091]
709 2352. [bug] Various GSS_API fixups. [RT #17729]
711 2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
713 2350. [port] win32: IPv6 support. [RT #17797]
715 2347. [bug] Delete now traverses the RB tree in the canonical
718 2346. [func] Memory statistics now cover all active memory contexts
719 in increased detail. [RT #17580]
721 2345. [bug] named-checkconf failed to detect when forwarders
722 were set at both the options/view level and in
723 a root zone. [RT #17671]
725 2344. [bug] Improve "logging{ file ...; };" documentation.
728 2343. [bug] (Seemingly) duplicate IPv6 entries could be
729 created in ADB. [RT #17837]
731 2341. [bug] libbind: add missing -I../include for off source
732 tree builds. [RT #17606]
734 2340. [port] openbsd: interface configuration. [RT #17700]
736 2339. [port] tru64: support for libbind. [RT #17589]
738 2338. [bug] check_ds() could be called with a non DS rdataset.
741 2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
743 2335. [port] sunos: libbind and *printf() support for long long.
746 2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
747 bug in fromstruct_txt(). [RT #17609]
749 2333. [bug] Fix off by one error in isc_time_nowplusinterval().
752 2332. [contrib] query-loc-0.4.0. [RT #17602]
754 2331. [bug] Failure to regenerate any signatures was not being
755 reported nor being past back to the UPDATE client.
758 2330. [bug] Remove potential race condition when handling
759 over memory events. [RT #17572]
761 WARNING: API CHANGE: over memory callback
762 function now needs to call isc_mem_waterack().
763 See <isc/mem.h> for details.
765 2329. [bug] Clearer help text for dig's '-x' and '-i' options.
767 2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
768 F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
769 J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
772 2327. [bug] It was possible to dereference a NULL pointer in
773 rbtdb.c. Implement dead node processing in zones as
774 we do for caches. [RT #17312]
776 2326. [bug] It was possible to trigger a INSIST in the acache
779 2325. [port] Linux: use capset() function if available. [RT #17557]
781 --- 9.5.0b2 released ---
783 2324. [bug] Fix IPv6 matching against "any;". [RT #17533]
785 2323. [port] tru64: namespace clash. [RT #17547]
787 2322. [port] MacOS: work around the limitation of setrlimit()
788 for RLIMIT_NOFILE. [RT #17526]
790 2320. [func] Make statistics counters thread-safe for platforms
791 that support certain atomic operations. [RT #17466]
793 2319. [bug] Silence Coverity warnings in
794 lib/dns/rdata/in_1/apl_42.c. [RT #17469]
796 2318. [port] sunos fixes for libbind. [RT #17514]
798 2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
800 2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
803 2315. [bug] Used incorrect address family for mapped IPv4
804 addresses in acl.c. [RT #17519]
806 2314. [bug] Uninitialized memory use on error path in
807 bin/named/lwdnoop.c. [RT #17476]
809 2313. [cleanup] Silence Coverity warnings. Handle private stacks.
810 [RT #17447] [RT #17478]
812 2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
815 2311. [bug] IPv6 addresses could match IPv4 ACL entries and
816 vice versa. [RT #17462]
818 2310. [bug] dig, host, nslookup: flush stdout before emitting
819 debug/fatal messages. [RT #17501]
821 2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
824 2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
827 2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
829 2306. [bug] Remove potential race from lib/dns/resolver.c.
832 2305. [security] inet_network() buffer overflow. CVE-2008-0122.
834 2304. [bug] Check returns from all dns_rdata_tostruct() calls.
837 2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
840 2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
842 2301. [bug] Remove resource leak and fix error messages in
843 bin/tests/system/lwresd/lwtest.c. [RT #17474]
845 2300. [bug] Fixed failure to close open file in
846 bin/tests/names/t_names.c. [RT #17473]
848 2299. [bug] Remove unnecessary NULL check in
849 bin/nsupdate/nsupdate.c. [RT #17475]
851 2298. [bug] isc_mutex_lock() failure not caught in
852 bin/tests/timers/t_timers.c. [RT #17468]
854 2297. [bug] isc_entropy_createfilesource() failure not caught in
855 bin/tests/dst/t_dst.c. [RT #17467]
857 2296. [port] Allow docbook stylesheet location to be specified to
858 configure. [RT #17457]
860 2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
863 2294. [func] Allow the experimental statistics channels to have
864 multiple connections and ACL.
865 Note: the stats-server and stats-server-v6 options
866 available in the previous beta releases are replaced
867 with the generic statistics-channels statement.
869 2293. [func] Add ACL regression test. [RT #17375]
871 2292. [bug] Log if the working directory is not writable.
874 2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
875 failure to set PR_SET_DUMPABLE. [RT #17312]
877 2290. [bug] Let AD in the query signal that the client wants AD
878 set in the response. [RT #17301]
880 2288. [port] win32: mark service as running when we have finished
883 2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
885 2284. [bug] Memory leak in UPDATE prerequisite processing.
888 2283. [bug] TSIG keys were not attaching to the memory
889 context. TSIG keys should use the rings
890 memory context rather than the clients memory
893 2282. [bug] Acl code fixups. [RT #17346] [RT #17374]
895 2281. [bug] Attempts to use undefined acls were not being logged.
898 2280. [func] Allow the experimental http server to be reached
899 over IPv6 as well as IPv4. [RT #17332]
901 2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
902 to protect applications from receiving spurious
903 SIGPIPE signals when using the resolver.
905 2278. [bug] win32: handle the case where Windows returns no
906 search list or DNS suffix. [RT #17354]
908 2277. [bug] Empty zone names were not correctly being caught at
909 in the post parse checks. [RT #17357]
911 2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
913 2275. [func] Add support to dig to perform IXFR queries over UDP.
916 2274. [func] Log zone transfer statistics. [RT #17336]
918 2273. [bug] Adjust log level to WARNING when saving inconsistent
919 stub/slave master and journal files. [RT# 17279]
921 2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
924 2271. [bug] Fix a memory leak in http server code [RT #17100]
926 2270. [bug] dns_db_closeversion() version->writer could be reset
927 before it is tested. [RT #17290]
929 2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
931 2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
934 --- 9.5.0b1 released ---
936 2267. [bug] Radix tree node_num value could be set incorrectly,
937 causing positive ACL matches to look like negative
940 2266. [bug] client.c:get_clientmctx() returned the same mctx
941 once the pool of mctx's was filled. [RT #17218]
943 2265. [bug] Test that the memory context's basic_table is non NULL
944 before freeing. [RT #17265]
946 2264. [bug] Server prefix length was being ignored. [RT #17308]
948 2263. [bug] "named-checkconf -z" failed to set default value
949 for "check-integrity". [RT #17306]
951 2262. [bug] Error status from all but the last view could be
954 2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
956 2260. [bug] Reported wrong clients-per-query when increasing the
961 --- 9.5.0a7 released ---
963 2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
966 2257. [bug] win32: Use the full path to vcredist_x86.exe when
967 calling it. [RT #17222]
969 2256. [bug] win32: Correctly register the installation location of
970 bindevt.dll. [RT #17159]
972 2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
974 2254. [bug] timer.c:dispatch() failed to lock timer->lock
975 when reading timer->idle allowing it to see
976 intermediate values as timer->idle was reset by
977 isc_timer_touch(). [RT #17243]
979 2253. [func] "max-cache-size" defaults to 32M.
980 "max-acache-size" defaults to 16M.
982 2252. [bug] Fixed errors in sortlist code [RT #17216]
986 2250. [func] New flag 'memstatistics' to state whether the
987 memory statistics file should be written or not.
988 Additionally named's -m option will cause the
989 statistics file to be written. [RT #17113]
991 2249. [bug] Only set Authentic Data bit if client requested
992 DNSSEC, per RFC 3655 [RT #17175]
994 2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
996 2247. [doc] Sort doc/misc/options. [RT #17067]
998 2246. [bug] Make the startup of test servers (ans.pl) more
1001 2245. [bug] Validating lack of DS records at trust anchors wasn't
1002 working. [RT #17151]
1004 2244. [func] Allow the check of nameserver names against the
1005 SOA MNAME field to be disabled by specifying
1006 'notify-to-soa yes;'. [RT #17073]
1008 2243. [func] Configuration files without a newline at the end now
1009 parse without error. [RT #17120]
1011 2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
1012 library could require a source of random data.
1015 2241. [func] nsupdate: add a interactive 'help' command. [RT #17099]
1017 2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
1018 a number of INSIST()s into plain fatal() errors
1019 which report the triggering result code.
1020 The 'key' command wasn't disabling GSS-TSIG.
1023 2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
1025 2238. [bug] It was possible to trigger a REQUIRE when a
1026 validation was canceled. [RT #17106]
1028 2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
1030 2236. [bug] dnssec-signzone failed to preserve the case of
1031 of wildcard owner names. [RT #17085]
1033 2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
1035 2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
1037 2233. [func] Add support for O(1) ACL processing, based on
1038 radix tree code originally written by Kevin
1039 Brintnall. [RT #16288]
1041 2232. [bug] dns_adb_findaddrinfo() could fail and return
1042 ISC_R_SUCCESS. [RT #17137]
1044 2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
1047 2230. [bug] We could INSIST reading a corrupted journal.
1050 2229. [bug] Null pointer dereference on query pool creation
1051 failure. [RT #17133]
1053 2228. [contrib] contrib: Change 2188 was incomplete.
1055 2227. [cleanup] Tidied up the FAQ. [RT #17121]
1059 2225. [bug] More support for systems with no IPv4 addresses.
1062 2224. [bug] Defer journal compaction if a xfrin is in progress.
1065 2223. [bug] Make a new journal when compacting. [RT #17119]
1067 2222. [func] named-checkconf now checks server key references.
1070 2221. [bug] Set the event result code to reflect the actual
1071 record turned to caller when a cache update is
1072 rejected due to a more credible answer existing.
1075 2220. [bug] win32: Address a race condition in final shutdown of
1076 the Windows socket code. [RT #17028]
1078 2219. [bug] Apply zone consistency checks to additions, not
1079 removals, when updating. [RT #17049]
1081 2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
1084 2217. [func] Adjust update log levels. [RT #17092]
1086 2216. [cleanup] Fix a number of errors reported by Coverity.
1089 2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
1091 2214. [bug] Deregister OpenSSL lock callback when cleaning
1092 up. Reorder OpenSSL cleanup so that RAND_cleanup()
1093 is called before the locks are destroyed. [RT #17098]
1095 2213. [bug] SIG0 diagnostic failure messages were looking at the
1096 wrong status code. [RT #17101]
1098 2212. [func] 'host -m' now causes memory statistics and active
1099 memory to be printed at exit. [RT 17028]
1101 2211. [func] Update "dynamic update temporarily disabled" message.
1104 2210. [bug] Deleting class specific records via UPDATE could
1107 2209. [port] osx: linking against user supplied static OpenSSL
1108 libraries failed as the system ones were still being
1111 2208. [port] win32: make sure both build methods produce the
1112 same output. [RT #17058]
1114 2207. [port] Some implementations of getaddrinfo() fail to set
1115 ai_canonname correctly. [RT #17061]
1117 --- 9.5.0a6 released ---
1119 2206. [security] "allow-query-cache" and "allow-recursion" now
1120 cross inherit from each other.
1122 If allow-query-cache is not set in named.conf then
1123 allow-recursion is used if set, otherwise allow-query
1124 is used if set, otherwise the default (localnets;
1125 localhost;) is used.
1127 If allow-recursion is not set in named.conf then
1128 allow-query-cache is used if set, otherwise allow-query
1129 is used if set, otherwise the default (localnets;
1130 localhost;) is used.
1134 2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
1136 2204. [bug] "rndc flushanme name unknown-view" caused named
1137 to crash. [RT #16984]
1139 2203. [security] Query id generation was cryptographically weak.
1142 2202. [security] The default acls for allow-query-cache and
1143 allow-recursion were not being applied. [RT #16960]
1145 2201. [bug] The build failed in a separate object directory.
1148 2200. [bug] The search for cached NSEC records was stopping to
1149 early leading to excessive DLV queries. [RT #16930]
1151 2199. [bug] win32: don't call WSAStartup() while loading dlls.
1154 2198. [bug] win32: RegCloseKey() could be called when
1155 RegOpenKeyEx() failed. [RT #16911]
1157 2197. [bug] Add INSIST to catch negative responses which are
1158 not setting the event result code appropriately.
1161 2196. [port] win32: yield processor while waiting for once to
1162 to complete. [RT #16958]
1164 2195. [func] dnssec-keygen now defaults to nametype "ZONE"
1165 when generating DNSKEYs. [RT #16954]
1167 2194. [bug] Close journal before calling 'done' in xfrin.c.
1169 --- 9.5.0a5 released ---
1171 2193. [port] win32: BINDInstall.exe is now linked statically.
1174 2192. [port] win32: use vcredist_x86.exe to install Visual
1175 Studio's redistributable dlls if building with
1176 Visual Stdio 2005 or later.
1178 2191. [func] named-checkzone now allows dumping to stdout (-).
1179 named-checkconf now has -h for help.
1180 named-checkzone now has -h for help.
1181 rndc now has -h for help.
1182 Better handling of '-?' for usage summaries.
1185 2190. [func] Make fallback to plain DNS from EDNS due to timeouts
1186 more visible. New logging category "edns-disabled".
1189 2189. [bug] Handle socket() returning EINTR. [RT #15949]
1191 2188. [contrib] queryperf: autoconf changes to make the search for
1192 libresolv or libbind more robust. [RT #16299]
1194 2187. [bug] query_addds(), query_addwildcardproof() and
1195 query_addnxrrsetnsec() should take a version
1196 argument. [RT #16368]
1198 2186. [port] cygwin: libbind: check for struct sockaddr_storage
1199 independently of IPv6. [RT #16482]
1201 2185. [port] sunos: libbind: check for ssize_t, memmove() and
1202 memchr(). [RT #16463]
1204 2184. [bug] bind9.xsl.h didn't build out of the source tree.
1207 2183. [bug] dnssec-signzone didn't handle offline private keys
1210 2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
1211 could return ISC_R_SUCCESS when they ran out of
1214 2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
1216 2180. [cleanup] Remove bit test from 'compress_test' as they
1217 are no longer needed. [RT #16497]
1219 2179. [func] 'rndc command zone' will now find 'zone' if it is
1220 unique to all the views. [RT #16821]
1222 2178. [bug] 'rndc reload' of a slave or stub zone resulted in
1223 a reference leak. [RT #16867]
1225 2177. [bug] Array bounds overrun on read (rcodetext) at
1226 debug level 10+. [RT #16798]
1228 2176. [contrib] dbus update to handle race condition during
1229 initialization (Bugzilla 235809). [RT #16842]
1231 2175. [bug] win32: windows broadcast condition variable support
1232 was broken. [RT #16592]
1234 2174. [bug] I/O errors should always be fatal when reading
1235 master files. [RT #16825]
1237 2173. [port] win32: When compiling with MSVS 2005 SP1 we also
1238 need to ship Microsoft.VC80.MFCLOC.
1240 --- 9.5.0a4 released ---
1242 2172. [bug] query_addsoa() was being called with a non zone db.
1245 2171. [bug] Handle breaks in DNSSEC trust chains where the parent
1246 servers are not DS aware (DS queries to the parent
1247 return a referral to the child).
1249 2170. [func] Add acache processing to test suite. [RT #16711]
1251 2169. [bug] host, nslookup: when reporting NXDOMAIN report the
1252 given name and not the last name searched for.
1255 2168. [bug] nsupdate: in non-interactive mode treat syntax errors
1256 as fatal errors. [RT #16785]
1258 2167. [bug] When re-using a automatic zone named failed to
1259 attach it to the new view. [RT #16786]
1261 --- 9.5.0a3 released ---
1263 2166. [bug] When running in batch mode, dig could misinterpret
1264 a server address as a name to be looked up, causing
1265 unexpected output. [RT #16743]
1267 2165. [func] Allow the destination address of a query to determine
1268 if we will answer the query or recurse.
1269 allow-query-on, allow-recursion-on and
1270 allow-query-cache-on. [RT #16291]
1272 2164. [bug] The code to determine how named-checkzone /
1273 named-compilezone was called failed under windows.
1276 2163. [bug] If only one of query-source and query-source-v6
1277 specified a port the query pools code broke (change
1280 2162. [func] Allow "rrset-order fixed" to be disabled at compile
1283 2161. [bug] Fix which log messages are emitted for 'rndc flush'.
1286 2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
1287 from getifaddrs(). [RT #16708]
1289 --- 9.5.0a2 released ---
1291 2159. [bug] Array bounds overrun in acache processing. [RT #16710]
1293 2158. [bug] ns_client_isself() failed to initialize key
1294 leading to a REQUIRE failure. [RT #16688]
1296 2157. [func] dns_db_transfernode() created. [RT #16685]
1298 2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
1299 resolver.c:validated() and resolver.c:cache_name().
1300 Fix a memory leak in rbtdb.c:free_noqname().
1301 Make lookup.c:lookup_find() robust against
1302 event leaks. [RT #16685]
1304 2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com.
1307 2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
1308 matched in acls by omitting the scope. [RT #16599]
1310 2153. [bug] nsupdate could leak memory. [RT #16691]
1312 2152. [cleanup] Use sizeof(buf) instead of fixed number in
1313 dighost.c:get_trusted_key(). [RT #16678]
1315 2151. [bug] Missing newline in usage message for journalprint.
1318 2150. [bug] 'rrset-order cyclic' uniformly distribute the
1319 starting point for the first response for a given
1322 2149. [bug] isc_mem_checkdestroyed() failed to abort on
1323 if there were still active memory contexts.
1326 2148. [func] Add positive logging for rndc commands. [RT #14623]
1328 2147. [bug] libbind: remove potential buffer overflow from
1329 hmac_link.c. [RT #16437]
1331 2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
1332 SO_BSDCOMPAT" message. [RT #16641]
1334 2145. [bug] Check DS/DLV digest lengths for known digests.
1337 2144. [cleanup] Suppress logging of SERVFAIL from forwarders.
1340 2143. [bug] We failed to restart the IPv6 client when the
1341 kernel failed to return the destination the
1342 packet was sent to. [RT #16613]
1344 2142. [bug] Handle master files with a modification time that
1345 matches the epoch. [RT# 16612]
1347 2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
1348 equivalent of LDH checks). [RT #16609]
1350 2140. [bug] libbind: missing unlock on pthread_key_create()
1351 failures. [RT #16654]
1353 2139. [bug] dns_view_find() was being called with wrong type
1354 in adb.c. [RT #16670]
1356 2138. [bug] Lock order reversal in resolver.c. [RT #16653]
1358 2137. [port] Mips little endian and/or mips 64 bit are now
1359 supported for atomic operations. [RT#16648]
1361 2136. [bug] nslookup/host looped if there was no search list
1362 and the host didn't exist. [RT #16657]
1364 2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
1366 2134. [func] Additional statistics support. [RT #16666]
1368 2133. [port] powerpc: Support both IBM and MacOS Power PC
1369 assembler syntaxes. [RT #16647]
1371 2132. [bug] Missing unlock on out of memory in
1372 dns_dispatchmgr_setudp().
1374 2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
1376 2130. [func] Log if CD or DO were set. [RT #16640]
1378 2129. [func] Provide a pool of UDP sockets for queries to be
1379 made over. See use-queryport-pool, queryport-pool-ports
1380 and queryport-pool-updateinterval. [RT #16415]
1382 2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
1384 2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
1386 2126. [security] Serialize validation of type ANY responses. [RT #16555]
1388 2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ
1389 was defined. [RT #16574]
1391 2124. [security] It was possible to dereference a freed fetch
1392 context. [RT #16584]
1394 --- 9.5.0a1 released ---
1396 2123. [func] Use Doxygen to generate internal documentation.
1399 2122. [func] Experimental http server and statistics support
1402 2121. [func] Add a 10 slot dead masters cache (LRU) with a 600
1403 second timeout. [RT #16553]
1405 2120. [doc] Fix markup on nsupdate man page. [RT #16556]
1407 2119. [compat] libbind: allow res_init() to succeed enough to
1408 return the default domain even if it was unable
1411 2118. [bug] Handle response with long chains of domain name
1412 compression pointers which point to other compression
1413 pointers. [RT #16427]
1415 2117. [bug] DNSSEC fixes: named could fail to cache NSEC records
1416 which could lead to validation failures. named didn't
1417 handle negative DS responses that were in the process
1418 of being validated. Check CNAME bit before accepting
1419 NODATA proof. To be able to ignore a child NSEC there
1420 must be SOA (and NS) set in the bitmap. [RT #16399]
1422 2116. [bug] 'rndc reload' could cause the cache to continually
1423 be cleaned. [RT #16401]
1425 2115. [bug] 'rndc reconfig' could trigger a INSIST if the
1426 number of masters for a zone was reduced. [RT #16444]
1428 2114. [bug] dig/host/nslookup: searches for names with multiple
1429 labels were failing. [RT #16447]
1431 2113. [bug] nsupdate: if a zone is specified it should be used
1432 for server discover. [RT# 16455]
1434 2112. [security] Warn if weak RSA exponent is used. [RT #16460]
1436 2111. [bug] Fix a number of errors reported by Coverity.
1439 2110. [bug] "minimal-responses yes;" interacted badly with BIND 8
1440 priming queries. [RT #16491]
1442 2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
1444 2108. [func] DHCID support. [RT #16456]
1446 2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
1448 2106. [func] 'rndc status' now reports named's version. [RT #16426]
1450 2105. [func] GSS-TSIG support (RFC 3645).
1452 2104. [port] Fix Solaris SMF error message.
1454 2103. [port] Add /usr/sfw to list of locations for OpenSSL
1457 2102. [port] Silence Solaris 10 warnings.
1459 2101. [bug] OpenSSL version checks were not quite right.
1462 2100. [port] win32: copy libeay32.dll to Build\Debug.
1463 Copy Debug\named-checkzone to Debug\named-compilezone.
1465 2099. [port] win32: more manifest issues.
1467 2098. [bug] Race in rbtdb.c:no_references(), which occasionally
1468 triggered an INSIST failure about the node lock
1469 reference. [RT #16411]
1471 2097. [bug] named could reference a destroyed memory context
1472 after being reloaded / reconfigured. [RT #16428]
1474 2096. [bug] libbind: handle applications that fail to detect
1475 res_init() failures better.
1477 2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
1478 net_cidr_ntop_ipv6(). [RT #16388]
1480 2094. [contrib] Update named-bootconf. [RT# 16404]
1482 2093. [bug] named-checkzone -s was broken.
1484 2092. [bug] win32: dig, host, nslookup. Use registry config
1485 if resolv.conf does not exist or no nameservers
1488 2091. [port] dighost.c: race condition on cleanup. [RT #16417]
1490 2090. [port] win32: Visual C++ 2005 command line manifest support.
1493 2089. [security] Raise the minimum safe OpenSSL versions to
1494 OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
1495 prior to these have known security flaws which
1496 are (potentially) exploitable in named. [RT #16391]
1498 2088. [security] Change the default RSA exponent from 3 to 65537.
1501 2087. [port] libisc failed to compile on OS's w/o a vsnprintf.
1504 2086. [port] libbind: FreeBSD now has get*by*_r() functions.
1507 2085. [doc] win32: added index.html and README to zip. [RT #16201]
1509 2084. [contrib] dbus update for 9.3.3rc2.
1511 2083. [port] win32: Visual C++ 2005 support.
1513 2082. [doc] Document 'cache-file' as a test only option.
1515 2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
1518 2080. [port] libbind: res_init.c did not compile on older versions
1519 of Solaris. [RT #16363]
1521 2079. [bug] The lame cache was not handling multiple types
1522 correctly. [RT #16361]
1524 2078. [bug] dnssec-checkzone output style "default" was badly
1525 named. It is now called "relative". [RT #16326]
1527 2077. [bug] 'dnssec-signzone -O raw' wasn't outputting the
1528 complete signed zone. [RT #16326]
1530 2076. [bug] Several files were missing #include <config.h>
1531 causing build failures on OSF. [RT #16341]
1533 2075. [bug] The spillat timer event hander could leak memory.
1536 2074. [bug] dns_request_createvia2(), dns_request_createvia3(),
1537 dns_request_createraw2() and dns_request_createraw3()
1538 failed to send multiple UDP requests. [RT #16349]
1540 2073. [bug] Incorrect semantics check for update policy "wildcard".
1543 2072. [bug] We were not generating valid HMAC SHA digests.
1546 2071. [port] Test whether gcc accepts -fno-strict-aliasing.
1549 2070. [bug] The remote address was not always displayed when
1550 reporting dispatch failures. [RT #16315]
1552 2069. [bug] Cross compiling was not working. [RT #16330]
1554 2068. [cleanup] Lower incremental tuning message to debug 1.
1557 2067. [bug] 'rndc' could close the socket too early triggering
1558 a INSIST under Windows. [RT #16317]
1560 2066. [security] Handle SIG queries gracefully. [RT #16300]
1562 2065. [bug] libbind: probe for HPUX prototypes for
1563 endprotoent_r() and endservent_r(). [RT 16313]
1565 2064. [bug] libbind: silence AIX compiler warnings. [RT #16218]
1567 2063. [bug] Change #1955 introduced a bug which caused the first
1568 'rndc flush' call to not free memory. [RT #16244]
1570 2062. [bug] 'dig +nssearch' was reusing a buffer before it had
1571 been returned by the socket code. [RT #16307]
1573 2061. [bug] Accept expired wildcard message reversed. [RT #16296]
1575 2060. [bug] Enabling DLZ support could leave views partially
1576 configured. [RT #16295]
1578 2059. [bug] Search into cache rbtdb could trigger an INSIST
1579 failure while cleaning up a stale rdataset.
1582 2058. [bug] Adjust how we calculate rtt estimates in the presence
1583 of authoritative servers that drop EDNS and/or CD
1584 requests. Also fallback to EDNS/512 and plain DNS
1585 faster for zones with less than 3 servers. [RT #16187]
1587 2057. [bug] Make setting "ra" dependent on both allow-query-cache
1588 and allow-recursion. [RT #16290]
1590 2056. [bug] dig: ixfr= was not being treated case insensitively
1591 at all times. [RT #15955]
1593 2055. [bug] Missing goto after dropping multicast query.
1596 2054. [port] freebsd: do not explicitly link against -lpthread.
1599 2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220]
1601 2052. [bug] 'rndc' improve connect failed message to report
1602 the failing address. [RT #15978]
1604 2051. [port] More strtol() fixes. [RT #16249]
1606 2050. [bug] Parsing of NSAP records was not case insensitive.
1609 2049. [bug] Restore SOA before AXFR when falling back from
1610 a attempted IXFR when transferring in a zone.
1611 Allow a initial SOA query before attempting
1612 a AXFR to be requested. [RT #16156]
1614 2048. [bug] It was possible to loop forever when using
1615 avoid-v4-udp-ports / avoid-v6-udp-ports when
1616 the OS always returned the same local port.
1619 2047. [bug] Failed to initialize the interface flags to zero.
1622 2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
1623 cleanup [RT #16247].
1625 2045. [func] Use lock buckets for acache entries to limit memory
1626 consumption. [RT #16183]
1628 2044. [port] Add support for atomic operations for Itanium.
1631 2043. [port] nsupdate/nslookup: Force the flushing of the prompt
1632 for interactive sessions. [RT#16148]
1634 2042. [bug] named-checkconf was incorrectly rejecting the
1635 logging category "config". [RT #16117]
1637 2041. [bug] "configure --with-dlz-bdb=yes" produced a bad
1638 set of libraries to be linked. [RT #16129]
1640 2040. [bug] rbtdb no_references() could trigger an INSIST
1641 failure with --enable-atomic. [RT #16022]
1643 2039. [func] Check that all buffers passed to the socket code
1644 have been retrieved when the socket event is freed.
1647 2038. [bug] dig/nslookup/host was unlinking from wrong list
1648 when handling errors. [RT #16122]
1650 2037. [func] When unlinking the first or last element in a list
1651 check that the list head points to the element to
1652 be unlinked. [RT #15959]
1654 2036. [bug] 'rndc recursing' could cause trigger a REQUIRE.
1657 2035. [func] Make falling back to TCP on UDP refresh failure
1658 optional. Default "try-tcp-refresh yes;" for BIND 8
1659 compatibility. [RT #16123]
1661 2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
1663 2033. [bug] We weren't creating multiple client memory contexts
1664 on demand as expected. [RT #16095]
1666 2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074]
1668 2031. [bug] Emit a error message when "rndc refresh" is called on
1669 a non slave/stub zone. [RT # 16073]
1671 2030. [bug] We were being overly conservative when disabling
1672 openssl engine support. [RT #16030]
1674 2029. [bug] host printed out the server multiple times when
1675 specified on the command line. [RT #15992]
1677 2028. [port] linux: socket.c compatibility for old systems.
1680 2027. [port] libbind: Solaris x86 support. [RT #16020]
1682 2026. [bug] Rate limit the two recursive client exceeded messages.
1685 2025. [func] Update "zone serial unchanged" message. [RT #16026]
1687 2024. [bug] named emitted spurious "zone serial unchanged"
1688 messages on reload. [RT #16027]
1690 2023. [bug] "make install" should create ${localstatedir}/run and
1691 ${sysconfdir} if they do not exist. [RT #16033]
1693 2022. [bug] If dnssec validation is disabled only assert CD if
1694 CD was requested. [RT #16037]
1696 2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037]
1698 2020. [bug] rdataset_setadditional() could leak memory. [RT #16034]
1700 2019. [tuning] Reduce the amount of work performed per quantum
1701 when cleaning the cache. [RT #15986]
1703 2018. [bug] Checking if the HMAC MD5 private file was broken.
1706 2017. [bug] allow-query default was not correct. [RT #15946]
1708 2016. [bug] Return a partial answer if recursion is not
1709 allowed but requested and we had the answer
1710 to the original qname. [RT #15945]
1712 2015. [cleanup] use-additional-cache is now acache-enable for
1713 consistency. Default acache-enable off in BIND 9.4
1714 as it requires memory usage to be configured.
1715 It may be enabled by default in BIND 9.5 once we
1716 have more experience with it.
1718 2014. [func] Statistics about acache now recorded and sent
1721 2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
1722 responses more gracefully. [RT #15941]
1724 2012. [func] Don't insert new acache entries if acache is full.
1727 2011. [func] dnssec-signzone can now update the SOA record of
1728 the signed zone, either as an increment or as the
1729 system time(). [RT #15633]
1731 2010. [placeholder] rt15958
1733 2009. [bug] libbind: Coverity fixes. [RT #15808]
1735 2008. [func] It is now possible to enable/disable DNSSEC
1736 validation from rndc. This is useful for the
1737 mobile hosts where the current connection point
1738 breaks DNSSEC (firewall/proxy). [RT #15592]
1740 rndc validation newstate [view]
1742 2007. [func] It is now possible to explicitly enable DNSSEC
1743 validation. default dnssec-validation no; to
1744 be changed to yes in 9.5.0. [RT #15674]
1746 2006. [security] Allow-query-cache and allow-recursion now default
1747 to the built in acls "localnets" and "localhost".
1749 This is being done to make caching servers less
1750 attractive as reflective amplifying targets for
1751 spoofed traffic. This still leave authoritative
1754 The best fix is for full BCP 38 deployment to
1755 remove spoofed traffic.
1757 2005. [bug] libbind: Retransmission timeouts should be
1758 based on which attempt it is to the nameserver
1759 and not the nameserver itself. [RT #13548]
1761 2004. [bug] dns_tsig_sign() could pass a NULL pointer to
1762 dst_context_destroy() when cleaning up after a
1765 2003. [bug] libbind: The DNS name/address lookup functions could
1766 occasionally follow a random pointer due to
1767 structures not being completely zeroed. [RT #15806]
1769 2002. [bug] libbind: tighten the constraints on when
1770 struct addrinfo._ai_pad exists. [RT #15783]
1772 2001. [func] Check the KSK flag when updating a secure dynamic zone.
1773 New zone option "update-check-ksk yes;". [RT #15817]
1775 2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812]
1777 1999. [func] Implement "rrset-order fixed". [RT #13662]
1779 1998. [bug] Restrict handling of fifos as sockets to just SunOS.
1780 This allows named to connect to entropy gathering
1781 daemons that use fifos instead of sockets. [RT #15840]
1783 1997. [bug] Named was failing to replace negative cache entries
1784 when a positive one for the type was learnt.
1787 1996. [bug] nsupdate: if a zone has been specified it should
1788 appear in the output of 'show'. [RT #15797]
1790 1995. [bug] 'host' was reporting multiple "is an alias" messages.
1793 1994. [port] OpenSSL 0.9.8 support. [RT #15694]
1795 1993. [bug] Log messages, via syslog, were missing the space
1796 after the timestamp if "print-time yes" was specified.
1799 1992. [bug] Not all incoming zone transfer messages included the
1802 1991. [cleanup] The configuration data, once read, should be treated
1803 as read only. Expand the use of const to enforce this
1804 at compile time. [RT #15813]
1806 1990. [bug] libbind: isc's override of broken gettimeofday()
1807 implementations was not always effective.
1810 1989. [bug] win32: don't check the service password when
1811 re-installing. [RT #15882]
1813 1988. [bug] Remove a bus error from the SHA256/SHA512 support.
1816 1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
1818 1986. [func] Report when a zone is removed. [RT #15849]
1820 1985. [protocol] DLV has now been assigned a official type code of
1823 Note: care should be taken to ensure you upgrade
1824 both named and dnssec-signzone at the same time for
1825 zones with DLV records where named is the master
1826 server for the zone. Also any zones that contain
1827 DLV records should be removed when upgrading a slave
1828 zone. You do not however have to upgrade all
1829 servers for a zone with DLV records simultaneously.
1831 1984. [func] dig, nslookup and host now advertise a 4096 byte
1832 EDNS UDP buffer size by default. [RT #15855]
1834 1983. [func] Two new update policies. "selfsub" and "selfwild".
1837 1982. [bug] DNSKEY was being accepted on the parent side of
1838 a delegation. KEY is still accepted there for
1839 RFC 3007 validated updates. [RT #15620]
1841 1981. [bug] win32: condition.c:wait() could fail to reattain
1844 1980. [func] dnssec-signzone: output the SOA record as the
1845 first record in the signed zone. [RT #15758]
1847 1979. [port] linux: allow named to drop core after changing
1848 user ids. [RT #15753]
1850 1978. [port] Handle systems which have a broken recvmsg().
1853 1977. [bug] Silence noisy log message. [RT #15704]
1855 1976. [bug] Handle systems with no IPv4 addresses. [RT #15695]
1857 1975. [bug] libbind: isc_gethexstring() could misparse multi-line
1858 hex strings with comments. [RT #15814]
1860 1974. [doc] List each of the zone types and associated zone
1861 options separately in the ARM.
1863 1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
1864 HMACSHA512 support. [RT #13606]
1866 1972. [contrib] DBUS dynamic forwarders integration from
1867 Jason Vas Dias <jvdias@redhat.com>.
1869 1971. [port] linux: make detection of missing IF_NAMESIZE more
1872 1970. [bug] nsupdate: adjust UDP timeout when falling back to
1873 unsigned SOA query. [RT #15775]
1875 1969. [bug] win32: the socket code was freeing the socket
1876 structure too early. [RT #15776]
1878 1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
1880 1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
1882 1966. [bug] Don't set CD when we have fallen back to plain DNS.
1885 1965. [func] Suppress spurious "recusion requested but not
1886 available" warning with 'dig +qr'. [RT #15780].
1888 1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
1890 1963. [port] Tru64 4.0E doesn't support send() and recv().
1893 1962. [bug] Named failed to clear old update-policy when it
1894 was removed. [RT #15491]
1896 1961. [bug] Check the port and address of responses forwarded
1897 to dispatch. [RT #15474]
1899 1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
1902 1959. [func] Control the zeroing of the negative response TTL to
1903 a soa query. Defaults "zero-no-soa-ttl yes;" and
1904 "zero-no-soa-ttl-cache no;". [RT #15460]
1906 1958. [bug] Named failed to update the zone's secure state
1907 until the zone was reloaded. [RT #15412]
1909 1957. [bug] Dig mishandled responses to class ANY queries.
1912 1956. [bug] Improve cross compile support, 'gen' is now built
1913 by native compiler. See README for additional
1914 cross compile support information. [RT #15148]
1916 1955. [bug] Pre-allocate the cache cleaning iterator. [RT #14998]
1918 1954. [func] Named now falls back to advertising EDNS with a
1919 512 byte receive buffer if the initial EDNS queries
1922 1953. [func] The maximum EDNS UDP response named will send can
1923 now be set in named.conf (max-udp-size). This is
1924 independent of the advertised receive buffer
1925 (edns-udp-size). [RT #14852]
1927 1952. [port] hpux: tell the linker to build a runtime link
1928 path "-Wl,+b:". [RT #14816].
1930 1951. [security] Drop queries from particular well known ports.
1931 Don't return FORMERR to queries from particular
1932 well known ports. [RT #15636]
1934 1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
1935 a TCP socket. This prevents the source address being
1936 set for TCP connections. [RT #15628]
1938 1949. [func] Addition memory leakage checks. [RT #15544]
1940 1948. [bug] If was possible to trigger a REQUIRE failure in
1941 xfrin.c:maybe_free() if named ran out of memory.
1944 1947. [func] It is now possible to configure named to accept
1945 expired RRSIGs. Default "dnssec-accept-expired no;".
1946 Setting "dnssec-accept-expired yes;" leaves named
1947 vulnerable to replay attacks. [RT #14685]
1949 1946. [bug] resume_dslookup() could trigger a REQUIRE failure
1950 when using forwarders. [RT #15549]
1952 1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
1953 To generate a RSAMD5 key you must explicitly request
1956 1944. [cleanup] isc_hash_create() does not need a read/write lock.
1959 1943. [bug] Set the loadtime after rolling forward the journal.
1962 1942. [bug] If the name of a DNSKEY match that of one in
1963 trusted-keys do not attempt to validate the DNSKEY
1964 using the parents DS RRset. [RT #15649]
1966 1941. [bug] ncache_adderesult() should set eresult even if no
1967 rdataset is passed to it. [RT #15642]
1969 1940. [bug] Fixed a number of error conditions reported by
1972 1939. [bug] The resolver could dereference a null pointer after
1973 validation if all the queries have timed out.
1976 1938. [bug] The validator was not correctly handling unsecure
1977 negative responses at or below a SEP. [RT #15528]
1979 1937. [bug] sdlz doesn't handle RRSIG records. [RT #15564]
1981 1936. [bug] The validator could leak memory. [RT #15544]
1983 1935. [bug] 'acache' was DO sensitive. [RT #15430]
1985 1934. [func] Validate pending NS RRsets, in the authority section,
1986 prior to returning them if it can be done without
1987 requiring DNSKEYs to be fetched. [RT #15430]
1989 1933. [bug] dump_rdataset_raw() had a incorrect INSIST. [RT #15534]
1991 1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
1993 1931. [bug] Per-client mctx could require a huge amount of memory,
1994 particularly for a busy caching server. [RT #15519]
1996 1930. [port] HPUX: ia64 support. [RT #15473]
1998 1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
2000 1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
2002 1927. [bug] Access to soanode or nsnode in rbtdb violated the
2003 lock order rule and could cause a dead lock.
2006 1926. [bug] The Windows installer did not check for empty
2007 passwords. BINDinstall was being installed in
2008 the wrong place. [RT #15483]
2010 1925. [port] All outer level AC_TRY_RUNs need cross compiling
2011 defaults. [RT #15469]
2013 1924. [port] libbind: hpux ia64 support. [RT #15473]
2015 1923. [bug] ns_client_detach() called too early. [RT #15499]
2017 1922. [bug] check-tool.c:setup_logging() missing call to
2018 dns_log_setcontext().
2020 1921. [bug] Client memory contexts were not using internal
2023 1920. [bug] The cache rbtdb lock array was too small to
2024 have the desired performance characteristics.
2027 1919. [contrib] queryperf: a set of new features: collecting/printing
2028 response delays, printing intermediate results, and
2029 adjusting query rate for the "target" qps.
2031 1918. [bug] Memory leak when checking acls. [RT #15391]
2033 1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
2034 when generating man pages. [RT #15385]
2036 1916. [func] Integrate contributed IDN code from JPNIC. [RT #15383]
2038 1915. [bug] dig +ndots was broken. [RT #15215]
2040 1914. [protocol] DS is required to accept mnemonic algorithms
2041 (RFC 4034). Still emit numeric algorithms for
2042 compatibility with RFC 3658. [RT #15354]
2044 1913. [func] Integrate contributed DLZ code into named. [RT #11382]
2046 1912. [port] aix: atomic locking for powerpc. [RT #15020]
2048 1911. [bug] Update windows socket code. [RT #14965]
2050 1910. [bug] dig's +sigchase code overhauled. [RT #14933]
2052 1909. [bug] The DLV code has been re-worked to make no longer
2053 query order sensitive. [RT #14933]
2055 1908. [func] dig now warns if 'RA' is not set in the answer when
2056 'RD' was set in the query. host/nslookup skip servers
2057 that fail to set 'RA' when 'RD' is set unless a server
2058 is explicitly set. [RT #15005]
2060 1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
2063 1906. [func] dig now has a '-q queryname' and '+showsearch' options.
2066 1905. [bug] Strings returned from cfg_obj_asstring() should be
2067 treated as read-only. The prototype for
2068 cfg_obj_asstring() has been updated to reflect this.
2071 1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
2072 friends. Note: RFC 1918 zones are not yet covered by
2073 this but are likely to be in a future release.
2075 New options: empty-server, empty-contact,
2076 empty-zones-enable and disable-empty-zone.
2078 1903. [func] ISC string copy API.
2080 1902. [func] Attempt to make the amount of work performed in a
2081 iteration self tuning. The covers nodes clean from
2082 the cache per iteration, nodes written to disk when
2083 rewriting a master file and nodes destroyed per
2084 iteration when destroying a zone or a cache.
2087 1901. [cleanup] Don't add DNSKEY records to the additional section.
2089 1900. [bug] ixfr-from-differences failed to ensure that the
2090 serial number increased. [RT #15036]
2092 1899. [func] named-checkconf now validates update-policy entries.
2095 1898. [bug] Extend ISC_SOCKADDR_FORMATSIZE and
2096 ISC_NETADDR_FORMATSIZE to allow for scope details.
2098 1897. [func] x86 and x86_64 now have separate atomic locking
2101 1896. [bug] Recursive clients soft quota support wasn't working
2102 as expected. [RT #15103]
2104 1895. [bug] A escaped character is, potentially, converted to
2105 the output character set too early. [RT #14666]
2107 1894. [doc] Review ARM for BIND 9.4.
2109 1893. [port] Use uintptr_t if available. [RT #14606]
2111 1892. [func] Support for SPF rdata type. [RT #15033]
2113 1891. [port] freebsd: pthread_mutex_init can fail if it runs out
2114 of memory. [RT #14995]
2116 1890. [func] Raise the UDP receive buffer size to 32k if it is
2117 less than 32k. [RT #14953]
2119 1889. [port] sunos: non blocking i/o support. [RT #14951]
2121 1888. [func] Support for IPSECKEY rdata type. [RT #14967]
2123 1887. [bug] The cache could delete expired records too fast for
2124 clients with a virtual time in the past. [RT #14991]
2126 1886. [bug] fctx_create() could return success even though it
2129 1885. [func] dig: report the number of extra bytes still left in
2130 the packet after processing all the records.
2132 1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>.
2134 1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug
2137 1882. [func] Limit the number of recursive clients that can be
2138 waiting for a single query (<qname,qtype,qclass>) to
2139 resolve. New options clients-per-query and
2140 max-clients-per-query.
2142 1881. [func] Add a system test for named-checkconf. [RT #14931]
2144 1880. [func] The lame cache is now done on a <qname,qclass,qtype>
2145 basis as some servers only appear to be lame for
2146 certain query types. [RT #14916]
2148 1879. [func] "USE INTERNAL MALLOC" is now runtime selectable.
2151 1878. [func] Detect duplicates of UDP queries we are recursing on
2152 and drop them. New stats category "duplicate".
2155 1877. [bug] Fix unreasonably low quantum on call to
2156 dns_rbt_destroy2(). Remove unnecessary unhash_node()
2159 1876. [func] Additional memory debugging support to track size
2160 and mctx arguments. [RT #14814]
2162 1875. [bug] process_dhtkey() was using the wrong memory context
2163 to free some memory. [RT #14890]
2165 1874. [port] sunos: portability fixes. [RT #14814]
2167 1873. [port] win32: isc__errno2result() now reports its caller.
2170 1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
2174 1870. [func] Added framework for handling multiple EDNS versions.
2177 1869. [func] dig can now specify the EDNS version when making
2178 a query. [RT #14873]
2180 1868. [func] edns-udp-size can now be overridden on a per
2181 server basis. [RT #14851]
2183 1867. [bug] It was possible to trigger a INSIST in
2184 dlv_validatezonekey(). [RT #14846]
2186 1866. [bug] resolv.conf parse errors were being ignored by
2187 dig/host/nslookup. [RT #14841]
2189 1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
2190 bad addresses. [RT #14841]
2192 1864. [bug] Don't try the alternative transfer source if you
2193 got a answer / transfer with the main source
2194 address. [RT #14802]
2196 1863. [bug] rrset-order "fixed" error messages not complete.
2198 1862. [func] Add additional zone data constancy checks.
2199 named-checkzone has extended checking of NS, MX and
2200 SRV record and the hosts they reference.
2201 named has extended post zone load checks.
2202 New zone options: check-mx and integrity-check.
2205 1861. [bug] dig could trigger a INSIST on certain malformed
2206 responses. [RT #14801]
2208 1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
2209 incorrectly set. [RT #14775]
2211 1859. [func] Add support for CH A record. [RT #14695]
2213 1858. [bug] The flush-zones-on-shutdown option wasn't being
2216 1857. [bug] named could trigger a INSIST() if reconfigured /
2217 reloaded too fast. [RT #14673]
2219 1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
2222 1855. [bug] ixfr-from-differences was failing to detect changes
2223 of ttl due to dns_diff_subtract() was ignoring the ttl
2224 of records. [RT #14616]
2226 1854. [bug] lwres also needs to know the print format for
2227 (long long). [RT #13754]
2229 1853. [bug] Rework how DLV interacts with proveunsecure().
2232 1852. [cleanup] Remove last vestiges of dnssec-signkey and
2233 dnssec-makekeyset (removed from Makefile years ago).
2235 1851. [doc] Doxygen comment markup. [RT #11398]
2237 1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
2239 1849. [doc] All forms of the man pages (docbook, man, html) should
2240 have consistent copyright dates.
2242 1848. [bug] Improve SMF integration. [RT #13238]
2244 1847. [bug] isc_ondestroy_init() is called too late in
2245 dns_rbtdb_create()/dns_rbtdb64_create().
2248 1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
2249 <bortzmeyer@nic.fr>.
2251 1845. [bug] Improve error reporting to distinguish between
2252 accept()/fcntl() and socket()/fcntl() errors.
2255 1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
2256 for each 16 bit piece of the IPv6 address. The text
2257 representation of a IPv6 address has been tightened
2258 to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
2261 1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps
2262 when CFLAGS contains "-I /usr/local/include"
2263 resulting in old header files being used.
2265 1842. [port] cmsg_len() could produce incorrect results on
2266 some platform. [RT #13744]
2268 1841. [bug] "dig +nssearch" now makes a recursive query to
2269 find the list of nameservers to query. [RT #13694]
2271 1840. [func] dnssec-signzone can now randomize signature end times
2272 (dnssec-signzone -j jitter). [RT #13609]
2274 1839. [bug] <isc/hash.h> was not being installed.
2276 1838. [cleanup] Don't allow Linux capabilities to be inherited.
2279 1837. [bug] Compile time option ISC_FACILITY was not effective
2280 for 'named -u <user>'. [RT #13714]
2282 1836. [cleanup] Silence compiler warnings in hash_test.c.
2284 1835. [bug] Update dnssec-signzone's usage message. [RT #13657]
2286 1834. [bug] Bad memset in rdata_test.c. [RT #13658]
2288 1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660]
2290 1832. [bug] named fails to return BADKEY on unknown TSIG algorithm.
2293 1831. [doc] Update named-checkzone documentation. [RT#13604]
2295 1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
2297 1829. [bug] win32: "pid-file none;" broken. [RT #13563]
2299 1828. [bug] isc_rwlock_init() failed to properly cleanup if it
2300 encountered a error. [RT #13549]
2302 1827. [bug] host: update usage message for '-a'. [RT #37116]
2304 1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out
2305 of memory error. [RT #13537]
2307 1825. [bug] Missing UNLOCK() on out of memory error from in
2308 rbtdb.c:subtractrdataset(). [RT #13519]
2310 1824. [bug] Memory leak on dns_zone_setdbtype() failure.
2313 1823. [bug] Wrong macro used to check for point to point interface.
2316 1822. [bug] check-names test for RT was reversed. [RT #13382]
2320 1820. [bug] Gracefully handle acl loops. [RT #13659]
2322 1819. [bug] The validator needed to check both the algorithm and
2323 digest types of the DS to determine if it could be
2324 used to introduce a secure zone. [RT #13593]
2326 1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599]
2328 1817. [func] Add support for additional zone file formats for
2329 improving loading performance. The masterfile-format
2330 option in named.conf can be used to specify a
2331 non-default format. A separate command
2332 named-compilezone was provided to generate zone files
2333 in the new format. Additionally, the -I and -O options
2334 for dnssec-signzone specify the input and output
2337 1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
2340 1815. [bug] nsupdate triggered a REQUIRE if the server was set
2341 without also setting the zone and it encountered
2342 a CNAME and was using TSIG. [RT #13086]
2344 1814. [func] UNIX domain controls are now supported.
2346 1813. [func] Restructured the data locking framework using
2347 architecture dependent atomic operations (when
2348 available), improving response performance on
2349 multi-processor machines significantly.
2350 x86, x86_64, alpha, powerpc, and mips are currently
2353 1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
2356 1811. [func] Preserve the case of domain names in rdata during
2357 zone transfers. [RT #13547]
2359 1810. [bug] configure, lib/bind/configure make different default
2360 decisions about whether to do a threaded build.
2363 1809. [bug] "make distclean" failed for libbind if the platform
2366 1808. [bug] zone.c:notify_zone() contained a race condition,
2367 zone->db could change underneath it. [RT #13511]
2369 1807. [bug] When forwarding (forward only) set the active domain
2370 from the forward zone name. [RT #13526]
2372 1806. [bug] The resolver returned the wrong result when a CNAME /
2373 DNAME was encountered when fetching glue from a
2374 secure namespace. [RT #13501]
2376 1805. [bug] Pending status was not being cleared when DLV was
2379 1804. [bug] Ensure that if we are queried for glue that it fits
2380 in the additional section or TC is set to tell the
2381 client to retry using TCP. [RT #10114]
2383 1803. [bug] dnssec-signzone sometimes failed to remove old
2386 1802. [bug] Handle connection resets better. [RT #11280]
2388 1801. [func] Report differences between hints and real NS rrset
2389 and associated address records.
2391 1800. [bug] Changes #1719 allowed a INSIST to be triggered.
2394 1799. [bug] 'rndc flushname' failed to flush negative cache
2395 entries. [RT #13438]
2397 1798. [func] The server syntax has been extended to support a
2398 range of servers. [RT #11132]
2400 1797. [func] named-checkconf now check acls to verify that they
2401 only refer to existing acls. [RT #13101]
2403 1796. [func] "rndc freeze/thaw" now freezes/thaws all zones.
2405 1795. [bug] "rndc dumpdb" was not fully documented. Minor
2406 formating issues with "rndc dumpdb -all". [RT #13396]
2408 1794. [func] Named and named-checkzone can now both check for
2409 non-terminal wildcard records.
2411 1793. [func] Extend adjusting TTL warning messages. [RT #13378]
2413 1792. [func] New zone option "notify-delay". Specify a minimum
2414 delay between sets of NOTIFY messages.
2416 1791. [bug] 'host -t a' still printed out AAAA and MX records.
2419 1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
2420 allow parallel make to succeed.
2422 1789. [bug] Prerequisite test for tkey and dnssec could fail
2423 with "configure --with-libtool".
2425 1788. [bug] libbind9.la/libbind9.so needs to link against
2426 libisccfg.la/libisccfg.so.
2428 1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.
2430 1786. [port] AIX: libt_api needs to be taught to look for
2431 T_testlist in the main executable (--with-libtool).
2434 1785. [bug] libbind9.la/libbind9.so needs to link against
2435 libisc.la/libisc.so.
2437 1784. [cleanup] "libtool -allow-undefined" is the default.
2438 Leave hooks in configure to allow it to be set
2439 if needed in the future.
2441 1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the
2444 1782. [port] OSX: --with-libtool + --enable-libbind broke on
2445 __evOptMonoTime. [RT #13219]
2447 1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
2449 1780. [bug] Update libtool to 1.5.10.
2451 1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
2453 1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
2454 IN6ADDR_LOOPBACK_INIT macros.
2456 1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
2457 IN6ADDR_LOOPBACK_INIT macros.
2459 1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
2460 IN6ADDR_LOOPBACK_INIT macros.
2462 1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
2464 1774. [port] Aix: Silence compiler warnings / build failures.
2467 1773. [bug] Fast retry on host / net unreachable. [RT #13153]
2473 1770. [bug] named-checkconf failed to report missing a missing
2474 file clause for rbt{64} master/hint zones. [RT#13009]
2476 1769. [port] win32: change compiler flags /MTd ==> /MDd,
2479 1768. [bug] nsecnoexistnodata() could be called with a non-NSEC
2480 rdataset. [RT #12907]
2482 1767. [port] Builds on IPv6 platforms without IPv6 Advanced API
2483 support for (struct in6_pktinfo) failed. [RT #13077]
2485 1766. [bug] Update the master file timestamp on successful refresh
2486 as well as the journal's timestamp. [RT# 13062]
2488 1765. [bug] configure --with-openssl=auto failed. [RT #12937]
2490 1764. [bug] dns_zone_replacedb failed to emit a error message
2491 if there was no SOA record in the replacement db.
2494 1763. [func] Perform sanity checks on NS records which refer to
2495 'in zone' names. [RT #13002]
2497 1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS
2498 even when it failed. [RT #12995]
2500 1761. [bug] 'rndc dumpdb' didn't report unassociated entries.
2503 1760. [bug] Host / net unreachable was not penalising rtt
2504 estimates. [RT #12970]
2506 1759. [bug] Named failed to startup if the OS supported IPv6
2507 but had no IPv6 interfaces configured. [RT #12942]
2509 1758. [func] Don't send notify messages to self. [RT #12933]
2511 1757. [func] host now can turn on memory debugging flags with '-m'.
2513 1756. [func] named-checkconf now checks the logging configuration.
2516 1755. [func] allow-update is now settable at the options / view
2519 1754. [bug] We weren't always attempting to query the parent
2520 server for the DS records at the zone cut.
2523 1753. [bug] Don't serve a slave zone which has no NS records.
2526 1752. [port] Move isc_app_start() to after ns_os_daemonise()
2527 as some fork() implementations unblock the signals
2528 that are blocked by isc_app_start(). [RT #12810]
2530 1751. [bug] --enable-getifaddrs failed under linux. [RT #12867]
2532 1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
2535 1749. [bug] 'check-names response ignore;' failed to ignore.
2538 1748. [func] dig now returns the byte count for axfr/ixfr.
2540 1747. [bug] BIND 8 compatibility: named/named-checkconf failed
2541 to parse "host-statistics-max" in named.conf.
2543 1746. [func] Make public the function to read a key file,
2544 dst_key_read_public(). [RT #12450]
2546 1745. [bug] Dig/host/nslookup accept replies from link locals
2547 regardless of scope if no scope was specified when
2548 query was sent. [RT #12745]
2550 1744. [bug] If tuple2msgname() failed to convert a tuple to
2551 a name a REQUIRE could be triggered. [RT #12796]
2553 1743. [bug] If isc_taskmgr_create() was not able to create the
2554 requested number of worker threads then destruction
2555 of the manager would trigger an INSIST() failure.
2558 1742. [bug] Deleting all records at a node then adding a
2559 previously existing record, in a single UPDATE
2560 transaction, failed to leave / regenerate the
2561 associated RRSIG records. [RT #12788]
2563 1741. [bug] Deleting all records at a node in a secure zone
2564 using a update-policy grant failed. [RT #12787]
2566 1740. [bug] Replace rbt's hash algorithm as it performed badly
2567 with certain zones. [RT #12729]
2569 NOTE: a hash context now needs to be established
2570 via isc_hash_create() if the application was not
2573 1739. [bug] dns_rbt_deletetree() could incorrectly return
2574 ISC_R_QUOTA. [RT #12695]
2576 1738. [bug] Enable overrun checking by default. [RT #12695]
2578 1737. [bug] named failed if more than 16 masters were specified.
2581 1736. [bug] dst_key_fromnamedfile() could fail to read a
2582 public key. [RT #12687]
2584 1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
2587 1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path.
2590 1733. [bug] Return non-zero exit status on initial load failure.
2593 1732. [bug] 'rrset-order name "*"' wasn't being applied to ".".
2596 1731. [port] darwin: relax version test in ifconfig.sh.
2599 1730. [port] Determine the length type used by the socket API.
2602 1729. [func] Improve check-names error messages.
2604 1728. [doc] Update check-names documentation.
2606 1727. [bug] named-checkzone: check-names support didn't match
2609 1726. [port] aix5: add support for aix5.
2611 1725. [port] linux: update error message on interaction of threads,
2612 capabilities and setuid support (named -u). [RT #12541]
2614 1724. [bug] Look for DNSKEY records with "dig +sigtrace".
2617 1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
2619 1722. [bug] Don't commit the journal on malformed ixfr streams.
2622 1721. [bug] Error message from the journal processing were not
2623 always identifying the relevant journal. [RT #12519]
2625 1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1
2626 negative response. [RT #12506]
2628 1719. [bug] named was not correctly caching a RFC 2308 Type 1
2629 negative response. [RT #12506]
2631 1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative
2632 responses when looking for the zone / master server.
2635 1717. [port] solaris: ifconfig.sh did not support Solaris 10.
2636 "ifconfig.sh down" didn't work for Solaris 9.
2638 1716. [doc] named.conf(5) was being installed in the wrong
2639 location. [RT# 12441]
2641 1715. [func] 'dig +trace' now randomly selects the next servers
2642 to try. Report if there is a bad delegation.
2644 1714. [bug] dig/host/nslookup were only trying the first
2645 address when a nameserver was specified by name.
2648 1713. [port] linux: extend capset failure message to say:
2649 please ensure that the capset kernel module is
2650 loaded. see insmod(8)
2652 1712. [bug] Missing FULLCHECK for "trusted-key" in dig.
2654 1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'.
2656 1710. [func] 'rndc notify zone [class [view]]' resend the NOTIFY
2657 messages for the specified zone. [RT #9479]
2659 1709. [port] solaris: add SMF support from Sun.
2661 1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
2662 for conformance to the name space convention. Binary
2663 backward compatibility to the old function name is
2664 provided. [RT #12376]
2666 1707. [contrib] sdb/ldap updated to version 1.0-beta.
2668 1706. [bug] 'rndc stop' failed to cause zones to be flushed
2669 sometimes. [RT #12328]
2671 1705. [func] Allow the journal's name to be changed via named.conf.
2673 1704. [port] lwres needed a snprintf() implementation for
2674 platforms without snprintf(). Add missing
2675 "#include <isc/print.h>". [RT #12321]
2677 1703. [bug] named would loop sending NOTIFY messages when it
2678 failed to receive a response. [RT #12322]
2680 1702. [bug] also-notify should not be applied to built in zones.
2683 1701. [doc] A minimal named.conf man page.
2685 1700. [func] nslookup is no longer to be treated as deprecated.
2686 Remove "deprecated" warning message. Add man page.
2688 1699. [bug] dnssec-signzone can generate "not exact" errors
2689 when resigning. [RT #12281]
2691 1698. [doc] Use reserved IPv6 documentation prefix.
2693 1697. [bug] xxx-source{,-v6} was not effective when it
2694 specified one of listening addresses and a
2695 different port than the listening port. [RT #12257]
2697 1696. [bug] dnssec-signzone failed to clean out nodes that
2698 consisted of only NSEC and RRSIG records.
2701 1695. [bug] DS records when forwarding require special handling.
2704 1694. [bug] Report if the builtin views of "_default" / "_bind"
2705 are defined in named.conf. [RT #12023]
2707 1693. [bug] max-journal-size was not effective for master zones
2708 with ixfr-from-differences set. [RT# 12024]
2710 1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
2711 /usr/lib. [RT #11971]
2713 1691. [bug] sdb's attachversion was not complete. [RT #11990]
2715 1690. [bug] Delay detaching view from the client until UPDATE
2716 processing completes when shutting down. [RT #11714]
2718 1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
2719 contained gratuitous semicolons. [RT #11707]
2721 1688. [bug] LDFLAGS was not supported.
2723 1687. [bug] Race condition in dispatch. [RT #10272]
2725 1686. [bug] Named sent a extraneous NOTIFY when it received a
2726 redundant UPDATE request. [RT #11943]
2728 1685. [bug] Change #1679 loop tests weren't quite right.
2730 1684. [func] ixfr-from-differences now takes master and slave in
2731 addition to yes and no at the options and view levels.
2733 1683. [bug] dig +sigchase could leak memory. [RT #11445]
2735 1682. [port] Update configure test for (long long) printf format.
2738 1681. [bug] Only set SO_REUSEADDR when a port is specified in
2739 isc_socket_bind(). [RT #11742]
2741 1680. [func] rndc: the source address can now be specified.
2743 1679. [bug] When there was a single nameserver with multiple
2744 addresses for a zone not all addresses were tried.
2747 1678. [bug] RRSIG should use TYPEXXXXX for unknown types.
2749 1677. [bug] dig: +aaonly didn't work, +aaflag undocumented.
2751 1676. [func] New option "allow-query-cache". This lets
2752 allow-query be used to specify the default zone
2753 access level rather than having to have every
2754 zone override the global value. allow-query-cache
2755 can be set at both the options and view levels.
2756 If allow-query-cache is not set allow-query applies.
2758 1675. [bug] named would sometimes add extra NSEC records to
2759 the authority section.
2761 1674. [port] linux: increase buffer size used to scan
2764 1673. [port] linux: issue a error messages if IPv6 interface
2767 1672. [cleanup] Tests which only function in a threaded build
2768 now return R:THREADONLY (rather than R:UNTESTED)
2769 in a non-threaded build.
2771 1671. [contrib] queryperf: add NAPTR to the list of known types.
2773 1670. [func] Log UPDATE requests to slave zones without an acl as
2774 "disabled" at debug level 3. [RT# 11657]
2778 1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
2780 1667. [port] linux: not all versions have IF_NAMESIZE.
2782 1666. [bug] The optional port on hostnames in dual-stack-servers
2785 1665. [func] rndc now allows addresses to be set in the
2788 1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.
2790 1663. [func] Look for OpenSSL by default.
2792 1662. [bug] Change #1658 failed to change one use of 'type'
2795 1661. [bug] Restore dns_name_concatenate() call in
2796 adb.c:set_target(). [RT #11582]
2798 1660. [bug] win32: connection_reset_fix() was being called
2799 unconditionally. [RT #11595]
2801 1659. [cleanup] Cleanup some messages that were referring to KEY vs
2802 DNSKEY, NXT vs NSEC and SIG vs RRSIG.
2804 1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
2805 and DH. Tighten which options apply to KEY and
2808 1657. [doc] ARM: document query log output.
2810 1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
2811 DNSKEY and RRSIG. [RT #11542]
2813 1655. [bug] Logging multiple versions w/o a size was broken.
2816 1654. [bug] isc_result_totext() contained array bounds read
2819 1653. [func] Add key type checking to dst_key_fromfilename(),
2820 DST_TYPE_KEY should be used to read TSIG, TKEY and
2823 1652. [bug] TKEY still uses KEY.
2825 1651. [bug] dig: process multiple dash options.
2827 1650. [bug] dig, nslookup: flush standard out after each command.
2829 1649. [bug] Silence "unexpected non-minimal diff" message.
2832 1648. [func] Update dnssec-lookaside named.conf syntax to support
2833 multiple dnssec-lookaside namespaces (not yet
2836 1647. [bug] It was possible trigger a INSIST when chasing a DS
2837 record that required walking back over a empty node.
2840 1646. [bug] win32: logging file versions didn't work with
2841 non-UNC filenames. [RT#11486]
2843 1645. [bug] named could trigger a REQUIRE failure if multiple
2844 masters with keys are specified.
2846 1644. [bug] Update the journal modification time after a
2847 successful refresh query. [RT #11436]
2849 1643. [bug] dns_db_closeversion() could leak memory / node
2850 references. [RT #11163]
2852 1642. [port] Support OpenSSL implementations which don't have
2853 DSA support. [RT #11360]
2855 1641. [bug] Update the check-names description in ARM. [RT #11389]
2857 1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
2858 incorrectly closing the socket. [RT #11291]
2860 1639. [func] Initial dlv system test.
2862 1638. [bug] "ixfr-from-differences" could generate a REQUIRE
2863 failure if the journal open failed. [RT #11347]
2865 1637. [bug] Node reference leak on error in addnoqname().
2867 1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
2868 a error had occurred. The database version no longer
2869 matched the version of the database that was dumped.
2871 1635. [bug] Memory leak on error in query_addds().
2873 1634. [bug] named didn't supply a useful error message when it
2874 detected duplicate views. [RT #11208]
2876 1633. [bug] named should return NOTIMP to update requests to a
2877 slaves without a allow-update-forwarding acl specified.
2880 1632. [bug] nsupdate failed to send prerequisite only UPDATE
2881 messages. [RT #11288]
2883 1631. [bug] dns_journal_compact() could sometimes corrupt the
2884 journal. [RT #11124]
2886 1630. [contrib] queryperf: add support for IPv6 transport.
2888 1629. [func] dig now supports IPv6 scoped addresses with the
2889 extended format in the local-server part. [RT #8753]
2891 1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]
2893 1627. [bug] win32: sockets were not being closed when the
2894 last external reference was removed. [RT# 11179]
2896 1626. [bug] --enable-getifaddrs was broken. [RT#11259]
2898 1625. [bug] named failed to load/transfer RFC2535 signed zones
2899 which contained CNAMES. [RT# 11237]
2901 1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
2903 1623. [bug] A serial number of zero was being displayed in the
2904 "sending notifies" log message when also-notify was
2907 1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
2908 available, and suppress wildcard binding if not.
2910 1621. [bug] match-destinations did not work for IPv6 TCP queries.
2913 1620. [func] When loading a zone report if it is signed. [RT #11149]
2915 1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
2918 1618. [bug] Fencepost errors in dns_name_ishostname() and
2919 dns_name_ismailbox() could trigger a INSIST().
2921 1617. [port] win32: VC++ 6.0 support.
2923 1616. [compat] Ensure that named's version is visible in the core
2926 1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
2929 1614. [port] win32: silence resource limit messages. [RT# 11101]
2931 1613. [bug] Builds would fail on machines w/o a if_nametoindex().
2932 Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
2935 1612. [bug] check-names at the option/view level could trigger
2936 an INSIST. [RT# 11116]
2938 1611. [bug] solaris: IPv6 interface scanning failed to cope with
2939 no active IPv6 interfaces.
2941 1610. [bug] On dual stack machines "dig -b" failed to set the
2942 address type to be looked up with "@server".
2945 1609. [func] dig now has support to chase DNSSEC signature chains.
2946 Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.
2948 DNSSEC validation code in dig coded by Olivier Courtay
2949 (olivier.courtay@irisa.fr) for the IDsA project
2950 (http://idsa.irisa.fr).
2952 1608. [func] dig and host now accept -4/-6 to select IP transport
2953 to use when making queries.
2955 1607. [bug] dig, host and nslookup were still using random()
2956 to generate query ids. [RT# 11013]
2958 1606. [bug] DLV insecurity proof was failing.
2960 1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
2962 1604. [bug] A xfrout_ctx_create() failure would result in
2963 xfrout_ctx_destroy() being called with a
2964 partially initialized structure.
2966 1603. [bug] nsupdate: set interactive based on isatty().
2969 1602. [bug] Logging to a file failed unless a size was specified.
2972 1601. [bug] Silence spurious warning 'both "recursion no;" and
2973 "allow-recursion" active' warning from view "_bind".
2976 1600. [bug] Duplicate zone pre-load checks were not case
2979 1599. [bug] Fix memory leak on error path when checking named.conf.
2981 1598. [func] Specify that certain parts of the namespace must
2982 be secure (dnssec-must-be-secure).
2984 1597. [func] Allow notify-source and query-source to be specified
2985 on a per server basis similar to transfer-source.
2988 1596. [func] Accept 'notify-source' style syntax for query-source.
2990 1595. [func] New notify type 'master-only'. Enable notify for
2993 1594. [bug] 'rndc dumpdb' could prevent named from answering
2994 queries while the dump was in progress. [RT #10565]
2996 1593. [bug] rndc should return "unknown command" to unknown
2997 commands. [RT# 10642]
2999 1592. [bug] configure_view() could leak a dispatch. [RT# 10675]
3001 1591. [bug] libbind: updated to BIND 8.4.5.
3003 1590. [port] netbsd: update thread support.
3005 1589. [func] DNSSEC lookaside validation.
3007 1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
3009 1587. [bug] dns_message_settsigkey() failed to clear existing key.
3012 1586. [func] "check-names" is now implemented.
3016 1584. [bug] "make test" failed with a read only source tree.
3019 1583. [bug] Records add via UPDATE failed to get the correct trust
3022 1582. [bug] rrset-order failed to work on RRsets with more
3023 than 32 elements. [RT #10381]
3025 1581. [func] Disable DNSSEC support by default. To enable
3026 DNSSEC specify "dnssec-enable yes;" in named.conf.
3028 1580. [bug] Zone destruction on final detach takes a long time.
3031 1579. [bug] Multiple task managers could not be created.
3033 1578. [bug] Don't use CLASS E IPv4 addresses when resolving.
3036 1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug
3037 workaround code. [RT #10331]
3039 1576. [bug] Race condition in dns_dispatch_addresponse().
3042 1575. [func] Log TSIG name on TSIG verify failure. [RT #4404]
3044 1574. [bug] Don't attempt to open the controls socket(s) when
3045 running tests. [RT #9091]
3047 1573. [port] linux: update to libtool 1.5.2 so that
3048 "make install DESTDIR=/xx" works with
3049 "configure --with-libtool". [RT #9941]
3051 1572. [bug] nsupdate: sign the soa query to find the enclosing
3052 zone if the server is specified. [RT #10148]
3054 1571. [bug] rbt:hash_node() could fail leaving the hash table
3055 in an inconsistent state. [RT #10208]
3057 1570. [bug] nsupdate failed to handle classes other than IN.
3058 New keyword 'class' which sets the default class.
3061 1569. [func] nsupdate new command 'answer' which displays the
3062 complete answer message to the last update.
3064 1568. [bug] nsupdate now reports that the update failed in
3065 interactive mode. [RT# 10236]
3067 1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
3069 1566. [port] Support for the cmsg framework on Solaris and HP/UX.
3070 This also solved the problem that match-destinations
3071 for IPv6 addresses did not work on these systems.
3074 1565. [bug] CD flag should be copied to outgoing queries unless
3075 the query is under a secure entry point in which case
3078 1564. [func] Attempt to provide a fallback entropy source to be
3079 used if named is running chrooted and named is unable
3080 to open entropy source within the chroot area.
3083 1563. [bug] Gracefully fail when unable to obtain neither an IPv4
3084 nor an IPv6 dispatch. [RT #10230]
3086 1562. [bug] isc_socket_create() and isc_socket_accept() could
3087 leak memory under error conditions. [RT #10230]
3089 1561. [bug] It was possible to release the same name twice if
3090 named ran out of memory. [RT #10197]
3092 1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
3093 and EAI_NONAME to the same value.
3095 1559. [port] named should ignore SIGFSZ.
3097 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
3098 child zones for which we don't have a supported
3099 algorithm. Such child zones are treated as unsigned.
3101 1557. [func] Implement missing DNSSEC tests for
3102 * NOQNAME proof with wildcard answers.
3103 * NOWILDARD proof with NXDOMAIN.
3104 Cache and return NOQNAME with wildcard answers.
3106 1556. [bug] nsupdate now treats all names as fully qualified.
3109 1555. [func] 'rrset-order cyclic' no longer has a random starting
3110 point per query. [RT #7572]
3112 1554. [bug] dig, host, nslookup failed when no nameservers
3113 were specified in /etc/resolv.conf. [RT #8232]
3115 1553. [bug] The windows socket code could stop accepting
3116 connections. [RT#10115]
3118 1552. [bug] Accept NOTIFY requests from mapped masters if
3119 matched-mapped is set. [RT #10049]
3121 1551. [port] Open "/dev/null" before calling chroot().
3123 1550. [port] Call tzset(), if available, before calling chroot().
3125 1549. [func] named-checkzone can now write out the zone contents
3126 in a easily parsable format (-D and -o).
3128 1548. [bug] When parsing APL records it was possible to silently
3129 accept out of range ADDRESSFAMILY values. [RT# 9979]
3131 1547. [bug] Named wasted memory recording duplicate lame zone
3134 1546. [bug] We were rejecting valid secure CNAME to negative
3137 1545. [bug] It was possible to leak memory if named was unable to
3138 bind to the specified transfer source and TSIG was
3139 being used. [RT #10120]
3141 1544. [bug] Named would logged a single entry to a file despite it
3142 being over the specified size limit.
3144 1543. [bug] Logging using "versions unlimited" did not work.
3148 1541. [func] NSEC now uses new bitmap format.
3150 1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
3153 1539. [bug] Open UDP sockets for notify-source and transfer-source
3154 that use reserved ports at startup. [RT #9475]
3156 1538. [placeholder] rt9997
3158 1537. [func] New option "querylog". If set specify whether query
3159 logging is to be enabled or disabled at startup.
3161 1536. [bug] Windows socket code failed to log a error description
3162 when returning ISC_R_UNEXPECTED. [RT #9998]
3166 1534. [bug] Race condition when priming cache. [RT# 9940]
3168 1533. [func] Warn if both "recursion no;" and "allow-recursion"
3169 are active. [RT# 4389]
3171 1532. [port] netbsd: the configure test for <sys/sysctl.h>
3172 requires <sys/param.h>.
3174 1531. [port] AIX more libtool fixes.
3176 1530. [bug] It was possible to trigger a INSIST() failure if a
3177 slave master file was removed at just the correct
3180 1529. [bug] "notify explicit;" failed to log that NOTIFY messages
3181 were being sent for the zone. [RT# 9442]
3183 1528. [cleanup] Simplify some dns_name_ functions based on the
3184 deprecation of bitstring labels.
3186 1527. [cleanup] Reduce the number of gettimeofday() calls without
3187 losing necessary timer granularity.
3189 1526. [func] Implemented "additional section caching (or acache)",
3190 an internal cache framework for additional section
3191 content to improve response performance. Several
3192 configuration options were provided to control the
3195 1525. [bug] dns_cache_create() could trigger a REQUIRE
3196 failure in isc_mem_put() during error cleanup.
3199 1524. [port] AIX needs to be able to resolve all symbols when
3200 creating shared libraries (--with-libtool).
3202 1523. [bug] Fix race condition in rbtdb. [RT# 9189]
3204 1522. [bug] dns_db_findnode() relax the requirements on 'name'.
3207 1521. [bug] dns_view_createresolver() failed to check the
3208 result from isc_mem_create(). [RT# 9294]
3210 1520. [protocol] Add SSHFP (SSH Finger Print) type.
3212 1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
3213 length of the new bitmap.
3215 1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(),
3216 contained a off-by-one error when working out the
3217 number of octets in the bitmap.
3219 1517. [port] Support for IPv6 interface scanning on HP/UX and
3222 1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
3224 1515. [func] Allow transfer source to be set in a server statement.
3227 1514. [bug] named: isc_hash_destroy() was being called too early.
3230 1513. [doc] Add "US" to root-delegation-only exclude list.
3232 1512. [bug] Extend the delegation-only logging to return query
3233 type, class and responding nameserver.
3235 1511. [bug] delegation-only was generating false positives
3236 on negative answers from sub-zones.
3238 1510. [func] New view option "root-delegation-only". Apply
3239 delegation-only check to all TLDs and root.
3240 Note there are some TLDs that are NOT delegation
3241 only (e.g. DE, LV, US and MUSEUM) these can be excluded
3242 from the checks by using exclude.
3244 root-delegation-only exclude {
3245 "DE"; "LV"; "US"; "MUSEUM";
3248 1509. [bug] Hint zones should accept delegation-only. Forward
3249 zone should not accept delegation-only.
3251 1508. [bug] Don't apply delegation-only checks to answers from
3254 1507. [bug] Handle BIND 8 style returns to NS queries to parents
3255 when making delegation-only checks.
3257 1506. [bug] Wrong return type for dns_view_isdelegationonly().
3259 1505. [bug] Uninitialized rdataset in sdb. [RT #8750]
3261 1504. [func] New zone type "delegation-only".
3263 1503. [port] win32: install libeay32.dll outside of system32.
3265 1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP.
3267 1501. [func] Allow TCP queue length to be specified via
3268 named.conf, tcp-listen-queue.
3270 1500. [bug] host failed to lookup MX records. Also look up
3273 1499. [bug] isc_random need to be seeded better if arc4random()
3276 1498. [port] bsdos: 5.x support.
3280 1496. [port] test for pthread_attr_setstacksize().
3282 1495. [cleanup] Replace hash functions with universal hash.
3284 1494. [security] Turn on RSA BLINDING as a precaution.
3288 1492. [cleanup] Preserve rwlock quota context when upgrading /
3289 downgrading. [RT #5599]
3291 1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
3294 1490. [bug] Accept reading state as well as working state in
3295 ns_client_next(). [RT #6813]
3297 1489. [compat] Treat 'allow-update' on slave zones as a warning.
3300 1488. [bug] Don't override trust levels for glue addresses.
3303 1487. [bug] A REQUIRE() failure could be triggered if a zone was
3304 queued for transfer and the zone was then removed.
3307 1486. [bug] isc_print_snprintf() '%%' consumed one too many format
3308 characters. [RT# 8230]
3310 1485. [bug] gen failed to handle high type values. [RT #6225]
3312 1484. [bug] The number of records reported after a AXFR was wrong.
3315 1483. [bug] dig axfr failed if the message id in the answer failed
3316 to match that in the request. Only the id in the first
3317 message is required to match. [RT #8138]
3319 1482. [bug] named could fail to start if the kernel supports
3320 IPv6 but no interfaces are configured. Similarly
3321 for IPv4. [RT #6229]
3323 1481. [bug] Refresh and stub queries failed to use masters keys
3324 if specified. [RT #7391]
3326 1480. [bug] Provide replay protection for rndc commands. Full
3327 replay protection requires both rndc and named to
3328 be updated. Partial replay protection (limited
3329 exposure after restart) is provided if just named
3332 1479. [bug] cfg_create_tuple() failed to handle out of
3333 memory cleanup. parse_list() would leak memory
3336 1478. [port] ifconfig.sh didn't account for other virtual
3337 interfaces. It now takes a optional argument
3338 to specify the first interface number. [RT #3907]
3340 1477. [bug] memory leak using stub zones and TSIG.
3344 1475. [port] Probe for old sprintf().
3346 1474. [port] Provide strtoul() and memmove() for platforms
3349 1473. [bug] create_map() and create_string() failed to handle out
3350 of memory cleanup. [RT #6813]
3352 1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
3354 1471. [bug] libbind: updated to BIND 8.4.0.
3356 1470. [bug] Incorrect length passed to snprintf. [RT #5966]
3358 1469. [func] Log end of outgoing zone transfer at same level
3359 as the start of transfer is logged. [RT #4441]
3361 1468. [func] Internal zones are no longer counted for
3362 'rndc status'. [RT #4706]
3364 1467. [func] $GENERATES now supports optional class and ttl.
3366 1466. [bug] lwresd configuration errors resulted in memory
3367 and lock leaks. [RT #5228]
3369 1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
3370 failed to check that trailing bits were zero allowing
3371 some invalid base64 strings to be accepted. [RT #5397]
3373 1464. [bug] Preserve "out of zone" data for outgoing zone
3374 transfers. [RT #5192]
3376 1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
3377 NXT bit maps. [RT #5577]
3379 1462. [bug] parse_sizeval() failed to check the token type.
3382 1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
3384 1460. [bug] inet_pton() failed to reject certain malformed
3389 1458. [cleanup] sprintf() -> snprintf().
3391 1457. [port] Provide strlcat() and strlcpy() for platforms without
3394 1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
3396 1455. [bug] <netaddr> missing from server grammar in
3397 doc/misc/options. [RT #5616]
3399 1454. [port] Use getifaddrs() if available for interface scanning.
3400 --disable-getifaddrs to override. Glibc currently
3401 has a getifaddrs() that does not support IPv6.
3402 Use --enable-getifaddrs=glibc to force the use of
3403 this version under linux machines.
3405 1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
3409 1451. [bug] rndc-confgen didn't exit with a error code for all
3410 failures. [RT #5209]
3412 1450. [bug] Fetching expired glue failed under certain
3413 circumstances. [RT #5124]
3415 1449. [bug] query_addbestns() didn't handle running out of memory
3418 1448. [bug] Handle empty wildcards labels.
3420 1447. [bug] We were casting (unsigned int) to and from (void *).
3421 rdataset->private4 is now rdataset->privateuint4
3422 to reflect a type change.
3424 1446. [func] Implemented undocumented alternate transfer sources
3425 from BIND 8. See use-alt-transfer-source,
3426 alt-transfer-source and alt-transfer-source-v6.
3428 SECURITY: use-alt-transfer-source is ENABLED unless
3429 you are using views. This may cause a security risk
3430 resulting in accidental disclosure of wrong zone
3431 content if the master supplying different source
3432 content based on IP address. If you are not certain
3433 ISC recommends setting use-alt-transfer-source no;
3435 1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
3436 been replaced with DNS_ADBFIND_STARTATZONE which
3437 causes the search to start using the closest zone.
3439 1444. [func] dns_view_findzonecut2() allows you to specify if the
3440 cache should be searched for zone cuts.
3442 1443. [func] Masters lists can now be specified and referenced
3443 in zone masters clauses and other masters lists.
3445 1442. [func] New functions for manipulating port lists:
3446 dns_portlist_create(), dns_portlist_add(),
3447 dns_portlist_remove(), dns_portlist_match(),
3448 dns_portlist_attach() and dns_portlist_detach().
3450 1441. [func] It is now possible to tell dig to bind to a specific
3453 1440. [func] It is now possible to tell named to avoid using
3454 certain source ports (avoid-v4-udp-ports,
3455 avoid-v6-udp-ports).
3457 1439. [bug] Named could return NOERROR with certain NOTIFY
3458 failures. Return NOTAUTH if the NOTIFY zone is
3461 1438. [func] Log TSIG (if any) when logging NOTIFY requests.
3463 1437. [bug] Leave space for stdio to work in. [RT #5033]
3465 1436. [func] dns_zonemgr_resumexfrs() can be used to restart
3468 1435. [bug] zmgr_resume_xfrs() was being called read locked
3469 rather than write locked. zmgr_resume_xfrs()
3470 was not being called if the zone was being
3473 1434. [bug] "rndc reconfig" failed to initiate the initial
3474 zone transfer of new slave zones.
3476 1433. [bug] named could trigger a REQUIRE failure if it could
3477 not get a file descriptor when attempting to write
3478 a master file. [RT #4347]
3480 1432. [func] The advertised EDNS UDP buffer size can now be set
3481 via named.conf (edns-udp-size).
3483 1431. [bug] isc_print_snprintf() "%s" with precision could walk off
3484 end of argument. [RT #5191]
3486 1430. [port] linux: IPv6 interface scanning support.
3488 1429. [bug] Prevent the cache getting locked to old servers.
3492 1427. [bug] Race condition in adb with threaded build.
3496 1425. [port] linux/libbind: define __USE_MISC when testing *_r()
3497 function prototypes in netdb.h. [RT #4921]
3499 1424. [bug] EDNS version not being correctly printed.
3501 1423. [contrib] queryperf: added A6 and SRV.
3503 1422. [func] Log name/type/class when denying a query. [RT #4663]
3505 1421. [func] Differentiate updates that don't succeed due to
3506 prerequisites (unsuccessful) vs other reasons
3509 1420. [port] solaris: work around gcc optimizer bug.
3511 1419. [port] openbsd: use /dev/arandom. [RT #4950]
3513 1418. [bug] 'rndc reconfig' did not cause new slaves to load.
3515 1417. [func] ID.SERVER/CHAOS is now a built in zone.
3516 See "server-id" for how to configure.
3518 1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
3521 1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
3524 1414. [func] Support for KSK flag.
3526 1413. [func] Explicitly request the (re-)generation of DS records
3527 from keysets (dnssec-signzone -g).
3529 1412. [func] You can now specify servers to be tried if a nameserver
3530 has IPv6 address and you only support IPv4 or the
3531 reverse. See dual-stack-servers.
3533 1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
3535 1410. [func] Handle records that live in the parent zone, e.g. DS.
3537 1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
3539 1408. [bug] "make distclean" was not complete. [RT #4700]
3541 1407. [bug] lfsr incorrectly implements the shift register.
3544 1406. [bug] dispatch initializes one of the LFSR's with a incorrect
3545 polynomial. [RT #4617]
3547 1405. [func] Use arc4random() if available.
3549 1404. [bug] libbind: ns_name_ntol() could overwrite a zero length
3552 1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset
3553 dnssec-signkey now report their version in the
3556 1402. [cleanup] A6 has been moved to experimental and is no longer
3559 1401. [bug] adb wasn't clearing state when the timer expired.
3561 1400. [bug] Block the addition of wildcard NS records by IXFR
3562 or UPDATE. [RT #3502]
3564 1399. [bug] Use serial number arithmetic when testing SIG
3565 timestamps. [RT #4268]
3567 1398. [doc] ARM: notify-also should have been also-notify.
3570 1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
3572 1396. [func] dnssec-signzone: adjust the default signing time by
3573 1 hour to allow for clock skew.
3575 1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
3576 have a working implementation. [RT #4079]
3578 1394. [func] It is now possible to check if a particular element is
3579 in a acl. Remove duplicate entries from the localnets
3582 1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
3583 is not available in the kernel to prevent accidently
3584 listening on IPv4 interfaces.
3586 1392. [bug] named-checkzone: update usage.
3588 1391. [func] Add support for IPv6 scoped addresses in named.
3590 1390. [func] host now supports ixfr.
3592 1389. [bug] named could fail to rotate long log files. [RT #3666]
3594 1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
3595 defining HAVE_IFLIST_SYSCTL. [RT #3770]
3597 1387. [bug] named could crash due to an access to invalid memory
3598 space (which caused an assertion failure) in
3599 incremental cleaning. [RT #3588]
3601 1386. [bug] named-checkzone -z stopped on errors in a zone.
3604 1385. [bug] Setting serial-query-rate to 10 would trigger a
3607 1384. [bug] host was incompatible with BIND 8 in its exit code and
3608 in the output with the -l option. [RT #3536]
3610 1383. [func] Track the serial number in a IXFR response and log if
3611 a mismatch occurs. This is a more specific error than
3612 "not exact". [RT #3445]
3614 1382. [bug] make install failed with --enable-libbind. [RT #3656]
3616 1381. [bug] named failed to correctly process answers that
3617 contained DNAME records where the resulting CNAME
3618 resulted in a negative answer.
3620 1380. [func] 'rndc recursing' dump recursing queries to
3621 'recursing-file = "named.recursing";'.
3623 1379. [func] 'rndc status' now reports tcp and recursion quota
3626 1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
3628 1377. [func] dns_zone_load{new}() now reports if the zone was
3629 loaded, queued for loading to up to date.
3631 1376. [func] New function dns_zone_logc() to log to specified
3634 1375. [func] 'rndc dumpdb' now dumps the adb cache along with the
3637 1374. [func] dns_adb_dump() now logs the lame zones associated
3640 1373. [bug] Recovery from expired glue failed under certain
3643 1372. [bug] named crashes with an assertion failure on exit when
3644 sharing the same port for listening and querying, and
3645 changing listening addresses several times. [RT# 3509]
3647 1371. [bug] notify-source-v6, transfer-source-v6 and
3648 query-source-v6 with explicit addresses and using the
3649 same ports as named was listening on could interfere
3650 with named's ability to answer queries sent to those
3653 1370. [bug] dig '+[no]recurse' was incorrectly documented.
3655 1369. [bug] Adding an NS record as the lexicographically last
3656 record in a secure zone didn't work.
3658 1368. [func] remove support for bitstring labels.
3660 1367. [func] Use response times to select forwarders.
3662 1366. [contrib] queryperf usage was incomplete. Add '-h' for help.
3664 1365. [func] "localhost" and "localnets" acls now include IPv6
3665 addresses / prefixes.
3667 1364. [func] Log file name when unable to open memory statistics
3668 and dump database files. [RT# 3437]
3670 1363. [func] Listen-on-v6 now supports specific addresses.
3672 1362. [bug] remove IFF_RUNNING test when scanning interfaces.
3674 1361. [func] log the reason for rejecting a server when resolving
3677 1360. [bug] --enable-libbind would fail when not built in the
3678 source tree for certain OS's.
3680 1359. [security] Support patches OpenSSL libraries.
3681 http://www.cert.org/advisories/CA-2002-23.html
3683 1358. [bug] It was possible to trigger a INSIST when debugging
3684 large dynamic updates. [RT #3390]
3686 1357. [bug] nsupdate was extremely wasteful of memory.
3688 1356. [tuning] Reduce the number of events / quantum for zone tasks.
3690 1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
3692 1354. [doc] lwres man pages had illegal nroff.
3694 1353. [contrib] sdb/ldap to version 0.9.
3696 1352. [bug] dig, host, nslookup when falling back to TCP use the
3697 current search entry (if any). [RT #3374]
3699 1351. [bug] lwres_getipnodebyname() returned the wrong name
3700 when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
3703 1350. [bug] dns_name_fromtext() failed to handle too many labels
3706 1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
3707 http://www.cert.org/advisories/CA-2002-23.html
3709 1348. [port] win32: Rewrote code to use I/O Completion Ports
3710 in socket.c and eliminating a host of socket
3711 errors. Performance is enhanced.
3717 1345. [port] Use a explicit -Wformat with gcc. Not all versions
3718 include it in -Wall.
3720 1344. [func] Log if the serial number on the master has gone
3722 If you have multiple machines specified in the masters
3723 clause you may want to set 'multi-master yes;' to
3724 suppress this warning.
3726 1343. [func] Log successful notifies received (info). Adjust log
3727 level for failed notifies to notice.
3729 1342. [func] Log remote address with TCP dispatch failures.
3731 1341. [func] Allow a rate limiter to be stalled.
3733 1340. [bug] Delay and spread out the startup refresh load.
3735 1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
3736 lookups. Bit string lookups are no longer attempted.
3742 1336. [func] Nibble lookups under IP6.ARPA are now supported by
3743 dns_byaddr_create(). dns_byaddr_createptrname() is
3744 deprecated, use dns_byaddr_createptrname2() instead.
3746 1335. [bug] When performing a nonexistence proof, the validator
3747 should discard parent NXTs from higher in the DNS.
3749 1334. [bug] When signing/verifying rdatasets, duplicate rdatas
3750 need to be suppressed.
3752 1333. [contrib] queryperf now reports a summary of returned
3753 rcodes (-c), rcodes are printed in mnemonic form (-v).
3755 1332. [func] Report the current serial with periodic commits when
3756 rolling forward the journal.
3758 1331. [func] Generate DNSSEC wildcard proofs.
3760 1330. [bug] When processing events (non-threaded) only allow
3761 the task one chance to use to use its quantum.
3763 1329. [func] named-checkzone will now check if nameservers that
3764 appear to be IP addresses. Available modes "fail",
3765 "warn" (default) and "ignore" the results of the
3768 1328. [bug] The validator could incorrectly verify an invalid
3771 1327. [bug] The validator would incorrectly mark data as insecure
3772 when seeing a bogus signature before a correct
3775 1326. [bug] DNAME/CNAME signatures were not being cached when
3776 validation was not being performed. [RT #3284]
3778 1325. [bug] If the tcpquota was exhausted it was possible to
3779 to trigger a INSIST() failure.
3781 1324. [port] darwin: ifconfig.sh now supports darwin.
3783 1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
3785 1322. [bug] dnssec-signzone usage message was misleading.
3787 1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
3788 would incorrectly duplicate its output and sign it.
3790 1320. [doc] query-source-v6 was missing from options section.
3793 1319. [func] libbind: log attempts to exploit #1318.
3795 1318. [bug] libbind: Remote buffer overrun.
3797 1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
3800 1316. [bug] libbind: gethostans() could get out of sync parsing
3801 the response if there was a very long CNAME chain.
3803 1315. [bug] Options should apply to the internal _bind view.
3805 1314. [port] Handle ECONNRESET from sendmsg() [unix].
3807 1313. [func] Query log now says if the query was signed (S) or
3808 if EDNS was used (E).
3810 1312. [func] Log TSIG key used w/ outgoing zone transfers.
3812 1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
3814 1310. [bug] 'rndc stop' failed to cause zones to be flushed
3815 sometimes. [RT #3157]
3817 1309. [func] Log that a zone transfer was covered by a TSIG.
3819 1308. [func] DS (delegation signer) support.
3821 1307. [bug] nsupdate: allow white space base64 key data.
3823 1306. [bug] Badly encoded LOC record when the size, horizontal
3824 precision or vertical precision was 0.1m.
3826 1305. [bug] Document that internal zones are included in the
3827 rndc status results.
3829 1304. [func] New function: dns_zone_name().
3831 1303. [func] Option 'flush-zones-on-shutdown <boolean>;'.
3833 1302. [func] Extended rndc dumpdb to support dumping of zones and
3834 view selection: 'dumpdb [-all|-zones|-cache] [view]'.
3836 1301. [func] New category 'update-security'.
3838 1300. [port] Compaq Trucluster support.
3840 1299. [bug] Set AI_ADDRCONFIG when looking up addresses
3841 via getaddrinfo() (affects dig, host, nslookup, rndc
3844 1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
3845 could be left with a trailing "\" after configure
3848 1297. [port] linux: make handling EINVAL from socket() no longer
3849 conditional on #ifdef LINUX.
3851 1296. [bug] isc_log_closefilelogs() needed to lock the log
3854 1295. [bug] isc_log_setdebuglevel() needed to lock the log
3857 1294. [func] libbind: no longer attempts bit string labels for
3858 IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
3859 for nibble style resolution.
3861 1293. [func] Entropy can now be retrieved from EGDs. [RT #2438]
3863 1292. [func] Enable IPv6 support when using ioctl style interface
3864 scanning and OS supports SIOCGLIFADDR using struct
3867 1291. [func] Enable IPv6 support when using sysctl style interface
3870 1290. [func] "dig axfr" now reports the number of messages
3871 as well as the number of records.
3873 1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
3875 1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
3876 reflect written requirements.
3878 1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
3879 a rdataset to a zone db in the rbtdb implementation of
3882 1286. [bug] dns_name_downcase() enforce requirement that
3883 target != NULL or name->buffer != NULL.
3885 1285. [func] lwres: probe the system to see what address families
3886 are currently in use.
3888 1284. [bug] The RTT estimate on unused servers was not aged.
3891 1283. [func] Use "dataready" accept filter if available.
3893 1282. [port] libbind: hpux 11.11 interface scanning.
3895 1281. [func] Log zone when unable to get private keys to update
3896 zone. Log zone when NXT records are missing from
3899 1280. [bug] libbind: escape '(' and ')' when converting to
3902 1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
3904 1278. [func] dig: now supports +[no]cl +[no]ttlid.
3906 1277. [func] You can now create your own customized printing
3907 styles: dns_master_stylecreate() and
3908 dns_master_styledestroy().
3910 1276. [bug] libbind: const pointer conflicts in res_debug.c.
3912 1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
3914 1274. [bug] Memory leak in lwres_gnbarequest_parse().
3916 1273. [port] libbind: solaris: 64 bit binary compatibility.
3918 1272. [contrib] Berkeley DB 4.0 sdb implementation from
3919 Nuno Miguel Rodrigues <nmr@co.sapo.pt>.
3921 1271. [bug] "recursion available: {denied,approved}" was too
3924 1270. [bug] Check that system inet_pton() and inet_ntop() support
3927 1269. [port] Openserver: ifconfig.sh support.
3929 1268. [port] Openserver: the value FD_SETSIZE depends on whether
3930 <sys/param.h> is included or not. Be consistent.
3932 1267. [func] isc_file_openunique() now creates file using mode
3933 0666 rather than 0600.
3935 1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
3936 __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
3937 are not C++ compatible, use *_TYPE versions instead.
3939 1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
3940 C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
3944 1263. [bug] Reference after free error if dns_dispatchmgr_create()
3947 1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
3949 1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
3950 support for compressed TSIG owner names.
3952 1260. [func] libbind: res_update can now update IPv6 servers,
3953 new function res_findzonecut2().
3955 1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
3958 1258. [bug] libbind: res_nametotype() and res_nametoclass() were
3961 1257. [bug] Failure to write pid-file should not be fatal on
3964 1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
3966 1255. [bug] When verifying that an NXT proves nonexistence, check
3967 the rcode of the message and only do the matching NXT
3968 check. That is, for NXDOMAIN responses, check that
3969 the name is in the range between the NXT owner and
3970 next name, and for NOERROR NODATA responses, check
3971 that the type is not present in the NXT bitmap.
3973 1254. [func] preferred-glue option from BIND 8.3.
3975 1253. [bug] The dnssec system test failed to remove the correct
3978 1252. [bug] Dig, host and nslookup were not checking the address
3979 the answer was coming from against the address it was
3982 1251. [port] win32: a make file contained absolute version specific
3985 1250. [func] Nsupdate will report the address the update was
3988 1249. [bug] Missing masters clause was not handled gracefully.
3991 1248. [bug] DESTDIR was not being propagated between makes.
3993 1247. [bug] Don't reset the interface index for link/site local
3994 addresses. [RT #2576]
3996 1246. [func] New functions isc_sockaddr_issitelocal(),
3997 isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
3998 and isc_netaddr_islinklocal().
4000 1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
4003 1244. [bug] Receiving a TCP message from a blackhole address would
4004 prevent further messages being received over that
4007 1243. [bug] It was possible to trigger a REQUIRE() in
4008 dns_message_findtype(). [RT #2659]
4010 1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
4012 1241. [bug] Drop received UDP messages with a zero source port
4013 as these are invariably forged. [RT #2621]
4015 1240. [bug] It was possible to leak zone references by
4016 specifying an incorrect zone to rndc.
4018 1239. [bug] Under certain circumstances named could continue to
4019 use a name after it had been freed triggering
4020 INSIST() failures. [RT #2614]
4022 1238. [bug] It is possible to lockup the server when shutting down
4023 if notifies were being processed. [RT #2591]
4025 1237. [bug] nslookup: "set q=type" failed.
4027 1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
4028 NULL terminated text regions. [RT #2588]
4030 1235. [func] Report 'out of memory' errors from openssl.
4032 1234. [bug] contrib/sdb: 'zonetodb' failed to call
4033 dns_result_register(). DNS_R_SEENINCLUDE should not
4036 1233. [bug] The flags field of a KEY record can be expressed in
4037 hex as well as decimal.
4039 1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
4041 1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
4043 1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
4045 1229. [bug] named would crash if it received a TSIG signed
4046 query as part of an AXFR response. [RT #2570]
4048 1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
4050 1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
4051 if a number was expected and some other token was
4054 1226. [func] Use EDNS for zone refresh queries. [RT #2551]
4056 1225. [func] dns_message_setopt() no longer requires that
4057 dns_message_renderbegin() to have been called.
4059 1224. [bug] 'rrset-order' and 'sortlist' should be additive
4062 1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
4065 1222. [bug] Specifying 'port *' did not always result in a system
4066 selected (non-reserved) port being used. [RT #2537]
4068 1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
4069 compared case insensitively. [RT #2542]
4071 1220. [func] Support for APL rdata type.
4073 1219. [func] Named now reports the TSIG extended error code when
4074 signature verification fails. [RT #1651]
4076 1218. [bug] Named incorrectly returned SERVFAIL rather than
4077 NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
4079 1217. [func] Report locations of previous key definition when a
4080 duplicate is detected.
4082 1216. [bug] Multiple server clauses for the same server were not
4083 reported. [RT #2514]
4085 1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
4087 1214. [bug] Win32: isc_file_renameunique() could leave zero length
4090 1213. [func] Report view associated with client if it is not a
4091 standard view (_default or _bind).
4093 1212. [port] libbind: 64k answer buffers were causing stack space
4094 to be exceeded for certain OS. Use heap space instead.
4096 1211. [bug] dns_name_fromtext() incorrectly handled certain
4097 valid octal bitlabels. [RT #2483]
4099 1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
4100 compatible addresses. [RT #2461]
4102 1209. [bug] Dig, host, nslookup were not checking the message ids
4103 on the responses. [RT #2454]
4105 1208. [bug] dns_master_load*() failed to log a error message if
4106 an error was detected when parsing the ownername of
4107 a record. [RT #2448]
4109 1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
4112 1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
4113 trigger a non-EDNS retry.
4115 1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
4116 of the message. [RT #2449]
4118 1204. [bug] libbind: res_nupdate() failed to update the name
4119 server addresses before sending the update.
4121 1203. [func] Report locations of previous acl and zone definitions
4122 when a duplicate is detected.
4124 1202. [func] New functions: cfg_obj_line() and cfg_obj_file().
4126 1201. [bug] Require that if 'callbacks' is passed to
4127 dns_rdata_fromtext(), callbacks->error and
4128 callbacks->warn are initialized.
4130 1200. [bug] Log 'errno' that we are unable to convert to
4131 isc_result_t. [RT #2404]
4133 1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
4136 1198. [bug] OPT printing style was not consistent with the way the
4137 header fields are printed. The DO bit was not reported
4138 if set. Report if any of the MBZ bits are set.
4140 1197. [bug] Attempts to define the same acl multiple times were not
4143 1196. [contrib] update mdnkit to 2.2.3.
4145 1195. [bug] Attempts to redefine builtin acls should be caught.
4148 1194. [bug] Not all duplicate zone definitions were being detected
4149 at the named.conf checking stage. [RT #2431]
4151 1193. [bug] dig +besteffort parsing didn't handle packet
4152 truncation. dns_message_parse() has new flag
4153 DNS_MESSAGE_IGNORETRUNCATION.
4155 1192. [bug] The seconds fields in LOC records were restricted
4156 to three decimal places. More decimal places should
4157 be allowed but warned about.
4159 1191. [bug] A dynamic update removing the last non-apex name in
4160 a secure zone would fail. [RT #2399]
4162 1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands.
4165 1189. [bug] On some systems, malloc(0) returns NULL, which
4166 could cause the caller to report an out of memory
4169 1188. [bug] Dynamic updates of a signed zone would fail if
4170 some of the zone private keys were unavailable.
4172 1187. [bug] named was incorrectly returning DNSSEC records
4173 in negative responses when the DO bit was not set.
4175 1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
4176 EOL token when reading to end of line.
4178 1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
4179 unless RES_INIT is set when calling res_*init().
4181 1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
4182 when res_*init() is called.
4184 1183. [bug] Handle ENOSR error when writing to the internal
4185 control pipe. [RT #2395]
4187 1182. [bug] The server could throw an assertion failure when
4188 constructing a negative response packet.
4190 1181. [func] Add the "key-directory" configuration statement,
4191 which allows the server to look for online signing
4192 keys in alternate directories.
4194 1180. [func] dnssec-keygen should always generate keys with
4195 protocol 3 (DNSSEC), since it's less confusing
4198 1179. [func] Add SIG(0) support to nsupdate.
4200 1178. [bug] Follow and cache (if appropriate) A6 and other
4201 data chains to completion in the additional section.
4203 1177. [func] Report view when loading zones if it is not a
4204 standard view (_default or _bind). [RT #2270]
4206 1176. [doc] Document that allow-v6-synthesis is only performed
4207 for clients that are supplied recursive service.
4210 1175. [bug] named-checkzone and named-checkconf failed to call
4211 dns_result_register() at startup which could
4212 result in runtime exceptions when printing
4213 "out of memory" errors. [RT #2335]
4215 1174. [bug] Win32: add WSAECONNRESET to the expected errors
4216 from connect(). [RT #2308]
4218 1173. [bug] Potential memory leaks in isc_log_create() and
4219 isc_log_settag(). [RT #2336]
4221 1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
4222 table of RR types in ARM.
4224 1171. [func] Added function isc_region_compare(), updated files in
4225 lib/dns to use this function instead of local one.
4227 1170. [bug] Don't attempt to print the token when a I/O error
4228 occurs when parsing named.conf. [RT #2275]
4230 1169. [func] Identify recursive queries in the query log.
4232 1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
4234 1167. [contrib] nslint-2.1a3 (from author).
4236 1166. [bug] "Not Implemented" should be reported as NOTIMP,
4237 not NOTIMPL. [RT #2281]
4239 1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
4241 1164. [bug] Empty masters clauses in slave / stub zones were not
4242 handled gracefully. [RT #2262]
4244 1163. [func] isc_time_formattimestamp() now includes the year.
4246 1162. [bug] The allow-notify option was not accepted in slave
4249 1161. [bug] named-checkzone looped on unbalanced brackets.
4252 1160. [bug] Generating Diffie-Hellman keys longer than 1024
4253 bits could fail. [RT #2241]
4255 1159. [bug] MD and MF are not permitted to be loaded by RFC1123.
4257 1158. [func] Report the client's address when logging notify
4260 1157. [func] match-clients and match-destinations now accept
4263 1156. [port] The configure test for strsep() incorrectly
4264 succeeded on certain patched versions of
4265 AIX 4.3.3. [RT #2190]
4267 1155. [func] Recover from master files being removed from under
4270 1154. [bug] Don't attempt to obtain the netmask of a interface
4271 if there is no address configured. [RT #2176]
4273 1153. [func] 'rndc {stop|halt} -p' now reports the process id
4274 of the instance of named being shutdown.
4276 1152. [bug] libbind: read buffer overflows.
4278 1151. [bug] nslookup failed to check that the arguments to
4279 the port, timeout, and retry options were
4280 valid integers and in range. [RT #2099]
4282 1150. [bug] named incorrectly accepted TTL values
4283 containing plus or minus signs, such as
4286 1149. [func] New function isc_parse_uint32().
4288 1148. [func] 'rndc-confgen -a' now provides positive feedback.
4290 1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by
4291 the OS. listen-on-v6 { any; }; should no longer
4292 result in IPv4 queries be accepted. Similarly
4293 control { inet :: ... }; should no longer result
4294 in IPv4 connections being accepted. This can be
4295 overridden at compile time by defining
4298 1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
4299 supported by the OS by a new function
4300 isc_socket_ipv6only().
4302 1145. [func] "host" no longer reports a NOERROR/NODATA response
4303 by printing nothing. [RT #2065]
4305 1144. [bug] rndc-confgen would crash if both the -a and -t
4306 options were specified. [RT #2159]
4308 1143. [bug] When a trusted-keys statement was present and named
4309 was built without crypto support, it would leak memory.
4311 1142. [bug] dnssec-signzone would fail to delete temporary files
4312 in some failure cases. [RT #2144]
4314 1141. [bug] When named rejected a control message, it would
4315 leak a file descriptor and memory. It would also
4316 fail to respond, causing rndc to hang.
4319 1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
4320 to the -s option. [RT #2138]
4322 1139. [func] It is now possible to flush a given name from the
4323 cache(s) via 'rndc flushname name [view]'. [RT #2051]
4325 1138. [func] It is now possible to flush a given name from the
4326 cache by calling the new function
4327 dns_cache_flushname().
4329 1137. [func] It is now possible to flush a given name from the
4330 ADB by calling the new function dns_adb_flushname().
4332 1136. [bug] CNAME records synthesized from DNAMEs did not
4333 have a TTL of zero as required by RFC2672.
4336 1135. [func] You can now override the default syslog() facility for
4337 named/lwresd at compile time. [RT #1982]
4339 1134. [bug] Multi-threaded servers could deadlock in ferror()
4340 when reloading zone files. [RT #1951, #1998]
4342 1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on
4343 platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]
4345 1132. [func] Improve UPDATE prerequisite failure diagnostic messages.
4347 1131. [bug] The match-destinations view option did not work with
4348 IPv6 destinations. [RT #2073, #2074]
4350 1130. [bug] Log messages reporting an out-of-range serial number
4351 did not include the out-of-range number but the
4352 following token. [RT #2076]
4354 1129. [bug] Multi-threaded servers could crash under heavy
4355 resolution load due to a race condition. [RT #2018]
4357 1128. [func] sdb drivers can now provide RR data in either text
4358 or wire format, the latter using the new functions
4359 dns_sdb_putrdata() and dns_sdb_putnamedrdata().
4361 1127. [func] rndc: If the server to contact has multiple addresses,
4364 1126. [bug] The server could access a freed event if shut
4365 down while a client start event was pending
4366 delivery. [RT #2061]
4368 1125. [bug] rndc: -k option was missing from usage message.
4371 1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
4372 are now documented. [RT #2052]
4374 1123. [bug] dig +[no]fail did not match description. [RT #2052]
4376 1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
4379 1121. [bug] The server could attempt to access a NULL zone
4380 table if shut down while resolving.
4383 1120. [bug] Errors in options were not fatal. [RT #2002]
4385 1119. [func] Added support in Win32 for NTFS file/directory ACL's
4388 1118. [bug] On multi-threaded servers, a race condition
4389 could cause an assertion failure in resolver.c
4390 during resolver shutdown. [RT #2029]
4392 1117. [port] The configure check for in6addr_loopback incorrectly
4393 succeeded on AIX 4.3 when compiling with -O2
4394 because the test code was optimized away.
4397 1116. [bug] Setting transfers in a server clause, transfers-in,
4398 or transfers-per-ns to a value greater than
4399 2147483647 disabled transfers. [RT #2002]
4401 1115. [func] Set maximum values for cleaning-interval,
4402 heartbeat-interval, interface-interval,
4403 max-transfer-idle-in, max-transfer-idle-out,
4404 max-transfer-time-in, max-transfer-time-out,
4405 statistics-interval of 28 days and
4406 sig-validity-interval of 3660 days. [RT #2002]
4408 1114. [port] Ignore more accept() errors. [RT #2021]
4410 1113. [bug] The allow-update-forwarding option was ignored
4411 when specified in a view. [RT #2014]
4415 1111. [bug] Multi-threaded servers could deadlock processing
4416 recursive queries due to a locking hierarchy
4417 violation in adb.c. [RT #2017]
4419 1110. [bug] dig should only accept valid abbreviations of +options.
4422 1109. [bug] nsupdate accepted illegal ttl values.
4424 1108. [bug] On Win32, rndc was hanging when named was not running
4425 due to failure to select for exceptional conditions
4426 in select(). [RT #1870]
4428 1107. [bug] nsupdate could catch an assertion failure if an
4429 invalid domain name was given as the argument to
4432 1106. [bug] After seeing an out of range TTL, nsupdate would
4433 treat all TTLs as out of range. [RT #2001]
4435 1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
4437 1104. [bug] Invalid arguments to the transfer-format option
4438 could cause an assertion failure. [RT #1995]
4440 1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
4442 1102. [doc] Note that query logging is enabled by directing the
4443 queries category to a channel.
4445 1101. [bug] Array bounds read error in lwres_gai_strerror.
4447 1100. [bug] libbind: DNSSEC key ids were computed incorrectly.
4449 1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
4450 compile time errors.
4452 1098. [bug] libbind: HMAC-MD5 key files are now mode 0600.
4454 1097. [func] libbind: RES_PRF_TRUNC for dig.
4456 1096. [func] libbind: "DNSSEC OK" (DO) support.
4458 1095. [func] libbind: resolver option: no-tld-query. disables
4459 trying unqualified as a tld. no_tld_query is also
4460 supported for FreeBSD compatibility.
4462 1094. [func] libbind: add support gcc's format string checking.
4464 1093. [doc] libbind: miscellaneous nroff fixes.
4466 1092. [bug] libbind: get*by*() failed to check if res_init() had
4469 1091. [bug] libbind: misplaced va_end().
4471 1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
4472 the amount of memory consumed resulting in garbage
4473 address being returned. Alignment calculations were
4474 wasting space. We weren't suppressing duplicate
4477 1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
4480 1088. [port] libbind: MPE/iX C.70 (incomplete)
4482 1087. [bug] libbind: struct __res_state too large on 64 bit arch.
4484 1086. [port] libbind: sunos: old sprintf.
4486 1085. [port] libbind: solaris: sys_nerr and sys_errlist do not
4487 exist when compiling in 64 bit mode.
4489 1084. [cleanup] libbind: gai_strerror() rewritten.
4491 1083. [bug] The default control channel listened on the
4492 wildcard address, not the loopback as documented.
4495 1082. [bug] The -g option to named incorrectly caused logging
4496 to be sent to syslog in addition to stderr.
4499 1081. [bug] Multicast queries were incorrectly identified
4500 based on the source address, not the destination
4503 1080. [bug] BIND 8 compatibility: accept bare IP prefixes
4504 as the second element of a two-element top level
4505 sort list statement. [RT #1964]
4507 1079. [bug] BIND 8 compatibility: accept bare elements at top
4508 level of sort list treating them as if they were
4509 a single element list. [RT #1963]
4511 1078. [bug] We failed to correct bad tv_usec values in one case.
4514 1077. [func] Do not accept further recursive clients when
4515 the total number of recursive lookups being
4516 processed exceeds max-recursive-clients, even
4517 if some of the lookups are internally generated.
4520 1076. [bug] A badly defined global key could trigger an assertion
4521 on load/reload if views were used. [RT #1947]
4523 1075. [bug] Out-of-range network prefix lengths were not
4524 reported. [RT #1954]
4526 1074. [bug] Running out of memory in dump_rdataset() could
4527 cause an assertion failure. [RT #1946]
4529 1073. [bug] The ADB cache cleaning should also be space driven.
4532 1072. [bug] The TCP client quota could be exceeded when
4533 recursion occurred. [RT #1937]
4535 1071. [bug] Sockets listening for TCP DNS connections
4536 specified an excessive listen backlog. [RT #1937]
4538 1070. [bug] Copy DNSSEC OK (DO) to response as specified by
4539 draft-ietf-dnsext-dnssec-okbit-03.txt.
4543 1068. [bug] errno could be overwritten by catgets(). [RT #1921]
4545 1067. [func] Allow quotas to be soft, isc_quota_soft().
4547 1066. [bug] Provide a thread safe wrapper for strerror().
4550 1065. [func] Runtime support to select new / old style interface
4551 scanning using ioctls.
4553 1064. [bug] Do not shut down active network interfaces if we
4554 are unable to scan the interface list. [RT #1921]
4556 1063. [bug] libbind: "make install" was failing on IRIX.
4559 1062. [bug] If the control channel listener socket was shut
4560 down before server exit, the listener object could
4561 be freed twice. [RT #1916]
4563 1061. [bug] If periodic cache cleaning happened to start
4564 while cleaning due to reaching the configured
4565 maximum cache size was in progress, the server
4566 could catch an assertion failure. [RT #1912]
4568 1060. [func] Move refresh, stub and notify UDP retry processing
4571 1059. [func] dns_request now support will now retry UDP queries,
4572 dns_request_createvia2() and dns_request_createraw2().
4574 1058. [func] Limited lifetime ticker timers are now available,
4575 isc_timertype_limited.
4577 1057. [bug] Reloading the server after adding a "file" clause
4578 to a zone statement could cause the server to
4579 crash due to a typo in change 1016.
4581 1056. [bug] Rndc could catch an assertion failure on SIGINT due
4582 to an uninitialized variable. [RT #1908]
4584 1055. [func] Version and hostname queries can now be disabled
4585 using "version none;" and "hostname none;",
4588 1054. [bug] On Win32, cfg_categories and cfg_modules need to be
4589 exported from the libisccfg DLL.
4591 1053. [bug] Dig did not increase its timeout when receiving
4592 AXFRs unless the +time option was used. [RT #1904]
4594 1052. [bug] Journals were not being created in binary mode
4595 resulting in "journal format not recognized" error
4596 under Win32. [RT #1889]
4598 1051. [bug] Do not ignore a network interface completely just
4599 because it has a noncontiguous netmask. Instead,
4600 omit it from the localnets ACL and issue a warning.
4603 1050. [bug] Log messages reporting malformed IP addresses in
4604 address lists such as that of the forwarders option
4605 failed to include the correct error code, file
4606 name, and line number. [RT #1890]
4608 1049. [func] "pid-file none;" will disable writing a pid file.
4611 1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
4614 1047. [bug] named was incorrectly refusing all requests signed
4615 with a TSIG key derived from an unsigned TKEY
4616 negotiation with a NOERROR response. [RT #1886]
4618 1046. [bug] The help message for the --with-openssl configure
4619 option was inaccurate. [RT #1880]
4621 1045. [bug] It was possible to skip saving glue for a nameserver
4624 1044. [bug] Specifying allow-transfer, notify-source, or
4625 notify-source-v6 in a stub zone was not treated
4628 1043. [bug] Specifying a transfer-source or transfer-source-v6
4629 option in the zone statement for a master zone was
4630 not treated as an error. [RT #1876]
4632 1042. [bug] The "config" logging category did not work properly.
4635 1041. [bug] Dig/host/nslookup could catch an assertion failure
4636 on SIGINT due to an uninitialized variable. [RT #1867]
4638 1040. [bug] Multiple listen-on-v6 options with different ports
4639 were not accepted. [RT #1875]
4641 1039. [bug] Negative responses with CNAMEs in the answer section
4642 were cached incorrectly. [RT #1862]
4644 1038. [bug] In servers configured with a tkey-domain option,
4645 TKEY queries with an owner name other than the root
4646 could cause an assertion failure. [RT #1866, #1869]
4648 1037. [bug] Negative responses whose authority section contain
4649 SOA or NS records whose owner names are not equal
4650 equal to or parents of the query name should be
4651 rejected. [RT #1862]
4653 1036. [func] Silently drop requests received via multicast as
4654 long as there is no final multicast DNS standard.
4656 1035. [bug] If we respond to multicast queries (which we
4657 currently do not), respond from a unicast address
4658 as specified in RFC 1123. [RT #137]
4660 1034. [bug] Ignore the RD bit on multicast queries as specified
4661 in RFC 1123. [RT #137]
4663 1033. [bug] Always respond to requests with an unsupported opcode
4664 with NOTIMP, even if we don't have a matching view
4665 or cannot determine the class.
4667 1032. [func] hostname.bind/txt/chaos now returns the name of
4668 the machine hosting the nameserver. This is useful
4669 in diagnosing problems with anycast servers.
4671 1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
4674 1030. [bug] On systems with no resolv.conf file, nsupdate
4675 exited with an error rather than defaulting
4676 to using the loopback address. [RT #1836]
4678 1029. [bug] Some named.conf errors did not cause the loading
4679 of the configuration file to return a failure
4680 status even though they were logged. [RT #1847]
4682 1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf
4683 in the wrong directory. [RT #1833]
4685 1027. [bug] RRs having the reserved type 0 should be rejected.
4690 1025. [bug] Don't use multicast addresses to resolve iterative
4693 1024. [port] Compilation failed on HP-UX 11.11 due to
4694 incompatible use of the SIOCGLIFCONF macro
4697 1023. [func] Accept hints without TTLs.
4699 1022. [bug] Don't report empty root hints as "extra data".
4702 1021. [bug] On Win32, log message timestamps were one month
4703 later than they should have been, and the server
4704 would exhibit unspecified behavior in December.
4706 1020. [bug] IXFR log messages did not distinguish between
4707 true IXFRs, AXFR-style IXFRs, and mere version
4710 1019. [bug] The value of the lame-ttl option was limited to 18000
4711 seconds, not 1800 seconds as documented. [RT #1803]
4713 1018. [bug] The default log channel was not always initialized
4714 correctly. [RT #1813]
4716 1017. [bug] When specifying TSIG keys to dig and nsupdate using
4717 the -k option, they must be HMAC-MD5 keys. [RT #1810]
4719 1016. [bug] Slave zones with no backup file were re-transferred
4720 on every server reload.
4722 1015. [bug] Log channels that had a "versions" option but no
4723 "size" option failed to create numbered log
4726 1014. [bug] Some queries would cause statistics counters to
4727 increment more than once or not at all. [RT #1321]
4729 1013. [bug] It was possible to cancel a query twice when marking
4730 a server as bogus or by having a blackhole acl.
4733 1012. [bug] The -p option to named did not behave as documented.
4735 1011. [cleanup] Removed isc_dir_current().
4737 1010. [bug] The server could attempt to execute a command channel
4738 command after initiating server shutdown, causing
4739 an assertion failure. [RT #1766]
4741 1009. [port] OpenUNIX 8 support. [RT #1728]
4743 1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2.
4745 1007. [port] config.guess, config.sub from autoconf-2.52.
4747 1006. [bug] If a KEY RR was found missing during DNSSEC validation,
4748 an assertion failure could subsequently be triggered
4749 in the resolver. [RT #1763]
4751 1005. [bug] Don't copy nonzero RCODEs from request to response.
4754 1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770]
4756 1003. [func] Add the +retry option to dig.
4758 1002. [bug] When reporting an unknown class name in named.conf,
4759 including the file name and line number. [RT #1759]
4761 1001. [bug] win32 socket code doio_recv was not catching a
4762 WSACONNRESET error when a client was timing out
4763 the request and closing its socket. [RT #1745]
4765 1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias
4766 for class "HS". [RT #1759]
4768 999. [func] "rndc retransfer zone [class [view]]" added.
4771 998. [func] named-checkzone now has arguments to specify the
4772 chroot directory (-t) and working directory (-w).
4775 997. [func] Add support for RSA-SHA1 keys (RFC3110).
4777 996. [func] Issue warning if the configuration filename contains
4780 995. [bug] dig, host, nslookup: using a raw IPv6 address as a
4781 target address should be fatal on a IPv4 only system.
4783 994. [func] Treat non-authoritative responses to queries for type
4784 NS as referrals even if the NS records are in the
4785 answer section, because BIND 8 servers incorrectly
4786 send them that way. This is necessary for DNSSEC
4787 validation of the NS records of a secure zone to
4788 succeed when the parent is a BIND 8 server. [RT #1706]
4790 993. [func] dig: -v now reports the version.
4792 992. [doc] dig: ~/.digrc is now documented.
4794 991. [func] Lower UDP refresh timeout messages to level
4797 990. [bug] The rndc-confgen man page was not installed.
4799 989. [bug] Report filename if $INCLUDE fails for file related
4802 988. [bug] 'additional-from-auth no;' did not work reliably
4803 in the case of queries answered from the cache.
4806 987. [bug] "dig -help" didn't show "+[no]stats".
4808 986. [bug] "dig +noall" failed to clear stats and command
4811 985. [func] Consider network interfaces to be up iff they have
4812 a nonzero IP address rather than based on the
4813 IFF_UP flag. [RT #1160]
4815 984. [bug] Multi-threading should be enabled by default on
4816 Solaris 2.7 and newer, but it wasn't.
4818 983. [func] The server now supports generating IXFR difference
4819 sequences for non-dynamic zones by comparing zone
4820 versions, when enabled using the new config
4821 option "ixfr-from-differences". [RT #1727]
4823 982. [func] If "memstatistics-file" is set in options the memory
4824 statistics will be written to it.
4826 981. [func] The dnssec tools can now take multiple '-r randomfile'
4829 980. [bug] Incoming zone transfers restarting after an error
4830 could trigger an assertion failure. [RT #1692]
4832 979. [func] Incremental master file dumping. dns_master_dumpinc(),
4833 dns_master_dumptostreaminc(), dns_dumpctx_attach(),
4834 dns_dumpctx_detach(), dns_dumpctx_cancel(),
4835 dns_dumpctx_db() and dns_dumpctx_version().
4837 978. [bug] dns_db_attachversion() had an invalid REQUIRE()
4840 977. [bug] Improve "not at top of zone" error message.
4842 976. [func] named-checkconf can now test load master zones
4843 (named-checkconf -z). [RT #1468]
4845 975. [bug] "max-cache-size default;" as a view option
4846 caused an assertion failure.
4848 974. [bug] "max-cache-size unlimited;" as a global option
4851 973. [bug] Failed to log the question name when logging:
4852 "bad zone transfer request: non-authoritative zone
4855 972. [bug] The file modification time code in zone.c was using the
4856 wrong epoch. [RT #1667]
4860 970. [func] 'max-journal-size' can now be used to set a target
4863 969. [func] dig now supports the undocumented dig 8 feature
4864 of allowing arbitrary labels, not just dotted
4865 decimal quads, with the -x option. This can be
4866 used to conveniently look up RFC2317 names as in
4867 "dig -x 10.0.0.0-127". [RT #827, #1576, #1598]
4869 968. [bug] On win32, the isc_time_now() function was unnecessarily
4870 calling strtime(). [RT #1671]
4872 967. [bug] On win32, the link for bindevt was not including the
4873 required resource file to enable the event viewer
4874 to interpret the error messages in the event log,
4879 965. [bug] Including data other than root server NS and A
4880 records in the root hint file could cause a rbtdb
4881 node reference leak. [RT #1581, #1618]
4883 964. [func] Warn if data other than root server NS and A records
4884 are found in the root hint file. [RT #1581, #1618]
4886 963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
4888 962. [bug] libbind: bad "#undef", don't attempt to install
4889 non-existant nlist.h. [RT #1640]
4891 961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
4892 was not defined. [RT #1482]
4894 960. [port] liblwres failed to build on systems with support for
4895 getrrsetbyname() in the OS. [RT #1592]
4897 959. [port] On FreeBSD, determine the number of CPUs by calling
4898 sysctlbyname(). [RT #1584]
4900 958. [port] ssize_t is not available on all platforms. [RT #1607]
4902 957. [bug] sys/select.h inclusion was broken on older platforms.
4905 956. [bug] ns_g_autorndcfile changed to ns_g_keyfile
4906 in named/win32/os.c due to code changes in
4907 change #953. win32 .make file for rndc-confgen
4908 updated to add include path for os.h header.
4910 --- 9.2.0rc1 released ---
4912 955. [bug] When using views, the zone's class was not being
4913 inherited from the view's class. [RT #1583]
4915 954. [bug] When requesting AXFRs or IXFRs using dig, host, or
4916 nslookup, the RD bit should not be set as zone
4917 transfers are inherently non-recursive. [RT #1575]
4919 953. [func] The /var/run/named.key file from change #843
4920 has been replaced by /etc/rndc.key. Both
4921 named and rndc will look for this file and use
4922 it to configure a default control channel key
4923 if not already configured using a different
4924 method (rndc.conf / controls). Unlike
4925 named.key, rndc.key is not created automatically;
4926 it must be created by manually running
4929 952. [bug] The server required manual intervention to serve the
4930 affected zones if it died between creating a journal
4931 and committing the first change to it.
4933 951. [bug] CFLAGS was not passed to the linker when
4934 linking some of the test programs under
4935 bin/tests. [RT #1555].
4937 950. [bug] Explicit TTLs did not properly override $TTL
4938 due to a bug in change 834. [RT #1558]
4940 949. [bug] host was unable to print records larger than 512
4943 --- 9.2.0b2 released ---
4945 948. [port] Integrated support for building on Windows NT /
4948 947. [bug] dns_rdata_soa_t had a badly named element "mname" which
4949 was really the RNAME field from RFC1035. To avoid
4950 confusion and silent errors that would occur it the
4951 "origin" and "mname" elements were given their correct
4952 names "mname" and "rname" respectively, the "mname"
4953 element is renamed to "contact".
4955 946. [cleanup] doc/misc/options is now machine-generated from the
4956 configuration parser syntax tables, and therefore
4957 more likely to be correct.
4959 945. [func] Add the new view-specific options
4960 "match-destinations" and "match-recursive-only".
4962 944. [func] Check for expired signatures on load.
4964 943. [bug] The server could crash when receiving a command
4965 via rndc if the configuration file listed only
4966 nonexistent keys in the controls statement. [RT #1530]
4968 942. [port] libbind: GETNETBYADDR_ADDR_T was not correctly
4969 defined on some platforms.
4971 941. [bug] The configuration checker crashed if a slave
4972 zone didn't contain a masters statement. [RT #1514]
4974 940. [bug] Double zone locking failure on error path. [RT #1510]
4976 --- 9.2.0b1 released ---
4978 939. [port] Add the --disable-linux-caps option to configure for
4979 systems that manage capabilities outside of named.
4984 937. [bug] A race when shutting down a zone could trigger a
4985 INSIST() failure. [RT #1034]
4987 936. [func] Warn about IPv4 addresses that are not complete
4988 dotted quads. [RT #1084]
4990 935. [bug] inet_pton failed to reject leading zeros.
4992 934. [port] Deal with systems where accept() spuriously returns
4995 933. [bug] configure failed doing libbind on platforms not
4996 supported by BIND 8. [RT #1496]
4998 --- 9.2.0a3 released ---
5000 932. [bug] Use INSTALL_SCRIPT, not INSTALL_PROGRAM,
5001 when installing isc-config.sh.
5004 931. [bug] The controls statement only attempted to verify
5005 messages using the first key in the key list.
5008 930. [func] Query performance testing tool added as
5013 928. [bug] nsupdate would send empty update packets if the
5014 send (or empty line) command was run after
5015 another send but before any new updates or
5016 prerequisites were specified. It should simply
5017 ignore this command.
5019 927. [bug] Don't hold the zone lock for the entire dump to disk.
5022 926. [bug] The resolver could deadlock with the ADB when
5023 shutting down (multi-threaded builds only).
5026 925. [cleanup] Remove openssl from the distribution; require that
5027 --with-openssl be specified if DNSSEC is needed.
5029 924. [port] Extend support for pre-RFC2133 IPv6 implementation.
5032 923. [bug] Multiline TSIG secrets (and other multiline strings)
5033 were not accepted in named.conf. [RT #1469]
5035 922. [func] Added two new lwres_getrrsetbyname() result codes,
5036 ERR_NONAME and ERR_NODATA.
5038 921. [bug] lwres returned an incorrect error code if it received
5039 a truncated message.
5041 920. [func] Increase the lwres receive buffer size to 16K.
5046 918. [func] In nsupdate, TSIG errors are no longer treated as
5049 917. [func] New nsupdate command 'key', allowing TSIG keys to
5050 be specified in the nsupdate command stream rather
5051 than the command line.
5053 916. [bug] Specifying type ixfr to dig without specifying
5054 a serial number failed in unexpected ways.
5056 915. [func] The named-checkconf and named-checkzone programs
5057 now have a '-v' option for printing their version.
5060 914. [bug] Global 'server' statements were rejected when
5061 using views, even though they were accepted
5064 913. [bug] Cache cleaning was not sufficiently aggressive.
5067 912. [bug] Attempts to set the 'additional-from-cache' or
5068 'additional-from-auth' option to 'no' in a
5069 server with recursion enabled will now
5070 be ignored and cause a warning message.
5075 910. [port] Some pre-RFC2133 IPv6 implementations do not define
5076 IN6ADDR_ANY_INIT. [RT #1416]
5080 908. [func] New program, rndc-confgen, to simplify setting up rndc.
5082 907. [func] The ability to get entropy from either the
5083 random device, a user-provided file or from
5084 the keyboard was migrated from the DNSSEC tools
5085 to libisc as isc_entropy_usebestsource().
5087 906. [port] Separated the system independent portion of
5088 lib/isc/unix/entropy.c into lib/isc/entropy.c
5089 and added lib/isc/win32/entropy.c.
5091 905. [bug] Configuring a forward "zone" for the root domain
5092 did not work. [RT #1418]
5094 904. [bug] The server would leak memory if attempting to use
5095 an expired TSIG key. [RT #1406]
5097 903. [bug] dig should not crash when receiving a TCP packet
5100 902. [bug] The -d option was ignored if both -t and -g were also
5105 900. [bug] A config.guess update changed the system identification
5106 string of FreeBSD systems; configure and
5107 bin/tests/system/ifconfig.sh now recognize the new
5110 --- 9.2.0a2 released ---
5112 899. [bug] lib/dns/soa.c failed to compile on many platforms
5113 due to inappropriate use of a void value.
5114 [RT #1372, #1373, #1386, #1387, #1395]
5116 898. [bug] "dig" failed to set a nonzero exit status
5117 on UDP query timeout. [RT #1323]
5119 897. [bug] A config.guess update changed the system identification
5120 string of UnixWare systems; configure now recognizes
5123 896. [bug] If a configuration file is set on named's command line
5124 and it has a relative pathname, the current directory
5125 (after any possible jailing resulting from named -t)
5126 will be prepended to it so that reloading works
5127 properly even when a directory option is present.
5129 895. [func] New function, isc_dir_current(), akin to POSIX's
5132 894. [bug] When using the DNSSEC tools, a message intended to warn
5133 when the keyboard was being used because of the lack
5134 of a suitable random device was not being printed.
5136 893. [func] Removed isc_file_test() and added isc_file_exists()
5137 for the basic functionality that was being added
5138 with isc_file_test().
5142 891. [bug] Return an error when a SIG(0) signed response to
5143 an unsigned query is seen. This should actually
5144 do the verification, but it's not currently
5145 possible. [RT #1391]
5147 890. [cleanup] The man pages no longer require the mandoc macros
5148 and should now format cleanly using most versions of
5149 nroff, and HTML versions of the man pages have been
5150 added. Both are generated from DocBook source.
5152 889. [port] Eliminated blank lines before .TH in nroff man
5153 pages since they cause problems with some versions
5154 of nroff. [RT #1390]
5156 888. [bug] Don't die when using TKEY to delete a nonexistent
5157 TSIG key. [RT #1392]
5159 887. [port] Detect broken compilers that can't call static
5160 functions from inline functions. [RT #1212]
5202 866. [func] Close debug only file channels when debug is set to
5205 865. [bug] The new configuration parser did not allow
5206 the optional debug level in a "severity debug"
5207 clause of a logging channel to be omitted.
5208 This is now allowed and treated as "severity
5209 debug 1;" like it does in BIND 8.2.4, not as
5210 "severity debug 0;" like it did in BIND 9.1.
5213 864. [cleanup] Multi-threading is now enabled by default on
5214 OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.
5216 863. [bug] If an error occurred while an outgoing zone transfer
5217 was starting up, the server could access a domain
5218 name that had already been freed when logging a
5219 message saying that the transfer was starting.
5222 862. [bug] Use after realloc(), non portable pointer arithmetic in
5225 861. [port] Add support for Mac OS X, by making it equivalent
5226 to Darwin. This was derived from the config.guess
5227 file shipped with Mac OS X. [RT #1355]
5229 860. [func] Drop cross class glue in zone transfers.
5231 859. [bug] Cache cleaning now won't swamp the CPU if there
5232 is a persistent over limit condition.
5234 858. [func] isc_mem_setwater() no longer requires that when the
5235 callback function is non-NULL then its hi_water
5236 argument must be greater than its lo_water argument
5237 (they can now be equal) or that they be non-zero.
5239 857. [cleanup] Use ISC_MAGIC() to define all magic numbers for
5240 structs, for our friends in EBCDIC-land.
5242 856. [func] Allow partial rdatasets to be returned in answer and
5243 authority sections to help non-TCP capable clients
5244 recover from truncation. [RT #1301]
5246 855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings.
5248 854. [bug] The config parser didn't properly handle config
5249 options that were specified in units of time other
5250 than seconds. [RT #1372]
5252 853. [bug] configure_view_acl() failed to detach existing acls.
5255 852. [bug] Handle responses from servers which do not know
5258 851. [cleanup] The obsolete support-ixfr option was not properly
5261 --- 9.2.0a1 released ---
5263 850. [bug] dns_rbt_findnode() would not find nodes that were
5264 split on a bitstring label somewhere other than in
5265 the last label of the node. [RT #1351]
5267 849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
5269 848. [func] A minimum max-cache-size of two megabytes is enforced
5270 by the cache cleaner.
5272 847. [func] Added isc_file_test(), which currently only has
5273 some very basic functionality to test for the
5274 existence of a file, whether a pathname is absolute,
5275 or whether a pathname is the fundamental representation
5276 of the current directory. It is intended that this
5277 function can be expanded to test other things a
5278 programmer might want to know about a file.
5280 846. [func] A non-zero 'param' to dst_key_generate() when making an
5281 hmac-md5 key means that good entropy is not required.
5283 845. [bug] The access rights on the public file of a symmetric
5284 key are now restricted as soon as the file is opened,
5285 rather than after it has been written and closed.
5287 844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
5288 just as <lwres/net.h> does.
5290 843. [func] If no controls statement is present in named.conf,
5291 or if any inet phrase of a controls statement is
5292 lacking a keys clause, then a key will be automatically
5293 generated by named and an rndc.conf-style file
5294 named named.key will be written that uses it. rndc
5295 will use this file only if its normal configuration
5296 file, or one provided on the command line, does not
5299 842. [func] 'rndc flush' now takes an optional view.
5301 841. [bug] When sdb modules were not declared threadsafe, their
5302 create and destroy functions were not serialized.
5304 840. [bug] The config file parser could print the wrong file
5305 name if an error was detected after an included file
5306 was parsed. [RT #1353]
5308 839. [func] Dump packets for which there was no view or that the
5309 class could not be determined to category "unmatched".
5311 838. [port] UnixWare 7.x.x is now suported by
5312 bin/tests/system/ifconfig.sh.
5314 837. [cleanup] Multi-threading is now enabled by default only on
5315 OSF1, Solaris 2.7 and newer, and AIX.
5317 836. [func] Upgraded libtool to 1.4.
5319 835. [bug] The dispatcher could enter a busy loop if
5320 it got an I/O error receiving on a UDP socket.
5323 834. [func] Accept (but warn about) master files beginning with
5324 an SOA record without an explicit TTL field and
5325 lacking a $TTL directive, by using the SOA MINTTL
5326 as a default TTL. This is for backwards compatibility
5327 with old versions of BIND 8, which accepted such
5328 files without warning although they are illegal
5329 according to RFC1035.
5331 833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
5332 <dns/soa.h>, and extended them to support
5333 all the integer-valued fields of the SOA RR.
5335 832. [bug] The default location for named.conf in named-checkconf
5336 should depend on --sysconfdir like it does in named.
5341 830. [func] Implement 'rndc status'.
5343 829. [bug] The DNS_R_ZONECUT result code should only be returned
5344 when an ANY query is made with DNS_DBFIND_GLUEOK set.
5345 In all other ANY query cases, returning the delegation
5348 828. [bug] The errno value from recvfrom() could be overwritten
5349 by logging code. [RT #1293]
5351 827. [bug] When an IXFR protocol error occurs, the slave
5352 should retry with AXFR.
5354 826. [bug] Some IXFR protocol errors were not detected.
5356 825. [bug] zone.c:ns_query() detached from the wrong zone
5357 reference. [RT #1264]
5359 824. [bug] Correct line numbers reported by dns_master_load().
5362 823. [func] The output of "dig -h" now goes to stdout so that it
5363 can easily be piped through "more". [RT #1254]
5365 822. [bug] Sending nxrrset prerequisites would crash nsupdate.
5368 821. [bug] The program name used when logging to syslog should
5369 be stripped of leading path components.
5372 820. [bug] Name server address lookups failed to follow
5373 A6 chains into the glue of local authoritative
5376 819. [bug] In certain cases, the resolver's attempts to
5377 restart an address lookup at the root could cause
5378 the fetch to deadlock (with itself) instead of
5379 restarting. [RT #1225]
5381 818. [bug] Certain pathological responses to ANY queries could
5382 cause an assertion failure. [RT #1218]
5384 817. [func] Adjust timeouts for dialup zone queries.
5386 816. [bug] Report potential problems with log file accessibility
5387 at configuration time, since such problems can't
5388 reliably be reported at the time they actually occur.
5390 815. [bug] If a log file was specified with a path separator
5391 character (i.e. "/") in its name and the directory
5392 did not exist, the log file's name was treated as
5393 though it were the directory name. [RT #1189]
5395 814. [bug] Socket objects left over from accept() failures
5396 were incorrectly destroyed, causing corruption
5397 of socket manager data structures.
5399 813. [bug] File descriptors exceeding FD_SETSIZE were handled
5402 812. [bug] dig sometimes printed incomplete IXFR responses
5403 due to an uninitialized variable. [RT #1188]
5405 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
5407 810. [bug] The signer name in SIG records was not properly
5408 down-cased when signing/verifying records. [RT #1186]
5410 809. [bug] Configuring a non-local address as a transfer-source
5411 could cause an assertion failure during load.
5413 808. [func] Add 'rndc flush' to flush the server's cache.
5415 807. [bug] When setting up TCP connections for incoming zone
5416 transfers, the transfer-source port was not
5417 ignored like it should be.
5419 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
5420 the calling stack to the zone maintenance level,
5421 causing zones to not reload when an included file was
5422 touched but the top-level zone file was not.
5424 805. [bug] When using "forward only", missing root hints should
5425 not cause queries to fail. [RT #1143]
5427 804. [bug] Attempting to obtain entropy could fail in some
5428 situations. This would be most common on systems
5429 with user-space threads. [RT #1131]
5431 803. [bug] Treat all SIG queries as if they have the CD bit set,
5432 otherwise no data will be returned [RT #749]
5434 802. [bug] DNSSEC key tags were computed incorrectly in almost
5435 all cases. [RT #1146]
5437 801. [bug] nsupdate should treat lines beginning with ';' as
5438 comments. [RT #1139]
5440 800. [bug] dnssec-signzone produced incorrect statistics for
5441 large zones. [RT #1133]
5443 799. [bug] The ADB didn't find AAAA glue in a zone unless A6
5444 glue was also present.
5446 798. [bug] nsupdate should be able to reject bad input lines
5447 and continue. [RT #1130]
5449 797. [func] Issue a warning if the 'directory' option contains
5450 a relative path. [RT #269]
5452 796. [func] When a size limit is associated with a log file,
5453 only roll it when the size is reached, not every
5454 time the log file is opened. [RT #1096]
5456 795. [func] Add the +multiline option to dig. [RT #1095]
5458 794. [func] Implement the "port" and "default-port" statements
5461 793. [cleanup] The DNSSEC tools could create filenames that were
5462 illegal or contained shell meta-characters. They
5463 now use a different text encoding of names that
5464 doesn't have these problems. [RT #1101]
5466 792. [cleanup] Replace the OMAPI command channel protocol with a
5469 791. [bug] The command channel now works over IPv6.
5471 790. [bug] Wildcards created using dynamic update or IXFR
5472 could fail to match. [RT #1111]
5474 789. [bug] The "localhost" and "localnets" ACLs did not match
5475 when used as the second element of a two-element
5478 788. [func] Add the "match-mapped-addresses" option, which
5479 causes IPv6 v4mapped addresses to be treated as
5480 IPv4 addresses for the purpose of acl matching.
5482 787. [bug] The DNSSEC tools failed to downcase domain
5483 names when mapping them into file names.
5485 786. [bug] When DNSSEC signing/verifying data, owner names were
5486 not properly down-cased.
5488 785. [bug] A race condition in the resolver could cause
5489 an assertion failure. [RT #673, #872, #1048]
5491 784. [bug] nsupdate and other programs would not quit properly
5492 if some signals were blocked by the caller. [RT #1081]
5494 783. [bug] Following CNAMEs could cause an assertion failure
5495 when either using an sdb database or under very
5498 782. [func] Implement the "serial-query-rate" option.
5500 781. [func] Avoid error packet loops by dropping duplicate FORMERR
5501 responses. [RT #1006]
5503 780. [bug] Error handling code dealing with out of memory or
5504 other rare errors could lead to assertion failures
5505 by calling functions on uninitialized names. [RT #1065]
5507 779. [func] Added the "minimal-responses" option.
5509 778. [bug] When starting cache cleaning, cleaning_timer_action()
5510 returned without first pausing the iterator, which
5511 could cause deadlock. [RT #998]
5513 777. [bug] An empty forwarders list in a zone failed to override
5514 global forwarders. [RT #995]
5516 776. [func] Improved error reporting in denied messages. [RT #252]
5520 774. [func] max-cache-size is implemented.
5522 773. [func] Added isc_rwlock_trylock() to attempt to lock without
5525 772. [bug] Owner names could be incorrectly omitted from cache
5526 dumps in the presence of negative caching entries.
5529 771. [cleanup] TSIG errors related to unsynchronized clocks
5530 are logged better. [RT #919]
5532 770. [func] Add the "edns yes_or_no" statement to the server
5535 769. [func] Improved error reporting when parsing rdata. [RT #740]
5537 768. [bug] The server did not emit an SOA when a CNAME
5538 or DNAME chain ended in NXDOMAIN in an
5543 766. [bug] A few cases in query_find() could leak fname.
5544 This would trigger the mpctx->allocated == 0
5545 assertion when the server exited.
5546 [RT #739, #776, #798, #812, #818, #821, #845,
5549 765. [func] ACL names are once again case insensitive, like
5550 in BIND 8. [RT #252]
5552 764. [func] Configuration files now allow "include" directives
5553 in more places, such as inside the "view" statement.
5554 [RT #377, #728, #860]
5556 763. [func] Configuration files no longer have reserved words.
5559 762. [cleanup] The named.conf and rndc.conf file parsers have
5560 been completely rewritten.
5562 761. [bug] _REENTRANT was still defined when building with
5565 760. [contrib] Significant enhancements to the pgsql sdb driver.
5567 759. [bug] The resolver didn't turn off "avoid fetches" mode
5568 when restarting, possibly causing resolution
5569 to fail when it should not. This bug only affected
5570 platforms which support both IPv4 and IPv6. [RT #927]
5572 758. [bug] The "avoid fetches" code did not treat negative
5573 cache entries correctly, causing fetches that would
5574 be useful to be avoided. This bug only affected
5575 platforms which support both IPv4 and IPv6. [RT #927]
5577 757. [func] Log zone transfers.
5579 756. [bug] dns_zone_load() could "return" success when no master
5580 file was configured.
5582 755. [bug] Fix incorrectly formatted log messages in zone.c.
5584 754. [bug] Certain failure conditions sending UDP packets
5585 could cause the server to retry the transmission
5586 indefinitely. [RT #902]
5588 753. [bug] dig, host, and nslookup would fail to contact a
5589 remote server if getaddrinfo() returned an IPv6
5590 address on a system that doesn't support IPv6.
5593 752. [func] Correct bad tv_usec elements returned by
5596 751. [func] Log successful zone loads / transfers. [RT #898]
5598 750. [bug] A query should not match a DNAME whose trust level
5599 is pending. [RT #916]
5601 749. [bug] When a query matched a DNAME in a secure zone, the
5602 server did not return the signature of the DNAME.
5605 748. [doc] List supported RFCs in doc/misc/rfc-compliance.
5608 747. [bug] The code to determine whether an IXFR was possible
5609 did not properly check for a database that could
5610 not have a journal. [RT #865, #908]
5612 746. [bug] The sdb didn't clone rdatasets properly, causing
5613 a crash when the server followed delegations. [RT #905]
5615 745. [func] Report the owner name of records that fail
5616 semantic checks while loading.
5618 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the
5619 result of an ANY or SIG query, the resolver failed
5620 to setup the return event's rdatasets, causing an
5621 assertion failure in the query code. [RT #881]
5623 743. [bug] Receiving a large number of certain malformed
5624 answers could cause named to stop responding.
5629 741. [port] Support openssl-engine. [RT #709]
5631 740. [port] Handle openssl library mismatches slightly better.
5633 739. [port] Look for /dev/random in configure, rather than
5634 assuming it will be there for only a predefined
5637 738. [bug] If a non-threadsafe sdb driver supported AXFR and
5638 received an AXFR request, it would deadlock or die
5639 with an assertion failure. [RT #852]
5641 737. [port] stdtime.c failed to compile on certain platforms.
5643 736. [func] New functions isc_task_{begin,end}exclusive().
5645 735. [doc] Add BIND 4 migration notes.
5647 734. [bug] An attempt to re-lock the zone lock could occur if
5648 the server was shutdown during a zone transfer.
5651 733. [bug] Reference counts of dns_acl_t objects need to be
5652 locked but were not. [RT #801, #821]
5654 732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828]
5656 731. [bug] Certain zone errors could cause named-checkzone to
5657 fail ungracefully. [RT #819]
5659 730. [bug] lwres_getaddrinfo() returns the correct result when
5660 it fails to contact a server. [RT #768]
5662 729. [port] pthread_setconcurrency() needs to be called on Solaris.
5664 728. [bug] Fix comment processing on master file directives.
5667 727. [port] Work around OS bug where accept() succeeds but
5668 fails to fill in the peer address of the accepted
5669 connection, by treating it as an error rather than
5670 an assertion failure. [RT #809]
5672 726. [func] Implement the "trace" and "notrace" commands in rndc.
5674 725. [bug] Installing man pages could fail.
5676 724. [func] New libisc functions isc_netaddr_any(),
5679 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
5680 to return DNS_R_SERVFAIL. [RT #783]
5682 722. [func] Allow incremental loads to be canceled.
5684 721. [cleanup] Load manager and dns_master_loadfilequota() are no
5687 720. [bug] Server could enter infinite loop in
5688 dispatch.c:do_cancel(). [RT #733]
5690 719. [bug] Rapid reloads could trigger an assertion failure.
5693 718. [cleanup] "internal" is no longer a reserved word in named.conf.
5696 717. [bug] Certain TKEY processing failure modes could
5697 reference an uninitialized variable, causing the
5698 server to crash. [RT #750]
5700 716. [bug] The first line of a $INCLUDE master file was lost if
5701 an origin was specified. [RT #744]
5703 715. [bug] Resolving some A6 chains could cause an assertion
5704 failure in adb.c. [RT #738]
5706 714. [bug] Preserve interval timers across reloads unless changed.
5709 713. [func] named-checkconf takes '-t directory' similar to named.
5712 712. [bug] Sending a large signed update message caused an
5713 assertion failure. [RT #718]
5715 711. [bug] The libisc and liblwres implementations of
5716 inet_ntop contained an off by one error.
5718 710. [func] The forwarders statement now takes an optional
5721 709. [bug] ANY or SIG queries for data with a TTL of 0
5722 would return SERVFAIL. [RT #620]
5724 708. [bug] When building with --with-openssl, the openssl headers
5725 included with BIND 9 should not be used. [RT #702]
5727 707. [func] The "filename" argument to named-checkzone is no
5728 longer optional, to reduce confusion. [RT #612]
5730 706. [bug] Zones with an explicit "allow-update { none; };"
5731 were considered dynamic and therefore not reloaded
5732 on SIGHUP or "rndc reload".
5734 705. [port] Work out resource limit type for use where rlim_t is
5735 not available. [RT #695]
5737 704. [port] RLIMIT_NOFILE is not available on all platforms.
5740 703. [port] sys/select.h is needed on older platforms. [RT #695]
5742 702. [func] If the address 0.0.0.0 is seen in resolv.conf,
5743 use 127.0.0.1 instead. [RT #693]
5745 701. [func] Root hints are now fully optional. Class IN
5746 views use compiled-in hints by default, as
5747 before. Non-IN views with no root hints now
5748 provide authoritative service but not recursion.
5749 A warning is logged if a view has neither root
5750 hints nor authoritative data for the root. [RT #696]
5752 700. [bug] $GENERATE range check was wrong. [RT #688]
5754 699. [bug] The lexer mishandled empty quoted strings. [RT #694]
5756 698. [bug] Aborting nsupdate with ^C would lead to several
5759 697. [bug] nsupdate was not compatible with the undocumented
5760 BIND 8 behavior of ignoring TTLs in "update delete"
5763 696. [bug] lwresd would die with an assertion failure when passed
5764 a zero-length name. [RT #692]
5766 695. [bug] If the resolver attempted to query a blackholed or
5767 bogus server, the resolution would fail immediately.
5769 694. [bug] $GENERATE did not produce the last entry.
5772 693. [bug] An empty lwres statement in named.conf caused
5773 the server to crash while loading.
5775 692. [bug] Deal with systems that have getaddrinfo() but not
5776 gai_strerror(). [RT #679]
5778 691. [bug] Configuring per-view forwarders caused an assertion
5779 failure. [RT #675, #734]
5781 690. [func] $GENERATE now supports DNAME. [RT #654]
5783 689. [doc] man pages are now installed. [RT #210]
5785 688. [func] "make tags" now works on systems with the
5786 "Exuberant Ctags" etags.
5788 687. [bug] Only say we have IPv6, with sufficient functionality,
5789 if it has actually been tested. [RT #586]
5791 686. [bug] dig and nslookup can now be properly aborted during
5792 blocking operations. [RT #568]
5794 685. [bug] nslookup should use the search list/domain options
5795 from resolv.conf by default. [RT #405, #630]
5797 684. [bug] Memory leak with view forwarders. [RT #656]
5799 683. [bug] File descriptor leak in isc_lex_openfile().
5801 682. [bug] nslookup displayed SOA records incorrectly. [RT #665]
5803 681. [bug] $GENERATE specifying output format was broken. [RT #653]
5805 680. [bug] dns_rdata_fromstruct() mishandled options bigger
5808 679. [bug] $INCLUDE could leak memory and file descriptors on
5811 678. [bug] "transfer-format one-answer;" could trigger an assertion
5814 677. [bug] dnssec-signzone would occasionally use the wrong ttl
5815 for database operations and fail. [RT #643]
5817 676. [bug] Log messages about lame servers to category
5818 'lame-servers' rather than 'resolver', so as not
5819 to be gratuitously incompatible with BIND 8.
5821 675. [bug] TKEY queries could cause the server to leak
5824 674. [func] Allow messages to be TSIG signed / verified using
5825 a offset from the current time.
5827 673. [func] The server can now convert RFC1886-style recursive
5828 lookup requests into RFC2874-style lookups, when
5829 enabled using the new option "allow-v6-synthesis".
5831 672. [bug] The wrong time was in the "time signed" field when
5832 replying with BADTIME error.
5834 671. [bug] The message code was failing to parse a message with
5835 no question section and a TSIG record. [RT #628]
5837 670. [bug] The lwres replacements for getaddrinfo and
5838 getipnodebyname didn't properly check for the
5839 existence of the sockaddr sa_len field.
5841 669. [bug] dnssec-keygen now makes the public key file
5842 non-world-readable for symmetric keys. [RT #403]
5844 668. [func] named-checkzone now reports multiple errors in master
5847 667. [bug] On Linux, running named with the -u option and a
5848 non-world-readable configuration file didn't work.
5851 666. [bug] If a request sent by dig is longer than 512 bytes,
5854 665. [bug] Signed responses were not sent when the size of the
5855 TSIG + question exceeded the maximum message size.
5858 664. [bug] The t_tasks and t_timers module tests are now skipped
5859 when building without threads, since they require
5862 663. [func] Accept a size_spec, not just an integer, in the
5863 (unimplemented and ignored) max-ixfr-log-size option
5864 for compatibility with recent versions of BIND 8.
5867 662. [bug] dns_rdata_fromtext() failed to log certain errors.
5869 661. [bug] Certain UDP IXFR requests caused an assertion failure
5870 (mpctx->allocated == 0). [RT #355, #394, #623]
5872 660. [port] Detect multiple CPUs on HP-UX and IRIX.
5874 659. [performance] Rewrite the name compression code to be much faster.
5876 658. [cleanup] Remove all vestiges of 16 bit global compression.
5878 657. [bug] When a listen-on statement in an lwres block does not
5879 specify a port, use 921, not 53. Also update the
5880 listen-on documentation. [RT #616]
5882 656. [func] Treat an unescaped newline in a quoted string as
5883 an error. This means that TXT records with missing
5884 close quotes should have meaningful errors printed.
5886 655. [bug] Improve error reporting on unexpected eof when loading
5889 654. [bug] Origin was being forgotten in TCP retries in dig.
5892 653. [bug] +defname option in dig was reversed in sense.
5895 652. [bug] zone_saveunique() did not report the new name.
5897 651. [func] The AD bit in responses now has the meaning
5898 specified in <draft-ietf-dnsext-ad-is-secure>.
5900 650. [bug] SIG(0) records were being generated and verified
5901 incorrectly. [RT #606]
5903 649. [bug] It was possible to join to an already running fctx
5904 after it had "cloned" its events, but before it sent
5905 them. In this case, the event of the newly joined
5906 fetch would not contain the answer, and would
5907 trigger the INSIST() in fctx_sendevents(). In
5908 BIND 9.0, this bug did not trigger an INSIST(), but
5909 caused the fetch to fail with a SERVFAIL result.
5910 [RT #588, #597, #605, #607]
5912 648. [port] Add support for pre-RFC2133 IPv6 implementations.
5914 647. [bug] Resolver queries sent after following multiple
5915 referrals had excessively long retransmission
5916 timeouts due to incorrectly counting the referrals
5919 646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
5920 didn't _cleanly_ fix the problem it was trying to fix.
5922 645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
5924 644. [bug] #622 needed more work. [RT #562]
5926 643. [bug] xfrin error messages made more verbose, added class
5927 of the zone. [RT# 599]
5929 642. [bug] Break the exit_check() race in the zone module.
5932 --- 9.1.0b2 released ---
5934 641. [bug] $GENERATE caused a uninitialized link to be used.
5937 640. [bug] Memory leak in error path could cause
5938 "mpctx->allocated == 0" failure. [RT #584]
5940 639. [bug] Reading entropy from the keyboard would sometimes fail.
5943 638. [port] lib/isc/random.c needed to explicitly include time.h
5944 to get a prototype for time() when pthreads was not
5945 being used. [RT #592]
5947 637. [port] Use isc_u?int64_t instead of (unsigned) long long in
5948 lib/isc/print.c. Also allow lib/isc/print.c to
5949 be compiled even if the platform does not need it.
5952 636. [port] Shut up MSVC++ about a possible loss of precision
5953 in the ISC__BUFFER_PUTUINT*() macros. [RT #592]
5955 635. [bug] Reloading a server with a configured blackhole list
5956 would cause an assertion. [RT #590]
5958 634. [bug] A log file will completely stop being written when
5959 it reaches the maximum size in all cases, not just
5960 when versioning is also enabled. [RT #570]
5962 633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
5964 632. [bug] The index array of the journal file was
5965 corrupted as it was written to disk.
5967 631. [port] Build without thread support on systems without
5970 630. [bug] Locking failure in zone code. [RT #582]
5972 629. [bug] 9.1.0b1 dereferenced a null pointer and crashed
5973 when responding to a UDP IXFR request.
5975 628. [bug] If the root hints contained only AAAA addresses,
5976 named would be unable to perform resolution.
5978 627. [bug] The EDNS0 blackhole detection code of change 324
5979 waited for three retransmissions to each server,
5980 which takes much too long when a domain has many
5981 name servers and all of them drop EDNS0 queries.
5982 Now we retry without EDNS0 after three consecutive
5983 timeouts, even if they are all from different
5986 626. [bug] The lightweight resolver daemon no longer crashes
5987 when asked for a SIG rrset. [RT #558]
5989 625. [func] Zones now inherit their class from the enclosing view.
5991 624. [bug] The zone object could get timer events after it had
5992 been destroyed, causing a server crash. [RT #571]
5994 623. [func] Added "named-checkconf" and "named-checkzone" program
5995 for syntax checking named.conf files and zone files,
5998 622. [bug] A canceled request could be destroyed before
5999 dns_request_destroy() was called. [RT #562]
6001 621. [port] Disable IPv6 at runtime if IPv6 sockets are unusable.
6002 This mostly affects Red Hat Linux 7.0, which has
6003 conflicts between libc and the kernel.
6005 620. [bug] dns_master_load*inc() now require 'task' and 'load'
6006 to be non-null. Also 'done' will not be called if
6007 dns_master_load*inc() fails immediately. [RT #565]
6011 618. [bug] Queries to a signed zone could sometimes cause
6012 an assertion failure.
6014 617. [bug] When using dynamic update to add a new RR to an
6015 existing RRset with a different TTL, the journal
6016 entries generated from the update did not include
6017 explicit deletions and re-additions of the existing
6018 RRs to update their TTL to the new value.
6020 616. [func] dnssec-signzone -t output now includes performance
6023 615. [bug] dnssec-signzone did not like child keysets signed
6026 614. [bug] Checks for uninitialized link fields were prone
6027 to false positives, causing assertion failures.
6028 The checks are now disabled by default and may
6029 be re-enabled by defining ISC_LIST_CHECKINIT.
6031 613. [bug] "rndc reload zone" now reloads primary zones.
6032 It previously only updated slave and stub zones,
6033 if an SOA query indicated an out of date serial.
6035 612. [cleanup] Shutup a ridiculously noisy HP-UX compiler that
6036 complains relentlessly about how its treatment
6037 of 'const' has changed as well as how casting
6038 sometimes tightens alignment constraints.
6040 611. [func] allow-notify can be used to permit processing of
6041 notify messages from hosts other than a slave's
6044 610. [func] rndc dumpdb is now supported.
6046 609. [bug] getrrsetbyname() would crash lwresd if the server
6047 found more SIGs than answers. [RT #554]
6049 608. [func] dnssec-signzone now adds a comment to the zone
6050 with the time the file was signed.
6052 607. [bug] nsupdate would fail if it encountered a CNAME or
6053 DNAME in a response to an SOA query. [RT #515]
6055 606. [bug] Compiling with --disable-threads failed due
6056 to isc_thread_self() being incorrectly defined
6057 as an integer rather than a function.
6059 605. [func] New function isc_lex_getlasttokentext().
6061 604. [bug] The named.conf parser could print incorrect line
6062 numbers when long comments were present.
6064 603. [bug] Make dig handle multiple types or classes on the same
6065 query more correctly.
6067 602. [func] Cope automatically with UnixWare's broken
6068 IN6_IS_ADDR_* macros. [RT #539]
6070 601. [func] Return a non-zero exit code if an update fails
6073 600. [bug] Reverse lookups sometimes failed in dig, etc...
6075 599. [func] Added four new functions to the libisc log API to
6076 support i18n messages. isc_log_iwrite(),
6077 isc_log_ivwrite(), isc_log_iwrite1() and
6078 isc_log_ivwrite1() were added.
6080 598. [bug] An update-policy statement would cause the server
6081 to assert while loading. [RT #536]
6083 597. [func] dnssec-signzone is now multi-threaded.
6085 596. [bug] DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
6086 not mutually exclusive.
6088 595. [port] On Linux 2.2, socket() returns EINVAL when it
6089 should return EAFNOSUPPORT. Work around this.
6092 594. [func] sdb drivers are now assumed to not be thread-safe
6093 unless the DNS_SDBFLAG_THREADSAFE flag is supplied.
6095 593. [bug] If a secure zone was missing all its NXTs and
6096 a dynamic update was attempted, the server entered
6099 592. [bug] The sig-validity-interval option now specifies a
6100 number of days, not seconds. This matches the
6101 documentation. [RT #529]
6103 --- 9.1.0b1 released ---
6105 591. [bug] Work around non-reentrancy in openssl by disabling
6106 pre-computation in keys.
6108 590. [doc] There are now man pages for the lwres library in
6111 589. [bug] The server could deadlock if a zone was updated
6112 while being transferred out.
6114 588. [bug] ctx->in_use was not being correctly initialized when
6115 when pushing a file for $INCLUDE. [RT #523]
6117 587. [func] A warning is now printed if the "allow-update"
6118 option allows updates based on the source IP
6119 address, to alert users to the fact that this
6120 is insecure and becoming increasingly so as
6121 servers capable of update forwarding are being
6124 586. [bug] multiple views with the same name were fatal. [RT #516]
6126 585. [func] dns_db_addrdataset() and and dns_rdataslab_merge()
6127 now support 'exact' additions in a similar manner to
6128 dns_db_subtractrdataset() and dns_rdataslab_subtract().
6130 584. [func] You can now say 'notify explicit'; to suppress
6131 notification of the servers listed in NS records
6132 and notify only those servers listed in the
6133 'also-notify' option.
6135 583. [func] "rndc querylog" will now toggle logging of
6136 queries, like "ndc querylog" in BIND 8.
6138 582. [bug] dns_zone_idetach() failed to lock the zone.
6141 581. [bug] log severity was not being correctly processed.
6144 580. [func] Ignore trailing garbage on incoming DNS packets,
6145 for interoperability with broken server
6146 implementations. [RT #491]
6148 579. [bug] nsupdate did not take a filename to read update from.
6151 578. [func] New config option "notify-source", to specify the
6152 source address for notify messages.
6154 577. [func] Log illegal RDATA combinations. e.g. multiple
6155 singleton types, cname and other data.
6157 576. [doc] isc_log_create() description did not match reality.
6159 575. [bug] isc_log_create() was not setting internal state
6160 correctly to reflect the default channels created.
6162 574. [bug] TSIG signed queries sent by the resolver would fail to
6163 have their responses validated and would leak memory.
6165 573. [bug] The journal files of IXFRed slave zones were
6166 inadvertently discarded on server reload, causing
6167 "journal out of sync with zone" errors on subsequent
6170 572. [bug] Quoted strings were not accepted as key names in
6171 address match lists.
6173 571. [bug] It was possible to create an rdataset of singleton
6174 type which had more than one rdata. [RT #154]
6177 570. [bug] rbtdb.c allowed zones containing nodes which had
6178 both a CNAME and "other data". [RT #154]
6180 569. [func] The DNSSEC AD bit will not be set on queries which
6181 have not requested a DNSSEC response.
6183 568. [func] Add sample simple database drivers in contrib/sdb.
6185 567. [bug] Setting the zone transfer timeout to zero caused an
6186 assertion failure. [RT #302]
6188 566. [func] New public function dns_timer_setidle().
6190 565. [func] Log queries more like BIND 8: query logging is now
6191 done to category "queries", level "info". [RT #169]
6193 564. [func] Add sortlist support to lwresd.
6195 563. [func] New public functions dns_rdatatype_format() and
6196 dns_rdataclass_format(), for convenient formatting
6197 of rdata type/class mnemonics in log messages.
6199 562. [cleanup] Moved lib/dns/*conf.c to bin/named where they belong.
6201 561. [func] The 'datasize', 'stacksize', 'coresize' and 'files'
6202 clauses of the options{} statement are now implemented.
6204 560. [bug] dns_name_split did not properly the resulting prefix
6205 when a maximal length bitstring label was split which
6206 was preceded by another bitstring label. [RT #429]
6208 559. [bug] dns_name_split did not properly create the suffix
6209 when splitting within a maximal length bitstring label.
6211 558. [func] New functions, isc_resource_getlimit and
6212 isc_resource_setlimit.
6214 557. [func] Symbolic constants for libisc integral types.
6216 556. [func] The DNSSEC OK bit in the EDNS extended flags
6217 is now implemented. Responses to queries without
6218 this bit set will not contain any DNSSEC records.
6220 555. [bug] A slave server attempting a zone transfer could
6221 crash with an assertion failure on certain
6222 malformed responses from the master. [RT #457]
6224 554. [bug] In some cases, not all of the dnssec tools were
6227 553. [bug] Incoming zone transfers deferred due to quota
6228 were not started when quota was increased but
6229 only when a transfer in progress finished. [RT #456]
6231 552. [bug] We were not correctly detecting the end of all c-style
6234 551. [func] Implemented the 'sortlist' option.
6236 550. [func] Support unknown rdata types and classes.
6238 549. [bug] "make" did not immediately abort the build when a
6239 subdirectory make failed [RT #450].
6241 548. [func] The lexer now ungets tokens more correctly.
6245 546. [func] Option 'lame-ttl' is now implemented.
6247 545. [func] Name limit and counting options removed from dig;
6248 they didn't work properly, and cannot be correctly
6249 implemented without significant changes.
6251 544. [func] Add statistics option, enable statistics-file option,
6252 add RNDC option "dump-statistics" to write out a
6253 query statistics file.
6255 543. [doc] The 'port' option is now documented.
6257 542. [func] Add support for update forwarding as required for
6258 full compliance with RFC2136. It is turned off
6259 by default and can be enabled using the
6260 'allow-update-forwarding' option.
6262 541. [func] Add bogus server support.
6264 540. [func] Add dialup support.
6266 539. [func] Support the blackhole option.
6268 538. [bug] fix buffer overruns by 1 in lwres_getnameinfo().
6272 536. [func] Use transfer-source{-v6} when sending refresh queries.
6273 Transfer-source{-v6} now take a optional port
6274 parameter for setting the UDP source port. The port
6275 parameter is ignored for TCP.
6277 535. [func] Use transfer-source{-v6} when forwarding update
6280 534. [func] Ancestors have been removed from RBT chains. Ancestor
6281 information can be discerned via node parent pointers.
6283 533. [func] Incorporated name hashing into the RBT database to
6284 improve search speed.
6286 532. [func] Implement DNS UPDATE pseudo records using
6287 DNS_RDATA_UPDATE flag.
6289 531. [func] Rdata really should be initialized before being assigned
6290 to (dns_rdata_fromwire(), dns_rdata_fromtext(),
6291 dns_rdata_clone(), dns_rdata_fromregion()),
6294 530. [func] New function dns_rdata_invalidate().
6296 529. [bug] 521 contained a bug which caused zones to always
6299 528. [func] The ISC_LIST_XXXX macros now perform sanity checks
6300 on their arguments. ISC_LIST_XXXXUNSAFE can be use
6301 to skip the checks however use with caution.
6303 527. [func] New function dns_rdata_clone().
6305 526. [bug] nsupdate incorrectly refused to add RRs with a TTL
6308 525. [func] New arguments 'options' for dns_db_subtractrdataset(),
6309 and 'flags' for dns_rdataslab_subtract() allowing you
6310 to request that the RR's must exist prior to deletion.
6311 DNS_R_NOTEXACT is returned if the condition is not met.
6313 524. [func] The 'forward' and 'forwarders' statement in
6314 non-forward zones should work now.
6316 523. [doc] The source to the Administrator Reference Manual is
6317 now an XML file using the DocBook DTD, and is included
6318 in the distribution. The plain text version of the
6319 ARM is temporarily unavailable while we figure out
6320 how to generate readable plain text from the XML.
6322 522. [func] The lightweight resolver daemon can now use
6323 a real configuration file, and its functionality
6324 can be provided by a name server. Also, the -p and -P
6325 options to lwresd have been reversed.
6327 521. [bug] Detect master files which contain $INCLUDE and always
6330 520. [bug] Upgraded libtool to 1.3.5, which makes shared
6331 library builds almost work on AIX (and possibly
6334 519. [bug] dns_name_split() would improperly split some bitstring
6335 labels, zeroing a few of the least significant bits in
6336 the prefix part. When such an improperly created
6337 prefix was returned to the RBT database, the bogus
6338 label was dutifully stored, corrupting the tree.
6341 518. [bug] The resolver did not realize that a DNAME which was
6342 "the answer" to the client's query was "the answer",
6343 and such queries would fail. [RT #399]
6345 517. [bug] The resolver's DNAME code would trigger an assertion
6346 if there was more than one DNAME in the chain.
6349 516. [bug] Cache lookups which had a NULL node pointer, e.g.
6350 those by dns_view_find(), and which would match a
6351 DNAME, would trigger an INSIST(!search.need_cleanup)
6352 assertion. [RT #399]
6354 515. [bug] The ssu table was not being attached / detached
6355 by dns_zone_[sg]etssutable. [RT#397]
6357 514. [func] Retry refresh and notify queries if they timeout.
6360 513. [func] New functionality added to rdnc and server to allow
6361 individual zones to be refreshed or reloaded.
6363 512. [bug] The zone transfer code could throw an exception with
6364 an invalid IXFR stream.
6366 511. [bug] The message code could throw an assertion on an
6367 out of memory failure. [RT #392]
6369 510. [bug] Remove spurious view notify warning. [RT #376]
6371 509. [func] Add support for write of zone files on shutdown.
6373 508. [func] dns_message_parse() can now do a best-effort
6374 attempt, which should allow dig to print more invalid
6377 507. [func] New functions dns_zone_flush(), dns_zt_flushanddetach()
6378 and dns_view_flushanddetach().
6380 506. [func] Do not fail to start on errors in zone files.
6382 505. [bug] nsupdate was printing "unknown result code". [RT #373]
6384 504. [bug] The zone was not being marked as dirty when updated via
6387 503. [bug] dumptime was not being set along with
6388 DNS_ZONEFLG_NEEDDUMP.
6390 502. [func] On a SERVFAIL reply, DiG will now try the next server
6391 in the list, unless the +fail option is specified.
6393 501. [bug] Incorrect port numbers were being displayed by
6396 500. [func] Nearly useless +details option removed from DiG.
6398 499. [func] In DiG, specifying a class with -c or type with -t
6399 changes command-line parsing so that classes and
6400 types are only recognized if following -c or -t.
6401 This allows hosts with the same name as a class or
6402 type to be looked up.
6404 498. [doc] There is now a man page for "dig"
6405 in doc/man/bin/dig.1.
6407 497. [bug] The error messages printed when an IP match list
6408 contained a network address with a nonzero host
6409 part where not sufficiently detailed. [RT #365]
6411 496. [bug] named didn't sanity check numeric parameters. [RT #361]
6413 495. [bug] nsupdate was unable to handle large records. [RT #368]
6415 494. [func] Do not cache NXDOMAIN responses for SOA queries.
6417 493. [func] Return non-cachable (ttl = 0) NXDOMAIN responses
6418 for SOA queries. This makes it easier to locate
6419 the containing zone without polluting intermediate
6422 492. [bug] attempting to reload a zone caused the server fail
6423 to shutdown cleanly. [RT #360]
6425 491. [bug] nsupdate would segfault when sending certain
6426 prerequisites with empty RDATA. [RT #356]
6428 490. [func] When a slave/stub zone has not yet successfully
6429 obtained an SOA containing the zone's configured
6430 retry time, perform the SOA query retries using
6431 exponential backoff. [RT #337]
6433 489. [func] The zone manager now has a "i/o" queue.
6435 488. [bug] Locks weren't properly destroyed in some cases.
6437 487. [port] flockfile() is not defined on all systems.
6439 486. [bug] nslookup: "set all" and "server" commands showed
6440 the incorrect port number if a port other than 53
6441 was specified. [RT #352]
6443 485. [func] When dig had more than one server to query, it would
6444 send all of the messages at the same time. Add
6445 rate limiting of the transmitted messages.
6447 484. [bug] When the server was reloaded after removing addresses
6448 from the named.conf "listen-on" statement, sockets
6449 were still listening on the removed addresses due
6450 to reference count loops. [RT #325]
6452 483. [bug] nslookup: "set all" showed a "search" option but it
6455 482. [bug] nslookup: a plain "server" or "lserver" should be
6456 treated as a lookup.
6458 481. [bug] nslookup:get_next_command() stack size could exceed
6461 480. [bug] strtok() is not thread safe. [RT #349]
6463 479. [func] The test suite can now be run by typing "make check"
6464 or "make test" at the top level.
6466 478. [bug] "make install" failed if the directory specified with
6467 --prefix did not already exist.
6469 477. [bug] The the isc-config.sh script could be installed before
6470 its directory was created. [RT #324]
6472 476. [bug] A zone could expire while a zone transfer was in
6473 progress triggering a INSIST failure. [RT #329]
6475 475. [bug] query_getzonedb() sometimes returned a non-null version
6476 on failure. This caused assertion failures when
6477 generating query responses where names subject to
6478 additional section processing pointed to a zone
6479 to which access had been denied by means of the
6480 allow-query option. [RT #336]
6482 474. [bug] The mnemonic of the CHAOS class is CH according to
6483 RFC1035, but it was printed and read only as CHAOS.
6484 We now accept both forms as input, and print it
6487 473. [bug] nsupdate overran the end of the list of name servers
6488 when no servers could be reached, typically causing
6489 it to print the error message "dns_request_create:
6492 472. [bug] Off-by-one error caused isc_time_add() to sometimes
6493 produce invalid time values.
6495 471. [bug] nsupdate didn't compile on HP/UX 10.20
6497 470. [func] $GENERATE is now supported. See also
6500 469. [bug] "query-source address * port 53;" now works.
6502 468. [bug] dns_master_load*() failed to report file and line
6503 number in certain error conditions.
6505 467. [bug] dns_master_load*() failed to log an error if
6508 466. [bug] dns_master_load*() could return success when it failed.
6510 465. [cleanup] Allow 0 to be set as an omapi_value_t value by
6511 omapi_value_storeint().
6513 464. [cleanup] Build with openssl's RSA code instead of dnssafe.
6515 463. [bug] nsupdate sent malformed SOA queries to the second
6516 and subsequent name servers in resolv.conf if the
6517 query sent to the first one failed.
6519 462. [bug] --disable-ipv6 should work now.
6521 461. [bug] Specifying an unknown key in the "keys" clause of the
6522 "controls" statement caused a NULL pointer dereference.
6525 460. [bug] Much of the DNSSEC code only worked with class IN.
6527 459. [bug] Nslookup processed the "set" command incorrectly.
6529 458. [bug] Nslookup didn't properly check class and type values.
6532 457. [bug] Dig/host/hslookup didn't properly handle connect
6533 timeouts in certain situations, causing an
6534 unnecessary warning message to be printed.
6536 456. [bug] Stub zones were not resetting the refresh and expire
6537 counters, loadtime or clearing the DNS_ZONE_REFRESH
6538 (refresh in progress) flag upon successful update.
6539 This disabled further refreshing of the stub zone,
6540 causing it to eventually expire. [RT #300]
6542 455. [doc] Document IPv4 prefix notation does not require a
6543 dotted decimal quad but may be just dotted decimal.
6545 454. [bug] Enforce dotted decimal and dotted decimal quad where
6546 documented as such in named.conf. [RT #304, RT #311]
6548 453. [bug] Warn if the obsolete option "maintain-ixfr-base"
6549 is specified in named.conf. [RT #306]
6551 452. [bug] Warn if the unimplemented option "statistics-file"
6552 is specified in named.conf. [RT #301]
6554 451. [func] Update forwarding implemented.
6556 450. [func] New function ns_client_sendraw().
6558 449. [bug] isc_bitstring_copy() only works correctly if the
6559 two bitstrings have the same lsb0 value, but this
6560 requirement was not documented, nor was there a
6563 448. [bug] Host output formatting change, to match v8. [RT #255]
6565 447. [bug] Dig didn't properly retry in TCP mode after
6566 a truncated reply. [RT #277]
6568 446. [bug] Confusing notify log message. [RT #298]
6570 445. [bug] Doing a 0 bit isc_bitstring_copy() of an lsb0
6571 bitstring triggered a REQUIRE statement. The REQUIRE
6572 statement was incorrect. [RT #297]
6574 444. [func] "recursion denied" messages are always logged at
6575 debug level 1, now, rather than sometimes at ERROR.
6576 This silences these warnings in the usual case, where
6577 some clients set the RD bit in all queries.
6579 443. [bug] When loading a master file failed because of an
6580 unrecognized RR type name, the error message
6581 did not include the file name and line number.
6584 442. [bug] TSIG signed messages that did not match any view
6585 crashed the server. [RT #290]
6587 441. [bug] Nodes obscured by a DNAME were inaccessible even
6588 when DNS_DBFIND_GLUEOK was set.
6590 440. [func] New function dns_zone_forwardupdate().
6592 439. [func] New function dns_request_createraw().
6594 438. [func] New function dns_message_getrawmessage().
6596 437. [func] Log NOTIFY activity to the notify channel.
6598 436. [bug] If recvmsg() returned EHOSTUNREACH or ENETUNREACH,
6599 which sometimes happens on Linux, named would enter
6600 a busy loop. Also, unexpected socket errors were
6601 not logged at a high enough logging level to be
6602 useful in diagnosing this situation. [RT #275]
6604 435. [bug] dns_zone_dump() overwrote existing zone files
6605 rather than writing to a temporary file and
6606 renaming. This could lead to empty or partial
6607 zone files being left around in certain error
6608 conditions involving the initial transfer of a
6609 slave zone, interfering with subsequent server
6612 434. [func] New function isc_file_isabsolute().
6614 433. [func] isc_base64_decodestring() now accepts newlines
6615 within the base64 data. This makes it possible
6616 to break up the key data in a "trusted-keys"
6617 statement into multiple lines. [RT #284]
6619 432. [func] Added refresh/retry jitter. The actual refresh/
6620 retry time is now a random value between 75% and
6621 100% of the configured value.
6623 431. [func] Log at ISC_LOG_INFO when a zone is successfully
6626 430. [bug] Rewrote the lightweight resolver client management
6627 code to handle shutdown correctly and general
6630 429. [bug] The space reserved for a TSIG record in a response
6631 was 2 bytes too short, leading to message
6632 generation failures.
6634 428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
6635 DNS_R_BADDB for nodes which had neither NXT nor SIG NXT
6636 (e.g. glue). This could cause SERVFAILs when
6637 generating negative responses in a secure zone.
6639 427. [bug] Avoid going into an infinite loop when the validator
6640 gets a negative response to a key query where the
6641 records are signed by the missing key.
6643 426. [bug] Attempting to generate an oversized RSA key could
6644 cause dnssec-keygen to dump core.
6646 425. [bug] Warn about the auth-nxdomain default value change
6647 if there is no auth-nxdomain statement in the
6648 config file. [RT #287]
6650 424. [bug] notify_createmessage() could trigger an assertion
6651 failure when creating the notify message failed,
6652 e.g. due to corrupt zones with multiple SOA records.
6655 423. [bug] When responding to a recursive query, errors that occur
6656 after following a CNAME should cause the query to fail.
6659 422. [func] get rid of isc_random_t, and make isc_random_get()
6660 and isc_random_jitter() use rand() internally
6661 instead of local state. Note that isc_random_*()
6662 functions are only for weak, non-critical "randomness"
6663 such as timing jitter and such.
6665 421. [bug] nslookup would exit when given a blank line as input.
6667 420. [bug] nslookup failed to implement the "exit" command.
6669 419. [bug] The certificate type PKIX was misspelled as SKIX.
6671 418. [bug] At debug levels >= 10, getting an unexpected
6672 socket receive error would crash the server
6673 while trying to log the error message.
6675 417. [func] Add isc_app_block() and isc_app_unblock(), which
6676 allow an application to handle signals while
6679 416. [bug] Slave zones with no master file tried to use a
6680 NULL pointer for a journal file name when they
6681 received an IXFR. [RT #273]
6683 415. [bug] The logging code leaked file descriptors.
6685 414. [bug] Server did not shut down until all incoming zone
6686 transfers were finished.
6688 413. [bug] Notify could attempt to use the zone database after
6689 it had been unloaded. [RT#267]
6691 412. [bug] named -v didn't print the version.
6693 411. [bug] A typo in the HS A code caused an assertion failure.
6695 410. [bug] lwres_gethostbyname() and company set lwres_h_errno
6696 to a random value on success.
6698 409. [bug] If named was shut down early in the startup
6699 process, ns_omapi_shutdown() would attempt to lock
6700 an uninitialized mutex. [RT #262]
6702 408. [bug] stub zones could leak memory and reference counts if
6703 all the masters were unreachable.
6705 407. [bug] isc_rwlock_lock() would needlessly block
6706 readers when it reached the read quota even
6707 if no writers were waiting.
6709 406. [bug] Log messages were occasionally lost or corrupted
6710 due to a race condition in isc_log_doit().
6712 405. [func] Add support for selective forwarding (forward zones)
6714 404. [bug] The request library didn't completely work with IPv6.
6716 403. [bug] "host" did not use the search list.
6718 402. [bug] Treat undefined acls as errors, rather than
6719 warning and then later throwing an assertion.
6722 401. [func] Added simple database API.
6724 400. [bug] SIG(0) signing and verifying was done incorrectly.
6727 399. [bug] When reloading the server with a config file
6728 containing a syntax error, it could catch an
6729 assertion failure trying to perform zone
6730 maintenance on, or sending notifies from,
6731 tentatively created zones whose views were
6732 never fully configured and lacked an address
6733 database and request manager.
6735 398. [bug] "dig" sometimes caught an assertion failure when
6736 using TSIG, depending on the key length.
6738 397. [func] Added utility functions dns_view_gettsig() and
6739 dns_view_getpeertsig().
6741 396. [doc] There is now a man page for "nsupdate"
6742 in doc/man/bin/nsupdate.8.
6744 395. [bug] nslookup printed incorrect RR type mnemonics
6745 for RRs of type >= 21 [RT #237].
6747 394. [bug] Current name was not propagated via $INCLUDE.
6749 393. [func] Initial answer while loading (awl) support.
6750 Entry points: dns_master_loadfileinc(),
6751 dns_master_loadstreaminc(), dns_master_loadbufferinc().
6752 Note: calls to dns_master_load*inc() should be rate
6753 be rate limited so as to not use up all file
6756 392. [func] Add ISC_R_FAMILYNOSUPPORT. Returned when OS does
6757 not support the given address family requested.
6759 391. [clarity] ISC_R_FAMILY -> ISC_R_FAMILYMISMATCH.
6761 390. [func] The function dns_zone_setdbtype() now takes
6762 an argc/argv style vector of words and sets
6763 both the zone database type and its arguments,
6764 making the functions dns_zone_adddbarg()
6765 and dns_zone_cleardbargs() unnecessary.
6767 389. [bug] Attempting to send a request over IPv6 using
6768 dns_request_create() on a system without IPv6
6769 support caused an assertion failure [RT #235].
6771 388. [func] dig and host can now do reverse ipv6 lookups.
6773 387. [func] Add dns_byaddr_createptrname(), which converts
6774 an address into the name used by a PTR query.
6776 386. [bug] Missing strdup() of ACL name caused random
6777 ACL matching failures [RT #228].
6779 385. [cleanup] Removed functions dns_zone_equal(), dns_zone_print(),
6782 384. [bug] nsupdate was incorrectly limiting TTLs to 65535 instead
6785 383. [func] When writing a master file, print the SOA and NS
6786 records (and their SIGs) before other records.
6788 382. [bug] named -u failed on many Linux systems where the
6789 libc provided kernel headers do not match
6792 381. [bug] Check for IPV6_RECVPKTINFO and use it instead of
6793 IPV6_PKTINFO if found. [RT #229]
6795 380. [bug] nsupdate didn't work with IPv6.
6797 379. [func] New library function isc_sockaddr_anyofpf().
6799 378. [func] named and lwresd will log the command line arguments
6800 they were started with in the "starting ..." message.
6802 377. [bug] When additional data lookups were refused due to
6803 "allow-query", the databases were still being
6804 attached causing reference leaks.
6806 376. [bug] The server should always use good entropy when
6807 performing cryptographic functions needing entropy.
6809 375. [bug] Per-zone "allow-query" did not properly override the
6810 view/global one for CNAME targets and additional
6813 374. [bug] SOA in authoritative negative responses had wrong TTL.
6815 373. [func] nslookup is now installed by "make install".
6817 372. [bug] Deal with Microsoft DNS servers appending two bytes of
6818 garbage to zone transfer requests.
6820 371. [bug] At high debug levels, doing an outgoing zone transfer
6821 of a very large RRset could cause an assertion failure
6824 370. [bug] The error messages for roll-forward failures were
6827 369. [func] Support new named.conf options, view and zone
6830 max-retry-time, min-retry-time,
6831 max-refresh-time, min-refresh-time.
6833 368. [func] Restructure the internal ".bind" view so that more
6834 zones can be added to it.
6836 367. [bug] Allow proper selection of server on nslookup command
6839 366. [func] Allow use of '-' batch file in dig for stdin.
6841 365. [bug] nsupdate -k leaked memory.
6843 364. [func] Added additional-from-{cache,auth}
6847 362. [bug] rndc no longer aborts if the configuration file is
6848 missing an options statement. [RT #209]
6850 361. [func] When the RBT find or chain functions set the name and
6851 origin for a node that stores the root label
6852 the name is now set to an empty name, instead of ".",
6853 to simplify later use of the name and origin by
6854 dns_name_concatenate(), dns_name_totext() or
6857 360. [func] dns_name_totext() and dns_name_format() now allow
6858 an empty name to be passed, which is formatted as "@".
6860 359. [bug] dnssec-signzone occasionally signed glue records.
6862 358. [cleanup] Rename the intermediate files used by the dnssec
6865 357. [bug] The zone file parser crashed if the argument
6866 to $INCLUDE was a quoted string.
6868 356. [cleanup] isc_task_send no longer requires event->sender to
6871 355. [func] Added isc_dir_createunique(), similar to mkdtemp().
6873 354. [doc] Man pages for the dnssec tools are now included in
6874 the distribution, in doc/man/dnssec.
6876 353. [bug] double increment in lwres/gethost.c:copytobuf().
6879 352. [bug] Race condition in dns_client_t startup could cause
6880 an assertion failure.
6882 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG
6883 signed query could crash the server.
6885 350. [bug] Also-notify lists specified in the global options
6886 block were not correctly reference counted, causing
6889 349. [bug] Processing a query with the CD bit set now works
6892 348. [func] New boolean named.conf options 'additional-from-auth'
6893 and 'additional-from-cache' now supported in view and
6894 global options statement.
6896 347. [bug] Don't crash if an argument is left off options in dig.
6900 345. [bug] Large-scale changes/cleanups to dig:
6901 * Significantly improve structure handling
6902 * Don't pre-load entire batch files
6903 * Add name/rr counting/limiting
6904 * Fix SIGINT handling
6905 * Shorten timeouts to match v8's behavior
6907 344. [bug] When shutting down, lwresd sometimes tried
6908 to shut down its client tasks twice,
6909 triggering an assertion.
6911 343. [bug] Although zone maintenance SOA queries and
6912 notify requests were signed with TSIG keys
6913 when configured for the server in case,
6914 the TSIG was not verified on the response.
6916 342. [bug] The wrong name was being passed to
6917 dns_name_dup() when generating a TSIG
6920 341. [func] Support 'key' clause in named.conf zone masters
6921 statement to allow authentication via TSIG keys:
6924 10.0.0.1 port 5353 key "foo";
6928 340. [bug] The top-level COPYRIGHT file was missing from
6931 339. [bug] DNSSEC validation of the response to an ANY
6932 query at a name with a CNAME RR in a secure
6933 zone triggered an assertion failure.
6935 338. [bug] lwresd logged to syslog as named, not lwresd.
6937 337. [bug] "dig" did not recognize "nsap-ptr" as an RR type
6938 on the command line.
6940 336. [bug] "dig -f" used 64 k of memory for each line in
6941 the file. It now uses much less, though still
6942 proportionally to the file size.
6944 335. [bug] named would occasionally attempt recursion when
6945 it was disallowed or undesired.
6947 334. [func] Added hmac-md5 to libisc.
6949 333. [bug] The resolver incorrectly accepted referrals to
6950 domains that were not parents of the query name,
6951 causing assertion failures.
6953 332. [func] New function dns_name_reset().
6955 331. [bug] Only log "recursion denied" if RD is set. [RT #178]
6957 330. [bug] Many debugging messages were partially formatted
6958 even when debugging was turned off, causing a
6959 significant decrease in query performance.
6961 329. [func] omapi_auth_register() now takes a size_t argument for
6962 the length of a key's secret data. Previously
6963 OMAPI only stored secrets up to the first NUL byte.
6965 328. [func] Added isc_base64_decodestring().
6967 327. [bug] rndc.conf parser wasn't correctly recognizing an IP
6968 address where a host specification was required.
6970 326. [func] 'keys' in an 'inet' control statement is now
6971 required and must have at least one item in it.
6972 A "not supported" warning is now issued if a 'unix'
6973 control channel is defined.
6975 325. [bug] isc_lex_gettoken was processing octal strings when
6976 ISC_LEXOPT_CNUMBER was not set.
6978 324. [func] In the resolver, turn EDNS0 off if there is no
6979 response after a number of retransmissions.
6980 This is to allow queries some chance of succeeding
6981 even if all the authoritative servers of a zone
6982 silently discard EDNS0 requests instead of
6983 sending an error response like they ought to.
6985 323. [bug] dns_rbt_findname() did not ignore empty rbt nodes.
6986 Because of this, servers authoritative for a parent
6987 and grandchild zone but not authoritative for the
6988 intervening child zone did not correctly issue
6989 referrals to the servers of the child zone.
6991 322. [bug] Queries for KEY RRs are now sent to the parent
6992 server before the authoritative one, making
6993 DNSSEC insecurity proofs work in many cases
6994 where they previously didn't.
6996 321. [bug] When synthesizing a CNAME RR for a DNAME
6997 response, query_addcname() failed to initialize
6998 the type and class of the CNAME dns_rdata_t,
6999 causing random failures.
7001 320. [func] Multiple rndc changes: parses an rndc.conf file,
7002 uses authentication to talk to named, command
7003 line syntax changed. This will all be described
7006 319. [func] The named.conf "controls" statement is now used
7007 to configure the OMAPI command channel.
7009 318. [func] dns_c_ndcctx_destroy() could never return anything
7010 except ISC_R_SUCCESS; made it have void return instead.
7012 317. [func] Use callbacks from libomapi to determine if a
7013 new connection is valid, and if a key requested
7014 to be used with that connection is valid.
7016 316. [bug] Generate a warning if we detect an unexpected <eof>
7017 but treat as <eol><eof>.
7019 315. [bug] Handle non-empty blanks lines. [RT #163]
7021 314. [func] The named.conf controls statement can now have
7022 more than one key specified for the inet clause.
7024 313. [bug] When parsing resolv.conf, don't terminate on an
7025 error. Instead, parse as much as possible, but
7026 still return an error if one was found.
7028 312. [bug] Increase the number of allowed elements in the
7029 resolv.conf search path from 6 to 8. If there
7030 are more than this, ignore the remainder rather
7031 than returning a failure in lwres_conf_parse.
7033 311. [bug] lwres_conf_parse failed when the first line of
7034 resolv.conf was empty or a comment.
7036 310. [func] Changes to named.conf "controls" statement (inet
7039 - support "keys" clause
7043 allow { any; } keys { "foo"; }
7046 - allow "port xxx" to be left out of statement,
7047 in which case it defaults to omapi's default port
7050 309. [bug] When sending a referral, the server did not look
7051 for name server addresses as glue in the zone
7052 holding the NS RRset in the case where this zone
7053 was not the same as the one where it looked for
7054 name server addresses as authoritative data.
7056 308. [bug] Treat a SOA record not at top of zone as an error
7057 when loading a zone. [RT #154]
7059 307. [bug] When canceling a query, the resolver didn't check for
7060 isc_socket_sendto() calls that did not yet have their
7061 completion events posted, so it could (rarely) end up
7062 destroying the query context and then want to use
7063 it again when the send event posted, triggering an
7064 assertion as it tried to cancel an already-canceled
7067 306. [bug] Reading HMAC-MD5 private key files didn't work.
7069 305. [bug] When reloading the server with a config file
7070 containing a syntax error, it could catch an
7071 assertion failure trying to perform zone
7072 maintenance on tentatively created zones whose
7073 views were never fully configured and lacked
7074 an address database.
7076 304. [bug] If more than LWRES_CONFMAXNAMESERVERS servers
7077 are listed in resolv.conf, silently ignore them
7078 instead of returning failure.
7080 303. [bug] Add additional sanity checks to differentiate a AXFR
7081 response vs a IXFR response. [RT #157]
7083 302. [bug] In dig, host, and nslookup, MXNAME should be large
7084 enough to hold any legal domain name in presentation
7085 format + terminating NULL.
7087 301. [bug] Uninitialized pointer in host:printmessage(). [RT #159]
7089 300. [bug] Using both <isc/net.h> and <lwres/net.h> didn't work
7090 on platforms lacking IPv6 because each included their
7091 own ipv6 header file for the missing definitions. Now
7092 each library's ipv6.h defines the wrapper symbol of
7093 the other (ISC_IPV6_H and LWRES_IPV6_H).
7095 299. [cleanup] Get the user and group information before changing the
7096 root directory, so the administrator does not need to
7097 keep a copy of the user and group databases in the
7098 chroot'ed environment. Suggested by Hakan Olsson.
7100 298. [bug] A mutex deadlock occurred during shutdown of the
7101 interface manager under certain conditions.
7102 Digital Unix systems were the most affected.
7104 297. [bug] Specifying a key name that wasn't fully qualified
7105 in certain parts of the config file could cause
7106 an assertion failure.
7108 296. [bug] "make install" from a separate build directory
7109 failed unless configure had been run in the source
7112 295. [bug] When invoked with type==CNAME and a message
7113 not constructed by dns_message_parse(),
7114 dns_message_findname() failed to find anything
7115 due to checking for attribute bits that are set
7116 only in dns_message_parse(). This caused an
7117 infinite loop when constructing the response to
7118 an ANY query at a CNAME in a secure zone.
7120 294. [bug] If we run out of space in while processing glue
7121 when reading a master file and commit "current name"
7122 reverts to "name_current" instead of staying as
7125 293. [port] Add support for FreeBSD 4.0 system tests.
7127 292. [bug] Due to problems with the way some operating systems
7128 handle simultaneous listening on IPv4 and IPv6
7129 addresses, the server no longer listens on IPv6
7130 addresses by default. To revert to the previous
7131 behavior, specify "listen-on-v6 { any; };" in
7134 291. [func] Caching servers no longer send outgoing queries
7135 over TCP just because the incoming recursive query
7138 290. [cleanup] +twiddle option to dig (for testing only) removed.
7140 289. [cleanup] dig is now installed in $bindir instead of $sbindir.
7141 host is now installed in $bindir. (Be sure to remove
7142 any $sbindir/dig from a previous release.)
7144 288. [func] rndc is now installed by "make install" into $sbindir.
7146 287. [bug] rndc now works again as "rndc 127.1 reload" (for
7147 only that task). Parsing its configuration file and
7148 using digital signatures for authentication has been
7149 disabled until named supports the "controls" statement,
7152 286. [bug] On Solaris 2, when named inherited a signal state
7153 where SIGHUP had the SIG_IGN action, SIGHUP would
7154 be ignored rather than causing the server to reload
7157 285. [bug] A change made to the dst API for beta4 inadvertently
7158 broke OMAPI's creation of a dst key from an incoming
7159 message, causing an assertion to be triggered. Fixed.
7161 284. [func] The DNSSEC key generation and signing tools now
7162 generate randomness from keyboard input on systems
7163 that lack /dev/random.
7165 283. [cleanup] The 'lwresd' program is now a link to 'named'.
7167 282. [bug] The lexer now returns ISC_R_RANGE if parsed integer is
7168 too big for an unsigned long.
7170 281. [bug] Fixed list of recognized config file category names.
7172 280. [func] Add isc-config.sh, which can be used to more
7173 easily build applications that link with
7176 279. [bug] Private omapi function symbols shared between
7177 two or more files in libomapi.a were not namespace
7178 protected using the ISC convention of starting with
7179 the library name and two underscores ("omapi__"...)
7181 278. [bug] bin/named/logconf.c:category_fromconf() didn't take
7182 note of when isc_log_categorybyname() wasn't able
7183 to find the category name and would then apply the
7184 channel list of the unknown category to all categories.
7186 277. [bug] isc_log_categorybyname() and isc_log_modulebyname()
7187 would fail to find the first member of any category
7188 or module array apart from the internal defaults.
7189 Thus, for example, the "notify" category was improperly
7190 configured by named.
7192 276. [bug] dig now supports maximum sized TCP messages.
7194 275. [bug] The definition of lwres_gai_strerror() was missing
7197 274. [bug] TSIG AXFR verify failed when talking to a BIND 8
7200 273. [func] The default for the 'transfer-format' option is
7201 now 'many-answers'. This will break zone transfers
7202 to BIND 4.9.5 and older unless there is an explicit
7203 'one-answer' configuration.
7205 272. [bug] The sending of large TCP responses was canceled
7206 in mid-transmission due to a race condition
7207 caused by the failure to set the client object's
7208 "newstate" variable correctly when transitioning
7209 to the "working" state.
7211 271. [func] Attempt to probe the number of cpus in named
7212 if unspecified rather than defaulting to 1.
7214 270. [func] Allow maximum sized TCP answers.
7216 269. [bug] Failed DNSSEC validations could cause an assertion
7217 failure by causing clone_results() to be called with
7218 with hevent->node == NULL.
7220 268. [doc] A plain text version of the Administrator
7221 Reference Manual is now included in the distribution,
7222 as doc/arm/Bv9ARM.txt.
7224 267. [func] Nsupdate is now provided in the distribution.
7226 266. [bug] zone.c:save_nsrrset() node was not initialized.
7228 265. [bug] dns_request_create() now works for TCP.
7230 264. [func] Dispatch can not take TCP sockets in connecting
7231 state. Set DNS_DISPATCHATTR_CONNECTED when calling
7232 dns_dispatch_createtcp() for connected TCP sockets
7233 or call dns_dispatch_starttcp() when the socket is
7236 263. [func] New logging channel type 'stderr'
7243 262. [bug] 'master' was not initialized in zone.c:stub_callback().
7245 261. [func] Add dns_zone_markdirty().
7247 260. [bug] Running named as a non-root user failed on Linux
7248 kernels new enough to support retaining capabilities
7251 259. [func] New random-device and random-seed-file statements
7252 for global options block of named.conf. Both accept
7253 a single string argument.
7255 258. [bug] Fixed printing of lwres_addr_t.address field.
7257 257. [bug] The server detached the last zone manager reference
7258 too early, while it could still be in use by queries.
7259 This manifested itself as assertion failures during the
7260 shutdown process for busy name servers. [RT #133]
7262 256. [func] isc_ratelimiter_t now has attach/detach semantics, and
7263 isc_ratelimiter_shutdown guarantees that the rate
7264 limiter is detached from its task.
7266 255. [func] New function dns_zonemgr_attach().
7268 254. [bug] Suppress "query denied" messages on additional data
7271 --- 9.0.0b4 released ---
7273 253. [func] resolv.conf parser now recognizes ';' and '#' as
7274 comments (anywhere in line, not just as the beginning).
7276 252. [bug] resolv.conf parser mishandled masks on sortlists.
7277 It also aborted when an unrecognized keyword was seen,
7278 now it silently ignores the entire line.
7280 251. [bug] lwresd caught an assertion failure on startup.
7282 250. [bug] fixed handling of size+unit when value would be too
7283 large for internal representation.
7285 249. [cleanup] max-cache-size config option now takes a size-spec
7286 like 'datasize', except 'default' is not allowed.
7288 248. [bug] global lame-ttl option was not being printed when
7289 config structures were written out.
7291 247. [cleanup] Rename cache-size config option to max-cache-size.
7293 246. [func] Rename global option cachesize to cache-size and
7294 add corresponding option to view statement.
7296 245. [bug] If an uncompressed name will take more than 255
7297 bytes and the buffer is sufficiently long,
7298 dns_name_fromwire should return DNS_R_FORMERR,
7299 not ISC_R_NOSPACE. This bug caused cause the
7300 server to catch an assertion failure when it
7301 received a query for a name longer than 255
7304 244. [bug] empty named.conf file and empty options statement are
7305 now parsed properly.
7307 243. [func] new cachesize option for named.conf
7309 242. [cleanup] fixed incorrect warning about auth-nxdomain usage.
7311 241. [cleanup] nscount and soacount have been removed from the
7312 dns_master_*() argument lists.
7314 240. [func] databases now come in three flavours: zone, cache
7317 239. [func] If ISC_MEM_DEBUG is enabled, the variable
7318 isc_mem_debugging controls whether messages
7321 238. [cleanup] A few more compilation warnings have been quieted:
7322 + missing sigwait prototype on BSD/OS 4.0/4.0.1.
7323 + PTHREAD_ONCE_INIT unbraced initializer warnings on
7325 + IN6ADDR_ANY_INIT unbraced initializer warnings on
7326 BSD/OS 4.*, Linux and Solaris 2.8.
7328 237. [bug] If connect() returned ENOBUFS when the resolver was
7329 initiating a TCP query, the socket didn't get
7330 destroyed, and the server did not shut down cleanly.
7332 236. [func] Added new listen-on-v6 config file statement.
7334 235. [func] Consider it a config file error if a listen-on
7335 statement has an IPv6 address in it, or a
7336 listen-on-v6 statement has an IPv4 address in it.
7338 234. [bug] Allow a trusted-key's first field (domain-name) be
7339 either a quoted or an unquoted string, instead of
7340 requiring a quoted string.
7342 233. [cleanup] Convert all config structure integer values to unsigned
7343 integer (isc_uint32_t) to match grammar.
7345 232. [bug] Allow slave zones to not have a file.
7347 231. [func] Support new 'port' clause in config file options
7348 section. Causes 'listen-on', 'masters' and
7349 'also-notify' statements to use its value instead of
7352 230. [func] Replace the dst sign/verify API with a cleaner one.
7354 229. [func] Support config file sig-validity-interval statement
7355 in options, views and zone statements (master
7358 228. [cleanup] Logging messages in config module stripped of
7361 227. [cleanup] The enumerated identifiers dns_rdataclass_*,
7362 dns_rcode_*, dns_opcode_*, and dns_trust_* are
7363 also now cast to their appropriate types, as with
7364 dns_rdatatype_* in item number 225 below.
7366 226. [func] dns_name_totext() now always prints the root name as
7367 '.', even when omit_final_dot is true.
7369 225. [cleanup] The enumerated dns_rdatatype_* identifiers are now
7370 cast to dns_rdatatype_t via macros of their same name
7371 so that they are of the proper integral type wherever
7372 a dns_rdatatype_t is needed.
7374 224. [cleanup] The entire project builds cleanly with gcc's
7375 -Wcast-qual and -Wwrite-strings warnings enabled,
7376 which is now the default when using gcc. (Warnings
7377 from confparser.c, because of yacc's code, are
7378 unfortunately to be expected.)
7380 223. [func] Several functions were re-prototyped to qualify one
7381 or more of their arguments with "const". Similarly,
7382 several functions that return pointers now have
7383 those pointers qualified with const.
7385 222. [bug] The global 'also-notify' option was ignored.
7387 221. [bug] An uninitialized variable was sometimes passed to
7388 dns_rdata_freestruct() when loading a zone, causing
7389 an assertion failure.
7391 220. [cleanup] Set the default outgoing port in the view, and
7392 set it in sockaddrs returned from the ADB.
7393 [31-May-2000 explorer]
7395 219. [bug] Signed truncated messages more correctly follow
7396 the respective specs.
7398 218. [func] When an rdataset is signed, its ttl is normalized
7399 based on the signature validity period.
7401 217. [func] Also-notify and trusted-keys can now be used in
7402 the 'view' statement.
7404 216. [func] The 'max-cache-ttl' and 'max-ncache-ttl' options
7407 215. [bug] Failures at certain points in request processing
7408 could cause the assertion INSIST(client->lockview
7409 == NULL) to be triggered.
7411 214. [func] New public function isc_netaddr_format(), for
7412 formatting network addresses in log messages.
7414 213. [bug] Don't leak memory when reloading the zone if
7415 an update-policy clause was present in the old zone.
7417 212. [func] Added dns_message_get/settsigkey, to make TSIG
7418 key management reasonable.
7420 211. [func] The 'key' and 'server' statements can now occur
7421 inside 'view' statements.
7423 210. [bug] The 'allow-transfer' option was ignored for slave
7424 zones, and the 'transfers-per-ns' option was
7425 was ignored for all zones.
7427 209. [cleanup] Upgraded openssl files to new version 0.9.5a
7429 208. [func] Added ISC_OFFSET_MAXIMUM for the maximum value
7432 207. [func] The dnssec tools properly use the logging subsystem.
7434 206. [cleanup] dst now stores the key name as a dns_name_t, not
7437 205. [cleanup] On IRIX, turn off the mostly harmless warnings 1692
7438 ("prototyped function redeclared without prototype")
7439 and 1552 ("variable ... set but not used") when
7440 compiling in the lib/dns/sec/{dnssafe,openssl}
7441 directories, which contain code imported from outside
7444 204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
7445 to quiet the warnings that "The linked output may not
7446 run on a PA 1.x system."
7448 203. [func] notify and zone soa queries are now tsig signed when
7451 202. [func] isc_lex_getsourceline() changed from returning int
7452 to returning unsigned long, the type of its underlying
7455 201. [cleanup] Removed the test/sdig program, it has been
7456 replaced by bin/dig/dig.
7458 --- 9.0.0b3 released ---
7460 200. [bug] Failures in sending query responses to clients
7461 (e.g., running out of network buffers) were
7464 199. [bug] isc_heap_delete() sometimes violated the heap
7465 invariant, causing timer events not to be posted
7468 198. [func] Dispatch managers hold memory pools which
7469 any managed dispatcher may use. This allows
7470 us to avoid dipping into the memory context for
7471 most allocations. [19-May-2000 explorer]
7473 197. [bug] When an incoming AXFR or IXFR completes, the
7474 zone's internal state is refreshed from the
7475 SOA data. [19-May-2000 explorer]
7477 196. [func] Dispatchers can be shared easily between views
7478 and/or interfaces. [19-May-2000 explorer]
7480 195. [bug] Including the NXT record of the root domain
7481 in a negative response caused an assertion
7484 194. [doc] The PDF version of the Administrator's Reference
7485 Manual is no longer included in the ISC BIND9
7488 193. [func] changed dst_key_free() prototype.
7490 192. [bug] Zone configuration validation is now done at end
7491 of config file parsing, and before loading
7494 191. [func] Patched to compile on UnixWare 7.x. This platform
7495 is not directly supported by the ISC.
7497 190. [cleanup] The DNSSEC tools have been moved to a separate
7498 directory dnssec/ and given the following new,
7499 more descriptive names:
7506 Their command line arguments have also been changed to
7507 be more consistent. dnssec-keygen now prints the
7508 name of the generated key files (sans extension)
7509 on standard output to simplify its use in automated
7512 189. [func] isc_time_secondsastimet(), a new function, will ensure
7513 that the number of seconds in an isc_time_t does not
7514 exceed the range of a time_t, or return ISC_R_RANGE.
7515 Similarly, isc_time_now(), isc_time_nowplusinterval(),
7516 isc_time_add() and isc_time_subtract() now check the
7517 range for overflow/underflow. In the case of
7518 isc_time_subtract, this changed a calling requirement
7519 (ie, something that could generate an assertion)
7520 into merely a condition that returns an error result.
7521 isc_time_add() and isc_time_subtract() were void-
7522 valued before but now return isc_result_t.
7524 188. [func] Log a warning message when an incoming zone transfer
7525 contains out-of-zone data.
7527 187. [func] isc_ratelimter_enqueue() has an additional argument
7530 186. [func] dns_request_getresponse() has an additional argument
7533 185. [bug] Fixed up handling of ISC_MEMCLUSTER_LEGACY. Several
7534 public functions did not have an isc__ prefix, and
7535 referred to functions that had previously been
7538 184. [cleanup] Variables/functions which began with two leading
7539 underscores were made to conform to the ANSI/ISO
7540 standard, which says that such names are reserved.
7542 183. [func] ISC_LOG_PRINTTAG option for log channels. Useful
7543 for logging the program name or other identifier.
7545 182. [cleanup] New command-line parameters for dnssec tools
7547 181. [func] Added dst_key_buildfilename and dst_key_parsefilename
7549 180. [func] New isc_result_t ISC_R_RANGE. Supersedes DNS_R_RANGE.
7551 179. [func] options named.conf statement *must* now come
7552 before any zone or view statements.
7554 178. [func] Post-load of named.conf check verifies a slave zone
7555 has non-empty list of masters defined.
7557 177. [func] New per-zone boolean:
7559 enable-zone yes | no ;
7561 intended to let a zone be disabled without having
7562 to comment out the entire zone statement.
7564 176. [func] New global and per-view option:
7566 max-cache-ttl number
7568 175. [func] New global and per-view option:
7570 additional-data internal | minimal | maximal;
7572 174. [func] New public function isc_sockaddr_format(), for
7573 formatting socket addresses in log messages.
7575 173. [func] Keep a queue of zones waiting for zone transfer
7576 quota so that a new transfer can be dispatched
7577 immediately whenever quota becomes available.
7579 172. [bug] $TTL directive was sometimes missing from dumped
7580 master files because totext_ctx_init() failed to
7581 initialize ctx->current_ttl_valid.
7583 171. [cleanup] On NetBSD systems, the mit-pthreads or
7584 unproven-pthreads library is now always used
7585 unless --with-ptl2 is explicitly specified on
7586 the configure command line. The
7587 --with-mit-pthreads option is no longer needed
7588 and has been removed.
7590 170. [cleanup] Remove inter server consistency checks from zone,
7591 these should return as a separate module in 9.1.
7592 dns_zone_checkservers(), dns_zone_checkparents(),
7593 dns_zone_checkchildren(), dns_zone_checkglue().
7595 Remove dns_zone_setadb(), dns_zone_setresolver(),
7596 dns_zone_setrequestmgr() these should now be found
7599 169. [func] ratelimiter can now process N events per interval.
7601 168. [bug] include statements in named.conf caused syntax errors
7602 due to not consuming the semicolon ending the include
7603 statement before switching input streams.
7605 167. [bug] Make lack of masters for a slave zone a soft error.
7607 166. [bug] Keygen was overwriting existing keys if key_id
7608 conflicted, now it will retry, and non-null keys
7609 with key_id == 0 are not generated anymore. Key
7610 was not able to generate NOAUTHCONF DSA key,
7611 increased RSA key size to 2048 bits.
7613 165. [cleanup] Silence "end-of-loop condition not reached" warnings
7614 from Solaris compiler.
7616 164. [func] Added functions isc_stdio_open(), isc_stdio_close(),
7617 isc_stdio_seek(), isc_stdio_read(), isc_stdio_write(),
7618 isc_stdio_flush(), isc_stdio_sync(), isc_file_remove()
7619 to encapsulate nonportable usage of errno and sync.
7621 163. [func] Added result codes ISC_R_FILENOTFOUND and
7624 162. [bug] Ensure proper range for arguments to ctype.h functions.
7626 161. [cleanup] error in yyparse prototype that only HPUX caught.
7628 160. [cleanup] getnet*() are not going to be implemented at this
7631 159. [func] Redefinition of config file elements is now an
7632 error (instead of a warning).
7634 158. [bug] Log channel and category list copy routines
7635 weren't assigning properly to output parameter.
7637 157. [port] Fix missing prototype for getopt().
7639 156. [func] Support new 'database' statement in zone.
7641 database "quoted-string";
7643 155. [bug] ns_notify_start() was not detaching the found zone.
7645 154. [func] The signer now logs libdns warnings to stderr even when
7646 not verbose, and in a nicer format.
7648 153. [func] dns_rdata_tostruct() 'mctx' is now optional. If 'mctx'
7649 is NULL then you need to preserve the 'rdata' until
7650 you have finished using the structure as there may be
7651 references to the associated memory. If 'mctx' is
7652 non-NULL it is guaranteed that there are no references
7653 to memory associated with 'rdata'.
7655 dns_rdata_freestruct() must be called if 'mctx' was
7656 non-NULL and may safely be called if 'mctx' was NULL.
7658 152. [bug] keygen dumped core if domain name argument was omitted
7661 151. [func] Support 'disabled' statement in zone config (causes
7662 zone to be parsed and then ignored). Currently must
7663 come after the 'type' clause.
7665 150. [func] Support optional ports in masters and also-notify
7668 masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
7670 149. [cleanup] Removed usused argument 'olist' from
7671 dns_c_view_unsetordering().
7673 148. [cleanup] Stop issuing some warnings about some configuration
7674 file statements that were not implemented, but now are.
7676 147. [bug] Changed yacc union size to be smaller for yaccs that
7677 put yacc-stack on the real stack.
7679 146. [cleanup] More general redundant header file cleanup. Rather
7680 than continuing to itemize every header which changed,
7681 this changelog entry just notes that if a header file
7682 did not need another header file that it was including
7683 in order to provide its advertised functionality, the
7684 inclusion of the other header file was removed. See
7685 util/check-includes for how this was tested.
7687 145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
7688 ISC_LANG_ENDDECLS to header files that had function
7689 prototypes, and removed it from those that did not.
7691 144. [cleanup] libdns header files too numerous to name were made
7692 to conform to the same style for multiple inclusion
7695 143. [func] Added function dns_rdatatype_isknown().
7697 142. [cleanup] <isc/stdtime.h> does not need <time.h> or
7700 141. [bug] Corrupt requests with multiple questions could
7701 cause an assertion failure.
7703 140. [cleanup] <isc/time.h> does not need <time.h> or <isc/result.h>.
7705 139. [cleanup] <isc/net.h> now includes <isc/types.h> instead of
7706 <isc/int.h> and <isc/result.h>.
7708 138. [cleanup] isc_strtouq moved from str.[ch] to string.[ch] and
7709 renamed isc_string_touint64. isc_strsep moved from
7710 strsep.c to string.c and renamed isc_string_separate.
7712 137. [cleanup] <isc/commandline.h>, <isc/mem.h>, <isc/print.h>
7713 <isc/serial.h>, <isc/string.h> and <isc/offset.h>
7714 made to conform to the same style for multiple
7715 inclusion protection.
7717 136. [cleanup] <isc/commandline.h>, <isc/interfaceiter.h>,
7718 <isc/net.h> and Win32's <isc/thread.h> needed
7719 ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS.
7721 135. [cleanup] Win32's <isc/condition.h> did not need <isc/result.h>
7722 or <isc/boolean.h>, now uses <isc/types.h> in place
7723 of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
7724 and ISC_LANG_ENDDECLS.
7726 134. [cleanup] <isc/dir.h> does not need <limits.h>.
7728 133. [cleanup] <isc/ipv6.h> needs <isc/platform.h>.
7730 132. [cleanup] <isc/app.h> does not need <isc/task.h>, but does
7731 need <isc/eventclass.h>.
7733 131. [cleanup] <isc/mutex.h> and <isc/util.h> need <isc/result.h>
7734 for ISC_R_* codes used in macros.
7736 130. [cleanup] <isc/condition.h> does not need <pthread.h> or
7737 <isc/boolean.h>, and now includes <isc/types.h>
7738 instead of <isc/time.h>.
7740 129. [bug] The 'default_debug' log channel was not set up when
7741 'category default' was present in the config file
7743 128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
7744 ISC_LANG_ENDDECLS at end of header.
7746 127. [cleanup] The contracts for the comparision routines
7747 dns_name_fullcompare(), dns_name_compare(),
7748 dns_name_rdatacompare(), and dns_rdata_compare() now
7749 specify that the order value returned is < 0, 0, or > 0
7750 instead of -1, 0, or 1.
7752 126. [cleanup] <isc/quota.h> and <isc/taskpool.h> need <isc/lang.h>.
7754 125. [cleanup] <isc/eventclass.h>, <isc/ipv6.h>, <isc/magic.h>,
7755 <isc/mutex.h>, <isc/once.h>, <isc/region.h>, and
7756 <isc/resultclass.h> do not need <isc/lang.h>.
7758 124. [func] signer now imports parent's zone key signature
7759 and creates null keys/sets zone status bit for
7760 children when necessary
7762 123. [cleanup] <isc/event.h> does not need <stddef.h>.
7764 122. [cleanup] <isc/task.h> does not need <isc/mem.h> or
7767 121. [cleanup] <isc/symtab.h> does not need <isc/mem.h> or
7768 <isc/result.h>. Multiple inclusion protection
7769 symbol fixed from ISC_SYMBOL_H to ISC_SYMTAB_H.
7770 isc_symtab_t moved to <isc/types.h>.
7772 120. [cleanup] <isc/socket.h> does not need <isc/boolean.h>,
7773 <isc/bufferlist.h>, <isc/task.h>, <isc/mem.h> or
7776 119. [cleanup] structure definitions for generic rdata structures do
7777 not have _generic_ in their names.
7779 118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
7780 YACC crust (yyparse, etc) [2000-apr-27 explorer]
7782 117. [cleanup] libdns.a changes:
7783 dns_zone_clearnotify() and dns_zone_addnotify()
7784 are replaced by dns_zone_setnotifyalso().
7785 dns_zone_clearmasters() and dns_zone_addmaster()
7786 are replaced by dns_zone_setmasters().
7788 116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
7791 115. [port] Shut up the -Wmissing-declarations warning about
7792 <stdio.h>'s __sputaux on BSD/OS pre-4.1.
7794 114. [cleanup] <isc/sockaddr.h> does not need <isc/buffer.h> or
7797 113. [func] Utility programs dig and host added.
7799 112. [cleanup] <isc/serial.h> does not need <isc/boolean.h>.
7801 111. [cleanup] <isc/rwlock.h> does not need <isc/result.h> or
7804 110. [cleanup] <isc/result.h> does not need <isc/boolean.h> or
7807 109. [bug] "make depend" did nothing for
7808 bin/tests/{db,mem,sockaddr,tasks,timers}/.
7810 108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
7811 <dns/types.h> to <dns/bit.h> and renamed to
7812 DNS_BIT_SET/DNS_BIT_GET/DNS_BIT_CLEAR.
7814 107. [func] Add keysigner and keysettool.
7816 106. [func] Allow dnssec verifications to ignore the validity
7817 period. Used by several of the dnssec tools.
7819 105. [doc] doc/dev/coding.html expanded with other
7820 implicit conventions the developers have used.
7822 104. [bug] Made compress_add and compress_find static to
7825 103. [func] libisc buffer API changes for <isc/buffer.h>:
7827 isc_buffer_base(b) (pointer)
7828 isc_buffer_current(b) (pointer)
7829 isc_buffer_active(b) (pointer)
7830 isc_buffer_used(b) (pointer)
7831 isc_buffer_length(b) (int)
7832 isc_buffer_usedlength(b) (int)
7833 isc_buffer_consumedlength(b) (int)
7834 isc_buffer_remaininglength(b) (int)
7835 isc_buffer_activelength(b) (int)
7836 isc_buffer_availablelength(b) (int)
7838 ISC_BUFFER_USEDCOUNT(b)
7839 ISC_BUFFER_AVAILABLECOUNT(b)
7842 isc_buffer_used(b, r) ->
7843 isc_buffer_usedregion(b, r)
7844 isc_buffer_available(b, r) ->
7845 isc_buffer_available_region(b, r)
7846 isc_buffer_consumed(b, r) ->
7847 isc_buffer_consumedregion(b, r)
7848 isc_buffer_active(b, r) ->
7849 isc_buffer_activeregion(b, r)
7850 isc_buffer_remaining(b, r) ->
7851 isc_buffer_remainingregion(b, r)
7853 Buffer types were removed, so the ISC_BUFFERTYPE_*
7854 macros are no more, and the type argument to
7855 isc_buffer_init and isc_buffer_allocate were removed.
7856 isc_buffer_putstr is now void (instead of isc_result_t)
7857 and requires that the caller ensure that there
7858 is enough available buffer space for the string.
7860 102. [port] Correctly detect inet_aton, inet_pton and inet_ptop
7863 101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
7865 100. [cleanup] <isc/random.h> does not need <isc/int.h> or
7866 <isc/mutex.h>. isc_random_t moved to <isc/types.h>.
7868 99. [cleanup] Rate limiter now has separate shutdown() and
7869 destroy() functions, and it guarantees that all
7870 queued events are delivered even in the shutdown case.
7872 98. [cleanup] <isc/print.h> does not need <stdarg.h> or <stddef.h>
7873 unless ISC_PLATFORM_NEEDVSNPRINTF is defined.
7875 97. [cleanup] <isc/ondestroy.h> does not need <stddef.h> or
7878 96. [cleanup] <isc/mutex.h> does not need <isc/result.h>.
7880 95. [cleanup] <isc/mutexblock.h> does not need <isc/result.h>.
7882 94. [cleanup] Some installed header files did not compile as C++.
7884 93. [cleanup] <isc/msgcat.h> does not need <isc/result.h>.
7886 92. [cleanup] <isc/mem.h> does not need <stddef.h>, <isc/boolean.h>,
7889 91. [cleanup] <isc/log.h> does not need <sys/types.h> or
7892 90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
7893 from <named/listenlist.h>.
7895 89. [cleanup] <isc/lex.h> does not need <stddef.h>.
7897 88. [cleanup] <isc/interfaceiter.h> does not need <isc/result.h> or
7898 <isc/mem.h>. isc_interface_t and isc_interfaceiter_t
7899 moved to <isc/types.h>.
7901 87. [cleanup] <isc/heap.h> does not need <isc/boolean.h>,
7902 <isc/mem.h> or <isc/result.h>.
7904 86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
7907 85. [cleanup] <isc/bufferlist.h> does not need <isc/buffer.h>,
7908 <isc/list.h>, <isc/mem.h>, <isc/region.h> or
7911 84. [func] allow-query ACL checks now apply to all data
7912 added to a response.
7914 83. [func] If the server is authoritative for both a
7915 delegating zone and its (nonsecure) delegatee, and
7916 a query is made for a KEY RR at the top of the
7917 delegatee, then the server will look for a KEY
7918 in the delegator if it is not found in the delegatee.
7920 82. [cleanup] <isc/buffer.h> does not need <isc/list.h>.
7922 81. [cleanup] <isc/int.h> and <isc/boolean.h> do not need
7925 80. [cleanup] <isc/print.h> does not need <stdio.h> or <stdlib.h>.
7927 79. [cleanup] <dns/callbacks.h> does not need <stdio.h>.
7929 78. [cleanup] lwres_conftest renamed to lwresconf_test for
7930 consistency with other *_test programs.
7932 77. [cleanup] typedef of isc_time_t and isc_interval_t moved from
7933 <isc/time.h> to <isc/types.h>.
7935 76. [cleanup] Rewrote keygen.
7937 75. [func] Don't load a zone if its database file is older
7938 than the last time the zone was loaded.
7940 74. [cleanup] Removed mktemplate.o and ufile.o from libisc.a,
7943 73. [func] New "file" API in libisc, including new function
7944 isc_file_getmodtime, isc_mktemplate renamed to
7945 isc_file_mktemplate and isc_ufile renamed to
7946 isc_file_openunique. By no means an exhaustive API,
7947 it is just what's needed for now.
7949 72. [func] DNS_RBTFIND_NOPREDECESSOR and DNS_RBTFIND_NOOPTIONS
7950 added for dns_rbt_findnode, the former to disable the
7951 setting of the chain to the predecessor, and the
7952 latter to make clear when no options are set.
7954 71. [cleanup] Made explicit the implicit REQUIREs of
7955 isc_time_seconds, isc_time_nanoseconds, and
7958 70. [func] isc_time_set() added.
7960 69. [bug] The zone object's master and also-notify lists grew
7961 longer with each server reload.
7963 68. [func] Partial support for SIG(0) on incoming messages.
7965 67. [performance] Allow use of alternate (compile-time supplied)
7966 OpenSSL libraries/headers.
7968 66. [func] Data in authoritative zones should have a trust level
7971 65. [cleanup] Removed obsolete typedef of dns_zone_callbackarg_t
7974 64. [func] The RBT, DB, and zone table APIs now allow the
7975 caller find the most-enclosing superdomain of
7978 63. [func] Generate NOTIFY messages.
7980 62. [func] Add UDP refresh support.
7982 61. [cleanup] Use single quotes consistently in log messages.
7984 60. [func] Catch and disallow singleton types on message
7987 59. [bug] Cause net/host unreachable to be a hard error
7988 when sending and receiving.
7990 58. [bug] bin/named/query.c could sometimes trigger the
7991 (client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
7992 == 0 assertion in query_newname().
7994 57. [func] Added dns_nxt_typepresent()
7996 56. [bug] SIG records were not properly returned in cached
7999 55. [bug] Responses containing multiple names in the authority
8000 section were not negatively cached.
8002 54. [bug] If a fetch with sigrdataset==NULL joined one with
8003 sigrdataset!=NULL or vice versa, the resolver
8004 could catch an assertion or lose signature data,
8007 53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
8010 52. [bug] rndc: taskmgr and socketmgr were not initialized
8013 51. [cleanup] dns/compress.h and dns/zt.h did not need to include
8014 dns/rbt.h; it was needed only by compress.c and zt.c.
8016 50. [func] RBT deletion no longer requires a valid chain to work,
8017 and dns_rbt_deletenode was added.
8019 49. [func] Each cache now has its own mctx.
8021 48. [func] isc_task_create() no longer takes an mctx.
8022 isc_task_mem() has been eliminated.
8024 47. [func] A number of modules now use memory context reference
8027 46. [func] Memory contexts are now reference counted.
8028 Added isc_mem_inuse() and isc_mem_preallocate().
8029 Renamed isc_mem_destroy_check() to
8030 isc_mem_setdestroycheck().
8032 45. [bug] The trusted-key statement incorrectly loaded keys.
8034 44. [bug] Don't include authority data if it would force us
8035 to unset the AD bit in the message.
8037 43. [bug] DNSSEC verification of cached rdatasets was failing.
8039 42. [cleanup] Simplified logging of messages with embedded domain
8040 names by introducing a new convenience function
8043 41. [func] Use PR_SET_KEEPCAPS on Linux 2.3.99-pre3 and later
8044 to allow 'named' to run as a non-root user while
8045 retaining the ability to bind() to privileged
8048 40. [func] Introduced new logging category "dnssec" and
8049 logging module "dns/validator".
8051 39. [cleanup] Moved the typedefs for isc_region_t, isc_textregion_t,
8052 and isc_lex_t to <isc/types.h>.
8054 38. [bug] TSIG signed incoming zone transfers work now.
8056 37. [bug] If the first RR in an incoming zone transfer was
8057 not an SOA, the server died with an assertion failure
8058 instead of just reporting an error.
8060 36. [cleanup] Change DNS_R_SUCCESS (and others) to ISC_R_SUCCESS
8062 35. [performance] Log messages which are of a level too high to be
8063 logged by any channel in the logging configuration
8064 will not cause the log mutex to be locked.
8066 34. [bug] Recursion was allowed even with 'recursion no'.
8068 33. [func] The RBT now maintains a parent pointer at each node.
8070 32. [cleanup] bin/lwresd/client.c needs <string.h> for memset()
8073 31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
8075 30. [func] config file grammar change to support optional
8076 class type for a view.
8078 29. [func] support new config file view options:
8080 auth-nxdomain recursion query-source
8081 query-source-v6 transfer-source
8082 transfer-source-v6 max-transfer-time-out
8083 max-transfer-idle-out transfer-format
8084 request-ixfr provide-ixfr cleaning-interval
8085 fetch-glue notify rfc2308-type1 lame-ttl
8086 max-ncache-ttl min-roots
8088 28. [func] support lame-ttl, min-roots and serial-queries
8089 config global options.
8091 27. [bug] Only include <netinet6/in6.h> on BSD/OS 4.[01]*.
8092 Including it on other platforms (eg, NetBSD) can
8093 cause a forced #error from the C preprocessor.
8095 26. [func] new match-clients statement in config file view.
8097 25. [bug] make install failed to install <isc/log.h> and
8100 24. [cleanup] Eliminate some unnecessary #includes of header
8101 files from header files.
8103 23. [cleanup] Provide more context in log messages about client
8104 requests, using a new function ns_client_log().
8106 22. [bug] SIGs weren't returned in the answer section when
8107 the query resulted in a fetch.
8109 21. [port] Look at STD_CINCLUDES after CINCLUDES during
8110 compilation, so additional system include directories
8111 can be searched but header files in the bind9 source
8112 tree with conflicting names take precedence. This
8113 avoids issues with installed versions of dnssafe and
8116 20. [func] Configuration file post-load validation of zones
8117 failed if there were no zones.
8119 19. [bug] dns_zone_notifyreceive() failed to unlock the zone
8120 lock in certain error cases.
8122 18. [bug] Use AC_TRY_LINK rather than AC_TRY_COMPILE in
8123 configure.in to check for presence of in6addr_any.
8125 17. [func] Do configuration file post-load validation of zones.
8127 16. [bug] put quotes around key names on config file
8128 output to avoid possible keyword clashes.
8130 15. [func] Add dns_name_dupwithoffsets(). This function is
8131 improves comparison performance for duped names.
8133 14. [bug] free_rbtdb() could have 'put' unallocated memory in
8134 an unlikely error path.
8136 13. [bug] lib/dns/master.c and lib/dns/xfrin.c didn't ignore
8139 12. [bug] Fixed possible uninitialized variable error.
8141 11. [bug] axfr_rrstream_first() didn't check the result code of
8142 db_rr_iterator_first(), possibly causing an assertion
8143 to be triggered later.
8145 10. [bug] A bug in the code which makes EDNS0 OPT records in
8146 bin/named/client.c and lib/dns/resolver.c could
8147 trigger an assertion.
8149 9. [cleanup] replaced bit-setting code in confctx.c and replaced
8150 repeated code with macro calls.
8152 8. [bug] Shutdown of incoming zone transfer accessed
8155 7. [cleanup] removed 'listen-on' from view statement.
8157 6. [bug] quote RR names when generating config file to
8158 prevent possible clash with config file keywords
8161 5. [func] syntax change to named.conf file: new ssu grant/deny
8162 statements must now be enclosed by an 'update-policy'
8165 4. [port] bin/named/unix/os.c didn't compile on systems with
8166 linux 2.3 kernel includes due to conflicts between
8167 C library includes and the kernel includes. We now
8168 get only what we need from <linux/capability.h>, and
8169 avoid pulling in other linux kernel .h files.
8171 3. [bug] TKEYs go in the answer section of responses, not
8172 the additional section.
8174 2. [bug] Generating cryptographic randomness failed on
8175 systems without /dev/random.
8177 1. [bug] The installdirs rule in
8178 lib/isc/unix/include/isc/Makefile.in had a typo which
8179 prevented the isc directory from being created if it
8182 --- 9.0.0b2 released ---
8184 # This tells Emacs to use hard tabs in this file.
8186 # indent-tabs-mode: t