1057N/A1879. [func] Added framework for handling multiple EDNS versions.
1057N/A1878. [func] dig can now specify the EDNS version when making
1057N/A1868. [func] edns-udp-size can now be overridden on a per
1057N/A1867. [bug] It was possible to trigger a INSIST in
1057N/A dlv_validatezonekey(). [RT #14846]
2095N/A1864. [bug] Don't try the alternative transfer source if you
660N/A got a answer / transfer with the main source
660N/A1863. [bug] rrset-order "fixed" error messages not complete.
1703N/A1862. [func] Add additional zone data constancy checks.
1703N/A named-checkzone has extended checking of NS, MX and
2095N/A SRV record and the hosts they reference.
1703N/A named has extended post zone load checks.
1703N/A New zone options: check-mx and integrity-check.
1703N/A1861. [bug] dig could trigger a INSIST on certain malformed
1703N/A1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
2095N/A incorrectly set. [RT #14775]
2095N/A1859. [func] Add support for CH A record. [RT #14695]
2095N/A1858. [bug] The flush-zones-on-shutdown option wasn't being
2095N/A1857. [bug] named could trigger a INSIST() if reconfigured /
2095N/A reloaded too fast. [RT #14673]
2095N/A1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
2095N/A1855. [bug] ixfr-from-differences was failing to detect changes
2095N/A of ttl due to dns_diff_subtract() was ignoring the ttl
2095N/A1854. [bug] lwres also needs to know the print format for
2095N/A1853. [bug] Rework how DLV interacts with proveunsecure().
2095N/A1852. [cleanup] Remove last vestiges of dnssec-signkey and
2095N/A dnssec-makekeyset (removed from Makefile years ago).
2095N/A1851. [doc] Doxygen comment markup. [RT #11398]
2095N/A1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
2095N/A1849. [doc] All forms of the man pages (docbook, man, html) should
2095N/A have consistant copyright dates.
2095N/A1848. [bug] Improve SMF integration. [RT #13238]
2095N/A1847. [bug] isc_ondestroy_init() is called too late in
2095N/A dns_rbtdb_create()/dns_rbtdb64_create().
2095N/A1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
2095N/A1845. [bug] Improve error reporting to distingish between
2095N/A accept()/fcntl() and socket()/fcntl() errors.
2095N/A1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
2095N/A for each 16 bit piece of the IPv6 address. The text
2095N/A representation of a IPv6 address has been tighted
2095N/A1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps
2095N/A resulting in old header files being used.
2095N/A1842. [port] cmsg_len() could produce incorrect results on
2095N/A1841. [bug] "dig +nssearch" now makes a recursive query to
2095N/A find the list of nameservers to query. [RT #13694]
2095N/A1840. [func] dnssec-signzone can now randomize signature end times
2095N/A (dnssec-signzone -j jitter). [RT #13609]
2095N/A1838. [cleanup] Don't allow Linux capabilities to be inherited.
2095N/A1837. [bug] Compile time option ISC_FACILITY was not effective
2095N/A for 'named -u <user>'. [RT #13714]
2095N/A1835. [bug] Update dnssec-signzone's usage message. [RT #13657]
2095N/A1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660]
2095N/A1832. [bug] named fails to return BADKEY on unknown TSIG algorithm.
2095N/A1831. [doc] Update named-checkzone documentation. [RT#13604]
2095N/A1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
2095N/A1829. [bug] win32: "pid-file none;" broken. [RT #13563]
2095N/A1828. [bug] isc_rwlock_init() failed to properly cleanup if it
2095N/A encountered a error. [RT #13549]
2095N/A1827. [bug] host: update usage message for '-a'. [RT #37116]
2095N/A1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out
2095N/A of memory error. [RT #13537]
2095N/A1825. [bug] Missing UNLOCK() on out of memory error from in
2095N/A1824. [bug] Memory leak on dns_zone_setdbtype() failure.
2095N/A1823. [bug] Wrong macro used to check for point to point interface.
2095N/A1822. [bug] check-names test for RT was reversed. [RT #13382]
2095N/A1820. [bug] Gracefully handle acl loops. [RT #13659]
2095N/A1819. [bug] The validator needed to check both the algorithm and
2095N/A digest types of the DS to determine if it could be
2095N/A used to introduce a secure zone. [RT #13593]
2095N/A1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599]
2095N/A1815. [bug] nsupdate triggered a REQUIRE if the server was set
2095N/A without also setting the zone and it encountered
2095N/A a CNAME and was using TSIG. [RT #13086]
2095N/A1814. [func] UNIX domain controls are now supported.
2095N/A1813. [func] Restructured the data locking framework using
2095N/A architecture dependent atomic operations (when
2095N/A available), improving response performance on
2095N/A multi-processor machines significantly.
2095N/A x86, x86_64, alpha, and sparc64 are currently
2095N/A1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
2095N/A1811. [func] Preserve the case of domain names in rdata during
2095N/A zone transfers. [RT #13547]
2095N/A decisions about whether to do a threaded build.
2095N/A1809. [bug] "make distclean" failed for libbind if the platform
2095N/A1808. [bug]
zone.c:notify_zone() contained a race condition,
2095N/A zone->db could change underneath it. [RT #13511]
2095N/A1807. [bug] When forwarding (forward only) set the active domain
2095N/A from the forward zone name. [RT #13526]
2095N/A1806. [bug] The resolver returned the wrong result when a CNAME /
2095N/A DNAME was encountered when fetching glue from a
1703N/A secure namespace. [RT #13501]
1703N/A1805. [bug] Pending status was not being cleared when DLV was
2095N/A1804. [bug] Ensure that if we are queried for glue that it fits
684N/A in the additional section or TC is set to tell the
684N/A client to retry using TCP. [RT #10114]
2095N/A1803. [bug] dnssec-signzone sometimes failed to remove old
2095N/A1802. [bug] Handle connection resets better. [RT #11280]
2095N/A1801. [func] Report differences between hints and real NS rrset
2095N/A and associated address records.
2095N/A1800. [bug] Changes #1719 allowed a INSIST to be triggered.
2095N/A1799. [bug] 'rndc flushname' failed to flush negative cache
2095N/A1798. [func] The server syntax has been extended to support a
2095N/A range of servers. [RT #11132]
2095N/A1797. [func] named-checkconf now check acls to verify that they
684N/A only refer to existing acls. [RT #13101]
684N/A1795. [bug] "rndc dumpdb" was not fully documented. Minor
684N/A formating issues with "rndc dumpdb -all". [RT #13396]
684N/A1794. [func] Named and named-checkzone can now both check for
1703N/A non-terminal wildcard records.
1703N/A1793. [func] Extend adjusting TTL warning messages. [RT #13378]
1703N/A1792. [func] New zone option "notify-delay". Specify a minimum
1703N/A delay between sets of NOTIFY messages.
1703N/A1791. [bug] 'host -t a' still printed out AAAA and MX records.
1703N/A allow parallel make to succeed.
1703N/A1789. [bug] Prerequisite test for tkey and dnssec could fail
1703N/A with "configure --with-libtool".
1703N/A1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.
2095N/A1786. [port] AIX: libt_api needs to be taught to look for
1703N/A T_testlist in the main executable (--with-libtool).
2095N/A1784. [cleanup] "libtool -allow-undefined" is the default.
2095N/A Leave hooks in configure to allow it to be set
684N/A1782. [port] OSX: --with-libtool + --enable-libbind broke on
684N/A __evOptMonoTime. [RT #13219]
2095N/A1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
2095N/A1780. [bug] Update libtool to 1.5.10.
2095N/A1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
2095N/A1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
2095N/A IN6ADDR_LOOPBACK_INIT macros.
2095N/A1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
2095N/A IN6ADDR_LOOPBACK_INIT macros.
2095N/A1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
2095N/A IN6ADDR_LOOPBACK_INIT macros.
2095N/A1774. [port] Aix: Silence compiler warnings / build failures.
2095N/A1773. [bug] Fast retry on host / net unreachable. [RT #13153]
2095N/A1770. [bug] named-checkconf failed to report missing a missing
2095N/A1769. [port] win32: change compiler flags /MTd ==> /MDd,
2095N/A1768. [bug] nsecnoexistnodata() could be called with a non-NSEC
2095N/A1767. [port] Builds on IPv6 platforms without IPv6 Advanced API
2095N/A support for (struct in6_pktinfo) failed. [RT #13077]
2095N/A1766. [bug] Update the master file timestamp on successful refresh
2095N/A as well as the journal's timestamp. [RT# 13062]
2095N/A1765. [bug] configure --with-openssl=auto failed. [RT #12937]
2095N/A1764. [bug] dns_zone_replacedb failed to emit a error message
2095N/A if there was no SOA record in the replacment db.
1057N/A1763. [func] Perform sanity checks on NS records which refer to
1057N/A 'in zone' names. [RT #13002]
1703N/A1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS
1703N/A even when it failed. [RT #12995]
1703N/A1761. [bug] 'rndc dumpdb' didn't report unassociated entries.
2095N/A1760. [bug] Host / net unreachable was not penalising rtt
1703N/A1759. [bug] Named failed to startup if the OS supported IPv6
1703N/A but had no IPv6 interfaces configured. [RT #12942]
1703N/A1758. [func] Don't send notify messages to self. [RT #12933]
2095N/A1757. [func] host now can turn on memory debugging flags with '-m'.
1703N/A1756. [func] named-checkconf now checks the logging configuration.
1703N/A1755. [func] allow-update is now settable at the options / view
1703N/A1754. [bug] We wern't always attempting to query the parent
1703N/A server for the DS records at the zone cut.
1703N/A1753. [bug] Don't serve a slave zone which has no NS records.
2095N/A1752. [port] Move isc_app_start() to after ns_os_daemonise()
2095N/A as some fork() implementations unblock the signals
2095N/A that are blocked by isc_app_start(). [RT #12810]
2095N/A1751. [bug] --enable-getifaddrs failed under linux. [RT #12867]
2095N/A1749. [bug] 'check-names response ignore;' failed to ignore.
2095N/A1746. [func] Make public the function to read a key file,
2095N/A dst_key_read_public(). [RT #12450]
2095N/A regardless of scope if no scope was specified when
679N/A query was sent. [RT #12745]
684N/A1744. [bug] If tuple2msgname() failed to convert a tuple to
684N/A a name a REQUIRE could be triggered. [RT #12796]
1703N/A1743. [bug] If isc_taskmgr_create() was not able to create the
1703N/A requested number of worker threads then destruction
1703N/A of the manager would trigger an INSIST() failure.
2095N/A1742. [bug] Deleting all records at a node then adding a
2095N/A previously existing record, in a single UPDATE
2095N/A transaction, failed to leave / regenerate the
2095N/A associated RRSIG records. [RT #12788]
2095N/A1741. [bug] Deleting all records at a node in a secure zone
2095N/A using a update-policy grant failed. [RT #12787]
2095N/A1740. [bug] Replace rbt's hash algorithm as it performed badly
2095N/A with certain zones. [RT #12729]
2095N/A NOTE: a hash context now needs to be established
2095N/A via isc_hash_create() if the application was not
2095N/A1739. [bug] dns_rbt_deletetree() could incorrectly return
2095N/A1738. [bug] Enable overrun checking by default. [RT #12695]
2095N/A1737. [bug] named failed if more than 16 masters were specified.
2095N/A1736. [bug] dst_key_fromnamedfile() could fail to read a
2095N/A1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
2095N/A1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path.
2095N/A1733. [bug] Return non-zero exit status on initial load failure.
2095N/A1732. [bug] 'rrset-order name "*"' wasn't being applied to ".".
2095N/A1730. [port] Determine the length type used by the socket API.
2095N/A1729. [func] Improve check-names error messages.
2095N/A1728. [doc] Update check-names documentation.
2095N/A1727. [bug] named-checkzone: check-names support didn't match
2095N/A1726. [port] aix5: add support for aix5
2095N/A1725. [port] linux: update error message on interaction of threads,
2095N/A capabilities and setuid support (named -u). [RT #12541]
2095N/A1724. [bug] Look for DNSKEY records with "dig +sigtrace".
1703N/A1722. [bug] Don't commit the journal on malformed ixfr streams.
2095N/A1721. [bug] Error message from the journal processing were not
2095N/A always identifing the relevent journal. [RT #12519]
1703N/A1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1
1703N/A negative response. [RT #12506]
2095N/A1719. [bug] named was not correctly caching a RFC 2308 Type 1
1703N/A negative response. [RT #12506]
1703N/A1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative
1703N/A responses when looking for the zone / master server.
1703N/A1715. [func] 'dig +trace' now randomly selects the next servers
1703N/A to try. Report if there is a bad delegation.
1703N/A address when a nameserver was specified by name.
1703N/A1713. [port] linux: extend capset failure message to say:
2095N/A please ensure that the capset kernel module is
1703N/A1712. [bug] Missing FULLCHECK for "trusted-key" in dig.
2095N/A1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'.
1703N/A1710. [func] 'rndc notify zone [class [view]]' resend the NOTIFY
1703N/A messages for the specified zone. [RT #9479]
1703N/A1709. [port] solaris: add SMF support from Sun.
1703N/A1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
1703N/A for conformance to the name space convention. Binary
1703N/A backward compatibility to the old function name is
1703N/A1706. [bug] 'rndc stop' failed to cause zones to be flushed
1703N/A1704. [port] lwres needed a snprintf() implementation for
2095N/A platforms without snprintf(). Add missing
1703N/A1703. [bug] named would loop sending NOTIFY messages when it
1703N/A failed to receive a response. [RT #12322]
1703N/A1702. [bug] also-notify should not be applied to builtin zones.
1703N/A1700. [func] nslookup is no longer to be treated as deprecated.
1703N/A Remove "deprecated" warning message. Add man page.
2095N/A1699. [bug] dnssec-signzone can generate "not exact" errors
2095N/A when resigning. [RT #12281]
2095N/A1698. [doc] Use reserved IPv6 documentation prefix.
2095N/A1697. [bug] xxx-source{,-v6} was not effective when it
2095N/A specified one of listening addresses and a
1703N/A different port than the listening port. [RT #12257]
1703N/A1696. [bug] dnssec-signzone failed to clean out nodes that
1703N/A consisted of only NSEC and RRSIG records.
1703N/A1695. [bug] DS records when forwarding require special handling.
2095N/A1694. [bug] Report if the builtin views of "_default" / "_bind"
1703N/A1693. [bug] max-journal-size was not effective for master zones
1703N/A with ixfr-from-differences set. [RT# 12024]
1703N/A1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
1703N/A1691. [bug] sdb's attachversion was not complete. [RT #11990]
1703N/A1690. [bug] Delay detaching view from the client until UPDATE
1703N/A processing completes when shutting down. [RT #11714]
1703N/A1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
2095N/A contained gratuitous semicolons. [RT #11707]
1703N/A1688. [bug] LDFLAGS was not supported.
2095N/A1687. [bug] Race condition in dispatch. [RT #10272]
1703N/A1686. [bug] Named sent a extraneous NOTIFY when it received a
1703N/A redundant UPDATE request. [RT #11943]
2095N/A1685. [bug] Change #1679 loop tests weren't quite right.
1703N/A1684. [func] ixfr-from-differences now takes master and slave in
1703N/A addition to yes and no at the options and view levels.
2095N/A1683. [bug] dig +sigchase could leak memory. [RT #11445]
1703N/A1682. [port] Update configure test for (long long) printf format.
2095N/A1681. [bug] Only set SO_REUSEADDR when a port is specified in
1703N/A isc_socket_bind(). [RT #11742]
1703N/A1680. [func] rndc: the source address can now be specified.
1703N/A1679. [bug] When there was a single nameserver with multiple
1703N/A addresses for a zone not all addresses were tried.
2095N/A1678. [bug] RRSIG should use TYPEXXXXX for unknown types.
1703N/A1677. [bug] dig: +aaonly didn't work, +aaflag undocumented.
2095N/A1676. [func] New option "allow-query-cache". This lets
1109N/A allow-query be used to specify the default zone
1109N/A access level rather than having to have every
1109N/A zone override the global value. allow-query-cache
2095N/A can be set at both the options and view levels.
1703N/A If allow-query-cache is not set allow-query applies.
1703N/A1675. [bug] named would sometimes add extra NSEC records to
2095N/A1674. [port] linux: increase buffer size used to scan
1109N/A1673. [port] linux: issue a error messages if IPv6 interface
2095N/A1672. [cleanup] Tests which only function in a threaded build
2095N/A now return R:THREADONLY (rather than R:UNTESTED)
2095N/A1671. [contrib] queryperf: add NAPTR to the list of known types.
1109N/A1670. [func] Log UPDATE requests to slave zones without an acl as
2095N/A "disabled" at debug level 3. [RT# 11657]
2095N/A1667. [port] linux: not all versions have IF_NAMESIZE.
2095N/A1666. [bug] The optional port on hostnames in dual-stack-servers
1703N/A1665. [func] rndc now allows addresses to be set in the
1703N/A1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.
1703N/A1663. [func] Look for OpenSSL by default.
2095N/A1662. [bug] Change #1658 failed to change one use of 'type'
2095N/A1661. [bug] Restore dns_name_concatenate() call in
1703N/A1660. [bug] win32: connection_reset_fix() was being called
1703N/A unconditionally. [RT #11595]
1703N/A1659. [cleanup] Cleanup some messages that were referring to KEY vs
1703N/A DNSKEY, NXT vs NSEC and SIG vs RRSIG.
1109N/A1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
1109N/A and DH. Tighten which options apply to KEY and
1703N/A1657. [doc] ARM: document query log output.
1703N/A1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
2095N/A DNSKEY and RRSIG. [RT #11542]
1703N/A1655. [bug] Logging multiple versions w/o a size was broken.
1703N/A1654. [bug] isc_result_totext() contained array bounds read
2095N/A1653. [func] Add key type checking to dst_key_fromfilename(),
1703N/A DST_TYPE_KEY should be used to read TSIG, TKEY and
2095N/A1652. [bug] TKEY still uses KEY.
1703N/A1651. [bug] dig: process multiple dash options.
2095N/A1650. [bug] dig, nslookup: flush standard out after each command.
684N/A1649. [bug] Silence "unexpected non-minimal diff" message.
2095N/A multiple dnssec-lookaside namespaces (not yet
684N/A1647. [bug] It was possible trigger a INSIST when chasing a DS
684N/A record that required walking back over a empty node.
1057N/A1646. [bug] win32: logging file versions didn't work with
1703N/A non-UNC filenames. [RT#11486]
2095N/A1645. [bug] named could trigger a REQUIRE failure if multiple
1057N/A masters with keys are specified.
1703N/A1644. [bug] Update the journal modification time after a
2095N/A sucessfull refresh query. [RT #11436]
1703N/A1643. [bug] dns_db_closeversion() could leak memory / node
1057N/A1642. [port] Support OpenSSL implementations which don't have
2095N/A1641. [bug] Update the check-names description in ARM. [RT #11389]
1703N/A1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
1703N/A incorrectly closing the socket. [RT #11291]
1703N/A1639. [func] Initial dlv system test.
1057N/A1638. [bug] "ixfr-from-differences" could generate a REQUIRE
1057N/A failure if the journal open failed. [RT #11347]
1057N/A1637. [bug] Node reference leak on error in addnoqname().
1703N/A1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
2095N/A a error had occured. The database version no longer
1057N/A matched the version of the database that was dumped.
1703N/A1635. [bug] Memory leak on error in query_addds().
1057N/A1634. [bug] named didn't supply a useful error message when it
1057N/A detected duplicate views. [RT #11208]
2095N/A1633. [bug] named should return NOTIMP to update requests to a
1057N/A slaves without a allow-update-forwarding acl specified.
2095N/A1632. [bug] nsupdate failed to send prerequisite only UPDATE
1057N/A1631. [bug] dns_journal_compact() could sometimes corrupt the
1703N/A1630. [contrib] queryperf: add support for IPv6 transport.
2095N/A1629. [func] dig now supports IPv6 scoped addresses with the
1057N/A extended format in the local-server part. [RT #8753]
1703N/A1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]
1703N/A1627. [bug] win32: sockets were not being closed when the
1703N/A last external reference was removed. [RT# 11179]
684N/A1626. [bug] --enable-getifaddrs was broken. [RT#11259]
1703N/A which contained CNAMES. [RT# 11237]
1703N/A1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
684N/A1623. [bug] A serial number of zero was being displayed in the
684N/A "sending notifies" log message when also-notify was
1703N/A1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
1703N/A available, and suppress wildcard binding if not.
2095N/A1621. [bug] match-destinations did not work for IPv6 TCP queries.
1057N/A1620. [func] When loading a zone report if it is signed. [RT #11149]
684N/A1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
684N/A1618. [bug] Fencepost errors in dns_name_ishostname() and
2095N/A dns_name_ismailbox() could trigger a INSIST().
2095N/A1617. [port] win32: VC++ 6.0 support.
2095N/A1616. [compat] Ensure that named's version is visible in the core
1703N/A1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
1703N/A1614. [port] win32: silence resource limit messages. [RT# 11101]
1703N/A1613. [bug] Builds would fail on machines w/o a if_nametoindex().
2095N/A Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
2095N/A1611. [bug] solaris: IPv6 interface scanning failed to cope with
2095N/A1610. [bug] On dual stack machines "dig -b" failed to set the
2095N/A address type to be looked up with "@server".
2095N/A1609. [func] dig now has support to chase DNSSEC signature chains.
2095N/A Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.
2095N/A DNSSEC validation code in dig coded by Olivier Courtay
2095N/A (olivier.courtay@irisa.fr) for the IDsA project
2095N/A1608. [func] dig and host now accept -4/-6 to select IP transport
2095N/A to use when making queries.
2095N/A1607. [bug] dig, host and nslookup were still using random()
2095N/A to generate query ids. [RT# 11013]
2095N/A1606. [bug] DLV insecurity proof was failing.
2095N/A1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
2095N/A1604. [bug] A xfrout_ctx_create() failure would result in
2095N/A xfrout_ctx_destroy() being called with a
2095N/A partially initaliased structure.
2095N/A1603. [bug] nsupdate: set interactive based on isatty().
2095N/A1602. [bug] Logging to a file failed unless a size was specified.
2095N/A1601. [bug] Silence spurious warning 'both "recursion no;" and
1703N/A "allow-recursion" active' warning from view "_bind".
1703N/A1600. [bug] Duplicate zone pre-load checks were not case
2095N/A1598. [func] Specify that certain parts of the namespace must
1703N/A be secure (dnssec-must-be-secure).
1703N/A1596. [func] Accept 'notify-source' style syntax for query-source.
1703N/A1595. [func] New notify type 'master-only'. Enable notify for
1703N/A1594. [bug] 'rndc dumpdb' could prevent named from answering
2095N/A queries while the dump was in progress. [RT #10565]
684N/A1593. [bug] rndc should return "unknown command" to unknown
2095N/A1592. [bug] configure_view() could leak a dispatch. [RT# 10675]
1057N/A1591. [bug] libbind: updated to BIND 8.4.5.
2095N/A1590. [port] netbsd: update thread support.
2095N/A1589. [func] DNSSEC lookaside validation.
2095N/A1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
2095N/A1587. [bug] dns_message_settsigkey() failed to clear existing key.
2095N/A1586. [func] "check-names" is now implemented.
2095N/A1584. [bug] "make test" failed with a read only source tree.
2095N/A1583. [bug] Records add via UPDATE failed to get the correct trust
2095N/A1582. [bug] rrset-order failed to work on RRsets with more
2095N/A than 32 elements. [RT #10381]
2095N/A1581. [func] Disable DNSSEC support by default. To enable
2095N/A1580. [bug] Zone destruction on final detach takes a long time.
2095N/A1579. [bug] Multiple task managers could not be created.
2095N/A1578. [bug] Don't use CLASS E IPv4 addresses when resolving.
2095N/A1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug
2095N/A workaround code. [RT #10331]
2095N/A1576. [bug] Race condition in dns_dispatch_addresponse().
2095N/A1575. [func] Log TSIG name on TSIG verify failure. [RT #4404]
2095N/A1574. [bug] Don't attempt to open the controls socket(s) when
2095N/A1573. [port] linux: update to libtool 1.5.2 so that
2095N/A "make install DESTDIR=/xx" works with
2095N/A "configure --with-libtool". [RT #9941]
2095N/A1572. [bug] nsupdate: sign the soa query to find the enclosing
2095N/A zone if the server is specified. [RT #10148]
2095N/A1571. [bug] rbt:hash_node() could fail leaving the hash table
2095N/A in an inconsistent state. [RT #10208]
2095N/A1570. [bug] nsupdate failed to handle classes other than IN.
2095N/A New keyword 'class' which sets the default class.
2095N/A1569. [func] nsupdate new command 'answer' which displays the
2095N/A complete answer message to the last update.
2095N/A1568. [bug] nsupdate now reports that the update failed in
2095N/A interactive mode. [RT# 10236]
2095N/A1566. [port] Support for the cmsg framework on Solaris and
HP/UX.
1057N/A This also solved the problem that match-destinations
1057N/A for IPv6 addresses did not work on these systems.
1057N/A1565. [bug] CD flag should be copied to outgoing queries unless
1057N/A the query is under a secure entry point in which case
2095N/A1564. [func] Attempt to provide a fallback entropy source to be
2095N/A used if named is running chrooted and named is unable
2095N/A to open entropy source within the chroot area.
1703N/A1563. [bug] Gracefully fail when unable to obtain neither an IPv4
1703N/A nor an IPv6 dispatch. [RT #10230]
1703N/A1562. [bug] isc_socket_create() and isc_socket_accept() could
1703N/A leak memory under error conditions. [RT #10230]
1703N/A1561. [bug] It was possible to release the same name twice if
1703N/A named ran out of memory. [RT #10197]
2095N/A1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
2095N/A and EAI_NONAME to the same value.
2095N/A1559. [port] named should ignore SIGFSZ.
2095N/A1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
2095N/A child zones for which we don't have a supported
2095N/A algorithm. Such child zones are treated as unsigned.
2095N/A1557. [func] Implement missing DNSSEC tests for
2095N/A * NOQNAME proof with wildcard answers.
2095N/A * NOWILDARD proof with NXDOMAIN.
2095N/A Cache and return NOQNAME with wildcard answers.
2095N/A1556. [bug] nsupdate now treats all names as fully qualified.
2095N/A1555. [func] 'rrset-order cyclic' no longer has a random starting
2095N/A1554. [bug] dig, host, nslookup failed when no nameservers
2095N/A1553. [bug] The windows socket code could stop accepting
2095N/A1552. [bug] Accept NOTIFY requests from mapped masters if
2095N/A matched-mapped is set. [RT #10049]
2095N/A1550. [port] Call tzset(), if available, before calling chroot().
2095N/A1549. [func] named-checkzone can now write out the zone contents
2095N/A in a easily parsable format (-D and -o).
2095N/A1548. [bug] When parsing APL records it was possible to silently
2095N/A accept out of range ADDRESSFAMILY values. [RT# 9979]
2095N/A1547. [bug] Named wasted memory recording duplicate lame zone
2095N/A1546. [bug] We were rejecting valid secure CNAME to negative
2095N/A1545. [bug] It was possible to leak memory if named was unable to
2095N/A bind to the specified transfer source and TSIG was
2095N/A1544. [bug] Named would logged a single entry to a file despite it
2095N/A being over the specified size limit.
2095N/A1543. [bug] Logging using "versions unlimited" did not work.
2095N/A1541. [func] NSEC now uses new bitmap format.
2095N/A1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
2095N/A1539. [bug] Open UDP sockets for notify-source and transfer-source
2095N/A that use reserved ports at startup. [RT #9475]
2095N/A1537. [func] New option "querylog". If set specify whether query
2095N/A logging is to be enabled or disabled at startup.
2095N/A1536. [bug] Windows socket code failed to log a error description
2095N/A when returning ISC_R_UNEXPECTED. [RT #9998]
2095N/A1534. [bug] Race condition when priming cache. [RT# 9940]
1703N/A1533. [func] Warn if both "recursion no;" and "allow-recursion"
1703N/A1531. [port] AIX more libtool fixes.
2095N/A1530. [bug] It was possible to trigger a INSIST() failure if a
684N/A slave master file was removed at just the correct
1057N/A1529. [bug] "notify explicit;" failed to log that NOTIFY messages
2095N/A were being sent for the zone. [RT# 9442]
1057N/A1528. [cleanup] Simplify some dns_name_ functions based on the
1057N/A deprecation of bitstring labels.
2095N/A1527. [cleanup] Reduce the number of gettimeofday() calls without
1057N/A losing necessary timer granularity.
1057N/A1526. [func] Implemented "additional section caching (or acache)",
2095N/A an internal cache framework for additional section
1057N/A content to improve response performance. Several
1057N/A configuration options were provided to control the
2095N/A1525. [bug] dns_cache_create() could trigger a REQUIRE
2095N/A failure in isc_mem_put() during error cleanup.
2095N/A1524. [port] AIX needs to be able to resolve all symbols when
2095N/A creating shared libraries (--with-libtool).
2095N/A1523. [bug] Fix race condition in rbtdb. [RT# 9189]
2095N/A1522. [bug] dns_db_findnode() relax the requirements on 'name'.
2095N/A1521. [bug] dns_view_createresolver() failed to check the
2095N/A result from isc_mem_create(). [RT# 9294]
2095N/A1520. [protocol] Add SSHFP (SSH Finger Print) type.
1703N/A1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
2095N/A1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(),
1703N/A contained a off-by-one error when working out the
1703N/A number of octets in the bitmap.
2095N/A1517. [port] Support for IPv6 interface scanning on
HP/UX and
1057N/A1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
2095N/A1515. [func] Allow transfer source to be set in a server statement.
2095N/A1514. [bug] named: isc_hash_destroy() was being called too early.
2095N/A1513. [doc] Add "US" to root-delegation-only exclude list.
2095N/A1512. [bug] Extend the delegation-only logging to return query
2095N/A type, class and responding nameserver.
2095N/A1511. [bug] delegation-only was generating false positives
1057N/A on negative answers from subzones.
1057N/A1510. [func] New view option "root-delegation-only". Apply
2095N/A delegation-only check to all TLDs and root.
2095N/A Note there are some TLDs that are NOT delegation
2095N/A only (
e.g. DE, LV, US and MUSEUM) these can be excluded
2095N/A from the checks by using exclude.
2095N/A root-delegation-only exclude {
1057N/A "DE"; "LV"; "US"; "MUSEUM";
2095N/A1509. [bug] Hint zones should accept delegation-only. Forward
1057N/A zone should not accept delegation-only.
1057N/A1508. [bug] Don't apply delegation-only checks to answers from
1057N/A1507. [bug] Handle BIND 8 style returns to NS queries to parents
1057N/A when making delegation-only checks.
1057N/A1506. [bug] Wrong return type for dns_view_isdelegationonly().
1057N/A1505. [bug] Uninitialized rdataset in sdb. [RT #8750]
1057N/A1504. [func] New zone type "delegation-only".
2095N/A1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP.
2095N/A1501. [func] Allow TCP queue length to be specified via
2095N/A1500. [bug] host failed to lookup MX records. Also look up
1057N/A1499. [bug] isc_random need to be seeded better if arc4random()
2095N/A1496. [port] test for pthread_attr_setstacksize().
2095N/A1495. [cleanup] Replace hash functions with universal hash.
2095N/A1494. [security] Turn on RSA BLINDING as a precaution.
2095N/A1492. [cleanup] Preserve rwlock quota context when upgrading /
2095N/A1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
1057N/A1490. [bug] Accept reading state as well as working state in
1057N/A ns_client_next(). [RT #6813]
1057N/A1489. [compat] Treat 'allow-update' on slave zones as a warning.
2095N/A1488. [bug] Don't override trust levels for glue addresses.
1057N/A1487. [bug] A REQUIRE() failure could be triggered if a zone was
2095N/A queued for transfer and the zone was then removed.
1057N/A1486. [bug] isc_print_snprintf() '%%' consumed one too many format
1057N/A1485. [bug] gen failed to handle high type values. [RT #6225]
2095N/A1484. [bug] The number of records reported after a AXFR was wrong.
1703N/A1483. [bug] dig axfr failed if the message id in the answer failed
2095N/A to match that in the request. Only the id in the first
1703N/A message is required to match. [RT #8138]
1703N/A1482. [bug] named could fail to start if the kernel supports
2095N/A IPv6 but no interfaces are configured. Similarly
2095N/A1481. [bug] Refresh and stub queries failed to use masters keys
1703N/A1480. [bug] Provide replay protection for rndc commands. Full
1703N/A replay protection requires both rndc and named to
2095N/A be updated. Partial replay protection (limited
1703N/A exposure after restart) is provided if just named
1703N/A1479. [bug] cfg_create_tuple() failed to handle out of
2095N/A memory cleanup. parse_list() would leak memory
684N/A interfaces. It now takes a optional argument
2095N/A to specify the first interface number. [RT #3907]
1703N/A1477. [bug] memory leak using stub zones and TSIG.
1703N/A1475. [port] Probe for old sprintf().
1703N/A1474. [port] Provide strtoul() and memmove() for platforms
1703N/A1473. [bug] create_map() and create_string() failed to handle out
1703N/A of memory cleanup. [RT #6813]
2095N/A1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
2095N/A1471. [bug] libbind: updated to BIND 8.4.0.
1703N/A1470. [bug] Incorrect length passed to snprintf. [RT #5966]
1703N/A1469. [func] Log end of outgoing zone transfer at same level
2095N/A as the start of transfer is logged. [RT #4441]
2095N/A1468. [func] Internal zones are no longer counted for
2095N/A1467. [func] $GENERATES now supports optional class and ttl.
2095N/A1466. [bug] lwresd configuration errors resulted in memory
2095N/A1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
2095N/A failed to check that trailing bits were zero allowing
2095N/A some invalid base64 strings to be accepted. [RT #5397]
2095N/A1464. [bug] Preserve "out of zone" data for outgoing zone
1057N/A1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
2095N/A1462. [bug] parse_sizeval() failed to check the token type.
1703N/A1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
1703N/A1460. [bug] inet_pton() failed to reject certain malformed
2095N/A1458. [cleanup] sprintf() -> snprintf().
2095N/A1457. [port] Provide strlcat() and strlcpy() for platforms without
1703N/A1455. [bug] <netaddr> missing from server grammar in
684N/A1454. [port] Use getifaddrs() if available for interface scanning.
684N/A --disable-getifaddrs to override. Glibc currently
2095N/A has a getifaddrs() that does not support IPv6.
684N/A Use --enable-getifaddrs=glibc to force the use of
684N/A this version under linux machines.
2095N/A1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
2095N/A1451. [bug] rndc-confgen didn't exit with a error code for all
684N/A1450. [bug] Fetching expired glue failed under certain
1703N/A1449. [bug] query_addbestns() didn't handle running out of memory
1703N/A1448. [bug] Handle empty wildcards labels.
1703N/A1447. [bug] We were casting (unsigned int) to and from (void *).
1703N/A rdataset->private4 is now rdataset->privateuint4
1703N/A1446. [func] Implemented undocumented alternate transfer sources
2095N/A from BIND 8. See use-alt-transfer-source,
1703N/A alt-transfer-source and alt-transfer-source-v6.
1703N/A SECURITY: use-alt-transfer-source is ENABLED unless
1703N/A you are using views. This may cause a security risk
2095N/A resulting in accidental disclosure of wrong zone
1703N/A content if the master supplying different source
1703N/A content based on IP address. If you are not certain
1703N/A ISC recommends setting use-alt-transfer-source no;
2095N/A1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
2095N/A been replaced with DNS_ADBFIND_STARTATZONE which
684N/A causes the search to start using the closest zone.
1703N/A1444. [func] dns_view_findzonecut2() allows you to specify if the
1703N/A cache should be searched for zone cuts.
1057N/A1443. [func] Masters lists can now be specified and referenced
1057N/A in zone masters clauses and other masters lists.
1057N/A1442. [func] New functions for manipulating port lists:
2095N/A dns_portlist_create(), dns_portlist_add(),
2095N/A dns_portlist_remove(), dns_portlist_match(),
2095N/A dns_portlist_attach() and dns_portlist_detach().
2095N/A1441. [func] It is now possible to tell dig to bind to a specific
1703N/A1440. [func] It is now possible to tell named to avoid using
1703N/A certain source ports (avoid-v4-udp-ports,
1057N/A1439. [bug] Named could return NOERROR with certain NOTIFY
1057N/A failures. Return NOTAUTH if the NOTIFY zone is
2095N/A1438. [func] Log TSIG (if any) when logging NOTIFY requests.
1703N/A1437. [bug] Leave space for stdio to work in. [RT #5033]
1703N/A1436. [func] dns_zonemgr_resumexfrs() can be used to restart
684N/A1435. [bug] zmgr_resume_xfrs() was being called read locked
684N/A rather than write locked. zmgr_resume_xfrs()
684N/A was not being called if the zone was being
684N/A1434. [bug] "rndc reconfig" failed to initiate the initial
684N/A zone transfer of new slave zones.
1703N/A1433. [bug] named could trigger a REQUIRE failure if it could
1703N/A not get a file descriptor when attempting to write
684N/A1432. [func] The advertised EDNS UDP buffer size can now be set
2095N/A1431. [bug] isc_print_snprintf() "%s" with precision could walk off
2095N/A end of argument. [RT #5191]
679N/A1430. [port] linux: IPv6 interface scanning support.
679N/A1429. [bug] Prevent the cache getting locked to old servers.
679N/A1427. [bug] Race condition in adb with threaded build.
2095N/A1424. [bug] EDNS version not being correctly printed.
1703N/A1423. [contrib] queryperf: added A6 and SRV.
1703N/A1421. [func] Differentiate updates that don't succeed due to
1703N/A prerequisites (unsuccessful) vs other reasons
1703N/A1420. [port] solaris: work around gcc optimizer bug.
1703N/A1418. [bug] 'rndc reconfig' did not cause new slaves to load.
1703N/A See "server-id" for how to configure.
1703N/A1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
2095N/A1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
1703N/A1414. [func] Support for KSK flag.
2095N/A1413. [func] Explictly request the (re-)generation of DS records from
2095N/A keysets (dnssec-signzone -g).
1703N/A1412. [func] You can now specify servers to be tried if a nameserver
1703N/A has IPv6 address and you only support IPv4 or the
2095N/A reverse. See dual-stack-servers.
2095N/A1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
2095N/A1410. [func] Handle records that live in the parent zone,
e.g. DS.
2095N/A1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
2095N/A1408. [bug] "make distclean" was not complete. [RT #4700]
2095N/A1407. [bug] lfsr incorrectly implements the shift register.
2095N/A1406. [bug] dispatch initializes one of the LFSR's with a incorrect
2095N/A1405. [func] Use arc4random() if available.
2095N/A1404. [bug] libbind: ns_name_ntol() could overwrite a zero length
1703N/A1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset
1703N/A dnssec-signkey now report their version in the
1703N/A1402. [cleanup] A6 has been moved to experimental and is no longer
1703N/A1401. [bug] adb wasn't clearing state when the timer expired.
1703N/A1400. [bug] Block the addition of wildcard NS records by IXFR
1703N/A1399. [bug] Use serial number arithmetic when testing SIG
1703N/A1398. [doc] ARM: notify-also should have been also-notify.
1703N/A1396. [func] dnssec-signzone: adjust the default signing time by
1703N/A 1 hour to allow for clock skew.
1703N/A1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
1703N/A have a working implementation. [RT #4079]
2095N/A1394. [func] It is now possible to check if a particular element is
1703N/A in a acl. Remove duplicate entries from the localnets
2095N/A1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
2095N/A is not available in the kernel to prevent accidently
2095N/A listening on IPv4 interfaces.
2095N/A1392. [bug] named-checkzone: update usage.
2095N/A1391. [func] Add support for IPv6 scoped addresses in named.
2095N/A1390. [func] host now supports ixfr.
2095N/A1389. [bug] named could fail to rotate long log files. [RT #3666]
1703N/A defining HAVE_IFLIST_SYSCTL. [RT #3770]
1703N/A1387. [bug] named could crash due to an access to invalid memory
1703N/A space (which caused an assertion failure) in
1703N/A incremental cleaning. [RT #3588]
1703N/A1386. [bug] named-checkzone -z stopped on errors in a zone.
684N/A1385. [bug] Setting serial-query-rate to 10 would trigger a
1703N/A1384. [bug] host was incompatible with BIND 8 in its exit code and
1703N/A in the output with the -l option. [RT #3536]
1703N/A1383. [func] Track the serial number in a IXFR response and log if
1703N/A a mismatch occurs. This is a more specific error than
1703N/A1382. [bug] make install failed with --enable-libbind. [RT #3656]
1703N/A1381. [bug] named failed to correctly process answers that
1703N/A contained DNAME records where the resulting CNAME
1703N/A resulted in a negative answer.
1703N/A1380. [func] 'rndc recursing' dump recursing queries to
1703N/A1379. [func] 'rndc status' now reports tcp and recursion quota
1703N/A1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
1703N/A1377. [func] dns_zone_load{new}() now reports if the zone was
1703N/A loaded, queued for loading to up to date.
684N/A1376. [func] New function dns_zone_logc() to log to specified
1109N/A1375. [func] 'rndc dumpdb' now dumps the adb cache along with the
1057N/A1374. [func] dns_adb_dump() now logs the lame zones associated
1109N/A1373. [bug] Recovery from expired glue failed under certain
1057N/A1372. [bug] named crashes with an assertion failure on exit when
1057N/A sharing the same port for listening and querying, and
1057N/A changing listening addresses several times. [RT# 3509]
1057N/A1371. [bug] notify-source-v6, transfer-source-v6 and
1057N/A query-source-v6 with explicit addresses and using the
1109N/A same ports as named was listening on could interfere
1109N/A with named's ability to answer queries sent to those
1109N/A1370. [bug] dig '+[no]recurse' was incorrectly documented.
1109N/A1369. [bug] Adding an NS record as the lexicographically last
1109N/A record in a secure zone didn't work.
1057N/A1368. [func] remove support for bitstring labels.
1109N/A1367. [func] Use response times to select forwarders.
1109N/A1366. [contrib] queryperf usage was incomplete. Add '-h' for help.
1109N/A1365. [func] "localhost" and "localnets" acls now include IPv6
1057N/A1364. [func] Log file name when unable to open memory statistics
1109N/A and dump database files. [RT# 3437]
1057N/A1363. [func] Listen-on-v6 now supports specific addresses.
1109N/A1362. [bug] remove IFF_RUNNING test when scanning interfaces.
1057N/A1361. [func] log the reason for rejecting a server when resolving
1109N/A1360. [bug] --enable-libbind would fail when not built in the
1109N/A source tree for certain OS's.
1703N/A1359. [security] Support patches OpenSSL libraries.
1057N/A1358. [bug] It was possible to trigger a INSIST when debugging
1703N/A large dynamic updates. [RT #3390]
1057N/A1357. [bug] nsupdate was extremely wasteful of memory.
1703N/A1356. [tuning] Reduce the number of events / quantum for zone tasks.
1703N/A1354. [doc] lwres man pages had illegal nroff.
1703N/A1352. [bug] dig, host, nslookup when falling back to TCP use the
1057N/A current search entry (if any). [RT #3374]
1057N/A1351. [bug] lwres_getipnodebyname() returned the wrong name
1703N/A when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
1057N/A1350. [bug] dns_name_fromtext() failed to handle too many labels
1057N/A1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
1057N/A1348. [port] win32: Rewrote code to use I/O Completion Ports
1057N/A errors. Performance is enhanced.
1057N/A1345. [port] Use a explicit -Wformat with gcc. Not all versions
1703N/A1344. [func] Log if the serial number on the master has gone
1057N/A If you have multiple machines specified in the masters
1057N/A clause you may want to set 'multi-master yes;' to
1057N/A1343. [func] Log successful notifies received (info). Adjust log
1057N/A level for failed notifies to notice.
1057N/A1342. [func] Log remote address with TCP dispatch failures.
1057N/A1341. [func] Allow a rate limiter to be stalled.
1057N/A1340. [bug] Delay and spread out the startup refresh load.
1703N/A lookups. Bit string lookups are no longer attempted.
1703N/A dns_byaddr_create(). dns_byaddr_createptrname() is
1109N/A deprecated, use dns_byaddr_createptrname2() instead.
1703N/A1335. [bug] When performing a nonexistence proof, the validator
1057N/A should discard parent NXTs from higher in the DNS.
1109N/A1333. [contrib] queryperf now reports a summary of returned
1057N/A rcodes (-c), rcodes are printed in mnemonic form (-v).
1057N/A1332. [func] Report the current serial with periodic commits when
1703N/A rolling forward the journal.
1703N/A1331. [func] Generate DNSSEC wildcard proofs.
1109N/A1330. [bug] When processing events (non-threaded) only allow
1703N/A the task one chance to use to use its quantum.
1057N/A1329. [func] named-checkzone will now check if nameservers that
1057N/A appear to be IP addresses. Available modes "fail",
1703N/A "warn" (default) and "ignore" the results of the
1109N/A1328. [bug] The validator could incorrectly verify an invalid
1057N/A1327. [bug] The validator would incorrectly mark data as insecure
1057N/A when seeing a bogus signature before a correct
1057N/A validation was not being performed. [RT #3284]
1703N/A1325. [bug] If the tcpquota was exhausted it was possible to
1057N/A to trigger a INSIST() failure.
1703N/A1322. [bug] dnssec-signzone usage message was misleading.
1057N/A1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
1057N/A would incorrectly duplicate its output and sign it.
1703N/A1320. [doc] query-source-v6 was missing from options section.
1703N/A1319. [func] libbind: log attempts to exploit #1318.
1109N/A1318. [bug] libbind: Remote buffer overrun.
1703N/A1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
1109N/A1316. [bug] libbind: gethostans() could get out of sync parsing
1703N/A the response if there was a very long CNAME chain.
1109N/A1315. [bug] Options should apply to the internal _bind view.
1057N/A1314. [port] Handle ECONNRESET from sendmsg() [unix].
1057N/A1313. [func] Query log now says if the query was signed (S) or
1057N/A1312. [func] Log TSIG key used w/ outgoing zone transfers.
1703N/A1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
684N/A1310. [bug] 'rndc stop' failed to cause zones to be flushed
1057N/A1309. [func] Log that a zone transfer was covered by a TSIG.
1057N/A1308. [func] DS (delegation signer) support.
1109N/A1307. [bug] nsupdate: allow white space base64 key data.
1109N/A1306. [bug] Badly encoded LOC record when the size, horizontal
1703N/A precision or vertical precision was 0.1m.
1057N/A1305. [bug] Document that internal zones are included in the
1057N/A1304. [func] New function: dns_zone_name().
1057N/A1303. [func] Option 'flush-zones-on-shutdown <boolean>;'.
1057N/A1302. [func] Extended rndc dumpdb to support dumping of zones and
1057N/A view selection: 'dumpdb [-all|-zones|-cache] [view]'.
1703N/A1301. [func] New category 'update-security'.
1057N/A1300. [port] Compaq Trucluster support.
1703N/A1299. [bug] Set AI_ADDRCONFIG when looking up addresses
1057N/A via getaddrinfo() (affects dig, host, nslookup, rndc
1057N/A could be left with a trailing "\" after configure
1703N/A1297. [port] linux: make handling EINVAL from socket() no longer
1057N/A conditional on #ifdef LINUX.
1057N/A1296. [bug] isc_log_closefilelogs() needed to lock the log
1057N/A1295. [bug] isc_log_setdebuglevel() needed to lock the log
1703N/A1294. [func] libbind: no longer attempts bit string labels for
1703N/A for nibble style resolution.
1703N/A1293. [func] Entropy can now be retrieved from EGDs. [RT #2438]
1703N/A1292. [func] Enable IPv6 support when using ioctl style interface
2095N/A scanning and OS supports SIOCGLIFADDR using struct
1703N/A1291. [func] Enable IPv6 support when using sysctl style interface
1057N/A1290. [func] "dig axfr" now reports the number of messages
1057N/A as well as the number of records.
1057N/A1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
1703N/A reflect written requirements.
1109N/A1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
1109N/A a rdataset to a zone db in the rbtdb implementation of
1057N/A1286. [bug] dns_name_downcase() enforce requirement that
1057N/A target != NULL or name->buffer != NULL.
1109N/A1285. [func] lwres: probe the system to see what address families
1703N/A1284. [bug] The RTT estimate on unused servers was not aged.
1703N/A1283. [func] Use "dataready" accept filter if available.
1703N/A1282. [port] libbind: hpux 11.11 interface scanning.
1703N/A1281. [func] Log zone when unable to get private keys to update
1703N/A zone. Log zone when NXT records are missing from
1703N/A1280. [bug] libbind: escape '(' and ')' when converting to
1057N/A1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
1703N/A1278. [func] dig: now supports +[no]cl +[no]ttlid.
2095N/A1277. [func] You can now create your own customized printing
2095N/A styles: dns_master_stylecreate() and
2095N/A1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
1703N/A1274. [bug] Memory leak in lwres_gnbarequest_parse().
1703N/A1273. [port] libbind: solaris: 64 bit binary compatibility.
1703N/A1272. [contrib] Berkeley DB 4.0 sdb implementation from
1703N/A Nuno Miguel Rodrigues <nmr@co.sapo.pt>.
1703N/A1271. [bug] "recursion available: {denied,approved}" was too
1703N/A1270. [bug] Check that system inet_pton() and inet_ntop() support
1703N/A1268. [port] Openserver: the value FD_SETSIZE depends on whether
1703N/A1267. [func] isc_file_openunique() now creates file using mode
1703N/A1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
1703N/A __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
1703N/A are not C++ compatible, use *_TYPE versions instead.
1703N/A1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
1703N/A C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
1703N/A1263. [bug] Reference after free error if dns_dispatchmgr_create()
1703N/A1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
1703N/A1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
1703N/A support for compressed TSIG owner names.
1703N/A1260. [func] libbind: res_update can now update IPv6 servers,
1703N/A new function res_findzonecut2().
1703N/A1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
1703N/A1258. [bug] libbind: res_nametotype() and res_nametoclass() were
1703N/A1257. [bug] Failure to write pid-file should not be fatal on
1703N/A1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
1703N/A1255. [bug] When verifying that an NXT proves nonexistence, check
1703N/A the rcode of the message and only do the matching NXT
1703N/A check. That is, for NXDOMAIN responses, check that
1703N/A the name is in the range between the NXT owner and
1703N/A next name, and for NOERROR NODATA responses, check
1703N/A that the type is not present in the NXT bitmap.
1703N/A1254. [func] preferred-glue option from BIND 8.3.
1703N/A1253. [bug] The dnssec system test failed to remove the correct
1703N/A1252. [bug] Dig, host and nslookup were not checking the address
1703N/A the answer was coming from against the address it was
1703N/A1251. [port] win32: a make file contained absolute version specific
1703N/A1250. [func] Nsupdate will report the address the update was
1703N/A1249. [bug] Missing masters clause was not handled gracefully.
1703N/A1248. [bug] DESTDIR was not being propagated between makes.
1703N/A1246. [func] New functions isc_sockaddr_issitelocal(),
1703N/A isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
1703N/A and isc_netaddr_islinklocal().
1703N/A1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
1703N/A1244. [bug] Receiving a TCP message from a blackhole address would
1703N/A prevent further messages being received over that
1703N/A1243. [bug] It was possible to trigger a REQUIRE() in
1703N/A dns_message_findtype(). [RT #2659]
1703N/A1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
1703N/A1241. [bug] Drop received UDP messages with a zero source port
1703N/A as these are invariably forged. [RT #2621]
1703N/A1240. [bug] It was possible to leak zone references by
1703N/A specifying an incorrect zone to rndc.
1703N/A1239. [bug] Under certain circumstances named could continue to
1703N/A use a name after it had been freed triggering
1703N/A INSIST() failures. [RT #2614]
1703N/A1238. [bug] It is possible to lockup the server when shutting down
1703N/A if notifies were being processed. [RT #2591]
1703N/A1237. [bug] nslookup: "set q=type" failed.
1703N/A1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
1703N/A NULL terminated text regions. [RT #2588]
1703N/A1235. [func] Report 'out of memory' errors from openssl.
1703N/A dns_result_register(). DNS_R_SEENINCLUDE should not
1703N/A1233. [bug] The flags field of a KEY record can be expressed in
1703N/A1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
1703N/A1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
1703N/A1229. [bug] named would crash if it received a TSIG signed
1703N/A query as part of an AXFR response. [RT #2570]
2095N/A1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
1703N/A1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
1703N/A if a number was expected and some other token was
1703N/A1226. [func] Use EDNS for zone refresh queries. [RT #2551]
1703N/A1225. [func] dns_message_setopt() no longer requires that
1703N/A dns_message_renderbegin() to have been called.
1703N/A1224. [bug] 'rrset-order' and 'sortlist' should be additive
1703N/A1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
1703N/A1222. [bug] Specifying 'port *' did not always result in a system
1703N/A selected (non-reserved) port being used. [RT #2537]
1703N/A1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
1703N/A compared case insensitively. [RT #2542]
1703N/A1220. [func] Support for APL rdata type.
1703N/A1219. [func] Named now reports the TSIG extended error code when
1703N/A signature verification fails. [RT #1651]
1703N/A1218. [bug] Named incorrectly returned SERVFAIL rather than
1703N/A NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
1703N/A1217. [func] Report locations of previous key definition when a
1703N/A1216. [bug] Multiple server clauses for the same server were not
1703N/A1214. [bug] Win32: isc_file_renameunique() could leave zero length
1703N/A1213. [func] Report view associated with client if it is not a
1703N/A standard view (_default or _bind).
1703N/A1212. [port] libbind: 64k answer buffers were causing stack space
1703N/A to be exceeded for certain OS. Use heap space instead.
1703N/A1211. [bug] dns_name_fromtext() incorrectly handled certain
1703N/A valid octal bitlabels. [RT #2483]
1703N/A1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
1703N/A compatible addresses. [RT #2461]
1703N/A1209. [bug] Dig, host, nslookup were not checking the message ids
1703N/A on the responses. [RT #2454]
1703N/A1208. [bug] dns_master_load*() failed to log a error message if
1703N/A an error was detected when parsing the ownername of
2095N/A1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
684N/A1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
684N/A trigger a non-EDNS retry.
1057N/A1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
1057N/A1204. [bug] libbind: res_nupdate() failed to update the name
1703N/A server addresses before sending the update.
1057N/A1203. [func] Report locations of previous acl and zone definitions
2095N/A when a duplicate is detected.
684N/A1202. [func] New functions: cfg_obj_line() and cfg_obj_file().
2095N/A1201. [bug] Require that if 'callbacks' is passed to
1703N/A dns_rdata_fromtext(), callbacks->error and
1703N/A callbacks->warn are initialized.
2095N/A1200. [bug] Log 'errno' that we are unable to convert to
684N/A isc_result_t. [RT #2404]
684N/A1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
684N/A1198. [bug] OPT printing style was not consistent with the way the
684N/A header fields are printed. The DO bit was not reported
2095N/A if set. Report if any of the MBZ bits are set.
684N/A1197. [bug] Attempts to define the same acl multiple times were not
684N/A1196. [contrib] update mdnkit to 2.2.3.
684N/A1195. [bug] Attempts to redefine builtin acls should be caught.
684N/A1194. [bug] Not all duplicate zone definitions were being detected
684N/A1193. [bug] dig +besteffort parsing didn't handle packet
684N/A truncation. dns_message_parse() has new flag
684N/A DNS_MESSAGE_IGNORETRUNCATION.
684N/A1192. [bug] The seconds fields in LOC records were restricted
684N/A to three decimal places. More decimal places should
684N/A be allowed but warned about.
684N/A1191. [bug] A dynamic update removing the last non-apex name in
684N/A a secure zone would fail. [RT #2399]
2095N/A1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands.
684N/A1189. [bug] On some systems, malloc(0) returns NULL, which
2095N/A could cause the caller to report an out of memory
1703N/A1188. [bug] Dynamic updates of a signed zone would fail if
2095N/A some of the zone private keys were unavailable.
1703N/A1187. [bug] named was incorrectly returning DNSSEC records
1703N/A in negative responses when the DO bit was not set.
1703N/A1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
1703N/A EOL token when reading to end of line.
1057N/A unless RES_INIT is set when calling res_*init().
1057N/A1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
2095N/A when res_*init() is called.
1057N/A1183. [bug] Handle ENOSR error when writing to the internal
1057N/A1182. [bug] The server could throw an assertion failure when
1057N/A constructing a negative response packet.
2095N/A1181. [func] Add the "key-directory" configuration statement,
1057N/A which allows the server to look for online signing
1057N/A keys in alternate directories.
2095N/A1180. [func] dnssec-keygen should always generate keys with
684N/A protocol 3 (DNSSEC), since it's less confusing
1057N/A1179. [func] Add SIG(0) support to nsupdate.
1057N/A1178. [bug] Follow and cache (if appropriate) A6 and other
1057N/A data chains to completion in the additional section.
2095N/A1177. [func] Report view when loading zones if it is not a
1703N/A standard view (_default or _bind). [RT #2270]
1057N/A1176. [doc] Document that allow-v6-synthesis is only performed
1057N/A for clients that are supplied recursive service.
1703N/A1175. [bug] named-checkzone and named-checkconf failed to call
2095N/A dns_result_register() at startup which could
684N/A result in runtime exceptions when printing
684N/A "out of memory" errors. [RT #2335]
2095N/A1174. [bug] Win32: add WSAECONNRESET to the expected errors
2095N/A1173. [bug] Potential memory leaks in isc_log_create() and
2095N/A isc_log_settag(). [RT #2336]
2095N/A1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
2095N/A1171. [func] Added function isc_region_compare(), updated files in
2095N/A1170. [bug] Don't attempt to print the token when a I/O error
2095N/A1169. [func] Identify recursive queries in the query log.
2095N/A1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
2095N/A1167. [contrib] nslint-2.1a3 (from author).
2095N/A1166. [bug] "Not Implemented" should be reported as NOTIMP,
2095N/A1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
2095N/A1164. [bug] Empty masters clauses in slave / stub zones were not
2095N/A handled gracefully. [RT #2262]
2095N/A1163. [func] isc_time_formattimestamp() now includes the year.
2095N/A1162. [bug] The allow-notify option was not accepted in slave
2095N/A1161. [bug] named-checkzone looped on unbalanced brackets.
2095N/A1160. [bug] Generating Diffie-Hellman keys longer than 1024
2095N/A bits could fail. [RT #2241]
2095N/A1159. [bug] MD and MF are not permitted to be loaded by RFC1123.
2095N/A1158. [func] Report the client's address when logging notify
2095N/A1157. [func] match-clients and match-destinations now accept
2095N/A1156. [port] The configure test for strsep() incorrectly
2095N/A succeeded on certain patched versions of
2095N/A1155. [func] Recover from master files being removed from under
2095N/A1154. [bug] Don't attempt to obtain the netmask of a interface
2095N/A if there is no address configured. [RT #2176]
2095N/A1153. [func] 'rndc {stop|halt} -p' now reports the process id
2095N/A of the instance of named being shutdown.
2095N/A1152. [bug] libbind: read buffer overflows.
2095N/A1151. [bug] nslookup failed to check that the arguments to
2095N/A the port, timeout, and retry options were
2095N/A valid integers and in range. [RT #2099]
2095N/A1150. [bug] named incorrectly accepted TTL values
2095N/A containing plus or minus signs, such as
2095N/A1149. [func] New function isc_parse_uint32().
2095N/A1148. [func] 'rndc-confgen -a' now provides positive feedback.
2095N/A1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by
2095N/A the OS. listen-on-v6 { any; }; should no longer
2095N/A result in IPv4 queries be accepted. Similarly
2095N/A control { inet :: ... }; should no longer result
2095N/A in IPv4 connections being accepted. This can be
2095N/A overridden at compile time by defining
2095N/A supported by the OS by a new function
2095N/A by printing nothing. [RT #2065]
2095N/A1144. [bug] rndc-confgen would crash if both the -a and -t
2095N/A options were specified. [RT #2159]
2095N/A1143. [bug] When a trusted-keys statement was present and named
2095N/A was built without crypto support, it would leak memory.
2095N/A1142. [bug] dnssec-signzone would fail to delete temporary files
2095N/A in some failure cases. [RT #2144]
2095N/A1141. [bug] When named rejected a control message, it would
2095N/A leak a file descriptor and memory. It would also
2095N/A fail to respond, causing rndc to hang.
2095N/A1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
2095N/A to the -s option. [RT #2138]
2095N/A1139. [func] It is now possible to flush a given name from the
2095N/A cache(s) via 'rndc flushname name [view]'. [RT #2051]
2095N/A1138. [func] It is now possible to flush a given name from the
2095N/A cache by calling the new function
2095N/A1137. [func] It is now possible to flush a given name from the
2095N/A ADB by calling the new function dns_adb_flushname().
2095N/A1136. [bug] CNAME records synthesized from DNAMEs did not
2095N/A have a TTL of zero as required by RFC2672.
2095N/A1135. [func] You can now override the default syslog() facility for
2095N/A1134. [bug] Multi-threaded servers could deadlock in ferror()
2095N/A when reloading zone files. [RT #1951, #1998]
2095N/A1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on
2095N/A platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]
1057N/A1132. [func] Improve UPDATE prerequisite failure diagnostic messages.
1057N/A1131. [bug] The match-destinations view option did not work with
2095N/A IPv6 destinations. [RT #2073, #2074]
2095N/A1130. [bug] Log messages reporting an out-of-range serial number
2095N/A did not include the out-of-range number but the
2095N/A following token. [RT #2076]
1057N/A1129. [bug] Multi-threaded servers could crash under heavy
1057N/A resolution load due to a race condition. [RT #2018]
2095N/A1128. [func] sdb drivers can now provide RR data in either text
2095N/A or wire format, the latter using the new functions
2095N/A dns_sdb_putrdata() and dns_sdb_putnamedrdata().
1057N/A1127. [func] rndc: If the server to contact has multiple addresses,
2095N/A1126. [bug] The server could access a freed event if shut
2095N/A down while a client start event was pending
2095N/A1125. [bug] rndc: -k option was missing from usage message.
1703N/A1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
2095N/A are now documented. [RT #2052]
1703N/A1123. [bug] dig +[no]fail did not match description. [RT #2052]
1703N/A1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
1057N/A1121. [bug] The server could attempt to access a NULL zone
1057N/A table if shut down while resolving.
2095N/A1120. [bug] Errors in options were not fatal. [RT #2002]
1703N/A1118. [bug] On multi-threaded servers, a race condition
1703N/A during resolver shutdown. [RT #2029]
1703N/A1117. [port] The configure check for in6addr_loopback incorrectly
1703N/A succeeded on AIX 4.3 when compiling with -O2
1703N/A because the test code was optimized away.
2095N/A1116. [bug] Setting transfers in a server clause, transfers-in,
2095N/A or transfers-per-ns to a value greater than
2095N/A 2147483647 disabled transfers. [RT #2002]
2095N/A1115. [func] Set maximum values for cleaning-interval,
2095N/A heartbeat-interval, interface-interval,
2095N/A max-transfer-idle-in, max-transfer-idle-out,
1703N/A max-transfer-time-in, max-transfer-time-out,
1703N/A statistics-interval of 28 days and
1703N/A sig-validity-interval of 3660 days. [RT #2002]
1703N/A1114. [port] Ignore more accept() errors. [RT #2021]
1703N/A1113. [bug] The allow-update-forwarding option was ignored
1703N/A when specified in a view. [RT #2014]
2095N/A1111. [bug] Multi-threaded servers could deadlock processing
2095N/A recursive queries due to a locking hierarchy
1703N/A1110. [bug] dig should only accept valid abbreviations of +options.
1703N/A1109. [bug] nsupdate accepted illegal ttl values.
1703N/A1108. [bug] On Win32, rndc was hanging when named was not running
1703N/A due to failure to select for exceptional conditions
1703N/A1107. [bug] nsupdate could catch an assertion failure if an
1703N/A invalid domain name was given as the argument to
1703N/A1106. [bug] After seeing an out of range TTL, nsupdate would
2095N/A treat all TTLs as out of range. [RT #2001]
1703N/A1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
1703N/A1104. [bug] Invalid arguments to the transfer-format option
2095N/A could cause an assertion failure. [RT #1995]
1703N/A1102. [doc] Note that query logging is enabled by directing the
2095N/A queries category to a channel.
2095N/A1101. [bug] Array bounds read error in lwres_gai_strerror.
2095N/A1100. [bug] libbind: DNSSEC key ids were computed incorrectly.
684N/A1098. [bug] libbind: HMAC-MD5 key files are now mode 0600.
1057N/A1097. [func] libbind: RES_PRF_TRUNC for dig.
2095N/A1096. [func] libbind: "DNSSEC OK" (DO) support.
1057N/A1095. [func] libbind: resolver option: no-tld-query. disables
1057N/A trying unqualified as a tld. no_tld_query is also
2095N/A supported for FreeBSD compatibility.
1057N/A1094. [func] libbind: add support gcc's format string checking.
1057N/A1093. [doc] libbind: miscellaneous nroff fixes.
1057N/A1092. [bug] libbind: get*by*() failed to check if res_init() had
1703N/A1091. [bug] libbind: misplaced va_end().
1703N/A the amount of memory consumed resulting in garbage
2095N/A address being returned. Alignment calculations were
1703N/A wasting space. We weren't suppressing duplicate
2095N/A1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
1703N/A1087. [bug] libbind: struct __res_state too large on 64 bit arch.
2095N/A1086. [port] libbind: sunos: old sprintf.
1703N/A1085. [port] libbind: solaris: sys_nerr and sys_errlist do not
1703N/A exist when compiling in 64 bit mode.
2095N/A1084. [cleanup] libbind: gai_strerror() rewritten.
1703N/A1083. [bug] The default control channel listened on the
1703N/A wildcard address, not the loopback as documented.
2095N/A1082. [bug] The -g option to named incorrectly caused logging
2095N/A to be sent to syslog in addition to stderr.
684N/A1081. [bug] Multicast queries were incorrectly identified
1057N/A based on the source address, not the destination
1057N/A1080. [bug] BIND 8 compatibility: accept bare IP prefixes
1057N/A as the second element of a two-element top level
1703N/A sort list statement. [RT #1964]
1703N/A1079. [bug] BIND 8 compatibility: accept bare elements at top
1703N/A level of sort list treating them as if they were
2095N/A a single element list. [RT #1963]
2095N/A1078. [bug] We failed to correct bad tv_usec values in one case.
2095N/A1077. [func] Do not accept further recursive clients when
2095N/A the total number of recursive lookups being
2095N/A processed exceeds max-recursive-clients, even
2095N/A if some of the lookups are internally generated.
684N/A1076. [bug] A badly defined global key could trigger an assertion
2095N/A1075. [bug] Out-of-range network prefix lengths were not
2095N/A1074. [bug] Running out of memory in dump_rdataset() could
2095N/A cause an assertion failure. [RT #1946]
1057N/A1073. [bug] The ADB cache cleaning should also be space driven.
1057N/A1072. [bug] The TCP client quota could be exceeded when
1703N/A recursion occurred. [RT #1937]
1703N/A1071. [bug] Sockets listening for TCP DNS connections
2095N/A specified an excessive listen backlog. [RT #1937]
1057N/A1070. [bug] Copy DNSSEC OK (DO) to response as specified by
1703N/A1068. [bug] errno could be overwritten by catgets(). [RT #1921]
2095N/A1067. [func] Allow quotas to be soft, isc_quota_soft().
2095N/A1066. [bug] Provide a thread safe wrapper for strerror().
2095N/A1065. [func] Runtime support to select new / old style interface
2095N/A1064. [bug] Do not shut down active network interfaces if we
2095N/A are unable to scan the interface list. [RT #1921]
2095N/A1063. [bug] libbind: "make install" was failing on IRIX.
2095N/A1062. [bug] If the control channel listener socket was shut
1703N/A down before server exit, the listener object could
2095N/A1061. [bug] If periodic cache cleaning happened to start
2095N/A while cleaning due to reaching the configured
1703N/A maximum cache size was in progress, the server
1703N/A could catch an assertion failure. [RT #1912]
1057N/A1060. [func] Move refresh, stub and notify UDP retry processing
2095N/A1059. [func] dns_request now support will now retry UDP queries,
2095N/A dns_request_createvia2() and dns_request_createraw2().
1703N/A1058. [func] Limited lifetime ticker timers are now available,
2095N/A1057. [bug] Reloading the server after adding a "file" clause
2095N/A to a zone statement could cause the server to
684N/A crash due to a typo in change 1016.
1057N/A1056. [bug] Rndc could catch an assertion failure on SIGINT due
2095N/A to an uninitialized variable. [RT #1908]
684N/A1055. [func] Version and hostname queries can now be disabled
1703N/A using "version none;" and "hostname none;",
2095N/A1054. [bug] On Win32, cfg_categories and cfg_modules need to be
1057N/A exported from the libisccfg DLL.
1057N/A1053. [bug] Dig did not increase its timeout when receiving
2095N/A AXFRs unless the +time option was used. [RT #1904]
1057N/A1052. [bug] Journals were not being created in binary mode
1057N/A resulting in "journal format not recognized" error
1057N/A1051. [bug] Do not ignore a network interface completely just
1057N/A because it has a noncontiguous netmask. Instead,
1057N/A omit it from the localnets ACL and issue a warning.
2095N/A1050. [bug] Log messages reporting malformed IP addresses in
2095N/A address lists such as that of the forwarders option
2095N/A failed to include the correct error code, file
2095N/A name, and line number. [RT #1890]
2095N/A1049. [func] "pid-file none;" will disable writing a pid file.
2095N/A1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
1703N/A1047. [bug] named was incorrectly refusing all requests signed
1057N/A with a TSIG key derived from an unsigned TKEY
1057N/A negotiation with a NOERROR response. [RT #1886]
1703N/A1046. [bug] The help message for the --with-openssl configure
1703N/A option was inaccurate. [RT #1880]
2095N/A1045. [bug] It was possible to skip saving glue for a nameserver
1057N/A1044. [bug] Specifying allow-transfer, notify-source, or
2095N/A notify-source-v6 in a stub zone was not treated
2095N/A1043. [bug] Specifying a transfer-source or transfer-source-v6
2095N/A option in the zone statement for a master zone was
1703N/A not treated as an error. [RT #1876]
1703N/A1042. [bug] The "config" logging category did not work properly.
2095N/A on SIGINT due to an uninitialized variable. [RT #1867]
2095N/A1040. [bug] Multiple listen-on-v6 options with different ports
2095N/A were not accepted. [RT #1875]
1057N/A1039. [bug] Negative responses with CNAMEs in the answer section
1057N/A were cached incorrectly. [RT #1862]
1057N/A1038. [bug] In servers configured with a tkey-domain option,
684N/A TKEY queries with an owner name other than the root
1057N/A could cause an assertion failure. [RT #1866, #1869]
1703N/A1037. [bug] Negative responses whose authority section contain
1703N/A SOA or NS records whose owner names are not equal
1703N/A equal to or parents of the query name should be
1057N/A1036. [func] Silently drop requests received via multicast as
1057N/A long as there is no final multicast DNS standard.
1703N/A1035. [bug] If we respond to multicast queries (which we
1703N/A currently do not), respond from a unicast address
1703N/A as specified in RFC 1123. [RT #137]
2095N/A1034. [bug] Ignore the RD bit on multicast queries as specified
2095N/A1033. [bug] Always respond to requests with an unsupported opcode
2095N/A with NOTIMP, even if we don't have a matching view
2095N/A or cannot determine the class.
1703N/A the machine hosting the nameserver. This is useful
2095N/A in diagnosing problems with anycast servers.
1703N/A exited with an error rather than defaulting
1703N/A to using the loopback address. [RT #1836]
2095N/A of the configuration file to return a failure
2095N/A status even though they were logged. [RT #1847]
2095N/A in the wrong directory. [RT #1833]
2095N/A1027. [bug] RRs having the reserved type 0 should be rejected.
1703N/A1025. [bug] Don't use multicast addresses to resolve iterative
1703N/A1024. [port] Compilation failed on HP-UX 11.11 due to
1703N/A incompatible use of the SIOCGLIFCONF macro
1703N/A1023. [func] Accept hints without TTLs.
2095N/A1022. [bug] Don't report empty root hints as "extra data".
1109N/A1021. [bug] On Win32, log message timestamps were one month
1109N/A later than they should have been, and the server
1109N/A would exhibit unspecified behavior in December.
1703N/A1020. [bug] IXFR log messages did not distinguish between
1703N/A true IXFRs, AXFR-style IXFRs, and mere version
1703N/A1019. [bug] The value of the lame-ttl option was limited to 18000
2095N/A seconds, not 1800 seconds as documented. [RT #1803]
1057N/A1018. [bug] The default log channel was not always initialized
1057N/A1017. [bug] When specifying TSIG keys to dig and nsupdate using
1703N/A the -k option, they must be HMAC-MD5 keys. [RT #1810]
2095N/A1016. [bug] Slave zones with no backup file were re-transferred
1703N/A1015. [bug] Log channels that had a "versions" option but no
2095N/A "size" option failed to create numbered log
1703N/A1014. [bug] Some queries would cause statistics counters to
2095N/A increment more than once or not at all. [RT #1321]
1703N/A1013. [bug] It was possible to cancel a query twice when marking
1703N/A a server as bogus or by having a blackhole acl.
1703N/A1012. [bug] The -p option to named did not behave as documented.
1703N/A1011. [cleanup] Removed isc_dir_current().
2095N/A1010. [bug] The server could attempt to execute a command channel
1703N/A command after initiating server shutdown, causing
1703N/A an assertion failure. [RT #1766]
1703N/A1009. [port] OpenUNIX 8 support. [RT #1728]
2095N/A1006. [bug] If a KEY RR was found missing during DNSSEC validation,
1703N/A an assertion failure could subsequently be triggered
1703N/A in the resolver. [RT #1763]
2095N/A1005. [bug] Don't copy nonzero RCODEs from request to response.
1703N/A1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770]
2095N/A1003. [func] Add the +retry option to dig.
1703N/A including the file name and line number. [RT #1759]
2095N/A1001. [bug] win32 socket code doio_recv was not catching a
2095N/A WSACONNRESET error when a client was timing out
2095N/A the request and closing its socket. [RT #1745]
2095N/A1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias
2095N/A 999. [func] "rndc retransfer zone [class [view]]" added.
2095N/A 998. [func] named-checkzone now has arguments to specify the
1703N/A chroot directory (-t) and working directory (-w).
1703N/A 997. [func] Add support for RSA-SHA1 keys (RFC3110).
2095N/A 996. [func] Issue warning if the configuration filename contains
1703N/A 995. [bug] dig, host, nslookup: using a raw IPv6 address as a
1703N/A target address should be fatal on a IPv4 only system.
2095N/A 994. [func] Treat non-authoritative responses to queries for type
2095N/A NS as referrals even if the NS records are in the
2095N/A answer section, because BIND 8 servers incorrectly
2095N/A send them that way. This is necessary for DNSSEC
2095N/A validation of the NS records of a secure zone to
2095N/A succeed when the parent is a BIND 8 server. [RT #1706]
2095N/A 993. [func] dig: -v now reports the version.
2095N/A 992. [doc] dig: ~/.digrc is now documented.
2095N/A 991. [func] Lower UDP refresh timeout messages to level
2095N/A 990. [bug] The rndc-confgen man page was not installed.
2095N/A 989. [bug] Report filename if $INCLUDE fails for file related
2095N/A 988. [bug] 'additional-from-auth no;' did not work reliably
2095N/A in the case of queries answered from the cache.
2095N/A 987. [bug] "dig -help" didn't show "+[no]stats".
2095N/A 986. [bug] "dig +noall" failed to clear stats and command
2095N/A 985. [func] Consider network interfaces to be up iff they have
2095N/A a nonzero IP address rather than based on the
2095N/A 984. [bug] Multi-threading should be enabled by default on
2095N/A Solaris 2.7 and newer, but it wasn't.
2095N/A 983. [func] The server now supports generating IXFR difference
2095N/A sequences for non-dynamic zones by comparing zone
2095N/A versions, when enabled using the new config
2095N/A option "ixfr-from-differences". [RT #1727]
2095N/A 982. [func] If "memstatistics-file" is set in options the memory
2095N/A statistics will be written to it.
2095N/A 981. [func] The dnssec tools can now take multiple '-r randomfile'
2095N/A 980. [bug] Incoming zone transfers restarting after an error
2095N/A could trigger an assertion failure. [RT #1692]
2095N/A 979. [func] Incremental master file dumping. dns_master_dumpinc(),
2095N/A dns_master_dumptostreaminc(), dns_dumpctx_attach(),
2095N/A dns_dumpctx_detach(), dns_dumpctx_cancel(),
2095N/A dns_dumpctx_db() and dns_dumpctx_version().
2095N/A 978. [bug] dns_db_attachversion() had an invalid REQUIRE()
2095N/A 977. [bug] Improve "not at top of zone" error message.
2095N/A 976. [func] named-checkconf can now test load master zones
1703N/A (named-checkconf -z). [RT #1468]
1703N/A 975. [bug] "max-cache-size default;" as a view option
1703N/A caused an assertion failure.
1703N/A 974. [bug] "max-cache-size unlimited;" as a global option
2095N/A 973. [bug] Failed to log the question name when logging:
1703N/A "bad zone transfer request: non-authoritative zone
2095N/A 972. [bug] The file modification time code in
zone.c was using the
2095N/A 970. [func] 'max-journal-size' can now be used to set a target
2095N/A 969. [func] dig now supports the undocumented dig 8 feature
1703N/A of allowing arbitrary labels, not just dotted
1703N/A decimal quads, with the -x option. This can be
1703N/A used to conveniently look up RFC2317 names as in
2095N/A "dig -x 10.0.0.0-127". [RT #827, #1576, #1598]
1703N/A 968. [bug] On win32, the isc_time_now() function was unnecessarily
1703N/A calling strtime(). [RT #1671]
2095N/A 967. [bug] On win32, the link for bindevt was not including the
2095N/A required resource file to enable the event viewer
2095N/A to interpret the error messages in the event log,
2095N/A 965. [bug] Including data other than root server NS and A
2095N/A records in the root hint file could cause a rbtdb
2095N/A node reference leak. [RT #1581, #1618]
2095N/A 964. [func] Warn if data other than root server NS and A records
2095N/A are found in the root hint file. [RT #1581, #1618]
2095N/A 963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
1703N/A 962. [bug] libbind: bad "#undef", don't attempt to install
2095N/A 961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
1703N/A was not defined. [RT #1482]
1703N/A 960. [port] liblwres failed to build on systems with support for
2095N/A getrrsetbyname() in the OS. [RT #1592]
1703N/A 959. [port] On FreeBSD, determine the number of CPUs by calling
1703N/A 958. [port] ssize_t is not available on all platforms. [RT #1607]
1703N/A 956. [bug] ns_g_autorndcfile changed to ns_g_keyfile
1703N/A change #953. win32 .make file for rndc-confgen
1703N/A 955. [bug] When using views, the zone's class was not being
1703N/A inherited from the view's class. [RT #1583]
1057N/A 954. [bug] When requesting AXFRs or IXFRs using dig, host, or
1057N/A nslookup, the RD bit should not be set as zone
1057N/A transfers are inherently nonrecursive. [RT #1575]
2095N/A named and rndc will look for this file and use
2095N/A it to configure a default control channel key
2095N/A if not already configured using a different
1703N/A it must be created by manually running
1703N/A 952. [bug] The server required manual intervention to serve the
1703N/A affected zones if it died between creating a journal
2095N/A and committing the first change to it.
1057N/A 951. [bug] CFLAGS was not passed to the linker when
1057N/A linking some of the test programs under
2095N/A 950. [bug] Explicit TTLs did not properly override $TTL
2095N/A due to a bug in change 834. [RT #1558]
2095N/A 949. [bug] host was unable to print records larger than 512
2095N/A 948. [port] Integrated support for building on Windows NT /
1703N/A 947. [bug] dns_rdata_soa_t had a badly named element "mname" which
1703N/A was really the RNAME field from RFC1035. To avoid
1703N/A confusion and silent errors that would occur it the
2095N/A "origin" and "mname" elements were given their correct
1703N/A names "mname" and "rname" respectively, the "mname"
1703N/A element is renamed to "contact".
1703N/A configuration parser syntax tables, and therefore
1703N/A 945. [func] Add the new view-specific options
2095N/A "match-destinations" and "match-recursive-only".
1703N/A 944. [func] Check for expired signatures on load.
1703N/A 943. [bug] The server could crash when receiving a command
2095N/A via rndc if the configuration file listed only
1703N/A nonexistent keys in the controls statement. [RT #1530]
1703N/A 942. [port] libbind: GETNETBYADDR_ADDR_T was not correctly
1703N/A 941. [bug] The configuration checker crashed if a slave
1703N/A zone didn't contain a masters statement. [RT #1514]
1703N/A 940. [bug] Double zone locking failure on error path. [RT #1510]
1703N/A 939. [port] Add the --disable-linux-caps option to configure for
1703N/A systems that manage capabilities outside of named.
1703N/A 937. [bug] A race when shutting down a zone could trigger a
2095N/A INSIST() failure. [RT #1034]
1703N/A 936. [func] Warn about IPv4 addresses that are not complete
1703N/A 935. [bug] inet_pton failed to reject leading zeros.
1703N/A 934. [port] Deal with systems where accept() spuriously returns
1703N/A 933. [bug] configure failed doing libbind on platforms not
1703N/A supported by BIND 8. [RT #1496]
1703N/A 932. [bug] Use INSTALL_SCRIPT, not INSTALL_PROGRAM,
2095N/A 931. [bug] The controls statement only attempted to verify
2095N/A messages using the first key in the key list.
2095N/A 930. [func] Query performance testing tool added as
2095N/A 928. [bug] nsupdate would send empty update packets if the
2095N/A send (or empty line) command was run after
2095N/A another send but before any new updates or
1703N/A prerequisites were specified. It should simply
2095N/A 927. [bug] Don't hold the zone lock for the entire dump to disk.
1703N/A 926. [bug] The resolver could deadlock with the ADB when
1703N/A shutting down (multi-threaded builds only).
1703N/A 925. [cleanup] Remove openssl from the distribution; require that
1703N/A --with-openssl be specified if DNSSEC is needed.
2095N/A 924. [port] Extend support for pre-RFC2133 IPv6 implementation.
1703N/A 923. [bug] Multiline TSIG secrets (and other multiline strings)
1703N/A 922. [func] Added two new lwres_getrrsetbyname() result codes,
2095N/A 921. [bug] lwres returned an incorrect error code if it received
1703N/A 920. [func] Increase the lwres receive buffer size to 16K.
2095N/A 918. [func] In nsupdate, TSIG errors are no longer treated as
2095N/A 917. [func] New nsupdate command 'key', allowing TSIG keys to
2095N/A be specified in the nsupdate command stream rather
1703N/A 916. [bug] Specifying type ixfr to dig without specifying
1703N/A a serial number failed in unexpected ways.
1703N/A 915. [func] The named-checkconf and named-checkzone programs
1703N/A now have a '-v' option for printing their version.
2095N/A 914. [bug] Global 'server' statements were rejected when
1703N/A using views, even though they were accepted
1703N/A 913. [bug] Cache cleaning was not sufficiently aggressive.
1703N/A 912. [bug] Attempts to set the 'additional-from-cache' or
2095N/A 'additional-from-auth' option to 'no' in a
1703N/A server with recursion enabled will now
1703N/A be ignored and cause a warning message.
2095N/A 910. [port] Some pre-RFC2133 IPv6 implementations do not define
2095N/A IN6ADDR_ANY_INIT. [RT #1416]
1703N/A 908. [func] New program, rndc-confgen, to simplify setting up rndc.
1703N/A 907. [func] The ability to get entropy from either the
2095N/A random device, a user-provided file or from
1703N/A the keyboard was migrated from the DNSSEC tools
1703N/A to libisc as isc_entropy_usebestsource().
2095N/A 906. [port] Separated the system independent portion of
2095N/A 905. [bug] Configuring a forward "zone" for the root domain
1703N/A 904. [bug] The server would leak memory if attempting to use
2095N/A an expired TSIG key. [RT #1406]
1703N/A 903. [bug] dig should not crash when receiving a TCP packet
1703N/A 902. [bug] The -d option was ignored if both -t and -g were also
2095N/A string of FreeBSD systems; configure and
1703N/A due to inappropriate use of a void value.
1703N/A [RT #1372, #1373, #1386, #1387, #1395]
1703N/A 898. [bug] "dig" failed to set a nonzero exit status
1703N/A on UDP query timeout. [RT #1323]
1703N/A string of UnixWare systems; configure now recognizes
1703N/A 896. [bug] If a configuration file is set on named's command line
1703N/A and it has a relative pathname, the current directory
2095N/A (after any possible jailing resulting from named -t)
1703N/A will be prepended to it so that reloading works
1703N/A properly even when a directory option is present.
1703N/A 895. [func] New function, isc_dir_current(), akin to POSIX's
2095N/A 894. [bug] When using the DNSSEC tools, a message intended to warn
2095N/A when the keyboard was being used because of the lack
2095N/A of a suitable random device was not being printed.
2095N/A 893. [func] Removed isc_file_test() and added isc_file_exists()
2095N/A for the basic functionality that was being added
2095N/A 891. [bug] Return an error when a SIG(0) signed response to
2095N/A an unsigned query is seen. This should actually
2095N/A do the verification, but it's not currently
2095N/A 890. [cleanup] The man pages no longer require the mandoc macros
2095N/A and should now format cleanly using most versions of
2095N/A nroff, and HTML versions of the man pages have been
2095N/A added. Both are generated from DocBook source.
2095N/A 889. [port] Eliminated blank lines before .TH in nroff man
2095N/A pages since they cause problems with some versions
2095N/A 888. [bug] Don't die when using TKEY to delete a nonexistent
2095N/A 887. [port] Detect broken compilers that can't call static
2095N/A functions from inline functions. [RT #1212]
2095N/A 866. [func] Close debug only file channels when debug is set to
2095N/A 865. [bug] The new configuration parser did not allow
2095N/A the optional debug level in a "severity debug"
2095N/A clause of a logging channel to be omitted.
2095N/A This is now allowed and treated as "severity
2095N/A debug 1;" like it does in BIND 8.2.4, not as
2095N/A "severity debug 0;" like it did in BIND 9.1.
2095N/A 864. [cleanup] Multi-threading is now enabled by default on
2095N/A OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.
2095N/A 863. [bug] If an error occurred while an outgoing zone transfer
2095N/A was starting up, the server could access a domain
2095N/A name that had already been freed when logging a
2095N/A message saying that the transfer was starting.
2095N/A 862. [bug] Use after realloc(), non portable pointer arithmetic in
2095N/A 861. [port] Add support for Mac OS X, by making it equivalent
2095N/A file shipped with Mac OS X. [RT #1355]
2095N/A 860. [func] Drop cross class glue in zone transfers.
2095N/A 859. [bug] Cache cleaning now won't swamp the CPU if there
2095N/A is a persistent overlimit condition.
2095N/A 858. [func] isc_mem_setwater() no longer requires that when the
2095N/A callback function is non-NULL then its hi_water
2095N/A argument must be greater than its lo_water argument
2095N/A (they can now be equal) or that they be non-zero.
2095N/A 857. [cleanup] Use ISC_MAGIC() to define all magic numbers for
2095N/A structs, for our friends in EBCDIC-land.
2095N/A 856. [func] Allow partial rdatasets to be returned in answer and
2095N/A authority sections to help non-TCP capable clients
2095N/A recover from truncation. [RT #1301]
2095N/A 855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings.
2095N/A 854. [bug] The config parser didn't properly handle config
2095N/A options that were specified in units of time other
2095N/A 853. [bug] configure_view_acl() failed to detach existing acls.
2095N/A 852. [bug] Handle responses from servers which do not know
2095N/A 851. [cleanup] The obsolete support-ixfr option was not properly
2095N/A 850. [bug] dns_rbt_findnode() would not find nodes that were
2095N/A split on a bitstring label somewhere other than in
2095N/A the last label of the node. [RT #1351]
2095N/A 848. [func] A minimum max-cache-size of two megabytes is enforced
2095N/A 847. [func] Added isc_file_test(), which currently only has
2095N/A some very basic functionality to test for the
2095N/A existence of a file, whether a pathname is absolute,
2095N/A or whether a pathname is the fundamental representation
2095N/A of the current directory. It is intended that this
2095N/A function can be expanded to test other things a
2095N/A programmer might want to know about a file.
2095N/A 846. [func] A non-zero 'param' to dst_key_generate() when making an
2095N/A hmac-md5 key means that good entropy is not required.
2095N/A 845. [bug] The access rights on the public file of a symmetric
2095N/A key are now restricted as soon as the file is opened,
2095N/A rather than after it has been written and closed.
2095N/A or if any inet phrase of a controls statement is
2095N/A lacking a keys clause, then a key will be automatically
2095N/A will use this file only if its normal configuration
2095N/A file, or one provided on the command line, does not
2095N/A 842. [func] 'rndc flush' now takes an optional view.
2095N/A 841. [bug] When sdb modules were not declared threadsafe, their
2095N/A create and destroy functions were not serialized.
2095N/A 840. [bug] The config file parser could print the wrong file
2095N/A name if an error was detected after an included file
2095N/A 839. [func] Dump packets for which there was no view or that the
2095N/A class could not be determined to category "unmatched".
2095N/A 837. [cleanup] Multi-threading is now enabled by default only on
2095N/A OSF1, Solaris 2.7 and newer, and AIX.
2095N/A 836. [func] Upgraded libtool to 1.4.
2095N/A 835. [bug] The dispatcher could enter a busy loop if
2095N/A it got an I/O error receiving on a UDP socket.
2095N/A 834. [func] Accept (but warn about) master files beginning with
2095N/A an SOA record without an explicit TTL field and
2095N/A lacking a $TTL directive, by using the SOA MINTTL
2095N/A as a default TTL. This is for backwards compatibility
2095N/A with old versions of BIND 8, which accepted such
2095N/A files without warning although they are illegal
2095N/A all the integer-valued fields of the SOA RR.
2095N/A should depend on --sysconfdir like it does in named.
2095N/A 830. [func] Implement 'rndc status'.
2095N/A 829. [bug] The DNS_R_ZONECUT result code should only be returned
2095N/A when an ANY query is made with DNS_DBFIND_GLUEOK set.
2095N/A In all other ANY query cases, returning the delegation
2095N/A 828. [bug] The errno value from recvfrom() could be overwritten
2095N/A by logging code. [RT #1293]
2095N/A 827. [bug] When an IXFR protocol error occurs, the slave
2095N/A 826. [bug] Some IXFR protocol errors were not detected.
2095N/A 825. [bug]
zone.c:ns_query() detached from the wrong zone
2095N/A 824. [bug] Correct line numbers reported by dns_master_load().
2095N/A 823. [func] The output of "dig -h" now goes to stdout so that it
2095N/A can easily be piped through "more". [RT #1254]
2095N/A 822. [bug] Sending nxrrset prerequisites would crash nsupdate.
2095N/A 821. [bug] The program name used when logging to syslog should
2095N/A be stripped of leading path components.
2095N/A 820. [bug] Name server address lookups failed to follow
2095N/A A6 chains into the glue of local authoritative
2095N/A 819. [bug] In certain cases, the resolver's attempts to
2095N/A restart an address lookup at the root could cause
2095N/A the fetch to deadlock (with itself) instead of
2095N/A 818. [bug] Certain pathological responses to ANY queries could
2095N/A cause an assertion failure. [RT #1218]
2095N/A 817. [func] Adjust timeouts for dialup zone queries.
2095N/A 816. [bug] Report potential problems with log file accessibility
2095N/A at configuration time, since such problems can't
2095N/A reliably be reported at the time they actually occur.
2095N/A 815. [bug] If a log file was specified with a path separator
2095N/A character (
i.e. "/") in its name and the directory
2095N/A did not exist, the log file's name was treated as
2095N/A though it were the directory name. [RT #1189]
2095N/A 814. [bug] Socket objects left over from accept() failures
2095N/A were incorrectly destroyed, causing corruption
2095N/A of socket manager data structures.
2095N/A 813. [bug] File descriptors exceeding FD_SETSIZE were handled
2095N/A 812. [bug] dig sometimes printed incomplete IXFR responses
2095N/A due to an uninitialized variable. [RT #1188]
2095N/A 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
2095N/A 810. [bug] The signer name in SIG records was not properly
2095N/A 809. [bug] Configuring a non-local address as a transfer-source
2095N/A could cause an assertion failure during load.
2095N/A 808. [func] Add 'rndc flush' to flush the server's cache.
2095N/A 807. [bug] When setting up TCP connections for incoming zone
2095N/A transfers, the transfer-source port was not
2095N/A 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
2095N/A the calling stack to the zone maintence level, causing
2095N/A zones to not reload when an included file was touched
2095N/A but the top-level zone file was not.
2095N/A 805. [bug] When using "forward only", missing root hints should
2095N/A not cause queries to fail. [RT #1143]
2095N/A 804. [bug] Attempting to obtain entropy could fail in some
2095N/A situations. This would be most common on systems
2095N/A with user-space threads. [RT #1131]
2095N/A 803. [bug] Treat all SIG queries as if they have the CD bit set,
2095N/A otherwise no data will be returned [RT #749]
2095N/A 802. [bug] DNSSEC key tags were computed incorrectly in almost
2095N/A 801. [bug] nsupdate should treat lines beginning with ';' as
2095N/A 800. [bug] dnssec-signzone produced incorrect statistics for
2095N/A 799. [bug] The ADB didn't find AAAA glue in a zone unless A6
1703N/A 798. [bug] nsupdate should be able to reject bad input lines
1703N/A 797. [func] Issue a warning if the 'directory' option contains
2095N/A 796. [func] When a size limit is associated with a log file,
2095N/A only roll it when the size is reached, not every
2095N/A time the log file is opened. [RT #1096]
2095N/A 795. [func] Add the +multiline option to dig. [RT #1095]
2095N/A 794. [func] Implement the "port" and "default-port" statements
2095N/A 793. [cleanup] The DNSSEC tools could create filenames that were
1703N/A illegal or contained shell metacharacters. They
1703N/A now use a different text encoding of names that
1703N/A doesn't have these problems. [RT #1101]
2095N/A 792. [cleanup] Replace the OMAPI command channel protocol with a
2095N/A 791. [bug] The command channel now works over IPv6.
1703N/A 790. [bug] Wildcards created using dynamic update or IXFR
1703N/A could fail to match. [RT #1111]
1057N/A 789. [bug] The "localhost" and "localnets" ACLs did not match
1703N/A when used as the second element of a two-element
1703N/A 788. [func] Add the "match-mapped-addresses" option, which
1703N/A causes IPv6 v4mapped addresses to be treated as
1703N/A IPv4 addresses for the purpose of acl matching.
1703N/A 787. [bug] The DNSSEC tools failed to downcase domain
1703N/A names when mapping them into file names.
2095N/A 785. [bug] A race condition in the resolver could cause
1703N/A an assertion failure. [RT #673, #872, #1048]
1703N/A 784. [bug] nsupdate and other programs would not quit properly
1703N/A if some signals were blocked by the caller. [RT #1081]
1703N/A 783. [bug] Following CNAMEs could cause an assertion failure
1703N/A when either using an sdb database or under very
1703N/A 782. [func] Implement the "serial-query-rate" option.
2095N/A 781. [func] Avoid error packet loops by dropping duplicate FORMERR
1703N/A 780. [bug] Error handling code dealing with out of memory or
2095N/A other rare errors could lead to assertion failures
1703N/A by calling functions on unitialized names. [RT #1065]
1703N/A 779. [func] Added the "minimal-responses" option.
2095N/A 778. [bug] When starting cache cleaning, cleaning_timer_action()
2095N/A returned without first pausing the iterator, which
2095N/A could cause deadlock. [RT #998]
2095N/A 777. [bug] An empty forwarders list in a zone failed to override
2095N/A global forwarders. [RT #995]
2095N/A 776. [func] Improved error reporting in denied messages. [RT #252]
2095N/A 774. [func] max-cache-size is implemented.
2095N/A 773. [func] Added isc_rwlock_trylock() to attempt to lock without
2095N/A 772. [bug] Owner names could be incorrectly omitted from cache
2095N/A dumps in the presence of negative caching entries.
2095N/A 771. [cleanup] TSIG errors related to unsynchronized clocks
2095N/A are logged better. [RT #919]
2095N/A 770. [func] Add the "edns yes_or_no" statement to the server
2095N/A 769. [func] Improved error reporting when parsing rdata. [RT #740]
2095N/A 768. [bug] The server did not emit an SOA when a CNAME
2095N/A or DNAME chain ended in NXDOMAIN in an
1057N/A 766. [bug] A few cases in query_find() could leak fname.
1703N/A This would trigger the mpctx->allocated == 0
1703N/A assertion when the server exited.
1057N/A [RT #739, #776, #798, #812, #818, #821, #845,
1703N/A 765. [func] ACL names are once again case insensitive, like
1703N/A 764. [func] Configuration files now allow "include" directives
1703N/A in more places, such as inside the "view" statement.
1703N/A 763. [func] Configuration files no longer have reserved words.
1703N/A 761. [bug] _REENTRANT was still defined when building with
1703N/A 760. [contrib] Significant enhancements to the pgsql sdb driver.
1703N/A 759. [bug] The resolver didn't turn off "avoid fetches" mode
1703N/A when restarting, possibly causing resolution
2095N/A to fail when it should not. This bug only affected
1057N/A platforms which support both IPv4 and IPv6. [RT #927]
1703N/A 758. [bug] The "avoid fetches" code did not treat negative
1703N/A cache entries correctly, causing fetches that would
1057N/A be useful to be avoided. This bug only affected
1703N/A platforms which support both IPv4 and IPv6. [RT #927]
1703N/A 757. [func] Log zone transfers.
1703N/A 756. [bug] dns_zone_load() could "return" success when no master
1703N/A 754. [bug] Certain failure conditions sending UDP packets
1703N/A could cause the server to retry the transmission
2095N/A 753. [bug] dig, host, and nslookup would fail to contact a
1703N/A remote server if getaddrinfo() returned an IPv6
1703N/A address on a system that doesn't support IPv6.
1703N/A 752. [func] Correct bad tv_usec elements returned by
1703N/A 751. [func] Log successful zone loads / transfers. [RT #898]
1703N/A 750. [bug] A query should not match a DNAME whose trust level
2095N/A 749. [bug] When a query matched a DNAME in a secure zone, the
2095N/A server did not return the signature of the DNAME.
1703N/A 747. [bug] The code to determine whether an IXFR was possible
1703N/A did not properly check for a database that could
2095N/A not have a journal. [RT #865, #908]
1703N/A 746. [bug] The sdb didn't clone rdatasets properly, causing
1703N/A a crash when the server followed delegations. [RT #905]
2095N/A 745. [func] Report the owner name of records that fail
1703N/A semantic checks while loading.
1703N/A 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the
1703N/A result of an ANY or SIG query, the resolver failed
1703N/A to setup the return event's rdatasets, causing an
684N/A assertion failure in the query code. [RT #881]
1703N/A 743. [bug] Receiving a large number of certain malformed
1703N/A answers could cause named to stop responding.
1703N/A 741. [port] Support openssl-engine. [RT #709]
1703N/A 740. [port] Handle openssl library mismatches slightly better.
1703N/A assuming it will be there for only a predefined
1703N/A 738. [bug] If a non-threadsafe sdb driver supported AXFR and
2095N/A received an AXFR request, it would deadlock or die
684N/A with an assertion failure. [RT #852]
2095N/A 736. [func] New functions isc_task_{begin,end}exclusive().
1057N/A 735. [doc] Add BIND 4 migration notes.
1057N/A 734. [bug] An attempt to re-lock the zone lock could occur if
1703N/A the server was shutdown during a zone tranfer.
1057N/A 733. [bug] Reference counts of dns_acl_t objects need to be
1057N/A locked but were not. [RT #801, #821]
1057N/A 732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828]
1057N/A 731. [bug] Certain zone errors could cause named-checkzone to
1057N/A fail ungracefully. [RT #819]
1057N/A 730. [bug] lwres_getaddrinfo() returns the correct result when
1057N/A it fails to contact a server. [RT #768]
1703N/A 729. [port] pthread_setconcurrency() needs to be called on Solaris.
1703N/A 728. [bug] Fix comment processing on master file directives.
1057N/A 727. [port] Work around OS bug where accept() succeeds but
1057N/A fails to fill in the peer address of the accepted
1057N/A connection, by treating it as an error rather than
1057N/A an assertion failure. [RT #809]
1057N/A 726. [func] Implement the "trace" and "notrace" commands in rndc.
1703N/A 725. [bug] Installing man pages could fail.
1703N/A 724. [func] New libisc functions isc_netaddr_any(),
1057N/A 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
1057N/A to return DNS_R_SERVFAIL. [RT #783]
2095N/A 722. [func] Allow incremental loads to be canceled.
1057N/A 721. [cleanup] Load manager and dns_master_loadfilequota() are no
2095N/A 720. [bug] Server could enter infinite loop in
2095N/A 719. [bug] Rapid reloads could trigger an assertion failure.
2095N/A 717. [bug] Certain TKEY processing failure modes could
2095N/A reference an uninitialized variable, causing the
2095N/A 716. [bug] The first line of a $INCLUDE master file was lost if
2095N/A an origin was specified. [RT #744]
2095N/A 715. [bug] Resolving some A6 chains could cause an assertion
1057N/A 714. [bug] Preserve interval timers across reloads unless changed.
1057N/A 713. [func] named-checkconf takes '-t directory' similar to named.
1057N/A 712. [bug] Sending a large signed update message caused an
1057N/A assertion failure. [RT #718]
2095N/A 711. [bug] The libisc and liblwres implementations of
1703N/A inet_ntop contained an off by one error.
1703N/A 710. [func] The forwarders statement now takes an optional
1703N/A 709. [bug] ANY or SIG queries for data with a TTL of 0
1703N/A would return SERVFAIL. [RT #620]
1703N/A 708. [bug] When building with --with-openssl, the openssl headers
1703N/A included with BIND 9 should not be used. [RT #702]
1703N/A 707. [func] The "filename" argument to named-checkzone is no
2095N/A longer optional, to reduce confusion. [RT #612]
2095N/A 706. [bug] Zones with an explicit "allow-update { none; };"
2095N/A were considered dynamic and therefore not reloaded
2095N/A on SIGHUP or "rndc reload".
2095N/A 705. [port] Work out resource limit type for use where rlim_t is
2095N/A 704. [port] RLIMIT_NOFILE is not available on all platforms.
2095N/A use 127.0.0.1 instead. [RT #693]
2095N/A 701. [func] Root hints are now fully optional. Class IN
2095N/A views use compiled-in hints by default, as
2095N/A before. Non-IN views with no root hints now
2095N/A provide authoritative service but not recursion.
2095N/A A warning is logged if a view has neither root
2095N/A hints nor authoritative data for the root. [RT #696]
2095N/A 700. [bug] $GENERATE range check was wrong. [RT #688]
1703N/A 699. [bug] The lexer mishandled empty quoted strings. [RT #694]
1703N/A 698. [bug] Aborting nsupdate with ^C would lead to several
2095N/A 697. [bug] nsupdate was not compatible with the undocumented
2095N/A BIND 8 behavior of ignoring TTLs in "update delete"
2095N/A 696. [bug] lwresd would die with an assertion failure when passed
2095N/A a zero-length name. [RT #692]
2095N/A 695. [bug] If the resolver attempted to query a blackholed or
2095N/A bogus server, the resolution would fail immediately.
2095N/A 694. [bug] $GENERATE did not produce the last entry.
2095N/A the server to crash while loading.
2095N/A 692. [bug] Deal with systems that have getaddrinfo() but not
2095N/A 691. [bug] Configuring per-view forwarders caused an assertion
2095N/A 690. [func] $GENERATE now supports DNAME. [RT #654]
2095N/A 689. [doc] man pages are now installed. [RT #210]
2095N/A 688. [func] "make tags" now works on systems with the
2095N/A 687. [bug] Only say we have IPv6, with sufficent functionality,
2095N/A if it has actually been tested. [RT #586]
2095N/A 686. [bug] dig and nslookup can now be properly aborted during
2095N/A blocking operations. [RT #568]
2095N/A 684. [bug] Memory leak with view forwarders. [RT #656]
2095N/A 683. [bug] File descriptor leak in isc_lex_openfile().
2095N/A 682. [bug] nslookup displayed SOA records incorrectly. [RT #665]
2095N/A 681. [bug] $GENERATE specifying output format was broken. [RT #653]
2095N/A 680. [bug] dns_rdata_fromstruct() mishandled options bigger
2095N/A 679. [bug] $INCLUDE could leak memory and file descriptors on
2095N/A 678. [bug] "transfer-format one-answer;" could trigger an assertion
2095N/A 677. [bug] dnssec-signzone would occasionally use the wrong ttl
2095N/A for database operations and fail. [RT #643]
2095N/A 676. [bug] Log messages about lame servers to category
2095N/A 'lame-servers' rather than 'resolver', so as not
2095N/A to be gratuitously incompatible with BIND 8.
2095N/A 675. [bug] TKEY queries could cause the server to leak
2095N/A 674. [func] Allow messages to be TSIG signed / verified using
2095N/A a offset from the current time.
2095N/A 673. [func] The server can now convert RFC1886-style recursive
2095N/A lookup requests into RFC2874-style lookups, when
2095N/A enabled using the new option "allow-v6-synthesis".
2095N/A 672. [bug] The wrong time was in the "time signed" field when
2095N/A replying with BADTIME error.
2095N/A 671. [bug] The message code was failing to parse a message with
2095N/A no question section and a TSIG record. [RT #628]
2095N/A 670. [bug] The lwres replacements for getaddrinfo and
2095N/A getipnodebyname didn't properly check for the
2095N/A existence of the sockaddr sa_len field.
2095N/A 669. [bug] dnssec-keygen now makes the public key file
2095N/A non-world-readable for symmetric keys. [RT #403]
2095N/A 668. [func] named-checkzone now reports multiple errors in master
2095N/A 667. [bug] On Linux, running named with the -u option and a
2095N/A non-world-readable configuration file didn't work.
2095N/A 666. [bug] If a request sent by dig is longer than 512 bytes,
2095N/A 665. [bug] Signed responses were not sent when the size of the
2095N/A TSIG + question exceeded the maximum message size.
2095N/A 664. [bug] The t_tasks and t_timers module tests are now skipped
2095N/A when building without threads, since they require
2095N/A 663. [func] Accept a size_spec, not just an integer, in the
2095N/A (unimplemented and ignored) max-ixfr-log-size option
2095N/A for compatibility with recent versions of BIND 8.
2095N/A 662. [bug] dns_rdata_fromtext() failed to log certain errors.
2095N/A 661. [bug] Certain UDP IXFR requests caused an assertion failure
2095N/A (mpctx->allocated == 0). [RT #355, #394, #623]
2095N/A 660. [port] Detect multiple CPUs on HP-UX and IRIX.
2095N/A 659. [performance] Rewrite the name compression code to be much faster.
2095N/A 658. [cleanup] Remove all vestiges of 16 bit global compression.
2095N/A 657. [bug] When a listen-on statement in an lwres block does not
2095N/A specify a port, use 921, not 53. Also update the
2095N/A listen-on documentation. [RT #616]
2095N/A 656. [func] Treat an unescaped newline in a quoted string as
2095N/A an error. This means that TXT records with missing
2095N/A close quotes should have meaningful errors printed.
2095N/A 655. [bug] Improve error reporting on unexpected eof when loading
2095N/A 654. [bug] Origin was being forgotten in TCP retries in dig.
2095N/A 653. [bug] +defname option in dig was reversed in sense.
1703N/A 652. [bug] zone_saveunique() did not report the new name.
1703N/A 651. [func] The AD bit in responses now has the meaning
2095N/A specified in <draft-ietf-dnsext-ad-is-secure>.
1703N/A 650. [bug] SIG(0) records were being generated and verified
2095N/A 649. [bug] It was possible to join to an already running fctx
2095N/A after it had "cloned" its events, but before it sent
2095N/A them. In this case, the event of the newly joined
2095N/A fetch would not contain the answer, and would
2095N/A trigger the INSIST() in fctx_sendevents(). In
2095N/A BIND 9.0, this bug did not trigger an INSIST(), but
2095N/A caused the fetch to fail with a SERVFAIL result.
2095N/A [RT #588, #597, #605, #607]
2095N/A 648. [port] Add support for pre-RFC2133 IPv6 implementations.
2095N/A 647. [bug] Resolver queries sent after following multiple
2095N/A referrals had excessively long retransmission
2095N/A timeouts due to incorrectly counting the referrals
2095N/A didn't _cleanly_ fix the problem it was trying to fix.
2095N/A 644. [bug] #622 needed more work. [RT #562]
2095N/A 643. [bug] xfrin error messages made more verbose, added class
2095N/A 642. [bug] Break the exit_check() race in the zone module.
2095N/A 641. [bug] $GENERATE caused a uninitialized link to be used.
2095N/A 640. [bug] Memory leak in error path could cause
2095N/A "mpctx->allocated == 0" failure. [RT #584]
2095N/A 639. [bug] Reading entropy from the keyboard would sometimes fail.
2095N/A to get a prototype for time() when pthreads was not
2095N/A 637. [port] Use isc_u?int64_t instead of (unsigned) long long in
2095N/A be compiled even if the platform does not need it.
2095N/A 636. [port] Shut up MSVC++ about a possible loss of precision
2095N/A in the ISC__BUFFER_PUTUINT*() macros. [RT #592]
2095N/A 635. [bug] Reloading a server with a configured blackhole list
2095N/A would cause an assertion. [RT #590]
2095N/A 634. [bug] A log file will completely stop being written when
2095N/A it reaches the maximum size in all cases, not just
2095N/A when versioning is also enabled. [RT #570]
2095N/A 633. [port] Cope with rlim_t missing on
BSD/OS systems. [RT #575]
2095N/A 632. [bug] The index array of the journal file was
2095N/A corrupted as it was written to disk.
2095N/A 631. [port] Build without thread support on systems without
2095N/A 630. [bug] Locking failure in zone code. [RT #582]
2095N/A 629. [bug] 9.1.0b1 dereferenced a null pointer and crashed
2095N/A when responding to a UDP IXFR request.
2095N/A 628. [bug] If the root hints contained only AAAA addresses,
2095N/A named would be unable to perform resolution.
2095N/A 627. [bug] The EDNS0 blackhole detection code of change 324
2095N/A waited for three retransmissions to each server,
2095N/A which takes much too long when a domain has many
2095N/A name servers and all of them drop EDNS0 queries.
2095N/A Now we retry without EDNS0 after three consecutive
2095N/A timeouts, even if they are all from different
2095N/A 626. [bug] The lightweight resolver daemon no longer crashes
2095N/A when asked for a SIG rrset. [RT #558]
2095N/A 625. [func] Zones now inherit their class from the enclosing view.
2095N/A 624. [bug] The zone object could get timer events after it had
2095N/A been destroyed, causing a server crash. [RT #571]
2095N/A 623. [func] Added "named-checkconf" and "named-checkzone" program
2095N/A 622. [bug] A canceled request could be destroyed before
2095N/A dns_request_destroy() was called. [RT #562]
2095N/A 621. [port] Disable IPv6 at runtime if IPv6 sockets are unusable.
2095N/A This mostly affects Red Hat Linux 7.0, which has
2095N/A conflicts between libc and the kernel.
2095N/A 620. [bug] dns_master_load*inc() now require 'task' and 'load'
2095N/A to be non-null. Also 'done' will not be called if
2095N/A dns_master_load*inc() fails immediately. [RT #565]
2095N/A 618. [bug] Queries to a signed zone could sometimes cause
2095N/A 617. [bug] When using dynamic update to add a new RR to an
2095N/A existing RRset with a different TTL, the journal
2095N/A entries generated from the update did not include
2095N/A explicit deletions and re-additions of the existing
2095N/A RRs to update their TTL to the new value.
2095N/A 616. [func] dnssec-signzone -t output now includes performance
2095N/A 615. [bug] dnssec-signzone did not like child keysets signed
2095N/A 614. [bug] Checks for uninitialized link fields were prone
2095N/A to false positives, causing assertion failures.
2095N/A The checks are now disabled by default and may
2095N/A be re-enabled by defining ISC_LIST_CHECKINIT.
2095N/A 613. [bug] "rndc reload zone" now reloads primary zones.
2095N/A It previously only updated slave and stub zones,
2095N/A if an SOA query indicated an out of date serial.
2095N/A 612. [cleanup] Shutup a ridiculously noisy HP-UX compiler that
2095N/A complains relentlessly about how its treatment
2095N/A of 'const' has changed as well as how casting
2095N/A sometimes tightens alignment constraints.
2095N/A 611. [func] allow-notify can be used to permit processing of
2095N/A notify messages from hosts other than a slave's
2095N/A 610. [func] rndc dumpdb is now supported.
2095N/A 609. [bug] getrrsetbyname() would crash lwresd if the server
2095N/A found more SIGs than answers. [RT #554]
2095N/A 608. [func] dnssec-signzone now adds a comment to the zone
2095N/A with the time the file was signed.
2095N/A 607. [bug] nsupdate would fail if it encountered a CNAME or
2095N/A DNAME in a response to an SOA query. [RT #515]
2095N/A 606. [bug] Compiling with --disable-threads failed due
2095N/A to isc_thread_self() being incorrectly defined
2095N/A as an integer rather than a function.
2095N/A 605. [func] New function isc_lex_getlasttokentext().
1703N/A numbers when long comments were present.
1703N/A 603. [bug] Make dig handle multiple types or classes on the same
1703N/A 602. [func] Cope automatically with UnixWare's broken
1703N/A IN6_IS_ADDR_* macros. [RT #539]
2095N/A 601. [func] Return a non-zero exit code if an update fails
2095N/A 600. [bug] Reverse lookups sometimes failed in dig, etc...
2095N/A 599. [func] Added four new functions to the libisc log API to
2095N/A support i18n messages. isc_log_iwrite(),
2095N/A isc_log_ivwrite(), isc_log_iwrite1() and
2095N/A isc_log_ivwrite1() were added.
2095N/A 598. [bug] An update-policy statement would cause the server
2095N/A to assert while loading. [RT #536]
2095N/A 597. [func] dnssec-signzone is now multi-threaded.
2095N/A 596. [bug] DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
2095N/A 595. [port] On Linux 2.2, socket() returns EINVAL when it
2095N/A should return EAFNOSUPPORT. Work around this.
2095N/A 594. [func] sdb drivers are now assumed to not be thread-safe
2095N/A unless the DNS_SDBFLAG_THREADSAFE flag is supplied.
2095N/A 593. [bug] If a secure zone was missing all its NXTs and
2095N/A a dynamic update was attempted, the server entered
1703N/A 592. [bug] The sig-validity-interval option now specifies a
1703N/A number of days, not seconds. This matches the
2095N/A 591. [bug] Work around non-reentrancy in openssl by disabling
2095N/A 590. [doc] There are now man pages for the lwres library in
2095N/A 589. [bug] The server could deadlock if a zone was updated
1703N/A while being transferred out.
1703N/A 588. [bug] ctx->in_use was not being correctly initialized when
1703N/A when pushing a file for $INCLUDE. [RT #523]
2095N/A 587. [func] A warning is now printed if the "allow-update"
2095N/A option allows updates based on the source IP
2095N/A address, to alert users to the fact that this
2095N/A is insecure and becoming increasingly so as
2095N/A servers capable of update forwarding are being
2095N/A 586. [bug] multiple views with the same name were fatal. [RT #516]
2095N/A 585. [func] dns_db_addrdataset() and and dns_rdataslab_merge()
2095N/A now support 'exact' additions in a similar manner to
2095N/A dns_db_subtractrdataset() and dns_rdataslab_subtract().
2095N/A 584. [func] You can now say 'notify explicit'; to suppress
2095N/A notification of the servers listed in NS records
2095N/A and notify only those servers listed in the
2095N/A 583. [func] "rndc querylog" will now toggle logging of
2095N/A queries, like "ndc querylog" in BIND 8.
2095N/A 582. [bug] dns_zone_idetach() failed to lock the zone.
2095N/A 581. [bug] log severity was not being correctly processed.
2095N/A 580. [func] Ignore trailing garbage on incoming DNS packets,
2095N/A for interoperability with broken server
2095N/A 579. [bug] nsupdate did not take a filename to read update from.
2095N/A 578. [func] New config option "notify-source", to specify the
2095N/A source address for notify messages.
2095N/A 577. [func] Log illegal RDATA combinations.
e.g. multiple
2095N/A singlton types, cname and other data.
2095N/A 576. [doc] isc_log_create() description did not match reality.
2095N/A 575. [bug] isc_log_create() was not setting internal state
2095N/A correctly to reflect the default channels created.
2095N/A 574. [bug] TSIG signed queries sent by the resolver would fail to
2095N/A have their responses validated and would leak memory.
2095N/A 573. [bug] The journal files of IXFRed slave zones were
1703N/A inadvertantly discarded on server reload, causing
1703N/A "journal out of sync with zone" errors on subsequent
1703N/A 572. [bug] Quoted strings were not accepted as key names in
1703N/A 571. [bug] It was possible to create an rdataset of singleton
2095N/A type which had more than one rdata. [RT #154]
2095N/A both a CNAME and "other data". [RT #154]
1703N/A 569. [func] The DNSSEC AD bit will not be set on queries which
1703N/A have not requested a DNSSEC response.
2095N/A 567. [bug] Setting the zone transfer timeout to zero caused an
2095N/A assertion failure. [RT #302]
2095N/A 566. [func] New public function dns_timer_setidle().
2095N/A 565. [func] Log queries more like BIND 8: query logging is now
1703N/A done to category "queries", level "info". [RT #169]
1703N/A 564. [func] Add sortlist support to lwresd.
1703N/A 563. [func] New public functions dns_rdatatype_format() and
1703N/A dns_rdataclass_format(), for convenient formatting
1057N/A 561. [func] The 'datasize', 'stacksize', 'coresize' and 'files'
1057N/A clauses of the options{} statement are now implemented.
1057N/A 560. [bug] dns_name_split did not properly the resulting prefix
1703N/A when a maximal length bitstring label was split which
1703N/A was preceded by another bitstring label. [RT #429]
1703N/A 559. [bug] dns_name_split did not properly create the suffix
1703N/A when splitting within a maximal length bitstring label.
1057N/A 558. [func] New functions, isc_resource_getlimit and
1057N/A 557. [func] Symbolic constants for libisc integral types.
1057N/A 556. [func] The DNSSEC OK bit in the EDNS extended flags
1703N/A is now implemented. Responses to queries without
1703N/A this bit set will not contain any DNSSEC records.
1703N/A 555. [bug] A slave server attempting a zone transfer could
1703N/A crash with an assertion failure on certain
2095N/A malformed responses from the master. [RT #457]
1057N/A 554. [bug] In some cases, not all of the dnssec tools were
1057N/A 553. [bug] Incoming zone transfers deferred due to quota
1057N/A were not started when quota was increased but
1703N/A only when a transfer in progress finished. [RT #456]
1703N/A 552. [bug] We were not correctly detecting the end of all c-style
2095N/A 551. [func] Implemented the 'sortlist' option.
2095N/A 550. [func] Support unknown rdata types and classes.
2095N/A 549. [bug] "make" did not immediately abort the build when a
1703N/A subdirectory make failed [RT #450].
1703N/A 548. [func] The lexer now ungets tokens more correctly.
1109N/A 546. [func] Option 'lame-ttl' is now implemented.
1703N/A 545. [func] Name limit and counting options removed from dig;
1703N/A they didn't work properly, and cannot be correctly
1703N/A implemented without significant changes.
1703N/A 544. [func] Add statistics option, enable statistics-file option,
1703N/A add RNDC option "dump-statistics" to write out a
1703N/A 543. [doc] The 'port' option is now documented.
2095N/A 542. [func] Add support for update forwarding as required for
2095N/A full compliance with RFC2136. It is turned off
2095N/A by default and can be enabled using the
2095N/A 'allow-update-forwarding' option.
2095N/A 541. [func] Add bogus server support.
1109N/A 540. [func] Add dialup support.
1057N/A 539. [func] Support the blackhole option.
1057N/A 538. [bug] fix buffer overruns by 1 in lwres_getnameinfo().
2095N/A 536. [func] Use transfer-source{-v6} when sending refresh queries.
1109N/A Transfer-source{-v6} now take a optional port
1057N/A parameter for setting the UDP source port. The port
1057N/A parameter is ignored for TCP.
2095N/A 535. [func] Use transfer-source{-v6} when forwarding update
1057N/A 534. [func] Ancestors have been removed from RBT chains. Ancestor
1057N/A information can be discerned via node parent pointers.
1703N/A 533. [func] Incorporated name hashing into the RBT database to
1703N/A 532. [func] Implement DNS UPDATE pseudo records using
1703N/A 531. [func] Rdata really should be initialized before being assigned
1703N/A to (dns_rdata_fromwire(), dns_rdata_fromtext(),
1703N/A dns_rdata_clone(), dns_rdata_fromregion()),
2095N/A 530. [func] New function dns_rdata_invalidate().
1703N/A 529. [bug] 521 contained a bug which caused zones to always
1703N/A 528. [func] The ISC_LIST_XXXX macros now perform sanity checks
1703N/A on their arguments. ISC_LIST_XXXXUNSAFE can be use
1703N/A to skip the checks however use with caution.
2095N/A 527. [func] New function dns_rdata_clone().
2095N/A 526. [bug] nsupdate incorrectly refused to add RRs with a TTL
2095N/A 525. [func] New arguments 'options' for dns_db_subtractrdataset(),
2095N/A and 'flags' for dns_rdataslab_subtract() allowing you
2095N/A to request that the RR's must exist prior to deletion.
2095N/A DNS_R_NOTEXACT is returned if the condition is not met.
2095N/A 524. [func] The 'forward' and 'forwarders' statement in
2095N/A non-forward zones should work now.
2095N/A 523. [doc] The source to the Administrator Reference Manual is
2095N/A now an XML file using the DocBook DTD, and is included
2095N/A in the distribution. The plain text version of the
2095N/A ARM is temporarily unavailable while we figure out
2095N/A how to generate readable plain text from the XML.
2095N/A 522. [func] The lightweight resolver daemon can now use
2095N/A a real configuration file, and its functionality
2095N/A can be provided by a name server. Also, the -p and -P
2095N/A options to lwresd have been reversed.
1703N/A 521. [bug] Detect master files which contain $INCLUDE and always
1703N/A 520. [bug] Upgraded libtool to 1.3.5, which makes shared
1703N/A library builds almost work on AIX (and possibly
1703N/A 519. [bug] dns_name_split() would improperly split some bitstring
1703N/A labels, zeroing a few of the least signficant bits in
1703N/A the prefix part. When such an improperly created
1703N/A prefix was returned to the RBT database, the bogus
1703N/A label was dutifully stored, corrupting the tree.
1703N/A 518. [bug] The resolver did not realize that a DNAME which was
2095N/A "the answer" to the client's query was "the answer",
1703N/A and such queries would fail. [RT #399]
1703N/A 517. [bug] The resolver's DNAME code would trigger an assertion
2095N/A if there was more than one DNAME in the chain.
1703N/A 516. [bug] Cache lookups which had a NULL node pointer,
e.g. 1703N/A those by dns_view_find(), and which would match a
1703N/A 515. [bug] The ssu table was not being attached / detached
1703N/A by dns_zone_[sg]etssutable. [RT#397]
1703N/A 514. [func] Retry refresh and notify queries if they timeout.
1703N/A 513. [func] New functionality added to rdnc and server to allow
1703N/A individual zones to be refreshed or reloaded.
1703N/A 512. [bug] The zone transfer code could throw an execption with
1703N/A 511. [bug] The message code could throw an assertion on an
1703N/A out of memory failure. [RT #392]
1703N/A 510. [bug] Remove spurious view notify warning. [RT #376]
1703N/A 509. [func] Add support for write of zone files on shutdown.
1703N/A 508. [func] dns_message_parse() can now do a best-effort
1703N/A attempt, which should allow dig to print more invalid
1703N/A 507. [func] New functions dns_zone_flush(), dns_zt_flushanddetach()
1703N/A and dns_view_flushanddetach().
1703N/A 506. [func] Do not fail to start on errors in zone files.
2095N/A 505. [bug] nsupdate was printing "unknown result code". [RT #373]
2095N/A 504. [bug] The zone was not being marked as dirty when updated via
2095N/A 503. [bug] dumptime was not being set along with
2095N/A 502. [func] On a SERVFAIL reply, DiG will now try the next server
1703N/A in the list, unless the +fail option is specified.
1703N/A 501. [bug] Incorrect port numbers were being displayed by
1703N/A 500. [func] Nearly useless +details option removed from DiG.
1703N/A 499. [func] In DiG, specifying a class with -c or type with -t
2095N/A changes command-line parsing so that classes and
1703N/A types are only recognized if following -c or -t.
1703N/A This allows hosts with the same name as a class or
2095N/A 498. [doc] There is now a man page for "dig"
1703N/A 497. [bug] The error messages printed when an IP match list
1703N/A contained a network address with a nonzero host
2095N/A part where not sufficiently detailed. [RT #365]
1703N/A 496. [bug] named didn't sanity check numeric parameters. [RT #361]
1703N/A 495. [bug] nsupdate was unable to handle large records. [RT #368]
1057N/A 494. [func] Do not cache NXDOMAIN responses for SOA queries.
1057N/A 493. [func] Return non-cachable (ttl = 0) NXDOMAIN responses
1057N/A for SOA queries. This makes it easier to locate
1703N/A the containing zone without polluting intermediate
2095N/A 492. [bug] attempting to reload a zone caused the server fail
1703N/A to shutdown cleanly. [RT #360]
1703N/A 491. [bug] nsupdate would segfault when sending certain
1703N/A prerequisites with empty RDATA. [RT #356]
1703N/A obtained an SOA containing the zone's configured
1703N/A retry time, perform the SOA query retries using
1703N/A exponential backoff. [RT #337]
1703N/A 489. [func] The zone manager now has a "i/o" queue.
1703N/A 488. [bug] Locks weren't properly destroyed in some cases.
2095N/A 487. [port] flockfile() is not defined on all systems.
1703N/A 486. [bug] nslookup: "set all" and "server" commands showed
1703N/A the incorrect port number if a port other than 53
2095N/A 485. [func] When dig had more than one server to query, it would
2095N/A send all of the messages at the same time. Add
2095N/A rate limiting of the transmitted messages.
1703N/A 484. [bug] When the server was reloaded after removing addresses
1703N/A were still listening on the removed addresses due
1703N/A to reference count loops. [RT #325]
1703N/A 483. [bug] nslookup: "set all" showed a "search" option but it
2095N/A 482. [bug] nslookup: a plain "server" or "lserver" should be
1703N/A 481. [bug] nslookup:get_next_command() stack size could exceed
2095N/A 480. [bug] strtok() is not thread safe. [RT #349]
2095N/A 479. [func] The test suite can now be run by typing "make check"
2095N/A or "make test" at the top level.
1703N/A 478. [bug] "make install" failed if the directory specified with
1703N/A --prefix did not already exist.
1703N/A its directory was created. [RT #324]
2095N/A 476. [bug] A zone could expire while a zone transfer was in
2095N/A progress triggering a INSIST failure. [RT #329]
2095N/A 475. [bug] query_getzonedb() sometimes returned a non-null version
2095N/A on failure. This caused assertion failures when
2095N/A generating query responses where names subject to
2095N/A additional section processing pointed to a zone
2095N/A to which access had been denied by means of the
1057N/A allow-query option. [RT #336]
2095N/A 474. [bug] The mnemonic of the CHAOS class is CH according to
2095N/A RFC1035, but it was printed and read only as CHAOS.
2095N/A We now accept both forms as input, and print it
2095N/A 473. [bug] nsupdate overran the end of the list of name servers
1057N/A when no servers could be reached, typically causing
1057N/A it to print the error message "dns_request_create:
2095N/A 472. [bug] Off-by-one error caused isc_time_add() to sometimes
2095N/A produce invalid time values.
2095N/A 470. [func] $GENERATE is now supported. See also
1057N/A 469. [bug] "query-source address * port 53;" now works.
1057N/A 468. [bug] dns_master_load*() failed to report file and line
1703N/A number in certain error conditions.
1703N/A 467. [bug] dns_master_load*() failed to log an error if
1057N/A 466. [bug] dns_master_load*() could return success when it failed.
1057N/A 465. [cleanup] Allow 0 to be set as an omapi_value_t value by
1057N/A 464. [cleanup] Build with openssl's RSA code instead of dnssafe.
1057N/A 463. [bug] nsupdate sent malformed SOA queries to the second
1703N/A query sent to the first one failed.
1703N/A 462. [bug] --disable-ipv6 should work now.
2095N/A 461. [bug] Specifying an unknown key in the "keys" clause of the
1703N/A "controls" statement caused a NULL pointer dereference.
1703N/A 460. [bug] Much of the DNSSEC code only worked with class IN.
1057N/A 459. [bug] Nslookup processed the "set" command incorrectly.
1057N/A 458. [bug] Nslookup didn't properly check class and type values.
1703N/A timeouts in certain situations, causing an
2095N/A unnecessary warning message to be printed.
1057N/A 456. [bug] Stub zones were not resetting the refresh and expire
1057N/A counters, loadtime or clearing the DNS_ZONE_REFRESH
2095N/A (refresh in progress) flag upon successful update.
684N/A This disabled further refreshing of the stub zone,
684N/A causing it to eventually expire. [RT #300]
1057N/A 455. [doc] Document IPv4 prefix notation does not require a
1057N/A dotted decimal quad but may be just dotted decimal.
1703N/A 454. [bug] Enforce dotted decimal and dotted decimal quad where
1057N/A 453. [bug] Warn if the obsolete option "maintain-ixfr-base"
1057N/A 452. [bug] Warn if the unimplemented option "statistics-file"
1057N/A 451. [func] Update forwarding implememted.
1057N/A 450. [func] New function ns_client_sendraw().
1703N/A 449. [bug] isc_bitstring_copy() only works correctly if the
1703N/A two bitstrings have the same lsb0 value, but this
2095N/A requirement was not documented, nor was there a
1057N/A 448. [bug] Host output formatting change, to match v8. [RT #255]
1057N/A 447. [bug] Dig didn't properly retry in TCP mode after
1057N/A a truncated reply. [RT #277]
2095N/A 446. [bug] Confusing notify log message. [RT #298]
1057N/A 445. [bug] Doing a 0 bit isc_bitstring_copy() of an lsb0
1057N/A bitstring triggered a REQUIRE statement. The REQUIRE
2095N/A statement was incorrect. [RT #297]
1703N/A 444. [func] "recursion denied" messages are always logged at
1703N/A debug level 1, now, rather than sometimes at ERROR.
1703N/A This silences these warnings in the usual case, where
1703N/A some clients set the RD bit in all queries.
1703N/A 443. [bug] When loading a master file failed because of an
1703N/A unrecognized RR type name, the error message
2095N/A did not include the file name and line number.
2095N/A 442. [bug] TSIG signed messages that did not match any view
2095N/A crashed the server. [RT #290]
1057N/A 441. [bug] Nodes obscured by a DNAME were inaccessible even
1057N/A when DNS_DBFIND_GLUEOK was set.
1057N/A 440. [func] New function dns_zone_forwardupdate().
1057N/A 439. [func] New function dns_request_createraw().
1057N/A 438. [func] New function dns_message_getrawmessage().
1703N/A 437. [func] Log NOTIFY activity to the notify channel.
2095N/A 436. [bug] If recvmsg() returned EHOSTUNREACH or ENETUNREACH,
1057N/A which sometimes happens on Linux, named would enter
1057N/A a busy loop. Also, unexpected socket errors were
1057N/A not logged at a high enough logging level to be
1057N/A useful in diagnosing this situation. [RT #275]
1057N/A 435. [bug] dns_zone_dump() overwrote existing zone files
1057N/A rather than writing to a temporary file and
1057N/A renaming. This could lead to empty or partial
1057N/A zone files being left around in certain error
2095N/A conditions involving the initial transfer of a
1057N/A slave zone, interfering with subsequent server
1057N/A 434. [func] New function isc_file_isabsolute().
1057N/A 433. [func] isc_base64_decodestring() now accepts newlines
1057N/A within the base64 data. This makes it possible
1057N/A to break up the key data in a "trusted-keys"
1057N/A statement into multiple lines. [RT #284]
1057N/A retry time is now a random value between 75% and
1057N/A 100% of the configured value.
2095N/A 431. [func] Log at ISC_LOG_INFO when a zone is successfully
1057N/A 430. [bug] Rewrote the lightweight resolver client management
1057N/A code to handle shutdown correctly and general
1057N/A 429. [bug] The space reserved for a TSIG record in a response
1057N/A was 2 bytes too short, leading to message
1703N/A DNS_R_BADDB for nodes which had neither NXT nor SIG NXT
2095N/A generating negative responses in a secure zone.
1703N/A 427. [bug] Avoid going into an infinite loop when the validator
1703N/A gets a negative response to a key query where the
1703N/A records are signed by the missing key.
1703N/A 426. [bug] Attempting to generate an oversized RSA key could
1703N/A cause dnssec-keygen to dump core.
1703N/A 425. [bug] Warn about the auth-nxdomain default value change
2095N/A if there is no auth-nxdomain statement in the
1703N/A 424. [bug] notify_createmessage() could trigger an assertion
1703N/A failure when creating the notify message failed,
1703N/A e.g. due to corrupt zones with multiple SOA records.
2095N/A 423. [bug] When responding to a recusive query, errors that occur
1057N/A after following a CNAME should cause the query to fail.
2095N/A 422. [func] get rid of isc_random_t, and make isc_random_get()
1703N/A and isc_random_jitter() use rand() internally
1703N/A instead of local state. Note that isc_random_*()
1703N/A functions are only for weak, non-critical "randomness"
2095N/A such as timing jitter and such.
1057N/A 421. [bug] nslookup would exit when given a blank line as input.
2095N/A 420. [bug] nslookup failed to implement the "exit" command.
1057N/A 419. [bug] The certificate type PKIX was misspelled as SKIX.
684N/A 418. [bug] At debug levels >= 10, getting an unexpected
1703N/A socket receive error would crash the server
1703N/A while trying to log the error message.
1703N/A 417. [func] Add isc_app_block() and isc_app_unblock(), which
1703N/A allow an application to handle signals while
1703N/A 416. [bug] Slave zones with no master file tried to use a
1703N/A NULL pointer for a journal file name when they
2095N/A received an IXFR. [RT #273]
1057N/A 415. [bug] The logging code leaked file descriptors.
1057N/A 414. [bug] Server did not shut down until all incoming zone
1057N/A 413. [bug] Notify could attempt to use the zone database after
1057N/A it had been unloaded. [RT#267]
2095N/A 412. [bug] named -v didn't print the version.
2095N/A 411. [bug] A typo in the HS A code caused an assertion failure.
2095N/A 410. [bug] lwres_gethostbyname() and company set lwres_h_errno
2095N/A to a random value on success.
2095N/A 409. [bug] If named was shut down early in the startup
2095N/A process, ns_omapi_shutdown() would attempt to lock
2095N/A an unintialized mutex. [RT #262]
2095N/A 408. [bug] stub zones could leak memory and reference counts if
2095N/A all the masters were unreachable.
2095N/A 407. [bug] isc_rwlock_lock() would needlessly block
2095N/A readers when it reached the read quota even
2095N/A if no writers were waiting.
2095N/A 406. [bug] Log messages were occasionally lost or corrupted
2095N/A due to a race condition in isc_log_doit().
2095N/A 405. [func] Add support for selective forwarding (forward zones)
2095N/A 404. [bug] The request library didn't completely work with IPv6.
2095N/A 403. [bug] "host" did not use the search list.
2095N/A 402. [bug] Treat undefined acls as errors, rather than
2095N/A warning and then later throwing an assertion.
2095N/A 401. [func] Added simple database API.
2095N/A 400. [bug] SIG(0) signing and verifying was done incorrectly.
2095N/A 399. [bug] When reloading the server with a config file
2095N/A containing a syntax error, it could catch an
2095N/A assertion failure trying to perform zone
2095N/A maintenance on, or sending notifies from,
2095N/A tentatively created zones whose views were
2095N/A never fully configured and lacked an address
2095N/A database and request manager.
2095N/A 398. [bug] "dig" sometimes caught an assertion failure when
1057N/A using TSIG, depending on the key length.
1057N/A 397. [func] Added utility functions dns_view_gettsig() and
1057N/A 396. [doc] There is now a man page for "nsupdate"
1057N/A 395. [bug] nslookup printed incorrect RR type mnemonics
2095N/A for RRs of type >= 21 [RT #237].
1057N/A 394. [bug] Current name was not propagated via $INCLUDE.
1057N/A 393. [func] Initial answer while loading (awl) support.
2095N/A Entry points: dns_master_loadfileinc(),
1703N/A dns_master_loadstreaminc(), dns_master_loadbufferinc().
1703N/A Note: calls to dns_master_load*inc() should be rate
1703N/A be rate limited so as to not use up all file
2095N/A 392. [func] Add ISC_R_FAMILYNOSUPPORT. Returned when OS does
2095N/A not support the given address family requested.
2095N/A 391. [clarity] ISC_R_FAMILY -> ISC_R_FAMILYMISMATCH.
2095N/A 390. [func] The function dns_zone_setdbtype() now takes
2095N/A both the zone database type and its arguments,
2095N/A making the functions dns_zone_adddbarg()
2095N/A and dns_zone_cleardbargs() unnecessary.
2095N/A 389. [bug] Attempting to send a reqeust over IPv6 using
2095N/A dns_request_create() on a system without IPv6
2095N/A support caused an assertion failure [RT #235].
2095N/A 388. [func] dig and host can now do reverse ipv6 lookups.
2095N/A 387. [func] Add dns_byaddr_createptrname(), which converts
2095N/A an address into the name used by a PTR query.
2095N/A 386. [bug] Missing strdup() of ACL name caused random
2095N/A ACL matching failures [RT #228].
2095N/A 385. [cleanup] Removed functions dns_zone_equal(), dns_zone_print(),
2095N/A 384. [bug] nsupdate was incorrectly limiting TTLs to 65535 instead
2095N/A 383. [func] When writing a master file, print the SOA and NS
2095N/A records (and their SIGs) before other records.
2095N/A 382. [bug] named -u failed on many Linux systems where the
2095N/A libc provided kernel headers do not match
1057N/A 381. [bug] Check for IPV6_RECVPKTINFO and use it instead of
1057N/A IPV6_PKTINFO if found. [RT #229]
2095N/A 380. [bug] nsupdate didn't work with IPv6.
1057N/A 379. [func] New library function isc_sockaddr_anyofpf().
1057N/A 378. [func] named and lwresd will log the command line arguments
2095N/A they were started with in the "starting ..." message.
1057N/A 377. [bug] When additional data lookups were refused due to
1057N/A "allow-query", the databases were still being
2095N/A attached causing reference leaks.
1057N/A 376. [bug] The server should always use good entropy when
1057N/A performing cryptographic functions needing entropy.
2095N/A 375. [bug] Per-zone "allow-query" did not properly override the
2095N/A 374. [bug] SOA in authoritative negative responses had wrong TTL.
2095N/A 373. [func] nslookup is now installed by "make install".
2095N/A 372. [bug] Deal with Microsoft DNS servers appending two bytes of
2095N/A garbage to zone transfer requests.
2095N/A 371. [bug] At high debug levels, doing an outgoing zone transfer
2095N/A of a very large RRset could cause an assertion failure
2095N/A 370. [bug] The error messages for rollforward failures were
2095N/A max-retry-time, min-retry-time,
2095N/A max-refresh-time, min-refresh-time.
2095N/A 368. [func] Restructure the internal ".bind" view so that more
2095N/A 367. [bug] Allow proper selection of server on nslookup command
2095N/A 366. [func] Allow use of '-' batch file in dig for stdin.
2095N/A 365. [bug] nsupdate -k leaked memory.
2095N/A 364. [func] Added additional-from-{cache,auth}
2095N/A 362. [bug] rndc no longer aborts if the configuration file is
2095N/A missing an options statement. [RT #209]
2095N/A 361. [func] When the RBT find or chain functions set the name and
2095N/A origin for a node that stores the root label
2095N/A the name is now set to an empty name, instead of ".",
2095N/A to simplify later use of the name and origin by
2095N/A dns_name_concatenate(), dns_name_totext() or
2095N/A 360. [func] dns_name_totext() and dns_name_format() now allow
2095N/A an empty name to be passed, which is formatted as "@".
2095N/A 359. [bug] dnssec-signzone occasionally signed glue records.
2095N/A 358. [cleanup] Rename the intermediate files used by the dnssec
2095N/A 357. [bug] The zone file parser crashed if the argument
2095N/A to $INCLUDE was a quoted string.
2095N/A 356. [cleanup] isc_task_send no longer requires event->sender to
2095N/A 355. [func] Added isc_dir_createunique(), similar to mkdtemp().
2095N/A 354. [doc] Man pages for the dnssec tools are now included in
2095N/A 352. [bug] Race condition in dns_client_t startup could cause
2095N/A 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG
2095N/A signed query could crash the server.
2095N/A 350. [bug] Also-notify lists specified in the global options
2095N/A block were not correctly reference counted, causing
2095N/A 349. [bug] Processing a query with the CD bit set now works
2095N/A and 'additional-from-cache' now supported in view and
2095N/A 347. [bug] Don't crash if an argument is left off options in dig.
2095N/A * Significantly improve structure handling
2095N/A * Don't pre-load entire batch files
2095N/A * Shorten timeouts to match v8's behavior
2095N/A 344. [bug] When shutting down, lwresd sometimes tried
2095N/A to shut down its client tasks twice,
2095N/A 343. [bug] Although zone maintenance SOA queries and
2095N/A notify requests were signed with TSIG keys
2095N/A when configured for the server in case,
2095N/A the TSIG was not verified on the response.
2095N/A 342. [bug] The wrong name was being passed to
2095N/A dns_name_dup() when generating a TSIG
2095N/A statement to allow authentication via TSIG keys:
2095N/A 10.0.0.1 port 5353 key "foo";
2095N/A 340. [bug] The top-level COPYRIGHT file was missing from
2095N/A 339. [bug] DNSSEC validation of the response to an ANY
2095N/A query at a name with a CNAME RR in a secure
2095N/A zone triggered an assertion failure.
2095N/A 338. [bug] lwresd logged to syslog as named, not lwresd.
2095N/A 337. [bug] "dig" did not recognize "nsap-ptr" as an RR type
2095N/A 336. [bug] "dig -f" used 64 k of memory for each line in
2095N/A the file. It now uses much less, though still
2095N/A proportionally to the file size.
2095N/A 335. [bug] named would occasionally attempt recursion when
2095N/A it was disallowed or undesired.
1057N/A 334. [func] Added hmac-md5 to libisc.
1057N/A 333. [bug] The resolver incorrectly accepted referrals to
1057N/A domains that were not parents of the query name,
1057N/A causing assertion failures.
1703N/A 332. [func] New function dns_name_reset().
1057N/A 331. [bug] Only log "recursion denied" if RD is set. [RT #178]
1057N/A 330. [bug] Many debugging messages were partially formatted
1057N/A even when debugging was turned off, causing a
1057N/A significant decrease in query performance.
1703N/A 329. [func] omapi_auth_register() now takes a size_t argument for
1703N/A the length of a key's secret data. Previously
2095N/A OMAPI only stored secrets up to the first NUL byte.
1057N/A 328. [func] Added isc_base64_decodestring().
1057N/A address where a host specification was required.
1703N/A 326. [func] 'keys' in an 'inet' control statement is now
1703N/A required and must have at least one item in it.
2095N/A A "not supported" warning is now issued if a 'unix'
1057N/A control channel is defined.
1703N/A 325. [bug] isc_lex_gettoken was processing octal strings when
1703N/A ISC_LEXOPT_CNUMBER was not set.
1057N/A 324. [func] In the resolver, turn EDNS0 off if there is no
1057N/A response after a number of retransmissions.
1057N/A This is to allow queries some chance of succeeding
1057N/A even if all the authoritative servers of a zone
1057N/A silently discard EDNS0 requests instead of
1703N/A sending an error response like they ought to.
1703N/A 323. [bug] dns_rbt_findname() did not ignore empty rbt nodes.
2095N/A Because of this, servers authoritative for a parent
1057N/A and grandchild zone but not authoritative for the
1057N/A intervening child zone did not correctly issue
1057N/A referrals to the servers of the child zone.
1057N/A 322. [bug] Queries for KEY RRs are now sent to the parent
1703N/A server before the authoritative one, making
1703N/A DNSSEC insecurity proofs work in many cases
1703N/A where they previously didn't.
1057N/A 321. [bug] When synthesizing a CNAME RR for a DNAME
1057N/A response, query_addcname() failed to intitialize
1057N/A the type and class of the CNAME dns_rdata_t,
1703N/A uses authentication to talk to named, command
1703N/A line syntax changed. This will all be described
1703N/A to configure the OMAPI command channel.
2095N/A 318. [func] dns_c_ndcctx_destroy() could never return anything
1057N/A except ISC_R_SUCCESS; made it have void return instead.
1057N/A 317. [func] Use callbacks from libomapi to determine if a
1057N/A new connection is valid, and if a key requested
1057N/A to be used with that connection is valid.
1703N/A 316. [bug] Generate a warning if we detect an unexpected <eof>
1057N/A 315. [bug] Handle non-empty blanks lines. [RT #163]
1057N/A more than one key specified for the inet clause.
1057N/A error. Instead, parse as much as possible, but
1057N/A still return an error if one was found.
2095N/A 312. [bug] Increase the number of allowed elements in the
1057N/A are more than this, ignore the remainder rather
1057N/A than returning a failure in lwres_conf_parse.
2095N/A 311. [bug] lwres_conf_parse failed when the first line of
1703N/A allow { any; } keys { "foo"; }
1703N/A - allow "port xxx" to be left out of statement,
2095N/A in which case it defaults to omapi's default port
1703N/A 309. [bug] When sending a referral, the server did not look
1703N/A for name server addresses as glue in the zone
2095N/A holding the NS RRset in the case where this zone
1703N/A was not the same as the one where it looked for
1703N/A name server addresses as authoritative data.
1703N/A 308. [bug] Treat a SOA record not at top of zone as an error
2095N/A when loading a zone. [RT #154]
1057N/A 307. [bug] When canceling a query, the resolver didn't check for
1057N/A isc_socket_sendto() calls that did not yet have their
1057N/A completion events posted, so it could (rarely) end up
1057N/A destroying the query context and then want to use
1703N/A it again when the send event posted, triggering an
1703N/A assertion as it tried to cancel an already-canceled
1057N/A 306. [bug] Reading HMAC-MD5 private key files didn't work.
1057N/A 305. [bug] When reloading the server with a config file
1057N/A containing a syntax error, it could catch an
2095N/A assertion failure trying to perform zone
1057N/A maintenance on tentatively created zones whose
1057N/A views were never fully configured and lacked
2095N/A 304. [bug] If more than LWRES_CONFMAXNAMESERVERS servers
1057N/A instead of returning failure.
1057N/A 303. [bug] Add additional sanity checks to differentiate a AXFR
2095N/A response vs a IXFR response. [RT #157]
1057N/A 302. [bug] In dig, host, and nslookup, MXNAME should be large
1057N/A enough to hold any legal domain name in presentation
1703N/A 301. [bug] Uninitialized pointer in host:printmessage(). [RT #159]
2095N/A on platforms lacking IPv6 because each included their
1057N/A own ipv6 header file for the missing definitions. Now
1057N/A the other (ISC_IPV6_H and LWRES_IPV6_H).
1703N/A 299. [cleanup] Get the user and group information before changing the
1703N/A root directory, so the administrator does not need to
2095N/A keep a copy of the user and group databases in the
1057N/A chroot'ed environment. Suggested by Hakan Olsson.
1057N/A 298. [bug] A mutex deadlock occurred during shutdown of the
1057N/A interface manager under certain conditions.
1057N/A Digital Unix systems were the most affected.
1703N/A 297. [bug] Specifying a key name that wasn't fully qualified
1703N/A in certain parts of the config file could cause
1057N/A 296. [bug] "make install" from a separate build directory
1057N/A failed unless configure had been run in the source
1057N/A 295. [bug] When invoked with type==CNAME and a message
1057N/A not constructed by dns_message_parse(),
1057N/A dns_message_findname() failed to find anything
1057N/A due to checking for attribute bits that are set
2095N/A only in dns_message_parse(). This caused an
1703N/A infinite loop when constructing the response to
1703N/A an ANY query at a CNAME in a secure zone.
1703N/A 294. [bug] If we run out of space in while processing glue
2095N/A when reading a master file and commit "current name"
1703N/A reverts to "name_current" instead of staying as
1703N/A 293. [port] Add support for FreeBSD 4.0 system tests.
1703N/A 292. [bug] Due to problems with the way some operating systems
1703N/A handle simultaneous listening on IPv4 and IPv6
1703N/A addresses, the server no longer listens on IPv6
2095N/A addresses by default. To revert to the previous
1703N/A behavior, specify "listen-on-v6 { any; };" in
1703N/A 291. [func] Caching servers no longer send outgoing queries
1703N/A over TCP just because the incoming recursive query
1703N/A 290. [cleanup] +twiddle option to dig (for testing only) removed.
1703N/A 289. [cleanup] dig is now installed in $bindir instead of $sbindir.
1703N/A host is now installed in $bindir. (Be sure to remove
1703N/A 288. [func] rndc is now installed by "make install" into $sbindir.
1703N/A 287. [bug] rndc now works again as "rndc 127.1 reload" (for
1703N/A only that task). Parsing its configuration file and
2095N/A using digital signatures for authentication has been
684N/A disabled until named supports the "controls" statement,
2095N/A 286. [bug] On Solaris 2, when named inherited a signal state
1703N/A where SIGHUP had the SIG_IGN action, SIGHUP would
1703N/A be ignored rather than causing the server to reload
2095N/A 285. [bug] A change made to the dst API for beta4 inadvertently
1703N/A broke OMAPI's creation of a dst key from an incoming
1703N/A message, causing an assertion to be triggered. Fixed.
1703N/A 284. [func] The DNSSEC key generation and signing tools now
1703N/A generate randomness from keyboard input on systems
1703N/A 283. [cleanup] The 'lwresd' program is now a link to 'named'.
684N/A 282. [bug] The lexer now returns ISC_R_RANGE if parsed integer is
684N/A too big for an unsigned long.
684N/A 281. [bug] Fixed list of recognized config file category names.
2095N/A easily build applications that link with
2095N/A 279. [bug] Private omapi function symbols shared between
684N/A protected using the ISC convention of starting with
1057N/A the library name and two underscores ("omapi__"...)
1057N/A note of when isc_log_categorybyname() wasn't able
684N/A to find the category name and would then apply the
1703N/A channel list of the unknown category to all categories.
1703N/A 277. [bug] isc_log_categorybyname() and isc_log_modulebyname()
1703N/A would fail to find the first member of any category
1703N/A or module array apart from the internal defaults.
2095N/A Thus, for example, the "notify" category was improperly
684N/A 276. [bug] dig now supports maximum sized TCP messages.
2095N/A 275. [bug] The definition of lwres_gai_strerror() was missing
684N/A 274. [bug] TSIG AXFR verify failed when talking to a BIND 8
684N/A 273. [func] The default for the 'transfer-format' option is
1703N/A now 'many-answers'. This will break zone transfers
1703N/A to BIND 4.9.5 and older unless there is an explicit
1703N/A 'one-answer' configuration.
2095N/A 272. [bug] The sending of large TCP responses was canceled
684N/A in mid-transmission due to a race condition
684N/A caused by the failure to set the client object's
684N/A "newstate" variable correctly when transitioning
684N/A to the "working" state.
684N/A 271. [func] Attempt to probe the number of cpus in named
684N/A if unspecified rather than defaulting to 1.
684N/A 270. [func] Allow maximum sized TCP answers.
684N/A 269. [bug] Failed DNSSEC validations could cause an assertion
684N/A failure by causing clone_results() to be called with
684N/A with hevent->node == NULL.
2095N/A 268. [doc] A plain text version of the Administrator
1057N/A Reference Manual is now included in the distribution,
1057N/A 267. [func] Nsupdate is now provided in the distribution.
1703N/A 266. [bug]
zone.c:save_nsrrset() node was not initialized.
1703N/A 265. [bug] dns_request_create() now works for TCP.
2095N/A 264. [func] Dispatch can not take TCP sockets in connecting
1703N/A state. Set DNS_DISPATCHATTR_CONNECTED when calling
1703N/A dns_dispatch_createtcp() for connected TCP sockets
1703N/A or call dns_dispatch_starttcp() when the socket is
1703N/A 263. [func] New logging channel type 'stderr'
684N/A 262. [bug] 'master' was not initialized in
zone.c:stub_callback().
684N/A 261. [func] Add dns_zone_markdirty().
1703N/A 260. [bug] Running named as a non-root user failed on Linux
1703N/A kernels new enough to support retaining capabilities
2095N/A 259. [func] New random-device and random-seed-file statements
2095N/A 257. [bug] The server detached the last zone manager reference
2095N/A too early, while it could still be in use by queries.
2095N/A This manifested itself as assertion failures during the
2095N/A shutdown process for busy name servers. [RT #133]
2095N/A isc_ratelimiter_shutdown guarantees that the rate
2095N/A limiter is detached from its task.
2095N/A 255. [func] New function dns_zonemgr_attach().
2095N/A 254. [bug] Suppress "query denied" messages on additional data
2095N/A comments (anywhere in line, not just as the beginning).
2095N/A It also aborted when an unrecognized keyword was seen,
2095N/A now it silently ignores the entire line.
2095N/A 251. [bug] lwresd caught an assertion failure on startup.
2095N/A 250. [bug] fixed handling of size+unit when value would be too
2095N/A large for internal representation.
2095N/A 249. [cleanup] max-cache-size config option now takes a size-spec
2095N/A like 'datasize', except 'default' is not allowed.
2095N/A 248. [bug] global lame-ttl option was not being printed when
2095N/A config structures were written out.
2095N/A 247. [cleanup] Rename cache-size config option to max-cache-size.
2095N/A 246. [func] Rename global option cachesize to cache-size and
2095N/A add corresponding option to view statement.
2095N/A 245. [bug] If an uncompressed name will take more than 255
2095N/A bytes and the buffer is sufficiently long,
2095N/A dns_name_fromwire should return DNS_R_FORMERR,
2095N/A not ISC_R_NOSPACE. This bug caused cause the
2095N/A server to catch an assertion failure when it
2095N/A received a query for a name longer than 255
2095N/A 242. [cleanup] fixed incorrect warning about auth-nxdomain usage.
2095N/A 241. [cleanup] nscount and soacount have been removed from the
2095N/A dns_master_*() argument lists.
2095N/A 240. [func] databases now come in three flavours: zone, cache
2095N/A 239. [func] If ISC_MEM_DEBUG is enabled, the variable
2095N/A isc_mem_debugging controls whether messages
2095N/A 238. [cleanup] A few more compilation warnings have been quieted:
1703N/A + PTHREAD_ONCE_INIT unbraced initializer warnings on
1703N/A + IN6ADDR_ANY_INIT unbraced initializer warnings on
1703N/A 237. [bug] If connect() returned ENOBUFS when the resolver was
1703N/A initiating a TCP query, the socket didn't get
2095N/A destroyed, and the server did not shut down cleanly.
1703N/A 236. [func] Added new listen-on-v6 config file statement.
2095N/A 235. [func] Consider it a config file error if a listen-on
1703N/A statement has an IPv6 address in it, or a
1703N/A listen-on-v6 statement has an IPv4 address in it.
2095N/A 234. [bug] Allow a trusted-key's first field (domain-name) be
1703N/A either a quoted or an unquoted string, instead of
2095N/A 233. [cleanup] Convert all config structure integer values to unsigned
1703N/A integer (isc_uint32_t) to match grammer.
1703N/A 232. [bug] Allow slave zones to not have a file.
2095N/A 231. [func] Support new 'port' clause in config file options
1703N/A section. Causes 'listen-on', 'masters' and
1703N/A 'also-notify' statements to use its value instead of
1703N/A 229. [func] Support config file sig-validity-interval statement
1703N/A in options, views and zone statements (master
1703N/A 228. [cleanup] Logging messages in config module stripped of
1703N/A 227. [cleanup] The enumerated identifiers dns_rdataclass_*,
2095N/A dns_rcode_*, dns_opcode_*, and dns_trust_* are
2095N/A also now cast to their appropriate types, as with
2095N/A dns_rdatatype_* in item number 225 below.
2095N/A 226. [func] dns_name_totext() now always prints the root name as
2095N/A '.', even when omit_final_dot is true.
2095N/A 225. [cleanup] The enumerated dns_rdatatype_* identifiers are now
2095N/A cast to dns_rdatatype_t via macros of their same name
2095N/A so that they are of the proper integral type wherever
2095N/A a dns_rdatatype_t is needed.
2095N/A 224. [cleanup] The entire project builds cleanly with gcc's
2095N/A -Wcast-qual and -Wwrite-strings warnings enabled,
2095N/A which is now the default when using gcc. (Warnings
2095N/A unfortunately to be expected.)
2095N/A 223. [func] Several functions were reprototyped to qualify one
2095N/A or more of their arguments with "const". Similarly,
2095N/A several functions that return pointers now have
2095N/A those pointers qualified with const.
2095N/A 222. [bug] The global 'also-notify' option was ignored.
2095N/A 221. [bug] An uninitialized variable was sometimes passed to
2095N/A dns_rdata_freestruct() when loading a zone, causing
2095N/A 220. [cleanup] Set the default outgoing port in the view, and
2095N/A set it in sockaddrs returned from the ADB.
2095N/A 219. [bug] Signed truncated messages more correctly follow
1703N/A 218. [func] When an rdataset is signed, its ttl is normalized
2095N/A based on the signature validity period.
1703N/A 217. [func] Also-notify and trusted-keys can now be used in
2095N/A 216. [func] The 'max-cache-ttl' and 'max-ncache-ttl' options
1703N/A 215. [bug] Failures at certain points in request processing
2095N/A could cause the assertion INSIST(client->lockview
1703N/A 214. [func] New public function isc_netaddr_format(), for
1703N/A formatting network addresses in log messages.
2095N/A 213. [bug] Don't leak memory when reloading the zone if
2095N/A an update-policy clause was present in the old zone.
1703N/A 211. [func] The 'key' and 'server' statements can now occur
2095N/A 210. [bug] The 'allow-transfer' option was ignored for slave
1703N/A zones, and the 'transfers-per-ns' option was
2095N/A 209. [cleanup] Upgraded openssl files to new version 0.9.5a
1703N/A 208. [func] Added ISC_OFFSET_MAXIMUM for the maximum value
1703N/A 207. [func] The dnssec tools properly use the logging subsystem.
1703N/A 206. [cleanup] dst now stores the key name as a dns_name_t, not
2095N/A 205. [cleanup] On IRIX, turn off the mostly harmless warnings 1692
2095N/A ("prototyped function redeclared without prototype")
2095N/A and 1552 ("variable ... set but not used") when
2095N/A directories, which contain code imported from outside
2095N/A 204. [cleanup] On
HP/UX, pass +vnocompatwarnings to the linker
2095N/A to quiet the warnings that "The linked output may not
2095N/A 203. [func] notify and zone soa queries are now tsig signed when
2095N/A 202. [func] isc_lex_getsourceline() changed from returning int
2095N/A to returning unsigned long, the type of its underlying
2095N/A 200. [bug] Failures in sending query responses to clients
2095N/A 199. [bug] isc_heap_delete() sometimes violated the heap
2095N/A invariant, causing timer events not to be posted
2095N/A 198. [func] Dispatch managers hold memory pools which
2095N/A any managed dispatcher may use. This allows
2095N/A us to avoid dipping into the memory context for
2095N/A most allocations. [19-May-2000 explorer]
2095N/A 197. [bug] When an incoming AXFR or IXFR completes, the
2095N/A zone's internal state is refreshed from the
2095N/A SOA data. [19-May-2000 explorer]
2095N/A 196. [func] Dispatchers can be shared easily between views
2095N/A 195. [bug] Including the NXT record of the root domain
2095N/A in a negative response caused an assertion
1703N/A 194. [doc] The PDF version of the Administrator's Reference
1703N/A Manual is no longer included in the ISC BIND9
1703N/A 193. [func] changed dst_key_free() prototype.
1703N/A 192. [bug] Zone configuration validation is now done at end
1703N/A of config file parsing, and before loading
1703N/A 191. [func] Patched to compile on UnixWare
7.x. This platform
1703N/A is not directly supported by the ISC.
1703N/A 190. [cleanup] The DNSSEC tools have been moved to a separate
1703N/A directory dnssec/ and given the following new,
1703N/A Their command line arguments have also been changed to
1703N/A be more consistent. dnssec-keygen now prints the
1703N/A name of the generated key files (sans extension)
1703N/A on standard output to simplify its use in automated
1703N/A 189. [func] isc_time_secondsastimet(), a new function, will ensure
1703N/A that the number of seconds in an isc_time_t does not
2095N/A exceed the range of a time_t, or return ISC_R_RANGE.
1703N/A Similarly, isc_time_now(), isc_time_nowplusinterval(),
1703N/A isc_time_add() and isc_time_subtract() now check the
1703N/A isc_time_subtract, this changed a calling requirement
1703N/A (ie, something that could generate an assertion)
1703N/A into merely a condition that returns an error result.
1703N/A isc_time_add() and isc_time_subtract() were void-
1703N/A valued before but now return isc_result_t.
1703N/A 188. [func] Log a warning message when an incoming zone transfer
1703N/A 187. [func] isc_ratelimter_enqueue() has an additional argument
1703N/A 186. [func] dns_request_getresponse() has an additional argument
1703N/A 185. [bug] Fixed up handling of ISC_MEMCLUSTER_LEGACY. Several
1703N/A public functions did not have an isc__ prefix, and
1703N/A referred to functions that had previously been
2095N/A standard, which says that such names are reserved.
1703N/A 183. [func] ISC_LOG_PRINTTAG option for log channels. Useful
1703N/A for logging the program name or other identifier.
1703N/A 182. [cleanup] New commandline parameters for dnssec tools
1703N/A 181. [func] Added dst_key_buildfilename and dst_key_parsefilename
1703N/A 180. [func] New isc_result_t ISC_R_RANGE. Supersedes DNS_R_RANGE.
1703N/A before any zone or view statements.
2095N/A has non-empty list of masters defined.
1703N/A 177. [func] New per-zone boolean:
1703N/A intended to let a zone be disabled without having
1703N/A to comment out the entire zone statement.
1703N/A 176. [func] New global and per-view option:
2095N/A 175. [func] New global and per-view option:
2095N/A additional-data internal | minimal | maximal;
2095N/A 174. [func] New public function isc_sockaddr_format(), for
2095N/A formatting socket addresses in log messages.
2095N/A 173. [func] Keep a queue of zones waiting for zone transfer
2095N/A quota so that a new transfer can be dispatched
2095N/A immediately whenever quota becomes available.
2095N/A 172. [bug] $TTL directive was sometimes missing from dumped
2095N/A master files because totext_ctx_init() failed to
2095N/A initialize ctx->current_ttl_valid.
2095N/A 171. [cleanup] On NetBSD systems, the mit-pthreads or
2095N/A unproven-pthreads library is now always used
2095N/A unless --with-ptl2 is explicitly specified on
2095N/A the configure command line. The
2095N/A --with-mit-pthreads option is no longer needed
2095N/A 170. [cleanup] Remove inter server consistancy checks from zone,
2095N/A these should return as a seperate module in 9.1.
2095N/A dns_zone_checkservers(), dns_zone_checkparents(),
2095N/A dns_zone_checkchildren(), dns_zone_checkglue().
2095N/A Remove dns_zone_setadb(), dns_zone_setresolver(),
2095N/A dns_zone_setrequestmgr() these should now be found
2095N/A 169. [func] ratelimiter can now process N events per interval.
2095N/A due to not consuming the semicolon ending the include
2095N/A statement before switching input streams.
2095N/A 167. [bug] Make lack of masters for a slave zone a soft error.
2095N/A 166. [bug] Keygen was overwriting existing keys if key_id
2095N/A conflicted, now it will retry, and non-null keys
2095N/A with key_id == 0 are not generated anymore. Key
2095N/A was not able to generate NOAUTHCONF DSA key,
2095N/A increased RSA key size to 2048 bits.
2095N/A 165. [cleanup] Silence "end-of-loop condition not reached" warnings
2095N/A 164. [func] Added functions isc_stdio_open(), isc_stdio_close(),
2095N/A isc_stdio_seek(), isc_stdio_read(), isc_stdio_write(),
2095N/A isc_stdio_flush(), isc_stdio_sync(), isc_file_remove()
2095N/A to encapsulate nonportable usage of errno and sync.
2095N/A 163. [func] Added result codes ISC_R_FILENOTFOUND and
2095N/A 162. [bug] Ensure proper range for arguments to
ctype.h functions.
2095N/A 161. [cleanup] error in yyparse prototype that only HPUX caught.
2095N/A 160. [cleanup] getnet*() are not going to be implemented at this
2095N/A 159. [func] Redefinition of config file elements is now an
2095N/A error (instead of a warning).
2095N/A 158. [bug] Log channel and category list copy routines
2095N/A weren't assigning properly to output parameter.
2095N/A 157. [port] Fix missing prototype for getopt().
2095N/A 156. [func] Support new 'database' statement in zone.
2095N/A 155. [bug] ns_notify_start() was not detaching the found zone.
2095N/A 154. [func] The signer now logs libdns warnings to stderr even when
2095N/A not verbose, and in a nicer format.
2095N/A 153. [func] dns_rdata_tostruct() 'mctx' is now optional. If 'mctx'
2095N/A is NULL then you need to preserve the 'rdata' until
2095N/A you have finished using the structure as there may be
2095N/A references to the associated memory. If 'mctx' is
2095N/A non-NULL it is guaranteed that there are no references
2095N/A to memory associated with 'rdata'.
2095N/A dns_rdata_freestruct() must be called if 'mctx' was
2095N/A non-NULL and may safely be called if 'mctx' was NULL.
2095N/A 152. [bug] keygen dumped core if domain name argument was omitted
2095N/A 151. [func] Support 'disabled' statement in zone config (causes
2095N/A zone to be parsed and then ignored). Currently must
2095N/A come after the 'type' clause.
2095N/A 150. [func] Support optional ports in masters and also-notify
2095N/A 149. [cleanup] Removed usused argument 'olist' from
2095N/A dns_c_view_unsetordering().
2095N/A 148. [cleanup] Stop issuing some warnings about some configuration
2095N/A file statements that were not implemented, but now are.
2095N/A 147. [bug] Changed yacc union size to be smaller for yaccs that
2095N/A put yacc-stack on the real stack.
2095N/A 146. [cleanup] More general redundant header file cleanup. Rather
2095N/A than continuing to itemize every header which changed,
2095N/A this changelog entry just notes that if a header file
2095N/A did not need another header file that it was including
2095N/A in order to provide its advertized functionality, the
2095N/A inclusion of the other header file was removed. See
2095N/A ISC_LANG_ENDDECLS to header files that had function
2095N/A prototypes, and removed it from those that did not.
2095N/A 144. [cleanup] libdns header files too numerous to name were made
2095N/A to conform to the same style for multiple inclusion
2095N/A 143. [func] Added function dns_rdatatype_isknown().
2095N/A 141. [bug] Corrupt requests with multiple questions could
2095N/A cause an assertion failure.
1703N/A 138. [cleanup] isc_strtouq moved from str.[ch] to string.[ch] and
1703N/A renamed isc_string_touint64. isc_strsep moved from
1703N/A made to conform to the same style for multiple
1703N/A for ISC_R_* codes used in macros.
1703N/A 129. [bug] The 'default_debug' log channel was not set up when
2095N/A 'category default' was present in the config file
1703N/A ISC_LANG_ENDDECLS at end of header.
1703N/A 127. [cleanup] The contracts for the comparision routines
1703N/A dns_name_fullcompare(), dns_name_compare(),
1703N/A dns_name_rdatacompare(), and dns_rdata_compare() now
1703N/A specify that the order value returned is < 0, 0, or > 0
2095N/A 124. [func] signer now imports parent's zone key signature
2095N/A symbol fixed from ISC_SYMBOL_H to ISC_SYMTAB_H.
2095N/A 119. [cleanup] structure definitions for generic rdata stuctures do
2095N/A not have _generic_ in their names.
2095N/A 118. [cleanup]
libdns.a is now namespace-clean, on NetBSD, excepting
2095N/A YACC crust (yyparse, etc) [2000-apr-27 explorer]
2095N/A dns_zone_clearnotify() and dns_zone_addnotify()
2095N/A are replaced by dns_zone_setnotifyalso().
2095N/A dns_zone_clearmasters() and dns_zone_addmaster()
2095N/A are replaced by dns_zone_setmasters().
2095N/A 115. [port] Shut up the -Wmissing-declarations warning about
2095N/A 113. [func] Utility programs dig and host added.
2095N/A 109. [bug] "make depend" did nothing for
2095N/A 107. [func] Add keysigner and keysettool.
2095N/A 106. [func] Allow dnssec verifications to ignore the validity
2095N/A period. Used by several of the dnssec tools.
2095N/A implicit conventions the developers have used.
2095N/A 104. [bug] Made compress_add and compress_find static to
2095N/A isc_buffer_base(b) (pointer)
2095N/A isc_buffer_current(b) (pointer)
2095N/A isc_buffer_active(b) (pointer)
2095N/A isc_buffer_used(b) (pointer)
2095N/A isc_buffer_usedlength(b) (int)
2095N/A isc_buffer_consumedlength(b) (int)
2095N/A isc_buffer_remaininglength(b) (int)
2095N/A isc_buffer_activelength(b) (int)
2095N/A isc_buffer_availablelength(b) (int)
2095N/A ISC_BUFFER_AVAILABLECOUNT(b)
2095N/A isc_buffer_usedregion(b, r)
2095N/A isc_buffer_available(b, r) ->
2095N/A isc_buffer_available_region(b, r)
2095N/A isc_buffer_consumed(b, r) ->
2095N/A isc_buffer_consumedregion(b, r)
2095N/A isc_buffer_activeregion(b, r)
2095N/A isc_buffer_remaining(b, r) ->
2095N/A isc_buffer_remainingregion(b, r)
2095N/A Buffer types were removed, so the ISC_BUFFERTYPE_*
1703N/A macros are no more, and the type argument to
1703N/A isc_buffer_init and isc_buffer_allocate were removed.
1703N/A isc_buffer_putstr is now void (instead of isc_result_t)
1703N/A and requires that the caller ensure that there
2095N/A is enough available buffer space for the string.
1703N/A 102. [port] Correctly detect inet_aton, inet_pton and inet_ptop
2095N/A 99. [cleanup] Rate limiter now has separate shutdown() and
2095N/A destroy() functions, and it guarantees that all
2095N/A queued events are delivered even in the shutdown case.
2095N/A unless ISC_PLATFORM_NEEDVSNPRINTF is defined.
2095N/A 94. [cleanup] Some installed header files did not compile as C++.
2095N/A 84. [func] allow-query ACL checks now apply to all data
2095N/A 83. [func] If the server is authoritative for both a
2095N/A delegating zone and its (nonsecure) delegatee, and
2095N/A a query is made for a KEY RR at the top of the
2095N/A delegatee, then the server will look for a KEY
2095N/A in the delegator if it is not found in the delegatee.
2095N/A 78. [cleanup] lwres_conftest renamed to lwresconf_test for
2095N/A consistency with other *_test programs.
2095N/A 77. [cleanup] typedef of isc_time_t and isc_interval_t moved from
2095N/A 76. [cleanup] Rewrote keygen.
2095N/A 75. [func] Don't load a zone if its database file is older
2095N/A than the last time the zone was loaded.
2095N/A 73. [func] New "file" API in libisc, including new function
2095N/A isc_file_getmodtime, isc_mktemplate renamed to
2095N/A isc_file_mktemplate and isc_ufile renamed to
2095N/A isc_file_openunique. By no means an exhaustive API,
2095N/A it is just what's needed for now.
2095N/A 72. [func] DNS_RBTFIND_NOPREDECESSOR and DNS_RBTFIND_NOOPTIONS
2095N/A added for dns_rbt_findnode, the former to disable the
2095N/A setting of the chain to the predecessor, and the
2095N/A latter to make clear when no options are set.
2095N/A 71. [cleanup] Made explicit the implicit REQUIREs of
2095N/A isc_time_seconds, isc_time_nanoseconds, and
2095N/A 70. [func] isc_time_set() added.
2095N/A 69. [bug] The zone object's master and also-notify lists grew
2095N/A longer with each server reload.
2095N/A 68. [func] Partial support for SIG(0) on incoming messages.
2095N/A 67. [performance] Allow use of alternate (compile-time supplied)
2095N/A 66. [func] Data in authoritative zones should have a trust level
2095N/A 65. [cleanup] Removed obsolete typedef of dns_zone_callbackarg_t
2095N/A 64. [func] The RBT, DB, and zone table APIs now allow the
2095N/A caller find the most-enclosing superdomain of
2095N/A 63. [func] Generate NOTIFY messages.
2095N/A 62. [func] Add UDP refresh support.
2095N/A 61. [cleanup] Use single quotes consistently in log messages.
2095N/A 60. [func] Catch and disallow singleton types on message
2095N/A when sending and receiving.
2095N/A == 0 assertion in query_newname().
2095N/A 57. [func] Added dns_nxt_typepresent()
2095N/A 56. [bug] SIG records were not properly returned in cached
2095N/A 55. [bug] Responses containing multiple names in the authority
2095N/A section were not negatively cached.
2095N/A 54. [bug] If a fetch with sigrdataset==NULL joined one with
2095N/A sigrdataset!=NULL or vice versa, the resolver
2095N/A could catch an assertion or lose signature data,
2095N/A 52. [bug] rndc: taskmgr and socketmgr were not initialized
2095N/A 50. [func] RBT deletion no longer requires a valid chain to work,
2095N/A and dns_rbt_deletenode was added.
2095N/A 49. [func] Each cache now has its own mctx.
2095N/A 48. [func] isc_task_create() no longer takes an mctx.
2095N/A isc_task_mem() has been eliminated.
2095N/A 47. [func] A number of modules now use memory context reference
2095N/A 46. [func] Memory contexts are now reference counted.
2095N/A Added isc_mem_inuse() and isc_mem_preallocate().
2095N/A Renamed isc_mem_destroy_check() to
2095N/A 45. [bug] The trusted-key statement incorrectly loaded keys.
2095N/A 44. [bug] Don't include authority data if it would force us
2095N/A to unset the AD bit in the message.
2095N/A 43. [bug] DNSSEC verification of cached rdatasets was failing.
2095N/A 42. [cleanup] Simplified logging of messages with embedded domain
2095N/A names by introducing a new convenience function
2095N/A 41. [func] Use PR_SET_KEEPCAPS on Linux 2.3.99-pre3 and later
2095N/A to allow 'named' to run as a non-root user while
2095N/A retaining the ability to bind() to privileged
2095N/A 40. [func] Introduced new logging category "dnssec" and
2095N/A 39. [cleanup] Moved the typedefs for isc_region_t, isc_textregion_t,
2095N/A 38. [bug] TSIG signed incoming zone transfers work now.
2095N/A 37. [bug] If the first RR in an incoming zone transfer was
2095N/A not an SOA, the server died with an assertion failure
2095N/A instead of just reporting an error.
2095N/A 36. [cleanup] Change DNS_R_SUCCESS (and others) to ISC_R_SUCCESS
2095N/A 35. [performance] Log messages which are of a level too high to be
2095N/A logged by any channel in the logging configuration
2095N/A will not cause the log mutex to be locked.
2095N/A 34. [bug] Recursion was allowed even with 'recursion no'.
2095N/A 33. [func] The RBT now maintains a parent pointer at each node.
2095N/A 30. [func] config file grammer change to support optional
2095N/A 29. [func] support new config file view options:
2095N/A auth-nxdomain recursion query-source
2095N/A query-source-v6 transfer-source
2095N/A transfer-source-v6 max-transfer-time-out
2095N/A max-transfer-idle-out transfer-format
2095N/A request-ixfr provide-ixfr cleaning-interval
2095N/A fetch-glue notify rfc2308-type1 lame-ttl
2095N/A 28. [func] support lame-ttl, min-roots and serial-queries
2095N/A Including it on other platforms (eg, NetBSD) can
2095N/A cause a forced #error from the C preprocessor.
2095N/A 26. [func] new match-clients statement in config file view.
2095N/A 24. [cleanup] Eliminate some unnecessary #includes of header
2095N/A 23. [cleanup] Provide more context in log messages about client
2095N/A requests, using a new function ns_client_log().
2095N/A 22. [bug] SIGs weren't returned in the answer section when
2095N/A the query resulted in a fetch.
2095N/A 21. [port] Look at STD_CINCLUDES after CINCLUDES during
2095N/A compilation, so additional system include directories
2095N/A can be searched but header files in the bind9 source
2095N/A tree with conflicting names take precedence. This
2095N/A avoids issues with installed versions of dnssafe and
2095N/A 20. [func] Configuration file post-load validation of zones
2095N/A failed if there were no zones.
2095N/A 19. [bug] dns_zone_notifyreceive() failed to unlock the zone
2095N/A lock in certain error cases.
2095N/A 18. [bug] Use AC_TRY_LINK rather than AC_TRY_COMPILE in
2095N/A 17. [func] Do configuration file post-load validation of zones.
2095N/A 16. [bug] put quotes around key names on config file
2095N/A output to avoid possible keyword clashes.
2095N/A 15. [func] Add dns_name_dupwithoffsets(). This function is
2095N/A improves comparison performance for duped names.
2095N/A 14. [bug] free_rbtdb() could have 'put' unallocated memory in
2095N/A 12. [bug] Fixed possible unitialized variable error.
2095N/A 11. [bug] axfr_rrstream_first() didn't check the result code of
2095N/A db_rr_iterator_first(), possibly causing an assertion
2095N/A 10. [bug] A bug in the code which makes EDNS0 OPT records in
2095N/A repeated code with macro calls.
2095N/A 8. [bug] Shutdown of incoming zone transfer accessed
2095N/A 7. [cleanup] removed 'listen-on' from view statement.
2095N/A 6. [bug] quote RR names when generating config file to
2095N/A prevent possible clash with config file keywords
2095N/A statements must now be enclosed by an 'update-policy'
2095N/A linux 2.3 kernel includes due to conflicts between
1703N/A C library includes and the kernel includes. We now
1703N/A avoid pulling in other linux kernel .h files.
1703N/A 3. [bug] TKEYs go in the answer section of responses, not
1703N/A 2. [bug] Generating cryptographic randomness failed on
1703N/A 1. [bug] The installdirs rule in
1703N/A prevented the isc directory from being created if it
2095N/A# This tells Emacs to use hard tabs in this file.