CHANGES revision b5ad0916242ca4ce3f053efe78c1725dce996717
9f28451bca8377ef6c9ea3b0a49bf342c9fa6800Mark Andrews4564. [maint] Update the built in managed keys to include the
9f28451bca8377ef6c9ea3b0a49bf342c9fa6800Mark Andrews upcoming root KSK. [RT #44579]
a110543bb4d2e53caa40f83c2b45786a1efe63efAndreas Gustafsson4563. [bug] Modified zones would occasionally fail to reload.
af5dc286ff4b750deec50d1c006aae5fc38019c0Mark Andrews4561. [port] Silence a warning in strict C99 compilers. [RT #44414]
ee303f481dfefcd4e4994f8b8b17f2de32aa4d69Brian Wellington4560. [bug] mdig: add -m option to enable memory debugging rather
ee303f481dfefcd4e4994f8b8b17f2de32aa4d69Brian Wellington than having it on all the time. [RT #44509]
86b8c485762daa54a96d033110f6f41ea96e5213David Lawrence4559. [bug] openssl_link.c didn't compile if ISC_MEM_TRACKLINES
86b8c485762daa54a96d033110f6f41ea96e5213David Lawrence was turned off. [RT #44509]
86b8c485762daa54a96d033110f6f41ea96e5213David Lawrence4558. [bug] Synthesised CNAME before matching DNAME was still
125a916d1a0c01f139ced5736145703df28d07cfDavid Lawrence being cached when it should not have been. [RT #44318]
125a916d1a0c01f139ced5736145703df28d07cfDavid Lawrence4557. [security] Combining dns64 and rpz can result in dereferencing
125a916d1a0c01f139ced5736145703df28d07cfDavid Lawrence a NULL pointer (read). (CVE-2017-3135) [RT#44434]
2115bc7d6433c92499d8e4f67e1c1dfa42ecd6f0David Lawrence4554. [bug] Remove double unlock in dns_dispatchmgr_setudp.
02e38214502c3a946cdfe87e16525747617a1150Brian Wellington4553. [bug] Named could deadlock there were multiple changes to
02e38214502c3a946cdfe87e16525747617a1150Brian Wellington NSEC/NSEC3 parameters for a zone being processed at
02e38214502c3a946cdfe87e16525747617a1150Brian Wellington the same time. [RT #42770]
f8da2d95835c5216570a45e9000f740321503ae3David Lawrence4552. [bug] Named could trigger a assertion when sending notify
f8da2d95835c5216570a45e9000f740321503ae3David Lawrence messages. [RT #44019]
fdb2cda3ed366699d70aaf67ee5ae7fcd2ca7561David Lawrence4551. [test] Add system tests for integrity checks of MX and
fdb2cda3ed366699d70aaf67ee5ae7fcd2ca7561David Lawrence SRV records. [RT #43953]
6094a7774954463e312f7266c8d4d3f26aa07d4aAndreas Gustafsson4550. [cleanup] Increased the number of available master file
8dc3d2006f679d0a291f7a20612c37e2a7146096Brian Wellington output style flags from 32 to 64. [RT #44043]
a110543bb4d2e53caa40f83c2b45786a1efe63efAndreas Gustafsson4547. [port] Add support for --enable-native-pkcs11 on the AEP
a110543bb4d2e53caa40f83c2b45786a1efe63efAndreas Gustafsson Keyper HSM. [RT #42463]
bd5f2ac1880f5f2e96b291378c3dff296fc011f1Mark Andrews --- 9.11.1b1 released ---
24c5978e0b32137305c2bef2c6e116ee7680a610Andreas Gustafsson4545. [func] Expand YAML output from dnstap-read to include
f0f61db621eed0c453e31bb85f6803c550e19a6bAndreas Gustafsson a detailed breakdown of the DNS message contents.
63612a0fe1abbeb8ab6d727a4cfe46831c481387Brian Wellington4544. [bug] Add message/payload size to dnstap-read YAML output.
125a916d1a0c01f139ced5736145703df28d07cfDavid Lawrence4543. [bug] dns_client_startupdate now delays sending the update
125a916d1a0c01f139ced5736145703df28d07cfDavid Lawrence request until isc_app_ctxrun has been called.
32bb863ea960caa650105b60dcd45e3db6840a6fAndreas Gustafsson4541. [bug] rndc addzone should properly reject non master/slave
7d33e8996948523e0180bc7e28a93d534d878dccAndreas Gustafsson zones. [RT #43665]
736aab3076e9bec708cec073f5cf8e6c4b588886Brian Wellington4540. [bug] Correctly handle ecs entries in dns_acl_isinsecure.
bb1cf189bb9fd9059cf13b785d15b0e50c0be8fbAndreas Gustafsson4539. [bug] Referencing a nonexistent zone with RPZ could lead
7cb10f77890fe36b14079c7beb848ec390a53e44Andreas Gustafsson to a assertion failure when configuring. [RT #43787]
7cb10f77890fe36b14079c7beb848ec390a53e44Andreas Gustafsson4538. [bug] Call dns_client_startresolve from client->task.
bb1cf189bb9fd9059cf13b785d15b0e50c0be8fbAndreas Gustafsson4537. [bug] Handle timeouts better in dig/host/nslookup. [RT #43576]
f53848e17123569387b279578f0100dca5407da5Mark Andrews4536. [bug] ISC_SOCKEVENTATTR_USEMINMTU was not being cleared
f53848e17123569387b279578f0100dca5407da5Mark Andrews when reusing the event structure. [RT #43885]
d46bf932ed5e1f58a4c424ce1ce7525963354482Brian Wellington4535. [bug] Address race condition in setting / testing of
d46bf932ed5e1f58a4c424ce1ce7525963354482Brian Wellington DNS_REQUEST_F_SENDING. [RT #43889]
64a84169d7eed05486b10be90afea58f4af146f9Brian Wellington4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879]
09671f9551077f9eae8c41619b61272cb9821100Andreas Gustafsson4533. [bug] dns_client_update should terminate on prerequisite
1599bd6998f54b2b34804d7332f543744368a586Mark Andrews failures (NXDOMAIN, YXDOMAIN, NXRRSET, YXRRSET)
acc63b06d9e4e2137950dabddcccd17d8b336ca0Olafur Gudmundsson and also on BADZONE. [RT #43865]
c8fc692fa1445ccfc39b68902546cdfc7ee30d3eBrian Wellington4532. [contrib] Make gen-data-queryperf.py python 3 compatible.
f19771c55d7e7d5bb38160e710185e6e61749d16Andreas Gustafsson4531. [security] 'is_zone' was not being properly updated by redirect2
f19771c55d7e7d5bb38160e710185e6e61749d16Andreas Gustafsson and subsequently preserved leading to an assertion
f19771c55d7e7d5bb38160e710185e6e61749d16Andreas Gustafsson failure. (CVE-2016-9778) [RT #43837]
f19771c55d7e7d5bb38160e710185e6e61749d16Andreas Gustafsson4530. [bug] Change 4489 broke the handling of CNAME -> DNAME
f1d427043e94371cdf1f21b3cbd65917adbcff25Andreas Gustafsson in responses resulting in SERVFAIL being returned.
f1d427043e94371cdf1f21b3cbd65917adbcff25Andreas Gustafsson4529. [cleanup] Silence noisy log warning when DSCP probe fails
f1d427043e94371cdf1f21b3cbd65917adbcff25Andreas Gustafsson due to firewall rules. [RT #43847]
6c29053a20f7614167bafa4388c666644a095349Andreas Gustafsson4528. [bug] Only set the flag bits for the i/o we are waiting
6c29053a20f7614167bafa4388c666644a095349Andreas Gustafsson for on EPOLLERR or EPOLLHUP. [RT #43617]
6c29053a20f7614167bafa4388c666644a095349Andreas Gustafsson4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831]
3d509f54ac6bbcc19de5aa6d1ce37e001821dc7bDavid Lawrence4526. [doc] Corrected errors and improved formatting of
3d509f54ac6bbcc19de5aa6d1ce37e001821dc7bDavid Lawrence grammar definitions in the ARM. [RT #43739]
3d509f54ac6bbcc19de5aa6d1ce37e001821dc7bDavid Lawrence4525. [doc] Fixed outdated documentation on managed-keys.
a59ed6543bbc13e7c784d6badce7b757c2620e28David Lawrence4524. [bug] The net zero test was broken causing IPv4 servers
a59ed6543bbc13e7c784d6badce7b757c2620e28David Lawrence with addresses ending in .0 to be rejected. [RT #43776]
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence4523. [doc] Expand config doc for <querysource4> and
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence <querysource6>. [RT #43768]
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence4522. [bug] Handle big gaps in log file version numbers better.
bf00f50cf43a43a999b5ab054cab652f7775dce6Brian Wellington4521. [cleanup] Log it as an error if an entropy source is not
bf00f50cf43a43a999b5ab054cab652f7775dce6Brian Wellington found and there is no fallback available. [RT #43659]
253f774e358dba38742a484426a4cadf4f248817Brian Wellington4520. [cleanup] Alphabetize more of the grammar when printing it
253f774e358dba38742a484426a4cadf4f248817Brian Wellington out. Fix unbalanced indenting. [RT #43755]
2de31518c3da27092120b40fc373cecf600d64e6Brian Wellington4519. [port] win32: handle ERROR_MORE_DATA. [RT #43534]
2de31518c3da27092120b40fc373cecf600d64e6Brian Wellington4517. [security] Named could mishandle authority sections that were
4ae3a03bb7dbb050adddc051a5df6f3de057eb27Andreas Gustafsson missing RRSIGs triggering an assertion failure.
4ae3a03bb7dbb050adddc051a5df6f3de057eb27Andreas Gustafsson (CVE-2016-9444) [RT # 43632]
4ae3a03bb7dbb050adddc051a5df6f3de057eb27Andreas Gustafsson4516. [bug] isc_socketmgr_renderjson was missing from the
10e22ebcc3629be94d37bf408157e2c5ee5740e0Andreas Gustafsson windows build. [RT #43602]
2732332fe53d00592109ef69c0075fcc2ad09db9Brian Wellington4515. [port] FreeBSD: Find readline headers when they are in
2732332fe53d00592109ef69c0075fcc2ad09db9Brian Wellington edit/readline/ instead of readline/. [RT #43658]
8fa78d9ad5f5ab6c69d1d52b00b1ffcdf1bd5bebMichael Sawyer4514. [port] NetBSD: strip -WL, from ld command line. [RT #43204]
8fa78d9ad5f5ab6c69d1d52b00b1ffcdf1bd5bebMichael Sawyer4513. [cleanup] Minimum Python versions are now 2.7 and 3.2.
e544b507b8019a62c5d2716281f6832519a8791dDavid Lawrence4512. [bug] win32: @GEOIP_INC@ missing from delv.vcxproj.in.
09de21079e902c7356d936ef4f2a31060b36e5f3Brian Wellington4511. [bug] win32: mdig.exe-BNFT was missing Configure. [RT #43554]
ee4429e13e08f30c366cdc5d10585388b8a9f212Michael Sawyer4510. [security] Named mishandled some responses where covering RRSIG
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence records are returned without the requested data
09671f9551077f9eae8c41619b61272cb9821100Andreas Gustafsson resulting in a assertion failure. (CVE-2016-9147)
3c7ce471aa8a1a9c5bc0ca9e41f406bdc9f0b2aeAndreas Gustafsson4509. [test] Make the rrl system test more reliable on slower
8aff41ca8ac8dbd9671f3da824406a8783db49d1Brian Wellington machines by using mdig instead of dig. [RT #43280]
8aff41ca8ac8dbd9671f3da824406a8783db49d1Brian Wellington4508. [security] Named incorrectly tried to cache TKEY records which
c9d7e543d0da2996d1cc52d3c5920141df49a4ecBrian Wellington could trigger a assertion failure when there was
c9d7e543d0da2996d1cc52d3c5920141df49a4ecBrian Wellington a class mismatch. (CVE-2016-9131) [RT #43522]
6dbf9cbe6a39a00de910ef843b9f864abf68bc40Brian Wellington4507. [bug] Named could incorrectly log 'allows updates by IP
6dbf9cbe6a39a00de910ef843b9f864abf68bc40Brian Wellington address, which is insecure' [RT #43432]
17aac384e029f5dd3314876058c7501f4d84b90bBrian Wellington4505. [port] Use IP_PMTUDISC_OMIT if available. [RT #35494]
17aac384e029f5dd3314876058c7501f4d84b90bBrian Wellington4504. [security] Allow the maximum number of records in a zone to
23f64ea0dcd7f5b7094ae6ade2a002fb7dde1466Brian Wellington be specified. This provides a control for issues
23f64ea0dcd7f5b7094ae6ade2a002fb7dde1466Brian Wellington raised in CVE-2016-6170. [RT #42143]
3c7ce471aa8a1a9c5bc0ca9e41f406bdc9f0b2aeAndreas Gustafsson4503. [cleanup] "make uninstall" now removes files installed by
3c7ce471aa8a1a9c5bc0ca9e41f406bdc9f0b2aeAndreas Gustafsson BIND. (This currently excludes Python files
3c7ce471aa8a1a9c5bc0ca9e41f406bdc9f0b2aeAndreas Gustafsson due to lack of support in setup.py.) [RT #42912]
3562c9dc12f06eb964ccefd3291a012f4e6b1743Brian Wellington4502. [func] Report multiple and experimental options when printing
3562c9dc12f06eb964ccefd3291a012f4e6b1743Brian Wellington grammar. [RT #43134]
4d5c668a91c6e5a26653031dd137292bfc03da52Andreas Gustafsson4500. [bug] Support modifier I64 in isc__print_printf. [RT #43526]
f437f6ffae28f88334cf47ce8f948cbf40331ffaAndreas Gustafsson4499. [port] MacOSX: silence deprecated function warning
704d6eeab1d8d6a2aeb99c37fa5a97322d9340fcBrian Wellington by using arc4random_stir() when available
704d6eeab1d8d6a2aeb99c37fa5a97322d9340fcBrian Wellington instead of arc4random_addrandom(). [RT #43503]
ed8ba54e644957e0ebd51601552193275299ca8dAndreas Gustafsson4498. [test] Simplify prerequisite checks in system tests.
4d5c668a91c6e5a26653031dd137292bfc03da52Andreas Gustafsson4497. [port] Add support for OpenSSL 1.1.0. [RT #41284]
4d5c668a91c6e5a26653031dd137292bfc03da52Andreas Gustafsson4496. [func] dig: add +idnout to control whether labels are
5a6335a8bffdcc15ab4b3bb01d070080f9bc892eMark Andrews display in punycode or not. Requires idn support
5a6335a8bffdcc15ab4b3bb01d070080f9bc892eMark Andrews to be enabled at compile time. [RT #43398]
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson4495. [bug] A isc_mutex_init call was not being checked.
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson4494. [bug] Look for <editline/readline.h>. [RT #43429]
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson4493. [bug] bin/tests/system/dyndb/driver/Makefile.in should use
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson SO_TARGETS. [RT# 43336]
4c08b67a5f01eda472a9dfee4c73dbbac49c0065Mark Andrews4492. [bug] irs_resconf_load failed to initialize sortlistnxt
f8abaa0fae7f75d9601c10b6a4af8dd907494d45Mark Andrews causing bad writes if resolv.conf contained a
f8abaa0fae7f75d9601c10b6a4af8dd907494d45Mark Andrews sortlist directive. [RT #43459]
1addbb84718fdb7635459ed05f060be086e88f35Andreas Gustafsson4491. [bug] Improve message emitted when testing whether sendmsg
1addbb84718fdb7635459ed05f060be086e88f35Andreas Gustafsson works with TOS/TCLASS fails. [RT #43483]
1addbb84718fdb7635459ed05f060be086e88f35Andreas Gustafsson4490. [maint] Added AAAA (2001:500:12::d0d) for G.ROOT-SERVERS.NET.
1addbb84718fdb7635459ed05f060be086e88f35Andreas Gustafsson4489. [security] It was possible to trigger assertions when processing
d3be9a9c6ef76a5d7671b0962785ca025b153d2bAndreas Gustafsson a response containing a DNAME answer. (CVE-2016-8864)
e9fce1415f8be4cd38d528950c92c481bd105254Mark Andrews4488. [port] Darwin: use -framework for Kerberos. [RT #43418]
e9fce1415f8be4cd38d528950c92c481bd105254Mark Andrews4487. [test] Make system tests work on Windows. [RT #42931]
483958540f0034d543f0564beb7877326f15a45bMark Andrews4486. [bug] Look in $prefix/lib/pythonX.Y/site-packages for
59e1a928bc4253b91ead0f7c46be7d3984cb3016Bob Halley the python modules we install. [RT #43330]
90cd33e0baf23574a88a4c967afec8b95a1801deAndreas Gustafsson4485. [bug] Failure to find readline when requested should be
90cd33e0baf23574a88a4c967afec8b95a1801deAndreas Gustafsson fatal to configure. [RT #43328]
517950ae99fa271b034a5cfec1c9fbb62696f975Mark Andrews4484. [func] Check prefixes in acls to make sure the address and
517950ae99fa271b034a5cfec1c9fbb62696f975Mark Andrews prefix lengths are consistent. Warn only in
517950ae99fa271b034a5cfec1c9fbb62696f975Mark Andrews BIND 9.11 and earlier. [RT #43367]
f9870620b346ed267023dc98ee81adcfef2e16b7Andreas Gustafsson4483. [bug] Address use before require check and remove extraneous
dfd7798d8b870abf03795d8095297a4b982ab6e9Mark Andrews dns_message_gettsigkey call in dns_tsig_sign.
19ff7edc1a6388085193f5487e1599f45aa62648Mark Andrews4482. [cleanup] Change #4455 was incomplete. [RT #43252]
8a0ff6c15cb20c903f9e16a3d5c2cab603478bc3Mark Andrews4478. [func] Add +continue option to mdig, allow continue on socket
8a0ff6c15cb20c903f9e16a3d5c2cab603478bc3Mark Andrews errors. [RT #43281]
a6dbd6b6604e27ae3c7190de20dbcaaa6e5a1fd8Andreas Gustafsson4477. [test] Fix mkeys test timing issues. [RT #41028]
0c0619cc1983ff58e855c5159d8892e46dddac5eBrian Wellington4476. [test] Fix reclimit test on slower machines. [RT #43283]
c472ead4a932f93251eddaa41e120c3bfc4f95a4Andreas Gustafsson4475. [doc] Update named-checkconf documentation. [RT #43153]
c472ead4a932f93251eddaa41e120c3bfc4f95a4Andreas Gustafsson4474. [bug] win32: call WSAStartup in fromtext_in_wks so that
d7e77a9b59138e8a94d3dfa4e41e1852ad51ac25Andreas Gustafsson getprotobyname and getservbyname work. [RT #43197]
a6dbd6b6604e27ae3c7190de20dbcaaa6e5a1fd8Andreas Gustafsson4473. [bug] Only call fsync / _commit on regular files. [RT #43196]
a6dbd6b6604e27ae3c7190de20dbcaaa6e5a1fd8Andreas Gustafsson4472. [bug] Named could fail to find the correct NSEC3 records when
383665e42ad838046472e847b16c4e0d3f1aaf76Bob Halley a zone was updated between looking for the answer and
383665e42ad838046472e847b16c4e0d3f1aaf76Bob Halley looking for the NSEC3 records proving nonexistence
383665e42ad838046472e847b16c4e0d3f1aaf76Bob Halley of the answer. [RT #43247]
383665e42ad838046472e847b16c4e0d3f1aaf76Bob Halley --- 9.11.0 released ---
383665e42ad838046472e847b16c4e0d3f1aaf76Bob Halley --- 9.11.0rc3 released ---
6b5a6fbe1cc0ceb7e2b516aaada596b79360a5b8Bob Halley4471. [cleanup] Render client/query logging format consistent for
6b5a6fbe1cc0ceb7e2b516aaada596b79360a5b8Bob Halley ease of log file parsing. (Note that this affects
5bbed85a33186db4e629e98f45ca702ac6b09127Brian Wellington "querylog" format: there is now an additional field
ba6fd2580863759baedd9c47153602b19006a324Andreas Gustafsson indicating the client object address.) [RT #43238]
ba6fd2580863759baedd9c47153602b19006a324Andreas Gustafsson4470. [bug] Reset message with intent parse before
ba6fd2580863759baedd9c47153602b19006a324Andreas Gustafsson calling dns_dispatch_getnext. [RT #43229]
ba6fd2580863759baedd9c47153602b19006a324Andreas Gustafsson --- 9.11.0rc2 released ---
86a4d80e0624a10b1824d25018246e1ea63f55d2Andreas Gustafsson4468. [bug] Address ECS option handling issues. [RT #43191]
dd16d9d9e77c2d906ee5ffa3dd9f71cacfbcb081Brian Wellington4467. [security] It was possible to trigger an assertion when
dd16d9d9e77c2d906ee5ffa3dd9f71cacfbcb081Brian Wellington rendering a message. (CVE-2016-2776) [RT #43139]
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson4466. [bug] Interface scanning didn't work on a Windows system
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson without a non local IPv6 addresses. [RT #43130]
850d70818503ca1b0f98c9c70b16b51e789fd705Andreas Gustafsson4465. [bug] Don't use "%z" as Windows doesn't support it.
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence4464. [bug] Fix windows python support. [RT #43173]
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence4463. [bug] The dnstap system test failed on some systems.
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence4462. [bug] Don't describe a returned EDNS COOKIE as "good"
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence when there isn't a valid server cookie. [RT #43167]
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence4461. [bug] win32: not all external data was properly marked
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence as external data for windows dll. [RT #43161]
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence --- 9.11.0rc1 released ---
5afc10d6d8278c9ab34b9f6c82ef7bb3bfefd0efAndreas Gustafsson4460. [test] Add system test for dnstap using unix domain sockets.
78d78f05d91205cbde33ca87d24b8d13aa2d8d66Brian Wellington4459. [bug] TCP client objects created to handle pipeline queries
78d78f05d91205cbde33ca87d24b8d13aa2d8d66Brian Wellington were not cleaned up correctly, causing uncontrolled
5afc10d6d8278c9ab34b9f6c82ef7bb3bfefd0efAndreas Gustafsson memory growth. [RT #43106]
5afc10d6d8278c9ab34b9f6c82ef7bb3bfefd0efAndreas Gustafsson4458. [cleanup] Update assertions to be more correct, and also remove
5afc10d6d8278c9ab34b9f6c82ef7bb3bfefd0efAndreas Gustafsson use of a reserved word. [RT #43090]
3f01dde0bd24561fc3a6c2f7e259a58af4457a86Brian Wellington4457. [maint] Added AAAA (2001:500:a8::e) for E.ROOT-SERVERS.NET.
626b221f7113479a0709f0bb0a8193c0ab0dcf84Andreas Gustafsson4456. [doc] Add DOCTYPE and lang attribute to <html> tags.
626b221f7113479a0709f0bb0a8193c0ab0dcf84Andreas Gustafsson4455. [cleanup] Allow dyndb modules to correctly log the filename
733e928f714c848aa394c2d12b6239bc7780101bMark Andrews and line number when processing configuration text
733e928f714c848aa394c2d12b6239bc7780101bMark Andrews from named.conf. [RT #43050]
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson4454. [bug] 'rndc dnstap -reopen' had a race issue. [RT #43089]
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington4453. [bug] Prefetching of DS records failed to update their
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington RRSIGs. [RT #42865]
c379c1bddb2d84c9219ab6c394b33aa866b9f3bfAndreas Gustafsson4452. [bug] The default key manager policy file is now
c379c1bddb2d84c9219ab6c394b33aa866b9f3bfAndreas Gustafsson <sysdir>/dnssec-policy.conf (usually
17442ccc2b2e9c3b3bfc337f0fdfad6186fbb123Mark Andrews4451. [cleanup] Log more useful information if a PKCS#11 provider
17442ccc2b2e9c3b3bfc337f0fdfad6186fbb123Mark Andrews library cannot be loaded. [RT #43076]
61b0df9eb522f13aef13cc2704728e799cbc251aMichael Sawyer4450. [port] Provide more nuanced HSM support which better matches
61b0df9eb522f13aef13cc2704728e799cbc251aMichael Sawyer the specific PKCS11 providers capabilities. [RT #42458]
369bb68c2c7709c7fd8b0d6c1d1f8abc6422a7e2Michael Sawyer4449. [test] Fix catalog zones test on slower systems. [RT #42997]
369bb68c2c7709c7fd8b0d6c1d1f8abc6422a7e2Michael Sawyer4448. [bug] win32: ::1 was not being found when iterating
369bb68c2c7709c7fd8b0d6c1d1f8abc6422a7e2Michael Sawyer interfaces. [RT #42993]
3dcb97b199693012d12e978b8f577a339e434361Andreas Gustafsson4447. [tuning] Allow the fstrm_iothr_init() options to be set using
a3e41e3c03a32b00fc243fce538a39ddc7237885Andreas Gustafsson named.conf to control how dnstap manages the data
a3e41e3c03a32b00fc243fce538a39ddc7237885Andreas Gustafsson flow. [RT #42974]
a3e41e3c03a32b00fc243fce538a39ddc7237885Andreas Gustafsson4446. [bug] The cache_find() and _findrdataset() functions
4ec1a96d90784f70380bdec66f8a0bd6718a5b71Mark Andrews could find rdatasets that had been marked stale.
0fc89c4ee660e825ac66774f2d4912cfc396386aMark Andrews4445. [cleanup] isc_errno_toresult() can now be used to call the
0fc89c4ee660e825ac66774f2d4912cfc396386aMark Andrews formerly private function isc__errno2result().
c03298d879554fc5dc197c28fd4b686e0d880ee3Mark Andrews4444. [bug] Fixed some issues related to dyndb: A bug caused
c03298d879554fc5dc197c28fd4b686e0d880ee3Mark Andrews braces to be omitted when passing configuration text
04c22ceaf2d3812eaab69d79958d0e0d62048cd2Mark Andrews from named.conf to a dyndb driver, and there was a
04c22ceaf2d3812eaab69d79958d0e0d62048cd2Mark Andrews use-after-free in the sample dyndb driver. [RT #43050]
04c22ceaf2d3812eaab69d79958d0e0d62048cd2Mark Andrews4443. [func] Set TCP_MAXSEG in addition to IPV6_USE_MIN_MTU on
04c22ceaf2d3812eaab69d79958d0e0d62048cd2Mark Andrews TCP sockets. [RT #42864]
04c22ceaf2d3812eaab69d79958d0e0d62048cd2Mark Andrews4442. [bug] Fix RPZ CIDR tree insertion bug that corrupted
6ef15459b8fd3fc8b5672da4ad72c19a755dbe45Mark Andrews tree data structure with overlapping networks
b65f2ab14abb4b6ef906d7d02064fba158f07b1eDavid Lawrence (longest prefix match was ineffective).
b65f2ab14abb4b6ef906d7d02064fba158f07b1eDavid Lawrence4441. [cleanup] Alphabetize host's help output. [RT #43031]
b65f2ab14abb4b6ef906d7d02064fba158f07b1eDavid Lawrence4440. [func] Enable TCP fast open support when available on the
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews server side. [RT #42866]
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews4439. [bug] Address race conditions getting ownernames of nodes.
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews4438. [func] Use LIFO rather than FIFO when processing startup
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews notify and refresh queries. [RT #42825]
389c749a5ee18f1c0d6278ae49f2aae5d5f0d2dcMark Andrews4437. [func] Minimal-responses now has two additional modes
389c749a5ee18f1c0d6278ae49f2aae5d5f0d2dcMark Andrews no-auth and no-auth-recursive which suppress
72fa265baa3d138b43427bcb5c0838740f807045Mark Andrews adding the NS records to the authority section
09671f9551077f9eae8c41619b61272cb9821100Andreas Gustafsson as well as the associated address records for the
72fa265baa3d138b43427bcb5c0838740f807045Mark Andrews nameservers. [RT #42005]
4b6d5b2312d1482cc406fe58fa3269dd7a915b3fMark Andrews4436. [func] Return TLSA records as additional data for MX and SRV
4b6d5b2312d1482cc406fe58fa3269dd7a915b3fMark Andrews lookups. [RT #42894]
29c818c7d40fc8898b062903ec703851328a4deaMark Andrews4435. [tuning] Only set IPV6_USE_MIN_MTU for UDP when the message
29c818c7d40fc8898b062903ec703851328a4deaMark Andrews will not fit into a single IPv4 encapsulated IPv6
b1cde6bf3a8e3a77eb77caf97df0d7ec5c8450dfBrian Wellington UDP packet when transmitted over a Ethernet link.
f8abaa0fae7f75d9601c10b6a4af8dd907494d45Mark Andrews4434. [protocol] Return EDNS EXPIRE option for master zones in addition
f8abaa0fae7f75d9601c10b6a4af8dd907494d45Mark Andrews to slave zones. [RT #43008]
f8abaa0fae7f75d9601c10b6a4af8dd907494d45Mark Andrews4433. [cleanup] Report an error when passing an invalid option or
28b7844ee93231da831ba3c090e1677bb1be5f18Andreas Gustafsson view name to "rndc dumpdb". [RT #42958]
37d1c8ee546ae89720c3e17e57ee3a05e9cdc7b9Brian Wellington4432. [test] Hide rndc output on expected failures in logfileconfig
37d1c8ee546ae89720c3e17e57ee3a05e9cdc7b9Brian Wellington system test. [RT #27996]
28b7844ee93231da831ba3c090e1677bb1be5f18Andreas Gustafsson4431. [bug] named-checkconf now checks the rate-limit clause.
28b7844ee93231da831ba3c090e1677bb1be5f18Andreas Gustafsson4430. [bug] Lwresd died if a search list was not defined.
28b7844ee93231da831ba3c090e1677bb1be5f18Andreas Gustafsson Found by 0x710DDDD At Alibaba Security. [RT #42895]
78db9e8f4b686fde6dfa0ec85a68c06cc9d4bf28Brian Wellington4429. [bug] Address potential use after free on fclose() error.
78db9e8f4b686fde6dfa0ec85a68c06cc9d4bf28Brian Wellington4428. [bug] The "test dispatch getnext" unit test could fail
b20ee662a7c847c9ef7b96ab9e5e34543efe5c0dMark Andrews in a threaded build. [RT #42979]
b20ee662a7c847c9ef7b96ab9e5e34543efe5c0dMark Andrews4427. [bug] The "query" and "response" parameters to the
450995b90c8cb66d82c2377d4f9bd9812a132c30Andreas Gustafsson "dnstap" option had their functions reversed.
450995b90c8cb66d82c2377d4f9bd9812a132c30Andreas Gustafsson --- 9.11.0b3 released ---
190fbe9738bd0c1b9b13732bb8bd56b2b7c71640David Lawrence4426. [bug] Addressed Coverity warnings. [RT #42908]
190fbe9738bd0c1b9b13732bb8bd56b2b7c71640David Lawrence4425. [bug] arpaname, dnstap-read and named-rrchecker were not
190fbe9738bd0c1b9b13732bb8bd56b2b7c71640David Lawrence being installed into ${prefix}/bin. Tidy up
190fbe9738bd0c1b9b13732bb8bd56b2b7c71640David Lawrence installation issues with CHANGE 4421. [RT #42910]
190fbe9738bd0c1b9b13732bb8bd56b2b7c71640David Lawrence4424. [experimental] Named now sends _ta-XXXX.<trust-anchor>/NULL queries
c40085afa75a5eae732ec1198384dd5cb24400b6Bob Halley to provide feedback to the trust-anchor administrators
c40085afa75a5eae732ec1198384dd5cb24400b6Bob Halley about how key rollovers are progressing as per
7b438bdb9b821f9f1c96443762072e137716048dBrian Wellington draft-ietf-dnsop-edns-key-tag-02. This can be
c40085afa75a5eae732ec1198384dd5cb24400b6Bob Halley disabled using 'trust-anchor-telemetry no;'.
7b438bdb9b821f9f1c96443762072e137716048dBrian Wellington4423. [maint] Added missing IPv6 address 2001:500:84::b for
c40085afa75a5eae732ec1198384dd5cb24400b6Bob Halley4422. [port] Silence clang warnings in dig.c and dighost.c.
c40085afa75a5eae732ec1198384dd5cb24400b6Bob Halley4421. [func] When built with LMDB (Lightning Memory-mapped
86c270cbb24117976d6cd3098c3010e067915c24Andreas Gustafsson Database), named will now use a database to store
86c270cbb24117976d6cd3098c3010e067915c24Andreas Gustafsson the configuration for zones added by "rndc addzone"
10258f6b3d1ce54ffb22e6b9a31f8f001f7ee2d5Mark Andrews instead of using a flat NZF file. This improves
b38ebe307cb2411535c79afd441870a99cc50eddMark Andrews performance of "rndc delzone" and "rndc modzone"
b38ebe307cb2411535c79afd441870a99cc50eddMark Andrews significantly. Existing NZF files will
b38ebe307cb2411535c79afd441870a99cc50eddMark Andrews automatically by converted to NZD databases.
c2e0aac879097f81bcd31e3d09660a71e70c5fb0Michael Sawyer To view the contents of an NZD or to roll back to
8217f91f8d2dd6e94a2bf893284506ea47cd294aAndreas Gustafsson NZF format, use "named-nzd2nzf". To disable
c2e0aac879097f81bcd31e3d09660a71e70c5fb0Michael Sawyer this feature, use "configure --without-lmdb".
588b63e1a86fb707172830e14897da624ed380edMark Andrews4420. [func] nslookup now looks for AAAA as well as A by default.
bb17aa91c14de959b191a200df61afb6a68f110fBrian Wellington4419. [bug] Don't cause undefined result if the label of an
452d75b18f9d050086964fa39c326cf388517396Mark Andrews entry in catalog zone is changed. [RT #42708]
2b4db0b6d4b5a0307cecbafdd1d34d6f61b7dbadMark Andrews4418. [bug] Fix a compiler warning in GSSAPI code. [RT #42879]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington4417. [bug] dnssec-keymgr could fail to create successor keys
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington if the prepublication interval was set to a value
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington smaller than the default. [RT #42820]
2a37aa188c2297e0c0856c3e5740c43dd426a432Mark Andrews4416. [bug] dnssec-keymgr: Domain names in policy files could
2a37aa188c2297e0c0856c3e5740c43dd426a432Mark Andrews fail to match due to trailing dots. [RT #42807]
6c87cf19970a9eef43c1e38227cd23b3a2f6151aMark Andrews4415. [bug] dnssec-keymgr: Expired/deleted keys were not always
6c87cf19970a9eef43c1e38227cd23b3a2f6151aMark Andrews excluded. [RT #42884]
7869b99dc815e3b863351b8095d1b71b3f583541Brian Wellington4414. [bug] Corrected a bug in the MIPS implementation of
df1e829dde71ab960545453e4ae439ae601d5a9eMark Andrews isc_atomic_xadd(). [RT #41965]
df1e829dde71ab960545453e4ae439ae601d5a9eMark Andrews4413. [bug] GSSAPI negotiation could fail if GSS_S_CONTINUE_NEEDED
df1e829dde71ab960545453e4ae439ae601d5a9eMark Andrews was returned. [RT #42733]
df1e829dde71ab960545453e4ae439ae601d5a9eMark Andrews --- 9.11.0b2 released ---
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer4412. [cleanup] Make fixes for GCC 6. ISC_OFFSET_MAXIMUM macro was
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer removed. [RT #42721]
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer4411. [func] "rndc dnstap -roll" automatically rolls the
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer dnstap output file; the previous version is
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson saved with ".0" suffix, and earlier versions
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer with ".1" and so on. An optional numeric argument
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer indicates how many prior files to save. [RT #42830]
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer4410. [bug] Address use after free and memory leak with dnstap.
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer4409. [bug] DNS64 should exclude mapped addresses by default when
e65fe7af00935a0a81d4b0b0ed51c7f6c89f5c3bAndreas Gustafsson an exclude acl is not defined. [RT #42810]
e65fe7af00935a0a81d4b0b0ed51c7f6c89f5c3bAndreas Gustafsson4408. [func] Continue waiting for expected response when we the
4bb3a1a63d7943564f30bf9efd312283141439a2Andreas Gustafsson response we get does not match the request. [RT #41026]
4bb3a1a63d7943564f30bf9efd312283141439a2Andreas Gustafsson4407. [performance] Use GCC builtin for clz in RPZ lookup code.
e2b52099918681498136fc82df192d256cc3cdd3Brian Wellington4406. [security] getrrsetbyname with a non absolute name could
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson trigger an infinite recursion bug in lwresd
389ec663f262cc219e986d6600eec9707ef2cb24Brian Wellington and named with lwres configured if when combined
e549eb1242b69ee050440e7205a5633cb56199b3Mark Andrews with a search list entry the resulting name is
e549eb1242b69ee050440e7205a5633cb56199b3Mark Andrews too long. (CVE-2016-2775) [RT #42694]
88cef4408ab6b4c48702ed1b3ae27e20f485d864Mark Andrews4405. [bug] Change 4342 introduced a regression where you could
88cef4408ab6b4c48702ed1b3ae27e20f485d864Mark Andrews not remove a delegation in a NSEC3 signed zone using
88cef4408ab6b4c48702ed1b3ae27e20f485d864Mark Andrews OPTOUT via nsupdate. [RT #42702]
fce9a9550e8e7a6dff4093d4815ec41fae2d7b55Mark Andrews4404. [misc] Allow krb5-config to be used when configuring gssapi.
693ddf84daa745a0ea8ca311a8154dfa03eabc43Andreas Gustafsson4403. [bug] Rename variables and arguments that shadow: basename,
93d5a6b95e88f57b7619d9728f06e3aa5e2f0c65Andreas Gustafsson clone and gai_error.
ff7e6f2791cc5ad7c5f401a184b88343fde5ec3cAndreas Gustafsson4402. [bug] protoc-c is now a hard requirement for --enable-dnstap.
ff7e6f2791cc5ad7c5f401a184b88343fde5ec3cAndreas Gustafsson --- 9.11.0b1 released ---
ff7e6f2791cc5ad7c5f401a184b88343fde5ec3cAndreas Gustafsson4401. [misc] Change LICENSE to MPL 2.0.
2bebe117bf96d7e24df4d703d6488d61a5179bcaMark Andrews4400. [bug] ttl policy was not being inherited in policy.py.
3f123dcc2fe5d2cd08ca91b732741d86a4036906Brian Wellington4399. [bug] policy.py 'ECCGOST', 'ECDSAP256SHA256', and
3f123dcc2fe5d2cd08ca91b732741d86a4036906Brian Wellington 'ECDSAP384SHA384' don't have settable keysize.
16ea60d0dbbaf1206f4800cb16744ef568fd7be8Michael Sawyer4398. [bug] Correct spelling of ECDSAP256SHA256 in policy.py.
85b23709431b1a84924fe2844f5cf657d1689eefMichael Sawyer4397. [bug] Update Windows python support. [RT #42538]
85b23709431b1a84924fe2844f5cf657d1689eefMichael Sawyer4396. [func] dnssec-keymgr now takes a '-r randomfile' option.
d15f51c600ed29b2dc379c433fb226c3a13ac0bbAndreas Gustafsson4395. [bug] Improve out-of-tree installation of python modules.
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson4394. [func] Add rndc command "dnstap-reopen" to close and
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson reopen dnstap output files. [RT #41803]
e412ae947df6de858883564b8676a9650df70d9aMark Andrews4393. [bug] Address potential NULL pointer dereferences in
e412ae947df6de858883564b8676a9650df70d9aMark Andrews dnstap code.
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson4392. [func] Collect statistics for RSSAC02v3 traffic-volume,
07a926724c0a91d85b85a94441938d0094e88cffMark Andrews traffic-sizes and rcode-volume reporting. [RT #41475]
07a926724c0a91d85b85a94441938d0094e88cffMark Andrews4391. [contrib] Fix leaks in contrib DLZ code. [RT #42707]
90023730de34721b8cd8f3b5d059a28b7a65cf04Andreas Gustafsson4390. [doc] Description of masters with TSIG, allow-query and
90023730de34721b8cd8f3b5d059a28b7a65cf04Andreas Gustafsson allow-transfer options in catalog zones. [RT #42692]
922e6a3c2ac4ef900dd9dc99f0cc137f18372583Andreas Gustafsson4389. [test] Rewritten test suite for catalog zones. [RT #42676]
922e6a3c2ac4ef900dd9dc99f0cc137f18372583Andreas Gustafsson4388. [func] Support for master entries with TSIG keys in catalog
280747fa7c1d4597d47f7be8ec5fb7c8980c1952Andreas Gustafsson zones. [RT #42577]
280747fa7c1d4597d47f7be8ec5fb7c8980c1952Andreas Gustafsson4387. [bug] Change 4336 was not complete leading to SERVFAIL
0e07026a21dfcaf57dc789e7ece20182dc36029cMark Andrews being return as NS records expired. [RT #42683]
27d725f2b0f8d176d4625dc8b2ed71269b25c9a7Andreas Gustafsson4386. [bug] Remove shadowed overmem function/variable. [RT #42706]
337ca1838428c52bca3c72288342ce3dee550a04Andreas Gustafsson4385. [func] Add support for allow-query and allow-transfer ACLs
337ca1838428c52bca3c72288342ce3dee550a04Andreas Gustafsson to catalog zones. [RT #42578]
337ca1838428c52bca3c72288342ce3dee550a04Andreas Gustafsson4384. [bug] Change 4256 accidentally disabled logging of the
337ca1838428c52bca3c72288342ce3dee550a04Andreas Gustafsson rndc command. [RT #42654]
6b0ce7d29fac9df84ed34aa2d4634e754aec750dAndreas Gustafsson4383. [bug] Correct spelling error in stats channel description of
6b0ce7d29fac9df84ed34aa2d4634e754aec750dAndreas Gustafsson "EDNS client subnet option received". [RT #42633]
dc2e45d08d73fdaefd92dbfa4d69b4d3f3b0f249Andreas Gustafsson4382. [bug] rndc {addzone,modzone,delzone,showzone} should all
6b0ce7d29fac9df84ed34aa2d4634e754aec750dAndreas Gustafsson compare the zone name using a canonical format.
27d725f2b0f8d176d4625dc8b2ed71269b25c9a7Andreas Gustafsson4381. [bug] Missing "zone-directory" option in catalog zone
27d725f2b0f8d176d4625dc8b2ed71269b25c9a7Andreas Gustafsson definition caused BIND to crash. [RT #42579]
c89ac488df58cf6a37918cd00236eedf015830f8Andreas Gustafsson --- 9.11.0a3 released ---
c89ac488df58cf6a37918cd00236eedf015830f8Andreas Gustafsson4380. [experimental] Added a "zone-directory" option to "catalog-zones"
46a7e707fee6d7ba6ca6dae200ff6e0230f4d2f1Brian Wellington syntax, allowing local masterfiles for slaves
46a7e707fee6d7ba6ca6dae200ff6e0230f4d2f1Brian Wellington that are provisioned by catalog zones to be stored
9d3ef72b37c7d23ce3aaaaa5cd0434b4e5ed5c12Mark Andrews in a directory other than the server's working
9d3ef72b37c7d23ce3aaaaa5cd0434b4e5ed5c12Mark Andrews directory. [RT #42527]
a7c76f1924d5fc914c579fd3b0276ffbddd2f65aMark Andrews4379. [bug] An INSIST could be triggered if a zone contains
a7c76f1924d5fc914c579fd3b0276ffbddd2f65aMark Andrews RRSIG records with expiry fields that loop
c50a002bd1e36d13e95d74b43ed4a2b5d6fdcec3Mark Andrews using serial number arithmetic. [RT #40571]
c50a002bd1e36d13e95d74b43ed4a2b5d6fdcec3Mark Andrews4378. [contrib] #include <isc/string.h> for strlcat in zone2ldap.c.
c50a002bd1e36d13e95d74b43ed4a2b5d6fdcec3Mark Andrews4377. [bug] Don't reuse zero TTL responses beyond the current
c50a002bd1e36d13e95d74b43ed4a2b5d6fdcec3Mark Andrews client set (excludes ANY/SIG/RRSIG queries).
566155f16e43fe5f1550456e534b31b0cc36d243David Lawrence4376. [experimental] Added support for Catalog Zones, a new method for
07a46d6dca37ef96b6e9c1fc0c2789983d91819cAndreas Gustafsson provisioning secondary servers in which a list of
566155f16e43fe5f1550456e534b31b0cc36d243David Lawrence zones to be served is stored in a DNS zone and can
051beeafa6547440da17985665b31952b85ede56Brian Wellington be propagated to slaves via AXFR/IXFR. [RT #41581]
07a46d6dca37ef96b6e9c1fc0c2789983d91819cAndreas Gustafsson4375. [func] Add support for automatic reallocation of isc_buffer
07a46d6dca37ef96b6e9c1fc0c2789983d91819cAndreas Gustafsson to isc_buffer_put* functions. [RT #42394]
6d85ebc2d2ccbb8ef01c3ac1659686d3c2be0377Brian Wellington4374. [bug] Use SAVE/RESTORE macros in query.c to reduce the
6d85ebc2d2ccbb8ef01c3ac1659686d3c2be0377Brian Wellington probability of reference counting errors as seen
4a0b04961653b4153402dabd71dfd8474b6c230dAndreas Gustafsson in 4365. [RT #42405]
4a0b04961653b4153402dabd71dfd8474b6c230dAndreas Gustafsson4373. [bug] Address undefined behavior in getaddrinfo. [RT #42479]
98b8d49c0c0bbace27966eed5811bc81255ce297Brian Wellington4372. [bug] Address undefined behavior in libt_api. [RT #42480]
a94948ad5b3b258ce9503b7322bdf82c0baabcabAndreas Gustafsson4371. [func] New "minimal-any" option reduces the size of UDP
e42c402595802edceafbd3e5338dda011fbbcdb6Michael Sawyer responses for qtype ANY by returning a single
cc7420cb3b8eb2c48a00384784701bfee37cc96fAndreas Gustafsson arbitrarily selected RRset instead of all RRsets.
8357e90fba97010a86356a41c8a961d5d602d7d0Michael Sawyer Thanks to Tony Finch. [RT #41615]
a94948ad5b3b258ce9503b7322bdf82c0baabcabAndreas Gustafsson4370. [bug] Address python3 compatibility issues with RNDC module.
a94948ad5b3b258ce9503b7322bdf82c0baabcabAndreas Gustafsson [RT #42499] [RT #42506]
3291587f23b940c986f41cf37b2e531f618ec2bdMichael Sawyer --- 9.11.0a2 released ---
b374727d513049b4bfcb9eb021002595fe6a7c63Mark Andrews4369. [bug] Fix 'make' and 'make install' out-of-tree python
b374727d513049b4bfcb9eb021002595fe6a7c63Mark Andrews support. [RT #42484]
d922e82162b4d0d2387a531ebc127abe9fe4cf2bAndreas Gustafsson4368. [bug] Fix a crash when calling "rndc stats" on some
b374727d513049b4bfcb9eb021002595fe6a7c63Mark Andrews Windows builds because some Visual Studio compilers
2868291ab5d4deba4d61c110f92dc397807702c7Mark Andrews generated crashing code for the "%z" printf()
2868291ab5d4deba4d61c110f92dc397807702c7Mark Andrews format specifier. [RT #42380]
be1d71fd17c92b0acee36ba43ebe4daa498e8014Mark Andrews4367. [bug] Remove unnecessary assignment of loadtime in
b374727d513049b4bfcb9eb021002595fe6a7c63Mark Andrews zone_touched. [RT #42440]
8e732de92e9814e3fa54e36d2154939ea6086b16Andreas Gustafsson4366. [bug] Address race condition when updating rbtnode bit
8e732de92e9814e3fa54e36d2154939ea6086b16Andreas Gustafsson fields. [RT #42379]
afd2f40b3cff8c3c307155bdc27e5b60e9115545Andreas Gustafsson4365. [bug] Address zone reference counting errors involving
afd2f40b3cff8c3c307155bdc27e5b60e9115545Andreas Gustafsson nxdomain-redirect. [RT #42258]
afd2f40b3cff8c3c307155bdc27e5b60e9115545Andreas Gustafsson4364. [port] freebsd: add -Wl,-E to loader flags [RT #41690]
c605f30cd7d540243509c86cf31b01bdd4fe19feMark Andrews4363. [port] win32: Disable explicit triggering UAC when running
c605f30cd7d540243509c86cf31b01bdd4fe19feMark Andrews BINDInstall.
3302ed8d6eaef8f598338f5682477c5f6acd583cBob Halley4362. [func] Changed rndc reconfig behavior so that newly added
3302ed8d6eaef8f598338f5682477c5f6acd583cBob Halley zones are loaded asynchronously and the loading does
3302ed8d6eaef8f598338f5682477c5f6acd583cBob Halley not block the server. [RT #41934]
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson4361. [cleanup] Where supported, file modification times returned
d03bffc40e68ddb63d278946fd9f7f1ad784f5bcMichael Sawyer by isc_file_getmodtime() are now accurate to the
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson nanosecond. [RT #41968]
d03bffc40e68ddb63d278946fd9f7f1ad784f5bcMichael Sawyer4360. [bug] Silence spurious 'bad key type' message when there is
91ac60fe11b3ebd095c5fed0db343b2c9a97e646Mark Andrews a existing TSIG key. [RT #42195]
83d2840b6f1a5ec898e441be148ddd3211f11583Bob Halley4359. [bug] Inherited 'also-notify' lists were not being checked
83d2840b6f1a5ec898e441be148ddd3211f11583Bob Halley by named-checkconf. [RT #42174]
83d2840b6f1a5ec898e441be148ddd3211f11583Bob Halley4358. [test] Added American Fuzzy Lop harness that allows
42e31e6ef7689e0c0569a1f9a5c250d73870b073Michael Graff feeding fuzzed packets into BIND.
42e31e6ef7689e0c0569a1f9a5c250d73870b073Michael Graff4357. [func] Add the python RNDC module. [RT #42093]
a405a53d536521e6c93f47485aacd7c1a1ffb29eAndreas Gustafsson4356. [func] Add the ability to specify whether to wait for
a405a53d536521e6c93f47485aacd7c1a1ffb29eAndreas Gustafsson nameserver addresses to be looked up or not to
a405a53d536521e6c93f47485aacd7c1a1ffb29eAndreas Gustafsson RPZ with a new modifying directive 'nsip-wait-recurse'.
53df51bf458da9b04074b6b62b5639c926a751e4Andreas Gustafsson4355. [func] "pkcs11-list" now displays the extractability
53df51bf458da9b04074b6b62b5639c926a751e4Andreas Gustafsson attribute of private or secret keys stored in
53df51bf458da9b04074b6b62b5639c926a751e4Andreas Gustafsson an HSM, as either "true", "false", or "never"
ba43c53451d5c38765f376eeede457178b36951aBob Halley Thanks to Daniel Stirnimann. [RT #36557]
ba43c53451d5c38765f376eeede457178b36951aBob Halley4354. [bug] Check that the received HMAC length matches the
b9dead30b1806bcfcca9a47dfa3f5078c6377910Mark Andrews expected length prior to check the contents on the
b9dead30b1806bcfcca9a47dfa3f5078c6377910Mark Andrews control channel. This prevents a OOB read error.
056141f2878d1046306ef0ba035263a00de57f98Mark Andrews This was reported by Lian Yihan, <lianyihan@360.cn>.
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews4353. [cleanup] Update PKCS#11 header files. [RT #42175]
4440f995911810aaa98d8985ac1a8192095879f2Michael Graff4352. [cleanup] The ISC DNSSEC Lookaside Validation (DLV) service
72c815ed1780b9039b9ad0d31faf68b3b5c05637Andreas Gustafsson is scheduled to be disabled in 2017. A warning is
72c815ed1780b9039b9ad0d31faf68b3b5c05637Andreas Gustafsson now logged when named is configured to use it,
72c815ed1780b9039b9ad0d31faf68b3b5c05637Andreas Gustafsson either explicitly or via "dnssec-lookaside auto;"
72c815ed1780b9039b9ad0d31faf68b3b5c05637Andreas Gustafsson4351. [bug] 'dig +noignore' didn't work. [RT #42273]
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson4350. [contrib] Declare result in dlz_filesystem_dynamic.c.
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson4349. [contrib] kasp2policy: A python script to create a DNSSEC
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson policy file from an OpenDNSSEC KASP XML file.
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson4348. [func] dnssec-keymgr: A new python-based DNSSEC key
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson management utility, which reads a policy definition
7ec4367f3d578170a9495ff3c851b248c1656f08Andreas Gustafsson file and can create or update DNSSEC keys as needed
7ec4367f3d578170a9495ff3c851b248c1656f08Andreas Gustafsson to ensure that a zone's keys match policy, roll over
2c9c7c5bb5975a18925c30aeb33a26094902f1c1Andreas Gustafsson correctly on schedule, etc. Thanks to Sebastian
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson Castro for assistance in development. [RT #39211]
2c9c7c5bb5975a18925c30aeb33a26094902f1c1Andreas Gustafsson4347. [port] Corrected a build error on x86_64 Solaris. [RT #42150]
94361d586755d4de09b717782f7002e9dd282c89Andreas Gustafsson4346. [bug] Fixed a regression introduced in change #4337 which
94361d586755d4de09b717782f7002e9dd282c89Andreas Gustafsson caused signed domains with revoked KSKs to fail
94361d586755d4de09b717782f7002e9dd282c89Andreas Gustafsson validation. [RT #42147]
4440f995911810aaa98d8985ac1a8192095879f2Michael Graff4345. [contrib] perftcpdns mishandled the return values from
4440f995911810aaa98d8985ac1a8192095879f2Michael Graff clock_nanosleep. [RT #42131]
4440f995911810aaa98d8985ac1a8192095879f2Michael Graff4344. [port] Address openssl version differences. [RT #42059]
4440f995911810aaa98d8985ac1a8192095879f2Michael Graff4343. [bug] dns_dnssec_syncupdate mis-declared in <dns/dnssec.h>.
abaec24086f0cc3d7c0994ca9d2247b40eb6aaedBrian Wellington4342. [bug] 'rndc flushtree' could fail to clean the tree if there
abaec24086f0cc3d7c0994ca9d2247b40eb6aaedBrian Wellington wasn't a node at the specified name. [RT #41846]
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson --- 9.11.0a1 released ---
3ad16d4c3a5029662d4ec804f7644739d011d03dBob Halley4341. [bug] Correct the handling of ECS options with
3ad16d4c3a5029662d4ec804f7644739d011d03dBob Halley address family 0. [RT #41377]
32b2cdf212de957e3f9b0efca59f098ed4fb42deBrian Wellington4340. [performance] Implement adaptive read-write locks, reducing the
32b2cdf212de957e3f9b0efca59f098ed4fb42deBrian Wellington overhead of locks that are only held briefly.
b42a7e9d80e293a5104d9de6ddabd29676918aa5Andreas Gustafsson4339. [test] Use "mdig" to test pipelined queries. [RT #41929]
b42a7e9d80e293a5104d9de6ddabd29676918aa5Andreas Gustafsson4338. [bug] Reimplement change 4324 as it wasn't properly doing
3113e4dac81fa7b9f0ee5d663d54fbb8ed92738dBob Halley all the required book keeping. [RT #41941]
3113e4dac81fa7b9f0ee5d663d54fbb8ed92738dBob Halley4337. [bug] The previous change exposed a latent flaw in
7f52817a92d74be0d970c33b204f8f13309eece5Andreas Gustafsson key refresh queries for managed-keys when
8cf8a04209c3b6c8d4f0936f1dce06b629605c81Michael Graff a cached DNSKEY had TTL 0. [RT #41986]
8cf8a04209c3b6c8d4f0936f1dce06b629605c81Michael Graff4336. [bug] Don't emit records with zero ttl unless the records
8cf8a04209c3b6c8d4f0936f1dce06b629605c81Michael Graff were learnt with a zero ttl. [RT #41687]
1fc26319b5d69d19a7a31c8d0ab1afc2beef0c41Andreas Gustafsson4335. [bug] zone->view could be detached too early. [RT #41942]
1fc26319b5d69d19a7a31c8d0ab1afc2beef0c41Andreas Gustafsson4334. [func] 'named -V' now reports zlib version. [RT #41913]
7da0286b540515c82ea83163d6cba59a64fa3eddMichael Graff4333. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42 and
7da0286b540515c82ea83163d6cba59a64fa3eddMichael Graff 2001:500:9f::42.
7da0286b540515c82ea83163d6cba59a64fa3eddMichael Graff4332. [placeholder]
7da0286b540515c82ea83163d6cba59a64fa3eddMichael Graff4331. [func] When loading managed signed zones detect if the
c4ec2c3190175705df255aa3d5e842a96137a5a1Andreas Gustafsson RRSIG's inception time is in the future and regenerate
c4ec2c3190175705df255aa3d5e842a96137a5a1Andreas Gustafsson the RRSIG immediately. [RT #41808]
8529c3cdc6abdf3514cb0127313a976bbc3b3936Andreas Gustafsson4330. [protocol] Identify the PAD option as "PAD" when printing out
f38a84ce830efefe48838425ab281e0ae2a91d0eAndreas Gustafsson4329. [func] Warn about a common misconfiguration when forwarding
f38a84ce830efefe48838425ab281e0ae2a91d0eAndreas Gustafsson RFC 1918 zones. [RT #41441]
f38a84ce830efefe48838425ab281e0ae2a91d0eAndreas Gustafsson4328. [performance] Add dns_name_fromwire() benchmark test. [RT #41694]
1b32bc7da1da9059abd68d6dd15b23e8a442afa3Brian Wellington4327. [func] Log query and depth counters during fetches when
1b32bc7da1da9059abd68d6dd15b23e8a442afa3Brian Wellington querytrace (./configure --enable-querytrace) is
1b32bc7da1da9059abd68d6dd15b23e8a442afa3Brian Wellington enabled (helps in diagnosing). [RT #41787]
4187398298c1916f409b44e0457f60e551f5ea1bAndreas Gustafsson4326. [protocol] Add support for AVC. [RT #41819]
4187398298c1916f409b44e0457f60e551f5ea1bAndreas Gustafsson4325. [func] Add a line to "rndc status" indicating the
4b809ba3464c9fb6bb08e9153b9286a8f8a37b01Brian Wellington hostname and operating system details. [RT #41610]
a69cebac84ec223b908e056678fa7c1181785b20Andreas Gustafsson4324. [bug] When deleting records from a zone database, interior
a69cebac84ec223b908e056678fa7c1181785b20Andreas Gustafsson nodes could be left empty but not deleted, damaging
a69cebac84ec223b908e056678fa7c1181785b20Andreas Gustafsson search performance afterward. [RT #40997]
d9ec31a329a14588127b0a15618dec53ca41c73eAndreas Gustafsson4323. [bug] Improve HTTP header processing on statschannel.
e5d0f6d61e2349e1512c40922305b28c69cb4d3fBrian Wellington4322. [security] Duplicate EDNS COOKIE options in a response could
37a8fbab3a1fe6d513b767118cba7515152c2b9bBrian Wellington trigger an assertion failure. (CVE-2016-2088)
a38f86ea5bb9f924b5912d8444862000a1323082Andreas Gustafsson4321. [bug] Zones using mapped files containing out-of-zone data
a38f86ea5bb9f924b5912d8444862000a1323082Andreas Gustafsson could return SERVFAIL instead of the expected NODATA
7d8d82cee0910a0252e1c37bace732e996789772Andreas Gustafsson or NXDOMAIN results. [RT #41596]
7d8d82cee0910a0252e1c37bace732e996789772Andreas Gustafsson4320. [bug] Insufficient memory allocation when handling
7d8d82cee0910a0252e1c37bace732e996789772Andreas Gustafsson "none" ACL could cause an assertion failure in
cdc2d4a065b6b1a00f0b07aae94bc7cb380d15bcAndreas Gustafsson named when parsing ACL configuration. [RT #41745]
735fb4ffa6a76413f85101d7d625a4776d6ee6cdAndreas Gustafsson4319. [security] Fix resolver assertion failure due to improper
d70e2f3652fcbcfb2cfa0781a71e2bd2396871f3Andreas Gustafsson DNAME handling when parsing fetch reply messages.
2c7097eac0aed3b0b3387082cb783db64f2d7765Andreas Gustafsson (CVE-2016-1286) [RT #41753]
d70e2f3652fcbcfb2cfa0781a71e2bd2396871f3Andreas Gustafsson4318. [security] Malformed control messages can trigger assertions
9139e153da3ffa88457d3e035e2f0132c63a4a71Andreas Gustafsson in named and rndc. (CVE-2016-1285) [RT #41666]
9139e153da3ffa88457d3e035e2f0132c63a4a71Andreas Gustafsson4317. [bug] Age all unused servers on fetch timeout. [RT #41597]
30e6ea9dedbe0738f9729833b1b59042dbebc4dfBrian Wellington4316. [func] Add option to tools to print RRs in unknown
1aae88078f409b39c24e2313ffdd767ed29ac787Brian Wellington presentation format [RT #41595].
17a28c1f02c5093b207a3b64201aa9e71df78ebaAndreas Gustafsson4315. [bug] Check that configured view class isn't a meta class.
b5232b135db580a2c16666e74a82f11130e0731fAndreas Gustafsson4314. [contrib] Added 'dnsperf-2.1.0.0-1', a set of performance
b5232b135db580a2c16666e74a82f11130e0731fAndreas Gustafsson testing tools provided by Nominum, Inc.
87075c90f668f4c2f7a709a6bd32bb8e013ae73dBrian Wellington4313. [bug] Handle ns_client_replace failures in test mode.
cea88d887559f209ae9d993e0a8fb58d03f60e77Brian Wellington4312. [bug] dig's unknown DNS and EDNS flags (MBZ value) logging
cea88d887559f209ae9d993e0a8fb58d03f60e77Brian Wellington was not consistent. [RT #41600]
a7705f38e91cc6afaba0426f6b452c9ae5a4efeaAndreas Gustafsson4311. [bug] Prevent "rndc delzone" from being used on
a7705f38e91cc6afaba0426f6b452c9ae5a4efeaAndreas Gustafsson response-policy zones. [RT #41593]
a7705f38e91cc6afaba0426f6b452c9ae5a4efeaAndreas Gustafsson4310. [performance] Use __builtin_expect() where available to annotate
a7705f38e91cc6afaba0426f6b452c9ae5a4efeaAndreas Gustafsson conditions with known behavior. [RT #41411]
a7705f38e91cc6afaba0426f6b452c9ae5a4efeaAndreas Gustafsson4309. [cleanup] Remove the spurious "none" filename from log messages
735fb4ffa6a76413f85101d7d625a4776d6ee6cdAndreas Gustafsson when processing built-in configuration. [RT #41594]
735fb4ffa6a76413f85101d7d625a4776d6ee6cdAndreas Gustafsson4308. [func] Added operating system details to "named -V"
e1368a7770744cbeadcdc27967f855196988eceaAndreas Gustafsson output. [RT #41452]
c05eb51a1b9ebd156b9fec957d60c2579c968468Mark Andrews4307. [bug] "dig +subnet" and "mdig +subnet" could send
a3365e361f0066609d250005e2b1082cb2ba35fdAndreas Gustafsson incorrectly-formatted Client Subnet options
a3365e361f0066609d250005e2b1082cb2ba35fdAndreas Gustafsson if the prefix length was not divisible by 8.
a3365e361f0066609d250005e2b1082cb2ba35fdAndreas Gustafsson Also fixed a memory leak in "mdig". [RT #45178]
e32394a2ac3466a2235f79ee32c247a11be42a8dAndreas Gustafsson4306. [maint] Added a PKCS#11 openssl patch supporting
e32394a2ac3466a2235f79ee32c247a11be42a8dAndreas Gustafsson version 1.0.2f [RT #38312]
031f9084fc1ca8b258c151f428677e7226556ad0Mark Andrews4305. [bug] dnssec-signzone was not removing unnecessary rrsigs
031f9084fc1ca8b258c151f428677e7226556ad0Mark Andrews from the zone's apex. [RT #41483]
031f9084fc1ca8b258c151f428677e7226556ad0Mark Andrews4304. [port] xfer system test failed as 'tail -n +value' is not
031f9084fc1ca8b258c151f428677e7226556ad0Mark Andrews portable. [RT #41315]
031f9084fc1ca8b258c151f428677e7226556ad0Mark Andrews4303. [bug] "dig +subnet" was unable to send a prefix length of
031f9084fc1ca8b258c151f428677e7226556ad0Mark Andrews zero, as it was incorrectly changed to 32 for v4
44215b932d4f0ce5257d794cb6f76b9282455eb1Mark Andrews prefixes or 128 for v6 prefixes. In addition to
44215b932d4f0ce5257d794cb6f76b9282455eb1Mark Andrews fixing this, "dig +subnet=0" has been added as a
44215b932d4f0ce5257d794cb6f76b9282455eb1Mark Andrews short form for 0.0.0.0/0. The same changes have
44215b932d4f0ce5257d794cb6f76b9282455eb1Mark Andrews also been made in "mdig". [RT #41553]
405ffb1f0d2c12d199f85f03973d1a02ac12e000Andreas Gustafsson4302. [port] win32: fixed a build error in VS 2015. [RT #41426]
405ffb1f0d2c12d199f85f03973d1a02ac12e000Andreas Gustafsson4301. [bug] dnssec-settime -p [DP]sync was not working. [RT #41534]
405ffb1f0d2c12d199f85f03973d1a02ac12e000Andreas Gustafsson4300. [bug] A flag could be set in the wrong field when setting
eea2865feca4ea56facd2ef6e7226386a3604f65Andreas Gustafsson up non-recursive queries; this could cause the
6d8568cb45240974da0ee1b653b28e3fdfffe93eAndreas Gustafsson SERVFAIL cache to cache responses it shouldn't.
6d8568cb45240974da0ee1b653b28e3fdfffe93eAndreas Gustafsson New querytrace logging has been added which
6d8568cb45240974da0ee1b653b28e3fdfffe93eAndreas Gustafsson identified this error. [RT #41155]
e3402551ac9be809eeb3a4b7b30d023ba67dad28Brian Wellington4299. [bug] Check that exactly totallen bytes are read when
6d3f954c572db02159deedd444373161fda47a88Brian Wellington reading a RRset from raw files in both single read
b0f941a50f24656b3523609f86cead41b0269c7aBrian Wellington and incremental modes. [RT #41402]
b0f941a50f24656b3523609f86cead41b0269c7aBrian Wellington4298. [bug] dns_rpz_add errors in loadzone were not being
ea419adc4eca4c3e44f2c282035b5dce6b795fe2Andreas Gustafsson propagated up the call stack. [RT #41425]
ea419adc4eca4c3e44f2c282035b5dce6b795fe2Andreas Gustafsson4297. [test] Ensure delegations in RPZ zones fail robustly.
eea2865feca4ea56facd2ef6e7226386a3604f65Andreas Gustafsson4296. [bug] TCP packet sizes were calculated incorrectly in the
8af0b86ade4c15a7db207bd7643f8a9f6cb5a648David Lawrence stats channel; they could be counted in the wrong
8af0b86ade4c15a7db207bd7643f8a9f6cb5a648David Lawrence histogram bucket. [RT #40587]
674f1cfb1d7dfa92e52db950dbe80e60ef8f5cddBrian Wellington4295. [bug] An unchecked result in dns_message_pseudosectiontotext()
674f1cfb1d7dfa92e52db950dbe80e60ef8f5cddBrian Wellington could allow incorrect text formatting of EDNS EXPIRE
674f1cfb1d7dfa92e52db950dbe80e60ef8f5cddBrian Wellington options. [RT #41437]
69d17bea6be937b92f3375e6249b5677c90f4fe2Andreas Gustafsson4294. [bug] Fixed a regression in which "rndc stop -p" failed
69d17bea6be937b92f3375e6249b5677c90f4fe2Andreas Gustafsson to print the PID. [RT #41513]
cd7ffa4c1286a48c10056632be3fb0b64c575c35Brian Wellington4293. [bug] Address memory leak on priming query creation failure.
0cff88818a96197995c3533f6cbfb1a0efc06db0Brian Wellington4292. [placeholder]
5bba7216f3263dc49dd4db2ac64b6203a9e2b180Andreas Gustafsson4291. [cleanup] Added a required include to dns/forward.h. [RT #41474]
40817ed9c13782a7844e15dde24432611c4694acDavid Lawrence4290. [func] The timers returned by the statistics channel
40817ed9c13782a7844e15dde24432611c4694acDavid Lawrence (indicating current time, server boot time, and
e06aebbe7b5b3128f99b16d6756a074b4de28d37Mark Andrews most recent reconfiguration time) are now reported
b41de87910a4c57039a4f5968e272a9aec566959Brian Wellington with millisecond accuracy. [RT #40082]
40b1b44ed65b9655a135fc867ed9f0374c247ad4Andreas Gustafsson4289. [bug] The server could crash due to memory being used
40b1b44ed65b9655a135fc867ed9f0374c247ad4Andreas Gustafsson after it was freed if a zone transfer timed out.
ab8668fb583a92df0698f5cdac7e7b12ead614aaBrian Wellington4288. [bug] Fixed a regression in resolver.c:possibly_mark()
575db903aabb08137a757d1c60ebb0d286ecff56Andreas Gustafsson which caused known-bogus servers to be queried
575db903aabb08137a757d1c60ebb0d286ecff56Andreas Gustafsson anyway. [RT #41321]
575db903aabb08137a757d1c60ebb0d286ecff56Andreas Gustafsson4287. [bug] Silence an overly noisy log message when message
575db903aabb08137a757d1c60ebb0d286ecff56Andreas Gustafsson parsing fails. [RT #41374]
a4c55a3d0813e00e3d7846cc9736110c61d0a2baAndreas Gustafsson4286. [security] render_ecs errors were mishandled when printing out
a4c55a3d0813e00e3d7846cc9736110c61d0a2baAndreas Gustafsson a OPT record resulting in a assertion failure.
d403e27f2b1c94f2b9349ddb68f50a141ae8d26dAndreas Gustafsson (CVE-2015-8705) [RT #41397]
c851f1cc2187b59687af94725fbacac022987d05Andreas Gustafsson4285. [security] Specific APL data could trigger a INSIST.
91614f2bc498ef7eea22e449c91951f4598c8223Andreas Gustafsson (CVE-2015-8704) [RT #41396]
91614f2bc498ef7eea22e449c91951f4598c8223Andreas Gustafsson4284. [bug] Some GeoIP options were incorrectly documented
91614f2bc498ef7eea22e449c91951f4598c8223Andreas Gustafsson using abbreviated forms which were not accepted by
e0a9b524614889ca9b75f846cb6101fc448a60dcAndreas Gustafsson named. The code has been updated to allow both
512661edd7d51c8c179cce89a855df6cec2fcdcdMark Andrews long and abbreviated forms. [RT #41381]
385a9cb48a70b329e507c39d043fa9a44c659913James Brister4283. [bug] OPENSSL_config is no longer re-callable. [RT #41348]
385a9cb48a70b329e507c39d043fa9a44c659913James Brister4282. [func] 'dig +[no]mapped' determine whether the use of mapped
385a9cb48a70b329e507c39d043fa9a44c659913James Brister IPv4 addresses over IPv6 is permitted or not. The
3cb0de1c667237085c6a805715c31ddc5fdc9c4dBrian Wellington default is +mapped. [RT #41307]
bd77de5fcaea4dcf2f0250ded32adfccd3a38256Brian Wellington4281. [bug] Teach dns_message_totext about BADCOOKIE. [RT #41257]
bd77de5fcaea4dcf2f0250ded32adfccd3a38256Brian Wellington4280. [performance] Use optimal message sizes to improve compression
e5f5ec73a710d21067d4721a9e82f2399f2f6c25David Lawrence in AXFRs. This reduces network traffic. [RT #40996]
48674819ebf9176b5d5582ae851e485c324c1159Michael Sawyer4279. [test] Don't use fixed ports when unit testing. [RT #41194]
48674819ebf9176b5d5582ae851e485c324c1159Michael Sawyer4278. [bug] 'delv +short +[no]split[=##]' didn't work as expected.
47ddde42728034854444cf17e278cebaea06f666Michael Graff4277. [performance] Improve performance of the RBT, the central zone
47ddde42728034854444cf17e278cebaea06f666Michael Graff datastructure: The aux hashtable was improved,
edf8c55546efa9fb42da1c055ce02462a5c709c0David Lawrence hash function was updated to perform more
edf8c55546efa9fb42da1c055ce02462a5c709c0David Lawrence uniform mapping, uppernode was added to
edf8c55546efa9fb42da1c055ce02462a5c709c0David Lawrence dns_rbtnode, and other cleanups and performance
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence improvements were made. [RT #41165]
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence4276. [protocol] Add support for SMIMEA. [RT #40513]
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence4275. [performance] Lazily initialize dns_compress->table only when
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence compression is enabled. [RT #41189]
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence4274. [performance] Speed up typemap processing from text. [RT #41196]
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence4273. [bug] Only call dns_test_begin() and dns_test_end() once each
36e0c379080343a0272dc076b7d7795ded04ee1dBrian Wellington in nsec3_test as it fails with GOST if called multiple
529a6b5224d751504027293a766a4c8b81241869Brian Wellington4272. [bug] dig: the +norrcomments option didn't work with +multi.
186ba80b8e391cf8421872f26771324644e45d83Andreas Gustafsson4271. [test] Unit tests could deadlock in isc__taskmgr_pause().
677045ed612e1c26a32b5700479e26c25bcede58Brian Wellington4270. [security] Update allowed OpenSSL versions as named is
677045ed612e1c26a32b5700479e26c25bcede58Brian Wellington potentially vulnerable to CVE-2015-3193.
febf5f8b55abb2e6e840488a29a5ef4e20654f67David Lawrence4269. [bug] Zones using "map" format master files currently
c34bdef6bd197a04990e52469ad68481532dd35aAndreas Gustafsson don't work as policy zones. This limitation has
c34bdef6bd197a04990e52469ad68481532dd35aAndreas Gustafsson now been documented; attempting to use such zones
c34bdef6bd197a04990e52469ad68481532dd35aAndreas Gustafsson in "response-policy" statements is now a
05f6d0c0381d19eec721e11f6fd88caef25dacd8Andreas Gustafsson configuration error. [RT #38321]
dc2c974dcf954a0a238d1afb886c445d06b1aa8bBrian Wellington4268. [func] "rndc status" now reports the path to the
a32738e3e4ed9619c8ace22cd119e6769176b22cAndreas Gustafsson configuration file. [RT #36470]
a32738e3e4ed9619c8ace22cd119e6769176b22cAndreas Gustafsson4267. [test] Check sdlz error handling. [RT #41142]
6dc130c7c95107748fff5f767161c2bb742f9f87Brian Wellington4266. [placeholder]
49855f0856a0f6f9fed80af88faddf38f3e74eefAndreas Gustafsson4265. [bug] Address unchecked isc_mem_get calls. [RT #41187]
49855f0856a0f6f9fed80af88faddf38f3e74eefAndreas Gustafsson4264. [bug] Check const of strchr/strrchr assignments match
49855f0856a0f6f9fed80af88faddf38f3e74eefAndreas Gustafsson argument's const status. [RT #41150]
dc2c974dcf954a0a238d1afb886c445d06b1aa8bBrian Wellington4263. [contrib] Address compiler warnings in mysqldyn module.
55bfdb0a1491f0668bb279826ee864f4a7425e22Andreas Gustafsson4262. [bug] Fixed a bug in epoll socket code that caused
55bfdb0a1491f0668bb279826ee864f4a7425e22Andreas Gustafsson sockets to not be registered for ready
d4ab9cd94f0fe0cf24ba36d21240215ae648c8d5James Brister notification in some cases, causing named to not
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson read from or write to them, resulting in what
080a4fe83c3ad208073bffbce1a2af8fe444214fMichael Sawyer appear to the user as blocked connections.
36007b707f28f36864e8d76f11379b22e9737538Michael Sawyer4261. [maint] H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53.
375f19cfb2f9cf5a9efbc65b557a8ce865de85c2Michael Sawyer4260. [security] Insufficient testing when parsing a message allowed
375f19cfb2f9cf5a9efbc65b557a8ce865de85c2Michael Sawyer records with an incorrect class to be be accepted,
375f19cfb2f9cf5a9efbc65b557a8ce865de85c2Michael Sawyer triggering a REQUIRE failure when those records
375f19cfb2f9cf5a9efbc65b557a8ce865de85c2Michael Sawyer were subsequently cached. (CVE-2015-8000) [RT #40987]
9bef4575d71a084edf59ac681e53e35ae1b72166Andreas Gustafsson4259. [func] Add an option for non-destructive control channel
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence access using a "read-only" clause. In such
9bef4575d71a084edf59ac681e53e35ae1b72166Andreas Gustafsson cases, a restricted set of rndc commands are
9bef4575d71a084edf59ac681e53e35ae1b72166Andreas Gustafsson allowed for querying information from named.
87f4c7933fd2962cca3b9b7e046327f3c6306b84Andreas Gustafsson4258. [bug] Limit rndc query message sizes to 32 KiB. This should
87f4c7933fd2962cca3b9b7e046327f3c6306b84Andreas Gustafsson not break any legitimate rndc commands, but will
87f4c7933fd2962cca3b9b7e046327f3c6306b84Andreas Gustafsson prevent a rogue rndc query from allocating too
87f4c7933fd2962cca3b9b7e046327f3c6306b84Andreas Gustafsson much memory. [RT #41073]
87f4c7933fd2962cca3b9b7e046327f3c6306b84Andreas Gustafsson4257. [cleanup] Python scripts reported incorrect version. [RT #41080]
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence4256. [bug] Allow rndc command arguments to be quoted so as
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence to allow spaces. [RT #36665]
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence4255. [performance] Add 'message-compression' option to disable DNS
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence compression in responses. [RT #40726]
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence4254. [bug] Address missing lock when getting zone's serial.
dae5ce6ddb0a3c425865d3b6f0f13c4126eacc17Andreas Gustafsson4253. [security] Address fetch context reference count handling error
dae5ce6ddb0a3c425865d3b6f0f13c4126eacc17Andreas Gustafsson on socket error. (CVE-2015-8461) [RT#40945]
9a8fea7bc8fb79ff1d31f0a2ba3c9694041c6f3aAndreas Gustafsson4252. [func] Add support for automating the generation CDS and
9a8fea7bc8fb79ff1d31f0a2ba3c9694041c6f3aAndreas Gustafsson CDNSKEY rrsets to named and dnssec-signzone.
663841abe0bb1cc8040e552597ef721c35b799e5Brian Wellington4251. [bug] NTAs were deleted when the server was reconfigured
c49e3222b0912479015161e8b54a67a1abf9a0ffAndreas Gustafsson or reloaded. [RT #41058]
c49e3222b0912479015161e8b54a67a1abf9a0ffAndreas Gustafsson4250. [func] Log the TSIG key in use during inbound zone
bf68c5151b5c4f7d6b2783584434e61045a88d7fAndreas Gustafsson transfers. [RT #41075]
bf68c5151b5c4f7d6b2783584434e61045a88d7fAndreas Gustafsson4249. [func] Improve error reporting of TSIG / SIG(0) records in
bf68c5151b5c4f7d6b2783584434e61045a88d7fAndreas Gustafsson the wrong location. [RT #41030]
178f73169a27ac031f58863ae12cdb33dc15f6c4Brian Wellington4248. [performance] Add an isc_atomic_storeq() function, use it in
178f73169a27ac031f58863ae12cdb33dc15f6c4Brian Wellington stats counters to improve performance.
9c4cba349f52bb8176c3858b2b5b340f13603802Brian Wellington [RT #39972] [RT #39979]
64024eaa4d029b0bd090c435b8b02b45eef5cd89Andreas Gustafsson4247. [port] Require both HAVE_JSON and JSON_C_VERSION to be
0e65062acb2b0d14ab64e0c7ae7eb4137758339bAndreas Gustafsson defined to report json library version. [RT #41045]
64024eaa4d029b0bd090c435b8b02b45eef5cd89Andreas Gustafsson4246. [test] Ensure the statschannel system test runs when BIND
da527e4ff6a013364826637963e7ac372e024f33David Lawrence is not built with libjson. [RT #40944]
8d51d9e67e1e5dcf10203c4147ece519c7daa57dMark Andrews4245. [placeholder]
db6fa2e944b3a0682168e9ee145b86c81a6a5321Andreas Gustafsson4244. [bug] The parser was not reporting that use-ixfr is obsolete.
30576c592b538cab293cf6e1f6265d376cd5a12cAndreas Gustafsson4243. [func] Improved stats reporting from Timothe Litt. [RT #38941]
ce2be9b7211ab5bacaa10fe74ef35def3a3f6089David Lawrence4242. [bug] Replace the client if not already replaced when
ce2be9b7211ab5bacaa10fe74ef35def3a3f6089David Lawrence prefetching. [RT #41001]
9bf765ab3a5203b854d32266e6162e547791383cDavid Lawrence4241. [doc] Improved the TSIG, TKEY, and SIG(0) sections in
9bf765ab3a5203b854d32266e6162e547791383cDavid Lawrence the ARM. [RT #40955]
f4d9f465cd29963a99554bbe2936509ea3568c89James Brister4240. [port] Fix LibreSSL compatibility. [RT #40977]
adade77942b069127a7094df419b3ad39dafb385James Brister4239. [func] Changed default servfail-ttl value to 1 second from 10.
adade77942b069127a7094df419b3ad39dafb385James Brister Also, the maximum value is now 30 instead of 300.
adade77942b069127a7094df419b3ad39dafb385James Brister4238. [bug] Don't send to servers on net zero (0.0.0.0/8).
ce8d0fffea20fe03fd0f075263f529ad55f82aacAndreas Gustafsson4237. [doc] Upgraded documentation toolchain to use DocBook 5
ea01648cb950b8d4b5625a8a91a4c1c019dec885Andreas Gustafsson and dblatex. [RT #40766]
ea01648cb950b8d4b5625a8a91a4c1c019dec885Andreas Gustafsson4236. [performance] On machines with 2 or more processors (CPU), the
ea01648cb950b8d4b5625a8a91a4c1c019dec885Andreas Gustafsson default value for the number of UDP listeners
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence has been changed to the number of detected
ea01648cb950b8d4b5625a8a91a4c1c019dec885Andreas Gustafsson processors minus one. [RT #40761]
7d7bd1b4f0270691f434d37b1052259a13185663Andreas Gustafsson4235. [func] Added support in named for "dnstap", a fast method of
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence capturing and logging DNS traffic, and a new command
7d7bd1b4f0270691f434d37b1052259a13185663Andreas Gustafsson "dnstap-read" to read a dnstap log file. Use
7d7bd1b4f0270691f434d37b1052259a13185663Andreas Gustafsson "configure --enable-dnstap" to enable this
7d7bd1b4f0270691f434d37b1052259a13185663Andreas Gustafsson feature (note that this requires libprotobuf-c
7d7bd1b4f0270691f434d37b1052259a13185663Andreas Gustafsson and libfstrm). See the ARM for configuration details.
ce8d0fffea20fe03fd0f075263f529ad55f82aacAndreas Gustafsson Thanks to Robert Edmonds of Farsight Security.
81f11a70588c6929d1aefd529b940efb70747fc2Andreas Gustafsson4234. [func] Add deflate compression in statistics channel HTTP
04d58db32739157df6c44e3f37ecb83816fd3f75Andreas Gustafsson server. [RT #40861]
04d58db32739157df6c44e3f37ecb83816fd3f75Andreas Gustafsson4233. [test] Add tests for CDS and CDNSKEY with delegation-only.
5096958739769958dd7a6b69356bf41260033873David Lawrence4232. [contrib] Address unchecked memory allocation calls in
5096958739769958dd7a6b69356bf41260033873David Lawrence query-loc and zone2ldap. [RT #40789]
5096958739769958dd7a6b69356bf41260033873David Lawrence4231. [contrib] Address unchecked calloc call in dlz_mysqldyn_mod.c.
84f4e4a656926a795f3bae40b2a6308bebb48b49David Lawrence4230. [contrib] dlz_wildcard_dynamic.c:dlz_create could return a
84f4e4a656926a795f3bae40b2a6308bebb48b49David Lawrence uninitialized result. [RT #40839]
838281ed55d0d3939c2f510559d5852872ed4ddbDavid Lawrence4229. [bug] A variable could be used uninitialized in
838281ed55d0d3939c2f510559d5852872ed4ddbDavid Lawrence dns_update_signaturesinc. [RT #40784]
89e57b472d87a37aa6c49a5544d1d1dfe9617f5dDavid Lawrence4228. [bug] Address race condition in dns_client_destroyrestrans.
280942843277ca894571ca94c1e431ba079d0ca0Mark Andrews4227. [bug] Silence static analysis warnings. [RT #40828]
d1e971ba027a8d320cc87a02a71158970bd03308Mark Andrews4226. [bug] Address a theoretical shutdown race in
0f6ef702b3e231001d0e320059eb1051dcf7afa2Mark Andrews zone.c:notify_send_queue(). [RT #38958]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence4225. [port] freebsd/openbsd: Use '${CC} -shared' for building
89e57b472d87a37aa6c49a5544d1d1dfe9617f5dDavid Lawrence shared libraries. [RT #39557]
d8c8722f28ca439b9ca46f109e2804a7eb33a1acBrian Wellington4224. [func] Added support for "dyndb", a new interface for loading
4ebb4093f80e32e4a57ff3769f7fd4ad2217ee44Andreas Gustafsson zone data from an external database, developed by
d8c8722f28ca439b9ca46f109e2804a7eb33a1acBrian Wellington Red Hat for the FreeIPA project.
4b7167e96abe79cdf194ac3865760a7139b70090Brian Wellington DynDB drivers fully implement the BIND database
4b7167e96abe79cdf194ac3865760a7139b70090Brian Wellington API, and are capable of significantly better
4b7167e96abe79cdf194ac3865760a7139b70090Brian Wellington performance and functionality than DLZ drivers,
4b7167e96abe79cdf194ac3865760a7139b70090Brian Wellington while taking advantage of advanced database
4b7167e96abe79cdf194ac3865760a7139b70090Brian Wellington features not available in BIND such as multi-master
a4b496f2abd35b0f27761385c8679de1f5714b0dBrian Wellington Thanks to Adam Tkac and Petr Spacek of Red Hat.
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister4223. [func] Add support for setting max-cache-size to percentage
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister of available physical memory, set default to 90%.
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister4222. [func] Bias IPv6 servers when selecting the next server to
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister query. [RT #40836]
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister4221. [bug] Resource leak on DNS_R_NXDOMAIN in fctx_create.
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister4220. [doc] Improve documentation for zone-statistics.
08133a2dbe88e0715e092fbdeec2431971ec0711Andreas Gustafsson4219. [bug] Set event->result to ISC_R_WOULDBLOCK on EWOULDBLOCK,
08133a2dbe88e0715e092fbdeec2431971ec0711Andreas Gustafsson EGAIN when these soft error are not retried for
08133a2dbe88e0715e092fbdeec2431971ec0711Andreas Gustafsson isc_socket_send*().
08133a2dbe88e0715e092fbdeec2431971ec0711Andreas Gustafsson4218. [bug] Potential null pointer dereference on out of memory
8c1aa8573dd85774ac8921dc0482b91d73e8b8b6Mark Andrews if mmap is not supported. [RT #40777]
8c1aa8573dd85774ac8921dc0482b91d73e8b8b6Mark Andrews4217. [protocol] Add support for CSYNC. [RT #40532]
96ab25294b028270eb1be867613df8a6c999b332David Lawrence4216. [cleanup] Silence static analysis warnings. [RT #40649]
96ab25294b028270eb1be867613df8a6c999b332David Lawrence4215. [bug] nsupdate: skip to next request on GSSTKEY create
96ab25294b028270eb1be867613df8a6c999b332David Lawrence failure. [RT #40685]
4ebb4093f80e32e4a57ff3769f7fd4ad2217ee44Andreas Gustafsson4214. [protocol] Add support for TALINK. [RT #40544]
4ebb4093f80e32e4a57ff3769f7fd4ad2217ee44Andreas Gustafsson4213. [bug] Don't reuse a cache across multiple classes.
5aa96829fdd12f30a2e9f717e66d44a4698b0675Andreas Gustafsson4212. [func] Re-query if we get a bad client cookie returned over
5aa96829fdd12f30a2e9f717e66d44a4698b0675Andreas Gustafsson UDP. [RT #40748]
5aa96829fdd12f30a2e9f717e66d44a4698b0675Andreas Gustafsson4211. [bug] Ensure that lwresd gets at least one task to work
5aa96829fdd12f30a2e9f717e66d44a4698b0675Andreas Gustafsson with if enabled. [RT #40652]
e2894b0e5007e49f5b21be9113e41419ca8489a0Brian Wellington4210. [cleanup] Silence use after free false positive. [RT #40743]
e2894b0e5007e49f5b21be9113e41419ca8489a0Brian Wellington4209. [bug] Address resource leaks in dlz modules. [RT #40654]
96ab25294b028270eb1be867613df8a6c999b332David Lawrence4208. [bug] Address null pointer dereferences on out of memory.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence4207. [bug] Handle class mismatches with raw zone files.
b6747cf19dea764e5acaa164f23b70d54348d64cMark Andrews4206. [bug] contrib: fixed a possible NULL dereference in
5aa96829fdd12f30a2e9f717e66d44a4698b0675Andreas Gustafsson DLZ wildcard module. [RT #40745]
de8e189332e884db065b921f84e3ee4922ad10e3David Lawrence4205. [bug] 'named-checkconf -p' could include unwanted spaces
de8e189332e884db065b921f84e3ee4922ad10e3David Lawrence when printing tuples with unset optional fields.
de8e189332e884db065b921f84e3ee4922ad10e3David Lawrence4204. [bug] 'dig +trace' failed to lookup the correct type if
de8e189332e884db065b921f84e3ee4922ad10e3David Lawrence the initial root NS query was retried. [RT #40296]
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence4203. [test] The rrchecker system test now tests conversion
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence to and from unknown-type format. [RT #40584]
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence4202. [bug] isccc_cc_fromwire() could return an incorrect
1c823819b73f17cbfd188d35962da196a48190fbAndreas Gustafsson result. [RT #40614]
1c823819b73f17cbfd188d35962da196a48190fbAndreas Gustafsson4201. [func] The default preferred-glue is now the address record
1c823819b73f17cbfd188d35962da196a48190fbAndreas Gustafsson type of the transport the query was received
e405739af20dcdc6c7f604548e78806a0d1515c5Brian Wellington over. [RT #40468]
4ebb4093f80e32e4a57ff3769f7fd4ad2217ee44Andreas Gustafsson4200. [cleanup] win32: update BINDinstall to be BIND release
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson independent. [RT #38915]
b719a598e77aada962b3a05cb00179dc929d3939Andreas Gustafsson4199. [protocol] Add support for NINFO, RKEY, SINK, TA.
b719a598e77aada962b3a05cb00179dc929d3939Andreas Gustafsson [RT #40545] [RT #40547] [RT #40561] [RT #40563]
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson4198. [placeholder]
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson4197. [bug] 'named-checkconf -z' didn't handle 'in-view' clauses.
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson4196. [doc] Improve how "enum + other" types are documented.
b74e73c5b4b299da20a6b196b68b9068d376ff35Mark Andrews4195. [bug] 'max-zone-ttl unlimited;' was broken. [RT #40608]
b74e73c5b4b299da20a6b196b68b9068d376ff35Mark Andrews4194. [bug] named-checkconf -p failed to properly print a port
b74e73c5b4b299da20a6b196b68b9068d376ff35Mark Andrews range. [RT #40634]
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence4193. [bug] Handle broken servers that return BADVERS incorrectly.
d68e4b66b1075e556b480f8bfb607aeba5da46f6Andreas Gustafsson4192. [bug] The default rrset-order of random was not always being
d68e4b66b1075e556b480f8bfb607aeba5da46f6Andreas Gustafsson applied. [RT #40456]
d68e4b66b1075e556b480f8bfb607aeba5da46f6Andreas Gustafsson4191. [protocol] Accept DNS-SD non LDH PTR records in reverse zones
d68e4b66b1075e556b480f8bfb607aeba5da46f6Andreas Gustafsson as per RFC 6763. [RT #37889]
e44d56866bd609e066380cbef414e6ce11a08976Andreas Gustafsson4190. [protocol] Accept Active Directory gc._msdcs.<forest> name as
e44d56866bd609e066380cbef414e6ce11a08976Andreas Gustafsson valid with check-names. <forest> still needs to be
e44d56866bd609e066380cbef414e6ce11a08976Andreas Gustafsson LDH. [RT #40399]
4ebb4093f80e32e4a57ff3769f7fd4ad2217ee44Andreas Gustafsson4189. [cleanup] Don't exit on overly long tokens in named.conf.
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence4188. [bug] Support HTTP/1.0 client properly on the statistics
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence channel. [RT #40261]
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence4187. [func] When any RR type implementation doesn't
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence implement totext() for the RDATA's wire
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence representation and returns ISC_R_NOTIMPLEMENTED,
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence such RDATA is now printed in unknown
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence presentation format (RFC 3597). RR types affected
0df2335526caaebd8639129fd0327a6cc97060eaDavid Lawrence include LOC(29) and APL(42). [RT #40317].
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence4186. [bug] Fixed an RPZ bug where a QNAME would be matched
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence against a policy RR with wildcard owner name
8b31f5630f6345f686449f8a84c33c0813283e42Andreas Gustafsson (trigger) where the QNAME was the wildcard owner
8b31f5630f6345f686449f8a84c33c0813283e42Andreas Gustafsson name's parent. For example, the bug caused a query
8b31f5630f6345f686449f8a84c33c0813283e42Andreas Gustafsson with QNAME "example.com" to match a policy RR with
8b31f5630f6345f686449f8a84c33c0813283e42Andreas Gustafsson "*.example.com" as trigger. [RT #40357]
13c32cb589e571e9204dbb091e145809288c9c21David Lawrence4185. [bug] Fixed an RPZ bug where a policy RR with wildcard
4ebb4093f80e32e4a57ff3769f7fd4ad2217ee44Andreas Gustafsson owner name (trigger) would prevent another policy RR
13c32cb589e571e9204dbb091e145809288c9c21David Lawrence with its parent owner name from being
822f118444dcaddaf977bc73e958b2f755e4ddfdAndreas Gustafsson loaded. For example, the bug caused a policy RR
822f118444dcaddaf977bc73e958b2f755e4ddfdAndreas Gustafsson with trigger "example.com" to not have any
822f118444dcaddaf977bc73e958b2f755e4ddfdAndreas Gustafsson effect when a previous policy RR with trigger
822f118444dcaddaf977bc73e958b2f755e4ddfdAndreas Gustafsson "*.example.com" existed in that RPZ zone.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence4184. [bug] Fixed a possible memory leak in name compression
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence when rendering long messages. (Also, improved
8775909be9fc67180fc480115716f88174e74471James Brister wire_test for testing such messages.) [RT #40375]
406ce0cd9633188a79c008e8f7c8092fa54bc98cJames Brister4183. [cleanup] Use timing-safe memory comparisons in cryptographic
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence code. Also, the timing-safe comparison functions have
a797a75953e21b514427d188bf5d5051419c10adBrian Wellington been renamed to avoid possible confusion with
a797a75953e21b514427d188bf5d5051419c10adBrian Wellington memcmp(). Thanks to Loganaden Velvindron of
a797a75953e21b514427d188bf5d5051419c10adBrian Wellington AFRINIC. [RT #40148]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4182. [cleanup] Use mnemonics for RR class and type comparisons.
17d91fddb33cc6e0bf2dfacf7156bb1ebba197d8David Lawrence4181. [bug] Queued notify messages could be dequeued from the
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence wrong rate limiter queue. [RT #40350]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4180. [bug] Error responses in pipelined queries could
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence cause a crash in client.c. [RT #40289]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4179. [bug] Fix double frees in getaddrinfo() in libirs.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4178. [bug] Fix assertion failure in parsing UNSPEC(103) RR from
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence text. [RT #40274]
abeb505bb6c1400dde1a40d0bff7b3a435666e1cMark Andrews4177. [bug] Fix assertion failure in parsing NSAP records from
abeb505bb6c1400dde1a40d0bff7b3a435666e1cMark Andrews text. [RT #40285]
727eef0cbc8bf889ddb3b58eb89e9ea2c3b4b047Andreas Gustafsson4176. [bug] Address race issues with lwresd. [RT #40284]
727eef0cbc8bf889ddb3b58eb89e9ea2c3b4b047Andreas Gustafsson4175. [bug] TKEY with GSS-API keys needed bigger buffers.
26c86a6fc85c89447d23d4a3e34b11157a2ff6f4Andreas Gustafsson4174. [bug] "dnssec-coverage -r" didn't handle time unit
26c86a6fc85c89447d23d4a3e34b11157a2ff6f4Andreas Gustafsson suffixes correctly. [RT #38444]
26c86a6fc85c89447d23d4a3e34b11157a2ff6f4Andreas Gustafsson4173. [bug] dig +sigchase was not properly matching the trusted
26c86a6fc85c89447d23d4a3e34b11157a2ff6f4Andreas Gustafsson key. [RT #40188]
b3157263ee12a5792737f09b708d3fc65ca99e01Andreas Gustafsson4172. [bug] Named / named-checkconf didn't handle a view of CLASS0.
b3157263ee12a5792737f09b708d3fc65ca99e01Andreas Gustafsson4171. [bug] Fixed incorrect class checks in TSIG RR
b3157263ee12a5792737f09b708d3fc65ca99e01Andreas Gustafsson implementation. [RT #40287]
b90d3f516fd62514ff0b06a6ee0311d7ab5fbbb4Brian Wellington4170. [security] An incorrect boundary check in the OPENPGPKEY
b90d3f516fd62514ff0b06a6ee0311d7ab5fbbb4Brian Wellington rdatatype could trigger an assertion failure.
b35a009df86b4aa3793e87602c95af2a503ec0eeMark Andrews (CVE-2015-5986) [RT #40286]
7bb1e299e133de5d530aa4cb545f4130aabf5235Andreas Gustafsson4169. [test] Added a 'wire_test -d' option to read input as
7bb1e299e133de5d530aa4cb545f4130aabf5235Andreas Gustafsson raw binary data, for use as a fuzzing harness.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence4168. [security] A buffer accounting error could trigger an
482b9dae17bc5dc4e51b78d3c5b1a18c7c1adae9Andreas Gustafsson assertion failure when parsing certain malformed
482b9dae17bc5dc4e51b78d3c5b1a18c7c1adae9Andreas Gustafsson DNSSEC keys. (CVE-2015-5722) [RT #40212]
34ea3c6fd940a8514b5ec609491f823263a735c7Michael Sawyer4167. [func] Update rndc's usage output to include recently added
34ea3c6fd940a8514b5ec609491f823263a735c7Michael Sawyer commands. Thanks to Tony Finch for submitting a
26c86a6fc85c89447d23d4a3e34b11157a2ff6f4Andreas Gustafsson patch. [RT #40010]
8ae26e9f87560f9d2e495328d573c25af81c49beMark Andrews4166. [func] Print informative output from rndc showzone when
3c671ac666de8a7dcd7bd02afa20968da0b85bbdMark Andrews allow-new-zones is not enabled for a view. Thanks to
3c671ac666de8a7dcd7bd02afa20968da0b85bbdMark Andrews Tony Finch for submitting a patch. [RT #40009]
3c671ac666de8a7dcd7bd02afa20968da0b85bbdMark Andrews4165. [security] A failure to reset a value to NULL in tkey.c could
3c671ac666de8a7dcd7bd02afa20968da0b85bbdMark Andrews result in an assertion failure. (CVE-2015-5477)
58c42ee18c186b2151ced62f64aa4ca23cff4a1dJames Brister4164. [bug] Don't rename slave files and journals on out of memory.
58c42ee18c186b2151ced62f64aa4ca23cff4a1dJames Brister4163. [bug] Address compiler warnings. [RT #40024]
58c42ee18c186b2151ced62f64aa4ca23cff4a1dJames Brister4162. [bug] httpdmgr->flags was not being initialized. [RT #40017]
26c86a6fc85c89447d23d4a3e34b11157a2ff6f4Andreas Gustafsson4161. [test] Add JSON test for traffic size stats; also test
5dc6a24e8b6808f03e7a9bc6530d646ebba927dbMark Andrews for consistency between "rndc stats" and the XML
5dc6a24e8b6808f03e7a9bc6530d646ebba927dbMark Andrews and JSON statistics channel contents. [RT #38700]
77771185071bf74d53378f1a3099a04d2af5153eBrian Wellington4160. [placeholder]
77771185071bf74d53378f1a3099a04d2af5153eBrian Wellington4159. [cleanup] Alphabetize dig's help output. [RT #39966]
0d5d8e2bbf2c0c129f0416f24758a0925ce12be8James Brister4158. [placeholder]
0d5d8e2bbf2c0c129f0416f24758a0925ce12be8James Brister4157. [placeholder]
99f3a24e69edbb19e4fe7f2fb0a72c478f8c3cafJames Brister4156. [func] Added statistics counters to track the sizes
99f3a24e69edbb19e4fe7f2fb0a72c478f8c3cafJames Brister of incoming queries and outgoing responses in
aa79283a0d97d5d77d3c17bcb1756035eabe647aAndreas Gustafsson histogram buckets, as specified in RSSAC002.
aa79283a0d97d5d77d3c17bcb1756035eabe647aAndreas Gustafsson4155. [func] Allow RPZ rewrite logging to be configured on a
aa79283a0d97d5d77d3c17bcb1756035eabe647aAndreas Gustafsson per-zone basis using a newly introduced log clause in
aa79283a0d97d5d77d3c17bcb1756035eabe647aAndreas Gustafsson the response-policy option. [RT #39754]
aa79283a0d97d5d77d3c17bcb1756035eabe647aAndreas Gustafsson4154. [bug] A OPT record should be included with the FORMERR
aa79283a0d97d5d77d3c17bcb1756035eabe647aAndreas Gustafsson response when there is a malformed EDNS option.
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence4153. [bug] Dig should zero non significant +subnet bits. Check
0bfcec250f9705a1211d0374f0fc1049960de84bMark Andrews that non significant ECS bits are zero on receipt.
b5f24a6988e04710bee0281b03b7e168358ac868Andreas Gustafsson4152. [func] Implement DNS COOKIE option. This replaces the
379bd2c19cec393f56a2e9c42cc87fc8213a1b62James Brister experimental SIT option of BIND 9.10. The following
379bd2c19cec393f56a2e9c42cc87fc8213a1b62James Brister named.conf directives are available: send-cookie,
379bd2c19cec393f56a2e9c42cc87fc8213a1b62James Brister cookie-secret, cookie-algorithm, nocookie-udp-size
379bd2c19cec393f56a2e9c42cc87fc8213a1b62James Brister and require-server-cookie. The following dig options
0df2335526caaebd8639129fd0327a6cc97060eaDavid Lawrence are available: +[no]cookie[=value] and +[no]badcookie.
c24265935e70d17279153b3cde43e3f6c3527577Andreas Gustafsson4151. [bug] 'rndc flush' could cause a deadlock. [RT #39835]
bedfa169b4cc5511b34c0c4a54c5b8aae364babeJames Brister4150. [bug] win32: listen-on-v6 { any; }; was not working. Apply
bedfa169b4cc5511b34c0c4a54c5b8aae364babeJames Brister minimal fix. [RT #39667]
bedfa169b4cc5511b34c0c4a54c5b8aae364babeJames Brister4149. [bug] Fixed a race condition in the getaddrinfo()
bedfa169b4cc5511b34c0c4a54c5b8aae364babeJames Brister implementation in libirs, which caused the delv
bedfa169b4cc5511b34c0c4a54c5b8aae364babeJames Brister utility to crash with an assertion failure when using
d85552c450141012e7cbeaacc77fb9575b0bb4cbJames Brister the '@server' syntax with a hostname argument.
47c196192afa37b2dea728e52579779f190bf07fJames Brister4148. [bug] Fix a bug when printing zone names with '/' character
47c196192afa37b2dea728e52579779f190bf07fJames Brister in XML and JSON statistics output. [RT #39873]
47c196192afa37b2dea728e52579779f190bf07fJames Brister4147. [bug] Filter-aaaa / filter-aaaa-on-v4 / filter-aaaa-on-v6
adf82221858138f295bce732e86dcac34645692eJames Brister was returning referrals rather than nodata responses
f3b52d9fe5e7e851adecad4eec8952cceda47592Brian Wellington when the AAAA records were filtered. [RT #39843]
f3b52d9fe5e7e851adecad4eec8952cceda47592Brian Wellington4146. [bug] Address reference leak that could prevent a clean
94c5757a7a2d98b4de3e7a68cfe330d59450f09eAndreas Gustafsson shutdown. [RT #37125]
94c5757a7a2d98b4de3e7a68cfe330d59450f09eAndreas Gustafsson4145. [bug] Not all unassociated adb entries where being printed.
71a4339351de0d8233d61025a667ec4dc3e0f868James Brister4144. [func] Add statistics counters for nxdomain redirections.
71a4339351de0d8233d61025a667ec4dc3e0f868James Brister4143. [placeholder]
71a4339351de0d8233d61025a667ec4dc3e0f868James Brister4142. [bug] rndc addzone with view specified saved NZF config
71a4339351de0d8233d61025a667ec4dc3e0f868James Brister that could not be read back by named. This has now
0380c44d0238a88e167526954d630d071739ed28Mark Andrews been fixed. [RT #39845]
0380c44d0238a88e167526954d630d071739ed28Mark Andrews4141. [bug] A formatting bug caused rndc zonestatus to print
a6733246eafeb43755ce6d7ec3627ac4209cbccbMark Andrews negative numbers for large serial values. This has
a6733246eafeb43755ce6d7ec3627ac4209cbccbMark Andrews now been fixed. [RT #39854]
40817ed9c13782a7844e15dde24432611c4694acDavid Lawrence4140. [cleanup] Remove redundant nzf_remove() call during delzone.
36bcb04af27e050ddc04b2ff37dbeafc84538fd4Brian Wellington4139. [doc] Fix rpz-client-ip documentation. [RT #39783]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4138. [security] An uninitialized value in validator.c could result
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence in an assertion failure. (CVE-2015-4620) [RT #39795]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4137. [bug] Make rndc reconfig report configuration errors the
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence same way rndc reload does. [RT #39635]
9c11326b18c69b9b2fd6102d80fbd568ae6bd31eAndreas Gustafsson4136. [bug] Stale statistics counters with the leading
ed71ea51c6ecb5d7d659b6e6a20f6b3f5c2678c6David Lawrence '#' prefix (such as #NXDOMAIN) were not being
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence updated correctly. This has been fixed. [RT #39141]
c78dc8b001ba46ef1edb784635c3ba7b3e4456ceJames Brister4135. [cleanup] Log expired NTA at startup. [RT #39680]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence4134. [cleanup] Include client-ip rules when logging the number
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence of RPZ rules of each type. [RT #39670]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence4133. [port] Update how various json libraries are handled.
d5399cc351a549db957185993b320a3bffa40e41James Brister4132. [cleanup] dig: added +rd as a synonym for +recurse,
d5399cc351a549db957185993b320a3bffa40e41James Brister added +class as an unabbreviated alternative
40f349ad1f2f0a63ef2784b8affcd44dc660b39cJames Brister to +cl. [RT #39686]
40f349ad1f2f0a63ef2784b8affcd44dc660b39cJames Brister4131. [bug] Addressed further problems with reloading RPZ
ac3b769801d794993e9eb6065b2f7144ffcfc9acMark Andrews zones. [RT #39649]
69b691c9624f31e59b8d128ada902a82127c15a3James Brister4130. [bug] The compatibility shim for *printf() misprinted some
69b691c9624f31e59b8d128ada902a82127c15a3James Brister large numbers. [RT #39586]
69b691c9624f31e59b8d128ada902a82127c15a3James Brister4129. [port] Address API changes in OpenSSL 1.1.0. [RT #39532]
dba20696eb808075d849e5a4cc8d854555869fb2Brian Wellington4128. [bug] Address issues raised by Coverity 7.6. [RT #39537]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence4127. [protocol] CDS and CDNSKEY need to be signed by the key signing
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence key as per RFC 7344, Section 4.1. [RT #37215]
98c2f9a11185b8a5dd601798990612beb6d1578eJames Brister4126. [bug] Addressed a regression introduced in change #4121.
98c2f9a11185b8a5dd601798990612beb6d1578eJames Brister4125. [test] Added tests for dig, renamed delv test to digdelv.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4124. [func] Log errors or warnings encountered when parsing the
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence internal default configuration. Clarify the logging
705cb05a187558959d20ec2c31e06de8e96f61b2David Lawrence of errors and warnings encountered in rndc
705cb05a187558959d20ec2c31e06de8e96f61b2David Lawrence addzone or modzone parameters. [RT #39440]
a3c0a79b61edfd6a021c080d4b368c9c962fcad6Andreas Gustafsson4123. [port] Added %z (size_t) format options to the portable
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence internal printf/sprintf implementation. [RT #39586]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4122. [bug] The server could match a shorter prefix than what was
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence available in CLIENT-IP policy triggers, and so, an
0b056755b2f423ba5f6adac8f7851d78f7d11437David Lawrence unexpected action could be taken. This has been
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence corrected. [RT #39481]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4121. [bug] On servers with one or more policy zones
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence configured as slaves, if a policy zone updated
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence during regular operation (rather than at
174a4f7b80af7f7a33cd9a098c13af23e5ec2a28David Lawrence startup) using a full zone reload, such as via
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence AXFR, a bug could allow the RPZ summary data to
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence fall out of sync, potentially leading to an
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence assertion failure in rpz.c when further
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence incremental updates were made to the zone, such
174a4f7b80af7f7a33cd9a098c13af23e5ec2a28David Lawrence as via IXFR. [RT #39567]
0640343258a99230c62e39dfbbe1505e3a970ee8Andreas Gustafsson4120. [bug] A bug in RPZ could cause the server to crash if
dccfe96a449d135d1b3806a9ab8fd7481d017c8bAndreas Gustafsson policy zones were updated while recursion was
dccfe96a449d135d1b3806a9ab8fd7481d017c8bAndreas Gustafsson pending for RPZ processing of an active query.
d98c74e2ec5b96bd22aa4ed6d893e8993787493bMichael Graff4119. [test] Allow dig to set the message opcode. [RT #39550]
d98c74e2ec5b96bd22aa4ed6d893e8993787493bMichael Graff4118. [bug] Teach isc-config.sh about irs. [RT #39213]
d03d4524993ecf5da72694907cb8581eadbe5c4dBrian Wellington4117. [protocol] Add EMPTY.AS112.ARPA as per RFC 7534.
d03d4524993ecf5da72694907cb8581eadbe5c4dBrian Wellington4116. [bug] Fix a bug in RPZ that could cause some policy
75f6c57d9544aa77a3b1a04587b4702c07343c90Brian Wellington zones that did not specifically require
75f6c57d9544aa77a3b1a04587b4702c07343c90Brian Wellington recursion to be treated as if they did;
75f6c57d9544aa77a3b1a04587b4702c07343c90Brian Wellington consequently, setting qname-wait-recurse no; was
c8df84cb389994b4eaf549f5851e70d18e2d063fAndreas Gustafsson sometimes ineffective. [RT #39229]
f34984369fbc87f6cc5c5d1059303377a1724d79James Brister4115. [func] "rndc -r" now prints the result code (e.g.,
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence ISC_R_SUCCESS, ISC_R_TIMEOUT, etc) after
b092aef75539b462d24b460b67ac49edb79aaff8Andreas Gustafsson running the requested command. [RT #38913]
76a191c4202a4839e4ce598ec91f0c0d12f630aaAndreas Gustafsson4114. [bug] Fix a regression in radix tree implementation
76a191c4202a4839e4ce598ec91f0c0d12f630aaAndreas Gustafsson introduced by ECS code. This bug was never
76a191c4202a4839e4ce598ec91f0c0d12f630aaAndreas Gustafsson released, but it was reported by a user testing
76a191c4202a4839e4ce598ec91f0c0d12f630aaAndreas Gustafsson master. [RT #38983]
fef059dcec0f7f83b09b9ce30b91b21a51d9c481Andreas Gustafsson4113. [test] Check for Net::DNS is some system test
fef059dcec0f7f83b09b9ce30b91b21a51d9c481Andreas Gustafsson prerequisites. [RT #39369]
5f80c1428b9b7235fc9c1c80aa505457c3043504Brian Wellington4112. [bug] Named failed to load when "root-delegation-only"
5f80c1428b9b7235fc9c1c80aa505457c3043504Brian Wellington was used without a list of domains to exclude.
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington4111. [doc] Alphabetize rndc man page. [RT #39360]
b3aaa872e12e5c8658271bde8e4dd85d015e823fAndreas Gustafsson4110. [bug] Address memory leaks / null pointer dereferences
b3aaa872e12e5c8658271bde8e4dd85d015e823fAndreas Gustafsson on out of memory. [RT #39310]
b3aaa872e12e5c8658271bde8e4dd85d015e823fAndreas Gustafsson4109. [port] linux: support reading the local port range from
b3aaa872e12e5c8658271bde8e4dd85d015e823fAndreas Gustafsson net.ipv4.ip_local_port_range. [RT # 39379]
389f2ccc2f5f00a11a14114d40492f7ac8249fa7Olafur Gudmundsson4108. [func] An additional NXDOMAIN redirect method (option
389f2ccc2f5f00a11a14114d40492f7ac8249fa7Olafur Gudmundsson "nxdomain-redirect") has been added, allowing
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence redirection to a specified DNS namespace instead
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence of a single redirect zone. [RT #37989]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4107. [bug] Address potential deadlock when updating zone content.
a9bc95f22ef2dd4a12e79be99412c9f18b814a5dBrian Wellington4106. [port] Improve readline support. [RT #38938]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4105. [port] Misc fixes for Microsoft Visual Studio
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence 2015 CTP6 in 64 bit mode. [RT #39308]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4104. [bug] Address uninitialized elements. [RT #39252]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4103. [port] Misc fixes for Microsoft Visual Studio
3c8e458ed2118828b13f35ca6fcc409da66c2869David Lawrence 2015 CTP6. [RT #39267]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4102. [bug] Fix a use after free bug introduced in change
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence #4094. [RT #39281]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4101. [bug] dig: the +split and +rrcomments options didn't
19d1b1667d073850d4366352aaf8319efc5debeeBrian Wellington work with +short. [RT #39291]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4100. [bug] Inherited owernames on the line immediately following
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence a $INCLUDE were not working. [RT #39268]
20b20b23948b90cb2f7d7f402da99d09f837efd0David Lawrence4099. [port] clang: make unknown commandline options hard errors
a89b06a49cc61cdce2ce0ea0f62b514998fa16d9Andreas Gustafsson when determining what options are supported.
a89b06a49cc61cdce2ce0ea0f62b514998fa16d9Andreas Gustafsson4098. [bug] Address use-after-free issue when using a
9c987b20b9246a34f38af8ed3cd22c61040933a7Andreas Gustafsson predecessor key with dnssec-settime. [RT #39272]
7e9bfde7951c4e35bcbd0d3439790cc823a6794cAndreas Gustafsson4097. [func] Add additional logging about xfrin transfer status.
7e9bfde7951c4e35bcbd0d3439790cc823a6794cAndreas Gustafsson4096. [bug] Fix a use after free of query->sendevent.
4c9406964425ecc33fac38bb093e236b43b449e6Andreas Gustafsson4095. [bug] zone->options2 was not being properly initialized.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4094. [bug] A race during shutdown or reconfiguration could
533131b93b69c4534b5f1f9138b59211670e6e6dMichael Graff cause an assertion in mem.c. [RT #38979]
533131b93b69c4534b5f1f9138b59211670e6e6dMichael Graff4093. [func] Dig now learns the SIT value from truncated
533131b93b69c4534b5f1f9138b59211670e6e6dMichael Graff responses when it retries over TCP. [RT #39047]
533131b93b69c4534b5f1f9138b59211670e6e6dMichael Graff4092. [bug] 'in-view' didn't work for zones beneath a empty zone.
533131b93b69c4534b5f1f9138b59211670e6e6dMichael Graff4091. [cleanup] Some cleanups in isc mem code. [RT #38896]
73abbeb5823a9b3e01b05a8878db915eb6beccdaAndreas Gustafsson4090. [bug] Fix a crash while parsing malformed CAA RRs in
73abbeb5823a9b3e01b05a8878db915eb6beccdaAndreas Gustafsson presentation format, i.e., from text such as
73abbeb5823a9b3e01b05a8878db915eb6beccdaAndreas Gustafsson from master files. Thanks to John Van de
73abbeb5823a9b3e01b05a8878db915eb6beccdaAndreas Gustafsson Meulebrouck Brendgard for discovering and
538971e27d45861c937331f52b0e96d3a5157d8eAndreas Gustafsson reporting this problem. [RT #39003]
538971e27d45861c937331f52b0e96d3a5157d8eAndreas Gustafsson4089. [bug] Send notifies immediately for slave zones during
538971e27d45861c937331f52b0e96d3a5157d8eAndreas Gustafsson startup. [RT #38843]
c50936eb40263b65ebf6afe4e6556e2dc67c10e4Brian Wellington4088. [port] Fixed errors when building with libressl. [RT #38899]
8977ab7ca0ed63a39a8cd0b915ab9cb1254dcd3fJames Brister4087. [bug] Fix a crash due to use-after-free due to sequencing
8977ab7ca0ed63a39a8cd0b915ab9cb1254dcd3fJames Brister of tasks actions. [RT #38495]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4086. [bug] Fix out-of-srcdir build with native pkcs11. [RT #38831]
dc97fe4ed08488d314ab5bc8e99ed839542cf411David Lawrence4085. [bug] ISC_PLATFORM_HAVEXADDQ could be inconsistently set.
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson4084. [bug] Fix a possible race in updating stats counters.
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson4083. [cleanup] Print the number of CPUs and UDP listeners
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson consistently in the log and in "rndc status"
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson output; indicate whether threads are supported
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson in "named -V" output. [RT #38811]
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson4082. [bug] Incrementally sign large inline zone deltas.
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4080. [func] Completed change #4022, adding a "lock-file" option
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence to named.conf to override the default lock file,
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence in addition to the "named -X <filename>" command
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence line option. Setting the lock file to "none"
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence using either method disables the check completely.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4079. [func] Preserve the case of the owner name of records to
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence the RRset level. [RT #37442]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4078. [bug] Handle the case where CMSG_SPACE(sizeof(int)) !=
6fa1cb5754695d550a58c6e8978fda65f5146af7David Lawrence CMSG_SPACE(sizeof(char)). [RT #38621]
52b784e2a662038b833e4f9ad7bff881faf52a85Andreas Gustafsson4077. [test] Add static-stub regression test for DS NXDOMAIN
52b784e2a662038b833e4f9ad7bff881faf52a85Andreas Gustafsson return making the static stub disappear. [RT #38564]
edb8ffbbf3e4b3c16a10fdd45720d97706e6bf50Mark Andrews4076. [bug] Named could crash on shutdown with outstanding
edb8ffbbf3e4b3c16a10fdd45720d97706e6bf50Mark Andrews reload / reconfig events. [RT #38622]
59abb512d344bfa09012cc11b7d814966f035da4Mark Andrews4075. [placeholder]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4074. [cleanup] Cleaned up more warnings from gcc -Wshadow. [RT #38708]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4073. [cleanup] Add libjson-c version number reporting to
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence "named -V"; normalize version number formatting.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4072. [func] Add a --enable-querytrace configure switch for
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence very verbose query trace logging. (This option
a120694df8156f76eb629e4d686d3729362e3c90David Lawrence has a negative performance impact and should be
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence used only for debugging.) [RT #37520]
a120694df8156f76eb629e4d686d3729362e3c90David Lawrence4071. [cleanup] Initialize pthread mutex attrs just once, instead of
fcba8f29fedd5a29651579e22c96413b4f37cab9Brian Wellington doing it per mutex creation. [RT #38547]
f6afa4ac95f3a6c86c61c0b122cd0dc6f957649bBrian Wellington4070. [bug] Fix a segfault in nslookup in a query such as
f6afa4ac95f3a6c86c61c0b122cd0dc6f957649bBrian Wellington "nslookup isc.org AMS.SNS-PB.ISC.ORG -all".
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister4069. [doc] Reorganize options in the nsupdate man page.
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister4068. [bug] Omit unknown serial number from JSON zone statistics.
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister4067. [cleanup] Reduce noise from RRL when query logging is
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister disabled. [RT #38648]
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister4066. [doc] Reorganize options in the dig man page. [RT #38516]
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister4065. [test] Additional RFC 5011 tests. [RT #38569]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4064. [contrib] dnssec-keyset.sh: Generates a specified number
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence of DNSSEC keys with timing set to implement a
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister pre-publication key rollover strategy. Thanks
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister to Jeffry A. Spain. [RT #38459]
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister4063. [bug] Asynchronous zone loads were not handled
c0b06c8275c5ea3cde8cc67f3a6f9cab1bd55d65James Brister correctly when the zone load was already in
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister progress; this could trigger a crash in zt.c.
527ea00c176abc167a6daf978e06f52c7e70aa06Andreas Gustafsson4062. [bug] Fix an out-of-bounds read in RPZ code. If the
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence read succeeded, it doesn't result in a bug
f7d85bae58428b91fde90f87c1e9ef89897acf2eAndreas Gustafsson during operation. If the read failed, named
f7d85bae58428b91fde90f87c1e9ef89897acf2eAndreas Gustafsson could segfault. [RT #38559]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence4061. [bug] Handle timeout in legacy system test. [RT #38573]
ec7493d8d1966a3dc5f5306fc0a96519e0de6dceAndreas Gustafsson4060. [bug] dns_rdata_freestruct could be called on a
ec7493d8d1966a3dc5f5306fc0a96519e0de6dceAndreas Gustafsson uninitialized structure when handling a error.
289fd0daf888e3f7b1733bd750f60891ce90e1e6Andreas Gustafsson4059. [bug] Addressed valgrind warnings. [RT #38549]
289fd0daf888e3f7b1733bd750f60891ce90e1e6Andreas Gustafsson4058. [bug] UDP dispatches could use the wrong pseudorandom
bd36d3014e8a82d217ed1c88cdb4c717a25fee09Andreas Gustafsson number generator context. [RT #38578]
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews4057. [bug] 'dnssec-dsfromkey -T 0' failed to add ttl field.
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews4056. [bug] Expanded automatic testing of trust anchor
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews management and fixed several small bugs including
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews a memory leak and a possible loss of key state
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews information. [RT #38458]
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews4055. [func] "rndc managed-keys" can be used to check status
c052487cdf42c83bb0fa8e4c0ed135e801ac1e90Mark Andrews of trust anchors or to force keys to be refreshed,
c052487cdf42c83bb0fa8e4c0ed135e801ac1e90Mark Andrews Also, the managed keys data file has easier-to-read
dcd66bf9667816cfc3419f2040e03f5621d88555Andreas Gustafsson comments. [RT #38458]
dcd66bf9667816cfc3419f2040e03f5621d88555Andreas Gustafsson4054. [func] Added a new tool 'mdig', a lightweight clone of
dcd66bf9667816cfc3419f2040e03f5621d88555Andreas Gustafsson dig able to send multiple pipelined queries.
f4f3f2cf3499cf6c32f6329aca08b5c557f507f1Mark Andrews4053. [security] Revoking a managed trust anchor and supplying
f4f3f2cf3499cf6c32f6329aca08b5c557f507f1Mark Andrews an untrusted replacement could cause named
f4f3f2cf3499cf6c32f6329aca08b5c557f507f1Mark Andrews to crash with an assertion failure.
f4f3f2cf3499cf6c32f6329aca08b5c557f507f1Mark Andrews (CVE-2015-1349) [RT #38344]
ff8d15be4e6096329fe6ae8217d0adcabd08c94bOlafur Gudmundsson4052. [bug] Fix a leak of query fetchlock. [RT #38454]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4051. [bug] Fix a leak of pthread_mutexattr_t. [RT #38454]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4050. [bug] RPZ could send spurious SERVFAILs in response
9dff010bd0224c0eb0046e02c51947bf69cbb718David Lawrence to duplicate queries. [RT #38510]
9dff010bd0224c0eb0046e02c51947bf69cbb718David Lawrence4049. [bug] CDS and CDNSKEY had the wrong attributes. [RT #38491]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4048. [bug] adb hash table was not being grown. [RT #38470]
6a13d6f3c687d463a2a88f696a5193a5651612baAndreas Gustafsson4047. [cleanup] "named -V" now reports the current running versions
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence of OpenSSL and the libxml2 libraries, in addition to
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence the versions that were in use at build time.
c0fcd6b98bc1fe5bbd2bd1a4d729215f65e3d20fJames Brister4046. [bug] Accounting of "total use" in memory context
17d0495c338ca6273cc1e1e3fd9354ab785a9ae9Mark Andrews statistics was not correct. [RT #38370]
17d0495c338ca6273cc1e1e3fd9354ab785a9ae9Mark Andrews4045. [bug] Skip to next master on dns_request_createvia4 failure.
4c5651ee049cbace08d5350e3d23a0d6da491fa8James Brister4044. [bug] Change 3955 was not complete, resulting in an assertion
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence failure if the timing was just right. [RT #38352]
e06abf2270cc397e6a1ab8e25055e9c05f256beeJames Brister4043. [func] "rndc modzone" can be used to modify the
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence configuration of an existing zone, using similar
e06abf2270cc397e6a1ab8e25055e9c05f256beeJames Brister syntax to "rndc addzone". [RT #37895]
e411a986b94276c28e6a971f9c3b61d45c635456James Brister4042. [bug] zone.c:iszonesecure was being called too late.
c6ce77b4dccb15297f78de9e0c00d40f40ce8aa4Mark Andrews4041. [func] TCP sockets can now be shared while connecting.
c6ce77b4dccb15297f78de9e0c00d40f40ce8aa4Mark Andrews (This will be used to enable client-side support
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence of pipelined queries.) [RT #38231]
1d7172079ddd7aaad66a135a814d0013c6503837Andreas Gustafsson4040. [func] Added server-side support for pipelined TCP
1d7172079ddd7aaad66a135a814d0013c6503837Andreas Gustafsson queries. Clients may continue sending queries via
5159c427839689d5070e2f9c6c9a0168dd9f6583Mark Andrews TCP while previous queries are being processed
5159c427839689d5070e2f9c6c9a0168dd9f6583Mark Andrews in parallel. (The new "keep-response-order"
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence option allows clients to be specified for which
41da7fdc551c50cddebf2c5311e322efd793fd3bDavid Lawrence the old behavior will still be used.) [RT #37821]
5159c427839689d5070e2f9c6c9a0168dd9f6583Mark Andrews4039. [cleanup] Cleaned up warnings from gcc -Wshadow. [RT #37381]
1d7172079ddd7aaad66a135a814d0013c6503837Andreas Gustafsson4038. [bug] Add 'rpz' flag to node and use it to determine whether
dd3fc76a33569ee9d5d30effc0d975651a4567f5Andreas Gustafsson to call dns_rpz_delete. This should prevent unbalanced
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence add / delete calls. [RT #36888]
3364cad7e4699aff0b2d5090ab09a6da9733a118Andreas Gustafsson4037. [bug] also-notify was ignoring the tsig key when checking
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence for duplicates resulting in some expected notify
e2cf9c2db3fd484d160d3b7850f5e4d9c19945faJames Brister messages not being sent. [RT #38369]
e2cf9c2db3fd484d160d3b7850f5e4d9c19945faJames Brister4036. [bug] Make call to open a temporary file name safe during
dd3fc76a33569ee9d5d30effc0d975651a4567f5Andreas Gustafsson NZF creation. [RT #38331]
e2cf9c2db3fd484d160d3b7850f5e4d9c19945faJames Brister4035. [bug] Close temporary and NZF FILE pointers before moving
e2cf9c2db3fd484d160d3b7850f5e4d9c19945faJames Brister the former into the latter's place, as required on
e2cf9c2db3fd484d160d3b7850f5e4d9c19945faJames Brister Windows. [RT #38332]
dd3fc76a33569ee9d5d30effc0d975651a4567f5Andreas Gustafsson4034. [func] When added, negative trust anchors (NTA) are now
e2cf9c2db3fd484d160d3b7850f5e4d9c19945faJames Brister saved to files (viewname.nta), in order to
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence persist across restarts of the named server.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4033. [bug] Missing out of memory check in request.c:req_send.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4032. [bug] Built-in "empty" zones did not correctly inherit the
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence "allow-transfer" ACL from the options or view.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4031. [bug] named-checkconf -z failed to report a missing file
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence with a hint zone. [RT #38294]
9bb05852fed91ff3913601b7ed8e43e711aa9094David Lawrence4030. [func] "rndc delzone" is now applicable to zones that were
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence configured in named.conf, as well as zones that
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence were added via "rndc addzone". (Note, however, that
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence if named.conf is not also modified, the deleted zone
b09983678f5d116d3c8387aaeab4f2dc4deb0454David Lawrence will return when named is reloaded.) [RT #37887]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4029. [func] "rndc showzone" displays the current configuration
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence of a specified zone. [RT #37887]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4028. [bug] $GENERATE with a zero step was not being caught as a
014892d86d30b7eceb0003d51788f9b5cadfc1bfAndreas Gustafsson error. A $GENERATE with a / but no step was not being
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence caught as a error. [RT #38262]
b99d080717fdd741961d736581270d37bad8bec0David Lawrence4027. [port] Net::DNS 0.81 compatibility. [RT #38165]
97f75286ada13a1b06a424607e638bde5ebfb3caAndreas Gustafsson4026. [bug] Fix RFC 3658 reference in dig +sigchase. [RT #38173]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4025. [port] bsdi: failed to build. [RT #38047]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4024. [bug] dns_rdata_opt_first, dns_rdata_opt_next,
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence dns_rdata_opt_current, dns_rdata_txt_first,
23a09704774241d2dba059e4d9231cd3d28bb116David Lawrence dns_rdata_txt_next and dns_rdata_txt_current were
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence documented but not implemented. These have now been
358628c8f4804a2db52be0f6d03a66137fab4884David Lawrence dns_rdata_spf_first, dns_rdata_spf_next and
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence dns_rdata_spf_current were documented but not
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence implemented. The prototypes for these
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence functions have been removed. [RT #38068]
54a2e7e8a21ee765f41bd995101995613bff9e8cDavid Lawrence4023. [bug] win32: socket handling with explicit ports and
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence invoking named with -4 was broken for some
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence configurations. [RT #38068]
027212247d59c05452abb7a8b253efe52d14459eDavid Lawrence4022. [func] Stop multiple spawns of named by limiting number of
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence processes to 1. This is done by using a lockfile and
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence checking whether we can listen on any configured
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence TCP interfaces. [RT #37908]
a2605214c27439a8af2ad4bd9a8630dcfcc8152eDavid Lawrence4021. [bug] Adjust max-recursion-queries to accommodate
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence the need for more queries when the cache is
344e909ce9c59422a70105aba498e68b2d42623bDavid Lawrence empty. [RT #38104]
738922ba7bb10b206f6f54931aed068e3dcb950dDavid Lawrence4020. [bug] Change 3736 broke nsupdate's SOA MNAME discovery
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence resulting in updates being sent to the wrong server.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4019. [func] If named is not configured to validate the answer
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence then allow fallback to plain DNS on timeout even
9c4f33b6718407e94d50dbfb4977e16d3f83de9dDavid Lawrence when we know the server supports EDNS. [RT #37978]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4018. [placeholder]
c403d3f7d6cb17406e9be03a330ed5cf91619abcDavid Lawrence4017. [test] Add system test to check lookups to legacy servers
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence with broken DNS behavior. [RT #37965]
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson4016. [bug] Fix a dig segfault due to bad linked list usage.
dc91d010dbd848ab3a11815e5a3d109662a38b0cDavid Lawrence4015. [bug] Nameservers that are skipped due to them being
e3b3a046bf653d39cb5b92534a6a36fce1702d20Bob Halley CNAMEs were not being logged. They are now logged
e3b3a046bf653d39cb5b92534a6a36fce1702d20Bob Halley to category 'cname' as per BIND 8. [RT #37935]
e3b3a046bf653d39cb5b92534a6a36fce1702d20Bob Halley4014. [bug] When including a master file origin_changed was
e3b3a046bf653d39cb5b92534a6a36fce1702d20Bob Halley not being properly set leading to a potentially
e3b3a046bf653d39cb5b92534a6a36fce1702d20Bob Halley spurious 'inherited owner' warning. [RT #37919]
904463e94cafd59c8284f472ea8f58f1f311b8cbDavid Lawrence4013. [func] Add a new tcp-only option to server (config) /
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence peer (struct) to use TCP transport to send
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence queries (in place of UDP transport with a
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence TCP fallback on truncated (TC set) response).
1a7f6c3898266854db100fb2cb36418d650de8e7Brian Wellington4012. [cleanup] Check returned status of OpenSSL digest and HMAC
1a7f6c3898266854db100fb2cb36418d650de8e7Brian Wellington functions when they return one. Note this applies
1a7f6c3898266854db100fb2cb36418d650de8e7Brian Wellington only to FIPS capable OpenSSL libraries put in
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence FIPS mode and MD5. [RT #37944]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4011. [bug] master's list port and dscp inheritance was not
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence properly implemented. [RT #37792]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4010. [cleanup] Clear the prefetchable state when initiating a
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence prefetch. [RT #37399]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4009. [func] delv: added a +tcp option. [RT #37855]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4008. [contrib] Updated zkt to latest version (1.1.3). [RT #37886]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4007. [doc] Remove acl forward reference restriction. [RT #37772]
b8dd48ecf83142f6ee7238cbd68fec455e527fc8Mark Andrews4006. [security] A flaw in delegation handling could be exploited
b8dd48ecf83142f6ee7238cbd68fec455e527fc8Mark Andrews to put named into an infinite loop. This has
b8dd48ecf83142f6ee7238cbd68fec455e527fc8Mark Andrews been addressed by placing limits on the number
68e4926b2262571e004b4be00b905ec776c01d9cMichael Graff of levels of recursion named will allow (default 7),
68e4926b2262571e004b4be00b905ec776c01d9cMichael Graff and the number of iterative queries that it will
68e4926b2262571e004b4be00b905ec776c01d9cMichael Graff send (default 50) before terminating a recursive
6c7e680943ccdb75f23b050a7bc5ac0825e5244aMark Andrews query (CVE-2014-8500).
6c7e680943ccdb75f23b050a7bc5ac0825e5244aMark Andrews The recursion depth limit is configured via the
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence "max-recursion-depth" option, and the query limit
6c7e680943ccdb75f23b050a7bc5ac0825e5244aMark Andrews via the "max-recursion-queries" option. [RT #37580]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4005. [func] The buffer used for returning text from rndc
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence commands is now dynamically resizable, allowing
61e9c1cdbe29683bb2db388e4fc6a6fd59315cefDavid Lawrence arbitrarily large amounts of text to be sent back
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence to the client. (Prior to this change, it was
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence possible for the output of "rndc tsig-list" to be
8b11f3debd9a9494d5aec60ea228ab393fbdc26eDavid Lawrence truncated.) [RT #37731]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4004. [bug] When delegations had AAAA glue but not A, a
2cc1d2536d5834fbe20281068b8bd34dd1ee5337David Lawrence reference could be leaked causing an assertion
140d92622430165001bd91ba2e7d516992faeb2fMichael Sawyer failure on shutdown. [RT #37796]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4003. [security] When geoip-directory was reconfigured during
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence named run-time, the previously loaded GeoIP
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence data could remain, potentially causing wrong
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence ACLs to be used or wrong results to be served
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence based on geolocation (CVE-2014-8680). [RT #37720]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4002. [security] Lookups in GeoIP databases that were not
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence loaded could cause an assertion failure
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence (CVE-2014-8680). [RT #37679]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4001. [security] The caching of GeoIP lookups did not always
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence handle address families correctly, potentially
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence resulting in an assertion failure (CVE-2014-8680).
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence4000. [bug] NXDOMAIN redirection incorrectly handled NXRRSET
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence from the redirect zone. [RT #37722]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3999. [func] "mkeys" and "nzf" files are now named after
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence their corresponding views, unless the view name
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence contains characters that would be incompatible
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence with use in a filename (i.e., slash, backslash,
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence or capital letters). If a view name does contain
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence these characters, the files will still be named
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence using a cryptographic hash of the view name.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence Regardless of this, if a file using the old name
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence format is found to exist, it will continue to be
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence used. [RT #37704]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3998. [bug] isc_radix_search was returning matches that were
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence too precise. [RT #37680]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3997. [protocol] Add OPENGPGKEY record. [RT# 37671]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3996. [bug] Address use after free on out of memory error in
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence keyring_add. [RT #37639]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3995. [bug] receive_secure_serial holds the zone lock for too
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence long. [RT #37626]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3994. [func] Dig now supports setting the last unassigned DNS
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence header flag bit (dig +zflag). [RT #37421]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3993. [func] Dig now supports EDNS negotiation by default.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence (dig +[no]ednsnegotiation).
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence Note: This is disabled by default in BIND 9.10
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence and enabled by default in BIND 9.11. [RT #37604]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3992. [func] DiG can now send queries without questions
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence (dig +header-only). [RT #37599]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3991. [func] Add the ability to buffer logging output by specifying
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence "buffered yes;" when defining a channel. [RT #26561]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3990. [test] Add tests for unknown DNSSEC algorithm handling.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3989. [cleanup] Remove redundant dns_db_resigned calls. [RT #35748]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3988. [func] Allow the zone serial of a dynamically updatable
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence zone to be updated via "rndc signing -serial".
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3987. [port] Handle future Visual Studio 14 incompatible changes.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3986. [doc] Add the BIND version number to page footers
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence in the ARM. [RT #37398]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3985. [doc] Describe how +ndots and +search interact in dig.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3984. [func] Accept 256 byte long PINs in native PKCS#11
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence crypto. [RT #37410]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3983. [bug] Change #3940 was incomplete: negative trust anchors
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence could be set to last up to a week, but the
3e6b98586e823544344bcbbcad825d3d4485de59David Lawrence "nta-lifetime" and "nta-recheck" options were
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence still limited to one day. [RT #37522]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3982. [doc] Include release notes in product documentation.
cc5547dbcb04bdc498cf050c6104a1974f68c6eaAndreas Gustafsson3981. [bug] Cache DS/NXDOMAIN independently of other query types.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3980. [bug] Improve --with-tuning=large by self tuning of SO_RCVBUF
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence size. [RT #37187]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3979. [bug] Negative trust anchor fetches were not properly
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence managed. [RT #37488]
f6d6835ed5bb14f7d87cb9b736deadf9de2085ddAndreas Gustafsson3978. [test] Added a unit test for Diffie-Hellman key
f6d6835ed5bb14f7d87cb9b736deadf9de2085ddAndreas Gustafsson computation, completing change #3974. [RT #37477]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3977. [cleanup] "rndc secroots" reported a "not found" error when
d41c9885ecfb4be7382fd32a58ae4a9fb2056b81David Lawrence there were no negative trust anchors set. [RT #37506]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3976. [bug] When refreshing managed-key trust anchors, clear
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence any cached trust so that they will always be
38feb01f1b0a3ac65897ae63c22c27c72e8cfda1David Lawrence revalidated with the current set of secure
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence roots. [RT #37506]
802aa6f2b70cc0b4e69ef0a1dcab0a8d68a0fdeaDavid Lawrence3975. [bug] Don't populate or use the bad cache for queries that
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence don't request or use recursion. [RT #37466]
5b27fa26dd1288f61de9ace6f4ec56be63858048David Lawrence3974. [bug] Handle DH_compute_key() failure correctly in
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3973. [test] Added hooks for Google Performance Tools CPU profiler,
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley including real-time/wall-clock profiling. Use
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley "configure --with-gperftools-profiler" to enable.
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley3972. [bug] Fix host's usage statement. [RT #37397]
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley3971. [bug] Reduce the cascading failures due to a bad $TTL line
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley in named-checkconf / named-checkzone. [RT #37138]
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley3970. [contrib] Fixed a use after free bug in the SDB LDAP driver.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3969. [test] Added 'delv' system test. [RT #36901]
58bc93c3ddbdf0b2fde9b7d2b4342f90d83ec633David Lawrence3968. [bug] Silence spurious log messages when using 'named -[46]'.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3967. [test] Add test for inlined signed zone in multiple views
8fedfa7b45989d3c1715e414637bc1a96331fd14David Lawrence with different DNSKEY sets. [RT #35759]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3966. [bug] Missing dns_db_closeversion call in receive_secure_db.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3965. [func] Log outgoing packets and improve packet logging to
7da5c63dc0eaeec88aaf67b7aeee43ab0b0125baDavid Lawrence support logging the remote address. [RT #36624]
32eeec855957c3dd38f0d6c98ca79b67a71300b6Brian Wellington3964. [func] nsupdate now performs check-names processing.
f3f88c6802df4cfee59439b19a1c49637b70342dDavid Lawrence3963. [test] Added NXRRSET test cases to the "dlzexternal"
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence system test. [RT #37344]
77f372eed39827f5efef476602de7c0505f99b91David Lawrence3962. [bug] 'dig +topdown +trace +sigchase' address unhandled error
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence conditions. [RT #34663]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence BADSIG. [RT #37216]
8b7304a34c751e519ede7d00b77f1f962c0a37e4David Lawrence3960. [bug] 'dig +sigchase' could loop forever. [RT #37220]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3959. [bug] Updates could be lost if they arrived immediately
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence after a rndc thaw. [RT #37233]
cabcfd3e90a647c7bab3c5cc3ef7b36f49830787David Lawrence3958. [bug] Detect when writeable files have multiple references
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256
585529aaeb95a71cd3d95df2602a4688fc7c3292David Lawrence and ECDSAP384SHA384. [RT #37183]
d111a46c88adda33a93839f4934e127b6147d87dBob Halley3956. [func] Notify messages are now rate limited by notify-rate and
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence startup-notify-rate instead of serial-query-rate.
e49a98d47fea220023c22bcc7204f13f7f0b07feBrian Wellington3955. [bug] Notify messages due to changes are no longer queued
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington behind startup notify messages. [RT #24454]
195da2b26542b85d60308b2af35ea9966df9c3bbMichael Graff3954. [bug] Unchecked mutex init in dlz_dlopen_driver.c [RT #37112]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159]
e9a9ae4fc627f24cb960a3008f2723ba9a55b274Brian Wellington3952. [bug] dns_name_fullcompare failed to set *nlabelsp when the
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence two name pointers were the same. [RT #37176]
d1bdeae7bb7a0642170d5476c2fd901db3028143Andreas Gustafsson3951. [func] Add the ability to set yet-to-be-defined EDNS flags
d111a46c88adda33a93839f4934e127b6147d87dBob Halley to dig (+ednsflags=#). [RT #37142]
d111a46c88adda33a93839f4934e127b6147d87dBob Halley3950. [port] Changed the bin/python Makefile to work around a
d111a46c88adda33a93839f4934e127b6147d87dBob Halley bmake bug in FreeBSD 10 and NetBSD 6. [RT #36993]
9e53cbca72767d0c91962b7a01650ea07d7398ddMark Andrews3949. [experimental] Experimental support for draft-andrews-edns1 by sending
585529aaeb95a71cd3d95df2602a4688fc7c3292David Lawrence EDNS(1) queries (define DRAFT_ANDREWS_EDNS1 when
9e53cbca72767d0c91962b7a01650ea07d7398ddMark Andrews building). Add support for limiting the EDNS version
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence advertised to servers: server { edns-version 0; };
2d0c5f1eada2015324cb89c11c7c5c11cccb493fAndreas Gustafsson Log the EDNS version received in the query log.
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff3948. [port] solaris: RCVBUFSIZE was too large on Solaris with
c6adcd09c8d5c0acd47a8dccb8061bb1105cad95Michael Graff --with-tuning=large. [RT #37059]
b5fff54fe9335b20c02d749831fc0eaeda97198fBrian Wellington3947. [cleanup] Set the executable bit on libraries when using
15a0ed30600ea88fe1227233155586f0c3c6cc34Bob Halley libtool. [RT #36786]
15a0ed30600ea88fe1227233155586f0c3c6cc34Bob Halley3946. [cleanup] Improved "configure" search for a python interpreter.
53c892082e4dd70a12bb5badd81a9e939d7e6efdBrian Wellington3945. [bug] Invalid wildcard expansions could be incorrectly
b5fff54fe9335b20c02d749831fc0eaeda97198fBrian Wellington accepted by the validator. [RT #37093]
b5fff54fe9335b20c02d749831fc0eaeda97198fBrian Wellington3944. [test] Added a regression test for "server-id". [RT #37057]
b5fff54fe9335b20c02d749831fc0eaeda97198fBrian Wellington3943. [func] SERVFAIL responses can now be cached for a
b5fff54fe9335b20c02d749831fc0eaeda97198fBrian Wellington limited time (configured by "servfail-ttl",
3ae757933270e8298a6c1c5f9dfd30a4d852972cAndreas Gustafsson default 10 seconds, limit 30). This can reduce
3ae757933270e8298a6c1c5f9dfd30a4d852972cAndreas Gustafsson the frequency of retries when an authoritative
3ae757933270e8298a6c1c5f9dfd30a4d852972cAndreas Gustafsson server is known to be failing, e.g., due to
3ae757933270e8298a6c1c5f9dfd30a4d852972cAndreas Gustafsson ongoing DNSSEC validation problems. [RT #21347]
b61bbad878d0ac563a093525aa826cdba0fd43bfMark Andrews3942. [bug] Wildcard responses from a optout range should be
b61bbad878d0ac563a093525aa826cdba0fd43bfMark Andrews marked as insecure. [RT #37072]
26c86a6fc85c89447d23d4a3e34b11157a2ff6f4Andreas Gustafsson3941. [doc] Include the BIND version number in the ARM. [RT #37067]
4716e94840921878b26e493576f84afe4fe08752Mark Andrews3940. [func] "rndc nta" now allows negative trust anchors to be
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence set for up to one week. [RT #37069]
622af581bd08a61d12c70f80b1d40d0d9c8a1fa3David Lawrence3939. [func] Improve UPDATE forwarding performance by allowing TCP
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence connections to be shared. [RT #37039]
b4b032ab5a3d0e96e7c752e232e3050e8806b8cbBob Halley3938. [func] Added quotas to be used in recursive resolvers
0e9c5d24d25cb77a6935abf9247734b576626c9fBob Halley that are under high query load for names in zones
0e9c5d24d25cb77a6935abf9247734b576626c9fBob Halley whose authoritative servers are nonresponsive or
3886e748a4086b813e3453232a742903762fedadBob Halley are experiencing a denial of service attack.
3886e748a4086b813e3453232a742903762fedadBob Halley - "fetches-per-server" limits the number of
3886e748a4086b813e3453232a742903762fedadBob Halley simultaneous queries that can be sent to any
3886e748a4086b813e3453232a742903762fedadBob Halley single authoritative server. The configured
3886e748a4086b813e3453232a742903762fedadBob Halley value is a starting point; it is automatically
b4b032ab5a3d0e96e7c752e232e3050e8806b8cbBob Halley adjusted downward if the server is partially or
b4b032ab5a3d0e96e7c752e232e3050e8806b8cbBob Halley completely non-responsive. The algorithm used to
b4b032ab5a3d0e96e7c752e232e3050e8806b8cbBob Halley adjust the quota can be configured via the
b4b032ab5a3d0e96e7c752e232e3050e8806b8cbBob Halley "fetch-quota-params" option.
b4b032ab5a3d0e96e7c752e232e3050e8806b8cbBob Halley - "fetches-per-zone" limits the number of
ce0004744d2c232581af53cbc6201f4ec4cf1f1cBrian Wellington simultaneous queries that can be sent for names
ce0004744d2c232581af53cbc6201f4ec4cf1f1cBrian Wellington within a single domain. (Note: Unlike
ce0004744d2c232581af53cbc6201f4ec4cf1f1cBrian Wellington "fetches-per-server", this value is not
ce0004744d2c232581af53cbc6201f4ec4cf1f1cBrian Wellington self-tuning.)
ce0004744d2c232581af53cbc6201f4ec4cf1f1cBrian Wellington - New stats counters have been added to count
ce0004744d2c232581af53cbc6201f4ec4cf1f1cBrian Wellington queries spilled due to these quotas.
b4b4adc097365bd3f980b30bc7cc30199f4b8456Andreas Gustafsson See the ARM for details of these options. [RT #37125]
b4b4adc097365bd3f980b30bc7cc30199f4b8456Andreas Gustafsson3937. [func] Added some debug logging to better indicate the
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley conditions causing SERVFAILs when resolving.
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley3936. [func] Added authoritative support for the EDNS Client
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley Subnet (ECS) option.
83a39d3f3c9b9966bc060d46e8e419adb004888aAndreas Gustafsson ACLs can now include "ecs" elements which specify
8426878e988859184706f36e2229e24e77b80aa4Andreas Gustafsson an address or network prefix; if an ECS option is
8426878e988859184706f36e2229e24e77b80aa4Andreas Gustafsson included in a DNS query, then the address encoded
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence in the option will be matched against "ecs" ACL
7c0e50b5623a6ffc9e3986e129f8ca6bae9aabfaBrian Wellington Also, if an ECS address is included in a query,
7c0e50b5623a6ffc9e3986e129f8ca6bae9aabfaBrian Wellington then it will be used instead of the client source
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence address when matching "geoip" ACL elements. This
a25310fd1dce652cdebba2b3dbc5d38cc3706745Andreas Gustafsson behavior can be overridden with "geoip-use-ecs no;".
a25310fd1dce652cdebba2b3dbc5d38cc3706745Andreas Gustafsson (Note: to enable "geoip" ACLs, use "configure
a25310fd1dce652cdebba2b3dbc5d38cc3706745Andreas Gustafsson --with-geoip". This requires libGeoIP version
42712a426dd62518ca7c36982867e5622f7265e7Michael Graff 1.5.0 or higher.)
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence When "ecs" or "geoip" ACL elements are used to
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence select a view for a query, the response will include
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence an ECS option to indicate which client network the
e6a6c0a5d6393d3a7f75b486f16e4ef15c4857bbDavid Lawrence answer is valid for.
11a898e05092e8477fbfe1a245c1c5871a846638Andreas Gustafsson (Thanks to Vincent Bernat.) [RT #36781]
5d4f11b265c396d71ec2162a632e620425481a9eDavid Lawrence3935. [bug] "geoip asnum" ACL elements would not match unless
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence the full organization name was specified. They
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence can now match against the AS number alone (e.g.,
b295930144c8782e84528dcd355153ae5a5d66e8David Lawrence AS1234). [RT #36945]
0bcb1d4d630f8d7547ee62870e1b059827cc1c8aDavid Lawrence3934. [bug] Catch bad 'sit-secret' in named-checkconf. Improve
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence sit-secret documentation. [RT #36980]
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister3933. [bug] Corrected the implementation of dns_rdata_casecompare()
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister for the HIP rdata type. [RT #36911]
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister3932. [test] Improved named-checkconf tests. [RT #36911]
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister3931. [cleanup] Cleanup how dlz grammar is defined. [RT #36879]
6253eaa03c49aac035bdd8b1d9ec4853b45e94a0Andreas Gustafsson3930. [bug] "rndc nta -r" could cause a server hang if the
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister NTA was not found. [RT #36909]
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister3929. [bug] 'host -a' needed to clear idnoptions. [RT #36963]
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister3928. [test] Improve rndc system test. [RT #36898]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3927. [bug] dig: report PKCS#11 error codes correctly when
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence compiled with --enable-native-pkcs11. [RT #36956]
7b2db4b8d13e3d8bc81419ffcc8b39de8193ef63David Lawrence3926. [doc] Added doc for geoip-directory. [RT #36877]
9e7c9ad159b581714c67148c3c698c12730d7ef7James Brister3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917]
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson3924. [bug] Improve 'rndc addzone' error reporting. [RT #35187]
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson3923. [bug] Sanity check the xml2-config output. [RT #22246]
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson3922. [bug] When resigning, dnssec-signzone was removing
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson all signatures from delegation nodes. It now
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson retains DS and (if applicable) NSEC signatures.
404e3e4738e97d5dff48fab1e76839e963cb16a6Brian Wellington3921. [bug] AD was inappropriately set on RPZ responses. [RT #36833]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3920. [doc] Added doc for masterfile-style. [RT #36823]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3919. [bug] dig: continue to next line if a address lookup fails
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence in batch mode. [RT #36755]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3918. [doc] Update check-spf documentation. [RT #36910]
7d1d130f4fe1b7485142c4f55a4ef3760b5fa30aBrian Wellington3917. [bug] dig, nslookup and host now continue on names that are
7d1d130f4fe1b7485142c4f55a4ef3760b5fa30aBrian Wellington too long after applying a search list elements.
d9cc295339982d8d86075ab4285cc700d354e2eeBob Halley3916. [contrib] zone2sqlite checked wrong result code. Address
d9cc295339982d8d86075ab4285cc700d354e2eeBob Halley compiler warnings. [RT #36931]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3915. [bug] Address a assertion if a route event arrived while
9ac79ef3f89b23d80f9649abf71fdc65bb7a8b62David Lawrence shutting down. [RT #36887]
a6a0b5e9b7078887a73ecec8be2935daa287a389James Brister3914. [bug] Allow the URI target and CAA value fields to
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence be zero length. [RT #36737]
be768c2e952c34438025999125f984995a2c675fBob Halley3913. [bug] Address race issue in dispatch. [RT #36731]
da6affdf7dd677a636155e4a41f6de416a2d815bBob Halley3912. [bug] Address some unrecoverable lookup failures. [RT #36330]
da6affdf7dd677a636155e4a41f6de416a2d815bBob Halley3911. [func] Implement EDNS EXPIRE option client side, allowing
da6affdf7dd677a636155e4a41f6de416a2d815bBob Halley a slave server to set the expiration timer correctly
da6affdf7dd677a636155e4a41f6de416a2d815bBob Halley when transferring zone data from another slave
be768c2e952c34438025999125f984995a2c675fBob Halley server. [RT #35925]
be768c2e952c34438025999125f984995a2c675fBob Halley3910. [bug] Fix races to free event during shutdown. [RT #36720]
01e320c4fb51c802e9fe86c192fbebf4229ca918Bob Halley3909. [bug] When computing the number of elements required for a
19e0c849f69ad8b655b4d199e16de0a4a94562d6Bob Halley acl count_acl_elements could have a short count leading
19e0c849f69ad8b655b4d199e16de0a4a94562d6Bob Halley to a assertion failure. Also zero out new acl elements
19e0c849f69ad8b655b4d199e16de0a4a94562d6Bob Halley in dns_acl_merge. [RT #36675]
9ac79ef3f89b23d80f9649abf71fdc65bb7a8b62David Lawrence3908. [bug] rndc now differentiates between a zone in multiple
01e320c4fb51c802e9fe86c192fbebf4229ca918Bob Halley views and a zone that doesn't exist at all. [RT #36691]
01e320c4fb51c802e9fe86c192fbebf4229ca918Bob Halley3907. [cleanup] Alphabetize rndc help. [RT #36683]
dd6132005a5c48dea642c2ed0507bf472c8ee9bbJames Brister3906. [protocol] Update URI record format to comply with
dd6132005a5c48dea642c2ed0507bf472c8ee9bbJames Brister draft-faltstrom-uri-08. [RT #36642]
d6d18435cd47a57f43af2eab835d0f6b7a76f2bdAndreas Gustafsson3905. [bug] Address deadlock between view.c and adb.c. [RT #36341]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3904. [func] Add the RPZ SOA to the additional section. [RT36507]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3903. [bug] Improve the accuracy of DiG's reported round trip
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence time. [RT 36611]
3f46e84f9ff264cac8c07c2136a507827afb2760James Brister3902. [bug] liblwres wasn't handling link-local addresses in
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence nameserver clauses in resolv.conf. [RT #36039]
3f46e84f9ff264cac8c07c2136a507827afb2760James Brister3901. [protocol] Added support for CAA record type (RFC 6844).
fdb12d38d325efba64581bdee7fac188466fff55Bob Halley3900. [bug] Fix a crash in PostgreSQL DLZ driver. [RT #36637]
fdb12d38d325efba64581bdee7fac188466fff55Bob Halley3899. [bug] "request-ixfr" is only applicable to slave and redirect
fdb12d38d325efba64581bdee7fac188466fff55Bob Halley zones. [RT #36608]
43a5758df763a04d907a8b406e89a96f5c207a9cBrian Wellington3898. [bug] Too small a buffer in tohexstr() calls in test code.
c73aafe6016ed1a7a6972681148cedf6a48a21bcBrian Wellington3897. [bug] RPZ summary information was not properly being updated
c73aafe6016ed1a7a6972681148cedf6a48a21bcBrian Wellington after a AXFR resulting in changes sometimes being
c73aafe6016ed1a7a6972681148cedf6a48a21bcBrian Wellington ignored. [RT #35885]
99b80297d416ebb722b2515023c51b3aacdc1fb9Bob Halley3896. [bug] Address performance issues with DSCP code on some
99b80297d416ebb722b2515023c51b3aacdc1fb9Bob Halley platforms. [RT #36534]
99b80297d416ebb722b2515023c51b3aacdc1fb9Bob Halley3895. [func] Add the ability to set the DSCP code point to dig.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3894. [bug] Buffers in isc_print_vsnprintf were not properly
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence initialized leading to potential overflows when
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence printing out quad values. [RT #36505]
3880. [test] Update ans.pl to work with new TSIG support in
3841. [cleanup] Refactor zone.c:add_opt to use dns_message_buildopt.
"debug" options when set in /etc/resolv.conf.
3805. [contrib] Added contrib/perftcpdns, a performance testing tool
3804. [bug] Corrected a race condition in dispatch.c in which
3794. [maint] Added AAAA for C.ROOT-SERVERS.NET.
3793. [bug] zone.c:save_nsec3param() could assert when out of
a TSIG key in named.conf format without comments.
3767. [func] Log explicitly when using rndc.key to configure
3764. [bug] The dnssec-keygen/settime -S and -i options
containing the specified address/prefix when
3719. [bug] Address memory leak in in peer.c. [RT #35255]
3718. [bug] A missing ISC_LINK_INIT in log.c. [RT #35260]
"testcrypto.sh" script to do so. [RT #35213]
3708. [bug] Address a portentry locking issue in dispatch.c.
on a missing resolv.conf file and initializes the
result = irs_resconf_load(mctx, "/etc/resolv.conf",
special URLs http://<server>:<port>/xml/v3/server,
3695. [bug] Address a possible race in dispatch.c. [RT #35107]
3668. [bug] Fix cast in lex.c which could see 0xff treated as eof.
3660. [cleanup] Changed the name of "isc-config.sh" to "bind9-config".
3659. [port] solaris: don't add explicit dependencies/rules for
3614. [port] Check for <linux/types.h>. [RT #34162]
3608. [port] win32: added todos.pl script to ensure all text files
3603. [bug] Install <isc/stat.h>. [RT #33956]
trigger an assertion failure in resolver.c
3580. [bug] Addressed a possible race in acache.c [RT #33602]
description in the named.conf man page. [RT #33476]
3560. [bug] isc-config.sh did not honor includedir and libdir
3556. [maint] Added AAAA for D.ROOT-SERVERS.NET.
3555. [bug] Address theoretical race conditions in acache.c
3551. [bug] resolver.querydscp[46] were uninitialized. [RT #32686]
3548. [bug] The NSID request code in resolver.c was broken
3544. [contrib] check5011.pl: Script to report the status of
managed keys as recorded in managed-keys.bind.
options which take a "port" option (e.g.,
3521. [bug] Address memory leak in opensslecdsa_link.c. [RT #32249]
3518. [bug] Increase the size of dns_rrl_key.s.rtype by one bit
3497. [func] When deleting a slave/stub zone using 'rndc delzone'
dlzdb.link. When cloning a rdataset do not copy
3485. [cleanup] Only compile openssl_gostlink.c if we support GOST.
3473. [bug] dnssec-signzone/verify could incorrectly report
3459. [func] Added -J option to named-checkzone/named-compilezone
3449. [bug] gen.c: use the pre-processor to construct format
3447. [port] Add support for libxml2-2.9.x [RT #32231]
3441. [maint] D.ROOT-SERVERS.NET is now 199.7.91.13.
3436. [bug] Check malloc/calloc return values. [RT #32088]
3409. [contrib] contrib/dane/mkdane.sh: Tool to generate TLSA RR's
3406. [bug] mem.c: Fix compilation errors when building with
zone.c [RT #30675]
3362. [bug] Setting some option values to 0 in named.conf
3357. [port] Add support for libxml2-2.8.x [RT #30440]
to ensure correctness of signatures and of NSEC/NSEC3
- add a RPZ performance test to bin/tests/system/rpz
3328. [bug] Fixed inconsistent data checking in dst_parse.c.
zone.c:zone_gotwritehandle. [RT #29028]
3309. [bug] resolver.c:fctx_finddone() was not thread safe.
3300. [bug] Named could die if gssapi was enabled in named.conf
client.c:exit_check. [RT #28346]
3294. [bug] isccc/cc.c:table_fromwire failed to free alist on
3290. [bug] <isc/hmacsha.h> was not being installed. [RT #28169]
3287. [port] Update ans.pl to work with Net::DNS 0.68. [RT #28028]
rbtnode.deadlink. [RT #27738]
lib/dns/rbtdb.c:iszonesecure. [RT #26913]
3233. [bug] 'rndc freeze/thaw' didn't work for inline zones.
3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478]
3212. [bug] rbtdb.c: failed to remove a node from the deadnodes
3201. [func] 'rndc querylog' can now be given an on/off parameter
dnssec.h. [RT #26415]
3188. [bug] zone.c:zone_refreshkeys() could fail to detach
3186. [bug] Version/db mis-match in rpz code. [RT #26180]
sample external DLZ module in contrib/dlz/example.
- replace "NO-OP" named.conf policy override with
3169. [func] Catch db/version mis-matches when calling dns_db_*().
3163. [bug] Use finer-grained locking in client.c to address
3161. [bug] zone.c:del_sigs failed to always reset rdata leading
drivers (e.g., mysql, postgresql, etc). [RT #25710]
3145. [test] Capture output of ATF unit tests in "./atf.out" if
3093. [bug] Fix gssapi/kerberos dependencies [RT #23836]
3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
and add setup.sh in order to resolve changing
named.conf issue. [RT #23687]
3077. [bug] zone.c:zone_refreshkeys() incorrectly called
update.c:next_active. [RT #20256]
select the master/slave zones. [RT #23580]
- "dig +split=X" breaks hex/base64 records into
named.pid at startup. [RT #23290]
validator.c. Tests added to dnssec system test.
3038. [bug] Install <dns/rpz.h>. [RT #23342]
3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
3026. [bug] lib/isc/httpd.c: check that we have enough space
to 10. Allow setting this in named.conf using the new
in the named.conf options. [RT #21727]
3000. [bug] More TKEY/GSS fixes:
2992. [contrib] contrib/check-secure-delegation.pl: A simple tool
2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for
2987. [func] Improve ease of configuring TKEY/GSS updates by
zone, but the nameserver names and/or their IP
2978. [port] hpux: look for <devpoll.h> [RT #21919]
2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
2973. [bug] bind.keys.h was being removed by the "make clean"
(e.g. "%-1c"). [RT #22270]
2962. [port] win32: add more dependencies to BINDBuild.dsw.
2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
interfaces at reboot. See bin/tests/system/README
support for addzone/delzone feature (see change
new-zone-file in named.conf; this happens
2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
option at the view or options level in named.conf.
into named.conf in the appropriate view. (Note:
2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
was specified in named.conf. [RT #21416]
2903. [bug] managed-keys-directory missing from namedconf.c.
2893. [bug] Improve managed keys support. New named.conf option
2873. [bug] Canceling a dynamic update via the dns/client module
2872. [bug] Modify dns/client.c:dns_client_createx() to only
2871. [bug] Type mismatch in mem_api.c between the definition and
2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
2865. [bug] memset to zero event.data. [RT #20986]
2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
README.rfc5011 into the ARM. [RT #20899]
2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
2829. [bug] Fixed potential node inconsistency in rbtdb.c.
2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
2822. [bug] rbtdb.c:loadnode() could return the wrong result.
atomic.h is correctly installed by the architecture
(i.e., built without --enable-exportlib). [RT #20679]
named.conf: check-dup-records {ignore|warn|fail};
2794. [bug] Install <isc/namespace.h>. [RT #20677]
2791. [bug] The installation of isc-config.sh was broken.
2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
2770. [cleanup] Add log messages to resolver.c to indicate events
2756. [bug] Fixed corrupt logfile message in update.c. [RT #20597]
2746. [port] hpux: address signed/unsigned expansion mismatch of
dns_rbtnode_t.nsec. [RT #20542]
validator.c. [RT #19589]
2725. [doc] Added information about the file "managed-keys.bind"
2719. [func] Skip trusted/managed keys for unsupported algorithms.
2717. [bug] named failed to update the NSEC/NSEC3 record when
2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
2711. [port] win32: Add the bin/pkcs11 tools into the full
by the named.conf option 'secure-to-insecure'.
(i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
2699. [bug] Missing lock in rbtdb.c. [RT #20037]
S_IFREG are defined after including <isc/stat.h>.
2695. [func] DHCP/DDNS - update fdwatch code for use by
2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
2679. [func] dig -k can now accept TSIG keys in named.conf
- New "inactive" date (dnssec-keygen/settime -I)
2673. [bug] The managed-keys.bind zone file could fail to
2664. [bug] create_keydata() and minimal_update() in zone.c
applications. See README.libdns. [RT #19369]
2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
2632. [func] util/kit.sh: warn if documentation appears to be out of
2628. [port] linux: Allow /var/run/named/named.pid to be opened
2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
2617. [bug] ifconfig.sh failed to emit an error message when
2616. [bug] 'host' used the nameservers from resolv.conf even
configuration text for named.conf
from a NSEC3 signed master/slave zone. [RT #19464]
2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
2590. [func] Report zone/class of "update with no effect".
2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
of "dnssec-lookaside . trust-anchor dlv.isc.org;"
plus setting a trusted-key for dlv.isc.org.
by) $sysconfdir/bind.keys. As the ISC DLV key
the bind.keys file with a key downloaded from
https://www.isc.org/solutions/dlv. [RT #18685]
2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
2548. [bug] Install iterated_hash.h. [RT #19335]
2547. [bug] openssl_link.c:mem_realloc() could reference an
2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
2538. [bug] cache/ADB memory could grow over max-cache-size,
2519. [bug] dig/host with -4 or -6 didn't work if more than two
preceded in resolv.conf. [RT #19081]
document function in <isc/radix.h>. [RT #18534]
2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
are now /var/run/named/named.pid and
/var/run/lwresd/lwresd.pid respectively.
2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
specified in named.conf doesn't seem to work with
2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
2455. [bug] Stop metadata being transferred via axfr/ixfr.
2452. [func] Improve bin/test/journalprint. [RT #18316]
epoll and /dev/poll to be selected at compile
completion event send out canceled read/write
in rbtdb.c. [RT #18455]
2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
temporary, named.conf option reserved-sockets,
assertion in acl.c. [RT #18166]
2390. [bug] dispatch.c could make a false warning on 'odd socket'.
2387. [bug] Silence compiler warnings in lib/isc/radix.c.
2385. [bug] A condition variable in socket.c could leak in
2381. [port] dlz/mysql: support multiple install layouts for
mysql. <prefix>/include/{,mysql/}mysql.h and
2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
Documentation is in the new README.pkcs11 file.
were set at both the options/view level and in
named.conf. [RT #17581]
See <isc/mem.h> for details.
2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
rbtdb.c. Implement dead node processing in zones as
lib/dns/rdata/in_1/apl_42.c. [RT #17469]
2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
addresses in acl.c. [RT #17519]
bin/named/lwdnoop.c. [RT #17476]
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
debug/fatal messages. [RT #17501]
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
2306. [bug] Remove potential race from lib/dns/resolver.c.
2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
bin/tests/system/lwresd/lwtest.c. [RT #17474]
bin/tests/names/t_names.c. [RT #17473]
bin/nsupdate/nsupdate.c. [RT #17475]
bin/tests/timers/t_timers.c. [RT #17468]
bin/tests/dst/t_dst.c. [RT #17467]
2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
2276. [bug] Install <dst/gssapi.h>. [RT #17359]
stub/slave master and journal files. [RT #17279]
2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
2266. [bug] client.c:get_clientmctx() returned the same mctx
2257. [bug] win32: Use the full path to vcredist_x86.exe when
bindevt.dll. [RT #17159]
2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
2254. [bug] timer.c:dispatch() failed to lock timer->lock
2247. [doc] Sort doc/misc/options. [RT #17067]
2246. [bug] Make the startup of test servers (ans.pl) more
2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
If allow-query-cache is not set in named.conf then
If allow-recursion is not set in named.conf then
2194. [bug] Close journal before calling 'done' in xfrin.c.
2193. [port] win32: BINDInstall.exe is now linked statically.
2192. [port] win32: use vcredist_x86.exe to install Visual
2184. [bug] bind9.xsl.h didn't build out of the source tree.
2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
need to ship Microsoft.VC80.MFCLOC.
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
Fix a memory leak in rbtdb.c:free_noqname().
Make lookup.c:lookup_find() robust against
2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
dighost.c:get_trusted_key(). [RT #16678]
hmac_link.c. [RT #16437]
2145. [bug] Check DS/DLV digest lengths for known digests.
2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
in adb.c. [RT #16670]
2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2137. [port] Mips little endian and/or mips 64 bit are now
2136. [bug] nslookup/host looped if there was no search list
2135. [bug] Uninitialized rdataset in sdlz.c. [RT #16656]
2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
2114. [bug] dig/host/nslookup: searches for names with multiple
2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
2103. [port] Add /usr/sfw to list of locations for OpenSSL
2100. [port] win32: copy libeay32.dll to Build\Debug.
2098. [bug] Race in rbtdb.c:no_references(), which occasionally
if resolv.conf does not exist or no nameservers
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
2085. [doc] win32: added index.html and README to zip. [RT #16201]
2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
2080. [port] libbind: res_init.c did not compile on older versions
2076. [bug] Several files were missing #include <config.h>
of authoritative servers that drop EDNS and/or CD
2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
2043. [port] nsupdate/nslookup: Force the flushing of the prompt
2038. [bug] dig/nslookup/host was unlinking from wrong list
a non slave/stub zone. [RT # 16073]
2028. [port] linux: socket.c compatibility for old systems.
2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
2008. [func] It is now possible to enable/disable DNSSEC
breaks DNSSEC (firewall/proxy). [RT #15592]
2003. [bug] libbind: The DNS name/address lookup functions could
1988. [bug] Remove a bus error from the SHA256/SHA512 support.
1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
1981. [bug] win32: condition.c:wait() could fail to reattain
1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
now be set in named.conf (max-udp-size). This is
xfrin.c:maybe_free() if named ran out of memory.
1944. [cleanup] isc_hash_create() does not need a read/write lock.
1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
1922. [bug] check-tool.c:setup_logging() missing call to
1919. [contrib] queryperf: a set of new features: collecting/printing
'RD' was set in the query. host/nslookup skip servers
1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
1866. [bug] resolv.conf parse errors were being ignored by
dig/host/nslookup. [RT #14841]
1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
when CFLAGS contains "-I /usr/local/include"
1839. [bug] <isc/hash.h> was not being installed.
1836. [cleanup] Silence compiler warnings in hash_test.c.
1834. [bug] Bad memset in rdata_test.c. [RT #13658]
rbtdb.c:subtractrdataset(). [RT #13519]
option in named.conf can be used to specify a
1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
1810. [bug] configure, lib/bind/configure make different default
1808. [bug] zone.c:notify_zone() contained a race condition,
1788. [bug] libbind9.la/libbind9.so needs to link against
1785. [bug] libbind9.la/libbind9.so needs to link against
1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
file clause for rbt{64} master/hint zones. [RT #13009]
1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
1748. [func] dig now returns the byte count for axfr/ixfr.
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
1745. [bug] Dig/host/nslookup accept replies from link locals
1731. [port] darwin: relax version test in ifconfig.sh.
1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
1717. [port] solaris: ifconfig.sh did not support Solaris 10.
"ifconfig.sh down" didn't work for Solaris 9.
1716. [doc] named.conf(5) was being installed in the wrong
1714. [bug] dig/host/nslookup were only trying the first
1707. [contrib] sdb/ldap updated to version 1.0-beta.
1705. [func] Allow the journal's name to be changed via named.conf.
"#include <isc/print.h>". [RT #12321]
1701. [doc] A minimal named.conf man page.
are defined in named.conf. [RT #12023]
/usr/lib. [RT #11971]
1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
adb.c:set_target(). [RT #11582]
1648. [func] Update dnssec-lookaside named.conf syntax to support
1625. [bug] named failed to load/transfer RFC2535 signed zones
1612. [bug] check-names at the option/view level could trigger
1599. [bug] Fix memory leak on error path when checking named.conf.
DNSSEC specify "dnssec-enable yes;" in named.conf.
1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
1566. [port] Support for the cmsg framework on Solaris and HP/UX.
were specified in /etc/resolv.conf. [RT #8232]
1551. [port] Open "/dev/null" before calling chroot().
1532. [port] netbsd: the configure test for <sys/sysctl.h>
requires <sys/param.h>.
1517. [port] Support for IPv6 interface scanning on HP/UX and
only (e.g. DE, LV, US and MUSEUM) these can be excluded
1503. [port] win32: install libeay32.dll outside of system32.
named.conf, tcp-listen-queue.
1498. [port] bsdos: 5.x support.
1478. [port] ifconfig.sh didn't account for other virtual
1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
doc/misc/options. [RT #5616]
via named.conf (edns-udp-size).
1425. [port] linux/libbind: define __USE_MISC when testing *_r()
function prototypes in netdb.h. [RT #4921]
1422. [func] Log name/type/class when denying a query. [RT #4663]
1419. [port] openbsd: use /dev/arandom. [RT #4950]
1417. [func] ID.SERVER/CHAOS is now a built in zone.
1410. [func] Handle records that live in the parent zone, e.g. DS.
1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
'recursing-file = "named.recursing";'.
1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
1353. [contrib] sdb/ldap to version 0.9.
in socket.c and eliminating a host of socket
1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
1336. [func] Nibble lookups under IP6.ARPA are now supported by
1334. [bug] When signing/verifying rdatasets, duplicate rdatas
1326. [bug] DNAME/CNAME signatures were not being cached when
1324. [port] darwin: ifconfig.sh now supports darwin.
1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
1276. [bug] libbind: const pointer conflicts in res_debug.c.
1269. [port] Openserver: ifconfig.sh support.
<sys/param.h> is included or not. Be consistent.
1247. [bug] Don't reset the interface index for link/site local
1234. [bug] contrib/sdb: 'zonetodb' failed to call
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
at the named.conf checking stage. [RT #2431]
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
lib/dns to use this function instead of local one.
occurs when parsing named.conf. [RT #2275]
1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
1145. [func] "host" no longer reports a NOERROR/NODATA response
named/lwresd at compile time. [RT #1982]
1119. [func] Added support in Win32 for NTFS file/directory ACL's
could cause an assertion failure in resolver.c
violation in adb.c. [RT #2017]
1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
1088. [port] libbind: MPE/iX C.70 (incomplete)
on load/reload if views were used. [RT #1947]
1041. [bug] Dig/host/nslookup could catch an assertion failure
1032. [func] hostname.bind/txt/chaos now returns the name of
1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
1030. [bug] On systems with no resolv.conf file, nsupdate
1029. [bug] Some named.conf errors did not cause the loading
1002. [bug] When reporting an unknown class name in named.conf,
972. [bug] The file modification time code in zone.c was using the
non-existent nlist.h. [RT #1640]
957. [bug] sys/select.h inclusion was broken on older platforms.
in named/win32/os.c due to code changes in
updated to add include path for os.h header.
953. [func] The /var/run/named.key file from change #843
has been replaced by /etc/rndc.key. Both
method (rndc.conf / controls). Unlike
bin/tests. [RT #1555].
946. [cleanup] doc/misc/options is now machine-generated from the
when installing isc-config.sh.
were not accepted in named.conf. [RT #1469]
and added lib/isc/win32/entropy.c.
900. [bug] A config.guess update changed the system identification
bin/tests/system/ifconfig.sh now recognize the new
899. [bug] lib/dns/soa.c failed to compile on many platforms
897. [bug] A config.guess update changed the system identification
to Darwin. This was derived from the config.guess
849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
just as <lwres/net.h> does.
843. [func] If no controls statement is present in named.conf,
generated by named and an rndc.conf-style file
named named.key will be written that uses it. rndc
838. [port] UnixWare 7.x.x is now suported by
833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
<dns/soa.h>, and extended them to support
832. [bug] The default location for named.conf in named-checkconf
825. [bug] zone.c:ns_query() detached from the wrong zone
character (i.e. "/") in its name and the directory
down-cased when signing/verifying records. [RT #1186]
in rndc.conf.
786. [bug] When DNSSEC signing/verifying data, owner names were
755. [bug] Fix incorrectly formatted log messages in zone.c.
748. [doc] List supported RFCs in doc/misc/rfc-compliance.
739. [port] Look for /dev/random in configure, rather than
737. [port] stdtime.c failed to compile on certain platforms.
dispatch.c:do_cancel(). [RT #733]
718. [cleanup] "internal" is no longer a reserved word in named.conf.
failure in adb.c. [RT #738]
703. [port] sys/select.h is needed on older platforms. [RT #695]
702. [func] If the address 0.0.0.0 is seen in resolv.conf,
693. [bug] An empty lwres statement in named.conf caused
685. [bug] nslookup should use the search list/domain options
from resolv.conf by default. [RT #405, #630]
646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
for syntax checking named.conf files and zone files,
604. [bug] The named.conf parser could print incorrect line
577. [func] Log illegal RDATA combinations. e.g. multiple
570. [bug] rbtdb.c allowed zones containing nodes which had
568. [func] Add sample simple database drivers in contrib/sdb.
of rdata type/class mnemonics in log messages.
516. [bug] Cache lookups which had a NULL node pointer, e.g.
DNAME, would trigger an INSIST(!search.need_cleanup)
490. [func] When a slave/stub zone has not yet successfully
from the named.conf "listen-on" statement, sockets
477. [bug] The the isc-config.sh script could be installed before
471. [bug] nsupdate didn't compile on HP/UX 10.20
and subsequent name servers in resolv.conf if the
457. [bug] Dig/host/hslookup didn't properly handle connect
documented as such in named.conf. [RT #304, RT #311]
is specified in named.conf. [RT #306]
is specified in named.conf. [RT #301]
432. [func] Added refresh/retry jitter. The actual refresh/
428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
(e.g. glue). This could cause SERVFAILs when
e.g. due to corrupt zones with multiple SOA records.
an argc/argv style vector of words and sets
view/global one for CNAME targets and additional
369. [func] Support new named.conf options, view and zone
the distribution, in doc/man/dnssec.
353. [bug] double increment in lwres/gethost.c:copytobuf().
348. [func] New boolean named.conf options 'additional-from-auth'
345. [bug] Large-scale changes/cleanups to dig:
341. [func] Support 'key' clause in named.conf zone masters
327. [bug] rndc.conf parser wasn't correctly recognizing an IP
320. [func] Multiple rndc changes: parses an rndc.conf file,
319. [func] The named.conf "controls" statement is now used
314. [func] The named.conf controls statement can now have
313. [bug] When parsing resolv.conf, don't terminate on an
resolv.conf search path from 6 to 8. If there
resolv.conf was empty or a comment.
310. [func] Changes to named.conf "controls" statement (inet
are listed in resolv.conf, silently ignore them
each library's ipv6.h defines the wrapper symbol of
any $sbindir/dig from a previous release.)
that lack /dev/random.
280. [func] Add isc-config.sh, which can be used to more
two or more files in libomapi.a were not namespace
278. [bug] bin/named/logconf.c:category_fromconf() didn't take
266. [bug] zone.c:save_nsrrset() node was not initialized.
262. [bug] 'master' was not initialized in zone.c:stub_callback().
for global options block of named.conf. Both accept
258. [bug] Fixed printing of lwres_addr_t.address field.
256. [func] isc_ratelimiter_t now has attach/detach semantics, and
253. [func] resolv.conf parser now recognizes ';' and '#' as
252. [bug] resolv.conf parser mishandled masks on sortlists.
244. [bug] empty named.conf file and empty options statement are
243. [func] new cachesize option for named.conf
+ missing sigwait prototype on BSD/OS 4.0/4.0.1.
BSD/OS 4.*, Linux and Solaris 2.8.
230. [func] Replace the dst sign/verify API with a cleaner one.
from confparser.c, because of yacc's code, are
212. [func] Added dns_message_get/settsigkey, to make TSIG
compiling in the lib/dns/sec/{dnssafe,openssl}
204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
run on a PA 1.x system."
201. [cleanup] Removed the test/sdig program, it has been
replaced by bin/dig/dig.
(e.g., running out of network buffers) were
and/or interfaces. [19-May-2000 explorer]
191. [func] Patched to compile on UnixWare 7.x. This platform
range for overflow/underflow. In the case of
184. [cleanup] Variables/functions which began with two leading
underscores were made to conform to the ANSI/ISO
179. [func] options named.conf statement *must* now come
178. [func] Post-load of named.conf check verifies a slave zone
168. [bug] include statements in named.conf caused syntax errors
162. [bug] Ensure proper range for arguments to ctype.h functions.
masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
util/check-includes for how this was tested.
145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
<isc/result.h>.
of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
need <isc/eventclass.h>.
instead of <isc/time.h>.
128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
and creates null keys/sets zone status bit for
<isc/result.h>.
<isc/result.h>. Multiple inclusion protection
isc_symtab_t moved to <isc/types.h>.
<isc/net.h>.
118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
117. [cleanup] libdns.a changes:
116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
<isc/list.h>.
<isc/mutex.h>.
<isc/list.h>.
bin/tests/{db,mem,sockaddr,tasks,timers}/.
108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
105. [doc] doc/dev/coding.html expanded with other
103. [func] libisc buffer API changes for <isc/buffer.h>:
on BSD/OS 4.1.
101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
<isc/event.h>.
or <isc/result.h>.
<isc/result.h>.
90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
from <named/listenlist.h>.
<isc/mem.h>. isc_interface_t and isc_interfaceiter_t
moved to <isc/types.h>.
86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
<isc/types.h>.
<isc/int.h>.
<isc/lang.h>.
subsumed by file.o.
OpenSSL libraries/headers.
from <dns/types.h>.
59. [bug] Cause net/host unreachable to be a hard error
58. [bug] bin/named/query.c could sometimes trigger the
(client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
<sys/param.h>.
logging module "dns/validator".
and isc_lex_t to <isc/types.h>.
31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
25. [bug] make install failed to install <isc/log.h> and
configure.in to check for presence of in6addr_any.
9. [cleanup] replaced bit-setting code in confctx.c and replaced
4. [port] bin/named/unix/os.c didn't compile on systems with
get only what we need from <linux/capability.h>, and
systems without /dev/random.
lib/isc/unix/include/isc/Makefile.in had a typo which