CHANGES revision da4823c08a9a41e7b5ff1f3a83c80007f60fd21c
cc8e8b59d6780889739657226a95e23ca1ecadb1Andreas Gustafsson4584. [bug] A number of memory usage statistics were not properly
cc8e8b59d6780889739657226a95e23ca1ecadb1Andreas Gustafsson reported when they exceeded 4G. [RT #44750]
65775fe205e8ac935313c42062c75460e0bc1514Andreas Gustafsson --- 9.11.1 released ---
65775fe205e8ac935313c42062c75460e0bc1514Andreas Gustafsson --- 9.11.1rc3 released ---
17b687ef360ba8c07201dc6511a3c975cc1bb2a8Andreas Gustafsson4582. [security] 'rndc ""' could trigger a assertion failure in named.
17b687ef360ba8c07201dc6511a3c975cc1bb2a8Andreas Gustafsson (CVE-2017-3138) [RT #44924]
17b687ef360ba8c07201dc6511a3c975cc1bb2a8Andreas Gustafsson4581. [port] Linux: Add getpid and getrandom to the list of system
998358fa900393378c70ad598c2b2e67385089d4Mark Andrews calls named uses for seccomp. [RT #44883]
998358fa900393378c70ad598c2b2e67385089d4Mark Andrews4580. [bug] 4578 introduced a regression when handling CNAME to
998358fa900393378c70ad598c2b2e67385089d4Mark Andrews referral below the current domain. [RT #44850]
bc508906db43dda7eab0988348dd0ae3f3023a9bMark Andrews --- 9.11.1rc2 released ---
b352902413608d0eb310c4bb45412fa45734afbcAndreas Gustafsson4578. [security] Some chaining (CNAME or DNAME) responses to upstream
b352902413608d0eb310c4bb45412fa45734afbcAndreas Gustafsson queries could trigger assertion failures.
b352902413608d0eb310c4bb45412fa45734afbcAndreas Gustafsson (CVE-2017-3137) [RT #44734]
b352902413608d0eb310c4bb45412fa45734afbcAndreas Gustafsson4575. [security] DNS64 with "break-dnssec yes;" can result in an
b352902413608d0eb310c4bb45412fa45734afbcAndreas Gustafsson assertion failure. (CVE-2017-3136) [RT #44653]
72e8c079c4c6dc66d565cf89ebf6feb5fa2dea33Mark Andrews --- 9.11.1rc1 released ---
c8ab83c08e5227b5146295a9ef4a96d61b066b67Andreas Gustafsson4571. [bug] Out-of-tree builds of backtrace_test failed.
c8ab83c08e5227b5146295a9ef4a96d61b066b67Andreas Gustafsson4570. [cleanup] named did not correctly fall back to the built-in
4e57d3ff7d92abdef4b0b6aebc23a9dfae2ba040Andreas Gustafsson initializing keys if the bind.keys file was present
4e57d3ff7d92abdef4b0b6aebc23a9dfae2ba040Andreas Gustafsson but empty. [RT #44531]
081cff0c33514a5dc63ab794fc199c07377ab756Mark Andrews4569. [func] Store both local and remote addresses in dnstap
081cff0c33514a5dc63ab794fc199c07377ab756Mark Andrews logging, and modify dnstap-read output format to
081cff0c33514a5dc63ab794fc199c07377ab756Mark Andrews print them. [RT #43595]
d352f188cb9e3820054b7451384a3d910619b4a1Andreas Gustafsson4568. [contrib] Added a --with-bind option to the dnsperf configure
d352f188cb9e3820054b7451384a3d910619b4a1Andreas Gustafsson script to specify BIND prefix path.
081cff0c33514a5dc63ab794fc199c07377ab756Mark Andrews4567. [port] Call getprotobyname and getservbyname prior to calling
3d38596530c389610494e6a6ba70d9f5dc9717c5Andreas Gustafsson chroot so that shared libraries get loaded. [RT #44537]
a7cb695600c3c14ac12676f0fb1e179690c5883cMark Andrews4565. [cleanup] The inline macro versions of isc_buffer_put*()
a7cb695600c3c14ac12676f0fb1e179690c5883cMark Andrews did not implement automatic buffer reallocation.
1500a4fe5da9475d5918b27b566a1278ec6b54ebAndreas Gustafsson4564. [maint] Update the built in managed keys to include the
1500a4fe5da9475d5918b27b566a1278ec6b54ebAndreas Gustafsson upcoming root KSK. [RT #44579]
1255d388f034dc556d235a002527101781dbeb29Mark Andrews4563. [bug] Modified zones would occasionally fail to reload.
c615c2ddce6c08e5a26d9ca61742a20fa8dc1938Mark Andrews4561. [port] Silence a warning in strict C99 compilers. [RT #44414]
31d3464c0c0a35236c7924f698c5a8a66a9ed534Mark Andrews4560. [bug] mdig: add -m option to enable memory debugging rather
31d3464c0c0a35236c7924f698c5a8a66a9ed534Mark Andrews than having it on all the time. [RT #44509]
f04c15adc7e62deb2f53cc53f32d890936007903Andreas Gustafsson4559. [bug] openssl_link.c didn't compile if ISC_MEM_TRACKLINES
2f6d1483f665d86501049199b9698554da0eacb0Mark Andrews was turned off. [RT #44509]
d1029cbcf03a0a2a6c05c1e17e692d844eb27094Andreas Gustafsson4558. [bug] Synthesised CNAME before matching DNAME was still
ea7b38cd1e5c6c9e099f1b3a702ba531bc4aba0aMark Andrews being cached when it should not have been. [RT #44318]
32d248107a5bc92b4bf9fc77deaa55b3da969ba2Andreas Gustafsson4557. [security] Combining dns64 and rpz can result in dereferencing
32d248107a5bc92b4bf9fc77deaa55b3da969ba2Andreas Gustafsson a NULL pointer (read). (CVE-2017-3135) [RT#44434]
4574714ad44ba97f53425fe8d21b7ecb00ac83b9Andreas Gustafsson4554. [bug] Remove double unlock in dns_dispatchmgr_setudp.
4574714ad44ba97f53425fe8d21b7ecb00ac83b9Andreas Gustafsson4553. [bug] Named could deadlock there were multiple changes to
4574714ad44ba97f53425fe8d21b7ecb00ac83b9Andreas Gustafsson NSEC/NSEC3 parameters for a zone being processed at
8d8c145175370d2fd8dbdf425b5ac2a9dc19da96Mark Andrews the same time. [RT #42770]
07eaf0b8d0c3c93d8139c413bf9cc8bba7db9432Mark Andrews4552. [bug] Named could trigger a assertion when sending notify
cf70df7d0e24401a358f0b9c1a616ad0e8c783a6Mark Andrews messages. [RT #44019]
cf70df7d0e24401a358f0b9c1a616ad0e8c783a6Mark Andrews4551. [test] Add system tests for integrity checks of MX and
9234d92d4e274791eff42cc4ea5766ed7a281b17Mark Andrews SRV records. [RT #43953]
9234d92d4e274791eff42cc4ea5766ed7a281b17Mark Andrews4550. [cleanup] Increased the number of available master file
0cf9ce19cc05a60f85ec610106a983fe806ebb77Andreas Gustafsson output style flags from 32 to 64. [RT #44043]
0cf9ce19cc05a60f85ec610106a983fe806ebb77Andreas Gustafsson4547. [port] Add support for --enable-native-pkcs11 on the AEP
0cf9ce19cc05a60f85ec610106a983fe806ebb77Andreas Gustafsson Keyper HSM. [RT #42463]
2ba574f329c14376d26d7c0f22c89d7a978a2625Mark Andrews --- 9.11.1b1 released ---
3c3fe072252aecffae43e6349125663c315b092dAndreas Gustafsson4545. [func] Expand YAML output from dnstap-read to include
3c3fe072252aecffae43e6349125663c315b092dAndreas Gustafsson a detailed breakdown of the DNS message contents.
64ea5fd972c9946a3fe56cbc0bf897266d3f8747Andreas Gustafsson4544. [bug] Add message/payload size to dnstap-read YAML output.
3ad07fa335d40330cd1859da42e67f2457443990Andreas Gustafsson4543. [bug] dns_client_startupdate now delays sending the update
3ad07fa335d40330cd1859da42e67f2457443990Andreas Gustafsson request until isc_app_ctxrun has been called.
1094dec52a86e57df53f6167d86de94360a7a382Mark Andrews4541. [bug] rndc addzone should properly reject non master/slave
64ea5fd972c9946a3fe56cbc0bf897266d3f8747Andreas Gustafsson zones. [RT #43665]
fa2fb620c7c0a907b220c257007d8fb6d38bb3a4Andreas Gustafsson4540. [bug] Correctly handle ecs entries in dns_acl_isinsecure.
fa2fb620c7c0a907b220c257007d8fb6d38bb3a4Andreas Gustafsson4539. [bug] Referencing a nonexistent zone with RPZ could lead
fa2fb620c7c0a907b220c257007d8fb6d38bb3a4Andreas Gustafsson to a assertion failure when configuring. [RT #43787]
62a3dbe63e833f2eaf613393399ea4667d8de28dAndreas Gustafsson4538. [bug] Call dns_client_startresolve from client->task.
62a3dbe63e833f2eaf613393399ea4667d8de28dAndreas Gustafsson4537. [bug] Handle timeouts better in dig/host/nslookup. [RT #43576]
9bdb01e6c382e897572791b12190472955994d87Mark Andrews4536. [bug] ISC_SOCKEVENTATTR_USEMINMTU was not being cleared
9bdb01e6c382e897572791b12190472955994d87Mark Andrews when reusing the event structure. [RT #43885]
e69b9ffb0f8b4d1117a682908c9143ebe3efcd6bAndreas Gustafsson4535. [bug] Address race condition in setting / testing of
e69b9ffb0f8b4d1117a682908c9143ebe3efcd6bAndreas Gustafsson DNS_REQUEST_F_SENDING. [RT #43889]
417872b98aec720d587a9ef0197e25e78a2b7ee9Mark Andrews4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879]
a77ad145d0109081c5da6ac40a2303369db89735Andreas Gustafsson4533. [bug] dns_client_update should terminate on prerequisite
8ba4e82f5358815fd94f34fde408ffd047ba3430Andreas Gustafsson failures (NXDOMAIN, YXDOMAIN, NXRRSET, YXRRSET)
8ba4e82f5358815fd94f34fde408ffd047ba3430Andreas Gustafsson and also on BADZONE. [RT #43865]
ada9b8ab20b81716c7ff1f4f3365929b2f7c8ff8Mark Andrews4532. [contrib] Make gen-data-queryperf.py python 3 compatible.
3c9b2e62502460c34c2e0ceba1a5d138b3a13cc1Andreas Gustafsson4531. [security] 'is_zone' was not being properly updated by redirect2
3c9b2e62502460c34c2e0ceba1a5d138b3a13cc1Andreas Gustafsson and subsequently preserved leading to an assertion
3c9b2e62502460c34c2e0ceba1a5d138b3a13cc1Andreas Gustafsson failure. (CVE-2016-9778) [RT #43837]
bb60abb44549428414cd55a022f2b8cc4488f7adAndreas Gustafsson4530. [bug] Change 4489 broke the handling of CNAME -> DNAME
bb60abb44549428414cd55a022f2b8cc4488f7adAndreas Gustafsson in responses resulting in SERVFAIL being returned.
024face21cdfbfc7a862a3be061e6780533ef755Andreas Gustafsson4529. [cleanup] Silence noisy log warning when DSCP probe fails
024face21cdfbfc7a862a3be061e6780533ef755Andreas Gustafsson due to firewall rules. [RT #43847]
1beaa9e45738ad18cb7cae55aea95a1b16a14f94Andreas Gustafsson4528. [bug] Only set the flag bits for the i/o we are waiting
1beaa9e45738ad18cb7cae55aea95a1b16a14f94Andreas Gustafsson for on EPOLLERR or EPOLLHUP. [RT #43617]
f953788d75c7df2db43907c68da18ed75c235dd3Andreas Gustafsson4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831]
f953788d75c7df2db43907c68da18ed75c235dd3Andreas Gustafsson4526. [doc] Corrected errors and improved formatting of
9df7cf8ea31d8d26f9c1be55f2cdafdc68d63c53Andreas Gustafsson grammar definitions in the ARM. [RT #43739]
fbdde79262a4ba2bdf4bfae61167026b3220488aAndreas Gustafsson4525. [doc] Fixed outdated documentation on managed-keys.
fbdde79262a4ba2bdf4bfae61167026b3220488aAndreas Gustafsson4524. [bug] The net zero test was broken causing IPv4 servers
fbdde79262a4ba2bdf4bfae61167026b3220488aAndreas Gustafsson with addresses ending in .0 to be rejected. [RT #43776]
a7e1dcd84ada7e4e4c78f3f281e8a4d99adaf4d1Andreas Gustafsson4523. [doc] Expand config doc for <querysource4> and
a7e1dcd84ada7e4e4c78f3f281e8a4d99adaf4d1Andreas Gustafsson <querysource6>. [RT #43768]
3fc4c1434d7ac377c720640e2e925a3af567cccbMark Andrews4522. [bug] Handle big gaps in log file version numbers better.
0aba41458d345ea901cf945d47162e5f23647de9Mark Andrews4521. [cleanup] Log it as an error if an entropy source is not
0bd2ea544e95601e0f0b056acfa079c99d5f6b57Andreas Gustafsson found and there is no fallback available. [RT #43659]
0bd2ea544e95601e0f0b056acfa079c99d5f6b57Andreas Gustafsson4520. [cleanup] Alphabetize more of the grammar when printing it
5f7516bee5ace9542701f23fc7723a3e3196802aMark Andrews out. Fix unbalanced indenting. [RT #43755]
79432444e84d2d104119fe6a3d5cbc04b1375bd4Andreas Gustafsson4519. [port] win32: handle ERROR_MORE_DATA. [RT #43534]
3c17010ba5a6b8dd8a2bbc550813c7f051f45a08Andreas Gustafsson4517. [security] Named could mishandle authority sections that were
3c17010ba5a6b8dd8a2bbc550813c7f051f45a08Andreas Gustafsson missing RRSIGs triggering an assertion failure.
3c17010ba5a6b8dd8a2bbc550813c7f051f45a08Andreas Gustafsson (CVE-2016-9444) [RT # 43632]
df7596a03eea7f1c2df89bd63d3bd4b73f274565Mark Andrews4516. [bug] isc_socketmgr_renderjson was missing from the
df7596a03eea7f1c2df89bd63d3bd4b73f274565Mark Andrews windows build. [RT #43602]
df7596a03eea7f1c2df89bd63d3bd4b73f274565Mark Andrews4515. [port] FreeBSD: Find readline headers when they are in
f08782f0923d11227983a352c26301cf703383cfMark Andrews edit/readline/ instead of readline/. [RT #43658]
b923e278535b4e8d264998a85a6ae1eb4b3aa4c6Andreas Gustafsson4514. [port] NetBSD: strip -WL, from ld command line. [RT #43204]
ed2cefaf0ea367ee408cb7f6a54a413814240fa7Andreas Gustafsson4513. [cleanup] Minimum Python versions are now 2.7 and 3.2.
b923e278535b4e8d264998a85a6ae1eb4b3aa4c6Andreas Gustafsson4512. [bug] win32: @GEOIP_INC@ missing from delv.vcxproj.in.
b923e278535b4e8d264998a85a6ae1eb4b3aa4c6Andreas Gustafsson4511. [bug] win32: mdig.exe-BNFT was missing Configure. [RT #43554]
edf97be2b54cbdc4f3f3a46776df3e912892e960Andreas Gustafsson4510. [security] Named mishandled some responses where covering RRSIG
769ef0b7bdc9520dd62d2f440ea36bc020e88934Andreas Gustafsson records are returned without the requested data
9e46f410e716f73abb345be215ccb4c61782b718Andreas Gustafsson resulting in a assertion failure. (CVE-2016-9147)
769ef0b7bdc9520dd62d2f440ea36bc020e88934Andreas Gustafsson4509. [test] Make the rrl system test more reliable on slower
769ef0b7bdc9520dd62d2f440ea36bc020e88934Andreas Gustafsson machines by using mdig instead of dig. [RT #43280]
5419c0c2d0b77682021084c69f2a5c5e2f9a5525Andreas Gustafsson4508. [security] Named incorrectly tried to cache TKEY records which
b09f4e054cbe67b93a5ff62d511ee25945038943Mark Andrews could trigger a assertion failure when there was
3d3445447225ab63f49fc24362963ea49ce94901Andreas Gustafsson a class mismatch. (CVE-2016-9131) [RT #43522]
3d3445447225ab63f49fc24362963ea49ce94901Andreas Gustafsson4507. [bug] Named could incorrectly log 'allows updates by IP
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews address, which is insecure' [RT #43432]
96ea98af241ef00395f4e61de7e2dacfd9941afcMark Andrews4505. [port] Use IP_PMTUDISC_OMIT if available. [RT #35494]
3dff229f5dd223568476acec4df1f513acb00b1dAndreas Gustafsson4504. [security] Allow the maximum number of records in a zone to
54c4aa0f62aebeb01b6861ee068c1044433fe8feMark Andrews be specified. This provides a control for issues
792de65053d8a48d05746b35a21a9fa1792e71acAndreas Gustafsson raised in CVE-2016-6170. [RT #42143]
792de65053d8a48d05746b35a21a9fa1792e71acAndreas Gustafsson4503. [cleanup] "make uninstall" now removes files installed by
808b909f27c30d36b27efb5aa5ef2d18f83b6d4bAndreas Gustafsson BIND. (This currently excludes Python files
846474d5a6aa21cebb3e94243a11faa5c20200bfAndreas Gustafsson due to lack of support in setup.py.) [RT #42912]
3e934267660cb13029bcdbddf318fe1cc27b6718Andreas Gustafsson4502. [func] Report multiple and experimental options when printing
846474d5a6aa21cebb3e94243a11faa5c20200bfAndreas Gustafsson grammar. [RT #43134]
7655e78c366cc0d25e24e2a96ba58e04a96042faAndreas Gustafsson4500. [bug] Support modifier I64 in isc__print_printf. [RT #43526]
6859033d425170380bcfac4809257bc6e9b60383Andreas Gustafsson4499. [port] MacOSX: silence deprecated function warning
6859033d425170380bcfac4809257bc6e9b60383Andreas Gustafsson by using arc4random_stir() when available
6859033d425170380bcfac4809257bc6e9b60383Andreas Gustafsson instead of arc4random_addrandom(). [RT #43503]
5419c0c2d0b77682021084c69f2a5c5e2f9a5525Andreas Gustafsson4498. [test] Simplify prerequisite checks in system tests.
ff4322d44f8404683b6fb6c86a38a2bc14f6c083Andreas Gustafsson4497. [port] Add support for OpenSSL 1.1.0. [RT #41284]
8d146b6e1156f5b562af9a4a9aba76b09650412cAndreas Gustafsson4496. [func] dig: add +idnout to control whether labels are
8d146b6e1156f5b562af9a4a9aba76b09650412cAndreas Gustafsson display in punycode or not. Requires idn support
8d146b6e1156f5b562af9a4a9aba76b09650412cAndreas Gustafsson to be enabled at compile time. [RT #43398]
808b909f27c30d36b27efb5aa5ef2d18f83b6d4bAndreas Gustafsson4495. [bug] A isc_mutex_init call was not being checked.
595a14576ea14884c35b3726f054f2065365620bMark Andrews4494. [bug] Look for <editline/readline.h>. [RT #43429]
595a14576ea14884c35b3726f054f2065365620bMark Andrews4493. [bug] bin/tests/system/dyndb/driver/Makefile.in should use
640923da589bc5b8492ac407ef89ea1ee9a1c358Andreas Gustafsson SO_TARGETS. [RT# 43336]
d9e690eb71bde3c748208733ba40a34e9d0ba29dAndreas Gustafsson4492. [bug] irs_resconf_load failed to initialize sortlistnxt
1299e93989afbe1fee0739811b05fd1641ea14aeAndreas Gustafsson causing bad writes if resolv.conf contained a
1299e93989afbe1fee0739811b05fd1641ea14aeAndreas Gustafsson sortlist directive. [RT #43459]
640923da589bc5b8492ac407ef89ea1ee9a1c358Andreas Gustafsson4491. [bug] Improve message emitted when testing whether sendmsg
640923da589bc5b8492ac407ef89ea1ee9a1c358Andreas Gustafsson works with TOS/TCLASS fails. [RT #43483]
1299e93989afbe1fee0739811b05fd1641ea14aeAndreas Gustafsson4490. [maint] Added AAAA (2001:500:12::d0d) for G.ROOT-SERVERS.NET.
aa30ee42c4b6da9bab4fb84d6cbbda6036a4d426Mark Andrews4489. [security] It was possible to trigger assertions when processing
aa30ee42c4b6da9bab4fb84d6cbbda6036a4d426Mark Andrews a response containing a DNAME answer. (CVE-2016-8864)
01446841be2b73f9a2ead74056df2d5342414041Andreas Gustafsson4488. [port] Darwin: use -framework for Kerberos. [RT #43418]
01446841be2b73f9a2ead74056df2d5342414041Andreas Gustafsson4487. [test] Make system tests work on Windows. [RT #42931]
28cf7340b9c82fc62ca1a1782cb1bd7b0de11aebAndreas Gustafsson4486. [bug] Look in $prefix/lib/pythonX.Y/site-packages for
28cf7340b9c82fc62ca1a1782cb1bd7b0de11aebAndreas Gustafsson the python modules we install. [RT #43330]
1de63e34f163b7a4708a6ad1779f93ae7636b92eAndreas Gustafsson4485. [bug] Failure to find readline when requested should be
1de63e34f163b7a4708a6ad1779f93ae7636b92eAndreas Gustafsson fatal to configure. [RT #43328]
feb1f6a4ac42988558ecb8dc5dc0c974ec1f0509Brian Wellington4484. [func] Check prefixes in acls to make sure the address and
ea34bcc6376555296a08e4c9e2f9c2cbe58378a9Andreas Gustafsson prefix lengths are consistent. Warn only in
ea34bcc6376555296a08e4c9e2f9c2cbe58378a9Andreas Gustafsson BIND 9.11 and earlier. [RT #43367]
5e4c83cfec3f267ea8f22fbb535c61434c94d43cDanny Mayer4483. [bug] Address use before require check and remove extraneous
06f12c290c7904f0723094b5cbd11e2a1d49e95eAndreas Gustafsson dns_message_gettsigkey call in dns_tsig_sign.
6e1b2ebcd65c6d0cc90d7789f884aea11184eb5dAndreas Gustafsson4482. [cleanup] Change #4455 was incomplete. [RT #43252]
e6f17474cb43a138bf7fc9ad30c6b3a2847cb7a7Mark Andrews4478. [func] Add +continue option to mdig, allow continue on socket
5fe21da364d4397c9a413fe689ce82dea36a7b29Mark Andrews errors. [RT #43281]
5fe21da364d4397c9a413fe689ce82dea36a7b29Mark Andrews4477. [test] Fix mkeys test timing issues. [RT #41028]
43efd9fa56b03e3e285fb58859efc9348c7f4a9fMark Andrews4476. [test] Fix reclimit test on slower machines. [RT #43283]
43efd9fa56b03e3e285fb58859efc9348c7f4a9fMark Andrews4475. [doc] Update named-checkconf documentation. [RT #43153]
36e37042c6c9252cdf6eb99bd71ccb6e6c43ba6dBrian Wellington4474. [bug] win32: call WSAStartup in fromtext_in_wks so that
98e231525fda817d393ef0c529b50bfc08cebe47Mark Andrews getprotobyname and getservbyname work. [RT #43197]
98e231525fda817d393ef0c529b50bfc08cebe47Mark Andrews4473. [bug] Only call fsync / _commit on regular files. [RT #43196]
d4196128b31d511c8513edacc70dea7e8d0c053aMark Andrews4472. [bug] Named could fail to find the correct NSEC3 records when
d4196128b31d511c8513edacc70dea7e8d0c053aMark Andrews a zone was updated between looking for the answer and
4a20a92f4f96cf2b2fd77898c6afec6c45e481b3Andreas Gustafsson looking for the NSEC3 records proving nonexistence
4a20a92f4f96cf2b2fd77898c6afec6c45e481b3Andreas Gustafsson of the answer. [RT #43247]
4a20a92f4f96cf2b2fd77898c6afec6c45e481b3Andreas Gustafsson --- 9.11.0 released ---
4a20a92f4f96cf2b2fd77898c6afec6c45e481b3Andreas Gustafsson --- 9.11.0rc3 released ---
e60b3717f0e6f28d6fb2c5124ffb3bd31cc3a746Mark Andrews4471. [cleanup] Render client/query logging format consistent for
e60b3717f0e6f28d6fb2c5124ffb3bd31cc3a746Mark Andrews ease of log file parsing. (Note that this affects
0262406cea5802a717539247cbaa596ac808efa9Mark Andrews "querylog" format: there is now an additional field
3d8ab44d14f3de797b8454fc2edb7421a6bfc874Andreas Gustafsson indicating the client object address.) [RT #43238]
3d8ab44d14f3de797b8454fc2edb7421a6bfc874Andreas Gustafsson4470. [bug] Reset message with intent parse before
3426f7118c92cab8714a7fddc9e721ff09554447Andreas Gustafsson calling dns_dispatch_getnext. [RT #43229]
db235e65884c04058cc6e99ca485170d67cf9538Andreas Gustafsson --- 9.11.0rc2 released ---
3426f7118c92cab8714a7fddc9e721ff09554447Andreas Gustafsson4468. [bug] Address ECS option handling issues. [RT #43191]
64a5004a66accd190bfd5ddf115667726537be50Andreas Gustafsson4467. [security] It was possible to trigger an assertion when
64a5004a66accd190bfd5ddf115667726537be50Andreas Gustafsson rendering a message. (CVE-2016-2776) [RT #43139]
64a5004a66accd190bfd5ddf115667726537be50Andreas Gustafsson4466. [bug] Interface scanning didn't work on a Windows system
b1ae7a591a4b99a26036e919b87247b65abfcd77Mark Andrews without a non local IPv6 addresses. [RT #43130]
b1ae7a591a4b99a26036e919b87247b65abfcd77Mark Andrews4465. [bug] Don't use "%z" as Windows doesn't support it.
cab0ee644db604d56b45ec39429d505d635da347Andreas Gustafsson4464. [bug] Fix windows python support. [RT #43173]
cab0ee644db604d56b45ec39429d505d635da347Andreas Gustafsson4463. [bug] The dnstap system test failed on some systems.
7780a3e5a4659bb8fc44f8915d20a8d3ffa33e00Andreas Gustafsson4462. [bug] Don't describe a returned EDNS COOKIE as "good"
7780a3e5a4659bb8fc44f8915d20a8d3ffa33e00Andreas Gustafsson when there isn't a valid server cookie. [RT #43167]
6dbc6fae496db1f584c055e63bcd7afd332fe8f6Andreas Gustafsson4461. [bug] win32: not all external data was properly marked
6dbc6fae496db1f584c055e63bcd7afd332fe8f6Andreas Gustafsson as external data for windows dll. [RT #43161]
6dbc6fae496db1f584c055e63bcd7afd332fe8f6Andreas Gustafsson --- 9.11.0rc1 released ---
a24d253a3f4e6f4036800744b348fba858d4959eMark Andrews4460. [test] Add system test for dnstap using unix domain sockets.
5419c0c2d0b77682021084c69f2a5c5e2f9a5525Andreas Gustafsson4459. [bug] TCP client objects created to handle pipeline queries
3f543c371fff724d1fb05eb564f732476e946b5bBrian Wellington were not cleaned up correctly, causing uncontrolled
847169dab2d0496df1d66842b2cce67c66bf9680Andreas Gustafsson memory growth. [RT #43106]
847169dab2d0496df1d66842b2cce67c66bf9680Andreas Gustafsson4458. [cleanup] Update assertions to be more correct, and also remove
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews use of a reserved word. [RT #43090]
ed03e26c44347ec20aff6608de6082e3594d95fbMark Andrews4457. [maint] Added AAAA (2001:500:a8::e) for E.ROOT-SERVERS.NET.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews4456. [doc] Add DOCTYPE and lang attribute to <html> tags.
e8d86192fc424f49e43df9cee439ca5c793e6000Mark Andrews4455. [cleanup] Allow dyndb modules to correctly log the filename
bae5d9fcb4616005fbc861e327b0a48b7bd4d89aMark Andrews and line number when processing configuration text
bae5d9fcb4616005fbc861e327b0a48b7bd4d89aMark Andrews from named.conf. [RT #43050]
1299e93989afbe1fee0739811b05fd1641ea14aeAndreas Gustafsson4454. [bug] 'rndc dnstap -reopen' had a race issue. [RT #43089]
98a5dc52bf668b093cda7901c057f7b54e18a2fcAndreas Gustafsson4453. [bug] Prefetching of DS records failed to update their
98a5dc52bf668b093cda7901c057f7b54e18a2fcAndreas Gustafsson RRSIGs. [RT #42865]
5af0708e7fd78976a33de70f9380785f4086a1f0Andreas Gustafsson4452. [bug] The default key manager policy file is now
98a5dc52bf668b093cda7901c057f7b54e18a2fcAndreas Gustafsson <sysdir>/dnssec-policy.conf (usually
452b30ddb32dd9370b2e5ee10427dd3758ef98b4Mark Andrews4451. [cleanup] Log more useful information if a PKCS#11 provider
452b30ddb32dd9370b2e5ee10427dd3758ef98b4Mark Andrews library cannot be loaded. [RT #43076]
6668eca26bf3123750afda48b69991bd29d83807Mark Andrews4450. [port] Provide more nuanced HSM support which better matches
1299e93989afbe1fee0739811b05fd1641ea14aeAndreas Gustafsson the specific PKCS11 providers capabilities. [RT #42458]
06a960c681566a163af5b9a655cf36023075ddcbMark Andrews4449. [test] Fix catalog zones test on slower systems. [RT #42997]
cb8fd52bbeaf40c9166a0144541c4ff2bafc2dd6Andreas Gustafsson4448. [bug] win32: ::1 was not being found when iterating
1eaad22e111709254c70953a4dc768b6d4d31646Mark Andrews interfaces. [RT #42993]
cad3210bb95057a37aaed20bc8a1542e0534422cAndreas Gustafsson4447. [tuning] Allow the fstrm_iothr_init() options to be set using
cad3210bb95057a37aaed20bc8a1542e0534422cAndreas Gustafsson named.conf to control how dnstap manages the data
cad3210bb95057a37aaed20bc8a1542e0534422cAndreas Gustafsson flow. [RT #42974]
cad3210bb95057a37aaed20bc8a1542e0534422cAndreas Gustafsson4446. [bug] The cache_find() and _findrdataset() functions
cad3210bb95057a37aaed20bc8a1542e0534422cAndreas Gustafsson could find rdatasets that had been marked stale.
afeded2289de8d193b072da2b44a2d580cc235c1Danny Mayer4445. [cleanup] isc_errno_toresult() can now be used to call the
afeded2289de8d193b072da2b44a2d580cc235c1Danny Mayer formerly private function isc__errno2result().
afeded2289de8d193b072da2b44a2d580cc235c1Danny Mayer4444. [bug] Fixed some issues related to dyndb: A bug caused
afeded2289de8d193b072da2b44a2d580cc235c1Danny Mayer braces to be omitted when passing configuration text
f462b9aed23b77bda867301f80ead6990df6f4f8Andreas Gustafsson from named.conf to a dyndb driver, and there was a
89555ff443c8127a533f6c742316c9b1a713cfd5Mark Andrews use-after-free in the sample dyndb driver. [RT #43050]
aa9a67adeb48069f5c2e5d8936a8ed5aac7d6ad7Andreas Gustafsson4443. [func] Set TCP_MAXSEG in addition to IPV6_USE_MIN_MTU on
aa9a67adeb48069f5c2e5d8936a8ed5aac7d6ad7Andreas Gustafsson TCP sockets. [RT #42864]
aa9a67adeb48069f5c2e5d8936a8ed5aac7d6ad7Andreas Gustafsson4442. [bug] Fix RPZ CIDR tree insertion bug that corrupted
aa9a67adeb48069f5c2e5d8936a8ed5aac7d6ad7Andreas Gustafsson tree data structure with overlapping networks
73ac1894ea64bc50aff7406872d0e9c5df6d9cf6Mark Andrews (longest prefix match was ineffective).
e22dca2a9ad30d493a869586abed86f7268204f9Mark Andrews4441. [cleanup] Alphabetize host's help output. [RT #43031]
e22dca2a9ad30d493a869586abed86f7268204f9Mark Andrews4440. [func] Enable TCP fast open support when available on the
2c0b26955ee32fcee1757ec1be5a8caf8fe695a6Mark Andrews server side. [RT #42866]
2c0b26955ee32fcee1757ec1be5a8caf8fe695a6Mark Andrews4439. [bug] Address race conditions getting ownernames of nodes.
2449f41e75d3b3f1c0ec3f05b1603fd8f80d8ae0Mark Andrews4438. [func] Use LIFO rather than FIFO when processing startup
ea72586fc5c360539117119ee35e4c3a04b912bcAndreas Gustafsson notify and refresh queries. [RT #42825]
6f7660093e70d3a7c80738b681ac0f5c1b661c00Mark Andrews4437. [func] Minimal-responses now has two additional modes
aec9f4d0723b0cffcfa9152533fb8f616ec7313bAndreas Gustafsson no-auth and no-auth-recursive which suppress
1fdbadc594a49b423052ea342dac74ff1a36089dMark Andrews adding the NS records to the authority section
a1898260ad19d02e88ab76c1855d33c67add9defMark Andrews as well as the associated address records for the
a1898260ad19d02e88ab76c1855d33c67add9defMark Andrews nameservers. [RT #42005]
305b0eda33b16493355db1f1c86313a6f5fbfc3bDanny Mayer4436. [func] Return TLSA records as additional data for MX and SRV
305b0eda33b16493355db1f1c86313a6f5fbfc3bDanny Mayer lookups. [RT #42894]
305b0eda33b16493355db1f1c86313a6f5fbfc3bDanny Mayer4435. [tuning] Only set IPV6_USE_MIN_MTU for UDP when the message
c0b6c1a5ab50722793cb99b0d8a1e9e910c146a5Andreas Gustafsson will not fit into a single IPv4 encapsulated IPv6
d16b4e8ba885a45933dc6a46f340b76811d60c74Andreas Gustafsson UDP packet when transmitted over a Ethernet link.
aec9f4d0723b0cffcfa9152533fb8f616ec7313bAndreas Gustafsson4434. [protocol] Return EDNS EXPIRE option for master zones in addition
de9833be77ef92c17b35c02d138a0ad8df34dd91Mark Andrews to slave zones. [RT #43008]
c0b6c1a5ab50722793cb99b0d8a1e9e910c146a5Andreas Gustafsson4433. [cleanup] Report an error when passing an invalid option or
aec9f4d0723b0cffcfa9152533fb8f616ec7313bAndreas Gustafsson view name to "rndc dumpdb". [RT #42958]
c0b6c1a5ab50722793cb99b0d8a1e9e910c146a5Andreas Gustafsson4432. [test] Hide rndc output on expected failures in logfileconfig
c0b6c1a5ab50722793cb99b0d8a1e9e910c146a5Andreas Gustafsson system test. [RT #27996]
c0b6c1a5ab50722793cb99b0d8a1e9e910c146a5Andreas Gustafsson4431. [bug] named-checkconf now checks the rate-limit clause.
c0b6c1a5ab50722793cb99b0d8a1e9e910c146a5Andreas Gustafsson4430. [bug] Lwresd died if a search list was not defined.
c0b6c1a5ab50722793cb99b0d8a1e9e910c146a5Andreas Gustafsson Found by 0x710DDDD At Alibaba Security. [RT #42895]
ec5a06ccf7b15f07d20fd872c3dc1ab8f82f2ceaMark Andrews4429. [bug] Address potential use after free on fclose() error.
907ec2c618d08d8322b04729779b24bd778d49e7Mark Andrews4428. [bug] The "test dispatch getnext" unit test could fail
23a020bc1312fc35e7c4ea36df846c550cb13634Andreas Gustafsson in a threaded build. [RT #42979]
0a532842050020a1b0577c65f91f38bd022daa78Andreas Gustafsson4427. [bug] The "query" and "response" parameters to the
0a532842050020a1b0577c65f91f38bd022daa78Andreas Gustafsson "dnstap" option had their functions reversed.
23a020bc1312fc35e7c4ea36df846c550cb13634Andreas Gustafsson --- 9.11.0b3 released ---
23a020bc1312fc35e7c4ea36df846c550cb13634Andreas Gustafsson4426. [bug] Addressed Coverity warnings. [RT #42908]
5419c0c2d0b77682021084c69f2a5c5e2f9a5525Andreas Gustafsson4425. [bug] arpaname, dnstap-read and named-rrchecker were not
ab3eaa20e9a7e56208408563c79b4f8ac01d5e84Andreas Gustafsson being installed into ${prefix}/bin. Tidy up
e1a153c3f095e217eea29958950fea36e54862ceAndreas Gustafsson installation issues with CHANGE 4421. [RT #42910]
7250c1a2616761395bdb9ae7cd1ba43f20d3edc4Andreas Gustafsson4424. [experimental] Named now sends _ta-XXXX.<trust-anchor>/NULL queries
7250c1a2616761395bdb9ae7cd1ba43f20d3edc4Andreas Gustafsson to provide feedback to the trust-anchor administrators
7250c1a2616761395bdb9ae7cd1ba43f20d3edc4Andreas Gustafsson about how key rollovers are progressing as per
ab3eaa20e9a7e56208408563c79b4f8ac01d5e84Andreas Gustafsson draft-ietf-dnsop-edns-key-tag-02. This can be
c38b92000c0f1a95daaad5468777e165b8047de9Mark Andrews disabled using 'trust-anchor-telemetry no;'.
c38b92000c0f1a95daaad5468777e165b8047de9Mark Andrews4423. [maint] Added missing IPv6 address 2001:500:84::b for
22f0b13f28a7df3b348b18848d0ccd745ea88c3cAndreas Gustafsson4422. [port] Silence clang warnings in dig.c and dighost.c.
22f0b13f28a7df3b348b18848d0ccd745ea88c3cAndreas Gustafsson4421. [func] When built with LMDB (Lightning Memory-mapped
ee3ab6063dd13b5947d3fbe88b9ce8f38d65df9dBrian Wellington Database), named will now use a database to store
9261ca5fc8a564968f34e108eb862157471ca50eAndreas Gustafsson the configuration for zones added by "rndc addzone"
ee3ab6063dd13b5947d3fbe88b9ce8f38d65df9dBrian Wellington instead of using a flat NZF file. This improves
d81622b537be1971530cfb459acdbbe7d82d883bBrian Wellington performance of "rndc delzone" and "rndc modzone"
d81622b537be1971530cfb459acdbbe7d82d883bBrian Wellington significantly. Existing NZF files will
a5b9c2b208b51b039c8f4006cddf3d37dd781561Brian Wellington automatically by converted to NZD databases.
9261ca5fc8a564968f34e108eb862157471ca50eAndreas Gustafsson To view the contents of an NZD or to roll back to
aec9f4d0723b0cffcfa9152533fb8f616ec7313bAndreas Gustafsson NZF format, use "named-nzd2nzf". To disable
a5b9c2b208b51b039c8f4006cddf3d37dd781561Brian Wellington this feature, use "configure --without-lmdb".
2da0b7dfbd02fab454b8ba60f1fdb7e2a5cbd2dbMark Andrews4420. [func] nslookup now looks for AAAA as well as A by default.
1cb6e8cbe41afade950837319e04da4ccf8649e0Brian Wellington4419. [bug] Don't cause undefined result if the label of an
2033e305852d4b76772885ea73ebfb6776c1f820Mark Andrews entry in catalog zone is changed. [RT #42708]
6443201354efa09f16ada26dab99e9b7f8271521Andreas Gustafsson4418. [bug] Fix a compiler warning in GSSAPI code. [RT #42879]
e980502db40155234b4e8d320b748b34dbaba3a2Brian Wellington4417. [bug] dnssec-keymgr could fail to create successor keys
5419c0c2d0b77682021084c69f2a5c5e2f9a5525Andreas Gustafsson if the prepublication interval was set to a value
e980502db40155234b4e8d320b748b34dbaba3a2Brian Wellington smaller than the default. [RT #42820]
ecd1addb86319bacc6c0bff2c68373619eebbffcMark Andrews4416. [bug] dnssec-keymgr: Domain names in policy files could
ecd1addb86319bacc6c0bff2c68373619eebbffcMark Andrews fail to match due to trailing dots. [RT #42807]
0176adc7c58bb8bd60ec71eeae94dbfbbc4018a8Mark Andrews4415. [bug] dnssec-keymgr: Expired/deleted keys were not always
ea20115e347264b9bc1c686d6dfc1b5af3a5516bAndreas Gustafsson excluded. [RT #42884]
ea20115e347264b9bc1c686d6dfc1b5af3a5516bAndreas Gustafsson4414. [bug] Corrected a bug in the MIPS implementation of
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrews isc_atomic_xadd(). [RT #41965]
aa0dc8d920a1f79626c3564408db9c5c9a5319a7Andreas Gustafsson4413. [bug] GSSAPI negotiation could fail if GSS_S_CONTINUE_NEEDED
aa0dc8d920a1f79626c3564408db9c5c9a5319a7Andreas Gustafsson was returned. [RT #42733]
aa0dc8d920a1f79626c3564408db9c5c9a5319a7Andreas Gustafsson --- 9.11.0b2 released ---
aec9f4d0723b0cffcfa9152533fb8f616ec7313bAndreas Gustafsson4412. [cleanup] Make fixes for GCC 6. ISC_OFFSET_MAXIMUM macro was
35db8a8eda6a889675138eb125d366c8851f68a5Andreas Gustafsson removed. [RT #42721]
0d5e7cd0afaee07302f8364aa454f09b4c63ea79Andreas Gustafsson4411. [func] "rndc dnstap -roll" automatically rolls the
5e88852b94830bf71e37dc700d568cb35e2e6f7eAndreas Gustafsson dnstap output file; the previous version is
5e88852b94830bf71e37dc700d568cb35e2e6f7eAndreas Gustafsson saved with ".0" suffix, and earlier versions
5e88852b94830bf71e37dc700d568cb35e2e6f7eAndreas Gustafsson with ".1" and so on. An optional numeric argument
5e88852b94830bf71e37dc700d568cb35e2e6f7eAndreas Gustafsson indicates how many prior files to save. [RT #42830]
5e88852b94830bf71e37dc700d568cb35e2e6f7eAndreas Gustafsson4410. [bug] Address use after free and memory leak with dnstap.
35db8a8eda6a889675138eb125d366c8851f68a5Andreas Gustafsson4409. [bug] DNS64 should exclude mapped addresses by default when
35db8a8eda6a889675138eb125d366c8851f68a5Andreas Gustafsson an exclude acl is not defined. [RT #42810]
c6de6524d777c90ae8011af8b10f5cac044081e5Mark Andrews4408. [func] Continue waiting for expected response when we the
bd6504aa9aa16a912412fbe010046aaf4bf23621Brian Wellington response we get does not match the request. [RT #41026]
5e88852b94830bf71e37dc700d568cb35e2e6f7eAndreas Gustafsson4407. [performance] Use GCC builtin for clz in RPZ lookup code.
bd6504aa9aa16a912412fbe010046aaf4bf23621Brian Wellington4406. [security] getrrsetbyname with a non absolute name could
bd6504aa9aa16a912412fbe010046aaf4bf23621Brian Wellington trigger an infinite recursion bug in lwresd
e9596e1fb3dfa560216776acdbfac3cf5ef97157Mark Andrews and named with lwres configured if when combined
e9596e1fb3dfa560216776acdbfac3cf5ef97157Mark Andrews with a search list entry the resulting name is
1e289d3cca5cdd01dda650fa6e4c1de1aa8b4196Andreas Gustafsson too long. (CVE-2016-2775) [RT #42694]
c54210716ee55b55e22d8dad56fd696a641fc98dBob Halley4405. [bug] Change 4342 introduced a regression where you could
c54210716ee55b55e22d8dad56fd696a641fc98dBob Halley not remove a delegation in a NSEC3 signed zone using
c54210716ee55b55e22d8dad56fd696a641fc98dBob Halley OPTOUT via nsupdate. [RT #42702]
82c65f4f62819340ef8198932d3eab8a308a4874Andreas Gustafsson4404. [misc] Allow krb5-config to be used when configuring gssapi.
1e289d3cca5cdd01dda650fa6e4c1de1aa8b4196Andreas Gustafsson4403. [bug] Rename variables and arguments that shadow: basename,
0a2d5c990559ce2b9f95df752db6e93024d9a250Brian Wellington clone and gai_error.
96ed62425310854fd6f6f06bfb7651b3e4c17ee7Andreas Gustafsson4402. [bug] protoc-c is now a hard requirement for --enable-dnstap.
96ed62425310854fd6f6f06bfb7651b3e4c17ee7Andreas Gustafsson --- 9.11.0b1 released ---
96ed62425310854fd6f6f06bfb7651b3e4c17ee7Andreas Gustafsson4401. [misc] Change LICENSE to MPL 2.0.
82c65f4f62819340ef8198932d3eab8a308a4874Andreas Gustafsson4400. [bug] ttl policy was not being inherited in policy.py.
82c65f4f62819340ef8198932d3eab8a308a4874Andreas Gustafsson4399. [bug] policy.py 'ECCGOST', 'ECDSAP256SHA256', and
5733d25b06b46067b3751d10436d82aef09cd705Brian Wellington 'ECDSAP384SHA384' don't have settable keysize.
eb6e3b04169a766d2b968bcc978191605c2ef24cAndreas Gustafsson4398. [bug] Correct spelling of ECDSAP256SHA256 in policy.py.
eb6e3b04169a766d2b968bcc978191605c2ef24cAndreas Gustafsson4397. [bug] Update Windows python support. [RT #42538]
eb6e3b04169a766d2b968bcc978191605c2ef24cAndreas Gustafsson4396. [func] dnssec-keymgr now takes a '-r randomfile' option.
82c65f4f62819340ef8198932d3eab8a308a4874Andreas Gustafsson4395. [bug] Improve out-of-tree installation of python modules.
a26ad011f382d12058478704cb5e90e6f4366d01Andreas Gustafsson4394. [func] Add rndc command "dnstap-reopen" to close and
a26ad011f382d12058478704cb5e90e6f4366d01Andreas Gustafsson reopen dnstap output files. [RT #41803]
57188b5ff2397c0517e55f622879e69ee547918dAndreas Gustafsson4393. [bug] Address potential NULL pointer dereferences in
7d8c3693d0426b56750b14d80c47df5e42fc75e4Andreas Gustafsson4392. [func] Collect statistics for RSSAC02v3 traffic-volume,
9a72459b6040b30d043c5fd9e283441b847e569aAndreas Gustafsson traffic-sizes and rcode-volume reporting. [RT #41475]
07c336a9a85791dff886b1e28514589a25d9b720Andreas Gustafsson4391. [contrib] Fix leaks in contrib DLZ code. [RT #42707]
07c336a9a85791dff886b1e28514589a25d9b720Andreas Gustafsson4390. [doc] Description of masters with TSIG, allow-query and
07c336a9a85791dff886b1e28514589a25d9b720Andreas Gustafsson allow-transfer options in catalog zones. [RT #42692]
07c336a9a85791dff886b1e28514589a25d9b720Andreas Gustafsson4389. [test] Rewritten test suite for catalog zones. [RT #42676]
712fa28946312882a60b0c6a913914d3e8c69867Mark Andrews4388. [func] Support for master entries with TSIG keys in catalog
712fa28946312882a60b0c6a913914d3e8c69867Mark Andrews zones. [RT #42577]
8bcf7a157900c3a05168aaec708b8c664b96d797Andreas Gustafsson4387. [bug] Change 4336 was not complete leading to SERVFAIL
63fd201fde27ce408cde1c73a054e401fcfb9e3bDavid Lawrence being return as NS records expired. [RT #42683]
f8644da8d948dbc973f6dd4c94a79774e16ec07bDavid Lawrence4386. [bug] Remove shadowed overmem function/variable. [RT #42706]
9bfa90768ab83ea5a8571c98d3774377da4bdcbeDavid Lawrence4385. [func] Add support for allow-query and allow-transfer ACLs
9bfa90768ab83ea5a8571c98d3774377da4bdcbeDavid Lawrence to catalog zones. [RT #42578]
9bfa90768ab83ea5a8571c98d3774377da4bdcbeDavid Lawrence4384. [bug] Change 4256 accidentally disabled logging of the
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence rndc command. [RT #42654]
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence4383. [bug] Correct spelling error in stats channel description of
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence "EDNS client subnet option received". [RT #42633]
6a7a69e9f764812872ec2db775be2ac8bb073102Andreas Gustafsson4382. [bug] rndc {addzone,modzone,delzone,showzone} should all
6a7a69e9f764812872ec2db775be2ac8bb073102Andreas Gustafsson compare the zone name using a canonical format.
0a9a3d8c6daf9ffcfb62dbe366e26f521cbb9736Brian Wellington4381. [bug] Missing "zone-directory" option in catalog zone
f5ebf2f0c9e9d2068ace1dbcc2ef2ed3ebdbfde5Andreas Gustafsson definition caused BIND to crash. [RT #42579]
34d5676aac483e00e16056a6834a27b52bed42f0Brian Wellington --- 9.11.0a3 released ---
1d9ab721315555ac75e7d4f57585323909283688Andreas Gustafsson4380. [experimental] Added a "zone-directory" option to "catalog-zones"
1d9ab721315555ac75e7d4f57585323909283688Andreas Gustafsson syntax, allowing local masterfiles for slaves
63fd201fde27ce408cde1c73a054e401fcfb9e3bDavid Lawrence that are provisioned by catalog zones to be stored
ef8d97818f0d30a4e09db97af695f504b311372cMark Andrews in a directory other than the server's working
112d9875bf33e2382f9a986d3e58fce08f1935fcOlafur Gudmundsson directory. [RT #42527]
63fd201fde27ce408cde1c73a054e401fcfb9e3bDavid Lawrence4379. [bug] An INSIST could be triggered if a zone contains
63fd201fde27ce408cde1c73a054e401fcfb9e3bDavid Lawrence RRSIG records with expiry fields that loop
6af5c66df334c4e275e07b03c9b35e40dbaa4f31Andreas Gustafsson using serial number arithmetic. [RT #40571]
519f8475ff8218e3981ae2b249eb1403da7c52f6Andreas Gustafsson4378. [contrib] #include <isc/string.h> for strlcat in zone2ldap.c.
edc1c60621b44fbc8131ad1542f657dd129f9a30Andreas Gustafsson4377. [bug] Don't reuse zero TTL responses beyond the current
edc1c60621b44fbc8131ad1542f657dd129f9a30Andreas Gustafsson client set (excludes ANY/SIG/RRSIG queries).
41626c0997c89dcdecf67c931f0031aadd507977Andreas Gustafsson4376. [experimental] Added support for Catalog Zones, a new method for
4f4e44c98f315bfadc6dded1b86b465222a83967David Lawrence provisioning secondary servers in which a list of
464c2e4bb960d15bd60d53c3ef3ae7414b129037David Lawrence zones to be served is stored in a DNS zone and can
464c2e4bb960d15bd60d53c3ef3ae7414b129037David Lawrence be propagated to slaves via AXFR/IXFR. [RT #41581]
6112718b0dbb01ffbfd3fabc61e30c7e4485b0a7David Lawrence4375. [func] Add support for automatic reallocation of isc_buffer
6112718b0dbb01ffbfd3fabc61e30c7e4485b0a7David Lawrence to isc_buffer_put* functions. [RT #42394]
6112718b0dbb01ffbfd3fabc61e30c7e4485b0a7David Lawrence4374. [bug] Use SAVE/RESTORE macros in query.c to reduce the
6112718b0dbb01ffbfd3fabc61e30c7e4485b0a7David Lawrence probability of reference counting errors as seen
6112718b0dbb01ffbfd3fabc61e30c7e4485b0a7David Lawrence in 4365. [RT #42405]
04260c5c48d234734863f0222e207b6564cd41a8David Lawrence4373. [bug] Address undefined behavior in getaddrinfo. [RT #42479]
f479c9ff5576b3d138c7e52cfc2319b185b7ebcfDavid Lawrence4372. [bug] Address undefined behavior in libt_api. [RT #42480]
f479c9ff5576b3d138c7e52cfc2319b185b7ebcfDavid Lawrence4371. [func] New "minimal-any" option reduces the size of UDP
6c35e4dd17e6562a6b4d106cbf1d824b9f529356David Lawrence responses for qtype ANY by returning a single
504f7802d4c9b43db4820f496c4d00e078effa18David Lawrence arbitrarily selected RRset instead of all RRsets.
504f7802d4c9b43db4820f496c4d00e078effa18David Lawrence Thanks to Tony Finch. [RT #41615]
504f7802d4c9b43db4820f496c4d00e078effa18David Lawrence4370. [bug] Address python3 compatibility issues with RNDC module.
6af5c66df334c4e275e07b03c9b35e40dbaa4f31Andreas Gustafsson [RT #42499] [RT #42506]
3b6bcedffe1d326fd9f6aa3bfb1537af0975fab8Brian Wellington --- 9.11.0a2 released ---
3b6bcedffe1d326fd9f6aa3bfb1537af0975fab8Brian Wellington4369. [bug] Fix 'make' and 'make install' out-of-tree python
3b6bcedffe1d326fd9f6aa3bfb1537af0975fab8Brian Wellington support. [RT #42484]
f808bd34fbd3dd9508e8183e8025635bc330c34aAndreas Gustafsson4368. [bug] Fix a crash when calling "rndc stats" on some
f808bd34fbd3dd9508e8183e8025635bc330c34aAndreas Gustafsson Windows builds because some Visual Studio compilers
7fe2ead2b3e23f68c1d3c79da51ef5af4f678f7dAndreas Gustafsson generated crashing code for the "%z" printf()
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson format specifier. [RT #42380]
841179549b6433e782c164a562eb3422f603533dAndreas Gustafsson4367. [bug] Remove unnecessary assignment of loadtime in
841179549b6433e782c164a562eb3422f603533dAndreas Gustafsson zone_touched. [RT #42440]
841179549b6433e782c164a562eb3422f603533dAndreas Gustafsson4366. [bug] Address race condition when updating rbtnode bit
6c6a6c9f5e2b3c6fd72263eac155e4feddb77316Brian Wellington fields. [RT #42379]
6c6a6c9f5e2b3c6fd72263eac155e4feddb77316Brian Wellington4365. [bug] Address zone reference counting errors involving
2445d14b1a95132a473aa30076d0ce1762027e76Mark Andrews nxdomain-redirect. [RT #42258]
2445d14b1a95132a473aa30076d0ce1762027e76Mark Andrews4364. [port] freebsd: add -Wl,-E to loader flags [RT #41690]
4585aeb2cc84c0e0602da5abf47c31f92ec3b6b2Mark Andrews4363. [port] win32: Disable explicit triggering UAC when running
56877490bc70e4004f6b5e4a16067750ca64be85Andreas Gustafsson4362. [func] Changed rndc reconfig behavior so that newly added
56877490bc70e4004f6b5e4a16067750ca64be85Andreas Gustafsson zones are loaded asynchronously and the loading does
56877490bc70e4004f6b5e4a16067750ca64be85Andreas Gustafsson not block the server. [RT #41934]
56877490bc70e4004f6b5e4a16067750ca64be85Andreas Gustafsson4361. [cleanup] Where supported, file modification times returned
56877490bc70e4004f6b5e4a16067750ca64be85Andreas Gustafsson by isc_file_getmodtime() are now accurate to the
56877490bc70e4004f6b5e4a16067750ca64be85Andreas Gustafsson nanosecond. [RT #41968]
af0be81b2f6ea700dd882d3b18468c7815bd5ef2Andreas Gustafsson4360. [bug] Silence spurious 'bad key type' message when there is
af0be81b2f6ea700dd882d3b18468c7815bd5ef2Andreas Gustafsson a existing TSIG key. [RT #42195]
ed0e1ae6bc3df39389a24d72cf544b2437bf8340Andreas Gustafsson4359. [bug] Inherited 'also-notify' lists were not being checked
ed0e1ae6bc3df39389a24d72cf544b2437bf8340Andreas Gustafsson by named-checkconf. [RT #42174]
ed0e1ae6bc3df39389a24d72cf544b2437bf8340Andreas Gustafsson4358. [test] Added American Fuzzy Lop harness that allows
ed0e1ae6bc3df39389a24d72cf544b2437bf8340Andreas Gustafsson feeding fuzzed packets into BIND.
6cefb60af55912df4411389bccfc38a74e992332Mark Andrews4357. [func] Add the python RNDC module. [RT #42093]
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson4356. [func] Add the ability to specify whether to wait for
02e81689e3eff98a8d70c98a7cc45c150472316aBrian Wellington nameserver addresses to be looked up or not to
02e81689e3eff98a8d70c98a7cc45c150472316aBrian Wellington RPZ with a new modifying directive 'nsip-wait-recurse'.
dccd7f8459d811141fde04d4a307b9b695cf58b1David Lawrence4355. [func] "pkcs11-list" now displays the extractability
dccd7f8459d811141fde04d4a307b9b695cf58b1David Lawrence attribute of private or secret keys stored in
dccd7f8459d811141fde04d4a307b9b695cf58b1David Lawrence an HSM, as either "true", "false", or "never"
dccd7f8459d811141fde04d4a307b9b695cf58b1David Lawrence Thanks to Daniel Stirnimann. [RT #36557]
dccd7f8459d811141fde04d4a307b9b695cf58b1David Lawrence4354. [bug] Check that the received HMAC length matches the
dccd7f8459d811141fde04d4a307b9b695cf58b1David Lawrence expected length prior to check the contents on the
dccd7f8459d811141fde04d4a307b9b695cf58b1David Lawrence control channel. This prevents a OOB read error.
dccd7f8459d811141fde04d4a307b9b695cf58b1David Lawrence This was reported by Lian Yihan, <lianyihan@360.cn>.
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews4353. [cleanup] Update PKCS#11 header files. [RT #42175]
aec9f4d0723b0cffcfa9152533fb8f616ec7313bAndreas Gustafsson4352. [cleanup] The ISC DNSSEC Lookaside Validation (DLV) service
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews is scheduled to be disabled in 2017. A warning is
afb0a628efd8ecf40f66f6b8d0711bca62be2a9aMark Andrews now logged when named is configured to use it,
afb0a628efd8ecf40f66f6b8d0711bca62be2a9aMark Andrews either explicitly or via "dnssec-lookaside auto;"
aec9f4d0723b0cffcfa9152533fb8f616ec7313bAndreas Gustafsson4351. [bug] 'dig +noignore' didn't work. [RT #42273]
b5a86fe434c7d58d28af3b5c70c1743979f13aaeMark Andrews4350. [contrib] Declare result in dlz_filesystem_dynamic.c.
b5a86fe434c7d58d28af3b5c70c1743979f13aaeMark Andrews4349. [contrib] kasp2policy: A python script to create a DNSSEC
fb13bc029f62193a07d92384a910a0317fc7e0b0Brian Wellington policy file from an OpenDNSSEC KASP XML file.
3042b3e2711d00b7fd9ffbf51443ad761d30427fMark Andrews4348. [func] dnssec-keymgr: A new python-based DNSSEC key
fb13bc029f62193a07d92384a910a0317fc7e0b0Brian Wellington management utility, which reads a policy definition
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson file and can create or update DNSSEC keys as needed
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence to ensure that a zone's keys match policy, roll over
af0be81b2f6ea700dd882d3b18468c7815bd5ef2Andreas Gustafsson correctly on schedule, etc. Thanks to Sebastian
af0be81b2f6ea700dd882d3b18468c7815bd5ef2Andreas Gustafsson Castro for assistance in development. [RT #39211]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence4347. [port] Corrected a build error on x86_64 Solaris. [RT #42150]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence4346. [bug] Fixed a regression introduced in change #4337 which
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence caused signed domains with revoked KSKs to fail
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence validation. [RT #42147]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence4345. [contrib] perftcpdns mishandled the return values from
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence clock_nanosleep. [RT #42131]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence4344. [port] Address openssl version differences. [RT #42059]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence4343. [bug] dns_dnssec_syncupdate mis-declared in <dns/dnssec.h>.
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence4342. [bug] 'rndc flushtree' could fail to clean the tree if there
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence wasn't a node at the specified name. [RT #41846]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence --- 9.11.0a1 released ---
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence4341. [bug] Correct the handling of ECS options with
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence address family 0. [RT #41377]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence4340. [performance] Implement adaptive read-write locks, reducing the
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence overhead of locks that are only held briefly.
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence4339. [test] Use "mdig" to test pipelined queries. [RT #41929]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence4338. [bug] Reimplement change 4324 as it wasn't properly doing
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence all the required book keeping. [RT #41941]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence4337. [bug] The previous change exposed a latent flaw in
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence key refresh queries for managed-keys when
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence a cached DNSKEY had TTL 0. [RT #41986]
5455f30a7532738d750252c00e649890c694ee30Brian Wellington4336. [bug] Don't emit records with zero ttl unless the records
5455f30a7532738d750252c00e649890c694ee30Brian Wellington were learnt with a zero ttl. [RT #41687]
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson4335. [bug] zone->view could be detached too early. [RT #41942]
cf74d05a50e342e5b3870005c04ae5ed8013ab3eBrian Wellington4334. [func] 'named -V' now reports zlib version. [RT #41913]
cf74d05a50e342e5b3870005c04ae5ed8013ab3eBrian Wellington4333. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42 and
cf74d05a50e342e5b3870005c04ae5ed8013ab3eBrian Wellington 2001:500:9f::42.
89d03d4715120fd0c968775bf0724b5a2a647539Mark Andrews4332. [placeholder]
4fbd6a13a5ba6ec1e9bd080cba86c74b3b92c894Mark Andrews4331. [func] When loading managed signed zones detect if the
761a21dfab558235030ccfc3d61979146e2cf4b5Mark Andrews RRSIG's inception time is in the future and regenerate
f3ac8ee19231ae3018ec21756f19b1bd639ce7e7Andreas Gustafsson the RRSIG immediately. [RT #41808]
af0be81b2f6ea700dd882d3b18468c7815bd5ef2Andreas Gustafsson4330. [protocol] Identify the PAD option as "PAD" when printing out
82e991b8ed4e0ed3b010d191e0cadfd60226c2d9Andreas Gustafsson4329. [func] Warn about a common misconfiguration when forwarding
5ce23ccf3f324dc90ab9b4426b1da6284b0e2abfAndreas Gustafsson RFC 1918 zones. [RT #41441]
5ce23ccf3f324dc90ab9b4426b1da6284b0e2abfAndreas Gustafsson4328. [performance] Add dns_name_fromwire() benchmark test. [RT #41694]
508d17362c2c43ddf95ddc87ae6a8c5f32f35323Andreas Gustafsson4327. [func] Log query and depth counters during fetches when
508d17362c2c43ddf95ddc87ae6a8c5f32f35323Andreas Gustafsson querytrace (./configure --enable-querytrace) is
508d17362c2c43ddf95ddc87ae6a8c5f32f35323Andreas Gustafsson enabled (helps in diagnosing). [RT #41787]
508d17362c2c43ddf95ddc87ae6a8c5f32f35323Andreas Gustafsson4326. [protocol] Add support for AVC. [RT #41819]
508d17362c2c43ddf95ddc87ae6a8c5f32f35323Andreas Gustafsson4325. [func] Add a line to "rndc status" indicating the
508d17362c2c43ddf95ddc87ae6a8c5f32f35323Andreas Gustafsson hostname and operating system details. [RT #41610]
e7a4f58d55042cbc981a70b5071aaea46b9ebf7fAndreas Gustafsson4324. [bug] When deleting records from a zone database, interior
e7a4f58d55042cbc981a70b5071aaea46b9ebf7fAndreas Gustafsson nodes could be left empty but not deleted, damaging
e7a4f58d55042cbc981a70b5071aaea46b9ebf7fAndreas Gustafsson search performance afterward. [RT #40997]
5fdc9aaf401f6816df65d0e9cf701872f345c558Andreas Gustafsson4323. [bug] Improve HTTP header processing on statschannel.
6060b0ac76667afae3c9132ab6e3568a7a693f5dAndreas Gustafsson4322. [security] Duplicate EDNS COOKIE options in a response could
6060b0ac76667afae3c9132ab6e3568a7a693f5dAndreas Gustafsson trigger an assertion failure. (CVE-2016-2088)
af1a99a13d73126760b755d63ff7ef8c28ca9070Bob Halley4321. [bug] Zones using mapped files containing out-of-zone data
af1a99a13d73126760b755d63ff7ef8c28ca9070Bob Halley could return SERVFAIL instead of the expected NODATA
af1a99a13d73126760b755d63ff7ef8c28ca9070Bob Halley or NXDOMAIN results. [RT #41596]
751aa24c98fea02215cad95a08411af547d70e41Bob Halley4320. [bug] Insufficient memory allocation when handling
fd5847ef0954117d5f905dbbfb68f1e67e4f285fAndreas Gustafsson "none" ACL could cause an assertion failure in
fd5847ef0954117d5f905dbbfb68f1e67e4f285fAndreas Gustafsson named when parsing ACL configuration. [RT #41745]
82e991b8ed4e0ed3b010d191e0cadfd60226c2d9Andreas Gustafsson4319. [security] Fix resolver assertion failure due to improper
82e991b8ed4e0ed3b010d191e0cadfd60226c2d9Andreas Gustafsson DNAME handling when parsing fetch reply messages.
82e991b8ed4e0ed3b010d191e0cadfd60226c2d9Andreas Gustafsson (CVE-2016-1286) [RT #41753]
82e991b8ed4e0ed3b010d191e0cadfd60226c2d9Andreas Gustafsson4318. [security] Malformed control messages can trigger assertions
69d44b2f5ac8e35bdb0b80aeb304f5cb62197892Mark Andrews in named and rndc. (CVE-2016-1285) [RT #41666]
69d44b2f5ac8e35bdb0b80aeb304f5cb62197892Mark Andrews4317. [bug] Age all unused servers on fetch timeout. [RT #41597]
69d44b2f5ac8e35bdb0b80aeb304f5cb62197892Mark Andrews4316. [func] Add option to tools to print RRs in unknown
3242899a56da9c245956979d5be9c92b2cf0ee24Andreas Gustafsson presentation format [RT #41595].
8fbd23c0aaacdde1348b6457c5db14c433096fd2Andreas Gustafsson4315. [bug] Check that configured view class isn't a meta class.
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson4314. [contrib] Added 'dnsperf-2.1.0.0-1', a set of performance
5f539d5fc68ca056bd1791e3156b0fe6b28cde16Brian Wellington testing tools provided by Nominum, Inc.
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson4313. [bug] Handle ns_client_replace failures in test mode.
e491ef29043ae77d3d78fb7a59328f143fcf70feAndreas Gustafsson4312. [bug] dig's unknown DNS and EDNS flags (MBZ value) logging
e491ef29043ae77d3d78fb7a59328f143fcf70feAndreas Gustafsson was not consistent. [RT #41600]
e491ef29043ae77d3d78fb7a59328f143fcf70feAndreas Gustafsson4311. [bug] Prevent "rndc delzone" from being used on
1a286a6613d385b443030a8c932e40ac9e9c301fBob Halley response-policy zones. [RT #41593]
1a286a6613d385b443030a8c932e40ac9e9c301fBob Halley4310. [performance] Use __builtin_expect() where available to annotate
1a286a6613d385b443030a8c932e40ac9e9c301fBob Halley conditions with known behavior. [RT #41411]
3242899a56da9c245956979d5be9c92b2cf0ee24Andreas Gustafsson4309. [cleanup] Remove the spurious "none" filename from log messages
3242899a56da9c245956979d5be9c92b2cf0ee24Andreas Gustafsson when processing built-in configuration. [RT #41594]
ecaedd50f4e6b8cff110f9981a0a33a34269d421Mark Andrews4308. [func] Added operating system details to "named -V"
9ffcab1e9a398e431c10c9936c28e4166c2e82e0Andreas Gustafsson output. [RT #41452]
de8717a7218a4f034144ad7b8755ad43e3fd45c9David Lawrence4307. [bug] "dig +subnet" and "mdig +subnet" could send
de8717a7218a4f034144ad7b8755ad43e3fd45c9David Lawrence incorrectly-formatted Client Subnet options
de8717a7218a4f034144ad7b8755ad43e3fd45c9David Lawrence if the prefix length was not divisible by 8.
6f115bdb61672871bd822bdcd09cb1a3aad38aa0David Lawrence Also fixed a memory leak in "mdig". [RT #45178]
6f115bdb61672871bd822bdcd09cb1a3aad38aa0David Lawrence4306. [maint] Added a PKCS#11 openssl patch supporting
1ac6cf2f7ae95e4c915cba7038e61930d7c4ba2aAndreas Gustafsson version 1.0.2f [RT #38312]
5e194abb5b548524e5c0fd2bb4627ec698b75e2bAndreas Gustafsson4305. [bug] dnssec-signzone was not removing unnecessary rrsigs
5e194abb5b548524e5c0fd2bb4627ec698b75e2bAndreas Gustafsson from the zone's apex. [RT #41483]
5e194abb5b548524e5c0fd2bb4627ec698b75e2bAndreas Gustafsson4304. [port] xfer system test failed as 'tail -n +value' is not
5e194abb5b548524e5c0fd2bb4627ec698b75e2bAndreas Gustafsson portable. [RT #41315]
5e194abb5b548524e5c0fd2bb4627ec698b75e2bAndreas Gustafsson4303. [bug] "dig +subnet" was unable to send a prefix length of
09ae77ca30eb17ee32d3f7720ca796a72259cde6Andreas Gustafsson zero, as it was incorrectly changed to 32 for v4
09ae77ca30eb17ee32d3f7720ca796a72259cde6Andreas Gustafsson prefixes or 128 for v6 prefixes. In addition to
09ae77ca30eb17ee32d3f7720ca796a72259cde6Andreas Gustafsson fixing this, "dig +subnet=0" has been added as a
47afc27c28aef95d94e8d1296498ba57a5f00b25Brian Wellington short form for 0.0.0.0/0. The same changes have
cedd0ab1e812ec7cf05d57c3e602db41b79f0a2aAndreas Gustafsson also been made in "mdig". [RT #41553]
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson4302. [port] win32: fixed a build error in VS 2015. [RT #41426]
ac6afcd0caf72aaa2a537e0003de30b363b4a68bBrian Wellington4301. [bug] dnssec-settime -p [DP]sync was not working. [RT #41534]
ac6afcd0caf72aaa2a537e0003de30b363b4a68bBrian Wellington4300. [bug] A flag could be set in the wrong field when setting
c20ffa38dee7efa0dc01822d4bac5e41729b9b61Brian Wellington up non-recursive queries; this could cause the
c20ffa38dee7efa0dc01822d4bac5e41729b9b61Brian Wellington SERVFAIL cache to cache responses it shouldn't.
9ffcab1e9a398e431c10c9936c28e4166c2e82e0Andreas Gustafsson New querytrace logging has been added which
9ffcab1e9a398e431c10c9936c28e4166c2e82e0Andreas Gustafsson identified this error. [RT #41155]
2b7a77a68e27fc7991a857d403cb34b2ae90fc0bMark Andrews4299. [bug] Check that exactly totallen bytes are read when
4df51a8f53381d57b3dd75dd84615abd4cf9e969Andreas Gustafsson reading a RRset from raw files in both single read
0c9dd74fecd876563b7f0e4662243ff026b59622Andreas Gustafsson and incremental modes. [RT #41402]
0c9dd74fecd876563b7f0e4662243ff026b59622Andreas Gustafsson4298. [bug] dns_rpz_add errors in loadzone were not being
aed6a8ed2e706404ccca0f31faf110fd6efd34e6Andreas Gustafsson propagated up the call stack. [RT #41425]
aed6a8ed2e706404ccca0f31faf110fd6efd34e6Andreas Gustafsson4297. [test] Ensure delegations in RPZ zones fail robustly.
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson4296. [bug] TCP packet sizes were calculated incorrectly in the
f8b3c627949bd4bc2f6aafb3dab2f56e3aa9ba06Brian Wellington stats channel; they could be counted in the wrong
f8b3c627949bd4bc2f6aafb3dab2f56e3aa9ba06Brian Wellington histogram bucket. [RT #40587]
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson4295. [bug] An unchecked result in dns_message_pseudosectiontotext()
55ddb88e53838693370c213930beda1652b8a583Brian Wellington could allow incorrect text formatting of EDNS EXPIRE
daad43e5a4e83bd3c055632799ab67e269467db0Brian Wellington options. [RT #41437]
daad43e5a4e83bd3c055632799ab67e269467db0Brian Wellington4294. [bug] Fixed a regression in which "rndc stop -p" failed
3efd6904134ef6c4866a633eabeb55d1c86be7bbBrian Wellington to print the PID. [RT #41513]
3efd6904134ef6c4866a633eabeb55d1c86be7bbBrian Wellington4293. [bug] Address memory leak on priming query creation failure.
70d08aea0a693c6ca62c2f7bb33bfddf9e427601Brian Wellington4292. [placeholder]
907620b5e0d898da324192cbbe5a5b518f55d175Bob Halley4291. [cleanup] Added a required include to dns/forward.h. [RT #41474]
2c9db9314993504064c1a71f4a059ff9493a75caBrian Wellington4290. [func] The timers returned by the statistics channel
2c9db9314993504064c1a71f4a059ff9493a75caBrian Wellington (indicating current time, server boot time, and
2c9db9314993504064c1a71f4a059ff9493a75caBrian Wellington most recent reconfiguration time) are now reported
672056d560d973cac1c0d02f087e059eef8f948fBrian Wellington with millisecond accuracy. [RT #40082]
9027e1bcf1b245226e3053a75d16c5351d7e60caDavid Lawrence4289. [bug] The server could crash due to memory being used
9027e1bcf1b245226e3053a75d16c5351d7e60caDavid Lawrence after it was freed if a zone transfer timed out.
9027e1bcf1b245226e3053a75d16c5351d7e60caDavid Lawrence4288. [bug] Fixed a regression in resolver.c:possibly_mark()
668f8d91db59f4dd89a0b54206f87879354339f5Brian Wellington which caused known-bogus servers to be queried
668f8d91db59f4dd89a0b54206f87879354339f5Brian Wellington anyway. [RT #41321]
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson4287. [bug] Silence an overly noisy log message when message
d7ba3622ffa20c653ef6c8cfae42d8cd26465b7fBrian Wellington parsing fails. [RT #41374]
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson4286. [security] render_ecs errors were mishandled when printing out
c0968380c4fb0b8196aafb8de225531bd847bb6dBrian Wellington a OPT record resulting in a assertion failure.
c0968380c4fb0b8196aafb8de225531bd847bb6dBrian Wellington (CVE-2015-8705) [RT #41397]
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington4285. [security] Specific APL data could trigger a INSIST.
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson (CVE-2015-8704) [RT #41396]
c1ff0308f3f67bf148f96ca952db081eb5fd8383Brian Wellington4284. [bug] Some GeoIP options were incorrectly documented
b879ed05f4fb8209add6c19a509c984b6c8b3a98Andreas Gustafsson using abbreviated forms which were not accepted by
b52a5b063050f209b0f47379178a1e7ae7404624Andreas Gustafsson named. The code has been updated to allow both
b52a5b063050f209b0f47379178a1e7ae7404624Andreas Gustafsson long and abbreviated forms. [RT #41381]
34613b2e39478a83076f6a626a4b855cebb19533Andreas Gustafsson4283. [bug] OPENSSL_config is no longer re-callable. [RT #41348]
34613b2e39478a83076f6a626a4b855cebb19533Andreas Gustafsson4282. [func] 'dig +[no]mapped' determine whether the use of mapped
34613b2e39478a83076f6a626a4b855cebb19533Andreas Gustafsson IPv4 addresses over IPv6 is permitted or not. The
eb059776a206e9be778de0f196a0304b558a779cAndreas Gustafsson default is +mapped. [RT #41307]
6eccf5bd07eb9abf65cc08fec4a8fc97b62c0e1bBrian Wellington4281. [bug] Teach dns_message_totext about BADCOOKIE. [RT #41257]
3d1483d86dce11fffd03c5b6c93be2e689f522abAndreas Gustafsson4280. [performance] Use optimal message sizes to improve compression
3d1483d86dce11fffd03c5b6c93be2e689f522abAndreas Gustafsson in AXFRs. This reduces network traffic. [RT #40996]
3d1483d86dce11fffd03c5b6c93be2e689f522abAndreas Gustafsson4279. [test] Don't use fixed ports when unit testing. [RT #41194]
b8a85202af814468421a6541b4c935bd14773c53Brian Wellington4278. [bug] 'delv +short +[no]split[=##]' didn't work as expected.
b879ed05f4fb8209add6c19a509c984b6c8b3a98Andreas Gustafsson4277. [performance] Improve performance of the RBT, the central zone
48565891e8f2f8c77b87908b4893f693a08e9ba9Brian Wellington datastructure: The aux hashtable was improved,
48565891e8f2f8c77b87908b4893f693a08e9ba9Brian Wellington hash function was updated to perform more
4c03e69ab845f703c1ffa3b7772938ca98cce44dAndreas Gustafsson uniform mapping, uppernode was added to
b0390aab30438a13f533cccae9389945214b1421Brian Wellington dns_rbtnode, and other cleanups and performance
b0390aab30438a13f533cccae9389945214b1421Brian Wellington improvements were made. [RT #41165]
b0390aab30438a13f533cccae9389945214b1421Brian Wellington4276. [protocol] Add support for SMIMEA. [RT #40513]
54d64c7994d01da590462ecc56faf1a87fc4abb9Brian Wellington4275. [performance] Lazily initialize dns_compress->table only when
4c03e69ab845f703c1ffa3b7772938ca98cce44dAndreas Gustafsson compression is enabled. [RT #41189]
4c03e69ab845f703c1ffa3b7772938ca98cce44dAndreas Gustafsson4274. [performance] Speed up typemap processing from text. [RT #41196]
225a66da7ea2671a3e4db3cc4337f97ff67be647Brian Wellington4273. [bug] Only call dns_test_begin() and dns_test_end() once each
91e35ded544576b671606779143d7fbffaf451d2Andreas Gustafsson in nsec3_test as it fails with GOST if called multiple
279de54fe3a0ac10b64762b18a4569c07b15d742Andreas Gustafsson4272. [bug] dig: the +norrcomments option didn't work with +multi.
279de54fe3a0ac10b64762b18a4569c07b15d742Andreas Gustafsson4271. [test] Unit tests could deadlock in isc__taskmgr_pause().
04cb6056a6539539e0fc2ed695298f7fa7b1d632Brian Wellington4270. [security] Update allowed OpenSSL versions as named is
17789c880460c0bca3f3693c759be2214b936e69Brian Wellington potentially vulnerable to CVE-2015-3193.
55b62439233d930152690b9eba97b06d9dc13d23Mark Andrews4269. [bug] Zones using "map" format master files currently
02e7e0ba65a26a5f8728b0ee256f7253795cf839Brian Wellington don't work as policy zones. This limitation has
123a3dddc94534d3a6c6f81c118a5b63dc5994c3Andreas Gustafsson now been documented; attempting to use such zones
590233519e14f3cf49840a93d2648d5560dd957eDavid Lawrence in "response-policy" statements is now a
590233519e14f3cf49840a93d2648d5560dd957eDavid Lawrence configuration error. [RT #38321]
590233519e14f3cf49840a93d2648d5560dd957eDavid Lawrence4268. [func] "rndc status" now reports the path to the
590233519e14f3cf49840a93d2648d5560dd957eDavid Lawrence configuration file. [RT #36470]
123a3dddc94534d3a6c6f81c118a5b63dc5994c3Andreas Gustafsson4267. [test] Check sdlz error handling. [RT #41142]
123a3dddc94534d3a6c6f81c118a5b63dc5994c3Andreas Gustafsson4266. [placeholder]
88a790c39176f72a8f98f134b83df92e09a8c56bAndreas Gustafsson4265. [bug] Address unchecked isc_mem_get calls. [RT #41187]
d25dd5b0567f67ecf40b7ed1cb20e0dce7b41c49Brian Wellington4264. [bug] Check const of strchr/strrchr assignments match
d25dd5b0567f67ecf40b7ed1cb20e0dce7b41c49Brian Wellington argument's const status. [RT #41150]
9ac7076ebad044afb15e9e2687e3696868778538Mark Andrews4263. [contrib] Address compiler warnings in mysqldyn module.
7c058f1c384ebdba74231111f9358cf08109a5dbBob Halley4262. [bug] Fixed a bug in epoll socket code that caused
7c058f1c384ebdba74231111f9358cf08109a5dbBob Halley sockets to not be registered for ready
7c058f1c384ebdba74231111f9358cf08109a5dbBob Halley notification in some cases, causing named to not
76b3ec5e0c3ae856bc1000270bf3df13580673ebBrian Wellington read from or write to them, resulting in what
620de5a4b1f23dc9b4ec30d30c0607ff389be0daBob Halley appear to the user as blocked connections.
f9e1aa0c440b6c6938967ed5356ec025ea40502eBrian Wellington4261. [maint] H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53.
4e3f8e480f220ef8a87fd28d02f9001b8fc6f423Bob Halley4260. [security] Insufficient testing when parsing a message allowed
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson records with an incorrect class to be be accepted,
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson triggering a REQUIRE failure when those records
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson were subsequently cached. (CVE-2015-8000) [RT #40987]
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson4259. [func] Add an option for non-destructive control channel
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson access using a "read-only" clause. In such
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson cases, a restricted set of rndc commands are
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson allowed for querying information from named.
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson4258. [bug] Limit rndc query message sizes to 32 KiB. This should
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson not break any legitimate rndc commands, but will
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington prevent a rogue rndc query from allocating too
620de5a4b1f23dc9b4ec30d30c0607ff389be0daBob Halley much memory. [RT #41073]
620de5a4b1f23dc9b4ec30d30c0607ff389be0daBob Halley4257. [cleanup] Python scripts reported incorrect version. [RT #41080]
68b952dc98a9e02b269c0712da120cd773679652Brian Wellington4256. [bug] Allow rndc command arguments to be quoted so as
d1cc210d2091916df6f9858fae20a1c760f3b257Andreas Gustafsson to allow spaces. [RT #36665]
d1cc210d2091916df6f9858fae20a1c760f3b257Andreas Gustafsson4255. [performance] Add 'message-compression' option to disable DNS
d1cc210d2091916df6f9858fae20a1c760f3b257Andreas Gustafsson compression in responses. [RT #40726]
d1cc210d2091916df6f9858fae20a1c760f3b257Andreas Gustafsson4254. [bug] Address missing lock when getting zone's serial.
d1cc210d2091916df6f9858fae20a1c760f3b257Andreas Gustafsson4253. [security] Address fetch context reference count handling error
d1cc210d2091916df6f9858fae20a1c760f3b257Andreas Gustafsson on socket error. (CVE-2015-8461) [RT#40945]
ed0a4f1a302a5e543a9a2e4f8e61ca8a0673c6a7Mark Andrews4252. [func] Add support for automating the generation CDS and
a93cf7e83be621d3d68f51e37121a47a70a6757bMark Andrews CDNSKEY rrsets to named and dnssec-signzone.
a97b72bac75dd2b4294108f59e1273f50495583cAndreas Gustafsson4251. [bug] NTAs were deleted when the server was reconfigured
c05eeed3c915d55a4949f5c2ce8700a0b0f9381bAndreas Gustafsson or reloaded. [RT #41058]
1c1156b6e71555e593ed4bbca2284055c9f6fa45Andreas Gustafsson4250. [func] Log the TSIG key in use during inbound zone
c05eeed3c915d55a4949f5c2ce8700a0b0f9381bAndreas Gustafsson transfers. [RT #41075]
3bb043a8b8b15eece3794ec31ad0ccab103a1c21Brian Wellington4249. [func] Improve error reporting of TSIG / SIG(0) records in
3bb043a8b8b15eece3794ec31ad0ccab103a1c21Brian Wellington the wrong location. [RT #41030]
14c615e979f674aa61b0ca65c6a252009e521dd8Brian Wellington4248. [performance] Add an isc_atomic_storeq() function, use it in
3bb043a8b8b15eece3794ec31ad0ccab103a1c21Brian Wellington stats counters to improve performance.
d1cc210d2091916df6f9858fae20a1c760f3b257Andreas Gustafsson [RT #39972] [RT #39979]
df0f58959ed82a2a43ca8d816ce9592541df9f2fMark Andrews4247. [port] Require both HAVE_JSON and JSON_C_VERSION to be
4d35b6836eb57387a9da6b103331b59cc988b827Mark Andrews defined to report json library version. [RT #41045]
f4b5a0f43481026ea27bd96e3584ca0e92542f0dBob Halley4246. [test] Ensure the statschannel system test runs when BIND
0e7da7ac26cb234763ff03c3a9bc06e3c22e546fAndreas Gustafsson is not built with libjson. [RT #40944]
f4b5a0f43481026ea27bd96e3584ca0e92542f0dBob Halley4245. [placeholder]
f4b5a0f43481026ea27bd96e3584ca0e92542f0dBob Halley4244. [bug] The parser was not reporting that use-ixfr is obsolete.
4e605108c6533c2ec6311ee7a466582392656dddAndreas Gustafsson4243. [func] Improved stats reporting from Timothe Litt. [RT #38941]
ea544b0511a66bc5f3700d56a72dcd808fdf22e8Brian Wellington4242. [bug] Replace the client if not already replaced when
ea544b0511a66bc5f3700d56a72dcd808fdf22e8Brian Wellington prefetching. [RT #41001]
ea544b0511a66bc5f3700d56a72dcd808fdf22e8Brian Wellington4241. [doc] Improved the TSIG, TKEY, and SIG(0) sections in
a012d6dbfb100390efa7d0d4be64ada0210b09ddBrian Wellington the ARM. [RT #40955]
a012d6dbfb100390efa7d0d4be64ada0210b09ddBrian Wellington4240. [port] Fix LibreSSL compatibility. [RT #40977]
7ae7d499f353549162ddcf6fed957ea21e4fa52bMark Andrews4239. [func] Changed default servfail-ttl value to 1 second from 10.
c8d185ad5827bf2cf9982075e3336f680759a260Andreas Gustafsson Also, the maximum value is now 30 instead of 300.
1e50dad10da55802152d00d5573f8b7d49d752a6Bob Halley4238. [bug] Don't send to servers on net zero (0.0.0.0/8).
c8d185ad5827bf2cf9982075e3336f680759a260Andreas Gustafsson4237. [doc] Upgraded documentation toolchain to use DocBook 5
c8d185ad5827bf2cf9982075e3336f680759a260Andreas Gustafsson and dblatex. [RT #40766]
c8d185ad5827bf2cf9982075e3336f680759a260Andreas Gustafsson4236. [performance] On machines with 2 or more processors (CPU), the
22cafd0ece9c8d22a1218f000afdbceda21fe8afBrian Wellington default value for the number of UDP listeners
22cafd0ece9c8d22a1218f000afdbceda21fe8afBrian Wellington has been changed to the number of detected
2cb74c5bc52ef415a771fafe0bf504eab609feadBrian Wellington processors minus one. [RT #40761]
3d60fe9bafbf633e3a7811c11227baebb17878a4Brian Wellington4235. [func] Added support in named for "dnstap", a fast method of
3d60fe9bafbf633e3a7811c11227baebb17878a4Brian Wellington capturing and logging DNS traffic, and a new command
218c8472e6c8c1a014e412615cc97bb93c0ef9c2Brian Wellington "dnstap-read" to read a dnstap log file. Use
218c8472e6c8c1a014e412615cc97bb93c0ef9c2Brian Wellington "configure --enable-dnstap" to enable this
218c8472e6c8c1a014e412615cc97bb93c0ef9c2Brian Wellington feature (note that this requires libprotobuf-c
218c8472e6c8c1a014e412615cc97bb93c0ef9c2Brian Wellington and libfstrm). See the ARM for configuration details.
f24c135e09214c3843a49fd32ebef2f6a436ba8eBrian Wellington Thanks to Robert Edmonds of Farsight Security.
4b9f0fd0791cb9cb31087789a03fa3a28dd4b583Andreas Gustafsson4234. [func] Add deflate compression in statistics channel HTTP
02940eaf0f732c28c0b39ed114a3803074a80138Andreas Gustafsson server. [RT #40861]
02940eaf0f732c28c0b39ed114a3803074a80138Andreas Gustafsson4233. [test] Add tests for CDS and CDNSKEY with delegation-only.
80aba3d49a872ca11d7cf8550c3a993162e7939fMark Andrews4232. [contrib] Address unchecked memory allocation calls in
31039b15173fb3e375269991920e4843f664457eMark Andrews query-loc and zone2ldap. [RT #40789]
aa23a35d81a9618a40c4a9b44be48009553e4777Andreas Gustafsson4231. [contrib] Address unchecked calloc call in dlz_mysqldyn_mod.c.
aa23a35d81a9618a40c4a9b44be48009553e4777Andreas Gustafsson4230. [contrib] dlz_wildcard_dynamic.c:dlz_create could return a
0e7da7ac26cb234763ff03c3a9bc06e3c22e546fAndreas Gustafsson uninitialized result. [RT #40839]
019fefd77d7e77f3c841808ab604f8ce31679d2dBrian Wellington4229. [bug] A variable could be used uninitialized in
0e7da7ac26cb234763ff03c3a9bc06e3c22e546fAndreas Gustafsson dns_update_signaturesinc. [RT #40784]
91425b5e7204b05165e2c5b244f3dad502f9627dBrian Wellington4228. [bug] Address race condition in dns_client_destroyrestrans.
b18a5b6730dcb062cf7f47c6b3cb909030b58f36Brian Wellington4227. [bug] Silence static analysis warnings. [RT #40828]
e880677f633f726b7df11ba3e59d4406e22256aaMark Andrews4226. [bug] Address a theoretical shutdown race in
e880677f633f726b7df11ba3e59d4406e22256aaMark Andrews zone.c:notify_send_queue(). [RT #38958]
328b080b4af258fdd4d3a2ea1558b48706bd8116Andreas Gustafsson4225. [port] freebsd/openbsd: Use '${CC} -shared' for building
328b080b4af258fdd4d3a2ea1558b48706bd8116Andreas Gustafsson shared libraries. [RT #39557]
328b080b4af258fdd4d3a2ea1558b48706bd8116Andreas Gustafsson4224. [func] Added support for "dyndb", a new interface for loading
328b080b4af258fdd4d3a2ea1558b48706bd8116Andreas Gustafsson zone data from an external database, developed by
9e560b59a722d06a62b5aed761e71fec72638a7cBrian Wellington Red Hat for the FreeIPA project.
f91dc72b422479b5a0caf1fe54c4054d25ae6055Brian Wellington DynDB drivers fully implement the BIND database
f91dc72b422479b5a0caf1fe54c4054d25ae6055Brian Wellington API, and are capable of significantly better
7e361074bc8a2df7a0891a7040eea02ca3a5e286Andreas Gustafsson performance and functionality than DLZ drivers,
7e361074bc8a2df7a0891a7040eea02ca3a5e286Andreas Gustafsson while taking advantage of advanced database
7e361074bc8a2df7a0891a7040eea02ca3a5e286Andreas Gustafsson features not available in BIND such as multi-master
d6b3d06db7ce3b9229dc30cc0e3a72ba2603da28Bob Halley replication.
d6b3d06db7ce3b9229dc30cc0e3a72ba2603da28Bob Halley Thanks to Adam Tkac and Petr Spacek of Red Hat.
8e68489885e744ab48907414b4199c36858c27ddMark Andrews4223. [func] Add support for setting max-cache-size to percentage
8e68489885e744ab48907414b4199c36858c27ddMark Andrews of available physical memory, set default to 90%.
c17c59662f0969a5e52e8b7529cbde1a7c746095Andreas Gustafsson4222. [func] Bias IPv6 servers when selecting the next server to
c17c59662f0969a5e52e8b7529cbde1a7c746095Andreas Gustafsson query. [RT #40836]
d8d95c7d2eae28c5adbde097e88efa115bae6f35Andreas Gustafsson4221. [bug] Resource leak on DNS_R_NXDOMAIN in fctx_create.
651421a5db8a9edf39c76fd8cf859409eb8c373bAndreas Gustafsson4220. [doc] Improve documentation for zone-statistics.
7427490a67b9547242b57c255254f7e146127c48Bob Halley4219. [bug] Set event->result to ISC_R_WOULDBLOCK on EWOULDBLOCK,
7427490a67b9547242b57c255254f7e146127c48Bob Halley EGAIN when these soft error are not retried for
7427490a67b9547242b57c255254f7e146127c48Bob Halley isc_socket_send*().
fbe35d126f2c4df000f50662ed9d90ced13188c3Andreas Gustafsson4218. [bug] Potential null pointer dereference on out of memory
dfa0badebe5a8260281228d94dbe28e4314a9df6Andreas Gustafsson if mmap is not supported. [RT #40777]
dfa0badebe5a8260281228d94dbe28e4314a9df6Andreas Gustafsson4217. [protocol] Add support for CSYNC. [RT #40532]
2d0627005d48b7657fa11792c123466b4f974b61Mark Andrews4216. [cleanup] Silence static analysis warnings. [RT #40649]
2d0627005d48b7657fa11792c123466b4f974b61Mark Andrews4215. [bug] nsupdate: skip to next request on GSSTKEY create
b1b3495eba72ea2b7270c5cd62b0bb824de74e05Mark Andrews failure. [RT #40685]
80ddc8b22bf2ede60038393be5cad9da99d3f03fAndreas Gustafsson4214. [protocol] Add support for TALINK. [RT #40544]
94baac869a70b529a24ff23d8dc899faa5d4fdc4Brian Wellington4213. [bug] Don't reuse a cache across multiple classes.
1ac2c28488fb5de80b3ce9aac3500d215cb61728Brian Wellington4212. [func] Re-query if we get a bad client cookie returned over
1ac2c28488fb5de80b3ce9aac3500d215cb61728Brian Wellington UDP. [RT #40748]
a1cad3b231800ca928751ff8889bdc6d312d1f88Andreas Gustafsson4211. [bug] Ensure that lwresd gets at least one task to work
a12d9cfa59b5981c52e1aaafedf652d5128f3448Brian Wellington with if enabled. [RT #40652]
702a69f04a89422968ef8fc6fc271fac058e03efBrian Wellington4210. [cleanup] Silence use after free false positive. [RT #40743]
0f537d1c63f643924355ff9ca2cf72c547101aa4Brian Wellington4209. [bug] Address resource leaks in dlz modules. [RT #40654]
0f537d1c63f643924355ff9ca2cf72c547101aa4Brian Wellington4208. [bug] Address null pointer dereferences on out of memory.
9ee323b64bc9dcd73f9a0a0e69a31475026721daAndreas Gustafsson4207. [bug] Handle class mismatches with raw zone files.
f6987630ce2d424a34bb9d373b3c08de48010287Andreas Gustafsson4206. [bug] contrib: fixed a possible NULL dereference in
c27148868266dd718b6677c794b3e6dca53c3bdcAndreas Gustafsson DLZ wildcard module. [RT #40745]
f8a44ed40032e034883019ac556f3bb732491a32Mark Andrews4205. [bug] 'named-checkconf -p' could include unwanted spaces
f8a44ed40032e034883019ac556f3bb732491a32Mark Andrews when printing tuples with unset optional fields.
07d6480b684d3745e645f35a8b95dae9bda982a3Mark Andrews4204. [bug] 'dig +trace' failed to lookup the correct type if
363cb30a83e8e57bc8874e621910f0e23dd84909Mark Andrews the initial root NS query was retried. [RT #40296]
ea6709ec8a66e3ffef9c9466613df499567c57f8Brian Wellington4203. [test] The rrchecker system test now tests conversion
ea6709ec8a66e3ffef9c9466613df499567c57f8Brian Wellington to and from unknown-type format. [RT #40584]
634784cb66a1c9ddee0c448f71580f024c8fe40bAndreas Gustafsson4202. [bug] isccc_cc_fromwire() could return an incorrect
634784cb66a1c9ddee0c448f71580f024c8fe40bAndreas Gustafsson result. [RT #40614]
634784cb66a1c9ddee0c448f71580f024c8fe40bAndreas Gustafsson4201. [func] The default preferred-glue is now the address record
634784cb66a1c9ddee0c448f71580f024c8fe40bAndreas Gustafsson type of the transport the query was received
634784cb66a1c9ddee0c448f71580f024c8fe40bAndreas Gustafsson over. [RT #40468]
ce1269825c9d9c4bca42ae9750a7a2fd93a45557Mark Andrews4200. [cleanup] win32: update BINDinstall to be BIND release
49576ae7a481415d5e815ff59b71c76203259619Andreas Gustafsson independent. [RT #38915]
e8af4e152413190e5553c2fb3074a1cc689c6cefAndreas Gustafsson4199. [protocol] Add support for NINFO, RKEY, SINK, TA.
4d30acbac52fcb20a4f0ab4f8508f24861386fe7Brian Wellington [RT #40545] [RT #40547] [RT #40561] [RT #40563]
4d30acbac52fcb20a4f0ab4f8508f24861386fe7Brian Wellington4198. [placeholder]
131d5feb05fce60143bc17dab73df20753d9301fBrian Wellington4197. [bug] 'named-checkconf -z' didn't handle 'in-view' clauses.
76c9d2f6c0a5d6ea8bcc35fc3228d2019507b2bbBrian Wellington4196. [doc] Improve how "enum + other" types are documented.
187a97287e626b2f2e9774479e145dfbf1eba66cBrian Wellington4195. [bug] 'max-zone-ttl unlimited;' was broken. [RT #40608]
187a97287e626b2f2e9774479e145dfbf1eba66cBrian Wellington4194. [bug] named-checkconf -p failed to properly print a port
49576ae7a481415d5e815ff59b71c76203259619Andreas Gustafsson range. [RT #40634]
7ed2d93fa4e12e0ceaa0c7c0da3a89e7a5d78296Andreas Gustafsson4193. [bug] Handle broken servers that return BADVERS incorrectly.
1ec527b71267747cc3ae4d9849aa4f6362c78ea9Brian Wellington4192. [bug] The default rrset-order of random was not always being
703e1c0bb66f3cd3d300358ca0c1fdf3cb5fb1c5Brian Wellington applied. [RT #40456]
703e1c0bb66f3cd3d300358ca0c1fdf3cb5fb1c5Brian Wellington4191. [protocol] Accept DNS-SD non LDH PTR records in reverse zones
7ed2d93fa4e12e0ceaa0c7c0da3a89e7a5d78296Andreas Gustafsson as per RFC 6763. [RT #37889]
7ed2d93fa4e12e0ceaa0c7c0da3a89e7a5d78296Andreas Gustafsson4190. [protocol] Accept Active Directory gc._msdcs.<forest> name as
14bb9cccae74676e25ae145dc14a3681cc3022b9Mark Andrews valid with check-names. <forest> still needs to be
14bb9cccae74676e25ae145dc14a3681cc3022b9Mark Andrews LDH. [RT #40399]
01b8865b1462ba219c90cf6c00f1bf0fdf780d9bBrian Wellington4189. [cleanup] Don't exit on overly long tokens in named.conf.
fcc3c131e03cb7e844eaecf74d4f9b7fd38c8398Andreas Gustafsson4188. [bug] Support HTTP/1.0 client properly on the statistics
fb0663dbdd4811c6062fe602b511227be66aec56Mark Andrews channel. [RT #40261]
6d3e8dffb447b9a961360f7f4fd77b0bdb81de76Andreas Gustafsson4187. [func] When any RR type implementation doesn't
7017ede939a5d3e7f2dc113061887a9e81fe8627Brian Wellington implement totext() for the RDATA's wire
7017ede939a5d3e7f2dc113061887a9e81fe8627Brian Wellington representation and returns ISC_R_NOTIMPLEMENTED,
7017ede939a5d3e7f2dc113061887a9e81fe8627Brian Wellington such RDATA is now printed in unknown
6d3e8dffb447b9a961360f7f4fd77b0bdb81de76Andreas Gustafsson presentation format (RFC 3597). RR types affected
fcc3c131e03cb7e844eaecf74d4f9b7fd38c8398Andreas Gustafsson include LOC(29) and APL(42). [RT #40317].
6d3e8dffb447b9a961360f7f4fd77b0bdb81de76Andreas Gustafsson4186. [bug] Fixed an RPZ bug where a QNAME would be matched
b65fc651b8aaab5d0fb9b8f6ef583d699d14a113Mark Andrews against a policy RR with wildcard owner name
6d3e8dffb447b9a961360f7f4fd77b0bdb81de76Andreas Gustafsson (trigger) where the QNAME was the wildcard owner
2728a98ee4104b2fb30f273893a7f354e20002b5Mark Andrews name's parent. For example, the bug caused a query
c50895694ef939f287aaa7505e0fcf634903bd34Mark Andrews with QNAME "example.com" to match a policy RR with
be387fd057ee54ae5d84904e69587d6e29bd3950Mark Andrews "*.example.com" as trigger. [RT #40357]
d72269740049af28b091ba81d68a067c88f53547Mark Andrews4185. [bug] Fixed an RPZ bug where a policy RR with wildcard
6d3e8dffb447b9a961360f7f4fd77b0bdb81de76Andreas Gustafsson owner name (trigger) would prevent another policy RR
7dbb39a417a28f61ba13e6e066c2f9c711f61471Mark Andrews with its parent owner name from being
7dbb39a417a28f61ba13e6e066c2f9c711f61471Mark Andrews loaded. For example, the bug caused a policy RR
a51f77a70bba62f227fb15fe72ecf959893e3f0fMark Andrews with trigger "example.com" to not have any
a51f77a70bba62f227fb15fe72ecf959893e3f0fMark Andrews effect when a previous policy RR with trigger
a51f77a70bba62f227fb15fe72ecf959893e3f0fMark Andrews "*.example.com" existed in that RPZ zone.
ff7f1dc0393cfc8a033be7e94aa56cd57c97d174Andreas Gustafsson4184. [bug] Fixed a possible memory leak in name compression
7dec36c225ad044a6546a4e232888f3412c030a8Brian Wellington when rendering long messages. (Also, improved
7dec36c225ad044a6546a4e232888f3412c030a8Brian Wellington wire_test for testing such messages.) [RT #40375]
ff7f1dc0393cfc8a033be7e94aa56cd57c97d174Andreas Gustafsson4183. [cleanup] Use timing-safe memory comparisons in cryptographic
ff7f1dc0393cfc8a033be7e94aa56cd57c97d174Andreas Gustafsson code. Also, the timing-safe comparison functions have
ff7f1dc0393cfc8a033be7e94aa56cd57c97d174Andreas Gustafsson been renamed to avoid possible confusion with
ff7f1dc0393cfc8a033be7e94aa56cd57c97d174Andreas Gustafsson memcmp(). Thanks to Loganaden Velvindron of
725fec8d79ff36402b0f90a7a05aafa7964e387fBrian Wellington AFRINIC. [RT #40148]
9b0c4bf7003db929fe00a345fc96fb97677d29e0Brian Wellington4182. [cleanup] Use mnemonics for RR class and type comparisons.
576f85e5fdb8805307f318db79dfc0d19e390d1aAndreas Gustafsson4181. [bug] Queued notify messages could be dequeued from the
576f85e5fdb8805307f318db79dfc0d19e390d1aAndreas Gustafsson wrong rate limiter queue. [RT #40350]
576f85e5fdb8805307f318db79dfc0d19e390d1aAndreas Gustafsson4180. [bug] Error responses in pipelined queries could
576f85e5fdb8805307f318db79dfc0d19e390d1aAndreas Gustafsson cause a crash in client.c. [RT #40289]
0c70ab306505d89983186e9f8bb8647de55b5d04Mark Andrews4179. [bug] Fix double frees in getaddrinfo() in libirs.
32e64787d9bd84a012ddac506f88fbc677b49377Brian Wellington4178. [bug] Fix assertion failure in parsing UNSPEC(103) RR from
32e64787d9bd84a012ddac506f88fbc677b49377Brian Wellington text. [RT #40274]
fa5a42fbad42f4e033376d5d4624e29d018d97b7Brian Wellington4177. [bug] Fix assertion failure in parsing NSAP records from
fa5a42fbad42f4e033376d5d4624e29d018d97b7Brian Wellington text. [RT #40285]
12acad068846c11ad7bb9adb23f02a6fc37b4e17Andreas Gustafsson4176. [bug] Address race issues with lwresd. [RT #40284]
523dd6a979865b8b1b8f1ecc81e5ce47a168c63fBrian Wellington4175. [bug] TKEY with GSS-API keys needed bigger buffers.
5bb4ceb2a67fd558962f8a786c93daedc148a599Mark Andrews4174. [bug] "dnssec-coverage -r" didn't handle time unit
d119051ef75d5a88d28c13fb0a7c6d6757a4e9b5Brian Wellington suffixes correctly. [RT #38444]
d119051ef75d5a88d28c13fb0a7c6d6757a4e9b5Brian Wellington4173. [bug] dig +sigchase was not properly matching the trusted
d119051ef75d5a88d28c13fb0a7c6d6757a4e9b5Brian Wellington key. [RT #40188]
3f8ad70264645ebd6a2a8bc7e923271eb5bf8416Brian Wellington4172. [bug] Named / named-checkconf didn't handle a view of CLASS0.
fff07c1022643da7274d4ba1b086c9c218762dc9Brian Wellington4171. [bug] Fixed incorrect class checks in TSIG RR
fff07c1022643da7274d4ba1b086c9c218762dc9Brian Wellington implementation. [RT #40287]
c26c349eab7ca0499786c2091f0e407ec90eee6bAndreas Gustafsson4170. [security] An incorrect boundary check in the OPENPGPKEY
c26c349eab7ca0499786c2091f0e407ec90eee6bAndreas Gustafsson rdatatype could trigger an assertion failure.
c26c349eab7ca0499786c2091f0e407ec90eee6bAndreas Gustafsson (CVE-2015-5986) [RT #40286]
4817a0628785835abb57d06f2f616b4a6515ac2fAndreas Gustafsson4169. [test] Added a 'wire_test -d' option to read input as
4817a0628785835abb57d06f2f616b4a6515ac2fAndreas Gustafsson raw binary data, for use as a fuzzing harness.
4817a0628785835abb57d06f2f616b4a6515ac2fAndreas Gustafsson4168. [security] A buffer accounting error could trigger an
228c679d7a269423019f7c528db92e855f08240bMark Andrews assertion failure when parsing certain malformed
a2a7eaf89cd68acdb16177bb05701107ceab52b9Brian Wellington DNSSEC keys. (CVE-2015-5722) [RT #40212]
8c6058d00f89792733b5c8d4ceee84ab5025857bAndreas Gustafsson4167. [func] Update rndc's usage output to include recently added
148af05e15f5d7ae3b076231617369fdaf57d26dAndreas Gustafsson commands. Thanks to Tony Finch for submitting a
d31498a54482c8d5d934875d3fdeaa621c962d6fBrian Wellington patch. [RT #40010]
a2a7eaf89cd68acdb16177bb05701107ceab52b9Brian Wellington4166. [func] Print informative output from rndc showzone when
a2a7eaf89cd68acdb16177bb05701107ceab52b9Brian Wellington allow-new-zones is not enabled for a view. Thanks to
a2a7eaf89cd68acdb16177bb05701107ceab52b9Brian Wellington Tony Finch for submitting a patch. [RT #40009]
54ce9b2e29aafe1cb5f898a0983fb66e450e9559Brian Wellington4165. [security] A failure to reset a value to NULL in tkey.c could
175ba246fb074ae8caca0e76ecc8055517ab486cBrian Wellington result in an assertion failure. (CVE-2015-5477)
7357590beef5f671cfdd4ec4304e5210adfb0d8aBrian Wellington4164. [bug] Don't rename slave files and journals on out of memory.
7357590beef5f671cfdd4ec4304e5210adfb0d8aBrian Wellington4163. [bug] Address compiler warnings. [RT #40024]
8dd5237a27e2e824d18f835dc711573aeb23a173Mark Andrews4162. [bug] httpdmgr->flags was not being initialized. [RT #40017]
3b5102fc018a29e52befde5991844843c7b70786Michael Sawyer4161. [test] Add JSON test for traffic size stats; also test
bbd3d20d0843165a74698166a3180897fd019e18Andreas Gustafsson for consistency between "rndc stats" and the XML
3b5102fc018a29e52befde5991844843c7b70786Michael Sawyer and JSON statistics channel contents. [RT #38700]
bbd3d20d0843165a74698166a3180897fd019e18Andreas Gustafsson4160. [placeholder]
f7e900edbc368275aa7cec7ebec0986e45aeadd7Mark Andrews4159. [cleanup] Alphabetize dig's help output. [RT #39966]
ec772e873bd7f24418049b5b1b5d7c44ff781356Brian Wellington4158. [placeholder]
ec772e873bd7f24418049b5b1b5d7c44ff781356Brian Wellington4157. [placeholder]
abfbf760f3bc2a6744b0249a31ca5153234b49e8Brian Wellington4156. [func] Added statistics counters to track the sizes
abfbf760f3bc2a6744b0249a31ca5153234b49e8Brian Wellington of incoming queries and outgoing responses in
75768d5fa2c6c5c441b849ca4efa649a7c2a9e88Bob Halley histogram buckets, as specified in RSSAC002.
75768d5fa2c6c5c441b849ca4efa649a7c2a9e88Bob Halley4155. [func] Allow RPZ rewrite logging to be configured on a
75768d5fa2c6c5c441b849ca4efa649a7c2a9e88Bob Halley per-zone basis using a newly introduced log clause in
75768d5fa2c6c5c441b849ca4efa649a7c2a9e88Bob Halley the response-policy option. [RT #39754]
065958bd3d26dbc25ff313cfcee07bb6a77ee47eBrian Wellington4154. [bug] A OPT record should be included with the FORMERR
75768d5fa2c6c5c441b849ca4efa649a7c2a9e88Bob Halley response when there is a malformed EDNS option.
22dbaf9ad8065127fd93eff0f239fd9c548d18b6Andreas Gustafsson4153. [bug] Dig should zero non significant +subnet bits. Check
22dbaf9ad8065127fd93eff0f239fd9c548d18b6Andreas Gustafsson that non significant ECS bits are zero on receipt.
22dbaf9ad8065127fd93eff0f239fd9c548d18b6Andreas Gustafsson4152. [func] Implement DNS COOKIE option. This replaces the
184867e88b5a30bbc29f17edbc7b50a6c8a944e7David Lawrence experimental SIT option of BIND 9.10. The following
184867e88b5a30bbc29f17edbc7b50a6c8a944e7David Lawrence named.conf directives are available: send-cookie,
184867e88b5a30bbc29f17edbc7b50a6c8a944e7David Lawrence cookie-secret, cookie-algorithm, nocookie-udp-size
fa280ff02ad0c29616a0c3a22ef02cbb3f6db7efDavid Lawrence and require-server-cookie. The following dig options
fa280ff02ad0c29616a0c3a22ef02cbb3f6db7efDavid Lawrence are available: +[no]cookie[=value] and +[no]badcookie.
f4e4111795ceb13066d09c38723afacb04e33ad4Mark Andrews4151. [bug] 'rndc flush' could cause a deadlock. [RT #39835]
f4e4111795ceb13066d09c38723afacb04e33ad4Mark Andrews4150. [bug] win32: listen-on-v6 { any; }; was not working. Apply
253ab81bf2760d3d7f68512b43710afc02d788daMark Andrews minimal fix. [RT #39667]
253ab81bf2760d3d7f68512b43710afc02d788daMark Andrews4149. [bug] Fixed a race condition in the getaddrinfo()
be171be1799e0ba8cdd35d4f67b772ff086d0d81Andreas Gustafsson implementation in libirs, which caused the delv
be171be1799e0ba8cdd35d4f67b772ff086d0d81Andreas Gustafsson utility to crash with an assertion failure when using
9f28451bca8377ef6c9ea3b0a49bf342c9fa6800Mark Andrews the '@server' syntax with a hostname argument.
af5dc286ff4b750deec50d1c006aae5fc38019c0Mark Andrews4148. [bug] Fix a bug when printing zone names with '/' character
af5dc286ff4b750deec50d1c006aae5fc38019c0Mark Andrews in XML and JSON statistics output. [RT #39873]
ee303f481dfefcd4e4994f8b8b17f2de32aa4d69Brian Wellington4147. [bug] Filter-aaaa / filter-aaaa-on-v4 / filter-aaaa-on-v6
ee303f481dfefcd4e4994f8b8b17f2de32aa4d69Brian Wellington was returning referrals rather than nodata responses
ee303f481dfefcd4e4994f8b8b17f2de32aa4d69Brian Wellington when the AAAA records were filtered. [RT #39843]
9b2a2a9016980fbed6b2025d365a8ae99897608cDavid Lawrence4146. [bug] Address reference leak that could prevent a clean
9b2a2a9016980fbed6b2025d365a8ae99897608cDavid Lawrence shutdown. [RT #37125]
125a916d1a0c01f139ced5736145703df28d07cfDavid Lawrence4145. [bug] Not all unassociated adb entries where being printed.
125a916d1a0c01f139ced5736145703df28d07cfDavid Lawrence4144. [func] Add statistics counters for nxdomain redirections.
2115bc7d6433c92499d8e4f67e1c1dfa42ecd6f0David Lawrence4143. [placeholder]
02e38214502c3a946cdfe87e16525747617a1150Brian Wellington4142. [bug] rndc addzone with view specified saved NZF config
02e38214502c3a946cdfe87e16525747617a1150Brian Wellington that could not be read back by named. This has now
02e38214502c3a946cdfe87e16525747617a1150Brian Wellington been fixed. [RT #39845]
f8da2d95835c5216570a45e9000f740321503ae3David Lawrence4141. [bug] A formatting bug caused rndc zonestatus to print
f8da2d95835c5216570a45e9000f740321503ae3David Lawrence negative numbers for large serial values. This has
f8da2d95835c5216570a45e9000f740321503ae3David Lawrence now been fixed. [RT #39854]
fdb2cda3ed366699d70aaf67ee5ae7fcd2ca7561David Lawrence4140. [cleanup] Remove redundant nzf_remove() call during delzone.
8dc3d2006f679d0a291f7a20612c37e2a7146096Brian Wellington4139. [doc] Fix rpz-client-ip documentation. [RT #39783]
a110543bb4d2e53caa40f83c2b45786a1efe63efAndreas Gustafsson4138. [security] An uninitialized value in validator.c could result
a110543bb4d2e53caa40f83c2b45786a1efe63efAndreas Gustafsson in an assertion failure. (CVE-2015-4620) [RT #39795]
bd5f2ac1880f5f2e96b291378c3dff296fc011f1Mark Andrews4137. [bug] Make rndc reconfig report configuration errors the
a06df85974344892431b14bec51c1beeee971eccAndreas Gustafsson same way rndc reload does. [RT #39635]
f0f61db621eed0c453e31bb85f6803c550e19a6bAndreas Gustafsson4136. [bug] Stale statistics counters with the leading
63612a0fe1abbeb8ab6d727a4cfe46831c481387Brian Wellington '#' prefix (such as #NXDOMAIN) were not being
63612a0fe1abbeb8ab6d727a4cfe46831c481387Brian Wellington updated correctly. This has been fixed. [RT #39141]
9be0c3d823200bed1286cff6bddf2a8c639f5287Brian Wellington4135. [cleanup] Log expired NTA at startup. [RT #39680]
125a916d1a0c01f139ced5736145703df28d07cfDavid Lawrence4134. [cleanup] Include client-ip rules when logging the number
125a916d1a0c01f139ced5736145703df28d07cfDavid Lawrence of RPZ rules of each type. [RT #39670]
32bb863ea960caa650105b60dcd45e3db6840a6fAndreas Gustafsson4133. [port] Update how various json libraries are handled.
736aab3076e9bec708cec073f5cf8e6c4b588886Brian Wellington4132. [cleanup] dig: added +rd as a synonym for +recurse,
736aab3076e9bec708cec073f5cf8e6c4b588886Brian Wellington added +class as an unabbreviated alternative
736aab3076e9bec708cec073f5cf8e6c4b588886Brian Wellington to +cl. [RT #39686]
bb1cf189bb9fd9059cf13b785d15b0e50c0be8fbAndreas Gustafsson4131. [bug] Addressed further problems with reloading RPZ
7cb10f77890fe36b14079c7beb848ec390a53e44Andreas Gustafsson zones. [RT #39649]
7cb10f77890fe36b14079c7beb848ec390a53e44Andreas Gustafsson4130. [bug] The compatibility shim for *printf() misprinted some
bb1cf189bb9fd9059cf13b785d15b0e50c0be8fbAndreas Gustafsson large numbers. [RT #39586]
bb1cf189bb9fd9059cf13b785d15b0e50c0be8fbAndreas Gustafsson4129. [port] Address API changes in OpenSSL 1.1.0. [RT #39532]
f53848e17123569387b279578f0100dca5407da5Mark Andrews4128. [bug] Address issues raised by Coverity 7.6. [RT #39537]
f53848e17123569387b279578f0100dca5407da5Mark Andrews4127. [protocol] CDS and CDNSKEY need to be signed by the key signing
d46bf932ed5e1f58a4c424ce1ce7525963354482Brian Wellington key as per RFC 7344, Section 4.1. [RT #37215]
d46bf932ed5e1f58a4c424ce1ce7525963354482Brian Wellington4126. [bug] Addressed a regression introduced in change #4121.
09671f9551077f9eae8c41619b61272cb9821100Andreas Gustafsson4125. [test] Added tests for dig, renamed delv test to digdelv.
c8fc692fa1445ccfc39b68902546cdfc7ee30d3eBrian Wellington4124. [func] Log errors or warnings encountered when parsing the
c8fc692fa1445ccfc39b68902546cdfc7ee30d3eBrian Wellington internal default configuration. Clarify the logging
c8fc692fa1445ccfc39b68902546cdfc7ee30d3eBrian Wellington of errors and warnings encountered in rndc
f19771c55d7e7d5bb38160e710185e6e61749d16Andreas Gustafsson addzone or modzone parameters. [RT #39440]
f19771c55d7e7d5bb38160e710185e6e61749d16Andreas Gustafsson4123. [port] Added %z (size_t) format options to the portable
f19771c55d7e7d5bb38160e710185e6e61749d16Andreas Gustafsson internal printf/sprintf implementation. [RT #39586]
f19771c55d7e7d5bb38160e710185e6e61749d16Andreas Gustafsson4122. [bug] The server could match a shorter prefix than what was
f1d427043e94371cdf1f21b3cbd65917adbcff25Andreas Gustafsson available in CLIENT-IP policy triggers, and so, an
f1d427043e94371cdf1f21b3cbd65917adbcff25Andreas Gustafsson unexpected action could be taken. This has been
f1d427043e94371cdf1f21b3cbd65917adbcff25Andreas Gustafsson corrected. [RT #39481]
f1d427043e94371cdf1f21b3cbd65917adbcff25Andreas Gustafsson4121. [bug] On servers with one or more policy zones
10e22ebcc3629be94d37bf408157e2c5ee5740e0Andreas Gustafsson configured as slaves, if a policy zone updated
6c29053a20f7614167bafa4388c666644a095349Andreas Gustafsson during regular operation (rather than at
6c29053a20f7614167bafa4388c666644a095349Andreas Gustafsson startup) using a full zone reload, such as via
6c29053a20f7614167bafa4388c666644a095349Andreas Gustafsson AXFR, a bug could allow the RPZ summary data to
6c29053a20f7614167bafa4388c666644a095349Andreas Gustafsson fall out of sync, potentially leading to an
6c29053a20f7614167bafa4388c666644a095349Andreas Gustafsson assertion failure in rpz.c when further
3d509f54ac6bbcc19de5aa6d1ce37e001821dc7bDavid Lawrence incremental updates were made to the zone, such
3d509f54ac6bbcc19de5aa6d1ce37e001821dc7bDavid Lawrence as via IXFR. [RT #39567]
3d509f54ac6bbcc19de5aa6d1ce37e001821dc7bDavid Lawrence4120. [bug] A bug in RPZ could cause the server to crash if
a59ed6543bbc13e7c784d6badce7b757c2620e28David Lawrence policy zones were updated while recursion was
a59ed6543bbc13e7c784d6badce7b757c2620e28David Lawrence pending for RPZ processing of an active query.
a59ed6543bbc13e7c784d6badce7b757c2620e28David Lawrence4119. [test] Allow dig to set the message opcode. [RT #39550]
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence4118. [bug] Teach isc-config.sh about irs. [RT #39213]
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence4117. [protocol] Add EMPTY.AS112.ARPA as per RFC 7534.
91b191a90cae9b162b8c68a3b4820031e129b37bBrian Wellington4116. [bug] Fix a bug in RPZ that could cause some policy
bf00f50cf43a43a999b5ab054cab652f7775dce6Brian Wellington zones that did not specifically require
bf00f50cf43a43a999b5ab054cab652f7775dce6Brian Wellington recursion to be treated as if they did;
bf00f50cf43a43a999b5ab054cab652f7775dce6Brian Wellington consequently, setting qname-wait-recurse no; was
253f774e358dba38742a484426a4cadf4f248817Brian Wellington sometimes ineffective. [RT #39229]
253f774e358dba38742a484426a4cadf4f248817Brian Wellington4115. [func] "rndc -r" now prints the result code (e.g.,
2de31518c3da27092120b40fc373cecf600d64e6Brian Wellington ISC_R_SUCCESS, ISC_R_TIMEOUT, etc) after
2de31518c3da27092120b40fc373cecf600d64e6Brian Wellington running the requested command. [RT #38913]
4ae3a03bb7dbb050adddc051a5df6f3de057eb27Andreas Gustafsson4114. [bug] Fix a regression in radix tree implementation
4ae3a03bb7dbb050adddc051a5df6f3de057eb27Andreas Gustafsson introduced by ECS code. This bug was never
4ae3a03bb7dbb050adddc051a5df6f3de057eb27Andreas Gustafsson released, but it was reported by a user testing
4ae3a03bb7dbb050adddc051a5df6f3de057eb27Andreas Gustafsson master. [RT #38983]
10e22ebcc3629be94d37bf408157e2c5ee5740e0Andreas Gustafsson4113. [test] Check for Net::DNS is some system test
2732332fe53d00592109ef69c0075fcc2ad09db9Brian Wellington prerequisites. [RT #39369]
2732332fe53d00592109ef69c0075fcc2ad09db9Brian Wellington4112. [bug] Named failed to load when "root-delegation-only"
8fa78d9ad5f5ab6c69d1d52b00b1ffcdf1bd5bebMichael Sawyer was used without a list of domains to exclude.
e544b507b8019a62c5d2716281f6832519a8791dDavid Lawrence4111. [doc] Alphabetize rndc man page. [RT #39360]
e544b507b8019a62c5d2716281f6832519a8791dDavid Lawrence4110. [bug] Address memory leaks / null pointer dereferences
09de21079e902c7356d936ef4f2a31060b36e5f3Brian Wellington on out of memory. [RT #39310]
09de21079e902c7356d936ef4f2a31060b36e5f3Brian Wellington4109. [port] linux: support reading the local port range from
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence4108. [func] An additional NXDOMAIN redirect method (option
09671f9551077f9eae8c41619b61272cb9821100Andreas Gustafsson "nxdomain-redirect") has been added, allowing
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence redirection to a specified DNS namespace instead
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence of a single redirect zone. [RT #37989]
8aff41ca8ac8dbd9671f3da824406a8783db49d1Brian Wellington4107. [bug] Address potential deadlock when updating zone content.
c9d7e543d0da2996d1cc52d3c5920141df49a4ecBrian Wellington4106. [port] Improve readline support. [RT #38938]
6dbf9cbe6a39a00de910ef843b9f864abf68bc40Brian Wellington4105. [port] Misc fixes for Microsoft Visual Studio
6dbf9cbe6a39a00de910ef843b9f864abf68bc40Brian Wellington 2015 CTP6 in 64 bit mode. [RT #39308]
17aac384e029f5dd3314876058c7501f4d84b90bBrian Wellington4104. [bug] Address uninitialized elements. [RT #39252]
833535ea78ec7a15376b862fd288ffd00f808666Brian Wellington4103. [port] Misc fixes for Microsoft Visual Studio
17aac384e029f5dd3314876058c7501f4d84b90bBrian Wellington 2015 CTP6. [RT #39267]
23f64ea0dcd7f5b7094ae6ade2a002fb7dde1466Brian Wellington4102. [bug] Fix a use after free bug introduced in change
23f64ea0dcd7f5b7094ae6ade2a002fb7dde1466Brian Wellington #4094. [RT #39281]
3c7ce471aa8a1a9c5bc0ca9e41f406bdc9f0b2aeAndreas Gustafsson4101. [bug] dig: the +split and +rrcomments options didn't
3c7ce471aa8a1a9c5bc0ca9e41f406bdc9f0b2aeAndreas Gustafsson work with +short. [RT #39291]
3562c9dc12f06eb964ccefd3291a012f4e6b1743Brian Wellington4100. [bug] Inherited owernames on the line immediately following
3562c9dc12f06eb964ccefd3291a012f4e6b1743Brian Wellington a $INCLUDE were not working. [RT #39268]
4d5c668a91c6e5a26653031dd137292bfc03da52Andreas Gustafsson4099. [port] clang: make unknown commandline options hard errors
f437f6ffae28f88334cf47ce8f948cbf40331ffaAndreas Gustafsson when determining what options are supported.
704d6eeab1d8d6a2aeb99c37fa5a97322d9340fcBrian Wellington4098. [bug] Address use-after-free issue when using a
704d6eeab1d8d6a2aeb99c37fa5a97322d9340fcBrian Wellington predecessor key with dnssec-settime. [RT #39272]
ed8ba54e644957e0ebd51601552193275299ca8dAndreas Gustafsson4097. [func] Add additional logging about xfrin transfer status.
4d5c668a91c6e5a26653031dd137292bfc03da52Andreas Gustafsson4096. [bug] Fix a use after free of query->sendevent.
5a6335a8bffdcc15ab4b3bb01d070080f9bc892eMark Andrews4095. [bug] zone->options2 was not being properly initialized.
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson4094. [bug] A race during shutdown or reconfiguration could
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson cause an assertion in mem.c. [RT #38979]
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson4093. [func] Dig now learns the SIT value from truncated
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson responses when it retries over TCP. [RT #39047]
4c08b67a5f01eda472a9dfee4c73dbbac49c0065Mark Andrews4092. [bug] 'in-view' didn't work for zones beneath a empty zone.
f8abaa0fae7f75d9601c10b6a4af8dd907494d45Mark Andrews4091. [cleanup] Some cleanups in isc mem code. [RT #38896]
1addbb84718fdb7635459ed05f060be086e88f35Andreas Gustafsson4090. [bug] Fix a crash while parsing malformed CAA RRs in
1addbb84718fdb7635459ed05f060be086e88f35Andreas Gustafsson presentation format, i.e., from text such as
1addbb84718fdb7635459ed05f060be086e88f35Andreas Gustafsson from master files. Thanks to John Van de
1addbb84718fdb7635459ed05f060be086e88f35Andreas Gustafsson Meulebrouck Brendgard for discovering and
1addbb84718fdb7635459ed05f060be086e88f35Andreas Gustafsson reporting this problem. [RT #39003]
d3be9a9c6ef76a5d7671b0962785ca025b153d2bAndreas Gustafsson4089. [bug] Send notifies immediately for slave zones during
d3be9a9c6ef76a5d7671b0962785ca025b153d2bAndreas Gustafsson startup. [RT #38843]
e9fce1415f8be4cd38d528950c92c481bd105254Mark Andrews4088. [port] Fixed errors when building with libressl. [RT #38899]
e9fce1415f8be4cd38d528950c92c481bd105254Mark Andrews4087. [bug] Fix a crash due to use-after-free due to sequencing
483958540f0034d543f0564beb7877326f15a45bMark Andrews of tasks actions. [RT #38495]
59e1a928bc4253b91ead0f7c46be7d3984cb3016Bob Halley4086. [bug] Fix out-of-srcdir build with native pkcs11. [RT #38831]
90cd33e0baf23574a88a4c967afec8b95a1801deAndreas Gustafsson4085. [bug] ISC_PLATFORM_HAVEXADDQ could be inconsistently set.
517950ae99fa271b034a5cfec1c9fbb62696f975Mark Andrews4084. [bug] Fix a possible race in updating stats counters.
f9870620b346ed267023dc98ee81adcfef2e16b7Andreas Gustafsson4083. [cleanup] Print the number of CPUs and UDP listeners
f9870620b346ed267023dc98ee81adcfef2e16b7Andreas Gustafsson consistently in the log and in "rndc status"
dfd7798d8b870abf03795d8095297a4b982ab6e9Mark Andrews output; indicate whether threads are supported
19ff7edc1a6388085193f5487e1599f45aa62648Mark Andrews in "named -V" output. [RT #38811]
19ff7edc1a6388085193f5487e1599f45aa62648Mark Andrews4082. [bug] Incrementally sign large inline zone deltas.
8a0ff6c15cb20c903f9e16a3d5c2cab603478bc3Mark Andrews4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759]
a6dbd6b6604e27ae3c7190de20dbcaaa6e5a1fd8Andreas Gustafsson4080. [func] Completed change #4022, adding a "lock-file" option
42928d936e79dbda7ea00bbcab6e5d8034a95bf8Andreas Gustafsson to named.conf to override the default lock file,
0c0619cc1983ff58e855c5159d8892e46dddac5eBrian Wellington in addition to the "named -X <filename>" command
0c0619cc1983ff58e855c5159d8892e46dddac5eBrian Wellington line option. Setting the lock file to "none"
c472ead4a932f93251eddaa41e120c3bfc4f95a4Andreas Gustafsson using either method disables the check completely.
d7e77a9b59138e8a94d3dfa4e41e1852ad51ac25Andreas Gustafsson4079. [func] Preserve the case of the owner name of records to
c472ead4a932f93251eddaa41e120c3bfc4f95a4Andreas Gustafsson the RRset level. [RT #37442]
a6dbd6b6604e27ae3c7190de20dbcaaa6e5a1fd8Andreas Gustafsson4078. [bug] Handle the case where CMSG_SPACE(sizeof(int)) !=
a6dbd6b6604e27ae3c7190de20dbcaaa6e5a1fd8Andreas Gustafsson CMSG_SPACE(sizeof(char)). [RT #38621]
0e7da7ac26cb234763ff03c3a9bc06e3c22e546fAndreas Gustafsson4077. [test] Add static-stub regression test for DS NXDOMAIN
383665e42ad838046472e847b16c4e0d3f1aaf76Bob Halley return making the static stub disappear. [RT #38564]
383665e42ad838046472e847b16c4e0d3f1aaf76Bob Halley4076. [bug] Named could crash on shutdown with outstanding
383665e42ad838046472e847b16c4e0d3f1aaf76Bob Halley reload / reconfig events. [RT #38622]
6b5a6fbe1cc0ceb7e2b516aaada596b79360a5b8Bob Halley4075. [placeholder]
6b5a6fbe1cc0ceb7e2b516aaada596b79360a5b8Bob Halley4074. [cleanup] Cleaned up more warnings from gcc -Wshadow. [RT #38708]
ba6fd2580863759baedd9c47153602b19006a324Andreas Gustafsson4073. [cleanup] Add libjson-c version number reporting to
ba6fd2580863759baedd9c47153602b19006a324Andreas Gustafsson "named -V"; normalize version number formatting.
ba6fd2580863759baedd9c47153602b19006a324Andreas Gustafsson4072. [func] Add a --enable-querytrace configure switch for
ba6fd2580863759baedd9c47153602b19006a324Andreas Gustafsson very verbose query trace logging. (This option
86a4d80e0624a10b1824d25018246e1ea63f55d2Andreas Gustafsson has a negative performance impact and should be
86a4d80e0624a10b1824d25018246e1ea63f55d2Andreas Gustafsson used only for debugging.) [RT #37520]
dd16d9d9e77c2d906ee5ffa3dd9f71cacfbcb081Brian Wellington4071. [cleanup] Initialize pthread mutex attrs just once, instead of
dd16d9d9e77c2d906ee5ffa3dd9f71cacfbcb081Brian Wellington doing it per mutex creation. [RT #38547]
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson4070. [bug] Fix a segfault in nslookup in a query such as
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson "nslookup isc.org AMS.SNS-PB.ISC.ORG -all".
850d70818503ca1b0f98c9c70b16b51e789fd705Andreas Gustafsson4069. [doc] Reorganize options in the nsupdate man page.
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence4068. [bug] Omit unknown serial number from JSON zone statistics.
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence4067. [cleanup] Reduce noise from RRL when query logging is
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence disabled. [RT #38648]
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence4066. [doc] Reorganize options in the dig man page. [RT #38516]
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence4065. [test] Additional RFC 5011 tests. [RT #38569]
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence4064. [contrib] dnssec-keyset.sh: Generates a specified number
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence of DNSSEC keys with timing set to implement a
5afc10d6d8278c9ab34b9f6c82ef7bb3bfefd0efAndreas Gustafsson pre-publication key rollover strategy. Thanks
78d78f05d91205cbde33ca87d24b8d13aa2d8d66Brian Wellington to Jeffry A. Spain. [RT #38459]
78d78f05d91205cbde33ca87d24b8d13aa2d8d66Brian Wellington4063. [bug] Asynchronous zone loads were not handled
78d78f05d91205cbde33ca87d24b8d13aa2d8d66Brian Wellington correctly when the zone load was already in
5afc10d6d8278c9ab34b9f6c82ef7bb3bfefd0efAndreas Gustafsson progress; this could trigger a crash in zt.c.
5afc10d6d8278c9ab34b9f6c82ef7bb3bfefd0efAndreas Gustafsson4062. [bug] Fix an out-of-bounds read in RPZ code. If the
3f01dde0bd24561fc3a6c2f7e259a58af4457a86Brian Wellington read succeeded, it doesn't result in a bug
3f01dde0bd24561fc3a6c2f7e259a58af4457a86Brian Wellington during operation. If the read failed, named
3f01dde0bd24561fc3a6c2f7e259a58af4457a86Brian Wellington could segfault. [RT #38559]
626b221f7113479a0709f0bb0a8193c0ab0dcf84Andreas Gustafsson4061. [bug] Handle timeout in legacy system test. [RT #38573]
626b221f7113479a0709f0bb0a8193c0ab0dcf84Andreas Gustafsson4060. [bug] dns_rdata_freestruct could be called on a
733e928f714c848aa394c2d12b6239bc7780101bMark Andrews uninitialized structure when handling a error.
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson4059. [bug] Addressed valgrind warnings. [RT #38549]
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington4058. [bug] UDP dispatches could use the wrong pseudorandom
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington number generator context. [RT #38578]
c379c1bddb2d84c9219ab6c394b33aa866b9f3bfAndreas Gustafsson4057. [bug] 'dnssec-dsfromkey -T 0' failed to add ttl field.
dffdc24ffd76ef3d8c8141671e89fb39428fef06Brian Wellington4056. [bug] Expanded automatic testing of trust anchor
17442ccc2b2e9c3b3bfc337f0fdfad6186fbb123Mark Andrews management and fixed several small bugs including
17442ccc2b2e9c3b3bfc337f0fdfad6186fbb123Mark Andrews a memory leak and a possible loss of key state
61b0df9eb522f13aef13cc2704728e799cbc251aMichael Sawyer information. [RT #38458]
61b0df9eb522f13aef13cc2704728e799cbc251aMichael Sawyer4055. [func] "rndc managed-keys" can be used to check status
61b0df9eb522f13aef13cc2704728e799cbc251aMichael Sawyer of trust anchors or to force keys to be refreshed,
369bb68c2c7709c7fd8b0d6c1d1f8abc6422a7e2Michael Sawyer Also, the managed keys data file has easier-to-read
369bb68c2c7709c7fd8b0d6c1d1f8abc6422a7e2Michael Sawyer comments. [RT #38458]
369bb68c2c7709c7fd8b0d6c1d1f8abc6422a7e2Michael Sawyer4054. [func] Added a new tool 'mdig', a lightweight clone of
3dcb97b199693012d12e978b8f577a339e434361Andreas Gustafsson dig able to send multiple pipelined queries.
a3e41e3c03a32b00fc243fce538a39ddc7237885Andreas Gustafsson4053. [security] Revoking a managed trust anchor and supplying
a3e41e3c03a32b00fc243fce538a39ddc7237885Andreas Gustafsson an untrusted replacement could cause named
a3e41e3c03a32b00fc243fce538a39ddc7237885Andreas Gustafsson to crash with an assertion failure.
4ec1a96d90784f70380bdec66f8a0bd6718a5b71Mark Andrews (CVE-2015-1349) [RT #38344]
fa3cbea8bfba19d1c11f9a6ad20f40a2c15377f0Brian Wellington4052. [bug] Fix a leak of query fetchlock. [RT #38454]
0fc89c4ee660e825ac66774f2d4912cfc396386aMark Andrews4051. [bug] Fix a leak of pthread_mutexattr_t. [RT #38454]
e21d199dca95aff5d50f133d6b064309e209af00Brian Wellington4050. [bug] RPZ could send spurious SERVFAILs in response
c03298d879554fc5dc197c28fd4b686e0d880ee3Mark Andrews to duplicate queries. [RT #38510]
04c22ceaf2d3812eaab69d79958d0e0d62048cd2Mark Andrews4049. [bug] CDS and CDNSKEY had the wrong attributes. [RT #38491]
04c22ceaf2d3812eaab69d79958d0e0d62048cd2Mark Andrews4048. [bug] adb hash table was not being grown. [RT #38470]
04c22ceaf2d3812eaab69d79958d0e0d62048cd2Mark Andrews4047. [cleanup] "named -V" now reports the current running versions
04c22ceaf2d3812eaab69d79958d0e0d62048cd2Mark Andrews of OpenSSL and the libxml2 libraries, in addition to
04c22ceaf2d3812eaab69d79958d0e0d62048cd2Mark Andrews the versions that were in use at build time.
b65f2ab14abb4b6ef906d7d02064fba158f07b1eDavid Lawrence4046. [bug] Accounting of "total use" in memory context
b65f2ab14abb4b6ef906d7d02064fba158f07b1eDavid Lawrence statistics was not correct. [RT #38370]
b65f2ab14abb4b6ef906d7d02064fba158f07b1eDavid Lawrence4045. [bug] Skip to next master on dns_request_createvia4 failure.
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews4044. [bug] Change 3955 was not complete, resulting in an assertion
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews failure if the timing was just right. [RT #38352]
b65f2ab14abb4b6ef906d7d02064fba158f07b1eDavid Lawrence4043. [func] "rndc modzone" can be used to modify the
b65f2ab14abb4b6ef906d7d02064fba158f07b1eDavid Lawrence configuration of an existing zone, using similar
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews syntax to "rndc addzone". [RT #37895]
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews4042. [bug] zone.c:iszonesecure was being called too late.
72fa265baa3d138b43427bcb5c0838740f807045Mark Andrews4041. [func] TCP sockets can now be shared while connecting.
09671f9551077f9eae8c41619b61272cb9821100Andreas Gustafsson (This will be used to enable client-side support
72fa265baa3d138b43427bcb5c0838740f807045Mark Andrews of pipelined queries.) [RT #38231]
a5aca6df165c601d755b8c5f5727048078bf0db5Andreas Gustafsson4040. [func] Added server-side support for pipelined TCP
4b6d5b2312d1482cc406fe58fa3269dd7a915b3fMark Andrews queries. Clients may continue sending queries via
4b6d5b2312d1482cc406fe58fa3269dd7a915b3fMark Andrews TCP while previous queries are being processed
29c818c7d40fc8898b062903ec703851328a4deaMark Andrews in parallel. (The new "keep-response-order"
29c818c7d40fc8898b062903ec703851328a4deaMark Andrews option allows clients to be specified for which
b1cde6bf3a8e3a77eb77caf97df0d7ec5c8450dfBrian Wellington the old behavior will still be used.) [RT #37821]
b1cde6bf3a8e3a77eb77caf97df0d7ec5c8450dfBrian Wellington4039. [cleanup] Cleaned up warnings from gcc -Wshadow. [RT #37381]
f8abaa0fae7f75d9601c10b6a4af8dd907494d45Mark Andrews4038. [bug] Add 'rpz' flag to node and use it to determine whether
f8abaa0fae7f75d9601c10b6a4af8dd907494d45Mark Andrews to call dns_rpz_delete. This should prevent unbalanced
f8abaa0fae7f75d9601c10b6a4af8dd907494d45Mark Andrews add / delete calls. [RT #36888]
37d1c8ee546ae89720c3e17e57ee3a05e9cdc7b9Brian Wellington4037. [bug] also-notify was ignoring the tsig key when checking
37d1c8ee546ae89720c3e17e57ee3a05e9cdc7b9Brian Wellington for duplicates resulting in some expected notify
37d1c8ee546ae89720c3e17e57ee3a05e9cdc7b9Brian Wellington messages not being sent. [RT #38369]
28b7844ee93231da831ba3c090e1677bb1be5f18Andreas Gustafsson4036. [bug] Make call to open a temporary file name safe during
28b7844ee93231da831ba3c090e1677bb1be5f18Andreas Gustafsson NZF creation. [RT #38331]
28b7844ee93231da831ba3c090e1677bb1be5f18Andreas Gustafsson4035. [bug] Close temporary and NZF FILE pointers before moving
28b7844ee93231da831ba3c090e1677bb1be5f18Andreas Gustafsson the former into the latter's place, as required on
78db9e8f4b686fde6dfa0ec85a68c06cc9d4bf28Brian Wellington Windows. [RT #38332]
78db9e8f4b686fde6dfa0ec85a68c06cc9d4bf28Brian Wellington4034. [func] When added, negative trust anchors (NTA) are now
78db9e8f4b686fde6dfa0ec85a68c06cc9d4bf28Brian Wellington saved to files (viewname.nta), in order to
78db9e8f4b686fde6dfa0ec85a68c06cc9d4bf28Brian Wellington persist across restarts of the named server.
b20ee662a7c847c9ef7b96ab9e5e34543efe5c0dMark Andrews4033. [bug] Missing out of memory check in request.c:req_send.
450995b90c8cb66d82c2377d4f9bd9812a132c30Andreas Gustafsson4032. [bug] Built-in "empty" zones did not correctly inherit the
f90fe7c8b9a3eef8968fac74905e868c8ab583a3Brian Wellington "allow-transfer" ACL from the options or view.
190fbe9738bd0c1b9b13732bb8bd56b2b7c71640David Lawrence4031. [bug] named-checkconf -z failed to report a missing file
190fbe9738bd0c1b9b13732bb8bd56b2b7c71640David Lawrence with a hint zone. [RT #38294]
190fbe9738bd0c1b9b13732bb8bd56b2b7c71640David Lawrence4030. [func] "rndc delzone" is now applicable to zones that were
190fbe9738bd0c1b9b13732bb8bd56b2b7c71640David Lawrence configured in named.conf, as well as zones that
c40085afa75a5eae732ec1198384dd5cb24400b6Bob Halley were added via "rndc addzone". (Note, however, that
c40085afa75a5eae732ec1198384dd5cb24400b6Bob Halley if named.conf is not also modified, the deleted zone
7b438bdb9b821f9f1c96443762072e137716048dBrian Wellington will return when named is reloaded.) [RT #37887]
c40085afa75a5eae732ec1198384dd5cb24400b6Bob Halley4029. [func] "rndc showzone" displays the current configuration
c40085afa75a5eae732ec1198384dd5cb24400b6Bob Halley of a specified zone. [RT #37887]
c40085afa75a5eae732ec1198384dd5cb24400b6Bob Halley4028. [bug] $GENERATE with a zero step was not being caught as a
c40085afa75a5eae732ec1198384dd5cb24400b6Bob Halley error. A $GENERATE with a / but no step was not being
c40085afa75a5eae732ec1198384dd5cb24400b6Bob Halley caught as a error. [RT #38262]
7b438bdb9b821f9f1c96443762072e137716048dBrian Wellington4027. [port] Net::DNS 0.81 compatibility. [RT #38165]
86c270cbb24117976d6cd3098c3010e067915c24Andreas Gustafsson4026. [bug] Fix RFC 3658 reference in dig +sigchase. [RT #38173]
10258f6b3d1ce54ffb22e6b9a31f8f001f7ee2d5Mark Andrews4025. [port] bsdi: failed to build. [RT #38047]
b38ebe307cb2411535c79afd441870a99cc50eddMark Andrews4024. [bug] dns_rdata_opt_first, dns_rdata_opt_next,
b38ebe307cb2411535c79afd441870a99cc50eddMark Andrews dns_rdata_opt_current, dns_rdata_txt_first,
c2e0aac879097f81bcd31e3d09660a71e70c5fb0Michael Sawyer dns_rdata_txt_next and dns_rdata_txt_current were
8217f91f8d2dd6e94a2bf893284506ea47cd294aAndreas Gustafsson documented but not implemented. These have now been
588b63e1a86fb707172830e14897da624ed380edMark Andrews dns_rdata_spf_first, dns_rdata_spf_next and
588b63e1a86fb707172830e14897da624ed380edMark Andrews dns_rdata_spf_current were documented but not
bb17aa91c14de959b191a200df61afb6a68f110fBrian Wellington implemented. The prototypes for these
bb17aa91c14de959b191a200df61afb6a68f110fBrian Wellington functions have been removed. [RT #38068]
452d75b18f9d050086964fa39c326cf388517396Mark Andrews4023. [bug] win32: socket handling with explicit ports and
452d75b18f9d050086964fa39c326cf388517396Mark Andrews invoking named with -4 was broken for some
2b4db0b6d4b5a0307cecbafdd1d34d6f61b7dbadMark Andrews configurations. [RT #38068]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington4022. [func] Stop multiple spawns of named by limiting number of
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington processes to 1. This is done by using a lockfile and
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington checking whether we can listen on any configured
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington TCP interfaces. [RT #37908]
2a37aa188c2297e0c0856c3e5740c43dd426a432Mark Andrews4021. [bug] Adjust max-recursion-queries to accommodate
2a37aa188c2297e0c0856c3e5740c43dd426a432Mark Andrews the need for more queries when the cache is
6c87cf19970a9eef43c1e38227cd23b3a2f6151aMark Andrews empty. [RT #38104]
7869b99dc815e3b863351b8095d1b71b3f583541Brian Wellington4020. [bug] Change 3736 broke nsupdate's SOA MNAME discovery
7869b99dc815e3b863351b8095d1b71b3f583541Brian Wellington resulting in updates being sent to the wrong server.
df1e829dde71ab960545453e4ae439ae601d5a9eMark Andrews4019. [func] If named is not configured to validate the answer
df1e829dde71ab960545453e4ae439ae601d5a9eMark Andrews then allow fallback to plain DNS on timeout even
df1e829dde71ab960545453e4ae439ae601d5a9eMark Andrews when we know the server supports EDNS. [RT #37978]
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer4018. [placeholder]
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer4017. [test] Add system test to check lookups to legacy servers
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer with broken DNS behavior. [RT #37965]
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer4016. [bug] Fix a dig segfault due to bad linked list usage.
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer4015. [bug] Nameservers that are skipped due to them being
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer CNAMEs were not being logged. They are now logged
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer to category 'cname' as per BIND 8. [RT #37935]
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer4014. [bug] When including a master file origin_changed was
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer not being properly set leading to a potentially
e65fe7af00935a0a81d4b0b0ed51c7f6c89f5c3bAndreas Gustafsson spurious 'inherited owner' warning. [RT #37919]
e65fe7af00935a0a81d4b0b0ed51c7f6c89f5c3bAndreas Gustafsson4013. [func] Add a new tcp-only option to server (config) /
4bb3a1a63d7943564f30bf9efd312283141439a2Andreas Gustafsson peer (struct) to use TCP transport to send
4bb3a1a63d7943564f30bf9efd312283141439a2Andreas Gustafsson queries (in place of UDP transport with a
4bb3a1a63d7943564f30bf9efd312283141439a2Andreas Gustafsson TCP fallback on truncated (TC set) response).
e2b52099918681498136fc82df192d256cc3cdd3Brian Wellington4012. [cleanup] Check returned status of OpenSSL digest and HMAC
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson functions when they return one. Note this applies
389ec663f262cc219e986d6600eec9707ef2cb24Brian Wellington only to FIPS capable OpenSSL libraries put in
e549eb1242b69ee050440e7205a5633cb56199b3Mark Andrews FIPS mode and MD5. [RT #37944]
88cef4408ab6b4c48702ed1b3ae27e20f485d864Mark Andrews4011. [bug] master's list port and dscp inheritance was not
88cef4408ab6b4c48702ed1b3ae27e20f485d864Mark Andrews properly implemented. [RT #37792]
88cef4408ab6b4c48702ed1b3ae27e20f485d864Mark Andrews4010. [cleanup] Clear the prefetchable state when initiating a
88cef4408ab6b4c48702ed1b3ae27e20f485d864Mark Andrews prefetch. [RT #37399]
fce9a9550e8e7a6dff4093d4815ec41fae2d7b55Mark Andrews4009. [func] delv: added a +tcp option. [RT #37855]
693ddf84daa745a0ea8ca311a8154dfa03eabc43Andreas Gustafsson4008. [contrib] Updated zkt to latest version (1.1.3). [RT #37886]
693ddf84daa745a0ea8ca311a8154dfa03eabc43Andreas Gustafsson4007. [doc] Remove acl forward reference restriction. [RT #37772]
ff7e6f2791cc5ad7c5f401a184b88343fde5ec3cAndreas Gustafsson4006. [security] A flaw in delegation handling could be exploited
ff7e6f2791cc5ad7c5f401a184b88343fde5ec3cAndreas Gustafsson to put named into an infinite loop. This has
ff7e6f2791cc5ad7c5f401a184b88343fde5ec3cAndreas Gustafsson been addressed by placing limits on the number
ff7e6f2791cc5ad7c5f401a184b88343fde5ec3cAndreas Gustafsson of levels of recursion named will allow (default 7),
2bebe117bf96d7e24df4d703d6488d61a5179bcaMark Andrews and the number of iterative queries that it will
2bebe117bf96d7e24df4d703d6488d61a5179bcaMark Andrews send (default 50) before terminating a recursive
4da10bce4bf64b574b59aa4fb5be0f237d0d41edBrian Wellington query (CVE-2014-8500).
3f123dcc2fe5d2cd08ca91b732741d86a4036906Brian Wellington The recursion depth limit is configured via the
3f123dcc2fe5d2cd08ca91b732741d86a4036906Brian Wellington "max-recursion-depth" option, and the query limit
16ea60d0dbbaf1206f4800cb16744ef568fd7be8Michael Sawyer via the "max-recursion-queries" option. [RT #37580]
16ea60d0dbbaf1206f4800cb16744ef568fd7be8Michael Sawyer4005. [func] The buffer used for returning text from rndc
16ea60d0dbbaf1206f4800cb16744ef568fd7be8Michael Sawyer commands is now dynamically resizable, allowing
85b23709431b1a84924fe2844f5cf657d1689eefMichael Sawyer arbitrarily large amounts of text to be sent back
85b23709431b1a84924fe2844f5cf657d1689eefMichael Sawyer to the client. (Prior to this change, it was
85b23709431b1a84924fe2844f5cf657d1689eefMichael Sawyer possible for the output of "rndc tsig-list" to be
85b23709431b1a84924fe2844f5cf657d1689eefMichael Sawyer truncated.) [RT #37731]
d15f51c600ed29b2dc379c433fb226c3a13ac0bbAndreas Gustafsson4004. [bug] When delegations had AAAA glue but not A, a
d15f51c600ed29b2dc379c433fb226c3a13ac0bbAndreas Gustafsson reference could be leaked causing an assertion
d15f51c600ed29b2dc379c433fb226c3a13ac0bbAndreas Gustafsson failure on shutdown. [RT #37796]
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson4003. [security] When geoip-directory was reconfigured during
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson named run-time, the previously loaded GeoIP
aa2c453d3c6e416b56b29247bedd9a0af2721e93Mark Andrews data could remain, potentially causing wrong
e412ae947df6de858883564b8676a9650df70d9aMark Andrews ACLs to be used or wrong results to be served
e412ae947df6de858883564b8676a9650df70d9aMark Andrews based on geolocation (CVE-2014-8680). [RT #37720]
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson4002. [security] Lookups in GeoIP databases that were not
07a926724c0a91d85b85a94441938d0094e88cffMark Andrews loaded could cause an assertion failure
07a926724c0a91d85b85a94441938d0094e88cffMark Andrews (CVE-2014-8680). [RT #37679]
07a926724c0a91d85b85a94441938d0094e88cffMark Andrews4001. [security] The caching of GeoIP lookups did not always
90023730de34721b8cd8f3b5d059a28b7a65cf04Andreas Gustafsson handle address families correctly, potentially
90023730de34721b8cd8f3b5d059a28b7a65cf04Andreas Gustafsson resulting in an assertion failure (CVE-2014-8680).
922e6a3c2ac4ef900dd9dc99f0cc137f18372583Andreas Gustafsson4000. [bug] NXDOMAIN redirection incorrectly handled NXRRSET
922e6a3c2ac4ef900dd9dc99f0cc137f18372583Andreas Gustafsson from the redirect zone. [RT #37722]
280747fa7c1d4597d47f7be8ec5fb7c8980c1952Andreas Gustafsson3999. [func] "mkeys" and "nzf" files are now named after
280747fa7c1d4597d47f7be8ec5fb7c8980c1952Andreas Gustafsson their corresponding views, unless the view name
0e07026a21dfcaf57dc789e7ece20182dc36029cMark Andrews contains characters that would be incompatible
0e07026a21dfcaf57dc789e7ece20182dc36029cMark Andrews with use in a filename (i.e., slash, backslash,
27d725f2b0f8d176d4625dc8b2ed71269b25c9a7Andreas Gustafsson or capital letters). If a view name does contain
337ca1838428c52bca3c72288342ce3dee550a04Andreas Gustafsson these characters, the files will still be named
337ca1838428c52bca3c72288342ce3dee550a04Andreas Gustafsson using a cryptographic hash of the view name.
337ca1838428c52bca3c72288342ce3dee550a04Andreas Gustafsson Regardless of this, if a file using the old name
337ca1838428c52bca3c72288342ce3dee550a04Andreas Gustafsson format is found to exist, it will continue to be
337ca1838428c52bca3c72288342ce3dee550a04Andreas Gustafsson used. [RT #37704]
337ca1838428c52bca3c72288342ce3dee550a04Andreas Gustafsson3998. [bug] isc_radix_search was returning matches that were
6b0ce7d29fac9df84ed34aa2d4634e754aec750dAndreas Gustafsson too precise. [RT #37680]
6b0ce7d29fac9df84ed34aa2d4634e754aec750dAndreas Gustafsson3997. [protocol] Add OPENGPGKEY record. [RT# 37671]
6b0ce7d29fac9df84ed34aa2d4634e754aec750dAndreas Gustafsson3996. [bug] Address use after free on out of memory error in
27d725f2b0f8d176d4625dc8b2ed71269b25c9a7Andreas Gustafsson keyring_add. [RT #37639]
27d725f2b0f8d176d4625dc8b2ed71269b25c9a7Andreas Gustafsson3995. [bug] receive_secure_serial holds the zone lock for too
27d725f2b0f8d176d4625dc8b2ed71269b25c9a7Andreas Gustafsson long. [RT #37626]
c89ac488df58cf6a37918cd00236eedf015830f8Andreas Gustafsson3994. [func] Dig now supports setting the last unassigned DNS
c89ac488df58cf6a37918cd00236eedf015830f8Andreas Gustafsson header flag bit (dig +zflag). [RT #37421]
46a7e707fee6d7ba6ca6dae200ff6e0230f4d2f1Brian Wellington3993. [func] Dig now supports EDNS negotiation by default.
46a7e707fee6d7ba6ca6dae200ff6e0230f4d2f1Brian Wellington (dig +[no]ednsnegotiation).
9d3ef72b37c7d23ce3aaaaa5cd0434b4e5ed5c12Mark Andrews Note: This is disabled by default in BIND 9.10
9d3ef72b37c7d23ce3aaaaa5cd0434b4e5ed5c12Mark Andrews and enabled by default in BIND 9.11. [RT #37604]
a7c76f1924d5fc914c579fd3b0276ffbddd2f65aMark Andrews3992. [func] DiG can now send queries without questions
c50a002bd1e36d13e95d74b43ed4a2b5d6fdcec3Mark Andrews (dig +header-only). [RT #37599]
c50a002bd1e36d13e95d74b43ed4a2b5d6fdcec3Mark Andrews3991. [func] Add the ability to buffer logging output by specifying
c50a002bd1e36d13e95d74b43ed4a2b5d6fdcec3Mark Andrews "buffered yes;" when defining a channel. [RT #26561]
c50a002bd1e36d13e95d74b43ed4a2b5d6fdcec3Mark Andrews3990. [test] Add tests for unknown DNSSEC algorithm handling.
566155f16e43fe5f1550456e534b31b0cc36d243David Lawrence3989. [cleanup] Remove redundant dns_db_resigned calls. [RT #35748]
07a46d6dca37ef96b6e9c1fc0c2789983d91819cAndreas Gustafsson3988. [func] Allow the zone serial of a dynamically updatable
566155f16e43fe5f1550456e534b31b0cc36d243David Lawrence zone to be updated via "rndc signing -serial".
07a46d6dca37ef96b6e9c1fc0c2789983d91819cAndreas Gustafsson3987. [port] Handle future Visual Studio 14 incompatible changes.
6d85ebc2d2ccbb8ef01c3ac1659686d3c2be0377Brian Wellington3986. [doc] Add the BIND version number to page footers
6d85ebc2d2ccbb8ef01c3ac1659686d3c2be0377Brian Wellington in the ARM. [RT #37398]
4a0b04961653b4153402dabd71dfd8474b6c230dAndreas Gustafsson3985. [doc] Describe how +ndots and +search interact in dig.
98b8d49c0c0bbace27966eed5811bc81255ce297Brian Wellington3984. [func] Accept 256 byte long PINs in native PKCS#11
98b8d49c0c0bbace27966eed5811bc81255ce297Brian Wellington crypto. [RT #37410]
e42c402595802edceafbd3e5338dda011fbbcdb6Michael Sawyer3983. [bug] Change #3940 was incomplete: negative trust anchors
cc7420cb3b8eb2c48a00384784701bfee37cc96fAndreas Gustafsson could be set to last up to a week, but the
8357e90fba97010a86356a41c8a961d5d602d7d0Michael Sawyer "nta-lifetime" and "nta-recheck" options were
3291587f23b940c986f41cf37b2e531f618ec2bdMichael Sawyer still limited to one day. [RT #37522]
a94948ad5b3b258ce9503b7322bdf82c0baabcabAndreas Gustafsson3982. [doc] Include release notes in product documentation.
b374727d513049b4bfcb9eb021002595fe6a7c63Mark Andrews3981. [bug] Cache DS/NXDOMAIN independently of other query types.
d922e82162b4d0d2387a531ebc127abe9fe4cf2bAndreas Gustafsson3980. [bug] Improve --with-tuning=large by self tuning of SO_RCVBUF
d922e82162b4d0d2387a531ebc127abe9fe4cf2bAndreas Gustafsson size. [RT #37187]
2868291ab5d4deba4d61c110f92dc397807702c7Mark Andrews3979. [bug] Negative trust anchor fetches were not properly
2868291ab5d4deba4d61c110f92dc397807702c7Mark Andrews managed. [RT #37488]
be1d71fd17c92b0acee36ba43ebe4daa498e8014Mark Andrews3978. [test] Added a unit test for Diffie-Hellman key
b374727d513049b4bfcb9eb021002595fe6a7c63Mark Andrews computation, completing change #3974. [RT #37477]
8e732de92e9814e3fa54e36d2154939ea6086b16Andreas Gustafsson3977. [cleanup] "rndc secroots" reported a "not found" error when
8e732de92e9814e3fa54e36d2154939ea6086b16Andreas Gustafsson there were no negative trust anchors set. [RT #37506]
afd2f40b3cff8c3c307155bdc27e5b60e9115545Andreas Gustafsson3976. [bug] When refreshing managed-key trust anchors, clear
afd2f40b3cff8c3c307155bdc27e5b60e9115545Andreas Gustafsson any cached trust so that they will always be
afd2f40b3cff8c3c307155bdc27e5b60e9115545Andreas Gustafsson revalidated with the current set of secure
afd2f40b3cff8c3c307155bdc27e5b60e9115545Andreas Gustafsson roots. [RT #37506]
c605f30cd7d540243509c86cf31b01bdd4fe19feMark Andrews3975. [bug] Don't populate or use the bad cache for queries that
c605f30cd7d540243509c86cf31b01bdd4fe19feMark Andrews don't request or use recursion. [RT #37466]
3302ed8d6eaef8f598338f5682477c5f6acd583cBob Halley3974. [bug] Handle DH_compute_key() failure correctly in
3302ed8d6eaef8f598338f5682477c5f6acd583cBob Halley3973. [test] Added hooks for Google Performance Tools CPU profiler,
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson including real-time/wall-clock profiling. Use
d03bffc40e68ddb63d278946fd9f7f1ad784f5bcMichael Sawyer "configure --with-gperftools-profiler" to enable.
d03bffc40e68ddb63d278946fd9f7f1ad784f5bcMichael Sawyer3972. [bug] Fix host's usage statement. [RT #37397]
91ac60fe11b3ebd095c5fed0db343b2c9a97e646Mark Andrews3971. [bug] Reduce the cascading failures due to a bad $TTL line
83d2840b6f1a5ec898e441be148ddd3211f11583Bob Halley in named-checkconf / named-checkzone. [RT #37138]
83d2840b6f1a5ec898e441be148ddd3211f11583Bob Halley3970. [contrib] Fixed a use after free bug in the SDB LDAP driver.
42e31e6ef7689e0c0569a1f9a5c250d73870b073Michael Graff3969. [test] Added 'delv' system test. [RT #36901]
42e31e6ef7689e0c0569a1f9a5c250d73870b073Michael Graff3968. [bug] Silence spurious log messages when using 'named -[46]'.
a405a53d536521e6c93f47485aacd7c1a1ffb29eAndreas Gustafsson3967. [test] Add test for inlined signed zone in multiple views
a405a53d536521e6c93f47485aacd7c1a1ffb29eAndreas Gustafsson with different DNSKEY sets. [RT #35759]
a405a53d536521e6c93f47485aacd7c1a1ffb29eAndreas Gustafsson3966. [bug] Missing dns_db_closeversion call in receive_secure_db.
53df51bf458da9b04074b6b62b5639c926a751e4Andreas Gustafsson3965. [func] Log outgoing packets and improve packet logging to
ba43c53451d5c38765f376eeede457178b36951aBob Halley support logging the remote address. [RT #36624]
ba43c53451d5c38765f376eeede457178b36951aBob Halley3964. [func] nsupdate now performs check-names processing.
056141f2878d1046306ef0ba035263a00de57f98Mark Andrews3963. [test] Added NXRRSET test cases to the "dlzexternal"
056141f2878d1046306ef0ba035263a00de57f98Mark Andrews system test. [RT #37344]
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews3962. [bug] 'dig +topdown +trace +sigchase' address unhandled error
668278867ba063995988507b6b28724ebb9f9391Mark Andrews conditions. [RT #34663]
72c815ed1780b9039b9ad0d31faf68b3b5c05637Andreas Gustafsson3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with
72c815ed1780b9039b9ad0d31faf68b3b5c05637Andreas Gustafsson BADSIG. [RT #37216]
72c815ed1780b9039b9ad0d31faf68b3b5c05637Andreas Gustafsson3960. [bug] 'dig +sigchase' could loop forever. [RT #37220]
72c815ed1780b9039b9ad0d31faf68b3b5c05637Andreas Gustafsson3959. [bug] Updates could be lost if they arrived immediately
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson after a rndc thaw. [RT #37233]
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson3958. [bug] Detect when writeable files have multiple references
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson and ECDSAP384SHA384. [RT #37183]
7ec4367f3d578170a9495ff3c851b248c1656f08Andreas Gustafsson3956. [func] Notify messages are now rate limited by notify-rate and
7ec4367f3d578170a9495ff3c851b248c1656f08Andreas Gustafsson startup-notify-rate instead of serial-query-rate.
2c9c7c5bb5975a18925c30aeb33a26094902f1c1Andreas Gustafsson3955. [bug] Notify messages due to changes are no longer queued
2c9c7c5bb5975a18925c30aeb33a26094902f1c1Andreas Gustafsson behind startup notify messages. [RT #24454]
94361d586755d4de09b717782f7002e9dd282c89Andreas Gustafsson3954. [bug] Unchecked mutex init in dlz_dlopen_driver.c [RT #37112]
94361d586755d4de09b717782f7002e9dd282c89Andreas Gustafsson3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159]
4440f995911810aaa98d8985ac1a8192095879f2Michael Graff3952. [bug] dns_name_fullcompare failed to set *nlabelsp when the
4440f995911810aaa98d8985ac1a8192095879f2Michael Graff two name pointers were the same. [RT #37176]
4440f995911810aaa98d8985ac1a8192095879f2Michael Graff3951. [func] Add the ability to set yet-to-be-defined EDNS flags
4440f995911810aaa98d8985ac1a8192095879f2Michael Graff to dig (+ednsflags=#). [RT #37142]
4440f995911810aaa98d8985ac1a8192095879f2Michael Graff3950. [port] Changed the bin/python Makefile to work around a
abaec24086f0cc3d7c0994ca9d2247b40eb6aaedBrian Wellington bmake bug in FreeBSD 10 and NetBSD 6. [RT #36993]
abaec24086f0cc3d7c0994ca9d2247b40eb6aaedBrian Wellington3949. [experimental] Experimental support for draft-andrews-edns1 by sending
abaec24086f0cc3d7c0994ca9d2247b40eb6aaedBrian Wellington EDNS(1) queries (define DRAFT_ANDREWS_EDNS1 when
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson building). Add support for limiting the EDNS version
3ad16d4c3a5029662d4ec804f7644739d011d03dBob Halley advertised to servers: server { edns-version 0; };
3ad16d4c3a5029662d4ec804f7644739d011d03dBob Halley Log the EDNS version received in the query log.
32b2cdf212de957e3f9b0efca59f098ed4fb42deBrian Wellington3948. [port] solaris: RCVBUFSIZE was too large on Solaris with
32b2cdf212de957e3f9b0efca59f098ed4fb42deBrian Wellington --with-tuning=large. [RT #37059]
32b2cdf212de957e3f9b0efca59f098ed4fb42deBrian Wellington3947. [cleanup] Set the executable bit on libraries when using
b42a7e9d80e293a5104d9de6ddabd29676918aa5Andreas Gustafsson libtool. [RT #36786]
b42a7e9d80e293a5104d9de6ddabd29676918aa5Andreas Gustafsson3946. [cleanup] Improved "configure" search for a python interpreter.
3113e4dac81fa7b9f0ee5d663d54fbb8ed92738dBob Halley3945. [bug] Invalid wildcard expansions could be incorrectly
7f52817a92d74be0d970c33b204f8f13309eece5Andreas Gustafsson accepted by the validator. [RT #37093]
8cf8a04209c3b6c8d4f0936f1dce06b629605c81Michael Graff3944. [test] Added a regression test for "server-id". [RT #37057]
8cf8a04209c3b6c8d4f0936f1dce06b629605c81Michael Graff3943. [func] SERVFAIL responses can now be cached for a
4b809ba3464c9fb6bb08e9153b9286a8f8a37b01Brian Wellington limited time (configured by "servfail-ttl",
1fc26319b5d69d19a7a31c8d0ab1afc2beef0c41Andreas Gustafsson default 10 seconds, limit 30). This can reduce
1fc26319b5d69d19a7a31c8d0ab1afc2beef0c41Andreas Gustafsson the frequency of retries when an authoritative
1fc26319b5d69d19a7a31c8d0ab1afc2beef0c41Andreas Gustafsson server is known to be failing, e.g., due to
1fc26319b5d69d19a7a31c8d0ab1afc2beef0c41Andreas Gustafsson ongoing DNSSEC validation problems. [RT #21347]
7da0286b540515c82ea83163d6cba59a64fa3eddMichael Graff3942. [bug] Wildcard responses from a optout range should be
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson marked as insecure. [RT #37072]
7da0286b540515c82ea83163d6cba59a64fa3eddMichael Graff3941. [doc] Include the BIND version number in the ARM. [RT #37067]
c4ec2c3190175705df255aa3d5e842a96137a5a1Andreas Gustafsson3940. [func] "rndc nta" now allows negative trust anchors to be
c4ec2c3190175705df255aa3d5e842a96137a5a1Andreas Gustafsson set for up to one week. [RT #37069]
8529c3cdc6abdf3514cb0127313a976bbc3b3936Andreas Gustafsson3939. [func] Improve UPDATE forwarding performance by allowing TCP
87ecd67dae468cf5c9bae213c6fa321449b2ebc2Andreas Gustafsson connections to be shared. [RT #37039]
f38a84ce830efefe48838425ab281e0ae2a91d0eAndreas Gustafsson3938. [func] Added quotas to be used in recursive resolvers
f38a84ce830efefe48838425ab281e0ae2a91d0eAndreas Gustafsson that are under high query load for names in zones
f38a84ce830efefe48838425ab281e0ae2a91d0eAndreas Gustafsson whose authoritative servers are nonresponsive or
f38a84ce830efefe48838425ab281e0ae2a91d0eAndreas Gustafsson are experiencing a denial of service attack.
1b32bc7da1da9059abd68d6dd15b23e8a442afa3Brian Wellington - "fetches-per-server" limits the number of
1b32bc7da1da9059abd68d6dd15b23e8a442afa3Brian Wellington simultaneous queries that can be sent to any
1b32bc7da1da9059abd68d6dd15b23e8a442afa3Brian Wellington single authoritative server. The configured
4187398298c1916f409b44e0457f60e551f5ea1bAndreas Gustafsson value is a starting point; it is automatically
4187398298c1916f409b44e0457f60e551f5ea1bAndreas Gustafsson adjusted downward if the server is partially or
0d00f4bb92090ff64d49ae803a2e75b3f299f547Andreas Gustafsson completely non-responsive. The algorithm used to
4187398298c1916f409b44e0457f60e551f5ea1bAndreas Gustafsson adjust the quota can be configured via the
4b809ba3464c9fb6bb08e9153b9286a8f8a37b01Brian Wellington "fetch-quota-params" option.
4b809ba3464c9fb6bb08e9153b9286a8f8a37b01Brian Wellington - "fetches-per-zone" limits the number of
a69cebac84ec223b908e056678fa7c1181785b20Andreas Gustafsson simultaneous queries that can be sent for names
a69cebac84ec223b908e056678fa7c1181785b20Andreas Gustafsson within a single domain. (Note: Unlike
a69cebac84ec223b908e056678fa7c1181785b20Andreas Gustafsson "fetches-per-server", this value is not
d9ec31a329a14588127b0a15618dec53ca41c73eAndreas Gustafsson - New stats counters have been added to count
7d8d82cee0910a0252e1c37bace732e996789772Andreas Gustafsson queries spilled due to these quotas.
e5d0f6d61e2349e1512c40922305b28c69cb4d3fBrian Wellington See the ARM for details of these options. [RT #37125]
37a8fbab3a1fe6d513b767118cba7515152c2b9bBrian Wellington3937. [func] Added some debug logging to better indicate the
a38f86ea5bb9f924b5912d8444862000a1323082Andreas Gustafsson conditions causing SERVFAILs when resolving.
7d8d82cee0910a0252e1c37bace732e996789772Andreas Gustafsson3936. [func] Added authoritative support for the EDNS Client
7d8d82cee0910a0252e1c37bace732e996789772Andreas Gustafsson Subnet (ECS) option.
7d8d82cee0910a0252e1c37bace732e996789772Andreas Gustafsson ACLs can now include "ecs" elements which specify
cdc2d4a065b6b1a00f0b07aae94bc7cb380d15bcAndreas Gustafsson an address or network prefix; if an ECS option is
ec4060d3104e8bec28406232eb7338c81bb1b1c1Mark Andrews included in a DNS query, then the address encoded
735fb4ffa6a76413f85101d7d625a4776d6ee6cdAndreas Gustafsson in the option will be matched against "ecs" ACL
d70e2f3652fcbcfb2cfa0781a71e2bd2396871f3Andreas Gustafsson Also, if an ECS address is included in a query,
d70e2f3652fcbcfb2cfa0781a71e2bd2396871f3Andreas Gustafsson then it will be used instead of the client source
9139e153da3ffa88457d3e035e2f0132c63a4a71Andreas Gustafsson address when matching "geoip" ACL elements. This
9139e153da3ffa88457d3e035e2f0132c63a4a71Andreas Gustafsson behavior can be overridden with "geoip-use-ecs no;".
9139e153da3ffa88457d3e035e2f0132c63a4a71Andreas Gustafsson (Note: to enable "geoip" ACLs, use "configure
30e6ea9dedbe0738f9729833b1b59042dbebc4dfBrian Wellington --with-geoip". This requires libGeoIP version
30e6ea9dedbe0738f9729833b1b59042dbebc4dfBrian Wellington 1.5.0 or higher.)
1aae88078f409b39c24e2313ffdd767ed29ac787Brian Wellington When "ecs" or "geoip" ACL elements are used to
17a28c1f02c5093b207a3b64201aa9e71df78ebaAndreas Gustafsson select a view for a query, the response will include
17a28c1f02c5093b207a3b64201aa9e71df78ebaAndreas Gustafsson an ECS option to indicate which client network the
b5232b135db580a2c16666e74a82f11130e0731fAndreas Gustafsson answer is valid for.
b5232b135db580a2c16666e74a82f11130e0731fAndreas Gustafsson (Thanks to Vincent Bernat.) [RT #36781]
87075c90f668f4c2f7a709a6bd32bb8e013ae73dBrian Wellington3935. [bug] "geoip asnum" ACL elements would not match unless
87075c90f668f4c2f7a709a6bd32bb8e013ae73dBrian Wellington the full organization name was specified. They
cea88d887559f209ae9d993e0a8fb58d03f60e77Brian Wellington can now match against the AS number alone (e.g.,
cea88d887559f209ae9d993e0a8fb58d03f60e77Brian Wellington AS1234). [RT #36945]
a7705f38e91cc6afaba0426f6b452c9ae5a4efeaAndreas Gustafsson3934. [bug] Catch bad 'sit-secret' in named-checkconf. Improve
a7705f38e91cc6afaba0426f6b452c9ae5a4efeaAndreas Gustafsson sit-secret documentation. [RT #36980]
a7705f38e91cc6afaba0426f6b452c9ae5a4efeaAndreas Gustafsson3933. [bug] Corrected the implementation of dns_rdata_casecompare()
a7705f38e91cc6afaba0426f6b452c9ae5a4efeaAndreas Gustafsson for the HIP rdata type. [RT #36911]
a7705f38e91cc6afaba0426f6b452c9ae5a4efeaAndreas Gustafsson3932. [test] Improved named-checkconf tests. [RT #36911]
735fb4ffa6a76413f85101d7d625a4776d6ee6cdAndreas Gustafsson3931. [cleanup] Cleanup how dlz grammar is defined. [RT #36879]
735fb4ffa6a76413f85101d7d625a4776d6ee6cdAndreas Gustafsson3930. [bug] "rndc nta -r" could cause a server hang if the
e1368a7770744cbeadcdc27967f855196988eceaAndreas Gustafsson NTA was not found. [RT #36909]
c05eb51a1b9ebd156b9fec957d60c2579c968468Mark Andrews3929. [bug] 'host -a' needed to clear idnoptions. [RT #36963]
a3365e361f0066609d250005e2b1082cb2ba35fdAndreas Gustafsson3928. [test] Improve rndc system test. [RT #36898]
e32394a2ac3466a2235f79ee32c247a11be42a8dAndreas Gustafsson3927. [bug] dig: report PKCS#11 error codes correctly when
e32394a2ac3466a2235f79ee32c247a11be42a8dAndreas Gustafsson compiled with --enable-native-pkcs11. [RT #36956]
031f9084fc1ca8b258c151f428677e7226556ad0Mark Andrews3926. [doc] Added doc for geoip-directory. [RT #36877]
031f9084fc1ca8b258c151f428677e7226556ad0Mark Andrews3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917]
031f9084fc1ca8b258c151f428677e7226556ad0Mark Andrews3924. [bug] Improve 'rndc addzone' error reporting. [RT #35187]
031f9084fc1ca8b258c151f428677e7226556ad0Mark Andrews3923. [bug] Sanity check the xml2-config output. [RT #22246]
031f9084fc1ca8b258c151f428677e7226556ad0Mark Andrews3922. [bug] When resigning, dnssec-signzone was removing
44215b932d4f0ce5257d794cb6f76b9282455eb1Mark Andrews all signatures from delegation nodes. It now
44215b932d4f0ce5257d794cb6f76b9282455eb1Mark Andrews retains DS and (if applicable) NSEC signatures.
44215b932d4f0ce5257d794cb6f76b9282455eb1Mark Andrews3921. [bug] AD was inappropriately set on RPZ responses. [RT #36833]
405ffb1f0d2c12d199f85f03973d1a02ac12e000Andreas Gustafsson3920. [doc] Added doc for masterfile-style. [RT #36823]
405ffb1f0d2c12d199f85f03973d1a02ac12e000Andreas Gustafsson3919. [bug] dig: continue to next line if a address lookup fails
405ffb1f0d2c12d199f85f03973d1a02ac12e000Andreas Gustafsson in batch mode. [RT #36755]
6d8568cb45240974da0ee1b653b28e3fdfffe93eAndreas Gustafsson3918. [doc] Update check-spf documentation. [RT #36910]
6d8568cb45240974da0ee1b653b28e3fdfffe93eAndreas Gustafsson3917. [bug] dig, nslookup and host now continue on names that are
6d8568cb45240974da0ee1b653b28e3fdfffe93eAndreas Gustafsson too long after applying a search list elements.
b0f941a50f24656b3523609f86cead41b0269c7aBrian Wellington3916. [contrib] zone2sqlite checked wrong result code. Address
b0f941a50f24656b3523609f86cead41b0269c7aBrian Wellington compiler warnings. [RT #36931]
ea419adc4eca4c3e44f2c282035b5dce6b795fe2Andreas Gustafsson3915. [bug] Address a assertion if a route event arrived while
3f31c8c2954f857e375db8e943a35f6aa5e230b4Andreas Gustafsson shutting down. [RT #36887]
ff59f0e4feaefb45a49427bd91775058b4b4f2d0Andreas Gustafsson3914. [bug] Allow the URI target and CAA value fields to
ff59f0e4feaefb45a49427bd91775058b4b4f2d0Andreas Gustafsson be zero length. [RT #36737]
8af0b86ade4c15a7db207bd7643f8a9f6cb5a648David Lawrence3913. [bug] Address race issue in dispatch. [RT #36731]
886b96ebfd555cfeaf37ae46fc08421a41c61392Andreas Gustafsson3912. [bug] Address some unrecoverable lookup failures. [RT #36330]
674f1cfb1d7dfa92e52db950dbe80e60ef8f5cddBrian Wellington3911. [func] Implement EDNS EXPIRE option client side, allowing
674f1cfb1d7dfa92e52db950dbe80e60ef8f5cddBrian Wellington a slave server to set the expiration timer correctly
69d17bea6be937b92f3375e6249b5677c90f4fe2Andreas Gustafsson when transferring zone data from another slave
69d17bea6be937b92f3375e6249b5677c90f4fe2Andreas Gustafsson server. [RT #35925]
da76a8046e01e1c1c2e6f75772afb2c4f202cc25Brian Wellington3910. [bug] Fix races to free event during shutdown. [RT #36720]
cd7ffa4c1286a48c10056632be3fb0b64c575c35Brian Wellington3909. [bug] When computing the number of elements required for a
cd7ffa4c1286a48c10056632be3fb0b64c575c35Brian Wellington acl count_acl_elements could have a short count leading
0cff88818a96197995c3533f6cbfb1a0efc06db0Brian Wellington to a assertion failure. Also zero out new acl elements
0cff88818a96197995c3533f6cbfb1a0efc06db0Brian Wellington in dns_acl_merge. [RT #36675]
5bba7216f3263dc49dd4db2ac64b6203a9e2b180Andreas Gustafsson3908. [bug] rndc now differentiates between a zone in multiple
40817ed9c13782a7844e15dde24432611c4694acDavid Lawrence views and a zone that doesn't exist at all. [RT #36691]
e06aebbe7b5b3128f99b16d6756a074b4de28d37Mark Andrews3907. [cleanup] Alphabetize rndc help. [RT #36683]
40b1b44ed65b9655a135fc867ed9f0374c247ad4Andreas Gustafsson3906. [protocol] Update URI record format to comply with
40b1b44ed65b9655a135fc867ed9f0374c247ad4Andreas Gustafsson draft-faltstrom-uri-08. [RT #36642]
ab8668fb583a92df0698f5cdac7e7b12ead614aaBrian Wellington3905. [bug] Address deadlock between view.c and adb.c. [RT #36341]
ab8668fb583a92df0698f5cdac7e7b12ead614aaBrian Wellington3904. [func] Add the RPZ SOA to the additional section. [RT36507]
575db903aabb08137a757d1c60ebb0d286ecff56Andreas Gustafsson3903. [bug] Improve the accuracy of DiG's reported round trip
575db903aabb08137a757d1c60ebb0d286ecff56Andreas Gustafsson time. [RT 36611]
575db903aabb08137a757d1c60ebb0d286ecff56Andreas Gustafsson3902. [bug] liblwres wasn't handling link-local addresses in
575db903aabb08137a757d1c60ebb0d286ecff56Andreas Gustafsson nameserver clauses in resolv.conf. [RT #36039]
a4c55a3d0813e00e3d7846cc9736110c61d0a2baAndreas Gustafsson3901. [protocol] Added support for CAA record type (RFC 6844).
c851f1cc2187b59687af94725fbacac022987d05Andreas Gustafsson3900. [bug] Fix a crash in PostgreSQL DLZ driver. [RT #36637]
91614f2bc498ef7eea22e449c91951f4598c8223Andreas Gustafsson3899. [bug] "request-ixfr" is only applicable to slave and redirect
91614f2bc498ef7eea22e449c91951f4598c8223Andreas Gustafsson zones. [RT #36608]
e0a9b524614889ca9b75f846cb6101fc448a60dcAndreas Gustafsson3898. [bug] Too small a buffer in tohexstr() calls in test code.
385a9cb48a70b329e507c39d043fa9a44c659913James Brister3897. [bug] RPZ summary information was not properly being updated
385a9cb48a70b329e507c39d043fa9a44c659913James Brister after a AXFR resulting in changes sometimes being
385a9cb48a70b329e507c39d043fa9a44c659913James Brister ignored. [RT #35885]
3cb0de1c667237085c6a805715c31ddc5fdc9c4dBrian Wellington3896. [bug] Address performance issues with DSCP code on some
385a9cb48a70b329e507c39d043fa9a44c659913James Brister platforms. [RT #36534]
bd77de5fcaea4dcf2f0250ded32adfccd3a38256Brian Wellington3895. [func] Add the ability to set the DSCP code point to dig.
48674819ebf9176b5d5582ae851e485c324c1159Michael Sawyer3894. [bug] Buffers in isc_print_vsnprintf were not properly
48674819ebf9176b5d5582ae851e485c324c1159Michael Sawyer initialized leading to potential overflows when
e5f5ec73a710d21067d4721a9e82f2399f2f6c25David Lawrence printing out quad values. [RT #36505]
9594482ba300a4d694162fa62ba636c7dd00d3b6Brian Wellington3893. [bug] Peer DSCP values could be returned without being set.
47ddde42728034854444cf17e278cebaea06f666Michael Graff3892. [bug] Setting '-t aaaa' in .digrc had unintended side
edf8c55546efa9fb42da1c055ce02462a5c709c0David Lawrence effects. [RT #36452]
edf8c55546efa9fb42da1c055ce02462a5c709c0David Lawrence3891. [bug] Use ${INSTALL_SCRIPT} rather than ${INSTALL_PROGRAM}
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence to install python programs.
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence3890. [bug] RRSIG sets that were not loaded in a single transaction
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence at start up where not being correctly added to
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence re-signing heaps. [RT #36302]
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence3889. [port] hurd: configure fixes as per:
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746540
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence3888. [func] 'rndc status' now reports the number of automatic
36e0c379080343a0272dc076b7d7795ded04ee1dBrian Wellington zones. [RT #36015]
529a6b5224d751504027293a766a4c8b81241869Brian Wellington3887. [cleanup] Make all static symbols in rbtdb64 end in "64" so
529a6b5224d751504027293a766a4c8b81241869Brian Wellington they are easier to use in a debugger. [RT #36373]
186ba80b8e391cf8421872f26771324644e45d83Andreas Gustafsson3886. [bug] rbtdb_write_header should use a once to initialize
186ba80b8e391cf8421872f26771324644e45d83Andreas Gustafsson FILE_VERSION. [RT #36374]
677045ed612e1c26a32b5700479e26c25bcede58Brian Wellington3885. [port] Use 'open()' rather than 'file()' to open files in
febf5f8b55abb2e6e840488a29a5ef4e20654f67David Lawrence3884. [protocol] Add CDS and CDNSKEY record types. [RT #36333]
c34bdef6bd197a04990e52469ad68481532dd35aAndreas Gustafsson3883. [placeholder]
c34bdef6bd197a04990e52469ad68481532dd35aAndreas Gustafsson3882. [func] By default, negative trust anchors will be tested
05f6d0c0381d19eec721e11f6fd88caef25dacd8Andreas Gustafsson periodically to see whether data below them can be
bc334fc90142b2ca26823a3ed1a3f4f086c7d558Andreas Gustafsson validated, and if so, they will be allowed to
dc2c974dcf954a0a238d1afb886c445d06b1aa8bBrian Wellington expire early. The "rndc nta -force" option
a32738e3e4ed9619c8ace22cd119e6769176b22cAndreas Gustafsson overrides this behavior. The default NTA lifetime
a32738e3e4ed9619c8ace22cd119e6769176b22cAndreas Gustafsson and the recheck frequency can be configured by the
a32738e3e4ed9619c8ace22cd119e6769176b22cAndreas Gustafsson "nta-lifetime" and "nta-recheck" options. [RT #36146]
6dc130c7c95107748fff5f767161c2bb742f9f87Brian Wellington3881. [bug] Address memory leak with UPDATE error handling.
49855f0856a0f6f9fed80af88faddf38f3e74eefAndreas Gustafsson3880. [test] Update ans.pl to work with new TSIG support in
49855f0856a0f6f9fed80af88faddf38f3e74eefAndreas Gustafsson Net::DNS; add additional Net::DNS version prerequisite
49855f0856a0f6f9fed80af88faddf38f3e74eefAndreas Gustafsson checks. [RT #36327]
dc2c974dcf954a0a238d1afb886c445d06b1aa8bBrian Wellington3879. [func] Add version printing option to various BIND utilities.
55bfdb0a1491f0668bb279826ee864f4a7425e22Andreas Gustafsson3878. [bug] Using the incorrect filename for a DLZ module
55bfdb0a1491f0668bb279826ee864f4a7425e22Andreas Gustafsson caused a segmentation fault on startup. [RT #36286]
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson3877. [bug] Inserting and deleting parent and child nodes
080a4fe83c3ad208073bffbce1a2af8fe444214fMichael Sawyer in response policy zones could trigger an assertion
48cddfee7c4d90b1901d03ccc0e67e08908a8f2fMark Andrews failure. [RT #36272]
375f19cfb2f9cf5a9efbc65b557a8ce865de85c2Michael Sawyer3876. [bug] Improve efficiency of DLZ redirect zones by
375f19cfb2f9cf5a9efbc65b557a8ce865de85c2Michael Sawyer suppressing unnecessary database lookups. [RT #35835]
375f19cfb2f9cf5a9efbc65b557a8ce865de85c2Michael Sawyer3875. [cleanup] Clarify log message when unable to read private
375f19cfb2f9cf5a9efbc65b557a8ce865de85c2Michael Sawyer key files. [RT #24702]
9bef4575d71a084edf59ac681e53e35ae1b72166Andreas Gustafsson3874. [test] Check that only "check-names master" is needed for
9bef4575d71a084edf59ac681e53e35ae1b72166Andreas Gustafsson updates to be accepted.
9bef4575d71a084edf59ac681e53e35ae1b72166Andreas Gustafsson3873. [protocol] Only warn for SPF without TXT spf record. [RT #36210]
87f4c7933fd2962cca3b9b7e046327f3c6306b84Andreas Gustafsson3872. [bug] Address issues found by static analysis. [RT #36209]
87f4c7933fd2962cca3b9b7e046327f3c6306b84Andreas Gustafsson3871. [bug] Don't publish an activated key automatically before
87f4c7933fd2962cca3b9b7e046327f3c6306b84Andreas Gustafsson its publish time. [RT #35063]
87f4c7933fd2962cca3b9b7e046327f3c6306b84Andreas Gustafsson3870. [func] Updated the random number generator used in
87f4c7933fd2962cca3b9b7e046327f3c6306b84Andreas Gustafsson the resolver to use the updated ChaCha based one
87f4c7933fd2962cca3b9b7e046327f3c6306b84Andreas Gustafsson (similar to OpenBSD's changes). Also moved the
87f4c7933fd2962cca3b9b7e046327f3c6306b84Andreas Gustafsson RNG to libisc and added unit tests for it.
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence3869. [doc] Document that in-view zones cannot be used for
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence response policy zones. [RT #35941]
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence3868. [bug] isc_mem_setwater incorrectly cleared hi_called
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence potentially leaving over memory cleaner running.
dae5ce6ddb0a3c425865d3b6f0f13c4126eacc17Andreas Gustafsson3867. [func] "rndc nta" can now be used to set a temporary
dae5ce6ddb0a3c425865d3b6f0f13c4126eacc17Andreas Gustafsson negative trust anchor, which disables DNSSEC
9a8fea7bc8fb79ff1d31f0a2ba3c9694041c6f3aAndreas Gustafsson validation below a specified name for a specified
9a8fea7bc8fb79ff1d31f0a2ba3c9694041c6f3aAndreas Gustafsson period of time (not exceeding 24 hours). This
9a8fea7bc8fb79ff1d31f0a2ba3c9694041c6f3aAndreas Gustafsson can be used when validation for a domain is known
9a8fea7bc8fb79ff1d31f0a2ba3c9694041c6f3aAndreas Gustafsson to be failing due to a configuration error on
663841abe0bb1cc8040e552597ef721c35b799e5Brian Wellington the part of the domain owner rather than a
663841abe0bb1cc8040e552597ef721c35b799e5Brian Wellington spoofing attack. [RT #29358]
c49e3222b0912479015161e8b54a67a1abf9a0ffAndreas Gustafsson3866. [bug] Named could die on disk full in generate_session_key.
bf68c5151b5c4f7d6b2783584434e61045a88d7fAndreas Gustafsson3865. [test] Improved testability of the red-black tree
bf68c5151b5c4f7d6b2783584434e61045a88d7fAndreas Gustafsson implementation and added unit tests. [RT #35904]
178f73169a27ac031f58863ae12cdb33dc15f6c4Brian Wellington3864. [bug] RPZ didn't work well when being used as forwarder.
9c4cba349f52bb8176c3858b2b5b340f13603802Brian Wellington3863. [bug] The "E" flag was missing from the query log as a
9c4cba349f52bb8176c3858b2b5b340f13603802Brian Wellington unintended side effect of code rearrangement to
64024eaa4d029b0bd090c435b8b02b45eef5cd89Andreas Gustafsson support EDNS EXPIRE. [RT #36117]
0e65062acb2b0d14ab64e0c7ae7eb4137758339bAndreas Gustafsson3862. [cleanup] Return immediately if we are not going to log the
64024eaa4d029b0bd090c435b8b02b45eef5cd89Andreas Gustafsson message in ns_client_dumpmessage.
da527e4ff6a013364826637963e7ac372e024f33David Lawrence3861. [security] Missing isc_buffer_availablelength check results
bc334fc90142b2ca26823a3ed1a3f4f086c7d558Andreas Gustafsson in a REQUIRE assertion when printing out a packet
8d51d9e67e1e5dcf10203c4147ece519c7daa57dMark Andrews (CVE-2014-3859). [RT #36078]
db6fa2e944b3a0682168e9ee145b86c81a6a5321Andreas Gustafsson3860. [bug] ioctl(DP_POLL) array size needs to be determined
db6fa2e944b3a0682168e9ee145b86c81a6a5321Andreas Gustafsson at run time as it is limited to {OPEN_MAX}.
ce2be9b7211ab5bacaa10fe74ef35def3a3f6089David Lawrence3859. [placeholder]
ce2be9b7211ab5bacaa10fe74ef35def3a3f6089David Lawrence3858. [bug] Disable GCC 4.9 "delete null pointer check".
f4d9f465cd29963a99554bbe2936509ea3568c89James Brister3857. [bug] Make it harder for a incorrect NOEDNS classification
f4d9f465cd29963a99554bbe2936509ea3568c89James Brister to be made. [RT #36020]
adade77942b069127a7094df419b3ad39dafb385James Brister3856. [bug] Configuring libjson without also configuring libxml
adade77942b069127a7094df419b3ad39dafb385James Brister resulted in a REQUIRE assertion when retrieving
9bf765ab3a5203b854d32266e6162e547791383cDavid Lawrence statistics using json. [RT #36009]
adade77942b069127a7094df419b3ad39dafb385James Brister3855. [bug] Limit smoothed round trip time aging to no more than
5c0a406664065d54824675e3d2f795ea9e2a56b8Mark Andrews once a second. [RT #32909]
ce8d0fffea20fe03fd0f075263f529ad55f82aacAndreas Gustafsson3854. [cleanup] Report unrecognized options, if any, in the final
ea01648cb950b8d4b5625a8a91a4c1c019dec885Andreas Gustafsson configure summary. [RT #36014]
ea01648cb950b8d4b5625a8a91a4c1c019dec885Andreas Gustafsson3853. [cleanup] Refactor dns_rdataslab_fromrdataset to separate out
ea01648cb950b8d4b5625a8a91a4c1c019dec885Andreas Gustafsson the handling of a rdataset with no records. [RT #35968]
ea01648cb950b8d4b5625a8a91a4c1c019dec885Andreas Gustafsson3852. [func] Increase the default number of clients available
ea01648cb950b8d4b5625a8a91a4c1c019dec885Andreas Gustafsson for servicing lightweight resolver queries, and
7d7bd1b4f0270691f434d37b1052259a13185663Andreas Gustafsson make them configurable via the "lwres-tasks" and
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence "lwres-clients" options. (Thanks to Tomas Hozza.)
7d7bd1b4f0270691f434d37b1052259a13185663Andreas Gustafsson3851. [func] Allow libseccomp based system-call filtering
7d7bd1b4f0270691f434d37b1052259a13185663Andreas Gustafsson on Linux; use "configure --enable-seccomp" to
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence turn it on. Thanks to Loganaden Velvindron
ce8d0fffea20fe03fd0f075263f529ad55f82aacAndreas Gustafsson of AFRINIC for the contribution. [RT #35347]
81f11a70588c6929d1aefd529b940efb70747fc2Andreas Gustafsson3850. [bug] Disabling forwarding could trigger a REQUIRE assertion.
04d58db32739157df6c44e3f37ecb83816fd3f75Andreas Gustafsson3849. [doc] Alphabetized dig's +options. [RT #35992]
04d58db32739157df6c44e3f37ecb83816fd3f75Andreas Gustafsson3848. [bug] Adjust 'statistics-channels specified but not effective'
04d58db32739157df6c44e3f37ecb83816fd3f75Andreas Gustafsson error message to account for JSON support. [RT #36008]
5096958739769958dd7a6b69356bf41260033873David Lawrence3847. [bug] 'configure --with-dlz-postgres' failed to fail when
5096958739769958dd7a6b69356bf41260033873David Lawrence there is not support available.
5096958739769958dd7a6b69356bf41260033873David Lawrence3846. [bug] "dig +notcp ixfr=<serial>" should result in a UDP
84f4e4a656926a795f3bae40b2a6308bebb48b49David Lawrence ixfr query. [RT #35980]
84f4e4a656926a795f3bae40b2a6308bebb48b49David Lawrence3845. [placeholder]
838281ed55d0d3939c2f510559d5852872ed4ddbDavid Lawrence3844. [bug] Use the x64 version of the Microsoft Visual C++
838281ed55d0d3939c2f510559d5852872ed4ddbDavid Lawrence Redistributable when built for 64 bit Windows.
89e57b472d87a37aa6c49a5544d1d1dfe9617f5dDavid Lawrence3843. [protocol] Check EDNS EXPIRE option in dns_rdata_fromwire.
280942843277ca894571ca94c1e431ba079d0ca0Mark Andrews3842. [bug] Adjust RRL log-only logging category. [RT #35945]
bc334fc90142b2ca26823a3ed1a3f4f086c7d558Andreas Gustafsson3841. [cleanup] Refactor zone.c:add_opt to use dns_message_buildopt.
89e57b472d87a37aa6c49a5544d1d1dfe9617f5dDavid Lawrence3840. [port] Check for arc4random_addrandom() before using it;
475c936d4cd0fb83700eb3e022aaecc5626b9b4fJames Brister it's been removed from OpenBSD 5.5. [RT #35907]
4ebb4093f80e32e4a57ff3769f7fd4ad2217ee44Andreas Gustafsson3839. [test] Use only posix-compatible shell in system tests.
4b7167e96abe79cdf194ac3865760a7139b70090Brian Wellington3838. [protocol] EDNS EXPIRE as been assigned a code point of 9.
4b7167e96abe79cdf194ac3865760a7139b70090Brian Wellington3837. [security] A NULL pointer is passed to query_prefetch resulting
4b7167e96abe79cdf194ac3865760a7139b70090Brian Wellington a REQUIRE assertion failure when a fetch is actually
4b7167e96abe79cdf194ac3865760a7139b70090Brian Wellington initiated (CVE-2014-3214). [RT #35899]
a4b496f2abd35b0f27761385c8679de1f5714b0dBrian Wellington3836. [bug] Address C++ keyword usage in header file.
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister3835. [bug] Geoip ACL elements didn't work correctly when
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister referenced via named or nested ACLs. [RT #35879]
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister3834. [bug] The re-signing heaps were not being updated soon enough
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister leading to multiple re-generations of the same RRSIG
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister when a zone transfer was in progress. [RT #35273]
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister3833. [bug] Cross compiling was broken due to calling genrandom at
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister build time. [RT #35869]
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister3832. [func] "named -L <filename>" causes named to send log
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister messages to the specified file by default instead
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister of to the system log. (Thanks to Tony Finch.)
08133a2dbe88e0715e092fbdeec2431971ec0711Andreas Gustafsson3831. [cleanup] Reduce logging noise when EDNS state changes occur.
08133a2dbe88e0715e092fbdeec2431971ec0711Andreas Gustafsson3830. [func] When query logging is enabled, log query errors at
08133a2dbe88e0715e092fbdeec2431971ec0711Andreas Gustafsson the same level ('info') as the queries themselves.
8c1aa8573dd85774ac8921dc0482b91d73e8b8b6Mark Andrews3829. [func] "dig +ttlunits" causes dig to print TTL values
96ab25294b028270eb1be867613df8a6c999b332David Lawrence with time-unit suffixes: w, d, h, m, s for
96ab25294b028270eb1be867613df8a6c999b332David Lawrence weeks, days, hours, minutes, and seconds. (Thanks
96ab25294b028270eb1be867613df8a6c999b332David Lawrence to Tony Finch.) [RT #35823]
96ab25294b028270eb1be867613df8a6c999b332David Lawrence3828. [func] "dnssec-signzone -N date" updates serial number
96ab25294b028270eb1be867613df8a6c999b332David Lawrence to the current date in YYYYMMDDNN format.
4ebb4093f80e32e4a57ff3769f7fd4ad2217ee44Andreas Gustafsson3827. [placeholder]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3826. [bug] Corrected bad INSIST logic in isc_radix_remove().
5aa96829fdd12f30a2e9f717e66d44a4698b0675Andreas Gustafsson3825. [bug] Address sign extension bug in isc_regex_validate.
5aa96829fdd12f30a2e9f717e66d44a4698b0675Andreas Gustafsson3824. [bug] A collision between two flag values could cause
e2894b0e5007e49f5b21be9113e41419ca8489a0Brian Wellington problems with cache cleaning when SIT was enabled.
e2894b0e5007e49f5b21be9113e41419ca8489a0Brian Wellington3823. [func] Log the rpz cname target when rewriting. [RT #35667]
bc334fc90142b2ca26823a3ed1a3f4f086c7d558Andreas Gustafsson3822. [bug] Log the correct type of static-stub zones when
845e0b5f968d4ac069ac8b802730467df8cd7136Mark Andrews removing them. [RT #35842]
c4252cd10ba9a35ef03c53b97961a4c0b15fe44fAndreas Gustafsson3821. [contrib] Added a new "mysqldyn" DLZ module with dynamic
c4252cd10ba9a35ef03c53b97961a4c0b15fe44fAndreas Gustafsson update and transaction support. Thanks to Marty
b6747cf19dea764e5acaa164f23b70d54348d64cMark Andrews Lee for the contribution. [RT #35656]
1318ddb52d8a8a22eae47f7d82137e74b9beacf1Mark Andrews3820. [func] The DLZ API doesn't pass the database version to
de8e189332e884db065b921f84e3ee4922ad10e3David Lawrence the lookup() function; this can cause DLZ modules
de8e189332e884db065b921f84e3ee4922ad10e3David Lawrence that allow dynamic updates to mishandle prerequisite
de8e189332e884db065b921f84e3ee4922ad10e3David Lawrence checks. This has been corrected by adding a
de8e189332e884db065b921f84e3ee4922ad10e3David Lawrence 'dbversion' field to the dns_clientinfo_t
de8e189332e884db065b921f84e3ee4922ad10e3David Lawrence structure. [RT #35656]
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence3819. [bug] NSEC3 hashes need to be able to be entered and
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence displayed without padding. This is not a issue for
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence currently defined algorithms but may be for future
4ebb4093f80e32e4a57ff3769f7fd4ad2217ee44Andreas Gustafsson hash algorithms. [RT #27925]
1c823819b73f17cbfd188d35962da196a48190fbAndreas Gustafsson3818. [bug] Stop lying to the optimizer that 'void *arg' is a
1c823819b73f17cbfd188d35962da196a48190fbAndreas Gustafsson constant in isc_event_allocate.
1c823819b73f17cbfd188d35962da196a48190fbAndreas Gustafsson3817. [func] The "delve" command is now spelled "delv" to avoid
e405739af20dcdc6c7f604548e78806a0d1515c5Brian Wellington a namespace collision with the Xapian project.
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson3816. [func] "dig +qr" now reports query size. (Thanks to
b719a598e77aada962b3a05cb00179dc929d3939Andreas Gustafsson Tony Finch.) [RT #35822]
b719a598e77aada962b3a05cb00179dc929d3939Andreas Gustafsson3815. [doc] Clarify "nsupdate -y" usage in man page. [RT #35808]
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson3814. [func] The "masterfile-style" zone option controls the
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson formatting of dumped zone files. Options are
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson "relative" (multiline format) and "full" (one
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson record per line). The default is "relative".
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson3813. [func] "host" now recognizes the "timeout", "attempts" and
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson "debug" options when set in /etc/resolv.conf.
b74e73c5b4b299da20a6b196b68b9068d376ff35Mark Andrews (Thanks to Adam Tkac at RedHat.) [RT #21885]
b74e73c5b4b299da20a6b196b68b9068d376ff35Mark Andrews3812. [func] Dig now supports sending arbitrary EDNS options from
b74e73c5b4b299da20a6b196b68b9068d376ff35Mark Andrews the command line (+ednsopt=code[:value]). [RT #35584]
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence3811. [func] "serial-update-method date;" sets serial number
323b6387ce2575627427859b8668e7f27f090c4cMark Andrews on dynamic update to today's date in YYYYMMDDNN
d68e4b66b1075e556b480f8bfb607aeba5da46f6Andreas Gustafsson format. (Thanks to Bradley Forschinger.) [RT #24903]
d68e4b66b1075e556b480f8bfb607aeba5da46f6Andreas Gustafsson3810. [bug] Work around broken nameservers that fail to ignore
d68e4b66b1075e556b480f8bfb607aeba5da46f6Andreas Gustafsson unknown EDNS options. [RT #35766]
d68e4b66b1075e556b480f8bfb607aeba5da46f6Andreas Gustafsson3809. [doc] Fix SIT and NSID documentation.
e44d56866bd609e066380cbef414e6ce11a08976Andreas Gustafsson3808. [doc] Clean up "prefetch" documentation. [RT #35751]
e44d56866bd609e066380cbef414e6ce11a08976Andreas Gustafsson3807. [bug] Fix sign extension bug in dns_name_fromtext when
e44d56866bd609e066380cbef414e6ce11a08976Andreas Gustafsson lowercase is set. [RT #35743]
84c4c99c9e2cf14fb9ef6f6815a9fdb824475423Michael Sawyer3806. [test] Improved system test portability. [RT #35625]
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence3805. [contrib] Added contrib/perftcpdns, a performance testing tool
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence for DNS over TCP. [RT #35710]
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence --- 9.10.0rc1 released ---
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence3804. [bug] Corrected a race condition in dispatch.c in which
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence portentry could be reset leading to an assertion
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence failure in socket_search(). (Change #3708
0df2335526caaebd8639129fd0327a6cc97060eaDavid Lawrence addressed the same issue but was incomplete.)
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3803. [bug] "named-checkconf -z" incorrectly rejected zones
8b31f5630f6345f686449f8a84c33c0813283e42Andreas Gustafsson using alternate data sources for not having a "file"
8b31f5630f6345f686449f8a84c33c0813283e42Andreas Gustafsson option. [RT #35685]
8b31f5630f6345f686449f8a84c33c0813283e42Andreas Gustafsson3802. [bug] Various header files were not being installed.
13c32cb589e571e9204dbb091e145809288c9c21David Lawrence3801. [port] Fix probing for gssapi support on FreeBSD. [RT #35615]
13c32cb589e571e9204dbb091e145809288c9c21David Lawrence3800. [bug] A pending event on the route socket could cause an
822f118444dcaddaf977bc73e958b2f755e4ddfdAndreas Gustafsson assertion failure when shutting down named. [RT #35674]
822f118444dcaddaf977bc73e958b2f755e4ddfdAndreas Gustafsson3799. [bug] Improve named's command line error reporting.
822f118444dcaddaf977bc73e958b2f755e4ddfdAndreas Gustafsson3798. [bug] 'rndc zonestatus' was reporting the wrong re-signing
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence time. [RT #35659]
8775909be9fc67180fc480115716f88174e74471James Brister3797. [port] netbsd: geoip support probing was broken. [RT #35642]
406ce0cd9633188a79c008e8f7c8092fa54bc98cJames Brister3796. [bug] Register dns and pkcs#11 error codes. [RT #35629]
a797a75953e21b514427d188bf5d5051419c10adBrian Wellington3795. [bug] Make named-checkconf detect raw masterfiles for
a797a75953e21b514427d188bf5d5051419c10adBrian Wellington hint zones and reject them. [RT #35268]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3794. [maint] Added AAAA for C.ROOT-SERVERS.NET.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3793. [bug] zone.c:save_nsec3param() could assert when out of
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence memory. [RT #35621]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3792. [func] Provide links to the alternate statistics views when
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence displaying in a browser. [RT #35605]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3791. [placeholder]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3790. [bug] Handle broken nameservers that send BADVERS in
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence response to unknown EDNS options. Maintain
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence statistics on BADVERS responses.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3789. [bug] Null pointer dereference on rbt creation failure.
abeb505bb6c1400dde1a40d0bff7b3a435666e1cMark Andrews3788. [bug] dns_peer_getrequestsit was returning request_nsid by
727eef0cbc8bf889ddb3b58eb89e9ea2c3b4b047Andreas Gustafsson --- 9.10.0b2 released ---
727eef0cbc8bf889ddb3b58eb89e9ea2c3b4b047Andreas Gustafsson3787. [bug] The code that checks whether "auto-dnssec" is
727eef0cbc8bf889ddb3b58eb89e9ea2c3b4b047Andreas Gustafsson allowed was ignoring "allow-update" ACLs set at
99524919752c9b9abe1814007732b86592011cc1Brian Wellington the options or view level. [RT #29536]
26c86a6fc85c89447d23d4a3e34b11157a2ff6f4Andreas Gustafsson3786. [func] Provide more detailed error codes when using
26c86a6fc85c89447d23d4a3e34b11157a2ff6f4Andreas Gustafsson native PKCS#11. "pkcs11-tokens" now fails robustly
26c86a6fc85c89447d23d4a3e34b11157a2ff6f4Andreas Gustafsson rather than asserting when run against an HSM with
26c86a6fc85c89447d23d4a3e34b11157a2ff6f4Andreas Gustafsson an incomplete PKCS#11 API implementation. [RT #35479]
b3157263ee12a5792737f09b708d3fc65ca99e01Andreas Gustafsson3785. [bug] Debugging code dumphex didn't accept arbitrarily long
b3157263ee12a5792737f09b708d3fc65ca99e01Andreas Gustafsson input (only compiled with -DDEBUG). [RT #35544]
b3157263ee12a5792737f09b708d3fc65ca99e01Andreas Gustafsson3784. [bug] Using "rrset-order fixed" when it had not been
b3157263ee12a5792737f09b708d3fc65ca99e01Andreas Gustafsson enabled at compile time caused inconsistent
b90d3f516fd62514ff0b06a6ee0311d7ab5fbbb4Brian Wellington results. It now works as documented, defaulting
b90d3f516fd62514ff0b06a6ee0311d7ab5fbbb4Brian Wellington to cyclic mode. [RT #28104]
b35a009df86b4aa3793e87602c95af2a503ec0eeMark Andrews3783. [func] "tsig-keygen" is now available as an alternate
b35a009df86b4aa3793e87602c95af2a503ec0eeMark Andrews command name for "ddns-confgen". It generates
7bb1e299e133de5d530aa4cb545f4130aabf5235Andreas Gustafsson a TSIG key in named.conf format without comments.
7bb1e299e133de5d530aa4cb545f4130aabf5235Andreas Gustafsson3782. [func] Specifying "auto" as the salt when using
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence "rndc signing -nsec3param" causes named to
482b9dae17bc5dc4e51b78d3c5b1a18c7c1adae9Andreas Gustafsson generate a 64-bit salt at random. [RT #35322]
482b9dae17bc5dc4e51b78d3c5b1a18c7c1adae9Andreas Gustafsson3781. [tuning] Use adaptive mutex locks when available; this
34ea3c6fd940a8514b5ec609491f823263a735c7Michael Sawyer has been found to improve performance under load
34ea3c6fd940a8514b5ec609491f823263a735c7Michael Sawyer on many systems. "configure --with-locktype=standard"
26c86a6fc85c89447d23d4a3e34b11157a2ff6f4Andreas Gustafsson restores conventional mutex locks. [RT #32576]
8ae26e9f87560f9d2e495328d573c25af81c49beMark Andrews3780. [bug] $GENERATE handled negative numbers incorrectly.
3c671ac666de8a7dcd7bd02afa20968da0b85bbdMark Andrews3779. [cleanup] Clarify the error message when using an option
3c671ac666de8a7dcd7bd02afa20968da0b85bbdMark Andrews that was not enabled at compile time. [RT #35504]
3c671ac666de8a7dcd7bd02afa20968da0b85bbdMark Andrews3778. [bug] Log a warning when the wrong address family is
3c671ac666de8a7dcd7bd02afa20968da0b85bbdMark Andrews used in "listen-on" or "listen-on-v6". [RT #17848]
58c42ee18c186b2151ced62f64aa4ca23cff4a1dJames Brister3777. [bug] EDNS EXPIRE code could dump core when processing
58c42ee18c186b2151ced62f64aa4ca23cff4a1dJames Brister DLZ queries. [RT #35493]
58c42ee18c186b2151ced62f64aa4ca23cff4a1dJames Brister3776. [func] "rndc -q" suppresses output from successful
58c42ee18c186b2151ced62f64aa4ca23cff4a1dJames Brister rndc commands. Errors are printed on stderr.
5dc6a24e8b6808f03e7a9bc6530d646ebba927dbMark Andrews3775. [bug] dlz_dlopen driver could return the wrong error
5dc6a24e8b6808f03e7a9bc6530d646ebba927dbMark Andrews code on API version mismatch, leading to a segfault.
77771185071bf74d53378f1a3099a04d2af5153eBrian Wellington3774. [func] When using "request-nsid", log the NSID value in
77771185071bf74d53378f1a3099a04d2af5153eBrian Wellington printable form as well as hex. [RT #20864]
0d5d8e2bbf2c0c129f0416f24758a0925ce12be8James Brister3773. [func] "host", "nslookup" and "nsupdate" now have
0d5d8e2bbf2c0c129f0416f24758a0925ce12be8James Brister options to print the version number and exit.
99f3a24e69edbb19e4fe7f2fb0a72c478f8c3cafJames Brister3772. [contrib] Added sqlite3 dynamically-loadable DLZ module.
99f3a24e69edbb19e4fe7f2fb0a72c478f8c3cafJames Brister (Based in part on a contribution from Tim Tessier.)
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence3771. [cleanup] Adjusted log level for "using built-in key"
1299e93989afbe1fee0739811b05fd1641ea14aeAndreas Gustafsson messages. [RT #24383]
aa79283a0d97d5d77d3c17bcb1756035eabe647aAndreas Gustafsson3770. [bug] "dig +trace" could fail with an assertion when it
aa79283a0d97d5d77d3c17bcb1756035eabe647aAndreas Gustafsson needed to fall back to TCP due to a truncated
aa79283a0d97d5d77d3c17bcb1756035eabe647aAndreas Gustafsson response. [RT #24660]
aa79283a0d97d5d77d3c17bcb1756035eabe647aAndreas Gustafsson3769. [doc] Improved documentation of "rndc signing -list".
0bfcec250f9705a1211d0374f0fc1049960de84bMark Andrews3768. [bug] "dnssec-checkds" was missing the SHA-384 digest
0bfcec250f9705a1211d0374f0fc1049960de84bMark Andrews algorithm. [RT #34000]
b5f24a6988e04710bee0281b03b7e168358ac868Andreas Gustafsson3767. [func] Log explicitly when using rndc.key to configure
379bd2c19cec393f56a2e9c42cc87fc8213a1b62James Brister command channel. [RT #35316]
379bd2c19cec393f56a2e9c42cc87fc8213a1b62James Brister3766. [cleanup] Fixed problems with building outside the source
379bd2c19cec393f56a2e9c42cc87fc8213a1b62James Brister tree when using native PKCS#11. [RT #35459]
379bd2c19cec393f56a2e9c42cc87fc8213a1b62James Brister3765. [bug] Fixed a bug in "rndc secroots" that could crash
379bd2c19cec393f56a2e9c42cc87fc8213a1b62James Brister named when dumping an empty keynode. [RT #35469]
c24265935e70d17279153b3cde43e3f6c3527577Andreas Gustafsson3764. [bug] The dnssec-keygen/settime -S and -i options
bedfa169b4cc5511b34c0c4a54c5b8aae364babeJames Brister (to set up a successor key and set the prepublication
bedfa169b4cc5511b34c0c4a54c5b8aae364babeJames Brister interval) were missing from dnssec-keyfromlabel.
bedfa169b4cc5511b34c0c4a54c5b8aae364babeJames Brister3763. [bug] delve: Cache DNSSEC records to avoid the need to
bedfa169b4cc5511b34c0c4a54c5b8aae364babeJames Brister re-fetch them when restarting validation. [RT #35476]
d85552c450141012e7cbeaacc77fb9575b0bb4cbJames Brister3762. [bug] Address build problems with --pkcs11-native +
d85552c450141012e7cbeaacc77fb9575b0bb4cbJames Brister --with-openssl with ECDSA support. [RT #35467]
47c196192afa37b2dea728e52579779f190bf07fJames Brister3761. [bug] Address dangling reference bug in dns_keytable_add.
adf82221858138f295bce732e86dcac34645692eJames Brister3760. [bug] Improve SIT with native PKCS#11 and on Windows.
f3b52d9fe5e7e851adecad4eec8952cceda47592Brian Wellington3759. [port] Enable delve on Windows. [RT #35441]
94c5757a7a2d98b4de3e7a68cfe330d59450f09eAndreas Gustafsson3758. [port] Enable export library APIs on Windows. [RT #35382]
94c5757a7a2d98b4de3e7a68cfe330d59450f09eAndreas Gustafsson3757. [port] Enable Python tools (dnssec-coverage,
f3b52d9fe5e7e851adecad4eec8952cceda47592Brian Wellington dnssec-checkds) to run on Windows. [RT #34355]
71a4339351de0d8233d61025a667ec4dc3e0f868James Brister3756. [bug] GSSAPI Kerberos realm checking was broken in
71a4339351de0d8233d61025a667ec4dc3e0f868James Brister check_config leading to spurious messages being
71a4339351de0d8233d61025a667ec4dc3e0f868James Brister logged. [RT #35443]
71a4339351de0d8233d61025a667ec4dc3e0f868James Brister --- 9.10.0b1 released ---
0380c44d0238a88e167526954d630d071739ed28Mark Andrews3755. [func] Add stats counters for known EDNS options + others.
a6733246eafeb43755ce6d7ec3627ac4209cbccbMark Andrews3754. [cleanup] win32: Installer now places files in the
a6733246eafeb43755ce6d7ec3627ac4209cbccbMark Andrews Program Files area rather than system services.
36bcb04af27e050ddc04b2ff37dbeafc84538fd4Brian Wellington3753. [bug] allow-notify was ignoring keys. [RT #35425]
36bcb04af27e050ddc04b2ff37dbeafc84538fd4Brian Wellington3752. [bug] Address potential REQUIRE failure if
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence DNS_STYLEFLAG_COMMENTDATA is set when printing out
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3751. [tuning] The default setting for the -U option (setting
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence the number of UDP listeners per interface) has
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence been adjusted to improve performance. [RT #35417]
9c11326b18c69b9b2fd6102d80fbd568ae6bd31eAndreas Gustafsson3750. [experimental] Partially implement EDNS EXPIRE option as described
ed71ea51c6ecb5d7d659b6e6a20f6b3f5c2678c6David Lawrence in draft-andrews-dnsext-expire-00. Retrieval of
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence the remaining time until expiry for slave zones
c78dc8b001ba46ef1edb784635c3ba7b3e4456ceJames Brister EXPIRE uses an experimental option code (65002),
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence which is subject to change. [RT #35416]
c78dc8b001ba46ef1edb784635c3ba7b3e4456ceJames Brister3749. [func] "dig +subnet" sends an EDNS client subnet option
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence containing the specified address/prefix when
d5399cc351a549db957185993b320a3bffa40e41James Brister querying. (Thanks to Wilmer van der Gaast.)
d5399cc351a549db957185993b320a3bffa40e41James Brister3748. [test] Use delve to test dns_client interfaces. [RT #35383]
40f349ad1f2f0a63ef2784b8affcd44dc660b39cJames Brister3747. [bug] A race condition could lead to a core dump when
40f349ad1f2f0a63ef2784b8affcd44dc660b39cJames Brister destroying a resolver fetch object. [RT #35385]
ac3b769801d794993e9eb6065b2f7144ffcfc9acMark Andrews3746. [func] New "max-zone-ttl" option enforces maximum
69b691c9624f31e59b8d128ada902a82127c15a3James Brister TTLs for zones. If loading a zone containing a
69b691c9624f31e59b8d128ada902a82127c15a3James Brister higher TTL, the load fails. DDNS updates with
69b691c9624f31e59b8d128ada902a82127c15a3James Brister higher TTLs are accepted but the TTL is truncated.
69b691c9624f31e59b8d128ada902a82127c15a3James Brister (Note: Currently supported for master zones only;
69b691c9624f31e59b8d128ada902a82127c15a3James Brister inline-signing slaves will be added.) [RT #38405]
dba20696eb808075d849e5a4cc8d854555869fb2Brian Wellington3745. [func] "configure --with-tuning=large" adjusts various
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence compiled-in constants and default settings to
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence values suited to large servers with abundant
98c2f9a11185b8a5dd601798990612beb6d1578eJames Brister memory. [RT #29538]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3744. [experimental] SIT: send and process Source Identity Tokens
98c2f9a11185b8a5dd601798990612beb6d1578eJames Brister (similar to DNS Cookies by Donald Eastlake 3rd),
98c2f9a11185b8a5dd601798990612beb6d1578eJames Brister which are designed to help clients detect off-path
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence spoofed responses and for servers to identify
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence legitimate clients.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence SIT uses an experimental EDNS option code (65001),
705cb05a187558959d20ec2c31e06de8e96f61b2David Lawrence which will be changed to an IANA-assigned value
705cb05a187558959d20ec2c31e06de8e96f61b2David Lawrence if the experiment is deemed a success.
a3c0a79b61edfd6a021c080d4b368c9c962fcad6Andreas Gustafsson SIT can be enabled via "configure --enable-sit" (or
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence --enable-developer). It is enabled by default in
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence Servers can be configured to send smaller responses
0b056755b2f423ba5f6adac8f7851d78f7d11437David Lawrence to clients that have not identified themselves via
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence SIT. RRL processing has also been updated;
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence legitimate clients are not subject to rate
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence limiting. [RT #35389]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3743. [bug] delegation-only flag wasn't working in forward zone
174a4f7b80af7f7a33cd9a098c13af23e5ec2a28David Lawrence declarations despite being documented. This is
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence needed to support turning off forwarding and turning
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence on delegation only at the same name. [RT #35392]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3742. [port] linux: libcap support: declare curval at start of
174a4f7b80af7f7a33cd9a098c13af23e5ec2a28David Lawrence block. [RT #35387]
0640343258a99230c62e39dfbbe1505e3a970ee8Andreas Gustafsson3741. [func] "delve" (domain entity lookup and validation engine):
dccfe96a449d135d1b3806a9ab8fd7481d017c8bAndreas Gustafsson A new tool with dig-like semantics for performing DNS
dccfe96a449d135d1b3806a9ab8fd7481d017c8bAndreas Gustafsson lookups, with internal DNSSEC validation, using the
dccfe96a449d135d1b3806a9ab8fd7481d017c8bAndreas Gustafsson same resolver and validator logic as named. This
dccfe96a449d135d1b3806a9ab8fd7481d017c8bAndreas Gustafsson allows easy validation of DNSSEC data in environments
d98c74e2ec5b96bd22aa4ed6d893e8993787493bMichael Graff with untrustworthy resolvers, and assists with
d98c74e2ec5b96bd22aa4ed6d893e8993787493bMichael Graff troubleshooting of DNSSEC problems. [RT #32406]
d98c74e2ec5b96bd22aa4ed6d893e8993787493bMichael Graff3740. [contrib] Minor fixes to configure --with-dlz-bdb,
d03d4524993ecf5da72694907cb8581eadbe5c4dBrian Wellington --with-dlz-postgres and --with-dlz-odbc. [RT #35340]
d03d4524993ecf5da72694907cb8581eadbe5c4dBrian Wellington3739. [func] Added per-zone stats counters to track TCP and
75f6c57d9544aa77a3b1a04587b4702c07343c90Brian Wellington UDP queries. [RT #35375]
75f6c57d9544aa77a3b1a04587b4702c07343c90Brian Wellington3738. [bug] --enable-openssl-hash failed to build. [RT #35343]
c8df84cb389994b4eaf549f5851e70d18e2d063fAndreas Gustafsson3737. [bug] 'rndc retransfer' could trigger a assertion failure
f34984369fbc87f6cc5c5d1059303377a1724d79James Brister with inline zones. [RT #35353]
b092aef75539b462d24b460b67ac49edb79aaff8Andreas Gustafsson3736. [bug] nsupdate: When specifying a server by name,
7cd4c3ddd1baf5f2b204562fdba3da37c716cc78Andreas Gustafsson fall back to alternate addresses if the first
76a191c4202a4839e4ce598ec91f0c0d12f630aaAndreas Gustafsson address for that name is not reachable. [RT #25784]
76a191c4202a4839e4ce598ec91f0c0d12f630aaAndreas Gustafsson3735. [cleanup] Merged the libiscpk11 library into libisc
76a191c4202a4839e4ce598ec91f0c0d12f630aaAndreas Gustafsson to simplify dependencies. [RT #35205]
fef059dcec0f7f83b09b9ce30b91b21a51d9c481Andreas Gustafsson3734. [bug] Improve building with libtool. [RT #35314]
174a4f7b80af7f7a33cd9a098c13af23e5ec2a28David Lawrence3733. [func] Improve interface scanning support. Interface
5f80c1428b9b7235fc9c1c80aa505457c3043504Brian Wellington information will be automatically updated if the
5f80c1428b9b7235fc9c1c80aa505457c3043504Brian Wellington OS supports routing sockets (MacOS, *BSD, Linux).
174a4f7b80af7f7a33cd9a098c13af23e5ec2a28David Lawrence Use "automatic-interface-scan no;" to disable.
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington Add "rndc scan" to trigger a scan. [RT #23027]
b3aaa872e12e5c8658271bde8e4dd85d015e823fAndreas Gustafsson3732. [contrib] Fixed a type mismatch causing the ODBC DLZ
b3aaa872e12e5c8658271bde8e4dd85d015e823fAndreas Gustafsson driver to dump core on 64-bit systems. [RT #35324]
b3aaa872e12e5c8658271bde8e4dd85d015e823fAndreas Gustafsson3731. [func] Added a "no-case-compress" ACL, which causes
b3aaa872e12e5c8658271bde8e4dd85d015e823fAndreas Gustafsson named to use case-insensitive compression
b3aaa872e12e5c8658271bde8e4dd85d015e823fAndreas Gustafsson (disabling change #3645) for specified
389f2ccc2f5f00a11a14114d40492f7ac8249fa7Olafur Gudmundsson clients. (This is useful when dealing
389f2ccc2f5f00a11a14114d40492f7ac8249fa7Olafur Gudmundsson with broken client implementations that
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence use case-sensitive name comparisons,
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence rejecting responses that fail to match the
6deb631b20b7e212d9a350759e472fa60f9e92e4David Lawrence capitalization of the query that was sent.)
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3730. [cleanup] Added "never" as a synonym for "none" when
a9bc95f22ef2dd4a12e79be99412c9f18b814a5dBrian Wellington configuring key event dates in the dnssec tools.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3729. [bug] dnssec-keygen could set the publication date
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence incorrectly when only the activation date was
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence specified on the command line. [RT #35278]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3728. [doc] Expanded native-PKCS#11 documentation,
3c8e458ed2118828b13f35ca6fcc409da66c2869David Lawrence specifically pkcs11: URI labels. [RT #35287]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3727. [func] The isc_bitstring API is no longer used and
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence has been removed from libisc. [RT #35284]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3726. [cleanup] Clarified the error message when attempting
19d1b1667d073850d4366352aaf8319efc5debeeBrian Wellington to configure more than 32 response-policy zones.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3725. [contrib] Updated zkt and nslint to newest versions,
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence cleaned up and rearranged the contrib
20b20b23948b90cb2f7d7f402da99d09f837efd0David Lawrence directory, and added a README.
a89b06a49cc61cdce2ce0ea0f62b514998fa16d9Andreas Gustafsson --- 9.10.0a2 released ---
a89b06a49cc61cdce2ce0ea0f62b514998fa16d9Andreas Gustafsson3724. [bug] win32: Fixed a bug that prevented dig and
9c987b20b9246a34f38af8ed3cd22c61040933a7Andreas Gustafsson host from exiting properly after completing
9c987b20b9246a34f38af8ed3cd22c61040933a7Andreas Gustafsson a UDP query. [RT #35288]
7e9bfde7951c4e35bcbd0d3439790cc823a6794cAndreas Gustafsson3723. [cleanup] Imported keys are now handled the same way
7e9bfde7951c4e35bcbd0d3439790cc823a6794cAndreas Gustafsson regardless of DNSSEC algorithm. [RT #35215]
4c9406964425ecc33fac38bb093e236b43b449e6Andreas Gustafsson3722. [bug] Using geoip ACLs in a blackhole statement
4c9406964425ecc33fac38bb093e236b43b449e6Andreas Gustafsson could cause a segfault. [RT #35272]
4c9406964425ecc33fac38bb093e236b43b449e6Andreas Gustafsson3721. [doc] Improved documentation of the EDNS processing
533131b93b69c4534b5f1f9138b59211670e6e6dMichael Graff enhancements introduced in change #3593. [RT #35275]
533131b93b69c4534b5f1f9138b59211670e6e6dMichael Graff3720. [bug] Address compiler warnings. [RT #35261]
533131b93b69c4534b5f1f9138b59211670e6e6dMichael Graff3719. [bug] Address memory leak in in peer.c. [RT #35255]
533131b93b69c4534b5f1f9138b59211670e6e6dMichael Graff3718. [bug] A missing ISC_LINK_INIT in log.c. [RT #35260]
533131b93b69c4534b5f1f9138b59211670e6e6dMichael Graff3717. [port] hpux: Treat EOPNOTSUPP as a expected error code when
533131b93b69c4534b5f1f9138b59211670e6e6dMichael Graff probing to see if it is possible to set dscp values
0e7da7ac26cb234763ff03c3a9bc06e3c22e546fAndreas Gustafsson on a per packet basis. [RT #35252]
73abbeb5823a9b3e01b05a8878db915eb6beccdaAndreas Gustafsson3716. [bug] The dns_request code was setting dcsp values when not
73abbeb5823a9b3e01b05a8878db915eb6beccdaAndreas Gustafsson requested. [RT #35252]
73abbeb5823a9b3e01b05a8878db915eb6beccdaAndreas Gustafsson3715. [bug] The region and city databases could fail to
538971e27d45861c937331f52b0e96d3a5157d8eAndreas Gustafsson initialize when using some versions of libGeoIP,
538971e27d45861c937331f52b0e96d3a5157d8eAndreas Gustafsson causing assertion failures when named was
538971e27d45861c937331f52b0e96d3a5157d8eAndreas Gustafsson configured to use them. [RT #35427]
7ffc4c63ac8841d127c2d77c8716cc0dc483badcDavid Lawrence3714. [test] System tests that need to test for cryptography
c50936eb40263b65ebf6afe4e6556e2dc67c10e4Brian Wellington support before running can now use a common
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence "testcrypto.sh" script to do so. [RT #35213]
8977ab7ca0ed63a39a8cd0b915ab9cb1254dcd3fJames Brister3713. [bug] Save memory by not storing "also-notify" addresses
8977ab7ca0ed63a39a8cd0b915ab9cb1254dcd3fJames Brister in zone objects that are configured not to send
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence notify requests. [RT #35195]
dc97fe4ed08488d314ab5bc8e99ed839542cf411David Lawrence3712. [placeholder]
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson3711. [placeholder]
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson3710. [bug] Address double dns_zone_detach when switching to
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson using automatic empty zones from regular zones.
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson3709. [port] Use built-in versions of strptime() and timegm()
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson on all platforms to avoid portability issues.
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson3708. [bug] Address a portentry locking issue in dispatch.c.
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson3707. [bug] irs_resconf_load now returns ISC_R_FILENOTFOUND
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence on a missing resolv.conf file and initializes the
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence structure as if it had been configured with:
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence nameserver ::1
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence nameserver 127.0.0.1
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence Note: Callers will need to be updated to treat
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence ISC_R_FILENOTFOUND as a qualified success or else
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence they will leak memory. The following code fragment
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence will work with both old and new versions without
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence changing the behaviour of the existing code.
52b784e2a662038b833e4f9ad7bff881faf52a85Andreas Gustafsson resconf = NULL;
52b784e2a662038b833e4f9ad7bff881faf52a85Andreas Gustafsson result = irs_resconf_load(mctx, "/etc/resolv.conf",
a5aca6df165c601d755b8c5f5727048078bf0db5Andreas Gustafsson if (result != ISC_SUCCESS) {
edb8ffbbf3e4b3c16a10fdd45720d97706e6bf50Mark Andrews if (resconf != NULL)
edb8ffbbf3e4b3c16a10fdd45720d97706e6bf50Mark Andrews irs_resconf_destroy(&resconf);
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3706. [contrib] queryperf: Fixed a possible integer overflow when
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence printing results. [RT #35182]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3705. [func] "configure --enable-native-pkcs11" enables BIND
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence to use the PKCS#11 API for all cryptographic
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence functions, so that it can drive a hardware service
a120694df8156f76eb629e4d686d3729362e3c90David Lawrence module directly without the need to use a modified
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence OpenSSL as intermediary (so long as the HSM's vendor
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence provides a complete-enough implementation of the
a120694df8156f76eb629e4d686d3729362e3c90David Lawrence PKCS#11 interface). This has been tested successfully
fcba8f29fedd5a29651579e22c96413b4f37cab9Brian Wellington with the Thales nShield HSM and with SoftHSMv2 from
fcba8f29fedd5a29651579e22c96413b4f37cab9Brian Wellington the OpenDNSSEC project. [RT #29031]
f6afa4ac95f3a6c86c61c0b122cd0dc6f957649bBrian Wellington3704. [protocol] Accept integer timestamps in RRSIG records. [RT #35185]
34b394b43e2207e8f8f3703f0402422121455638David Lawrence3703. [func] To improve recursive resolver performance, cache
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister records which are still being requested by clients
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister can now be automatically refreshed from the
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister authoritative server before they expire, reducing
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister or eliminating the time window in which no answer
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister is available in the cache. See the "prefetch" option
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister for more details. [RT #35041]
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister3702. [func] 'dnssec-coverage -l' option specifies a length
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister of time to check for coverage; events further into
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister the future are ignored. 'dnssec-coverage -z'
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister checks only ZSK events, and 'dnssec-coverage -k'
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister checks only KSK events. (Thanks to Peter Palfrader.)
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3701. [func] named-checkconf can now obscure shared secrets
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister when printing by specifying '-x'. [RT #34465]
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister3700. [func] Allow access to subgroups of XML statistics via
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister special URLs http://<server>:<port>/xml/v3/server,
c0b06c8275c5ea3cde8cc67f3a6f9cab1bd55d65James Brister /zones, /net, /tasks, /mem, and /status. [RT #35115]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3699. [bug] Improvements to statistics channel XSL stylesheet:
527ea00c176abc167a6daf978e06f52c7e70aa06Andreas Gustafsson the stylesheet can now be cached by the browser;
527ea00c176abc167a6daf978e06f52c7e70aa06Andreas Gustafsson section headers are omitted from the stats display
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence when there is no data in those sections to be
f7d85bae58428b91fde90f87c1e9ef89897acf2eAndreas Gustafsson displayed; counters are now right-justified for
f7d85bae58428b91fde90f87c1e9ef89897acf2eAndreas Gustafsson easier readability. [RT #35117]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3698. [cleanup] Replaced all uses of memcpy() with memmove().
ec7493d8d1966a3dc5f5306fc0a96519e0de6dceAndreas Gustafsson3697. [bug] Handle "." as a search list element when IDN support
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence is enabled. [RT #35133]
289fd0daf888e3f7b1733bd750f60891ce90e1e6Andreas Gustafsson3696. [bug] dig failed to handle AXFR style IXFR responses which
289fd0daf888e3f7b1733bd750f60891ce90e1e6Andreas Gustafsson span multiple messages. [RT #35137]
bd36d3014e8a82d217ed1c88cdb4c717a25fee09Andreas Gustafsson3695. [bug] Address a possible race in dispatch.c. [RT #35107]
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews3694. [bug] Warn when a key-directory is configured for a zone,
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews but does not exist or is not a directory. [RT #35108]
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews3693. [security] memcpy was incorrectly called with overlapping
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews ranges resulting in malformed names being generated
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews on some platforms. This could cause INSIST failures
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews when serving NSEC3 signed zones (CVE-2014-0591).
c052487cdf42c83bb0fa8e4c0ed135e801ac1e90Mark Andrews3692. [bug] Two calls to dns_db_getoriginnode were fatal if there
c052487cdf42c83bb0fa8e4c0ed135e801ac1e90Mark Andrews was no data at the node. [RT #35080]
dcd66bf9667816cfc3419f2040e03f5621d88555Andreas Gustafsson3691. [contrib] Address null pointer dereference in LDAP and
dcd66bf9667816cfc3419f2040e03f5621d88555Andreas Gustafsson MySQL DLZ modules.
f4f3f2cf3499cf6c32f6329aca08b5c557f507f1Mark Andrews3690. [bug] Iterative responses could be missed when the source
f4f3f2cf3499cf6c32f6329aca08b5c557f507f1Mark Andrews port for an upstream query was the same as the
f4f3f2cf3499cf6c32f6329aca08b5c557f507f1Mark Andrews listener port (53). [RT #34925]
f4f3f2cf3499cf6c32f6329aca08b5c557f507f1Mark Andrews3689. [bug] Fixed a bug causing an insecure delegation from one
f4f3f2cf3499cf6c32f6329aca08b5c557f507f1Mark Andrews static-stub zone to another to fail with a broken
f4f3f2cf3499cf6c32f6329aca08b5c557f507f1Mark Andrews trust chain. [RT #35081]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3688. [bug] loadnode could return a freed node on out of memory.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3687. [bug] Address null pointer dereference in zone_xfrdone.
9dff010bd0224c0eb0046e02c51947bf69cbb718David Lawrence3686. [func] "dnssec-signzone -Q" drops signatures from keys
996f4a8bc34cb0203ce6a40ff82bca8bf32423ccAndreas Gustafsson that are still published but no longer active.
6a13d6f3c687d463a2a88f696a5193a5651612baAndreas Gustafsson3685. [bug] "rndc refresh" didn't work correctly with slave
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence zones using inline-signing. [RT #35105]
c0fcd6b98bc1fe5bbd2bd1a4d729215f65e3d20fJames Brister3684. [bug] The list of included files would grow on reload.
17d0495c338ca6273cc1e1e3fd9354ab785a9ae9Mark Andrews3683. [cleanup] Add a more detailed "not found" message to rndc
17d0495c338ca6273cc1e1e3fd9354ab785a9ae9Mark Andrews commands which specify a zone name. [RT #35059]
4c5651ee049cbace08d5350e3d23a0d6da491fa8James Brister3682. [bug] Correct the behavior of rndc retransfer to allow
4c5651ee049cbace08d5350e3d23a0d6da491fa8James Brister inline-signing slave zones to retain NSEC3 parameters
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence instead of reverting to NSEC. [RT #34745]
e06abf2270cc397e6a1ab8e25055e9c05f256beeJames Brister3681. [port] Update the Windows build system to support feature
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence selection and WIN64 builds. This is a work in
e06abf2270cc397e6a1ab8e25055e9c05f256beeJames Brister progress. [RT #34160]
e411a986b94276c28e6a971f9c3b61d45c635456James Brister3680. [bug] Ensure buffer space is available in "rndc zonestatus".
c6ce77b4dccb15297f78de9e0c00d40f40ce8aa4Mark Andrews3679. [bug] dig could fail to clean up TCP sockets still
c6ce77b4dccb15297f78de9e0c00d40f40ce8aa4Mark Andrews waiting on connect(). [RT #35074]
76a33ffee5be9a1001c27c103e6d98983443cbfdAndreas Gustafsson3678. [port] Update config.guess and config.sub. [RT #35060]
1d7172079ddd7aaad66a135a814d0013c6503837Andreas Gustafsson3677. [bug] 'nsupdate' leaked memory if 'realm' was used multiple
5159c427839689d5070e2f9c6c9a0168dd9f6583Mark Andrews times. [RT #35073]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3676. [bug] "named-checkconf -z" now checks zones of type
41da7fdc551c50cddebf2c5311e322efd793fd3bDavid Lawrence hint and redirect as well as master. [RT #35046]
5159c427839689d5070e2f9c6c9a0168dd9f6583Mark Andrews3675. [misc] Provide a place for third parties to add version
5159c427839689d5070e2f9c6c9a0168dd9f6583Mark Andrews information for their extensions in the version
1d7172079ddd7aaad66a135a814d0013c6503837Andreas Gustafsson file by setting the EXTENSIONS variable.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence --- 9.10.0a1 released ---
3364cad7e4699aff0b2d5090ab09a6da9733a118Andreas Gustafsson3674. [bug] RPZ zeroed ttls if the query type was '*'. [RT #35026]
e2cf9c2db3fd484d160d3b7850f5e4d9c19945faJames Brister3673. [func] New "in-view" zone option allows direct sharing
e2cf9c2db3fd484d160d3b7850f5e4d9c19945faJames Brister of zones between views. [RT #32968]
dd3fc76a33569ee9d5d30effc0d975651a4567f5Andreas Gustafsson3672. [func] Local address can now be specified when using
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence dns_client API. [RT #34811]
e2cf9c2db3fd484d160d3b7850f5e4d9c19945faJames Brister3671. [bug] Don't allow dnssec-importkey overwrite a existing
e2cf9c2db3fd484d160d3b7850f5e4d9c19945faJames Brister non-imported private key.
dd3fc76a33569ee9d5d30effc0d975651a4567f5Andreas Gustafsson3670. [bug] Address read after free in server side of
e2cf9c2db3fd484d160d3b7850f5e4d9c19945faJames Brister lwres_getrrsetbyname. [RT #29075]
41da7fdc551c50cddebf2c5311e322efd793fd3bDavid Lawrence3669. [port] freebsd: --with-gssapi needs -lhx509. [RT #35001]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3668. [bug] Fix cast in lex.c which could see 0xff treated as eof.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3667. [test] dig: add support to keep the TCP socket open between
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence successive queries (+[no]keepopen). [RT #34918]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3666. [func] Add a tool, named-rrchecker, for checking the syntax
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence of individual resource records. This tool is intended
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence to be called by provisioning systems so that the front
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence end does not need to be upgraded to support new DNS
9bb05852fed91ff3913601b7ed8e43e711aa9094David Lawrence record types. [RT #34778]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3665. [bug] Failure to release lock on error in receive_secure_db.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3664. [bug] Updated OpenSSL PKCS#11 patches to fix active list
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence locking and other bugs. [RT #34855]
4be63b1fd8c18dbeca1648d6cf22fa14f057a469David Lawrence3663. [bug] Address bugs in dns_rdata_fromstruct and
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence dns_rdata_tostruct for WKS and ISDN types. [RT #34910]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3662. [bug] 'host' could die if a UDP query timed out. [RT #34870]
b99d080717fdd741961d736581270d37bad8bec0David Lawrence3661. [bug] Address lock order reversal deadlock with inline zones.
97f75286ada13a1b06a424607e638bde5ebfb3caAndreas Gustafsson3660. [cleanup] Changed the name of "isc-config.sh" to "bind9-config".
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3659. [port] solaris: don't add explicit dependencies/rules for
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence python programs as make won't use the implicit rules.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3658. [port] linux: Address platform specific compilation issue
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence when libcap-devel is installed. [RT #34838]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3657. [port] Some readline clones don't accept NULL pointers when
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence calling add_history. [RT #34842]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3656. [security] Treat an all zero netmask as invalid when generating
54a2e7e8a21ee765f41bd995101995613bff9e8cDavid Lawrence the localnets acl. (The prior behavior could
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence allow unexpected matches when using some versions
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence of Winsock: CVE-2013-6320.) [RT #34687]
027212247d59c05452abb7a8b253efe52d14459eDavid Lawrence3655. [cleanup] Simplify TCP message processing when requesting a
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence zone transfer. [RT #34825]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3654. [bug] Address race condition with manual notify requests.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3653. [func] Create delegations for all "children" of empty zones
344e909ce9c59422a70105aba498e68b2d42623bDavid Lawrence except "forward first". [RT #34826]
738922ba7bb10b206f6f54931aed068e3dcb950dDavid Lawrence3652. [bug] Address bug with rpz-drop policy. [RT #34816]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3651. [tuning] Adjust when a master server is deemed unreachable.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3650. [tuning] Use separate rate limiting queues for refresh and
9c4f33b6718407e94d50dbfb4977e16d3f83de9dDavid Lawrence notify requests. [RT #30589]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3649. [cleanup] Include a comment in .nzf files, giving the name of
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence the associated view. [RT #34765]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3648. [test] Updated the ATF test framework to version 0.17.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3647. [bug] Address a race condition when shutting down a zone.
e3b3a046bf653d39cb5b92534a6a36fce1702d20Bob Halley3646. [bug] Journal filename string could be set incorrectly,
e3b3a046bf653d39cb5b92534a6a36fce1702d20Bob Halley causing garbage in log messages. [RT #34738]
e3b3a046bf653d39cb5b92534a6a36fce1702d20Bob Halley3645. [protocol] Use case sensitive compression when responding to
e3b3a046bf653d39cb5b92534a6a36fce1702d20Bob Halley queries. [RT #34737]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3644. [protocol] Check that EDNS subnet client options are well formed.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3643. [doc] Clarify RRL "slip" documentation.
bf6f755a74e24441e96a110b3c8d11cfe2ed0da7David Lawrence3642. [func] Allow externally generated DNSKEY to be imported
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence into the DNSKEY management framework. A new tool
1a7f6c3898266854db100fb2cb36418d650de8e7Brian Wellington dnssec-importkey is used to do this. [RT #34698]
1a7f6c3898266854db100fb2cb36418d650de8e7Brian Wellington3641. [bug] Handle changes to sig-validity-interval settings
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence better. [RT #34625]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3640. [bug] ndots was not being checked when searching. Only
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence continue searching on NXDOMAIN responses. Add the
fc9e755ba340607d76c7de897ee2d985d3b24505David Lawrence ability to specify ndots to nslookup. [RT #34711]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3639. [bug] Treat type 65533 (KEYDATA) as opaque except when used
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence in a key zone. [RT #34238]
7896e45912df15d07eb99f885b9d9c15ad5f3f68David Lawrence3638. [cleanup] Add the ability to handle ENOPROTOOPT in case it is
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence encountered. [RT #34668]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3637. [bug] 'allow-query-on' was checking the source address
32eddfc189108fa93e31761e13150594c7a79d2bDavid Lawrence rather than the destination address. [RT #34590]
b8dd48ecf83142f6ee7238cbd68fec455e527fc8Mark Andrews3636. [bug] Automatic empty zones now behave better with
b8dd48ecf83142f6ee7238cbd68fec455e527fc8Mark Andrews forward only "zones" beneath them. [RT #34583]
68e4926b2262571e004b4be00b905ec776c01d9cMichael Graff3635. [bug] Signatures were not being removed from a zone with
68e4926b2262571e004b4be00b905ec776c01d9cMichael Graff only KSK keys for a algorithm. [RT #34439]
6c7e680943ccdb75f23b050a7bc5ac0825e5244aMark Andrews3634. [func] Report build-id in rndc status. Report build-id
6c7e680943ccdb75f23b050a7bc5ac0825e5244aMark Andrews when building from a git repository. [RT #20422]
6c7e680943ccdb75f23b050a7bc5ac0825e5244aMark Andrews3633. [cleanup] Refactor OPT processing in named to make it easier
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence to support new EDNS options. [RT #34414]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3632. [bug] Signature from newly inactive keys were not being
61e9c1cdbe29683bb2db388e4fc6a6fd59315cefDavid Lawrence removed. [RT #32178]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3631. [bug] Remove spurious warning about missing signatures when
8b11f3debd9a9494d5aec60ea228ab393fbdc26eDavid Lawrence qtype is SIG. [RT #34600]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3630. [bug] Ensure correct ID computation for MD5 keys. [RT #33033]
140d92622430165001bd91ba2e7d516992faeb2fMichael Sawyer3629. [func] Allow the printing of cryptographic fields in DNSSEC
140d92622430165001bd91ba2e7d516992faeb2fMichael Sawyer records by dig to be suppressed (dig +nocrypto).
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3628. [func] Report DNSKEY key id's when dumping the cache.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3627. [bug] RPZ changes were not effective on slaves. [RT #34450]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3626. [func] dig: NSID output now easier to read. [RT #21160]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3625. [bug] Don't send notify messages to machines outside of the
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3624. [bug] Look for 'json_object_new_int64' when looking for a
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence the json library. [RT #34449]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3623. [placeholder]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3622. [tuning] Eliminate an unnecessary lock when incrementing
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence cache statistics. [RT #34339]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3621. [security] Incorrect bounds checking on private type 'keydata'
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence can lead to a remotely triggerable REQUIRE failure
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence (CVE-2013-4854). [RT #34238]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3620. [func] Added "rpz-client-ip" policy triggers, enabling
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence RPZ responses to be configured on the basis of
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence the client IP address; this can be used, for
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence example, to blacklist misbehaving recursive
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence or stub resolvers. [RT #33605]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3619. [bug] Fixed a bug in RPZ with "recursive-only no;"
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3618. [func] "rndc reload" now checks modification times of
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence include files as well as master files to determine
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence whether to skip reloading a zone. [RT #33936]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3617. [bug] Named was failing to answer queries during
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence "rndc reload" [RT #34098]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3616. [bug] Change #3613 was incomplete. [RT #34177]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3615. [cleanup] "configure" now finishes by printing a summary
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence of optional BIND features and whether they are
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence active or inactive. ("configure --enable-full-report"
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence increases the verbosity of the summary.) [RT #31777]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3614. [port] Check for <linux/types.h>. [RT #34162]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3613. [bug] named could crash when deleting inline-signing
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence zones with "rndc delzone". [RT #34066]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3612. [port] Check whether to use -ljson or -ljson-c. [RT #34115]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3611. [bug] Improved resistance to a theoretical authentication
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence attack based on differential timing. [RT #33939]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3610. [cleanup] win32: Some executables had been omitted from the
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence installer. [RT #34116]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3609. [bug] Corrected a possible deadlock in applications using
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence the export version of the isc_app API. [RT #33967]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3608. [port] win32: added todos.pl script to ensure all text files
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence the win32 build depends on are converted to DOS
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence newline format. [RT #22067]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3607. [bug] dnssec-keygen had broken 'Invalid keyfile' error
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence message. [RT #34045]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3606. [func] "rndc flushtree" now flushes matching
16a107c904a30a687a08efec86a26a2f9398d2edAndreas Gustafsson records in the address database and bad cache
16a107c904a30a687a08efec86a26a2f9398d2edAndreas Gustafsson as well as the DNS cache. (Previously only the
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence DNS cache was flushed.) [RT #33970]
33e927bf8622db6d3e5ecfd871f517db47fa722bDavid Lawrence3605. [port] win32: Addressed several compatibility issues
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence with newer versions of Visual Studio. [RT #33916]
3e6b98586e823544344bcbbcad825d3d4485de59David Lawrence3604. [bug] Fixed a compile-time error when building with
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence JSON but not XML. [RT #33959]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3603. [bug] Install <isc/stat.h>. [RT #33956]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3602. [contrib] Added DLZ Perl module, allowing Perl scripts to
cc5547dbcb04bdc498cf050c6104a1974f68c6eaAndreas Gustafsson integrate with named and serve DNS data.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence (Contributed by John Eaglesham of Yahoo.)
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3601. [bug] Added to PKCS#11 openssl patches a value len
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence attribute in DH derive key. [RT #33928]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3600. [cleanup] dig: Fixed a typo in the warning output when receiving
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence an oversized response. [RT #33910]
f6d6835ed5bb14f7d87cb9b736deadf9de2085ddAndreas Gustafsson3599. [tuning] Check for pointer equivalence in name comparisons.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3598. [cleanup] Improved portability of map file code. [RT #33820]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3597. [bug] Ensure automatic-resigning heaps are reconstructed
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence when loading zones in map format. [RT #33381]
38feb01f1b0a3ac65897ae63c22c27c72e8cfda1David Lawrence3596. [port] Updated win32 build documentation, added
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence dnssec-verify. [RT #22067]
802aa6f2b70cc0b4e69ef0a1dcab0a8d68a0fdeaDavid Lawrence3595. [port] win32: Fix build problems introduced by change #3550.
5b27fa26dd1288f61de9ace6f4ec56be63858048David Lawrence3594. [maint] Update config.guess and config.sub. [RT #33816]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3593. [func] Update EDNS processing to better track remote server
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence capabilities. [RT #30655]
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley3592. [doc] Moved documentation of rndc command options to the
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley rndc man page. [RT #33506]
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley3591. [func] Use CRC-64 to detect map file corruption at load
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley time. [RT #33746]
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley3590. [bug] When using RRL on recursive servers, defer
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley rate-limiting until after recursion is complete;
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley also, use correct rcode for slipped NXDOMAIN
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence responses. [RT #33604]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3589. [func] Report serial numbers in when starting zone transfers.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence Report accepted NOTIFY requests including serial.
7ce81e15fa98db5b13fba06d54526e8679ac064cDavid Lawrence3588. [bug] dig: addressed a memory leak in the sigchase code
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence that could cause a shutdown crash. [RT #33733]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3587. [func] 'named -g' now checks the logging configuration but
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence does not use it. [RT #33473]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3586. [bug] Handle errors in xmlDocDumpFormatMemoryEnc. [RT #33706]
7da5c63dc0eaeec88aaf67b7aeee43ab0b0125baDavid Lawrence3585. [func] "rndc delzone -clean" option removes zone files
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence when deleting a zone. [RT #33570]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3584. [security] Caching data from an incompletely signed zone could
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence trigger an assertion failure in resolver.c
f3f88c6802df4cfee59439b19a1c49637b70342dDavid Lawrence (CVE-2013-3919). [RT #33690]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3583. [bug] Address memory leak in GSS-API processing [RT #33574]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3582. [bug] Silence false positive warning regarding missing file
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence directive for inline slave zones. [RT #33662]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3581. [bug] Changed the tcp-listen-queue default to 10. [RT #33029]
8b7304a34c751e519ede7d00b77f1f962c0a37e4David Lawrence3580. [bug] Addressed a possible race in acache.c [RT #33602]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3579. [maint] Updates to PKCS#11 openssl patches, supporting
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence versions 0.9.8y, 1.0.0k, 1.0.1e [RT #33463]
cabcfd3e90a647c7bab3c5cc3ef7b36f49830787David Lawrence3578. [bug] 'rndc -c file' now fails if 'file' does not exist.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3577. [bug] Handle zero TTL values better. [RT #33411]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3576. [bug] Address a shutdown race when validating. [RT #33573]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3575. [func] Changed the logging category for RRL events from
e4e183af576855f4ccc9fc28084ffe095aaa5b55Andreas Gustafsson 'queries' to 'query-errors'. [RT #33540]
e49a98d47fea220023c22bcc7204f13f7f0b07feBrian Wellington3574. [doc] The 'hostname' keyword was missing from server-id
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington description in the named.conf man page. [RT #33476]
195da2b26542b85d60308b2af35ea9966df9c3bbMichael Graff3573. [bug] "rndc addzone" and "rndc delzone" incorrectly handled
195da2b26542b85d60308b2af35ea9966df9c3bbMichael Graff zone names containing punctuation marks and other
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence nonstandard characters. [RT #33419]
e9a9ae4fc627f24cb960a3008f2723ba9a55b274Brian Wellington3572. [func] Threads are now enabled by default on most
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence operating systems. [RT #25483]
d1bdeae7bb7a0642170d5476c2fd901db3028143Andreas Gustafsson3571. [bug] Address race condition in dns_client_startresolve().
d111a46c88adda33a93839f4934e127b6147d87dBob Halley3570. [bug] Check internal pointers are valid when loading map
d111a46c88adda33a93839f4934e127b6147d87dBob Halley files. [RT #33403]
9e53cbca72767d0c91962b7a01650ea07d7398ddMark Andrews3569. [contrib] Ported mysql DLZ driver to dynamically-loadable
585529aaeb95a71cd3d95df2602a4688fc7c3292David Lawrence module, and added multithread support. [RT #33394]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3568. [cleanup] Add a product description line to the version file,
2d0c5f1eada2015324cb89c11c7c5c11cccb493fAndreas Gustafsson to be reported by named -v/-V. [RT #33366]
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff3567. [bug] Silence clang static analyzer warnings. [RT #33365]
c6adcd09c8d5c0acd47a8dccb8061bb1105cad95Michael Graff3566. [func] Log when forwarding updates to master. [RT #33240]
b5fff54fe9335b20c02d749831fc0eaeda97198fBrian Wellington3565. [placeholder]
15a0ed30600ea88fe1227233155586f0c3c6cc34Bob Halley3564. [bug] Improved handling of corrupted map files. [RT #33380]
15a0ed30600ea88fe1227233155586f0c3c6cc34Bob Halley3563. [contrib] zone2sqlite failed with some table names. [RT #33375]
53c892082e4dd70a12bb5badd81a9e939d7e6efdBrian Wellington3562. [func] Update map file header format to include a SHA-1 hash
b5fff54fe9335b20c02d749831fc0eaeda97198fBrian Wellington of the database content, so that corrupted map files
b5fff54fe9335b20c02d749831fc0eaeda97198fBrian Wellington can be rejected at load time. [RT #32459]
b5fff54fe9335b20c02d749831fc0eaeda97198fBrian Wellington3561. [bug] dig: issue a warning if an EDNS query returns FORMERR
b5fff54fe9335b20c02d749831fc0eaeda97198fBrian Wellington or NOTIMP. Adjust usage message. [RT #33363]
3ae757933270e8298a6c1c5f9dfd30a4d852972cAndreas Gustafsson3560. [bug] isc-config.sh did not honor includedir and libdir
3ae757933270e8298a6c1c5f9dfd30a4d852972cAndreas Gustafsson when set via configure. [RT #33345]
3ae757933270e8298a6c1c5f9dfd30a4d852972cAndreas Gustafsson3559. [func] Check that both forms of Sender Policy Framework
3ae757933270e8298a6c1c5f9dfd30a4d852972cAndreas Gustafsson records exist or do not exist. [RT #33355]
b61bbad878d0ac563a093525aa826cdba0fd43bfMark Andrews3558. [bug] IXFR of a DLZ stored zone was broken. [RT #33331]
26c86a6fc85c89447d23d4a3e34b11157a2ff6f4Andreas Gustafsson3557. [bug] Reloading redirect zones was broken. [RT #33292]
4716e94840921878b26e493576f84afe4fe08752Mark Andrews3556. [maint] Added AAAA for D.ROOT-SERVERS.NET.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3555. [bug] Address theoretical race conditions in acache.c
622af581bd08a61d12c70f80b1d40d0d9c8a1fa3David Lawrence (change #3553 was incomplete). [RT #33252]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3554. [bug] RRL failed to correctly rate-limit upward
b4b032ab5a3d0e96e7c752e232e3050e8806b8cbBob Halley referrals and failed to count dropped error
0e9c5d24d25cb77a6935abf9247734b576626c9fBob Halley responses in the statistics. [RT #33225]
3886e748a4086b813e3453232a742903762fedadBob Halley3553. [bug] Address suspected double free in acache. [RT #33252]
3886e748a4086b813e3453232a742903762fedadBob Halley3552. [bug] Wrong getopt option string for 'nsupdate -r'.
3886e748a4086b813e3453232a742903762fedadBob Halley3551. [bug] resolver.querydscp[46] were uninitialized. [RT #32686]
b4b032ab5a3d0e96e7c752e232e3050e8806b8cbBob Halley3550. [func] Unified the internal and export versions of the
b4b032ab5a3d0e96e7c752e232e3050e8806b8cbBob Halley BIND libraries, allowing external clients to use
b4b032ab5a3d0e96e7c752e232e3050e8806b8cbBob Halley the same libraries as BIND. [RT #33131]
ce0004744d2c232581af53cbc6201f4ec4cf1f1cBrian Wellington3549. [doc] Documentation for "request-nsid" was missing.
ce0004744d2c232581af53cbc6201f4ec4cf1f1cBrian Wellington3548. [bug] The NSID request code in resolver.c was broken
ce0004744d2c232581af53cbc6201f4ec4cf1f1cBrian Wellington resulting in invalid EDNS options being sent.
b4b4adc097365bd3f980b30bc7cc30199f4b8456Andreas Gustafsson3547. [bug] Some malformed unknown rdata records were not properly
b4b4adc097365bd3f980b30bc7cc30199f4b8456Andreas Gustafsson detected and rejected. [RT #33129]
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley3546. [func] Add EUI48 and EUI64 types. [RT #33082]
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley3545. [bug] RRL slip behavior was incorrect when set to 1.
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley3544. [contrib] check5011.pl: Script to report the status of
83a39d3f3c9b9966bc060d46e8e419adb004888aAndreas Gustafsson managed keys as recorded in managed-keys.bind.
8426878e988859184706f36e2229e24e77b80aa4Andreas Gustafsson Contributed by Tony Finch <dot@dotat.at>
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3543. [bug] Update socket structure before attaching to socket
0f7045b0c437b158c61c195c319d2762882ece83Andreas Gustafsson manager after accept. [RT #33084]
7c0e50b5623a6ffc9e3986e129f8ca6bae9aabfaBrian Wellington3542. [placeholder]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3541. [bug] Parts of libdns were not properly initialized when
a25310fd1dce652cdebba2b3dbc5d38cc3706745Andreas Gustafsson built in libexport mode. [RT #33028]
a25310fd1dce652cdebba2b3dbc5d38cc3706745Andreas Gustafsson3540. [test] libt_api: t_info and t_assert were not thread safe.
42712a426dd62518ca7c36982867e5622f7265e7Michael Graff3539. [port] win32: timestamp format didn't match other platforms.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3538. [test] Running "make test" now requires loopback interfaces
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence to be set up. [RT #32452]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3537. [tuning] Slave zones, when updated, now send NOTIFY messages
11a898e05092e8477fbfe1a245c1c5871a846638Andreas Gustafsson to peers before being dumped to disk rather than
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence after. [RT #27242]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3536. [func] Add support for setting Differentiated Services Code
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence Point (DSCP) values in named. Most configuration
b295930144c8782e84528dcd355153ae5a5d66e8David Lawrence options which take a "port" option (e.g.,
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence listen-on, forwarders, also-notify, masters,
0bcb1d4d630f8d7547ee62870e1b059827cc1c8aDavid Lawrence notify-source, etc) can now also take a "dscp"
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence option specifying a code point for use with
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister outgoing traffic, if supported by the underlying
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister OS. [RT #27596]
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister3535. [bug] Minor win32 cleanups. [RT #32962]
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister3534. [bug] Extra text after an embedded NULL was ignored when
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister parsing zone files. [RT #32699]
6253eaa03c49aac035bdd8b1d9ec4853b45e94a0Andreas Gustafsson3533. [contrib] query-loc-0.4.0: memory leaks. [RT #32960]
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister3532. [contrib] zkt: fixed buffer overrun, resource leaks. [RT #32960]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3531. [bug] win32: A uninitialized value could be returned on out
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister of memory. [RT #32960]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3530. [contrib] Better RTT tracking in queryperf. [RT #30128]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3529. [func] Named now listens on both IPv4 and IPv6 interfaces
7b2db4b8d13e3d8bc81419ffcc8b39de8193ef63David Lawrence by default. Named previously only listened on IPv4
9e7c9ad159b581714c67148c3c698c12730d7ef7James Brister interfaces by default unless named was running in
9e7c9ad159b581714c67148c3c698c12730d7ef7James Brister IPv6 only mode. [RT #32945]
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson3528. [func] New "dnssec-coverage" command scans the timing
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson metadata for a set of DNSSEC keys and reports if a
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson lapse in signing coverage has been scheduled
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson inadvertently. (Note: This tool depends on python;
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson it will not be built or installed on systems that
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson do not have a python interpreter.) [RT #28098]
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson3527. [compat] Add a URI to allow applications to explicitly
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence request a particular XML schema from the statistics
404e3e4738e97d5dff48fab1e76839e963cb16a6Brian Wellington channel, returning 404 if not supported. [RT #32481]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3526. [cleanup] Set up dependencies for unit tests correctly during
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence build. [RT #32803]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3525. [func] Support for additional signing algorithms in rndc:
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence hmac-sha1, -sha224, -sha256, -sha384, and -sha512.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence The -A option to rndc-confgen can be used to
d9cc295339982d8d86075ab4285cc700d354e2eeBob Halley select the algorithm for the generated key.
7d1d130f4fe1b7485142c4f55a4ef3760b5fa30aBrian Wellington (The default is still hmac-md5; this may
7d1d130f4fe1b7485142c4f55a4ef3760b5fa30aBrian Wellington change in a future release.) [RT #20363]
d9cc295339982d8d86075ab4285cc700d354e2eeBob Halley3524. [func] Added an alternate statistics channel in JSON format,
d9cc295339982d8d86075ab4285cc700d354e2eeBob Halley when the server is built with the json-c library:
d9cc295339982d8d86075ab4285cc700d354e2eeBob Halley http://[address]:[port]/json. [RT #32630]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3523. [contrib] Ported filesystem and ldap DLZ drivers to
9ac79ef3f89b23d80f9649abf71fdc65bb7a8b62David Lawrence dynamically-loadable modules, and added the
a6a0b5e9b7078887a73ecec8be2935daa287a389James Brister "wildcard" module based on a contribution from
a6a0b5e9b7078887a73ecec8be2935daa287a389James Brister Vadim Goncharov <vgoncharov@nic.ru>. [RT #23569]
a6a0b5e9b7078887a73ecec8be2935daa287a389James Brister3522. [bug] DLZ lookups could fail to return SERVFAIL when
be768c2e952c34438025999125f984995a2c675fBob Halley they ought to. [RT #32685]
da6affdf7dd677a636155e4a41f6de416a2d815bBob Halley3521. [bug] Address memory leak in opensslecdsa_link.c. [RT #32249]
da6affdf7dd677a636155e4a41f6de416a2d815bBob Halley3520. [bug] 'mctx' was not being referenced counted in some places
da6affdf7dd677a636155e4a41f6de416a2d815bBob Halley where it should have been. [RT #32794]
be768c2e952c34438025999125f984995a2c675fBob Halley3519. [func] Full replay protection via four-way handshake is
be768c2e952c34438025999125f984995a2c675fBob Halley now mandatory for rndc clients. Very old versions
be768c2e952c34438025999125f984995a2c675fBob Halley of rndc will no longer work. [RT #32798]
01e320c4fb51c802e9fe86c192fbebf4229ca918Bob Halley3518. [bug] Increase the size of dns_rrl_key.s.rtype by one bit
19e0c849f69ad8b655b4d199e16de0a4a94562d6Bob Halley so that all dns_rrl_rtype_t enum values fit regardless
19e0c849f69ad8b655b4d199e16de0a4a94562d6Bob Halley of whether it is teated as signed or unsigned by
19e0c849f69ad8b655b4d199e16de0a4a94562d6Bob Halley the compiler. [RT #32792]
9ac79ef3f89b23d80f9649abf71fdc65bb7a8b62David Lawrence3517. [bug] Reorder destruction to avoid shutdown race. [RT #32777]
01e320c4fb51c802e9fe86c192fbebf4229ca918Bob Halley3516. [placeholder]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3515. [port] '%T' is not portable in strftime(). [RT #32763]
dd6132005a5c48dea642c2ed0507bf472c8ee9bbJames Brister3514. [bug] The ranges for valid key sizes in ddns-confgen and
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence rndc-confgen were too constrained. Keys up to 512
d6d18435cd47a57f43af2eab835d0f6b7a76f2bdAndreas Gustafsson bits are now allowed for most algorithms, and up
d6d18435cd47a57f43af2eab835d0f6b7a76f2bdAndreas Gustafsson to 1024 bits for hmac-sha384 and hmac-sha512.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3513. [func] "dig -u" prints times in microseconds rather than
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence milliseconds. [RT #32704]
3f46e84f9ff264cac8c07c2136a507827afb2760James Brister3512. [func] "rndc validation check" reports the current status
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence of DNSSEC validation. [RT #21397]
3f46e84f9ff264cac8c07c2136a507827afb2760James Brister3511. [doc] Improve documentation of redirect zones. [RT #32756]
fdb12d38d325efba64581bdee7fac188466fff55Bob Halley3510. [func] "rndc status" and XML statistics channel now report
fdb12d38d325efba64581bdee7fac188466fff55Bob Halley server start and reconfiguration times. [RT #21048]
fdb12d38d325efba64581bdee7fac188466fff55Bob Halley3509. [cleanup] Added a product line to version file to allow for
fdb12d38d325efba64581bdee7fac188466fff55Bob Halley easy naming of different products (BIND
fdb12d38d325efba64581bdee7fac188466fff55Bob Halley vs BIND ESV, for example). [RT #32755]
43a5758df763a04d907a8b406e89a96f5c207a9cBrian Wellington3508. [contrib] queryperf was incorrectly rejecting the -T option.
c73aafe6016ed1a7a6972681148cedf6a48a21bcBrian Wellington3507. [bug] Statistics channel XSL had a glitch when attempting
c73aafe6016ed1a7a6972681148cedf6a48a21bcBrian Wellington to chart query data before any queries had been
99b80297d416ebb722b2515023c51b3aacdc1fb9Bob Halley received. [RT #32620]
99b80297d416ebb722b2515023c51b3aacdc1fb9Bob Halley3506. [func] When setting "max-cache-size" and "max-acache-size",
99b80297d416ebb722b2515023c51b3aacdc1fb9Bob Halley the keyword "unlimited" is no longer defined as equal
99b80297d416ebb722b2515023c51b3aacdc1fb9Bob Halley to 4 gigabytes (except on 32-bit platforms); it
a5a5371b756f3bbbe33dac1dde196fbd6c063640Bob Halley means literally unlimited. [RT #32358]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence3505. [bug] When setting "max-cache-size" and "max-acache-size",
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence larger values than 4 gigabytes could not be set
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence explicitly, though larger sizes were available
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence when setting cache size to 0. This has been
3497. [func] When deleting a slave/stub zone using 'rndc delzone'
dlzdb.link. When cloning a rdataset do not copy
3485. [cleanup] Only compile openssl_gostlink.c if we support GOST.
3473. [bug] dnssec-signzone/verify could incorrectly report
3459. [func] Added -J option to named-checkzone/named-compilezone
3449. [bug] gen.c: use the pre-processor to construct format
3447. [port] Add support for libxml2-2.9.x [RT #32231]
3441. [maint] D.ROOT-SERVERS.NET is now 199.7.91.13.
3436. [bug] Check malloc/calloc return values. [RT #32088]
3409. [contrib] contrib/dane/mkdane.sh: Tool to generate TLSA RR's
3406. [bug] mem.c: Fix compilation errors when building with
zone.c [RT #30675]
3362. [bug] Setting some option values to 0 in named.conf
3357. [port] Add support for libxml2-2.8.x [RT #30440]
to ensure correctness of signatures and of NSEC/NSEC3
- add a RPZ performance test to bin/tests/system/rpz
3328. [bug] Fixed inconsistent data checking in dst_parse.c.
zone.c:zone_gotwritehandle. [RT #29028]
3309. [bug] resolver.c:fctx_finddone() was not thread safe.
3300. [bug] Named could die if gssapi was enabled in named.conf
client.c:exit_check. [RT #28346]
3294. [bug] isccc/cc.c:table_fromwire failed to free alist on
3290. [bug] <isc/hmacsha.h> was not being installed. [RT #28169]
3287. [port] Update ans.pl to work with Net::DNS 0.68. [RT #28028]
rbtnode.deadlink. [RT #27738]
lib/dns/rbtdb.c:iszonesecure. [RT #26913]
3233. [bug] 'rndc freeze/thaw' didn't work for inline zones.
3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478]
3212. [bug] rbtdb.c: failed to remove a node from the deadnodes
3201. [func] 'rndc querylog' can now be given an on/off parameter
dnssec.h. [RT #26415]
3188. [bug] zone.c:zone_refreshkeys() could fail to detach
3186. [bug] Version/db mis-match in rpz code. [RT #26180]
sample external DLZ module in contrib/dlz/example.
- replace "NO-OP" named.conf policy override with
3169. [func] Catch db/version mis-matches when calling dns_db_*().
3163. [bug] Use finer-grained locking in client.c to address
3161. [bug] zone.c:del_sigs failed to always reset rdata leading
drivers (e.g., mysql, postgresql, etc). [RT #25710]
3145. [test] Capture output of ATF unit tests in "./atf.out" if
3093. [bug] Fix gssapi/kerberos dependencies [RT #23836]
3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
and add setup.sh in order to resolve changing
named.conf issue. [RT #23687]
3077. [bug] zone.c:zone_refreshkeys() incorrectly called
update.c:next_active. [RT #20256]
select the master/slave zones. [RT #23580]
- "dig +split=X" breaks hex/base64 records into
named.pid at startup. [RT #23290]
validator.c. Tests added to dnssec system test.
3038. [bug] Install <dns/rpz.h>. [RT #23342]
3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
3026. [bug] lib/isc/httpd.c: check that we have enough space
to 10. Allow setting this in named.conf using the new
in the named.conf options. [RT #21727]
3000. [bug] More TKEY/GSS fixes:
2992. [contrib] contrib/check-secure-delegation.pl: A simple tool
2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for
2987. [func] Improve ease of configuring TKEY/GSS updates by
zone, but the nameserver names and/or their IP
2978. [port] hpux: look for <devpoll.h> [RT #21919]
2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
2973. [bug] bind.keys.h was being removed by the "make clean"
(e.g. "%-1c"). [RT #22270]
2962. [port] win32: add more dependencies to BINDBuild.dsw.
2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
interfaces at reboot. See bin/tests/system/README
support for addzone/delzone feature (see change
new-zone-file in named.conf; this happens
2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
option at the view or options level in named.conf.
into named.conf in the appropriate view. (Note:
2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
was specified in named.conf. [RT #21416]
2903. [bug] managed-keys-directory missing from namedconf.c.
2893. [bug] Improve managed keys support. New named.conf option
2873. [bug] Canceling a dynamic update via the dns/client module
2872. [bug] Modify dns/client.c:dns_client_createx() to only
2871. [bug] Type mismatch in mem_api.c between the definition and
2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
2865. [bug] memset to zero event.data. [RT #20986]
2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
README.rfc5011 into the ARM. [RT #20899]
2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
2829. [bug] Fixed potential node inconsistency in rbtdb.c.
2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
2822. [bug] rbtdb.c:loadnode() could return the wrong result.
atomic.h is correctly installed by the architecture
(i.e., built without --enable-exportlib). [RT #20679]
named.conf: check-dup-records {ignore|warn|fail};
2794. [bug] Install <isc/namespace.h>. [RT #20677]
2791. [bug] The installation of isc-config.sh was broken.
2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
2770. [cleanup] Add log messages to resolver.c to indicate events
2756. [bug] Fixed corrupt logfile message in update.c. [RT #20597]
2746. [port] hpux: address signed/unsigned expansion mismatch of
dns_rbtnode_t.nsec. [RT #20542]
validator.c. [RT #19589]
2725. [doc] Added information about the file "managed-keys.bind"
2719. [func] Skip trusted/managed keys for unsupported algorithms.
2717. [bug] named failed to update the NSEC/NSEC3 record when
2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
2711. [port] win32: Add the bin/pkcs11 tools into the full
by the named.conf option 'secure-to-insecure'.
(i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
2699. [bug] Missing lock in rbtdb.c. [RT #20037]
S_IFREG are defined after including <isc/stat.h>.
2695. [func] DHCP/DDNS - update fdwatch code for use by
2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
2679. [func] dig -k can now accept TSIG keys in named.conf
- New "inactive" date (dnssec-keygen/settime -I)
2673. [bug] The managed-keys.bind zone file could fail to
2664. [bug] create_keydata() and minimal_update() in zone.c
applications. See README.libdns. [RT #19369]
2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
2632. [func] util/kit.sh: warn if documentation appears to be out of
2628. [port] linux: Allow /var/run/named/named.pid to be opened
2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
2617. [bug] ifconfig.sh failed to emit an error message when
2616. [bug] 'host' used the nameservers from resolv.conf even
configuration text for named.conf
from a NSEC3 signed master/slave zone. [RT #19464]
2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
2590. [func] Report zone/class of "update with no effect".
2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
of "dnssec-lookaside . trust-anchor dlv.isc.org;"
plus setting a trusted-key for dlv.isc.org.
by) $sysconfdir/bind.keys. As the ISC DLV key
the bind.keys file with a key downloaded from
https://www.isc.org/solutions/dlv. [RT #18685]
2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
2548. [bug] Install iterated_hash.h. [RT #19335]
2547. [bug] openssl_link.c:mem_realloc() could reference an
2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
2538. [bug] cache/ADB memory could grow over max-cache-size,
2519. [bug] dig/host with -4 or -6 didn't work if more than two
preceded in resolv.conf. [RT #19081]
document function in <isc/radix.h>. [RT #18534]
2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
are now /var/run/named/named.pid and
/var/run/lwresd/lwresd.pid respectively.
2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
specified in named.conf doesn't seem to work with
2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
2455. [bug] Stop metadata being transferred via axfr/ixfr.
2452. [func] Improve bin/test/journalprint. [RT #18316]
epoll and /dev/poll to be selected at compile
completion event send out canceled read/write
in rbtdb.c. [RT #18455]
2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
temporary, named.conf option reserved-sockets,
assertion in acl.c. [RT #18166]
2390. [bug] dispatch.c could make a false warning on 'odd socket'.
2387. [bug] Silence compiler warnings in lib/isc/radix.c.
2385. [bug] A condition variable in socket.c could leak in
2381. [port] dlz/mysql: support multiple install layouts for
mysql. <prefix>/include/{,mysql/}mysql.h and
2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
Documentation is in the new README.pkcs11 file.
were set at both the options/view level and in
named.conf. [RT #17581]
See <isc/mem.h> for details.
2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
rbtdb.c. Implement dead node processing in zones as
lib/dns/rdata/in_1/apl_42.c. [RT #17469]
2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
addresses in acl.c. [RT #17519]
bin/named/lwdnoop.c. [RT #17476]
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
debug/fatal messages. [RT #17501]
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
2306. [bug] Remove potential race from lib/dns/resolver.c.
2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
bin/tests/system/lwresd/lwtest.c. [RT #17474]
bin/tests/names/t_names.c. [RT #17473]
bin/nsupdate/nsupdate.c. [RT #17475]
bin/tests/timers/t_timers.c. [RT #17468]
bin/tests/dst/t_dst.c. [RT #17467]
2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
2276. [bug] Install <dst/gssapi.h>. [RT #17359]
stub/slave master and journal files. [RT #17279]
2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
2266. [bug] client.c:get_clientmctx() returned the same mctx
2257. [bug] win32: Use the full path to vcredist_x86.exe when
bindevt.dll. [RT #17159]
2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
2254. [bug] timer.c:dispatch() failed to lock timer->lock
2247. [doc] Sort doc/misc/options. [RT #17067]
2246. [bug] Make the startup of test servers (ans.pl) more
2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
If allow-query-cache is not set in named.conf then
If allow-recursion is not set in named.conf then
2194. [bug] Close journal before calling 'done' in xfrin.c.
2193. [port] win32: BINDInstall.exe is now linked statically.
2192. [port] win32: use vcredist_x86.exe to install Visual
2184. [bug] bind9.xsl.h didn't build out of the source tree.
2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
need to ship Microsoft.VC80.MFCLOC.
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
Fix a memory leak in rbtdb.c:free_noqname().
Make lookup.c:lookup_find() robust against
2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
dighost.c:get_trusted_key(). [RT #16678]
hmac_link.c. [RT #16437]
2145. [bug] Check DS/DLV digest lengths for known digests.
2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
in adb.c. [RT #16670]
2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2137. [port] Mips little endian and/or mips 64 bit are now
2136. [bug] nslookup/host looped if there was no search list
2135. [bug] Uninitialized rdataset in sdlz.c. [RT #16656]
2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
2114. [bug] dig/host/nslookup: searches for names with multiple
2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
2103. [port] Add /usr/sfw to list of locations for OpenSSL
2100. [port] win32: copy libeay32.dll to Build\Debug.
2098. [bug] Race in rbtdb.c:no_references(), which occasionally
if resolv.conf does not exist or no nameservers
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
2085. [doc] win32: added index.html and README to zip. [RT #16201]
2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
2080. [port] libbind: res_init.c did not compile on older versions
2076. [bug] Several files were missing #include <config.h>
of authoritative servers that drop EDNS and/or CD
2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
2043. [port] nsupdate/nslookup: Force the flushing of the prompt
2038. [bug] dig/nslookup/host was unlinking from wrong list
a non slave/stub zone. [RT # 16073]
2028. [port] linux: socket.c compatibility for old systems.
2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
2008. [func] It is now possible to enable/disable DNSSEC
breaks DNSSEC (firewall/proxy). [RT #15592]
2003. [bug] libbind: The DNS name/address lookup functions could
1988. [bug] Remove a bus error from the SHA256/SHA512 support.
1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
1981. [bug] win32: condition.c:wait() could fail to reattain
1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
now be set in named.conf (max-udp-size). This is
xfrin.c:maybe_free() if named ran out of memory.
1944. [cleanup] isc_hash_create() does not need a read/write lock.
1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
1922. [bug] check-tool.c:setup_logging() missing call to
1919. [contrib] queryperf: a set of new features: collecting/printing
'RD' was set in the query. host/nslookup skip servers
1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
1866. [bug] resolv.conf parse errors were being ignored by
dig/host/nslookup. [RT #14841]
1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
when CFLAGS contains "-I /usr/local/include"
1839. [bug] <isc/hash.h> was not being installed.
1836. [cleanup] Silence compiler warnings in hash_test.c.
1834. [bug] Bad memset in rdata_test.c. [RT #13658]
rbtdb.c:subtractrdataset(). [RT #13519]
option in named.conf can be used to specify a
1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
1810. [bug] configure, lib/bind/configure make different default
1808. [bug] zone.c:notify_zone() contained a race condition,
1788. [bug] libbind9.la/libbind9.so needs to link against
1785. [bug] libbind9.la/libbind9.so needs to link against
1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
file clause for rbt{64} master/hint zones. [RT #13009]
1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
1748. [func] dig now returns the byte count for axfr/ixfr.
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
1745. [bug] Dig/host/nslookup accept replies from link locals
1731. [port] darwin: relax version test in ifconfig.sh.
1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
1717. [port] solaris: ifconfig.sh did not support Solaris 10.
"ifconfig.sh down" didn't work for Solaris 9.
1716. [doc] named.conf(5) was being installed in the wrong
1714. [bug] dig/host/nslookup were only trying the first
1707. [contrib] sdb/ldap updated to version 1.0-beta.
1705. [func] Allow the journal's name to be changed via named.conf.
"#include <isc/print.h>". [RT #12321]
1701. [doc] A minimal named.conf man page.
are defined in named.conf. [RT #12023]
/usr/lib. [RT #11971]
1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
adb.c:set_target(). [RT #11582]
1648. [func] Update dnssec-lookaside named.conf syntax to support
1625. [bug] named failed to load/transfer RFC2535 signed zones
1612. [bug] check-names at the option/view level could trigger
1599. [bug] Fix memory leak on error path when checking named.conf.
DNSSEC specify "dnssec-enable yes;" in named.conf.
1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
1566. [port] Support for the cmsg framework on Solaris and HP/UX.
were specified in /etc/resolv.conf. [RT #8232]
1551. [port] Open "/dev/null" before calling chroot().
1532. [port] netbsd: the configure test for <sys/sysctl.h>
requires <sys/param.h>.
1517. [port] Support for IPv6 interface scanning on HP/UX and
only (e.g. DE, LV, US and MUSEUM) these can be excluded
1503. [port] win32: install libeay32.dll outside of system32.
named.conf, tcp-listen-queue.
1498. [port] bsdos: 5.x support.
1478. [port] ifconfig.sh didn't account for other virtual
1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
doc/misc/options. [RT #5616]
via named.conf (edns-udp-size).
1425. [port] linux/libbind: define __USE_MISC when testing *_r()
function prototypes in netdb.h. [RT #4921]
1422. [func] Log name/type/class when denying a query. [RT #4663]
1419. [port] openbsd: use /dev/arandom. [RT #4950]
1417. [func] ID.SERVER/CHAOS is now a built in zone.
1410. [func] Handle records that live in the parent zone, e.g. DS.
1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
'recursing-file = "named.recursing";'.
1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
1353. [contrib] sdb/ldap to version 0.9.
in socket.c and eliminating a host of socket
1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
1336. [func] Nibble lookups under IP6.ARPA are now supported by
1334. [bug] When signing/verifying rdatasets, duplicate rdatas
1326. [bug] DNAME/CNAME signatures were not being cached when
1324. [port] darwin: ifconfig.sh now supports darwin.
1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
1276. [bug] libbind: const pointer conflicts in res_debug.c.
1269. [port] Openserver: ifconfig.sh support.
<sys/param.h> is included or not. Be consistent.
1247. [bug] Don't reset the interface index for link/site local
1234. [bug] contrib/sdb: 'zonetodb' failed to call
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
at the named.conf checking stage. [RT #2431]
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
lib/dns to use this function instead of local one.
occurs when parsing named.conf. [RT #2275]
1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
1145. [func] "host" no longer reports a NOERROR/NODATA response
named/lwresd at compile time. [RT #1982]
1119. [func] Added support in Win32 for NTFS file/directory ACL's
could cause an assertion failure in resolver.c
violation in adb.c. [RT #2017]
1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
1088. [port] libbind: MPE/iX C.70 (incomplete)
on load/reload if views were used. [RT #1947]
1041. [bug] Dig/host/nslookup could catch an assertion failure
1032. [func] hostname.bind/txt/chaos now returns the name of
1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
1030. [bug] On systems with no resolv.conf file, nsupdate
1029. [bug] Some named.conf errors did not cause the loading
1002. [bug] When reporting an unknown class name in named.conf,
972. [bug] The file modification time code in zone.c was using the
non-existent nlist.h. [RT #1640]
957. [bug] sys/select.h inclusion was broken on older platforms.
in named/win32/os.c due to code changes in
updated to add include path for os.h header.
953. [func] The /var/run/named.key file from change #843
has been replaced by /etc/rndc.key. Both
method (rndc.conf / controls). Unlike
bin/tests. [RT #1555].
946. [cleanup] doc/misc/options is now machine-generated from the
when installing isc-config.sh.
were not accepted in named.conf. [RT #1469]
and added lib/isc/win32/entropy.c.
900. [bug] A config.guess update changed the system identification
bin/tests/system/ifconfig.sh now recognize the new
899. [bug] lib/dns/soa.c failed to compile on many platforms
897. [bug] A config.guess update changed the system identification
to Darwin. This was derived from the config.guess
849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
just as <lwres/net.h> does.
843. [func] If no controls statement is present in named.conf,
generated by named and an rndc.conf-style file
named named.key will be written that uses it. rndc
838. [port] UnixWare 7.x.x is now suported by
833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
<dns/soa.h>, and extended them to support
832. [bug] The default location for named.conf in named-checkconf
825. [bug] zone.c:ns_query() detached from the wrong zone
character (i.e. "/") in its name and the directory
down-cased when signing/verifying records. [RT #1186]
in rndc.conf.
786. [bug] When DNSSEC signing/verifying data, owner names were
755. [bug] Fix incorrectly formatted log messages in zone.c.
748. [doc] List supported RFCs in doc/misc/rfc-compliance.
739. [port] Look for /dev/random in configure, rather than
737. [port] stdtime.c failed to compile on certain platforms.
dispatch.c:do_cancel(). [RT #733]
718. [cleanup] "internal" is no longer a reserved word in named.conf.
failure in adb.c. [RT #738]
703. [port] sys/select.h is needed on older platforms. [RT #695]
702. [func] If the address 0.0.0.0 is seen in resolv.conf,
693. [bug] An empty lwres statement in named.conf caused
685. [bug] nslookup should use the search list/domain options
from resolv.conf by default. [RT #405, #630]
646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
for syntax checking named.conf files and zone files,
604. [bug] The named.conf parser could print incorrect line
577. [func] Log illegal RDATA combinations. e.g. multiple
570. [bug] rbtdb.c allowed zones containing nodes which had
568. [func] Add sample simple database drivers in contrib/sdb.
of rdata type/class mnemonics in log messages.
516. [bug] Cache lookups which had a NULL node pointer, e.g.
DNAME, would trigger an INSIST(!search.need_cleanup)
490. [func] When a slave/stub zone has not yet successfully
from the named.conf "listen-on" statement, sockets
477. [bug] The the isc-config.sh script could be installed before
471. [bug] nsupdate didn't compile on HP/UX 10.20
and subsequent name servers in resolv.conf if the
457. [bug] Dig/host/hslookup didn't properly handle connect
documented as such in named.conf. [RT #304, RT #311]
is specified in named.conf. [RT #306]
is specified in named.conf. [RT #301]
432. [func] Added refresh/retry jitter. The actual refresh/
428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
(e.g. glue). This could cause SERVFAILs when
e.g. due to corrupt zones with multiple SOA records.
an argc/argv style vector of words and sets
view/global one for CNAME targets and additional
369. [func] Support new named.conf options, view and zone
the distribution, in doc/man/dnssec.
353. [bug] double increment in lwres/gethost.c:copytobuf().
348. [func] New boolean named.conf options 'additional-from-auth'
345. [bug] Large-scale changes/cleanups to dig:
341. [func] Support 'key' clause in named.conf zone masters
327. [bug] rndc.conf parser wasn't correctly recognizing an IP
320. [func] Multiple rndc changes: parses an rndc.conf file,
319. [func] The named.conf "controls" statement is now used
314. [func] The named.conf controls statement can now have
313. [bug] When parsing resolv.conf, don't terminate on an
resolv.conf search path from 6 to 8. If there
resolv.conf was empty or a comment.
310. [func] Changes to named.conf "controls" statement (inet
are listed in resolv.conf, silently ignore them
each library's ipv6.h defines the wrapper symbol of
any $sbindir/dig from a previous release.)
that lack /dev/random.
280. [func] Add isc-config.sh, which can be used to more
two or more files in libomapi.a were not namespace
278. [bug] bin/named/logconf.c:category_fromconf() didn't take
266. [bug] zone.c:save_nsrrset() node was not initialized.
262. [bug] 'master' was not initialized in zone.c:stub_callback().
for global options block of named.conf. Both accept
258. [bug] Fixed printing of lwres_addr_t.address field.
256. [func] isc_ratelimiter_t now has attach/detach semantics, and
253. [func] resolv.conf parser now recognizes ';' and '#' as
252. [bug] resolv.conf parser mishandled masks on sortlists.
244. [bug] empty named.conf file and empty options statement are
243. [func] new cachesize option for named.conf
+ missing sigwait prototype on BSD/OS 4.0/4.0.1.
BSD/OS 4.*, Linux and Solaris 2.8.
230. [func] Replace the dst sign/verify API with a cleaner one.
from confparser.c, because of yacc's code, are
212. [func] Added dns_message_get/settsigkey, to make TSIG
compiling in the lib/dns/sec/{dnssafe,openssl}
204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
run on a PA 1.x system."
201. [cleanup] Removed the test/sdig program, it has been
replaced by bin/dig/dig.
(e.g., running out of network buffers) were
and/or interfaces. [19-May-2000 explorer]
191. [func] Patched to compile on UnixWare 7.x. This platform
range for overflow/underflow. In the case of
184. [cleanup] Variables/functions which began with two leading
underscores were made to conform to the ANSI/ISO
179. [func] options named.conf statement *must* now come
178. [func] Post-load of named.conf check verifies a slave zone
168. [bug] include statements in named.conf caused syntax errors
162. [bug] Ensure proper range for arguments to ctype.h functions.
masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
util/check-includes for how this was tested.
145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
<isc/result.h>.
of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
need <isc/eventclass.h>.
instead of <isc/time.h>.
128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
and creates null keys/sets zone status bit for
<isc/result.h>.
<isc/result.h>. Multiple inclusion protection
isc_symtab_t moved to <isc/types.h>.
<isc/net.h>.
118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
117. [cleanup] libdns.a changes:
116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
<isc/list.h>.
<isc/mutex.h>.
<isc/list.h>.
bin/tests/{db,mem,sockaddr,tasks,timers}/.
108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
105. [doc] doc/dev/coding.html expanded with other
103. [func] libisc buffer API changes for <isc/buffer.h>:
on BSD/OS 4.1.
101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
<isc/event.h>.
or <isc/result.h>.
<isc/result.h>.
90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
from <named/listenlist.h>.
<isc/mem.h>. isc_interface_t and isc_interfaceiter_t
moved to <isc/types.h>.
86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
<isc/types.h>.
<isc/int.h>.
<isc/lang.h>.
subsumed by file.o.
OpenSSL libraries/headers.
from <dns/types.h>.
59. [bug] Cause net/host unreachable to be a hard error
58. [bug] bin/named/query.c could sometimes trigger the
(client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
<sys/param.h>.
logging module "dns/validator".
and isc_lex_t to <isc/types.h>.
31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
25. [bug] make install failed to install <isc/log.h> and
configure.in to check for presence of in6addr_any.
9. [cleanup] replaced bit-setting code in confctx.c and replaced
4. [port] bin/named/unix/os.c didn't compile on systems with
get only what we need from <linux/capability.h>, and
systems without /dev/random.
lib/isc/unix/include/isc/Makefile.in had a typo which