CHANGES revision 017aa9aef63aaef6a370c180f6290b8388deda01
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff4019. [func] If named is not configured to validate the answer
3b7f610bec248f85e25a52a0ad7dec9894389ca5Tinderbox User then allow fallback to plain DNS on timeout even
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence when we know the server supports EDNS. [RT #37978]
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews4018. [placeholder]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff4017. [test] Add system test to check lookups to legacy servers
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff with broken DNS behaviour. [RT #37965]
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence4016. [bug] Fix a dig segfault due to bad linked list usage.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff4015. [bug] Nameservers that are skipped due to them being
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff CNAMEs were not being logged. They are now logged
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff to category 'cname' as per BIND 8. [RT #37935]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff4014. [bug] When including a master file origin_changed was
ce24330566b66a5ca8522fa948fb36b94a4d6981Mark Andrews not being properly set leading to a potentially
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence spurious 'inherited owner' warning. [RT #37919]
6028d1ce0380d0ba7f6c6ecd1ad20b31ddd1becbDavid Lawrence4013. [func] Add a new tcp-only option to server (config) /
364a82f7c25b62967678027043425201a5e5171aBob Halley peer (struct) to use TCP transport to send
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff queries (in place of UDP transport with a
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrence TCP fallback on truncated (TC set) response).
531eafa3026663020f4a2ac5587cce44341e3442Andreas Gustafsson4012. [cleanup] Check returned status of OpenSSL digest and HMAC
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff functions when they return one. Note this applies
5bd76af084edfdcd1cb4db9453ac781d32dde6f7Mark Andrews only to FIPS capable OpenSSL libraries put in
f647c0df9fd334b19a5bdc9c252f90d94c0abf1eMark Andrews FIPS mode and MD5. [RT #37944]
f9df80f4348ef68043903efa08299480324f4823Michael Graff4011. [bug] master's list port and dscp inheritance was not
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrence properly implemented. [RT #37792]
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrence4010. [cleanup] Clear the prefetchable state when initiating a
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington prefetch. [RT #37399]
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington4009. [func] delv: added a +tcp option. [RT #37855]
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews4008. [contrib] Updated zkt to latest version (1.1.3). [RT #37886]
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews4007. [doc] Remove acl forward reference restriction. [RT #37772]
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews4006. [security] A flaw in delegation handling could be exploited
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews to put named into an infinite loop. This has
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews been addressed by placing limits on the number
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews of levels of recursion named will allow (default 7),
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews and the number of iterative queries that it will
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews send (default 50) before terminating a recursive
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews query (CVE-2014-8500).
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The recursion depth limit is configured via the
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews "max-recursion-depth" option, and the query limit
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews via the "max-recursion-queries" option. [RT #37580]
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews4005. [func] The buffer used for returning text from rndc
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews commands is now dynamically resizable, allowing
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews arbitrarily large amounts of text to be sent back
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews to the client. (Prior to this change, it was
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews possible for the output of "rndc tsig-list" to be
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews truncated.) [RT #37731]
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews4004. [bug] When delegations had AAAA glue but not A, a
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews reference could be leaked causing an assertion
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews failure on shutdown. [RT #37796]
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews4003. [security] When geoip-directory was reconfigured during
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews named run-time, the previously loaded GeoIP
75ec9bc9c7b4f2485647414330122e7b8e188097Andreas Gustafsson data could remain, potentially causing wrong
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley ACLs to be used or wrong results to be served
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff based on geolocation (CVE-2014-8680). [RT #37720]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley4002. [security] Lookups in GeoIP databases that were not
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley loaded could cause an assertion failure
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley (CVE-2014-8680). [RT #37679]
f9df80f4348ef68043903efa08299480324f4823Michael Graff4001. [security] The caching of GeoIP lookups did not always
f9df80f4348ef68043903efa08299480324f4823Michael Graff handle address families correctly, potentially
f9df80f4348ef68043903efa08299480324f4823Michael Graff resulting in an assertion failure (CVE-2014-8680).
78838d3e0cd62423c23de5503910e01884d2104bBrian Wellington4000. [bug] NXDOMAIN redirection incorrectly handled NXRRSET
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk from the redirect zone. [RT #37722]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3999. [func] "mkeys" and "nzf" files are now named after
2a2618356ecdf5962230fe11606d2b106a638295Tinderbox User their corresponding views, unless the view name
78838d3e0cd62423c23de5503910e01884d2104bBrian Wellington contains characters that would be incompatible
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer with use in a filename (i.e., slash, backslash,
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer or capital letters). If a view name does contain
f9df80f4348ef68043903efa08299480324f4823Michael Graff these characters, the files will still be named
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews using a cryptographic hash of the view name.
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews Regardless of this, if a file using the old name
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein format is found to exist, it will continue to be
f9df80f4348ef68043903efa08299480324f4823Michael Graff used. [RT #37704]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff3998. [bug] isc_radix_search was returning matches that were
f9df80f4348ef68043903efa08299480324f4823Michael Graff too precise. [RT #37680]
16f43564c6875e2bedd346c18c494933ad51e4faMukund Sivaraman3997. [protocol] Add OPENGPGKEY record. [RT# 37671]
b02262cbcd550c63f85df76edc6fff556ea5e95dMichael Graff3996. [bug] Address use after free on out of memory error in
b02262cbcd550c63f85df76edc6fff556ea5e95dMichael Graff keyring_add. [RT #37639]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3995. [bug] receive_secure_serial holds the zone lock for too
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein long. [RT #37626]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3994. [func] Dig now supports setting the last unassigned DNS
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer header flag bit (dig +zflag). [RT #37421]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3993. [func] Dig now supports EDNS negotiation by default.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer (dig +[no]ednsnegotiation). [RT #37604]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3992. [func] DiG can now send queries without questions
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer (dig +header-only). [RT #37599]
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer3991. [func] Add the ability to buffer logging output by specifying
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer "buffered yes;" when defining a channel. [RT #26561]
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer3990. [testing] Add tests for unknown DNSSEC algorithm handling.
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer3989. [cleanup] Remove redundent dns_db_resigned calls. [RT #35748]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3988. [func] Allow the zone serial of a dynamically updatable
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer zone to be updated via "rndc signing -serial".
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3987. [func] Handle future Visual Studio 14 incompatible changes.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3986. [doc] Add the BIND version number to page footers
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer in the ARM. [RT #37398]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3985. [doc] Describe how +ndots and +search interact in dig.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3984. [func] Accept 256 byte long PINs in native PKCS#11
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer crypto. [RT #37410]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3983. [bug] Change #3940 was incomplete: negative trust anchors
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer could be set to last up to a week, but the
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein "nta-lifetime" and "nta-recheck" options were
f9df80f4348ef68043903efa08299480324f4823Michael Graff still limited to one day. [RT #37522]
47b7dfffe5d806c6a5e99ef17f07bcde812c2132Francis Dupont3982. [doc] Include release notes in product documentation.
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff3981. [bug] Cache DS/NXDOMAIN independently of other query types.
f9df80f4348ef68043903efa08299480324f4823Michael Graff3980. [bug] Improve --with-tuning=large by self tuning of SO_RCVBUF
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff size. [RT #37187]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff3979. [bug] Negative trust anchor fetches were not properly
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff managed. [RT #37488]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3978. [test] Added a unit test for Diffie-Hellman key
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff computation, completing change #3974. [RT #37477]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3977. [cleanup] "rndc secroots" reported a "not found" error when
f9df80f4348ef68043903efa08299480324f4823Michael Graff there were no negative trust anchors set. [RT #37506]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff3976. [bug] When refreshing managed-key trust anchors, clear
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff any cached trust so that they will always be
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff revalidated with the current set of secure
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff roots. [RT #37506]
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews3975. [bug] Don't populate or use the bad cache for queries that
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews don't request or use recursion. [RT #37466]
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews3974. [bug] Handle DH_compute_key() failure correctly in
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff3973. [func] Added hooks for Google/Great Performance Tools
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff CPU Profiler, including in real time. [RT #37339]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff3972. [bug] Fix host's usage statement. [RT #37397]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3971. [bug] Reduce the cascading failures due to a bad $TTL line
f9df80f4348ef68043903efa08299480324f4823Michael Graff in named-checkconf / named-checkzone. [RT #37138]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff3970. [contrib] Fixed a use after free bug in the SDB LDAP driver.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff3969. [test] Added 'delv' system test. [RT #36901]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff3968. [bug] Silence spurious log messages when using 'named -[46]'.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff3967. [test] Add test for inlined signed zone in multiple views
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff with different DNSKEY sets. [RT #35759]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff3966. [bug] Missing dns_db_closeversion call in receive_secure_db.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff3965. [func] Log outgoing packets and improve packet logging to
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff support logging the remote address. [RT #36624]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff3964. [func] nsupdate now performs check-names processing.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff3963. [test] Added NXRRSET test cases to the "dlzexternal"
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff system test. [RT #37344]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff3962. [bug] 'dig +topdown +trace +sigchase' address unhandled error
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff conditions. [RT #34663]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff BADSIG. [RT #37216]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff3960. [bug] 'dig +sigchase' could loop forever. [RT #37220]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff3959. [bug] Updates could be lost if they arrived immediately
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff after a rndc thaw. [RT #37233]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff3958. [bug] Detect when writeable files have multiple references
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff in named.conf. [RT #37172]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence and ECDSAP384SHA384. [RT #37183]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3956. [func] Notify messages are now rate limited by notify-rate and
f9df80f4348ef68043903efa08299480324f4823Michael Graff startup-notify-rate instead of serial-query-rate.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff3955. [bug] Notify messages due to changes are no longer queued
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff behind startup notify messages. [RT #24454]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff3954. [bug] Unchecked mutex init in dlz_dlopen_driver.c [RT #37112]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff3952. [bug] dns_name_fullcompare failed to set *nlabelsp when the
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff two name pointers were the same. [RT #37176]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3951. [func] Add the ability to set yet-to-be-defined EDNS flags
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff to dig (+ednsflags=#). [RT #37142]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3950. [port] Changed the bin/python Makefile to work around a
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff bmake bug in FreeBSD 10 and NetBSD 6. [RT #36993]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff3949. [experimental] Experimental support for draft-andrews-edns1 by sending
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence EDNS(1) queries (define DRAFT_ANDREWS_EDNS1 when
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff building). Add support for limiting the EDNS version
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff advertised to servers: server { edns-version 0; };
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff Log the EDNS version received in the query log.
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3948. [port] solaris: RCVBUFSIZE was too large on Solaris with
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff --with-tuning=large. [RT #37059]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3947. [cleanup] Set the executable bit on libraries when using
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff libtool. [RT #36786]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3946. [cleanup] Improved "configure" search for a python interpreter.
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff3945. [bug] Invalid wildcard expansions could be incorrectly
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff accepted by the validator. [RT #37093]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff3944. [test] Added a regression test for "server-id". [RT #37057]
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff3943. [func] SERVFAIL responses can now be cached for a
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff limited time (configured by "servfail-ttl",
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff default 10 seconds, limit 30). This can reduce
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff the frequency of retries when an authoritative
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence server is known to be failing, e.g., due to
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff ongoing DNSSEC validation problems. [RT #21347]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3942. [bug] Wildcard responses from a optout range should be
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff marked as insecure. [RT #37072]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3941. [doc] Include the BIND version number in the ARM. [RT #37067]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3940. [func] "rndc nta" now allows negative trust anchors to be
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff set for up to one week. [RT #37069]
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff3939. [func] Improve UPDATE forwarding performance by allowing TCP
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff connections to be shared. [RT #37039]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3938. [placeholder]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3937. [func] Added some debug logging to better indicate the
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff conditions causing SERVFAILs when resolving.
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3936. [func] Added authoritative support for the EDNS Client
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff Subnet (ECS) option.
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff ACLs can now include "ecs" elements which specify
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff an address or network prefix; if an ECS option is
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff included in a DNS query, then the address encoded
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff in the option will be matched against "ecs" ACL
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff Also, if an ECS address is included in a query,
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff then it will be used instead of the client source
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff address when matching "geoip" ACL elements. This
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff behavior can be overridden with "geoip-use-ecs no;".
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence (Note: to enable "geoip" ACLs, use "configure
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff --with-geoip". This requires libGeoIP version
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff 1.5.0 or higher.)
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff When "ecs" or "geoip" ACL elements are used to
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence select a view for a query, the response will include
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff an ECS option to indicate which client network the
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff answer is valid for.
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff (Thanks to Vincent Bernat.) [RT #36781]
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff3935. [bug] "geoip asnum" ACL elements would not match unless
29d52c001ff976561669375cf0c866b815a90c49Mark Andrews the full organization name was specified. They
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff can now match against the AS number alone (e.g.,
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff AS1234). [RT #36945]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3934. [bug] Catch bad 'sit-secret' in named-checkconf. Improve
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff sit-secret documentation. [RT #36980]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3933. [bug] Corrected the implementation of dns_rdata_casecompare()
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff for the HIP rdata type. [RT #36911]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3932. [test] Improved named-checkconf tests. [RT #36911]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3931. [cleanup] Cleanup how dlz grammar is defined. [RT #36879]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3930. [bug] "rndc nta -r" could cause a server hang if the
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff NTA was not found. [RT #36909]
a8da00ef95ba37b9d071c2b8db1a0c967e060106Mark Andrews3929. [bug] 'host -a' needed to clear idnoptions. [RT #36963]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3928. [test] Improve rndc system test. [RT #36898]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3927. [bug] dig: report PKCS#11 error codes correctly when
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff compiled with --enable-native-pkcs11. [RT #36956]
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3926. [doc] Added doc for geoip-directory. [RT #36877]
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917]
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3924. [bug] Improve 'rndc addzone' error reporting. [RT #35187]
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3923. [bug] Sanity check the xml2-config output. [RT #22246]
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3922. [bug] When resigning, dnssec-signzone was removing
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington all signatures from delegation nodes. It now
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington retains DS and (if applicable) NSEC signatures.
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3921. [bug] AD was inappropriately set on RPZ responses. [RT #36833]
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3920. [doc] Added doc for masterfile-style. [RT #36823]
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3919. [bug] dig: continue to next line if a address lookup fails
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington in batch mode. [RT #36755]
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3918. [doc] Update check-spf documentation. [RT #36910]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence3917. [bug] dig, nslookup and host now continue on names that are
f9df80f4348ef68043903efa08299480324f4823Michael Graff too long after applying a search list elements.
f9df80f4348ef68043903efa08299480324f4823Michael Graff3916. [contrib] zone2sqlite checked wrong result code. Address
e223094b2248afa2697c531f75e6f84855638becMichael Graff compiler warnings. [RT #36931]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3915. [bug] Address a assertion if a route event arrived while
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley shutting down. [RT #36887]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3914. [bug] Allow the URI target and CAA value fields to
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley be zero length. [RT #36737]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3913. [bug] Address race issue in dispatch. [RT #36731]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3912. [bug] Address some unrecoverable lookup failures. [RT #36330]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington3911. [func] Implement EDNS EXPIRE option client side, allowing
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington a slave server to set the expiration timer correctly
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington when transferring zone data from another slave
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington server. [RT #35925]
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley3910. [bug] Fix races to free event during shutdown. [RT #36720]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff3909. [bug] When computing the number of elements required for a
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff acl count_acl_elements could have a short count leading
f9df80f4348ef68043903efa08299480324f4823Michael Graff to a assertion failure. Also zero out new acl elements
f9df80f4348ef68043903efa08299480324f4823Michael Graff in dns_acl_merge. [RT #36675]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence3908. [bug] rndc now differentiates between a zone in multiple
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington views and a zone that doesn't exist at all. [RT #36691]
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington3907. [cleanup] Alphabetize rndc help. [RT #36683]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington3906. [protocol] Update URI record format to comply with
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington draft-faltstrom-uri-08. [RT #36642]
19c7cce8555ccc0c95455a0c35dedd017d420d05Mark Andrews3905. [bug] Address deadlock between view.c and adb.c. [RT #36341]
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington3904. [func] Add the RPZ SOA to the additional section. [RT36507]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3903. [bug] Improve the accuracy of DiG's reported round trip
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley time. [RT 36611]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3902. [bug] liblwres wasn't handling link-local addresses in
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence nameserver clauses in resolv.conf. [RT #36039]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3901. [protocol] Added support for CAA record type (RFC 6844).
996028142c5f95492fcd42e69186b95641320c7bBob Halley3900. [bug] Fix a crash in PostgreSQL DLZ driver. [RT #36637]
f7fbd68b1cd96c733140fce938a61faf8b459b6fBrian Wellington3899. [bug] "request-ixfr" is only applicable to slave and redirect
f7fbd68b1cd96c733140fce938a61faf8b459b6fBrian Wellington zones. [RT #36608]
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson3898. [bug] Too small a buffer in tohexstr() calls in test code.
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington3897. [bug] RPZ summary information was not properly being updated
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington after a AXFR resulting in changes sometimes being
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington ignored. [RT #35885]
ce67023ae3ad39a77da5361d0187ab6f3f0219cbMark Andrews3896. [bug] Address performance issues with DSCP code on some
ce67023ae3ad39a77da5361d0187ab6f3f0219cbMark Andrews platforms. [RT #36534]
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews3895. [func] Add the ability to set the DSCP code point to dig.
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3894. [bug] Buffers in isc_print_vsnprintf were not properly
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley initialized leading to potential overflows when
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley printing out quad values. [RT #36505]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3893. [bug] Peer DSCP values could be returned without being set.
f9df80f4348ef68043903efa08299480324f4823Michael Graff3892. [bug] Setting '-t aaaa' in .digrc had unintended side
f9df80f4348ef68043903efa08299480324f4823Michael Graff effects. [RT #36452]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3891. [bug] Use ${INSTALL_SCRIPT} rather than ${INSTALL_PROGRAM}
f9df80f4348ef68043903efa08299480324f4823Michael Graff to install python programs.
f9df80f4348ef68043903efa08299480324f4823Michael Graff3890. [bug] RRSIG sets that were not loaded in a single transaction
f9df80f4348ef68043903efa08299480324f4823Michael Graff at start up where not being correctly added to
f9df80f4348ef68043903efa08299480324f4823Michael Graff re-signing heaps. [RT #36302]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3889. [port] hurd: configure fixes as per:
f9df80f4348ef68043903efa08299480324f4823Michael Graff https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746540
f9df80f4348ef68043903efa08299480324f4823Michael Graff3888. [func] 'rndc status' now reports the number of automatic
f2762b0d99a9f1cc43f57f713aa632f6abe37892Michael Graff zones. [RT #36015]
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff3887. [cleanup] Make all static symbols in rbtdb64 end in "64" so
f9df80f4348ef68043903efa08299480324f4823Michael Graff they are easier to use in a debugger. [RT #36373]
d2762d6c3797b1ce43965404d03b410f215932e0Michael Graff3886. [bug] rbtdb_write_header should use a once to initialize
d2762d6c3797b1ce43965404d03b410f215932e0Michael Graff FILE_VERSION. [RT #36374]
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff3885. [port] Use 'open()' rather than 'file()' to open files in
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3884. [protocol] Add CDS and CDNSKEY record types. [RT #36333]
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley3883. [placeholder]
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley3882. [func] By default, negative trust anchors will be tested
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley periodically to see whether data below them can be
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley validated, and if so, they will be allowed to
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley expire early. The "rndc nta -force" option
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley overrides this behavior. The default NTA lifetime
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley and the recheck frequency can be configured by the
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley "nta-lifetime" and "nta-recheck" options. [RT #36146]
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley3881. [bug] Address memory leak with UPDATE error handling.
ce67023ae3ad39a77da5361d0187ab6f3f0219cbMark Andrews3880. [test] Update ans.pl to work with new TSIG support in
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley Net::DNS; add additional Net::DNS version prerequisite
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley checks. [RT #36327]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington3879. [func] Add version printing option to various BIND utilities.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3878. [bug] Using the incorrect filename for a DLZ module
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington caused a segmentation fault on startup. [RT #36286]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington3877. [bug] Inserting and deleting parent and child nodes
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington in response policy zones could trigger an assertion
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington failure. [RT #36272]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington3876. [bug] Improve efficiency of DLZ redirect zones by
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington suppressing unnecessary database lookups. [RT #35835]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington3875. [cleanup] Clarify log message when unable to read private
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington key files. [RT #24702]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington3874. [test] Check that only "check-names master" is needed for
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington updates to be accepted.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3873. [protocol] Only warn for SPF without TXT spf record. [RT #36210]
d1cbf714097e900ed1703529584d3e1a50e8a4a8Brian Wellington3872. [bug] Address issues found by static analysis. [RT #36209]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington3871. [bug] Don't publish an activated key automatically before
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington its publish time. [RT #35063]
22057930cd2a71e1073781b650c7296739c869a6Brian Wellington3870. [func] Updated the random number generator used in
22057930cd2a71e1073781b650c7296739c869a6Brian Wellington the resolver to use the updated ChaCha based one
6dc130c7c95107748fff5f767161c2bb742f9f87Brian Wellington (similar to OpenBSD's changes). Also moved the
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington RNG to libisc and added unit tests for it.
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington3869. [doc] Document that in-view zones cannot be used for
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington response policy zones. [RT #35941]
d1cbf714097e900ed1703529584d3e1a50e8a4a8Brian Wellington3868. [bug] isc_mem_setwater incorrectly cleared hi_called
d1cbf714097e900ed1703529584d3e1a50e8a4a8Brian Wellington potentially leaving over memory cleaner running.
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington3867. [func] "rndc nta" can now be used to set a temporary
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington negative trust anchor, which disables DNSSEC
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington validation below a specified name for a specified
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington period of time (not exceeding 24 hours). This
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington can be used when validation for a domain is known
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley to be failing due to a configuration error on
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley the part of the domain owner rather than a
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson spoofing attack. [RT #29358]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3866. [bug] Named could die on disk full in generate_session_key.
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff3865. [test] Improved testability of the red-black tree
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley implementation and added unit tests. [RT #35904]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3864. [bug] RPZ didn't work well when being used as forwarder.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3863. [bug] The "E" flag was missing from the query log as a
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley unintended side effect of code rearrangement to
f9df80f4348ef68043903efa08299480324f4823Michael Graff support EDNS EXPIRE. [RT #36117]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3862. [cleanup] Return immediately if we are not going to log the
f9df80f4348ef68043903efa08299480324f4823Michael Graff message in ns_client_dumpmessage.
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff3861. [security] Missing isc_buffer_availablelength check results
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff in a REQUIRE assertion when printing out a packet
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff (CVE-2014-3859). [RT #36078]
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff3860. [bug] ioctl(DP_POLL) array size needs to be determined
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff at run time as it is limited to {OPEN_MAX}.
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff3859. [placeholder]
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff3858. [bug] Disable GCC 4.9 "delete null pointer check".
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff3857. [bug] Make it harder for a incorrect NOEDNS classification
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff to be made. [RT #36020]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3856. [bug] Configuring libjson without also configuring libxml
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff resulted in a REQUIRE assertion when retrieving
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff statistics using json. [RT #36009]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3855. [bug] Limit smoothed round trip time aging to no more than
f9df80f4348ef68043903efa08299480324f4823Michael Graff once a second. [RT #32909]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3854. [cleanup] Report unrecognized options, if any, in the final
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff configure summary. [RT #36014]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3853. [cleanup] Refactor dns_rdataslab_fromrdataset to separate out
f9df80f4348ef68043903efa08299480324f4823Michael Graff the handling of a rdataset with no records. [RT #35968]
5f8b996a813e3e0adfbba2abf7671f631e21e056Brian Wellington3852. [func] Increase the default number of clients available
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff for servicing lightweight resolver queries, and
f9df80f4348ef68043903efa08299480324f4823Michael Graff make them configurable via the "lwres-tasks" and
f9df80f4348ef68043903efa08299480324f4823Michael Graff "lwres-clients" options. (Thanks to Tomas Hozza.)
f9df80f4348ef68043903efa08299480324f4823Michael Graff3851. [func] Allow libseccomp based system-call filtering
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff on Linux; use "configure --enable-seccomp" to
f9df80f4348ef68043903efa08299480324f4823Michael Graff turn it on. Thanks to Loganaden Velvindron
f9df80f4348ef68043903efa08299480324f4823Michael Graff of AFRINIC for the contribution. [RT #35347]
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff3850. [bug] Disabling forwarding could trigger a REQUIRE assertion.
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff3849. [doc] Alphabetized dig's +options. [RT #35992]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff3848. [bug] Adjust 'statistics-channels specified but not effective'
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff error message to account for JSON support. [RT #36008]
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff3847. [bug] 'configure --with-dlz-postgres' failed to fail when
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff there is not support available.
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff3846. [bug] "dig +notcp ixfr=<serial>" should result in a UDP
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff ixfr query. [RT #35980]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3845. [placeholder]
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3844. [bug] Use the x64 version of the Microsoft Visual C++
5f8b996a813e3e0adfbba2abf7671f631e21e056Brian Wellington Redistributable when built for 64 bit Windows.
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3843. [protocol] Check EDNS EXPIRE option in dns_rdata_fromwire.
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3842. [bug] Adjust RRL log-only logging category. [RT #35945]
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3841. [cleanup] Refactor zone.c:add_opt to use dns_message_buildopt.
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington3840. [port] Check for arc4random_addrandom() before using it;
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington it's been removed from OpenBSD 5.5. [RT #35907]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington3839. [test] Use only posix-compatible shell in system tests.
481e9b573b8233f8678c1dd4549c8c949312e81dMark Andrews3838. [protocol] EDNS EXPIRE as been assigned a code point of 9.
8d6fe3f38895752e3603cf2e1e9a0446b38f20cfBrian Wellington3837. [security] A NULL pointer is passed to query_prefetch resulting
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington a REQUIRE assertion failure when a fetch is actually
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington initiated (CVE-2014-3214). [RT #35899]
8d6fe3f38895752e3603cf2e1e9a0446b38f20cfBrian Wellington3836. [bug] Address C++ keyword usage in header file.
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington3835. [bug] Geoip ACL elements didn't work correctly when
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington referenced via named or nested ACLs. [RT #35879]
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington3834. [bug] The re-signing heaps were not being updated soon enough
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington leading to multiple re-generations of the same RRSIG
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington when a zone transfer was in progress. [RT #35273]
8d6fe3f38895752e3603cf2e1e9a0446b38f20cfBrian Wellington3833. [bug] Cross compiling was broken due to calling genrandom at
5c688a008a28f215cd772377774e6a1ed07d0525Brian Wellington build time. [RT #35869]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff3832. [func] "named -L <filename>" causes named to send log
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff messages to the specified file by default instead
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff of to the system log. (Thanks to Tony Finch.)
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff3831. [cleanup] Reduce logging noise when EDNS state changes occur.
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff3830. [func] When query logging is enabled, log query errors at
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff the same level ('info') as the queries themselves.
f9df80f4348ef68043903efa08299480324f4823Michael Graff3829. [func] "dig +ttlunits" causes dig to print TTL values
f9df80f4348ef68043903efa08299480324f4823Michael Graff with time-unit suffixes: w, d, h, m, s for
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff weeks, days, hours, minutes, and seconds. (Thanks
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff to Tony Finch.) [RT #35823]
3bd43bb300ca4b65602bcffcbd321865d4f18db9Brian Wellington3828. [func] "dnssec-signzone -N date" updates serial number
3bd43bb300ca4b65602bcffcbd321865d4f18db9Brian Wellington to the current date in YYYYMMDDNN format.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3827. [placeholder]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3826. [bug] Corrected bad INSIST logic in isc_radix_remove().
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3825. [bug] Address sign extension bug in isc_regex_validate.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3824. [bug] A collision between two flag values could cause
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington problems with cache cleaning when SIT was enabled.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3823. [func] Log the rpz cname target when rewriting. [RT #35667]
abaec24086f0cc3d7c0994ca9d2247b40eb6aaedBrian Wellington3822. [bug] Log the correct type of static-stub zones when
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington removing them. [RT #35842]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3821. [contrib] Added a new "mysqldyn" DLZ module with dynamic
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington update and transaction support. Thanks to Marty
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington Lee for the contribution. [RT #35656]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3820. [func] The DLZ API doesn't pass the database version to
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington the lookup() function; this can cause DLZ modules
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington that allow dynamic updates to mishandle prerequisite
abaec24086f0cc3d7c0994ca9d2247b40eb6aaedBrian Wellington checks. This has been corrected by adding a
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington 'dbversion' field to the dns_clientinfo_t
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington structure. [RT #35656]
f2338a0d6aa0327372eb20ab5dc29502bc8c71efBrian Wellington3819. [bug] NSEC3 hashes need to be able to be entered and
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington displayed without padding. This is not a issue for
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington currently defined algorithms but may be for future
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington hash algorithms. [RT #27925]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3818. [bug] Stop lying to the optimizer that 'void *arg' is a
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington constant in isc_event_allocate.
abaec24086f0cc3d7c0994ca9d2247b40eb6aaedBrian Wellington3817. [func] The "delve" command is now spelled "delv" to avoid
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington a namespace collision with the Xapian project.
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3816. [func] "dig +qr" now reports query size. (Thanks to
f9df80f4348ef68043903efa08299480324f4823Michael Graff Tony Finch.) [RT #35822]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff3815. [doc] Clarify "nsupdate -y" usage in man page. [RT #35808]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3814. [func] The "masterfile-style" zone option controls the
f9df80f4348ef68043903efa08299480324f4823Michael Graff formatting of dumped zone files. Options are
f9df80f4348ef68043903efa08299480324f4823Michael Graff "relative" (multiline format) and "full" (one
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff record per line). The default is "relative".
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff3813. [func] "host" now recognizes the "timeout", "attempts" and
f9df80f4348ef68043903efa08299480324f4823Michael Graff "debug" options when set in /etc/resolv.conf.
f9df80f4348ef68043903efa08299480324f4823Michael Graff (Thanks to Adam Tkac at RedHat.) [RT #21885]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff3812. [func] Dig now supports sending arbitrary EDNS options from
f9df80f4348ef68043903efa08299480324f4823Michael Graff the command line (+ednsopt=code[:value]). [RT #35584]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff3811. [func] "serial-update-method date;" sets serial number
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff on dynamic update to today's date in YYYYMMDDNN
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff format. (Thanks to Bradley Forschinger.) [RT #24903]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3810. [bug] Work around broken nameservers that fail to ignore
f9df80f4348ef68043903efa08299480324f4823Michael Graff unknown EDNS options. [RT #35766]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff3809. [doc] Fix SIT and NSID documentation.
f9df80f4348ef68043903efa08299480324f4823Michael Graff3808. [doc] Clean up "prefetch" documentation. [RT #35751]
df925e6c66d45d960fbac0383169763967d2111cEvan Hunt3807. [bug] Fix sign extension bug in dns_name_fromtext when
df925e6c66d45d960fbac0383169763967d2111cEvan Hunt lowercase is set. [RT #35743]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3806. [test] Improved system test portability. [RT #35625]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff3805. [contrib] Added contrib/perftcpdns, a performance testing tool
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff for DNS over TCP. [RT #35710]
f9df80f4348ef68043903efa08299480324f4823Michael Graff --- 9.10.0rc1 released ---
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff3804. [bug] Corrected a race condition in dispatch.c in which
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff portentry could be reset leading to an assertion
f9df80f4348ef68043903efa08299480324f4823Michael Graff failure in socket_search(). (Change #3708
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff addressed the same issue but was incomplete.)
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff3803. [bug] "named-checkconf -z" incorrectly rejected zones
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff using alternate data sources for not having a "file"
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff option. [RT #35685]
16f43564c6875e2bedd346c18c494933ad51e4faMukund Sivaraman3802. [bug] Various header files were not being installed.
0583bf2d0affe0a90ca2284cc27840b160029ff9Michael Graff3801. [port] Fix probing for gssapi support on FreeBSD. [RT #35615]
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff3800. [bug] A pending event on the route socket could cause an
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff assertion failure when shutting down named. [RT #35674]
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff3799. [bug] Improve named's command line error reporting.
0583bf2d0affe0a90ca2284cc27840b160029ff9Michael Graff3798. [bug] 'rndc zonestatus' was reporting the wrong re-signing
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff time. [RT #35659]
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence3797. [port] netbsd: geoip support probing was broken. [RT #35642]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff3796. [bug] Register dns and pkcs#11 error codes. [RT #35629]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3795. [bug] Make named-checkconf detect raw masterfiles for
e43b9a20054cdda6946ab758e1c2005f2b25641aBrian Wellington hint zones and reject them. [RT #35268]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff3794. [maint] Added AAAA for C.ROOT-SERVERS.NET.
f9df80f4348ef68043903efa08299480324f4823Michael Graff3793. [bug] zone.c:save_nsec3param() could assert when out of
f9df80f4348ef68043903efa08299480324f4823Michael Graff memory. [RT #35621]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3792. [func] Provide links to the alternate statistics views when
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff displaying in a browser. [RT #35605]
703dfde61b044a866875f6217cb34acf0ff298acBrian Wellington3791. [placeholder]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff3790. [bug] Handle broken nameservers that send BADVERS in
703dfde61b044a866875f6217cb34acf0ff298acBrian Wellington response to unknown EDNS options. Maintain
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff statistics on BADVERS responses.
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff3789. [bug] Null pointer dereference on rbt creation failure.
f9df80f4348ef68043903efa08299480324f4823Michael Graff3788. [bug] dns_peer_getrequestsit was returning request_nsid by
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff --- 9.10.0b2 released ---
f9df80f4348ef68043903efa08299480324f4823Michael Graff3787. [bug] The code that checks whether "auto-dnssec" is
f9df80f4348ef68043903efa08299480324f4823Michael Graff allowed was ignoring "allow-update" ACLs set at
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence the options or view level. [RT #29536]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3786. [func] Provide more detailed error codes when using
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley native PKCS#11. "pkcs11-tokens" now fails robustly
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley rather than asserting when run against an HSM with
f9df80f4348ef68043903efa08299480324f4823Michael Graff an incomplete PKCS#11 API implementation. [RT #35479]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3785. [bug] Debugging code dumphex didn't accept arbitrarily long
f9df80f4348ef68043903efa08299480324f4823Michael Graff input (only compiled with -DDEBUG). [RT #35544]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence3784. [bug] Using "rrset-order fixed" when it had not been
f9df80f4348ef68043903efa08299480324f4823Michael Graff enabled at compile time caused inconsistent
f9df80f4348ef68043903efa08299480324f4823Michael Graff results. It now works as documented, defaulting
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff to cyclic mode. [RT #28104]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3783. [func] "tsig-keygen" is now available as an alternate
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff command name for "ddns-confgen". It generates
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff a TSIG key in named.conf format without comments.
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff3782. [func] Specifying "auto" as the salt when using
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff "rndc signing -nsec3param" causes named to
f9df80f4348ef68043903efa08299480324f4823Michael Graff generate a 64-bit salt at random. [RT #35322]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3781. [tuning] Use adaptive mutex locks when available; this
f9df80f4348ef68043903efa08299480324f4823Michael Graff has been found to improve performance under load
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson on many systems. "configure --with-locktype=standard"
99eba32b06d21623b14161bd6543c91201d9cbafAndreas Gustafsson restores conventional mutex locks. [RT #32576]
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson3780. [bug] $GENERATE handled negative numbers incorrectly.
f1b68725503ff3e46001eee5a1751e29a43a09d1Andreas Gustafsson3779. [cleanup] Clarify the error message when using an option
f1b68725503ff3e46001eee5a1751e29a43a09d1Andreas Gustafsson that was not enabled at compile time. [RT #35504]
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson3778. [bug] Log a warning when the wrong address family is
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson used in "listen-on" or "listen-on-v6". [RT #17848]
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson3777. [bug] EDNS EXPIRE code could dump core when processing
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson DLZ queries. [RT #35493]
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson3776. [func] "rndc -q" suppresses output from successful
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson rndc commands. Errors are printed on stderr.
6657a9e2d8c039be0bec367cae59a91d77ccaad4Mark Andrews3775. [bug] dlz_dlopen driver could return the wrong error
6657a9e2d8c039be0bec367cae59a91d77ccaad4Mark Andrews code on API version mismatch, leading to a segfault.
6657a9e2d8c039be0bec367cae59a91d77ccaad4Mark Andrews3774. [func] When using "request-nsid", log the NSID value in
6657a9e2d8c039be0bec367cae59a91d77ccaad4Mark Andrews printable form as well as hex. [RT #20864]
9da98335c185c39591150ccb4e307adc4cea44bcMukund Sivaraman3773. [func] "host", "nslookup" and "nsupdate" now have
9da98335c185c39591150ccb4e307adc4cea44bcMukund Sivaraman options to print the version number and exit.
6657a9e2d8c039be0bec367cae59a91d77ccaad4Mark Andrews3772. [contrib] Added sqlite3 dynamically-loadable DLZ module.
6657a9e2d8c039be0bec367cae59a91d77ccaad4Mark Andrews (Based in part on a contribution from Tim Tessier.)
6657a9e2d8c039be0bec367cae59a91d77ccaad4Mark Andrews3771. [cleanup] Adjusted log level for "using built-in key"
6657a9e2d8c039be0bec367cae59a91d77ccaad4Mark Andrews messages. [RT #24383]
6657a9e2d8c039be0bec367cae59a91d77ccaad4Mark Andrews3770. [bug] "dig +trace" could fail with an assertion when it
6657a9e2d8c039be0bec367cae59a91d77ccaad4Mark Andrews needed to fall back to TCP due to a truncated
6657a9e2d8c039be0bec367cae59a91d77ccaad4Mark Andrews response. [RT #24660]
6657a9e2d8c039be0bec367cae59a91d77ccaad4Mark Andrews3769. [doc] Improved documentation of "rndc signing -list".
186817c92c7bd1a65aa562d73415abee2e79922bMichael Graff3768. [bug] "dnssec-checkds" was missing the SHA-384 digest
186817c92c7bd1a65aa562d73415abee2e79922bMichael Graff algorithm. [RT #34000]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3767. [func] Log explicitly when using rndc.key to configure
e223094b2248afa2697c531f75e6f84855638becMichael Graff command channel. [RT #35316]
9da98335c185c39591150ccb4e307adc4cea44bcMukund Sivaraman3766. [cleanup] Fixed problems with building outside the source
186817c92c7bd1a65aa562d73415abee2e79922bMichael Graff tree when using native PKCS#11. [RT #35459]
f1b68725503ff3e46001eee5a1751e29a43a09d1Andreas Gustafsson3765. [bug] Fixed a bug in "rndc secroots" that could crash
e223094b2248afa2697c531f75e6f84855638becMichael Graff named when dumping an empty keynode. [RT #35469]
9da98335c185c39591150ccb4e307adc4cea44bcMukund Sivaraman3764. [bug] The dnssec-keygen/settime -S and -i options
e223094b2248afa2697c531f75e6f84855638becMichael Graff (to set up a successor key and set the prepublication
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff interval) were missing from dnssec-keyfromlabel.
e223094b2248afa2697c531f75e6f84855638becMichael Graff3763. [bug] delve: Cache DNSSEC records to avoid the need to
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff re-fetch them when restarting validation. [RT #35476]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3762. [bug] Address build problems with --pkcs11-native +
e223094b2248afa2697c531f75e6f84855638becMichael Graff --with-openssl with ECDSA support. [RT #35467]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3761. [bug] Address dangling reference bug in dns_keytable_add.
e223094b2248afa2697c531f75e6f84855638becMichael Graff3760. [bug] Improve SIT with native PKCS#11 and on Windows.
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff3759. [port] Enable delve on Windows. [RT #35441]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3758. [port] Enable export library APIs on Windows. [RT #35382]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3757. [port] Enable Python tools (dnssec-coverage,
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff dnssec-checkds) to run on Windows. [RT #34355]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff3756. [bug] GSSAPI Kerberos realm checking was broken in
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff check_config leading to spurious messages being
e223094b2248afa2697c531f75e6f84855638becMichael Graff logged. [RT #35443]
e223094b2248afa2697c531f75e6f84855638becMichael Graff --- 9.10.0b1 released ---
e223094b2248afa2697c531f75e6f84855638becMichael Graff3755. [func] Add stats counters for known EDNS options + others.
e223094b2248afa2697c531f75e6f84855638becMichael Graff3754. [cleanup] win32: Installer now places files in the
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson Program Files area rather than system services.
e223094b2248afa2697c531f75e6f84855638becMichael Graff3753. [bug] allow-notify was ignoring keys. [RT #35425]
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3752. [bug] Address potential REQUIRE failure if
e223094b2248afa2697c531f75e6f84855638becMichael Graff DNS_STYLEFLAG_COMMENTDATA is set when printing out
e223094b2248afa2697c531f75e6f84855638becMichael Graff3751. [tuning] The default setting for the -U option (setting
e223094b2248afa2697c531f75e6f84855638becMichael Graff the number of UDP listeners per interface) has
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff been adjusted to improve performance. [RT #35417]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3750. [experimental] Partially implement EDNS EXPIRE option as described
e223094b2248afa2697c531f75e6f84855638becMichael Graff in draft-andrews-dnsext-expire-00. Retrieval of
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff the remaining time until expiry for slave zones
ecb6c5782ea248307e86c4bceac6c371d27576a6David Lawrence is supported.
ecb6c5782ea248307e86c4bceac6c371d27576a6David Lawrence EXPIRE uses an experimental option code (65002),
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff which is subject to change. [RT #35416]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff3749. [func] "dig +subnet" sends an EDNS client subnet option
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff containing the specified address/prefix when
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson querying. (Thanks to Wilmer van der Gaast.)
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff3748. [test] Use delve to test dns_client interfaces. [RT #35383]
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff3747. [bug] A race condition could lead to a core dump when
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff destroying a resolver fetch object. [RT #35385]
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson3746. [func] New "max-zone-ttl" option enforces maximum
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson TTLs for zones. If loading a zone containing a
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson higher TTL, the load fails. DDNS updates with
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson higher TTLs are accepted but the TTL is truncated.
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff (Note: Currently supported for master zones only;
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff inline-signing slaves will be added.) [RT #38405]
9dee95b41cfe1d33d542cc2ec0337d66b28b75abBrian Wellington3745. [func] "configure --with-tuning=large" adjusts various
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson compiled-in constants and default settings to
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff values suited to large servers with abundant
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews memory. [RT #29538]
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff3744. [experimental] SIT: send and process Source Identity Tokens
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff (similar to DNS Cookies by Donald Eastlake 3rd),
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson which are designed to help clients detect off-path
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson spoofed responses and for servers to identify
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson legitimate clients.
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson SIT uses an experimental EDNS option code (65001),
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson which will be changed to an IANA-assigned value
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson if the experiment is deemed a success.
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson SIT can be enabled via "configure --enable-sit" (or
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson --enable-developer). It is enabled by default in
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson Servers can be configured to send smaller responses
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff to clients that have not identified themselves via
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff SIT. RRL processing has also been updated;
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff legitimate clients are not subject to rate
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff limiting. [RT #35389]
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff3743. [bug] delegation-only flag wasn't working in forward zone
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff declarations despite being documented. This is
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff needed to support turning off forwarding and turning
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff on delegation only at the same name. [RT #35392]
8475bed9de77920f884f1ae296f581efbd1e42f8Mark Andrews3742. [port] linux: libcap support: declare curval at start of
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington block. [RT #35387]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington3741. [func] "delve" (domain entity lookup and validation engine):
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington A new tool with dig-like semantics for performing DNS
8475bed9de77920f884f1ae296f581efbd1e42f8Mark Andrews lookups, with internal DNSSEC validation, using the
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington same resolver and validator logic as named. This
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington allows easy validation of DNSSEC data in environments
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington with untrustworthy resolvers, and assists with
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington troubleshooting of DNSSEC problems. [RT #32406]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington3740. [contrib] Minor fixes to configure --with-dlz-bdb,
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington --with-dlz-postgres and --with-dlz-odbc. [RT #35340]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3739. [func] Added per-zone stats counters to track TCP and
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff UDP queries. [RT #35375]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3738. [bug] --enable-openssl-hash failed to build. [RT #35343]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3737. [bug] 'rndc retransfer' could trigger a assertion failure
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff with inline zones. [RT #35353]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3736. [bug] nsupdate: When specifying a server by name,
e223094b2248afa2697c531f75e6f84855638becMichael Graff fall back to alternate addresses if the first
e223094b2248afa2697c531f75e6f84855638becMichael Graff address for that name is not reachable. [RT #25784]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington3735. [cleanup] Merged the libiscpk11 library into libisc
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington to simplify dependencies. [RT #35205]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3734. [bug] Improve building with libtool. [RT #35314]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington3733. [func] Improve interface scanning support. Interface
d77d08780908c9dc30de7ffd76ca5407f7bf68f2Brian Wellington information will be automatically updated if the
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington OS supports routing sockets (MacOS, *BSD, Linux).
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff Use "automatic-interface-scan no;" to disable.
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff Add "rndc scan" to trigger a scan. [RT #23027]
f1b68725503ff3e46001eee5a1751e29a43a09d1Andreas Gustafsson3732. [contrib] Fixed a type mismatch causing the ODBC DLZ
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff driver to dump core on 64-bit systems. [RT #35324]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff3731. [func] Added a "no-case-compress" ACL, which causes
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff named to use case-insensitive compression
2f012d936b5ccdf6520c96a4de23721dc58a2221Automatic Updater (disabling change #3645) for specified
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington clients. (This is useful when dealing
4ce1248f0937485c777af38af02442499effa409Brian Wellington with broken client implementations that
4ce1248f0937485c777af38af02442499effa409Brian Wellington use case-sensitive name comparisons,
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington rejecting responses that fail to match the
4ce1248f0937485c777af38af02442499effa409Brian Wellington capitalization of the query that was sent.)
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3730. [cleanup] Added "never" as a synonym for "none" when
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff configuring key event dates in the dnssec tools.
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff3729. [bug] dnssec-keygen could set the publication date
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff incorrectly when only the activation date was
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff specified on the command line. [RT #35278]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3728. [doc] Expanded native-PKCS#11 documentation,
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff specifically pkcs11: URI labels. [RT #35287]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3727. [func] The isc_bitstring API is no longer used and
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff has been removed from libisc. [RT #35284]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3726. [cleanup] Clarified the error message when attempting
99eba32b06d21623b14161bd6543c91201d9cbafAndreas Gustafsson to configure more than 32 response-policy zones.
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff3725. [contrib] Updated zkt and nslint to newest versions,
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff cleaned up and rearranged the contrib
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff directory, and added a README.
e223094b2248afa2697c531f75e6f84855638becMichael Graff --- 9.10.0a2 released ---
e223094b2248afa2697c531f75e6f84855638becMichael Graff3724. [bug] win32: Fixed a bug that prevented dig and
e223094b2248afa2697c531f75e6f84855638becMichael Graff host from exiting properly after completing
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff a UDP query. [RT #35288]
2196128fc212d8b871c1ce88707e57b7b2619097Brian Wellington3723. [cleanup] Imported keys are now handled the same way
8475bed9de77920f884f1ae296f581efbd1e42f8Mark Andrews regardless of DNSSEC algorithm. [RT #35215]
2196128fc212d8b871c1ce88707e57b7b2619097Brian Wellington3722. [bug] Using geoip ACLs in a blackhole statement
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff could cause a segfault. [RT #35272]
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff3721. [doc] Improved documentation of the EDNS processing
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff enhancements introduced in change #3593. [RT #35275]
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff3720. [bug] Address compiler warnings. [RT #35261]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3719. [bug] Address memory leak in in peer.c. [RT #35255]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3718. [bug] A missing ISC_LINK_INIT in log.c. [RT #35260]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff3717. [port] hpux: Treat EOPNOTSUPP as a expected error code when
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff probing to see if it is possible to set dscp values
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff on a per packet basis. [RT #35252]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3716. [bug] The dns_request code was setting dcsp values when not
e223094b2248afa2697c531f75e6f84855638becMichael Graff requested. [RT #35252]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3715. [bug] The region and city databases could fail to
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff initialize when using some versions of libGeoIP,
e223094b2248afa2697c531f75e6f84855638becMichael Graff causing assertion failures when named was
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff configured to use them. [RT #35427]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3714. [test] System tests that need to test for cryptography
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews support before running can now use a common
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington "testcrypto.sh" script to do so. [RT #35213]
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff3713. [bug] Save memory by not storing "also-notify" addresses
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews in zone objects that are configured not to send
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews notify requests. [RT #35195]
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews3712. [placeholder]
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews3711. [placeholder]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff3710. [bug] Address double dns_zone_detach when switching to
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff using automatic empty zones from regular zones.
8475bed9de77920f884f1ae296f581efbd1e42f8Mark Andrews3709. [port] Use built-in versions of strptime() and timegm()
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff on all platforms to avoid portability issues.
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3708. [bug] Address a portentry locking issue in dispatch.c.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff3707. [bug] irs_resconf_load now returns ISC_R_FILENOTFOUND
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff on a missing resolv.conf file and initializes the
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff structure as if it had been configured with:
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff nameserver ::1
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff nameserver 127.0.0.1
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff Note: Callers will need to be updated to treat
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff ISC_R_FILENOTFOUND as a qualified success or else
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff they will leak memory. The following code fragment
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff will work with both old and new versions without
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff changing the behaviour of the existing code.
e223094b2248afa2697c531f75e6f84855638becMichael Graff resconf = NULL;
e223094b2248afa2697c531f75e6f84855638becMichael Graff result = irs_resconf_load(mctx, "/etc/resolv.conf",
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff if (result != ISC_SUCCESS) {
e223094b2248afa2697c531f75e6f84855638becMichael Graff if (resconf != NULL)
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff irs_resconf_destroy(&resconf);
97f75286ada13a1b06a424607e638bde5ebfb3caAndreas Gustafsson3706. [contrib] queryperf: Fixed a possible integer overflow when
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff printing results. [RT #35182]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington3705. [func] "configure --enable-native-pkcs11" enables BIND
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington to use the PKCS#11 API for all cryptographic
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff functions, so that it can drive a hardware service
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff module directly without the need to use a modified
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff OpenSSL as intermediary (so long as the HSM's vendor
f2762b0d99a9f1cc43f57f713aa632f6abe37892Michael Graff provides a complete-enough implementation of the
f2762b0d99a9f1cc43f57f713aa632f6abe37892Michael Graff PKCS#11 interface). This has been tested successfully
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff with the Thales nShield HSM and with SoftHSMv2 from
f2762b0d99a9f1cc43f57f713aa632f6abe37892Michael Graff the OpenDNSSEC project. [RT #29031]
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff3704. [protocol] Accept integer timestamps in RRSIG records. [RT #35185]
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff3703. [func] To improve recursive resolver performance, cache
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff records which are still being requested by clients
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff can now be automatically refreshed from the
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff authoritative server before they expire, reducing
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff or eliminating the time window in which no answer
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff is available in the cache. See the "prefetch" option
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff for more details. [RT #35041]
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews3702. [func] 'dnssec-coverage -l' option specifies a length
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews of time to check for coverage; events further into
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews the future are ignored. 'dnssec-coverage -z'
5e1c2afd107815aec1bd72193797356d3d12f24cAndreas Gustafsson checks only ZSK events, and 'dnssec-coverage -k'
5e1c2afd107815aec1bd72193797356d3d12f24cAndreas Gustafsson checks only KSK events. (Thanks to Peter Palfrader.)
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews3701. [func] named-checkconf can now obscure shared secrets
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews when printing by specifying '-x'. [RT #34465]
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3700. [func] Allow access to subgroups of XML statistics via
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews special URLs http://<server>:<port>/xml/v3/server,
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews /zones, /net, /tasks, /mem, and /status. [RT #35115]
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3699. [bug] Improvements to statistics channel XSL stylesheet:
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews the stylesheet can now be cached by the browser;
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews section headers are omitted from the stats display
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews when there is no data in those sections to be
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews displayed; counters are now right-justified for
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews easier readability. [RT #35117]
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3698. [cleanup] Replaced all uses of memcpy() with memmove().
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3697. [bug] Handle "." as a search list element when IDN support
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews is enabled. [RT #35133]
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3696. [bug] dig failed to handle AXFR style IXFR responses which
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews span multiple messages. [RT #35137]
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3695. [bug] Address a possible race in dispatch.c. [RT #35107]
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3694. [bug] Warn when a key-directory is configured for a zone,
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews but does not exist or is not a directory. [RT #35108]
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3693. [security] memcpy was incorrectly called with overlapping
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews ranges resulting in malformed names being generated
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews on some platforms. This could cause INSIST failures
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews when serving NSEC3 signed zones (CVE-2014-0591).
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3692. [bug] Two calls to dns_db_getoriginnode were fatal if there
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews was no data at the node. [RT #35080]
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3691. [contrib] Address null pointer dereference in LDAP and
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews MySQL DLZ modules.
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3690. [bug] Iterative responses could be missed when the source
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews port for an upstream query was the same as the
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews listener port (53). [RT #34925]
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3689. [bug] Fixed a bug causing an insecure delegation from one
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews static-stub zone to another to fail with a broken
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews trust chain. [RT #35081]
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3688. [bug] loadnode could return a freed node on out of memory.
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3687. [bug] Address null pointer dereference in zone_xfrdone.
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3686. [func] "dnssec-signzone -Q" drops signatures from keys
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews that are still published but no longer active.
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3685. [bug] "rndc refresh" didn't work correctly with slave
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff zones using inline-signing. [RT #35105]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington3684. [bug] The list of included files would grow on reload.
99eba32b06d21623b14161bd6543c91201d9cbafAndreas Gustafsson3683. [cleanup] Add a more detailed "not found" message to rndc
7fa388dac3ff85315ced069f657bbebfc0828df8Evan Hunt commands which specify a zone name. [RT #35059]
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3682. [bug] Correct the behavior of rndc retransfer to allow
e223094b2248afa2697c531f75e6f84855638becMichael Graff inline-signing slave zones to retain NSEC3 parameters
e223094b2248afa2697c531f75e6f84855638becMichael Graff instead of reverting to NSEC. [RT #34745]
732e0731dec1922747bb3b3147cf2c3d16b22eaaBob Halley3681. [port] Update the Windows build system to support feature
e223094b2248afa2697c531f75e6f84855638becMichael Graff selection and WIN64 builds. This is a work in
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff progress. [RT #34160]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3680. [bug] Ensure buffer space is available in "rndc zonestatus".
f70336b8c9528cb9e4d4add3553041f0db85a006Brian Wellington3679. [bug] dig could fail to clean up TCP sockets still
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington waiting on connect(). [RT #35074]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington3678. [port] Update config.guess and config.sub. [RT #35060]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3677. [bug] 'nsupdate' leaked memory if 'realm' was used multiple
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews times. [RT #35073]
f1b68725503ff3e46001eee5a1751e29a43a09d1Andreas Gustafsson3676. [bug] "named-checkconf -z" now checks zones of type
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington hint and redirect as well as master. [RT #35046]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff3675. [misc] Provide a place for third parties to add version
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley information for their extensions in the version
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley file by setting the EXTENSIONS variable.
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff --- 9.10.0a1 released ---
e223094b2248afa2697c531f75e6f84855638becMichael Graff3674. [bug] RPZ zeroed ttls if the query type was '*'. [RT #35026]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff3673. [func] New "in-view" zone option allows direct sharing
e223094b2248afa2697c531f75e6f84855638becMichael Graff of zones between views. [RT #32968]
4ce1248f0937485c777af38af02442499effa409Brian Wellington3672. [func] Local address can now be specified when using
4ce1248f0937485c777af38af02442499effa409Brian Wellington dns_client API. [RT #34811]
4ce1248f0937485c777af38af02442499effa409Brian Wellington3671. [bug] Don't allow dnssec-importkey overwrite a existing
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington non-imported private key.
e223094b2248afa2697c531f75e6f84855638becMichael Graff3670. [bug] Address read after free in server side of
e223094b2248afa2697c531f75e6f84855638becMichael Graff lwres_getrrsetbyname. [RT #29075]
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence3669. [port] freebsd: --with-gssapi needs -lhx509. [RT #35001]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3668. [bug] Fix cast in lex.c which could see 0xff treated as eof.
e223094b2248afa2697c531f75e6f84855638becMichael Graff3667. [test] dig: add support to keep the TCP socket open between
e223094b2248afa2697c531f75e6f84855638becMichael Graff successive queries (+[no]keepopen). [RT #34918]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3666. [func] Add a tool, named-rrchecker, for checking the syntax
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff of individual resource records. This tool is intended
e223094b2248afa2697c531f75e6f84855638becMichael Graff to be called by provisioning systems so that the front
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence end does not need to be upgraded to support new DNS
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff record types. [RT #34778]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff3665. [bug] Failure to release lock on error in receive_secure_db.
e223094b2248afa2697c531f75e6f84855638becMichael Graff3664. [bug] Updated OpenSSL PKCS#11 patches to fix active list
e223094b2248afa2697c531f75e6f84855638becMichael Graff locking and other bugs. [RT #34855]
57cf89b149a6c4a9794c24613f9b765e02a54b2fAndreas Gustafsson3663. [bug] Address bugs in dns_rdata_fromstruct and
57cf89b149a6c4a9794c24613f9b765e02a54b2fAndreas Gustafsson dns_rdata_tostruct for WKS and ISDN types. [RT #34910]
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews3662. [bug] 'host' could die if a UDP query timed out. [RT #34870]
43733a83ed92359555c0dcc766e04216ba858309Mark Andrews3661. [bug] Address lock order reversal deadlock with inline zones.
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews3660. [cleanup] Changed the name of "isc-config.sh" to "bind9-config".
e223094b2248afa2697c531f75e6f84855638becMichael Graff3659. [port] solaris: don't add explicit dependencies/rules for
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff python programs as make won't use the implicit rules.
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff3658. [port] linux: Address platform specific compilation issue
991322a2ab96f2e2379e3bf8b2220cf89f494ad9Brian Wellington when libcap-devel is installed. [RT #34838]
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews3657. [port] Some readline clones don't accept NULL pointers when
0e5d6900bdfcbeef8919e6fb453ca6c44f62ccd8Brian Wellington calling add_history. [RT #34842]
6657a9e2d8c039be0bec367cae59a91d77ccaad4Mark Andrews3656. [security] Treat an all zero netmask as invalid when generating
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington the localnets acl. (The prior behavior could
8475bed9de77920f884f1ae296f581efbd1e42f8Mark Andrews allow unexpected matches when using some versions
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff of Winsock: CVE-2013-6320.) [RT #34687]
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews3655. [cleanup] Simplify TCP message processing when requesting a
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews zone transfer. [RT #34825]
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews3654. [bug] Address race condition with manual notify requests.
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews3653. [func] Create delegations for all "children" of empty zones
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews except "forward first". [RT #34826]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff3652. [bug] Address bug with rpz-drop policy. [RT #34816]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff3651. [tuning] Adjust when a master server is deemed unreachable.
bf555703f27295798de30fa8c04d727410788f66Bob Halley3650. [tuning] Use separate rate limiting queues for refresh and
f70336b8c9528cb9e4d4add3553041f0db85a006Brian Wellington notify requests. [RT #30589]
f70336b8c9528cb9e4d4add3553041f0db85a006Brian Wellington3649. [cleanup] Include a comment in .nzf files, giving the name of
f70336b8c9528cb9e4d4add3553041f0db85a006Brian Wellington the associated view. [RT #34765]
8475bed9de77920f884f1ae296f581efbd1e42f8Mark Andrews3648. [test] Updated the ATF test framework to version 0.17.
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley3647. [bug] Address a race condition when shutting down a zone.
bf555703f27295798de30fa8c04d727410788f66Bob Halley3646. [bug] Journal filename string could be set incorrectly,
bf555703f27295798de30fa8c04d727410788f66Bob Halley causing garbage in log messages. [RT #34738]
bf555703f27295798de30fa8c04d727410788f66Bob Halley3645. [protocol] Use case sensitive compression when responding to
bf555703f27295798de30fa8c04d727410788f66Bob Halley queries. [RT #34737]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington3644. [protocol] Check that EDNS subnet client options are well formed.
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley3643. [doc] Clarify RRL "slip" documentation.
1672aaee14415d8ce643ce401b4a29635dfd8fd6Brian Wellington3642. [func] Allow externally generated DNSKEY to be imported
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington into the DNSKEY management framework. A new tool
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington dnssec-importkey is used to do this. [RT #34698]
0e5d6900bdfcbeef8919e6fb453ca6c44f62ccd8Brian Wellington3641. [bug] Handle changes to sig-validity-interval settings
1672aaee14415d8ce643ce401b4a29635dfd8fd6Brian Wellington better. [RT #34625]
c0a868943801d6d5c764ee644a515b1a67d587edMichael Graff3640. [bug] ndots was not being checked when searching. Only
c0a868943801d6d5c764ee644a515b1a67d587edMichael Graff continue searching on NXDOMAIN responses. Add the
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington ability to specify ndots to nslookup. [RT #34711]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington3639. [bug] Treat type 65533 (KEYDATA) as opaque except when used
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington in a key zone. [RT #34238]
0e5d6900bdfcbeef8919e6fb453ca6c44f62ccd8Brian Wellington3638. [cleanup] Add the ability to handle ENOPROTOOPT in case it is
8475bed9de77920f884f1ae296f581efbd1e42f8Mark Andrews encountered. [RT #34668]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3637. [bug] 'allow-query-on' was checking the source address
e223094b2248afa2697c531f75e6f84855638becMichael Graff rather than the destination address. [RT #34590]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3636. [bug] Automatic empty zones now behave better with
e223094b2248afa2697c531f75e6f84855638becMichael Graff forward only "zones" beneath them. [RT #34583]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff3635. [bug] Signatures were not being removed from a zone with
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff only KSK keys for a algorithm. [RT #34439]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff3634. [func] Report build-id in rndc status. Report build-id
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff when building from a git repository. [RT #20422]
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley3633. [cleanup] Refactor OPT processing in named to make it easier
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence to support new EDNS options. [RT #34414]
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley3632. [bug] Signature from newly inactive keys were not being
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley removed. [RT #32178]
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley3631. [bug] Remove spurious warning about missing signatures when
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff qtype is SIG. [RT #34600]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff3630. [bug] Ensure correct ID computation for MD5 keys. [RT #33033]
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews3629. [func] Allow the printing of cryptographic fields in DNSSEC
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews records by dig to be suppressed (dig +nocrypto).
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews3628. [func] Report DNSKEY key id's when dumping the cache.
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews3627. [bug] RPZ changes were not effective on slaves. [RT #34450]
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews3626. [func] dig: NSID output now easier to read. [RT #21160]
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews3625. [bug] Don't send notify messages to machines outside of the
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews3624. [bug] Look for 'json_object_new_int64' when looking for a
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews the json library. [RT #34449]
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews3623. [placeholder]
5059b393e80cda6beffb74f2f30d7329502c41e6Mark Andrews3622. [tuning] Eliminate an unnecessary lock when incrementing
5059b393e80cda6beffb74f2f30d7329502c41e6Mark Andrews cache statistics. [RT #34339]
5059b393e80cda6beffb74f2f30d7329502c41e6Mark Andrews3621. [security] Incorrect bounds checking on private type 'keydata'
5059b393e80cda6beffb74f2f30d7329502c41e6Mark Andrews can lead to a remotely triggerable REQUIRE failure
6657a9e2d8c039be0bec367cae59a91d77ccaad4Mark Andrews (CVE-2013-4854). [RT #34238]
ecb6c5782ea248307e86c4bceac6c371d27576a6David Lawrence3620. [func] Added "rpz-client-ip" policy triggers, enabling
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff RPZ responses to be configured on the basis of
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff the client IP address; this can be used, for
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley example, to blacklist misbehaving recursive
38e8022ace865803bdd609c9763cd7d7ba2818dcMark Andrews or stub resolvers. [RT #33605]
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews3619. [bug] Fixed a bug in RPZ with "recursive-only no;"
8475bed9de77920f884f1ae296f581efbd1e42f8Mark Andrews3618. [func] "rndc reload" now checks modification times of
38e8022ace865803bdd609c9763cd7d7ba2818dcMark Andrews include files as well as master files to determine
38e8022ace865803bdd609c9763cd7d7ba2818dcMark Andrews whether to skip reloading a zone. [RT #33936]
38e8022ace865803bdd609c9763cd7d7ba2818dcMark Andrews3617. [bug] Named was failing to answer queries during
f70336b8c9528cb9e4d4add3553041f0db85a006Brian Wellington "rndc reload" [RT #34098]
8475bed9de77920f884f1ae296f581efbd1e42f8Mark Andrews3616. [bug] Change #3613 was incomplete. [RT #34177]
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington3615. [cleanup] "configure" now finishes by printing a summary
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington of optional BIND features and whether they are
f70336b8c9528cb9e4d4add3553041f0db85a006Brian Wellington active or inactive. ("configure --enable-full-report"
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews increases the verbosity of the summary.) [RT #31777]
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews3614. [port] Check for <linux/types.h>. [RT #34162]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington3613. [bug] named could crash when deleting inline-signing
38e8022ace865803bdd609c9763cd7d7ba2818dcMark Andrews zones with "rndc delzone". [RT #34066]
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley3612. [port] Check whether to use -ljson or -ljson-c. [RT #34115]
36e5ac00333d89001f0c518a7d381d16c38d0402Mark Andrews3611. [bug] Improved resistance to a theoretical authentication
36e5ac00333d89001f0c518a7d381d16c38d0402Mark Andrews attack based on differential timing. [RT #33939]
36e5ac00333d89001f0c518a7d381d16c38d0402Mark Andrews3610. [cleanup] win32: Some executables had been omitted from the
36e5ac00333d89001f0c518a7d381d16c38d0402Mark Andrews installer. [RT #34116]
36e5ac00333d89001f0c518a7d381d16c38d0402Mark Andrews3609. [bug] Corrected a possible deadlock in applications using
36e5ac00333d89001f0c518a7d381d16c38d0402Mark Andrews the export version of the isc_app API. [RT #33967]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff3608. [port] win32: added todos.pl script to ensure all text files
f70336b8c9528cb9e4d4add3553041f0db85a006Brian Wellington the win32 build depends on are converted to DOS
f70336b8c9528cb9e4d4add3553041f0db85a006Brian Wellington newline format. [RT #22067]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff3607. [bug] dnssec-keygen had broken 'Invalid keyfile' error
bf555703f27295798de30fa8c04d727410788f66Bob Halley message. [RT #34045]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington3606. [func] "rndc flushtree" now flushes matching
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington records in the address database and bad cache
f70336b8c9528cb9e4d4add3553041f0db85a006Brian Wellington as well as the DNS cache. (Previously only the
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington DNS cache was flushed.) [RT #33970]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff3605. [port] win32: Addressed several compatibility issues
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff with newer versions of Visual Studio. [RT #33916]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff3604. [bug] Fixed a compile-time error when building with
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff JSON but not XML. [RT #33959]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff3603. [bug] Install <isc/stat.h>. [RT #33956]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff3602. [contrib] Added DLZ Perl module, allowing Perl scripts to
99eba32b06d21623b14161bd6543c91201d9cbafAndreas Gustafsson integrate with named and serve DNS data.
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff (Contributed by John Eaglesham of Yahoo.)
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff3601. [bug] Added to PKCS#11 openssl patches a value len
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff attribute in DH derive key. [RT #33928]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff3600. [cleanup] dig: Fixed a typo in the warning output when receiving
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff an oversized response. [RT #33910]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff3599. [tuning] Check for pointer equivalence in name comparisons.
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff3598. [cleanup] Improved portability of map file code. [RT #33820]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3597. [bug] Ensure automatic-resigning heaps are reconstructed
e223094b2248afa2697c531f75e6f84855638becMichael Graff when loading zones in map format. [RT #33381]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3596. [port] Updated win32 build documentation, added
bf555703f27295798de30fa8c04d727410788f66Bob Halley dnssec-verify. [RT #22067]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff3595. [port] win32: Fix build problems introduced by change #3550.
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff3594. [maint] Update config.guess and config.sub. [RT #33816]
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff3593. [func] Update EDNS processing to better track remote server
f70336b8c9528cb9e4d4add3553041f0db85a006Brian Wellington capabilities. [RT #30655]
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff3592. [doc] Moved documentation of rndc command options to the
186817c92c7bd1a65aa562d73415abee2e79922bMichael Graff rndc man page. [RT #33506]
6657a9e2d8c039be0bec367cae59a91d77ccaad4Mark Andrews3591. [func] Use CRC-64 to detect map file corruption at load
186817c92c7bd1a65aa562d73415abee2e79922bMichael Graff time. [RT #33746]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3590. [bug] When using RRL on recursive servers, defer
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff rate-limiting until after recursion is complete;
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff also, use correct rcode for slipped NXDOMAIN
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff responses. [RT #33604]
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff3589. [func] Report serial numbers in when starting zone transfers.
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff Report accepted NOTIFY requests including serial.
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff3588. [bug] dig: addressed a memory leak in the sigchase code
e223094b2248afa2697c531f75e6f84855638becMichael Graff that could cause a shutdown crash. [RT #33733]
c9cecf7bb509b1c860d0b6deba7fccd85b9feb68Mark Andrews3587. [func] 'named -g' now checks the logging configuration but
c9cecf7bb509b1c860d0b6deba7fccd85b9feb68Mark Andrews does not use it. [RT #33473]
c9cecf7bb509b1c860d0b6deba7fccd85b9feb68Mark Andrews3586. [bug] Handle errors in xmlDocDumpFormatMemoryEnc. [RT #33706]
c9cecf7bb509b1c860d0b6deba7fccd85b9feb68Mark Andrews3585. [func] "rndc delzone -clean" option removes zone files
c9cecf7bb509b1c860d0b6deba7fccd85b9feb68Mark Andrews when deleting a zone. [RT #33570]
c9cecf7bb509b1c860d0b6deba7fccd85b9feb68Mark Andrews3584. [security] Caching data from an incompletely signed zone could
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff trigger an assertion failure in resolver.c
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff (CVE-2013-3919). [RT #33690]
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff3583. [bug] Address memory leak in GSS-API processing [RT #33574]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff3582. [bug] Silence false positive warning regarding missing file
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff directive for inline slave zones. [RT #33662]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff3581. [bug] Changed the tcp-listen-queue default to 10. [RT #33029]
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff3580. [bug] Addressed a possible race in acache.c [RT #33602]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff3579. [maint] Updates to PKCS#11 openssl patches, supporting
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff versions 0.9.8y, 1.0.0k, 1.0.1e [RT #33463]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3578. [bug] 'rndc -c file' now fails if 'file' does not exist.
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff3577. [bug] Handle zero TTL values better. [RT #33411]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3576. [bug] Address a shutdown race when validating. [RT #33573]
1f1d36a87b65186d9f89aac7f456ab1fd2a39ef6Andreas Gustafsson3575. [func] Changed the logging category for RRL events from
1f1d36a87b65186d9f89aac7f456ab1fd2a39ef6Andreas Gustafsson 'queries' to 'query-errors'. [RT #33540]
a8da00ef95ba37b9d071c2b8db1a0c967e060106Mark Andrews3574. [doc] The 'hostname' keyword was missing from server-id
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff description in the named.conf man page. [RT #33476]
f70336b8c9528cb9e4d4add3553041f0db85a006Brian Wellington3573. [bug] "rndc addzone" and "rndc delzone" incorrectly handled
f70336b8c9528cb9e4d4add3553041f0db85a006Brian Wellington zone names containing punctuation marks and other
f70336b8c9528cb9e4d4add3553041f0db85a006Brian Wellington nonstandard characters. [RT #33419]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff3572. [func] Threads are now enabled by default on most
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff operating systems. [RT #25483]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3571. [bug] Address race condition in dns_client_startresolve().
7ab5937e0b0d5d83e6f4eb1e50a4b041fb68df48Bob Halley3570. [bug] Check internal pointers are valid when loading map
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein files. [RT #33403]
7ab5937e0b0d5d83e6f4eb1e50a4b041fb68df48Bob Halley3569. [contrib] Ported mysql DLZ driver to dynamically-loadable
7ab5937e0b0d5d83e6f4eb1e50a4b041fb68df48Bob Halley module, and added multithread support. [RT #33394]
59602a44858a55fce25565491d4fec6d2cdcca19Michael Graff3568. [cleanup] Add a product description line to the version file,
59602a44858a55fce25565491d4fec6d2cdcca19Michael Graff to be reported by named -v/-V. [RT #33366]
59602a44858a55fce25565491d4fec6d2cdcca19Michael Graff3567. [bug] Silence clang static analyzer warnings. [RT #33365]
e223094b2248afa2697c531f75e6f84855638becMichael Graff3566. [func] Log when forwarding updates to master. [RT #33240]
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews3565. [placeholder]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff3564. [bug] Improved handling of corrupted map files. [RT #33380]
f43e5c8ed2e68b7064c909b1fece6d976799b8dbMark Andrews3563. [contrib] zone2sqlite failed with some table names. [RT #33375]
f43e5c8ed2e68b7064c909b1fece6d976799b8dbMark Andrews3562. [func] Update map file header format to include a SHA-1 hash
f43e5c8ed2e68b7064c909b1fece6d976799b8dbMark Andrews of the database content, so that corrupted map files
f43e5c8ed2e68b7064c909b1fece6d976799b8dbMark Andrews can be rejected at load time. [RT #32459]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff3561. [bug] dig: issue a warning if an EDNS query returns FORMERR
f70336b8c9528cb9e4d4add3553041f0db85a006Brian Wellington or NOTIMP. Adjust usage message. [RT #33363]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3560. [bug] isc-config.sh did not honor includedir and libdir
bf555703f27295798de30fa8c04d727410788f66Bob Halley when set via configure. [RT #33345]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff3559. [func] Check that both forms of Sender Policy Framework
21e82177fbe363a28ad79246cd2d236dc65c50f3Brian Wellington records exist or do not exist. [RT #33355]
3d4d93c35b5992bd5c32eb913d258be72f88adf5Andreas Gustafsson3558. [bug] IXFR of a DLZ stored zone was broken. [RT #33331]
7153a32ae99388656620b200e6f4ba6e170a208cMichael Graff3557. [bug] Reloading redirect zones was broken. [RT #33292]
f43e5c8ed2e68b7064c909b1fece6d976799b8dbMark Andrews3556. [maint] Added AAAA for D.ROOT-SERVERS.NET.
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington3555. [bug] Address theoretical race conditions in acache.c
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington (change #3553 was incomplete). [RT #33252]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington3554. [bug] RRL failed to correctly rate-limit upward
5d727330e46c8073703aea7cc0771a456db86829Andreas Gustafsson referrals and failed to count dropped error
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington responses in the statistics. [RT #33225]
c19f322914f380404b613fbb31f5ac2582098f9dMark Andrews3553. [bug] Address suspected double free in acache. [RT #33252]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington3552. [bug] Wrong getopt option string for 'nsupdate -r'.
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington3551. [bug] resolver.querydscp[46] were uninitialized. [RT #32686]
2fa0485e9e969dd42dd10339354d7949db46111aMark Andrews3550. [func] Unified the internal and export versions of the
2fa0485e9e969dd42dd10339354d7949db46111aMark Andrews BIND libraries, allowing external clients to use
2fa0485e9e969dd42dd10339354d7949db46111aMark Andrews the same libraries as BIND. [RT #33131]
2fa0485e9e969dd42dd10339354d7949db46111aMark Andrews3549. [doc] Documentation for "request-nsid" was missing.
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff3548. [bug] The NSID request code in resolver.c was broken
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff resulting in invalid EDNS options being sent.
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3547. [bug] Some malformed unknown rdata records were not properly
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews detected and rejected. [RT #33129]
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3546. [func] Add EUI48 and EUI64 types. [RT #33082]
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3545. [bug] RRL slip behavior was incorrect when set to 1.
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3544. [contrib] check5011.pl: Script to report the status of
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews managed keys as recorded in managed-keys.bind.
2a2618356ecdf5962230fe11606d2b106a638295Tinderbox User Contributed by Tony Finch <dot@dotat.at>
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews3543. [bug] Update socket structure before attaching to socket
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington manager after accept. [RT #33084]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff3542. [placeholder]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff3541. [bug] Parts of libdns were not properly initialized when
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff built in libexport mode. [RT #33028]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff3540. [test] libt_api: t_info and t_assert were not thread safe.
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff3539. [port] win32: timestamp format didn't match other platforms.
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3538. [test] Running "make test" now requires loopback interfaces
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff to be set up. [RT #32452]
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson3537. [tuning] Slave zones, when updated, now send NOTIFY messages
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington to peers before being dumped to disk rather than
f9df80f4348ef68043903efa08299480324f4823Michael Graff after. [RT #27242]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3536. [func] Add support for setting Differentiated Services Code
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff Point (DSCP) values in named. Most configuration
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff options which take a "port" option (e.g.,
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington listen-on, forwarders, also-notify, masters,
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington notify-source, etc) can now also take a "dscp"
c73c1c33ec9569c8f9ffd205b48f044f9b03795bMark Andrews option specifying a code point for use with
f9df80f4348ef68043903efa08299480324f4823Michael Graff outgoing traffic, if supported by the underlying
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley OS. [RT #27596]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff3535. [bug] Minor win32 cleanups. [RT #32962]
d77d08780908c9dc30de7ffd76ca5407f7bf68f2Brian Wellington3534. [bug] Extra text after an embedded NULL was ignored when
c73c1c33ec9569c8f9ffd205b48f044f9b03795bMark Andrews parsing zone files. [RT #32699]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington3533. [contrib] query-loc-0.4.0: memory leaks. [RT #32960]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3532. [contrib] zkt: fixed buffer overrun, resource leaks. [RT #32960]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3531. [bug] win32: A uninitialized value could be returned on out
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence of memory. [RT #32960]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff3530. [contrib] Better RTT tracking in queryperf. [RT #30128]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3529. [func] Named now listens on both IPv4 and IPv6 interfaces
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff by default. Named previously only listened on IPv4
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff interfaces by default unless named was running in
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff IPv6 only mode. [RT #32945]
b02262cbcd550c63f85df76edc6fff556ea5e95dMichael Graff3528. [func] New "dnssec-coverage" command scans the timing
e223094b2248afa2697c531f75e6f84855638becMichael Graff metadata for a set of DNSSEC keys and reports if a
e223094b2248afa2697c531f75e6f84855638becMichael Graff lapse in signing coverage has been scheduled
e223094b2248afa2697c531f75e6f84855638becMichael Graff inadvertently. (Note: This tool depends on python;
e223094b2248afa2697c531f75e6f84855638becMichael Graff it will not be built or installed on systems that
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff do not have a python interpreter.) [RT #28098]
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews3527. [compat] Add a URI to allow applications to explicitly
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley request a particular XML schema from the statistics
d49555e76c5d02943fdd6606113aebf2317390d5Michael Graff channel, returning 404 if not supported. [RT #32481]
d49555e76c5d02943fdd6606113aebf2317390d5Michael Graff3526. [cleanup] Set up dependencies for unit tests correctly during
942d1a339b1fe617f7d17d66cb5fccce798d15aeBrian Wellington build. [RT #32803]
94a08e09db3dc844b6ee4841c368a2d7074a9c3fAndreas Gustafsson3525. [func] Support for additional signing algorithms in rndc:
d49555e76c5d02943fdd6606113aebf2317390d5Michael Graff hmac-sha1, -sha224, -sha256, -sha384, and -sha512.
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington The -A option to rndc-confgen can be used to
c73c1c33ec9569c8f9ffd205b48f044f9b03795bMark Andrews select the algorithm for the generated key.
c73c1c33ec9569c8f9ffd205b48f044f9b03795bMark Andrews (The default is still hmac-md5; this may
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington change in a future release.) [RT #20363]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington3524. [func] Added an alternate statistics channel in JSON format,
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington when the server is built with the json-c library:
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff http://[address]:[port]/json. [RT #32630]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3523. [contrib] Ported filesystem and ldap DLZ drivers to
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff dynamically-loadable modules, and added the
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington "wildcard" module based on a contribution from
c73c1c33ec9569c8f9ffd205b48f044f9b03795bMark Andrews Vadim Goncharov <vgoncharov@nic.ru>. [RT #23569]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington3522. [bug] DLZ lookups could fail to return SERVFAIL when
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington they ought to. [RT #32685]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington3521. [bug] Address memory leak in opensslecdsa_link.c. [RT #32249]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3520. [bug] 'mctx' was not being referenced counted in some places
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff where it should have been. [RT #32794]
c73c1c33ec9569c8f9ffd205b48f044f9b03795bMark Andrews3519. [func] Full replay protection via four-way handshake is
c73c1c33ec9569c8f9ffd205b48f044f9b03795bMark Andrews now mandatory for rndc clients. Very old versions
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington of rndc will no longer work. [RT #32798]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington3518. [bug] Increase the size of dns_rrl_key.s.rtype by one bit
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington so that all dns_rrl_rtype_t enum values fit regardless
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff of whether it is teated as signed or unsigned by
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff the compiler. [RT #32792]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington3517. [bug] Reorder destruction to avoid shutdown race. [RT #32777]
c73c1c33ec9569c8f9ffd205b48f044f9b03795bMark Andrews3516. [placeholder]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington3515. [port] '%T' is not portable in strftime(). [RT #32763]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington3514. [bug] The ranges for valid key sizes in ddns-confgen and
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff rndc-confgen were too constrained. Keys up to 512
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff bits are now allowed for most algorithms, and up
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff to 1024 bits for hmac-sha384 and hmac-sha512.
83c45e69f849a80e21856ceb38b6fc74d4cad7f9Andreas Gustafsson3513. [func] "dig -u" prints times in microseconds rather than
4f39334027e6048e8a0e45030e9f46c2de0d2ecbMichael Graff milliseconds. [RT #32704]
83c45e69f849a80e21856ceb38b6fc74d4cad7f9Andreas Gustafsson3512. [func] "rndc validation check" reports the current status
7d823f705d9d3a8cb4d43fcf11249515e2845364Andreas Gustafsson of DNSSEC validation. [RT #21397]
c73c1c33ec9569c8f9ffd205b48f044f9b03795bMark Andrews3511. [doc] Improve documentation of redirect zones. [RT #32756]
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington3510. [func] "rndc status" and XML statistics channel now report
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington server start and reconfiguration times. [RT #21048]
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington3509. [cleanup] Added a product line to version file to allow for
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington easy naming of different products (BIND
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington vs BIND ESV, for example). [RT #32755]
e851ea826066ac5a5b01c2c23218faa0273a12e8Evan Hunt3508. [contrib] queryperf was incorrectly rejecting the -T option.
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff3507. [bug] Statistics channel XSL had a glitch when attempting
c73c1c33ec9569c8f9ffd205b48f044f9b03795bMark Andrews to chart query data before any queries had been
c73c1c33ec9569c8f9ffd205b48f044f9b03795bMark Andrews received. [RT #32620]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington3506. [func] When setting "max-cache-size" and "max-acache-size",
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff the keyword "unlimited" is no longer defined as equal
f9df80f4348ef68043903efa08299480324f4823Michael Graff to 4 gigabytes (except on 32-bit platforms); it
f9df80f4348ef68043903efa08299480324f4823Michael Graff means literally unlimited. [RT #32358]
e43b9a20054cdda6946ab758e1c2005f2b25641aBrian Wellington3505. [bug] When setting "max-cache-size" and "max-acache-size",
e43b9a20054cdda6946ab758e1c2005f2b25641aBrian Wellington larger values than 4 gigabytes could not be set
e43b9a20054cdda6946ab758e1c2005f2b25641aBrian Wellington explicitly, though larger sizes were available
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff when setting cache size to 0. This has been
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff corrected; the full range is now available.
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff3504. [func] Add support for ACLs based on geographic location,
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff using MaxMind GeoIP databases. Based on code
f9df80f4348ef68043903efa08299480324f4823Michael Graff contributed by Ken Brownfield <kb@slide.com>.
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff3503. [doc] Clarify size_spec syntax. [RT #32449]
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff3502. [func] zone-statistics: "no" is now a synonym for "none",
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff instead of "terse". [RT #29165]
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff3501. [func] zone-statistics now takes three options: full,
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff terse, and none. "yes" and "no" are retained as
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff synonyms for full and terse, respectively. [RT #29165]
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence3500. [security] Support NAPTR regular expression validation on
59c85e163637936c8b28c3ec947618d7a807fe19Brian Wellington all platforms without using libregex, which
59c85e163637936c8b28c3ec947618d7a807fe19Brian Wellington can be vulnerable to memory exhaustion attack
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff (CVE-2013-2266). [RT #32688]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3499. [doc] Corrected ARM documentation of built-in zones.
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff3498. [bug] zone statistics for zones which matched a potential
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff empty zone could have their zone-statistics setting
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff3497. [func] When deleting a slave/stub zone using 'rndc delzone'
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff report the files that were being used so they can
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff be cleaned up if desired. [RT #27899]
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff3496. [placeholder]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence3495. [func] Support multiple response-policy zones (up to 32),
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff while improving RPZ performance. "response-policy"
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff syntax now includes a "min-ns-dots" clause, with
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley default 1, to exclude top-level domains from
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff NSIP and NSDNAME checking. --enable-rpz-nsip and
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff --enable-rpz-nsdname are now the default. [RT #32251]
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff3494. [func] DNS RRL: Blunt the impact of DNS reflection and
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence amplification attacks by rate-limiting substantially-
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff identical responses. [RT #28130]
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff3493. [contrib] Added BDBHPT dynamically-loadable DLZ module,
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff contributed by Mark Goldfinch. [RT #32549]
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence3492. [bug] Fixed a regression in zone loading performance
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff due to lock contention. [RT #30399]
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff3491. [bug] Slave zones using inline-signing must specify a
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff file name. [RT #31946]
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff3490. [bug] When logging RDATA during update, truncate if it's
e851ea826066ac5a5b01c2c23218faa0273a12e8Evan Hunt too long. [RT #32365]
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff3489. [bug] --enable-developer now turns on ISC_LIST_CHECKINIT.
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff dns_dlzcreate() failed to properly initialize
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff dlzdb.link. When cloning a rdataset do not copy
f9df80f4348ef68043903efa08299480324f4823Michael Graff the link contents. [RT #32651]
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley3488. [bug] Use after free error with DH generated keys. [RT #32649]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3487. [bug] Change 3444 was not complete. There was a additional
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley place where the NOQNAME proof needed to be saved.
f9df80f4348ef68043903efa08299480324f4823Michael Graff3486. [bug] named could crash when using TKEY-negotiated keys
f9df80f4348ef68043903efa08299480324f4823Michael Graff that had been deleted and then recreated. [RT #32506]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence3485. [cleanup] Only compile openssl_gostlink.c if we support GOST.
f9df80f4348ef68043903efa08299480324f4823Michael Graff3484. [bug] Some statistics were incorrectly rendered in XML.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3483. [placeholder]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3482. [func] dig +nssearch now prints name servers that don't
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington have address records (missing AAAA or A, or the name
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington doesn't exist). [RT #29348]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3481. [cleanup] Removed use of const const in atf.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff3480. [bug] Silence logging noise when setting up zone
f9df80f4348ef68043903efa08299480324f4823Michael Graff statistics. [RT #32525]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3479. [bug] Address potential memory leaks in gssapi support
c4a9ce445c48a57eed5aa16582b1964cf8cedf87Mark Andrews code. [RT #32405]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3478. [port] Fix a build failure in strict C99 environments
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3477. [func] Expand logging when adding records via DDNS update
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3476. [bug] "rndc zonestatus" could report a spurious "not
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff found" error on inline-signing zones. [RT #29226]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3475. [cleanup] Changed name of 'map' zone file format (previously
c4a9ce445c48a57eed5aa16582b1964cf8cedf87Mark Andrews 'fast'). [RT #32458]
c4a9ce445c48a57eed5aa16582b1964cf8cedf87Mark Andrews3474. [bug] nsupdate could assert when the local and remote
c4a9ce445c48a57eed5aa16582b1964cf8cedf87Mark Andrews address families didn't match. [RT #22897]
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews3473. [bug] dnssec-signzone/verify could incorrectly report
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews an error condition due to an empty node above an
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff opt-out delegation lacking an NSEC3. [RT #32072]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3472. [bug] The active-connections counter in the socket
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff statistics could underflow. [RT #31747]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3471. [bug] The number of UDP dispatches now defaults to
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff the number of CPUs even if -n has been set to
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff a higher value. [RT #30964]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3470. [bug] Slave zones could fail to dump when successfully
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff refreshing after an initial failure. [RT #31276]
d878b8d87c3f46a25ccae9f5cfe6e39af67562e0Evan Hunt3469. [bug] Handle DLZ lookup failures more gracefully. Improve
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt backward compatibility between versions of DLZ dlopen
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt API. [RT #32275]
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt3468. [security] RPZ rules to generate A records (but not AAAA records)
4a61eae6514bfde56f8801ef66f27a8d462bd164Mark Andrews could trigger an assertion failure when used in
4a61eae6514bfde56f8801ef66f27a8d462bd164Mark Andrews conjunction with DNS64 (CVE-2012-5689). [RT #32141]
4a61eae6514bfde56f8801ef66f27a8d462bd164Mark Andrews3467. [bug] Added checks in dnssec-keygen and dnssec-settime
4a61eae6514bfde56f8801ef66f27a8d462bd164Mark Andrews to check for delete date < inactive date. [RT #31719]
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt3466. [contrib] Corrected the DNS_CLIENTINFOMETHODS_VERSION check
4a61eae6514bfde56f8801ef66f27a8d462bd164Mark Andrews in DLZ example driver. [RT #32275]
4a61eae6514bfde56f8801ef66f27a8d462bd164Mark Andrews3465. [bug] Handle isolated reserved ports. [RT #31778]
4a61eae6514bfde56f8801ef66f27a8d462bd164Mark Andrews3464. [maint] Updates to PKCS#11 openssl patches, supporting
4a61eae6514bfde56f8801ef66f27a8d462bd164Mark Andrews versions 0.9.8x, 1.0.0j, 1.0.1c [RT #29749]
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt3463. [doc] Clarify managed-keys syntax in ARM. [RT #32232]
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt3462. [doc] Clarify server selection behavior of dig when using
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt -4 or -6 options. [RT #32181]
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt3461. [bug] Negative responses could incorrectly have AD=1
4a61eae6514bfde56f8801ef66f27a8d462bd164Mark Andrews set. [RT #32237]
4a61eae6514bfde56f8801ef66f27a8d462bd164Mark Andrews3460. [bug] Only link against readline where needed. [RT #29810]
4a61eae6514bfde56f8801ef66f27a8d462bd164Mark Andrews3459. [func] Added -J option to named-checkzone/named-compilezone
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt to specify the path to the journal file. [RT #30958]
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt3458. [bug] Return FORMERR when presented with a overly long
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt domain named in a request. [RT #29682]
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt3457. [protocol] Add ILNP records (NID, LP, L32, L64). [RT #31836]
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt3456. [port] g++47: ATF failed to compile. [RT #32012]
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt3455. [contrib] queryperf: fix getopt option list. [RT #32338]
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt3454. [port] sparc64: improve atomic support. [RT #25182]
700d3cb7895b5da2543282d18735d2176d1aff86Mark Andrews3453. [bug] 'rndc addzone' of a zone with 'inline-signing yes;'
700d3cb7895b5da2543282d18735d2176d1aff86Mark Andrews failed. [RT #31960]
700d3cb7895b5da2543282d18735d2176d1aff86Mark Andrews3452. [bug] Accept duplicate singleton records. [RT #32329]
700d3cb7895b5da2543282d18735d2176d1aff86Mark Andrews3451. [port] Increase per thread stack size from 64K to 1M.
700d3cb7895b5da2543282d18735d2176d1aff86Mark Andrews3450. [bug] Stop logfileconfig system test spam system logs.
700d3cb7895b5da2543282d18735d2176d1aff86Mark Andrews3449. [bug] gen.c: use the pre-processor to construct format
700d3cb7895b5da2543282d18735d2176d1aff86Mark Andrews strings so that compiler can perform sanity checks;
700d3cb7895b5da2543282d18735d2176d1aff86Mark Andrews check the snprintf results. [RT #17576]
700d3cb7895b5da2543282d18735d2176d1aff86Mark Andrews3448. [bug] The allow-query-on ACL was not processed correctly.
700d3cb7895b5da2543282d18735d2176d1aff86Mark Andrews3447. [port] Add support for libxml2-2.9.x [RT #32231]
700d3cb7895b5da2543282d18735d2176d1aff86Mark Andrews3446. [port] win32: Add source ID (see change #3400) to build.
ac9072210cea5283e554f1787876b647a08fda96Mark Andrews3445. [bug] Warn about zone files with blank owner names
ac9072210cea5283e554f1787876b647a08fda96Mark Andrews immediately after $ORIGIN directives. [RT #31848]
ac9072210cea5283e554f1787876b647a08fda96Mark Andrews3444. [bug] The NOQNAME proof was not being returned from cached
ac9072210cea5283e554f1787876b647a08fda96Mark Andrews insecure responses. [RT #21409]
ac9072210cea5283e554f1787876b647a08fda96Mark Andrews3443. [bug] ddns-confgen: Some TSIG algorithms were incorrectly
ac9072210cea5283e554f1787876b647a08fda96Mark Andrews rejected when generating keys. [RT #31927]
a920f559c3689f52731519a9d5169ad5814866edMichael Graff3442. [port] Net::DNS 0.69 introduced a non backwards compatible
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff change. [RT #32216]
a920f559c3689f52731519a9d5169ad5814866edMichael Graff3441. [maint] D.ROOT-SERVERS.NET is now 199.7.91.13.
1d7987f4227c838f7fa790ad57255d3df3332ccaMichael Graff3440. [bug] Reorder get_key_struct to not trigger a assertion when
1d7987f4227c838f7fa790ad57255d3df3332ccaMichael Graff cleaning up due to out of memory error. [RT #32131]
d49555e76c5d02943fdd6606113aebf2317390d5Michael Graff3439. [placeholder]
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews3438. [bug] Don't accept unknown data escape in quotes. [RT #32031]
c4a9ce445c48a57eed5aa16582b1964cf8cedf87Mark Andrews3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialize
a920f559c3689f52731519a9d5169ad5814866edMichael Graff buffers with constant data. [RT #32064]
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff3436. [bug] Check malloc/calloc return values. [RT #32088]
a920f559c3689f52731519a9d5169ad5814866edMichael Graff3435. [bug] Cross compilation support in configure was broken.
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3434. [bug] Pass client info to the DLZ findzone() entry
c4a9ce445c48a57eed5aa16582b1964cf8cedf87Mark Andrews point in addition to lookup(). This makes it
c4a9ce445c48a57eed5aa16582b1964cf8cedf87Mark Andrews possible for a database to answer differently
c4a9ce445c48a57eed5aa16582b1964cf8cedf87Mark Andrews whether it's authoritative for a name depending
c4a9ce445c48a57eed5aa16582b1964cf8cedf87Mark Andrews on the address of the client. [RT #31775]
c4a9ce445c48a57eed5aa16582b1964cf8cedf87Mark Andrews3433. [bug] dlz_findzone() did not correctly handle
c4a9ce445c48a57eed5aa16582b1964cf8cedf87Mark Andrews ISC_R_NOMORE. [RT #31172]
c4a9ce445c48a57eed5aa16582b1964cf8cedf87Mark Andrews3432. [func] Multiple DLZ databases can now be configured.
c4a9ce445c48a57eed5aa16582b1964cf8cedf87Mark Andrews DLZ databases are searched in the order configured,
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff unless set to "search no", in which case a
41cc03374dc7fd58d3b099d6c921f192a7bbb5f7Michael Graff zone can be configured to be retrieved from a
84185d19c7a9ef1ac23cc6236c8773697d4efeb1Brian Wellington particular DLZ database by using a "dlz <name>"
84185d19c7a9ef1ac23cc6236c8773697d4efeb1Brian Wellington option in the zone statement. DLZ databases can
84185d19c7a9ef1ac23cc6236c8773697d4efeb1Brian Wellington support type "master" and "redirect" zones.
1d7987f4227c838f7fa790ad57255d3df3332ccaMichael Graff3431. [bug] ddns-confgen: Some valid key algorithms were
bfbf3f2d770dc093ac5c74d5fd716ac9521e8715Michael Graff not accepted. [RT #31927]
700d3cb7895b5da2543282d18735d2176d1aff86Mark Andrews3430. [bug] win32: isc_time_formatISO8601 was missing the
700d3cb7895b5da2543282d18735d2176d1aff86Mark Andrews 'T' between the date and time. [RT #32044]
bfbf3f2d770dc093ac5c74d5fd716ac9521e8715Michael Graff3429. [bug] dns_zone_getserial2 could a return success without
823e45c1273512a8048cd5e7e57f31f58c964f7fMichael Graff returning a valid serial. [RT #32007]
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews3428. [cleanup] dig: Add timezone to date output. [RT #2269]
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews3427. [bug] dig +trace incorrectly displayed name server
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews addresses instead of names. [RT #31641]
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews3426. [bug] dnssec-checkds: Clearer output when records are not
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews found. [RT #31968]
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews3425. [bug] "acacheentry" reference counting was broken resulting
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews in use after free. [RT #31908]
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews3424. [func] dnssec-dsfromkey now emits the hash without spaces.
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews3423. [bug] "rndc signing -nsec3param" didn't accept the full
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews range of possible values. Address portability issues.
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews3422. [bug] Added a clear error message for when the SOA does not
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews match the referral. [RT #31281]
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews3421. [bug] Named loops when re-signing if all keys are offline.
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews3420. [bug] Address VPATH compilation issues. [RT #31879]
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews3419. [bug] Memory leak on validation cancel. [RT #31869]
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews3418. [func] New XML schema (version 3.0) for the statistics channel
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews adds query type statistics at the zone level, and
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews flattens the XML tree and uses compressed format to
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews optimize parsing. Includes new XSL that permits
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews charting via the Google Charts API on browsers that
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews support javascript in XSL. The old XML schema has been
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews deprecated. [RT #30023]
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews3417. [placeholder]
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews3416. [bug] Named could die on shutdown if running with 128 UDP
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews dispatches per interface. [RT #31743]
9dd2ee95f11de29e358cc01059861e724dbb5807Mark Andrews3415. [bug] named could die with a REQUIRE failure if a validation
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews was canceled. [RT #31804]
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews3414. [bug] Address locking issues found by Coverity. [RT #31626]
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews3413. [func] Record the number of DNS64 AAAA RRsets that have been
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews synthesized. [RT #27636]
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews3412. [bug] Copy timeval structure from control message data.
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews3411. [tuning] Use IPV6_USE_MIN_MTU or equivalent with TCP in addition
e50b75e36ca79f84e2c9b2a12f6e28cbf22aaa83Mark Andrews to UDP. [RT #31690]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3410. [bug] Addressed Coverity warnings. [RT #31626]
b6e9d91ff0621aec03cbc51421408074a0291b1eBrian Wellington3409. [contrib] contrib/dane/mkdane.sh: Tool to generate TLSA RR's
b6e9d91ff0621aec03cbc51421408074a0291b1eBrian Wellington from X.509 certificates, for use with DANE
b6e9d91ff0621aec03cbc51421408074a0291b1eBrian Wellington (DNS-based Authentication of Named Entities).
1d7987f4227c838f7fa790ad57255d3df3332ccaMichael Graff3408. [bug] Some DNSSEC-related options (update-check-ksk,
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff dnssec-loadkeys-interval, dnssec-dnskey-kskonly)
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff are now legal in slave zones as long as
823e45c1273512a8048cd5e7e57f31f58c964f7fMichael Graff inline-signing is in use. [RT #31078]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3407. [placeholder]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3406. [bug] mem.c: Fix compilation errors when building with
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence ISC_MEM_TRACKLINES or ISC_MEMPOOL_NAMES disabled.
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence Also, ISC_MEM_DEBUG is no longer optional. [RT #31559]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3405. [bug] Handle time going backwards in acache. [RT #31253]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence3404. [bug] dnssec-signzone: When re-signing a zone, remove
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff RRSIG and NSEC records from nodes that used to be
c4a9ce445c48a57eed5aa16582b1964cf8cedf87Mark Andrews in-zone but are now below a zone cut. [RT #31556]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3403. [bug] Silence noisy OpenSSL logging. [RT #31497]
d878b8d87c3f46a25ccae9f5cfe6e39af67562e0Evan Hunt3402. [test] The IPv6 interface numbers used for system
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt tests were incorrect on some platforms. [RT #25085]
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt3401. [bug] Addressed Coverity warnings. [RT #31484]
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt3400. [cleanup] "named -V" can now report a source ID string, defined
4a61eae6514bfde56f8801ef66f27a8d462bd164Mark Andrews in the "srcid" file in the build tree and normally set
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt to the most recent git hash. [RT #31494]
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt3399. [port] netbsd: rename 'bool' parameter to avoid namespace
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt clash. [RT #31515]
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt3398. [bug] SOA parameters were not being updated with inline
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt signed zones if the zone was modified while the
c8aa7ce70d75d5d8f28f941e3a522c71e948b166Evan Hunt server was offline. [RT #29272]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3397. [bug] dig crashed when using +nssearch with +tcp. [RT #25298]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3396. [bug] OPT records were incorrectly removed from signed,
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews truncated responses. [RT #31439]
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews3395. [protocol] Add RFC 6598 reverse zones to built in empty zones
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews list, 64.100.IN-ADDR.ARPA ... 127.100.IN-ADDR.ARPA.
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews3394. [bug] Adjust 'successfully validated after lower casing
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews signer' log level and category. [RT #31414]
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews3393. [bug] 'host -C' could core dump if REFUSED was received.
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews3392. [func] Keep statistics on REFUSED responses. [RT #31412]
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson3391. [bug] A DNSKEY lookup that encountered a CNAME failed.
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson3390. [bug] Silence clang compiler warnings. [RT #30417]
84185d19c7a9ef1ac23cc6236c8773697d4efeb1Brian Wellington3389. [bug] Always return NOERROR (not 0) in TSIG. [RT #31275]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3388. [bug] Fixed several Coverity warnings.
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff Note: This change includes a fix for a bug that
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff was subsequently determined to be an exploitable
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff security vulnerability, CVE-2012-5688: named could
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence die on specific queries with dns64 enabled.
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3387. [func] DS digest can be disabled at runtime with
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff disable-ds-digests. [RT #21581]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence3386. [bug] Address locking violation when generating new NSEC /
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence NSEC3 chains. [RT #31224]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence3385. [bug] named-checkconf didn't detect missing master lists
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff in also-notify clauses. [RT #30810]
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews3384. [bug] Improved logging of crypto errors. [RT #30963]
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews3383. [security] A certain combination of records in the RBT could
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews cause named to hang while populating the additional
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews section of a response. [RT #31090]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3382. [bug] SOA query from slave used use-v6-udp-ports range,
e43b9a20054cdda6946ab758e1c2005f2b25641aBrian Wellington if set, regardless of the address family in use.
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3381. [contrib] Update queryperf to support more RR types.
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3380. [bug] named could die if a nonexistent master list was
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff referenced in a also-notify. [RT #31004]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3379. [bug] isc_interval_zero and isc_time_epoch should be
ec772e873bd7f24418049b5b1b5d7c44ff781356Brian Wellington "const (type)* const". [RT #31069]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3378. [bug] Handle missing 'managed-keys-directory' better.
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3377. [bug] Removed spurious newline from NSEC3 multiline
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff output. [RT #31044]
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews3376. [bug] Lack of EDNS support was being recorded without a
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff successful response. [RT #30811]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence3375. [bug] 'rndc dumpdb' failed on empty caches. [RT #30808]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff3374. [bug] isc_parse_uint32 failed to return a range error on
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff systems with 64 bit longs. [RT #30232]
1d7987f4227c838f7fa790ad57255d3df3332ccaMichael Graff3373. [bug] win32: open raw files in binary mode. [RT #30944]
1d7987f4227c838f7fa790ad57255d3df3332ccaMichael Graff3372. [bug] Silence spurious "deleted from unreachable cache"
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff messages. [RT #30501]
bfbf3f2d770dc093ac5c74d5fd716ac9521e8715Michael Graff3371. [bug] AD=1 should behave like DO=1 when deciding whether to
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff add NS RRsets to the additional section or not.
f9df80f4348ef68043903efa08299480324f4823Michael Graff3370. [bug] Address use after free while shutting down. [RT #30241]
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington3369. [bug] nsupdate terminated unexpectedly in interactive mode
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence if built with readline support. [RT #29550]
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington3368. [bug] <dns/iptable.h>, <dns/private.h> and <dns/zone.h>
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff were not C++ safe.
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington3367. [bug] dns_dnsseckey_create() result was not being checked.
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington3366. [bug] Fixed Read-After-Write dependency violation for IA64
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff atomic operations. [RT #25181]
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff3365. [bug] Removed spurious newlines from log messages in
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3364. [security] Named could die on specially crafted record.
c866769e664ba0a6a5e6f9375245f5ccca393009David Lawrence3363. [bug] Need to allow "forward" and "fowarders" options
c866769e664ba0a6a5e6f9375245f5ccca393009David Lawrence in static-stub zones; this had been overlooked.
c866769e664ba0a6a5e6f9375245f5ccca393009David Lawrence3362. [bug] Setting some option values to 0 in named.conf
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington could trigger an assertion failure on startup.
c866769e664ba0a6a5e6f9375245f5ccca393009David Lawrence3361. [bug] "rndc signing -nsec3param" didn't work correctly
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence when salt was set to '-' (no salt). [RT #30099]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence3360. [bug] 'host -w' could die. [RT #18723]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence3359. [bug] An improperly-formed TSIG secret could cause a
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington memory leak. [RT #30607]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff3358. [placeholder]
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington3357. [port] Add support for libxml2-2.8.x [RT #30440]
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington3356. [bug] Cap the TTL of signed RRsets when RRSIGs are
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley approaching their expiry, so they don't remain
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington in caches after expiry. [RT #26429]
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington3355. [port] Use more portable awk in verify system test.
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3354. [func] Improve OpenSSL error logging. [RT #29932]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3353. [bug] Use a single task for task exclusive operations.
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3352. [bug] Ensure that learned server attributes timeout of the
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley adb cache. [RT #29856]
0fbd29837a5911e0f0a83fca93aa4453200a8ccfMark Andrews3351. [bug] isc_mem_put and isc_mem_putanddetach didn't report
0fbd29837a5911e0f0a83fca93aa4453200a8ccfMark Andrews caller if either ISC_MEM_DEBUGSIZE or ISC_MEM_DEBUGCTX
0fbd29837a5911e0f0a83fca93aa4453200a8ccfMark Andrews memory debugging flags are set. [RT #30243]
0fbd29837a5911e0f0a83fca93aa4453200a8ccfMark Andrews3350. [bug] Memory read overrun in isc___mem_reallocate if
0fbd29837a5911e0f0a83fca93aa4453200a8ccfMark Andrews ISC_MEM_DEBUGCTX memory debugging flag is set.
0fbd29837a5911e0f0a83fca93aa4453200a8ccfMark Andrews3349. [bug] Change #3345 was incomplete. [RT #30233]
0fbd29837a5911e0f0a83fca93aa4453200a8ccfMark Andrews3348. [bug] Prevent RRSIG data from being cached if a negative
0fbd29837a5911e0f0a83fca93aa4453200a8ccfMark Andrews record matching the covering type exists at a higher
0fbd29837a5911e0f0a83fca93aa4453200a8ccfMark Andrews trust level. Such data already can't be retrieved from
0fbd29837a5911e0f0a83fca93aa4453200a8ccfMark Andrews the cache since change 3218 -- this prevents it
0fbd29837a5911e0f0a83fca93aa4453200a8ccfMark Andrews being inserted into the cache as well. [RT #26809]
0fbd29837a5911e0f0a83fca93aa4453200a8ccfMark Andrews3347. [bug] dnssec-settime: Issue a warning when writing a new
0fbd29837a5911e0f0a83fca93aa4453200a8ccfMark Andrews private key file would cause a change in the
0fbd29837a5911e0f0a83fca93aa4453200a8ccfMark Andrews permissions of the existing file. [RT #27724]
0fbd29837a5911e0f0a83fca93aa4453200a8ccfMark Andrews3346. [security] Bad-cache data could be used before it was
0fbd29837a5911e0f0a83fca93aa4453200a8ccfMark Andrews initialized, causing an assert. [RT #30025]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3345. [bug] Addressed race condition when removing the last item
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley or inserting the first item in an ISC_QUEUE.
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley3344. [func] New "dnssec-checkds" command checks a zone to
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley determine which DS records should be published
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley in the parent zone, or which DLV records should be
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley published in a DLV zone, and queries the DNS to
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley ensure that it exists. (Note: This tool depends
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley on python; it will not be built or installed on
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley systems that do not have a python interpreter.)
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3343. [placeholder]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3342. [bug] Change #3314 broke saving of stub zones to disk
700d3cb7895b5da2543282d18735d2176d1aff86Mark Andrews resulting in excessive cpu usage in some cases.
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3341. [func] New "dnssec-verify" command checks a signed zone
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley to ensure correctness of signatures and of NSEC/NSEC3
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley chains. [RT #23673]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington3340. [func] Added new 'map' zone file format, which is an image
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington of a zone database that can be loaded directly into
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington memory via mmap(), allowing much faster zone loading.
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington (Note: Because of pointer sizes and other
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington considerations, this file format is platform-dependent;
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington 'map' zone files cannot always be transferred from one
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington server to another.) [RT #25419]
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington3339. [func] Allow the maximum supported rsa exponent size to be
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington specified: "max-rsa-exponent-size <value>;" [RT #29228]
700d3cb7895b5da2543282d18735d2176d1aff86Mark Andrews3338. [bug] Address race condition in units tests: asyncload_zone
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington and asyncload_zt. [RT #26100]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington3337. [bug] Change #3294 broke support for the multiple keys
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington in controls. [RT #29694]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington3336. [func] Maintain statistics for RRsets tagged as "stale".
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington3335. [func] nslookup: return a nonzero exit code when unable
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington to get an answer. [RT #29492]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington3334. [bug] Hold a zone table reference while performing a
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff asynchronous load of a zone. [RT #28326]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington3333. [bug] Setting resolver-query-timeout too low can cause
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington named to not recover if it loses connectivity.
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington3332. [bug] Re-use cached DS rrsets if possible. [RT #29446]
700d3cb7895b5da2543282d18735d2176d1aff86Mark Andrews3331. [security] dns_rdataslab_fromrdataset could produce bad
700d3cb7895b5da2543282d18735d2176d1aff86Mark Andrews rdataslabs. [RT #29644]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington3330. [func] Fix missing signatures on NOERROR results despite
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington RPZ rewriting. Also
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington - add optional "recursive-only yes|no" to the
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington response-policy statement
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence - add optional "max-policy-ttl" to the response-policy
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence statement to limit the false data that
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington "recursive-only no" can introduce into
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington resolvers' caches
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff - add a RPZ performance test to bin/tests/system/rpz
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff when queryperf is available.
f9df80f4348ef68043903efa08299480324f4823Michael Graff - the encoding of PASSTHRU action to "rpz-passthru".
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff (The old encoding is still accepted.)
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence3329. [bug] Handle RRSIG signer-name case consistently: We
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley generate RRSIG records with the signer-name in
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley lower case. We accept them with any case, but if
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley they fail to validate, we try again in lower case.
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley3328. [bug] Fixed inconsistent data checking in dst_parse.c.
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley3327. [func] Added 'filter-aaaa-on-v6' option; this is similar
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley to 'filter-aaaa-on-v4' but applies to IPv6
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley connections. (Use "configure --enable-filter-aaaa"
acb0311b113e3729dd1ac78dd14c51dc2c010393Mark Andrews to enable this option.) [RT #27308]
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley3326. [func] Added task list statistics: task model, worker
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley threads, quantum, tasks running, tasks ready.
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley3325. [func] Report cache statistics: memory use, number of
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley nodes, number of hash buckets, hit and miss counts.
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley3324. [test] Add better tests for ADB stats [RT #27057]
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley3323. [func] Report the number of buckets the resolver is using.
94baac869a70b529a24ff23d8dc899faa5d4fdc4Brian Wellington3322. [func] Monitor the number of active TCP and UDP dispatches.
94baac869a70b529a24ff23d8dc899faa5d4fdc4Brian Wellington3321. [func] Monitor the number of recursive fetches and the
94baac869a70b529a24ff23d8dc899faa5d4fdc4Brian Wellington number of open sockets, and report these values in
94baac869a70b529a24ff23d8dc899faa5d4fdc4Brian Wellington the statistics channel. [RT #27054]
94baac869a70b529a24ff23d8dc899faa5d4fdc4Brian Wellington3320. [func] Added support for monitoring of recursing client
94baac869a70b529a24ff23d8dc899faa5d4fdc4Brian Wellington count. [RT #27009]
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley3319. [func] Added support for monitoring of ADB entry count and
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley hash size. [RT #27057]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence3318. [tuning] Reduce the amount of work performed while holding a
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley bucket lock when finished with a fetch context.
f9df80f4348ef68043903efa08299480324f4823Michael Graff3317. [func] Add ECDSA support (RFC 6605). [RT #21918]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3316. [tuning] Improved locking performance when recursing.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff3315. [tuning] Use multiple dispatch objects for sending upstream
f9df80f4348ef68043903efa08299480324f4823Michael Graff queries; this can improve performance on busy
f9df80f4348ef68043903efa08299480324f4823Michael Graff multiprocessor systems by reducing lock contention.
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3314. [bug] The masters list could be updated while stub_callback
f9df80f4348ef68043903efa08299480324f4823Michael Graff or refresh_callback were using it. [RT #26732]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3313. [protocol] Add TLSA record type. [RT #28989]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3312. [bug] named-checkconf didn't detect a bad dns64 clients acl.
f9df80f4348ef68043903efa08299480324f4823Michael Graff3311. [bug] Abort the zone dump if zone->db is NULL in
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff zone.c:zone_gotwritehandle. [RT #29028]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3310. [test] Increase table size for mutex profiling. [RT #28809]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3309. [bug] resolver.c:fctx_finddone() was not thread safe.
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3308. [placeholder]
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff3307. [bug] Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS.
f9df80f4348ef68043903efa08299480324f4823Michael Graff3306. [bug] Improve DNS64 reverse zone performance. [RT #28563]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3305. [func] Add wire format lookup method to sdb. [RT #28563]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3304. [bug] Use hmctx, not mctx when freeing rbtdb->heaps.
732e0731dec1922747bb3b3147cf2c3d16b22eaaBob Halley3303. [bug] named could die when reloading. [RT #28606]
ded7456a4dc944742c4a98cbf7b055b860b7569cMichael Graff3302. [bug] dns_dnssec_findmatchingkeys could fail to find
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff keys if the zone name contained character that
f9df80f4348ef68043903efa08299480324f4823Michael Graff required special mappings. [RT #28600]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3301. [contrib] Update queryperf to build on darwin. Add -R flag
f9df80f4348ef68043903efa08299480324f4823Michael Graff for non-recursive queries. [RT #28565]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3300. [bug] Named could die if gssapi was enabled in named.conf
f9df80f4348ef68043903efa08299480324f4823Michael Graff but was not compiled in. [RT #28338]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3299. [bug] Make SDB handle errors from database drivers better.
9da98335c185c39591150ccb4e307adc4cea44bcMukund Sivaraman3298. [bug] Named could dereference a NULL pointer in
f9df80f4348ef68043903efa08299480324f4823Michael Graff zmgr_start_xfrin_ifquota if the zone was being removed.
9da98335c185c39591150ccb4e307adc4cea44bcMukund Sivaraman3297. [bug] Named could die on a malformed master file. [RT #28467]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3296. [bug] Named could die with a INSIST failure in
99eba32b06d21623b14161bd6543c91201d9cbafAndreas Gustafsson client.c:exit_check. [RT #28346]
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson3295. [bug] Adjust isc_time_secondsastimet range check to be more
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff portable. [RT # 26542]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff3294. [bug] isccc/cc.c:table_fromwire failed to free alist on
ded7456a4dc944742c4a98cbf7b055b860b7569cMichael Graff error. [RT #28265]
ded7456a4dc944742c4a98cbf7b055b860b7569cMichael Graff3293. [func] nsupdate: list supported type. [RT #28261]
ded7456a4dc944742c4a98cbf7b055b860b7569cMichael Graff3292. [func] Log messages in the axfr stream at debug 10.
ded7456a4dc944742c4a98cbf7b055b860b7569cMichael Graff3291. [port] Fixed a build error on systems without ENOTSUP.
ded7456a4dc944742c4a98cbf7b055b860b7569cMichael Graff3290. [bug] <isc/hmacsha.h> was not being installed. [RT #28169]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff3289. [bug] 'rndc retransfer' failed for inline zones. [RT #28036]
a920f559c3689f52731519a9d5169ad5814866edMichael Graff3288. [bug] dlz_destroy() function wasn't correctly registered
ded7456a4dc944742c4a98cbf7b055b860b7569cMichael Graff by the DLZ dlopen driver. [RT #28056]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3287. [port] Update ans.pl to work with Net::DNS 0.68. [RT #28028]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3286. [bug] Managed key maintenance timer could fail to start
f9df80f4348ef68043903efa08299480324f4823Michael Graff after 'rndc reconfig'. [RT #26786]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3285. [bug] val-frdataset was incorrectly disassociated in
f9df80f4348ef68043903efa08299480324f4823Michael Graff proveunsecure after calling startfinddlvsep.
f9df80f4348ef68043903efa08299480324f4823Michael Graff3284. [bug] Address race conditions with the handling of
f9df80f4348ef68043903efa08299480324f4823Michael Graff3283. [bug] Raw zones with with more than 512 records in a RRset
f9df80f4348ef68043903efa08299480324f4823Michael Graff failed to load. [RT #27863]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3282. [bug] Restrict the TTL of NS RRset to no more than that
f9df80f4348ef68043903efa08299480324f4823Michael Graff of the old NS RRset when replacing it.
f9df80f4348ef68043903efa08299480324f4823Michael Graff [RT #27792] [RT #27884]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3281. [bug] SOA refresh queries could be treated as cancelled
f9df80f4348ef68043903efa08299480324f4823Michael Graff despite succeeding over the loopback interface.
f9df80f4348ef68043903efa08299480324f4823Michael Graff3280. [bug] Potential double free of a rdataset on out of memory
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff with DNS64. [RT #27762]
f9df80f4348ef68043903efa08299480324f4823Michael Graff3279. [bug] Hold a internal reference to the zone while performing
f9df80f4348ef68043903efa08299480324f4823Michael Graff a asynchronous load. Address potential memory leak
f9df80f4348ef68043903efa08299480324f4823Michael Graff if the asynchronous is cancelled. [RT #27750]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff3278. [bug] Make sure automatic key maintenance is started
f27eae9cfeb5b6c3c38ead6a7a0b1dd36bba691dMark Andrews when "auto-dnssec maintain" is turned on during
f27eae9cfeb5b6c3c38ead6a7a0b1dd36bba691dMark Andrews "rndc reconfig". [RT #26805]
f27eae9cfeb5b6c3c38ead6a7a0b1dd36bba691dMark Andrews3277. [bug] win32: isc_socket_dup is not implemented. [RT #27696]
f27eae9cfeb5b6c3c38ead6a7a0b1dd36bba691dMark Andrews3276. [bug] win32: ns_os_openfile failed to return NULL on
f27eae9cfeb5b6c3c38ead6a7a0b1dd36bba691dMark Andrews safe_open failure. [RT #27696]
f27eae9cfeb5b6c3c38ead6a7a0b1dd36bba691dMark Andrews3275. [bug] Corrected rndc -h output; the 'rndc sync -clean'
f27eae9cfeb5b6c3c38ead6a7a0b1dd36bba691dMark Andrews option had been misspelled as '-clear'. (To avoid
f27eae9cfeb5b6c3c38ead6a7a0b1dd36bba691dMark Andrews future confusion, both options now work.) [RT #27173]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff3274. [placeholder]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3273. [bug] AAAA responses could be returned in the additional
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff section even when filter-aaaa-on-v4 was in use.
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff3272. [func] New "rndc zonestatus" command prints information
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff about the specified zone. [RT #21671]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff3271. [port] darwin: mksymtbl is not always stable, loop several
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff times before giving up. mksymtbl was using non
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff portable perl to covert 64 bit hex strings. [RT #27653]
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington --- 9.9.0rc2 released ---
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff3270. [bug] "rndc reload" didn't reuse existing zones correctly
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington when inline-signing was in use. [RT #27650]
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3269. [port] darwin 11 and later now built threaded by default.
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3268. [bug] Convert RRSIG expiry times to 64 timestamps to work
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington out the earliest expiry time. [RT #23311]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff3267. [bug] Memory allocation failures could be mis-reported as
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff unexpected error. New ISC_R_UNSET result code.
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3266. [bug] The maximum number of NSEC3 iterations for a
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff DNSKEY RRset was not being properly computed.
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff3265. [bug] Corrected a problem with lock ordering in the
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff inline-signing code. [RT #27557]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff3264. [bug] Automatic regeneration of signatures in an
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff inline-signing zone could stall when the server
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff was restarted. [RT #27344]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence3263. [bug] "rndc sync" did not affect the unsigned side of an
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley inline-signing zone. [RT #27337]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff3262. [bug] Signed responses were handled incorrectly by RPZ.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff3261. [func] RRset ordering now defaults to random. [RT #27174]
499371d17c34a5770af022f4aa15e764e957a803Michael Graff3260. [bug] "rrset-order cyclic" could appear not to rotate
499371d17c34a5770af022f4aa15e764e957a803Michael Graff for some query patterns. [RT #27170/27185]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff --- 9.9.0rc1 released ---
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff3259. [bug] named-compilezone: Suppress "dump zone to <file>"
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence message when writing to stdout. [RT #27109]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff3258. [test] Add "forcing full sign with unreadable keys" test.
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff3257. [bug] Do not generate a error message when calling fsync()
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff in a pipe or socket. [RT #27109]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff3256. [bug] Disable empty zones for lwresd -C. [RT #27139]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff3255. [func] No longer require that a empty zones be explicitly
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington enabled or that a empty zone is disabled for
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington RFC 1918 empty zones to be configured. [RT #27139]
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3254. [bug] Set isc_socket_ipv6only() on the IPv6 control channels.
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3253. [bug] Return DNS_R_SYNTAX when the input to a text field is
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington too long. [RT #26956]
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington3252. [bug] When master zones using inline-signing were
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington updated while the server was offline, the source
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff zone could fall out of sync with the signed
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence copy. They can now resynchronize. [RT #26676]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff3251. [bug] Enforce a upper bound (65535 bytes) on the amount of
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff memory dns_sdlz_putrr() can allocate per record to
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff prevent run away memory consumption on ISC_R_NOSPACE.
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff3250. [func] 'configure --enable-developer'; turn on various
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff configure options, normally off by default, that
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence we want developers to build and test with. [RT #27103]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff3249. [bug] Update log message when saving slave zones files for
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff analysis after load failures. [RT #27087]
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff3248. [bug] Configure options --enable-fixed-rrset and
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff --enable-exportlib were incompatible with each
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff other. [RT #27087]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff3247. [bug] 'raw' format zones failed to preserve load order
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence breaking 'fixed' sort order. [RT #27087]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff3246. [bug] Named failed to start with a empty also-notify list.
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff3245. [bug] Don't report a error unchanged serials unless there
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff were other changes when thawing a zone with
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff ixfr-fromdifferences. [RT #26845]
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff3244. [func] Added readline support to nslookup and nsupdate.
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff Also simplified nsupdate syntax to make "update"
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff and "prereq" optional. [RT #24659]
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff3243. [port] freebsd,netbsd,bsdi: the thread defaults were not
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff being properly set.
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff3242. [func] Extended the header of raw-format master files to
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff include the serial number of the zone from which
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff they were generated, if different (as in the case
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff of inline-signing zones). This is to be used in
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff inline-signing zones, to track changes between the
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence unsigned and signed versions of the zone, which may
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff have different serial numbers.
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff (Note: raw zonefiles generated by this version of
5039f2cad30410b47330c14c0d7ce4ca493a8712Michael Graff BIND are no longer compatible with prior versions.
5039f2cad30410b47330c14c0d7ce4ca493a8712Michael Graff To generate a backward-compatible raw zonefile
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff using dnssec-signzone or named-compilezone, specify
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff output format "raw=0" instead of simply "raw".)
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff3241. [bug] Address race conditions in the resolver code.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff3240. [bug] DNSKEY state change events could be missed. [RT #26874]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3239. [bug] dns_dnssec_findmatchingkeys needs to use a consistent
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff timestamp. [RT #26883]
1acfed3dac1e02f4cbac811a06147377ecfac4c4Mark Andrews3238. [bug] keyrdata was not being reinitialized in
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington lib/dns/rbtdb.c:iszonesecure. [RT #26913]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3237. [bug] dig -6 didn't work with +trace. [RT #26906]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3236. [bug] Backed out changes #3182 and #3202, related to
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley EDNS(0) fallback behavior. [RT #26416]
271154eafd1111455030abc2997120228be55ef9Mark Andrews3235. [func] dns_db_diffx, a extended dns_db_diff which returns
271154eafd1111455030abc2997120228be55ef9Mark Andrews the generated diff and optionally writes it to a
a6ebd71eed266a08850b5300c2effb18bdb87c8cBob Halley journal. [RT #26386]
1acfed3dac1e02f4cbac811a06147377ecfac4c4Mark Andrews3234. [bug] 'make depend' produced invalid makefiles. [RT #26830]
a6ebd71eed266a08850b5300c2effb18bdb87c8cBob Halley3233. [bug] 'rndc freeze/thaw' didn't work for inline zones.
a6ebd71eed266a08850b5300c2effb18bdb87c8cBob Halley3232. [bug] Zero zone->curmaster before return in
1acfed3dac1e02f4cbac811a06147377ecfac4c4Mark Andrews dns_zone_setmasterswithkeys(). [RT #26732]
1acfed3dac1e02f4cbac811a06147377ecfac4c4Mark Andrews3231. [bug] named could fail to send a incompressible zone.
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3230. [bug] 'dig axfr' failed to properly handle a multi-message
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley axfr with a serial of 0. [RT #26796]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3229. [bug] Fix local variable to struct var assignment
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley found by CLANG warning.
348d80fb8490f4547aaa569e5f7ea2a032543bacMark Andrews3228. [tuning] Dynamically grow symbol table to improve zone
348d80fb8490f4547aaa569e5f7ea2a032543bacMark Andrews loading performance. [RT #26523]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley3227. [bug] Interim fix to make WKS's use of getprotobyname()
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley and getservbyname() self thread safe. [RT #26232]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3226. [bug] Address minor resource leakages. [RT #26624]
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington3225. [bug] Silence spurious "setsockopt(517, IPV6_V6ONLY) failed"
230aff0eac2d6694c6ca5925b663789e68f267c9Brian Wellington messages. [RT #26507]
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington3224. [bug] 'rndc signing' argument parsing was broken. [RT #26684]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3223. [bug] 'task_test privilege_drop' generated false positives.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3222. [cleanup] Replace dns_journal_{get,set}_bitws with
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington dns_journal_{get,set}_sourceserial. [RT #26634]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3221. [bug] Fixed a potential core dump on shutdown due to
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington referencing fetch context after it's been freed.
8d6fe3f38895752e3603cf2e1e9a0446b38f20cfBrian Wellington --- 9.9.0b2 released ---
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington3220. [bug] Change #3186 was incomplete; dns_db_rpz_findips()
8d6fe3f38895752e3603cf2e1e9a0446b38f20cfBrian Wellington could fail to set the database version correctly,
8d6fe3f38895752e3603cf2e1e9a0446b38f20cfBrian Wellington causing an assertion failure. [RT #26180]
5c688a008a28f215cd772377774e6a1ed07d0525Brian Wellington3219. [bug] Disable NOEDNS caching following a timeout.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff3218. [security] Cache lookup could return RRSIG data associated with
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley nonexistent records, leading to an assertion
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley failure. [RT #26590]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3217. [cleanup] Fix build problem with --disable-static. [RT #26476]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3215. [bug] 'rndc recursing' could cause a core dump. [RT #26495]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3214. [func] Add 'named -U' option to set the number of UDP
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence listener threads per interface. [RT #26485]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3213. [doc] Clarify ixfr-from-differences behavior. [RT #25188]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff3212. [bug] rbtdb.c: failed to remove a node from the deadnodes
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley list prior to adding a reference to it leading a
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff possible assertion failure. [RT #23219]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3211. [func] dnssec-signzone: "-f -" prints to stdout; "-O full"
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley option prints in single-line-per-record format.
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3210. [bug] Canceling the oldest query due to recursive-client
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley overload could trigger an assertion failure. [RT #26463]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3209. [func] Add "dnssec-lookaside 'no'". [RT #24858]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3208. [bug] 'dig -y' handle unknown tsig algorithm better.
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3207. [contrib] Fixed build error in Berkeley DB DLZ module. [RT #26444]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3206. [cleanup] Add ISC information to log at start time. [RT #25484]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3205. [func] Upgrade dig's defaults to better reflect modern
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley nameserver behavior. Enable "dig +adflag" and
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley "dig +edns=0" by default. Enable "+dnssec" when
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley running "dig +trace". [RT #23497]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3204. [bug] When a master server that has been marked as
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley unreachable sends a NOTIFY, mark it reachable
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley again. [RT #25960]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3203. [bug] Increase log level to 'info' for validation failures
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley from expired or not-yet-valid RRSIGs. [RT #21796]
1dd8ee4fd5b55752a5003671ddd3b0fd8482faadAndreas Gustafsson3202. [bug] NOEDNS caching on timeout was too aggressive.
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley3201. [func] 'rndc querylog' can now be given an on/off parameter
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley instead of only being used as a toggle. [RT #18351]
1dd8ee4fd5b55752a5003671ddd3b0fd8482faadAndreas Gustafsson3200. [doc] Some rndc functions were undocumented or were
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley missing from 'rndc -h' output. [RT #25555]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley3199. [func] When logging client information, include the name
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley being queried. [RT #25944]
1dd8ee4fd5b55752a5003671ddd3b0fd8482faadAndreas Gustafsson3198. [doc] Clarified that dnssec-settime can alter keyfile
1dd8ee4fd5b55752a5003671ddd3b0fd8482faadAndreas Gustafsson permissions. [RT #24866]
1dd8ee4fd5b55752a5003671ddd3b0fd8482faadAndreas Gustafsson3197. [bug] Don't try to log the filename and line number when
1dd8ee4fd5b55752a5003671ddd3b0fd8482faadAndreas Gustafsson the config parser can't open a file. [RT #22263]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff3196. [bug] nsupdate: return nonzero exit code when target zone
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington doesn't exist. [RT #25783]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington3195. [cleanup] Silence "file not found" warnings when loading
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington managed-keys zone. [RT #26340]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington3194. [doc] Updated RFC references in the 'empty-zones-enable'
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington documentation. [RT #25203]
7a97b7630fb5e43b64152db587b64b21ff8d5d51Brian Wellington3193. [cleanup] Changed MAXZONEKEYS to DNS_MAXZONEKEYS, moved to
7a97b7630fb5e43b64152db587b64b21ff8d5d51Brian Wellington3192. [bug] A query structure could be used after being freed.
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington3191. [bug] Print NULL records using "unknown" format. [RT #26392]
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington3190. [bug] Underflow in error handling in isc_mutexblock_init.
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington3189. [test] Added a summary report after system tests. [RT #25517]
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington3188. [bug] zone.c:zone_refreshkeys() could fail to detach
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington references correctly when errors occurred, causing
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington a hang on shutdown. [RT #26372]
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington3187. [port] win32: support for Visual Studio 2008. [RT #26356]
5a680f4170ba77be1e31cf1fc40ab43856919078Mark Andrews --- 9.9.0b1 released ---
5a680f4170ba77be1e31cf1fc40ab43856919078Mark Andrews3186. [bug] Version/db mis-match in rpz code. [RT #26180]
5a680f4170ba77be1e31cf1fc40ab43856919078Mark Andrews3185. [func] New 'rndc signing' option for auto-dnssec zones:
5a680f4170ba77be1e31cf1fc40ab43856919078Mark Andrews - 'rndc signing -list' displays the current
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington state of signing operations
97527fc03cdb061759e2c9529c670ac1c190ef84Brian Wellington - 'rndc signing -clear' clears the signing state
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington records for keys that have fully signed the zone
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington - 'rndc signing -nsec3param' sets the NSEC3
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington parameters for the zone
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington The 'rndc keydone' syntax is removed. [RT #23729]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3184. [bug] named had excessive cpu usage when a redirect zone was
97527fc03cdb061759e2c9529c670ac1c190ef84Brian Wellington configured. [RT #26013]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3183. [bug] Added RTLD_GLOBAL flag to dlopen call. [RT #26301]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3182. [bug] Auth servers behind firewalls which block packets
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington greater than 512 bytes may cause other servers to
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington perform poorly. Now, adb retains edns information
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington and caches noedns servers. [RT #23392/24964]
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington3181. [func] Inline-signing is now supported for master zones.
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington3180. [func] Local copies of slave zones are now saved in raw
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington format by default, to improve startup performance.
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington 'masterfile-format text;' can be used to override
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington the default, if desired. [RT #25867]
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington3179. [port] kfreebsd: build issues. [RT #26273]
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington3178. [bug] A race condition introduced by change #3163 could
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington cause an assertion failure on shutdown. [RT #26271]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3177. [func] 'rndc keydone', remove the indicator record that
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington named has finished signing the zone with the
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington corresponding key. [RT #26206]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3176. [doc] Corrected example code and added a README to the
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington sample external DLZ module in contrib/dlz/example.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3175. [bug] Fix how DNSSEC positive wildcard responses from a
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington NSEC3 signed zone are validated. Stop sending a
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington unnecessary NSEC3 record when generating such
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington responses. [RT #26200]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3174. [bug] Always compute to revoked key tag from scratch.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3173. [port] Correctly validate root DS responses. [RT #25726]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3172. [port] darwin 10.* and freebsd [89] are now built threaded by
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3171. [bug] Exclusively lock the task when adding a zone using
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington 'rndc addzone'. [RT #25600]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington --- 9.9.0a3 released ---
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3170. [func] RPZ update:
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington - fix precedence among competing rules
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington - improve ARM text including documenting rule precedence
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington - try to rewrite CNAME chains until first hit
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington - new "rpz" logging channel
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington - RDATA for CNAME rules can include wildcards
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington - replace "NO-OP" named.conf policy override with
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington "PASSTHRU" and add "DISABLED" override ("NO-OP"
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington is still recognized)
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3169. [func] Catch db/version mis-matches when calling dns_db_*().
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3168. [bug] Nxdomain redirection could trigger an assert with
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington a ANY query. [RT #26017]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3167. [bug] Negative answers from forwarders were not being
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington correctly tagged making them appear to not be cached.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3166. [bug] Upgrading a zone to support inline-signing failed.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3165. [bug] dnssec-signzone could generate new signatures when
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington resigning, even when valid signatures were already
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington present. [RT #26025]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3164. [func] Enable DLZ modules to retrieve client information,
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington so that responses can be changed depending on the
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington source address of the query. [RT #25768]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3163. [bug] Use finer-grained locking in client.c to address
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington concurrency problems with large numbers of threads.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3162. [test] start.pl: modified to allow for "named.args" in
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington ns*/ subdirectory to override stock arguments to
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington named. Largely from RT #26044, but no separate ticket.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3161. [bug] zone.c:del_sigs failed to always reset rdata leading
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington assertion failures. [RT #25880]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3160. [bug] When printing out a NSEC3 record in multiline form
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington the newline was not being printed causing type codes
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington to be run together. [RT #25873]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3159. [bug] On some platforms, named could assert on startup
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington when running in a chrooted environment without
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington /proc. [RT #25863]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3158. [bug] Recursive servers would prefer a particular UDP
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington socket instead of using all available sockets.
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington3157. [tuning] Reduce the time spent in "rndc reconfig" by parsing
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington the config file before pausing the server. [RT #21373]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington3156. [placeholder]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington --- 9.9.0a2 released ---
7a97b7630fb5e43b64152db587b64b21ff8d5d51Brian Wellington3155. [bug] Fixed a build failure when using contrib DLZ
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington drivers (e.g., mysql, postgresql, etc). [RT #25710]
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington3154. [bug] Attempting to print an empty rdataset could trigger
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington an assert. [RT #25452]
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington3153. [func] Extend request-ixfr to zone level and remove the
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington side effect of forcing an AXFR. [RT #25156]
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington3152. [cleanup] Some versions of gcc and clang failed due to
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington incorrect use of __builtin_expect. [RT #25183]
7a97b7630fb5e43b64152db587b64b21ff8d5d51Brian Wellington3151. [bug] Queries for type RRSIG or SIG could be handled
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington incorrectly. [RT #21050]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3150. [func] Improved startup and reconfiguration time by
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington enabling zones to load in multiple threads. [RT #25333]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3149. [placeholder]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3148. [bug] Processing of normal queries could be stalled when
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington forwarding a UPDATE message. [RT #24711]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3147. [func] Initial inline signing support. [RT #23657]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington --- 9.9.0a1 released ---
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3146. [test] Fixed gcc4.6.0 errors in ATF. [RT #25598]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3145. [test] Capture output of ATF unit tests in "./atf.out" if
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington there were any errors while running them. [RT #25527]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3144. [bug] dns_dbiterator_seek() could trigger an assert when
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington used with a nonexistent database node. [RT #25358]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3143. [bug] Silence clang compiler warnings. [RT #25174]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3142. [bug] NAPTR is class agnostic. [RT #25429]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3141. [bug] Silence spurious "zone serial (0) unchanged" messages
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington associated with empty zones. [RT #25079]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3140. [func] New command "rndc flushtree <name>" clears the
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington specified name from the server cache along with
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington all names under it. [RT #19970]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3139. [test] Added tests from RFC 6234, RFC 2202, and RFC 1321
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington for the hashing algorithms (md5, sha1 - sha512, and
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington their hmac counterparts). [RT #25067]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3138. [bug] Address memory leaks and out-of-order operations when
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington shutting named down. [RT #25210]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3137. [func] Improve hardware scalability by allowing multiple
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington worker threads to process incoming UDP packets.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington This can significantly increase query throughput
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington on some systems. [RT #22992]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3136. [func] Add RFC 1918 reverse zones to the list of built-in
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington empty zones switched on by the 'empty-zones-enable'
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington option. [RT #24990]
97527fc03cdb061759e2c9529c670ac1c190ef84Brian Wellington3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington See http://www.freebsd.org/cgi/query-pr.cgi?pr=158307
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3134. [bug] Improve the accuracy of dnssec-signzone's signing
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington statistics. [RT #16030]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3133. [bug] Change #3114 was incomplete. [RT #24577]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3132. [placeholder]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3131. [tuning] Improve scalability by allocating one zone task
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington per 100 zones at startup time, rather than using a
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington fixed-size task table. [RT #24406]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3130. [func] Support alternate methods for managing a dynamic
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington zone's serial number. Two methods are currently
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff defined using serial-update-method, "increment"
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence (default) and "unixtime". [RT #23849]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff3129. [bug] Named could crash on 'rndc reconfig' when
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff allow-new-zones was set to yes and named ACLs
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff were used. [RT #22739]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff3128. [func] Inserting an NSEC3PARAM via dynamic update in an
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff auto-dnssec zone that has not been signed yet
e5c75445501bb0459753f55cf3a9529b3cb794dfBrian Wellington will cause it to be signed with the specified NSEC3
e5c75445501bb0459753f55cf3a9529b3cb794dfBrian Wellington parameters when keys are activated. The
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington NSEC3PARAM record will not appear in the zone until
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington it is signed, but the parameters will be stored.
e5c75445501bb0459753f55cf3a9529b3cb794dfBrian Wellington3127. [bug] 'rndc thaw' will now remove a zone's journal file
e5c75445501bb0459753f55cf3a9529b3cb794dfBrian Wellington if the zone serial number has been changed and
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington ixfr-from-differences is not in use. [RT #24687]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington3126. [security] Using DNAME record to generate replacements caused
e5c75445501bb0459753f55cf3a9529b3cb794dfBrian Wellington RPZ to exit with a assertion failure. [RT #24766]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington3125. [security] Using wildcard CNAME records as a replacement with
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington RPZ caused named to exit with a assertion failure.
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington3124. [bug] Use an rdataset attribute flag to indicate
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence negative-cache records rather than using rrtype 0;
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington this will prevent problems when that rrtype is
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington used in actual DNS packets. [RT #24777]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington3123. [security] Change #2912 exposed a latent flaw in
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington dns_rdataset_totext() that could cause named to
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington crash with an assertion failure. [RT #24777]
b8dd48ecf83142f6ee7238cbd68fec455e527fc8Mark Andrews3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington3121. [security] An authoritative name server sending a negative
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington response containing a very large RRset could
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington trigger an off-by-one error in the ncache code
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington and crash named. [RT #24650]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington3120. [bug] Named could fail to validate zones listed in a DLV
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington that validated insecure without using DLV and had
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence DS records in the parent zone. [RT #24631]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington3119. [bug] When rolling to a new DNSSEC key, a private-type
f7fbd68b1cd96c733140fce938a61faf8b459b6fBrian Wellington record could be created and never marked complete.
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington3118. [bug] nsupdate could dump core on shutdown when using
b1a7fea53cb35baf4ca0c6841dce20ef1f90f259Andreas Gustafsson SIG(0) keys. [RT #24604]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington3117. [cleanup] Remove doc and parser references to the
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington never-implemented 'auto-dnssec create' option.
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington3116. [func] New 'dnssec-update-mode' option controls updates
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington of DNSSEC records in signed dynamic zones. Set to
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington 'no-resign' to disable automatic RRSIG regeneration
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews while retaining the ability to sign new or changed
a03f4b1ea4f1a4a70963fbeb606841c217f9e5f3Evan Hunt data. [RT #24533]
a03f4b1ea4f1a4a70963fbeb606841c217f9e5f3Evan Hunt3115. [bug] Named could fail to return requested data when
a03f4b1ea4f1a4a70963fbeb606841c217f9e5f3Evan Hunt following a CNAME that points into the same zone.
a03f4b1ea4f1a4a70963fbeb606841c217f9e5f3Evan Hunt3114. [bug] Retain expired RRSIGs in dynamic zones if key is
a03f4b1ea4f1a4a70963fbeb606841c217f9e5f3Evan Hunt inactive and there is no replacement key. [RT #23136]
a03f4b1ea4f1a4a70963fbeb606841c217f9e5f3Evan Hunt3113. [doc] Document the relationship between serial-query-rate
a03f4b1ea4f1a4a70963fbeb606841c217f9e5f3Evan Hunt and NOTIFY messages.
a03f4b1ea4f1a4a70963fbeb606841c217f9e5f3Evan Hunt3112. [doc] Add missing descriptions of the update policy name
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington types "ms-self", "ms-subdomain", "krb5-self" and
5ca7310c8af54c68f3a5d8a84639053472a451b2Brian Wellington "krb5-subdomain", which allow machines to update
5ca7310c8af54c68f3a5d8a84639053472a451b2Brian Wellington their own records, to the BIND 9 ARM.
c5c779df9a09a9fa73149f38991ae32c92135811Brian Wellington3111. [bug] Improved consistency checks for dnssec-enable and
c5c779df9a09a9fa73149f38991ae32c92135811Brian Wellington dnssec-validation, added test cases to the
c5c779df9a09a9fa73149f38991ae32c92135811Brian Wellington checkconf system test. [RT #24398]
c5c779df9a09a9fa73149f38991ae32c92135811Brian Wellington3110. [bug] dnssec-signzone: Wrong error message could appear
5ca7310c8af54c68f3a5d8a84639053472a451b2Brian Wellington when attempting to sign with no KSK. [RT #24369]
5ca7310c8af54c68f3a5d8a84639053472a451b2Brian Wellington3109. [func] The also-notify option now uses the same syntax
5ca7310c8af54c68f3a5d8a84639053472a451b2Brian Wellington as a zone's masters clause. This means it is
5ca7310c8af54c68f3a5d8a84639053472a451b2Brian Wellington now possible to specify a TSIG key to use when
5ca7310c8af54c68f3a5d8a84639053472a451b2Brian Wellington sending notifies to a given server, or to include
5ca7310c8af54c68f3a5d8a84639053472a451b2Brian Wellington an explicit named masters list in an also-notify
5ca7310c8af54c68f3a5d8a84639053472a451b2Brian Wellington statement. [RT #23508]
5ca7310c8af54c68f3a5d8a84639053472a451b2Brian Wellington3108. [cleanup] dnssec-signzone: Clarified some error and
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington warning messages; removed #ifdef ALLOW_KSKLESS_ZONES
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington code (use -P instead). [RT #20852]
e5c75445501bb0459753f55cf3a9529b3cb794dfBrian Wellington3107. [bug] dnssec-signzone: Report the correct number of ZSKs
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington when using -x. [RT #20852]
880723fb130841459d45695b387651cacd6c9bb8Mark Andrews3106. [func] When logging client requests, include the name of
880723fb130841459d45695b387651cacd6c9bb8Mark Andrews the TSIG key if any. [RT #23619]
880723fb130841459d45695b387651cacd6c9bb8Mark Andrews3105. [bug] GOST support can be suppressed by "configure
880723fb130841459d45695b387651cacd6c9bb8Mark Andrews --without-gost" [RT #24367]
880723fb130841459d45695b387651cacd6c9bb8Mark Andrews3104. [bug] Better support for cross-compiling. [RT #24367]
880723fb130841459d45695b387651cacd6c9bb8Mark Andrews3103. [bug] Configuring 'dnssec-validation auto' in a view
880723fb130841459d45695b387651cacd6c9bb8Mark Andrews instead of in the options statement could trigger
880723fb130841459d45695b387651cacd6c9bb8Mark Andrews an assertion failure in named-checkconf. [RT #24382]
880723fb130841459d45695b387651cacd6c9bb8Mark Andrews3102. [func] New 'dnssec-loadkeys-interval' option configures
880723fb130841459d45695b387651cacd6c9bb8Mark Andrews how often, in minutes, to check the key repository
880723fb130841459d45695b387651cacd6c9bb8Mark Andrews for updates when using automatic key maintenance.
880723fb130841459d45695b387651cacd6c9bb8Mark Andrews Default is every 60 minutes (formerly hard-coded
880723fb130841459d45695b387651cacd6c9bb8Mark Andrews to 12 hours). [RT #23744]
880723fb130841459d45695b387651cacd6c9bb8Mark Andrews3101. [bug] Zones using automatic key maintenance could fail
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews to check the key repository for updates. [RT #23744]
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews3100. [security] Certain response policy zone configurations could
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews trigger an INSIST when receiving a query of type
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews RRSIG. [RT #24280]
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews3099. [test] "dlz" system test now runs but gives R:SKIPPED if
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews not compiled with --with-dlz-filesystem. [RT #24146]
f1263d2aa405087e74caf001cd443079f50ee903Mark Andrews3098. [bug] DLZ zones were answering without setting the AA bit.
f1263d2aa405087e74caf001cd443079f50ee903Mark Andrews3097. [test] Add a tool to test handling of malformed packets.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews3096. [bug] Set KRB5_KTNAME before calling log_cred() in
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews dst_gssapi_acceptctx(). [RT #24004]
f1263d2aa405087e74caf001cd443079f50ee903Mark Andrews3095. [bug] Handle isolated reserved ports in the port range.
f1263d2aa405087e74caf001cd443079f50ee903Mark Andrews3094. [doc] Expand dns64 documentation.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews3093. [bug] Fix gssapi/kerberos dependencies [RT #23836]
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews3092. [bug] Signatures for records at the zone apex could go
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews stale due to an incorrect timer setting. [RT #23769]
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews3091. [bug] Fixed a bug in which zone keys that were published
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington and then subsequently activated could fail to trigger
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington automatic signing. [RT #22911]
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington3090. [func] Make --with-gssapi default [RT #23738]
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington3089. [func] dnssec-dsfromkey now supports reading keys from
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington standard input "dnssec-dsfromkey -f -". [RT #20662]
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
8d6fe3f38895752e3603cf2e1e9a0446b38f20cfBrian Wellington and add setup.sh in order to resolve changing
8d6fe3f38895752e3603cf2e1e9a0446b38f20cfBrian Wellington named.conf issue. [RT #23687]
bb71d64085c044920d978fc706996e7e2c0ccb4eBrian Wellington3087. [bug] DDNS updates using SIG(0) with update-policy match
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews type "external" could cause a crash. [RT #23735]
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews3086. [bug] Running dnssec-settime -f on an old-style key will
bb71d64085c044920d978fc706996e7e2c0ccb4eBrian Wellington now force an update to the new key format even if no
bb71d64085c044920d978fc706996e7e2c0ccb4eBrian Wellington other change has been specified, using "-P now -A now"
bb71d64085c044920d978fc706996e7e2c0ccb4eBrian Wellington as default values. [RT #22474]
bb71d64085c044920d978fc706996e7e2c0ccb4eBrian Wellington3085. [func] New '-R' option in dnssec-signzone forces removal
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews of signatures which have not yet expired but
b8dd48ecf83142f6ee7238cbd68fec455e527fc8Mark Andrews were generated by a key that no longer exists.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington3084. [func] A new command "rndc sync" dumps pending changes in
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington a dynamic zone to disk; "rndc sync -clean" also
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington removes the journal file after syncing. Also,
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington "rndc freeze" no longer removes journal files.
81b438273a0c3141144d169a7ccb110150757337Brian Wellington3083. [bug] NOTIFY messages were not being sent when generating
81b438273a0c3141144d169a7ccb110150757337Brian Wellington a NSEC3 chain incrementally. [RT #23702]
81b438273a0c3141144d169a7ccb110150757337Brian Wellington3082. [port] strtok_r is threads only. [RT #23747]
81b438273a0c3141144d169a7ccb110150757337Brian Wellington3081. [bug] Failure of DNAME substitution did not return
c637772ac34b4abb76a250eca89930e6f2bc2ce9Brian Wellington YXDOMAIN. [RT #23591]
81b438273a0c3141144d169a7ccb110150757337Brian Wellington3080. [cleanup] Replaced compile time constant by STDTIME_ON_32BITS.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington3079. [bug] Handle isc_event_allocate failures in t_tasks.
bb71d64085c044920d978fc706996e7e2c0ccb4eBrian Wellington3078. [func] Added a new include file with function typedefs
930ecd3756ce0a2f9d9a48a0c6eb98f4a4375824Brian Wellington for the DLZ "dlopen" driver. [RT #23629]
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews3077. [bug] zone.c:zone_refreshkeys() incorrectly called
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews dns_zone_attach(), use zone->irefs instead. [RT #23303]
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington dnssec-keyfromlabel sets the default TTL of the
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington key. When possible, automatic signing will use that
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington TTL when the key is published. [RT #23304]
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistent
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington timestamp when determining which keys are active.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington3074. [bug] Make the adb cache read through for zone data and
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington glue learn for zone named is authoritative for.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington3073. [bug] managed-keys changes were not properly being recorded.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference.
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence3071. [bug] has_nsec could be used uninitialized in
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington update.c:next_active. [RT #20256]
5c29047792191d6141f69b2684314d0b762fedebBrian Wellington3070. [bug] dnssec-signzone potential NULL pointer dereference.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington3069. [cleanup] Silence warnings messages from clang static analysis.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington3068. [bug] Named failed to build with a OpenSSL without engine
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington support. [RT #23473]
c50936eb40263b65ebf6afe4e6556e2dc67c10e4Brian Wellington3067. [bug] ixfr-from-differences {master|slave}; failed to
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington select the master/slave zones. [RT #23580]
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington3066. [func] The DLZ "dlopen" driver is now built by default,
c50936eb40263b65ebf6afe4e6556e2dc67c10e4Brian Wellington no longer requiring a configure option. To
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington disable it, use "configure --without-dlopen".
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington Driver also supported on win32. [RT #23467]
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington3065. [bug] RRSIG could have time stamps too far in the future.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington3064. [bug] powerpc: add sync instructions to the end of atomic
d1eee4693871f9e02fc8598e2e2f8fac80df25a3Brian Wellington operations. [RT #23469]
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington3063. [contrib] More verbose error reporting from DLZ LDAP. [RT #23402]
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington3062. [func] Made several changes to enhance human readability
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington of DNSSEC data in dig output and in generated
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk - DNSKEY record comments are more verbose, no
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk longer used in multiline mode only
fd71f5a87fbef60a9c8823495765723a40bed641Mark Andrews - multiline RRSIG records reformatted
fd71f5a87fbef60a9c8823495765723a40bed641Mark Andrews - multiline output mode for NSEC3PARAM records
fd71f5a87fbef60a9c8823495765723a40bed641Mark Andrews - "dig +norrcomments" suppresses DNSKEY comments
fd71f5a87fbef60a9c8823495765723a40bed641Mark Andrews - "dig +split=X" breaks hex/base64 records into
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk fields of width X; "dig +nosplit" disables this.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #22820]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3061. [func] New option "dnssec-signzone -D", only write out
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk generated DNSSEC records. [RT #22896]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3060. [func] New option "dnssec-signzone -X <date>" allows
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer specification of a separate expiration date
668f8d91db59f4dd89a0b54206f87879354339f5Brian Wellington for DNSKEY RRSIGs and other RRSIGs. [RT #22141]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3059. [test] Added a regression test for change #3023.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3058. [bug] Cause named to terminate at startup or rndc reconfig/
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk reload to fail, if a log file specified in the conf
13396661f46572d7b94703a25721aad040fbd91aMark Andrews file isn't a plain file. [RT #22771]
e63d63dc8510c669e1575b2762265842e8783822Evan Hunt3057. [bug] "rndc secroots" would abort after the first error
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer and so could miss some views. [RT #23488]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3056. [func] Added support for URI resource record. [RT #23386]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3055. [placeholder]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3054. [bug] Added elliptic curve support check in
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer GOST OpenSSL engine detection. [RT #23485]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3053. [bug] Under a sustained high query load with a finite
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer max-cache-size, it was possible for cache memory
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk to be exhausted and not recovered. [RT #23371]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3052. [test] Fixed last autosign test report. [RT #23256]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3051. [bug] NS records obscure DNAME records at the bottom of the
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk zone if both are present. [RT #23035]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3050. [bug] The autosign system test was timing dependent.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk Wait for the initial autosigning to complete
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer before running the rest of the test. [RT #23035]
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer3049. [bug] Save and restore the gid when creating creating
77397daf05511dc737eeec159badc05f11bfadddMark Andrews named.pid at startup. [RT #23290]
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer3048. [bug] Fully separate view key management. [RT #23419]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3047. [bug] DNSKEY NODATA responses not cached fixed in
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer validator.c. Tests added to dnssec system test.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3046. [bug] Use RRSIG original TTL to compute validated RRset
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk and RRSIG TTL. [RT #23332]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3045. [removed] Replaced by change #3050.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3044. [bug] Hold the socket manager lock while freeing the socket.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3043. [test] Merged in the NetBSD ATF test framework (currently
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer version 0.12) for development of future unit tests.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer Use configure --with-atf to build ATF internally
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer or configure --with-atf=prefix to use an external
4d42b714be10e6f163d23507e4e3a396a8ac0364Automatic Updater copy. [RT #23209]
13396661f46572d7b94703a25721aad040fbd91aMark Andrews3042. [bug] dig +trace could fail attempting to use IPv6
13396661f46572d7b94703a25721aad040fbd91aMark Andrews addresses on systems with only IPv4 connectivity.
13396661f46572d7b94703a25721aad040fbd91aMark Andrews3041. [bug] dnssec-signzone failed to generate new signatures on
13396661f46572d7b94703a25721aad040fbd91aMark Andrews ttl changes. [RT #23330]
531eafa3026663020f4a2ac5587cce44341e3442Andreas Gustafsson3040. [bug] Named failed to validate insecure zones where a node
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk with a CNAME existed between the trust anchor and the
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk top of the zone. [RT #23338]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3039. [func] Redirect on NXDOMAIN support. [RT #23146]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3038. [bug] Install <dns/rpz.h>. [RT #23342]
531eafa3026663020f4a2ac5587cce44341e3442Andreas Gustafsson3037. [doc] Update COPYRIGHT to contain all the individual
668f8d91db59f4dd89a0b54206f87879354339f5Brian Wellington copyright notices that cover various parts.
531eafa3026663020f4a2ac5587cce44341e3442Andreas Gustafsson3036. [bug] Check built-in zone arguments to see if the zone
531eafa3026663020f4a2ac5587cce44341e3442Andreas Gustafsson is re-usable or not. [RT #21914]
668f8d91db59f4dd89a0b54206f87879354339f5Brian Wellington3035. [cleanup] Simplify by using strlcpy. [RT #22521]
531eafa3026663020f4a2ac5587cce44341e3442Andreas Gustafsson3034. [cleanup] nslookup: use strlcpy instead of safecopy. [RT #22521]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3033. [cleanup] Add two INSIST(bucket != DNS_ADB_INVALIDBUCKET).
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3031. [bug] dns_rdataclass_format() handle a zero sized buffer.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #22521]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3030. [bug] dns_rdatatype_format() handle a zero sized buffer.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #22521]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3029. [bug] isc_netaddr_format() handle a zero sized buffer.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3028. [bug] isc_sockaddr_format() handle a zero sized buffer.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3027. [bug] Add documented REQUIREs to cfg_obj_asnetprefix() to
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk catch NULL pointer dereferences before they happen.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer3026. [bug] lib/isc/httpd.c: check that we have enough space
d7b9756a214030b0022ce791b67b12fb7bceeea0Evan Hunt after calling grow_headerspace() and if not
292eb9c4e4fc51aec911e72821735a123a8c252aMark Andrews re-call grow_headerspace() until we do. [RT #22521]
d7b9756a214030b0022ce791b67b12fb7bceeea0Evan Hunt3025. [bug] Fixed a possible deadlock due to zone resigning.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3024. [func] RTT Banding removed due to minor security increase
d7b9756a214030b0022ce791b67b12fb7bceeea0Evan Hunt but major impact on resolver latency. [RT #23310]
bd08b82891ea6abb339d06d86734df7f4febf533Mark Andrews3023. [bug] Named could be left in an inconsistent state when
bd08b82891ea6abb339d06d86734df7f4febf533Mark Andrews receiving multiple AXFR response messages that were
bd08b82891ea6abb339d06d86734df7f4febf533Mark Andrews not all TSIG-signed. [RT #23254]
46fc714aa0558bfb96c195983a48703659db1f5dMark Andrews3022. [bug] Fixed rpz SERVFAILs after failed zone transfers
292eb9c4e4fc51aec911e72821735a123a8c252aMark Andrews3021. [bug] Change #3010 was incomplete. [RT #22296]
d7b9756a214030b0022ce791b67b12fb7bceeea0Evan Hunt3020. [bug] auto-dnssec failed to correctly update the zone when
292eb9c4e4fc51aec911e72821735a123a8c252aMark Andrews changing the DNSKEY RRset. [RT #23232]
d7b9756a214030b0022ce791b67b12fb7bceeea0Evan Hunt3019. [test] Test: check apex NSEC3 records after adding DNSKEY
1330ae5fc207ce2db4c1e0670a43f3c9e654152eEvan Hunt record via UPDATE. [RT #23229]
1330ae5fc207ce2db4c1e0670a43f3c9e654152eEvan Hunt3018. [bug] Named failed to check for the "none;" acl when deciding
d7b9756a214030b0022ce791b67b12fb7bceeea0Evan Hunt if a zone may need to be re-signed. [RT #23120]
292eb9c4e4fc51aec911e72821735a123a8c252aMark Andrews3017. [doc] dnssec-keyfromlabel -I was not properly documented.
395e6865d5b0ec13c1e4cc3947598153aa4e4914Evan Hunt3016. [bug] rndc usage missing '-b'. [RT #22937]
395e6865d5b0ec13c1e4cc3947598153aa4e4914Evan Hunt3015. [port] win32: fix IN6_IS_ADDR_LINKLOCAL and
395e6865d5b0ec13c1e4cc3947598153aa4e4914Evan Hunt IN6_IS_ADDR_SITELOCAL macros. [RT #22724]
395e6865d5b0ec13c1e4cc3947598153aa4e4914Evan Hunt3014. [placeholder]
0302fcbf7e41fdbcf55f70cc040e3e55f448c06cEvan Hunt3013. [bug] The DNS64 ttl was not always being set as expected.
395e6865d5b0ec13c1e4cc3947598153aa4e4914Evan Hunt3012. [bug] Remove DNSKEY TTL change pairs before generating
0302fcbf7e41fdbcf55f70cc040e3e55f448c06cEvan Hunt signing records for any remaining DNSKEY changes.
395e6865d5b0ec13c1e4cc3947598153aa4e4914Evan Hunt3011. [func] Change the default query timeout from 30 seconds
395e6865d5b0ec13c1e4cc3947598153aa4e4914Evan Hunt to 10. Allow setting this in named.conf using the new
db9781d4a2ed15c4b34bb5c97ea68b8f598992fcMark Andrews 'resolver-query-timeout' option, which specifies a max
d7b9756a214030b0022ce791b67b12fb7bceeea0Evan Hunt time in seconds. 0 means 'default' and anything longer
d7b9756a214030b0022ce791b67b12fb7bceeea0Evan Hunt than 30 will be silently set to 30. [RT #22852]
d7b9756a214030b0022ce791b67b12fb7bceeea0Evan Hunt3010. [bug] Fixed a bug where "rndc reconfig" stopped the timer
11463c0ac24692e229ec87f307f5e7df3c0a7e10Evan Hunt for refreshing managed-keys. [RT #22296]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3009. [bug] clients-per-query code didn't work as expected with
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk particular query patterns. [RT #22972]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk --- 9.8.0b1 released ---
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3008. [func] Response policy zones (RPZ) support. [RT #21726]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3007. [bug] Named failed to preserve the case of domain names in
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk rdata which is not compressible when writing master
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk files. [RT #22863]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3006. [func] Allow dynamically generated TSIG keys to be preserved
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk across restarts of named. Initially this is for
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk TSIG keys generated using GSSAPI. [RT #22639]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3005. [port] Solaris: Work around the lack of
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk gsskrb5_register_acceptor_identity() by setting
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk the KRB5_KTNAME environment variable to the
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk contents of tkey-gssapi-keytab. Also fixed
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk test errors on MacOSX. [RT #22853]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3004. [func] DNS64 reverse support. [RT #22769]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3003. [experimental] Added update-policy match type "external",
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk enabling named to defer the decision of whether to
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk allow a dynamic update to an external daemon.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk (Contributed by Andrew Tridgell.) [RT #22758]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3002. [bug] isc_mutex_init_errcheck() failed to destroy attr.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #22766]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3001. [func] Added a default trust anchor for the root zone, which
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk can be switched on by setting "dnssec-validation auto;"
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk in the named.conf options. [RT #21727]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk3000. [bug] More TKEY/GSS fixes:
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk - nsupdate can now get the default realm from
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk the user's Kerberos principal
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk - corrected gsstest compilation flags
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk - improved documentation
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk - fixed some NULL dereferences
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #22795]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2999. [func] Add GOST support (RFC 5933). [RT #20639]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2998. [func] Add isc_task_beginexclusive and isc_task_endexclusive
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk to the task api. [RT #22776]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2997. [func] named -V now reports the OpenSSL and libxml2 verions
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk it was compiled against. [RT #22687]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2996. [security] Temporarily disable SO_ACCEPTFILTER support.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #22589]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2995. [bug] The Kerberos realm was not being correctly extracted
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk from the signer's identity. [RT #22770]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2994. [port] NetBSD: use pthreads by default on NetBSD >= 5.0, and
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk do not use threads on earlier versions. Also kill
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk the unproven-pthreads, mit-pthreads, and ptl2 support.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2993. [func] Dynamically grow adb hash tables. [RT #21186]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2992. [contrib] contrib/check-secure-delegation.pl: A simple tool
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk for looking at a secure delegation. [RT #22059]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk dynamic zones. [RT #22365]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2990. [bug] 'dnssec-settime -S' no longer tests prepublication
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk interval validity when the interval is set to 0.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #22761]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2989. [func] Added support for writable DLZ zones. (Contributed
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk by Andrew Tridgell of the Samba project.) [RT #22629]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk of external DLZ drivers that can be loaded as
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk shared objects at runtime rather than linked with
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk named. Currently this is switched on via a
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk compile-time option, "configure --with-dlz-dlopen".
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk Note: the syntax for configuring DLZ zones
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk is likely to be refined in future releases.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk (Contributed by Andrew Tridgell of the Samba
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk project.) [RT #22629]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2987. [func] Improve ease of configuring TKEY/GSS updates by
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk adding a "tkey-gssapi-keytab" option. If set,
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk updates will be allowed with any key matching
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk a principal in the specified keytab file.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk "tkey-gssapi-credential" is no longer required
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk and is expected to be deprecated. (Contributed
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk by Andrew Tridgell of the Samba project.)
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #22629]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2986. [func] Add new zone type "static-stub". It's like a stub
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk zone, but the nameserver names and/or their IP
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk addresses are statically configured. [RT #21474]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2985. [bug] Add a regression test for change #2896. [RT #21324]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2984. [bug] Don't run MX checks when the target of the MX record
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk is ".". [RT #22645]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2983. [bug] Include "loadkeys" in rndc help output. [RT #22493]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk --- 9.8.0a1 released ---
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2982. [bug] Reference count dst keys. dst_key_attach() can be used
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk increment the reference count.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk Note: dns_tsigkey_createfromkey() callers should now
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk always call dst_key_free() rather than setting it
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk to NULL on success. [RT #22672]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2980. [bug] named didn't properly handle UPDATES that changed the
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk TTL of the NSEC3PARAM RRset. [RT #22363]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2979. [bug] named could deadlock during shutdown if two
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk "rndc stop" commands were issued at the same
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk time. [RT #22108]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2978. [port] hpux: look for <devpoll.h> [RT #21919]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2977. [bug] 'nsupdate -l' report if the session key is missing.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #21670]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2976. [bug] named could die on exit after negotiating a GSS-TSIG
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk key. [RT #22573]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk wrong lock which could lead to server deadlock.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #22614]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2974. [bug] Some valid UPDATE requests could fail due to a
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk consistency check examining the existing version
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews of the zone rather than the new version resulting
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews from the UPDATE. [RT #22413]
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews2973. [bug] bind.keys.h was being removed by the "make clean"
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews at the end of configure resulting in build failures
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews where there is very old version of perl installed.
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews Move it to "make maintainer-clean". [RT #22230]
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews2972. [bug] win32: address windows socket errors. [RT #21906]
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews2971. [bug] Fixed a bug that caused journal files not to be
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews compacted on Windows systems as a result of
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews non-POSIX-compliant rename() semantics. [RT #22434]
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews2970. [security] Adding a NO DATA negative cache entry failed to clear
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews any matching RRSIG records. A subsequent lookup of
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews of NO DATA cache entry could trigger a INSIST when the
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk unexpected RRSIG was also returned with the NO DATA
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk cache entry.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk CVE-2010-3613, VU#706148. [RT #22288]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2969. [security] Fix acl type processing so that allow-query works
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk in options and view statements. Also add a new
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk set of tests to verify proper functioning.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk CVE-2010-3615, VU#510208. [RT #22418]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2968. [security] Named could fail to prove a data set was insecure
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk before marking it as insecure. One set of conditions
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk that can trigger this occurs naturally when rolling
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk DNSKEY algorithms.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk CVE-2010-3614, VU#837744. [RT #22309]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2967. [bug] 'host -D' now turns on debugging messages earlier.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #22361]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2966. [bug] isc_print_vsnprintf() failed to check if there was
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk space available in the buffer when adding a left
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk justified character with a non zero width,
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk (e.g. "%-1c"). [RT #22270]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2965. [func] Test HMAC functions using test data from RFC 2104 and
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk RFC 4634. [RT #21702]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2964. [placeholder]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2963. [security] The allow-query acl was being applied instead of the
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk allow-query-cache acl to cache lookups. [RT #22114]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2962. [port] win32: add more dependencies to BINDBuild.dsw.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #22062]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2961. [bug] Be still more selective about the non-authoritative
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk answers we apply change 2748 to. [RT #22074]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2960. [func] Check that named accepts non-authoritative answers.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #21594]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2959. [func] Check that named starts with a missing masterfile.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #22076]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2958. [bug] named failed to start with a missing master file.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #22076]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2957. [bug] entropy_get() and entropy_getpseudo() failed to match
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk the API for RAND_bytes() and RAND_pseudo_bytes()
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk respectively. [RT #21962]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2956. [port] Enable atomic operations on the PowerPC64. [RT #21899]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2955. [func] Provide more detail in the recursing log. [RT #22043]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk build_sqldbinstance failure. [RT #21623]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2953. [bug] Silence spurious "expected covering NSEC3, got an
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk exact match" message when returning a wildcard
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk no data response. [RT #21744]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2952. [port] win32: named-checkzone and named-checkconf failed
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk to initialize winsock. [RT #21932]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2951. [bug] named failed to generate a correct signed response
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk in a optout, delegation only zone with no secure
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk delegations. [RT #22007]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2950. [bug] named failed to perform a SOA up to date check when
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk falling back to TCP on UDP timeouts when
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk ixfr-from-differences was set. [RT #21595]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2949. [bug] dns_view_setnewzones() contained a memory leak if
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk it was called multiple times. [RT #21942]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2948. [port] MacOS: provide a mechanism to configure the test
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk interfaces at reboot. See bin/tests/system/README
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk for details.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2947. [placeholder]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2946. [doc] Document the default values for the minimum and maximum
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk zone refresh and retry values in the ARM. [RT #21886]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2945. [doc] Update empty-zones list in ARM. [RT #21772]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2944. [maint] Remove ORCHID prefix from built in empty zones.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #21772]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2943. [func] Add support to load new keys into managed zones
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk without signing immediately with "rndc loadkeys".
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk Add support to link keys with "dnssec-keygen -S"
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk and "dnssec-settime -S". [RT #21351]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2942. [contrib] zone2sqlite failed to setup the entropy sources.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #21610]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2941. [bug] sdb and sdlz (dlz's zone database) failed to support
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk DNAME at the zone apex. [RT #21610]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2940. [port] Remove connection aborted error message on
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk Windows. [RT #21549]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2939. [func] Check that named successfully skips NSEC3 records
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk that fail to match the NSEC3PARAM record currently
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk in use. [RT #21868]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2938. [bug] When generating signed responses, from a signed zone
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk that uses NSEC3, named would use a uninitialized
d7b9756a214030b0022ce791b67b12fb7bceeea0Evan Hunt pointer if it needed to skip a NSEC3 record because
d7b9756a214030b0022ce791b67b12fb7bceeea0Evan Hunt it didn't match the selected NSEC3PARAM record for
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer zone. [RT #21868]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2937. [bug] Worked around an apparent race condition in over
668f8d91db59f4dd89a0b54206f87879354339f5Brian Wellington memory conditions. Without this fix a DNS cache DB or
c7868e2262d57451c7f0ce246be5f44e8c33f1e0Michael Sawyer ADB could incorrectly stay in an over memory state,
586d94eb740587975d5348b22a5fb8440d95925dMark Andrews effectively refusing further caching, which
586d94eb740587975d5348b22a5fb8440d95925dMark Andrews subsequently made a BIND 9 caching server unworkable.
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer This fix prevents this problem from happening by
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer polling the state of the memory context, rather than
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer making a copy of the state, which appeared to cause
90ad126bb363ad419b1348dea2b8613b21b4ded8Andreas Gustafsson a race. This is a "workaround" in that it doesn't
5d7b81d2a49d237ff5e73fdc4bd3394a3ee29392Mark Andrews solve the possible race per se, but several experiments
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews proved this change solves the symptom. Also, the
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews polling overhead hasn't been reported to be an issue.
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews This bug should only affect a caching server that
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews specifies a finite max-cache-size. It's also quite
8db2b65318b72e3ee477d6f6a346b525dd2db53aAndreas Gustafsson likely that the bug happens only when enabling threads,
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer but it's not confirmed yet. [RT #21818]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2936. [func] Improved configuration syntax and multiple-view
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer support for addzone/delzone feature (see change
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk #2930). Removed "new-zone-file" option, replaced
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk with "allow-new-zones (yes|no)". The new-zone-file
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk for each view is now created automatically, with
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer a filename generated from a hash of the view name.
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer It is no longer necessary to "include" the
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer new-zone-file in named.conf; this happens
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer automatically. Zones that were not added via
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer "rndc addzone" can no longer be removed with
b66b333f59cf51ef87f973084a5023acd9317fb2Evan Hunt "rndc delzone". [RT #19447]
ab3f2d77bddef25a0af62d89894cb4964ee4f1d8Andreas Gustafsson2935. [bug] nsupdate: improve 'file not found' error message.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
a207a2835e37de52e11d4c143c0425e749409c46Mark Andrews2933. [bug] 'dig +nsid' used stack memory after it went out of
ab3f2d77bddef25a0af62d89894cb4964ee4f1d8Andreas Gustafsson scope. This could potentially result in a unknown,
5d7b81d2a49d237ff5e73fdc4bd3394a3ee29392Mark Andrews potentially malformed, EDNS option being sent instead
5d7b81d2a49d237ff5e73fdc4bd3394a3ee29392Mark Andrews of the desired NSID option. [RT #21781]
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews2932. [cleanup] Corrected a numbering error in the "dnssec" test.
5d7b81d2a49d237ff5e73fdc4bd3394a3ee29392Mark Andrews2931. [bug] Temporarily and partially disable change 2864
8d00c5ab2c16985457947ddb0376707ab7094b80Mark Andrews because it would cause infinite attempts of RRSIG
5d7b81d2a49d237ff5e73fdc4bd3394a3ee29392Mark Andrews queries. This is an urgent care fix; we'll
5d7b81d2a49d237ff5e73fdc4bd3394a3ee29392Mark Andrews revisit the issue and complete the fix later.
5d7b81d2a49d237ff5e73fdc4bd3394a3ee29392Mark Andrews2930. [experimental] New "rndc addzone" and "rndc delzone" commands
ab3f2d77bddef25a0af62d89894cb4964ee4f1d8Andreas Gustafsson allow dynamic addition and deletion of zones.
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews To enable this feature, specify a "new-zone-file"
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews option at the view or options level in named.conf.
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews Zone configuration information for the new zones
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews will be written into that file. To make the new
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews zones persist after a restart, "include" the file
bd08b82891ea6abb339d06d86734df7f4febf533Mark Andrews into named.conf in the appropriate view. (Note:
bd08b82891ea6abb339d06d86734df7f4febf533Mark Andrews This feature is not yet documented, and its syntax
bd08b82891ea6abb339d06d86734df7f4febf533Mark Andrews is expected to change.) [RT #19447]
bd08b82891ea6abb339d06d86734df7f4febf533Mark Andrews2929. [bug] Improved handling of GSS security contexts:
bd08b82891ea6abb339d06d86734df7f4febf533Mark Andrews - added LRU expiration for generated TSIGs
bd08b82891ea6abb339d06d86734df7f4febf533Mark Andrews - added the ability to use a non-default realm
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews - added new "realm" keyword in nsupdate
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews - limited lifetime of generated keys to 1 hour
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews or the lifetime of the context (whichever is
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews2928. [bug] Be more selective about the non-authoritative
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews answer we apply change 2748 to. [RT #21594]
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews2927. [placeholder]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2926. [placeholder]
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews2925. [bug] Named failed to accept uncachable negative responses
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews from insecure zones. [RT #21555]
ce67023ae3ad39a77da5361d0187ab6f3f0219cbMark Andrews2924. [func] 'rndc secroots' dump a combined summary of the
d7b9756a214030b0022ce791b67b12fb7bceeea0Evan Hunt current managed keys combined with trusted keys.
46fc714aa0558bfb96c195983a48703659db1f5dMark Andrews2923. [bug] 'dig +trace' could drop core after "connection
292eb9c4e4fc51aec911e72821735a123a8c252aMark Andrews timeout". [RT #21514]
0796eca5f7159622c0aa04ab41ca943a3493dc56Tinderbox User2922. [contrib] Update zkt to version 1.0.
292eb9c4e4fc51aec911e72821735a123a8c252aMark Andrews2921. [bug] The resolver could attempt to destroy a fetch context
292eb9c4e4fc51aec911e72821735a123a8c252aMark Andrews too soon. [RT #19878]
46fc714aa0558bfb96c195983a48703659db1f5dMark Andrews2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
292eb9c4e4fc51aec911e72821735a123a8c252aMark Andrews to IPv4 clients. New acl 'filter-aaaa' (default any).
46fc714aa0558bfb96c195983a48703659db1f5dMark Andrews2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.
16134801ce8fffbb6c42bb54d544c3397a45ad06Mark Andrews2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
16134801ce8fffbb6c42bb54d544c3397a45ad06Mark Andrews2917. [func] Virtual time test framework. [RT #20801]
16134801ce8fffbb6c42bb54d544c3397a45ad06Mark Andrews2916. [func] Add framework to use IPv6 in tests.
16134801ce8fffbb6c42bb54d544c3397a45ad06Mark Andrews fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
2879ee2c72638ea190728f931ce286760caa4521Evan Hunt2915. [cleanup] Be smarter about which objects we attempt to compile
2879ee2c72638ea190728f931ce286760caa4521Evan Hunt based on configure options. [RT #21444]
2879ee2c72638ea190728f931ce286760caa4521Evan Hunt2914. [bug] Make the "autosign" system test more portable.
51d6d7eea46134078fbaf5824c34f836a44d0784Mark Andrews2913. [func] Add pkcs#11 system tests. [RT #20784]
16134801ce8fffbb6c42bb54d544c3397a45ad06Mark Andrews2912. [func] Windows clients don't like UPDATE responses that clear
33a4294f442f7505c8e2453beb422b5928ec697cMark Andrews the zone section. [RT #20986]
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews2911. [bug] dnssec-signzone didn't handle out of zone records well.
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews2910. [func] Sanity check Kerberos credentials. [RT #20986]
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews2909. [bug] named-checkconf -p could die if "update-policy local;"
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews was specified in named.conf. [RT #21416]
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews2908. [bug] It was possible for re-signing to stop after removing
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews a DNSKEY. [RT #21384]
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews2907. [bug] The export version of libdns had undefined references.
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews2906. [bug] Address RFC 5011 implementation issues. [RT #20903]
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews2905. [port] aix: set use_atomic=yes with native compiler.
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews2904. [bug] When using DLV, sub-zones of the zones in the DLV,
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews could be incorrectly marked as insecure instead of
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews secure leading to negative proofs failing. This was
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews a unintended outcome from change 2890. [RT #21392]
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews2903. [bug] managed-keys-directory missing from namedconf.c.
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews2902. [func] Add regression test for change 2897. [RT #21040]
b5f6271f4daf1e54501af2cb7dd278d7e8003d65Mark Andrews2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
b5f6271f4daf1e54501af2cb7dd278d7e8003d65Mark Andrews2900. [bug] The placeholder negative caching element was not
b5f6271f4daf1e54501af2cb7dd278d7e8003d65Mark Andrews properly constructed triggering a INSIST in
b5f6271f4daf1e54501af2cb7dd278d7e8003d65Mark Andrews dns_ncache_towire(). [RT #21346]
b5f6271f4daf1e54501af2cb7dd278d7e8003d65Mark Andrews2899. [port] win32: Support linking against OpenSSL 1.0.0.
11463c0ac24692e229ec87f307f5e7df3c0a7e10Evan Hunt2898. [bug] nslookup leaked memory when -domain=value was
11463c0ac24692e229ec87f307f5e7df3c0a7e10Evan Hunt specified. [RT #21301]
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews2897. [bug] NSEC3 chains could be left behind when transitioning
a499dddb4b4d4db2bb6ced82b5ee7a459e23603eEvan Hunt to insecure. [RT #21040]
b5f6271f4daf1e54501af2cb7dd278d7e8003d65Mark Andrews2896. [bug] "rndc sign" failed to properly update the zone
ce67023ae3ad39a77da5361d0187ab6f3f0219cbMark Andrews when adding a DNSKEY for publication only. [RT #21045]
6aaf3d01a1a9829802498c5772b22d649d012181Mark Andrews2895. [func] genrandom: add support for the generation of multiple
6aaf3d01a1a9829802498c5772b22d649d012181Mark Andrews files. [RT #20917]
f0c00f10a0b15e551655a309e3bc9252e6bf8cfdMark Andrews2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
6aaf3d01a1a9829802498c5772b22d649d012181Mark Andrews2893. [bug] Improve managed keys support. New named.conf option
6aaf3d01a1a9829802498c5772b22d649d012181Mark Andrews managed-keys-directory. [RT #20924]
6aaf3d01a1a9829802498c5772b22d649d012181Mark Andrews2892. [bug] Handle REVOKED keys better. [RT #20961]
6aaf3d01a1a9829802498c5772b22d649d012181Mark Andrews2891. [maint] Update empty-zones list to match
6aaf3d01a1a9829802498c5772b22d649d012181Mark Andrews draft-ietf-dnsop-default-local-zones-13. [RT #21099]
6aaf3d01a1a9829802498c5772b22d649d012181Mark Andrews2890. [bug] Handle the introduction of new trusted-keys and
ce67023ae3ad39a77da5361d0187ab6f3f0219cbMark Andrews DS, DLV RRsets better. [RT #21097]
b5f6271f4daf1e54501af2cb7dd278d7e8003d65Mark Andrews2889. [bug] Elements of the grammar where not properly reported.
b5f6271f4daf1e54501af2cb7dd278d7e8003d65Mark Andrews2888. [bug] Only the first EDNS option was displayed. [RT #21273]
46fc714aa0558bfb96c195983a48703659db1f5dMark Andrews2887. [bug] Report the keytag times in UTC in the .key file,
46fc714aa0558bfb96c195983a48703659db1f5dMark Andrews local time is presented as a comment within the
46fc714aa0558bfb96c195983a48703659db1f5dMark Andrews comment. [RT #21223]
b5f6271f4daf1e54501af2cb7dd278d7e8003d65Mark Andrews2886. [bug] ctime() is not thread safe. [RT #21223]
b5f6271f4daf1e54501af2cb7dd278d7e8003d65Mark Andrews2885. [bug] Improve -fno-strict-aliasing support probing in
b5f6271f4daf1e54501af2cb7dd278d7e8003d65Mark Andrews configure. [RT #21080]
586d94eb740587975d5348b22a5fb8440d95925dMark Andrews2884. [bug] Insufficient validation in dns_name_getlabelsequence().
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews2883. [bug] 'dig +short' failed to handle really large datasets.
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews2882. [bug] Remove memory context from list of active contexts
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews before clearing 'magic'. [RT #21274]
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews2881. [bug] Reduce the amount of time the rbtdb write lock
a499dddb4b4d4db2bb6ced82b5ee7a459e23603eEvan Hunt is held when closing a version. [RT #21198]
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews consistent. [RT #21078]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2878. [func] Incrementally write the master file after performing
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk a AXFR. [RT #21010]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2877. [bug] The validator failed to skip obviously mismatching
668f8d91db59f4dd89a0b54206f87879354339f5Brian Wellington RRSIGs. [RT #21138]
c9c5b25473f3ef04ba2cfe00b21869f8050dd921Michael Sawyer2876. [bug] Named could return SERVFAIL for negative responses
c9c5b25473f3ef04ba2cfe00b21869f8050dd921Michael Sawyer from unsigned zones. [RT #21131]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2875. [bug] dns_time64_fromtext() could accept non digits.
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2874. [bug] Cache lack of EDNS support only after the server
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk successfully responds to the query using plain DNS.
668f8d91db59f4dd89a0b54206f87879354339f5Brian Wellington2873. [bug] Canceling a dynamic update via the dns/client module
c9c5b25473f3ef04ba2cfe00b21869f8050dd921Michael Sawyer could trigger an assertion failure. [RT #21133]
194de894f0697562f94e048f573d99260a18a639Michael Sawyer2872. [bug] Modify dns/client.c:dns_client_createx() to only
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer require one of IPv4 or IPv6 rather than both.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2871. [bug] Type mismatch in mem_api.c between the definition and
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk the header file, causing build failure with
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer --enable-exportlib. [RT #21138]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
f647c0df9fd334b19a5bdc9c252f90d94c0abf1eMark Andrews2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2868. [cleanup] Run "make clean" at the end of configure to ensure
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer any changes made by configure are integrated.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer Use --with-make-clean=no to disable. [RT #20994]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk don't like it. [RT #20986]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2866. [bug] Windows does not like the TSIG name being compressed.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #20986]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2865. [bug] memset to zero event.data. [RT #20986]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #21050]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #21056]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2862. [bug] nsupdate didn't default to the parent zone when
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk updating DS records. [RT #20896]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2861. [doc] dnssec-settime man pages didn't correctly document the
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk inactivation time. [RT #21039]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2860. [bug] named-checkconf's usage was out of date. [RT #21039]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2859. [bug] When canceling validation it was possible to leak
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk memory. [RT #20800]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2858. [bug] RTT estimates were not being adjusted on ICMP errors.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #20772]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2857. [bug] named-checkconf did not fail on a bad trusted key.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #20705]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2856. [bug] The size of a memory allocation was not always properly
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk recorded. [RT #20927]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2855. [func] nsupdate will now preserve the entered case of domain
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk names in update requests it sends. [RT #20928]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2854. [func] dig: allow the final soa record in a axfr response to
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk be suppressed, dig +onesoa. [RT #20929]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2851. [doc] nslookup.1, removed <informalexample> from the docbook
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk source as it produced bad nroff. [RT #21007]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2850. [bug] If isc_heap_insert() failed due to memory shortage
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk the heap would have corrupted entries. [RT #20951]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2849. [bug] Don't treat errors from the xml2 library as fatal.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #20945]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2848. [doc] Moved README.dnssec, README.libdns, README.pkcs11 and
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk README.rfc5011 into the ARM. [RT #20899]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2846. [bug] EOF on unix domain sockets was not being handled
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk correctly. [RT #20731]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2845. [bug] RFC 5011 client could crash on shutdown. [RT #20903]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2844. [doc] notify-delay default in ARM was wrong. It should have
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk been five (5) seconds.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2843. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk creating key files if there is a chance that the new
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk key ID will collide with an existing one after
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk either of the keys has been revoked. (To override
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk this in the case of dnssec-keyfromlabel, use the -y
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk option. dnssec-keygen will simply create a
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk different, non-colliding key, so an override is
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk not necessary.) [RT #20838]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2842. [func] Added "smartsign" and improved "autosign" and
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk "dnssec" regression tests. [RT #20865]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2841. [bug] Change 2836 was not complete. [RT #20883]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2840. [bug] Temporary fixed pkcs11-destroy usage check.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk [RT #20760]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2839. [bug] A KSK revoked by named could not be deleted.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2838. [placeholder]
f647c0df9fd334b19a5bdc9c252f90d94c0abf1eMark Andrews2837. [port] Prevent Linux spurious warnings about fwrite().
806c235ecf533b98d068b3f8df9d7abbe1e30cf9Mark Andrews2836. [bug] Keys that were scheduled to become active could
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer be delayed. [RT #20874]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2835. [bug] Key inactivity dates were inadvertently stored in
b66b333f59cf51ef87f973084a5023acd9317fb2Evan Hunt the private key file with the outdated tag
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer "Unpublish" rather than "Inactive". This has been
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews fixed; however, any existing keys that had Inactive
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer dates set will now need to have them reset, using
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews 'dnssec-settime -I'. [RT #20868]
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews2834. [bug] HMAC-SHA* keys that were longer than the algorithm
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer digest length were used incorrectly, leading to
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews interoperability problems with other DNS
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer implementations. This has been corrected.
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews (Note: If an oversize key is in use, and
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer compatibility is needed with an older release of
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews BIND, the new tool "isc-hmac-fixup" can convert
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer the key secret to a form that will work with all
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews versions.) [RT #20751]
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime.
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
e18c62b1dab6bf82530a94c00e2320e542f40c3fMark Andrews to avoid redefinition in some OSs [RT 20831]
9b3a69e6a701ffe2fc49fbb750d0761b3a822b37Michael Sawyer2831. [security] Do not attempt to validate or cache
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk out-of-bailiwick data returned with a secure
9b3a69e6a701ffe2fc49fbb750d0761b3a822b37Michael Sawyer answer; it must be re-fetched from its original
d2762d6c3797b1ce43965404d03b410f215932e0Michael Graff source and validated in that context. [RT #20819]
9b3a69e6a701ffe2fc49fbb750d0761b3a822b37Michael Sawyer2830. [bug] Changing the OPTOUT setting could take multiple
9b3a69e6a701ffe2fc49fbb750d0761b3a822b37Michael Sawyer passes. [RT #20813]
806c235ecf533b98d068b3f8df9d7abbe1e30cf9Mark Andrews2829. [bug] Fixed potential node inconsistency in rbtdb.c.
9b3a69e6a701ffe2fc49fbb750d0761b3a822b37Michael Sawyer2828. [security] Cached CNAME or DNAME RR could be returned to clients
d2762d6c3797b1ce43965404d03b410f215932e0Michael Graff without DNSSEC validation. [RT #20737]
9b3a69e6a701ffe2fc49fbb750d0761b3a822b37Michael Sawyer2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
806c235ecf533b98d068b3f8df9d7abbe1e30cf9Mark Andrews2826. [bug] NSEC3->NSEC transitions could fail due to a lock not
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer being released. [RT #20740]
9b3a69e6a701ffe2fc49fbb750d0761b3a822b37Michael Sawyer2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
d2762d6c3797b1ce43965404d03b410f215932e0Michael Graff was in the process of being created was not properly
9b3a69e6a701ffe2fc49fbb750d0761b3a822b37Michael Sawyer recorded in the zone. [RT #20786]
806c235ecf533b98d068b3f8df9d7abbe1e30cf9Mark Andrews2824. [bug] "rndc sign" was not being run by the correct task.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
806c235ecf533b98d068b3f8df9d7abbe1e30cf9Mark Andrews2822. [bug] rbtdb.c:loadnode() could return the wrong result.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2821. [doc] Add note that named-checkconf doesn't automatically
668f8d91db59f4dd89a0b54206f87879354339f5Brian Wellington2820. [func] Handle read access failure of OpenSSL configuration
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer file more user friendly (PKCS#11 engine patch).
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define.
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2818. [cleanup] rndc could return an incorrect error code
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer when a zone was not found. [RT #20767]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
668f8d91db59f4dd89a0b54206f87879354339f5Brian Wellington2816. [bug] previous_closest_nsec() could fail to return
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer data for NSEC3 nodes [RT #29730]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2815. [bug] Exclusively lock the task when freezing a zone.
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2814. [func] Provide a definitive error message when a master
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer zone is not loaded. [RT #20757]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2813. [bug] Better handling of unreadable DNSSEC key files.
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2812. [bug] Make sure updates can't result in a zone with
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer NSEC-only keys and NSEC3 records. [RT #20748]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2811. [cleanup] Add "rndc sign" to list of commands in rndc usage
668f8d91db59f4dd89a0b54206f87879354339f5Brian Wellington output. [RT #20733]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2810. [doc] Clarified the process of transitioning an NSEC3 zone
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer to insecure. [RT #20746]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk2809. [cleanup] Restored accidentally-deleted text in usage output
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer in dnssec-settime and dnssec-revoke [RT #20739]
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews2808. [bug] Remove the attempt to install atomic.h from lib/isc.
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews atomic.h is correctly installed by the architecture
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews specific subdirectories. [RT #20722]
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews2807. [bug] Fixed a possible ASSERT when reconfiguring zone
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson keys. [RT #20720]
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson --- 9.7.0rc1 released ---
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson2806. [bug] "rdnc sign" could delay re-signing the DNSKEY
19c7cce8555ccc0c95455a0c35dedd017d420d05Mark Andrews when it had changed. [RT #20703]
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson2805. [bug] Fixed namespace problems encountered when building
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson external programs using non-exported BIND9 libraries
19c7cce8555ccc0c95455a0c35dedd017d420d05Mark Andrews (i.e., built without --enable-exportlib). [RT #20679]
19c7cce8555ccc0c95455a0c35dedd017d420d05Mark Andrews2804. [bug] Send notifies when a zone is signed with "rndc sign"
19c7cce8555ccc0c95455a0c35dedd017d420d05Mark Andrews or as a result of a scheduled key change. [RT #20700]
19c7cce8555ccc0c95455a0c35dedd017d420d05Mark Andrews2803. [port] win32: Install named-journalprint, nsec3hash, arpaname
19c7cce8555ccc0c95455a0c35dedd017d420d05Mark Andrews and genrandom under windows. [RT #20670]
19c7cce8555ccc0c95455a0c35dedd017d420d05Mark Andrews2802. [cleanup] Rename journalprint to named-journalprint. [RT #20670]
19c7cce8555ccc0c95455a0c35dedd017d420d05Mark Andrews2801. [func] Detect and report records that are different according
19c7cce8555ccc0c95455a0c35dedd017d420d05Mark Andrews to DNSSEC but are semantically equal according to plain
5bd76af084edfdcd1cb4db9453ac781d32dde6f7Mark Andrews DNS. Apply plain DNS comparisons rather than DNSSEC
5bd76af084edfdcd1cb4db9453ac781d32dde6f7Mark Andrews comparisons when processing UPDATE requests.
5bd76af084edfdcd1cb4db9453ac781d32dde6f7Mark Andrews dnssec-signzone now removes such semantically duplicate
5bd76af084edfdcd1cb4db9453ac781d32dde6f7Mark Andrews records prior to signing the RRset.
5bd76af084edfdcd1cb4db9453ac781d32dde6f7Mark Andrews named-checkzone -r {ignore|warn|fail} (default warn)
5bd76af084edfdcd1cb4db9453ac781d32dde6f7Mark Andrews named-compilezone -r {ignore|warn|fail} (default warn)
5bd76af084edfdcd1cb4db9453ac781d32dde6f7Mark Andrews named.conf: check-dup-records {ignore|warn|fail};
5bd76af084edfdcd1cb4db9453ac781d32dde6f7Mark Andrews2800. [func] Reject zones which have NS records which refer to
8a4689070a0b13935822e1bb7138d1d2f8ce237bMark Andrews CNAMEs, DNAMEs or don't have address record (class IN
8a4689070a0b13935822e1bb7138d1d2f8ce237bMark Andrews only). Reject UPDATEs which would cause the zone
8a4689070a0b13935822e1bb7138d1d2f8ce237bMark Andrews to fail the above checks if committed. [RT #20678]
8a4689070a0b13935822e1bb7138d1d2f8ce237bMark Andrews2799. [cleanup] Changed the "secure-to-insecure" option to
1d761cb453c76353deb8423c78e98d00c5f86ffaEvan Hunt "dnssec-secure-to-insecure", and "dnskey-ksk-only"
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews2798. [bug] Addressed bugs in managed-keys initialization
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews and rollover. [RT #20683]
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews2797. [bug] Don't decrement the dispatch manager's maxbuffers.
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews2796. [bug] Missing dns_rdataset_disassociate() call in
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews dns_nsec3_delnsec3sx(). [RT #20681]
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews2795. [cleanup] Add text to differentiate "update with no effect"
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews log messages. [RT #18889]
1d761cb453c76353deb8423c78e98d00c5f86ffaEvan Hunt2794. [bug] Install <isc/namespace.h>. [RT #20677]
1d761cb453c76353deb8423c78e98d00c5f86ffaEvan Hunt2793. [func] Add "autosign" and "metadata" tests to the
1d761cb453c76353deb8423c78e98d00c5f86ffaEvan Hunt automatic tests. [RT #19946]
1d761cb453c76353deb8423c78e98d00c5f86ffaEvan Hunt2792. [func] "filter-aaaa-on-v4" can now be set in view
1d761cb453c76353deb8423c78e98d00c5f86ffaEvan Hunt options (if compiled in). [RT #20635]
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews2791. [bug] The installation of isc-config.sh was broken.
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews2790. [bug] Handle DS queries to stub zones. [RT #20440]
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews2788. [bug] dnssec-signzone could sign with keys that were
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews not requested [RT #20625]
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews2787. [bug] Spurious log message when zone keys were
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews dynamically reconfigured. [RT #20659]
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews2786. [bug] Additional could be promoted to answer. [RT #20663]
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews --- 9.7.0b3 released ---
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews2785. [bug] Revoked keys could fail to self-sign [RT #20652]
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews2784. [bug] TC was not always being set when required glue was
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews dropped. [RT #20655]
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews buffer size of 512 or less. [RT #20654]
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews2782. [port] win32: use getaddrinfo() for hostname lookups.
8a4689070a0b13935822e1bb7138d1d2f8ce237bMark Andrews2781. [bug] Inactive keys could be used for signing. [RT #20649]
5fa46bc91672ef5737aee6f99763161511566c24Tinderbox User2780. [bug] dnssec-keygen -A none didn't properly unset the
8a4689070a0b13935822e1bb7138d1d2f8ce237bMark Andrews activation date in all cases. [RT #20648]
5fa46bc91672ef5737aee6f99763161511566c24Tinderbox User2779. [bug] Dynamic key revocation could fail. [RT #20644]
8a4689070a0b13935822e1bb7138d1d2f8ce237bMark Andrews2778. [bug] dnssec-signzone could fail when a key was revoked
8a4689070a0b13935822e1bb7138d1d2f8ce237bMark Andrews without deleting the unrevoked version. [RT #20638]
5fa46bc91672ef5737aee6f99763161511566c24Tinderbox User2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews2776. [bug] Change #2762 was not correct. [RT #20647]
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews2775. [bug] Accept RSASHA256 and RSASHA512 as NSEC3 compatible
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews in dnssec-keyfromlabel. [RT #20643]
8a4689070a0b13935822e1bb7138d1d2f8ce237bMark Andrews2774. [bug] Existing cache DB wasn't being reused after
8a4689070a0b13935822e1bb7138d1d2f8ce237bMark Andrews reconfiguration. [RT #20629]
8a4689070a0b13935822e1bb7138d1d2f8ce237bMark Andrews2773. [bug] In autosigned zones, the SOA could be signed
1d761cb453c76353deb8423c78e98d00c5f86ffaEvan Hunt with the KSK. [RT #20628]
8a4689070a0b13935822e1bb7138d1d2f8ce237bMark Andrews2772. [security] When validating, track whether pending data was from
8a4689070a0b13935822e1bb7138d1d2f8ce237bMark Andrews the additional section or not and only return it if
8a4689070a0b13935822e1bb7138d1d2f8ce237bMark Andrews validates as secure. [RT #20438]
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews2771. [bug] dnssec-signzone: DNSKEY records could be
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews corrupted when importing from key files [RT #20624]
8a4689070a0b13935822e1bb7138d1d2f8ce237bMark Andrews2770. [cleanup] Add log messages to resolver.c to indicate events
8a4689070a0b13935822e1bb7138d1d2f8ce237bMark Andrews causing FORMERR responses. [RT #20526]
8a4689070a0b13935822e1bb7138d1d2f8ce237bMark Andrews2769. [cleanup] Change #2742 was incomplete. [RT #19589]
8a4689070a0b13935822e1bb7138d1d2f8ce237bMark Andrews2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2767. [bug] named could crash on startup if a zone was
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews configured with auto-dnssec and there was no
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews key-directory. [RT #20615]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2766. [bug] isc_socket_fdwatchpoke() should only update the
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews socketmgr state if the socket is not pending on a
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews read or write. [RT #20603]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2765. [bug] Skip masters for which the TSIG key cannot be found.
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2764. [bug] "rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2763. [bug] "rndc sign" didn't create an NSEC chain. [RT #20591]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2762. [bug] DLV validation failed with a local slave DLV zone.
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2761. [cleanup] Enable internal symbol table for backtrace only for
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews systems that are known to work. Currently, BSD
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews variants, Linux and Solaris are supported. [RT #20202]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2759. [doc] Add information about .jbk/.jnw files to
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews the ARM. [RT #20303]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2758. [bug] win32: Added a workaround for a windows 2008 bug
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews that could cause the UDP client handler to shut
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews down. [RT #19176]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2757. [bug] dig: assertion failure could occur in connect
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews timeout. [RT #20599]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2756. [bug] Fixed corrupt logfile message in update.c. [RT #20597]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2755. [placeholder]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2754. [bug] Secure-to-insecure transitions failed when zone
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews was signed with NSEC3. [RT #20587]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2753. [bug] Removed an unnecessary warning that could appear when
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews building an NSEC chain. [RT #20589]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2752. [bug] Locking violation. [RT #20587]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2751. [bug] Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2750. [bug] dig: assertion failure could occur when a server
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews didn't have an address. [RT #20579]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2749. [bug] ixfr-from-differences generated a non-minimal ixfr
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews for NSEC3 signed zones. [RT #20452]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2748. [func] Identify bad answers from GTLD servers and treat them
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews as referrals. [RT #18884]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2747. [bug] Journal roll forwards failed to set the re-signing
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews time of RRSIGs correctly. [RT #20541]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2746. [port] hpux: address signed/unsigned expansion mismatch of
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2745. [bug] configure script didn't probe the return type of
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews gai_strerror(3) correctly. [RT #20573]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2744. [func] Log if a query was over TCP. [RT #19961]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews for a insecure delegation.
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews --- 9.7.0b2 released ---
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2742. [cleanup] Clarify some DNSSEC-related log messages in
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2741. [func] Allow the dnssec-keygen progress messages to be
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews suppressed (dnssec-keygen -q). Automatically
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews suppress the progress messages when stdin is not
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews a tty. [RT #20474]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2740. [placeholder]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2739. [cleanup] Clean up API for initializing and clearing trust
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews anchors for a view. [RT #20211]
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system
4adf97c32fcca7d00e5756607fd045f2aab9c3d4Mark Andrews test. [RT #20453]
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews2737. [func] UPDATE requests can leak existence information.
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews2736. [func] Improve the performance of NSEC signed zones with
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews more than a normal amount of glue below a delegation.
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews2735. [bug] dnssec-signzone could fail to read keys
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews that were specified on the command line with
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews full paths, but weren't in the current
c8821d124c532e0a65752b378f924d4259499fd3Mark Andrews directory. [RT #20421]
2725. [doc] Added information about the file "managed-keys.bind"
2719. [func] Skip trusted/managed keys for unsupported algorithms.
2717. [bug] named failed to update the NSEC/NSEC3 record when
2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
2711. [port] win32: Add the bin/pkcs11 tools into the full
by the named.conf option 'secure-to-insecure'.
(i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
2699. [bug] Missing lock in rbtdb.c. [RT #20037]
S_IFREG are defined after including <isc/stat.h>.
2695. [func] DHCP/DDNS - update fdwatch code for use by
2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
2679. [func] dig -k can now accept TSIG keys in named.conf
- New "inactive" date (dnssec-keygen/settime -I)
2673. [bug] The managed-keys.bind zone file could fail to
2664. [bug] create_keydata() and minimal_update() in zone.c
applications. See README.libdns. [RT #19369]
2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
2632. [func] util/kit.sh: warn if documentation appears to be out of
2628. [port] linux: Allow /var/run/named/named.pid to be opened
2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
2617. [bug] ifconfig.sh failed to emit an error message when
2616. [bug] 'host' used the nameservers from resolv.conf even
configuration text for named.conf
from a NSEC3 signed master/slave zone. [RT #19464]
2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
2590. [func] Report zone/class of "update with no effect".
2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
of "dnssec-lookaside . trust-anchor dlv.isc.org;"
plus setting a trusted-key for dlv.isc.org.
by) $sysconfdir/bind.keys. As the ISC DLV key
the bind.keys file with a key downloaded from
https://www.isc.org/solutions/dlv. [RT #18685]
2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
2548. [bug] Install iterated_hash.h. [RT #19335]
2547. [bug] openssl_link.c:mem_realloc() could reference an
2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
2538. [bug] cache/ADB memory could grow over max-cache-size,
2519. [bug] dig/host with -4 or -6 didn't work if more than two
preceded in resolv.conf. [RT #19081]
document function in <isc/radix.h>. [RT #18534]
2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
are now /var/run/named/named.pid and
/var/run/lwresd/lwresd.pid respectively.
2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
specified in named.conf doesn't seem to work with
2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
2455. [bug] Stop metadata being transferred via axfr/ixfr.
2452. [func] Improve bin/test/journalprint. [RT #18316]
epoll and /dev/poll to be selected at compile
completion event send out canceled read/write
in rbtdb.c. [RT #18455]
2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
temporary, named.conf option reserved-sockets,
assertion in acl.c. [RT #18166]
2390. [bug] dispatch.c could make a false warning on 'odd socket'.
2387. [bug] Silence compiler warnings in lib/isc/radix.c.
2385. [bug] A condition variable in socket.c could leak in
2381. [port] dlz/mysql: support multiple install layouts for
mysql. <prefix>/include/{,mysql/}mysql.h and
2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
Documentation is in the new README.pkcs11 file.
were set at both the options/view level and in
named.conf. [RT #17581]
See <isc/mem.h> for details.
2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
rbtdb.c. Implement dead node processing in zones as
lib/dns/rdata/in_1/apl_42.c. [RT #17469]
2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
addresses in acl.c. [RT #17519]
bin/named/lwdnoop.c. [RT #17476]
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
debug/fatal messages. [RT #17501]
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
2306. [bug] Remove potential race from lib/dns/resolver.c.
2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
bin/tests/system/lwresd/lwtest.c. [RT #17474]
bin/tests/names/t_names.c. [RT #17473]
bin/nsupdate/nsupdate.c. [RT #17475]
bin/tests/timers/t_timers.c. [RT #17468]
bin/tests/dst/t_dst.c. [RT #17467]
2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
2276. [bug] Install <dst/gssapi.h>. [RT #17359]
stub/slave master and journal files. [RT #17279]
2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
2266. [bug] client.c:get_clientmctx() returned the same mctx
2257. [bug] win32: Use the full path to vcredist_x86.exe when
bindevt.dll. [RT #17159]
2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
2254. [bug] timer.c:dispatch() failed to lock timer->lock
2247. [doc] Sort doc/misc/options. [RT #17067]
2246. [bug] Make the startup of test servers (ans.pl) more
2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
If allow-query-cache is not set in named.conf then
If allow-recursion is not set in named.conf then
2194. [bug] Close journal before calling 'done' in xfrin.c.
2193. [port] win32: BINDInstall.exe is now linked statically.
2192. [port] win32: use vcredist_x86.exe to install Visual
2184. [bug] bind9.xsl.h didn't build out of the source tree.
2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
need to ship Microsoft.VC80.MFCLOC.
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
Fix a memory leak in rbtdb.c:free_noqname().
Make lookup.c:lookup_find() robust against
2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
dighost.c:get_trusted_key(). [RT #16678]
hmac_link.c. [RT #16437]
2145. [bug] Check DS/DLV digest lengths for known digests.
2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
in adb.c. [RT #16670]
2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2137. [port] Mips little endian and/or mips 64 bit are now
2136. [bug] nslookup/host looped if there was no search list
2135. [bug] Uninitialized rdataset in sdlz.c. [RT #16656]
2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
2114. [bug] dig/host/nslookup: searches for names with multiple
2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
2103. [port] Add /usr/sfw to list of locations for OpenSSL
2100. [port] win32: copy libeay32.dll to Build\Debug.
2098. [bug] Race in rbtdb.c:no_references(), which occasionally
if resolv.conf does not exist or no nameservers
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
2085. [doc] win32: added index.html and README to zip. [RT #16201]
2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
2080. [port] libbind: res_init.c did not compile on older versions
2076. [bug] Several files were missing #include <config.h>
of authoritative servers that drop EDNS and/or CD
2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
2043. [port] nsupdate/nslookup: Force the flushing of the prompt
2038. [bug] dig/nslookup/host was unlinking from wrong list
a non slave/stub zone. [RT # 16073]
2028. [port] linux: socket.c compatibility for old systems.
2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
2008. [func] It is now possible to enable/disable DNSSEC
breaks DNSSEC (firewall/proxy). [RT #15592]
2003. [bug] libbind: The DNS name/address lookup functions could
1988. [bug] Remove a bus error from the SHA256/SHA512 support.
1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
1981. [bug] win32: condition.c:wait() could fail to reattain
1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
now be set in named.conf (max-udp-size). This is
xfrin.c:maybe_free() if named ran out of memory.
1944. [cleanup] isc_hash_create() does not need a read/write lock.
1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
1922. [bug] check-tool.c:setup_logging() missing call to
1919. [contrib] queryperf: a set of new features: collecting/printing
'RD' was set in the query. host/nslookup skip servers
1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
1866. [bug] resolv.conf parse errors were being ignored by
dig/host/nslookup. [RT #14841]
1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
when CFLAGS contains "-I /usr/local/include"
1839. [bug] <isc/hash.h> was not being installed.
1836. [cleanup] Silence compiler warnings in hash_test.c.
1834. [bug] Bad memset in rdata_test.c. [RT #13658]
rbtdb.c:subtractrdataset(). [RT #13519]
option in named.conf can be used to specify a
1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
1810. [bug] configure, lib/bind/configure make different default
1808. [bug] zone.c:notify_zone() contained a race condition,
1788. [bug] libbind9.la/libbind9.so needs to link against
1785. [bug] libbind9.la/libbind9.so needs to link against
1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
file clause for rbt{64} master/hint zones. [RT #13009]
1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
1748. [func] dig now returns the byte count for axfr/ixfr.
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
1745. [bug] Dig/host/nslookup accept replies from link locals
1731. [port] darwin: relax version test in ifconfig.sh.
1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
1717. [port] solaris: ifconfig.sh did not support Solaris 10.
"ifconfig.sh down" didn't work for Solaris 9.
1716. [doc] named.conf(5) was being installed in the wrong
1714. [bug] dig/host/nslookup were only trying the first
1707. [contrib] sdb/ldap updated to version 1.0-beta.
1705. [func] Allow the journal's name to be changed via named.conf.
"#include <isc/print.h>". [RT #12321]
1701. [doc] A minimal named.conf man page.
are defined in named.conf. [RT #12023]
/usr/lib. [RT #11971]
1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
adb.c:set_target(). [RT #11582]
1648. [func] Update dnssec-lookaside named.conf syntax to support
1625. [bug] named failed to load/transfer RFC2535 signed zones
1612. [bug] check-names at the option/view level could trigger
1599. [bug] Fix memory leak on error path when checking named.conf.
DNSSEC specify "dnssec-enable yes;" in named.conf.
1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
1566. [port] Support for the cmsg framework on Solaris and HP/UX.
were specified in /etc/resolv.conf. [RT #8232]
1551. [port] Open "/dev/null" before calling chroot().
1532. [port] netbsd: the configure test for <sys/sysctl.h>
requires <sys/param.h>.
1517. [port] Support for IPv6 interface scanning on HP/UX and
only (e.g. DE, LV, US and MUSEUM) these can be excluded
1503. [port] win32: install libeay32.dll outside of system32.
named.conf, tcp-listen-queue.
1498. [port] bsdos: 5.x support.
1478. [port] ifconfig.sh didn't account for other virtual
1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
doc/misc/options. [RT #5616]
via named.conf (edns-udp-size).
1425. [port] linux/libbind: define __USE_MISC when testing *_r()
function prototypes in netdb.h. [RT #4921]
1422. [func] Log name/type/class when denying a query. [RT #4663]
1419. [port] openbsd: use /dev/arandom. [RT #4950]
1417. [func] ID.SERVER/CHAOS is now a built in zone.
1410. [func] Handle records that live in the parent zone, e.g. DS.
1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
'recursing-file = "named.recursing";'.
1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
1353. [contrib] sdb/ldap to version 0.9.
in socket.c and eliminating a host of socket
1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
1336. [func] Nibble lookups under IP6.ARPA are now supported by
1334. [bug] When signing/verifying rdatasets, duplicate rdatas
1326. [bug] DNAME/CNAME signatures were not being cached when
1324. [port] darwin: ifconfig.sh now supports darwin.
1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
1276. [bug] libbind: const pointer conflicts in res_debug.c.
1269. [port] Openserver: ifconfig.sh support.
<sys/param.h> is included or not. Be consistent.
1247. [bug] Don't reset the interface index for link/site local
1234. [bug] contrib/sdb: 'zonetodb' failed to call
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
at the named.conf checking stage. [RT #2431]
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
lib/dns to use this function instead of local one.
occurs when parsing named.conf. [RT #2275]
1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
1145. [func] "host" no longer reports a NOERROR/NODATA response
named/lwresd at compile time. [RT #1982]
1119. [func] Added support in Win32 for NTFS file/directory ACL's
could cause an assertion failure in resolver.c
violation in adb.c. [RT #2017]
1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
1088. [port] libbind: MPE/iX C.70 (incomplete)
on load/reload if views were used. [RT #1947]
1041. [bug] Dig/host/nslookup could catch an assertion failure
1032. [func] hostname.bind/txt/chaos now returns the name of
1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
1030. [bug] On systems with no resolv.conf file, nsupdate
1029. [bug] Some named.conf errors did not cause the loading
1002. [bug] When reporting an unknown class name in named.conf,
972. [bug] The file modification time code in zone.c was using the
non-existent nlist.h. [RT #1640]
957. [bug] sys/select.h inclusion was broken on older platforms.
in named/win32/os.c due to code changes in
updated to add include path for os.h header.
953. [func] The /var/run/named.key file from change #843
has been replaced by /etc/rndc.key. Both
method (rndc.conf / controls). Unlike
bin/tests. [RT #1555].
946. [cleanup] doc/misc/options is now machine-generated from the
when installing isc-config.sh.
were not accepted in named.conf. [RT #1469]
and added lib/isc/win32/entropy.c.
900. [bug] A config.guess update changed the system identification
bin/tests/system/ifconfig.sh now recognize the new
899. [bug] lib/dns/soa.c failed to compile on many platforms
897. [bug] A config.guess update changed the system identification
to Darwin. This was derived from the config.guess
849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
just as <lwres/net.h> does.
843. [func] If no controls statement is present in named.conf,
generated by named and an rndc.conf-style file
named named.key will be written that uses it. rndc
838. [port] UnixWare 7.x.x is now suported by
833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
<dns/soa.h>, and extended them to support
832. [bug] The default location for named.conf in named-checkconf
825. [bug] zone.c:ns_query() detached from the wrong zone
character (i.e. "/") in its name and the directory
down-cased when signing/verifying records. [RT #1186]
in rndc.conf.
786. [bug] When DNSSEC signing/verifying data, owner names were
755. [bug] Fix incorrectly formatted log messages in zone.c.
748. [doc] List supported RFCs in doc/misc/rfc-compliance.
739. [port] Look for /dev/random in configure, rather than
737. [port] stdtime.c failed to compile on certain platforms.
dispatch.c:do_cancel(). [RT #733]
718. [cleanup] "internal" is no longer a reserved word in named.conf.
failure in adb.c. [RT #738]
703. [port] sys/select.h is needed on older platforms. [RT #695]
702. [func] If the address 0.0.0.0 is seen in resolv.conf,
693. [bug] An empty lwres statement in named.conf caused
685. [bug] nslookup should use the search list/domain options
from resolv.conf by default. [RT #405, #630]
646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
for syntax checking named.conf files and zone files,
604. [bug] The named.conf parser could print incorrect line
577. [func] Log illegal RDATA combinations. e.g. multiple
570. [bug] rbtdb.c allowed zones containing nodes which had
568. [func] Add sample simple database drivers in contrib/sdb.
of rdata type/class mnemonics in log messages.
516. [bug] Cache lookups which had a NULL node pointer, e.g.
DNAME, would trigger an INSIST(!search.need_cleanup)
490. [func] When a slave/stub zone has not yet successfully
from the named.conf "listen-on" statement, sockets
477. [bug] The the isc-config.sh script could be installed before
471. [bug] nsupdate didn't compile on HP/UX 10.20
and subsequent name servers in resolv.conf if the
457. [bug] Dig/host/hslookup didn't properly handle connect
documented as such in named.conf. [RT #304, RT #311]
is specified in named.conf. [RT #306]
is specified in named.conf. [RT #301]
432. [func] Added refresh/retry jitter. The actual refresh/
428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
(e.g. glue). This could cause SERVFAILs when
e.g. due to corrupt zones with multiple SOA records.
an argc/argv style vector of words and sets
view/global one for CNAME targets and additional
369. [func] Support new named.conf options, view and zone
the distribution, in doc/man/dnssec.
353. [bug] double increment in lwres/gethost.c:copytobuf().
348. [func] New boolean named.conf options 'additional-from-auth'
345. [bug] Large-scale changes/cleanups to dig:
341. [func] Support 'key' clause in named.conf zone masters
327. [bug] rndc.conf parser wasn't correctly recognizing an IP
320. [func] Multiple rndc changes: parses an rndc.conf file,
319. [func] The named.conf "controls" statement is now used
314. [func] The named.conf controls statement can now have
313. [bug] When parsing resolv.conf, don't terminate on an
resolv.conf search path from 6 to 8. If there
resolv.conf was empty or a comment.
310. [func] Changes to named.conf "controls" statement (inet
are listed in resolv.conf, silently ignore them
each library's ipv6.h defines the wrapper symbol of
any $sbindir/dig from a previous release.)
that lack /dev/random.
280. [func] Add isc-config.sh, which can be used to more
two or more files in libomapi.a were not namespace
278. [bug] bin/named/logconf.c:category_fromconf() didn't take
266. [bug] zone.c:save_nsrrset() node was not initialized.
262. [bug] 'master' was not initialized in zone.c:stub_callback().
for global options block of named.conf. Both accept
258. [bug] Fixed printing of lwres_addr_t.address field.
256. [func] isc_ratelimiter_t now has attach/detach semantics, and
253. [func] resolv.conf parser now recognizes ';' and '#' as
252. [bug] resolv.conf parser mishandled masks on sortlists.
244. [bug] empty named.conf file and empty options statement are
243. [func] new cachesize option for named.conf
+ missing sigwait prototype on BSD/OS 4.0/4.0.1.
BSD/OS 4.*, Linux and Solaris 2.8.
230. [func] Replace the dst sign/verify API with a cleaner one.
from confparser.c, because of yacc's code, are
212. [func] Added dns_message_get/settsigkey, to make TSIG
compiling in the lib/dns/sec/{dnssafe,openssl}
204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
run on a PA 1.x system."
201. [cleanup] Removed the test/sdig program, it has been
replaced by bin/dig/dig.
(e.g., running out of network buffers) were
and/or interfaces. [19-May-2000 explorer]
191. [func] Patched to compile on UnixWare 7.x. This platform
range for overflow/underflow. In the case of
184. [cleanup] Variables/functions which began with two leading
underscores were made to conform to the ANSI/ISO
179. [func] options named.conf statement *must* now come
178. [func] Post-load of named.conf check verifies a slave zone
168. [bug] include statements in named.conf caused syntax errors
162. [bug] Ensure proper range for arguments to ctype.h functions.
masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
util/check-includes for how this was tested.
145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
<isc/result.h>.
of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
need <isc/eventclass.h>.
instead of <isc/time.h>.
128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
and creates null keys/sets zone status bit for
<isc/result.h>.
<isc/result.h>. Multiple inclusion protection
isc_symtab_t moved to <isc/types.h>.
<isc/net.h>.
118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
117. [cleanup] libdns.a changes:
116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
<isc/list.h>.
<isc/mutex.h>.
<isc/list.h>.
bin/tests/{db,mem,sockaddr,tasks,timers}/.
108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
105. [doc] doc/dev/coding.html expanded with other
103. [func] libisc buffer API changes for <isc/buffer.h>:
on BSD/OS 4.1.
101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
<isc/event.h>.
or <isc/result.h>.
<isc/result.h>.
90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
from <named/listenlist.h>.
<isc/mem.h>. isc_interface_t and isc_interfaceiter_t
moved to <isc/types.h>.
86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
<isc/types.h>.
<isc/int.h>.
<isc/lang.h>.
subsumed by file.o.
OpenSSL libraries/headers.
from <dns/types.h>.
59. [bug] Cause net/host unreachable to be a hard error
58. [bug] bin/named/query.c could sometimes trigger the
(client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
<sys/param.h>.
logging module "dns/validator".
and isc_lex_t to <isc/types.h>.
31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
25. [bug] make install failed to install <isc/log.h> and
configure.in to check for presence of in6addr_any.
9. [cleanup] replaced bit-setting code in confctx.c and replaced
4. [port] bin/named/unix/os.c didn't compile on systems with
get only what we need from <linux/capability.h>, and
systems without /dev/random.
lib/isc/unix/include/isc/Makefile.in had a typo which