CHANGES revision 0d7548ee341c83c540624a423e2c701b6e9ddc4e
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4593. [doc] Update README using markdown, remove outdated FAQ
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina file in favor of the knowledge base.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4592. [bug] A race condition on shutdown could trigger an
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina assertion failure in dispatch.c. [RT #43822]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4591. [port] Addressed some python 3 compatibility issues.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina Thanks to Ville Skytta. [RT #44955] [RT #44956]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4590. [bug] Support for PTHREAD_MUTEX_ADAPTIVE_NP was not being
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina properly detected. [RT #44871]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4589. [cleanup] "configure -q" is now silent. [RT #44829]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4588. [bug] nsupdate could send queries for TKEY to the wrong
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina server when using GSSAPI. Thanks to Tomas Hozza.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4587. [bug] named-checkzone failed to handle occulted data below
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina DNAMEs correctly. [RT #44877]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4586. [func] dig, host and nslookup now use TCP for ANY queries.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4585. [port] win32: Set CompileAS value. [RT #42474]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4584. [bug] A number of memory usage statistics were not properly
2a45f13e3139063d3a5842119e7377c8c98aea1dPavel Březina reported when they exceeded 4G. [RT #44750]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4574. [bug] Dig leaked memory with multiple +subnet options.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina --- 9.11.1 released ---
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina --- 9.11.1rc3 released ---
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4582. [security] 'rndc ""' could trigger a assertion failure in named.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina (CVE-2017-3138) [RT #44924]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4581. [port] Linux: Add getpid and getrandom to the list of system
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina calls named uses for seccomp. [RT #44883]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4580. [bug] 4578 introduced a regression when handling CNAME to
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina referral below the current domain. [RT #44850]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina --- 9.11.1rc2 released ---
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4578. [security] Some chaining (CNAME or DNAME) responses to upstream
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina queries could trigger assertion failures.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina (CVE-2017-3137) [RT #44734]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4575. [security] DNS64 with "break-dnssec yes;" can result in an
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina assertion failure. (CVE-2017-3136) [RT #44653]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina --- 9.11.1rc1 released ---
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4571. [bug] Out-of-tree builds of backtrace_test failed.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4570. [cleanup] named did not correctly fall back to the built-in
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina initializing keys if the bind.keys file was present
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina but empty. [RT #44531]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4569. [func] Store both local and remote addresses in dnstap
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina logging, and modify dnstap-read output format to
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina print them. [RT #43595]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4568. [contrib] Added a --with-bind option to the dnsperf configure
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina script to specify BIND prefix path.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4567. [port] Call getprotobyname and getservbyname prior to calling
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina chroot so that shared libraries get loaded. [RT #44537]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4565. [cleanup] The inline macro versions of isc_buffer_put*()
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina did not implement automatic buffer reallocation.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4564. [maint] Update the built in managed keys to include the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina upcoming root KSK. [RT #44579]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4563. [bug] Modified zones would occasionally fail to reload.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4561. [port] Silence a warning in strict C99 compilers. [RT #44414]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4560. [bug] mdig: add -m option to enable memory debugging rather
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina than having it on all the time. [RT #44509]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4559. [bug] openssl_link.c didn't compile if ISC_MEM_TRACKLINES
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina was turned off. [RT #44509]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4558. [bug] Synthesised CNAME before matching DNAME was still
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina being cached when it should not have been. [RT #44318]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4557. [security] Combining dns64 and rpz can result in dereferencing
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina a NULL pointer (read). (CVE-2017-3135) [RT#44434]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4554. [bug] Remove double unlock in dns_dispatchmgr_setudp.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4553. [bug] Named could deadlock there were multiple changes to
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina NSEC/NSEC3 parameters for a zone being processed at
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina the same time. [RT #42770]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4552. [bug] Named could trigger a assertion when sending notify
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina messages. [RT #44019]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4551. [test] Add system tests for integrity checks of MX and
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina SRV records. [RT #43953]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4550. [cleanup] Increased the number of available master file
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina output style flags from 32 to 64. [RT #44043]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4547. [port] Add support for --enable-native-pkcs11 on the AEP
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina Keyper HSM. [RT #42463]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina --- 9.11.1b1 released ---
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4545. [func] Expand YAML output from dnstap-read to include
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina a detailed breakdown of the DNS message contents.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4544. [bug] Add message/payload size to dnstap-read YAML output.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4543. [bug] dns_client_startupdate now delays sending the update
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina request until isc_app_ctxrun has been called.
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek4541. [bug] rndc addzone should properly reject non master/slave
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina zones. [RT #43665]
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek4540. [bug] Correctly handle ecs entries in dns_acl_isinsecure.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4539. [bug] Referencing a nonexistent zone with RPZ could lead
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina to a assertion failure when configuring. [RT #43787]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4538. [bug] Call dns_client_startresolve from client->task.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4537. [bug] Handle timeouts better in dig/host/nslookup. [RT #43576]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4536. [bug] ISC_SOCKEVENTATTR_USEMINMTU was not being cleared
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina when reusing the event structure. [RT #43885]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4535. [bug] Address race condition in setting / testing of
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina DNS_REQUEST_F_SENDING. [RT #43889]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4533. [bug] dns_client_update should terminate on prerequisite
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina failures (NXDOMAIN, YXDOMAIN, NXRRSET, YXRRSET)
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina and also on BADZONE. [RT #43865]
df9e9a1f9b7dc255eb62c390163c25917b08f5a2Lukas Slebodnik4532. [contrib] Make gen-data-queryperf.py python 3 compatible.
df9e9a1f9b7dc255eb62c390163c25917b08f5a2Lukas Slebodnik4531. [security] 'is_zone' was not being properly updated by redirect2
df9e9a1f9b7dc255eb62c390163c25917b08f5a2Lukas Slebodnik and subsequently preserved leading to an assertion
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina failure. (CVE-2016-9778) [RT #43837]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4530. [bug] Change 4489 broke the handling of CNAME -> DNAME
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina in responses resulting in SERVFAIL being returned.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4529. [cleanup] Silence noisy log warning when DSCP probe fails
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina due to firewall rules. [RT #43847]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4528. [bug] Only set the flag bits for the i/o we are waiting
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina for on EPOLLERR or EPOLLHUP. [RT #43617]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4526. [doc] Corrected errors and improved formatting of
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina grammar definitions in the ARM. [RT #43739]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4525. [doc] Fixed outdated documentation on managed-keys.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4524. [bug] The net zero test was broken causing IPv4 servers
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina with addresses ending in .0 to be rejected. [RT #43776]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4523. [doc] Expand config doc for <querysource4> and
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina <querysource6>. [RT #43768]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4522. [bug] Handle big gaps in log file version numbers better.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4521. [cleanup] Log it as an error if an entropy source is not
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina found and there is no fallback available. [RT #43659]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4520. [cleanup] Alphabetize more of the grammar when printing it
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina out. Fix unbalanced indenting. [RT #43755]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4519. [port] win32: handle ERROR_MORE_DATA. [RT #43534]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4517. [security] Named could mishandle authority sections that were
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina missing RRSIGs triggering an assertion failure.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina (CVE-2016-9444) [RT # 43632]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4516. [bug] isc_socketmgr_renderjson was missing from the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina windows build. [RT #43602]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4515. [port] FreeBSD: Find readline headers when they are in
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina edit/readline/ instead of readline/. [RT #43658]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4514. [port] NetBSD: strip -WL, from ld command line. [RT #43204]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4513. [cleanup] Minimum Python versions are now 2.7 and 3.2.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4512. [bug] win32: @GEOIP_INC@ missing from delv.vcxproj.in.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4511. [bug] win32: mdig.exe-BNFT was missing Configure. [RT #43554]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4510. [security] Named mishandled some responses where covering RRSIG
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina records are returned without the requested data
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina resulting in a assertion failure. (CVE-2016-9147)
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4509. [test] Make the rrl system test more reliable on slower
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina machines by using mdig instead of dig. [RT #43280]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4508. [security] Named incorrectly tried to cache TKEY records which
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina could trigger a assertion failure when there was
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina a class mismatch. (CVE-2016-9131) [RT #43522]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4507. [bug] Named could incorrectly log 'allows updates by IP
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina address, which is insecure' [RT #43432]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4505. [port] Use IP_PMTUDISC_OMIT if available. [RT #35494]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4504. [security] Allow the maximum number of records in a zone to
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina be specified. This provides a control for issues
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina raised in CVE-2016-6170. [RT #42143]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4503. [cleanup] "make uninstall" now removes files installed by
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina BIND. (This currently excludes Python files
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina due to lack of support in setup.py.) [RT #42912]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4502. [func] Report multiple and experimental options when printing
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina grammar. [RT #43134]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4500. [bug] Support modifier I64 in isc__print_printf. [RT #43526]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4499. [port] MacOSX: silence deprecated function warning
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina by using arc4random_stir() when available
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina instead of arc4random_addrandom(). [RT #43503]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4498. [test] Simplify prerequisite checks in system tests.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4497. [port] Add support for OpenSSL 1.1.0. [RT #41284]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4496. [func] dig: add +idnout to control whether labels are
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina display in punycode or not. Requires idn support
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina to be enabled at compile time. [RT #43398]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4495. [bug] A isc_mutex_init call was not being checked.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4494. [bug] Look for <editline/readline.h>. [RT #43429]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4493. [bug] bin/tests/system/dyndb/driver/Makefile.in should use
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina SO_TARGETS. [RT# 43336]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4492. [bug] irs_resconf_load failed to initialize sortlistnxt
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina causing bad writes if resolv.conf contained a
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina sortlist directive. [RT #43459]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4491. [bug] Improve message emitted when testing whether sendmsg
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina works with TOS/TCLASS fails. [RT #43483]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4490. [maint] Added AAAA (2001:500:12::d0d) for G.ROOT-SERVERS.NET.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4489. [security] It was possible to trigger assertions when processing
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina a response containing a DNAME answer. (CVE-2016-8864)
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4488. [port] Darwin: use -framework for Kerberos. [RT #43418]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4487. [test] Make system tests work on Windows. [RT #42931]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4486. [bug] Look in $prefix/lib/pythonX.Y/site-packages for
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina the python modules we install. [RT #43330]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4485. [bug] Failure to find readline when requested should be
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina fatal to configure. [RT #43328]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4484. [func] Check prefixes in acls to make sure the address and
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina prefix lengths are consistent. Warn only in
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina BIND 9.11 and earlier. [RT #43367]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4483. [bug] Address use before require check and remove extraneous
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina dns_message_gettsigkey call in dns_tsig_sign.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4482. [cleanup] Change #4455 was incomplete. [RT #43252]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4478. [func] Add +continue option to mdig, allow continue on socket
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina errors. [RT #43281]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4477. [test] Fix mkeys test timing issues. [RT #41028]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4476. [test] Fix reclimit test on slower machines. [RT #43283]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4475. [doc] Update named-checkconf documentation. [RT #43153]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4474. [bug] win32: call WSAStartup in fromtext_in_wks so that
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina getprotobyname and getservbyname work. [RT #43197]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4473. [bug] Only call fsync / _commit on regular files. [RT #43196]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4472. [bug] Named could fail to find the correct NSEC3 records when
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina a zone was updated between looking for the answer and
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina looking for the NSEC3 records proving nonexistence
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina of the answer. [RT #43247]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina --- 9.11.0 released ---
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina --- 9.11.0rc3 released ---
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4471. [cleanup] Render client/query logging format consistent for
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina ease of log file parsing. (Note that this affects
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina "querylog" format: there is now an additional field
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina indicating the client object address.) [RT #43238]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4470. [bug] Reset message with intent parse before
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina calling dns_dispatch_getnext. [RT #43229]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina --- 9.11.0rc2 released ---
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4468. [bug] Address ECS option handling issues. [RT #43191]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4467. [security] It was possible to trigger an assertion when
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina rendering a message. (CVE-2016-2776) [RT #43139]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4466. [bug] Interface scanning didn't work on a Windows system
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina without a non local IPv6 addresses. [RT #43130]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4465. [bug] Don't use "%z" as Windows doesn't support it.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4464. [bug] Fix windows python support. [RT #43173]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4463. [bug] The dnstap system test failed on some systems.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4462. [bug] Don't describe a returned EDNS COOKIE as "good"
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina when there isn't a valid server cookie. [RT #43167]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4461. [bug] win32: not all external data was properly marked
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina as external data for windows dll. [RT #43161]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina --- 9.11.0rc1 released ---
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4460. [test] Add system test for dnstap using unix domain sockets.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4459. [bug] TCP client objects created to handle pipeline queries
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina were not cleaned up correctly, causing uncontrolled
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina memory growth. [RT #43106]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4458. [cleanup] Update assertions to be more correct, and also remove
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina use of a reserved word. [RT #43090]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4457. [maint] Added AAAA (2001:500:a8::e) for E.ROOT-SERVERS.NET.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4456. [doc] Add DOCTYPE and lang attribute to <html> tags.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4455. [cleanup] Allow dyndb modules to correctly log the filename
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina and line number when processing configuration text
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina from named.conf. [RT #43050]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4454. [bug] 'rndc dnstap -reopen' had a race issue. [RT #43089]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4453. [bug] Prefetching of DS records failed to update their
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina RRSIGs. [RT #42865]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4452. [bug] The default key manager policy file is now
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina <sysdir>/dnssec-policy.conf (usually
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4451. [cleanup] Log more useful information if a PKCS#11 provider
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina library cannot be loaded. [RT #43076]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4450. [port] Provide more nuanced HSM support which better matches
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina the specific PKCS11 providers capabilities. [RT #42458]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4449. [test] Fix catalog zones test on slower systems. [RT #42997]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4448. [bug] win32: ::1 was not being found when iterating
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina interfaces. [RT #42993]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4447. [tuning] Allow the fstrm_iothr_init() options to be set using
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina named.conf to control how dnstap manages the data
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina flow. [RT #42974]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4446. [bug] The cache_find() and _findrdataset() functions
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina could find rdatasets that had been marked stale.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4445. [cleanup] isc_errno_toresult() can now be used to call the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina formerly private function isc__errno2result().
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4444. [bug] Fixed some issues related to dyndb: A bug caused
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina braces to be omitted when passing configuration text
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina from named.conf to a dyndb driver, and there was a
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina use-after-free in the sample dyndb driver. [RT #43050]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4443. [func] Set TCP_MAXSEG in addition to IPV6_USE_MIN_MTU on
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina TCP sockets. [RT #42864]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4442. [bug] Fix RPZ CIDR tree insertion bug that corrupted
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina tree data structure with overlapping networks
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina (longest prefix match was ineffective).
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4441. [cleanup] Alphabetize host's help output. [RT #43031]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4440. [func] Enable TCP fast open support when available on the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina server side. [RT #42866]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4439. [bug] Address race conditions getting ownernames of nodes.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4438. [func] Use LIFO rather than FIFO when processing startup
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina notify and refresh queries. [RT #42825]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4437. [func] Minimal-responses now has two additional modes
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina no-auth and no-auth-recursive which suppress
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina adding the NS records to the authority section
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina as well as the associated address records for the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina nameservers. [RT #42005]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4436. [func] Return TLSA records as additional data for MX and SRV
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina lookups. [RT #42894]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4435. [tuning] Only set IPV6_USE_MIN_MTU for UDP when the message
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina will not fit into a single IPv4 encapsulated IPv6
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina UDP packet when transmitted over a Ethernet link.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4434. [protocol] Return EDNS EXPIRE option for master zones in addition
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina to slave zones. [RT #43008]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4433. [cleanup] Report an error when passing an invalid option or
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina view name to "rndc dumpdb". [RT #42958]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4432. [test] Hide rndc output on expected failures in logfileconfig
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina system test. [RT #27996]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4431. [bug] named-checkconf now checks the rate-limit clause.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4430. [bug] Lwresd died if a search list was not defined.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina Found by 0x710DDDD At Alibaba Security. [RT #42895]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4429. [bug] Address potential use after free on fclose() error.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4428. [bug] The "test dispatch getnext" unit test could fail
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina in a threaded build. [RT #42979]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4427. [bug] The "query" and "response" parameters to the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina "dnstap" option had their functions reversed.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina --- 9.11.0b3 released ---
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4426. [bug] Addressed Coverity warnings. [RT #42908]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4425. [bug] arpaname, dnstap-read and named-rrchecker were not
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina being installed into ${prefix}/bin. Tidy up
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina installation issues with CHANGE 4421. [RT #42910]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4424. [experimental] Named now sends _ta-XXXX.<trust-anchor>/NULL queries
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina to provide feedback to the trust-anchor administrators
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina about how key rollovers are progressing as per
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina draft-ietf-dnsop-edns-key-tag-02. This can be
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina disabled using 'trust-anchor-telemetry no;'.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4423. [maint] Added missing IPv6 address 2001:500:84::b for
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4422. [port] Silence clang warnings in dig.c and dighost.c.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4421. [func] When built with LMDB (Lightning Memory-mapped
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina Database), named will now use a database to store
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina the configuration for zones added by "rndc addzone"
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina instead of using a flat NZF file. This improves
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina performance of "rndc delzone" and "rndc modzone"
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina significantly. Existing NZF files will
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina automatically by converted to NZD databases.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina To view the contents of an NZD or to roll back to
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina NZF format, use "named-nzd2nzf". To disable
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina this feature, use "configure --without-lmdb".
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4420. [func] nslookup now looks for AAAA as well as A by default.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4419. [bug] Don't cause undefined result if the label of an
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina entry in catalog zone is changed. [RT #42708]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4418. [bug] Fix a compiler warning in GSSAPI code. [RT #42879]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4417. [bug] dnssec-keymgr could fail to create successor keys
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina if the prepublication interval was set to a value
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina smaller than the default. [RT #42820]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4416. [bug] dnssec-keymgr: Domain names in policy files could
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina fail to match due to trailing dots. [RT #42807]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4415. [bug] dnssec-keymgr: Expired/deleted keys were not always
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina excluded. [RT #42884]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4414. [bug] Corrected a bug in the MIPS implementation of
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina isc_atomic_xadd(). [RT #41965]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4413. [bug] GSSAPI negotiation could fail if GSS_S_CONTINUE_NEEDED
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina was returned. [RT #42733]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina --- 9.11.0b2 released ---
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4412. [cleanup] Make fixes for GCC 6. ISC_OFFSET_MAXIMUM macro was
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina removed. [RT #42721]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4411. [func] "rndc dnstap -roll" automatically rolls the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina dnstap output file; the previous version is
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina saved with ".0" suffix, and earlier versions
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina with ".1" and so on. An optional numeric argument
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina indicates how many prior files to save. [RT #42830]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4410. [bug] Address use after free and memory leak with dnstap.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4409. [bug] DNS64 should exclude mapped addresses by default when
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina an exclude acl is not defined. [RT #42810]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4408. [func] Continue waiting for expected response when we the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina response we get does not match the request. [RT #41026]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4407. [performance] Use GCC builtin for clz in RPZ lookup code.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4406. [security] getrrsetbyname with a non absolute name could
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina trigger an infinite recursion bug in lwresd
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina and named with lwres configured if when combined
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina with a search list entry the resulting name is
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina too long. (CVE-2016-2775) [RT #42694]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4405. [bug] Change 4342 introduced a regression where you could
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina not remove a delegation in a NSEC3 signed zone using
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina OPTOUT via nsupdate. [RT #42702]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4404. [misc] Allow krb5-config to be used when configuring gssapi.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4403. [bug] Rename variables and arguments that shadow: basename,
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina clone and gai_error.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4402. [bug] protoc-c is now a hard requirement for --enable-dnstap.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina --- 9.11.0b1 released ---
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4401. [misc] Change LICENSE to MPL 2.0.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4400. [bug] ttl policy was not being inherited in policy.py.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4399. [bug] policy.py 'ECCGOST', 'ECDSAP256SHA256', and
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina 'ECDSAP384SHA384' don't have settable keysize.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4398. [bug] Correct spelling of ECDSAP256SHA256 in policy.py.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4397. [bug] Update Windows python support. [RT #42538]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4396. [func] dnssec-keymgr now takes a '-r randomfile' option.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4395. [bug] Improve out-of-tree installation of python modules.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4394. [func] Add rndc command "dnstap-reopen" to close and
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina reopen dnstap output files. [RT #41803]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4393. [bug] Address potential NULL pointer dereferences in
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4392. [func] Collect statistics for RSSAC02v3 traffic-volume,
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina traffic-sizes and rcode-volume reporting. [RT #41475]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4391. [contrib] Fix leaks in contrib DLZ code. [RT #42707]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4390. [doc] Description of masters with TSIG, allow-query and
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina allow-transfer options in catalog zones. [RT #42692]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4389. [test] Rewritten test suite for catalog zones. [RT #42676]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4388. [func] Support for master entries with TSIG keys in catalog
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina zones. [RT #42577]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4387. [bug] Change 4336 was not complete leading to SERVFAIL
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina being return as NS records expired. [RT #42683]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4386. [bug] Remove shadowed overmem function/variable. [RT #42706]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4385. [func] Add support for allow-query and allow-transfer ACLs
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina to catalog zones. [RT #42578]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4384. [bug] Change 4256 accidentally disabled logging of the
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina rndc command. [RT #42654]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4383. [bug] Correct spelling error in stats channel description of
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina "EDNS client subnet option received". [RT #42633]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4382. [bug] rndc {addzone,modzone,delzone,showzone} should all
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina compare the zone name using a canonical format.
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4381. [bug] Missing "zone-directory" option in catalog zone
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina definition caused BIND to crash. [RT #42579]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina --- 9.11.0a3 released ---
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4380. [experimental] Added a "zone-directory" option to "catalog-zones"
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina syntax, allowing local masterfiles for slaves
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina that are provisioned by catalog zones to be stored
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina in a directory other than the server's working
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina directory. [RT #42527]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4379. [bug] An INSIST could be triggered if a zone contains
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina RRSIG records with expiry fields that loop
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina using serial number arithmetic. [RT #40571]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4378. [contrib] #include <isc/string.h> for strlcat in zone2ldap.c.
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4377. [bug] Don't reuse zero TTL responses beyond the current
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina client set (excludes ANY/SIG/RRSIG queries).
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4376. [experimental] Added support for Catalog Zones, a new method for
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina provisioning secondary servers in which a list of
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina zones to be served is stored in a DNS zone and can
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina be propagated to slaves via AXFR/IXFR. [RT #41581]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4375. [func] Add support for automatic reallocation of isc_buffer
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina to isc_buffer_put* functions. [RT #42394]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4374. [bug] Use SAVE/RESTORE macros in query.c to reduce the
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina probability of reference counting errors as seen
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina in 4365. [RT #42405]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4373. [bug] Address undefined behavior in getaddrinfo. [RT #42479]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4372. [bug] Address undefined behavior in libt_api. [RT #42480]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4371. [func] New "minimal-any" option reduces the size of UDP
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina responses for qtype ANY by returning a single
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina arbitrarily selected RRset instead of all RRsets.
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina Thanks to Tony Finch. [RT #41615]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4370. [bug] Address python3 compatibility issues with RNDC module.
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina [RT #42499] [RT #42506]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina --- 9.11.0a2 released ---
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4369. [bug] Fix 'make' and 'make install' out-of-tree python
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina support. [RT #42484]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4368. [bug] Fix a crash when calling "rndc stats" on some
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina Windows builds because some Visual Studio compilers
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina generated crashing code for the "%z" printf()
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina format specifier. [RT #42380]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4367. [bug] Remove unnecessary assignment of loadtime in
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina zone_touched. [RT #42440]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4366. [bug] Address race condition when updating rbtnode bit
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina fields. [RT #42379]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4365. [bug] Address zone reference counting errors involving
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina nxdomain-redirect. [RT #42258]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4364. [port] freebsd: add -Wl,-E to loader flags [RT #41690]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4363. [port] win32: Disable explicit triggering UAC when running
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4362. [func] Changed rndc reconfig behavior so that newly added
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina zones are loaded asynchronously and the loading does
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina not block the server. [RT #41934]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4361. [cleanup] Where supported, file modification times returned
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina by isc_file_getmodtime() are now accurate to the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina nanosecond. [RT #41968]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4360. [bug] Silence spurious 'bad key type' message when there is
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina a existing TSIG key. [RT #42195]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4359. [bug] Inherited 'also-notify' lists were not being checked
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina by named-checkconf. [RT #42174]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4358. [test] Added American Fuzzy Lop harness that allows
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina feeding fuzzed packets into BIND.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4357. [func] Add the python RNDC module. [RT #42093]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4356. [func] Add the ability to specify whether to wait for
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina nameserver addresses to be looked up or not to
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina RPZ with a new modifying directive 'nsip-wait-recurse'.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4355. [func] "pkcs11-list" now displays the extractability
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina attribute of private or secret keys stored in
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina an HSM, as either "true", "false", or "never"
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina Thanks to Daniel Stirnimann. [RT #36557]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4354. [bug] Check that the received HMAC length matches the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina expected length prior to check the contents on the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina control channel. This prevents a OOB read error.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina This was reported by Lian Yihan, <lianyihan@360.cn>.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4353. [cleanup] Update PKCS#11 header files. [RT #42175]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4352. [cleanup] The ISC DNSSEC Lookaside Validation (DLV) service
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina is scheduled to be disabled in 2017. A warning is
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina now logged when named is configured to use it,
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina either explicitly or via "dnssec-lookaside auto;"
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4351. [bug] 'dig +noignore' didn't work. [RT #42273]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4350. [contrib] Declare result in dlz_filesystem_dynamic.c.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4349. [contrib] kasp2policy: A python script to create a DNSSEC
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina policy file from an OpenDNSSEC KASP XML file.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4348. [func] dnssec-keymgr: A new python-based DNSSEC key
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina management utility, which reads a policy definition
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina file and can create or update DNSSEC keys as needed
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina to ensure that a zone's keys match policy, roll over
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina correctly on schedule, etc. Thanks to Sebastian
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina Castro for assistance in development. [RT #39211]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4347. [port] Corrected a build error on x86_64 Solaris. [RT #42150]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4346. [bug] Fixed a regression introduced in change #4337 which
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina caused signed domains with revoked KSKs to fail
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina validation. [RT #42147]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4345. [contrib] perftcpdns mishandled the return values from
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina clock_nanosleep. [RT #42131]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4344. [port] Address openssl version differences. [RT #42059]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4343. [bug] dns_dnssec_syncupdate mis-declared in <dns/dnssec.h>.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4342. [bug] 'rndc flushtree' could fail to clean the tree if there
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina wasn't a node at the specified name. [RT #41846]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina --- 9.11.0a1 released ---
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4341. [bug] Correct the handling of ECS options with
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina address family 0. [RT #41377]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4340. [performance] Implement adaptive read-write locks, reducing the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina overhead of locks that are only held briefly.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4339. [test] Use "mdig" to test pipelined queries. [RT #41929]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4338. [bug] Reimplement change 4324 as it wasn't properly doing
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina all the required book keeping. [RT #41941]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4337. [bug] The previous change exposed a latent flaw in
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina key refresh queries for managed-keys when
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina a cached DNSKEY had TTL 0. [RT #41986]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4336. [bug] Don't emit records with zero ttl unless the records
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina were learnt with a zero ttl. [RT #41687]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4335. [bug] zone->view could be detached too early. [RT #41942]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4334. [func] 'named -V' now reports zlib version. [RT #41913]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4333. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42 and
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina 2001:500:9f::42.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4332. [placeholder]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4331. [func] When loading managed signed zones detect if the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina RRSIG's inception time is in the future and regenerate
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina the RRSIG immediately. [RT #41808]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4330. [protocol] Identify the PAD option as "PAD" when printing out
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4329. [func] Warn about a common misconfiguration when forwarding
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina RFC 1918 zones. [RT #41441]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4328. [performance] Add dns_name_fromwire() benchmark test. [RT #41694]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4327. [func] Log query and depth counters during fetches when
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina querytrace (./configure --enable-querytrace) is
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina enabled (helps in diagnosing). [RT #41787]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4326. [protocol] Add support for AVC. [RT #41819]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4325. [func] Add a line to "rndc status" indicating the
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina hostname and operating system details. [RT #41610]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4324. [bug] When deleting records from a zone database, interior
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina nodes could be left empty but not deleted, damaging
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina search performance afterward. [RT #40997]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4323. [bug] Improve HTTP header processing on statschannel.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4322. [security] Duplicate EDNS COOKIE options in a response could
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina trigger an assertion failure. (CVE-2016-2088)
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4321. [bug] Zones using mapped files containing out-of-zone data
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina could return SERVFAIL instead of the expected NODATA
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina or NXDOMAIN results. [RT #41596]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4320. [bug] Insufficient memory allocation when handling
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina "none" ACL could cause an assertion failure in
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina named when parsing ACL configuration. [RT #41745]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4319. [security] Fix resolver assertion failure due to improper
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina DNAME handling when parsing fetch reply messages.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina (CVE-2016-1286) [RT #41753]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4318. [security] Malformed control messages can trigger assertions
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina in named and rndc. (CVE-2016-1285) [RT #41666]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4317. [bug] Age all unused servers on fetch timeout. [RT #41597]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4316. [func] Add option to tools to print RRs in unknown
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina presentation format [RT #41595].
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4315. [bug] Check that configured view class isn't a meta class.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4314. [contrib] Added 'dnsperf-2.1.0.0-1', a set of performance
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina testing tools provided by Nominum, Inc.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4313. [bug] Handle ns_client_replace failures in test mode.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4312. [bug] dig's unknown DNS and EDNS flags (MBZ value) logging
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina was not consistent. [RT #41600]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4311. [bug] Prevent "rndc delzone" from being used on
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina response-policy zones. [RT #41593]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4310. [performance] Use __builtin_expect() where available to annotate
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina conditions with known behavior. [RT #41411]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4309. [cleanup] Remove the spurious "none" filename from log messages
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina when processing built-in configuration. [RT #41594]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4308. [func] Added operating system details to "named -V"
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina output. [RT #41452]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4307. [bug] "dig +subnet" and "mdig +subnet" could send
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina incorrectly-formatted Client Subnet options
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina if the prefix length was not divisible by 8.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina Also fixed a memory leak in "mdig". [RT #45178]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4306. [maint] Added a PKCS#11 openssl patch supporting
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina version 1.0.2f [RT #38312]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4305. [bug] dnssec-signzone was not removing unnecessary rrsigs
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina from the zone's apex. [RT #41483]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4304. [port] xfer system test failed as 'tail -n +value' is not
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina portable. [RT #41315]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4303. [bug] "dig +subnet" was unable to send a prefix length of
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina zero, as it was incorrectly changed to 32 for v4
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina prefixes or 128 for v6 prefixes. In addition to
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina fixing this, "dig +subnet=0" has been added as a
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina short form for 0.0.0.0/0. The same changes have
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina also been made in "mdig". [RT #41553]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4302. [port] win32: fixed a build error in VS 2015. [RT #41426]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4301. [bug] dnssec-settime -p [DP]sync was not working. [RT #41534]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4300. [bug] A flag could be set in the wrong field when setting
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina up non-recursive queries; this could cause the
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina SERVFAIL cache to cache responses it shouldn't.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina New querytrace logging has been added which
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina identified this error. [RT #41155]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4299. [bug] Check that exactly totallen bytes are read when
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina reading a RRset from raw files in both single read
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina and incremental modes. [RT #41402]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4298. [bug] dns_rpz_add errors in loadzone were not being
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina propagated up the call stack. [RT #41425]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4297. [test] Ensure delegations in RPZ zones fail robustly.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4296. [bug] TCP packet sizes were calculated incorrectly in the
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina stats channel; they could be counted in the wrong
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina histogram bucket. [RT #40587]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4295. [bug] An unchecked result in dns_message_pseudosectiontotext()
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina could allow incorrect text formatting of EDNS EXPIRE
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina options. [RT #41437]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4294. [bug] Fixed a regression in which "rndc stop -p" failed
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina to print the PID. [RT #41513]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4293. [bug] Address memory leak on priming query creation failure.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4292. [placeholder]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4291. [cleanup] Added a required include to dns/forward.h. [RT #41474]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4290. [func] The timers returned by the statistics channel
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina (indicating current time, server boot time, and
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina most recent reconfiguration time) are now reported
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina with millisecond accuracy. [RT #40082]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4289. [bug] The server could crash due to memory being used
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina after it was freed if a zone transfer timed out.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4288. [bug] Fixed a regression in resolver.c:possibly_mark()
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina which caused known-bogus servers to be queried
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina anyway. [RT #41321]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4287. [bug] Silence an overly noisy log message when message
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina parsing fails. [RT #41374]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4286. [security] render_ecs errors were mishandled when printing out
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina a OPT record resulting in a assertion failure.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina (CVE-2015-8705) [RT #41397]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4285. [security] Specific APL data could trigger a INSIST.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina (CVE-2015-8704) [RT #41396]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4284. [bug] Some GeoIP options were incorrectly documented
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina using abbreviated forms which were not accepted by
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina named. The code has been updated to allow both
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina long and abbreviated forms. [RT #41381]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4283. [bug] OPENSSL_config is no longer re-callable. [RT #41348]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4282. [func] 'dig +[no]mapped' determine whether the use of mapped
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina IPv4 addresses over IPv6 is permitted or not. The
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina default is +mapped. [RT #41307]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4281. [bug] Teach dns_message_totext about BADCOOKIE. [RT #41257]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4280. [performance] Use optimal message sizes to improve compression
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina in AXFRs. This reduces network traffic. [RT #40996]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4279. [test] Don't use fixed ports when unit testing. [RT #41194]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4278. [bug] 'delv +short +[no]split[=##]' didn't work as expected.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4277. [performance] Improve performance of the RBT, the central zone
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina datastructure: The aux hashtable was improved,
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina hash function was updated to perform more
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina uniform mapping, uppernode was added to
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina dns_rbtnode, and other cleanups and performance
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina improvements were made. [RT #41165]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4276. [protocol] Add support for SMIMEA. [RT #40513]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4275. [performance] Lazily initialize dns_compress->table only when
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina compression is enabled. [RT #41189]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4274. [performance] Speed up typemap processing from text. [RT #41196]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4273. [bug] Only call dns_test_begin() and dns_test_end() once each
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina in nsec3_test as it fails with GOST if called multiple
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4272. [bug] dig: the +norrcomments option didn't work with +multi.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4271. [test] Unit tests could deadlock in isc__taskmgr_pause().
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4270. [security] Update allowed OpenSSL versions as named is
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina potentially vulnerable to CVE-2015-3193.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4269. [bug] Zones using "map" format master files currently
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina don't work as policy zones. This limitation has
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina now been documented; attempting to use such zones
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina in "response-policy" statements is now a
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina configuration error. [RT #38321]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4268. [func] "rndc status" now reports the path to the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina configuration file. [RT #36470]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4267. [test] Check sdlz error handling. [RT #41142]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4266. [placeholder]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4265. [bug] Address unchecked isc_mem_get calls. [RT #41187]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4264. [bug] Check const of strchr/strrchr assignments match
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina argument's const status. [RT #41150]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4263. [contrib] Address compiler warnings in mysqldyn module.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4262. [bug] Fixed a bug in epoll socket code that caused
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina sockets to not be registered for ready
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina notification in some cases, causing named to not
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina read from or write to them, resulting in what
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina appear to the user as blocked connections.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4261. [maint] H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4260. [security] Insufficient testing when parsing a message allowed
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina records with an incorrect class to be be accepted,
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina triggering a REQUIRE failure when those records
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina were subsequently cached. (CVE-2015-8000) [RT #40987]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4259. [func] Add an option for non-destructive control channel
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina access using a "read-only" clause. In such
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina cases, a restricted set of rndc commands are
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina allowed for querying information from named.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4258. [bug] Limit rndc query message sizes to 32 KiB. This should
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina not break any legitimate rndc commands, but will
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina prevent a rogue rndc query from allocating too
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina much memory. [RT #41073]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4257. [cleanup] Python scripts reported incorrect version. [RT #41080]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4256. [bug] Allow rndc command arguments to be quoted so as
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina to allow spaces. [RT #36665]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4255. [performance] Add 'message-compression' option to disable DNS
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina compression in responses. [RT #40726]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4254. [bug] Address missing lock when getting zone's serial.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4253. [security] Address fetch context reference count handling error
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina on socket error. (CVE-2015-8461) [RT#40945]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4252. [func] Add support for automating the generation CDS and
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina CDNSKEY rrsets to named and dnssec-signzone.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4251. [bug] NTAs were deleted when the server was reconfigured
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina or reloaded. [RT #41058]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4250. [func] Log the TSIG key in use during inbound zone
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina transfers. [RT #41075]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4249. [func] Improve error reporting of TSIG / SIG(0) records in
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina the wrong location. [RT #41030]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4248. [performance] Add an isc_atomic_storeq() function, use it in
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina stats counters to improve performance.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina [RT #39972] [RT #39979]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4247. [port] Require both HAVE_JSON and JSON_C_VERSION to be
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina defined to report json library version. [RT #41045]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4246. [test] Ensure the statschannel system test runs when BIND
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina is not built with libjson. [RT #40944]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4245. [placeholder]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4244. [bug] The parser was not reporting that use-ixfr is obsolete.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4243. [func] Improved stats reporting from Timothe Litt. [RT #38941]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4242. [bug] Replace the client if not already replaced when
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina prefetching. [RT #41001]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4241. [doc] Improved the TSIG, TKEY, and SIG(0) sections in
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina the ARM. [RT #40955]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4240. [port] Fix LibreSSL compatibility. [RT #40977]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4239. [func] Changed default servfail-ttl value to 1 second from 10.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina Also, the maximum value is now 30 instead of 300.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4238. [bug] Don't send to servers on net zero (0.0.0.0/8).
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4237. [doc] Upgraded documentation toolchain to use DocBook 5
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina and dblatex. [RT #40766]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4236. [performance] On machines with 2 or more processors (CPU), the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina default value for the number of UDP listeners
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina has been changed to the number of detected
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina processors minus one. [RT #40761]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4235. [func] Added support in named for "dnstap", a fast method of
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina capturing and logging DNS traffic, and a new command
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina "dnstap-read" to read a dnstap log file. Use
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina "configure --enable-dnstap" to enable this
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina feature (note that this requires libprotobuf-c
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina and libfstrm). See the ARM for configuration details.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina Thanks to Robert Edmonds of Farsight Security.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4234. [func] Add deflate compression in statistics channel HTTP
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina server. [RT #40861]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4233. [test] Add tests for CDS and CDNSKEY with delegation-only.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4232. [contrib] Address unchecked memory allocation calls in
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina query-loc and zone2ldap. [RT #40789]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4231. [contrib] Address unchecked calloc call in dlz_mysqldyn_mod.c.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4230. [contrib] dlz_wildcard_dynamic.c:dlz_create could return a
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina uninitialized result. [RT #40839]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4229. [bug] A variable could be used uninitialized in
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina dns_update_signaturesinc. [RT #40784]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4228. [bug] Address race condition in dns_client_destroyrestrans.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4227. [bug] Silence static analysis warnings. [RT #40828]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4226. [bug] Address a theoretical shutdown race in
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina zone.c:notify_send_queue(). [RT #38958]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4225. [port] freebsd/openbsd: Use '${CC} -shared' for building
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina shared libraries. [RT #39557]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4224. [func] Added support for "dyndb", a new interface for loading
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina zone data from an external database, developed by
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina Red Hat for the FreeIPA project.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina DynDB drivers fully implement the BIND database
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina API, and are capable of significantly better
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina performance and functionality than DLZ drivers,
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina while taking advantage of advanced database
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina features not available in BIND such as multi-master
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina Thanks to Adam Tkac and Petr Spacek of Red Hat.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4223. [func] Add support for setting max-cache-size to percentage
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina of available physical memory, set default to 90%.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4222. [func] Bias IPv6 servers when selecting the next server to
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina query. [RT #40836]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4221. [bug] Resource leak on DNS_R_NXDOMAIN in fctx_create.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4220. [doc] Improve documentation for zone-statistics.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4219. [bug] Set event->result to ISC_R_WOULDBLOCK on EWOULDBLOCK,
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina EGAIN when these soft error are not retried for
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina isc_socket_send*().
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4218. [bug] Potential null pointer dereference on out of memory
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina if mmap is not supported. [RT #40777]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4217. [protocol] Add support for CSYNC. [RT #40532]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4216. [cleanup] Silence static analysis warnings. [RT #40649]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4215. [bug] nsupdate: skip to next request on GSSTKEY create
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina failure. [RT #40685]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4214. [protocol] Add support for TALINK. [RT #40544]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4213. [bug] Don't reuse a cache across multiple classes.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4212. [func] Re-query if we get a bad client cookie returned over
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina UDP. [RT #40748]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4211. [bug] Ensure that lwresd gets at least one task to work
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina with if enabled. [RT #40652]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4210. [cleanup] Silence use after free false positive. [RT #40743]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4209. [bug] Address resource leaks in dlz modules. [RT #40654]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4208. [bug] Address null pointer dereferences on out of memory.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4207. [bug] Handle class mismatches with raw zone files.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4206. [bug] contrib: fixed a possible NULL dereference in
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina DLZ wildcard module. [RT #40745]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4205. [bug] 'named-checkconf -p' could include unwanted spaces
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina when printing tuples with unset optional fields.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4204. [bug] 'dig +trace' failed to lookup the correct type if
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina the initial root NS query was retried. [RT #40296]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4203. [test] The rrchecker system test now tests conversion
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina to and from unknown-type format. [RT #40584]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4202. [bug] isccc_cc_fromwire() could return an incorrect
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina result. [RT #40614]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4201. [func] The default preferred-glue is now the address record
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina type of the transport the query was received
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina over. [RT #40468]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4200. [cleanup] win32: update BINDinstall to be BIND release
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina independent. [RT #38915]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4199. [protocol] Add support for NINFO, RKEY, SINK, TA.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina [RT #40545] [RT #40547] [RT #40561] [RT #40563]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4198. [placeholder]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4197. [bug] 'named-checkconf -z' didn't handle 'in-view' clauses.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4196. [doc] Improve how "enum + other" types are documented.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4195. [bug] 'max-zone-ttl unlimited;' was broken. [RT #40608]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4194. [bug] named-checkconf -p failed to properly print a port
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina range. [RT #40634]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4193. [bug] Handle broken servers that return BADVERS incorrectly.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4192. [bug] The default rrset-order of random was not always being
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina applied. [RT #40456]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4191. [protocol] Accept DNS-SD non LDH PTR records in reverse zones
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina as per RFC 6763. [RT #37889]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4190. [protocol] Accept Active Directory gc._msdcs.<forest> name as
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina valid with check-names. <forest> still needs to be
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina LDH. [RT #40399]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4189. [cleanup] Don't exit on overly long tokens in named.conf.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4188. [bug] Support HTTP/1.0 client properly on the statistics
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina channel. [RT #40261]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4187. [func] When any RR type implementation doesn't
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina implement totext() for the RDATA's wire
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina representation and returns ISC_R_NOTIMPLEMENTED,
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina such RDATA is now printed in unknown
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina presentation format (RFC 3597). RR types affected
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina include LOC(29) and APL(42). [RT #40317].
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4186. [bug] Fixed an RPZ bug where a QNAME would be matched
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina against a policy RR with wildcard owner name
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina (trigger) where the QNAME was the wildcard owner
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina name's parent. For example, the bug caused a query
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina with QNAME "example.com" to match a policy RR with
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina "*.example.com" as trigger. [RT #40357]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4185. [bug] Fixed an RPZ bug where a policy RR with wildcard
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina owner name (trigger) would prevent another policy RR
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina with its parent owner name from being
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina loaded. For example, the bug caused a policy RR
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina with trigger "example.com" to not have any
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina effect when a previous policy RR with trigger
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina "*.example.com" existed in that RPZ zone.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4184. [bug] Fixed a possible memory leak in name compression
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina when rendering long messages. (Also, improved
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina wire_test for testing such messages.) [RT #40375]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4183. [cleanup] Use timing-safe memory comparisons in cryptographic
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina code. Also, the timing-safe comparison functions have
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina been renamed to avoid possible confusion with
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina memcmp(). Thanks to Loganaden Velvindron of
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina AFRINIC. [RT #40148]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4182. [cleanup] Use mnemonics for RR class and type comparisons.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4181. [bug] Queued notify messages could be dequeued from the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina wrong rate limiter queue. [RT #40350]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4180. [bug] Error responses in pipelined queries could
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina cause a crash in client.c. [RT #40289]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4179. [bug] Fix double frees in getaddrinfo() in libirs.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4178. [bug] Fix assertion failure in parsing UNSPEC(103) RR from
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina text. [RT #40274]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4177. [bug] Fix assertion failure in parsing NSAP records from
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina text. [RT #40285]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4176. [bug] Address race issues with lwresd. [RT #40284]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4175. [bug] TKEY with GSS-API keys needed bigger buffers.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4174. [bug] "dnssec-coverage -r" didn't handle time unit
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina suffixes correctly. [RT #38444]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4173. [bug] dig +sigchase was not properly matching the trusted
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina key. [RT #40188]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4172. [bug] Named / named-checkconf didn't handle a view of CLASS0.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4171. [bug] Fixed incorrect class checks in TSIG RR
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina implementation. [RT #40287]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4170. [security] An incorrect boundary check in the OPENPGPKEY
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina rdatatype could trigger an assertion failure.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina (CVE-2015-5986) [RT #40286]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4169. [test] Added a 'wire_test -d' option to read input as
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina raw binary data, for use as a fuzzing harness.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4168. [security] A buffer accounting error could trigger an
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina assertion failure when parsing certain malformed
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina DNSSEC keys. (CVE-2015-5722) [RT #40212]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4167. [func] Update rndc's usage output to include recently added
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina commands. Thanks to Tony Finch for submitting a
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina patch. [RT #40010]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4166. [func] Print informative output from rndc showzone when
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina allow-new-zones is not enabled for a view. Thanks to
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina Tony Finch for submitting a patch. [RT #40009]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4165. [security] A failure to reset a value to NULL in tkey.c could
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina result in an assertion failure. (CVE-2015-5477)
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4164. [bug] Don't rename slave files and journals on out of memory.
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4163. [bug] Address compiler warnings. [RT #40024]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4162. [bug] httpdmgr->flags was not being initialized. [RT #40017]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4161. [test] Add JSON test for traffic size stats; also test
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina for consistency between "rndc stats" and the XML
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina and JSON statistics channel contents. [RT #38700]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4160. [placeholder]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4159. [cleanup] Alphabetize dig's help output. [RT #39966]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4158. [placeholder]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4157. [placeholder]
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina4156. [func] Added statistics counters to track the sizes
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina of incoming queries and outgoing responses in
973be642f3d33ba21ea9c06791295f09efcdba46Pavel Březina histogram buckets, as specified in RSSAC002.
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4155. [func] Allow RPZ rewrite logging to be configured on a
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina per-zone basis using a newly introduced log clause in
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina the response-policy option. [RT #39754]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4154. [bug] A OPT record should be included with the FORMERR
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina response when there is a malformed EDNS option.
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4153. [bug] Dig should zero non significant +subnet bits. Check
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina that non significant ECS bits are zero on receipt.
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4152. [func] Implement DNS COOKIE option. This replaces the
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina experimental SIT option of BIND 9.10. The following
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina named.conf directives are available: send-cookie,
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina cookie-secret, cookie-algorithm, nocookie-udp-size
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina and require-server-cookie. The following dig options
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina are available: +[no]cookie[=value] and +[no]badcookie.
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4151. [bug] 'rndc flush' could cause a deadlock. [RT #39835]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4150. [bug] win32: listen-on-v6 { any; }; was not working. Apply
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina minimal fix. [RT #39667]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4149. [bug] Fixed a race condition in the getaddrinfo()
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina implementation in libirs, which caused the delv
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina utility to crash with an assertion failure when using
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina the '@server' syntax with a hostname argument.
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4148. [bug] Fix a bug when printing zone names with '/' character
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina in XML and JSON statistics output. [RT #39873]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4147. [bug] Filter-aaaa / filter-aaaa-on-v4 / filter-aaaa-on-v6
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina was returning referrals rather than nodata responses
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina when the AAAA records were filtered. [RT #39843]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4146. [bug] Address reference leak that could prevent a clean
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina shutdown. [RT #37125]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4145. [bug] Not all unassociated adb entries where being printed.
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4144. [func] Add statistics counters for nxdomain redirections.
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4143. [placeholder]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4142. [bug] rndc addzone with view specified saved NZF config
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina that could not be read back by named. This has now
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina been fixed. [RT #39845]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4141. [bug] A formatting bug caused rndc zonestatus to print
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina negative numbers for large serial values. This has
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina now been fixed. [RT #39854]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4140. [cleanup] Remove redundant nzf_remove() call during delzone.
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4139. [doc] Fix rpz-client-ip documentation. [RT #39783]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4138. [security] An uninitialized value in validator.c could result
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina in an assertion failure. (CVE-2015-4620) [RT #39795]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4137. [bug] Make rndc reconfig report configuration errors the
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina same way rndc reload does. [RT #39635]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4136. [bug] Stale statistics counters with the leading
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina '#' prefix (such as #NXDOMAIN) were not being
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina updated correctly. This has been fixed. [RT #39141]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4135. [cleanup] Log expired NTA at startup. [RT #39680]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4134. [cleanup] Include client-ip rules when logging the number
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina of RPZ rules of each type. [RT #39670]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4133. [port] Update how various json libraries are handled.
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4132. [cleanup] dig: added +rd as a synonym for +recurse,
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina added +class as an unabbreviated alternative
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina to +cl. [RT #39686]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4131. [bug] Addressed further problems with reloading RPZ
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina zones. [RT #39649]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4130. [bug] The compatibility shim for *printf() misprinted some
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina large numbers. [RT #39586]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4129. [port] Address API changes in OpenSSL 1.1.0. [RT #39532]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4128. [bug] Address issues raised by Coverity 7.6. [RT #39537]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4127. [protocol] CDS and CDNSKEY need to be signed by the key signing
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina key as per RFC 7344, Section 4.1. [RT #37215]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4126. [bug] Addressed a regression introduced in change #4121.
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4125. [test] Added tests for dig, renamed delv test to digdelv.
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4124. [func] Log errors or warnings encountered when parsing the
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina internal default configuration. Clarify the logging
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina of errors and warnings encountered in rndc
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina addzone or modzone parameters. [RT #39440]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4123. [port] Added %z (size_t) format options to the portable
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina internal printf/sprintf implementation. [RT #39586]
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina4122. [bug] The server could match a shorter prefix than what was
efa6c1f75c4c18bcc148d6e7efd429c2d56499adPavel Březina available in CLIENT-IP policy triggers, and so, an
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina unexpected action could be taken. This has been
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina corrected. [RT #39481]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4121. [bug] On servers with one or more policy zones
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina configured as slaves, if a policy zone updated
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina during regular operation (rather than at
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina startup) using a full zone reload, such as via
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina AXFR, a bug could allow the RPZ summary data to
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina fall out of sync, potentially leading to an
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina assertion failure in rpz.c when further
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina incremental updates were made to the zone, such
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina as via IXFR. [RT #39567]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4120. [bug] A bug in RPZ could cause the server to crash if
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina policy zones were updated while recursion was
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina pending for RPZ processing of an active query.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4119. [test] Allow dig to set the message opcode. [RT #39550]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4118. [bug] Teach isc-config.sh about irs. [RT #39213]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4117. [protocol] Add EMPTY.AS112.ARPA as per RFC 7534.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4116. [bug] Fix a bug in RPZ that could cause some policy
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina zones that did not specifically require
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina recursion to be treated as if they did;
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina consequently, setting qname-wait-recurse no; was
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina sometimes ineffective. [RT #39229]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4115. [func] "rndc -r" now prints the result code (e.g.,
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina ISC_R_SUCCESS, ISC_R_TIMEOUT, etc) after
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina running the requested command. [RT #38913]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4114. [bug] Fix a regression in radix tree implementation
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina introduced by ECS code. This bug was never
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina released, but it was reported by a user testing
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina master. [RT #38983]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4113. [test] Check for Net::DNS is some system test
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina prerequisites. [RT #39369]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4112. [bug] Named failed to load when "root-delegation-only"
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina was used without a list of domains to exclude.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4111. [doc] Alphabetize rndc man page. [RT #39360]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4110. [bug] Address memory leaks / null pointer dereferences
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina on out of memory. [RT #39310]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4109. [port] linux: support reading the local port range from
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4108. [func] An additional NXDOMAIN redirect method (option
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina "nxdomain-redirect") has been added, allowing
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina redirection to a specified DNS namespace instead
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina of a single redirect zone. [RT #37989]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4107. [bug] Address potential deadlock when updating zone content.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4106. [port] Improve readline support. [RT #38938]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4105. [port] Misc fixes for Microsoft Visual Studio
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina 2015 CTP6 in 64 bit mode. [RT #39308]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4104. [bug] Address uninitialized elements. [RT #39252]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4103. [port] Misc fixes for Microsoft Visual Studio
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina 2015 CTP6. [RT #39267]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4102. [bug] Fix a use after free bug introduced in change
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina #4094. [RT #39281]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4101. [bug] dig: the +split and +rrcomments options didn't
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina work with +short. [RT #39291]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4100. [bug] Inherited owernames on the line immediately following
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina a $INCLUDE were not working. [RT #39268]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4099. [port] clang: make unknown commandline options hard errors
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina when determining what options are supported.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4098. [bug] Address use-after-free issue when using a
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina predecessor key with dnssec-settime. [RT #39272]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4097. [func] Add additional logging about xfrin transfer status.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4096. [bug] Fix a use after free of query->sendevent.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4095. [bug] zone->options2 was not being properly initialized.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4094. [bug] A race during shutdown or reconfiguration could
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina cause an assertion in mem.c. [RT #38979]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4093. [func] Dig now learns the SIT value from truncated
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina responses when it retries over TCP. [RT #39047]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4092. [bug] 'in-view' didn't work for zones beneath a empty zone.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4091. [cleanup] Some cleanups in isc mem code. [RT #38896]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4090. [bug] Fix a crash while parsing malformed CAA RRs in
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina presentation format, i.e., from text such as
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina from master files. Thanks to John Van de
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina Meulebrouck Brendgard for discovering and
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina reporting this problem. [RT #39003]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4089. [bug] Send notifies immediately for slave zones during
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina startup. [RT #38843]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4088. [port] Fixed errors when building with libressl. [RT #38899]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4087. [bug] Fix a crash due to use-after-free due to sequencing
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina of tasks actions. [RT #38495]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4086. [bug] Fix out-of-srcdir build with native pkcs11. [RT #38831]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4085. [bug] ISC_PLATFORM_HAVEXADDQ could be inconsistently set.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4084. [bug] Fix a possible race in updating stats counters.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4083. [cleanup] Print the number of CPUs and UDP listeners
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina consistently in the log and in "rndc status"
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina output; indicate whether threads are supported
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina in "named -V" output. [RT #38811]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4082. [bug] Incrementally sign large inline zone deltas.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4080. [func] Completed change #4022, adding a "lock-file" option
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina to named.conf to override the default lock file,
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina in addition to the "named -X <filename>" command
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina line option. Setting the lock file to "none"
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina using either method disables the check completely.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4079. [func] Preserve the case of the owner name of records to
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina the RRset level. [RT #37442]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4078. [bug] Handle the case where CMSG_SPACE(sizeof(int)) !=
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina CMSG_SPACE(sizeof(char)). [RT #38621]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4077. [test] Add static-stub regression test for DS NXDOMAIN
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina return making the static stub disappear. [RT #38564]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4076. [bug] Named could crash on shutdown with outstanding
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina reload / reconfig events. [RT #38622]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4075. [placeholder]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4074. [cleanup] Cleaned up more warnings from gcc -Wshadow. [RT #38708]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4073. [cleanup] Add libjson-c version number reporting to
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina "named -V"; normalize version number formatting.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4072. [func] Add a --enable-querytrace configure switch for
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina very verbose query trace logging. (This option
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina has a negative performance impact and should be
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina used only for debugging.) [RT #37520]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4071. [cleanup] Initialize pthread mutex attrs just once, instead of
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina doing it per mutex creation. [RT #38547]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4070. [bug] Fix a segfault in nslookup in a query such as
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4069. [doc] Reorganize options in the nsupdate man page.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4068. [bug] Omit unknown serial number from JSON zone statistics.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4067. [cleanup] Reduce noise from RRL when query logging is
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina disabled. [RT #38648]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4066. [doc] Reorganize options in the dig man page. [RT #38516]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4065. [test] Additional RFC 5011 tests. [RT #38569]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4064. [contrib] dnssec-keyset.sh: Generates a specified number
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina of DNSSEC keys with timing set to implement a
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina pre-publication key rollover strategy. Thanks
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina to Jeffry A. Spain. [RT #38459]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4063. [bug] Asynchronous zone loads were not handled
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina correctly when the zone load was already in
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina progress; this could trigger a crash in zt.c.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4062. [bug] Fix an out-of-bounds read in RPZ code. If the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina read succeeded, it doesn't result in a bug
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina during operation. If the read failed, named
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina could segfault. [RT #38559]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4061. [bug] Handle timeout in legacy system test. [RT #38573]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4060. [bug] dns_rdata_freestruct could be called on a
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina uninitialized structure when handling a error.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4059. [bug] Addressed valgrind warnings. [RT #38549]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4058. [bug] UDP dispatches could use the wrong pseudorandom
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina number generator context. [RT #38578]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4057. [bug] 'dnssec-dsfromkey -T 0' failed to add ttl field.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4056. [bug] Expanded automatic testing of trust anchor
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina management and fixed several small bugs including
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina a memory leak and a possible loss of key state
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina information. [RT #38458]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4055. [func] "rndc managed-keys" can be used to check status
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina of trust anchors or to force keys to be refreshed,
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina Also, the managed keys data file has easier-to-read
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina comments. [RT #38458]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4054. [func] Added a new tool 'mdig', a lightweight clone of
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina dig able to send multiple pipelined queries.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4053. [security] Revoking a managed trust anchor and supplying
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina an untrusted replacement could cause named
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina to crash with an assertion failure.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina (CVE-2015-1349) [RT #38344]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4052. [bug] Fix a leak of query fetchlock. [RT #38454]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4051. [bug] Fix a leak of pthread_mutexattr_t. [RT #38454]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4050. [bug] RPZ could send spurious SERVFAILs in response
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina to duplicate queries. [RT #38510]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4049. [bug] CDS and CDNSKEY had the wrong attributes. [RT #38491]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4048. [bug] adb hash table was not being grown. [RT #38470]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4047. [cleanup] "named -V" now reports the current running versions
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina of OpenSSL and the libxml2 libraries, in addition to
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina the versions that were in use at build time.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4046. [bug] Accounting of "total use" in memory context
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina statistics was not correct. [RT #38370]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4045. [bug] Skip to next master on dns_request_createvia4 failure.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4044. [bug] Change 3955 was not complete, resulting in an assertion
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina failure if the timing was just right. [RT #38352]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4043. [func] "rndc modzone" can be used to modify the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina configuration of an existing zone, using similar
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina syntax to "rndc addzone". [RT #37895]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4042. [bug] zone.c:iszonesecure was being called too late.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4041. [func] TCP sockets can now be shared while connecting.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina (This will be used to enable client-side support
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina of pipelined queries.) [RT #38231]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4040. [func] Added server-side support for pipelined TCP
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina queries. Clients may continue sending queries via
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina TCP while previous queries are being processed
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina in parallel. (The new "keep-response-order"
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina option allows clients to be specified for which
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina the old behavior will still be used.) [RT #37821]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4039. [cleanup] Cleaned up warnings from gcc -Wshadow. [RT #37381]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4038. [bug] Add 'rpz' flag to node and use it to determine whether
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina to call dns_rpz_delete. This should prevent unbalanced
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina add / delete calls. [RT #36888]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4037. [bug] also-notify was ignoring the tsig key when checking
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina for duplicates resulting in some expected notify
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina messages not being sent. [RT #38369]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4036. [bug] Make call to open a temporary file name safe during
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina NZF creation. [RT #38331]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4035. [bug] Close temporary and NZF FILE pointers before moving
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina the former into the latter's place, as required on
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina Windows. [RT #38332]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4034. [func] When added, negative trust anchors (NTA) are now
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina saved to files (viewname.nta), in order to
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina persist across restarts of the named server.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4033. [bug] Missing out of memory check in request.c:req_send.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4032. [bug] Built-in "empty" zones did not correctly inherit the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina "allow-transfer" ACL from the options or view.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4031. [bug] named-checkconf -z failed to report a missing file
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina with a hint zone. [RT #38294]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4030. [func] "rndc delzone" is now applicable to zones that were
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina configured in named.conf, as well as zones that
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina were added via "rndc addzone". (Note, however, that
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina if named.conf is not also modified, the deleted zone
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina will return when named is reloaded.) [RT #37887]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4029. [func] "rndc showzone" displays the current configuration
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina of a specified zone. [RT #37887]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4028. [bug] $GENERATE with a zero step was not being caught as a
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina error. A $GENERATE with a / but no step was not being
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina caught as a error. [RT #38262]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4027. [port] Net::DNS 0.81 compatibility. [RT #38165]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4026. [bug] Fix RFC 3658 reference in dig +sigchase. [RT #38173]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4025. [port] bsdi: failed to build. [RT #38047]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4024. [bug] dns_rdata_opt_first, dns_rdata_opt_next,
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina dns_rdata_opt_current, dns_rdata_txt_first,
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina dns_rdata_txt_next and dns_rdata_txt_current were
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina documented but not implemented. These have now been
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina dns_rdata_spf_first, dns_rdata_spf_next and
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina dns_rdata_spf_current were documented but not
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina implemented. The prototypes for these
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina functions have been removed. [RT #38068]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4023. [bug] win32: socket handling with explicit ports and
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina invoking named with -4 was broken for some
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina configurations. [RT #38068]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4022. [func] Stop multiple spawns of named by limiting number of
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina processes to 1. This is done by using a lockfile and
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina checking whether we can listen on any configured
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina TCP interfaces. [RT #37908]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4021. [bug] Adjust max-recursion-queries to accommodate
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina the need for more queries when the cache is
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina empty. [RT #38104]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4020. [bug] Change 3736 broke nsupdate's SOA MNAME discovery
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina resulting in updates being sent to the wrong server.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4019. [func] If named is not configured to validate the answer
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina then allow fallback to plain DNS on timeout even
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina when we know the server supports EDNS. [RT #37978]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4018. [placeholder]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4017. [test] Add system test to check lookups to legacy servers
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina with broken DNS behavior. [RT #37965]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4016. [bug] Fix a dig segfault due to bad linked list usage.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4015. [bug] Nameservers that are skipped due to them being
2a45f13e3139063d3a5842119e7377c8c98aea1dPavel Březina CNAMEs were not being logged. They are now logged
2a45f13e3139063d3a5842119e7377c8c98aea1dPavel Březina to category 'cname' as per BIND 8. [RT #37935]
2a45f13e3139063d3a5842119e7377c8c98aea1dPavel Březina4014. [bug] When including a master file origin_changed was
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina not being properly set leading to a potentially
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina spurious 'inherited owner' warning. [RT #37919]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4013. [func] Add a new tcp-only option to server (config) /
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina peer (struct) to use TCP transport to send
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina queries (in place of UDP transport with a
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina TCP fallback on truncated (TC set) response).
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4012. [cleanup] Check returned status of OpenSSL digest and HMAC
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina functions when they return one. Note this applies
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina only to FIPS capable OpenSSL libraries put in
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina FIPS mode and MD5. [RT #37944]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4011. [bug] master's list port and dscp inheritance was not
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina properly implemented. [RT #37792]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4010. [cleanup] Clear the prefetchable state when initiating a
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina prefetch. [RT #37399]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4009. [func] delv: added a +tcp option. [RT #37855]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4008. [contrib] Updated zkt to latest version (1.1.3). [RT #37886]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4007. [doc] Remove acl forward reference restriction. [RT #37772]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4006. [security] A flaw in delegation handling could be exploited
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina to put named into an infinite loop. This has
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina been addressed by placing limits on the number
2a45f13e3139063d3a5842119e7377c8c98aea1dPavel Březina of levels of recursion named will allow (default 7),
2a45f13e3139063d3a5842119e7377c8c98aea1dPavel Březina and the number of iterative queries that it will
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina send (default 50) before terminating a recursive
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina query (CVE-2014-8500).
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina The recursion depth limit is configured via the
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina "max-recursion-depth" option, and the query limit
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina via the "max-recursion-queries" option. [RT #37580]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4005. [func] The buffer used for returning text from rndc
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina commands is now dynamically resizable, allowing
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina arbitrarily large amounts of text to be sent back
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina to the client. (Prior to this change, it was
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina possible for the output of "rndc tsig-list" to be
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina truncated.) [RT #37731]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4004. [bug] When delegations had AAAA glue but not A, a
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina reference could be leaked causing an assertion
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina failure on shutdown. [RT #37796]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4003. [security] When geoip-directory was reconfigured during
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina named run-time, the previously loaded GeoIP
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina data could remain, potentially causing wrong
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina ACLs to be used or wrong results to be served
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina based on geolocation (CVE-2014-8680). [RT #37720]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4002. [security] Lookups in GeoIP databases that were not
2a45f13e3139063d3a5842119e7377c8c98aea1dPavel Březina loaded could cause an assertion failure
2a45f13e3139063d3a5842119e7377c8c98aea1dPavel Březina (CVE-2014-8680). [RT #37679]
2a45f13e3139063d3a5842119e7377c8c98aea1dPavel Březina4001. [security] The caching of GeoIP lookups did not always
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina handle address families correctly, potentially
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina resulting in an assertion failure (CVE-2014-8680).
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina4000. [bug] NXDOMAIN redirection incorrectly handled NXRRSET
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina from the redirect zone. [RT #37722]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina3999. [func] "mkeys" and "nzf" files are now named after
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina their corresponding views, unless the view name
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina contains characters that would be incompatible
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina with use in a filename (i.e., slash, backslash,
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina or capital letters). If a view name does contain
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina these characters, the files will still be named
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina using a cryptographic hash of the view name.
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina Regardless of this, if a file using the old name
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina format is found to exist, it will continue to be
2a45f13e3139063d3a5842119e7377c8c98aea1dPavel Březina used. [RT #37704]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3998. [bug] isc_radix_search was returning matches that were
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina too precise. [RT #37680]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3997. [protocol] Add OPENGPGKEY record. [RT# 37671]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3996. [bug] Address use after free on out of memory error in
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina keyring_add. [RT #37639]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3995. [bug] receive_secure_serial holds the zone lock for too
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina long. [RT #37626]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3994. [func] Dig now supports setting the last unassigned DNS
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina header flag bit (dig +zflag). [RT #37421]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3993. [func] Dig now supports EDNS negotiation by default.
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina (dig +[no]ednsnegotiation).
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina Note: This is disabled by default in BIND 9.10
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina and enabled by default in BIND 9.11. [RT #37604]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3992. [func] DiG can now send queries without questions
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina (dig +header-only). [RT #37599]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3991. [func] Add the ability to buffer logging output by specifying
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina "buffered yes;" when defining a channel. [RT #26561]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3990. [test] Add tests for unknown DNSSEC algorithm handling.
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3989. [cleanup] Remove redundant dns_db_resigned calls. [RT #35748]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3988. [func] Allow the zone serial of a dynamically updatable
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina zone to be updated via "rndc signing -serial".
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3987. [port] Handle future Visual Studio 14 incompatible changes.
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3986. [doc] Add the BIND version number to page footers
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina in the ARM. [RT #37398]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3985. [doc] Describe how +ndots and +search interact in dig.
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3984. [func] Accept 256 byte long PINs in native PKCS#11
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina crypto. [RT #37410]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3983. [bug] Change #3940 was incomplete: negative trust anchors
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina could be set to last up to a week, but the
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina "nta-lifetime" and "nta-recheck" options were
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina still limited to one day. [RT #37522]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3982. [doc] Include release notes in product documentation.
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3981. [bug] Cache DS/NXDOMAIN independently of other query types.
2a45f13e3139063d3a5842119e7377c8c98aea1dPavel Březina3980. [bug] Improve --with-tuning=large by self tuning of SO_RCVBUF
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina size. [RT #37187]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3979. [bug] Negative trust anchor fetches were not properly
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina managed. [RT #37488]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3978. [test] Added a unit test for Diffie-Hellman key
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina computation, completing change #3974. [RT #37477]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3977. [cleanup] "rndc secroots" reported a "not found" error when
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina there were no negative trust anchors set. [RT #37506]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3976. [bug] When refreshing managed-key trust anchors, clear
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina any cached trust so that they will always be
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina revalidated with the current set of secure
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina roots. [RT #37506]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3975. [bug] Don't populate or use the bad cache for queries that
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina don't request or use recursion. [RT #37466]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3974. [bug] Handle DH_compute_key() failure correctly in
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3973. [test] Added hooks for Google Performance Tools CPU profiler,
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina including real-time/wall-clock profiling. Use
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina "configure --with-gperftools-profiler" to enable.
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3972. [bug] Fix host's usage statement. [RT #37397]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3971. [bug] Reduce the cascading failures due to a bad $TTL line
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina in named-checkconf / named-checkzone. [RT #37138]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3970. [contrib] Fixed a use after free bug in the SDB LDAP driver.
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3969. [test] Added 'delv' system test. [RT #36901]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3968. [bug] Silence spurious log messages when using 'named -[46]'.
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3967. [test] Add test for inlined signed zone in multiple views
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina with different DNSKEY sets. [RT #35759]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3966. [bug] Missing dns_db_closeversion call in receive_secure_db.
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3965. [func] Log outgoing packets and improve packet logging to
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina support logging the remote address. [RT #36624]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3964. [func] nsupdate now performs check-names processing.
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3963. [test] Added NXRRSET test cases to the "dlzexternal"
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina system test. [RT #37344]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3962. [bug] 'dig +topdown +trace +sigchase' address unhandled error
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina conditions. [RT #34663]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina BADSIG. [RT #37216]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3960. [bug] 'dig +sigchase' could loop forever. [RT #37220]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3959. [bug] Updates could be lost if they arrived immediately
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina after a rndc thaw. [RT #37233]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3958. [bug] Detect when writeable files have multiple references
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina in named.conf. [RT #37172]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina and ECDSAP384SHA384. [RT #37183]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3956. [func] Notify messages are now rate limited by notify-rate and
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina startup-notify-rate instead of serial-query-rate.
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3955. [bug] Notify messages due to changes are no longer queued
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina behind startup notify messages. [RT #24454]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3954. [bug] Unchecked mutex init in dlz_dlopen_driver.c [RT #37112]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3952. [bug] dns_name_fullcompare failed to set *nlabelsp when the
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina two name pointers were the same. [RT #37176]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3951. [func] Add the ability to set yet-to-be-defined EDNS flags
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina to dig (+ednsflags=#). [RT #37142]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3950. [port] Changed the bin/python Makefile to work around a
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina bmake bug in FreeBSD 10 and NetBSD 6. [RT #36993]
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina3949. [experimental] Experimental support for draft-andrews-edns1 by sending
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina EDNS(1) queries (define DRAFT_ANDREWS_EDNS1 when
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina building). Add support for limiting the EDNS version
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina advertised to servers: server { edns-version 0; };
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina Log the EDNS version received in the query log.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina3948. [port] solaris: RCVBUFSIZE was too large on Solaris with
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina --with-tuning=large. [RT #37059]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina3947. [cleanup] Set the executable bit on libraries when using
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina libtool. [RT #36786]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina3946. [cleanup] Improved "configure" search for a python interpreter.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina3945. [bug] Invalid wildcard expansions could be incorrectly
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek accepted by the validator. [RT #37093]
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek3944. [test] Added a regression test for "server-id". [RT #37057]
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek3943. [func] SERVFAIL responses can now be cached for a
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek limited time (configured by "servfail-ttl",
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek default 10 seconds, limit 30). This can reduce
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek the frequency of retries when an authoritative
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek server is known to be failing, e.g., due to
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek ongoing DNSSEC validation problems. [RT #21347]
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek3942. [bug] Wildcard responses from a optout range should be
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek marked as insecure. [RT #37072]
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek3941. [doc] Include the BIND version number in the ARM. [RT #37067]
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek3940. [func] "rndc nta" now allows negative trust anchors to be
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek set for up to one week. [RT #37069]
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek3939. [func] Improve UPDATE forwarding performance by allowing TCP
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek connections to be shared. [RT #37039]
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek3938. [func] Added quotas to be used in recursive resolvers
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek that are under high query load for names in zones
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek whose authoritative servers are nonresponsive or
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek are experiencing a denial of service attack.
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek - "fetches-per-server" limits the number of
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek simultaneous queries that can be sent to any
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek single authoritative server. The configured
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek value is a starting point; it is automatically
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek adjusted downward if the server is partially or
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek completely non-responsive. The algorithm used to
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek adjust the quota can be configured via the
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek "fetch-quota-params" option.
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek - "fetches-per-zone" limits the number of
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek simultaneous queries that can be sent for names
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek within a single domain. (Note: Unlike
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek "fetches-per-server", this value is not
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek self-tuning.)
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek - New stats counters have been added to count
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek queries spilled due to these quotas.
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek See the ARM for details of these options. [RT #37125]
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek3937. [func] Added some debug logging to better indicate the
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek conditions causing SERVFAILs when resolving.
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek3936. [func] Added authoritative support for the EDNS Client
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek Subnet (ECS) option.
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek ACLs can now include "ecs" elements which specify
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek an address or network prefix; if an ECS option is
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek included in a DNS query, then the address encoded
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek in the option will be matched against "ecs" ACL
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek Also, if an ECS address is included in a query,
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek then it will be used instead of the client source
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek address when matching "geoip" ACL elements. This
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek behavior can be overridden with "geoip-use-ecs no;".
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek (Note: to enable "geoip" ACLs, use "configure
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek --with-geoip". This requires libGeoIP version
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek 1.5.0 or higher.)
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek When "ecs" or "geoip" ACL elements are used to
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek select a view for a query, the response will include
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek an ECS option to indicate which client network the
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek answer is valid for.
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek (Thanks to Vincent Bernat.) [RT #36781]
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek3935. [bug] "geoip asnum" ACL elements would not match unless
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek the full organization name was specified. They
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek can now match against the AS number alone (e.g.,
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek AS1234). [RT #36945]
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek3934. [bug] Catch bad 'sit-secret' in named-checkconf. Improve
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek sit-secret documentation. [RT #36980]
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek3933. [bug] Corrected the implementation of dns_rdata_casecompare()
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek for the HIP rdata type. [RT #36911]
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek3932. [test] Improved named-checkconf tests. [RT #36911]
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek3931. [cleanup] Cleanup how dlz grammar is defined. [RT #36879]
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek3930. [bug] "rndc nta -r" could cause a server hang if the
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek NTA was not found. [RT #36909]
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozek3929. [bug] 'host -a' needed to clear idnoptions. [RT #36963]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina3928. [test] Improve rndc system test. [RT #36898]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina3927. [bug] dig: report PKCS#11 error codes correctly when
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina compiled with --enable-native-pkcs11. [RT #36956]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina3926. [doc] Added doc for geoip-directory. [RT #36877]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina3924. [bug] Improve 'rndc addzone' error reporting. [RT #35187]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina3923. [bug] Sanity check the xml2-config output. [RT #22246]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina3922. [bug] When resigning, dnssec-signzone was removing
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina all signatures from delegation nodes. It now
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina retains DS and (if applicable) NSEC signatures.
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina3921. [bug] AD was inappropriately set on RPZ responses. [RT #36833]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina3920. [doc] Added doc for masterfile-style. [RT #36823]
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina3919. [bug] dig: continue to next line if a address lookup fails
nameserver clauses in resolv.conf. [RT #36039]
3880. [test] Update ans.pl to work with new TSIG support in
3841. [cleanup] Refactor zone.c:add_opt to use dns_message_buildopt.
"debug" options when set in /etc/resolv.conf.
3805. [contrib] Added contrib/perftcpdns, a performance testing tool
3804. [bug] Corrected a race condition in dispatch.c in which
3794. [maint] Added AAAA for C.ROOT-SERVERS.NET.
3793. [bug] zone.c:save_nsec3param() could assert when out of
a TSIG key in named.conf format without comments.
3767. [func] Log explicitly when using rndc.key to configure
3764. [bug] The dnssec-keygen/settime -S and -i options
containing the specified address/prefix when
3719. [bug] Address memory leak in in peer.c. [RT #35255]
3718. [bug] A missing ISC_LINK_INIT in log.c. [RT #35260]
"testcrypto.sh" script to do so. [RT #35213]
3708. [bug] Address a portentry locking issue in dispatch.c.
on a missing resolv.conf file and initializes the
result = irs_resconf_load(mctx, "/etc/resolv.conf",
special URLs http://<server>:<port>/xml/v3/server,
3695. [bug] Address a possible race in dispatch.c. [RT #35107]
3668. [bug] Fix cast in lex.c which could see 0xff treated as eof.
3660. [cleanup] Changed the name of "isc-config.sh" to "bind9-config".
3659. [port] solaris: don't add explicit dependencies/rules for
3614. [port] Check for <linux/types.h>. [RT #34162]
3608. [port] win32: added todos.pl script to ensure all text files
3603. [bug] Install <isc/stat.h>. [RT #33956]
trigger an assertion failure in resolver.c
3580. [bug] Addressed a possible race in acache.c [RT #33602]
description in the named.conf man page. [RT #33476]
3560. [bug] isc-config.sh did not honor includedir and libdir
3556. [maint] Added AAAA for D.ROOT-SERVERS.NET.
3555. [bug] Address theoretical race conditions in acache.c
3551. [bug] resolver.querydscp[46] were uninitialized. [RT #32686]
3548. [bug] The NSID request code in resolver.c was broken
3544. [contrib] check5011.pl: Script to report the status of
managed keys as recorded in managed-keys.bind.
options which take a "port" option (e.g.,
3521. [bug] Address memory leak in opensslecdsa_link.c. [RT #32249]
3518. [bug] Increase the size of dns_rrl_key.s.rtype by one bit
3497. [func] When deleting a slave/stub zone using 'rndc delzone'
dlzdb.link. When cloning a rdataset do not copy
3485. [cleanup] Only compile openssl_gostlink.c if we support GOST.
3473. [bug] dnssec-signzone/verify could incorrectly report
3459. [func] Added -J option to named-checkzone/named-compilezone
3449. [bug] gen.c: use the pre-processor to construct format
3447. [port] Add support for libxml2-2.9.x [RT #32231]
3441. [maint] D.ROOT-SERVERS.NET is now 199.7.91.13.
3436. [bug] Check malloc/calloc return values. [RT #32088]
3409. [contrib] contrib/dane/mkdane.sh: Tool to generate TLSA RR's
3406. [bug] mem.c: Fix compilation errors when building with
zone.c [RT #30675]
3362. [bug] Setting some option values to 0 in named.conf
3357. [port] Add support for libxml2-2.8.x [RT #30440]
to ensure correctness of signatures and of NSEC/NSEC3
- add a RPZ performance test to bin/tests/system/rpz
3328. [bug] Fixed inconsistent data checking in dst_parse.c.
zone.c:zone_gotwritehandle. [RT #29028]
3309. [bug] resolver.c:fctx_finddone() was not thread safe.
3300. [bug] Named could die if gssapi was enabled in named.conf
client.c:exit_check. [RT #28346]
3294. [bug] isccc/cc.c:table_fromwire failed to free alist on
3290. [bug] <isc/hmacsha.h> was not being installed. [RT #28169]
3287. [port] Update ans.pl to work with Net::DNS 0.68. [RT #28028]
rbtnode.deadlink. [RT #27738]
lib/dns/rbtdb.c:iszonesecure. [RT #26913]
3233. [bug] 'rndc freeze/thaw' didn't work for inline zones.
3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478]
3212. [bug] rbtdb.c: failed to remove a node from the deadnodes
3201. [func] 'rndc querylog' can now be given an on/off parameter
dnssec.h. [RT #26415]
3188. [bug] zone.c:zone_refreshkeys() could fail to detach
3186. [bug] Version/db mis-match in rpz code. [RT #26180]
sample external DLZ module in contrib/dlz/example.
- replace "NO-OP" named.conf policy override with
3169. [func] Catch db/version mis-matches when calling dns_db_*().
3163. [bug] Use finer-grained locking in client.c to address
3161. [bug] zone.c:del_sigs failed to always reset rdata leading
drivers (e.g., mysql, postgresql, etc). [RT #25710]
3145. [test] Capture output of ATF unit tests in "./atf.out" if
3093. [bug] Fix gssapi/kerberos dependencies [RT #23836]
3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
and add setup.sh in order to resolve changing
named.conf issue. [RT #23687]
3077. [bug] zone.c:zone_refreshkeys() incorrectly called
update.c:next_active. [RT #20256]
select the master/slave zones. [RT #23580]
- "dig +split=X" breaks hex/base64 records into
named.pid at startup. [RT #23290]
validator.c. Tests added to dnssec system test.
3038. [bug] Install <dns/rpz.h>. [RT #23342]
3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
3026. [bug] lib/isc/httpd.c: check that we have enough space
to 10. Allow setting this in named.conf using the new
in the named.conf options. [RT #21727]
3000. [bug] More TKEY/GSS fixes:
2992. [contrib] contrib/check-secure-delegation.pl: A simple tool
2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for
2987. [func] Improve ease of configuring TKEY/GSS updates by
zone, but the nameserver names and/or their IP
2978. [port] hpux: look for <devpoll.h> [RT #21919]
2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
2973. [bug] bind.keys.h was being removed by the "make clean"
(e.g. "%-1c"). [RT #22270]
2962. [port] win32: add more dependencies to BINDBuild.dsw.
2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
interfaces at reboot. See bin/tests/system/README
support for addzone/delzone feature (see change
new-zone-file in named.conf; this happens
2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
option at the view or options level in named.conf.
into named.conf in the appropriate view. (Note:
2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
was specified in named.conf. [RT #21416]
2903. [bug] managed-keys-directory missing from namedconf.c.
2893. [bug] Improve managed keys support. New named.conf option
2873. [bug] Canceling a dynamic update via the dns/client module
2872. [bug] Modify dns/client.c:dns_client_createx() to only
2871. [bug] Type mismatch in mem_api.c between the definition and
2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
2865. [bug] memset to zero event.data. [RT #20986]
2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
README.rfc5011 into the ARM. [RT #20899]
2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
2829. [bug] Fixed potential node inconsistency in rbtdb.c.
2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
2822. [bug] rbtdb.c:loadnode() could return the wrong result.
atomic.h is correctly installed by the architecture
(i.e., built without --enable-exportlib). [RT #20679]
named.conf: check-dup-records {ignore|warn|fail};
2794. [bug] Install <isc/namespace.h>. [RT #20677]
2791. [bug] The installation of isc-config.sh was broken.
2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
2770. [cleanup] Add log messages to resolver.c to indicate events
2756. [bug] Fixed corrupt logfile message in update.c. [RT #20597]
2746. [port] hpux: address signed/unsigned expansion mismatch of
dns_rbtnode_t.nsec. [RT #20542]
validator.c. [RT #19589]
2725. [doc] Added information about the file "managed-keys.bind"
2719. [func] Skip trusted/managed keys for unsupported algorithms.
2717. [bug] named failed to update the NSEC/NSEC3 record when
2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
2711. [port] win32: Add the bin/pkcs11 tools into the full
by the named.conf option 'secure-to-insecure'.
(i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
2699. [bug] Missing lock in rbtdb.c. [RT #20037]
S_IFREG are defined after including <isc/stat.h>.
2695. [func] DHCP/DDNS - update fdwatch code for use by
2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
2679. [func] dig -k can now accept TSIG keys in named.conf
- New "inactive" date (dnssec-keygen/settime -I)
2673. [bug] The managed-keys.bind zone file could fail to
2664. [bug] create_keydata() and minimal_update() in zone.c
applications. See README.libdns. [RT #19369]
2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
2632. [func] util/kit.sh: warn if documentation appears to be out of
2628. [port] linux: Allow /var/run/named/named.pid to be opened
2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
2617. [bug] ifconfig.sh failed to emit an error message when
2616. [bug] 'host' used the nameservers from resolv.conf even
configuration text for named.conf
from a NSEC3 signed master/slave zone. [RT #19464]
2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
2590. [func] Report zone/class of "update with no effect".
2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
of "dnssec-lookaside . trust-anchor dlv.isc.org;"
plus setting a trusted-key for dlv.isc.org.
by) $sysconfdir/bind.keys. As the ISC DLV key
the bind.keys file with a key downloaded from
https://www.isc.org/solutions/dlv. [RT #18685]
2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
2548. [bug] Install iterated_hash.h. [RT #19335]
2547. [bug] openssl_link.c:mem_realloc() could reference an
2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
2538. [bug] cache/ADB memory could grow over max-cache-size,
2519. [bug] dig/host with -4 or -6 didn't work if more than two
preceded in resolv.conf. [RT #19081]
document function in <isc/radix.h>. [RT #18534]
2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
are now /var/run/named/named.pid and
/var/run/lwresd/lwresd.pid respectively.
2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
specified in named.conf doesn't seem to work with
2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
2455. [bug] Stop metadata being transferred via axfr/ixfr.
2452. [func] Improve bin/test/journalprint. [RT #18316]
epoll and /dev/poll to be selected at compile
completion event send out canceled read/write
in rbtdb.c. [RT #18455]
2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
temporary, named.conf option reserved-sockets,
assertion in acl.c. [RT #18166]
2390. [bug] dispatch.c could make a false warning on 'odd socket'.
2387. [bug] Silence compiler warnings in lib/isc/radix.c.
2385. [bug] A condition variable in socket.c could leak in
2381. [port] dlz/mysql: support multiple install layouts for
mysql. <prefix>/include/{,mysql/}mysql.h and
2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
Documentation is in the new README.pkcs11 file.
were set at both the options/view level and in
named.conf. [RT #17581]
See <isc/mem.h> for details.
2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
rbtdb.c. Implement dead node processing in zones as
lib/dns/rdata/in_1/apl_42.c. [RT #17469]
2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
addresses in acl.c. [RT #17519]
bin/named/lwdnoop.c. [RT #17476]
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
debug/fatal messages. [RT #17501]
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
2306. [bug] Remove potential race from lib/dns/resolver.c.
2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
bin/tests/system/lwresd/lwtest.c. [RT #17474]
bin/tests/names/t_names.c. [RT #17473]
bin/nsupdate/nsupdate.c. [RT #17475]
bin/tests/timers/t_timers.c. [RT #17468]
bin/tests/dst/t_dst.c. [RT #17467]
2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
2276. [bug] Install <dst/gssapi.h>. [RT #17359]
stub/slave master and journal files. [RT #17279]
2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
2266. [bug] client.c:get_clientmctx() returned the same mctx
2257. [bug] win32: Use the full path to vcredist_x86.exe when
bindevt.dll. [RT #17159]
2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
2254. [bug] timer.c:dispatch() failed to lock timer->lock
2247. [doc] Sort doc/misc/options. [RT #17067]
2246. [bug] Make the startup of test servers (ans.pl) more
2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
If allow-query-cache is not set in named.conf then
If allow-recursion is not set in named.conf then
2194. [bug] Close journal before calling 'done' in xfrin.c.
2193. [port] win32: BINDInstall.exe is now linked statically.
2192. [port] win32: use vcredist_x86.exe to install Visual
2184. [bug] bind9.xsl.h didn't build out of the source tree.
2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
need to ship Microsoft.VC80.MFCLOC.
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
Fix a memory leak in rbtdb.c:free_noqname().
Make lookup.c:lookup_find() robust against
2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
dighost.c:get_trusted_key(). [RT #16678]
hmac_link.c. [RT #16437]
2145. [bug] Check DS/DLV digest lengths for known digests.
2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
in adb.c. [RT #16670]
2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2137. [port] Mips little endian and/or mips 64 bit are now
2136. [bug] nslookup/host looped if there was no search list
2135. [bug] Uninitialized rdataset in sdlz.c. [RT #16656]
2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
2114. [bug] dig/host/nslookup: searches for names with multiple
2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
2103. [port] Add /usr/sfw to list of locations for OpenSSL
2100. [port] win32: copy libeay32.dll to Build\Debug.
2098. [bug] Race in rbtdb.c:no_references(), which occasionally
if resolv.conf does not exist or no nameservers
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
2085. [doc] win32: added index.html and README to zip. [RT #16201]
2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
2080. [port] libbind: res_init.c did not compile on older versions
2076. [bug] Several files were missing #include <config.h>
of authoritative servers that drop EDNS and/or CD
2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
2043. [port] nsupdate/nslookup: Force the flushing of the prompt
2038. [bug] dig/nslookup/host was unlinking from wrong list
a non slave/stub zone. [RT # 16073]
2028. [port] linux: socket.c compatibility for old systems.
2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
2008. [func] It is now possible to enable/disable DNSSEC
breaks DNSSEC (firewall/proxy). [RT #15592]
2003. [bug] libbind: The DNS name/address lookup functions could
1988. [bug] Remove a bus error from the SHA256/SHA512 support.
1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
1981. [bug] win32: condition.c:wait() could fail to reattain
1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
now be set in named.conf (max-udp-size). This is
xfrin.c:maybe_free() if named ran out of memory.
1944. [cleanup] isc_hash_create() does not need a read/write lock.
1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
1922. [bug] check-tool.c:setup_logging() missing call to
1919. [contrib] queryperf: a set of new features: collecting/printing
'RD' was set in the query. host/nslookup skip servers
1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
1866. [bug] resolv.conf parse errors were being ignored by
dig/host/nslookup. [RT #14841]
1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
when CFLAGS contains "-I /usr/local/include"
1839. [bug] <isc/hash.h> was not being installed.
1836. [cleanup] Silence compiler warnings in hash_test.c.
1834. [bug] Bad memset in rdata_test.c. [RT #13658]
rbtdb.c:subtractrdataset(). [RT #13519]
option in named.conf can be used to specify a
1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
1810. [bug] configure, lib/bind/configure make different default
1808. [bug] zone.c:notify_zone() contained a race condition,
1788. [bug] libbind9.la/libbind9.so needs to link against
1785. [bug] libbind9.la/libbind9.so needs to link against
1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
file clause for rbt{64} master/hint zones. [RT #13009]
1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
1748. [func] dig now returns the byte count for axfr/ixfr.
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
1745. [bug] Dig/host/nslookup accept replies from link locals
1731. [port] darwin: relax version test in ifconfig.sh.
1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
1717. [port] solaris: ifconfig.sh did not support Solaris 10.
"ifconfig.sh down" didn't work for Solaris 9.
1716. [doc] named.conf(5) was being installed in the wrong
1714. [bug] dig/host/nslookup were only trying the first
1707. [contrib] sdb/ldap updated to version 1.0-beta.
1705. [func] Allow the journal's name to be changed via named.conf.
"#include <isc/print.h>". [RT #12321]
1701. [doc] A minimal named.conf man page.
are defined in named.conf. [RT #12023]
/usr/lib. [RT #11971]
1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
adb.c:set_target(). [RT #11582]
1648. [func] Update dnssec-lookaside named.conf syntax to support
1625. [bug] named failed to load/transfer RFC2535 signed zones
1612. [bug] check-names at the option/view level could trigger
1599. [bug] Fix memory leak on error path when checking named.conf.
DNSSEC specify "dnssec-enable yes;" in named.conf.
1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
1566. [port] Support for the cmsg framework on Solaris and HP/UX.
were specified in /etc/resolv.conf. [RT #8232]
1551. [port] Open "/dev/null" before calling chroot().
1532. [port] netbsd: the configure test for <sys/sysctl.h>
requires <sys/param.h>.
1517. [port] Support for IPv6 interface scanning on HP/UX and
only (e.g. DE, LV, US and MUSEUM) these can be excluded
1503. [port] win32: install libeay32.dll outside of system32.
named.conf, tcp-listen-queue.
1498. [port] bsdos: 5.x support.
1478. [port] ifconfig.sh didn't account for other virtual
1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
doc/misc/options. [RT #5616]
via named.conf (edns-udp-size).
1425. [port] linux/libbind: define __USE_MISC when testing *_r()
function prototypes in netdb.h. [RT #4921]
1422. [func] Log name/type/class when denying a query. [RT #4663]
1419. [port] openbsd: use /dev/arandom. [RT #4950]
1417. [func] ID.SERVER/CHAOS is now a built in zone.
1410. [func] Handle records that live in the parent zone, e.g. DS.
1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
'recursing-file = "named.recursing";'.
1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
1353. [contrib] sdb/ldap to version 0.9.
in socket.c and eliminating a host of socket
1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
1336. [func] Nibble lookups under IP6.ARPA are now supported by
1334. [bug] When signing/verifying rdatasets, duplicate rdatas
1326. [bug] DNAME/CNAME signatures were not being cached when
1324. [port] darwin: ifconfig.sh now supports darwin.
1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
1276. [bug] libbind: const pointer conflicts in res_debug.c.
1269. [port] Openserver: ifconfig.sh support.
<sys/param.h> is included or not. Be consistent.
1247. [bug] Don't reset the interface index for link/site local
1234. [bug] contrib/sdb: 'zonetodb' failed to call
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
at the named.conf checking stage. [RT #2431]
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
lib/dns to use this function instead of local one.
occurs when parsing named.conf. [RT #2275]
1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
1145. [func] "host" no longer reports a NOERROR/NODATA response
named/lwresd at compile time. [RT #1982]
1119. [func] Added support in Win32 for NTFS file/directory ACL's
could cause an assertion failure in resolver.c
violation in adb.c. [RT #2017]
1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
1088. [port] libbind: MPE/iX C.70 (incomplete)
on load/reload if views were used. [RT #1947]
1041. [bug] Dig/host/nslookup could catch an assertion failure
1032. [func] hostname.bind/txt/chaos now returns the name of
1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
1030. [bug] On systems with no resolv.conf file, nsupdate
1029. [bug] Some named.conf errors did not cause the loading
1002. [bug] When reporting an unknown class name in named.conf,
972. [bug] The file modification time code in zone.c was using the
non-existent nlist.h. [RT #1640]
957. [bug] sys/select.h inclusion was broken on older platforms.
in named/win32/os.c due to code changes in
updated to add include path for os.h header.
953. [func] The /var/run/named.key file from change #843
has been replaced by /etc/rndc.key. Both
method (rndc.conf / controls). Unlike
bin/tests. [RT #1555].
946. [cleanup] doc/misc/options is now machine-generated from the
when installing isc-config.sh.
were not accepted in named.conf. [RT #1469]
and added lib/isc/win32/entropy.c.
900. [bug] A config.guess update changed the system identification
bin/tests/system/ifconfig.sh now recognize the new
899. [bug] lib/dns/soa.c failed to compile on many platforms
897. [bug] A config.guess update changed the system identification
to Darwin. This was derived from the config.guess
849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
just as <lwres/net.h> does.
843. [func] If no controls statement is present in named.conf,
generated by named and an rndc.conf-style file
named named.key will be written that uses it. rndc
838. [port] UnixWare 7.x.x is now suported by
833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
<dns/soa.h>, and extended them to support
832. [bug] The default location for named.conf in named-checkconf
825. [bug] zone.c:ns_query() detached from the wrong zone
character (i.e. "/") in its name and the directory
down-cased when signing/verifying records. [RT #1186]
in rndc.conf.
786. [bug] When DNSSEC signing/verifying data, owner names were
755. [bug] Fix incorrectly formatted log messages in zone.c.
748. [doc] List supported RFCs in doc/misc/rfc-compliance.
739. [port] Look for /dev/random in configure, rather than
737. [port] stdtime.c failed to compile on certain platforms.
dispatch.c:do_cancel(). [RT #733]
718. [cleanup] "internal" is no longer a reserved word in named.conf.
failure in adb.c. [RT #738]
703. [port] sys/select.h is needed on older platforms. [RT #695]
702. [func] If the address 0.0.0.0 is seen in resolv.conf,
693. [bug] An empty lwres statement in named.conf caused
685. [bug] nslookup should use the search list/domain options
from resolv.conf by default. [RT #405, #630]
646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
for syntax checking named.conf files and zone files,
604. [bug] The named.conf parser could print incorrect line
577. [func] Log illegal RDATA combinations. e.g. multiple
570. [bug] rbtdb.c allowed zones containing nodes which had
568. [func] Add sample simple database drivers in contrib/sdb.
of rdata type/class mnemonics in log messages.
516. [bug] Cache lookups which had a NULL node pointer, e.g.
DNAME, would trigger an INSIST(!search.need_cleanup)
490. [func] When a slave/stub zone has not yet successfully
from the named.conf "listen-on" statement, sockets
477. [bug] The the isc-config.sh script could be installed before
471. [bug] nsupdate didn't compile on HP/UX 10.20
and subsequent name servers in resolv.conf if the
457. [bug] Dig/host/hslookup didn't properly handle connect
documented as such in named.conf. [RT #304, RT #311]
is specified in named.conf. [RT #306]
is specified in named.conf. [RT #301]
432. [func] Added refresh/retry jitter. The actual refresh/
428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
(e.g. glue). This could cause SERVFAILs when
e.g. due to corrupt zones with multiple SOA records.
an argc/argv style vector of words and sets
view/global one for CNAME targets and additional
369. [func] Support new named.conf options, view and zone
the distribution, in doc/man/dnssec.
353. [bug] double increment in lwres/gethost.c:copytobuf().
348. [func] New boolean named.conf options 'additional-from-auth'
345. [bug] Large-scale changes/cleanups to dig:
341. [func] Support 'key' clause in named.conf zone masters
327. [bug] rndc.conf parser wasn't correctly recognizing an IP
320. [func] Multiple rndc changes: parses an rndc.conf file,
319. [func] The named.conf "controls" statement is now used
314. [func] The named.conf controls statement can now have
313. [bug] When parsing resolv.conf, don't terminate on an
resolv.conf search path from 6 to 8. If there
resolv.conf was empty or a comment.
310. [func] Changes to named.conf "controls" statement (inet
are listed in resolv.conf, silently ignore them
each library's ipv6.h defines the wrapper symbol of
any $sbindir/dig from a previous release.)
that lack /dev/random.
280. [func] Add isc-config.sh, which can be used to more
two or more files in libomapi.a were not namespace
278. [bug] bin/named/logconf.c:category_fromconf() didn't take
266. [bug] zone.c:save_nsrrset() node was not initialized.
262. [bug] 'master' was not initialized in zone.c:stub_callback().
for global options block of named.conf. Both accept
258. [bug] Fixed printing of lwres_addr_t.address field.
256. [func] isc_ratelimiter_t now has attach/detach semantics, and
253. [func] resolv.conf parser now recognizes ';' and '#' as
252. [bug] resolv.conf parser mishandled masks on sortlists.
244. [bug] empty named.conf file and empty options statement are
243. [func] new cachesize option for named.conf
+ missing sigwait prototype on BSD/OS 4.0/4.0.1.
BSD/OS 4.*, Linux and Solaris 2.8.
230. [func] Replace the dst sign/verify API with a cleaner one.
from confparser.c, because of yacc's code, are
212. [func] Added dns_message_get/settsigkey, to make TSIG
compiling in the lib/dns/sec/{dnssafe,openssl}
204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
run on a PA 1.x system."
201. [cleanup] Removed the test/sdig program, it has been
replaced by bin/dig/dig.
(e.g., running out of network buffers) were
and/or interfaces. [19-May-2000 explorer]
191. [func] Patched to compile on UnixWare 7.x. This platform
range for overflow/underflow. In the case of
184. [cleanup] Variables/functions which began with two leading
underscores were made to conform to the ANSI/ISO
179. [func] options named.conf statement *must* now come
178. [func] Post-load of named.conf check verifies a slave zone
168. [bug] include statements in named.conf caused syntax errors
162. [bug] Ensure proper range for arguments to ctype.h functions.
masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
util/check-includes for how this was tested.
145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
<isc/result.h>.
of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
need <isc/eventclass.h>.
instead of <isc/time.h>.
128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
and creates null keys/sets zone status bit for
<isc/result.h>.
<isc/result.h>. Multiple inclusion protection
isc_symtab_t moved to <isc/types.h>.
<isc/net.h>.
118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
117. [cleanup] libdns.a changes:
116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
<isc/list.h>.
<isc/mutex.h>.
<isc/list.h>.
bin/tests/{db,mem,sockaddr,tasks,timers}/.
108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
105. [doc] doc/dev/coding.html expanded with other
103. [func] libisc buffer API changes for <isc/buffer.h>:
on BSD/OS 4.1.
101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
<isc/event.h>.
or <isc/result.h>.
<isc/result.h>.
90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
from <named/listenlist.h>.
<isc/mem.h>. isc_interface_t and isc_interfaceiter_t
moved to <isc/types.h>.
86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
<isc/types.h>.
<isc/int.h>.
<isc/lang.h>.
subsumed by file.o.
OpenSSL libraries/headers.
from <dns/types.h>.
59. [bug] Cause net/host unreachable to be a hard error
58. [bug] bin/named/query.c could sometimes trigger the
(client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
<sys/param.h>.
logging module "dns/validator".
and isc_lex_t to <isc/types.h>.
31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
25. [bug] make install failed to install <isc/log.h> and
configure.in to check for presence of in6addr_any.
9. [cleanup] replaced bit-setting code in confctx.c and replaced
4. [port] bin/named/unix/os.c didn't compile on systems with
get only what we need from <linux/capability.h>, and
systems without /dev/random.
lib/isc/unix/include/isc/Makefile.in had a typo which