CHANGES revision 3d751891410f9892ca1c1deba2f7d8556ae91b0c
5d92fff82718cd018f0b61a10b9ad4d2b8064c95rpluem3864. [bug] RPZ didn't work well when being used as forwarder.
bf52162f2d05c1fb1a107c7ef108de73f739b3edpquerna [RT #36060]
415bb21f281e9b4f905d5893fede9165bdf1491bjim3863. [bug] The "E" flag was missing from the query log as a
df58c3a1c000d76859808ca4746a41623b432c81sf unintended side effect of code rearrangement to
df58c3a1c000d76859808ca4746a41623b432c81sf support EDNS EXPIRE. [RT #36117]
65f6e321663b3fd0f93d8b47b4df05f189de6cf1sf3862. [cleanup] Return immediately if we are not going to log the
65f6e321663b3fd0f93d8b47b4df05f189de6cf1sf message in ns_client_dumpmessage.
bcb2c4ef861e8f8260284631b6753e1088643c8asf3861. [security] Missing isc_buffer_availablelength check results
bcb2c4ef861e8f8260284631b6753e1088643c8asf in a REQUIRE assertion when printing out a packet
bcb2c4ef861e8f8260284631b6753e1088643c8asf (CVE-2014-3859). [RT #36078]
6defa5d20691765eb0b98daf5db4b1004353222esf3860. [bug] ioctl(DP_POLL) array size needs to be determined
415bb21f281e9b4f905d5893fede9165bdf1491bjim at run time as it is limited to {OPEN_MAX}.
09359a90ff115fc5eeb96e1e5c78a58dd9fc59d3jim [RT #35878]
3e13c3c3e6517a04c8c20ffb8e62aadb3b13f8dfrjung3859. [placeholder]
b8c9229249804470a885a1a43f7f2dad15fb06a3rjung3858. [bug] Disable GCC 4.9 "delete null pointer check".
b8c9229249804470a885a1a43f7f2dad15fb06a3rjung [RT #35968]
ef3e19a9a27ca055dd20e971d5578f5510308023niq3857. [bug] Make it harder for a incorrect NOEDNS classification
ef3e19a9a27ca055dd20e971d5578f5510308023niq to be made. [RT #36020]
ef3e19a9a27ca055dd20e971d5578f5510308023niq3856. [bug] Configuring libjson without also configuring libxml
099d298d417b68b3d11fb5934c404c60f518d69csf resulted in a REQUIRE assertion when retrieving
099d298d417b68b3d11fb5934c404c60f518d69csf statistics using json. [RT #36009]
0d54de55e9fec3d9ac5989a5fe016f349b82ed05sf3855. [bug] Limit smoothed round trip time aging to no more than
0d54de55e9fec3d9ac5989a5fe016f349b82ed05sf once a second. [RT #32909]
636d0d3e03f5f4f2fefae0f20c36e288755e79f6rjung3854. [cleanup] Report unrecognized options, if any, in the final
636d0d3e03f5f4f2fefae0f20c36e288755e79f6rjung configure summary. [RT #36014]
3f5968bf1059aebe846e121a6f3748dd03471ce4sf3853. [cleanup] Refactor dns_rdataslab_fromrdataset to separate out
3f5968bf1059aebe846e121a6f3748dd03471ce4sf the handling of a rdataset with no records. [RT #35968]
3f5968bf1059aebe846e121a6f3748dd03471ce4sf3852. [func] Increase the default number of clients available
3f5968bf1059aebe846e121a6f3748dd03471ce4sf for servicing lightweight resolver queries, and
3f5968bf1059aebe846e121a6f3748dd03471ce4sf make them configurable via the "lwres-tasks" and
3f5968bf1059aebe846e121a6f3748dd03471ce4sf "lwres-clients" options. (Thanks to Tomas Hozza.)
3f5968bf1059aebe846e121a6f3748dd03471ce4sf [RT #35857]
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf3851. [func] Allow libseccomp based system-call filtering
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf on Linux; use "configure --enable-seccomp" to
7c6f514f2ef9b98f58b8f8a5f534eb78a75f29f2jorton turn it on. Thanks to Loganaden Velvindron
7c6f514f2ef9b98f58b8f8a5f534eb78a75f29f2jorton of AFRINIC for the contribution. [RT #35347]
3e520e9f095fbbcaa3c216c8ea56e89bd6fd58b4sf3850. [bug] Disabling forwarding could trigger a REQUIRE assertion.
3e520e9f095fbbcaa3c216c8ea56e89bd6fd58b4sf [RT #35979]
3e520e9f095fbbcaa3c216c8ea56e89bd6fd58b4sf3849. [doc] Alphabetized dig's +options. [RT #35992]
93d757f10e0823af718075b34363970c4af0e6cdsf3848. [bug] Adjust 'statistics-channels specified but not effective'
93d757f10e0823af718075b34363970c4af0e6cdsf error message to account for JSON support. [RT #36008]
533d85911f7e4914ee5f9d5c99a2421f4ab4208asf3847. [bug] 'configure --with-dlz-postgres' failed to fail when
533d85911f7e4914ee5f9d5c99a2421f4ab4208asf there is not support available.
533d85911f7e4914ee5f9d5c99a2421f4ab4208asf3846. [bug] "dig +notcp ixfr=<serial>" should result in a UDP
533d85911f7e4914ee5f9d5c99a2421f4ab4208asf ixfr query. [RT #35980]
78b046ee9f769d9609ea1157177d5467e4700c89covener3845. [placeholder]
78b046ee9f769d9609ea1157177d5467e4700c89covener3844. [bug] Use the x64 version of the Microsoft Visual C++
5d1aa7e499fc511e937db7a7ce671add9a4d6702sf Redistributable when built for 64 bit Windows.
5d1aa7e499fc511e937db7a7ce671add9a4d6702sf [RT #35973]
00f8426677a7975dc809e4ccb11241c543ec8a0esf3843. [protocol] Check EDNS EXPIRE option in dns_rdata_fromwire.
00f8426677a7975dc809e4ccb11241c543ec8a0esf [RT #35969]
3ef519991d73cff6763052b5a44c206bda01541dsf3842. [bug] Adjust RRL log-only logging category. [RT #35945]
3ef519991d73cff6763052b5a44c206bda01541dsf3841. [cleanup] Refactor zone.c:add_opt to use dns_message_buildopt.
3ef519991d73cff6763052b5a44c206bda01541dsf [RT #35924]
512bc8626ede860ea2ef329e6c2ffbd6ceba3903sf3840. [port] Check for arc4random_addrandom() before using it;
512bc8626ede860ea2ef329e6c2ffbd6ceba3903sf it's been removed from OpenBSD 5.5. [RT #35907]
f82baabbe731507742af2f7ba41463dbbc7911e9sf3839. [test] Use only posix-compatible shell in system tests.
f82baabbe731507742af2f7ba41463dbbc7911e9sf [RT #35625]
26d07dbe57cb2c8f49df541329a1653635988dbbsf3838. [protocol] EDNS EXPIRE as been assigned a code point of 9.
686555019e71b355e835166dfefbec33f7fb6f90rjung3837. [security] A NULL pointer is passed to query_prefetch resulting
686555019e71b355e835166dfefbec33f7fb6f90rjung a REQUIRE assertion failure when a fetch is actually
686555019e71b355e835166dfefbec33f7fb6f90rjung initiated (CVE-2014-3214). [RT #35899]
eda40bb2debf78c913552346127358797665cf7frjung3836. [bug] Address C++ keyword usage in header file.
eda40bb2debf78c913552346127358797665cf7frjung3835. [bug] Geoip ACL elements didn't work correctly when
eda40bb2debf78c913552346127358797665cf7frjung referenced via named or nested ACLs. [RT #35879]
53b3e9f9937ca992fb149d02d19223674c81c5a4rjung3834. [bug] The re-signing heaps were not being updated soon enough
53b3e9f9937ca992fb149d02d19223674c81c5a4rjung leading to multiple re-generations of the same RRSIG
53b3e9f9937ca992fb149d02d19223674c81c5a4rjung when a zone transfer was in progress. [RT #35273]
25cc406eca0c99de0dfbd6c8862bec2d5fb6c4farjung3833. [bug] Cross compiling was broken due to calling genrandom at
25cc406eca0c99de0dfbd6c8862bec2d5fb6c4farjung build time. [RT #35869]
5b43275cebfb0ff9961ac462f3a96f7fe612d327rjung3832. [func] "named -L <filename>" causes named to send log
5b43275cebfb0ff9961ac462f3a96f7fe612d327rjung messages to the specified file by default instead
3bcb72c0b2797d2ec0b41bb9f4696e58be2c7043rjung of to the system log. (Thanks to Tony Finch.)
3bcb72c0b2797d2ec0b41bb9f4696e58be2c7043rjung [RT #35845]
4acb0cd5536553055c7c6996414cec00b0191e1djim3831. [cleanup] Reduce logging noise when EDNS state changes occur.
4acb0cd5536553055c7c6996414cec00b0191e1djim [RT #35843]
dc610ff4888acc61dc6c8de2b8974a4dce9c074fsf3830. [func] When query logging is enabled, log query errors at
dc610ff4888acc61dc6c8de2b8974a4dce9c074fsf the same level ('info') as the queries themselves.
b08558bf6a64f9501ad3eca34eaf4d978bd928cfsf [RT #35844]
b08558bf6a64f9501ad3eca34eaf4d978bd928cfsf3829. [func] "dig +ttlunits" causes dig to print TTL values
70f553c56eda63b353598193c3afc238db9b3c78sf with time-unit suffixes: w, d, h, m, s for
70f553c56eda63b353598193c3afc238db9b3c78sf weeks, days, hours, minutes, and seconds. (Thanks
70f553c56eda63b353598193c3afc238db9b3c78sf to Tony Finch.) [RT #35823]
3fa816e4832a1c70600bdfd6fc5ef60e9f1c18bbsf3828. [func] "dnssec-signzone -N date" updates serial number
3fa816e4832a1c70600bdfd6fc5ef60e9f1c18bbsf to the current date in YYYYMMDDNN format.
0c2193f47081b894ed16f4fc371f44564d28b334jorton [RT #35800]
950e3163cb42ba1e9c8f9d93f4505f580cbc71f4jorton3827. [placeholder]
55929f765b95e354092ac17238718e471c252ebbsf3826. [bug] Corrected bad INSIST logic in isc_radix_remove().
55929f765b95e354092ac17238718e471c252ebbsf [RT #35870]
2ce2fc3287632e20f1b8759aa17e571f68c6fe6dsf3825. [bug] Address sign extension bug in isc_regex_validate.
2ce2fc3287632e20f1b8759aa17e571f68c6fe6dsf [RT #35758]
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf3824. [bug] A collision between two flag values could cause
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf problems with cache cleaning when SIT was enabled.
b44ddab21bd6e44ba3c03f7ae8ed08dd23b68b48sf [RT #35858]
b44ddab21bd6e44ba3c03f7ae8ed08dd23b68b48sf3823. [func] Log the rpz cname target when rewriting. [RT #35667]
b44ddab21bd6e44ba3c03f7ae8ed08dd23b68b48sf3822. [bug] Log the correct type of static-stub zones when
b44ddab21bd6e44ba3c03f7ae8ed08dd23b68b48sf removing them. [RT #35842]
0ab15ffa17f588723d0c310af78b505bf4e8a953sf3821. [contrib] Added a new "mysqldyn" DLZ module with dynamic
0ab15ffa17f588723d0c310af78b505bf4e8a953sf update and transaction support. Thanks to Marty
0ab15ffa17f588723d0c310af78b505bf4e8a953sf Lee for the contribution. [RT #35656]
1dee19645438f8e3cb80fe86e1aaade04d093e45sf3820. [func] The DLZ API doesn't pass the database version to
1dee19645438f8e3cb80fe86e1aaade04d093e45sf the lookup() function; this can cause DLZ modules
9f478b1ce1e6296ad7a244d9d2eaa6af79cfdfbfsf that allow dynamic updates to mishandle prerequisite
9f478b1ce1e6296ad7a244d9d2eaa6af79cfdfbfsf checks. This has been corrected by adding a
9f478b1ce1e6296ad7a244d9d2eaa6af79cfdfbfsf 'dbversion' field to the dns_clientinfo_t
9bec939825399ac2816ea0d912d2e3c3b2ed91f4sf structure. [RT #35656]
9bec939825399ac2816ea0d912d2e3c3b2ed91f4sf3819. [bug] NSEC3 hashes need to be able to be entered and
5cca2a55e4a1cabdc2ca0db3bee456f27cf4c69eminfrin displayed without padding. This is not a issue for
5cca2a55e4a1cabdc2ca0db3bee456f27cf4c69eminfrin currently defined algorithms but may be for future
5cca2a55e4a1cabdc2ca0db3bee456f27cf4c69eminfrin hash algorithms. [RT #27925]
33510984c759eb3da154ceb0db9b75fa0031d3b4sf3818. [bug] Stop lying to the optimizer that 'void *arg' is a
33510984c759eb3da154ceb0db9b75fa0031d3b4sf constant in isc_event_allocate.
33510984c759eb3da154ceb0db9b75fa0031d3b4sf3817. [func] The "delve" command is now spelled "delv" to avoid
33510984c759eb3da154ceb0db9b75fa0031d3b4sf a namespace collision with the Xapian project.
33510984c759eb3da154ceb0db9b75fa0031d3b4sf [RT #35801]
33510984c759eb3da154ceb0db9b75fa0031d3b4sf3816. [func] "dig +qr" now reports query size. (Thanks to
6b15044d54a096e6323ff1540f1a491e8de7622dsf Tony Finch.) [RT #35822]
6b15044d54a096e6323ff1540f1a491e8de7622dsf3815. [doc] Clarify "nsupdate -y" usage in man page. [RT #35808]
287b17b746df229d6211c624b8a3e1edda21cecdsf3814. [func] The "masterfile-style" zone option controls the
287b17b746df229d6211c624b8a3e1edda21cecdsf formatting of dumped zone files. Options are
de2d327e43e0f17cdb64851beafecba96a0ed962sf "relative" (multiline format) and "full" (one
de2d327e43e0f17cdb64851beafecba96a0ed962sf record per line). The default is "relative".
de2d327e43e0f17cdb64851beafecba96a0ed962sf [RT #20798]
c1ea0100af157a0d4e4a3de323f32dbfac4e5b6esf3813. [func] "host" now recognizes the "timeout", "attempts" and
c1ea0100af157a0d4e4a3de323f32dbfac4e5b6esf "debug" options when set in /etc/resolv.conf.
c1ea0100af157a0d4e4a3de323f32dbfac4e5b6esf (Thanks to Adam Tkac at RedHat.) [RT #21885]
c1ea0100af157a0d4e4a3de323f32dbfac4e5b6esf3812. [func] Dig now supports sending arbitrary EDNS options from
c1ea0100af157a0d4e4a3de323f32dbfac4e5b6esf the command line (+ednsopt=code[:value]). [RT #35584]
b44565f239485673d9486068588a5fb3af008be9sf3811. [func] "serial-update-method date;" sets serial number
b44565f239485673d9486068588a5fb3af008be9sf on dynamic update to today's date in YYYYMMDDNN
b44565f239485673d9486068588a5fb3af008be9sf format. (Thanks to Bradley Forschinger.) [RT #24903]
bf99d597a964add76124fc185892e04733a02969sf3810. [bug] Work around broken nameservers that fail to ignore
bf99d597a964add76124fc185892e04733a02969sf unknown EDNS options. [RT #35766]
876167dba234e2c7065895c87b77a8c57bdcf754sf3809. [doc] Fix SIT and NSID documentation.
876167dba234e2c7065895c87b77a8c57bdcf754sf3808. [doc] Clean up "prefetch" documentation. [RT #35751]
9d4ce88bcd21b01619a31c53db11a51c2a1e9717sf3807. [bug] Fix sign extension bug in dns_name_fromtext when
9d4ce88bcd21b01619a31c53db11a51c2a1e9717sf lowercase is set. [RT #35743]
2792ea4d5c772a6bc19dece2e098b8125bf7184cjim3806. [test] Improved system test portability. [RT #35625]
2792ea4d5c772a6bc19dece2e098b8125bf7184cjim3805. [contrib] Added contrib/perftcpdns, a performance testing tool
59a3c1e7880d3eab0d182735ff47758b9860411fminfrin for DNS over TCP. [RT #35710]
59a3c1e7880d3eab0d182735ff47758b9860411fminfrin --- 9.10.0rc1 released ---
59a3c1e7880d3eab0d182735ff47758b9860411fminfrin3804. [bug] Corrected a race condition in dispatch.c in which
59a3c1e7880d3eab0d182735ff47758b9860411fminfrin portentry could be reset leading to an assertion
b3e63c395d671f14a096d7e888dbfd2caf93a663sf failure in socket_search(). (Change #3708
b3e63c395d671f14a096d7e888dbfd2caf93a663sf addressed the same issue but was incomplete.)
b3e63c395d671f14a096d7e888dbfd2caf93a663sf [RT #35128]
6f88aef8511bf8ccf170bec41b82b6346c8b1ac7sf3803. [bug] "named-checkconf -z" incorrectly rejected zones
6f88aef8511bf8ccf170bec41b82b6346c8b1ac7sf using alternate data sources for not having a "file"
6f88aef8511bf8ccf170bec41b82b6346c8b1ac7sf option. [RT #35685]
83c89da783ba8bdaef50ec1912443f7fad3556acjim3802. [bug] Various header files were not being installed.
5152ceef718c8d39291557205cb2a98f436ce87frjung3801. [port] Fix probing for gssapi support on FreeBSD. [RT #35615]
4acb0cd5536553055c7c6996414cec00b0191e1djim3800. [bug] A pending event on the route socket could cause an
9c67ffea79ab184351b5d554b57814e13285e758jim assertion failure when shutting down named. [RT #35674]
3eb3f27d2d93942bd4230c231aab4eb16a316384jim3799. [bug] Improve named's command line error reporting.
3eb3f27d2d93942bd4230c231aab4eb16a316384jim [RT #35603]
0a2424312d9f02479a38e96dcbb170a77c218852rjung3798. [bug] 'rndc zonestatus' was reporting the wrong re-signing
0a2424312d9f02479a38e96dcbb170a77c218852rjung time. [RT #35659]
6137a8d5cdc62f1d4dad8cbf720feaa35f42a596covener3797. [port] netbsd: geoip support probing was broken. [RT #35642]
80a98c87d804ac7c0ea52d3f3b4676e559b49087igalic3796. [bug] Register dns and pkcs#11 error codes. [RT #35629]
80a98c87d804ac7c0ea52d3f3b4676e559b49087igalic3795. [bug] Make named-checkconf detect raw masterfiles for
925a6d92173ab96cdb0a8976c7aac13ef809e218trawick hint zones and reject them. [RT #35268]
925a6d92173ab96cdb0a8976c7aac13ef809e218trawick3794. [maint] Added AAAA for C.ROOT-SERVERS.NET.
e19d3a1e487aa73e0850658d3773f748aefba7f7sf3793. [bug] zone.c:save_nsec3param() could assert when out of
e19d3a1e487aa73e0850658d3773f748aefba7f7sf memory. [RT #35621]
e19d3a1e487aa73e0850658d3773f748aefba7f7sf3792. [func] Provide links to the alternate statistics views when
e19d3a1e487aa73e0850658d3773f748aefba7f7sf displaying in a browser. [RT #35605]
b8e5134b5779bf5505a9e5241cf8c930cc4aac5esf3791. [placeholder]
b8e5134b5779bf5505a9e5241cf8c930cc4aac5esf3790. [bug] Handle broken nameservers that send BADVERS in
b1677ce80314e41b74bdd8d50c13ac159f3c09f4sf response to unknown EDNS options. Maintain
b1677ce80314e41b74bdd8d50c13ac159f3c09f4sf statistics on BADVERS responses.
c447f5d2f2a21e8f2df49a113c4637b7f59a6feftrawick3789. [bug] Null pointer dereference on rbt creation failure.
31eeb74b832eea054c7a42081c1afdeccd987e5etrawick3788. [bug] dns_peer_getrequestsit was returning request_nsid by
e9bf808f770605c1f54a9d0fb1c560115c91fd71sf --- 9.10.0b2 released ---
e9bf808f770605c1f54a9d0fb1c560115c91fd71sf3787. [bug] The code that checks whether "auto-dnssec" is
575cc52562c51c0c8bb8de0c6eaa55a60f7f895bsf allowed was ignoring "allow-update" ACLs set at
575cc52562c51c0c8bb8de0c6eaa55a60f7f895bsf the options or view level. [RT #29536]
490993ea2eda52d4fdacff247eb2657296c86f71trawick3786. [func] Provide more detailed error codes when using
490993ea2eda52d4fdacff247eb2657296c86f71trawick native PKCS#11. "pkcs11-tokens" now fails robustly
03502de2853fcebaf853ed3bcfd5033894c238bbjim rather than asserting when run against an HSM with
03502de2853fcebaf853ed3bcfd5033894c238bbjim an incomplete PKCS#11 API implementation. [RT #35479]
03502de2853fcebaf853ed3bcfd5033894c238bbjim3785. [bug] Debugging code dumphex didn't accept arbitrarily long
afee7998d5045107a7673f09bc3448a5dc1b6612jim input (only compiled with -DDEBUG). [RT #35544]
6ec154950417d0b32082f6590ffa3acc3e0c3d49sf3784. [bug] Using "rrset-order fixed" when it had not been
6ec154950417d0b32082f6590ffa3acc3e0c3d49sf enabled at compile time caused inconsistent
6ec154950417d0b32082f6590ffa3acc3e0c3d49sf results. It now works as documented, defaulting
6ec154950417d0b32082f6590ffa3acc3e0c3d49sf to cyclic mode. [RT #28104]
3d636d91428f2c0a74012c89a94ec7d5b40aa52esf3783. [func] "tsig-keygen" is now available as an alternate
b38e1e2f118f67818f88faee827f4b3a2881e908sf command name for "ddns-confgen". It generates
33e53d7c6aa5d004d96ea11d7f3ca35b30e82544trawick a TSIG key in named.conf format without comments.
33e53d7c6aa5d004d96ea11d7f3ca35b30e82544trawick [RT #35503]
027f7b141f164258b254c38319d06452b25d7660trawick3782. [func] Specifying "auto" as the salt when using
027f7b141f164258b254c38319d06452b25d7660trawick "rndc signing -nsec3param" causes named to
977c4527be5a21182f24fc22a40a79d576a52f86trawick generate a 64-bit salt at random. [RT #35322]
977c4527be5a21182f24fc22a40a79d576a52f86trawick3781. [tuning] Use adaptive mutex locks when available; this
7fef9f66804ea10d5bf343cdd3d607465e8340cajim has been found to improve performance under load
7fef9f66804ea10d5bf343cdd3d607465e8340cajim on many systems. "configure --with-locktype=standard"
7fef9f66804ea10d5bf343cdd3d607465e8340cajim restores conventional mutex locks. [RT #32576]
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier3780. [bug] $GENERATE handled negative numbers incorrectly.
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier [RT #25528]
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier3779. [cleanup] Clarify the error message when using an option
7bd92b29516bc4bf7351d35aa447dbe68f1e8bb4jorton that was not enabled at compile time. [RT #35504]
7bd92b29516bc4bf7351d35aa447dbe68f1e8bb4jorton3778. [bug] Log a warning when the wrong address family is
a81c0c1ae464b2063a21b45f80c9da8d89bb840ecovener used in "listen-on" or "listen-on-v6". [RT #17848]
a81c0c1ae464b2063a21b45f80c9da8d89bb840ecovener3777. [bug] EDNS EXPIRE code could dump core when processing
ffae06377667a5d8f9699ac7512134de7000a83dminfrin DLZ queries. [RT #35493]
ffae06377667a5d8f9699ac7512134de7000a83dminfrin3776. [func] "rndc -q" suppresses output from successful
ffae06377667a5d8f9699ac7512134de7000a83dminfrin rndc commands. Errors are printed on stderr.
efc81fe729a2b7401028387da184b4a98f0b854atrawick [RT #21393]
efc81fe729a2b7401028387da184b4a98f0b854atrawick3775. [bug] dlz_dlopen driver could return the wrong error
efc81fe729a2b7401028387da184b4a98f0b854atrawick code on API version mismatch, leading to a segfault.
9c67ffea79ab184351b5d554b57814e13285e758jim [RT #35495]
8f066564bfc0fd6ddc6ca4b2f2410615554597d1jim3774. [func] When using "request-nsid", log the NSID value in
d56f48e6d861159b42b8f6eadd66e9e03086ceb9fuankg printable form as well as hex. [RT #20864]
cfd376e3e25eb609c30773a0897c97b2a9a76130fuankg3773. [func] "host", "nslookup" and "nsupdate" now have
cfd376e3e25eb609c30773a0897c97b2a9a76130fuankg options to print the version number and exit.
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim [RT #26057]
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim3772. [contrib] Added sqlite3 dynamically-loadable DLZ module.
29ecbd9db1622e74964264d078336f7604d65093jim (Based in part on a contribution from Tim Tessier.)
29ecbd9db1622e74964264d078336f7604d65093jim [RT #20822]
a503caacf7ab36d5bc42cb7c78256e1221642656jim3771. [cleanup] Adjusted log level for "using built-in key"
a503caacf7ab36d5bc42cb7c78256e1221642656jim messages. [RT #24383]
da40dfabefd6f8eb8450e9a097c594ee2ab13e3eminfrin3770. [bug] "dig +trace" could fail with an assertion when it
da40dfabefd6f8eb8450e9a097c594ee2ab13e3eminfrin needed to fall back to TCP due to a truncated
da40dfabefd6f8eb8450e9a097c594ee2ab13e3eminfrin response. [RT #24660]
59d316b83d42d2a07e25c20d8c35a07b369618bdsf3769. [doc] Improved documentation of "rndc signing -list".
59d316b83d42d2a07e25c20d8c35a07b369618bdsf [RT #30652]
8602c898d4e06a7e7b9d6b7cf4b172a8e7310987sf3768. [bug] "dnssec-checkds" was missing the SHA-384 digest
8602c898d4e06a7e7b9d6b7cf4b172a8e7310987sf algorithm. [RT #34000]
8602c898d4e06a7e7b9d6b7cf4b172a8e7310987sf3767. [func] Log explicitly when using rndc.key to configure
8602c898d4e06a7e7b9d6b7cf4b172a8e7310987sf command channel. [RT #35316]
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim3766. [cleanup] Fixed problems with building outside the source
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim tree when using native PKCS#11. [RT #35459]
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim3765. [bug] Fixed a bug in "rndc secroots" that could crash
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim named when dumping an empty keynode. [RT #35469]
3e2582713ed6883683272fbc628a27419d0ed543minfrin3764. [bug] The dnssec-keygen/settime -S and -i options
3e2582713ed6883683272fbc628a27419d0ed543minfrin (to set up a successor key and set the prepublication
3e2582713ed6883683272fbc628a27419d0ed543minfrin interval) were missing from dnssec-keyfromlabel.
2c132b1e3610da2fb9e6b3594a313efa3ff29e22minfrin [RT #35394]
2c132b1e3610da2fb9e6b3594a313efa3ff29e22minfrin3763. [bug] delve: Cache DNSSEC records to avoid the need to
a46801e6532423aa7bd184471eb49158d7c9ae62sf re-fetch them when restarting validation. [RT #35476]
a46801e6532423aa7bd184471eb49158d7c9ae62sf3762. [bug] Address build problems with --pkcs11-native +
808a26d70f28498b9d7252a70d9fb23def781901minfrin --with-openssl with ECDSA support. [RT #35467]
ef12246b88300687bf1faaf56d115dd8d8d82761jorton3761. [bug] Address dangling reference bug in dns_keytable_add.
6f9bf764bc79571d1da19dfbbd78527fca278a8eminfrin [RT #35471]
6f9bf764bc79571d1da19dfbbd78527fca278a8eminfrin3760. [bug] Improve SIT with native PKCS#11 and on Windows.
6f9bf764bc79571d1da19dfbbd78527fca278a8eminfrin [RT #35433]
7d59a9f282af9dce031b61062a0d941641101237rpluem3759. [port] Enable delve on Windows. [RT #35441]
e63e8b4b886d2144fed7946d0fbe8d27386be2dcjorton3758. [port] Enable export library APIs on Windows. [RT #35382]
e63e8b4b886d2144fed7946d0fbe8d27386be2dcjorton3757. [port] Enable Python tools (dnssec-coverage,
223c64b836fbc2bc8611da9604379dfe13f56abasf dnssec-checkds) to run on Windows. [RT #34355]
223c64b836fbc2bc8611da9604379dfe13f56abasf3756. [bug] GSSAPI Kerberos realm checking was broken in
bf507cc1e6ad55303c3d436c6ca153f46c788be6sf check_config leading to spurious messages being
bf507cc1e6ad55303c3d436c6ca153f46c788be6sf logged. [RT #35443]
bf507cc1e6ad55303c3d436c6ca153f46c788be6sf --- 9.10.0b1 released ---
93cf7fc650197b941ae31a7c7e51e901b129e954igalic3755. [func] Add stats counters for known EDNS options + others.
93cf7fc650197b941ae31a7c7e51e901b129e954igalic [RT #35447]
a1b1c78faf7969affb320f5c8eb270ffa21314c4rjung3754. [cleanup] win32: Installer now places files in the
a1b1c78faf7969affb320f5c8eb270ffa21314c4rjung Program Files area rather than system services.
a2558ec3af4391b7da7fe61e1e53383bbd0174b9jorton [RT #35361]
a2558ec3af4391b7da7fe61e1e53383bbd0174b9jorton3753. [bug] allow-notify was ignoring keys. [RT #35425]
8d6b3720340d0bd7f8d25e2a8563527e97a48df8jorton3752. [bug] Address potential REQUIRE failure if
8d6b3720340d0bd7f8d25e2a8563527e97a48df8jorton DNS_STYLEFLAG_COMMENTDATA is set when printing out
8d6b3720340d0bd7f8d25e2a8563527e97a48df8jorton a rdataset.
48e4b65042d94992c50f1db6c0b0cdbd99ca77e8sf3751. [tuning] The default setting for the -U option (setting
48e4b65042d94992c50f1db6c0b0cdbd99ca77e8sf the number of UDP listeners per interface) has
48e4b65042d94992c50f1db6c0b0cdbd99ca77e8sf been adjusted to improve performance. [RT #35417]
48e4b65042d94992c50f1db6c0b0cdbd99ca77e8sf3750. [experimental] Partially implement EDNS EXPIRE option as described
48e4b65042d94992c50f1db6c0b0cdbd99ca77e8sf in draft-andrews-dnsext-expire-00. Retrieval of
47ae8ca3c79d279b2e5424d6b8cf5e4e61ea968fjim the remaining time until expiry for slave zones
47ae8ca3c79d279b2e5424d6b8cf5e4e61ea968fjim is supported.
47ae8ca3c79d279b2e5424d6b8cf5e4e61ea968fjim EXPIRE uses an experimental option code (65002),
47ae8ca3c79d279b2e5424d6b8cf5e4e61ea968fjim which is subject to change. [RT #35416]
397df70abe0bdd78a84fb6c38c02641bcfeadceasf3749. [func] "dig +subnet" sends an EDNS client subnet option
397df70abe0bdd78a84fb6c38c02641bcfeadceasf containing the specified address/prefix when
9b5fe1d4ec48643fb819bbce9dc80f93f444fb48sf querying. (Thanks to Wilmer van der Gaast.)
9b5fe1d4ec48643fb819bbce9dc80f93f444fb48sf [RT #35415]
dd9f60fdfeb73f829fe0b260b7975b4b22be0838sf3748. [test] Use delve to test dns_client interfaces. [RT #35383]
dd9f60fdfeb73f829fe0b260b7975b4b22be0838sf3747. [bug] A race condition could lead to a core dump when
135e1d6a301398168e3b2e5125508828591e1673niq destroying a resolver fetch object. [RT #35385]
135e1d6a301398168e3b2e5125508828591e1673niq3746. [func] New "max-zone-ttl" option enforces maximum
135e1d6a301398168e3b2e5125508828591e1673niq TTLs for zones. If loading a zone containing a
135e1d6a301398168e3b2e5125508828591e1673niq higher TTL, the load fails. DDNS updates with
135e1d6a301398168e3b2e5125508828591e1673niq higher TTLs are accepted but the TTL is truncated.
135e1d6a301398168e3b2e5125508828591e1673niq (Note: Currently supported for master zones only;
c7de70e936ac1e36c25676fe62e65dbacb947619minfrin inline-signing slaves will be added.) [RT #38405]
c7de70e936ac1e36c25676fe62e65dbacb947619minfrin3745. [func] "configure --with-tuning=large" adjusts various
c7de70e936ac1e36c25676fe62e65dbacb947619minfrin compiled-in constants and default settings to
c7de70e936ac1e36c25676fe62e65dbacb947619minfrin values suited to large servers with abundant
c7de70e936ac1e36c25676fe62e65dbacb947619minfrin memory. [RT #29538]
1b1621900bd89ddc496d721c865a726f635ebd7esf3744. [experimental] SIT: send and process Source Identity Tokens
1b1621900bd89ddc496d721c865a726f635ebd7esf (similar to DNS Cookies by Donald Eastlake 3rd),
1b1621900bd89ddc496d721c865a726f635ebd7esf which are designed to help clients detect off-path
1b1621900bd89ddc496d721c865a726f635ebd7esf spoofed responses and for servers to identify
1b1621900bd89ddc496d721c865a726f635ebd7esf legitimate clients.
4203a35c28d7c60adb7e9ef3be87aad34951c79asf SIT uses an experimental EDNS option code (65001),
4203a35c28d7c60adb7e9ef3be87aad34951c79asf which will be changed to an IANA-assigned value
c094add0a23fe1120fd33711ba2e2d084f5629a1sf if the experiment is deemed a success.
c094add0a23fe1120fd33711ba2e2d084f5629a1sf SIT can be enabled via "configure --enable-sit" (or
12b26f433fd7d6fc9f76413d7c2cabf4fa5cb300sf --enable-developer). It is enabled by default in
26f56d4a3c12077d605362e97490e34522fa4814covener Servers can be configured to send smaller responses
26f56d4a3c12077d605362e97490e34522fa4814covener to clients that have not identified themselves via
26f56d4a3c12077d605362e97490e34522fa4814covener SIT. RRL processing has also been updated;
2cef7e294acb5d8b8b5dcb21a55438da0b73f63figalic legitimate clients are not subject to rate
2cef7e294acb5d8b8b5dcb21a55438da0b73f63figalic limiting. [RT #35389]
2d2de64c25c1519122a76150a7daf2c05f53fd9asf3743. [bug] delegation-only flag wasn't working in forward zone
2d2de64c25c1519122a76150a7daf2c05f53fd9asf declarations despite being documented. This is
2d2de64c25c1519122a76150a7daf2c05f53fd9asf needed to support turning off forwarding and turning
2d2de64c25c1519122a76150a7daf2c05f53fd9asf on delegation only at the same name. [RT #35392]
27c5ebb7d411a214f5b6b55a881086ce086d3dd3covener3742. [port] linux: libcap support: declare curval at start of
27c5ebb7d411a214f5b6b55a881086ce086d3dd3covener block. [RT #35387]
7697b1b7376a532163c621e050b70c90dcb15d66covener3741. [func] "delve" (domain entity lookup and validation engine):
7697b1b7376a532163c621e050b70c90dcb15d66covener A new tool with dig-like semantics for performing DNS
7697b1b7376a532163c621e050b70c90dcb15d66covener lookups, with internal DNSSEC validation, using the
7697b1b7376a532163c621e050b70c90dcb15d66covener same resolver and validator logic as named. This
7697b1b7376a532163c621e050b70c90dcb15d66covener allows easy validation of DNSSEC data in environments
9e0536cd66a389bdaa758a825b8bbd8fea665a3eigalic with untrustworthy resolvers, and assists with
9e0536cd66a389bdaa758a825b8bbd8fea665a3eigalic troubleshooting of DNSSEC problems. [RT #32406]
862bbb262644e8aefae1bf352552b01908ecae0eminfrin3740. [contrib] Minor fixes to configure --with-dlz-bdb,
862bbb262644e8aefae1bf352552b01908ecae0eminfrin --with-dlz-postgres and --with-dlz-odbc. [RT #35340]
dd3b88790af9d18429c732ca7bc83ec4ef43d3ffrpluem3739. [func] Added per-zone stats counters to track TCP and
dd3b88790af9d18429c732ca7bc83ec4ef43d3ffrpluem UDP queries. [RT #35375]
5bbabc874e3fcfbea08c199f7a79ee05b4817a70sf3738. [bug] --enable-openssl-hash failed to build. [RT #35343]
5bbabc874e3fcfbea08c199f7a79ee05b4817a70sf3737. [bug] 'rndc retransfer' could trigger a assertion failure
8f066564bfc0fd6ddc6ca4b2f2410615554597d1jim with inline zones. [RT #35353]
aec9747aa70c1dce98e536e8eef5a6a0ab0f1d6cjim3736. [bug] nsupdate: When specifying a server by name,
7b7e8ba34e262064914ceedacd5f7d9201b6575ccovener fall back to alternate addresses if the first
7b7e8ba34e262064914ceedacd5f7d9201b6575ccovener address for that name is not reachable. [RT #25784]
220bc4233b21982d7c51842a1774db0ba6172ca4covener3735. [cleanup] Merged the libiscpk11 library into libisc
220bc4233b21982d7c51842a1774db0ba6172ca4covener to simplify dependencies. [RT #35205]
220bc4233b21982d7c51842a1774db0ba6172ca4covener3734. [bug] Improve building with libtool. [RT #35314]
6f2fbf354b34981f398cf0313aa44702ea2a7066covener3733. [func] Improve interface scanning support. Interface
6f2fbf354b34981f398cf0313aa44702ea2a7066covener information will be automatically updated if the
6f2fbf354b34981f398cf0313aa44702ea2a7066covener OS supports routing sockets (MacOS, *BSD, Linux).
9e7c7a8fa19c33d1e90f8f7ffab69beacbe72566covener Use "automatic-interface-scan no;" to disable.
9e7c7a8fa19c33d1e90f8f7ffab69beacbe72566covener Add "rndc scan" to trigger a scan. [RT #23027]
a961006b347d6527ccaeab9cf019a4e68d26bfb0covener3732. [contrib] Fixed a type mismatch causing the ODBC DLZ
a961006b347d6527ccaeab9cf019a4e68d26bfb0covener driver to dump core on 64-bit systems. [RT #35324]
e3f43882b4f7ac7d1aa679be4b319cca04fd22eecovener3731. [func] Added a "no-case-compress" ACL, which causes
e3f43882b4f7ac7d1aa679be4b319cca04fd22eecovener named to use case-insensitive compression
e3f43882b4f7ac7d1aa679be4b319cca04fd22eecovener (disabling change #3645) for specified
e3f43882b4f7ac7d1aa679be4b319cca04fd22eecovener clients. (This is useful when dealing
8dea7832dea3789fe0b90c434c284bcaad96d40fcovener with broken client implementations that
8dea7832dea3789fe0b90c434c284bcaad96d40fcovener use case-sensitive name comparisons,
999661242470e4dc0258982d5f183efc2d157ae7covener rejecting responses that fail to match the
0bfcc4d046f6735af2f15981fb53e4c0680b4731covener capitalization of the query that was sent.)
b761a57b4e63006c287823270876ab40d3212160covener [RT #35300]
b761a57b4e63006c287823270876ab40d3212160covener3730. [cleanup] Added "never" as a synonym for "none" when
b761a57b4e63006c287823270876ab40d3212160covener configuring key event dates in the dnssec tools.
5d92fff82718cd018f0b61a10b9ad4d2b8064c95rpluem [RT #35277]
5d92fff82718cd018f0b61a10b9ad4d2b8064c95rpluem3729. [bug] dnssec-keygen could set the publication date
5d92fff82718cd018f0b61a10b9ad4d2b8064c95rpluem incorrectly when only the activation date was
01195d035ccef88e72009e9607157d5eddcb6b7drjung specified on the command line. [RT #35278]
aec9747aa70c1dce98e536e8eef5a6a0ab0f1d6cjim3728. [doc] Expanded native-PKCS#11 documentation,
84fbf855118f318dd5e511d8e5b902cecc1177c0jim specifically pkcs11: URI labels. [RT #35287]
0ed19acadd3d3dd593759173d87d2243e97914e2sf3727. [func] The isc_bitstring API is no longer used and
0ed19acadd3d3dd593759173d87d2243e97914e2sf has been removed from libisc. [RT #35284]
0ed19acadd3d3dd593759173d87d2243e97914e2sf3726. [cleanup] Clarified the error message when attempting
041b426f9b15072b59a32f132e6d04173ab3df68covener to configure more than 32 response-policy zones.
041b426f9b15072b59a32f132e6d04173ab3df68covener [RT #35283]
cb838cc4d5fd559efd6c0579a0fcb8f6e5a7af22minfrin3725. [contrib] Updated zkt and nslint to newest versions,
cb838cc4d5fd559efd6c0579a0fcb8f6e5a7af22minfrin cleaned up and rearranged the contrib
cb838cc4d5fd559efd6c0579a0fcb8f6e5a7af22minfrin directory, and added a README.
15ff8c621815e8337abc10638f2b2853ee6fd076minfrin --- 9.10.0a2 released ---
15ff8c621815e8337abc10638f2b2853ee6fd076minfrin3724. [bug] win32: Fixed a bug that prevented dig and
21ccb6cd9272c9066a8f5bb3e7785f46115289desf host from exiting properly after completing
21ccb6cd9272c9066a8f5bb3e7785f46115289desf a UDP query. [RT #35288]
b0ac1e83f8582a9b5a72bff798ffb31a419c8adesf3723. [cleanup] Imported keys are now handled the same way
b0ac1e83f8582a9b5a72bff798ffb31a419c8adesf regardless of DNSSEC algorithm. [RT #35215]
b682e60dd82772dba52ba77138e494f15c00a551trawick3722. [bug] Using geoip ACLs in a blackhole statement
b682e60dd82772dba52ba77138e494f15c00a551trawick could cause a segfault. [RT #35272]
b682e60dd82772dba52ba77138e494f15c00a551trawick3721. [doc] Improved documentation of the EDNS processing
b682e60dd82772dba52ba77138e494f15c00a551trawick enhancements introduced in change #3593. [RT #35275]
79c754eb51681c3389cd966753e902c429f78939trawick3720. [bug] Address compiler warnings. [RT #35261]
79c754eb51681c3389cd966753e902c429f78939trawick3719. [bug] Address memory leak in in peer.c. [RT #35255]
8651de219ec5f595af20afdc9da41ce72aaa50d5minfrin3718. [bug] A missing ISC_LINK_INIT in log.c. [RT #35260]
8651de219ec5f595af20afdc9da41ce72aaa50d5minfrin3717. [port] hpux: Treat EOPNOTSUPP as a expected error code when
8fae12696bce44be9ce4c56888690cad8ac7b8f9sf probing to see if it is possible to set dscp values
8fae12696bce44be9ce4c56888690cad8ac7b8f9sf on a per packet basis. [RT #35252]
8fae12696bce44be9ce4c56888690cad8ac7b8f9sf3716. [bug] The dns_request code was setting dcsp values when not
8fae12696bce44be9ce4c56888690cad8ac7b8f9sf requested. [RT #35252]
d5612bd28e194390b2c74fcf712d564b0e002684sf3715. [bug] The region and city databases could fail to
d5612bd28e194390b2c74fcf712d564b0e002684sf initialize when using some versions of libGeoIP,
d5612bd28e194390b2c74fcf712d564b0e002684sf causing assertion failures when named was
4ea161d94782fa56f4b36d496f35ff8577c43065covener configured to use them. [RT #35427]
4ea161d94782fa56f4b36d496f35ff8577c43065covener3714. [test] System tests that need to test for cryptography
b588214d6e6fe09abe709e83e894921fbc7e25c8covener support before running can now use a common
b588214d6e6fe09abe709e83e894921fbc7e25c8covener "testcrypto.sh" script to do so. [RT #35213]
c64fc4e9830bb1ffdc3491aef5ed3be5b90c466bcovener3713. [bug] Save memory by not storing "also-notify" addresses
c64fc4e9830bb1ffdc3491aef5ed3be5b90c466bcovener in zone objects that are configured not to send
c64fc4e9830bb1ffdc3491aef5ed3be5b90c466bcovener notify requests. [RT #35195]
ae5efbbf49a7ca6d233209a4d011550989e22556covener3712. [placeholder]
ae5efbbf49a7ca6d233209a4d011550989e22556covener3711. [placeholder]
8c2bb916633b1eb3dccf91c776363bbc3a6145decovener3710. [bug] Address double dns_zone_detach when switching to
8c2bb916633b1eb3dccf91c776363bbc3a6145decovener using automatic empty zones from regular zones.
8c2bb916633b1eb3dccf91c776363bbc3a6145decovener [RT #35177]
503bec4c591d28ac6cec7182294cdef2ec6a9829covener3709. [port] Use built-in versions of strptime() and timegm()
503bec4c591d28ac6cec7182294cdef2ec6a9829covener on all platforms to avoid portability issues.
503bec4c591d28ac6cec7182294cdef2ec6a9829covener [RT #35183]
c00149c3cb27e0381362d07ccf2143574b4f600dsf3708. [bug] Address a portentry locking issue in dispatch.c.
c00149c3cb27e0381362d07ccf2143574b4f600dsf [RT #35128]
766b0a4793197ccef3dfa202d1fee1e1f929ffa7sf3707. [bug] irs_resconf_load now returns ISC_R_FILENOTFOUND
766b0a4793197ccef3dfa202d1fee1e1f929ffa7sf on a missing resolv.conf file and initializes the
97b692bfc8673c8858f03498f81a993ac0c04c01sf structure as if it had been configured with:
97b692bfc8673c8858f03498f81a993ac0c04c01sf nameserver ::1
5e6cf205d2b0c848e15c65dab9711805395a5108minfrin nameserver 127.0.0.1
5e6cf205d2b0c848e15c65dab9711805395a5108minfrin Note: Callers will need to be updated to treat
5e6cf205d2b0c848e15c65dab9711805395a5108minfrin ISC_R_FILENOTFOUND as a qualified success or else
df419be6d7d4b68823efa05722375552af49c2b6minfrin they will leak memory. The following code fragment
df419be6d7d4b68823efa05722375552af49c2b6minfrin will work with both old and new versions without
df419be6d7d4b68823efa05722375552af49c2b6minfrin changing the behaviour of the existing code.
c03e31374e50a227cb554a0f1d4a9056ce80d99asf resconf = NULL;
c03e31374e50a227cb554a0f1d4a9056ce80d99asf result = irs_resconf_load(mctx, "/etc/resolv.conf",
c03e31374e50a227cb554a0f1d4a9056ce80d99asf &resconf);
40b22d3b20454959fe51fdc89907908d77701078minfrin if (result != ISC_SUCCESS) {
40b22d3b20454959fe51fdc89907908d77701078minfrin if (resconf != NULL)
40b22d3b20454959fe51fdc89907908d77701078minfrin irs_resconf_destroy(&resconf);
b4a00883f358625923365ca1560c96edec172a52sf [RT #35194]
0553e62d75ef12d9a6646bb874be1fbf9e4c1dfbsf3706. [contrib] queryperf: Fixed a possible integer overflow when
0553e62d75ef12d9a6646bb874be1fbf9e4c1dfbsf printing results. [RT #35182]
f58bb3da705eb7ec926f4883597fc2eb1336a360minfrin3705. [func] "configure --enable-native-pkcs11" enables BIND
f58bb3da705eb7ec926f4883597fc2eb1336a360minfrin to use the PKCS#11 API for all cryptographic
f58bb3da705eb7ec926f4883597fc2eb1336a360minfrin functions, so that it can drive a hardware service
f58bb3da705eb7ec926f4883597fc2eb1336a360minfrin module directly without the need to use a modified
f58bb3da705eb7ec926f4883597fc2eb1336a360minfrin OpenSSL as intermediary (so long as the HSM's vendor
be192cefa381d5bae6868034687471754cb43175sf provides a complete-enough implementation of the
be192cefa381d5bae6868034687471754cb43175sf PKCS#11 interface). This has been tested successfully
be192cefa381d5bae6868034687471754cb43175sf with the Thales nShield HSM and with SoftHSMv2 from
be192cefa381d5bae6868034687471754cb43175sf the OpenDNSSEC project. [RT #29031]
f4a0825e91eec135b5e41c697439e9a13014fa2cminfrin3704. [protocol] Accept integer timestamps in RRSIG records. [RT #35185]
f4a0825e91eec135b5e41c697439e9a13014fa2cminfrin3703. [func] To improve recursive resolver performance, cache
5876f43a746f688a32b7201bced8591ddf19bd43minfrin records which are still being requested by clients
5876f43a746f688a32b7201bced8591ddf19bd43minfrin can now be automatically refreshed from the
5876f43a746f688a32b7201bced8591ddf19bd43minfrin authoritative server before they expire, reducing
5876f43a746f688a32b7201bced8591ddf19bd43minfrin or eliminating the time window in which no answer
bbba414c5bbf770e505778265bbe7a4a0e4fbdaaniq is available in the cache. See the "prefetch" option
bbba414c5bbf770e505778265bbe7a4a0e4fbdaaniq for more details. [RT #35041]
4aef34911af88f96c5b6d9b71a550a5a97bbc0b6minfrin3702. [func] 'dnssec-coverage -l' option specifies a length
4aef34911af88f96c5b6d9b71a550a5a97bbc0b6minfrin of time to check for coverage; events further into
4aef34911af88f96c5b6d9b71a550a5a97bbc0b6minfrin the future are ignored. 'dnssec-coverage -z'
4aef34911af88f96c5b6d9b71a550a5a97bbc0b6minfrin checks only ZSK events, and 'dnssec-coverage -k'
4aef34911af88f96c5b6d9b71a550a5a97bbc0b6minfrin checks only KSK events. (Thanks to Peter Palfrader.)
4cefc38158672f5de8119886d9754cf0609a9371minfrin [RT #35168]
4cefc38158672f5de8119886d9754cf0609a9371minfrin3701. [func] named-checkconf can now obscure shared secrets
4cefc38158672f5de8119886d9754cf0609a9371minfrin when printing by specifying '-x'. [RT #34465]
11d3c510dca5b5178ad4739ffc1567ef2155bda9minfrin3700. [func] Allow access to subgroups of XML statistics via
11d3c510dca5b5178ad4739ffc1567ef2155bda9minfrin special URLs http://<server>:<port>/xml/v3/server,
11d3c510dca5b5178ad4739ffc1567ef2155bda9minfrin /zones, /net, /tasks, /mem, and /status. [RT #35115]
d974a1624c0bb4f1c2e8b36fcf8ba1f12284ed8dsf3699. [bug] Improvements to statistics channel XSL stylesheet:
d974a1624c0bb4f1c2e8b36fcf8ba1f12284ed8dsf the stylesheet can now be cached by the browser;
1a8c329935111a5059363efe927d631371b78414minfrin section headers are omitted from the stats display
1a8c329935111a5059363efe927d631371b78414minfrin when there is no data in those sections to be
fac37c9794a18c24d187f4e0f97a9476c4344118minfrin displayed; counters are now right-justified for
fac37c9794a18c24d187f4e0f97a9476c4344118minfrin easier readability. [RT #35117]
fc58f0ff708564b67cd578c626b6500d1cd63a51sf3698. [cleanup] Replaced all uses of memcpy() with memmove().
fc58f0ff708564b67cd578c626b6500d1cd63a51sf [RT #35120]
fc58f0ff708564b67cd578c626b6500d1cd63a51sf3697. [bug] Handle "." as a search list element when IDN support
fc58f0ff708564b67cd578c626b6500d1cd63a51sf is enabled. [RT #35133]
4e5fe1d203ddf3956a77be3c797c01fd4be8b211sf3696. [bug] dig failed to handle AXFR style IXFR responses which
4e5fe1d203ddf3956a77be3c797c01fd4be8b211sf span multiple messages. [RT #35137]
dcb4802d9ea9fc4ba89671e8f8faa70c9535b202minfrin3695. [bug] Address a possible race in dispatch.c. [RT #35107]
dcb4802d9ea9fc4ba89671e8f8faa70c9535b202minfrin3694. [bug] Warn when a key-directory is configured for a zone,
dcb4802d9ea9fc4ba89671e8f8faa70c9535b202minfrin but does not exist or is not a directory. [RT #35108]
ce4dc40a4e87991087488f70d96d3447d7557294sf3693. [security] memcpy was incorrectly called with overlapping
ce4dc40a4e87991087488f70d96d3447d7557294sf ranges resulting in malformed names being generated
0119f1301a880cf39c0aad0fa2a77240af964691sf on some platforms. This could cause INSIST failures
ce4dc40a4e87991087488f70d96d3447d7557294sf when serving NSEC3 signed zones (CVE-2014-0591).
9db0b0ee6ffade769db57b37a06b3f4849b5d367minfrin [RT #35120]
9db0b0ee6ffade769db57b37a06b3f4849b5d367minfrin3692. [bug] Two calls to dns_db_getoriginnode were fatal if there
9db0b0ee6ffade769db57b37a06b3f4849b5d367minfrin was no data at the node. [RT #35080]
033d82412cc4af9d939b7e1645425b9e7f4ebf60minfrin3691. [contrib] Address null pointer dereference in LDAP and
033d82412cc4af9d939b7e1645425b9e7f4ebf60minfrin MySQL DLZ modules.
033d82412cc4af9d939b7e1645425b9e7f4ebf60minfrin3690. [bug] Iterative responses could be missed when the source
1b390add6886fb1c0acdea82be0ef0920f1158casf port for an upstream query was the same as the
1b390add6886fb1c0acdea82be0ef0920f1158casf listener port (53). [RT #34925]
5fd471ec540a088d143a223096d35661bf87c15btrawick3689. [bug] Fixed a bug causing an insecure delegation from one
5fd471ec540a088d143a223096d35661bf87c15btrawick static-stub zone to another to fail with a broken
5fd471ec540a088d143a223096d35661bf87c15btrawick trust chain. [RT #35081]
f2472b79d241967fa28f8284470b1c5cafee7b12wrowe3688. [bug] loadnode could return a freed node on out of memory.
f2472b79d241967fa28f8284470b1c5cafee7b12wrowe [RT #35106]
f2472b79d241967fa28f8284470b1c5cafee7b12wrowe3687. [bug] Address null pointer dereference in zone_xfrdone.
f2472b79d241967fa28f8284470b1c5cafee7b12wrowe [RT #35042]
c9201c790435060b1322d86949183085ca5f6c0cwrowe3686. [func] "dnssec-signzone -Q" drops signatures from keys
c9201c790435060b1322d86949183085ca5f6c0cwrowe that are still published but no longer active.
c9201c790435060b1322d86949183085ca5f6c0cwrowe [RT #34990]
c9201c790435060b1322d86949183085ca5f6c0cwrowe3685. [bug] "rndc refresh" didn't work correctly with slave
38bd9dba7627c6b2f331cd0731c272ee6bd876b1wrowe zones using inline-signing. [RT #35105]
38bd9dba7627c6b2f331cd0731c272ee6bd876b1wrowe3684. [bug] The list of included files would grow on reload.
c1ba97f41a4526d84fb7a1596afe3dd11e065a2cminfrin3683. [cleanup] Add a more detailed "not found" message to rndc
c1ba97f41a4526d84fb7a1596afe3dd11e065a2cminfrin commands which specify a zone name. [RT #35059]
c1ba97f41a4526d84fb7a1596afe3dd11e065a2cminfrin3682. [bug] Correct the behavior of rndc retransfer to allow
97cc46935ec496b83fef9d6feb094d706c895b3bsf inline-signing slave zones to retain NSEC3 parameters
4ed33a14c26d78bbe6bd0b9d5091cdb184e348basf instead of reverting to NSEC. [RT #34745]
4ed33a14c26d78bbe6bd0b9d5091cdb184e348basf3681. [port] Update the Windows build system to support feature
97cc46935ec496b83fef9d6feb094d706c895b3bsf selection and WIN64 builds. This is a work in
72e3829dbd019a63b1091987fc6e7b1c028b089cminfrin progress. [RT #34160]
72e3829dbd019a63b1091987fc6e7b1c028b089cminfrin3680. [bug] Ensure buffer space is available in "rndc zonestatus".
1081aff66582e2cac722fb3b6f09da4f524b5962minfrin [RT #35084]
1081aff66582e2cac722fb3b6f09da4f524b5962minfrin3679. [bug] dig could fail to clean up TCP sockets still
1081aff66582e2cac722fb3b6f09da4f524b5962minfrin waiting on connect(). [RT #35074]
9f0c32ae318f33c93a47d83f4709242c18339bbcminfrin3678. [port] Update config.guess and config.sub. [RT #35060]
9f0c32ae318f33c93a47d83f4709242c18339bbcminfrin3677. [bug] 'nsupdate' leaked memory if 'realm' was used multiple
9474e446514b06765775eb0c1ec6645e2c5e50f6minfrin times. [RT #35073]
9474e446514b06765775eb0c1ec6645e2c5e50f6minfrin3676. [bug] "named-checkconf -z" now checks zones of type
9f0c32ae318f33c93a47d83f4709242c18339bbcminfrin hint and redirect as well as master. [RT #35046]
b7557ab9828d2017224a12968f82c3118b6a8c0aminfrin3675. [misc] Provide a place for third parties to add version
b7557ab9828d2017224a12968f82c3118b6a8c0aminfrin information for their extensions in the version
b7557ab9828d2017224a12968f82c3118b6a8c0aminfrin file by setting the EXTENSIONS variable.
b7557ab9828d2017224a12968f82c3118b6a8c0aminfrin --- 9.10.0a1 released ---
9474e446514b06765775eb0c1ec6645e2c5e50f6minfrin3674. [bug] RPZ zeroed ttls if the query type was '*'. [RT #35026]
b7557ab9828d2017224a12968f82c3118b6a8c0aminfrin3673. [func] New "in-view" zone option allows direct sharing
e302f38fd646764ce1a1e1c578d794aef514a9e5sf of zones between views. [RT #32968]
e302f38fd646764ce1a1e1c578d794aef514a9e5sf3672. [func] Local address can now be specified when using
b32d756dae79045a9bc90e0d0b85582f6f28eaf3sf dns_client API. [RT #34811]
9c233808c898095865fcc0a2dc1cf594d0d8faf3sf3671. [bug] Don't allow dnssec-importkey overwrite a existing
9c233808c898095865fcc0a2dc1cf594d0d8faf3sf non-imported private key.
3b41ccdaa163f4e900bbf8a7aa6a366df033822dminfrin3670. [bug] Address read after free in server side of
3b41ccdaa163f4e900bbf8a7aa6a366df033822dminfrin lwres_getrrsetbyname. [RT #29075]
3b41ccdaa163f4e900bbf8a7aa6a366df033822dminfrin3669. [port] freebsd: --with-gssapi needs -lhx509. [RT #35001]
28587db43bc4bea96a36fbcffdd967e7b422bb97minfrin3668. [bug] Fix cast in lex.c which could see 0xff treated as eof.
28587db43bc4bea96a36fbcffdd967e7b422bb97minfrin [RT #34993]
5a2dcc476c33985b7681aa72256bcd7266057eddsf3667. [test] dig: add support to keep the TCP socket open between
5a2dcc476c33985b7681aa72256bcd7266057eddsf successive queries (+[no]keepopen). [RT #34918]
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier3666. [func] Add a tool, named-rrchecker, for checking the syntax
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier of individual resource records. This tool is intended
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier to be called by provisioning systems so that the front
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier end does not need to be upgraded to support new DNS
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier record types. [RT #34778]
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier3665. [bug] Failure to release lock on error in receive_secure_db.
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier [RT #34944]
b7a2f855b5e31abc24dab2eef28e9e2f985ae25brpluem3664. [bug] Updated OpenSSL PKCS#11 patches to fix active list
b7a2f855b5e31abc24dab2eef28e9e2f985ae25brpluem locking and other bugs. [RT #34855]
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener3663. [bug] Address bugs in dns_rdata_fromstruct and
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener dns_rdata_tostruct for WKS and ISDN types. [RT #34910]
ac45a43afbf38aa4a91c1402c6beef6ef8a2696dniq3662. [bug] 'host' could die if a UDP query timed out. [RT #34870]
ac45a43afbf38aa4a91c1402c6beef6ef8a2696dniq3661. [bug] Address lock order reversal deadlock with inline zones.
ac45a43afbf38aa4a91c1402c6beef6ef8a2696dniq [RT #34856]
b2b9b7f0644773b50aee41956a841ac884086250niq3660. [cleanup] Changed the name of "isc-config.sh" to "bind9-config".
b2b9b7f0644773b50aee41956a841ac884086250niq [RT #23825]
b2b9b7f0644773b50aee41956a841ac884086250niq3659. [port] solaris: don't add explicit dependencies/rules for
b4f348c8e74ba8166410ddeffac03e4887696788niq python programs as make won't use the implicit rules.
b4f348c8e74ba8166410ddeffac03e4887696788niq [RT #34835]
4fda5fb4cc40703a76e261bbf21ec1d6b51b7d3fjim3658. [port] linux: Address platform specific compilation issue
4fda5fb4cc40703a76e261bbf21ec1d6b51b7d3fjim when libcap-devel is installed. [RT #34838]
fa0dc2a4f675a868378a52946e5b244d6bf41196sf3657. [port] Some readline clones don't accept NULL pointers when
0807f6da6091b748ab47c21ba66252fe8da2a966sf calling add_history. [RT #34842]
0807f6da6091b748ab47c21ba66252fe8da2a966sf3656. [security] Treat an all zero netmask as invalid when generating
b92a868b537899a51efd8c200c396fa51c63839dtrawick the localnets acl. (The prior behavior could
b92a868b537899a51efd8c200c396fa51c63839dtrawick allow unexpected matches when using some versions
4fda5fb4cc40703a76e261bbf21ec1d6b51b7d3fjim of Winsock: CVE-2013-6320.) [RT #34687]
dc52cac281d8b311dc47d115ed979f923b667679rjung3655. [cleanup] Simplify TCP message processing when requesting a
dc52cac281d8b311dc47d115ed979f923b667679rjung zone transfer. [RT #34825]
2534e869d2ba209bd0c43717ea80992e6de0c51djim3654. [bug] Address race condition with manual notify requests.
f8033d657a57eab45af44368774d8beb3e4f7f35pquerna [RT #34806]
f8033d657a57eab45af44368774d8beb3e4f7f35pquerna3653. [func] Create delegations for all "children" of empty zones
f8033d657a57eab45af44368774d8beb3e4f7f35pquerna except "forward first". [RT #34826]
02fd88c85a9850109753b87612955ad372de1575sf3652. [bug] Address bug with rpz-drop policy. [RT #34816]
da48ae521bcc2751f8eb8dfb02f7aab0f46943c6sf3651. [tuning] Adjust when a master server is deemed unreachable.
da48ae521bcc2751f8eb8dfb02f7aab0f46943c6sf [RT #27075]
1374472d83ce061a431b7f6eeb5e5135fb4cd922jim3650. [tuning] Use separate rate limiting queues for refresh and
1374472d83ce061a431b7f6eeb5e5135fb4cd922jim notify requests. [RT #30589]
1374472d83ce061a431b7f6eeb5e5135fb4cd922jim3649. [cleanup] Include a comment in .nzf files, giving the name of
ab7a123efe997d907274eb672ab2b36746bb3f57sf the associated view. [RT #34765]
ab7a123efe997d907274eb672ab2b36746bb3f57sf3648. [test] Updated the ATF test framework to version 0.17.
ab7a123efe997d907274eb672ab2b36746bb3f57sf [RT #25627]
a44d29a3794110c558c940bd903a1930d717a7d7sf3647. [bug] Address a race condition when shutting down a zone.
a44d29a3794110c558c940bd903a1930d717a7d7sf [RT #34750]
70003ce816d7851e49ecb0cdc5137becd647ed18niq3646. [bug] Journal filename string could be set incorrectly,
70003ce816d7851e49ecb0cdc5137becd647ed18niq causing garbage in log messages. [RT #34738]
b5e45168970cefb8b2d0bea709ea69790f3eab96niq3645. [protocol] Use case sensitive compression when responding to
815067bc5eff8fc218019e18ee5ea868372917cdsf queries. [RT #34737]
9f2c7096ac1f41aca1328d304d54dbaef4ebb06drjung3644. [protocol] Check that EDNS subnet client options are well formed.
2534e869d2ba209bd0c43717ea80992e6de0c51djim [RT #34718]
39d67f66729a7008c1e73d65a81e778ce819a227rjung3643. [doc] Clarify RRL "slip" documentation.
da20b997bf4652f7597e0a7845db371aab2f7187rjung3642. [func] Allow externally generated DNSKEY to be imported
da20b997bf4652f7597e0a7845db371aab2f7187rjung into the DNSKEY management framework. A new tool
133cbcba0df4ba0e72f7eaaaebabe119f145f261niq dnssec-importkey is used to do this. [RT #34698]
133cbcba0df4ba0e72f7eaaaebabe119f145f261niq3641. [bug] Handle changes to sig-validity-interval settings
c8dcde16853eef36b713d4633fac83b66e49aa5eniq better. [RT #34625]
c8dcde16853eef36b713d4633fac83b66e49aa5eniq3640. [bug] ndots was not being checked when searching. Only
1a7a4f8c6a312cb237e428c77da0792eb165dc7aniq continue searching on NXDOMAIN responses. Add the
1a7a4f8c6a312cb237e428c77da0792eb165dc7aniq ability to specify ndots to nslookup. [RT #34711]
1a7a4f8c6a312cb237e428c77da0792eb165dc7aniq3639. [bug] Treat type 65533 (KEYDATA) as opaque except when used
927e277b4be750e06960b3d4f1c2b1ca146e0555niq in a key zone. [RT #34238]
927e277b4be750e06960b3d4f1c2b1ca146e0555niq3638. [cleanup] Add the ability to handle ENOPROTOOPT in case it is
83de39879307034216ce0af15a47a88a55af11e3rjung encountered. [RT #34668]
83de39879307034216ce0af15a47a88a55af11e3rjung3637. [bug] 'allow-query-on' was checking the source address
7cfa48136e3b42a14cdff1a46b60f4e4d2ad5291niq rather than the destination address. [RT #34590]
7cfa48136e3b42a14cdff1a46b60f4e4d2ad5291niq3636. [bug] Automatic empty zones now behave better with
7cfa48136e3b42a14cdff1a46b60f4e4d2ad5291niq forward only "zones" beneath them. [RT #34583]
0a4924de8350e2bbfa16a27f42ff0bc61aa52d43rjung3635. [bug] Signatures were not being removed from a zone with
0a4924de8350e2bbfa16a27f42ff0bc61aa52d43rjung only KSK keys for a algorithm. [RT #34439]
8e8568ec7d29f056a2a4942d1d50481e441c25d9covener3634. [func] Report build-id in rndc status. Report build-id
4ea8055e720d18f386b8026b546e5836ecccba4arjung when building from a git repository. [RT #20422]
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe3633. [cleanup] Refactor OPT processing in named to make it easier
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe to support new EDNS options. [RT #34414]
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe3632. [bug] Signature from newly inactive keys were not being
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe removed. [RT #32178]
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe3631. [bug] Remove spurious warning about missing signatures when
46fdfef7dfc745effe179387e1dcb8245d3804batrawick qtype is SIG. [RT #34600]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick3630. [bug] Ensure correct ID computation for MD5 keys. [RT #33033]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick3629. [func] Allow the printing of cryptographic fields in DNSSEC
46fdfef7dfc745effe179387e1dcb8245d3804batrawick records by dig to be suppressed (dig +nocrypto).
46fdfef7dfc745effe179387e1dcb8245d3804batrawick [RT #34534]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick3628. [func] Report DNSKEY key id's when dumping the cache.
46fdfef7dfc745effe179387e1dcb8245d3804batrawick [RT #34533]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick3627. [bug] RPZ changes were not effective on slaves. [RT #34450]
f4845813cd6fa5749dfec8e3bc647b85c1df0980wrowe3626. [func] dig: NSID output now easier to read. [RT #21160]
f4845813cd6fa5749dfec8e3bc647b85c1df0980wrowe3625. [bug] Don't send notify messages to machines outside of the
f4845813cd6fa5749dfec8e3bc647b85c1df0980wrowe test setup.
f55c048e33a905f9f771b3aed309373bdf547944jorton3624. [bug] Look for 'json_object_new_int64' when looking for a
f55c048e33a905f9f771b3aed309373bdf547944jorton the json library. [RT #34449]
f55c048e33a905f9f771b3aed309373bdf547944jorton3623. [placeholder]
cddaaa6378c5082e8dff0d11dc21cf6c4928ecbcjorton3622. [tuning] Eliminate an unnecessary lock when incrementing
cddaaa6378c5082e8dff0d11dc21cf6c4928ecbcjorton cache statistics. [RT #34339]
9b2bd9e83cbb6f5debb2edba59a0c12089eb37c3minfrin3621. [security] Incorrect bounds checking on private type 'keydata'
9b2bd9e83cbb6f5debb2edba59a0c12089eb37c3minfrin can lead to a remotely triggerable REQUIRE failure
9b2bd9e83cbb6f5debb2edba59a0c12089eb37c3minfrin (CVE-2013-4854). [RT #34238]
9b2bd9e83cbb6f5debb2edba59a0c12089eb37c3minfrin3620. [func] Added "rpz-client-ip" policy triggers, enabling
9b2bd9e83cbb6f5debb2edba59a0c12089eb37c3minfrin RPZ responses to be configured on the basis of
a89e2c1651aab7734345fa3a6712a757708535ferjung the client IP address; this can be used, for
a89e2c1651aab7734345fa3a6712a757708535ferjung example, to blacklist misbehaving recursive
a89e2c1651aab7734345fa3a6712a757708535ferjung or stub resolvers. [RT #33605]
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung3619. [bug] Fixed a bug in RPZ with "recursive-only no;"
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung [RT #33776]
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung3618. [func] "rndc reload" now checks modification times of
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung include files as well as master files to determine
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung whether to skip reloading a zone. [RT #33936]
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung3617. [bug] Named was failing to answer queries during
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung "rndc reload" [RT #34098]
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung3616. [bug] Change #3613 was incomplete. [RT #34177]
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung3615. [cleanup] "configure" now finishes by printing a summary
23bc6974af15e69a9aa4b5b3fc06b800b53ca234sf of optional BIND features and whether they are
23bc6974af15e69a9aa4b5b3fc06b800b53ca234sf active or inactive. ("configure --enable-full-report"
23bc6974af15e69a9aa4b5b3fc06b800b53ca234sf increases the verbosity of the summary.) [RT #31777]
298eb744831be682f749ffe1c01c88d82adf215esf3614. [port] Check for <linux/types.h>. [RT #34162]
298eb744831be682f749ffe1c01c88d82adf215esf3613. [bug] named could crash when deleting inline-signing
298eb744831be682f749ffe1c01c88d82adf215esf zones with "rndc delzone". [RT #34066]
298eb744831be682f749ffe1c01c88d82adf215esf3612. [port] Check whether to use -ljson or -ljson-c. [RT #34115]
298eb744831be682f749ffe1c01c88d82adf215esf3611. [bug] Improved resistance to a theoretical authentication
b9aa9ca00496f67eb755d67764775ff23ac7eb03covener attack based on differential timing. [RT #33939]
f2386b627177c7a80d38fed6ec0aed3c086909c1covener3610. [cleanup] win32: Some executables had been omitted from the
f2386b627177c7a80d38fed6ec0aed3c086909c1covener installer. [RT #34116]
70d4e28f12f8cc2e130457c841095dc69c67cf31minfrin3609. [bug] Corrected a possible deadlock in applications using
70d4e28f12f8cc2e130457c841095dc69c67cf31minfrin the export version of the isc_app API. [RT #33967]
70d4e28f12f8cc2e130457c841095dc69c67cf31minfrin3608. [port] win32: added todos.pl script to ensure all text files
1a668f25bc6b4b111822caaba70bb9289d64ade5niq the win32 build depends on are converted to DOS
1a668f25bc6b4b111822caaba70bb9289d64ade5niq newline format. [RT #22067]
7a6c86627922e38fa227943b9f888f96109681e5covener3607. [bug] dnssec-keygen had broken 'Invalid keyfile' error
7a6c86627922e38fa227943b9f888f96109681e5covener message. [RT #34045]
7a6c86627922e38fa227943b9f888f96109681e5covener3606. [func] "rndc flushtree" now flushes matching
17efe57eb8d88fa0d371f4ac4939dbbbe78fd09bcovener records in the address database and bad cache
17efe57eb8d88fa0d371f4ac4939dbbbe78fd09bcovener as well as the DNS cache. (Previously only the
17efe57eb8d88fa0d371f4ac4939dbbbe78fd09bcovener DNS cache was flushed.) [RT #33970]
17efe57eb8d88fa0d371f4ac4939dbbbe78fd09bcovener3605. [port] win32: Addressed several compatibility issues
8068423ee2d80a7c42b2325a71c24ac9485327cecovener with newer versions of Visual Studio. [RT #33916]
8068423ee2d80a7c42b2325a71c24ac9485327cecovener3604. [bug] Fixed a compile-time error when building with
8068423ee2d80a7c42b2325a71c24ac9485327cecovener JSON but not XML. [RT #33959]
7703bad94964cc64022e08e2d1ae2c5fbfe2d3c6covener3603. [bug] Install <isc/stat.h>. [RT #33956]
7703bad94964cc64022e08e2d1ae2c5fbfe2d3c6covener3602. [contrib] Added DLZ Perl module, allowing Perl scripts to
7703bad94964cc64022e08e2d1ae2c5fbfe2d3c6covener integrate with named and serve DNS data.
689ee47a7329cf0d0ce4c5a98670b33fcf00d81btrawick (Contributed by John Eaglesham of Yahoo.)
689ee47a7329cf0d0ce4c5a98670b33fcf00d81btrawick3601. [bug] Added to PKCS#11 openssl patches a value len
aa8df43397bb42245e1633f12e2300c9715f3a7btrawick attribute in DH derive key. [RT #33928]
5a2f24f5e41d52e59e1c11e90cd423b8967d4184trawick3600. [cleanup] dig: Fixed a typo in the warning output when receiving
19ce7effbcc8a735f1a883f9266e086fde2adb63poirier an oversized response. [RT #33910]
19ce7effbcc8a735f1a883f9266e086fde2adb63poirier3599. [tuning] Check for pointer equivalence in name comparisons.
5d58d0bc1ce35e0ee814b6c2dc21a5286e460b87covener [RT #18125]
8eac2273e3d5f2dc8464fada76fcfbf33a938a2fcovener3598. [cleanup] Improved portability of map file code. [RT #33820]
8eac2273e3d5f2dc8464fada76fcfbf33a938a2fcovener3597. [bug] Ensure automatic-resigning heaps are reconstructed
c6124d7fde07b58d51785d0f1cb509026eeaa138jim when loading zones in map format. [RT #33381]
c6124d7fde07b58d51785d0f1cb509026eeaa138jim3596. [port] Updated win32 build documentation, added
c6124d7fde07b58d51785d0f1cb509026eeaa138jim dnssec-verify. [RT #22067]
680e7b4c70df00b695883c824947ca6ec15d69ecsf3595. [port] win32: Fix build problems introduced by change #3550.
680e7b4c70df00b695883c824947ca6ec15d69ecsf [RT #33807]
3a49a6c98ef80c71830e66e7f8f46083001b494ctrawick3594. [maint] Update config.guess and config.sub. [RT #33816]
6fee4e2faa2e45fe2636d01e35d03c2cf0c9d431minfrin3593. [func] Update EDNS processing to better track remote server
6fee4e2faa2e45fe2636d01e35d03c2cf0c9d431minfrin capabilities. [RT #30655]
6fee4e2faa2e45fe2636d01e35d03c2cf0c9d431minfrin3592. [doc] Moved documentation of rndc command options to the
03aa31ad82759363ba1a55589e517b16308ef635minfrin rndc man page. [RT #33506]
03aa31ad82759363ba1a55589e517b16308ef635minfrin3591. [func] Use CRC-64 to detect map file corruption at load
03aa31ad82759363ba1a55589e517b16308ef635minfrin time. [RT #33746]
9fe23388f983cb652b5d68e2bd92aa9f0568c574minfrin3590. [bug] When using RRL on recursive servers, defer
9fe23388f983cb652b5d68e2bd92aa9f0568c574minfrin rate-limiting until after recursion is complete;
e9eabac76b50e8f00d0c391f6070d0f42db77aa2wrowe also, use correct rcode for slipped NXDOMAIN
e9eabac76b50e8f00d0c391f6070d0f42db77aa2wrowe responses. [RT #33604]
e9eabac76b50e8f00d0c391f6070d0f42db77aa2wrowe3589. [func] Report serial numbers in when starting zone transfers.
e9eabac76b50e8f00d0c391f6070d0f42db77aa2wrowe Report accepted NOTIFY requests including serial.
433d36fd71af86369719893afe09877be4cb4f3asf [RT# 33037]
433d36fd71af86369719893afe09877be4cb4f3asf3588. [bug] dig: addressed a memory leak in the sigchase code
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf that could cause a shutdown crash. [RT #33733]
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf3587. [func] 'named -g' now checks the logging configuration but
46fdfef7dfc745effe179387e1dcb8245d3804batrawick does not use it. [RT #33473]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick3586. [bug] Handle errors in xmlDocDumpFormatMemoryEnc. [RT #33706]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick3585. [func] "rndc delzone -clean" option removes zone files
46fdfef7dfc745effe179387e1dcb8245d3804batrawick when deleting a zone. [RT #33570]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick3584. [security] Caching data from an incompletely signed zone could
46fdfef7dfc745effe179387e1dcb8245d3804batrawick trigger an assertion failure in resolver.c
46fdfef7dfc745effe179387e1dcb8245d3804batrawick (CVE-2013-3919). [RT #33690]
573f949c582f06bd738a96196f40b646b6d540b8rpluem3583. [bug] Address memory leak in GSS-API processing [RT #33574]
573f949c582f06bd738a96196f40b646b6d540b8rpluem3582. [bug] Silence false positive warning regarding missing file
c44902d07eab7deb803a59e959f57cf3b7d56655poirier directive for inline slave zones. [RT #33662]
c44902d07eab7deb803a59e959f57cf3b7d56655poirier3581. [bug] Changed the tcp-listen-queue default to 10. [RT #33029]
ae1981fc94adf2b231e2d0e15d2f895b2138c969covener3580. [bug] Addressed a possible race in acache.c [RT #33602]
ae1981fc94adf2b231e2d0e15d2f895b2138c969covener3579. [maint] Updates to PKCS#11 openssl patches, supporting
ae1981fc94adf2b231e2d0e15d2f895b2138c969covener versions 0.9.8y, 1.0.0k, 1.0.1e [RT #33463]
ae1981fc94adf2b231e2d0e15d2f895b2138c969covener3578. [bug] 'rndc -c file' now fails if 'file' does not exist.
4ac05f9625e37cc421f4ea548422827b4de163d7niq [RT #33571]
4ac05f9625e37cc421f4ea548422827b4de163d7niq3577. [bug] Handle zero TTL values better. [RT #33411]
4ac05f9625e37cc421f4ea548422827b4de163d7niq3576. [bug] Address a shutdown race when validating. [RT #33573]
6999a76d8eb5ef6b4b295e51df0b2fb6064bd373covener3575. [func] Changed the logging category for RRL events from
6999a76d8eb5ef6b4b295e51df0b2fb6064bd373covener 'queries' to 'query-errors'. [RT #33540]
ead0b57bbeaec5acb14f931b5641962f429dabc9trawick3574. [doc] The 'hostname' keyword was missing from server-id
ead0b57bbeaec5acb14f931b5641962f429dabc9trawick description in the named.conf man page. [RT #33476]
77d6f9d5c2a5cab805e9ace265628f3d791b937dniq3573. [bug] "rndc addzone" and "rndc delzone" incorrectly handled
77d6f9d5c2a5cab805e9ace265628f3d791b937dniq zone names containing punctuation marks and other
a9d359cdeb1cee65cdb9fab5e19ffb4846172183trawick nonstandard characters. [RT #33419]
9f35dd32eedd781d218a85f0315ea5526a8adc84minfrin3572. [func] Threads are now enabled by default on most
9f35dd32eedd781d218a85f0315ea5526a8adc84minfrin operating systems. [RT #25483]
9f35dd32eedd781d218a85f0315ea5526a8adc84minfrin3571. [bug] Address race condition in dns_client_startresolve().
5dc4220fc22561537ce1421a03e11846a5b719ebminfrin [RT #33234]
5dc4220fc22561537ce1421a03e11846a5b719ebminfrin3570. [bug] Check internal pointers are valid when loading map
5dc4220fc22561537ce1421a03e11846a5b719ebminfrin files. [RT #33403]
bd27541a0c96caa881f17a490e23cdd220d480c8poirier3569. [contrib] Ported mysql DLZ driver to dynamically-loadable
a9d359cdeb1cee65cdb9fab5e19ffb4846172183trawick module, and added multithread support. [RT #33394]
68c4447ba8e057cf38cbbec918e0549b817f20b4minfrin3568. [cleanup] Add a product description line to the version file,
68c4447ba8e057cf38cbbec918e0549b817f20b4minfrin to be reported by named -v/-V. [RT #33366]
68c4447ba8e057cf38cbbec918e0549b817f20b4minfrin3567. [bug] Silence clang static analyzer warnings. [RT #33365]
e33d0698670fead33dbd7c907363053b9e2be454minfrin3566. [func] Log when forwarding updates to master. [RT #33240]
e33d0698670fead33dbd7c907363053b9e2be454minfrin3565. [placeholder]
e33d0698670fead33dbd7c907363053b9e2be454minfrin3564. [bug] Improved handling of corrupted map files. [RT #33380]
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin3563. [contrib] zone2sqlite failed with some table names. [RT #33375]
4ea8055e720d18f386b8026b546e5836ecccba4arjung3562. [func] Update map file header format to include a SHA-1 hash
a9d359cdeb1cee65cdb9fab5e19ffb4846172183trawick of the database content, so that corrupted map files
a9d359cdeb1cee65cdb9fab5e19ffb4846172183trawick can be rejected at load time. [RT #32459]
fd80868005a61e747bc45b39df83cae7abb3d151pgollucci3561. [bug] dig: issue a warning if an EDNS query returns FORMERR
fd80868005a61e747bc45b39df83cae7abb3d151pgollucci or NOTIMP. Adjust usage message. [RT #33363]
60a8830541cd85d23a42ccb1639bc4744de9d526poirier3560. [bug] isc-config.sh did not honor includedir and libdir
60a8830541cd85d23a42ccb1639bc4744de9d526poirier when set via configure. [RT #33345]
60a8830541cd85d23a42ccb1639bc4744de9d526poirier3559. [func] Check that both forms of Sender Policy Framework
5ae15cd9d22fb3bdfd2eb0b9761c4ef07fbf2f96minfrin records exist or do not exist. [RT #33355]
5ae15cd9d22fb3bdfd2eb0b9761c4ef07fbf2f96minfrin3558. [bug] IXFR of a DLZ stored zone was broken. [RT #33331]
69fc9805c344b2dd5fd49a4f75cbf55dedeac7d6minfrin3557. [bug] Reloading redirect zones was broken. [RT #33292]
69fc9805c344b2dd5fd49a4f75cbf55dedeac7d6minfrin3556. [maint] Added AAAA for D.ROOT-SERVERS.NET.
46fdfef7dfc745effe179387e1dcb8245d3804batrawick3555. [bug] Address theoretical race conditions in acache.c
46fdfef7dfc745effe179387e1dcb8245d3804batrawick (change #3553 was incomplete). [RT #33252]
ca0a943242b488c162aa89874498e0316f7b2f2eminfrin3554. [bug] RRL failed to correctly rate-limit upward
e1c6c1dac26c35ecebe158438bb0c56afbb9bfb0sf referrals and failed to count dropped error
e1c6c1dac26c35ecebe158438bb0c56afbb9bfb0sf responses in the statistics. [RT #33225]
38451a13fb80b89e704792ebc0e6f9e5e5877d7dsf3553. [bug] Address suspected double free in acache. [RT #33252]
38451a13fb80b89e704792ebc0e6f9e5e5877d7dsf3552. [bug] Wrong getopt option string for 'nsupdate -r'.
38451a13fb80b89e704792ebc0e6f9e5e5877d7dsf [RT #33280]
505e342aefa9fbccc857f1bc653a310e25511946sf3551. [bug] resolver.querydscp[46] were uninitialized. [RT #32686]
505e342aefa9fbccc857f1bc653a310e25511946sf3550. [func] Unified the internal and export versions of the
505e342aefa9fbccc857f1bc653a310e25511946sf BIND libraries, allowing external clients to use
26734c75baf170a492ef6a82f07b24ee1af7d0b1sf the same libraries as BIND. [RT #33131]
26734c75baf170a492ef6a82f07b24ee1af7d0b1sf3549. [doc] Documentation for "request-nsid" was missing.
dda254ba84bdff5e236917af1b31693ca4360eabcovener [RT #33153]
dda254ba84bdff5e236917af1b31693ca4360eabcovener3548. [bug] The NSID request code in resolver.c was broken
dda254ba84bdff5e236917af1b31693ca4360eabcovener resulting in invalid EDNS options being sent.
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna [RT #33153]
e1d33ac481c6683a069630c8f9aceec3a48babcetrawick3547. [bug] Some malformed unknown rdata records were not properly
e1d33ac481c6683a069630c8f9aceec3a48babcetrawick detected and rejected. [RT #33129]
3becbd2611ffb2e8391a8eacce765b43dcb1c669wrowe3546. [func] Add EUI48 and EUI64 types. [RT #33082]
3becbd2611ffb2e8391a8eacce765b43dcb1c669wrowe3545. [bug] RRL slip behavior was incorrect when set to 1.
9c78f8d71737dfbbbf4da2f9acb397567a10e88bsf [RT #33111]
9c78f8d71737dfbbbf4da2f9acb397567a10e88bsf3544. [contrib] check5011.pl: Script to report the status of
9c78f8d71737dfbbbf4da2f9acb397567a10e88bsf managed keys as recorded in managed-keys.bind.
9c78f8d71737dfbbbf4da2f9acb397567a10e88bsf Contributed by Tony Finch <dot@dotat.at>
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf3543. [bug] Update socket structure before attaching to socket
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf manager after accept. [RT #33084]
47ff2654d827dd3596ce2e4099d69cec0f1009b9takashi3542. [placeholder]
b4ae72381175122ebfe42ff0d11db7a7f4162014takashi3541. [bug] Parts of libdns were not properly initialized when
b4ae72381175122ebfe42ff0d11db7a7f4162014takashi built in libexport mode. [RT #33028]
5e1ae35c05125b8b6c6c648c60e576f5796ea061rpluem3540. [test] libt_api: t_info and t_assert were not thread safe.
b115299831a7b4bbec58a88d708d8536e1ecd50csf3539. [port] win32: timestamp format didn't match other platforms.
5e1ae35c05125b8b6c6c648c60e576f5796ea061rpluem3538. [test] Running "make test" now requires loopback interfaces
b9a830d395feaa66ab621841a5cd86e1fa2d184brjung to be set up. [RT #32452]
82e6711dc508d2822d9397f07136ba4ddd8764e1niq3537. [tuning] Slave zones, when updated, now send NOTIFY messages
82e6711dc508d2822d9397f07136ba4ddd8764e1niq to peers before being dumped to disk rather than
82e6711dc508d2822d9397f07136ba4ddd8764e1niq after. [RT #27242]
82e6711dc508d2822d9397f07136ba4ddd8764e1niq3536. [func] Add support for setting Differentiated Services Code
82e6711dc508d2822d9397f07136ba4ddd8764e1niq Point (DSCP) values in named. Most configuration
82e6711dc508d2822d9397f07136ba4ddd8764e1niq options which take a "port" option (e.g.,
f43104f173247435cb4ade2b89aa2ca8108aedb7niq listen-on, forwarders, also-notify, masters,
f43104f173247435cb4ade2b89aa2ca8108aedb7niq notify-source, etc) can now also take a "dscp"
f43104f173247435cb4ade2b89aa2ca8108aedb7niq option specifying a code point for use with
1fdcfb04a08e53ce28af657d854922efbbabecf4niq outgoing traffic, if supported by the underlying
1fdcfb04a08e53ce28af657d854922efbbabecf4niq OS. [RT #27596]
1fdcfb04a08e53ce28af657d854922efbbabecf4niq3535. [bug] Minor win32 cleanups. [RT #32962]
c26aa743a70c2148cdca1e6c637c605d9025b051niq3534. [bug] Extra text after an embedded NULL was ignored when
c26aa743a70c2148cdca1e6c637c605d9025b051niq parsing zone files. [RT #32699]
e076b09731977eafcef2bfc6f5323f3ab7e83b15niq3533. [contrib] query-loc-0.4.0: memory leaks. [RT #32960]
3fba96a56fbced0f14edde04f417d74d7f5bdb1eniq3532. [contrib] zkt: fixed buffer overrun, resource leaks. [RT #32960]
3a183ee5b8f8129f6d3ec493be51abacda7c6ea7niq3531. [bug] win32: A uninitialized value could be returned on out
3a183ee5b8f8129f6d3ec493be51abacda7c6ea7niq of memory. [RT #32960]
22d3cfb8f14471efbc3bbc8faa2c59805ac2395fjim3530. [contrib] Better RTT tracking in queryperf. [RT #30128]
d31d6c32262a8d1cbfc63d9f7adccae46002c8f7niq3529. [func] Named now listens on both IPv4 and IPv6 interfaces
d31d6c32262a8d1cbfc63d9f7adccae46002c8f7niq by default. Named previously only listened on IPv4
d31d6c32262a8d1cbfc63d9f7adccae46002c8f7niq interfaces by default unless named was running in
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna IPv6 only mode. [RT #32945]
11f2c481e1d57bedb3f758565307501e9a2730ddtrawick3528. [func] New "dnssec-coverage" command scans the timing
11f2c481e1d57bedb3f758565307501e9a2730ddtrawick metadata for a set of DNSSEC keys and reports if a
11f2c481e1d57bedb3f758565307501e9a2730ddtrawick lapse in signing coverage has been scheduled
11f2c481e1d57bedb3f758565307501e9a2730ddtrawick inadvertently. (Note: This tool depends on python;
11f2c481e1d57bedb3f758565307501e9a2730ddtrawick it will not be built or installed on systems that
11f2c481e1d57bedb3f758565307501e9a2730ddtrawick do not have a python interpreter.) [RT #28098]
4aa736735709d0434c02ae6cc65b0738eb9882cctakashi3527. [compat] Add a URI to allow applications to explicitly
4aa736735709d0434c02ae6cc65b0738eb9882cctakashi request a particular XML schema from the statistics
99d46a23c6eac800f327b29f8009f7d7da986230trawick channel, returning 404 if not supported. [RT #32481]
99d46a23c6eac800f327b29f8009f7d7da986230trawick3526. [cleanup] Set up dependencies for unit tests correctly during
99d46a23c6eac800f327b29f8009f7d7da986230trawick build. [RT #32803]
6c2782f8988f498ad9e5fc84256e202175c3edc9covener3525. [func] Support for additional signing algorithms in rndc:
6c2782f8988f498ad9e5fc84256e202175c3edc9covener hmac-sha1, -sha224, -sha256, -sha384, and -sha512.
6c2782f8988f498ad9e5fc84256e202175c3edc9covener The -A option to rndc-confgen can be used to
a50db00c3663c2a0d3531965c64d995516b06288niq select the algorithm for the generated key.
bf27540ecb929632fd82264742045c96006c382cniq (The default is still hmac-md5; this may
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna change in a future release.) [RT #20363]
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna3524. [func] Added an alternate statistics channel in JSON format,
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna when the server is built with the json-c library:
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna http://[address]:[port]/json. [RT #32630]
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna3523. [contrib] Ported filesystem and ldap DLZ drivers to
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna dynamically-loadable modules, and added the
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna "wildcard" module based on a contribution from
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna Vadim Goncharov <vgoncharov@nic.ru>. [RT #23569]
8a0c75e992cc657a98317e78374b800d16963cfatrawick3522. [bug] DLZ lookups could fail to return SERVFAIL when
ba217dc41cebc0976010ee177f8fedac782d1f6fminfrin they ought to. [RT #32685]
8315a125b56710a222167e4d65b96c3c891f4b25sf3521. [bug] Address memory leak in opensslecdsa_link.c. [RT #32249]
ab1b172430f2d4e1b222b541bb8c1d431c1a7bc7sf3520. [bug] 'mctx' was not being referenced counted in some places
3f985866b9b5b49fb57735b5eb135591163f30dfsf where it should have been. [RT #32794]
7f51e5c395d431b8c20226f77de28efe13272bfasf3519. [func] Full replay protection via four-way handshake is
7f51e5c395d431b8c20226f77de28efe13272bfasf now mandatory for rndc clients. Very old versions
7f51e5c395d431b8c20226f77de28efe13272bfasf of rndc will no longer work. [RT #32798]
17d64c884a44f5ca72f6901afd3e50991bfc1c63sf3518. [bug] Increase the size of dns_rrl_key.s.rtype by one bit
17d64c884a44f5ca72f6901afd3e50991bfc1c63sf so that all dns_rrl_rtype_t enum values fit regardless
17d64c884a44f5ca72f6901afd3e50991bfc1c63sf of whether it is teated as signed or unsigned by
a6e4caaa97e433cc2ef78d957bc32756d9c49f79sf the compiler. [RT #32792]
a6e4caaa97e433cc2ef78d957bc32756d9c49f79sf3517. [bug] Reorder destruction to avoid shutdown race. [RT #32777]
68686064650b23222461014a11558593de194bbctrawick3516. [placeholder]
304903af1cf77cbdfa07e8a6482f35f3d9d7b0f3sf3515. [port] '%T' is not portable in strftime(). [RT #32763]
a96ba81cada826f2a9ab1e24218a77bfadfc31d8sf3514. [bug] The ranges for valid key sizes in ddns-confgen and
a96ba81cada826f2a9ab1e24218a77bfadfc31d8sf rndc-confgen were too constrained. Keys up to 512
a96ba81cada826f2a9ab1e24218a77bfadfc31d8sf bits are now allowed for most algorithms, and up
a96ba81cada826f2a9ab1e24218a77bfadfc31d8sf to 1024 bits for hmac-sha384 and hmac-sha512.
4f133508c93204c06e1acba9774ff184e5812606niq [RT #32753]
4f133508c93204c06e1acba9774ff184e5812606niq3513. [func] "dig -u" prints times in microseconds rather than
87587593f1a53030e840acc0dec6cc881022ea40covener milliseconds. [RT #32704]
87587593f1a53030e840acc0dec6cc881022ea40covener3512. [func] "rndc validation check" reports the current status
87587593f1a53030e840acc0dec6cc881022ea40covener of DNSSEC validation. [RT #21397]
52071e4b9f49c3a1c2c767c7ea80ec92cf9032c9covener3511. [doc] Improve documentation of redirect zones. [RT #32756]
52071e4b9f49c3a1c2c767c7ea80ec92cf9032c9covener3510. [func] "rndc status" and XML statistics channel now report
89b8bbc89404e7071e573c4f0a17f528996e855djorton server start and reconfiguration times. [RT #21048]
89b8bbc89404e7071e573c4f0a17f528996e855djorton3509. [cleanup] Added a product line to version file to allow for
e1d4c4e8366f46dc5dc1e6e24b4c7ac448dfa061sf easy naming of different products (BIND
e1d4c4e8366f46dc5dc1e6e24b4c7ac448dfa061sf vs BIND ESV, for example). [RT #32755]
6bc4f334a04802bab835893d0c42af8bfb9c3c41sf3508. [contrib] queryperf was incorrectly rejecting the -T option.
53593dbd8fece82cb66a23f0b7024d8d713d66f1sf [RT #32338]
79e3f2f950745953fff4a6a8dfe1f7cce31ce287sf3507. [bug] Statistics channel XSL had a glitch when attempting
79e3f2f950745953fff4a6a8dfe1f7cce31ce287sf to chart query data before any queries had been
ab2b977442827214b1d884decf3e3f1579fd45e1rpluem received. [RT #32620]
ab2b977442827214b1d884decf3e3f1579fd45e1rpluem3506. [func] When setting "max-cache-size" and "max-acache-size",
195edf54eccd8c5a436c7dd17f5f604e7074d5d1sf the keyword "unlimited" is no longer defined as equal
195edf54eccd8c5a436c7dd17f5f604e7074d5d1sf to 4 gigabytes (except on 32-bit platforms); it
195edf54eccd8c5a436c7dd17f5f604e7074d5d1sf means literally unlimited. [RT #32358]
3709b26f3370ae89c5324a3c03fab56a93b09ecdsf3505. [bug] When setting "max-cache-size" and "max-acache-size",
3709b26f3370ae89c5324a3c03fab56a93b09ecdsf larger values than 4 gigabytes could not be set
03577bc320125eaa2b27ee7af78b894ee6dfe121takashi explicitly, though larger sizes were available
03577bc320125eaa2b27ee7af78b894ee6dfe121takashi when setting cache size to 0. This has been
03577bc320125eaa2b27ee7af78b894ee6dfe121takashi corrected; the full range is now available.
f5119c5d7cfe8c6d53cb29d43f8746684068ed82minfrin [RT #32358]
f5119c5d7cfe8c6d53cb29d43f8746684068ed82minfrin3504. [func] Add support for ACLs based on geographic location,
f5119c5d7cfe8c6d53cb29d43f8746684068ed82minfrin using MaxMind GeoIP databases. Based on code
f74d35a61a835e15412b99b8aebe4958fe4e94a5takashi contributed by Ken Brownfield <kb@slide.com>.
94713632faf403489b3f8b4e0ed65e1011ac4991takashi [RT #30681]
20216b769716c4346cce373f2028d7dbebf03886poirier3503. [doc] Clarify size_spec syntax. [RT #32449]
20216b769716c4346cce373f2028d7dbebf03886poirier3502. [func] zone-statistics: "no" is now a synonym for "none",
7317a32e0c621c9a28f6f10e83e6c5dc63e3f3bdsf instead of "terse". [RT #29165]
7317a32e0c621c9a28f6f10e83e6c5dc63e3f3bdsf3501. [func] zone-statistics now takes three options: full,
ecc6e723b804fb4b8f858910eff3f88242ec56fasf terse, and none. "yes" and "no" are retained as
ecc6e723b804fb4b8f858910eff3f88242ec56fasf synonyms for full and terse, respectively. [RT #29165]
ecc6e723b804fb4b8f858910eff3f88242ec56fasf3500. [security] Support NAPTR regular expression validation on
ecc6e723b804fb4b8f858910eff3f88242ec56fasf all platforms without using libregex, which
ecc6e723b804fb4b8f858910eff3f88242ec56fasf can be vulnerable to memory exhaustion attack
727d68c6009030f56a350b4603384ce4fb844341minfrin (CVE-2013-2266). [RT #32688]
727d68c6009030f56a350b4603384ce4fb844341minfrin3499. [doc] Corrected ARM documentation of built-in zones.
ed6dfb7d7057dc4f42348f12d7bff9fe98fc73cfminfrin [RT #32694]
ed6dfb7d7057dc4f42348f12d7bff9fe98fc73cfminfrin3498. [bug] zone statistics for zones which matched a potential
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf empty zone could have their zone-statistics setting
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf overridden.
23247a8f748077bc788a5fbaf91d5fad34d0b7d1sf3497. [func] When deleting a slave/stub zone using 'rndc delzone'
23247a8f748077bc788a5fbaf91d5fad34d0b7d1sf report the files that were being used so they can
23247a8f748077bc788a5fbaf91d5fad34d0b7d1sf be cleaned up if desired. [RT #27899]
58015652ffe00f004c6404a0631474f23dadc7dasf3496. [placeholder]
58015652ffe00f004c6404a0631474f23dadc7dasf3495. [func] Support multiple response-policy zones (up to 32),
2af38cc44e48753913565b38a7a9f325f898a293minfrin while improving RPZ performance. "response-policy"
2af38cc44e48753913565b38a7a9f325f898a293minfrin syntax now includes a "min-ns-dots" clause, with
745417156908df54538ca284b382ce8d27b30066minfrin default 1, to exclude top-level domains from
2af38cc44e48753913565b38a7a9f325f898a293minfrin NSIP and NSDNAME checking. --enable-rpz-nsip and
fc2f0972572614b50523bc5ddb3f866ca4acd2f0sf --enable-rpz-nsdname are now the default. [RT #32251]
fc2f0972572614b50523bc5ddb3f866ca4acd2f0sf3494. [func] DNS RRL: Blunt the impact of DNS reflection and
251430bcaff1fa6a77953bfe56475eb6cc7abc78sf amplification attacks by rate-limiting substantially-
251430bcaff1fa6a77953bfe56475eb6cc7abc78sf identical responses. [RT #28130]
7b467aa53854c95318a1c709709c1619a4f47118minfrin3493. [contrib] Added BDBHPT dynamically-loadable DLZ module,
7b467aa53854c95318a1c709709c1619a4f47118minfrin contributed by Mark Goldfinch. [RT #32549]
7b467aa53854c95318a1c709709c1619a4f47118minfrin3492. [bug] Fixed a regression in zone loading performance
7ba7402d405dc9e3c1083e34049ed933472ca910poirier due to lock contention. [RT #30399]
7ba7402d405dc9e3c1083e34049ed933472ca910poirier3491. [bug] Slave zones using inline-signing must specify a
7ba7402d405dc9e3c1083e34049ed933472ca910poirier file name. [RT #31946]
4286d2e267e788d856092bf2ccf461e7ca99570frpluem3490. [bug] When logging RDATA during update, truncate if it's
4286d2e267e788d856092bf2ccf461e7ca99570frpluem too long. [RT #32365]
4286d2e267e788d856092bf2ccf461e7ca99570frpluem3489. [bug] --enable-developer now turns on ISC_LIST_CHECKINIT.
43563ad04e4bae7b42f7a34a87b7c60dc69c0c3fpoirier dns_dlzcreate() failed to properly initialize
5357892a1e367372dc2d4a315156e3e44dc5d56dpoirier dlzdb.link. When cloning a rdataset do not copy
5357892a1e367372dc2d4a315156e3e44dc5d56dpoirier the link contents. [RT #32651]
b42af5f6edf4fe4b820288c37920a7a6fd65f1f1poirier3488. [bug] Use after free error with DH generated keys. [RT #32649]
49cea03e96dc4707bce15d6318eb013cb8668d96minfrin3487. [bug] Change 3444 was not complete. There was a additional
49cea03e96dc4707bce15d6318eb013cb8668d96minfrin place where the NOQNAME proof needed to be saved.
49cea03e96dc4707bce15d6318eb013cb8668d96minfrin [RT #32629]
847b3922f7dcde6830f4aad49d29c84b4569c260minfrin3486. [bug] named could crash when using TKEY-negotiated keys
63eaa8ed62d63de0a44346b8af48e08e562db01eminfrin that had been deleted and then recreated. [RT #32506]
847b3922f7dcde6830f4aad49d29c84b4569c260minfrin3485. [cleanup] Only compile openssl_gostlink.c if we support GOST.
1af2b28846e2647963db788b081676884fb7df8crpluem3484. [bug] Some statistics were incorrectly rendered in XML.
1af2b28846e2647963db788b081676884fb7df8crpluem [RT #32587]
845258fbf5102b8b09fe9b7f4cb4ea4c089344c3poirier3483. [placeholder]
5d36cddfe00d5c6ad18845fcc04e6f7662050fafminfrin3482. [func] dig +nssearch now prints name servers that don't
5d36cddfe00d5c6ad18845fcc04e6f7662050fafminfrin have address records (missing AAAA or A, or the name
5d36cddfe00d5c6ad18845fcc04e6f7662050fafminfrin doesn't exist). [RT #29348]
20aa41f86a5b451529d26d9b901eea69989e5c0aminfrin3481. [cleanup] Removed use of const const in atf.
8c92aeeb75b1b393f61a3e01c495484737a0ff8cminfrin3480. [bug] Silence logging noise when setting up zone
8c92aeeb75b1b393f61a3e01c495484737a0ff8cminfrin statistics. [RT #32525]
1018201f5223624476334c6e23aead02db7c4040minfrin3479. [bug] Address potential memory leaks in gssapi support
1018201f5223624476334c6e23aead02db7c4040minfrin code. [RT #32405]
e5db2522dbe503cbf5399094b6239c88c246a8c5poirier3478. [port] Fix a build failure in strict C99 environments
e5db2522dbe503cbf5399094b6239c88c246a8c5poirier [RT #32475]
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin3477. [func] Expand logging when adding records via DDNS update
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin [RT #32365]
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin3476. [bug] "rndc zonestatus" could report a spurious "not
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin found" error on inline-signing zones. [RT #29226]
59cb8d601b8c44476e59310f68b9c373d8fc62a6minfrin3475. [cleanup] Changed name of 'map' zone file format (previously
59cb8d601b8c44476e59310f68b9c373d8fc62a6minfrin 'fast'). [RT #32458]
59cb8d601b8c44476e59310f68b9c373d8fc62a6minfrin3474. [bug] nsupdate could assert when the local and remote
ec8b1faa56744b338f6d6421144b56c2bb3faae6poirier address families didn't match. [RT #22897]
10abdcbd7b30d957d15c61ea8100ba97a627ac95minfrin3473. [bug] dnssec-signzone/verify could incorrectly report
10abdcbd7b30d957d15c61ea8100ba97a627ac95minfrin an error condition due to an empty node above an
87e0bf269cc3386ee8e6ab561ff00770151f4f53niq opt-out delegation lacking an NSEC3. [RT #32072]
87e0bf269cc3386ee8e6ab561ff00770151f4f53niq3472. [bug] The active-connections counter in the socket
3c67b7956d44501360506a9f13a5011be73b30ecminfrin statistics could underflow. [RT #31747]
3c67b7956d44501360506a9f13a5011be73b30ecminfrin3471. [bug] The number of UDP dispatches now defaults to
3c67b7956d44501360506a9f13a5011be73b30ecminfrin the number of CPUs even if -n has been set to
97d20d37d21b8d427a920e211858172f0a82427epoirier a higher value. [RT #30964]
97d20d37d21b8d427a920e211858172f0a82427epoirier3470. [bug] Slave zones could fail to dump when successfully
8e04e8ec7d682bff5e6dccdd70c082971a88cb8bniq refreshing after an initial failure. [RT #31276]
8e04e8ec7d682bff5e6dccdd70c082971a88cb8bniq3469. [bug] Handle DLZ lookup failures more gracefully. Improve
53c999a82fcca729dabc8a512b3fb996d61fd814niq backward compatibility between versions of DLZ dlopen
53c999a82fcca729dabc8a512b3fb996d61fd814niq API. [RT #32275]
53c999a82fcca729dabc8a512b3fb996d61fd814niq3468. [security] RPZ rules to generate A records (but not AAAA records)
25d0f8adcab13255494a3572edff1a25f6fbeea3rpluem could trigger an assertion failure when used in
25d0f8adcab13255494a3572edff1a25f6fbeea3rpluem conjunction with DNS64 (CVE-2012-5689). [RT #32141]
25d0f8adcab13255494a3572edff1a25f6fbeea3rpluem3467. [bug] Added checks in dnssec-keygen and dnssec-settime
dd9ae259e1578c4388739c880ede97c55cec543frpluem to check for delete date < inactive date. [RT #31719]
dd9ae259e1578c4388739c880ede97c55cec543frpluem3466. [contrib] Corrected the DNS_CLIENTINFOMETHODS_VERSION check
0938450cadc9a083d112a86bc7dd7ae34f791364trawick in DLZ example driver. [RT #32275]
0938450cadc9a083d112a86bc7dd7ae34f791364trawick3465. [bug] Handle isolated reserved ports. [RT #31778]
8bed7ee6d97933b958e97e222f37154d83e384e5jorton3464. [maint] Updates to PKCS#11 openssl patches, supporting
8bed7ee6d97933b958e97e222f37154d83e384e5jorton versions 0.9.8x, 1.0.0j, 1.0.1c [RT #29749]
8bed7ee6d97933b958e97e222f37154d83e384e5jorton3463. [doc] Clarify managed-keys syntax in ARM. [RT #32232]
c7d46b58052fe666c74a47bd26b6cb1e351492adrpluem3462. [doc] Clarify server selection behavior of dig when using
4e08c8c1a91e2887b41d8cacd3aa532355d0237drpluem -4 or -6 options. [RT #32181]
43d051c8401a1f3b4f7853cd897d3565ab814ea7poirier3461. [bug] Negative responses could incorrectly have AD=1
43d051c8401a1f3b4f7853cd897d3565ab814ea7poirier set. [RT #32237]
2f34374f6e04b9094a1d13a5ed823f331ba841a3rpluem3460. [bug] Only link against readline where needed. [RT #29810]
2f34374f6e04b9094a1d13a5ed823f331ba841a3rpluem3459. [func] Added -J option to named-checkzone/named-compilezone
7a25b029b69f169bd22718165dff3b271114f92eniq to specify the path to the journal file. [RT #30958]
7a25b029b69f169bd22718165dff3b271114f92eniq3458. [bug] Return FORMERR when presented with a overly long
2f34374f6e04b9094a1d13a5ed823f331ba841a3rpluem domain named in a request. [RT #29682]
3e6a46d2fecf446daf0e280a49fa5565f5f635eajorton3457. [protocol] Add ILNP records (NID, LP, L32, L64). [RT #31836]
137e484e5f984ceff1102e1212dda8ac0413231aniq3456. [port] g++47: ATF failed to compile. [RT #32012]
0df8f79d2324b131c36955d7e474a735a762f9eeniq3455. [contrib] queryperf: fix getopt option list. [RT #32338]
30e3e760b737f13ce800fa02c5930ade7659ba66niq3454. [port] sparc64: improve atomic support. [RT #25182]
30e3e760b737f13ce800fa02c5930ade7659ba66niq3453. [bug] 'rndc addzone' of a zone with 'inline-signing yes;'
80370e62044bea458bcd0545c59cb864ed117b04niq failed. [RT #31960]
e991c6fc032c59eb6cb751d9d382e933a53a2866niq3452. [bug] Accept duplicate singleton records. [RT #32329]
9a00e2d46c44c111d6952e553a2f1a61b7594eb3rpluem3451. [port] Increase per thread stack size from 64K to 1M.
9a00e2d46c44c111d6952e553a2f1a61b7594eb3rpluem [RT #32230]
33d9be77cc6f5fc8734e9c1f526b82d359955152rpluem3450. [bug] Stop logfileconfig system test spam system logs.
9a00e2d46c44c111d6952e553a2f1a61b7594eb3rpluem [RT #32315]
da128c59ec571c4dff70f41ecba9c8a9974c6cd6niq3449. [bug] gen.c: use the pre-processor to construct format
172e83c0f024fe6396dd1f3ca3492fd83c304db5jim strings so that compiler can perform sanity checks;
da128c59ec571c4dff70f41ecba9c8a9974c6cd6niq check the snprintf results. [RT #17576]
45932a847f237b4d8f0667b138bd3f8a15fb53ffniq3448. [bug] The allow-query-on ACL was not processed correctly.
45932a847f237b4d8f0667b138bd3f8a15fb53ffniq [RT #29486]
186e9d990f453d16826ab87a87df7b87e6e05921rpluem3447. [port] Add support for libxml2-2.9.x [RT #32231]
186e9d990f453d16826ab87a87df7b87e6e05921rpluem3446. [port] win32: Add source ID (see change #3400) to build.
6861702c2d883e5c0744d5f7528d2060671ad24dtakashi [RT #31683]
6861702c2d883e5c0744d5f7528d2060671ad24dtakashi3445. [bug] Warn about zone files with blank owner names
6861702c2d883e5c0744d5f7528d2060671ad24dtakashi immediately after $ORIGIN directives. [RT #31848]
f1f779c42f76118102fdecbe8777b47a1fc693a7rjung3444. [bug] The NOQNAME proof was not being returned from cached
f1f779c42f76118102fdecbe8777b47a1fc693a7rjung insecure responses. [RT #21409]
292cb7b720095e7bb434d79ae53b02d332aeb99acovener3443. [bug] ddns-confgen: Some TSIG algorithms were incorrectly
292cb7b720095e7bb434d79ae53b02d332aeb99acovener rejected when generating keys. [RT #31927]
292cb7b720095e7bb434d79ae53b02d332aeb99acovener3442. [port] Net::DNS 0.69 introduced a non backwards compatible
137e484e5f984ceff1102e1212dda8ac0413231aniq change. [RT #32216]
137e484e5f984ceff1102e1212dda8ac0413231aniq3441. [maint] D.ROOT-SERVERS.NET is now 199.7.91.13.
137e484e5f984ceff1102e1212dda8ac0413231aniq3440. [bug] Reorder get_key_struct to not trigger a assertion when
137e484e5f984ceff1102e1212dda8ac0413231aniq cleaning up due to out of memory error. [RT #32131]
d0cd62f11bcd8fa9bf758c5125f55cea5d9038dfrpluem3439. [placeholder]
d0cd62f11bcd8fa9bf758c5125f55cea5d9038dfrpluem3438. [bug] Don't accept unknown data escape in quotes. [RT #32031]
51d55be8bbc6652c13bc80d920f4331f7152dceerjung3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialize
51d55be8bbc6652c13bc80d920f4331f7152dceerjung buffers with constant data. [RT #32064]
0af58edfee6112cc3399e0e693340e525b96ab1ctrawick3436. [bug] Check malloc/calloc return values. [RT #32088]
0af58edfee6112cc3399e0e693340e525b96ab1ctrawick3435. [bug] Cross compilation support in configure was broken.
27c7a7cad9e83eeebad0a4d5a321144394adc3f9trawick [RT #32078]
27c7a7cad9e83eeebad0a4d5a321144394adc3f9trawick3434. [bug] Pass client info to the DLZ findzone() entry
8f2700898323915da289644dc1f3ee11a5e5b4earpluem point in addition to lookup(). This makes it
8f2700898323915da289644dc1f3ee11a5e5b4earpluem possible for a database to answer differently
8f2700898323915da289644dc1f3ee11a5e5b4earpluem whether it's authoritative for a name depending
8f2700898323915da289644dc1f3ee11a5e5b4earpluem on the address of the client. [RT #31775]
e7983ce746b0df56a1b74b42da6d82f5ecb99349covener3433. [bug] dlz_findzone() did not correctly handle
e7983ce746b0df56a1b74b42da6d82f5ecb99349covener ISC_R_NOMORE. [RT #31172]
77e28c16c8109d76c3b45717fa66ee74415db042rjung3432. [func] Multiple DLZ databases can now be configured.
bbcfb8ab8e22f90fdf346e9993bd58ba2203b182trawick DLZ databases are searched in the order configured,
bbcfb8ab8e22f90fdf346e9993bd58ba2203b182trawick unless set to "search no", in which case a
d1745d6933c22c807cf2388332426defd1b19f03covener zone can be configured to be retrieved from a
d1745d6933c22c807cf2388332426defd1b19f03covener particular DLZ database by using a "dlz <name>"
d1745d6933c22c807cf2388332426defd1b19f03covener option in the zone statement. DLZ databases can
d1745d6933c22c807cf2388332426defd1b19f03covener support type "master" and "redirect" zones.
b20f76a400e77d3631f3507ff22d68ae6bd25323trawick [RT #27597]
222834d5a33b915037094af014905f3683cae78btrawick3431. [bug] ddns-confgen: Some valid key algorithms were
2db5d76ac4c75aadecf38e20569bccbfd2360ba7rpluem not accepted. [RT #31927]
2db5d76ac4c75aadecf38e20569bccbfd2360ba7rpluem3430. [bug] win32: isc_time_formatISO8601 was missing the
df46ff21c57d00f6addccaaf9b1484f2b56b8577pquerna 'T' between the date and time. [RT #32044]
1c03114a0f0315ed19a05f654021da9f66005897rjung3429. [bug] dns_zone_getserial2 could a return success without
1c03114a0f0315ed19a05f654021da9f66005897rjung returning a valid serial. [RT #32007]
89691c9bd17f5f53fa0aa8d3fe2e1faee5a5d984rpluem3428. [cleanup] dig: Add timezone to date output. [RT #2269]
89691c9bd17f5f53fa0aa8d3fe2e1faee5a5d984rpluem3427. [bug] dig +trace incorrectly displayed name server
3e9c0665b06e44cf776528c6954ed3ca34a77c7fsctemme addresses instead of names. [RT #31641]
3e9c0665b06e44cf776528c6954ed3ca34a77c7fsctemme3426. [bug] dnssec-checkds: Clearer output when records are not
019f2b58acb34e31ea3a062bdb5e6c863cd82d66trawick found. [RT #31968]
6707208ba4e9a5841ca1ab830830fd286ea5b7c5trawick3425. [bug] "acacheentry" reference counting was broken resulting
6707208ba4e9a5841ca1ab830830fd286ea5b7c5trawick in use after free. [RT #31908]
832853bb93c1831daf24e4727c5ca0e1b1786e83lars3424. [func] dnssec-dsfromkey now emits the hash without spaces.
832853bb93c1831daf24e4727c5ca0e1b1786e83lars [RT #31951]
d2696ac6757b3d8bdaa27634a141ac8c8a045e08fielding3423. [bug] "rndc signing -nsec3param" didn't accept the full
d2696ac6757b3d8bdaa27634a141ac8c8a045e08fielding range of possible values. Address portability issues.
d2696ac6757b3d8bdaa27634a141ac8c8a045e08fielding [RT #31938]
1782dcd420de504978945e6b812523eeae6d56a2lars3422. [bug] Added a clear error message for when the SOA does not
1782dcd420de504978945e6b812523eeae6d56a2lars match the referral. [RT #31281]
1782dcd420de504978945e6b812523eeae6d56a2lars3421. [bug] Named loops when re-signing if all keys are offline.
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem [RT #31916]
59dc8d935dbf862712683bbc9e267bd08ced0b14fielding3420. [bug] Address VPATH compilation issues. [RT #31879]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3419. [bug] Memory leak on validation cancel. [RT #31869]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3418. [func] New XML schema (version 3.0) for the statistics channel
cf8d02ea0c91653917b044529f3133c5a1bb9200fielding adds query type statistics at the zone level, and
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem flattens the XML tree and uses compressed format to
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem optimize parsing. Includes new XSL that permits
17ac330ebaa71b24cb77580411a231ee45996e03pquerna charting via the Google Charts API on browsers that
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem support javascript in XSL. The old XML schema has been
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem deprecated. [RT #30023]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3417. [placeholder]
d4ee4552489641d35d1195bbbd6021351c4b79aarjung3416. [bug] Named could die on shutdown if running with 128 UDP
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem dispatches per interface. [RT #31743]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3415. [bug] named could die with a REQUIRE failure if a validation
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem was canceled. [RT #31804]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3414. [bug] Address locking issues found by Coverity. [RT #31626]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3413. [func] Record the number of DNS64 AAAA RRsets that have been
382d14411b582d97075a836190d74c778977505fcovener synthesized. [RT #27636]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3412. [bug] Copy timeval structure from control message data.
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem [RT #31548]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3411. [tuning] Use IPV6_USE_MIN_MTU or equivalent with TCP in addition
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem to UDP. [RT #31690]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3410. [bug] Addressed Coverity warnings. [RT #31626]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3409. [contrib] contrib/dane/mkdane.sh: Tool to generate TLSA RR's
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem from X.509 certificates, for use with DANE
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem (DNS-based Authentication of Named Entities).
d03aa31ada476d8eb97feaec2b1099809e7f3d57niq [RT #30513]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3408. [bug] Some DNSSEC-related options (update-check-ksk,
a7757dd38bb2a1afc93e241b7ea67b3de85ecc8bminfrin dnssec-loadkeys-interval, dnssec-dnskey-kskonly)
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem are now legal in slave zones as long as
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem inline-signing is in use. [RT #31078]
df46ff21c57d00f6addccaaf9b1484f2b56b8577pquerna3407. [placeholder]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3406. [bug] mem.c: Fix compilation errors when building with
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem ISC_MEM_TRACKLINES or ISC_MEMPOOL_NAMES disabled.
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem Also, ISC_MEM_DEBUG is no longer optional. [RT #31559]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3405. [bug] Handle time going backwards in acache. [RT #31253]
8c3667cd1d0db08647793137c0d1aa7f6526bebfniq3404. [bug] dnssec-signzone: When re-signing a zone, remove
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem RRSIG and NSEC records from nodes that used to be
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem in-zone but are now below a zone cut. [RT #31556]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3403. [bug] Silence noisy OpenSSL logging. [RT #31497]
6824182b3b8e045db97a228d3127bdfcbdfeb0bcniq3402. [test] The IPv6 interface numbers used for system
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem tests were incorrect on some platforms. [RT #25085]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3401. [bug] Addressed Coverity warnings. [RT #31484]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3400. [cleanup] "named -V" can now report a source ID string, defined
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem in the "srcid" file in the build tree and normally set
92357fb76d3ad043e29ba2ba2041a7bdb8d13390niq to the most recent git hash. [RT #31494]
9f07b6dc343a4e3eba5f4c47050a77441723ce89nd3399. [port] netbsd: rename 'bool' parameter to avoid namespace
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem clash. [RT #31515]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3398. [bug] SOA parameters were not being updated with inline
f7cec4a86292b160401472286a17497ae0d4df18covener signed zones if the zone was modified while the
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem server was offline. [RT #29272]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3397. [bug] dig crashed when using +nssearch with +tcp. [RT #25298]
1464434c2c104e0ba224644c42552330f5158537covener3396. [bug] OPT records were incorrectly removed from signed,
8d574b3ac4185e4f71c8b9aae76e7122a78201c4rpluem truncated responses. [RT #31439]
8d574b3ac4185e4f71c8b9aae76e7122a78201c4rpluem3395. [protocol] Add RFC 6598 reverse zones to built in empty zones
92357fb76d3ad043e29ba2ba2041a7bdb8d13390niq [RT #31336]
509111f5f58a9effd4c832f6a0cbd6ad9d549188jorton3394. [bug] Adjust 'successfully validated after lower casing
509111f5f58a9effd4c832f6a0cbd6ad9d549188jorton signer' log level and category. [RT #31414]
0e2a2eae9b72ac099aa25d7419e55af13b004be9minfrin3393. [bug] 'host -C' could core dump if REFUSED was received.
235b900b78cf6849f8344e377a91ded37d9cc9depquerna [RT #31381]
235b900b78cf6849f8344e377a91ded37d9cc9depquerna3392. [func] Keep statistics on REFUSED responses. [RT #31412]
66b8ec445dced7a2036bcd3b87b6fc3f08a1ab24jorton3391. [bug] A DNSKEY lookup that encountered a CNAME failed.
66b8ec445dced7a2036bcd3b87b6fc3f08a1ab24jorton [RT #31262]
0e2a2eae9b72ac099aa25d7419e55af13b004be9minfrin3390. [bug] Silence clang compiler warnings. [RT #30417]
0e2a2eae9b72ac099aa25d7419e55af13b004be9minfrin3389. [bug] Always return NOERROR (not 0) in TSIG. [RT #31275]
0e2a2eae9b72ac099aa25d7419e55af13b004be9minfrin3388. [bug] Fixed several Coverity warnings.
8d574b3ac4185e4f71c8b9aae76e7122a78201c4rpluem Note: This change includes a fix for a bug that
6f33babce8f8bc723f0b2c755aef049cd509504fpquerna was subsequently determined to be an exploitable
6f33babce8f8bc723f0b2c755aef049cd509504fpquerna security vulnerability, CVE-2012-5688: named could
0a12339f39799193ac6866fce812a1deb8f4a1abpquerna die on specific queries with dns64 enabled.
0a12339f39799193ac6866fce812a1deb8f4a1abpquerna [RT #30996]
3fb118bc4e1a634f71c1fa509819ceac36c79dcbpquerna3387. [func] DS digest can be disabled at runtime with
3fb118bc4e1a634f71c1fa509819ceac36c79dcbpquerna disable-ds-digests. [RT #21581]
fb59af4ce3fcdd314b848359faeddf1e51bb24c5jim3386. [bug] Address locking violation when generating new NSEC /
fb59af4ce3fcdd314b848359faeddf1e51bb24c5jim NSEC3 chains. [RT #31224]
fb59af4ce3fcdd314b848359faeddf1e51bb24c5jim3385. [bug] named-checkconf didn't detect missing master lists
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna in also-notify clauses. [RT #30810]
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna3384. [bug] Improved logging of crypto errors. [RT #30963]
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna3383. [security] A certain combination of records in the RBT could
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna cause named to hang while populating the additional
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna section of a response. [RT #31090]
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna3382. [bug] SOA query from slave used use-v6-udp-ports range,
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna if set, regardless of the address family in use.
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna [RT #24173]
3ec1e3a35106ec4c8bcf8fae6a20cb623aed0b62pquerna3381. [contrib] Update queryperf to support more RR types.
3ec1e3a35106ec4c8bcf8fae6a20cb623aed0b62pquerna [RT #30762]
97f7daaffd9b6c1031302d7e551d5279fa0d0d72pquerna3380. [bug] named could die if a nonexistent master list was
97f7daaffd9b6c1031302d7e551d5279fa0d0d72pquerna referenced in a also-notify. [RT #31004]
847db8b2f0188cd9c840acbe4fea77a32748b2edpquerna3379. [bug] isc_interval_zero and isc_time_epoch should be
97f7daaffd9b6c1031302d7e551d5279fa0d0d72pquerna "const (type)* const". [RT #31069]
99c8705f69fae71940ad9b091bd2f588a7b9f484minfrin3378. [bug] Handle missing 'managed-keys-directory' better.
99c8705f69fae71940ad9b091bd2f588a7b9f484minfrin [RT #30625]
99c8705f69fae71940ad9b091bd2f588a7b9f484minfrin3377. [bug] Removed spurious newline from NSEC3 multiline
9376e7dc573bb2721491c79b92f9c06fdfacebe6minfrin output. [RT #31044]
9376e7dc573bb2721491c79b92f9c06fdfacebe6minfrin3376. [bug] Lack of EDNS support was being recorded without a
9376e7dc573bb2721491c79b92f9c06fdfacebe6minfrin successful response. [RT #30811]
edaefb8bf78debc86ef7de441c7983d8b05517e1minfrin3375. [bug] 'rndc dumpdb' failed on empty caches. [RT #30808]
edaefb8bf78debc86ef7de441c7983d8b05517e1minfrin3374. [bug] isc_parse_uint32 failed to return a range error on
edaefb8bf78debc86ef7de441c7983d8b05517e1minfrin systems with 64 bit longs. [RT #30232]
b5cbd7bc65a5c0eda246b0cd32e7d9ed124d66c4niq3373. [bug] win32: open raw files in binary mode. [RT #30944]
b5cbd7bc65a5c0eda246b0cd32e7d9ed124d66c4niq3372. [bug] Silence spurious "deleted from unreachable cache"
2ac474e42b9281e247e7082e30c50c5bef1f2cc3rjung messages. [RT #30501]
6ad55f63504cf5fe5205ed9495664519afeadcd9chrisd3371. [bug] AD=1 should behave like DO=1 when deciding whether to
6ad55f63504cf5fe5205ed9495664519afeadcd9chrisd add NS RRsets to the additional section or not.
6ad55f63504cf5fe5205ed9495664519afeadcd9chrisd [RT #30479]
809ec9d7cc8bc12d7dc6fafba24f3acad3e49d81chrisd3370. [bug] Address use after free while shutting down. [RT #30241]
809ec9d7cc8bc12d7dc6fafba24f3acad3e49d81chrisd3369. [bug] nsupdate terminated unexpectedly in interactive mode
809ec9d7cc8bc12d7dc6fafba24f3acad3e49d81chrisd if built with readline support. [RT #29550]
f436f5cf34615c3c7d49dd229560ba658033f9eachrisd3368. [bug] <dns/iptable.h>, <dns/private.h> and <dns/zone.h>
f436f5cf34615c3c7d49dd229560ba658033f9eachrisd were not C++ safe.
ce6098001014d149e90e56ab0e89c1b4aab30136chrisd3367. [bug] dns_dnsseckey_create() result was not being checked.
ce6098001014d149e90e56ab0e89c1b4aab30136chrisd [RT #30685]
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd3366. [bug] Fixed Read-After-Write dependency violation for IA64
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd atomic operations. [RT #25181]
38b062650152074931a68e933461762c5e233cfcniq3365. [bug] Removed spurious newlines from log messages in
38b062650152074931a68e933461762c5e233cfcniq zone.c [RT #30675]
d1c1b82647a997922859ec76b82e62a956078dbccovener3364. [security] Named could die on specially crafted record.
63de18ba5e922ffaab500317d7d1d0ad6b27b7e2covener [RT #30416]
91ef999a69527d2a64983681c92aaef9270697b4rpluem3363. [bug] Need to allow "forward" and "fowarders" options
91ef999a69527d2a64983681c92aaef9270697b4rpluem in static-stub zones; this had been overlooked.
91ef999a69527d2a64983681c92aaef9270697b4rpluem [RT #30482]
e82c197ca8872669af89367746826fe6b9955bb3niq3362. [bug] Setting some option values to 0 in named.conf
e82c197ca8872669af89367746826fe6b9955bb3niq could trigger an assertion failure on startup.
baef4b5261d84ad9bacb2f4e745b33f35534c25aniq [RT #27730]
baef4b5261d84ad9bacb2f4e745b33f35534c25aniq3361. [bug] "rndc signing -nsec3param" didn't work correctly
baef4b5261d84ad9bacb2f4e745b33f35534c25aniq when salt was set to '-' (no salt). [RT #30099]
9a06b6b4e83c29429c3a23d34acc41920af2024drjung3360. [bug] 'host -w' could die. [RT #18723]
742ec45ed2ac00ab03080e898332352220cc1f13niq3359. [bug] An improperly-formed TSIG secret could cause a
f82568a780e35e8786958c49a1259434e2088b9cniq memory leak. [RT #30607]
f82568a780e35e8786958c49a1259434e2088b9cniq3358. [placeholder]
56b7c92bac48127bda06d80bf94952258f7e0bd3minfrin3357. [port] Add support for libxml2-2.8.x [RT #30440]
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin3356. [bug] Cap the TTL of signed RRsets when RRSIGs are
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin approaching their expiry, so they don't remain
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin in caches after expiry. [RT #26429]
6aa239b3d12f531ad9e305b1a81ad5fd671a3493minfrin3355. [port] Use more portable awk in verify system test.
6aa239b3d12f531ad9e305b1a81ad5fd671a3493minfrin3354. [func] Improve OpenSSL error logging. [RT #29932]
d05e6175473332a8433e4ac85edda0d5a33c94b5minfrin3353. [bug] Use a single task for task exclusive operations.
d05e6175473332a8433e4ac85edda0d5a33c94b5minfrin [RT #29872]
d05e6175473332a8433e4ac85edda0d5a33c94b5minfrin3352. [bug] Ensure that learned server attributes timeout of the
13d29a334cfa69f2995b70a48aeacacc1ac7125frpluem adb cache. [RT #29856]
6951fc02abfd7642e45333902c14855836717fadrpluem3351. [bug] isc_mem_put and isc_mem_putanddetach didn't report
db455cbc662c98dbbf53175393c50086ff63370cchrisd caller if either ISC_MEM_DEBUGSIZE or ISC_MEM_DEBUGCTX
db455cbc662c98dbbf53175393c50086ff63370cchrisd memory debugging flags are set. [RT #30243]
db455cbc662c98dbbf53175393c50086ff63370cchrisd3350. [bug] Memory read overrun in isc___mem_reallocate if
db455cbc662c98dbbf53175393c50086ff63370cchrisd ISC_MEM_DEBUGCTX memory debugging flag is set.
2e242dca7111f99d54dd144b7b8418d88d560032chrisd [RT #30240]
2e242dca7111f99d54dd144b7b8418d88d560032chrisd3349. [bug] Change #3345 was incomplete. [RT #30233]
b6b1df87b7ce62620d48526a7ab630897cdaad90chrisd3348. [bug] Prevent RRSIG data from being cached if a negative
b6b1df87b7ce62620d48526a7ab630897cdaad90chrisd record matching the covering type exists at a higher
b6b1df87b7ce62620d48526a7ab630897cdaad90chrisd trust level. Such data already can't be retrieved from
b6b1df87b7ce62620d48526a7ab630897cdaad90chrisd the cache since change 3218 -- this prevents it
4cf58054a85830c67dc23890ee613f62e1f7bdc8minfrin being inserted into the cache as well. [RT #26809]
4cf58054a85830c67dc23890ee613f62e1f7bdc8minfrin3347. [bug] dnssec-settime: Issue a warning when writing a new
4cf58054a85830c67dc23890ee613f62e1f7bdc8minfrin private key file would cause a change in the
4cf58054a85830c67dc23890ee613f62e1f7bdc8minfrin permissions of the existing file. [RT #27724]
caaa32f2d2e3b28063c745c2632d3979da7f8326minfrin3346. [security] Bad-cache data could be used before it was
caaa32f2d2e3b28063c745c2632d3979da7f8326minfrin initialized, causing an assert. [RT #30025]
caaa32f2d2e3b28063c745c2632d3979da7f8326minfrin3345. [bug] Addressed race condition when removing the last item
66a8e1cc29cc4612cd938bc8fcabc0ef569e5769rpluem or inserting the first item in an ISC_QUEUE.
caaa32f2d2e3b28063c745c2632d3979da7f8326minfrin [RT #29539]
e02cb8f5090d904c054633ff33dfd1111e16e404minfrin3344. [func] New "dnssec-checkds" command checks a zone to
e02cb8f5090d904c054633ff33dfd1111e16e404minfrin determine which DS records should be published
66a8e1cc29cc4612cd938bc8fcabc0ef569e5769rpluem in the parent zone, or which DLV records should be
e02cb8f5090d904c054633ff33dfd1111e16e404minfrin published in a DLV zone, and queries the DNS to
213e520edc00641400771fc8f90b37a967a2d9ebdirkx ensure that it exists. (Note: This tool depends
2ac474e42b9281e247e7082e30c50c5bef1f2cc3rjung on python; it will not be built or installed on
213e520edc00641400771fc8f90b37a967a2d9ebdirkx systems that do not have a python interpreter.)
213e520edc00641400771fc8f90b37a967a2d9ebdirkx [RT #28099]
a449830d5caa5b9900fe64cc383658b3641f9810dirkx3343. [placeholder]
a449830d5caa5b9900fe64cc383658b3641f9810dirkx3342. [bug] Change #3314 broke saving of stub zones to disk
a449830d5caa5b9900fe64cc383658b3641f9810dirkx resulting in excessive cpu usage in some cases.
a449830d5caa5b9900fe64cc383658b3641f9810dirkx [RT #29952]
a449830d5caa5b9900fe64cc383658b3641f9810dirkx3341. [func] New "dnssec-verify" command checks a signed zone
a449830d5caa5b9900fe64cc383658b3641f9810dirkx to ensure correctness of signatures and of NSEC/NSEC3
82632a19f2f9c346fee2b28a65920ba9737b3973minfrin chains. [RT #23673]
82632a19f2f9c346fee2b28a65920ba9737b3973minfrin3340. [func] Added new 'map' zone file format, which is an image
82632a19f2f9c346fee2b28a65920ba9737b3973minfrin of a zone database that can be loaded directly into
82632a19f2f9c346fee2b28a65920ba9737b3973minfrin memory via mmap(), allowing much faster zone loading.
0481ff0599c9e3c0c7ad5c1930939dcdac908582chrisd (Note: Because of pointer sizes and other
0481ff0599c9e3c0c7ad5c1930939dcdac908582chrisd considerations, this file format is platform-dependent;
0481ff0599c9e3c0c7ad5c1930939dcdac908582chrisd 'map' zone files cannot always be transferred from one
835d676191444a46d695171e8760d55a66c60fecminfrin server to another.) [RT #25419]
835d676191444a46d695171e8760d55a66c60fecminfrin3339. [func] Allow the maximum supported rsa exponent size to be
835d676191444a46d695171e8760d55a66c60fecminfrin specified: "max-rsa-exponent-size <value>;" [RT #29228]
723f9f463f1922eaef3d24d00cb289e10daa73ffminfrin3338. [bug] Address race condition in units tests: asyncload_zone
723f9f463f1922eaef3d24d00cb289e10daa73ffminfrin and asyncload_zt. [RT #26100]
c2213b3a46a2666e2e7606ceec509cc4978f187fminfrin3337. [bug] Change #3294 broke support for the multiple keys
c2213b3a46a2666e2e7606ceec509cc4978f187fminfrin in controls. [RT #29694]
c2213b3a46a2666e2e7606ceec509cc4978f187fminfrin3336. [func] Maintain statistics for RRsets tagged as "stale".
d4562e99f620170ce0bedddc16887b900b34913bminfrin [RT #29514]
d4562e99f620170ce0bedddc16887b900b34913bminfrin3335. [func] nslookup: return a nonzero exit code when unable
fd279fe992f7171dc3f6d4d40d6db5bb74f2d96eminfrin to get an answer. [RT #29492]
fd279fe992f7171dc3f6d4d40d6db5bb74f2d96eminfrin3334. [bug] Hold a zone table reference while performing a
fd279fe992f7171dc3f6d4d40d6db5bb74f2d96eminfrin asynchronous load of a zone. [RT #28326]
fed63d1b62cc7e56aad77b70ee5b5cc7f5c6aademinfrin3333. [bug] Setting resolver-query-timeout too low can cause
fed63d1b62cc7e56aad77b70ee5b5cc7f5c6aademinfrin named to not recover if it loses connectivity.
fed63d1b62cc7e56aad77b70ee5b5cc7f5c6aademinfrin [RT #29623]
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin3332. [bug] Re-use cached DS rrsets if possible. [RT #29446]
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin3331. [security] dns_rdataslab_fromrdataset could produce bad
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin rdataslabs. [RT #29644]
fb8ee8b7a3a2503b95bf47685f9083e0b9834e6fminfrin3330. [func] Fix missing signatures on NOERROR results despite
fb8ee8b7a3a2503b95bf47685f9083e0b9834e6fminfrin RPZ rewriting. Also
fb8ee8b7a3a2503b95bf47685f9083e0b9834e6fminfrin - add optional "recursive-only yes|no" to the
fb8ee8b7a3a2503b95bf47685f9083e0b9834e6fminfrin response-policy statement
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd - add optional "max-policy-ttl" to the response-policy
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd statement to limit the false data that
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd "recursive-only no" can introduce into
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd resolvers' caches
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd - add a RPZ performance test to bin/tests/system/rpz
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd when queryperf is available.
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd - the encoding of PASSTHRU action to "rpz-passthru".
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd (The old encoding is still accepted.)
78a20a6e7ad3a0229900ee54c7d11a65f647b663niq [RT #26172]
9582ad6e149d28b118d4e8571101ecb6f85e0191niq3329. [bug] Handle RRSIG signer-name case consistently: We
78a20a6e7ad3a0229900ee54c7d11a65f647b663niq generate RRSIG records with the signer-name in
d56bacbfefa5aa883ce5162a115747372fc38d13chrisd lower case. We accept them with any case, but if
d56bacbfefa5aa883ce5162a115747372fc38d13chrisd they fail to validate, we try again in lower case.
d56bacbfefa5aa883ce5162a115747372fc38d13chrisd [RT #27451]
d56bacbfefa5aa883ce5162a115747372fc38d13chrisd3328. [bug] Fixed inconsistent data checking in dst_parse.c.
d64dd2fd4516c2b1b664c5e59c0628d9aff26984covener [RT #29401]
d64dd2fd4516c2b1b664c5e59c0628d9aff26984covener3327. [func] Added 'filter-aaaa-on-v6' option; this is similar
ed0d39878e79220baaa50c15b79b1fdf877cb919niq to 'filter-aaaa-on-v4' but applies to IPv6
1e911973bcb9df6701a4c16c037771ecf25ade13niq connections. (Use "configure --enable-filter-aaaa"
1e911973bcb9df6701a4c16c037771ecf25ade13niq to enable this option.) [RT #27308]
1e911973bcb9df6701a4c16c037771ecf25ade13niq3326. [func] Added task list statistics: task model, worker
1e911973bcb9df6701a4c16c037771ecf25ade13niq threads, quantum, tasks running, tasks ready.
1e911973bcb9df6701a4c16c037771ecf25ade13niq [RT #27678]
e47d58d5d983426584c8d16416c50f5c58070746dirkx3325. [func] Report cache statistics: memory use, number of
e47d58d5d983426584c8d16416c50f5c58070746dirkx nodes, number of hash buckets, hit and miss counts.
e47d58d5d983426584c8d16416c50f5c58070746dirkx [RT #27056]
33aad3911b15cb5d523075f7df829274fe298a13dirkx3324. [test] Add better tests for ADB stats [RT #27057]
33aad3911b15cb5d523075f7df829274fe298a13dirkx3323. [func] Report the number of buckets the resolver is using.
433dcb1fbaae82d36634f5120bff71a04296904ddirkx [RT #27020]
433dcb1fbaae82d36634f5120bff71a04296904ddirkx3322. [func] Monitor the number of active TCP and UDP dispatches.
433dcb1fbaae82d36634f5120bff71a04296904ddirkx [RT #27055]
433dcb1fbaae82d36634f5120bff71a04296904ddirkx3321. [func] Monitor the number of recursive fetches and the
d7fcc79b0bee660d71b0cccfe9bbc2765ee6420erederpj number of open sockets, and report these values in
d7fcc79b0bee660d71b0cccfe9bbc2765ee6420erederpj the statistics channel. [RT #27054]
d7fcc79b0bee660d71b0cccfe9bbc2765ee6420erederpj3320. [func] Added support for monitoring of recursing client
d7fcc79b0bee660d71b0cccfe9bbc2765ee6420erederpj count. [RT #27009]
65cb7f00eca6689c8a89dc809359991ade1285bcwrowe3319. [func] Added support for monitoring of ADB entry count and
65cb7f00eca6689c8a89dc809359991ade1285bcwrowe hash size. [RT #27057]
65cb7f00eca6689c8a89dc809359991ade1285bcwrowe3318. [tuning] Reduce the amount of work performed while holding a
65cb7f00eca6689c8a89dc809359991ade1285bcwrowe bucket lock when finished with a fetch context.
39c7699ec0799d394d3f67145d4a12ed82f587b8jorton [RT #29239]
39c7699ec0799d394d3f67145d4a12ed82f587b8jorton3317. [func] Add ECDSA support (RFC 6605). [RT #21918]
c6d33447e28403a90ad817dba4df75fae785be28pquerna3316. [tuning] Improved locking performance when recursing.
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin [RT #28836]
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin3315. [tuning] Use multiple dispatch objects for sending upstream
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin queries; this can improve performance on busy
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin multiprocessor systems by reducing lock contention.
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin [RT #28605]
4ede070ca63bd4c48045e35a7192582769770290jorton3314. [bug] The masters list could be updated while stub_callback
795c9499a77c25695bcb9710ed67bbe51492e181rpluem or refresh_callback were using it. [RT #26732]
795c9499a77c25695bcb9710ed67bbe51492e181rpluem3313. [protocol] Add TLSA record type. [RT #28989]
a72ba68ecbbc61e4b513e50d6000245c33f753dcwrowe3312. [bug] named-checkconf didn't detect a bad dns64 clients acl.
7a079e0cd696baca90ac43e325f64582e2945c68wrowe [RT #27631]
62c53a0dab4c85bfc6a5ab9abfb1b269d9f7458dniq3311. [bug] Abort the zone dump if zone->db is NULL in
62c53a0dab4c85bfc6a5ab9abfb1b269d9f7458dniq zone.c:zone_gotwritehandle. [RT #29028]
ecc1538af1c08282fc2773d2eb3f1a54251862f9minfrin3310. [test] Increase table size for mutex profiling. [RT #28809]
ecc1538af1c08282fc2773d2eb3f1a54251862f9minfrin3309. [bug] resolver.c:fctx_finddone() was not thread safe.
ecc1538af1c08282fc2773d2eb3f1a54251862f9minfrin [RT #27995]
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj3308. [placeholder]
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj3307. [bug] Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS.
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj [RT #28956]
e4b96ba15dc8b2b27d251d53e29b86da32cd5066pquerna3306. [bug] Improve DNS64 reverse zone performance. [RT #28563]
108ebbb87b2a46f4416ec507824471a483c39fe1sctemme3305. [func] Add wire format lookup method to sdb. [RT #28563]
108ebbb87b2a46f4416ec507824471a483c39fe1sctemme3304. [bug] Use hmctx, not mctx when freeing rbtdb->heaps.
7abe34dd5a20fc8fde09dca9116b88e6ddfd55ddjorton [RT #28571]
7abe34dd5a20fc8fde09dca9116b88e6ddfd55ddjorton3303. [bug] named could die when reloading. [RT #28606]
10d486b9267800c5e376c22f6c0d45dc2ae86f67chrisd3302. [bug] dns_dnssec_findmatchingkeys could fail to find
10d486b9267800c5e376c22f6c0d45dc2ae86f67chrisd keys if the zone name contained character that
10d486b9267800c5e376c22f6c0d45dc2ae86f67chrisd required special mappings. [RT #28600]
3e155218733389e7b1ea3a9ffd0aea533fd929cechrisd3301. [contrib] Update queryperf to build on darwin. Add -R flag
3e155218733389e7b1ea3a9ffd0aea533fd929cechrisd for non-recursive queries. [RT #28565]
ab43b4a17b2ac31ccb1cf280be8c42a8a314cecbjorton3300. [bug] Named could die if gssapi was enabled in named.conf
ab43b4a17b2ac31ccb1cf280be8c42a8a314cecbjorton but was not compiled in. [RT #28338]
67139e2d50d1e11558d87f7042f61cb04bb0d1d2jim3299. [bug] Make SDB handle errors from database drivers better.
f3a5934ca0fb0f0f813bd9d9d06af8937e3f401fjim [RT #28534]
67139e2d50d1e11558d87f7042f61cb04bb0d1d2jim3298. [bug] Named could dereference a NULL pointer in
67139e2d50d1e11558d87f7042f61cb04bb0d1d2jim zmgr_start_xfrin_ifquota if the zone was being removed.
a4ab95921be8ce5de50913cd6505d41b672eb375minfrin [RT #28419]
a4ab95921be8ce5de50913cd6505d41b672eb375minfrin3297. [bug] Named could die on a malformed master file. [RT #28467]
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin3296. [bug] Named could die with a INSIST failure in
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin client.c:exit_check. [RT #28346]
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin3295. [bug] Adjust isc_time_secondsastimet range check to be more
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin portable. [RT # 26542]
50c06405bc48121db2913925549407fd3e79bcedmturk3294. [bug] isccc/cc.c:table_fromwire failed to free alist on
dec02391360e503cd3437d16bed765dc653b9de5minfrin error. [RT #28265]
dec02391360e503cd3437d16bed765dc653b9de5minfrin3293. [func] nsupdate: list supported type. [RT #28261]
dec02391360e503cd3437d16bed765dc653b9de5minfrin3292. [func] Log messages in the axfr stream at debug 10.
1b27a3a26f18191db7ecb4d536cb121ba9520a8eniq [RT #28040]
686ce4eade942e515b1725d0c9751da36b759a6ctrawick3291. [port] Fixed a build error on systems without ENOTSUP.
686ce4eade942e515b1725d0c9751da36b759a6ctrawick [RT #28200]
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick3290. [bug] <isc/hmacsha.h> was not being installed. [RT #28169]
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd3289. [bug] 'rndc retransfer' failed for inline zones. [RT #28036]
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd3288. [bug] dlz_destroy() function wasn't correctly registered
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd by the DLZ dlopen driver. [RT #28056]
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd3287. [port] Update ans.pl to work with Net::DNS 0.68. [RT #28028]
534611d341a1a48b93c7a1fd5e333dbd261527d3rpluem3286. [bug] Managed key maintenance timer could fail to start
534611d341a1a48b93c7a1fd5e333dbd261527d3rpluem after 'rndc reconfig'. [RT #26786]
79d4b708d021714647aab8b138ae671ed24765cewrowe3285. [bug] val-frdataset was incorrectly disassociated in
79d4b708d021714647aab8b138ae671ed24765cewrowe proveunsecure after calling startfinddlvsep.
79d4b708d021714647aab8b138ae671ed24765cewrowe [RT #27928]
79d4b708d021714647aab8b138ae671ed24765cewrowe3284. [bug] Address race conditions with the handling of
88d0e50f16b21d4d0af0a48da7ad28fb5991834crpluem3283. [bug] Raw zones with with more than 512 records in a RRset
88d0e50f16b21d4d0af0a48da7ad28fb5991834crpluem failed to load. [RT #27863]
48fa058fe468025347930610ac2473094fa0f4e4chrisd3282. [bug] Restrict the TTL of NS RRset to no more than that
48fa058fe468025347930610ac2473094fa0f4e4chrisd of the old NS RRset when replacing it.
3ec4328f079d8867cc323155e59678ad9437914frooneg [RT #27792] [RT #27884]
3ec4328f079d8867cc323155e59678ad9437914frooneg3281. [bug] SOA refresh queries could be treated as cancelled
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd despite succeeding over the loopback interface.
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd [RT #27782]
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd3280. [bug] Potential double free of a rdataset on out of memory
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd with DNS64. [RT #27762]
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd3279. [bug] Hold a internal reference to the zone while performing
cd59ac5e8f739afbdcd523c649550f7dce1709ceniq a asynchronous load. Address potential memory leak
db78659055df54243bca678c35bd2ce7e31a9237rooneg if the asynchronous is cancelled. [RT #27750]
db78659055df54243bca678c35bd2ce7e31a9237rooneg3278. [bug] Make sure automatic key maintenance is started
95817edd05387a5276f51fcd5db79fc21b89b55brooneg when "auto-dnssec maintain" is turned on during
95817edd05387a5276f51fcd5db79fc21b89b55brooneg "rndc reconfig". [RT #26805]
63689d77e084e36b8194fb6df5adfc0344965e01trawick3277. [bug] win32: isc_socket_dup is not implemented. [RT #27696]
63689d77e084e36b8194fb6df5adfc0344965e01trawick3276. [bug] win32: ns_os_openfile failed to return NULL on
63689d77e084e36b8194fb6df5adfc0344965e01trawick safe_open failure. [RT #27696]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes3275. [bug] Corrected rndc -h output; the 'rndc sync -clean'
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes option had been misspelled as '-clear'. (To avoid
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes future confusion, both options now work.) [RT #27173]
8b67b9d3ce40755d1b58971198a02b2749d8e13dbnicholes3274. [placeholder]
8b67b9d3ce40755d1b58971198a02b2749d8e13dbnicholes3273. [bug] AAAA responses could be returned in the additional
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes section even when filter-aaaa-on-v4 was in use.
a1a615ca49b162d71d88089210395c9a9cfeb539rpluem [RT #27292]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes3272. [func] New "rndc zonestatus" command prints information
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes about the specified zone. [RT #21671]
a1a615ca49b162d71d88089210395c9a9cfeb539rpluem3271. [port] darwin: mksymtbl is not always stable, loop several
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes times before giving up. mksymtbl was using non
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes portable perl to covert 64 bit hex strings. [RT #27653]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes --- 9.9.0rc2 released ---
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes3270. [bug] "rndc reload" didn't reuse existing zones correctly
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes when inline-signing was in use. [RT #27650]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes3269. [port] darwin 11 and later now built threaded by default.
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes3268. [bug] Convert RRSIG expiry times to 64 timestamps to work
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes out the earliest expiry time. [RT #23311]
a1a615ca49b162d71d88089210395c9a9cfeb539rpluem3267. [bug] Memory allocation failures could be mis-reported as
1b0dce86d7fc8a5aa4c89b05255be26e508c615crpluem unexpected error. New ISC_R_UNSET result code.
1b0dce86d7fc8a5aa4c89b05255be26e508c615crpluem [RT #27336]
1b0dce86d7fc8a5aa4c89b05255be26e508c615crpluem3266. [bug] The maximum number of NSEC3 iterations for a
edc5389f50ce4153e6192740f3c7a188c8cf8d67niq DNSKEY RRset was not being properly computed.
edc5389f50ce4153e6192740f3c7a188c8cf8d67niq [RT #26543]
6c05afd314b4ddd545d63b4ff5de822cc30eec79trawick3265. [bug] Corrected a problem with lock ordering in the
6c05afd314b4ddd545d63b4ff5de822cc30eec79trawick inline-signing code. [RT #27557]
13cd67e9c1dacbd6b9f040bda337c725cedd98f3brianp3264. [bug] Automatic regeneration of signatures in an
a623efbff95aab78da9e030524b0fa69b054f6d0brianp inline-signing zone could stall when the server
a623efbff95aab78da9e030524b0fa69b054f6d0brianp was restarted. [RT #27344]
a623efbff95aab78da9e030524b0fa69b054f6d0brianp3263. [bug] "rndc sync" did not affect the unsigned side of an
a623efbff95aab78da9e030524b0fa69b054f6d0brianp inline-signing zone. [RT #27337]
0b4b04d8621478ba59f0a6ba2950ddc02ab92b58colm3262. [bug] Signed responses were handled incorrectly by RPZ.
0b4b04d8621478ba59f0a6ba2950ddc02ab92b58colm [RT #27316]
2f1bb5376c5c4022383bb729679ca751dd75a2eabrianp3261. [func] RRset ordering now defaults to random. [RT #27174]
ad862ab5716726a2d72a292ba1dfb29566c86153brianp3260. [bug] "rrset-order cyclic" could appear not to rotate
ad862ab5716726a2d72a292ba1dfb29566c86153brianp for some query patterns. [RT #27170/27185]
17d53ea32c4968e47733f1c2c063ae07d280efd6jerenkrantz --- 9.9.0rc1 released ---
17d53ea32c4968e47733f1c2c063ae07d280efd6jerenkrantz3259. [bug] named-compilezone: Suppress "dump zone to <file>"
2d5532b13110a8d85653da92e97795b09cc25cc2trawick message when writing to stdout. [RT #27109]
b38565306421ff53e9f7499bc728d6df5cec294dpquerna3258. [test] Add "forcing full sign with unreadable keys" test.
b38565306421ff53e9f7499bc728d6df5cec294dpquerna [RT #27153]
89cc93f847a5510482d72d21fc38e9edb8e04057rjung3257. [bug] Do not generate a error message when calling fsync()
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim in a pipe or socket. [RT #27109]
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim3256. [bug] Disable empty zones for lwresd -C. [RT #27139]
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim3255. [func] No longer require that a empty zones be explicitly
cfa64348224b66dd1c9979b809406c4d15b1c137fielding enabled or that a empty zone is disabled for
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim RFC 1918 empty zones to be configured. [RT #27139]
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim3254. [bug] Set isc_socket_ipv6only() on the IPv6 control channels.
cfa64348224b66dd1c9979b809406c4d15b1c137fielding [RT #22249]
lib/dns/rbtdb.c:iszonesecure. [RT#26913]
3233. [bug] 'rndc freeze/thaw' didn't work for inline zones.
3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478]
3212. [bug] rbtdb.c: failed to remove a node from the deadnodes
3201. [func] 'rndc querylog' can now be given an on/off parameter
dnssec.h. [RT #26415]
3188. [bug] zone.c:zone_refreshkeys() could fail to detach
3186. [bug] Version/db mis-match in rpz code. [RT #26180]
sample external DLZ module in contrib/dlz/example.
- replace "NO-OP" named.conf policy override with
3169. [func] Catch db/version mis-matches when calling dns_db_*().
3163. [bug] Use finer-grained locking in client.c to address
3161. [bug] zone.c:del_sigs failed to always reset rdata leading
drivers (e.g., mysql, postgresql, etc). [RT #25710]
3145. [test] Capture output of ATF unit tests in "./atf.out" if
3093. [bug] Fix gssapi/kerberos dependencies [RT #23836]
3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
and add setup.sh in order to resolve changing
named.conf issue. [RT #23687]
3077. [bug] zone.c:zone_refreshkeys() incorrectly called
update.c:next_active. [RT #20256]
select the master/slave zones. [RT #23580]
- "dig +split=X" breaks hex/base64 records into
named.pid at startup. [RT #23290]
validator.c. Tests added to dnssec system test.
3038. [bug] Install <dns/rpz.h>. [RT #23342]
3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
3026. [bug] lib/isc/httpd.c: check that we have enough space
to 10. Allow setting this in named.conf using the new
in the named.conf options. [RT #21727]
3000. [bug] More TKEY/GSS fixes:
2992. [contrib] contrib/check-secure-delegation.pl: A simple tool
2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for
2987. [func] Improve ease of configuring TKEY/GSS updates by
zone, but the nameserver names and/or their IP
2978. [port] hpux: look for <devpoll.h> [RT #21919]
2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
2973. [bug] bind.keys.h was being removed by the "make clean"
(e.g. "%-1c"). [RT #22270]
2962. [port] win32: add more dependencies to BINDBuild.dsw.
2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
interfaces at reboot. See bin/tests/system/README
support for addzone/delzone feature (see change
new-zone-file in named.conf; this happens
2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
option at the view or options level in named.conf.
into named.conf in the appropriate view. (Note:
2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
was specified in named.conf. [RT #21416]
2903. [bug] managed-keys-directory missing from namedconf.c.
2893. [bug] Improve managed keys support. New named.conf option
2873. [bug] Canceling a dynamic update via the dns/client module
2872. [bug] Modify dns/client.c:dns_client_createx() to only
2871. [bug] Type mismatch in mem_api.c between the definition and
2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
2865. [bug] memset to zero event.data. [RT #20986]
2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
README.rfc5011 into the ARM. [RT #20899]
2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
2829. [bug] Fixed potential node inconsistency in rbtdb.c.
2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
2822. [bug] rbtdb.c:loadnode() could return the wrong result.
atomic.h is correctly installed by the architecture
(i.e., built without --enable-exportlib). [RT #20679]
named.conf: check-dup-records {ignore|warn|fail};
2794. [bug] Install <isc/namespace.h>. [RT #20677]
2791. [bug] The installation of isc-config.sh was broken.
2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
2770. [cleanup] Add log messages to resolver.c to indicate events
2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597]
2746. [port] hpux: address signed/unsigned expansion mismatch of
dns_rbtnode_t.nsec. [RT #20542]
validator.c. [RT #19589]
2725. [doc] Added information about the file "managed-keys.bind"
2719. [func] Skip trusted/managed keys for unsupported algorithms.
2717. [bug] named failed to update the NSEC/NSEC3 record when
2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
2711. [port] win32: Add the bin/pkcs11 tools into the full
by the named.conf option 'secure-to-insecure'.
(i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
2699. [bug] Missing lock in rbtdb.c. [RT #20037]
S_IFREG are defined after including <isc/stat.h>.
2695. [func] DHCP/DDNS - update fdwatch code for use by
2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
2679. [func] dig -k can now accept TSIG keys in named.conf
- New "inactive" date (dnssec-keygen/settime -I)
2673. [bug] The managed-keys.bind zone file could fail to
2664. [bug] create_keydata() and minimal_update() in zone.c
applications. See README.libdns. [RT #19369]
2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
2632. [func] util/kit.sh: warn if documentation appears to be out of
2628. [port] linux: Allow /var/run/named/named.pid to be opened
2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
2617. [bug] ifconfig.sh failed to emit an error message when
2616. [bug] 'host' used the nameservers from resolv.conf even
configuration text for named.conf
from a NSEC3 signed master/slave zone. [RT #19464]
2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
2590. [func] Report zone/class of "update with no effect".
2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
of "dnssec-lookaside . trust-anchor dlv.isc.org;"
plus setting a trusted-key for dlv.isc.org.
by) $sysconfdir/bind.keys. As the ISC DLV key
the bind.keys file with a key downloaded from
https://www.isc.org/solutions/dlv. [RT #18685]
2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
2548. [bug] Install iterated_hash.h. [RT #19335]
2547. [bug] openssl_link.c:mem_realloc() could reference an
2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
2538. [bug] cache/ADB memory could grow over max-cache-size,
2519. [bug] dig/host with -4 or -6 didn't work if more than two
preceded in resolv.conf. [RT #19081]
document function in <isc/radix.h>. [RT #18534]
2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
are now /var/run/named/named.pid and
/var/run/lwresd/lwresd.pid respectively.
2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
specified in named.conf doesn't seem to work with
2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
2455. [bug] Stop metadata being transferred via axfr/ixfr.
2452. [func] Improve bin/test/journalprint. [RT #18316]
epoll and /dev/poll to be selected at compile
completion event send out canceled read/write
in rbtdb.c. [RT #18455]
2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
temporary, named.conf option reserved-sockets,
assertion in acl.c. [RT #18166]
2390. [bug] dispatch.c could make a false warning on 'odd socket'.
2387. [bug] Silence compiler warnings in lib/isc/radix.c.
2385. [bug] A condition variable in socket.c could leak in
2381. [port] dlz/mysql: support multiple install layouts for
mysql. <prefix>/include/{,mysql/}mysql.h and
2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
Documentation is in the new README.pkcs11 file.
were set at both the options/view level and in
named.conf. [RT #17581]
See <isc/mem.h> for details.
2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
rbtdb.c. Implement dead node processing in zones as
lib/dns/rdata/in_1/apl_42.c. [RT #17469]
2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
addresses in acl.c. [RT #17519]
bin/named/lwdnoop.c. [RT #17476]
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
debug/fatal messages. [RT #17501]
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
2306. [bug] Remove potential race from lib/dns/resolver.c.
2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
bin/tests/system/lwresd/lwtest.c. [RT #17474]
bin/tests/names/t_names.c. [RT #17473]
bin/nsupdate/nsupdate.c. [RT #17475]
bin/tests/timers/t_timers.c. [RT #17468]
bin/tests/dst/t_dst.c. [RT #17467]
2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
stub/slave master and journal files. [RT# 17279]
2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
2266. [bug] client.c:get_clientmctx() returned the same mctx
2257. [bug] win32: Use the full path to vcredist_x86.exe when
bindevt.dll. [RT #17159]
2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
2254. [bug] timer.c:dispatch() failed to lock timer->lock
2247. [doc] Sort doc/misc/options. [RT #17067]
2246. [bug] Make the startup of test servers (ans.pl) more
2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
If allow-query-cache is not set in named.conf then
If allow-recursion is not set in named.conf then
2194. [bug] Close journal before calling 'done' in xfrin.c.
2193. [port] win32: BINDInstall.exe is now linked statically.
2192. [port] win32: use vcredist_x86.exe to install Visual
2184. [bug] bind9.xsl.h didn't build out of the source tree.
2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
need to ship Microsoft.VC80.MFCLOC.
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
Fix a memory leak in rbtdb.c:free_noqname().
Make lookup.c:lookup_find() robust against
2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
dighost.c:get_trusted_key(). [RT #16678]
hmac_link.c. [RT #16437]
2145. [bug] Check DS/DLV digest lengths for known digests.
2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
in adb.c. [RT #16670]
2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2137. [port] Mips little endian and/or mips 64 bit are now
2136. [bug] nslookup/host looped if there was no search list
2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
2114. [bug] dig/host/nslookup: searches for names with multiple
2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
2103. [port] Add /usr/sfw to list of locations for OpenSSL
2100. [port] win32: copy libeay32.dll to Build\Debug.
2098. [bug] Race in rbtdb.c:no_references(), which occasionally
if resolv.conf does not exist or no nameservers
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
2085. [doc] win32: added index.html and README to zip. [RT #16201]
2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
2080. [port] libbind: res_init.c did not compile on older versions
2076. [bug] Several files were missing #include <config.h>
of authoritative servers that drop EDNS and/or CD
2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
2043. [port] nsupdate/nslookup: Force the flushing of the prompt
2038. [bug] dig/nslookup/host was unlinking from wrong list
a non slave/stub zone. [RT # 16073]
2028. [port] linux: socket.c compatibility for old systems.
2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
2008. [func] It is now possible to enable/disable DNSSEC
breaks DNSSEC (firewall/proxy). [RT #15592]
2003. [bug] libbind: The DNS name/address lookup functions could
1988. [bug] Remove a bus error from the SHA256/SHA512 support.
1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
1981. [bug] win32: condition.c:wait() could fail to reattain
1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
now be set in named.conf (max-udp-size). This is
xfrin.c:maybe_free() if named ran out of memory.
1944. [cleanup] isc_hash_create() does not need a read/write lock.
1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
1922. [bug] check-tool.c:setup_logging() missing call to
1919. [contrib] queryperf: a set of new features: collecting/printing
'RD' was set in the query. host/nslookup skip servers
1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
1866. [bug] resolv.conf parse errors were being ignored by
dig/host/nslookup. [RT #14841]
1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
when CFLAGS contains "-I /usr/local/include"
1839. [bug] <isc/hash.h> was not being installed.
1836. [cleanup] Silence compiler warnings in hash_test.c.
1834. [bug] Bad memset in rdata_test.c. [RT #13658]
rbtdb.c:subtractrdataset(). [RT #13519]
option in named.conf can be used to specify a
1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
1810. [bug] configure, lib/bind/configure make different default
1808. [bug] zone.c:notify_zone() contained a race condition,
1788. [bug] libbind9.la/libbind9.so needs to link against
1785. [bug] libbind9.la/libbind9.so needs to link against
1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
file clause for rbt{64} master/hint zones. [RT#13009]
1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
1748. [func] dig now returns the byte count for axfr/ixfr.
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
1745. [bug] Dig/host/nslookup accept replies from link locals
1731. [port] darwin: relax version test in ifconfig.sh.
1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
1717. [port] solaris: ifconfig.sh did not support Solaris 10.
"ifconfig.sh down" didn't work for Solaris 9.
1716. [doc] named.conf(5) was being installed in the wrong
1714. [bug] dig/host/nslookup were only trying the first
1707. [contrib] sdb/ldap updated to version 1.0-beta.
1705. [func] Allow the journal's name to be changed via named.conf.
"#include <isc/print.h>". [RT #12321]
1701. [doc] A minimal named.conf man page.
are defined in named.conf. [RT #12023]
/usr/lib. [RT #11971]
1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
adb.c:set_target(). [RT #11582]
1648. [func] Update dnssec-lookaside named.conf syntax to support
1625. [bug] named failed to load/transfer RFC2535 signed zones
1612. [bug] check-names at the option/view level could trigger
1599. [bug] Fix memory leak on error path when checking named.conf.
DNSSEC specify "dnssec-enable yes;" in named.conf.
1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
1566. [port] Support for the cmsg framework on Solaris and HP/UX.
were specified in /etc/resolv.conf. [RT #8232]
1551. [port] Open "/dev/null" before calling chroot().
1532. [port] netbsd: the configure test for <sys/sysctl.h>
requires <sys/param.h>.
1517. [port] Support for IPv6 interface scanning on HP/UX and
only (e.g. DE, LV, US and MUSEUM) these can be excluded
1503. [port] win32: install libeay32.dll outside of system32.
named.conf, tcp-listen-queue.
1498. [port] bsdos: 5.x support.
1478. [port] ifconfig.sh didn't account for other virtual
1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
doc/misc/options. [RT #5616]
via named.conf (edns-udp-size).
1425. [port] linux/libbind: define __USE_MISC when testing *_r()
function prototypes in netdb.h. [RT #4921]
1422. [func] Log name/type/class when denying a query. [RT #4663]
1419. [port] openbsd: use /dev/arandom. [RT #4950]
1417. [func] ID.SERVER/CHAOS is now a built in zone.
1410. [func] Handle records that live in the parent zone, e.g. DS.
1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
'recursing-file = "named.recursing";'.
1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
1353. [contrib] sdb/ldap to version 0.9.
in socket.c and eliminating a host of socket
1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
1336. [func] Nibble lookups under IP6.ARPA are now supported by
1334. [bug] When signing/verifying rdatasets, duplicate rdatas
1326. [bug] DNAME/CNAME signatures were not being cached when
1324. [port] darwin: ifconfig.sh now supports darwin.
1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
1276. [bug] libbind: const pointer conflicts in res_debug.c.
1269. [port] Openserver: ifconfig.sh support.
<sys/param.h> is included or not. Be consistent.
1247. [bug] Don't reset the interface index for link/site local
1234. [bug] contrib/sdb: 'zonetodb' failed to call
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
at the named.conf checking stage. [RT #2431]
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
lib/dns to use this function instead of local one.
occurs when parsing named.conf. [RT #2275]
1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
1145. [func] "host" no longer reports a NOERROR/NODATA response
named/lwresd at compile time. [RT #1982]
1119. [func] Added support in Win32 for NTFS file/directory ACL's
could cause an assertion failure in resolver.c
violation in adb.c. [RT #2017]
1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
1088. [port] libbind: MPE/iX C.70 (incomplete)
on load/reload if views were used. [RT #1947]
1041. [bug] Dig/host/nslookup could catch an assertion failure
1032. [func] hostname.bind/txt/chaos now returns the name of
1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
1030. [bug] On systems with no resolv.conf file, nsupdate
1029. [bug] Some named.conf errors did not cause the loading
1002. [bug] When reporting an unknown class name in named.conf,
972. [bug] The file modification time code in zone.c was using the
non-existent nlist.h. [RT #1640]
957. [bug] sys/select.h inclusion was broken on older platforms.
in named/win32/os.c due to code changes in
updated to add include path for os.h header.
953. [func] The /var/run/named.key file from change #843
has been replaced by /etc/rndc.key. Both
method (rndc.conf / controls). Unlike
bin/tests. [RT #1555].
946. [cleanup] doc/misc/options is now machine-generated from the
when installing isc-config.sh.
were not accepted in named.conf. [RT #1469]
and added lib/isc/win32/entropy.c.
900. [bug] A config.guess update changed the system identification
bin/tests/system/ifconfig.sh now recognize the new
899. [bug] lib/dns/soa.c failed to compile on many platforms
897. [bug] A config.guess update changed the system identification
to Darwin. This was derived from the config.guess
849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
just as <lwres/net.h> does.
843. [func] If no controls statement is present in named.conf,
generated by named and an rndc.conf-style file
named named.key will be written that uses it. rndc
838. [port] UnixWare 7.x.x is now suported by
833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
<dns/soa.h>, and extended them to support
832. [bug] The default location for named.conf in named-checkconf
825. [bug] zone.c:ns_query() detached from the wrong zone
character (i.e. "/") in its name and the directory
down-cased when signing/verifying records. [RT #1186]
in rndc.conf.
786. [bug] When DNSSEC signing/verifying data, owner names were
755. [bug] Fix incorrectly formatted log messages in zone.c.
748. [doc] List supported RFCs in doc/misc/rfc-compliance.
739. [port] Look for /dev/random in configure, rather than
737. [port] stdtime.c failed to compile on certain platforms.
dispatch.c:do_cancel(). [RT #733]
718. [cleanup] "internal" is no longer a reserved word in named.conf.
failure in adb.c. [RT #738]
703. [port] sys/select.h is needed on older platforms. [RT #695]
702. [func] If the address 0.0.0.0 is seen in resolv.conf,
693. [bug] An empty lwres statement in named.conf caused
685. [bug] nslookup should use the search list/domain options
from resolv.conf by default. [RT #405, #630]
646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
for syntax checking named.conf files and zone files,
604. [bug] The named.conf parser could print incorrect line
577. [func] Log illegal RDATA combinations. e.g. multiple
570. [bug] rbtdb.c allowed zones containing nodes which had
568. [func] Add sample simple database drivers in contrib/sdb.
of rdata type/class mnemonics in log messages.
516. [bug] Cache lookups which had a NULL node pointer, e.g.
DNAME, would trigger an INSIST(!search.need_cleanup)
490. [func] When a slave/stub zone has not yet successfully
from the named.conf "listen-on" statement, sockets
477. [bug] The the isc-config.sh script could be installed before
471. [bug] nsupdate didn't compile on HP/UX 10.20
and subsequent name servers in resolv.conf if the
457. [bug] Dig/host/hslookup didn't properly handle connect
documented as such in named.conf. [RT #304, RT #311]
is specified in named.conf. [RT #306]
is specified in named.conf. [RT #301]
432. [func] Added refresh/retry jitter. The actual refresh/
428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
(e.g. glue). This could cause SERVFAILs when
e.g. due to corrupt zones with multiple SOA records.
an argc/argv style vector of words and sets
view/global one for CNAME targets and additional
369. [func] Support new named.conf options, view and zone
the distribution, in doc/man/dnssec.
353. [bug] double increment in lwres/gethost.c:copytobuf().
348. [func] New boolean named.conf options 'additional-from-auth'
345. [bug] Large-scale changes/cleanups to dig:
341. [func] Support 'key' clause in named.conf zone masters
327. [bug] rndc.conf parser wasn't correctly recognizing an IP
320. [func] Multiple rndc changes: parses an rndc.conf file,
319. [func] The named.conf "controls" statement is now used
314. [func] The named.conf controls statement can now have
313. [bug] When parsing resolv.conf, don't terminate on an
resolv.conf search path from 6 to 8. If there
resolv.conf was empty or a comment.
310. [func] Changes to named.conf "controls" statement (inet
are listed in resolv.conf, silently ignore them
each library's ipv6.h defines the wrapper symbol of
any $sbindir/dig from a previous release.)
that lack /dev/random.
280. [func] Add isc-config.sh, which can be used to more
two or more files in libomapi.a were not namespace
278. [bug] bin/named/logconf.c:category_fromconf() didn't take
266. [bug] zone.c:save_nsrrset() node was not initialized.
262. [bug] 'master' was not initialized in zone.c:stub_callback().
for global options block of named.conf. Both accept
258. [bug] Fixed printing of lwres_addr_t.address field.
256. [func] isc_ratelimiter_t now has attach/detach semantics, and
253. [func] resolv.conf parser now recognizes ';' and '#' as
252. [bug] resolv.conf parser mishandled masks on sortlists.
244. [bug] empty named.conf file and empty options statement are
243. [func] new cachesize option for named.conf
+ missing sigwait prototype on BSD/OS 4.0/4.0.1.
BSD/OS 4.*, Linux and Solaris 2.8.
230. [func] Replace the dst sign/verify API with a cleaner one.
from confparser.c, because of yacc's code, are
212. [func] Added dns_message_get/settsigkey, to make TSIG
compiling in the lib/dns/sec/{dnssafe,openssl}
204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
run on a PA 1.x system."
201. [cleanup] Removed the test/sdig program, it has been
replaced by bin/dig/dig.
(e.g., running out of network buffers) were
and/or interfaces. [19-May-2000 explorer]
191. [func] Patched to compile on UnixWare 7.x. This platform
range for overflow/underflow. In the case of
184. [cleanup] Variables/functions which began with two leading
underscores were made to conform to the ANSI/ISO
179. [func] options named.conf statement *must* now come
178. [func] Post-load of named.conf check verifies a slave zone
168. [bug] include statements in named.conf caused syntax errors
162. [bug] Ensure proper range for arguments to ctype.h functions.
masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
util/check-includes for how this was tested.
145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
<isc/result.h>.
of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
need <isc/eventclass.h>.
instead of <isc/time.h>.
128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
and creates null keys/sets zone status bit for
<isc/result.h>.
<isc/result.h>. Multiple inclusion protection
isc_symtab_t moved to <isc/types.h>.
<isc/net.h>.
118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
117. [cleanup] libdns.a changes:
116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
<isc/list.h>.
<isc/mutex.h>.
<isc/list.h>.
bin/tests/{db,mem,sockaddr,tasks,timers}/.
108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
105. [doc] doc/dev/coding.html expanded with other
103. [func] libisc buffer API changes for <isc/buffer.h>:
on BSD/OS 4.1.
101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
<isc/event.h>.
or <isc/result.h>.
<isc/result.h>.
90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
from <named/listenlist.h>.
<isc/mem.h>. isc_interface_t and isc_interfaceiter_t
moved to <isc/types.h>.
86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
<isc/types.h>.
<isc/int.h>.
<isc/lang.h>.
subsumed by file.o.
OpenSSL libraries/headers.
from <dns/types.h>.
59. [bug] Cause net/host unreachable to be a hard error
58. [bug] bin/named/query.c could sometimes trigger the
(client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
<sys/param.h>.
logging module "dns/validator".
and isc_lex_t to <isc/types.h>.
31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
25. [bug] make install failed to install <isc/log.h> and
configure.in to check for presence of in6addr_any.
9. [cleanup] replaced bit-setting code in confctx.c and replaced
4. [port] bin/named/unix/os.c didn't compile on systems with
get only what we need from <linux/capability.h>, and
systems without /dev/random.
lib/isc/unix/include/isc/Makefile.in had a typo which