CHANGES revision 3d751891410f9892ca1c1deba2f7d8556ae91b0c
5d92fff82718cd018f0b61a10b9ad4d2b8064c95rpluem3864. [bug] RPZ didn't work well when being used as forwarder.
bf52162f2d05c1fb1a107c7ef108de73f739b3edpquerna [RT #36060]
415bb21f281e9b4f905d5893fede9165bdf1491bjim
415bb21f281e9b4f905d5893fede9165bdf1491bjim3863. [bug] The "E" flag was missing from the query log as a
df58c3a1c000d76859808ca4746a41623b432c81sf unintended side effect of code rearrangement to
df58c3a1c000d76859808ca4746a41623b432c81sf support EDNS EXPIRE. [RT #36117]
df58c3a1c000d76859808ca4746a41623b432c81sf
65f6e321663b3fd0f93d8b47b4df05f189de6cf1sf3862. [cleanup] Return immediately if we are not going to log the
65f6e321663b3fd0f93d8b47b4df05f189de6cf1sf message in ns_client_dumpmessage.
65f6e321663b3fd0f93d8b47b4df05f189de6cf1sf
bcb2c4ef861e8f8260284631b6753e1088643c8asf3861. [security] Missing isc_buffer_availablelength check results
bcb2c4ef861e8f8260284631b6753e1088643c8asf in a REQUIRE assertion when printing out a packet
bcb2c4ef861e8f8260284631b6753e1088643c8asf (CVE-2014-3859). [RT #36078]
6defa5d20691765eb0b98daf5db4b1004353222esf
6defa5d20691765eb0b98daf5db4b1004353222esf3860. [bug] ioctl(DP_POLL) array size needs to be determined
415bb21f281e9b4f905d5893fede9165bdf1491bjim at run time as it is limited to {OPEN_MAX}.
09359a90ff115fc5eeb96e1e5c78a58dd9fc59d3jim [RT #35878]
09359a90ff115fc5eeb96e1e5c78a58dd9fc59d3jim
3e13c3c3e6517a04c8c20ffb8e62aadb3b13f8dfrjung3859. [placeholder]
3e13c3c3e6517a04c8c20ffb8e62aadb3b13f8dfrjung
b8c9229249804470a885a1a43f7f2dad15fb06a3rjung3858. [bug] Disable GCC 4.9 "delete null pointer check".
b8c9229249804470a885a1a43f7f2dad15fb06a3rjung [RT #35968]
b8c9229249804470a885a1a43f7f2dad15fb06a3rjung
ef3e19a9a27ca055dd20e971d5578f5510308023niq3857. [bug] Make it harder for a incorrect NOEDNS classification
ef3e19a9a27ca055dd20e971d5578f5510308023niq to be made. [RT #36020]
ef3e19a9a27ca055dd20e971d5578f5510308023niq
ef3e19a9a27ca055dd20e971d5578f5510308023niq3856. [bug] Configuring libjson without also configuring libxml
099d298d417b68b3d11fb5934c404c60f518d69csf resulted in a REQUIRE assertion when retrieving
099d298d417b68b3d11fb5934c404c60f518d69csf statistics using json. [RT #36009]
099d298d417b68b3d11fb5934c404c60f518d69csf
0d54de55e9fec3d9ac5989a5fe016f349b82ed05sf3855. [bug] Limit smoothed round trip time aging to no more than
0d54de55e9fec3d9ac5989a5fe016f349b82ed05sf once a second. [RT #32909]
0d54de55e9fec3d9ac5989a5fe016f349b82ed05sf
636d0d3e03f5f4f2fefae0f20c36e288755e79f6rjung3854. [cleanup] Report unrecognized options, if any, in the final
636d0d3e03f5f4f2fefae0f20c36e288755e79f6rjung configure summary. [RT #36014]
636d0d3e03f5f4f2fefae0f20c36e288755e79f6rjung
3f5968bf1059aebe846e121a6f3748dd03471ce4sf3853. [cleanup] Refactor dns_rdataslab_fromrdataset to separate out
3f5968bf1059aebe846e121a6f3748dd03471ce4sf the handling of a rdataset with no records. [RT #35968]
3f5968bf1059aebe846e121a6f3748dd03471ce4sf
3f5968bf1059aebe846e121a6f3748dd03471ce4sf3852. [func] Increase the default number of clients available
3f5968bf1059aebe846e121a6f3748dd03471ce4sf for servicing lightweight resolver queries, and
3f5968bf1059aebe846e121a6f3748dd03471ce4sf make them configurable via the "lwres-tasks" and
3f5968bf1059aebe846e121a6f3748dd03471ce4sf "lwres-clients" options. (Thanks to Tomas Hozza.)
3f5968bf1059aebe846e121a6f3748dd03471ce4sf [RT #35857]
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf3851. [func] Allow libseccomp based system-call filtering
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf on Linux; use "configure --enable-seccomp" to
7c6f514f2ef9b98f58b8f8a5f534eb78a75f29f2jorton turn it on. Thanks to Loganaden Velvindron
7c6f514f2ef9b98f58b8f8a5f534eb78a75f29f2jorton of AFRINIC for the contribution. [RT #35347]
7c6f514f2ef9b98f58b8f8a5f534eb78a75f29f2jorton
3e520e9f095fbbcaa3c216c8ea56e89bd6fd58b4sf3850. [bug] Disabling forwarding could trigger a REQUIRE assertion.
3e520e9f095fbbcaa3c216c8ea56e89bd6fd58b4sf [RT #35979]
3e520e9f095fbbcaa3c216c8ea56e89bd6fd58b4sf
3e520e9f095fbbcaa3c216c8ea56e89bd6fd58b4sf3849. [doc] Alphabetized dig's +options. [RT #35992]
93d757f10e0823af718075b34363970c4af0e6cdsf
93d757f10e0823af718075b34363970c4af0e6cdsf3848. [bug] Adjust 'statistics-channels specified but not effective'
93d757f10e0823af718075b34363970c4af0e6cdsf error message to account for JSON support. [RT #36008]
533d85911f7e4914ee5f9d5c99a2421f4ab4208asf
533d85911f7e4914ee5f9d5c99a2421f4ab4208asf3847. [bug] 'configure --with-dlz-postgres' failed to fail when
533d85911f7e4914ee5f9d5c99a2421f4ab4208asf there is not support available.
533d85911f7e4914ee5f9d5c99a2421f4ab4208asf
533d85911f7e4914ee5f9d5c99a2421f4ab4208asf3846. [bug] "dig +notcp ixfr=<serial>" should result in a UDP
533d85911f7e4914ee5f9d5c99a2421f4ab4208asf ixfr query. [RT #35980]
533d85911f7e4914ee5f9d5c99a2421f4ab4208asf
78b046ee9f769d9609ea1157177d5467e4700c89covener3845. [placeholder]
78b046ee9f769d9609ea1157177d5467e4700c89covener
78b046ee9f769d9609ea1157177d5467e4700c89covener3844. [bug] Use the x64 version of the Microsoft Visual C++
5d1aa7e499fc511e937db7a7ce671add9a4d6702sf Redistributable when built for 64 bit Windows.
5d1aa7e499fc511e937db7a7ce671add9a4d6702sf [RT #35973]
5d1aa7e499fc511e937db7a7ce671add9a4d6702sf
00f8426677a7975dc809e4ccb11241c543ec8a0esf3843. [protocol] Check EDNS EXPIRE option in dns_rdata_fromwire.
00f8426677a7975dc809e4ccb11241c543ec8a0esf [RT #35969]
00f8426677a7975dc809e4ccb11241c543ec8a0esf
3ef519991d73cff6763052b5a44c206bda01541dsf3842. [bug] Adjust RRL log-only logging category. [RT #35945]
3ef519991d73cff6763052b5a44c206bda01541dsf
3ef519991d73cff6763052b5a44c206bda01541dsf3841. [cleanup] Refactor zone.c:add_opt to use dns_message_buildopt.
3ef519991d73cff6763052b5a44c206bda01541dsf [RT #35924]
3ef519991d73cff6763052b5a44c206bda01541dsf
512bc8626ede860ea2ef329e6c2ffbd6ceba3903sf3840. [port] Check for arc4random_addrandom() before using it;
512bc8626ede860ea2ef329e6c2ffbd6ceba3903sf it's been removed from OpenBSD 5.5. [RT #35907]
f82baabbe731507742af2f7ba41463dbbc7911e9sf
f82baabbe731507742af2f7ba41463dbbc7911e9sf3839. [test] Use only posix-compatible shell in system tests.
f82baabbe731507742af2f7ba41463dbbc7911e9sf [RT #35625]
26d07dbe57cb2c8f49df541329a1653635988dbbsf
26d07dbe57cb2c8f49df541329a1653635988dbbsf3838. [protocol] EDNS EXPIRE as been assigned a code point of 9.
09359a90ff115fc5eeb96e1e5c78a58dd9fc59d3jim
686555019e71b355e835166dfefbec33f7fb6f90rjung3837. [security] A NULL pointer is passed to query_prefetch resulting
686555019e71b355e835166dfefbec33f7fb6f90rjung a REQUIRE assertion failure when a fetch is actually
686555019e71b355e835166dfefbec33f7fb6f90rjung initiated (CVE-2014-3214). [RT #35899]
eda40bb2debf78c913552346127358797665cf7frjung
eda40bb2debf78c913552346127358797665cf7frjung3836. [bug] Address C++ keyword usage in header file.
eda40bb2debf78c913552346127358797665cf7frjung
eda40bb2debf78c913552346127358797665cf7frjung3835. [bug] Geoip ACL elements didn't work correctly when
eda40bb2debf78c913552346127358797665cf7frjung referenced via named or nested ACLs. [RT #35879]
eda40bb2debf78c913552346127358797665cf7frjung
53b3e9f9937ca992fb149d02d19223674c81c5a4rjung3834. [bug] The re-signing heaps were not being updated soon enough
53b3e9f9937ca992fb149d02d19223674c81c5a4rjung leading to multiple re-generations of the same RRSIG
53b3e9f9937ca992fb149d02d19223674c81c5a4rjung when a zone transfer was in progress. [RT #35273]
25cc406eca0c99de0dfbd6c8862bec2d5fb6c4farjung
25cc406eca0c99de0dfbd6c8862bec2d5fb6c4farjung3833. [bug] Cross compiling was broken due to calling genrandom at
25cc406eca0c99de0dfbd6c8862bec2d5fb6c4farjung build time. [RT #35869]
5b43275cebfb0ff9961ac462f3a96f7fe612d327rjung
5b43275cebfb0ff9961ac462f3a96f7fe612d327rjung3832. [func] "named -L <filename>" causes named to send log
5b43275cebfb0ff9961ac462f3a96f7fe612d327rjung messages to the specified file by default instead
3bcb72c0b2797d2ec0b41bb9f4696e58be2c7043rjung of to the system log. (Thanks to Tony Finch.)
3bcb72c0b2797d2ec0b41bb9f4696e58be2c7043rjung [RT #35845]
3bcb72c0b2797d2ec0b41bb9f4696e58be2c7043rjung
4acb0cd5536553055c7c6996414cec00b0191e1djim3831. [cleanup] Reduce logging noise when EDNS state changes occur.
4acb0cd5536553055c7c6996414cec00b0191e1djim [RT #35843]
dc610ff4888acc61dc6c8de2b8974a4dce9c074fsf
dc610ff4888acc61dc6c8de2b8974a4dce9c074fsf3830. [func] When query logging is enabled, log query errors at
dc610ff4888acc61dc6c8de2b8974a4dce9c074fsf the same level ('info') as the queries themselves.
b08558bf6a64f9501ad3eca34eaf4d978bd928cfsf [RT #35844]
b08558bf6a64f9501ad3eca34eaf4d978bd928cfsf
b08558bf6a64f9501ad3eca34eaf4d978bd928cfsf3829. [func] "dig +ttlunits" causes dig to print TTL values
70f553c56eda63b353598193c3afc238db9b3c78sf with time-unit suffixes: w, d, h, m, s for
70f553c56eda63b353598193c3afc238db9b3c78sf weeks, days, hours, minutes, and seconds. (Thanks
70f553c56eda63b353598193c3afc238db9b3c78sf to Tony Finch.) [RT #35823]
3fa816e4832a1c70600bdfd6fc5ef60e9f1c18bbsf
3fa816e4832a1c70600bdfd6fc5ef60e9f1c18bbsf3828. [func] "dnssec-signzone -N date" updates serial number
3fa816e4832a1c70600bdfd6fc5ef60e9f1c18bbsf to the current date in YYYYMMDDNN format.
0c2193f47081b894ed16f4fc371f44564d28b334jorton [RT #35800]
950e3163cb42ba1e9c8f9d93f4505f580cbc71f4jorton
950e3163cb42ba1e9c8f9d93f4505f580cbc71f4jorton3827. [placeholder]
0c2193f47081b894ed16f4fc371f44564d28b334jorton
55929f765b95e354092ac17238718e471c252ebbsf3826. [bug] Corrected bad INSIST logic in isc_radix_remove().
55929f765b95e354092ac17238718e471c252ebbsf [RT #35870]
2ce2fc3287632e20f1b8759aa17e571f68c6fe6dsf
2ce2fc3287632e20f1b8759aa17e571f68c6fe6dsf3825. [bug] Address sign extension bug in isc_regex_validate.
2ce2fc3287632e20f1b8759aa17e571f68c6fe6dsf [RT #35758]
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf3824. [bug] A collision between two flag values could cause
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf problems with cache cleaning when SIT was enabled.
b44ddab21bd6e44ba3c03f7ae8ed08dd23b68b48sf [RT #35858]
b44ddab21bd6e44ba3c03f7ae8ed08dd23b68b48sf
b44ddab21bd6e44ba3c03f7ae8ed08dd23b68b48sf3823. [func] Log the rpz cname target when rewriting. [RT #35667]
b44ddab21bd6e44ba3c03f7ae8ed08dd23b68b48sf
b44ddab21bd6e44ba3c03f7ae8ed08dd23b68b48sf3822. [bug] Log the correct type of static-stub zones when
b44ddab21bd6e44ba3c03f7ae8ed08dd23b68b48sf removing them. [RT #35842]
b44ddab21bd6e44ba3c03f7ae8ed08dd23b68b48sf
0ab15ffa17f588723d0c310af78b505bf4e8a953sf3821. [contrib] Added a new "mysqldyn" DLZ module with dynamic
0ab15ffa17f588723d0c310af78b505bf4e8a953sf update and transaction support. Thanks to Marty
0ab15ffa17f588723d0c310af78b505bf4e8a953sf Lee for the contribution. [RT #35656]
1dee19645438f8e3cb80fe86e1aaade04d093e45sf
1dee19645438f8e3cb80fe86e1aaade04d093e45sf3820. [func] The DLZ API doesn't pass the database version to
1dee19645438f8e3cb80fe86e1aaade04d093e45sf the lookup() function; this can cause DLZ modules
9f478b1ce1e6296ad7a244d9d2eaa6af79cfdfbfsf that allow dynamic updates to mishandle prerequisite
9f478b1ce1e6296ad7a244d9d2eaa6af79cfdfbfsf checks. This has been corrected by adding a
9f478b1ce1e6296ad7a244d9d2eaa6af79cfdfbfsf 'dbversion' field to the dns_clientinfo_t
9bec939825399ac2816ea0d912d2e3c3b2ed91f4sf structure. [RT #35656]
9bec939825399ac2816ea0d912d2e3c3b2ed91f4sf
9bec939825399ac2816ea0d912d2e3c3b2ed91f4sf3819. [bug] NSEC3 hashes need to be able to be entered and
5cca2a55e4a1cabdc2ca0db3bee456f27cf4c69eminfrin displayed without padding. This is not a issue for
5cca2a55e4a1cabdc2ca0db3bee456f27cf4c69eminfrin currently defined algorithms but may be for future
5cca2a55e4a1cabdc2ca0db3bee456f27cf4c69eminfrin hash algorithms. [RT #27925]
33510984c759eb3da154ceb0db9b75fa0031d3b4sf
33510984c759eb3da154ceb0db9b75fa0031d3b4sf3818. [bug] Stop lying to the optimizer that 'void *arg' is a
33510984c759eb3da154ceb0db9b75fa0031d3b4sf constant in isc_event_allocate.
33510984c759eb3da154ceb0db9b75fa0031d3b4sf
33510984c759eb3da154ceb0db9b75fa0031d3b4sf3817. [func] The "delve" command is now spelled "delv" to avoid
33510984c759eb3da154ceb0db9b75fa0031d3b4sf a namespace collision with the Xapian project.
33510984c759eb3da154ceb0db9b75fa0031d3b4sf [RT #35801]
33510984c759eb3da154ceb0db9b75fa0031d3b4sf
33510984c759eb3da154ceb0db9b75fa0031d3b4sf3816. [func] "dig +qr" now reports query size. (Thanks to
6b15044d54a096e6323ff1540f1a491e8de7622dsf Tony Finch.) [RT #35822]
6b15044d54a096e6323ff1540f1a491e8de7622dsf
6b15044d54a096e6323ff1540f1a491e8de7622dsf3815. [doc] Clarify "nsupdate -y" usage in man page. [RT #35808]
287b17b746df229d6211c624b8a3e1edda21cecdsf
287b17b746df229d6211c624b8a3e1edda21cecdsf3814. [func] The "masterfile-style" zone option controls the
287b17b746df229d6211c624b8a3e1edda21cecdsf formatting of dumped zone files. Options are
de2d327e43e0f17cdb64851beafecba96a0ed962sf "relative" (multiline format) and "full" (one
de2d327e43e0f17cdb64851beafecba96a0ed962sf record per line). The default is "relative".
de2d327e43e0f17cdb64851beafecba96a0ed962sf [RT #20798]
de2d327e43e0f17cdb64851beafecba96a0ed962sf
c1ea0100af157a0d4e4a3de323f32dbfac4e5b6esf3813. [func] "host" now recognizes the "timeout", "attempts" and
c1ea0100af157a0d4e4a3de323f32dbfac4e5b6esf "debug" options when set in /etc/resolv.conf.
c1ea0100af157a0d4e4a3de323f32dbfac4e5b6esf (Thanks to Adam Tkac at RedHat.) [RT #21885]
c1ea0100af157a0d4e4a3de323f32dbfac4e5b6esf
c1ea0100af157a0d4e4a3de323f32dbfac4e5b6esf3812. [func] Dig now supports sending arbitrary EDNS options from
c1ea0100af157a0d4e4a3de323f32dbfac4e5b6esf the command line (+ednsopt=code[:value]). [RT #35584]
c1ea0100af157a0d4e4a3de323f32dbfac4e5b6esf
b44565f239485673d9486068588a5fb3af008be9sf3811. [func] "serial-update-method date;" sets serial number
b44565f239485673d9486068588a5fb3af008be9sf on dynamic update to today's date in YYYYMMDDNN
b44565f239485673d9486068588a5fb3af008be9sf format. (Thanks to Bradley Forschinger.) [RT #24903]
b44565f239485673d9486068588a5fb3af008be9sf
bf99d597a964add76124fc185892e04733a02969sf3810. [bug] Work around broken nameservers that fail to ignore
bf99d597a964add76124fc185892e04733a02969sf unknown EDNS options. [RT #35766]
bf99d597a964add76124fc185892e04733a02969sf
876167dba234e2c7065895c87b77a8c57bdcf754sf3809. [doc] Fix SIT and NSID documentation.
876167dba234e2c7065895c87b77a8c57bdcf754sf
876167dba234e2c7065895c87b77a8c57bdcf754sf3808. [doc] Clean up "prefetch" documentation. [RT #35751]
9d4ce88bcd21b01619a31c53db11a51c2a1e9717sf
9d4ce88bcd21b01619a31c53db11a51c2a1e9717sf3807. [bug] Fix sign extension bug in dns_name_fromtext when
9d4ce88bcd21b01619a31c53db11a51c2a1e9717sf lowercase is set. [RT #35743]
2792ea4d5c772a6bc19dece2e098b8125bf7184cjim
2792ea4d5c772a6bc19dece2e098b8125bf7184cjim3806. [test] Improved system test portability. [RT #35625]
2792ea4d5c772a6bc19dece2e098b8125bf7184cjim
2792ea4d5c772a6bc19dece2e098b8125bf7184cjim3805. [contrib] Added contrib/perftcpdns, a performance testing tool
59a3c1e7880d3eab0d182735ff47758b9860411fminfrin for DNS over TCP. [RT #35710]
59a3c1e7880d3eab0d182735ff47758b9860411fminfrin
59a3c1e7880d3eab0d182735ff47758b9860411fminfrin --- 9.10.0rc1 released ---
59a3c1e7880d3eab0d182735ff47758b9860411fminfrin
59a3c1e7880d3eab0d182735ff47758b9860411fminfrin3804. [bug] Corrected a race condition in dispatch.c in which
59a3c1e7880d3eab0d182735ff47758b9860411fminfrin portentry could be reset leading to an assertion
b3e63c395d671f14a096d7e888dbfd2caf93a663sf failure in socket_search(). (Change #3708
b3e63c395d671f14a096d7e888dbfd2caf93a663sf addressed the same issue but was incomplete.)
b3e63c395d671f14a096d7e888dbfd2caf93a663sf [RT #35128]
b3e63c395d671f14a096d7e888dbfd2caf93a663sf
6f88aef8511bf8ccf170bec41b82b6346c8b1ac7sf3803. [bug] "named-checkconf -z" incorrectly rejected zones
6f88aef8511bf8ccf170bec41b82b6346c8b1ac7sf using alternate data sources for not having a "file"
6f88aef8511bf8ccf170bec41b82b6346c8b1ac7sf option. [RT #35685]
83c89da783ba8bdaef50ec1912443f7fad3556acjim
83c89da783ba8bdaef50ec1912443f7fad3556acjim3802. [bug] Various header files were not being installed.
83c89da783ba8bdaef50ec1912443f7fad3556acjim
5152ceef718c8d39291557205cb2a98f436ce87frjung3801. [port] Fix probing for gssapi support on FreeBSD. [RT #35615]
5152ceef718c8d39291557205cb2a98f436ce87frjung
4acb0cd5536553055c7c6996414cec00b0191e1djim3800. [bug] A pending event on the route socket could cause an
9c67ffea79ab184351b5d554b57814e13285e758jim assertion failure when shutting down named. [RT #35674]
9c67ffea79ab184351b5d554b57814e13285e758jim
3eb3f27d2d93942bd4230c231aab4eb16a316384jim3799. [bug] Improve named's command line error reporting.
3eb3f27d2d93942bd4230c231aab4eb16a316384jim [RT #35603]
3eb3f27d2d93942bd4230c231aab4eb16a316384jim
0a2424312d9f02479a38e96dcbb170a77c218852rjung3798. [bug] 'rndc zonestatus' was reporting the wrong re-signing
0a2424312d9f02479a38e96dcbb170a77c218852rjung time. [RT #35659]
6137a8d5cdc62f1d4dad8cbf720feaa35f42a596covener
6137a8d5cdc62f1d4dad8cbf720feaa35f42a596covener3797. [port] netbsd: geoip support probing was broken. [RT #35642]
6137a8d5cdc62f1d4dad8cbf720feaa35f42a596covener
80a98c87d804ac7c0ea52d3f3b4676e559b49087igalic3796. [bug] Register dns and pkcs#11 error codes. [RT #35629]
80a98c87d804ac7c0ea52d3f3b4676e559b49087igalic
80a98c87d804ac7c0ea52d3f3b4676e559b49087igalic3795. [bug] Make named-checkconf detect raw masterfiles for
925a6d92173ab96cdb0a8976c7aac13ef809e218trawick hint zones and reject them. [RT #35268]
925a6d92173ab96cdb0a8976c7aac13ef809e218trawick
925a6d92173ab96cdb0a8976c7aac13ef809e218trawick3794. [maint] Added AAAA for C.ROOT-SERVERS.NET.
925a6d92173ab96cdb0a8976c7aac13ef809e218trawick
e19d3a1e487aa73e0850658d3773f748aefba7f7sf3793. [bug] zone.c:save_nsec3param() could assert when out of
e19d3a1e487aa73e0850658d3773f748aefba7f7sf memory. [RT #35621]
e19d3a1e487aa73e0850658d3773f748aefba7f7sf
e19d3a1e487aa73e0850658d3773f748aefba7f7sf3792. [func] Provide links to the alternate statistics views when
e19d3a1e487aa73e0850658d3773f748aefba7f7sf displaying in a browser. [RT #35605]
b8e5134b5779bf5505a9e5241cf8c930cc4aac5esf
b8e5134b5779bf5505a9e5241cf8c930cc4aac5esf3791. [placeholder]
b8e5134b5779bf5505a9e5241cf8c930cc4aac5esf
b8e5134b5779bf5505a9e5241cf8c930cc4aac5esf3790. [bug] Handle broken nameservers that send BADVERS in
b1677ce80314e41b74bdd8d50c13ac159f3c09f4sf response to unknown EDNS options. Maintain
b1677ce80314e41b74bdd8d50c13ac159f3c09f4sf statistics on BADVERS responses.
b1677ce80314e41b74bdd8d50c13ac159f3c09f4sf
c447f5d2f2a21e8f2df49a113c4637b7f59a6feftrawick3789. [bug] Null pointer dereference on rbt creation failure.
c447f5d2f2a21e8f2df49a113c4637b7f59a6feftrawick
31eeb74b832eea054c7a42081c1afdeccd987e5etrawick3788. [bug] dns_peer_getrequestsit was returning request_nsid by
31eeb74b832eea054c7a42081c1afdeccd987e5etrawick mistake.
31eeb74b832eea054c7a42081c1afdeccd987e5etrawick
e9bf808f770605c1f54a9d0fb1c560115c91fd71sf --- 9.10.0b2 released ---
e9bf808f770605c1f54a9d0fb1c560115c91fd71sf
e9bf808f770605c1f54a9d0fb1c560115c91fd71sf3787. [bug] The code that checks whether "auto-dnssec" is
575cc52562c51c0c8bb8de0c6eaa55a60f7f895bsf allowed was ignoring "allow-update" ACLs set at
575cc52562c51c0c8bb8de0c6eaa55a60f7f895bsf the options or view level. [RT #29536]
575cc52562c51c0c8bb8de0c6eaa55a60f7f895bsf
490993ea2eda52d4fdacff247eb2657296c86f71trawick3786. [func] Provide more detailed error codes when using
490993ea2eda52d4fdacff247eb2657296c86f71trawick native PKCS#11. "pkcs11-tokens" now fails robustly
03502de2853fcebaf853ed3bcfd5033894c238bbjim rather than asserting when run against an HSM with
03502de2853fcebaf853ed3bcfd5033894c238bbjim an incomplete PKCS#11 API implementation. [RT #35479]
03502de2853fcebaf853ed3bcfd5033894c238bbjim
03502de2853fcebaf853ed3bcfd5033894c238bbjim3785. [bug] Debugging code dumphex didn't accept arbitrarily long
afee7998d5045107a7673f09bc3448a5dc1b6612jim input (only compiled with -DDEBUG). [RT #35544]
afee7998d5045107a7673f09bc3448a5dc1b6612jim
6ec154950417d0b32082f6590ffa3acc3e0c3d49sf3784. [bug] Using "rrset-order fixed" when it had not been
6ec154950417d0b32082f6590ffa3acc3e0c3d49sf enabled at compile time caused inconsistent
6ec154950417d0b32082f6590ffa3acc3e0c3d49sf results. It now works as documented, defaulting
6ec154950417d0b32082f6590ffa3acc3e0c3d49sf to cyclic mode. [RT #28104]
b38e1e2f118f67818f88faee827f4b3a2881e908sf
3d636d91428f2c0a74012c89a94ec7d5b40aa52esf3783. [func] "tsig-keygen" is now available as an alternate
b38e1e2f118f67818f88faee827f4b3a2881e908sf command name for "ddns-confgen". It generates
33e53d7c6aa5d004d96ea11d7f3ca35b30e82544trawick a TSIG key in named.conf format without comments.
33e53d7c6aa5d004d96ea11d7f3ca35b30e82544trawick [RT #35503]
20e0c71be778348516719e1e58a9f55c8e78c570trawick
027f7b141f164258b254c38319d06452b25d7660trawick3782. [func] Specifying "auto" as the salt when using
027f7b141f164258b254c38319d06452b25d7660trawick "rndc signing -nsec3param" causes named to
977c4527be5a21182f24fc22a40a79d576a52f86trawick generate a 64-bit salt at random. [RT #35322]
977c4527be5a21182f24fc22a40a79d576a52f86trawick
977c4527be5a21182f24fc22a40a79d576a52f86trawick3781. [tuning] Use adaptive mutex locks when available; this
7fef9f66804ea10d5bf343cdd3d607465e8340cajim has been found to improve performance under load
7fef9f66804ea10d5bf343cdd3d607465e8340cajim on many systems. "configure --with-locktype=standard"
7fef9f66804ea10d5bf343cdd3d607465e8340cajim restores conventional mutex locks. [RT #32576]
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier3780. [bug] $GENERATE handled negative numbers incorrectly.
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier [RT #25528]
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier3779. [cleanup] Clarify the error message when using an option
7bd92b29516bc4bf7351d35aa447dbe68f1e8bb4jorton that was not enabled at compile time. [RT #35504]
7bd92b29516bc4bf7351d35aa447dbe68f1e8bb4jorton
7bd92b29516bc4bf7351d35aa447dbe68f1e8bb4jorton3778. [bug] Log a warning when the wrong address family is
a81c0c1ae464b2063a21b45f80c9da8d89bb840ecovener used in "listen-on" or "listen-on-v6". [RT #17848]
a81c0c1ae464b2063a21b45f80c9da8d89bb840ecovener
a81c0c1ae464b2063a21b45f80c9da8d89bb840ecovener3777. [bug] EDNS EXPIRE code could dump core when processing
ffae06377667a5d8f9699ac7512134de7000a83dminfrin DLZ queries. [RT #35493]
ffae06377667a5d8f9699ac7512134de7000a83dminfrin
ffae06377667a5d8f9699ac7512134de7000a83dminfrin3776. [func] "rndc -q" suppresses output from successful
ffae06377667a5d8f9699ac7512134de7000a83dminfrin rndc commands. Errors are printed on stderr.
efc81fe729a2b7401028387da184b4a98f0b854atrawick [RT #21393]
efc81fe729a2b7401028387da184b4a98f0b854atrawick
efc81fe729a2b7401028387da184b4a98f0b854atrawick3775. [bug] dlz_dlopen driver could return the wrong error
efc81fe729a2b7401028387da184b4a98f0b854atrawick code on API version mismatch, leading to a segfault.
9c67ffea79ab184351b5d554b57814e13285e758jim [RT #35495]
8f066564bfc0fd6ddc6ca4b2f2410615554597d1jim
8f066564bfc0fd6ddc6ca4b2f2410615554597d1jim3774. [func] When using "request-nsid", log the NSID value in
d56f48e6d861159b42b8f6eadd66e9e03086ceb9fuankg printable form as well as hex. [RT #20864]
cfd376e3e25eb609c30773a0897c97b2a9a76130fuankg
cfd376e3e25eb609c30773a0897c97b2a9a76130fuankg3773. [func] "host", "nslookup" and "nsupdate" now have
cfd376e3e25eb609c30773a0897c97b2a9a76130fuankg options to print the version number and exit.
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim [RT #26057]
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim3772. [contrib] Added sqlite3 dynamically-loadable DLZ module.
29ecbd9db1622e74964264d078336f7604d65093jim (Based in part on a contribution from Tim Tessier.)
29ecbd9db1622e74964264d078336f7604d65093jim [RT #20822]
29ecbd9db1622e74964264d078336f7604d65093jim
a503caacf7ab36d5bc42cb7c78256e1221642656jim3771. [cleanup] Adjusted log level for "using built-in key"
a503caacf7ab36d5bc42cb7c78256e1221642656jim messages. [RT #24383]
da40dfabefd6f8eb8450e9a097c594ee2ab13e3eminfrin
da40dfabefd6f8eb8450e9a097c594ee2ab13e3eminfrin3770. [bug] "dig +trace" could fail with an assertion when it
da40dfabefd6f8eb8450e9a097c594ee2ab13e3eminfrin needed to fall back to TCP due to a truncated
da40dfabefd6f8eb8450e9a097c594ee2ab13e3eminfrin response. [RT #24660]
59d316b83d42d2a07e25c20d8c35a07b369618bdsf
59d316b83d42d2a07e25c20d8c35a07b369618bdsf3769. [doc] Improved documentation of "rndc signing -list".
59d316b83d42d2a07e25c20d8c35a07b369618bdsf [RT #30652]
59d316b83d42d2a07e25c20d8c35a07b369618bdsf
8602c898d4e06a7e7b9d6b7cf4b172a8e7310987sf3768. [bug] "dnssec-checkds" was missing the SHA-384 digest
8602c898d4e06a7e7b9d6b7cf4b172a8e7310987sf algorithm. [RT #34000]
8602c898d4e06a7e7b9d6b7cf4b172a8e7310987sf
8602c898d4e06a7e7b9d6b7cf4b172a8e7310987sf3767. [func] Log explicitly when using rndc.key to configure
8602c898d4e06a7e7b9d6b7cf4b172a8e7310987sf command channel. [RT #35316]
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim3766. [cleanup] Fixed problems with building outside the source
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim tree when using native PKCS#11. [RT #35459]
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim3765. [bug] Fixed a bug in "rndc secroots" that could crash
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim named when dumping an empty keynode. [RT #35469]
3e2582713ed6883683272fbc628a27419d0ed543minfrin
3e2582713ed6883683272fbc628a27419d0ed543minfrin3764. [bug] The dnssec-keygen/settime -S and -i options
3e2582713ed6883683272fbc628a27419d0ed543minfrin (to set up a successor key and set the prepublication
3e2582713ed6883683272fbc628a27419d0ed543minfrin interval) were missing from dnssec-keyfromlabel.
2c132b1e3610da2fb9e6b3594a313efa3ff29e22minfrin [RT #35394]
2c132b1e3610da2fb9e6b3594a313efa3ff29e22minfrin
2c132b1e3610da2fb9e6b3594a313efa3ff29e22minfrin3763. [bug] delve: Cache DNSSEC records to avoid the need to
a46801e6532423aa7bd184471eb49158d7c9ae62sf re-fetch them when restarting validation. [RT #35476]
a46801e6532423aa7bd184471eb49158d7c9ae62sf
a46801e6532423aa7bd184471eb49158d7c9ae62sf3762. [bug] Address build problems with --pkcs11-native +
808a26d70f28498b9d7252a70d9fb23def781901minfrin --with-openssl with ECDSA support. [RT #35467]
808a26d70f28498b9d7252a70d9fb23def781901minfrin
ef12246b88300687bf1faaf56d115dd8d8d82761jorton3761. [bug] Address dangling reference bug in dns_keytable_add.
6f9bf764bc79571d1da19dfbbd78527fca278a8eminfrin [RT #35471]
6f9bf764bc79571d1da19dfbbd78527fca278a8eminfrin
6f9bf764bc79571d1da19dfbbd78527fca278a8eminfrin3760. [bug] Improve SIT with native PKCS#11 and on Windows.
6f9bf764bc79571d1da19dfbbd78527fca278a8eminfrin [RT #35433]
7d59a9f282af9dce031b61062a0d941641101237rpluem
7d59a9f282af9dce031b61062a0d941641101237rpluem3759. [port] Enable delve on Windows. [RT #35441]
7d59a9f282af9dce031b61062a0d941641101237rpluem
e63e8b4b886d2144fed7946d0fbe8d27386be2dcjorton3758. [port] Enable export library APIs on Windows. [RT #35382]
e63e8b4b886d2144fed7946d0fbe8d27386be2dcjorton
e63e8b4b886d2144fed7946d0fbe8d27386be2dcjorton3757. [port] Enable Python tools (dnssec-coverage,
223c64b836fbc2bc8611da9604379dfe13f56abasf dnssec-checkds) to run on Windows. [RT #34355]
223c64b836fbc2bc8611da9604379dfe13f56abasf
223c64b836fbc2bc8611da9604379dfe13f56abasf3756. [bug] GSSAPI Kerberos realm checking was broken in
bf507cc1e6ad55303c3d436c6ca153f46c788be6sf check_config leading to spurious messages being
bf507cc1e6ad55303c3d436c6ca153f46c788be6sf logged. [RT #35443]
bf507cc1e6ad55303c3d436c6ca153f46c788be6sf
bf507cc1e6ad55303c3d436c6ca153f46c788be6sf --- 9.10.0b1 released ---
93cf7fc650197b941ae31a7c7e51e901b129e954igalic
93cf7fc650197b941ae31a7c7e51e901b129e954igalic3755. [func] Add stats counters for known EDNS options + others.
93cf7fc650197b941ae31a7c7e51e901b129e954igalic [RT #35447]
a1b1c78faf7969affb320f5c8eb270ffa21314c4rjung
a1b1c78faf7969affb320f5c8eb270ffa21314c4rjung3754. [cleanup] win32: Installer now places files in the
a1b1c78faf7969affb320f5c8eb270ffa21314c4rjung Program Files area rather than system services.
a2558ec3af4391b7da7fe61e1e53383bbd0174b9jorton [RT #35361]
a2558ec3af4391b7da7fe61e1e53383bbd0174b9jorton
a2558ec3af4391b7da7fe61e1e53383bbd0174b9jorton3753. [bug] allow-notify was ignoring keys. [RT #35425]
a2558ec3af4391b7da7fe61e1e53383bbd0174b9jorton
8d6b3720340d0bd7f8d25e2a8563527e97a48df8jorton3752. [bug] Address potential REQUIRE failure if
8d6b3720340d0bd7f8d25e2a8563527e97a48df8jorton DNS_STYLEFLAG_COMMENTDATA is set when printing out
8d6b3720340d0bd7f8d25e2a8563527e97a48df8jorton a rdataset.
8d6b3720340d0bd7f8d25e2a8563527e97a48df8jorton
48e4b65042d94992c50f1db6c0b0cdbd99ca77e8sf3751. [tuning] The default setting for the -U option (setting
48e4b65042d94992c50f1db6c0b0cdbd99ca77e8sf the number of UDP listeners per interface) has
48e4b65042d94992c50f1db6c0b0cdbd99ca77e8sf been adjusted to improve performance. [RT #35417]
48e4b65042d94992c50f1db6c0b0cdbd99ca77e8sf
48e4b65042d94992c50f1db6c0b0cdbd99ca77e8sf3750. [experimental] Partially implement EDNS EXPIRE option as described
48e4b65042d94992c50f1db6c0b0cdbd99ca77e8sf in draft-andrews-dnsext-expire-00. Retrieval of
47ae8ca3c79d279b2e5424d6b8cf5e4e61ea968fjim the remaining time until expiry for slave zones
47ae8ca3c79d279b2e5424d6b8cf5e4e61ea968fjim is supported.
47ae8ca3c79d279b2e5424d6b8cf5e4e61ea968fjim
47ae8ca3c79d279b2e5424d6b8cf5e4e61ea968fjim EXPIRE uses an experimental option code (65002),
47ae8ca3c79d279b2e5424d6b8cf5e4e61ea968fjim which is subject to change. [RT #35416]
397df70abe0bdd78a84fb6c38c02641bcfeadceasf
397df70abe0bdd78a84fb6c38c02641bcfeadceasf3749. [func] "dig +subnet" sends an EDNS client subnet option
397df70abe0bdd78a84fb6c38c02641bcfeadceasf containing the specified address/prefix when
9b5fe1d4ec48643fb819bbce9dc80f93f444fb48sf querying. (Thanks to Wilmer van der Gaast.)
9b5fe1d4ec48643fb819bbce9dc80f93f444fb48sf [RT #35415]
9b5fe1d4ec48643fb819bbce9dc80f93f444fb48sf
dd9f60fdfeb73f829fe0b260b7975b4b22be0838sf3748. [test] Use delve to test dns_client interfaces. [RT #35383]
dd9f60fdfeb73f829fe0b260b7975b4b22be0838sf
dd9f60fdfeb73f829fe0b260b7975b4b22be0838sf3747. [bug] A race condition could lead to a core dump when
135e1d6a301398168e3b2e5125508828591e1673niq destroying a resolver fetch object. [RT #35385]
135e1d6a301398168e3b2e5125508828591e1673niq
135e1d6a301398168e3b2e5125508828591e1673niq3746. [func] New "max-zone-ttl" option enforces maximum
135e1d6a301398168e3b2e5125508828591e1673niq TTLs for zones. If loading a zone containing a
135e1d6a301398168e3b2e5125508828591e1673niq higher TTL, the load fails. DDNS updates with
135e1d6a301398168e3b2e5125508828591e1673niq higher TTLs are accepted but the TTL is truncated.
135e1d6a301398168e3b2e5125508828591e1673niq (Note: Currently supported for master zones only;
c7de70e936ac1e36c25676fe62e65dbacb947619minfrin inline-signing slaves will be added.) [RT #38405]
c7de70e936ac1e36c25676fe62e65dbacb947619minfrin
c7de70e936ac1e36c25676fe62e65dbacb947619minfrin3745. [func] "configure --with-tuning=large" adjusts various
c7de70e936ac1e36c25676fe62e65dbacb947619minfrin compiled-in constants and default settings to
c7de70e936ac1e36c25676fe62e65dbacb947619minfrin values suited to large servers with abundant
c7de70e936ac1e36c25676fe62e65dbacb947619minfrin memory. [RT #29538]
c7de70e936ac1e36c25676fe62e65dbacb947619minfrin
1b1621900bd89ddc496d721c865a726f635ebd7esf3744. [experimental] SIT: send and process Source Identity Tokens
1b1621900bd89ddc496d721c865a726f635ebd7esf (similar to DNS Cookies by Donald Eastlake 3rd),
1b1621900bd89ddc496d721c865a726f635ebd7esf which are designed to help clients detect off-path
1b1621900bd89ddc496d721c865a726f635ebd7esf spoofed responses and for servers to identify
1b1621900bd89ddc496d721c865a726f635ebd7esf legitimate clients.
4203a35c28d7c60adb7e9ef3be87aad34951c79asf
4203a35c28d7c60adb7e9ef3be87aad34951c79asf SIT uses an experimental EDNS option code (65001),
4203a35c28d7c60adb7e9ef3be87aad34951c79asf which will be changed to an IANA-assigned value
c094add0a23fe1120fd33711ba2e2d084f5629a1sf if the experiment is deemed a success.
c094add0a23fe1120fd33711ba2e2d084f5629a1sf
c094add0a23fe1120fd33711ba2e2d084f5629a1sf SIT can be enabled via "configure --enable-sit" (or
12b26f433fd7d6fc9f76413d7c2cabf4fa5cb300sf --enable-developer). It is enabled by default in
12b26f433fd7d6fc9f76413d7c2cabf4fa5cb300sf Windows.
12b26f433fd7d6fc9f76413d7c2cabf4fa5cb300sf
26f56d4a3c12077d605362e97490e34522fa4814covener Servers can be configured to send smaller responses
26f56d4a3c12077d605362e97490e34522fa4814covener to clients that have not identified themselves via
26f56d4a3c12077d605362e97490e34522fa4814covener SIT. RRL processing has also been updated;
2cef7e294acb5d8b8b5dcb21a55438da0b73f63figalic legitimate clients are not subject to rate
2cef7e294acb5d8b8b5dcb21a55438da0b73f63figalic limiting. [RT #35389]
2cef7e294acb5d8b8b5dcb21a55438da0b73f63figalic
2d2de64c25c1519122a76150a7daf2c05f53fd9asf3743. [bug] delegation-only flag wasn't working in forward zone
2d2de64c25c1519122a76150a7daf2c05f53fd9asf declarations despite being documented. This is
2d2de64c25c1519122a76150a7daf2c05f53fd9asf needed to support turning off forwarding and turning
2d2de64c25c1519122a76150a7daf2c05f53fd9asf on delegation only at the same name. [RT #35392]
27c5ebb7d411a214f5b6b55a881086ce086d3dd3covener
27c5ebb7d411a214f5b6b55a881086ce086d3dd3covener3742. [port] linux: libcap support: declare curval at start of
27c5ebb7d411a214f5b6b55a881086ce086d3dd3covener block. [RT #35387]
27c5ebb7d411a214f5b6b55a881086ce086d3dd3covener
7697b1b7376a532163c621e050b70c90dcb15d66covener3741. [func] "delve" (domain entity lookup and validation engine):
7697b1b7376a532163c621e050b70c90dcb15d66covener A new tool with dig-like semantics for performing DNS
7697b1b7376a532163c621e050b70c90dcb15d66covener lookups, with internal DNSSEC validation, using the
7697b1b7376a532163c621e050b70c90dcb15d66covener same resolver and validator logic as named. This
7697b1b7376a532163c621e050b70c90dcb15d66covener allows easy validation of DNSSEC data in environments
9e0536cd66a389bdaa758a825b8bbd8fea665a3eigalic with untrustworthy resolvers, and assists with
9e0536cd66a389bdaa758a825b8bbd8fea665a3eigalic troubleshooting of DNSSEC problems. [RT #32406]
9e0536cd66a389bdaa758a825b8bbd8fea665a3eigalic
862bbb262644e8aefae1bf352552b01908ecae0eminfrin3740. [contrib] Minor fixes to configure --with-dlz-bdb,
862bbb262644e8aefae1bf352552b01908ecae0eminfrin --with-dlz-postgres and --with-dlz-odbc. [RT #35340]
862bbb262644e8aefae1bf352552b01908ecae0eminfrin
dd3b88790af9d18429c732ca7bc83ec4ef43d3ffrpluem3739. [func] Added per-zone stats counters to track TCP and
dd3b88790af9d18429c732ca7bc83ec4ef43d3ffrpluem UDP queries. [RT #35375]
dd3b88790af9d18429c732ca7bc83ec4ef43d3ffrpluem
5bbabc874e3fcfbea08c199f7a79ee05b4817a70sf3738. [bug] --enable-openssl-hash failed to build. [RT #35343]
5bbabc874e3fcfbea08c199f7a79ee05b4817a70sf
5bbabc874e3fcfbea08c199f7a79ee05b4817a70sf3737. [bug] 'rndc retransfer' could trigger a assertion failure
8f066564bfc0fd6ddc6ca4b2f2410615554597d1jim with inline zones. [RT #35353]
aec9747aa70c1dce98e536e8eef5a6a0ab0f1d6cjim
aec9747aa70c1dce98e536e8eef5a6a0ab0f1d6cjim3736. [bug] nsupdate: When specifying a server by name,
7b7e8ba34e262064914ceedacd5f7d9201b6575ccovener fall back to alternate addresses if the first
7b7e8ba34e262064914ceedacd5f7d9201b6575ccovener address for that name is not reachable. [RT #25784]
7b7e8ba34e262064914ceedacd5f7d9201b6575ccovener
220bc4233b21982d7c51842a1774db0ba6172ca4covener3735. [cleanup] Merged the libiscpk11 library into libisc
220bc4233b21982d7c51842a1774db0ba6172ca4covener to simplify dependencies. [RT #35205]
220bc4233b21982d7c51842a1774db0ba6172ca4covener
220bc4233b21982d7c51842a1774db0ba6172ca4covener3734. [bug] Improve building with libtool. [RT #35314]
6f2fbf354b34981f398cf0313aa44702ea2a7066covener
6f2fbf354b34981f398cf0313aa44702ea2a7066covener3733. [func] Improve interface scanning support. Interface
6f2fbf354b34981f398cf0313aa44702ea2a7066covener information will be automatically updated if the
6f2fbf354b34981f398cf0313aa44702ea2a7066covener OS supports routing sockets (MacOS, *BSD, Linux).
9e7c7a8fa19c33d1e90f8f7ffab69beacbe72566covener Use "automatic-interface-scan no;" to disable.
9e7c7a8fa19c33d1e90f8f7ffab69beacbe72566covener
9e7c7a8fa19c33d1e90f8f7ffab69beacbe72566covener Add "rndc scan" to trigger a scan. [RT #23027]
9e7c7a8fa19c33d1e90f8f7ffab69beacbe72566covener
a961006b347d6527ccaeab9cf019a4e68d26bfb0covener3732. [contrib] Fixed a type mismatch causing the ODBC DLZ
a961006b347d6527ccaeab9cf019a4e68d26bfb0covener driver to dump core on 64-bit systems. [RT #35324]
a961006b347d6527ccaeab9cf019a4e68d26bfb0covener
e3f43882b4f7ac7d1aa679be4b319cca04fd22eecovener3731. [func] Added a "no-case-compress" ACL, which causes
e3f43882b4f7ac7d1aa679be4b319cca04fd22eecovener named to use case-insensitive compression
e3f43882b4f7ac7d1aa679be4b319cca04fd22eecovener (disabling change #3645) for specified
e3f43882b4f7ac7d1aa679be4b319cca04fd22eecovener clients. (This is useful when dealing
8dea7832dea3789fe0b90c434c284bcaad96d40fcovener with broken client implementations that
8dea7832dea3789fe0b90c434c284bcaad96d40fcovener use case-sensitive name comparisons,
999661242470e4dc0258982d5f183efc2d157ae7covener rejecting responses that fail to match the
0bfcc4d046f6735af2f15981fb53e4c0680b4731covener capitalization of the query that was sent.)
b761a57b4e63006c287823270876ab40d3212160covener [RT #35300]
b761a57b4e63006c287823270876ab40d3212160covener
b761a57b4e63006c287823270876ab40d3212160covener3730. [cleanup] Added "never" as a synonym for "none" when
b761a57b4e63006c287823270876ab40d3212160covener configuring key event dates in the dnssec tools.
5d92fff82718cd018f0b61a10b9ad4d2b8064c95rpluem [RT #35277]
5d92fff82718cd018f0b61a10b9ad4d2b8064c95rpluem
5d92fff82718cd018f0b61a10b9ad4d2b8064c95rpluem3729. [bug] dnssec-keygen could set the publication date
5d92fff82718cd018f0b61a10b9ad4d2b8064c95rpluem incorrectly when only the activation date was
01195d035ccef88e72009e9607157d5eddcb6b7drjung specified on the command line. [RT #35278]
01195d035ccef88e72009e9607157d5eddcb6b7drjung
aec9747aa70c1dce98e536e8eef5a6a0ab0f1d6cjim3728. [doc] Expanded native-PKCS#11 documentation,
84fbf855118f318dd5e511d8e5b902cecc1177c0jim specifically pkcs11: URI labels. [RT #35287]
84fbf855118f318dd5e511d8e5b902cecc1177c0jim
0ed19acadd3d3dd593759173d87d2243e97914e2sf3727. [func] The isc_bitstring API is no longer used and
0ed19acadd3d3dd593759173d87d2243e97914e2sf has been removed from libisc. [RT #35284]
0ed19acadd3d3dd593759173d87d2243e97914e2sf
0ed19acadd3d3dd593759173d87d2243e97914e2sf3726. [cleanup] Clarified the error message when attempting
041b426f9b15072b59a32f132e6d04173ab3df68covener to configure more than 32 response-policy zones.
041b426f9b15072b59a32f132e6d04173ab3df68covener [RT #35283]
041b426f9b15072b59a32f132e6d04173ab3df68covener
cb838cc4d5fd559efd6c0579a0fcb8f6e5a7af22minfrin3725. [contrib] Updated zkt and nslint to newest versions,
cb838cc4d5fd559efd6c0579a0fcb8f6e5a7af22minfrin cleaned up and rearranged the contrib
cb838cc4d5fd559efd6c0579a0fcb8f6e5a7af22minfrin directory, and added a README.
cb838cc4d5fd559efd6c0579a0fcb8f6e5a7af22minfrin
15ff8c621815e8337abc10638f2b2853ee6fd076minfrin --- 9.10.0a2 released ---
15ff8c621815e8337abc10638f2b2853ee6fd076minfrin
15ff8c621815e8337abc10638f2b2853ee6fd076minfrin3724. [bug] win32: Fixed a bug that prevented dig and
21ccb6cd9272c9066a8f5bb3e7785f46115289desf host from exiting properly after completing
21ccb6cd9272c9066a8f5bb3e7785f46115289desf a UDP query. [RT #35288]
21ccb6cd9272c9066a8f5bb3e7785f46115289desf
b0ac1e83f8582a9b5a72bff798ffb31a419c8adesf3723. [cleanup] Imported keys are now handled the same way
b0ac1e83f8582a9b5a72bff798ffb31a419c8adesf regardless of DNSSEC algorithm. [RT #35215]
b0ac1e83f8582a9b5a72bff798ffb31a419c8adesf
b682e60dd82772dba52ba77138e494f15c00a551trawick3722. [bug] Using geoip ACLs in a blackhole statement
b682e60dd82772dba52ba77138e494f15c00a551trawick could cause a segfault. [RT #35272]
b682e60dd82772dba52ba77138e494f15c00a551trawick
b682e60dd82772dba52ba77138e494f15c00a551trawick3721. [doc] Improved documentation of the EDNS processing
b682e60dd82772dba52ba77138e494f15c00a551trawick enhancements introduced in change #3593. [RT #35275]
b682e60dd82772dba52ba77138e494f15c00a551trawick
79c754eb51681c3389cd966753e902c429f78939trawick3720. [bug] Address compiler warnings. [RT #35261]
79c754eb51681c3389cd966753e902c429f78939trawick
79c754eb51681c3389cd966753e902c429f78939trawick3719. [bug] Address memory leak in in peer.c. [RT #35255]
8651de219ec5f595af20afdc9da41ce72aaa50d5minfrin
8651de219ec5f595af20afdc9da41ce72aaa50d5minfrin3718. [bug] A missing ISC_LINK_INIT in log.c. [RT #35260]
8651de219ec5f595af20afdc9da41ce72aaa50d5minfrin
8651de219ec5f595af20afdc9da41ce72aaa50d5minfrin3717. [port] hpux: Treat EOPNOTSUPP as a expected error code when
8fae12696bce44be9ce4c56888690cad8ac7b8f9sf probing to see if it is possible to set dscp values
8fae12696bce44be9ce4c56888690cad8ac7b8f9sf on a per packet basis. [RT #35252]
8fae12696bce44be9ce4c56888690cad8ac7b8f9sf
8fae12696bce44be9ce4c56888690cad8ac7b8f9sf3716. [bug] The dns_request code was setting dcsp values when not
8fae12696bce44be9ce4c56888690cad8ac7b8f9sf requested. [RT #35252]
8fae12696bce44be9ce4c56888690cad8ac7b8f9sf
d5612bd28e194390b2c74fcf712d564b0e002684sf3715. [bug] The region and city databases could fail to
d5612bd28e194390b2c74fcf712d564b0e002684sf initialize when using some versions of libGeoIP,
d5612bd28e194390b2c74fcf712d564b0e002684sf causing assertion failures when named was
4ea161d94782fa56f4b36d496f35ff8577c43065covener configured to use them. [RT #35427]
4ea161d94782fa56f4b36d496f35ff8577c43065covener
4ea161d94782fa56f4b36d496f35ff8577c43065covener3714. [test] System tests that need to test for cryptography
b588214d6e6fe09abe709e83e894921fbc7e25c8covener support before running can now use a common
b588214d6e6fe09abe709e83e894921fbc7e25c8covener "testcrypto.sh" script to do so. [RT #35213]
b588214d6e6fe09abe709e83e894921fbc7e25c8covener
c64fc4e9830bb1ffdc3491aef5ed3be5b90c466bcovener3713. [bug] Save memory by not storing "also-notify" addresses
c64fc4e9830bb1ffdc3491aef5ed3be5b90c466bcovener in zone objects that are configured not to send
c64fc4e9830bb1ffdc3491aef5ed3be5b90c466bcovener notify requests. [RT #35195]
c64fc4e9830bb1ffdc3491aef5ed3be5b90c466bcovener
ae5efbbf49a7ca6d233209a4d011550989e22556covener3712. [placeholder]
ae5efbbf49a7ca6d233209a4d011550989e22556covener
ae5efbbf49a7ca6d233209a4d011550989e22556covener3711. [placeholder]
8c2bb916633b1eb3dccf91c776363bbc3a6145decovener
8c2bb916633b1eb3dccf91c776363bbc3a6145decovener3710. [bug] Address double dns_zone_detach when switching to
8c2bb916633b1eb3dccf91c776363bbc3a6145decovener using automatic empty zones from regular zones.
8c2bb916633b1eb3dccf91c776363bbc3a6145decovener [RT #35177]
503bec4c591d28ac6cec7182294cdef2ec6a9829covener
503bec4c591d28ac6cec7182294cdef2ec6a9829covener3709. [port] Use built-in versions of strptime() and timegm()
503bec4c591d28ac6cec7182294cdef2ec6a9829covener on all platforms to avoid portability issues.
503bec4c591d28ac6cec7182294cdef2ec6a9829covener [RT #35183]
c00149c3cb27e0381362d07ccf2143574b4f600dsf
c00149c3cb27e0381362d07ccf2143574b4f600dsf3708. [bug] Address a portentry locking issue in dispatch.c.
c00149c3cb27e0381362d07ccf2143574b4f600dsf [RT #35128]
766b0a4793197ccef3dfa202d1fee1e1f929ffa7sf
766b0a4793197ccef3dfa202d1fee1e1f929ffa7sf3707. [bug] irs_resconf_load now returns ISC_R_FILENOTFOUND
766b0a4793197ccef3dfa202d1fee1e1f929ffa7sf on a missing resolv.conf file and initializes the
97b692bfc8673c8858f03498f81a993ac0c04c01sf structure as if it had been configured with:
97b692bfc8673c8858f03498f81a993ac0c04c01sf
97b692bfc8673c8858f03498f81a993ac0c04c01sf nameserver ::1
5e6cf205d2b0c848e15c65dab9711805395a5108minfrin nameserver 127.0.0.1
5e6cf205d2b0c848e15c65dab9711805395a5108minfrin
5e6cf205d2b0c848e15c65dab9711805395a5108minfrin Note: Callers will need to be updated to treat
5e6cf205d2b0c848e15c65dab9711805395a5108minfrin ISC_R_FILENOTFOUND as a qualified success or else
df419be6d7d4b68823efa05722375552af49c2b6minfrin they will leak memory. The following code fragment
df419be6d7d4b68823efa05722375552af49c2b6minfrin will work with both old and new versions without
df419be6d7d4b68823efa05722375552af49c2b6minfrin changing the behaviour of the existing code.
df419be6d7d4b68823efa05722375552af49c2b6minfrin
c03e31374e50a227cb554a0f1d4a9056ce80d99asf resconf = NULL;
c03e31374e50a227cb554a0f1d4a9056ce80d99asf result = irs_resconf_load(mctx, "/etc/resolv.conf",
c03e31374e50a227cb554a0f1d4a9056ce80d99asf &resconf);
40b22d3b20454959fe51fdc89907908d77701078minfrin if (result != ISC_SUCCESS) {
40b22d3b20454959fe51fdc89907908d77701078minfrin if (resconf != NULL)
40b22d3b20454959fe51fdc89907908d77701078minfrin irs_resconf_destroy(&resconf);
b4a00883f358625923365ca1560c96edec172a52sf ....
b4a00883f358625923365ca1560c96edec172a52sf }
b4a00883f358625923365ca1560c96edec172a52sf
b4a00883f358625923365ca1560c96edec172a52sf [RT #35194]
0553e62d75ef12d9a6646bb874be1fbf9e4c1dfbsf
0553e62d75ef12d9a6646bb874be1fbf9e4c1dfbsf3706. [contrib] queryperf: Fixed a possible integer overflow when
0553e62d75ef12d9a6646bb874be1fbf9e4c1dfbsf printing results. [RT #35182]
87af9ffc3a42633fe12e11a0ff77bc099ecdca82sf
f58bb3da705eb7ec926f4883597fc2eb1336a360minfrin3705. [func] "configure --enable-native-pkcs11" enables BIND
f58bb3da705eb7ec926f4883597fc2eb1336a360minfrin to use the PKCS#11 API for all cryptographic
f58bb3da705eb7ec926f4883597fc2eb1336a360minfrin functions, so that it can drive a hardware service
f58bb3da705eb7ec926f4883597fc2eb1336a360minfrin module directly without the need to use a modified
f58bb3da705eb7ec926f4883597fc2eb1336a360minfrin OpenSSL as intermediary (so long as the HSM's vendor
be192cefa381d5bae6868034687471754cb43175sf provides a complete-enough implementation of the
be192cefa381d5bae6868034687471754cb43175sf PKCS#11 interface). This has been tested successfully
be192cefa381d5bae6868034687471754cb43175sf with the Thales nShield HSM and with SoftHSMv2 from
be192cefa381d5bae6868034687471754cb43175sf the OpenDNSSEC project. [RT #29031]
f4a0825e91eec135b5e41c697439e9a13014fa2cminfrin
f4a0825e91eec135b5e41c697439e9a13014fa2cminfrin3704. [protocol] Accept integer timestamps in RRSIG records. [RT #35185]
f4a0825e91eec135b5e41c697439e9a13014fa2cminfrin
f4a0825e91eec135b5e41c697439e9a13014fa2cminfrin3703. [func] To improve recursive resolver performance, cache
5876f43a746f688a32b7201bced8591ddf19bd43minfrin records which are still being requested by clients
5876f43a746f688a32b7201bced8591ddf19bd43minfrin can now be automatically refreshed from the
5876f43a746f688a32b7201bced8591ddf19bd43minfrin authoritative server before they expire, reducing
5876f43a746f688a32b7201bced8591ddf19bd43minfrin or eliminating the time window in which no answer
bbba414c5bbf770e505778265bbe7a4a0e4fbdaaniq is available in the cache. See the "prefetch" option
bbba414c5bbf770e505778265bbe7a4a0e4fbdaaniq for more details. [RT #35041]
bbba414c5bbf770e505778265bbe7a4a0e4fbdaaniq
4aef34911af88f96c5b6d9b71a550a5a97bbc0b6minfrin3702. [func] 'dnssec-coverage -l' option specifies a length
4aef34911af88f96c5b6d9b71a550a5a97bbc0b6minfrin of time to check for coverage; events further into
4aef34911af88f96c5b6d9b71a550a5a97bbc0b6minfrin the future are ignored. 'dnssec-coverage -z'
4aef34911af88f96c5b6d9b71a550a5a97bbc0b6minfrin checks only ZSK events, and 'dnssec-coverage -k'
4aef34911af88f96c5b6d9b71a550a5a97bbc0b6minfrin checks only KSK events. (Thanks to Peter Palfrader.)
4cefc38158672f5de8119886d9754cf0609a9371minfrin [RT #35168]
4cefc38158672f5de8119886d9754cf0609a9371minfrin
4cefc38158672f5de8119886d9754cf0609a9371minfrin3701. [func] named-checkconf can now obscure shared secrets
4cefc38158672f5de8119886d9754cf0609a9371minfrin when printing by specifying '-x'. [RT #34465]
4cefc38158672f5de8119886d9754cf0609a9371minfrin
11d3c510dca5b5178ad4739ffc1567ef2155bda9minfrin3700. [func] Allow access to subgroups of XML statistics via
11d3c510dca5b5178ad4739ffc1567ef2155bda9minfrin special URLs http://<server>:<port>/xml/v3/server,
11d3c510dca5b5178ad4739ffc1567ef2155bda9minfrin /zones, /net, /tasks, /mem, and /status. [RT #35115]
d974a1624c0bb4f1c2e8b36fcf8ba1f12284ed8dsf
d974a1624c0bb4f1c2e8b36fcf8ba1f12284ed8dsf3699. [bug] Improvements to statistics channel XSL stylesheet:
d974a1624c0bb4f1c2e8b36fcf8ba1f12284ed8dsf the stylesheet can now be cached by the browser;
1a8c329935111a5059363efe927d631371b78414minfrin section headers are omitted from the stats display
1a8c329935111a5059363efe927d631371b78414minfrin when there is no data in those sections to be
fac37c9794a18c24d187f4e0f97a9476c4344118minfrin displayed; counters are now right-justified for
fac37c9794a18c24d187f4e0f97a9476c4344118minfrin easier readability. [RT #35117]
fac37c9794a18c24d187f4e0f97a9476c4344118minfrin
fc58f0ff708564b67cd578c626b6500d1cd63a51sf3698. [cleanup] Replaced all uses of memcpy() with memmove().
fc58f0ff708564b67cd578c626b6500d1cd63a51sf [RT #35120]
fc58f0ff708564b67cd578c626b6500d1cd63a51sf
fc58f0ff708564b67cd578c626b6500d1cd63a51sf3697. [bug] Handle "." as a search list element when IDN support
fc58f0ff708564b67cd578c626b6500d1cd63a51sf is enabled. [RT #35133]
fc58f0ff708564b67cd578c626b6500d1cd63a51sf
4e5fe1d203ddf3956a77be3c797c01fd4be8b211sf3696. [bug] dig failed to handle AXFR style IXFR responses which
4e5fe1d203ddf3956a77be3c797c01fd4be8b211sf span multiple messages. [RT #35137]
4e5fe1d203ddf3956a77be3c797c01fd4be8b211sf
dcb4802d9ea9fc4ba89671e8f8faa70c9535b202minfrin3695. [bug] Address a possible race in dispatch.c. [RT #35107]
dcb4802d9ea9fc4ba89671e8f8faa70c9535b202minfrin
dcb4802d9ea9fc4ba89671e8f8faa70c9535b202minfrin3694. [bug] Warn when a key-directory is configured for a zone,
dcb4802d9ea9fc4ba89671e8f8faa70c9535b202minfrin but does not exist or is not a directory. [RT #35108]
dcb4802d9ea9fc4ba89671e8f8faa70c9535b202minfrin
ce4dc40a4e87991087488f70d96d3447d7557294sf3693. [security] memcpy was incorrectly called with overlapping
ce4dc40a4e87991087488f70d96d3447d7557294sf ranges resulting in malformed names being generated
0119f1301a880cf39c0aad0fa2a77240af964691sf on some platforms. This could cause INSIST failures
ce4dc40a4e87991087488f70d96d3447d7557294sf when serving NSEC3 signed zones (CVE-2014-0591).
9db0b0ee6ffade769db57b37a06b3f4849b5d367minfrin [RT #35120]
9db0b0ee6ffade769db57b37a06b3f4849b5d367minfrin
9db0b0ee6ffade769db57b37a06b3f4849b5d367minfrin3692. [bug] Two calls to dns_db_getoriginnode were fatal if there
9db0b0ee6ffade769db57b37a06b3f4849b5d367minfrin was no data at the node. [RT #35080]
033d82412cc4af9d939b7e1645425b9e7f4ebf60minfrin
033d82412cc4af9d939b7e1645425b9e7f4ebf60minfrin3691. [contrib] Address null pointer dereference in LDAP and
033d82412cc4af9d939b7e1645425b9e7f4ebf60minfrin MySQL DLZ modules.
033d82412cc4af9d939b7e1645425b9e7f4ebf60minfrin
033d82412cc4af9d939b7e1645425b9e7f4ebf60minfrin3690. [bug] Iterative responses could be missed when the source
1b390add6886fb1c0acdea82be0ef0920f1158casf port for an upstream query was the same as the
1b390add6886fb1c0acdea82be0ef0920f1158casf listener port (53). [RT #34925]
1b390add6886fb1c0acdea82be0ef0920f1158casf
5fd471ec540a088d143a223096d35661bf87c15btrawick3689. [bug] Fixed a bug causing an insecure delegation from one
5fd471ec540a088d143a223096d35661bf87c15btrawick static-stub zone to another to fail with a broken
5fd471ec540a088d143a223096d35661bf87c15btrawick trust chain. [RT #35081]
f2472b79d241967fa28f8284470b1c5cafee7b12wrowe
f2472b79d241967fa28f8284470b1c5cafee7b12wrowe3688. [bug] loadnode could return a freed node on out of memory.
f2472b79d241967fa28f8284470b1c5cafee7b12wrowe [RT #35106]
f2472b79d241967fa28f8284470b1c5cafee7b12wrowe
f2472b79d241967fa28f8284470b1c5cafee7b12wrowe3687. [bug] Address null pointer dereference in zone_xfrdone.
f2472b79d241967fa28f8284470b1c5cafee7b12wrowe [RT #35042]
c9201c790435060b1322d86949183085ca5f6c0cwrowe
c9201c790435060b1322d86949183085ca5f6c0cwrowe3686. [func] "dnssec-signzone -Q" drops signatures from keys
c9201c790435060b1322d86949183085ca5f6c0cwrowe that are still published but no longer active.
c9201c790435060b1322d86949183085ca5f6c0cwrowe [RT #34990]
c9201c790435060b1322d86949183085ca5f6c0cwrowe
c9201c790435060b1322d86949183085ca5f6c0cwrowe3685. [bug] "rndc refresh" didn't work correctly with slave
38bd9dba7627c6b2f331cd0731c272ee6bd876b1wrowe zones using inline-signing. [RT #35105]
38bd9dba7627c6b2f331cd0731c272ee6bd876b1wrowe
38bd9dba7627c6b2f331cd0731c272ee6bd876b1wrowe3684. [bug] The list of included files would grow on reload.
38bd9dba7627c6b2f331cd0731c272ee6bd876b1wrowe [RT 35090]
c1ba97f41a4526d84fb7a1596afe3dd11e065a2cminfrin
c1ba97f41a4526d84fb7a1596afe3dd11e065a2cminfrin3683. [cleanup] Add a more detailed "not found" message to rndc
c1ba97f41a4526d84fb7a1596afe3dd11e065a2cminfrin commands which specify a zone name. [RT #35059]
c1ba97f41a4526d84fb7a1596afe3dd11e065a2cminfrin
c1ba97f41a4526d84fb7a1596afe3dd11e065a2cminfrin3682. [bug] Correct the behavior of rndc retransfer to allow
97cc46935ec496b83fef9d6feb094d706c895b3bsf inline-signing slave zones to retain NSEC3 parameters
4ed33a14c26d78bbe6bd0b9d5091cdb184e348basf instead of reverting to NSEC. [RT #34745]
4ed33a14c26d78bbe6bd0b9d5091cdb184e348basf
4ed33a14c26d78bbe6bd0b9d5091cdb184e348basf3681. [port] Update the Windows build system to support feature
97cc46935ec496b83fef9d6feb094d706c895b3bsf selection and WIN64 builds. This is a work in
72e3829dbd019a63b1091987fc6e7b1c028b089cminfrin progress. [RT #34160]
72e3829dbd019a63b1091987fc6e7b1c028b089cminfrin
72e3829dbd019a63b1091987fc6e7b1c028b089cminfrin3680. [bug] Ensure buffer space is available in "rndc zonestatus".
1081aff66582e2cac722fb3b6f09da4f524b5962minfrin [RT #35084]
1081aff66582e2cac722fb3b6f09da4f524b5962minfrin
1081aff66582e2cac722fb3b6f09da4f524b5962minfrin3679. [bug] dig could fail to clean up TCP sockets still
1081aff66582e2cac722fb3b6f09da4f524b5962minfrin waiting on connect(). [RT #35074]
9f0c32ae318f33c93a47d83f4709242c18339bbcminfrin
9f0c32ae318f33c93a47d83f4709242c18339bbcminfrin3678. [port] Update config.guess and config.sub. [RT #35060]
9f0c32ae318f33c93a47d83f4709242c18339bbcminfrin
9f0c32ae318f33c93a47d83f4709242c18339bbcminfrin3677. [bug] 'nsupdate' leaked memory if 'realm' was used multiple
9474e446514b06765775eb0c1ec6645e2c5e50f6minfrin times. [RT #35073]
9474e446514b06765775eb0c1ec6645e2c5e50f6minfrin
9474e446514b06765775eb0c1ec6645e2c5e50f6minfrin3676. [bug] "named-checkconf -z" now checks zones of type
9f0c32ae318f33c93a47d83f4709242c18339bbcminfrin hint and redirect as well as master. [RT #35046]
b7557ab9828d2017224a12968f82c3118b6a8c0aminfrin
b7557ab9828d2017224a12968f82c3118b6a8c0aminfrin3675. [misc] Provide a place for third parties to add version
b7557ab9828d2017224a12968f82c3118b6a8c0aminfrin information for their extensions in the version
b7557ab9828d2017224a12968f82c3118b6a8c0aminfrin file by setting the EXTENSIONS variable.
b7557ab9828d2017224a12968f82c3118b6a8c0aminfrin
b7557ab9828d2017224a12968f82c3118b6a8c0aminfrin --- 9.10.0a1 released ---
9474e446514b06765775eb0c1ec6645e2c5e50f6minfrin
9474e446514b06765775eb0c1ec6645e2c5e50f6minfrin3674. [bug] RPZ zeroed ttls if the query type was '*'. [RT #35026]
9474e446514b06765775eb0c1ec6645e2c5e50f6minfrin
b7557ab9828d2017224a12968f82c3118b6a8c0aminfrin3673. [func] New "in-view" zone option allows direct sharing
e302f38fd646764ce1a1e1c578d794aef514a9e5sf of zones between views. [RT #32968]
e302f38fd646764ce1a1e1c578d794aef514a9e5sf
e302f38fd646764ce1a1e1c578d794aef514a9e5sf3672. [func] Local address can now be specified when using
b32d756dae79045a9bc90e0d0b85582f6f28eaf3sf dns_client API. [RT #34811]
e302f38fd646764ce1a1e1c578d794aef514a9e5sf
9c233808c898095865fcc0a2dc1cf594d0d8faf3sf3671. [bug] Don't allow dnssec-importkey overwrite a existing
9c233808c898095865fcc0a2dc1cf594d0d8faf3sf non-imported private key.
3b41ccdaa163f4e900bbf8a7aa6a366df033822dminfrin
3b41ccdaa163f4e900bbf8a7aa6a366df033822dminfrin3670. [bug] Address read after free in server side of
3b41ccdaa163f4e900bbf8a7aa6a366df033822dminfrin lwres_getrrsetbyname. [RT #29075]
3b41ccdaa163f4e900bbf8a7aa6a366df033822dminfrin
3b41ccdaa163f4e900bbf8a7aa6a366df033822dminfrin3669. [port] freebsd: --with-gssapi needs -lhx509. [RT #35001]
28587db43bc4bea96a36fbcffdd967e7b422bb97minfrin
28587db43bc4bea96a36fbcffdd967e7b422bb97minfrin3668. [bug] Fix cast in lex.c which could see 0xff treated as eof.
28587db43bc4bea96a36fbcffdd967e7b422bb97minfrin [RT #34993]
28587db43bc4bea96a36fbcffdd967e7b422bb97minfrin
5a2dcc476c33985b7681aa72256bcd7266057eddsf3667. [test] dig: add support to keep the TCP socket open between
5a2dcc476c33985b7681aa72256bcd7266057eddsf successive queries (+[no]keepopen). [RT #34918]
5a2dcc476c33985b7681aa72256bcd7266057eddsf
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier3666. [func] Add a tool, named-rrchecker, for checking the syntax
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier of individual resource records. This tool is intended
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier to be called by provisioning systems so that the front
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier end does not need to be upgraded to support new DNS
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier record types. [RT #34778]
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier3665. [bug] Failure to release lock on error in receive_secure_db.
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier [RT #34944]
f3a19422957c2e9eb827c8e38e5982f678591aa5minfrin
b7a2f855b5e31abc24dab2eef28e9e2f985ae25brpluem3664. [bug] Updated OpenSSL PKCS#11 patches to fix active list
b7a2f855b5e31abc24dab2eef28e9e2f985ae25brpluem locking and other bugs. [RT #34855]
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener3663. [bug] Address bugs in dns_rdata_fromstruct and
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener dns_rdata_tostruct for WKS and ISDN types. [RT #34910]
84fbf855118f318dd5e511d8e5b902cecc1177c0jim
ac45a43afbf38aa4a91c1402c6beef6ef8a2696dniq3662. [bug] 'host' could die if a UDP query timed out. [RT #34870]
ac45a43afbf38aa4a91c1402c6beef6ef8a2696dniq
ac45a43afbf38aa4a91c1402c6beef6ef8a2696dniq3661. [bug] Address lock order reversal deadlock with inline zones.
ac45a43afbf38aa4a91c1402c6beef6ef8a2696dniq [RT #34856]
b2b9b7f0644773b50aee41956a841ac884086250niq
b2b9b7f0644773b50aee41956a841ac884086250niq3660. [cleanup] Changed the name of "isc-config.sh" to "bind9-config".
b2b9b7f0644773b50aee41956a841ac884086250niq [RT #23825]
b2b9b7f0644773b50aee41956a841ac884086250niq
b2b9b7f0644773b50aee41956a841ac884086250niq3659. [port] solaris: don't add explicit dependencies/rules for
b4f348c8e74ba8166410ddeffac03e4887696788niq python programs as make won't use the implicit rules.
b4f348c8e74ba8166410ddeffac03e4887696788niq [RT #34835]
b4f348c8e74ba8166410ddeffac03e4887696788niq
4fda5fb4cc40703a76e261bbf21ec1d6b51b7d3fjim3658. [port] linux: Address platform specific compilation issue
4fda5fb4cc40703a76e261bbf21ec1d6b51b7d3fjim when libcap-devel is installed. [RT #34838]
fa0dc2a4f675a868378a52946e5b244d6bf41196sf
fa0dc2a4f675a868378a52946e5b244d6bf41196sf3657. [port] Some readline clones don't accept NULL pointers when
0807f6da6091b748ab47c21ba66252fe8da2a966sf calling add_history. [RT #34842]
0807f6da6091b748ab47c21ba66252fe8da2a966sf
0807f6da6091b748ab47c21ba66252fe8da2a966sf3656. [security] Treat an all zero netmask as invalid when generating
b92a868b537899a51efd8c200c396fa51c63839dtrawick the localnets acl. (The prior behavior could
b92a868b537899a51efd8c200c396fa51c63839dtrawick allow unexpected matches when using some versions
4fda5fb4cc40703a76e261bbf21ec1d6b51b7d3fjim of Winsock: CVE-2013-6320.) [RT #34687]
dc52cac281d8b311dc47d115ed979f923b667679rjung
dc52cac281d8b311dc47d115ed979f923b667679rjung3655. [cleanup] Simplify TCP message processing when requesting a
dc52cac281d8b311dc47d115ed979f923b667679rjung zone transfer. [RT #34825]
2534e869d2ba209bd0c43717ea80992e6de0c51djim
2534e869d2ba209bd0c43717ea80992e6de0c51djim3654. [bug] Address race condition with manual notify requests.
f8033d657a57eab45af44368774d8beb3e4f7f35pquerna [RT #34806]
f8033d657a57eab45af44368774d8beb3e4f7f35pquerna
f8033d657a57eab45af44368774d8beb3e4f7f35pquerna3653. [func] Create delegations for all "children" of empty zones
f8033d657a57eab45af44368774d8beb3e4f7f35pquerna except "forward first". [RT #34826]
02fd88c85a9850109753b87612955ad372de1575sf
02fd88c85a9850109753b87612955ad372de1575sf3652. [bug] Address bug with rpz-drop policy. [RT #34816]
02fd88c85a9850109753b87612955ad372de1575sf
da48ae521bcc2751f8eb8dfb02f7aab0f46943c6sf3651. [tuning] Adjust when a master server is deemed unreachable.
da48ae521bcc2751f8eb8dfb02f7aab0f46943c6sf [RT #27075]
da48ae521bcc2751f8eb8dfb02f7aab0f46943c6sf
1374472d83ce061a431b7f6eeb5e5135fb4cd922jim3650. [tuning] Use separate rate limiting queues for refresh and
1374472d83ce061a431b7f6eeb5e5135fb4cd922jim notify requests. [RT #30589]
1374472d83ce061a431b7f6eeb5e5135fb4cd922jim
1374472d83ce061a431b7f6eeb5e5135fb4cd922jim3649. [cleanup] Include a comment in .nzf files, giving the name of
ab7a123efe997d907274eb672ab2b36746bb3f57sf the associated view. [RT #34765]
ab7a123efe997d907274eb672ab2b36746bb3f57sf
ab7a123efe997d907274eb672ab2b36746bb3f57sf3648. [test] Updated the ATF test framework to version 0.17.
ab7a123efe997d907274eb672ab2b36746bb3f57sf [RT #25627]
a44d29a3794110c558c940bd903a1930d717a7d7sf
a44d29a3794110c558c940bd903a1930d717a7d7sf3647. [bug] Address a race condition when shutting down a zone.
a44d29a3794110c558c940bd903a1930d717a7d7sf [RT #34750]
a44d29a3794110c558c940bd903a1930d717a7d7sf
70003ce816d7851e49ecb0cdc5137becd647ed18niq3646. [bug] Journal filename string could be set incorrectly,
70003ce816d7851e49ecb0cdc5137becd647ed18niq causing garbage in log messages. [RT #34738]
ef766b4977fa0c796f1d1fa828c5868d5a6bde74rbowen
b5e45168970cefb8b2d0bea709ea69790f3eab96niq3645. [protocol] Use case sensitive compression when responding to
815067bc5eff8fc218019e18ee5ea868372917cdsf queries. [RT #34737]
815067bc5eff8fc218019e18ee5ea868372917cdsf
9f2c7096ac1f41aca1328d304d54dbaef4ebb06drjung3644. [protocol] Check that EDNS subnet client options are well formed.
2534e869d2ba209bd0c43717ea80992e6de0c51djim [RT #34718]
ff5e24709209b13601480827b0fecf32c428ff32rjung
39d67f66729a7008c1e73d65a81e778ce819a227rjung3643. [doc] Clarify RRL "slip" documentation.
39d67f66729a7008c1e73d65a81e778ce819a227rjung
da20b997bf4652f7597e0a7845db371aab2f7187rjung3642. [func] Allow externally generated DNSKEY to be imported
da20b997bf4652f7597e0a7845db371aab2f7187rjung into the DNSKEY management framework. A new tool
133cbcba0df4ba0e72f7eaaaebabe119f145f261niq dnssec-importkey is used to do this. [RT #34698]
133cbcba0df4ba0e72f7eaaaebabe119f145f261niq
133cbcba0df4ba0e72f7eaaaebabe119f145f261niq3641. [bug] Handle changes to sig-validity-interval settings
c8dcde16853eef36b713d4633fac83b66e49aa5eniq better. [RT #34625]
c8dcde16853eef36b713d4633fac83b66e49aa5eniq
c8dcde16853eef36b713d4633fac83b66e49aa5eniq3640. [bug] ndots was not being checked when searching. Only
1a7a4f8c6a312cb237e428c77da0792eb165dc7aniq continue searching on NXDOMAIN responses. Add the
1a7a4f8c6a312cb237e428c77da0792eb165dc7aniq ability to specify ndots to nslookup. [RT #34711]
1a7a4f8c6a312cb237e428c77da0792eb165dc7aniq
1a7a4f8c6a312cb237e428c77da0792eb165dc7aniq3639. [bug] Treat type 65533 (KEYDATA) as opaque except when used
927e277b4be750e06960b3d4f1c2b1ca146e0555niq in a key zone. [RT #34238]
927e277b4be750e06960b3d4f1c2b1ca146e0555niq
927e277b4be750e06960b3d4f1c2b1ca146e0555niq3638. [cleanup] Add the ability to handle ENOPROTOOPT in case it is
83de39879307034216ce0af15a47a88a55af11e3rjung encountered. [RT #34668]
83de39879307034216ce0af15a47a88a55af11e3rjung
83de39879307034216ce0af15a47a88a55af11e3rjung3637. [bug] 'allow-query-on' was checking the source address
7cfa48136e3b42a14cdff1a46b60f4e4d2ad5291niq rather than the destination address. [RT #34590]
7cfa48136e3b42a14cdff1a46b60f4e4d2ad5291niq
7cfa48136e3b42a14cdff1a46b60f4e4d2ad5291niq3636. [bug] Automatic empty zones now behave better with
7cfa48136e3b42a14cdff1a46b60f4e4d2ad5291niq forward only "zones" beneath them. [RT #34583]
7cfa48136e3b42a14cdff1a46b60f4e4d2ad5291niq
0a4924de8350e2bbfa16a27f42ff0bc61aa52d43rjung3635. [bug] Signatures were not being removed from a zone with
0a4924de8350e2bbfa16a27f42ff0bc61aa52d43rjung only KSK keys for a algorithm. [RT #34439]
0a4924de8350e2bbfa16a27f42ff0bc61aa52d43rjung
8e8568ec7d29f056a2a4942d1d50481e441c25d9covener3634. [func] Report build-id in rndc status. Report build-id
4ea8055e720d18f386b8026b546e5836ecccba4arjung when building from a git repository. [RT #20422]
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe3633. [cleanup] Refactor OPT processing in named to make it easier
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe to support new EDNS options. [RT #34414]
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe3632. [bug] Signature from newly inactive keys were not being
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe removed. [RT #32178]
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe3631. [bug] Remove spurious warning about missing signatures when
46fdfef7dfc745effe179387e1dcb8245d3804batrawick qtype is SIG. [RT #34600]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick
46fdfef7dfc745effe179387e1dcb8245d3804batrawick3630. [bug] Ensure correct ID computation for MD5 keys. [RT #33033]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick
46fdfef7dfc745effe179387e1dcb8245d3804batrawick3629. [func] Allow the printing of cryptographic fields in DNSSEC
46fdfef7dfc745effe179387e1dcb8245d3804batrawick records by dig to be suppressed (dig +nocrypto).
46fdfef7dfc745effe179387e1dcb8245d3804batrawick [RT #34534]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick
46fdfef7dfc745effe179387e1dcb8245d3804batrawick3628. [func] Report DNSKEY key id's when dumping the cache.
46fdfef7dfc745effe179387e1dcb8245d3804batrawick [RT #34533]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick
46fdfef7dfc745effe179387e1dcb8245d3804batrawick3627. [bug] RPZ changes were not effective on slaves. [RT #34450]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick
f4845813cd6fa5749dfec8e3bc647b85c1df0980wrowe3626. [func] dig: NSID output now easier to read. [RT #21160]
f4845813cd6fa5749dfec8e3bc647b85c1df0980wrowe
f4845813cd6fa5749dfec8e3bc647b85c1df0980wrowe3625. [bug] Don't send notify messages to machines outside of the
f4845813cd6fa5749dfec8e3bc647b85c1df0980wrowe test setup.
f4845813cd6fa5749dfec8e3bc647b85c1df0980wrowe
f55c048e33a905f9f771b3aed309373bdf547944jorton3624. [bug] Look for 'json_object_new_int64' when looking for a
f55c048e33a905f9f771b3aed309373bdf547944jorton the json library. [RT #34449]
f55c048e33a905f9f771b3aed309373bdf547944jorton
f55c048e33a905f9f771b3aed309373bdf547944jorton3623. [placeholder]
cddaaa6378c5082e8dff0d11dc21cf6c4928ecbcjorton
cddaaa6378c5082e8dff0d11dc21cf6c4928ecbcjorton3622. [tuning] Eliminate an unnecessary lock when incrementing
cddaaa6378c5082e8dff0d11dc21cf6c4928ecbcjorton cache statistics. [RT #34339]
cddaaa6378c5082e8dff0d11dc21cf6c4928ecbcjorton
9b2bd9e83cbb6f5debb2edba59a0c12089eb37c3minfrin3621. [security] Incorrect bounds checking on private type 'keydata'
9b2bd9e83cbb6f5debb2edba59a0c12089eb37c3minfrin can lead to a remotely triggerable REQUIRE failure
9b2bd9e83cbb6f5debb2edba59a0c12089eb37c3minfrin (CVE-2013-4854). [RT #34238]
9b2bd9e83cbb6f5debb2edba59a0c12089eb37c3minfrin
9b2bd9e83cbb6f5debb2edba59a0c12089eb37c3minfrin3620. [func] Added "rpz-client-ip" policy triggers, enabling
9b2bd9e83cbb6f5debb2edba59a0c12089eb37c3minfrin RPZ responses to be configured on the basis of
a89e2c1651aab7734345fa3a6712a757708535ferjung the client IP address; this can be used, for
a89e2c1651aab7734345fa3a6712a757708535ferjung example, to blacklist misbehaving recursive
a89e2c1651aab7734345fa3a6712a757708535ferjung or stub resolvers. [RT #33605]
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung3619. [bug] Fixed a bug in RPZ with "recursive-only no;"
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung [RT #33776]
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung3618. [func] "rndc reload" now checks modification times of
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung include files as well as master files to determine
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung whether to skip reloading a zone. [RT #33936]
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung3617. [bug] Named was failing to answer queries during
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung "rndc reload" [RT #34098]
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung3616. [bug] Change #3613 was incomplete. [RT #34177]
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung3615. [cleanup] "configure" now finishes by printing a summary
23bc6974af15e69a9aa4b5b3fc06b800b53ca234sf of optional BIND features and whether they are
23bc6974af15e69a9aa4b5b3fc06b800b53ca234sf active or inactive. ("configure --enable-full-report"
23bc6974af15e69a9aa4b5b3fc06b800b53ca234sf increases the verbosity of the summary.) [RT #31777]
298eb744831be682f749ffe1c01c88d82adf215esf
298eb744831be682f749ffe1c01c88d82adf215esf3614. [port] Check for <linux/types.h>. [RT #34162]
298eb744831be682f749ffe1c01c88d82adf215esf
298eb744831be682f749ffe1c01c88d82adf215esf3613. [bug] named could crash when deleting inline-signing
298eb744831be682f749ffe1c01c88d82adf215esf zones with "rndc delzone". [RT #34066]
298eb744831be682f749ffe1c01c88d82adf215esf
298eb744831be682f749ffe1c01c88d82adf215esf3612. [port] Check whether to use -ljson or -ljson-c. [RT #34115]
298eb744831be682f749ffe1c01c88d82adf215esf
298eb744831be682f749ffe1c01c88d82adf215esf3611. [bug] Improved resistance to a theoretical authentication
b9aa9ca00496f67eb755d67764775ff23ac7eb03covener attack based on differential timing. [RT #33939]
b9aa9ca00496f67eb755d67764775ff23ac7eb03covener
f2386b627177c7a80d38fed6ec0aed3c086909c1covener3610. [cleanup] win32: Some executables had been omitted from the
f2386b627177c7a80d38fed6ec0aed3c086909c1covener installer. [RT #34116]
70d4e28f12f8cc2e130457c841095dc69c67cf31minfrin
70d4e28f12f8cc2e130457c841095dc69c67cf31minfrin3609. [bug] Corrected a possible deadlock in applications using
70d4e28f12f8cc2e130457c841095dc69c67cf31minfrin the export version of the isc_app API. [RT #33967]
70d4e28f12f8cc2e130457c841095dc69c67cf31minfrin
70d4e28f12f8cc2e130457c841095dc69c67cf31minfrin3608. [port] win32: added todos.pl script to ensure all text files
1a668f25bc6b4b111822caaba70bb9289d64ade5niq the win32 build depends on are converted to DOS
1a668f25bc6b4b111822caaba70bb9289d64ade5niq newline format. [RT #22067]
1a668f25bc6b4b111822caaba70bb9289d64ade5niq
7a6c86627922e38fa227943b9f888f96109681e5covener3607. [bug] dnssec-keygen had broken 'Invalid keyfile' error
7a6c86627922e38fa227943b9f888f96109681e5covener message. [RT #34045]
7a6c86627922e38fa227943b9f888f96109681e5covener
7a6c86627922e38fa227943b9f888f96109681e5covener3606. [func] "rndc flushtree" now flushes matching
17efe57eb8d88fa0d371f4ac4939dbbbe78fd09bcovener records in the address database and bad cache
17efe57eb8d88fa0d371f4ac4939dbbbe78fd09bcovener as well as the DNS cache. (Previously only the
17efe57eb8d88fa0d371f4ac4939dbbbe78fd09bcovener DNS cache was flushed.) [RT #33970]
17efe57eb8d88fa0d371f4ac4939dbbbe78fd09bcovener
17efe57eb8d88fa0d371f4ac4939dbbbe78fd09bcovener3605. [port] win32: Addressed several compatibility issues
8068423ee2d80a7c42b2325a71c24ac9485327cecovener with newer versions of Visual Studio. [RT #33916]
8068423ee2d80a7c42b2325a71c24ac9485327cecovener
8068423ee2d80a7c42b2325a71c24ac9485327cecovener3604. [bug] Fixed a compile-time error when building with
8068423ee2d80a7c42b2325a71c24ac9485327cecovener JSON but not XML. [RT #33959]
8068423ee2d80a7c42b2325a71c24ac9485327cecovener
7703bad94964cc64022e08e2d1ae2c5fbfe2d3c6covener3603. [bug] Install <isc/stat.h>. [RT #33956]
7703bad94964cc64022e08e2d1ae2c5fbfe2d3c6covener
7703bad94964cc64022e08e2d1ae2c5fbfe2d3c6covener3602. [contrib] Added DLZ Perl module, allowing Perl scripts to
7703bad94964cc64022e08e2d1ae2c5fbfe2d3c6covener integrate with named and serve DNS data.
689ee47a7329cf0d0ce4c5a98670b33fcf00d81btrawick (Contributed by John Eaglesham of Yahoo.)
689ee47a7329cf0d0ce4c5a98670b33fcf00d81btrawick
689ee47a7329cf0d0ce4c5a98670b33fcf00d81btrawick3601. [bug] Added to PKCS#11 openssl patches a value len
aa8df43397bb42245e1633f12e2300c9715f3a7btrawick attribute in DH derive key. [RT #33928]
aa8df43397bb42245e1633f12e2300c9715f3a7btrawick
5a2f24f5e41d52e59e1c11e90cd423b8967d4184trawick3600. [cleanup] dig: Fixed a typo in the warning output when receiving
19ce7effbcc8a735f1a883f9266e086fde2adb63poirier an oversized response. [RT #33910]
19ce7effbcc8a735f1a883f9266e086fde2adb63poirier
19ce7effbcc8a735f1a883f9266e086fde2adb63poirier3599. [tuning] Check for pointer equivalence in name comparisons.
5d58d0bc1ce35e0ee814b6c2dc21a5286e460b87covener [RT #18125]
8eac2273e3d5f2dc8464fada76fcfbf33a938a2fcovener
8eac2273e3d5f2dc8464fada76fcfbf33a938a2fcovener3598. [cleanup] Improved portability of map file code. [RT #33820]
8eac2273e3d5f2dc8464fada76fcfbf33a938a2fcovener
8eac2273e3d5f2dc8464fada76fcfbf33a938a2fcovener3597. [bug] Ensure automatic-resigning heaps are reconstructed
c6124d7fde07b58d51785d0f1cb509026eeaa138jim when loading zones in map format. [RT #33381]
c6124d7fde07b58d51785d0f1cb509026eeaa138jim
c6124d7fde07b58d51785d0f1cb509026eeaa138jim3596. [port] Updated win32 build documentation, added
c6124d7fde07b58d51785d0f1cb509026eeaa138jim dnssec-verify. [RT #22067]
680e7b4c70df00b695883c824947ca6ec15d69ecsf
680e7b4c70df00b695883c824947ca6ec15d69ecsf3595. [port] win32: Fix build problems introduced by change #3550.
680e7b4c70df00b695883c824947ca6ec15d69ecsf [RT #33807]
3a49a6c98ef80c71830e66e7f8f46083001b494ctrawick
3a49a6c98ef80c71830e66e7f8f46083001b494ctrawick3594. [maint] Update config.guess and config.sub. [RT #33816]
d46dfdce9351f52a971777948d9b02f8fc668ff8niq
6fee4e2faa2e45fe2636d01e35d03c2cf0c9d431minfrin3593. [func] Update EDNS processing to better track remote server
6fee4e2faa2e45fe2636d01e35d03c2cf0c9d431minfrin capabilities. [RT #30655]
6fee4e2faa2e45fe2636d01e35d03c2cf0c9d431minfrin
6fee4e2faa2e45fe2636d01e35d03c2cf0c9d431minfrin3592. [doc] Moved documentation of rndc command options to the
03aa31ad82759363ba1a55589e517b16308ef635minfrin rndc man page. [RT #33506]
03aa31ad82759363ba1a55589e517b16308ef635minfrin
03aa31ad82759363ba1a55589e517b16308ef635minfrin3591. [func] Use CRC-64 to detect map file corruption at load
03aa31ad82759363ba1a55589e517b16308ef635minfrin time. [RT #33746]
9fe23388f983cb652b5d68e2bd92aa9f0568c574minfrin
9fe23388f983cb652b5d68e2bd92aa9f0568c574minfrin3590. [bug] When using RRL on recursive servers, defer
9fe23388f983cb652b5d68e2bd92aa9f0568c574minfrin rate-limiting until after recursion is complete;
e9eabac76b50e8f00d0c391f6070d0f42db77aa2wrowe also, use correct rcode for slipped NXDOMAIN
e9eabac76b50e8f00d0c391f6070d0f42db77aa2wrowe responses. [RT #33604]
e9eabac76b50e8f00d0c391f6070d0f42db77aa2wrowe
e9eabac76b50e8f00d0c391f6070d0f42db77aa2wrowe3589. [func] Report serial numbers in when starting zone transfers.
e9eabac76b50e8f00d0c391f6070d0f42db77aa2wrowe Report accepted NOTIFY requests including serial.
433d36fd71af86369719893afe09877be4cb4f3asf [RT# 33037]
433d36fd71af86369719893afe09877be4cb4f3asf
433d36fd71af86369719893afe09877be4cb4f3asf3588. [bug] dig: addressed a memory leak in the sigchase code
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf that could cause a shutdown crash. [RT #33733]
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf3587. [func] 'named -g' now checks the logging configuration but
46fdfef7dfc745effe179387e1dcb8245d3804batrawick does not use it. [RT #33473]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick
46fdfef7dfc745effe179387e1dcb8245d3804batrawick3586. [bug] Handle errors in xmlDocDumpFormatMemoryEnc. [RT #33706]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick
46fdfef7dfc745effe179387e1dcb8245d3804batrawick3585. [func] "rndc delzone -clean" option removes zone files
46fdfef7dfc745effe179387e1dcb8245d3804batrawick when deleting a zone. [RT #33570]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick
46fdfef7dfc745effe179387e1dcb8245d3804batrawick3584. [security] Caching data from an incompletely signed zone could
46fdfef7dfc745effe179387e1dcb8245d3804batrawick trigger an assertion failure in resolver.c
46fdfef7dfc745effe179387e1dcb8245d3804batrawick (CVE-2013-3919). [RT #33690]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick
573f949c582f06bd738a96196f40b646b6d540b8rpluem3583. [bug] Address memory leak in GSS-API processing [RT #33574]
573f949c582f06bd738a96196f40b646b6d540b8rpluem
573f949c582f06bd738a96196f40b646b6d540b8rpluem3582. [bug] Silence false positive warning regarding missing file
c44902d07eab7deb803a59e959f57cf3b7d56655poirier directive for inline slave zones. [RT #33662]
c44902d07eab7deb803a59e959f57cf3b7d56655poirier
c44902d07eab7deb803a59e959f57cf3b7d56655poirier3581. [bug] Changed the tcp-listen-queue default to 10. [RT #33029]
ae1981fc94adf2b231e2d0e15d2f895b2138c969covener
ae1981fc94adf2b231e2d0e15d2f895b2138c969covener3580. [bug] Addressed a possible race in acache.c [RT #33602]
ae1981fc94adf2b231e2d0e15d2f895b2138c969covener
ae1981fc94adf2b231e2d0e15d2f895b2138c969covener3579. [maint] Updates to PKCS#11 openssl patches, supporting
ae1981fc94adf2b231e2d0e15d2f895b2138c969covener versions 0.9.8y, 1.0.0k, 1.0.1e [RT #33463]
ae1981fc94adf2b231e2d0e15d2f895b2138c969covener
ae1981fc94adf2b231e2d0e15d2f895b2138c969covener3578. [bug] 'rndc -c file' now fails if 'file' does not exist.
4ac05f9625e37cc421f4ea548422827b4de163d7niq [RT #33571]
4ac05f9625e37cc421f4ea548422827b4de163d7niq
4ac05f9625e37cc421f4ea548422827b4de163d7niq3577. [bug] Handle zero TTL values better. [RT #33411]
4ac05f9625e37cc421f4ea548422827b4de163d7niq
4ac05f9625e37cc421f4ea548422827b4de163d7niq3576. [bug] Address a shutdown race when validating. [RT #33573]
6999a76d8eb5ef6b4b295e51df0b2fb6064bd373covener
6999a76d8eb5ef6b4b295e51df0b2fb6064bd373covener3575. [func] Changed the logging category for RRL events from
6999a76d8eb5ef6b4b295e51df0b2fb6064bd373covener 'queries' to 'query-errors'. [RT #33540]
ead0b57bbeaec5acb14f931b5641962f429dabc9trawick
ead0b57bbeaec5acb14f931b5641962f429dabc9trawick3574. [doc] The 'hostname' keyword was missing from server-id
ead0b57bbeaec5acb14f931b5641962f429dabc9trawick description in the named.conf man page. [RT #33476]
77d6f9d5c2a5cab805e9ace265628f3d791b937dniq
77d6f9d5c2a5cab805e9ace265628f3d791b937dniq3573. [bug] "rndc addzone" and "rndc delzone" incorrectly handled
77d6f9d5c2a5cab805e9ace265628f3d791b937dniq zone names containing punctuation marks and other
a9d359cdeb1cee65cdb9fab5e19ffb4846172183trawick nonstandard characters. [RT #33419]
77d6f9d5c2a5cab805e9ace265628f3d791b937dniq
9f35dd32eedd781d218a85f0315ea5526a8adc84minfrin3572. [func] Threads are now enabled by default on most
9f35dd32eedd781d218a85f0315ea5526a8adc84minfrin operating systems. [RT #25483]
9f35dd32eedd781d218a85f0315ea5526a8adc84minfrin
9f35dd32eedd781d218a85f0315ea5526a8adc84minfrin3571. [bug] Address race condition in dns_client_startresolve().
5dc4220fc22561537ce1421a03e11846a5b719ebminfrin [RT #33234]
5dc4220fc22561537ce1421a03e11846a5b719ebminfrin
5dc4220fc22561537ce1421a03e11846a5b719ebminfrin3570. [bug] Check internal pointers are valid when loading map
5dc4220fc22561537ce1421a03e11846a5b719ebminfrin files. [RT #33403]
5dc4220fc22561537ce1421a03e11846a5b719ebminfrin
bd27541a0c96caa881f17a490e23cdd220d480c8poirier3569. [contrib] Ported mysql DLZ driver to dynamically-loadable
a9d359cdeb1cee65cdb9fab5e19ffb4846172183trawick module, and added multithread support. [RT #33394]
bd27541a0c96caa881f17a490e23cdd220d480c8poirier
68c4447ba8e057cf38cbbec918e0549b817f20b4minfrin3568. [cleanup] Add a product description line to the version file,
68c4447ba8e057cf38cbbec918e0549b817f20b4minfrin to be reported by named -v/-V. [RT #33366]
68c4447ba8e057cf38cbbec918e0549b817f20b4minfrin
68c4447ba8e057cf38cbbec918e0549b817f20b4minfrin3567. [bug] Silence clang static analyzer warnings. [RT #33365]
68c4447ba8e057cf38cbbec918e0549b817f20b4minfrin
e33d0698670fead33dbd7c907363053b9e2be454minfrin3566. [func] Log when forwarding updates to master. [RT #33240]
e33d0698670fead33dbd7c907363053b9e2be454minfrin
e33d0698670fead33dbd7c907363053b9e2be454minfrin3565. [placeholder]
e33d0698670fead33dbd7c907363053b9e2be454minfrin
e33d0698670fead33dbd7c907363053b9e2be454minfrin3564. [bug] Improved handling of corrupted map files. [RT #33380]
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin3563. [contrib] zone2sqlite failed with some table names. [RT #33375]
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin
4ea8055e720d18f386b8026b546e5836ecccba4arjung3562. [func] Update map file header format to include a SHA-1 hash
a9d359cdeb1cee65cdb9fab5e19ffb4846172183trawick of the database content, so that corrupted map files
a9d359cdeb1cee65cdb9fab5e19ffb4846172183trawick can be rejected at load time. [RT #32459]
4ea8055e720d18f386b8026b546e5836ecccba4arjung
fd80868005a61e747bc45b39df83cae7abb3d151pgollucci3561. [bug] dig: issue a warning if an EDNS query returns FORMERR
fd80868005a61e747bc45b39df83cae7abb3d151pgollucci or NOTIMP. Adjust usage message. [RT #33363]
fd80868005a61e747bc45b39df83cae7abb3d151pgollucci
60a8830541cd85d23a42ccb1639bc4744de9d526poirier3560. [bug] isc-config.sh did not honor includedir and libdir
60a8830541cd85d23a42ccb1639bc4744de9d526poirier when set via configure. [RT #33345]
60a8830541cd85d23a42ccb1639bc4744de9d526poirier
60a8830541cd85d23a42ccb1639bc4744de9d526poirier3559. [func] Check that both forms of Sender Policy Framework
5ae15cd9d22fb3bdfd2eb0b9761c4ef07fbf2f96minfrin records exist or do not exist. [RT #33355]
5ae15cd9d22fb3bdfd2eb0b9761c4ef07fbf2f96minfrin
5ae15cd9d22fb3bdfd2eb0b9761c4ef07fbf2f96minfrin3558. [bug] IXFR of a DLZ stored zone was broken. [RT #33331]
5ae15cd9d22fb3bdfd2eb0b9761c4ef07fbf2f96minfrin
69fc9805c344b2dd5fd49a4f75cbf55dedeac7d6minfrin3557. [bug] Reloading redirect zones was broken. [RT #33292]
69fc9805c344b2dd5fd49a4f75cbf55dedeac7d6minfrin
69fc9805c344b2dd5fd49a4f75cbf55dedeac7d6minfrin3556. [maint] Added AAAA for D.ROOT-SERVERS.NET.
46fdfef7dfc745effe179387e1dcb8245d3804batrawick
46fdfef7dfc745effe179387e1dcb8245d3804batrawick3555. [bug] Address theoretical race conditions in acache.c
46fdfef7dfc745effe179387e1dcb8245d3804batrawick (change #3553 was incomplete). [RT #33252]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick
ca0a943242b488c162aa89874498e0316f7b2f2eminfrin3554. [bug] RRL failed to correctly rate-limit upward
e1c6c1dac26c35ecebe158438bb0c56afbb9bfb0sf referrals and failed to count dropped error
e1c6c1dac26c35ecebe158438bb0c56afbb9bfb0sf responses in the statistics. [RT #33225]
dd90cc3ba2a09e7be46c9d8f5faad90edf18134fsf
38451a13fb80b89e704792ebc0e6f9e5e5877d7dsf3553. [bug] Address suspected double free in acache. [RT #33252]
38451a13fb80b89e704792ebc0e6f9e5e5877d7dsf
38451a13fb80b89e704792ebc0e6f9e5e5877d7dsf3552. [bug] Wrong getopt option string for 'nsupdate -r'.
38451a13fb80b89e704792ebc0e6f9e5e5877d7dsf [RT #33280]
38451a13fb80b89e704792ebc0e6f9e5e5877d7dsf
505e342aefa9fbccc857f1bc653a310e25511946sf3551. [bug] resolver.querydscp[46] were uninitialized. [RT #32686]
505e342aefa9fbccc857f1bc653a310e25511946sf
505e342aefa9fbccc857f1bc653a310e25511946sf3550. [func] Unified the internal and export versions of the
505e342aefa9fbccc857f1bc653a310e25511946sf BIND libraries, allowing external clients to use
26734c75baf170a492ef6a82f07b24ee1af7d0b1sf the same libraries as BIND. [RT #33131]
26734c75baf170a492ef6a82f07b24ee1af7d0b1sf
26734c75baf170a492ef6a82f07b24ee1af7d0b1sf3549. [doc] Documentation for "request-nsid" was missing.
dda254ba84bdff5e236917af1b31693ca4360eabcovener [RT #33153]
dda254ba84bdff5e236917af1b31693ca4360eabcovener
dda254ba84bdff5e236917af1b31693ca4360eabcovener3548. [bug] The NSID request code in resolver.c was broken
dda254ba84bdff5e236917af1b31693ca4360eabcovener resulting in invalid EDNS options being sent.
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna [RT #33153]
bf52162f2d05c1fb1a107c7ef108de73f739b3edpquerna
e1d33ac481c6683a069630c8f9aceec3a48babcetrawick3547. [bug] Some malformed unknown rdata records were not properly
e1d33ac481c6683a069630c8f9aceec3a48babcetrawick detected and rejected. [RT #33129]
cf12a027b0859c14d5c4852efffeff62158cd98dtrawick
3becbd2611ffb2e8391a8eacce765b43dcb1c669wrowe3546. [func] Add EUI48 and EUI64 types. [RT #33082]
8e5e9b2d4c6cbcd21ca182fe1109d59284239515wrowe
3becbd2611ffb2e8391a8eacce765b43dcb1c669wrowe3545. [bug] RRL slip behavior was incorrect when set to 1.
9c78f8d71737dfbbbf4da2f9acb397567a10e88bsf [RT #33111]
9c78f8d71737dfbbbf4da2f9acb397567a10e88bsf
9c78f8d71737dfbbbf4da2f9acb397567a10e88bsf3544. [contrib] check5011.pl: Script to report the status of
9c78f8d71737dfbbbf4da2f9acb397567a10e88bsf managed keys as recorded in managed-keys.bind.
9c78f8d71737dfbbbf4da2f9acb397567a10e88bsf Contributed by Tony Finch <dot@dotat.at>
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf3543. [bug] Update socket structure before attaching to socket
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf manager after accept. [RT #33084]
47ff2654d827dd3596ce2e4099d69cec0f1009b9takashi
47ff2654d827dd3596ce2e4099d69cec0f1009b9takashi3542. [placeholder]
47ff2654d827dd3596ce2e4099d69cec0f1009b9takashi
b4ae72381175122ebfe42ff0d11db7a7f4162014takashi3541. [bug] Parts of libdns were not properly initialized when
b4ae72381175122ebfe42ff0d11db7a7f4162014takashi built in libexport mode. [RT #33028]
b4ae72381175122ebfe42ff0d11db7a7f4162014takashi
5e1ae35c05125b8b6c6c648c60e576f5796ea061rpluem3540. [test] libt_api: t_info and t_assert were not thread safe.
5e1ae35c05125b8b6c6c648c60e576f5796ea061rpluem
b115299831a7b4bbec58a88d708d8536e1ecd50csf3539. [port] win32: timestamp format didn't match other platforms.
5e1ae35c05125b8b6c6c648c60e576f5796ea061rpluem
5e1ae35c05125b8b6c6c648c60e576f5796ea061rpluem3538. [test] Running "make test" now requires loopback interfaces
b9a830d395feaa66ab621841a5cd86e1fa2d184brjung to be set up. [RT #32452]
b9a830d395feaa66ab621841a5cd86e1fa2d184brjung
82e6711dc508d2822d9397f07136ba4ddd8764e1niq3537. [tuning] Slave zones, when updated, now send NOTIFY messages
82e6711dc508d2822d9397f07136ba4ddd8764e1niq to peers before being dumped to disk rather than
82e6711dc508d2822d9397f07136ba4ddd8764e1niq after. [RT #27242]
82e6711dc508d2822d9397f07136ba4ddd8764e1niq
82e6711dc508d2822d9397f07136ba4ddd8764e1niq3536. [func] Add support for setting Differentiated Services Code
82e6711dc508d2822d9397f07136ba4ddd8764e1niq Point (DSCP) values in named. Most configuration
82e6711dc508d2822d9397f07136ba4ddd8764e1niq options which take a "port" option (e.g.,
f43104f173247435cb4ade2b89aa2ca8108aedb7niq listen-on, forwarders, also-notify, masters,
f43104f173247435cb4ade2b89aa2ca8108aedb7niq notify-source, etc) can now also take a "dscp"
f43104f173247435cb4ade2b89aa2ca8108aedb7niq option specifying a code point for use with
1fdcfb04a08e53ce28af657d854922efbbabecf4niq outgoing traffic, if supported by the underlying
1fdcfb04a08e53ce28af657d854922efbbabecf4niq OS. [RT #27596]
1fdcfb04a08e53ce28af657d854922efbbabecf4niq
1fdcfb04a08e53ce28af657d854922efbbabecf4niq3535. [bug] Minor win32 cleanups. [RT #32962]
c26aa743a70c2148cdca1e6c637c605d9025b051niq
c26aa743a70c2148cdca1e6c637c605d9025b051niq3534. [bug] Extra text after an embedded NULL was ignored when
c26aa743a70c2148cdca1e6c637c605d9025b051niq parsing zone files. [RT #32699]
c26aa743a70c2148cdca1e6c637c605d9025b051niq
e076b09731977eafcef2bfc6f5323f3ab7e83b15niq3533. [contrib] query-loc-0.4.0: memory leaks. [RT #32960]
e076b09731977eafcef2bfc6f5323f3ab7e83b15niq
3fba96a56fbced0f14edde04f417d74d7f5bdb1eniq3532. [contrib] zkt: fixed buffer overrun, resource leaks. [RT #32960]
3a183ee5b8f8129f6d3ec493be51abacda7c6ea7niq
3a183ee5b8f8129f6d3ec493be51abacda7c6ea7niq3531. [bug] win32: A uninitialized value could be returned on out
3a183ee5b8f8129f6d3ec493be51abacda7c6ea7niq of memory. [RT #32960]
64dbb5532fba398c5e81efeb21c7fd50c05819d7niq
22d3cfb8f14471efbc3bbc8faa2c59805ac2395fjim3530. [contrib] Better RTT tracking in queryperf. [RT #30128]
64dbb5532fba398c5e81efeb21c7fd50c05819d7niq
d31d6c32262a8d1cbfc63d9f7adccae46002c8f7niq3529. [func] Named now listens on both IPv4 and IPv6 interfaces
d31d6c32262a8d1cbfc63d9f7adccae46002c8f7niq by default. Named previously only listened on IPv4
d31d6c32262a8d1cbfc63d9f7adccae46002c8f7niq interfaces by default unless named was running in
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna IPv6 only mode. [RT #32945]
a50db00c3663c2a0d3531965c64d995516b06288niq
11f2c481e1d57bedb3f758565307501e9a2730ddtrawick3528. [func] New "dnssec-coverage" command scans the timing
11f2c481e1d57bedb3f758565307501e9a2730ddtrawick metadata for a set of DNSSEC keys and reports if a
11f2c481e1d57bedb3f758565307501e9a2730ddtrawick lapse in signing coverage has been scheduled
11f2c481e1d57bedb3f758565307501e9a2730ddtrawick inadvertently. (Note: This tool depends on python;
11f2c481e1d57bedb3f758565307501e9a2730ddtrawick it will not be built or installed on systems that
11f2c481e1d57bedb3f758565307501e9a2730ddtrawick do not have a python interpreter.) [RT #28098]
4aa736735709d0434c02ae6cc65b0738eb9882cctakashi
4aa736735709d0434c02ae6cc65b0738eb9882cctakashi3527. [compat] Add a URI to allow applications to explicitly
4aa736735709d0434c02ae6cc65b0738eb9882cctakashi request a particular XML schema from the statistics
99d46a23c6eac800f327b29f8009f7d7da986230trawick channel, returning 404 if not supported. [RT #32481]
99d46a23c6eac800f327b29f8009f7d7da986230trawick
99d46a23c6eac800f327b29f8009f7d7da986230trawick3526. [cleanup] Set up dependencies for unit tests correctly during
99d46a23c6eac800f327b29f8009f7d7da986230trawick build. [RT #32803]
6c2782f8988f498ad9e5fc84256e202175c3edc9covener
6c2782f8988f498ad9e5fc84256e202175c3edc9covener3525. [func] Support for additional signing algorithms in rndc:
6c2782f8988f498ad9e5fc84256e202175c3edc9covener hmac-sha1, -sha224, -sha256, -sha384, and -sha512.
6c2782f8988f498ad9e5fc84256e202175c3edc9covener The -A option to rndc-confgen can be used to
a50db00c3663c2a0d3531965c64d995516b06288niq select the algorithm for the generated key.
bf27540ecb929632fd82264742045c96006c382cniq (The default is still hmac-md5; this may
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna change in a future release.) [RT #20363]
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna3524. [func] Added an alternate statistics channel in JSON format,
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna when the server is built with the json-c library:
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna http://[address]:[port]/json. [RT #32630]
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna3523. [contrib] Ported filesystem and ldap DLZ drivers to
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna dynamically-loadable modules, and added the
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna "wildcard" module based on a contribution from
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna Vadim Goncharov <vgoncharov@nic.ru>. [RT #23569]
ea6ff3396df1d6d43ee0ecfa3e26ada981d8e9a3sctemme
8a0c75e992cc657a98317e78374b800d16963cfatrawick3522. [bug] DLZ lookups could fail to return SERVFAIL when
ba217dc41cebc0976010ee177f8fedac782d1f6fminfrin they ought to. [RT #32685]
ab1b172430f2d4e1b222b541bb8c1d431c1a7bc7sf
8315a125b56710a222167e4d65b96c3c891f4b25sf3521. [bug] Address memory leak in opensslecdsa_link.c. [RT #32249]
8315a125b56710a222167e4d65b96c3c891f4b25sf
ab1b172430f2d4e1b222b541bb8c1d431c1a7bc7sf3520. [bug] 'mctx' was not being referenced counted in some places
3f985866b9b5b49fb57735b5eb135591163f30dfsf where it should have been. [RT #32794]
3f985866b9b5b49fb57735b5eb135591163f30dfsf
7f51e5c395d431b8c20226f77de28efe13272bfasf3519. [func] Full replay protection via four-way handshake is
7f51e5c395d431b8c20226f77de28efe13272bfasf now mandatory for rndc clients. Very old versions
7f51e5c395d431b8c20226f77de28efe13272bfasf of rndc will no longer work. [RT #32798]
7f51e5c395d431b8c20226f77de28efe13272bfasf
17d64c884a44f5ca72f6901afd3e50991bfc1c63sf3518. [bug] Increase the size of dns_rrl_key.s.rtype by one bit
17d64c884a44f5ca72f6901afd3e50991bfc1c63sf so that all dns_rrl_rtype_t enum values fit regardless
17d64c884a44f5ca72f6901afd3e50991bfc1c63sf of whether it is teated as signed or unsigned by
a6e4caaa97e433cc2ef78d957bc32756d9c49f79sf the compiler. [RT #32792]
a6e4caaa97e433cc2ef78d957bc32756d9c49f79sf
a6e4caaa97e433cc2ef78d957bc32756d9c49f79sf3517. [bug] Reorder destruction to avoid shutdown race. [RT #32777]
a6e4caaa97e433cc2ef78d957bc32756d9c49f79sf
68686064650b23222461014a11558593de194bbctrawick3516. [placeholder]
304903af1cf77cbdfa07e8a6482f35f3d9d7b0f3sf
304903af1cf77cbdfa07e8a6482f35f3d9d7b0f3sf3515. [port] '%T' is not portable in strftime(). [RT #32763]
a6e4caaa97e433cc2ef78d957bc32756d9c49f79sf
a96ba81cada826f2a9ab1e24218a77bfadfc31d8sf3514. [bug] The ranges for valid key sizes in ddns-confgen and
a96ba81cada826f2a9ab1e24218a77bfadfc31d8sf rndc-confgen were too constrained. Keys up to 512
a96ba81cada826f2a9ab1e24218a77bfadfc31d8sf bits are now allowed for most algorithms, and up
a96ba81cada826f2a9ab1e24218a77bfadfc31d8sf to 1024 bits for hmac-sha384 and hmac-sha512.
4f133508c93204c06e1acba9774ff184e5812606niq [RT #32753]
4f133508c93204c06e1acba9774ff184e5812606niq
4f133508c93204c06e1acba9774ff184e5812606niq3513. [func] "dig -u" prints times in microseconds rather than
87587593f1a53030e840acc0dec6cc881022ea40covener milliseconds. [RT #32704]
87587593f1a53030e840acc0dec6cc881022ea40covener
87587593f1a53030e840acc0dec6cc881022ea40covener3512. [func] "rndc validation check" reports the current status
87587593f1a53030e840acc0dec6cc881022ea40covener of DNSSEC validation. [RT #21397]
87587593f1a53030e840acc0dec6cc881022ea40covener
52071e4b9f49c3a1c2c767c7ea80ec92cf9032c9covener3511. [doc] Improve documentation of redirect zones. [RT #32756]
52071e4b9f49c3a1c2c767c7ea80ec92cf9032c9covener
52071e4b9f49c3a1c2c767c7ea80ec92cf9032c9covener3510. [func] "rndc status" and XML statistics channel now report
89b8bbc89404e7071e573c4f0a17f528996e855djorton server start and reconfiguration times. [RT #21048]
89b8bbc89404e7071e573c4f0a17f528996e855djorton
89b8bbc89404e7071e573c4f0a17f528996e855djorton3509. [cleanup] Added a product line to version file to allow for
e1d4c4e8366f46dc5dc1e6e24b4c7ac448dfa061sf easy naming of different products (BIND
e1d4c4e8366f46dc5dc1e6e24b4c7ac448dfa061sf vs BIND ESV, for example). [RT #32755]
6bc4f334a04802bab835893d0c42af8bfb9c3c41sf
6bc4f334a04802bab835893d0c42af8bfb9c3c41sf3508. [contrib] queryperf was incorrectly rejecting the -T option.
53593dbd8fece82cb66a23f0b7024d8d713d66f1sf [RT #32338]
53593dbd8fece82cb66a23f0b7024d8d713d66f1sf
79e3f2f950745953fff4a6a8dfe1f7cce31ce287sf3507. [bug] Statistics channel XSL had a glitch when attempting
79e3f2f950745953fff4a6a8dfe1f7cce31ce287sf to chart query data before any queries had been
ab2b977442827214b1d884decf3e3f1579fd45e1rpluem received. [RT #32620]
ab2b977442827214b1d884decf3e3f1579fd45e1rpluem
ab2b977442827214b1d884decf3e3f1579fd45e1rpluem3506. [func] When setting "max-cache-size" and "max-acache-size",
195edf54eccd8c5a436c7dd17f5f604e7074d5d1sf the keyword "unlimited" is no longer defined as equal
195edf54eccd8c5a436c7dd17f5f604e7074d5d1sf to 4 gigabytes (except on 32-bit platforms); it
195edf54eccd8c5a436c7dd17f5f604e7074d5d1sf means literally unlimited. [RT #32358]
3709b26f3370ae89c5324a3c03fab56a93b09ecdsf
3709b26f3370ae89c5324a3c03fab56a93b09ecdsf3505. [bug] When setting "max-cache-size" and "max-acache-size",
3709b26f3370ae89c5324a3c03fab56a93b09ecdsf larger values than 4 gigabytes could not be set
03577bc320125eaa2b27ee7af78b894ee6dfe121takashi explicitly, though larger sizes were available
03577bc320125eaa2b27ee7af78b894ee6dfe121takashi when setting cache size to 0. This has been
03577bc320125eaa2b27ee7af78b894ee6dfe121takashi corrected; the full range is now available.
f5119c5d7cfe8c6d53cb29d43f8746684068ed82minfrin [RT #32358]
f5119c5d7cfe8c6d53cb29d43f8746684068ed82minfrin
f5119c5d7cfe8c6d53cb29d43f8746684068ed82minfrin3504. [func] Add support for ACLs based on geographic location,
f5119c5d7cfe8c6d53cb29d43f8746684068ed82minfrin using MaxMind GeoIP databases. Based on code
f74d35a61a835e15412b99b8aebe4958fe4e94a5takashi contributed by Ken Brownfield <kb@slide.com>.
94713632faf403489b3f8b4e0ed65e1011ac4991takashi [RT #30681]
f74d35a61a835e15412b99b8aebe4958fe4e94a5takashi
20216b769716c4346cce373f2028d7dbebf03886poirier3503. [doc] Clarify size_spec syntax. [RT #32449]
20216b769716c4346cce373f2028d7dbebf03886poirier
20216b769716c4346cce373f2028d7dbebf03886poirier3502. [func] zone-statistics: "no" is now a synonym for "none",
7317a32e0c621c9a28f6f10e83e6c5dc63e3f3bdsf instead of "terse". [RT #29165]
7317a32e0c621c9a28f6f10e83e6c5dc63e3f3bdsf
7317a32e0c621c9a28f6f10e83e6c5dc63e3f3bdsf3501. [func] zone-statistics now takes three options: full,
ecc6e723b804fb4b8f858910eff3f88242ec56fasf terse, and none. "yes" and "no" are retained as
ecc6e723b804fb4b8f858910eff3f88242ec56fasf synonyms for full and terse, respectively. [RT #29165]
ecc6e723b804fb4b8f858910eff3f88242ec56fasf
ecc6e723b804fb4b8f858910eff3f88242ec56fasf3500. [security] Support NAPTR regular expression validation on
ecc6e723b804fb4b8f858910eff3f88242ec56fasf all platforms without using libregex, which
ecc6e723b804fb4b8f858910eff3f88242ec56fasf can be vulnerable to memory exhaustion attack
727d68c6009030f56a350b4603384ce4fb844341minfrin (CVE-2013-2266). [RT #32688]
727d68c6009030f56a350b4603384ce4fb844341minfrin
727d68c6009030f56a350b4603384ce4fb844341minfrin3499. [doc] Corrected ARM documentation of built-in zones.
ed6dfb7d7057dc4f42348f12d7bff9fe98fc73cfminfrin [RT #32694]
ed6dfb7d7057dc4f42348f12d7bff9fe98fc73cfminfrin
ed6dfb7d7057dc4f42348f12d7bff9fe98fc73cfminfrin3498. [bug] zone statistics for zones which matched a potential
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf empty zone could have their zone-statistics setting
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf overridden.
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf
23247a8f748077bc788a5fbaf91d5fad34d0b7d1sf3497. [func] When deleting a slave/stub zone using 'rndc delzone'
23247a8f748077bc788a5fbaf91d5fad34d0b7d1sf report the files that were being used so they can
23247a8f748077bc788a5fbaf91d5fad34d0b7d1sf be cleaned up if desired. [RT #27899]
23247a8f748077bc788a5fbaf91d5fad34d0b7d1sf
58015652ffe00f004c6404a0631474f23dadc7dasf3496. [placeholder]
58015652ffe00f004c6404a0631474f23dadc7dasf
58015652ffe00f004c6404a0631474f23dadc7dasf3495. [func] Support multiple response-policy zones (up to 32),
2af38cc44e48753913565b38a7a9f325f898a293minfrin while improving RPZ performance. "response-policy"
2af38cc44e48753913565b38a7a9f325f898a293minfrin syntax now includes a "min-ns-dots" clause, with
745417156908df54538ca284b382ce8d27b30066minfrin default 1, to exclude top-level domains from
2af38cc44e48753913565b38a7a9f325f898a293minfrin NSIP and NSDNAME checking. --enable-rpz-nsip and
fc2f0972572614b50523bc5ddb3f866ca4acd2f0sf --enable-rpz-nsdname are now the default. [RT #32251]
fc2f0972572614b50523bc5ddb3f866ca4acd2f0sf
fc2f0972572614b50523bc5ddb3f866ca4acd2f0sf3494. [func] DNS RRL: Blunt the impact of DNS reflection and
251430bcaff1fa6a77953bfe56475eb6cc7abc78sf amplification attacks by rate-limiting substantially-
251430bcaff1fa6a77953bfe56475eb6cc7abc78sf identical responses. [RT #28130]
251430bcaff1fa6a77953bfe56475eb6cc7abc78sf
7b467aa53854c95318a1c709709c1619a4f47118minfrin3493. [contrib] Added BDBHPT dynamically-loadable DLZ module,
7b467aa53854c95318a1c709709c1619a4f47118minfrin contributed by Mark Goldfinch. [RT #32549]
7b467aa53854c95318a1c709709c1619a4f47118minfrin
7b467aa53854c95318a1c709709c1619a4f47118minfrin3492. [bug] Fixed a regression in zone loading performance
7ba7402d405dc9e3c1083e34049ed933472ca910poirier due to lock contention. [RT #30399]
7ba7402d405dc9e3c1083e34049ed933472ca910poirier
7ba7402d405dc9e3c1083e34049ed933472ca910poirier3491. [bug] Slave zones using inline-signing must specify a
7ba7402d405dc9e3c1083e34049ed933472ca910poirier file name. [RT #31946]
7ba7402d405dc9e3c1083e34049ed933472ca910poirier
4286d2e267e788d856092bf2ccf461e7ca99570frpluem3490. [bug] When logging RDATA during update, truncate if it's
4286d2e267e788d856092bf2ccf461e7ca99570frpluem too long. [RT #32365]
4286d2e267e788d856092bf2ccf461e7ca99570frpluem
4286d2e267e788d856092bf2ccf461e7ca99570frpluem3489. [bug] --enable-developer now turns on ISC_LIST_CHECKINIT.
43563ad04e4bae7b42f7a34a87b7c60dc69c0c3fpoirier dns_dlzcreate() failed to properly initialize
5357892a1e367372dc2d4a315156e3e44dc5d56dpoirier dlzdb.link. When cloning a rdataset do not copy
5357892a1e367372dc2d4a315156e3e44dc5d56dpoirier the link contents. [RT #32651]
b42af5f6edf4fe4b820288c37920a7a6fd65f1f1poirier
b42af5f6edf4fe4b820288c37920a7a6fd65f1f1poirier3488. [bug] Use after free error with DH generated keys. [RT #32649]
b42af5f6edf4fe4b820288c37920a7a6fd65f1f1poirier
49cea03e96dc4707bce15d6318eb013cb8668d96minfrin3487. [bug] Change 3444 was not complete. There was a additional
49cea03e96dc4707bce15d6318eb013cb8668d96minfrin place where the NOQNAME proof needed to be saved.
49cea03e96dc4707bce15d6318eb013cb8668d96minfrin [RT #32629]
49cea03e96dc4707bce15d6318eb013cb8668d96minfrin
847b3922f7dcde6830f4aad49d29c84b4569c260minfrin3486. [bug] named could crash when using TKEY-negotiated keys
63eaa8ed62d63de0a44346b8af48e08e562db01eminfrin that had been deleted and then recreated. [RT #32506]
63eaa8ed62d63de0a44346b8af48e08e562db01eminfrin
847b3922f7dcde6830f4aad49d29c84b4569c260minfrin3485. [cleanup] Only compile openssl_gostlink.c if we support GOST.
1af2b28846e2647963db788b081676884fb7df8crpluem
1af2b28846e2647963db788b081676884fb7df8crpluem3484. [bug] Some statistics were incorrectly rendered in XML.
1af2b28846e2647963db788b081676884fb7df8crpluem [RT #32587]
845258fbf5102b8b09fe9b7f4cb4ea4c089344c3poirier
845258fbf5102b8b09fe9b7f4cb4ea4c089344c3poirier3483. [placeholder]
845258fbf5102b8b09fe9b7f4cb4ea4c089344c3poirier
5d36cddfe00d5c6ad18845fcc04e6f7662050fafminfrin3482. [func] dig +nssearch now prints name servers that don't
5d36cddfe00d5c6ad18845fcc04e6f7662050fafminfrin have address records (missing AAAA or A, or the name
5d36cddfe00d5c6ad18845fcc04e6f7662050fafminfrin doesn't exist). [RT #29348]
20aa41f86a5b451529d26d9b901eea69989e5c0aminfrin
20aa41f86a5b451529d26d9b901eea69989e5c0aminfrin3481. [cleanup] Removed use of const const in atf.
20aa41f86a5b451529d26d9b901eea69989e5c0aminfrin
8c92aeeb75b1b393f61a3e01c495484737a0ff8cminfrin3480. [bug] Silence logging noise when setting up zone
8c92aeeb75b1b393f61a3e01c495484737a0ff8cminfrin statistics. [RT #32525]
8c92aeeb75b1b393f61a3e01c495484737a0ff8cminfrin
1018201f5223624476334c6e23aead02db7c4040minfrin3479. [bug] Address potential memory leaks in gssapi support
1018201f5223624476334c6e23aead02db7c4040minfrin code. [RT #32405]
e5db2522dbe503cbf5399094b6239c88c246a8c5poirier
e5db2522dbe503cbf5399094b6239c88c246a8c5poirier3478. [port] Fix a build failure in strict C99 environments
e5db2522dbe503cbf5399094b6239c88c246a8c5poirier [RT #32475]
e5db2522dbe503cbf5399094b6239c88c246a8c5poirier
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin3477. [func] Expand logging when adding records via DDNS update
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin [RT #32365]
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin3476. [bug] "rndc zonestatus" could report a spurious "not
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin found" error on inline-signing zones. [RT #29226]
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin
59cb8d601b8c44476e59310f68b9c373d8fc62a6minfrin3475. [cleanup] Changed name of 'map' zone file format (previously
59cb8d601b8c44476e59310f68b9c373d8fc62a6minfrin 'fast'). [RT #32458]
59cb8d601b8c44476e59310f68b9c373d8fc62a6minfrin
59cb8d601b8c44476e59310f68b9c373d8fc62a6minfrin3474. [bug] nsupdate could assert when the local and remote
ec8b1faa56744b338f6d6421144b56c2bb3faae6poirier address families didn't match. [RT #22897]
ec8b1faa56744b338f6d6421144b56c2bb3faae6poirier
10abdcbd7b30d957d15c61ea8100ba97a627ac95minfrin3473. [bug] dnssec-signzone/verify could incorrectly report
10abdcbd7b30d957d15c61ea8100ba97a627ac95minfrin an error condition due to an empty node above an
87e0bf269cc3386ee8e6ab561ff00770151f4f53niq opt-out delegation lacking an NSEC3. [RT #32072]
87e0bf269cc3386ee8e6ab561ff00770151f4f53niq
87e0bf269cc3386ee8e6ab561ff00770151f4f53niq3472. [bug] The active-connections counter in the socket
3c67b7956d44501360506a9f13a5011be73b30ecminfrin statistics could underflow. [RT #31747]
3c67b7956d44501360506a9f13a5011be73b30ecminfrin
3c67b7956d44501360506a9f13a5011be73b30ecminfrin3471. [bug] The number of UDP dispatches now defaults to
3c67b7956d44501360506a9f13a5011be73b30ecminfrin the number of CPUs even if -n has been set to
97d20d37d21b8d427a920e211858172f0a82427epoirier a higher value. [RT #30964]
97d20d37d21b8d427a920e211858172f0a82427epoirier
97d20d37d21b8d427a920e211858172f0a82427epoirier3470. [bug] Slave zones could fail to dump when successfully
8e04e8ec7d682bff5e6dccdd70c082971a88cb8bniq refreshing after an initial failure. [RT #31276]
8e04e8ec7d682bff5e6dccdd70c082971a88cb8bniq
8e04e8ec7d682bff5e6dccdd70c082971a88cb8bniq3469. [bug] Handle DLZ lookup failures more gracefully. Improve
53c999a82fcca729dabc8a512b3fb996d61fd814niq backward compatibility between versions of DLZ dlopen
53c999a82fcca729dabc8a512b3fb996d61fd814niq API. [RT #32275]
53c999a82fcca729dabc8a512b3fb996d61fd814niq
53c999a82fcca729dabc8a512b3fb996d61fd814niq3468. [security] RPZ rules to generate A records (but not AAAA records)
25d0f8adcab13255494a3572edff1a25f6fbeea3rpluem could trigger an assertion failure when used in
25d0f8adcab13255494a3572edff1a25f6fbeea3rpluem conjunction with DNS64 (CVE-2012-5689). [RT #32141]
25d0f8adcab13255494a3572edff1a25f6fbeea3rpluem
25d0f8adcab13255494a3572edff1a25f6fbeea3rpluem3467. [bug] Added checks in dnssec-keygen and dnssec-settime
dd9ae259e1578c4388739c880ede97c55cec543frpluem to check for delete date < inactive date. [RT #31719]
dd9ae259e1578c4388739c880ede97c55cec543frpluem
dd9ae259e1578c4388739c880ede97c55cec543frpluem3466. [contrib] Corrected the DNS_CLIENTINFOMETHODS_VERSION check
0938450cadc9a083d112a86bc7dd7ae34f791364trawick in DLZ example driver. [RT #32275]
0938450cadc9a083d112a86bc7dd7ae34f791364trawick
0938450cadc9a083d112a86bc7dd7ae34f791364trawick3465. [bug] Handle isolated reserved ports. [RT #31778]
8bed7ee6d97933b958e97e222f37154d83e384e5jorton
8bed7ee6d97933b958e97e222f37154d83e384e5jorton3464. [maint] Updates to PKCS#11 openssl patches, supporting
8bed7ee6d97933b958e97e222f37154d83e384e5jorton versions 0.9.8x, 1.0.0j, 1.0.1c [RT #29749]
8bed7ee6d97933b958e97e222f37154d83e384e5jorton
8bed7ee6d97933b958e97e222f37154d83e384e5jorton3463. [doc] Clarify managed-keys syntax in ARM. [RT #32232]
d33ddda47790d3295f4218f87e3a296cf51a9becmjc
c7d46b58052fe666c74a47bd26b6cb1e351492adrpluem3462. [doc] Clarify server selection behavior of dig when using
4e08c8c1a91e2887b41d8cacd3aa532355d0237drpluem -4 or -6 options. [RT #32181]
7a25b029b69f169bd22718165dff3b271114f92eniq
43d051c8401a1f3b4f7853cd897d3565ab814ea7poirier3461. [bug] Negative responses could incorrectly have AD=1
43d051c8401a1f3b4f7853cd897d3565ab814ea7poirier set. [RT #32237]
43d051c8401a1f3b4f7853cd897d3565ab814ea7poirier
2f34374f6e04b9094a1d13a5ed823f331ba841a3rpluem3460. [bug] Only link against readline where needed. [RT #29810]
2f34374f6e04b9094a1d13a5ed823f331ba841a3rpluem
2f34374f6e04b9094a1d13a5ed823f331ba841a3rpluem3459. [func] Added -J option to named-checkzone/named-compilezone
7a25b029b69f169bd22718165dff3b271114f92eniq to specify the path to the journal file. [RT #30958]
7a25b029b69f169bd22718165dff3b271114f92eniq
7a25b029b69f169bd22718165dff3b271114f92eniq3458. [bug] Return FORMERR when presented with a overly long
2f34374f6e04b9094a1d13a5ed823f331ba841a3rpluem domain named in a request. [RT #29682]
3e6a46d2fecf446daf0e280a49fa5565f5f635eajorton
3e6a46d2fecf446daf0e280a49fa5565f5f635eajorton3457. [protocol] Add ILNP records (NID, LP, L32, L64). [RT #31836]
3e6a46d2fecf446daf0e280a49fa5565f5f635eajorton
137e484e5f984ceff1102e1212dda8ac0413231aniq3456. [port] g++47: ATF failed to compile. [RT #32012]
0df8f79d2324b131c36955d7e474a735a762f9eeniq
0df8f79d2324b131c36955d7e474a735a762f9eeniq3455. [contrib] queryperf: fix getopt option list. [RT #32338]
0df8f79d2324b131c36955d7e474a735a762f9eeniq
30e3e760b737f13ce800fa02c5930ade7659ba66niq3454. [port] sparc64: improve atomic support. [RT #25182]
30e3e760b737f13ce800fa02c5930ade7659ba66niq
30e3e760b737f13ce800fa02c5930ade7659ba66niq3453. [bug] 'rndc addzone' of a zone with 'inline-signing yes;'
80370e62044bea458bcd0545c59cb864ed117b04niq failed. [RT #31960]
e991c6fc032c59eb6cb751d9d382e933a53a2866niq
e991c6fc032c59eb6cb751d9d382e933a53a2866niq3452. [bug] Accept duplicate singleton records. [RT #32329]
e991c6fc032c59eb6cb751d9d382e933a53a2866niq
9a00e2d46c44c111d6952e553a2f1a61b7594eb3rpluem3451. [port] Increase per thread stack size from 64K to 1M.
9a00e2d46c44c111d6952e553a2f1a61b7594eb3rpluem [RT #32230]
9a00e2d46c44c111d6952e553a2f1a61b7594eb3rpluem
33d9be77cc6f5fc8734e9c1f526b82d359955152rpluem3450. [bug] Stop logfileconfig system test spam system logs.
9a00e2d46c44c111d6952e553a2f1a61b7594eb3rpluem [RT #32315]
33d9be77cc6f5fc8734e9c1f526b82d359955152rpluem
da128c59ec571c4dff70f41ecba9c8a9974c6cd6niq3449. [bug] gen.c: use the pre-processor to construct format
172e83c0f024fe6396dd1f3ca3492fd83c304db5jim strings so that compiler can perform sanity checks;
da128c59ec571c4dff70f41ecba9c8a9974c6cd6niq check the snprintf results. [RT #17576]
45932a847f237b4d8f0667b138bd3f8a15fb53ffniq
45932a847f237b4d8f0667b138bd3f8a15fb53ffniq3448. [bug] The allow-query-on ACL was not processed correctly.
45932a847f237b4d8f0667b138bd3f8a15fb53ffniq [RT #29486]
186e9d990f453d16826ab87a87df7b87e6e05921rpluem
186e9d990f453d16826ab87a87df7b87e6e05921rpluem3447. [port] Add support for libxml2-2.9.x [RT #32231]
186e9d990f453d16826ab87a87df7b87e6e05921rpluem
186e9d990f453d16826ab87a87df7b87e6e05921rpluem3446. [port] win32: Add source ID (see change #3400) to build.
6861702c2d883e5c0744d5f7528d2060671ad24dtakashi [RT #31683]
6861702c2d883e5c0744d5f7528d2060671ad24dtakashi
6861702c2d883e5c0744d5f7528d2060671ad24dtakashi3445. [bug] Warn about zone files with blank owner names
6861702c2d883e5c0744d5f7528d2060671ad24dtakashi immediately after $ORIGIN directives. [RT #31848]
6861702c2d883e5c0744d5f7528d2060671ad24dtakashi
f1f779c42f76118102fdecbe8777b47a1fc693a7rjung3444. [bug] The NOQNAME proof was not being returned from cached
f1f779c42f76118102fdecbe8777b47a1fc693a7rjung insecure responses. [RT #21409]
f1f779c42f76118102fdecbe8777b47a1fc693a7rjung
292cb7b720095e7bb434d79ae53b02d332aeb99acovener3443. [bug] ddns-confgen: Some TSIG algorithms were incorrectly
292cb7b720095e7bb434d79ae53b02d332aeb99acovener rejected when generating keys. [RT #31927]
292cb7b720095e7bb434d79ae53b02d332aeb99acovener
292cb7b720095e7bb434d79ae53b02d332aeb99acovener3442. [port] Net::DNS 0.69 introduced a non backwards compatible
137e484e5f984ceff1102e1212dda8ac0413231aniq change. [RT #32216]
137e484e5f984ceff1102e1212dda8ac0413231aniq
137e484e5f984ceff1102e1212dda8ac0413231aniq3441. [maint] D.ROOT-SERVERS.NET is now 199.7.91.13.
137e484e5f984ceff1102e1212dda8ac0413231aniq
137e484e5f984ceff1102e1212dda8ac0413231aniq3440. [bug] Reorder get_key_struct to not trigger a assertion when
137e484e5f984ceff1102e1212dda8ac0413231aniq cleaning up due to out of memory error. [RT #32131]
4e08c8c1a91e2887b41d8cacd3aa532355d0237drpluem
d0cd62f11bcd8fa9bf758c5125f55cea5d9038dfrpluem3439. [placeholder]
d0cd62f11bcd8fa9bf758c5125f55cea5d9038dfrpluem
d0cd62f11bcd8fa9bf758c5125f55cea5d9038dfrpluem3438. [bug] Don't accept unknown data escape in quotes. [RT #32031]
51d55be8bbc6652c13bc80d920f4331f7152dceerjung
51d55be8bbc6652c13bc80d920f4331f7152dceerjung3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialize
51d55be8bbc6652c13bc80d920f4331f7152dceerjung buffers with constant data. [RT #32064]
0af58edfee6112cc3399e0e693340e525b96ab1ctrawick
0af58edfee6112cc3399e0e693340e525b96ab1ctrawick3436. [bug] Check malloc/calloc return values. [RT #32088]
0af58edfee6112cc3399e0e693340e525b96ab1ctrawick
0af58edfee6112cc3399e0e693340e525b96ab1ctrawick3435. [bug] Cross compilation support in configure was broken.
27c7a7cad9e83eeebad0a4d5a321144394adc3f9trawick [RT #32078]
27c7a7cad9e83eeebad0a4d5a321144394adc3f9trawick
27c7a7cad9e83eeebad0a4d5a321144394adc3f9trawick3434. [bug] Pass client info to the DLZ findzone() entry
8f2700898323915da289644dc1f3ee11a5e5b4earpluem point in addition to lookup(). This makes it
8f2700898323915da289644dc1f3ee11a5e5b4earpluem possible for a database to answer differently
8f2700898323915da289644dc1f3ee11a5e5b4earpluem whether it's authoritative for a name depending
8f2700898323915da289644dc1f3ee11a5e5b4earpluem on the address of the client. [RT #31775]
e7983ce746b0df56a1b74b42da6d82f5ecb99349covener
e7983ce746b0df56a1b74b42da6d82f5ecb99349covener3433. [bug] dlz_findzone() did not correctly handle
e7983ce746b0df56a1b74b42da6d82f5ecb99349covener ISC_R_NOMORE. [RT #31172]
e7983ce746b0df56a1b74b42da6d82f5ecb99349covener
77e28c16c8109d76c3b45717fa66ee74415db042rjung3432. [func] Multiple DLZ databases can now be configured.
bbcfb8ab8e22f90fdf346e9993bd58ba2203b182trawick DLZ databases are searched in the order configured,
bbcfb8ab8e22f90fdf346e9993bd58ba2203b182trawick unless set to "search no", in which case a
d1745d6933c22c807cf2388332426defd1b19f03covener zone can be configured to be retrieved from a
d1745d6933c22c807cf2388332426defd1b19f03covener particular DLZ database by using a "dlz <name>"
d1745d6933c22c807cf2388332426defd1b19f03covener option in the zone statement. DLZ databases can
d1745d6933c22c807cf2388332426defd1b19f03covener support type "master" and "redirect" zones.
b20f76a400e77d3631f3507ff22d68ae6bd25323trawick [RT #27597]
222834d5a33b915037094af014905f3683cae78btrawick
222834d5a33b915037094af014905f3683cae78btrawick3431. [bug] ddns-confgen: Some valid key algorithms were
2db5d76ac4c75aadecf38e20569bccbfd2360ba7rpluem not accepted. [RT #31927]
2db5d76ac4c75aadecf38e20569bccbfd2360ba7rpluem
2db5d76ac4c75aadecf38e20569bccbfd2360ba7rpluem3430. [bug] win32: isc_time_formatISO8601 was missing the
df46ff21c57d00f6addccaaf9b1484f2b56b8577pquerna 'T' between the date and time. [RT #32044]
7f4ac5a4cd99a9cae866b5908e358bd932736307chrisd
1c03114a0f0315ed19a05f654021da9f66005897rjung3429. [bug] dns_zone_getserial2 could a return success without
1c03114a0f0315ed19a05f654021da9f66005897rjung returning a valid serial. [RT #32007]
89691c9bd17f5f53fa0aa8d3fe2e1faee5a5d984rpluem
89691c9bd17f5f53fa0aa8d3fe2e1faee5a5d984rpluem3428. [cleanup] dig: Add timezone to date output. [RT #2269]
89691c9bd17f5f53fa0aa8d3fe2e1faee5a5d984rpluem
89691c9bd17f5f53fa0aa8d3fe2e1faee5a5d984rpluem3427. [bug] dig +trace incorrectly displayed name server
3e9c0665b06e44cf776528c6954ed3ca34a77c7fsctemme addresses instead of names. [RT #31641]
51a475d92e7d68ee6d7b57aa7fd6e73b2712ce31sctemme
3e9c0665b06e44cf776528c6954ed3ca34a77c7fsctemme3426. [bug] dnssec-checkds: Clearer output when records are not
019f2b58acb34e31ea3a062bdb5e6c863cd82d66trawick found. [RT #31968]
873c287c391b0bbc4719b68bb84946515811e1batrawick
6707208ba4e9a5841ca1ab830830fd286ea5b7c5trawick3425. [bug] "acacheentry" reference counting was broken resulting
6707208ba4e9a5841ca1ab830830fd286ea5b7c5trawick in use after free. [RT #31908]
873c287c391b0bbc4719b68bb84946515811e1batrawick
832853bb93c1831daf24e4727c5ca0e1b1786e83lars3424. [func] dnssec-dsfromkey now emits the hash without spaces.
832853bb93c1831daf24e4727c5ca0e1b1786e83lars [RT #31951]
832853bb93c1831daf24e4727c5ca0e1b1786e83lars
d2696ac6757b3d8bdaa27634a141ac8c8a045e08fielding3423. [bug] "rndc signing -nsec3param" didn't accept the full
d2696ac6757b3d8bdaa27634a141ac8c8a045e08fielding range of possible values. Address portability issues.
d2696ac6757b3d8bdaa27634a141ac8c8a045e08fielding [RT #31938]
d2696ac6757b3d8bdaa27634a141ac8c8a045e08fielding
1782dcd420de504978945e6b812523eeae6d56a2lars3422. [bug] Added a clear error message for when the SOA does not
1782dcd420de504978945e6b812523eeae6d56a2lars match the referral. [RT #31281]
d2696ac6757b3d8bdaa27634a141ac8c8a045e08fielding
1782dcd420de504978945e6b812523eeae6d56a2lars3421. [bug] Named loops when re-signing if all keys are offline.
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem [RT #31916]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem
59dc8d935dbf862712683bbc9e267bd08ced0b14fielding3420. [bug] Address VPATH compilation issues. [RT #31879]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3419. [bug] Memory leak on validation cancel. [RT #31869]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3418. [func] New XML schema (version 3.0) for the statistics channel
cf8d02ea0c91653917b044529f3133c5a1bb9200fielding adds query type statistics at the zone level, and
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem flattens the XML tree and uses compressed format to
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem optimize parsing. Includes new XSL that permits
17ac330ebaa71b24cb77580411a231ee45996e03pquerna charting via the Google Charts API on browsers that
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem support javascript in XSL. The old XML schema has been
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem deprecated. [RT #30023]
9f38f3ec3e8087985d108a24ae796962fef83644takashi
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3417. [placeholder]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem
d4ee4552489641d35d1195bbbd6021351c4b79aarjung3416. [bug] Named could die on shutdown if running with 128 UDP
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem dispatches per interface. [RT #31743]
9e152751ed380f87c5ecae4fb0221c956e5fbd24rjung
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3415. [bug] named could die with a REQUIRE failure if a validation
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem was canceled. [RT #31804]
abb99af8aa7da2cb4c324133a4e10bd7a50f875erpluem
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3414. [bug] Address locking issues found by Coverity. [RT #31626]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3413. [func] Record the number of DNS64 AAAA RRsets that have been
382d14411b582d97075a836190d74c778977505fcovener synthesized. [RT #27636]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3412. [bug] Copy timeval structure from control message data.
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem [RT #31548]
06e6657fd0f376a16db696876f9bff5927cc3cb0trawick
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3411. [tuning] Use IPV6_USE_MIN_MTU or equivalent with TCP in addition
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem to UDP. [RT #31690]
0e9dae659943679108357054e9aa7657cdc52dc4minfrin
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3410. [bug] Addressed Coverity warnings. [RT #31626]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3409. [contrib] contrib/dane/mkdane.sh: Tool to generate TLSA RR's
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem from X.509 certificates, for use with DANE
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem (DNS-based Authentication of Named Entities).
d03aa31ada476d8eb97feaec2b1099809e7f3d57niq [RT #30513]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3408. [bug] Some DNSSEC-related options (update-check-ksk,
a7757dd38bb2a1afc93e241b7ea67b3de85ecc8bminfrin dnssec-loadkeys-interval, dnssec-dnskey-kskonly)
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem are now legal in slave zones as long as
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem inline-signing is in use. [RT #31078]
df46ff21c57d00f6addccaaf9b1484f2b56b8577pquerna
df46ff21c57d00f6addccaaf9b1484f2b56b8577pquerna3407. [placeholder]
df46ff21c57d00f6addccaaf9b1484f2b56b8577pquerna
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3406. [bug] mem.c: Fix compilation errors when building with
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem ISC_MEM_TRACKLINES or ISC_MEMPOOL_NAMES disabled.
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem Also, ISC_MEM_DEBUG is no longer optional. [RT #31559]
a5cce34e21a5b472f3806b4526043887bcb7e9eajim
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3405. [bug] Handle time going backwards in acache. [RT #31253]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem
8c3667cd1d0db08647793137c0d1aa7f6526bebfniq3404. [bug] dnssec-signzone: When re-signing a zone, remove
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem RRSIG and NSEC records from nodes that used to be
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem in-zone but are now below a zone cut. [RT #31556]
8c3667cd1d0db08647793137c0d1aa7f6526bebfniq
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3403. [bug] Silence noisy OpenSSL logging. [RT #31497]
6824182b3b8e045db97a228d3127bdfcbdfeb0bcniq
6824182b3b8e045db97a228d3127bdfcbdfeb0bcniq3402. [test] The IPv6 interface numbers used for system
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem tests were incorrect on some platforms. [RT #25085]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3401. [bug] Addressed Coverity warnings. [RT #31484]
0c26d213d85bc40fc05963c63bf670b42b352d25niq
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3400. [cleanup] "named -V" can now report a source ID string, defined
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem in the "srcid" file in the build tree and normally set
92357fb76d3ad043e29ba2ba2041a7bdb8d13390niq to the most recent git hash. [RT #31494]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem
9f07b6dc343a4e3eba5f4c47050a77441723ce89nd3399. [port] netbsd: rename 'bool' parameter to avoid namespace
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem clash. [RT #31515]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3398. [bug] SOA parameters were not being updated with inline
f7cec4a86292b160401472286a17497ae0d4df18covener signed zones if the zone was modified while the
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem server was offline. [RT #29272]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem3397. [bug] dig crashed when using +nssearch with +tcp. [RT #25298]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem
1464434c2c104e0ba224644c42552330f5158537covener3396. [bug] OPT records were incorrectly removed from signed,
8d574b3ac4185e4f71c8b9aae76e7122a78201c4rpluem truncated responses. [RT #31439]
8d574b3ac4185e4f71c8b9aae76e7122a78201c4rpluem
8d574b3ac4185e4f71c8b9aae76e7122a78201c4rpluem3395. [protocol] Add RFC 6598 reverse zones to built in empty zones
7f4ac5a4cd99a9cae866b5908e358bd932736307chrisd list, 64.100.IN-ADDR.ARPA ... 127.100.IN-ADDR.ARPA.
92357fb76d3ad043e29ba2ba2041a7bdb8d13390niq [RT #31336]
8d574b3ac4185e4f71c8b9aae76e7122a78201c4rpluem
509111f5f58a9effd4c832f6a0cbd6ad9d549188jorton3394. [bug] Adjust 'successfully validated after lower casing
509111f5f58a9effd4c832f6a0cbd6ad9d549188jorton signer' log level and category. [RT #31414]
509111f5f58a9effd4c832f6a0cbd6ad9d549188jorton
0e2a2eae9b72ac099aa25d7419e55af13b004be9minfrin3393. [bug] 'host -C' could core dump if REFUSED was received.
235b900b78cf6849f8344e377a91ded37d9cc9depquerna [RT #31381]
235b900b78cf6849f8344e377a91ded37d9cc9depquerna
235b900b78cf6849f8344e377a91ded37d9cc9depquerna3392. [func] Keep statistics on REFUSED responses. [RT #31412]
66b8ec445dced7a2036bcd3b87b6fc3f08a1ab24jorton
66b8ec445dced7a2036bcd3b87b6fc3f08a1ab24jorton3391. [bug] A DNSKEY lookup that encountered a CNAME failed.
66b8ec445dced7a2036bcd3b87b6fc3f08a1ab24jorton [RT #31262]
66b8ec445dced7a2036bcd3b87b6fc3f08a1ab24jorton
0e2a2eae9b72ac099aa25d7419e55af13b004be9minfrin3390. [bug] Silence clang compiler warnings. [RT #30417]
0e2a2eae9b72ac099aa25d7419e55af13b004be9minfrin
0e2a2eae9b72ac099aa25d7419e55af13b004be9minfrin3389. [bug] Always return NOERROR (not 0) in TSIG. [RT #31275]
0e2a2eae9b72ac099aa25d7419e55af13b004be9minfrin
0e2a2eae9b72ac099aa25d7419e55af13b004be9minfrin3388. [bug] Fixed several Coverity warnings.
8d574b3ac4185e4f71c8b9aae76e7122a78201c4rpluem Note: This change includes a fix for a bug that
6f33babce8f8bc723f0b2c755aef049cd509504fpquerna was subsequently determined to be an exploitable
6f33babce8f8bc723f0b2c755aef049cd509504fpquerna security vulnerability, CVE-2012-5688: named could
0a12339f39799193ac6866fce812a1deb8f4a1abpquerna die on specific queries with dns64 enabled.
0a12339f39799193ac6866fce812a1deb8f4a1abpquerna [RT #30996]
0a12339f39799193ac6866fce812a1deb8f4a1abpquerna
3fb118bc4e1a634f71c1fa509819ceac36c79dcbpquerna3387. [func] DS digest can be disabled at runtime with
3fb118bc4e1a634f71c1fa509819ceac36c79dcbpquerna disable-ds-digests. [RT #21581]
3fb118bc4e1a634f71c1fa509819ceac36c79dcbpquerna
fb59af4ce3fcdd314b848359faeddf1e51bb24c5jim3386. [bug] Address locking violation when generating new NSEC /
fb59af4ce3fcdd314b848359faeddf1e51bb24c5jim NSEC3 chains. [RT #31224]
fb59af4ce3fcdd314b848359faeddf1e51bb24c5jim
fb59af4ce3fcdd314b848359faeddf1e51bb24c5jim3385. [bug] named-checkconf didn't detect missing master lists
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna in also-notify clauses. [RT #30810]
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna3384. [bug] Improved logging of crypto errors. [RT #30963]
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna3383. [security] A certain combination of records in the RBT could
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna cause named to hang while populating the additional
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna section of a response. [RT #31090]
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna3382. [bug] SOA query from slave used use-v6-udp-ports range,
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna if set, regardless of the address family in use.
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna [RT #24173]
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna
3ec1e3a35106ec4c8bcf8fae6a20cb623aed0b62pquerna3381. [contrib] Update queryperf to support more RR types.
3ec1e3a35106ec4c8bcf8fae6a20cb623aed0b62pquerna [RT #30762]
3ec1e3a35106ec4c8bcf8fae6a20cb623aed0b62pquerna
97f7daaffd9b6c1031302d7e551d5279fa0d0d72pquerna3380. [bug] named could die if a nonexistent master list was
97f7daaffd9b6c1031302d7e551d5279fa0d0d72pquerna referenced in a also-notify. [RT #31004]
97f7daaffd9b6c1031302d7e551d5279fa0d0d72pquerna
847db8b2f0188cd9c840acbe4fea77a32748b2edpquerna3379. [bug] isc_interval_zero and isc_time_epoch should be
97f7daaffd9b6c1031302d7e551d5279fa0d0d72pquerna "const (type)* const". [RT #31069]
97f7daaffd9b6c1031302d7e551d5279fa0d0d72pquerna
99c8705f69fae71940ad9b091bd2f588a7b9f484minfrin3378. [bug] Handle missing 'managed-keys-directory' better.
99c8705f69fae71940ad9b091bd2f588a7b9f484minfrin [RT #30625]
99c8705f69fae71940ad9b091bd2f588a7b9f484minfrin
99c8705f69fae71940ad9b091bd2f588a7b9f484minfrin3377. [bug] Removed spurious newline from NSEC3 multiline
9376e7dc573bb2721491c79b92f9c06fdfacebe6minfrin output. [RT #31044]
9376e7dc573bb2721491c79b92f9c06fdfacebe6minfrin
9376e7dc573bb2721491c79b92f9c06fdfacebe6minfrin3376. [bug] Lack of EDNS support was being recorded without a
9376e7dc573bb2721491c79b92f9c06fdfacebe6minfrin successful response. [RT #30811]
edaefb8bf78debc86ef7de441c7983d8b05517e1minfrin
edaefb8bf78debc86ef7de441c7983d8b05517e1minfrin3375. [bug] 'rndc dumpdb' failed on empty caches. [RT #30808]
edaefb8bf78debc86ef7de441c7983d8b05517e1minfrin
edaefb8bf78debc86ef7de441c7983d8b05517e1minfrin3374. [bug] isc_parse_uint32 failed to return a range error on
edaefb8bf78debc86ef7de441c7983d8b05517e1minfrin systems with 64 bit longs. [RT #30232]
b5cbd7bc65a5c0eda246b0cd32e7d9ed124d66c4niq
b5cbd7bc65a5c0eda246b0cd32e7d9ed124d66c4niq3373. [bug] win32: open raw files in binary mode. [RT #30944]
b5cbd7bc65a5c0eda246b0cd32e7d9ed124d66c4niq
b5cbd7bc65a5c0eda246b0cd32e7d9ed124d66c4niq3372. [bug] Silence spurious "deleted from unreachable cache"
2ac474e42b9281e247e7082e30c50c5bef1f2cc3rjung messages. [RT #30501]
2ac474e42b9281e247e7082e30c50c5bef1f2cc3rjung
6ad55f63504cf5fe5205ed9495664519afeadcd9chrisd3371. [bug] AD=1 should behave like DO=1 when deciding whether to
6ad55f63504cf5fe5205ed9495664519afeadcd9chrisd add NS RRsets to the additional section or not.
6ad55f63504cf5fe5205ed9495664519afeadcd9chrisd [RT #30479]
809ec9d7cc8bc12d7dc6fafba24f3acad3e49d81chrisd
809ec9d7cc8bc12d7dc6fafba24f3acad3e49d81chrisd3370. [bug] Address use after free while shutting down. [RT #30241]
809ec9d7cc8bc12d7dc6fafba24f3acad3e49d81chrisd
809ec9d7cc8bc12d7dc6fafba24f3acad3e49d81chrisd3369. [bug] nsupdate terminated unexpectedly in interactive mode
809ec9d7cc8bc12d7dc6fafba24f3acad3e49d81chrisd if built with readline support. [RT #29550]
f436f5cf34615c3c7d49dd229560ba658033f9eachrisd
f436f5cf34615c3c7d49dd229560ba658033f9eachrisd3368. [bug] <dns/iptable.h>, <dns/private.h> and <dns/zone.h>
f436f5cf34615c3c7d49dd229560ba658033f9eachrisd were not C++ safe.
ce6098001014d149e90e56ab0e89c1b4aab30136chrisd
ce6098001014d149e90e56ab0e89c1b4aab30136chrisd3367. [bug] dns_dnsseckey_create() result was not being checked.
ce6098001014d149e90e56ab0e89c1b4aab30136chrisd [RT #30685]
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd3366. [bug] Fixed Read-After-Write dependency violation for IA64
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd atomic operations. [RT #25181]
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd
38b062650152074931a68e933461762c5e233cfcniq3365. [bug] Removed spurious newlines from log messages in
38b062650152074931a68e933461762c5e233cfcniq zone.c [RT #30675]
38b062650152074931a68e933461762c5e233cfcniq
d1c1b82647a997922859ec76b82e62a956078dbccovener3364. [security] Named could die on specially crafted record.
63de18ba5e922ffaab500317d7d1d0ad6b27b7e2covener [RT #30416]
63de18ba5e922ffaab500317d7d1d0ad6b27b7e2covener
91ef999a69527d2a64983681c92aaef9270697b4rpluem3363. [bug] Need to allow "forward" and "fowarders" options
91ef999a69527d2a64983681c92aaef9270697b4rpluem in static-stub zones; this had been overlooked.
91ef999a69527d2a64983681c92aaef9270697b4rpluem [RT #30482]
e82c197ca8872669af89367746826fe6b9955bb3niq
e82c197ca8872669af89367746826fe6b9955bb3niq3362. [bug] Setting some option values to 0 in named.conf
e82c197ca8872669af89367746826fe6b9955bb3niq could trigger an assertion failure on startup.
baef4b5261d84ad9bacb2f4e745b33f35534c25aniq [RT #27730]
baef4b5261d84ad9bacb2f4e745b33f35534c25aniq
baef4b5261d84ad9bacb2f4e745b33f35534c25aniq3361. [bug] "rndc signing -nsec3param" didn't work correctly
baef4b5261d84ad9bacb2f4e745b33f35534c25aniq when salt was set to '-' (no salt). [RT #30099]
742ec45ed2ac00ab03080e898332352220cc1f13niq
9a06b6b4e83c29429c3a23d34acc41920af2024drjung3360. [bug] 'host -w' could die. [RT #18723]
a5e068c4aa3d0084a41e178c7c0c1b1ae2f28125jim
742ec45ed2ac00ab03080e898332352220cc1f13niq3359. [bug] An improperly-formed TSIG secret could cause a
f82568a780e35e8786958c49a1259434e2088b9cniq memory leak. [RT #30607]
f82568a780e35e8786958c49a1259434e2088b9cniq
f82568a780e35e8786958c49a1259434e2088b9cniq3358. [placeholder]
56b7c92bac48127bda06d80bf94952258f7e0bd3minfrin
56b7c92bac48127bda06d80bf94952258f7e0bd3minfrin3357. [port] Add support for libxml2-2.8.x [RT #30440]
56b7c92bac48127bda06d80bf94952258f7e0bd3minfrin
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin3356. [bug] Cap the TTL of signed RRsets when RRSIGs are
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin approaching their expiry, so they don't remain
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin in caches after expiry. [RT #26429]
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin
6aa239b3d12f531ad9e305b1a81ad5fd671a3493minfrin3355. [port] Use more portable awk in verify system test.
6aa239b3d12f531ad9e305b1a81ad5fd671a3493minfrin
6aa239b3d12f531ad9e305b1a81ad5fd671a3493minfrin3354. [func] Improve OpenSSL error logging. [RT #29932]
6aa239b3d12f531ad9e305b1a81ad5fd671a3493minfrin
d05e6175473332a8433e4ac85edda0d5a33c94b5minfrin3353. [bug] Use a single task for task exclusive operations.
d05e6175473332a8433e4ac85edda0d5a33c94b5minfrin [RT #29872]
d05e6175473332a8433e4ac85edda0d5a33c94b5minfrin
d05e6175473332a8433e4ac85edda0d5a33c94b5minfrin3352. [bug] Ensure that learned server attributes timeout of the
13d29a334cfa69f2995b70a48aeacacc1ac7125frpluem adb cache. [RT #29856]
13d29a334cfa69f2995b70a48aeacacc1ac7125frpluem
6951fc02abfd7642e45333902c14855836717fadrpluem3351. [bug] isc_mem_put and isc_mem_putanddetach didn't report
db455cbc662c98dbbf53175393c50086ff63370cchrisd caller if either ISC_MEM_DEBUGSIZE or ISC_MEM_DEBUGCTX
db455cbc662c98dbbf53175393c50086ff63370cchrisd memory debugging flags are set. [RT #30243]
db455cbc662c98dbbf53175393c50086ff63370cchrisd
db455cbc662c98dbbf53175393c50086ff63370cchrisd3350. [bug] Memory read overrun in isc___mem_reallocate if
db455cbc662c98dbbf53175393c50086ff63370cchrisd ISC_MEM_DEBUGCTX memory debugging flag is set.
2e242dca7111f99d54dd144b7b8418d88d560032chrisd [RT #30240]
7cb45b833e465d46f6b61de983cc68112587d04bchrisd
2e242dca7111f99d54dd144b7b8418d88d560032chrisd3349. [bug] Change #3345 was incomplete. [RT #30233]
b6b1df87b7ce62620d48526a7ab630897cdaad90chrisd
b6b1df87b7ce62620d48526a7ab630897cdaad90chrisd3348. [bug] Prevent RRSIG data from being cached if a negative
b6b1df87b7ce62620d48526a7ab630897cdaad90chrisd record matching the covering type exists at a higher
b6b1df87b7ce62620d48526a7ab630897cdaad90chrisd trust level. Such data already can't be retrieved from
b6b1df87b7ce62620d48526a7ab630897cdaad90chrisd the cache since change 3218 -- this prevents it
4cf58054a85830c67dc23890ee613f62e1f7bdc8minfrin being inserted into the cache as well. [RT #26809]
4cf58054a85830c67dc23890ee613f62e1f7bdc8minfrin
4cf58054a85830c67dc23890ee613f62e1f7bdc8minfrin3347. [bug] dnssec-settime: Issue a warning when writing a new
4cf58054a85830c67dc23890ee613f62e1f7bdc8minfrin private key file would cause a change in the
4cf58054a85830c67dc23890ee613f62e1f7bdc8minfrin permissions of the existing file. [RT #27724]
4cf58054a85830c67dc23890ee613f62e1f7bdc8minfrin
caaa32f2d2e3b28063c745c2632d3979da7f8326minfrin3346. [security] Bad-cache data could be used before it was
caaa32f2d2e3b28063c745c2632d3979da7f8326minfrin initialized, causing an assert. [RT #30025]
caaa32f2d2e3b28063c745c2632d3979da7f8326minfrin
caaa32f2d2e3b28063c745c2632d3979da7f8326minfrin3345. [bug] Addressed race condition when removing the last item
66a8e1cc29cc4612cd938bc8fcabc0ef569e5769rpluem or inserting the first item in an ISC_QUEUE.
caaa32f2d2e3b28063c745c2632d3979da7f8326minfrin [RT #29539]
e02cb8f5090d904c054633ff33dfd1111e16e404minfrin
e02cb8f5090d904c054633ff33dfd1111e16e404minfrin3344. [func] New "dnssec-checkds" command checks a zone to
e02cb8f5090d904c054633ff33dfd1111e16e404minfrin determine which DS records should be published
66a8e1cc29cc4612cd938bc8fcabc0ef569e5769rpluem in the parent zone, or which DLV records should be
e02cb8f5090d904c054633ff33dfd1111e16e404minfrin published in a DLV zone, and queries the DNS to
213e520edc00641400771fc8f90b37a967a2d9ebdirkx ensure that it exists. (Note: This tool depends
2ac474e42b9281e247e7082e30c50c5bef1f2cc3rjung on python; it will not be built or installed on
213e520edc00641400771fc8f90b37a967a2d9ebdirkx systems that do not have a python interpreter.)
213e520edc00641400771fc8f90b37a967a2d9ebdirkx [RT #28099]
213e520edc00641400771fc8f90b37a967a2d9ebdirkx
a449830d5caa5b9900fe64cc383658b3641f9810dirkx3343. [placeholder]
a449830d5caa5b9900fe64cc383658b3641f9810dirkx
a449830d5caa5b9900fe64cc383658b3641f9810dirkx3342. [bug] Change #3314 broke saving of stub zones to disk
a449830d5caa5b9900fe64cc383658b3641f9810dirkx resulting in excessive cpu usage in some cases.
a449830d5caa5b9900fe64cc383658b3641f9810dirkx [RT #29952]
a449830d5caa5b9900fe64cc383658b3641f9810dirkx
a449830d5caa5b9900fe64cc383658b3641f9810dirkx3341. [func] New "dnssec-verify" command checks a signed zone
a449830d5caa5b9900fe64cc383658b3641f9810dirkx to ensure correctness of signatures and of NSEC/NSEC3
82632a19f2f9c346fee2b28a65920ba9737b3973minfrin chains. [RT #23673]
82632a19f2f9c346fee2b28a65920ba9737b3973minfrin
82632a19f2f9c346fee2b28a65920ba9737b3973minfrin3340. [func] Added new 'map' zone file format, which is an image
82632a19f2f9c346fee2b28a65920ba9737b3973minfrin of a zone database that can be loaded directly into
82632a19f2f9c346fee2b28a65920ba9737b3973minfrin memory via mmap(), allowing much faster zone loading.
0481ff0599c9e3c0c7ad5c1930939dcdac908582chrisd (Note: Because of pointer sizes and other
0481ff0599c9e3c0c7ad5c1930939dcdac908582chrisd considerations, this file format is platform-dependent;
0481ff0599c9e3c0c7ad5c1930939dcdac908582chrisd 'map' zone files cannot always be transferred from one
835d676191444a46d695171e8760d55a66c60fecminfrin server to another.) [RT #25419]
835d676191444a46d695171e8760d55a66c60fecminfrin
835d676191444a46d695171e8760d55a66c60fecminfrin3339. [func] Allow the maximum supported rsa exponent size to be
835d676191444a46d695171e8760d55a66c60fecminfrin specified: "max-rsa-exponent-size <value>;" [RT #29228]
723f9f463f1922eaef3d24d00cb289e10daa73ffminfrin
723f9f463f1922eaef3d24d00cb289e10daa73ffminfrin3338. [bug] Address race condition in units tests: asyncload_zone
723f9f463f1922eaef3d24d00cb289e10daa73ffminfrin and asyncload_zt. [RT #26100]
723f9f463f1922eaef3d24d00cb289e10daa73ffminfrin
c2213b3a46a2666e2e7606ceec509cc4978f187fminfrin3337. [bug] Change #3294 broke support for the multiple keys
c2213b3a46a2666e2e7606ceec509cc4978f187fminfrin in controls. [RT #29694]
c2213b3a46a2666e2e7606ceec509cc4978f187fminfrin
c2213b3a46a2666e2e7606ceec509cc4978f187fminfrin3336. [func] Maintain statistics for RRsets tagged as "stale".
d4562e99f620170ce0bedddc16887b900b34913bminfrin [RT #29514]
d4562e99f620170ce0bedddc16887b900b34913bminfrin
d4562e99f620170ce0bedddc16887b900b34913bminfrin3335. [func] nslookup: return a nonzero exit code when unable
fd279fe992f7171dc3f6d4d40d6db5bb74f2d96eminfrin to get an answer. [RT #29492]
fd279fe992f7171dc3f6d4d40d6db5bb74f2d96eminfrin
fd279fe992f7171dc3f6d4d40d6db5bb74f2d96eminfrin3334. [bug] Hold a zone table reference while performing a
fd279fe992f7171dc3f6d4d40d6db5bb74f2d96eminfrin asynchronous load of a zone. [RT #28326]
fed63d1b62cc7e56aad77b70ee5b5cc7f5c6aademinfrin
fed63d1b62cc7e56aad77b70ee5b5cc7f5c6aademinfrin3333. [bug] Setting resolver-query-timeout too low can cause
fed63d1b62cc7e56aad77b70ee5b5cc7f5c6aademinfrin named to not recover if it loses connectivity.
fed63d1b62cc7e56aad77b70ee5b5cc7f5c6aademinfrin [RT #29623]
fed63d1b62cc7e56aad77b70ee5b5cc7f5c6aademinfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin3332. [bug] Re-use cached DS rrsets if possible. [RT #29446]
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin3331. [security] dns_rdataslab_fromrdataset could produce bad
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin rdataslabs. [RT #29644]
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
fb8ee8b7a3a2503b95bf47685f9083e0b9834e6fminfrin3330. [func] Fix missing signatures on NOERROR results despite
fb8ee8b7a3a2503b95bf47685f9083e0b9834e6fminfrin RPZ rewriting. Also
fb8ee8b7a3a2503b95bf47685f9083e0b9834e6fminfrin - add optional "recursive-only yes|no" to the
fb8ee8b7a3a2503b95bf47685f9083e0b9834e6fminfrin response-policy statement
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd - add optional "max-policy-ttl" to the response-policy
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd statement to limit the false data that
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd "recursive-only no" can introduce into
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd resolvers' caches
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd - add a RPZ performance test to bin/tests/system/rpz
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd when queryperf is available.
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd - the encoding of PASSTHRU action to "rpz-passthru".
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd (The old encoding is still accepted.)
78a20a6e7ad3a0229900ee54c7d11a65f647b663niq [RT #26172]
9582ad6e149d28b118d4e8571101ecb6f85e0191niq
9582ad6e149d28b118d4e8571101ecb6f85e0191niq
9582ad6e149d28b118d4e8571101ecb6f85e0191niq3329. [bug] Handle RRSIG signer-name case consistently: We
78a20a6e7ad3a0229900ee54c7d11a65f647b663niq generate RRSIG records with the signer-name in
d56bacbfefa5aa883ce5162a115747372fc38d13chrisd lower case. We accept them with any case, but if
d56bacbfefa5aa883ce5162a115747372fc38d13chrisd they fail to validate, we try again in lower case.
d56bacbfefa5aa883ce5162a115747372fc38d13chrisd [RT #27451]
d56bacbfefa5aa883ce5162a115747372fc38d13chrisd
d56bacbfefa5aa883ce5162a115747372fc38d13chrisd3328. [bug] Fixed inconsistent data checking in dst_parse.c.
d64dd2fd4516c2b1b664c5e59c0628d9aff26984covener [RT #29401]
d64dd2fd4516c2b1b664c5e59c0628d9aff26984covener
d64dd2fd4516c2b1b664c5e59c0628d9aff26984covener3327. [func] Added 'filter-aaaa-on-v6' option; this is similar
ed0d39878e79220baaa50c15b79b1fdf877cb919niq to 'filter-aaaa-on-v4' but applies to IPv6
1e911973bcb9df6701a4c16c037771ecf25ade13niq connections. (Use "configure --enable-filter-aaaa"
1e911973bcb9df6701a4c16c037771ecf25ade13niq to enable this option.) [RT #27308]
1e911973bcb9df6701a4c16c037771ecf25ade13niq
1e911973bcb9df6701a4c16c037771ecf25ade13niq3326. [func] Added task list statistics: task model, worker
1e911973bcb9df6701a4c16c037771ecf25ade13niq threads, quantum, tasks running, tasks ready.
1e911973bcb9df6701a4c16c037771ecf25ade13niq [RT #27678]
a45125b6474e878ba177025a0584b71cee9c8f32trawick
e47d58d5d983426584c8d16416c50f5c58070746dirkx3325. [func] Report cache statistics: memory use, number of
e47d58d5d983426584c8d16416c50f5c58070746dirkx nodes, number of hash buckets, hit and miss counts.
e47d58d5d983426584c8d16416c50f5c58070746dirkx [RT #27056]
33aad3911b15cb5d523075f7df829274fe298a13dirkx
33aad3911b15cb5d523075f7df829274fe298a13dirkx3324. [test] Add better tests for ADB stats [RT #27057]
76f68128bb8fcea0f772d522c05dc7ec872040c2dirkx
33aad3911b15cb5d523075f7df829274fe298a13dirkx3323. [func] Report the number of buckets the resolver is using.
433dcb1fbaae82d36634f5120bff71a04296904ddirkx [RT #27020]
433dcb1fbaae82d36634f5120bff71a04296904ddirkx
433dcb1fbaae82d36634f5120bff71a04296904ddirkx3322. [func] Monitor the number of active TCP and UDP dispatches.
433dcb1fbaae82d36634f5120bff71a04296904ddirkx [RT #27055]
433dcb1fbaae82d36634f5120bff71a04296904ddirkx
433dcb1fbaae82d36634f5120bff71a04296904ddirkx3321. [func] Monitor the number of recursive fetches and the
d7fcc79b0bee660d71b0cccfe9bbc2765ee6420erederpj number of open sockets, and report these values in
d7fcc79b0bee660d71b0cccfe9bbc2765ee6420erederpj the statistics channel. [RT #27054]
d7fcc79b0bee660d71b0cccfe9bbc2765ee6420erederpj
d7fcc79b0bee660d71b0cccfe9bbc2765ee6420erederpj3320. [func] Added support for monitoring of recursing client
d7fcc79b0bee660d71b0cccfe9bbc2765ee6420erederpj count. [RT #27009]
d7fcc79b0bee660d71b0cccfe9bbc2765ee6420erederpj
65cb7f00eca6689c8a89dc809359991ade1285bcwrowe3319. [func] Added support for monitoring of ADB entry count and
65cb7f00eca6689c8a89dc809359991ade1285bcwrowe hash size. [RT #27057]
65cb7f00eca6689c8a89dc809359991ade1285bcwrowe
65cb7f00eca6689c8a89dc809359991ade1285bcwrowe3318. [tuning] Reduce the amount of work performed while holding a
65cb7f00eca6689c8a89dc809359991ade1285bcwrowe bucket lock when finished with a fetch context.
39c7699ec0799d394d3f67145d4a12ed82f587b8jorton [RT #29239]
39c7699ec0799d394d3f67145d4a12ed82f587b8jorton
39c7699ec0799d394d3f67145d4a12ed82f587b8jorton3317. [func] Add ECDSA support (RFC 6605). [RT #21918]
c6d33447e28403a90ad817dba4df75fae785be28pquerna
c6d33447e28403a90ad817dba4df75fae785be28pquerna3316. [tuning] Improved locking performance when recursing.
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin [RT #28836]
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin3315. [tuning] Use multiple dispatch objects for sending upstream
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin queries; this can improve performance on busy
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin multiprocessor systems by reducing lock contention.
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin [RT #28605]
4ede070ca63bd4c48045e35a7192582769770290jorton
4ede070ca63bd4c48045e35a7192582769770290jorton3314. [bug] The masters list could be updated while stub_callback
795c9499a77c25695bcb9710ed67bbe51492e181rpluem or refresh_callback were using it. [RT #26732]
795c9499a77c25695bcb9710ed67bbe51492e181rpluem
795c9499a77c25695bcb9710ed67bbe51492e181rpluem3313. [protocol] Add TLSA record type. [RT #28989]
a72ba68ecbbc61e4b513e50d6000245c33f753dcwrowe
a72ba68ecbbc61e4b513e50d6000245c33f753dcwrowe3312. [bug] named-checkconf didn't detect a bad dns64 clients acl.
7a079e0cd696baca90ac43e325f64582e2945c68wrowe [RT #27631]
a72ba68ecbbc61e4b513e50d6000245c33f753dcwrowe
62c53a0dab4c85bfc6a5ab9abfb1b269d9f7458dniq3311. [bug] Abort the zone dump if zone->db is NULL in
62c53a0dab4c85bfc6a5ab9abfb1b269d9f7458dniq zone.c:zone_gotwritehandle. [RT #29028]
62c53a0dab4c85bfc6a5ab9abfb1b269d9f7458dniq
ecc1538af1c08282fc2773d2eb3f1a54251862f9minfrin3310. [test] Increase table size for mutex profiling. [RT #28809]
ecc1538af1c08282fc2773d2eb3f1a54251862f9minfrin
ecc1538af1c08282fc2773d2eb3f1a54251862f9minfrin3309. [bug] resolver.c:fctx_finddone() was not thread safe.
ecc1538af1c08282fc2773d2eb3f1a54251862f9minfrin [RT #27995]
9a06b6b4e83c29429c3a23d34acc41920af2024drjung
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj3308. [placeholder]
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj3307. [bug] Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS.
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj [RT #28956]
e4b96ba15dc8b2b27d251d53e29b86da32cd5066pquerna
e4b96ba15dc8b2b27d251d53e29b86da32cd5066pquerna3306. [bug] Improve DNS64 reverse zone performance. [RT #28563]
108ebbb87b2a46f4416ec507824471a483c39fe1sctemme
108ebbb87b2a46f4416ec507824471a483c39fe1sctemme3305. [func] Add wire format lookup method to sdb. [RT #28563]
108ebbb87b2a46f4416ec507824471a483c39fe1sctemme
108ebbb87b2a46f4416ec507824471a483c39fe1sctemme3304. [bug] Use hmctx, not mctx when freeing rbtdb->heaps.
7abe34dd5a20fc8fde09dca9116b88e6ddfd55ddjorton [RT #28571]
7abe34dd5a20fc8fde09dca9116b88e6ddfd55ddjorton
7abe34dd5a20fc8fde09dca9116b88e6ddfd55ddjorton3303. [bug] named could die when reloading. [RT #28606]
10d486b9267800c5e376c22f6c0d45dc2ae86f67chrisd
10d486b9267800c5e376c22f6c0d45dc2ae86f67chrisd3302. [bug] dns_dnssec_findmatchingkeys could fail to find
10d486b9267800c5e376c22f6c0d45dc2ae86f67chrisd keys if the zone name contained character that
10d486b9267800c5e376c22f6c0d45dc2ae86f67chrisd required special mappings. [RT #28600]
3e155218733389e7b1ea3a9ffd0aea533fd929cechrisd
3e155218733389e7b1ea3a9ffd0aea533fd929cechrisd3301. [contrib] Update queryperf to build on darwin. Add -R flag
3e155218733389e7b1ea3a9ffd0aea533fd929cechrisd for non-recursive queries. [RT #28565]
3e155218733389e7b1ea3a9ffd0aea533fd929cechrisd
ab43b4a17b2ac31ccb1cf280be8c42a8a314cecbjorton3300. [bug] Named could die if gssapi was enabled in named.conf
ab43b4a17b2ac31ccb1cf280be8c42a8a314cecbjorton but was not compiled in. [RT #28338]
ab43b4a17b2ac31ccb1cf280be8c42a8a314cecbjorton
67139e2d50d1e11558d87f7042f61cb04bb0d1d2jim3299. [bug] Make SDB handle errors from database drivers better.
f3a5934ca0fb0f0f813bd9d9d06af8937e3f401fjim [RT #28534]
67139e2d50d1e11558d87f7042f61cb04bb0d1d2jim
67139e2d50d1e11558d87f7042f61cb04bb0d1d2jim3298. [bug] Named could dereference a NULL pointer in
67139e2d50d1e11558d87f7042f61cb04bb0d1d2jim zmgr_start_xfrin_ifquota if the zone was being removed.
a4ab95921be8ce5de50913cd6505d41b672eb375minfrin [RT #28419]
a4ab95921be8ce5de50913cd6505d41b672eb375minfrin
a4ab95921be8ce5de50913cd6505d41b672eb375minfrin3297. [bug] Named could die on a malformed master file. [RT #28467]
a4ab95921be8ce5de50913cd6505d41b672eb375minfrin
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin3296. [bug] Named could die with a INSIST failure in
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin client.c:exit_check. [RT #28346]
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin3295. [bug] Adjust isc_time_secondsastimet range check to be more
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin portable. [RT # 26542]
50c06405bc48121db2913925549407fd3e79bcedmturk
50c06405bc48121db2913925549407fd3e79bcedmturk3294. [bug] isccc/cc.c:table_fromwire failed to free alist on
dec02391360e503cd3437d16bed765dc653b9de5minfrin error. [RT #28265]
dec02391360e503cd3437d16bed765dc653b9de5minfrin
dec02391360e503cd3437d16bed765dc653b9de5minfrin3293. [func] nsupdate: list supported type. [RT #28261]
dec02391360e503cd3437d16bed765dc653b9de5minfrin
dec02391360e503cd3437d16bed765dc653b9de5minfrin3292. [func] Log messages in the axfr stream at debug 10.
1b27a3a26f18191db7ecb4d536cb121ba9520a8eniq [RT #28040]
1b27a3a26f18191db7ecb4d536cb121ba9520a8eniq
686ce4eade942e515b1725d0c9751da36b759a6ctrawick3291. [port] Fixed a build error on systems without ENOTSUP.
686ce4eade942e515b1725d0c9751da36b759a6ctrawick [RT #28200]
686ce4eade942e515b1725d0c9751da36b759a6ctrawick
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick3290. [bug] <isc/hmacsha.h> was not being installed. [RT #28169]
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd3289. [bug] 'rndc retransfer' failed for inline zones. [RT #28036]
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd3288. [bug] dlz_destroy() function wasn't correctly registered
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd by the DLZ dlopen driver. [RT #28056]
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd3287. [port] Update ans.pl to work with Net::DNS 0.68. [RT #28028]
8fd638698262130d00458b2c95548f6f94875847rpluem
534611d341a1a48b93c7a1fd5e333dbd261527d3rpluem3286. [bug] Managed key maintenance timer could fail to start
534611d341a1a48b93c7a1fd5e333dbd261527d3rpluem after 'rndc reconfig'. [RT #26786]
534611d341a1a48b93c7a1fd5e333dbd261527d3rpluem
79d4b708d021714647aab8b138ae671ed24765cewrowe3285. [bug] val-frdataset was incorrectly disassociated in
79d4b708d021714647aab8b138ae671ed24765cewrowe proveunsecure after calling startfinddlvsep.
79d4b708d021714647aab8b138ae671ed24765cewrowe [RT #27928]
79d4b708d021714647aab8b138ae671ed24765cewrowe
79d4b708d021714647aab8b138ae671ed24765cewrowe3284. [bug] Address race conditions with the handling of
88d0e50f16b21d4d0af0a48da7ad28fb5991834crpluem rbtnode.deadlink. [RT #27738]
88d0e50f16b21d4d0af0a48da7ad28fb5991834crpluem
88d0e50f16b21d4d0af0a48da7ad28fb5991834crpluem3283. [bug] Raw zones with with more than 512 records in a RRset
88d0e50f16b21d4d0af0a48da7ad28fb5991834crpluem failed to load. [RT #27863]
48fa058fe468025347930610ac2473094fa0f4e4chrisd
48fa058fe468025347930610ac2473094fa0f4e4chrisd3282. [bug] Restrict the TTL of NS RRset to no more than that
48fa058fe468025347930610ac2473094fa0f4e4chrisd of the old NS RRset when replacing it.
3ec4328f079d8867cc323155e59678ad9437914frooneg [RT #27792] [RT #27884]
3ec4328f079d8867cc323155e59678ad9437914frooneg
3ec4328f079d8867cc323155e59678ad9437914frooneg3281. [bug] SOA refresh queries could be treated as cancelled
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd despite succeeding over the loopback interface.
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd [RT #27782]
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd3280. [bug] Potential double free of a rdataset on out of memory
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd with DNS64. [RT #27762]
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd3279. [bug] Hold a internal reference to the zone while performing
cd59ac5e8f739afbdcd523c649550f7dce1709ceniq a asynchronous load. Address potential memory leak
db78659055df54243bca678c35bd2ce7e31a9237rooneg if the asynchronous is cancelled. [RT #27750]
edf6757df85878dc8ce11fb3840ee4cde6de5b2frooneg
db78659055df54243bca678c35bd2ce7e31a9237rooneg3278. [bug] Make sure automatic key maintenance is started
95817edd05387a5276f51fcd5db79fc21b89b55brooneg when "auto-dnssec maintain" is turned on during
95817edd05387a5276f51fcd5db79fc21b89b55brooneg "rndc reconfig". [RT #26805]
95817edd05387a5276f51fcd5db79fc21b89b55brooneg
63689d77e084e36b8194fb6df5adfc0344965e01trawick3277. [bug] win32: isc_socket_dup is not implemented. [RT #27696]
63689d77e084e36b8194fb6df5adfc0344965e01trawick
63689d77e084e36b8194fb6df5adfc0344965e01trawick3276. [bug] win32: ns_os_openfile failed to return NULL on
63689d77e084e36b8194fb6df5adfc0344965e01trawick safe_open failure. [RT #27696]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes3275. [bug] Corrected rndc -h output; the 'rndc sync -clean'
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes option had been misspelled as '-clear'. (To avoid
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes future confusion, both options now work.) [RT #27173]
a1a615ca49b162d71d88089210395c9a9cfeb539rpluem
8b67b9d3ce40755d1b58971198a02b2749d8e13dbnicholes3274. [placeholder]
8b67b9d3ce40755d1b58971198a02b2749d8e13dbnicholes
8b67b9d3ce40755d1b58971198a02b2749d8e13dbnicholes3273. [bug] AAAA responses could be returned in the additional
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes section even when filter-aaaa-on-v4 was in use.
a1a615ca49b162d71d88089210395c9a9cfeb539rpluem [RT #27292]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes3272. [func] New "rndc zonestatus" command prints information
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes about the specified zone. [RT #21671]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes
a1a615ca49b162d71d88089210395c9a9cfeb539rpluem3271. [port] darwin: mksymtbl is not always stable, loop several
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes times before giving up. mksymtbl was using non
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes portable perl to covert 64 bit hex strings. [RT #27653]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes --- 9.9.0rc2 released ---
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes3270. [bug] "rndc reload" didn't reuse existing zones correctly
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes when inline-signing was in use. [RT #27650]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes3269. [port] darwin 11 and later now built threaded by default.
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes3268. [bug] Convert RRSIG expiry times to 64 timestamps to work
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes out the earliest expiry time. [RT #23311]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes
a1a615ca49b162d71d88089210395c9a9cfeb539rpluem3267. [bug] Memory allocation failures could be mis-reported as
1b0dce86d7fc8a5aa4c89b05255be26e508c615crpluem unexpected error. New ISC_R_UNSET result code.
1b0dce86d7fc8a5aa4c89b05255be26e508c615crpluem [RT #27336]
1b0dce86d7fc8a5aa4c89b05255be26e508c615crpluem
1b0dce86d7fc8a5aa4c89b05255be26e508c615crpluem3266. [bug] The maximum number of NSEC3 iterations for a
edc5389f50ce4153e6192740f3c7a188c8cf8d67niq DNSKEY RRset was not being properly computed.
edc5389f50ce4153e6192740f3c7a188c8cf8d67niq [RT #26543]
6c05afd314b4ddd545d63b4ff5de822cc30eec79trawick
6c05afd314b4ddd545d63b4ff5de822cc30eec79trawick3265. [bug] Corrected a problem with lock ordering in the
6c05afd314b4ddd545d63b4ff5de822cc30eec79trawick inline-signing code. [RT #27557]
13cd67e9c1dacbd6b9f040bda337c725cedd98f3brianp
13cd67e9c1dacbd6b9f040bda337c725cedd98f3brianp3264. [bug] Automatic regeneration of signatures in an
a623efbff95aab78da9e030524b0fa69b054f6d0brianp inline-signing zone could stall when the server
a623efbff95aab78da9e030524b0fa69b054f6d0brianp was restarted. [RT #27344]
a623efbff95aab78da9e030524b0fa69b054f6d0brianp
a623efbff95aab78da9e030524b0fa69b054f6d0brianp3263. [bug] "rndc sync" did not affect the unsigned side of an
a623efbff95aab78da9e030524b0fa69b054f6d0brianp inline-signing zone. [RT #27337]
a623efbff95aab78da9e030524b0fa69b054f6d0brianp
0b4b04d8621478ba59f0a6ba2950ddc02ab92b58colm3262. [bug] Signed responses were handled incorrectly by RPZ.
0b4b04d8621478ba59f0a6ba2950ddc02ab92b58colm [RT #27316]
0b4b04d8621478ba59f0a6ba2950ddc02ab92b58colm
2f1bb5376c5c4022383bb729679ca751dd75a2eabrianp3261. [func] RRset ordering now defaults to random. [RT #27174]
2f1bb5376c5c4022383bb729679ca751dd75a2eabrianp
ad862ab5716726a2d72a292ba1dfb29566c86153brianp3260. [bug] "rrset-order cyclic" could appear not to rotate
ad862ab5716726a2d72a292ba1dfb29566c86153brianp for some query patterns. [RT #27170/27185]
ad862ab5716726a2d72a292ba1dfb29566c86153brianp
17d53ea32c4968e47733f1c2c063ae07d280efd6jerenkrantz --- 9.9.0rc1 released ---
17d53ea32c4968e47733f1c2c063ae07d280efd6jerenkrantz
17d53ea32c4968e47733f1c2c063ae07d280efd6jerenkrantz3259. [bug] named-compilezone: Suppress "dump zone to <file>"
2d5532b13110a8d85653da92e97795b09cc25cc2trawick message when writing to stdout. [RT #27109]
b38565306421ff53e9f7499bc728d6df5cec294dpquerna
b38565306421ff53e9f7499bc728d6df5cec294dpquerna3258. [test] Add "forcing full sign with unreadable keys" test.
b38565306421ff53e9f7499bc728d6df5cec294dpquerna [RT #27153]
b38565306421ff53e9f7499bc728d6df5cec294dpquerna
89cc93f847a5510482d72d21fc38e9edb8e04057rjung3257. [bug] Do not generate a error message when calling fsync()
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim in a pipe or socket. [RT #27109]
cfa64348224b66dd1c9979b809406c4d15b1c137fielding
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim3256. [bug] Disable empty zones for lwresd -C. [RT #27139]
cfa64348224b66dd1c9979b809406c4d15b1c137fielding
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim3255. [func] No longer require that a empty zones be explicitly
cfa64348224b66dd1c9979b809406c4d15b1c137fielding enabled or that a empty zone is disabled for
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim RFC 1918 empty zones to be configured. [RT #27139]
cfa64348224b66dd1c9979b809406c4d15b1c137fielding
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim3254. [bug] Set isc_socket_ipv6only() on the IPv6 control channels.
cfa64348224b66dd1c9979b809406c4d15b1c137fielding [RT #22249]
3253. [bug] Return DNS_R_SYNTAX when the input to a text field is
too long. [RT #26956]
3252. [bug] When master zones using inline-signing were
updated while the server was offline, the source
zone could fall out of sync with the signed
copy. They can now resynchronize. [RT #26676]
3251. [bug] Enforce a upper bound (65535 bytes) on the amount of
memory dns_sdlz_putrr() can allocate per record to
prevent run away memory consumption on ISC_R_NOSPACE.
[RT #26956]
3250. [func] 'configure --enable-developer'; turn on various
configure options, normally off by default, that
we want developers to build and test with. [RT #27103]
3249. [bug] Update log message when saving slave zones files for
analysis after load failures. [RT #27087]
3248. [bug] Configure options --enable-fixed-rrset and
--enable-exportlib were incompatible with each
other. [RT #27087]
3247. [bug] 'raw' format zones failed to preserve load order
breaking 'fixed' sort order. [RT #27087]
3246. [bug] Named failed to start with a empty also-notify list.
[RT #27087]
3245. [bug] Don't report a error unchanged serials unless there
were other changes when thawing a zone with
ixfr-fromdifferences. [RT #26845]
3244. [func] Added readline support to nslookup and nsupdate.
Also simplified nsupdate syntax to make "update"
and "prereq" optional. [RT #24659]
3243. [port] freebsd,netbsd,bsdi: the thread defaults were not
being properly set.
3242. [func] Extended the header of raw-format master files to
include the serial number of the zone from which
they were generated, if different (as in the case
of inline-signing zones). This is to be used in
inline-signing zones, to track changes between the
unsigned and signed versions of the zone, which may
have different serial numbers.
(Note: raw zonefiles generated by this version of
BIND are no longer compatible with prior versions.
To generate a backward-compatible raw zonefile
using dnssec-signzone or named-compilezone, specify
output format "raw=0" instead of simply "raw".)
[RT #26587]
3241. [bug] Address race conditions in the resolver code.
[RT #26889]
3240. [bug] DNSKEY state change events could be missed. [RT #26874]
3239. [bug] dns_dnssec_findmatchingkeys needs to use a consistent
timestamp. [RT #26883]
3238. [bug] keyrdata was not being reinitialized in
lib/dns/rbtdb.c:iszonesecure. [RT#26913]
3237. [bug] dig -6 didn't work with +trace. [RT #26906]
3236. [bug] Backed out changes #3182 and #3202, related to
EDNS(0) fallback behavior. [RT #26416]
3235. [func] dns_db_diffx, a extended dns_db_diff which returns
the generated diff and optionally writes it to a
journal. [RT #26386]
3234. [bug] 'make depend' produced invalid makefiles. [RT #26830]
3233. [bug] 'rndc freeze/thaw' didn't work for inline zones.
[RT #26632]
3232. [bug] Zero zone->curmaster before return in
dns_zone_setmasterswithkeys(). [RT #26732]
3231. [bug] named could fail to send a incompressible zone.
[RT #26796]
3230. [bug] 'dig axfr' failed to properly handle a multi-message
axfr with a serial of 0. [RT #26796]
3229. [bug] Fix local variable to struct var assignment
found by CLANG warning.
3228. [tuning] Dynamically grow symbol table to improve zone
loading performance. [RT #26523]
3227. [bug] Interim fix to make WKS's use of getprotobyname()
and getservbyname() self thread safe. [RT #26232]
3226. [bug] Address minor resource leakages. [RT #26624]
3225. [bug] Silence spurious "setsockopt(517, IPV6_V6ONLY) failed"
messages. [RT #26507]
3224. [bug] 'rndc signing' argument parsing was broken. [RT #26684]
3223. [bug] 'task_test privilege_drop' generated false positives.
[RT #26766]
3222. [cleanup] Replace dns_journal_{get,set}_bitws with
dns_journal_{get,set}_sourceserial. [RT #26634]
3221. [bug] Fixed a potential core dump on shutdown due to
referencing fetch context after it's been freed.
[RT #26720]
--- 9.9.0b2 released ---
3220. [bug] Change #3186 was incomplete; dns_db_rpz_findips()
could fail to set the database version correctly,
causing an assertion failure. [RT #26180]
3219. [bug] Disable NOEDNS caching following a timeout.
3218. [security] Cache lookup could return RRSIG data associated with
nonexistent records, leading to an assertion
failure. [RT #26590]
3217. [cleanup] Fix build problem with --disable-static. [RT #26476]
3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478]
3215. [bug] 'rndc recursing' could cause a core dump. [RT #26495]
3214. [func] Add 'named -U' option to set the number of UDP
listener threads per interface. [RT #26485]
3213. [doc] Clarify ixfr-from-differences behavior. [RT #25188]
3212. [bug] rbtdb.c: failed to remove a node from the deadnodes
list prior to adding a reference to it leading a
possible assertion failure. [RT #23219]
3211. [func] dnssec-signzone: "-f -" prints to stdout; "-O full"
option prints in single-line-per-record format.
[RT #20287]
3210. [bug] Canceling the oldest query due to recursive-client
overload could trigger an assertion failure. [RT #26463]
3209. [func] Add "dnssec-lookaside 'no'". [RT #24858]
3208. [bug] 'dig -y' handle unknown tsig algorithm better.
[RT #25522]
3207. [contrib] Fixed build error in Berkeley DB DLZ module. [RT #26444]
3206. [cleanup] Add ISC information to log at start time. [RT #25484]
3205. [func] Upgrade dig's defaults to better reflect modern
nameserver behavior. Enable "dig +adflag" and
"dig +edns=0" by default. Enable "+dnssec" when
running "dig +trace". [RT #23497]
3204. [bug] When a master server that has been marked as
unreachable sends a NOTIFY, mark it reachable
again. [RT #25960]
3203. [bug] Increase log level to 'info' for validation failures
from expired or not-yet-valid RRSIGs. [RT #21796]
3202. [bug] NOEDNS caching on timeout was too aggressive.
[RT #26416]
3201. [func] 'rndc querylog' can now be given an on/off parameter
instead of only being used as a toggle. [RT #18351]
3200. [doc] Some rndc functions were undocumented or were
missing from 'rndc -h' output. [RT #25555]
3199. [func] When logging client information, include the name
being queried. [RT #25944]
3198. [doc] Clarified that dnssec-settime can alter keyfile
permissions. [RT #24866]
3197. [bug] Don't try to log the filename and line number when
the config parser can't open a file. [RT #22263]
3196. [bug] nsupdate: return nonzero exit code when target zone
doesn't exist. [RT #25783]
3195. [cleanup] Silence "file not found" warnings when loading
managed-keys zone. [RT #26340]
3194. [doc] Updated RFC references in the 'empty-zones-enable'
documentation. [RT #25203]
3193. [cleanup] Changed MAXZONEKEYS to DNS_MAXZONEKEYS, moved to
dnssec.h. [RT #26415]
3192. [bug] A query structure could be used after being freed.
[RT #22208]
3191. [bug] Print NULL records using "unknown" format. [RT #26392]
3190. [bug] Underflow in error handling in isc_mutexblock_init.
[RT #26397]
3189. [test] Added a summary report after system tests. [RT #25517]
3188. [bug] zone.c:zone_refreshkeys() could fail to detach
references correctly when errors occurred, causing
a hang on shutdown. [RT #26372]
3187. [port] win32: support for Visual Studio 2008. [RT #26356]
--- 9.9.0b1 released ---
3186. [bug] Version/db mis-match in rpz code. [RT #26180]
3185. [func] New 'rndc signing' option for auto-dnssec zones:
- 'rndc signing -list' displays the current
state of signing operations
- 'rndc signing -clear' clears the signing state
records for keys that have fully signed the zone
- 'rndc signing -nsec3param' sets the NSEC3
parameters for the zone
The 'rndc keydone' syntax is removed. [RT #23729]
3184. [bug] named had excessive cpu usage when a redirect zone was
configured. [RT #26013]
3183. [bug] Added RTLD_GLOBAL flag to dlopen call. [RT #26301]
3182. [bug] Auth servers behind firewalls which block packets
greater than 512 bytes may cause other servers to
perform poorly. Now, adb retains edns information
and caches noedns servers. [RT #23392/24964]
3181. [func] Inline-signing is now supported for master zones.
[RT #26224]
3180. [func] Local copies of slave zones are now saved in raw
format by default, to improve startup performance.
'masterfile-format text;' can be used to override
the default, if desired. [RT #25867]
3179. [port] kfreebsd: build issues. [RT #26273]
3178. [bug] A race condition introduced by change #3163 could
cause an assertion failure on shutdown. [RT #26271]
3177. [func] 'rndc keydone', remove the indicator record that
named has finished signing the zone with the
corresponding key. [RT #26206]
3176. [doc] Corrected example code and added a README to the
sample external DLZ module in contrib/dlz/example.
[RT #26215]
3175. [bug] Fix how DNSSEC positive wildcard responses from a
NSEC3 signed zone are validated. Stop sending a
unnecessary NSEC3 record when generating such
responses. [RT #26200]
3174. [bug] Always compute to revoked key tag from scratch.
[RT #26186]
3173. [port] Correctly validate root DS responses. [RT #25726]
3172. [port] darwin 10.* and freebsd [89] are now built threaded by
default.
3171. [bug] Exclusively lock the task when adding a zone using
'rndc addzone'. [RT #25600]
--- 9.9.0a3 released ---
3170. [func] RPZ update:
- fix precedence among competing rules
- improve ARM text including documenting rule precedence
- try to rewrite CNAME chains until first hit
- new "rpz" logging channel
- RDATA for CNAME rules can include wildcards
- replace "NO-OP" named.conf policy override with
"PASSTHRU" and add "DISABLED" override ("NO-OP"
is still recognized)
[RT #25172]
3169. [func] Catch db/version mis-matches when calling dns_db_*().
[RT #26017]
3168. [bug] Nxdomain redirection could trigger an assert with
a ANY query. [RT #26017]
3167. [bug] Negative answers from forwarders were not being
correctly tagged making them appear to not be cached.
[RT #25380]
3166. [bug] Upgrading a zone to support inline-signing failed.
[RT #26014]
3165. [bug] dnssec-signzone could generate new signatures when
resigning, even when valid signatures were already
present. [RT #26025]
3164. [func] Enable DLZ modules to retrieve client information,
so that responses can be changed depending on the
source address of the query. [RT #25768]
3163. [bug] Use finer-grained locking in client.c to address
concurrency problems with large numbers of threads.
[RT #26044]
3162. [test] start.pl: modified to allow for "named.args" in
ns*/ subdirectory to override stock arguments to
named. Largely from RT#26044, but no separate ticket.
3161. [bug] zone.c:del_sigs failed to always reset rdata leading
assertion failures. [RT #25880]
3160. [bug] When printing out a NSEC3 record in multiline form
the newline was not being printed causing type codes
to be run together. [RT #25873]
3159. [bug] On some platforms, named could assert on startup
when running in a chrooted environment without
/proc. [RT #25863]
3158. [bug] Recursive servers would prefer a particular UDP
socket instead of using all available sockets.
[RT #26038]
3157. [tuning] Reduce the time spent in "rndc reconfig" by parsing
the config file before pausing the server. [RT #21373]
3156. [placeholder]
--- 9.9.0a2 released ---
3155. [bug] Fixed a build failure when using contrib DLZ
drivers (e.g., mysql, postgresql, etc). [RT #25710]
3154. [bug] Attempting to print an empty rdataset could trigger
an assert. [RT #25452]
3153. [func] Extend request-ixfr to zone level and remove the
side effect of forcing an AXFR. [RT #25156]
3152. [cleanup] Some versions of gcc and clang failed due to
incorrect use of __builtin_expect. [RT #25183]
3151. [bug] Queries for type RRSIG or SIG could be handled
incorrectly. [RT #21050]
3150. [func] Improved startup and reconfiguration time by
enabling zones to load in multiple threads. [RT #25333]
3149. [placeholder]
3148. [bug] Processing of normal queries could be stalled when
forwarding a UPDATE message. [RT #24711]
3147. [func] Initial inline signing support. [RT #23657]
--- 9.9.0a1 released ---
3146. [test] Fixed gcc4.6.0 errors in ATF. [RT #25598]
3145. [test] Capture output of ATF unit tests in "./atf.out" if
there were any errors while running them. [RT #25527]
3144. [bug] dns_dbiterator_seek() could trigger an assert when
used with a nonexistent database node. [RT #25358]
3143. [bug] Silence clang compiler warnings. [RT #25174]
3142. [bug] NAPTR is class agnostic. [RT #25429]
3141. [bug] Silence spurious "zone serial (0) unchanged" messages
associated with empty zones. [RT #25079]
3140. [func] New command "rndc flushtree <name>" clears the
specified name from the server cache along with
all names under it. [RT #19970]
3139. [test] Added tests from RFC 6234, RFC 2202, and RFC 1321
for the hashing algorithms (md5, sha1 - sha512, and
their hmac counterparts). [RT #25067]
3138. [bug] Address memory leaks and out-of-order operations when
shutting named down. [RT #25210]
3137. [func] Improve hardware scalability by allowing multiple
worker threads to process incoming UDP packets.
This can significantly increase query throughput
on some systems. [RT #22992]
3136. [func] Add RFC 1918 reverse zones to the list of built-in
empty zones switched on by the 'empty-zones-enable'
option. [RT #24990]
3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing.
See http://www.freebsd.org/cgi/query-pr.cgi?pr=158307
[RT #24950]
3134. [bug] Improve the accuracy of dnssec-signzone's signing
statistics. [RT #16030]
3133. [bug] Change #3114 was incomplete. [RT #24577]
3132. [placeholder]
3131. [tuning] Improve scalability by allocating one zone task
per 100 zones at startup time, rather than using a
fixed-size task table. [RT #24406]
3130. [func] Support alternate methods for managing a dynamic
zone's serial number. Two methods are currently
defined using serial-update-method, "increment"
(default) and "unixtime". [RT #23849]
3129. [bug] Named could crash on 'rndc reconfig' when
allow-new-zones was set to yes and named ACLs
were used. [RT #22739]
3128. [func] Inserting an NSEC3PARAM via dynamic update in an
auto-dnssec zone that has not been signed yet
will cause it to be signed with the specified NSEC3
parameters when keys are activated. The
NSEC3PARAM record will not appear in the zone until
it is signed, but the parameters will be stored.
[RT #23684]
3127. [bug] 'rndc thaw' will now remove a zone's journal file
if the zone serial number has been changed and
ixfr-from-differences is not in use. [RT #24687]
3126. [security] Using DNAME record to generate replacements caused
RPZ to exit with a assertion failure. [RT #24766]
3125. [security] Using wildcard CNAME records as a replacement with
RPZ caused named to exit with a assertion failure.
[RT #24715]
3124. [bug] Use an rdataset attribute flag to indicate
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777]
3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]
3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664]
3121. [security] An authoritative name server sending a negative
response containing a very large RRset could
trigger an off-by-one error in the ncache code
and crash named. [RT #24650]
3120. [bug] Named could fail to validate zones listed in a DLV
that validated insecure without using DLV and had
DS records in the parent zone. [RT #24631]
3119. [bug] When rolling to a new DNSSEC key, a private-type
record could be created and never marked complete.
[RT #23253]
3118. [bug] nsupdate could dump core on shutdown when using
SIG(0) keys. [RT #24604]
3117. [cleanup] Remove doc and parser references to the
never-implemented 'auto-dnssec create' option.
[RT #24533]
3116. [func] New 'dnssec-update-mode' option controls updates
of DNSSEC records in signed dynamic zones. Set to
'no-resign' to disable automatic RRSIG regeneration
while retaining the ability to sign new or changed
data. [RT #24533]
3115. [bug] Named could fail to return requested data when
following a CNAME that points into the same zone.
[RT #24455]
3114. [bug] Retain expired RRSIGs in dynamic zones if key is
inactive and there is no replacement key. [RT #23136]
3113. [doc] Document the relationship between serial-query-rate
and NOTIFY messages.
3112. [doc] Add missing descriptions of the update policy name
types "ms-self", "ms-subdomain", "krb5-self" and
"krb5-subdomain", which allow machines to update
their own records, to the BIND 9 ARM.
3111. [bug] Improved consistency checks for dnssec-enable and
dnssec-validation, added test cases to the
checkconf system test. [RT #24398]
3110. [bug] dnssec-signzone: Wrong error message could appear
when attempting to sign with no KSK. [RT #24369]
3109. [func] The also-notify option now uses the same syntax
as a zone's masters clause. This means it is
now possible to specify a TSIG key to use when
sending notifies to a given server, or to include
an explicit named masters list in an also-notify
statement. [RT #23508]
3108. [cleanup] dnssec-signzone: Clarified some error and
warning messages; removed #ifdef ALLOW_KSKLESS_ZONES
code (use -P instead). [RT #20852]
3107. [bug] dnssec-signzone: Report the correct number of ZSKs
when using -x. [RT #20852]
3106. [func] When logging client requests, include the name of
the TSIG key if any. [RT #23619]
3105. [bug] GOST support can be suppressed by "configure
--without-gost" [RT #24367]
3104. [bug] Better support for cross-compiling. [RT #24367]
3103. [bug] Configuring 'dnssec-validation auto' in a view
instead of in the options statement could trigger
an assertion failure in named-checkconf. [RT #24382]
3102. [func] New 'dnssec-loadkeys-interval' option configures
how often, in minutes, to check the key repository
for updates when using automatic key maintenance.
Default is every 60 minutes (formerly hard-coded
to 12 hours). [RT #23744]
3101. [bug] Zones using automatic key maintenance could fail
to check the key repository for updates. [RT #23744]
3100. [security] Certain response policy zone configurations could
trigger an INSIST when receiving a query of type
RRSIG. [RT #24280]
3099. [test] "dlz" system test now runs but gives R:SKIPPED if
not compiled with --with-dlz-filesystem. [RT #24146]
3098. [bug] DLZ zones were answering without setting the AA bit.
[RT #24146]
3097. [test] Add a tool to test handling of malformed packets.
[RT #24096]
3096. [bug] Set KRB5_KTNAME before calling log_cred() in
dst_gssapi_acceptctx(). [RT #24004]
3095. [bug] Handle isolated reserved ports in the port range.
[RT #23957]
3094. [doc] Expand dns64 documentation.
3093. [bug] Fix gssapi/kerberos dependencies [RT #23836]
3092. [bug] Signatures for records at the zone apex could go
stale due to an incorrect timer setting. [RT #23769]
3091. [bug] Fixed a bug in which zone keys that were published
and then subsequently activated could fail to trigger
automatic signing. [RT #22911]
3090. [func] Make --with-gssapi default [RT #23738]
3089. [func] dnssec-dsfromkey now supports reading keys from
standard input "dnssec-dsfromkey -f -". [RT# 20662]
3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
and add setup.sh in order to resolve changing
named.conf issue. [RT #23687]
3087. [bug] DDNS updates using SIG(0) with update-policy match
type "external" could cause a crash. [RT #23735]
3086. [bug] Running dnssec-settime -f on an old-style key will
now force an update to the new key format even if no
other change has been specified, using "-P now -A now"
as default values. [RT #22474]
3085. [func] New '-R' option in dnssec-signzone forces removal
of signatures which have not yet expired but
were generated by a key that no longer exists.
[RT #22471]
3084. [func] A new command "rndc sync" dumps pending changes in
a dynamic zone to disk; "rndc sync -clean" also
removes the journal file after syncing. Also,
"rndc freeze" no longer removes journal files.
[RT #22473]
3083. [bug] NOTIFY messages were not being sent when generating
a NSEC3 chain incrementally. [RT #23702]
3082. [port] strtok_r is threads only. [RT #23747]
3081. [bug] Failure of DNAME substitution did not return
YXDOMAIN. [RT #23591]
3080. [cleanup] Replaced compile time constant by STDTIME_ON_32BITS.
[RT #23587]
3079. [bug] Handle isc_event_allocate failures in t_tasks.
[RT #23572]
3078. [func] Added a new include file with function typedefs
for the DLZ "dlopen" driver. [RT #23629]
3077. [bug] zone.c:zone_refreshkeys() incorrectly called
dns_zone_attach(), use zone->irefs instead. [RT #23303]
3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and
dnssec-keyfromlabel sets the default TTL of the
key. When possible, automatic signing will use that
TTL when the key is published. [RT #23304]
3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistent
timestamp when determining which keys are active.
[RT #23642]
3074. [bug] Make the adb cache read through for zone data and
glue learn for zone named is authoritative for.
[RT #22842]
3073. [bug] managed-keys changes were not properly being recorded.
[RT #20256]
3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference.
[RT #20256]
3071. [bug] has_nsec could be used uninitialized in
update.c:next_active. [RT #20256]
3070. [bug] dnssec-signzone potential NULL pointer dereference.
[RT #20256]
3069. [cleanup] Silence warnings messages from clang static analysis.
[RT #20256]
3068. [bug] Named failed to build with a OpenSSL without engine
support. [RT #23473]
3067. [bug] ixfr-from-differences {master|slave}; failed to
select the master/slave zones. [RT #23580]
3066. [func] The DLZ "dlopen" driver is now built by default,
no longer requiring a configure option. To
disable it, use "configure --without-dlopen".
Driver also supported on win32. [RT #23467]
3065. [bug] RRSIG could have time stamps too far in the future.
[RT #23356]
3064. [bug] powerpc: add sync instructions to the end of atomic
operations. [RT #23469]
3063. [contrib] More verbose error reporting from DLZ LDAP. [RT #23402]
3062. [func] Made several changes to enhance human readability
of DNSSEC data in dig output and in generated
zone files:
- DNSKEY record comments are more verbose, no
longer used in multiline mode only
- multiline RRSIG records reformatted
- multiline output mode for NSEC3PARAM records
- "dig +norrcomments" suppresses DNSKEY comments
- "dig +split=X" breaks hex/base64 records into
fields of width X; "dig +nosplit" disables this.
[RT #22820]
3061. [func] New option "dnssec-signzone -D", only write out
generated DNSSEC records. [RT #22896]
3060. [func] New option "dnssec-signzone -X <date>" allows
specification of a separate expiration date
for DNSKEY RRSIGs and other RRSIGs. [RT #22141]
3059. [test] Added a regression test for change #3023.
3058. [bug] Cause named to terminate at startup or rndc reconfig/
reload to fail, if a log file specified in the conf
file isn't a plain file. [RT #22771]
3057. [bug] "rndc secroots" would abort after the first error
and so could miss some views. [RT #23488]
3056. [func] Added support for URI resource record. [RT #23386]
3055. [placeholder]
3054. [bug] Added elliptic curve support check in
GOST OpenSSL engine detection. [RT #23485]
3053. [bug] Under a sustained high query load with a finite
max-cache-size, it was possible for cache memory
to be exhausted and not recovered. [RT #23371]
3052. [test] Fixed last autosign test report. [RT #23256]
3051. [bug] NS records obscure DNAME records at the bottom of the
zone if both are present. [RT #23035]
3050. [bug] The autosign system test was timing dependent.
Wait for the initial autosigning to complete
before running the rest of the test. [RT #23035]
3049. [bug] Save and restore the gid when creating creating
named.pid at startup. [RT #23290]
3048. [bug] Fully separate view key management. [RT #23419]
3047. [bug] DNSKEY NODATA responses not cached fixed in
validator.c. Tests added to dnssec system test.
[RT #22908]
3046. [bug] Use RRSIG original TTL to compute validated RRset
and RRSIG TTL. [RT #23332]
3045. [removed] Replaced by change #3050.
3044. [bug] Hold the socket manager lock while freeing the socket.
[RT #23333]
3043. [test] Merged in the NetBSD ATF test framework (currently
version 0.12) for development of future unit tests.
Use configure --with-atf to build ATF internally
or configure --with-atf=prefix to use an external
copy. [RT #23209]
3042. [bug] dig +trace could fail attempting to use IPv6
addresses on systems with only IPv4 connectivity.
[RT #23297]
3041. [bug] dnssec-signzone failed to generate new signatures on
ttl changes. [RT #23330]
3040. [bug] Named failed to validate insecure zones where a node
with a CNAME existed between the trust anchor and the
top of the zone. [RT #23338]
3039. [func] Redirect on NXDOMAIN support. [RT #23146]
3038. [bug] Install <dns/rpz.h>. [RT #23342]
3037. [doc] Update COPYRIGHT to contain all the individual
copyright notices that cover various parts.
3036. [bug] Check built-in zone arguments to see if the zone
is re-usable or not. [RT #21914]
3035. [cleanup] Simplify by using strlcpy. [RT #22521]
3034. [cleanup] nslookup: use strlcpy instead of safecopy. [RT #22521]
3033. [cleanup] Add two INSIST(bucket != DNS_ADB_INVALIDBUCKET).
[RT #22521]
3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
3031. [bug] dns_rdataclass_format() handle a zero sized buffer.
[RT #22521]
3030. [bug] dns_rdatatype_format() handle a zero sized buffer.
[RT #22521]
3029. [bug] isc_netaddr_format() handle a zero sized buffer.
[RT #22521]
3028. [bug] isc_sockaddr_format() handle a zero sized buffer.
[RT #22521]
3027. [bug] Add documented REQUIREs to cfg_obj_asnetprefix() to
catch NULL pointer dereferences before they happen.
[RT #22521]
3026. [bug] lib/isc/httpd.c: check that we have enough space
after calling grow_headerspace() and if not
re-call grow_headerspace() until we do. [RT #22521]
3025. [bug] Fixed a possible deadlock due to zone resigning.
[RT #22964]
3024. [func] RTT Banding removed due to minor security increase
but major impact on resolver latency. [RT #23310]
3023. [bug] Named could be left in an inconsistent state when
receiving multiple AXFR response messages that were
not all TSIG-signed. [RT #23254]
3022. [bug] Fixed rpz SERVFAILs after failed zone transfers
[RT #23246]
3021. [bug] Change #3010 was incomplete. [RT #22296]
3020. [bug] auto-dnssec failed to correctly update the zone when
changing the DNSKEY RRset. [RT #23232]
3019. [test] Test: check apex NSEC3 records after adding DNSKEY
record via UPDATE. [RT #23229]
3018. [bug] Named failed to check for the "none;" acl when deciding
if a zone may need to be re-signed. [RT #23120]
3017. [doc] dnssec-keyfromlabel -I was not properly documented.
[RT #22887]
3016. [bug] rndc usage missing '-b'. [RT #22937]
3015. [port] win32: fix IN6_IS_ADDR_LINKLOCAL and
IN6_IS_ADDR_SITELOCAL macros. [RT #22724]
3014. [placeholder]
3013. [bug] The DNS64 ttl was not always being set as expected.
[RT #23034]
3012. [bug] Remove DNSKEY TTL change pairs before generating
signing records for any remaining DNSKEY changes.
[RT #22590]
3011. [func] Change the default query timeout from 30 seconds
to 10. Allow setting this in named.conf using the new
'resolver-query-timeout' option, which specifies a max
time in seconds. 0 means 'default' and anything longer
than 30 will be silently set to 30. [RT #22852]
3010. [bug] Fixed a bug where "rndc reconfig" stopped the timer
for refreshing managed-keys. [RT #22296]
3009. [bug] clients-per-query code didn't work as expected with
particular query patterns. [RT #22972]
--- 9.8.0b1 released ---
3008. [func] Response policy zones (RPZ) support. [RT #21726]
3007. [bug] Named failed to preserve the case of domain names in
rdata which is not compressible when writing master
files. [RT #22863]
3006. [func] Allow dynamically generated TSIG keys to be preserved
across restarts of named. Initially this is for
TSIG keys generated using GSSAPI. [RT #22639]
3005. [port] Solaris: Work around the lack of
gsskrb5_register_acceptor_identity() by setting
the KRB5_KTNAME environment variable to the
contents of tkey-gssapi-keytab. Also fixed
test errors on MacOSX. [RT #22853]
3004. [func] DNS64 reverse support. [RT #22769]
3003. [experimental] Added update-policy match type "external",
enabling named to defer the decision of whether to
allow a dynamic update to an external daemon.
(Contributed by Andrew Tridgell.) [RT #22758]
3002. [bug] isc_mutex_init_errcheck() failed to destroy attr.
[RT #22766]
3001. [func] Added a default trust anchor for the root zone, which
can be switched on by setting "dnssec-validation auto;"
in the named.conf options. [RT #21727]
3000. [bug] More TKEY/GSS fixes:
- nsupdate can now get the default realm from
the user's Kerberos principal
- corrected gsstest compilation flags
- improved documentation
- fixed some NULL dereferences
[RT #22795]
2999. [func] Add GOST support (RFC 5933). [RT #20639]
2998. [func] Add isc_task_beginexclusive and isc_task_endexclusive
to the task api. [RT #22776]
2997. [func] named -V now reports the OpenSSL and libxml2 verions
it was compiled against. [RT #22687]
2996. [security] Temporarily disable SO_ACCEPTFILTER support.
[RT #22589]
2995. [bug] The Kerberos realm was not being correctly extracted
from the signer's identity. [RT #22770]
2994. [port] NetBSD: use pthreads by default on NetBSD >= 5.0, and
do not use threads on earlier versions. Also kill
the unproven-pthreads, mit-pthreads, and ptl2 support.
2993. [func] Dynamically grow adb hash tables. [RT #21186]
2992. [contrib] contrib/check-secure-delegation.pl: A simple tool
for looking at a secure delegation. [RT #22059]
2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for
dynamic zones. [RT #22365]
2990. [bug] 'dnssec-settime -S' no longer tests prepublication
interval validity when the interval is set to 0.
[RT #22761]
2989. [func] Added support for writable DLZ zones. (Contributed
by Andrew Tridgell of the Samba project.) [RT #22629]
2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation
of external DLZ drivers that can be loaded as
shared objects at runtime rather than linked with
named. Currently this is switched on via a
compile-time option, "configure --with-dlz-dlopen".
Note: the syntax for configuring DLZ zones
is likely to be refined in future releases.
(Contributed by Andrew Tridgell of the Samba
project.) [RT #22629]
2987. [func] Improve ease of configuring TKEY/GSS updates by
adding a "tkey-gssapi-keytab" option. If set,
updates will be allowed with any key matching
a principal in the specified keytab file.
"tkey-gssapi-credential" is no longer required
and is expected to be deprecated. (Contributed
by Andrew Tridgell of the Samba project.)
[RT #22629]
2986. [func] Add new zone type "static-stub". It's like a stub
zone, but the nameserver names and/or their IP
addresses are statically configured. [RT #21474]
2985. [bug] Add a regression test for change #2896. [RT #21324]
2984. [bug] Don't run MX checks when the target of the MX record
is ".". [RT #22645]
2983. [bug] Include "loadkeys" in rndc help output. [RT #22493]
--- 9.8.0a1 released ---
2982. [bug] Reference count dst keys. dst_key_attach() can be used
increment the reference count.
Note: dns_tsigkey_createfromkey() callers should now
always call dst_key_free() rather than setting it
to NULL on success. [RT #22672]
2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991]
2980. [bug] named didn't properly handle UPDATES that changed the
TTL of the NSEC3PARAM RRset. [RT #22363]
2979. [bug] named could deadlock during shutdown if two
"rndc stop" commands were issued at the same
time. [RT #22108]
2978. [port] hpux: look for <devpoll.h> [RT #21919]
2977. [bug] 'nsupdate -l' report if the session key is missing.
[RT #21670]
2976. [bug] named could die on exit after negotiating a GSS-TSIG
key. [RT #22573]
2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
wrong lock which could lead to server deadlock.
[RT #22614]
2974. [bug] Some valid UPDATE requests could fail due to a
consistency check examining the existing version
of the zone rather than the new version resulting
from the UPDATE. [RT #22413]
2973. [bug] bind.keys.h was being removed by the "make clean"
at the end of configure resulting in build failures
where there is very old version of perl installed.
Move it to "make maintainer-clean". [RT #22230]
2972. [bug] win32: address windows socket errors. [RT #21906]
2971. [bug] Fixed a bug that caused journal files not to be
compacted on Windows systems as a result of
non-POSIX-compliant rename() semantics. [RT #22434]
2970. [security] Adding a NO DATA negative cache entry failed to clear
any matching RRSIG records. A subsequent lookup of
of NO DATA cache entry could trigger a INSIST when the
unexpected RRSIG was also returned with the NO DATA
cache entry.
CVE-2010-3613, VU#706148. [RT #22288]
2969. [security] Fix acl type processing so that allow-query works
in options and view statements. Also add a new
set of tests to verify proper functioning.
CVE-2010-3615, VU#510208. [RT #22418]
2968. [security] Named could fail to prove a data set was insecure
before marking it as insecure. One set of conditions
that can trigger this occurs naturally when rolling
DNSKEY algorithms.
CVE-2010-3614, VU#837744. [RT #22309]
2967. [bug] 'host -D' now turns on debugging messages earlier.
[RT #22361]
2966. [bug] isc_print_vsnprintf() failed to check if there was
space available in the buffer when adding a left
justified character with a non zero width,
(e.g. "%-1c"). [RT #22270]
2965. [func] Test HMAC functions using test data from RFC 2104 and
RFC 4634. [RT #21702]
2964. [placeholder]
2963. [security] The allow-query acl was being applied instead of the
allow-query-cache acl to cache lookups. [RT #22114]
2962. [port] win32: add more dependencies to BINDBuild.dsw.
[RT #22062]
2961. [bug] Be still more selective about the non-authoritative
answers we apply change 2748 to. [RT #22074]
2960. [func] Check that named accepts non-authoritative answers.
[RT #21594]
2959. [func] Check that named starts with a missing masterfile.
[RT #22076]
2958. [bug] named failed to start with a missing master file.
[RT #22076]
2957. [bug] entropy_get() and entropy_getpseudo() failed to match
the API for RAND_bytes() and RAND_pseudo_bytes()
respectively. [RT #21962]
2956. [port] Enable atomic operations on the PowerPC64. [RT #21899]
2955. [func] Provide more detail in the recursing log. [RT #22043]
2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
build_sqldbinstance failure. [RT #21623]
2953. [bug] Silence spurious "expected covering NSEC3, got an
exact match" message when returning a wildcard
no data response. [RT #21744]
2952. [port] win32: named-checkzone and named-checkconf failed
to initialize winsock. [RT #21932]
2951. [bug] named failed to generate a correct signed response
in a optout, delegation only zone with no secure
delegations. [RT #22007]
2950. [bug] named failed to perform a SOA up to date check when
falling back to TCP on UDP timeouts when
ixfr-from-differences was set. [RT #21595]
2949. [bug] dns_view_setnewzones() contained a memory leak if
it was called multiple times. [RT #21942]
2948. [port] MacOS: provide a mechanism to configure the test
interfaces at reboot. See bin/tests/system/README
for details.
2947. [placeholder]
2946. [doc] Document the default values for the minimum and maximum
zone refresh and retry values in the ARM. [RT #21886]
2945. [doc] Update empty-zones list in ARM. [RT #21772]
2944. [maint] Remove ORCHID prefix from built in empty zones.
[RT #21772]
2943. [func] Add support to load new keys into managed zones
without signing immediately with "rndc loadkeys".
Add support to link keys with "dnssec-keygen -S"
and "dnssec-settime -S". [RT #21351]
2942. [contrib] zone2sqlite failed to setup the entropy sources.
[RT #21610]
2941. [bug] sdb and sdlz (dlz's zone database) failed to support
DNAME at the zone apex. [RT #21610]
2940. [port] Remove connection aborted error message on
Windows. [RT #21549]
2939. [func] Check that named successfully skips NSEC3 records
that fail to match the NSEC3PARAM record currently
in use. [RT# 21868]
2938. [bug] When generating signed responses, from a signed zone
that uses NSEC3, named would use a uninitialized
pointer if it needed to skip a NSEC3 record because
it didn't match the selected NSEC3PARAM record for
zone. [RT# 21868]
2937. [bug] Worked around an apparent race condition in over
memory conditions. Without this fix a DNS cache DB or
ADB could incorrectly stay in an over memory state,
effectively refusing further caching, which
subsequently made a BIND 9 caching server unworkable.
This fix prevents this problem from happening by
polling the state of the memory context, rather than
making a copy of the state, which appeared to cause
a race. This is a "workaround" in that it doesn't
solve the possible race per se, but several experiments
proved this change solves the symptom. Also, the
polling overhead hasn't been reported to be an issue.
This bug should only affect a caching server that
specifies a finite max-cache-size. It's also quite
likely that the bug happens only when enabling threads,
but it's not confirmed yet. [RT #21818]
2936. [func] Improved configuration syntax and multiple-view
support for addzone/delzone feature (see change
#2930). Removed "new-zone-file" option, replaced
with "allow-new-zones (yes|no)". The new-zone-file
for each view is now created automatically, with
a filename generated from a hash of the view name.
It is no longer necessary to "include" the
new-zone-file in named.conf; this happens
automatically. Zones that were not added via
"rndc addzone" can no longer be removed with
"rndc delzone". [RT #19447]
2935. [bug] nsupdate: improve 'file not found' error message.
[RT #21871]
2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
[RT #21871]
2933. [bug] 'dig +nsid' used stack memory after it went out of
scope. This could potentially result in a unknown,
potentially malformed, EDNS option being sent instead
of the desired NSID option. [RT #21781]
2932. [cleanup] Corrected a numbering error in the "dnssec" test.
[RT #21597]
2931. [bug] Temporarily and partially disable change 2864
because it would cause infinite attempts of RRSIG
queries. This is an urgent care fix; we'll
revisit the issue and complete the fix later.
[RT #21710]
2930. [experimental] New "rndc addzone" and "rndc delzone" commands
allow dynamic addition and deletion of zones.
To enable this feature, specify a "new-zone-file"
option at the view or options level in named.conf.
Zone configuration information for the new zones
will be written into that file. To make the new
zones persist after a restart, "include" the file
into named.conf in the appropriate view. (Note:
This feature is not yet documented, and its syntax
is expected to change.) [RT #19447]
2929. [bug] Improved handling of GSS security contexts:
- added LRU expiration for generated TSIGs
- added the ability to use a non-default realm
- added new "realm" keyword in nsupdate
- limited lifetime of generated keys to 1 hour
or the lifetime of the context (whichever is
smaller)
[RT #19737]
2928. [bug] Be more selective about the non-authoritative
answer we apply change 2748 to. [RT #21594]
2927. [placeholder]
2926. [placeholder]
2925. [bug] Named failed to accept uncachable negative responses
from insecure zones. [RT# 21555]
2924. [func] 'rndc secroots' dump a combined summary of the
current managed keys combined with trusted keys.
[RT #20904]
2923. [bug] 'dig +trace' could drop core after "connection
timeout". [RT #21514]
2922. [contrib] Update zkt to version 1.0.
2921. [bug] The resolver could attempt to destroy a fetch context
too soon. [RT #19878]
2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
to IPv4 clients. New acl 'filter-aaaa' (default any).
2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.
[RT #20840]
2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
2917. [func] Virtual time test framework. [RT #20801]
2916. [func] Add framework to use IPv6 in tests.
fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
2915. [cleanup] Be smarter about which objects we attempt to compile
based on configure options. [RT #21444]
2914. [bug] Make the "autosign" system test more portable.
[RT #20997]
2913. [func] Add pkcs#11 system tests. [RT #20784]
2912. [func] Windows clients don't like UPDATE responses that clear
the zone section. [RT #20986]
2911. [bug] dnssec-signzone didn't handle out of zone records well.
[RT #21367]
2910. [func] Sanity check Kerberos credentials. [RT #20986]
2909. [bug] named-checkconf -p could die if "update-policy local;"
was specified in named.conf. [RT #21416]
2908. [bug] It was possible for re-signing to stop after removing
a DNSKEY. [RT #21384]
2907. [bug] The export version of libdns had undefined references.
[RT #21444]
2906. [bug] Address RFC 5011 implementation issues. [RT #20903]
2905. [port] aix: set use_atomic=yes with native compiler.
[RT #21402]
2904. [bug] When using DLV, sub-zones of the zones in the DLV,
could be incorrectly marked as insecure instead of
secure leading to negative proofs failing. This was
a unintended outcome from change 2890. [RT# 21392]
2903. [bug] managed-keys-directory missing from namedconf.c.
[RT #21370]
2902. [func] Add regression test for change 2897. [RT #21040]
2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
2900. [bug] The placeholder negative caching element was not
properly constructed triggering a INSIST in
dns_ncache_towire(). [RT #21346]
2899. [port] win32: Support linking against OpenSSL 1.0.0.
2898. [bug] nslookup leaked memory when -domain=value was
specified. [RT #21301]
2897. [bug] NSEC3 chains could be left behind when transitioning
to insecure. [RT #21040]
2896. [bug] "rndc sign" failed to properly update the zone
when adding a DNSKEY for publication only. [RT #21045]
2895. [func] genrandom: add support for the generation of multiple
files. [RT #20917]
2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
2893. [bug] Improve managed keys support. New named.conf option
managed-keys-directory. [RT #20924]
2892. [bug] Handle REVOKED keys better. [RT #20961]
2891. [maint] Update empty-zones list to match
draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
2890. [bug] Handle the introduction of new trusted-keys and
DS, DLV RRsets better. [RT #21097]
2889. [bug] Elements of the grammar where not properly reported.
[RT #21046]
2888. [bug] Only the first EDNS option was displayed. [RT #21273]
2887. [bug] Report the keytag times in UTC in the .key file,
local time is presented as a comment within the
comment. [RT #21223]
2886. [bug] ctime() is not thread safe. [RT #21223]
2885. [bug] Improve -fno-strict-aliasing support probing in
configure. [RT #21080]
2884. [bug] Insufficient validation in dns_name_getlabelsequence().
[RT #21283]
2883. [bug] 'dig +short' failed to handle really large datasets.
[RT #21113]
2882. [bug] Remove memory context from list of active contexts
before clearing 'magic'. [RT #21274]
2881. [bug] Reduce the amount of time the rbtdb write lock
is held when closing a version. [RT #21198]
2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
consistent. [RT #21078]
2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
[RT #21106]
2878. [func] Incrementally write the master file after performing
a AXFR. [RT #21010]
2877. [bug] The validator failed to skip obviously mismatching
RRSIGs. [RT #21138]
2876. [bug] Named could return SERVFAIL for negative responses
from unsigned zones. [RT #21131]
2875. [bug] dns_time64_fromtext() could accept non digits.
[RT #21033]
2874. [bug] Cache lack of EDNS support only after the server
successfully responds to the query using plain DNS.
[RT #20930]
2873. [bug] Canceling a dynamic update via the dns/client module
could trigger an assertion failure. [RT #21133]
2872. [bug] Modify dns/client.c:dns_client_createx() to only
require one of IPv4 or IPv6 rather than both.
[RT #21122]
2871. [bug] Type mismatch in mem_api.c between the definition and
the header file, causing build failure with
--enable-exportlib. [RT #21138]
2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
[RT #20877]
2868. [cleanup] Run "make clean" at the end of configure to ensure
any changes made by configure are integrated.
Use --with-make-clean=no to disable. [RT #20994]
2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
don't like it. [RT #20986]
2866. [bug] Windows does not like the TSIG name being compressed.
[RT #20986]
2865. [bug] memset to zero event.data. [RT #20986]
2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
[RT #21050]
2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
[RT #21056]
2862. [bug] nsupdate didn't default to the parent zone when
updating DS records. [RT #20896]
2861. [doc] dnssec-settime man pages didn't correctly document the
inactivation time. [RT #21039]
2860. [bug] named-checkconf's usage was out of date. [RT #21039]
2859. [bug] When canceling validation it was possible to leak
memory. [RT #20800]
2858. [bug] RTT estimates were not being adjusted on ICMP errors.
[RT #20772]
2857. [bug] named-checkconf did not fail on a bad trusted key.
[RT #20705]
2856. [bug] The size of a memory allocation was not always properly
recorded. [RT #20927]
2855. [func] nsupdate will now preserve the entered case of domain
names in update requests it sends. [RT #20928]
2854. [func] dig: allow the final soa record in a axfr response to
be suppressed, dig +onesoa. [RT #20929]
2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
2851. [doc] nslookup.1, removed <informalexample> from the docbook
source as it produced bad nroff. [RT #21007]
2850. [bug] If isc_heap_insert() failed due to memory shortage
the heap would have corrupted entries. [RT #20951]
2849. [bug] Don't treat errors from the xml2 library as fatal.
[RT #20945]
2848. [doc] Moved README.dnssec, README.libdns, README.pkcs11 and
README.rfc5011 into the ARM. [RT #20899]
2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921]
2846. [bug] EOF on unix domain sockets was not being handled
correctly. [RT #20731]
2845. [bug] RFC 5011 client could crash on shutdown. [RT #20903]
2844. [doc] notify-delay default in ARM was wrong. It should have
been five (5) seconds.
2843. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from
creating key files if there is a chance that the new
key ID will collide with an existing one after
either of the keys has been revoked. (To override
this in the case of dnssec-keyfromlabel, use the -y
option. dnssec-keygen will simply create a
different, non-colliding key, so an override is
not necessary.) [RT #20838]
2842. [func] Added "smartsign" and improved "autosign" and
"dnssec" regression tests. [RT #20865]
2841. [bug] Change 2836 was not complete. [RT #20883]
2840. [bug] Temporary fixed pkcs11-destroy usage check.
[RT #20760]
2839. [bug] A KSK revoked by named could not be deleted.
[RT #20881]
2838. [placeholder]
2837. [port] Prevent Linux spurious warnings about fwrite().
[RT #20812]
2836. [bug] Keys that were scheduled to become active could
be delayed. [RT #20874]
2835. [bug] Key inactivity dates were inadvertently stored in
the private key file with the outdated tag
"Unpublish" rather than "Inactive". This has been
fixed; however, any existing keys that had Inactive
dates set will now need to have them reset, using
'dnssec-settime -I'. [RT #20868]
2834. [bug] HMAC-SHA* keys that were longer than the algorithm
digest length were used incorrectly, leading to
interoperability problems with other DNS
implementations. This has been corrected.
(Note: If an oversize key is in use, and
compatibility is needed with an older release of
BIND, the new tool "isc-hmac-fixup" can convert
the key secret to a form that will work with all
versions.) [RT #20751]
2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime.
[RT #20851]
2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
to avoid redefinition in some OSs [RT 20831]
2831. [security] Do not attempt to validate or cache
out-of-bailiwick data returned with a secure
answer; it must be re-fetched from its original
source and validated in that context. [RT #20819]
2830. [bug] Changing the OPTOUT setting could take multiple
passes. [RT #20813]
2829. [bug] Fixed potential node inconsistency in rbtdb.c.
[RT #20808]
2828. [security] Cached CNAME or DNAME RR could be returned to clients
without DNSSEC validation. [RT #20737]
2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
2826. [bug] NSEC3->NSEC transitions could fail due to a lock not
being released. [RT #20740]
2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
was in the process of being created was not properly
recorded in the zone. [RT #20786]
2824. [bug] "rndc sign" was not being run by the correct task.
[RT #20759]
2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
2822. [bug] rbtdb.c:loadnode() could return the wrong result.
[RT #20802]
2821. [doc] Add note that named-checkconf doesn't automatically
read rndc.key and bind.keys [RT #20758]
2820. [func] Handle read access failure of OpenSSL configuration
file more user friendly (PKCS#11 engine patch).
[RT #20668]
2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define.
[RT #20771]
2818. [cleanup] rndc could return an incorrect error code
when a zone was not found. [RT #20767]
2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
[RT #20768]
2816. [bug] previous_closest_nsec() could fail to return
data for NSEC3 nodes [RT #29730]
2815. [bug] Exclusively lock the task when freezing a zone.
[RT #19838]
2814. [func] Provide a definitive error message when a master
zone is not loaded. [RT #20757]
2813. [bug] Better handling of unreadable DNSSEC key files.
[RT #20710]
2812. [bug] Make sure updates can't result in a zone with
NSEC-only keys and NSEC3 records. [RT #20748]
2811. [cleanup] Add "rndc sign" to list of commands in rndc usage
output. [RT #20733]
2810. [doc] Clarified the process of transitioning an NSEC3 zone
to insecure. [RT #20746]
2809. [cleanup] Restored accidentally-deleted text in usage output
in dnssec-settime and dnssec-revoke [RT #20739]
2808. [bug] Remove the attempt to install atomic.h from lib/isc.
atomic.h is correctly installed by the architecture
specific subdirectories. [RT #20722]
2807. [bug] Fixed a possible ASSERT when reconfiguring zone
keys. [RT #20720]
--- 9.7.0rc1 released ---
2806. [bug] "rdnc sign" could delay re-signing the DNSKEY
when it had changed. [RT #20703]
2805. [bug] Fixed namespace problems encountered when building
external programs using non-exported BIND9 libraries
(i.e., built without --enable-exportlib). [RT #20679]
2804. [bug] Send notifies when a zone is signed with "rndc sign"
or as a result of a scheduled key change. [RT #20700]
2803. [port] win32: Install named-journalprint, nsec3hash, arpaname
and genrandom under windows. [RT #20670]
2802. [cleanup] Rename journalprint to named-journalprint. [RT #20670]
2801. [func] Detect and report records that are different according
to DNSSEC but are semantically equal according to plain
DNS. Apply plain DNS comparisons rather than DNSSEC
comparisons when processing UPDATE requests.
dnssec-signzone now removes such semantically duplicate
records prior to signing the RRset.
named-checkzone -r {ignore|warn|fail} (default warn)
named-compilezone -r {ignore|warn|fail} (default warn)
named.conf: check-dup-records {ignore|warn|fail};
2800. [func] Reject zones which have NS records which refer to
CNAMEs, DNAMEs or don't have address record (class IN
only). Reject UPDATEs which would cause the zone
to fail the above checks if committed. [RT #20678]
2799. [cleanup] Changed the "secure-to-insecure" option to
"dnssec-secure-to-insecure", and "dnskey-ksk-only"
to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
2798. [bug] Addressed bugs in managed-keys initialization
and rollover. [RT #20683]
2797. [bug] Don't decrement the dispatch manager's maxbuffers.
[RT #20613]
2796. [bug] Missing dns_rdataset_disassociate() call in
dns_nsec3_delnsec3sx(). [RT #20681]
2795. [cleanup] Add text to differentiate "update with no effect"
log messages. [RT #18889]
2794. [bug] Install <isc/namespace.h>. [RT #20677]
2793. [func] Add "autosign" and "metadata" tests to the
automatic tests. [RT #19946]
2792. [func] "filter-aaaa-on-v4" can now be set in view
options (if compiled in). [RT #20635]
2791. [bug] The installation of isc-config.sh was broken.
[RT #20667]
2790. [bug] Handle DS queries to stub zones. [RT #20440]
2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
2788. [bug] dnssec-signzone could sign with keys that were
not requested [RT #20625]
2787. [bug] Spurious log message when zone keys were
dynamically reconfigured. [RT #20659]
2786. [bug] Additional could be promoted to answer. [RT #20663]
--- 9.7.0b3 released ---
2785. [bug] Revoked keys could fail to self-sign [RT #20652]
2784. [bug] TC was not always being set when required glue was
dropped. [RT #20655]
2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
buffer size of 512 or less. [RT #20654]
2782. [port] win32: use getaddrinfo() for hostname lookups.
[RT #20650]
2781. [bug] Inactive keys could be used for signing. [RT #20649]
2780. [bug] dnssec-keygen -A none didn't properly unset the
activation date in all cases. [RT #20648]
2779. [bug] Dynamic key revocation could fail. [RT #20644]
2778. [bug] dnssec-signzone could fail when a key was revoked
without deleting the unrevoked version. [RT #20638]
2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
2776. [bug] Change #2762 was not correct. [RT #20647]
2775. [bug] Accept RSASHA256 and RSASHA512 as NSEC3 compatible
in dnssec-keyfromlabel. [RT #20643]
2774. [bug] Existing cache DB wasn't being reused after
reconfiguration. [RT #20629]
2773. [bug] In autosigned zones, the SOA could be signed
with the KSK. [RT #20628]
2772. [security] When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]
2771. [bug] dnssec-signzone: DNSKEY records could be
corrupted when importing from key files [RT #20624]
2770. [cleanup] Add log messages to resolver.c to indicate events
causing FORMERR responses. [RT #20526]
2769. [cleanup] Change #2742 was incomplete. [RT #19589]
2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568]
2767. [bug] named could crash on startup if a zone was
configured with auto-dnssec and there was no
key-directory. [RT #20615]
2766. [bug] isc_socket_fdwatchpoke() should only update the
socketmgr state if the socket is not pending on a
read or write. [RT #20603]
2765. [bug] Skip masters for which the TSIG key cannot be found.
[RT #20595]
2764. [bug] "rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
2763. [bug] "rndc sign" didn't create an NSEC chain. [RT #20591]
2762. [bug] DLV validation failed with a local slave DLV zone.
[RT #20577]
2761. [cleanup] Enable internal symbol table for backtrace only for
systems that are known to work. Currently, BSD
variants, Linux and Solaris are supported. [RT# 20202]
2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
2759. [doc] Add information about .jbk/.jnw files to
the ARM. [RT #20303]
2758. [bug] win32: Added a workaround for a windows 2008 bug
that could cause the UDP client handler to shut
down. [RT #19176]
2757. [bug] dig: assertion failure could occur in connect
timeout. [RT #20599]
2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597]
2755. [placeholder]
2754. [bug] Secure-to-insecure transitions failed when zone
was signed with NSEC3. [RT #20587]
2753. [bug] Removed an unnecessary warning that could appear when
building an NSEC chain. [RT #20589]
2752. [bug] Locking violation. [RT #20587]
2751. [bug] Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]
2750. [bug] dig: assertion failure could occur when a server
didn't have an address. [RT #20579]
2749. [bug] ixfr-from-differences generated a non-minimal ixfr
for NSEC3 signed zones. [RT #20452]
2748. [func] Identify bad answers from GTLD servers and treat them
as referrals. [RT #18884]
2747. [bug] Journal roll forwards failed to set the re-signing
time of RRSIGs correctly. [RT #20541]
2746. [port] hpux: address signed/unsigned expansion mismatch of
dns_rbtnode_t.nsec. [RT #20542]
2745. [bug] configure script didn't probe the return type of
gai_strerror(3) correctly. [RT #20573]
2744. [func] Log if a query was over TCP. [RT #19961]
2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
for a insecure delegation.
--- 9.7.0b2 released ---
2742. [cleanup] Clarify some DNSSEC-related log messages in
validator.c. [RT #19589]
2741. [func] Allow the dnssec-keygen progress messages to be
suppressed (dnssec-keygen -q). Automatically
suppress the progress messages when stdin is not
a tty. [RT #20474]
2740. [placeholder]
2739. [cleanup] Clean up API for initializing and clearing trust
anchors for a view. [RT #20211]
2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system
test. [RT #20453]
2737. [func] UPDATE requests can leak existence information.
[RT #17261]
2736. [func] Improve the performance of NSEC signed zones with
more than a normal amount of glue below a delegation.
[RT #20191]
2735. [bug] dnssec-signzone could fail to read keys
that were specified on the command line with
full paths, but weren't in the current
directory. [RT #20421]
2734. [port] cygwin: arpaname did not compile. [RT #20473]
2733. [cleanup] Clean up coding style in pkcs11-* tools. [RT #20355]
2732. [func] Add optional filter-aaaa-on-v4 option, available
if built with './configure --enable-filter-aaaa'.
Filters out AAAA answers to clients connecting
via IPv4. (This is NOT recommended for general
use.) [RT #20339]
2731. [func] Additional work on change 2709. The key parser
will now ignore unrecognized fields when the
minor version number of the private key format
has been increased. It will reject any key with
the major version number increased. [RT #20310]
2730. [func] Have dnssec-keygen display a progress indication
a la 'openssl genrsa' on standard error. Note
when the first '.' is followed by a long stop
one has the choice between slow generation vs.
poor random quality, i.e., '-r /dev/urandom'.
[RT #20284]
2729. [func] When constructing a CNAME from a DNAME use the DNAME
TTL. [RT #20451]
2728. [bug] dnssec-keygen, dnssec-keyfromlabel and
dnssec-signzone now warn immediately if asked to
write into a nonexistent directory. [RT #20278]
2727. [func] The 'key-directory' option can now specify a relative
path. [RT #20154]
2726. [func] Added support for SHA-2 DNSSEC algorithms,
RSASHA256 and RSASHA512. [RT #20023]
2725. [doc] Added information about the file "managed-keys.bind"
to the ARM. [RT #20235]
2724. [bug] Updates to a existing node in secure zone using NSEC
were failing. [RT #20448]
2723. [bug] isc_base32_totext(), isc_base32hex_totext(), and
isc_base64_totext(), didn't always mark regions of
memory as fully consumed after conversion. [RT #20445]
2722. [bug] Ensure that the memory associated with the name of
a node in a rbt tree is not altered during the life
of the node. [RT #20431]
2721. [port] Have dst__entropy_status() prime the random number
generator. [RT #20369]
2720. [bug] RFC 5011 trust anchor updates could trigger an
assert if the DNSKEY record was unsigned. [RT #20406]
2719. [func] Skip trusted/managed keys for unsupported algorithms.
[RT #20392]
2718. [bug] The space calculations in opensslrsa_todns() were
incorrect. [RT #20394]
2717. [bug] named failed to update the NSEC/NSEC3 record when
the last private type record was removed as a result
of completing the signing the zone with a key.
[RT #20399]
2716. [bug] nslookup debug mode didn't return the ttl. [RT #20414]
--- 9.7.0b1 released ---
2715. [bug] Require OpenSSL support to be explicitly disabled.
[RT #20288]
2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
flags.
2713. [bug] powerpc: atomic operations missing asm("ics") /
__isync() calls.
2712. [func] New 'auto-dnssec' zone option allows zone signing
to be fully automated in zones configured for
dynamic DNS. 'auto-dnssec allow;' permits a zone
to be signed by creating keys for it in the
key-directory and using 'rndc sign <zone>'.
'auto-dnssec maintain;' allows that too, plus it
also keeps the zone's DNSSEC keys up to date
according to their timing metadata. [RT #19943]
2711. [port] win32: Add the bin/pkcs11 tools into the full
build. [RT #20372]
2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only'
zone option cause a zone to be signed with only KSKs
signing the DNSKEY RRset, not ZSKs. This reduces
the size of a DNSKEY answer. [RT #20340]
2709. [func] Added some data fields, currently unused, to the
private key file format, to allow implementation
of explicit key rollover in a future release
without impairing backward or forward compatibility.
[RT #20310]
2708. [func] Insecure to secure and NSEC3 parameter changes via
update are now fully supported and no longer require
defines to enable. We now no longer overload the
NSEC3PARAM flag field, nor the NSEC OPT bit at the
apex. Secure to insecure changes are controlled by
by the named.conf option 'secure-to-insecure'.
Warning: If you had previously enabled support by
adding defines at compile time to BIND 9.6 you should
ensure that all changes that are in progress have
completed prior to upgrading to BIND 9.7. BIND 9.7
is not backwards compatible.
2707. [func] dnssec-keyfromlabel no longer require engine name
to be specified in the label if there is a default
engine or the -E option has been used. Also, it
now uses default algorithms as dnssec-keygen does
(i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
[RT #20371]
2706. [bug] Loading a zone with a very large NSEC3 salt could
trigger an assert. [RT #20368]
2705. [placeholder]
2704. [bug] Serial of dynamic and stub zones could be inconsistent
with their SOA serial. [RT #19387]
2703. [func] Introduce an OpenSSL "engine" argument with -E
for all binaries which can take benefit of
crypto hardware. [RT #20230]
2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
2701. [doc] Correction to ARM: hmac-md5 is no longer the only
supported TSIG key algorithm. [RT #18046]
2700. [doc] The match-mapped-addresses option is discouraged.
[RT #12252]
2699. [bug] Missing lock in rbtdb.c. [RT #20037]
2698. [placeholder]
2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
S_IFREG are defined after including <isc/stat.h>.
[RT #20309]
2696. [bug] named failed to successfully process some valid
acl constructs. [RT #20308]
2695. [func] DHCP/DDNS - update fdwatch code for use by
DHCP. Modify the api to isc_sockfdwatch_t (the
callback function for isc_socket_fdwatchcreate)
to include information about the direction (read
or write) and add isc_socket_fdwatchpoke.
[RT #20253]
2694. [bug] Reduce default NSEC3 iterations from 100 to 10.
[RT #19970]
2693. [port] Add some noreturn attributes. [RT #20257]
2692. [port] win32: 32/64 bit cleanups. [RT #20335]
2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3
chain when re-signing a previously-signed zone.
Use -u to modify NSEC3 parameters or switch
between NSEC and NSEC3. [RT #20304]
2690. [bug] win32: fix isc_thread_key_getspecific() prototype.
[RT #20315]
2689. [bug] Correctly handle snprintf result. [RT #20306]
2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
to decide to fetch the destination address. [RT #20305]
2687. [bug] Fixed dnssec-signzone -S handling of revoked keys.
Also, added warnings when revoking a ZSK, as this is
not defined by protocol (but is legal). [RT #19943]
2686. [bug] dnssec-signzone should clean the old NSEC chain when
signing with NSEC3 and vice versa. [RT #20301]
2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
2684. [cleanup] dig: formalize +ad and +cd as synonyms for
+adflag and +cdflag. [RT #19305]
2683. [bug] dnssec-signzone should clean out old NSEC3 chains when
the NSEC3 parameters used to sign the zone change.
[RT #20246]
2682. [bug] "configure --enable-symtable=all" failed to
build. [RT #20282]
2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
decoded. [RT #20269]
2680. [func] Move contrib/pkcs11-keygen to bin/pkcs11. [RT #20067]
2679. [func] dig -k can now accept TSIG keys in named.conf
format. [RT #20031]
2678. [func] Treat DS queries as if "minimal-response yes;"
was set. [RT #20258]
2677. [func] Changes to key metadata behavior:
- Keys without "publish" or "active" dates set will
no longer be used for smart signing. However,
those dates will be set to "now" by default when
a key is created; to generate a key but not use
it yet, use dnssec-keygen -G.
- New "inactive" date (dnssec-keygen/settime -I)
sets the time when a key is no longer used for
signing but is still published.
- The "unpublished" date (-U) is deprecated in
favor of "deleted" (-D).
[RT #20247]
2676. [bug] --with-export-installdir should have been
--with-export-includedir. [RT #20252]
2675. [bug] dnssec-signzone could crash if the key directory
did not exist. [RT #20232]
--- 9.7.0a3 released ---
2674. [bug] "dnssec-lookaside auto;" crashed if named was built
without openssl. [RT #20231]
2673. [bug] The managed-keys.bind zone file could fail to
load due to a spurious result from sync_keyzone()
[RT #20045]
2672. [bug] Don't enable searching in 'host' when doing reverse
lookups. [RT #20218]
2671. [bug] Add support for PKCS#11 providers not returning
the public exponent in RSA private keys
(OpenCryptoki for instance) in
dnssec-keyfromlabel. [RT #19294]
2670. [bug] Unexpected connect failures failed to log enough
information to be useful. [RT #20205]
2669. [func] Update PKCS#11 support to support Keyper HSM.
Update PKCS#11 patch to be against openssl-0.9.8i.
2668. [func] Several improvements to dnssec-* tools, including:
- dnssec-keygen and dnssec-settime can now set key
metadata fields 0 (to unset a value, use "none")
- dnssec-revoke sets the revocation date in
addition to the revoke bit
- dnssec-settime can now print individual metadata
fields instead of always printing all of them,
and can print them in unix epoch time format for
use by scripts
[RT #19942]
2667. [func] Add support for logging stack backtrace on assertion
failure (not available for all platforms). [RT #19780]
2666. [func] Added an 'options' argument to dns_name_fromstring()
(API change from 9.7.0a2). [RT #20196]
2665. [func] Clarify syntax for managed-keys {} statement, add
ARM documentation about RFC 5011 support. [RT #19874]
2664. [bug] create_keydata() and minimal_update() in zone.c
didn't properly check return values for some
functions. [RT #19956]
2663. [func] win32: allow named to run as a service using
"NT AUTHORITY\LocalService" as the account. [RT #19977]
2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
returned a misleading error code when lwresd was
down. [RT #20028]
2661. [bug] Check whether socket fd exceeds FD_SETSIZE when
creating lwres context. [RT #20029]
2660. [func] Add a new set of DNS libraries for non-BIND9
applications. See README.libdns. [RT #19369]
2659. [doc] Clarify dnssec-keygen doc: key name must match zone
name for DNSSEC keys. [RT #19938]
2658. [bug] dnssec-settime and dnssec-revoke didn't process
key file paths correctly. [RT #20078]
2657. [cleanup] Lower "journal file <path> does not exist, creating it"
log level to debug 1. [RT #20058]
2656. [func] win32: add a "tools only" check box to the installer
which causes it to only install dig, host, nslookup,
nsupdate and relevant DLLs. [RT #19998]
2655. [doc] Document that key-directory does not affect
bind.keys, rndc.key or session.key. [RT #20155]
2654. [bug] Improve error reporting on duplicated names for
deny-answer-xxx. [RT #20164]
2653. [bug] Treat ENGINE_load_private_key() failures as key
not found rather than out of memory. [RT #18033]
2652. [func] Provide more detail about what record is being
deleted. [RT #20061]
2651. [bug] Dates could print incorrectly in K*.key files on
64-bit systems. [RT #20076]
2650. [bug] Assertion failure in dnssec-signzone when trying
to read keyset-* files. [RT #20075]
2649. [bug] Set the domain for forward only zones. [RT #19944]
2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
2647. [bug] Remove unnecessary SOA updates when a new KSK is
added. [RT #19913]
2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
which default to 64 bits. [RT #19927]
--- 9.7.0a2 released ---
2644. [bug] Change #2628 caused a regression on some systems;
named was unable to write the PID file and would
fail on startup. [RT #20001]
2643. [bug] Stub zones interacted badly with NSEC3 support.
[RT #19777]
2642. [bug] nsupdate could dump core on solaris when reading
improperly formatted key files. [RT #20015]
2641. [bug] Fixed an error in parsing update-policy syntax,
added a regression test to check it. [RT #20007]
2640. [security] A specially crafted update packet will cause named
to exit. [RT #20000]
2639. [bug] Silence compiler warnings in gssapi code. [RT #19954]
2638. [bug] Install arpaname. [RT #19957]
2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
[RT #19959]
2636. [func] Simplify zone signing and key maintenance with the
dnssec-* tools. Major changes:
- all dnssec-* tools now take a -K option to
specify a directory in which key files will be
stored
- DNSSEC can now store metadata indicating when
they are scheduled to be published, activated,
revoked or removed; these values can be set by
dnssec-keygen or overwritten by the new
dnssec-settime command
- dnssec-signzone -S (for "smart") option reads key
metadata and uses it to determine automatically
which keys to publish to the zone, use for
signing, revoke, or remove from the zone
[RT #19816]
2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
[RT #19716]
2634. [port] win32: Add support for libxml2, enable
statschannel. [RT #19773]
2633. [bug] Handle 15 bit rand() functions. [RT #19783]
2632. [func] util/kit.sh: warn if documentation appears to be out of
date. [RT #19922]
2631. [bug] Handle "//", "/./" and "/../" in mkdirpath().
[RT #19926 ]
2630. [func] Improved syntax for DDNS autoconfiguration: use
"update-policy local;" to switch on local DDNS in a
zone. (The "ddns-autoconf" option has been removed.)
[RT #19875]
2629. [port] Check for seteuid()/setegid(), use setresuid()/
setresgid() if not present. [RT #19932]
2628. [port] linux: Allow /var/run/named/named.pid to be opened
at startup with reduced capabilities in operation.
[RT #19884]
2627. [bug] Named aborted if the same key was included in
trusted-keys more than once. [RT #19918]
2626. [bug] Multiple trusted-keys could trigger an assertion
failure. [RT #19914]
2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
2624. [func] 'named-checkconf -p' will print out the parsed
configuration. [RT #18871]
2623. [bug] Named started searches for DS non-optimally. [RT #19915]
2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
2621. [doc] Made copyright boilerplate consistent. [RT #19833]
2620. [bug] Delay thawing the zone until the reload of it has
completed successfully. [RT #19750]
2619. [func] Add support for RFC 5011, automatic trust anchor
maintenance. The new "managed-keys" statement can
be used in place of "trusted-keys" for zones which
support this protocol. (Note: this syntax is
expected to change prior to 9.7.0 final.) [RT #19248]
2618. [bug] The sdb and sdlz db_interator_seek() methods could
loop infinitely. [RT #19847]
2617. [bug] ifconfig.sh failed to emit an error message when
run from the wrong location. [RT #19375]
2616. [bug] 'host' used the nameservers from resolv.conf even
when a explicit nameserver was specified. [RT #19852]
2615. [bug] "__attribute__((unused))" was in the wrong place
for ia64 gcc builds. [RT #19854]
2614. [port] win32: 'named -v' should automatically be executed
in the foreground. [RT #19844]
2613. [placeholder]
--- 9.7.0a1 released ---
2612. [func] Add default values for the arguments to
dnssec-keygen. Without arguments, it will now
generate a 1024-bit RSASHA1 zone-signing key,
or with the -f KSK option, a 2048-bit RSASHA1
key-signing key. [RT #19300]
2611. [func] Add -l option to dnssec-dsfromkey to generate
DLV records instead of DS records. [RT #19300]
2610. [port] sunos: Change #2363 was not complete. [RT #19796]
2609. [func] Simplify the configuration of dynamic zones:
- add ddns-confgen command to generate
configuration text for named.conf
- add zone option "ddns-autoconf yes;", which
causes named to generate a TSIG session key
and allow updates to the zone using that key
- add '-l' (localhost) option to nsupdate, which
causes nsupdate to connect to a locally-running
named process using the session key generated
by named
[RT #19284]
2608. [func] Perform post signing verification checks in
dnssec-signzone. These can be disabled with -P.
The post sign verification test ensures that for each
algorithm in use there is at least one non revoked
self signed KSK key. That all revoked KSK keys are
self signed. That all records in the zone are signed
by the algorithm. [RT #19653]
2607. [bug] named could incorrectly delete NSEC3 records for
empty nodes when processing a update request.
[RT #19749]
2606. [bug] "delegation-only" was not being accepted in
delegation-only type zones. [RT #19717]
2605. [bug] Accept DS responses from delegation only zones.
[RT # 19296]
2604. [func] Add support for DNS rebinding attack prevention through
new options, deny-answer-addresses and
deny-answer-aliases. Based on contributed code from
JD Nurmi, Google. [RT #18192]
2603. [port] win32: handle .exe extension of named-checkzone and
named-comilezone argv[0] names under windows.
[RT #19767]
2602. [port] win32: fix debugging command line build of libisccfg.
[RT #19767]
2601. [doc] Mention file creation mode mask in the
named manual page.
2600. [doc] ARM: miscellaneous reformatting for different
page widths. [RT #19574]
2599. [bug] Address rapid memory growth when validation fails.
[RT #19654]
2598. [func] Reserve the -F flag. [RT #19657]
2597. [bug] Handle a validation failure with a insecure delegation
from a NSEC3 signed master/slave zone. [RT #19464]
2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
long, leading to inefficient memory usage or rejecting
newer cache entries in the worst case. [RT #19563]
2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
2594. [func] Have rndc warn if using its default configuration
file when the key file also exists. [RT #19424]
2593. [bug] Improve a corner source of SERVFAILs [RT #19632]
2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
2591. [bug] named could die when processing a update in
removed_orphaned_ds(). [RT #19507]
2590. [func] Report zone/class of "update with no effect".
[RT #19542]
2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
[RT #19626]
2588. [bug] SO_REUSEADDR could be set unconditionally after failure
of bind(2) call. This should be rare and mostly
harmless, but may cause interference with other
processes that happen to use the same port. [RT #19642]
2587. [func] Improve logging by reporting serial numbers for
when zone serial has gone backwards or unchanged.
[RT #19506]
2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
or SDB. [RT #19577]
2585. [bug] Uninitialized socket name could be referenced via a
statistics channel, triggering an assertion failure in
XML rendering. [RT #19427]
2584. [bug] alpha: gcc optimization could break atomic operations.
[RT #19227]
2583. [port] netbsd: provide a control to not add the compile
date to the version string, -DNO_VERSION_DATE.
2582. [bug] Don't emit warning log message when we attempt to
remove non-existent journal. [RT #19516]
2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
Requires MySQL 5.0.19 or later. [RT #19084]
2580. [bug] UpdateRej statistics counter could be incremented twice
for one rejection. [RT #19476]
2579. [bug] DNSSEC lookaside validation failed to handle unknown
algorithms. [RT #19479]
2578. [bug] Changed default sig-signing-type to 65534, because
65535 turns out to be reserved. [RT #19477]
2577. [doc] Clarified some statistics counters. [RT #19454]
2576. [bug] NSEC record were not being correctly signed when
a zone transitions from insecure to secure.
Handle such incorrectly signed zones. [RT #19114]
2575. [func] New functions dns_name_fromstring() and
dns_name_tostring(), to simplify conversion
of a string to a dns_name structure and vice
versa. [RT #19451]
2574. [doc] Document nsupdate -g and -o. [RT #19351]
2573. [bug] Replacing a non-CNAME record with a CNAME record in a
single transaction in a signed zone failed. [RT #19397]
2572. [func] Simplify DLV configuration, with a new option
"dnssec-lookaside auto;" This is the equivalent
of "dnssec-lookaside . trust-anchor dlv.isc.org;"
plus setting a trusted-key for dlv.isc.org.
Note: The trusted key is hard-coded into named,
but is also stored in (and can be overridden
by) $sysconfdir/bind.keys. As the ISC DLV key
rolls over it can be kept up to date by replacing
the bind.keys file with a key downloaded from
https://www.isc.org/solutions/dlv. [RT #18685]
2571. [func] Add a new tool "arpaname" which translates IP addresses
to the corresponding IN-ADDR.ARPA or IP6.ARPA name.
[RT #18976]
2570. [func] Log the destination address the query was sent to.
[RT #19209]
2569. [func] Move journalprint, nsec3hash, and genrandom
commands from bin/tests into bin/tools;
"make install" will put them in $sbindir. [RT #19301]
2568. [bug] Report when the write to indicate a otherwise
successful start fails. [RT #19360]
2567. [bug] dst__privstruct_writefile() could miss write errors.
write_public_key() could miss write errors.
dnssec-dsfromkey could miss write errors.
[RT #19360]
2566. [cleanup] Clarify logged message when an insecure DNSSEC
response arrives from a zone thought to be secure:
"insecurity proof failed" instead of "not
insecure". [RT #19400]
2565. [func] Add support for HIP record. Includes new functions
dns_rdata_hip_first(), dns_rdata_hip_next()
and dns_rdata_hip_current(). [RT #19384]
2564. [bug] Only take EDNS fallback steps when processing timeouts.
[RT #19405]
2563. [bug] Dig could leak a socket causing it to wait forever
to exit. [RT #19359]
2562. [doc] ARM: miscellaneous improvements, reorganization,
and some new content.
2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
2559. [bug] dnssec-dsfromkey could compute bad DS records when
reading from a K* files. [RT #19357]
2558. [func] Set the ownership of missing directories created
for pid-file if -u has been specified on the command
line. [RT #19328]
2557. [cleanup] PCI compliance:
* new libisc log module file
* isc_dir_chroot() now also changes the working
directory to "/".
* additional INSISTs
* additional logging when files can't be removed.
2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
error checks in the correct order resulting in the
wrong error code sometimes being returned. [RT #19249]
2555. [func] dig: when emitting a hex dump also display the
corresponding characters. [RT #19258]
2554. [bug] Validation of uppercase queries from NSEC3 zones could
fail. [RT #19297]
2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
2552. [bug] zero-no-soa-ttl-cache was not being honored.
[RT #19340]
2551. [bug] Potential Reference leak on return. [RT #19341]
2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
[RT #19343]
2549. [port] linux: define NR_OPEN if not currently defined.
[RT #19344]
2548. [bug] Install iterated_hash.h. [RT #19335]
2547. [bug] openssl_link.c:mem_realloc() could reference an
out-of-range area of the source buffer. New public
function isc_mem_reallocate() was introduced to address
this bug. [RT #19313]
2546. [func] Add --enable-openssl-hash configure flag to use
OpenSSL (in place of internal routine) for hash
functions (MD5, SHA[12] and HMAC). [RT #18815]
2545. [doc] ARM: Legal hostname checking (check-names) is
for SRV RDATA too. [RT #19304]
2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
2542. [doc] Update the description of dig +adflag. [RT #19290]
2541. [bug] Conditionally update dispatch manager statistics.
[RT #19247]
2540. [func] Add a nibble mode to $GENERATE. [RT #18872]
2539. [security] Update the interaction between recursion, allow-query,
allow-query-cache and allow-recursion. [RT #19198]
2538. [bug] cache/ADB memory could grow over max-cache-size,
especially with threads and smaller max-cache-size
values. [RT #19240]
2537. [func] Added more statistics counters including those on socket
I/O events and query RTT histograms. [RT #18802]
2536. [cleanup] Silence some warnings when -Werror=format-security is
specified. [RT #19083]
2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
2534. [func] Check NAPTR records regular expressions and
replacement strings to ensure they are syntactically
valid and consistent. [RT #18168]
2533. [doc] ARM: document @ (at-sign). [RT #17144]
2532. [bug] dig: check the question section of the response to
see if it matches the asked question. [RT #18495]
2531. [bug] Change #2207 was incomplete. [RT #19098]
2530. [bug] named failed to reject insecure to secure transitions
via UPDATE. [RT #19101]
2529. [cleanup] Upgrade libtool to silence complaints from recent
version of autoconf. [RT #18657]
2528. [cleanup] Silence spurious configure warning about
--datarootdir [RT #19096]
2527. [placeholder]
2526. [func] New named option "attach-cache" that allows multiple
views to share a single cache to save memory and
improve lookup efficiency. Based on contributed code
from Barclay Osborn, Google. [RT #18905]
2525. [func] New logging category "query-errors" to provide detailed
internal information about query failures, especially
about server failures. [RT #19027]
2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
2523. [bug] Random type rdata freed by dns_nsec_typepresent().
[RT #19112]
2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
2521. [bug] Improve epoll cross compilation support. [RT #19047]
2520. [bug] Update xml statistics version number to 2.0 as change
#2388 made the schema incompatible to the previous
version. [RT #19080]
2519. [bug] dig/host with -4 or -6 didn't work if more than two
nameserver addresses of the excluded address family
preceded in resolv.conf. [RT #19081]
2518. [func] Add support for the new CERT types from RFC 4398.
[RT #19077]
2517. [bug] dig +trace with -4 or -6 failed when it chose a
nameserver address of the excluded address type.
[RT #18843]
2516. [bug] glue sort for responses was performed even when not
needed. [RT #19039]
2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
[RT #19063]
2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
a nameserver of the excluded address family.
[RT #18848]
2513. [bug] Fix windows cli build. [RT #19062]
2512. [func] Print a summary of the cached records which make up
the negative response. [RT #18885]
2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
[RT #18885]
2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
[RT #19033]
2509. [bug] Specifying a fixed query source port was broken.
[RT #19051]
2508. [placeholder]
2507. [func] Log the recursion quota values when killing the
oldest query or refusing to recurse due to quota.
[RT #19022]
2506. [port] solaris: Check at configure time if
hack_shutup_pthreadonceinit is needed. [RT #19037]
2505. [port] Treat amd64 similarly to x86_64 when determining
atomic operation support. [RT #19031]
2504. [bug] Address race condition in the socket code. [RT #18899]
2503. [port] linux: improve compatibility with Linux Standard
Base. [RT #18793]
2502. [cleanup] isc_radix: Improve compliance with coding style,
document function in <isc/radix.h>. [RT #18534]
2501. [func] $GENERATE now supports all rdata types. Multi-field
rdata types need to be quoted. See the ARM for
details. [RT #18368]
2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
function. [RT #18582]
2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
[RT #18837]
--- 9.6.0rc1 released ---
2498. [bug] Removed a bogus function argument used with
ISC_SOCKET_USE_POLLWATCH: it could cause compiler
warning or crash named with the debug 1 level
of logging. [RT #18917]
2497. [bug] Don't add RRSIG bit to NSEC3 bit map for insecure
delegation.
2496. [bug] Add sanity length checks to NSID option. [RT #18813]
2495. [bug] Tighten RRSIG checks. [RT #18795]
2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
installed. [RT #18826]
2493. [bug] The linux capabilities code was not correctly cleaning
up after itself. [RT #18767]
2492. [func] Rndc status now reports the number of cpus discovered
and the number of worker threads when running
multi-threaded. [RT #18273]
2491. [func] Attempt to re-use a local port if we are already using
the port. [RT #18548]
2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
is cleared when IPV6_V6ONLY is set. [RT #18785]
2489. [port] solaris: Workaround Solaris's kernel bug about
/dev/poll:
http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
Define ISC_SOCKET_USE_POLLWATCH at build time to enable
this workaround. [RT #18870]
2488. [func] Added a tool, dnssec-dsfromkey, to generate DS records
from keyset and .key files. [RT #18694]
2487. [bug] Give TCP connections longer to complete. [RT #18675]
2486. [func] The default locations for named.pid and lwresd.pid
are now /var/run/named/named.pid and
/var/run/lwresd/lwresd.pid respectively.
This allows the owner of the containing directory
to be set, for "named -u" support, and allows there
to be a permanent symbolic link in the path, for
"named -t" support. [RT #18306]
2485. [bug] Change update's the handling of obscured RRSIG
records. Not all orphaned DS records were being
removed. [RT #18828]
2484. [bug] It was possible to trigger a REQUIRE failure when
adding NSEC3 proofs to the response in
query_addwildcardproof(). [RT #18828]
2483. [port] win32: chroot() is not supported. [RT #18805]
2482. [port] libxml2: support versions 2.7.* in addition
to 2.6.*. [RT #18806]
--- 9.6.0b1 released ---
2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
collisions. [RT #18812]
2480. [bug] named could fail to emit all the required NSEC3
records. [RT #18812]
2479. [bug] xfrout:covers was not properly initialized. [RT #18801]
2478. [bug] 'addresses' could be used uninitialized in
configure_forward(). [RT #18800]
2477. [bug] dig: the global option to print the command line is
+cmd not print_cmd. Update the output to reflect
this. [RT #17008]
2476. [doc] ARM: improve documentation for max-journal-size and
ixfr-from-differences. [RT #15909] [RT #18541]
2475. [bug] LRU cache cleanup under overmem condition could purge
particular entries more aggressively. [RT #17628]
2474. [bug] ACL structures could be allocated with insufficient
space, causing an array overrun. [RT #18765]
2473. [port] linux: raise the limit on open files to the possible
maximum value before spawning threads; 'files'
specified in named.conf doesn't seem to work with
threads as expected. [RT #18784]
2472. [port] linux: check the number of available cpu's before
calling chroot as it depends on "/proc". [RT #16923]
2471. [bug] named-checkzone was not reporting missing mandatory
glue when sibling checks were disabled. [RT #18768]
2470. [bug] Elements of the isc_radix_node_t could be incorrectly
overwritten. [RT# 18719]
2469. [port] solaris: Work around Solaris's select() limitations.
[RT #18769]
2468. [bug] Resolver could try unreachable servers multiple times.
[RT #18739]
2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
[RT #18302]
2465. [bug] Adb's handling of lame addresses was different
for IPv4 and IPv6. [RT #18738]
2464. [port] linux: check that a capability is present before
trying to set it. [RT #18135]
2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
API and glibc hides parts of the IPv6 Advanced Socket
API as a result. This is stupid as it breaks how the
two halves (Basic and Advanced) of the IPv6 Socket API
were designed to be used but we have to live with it.
Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
API. [RT #18388]
2462. [doc] Document -m (enable memory usage debugging)
option for dig. [RT #18757]
2461. [port] sunos: Change #2363 was not complete. [RT #17513]
--- 9.6.0a1 released ---
2460. [bug] Don't call dns_db_getnsec3parameters() on the cache.
[RT #18697]
2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
2458. [doc] ARM: update and correction for max-cache-size.
[RT #18294]
2457. [tuning] max-cache-size is reverted to 0, the previous
default. It should be safe because expired cache
entries are also purged. [RT #18684]
2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
address, regardless of family. They now correctly
distinguish IPv4 from IPv6. [RT #18559]
2455. [bug] Stop metadata being transferred via axfr/ixfr.
[RT #18639]
2454. [func] nsupdate: you can now set a default ttl. [RT #18317]
2453. [bug] Remove NULL pointer dereference in dns_journal_print().
[RT #18316]
2452. [func] Improve bin/test/journalprint. [RT #18316]
2451. [port] solaris: handle runtime linking better. [RT #18356]
2450. [doc] Fix lwresd docbook problem for manual page.
[RT #18672]
2449. [placeholder]
2448. [func] Add NSEC3 support. [RT #15452]
2447. [cleanup] libbind has been split out as a separate product.
2446. [func] Add a new log message about build options on startup.
A new command-line option '-V' for named is also
provided to show this information. [RT# 18645]
2445. [doc] ARM out-of-date on empty reverse zones (list includes
RFC1918 address, but these are not yet compiled in).
[RT #18578]
2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
(clear DF) for UDP responses and requests.
2443. [bug] win32: UDP connect() would not generate an event,
and so connected UDP sockets would never clean up.
Fix this by doing an immediate WSAConnect() rather
than an io completion port type for UDP.
2442. [bug] A lock could be destroyed twice. [RT# 18626]
2441. [bug] isc_radix_insert() could copy radix tree nodes
incompletely. [RT #18573]
2440. [bug] named-checkconf used an incorrect test to determine
if an ACL was set to none.
2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
[RT #18559]
2438. [bug] Timeouts could be logged incorrectly under win32.
2437. [bug] Sockets could be closed too early, leading to
inconsistent states in the socket module. [RT #18298]
2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
2435. [bug] Fixed an ACL memory leak affecting win32.
2434. [bug] Fixed a minor error-reporting bug in
lib/isc/win32/socket.c.
2433. [tuning] Set initial timeout to 800ms.
2432. [bug] More Windows socket handling improvements. Stop
using I/O events and use IO Completion Ports
throughout. Rewrite the receive path logic to make
it easier to support multiple simultaneous
requesters in the future. Add stricter consistency
checking as a compile-time option (define
ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
2431. [bug] Acl processing could leak memory. [RT #18323]
2430. [bug] win32: isc_interval_set() could round down to
zero if the input was less than NS_INTERVAL
nanoseconds. Round up instead. [RT #18549]
2429. [doc] nsupdate should be in section 1 of the man pages.
[RT #18283]
2428. [bug] dns_iptable_merge() mishandled merges of negative
tables. [RT #18409]
2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
was set. [RT #18528]
2426. [bug] libbind: inet_net_pton() can sometimes return the
wrong value if excessively large net masks are
supplied. [RT #18512]
2425. [bug] named didn't detect unavailable query source addresses
at load time. [RT #18536]
2424. [port] configure now probes for a working epoll
implementation. Allow the use of kqueue,
epoll and /dev/poll to be selected at compile
time. [RT #18277]
2423. [security] Randomize server selection on queries, so as to
make forgery a little more difficult. Instead of
always preferring the server with the lowest RTT,
pick a server with RTT within the same 128
millisecond band. [RT #18441]
2422. [bug] Handle the special return value of a empty node as
if it was a NXRRSET in the validator. [RT #18447]
2421. [func] Add new command line option '-S' for named to specify
the max number of sockets. [RT #18493]
Use caution: this option may not work for some
operating systems without rebuilding named.
2420. [bug] Windows socket handling cleanup. Let the io
completion event send out canceled read/write
done events, which keeps us from writing to memory
we no longer have ownership of. Add debugging
socket_log() function. Rework TCP socket handling
to not leak sockets.
2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
should not be used for isc_sockettype_fdwatch sockets.
[RT #18521]
2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
[RT #18430]
2417. [bug] Connecting UDP sockets for outgoing queries could
unexpectedly fail with an 'address already in use'
error. [RT #18411]
2416. [func] Log file descriptors that cause exceeding the
internal maximum. [RT #18460]
2415. [bug] 'rndc dumpdb' could trigger various assertion failures
in rbtdb.c. [RT #18455]
2414. [bug] A masterdump context held the database lock too long,
causing various troubles such as dead lock and
recursive lock acquisition. [RT #18311, #18456]
2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
2412. [bug] win32: address a resource leak. [RT #18374]
2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
at compilation time. [RT #18433]
Note: with changes #2469 and #2421 above, there is no
need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
any more.
2410. [bug] Correctly delete m_versionInfo. [RT #18432]
2409. [bug] Only log that we disabled EDNS processing if we were
subsequently successful. [RT #18029]
2408. [bug] A duplicate TCP dispatch event could be sent, which
could then trigger an assertion failure in
resquery_response(). [RT #18275]
2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
2406. [placeholder]
2405. [cleanup] The default value for dnssec-validation was changed to
"yes" in 9.5.0-P1 and all subsequent releases; this
was inadvertently omitted from CHANGES at the time.
2404. [port] hpux: files unlimited support.
2403. [bug] TSIG context leak. [RT #18341]
2402. [port] Support Solaris 2.11 and over. [RT #18362]
2401. [bug] Expect to get E[MN]FILE errno internal_accept()
(from accept() or fcntl() system calls). [RT #18358]
2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
[RT #18297]
2399. [placeholder]
2398. [bug] Improve file descriptor management. New,
temporary, named.conf option reserved-sockets,
default 512. [RT #18344]
2397. [bug] gssapi_functions had too many elements. [RT #18355]
2396. [bug] Don't set SO_REUSEADDR for randomized ports.
[RT #18336]
2395. [port] Avoid warning and no effect from "files unlimited"
on Linux when running as root. [RT #18335]
2394. [bug] Default configuration options set the limit for
open files to 'unlimited' as described in the
documentation. [RT #18331]
2393. [bug] nested acls containing keys could trigger an
assertion in acl.c. [RT #18166]
2392. [bug] remove 'grep -q' from acl test script, some platforms
don't support it. [RT #18253]
2391. [port] hpux: cover additional recvmsg() error codes.
[RT #18301]
2390. [bug] dispatch.c could make a false warning on 'odd socket'.
[RT #18301].
2389. [bug] Move the "working directory writable" check to after
the ns_os_changeuser() call. [RT #18326]
2388. [bug] Avoid using tables for layout purposes in
statistics XSL [RT #18159].
2387. [bug] Silence compiler warnings in lib/isc/radix.c.
[RT #18147] [RT #18258]
2386. [func] Add warning about too small 'open files' limit.
[RT #18269]
2385. [bug] A condition variable in socket.c could leak in
rare error handling [RT #17968].
2384. [security] Fully randomize UDP query ports to improve
forgery resilience. [RT #17949, #18098]
2383. [bug] named could double queries when they resulted in
SERVFAIL due to overkilling EDNS0 failure detection.
[RT #18182]
2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
to ARM.
2381. [port] dlz/mysql: support multiple install layouts for
mysql. <prefix>/include/{,mysql/}mysql.h and
<prefix>/lib/{,mysql/}. [RT #18152]
2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
proofs which, in turn, caused validation failures
for insecure zones immediately below a secure zone
the server was authoritative for. [RT #18112]
2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
TLDs and supported RRs with TTLs [RT #17972]
2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
[RT #18169]
2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
2376. [bug] Change #2144 was not complete.
2375. [placeholder]
2374. [bug] "blackhole" ACLs could cause named to segfault due
to some uninitialized memory. [RT #18095]
2373. [bug] Default values of zone ACLs were re-parsed each time a
new zone was configured, causing an overconsumption
of memory. [RT #18092]
2372. [bug] Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
2371. [doc] Add +nsid option to dig man page. [RT #18039]
2370. [bug] "rndc freeze" could trigger an assertion in named
when called on a nonexistent zone. [RT #18050]
2369. [bug] libbind: Array bounds overrun on read in bitncmp().
[RT #18054]
2368. [port] Linux: use libcap for capability management if
possible. [RT# 18026]
2367. [bug] Improve counting of dns_resstatscounter_retry
[RT #18030]
2366. [bug] Adb shutdown race. [RT #18021]
2365. [bug] Fix a bug that caused dns_acl_isany() to return
spurious results. [RT #18000]
2364. [bug] named could trigger a assertion when serving a
malformed signed zone. [RT #17828]
2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
[RT #17513]
2362. [cleanup] Make "rrset-order fixed" a compile-time option.
settable by "./configure --enable-fixed-rrset".
Disabled by default. [RT #17977]
2361. [bug] "recursion" statistics counter could be counted
multiple times for a single query. [RT #17990]
2360. [bug] Fix a condition where we release a database version
(which may acquire a lock) while holding the lock.
2359. [bug] Fix NSID bug. [RT #17942]
2358. [doc] Update host's default query description. [RT #17934]
2357. [port] Don't use OpenSSL's engine support in versions before
OpenSSL 0.9.7f. [RT #17922]
2356. [bug] Built in mutex profiler was not scalable enough.
[RT #17436]
2355. [func] Extend the number statistics counters available.
[RT #17590]
2354. [bug] Failed to initialize some rdatasetheader_t elements.
[RT #17927]
2353. [func] Add support for Name Server ID (RFC 5001).
'dig +nsid' requests NSID from server.
'request-nsid yes;' causes recursive server to send
NSID requests to upstream servers. Server responds
to NSID requests with the string configured by
'server-id' option. [RT #17091]
2352. [bug] Various GSS_API fixups. [RT #17729]
2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
2350. [port] win32: IPv6 support. [RT #17797]
2349. [func] Provide incremental re-signing support for secure
dynamic zones. [RT #1091]
2348. [func] Use the EVP interface to OpenSSL. Add PKCS#11 support.
Documentation is in the new README.pkcs11 file.
New tool, dnssec-keyfromlabel, which takes the
label of a key pair in a HSM and constructs a DNS
key pair for use by named and dnssec-signzone.
[RT #16844]
2347. [bug] Delete now traverses the RB tree in the canonical
order. [RT #17451]
2346. [func] Memory statistics now cover all active memory contexts
in increased detail. [RT #17580]
2345. [bug] named-checkconf failed to detect when forwarders
were set at both the options/view level and in
a root zone. [RT #17671]
2344. [bug] Improve "logging{ file ...; };" documentation.
[RT #17888]
2343. [bug] (Seemingly) duplicate IPv6 entries could be
created in ADB. [RT #17837]
2342. [func] Use getifaddrs() if available under Linux. [RT #17224]
2341. [bug] libbind: add missing -I../include for off source
tree builds. [RT #17606]
2340. [port] openbsd: interface configuration. [RT #17700]
2339. [port] tru64: support for libbind. [RT #17589]
2338. [bug] check_ds() could be called with a non DS rdataset.
[RT #17598]
2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
2336. [func] If "named -6" is specified then listen on all IPv6
interfaces if there are not listen-on-v6 clauses in
named.conf. [RT #17581]
2335. [port] sunos: libbind and *printf() support for long long.
[RT #17513]
2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
bug in fromstruct_txt(). [RT #17609]
2333. [bug] Fix off by one error in isc_time_nowplusinterval().
[RT #17608]
2332. [contrib] query-loc-0.4.0. [RT #17602]
2331. [bug] Failure to regenerate any signatures was not being
reported nor being past back to the UPDATE client.
[RT #17570]
2330. [bug] Remove potential race condition when handling
over memory events. [RT #17572]
WARNING: API CHANGE: over memory callback
function now needs to call isc_mem_waterack().
See <isc/mem.h> for details.
2329. [bug] Clearer help text for dig's '-x' and '-i' options.
2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
M.ROOT-SERVERS.NET.
2327. [bug] It was possible to dereference a NULL pointer in
rbtdb.c. Implement dead node processing in zones as
we do for caches. [RT #17312]
2326. [bug] It was possible to trigger a INSIST in the acache
processing.
2325. [port] Linux: use capset() function if available. [RT #17557]
2324. [bug] Fix IPv6 matching against "any;". [RT #17533]
2323. [port] tru64: namespace clash. [RT #17547]
2322. [port] MacOS: work around the limitation of setrlimit()
for RLIMIT_NOFILE. [RT #17526]
2321. [placeholder]
2320. [func] Make statistics counters thread-safe for platforms
that support certain atomic operations. [RT #17466]
2319. [bug] Silence Coverity warnings in
lib/dns/rdata/in_1/apl_42.c. [RT #17469]
2318. [port] sunos fixes for libbind. [RT #17514]
2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
[RT #17513]
2315. [bug] Used incorrect address family for mapped IPv4
addresses in acl.c. [RT #17519]
2314. [bug] Uninitialized memory use on error path in
bin/named/lwdnoop.c. [RT #17476]
2313. [cleanup] Silence Coverity warnings. Handle private stacks.
[RT #17447] [RT #17478]
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
[RT #17458]
2311. [bug] IPv6 addresses could match IPv4 ACL entries and
vice versa. [RT #17462]
2310. [bug] dig, host, nslookup: flush stdout before emitting
debug/fatal messages. [RT #17501]
2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
[RT #17455]
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
[RT #17495]
2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
2306. [bug] Remove potential race from lib/dns/resolver.c.
[RT #17470]
2305. [security] inet_network() buffer overflow. CVE-2008-0122.
2304. [bug] Check returns from all dns_rdata_tostruct() calls.
[RT #17460]
2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
[RT #17471]
2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
2301. [bug] Remove resource leak and fix error messages in
bin/tests/system/lwresd/lwtest.c. [RT #17474]
2300. [bug] Fixed failure to close open file in
bin/tests/names/t_names.c. [RT #17473]
2299. [bug] Remove unnecessary NULL check in
bin/nsupdate/nsupdate.c. [RT #17475]
2298. [bug] isc_mutex_lock() failure not caught in
bin/tests/timers/t_timers.c. [RT #17468]
2297. [bug] isc_entropy_createfilesource() failure not caught in
bin/tests/dst/t_dst.c. [RT #17467]
2296. [port] Allow docbook stylesheet location to be specified to
configure. [RT #17457]
2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
[RT #17459]
2294. [func] Allow the experimental statistics channels to have
multiple connections and ACL.
Note: the stats-server and stats-server-v6 options
available in the previous beta releases are replaced
with the generic statistics-channels statement.
2293. [func] Add ACL regression test. [RT #17375]
2292. [bug] Log if the working directory is not writable.
[RT #17312]
2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
failure to set PR_SET_DUMPABLE. [RT #17312]
2290. [bug] Let AD in the query signal that the client wants AD
set in the response. [RT #17301]
2289. [func] named-checkzone now reports the out-of-zone CNAME
found. [RT #17309]
2288. [port] win32: mark service as running when we have finished
loading. [RT #17441]
2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
2286. [func] Allow a TCP connection to be used as a weak
authentication method for reverse zones.
New update-policy methods tcp-self and 6to4-self.
[RT #17378]
2285. [func] Test framework for client memory context management.
[RT #17377]
2284. [bug] Memory leak in UPDATE prerequisite processing.
[RT #17377]
2283. [bug] TSIG keys were not attaching to the memory
context. TSIG keys should use the rings
memory context rather than the clients memory
context. [RT #17377]
2282. [bug] Acl code fixups. [RT #17346] [RT #17374]
2281. [bug] Attempts to use undefined acls were not being logged.
[RT #17307]
2280. [func] Allow the experimental http server to be reached
over IPv6 as well as IPv4. [RT #17332]
2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
to protect applications from receiving spurious
SIGPIPE signals when using the resolver.
2278. [bug] win32: handle the case where Windows returns no
search list or DNS suffix. [RT #17354]
2277. [bug] Empty zone names were not correctly being caught at
in the post parse checks. [RT #17357]
2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
2275. [func] Add support to dig to perform IXFR queries over UDP.
[RT #17235]
2274. [func] Log zone transfer statistics. [RT #17336]
2273. [bug] Adjust log level to WARNING when saving inconsistent
stub/slave master and journal files. [RT# 17279]
2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
[RT #17262]
2271. [bug] Fix a memory leak in http server code [RT #17100]
2270. [bug] dns_db_closeversion() version->writer could be reset
before it is tested. [RT #17290]
2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
list.
--- 9.5.0b1 released ---
2267. [bug] Radix tree node_num value could be set incorrectly,
causing positive ACL matches to look like negative
ones. [RT #17311]
2266. [bug] client.c:get_clientmctx() returned the same mctx
once the pool of mctx's was filled. [RT #17218]
2265. [bug] Test that the memory context's basic_table is non NULL
before freeing. [RT #17265]
2264. [bug] Server prefix length was being ignored. [RT #17308]
2263. [bug] "named-checkconf -z" failed to set default value
for "check-integrity". [RT #17306]
2262. [bug] Error status from all but the last view could be
lost. [RT #17292]
2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
2260. [bug] Reported wrong clients-per-query when increasing the
value. [RT #17236]
2259. [placeholder]
--- 9.5.0a7 released ---
2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
[RT #17241]
2257. [bug] win32: Use the full path to vcredist_x86.exe when
calling it. [RT #17222]
2256. [bug] win32: Correctly register the installation location of
bindevt.dll. [RT #17159]
2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
2254. [bug] timer.c:dispatch() failed to lock timer->lock
when reading timer->idle allowing it to see
intermediate values as timer->idle was reset by
isc_timer_touch(). [RT #17243]
2253. [func] "max-cache-size" defaults to 32M.
"max-acache-size" defaults to 16M.
2252. [bug] Fixed errors in sortlist code [RT #17216]
2251. [placeholder]
2250. [func] New flag 'memstatistics' to state whether the
memory statistics file should be written or not.
Additionally named's -m option will cause the
statistics file to be written. [RT #17113]
2249. [bug] Only set Authentic Data bit if client requested
DNSSEC, per RFC 3655 [RT #17175]
2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
2247. [doc] Sort doc/misc/options. [RT #17067]
2246. [bug] Make the startup of test servers (ans.pl) more
robust. [RT #17147]
2245. [bug] Validating lack of DS records at trust anchors wasn't
working. [RT #17151]
2244. [func] Allow the check of nameserver names against the
SOA MNAME field to be disabled by specifying
'notify-to-soa yes;'. [RT #17073]
2243. [func] Configuration files without a newline at the end now
parse without error. [RT #17120]
2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
library could require a source of random data.
[RT #17127]
2241. [func] nsupdate: add a interactive 'help' command. [RT #17099]
2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
a number of INSIST()s into plain fatal() errors
which report the triggering result code.
The 'key' command wasn't disabling GSS-TSIG.
[RT #17099]
2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
2238. [bug] It was possible to trigger a REQUIRE when a
validation was canceled. [RT #17106]
2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
2236. [bug] dnssec-signzone failed to preserve the case of
of wildcard owner names. [RT #17085]
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
2233. [func] Add support for O(1) ACL processing, based on
radix tree code originally written by Kevin
Brintnall. [RT #16288]
2232. [bug] dns_adb_findaddrinfo() could fail and return
ISC_R_SUCCESS. [RT #17137]
2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
[RT #17088]
2230. [bug] We could INSIST reading a corrupted journal.
[RT #17132]
2229. [bug] Null pointer dereference on query pool creation
failure. [RT #17133]
2228. [contrib] contrib: Change 2188 was incomplete.
2227. [cleanup] Tidied up the FAQ. [RT #17121]
2226. [placeholder]
2225. [bug] More support for systems with no IPv4 addresses.
[RT #17111]
2224. [bug] Defer journal compaction if a xfrin is in progress.
[RT #17119]
2223. [bug] Make a new journal when compacting. [RT #17119]
2222. [func] named-checkconf now checks server key references.
[RT #17097]
2221. [bug] Set the event result code to reflect the actual
record turned to caller when a cache update is
rejected due to a more credible answer existing.
[RT #17017]
2220. [bug] win32: Address a race condition in final shutdown of
the Windows socket code. [RT #17028]
2219. [bug] Apply zone consistency checks to additions, not
removals, when updating. [RT #17049]
2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
[RT #16976]
2217. [func] Adjust update log levels. [RT #17092]
2216. [cleanup] Fix a number of errors reported by Coverity.
[RT #17094]
2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
2214. [bug] Deregister OpenSSL lock callback when cleaning
up. Reorder OpenSSL cleanup so that RAND_cleanup()
is called before the locks are destroyed. [RT #17098]
2213. [bug] SIG0 diagnostic failure messages were looking at the
wrong status code. [RT #17101]
2212. [func] 'host -m' now causes memory statistics and active
memory to be printed at exit. [RT 17028]
2211. [func] Update "dynamic update temporarily disabled" message.
[RT #17065]
2210. [bug] Deleting class specific records via UPDATE could
fail. [RT #17074]
2209. [port] osx: linking against user supplied static OpenSSL
libraries failed as the system ones were still being
found. [RT #17078]
2208. [port] win32: make sure both build methods produce the
same output. [RT #17058]
2207. [port] Some implementations of getaddrinfo() fail to set
ai_canonname correctly. [RT #17061]
--- 9.5.0a6 released ---
2206. [security] "allow-query-cache" and "allow-recursion" now
cross inherit from each other.
If allow-query-cache is not set in named.conf then
allow-recursion is used if set, otherwise allow-query
is used if set, otherwise the default (localnets;
localhost;) is used.
If allow-recursion is not set in named.conf then
allow-query-cache is used if set, otherwise allow-query
is used if set, otherwise the default (localnets;
localhost;) is used.
[RT #16987]
2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
2204. [bug] "rndc flushname name unknown-view" caused named
to crash. [RT #16984]
2203. [security] Query id generation was cryptographically weak.
[RT # 16915]
2202. [security] The default acls for allow-query-cache and
allow-recursion were not being applied. [RT #16960]
2201. [bug] The build failed in a separate object directory.
[RT #16943]
2200. [bug] The search for cached NSEC records was stopping to
early leading to excessive DLV queries. [RT #16930]
2199. [bug] win32: don't call WSAStartup() while loading dlls.
[RT #16911]
2198. [bug] win32: RegCloseKey() could be called when
RegOpenKeyEx() failed. [RT #16911]
2197. [bug] Add INSIST to catch negative responses which are
not setting the event result code appropriately.
[RT #16909]
2196. [port] win32: yield processor while waiting for once to
to complete. [RT #16958]
2195. [func] dnssec-keygen now defaults to nametype "ZONE"
when generating DNSKEYs. [RT #16954]
2194. [bug] Close journal before calling 'done' in xfrin.c.
--- 9.5.0a5 released ---
2193. [port] win32: BINDInstall.exe is now linked statically.
[RT #16906]
2192. [port] win32: use vcredist_x86.exe to install Visual
Studio's redistributable dlls if building with
Visual Stdio 2005 or later.
2191. [func] named-checkzone now allows dumping to stdout (-).
named-checkconf now has -h for help.
named-checkzone now has -h for help.
rndc now has -h for help.
Better handling of '-?' for usage summaries.
[RT #16707]
2190. [func] Make fallback to plain DNS from EDNS due to timeouts
more visible. New logging category "edns-disabled".
[RT #16871]
2189. [bug] Handle socket() returning EINTR. [RT #15949]
2188. [contrib] queryperf: autoconf changes to make the search for
libresolv or libbind more robust. [RT #16299]
2187. [bug] query_addds(), query_addwildcardproof() and
query_addnxrrsetnsec() should take a version
argument. [RT #16368]
2186. [port] cygwin: libbind: check for struct sockaddr_storage
independently of IPv6. [RT #16482]
2185. [port] sunos: libbind: check for ssize_t, memmove() and
memchr(). [RT #16463]
2184. [bug] bind9.xsl.h didn't build out of the source tree.
[RT #16830]
2183. [bug] dnssec-signzone didn't handle offline private keys
well. [RT #16832]
2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
could return ISC_R_SUCCESS when they ran out of
memory. [RT #16365]
2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
2180. [cleanup] Remove bit test from 'compress_test' as they
are no longer needed. [RT #16497]
2179. [func] 'rndc command zone' will now find 'zone' if it is
unique to all the views. [RT #16821]
2178. [bug] 'rndc reload' of a slave or stub zone resulted in
a reference leak. [RT #16867]
2177. [bug] Array bounds overrun on read (rcodetext) at
debug level 10+. [RT #16798]
2176. [contrib] dbus update to handle race condition during
initialization (Bugzilla 235809). [RT #16842]
2175. [bug] win32: windows broadcast condition variable support
was broken. [RT #16592]
2174. [bug] I/O errors should always be fatal when reading
master files. [RT #16825]
2173. [port] win32: When compiling with MSVS 2005 SP1 we also
need to ship Microsoft.VC80.MFCLOC.
--- 9.5.0a4 released ---
2172. [bug] query_addsoa() was being called with a non zone db.
[RT #16834]
2171. [bug] Handle breaks in DNSSEC trust chains where the parent
servers are not DS aware (DS queries to the parent
return a referral to the child).
2170. [func] Add acache processing to test suite. [RT #16711]
2169. [bug] host, nslookup: when reporting NXDOMAIN report the
given name and not the last name searched for.
[RT #16763]
2168. [bug] nsupdate: in non-interactive mode treat syntax errors
as fatal errors. [RT #16785]
2167. [bug] When re-using a automatic zone named failed to
attach it to the new view. [RT #16786]
--- 9.5.0a3 released ---
2166. [bug] When running in batch mode, dig could misinterpret
a server address as a name to be looked up, causing
unexpected output. [RT #16743]
2165. [func] Allow the destination address of a query to determine
if we will answer the query or recurse.
allow-query-on, allow-recursion-on and
allow-query-cache-on. [RT #16291]
2164. [bug] The code to determine how named-checkzone /
named-compilezone was called failed under windows.
[RT #16764]
2163. [bug] If only one of query-source and query-source-v6
specified a port the query pools code broke (change
2129). [RT #16768]
2162. [func] Allow "rrset-order fixed" to be disabled at compile
time. [RT #16665]
2161. [bug] Fix which log messages are emitted for 'rndc flush'.
[RT #16698]
2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
from getifaddrs(). [RT #16708]
--- 9.5.0a2 released ---
2159. [bug] Array bounds overrun in acache processing. [RT #16710]
2158. [bug] ns_client_isself() failed to initialize key
leading to a REQUIRE failure. [RT #16688]
2157. [func] dns_db_transfernode() created. [RT #16685]
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
resolver.c:validated() and resolver.c:cache_name().
Fix a memory leak in rbtdb.c:free_noqname().
Make lookup.c:lookup_find() robust against
event leaks. [RT #16685]
2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com.
[RT #16694]
2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
matched in acls by omitting the scope. [RT #16599]
2153. [bug] nsupdate could leak memory. [RT #16691]
2152. [cleanup] Use sizeof(buf) instead of fixed number in
dighost.c:get_trusted_key(). [RT #16678]
2151. [bug] Missing newline in usage message for journalprint.
[RT #16679]
2150. [bug] 'rrset-order cyclic' uniformly distribute the
starting point for the first response for a given
RRset. [RT #16655]
2149. [bug] isc_mem_checkdestroyed() failed to abort on
if there were still active memory contexts.
[RT #16672]
2148. [func] Add positive logging for rndc commands. [RT #14623]
2147. [bug] libbind: remove potential buffer overflow from
hmac_link.c. [RT #16437]
2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
SO_BSDCOMPAT" message. [RT #16641]
2145. [bug] Check DS/DLV digest lengths for known digests.
[RT #16622]
2144. [cleanup] Suppress logging of SERVFAIL from forwarders.
[RT #16619]
2143. [bug] We failed to restart the IPv6 client when the
kernel failed to return the destination the
packet was sent to. [RT #16613]
2142. [bug] Handle master files with a modification time that
matches the epoch. [RT# 16612]
2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
equivalent of LDH checks). [RT #16609]
2140. [bug] libbind: missing unlock on pthread_key_create()
failures. [RT #16654]
2139. [bug] dns_view_find() was being called with wrong type
in adb.c. [RT #16670]
2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2137. [port] Mips little endian and/or mips 64 bit are now
supported for atomic operations. [RT#16648]
2136. [bug] nslookup/host looped if there was no search list
and the host didn't exist. [RT #16657]
2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
2134. [func] Additional statistics support. [RT #16666]
2133. [port] powerpc: Support both IBM and MacOS Power PC
assembler syntaxes. [RT #16647]
2132. [bug] Missing unlock on out of memory in
dns_dispatchmgr_setudp().
2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
2130. [func] Log if CD or DO were set. [RT #16640]
2129. [func] Provide a pool of UDP sockets for queries to be
made over. See use-queryport-pool, queryport-pool-ports
and queryport-pool-updateinterval. [RT #16415]
2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
2126. [security] Serialize validation of type ANY responses. [RT #16555]
2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ
was defined. [RT #16574]
2124. [security] It was possible to dereference a freed fetch
context. [RT #16584]
--- 9.5.0a1 released ---
2123. [func] Use Doxygen to generate internal documentation.
[RT #11398]
2122. [func] Experimental http server and statistics support
for named via xml.
2121. [func] Add a 10 slot dead masters cache (LRU) with a 600
second timeout. [RT #16553]
2120. [doc] Fix markup on nsupdate man page. [RT #16556]
2119. [compat] libbind: allow res_init() to succeed enough to
return the default domain even if it was unable
to allocate memory.
2118. [bug] Handle response with long chains of domain name
compression pointers which point to other compression
pointers. [RT #16427]
2117. [bug] DNSSEC fixes: named could fail to cache NSEC records
which could lead to validation failures. named didn't
handle negative DS responses that were in the process
of being validated. Check CNAME bit before accepting
NODATA proof. To be able to ignore a child NSEC there
must be SOA (and NS) set in the bitmap. [RT #16399]
2116. [bug] 'rndc reload' could cause the cache to continually
be cleaned. [RT #16401]
2115. [bug] 'rndc reconfig' could trigger a INSIST if the
number of masters for a zone was reduced. [RT #16444]
2114. [bug] dig/host/nslookup: searches for names with multiple
labels were failing. [RT #16447]
2113. [bug] nsupdate: if a zone is specified it should be used
for server discover. [RT# 16455]
2112. [security] Warn if weak RSA exponent is used. [RT #16460]
2111. [bug] Fix a number of errors reported by Coverity.
[RT #16507]
2110. [bug] "minimal-responses yes;" interacted badly with BIND 8
priming queries. [RT #16491]
2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
2108. [func] DHCID support. [RT #16456]
2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
2106. [func] 'rndc status' now reports named's version. [RT #16426]
2105. [func] GSS-TSIG support (RFC 3645).
2104. [port] Fix Solaris SMF error message.
2103. [port] Add /usr/sfw to list of locations for OpenSSL
under Solaris.
2102. [port] Silence Solaris 10 warnings.
2101. [bug] OpenSSL version checks were not quite right.
[RT #16476]
2100. [port] win32: copy libeay32.dll to Build\Debug.
Copy Debug\named-checkzone to Debug\named-compilezone.
2099. [port] win32: more manifest issues.
2098. [bug] Race in rbtdb.c:no_references(), which occasionally
triggered an INSIST failure about the node lock
reference. [RT #16411]
2097. [bug] named could reference a destroyed memory context
after being reloaded / reconfigured. [RT #16428]
2096. [bug] libbind: handle applications that fail to detect
res_init() failures better.
2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
net_cidr_ntop_ipv6(). [RT #16388]
2094. [contrib] Update named-bootconf. [RT# 16404]
2093. [bug] named-checkzone -s was broken.
2092. [bug] win32: dig, host, nslookup. Use registry config
if resolv.conf does not exist or no nameservers
listed. [RT #15877]
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
2090. [port] win32: Visual C++ 2005 command line manifest support.
[RT #16417]
2089. [security] Raise the minimum safe OpenSSL versions to
OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
prior to these have known security flaws which
are (potentially) exploitable in named. [RT #16391]
2088. [security] Change the default RSA exponent from 3 to 65537.
[RT #16391]
2087. [port] libisc failed to compile on OS's w/o a vsnprintf.
[RT #16382]
2086. [port] libbind: FreeBSD now has get*by*_r() functions.
[RT #16403]
2085. [doc] win32: added index.html and README to zip. [RT #16201]
2084. [contrib] dbus update for 9.3.3rc2.
2083. [port] win32: Visual C++ 2005 support.
2082. [doc] Document 'cache-file' as a test only option.
2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
[RT #16360]
2080. [port] libbind: res_init.c did not compile on older versions
of Solaris. [RT #16363]
2079. [bug] The lame cache was not handling multiple types
correctly. [RT #16361]
2078. [bug] dnssec-checkzone output style "default" was badly
named. It is now called "relative". [RT #16326]
2077. [bug] 'dnssec-signzone -O raw' wasn't outputting the
complete signed zone. [RT #16326]
2076. [bug] Several files were missing #include <config.h>
causing build failures on OSF. [RT #16341]
2075. [bug] The spillat timer event hander could leak memory.
[RT #16357]
2074. [bug] dns_request_createvia2(), dns_request_createvia3(),
dns_request_createraw2() and dns_request_createraw3()
failed to send multiple UDP requests. [RT #16349]
2073. [bug] Incorrect semantics check for update policy "wildcard".
[RT #16353]
2072. [bug] We were not generating valid HMAC SHA digests.
[RT #16320]
2071. [port] Test whether gcc accepts -fno-strict-aliasing.
[RT #16324]
2070. [bug] The remote address was not always displayed when
reporting dispatch failures. [RT #16315]
2069. [bug] Cross compiling was not working. [RT #16330]
2068. [cleanup] Lower incremental tuning message to debug 1.
[RT #16319]
2067. [bug] 'rndc' could close the socket too early triggering
a INSIST under Windows. [RT #16317]
2066. [security] Handle SIG queries gracefully. [RT #16300]
2065. [bug] libbind: probe for HPUX prototypes for
endprotoent_r() and endservent_r(). [RT 16313]
2064. [bug] libbind: silence AIX compiler warnings. [RT #16218]
2063. [bug] Change #1955 introduced a bug which caused the first
'rndc flush' call to not free memory. [RT #16244]
2062. [bug] 'dig +nssearch' was reusing a buffer before it had
been returned by the socket code. [RT #16307]
2061. [bug] Accept expired wildcard message reversed. [RT #16296]
2060. [bug] Enabling DLZ support could leave views partially
configured. [RT #16295]
2059. [bug] Search into cache rbtdb could trigger an INSIST
failure while cleaning up a stale rdataset.
[RT #16292]
2058. [bug] Adjust how we calculate rtt estimates in the presence
of authoritative servers that drop EDNS and/or CD
requests. Also fallback to EDNS/512 and plain DNS
faster for zones with less than 3 servers. [RT #16187]
2057. [bug] Make setting "ra" dependent on both allow-query-cache
and allow-recursion. [RT #16290]
2056. [bug] dig: ixfr= was not being treated case insensitively
at all times. [RT #15955]
2055. [bug] Missing goto after dropping multicast query.
[RT #15944]
2054. [port] freebsd: do not explicitly link against -lpthread.
[RT #16170]
2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220]
2052. [bug] 'rndc' improve connect failed message to report
the failing address. [RT #15978]
2051. [port] More strtol() fixes. [RT #16249]
2050. [bug] Parsing of NSAP records was not case insensitive.
[RT #16287]
2049. [bug] Restore SOA before AXFR when falling back from
a attempted IXFR when transferring in a zone.
Allow a initial SOA query before attempting
a AXFR to be requested. [RT #16156]
2048. [bug] It was possible to loop forever when using
avoid-v4-udp-ports / avoid-v6-udp-ports when
the OS always returned the same local port.
[RT #16182]
2047. [bug] Failed to initialize the interface flags to zero.
[RT #16245]
2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
cleanup [RT #16247].
2045. [func] Use lock buckets for acache entries to limit memory
consumption. [RT #16183]
2044. [port] Add support for atomic operations for Itanium.
[RT #16179]
2043. [port] nsupdate/nslookup: Force the flushing of the prompt
for interactive sessions. [RT#16148]
2042. [bug] named-checkconf was incorrectly rejecting the
logging category "config". [RT #16117]
2041. [bug] "configure --with-dlz-bdb=yes" produced a bad
set of libraries to be linked. [RT #16129]
2040. [bug] rbtdb no_references() could trigger an INSIST
failure with --enable-atomic. [RT #16022]
2039. [func] Check that all buffers passed to the socket code
have been retrieved when the socket event is freed.
[RT #16122]
2038. [bug] dig/nslookup/host was unlinking from wrong list
when handling errors. [RT #16122]
2037. [func] When unlinking the first or last element in a list
check that the list head points to the element to
be unlinked. [RT #15959]
2036. [bug] 'rndc recursing' could cause trigger a REQUIRE.
[RT #16075]
2035. [func] Make falling back to TCP on UDP refresh failure
optional. Default "try-tcp-refresh yes;" for BIND 8
compatibility. [RT #16123]
2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
2033. [bug] We weren't creating multiple client memory contexts
on demand as expected. [RT #16095]
2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074]
2031. [bug] Emit a error message when "rndc refresh" is called on
a non slave/stub zone. [RT # 16073]
2030. [bug] We were being overly conservative when disabling
openssl engine support. [RT #16030]
2029. [bug] host printed out the server multiple times when
specified on the command line. [RT #15992]
2028. [port] linux: socket.c compatibility for old systems.
[RT #16015]
2027. [port] libbind: Solaris x86 support. [RT #16020]
2026. [bug] Rate limit the two recursive client exceeded messages.
[RT #16044]
2025. [func] Update "zone serial unchanged" message. [RT #16026]
2024. [bug] named emitted spurious "zone serial unchanged"
messages on reload. [RT #16027]
2023. [bug] "make install" should create ${localstatedir}/run and
${sysconfdir} if they do not exist. [RT #16033]
2022. [bug] If dnssec validation is disabled only assert CD if
CD was requested. [RT #16037]
2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037]
2020. [bug] rdataset_setadditional() could leak memory. [RT #16034]
2019. [tuning] Reduce the amount of work performed per quantum
when cleaning the cache. [RT #15986]
2018. [bug] Checking if the HMAC MD5 private file was broken.
[RT #15960]
2017. [bug] allow-query default was not correct. [RT #15946]
2016. [bug] Return a partial answer if recursion is not
allowed but requested and we had the answer
to the original qname. [RT #15945]
2015. [cleanup] use-additional-cache is now acache-enable for
consistency. Default acache-enable off in BIND 9.4
as it requires memory usage to be configured.
It may be enabled by default in BIND 9.5 once we
have more experience with it.
2014. [func] Statistics about acache now recorded and sent
to log. [RT #15976]
2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
responses more gracefully. [RT #15941]
2012. [func] Don't insert new acache entries if acache is full.
[RT #15970]
2011. [func] dnssec-signzone can now update the SOA record of
the signed zone, either as an increment or as the
system time(). [RT #15633]
2010. [placeholder] rt15958
2009. [bug] libbind: Coverity fixes. [RT #15808]
2008. [func] It is now possible to enable/disable DNSSEC
validation from rndc. This is useful for the
mobile hosts where the current connection point
breaks DNSSEC (firewall/proxy). [RT #15592]
rndc validation newstate [view]
2007. [func] It is now possible to explicitly enable DNSSEC
validation. default dnssec-validation no; to
be changed to yes in 9.5.0. [RT #15674]
2006. [security] Allow-query-cache and allow-recursion now default
to the built in acls "localnets" and "localhost".
This is being done to make caching servers less
attractive as reflective amplifying targets for
spoofed traffic. This still leave authoritative
servers exposed.
The best fix is for full BCP 38 deployment to
remove spoofed traffic.
2005. [bug] libbind: Retransmission timeouts should be
based on which attempt it is to the nameserver
and not the nameserver itself. [RT #13548]
2004. [bug] dns_tsig_sign() could pass a NULL pointer to
dst_context_destroy() when cleaning up after a
error. [RT #15835]
2003. [bug] libbind: The DNS name/address lookup functions could
occasionally follow a random pointer due to
structures not being completely zeroed. [RT #15806]
2002. [bug] libbind: tighten the constraints on when
struct addrinfo._ai_pad exists. [RT #15783]
2001. [func] Check the KSK flag when updating a secure dynamic zone.
New zone option "update-check-ksk yes;". [RT #15817]
2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812]
1999. [func] Implement "rrset-order fixed". [RT #13662]
1998. [bug] Restrict handling of fifos as sockets to just SunOS.
This allows named to connect to entropy gathering
daemons that use fifos instead of sockets. [RT #15840]
1997. [bug] Named was failing to replace negative cache entries
when a positive one for the type was learnt.
[RT #15818]
1996. [bug] nsupdate: if a zone has been specified it should
appear in the output of 'show'. [RT #15797]
1995. [bug] 'host' was reporting multiple "is an alias" messages.
[RT #15702]
1994. [port] OpenSSL 0.9.8 support. [RT #15694]
1993. [bug] Log messages, via syslog, were missing the space
after the timestamp if "print-time yes" was specified.
[RT #15844]
1992. [bug] Not all incoming zone transfer messages included the
view. [RT #15825]
1991. [cleanup] The configuration data, once read, should be treated
as read only. Expand the use of const to enforce this
at compile time. [RT #15813]
1990. [bug] libbind: isc's override of broken gettimeofday()
implementations was not always effective.
[RT #15709]
1989. [bug] win32: don't check the service password when
re-installing. [RT #15882]
1988. [bug] Remove a bus error from the SHA256/SHA512 support.
[RT #15878]
1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
1986. [func] Report when a zone is removed. [RT #15849]
1985. [protocol] DLV has now been assigned a official type code of
32769. [RT #15807]
Note: care should be taken to ensure you upgrade
both named and dnssec-signzone at the same time for
zones with DLV records where named is the master
server for the zone. Also any zones that contain
DLV records should be removed when upgrading a slave
zone. You do not however have to upgrade all
servers for a zone with DLV records simultaneously.
1984. [func] dig, nslookup and host now advertise a 4096 byte
EDNS UDP buffer size by default. [RT #15855]
1983. [func] Two new update policies. "selfsub" and "selfwild".
[RT #12895]
1982. [bug] DNSKEY was being accepted on the parent side of
a delegation. KEY is still accepted there for
RFC 3007 validated updates. [RT #15620]
1981. [bug] win32: condition.c:wait() could fail to reattain
the mutex lock.
1980. [func] dnssec-signzone: output the SOA record as the
first record in the signed zone. [RT #15758]
1979. [port] linux: allow named to drop core after changing
user ids. [RT #15753]
1978. [port] Handle systems which have a broken recvmsg().
[RT #15742]
1977. [bug] Silence noisy log message. [RT #15704]
1976. [bug] Handle systems with no IPv4 addresses. [RT #15695]
1975. [bug] libbind: isc_gethexstring() could misparse multi-line
hex strings with comments. [RT #15814]
1974. [doc] List each of the zone types and associated zone
options separately in the ARM.
1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
HMACSHA512 support. [RT #13606]
1972. [contrib] DBUS dynamic forwarders integration from
Jason Vas Dias <jvdias@redhat.com>.
1971. [port] linux: make detection of missing IF_NAMESIZE more
robust. [RT #15443]
1970. [bug] nsupdate: adjust UDP timeout when falling back to
unsigned SOA query. [RT #15775]
1969. [bug] win32: the socket code was freeing the socket
structure too early. [RT #15776]
1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
1966. [bug] Don't set CD when we have fallen back to plain DNS.
[RT #15727]
1965. [func] Suppress spurious "recursion requested but not
available" warning with 'dig +qr'. [RT #15780].
1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
1963. [port] Tru64 4.0E doesn't support send() and recv().
[RT #15586]
1962. [bug] Named failed to clear old update-policy when it
was removed. [RT #15491]
1961. [bug] Check the port and address of responses forwarded
to dispatch. [RT #15474]
1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
[RT #15465]
1959. [func] Control the zeroing of the negative response TTL to
a soa query. Defaults "zero-no-soa-ttl yes;" and
"zero-no-soa-ttl-cache no;". [RT #15460]
1958. [bug] Named failed to update the zone's secure state
until the zone was reloaded. [RT #15412]
1957. [bug] Dig mishandled responses to class ANY queries.
[RT #15402]
1956. [bug] Improve cross compile support, 'gen' is now built
by native compiler. See README for additional
cross compile support information. [RT #15148]
1955. [bug] Pre-allocate the cache cleaning iterator. [RT #14998]
1954. [func] Named now falls back to advertising EDNS with a
512 byte receive buffer if the initial EDNS queries
fail. [RT #14852]
1953. [func] The maximum EDNS UDP response named will send can
now be set in named.conf (max-udp-size). This is
independent of the advertised receive buffer
(edns-udp-size). [RT #14852]
1952. [port] hpux: tell the linker to build a runtime link
path "-Wl,+b:". [RT #14816].
1951. [security] Drop queries from particular well known ports.
Don't return FORMERR to queries from particular
well known ports. [RT #15636]
1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
a TCP socket. This prevents the source address being
set for TCP connections. [RT #15628]
1949. [func] Addition memory leakage checks. [RT #15544]
1948. [bug] If was possible to trigger a REQUIRE failure in
xfrin.c:maybe_free() if named ran out of memory.
[RT #15568]
1947. [func] It is now possible to configure named to accept
expired RRSIGs. Default "dnssec-accept-expired no;".
Setting "dnssec-accept-expired yes;" leaves named
vulnerable to replay attacks. [RT #14685]
1946. [bug] resume_dslookup() could trigger a REQUIRE failure
when using forwarders. [RT #15549]
1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
To generate a RSAMD5 key you must explicitly request
RSAMD5. [RT #13780]
1944. [cleanup] isc_hash_create() does not need a read/write lock.
[RT #15522]
1943. [bug] Set the loadtime after rolling forward the journal.
[RT #15647]
1942. [bug] If the name of a DNSKEY match that of one in
trusted-keys do not attempt to validate the DNSKEY
using the parents DS RRset. [RT #15649]
1941. [bug] ncache_adderesult() should set eresult even if no
rdataset is passed to it. [RT #15642]
1940. [bug] Fixed a number of error conditions reported by
Coverity.
1939. [bug] The resolver could dereference a null pointer after
validation if all the queries have timed out.
[RT #15528]
1938. [bug] The validator was not correctly handling unsecure
negative responses at or below a SEP. [RT #15528]
1937. [bug] sdlz doesn't handle RRSIG records. [RT #15564]
1936. [bug] The validator could leak memory. [RT #15544]
1935. [bug] 'acache' was DO sensitive. [RT #15430]
1934. [func] Validate pending NS RRsets, in the authority section,
prior to returning them if it can be done without
requiring DNSKEYs to be fetched. [RT #15430]
1933. [bug] dump_rdataset_raw() had a incorrect INSIST. [RT #15534]
1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
1931. [bug] Per-client mctx could require a huge amount of memory,
particularly for a busy caching server. [RT #15519]
1930. [port] HPUX: ia64 support. [RT #15473]
1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
1927. [bug] Access to soanode or nsnode in rbtdb violated the
lock order rule and could cause a dead lock.
[RT# 15518]
1926. [bug] The Windows installer did not check for empty
passwords. BINDinstall was being installed in
the wrong place. [RT #15483]
1925. [port] All outer level AC_TRY_RUNs need cross compiling
defaults. [RT #15469]
1924. [port] libbind: hpux ia64 support. [RT #15473]
1923. [bug] ns_client_detach() called too early. [RT #15499]
1922. [bug] check-tool.c:setup_logging() missing call to
dns_log_setcontext().
1921. [bug] Client memory contexts were not using internal
malloc. [RT# 15434]
1920. [bug] The cache rbtdb lock array was too small to
have the desired performance characteristics.
[RT #15454]
1919. [contrib] queryperf: a set of new features: collecting/printing
response delays, printing intermediate results, and
adjusting query rate for the "target" qps.
1918. [bug] Memory leak when checking acls. [RT #15391]
1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
when generating man pages. [RT #15385]
1916. [func] Integrate contributed IDN code from JPNIC. [RT #15383]
1915. [bug] dig +ndots was broken. [RT #15215]
1914. [protocol] DS is required to accept mnemonic algorithms
(RFC 4034). Still emit numeric algorithms for
compatibility with RFC 3658. [RT #15354]
1913. [func] Integrate contributed DLZ code into named. [RT #11382]
1912. [port] aix: atomic locking for powerpc. [RT #15020]
1911. [bug] Update windows socket code. [RT #14965]
1910. [bug] dig's +sigchase code overhauled. [RT #14933]
1909. [bug] The DLV code has been re-worked to make no longer
query order sensitive. [RT #14933]
1908. [func] dig now warns if 'RA' is not set in the answer when
'RD' was set in the query. host/nslookup skip servers
that fail to set 'RA' when 'RD' is set unless a server
is explicitly set. [RT #15005]
1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
[RT #15006]
1906. [func] dig now has a '-q queryname' and '+showsearch' options.
[RT #15034]
1905. [bug] Strings returned from cfg_obj_asstring() should be
treated as read-only. The prototype for
cfg_obj_asstring() has been updated to reflect this.
[RT #15256]
1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
friends. Note: RFC 1918 zones are not yet covered by
this but are likely to be in a future release.
New options: empty-server, empty-contact,
empty-zones-enable and disable-empty-zone.
1903. [func] ISC string copy API.
1902. [func] Attempt to make the amount of work performed in a
iteration self tuning. The covers nodes clean from
the cache per iteration, nodes written to disk when
rewriting a master file and nodes destroyed per
iteration when destroying a zone or a cache.
[RT #14996]
1901. [cleanup] Don't add DNSKEY records to the additional section.
1900. [bug] ixfr-from-differences failed to ensure that the
serial number increased. [RT #15036]
1899. [func] named-checkconf now validates update-policy entries.
[RT #14963]
1898. [bug] Extend ISC_SOCKADDR_FORMATSIZE and
ISC_NETADDR_FORMATSIZE to allow for scope details.
1897. [func] x86 and x86_64 now have separate atomic locking
implementations.
1896. [bug] Recursive clients soft quota support wasn't working
as expected. [RT #15103]
1895. [bug] A escaped character is, potentially, converted to
the output character set too early. [RT #14666]
1894. [doc] Review ARM for BIND 9.4.
1893. [port] Use uintptr_t if available. [RT #14606]
1892. [func] Support for SPF rdata type. [RT #15033]
1891. [port] freebsd: pthread_mutex_init can fail if it runs out
of memory. [RT #14995]
1890. [func] Raise the UDP receive buffer size to 32k if it is
less than 32k. [RT #14953]
1889. [port] sunos: non blocking i/o support. [RT #14951]
1888. [func] Support for IPSECKEY rdata type. [RT #14967]
1887. [bug] The cache could delete expired records too fast for
clients with a virtual time in the past. [RT #14991]
1886. [bug] fctx_create() could return success even though it
failed. [RT #14993]
1885. [func] dig: report the number of extra bytes still left in
the packet after processing all the records.
1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>.
1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug
levels. [RT #14962]
1882. [func] Limit the number of recursive clients that can be
waiting for a single query (<qname,qtype,qclass>) to
resolve. New options clients-per-query and
max-clients-per-query.
1881. [func] Add a system test for named-checkconf. [RT #14931]
1880. [func] The lame cache is now done on a <qname,qclass,qtype>
basis as some servers only appear to be lame for
certain query types. [RT #14916]
1879. [func] "USE INTERNAL MALLOC" is now runtime selectable.
[RT #14892]
1878. [func] Detect duplicates of UDP queries we are recursing on
and drop them. New stats category "duplicate".
[RT #2471]
1877. [bug] Fix unreasonably low quantum on call to
dns_rbt_destroy2(). Remove unnecessary unhash_node()
call. [RT #14919]
1876. [func] Additional memory debugging support to track size
and mctx arguments. [RT #14814]
1875. [bug] process_dhtkey() was using the wrong memory context
to free some memory. [RT #14890]
1874. [port] sunos: portability fixes. [RT #14814]
1873. [port] win32: isc__errno2result() now reports its caller.
[RT #13753]
1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
1871. [placeholder]
1870. [func] Added framework for handling multiple EDNS versions.
[RT #14873]
1869. [func] dig can now specify the EDNS version when making
a query. [RT #14873]
1868. [func] edns-udp-size can now be overridden on a per
server basis. [RT #14851]
1867. [bug] It was possible to trigger a INSIST in
dlv_validatezonekey(). [RT #14846]
1866. [bug] resolv.conf parse errors were being ignored by
dig/host/nslookup. [RT #14841]
1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
bad addresses. [RT #14841]
1864. [bug] Don't try the alternative transfer source if you
got a answer / transfer with the main source
address. [RT #14802]
1863. [bug] rrset-order "fixed" error messages not complete.
1862. [func] Add additional zone data constancy checks.
named-checkzone has extended checking of NS, MX and
SRV record and the hosts they reference.
named has extended post zone load checks.
New zone options: check-mx and integrity-check.
[RT #4940]
1861. [bug] dig could trigger a INSIST on certain malformed
responses. [RT #14801]
1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
incorrectly set. [RT #14775]
1859. [func] Add support for CH A record. [RT #14695]
1858. [bug] The flush-zones-on-shutdown option wasn't being
parsed. [RT #14686]
1857. [bug] named could trigger a INSIST() if reconfigured /
reloaded too fast. [RT #14673]
1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
[RT #11398]
1855. [bug] ixfr-from-differences was failing to detect changes
of ttl due to dns_diff_subtract() was ignoring the ttl
of records. [RT #14616]
1854. [bug] lwres also needs to know the print format for
(long long). [RT #13754]
1853. [bug] Rework how DLV interacts with proveunsecure().
[RT #13605]
1852. [cleanup] Remove last vestiges of dnssec-signkey and
dnssec-makekeyset (removed from Makefile years ago).
1851. [doc] Doxygen comment markup. [RT #11398]
1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
1849. [doc] All forms of the man pages (docbook, man, html) should
have consistent copyright dates.
1848. [bug] Improve SMF integration. [RT #13238]
1847. [bug] isc_ondestroy_init() is called too late in
dns_rbtdb_create()/dns_rbtdb64_create().
[RT #13661]
1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
<bortzmeyer@nic.fr>.
1845. [bug] Improve error reporting to distinguish between
accept()/fcntl() and socket()/fcntl() errors.
[RT #13745]
1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
for each 16 bit piece of the IPv6 address. The text
representation of a IPv6 address has been tightened
to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
[RT #5662]
1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps
when CFLAGS contains "-I /usr/local/include"
resulting in old header files being used.
1842. [port] cmsg_len() could produce incorrect results on
some platform. [RT #13744]
1841. [bug] "dig +nssearch" now makes a recursive query to
find the list of nameservers to query. [RT #13694]
1840. [func] dnssec-signzone can now randomize signature end times
(dnssec-signzone -j jitter). [RT #13609]
1839. [bug] <isc/hash.h> was not being installed.
1838. [cleanup] Don't allow Linux capabilities to be inherited.
[RT #13707]
1837. [bug] Compile time option ISC_FACILITY was not effective
for 'named -u <user>'. [RT #13714]
1836. [cleanup] Silence compiler warnings in hash_test.c.
1835. [bug] Update dnssec-signzone's usage message. [RT #13657]
1834. [bug] Bad memset in rdata_test.c. [RT #13658]
1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660]
1832. [bug] named fails to return BADKEY on unknown TSIG algorithm.
[RT #13620]
1831. [doc] Update named-checkzone documentation. [RT#13604]
1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
1829. [bug] win32: "pid-file none;" broken. [RT #13563]
1828. [bug] isc_rwlock_init() failed to properly cleanup if it
encountered a error. [RT #13549]
1827. [bug] host: update usage message for '-a'. [RT #37116]
1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out
of memory error. [RT #13537]
1825. [bug] Missing UNLOCK() on out of memory error from in
rbtdb.c:subtractrdataset(). [RT #13519]
1824. [bug] Memory leak on dns_zone_setdbtype() failure.
[RT #13510]
1823. [bug] Wrong macro used to check for point to point interface.
[RT#13418]
1822. [bug] check-names test for RT was reversed. [RT #13382]
1821. [placeholder]
1820. [bug] Gracefully handle acl loops. [RT #13659]
1819. [bug] The validator needed to check both the algorithm and
digest types of the DS to determine if it could be
used to introduce a secure zone. [RT #13593]
1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599]
1817. [func] Add support for additional zone file formats for
improving loading performance. The masterfile-format
option in named.conf can be used to specify a
non-default format. A separate command
named-compilezone was provided to generate zone files
in the new format. Additionally, the -I and -O options
for dnssec-signzone specify the input and output
formats.
1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
[RT #13597]
1815. [bug] nsupdate triggered a REQUIRE if the server was set
without also setting the zone and it encountered
a CNAME and was using TSIG. [RT #13086]
1814. [func] UNIX domain controls are now supported.
1813. [func] Restructured the data locking framework using
architecture dependent atomic operations (when
available), improving response performance on
multi-processor machines significantly.
x86, x86_64, alpha, powerpc, and mips are currently
supported.
1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
[RT #13453]
1811. [func] Preserve the case of domain names in rdata during
zone transfers. [RT #13547]
1810. [bug] configure, lib/bind/configure make different default
decisions about whether to do a threaded build.
[RT #13212]
1809. [bug] "make distclean" failed for libbind if the platform
is not supported.
1808. [bug] zone.c:notify_zone() contained a race condition,
zone->db could change underneath it. [RT #13511]
1807. [bug] When forwarding (forward only) set the active domain
from the forward zone name. [RT #13526]
1806. [bug] The resolver returned the wrong result when a CNAME /
DNAME was encountered when fetching glue from a
secure namespace. [RT #13501]
1805. [bug] Pending status was not being cleared when DLV was
active. [RT #13501]
1804. [bug] Ensure that if we are queried for glue that it fits
in the additional section or TC is set to tell the
client to retry using TCP. [RT #10114]
1803. [bug] dnssec-signzone sometimes failed to remove old
RRSIGs. [RT #13483]
1802. [bug] Handle connection resets better. [RT #11280]
1801. [func] Report differences between hints and real NS rrset
and associated address records.
1800. [bug] Changes #1719 allowed a INSIST to be triggered.
[RT #13428]
1799. [bug] 'rndc flushname' failed to flush negative cache
entries. [RT #13438]
1798. [func] The server syntax has been extended to support a
range of servers. [RT #11132]
1797. [func] named-checkconf now check acls to verify that they
only refer to existing acls. [RT #13101]
1796. [func] "rndc freeze/thaw" now freezes/thaws all zones.
1795. [bug] "rndc dumpdb" was not fully documented. Minor
formating issues with "rndc dumpdb -all". [RT #13396]
1794. [func] Named and named-checkzone can now both check for
non-terminal wildcard records.
1793. [func] Extend adjusting TTL warning messages. [RT #13378]
1792. [func] New zone option "notify-delay". Specify a minimum
delay between sets of NOTIFY messages.
1791. [bug] 'host -t a' still printed out AAAA and MX records.
[RT #13230]
1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
allow parallel make to succeed.
1789. [bug] Prerequisite test for tkey and dnssec could fail
with "configure --with-libtool".
1788. [bug] libbind9.la/libbind9.so needs to link against
libisccfg.la/libisccfg.so.
1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.
1786. [port] AIX: libt_api needs to be taught to look for
T_testlist in the main executable (--with-libtool).
[RT #13239]
1785. [bug] libbind9.la/libbind9.so needs to link against
libisc.la/libisc.so.
1784. [cleanup] "libtool -allow-undefined" is the default.
Leave hooks in configure to allow it to be set
if needed in the future.
1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the
source tree.
1782. [port] OSX: --with-libtool + --enable-libbind broke on
__evOptMonoTime. [RT #13219]
1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
1780. [bug] Update libtool to 1.5.10.
1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
IN6ADDR_LOOPBACK_INIT macros.
1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
IN6ADDR_LOOPBACK_INIT macros.
1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
IN6ADDR_LOOPBACK_INIT macros.
1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
1774. [port] Aix: Silence compiler warnings / build failures.
[RT #13154]
1773. [bug] Fast retry on host / net unreachable. [RT #13153]
1772. [placeholder]
1771. [placeholder]
1770. [bug] named-checkconf failed to report missing a missing
file clause for rbt{64} master/hint zones. [RT#13009]
1769. [port] win32: change compiler flags /MTd ==> /MDd,
/MT ==> /MD.
1768. [bug] nsecnoexistnodata() could be called with a non-NSEC
rdataset. [RT #12907]
1767. [port] Builds on IPv6 platforms without IPv6 Advanced API
support for (struct in6_pktinfo) failed. [RT #13077]
1766. [bug] Update the master file timestamp on successful refresh
as well as the journal's timestamp. [RT# 13062]
1765. [bug] configure --with-openssl=auto failed. [RT #12937]
1764. [bug] dns_zone_replacedb failed to emit a error message
if there was no SOA record in the replacement db.
[RT #13016]
1763. [func] Perform sanity checks on NS records which refer to
'in zone' names. [RT #13002]
1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS
even when it failed. [RT #12995]
1761. [bug] 'rndc dumpdb' didn't report unassociated entries.
[RT #12971]
1760. [bug] Host / net unreachable was not penalising rtt
estimates. [RT #12970]
1759. [bug] Named failed to startup if the OS supported IPv6
but had no IPv6 interfaces configured. [RT #12942]
1758. [func] Don't send notify messages to self. [RT #12933]
1757. [func] host now can turn on memory debugging flags with '-m'.
1756. [func] named-checkconf now checks the logging configuration.
[RT #12352]
1755. [func] allow-update is now settable at the options / view
level. [RT #6636]
1754. [bug] We weren't always attempting to query the parent
server for the DS records at the zone cut.
[RT #12774]
1753. [bug] Don't serve a slave zone which has no NS records.
[RT #12894]
1752. [port] Move isc_app_start() to after ns_os_daemonise()
as some fork() implementations unblock the signals
that are blocked by isc_app_start(). [RT #12810]
1751. [bug] --enable-getifaddrs failed under linux. [RT #12867]
1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
[RT #12864]
1749. [bug] 'check-names response ignore;' failed to ignore.
[RT #12866]
1748. [func] dig now returns the byte count for axfr/ixfr.
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
1746. [func] Make public the function to read a key file,
dst_key_read_public(). [RT #12450]
1745. [bug] Dig/host/nslookup accept replies from link locals
regardless of scope if no scope was specified when
query was sent. [RT #12745]
1744. [bug] If tuple2msgname() failed to convert a tuple to
a name a REQUIRE could be triggered. [RT #12796]
1743. [bug] If isc_taskmgr_create() was not able to create the
requested number of worker threads then destruction
of the manager would trigger an INSIST() failure.
[RT #12790]
1742. [bug] Deleting all records at a node then adding a
previously existing record, in a single UPDATE
transaction, failed to leave / regenerate the
associated RRSIG records. [RT #12788]
1741. [bug] Deleting all records at a node in a secure zone
using a update-policy grant failed. [RT #12787]
1740. [bug] Replace rbt's hash algorithm as it performed badly
with certain zones. [RT #12729]
NOTE: a hash context now needs to be established
via isc_hash_create() if the application was not
already doing this.
1739. [bug] dns_rbt_deletetree() could incorrectly return
ISC_R_QUOTA. [RT #12695]
1738. [bug] Enable overrun checking by default. [RT #12695]
1737. [bug] named failed if more than 16 masters were specified.
[RT #12627]
1736. [bug] dst_key_fromnamedfile() could fail to read a
public key. [RT #12687]
1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
[RE #12688]
1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path.
[RT #12588]
1733. [bug] Return non-zero exit status on initial load failure.
[RT #12658]
1732. [bug] 'rrset-order name "*"' wasn't being applied to ".".
[RT #12467]
1731. [port] darwin: relax version test in ifconfig.sh.
[RT #12581]
1730. [port] Determine the length type used by the socket API.
[RT #12581]
1729. [func] Improve check-names error messages.
1728. [doc] Update check-names documentation.
1727. [bug] named-checkzone: check-names support didn't match
documentation.
1726. [port] aix5: add support for aix5.
1725. [port] linux: update error message on interaction of threads,
capabilities and setuid support (named -u). [RT #12541]
1724. [bug] Look for DNSKEY records with "dig +sigtrace".
[RT #12557]
1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
1722. [bug] Don't commit the journal on malformed ixfr streams.
[RT #12519]
1721. [bug] Error message from the journal processing were not
always identifying the relevant journal. [RT #12519]
1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1
negative response. [RT #12506]
1719. [bug] named was not correctly caching a RFC 2308 Type 1
negative response. [RT #12506]
1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative
responses when looking for the zone / master server.
[RT #12506]
1717. [port] solaris: ifconfig.sh did not support Solaris 10.
"ifconfig.sh down" didn't work for Solaris 9.
1716. [doc] named.conf(5) was being installed in the wrong
location. [RT# 12441]
1715. [func] 'dig +trace' now randomly selects the next servers
to try. Report if there is a bad delegation.
1714. [bug] dig/host/nslookup were only trying the first
address when a nameserver was specified by name.
[RT #12286]
1713. [port] linux: extend capset failure message to say:
please ensure that the capset kernel module is
loaded. see insmod(8)
1712. [bug] Missing FULLCHECK for "trusted-key" in dig.
1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'.
1710. [func] 'rndc notify zone [class [view]]' resend the NOTIFY
messages for the specified zone. [RT #9479]
1709. [port] solaris: add SMF support from Sun.
1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
for conformance to the name space convention. Binary
backward compatibility to the old function name is
provided. [RT #12376]
1707. [contrib] sdb/ldap updated to version 1.0-beta.
1706. [bug] 'rndc stop' failed to cause zones to be flushed
sometimes. [RT #12328]
1705. [func] Allow the journal's name to be changed via named.conf.
1704. [port] lwres needed a snprintf() implementation for
platforms without snprintf(). Add missing
"#include <isc/print.h>". [RT #12321]
1703. [bug] named would loop sending NOTIFY messages when it
failed to receive a response. [RT #12322]
1702. [bug] also-notify should not be applied to built in zones.
[RT #12323]
1701. [doc] A minimal named.conf man page.
1700. [func] nslookup is no longer to be treated as deprecated.
Remove "deprecated" warning message. Add man page.
1699. [bug] dnssec-signzone can generate "not exact" errors
when resigning. [RT #12281]
1698. [doc] Use reserved IPv6 documentation prefix.
1697. [bug] xxx-source{,-v6} was not effective when it
specified one of listening addresses and a
different port than the listening port. [RT #12257]
1696. [bug] dnssec-signzone failed to clean out nodes that
consisted of only NSEC and RRSIG records.
[RT #12154]
1695. [bug] DS records when forwarding require special handling.
[RT #12133]
1694. [bug] Report if the builtin views of "_default" / "_bind"
are defined in named.conf. [RT #12023]
1693. [bug] max-journal-size was not effective for master zones
with ixfr-from-differences set. [RT# 12024]
1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
/usr/lib. [RT #11971]
1691. [bug] sdb's attachversion was not complete. [RT #11990]
1690. [bug] Delay detaching view from the client until UPDATE
processing completes when shutting down. [RT #11714]
1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
contained gratuitous semicolons. [RT #11707]
1688. [bug] LDFLAGS was not supported.
1687. [bug] Race condition in dispatch. [RT #10272]
1686. [bug] Named sent a extraneous NOTIFY when it received a
redundant UPDATE request. [RT #11943]
1685. [bug] Change #1679 loop tests weren't quite right.
1684. [func] ixfr-from-differences now takes master and slave in
addition to yes and no at the options and view levels.
1683. [bug] dig +sigchase could leak memory. [RT #11445]
1682. [port] Update configure test for (long long) printf format.
[RT #5066]
1681. [bug] Only set SO_REUSEADDR when a port is specified in
isc_socket_bind(). [RT #11742]
1680. [func] rndc: the source address can now be specified.
1679. [bug] When there was a single nameserver with multiple
addresses for a zone not all addresses were tried.
[RT #11706]
1678. [bug] RRSIG should use TYPEXXXXX for unknown types.
1677. [bug] dig: +aaonly didn't work, +aaflag undocumented.
1676. [func] New option "allow-query-cache". This lets
allow-query be used to specify the default zone
access level rather than having to have every
zone override the global value. allow-query-cache
can be set at both the options and view levels.
If allow-query-cache is not set allow-query applies.
1675. [bug] named would sometimes add extra NSEC records to
the authority section.
1674. [port] linux: increase buffer size used to scan
/proc/net/if_inet6.
1673. [port] linux: issue a error messages if IPv6 interface
scans fails.
1672. [cleanup] Tests which only function in a threaded build
now return R:THREADONLY (rather than R:UNTESTED)
in a non-threaded build.
1671. [contrib] queryperf: add NAPTR to the list of known types.
1670. [func] Log UPDATE requests to slave zones without an acl as
"disabled" at debug level 3. [RT# 11657]
1669. [placeholder]
1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
1667. [port] linux: not all versions have IF_NAMESIZE.
1666. [bug] The optional port on hostnames in dual-stack-servers
was being ignored.
1665. [func] rndc now allows addresses to be set in the
server clauses.
1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.
1663. [func] Look for OpenSSL by default.
1662. [bug] Change #1658 failed to change one use of 'type'
to 'keytype'.
1661. [bug] Restore dns_name_concatenate() call in
adb.c:set_target(). [RT #11582]
1660. [bug] win32: connection_reset_fix() was being called
unconditionally. [RT #11595]
1659. [cleanup] Cleanup some messages that were referring to KEY vs
DNSKEY, NXT vs NSEC and SIG vs RRSIG.
1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
and DH. Tighten which options apply to KEY and
DNSKEY records.
1657. [doc] ARM: document query log output.
1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
DNSKEY and RRSIG. [RT #11542]
1655. [bug] Logging multiple versions w/o a size was broken.
[RT #11446]
1654. [bug] isc_result_totext() contained array bounds read
error.
1653. [func] Add key type checking to dst_key_fromfilename(),
DST_TYPE_KEY should be used to read TSIG, TKEY and
SIG(0) keys.
1652. [bug] TKEY still uses KEY.
1651. [bug] dig: process multiple dash options.
1650. [bug] dig, nslookup: flush standard out after each command.
1649. [bug] Silence "unexpected non-minimal diff" message.
[RT #11206]
1648. [func] Update dnssec-lookaside named.conf syntax to support
multiple dnssec-lookaside namespaces (not yet
implemented).
1647. [bug] It was possible trigger a INSIST when chasing a DS
record that required walking back over a empty node.
[RT #11445]
1646. [bug] win32: logging file versions didn't work with
non-UNC filenames. [RT#11486]
1645. [bug] named could trigger a REQUIRE failure if multiple
masters with keys are specified.
1644. [bug] Update the journal modification time after a
successful refresh query. [RT #11436]
1643. [bug] dns_db_closeversion() could leak memory / node
references. [RT #11163]
1642. [port] Support OpenSSL implementations which don't have
DSA support. [RT #11360]
1641. [bug] Update the check-names description in ARM. [RT #11389]
1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
incorrectly closing the socket. [RT #11291]
1639. [func] Initial dlv system test.
1638. [bug] "ixfr-from-differences" could generate a REQUIRE
failure if the journal open failed. [RT #11347]
1637. [bug] Node reference leak on error in addnoqname().
1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
a error had occurred. The database version no longer
matched the version of the database that was dumped.
1635. [bug] Memory leak on error in query_addds().
1634. [bug] named didn't supply a useful error message when it
detected duplicate views. [RT #11208]
1633. [bug] named should return NOTIMP to update requests to a
slaves without a allow-update-forwarding acl specified.
[RT #11331]
1632. [bug] nsupdate failed to send prerequisite only UPDATE
messages. [RT #11288]
1631. [bug] dns_journal_compact() could sometimes corrupt the
journal. [RT #11124]
1630. [contrib] queryperf: add support for IPv6 transport.
1629. [func] dig now supports IPv6 scoped addresses with the
extended format in the local-server part. [RT #8753]
1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]
1627. [bug] win32: sockets were not being closed when the
last external reference was removed. [RT# 11179]
1626. [bug] --enable-getifaddrs was broken. [RT#11259]
1625. [bug] named failed to load/transfer RFC2535 signed zones
which contained CNAMES. [RT# 11237]
1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
1623. [bug] A serial number of zero was being displayed in the
"sending notifies" log message when also-notify was
used. [RT #11177]
1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
available, and suppress wildcard binding if not.
1621. [bug] match-destinations did not work for IPv6 TCP queries.
[RT# 11156]
1620. [func] When loading a zone report if it is signed. [RT #11149]
1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
[RT# 11118]
1618. [bug] Fencepost errors in dns_name_ishostname() and
dns_name_ismailbox() could trigger a INSIST().
1617. [port] win32: VC++ 6.0 support.
1616. [compat] Ensure that named's version is visible in the core
dump. [RT #11127]
1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
it is defined.
1614. [port] win32: silence resource limit messages. [RT# 11101]
1613. [bug] Builds would fail on machines w/o a if_nametoindex().
Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
[RT #11119]
1612. [bug] check-names at the option/view level could trigger
an INSIST. [RT# 11116]
1611. [bug] solaris: IPv6 interface scanning failed to cope with
no active IPv6 interfaces.
1610. [bug] On dual stack machines "dig -b" failed to set the
address type to be looked up with "@server".
[RT #11069]
1609. [func] dig now has support to chase DNSSEC signature chains.
Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.
DNSSEC validation code in dig coded by Olivier Courtay
(olivier.courtay@irisa.fr) for the IDsA project
(http://idsa.irisa.fr).
1608. [func] dig and host now accept -4/-6 to select IP transport
to use when making queries.
1607. [bug] dig, host and nslookup were still using random()
to generate query ids. [RT# 11013]
1606. [bug] DLV insecurity proof was failing.
1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
1604. [bug] A xfrout_ctx_create() failure would result in
xfrout_ctx_destroy() being called with a
partially initialized structure.
1603. [bug] nsupdate: set interactive based on isatty().
[RT# 10929]
1602. [bug] Logging to a file failed unless a size was specified.
[RT# 10925]
1601. [bug] Silence spurious warning 'both "recursion no;" and
"allow-recursion" active' warning from view "_bind".
[RT# 10920]
1600. [bug] Duplicate zone pre-load checks were not case
insensitive.
1599. [bug] Fix memory leak on error path when checking named.conf.
1598. [func] Specify that certain parts of the namespace must
be secure (dnssec-must-be-secure).
1597. [func] Allow notify-source and query-source to be specified
on a per server basis similar to transfer-source.
[RT #6496]
1596. [func] Accept 'notify-source' style syntax for query-source.
1595. [func] New notify type 'master-only'. Enable notify for
master zones only.
1594. [bug] 'rndc dumpdb' could prevent named from answering
queries while the dump was in progress. [RT #10565]
1593. [bug] rndc should return "unknown command" to unknown
commands. [RT# 10642]
1592. [bug] configure_view() could leak a dispatch. [RT# 10675]
1591. [bug] libbind: updated to BIND 8.4.5.
1590. [port] netbsd: update thread support.
1589. [func] DNSSEC lookaside validation.
1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
1587. [bug] dns_message_settsigkey() failed to clear existing key.
[RT #10590]
1586. [func] "check-names" is now implemented.
1585. [placeholder]
1584. [bug] "make test" failed with a read only source tree.
[RT #10461]
1583. [bug] Records add via UPDATE failed to get the correct trust
level. [RT #10452]
1582. [bug] rrset-order failed to work on RRsets with more
than 32 elements. [RT #10381]
1581. [func] Disable DNSSEC support by default. To enable
DNSSEC specify "dnssec-enable yes;" in named.conf.
1580. [bug] Zone destruction on final detach takes a long time.
[RT #3746]
1579. [bug] Multiple task managers could not be created.
1578. [bug] Don't use CLASS E IPv4 addresses when resolving.
[RT #10346]
1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug
workaround code. [RT #10331]
1576. [bug] Race condition in dns_dispatch_addresponse().
[RT# 10272]
1575. [func] Log TSIG name on TSIG verify failure. [RT #4404]
1574. [bug] Don't attempt to open the controls socket(s) when
running tests. [RT #9091]
1573. [port] linux: update to libtool 1.5.2 so that
"make install DESTDIR=/xx" works with
"configure --with-libtool". [RT #9941]
1572. [bug] nsupdate: sign the soa query to find the enclosing
zone if the server is specified. [RT #10148]
1571. [bug] rbt:hash_node() could fail leaving the hash table
in an inconsistent state. [RT #10208]
1570. [bug] nsupdate failed to handle classes other than IN.
New keyword 'class' which sets the default class.
[RT #10202]
1569. [func] nsupdate new command 'answer' which displays the
complete answer message to the last update.
1568. [bug] nsupdate now reports that the update failed in
interactive mode. [RT# 10236]
1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
1566. [port] Support for the cmsg framework on Solaris and HP/UX.
This also solved the problem that match-destinations
for IPv6 addresses did not work on these systems.
[RT #10221]
1565. [bug] CD flag should be copied to outgoing queries unless
the query is under a secure entry point in which case
CD should be set.
1564. [func] Attempt to provide a fallback entropy source to be
used if named is running chrooted and named is unable
to open entropy source within the chroot area.
[RT #10133]
1563. [bug] Gracefully fail when unable to obtain neither an IPv4
nor an IPv6 dispatch. [RT #10230]
1562. [bug] isc_socket_create() and isc_socket_accept() could
leak memory under error conditions. [RT #10230]
1561. [bug] It was possible to release the same name twice if
named ran out of memory. [RT #10197]
1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
and EAI_NONAME to the same value.
1559. [port] named should ignore SIGFSZ.
1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
child zones for which we don't have a supported
algorithm. Such child zones are treated as unsigned.
1557. [func] Implement missing DNSSEC tests for
* NOQNAME proof with wildcard answers.
* NOWILDARD proof with NXDOMAIN.
Cache and return NOQNAME with wildcard answers.
1556. [bug] nsupdate now treats all names as fully qualified.
[RT #6427]
1555. [func] 'rrset-order cyclic' no longer has a random starting
point per query. [RT #7572]
1554. [bug] dig, host, nslookup failed when no nameservers
were specified in /etc/resolv.conf. [RT #8232]
1553. [bug] The windows socket code could stop accepting
connections. [RT#10115]
1552. [bug] Accept NOTIFY requests from mapped masters if
matched-mapped is set. [RT #10049]
1551. [port] Open "/dev/null" before calling chroot().
1550. [port] Call tzset(), if available, before calling chroot().
1549. [func] named-checkzone can now write out the zone contents
in a easily parsable format (-D and -o).
1548. [bug] When parsing APL records it was possible to silently
accept out of range ADDRESSFAMILY values. [RT# 9979]
1547. [bug] Named wasted memory recording duplicate lame zone
entries. [RT #9341]
1546. [bug] We were rejecting valid secure CNAME to negative
answers.
1545. [bug] It was possible to leak memory if named was unable to
bind to the specified transfer source and TSIG was
being used. [RT #10120]
1544. [bug] Named would logged a single entry to a file despite it
being over the specified size limit.
1543. [bug] Logging using "versions unlimited" did not work.
1542. [placeholder]
1541. [func] NSEC now uses new bitmap format.
1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
[RT #8934]
1539. [bug] Open UDP sockets for notify-source and transfer-source
that use reserved ports at startup. [RT #9475]
1538. [placeholder] rt9997
1537. [func] New option "querylog". If set specify whether query
logging is to be enabled or disabled at startup.
1536. [bug] Windows socket code failed to log a error description
when returning ISC_R_UNEXPECTED. [RT #9998]
1535. [placeholder]
1534. [bug] Race condition when priming cache. [RT# 9940]
1533. [func] Warn if both "recursion no;" and "allow-recursion"
are active. [RT# 4389]
1532. [port] netbsd: the configure test for <sys/sysctl.h>
requires <sys/param.h>.
1531. [port] AIX more libtool fixes.
1530. [bug] It was possible to trigger a INSIST() failure if a
slave master file was removed at just the correct
moment. [RT #9462]
1529. [bug] "notify explicit;" failed to log that NOTIFY messages
were being sent for the zone. [RT# 9442]
1528. [cleanup] Simplify some dns_name_ functions based on the
deprecation of bitstring labels.
1527. [cleanup] Reduce the number of gettimeofday() calls without
losing necessary timer granularity.
1526. [func] Implemented "additional section caching (or acache)",
an internal cache framework for additional section
content to improve response performance. Several
configuration options were provided to control the
behavior.
1525. [bug] dns_cache_create() could trigger a REQUIRE
failure in isc_mem_put() during error cleanup.
[RT# 9360]
1524. [port] AIX needs to be able to resolve all symbols when
creating shared libraries (--with-libtool).
1523. [bug] Fix race condition in rbtdb. [RT# 9189]
1522. [bug] dns_db_findnode() relax the requirements on 'name'.
[RT# 9286]
1521. [bug] dns_view_createresolver() failed to check the
result from isc_mem_create(). [RT# 9294]
1520. [protocol] Add SSHFP (SSH Finger Print) type.
1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
length of the new bitmap.
1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(),
contained a off-by-one error when working out the
number of octets in the bitmap.
1517. [port] Support for IPv6 interface scanning on HP/UX and
TrueUNIX 5.1.
1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
1515. [func] Allow transfer source to be set in a server statement.
[RT #6496]
1514. [bug] named: isc_hash_destroy() was being called too early.
[RT #9160]
1513. [doc] Add "US" to root-delegation-only exclude list.
1512. [bug] Extend the delegation-only logging to return query
type, class and responding nameserver.
1511. [bug] delegation-only was generating false positives
on negative answers from sub-zones.
1510. [func] New view option "root-delegation-only". Apply
delegation-only check to all TLDs and root.
Note there are some TLDs that are NOT delegation
only (e.g. DE, LV, US and MUSEUM) these can be excluded
from the checks by using exclude.
root-delegation-only exclude {
"DE"; "LV"; "US"; "MUSEUM";
};
1509. [bug] Hint zones should accept delegation-only. Forward
zone should not accept delegation-only.
1508. [bug] Don't apply delegation-only checks to answers from
forwarders.
1507. [bug] Handle BIND 8 style returns to NS queries to parents
when making delegation-only checks.
1506. [bug] Wrong return type for dns_view_isdelegationonly().
1505. [bug] Uninitialized rdataset in sdb. [RT #8750]
1504. [func] New zone type "delegation-only".
1503. [port] win32: install libeay32.dll outside of system32.
1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP.
1501. [func] Allow TCP queue length to be specified via
named.conf, tcp-listen-queue.
1500. [bug] host failed to lookup MX records. Also look up
AAAA records.
1499. [bug] isc_random need to be seeded better if arc4random()
is not used.
1498. [port] bsdos: 5.x support.
1497. [placeholder]
1496. [port] test for pthread_attr_setstacksize().
1495. [cleanup] Replace hash functions with universal hash.
1494. [security] Turn on RSA BLINDING as a precaution.
1493. [placeholder]
1492. [cleanup] Preserve rwlock quota context when upgrading /
downgrading. [RT #5599]
1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
lines. [RT #6206]
1490. [bug] Accept reading state as well as working state in
ns_client_next(). [RT #6813]
1489. [compat] Treat 'allow-update' on slave zones as a warning.
[RT #3469]
1488. [bug] Don't override trust levels for glue addresses.
[RT #5764]
1487. [bug] A REQUIRE() failure could be triggered if a zone was
queued for transfer and the zone was then removed.
[RT #6189]
1486. [bug] isc_print_snprintf() '%%' consumed one too many format
characters. [RT# 8230]
1485. [bug] gen failed to handle high type values. [RT #6225]
1484. [bug] The number of records reported after a AXFR was wrong.
[RT #6229]
1483. [bug] dig axfr failed if the message id in the answer failed
to match that in the request. Only the id in the first
message is required to match. [RT #8138]
1482. [bug] named could fail to start if the kernel supports
IPv6 but no interfaces are configured. Similarly
for IPv4. [RT #6229]
1481. [bug] Refresh and stub queries failed to use masters keys
if specified. [RT #7391]
1480. [bug] Provide replay protection for rndc commands. Full
replay protection requires both rndc and named to
be updated. Partial replay protection (limited
exposure after restart) is provided if just named
is updated.
1479. [bug] cfg_create_tuple() failed to handle out of
memory cleanup. parse_list() would leak memory
on syntax errors.
1478. [port] ifconfig.sh didn't account for other virtual
interfaces. It now takes a optional argument
to specify the first interface number. [RT #3907]
1477. [bug] memory leak using stub zones and TSIG.
1476. [placeholder]
1475. [port] Probe for old sprintf().
1474. [port] Provide strtoul() and memmove() for platforms
without them.
1473. [bug] create_map() and create_string() failed to handle out
of memory cleanup. [RT #6813]
1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
1471. [bug] libbind: updated to BIND 8.4.0.
1470. [bug] Incorrect length passed to snprintf. [RT #5966]
1469. [func] Log end of outgoing zone transfer at same level
as the start of transfer is logged. [RT #4441]
1468. [func] Internal zones are no longer counted for
'rndc status'. [RT #4706]
1467. [func] $GENERATES now supports optional class and ttl.
1466. [bug] lwresd configuration errors resulted in memory
and lock leaks. [RT #5228]
1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
failed to check that trailing bits were zero allowing
some invalid base64 strings to be accepted. [RT #5397]
1464. [bug] Preserve "out of zone" data for outgoing zone
transfers. [RT #5192]
1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
NXT bit maps. [RT #5577]
1462. [bug] parse_sizeval() failed to check the token type.
[RT #5586]
1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
1460. [bug] inet_pton() failed to reject certain malformed
IPv6 literals.
1459. [placeholder]
1458. [cleanup] sprintf() -> snprintf().
1457. [port] Provide strlcat() and strlcpy() for platforms without
them.
1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
1455. [bug] <netaddr> missing from server grammar in
doc/misc/options. [RT #5616]
1454. [port] Use getifaddrs() if available for interface scanning.
--disable-getifaddrs to override. Glibc currently
has a getifaddrs() that does not support IPv6.
Use --enable-getifaddrs=glibc to force the use of
this version under linux machines.
1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
1452. [placeholder]
1451. [bug] rndc-confgen didn't exit with a error code for all
failures. [RT #5209]
1450. [bug] Fetching expired glue failed under certain
circumstances. [RT #5124]
1449. [bug] query_addbestns() didn't handle running out of memory
gracefully.
1448. [bug] Handle empty wildcards labels.
1447. [bug] We were casting (unsigned int) to and from (void *).
rdataset->private4 is now rdataset->privateuint4
to reflect a type change.
1446. [func] Implemented undocumented alternate transfer sources
from BIND 8. See use-alt-transfer-source,
alt-transfer-source and alt-transfer-source-v6.
SECURITY: use-alt-transfer-source is ENABLED unless
you are using views. This may cause a security risk
resulting in accidental disclosure of wrong zone
content if the master supplying different source
content based on IP address. If you are not certain
ISC recommends setting use-alt-transfer-source no;
1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
been replaced with DNS_ADBFIND_STARTATZONE which
causes the search to start using the closest zone.
1444. [func] dns_view_findzonecut2() allows you to specify if the
cache should be searched for zone cuts.
1443. [func] Masters lists can now be specified and referenced
in zone masters clauses and other masters lists.
1442. [func] New functions for manipulating port lists:
dns_portlist_create(), dns_portlist_add(),
dns_portlist_remove(), dns_portlist_match(),
dns_portlist_attach() and dns_portlist_detach().
1441. [func] It is now possible to tell dig to bind to a specific
source port.
1440. [func] It is now possible to tell named to avoid using
certain source ports (avoid-v4-udp-ports,
avoid-v6-udp-ports).
1439. [bug] Named could return NOERROR with certain NOTIFY
failures. Return NOTAUTH if the NOTIFY zone is
not being served.
1438. [func] Log TSIG (if any) when logging NOTIFY requests.
1437. [bug] Leave space for stdio to work in. [RT #5033]
1436. [func] dns_zonemgr_resumexfrs() can be used to restart
stalled transfers.
1435. [bug] zmgr_resume_xfrs() was being called read locked
rather than write locked. zmgr_resume_xfrs()
was not being called if the zone was being
shutdown.
1434. [bug] "rndc reconfig" failed to initiate the initial
zone transfer of new slave zones.
1433. [bug] named could trigger a REQUIRE failure if it could
not get a file descriptor when attempting to write
a master file. [RT #4347]
1432. [func] The advertised EDNS UDP buffer size can now be set
via named.conf (edns-udp-size).
1431. [bug] isc_print_snprintf() "%s" with precision could walk off
end of argument. [RT #5191]
1430. [port] linux: IPv6 interface scanning support.
1429. [bug] Prevent the cache getting locked to old servers.
1428. [placeholder]
1427. [bug] Race condition in adb with threaded build.
1426. [placeholder]
1425. [port] linux/libbind: define __USE_MISC when testing *_r()
function prototypes in netdb.h. [RT #4921]
1424. [bug] EDNS version not being correctly printed.
1423. [contrib] queryperf: added A6 and SRV.
1422. [func] Log name/type/class when denying a query. [RT #4663]
1421. [func] Differentiate updates that don't succeed due to
prerequisites (unsuccessful) vs other reasons
(failed).
1420. [port] solaris: work around gcc optimizer bug.
1419. [port] openbsd: use /dev/arandom. [RT #4950]
1418. [bug] 'rndc reconfig' did not cause new slaves to load.
1417. [func] ID.SERVER/CHAOS is now a built in zone.
See "server-id" for how to configure.
1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
[RT #4715]
1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
from SOA MINIMUM.
1414. [func] Support for KSK flag.
1413. [func] Explicitly request the (re-)generation of DS records
from keysets (dnssec-signzone -g).
1412. [func] You can now specify servers to be tried if a nameserver
has IPv6 address and you only support IPv4 or the
reverse. See dual-stack-servers.
1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
1410. [func] Handle records that live in the parent zone, e.g. DS.
1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
1408. [bug] "make distclean" was not complete. [RT #4700]
1407. [bug] lfsr incorrectly implements the shift register.
[RT #4617]
1406. [bug] dispatch initializes one of the LFSR's with a incorrect
polynomial. [RT #4617]
1405. [func] Use arc4random() if available.
1404. [bug] libbind: ns_name_ntol() could overwrite a zero length
buffer.
1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset
dnssec-signkey now report their version in the
usage message.
1402. [cleanup] A6 has been moved to experimental and is no longer
fully supported.
1401. [bug] adb wasn't clearing state when the timer expired.
1400. [bug] Block the addition of wildcard NS records by IXFR
or UPDATE. [RT #3502]
1399. [bug] Use serial number arithmetic when testing SIG
timestamps. [RT #4268]
1398. [doc] ARM: notify-also should have been also-notify.
[RT #4345]
1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
1396. [func] dnssec-signzone: adjust the default signing time by
1 hour to allow for clock skew.
1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
have a working implementation. [RT #4079]
1394. [func] It is now possible to check if a particular element is
in a acl. Remove duplicate entries from the localnets
acl.
1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
is not available in the kernel to prevent accidently
listening on IPv4 interfaces.
1392. [bug] named-checkzone: update usage.
1391. [func] Add support for IPv6 scoped addresses in named.
1390. [func] host now supports ixfr.
1389. [bug] named could fail to rotate long log files. [RT #3666]
1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
defining HAVE_IFLIST_SYSCTL. [RT #3770]
1387. [bug] named could crash due to an access to invalid memory
space (which caused an assertion failure) in
incremental cleaning. [RT #3588]
1386. [bug] named-checkzone -z stopped on errors in a zone.
[RT #3653]
1385. [bug] Setting serial-query-rate to 10 would trigger a
REQUIRE failure.
1384. [bug] host was incompatible with BIND 8 in its exit code and
in the output with the -l option. [RT #3536]
1383. [func] Track the serial number in a IXFR response and log if
a mismatch occurs. This is a more specific error than
"not exact". [RT #3445]
1382. [bug] make install failed with --enable-libbind. [RT #3656]
1381. [bug] named failed to correctly process answers that
contained DNAME records where the resulting CNAME
resulted in a negative answer.
1380. [func] 'rndc recursing' dump recursing queries to
'recursing-file = "named.recursing";'.
1379. [func] 'rndc status' now reports tcp and recursion quota
states.
1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
1377. [func] dns_zone_load{new}() now reports if the zone was
loaded, queued for loading to up to date.
1376. [func] New function dns_zone_logc() to log to specified
category.
1375. [func] 'rndc dumpdb' now dumps the adb cache along with the
data cache.
1374. [func] dns_adb_dump() now logs the lame zones associated
with each server.
1373. [bug] Recovery from expired glue failed under certain
circumstances.
1372. [bug] named crashes with an assertion failure on exit when
sharing the same port for listening and querying, and
changing listening addresses several times. [RT# 3509]
1371. [bug] notify-source-v6, transfer-source-v6 and
query-source-v6 with explicit addresses and using the
same ports as named was listening on could interfere
with named's ability to answer queries sent to those
addresses.
1370. [bug] dig '+[no]recurse' was incorrectly documented.
1369. [bug] Adding an NS record as the lexicographically last
record in a secure zone didn't work.
1368. [func] remove support for bitstring labels.
1367. [func] Use response times to select forwarders.
1366. [contrib] queryperf usage was incomplete. Add '-h' for help.
1365. [func] "localhost" and "localnets" acls now include IPv6
addresses / prefixes.
1364. [func] Log file name when unable to open memory statistics
and dump database files. [RT# 3437]
1363. [func] Listen-on-v6 now supports specific addresses.
1362. [bug] remove IFF_RUNNING test when scanning interfaces.
1361. [func] log the reason for rejecting a server when resolving
queries.
1360. [bug] --enable-libbind would fail when not built in the
source tree for certain OS's.
1359. [security] Support patches OpenSSL libraries.
http://www.cert.org/advisories/CA-2002-23.html
1358. [bug] It was possible to trigger a INSIST when debugging
large dynamic updates. [RT #3390]
1357. [bug] nsupdate was extremely wasteful of memory.
1356. [tuning] Reduce the number of events / quantum for zone tasks.
1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
1354. [doc] lwres man pages had illegal nroff.
1353. [contrib] sdb/ldap to version 0.9.
1352. [bug] dig, host, nslookup when falling back to TCP use the
current search entry (if any). [RT #3374]
1351. [bug] lwres_getipnodebyname() returned the wrong name
when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
was set.
1350. [bug] dns_name_fromtext() failed to handle too many labels
gracefully.
1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
http://www.cert.org/advisories/CA-2002-23.html
1348. [port] win32: Rewrote code to use I/O Completion Ports
in socket.c and eliminating a host of socket
errors. Performance is enhanced.
1347. [placeholder]
1346. [placeholder]
1345. [port] Use a explicit -Wformat with gcc. Not all versions
include it in -Wall.
1344. [func] Log if the serial number on the master has gone
backwards.
If you have multiple machines specified in the masters
clause you may want to set 'multi-master yes;' to
suppress this warning.
1343. [func] Log successful notifies received (info). Adjust log
level for failed notifies to notice.
1342. [func] Log remote address with TCP dispatch failures.
1341. [func] Allow a rate limiter to be stalled.
1340. [bug] Delay and spread out the startup refresh load.
1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
lookups. Bit string lookups are no longer attempted.
1338. [placeholder]
1337. [placeholder]
1336. [func] Nibble lookups under IP6.ARPA are now supported by
dns_byaddr_create(). dns_byaddr_createptrname() is
deprecated, use dns_byaddr_createptrname2() instead.
1335. [bug] When performing a nonexistence proof, the validator
should discard parent NXTs from higher in the DNS.
1334. [bug] When signing/verifying rdatasets, duplicate rdatas
need to be suppressed.
1333. [contrib] queryperf now reports a summary of returned
rcodes (-c), rcodes are printed in mnemonic form (-v).
1332. [func] Report the current serial with periodic commits when
rolling forward the journal.
1331. [func] Generate DNSSEC wildcard proofs.
1330. [bug] When processing events (non-threaded) only allow
the task one chance to use to use its quantum.
1329. [func] named-checkzone will now check if nameservers that
appear to be IP addresses. Available modes "fail",
"warn" (default) and "ignore" the results of the
check.
1328. [bug] The validator could incorrectly verify an invalid
negative proof.
1327. [bug] The validator would incorrectly mark data as insecure
when seeing a bogus signature before a correct
signature.
1326. [bug] DNAME/CNAME signatures were not being cached when
validation was not being performed. [RT #3284]
1325. [bug] If the tcpquota was exhausted it was possible to
to trigger a INSIST() failure.
1324. [port] darwin: ifconfig.sh now supports darwin.
1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
1322. [bug] dnssec-signzone usage message was misleading.
1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
would incorrectly duplicate its output and sign it.
1320. [doc] query-source-v6 was missing from options section.
[RT #3218]
1319. [func] libbind: log attempts to exploit #1318.
1318. [bug] libbind: Remote buffer overrun.
1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
element name.
1316. [bug] libbind: gethostans() could get out of sync parsing
the response if there was a very long CNAME chain.
1315. [bug] Options should apply to the internal _bind view.
1314. [port] Handle ECONNRESET from sendmsg() [unix].
1313. [func] Query log now says if the query was signed (S) or
if EDNS was used (E).
1312. [func] Log TSIG key used w/ outgoing zone transfers.
1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
1310. [bug] 'rndc stop' failed to cause zones to be flushed
sometimes. [RT #3157]
1309. [func] Log that a zone transfer was covered by a TSIG.
1308. [func] DS (delegation signer) support.
1307. [bug] nsupdate: allow white space base64 key data.
1306. [bug] Badly encoded LOC record when the size, horizontal
precision or vertical precision was 0.1m.
1305. [bug] Document that internal zones are included in the
rndc status results.
1304. [func] New function: dns_zone_name().
1303. [func] Option 'flush-zones-on-shutdown <boolean>;'.
1302. [func] Extended rndc dumpdb to support dumping of zones and
view selection: 'dumpdb [-all|-zones|-cache] [view]'.
1301. [func] New category 'update-security'.
1300. [port] Compaq Trucluster support.
1299. [bug] Set AI_ADDRCONFIG when looking up addresses
via getaddrinfo() (affects dig, host, nslookup, rndc
and nsupdate).
1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
could be left with a trailing "\" after configure
has been run.
1297. [port] linux: make handling EINVAL from socket() no longer
conditional on #ifdef LINUX.
1296. [bug] isc_log_closefilelogs() needed to lock the log
context.
1295. [bug] isc_log_setdebuglevel() needed to lock the log
context.
1294. [func] libbind: no longer attempts bit string labels for
IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
for nibble style resolution.
1293. [func] Entropy can now be retrieved from EGDs. [RT #2438]
1292. [func] Enable IPv6 support when using ioctl style interface
scanning and OS supports SIOCGLIFADDR using struct
if_laddrreq.
1291. [func] Enable IPv6 support when using sysctl style interface
scanning.
1290. [func] "dig axfr" now reports the number of messages
as well as the number of records.
1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
reflect written requirements.
1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
a rdataset to a zone db in the rbtdb implementation of
addrdataset.
1286. [bug] dns_name_downcase() enforce requirement that
target != NULL or name->buffer != NULL.
1285. [func] lwres: probe the system to see what address families
are currently in use.
1284. [bug] The RTT estimate on unused servers was not aged.
[RT #2569]
1283. [func] Use "dataready" accept filter if available.
1282. [port] libbind: hpux 11.11 interface scanning.
1281. [func] Log zone when unable to get private keys to update
zone. Log zone when NXT records are missing from
secure zone.
1280. [bug] libbind: escape '(' and ')' when converting to
presentation form.
1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
1278. [func] dig: now supports +[no]cl +[no]ttlid.
1277. [func] You can now create your own customized printing
styles: dns_master_stylecreate() and
dns_master_styledestroy().
1276. [bug] libbind: const pointer conflicts in res_debug.c.
1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
1274. [bug] Memory leak in lwres_gnbarequest_parse().
1273. [port] libbind: solaris: 64 bit binary compatibility.
1272. [contrib] Berkeley DB 4.0 sdb implementation from
Nuno Miguel Rodrigues <nmr@co.sapo.pt>.
1271. [bug] "recursion available: {denied,approved}" was too
confusing.
1270. [bug] Check that system inet_pton() and inet_ntop() support
AF_INET6.
1269. [port] Openserver: ifconfig.sh support.
1268. [port] Openserver: the value FD_SETSIZE depends on whether
<sys/param.h> is included or not. Be consistent.
1267. [func] isc_file_openunique() now creates file using mode
0666 rather than 0600.
1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
__ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
are not C++ compatible, use *_TYPE versions instead.
1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
1264. [placeholder]
1263. [bug] Reference after free error if dns_dispatchmgr_create()
failed.
1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
support for compressed TSIG owner names.
1260. [func] libbind: res_update can now update IPv6 servers,
new function res_findzonecut2().
1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
w/o sa_len.
1258. [bug] libbind: res_nametotype() and res_nametoclass() were
broken.
1257. [bug] Failure to write pid-file should not be fatal on
reload. [RT #2861]
1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
1255. [bug] When verifying that an NXT proves nonexistence, check
the rcode of the message and only do the matching NXT
check. That is, for NXDOMAIN responses, check that
the name is in the range between the NXT owner and
next name, and for NOERROR NODATA responses, check
that the type is not present in the NXT bitmap.
1254. [func] preferred-glue option from BIND 8.3.
1253. [bug] The dnssec system test failed to remove the correct
files.
1252. [bug] Dig, host and nslookup were not checking the address
the answer was coming from against the address it was
sent to. [RT# 2692]
1251. [port] win32: a make file contained absolute version specific
references.
1250. [func] Nsupdate will report the address the update was
sent to.
1249. [bug] Missing masters clause was not handled gracefully.
[RT #2703]
1248. [bug] DESTDIR was not being propagated between makes.
1247. [bug] Don't reset the interface index for link/site local
addresses. [RT #2576]
1246. [func] New functions isc_sockaddr_issitelocal(),
isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
and isc_netaddr_islinklocal().
1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
accept().
1244. [bug] Receiving a TCP message from a blackhole address would
prevent further messages being received over that
interface.
1243. [bug] It was possible to trigger a REQUIRE() in
dns_message_findtype(). [RT #2659]
1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
1241. [bug] Drop received UDP messages with a zero source port
as these are invariably forged. [RT #2621]
1240. [bug] It was possible to leak zone references by
specifying an incorrect zone to rndc.
1239. [bug] Under certain circumstances named could continue to
use a name after it had been freed triggering
INSIST() failures. [RT #2614]
1238. [bug] It is possible to lockup the server when shutting down
if notifies were being processed. [RT #2591]
1237. [bug] nslookup: "set q=type" failed.
1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
NULL terminated text regions. [RT #2588]
1235. [func] Report 'out of memory' errors from openssl.
1234. [bug] contrib/sdb: 'zonetodb' failed to call
dns_result_register(). DNS_R_SEENINCLUDE should not
be fatal.
1233. [bug] The flags field of a KEY record can be expressed in
hex as well as decimal.
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
1229. [bug] named would crash if it received a TSIG signed
query as part of an AXFR response. [RT #2570]
1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
if a number was expected and some other token was
found. [RT#2532]
1226. [func] Use EDNS for zone refresh queries. [RT #2551]
1225. [func] dns_message_setopt() no longer requires that
dns_message_renderbegin() to have been called.
1224. [bug] 'rrset-order' and 'sortlist' should be additive
not exclusive.
1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
are supported.
1222. [bug] Specifying 'port *' did not always result in a system
selected (non-reserved) port being used. [RT #2537]
1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
compared case insensitively. [RT #2542]
1220. [func] Support for APL rdata type.
1219. [func] Named now reports the TSIG extended error code when
signature verification fails. [RT #1651]
1218. [bug] Named incorrectly returned SERVFAIL rather than
NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
1217. [func] Report locations of previous key definition when a
duplicate is detected.
1216. [bug] Multiple server clauses for the same server were not
reported. [RT #2514]
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
1214. [bug] Win32: isc_file_renameunique() could leave zero length
files behind.
1213. [func] Report view associated with client if it is not a
standard view (_default or _bind).
1212. [port] libbind: 64k answer buffers were causing stack space
to be exceeded for certain OS. Use heap space instead.
1211. [bug] dns_name_fromtext() incorrectly handled certain
valid octal bitlabels. [RT #2483]
1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
compatible addresses. [RT #2461]
1209. [bug] Dig, host, nslookup were not checking the message ids
on the responses. [RT #2454]
1208. [bug] dns_master_load*() failed to log a error message if
an error was detected when parsing the ownername of
a record. [RT #2448]
1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
an invalid pointer.
1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
trigger a non-EDNS retry.
1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
of the message. [RT #2449]
1204. [bug] libbind: res_nupdate() failed to update the name
server addresses before sending the update.
1203. [func] Report locations of previous acl and zone definitions
when a duplicate is detected.
1202. [func] New functions: cfg_obj_line() and cfg_obj_file().
1201. [bug] Require that if 'callbacks' is passed to
dns_rdata_fromtext(), callbacks->error and
callbacks->warn are initialized.
1200. [bug] Log 'errno' that we are unable to convert to
isc_result_t. [RT #2404]
1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
[RT #2436]
1198. [bug] OPT printing style was not consistent with the way the
header fields are printed. The DO bit was not reported
if set. Report if any of the MBZ bits are set.
1197. [bug] Attempts to define the same acl multiple times were not
detected.
1196. [contrib] update mdnkit to 2.2.3.
1195. [bug] Attempts to redefine builtin acls should be caught.
[RT #2403]
1194. [bug] Not all duplicate zone definitions were being detected
at the named.conf checking stage. [RT #2431]
1193. [bug] dig +besteffort parsing didn't handle packet
truncation. dns_message_parse() has new flag
DNS_MESSAGE_IGNORETRUNCATION.
1192. [bug] The seconds fields in LOC records were restricted
to three decimal places. More decimal places should
be allowed but warned about.
1191. [bug] A dynamic update removing the last non-apex name in
a secure zone would fail. [RT #2399]
1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands.
[RT #2394]
1189. [bug] On some systems, malloc(0) returns NULL, which
could cause the caller to report an out of memory
error. [RT #2398]
1188. [bug] Dynamic updates of a signed zone would fail if
some of the zone private keys were unavailable.
1187. [bug] named was incorrectly returning DNSSEC records
in negative responses when the DO bit was not set.
1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
EOL token when reading to end of line.
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
unless RES_INIT is set when calling res_*init().
1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
when res_*init() is called.
1183. [bug] Handle ENOSR error when writing to the internal
control pipe. [RT #2395]
1182. [bug] The server could throw an assertion failure when
constructing a negative response packet.
1181. [func] Add the "key-directory" configuration statement,
which allows the server to look for online signing
keys in alternate directories.
1180. [func] dnssec-keygen should always generate keys with
protocol 3 (DNSSEC), since it's less confusing
that way.
1179. [func] Add SIG(0) support to nsupdate.
1178. [bug] Follow and cache (if appropriate) A6 and other
data chains to completion in the additional section.
1177. [func] Report view when loading zones if it is not a
standard view (_default or _bind). [RT #2270]
1176. [doc] Document that allow-v6-synthesis is only performed
for clients that are supplied recursive service.
[RT #2260]
1175. [bug] named-checkzone and named-checkconf failed to call
dns_result_register() at startup which could
result in runtime exceptions when printing
"out of memory" errors. [RT #2335]
1174. [bug] Win32: add WSAECONNRESET to the expected errors
from connect(). [RT #2308]
1173. [bug] Potential memory leaks in isc_log_create() and
isc_log_settag(). [RT #2336]
1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
table of RR types in ARM.
1171. [func] Added function isc_region_compare(), updated files in
lib/dns to use this function instead of local one.
1170. [bug] Don't attempt to print the token when a I/O error
occurs when parsing named.conf. [RT #2275]
1169. [func] Identify recursive queries in the query log.
1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
1167. [contrib] nslint-2.1a3 (from author).
1166. [bug] "Not Implemented" should be reported as NOTIMP,
not NOTIMPL. [RT #2281]
1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
1164. [bug] Empty masters clauses in slave / stub zones were not
handled gracefully. [RT #2262]
1163. [func] isc_time_formattimestamp() now includes the year.
1162. [bug] The allow-notify option was not accepted in slave
zone statements.
1161. [bug] named-checkzone looped on unbalanced brackets.
[RT #2248]
1160. [bug] Generating Diffie-Hellman keys longer than 1024
bits could fail. [RT #2241]
1159. [bug] MD and MF are not permitted to be loaded by RFC1123.
1158. [func] Report the client's address when logging notify
messages.
1157. [func] match-clients and match-destinations now accept
keys. [RT #2045]
1156. [port] The configure test for strsep() incorrectly
succeeded on certain patched versions of
AIX 4.3.3. [RT #2190]
1155. [func] Recover from master files being removed from under
us.
1154. [bug] Don't attempt to obtain the netmask of a interface
if there is no address configured. [RT #2176]
1153. [func] 'rndc {stop|halt} -p' now reports the process id
of the instance of named being shutdown.
1152. [bug] libbind: read buffer overflows.
1151. [bug] nslookup failed to check that the arguments to
the port, timeout, and retry options were
valid integers and in range. [RT #2099]
1150. [bug] named incorrectly accepted TTL values
containing plus or minus signs, such as
1d+1h-1s.
1149. [func] New function isc_parse_uint32().
1148. [func] 'rndc-confgen -a' now provides positive feedback.
1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by
the OS. listen-on-v6 { any; }; should no longer
result in IPv4 queries be accepted. Similarly
control { inet :: ... }; should no longer result
in IPv4 connections being accepted. This can be
overridden at compile time by defining
ISC_ALLOW_MAPPED=1.
1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
supported by the OS by a new function
isc_socket_ipv6only().
1145. [func] "host" no longer reports a NOERROR/NODATA response
by printing nothing. [RT #2065]
1144. [bug] rndc-confgen would crash if both the -a and -t
options were specified. [RT #2159]
1143. [bug] When a trusted-keys statement was present and named
was built without crypto support, it would leak memory.
1142. [bug] dnssec-signzone would fail to delete temporary files
in some failure cases. [RT #2144]
1141. [bug] When named rejected a control message, it would
leak a file descriptor and memory. It would also
fail to respond, causing rndc to hang.
[RT #2139, #2164]
1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
to the -s option. [RT #2138]
1139. [func] It is now possible to flush a given name from the
cache(s) via 'rndc flushname name [view]'. [RT #2051]
1138. [func] It is now possible to flush a given name from the
cache by calling the new function
dns_cache_flushname().
1137. [func] It is now possible to flush a given name from the
ADB by calling the new function dns_adb_flushname().
1136. [bug] CNAME records synthesized from DNAMEs did not
have a TTL of zero as required by RFC2672.
[RT #2129]
1135. [func] You can now override the default syslog() facility for
named/lwresd at compile time. [RT #1982]
1134. [bug] Multi-threaded servers could deadlock in ferror()
when reloading zone files. [RT #1951, #1998]
1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on
platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]
1132. [func] Improve UPDATE prerequisite failure diagnostic messages.
1131. [bug] The match-destinations view option did not work with
IPv6 destinations. [RT #2073, #2074]
1130. [bug] Log messages reporting an out-of-range serial number
did not include the out-of-range number but the
following token. [RT #2076]
1129. [bug] Multi-threaded servers could crash under heavy
resolution load due to a race condition. [RT #2018]
1128. [func] sdb drivers can now provide RR data in either text
or wire format, the latter using the new functions
dns_sdb_putrdata() and dns_sdb_putnamedrdata().
1127. [func] rndc: If the server to contact has multiple addresses,
try all of them.
1126. [bug] The server could access a freed event if shut
down while a client start event was pending
delivery. [RT #2061]
1125. [bug] rndc: -k option was missing from usage message.
[RT #2057]
1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
are now documented. [RT #2052]
1123. [bug] dig +[no]fail did not match description. [RT #2052]
1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
[RT #2046]
1121. [bug] The server could attempt to access a NULL zone
table if shut down while resolving.
[RT #1587, #2054]
1120. [bug] Errors in options were not fatal. [RT #2002]
1119. [func] Added support in Win32 for NTFS file/directory ACL's
for access control.
1118. [bug] On multi-threaded servers, a race condition
could cause an assertion failure in resolver.c
during resolver shutdown. [RT #2029]
1117. [port] The configure check for in6addr_loopback incorrectly
succeeded on AIX 4.3 when compiling with -O2
because the test code was optimized away.
[RT #2016]
1116. [bug] Setting transfers in a server clause, transfers-in,
or transfers-per-ns to a value greater than
2147483647 disabled transfers. [RT #2002]
1115. [func] Set maximum values for cleaning-interval,
heartbeat-interval, interface-interval,
max-transfer-idle-in, max-transfer-idle-out,
max-transfer-time-in, max-transfer-time-out,
statistics-interval of 28 days and
sig-validity-interval of 3660 days. [RT #2002]
1114. [port] Ignore more accept() errors. [RT #2021]
1113. [bug] The allow-update-forwarding option was ignored
when specified in a view. [RT #2014]
1112. [placeholder]
1111. [bug] Multi-threaded servers could deadlock processing
recursive queries due to a locking hierarchy
violation in adb.c. [RT #2017]
1110. [bug] dig should only accept valid abbreviations of +options.
[RT #2003]
1109. [bug] nsupdate accepted illegal ttl values.
1108. [bug] On Win32, rndc was hanging when named was not running
due to failure to select for exceptional conditions
in select(). [RT #1870]
1107. [bug] nsupdate could catch an assertion failure if an
invalid domain name was given as the argument to
the "zone" command.
1106. [bug] After seeing an out of range TTL, nsupdate would
treat all TTLs as out of range. [RT #2001]
1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
1104. [bug] Invalid arguments to the transfer-format option
could cause an assertion failure. [RT #1995]
1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
1102. [doc] Note that query logging is enabled by directing the
queries category to a channel.
1101. [bug] Array bounds read error in lwres_gai_strerror.
1100. [bug] libbind: DNSSEC key ids were computed incorrectly.
1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
compile time errors.
1098. [bug] libbind: HMAC-MD5 key files are now mode 0600.
1097. [func] libbind: RES_PRF_TRUNC for dig.
1096. [func] libbind: "DNSSEC OK" (DO) support.
1095. [func] libbind: resolver option: no-tld-query. disables
trying unqualified as a tld. no_tld_query is also
supported for FreeBSD compatibility.
1094. [func] libbind: add support gcc's format string checking.
1093. [doc] libbind: miscellaneous nroff fixes.
1092. [bug] libbind: get*by*() failed to check if res_init() had
been called.
1091. [bug] libbind: misplaced va_end().
1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
the amount of memory consumed resulting in garbage
address being returned. Alignment calculations were
wasting space. We weren't suppressing duplicate
addresses.
1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
support.
1088. [port] libbind: MPE/iX C.70 (incomplete)
1087. [bug] libbind: struct __res_state too large on 64 bit arch.
1086. [port] libbind: sunos: old sprintf.
1085. [port] libbind: solaris: sys_nerr and sys_errlist do not
exist when compiling in 64 bit mode.
1084. [cleanup] libbind: gai_strerror() rewritten.
1083. [bug] The default control channel listened on the
wildcard address, not the loopback as documented.
[RT #1975]
1082. [bug] The -g option to named incorrectly caused logging
to be sent to syslog in addition to stderr.
[RT #1974]
1081. [bug] Multicast queries were incorrectly identified
based on the source address, not the destination
address.
1080. [bug] BIND 8 compatibility: accept bare IP prefixes
as the second element of a two-element top level
sort list statement. [RT #1964]
1079. [bug] BIND 8 compatibility: accept bare elements at top
level of sort list treating them as if they were
a single element list. [RT #1963]
1078. [bug] We failed to correct bad tv_usec values in one case.
[RT #1966]
1077. [func] Do not accept further recursive clients when
the total number of recursive lookups being
processed exceeds max-recursive-clients, even
if some of the lookups are internally generated.
[RT #1915, #1938]
1076. [bug] A badly defined global key could trigger an assertion
on load/reload if views were used. [RT #1947]
1075. [bug] Out-of-range network prefix lengths were not
reported. [RT #1954]
1074. [bug] Running out of memory in dump_rdataset() could
cause an assertion failure. [RT #1946]
1073. [bug] The ADB cache cleaning should also be space driven.
[RT #1915, #1938]
1072. [bug] The TCP client quota could be exceeded when
recursion occurred. [RT #1937]
1071. [bug] Sockets listening for TCP DNS connections
specified an excessive listen backlog. [RT #1937]
1070. [bug] Copy DNSSEC OK (DO) to response as specified by
draft-ietf-dnsext-dnssec-okbit-03.txt.
1069. [placeholder]
1068. [bug] errno could be overwritten by catgets(). [RT #1921]
1067. [func] Allow quotas to be soft, isc_quota_soft().
1066. [bug] Provide a thread safe wrapper for strerror().
[RT #1689]
1065. [func] Runtime support to select new / old style interface
scanning using ioctls.
1064. [bug] Do not shut down active network interfaces if we
are unable to scan the interface list. [RT #1921]
1063. [bug] libbind: "make install" was failing on IRIX.
[RT #1919]
1062. [bug] If the control channel listener socket was shut
down before server exit, the listener object could
be freed twice. [RT #1916]
1061. [bug] If periodic cache cleaning happened to start
while cleaning due to reaching the configured
maximum cache size was in progress, the server
could catch an assertion failure. [RT #1912]
1060. [func] Move refresh, stub and notify UDP retry processing
into dns_request.
1059. [func] dns_request now support will now retry UDP queries,
dns_request_createvia2() and dns_request_createraw2().
1058. [func] Limited lifetime ticker timers are now available,
isc_timertype_limited.
1057. [bug] Reloading the server after adding a "file" clause
to a zone statement could cause the server to
crash due to a typo in change 1016.
1056. [bug] Rndc could catch an assertion failure on SIGINT due
to an uninitialized variable. [RT #1908]
1055. [func] Version and hostname queries can now be disabled
using "version none;" and "hostname none;",
respectively.
1054. [bug] On Win32, cfg_categories and cfg_modules need to be
exported from the libisccfg DLL.
1053. [bug] Dig did not increase its timeout when receiving
AXFRs unless the +time option was used. [RT #1904]
1052. [bug] Journals were not being created in binary mode
resulting in "journal format not recognized" error
under Win32. [RT #1889]
1051. [bug] Do not ignore a network interface completely just
because it has a noncontiguous netmask. Instead,
omit it from the localnets ACL and issue a warning.
[RT #1891]
1050. [bug] Log messages reporting malformed IP addresses in
address lists such as that of the forwarders option
failed to include the correct error code, file
name, and line number. [RT #1890]
1049. [func] "pid-file none;" will disable writing a pid file.
[RT #1848]
1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
didn't work.
1047. [bug] named was incorrectly refusing all requests signed
with a TSIG key derived from an unsigned TKEY
negotiation with a NOERROR response. [RT #1886]
1046. [bug] The help message for the --with-openssl configure
option was inaccurate. [RT #1880]
1045. [bug] It was possible to skip saving glue for a nameserver
for a stub zone.
1044. [bug] Specifying allow-transfer, notify-source, or
notify-source-v6 in a stub zone was not treated
as an error.
1043. [bug] Specifying a transfer-source or transfer-source-v6
option in the zone statement for a master zone was
not treated as an error. [RT #1876]
1042. [bug] The "config" logging category did not work properly.
[RT #1873]
1041. [bug] Dig/host/nslookup could catch an assertion failure
on SIGINT due to an uninitialized variable. [RT #1867]
1040. [bug] Multiple listen-on-v6 options with different ports
were not accepted. [RT #1875]
1039. [bug] Negative responses with CNAMEs in the answer section
were cached incorrectly. [RT #1862]
1038. [bug] In servers configured with a tkey-domain option,
TKEY queries with an owner name other than the root
could cause an assertion failure. [RT #1866, #1869]
1037. [bug] Negative responses whose authority section contain
SOA or NS records whose owner names are not equal
equal to or parents of the query name should be
rejected. [RT #1862]
1036. [func] Silently drop requests received via multicast as
long as there is no final multicast DNS standard.
1035. [bug] If we respond to multicast queries (which we
currently do not), respond from a unicast address
as specified in RFC 1123. [RT #137]
1034. [bug] Ignore the RD bit on multicast queries as specified
in RFC 1123. [RT #137]
1033. [bug] Always respond to requests with an unsupported opcode
with NOTIMP, even if we don't have a matching view
or cannot determine the class.
1032. [func] hostname.bind/txt/chaos now returns the name of
the machine hosting the nameserver. This is useful
in diagnosing problems with anycast servers.
1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
[RT #1858]
1030. [bug] On systems with no resolv.conf file, nsupdate
exited with an error rather than defaulting
to using the loopback address. [RT #1836]
1029. [bug] Some named.conf errors did not cause the loading
of the configuration file to return a failure
status even though they were logged. [RT #1847]
1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf
in the wrong directory. [RT #1833]
1027. [bug] RRs having the reserved type 0 should be rejected.
[RT #1471]
1026. [placeholder]
1025. [bug] Don't use multicast addresses to resolve iterative
queries. [RT #101]
1024. [port] Compilation failed on HP-UX 11.11 due to
incompatible use of the SIOCGLIFCONF macro
name. [RT #1831]
1023. [func] Accept hints without TTLs.
1022. [bug] Don't report empty root hints as "extra data".
[RT #1802]
1021. [bug] On Win32, log message timestamps were one month
later than they should have been, and the server
would exhibit unspecified behavior in December.
1020. [bug] IXFR log messages did not distinguish between
true IXFRs, AXFR-style IXFRs, and mere version
polls. [RT #1811]
1019. [bug] The value of the lame-ttl option was limited to 18000
seconds, not 1800 seconds as documented. [RT #1803]
1018. [bug] The default log channel was not always initialized
correctly. [RT #1813]
1017. [bug] When specifying TSIG keys to dig and nsupdate using
the -k option, they must be HMAC-MD5 keys. [RT #1810]
1016. [bug] Slave zones with no backup file were re-transferred
on every server reload.
1015. [bug] Log channels that had a "versions" option but no
"size" option failed to create numbered log
files. [RT #1783]
1014. [bug] Some queries would cause statistics counters to
increment more than once or not at all. [RT #1321]
1013. [bug] It was possible to cancel a query twice when marking
a server as bogus or by having a blackhole acl.
[RT #1776]
1012. [bug] The -p option to named did not behave as documented.
1011. [cleanup] Removed isc_dir_current().
1010. [bug] The server could attempt to execute a command channel
command after initiating server shutdown, causing
an assertion failure. [RT #1766]
1009. [port] OpenUNIX 8 support. [RT #1728]
1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2.
1007. [port] config.guess, config.sub from autoconf-2.52.
1006. [bug] If a KEY RR was found missing during DNSSEC validation,
an assertion failure could subsequently be triggered
in the resolver. [RT #1763]
1005. [bug] Don't copy nonzero RCODEs from request to response.
[RT #1765]
1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770]
1003. [func] Add the +retry option to dig.
1002. [bug] When reporting an unknown class name in named.conf,
including the file name and line number. [RT #1759]
1001. [bug] win32 socket code doio_recv was not catching a
WSACONNRESET error when a client was timing out
the request and closing its socket. [RT #1745]
1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias
for class "HS". [RT #1759]
999. [func] "rndc retransfer zone [class [view]]" added.
[RT #1752]
998. [func] named-checkzone now has arguments to specify the
chroot directory (-t) and working directory (-w).
[RT #1755]
997. [func] Add support for RSA-SHA1 keys (RFC3110).
996. [func] Issue warning if the configuration filename contains
the chroot path.
995. [bug] dig, host, nslookup: using a raw IPv6 address as a
target address should be fatal on a IPv4 only system.
994. [func] Treat non-authoritative responses to queries for type
NS as referrals even if the NS records are in the
answer section, because BIND 8 servers incorrectly
send them that way. This is necessary for DNSSEC
validation of the NS records of a secure zone to
succeed when the parent is a BIND 8 server. [RT #1706]
993. [func] dig: -v now reports the version.
992. [doc] dig: ~/.digrc is now documented.
991. [func] Lower UDP refresh timeout messages to level
debug 1.
990. [bug] The rndc-confgen man page was not installed.
989. [bug] Report filename if $INCLUDE fails for file related
errors. [RT #1736]
988. [bug] 'additional-from-auth no;' did not work reliably
in the case of queries answered from the cache.
[RT #1436]
987. [bug] "dig -help" didn't show "+[no]stats".
986. [bug] "dig +noall" failed to clear stats and command
printing.
985. [func] Consider network interfaces to be up iff they have
a nonzero IP address rather than based on the
IFF_UP flag. [RT #1160]
984. [bug] Multi-threading should be enabled by default on
Solaris 2.7 and newer, but it wasn't.
983. [func] The server now supports generating IXFR difference
sequences for non-dynamic zones by comparing zone
versions, when enabled using the new config
option "ixfr-from-differences". [RT #1727]
982. [func] If "memstatistics-file" is set in options the memory
statistics will be written to it.
981. [func] The dnssec tools can now take multiple '-r randomfile'
arguments.
980. [bug] Incoming zone transfers restarting after an error
could trigger an assertion failure. [RT #1692]
979. [func] Incremental master file dumping. dns_master_dumpinc(),
dns_master_dumptostreaminc(), dns_dumpctx_attach(),
dns_dumpctx_detach(), dns_dumpctx_cancel(),
dns_dumpctx_db() and dns_dumpctx_version().
978. [bug] dns_db_attachversion() had an invalid REQUIRE()
condition.
977. [bug] Improve "not at top of zone" error message.
976. [func] named-checkconf can now test load master zones
(named-checkconf -z). [RT #1468]
975. [bug] "max-cache-size default;" as a view option
caused an assertion failure.
974. [bug] "max-cache-size unlimited;" as a global option
was not accepted.
973. [bug] Failed to log the question name when logging:
"bad zone transfer request: non-authoritative zone
(NOTAUTH)".
972. [bug] The file modification time code in zone.c was using the
wrong epoch. [RT #1667]
971. [placeholder]
970. [func] 'max-journal-size' can now be used to set a target
size for a journal.
969. [func] dig now supports the undocumented dig 8 feature
of allowing arbitrary labels, not just dotted
decimal quads, with the -x option. This can be
used to conveniently look up RFC2317 names as in
"dig -x 10.0.0.0-127". [RT #827, #1576, #1598]
968. [bug] On win32, the isc_time_now() function was unnecessarily
calling strtime(). [RT #1671]
967. [bug] On win32, the link for bindevt was not including the
required resource file to enable the event viewer
to interpret the error messages in the event log,
[RT #1668]
966. [placeholder]
965. [bug] Including data other than root server NS and A
records in the root hint file could cause a rbtdb
node reference leak. [RT #1581, #1618]
964. [func] Warn if data other than root server NS and A records
are found in the root hint file. [RT #1581, #1618]
963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
962. [bug] libbind: bad "#undef", don't attempt to install
non-existent nlist.h. [RT #1640]
961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
was not defined. [RT #1482]
960. [port] liblwres failed to build on systems with support for
getrrsetbyname() in the OS. [RT #1592]
959. [port] On FreeBSD, determine the number of CPUs by calling
sysctlbyname(). [RT #1584]
958. [port] ssize_t is not available on all platforms. [RT #1607]
957. [bug] sys/select.h inclusion was broken on older platforms.
[RT #1607]
956. [bug] ns_g_autorndcfile changed to ns_g_keyfile
in named/win32/os.c due to code changes in
change #953. win32 .make file for rndc-confgen
updated to add include path for os.h header.
--- 9.2.0rc1 released ---
955. [bug] When using views, the zone's class was not being
inherited from the view's class. [RT #1583]
954. [bug] When requesting AXFRs or IXFRs using dig, host, or
nslookup, the RD bit should not be set as zone
transfers are inherently non-recursive. [RT #1575]
953. [func] The /var/run/named.key file from change #843
has been replaced by /etc/rndc.key. Both
named and rndc will look for this file and use
it to configure a default control channel key
if not already configured using a different
method (rndc.conf / controls). Unlike
named.key, rndc.key is not created automatically;
it must be created by manually running
"rndc-confgen -a".
952. [bug] The server required manual intervention to serve the
affected zones if it died between creating a journal
and committing the first change to it.
951. [bug] CFLAGS was not passed to the linker when
linking some of the test programs under
bin/tests. [RT #1555].
950. [bug] Explicit TTLs did not properly override $TTL
due to a bug in change 834. [RT #1558]
949. [bug] host was unable to print records larger than 512
bytes. [RT #1557]
--- 9.2.0b2 released ---
948. [port] Integrated support for building on Windows NT /
Windows 2000.
947. [bug] dns_rdata_soa_t had a badly named element "mname" which
was really the RNAME field from RFC1035. To avoid
confusion and silent errors that would occur it the
"origin" and "mname" elements were given their correct
names "mname" and "rname" respectively, the "mname"
element is renamed to "contact".
946. [cleanup] doc/misc/options is now machine-generated from the
configuration parser syntax tables, and therefore
more likely to be correct.
945. [func] Add the new view-specific options
"match-destinations" and "match-recursive-only".
944. [func] Check for expired signatures on load.
943. [bug] The server could crash when receiving a command
via rndc if the configuration file listed only
nonexistent keys in the controls statement. [RT #1530]
942. [port] libbind: GETNETBYADDR_ADDR_T was not correctly
defined on some platforms.
941. [bug] The configuration checker crashed if a slave
zone didn't contain a masters statement. [RT #1514]
940. [bug] Double zone locking failure on error path. [RT #1510]
--- 9.2.0b1 released ---
939. [port] Add the --disable-linux-caps option to configure for
systems that manage capabilities outside of named.
[RT #1503]
938. [placeholder]
937. [bug] A race when shutting down a zone could trigger a
INSIST() failure. [RT #1034]
936. [func] Warn about IPv4 addresses that are not complete
dotted quads. [RT #1084]
935. [bug] inet_pton failed to reject leading zeros.
934. [port] Deal with systems where accept() spuriously returns
ECONNRESET.
933. [bug] configure failed doing libbind on platforms not
supported by BIND 8. [RT #1496]
--- 9.2.0a3 released ---
932. [bug] Use INSTALL_SCRIPT, not INSTALL_PROGRAM,
when installing isc-config.sh.
[RT #198, #1466]
931. [bug] The controls statement only attempted to verify
messages using the first key in the key list.
(9.2.0a1/a2 only).
930. [func] Query performance testing tool added as
contrib/queryperf.
929. [placeholder]
928. [bug] nsupdate would send empty update packets if the
send (or empty line) command was run after
another send but before any new updates or
prerequisites were specified. It should simply
ignore this command.
927. [bug] Don't hold the zone lock for the entire dump to disk.
[RT #1423]
926. [bug] The resolver could deadlock with the ADB when
shutting down (multi-threaded builds only).
[RT #1324]
925. [cleanup] Remove openssl from the distribution; require that
--with-openssl be specified if DNSSEC is needed.
924. [port] Extend support for pre-RFC2133 IPv6 implementation.
[RT #987]
923. [bug] Multiline TSIG secrets (and other multiline strings)
were not accepted in named.conf. [RT #1469]
922. [func] Added two new lwres_getrrsetbyname() result codes,
ERR_NONAME and ERR_NODATA.
921. [bug] lwres returned an incorrect error code if it received
a truncated message.
920. [func] Increase the lwres receive buffer size to 16K.
[RT #1451]
919. [placeholder]
918. [func] In nsupdate, TSIG errors are no longer treated as
fatal errors.
917. [func] New nsupdate command 'key', allowing TSIG keys to
be specified in the nsupdate command stream rather
than the command line.
916. [bug] Specifying type ixfr to dig without specifying
a serial number failed in unexpected ways.
915. [func] The named-checkconf and named-checkzone programs
now have a '-v' option for printing their version.
[RT #1151]
914. [bug] Global 'server' statements were rejected when
using views, even though they were accepted
in 9.1. [RT #1368]
913. [bug] Cache cleaning was not sufficiently aggressive.
[RT #1441, #1444]
912. [bug] Attempts to set the 'additional-from-cache' or
'additional-from-auth' option to 'no' in a
server with recursion enabled will now
be ignored and cause a warning message.
[RT #1145]
911. [placeholder]
910. [port] Some pre-RFC2133 IPv6 implementations do not define
IN6ADDR_ANY_INIT. [RT #1416]
909. [placeholder]
908. [func] New program, rndc-confgen, to simplify setting up rndc.
907. [func] The ability to get entropy from either the
random device, a user-provided file or from
the keyboard was migrated from the DNSSEC tools
to libisc as isc_entropy_usebestsource().
906. [port] Separated the system independent portion of
lib/isc/unix/entropy.c into lib/isc/entropy.c
and added lib/isc/win32/entropy.c.
905. [bug] Configuring a forward "zone" for the root domain
did not work. [RT #1418]
904. [bug] The server would leak memory if attempting to use
an expired TSIG key. [RT #1406]
903. [bug] dig should not crash when receiving a TCP packet
of length 0.
902. [bug] The -d option was ignored if both -t and -g were also
specified.
901. [placeholder]
900. [bug] A config.guess update changed the system identification
string of FreeBSD systems; configure and
bin/tests/system/ifconfig.sh now recognize the new
string.
--- 9.2.0a2 released ---
899. [bug] lib/dns/soa.c failed to compile on many platforms
due to inappropriate use of a void value.
[RT #1372, #1373, #1386, #1387, #1395]
898. [bug] "dig" failed to set a nonzero exit status
on UDP query timeout. [RT #1323]
897. [bug] A config.guess update changed the system identification
string of UnixWare systems; configure now recognizes
the new string.
896. [bug] If a configuration file is set on named's command line
and it has a relative pathname, the current directory
(after any possible jailing resulting from named -t)
will be prepended to it so that reloading works
properly even when a directory option is present.
895. [func] New function, isc_dir_current(), akin to POSIX's
getcwd().
894. [bug] When using the DNSSEC tools, a message intended to warn
when the keyboard was being used because of the lack
of a suitable random device was not being printed.
893. [func] Removed isc_file_test() and added isc_file_exists()
for the basic functionality that was being added
with isc_file_test().
892. [placeholder]
891. [bug] Return an error when a SIG(0) signed response to
an unsigned query is seen. This should actually
do the verification, but it's not currently
possible. [RT #1391]
890. [cleanup] The man pages no longer require the mandoc macros
and should now format cleanly using most versions of
nroff, and HTML versions of the man pages have been
added. Both are generated from DocBook source.
889. [port] Eliminated blank lines before .TH in nroff man
pages since they cause problems with some versions
of nroff. [RT #1390]
888. [bug] Don't die when using TKEY to delete a nonexistent
TSIG key. [RT #1392]
887. [port] Detect broken compilers that can't call static
functions from inline functions. [RT #1212]
886. [placeholder]
885. [placeholder]
884. [placeholder]
883. [placeholder]
882. [placeholder]
881. [placeholder]
880. [placeholder]
879. [placeholder]
878. [placeholder]
877. [placeholder]
876. [placeholder]
875. [placeholder]
874. [placeholder]
873. [placeholder]
872. [placeholder]
871. [placeholder]
870. [placeholder]
869. [placeholder]
868. [placeholder]
867. [placeholder]
866. [func] Close debug only file channels when debug is set to
zero. [RT #1246]
865. [bug] The new configuration parser did not allow
the optional debug level in a "severity debug"
clause of a logging channel to be omitted.
This is now allowed and treated as "severity
debug 1;" like it does in BIND 8.2.4, not as
"severity debug 0;" like it did in BIND 9.1.
[RT #1367]
864. [cleanup] Multi-threading is now enabled by default on
OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.
863. [bug] If an error occurred while an outgoing zone transfer
was starting up, the server could access a domain
name that had already been freed when logging a
message saying that the transfer was starting.
[RT #1383]
862. [bug] Use after realloc(), non portable pointer arithmetic in
grmerge().
861. [port] Add support for Mac OS X, by making it equivalent
to Darwin. This was derived from the config.guess
file shipped with Mac OS X. [RT #1355]
860. [func] Drop cross class glue in zone transfers.
859. [bug] Cache cleaning now won't swamp the CPU if there
is a persistent over limit condition.
858. [func] isc_mem_setwater() no longer requires that when the
callback function is non-NULL then its hi_water
argument must be greater than its lo_water argument
(they can now be equal) or that they be non-zero.
857. [cleanup] Use ISC_MAGIC() to define all magic numbers for
structs, for our friends in EBCDIC-land.
856. [func] Allow partial rdatasets to be returned in answer and
authority sections to help non-TCP capable clients
recover from truncation. [RT #1301]
855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings.
854. [bug] The config parser didn't properly handle config
options that were specified in units of time other
than seconds. [RT #1372]
853. [bug] configure_view_acl() failed to detach existing acls.
[RT #1374]
852. [bug] Handle responses from servers which do not know
about IXFR.
851. [cleanup] The obsolete support-ixfr option was not properly
ignored.
--- 9.2.0a1 released ---
850. [bug] dns_rbt_findnode() would not find nodes that were
split on a bitstring label somewhere other than in
the last label of the node. [RT #1351]
849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
848. [func] A minimum max-cache-size of two megabytes is enforced
by the cache cleaner.
847. [func] Added isc_file_test(), which currently only has
some very basic functionality to test for the
existence of a file, whether a pathname is absolute,
or whether a pathname is the fundamental representation
of the current directory. It is intended that this
function can be expanded to test other things a
programmer might want to know about a file.
846. [func] A non-zero 'param' to dst_key_generate() when making an
hmac-md5 key means that good entropy is not required.
845. [bug] The access rights on the public file of a symmetric
key are now restricted as soon as the file is opened,
rather than after it has been written and closed.
844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
just as <lwres/net.h> does.
843. [func] If no controls statement is present in named.conf,
or if any inet phrase of a controls statement is
lacking a keys clause, then a key will be automatically
generated by named and an rndc.conf-style file
named named.key will be written that uses it. rndc
will use this file only if its normal configuration
file, or one provided on the command line, does not
exist.
842. [func] 'rndc flush' now takes an optional view.
841. [bug] When sdb modules were not declared threadsafe, their
create and destroy functions were not serialized.
840. [bug] The config file parser could print the wrong file
name if an error was detected after an included file
was parsed. [RT #1353]
839. [func] Dump packets for which there was no view or that the
class could not be determined to category "unmatched".
838. [port] UnixWare 7.x.x is now suported by
bin/tests/system/ifconfig.sh.
837. [cleanup] Multi-threading is now enabled by default only on
OSF1, Solaris 2.7 and newer, and AIX.
836. [func] Upgraded libtool to 1.4.
835. [bug] The dispatcher could enter a busy loop if
it got an I/O error receiving on a UDP socket.
[RT #1293]
834. [func] Accept (but warn about) master files beginning with
an SOA record without an explicit TTL field and
lacking a $TTL directive, by using the SOA MINTTL
as a default TTL. This is for backwards compatibility
with old versions of BIND 8, which accepted such
files without warning although they are illegal
according to RFC1035.
833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
<dns/soa.h>, and extended them to support
all the integer-valued fields of the SOA RR.
832. [bug] The default location for named.conf in named-checkconf
should depend on --sysconfdir like it does in named.
[RT #1258]
831. [placeholder]
830. [func] Implement 'rndc status'.
829. [bug] The DNS_R_ZONECUT result code should only be returned
when an ANY query is made with DNS_DBFIND_GLUEOK set.
In all other ANY query cases, returning the delegation
is better.
828. [bug] The errno value from recvfrom() could be overwritten
by logging code. [RT #1293]
827. [bug] When an IXFR protocol error occurs, the slave
should retry with AXFR.
826. [bug] Some IXFR protocol errors were not detected.
825. [bug] zone.c:ns_query() detached from the wrong zone
reference. [RT #1264]
824. [bug] Correct line numbers reported by dns_master_load().
[RT #1263]
823. [func] The output of "dig -h" now goes to stdout so that it
can easily be piped through "more". [RT #1254]
822. [bug] Sending nxrrset prerequisites would crash nsupdate.
[RT #1248]
821. [bug] The program name used when logging to syslog should
be stripped of leading path components.
[RT #1178, #1232]
820. [bug] Name server address lookups failed to follow
A6 chains into the glue of local authoritative
zones.
819. [bug] In certain cases, the resolver's attempts to
restart an address lookup at the root could cause
the fetch to deadlock (with itself) instead of
restarting. [RT #1225]
818. [bug] Certain pathological responses to ANY queries could
cause an assertion failure. [RT #1218]
817. [func] Adjust timeouts for dialup zone queries.
816. [bug] Report potential problems with log file accessibility
at configuration time, since such problems can't
reliably be reported at the time they actually occur.
815. [bug] If a log file was specified with a path separator
character (i.e. "/") in its name and the directory
did not exist, the log file's name was treated as
though it were the directory name. [RT #1189]
814. [bug] Socket objects left over from accept() failures
were incorrectly destroyed, causing corruption
of socket manager data structures.
813. [bug] File descriptors exceeding FD_SETSIZE were handled
badly. [RT #1192]
812. [bug] dig sometimes printed incomplete IXFR responses
due to an uninitialized variable. [RT #1188]
811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
810. [bug] The signer name in SIG records was not properly
down-cased when signing/verifying records. [RT #1186]
809. [bug] Configuring a non-local address as a transfer-source
could cause an assertion failure during load.
808. [func] Add 'rndc flush' to flush the server's cache.
807. [bug] When setting up TCP connections for incoming zone
transfers, the transfer-source port was not
ignored like it should be.
806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
the calling stack to the zone maintenance level,
causing zones to not reload when an included file was
touched but the top-level zone file was not.
805. [bug] When using "forward only", missing root hints should
not cause queries to fail. [RT #1143]
804. [bug] Attempting to obtain entropy could fail in some
situations. This would be most common on systems
with user-space threads. [RT #1131]
803. [bug] Treat all SIG queries as if they have the CD bit set,
otherwise no data will be returned [RT #749]
802. [bug] DNSSEC key tags were computed incorrectly in almost
all cases. [RT #1146]
801. [bug] nsupdate should treat lines beginning with ';' as
comments. [RT #1139]
800. [bug] dnssec-signzone produced incorrect statistics for
large zones. [RT #1133]
799. [bug] The ADB didn't find AAAA glue in a zone unless A6
glue was also present.
798. [bug] nsupdate should be able to reject bad input lines
and continue. [RT #1130]
797. [func] Issue a warning if the 'directory' option contains
a relative path. [RT #269]
796. [func] When a size limit is associated with a log file,
only roll it when the size is reached, not every
time the log file is opened. [RT #1096]
795. [func] Add the +multiline option to dig. [RT #1095]
794. [func] Implement the "port" and "default-port" statements
in rndc.conf.
793. [cleanup] The DNSSEC tools could create filenames that were
illegal or contained shell meta-characters. They
now use a different text encoding of names that
doesn't have these problems. [RT #1101]
792. [cleanup] Replace the OMAPI command channel protocol with a
simpler one.
791. [bug] The command channel now works over IPv6.
790. [bug] Wildcards created using dynamic update or IXFR
could fail to match. [RT #1111]
789. [bug] The "localhost" and "localnets" ACLs did not match
when used as the second element of a two-element
sortlist item.
788. [func] Add the "match-mapped-addresses" option, which
causes IPv6 v4mapped addresses to be treated as
IPv4 addresses for the purpose of acl matching.
787. [bug] The DNSSEC tools failed to downcase domain
names when mapping them into file names.
786. [bug] When DNSSEC signing/verifying data, owner names were
not properly down-cased.
785. [bug] A race condition in the resolver could cause
an assertion failure. [RT #673, #872, #1048]
784. [bug] nsupdate and other programs would not quit properly
if some signals were blocked by the caller. [RT #1081]
783. [bug] Following CNAMEs could cause an assertion failure
when either using an sdb database or under very
rare conditions.
782. [func] Implement the "serial-query-rate" option.
781. [func] Avoid error packet loops by dropping duplicate FORMERR
responses. [RT #1006]
780. [bug] Error handling code dealing with out of memory or
other rare errors could lead to assertion failures
by calling functions on uninitialized names. [RT #1065]
779. [func] Added the "minimal-responses" option.
778. [bug] When starting cache cleaning, cleaning_timer_action()
returned without first pausing the iterator, which
could cause deadlock. [RT #998]
777. [bug] An empty forwarders list in a zone failed to override
global forwarders. [RT #995]
776. [func] Improved error reporting in denied messages. [RT #252]
775. [placeholder]
774. [func] max-cache-size is implemented.
773. [func] Added isc_rwlock_trylock() to attempt to lock without
blocking.
772. [bug] Owner names could be incorrectly omitted from cache
dumps in the presence of negative caching entries.
[RT #991]
771. [cleanup] TSIG errors related to unsynchronized clocks
are logged better. [RT #919]
770. [func] Add the "edns yes_or_no" statement to the server
clause. [RT #524]
769. [func] Improved error reporting when parsing rdata. [RT #740]
768. [bug] The server did not emit an SOA when a CNAME
or DNAME chain ended in NXDOMAIN in an
authoritative zone.
767. [placeholder]
766. [bug] A few cases in query_find() could leak fname.
This would trigger the mpctx->allocated == 0
assertion when the server exited.
[RT #739, #776, #798, #812, #818, #821, #845,
#892, #935, #966]
765. [func] ACL names are once again case insensitive, like
in BIND 8. [RT #252]
764. [func] Configuration files now allow "include" directives
in more places, such as inside the "view" statement.
[RT #377, #728, #860]
763. [func] Configuration files no longer have reserved words.
[RT #731, #753]
762. [cleanup] The named.conf and rndc.conf file parsers have
been completely rewritten.
761. [bug] _REENTRANT was still defined when building with
--disable-threads.
760. [contrib] Significant enhancements to the pgsql sdb driver.
759. [bug] The resolver didn't turn off "avoid fetches" mode
when restarting, possibly causing resolution
to fail when it should not. This bug only affected
platforms which support both IPv4 and IPv6. [RT #927]
758. [bug] The "avoid fetches" code did not treat negative
cache entries correctly, causing fetches that would
be useful to be avoided. This bug only affected
platforms which support both IPv4 and IPv6. [RT #927]
757. [func] Log zone transfers.
756. [bug] dns_zone_load() could "return" success when no master
file was configured.
755. [bug] Fix incorrectly formatted log messages in zone.c.
754. [bug] Certain failure conditions sending UDP packets
could cause the server to retry the transmission
indefinitely. [RT #902]
753. [bug] dig, host, and nslookup would fail to contact a
remote server if getaddrinfo() returned an IPv6
address on a system that doesn't support IPv6.
[RT #917]
752. [func] Correct bad tv_usec elements returned by
gettimeofday().
751. [func] Log successful zone loads / transfers. [RT #898]
750. [bug] A query should not match a DNAME whose trust level
is pending. [RT #916]
749. [bug] When a query matched a DNAME in a secure zone, the
server did not return the signature of the DNAME.
[RT #915]
748. [doc] List supported RFCs in doc/misc/rfc-compliance.
[RT #781]
747. [bug] The code to determine whether an IXFR was possible
did not properly check for a database that could
not have a journal. [RT #865, #908]
746. [bug] The sdb didn't clone rdatasets properly, causing
a crash when the server followed delegations. [RT #905]
745. [func] Report the owner name of records that fail
semantic checks while loading.
744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the
result of an ANY or SIG query, the resolver failed
to setup the return event's rdatasets, causing an
assertion failure in the query code. [RT #881]
743. [bug] Receiving a large number of certain malformed
answers could cause named to stop responding.
[RT #861]
742. [placeholder]
741. [port] Support openssl-engine. [RT #709]
740. [port] Handle openssl library mismatches slightly better.
739. [port] Look for /dev/random in configure, rather than
assuming it will be there for only a predefined
set of OSes.
738. [bug] If a non-threadsafe sdb driver supported AXFR and
received an AXFR request, it would deadlock or die
with an assertion failure. [RT #852]
737. [port] stdtime.c failed to compile on certain platforms.
736. [func] New functions isc_task_{begin,end}exclusive().
735. [doc] Add BIND 4 migration notes.
734. [bug] An attempt to re-lock the zone lock could occur if
the server was shutdown during a zone transfer.
[RT #830]
733. [bug] Reference counts of dns_acl_t objects need to be
locked but were not. [RT #801, #821]
732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828]
731. [bug] Certain zone errors could cause named-checkzone to
fail ungracefully. [RT #819]
730. [bug] lwres_getaddrinfo() returns the correct result when
it fails to contact a server. [RT #768]
729. [port] pthread_setconcurrency() needs to be called on Solaris.
728. [bug] Fix comment processing on master file directives.
[RT# 757]
727. [port] Work around OS bug where accept() succeeds but
fails to fill in the peer address of the accepted
connection, by treating it as an error rather than
an assertion failure. [RT #809]
726. [func] Implement the "trace" and "notrace" commands in rndc.
725. [bug] Installing man pages could fail.
724. [func] New libisc functions isc_netaddr_any(),
isc_netaddr_any6().
723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
to return DNS_R_SERVFAIL. [RT #783]
722. [func] Allow incremental loads to be canceled.
721. [cleanup] Load manager and dns_master_loadfilequota() are no
more.
720. [bug] Server could enter infinite loop in
dispatch.c:do_cancel(). [RT #733]
719. [bug] Rapid reloads could trigger an assertion failure.
[RT #743, #763]
718. [cleanup] "internal" is no longer a reserved word in named.conf.
[RT #753, #731]
717. [bug] Certain TKEY processing failure modes could
reference an uninitialized variable, causing the
server to crash. [RT #750]
716. [bug] The first line of a $INCLUDE master file was lost if
an origin was specified. [RT #744]
715. [bug] Resolving some A6 chains could cause an assertion
failure in adb.c. [RT #738]
714. [bug] Preserve interval timers across reloads unless changed.
[RT# 729]
713. [func] named-checkconf takes '-t directory' similar to named.
[RT #726]
712. [bug] Sending a large signed update message caused an
assertion failure. [RT #718]
711. [bug] The libisc and liblwres implementations of
inet_ntop contained an off by one error.
710. [func] The forwarders statement now takes an optional
port. [RT #418]
709. [bug] ANY or SIG queries for data with a TTL of 0
would return SERVFAIL. [RT #620]
708. [bug] When building with --with-openssl, the openssl headers
included with BIND 9 should not be used. [RT #702]
707. [func] The "filename" argument to named-checkzone is no
longer optional, to reduce confusion. [RT #612]
706. [bug] Zones with an explicit "allow-update { none; };"
were considered dynamic and therefore not reloaded
on SIGHUP or "rndc reload".
705. [port] Work out resource limit type for use where rlim_t is
not available. [RT #695]
704. [port] RLIMIT_NOFILE is not available on all platforms.
[RT #695]
703. [port] sys/select.h is needed on older platforms. [RT #695]
702. [func] If the address 0.0.0.0 is seen in resolv.conf,
use 127.0.0.1 instead. [RT #693]
701. [func] Root hints are now fully optional. Class IN
views use compiled-in hints by default, as
before. Non-IN views with no root hints now
provide authoritative service but not recursion.
A warning is logged if a view has neither root
hints nor authoritative data for the root. [RT #696]
700. [bug] $GENERATE range check was wrong. [RT #688]
699. [bug] The lexer mishandled empty quoted strings. [RT #694]
698. [bug] Aborting nsupdate with ^C would lead to several
race conditions.
697. [bug] nsupdate was not compatible with the undocumented
BIND 8 behavior of ignoring TTLs in "update delete"
commands. [RT #693]
696. [bug] lwresd would die with an assertion failure when passed
a zero-length name. [RT #692]
695. [bug] If the resolver attempted to query a blackholed or
bogus server, the resolution would fail immediately.
694. [bug] $GENERATE did not produce the last entry.
[RT #682, #683]
693. [bug] An empty lwres statement in named.conf caused
the server to crash while loading.
692. [bug] Deal with systems that have getaddrinfo() but not
gai_strerror(). [RT #679]
691. [bug] Configuring per-view forwarders caused an assertion
failure. [RT #675, #734]
690. [func] $GENERATE now supports DNAME. [RT #654]
689. [doc] man pages are now installed. [RT #210]
688. [func] "make tags" now works on systems with the
"Exuberant Ctags" etags.
687. [bug] Only say we have IPv6, with sufficient functionality,
if it has actually been tested. [RT #586]
686. [bug] dig and nslookup can now be properly aborted during
blocking operations. [RT #568]
685. [bug] nslookup should use the search list/domain options
from resolv.conf by default. [RT #405, #630]
684. [bug] Memory leak with view forwarders. [RT #656]
683. [bug] File descriptor leak in isc_lex_openfile().
682. [bug] nslookup displayed SOA records incorrectly. [RT #665]
681. [bug] $GENERATE specifying output format was broken. [RT #653]
680. [bug] dns_rdata_fromstruct() mishandled options bigger
than 255 octets.
679. [bug] $INCLUDE could leak memory and file descriptors on
reload. [RT #639]
678. [bug] "transfer-format one-answer;" could trigger an assertion
failure. [RT #646]
677. [bug] dnssec-signzone would occasionally use the wrong ttl
for database operations and fail. [RT #643]
676. [bug] Log messages about lame servers to category
'lame-servers' rather than 'resolver', so as not
to be gratuitously incompatible with BIND 8.
675. [bug] TKEY queries could cause the server to leak
memory.
674. [func] Allow messages to be TSIG signed / verified using
a offset from the current time.
673. [func] The server can now convert RFC1886-style recursive
lookup requests into RFC2874-style lookups, when
enabled using the new option "allow-v6-synthesis".
672. [bug] The wrong time was in the "time signed" field when
replying with BADTIME error.
671. [bug] The message code was failing to parse a message with
no question section and a TSIG record. [RT #628]
670. [bug] The lwres replacements for getaddrinfo and
getipnodebyname didn't properly check for the
existence of the sockaddr sa_len field.
669. [bug] dnssec-keygen now makes the public key file
non-world-readable for symmetric keys. [RT #403]
668. [func] named-checkzone now reports multiple errors in master
files.
667. [bug] On Linux, running named with the -u option and a
non-world-readable configuration file didn't work.
[RT #626]
666. [bug] If a request sent by dig is longer than 512 bytes,
use TCP.
665. [bug] Signed responses were not sent when the size of the
TSIG + question exceeded the maximum message size.
[RT #628]
664. [bug] The t_tasks and t_timers module tests are now skipped
when building without threads, since they require
threads.
663. [func] Accept a size_spec, not just an integer, in the
(unimplemented and ignored) max-ixfr-log-size option
for compatibility with recent versions of BIND 8.
[RT #613]
662. [bug] dns_rdata_fromtext() failed to log certain errors.
661. [bug] Certain UDP IXFR requests caused an assertion failure
(mpctx->allocated == 0). [RT #355, #394, #623]
660. [port] Detect multiple CPUs on HP-UX and IRIX.
659. [performance] Rewrite the name compression code to be much faster.
658. [cleanup] Remove all vestiges of 16 bit global compression.
657. [bug] When a listen-on statement in an lwres block does not
specify a port, use 921, not 53. Also update the
listen-on documentation. [RT #616]
656. [func] Treat an unescaped newline in a quoted string as
an error. This means that TXT records with missing
close quotes should have meaningful errors printed.
655. [bug] Improve error reporting on unexpected eof when loading
zones. [RT #611]
654. [bug] Origin was being forgotten in TCP retries in dig.
[RT #574]
653. [bug] +defname option in dig was reversed in sense.
[RT #549]
652. [bug] zone_saveunique() did not report the new name.
651. [func] The AD bit in responses now has the meaning
specified in <draft-ietf-dnsext-ad-is-secure>.
650. [bug] SIG(0) records were being generated and verified
incorrectly. [RT #606]
649. [bug] It was possible to join to an already running fctx
after it had "cloned" its events, but before it sent
them. In this case, the event of the newly joined
fetch would not contain the answer, and would
trigger the INSIST() in fctx_sendevents(). In
BIND 9.0, this bug did not trigger an INSIST(), but
caused the fetch to fail with a SERVFAIL result.
[RT #588, #597, #605, #607]
648. [port] Add support for pre-RFC2133 IPv6 implementations.
647. [bug] Resolver queries sent after following multiple
referrals had excessively long retransmission
timeouts due to incorrectly counting the referrals
as "restarts".
646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
didn't _cleanly_ fix the problem it was trying to fix.
645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
644. [bug] #622 needed more work. [RT #562]
643. [bug] xfrin error messages made more verbose, added class
of the zone. [RT# 599]
642. [bug] Break the exit_check() race in the zone module.
[RT #598]
--- 9.1.0b2 released ---
641. [bug] $GENERATE caused a uninitialized link to be used.
[RT #595]
640. [bug] Memory leak in error path could cause
"mpctx->allocated == 0" failure. [RT #584]
639. [bug] Reading entropy from the keyboard would sometimes fail.
[RT #591]
638. [port] lib/isc/random.c needed to explicitly include time.h
to get a prototype for time() when pthreads was not
being used. [RT #592]
637. [port] Use isc_u?int64_t instead of (unsigned) long long in
lib/isc/print.c. Also allow lib/isc/print.c to
be compiled even if the platform does not need it.
[RT #592]
636. [port] Shut up MSVC++ about a possible loss of precision
in the ISC__BUFFER_PUTUINT*() macros. [RT #592]
635. [bug] Reloading a server with a configured blackhole list
would cause an assertion. [RT #590]
634. [bug] A log file will completely stop being written when
it reaches the maximum size in all cases, not just
when versioning is also enabled. [RT #570]
633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
632. [bug] The index array of the journal file was
corrupted as it was written to disk.
631. [port] Build without thread support on systems without
pthreads.
630. [bug] Locking failure in zone code. [RT #582]
629. [bug] 9.1.0b1 dereferenced a null pointer and crashed
when responding to a UDP IXFR request.
628. [bug] If the root hints contained only AAAA addresses,
named would be unable to perform resolution.
627. [bug] The EDNS0 blackhole detection code of change 324
waited for three retransmissions to each server,
which takes much too long when a domain has many
name servers and all of them drop EDNS0 queries.
Now we retry without EDNS0 after three consecutive
timeouts, even if they are all from different
servers. [RT #143]
626. [bug] The lightweight resolver daemon no longer crashes
when asked for a SIG rrset. [RT #558]
625. [func] Zones now inherit their class from the enclosing view.
624. [bug] The zone object could get timer events after it had
been destroyed, causing a server crash. [RT #571]
623. [func] Added "named-checkconf" and "named-checkzone" program
for syntax checking named.conf files and zone files,
respectively.
622. [bug] A canceled request could be destroyed before
dns_request_destroy() was called. [RT #562]
621. [port] Disable IPv6 at runtime if IPv6 sockets are unusable.
This mostly affects Red Hat Linux 7.0, which has
conflicts between libc and the kernel.
620. [bug] dns_master_load*inc() now require 'task' and 'load'
to be non-null. Also 'done' will not be called if
dns_master_load*inc() fails immediately. [RT #565]
619. [placeholder]
618. [bug] Queries to a signed zone could sometimes cause
an assertion failure.
617. [bug] When using dynamic update to add a new RR to an
existing RRset with a different TTL, the journal
entries generated from the update did not include
explicit deletions and re-additions of the existing
RRs to update their TTL to the new value.
616. [func] dnssec-signzone -t output now includes performance
statistics.
615. [bug] dnssec-signzone did not like child keysets signed
by multiple keys.
614. [bug] Checks for uninitialized link fields were prone
to false positives, causing assertion failures.
The checks are now disabled by default and may
be re-enabled by defining ISC_LIST_CHECKINIT.
613. [bug] "rndc reload zone" now reloads primary zones.
It previously only updated slave and stub zones,
if an SOA query indicated an out of date serial.
612. [cleanup] Shutup a ridiculously noisy HP-UX compiler that
complains relentlessly about how its treatment
of 'const' has changed as well as how casting
sometimes tightens alignment constraints.
611. [func] allow-notify can be used to permit processing of
notify messages from hosts other than a slave's
masters.
610. [func] rndc dumpdb is now supported.
609. [bug] getrrsetbyname() would crash lwresd if the server
found more SIGs than answers. [RT #554]
608. [func] dnssec-signzone now adds a comment to the zone
with the time the file was signed.
607. [bug] nsupdate would fail if it encountered a CNAME or
DNAME in a response to an SOA query. [RT #515]
606. [bug] Compiling with --disable-threads failed due
to isc_thread_self() being incorrectly defined
as an integer rather than a function.
605. [func] New function isc_lex_getlasttokentext().
604. [bug] The named.conf parser could print incorrect line
numbers when long comments were present.
603. [bug] Make dig handle multiple types or classes on the same
query more correctly.
602. [func] Cope automatically with UnixWare's broken
IN6_IS_ADDR_* macros. [RT #539]
601. [func] Return a non-zero exit code if an update fails
in nsupdate.
600. [bug] Reverse lookups sometimes failed in dig, etc...
599. [func] Added four new functions to the libisc log API to
support i18n messages. isc_log_iwrite(),
isc_log_ivwrite(), isc_log_iwrite1() and
isc_log_ivwrite1() were added.
598. [bug] An update-policy statement would cause the server
to assert while loading. [RT #536]
597. [func] dnssec-signzone is now multi-threaded.
596. [bug] DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
not mutually exclusive.
595. [port] On Linux 2.2, socket() returns EINVAL when it
should return EAFNOSUPPORT. Work around this.
[RT #531]
594. [func] sdb drivers are now assumed to not be thread-safe
unless the DNS_SDBFLAG_THREADSAFE flag is supplied.
593. [bug] If a secure zone was missing all its NXTs and
a dynamic update was attempted, the server entered
an infinite loop.
592. [bug] The sig-validity-interval option now specifies a
number of days, not seconds. This matches the
documentation. [RT #529]
--- 9.1.0b1 released ---
591. [bug] Work around non-reentrancy in openssl by disabling
pre-computation in keys.
590. [doc] There are now man pages for the lwres library in
doc/man/lwres.
589. [bug] The server could deadlock if a zone was updated
while being transferred out.
588. [bug] ctx->in_use was not being correctly initialized when
when pushing a file for $INCLUDE. [RT #523]
587. [func] A warning is now printed if the "allow-update"
option allows updates based on the source IP
address, to alert users to the fact that this
is insecure and becoming increasingly so as
servers capable of update forwarding are being
deployed.
586. [bug] multiple views with the same name were fatal. [RT #516]
585. [func] dns_db_addrdataset() and and dns_rdataslab_merge()
now support 'exact' additions in a similar manner to
dns_db_subtractrdataset() and dns_rdataslab_subtract().
584. [func] You can now say 'notify explicit'; to suppress
notification of the servers listed in NS records
and notify only those servers listed in the
'also-notify' option.
583. [func] "rndc querylog" will now toggle logging of
queries, like "ndc querylog" in BIND 8.
582. [bug] dns_zone_idetach() failed to lock the zone.
[RT #199, #463]
581. [bug] log severity was not being correctly processed.
[RT #485]
580. [func] Ignore trailing garbage on incoming DNS packets,
for interoperability with broken server
implementations. [RT #491]
579. [bug] nsupdate did not take a filename to read update from.
[RT #492]
578. [func] New config option "notify-source", to specify the
source address for notify messages.
577. [func] Log illegal RDATA combinations. e.g. multiple
singleton types, cname and other data.
576. [doc] isc_log_create() description did not match reality.
575. [bug] isc_log_create() was not setting internal state
correctly to reflect the default channels created.
574. [bug] TSIG signed queries sent by the resolver would fail to
have their responses validated and would leak memory.
573. [bug] The journal files of IXFRed slave zones were
inadvertently discarded on server reload, causing
"journal out of sync with zone" errors on subsequent
reloads. [RT #482]
572. [bug] Quoted strings were not accepted as key names in
address match lists.
571. [bug] It was possible to create an rdataset of singleton
type which had more than one rdata. [RT #154]
[RT #279]
570. [bug] rbtdb.c allowed zones containing nodes which had
both a CNAME and "other data". [RT #154]
569. [func] The DNSSEC AD bit will not be set on queries which
have not requested a DNSSEC response.
568. [func] Add sample simple database drivers in contrib/sdb.
567. [bug] Setting the zone transfer timeout to zero caused an
assertion failure. [RT #302]
566. [func] New public function dns_timer_setidle().
565. [func] Log queries more like BIND 8: query logging is now
done to category "queries", level "info". [RT #169]
564. [func] Add sortlist support to lwresd.
563. [func] New public functions dns_rdatatype_format() and
dns_rdataclass_format(), for convenient formatting
of rdata type/class mnemonics in log messages.
562. [cleanup] Moved lib/dns/*conf.c to bin/named where they belong.
561. [func] The 'datasize', 'stacksize', 'coresize' and 'files'
clauses of the options{} statement are now implemented.
560. [bug] dns_name_split did not properly the resulting prefix
when a maximal length bitstring label was split which
was preceded by another bitstring label. [RT #429]
559. [bug] dns_name_split did not properly create the suffix
when splitting within a maximal length bitstring label.
558. [func] New functions, isc_resource_getlimit and
isc_resource_setlimit.
557. [func] Symbolic constants for libisc integral types.
556. [func] The DNSSEC OK bit in the EDNS extended flags
is now implemented. Responses to queries without
this bit set will not contain any DNSSEC records.
555. [bug] A slave server attempting a zone transfer could
crash with an assertion failure on certain
malformed responses from the master. [RT #457]
554. [bug] In some cases, not all of the dnssec tools were
properly installed.
553. [bug] Incoming zone transfers deferred due to quota
were not started when quota was increased but
only when a transfer in progress finished. [RT #456]
552. [bug] We were not correctly detecting the end of all c-style
comments. [RT #455]
551. [func] Implemented the 'sortlist' option.
550. [func] Support unknown rdata types and classes.
549. [bug] "make" did not immediately abort the build when a
subdirectory make failed [RT #450].
548. [func] The lexer now ungets tokens more correctly.
547. [placeholder]
546. [func] Option 'lame-ttl' is now implemented.
545. [func] Name limit and counting options removed from dig;
they didn't work properly, and cannot be correctly
implemented without significant changes.
544. [func] Add statistics option, enable statistics-file option,
add RNDC option "dump-statistics" to write out a
query statistics file.
543. [doc] The 'port' option is now documented.
542. [func] Add support for update forwarding as required for
full compliance with RFC2136. It is turned off
by default and can be enabled using the
'allow-update-forwarding' option.
541. [func] Add bogus server support.
540. [func] Add dialup support.
539. [func] Support the blackhole option.
538. [bug] fix buffer overruns by 1 in lwres_getnameinfo().
537. [placeholder]
536. [func] Use transfer-source{-v6} when sending refresh queries.
Transfer-source{-v6} now take a optional port
parameter for setting the UDP source port. The port
parameter is ignored for TCP.
535. [func] Use transfer-source{-v6} when forwarding update
requests.
534. [func] Ancestors have been removed from RBT chains. Ancestor
information can be discerned via node parent pointers.
533. [func] Incorporated name hashing into the RBT database to
improve search speed.
532. [func] Implement DNS UPDATE pseudo records using
DNS_RDATA_UPDATE flag.
531. [func] Rdata really should be initialized before being assigned
to (dns_rdata_fromwire(), dns_rdata_fromtext(),
dns_rdata_clone(), dns_rdata_fromregion()),
check that it is.
530. [func] New function dns_rdata_invalidate().
529. [bug] 521 contained a bug which caused zones to always
reload. [RT #410]
528. [func] The ISC_LIST_XXXX macros now perform sanity checks
on their arguments. ISC_LIST_XXXXUNSAFE can be use
to skip the checks however use with caution.
527. [func] New function dns_rdata_clone().
526. [bug] nsupdate incorrectly refused to add RRs with a TTL
of 0.
525. [func] New arguments 'options' for dns_db_subtractrdataset(),
and 'flags' for dns_rdataslab_subtract() allowing you
to request that the RR's must exist prior to deletion.
DNS_R_NOTEXACT is returned if the condition is not met.
524. [func] The 'forward' and 'forwarders' statement in
non-forward zones should work now.
523. [doc] The source to the Administrator Reference Manual is
now an XML file using the DocBook DTD, and is included
in the distribution. The plain text version of the
ARM is temporarily unavailable while we figure out
how to generate readable plain text from the XML.
522. [func] The lightweight resolver daemon can now use
a real configuration file, and its functionality
can be provided by a name server. Also, the -p and -P
options to lwresd have been reversed.
521. [bug] Detect master files which contain $INCLUDE and always
reload. [RT #196]
520. [bug] Upgraded libtool to 1.3.5, which makes shared
library builds almost work on AIX (and possibly
others).
519. [bug] dns_name_split() would improperly split some bitstring
labels, zeroing a few of the least significant bits in
the prefix part. When such an improperly created
prefix was returned to the RBT database, the bogus
label was dutifully stored, corrupting the tree.
[RT #369]
518. [bug] The resolver did not realize that a DNAME which was
"the answer" to the client's query was "the answer",
and such queries would fail. [RT #399]
517. [bug] The resolver's DNAME code would trigger an assertion
if there was more than one DNAME in the chain.
[RT #399]
516. [bug] Cache lookups which had a NULL node pointer, e.g.
those by dns_view_find(), and which would match a
DNAME, would trigger an INSIST(!search.need_cleanup)
assertion. [RT #399]
515. [bug] The ssu table was not being attached / detached
by dns_zone_[sg]etssutable. [RT#397]
514. [func] Retry refresh and notify queries if they timeout.
[RT #388]
513. [func] New functionality added to rdnc and server to allow
individual zones to be refreshed or reloaded.
512. [bug] The zone transfer code could throw an exception with
an invalid IXFR stream.
511. [bug] The message code could throw an assertion on an
out of memory failure. [RT #392]
510. [bug] Remove spurious view notify warning. [RT #376]
509. [func] Add support for write of zone files on shutdown.
508. [func] dns_message_parse() can now do a best-effort
attempt, which should allow dig to print more invalid
messages.
507. [func] New functions dns_zone_flush(), dns_zt_flushanddetach()
and dns_view_flushanddetach().
506. [func] Do not fail to start on errors in zone files.
505. [bug] nsupdate was printing "unknown result code". [RT #373]
504. [bug] The zone was not being marked as dirty when updated via
IXFR.
503. [bug] dumptime was not being set along with
DNS_ZONEFLG_NEEDDUMP.
502. [func] On a SERVFAIL reply, DiG will now try the next server
in the list, unless the +fail option is specified.
501. [bug] Incorrect port numbers were being displayed by
nslookup. [RT #352]
500. [func] Nearly useless +details option removed from DiG.
499. [func] In DiG, specifying a class with -c or type with -t
changes command-line parsing so that classes and
types are only recognized if following -c or -t.
This allows hosts with the same name as a class or
type to be looked up.
498. [doc] There is now a man page for "dig"
in doc/man/bin/dig.1.
497. [bug] The error messages printed when an IP match list
contained a network address with a nonzero host
part where not sufficiently detailed. [RT #365]
496. [bug] named didn't sanity check numeric parameters. [RT #361]
495. [bug] nsupdate was unable to handle large records. [RT #368]
494. [func] Do not cache NXDOMAIN responses for SOA queries.
493. [func] Return non-cachable (ttl = 0) NXDOMAIN responses
for SOA queries. This makes it easier to locate
the containing zone without polluting intermediate
caches.
492. [bug] attempting to reload a zone caused the server fail
to shutdown cleanly. [RT #360]
491. [bug] nsupdate would segfault when sending certain
prerequisites with empty RDATA. [RT #356]
490. [func] When a slave/stub zone has not yet successfully
obtained an SOA containing the zone's configured
retry time, perform the SOA query retries using
exponential backoff. [RT #337]
489. [func] The zone manager now has a "i/o" queue.
488. [bug] Locks weren't properly destroyed in some cases.
487. [port] flockfile() is not defined on all systems.
486. [bug] nslookup: "set all" and "server" commands showed
the incorrect port number if a port other than 53
was specified. [RT #352]
485. [func] When dig had more than one server to query, it would
send all of the messages at the same time. Add
rate limiting of the transmitted messages.
484. [bug] When the server was reloaded after removing addresses
from the named.conf "listen-on" statement, sockets
were still listening on the removed addresses due
to reference count loops. [RT #325]
483. [bug] nslookup: "set all" showed a "search" option but it
was not settable.
482. [bug] nslookup: a plain "server" or "lserver" should be
treated as a lookup.
481. [bug] nslookup:get_next_command() stack size could exceed
per thread limit.
480. [bug] strtok() is not thread safe. [RT #349]
479. [func] The test suite can now be run by typing "make check"
or "make test" at the top level.
478. [bug] "make install" failed if the directory specified with
--prefix did not already exist.
477. [bug] The the isc-config.sh script could be installed before
its directory was created. [RT #324]
476. [bug] A zone could expire while a zone transfer was in
progress triggering a INSIST failure. [RT #329]
475. [bug] query_getzonedb() sometimes returned a non-null version
on failure. This caused assertion failures when
generating query responses where names subject to
additional section processing pointed to a zone
to which access had been denied by means of the
allow-query option. [RT #336]
474. [bug] The mnemonic of the CHAOS class is CH according to
RFC1035, but it was printed and read only as CHAOS.
We now accept both forms as input, and print it
as CH. [RT #305]
473. [bug] nsupdate overran the end of the list of name servers
when no servers could be reached, typically causing
it to print the error message "dns_request_create:
not implemented".
472. [bug] Off-by-one error caused isc_time_add() to sometimes
produce invalid time values.
471. [bug] nsupdate didn't compile on HP/UX 10.20
470. [func] $GENERATE is now supported. See also
doc/misc/migration.
469. [bug] "query-source address * port 53;" now works.
468. [bug] dns_master_load*() failed to report file and line
number in certain error conditions.
467. [bug] dns_master_load*() failed to log an error if
pushfile() failed.
466. [bug] dns_master_load*() could return success when it failed.
465. [cleanup] Allow 0 to be set as an omapi_value_t value by
omapi_value_storeint().
464. [cleanup] Build with openssl's RSA code instead of dnssafe.
463. [bug] nsupdate sent malformed SOA queries to the second
and subsequent name servers in resolv.conf if the
query sent to the first one failed.
462. [bug] --disable-ipv6 should work now.
461. [bug] Specifying an unknown key in the "keys" clause of the
"controls" statement caused a NULL pointer dereference.
[RT #316]
460. [bug] Much of the DNSSEC code only worked with class IN.
459. [bug] Nslookup processed the "set" command incorrectly.
458. [bug] Nslookup didn't properly check class and type values.
[RT #305]
457. [bug] Dig/host/hslookup didn't properly handle connect
timeouts in certain situations, causing an
unnecessary warning message to be printed.
456. [bug] Stub zones were not resetting the refresh and expire
counters, loadtime or clearing the DNS_ZONE_REFRESH
(refresh in progress) flag upon successful update.
This disabled further refreshing of the stub zone,
causing it to eventually expire. [RT #300]
455. [doc] Document IPv4 prefix notation does not require a
dotted decimal quad but may be just dotted decimal.
454. [bug] Enforce dotted decimal and dotted decimal quad where
documented as such in named.conf. [RT #304, RT #311]
453. [bug] Warn if the obsolete option "maintain-ixfr-base"
is specified in named.conf. [RT #306]
452. [bug] Warn if the unimplemented option "statistics-file"
is specified in named.conf. [RT #301]
451. [func] Update forwarding implemented.
450. [func] New function ns_client_sendraw().
449. [bug] isc_bitstring_copy() only works correctly if the
two bitstrings have the same lsb0 value, but this
requirement was not documented, nor was there a
REQUIRE for it.
448. [bug] Host output formatting change, to match v8. [RT #255]
447. [bug] Dig didn't properly retry in TCP mode after
a truncated reply. [RT #277]
446. [bug] Confusing notify log message. [RT #298]
445. [bug] Doing a 0 bit isc_bitstring_copy() of an lsb0
bitstring triggered a REQUIRE statement. The REQUIRE
statement was incorrect. [RT #297]
444. [func] "recursion denied" messages are always logged at
debug level 1, now, rather than sometimes at ERROR.
This silences these warnings in the usual case, where
some clients set the RD bit in all queries.
443. [bug] When loading a master file failed because of an
unrecognized RR type name, the error message
did not include the file name and line number.
[RT #285]
442. [bug] TSIG signed messages that did not match any view
crashed the server. [RT #290]
441. [bug] Nodes obscured by a DNAME were inaccessible even
when DNS_DBFIND_GLUEOK was set.
440. [func] New function dns_zone_forwardupdate().
439. [func] New function dns_request_createraw().
438. [func] New function dns_message_getrawmessage().
437. [func] Log NOTIFY activity to the notify channel.
436. [bug] If recvmsg() returned EHOSTUNREACH or ENETUNREACH,
which sometimes happens on Linux, named would enter
a busy loop. Also, unexpected socket errors were
not logged at a high enough logging level to be
useful in diagnosing this situation. [RT #275]
435. [bug] dns_zone_dump() overwrote existing zone files
rather than writing to a temporary file and
renaming. This could lead to empty or partial
zone files being left around in certain error
conditions involving the initial transfer of a
slave zone, interfering with subsequent server
startup. [RT #282]
434. [func] New function isc_file_isabsolute().
433. [func] isc_base64_decodestring() now accepts newlines
within the base64 data. This makes it possible
to break up the key data in a "trusted-keys"
statement into multiple lines. [RT #284]
432. [func] Added refresh/retry jitter. The actual refresh/
retry time is now a random value between 75% and
100% of the configured value.
431. [func] Log at ISC_LOG_INFO when a zone is successfully
loaded.
430. [bug] Rewrote the lightweight resolver client management
code to handle shutdown correctly and general
cleanup.
429. [bug] The space reserved for a TSIG record in a response
was 2 bytes too short, leading to message
generation failures.
428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
DNS_R_BADDB for nodes which had neither NXT nor SIG NXT
(e.g. glue). This could cause SERVFAILs when
generating negative responses in a secure zone.
427. [bug] Avoid going into an infinite loop when the validator
gets a negative response to a key query where the
records are signed by the missing key.
426. [bug] Attempting to generate an oversized RSA key could
cause dnssec-keygen to dump core.
425. [bug] Warn about the auth-nxdomain default value change
if there is no auth-nxdomain statement in the
config file. [RT #287]
424. [bug] notify_createmessage() could trigger an assertion
failure when creating the notify message failed,
e.g. due to corrupt zones with multiple SOA records.
[RT #279]
423. [bug] When responding to a recursive query, errors that occur
after following a CNAME should cause the query to fail.
[RT #274]
422. [func] get rid of isc_random_t, and make isc_random_get()
and isc_random_jitter() use rand() internally
instead of local state. Note that isc_random_*()
functions are only for weak, non-critical "randomness"
such as timing jitter and such.
421. [bug] nslookup would exit when given a blank line as input.
420. [bug] nslookup failed to implement the "exit" command.
419. [bug] The certificate type PKIX was misspelled as SKIX.
418. [bug] At debug levels >= 10, getting an unexpected
socket receive error would crash the server
while trying to log the error message.
417. [func] Add isc_app_block() and isc_app_unblock(), which
allow an application to handle signals while
blocking.
416. [bug] Slave zones with no master file tried to use a
NULL pointer for a journal file name when they
received an IXFR. [RT #273]
415. [bug] The logging code leaked file descriptors.
414. [bug] Server did not shut down until all incoming zone
transfers were finished.
413. [bug] Notify could attempt to use the zone database after
it had been unloaded. [RT#267]
412. [bug] named -v didn't print the version.
411. [bug] A typo in the HS A code caused an assertion failure.
410. [bug] lwres_gethostbyname() and company set lwres_h_errno
to a random value on success.
409. [bug] If named was shut down early in the startup
process, ns_omapi_shutdown() would attempt to lock
an uninitialized mutex. [RT #262]
408. [bug] stub zones could leak memory and reference counts if
all the masters were unreachable.
407. [bug] isc_rwlock_lock() would needlessly block
readers when it reached the read quota even
if no writers were waiting.
406. [bug] Log messages were occasionally lost or corrupted
due to a race condition in isc_log_doit().
405. [func] Add support for selective forwarding (forward zones)
404. [bug] The request library didn't completely work with IPv6.
403. [bug] "host" did not use the search list.
402. [bug] Treat undefined acls as errors, rather than
warning and then later throwing an assertion.
[RT #252]
401. [func] Added simple database API.
400. [bug] SIG(0) signing and verifying was done incorrectly.
[RT #249]
399. [bug] When reloading the server with a config file
containing a syntax error, it could catch an
assertion failure trying to perform zone
maintenance on, or sending notifies from,
tentatively created zones whose views were
never fully configured and lacked an address
database and request manager.
398. [bug] "dig" sometimes caught an assertion failure when
using TSIG, depending on the key length.
397. [func] Added utility functions dns_view_gettsig() and
dns_view_getpeertsig().
396. [doc] There is now a man page for "nsupdate"
in doc/man/bin/nsupdate.8.
395. [bug] nslookup printed incorrect RR type mnemonics
for RRs of type >= 21 [RT #237].
394. [bug] Current name was not propagated via $INCLUDE.
393. [func] Initial answer while loading (awl) support.
Entry points: dns_master_loadfileinc(),
dns_master_loadstreaminc(), dns_master_loadbufferinc().
Note: calls to dns_master_load*inc() should be rate
be rate limited so as to not use up all file
descriptors.
392. [func] Add ISC_R_FAMILYNOSUPPORT. Returned when OS does
not support the given address family requested.
391. [clarity] ISC_R_FAMILY -> ISC_R_FAMILYMISMATCH.
390. [func] The function dns_zone_setdbtype() now takes
an argc/argv style vector of words and sets
both the zone database type and its arguments,
making the functions dns_zone_adddbarg()
and dns_zone_cleardbargs() unnecessary.
389. [bug] Attempting to send a request over IPv6 using
dns_request_create() on a system without IPv6
support caused an assertion failure [RT #235].
388. [func] dig and host can now do reverse ipv6 lookups.
387. [func] Add dns_byaddr_createptrname(), which converts
an address into the name used by a PTR query.
386. [bug] Missing strdup() of ACL name caused random
ACL matching failures [RT #228].
385. [cleanup] Removed functions dns_zone_equal(), dns_zone_print(),
and dns_zt_print().
384. [bug] nsupdate was incorrectly limiting TTLs to 65535 instead
of 2147483647.
383. [func] When writing a master file, print the SOA and NS
records (and their SIGs) before other records.
382. [bug] named -u failed on many Linux systems where the
libc provided kernel headers do not match
the current kernel.
381. [bug] Check for IPV6_RECVPKTINFO and use it instead of
IPV6_PKTINFO if found. [RT #229]
380. [bug] nsupdate didn't work with IPv6.
379. [func] New library function isc_sockaddr_anyofpf().
378. [func] named and lwresd will log the command line arguments
they were started with in the "starting ..." message.
377. [bug] When additional data lookups were refused due to
"allow-query", the databases were still being
attached causing reference leaks.
376. [bug] The server should always use good entropy when
performing cryptographic functions needing entropy.
375. [bug] Per-zone "allow-query" did not properly override the
view/global one for CNAME targets and additional
data [RT #220].
374. [bug] SOA in authoritative negative responses had wrong TTL.
373. [func] nslookup is now installed by "make install".
372. [bug] Deal with Microsoft DNS servers appending two bytes of
garbage to zone transfer requests.
371. [bug] At high debug levels, doing an outgoing zone transfer
of a very large RRset could cause an assertion failure
during logging.
370. [bug] The error messages for roll-forward failures were
overly terse.
369. [func] Support new named.conf options, view and zone
statements:
max-retry-time, min-retry-time,
max-refresh-time, min-refresh-time.
368. [func] Restructure the internal ".bind" view so that more
zones can be added to it.
367. [bug] Allow proper selection of server on nslookup command
line.
366. [func] Allow use of '-' batch file in dig for stdin.
365. [bug] nsupdate -k leaked memory.
364. [func] Added additional-from-{cache,auth}
363. [placeholder]
362. [bug] rndc no longer aborts if the configuration file is
missing an options statement. [RT #209]
361. [func] When the RBT find or chain functions set the name and
origin for a node that stores the root label
the name is now set to an empty name, instead of ".",
to simplify later use of the name and origin by
dns_name_concatenate(), dns_name_totext() or
dns_name_format().
360. [func] dns_name_totext() and dns_name_format() now allow
an empty name to be passed, which is formatted as "@".
359. [bug] dnssec-signzone occasionally signed glue records.
358. [cleanup] Rename the intermediate files used by the dnssec
programs.
357. [bug] The zone file parser crashed if the argument
to $INCLUDE was a quoted string.
356. [cleanup] isc_task_send no longer requires event->sender to
be non-null.
355. [func] Added isc_dir_createunique(), similar to mkdtemp().
354. [doc] Man pages for the dnssec tools are now included in
the distribution, in doc/man/dnssec.
353. [bug] double increment in lwres/gethost.c:copytobuf().
[RT# 187]
352. [bug] Race condition in dns_client_t startup could cause
an assertion failure.
351. [bug] Constructing a response with rcode SERVFAIL to a TSIG
signed query could crash the server.
350. [bug] Also-notify lists specified in the global options
block were not correctly reference counted, causing
a memory leak.
349. [bug] Processing a query with the CD bit set now works
as expected.
348. [func] New boolean named.conf options 'additional-from-auth'
and 'additional-from-cache' now supported in view and
global options statement.
347. [bug] Don't crash if an argument is left off options in dig.
346. [placeholder]
345. [bug] Large-scale changes/cleanups to dig:
* Significantly improve structure handling
* Don't pre-load entire batch files
* Add name/rr counting/limiting
* Fix SIGINT handling
* Shorten timeouts to match v8's behavior
344. [bug] When shutting down, lwresd sometimes tried
to shut down its client tasks twice,
triggering an assertion.
343. [bug] Although zone maintenance SOA queries and
notify requests were signed with TSIG keys
when configured for the server in case,
the TSIG was not verified on the response.
342. [bug] The wrong name was being passed to
dns_name_dup() when generating a TSIG
key using TKEY.
341. [func] Support 'key' clause in named.conf zone masters
statement to allow authentication via TSIG keys:
masters {
10.0.0.1 port 5353 key "foo";
10.0.0.2 ;
};
340. [bug] The top-level COPYRIGHT file was missing from
the distribution.
339. [bug] DNSSEC validation of the response to an ANY
query at a name with a CNAME RR in a secure
zone triggered an assertion failure.
338. [bug] lwresd logged to syslog as named, not lwresd.
337. [bug] "dig" did not recognize "nsap-ptr" as an RR type
on the command line.
336. [bug] "dig -f" used 64 k of memory for each line in
the file. It now uses much less, though still
proportionally to the file size.
335. [bug] named would occasionally attempt recursion when
it was disallowed or undesired.
334. [func] Added hmac-md5 to libisc.
333. [bug] The resolver incorrectly accepted referrals to
domains that were not parents of the query name,
causing assertion failures.
332. [func] New function dns_name_reset().
331. [bug] Only log "recursion denied" if RD is set. [RT #178]
330. [bug] Many debugging messages were partially formatted
even when debugging was turned off, causing a
significant decrease in query performance.
329. [func] omapi_auth_register() now takes a size_t argument for
the length of a key's secret data. Previously
OMAPI only stored secrets up to the first NUL byte.
328. [func] Added isc_base64_decodestring().
327. [bug] rndc.conf parser wasn't correctly recognizing an IP
address where a host specification was required.
326. [func] 'keys' in an 'inet' control statement is now
required and must have at least one item in it.
A "not supported" warning is now issued if a 'unix'
control channel is defined.
325. [bug] isc_lex_gettoken was processing octal strings when
ISC_LEXOPT_CNUMBER was not set.
324. [func] In the resolver, turn EDNS0 off if there is no
response after a number of retransmissions.
This is to allow queries some chance of succeeding
even if all the authoritative servers of a zone
silently discard EDNS0 requests instead of
sending an error response like they ought to.
323. [bug] dns_rbt_findname() did not ignore empty rbt nodes.
Because of this, servers authoritative for a parent
and grandchild zone but not authoritative for the
intervening child zone did not correctly issue
referrals to the servers of the child zone.
322. [bug] Queries for KEY RRs are now sent to the parent
server before the authoritative one, making
DNSSEC insecurity proofs work in many cases
where they previously didn't.
321. [bug] When synthesizing a CNAME RR for a DNAME
response, query_addcname() failed to initialize
the type and class of the CNAME dns_rdata_t,
causing random failures.
320. [func] Multiple rndc changes: parses an rndc.conf file,
uses authentication to talk to named, command
line syntax changed. This will all be described
in the ARM.
319. [func] The named.conf "controls" statement is now used
to configure the OMAPI command channel.
318. [func] dns_c_ndcctx_destroy() could never return anything
except ISC_R_SUCCESS; made it have void return instead.
317. [func] Use callbacks from libomapi to determine if a
new connection is valid, and if a key requested
to be used with that connection is valid.
316. [bug] Generate a warning if we detect an unexpected <eof>
but treat as <eol><eof>.
315. [bug] Handle non-empty blanks lines. [RT #163]
314. [func] The named.conf controls statement can now have
more than one key specified for the inet clause.
313. [bug] When parsing resolv.conf, don't terminate on an
error. Instead, parse as much as possible, but
still return an error if one was found.
312. [bug] Increase the number of allowed elements in the
resolv.conf search path from 6 to 8. If there
are more than this, ignore the remainder rather
than returning a failure in lwres_conf_parse.
311. [bug] lwres_conf_parse failed when the first line of
resolv.conf was empty or a comment.
310. [func] Changes to named.conf "controls" statement (inet
subtype only)
- support "keys" clause
controls {
inet * port 1024
allow { any; } keys { "foo"; }
}
- allow "port xxx" to be left out of statement,
in which case it defaults to omapi's default port
of 953.
309. [bug] When sending a referral, the server did not look
for name server addresses as glue in the zone
holding the NS RRset in the case where this zone
was not the same as the one where it looked for
name server addresses as authoritative data.
308. [bug] Treat a SOA record not at top of zone as an error
when loading a zone. [RT #154]
307. [bug] When canceling a query, the resolver didn't check for
isc_socket_sendto() calls that did not yet have their
completion events posted, so it could (rarely) end up
destroying the query context and then want to use
it again when the send event posted, triggering an
assertion as it tried to cancel an already-canceled
query. [RT #77]
306. [bug] Reading HMAC-MD5 private key files didn't work.
305. [bug] When reloading the server with a config file
containing a syntax error, it could catch an
assertion failure trying to perform zone
maintenance on tentatively created zones whose
views were never fully configured and lacked
an address database.
304. [bug] If more than LWRES_CONFMAXNAMESERVERS servers
are listed in resolv.conf, silently ignore them
instead of returning failure.
303. [bug] Add additional sanity checks to differentiate a AXFR
response vs a IXFR response. [RT #157]
302. [bug] In dig, host, and nslookup, MXNAME should be large
enough to hold any legal domain name in presentation
format + terminating NULL.
301. [bug] Uninitialized pointer in host:printmessage(). [RT #159]
300. [bug] Using both <isc/net.h> and <lwres/net.h> didn't work
on platforms lacking IPv6 because each included their
own ipv6 header file for the missing definitions. Now
each library's ipv6.h defines the wrapper symbol of
the other (ISC_IPV6_H and LWRES_IPV6_H).
299. [cleanup] Get the user and group information before changing the
root directory, so the administrator does not need to
keep a copy of the user and group databases in the
chroot'ed environment. Suggested by Hakan Olsson.
298. [bug] A mutex deadlock occurred during shutdown of the
interface manager under certain conditions.
Digital Unix systems were the most affected.
297. [bug] Specifying a key name that wasn't fully qualified
in certain parts of the config file could cause
an assertion failure.
296. [bug] "make install" from a separate build directory
failed unless configure had been run in the source
directory, too.
295. [bug] When invoked with type==CNAME and a message
not constructed by dns_message_parse(),
dns_message_findname() failed to find anything
due to checking for attribute bits that are set
only in dns_message_parse(). This caused an
infinite loop when constructing the response to
an ANY query at a CNAME in a secure zone.
294. [bug] If we run out of space in while processing glue
when reading a master file and commit "current name"
reverts to "name_current" instead of staying as
"name_glue".
293. [port] Add support for FreeBSD 4.0 system tests.
292. [bug] Due to problems with the way some operating systems
handle simultaneous listening on IPv4 and IPv6
addresses, the server no longer listens on IPv6
addresses by default. To revert to the previous
behavior, specify "listen-on-v6 { any; };" in
the config file.
291. [func] Caching servers no longer send outgoing queries
over TCP just because the incoming recursive query
was a TCP one.
290. [cleanup] +twiddle option to dig (for testing only) removed.
289. [cleanup] dig is now installed in $bindir instead of $sbindir.
host is now installed in $bindir. (Be sure to remove
any $sbindir/dig from a previous release.)
288. [func] rndc is now installed by "make install" into $sbindir.
287. [bug] rndc now works again as "rndc 127.1 reload" (for
only that task). Parsing its configuration file and
using digital signatures for authentication has been
disabled until named supports the "controls" statement,
post-9.0.0.
286. [bug] On Solaris 2, when named inherited a signal state
where SIGHUP had the SIG_IGN action, SIGHUP would
be ignored rather than causing the server to reload
its configuration.
285. [bug] A change made to the dst API for beta4 inadvertently
broke OMAPI's creation of a dst key from an incoming
message, causing an assertion to be triggered. Fixed.
284. [func] The DNSSEC key generation and signing tools now
generate randomness from keyboard input on systems
that lack /dev/random.
283. [cleanup] The 'lwresd' program is now a link to 'named'.
282. [bug] The lexer now returns ISC_R_RANGE if parsed integer is
too big for an unsigned long.
281. [bug] Fixed list of recognized config file category names.
280. [func] Add isc-config.sh, which can be used to more
easily build applications that link with
our libraries.
279. [bug] Private omapi function symbols shared between
two or more files in libomapi.a were not namespace
protected using the ISC convention of starting with
the library name and two underscores ("omapi__"...)
278. [bug] bin/named/logconf.c:category_fromconf() didn't take
note of when isc_log_categorybyname() wasn't able
to find the category name and would then apply the
channel list of the unknown category to all categories.
277. [bug] isc_log_categorybyname() and isc_log_modulebyname()
would fail to find the first member of any category
or module array apart from the internal defaults.
Thus, for example, the "notify" category was improperly
configured by named.
276. [bug] dig now supports maximum sized TCP messages.
275. [bug] The definition of lwres_gai_strerror() was missing
the lwres_ prefix.
274. [bug] TSIG AXFR verify failed when talking to a BIND 8
server.
273. [func] The default for the 'transfer-format' option is
now 'many-answers'. This will break zone transfers
to BIND 4.9.5 and older unless there is an explicit
'one-answer' configuration.
272. [bug] The sending of large TCP responses was canceled
in mid-transmission due to a race condition
caused by the failure to set the client object's
"newstate" variable correctly when transitioning
to the "working" state.
271. [func] Attempt to probe the number of cpus in named
if unspecified rather than defaulting to 1.
270. [func] Allow maximum sized TCP answers.
269. [bug] Failed DNSSEC validations could cause an assertion
failure by causing clone_results() to be called with
with hevent->node == NULL.
268. [doc] A plain text version of the Administrator
Reference Manual is now included in the distribution,
as doc/arm/Bv9ARM.txt.
267. [func] Nsupdate is now provided in the distribution.
266. [bug] zone.c:save_nsrrset() node was not initialized.
265. [bug] dns_request_create() now works for TCP.
264. [func] Dispatch can not take TCP sockets in connecting
state. Set DNS_DISPATCHATTR_CONNECTED when calling
dns_dispatch_createtcp() for connected TCP sockets
or call dns_dispatch_starttcp() when the socket is
connected.
263. [func] New logging channel type 'stderr'
channel some-name {
stderr;
severity error;
}
262. [bug] 'master' was not initialized in zone.c:stub_callback().
261. [func] Add dns_zone_markdirty().
260. [bug] Running named as a non-root user failed on Linux
kernels new enough to support retaining capabilities
after setuid().
259. [func] New random-device and random-seed-file statements
for global options block of named.conf. Both accept
a single string argument.
258. [bug] Fixed printing of lwres_addr_t.address field.
257. [bug] The server detached the last zone manager reference
too early, while it could still be in use by queries.
This manifested itself as assertion failures during the
shutdown process for busy name servers. [RT #133]
256. [func] isc_ratelimiter_t now has attach/detach semantics, and
isc_ratelimiter_shutdown guarantees that the rate
limiter is detached from its task.
255. [func] New function dns_zonemgr_attach().
254. [bug] Suppress "query denied" messages on additional data
lookups.
--- 9.0.0b4 released ---
253. [func] resolv.conf parser now recognizes ';' and '#' as
comments (anywhere in line, not just as the beginning).
252. [bug] resolv.conf parser mishandled masks on sortlists.
It also aborted when an unrecognized keyword was seen,
now it silently ignores the entire line.
251. [bug] lwresd caught an assertion failure on startup.
250. [bug] fixed handling of size+unit when value would be too
large for internal representation.
249. [cleanup] max-cache-size config option now takes a size-spec
like 'datasize', except 'default' is not allowed.
248. [bug] global lame-ttl option was not being printed when
config structures were written out.
247. [cleanup] Rename cache-size config option to max-cache-size.
246. [func] Rename global option cachesize to cache-size and
add corresponding option to view statement.
245. [bug] If an uncompressed name will take more than 255
bytes and the buffer is sufficiently long,
dns_name_fromwire should return DNS_R_FORMERR,
not ISC_R_NOSPACE. This bug caused cause the
server to catch an assertion failure when it
received a query for a name longer than 255
bytes.
244. [bug] empty named.conf file and empty options statement are
now parsed properly.
243. [func] new cachesize option for named.conf
242. [cleanup] fixed incorrect warning about auth-nxdomain usage.
241. [cleanup] nscount and soacount have been removed from the
dns_master_*() argument lists.
240. [func] databases now come in three flavours: zone, cache
and stub.
239. [func] If ISC_MEM_DEBUG is enabled, the variable
isc_mem_debugging controls whether messages
are printed or not.
238. [cleanup] A few more compilation warnings have been quieted:
+ missing sigwait prototype on BSD/OS 4.0/4.0.1.
+ PTHREAD_ONCE_INIT unbraced initializer warnings on
Solaris 2.8.
+ IN6ADDR_ANY_INIT unbraced initializer warnings on
BSD/OS 4.*, Linux and Solaris 2.8.
237. [bug] If connect() returned ENOBUFS when the resolver was
initiating a TCP query, the socket didn't get
destroyed, and the server did not shut down cleanly.
236. [func] Added new listen-on-v6 config file statement.
235. [func] Consider it a config file error if a listen-on
statement has an IPv6 address in it, or a
listen-on-v6 statement has an IPv4 address in it.
234. [bug] Allow a trusted-key's first field (domain-name) be
either a quoted or an unquoted string, instead of
requiring a quoted string.
233. [cleanup] Convert all config structure integer values to unsigned
integer (isc_uint32_t) to match grammar.
232. [bug] Allow slave zones to not have a file.
231. [func] Support new 'port' clause in config file options
section. Causes 'listen-on', 'masters' and
'also-notify' statements to use its value instead of
default (53).
230. [func] Replace the dst sign/verify API with a cleaner one.
229. [func] Support config file sig-validity-interval statement
in options, views and zone statements (master
zones only).
228. [cleanup] Logging messages in config module stripped of
trailing period.
227. [cleanup] The enumerated identifiers dns_rdataclass_*,
dns_rcode_*, dns_opcode_*, and dns_trust_* are
also now cast to their appropriate types, as with
dns_rdatatype_* in item number 225 below.
226. [func] dns_name_totext() now always prints the root name as
'.', even when omit_final_dot is true.
225. [cleanup] The enumerated dns_rdatatype_* identifiers are now
cast to dns_rdatatype_t via macros of their same name
so that they are of the proper integral type wherever
a dns_rdatatype_t is needed.
224. [cleanup] The entire project builds cleanly with gcc's
-Wcast-qual and -Wwrite-strings warnings enabled,
which is now the default when using gcc. (Warnings
from confparser.c, because of yacc's code, are
unfortunately to be expected.)
223. [func] Several functions were re-prototyped to qualify one
or more of their arguments with "const". Similarly,
several functions that return pointers now have
those pointers qualified with const.
222. [bug] The global 'also-notify' option was ignored.
221. [bug] An uninitialized variable was sometimes passed to
dns_rdata_freestruct() when loading a zone, causing
an assertion failure.
220. [cleanup] Set the default outgoing port in the view, and
set it in sockaddrs returned from the ADB.
[31-May-2000 explorer]
219. [bug] Signed truncated messages more correctly follow
the respective specs.
218. [func] When an rdataset is signed, its ttl is normalized
based on the signature validity period.
217. [func] Also-notify and trusted-keys can now be used in
the 'view' statement.
216. [func] The 'max-cache-ttl' and 'max-ncache-ttl' options
now work.
215. [bug] Failures at certain points in request processing
could cause the assertion INSIST(client->lockview
== NULL) to be triggered.
214. [func] New public function isc_netaddr_format(), for
formatting network addresses in log messages.
213. [bug] Don't leak memory when reloading the zone if
an update-policy clause was present in the old zone.
212. [func] Added dns_message_get/settsigkey, to make TSIG
key management reasonable.
211. [func] The 'key' and 'server' statements can now occur
inside 'view' statements.
210. [bug] The 'allow-transfer' option was ignored for slave
zones, and the 'transfers-per-ns' option was
was ignored for all zones.
209. [cleanup] Upgraded openssl files to new version 0.9.5a
208. [func] Added ISC_OFFSET_MAXIMUM for the maximum value
of an isc_offset_t.
207. [func] The dnssec tools properly use the logging subsystem.
206. [cleanup] dst now stores the key name as a dns_name_t, not
a char *.
205. [cleanup] On IRIX, turn off the mostly harmless warnings 1692
("prototyped function redeclared without prototype")
and 1552 ("variable ... set but not used") when
compiling in the lib/dns/sec/{dnssafe,openssl}
directories, which contain code imported from outside
sources.
204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
to quiet the warnings that "The linked output may not
run on a PA 1.x system."
203. [func] notify and zone soa queries are now tsig signed when
appropriate.
202. [func] isc_lex_getsourceline() changed from returning int
to returning unsigned long, the type of its underlying
counter.
201. [cleanup] Removed the test/sdig program, it has been
replaced by bin/dig/dig.
--- 9.0.0b3 released ---
200. [bug] Failures in sending query responses to clients
(e.g., running out of network buffers) were
not logged.
199. [bug] isc_heap_delete() sometimes violated the heap
invariant, causing timer events not to be posted
when due.
198. [func] Dispatch managers hold memory pools which
any managed dispatcher may use. This allows
us to avoid dipping into the memory context for
most allocations. [19-May-2000 explorer]
197. [bug] When an incoming AXFR or IXFR completes, the
zone's internal state is refreshed from the
SOA data. [19-May-2000 explorer]
196. [func] Dispatchers can be shared easily between views
and/or interfaces. [19-May-2000 explorer]
195. [bug] Including the NXT record of the root domain
in a negative response caused an assertion
failure.
194. [doc] The PDF version of the Administrator's Reference
Manual is no longer included in the ISC BIND9
distribution.
193. [func] changed dst_key_free() prototype.
192. [bug] Zone configuration validation is now done at end
of config file parsing, and before loading
callbacks.
191. [func] Patched to compile on UnixWare 7.x. This platform
is not directly supported by the ISC.
190. [cleanup] The DNSSEC tools have been moved to a separate
directory dnssec/ and given the following new,
more descriptive names:
dnssec-keygen
dnssec-signzone
dnssec-signkey
dnssec-makekeyset
Their command line arguments have also been changed to
be more consistent. dnssec-keygen now prints the
name of the generated key files (sans extension)
on standard output to simplify its use in automated
scripts.
189. [func] isc_time_secondsastimet(), a new function, will ensure
that the number of seconds in an isc_time_t does not
exceed the range of a time_t, or return ISC_R_RANGE.
Similarly, isc_time_now(), isc_time_nowplusinterval(),
isc_time_add() and isc_time_subtract() now check the
range for overflow/underflow. In the case of
isc_time_subtract, this changed a calling requirement
(ie, something that could generate an assertion)
into merely a condition that returns an error result.
isc_time_add() and isc_time_subtract() were void-
valued before but now return isc_result_t.
188. [func] Log a warning message when an incoming zone transfer
contains out-of-zone data.
187. [func] isc_ratelimiter_enqueue() has an additional argument
'task'.
186. [func] dns_request_getresponse() has an additional argument
'preserve_order'.
185. [bug] Fixed up handling of ISC_MEMCLUSTER_LEGACY. Several
public functions did not have an isc__ prefix, and
referred to functions that had previously been
renamed.
184. [cleanup] Variables/functions which began with two leading
underscores were made to conform to the ANSI/ISO
standard, which says that such names are reserved.
183. [func] ISC_LOG_PRINTTAG option for log channels. Useful
for logging the program name or other identifier.
182. [cleanup] New command-line parameters for dnssec tools
181. [func] Added dst_key_buildfilename and dst_key_parsefilename
180. [func] New isc_result_t ISC_R_RANGE. Supersedes DNS_R_RANGE.
179. [func] options named.conf statement *must* now come
before any zone or view statements.
178. [func] Post-load of named.conf check verifies a slave zone
has non-empty list of masters defined.
177. [func] New per-zone boolean:
enable-zone yes | no ;
intended to let a zone be disabled without having
to comment out the entire zone statement.
176. [func] New global and per-view option:
max-cache-ttl number
175. [func] New global and per-view option:
additional-data internal | minimal | maximal;
174. [func] New public function isc_sockaddr_format(), for
formatting socket addresses in log messages.
173. [func] Keep a queue of zones waiting for zone transfer
quota so that a new transfer can be dispatched
immediately whenever quota becomes available.
172. [bug] $TTL directive was sometimes missing from dumped
master files because totext_ctx_init() failed to
initialize ctx->current_ttl_valid.
171. [cleanup] On NetBSD systems, the mit-pthreads or
unproven-pthreads library is now always used
unless --with-ptl2 is explicitly specified on
the configure command line. The
--with-mit-pthreads option is no longer needed
and has been removed.
170. [cleanup] Remove inter server consistency checks from zone,
these should return as a separate module in 9.1.
dns_zone_checkservers(), dns_zone_checkparents(),
dns_zone_checkchildren(), dns_zone_checkglue().
Remove dns_zone_setadb(), dns_zone_setresolver(),
dns_zone_setrequestmgr() these should now be found
via the view.
169. [func] ratelimiter can now process N events per interval.
168. [bug] include statements in named.conf caused syntax errors
due to not consuming the semicolon ending the include
statement before switching input streams.
167. [bug] Make lack of masters for a slave zone a soft error.
166. [bug] Keygen was overwriting existing keys if key_id
conflicted, now it will retry, and non-null keys
with key_id == 0 are not generated anymore. Key
was not able to generate NOAUTHCONF DSA key,
increased RSA key size to 2048 bits.
165. [cleanup] Silence "end-of-loop condition not reached" warnings
from Solaris compiler.
164. [func] Added functions isc_stdio_open(), isc_stdio_close(),
isc_stdio_seek(), isc_stdio_read(), isc_stdio_write(),
isc_stdio_flush(), isc_stdio_sync(), isc_file_remove()
to encapsulate nonportable usage of errno and sync.
163. [func] Added result codes ISC_R_FILENOTFOUND and
ISC_R_FILEEXISTS.
162. [bug] Ensure proper range for arguments to ctype.h functions.
161. [cleanup] error in yyparse prototype that only HPUX caught.
160. [cleanup] getnet*() are not going to be implemented at this
stage.
159. [func] Redefinition of config file elements is now an
error (instead of a warning).
158. [bug] Log channel and category list copy routines
weren't assigning properly to output parameter.
157. [port] Fix missing prototype for getopt().
156. [func] Support new 'database' statement in zone.
database "quoted-string";
155. [bug] ns_notify_start() was not detaching the found zone.
154. [func] The signer now logs libdns warnings to stderr even when
not verbose, and in a nicer format.
153. [func] dns_rdata_tostruct() 'mctx' is now optional. If 'mctx'
is NULL then you need to preserve the 'rdata' until
you have finished using the structure as there may be
references to the associated memory. If 'mctx' is
non-NULL it is guaranteed that there are no references
to memory associated with 'rdata'.
dns_rdata_freestruct() must be called if 'mctx' was
non-NULL and may safely be called if 'mctx' was NULL.
152. [bug] keygen dumped core if domain name argument was omitted
from command line.
151. [func] Support 'disabled' statement in zone config (causes
zone to be parsed and then ignored). Currently must
come after the 'type' clause.
150. [func] Support optional ports in masters and also-notify
statements:
masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
149. [cleanup] Removed unused argument 'olist' from
dns_c_view_unsetordering().
148. [cleanup] Stop issuing some warnings about some configuration
file statements that were not implemented, but now are.
147. [bug] Changed yacc union size to be smaller for yaccs that
put yacc-stack on the real stack.
146. [cleanup] More general redundant header file cleanup. Rather
than continuing to itemize every header which changed,
this changelog entry just notes that if a header file
did not need another header file that it was including
in order to provide its advertised functionality, the
inclusion of the other header file was removed. See
util/check-includes for how this was tested.
145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
ISC_LANG_ENDDECLS to header files that had function
prototypes, and removed it from those that did not.
144. [cleanup] libdns header files too numerous to name were made
to conform to the same style for multiple inclusion
protection.
143. [func] Added function dns_rdatatype_isknown().
142. [cleanup] <isc/stdtime.h> does not need <time.h> or
<isc/result.h>.
141. [bug] Corrupt requests with multiple questions could
cause an assertion failure.
140. [cleanup] <isc/time.h> does not need <time.h> or <isc/result.h>.
139. [cleanup] <isc/net.h> now includes <isc/types.h> instead of
<isc/int.h> and <isc/result.h>.
138. [cleanup] isc_strtouq moved from str.[ch] to string.[ch] and
renamed isc_string_touint64. isc_strsep moved from
strsep.c to string.c and renamed isc_string_separate.
137. [cleanup] <isc/commandline.h>, <isc/mem.h>, <isc/print.h>
<isc/serial.h>, <isc/string.h> and <isc/offset.h>
made to conform to the same style for multiple
inclusion protection.
136. [cleanup] <isc/commandline.h>, <isc/interfaceiter.h>,
<isc/net.h> and Win32's <isc/thread.h> needed
ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS.
135. [cleanup] Win32's <isc/condition.h> did not need <isc/result.h>
or <isc/boolean.h>, now uses <isc/types.h> in place
of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
and ISC_LANG_ENDDECLS.
134. [cleanup] <isc/dir.h> does not need <limits.h>.
133. [cleanup] <isc/ipv6.h> needs <isc/platform.h>.
132. [cleanup] <isc/app.h> does not need <isc/task.h>, but does
need <isc/eventclass.h>.
131. [cleanup] <isc/mutex.h> and <isc/util.h> need <isc/result.h>
for ISC_R_* codes used in macros.
130. [cleanup] <isc/condition.h> does not need <pthread.h> or
<isc/boolean.h>, and now includes <isc/types.h>
instead of <isc/time.h>.
129. [bug] The 'default_debug' log channel was not set up when
'category default' was present in the config file
128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
ISC_LANG_ENDDECLS at end of header.
127. [cleanup] The contracts for the comparison routines
dns_name_fullcompare(), dns_name_compare(),
dns_name_rdatacompare(), and dns_rdata_compare() now
specify that the order value returned is < 0, 0, or > 0
instead of -1, 0, or 1.
126. [cleanup] <isc/quota.h> and <isc/taskpool.h> need <isc/lang.h>.
125. [cleanup] <isc/eventclass.h>, <isc/ipv6.h>, <isc/magic.h>,
<isc/mutex.h>, <isc/once.h>, <isc/region.h>, and
<isc/resultclass.h> do not need <isc/lang.h>.
124. [func] signer now imports parent's zone key signature
and creates null keys/sets zone status bit for
children when necessary
123. [cleanup] <isc/event.h> does not need <stddef.h>.
122. [cleanup] <isc/task.h> does not need <isc/mem.h> or
<isc/result.h>.
121. [cleanup] <isc/symtab.h> does not need <isc/mem.h> or
<isc/result.h>. Multiple inclusion protection
symbol fixed from ISC_SYMBOL_H to ISC_SYMTAB_H.
isc_symtab_t moved to <isc/types.h>.
120. [cleanup] <isc/socket.h> does not need <isc/boolean.h>,
<isc/bufferlist.h>, <isc/task.h>, <isc/mem.h> or
<isc/net.h>.
119. [cleanup] structure definitions for generic rdata structures do
not have _generic_ in their names.
118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
YACC crust (yyparse, etc) [2000-apr-27 explorer]
117. [cleanup] libdns.a changes:
dns_zone_clearnotify() and dns_zone_addnotify()
are replaced by dns_zone_setnotifyalso().
dns_zone_clearmasters() and dns_zone_addmaster()
are replaced by dns_zone_setmasters().
116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
on Unix systems).
115. [port] Shut up the -Wmissing-declarations warning about
<stdio.h>'s __sputaux on BSD/OS pre-4.1.
114. [cleanup] <isc/sockaddr.h> does not need <isc/buffer.h> or
<isc/list.h>.
113. [func] Utility programs dig and host added.
112. [cleanup] <isc/serial.h> does not need <isc/boolean.h>.
111. [cleanup] <isc/rwlock.h> does not need <isc/result.h> or
<isc/mutex.h>.
110. [cleanup] <isc/result.h> does not need <isc/boolean.h> or
<isc/list.h>.
109. [bug] "make depend" did nothing for
bin/tests/{db,mem,sockaddr,tasks,timers}/.
108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
<dns/types.h> to <dns/bit.h> and renamed to
DNS_BIT_SET/DNS_BIT_GET/DNS_BIT_CLEAR.
107. [func] Add keysigner and keysettool.
106. [func] Allow dnssec verifications to ignore the validity
period. Used by several of the dnssec tools.
105. [doc] doc/dev/coding.html expanded with other
implicit conventions the developers have used.
104. [bug] Made compress_add and compress_find static to
lib/dns/compress.c.
103. [func] libisc buffer API changes for <isc/buffer.h>:
Added:
isc_buffer_base(b) (pointer)
isc_buffer_current(b) (pointer)
isc_buffer_active(b) (pointer)
isc_buffer_used(b) (pointer)
isc_buffer_length(b) (int)
isc_buffer_usedlength(b) (int)
isc_buffer_consumedlength(b) (int)
isc_buffer_remaininglength(b) (int)
isc_buffer_activelength(b) (int)
isc_buffer_availablelength(b) (int)
Removed:
ISC_BUFFER_USEDCOUNT(b)
ISC_BUFFER_AVAILABLECOUNT(b)
isc_buffer_type(b)
Changed names:
isc_buffer_used(b, r) ->
isc_buffer_usedregion(b, r)
isc_buffer_available(b, r) ->
isc_buffer_available_region(b, r)
isc_buffer_consumed(b, r) ->
isc_buffer_consumedregion(b, r)
isc_buffer_active(b, r) ->
isc_buffer_activeregion(b, r)
isc_buffer_remaining(b, r) ->
isc_buffer_remainingregion(b, r)
Buffer types were removed, so the ISC_BUFFERTYPE_*
macros are no more, and the type argument to
isc_buffer_init and isc_buffer_allocate were removed.
isc_buffer_putstr is now void (instead of isc_result_t)
and requires that the caller ensure that there
is enough available buffer space for the string.
102. [port] Correctly detect inet_aton, inet_pton and inet_ptop
on BSD/OS 4.1.
101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
100. [cleanup] <isc/random.h> does not need <isc/int.h> or
<isc/mutex.h>. isc_random_t moved to <isc/types.h>.
99. [cleanup] Rate limiter now has separate shutdown() and
destroy() functions, and it guarantees that all
queued events are delivered even in the shutdown case.
98. [cleanup] <isc/print.h> does not need <stdarg.h> or <stddef.h>
unless ISC_PLATFORM_NEEDVSNPRINTF is defined.
97. [cleanup] <isc/ondestroy.h> does not need <stddef.h> or
<isc/event.h>.
96. [cleanup] <isc/mutex.h> does not need <isc/result.h>.
95. [cleanup] <isc/mutexblock.h> does not need <isc/result.h>.
94. [cleanup] Some installed header files did not compile as C++.
93. [cleanup] <isc/msgcat.h> does not need <isc/result.h>.
92. [cleanup] <isc/mem.h> does not need <stddef.h>, <isc/boolean.h>,
or <isc/result.h>.
91. [cleanup] <isc/log.h> does not need <sys/types.h> or
<isc/result.h>.
90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
from <named/listenlist.h>.
89. [cleanup] <isc/lex.h> does not need <stddef.h>.
88. [cleanup] <isc/interfaceiter.h> does not need <isc/result.h> or
<isc/mem.h>. isc_interface_t and isc_interfaceiter_t
moved to <isc/types.h>.
87. [cleanup] <isc/heap.h> does not need <isc/boolean.h>,
<isc/mem.h> or <isc/result.h>.
86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
<isc/types.h>.
85. [cleanup] <isc/bufferlist.h> does not need <isc/buffer.h>,
<isc/list.h>, <isc/mem.h>, <isc/region.h> or
<isc/int.h>.
84. [func] allow-query ACL checks now apply to all data
added to a response.
83. [func] If the server is authoritative for both a
delegating zone and its (nonsecure) delegatee, and
a query is made for a KEY RR at the top of the
delegatee, then the server will look for a KEY
in the delegator if it is not found in the delegatee.
82. [cleanup] <isc/buffer.h> does not need <isc/list.h>.
81. [cleanup] <isc/int.h> and <isc/boolean.h> do not need
<isc/lang.h>.
80. [cleanup] <isc/print.h> does not need <stdio.h> or <stdlib.h>.
79. [cleanup] <dns/callbacks.h> does not need <stdio.h>.
78. [cleanup] lwres_conftest renamed to lwresconf_test for
consistency with other *_test programs.
77. [cleanup] typedef of isc_time_t and isc_interval_t moved from
<isc/time.h> to <isc/types.h>.
76. [cleanup] Rewrote keygen.
75. [func] Don't load a zone if its database file is older
than the last time the zone was loaded.
74. [cleanup] Removed mktemplate.o and ufile.o from libisc.a,
subsumed by file.o.
73. [func] New "file" API in libisc, including new function
isc_file_getmodtime, isc_mktemplate renamed to
isc_file_mktemplate and isc_ufile renamed to
isc_file_openunique. By no means an exhaustive API,
it is just what's needed for now.
72. [func] DNS_RBTFIND_NOPREDECESSOR and DNS_RBTFIND_NOOPTIONS
added for dns_rbt_findnode, the former to disable the
setting of the chain to the predecessor, and the
latter to make clear when no options are set.
71. [cleanup] Made explicit the implicit REQUIREs of
isc_time_seconds, isc_time_nanoseconds, and
isc_time_subtract.
70. [func] isc_time_set() added.
69. [bug] The zone object's master and also-notify lists grew
longer with each server reload.
68. [func] Partial support for SIG(0) on incoming messages.
67. [performance] Allow use of alternate (compile-time supplied)
OpenSSL libraries/headers.
66. [func] Data in authoritative zones should have a trust level
beyond secure.
65. [cleanup] Removed obsolete typedef of dns_zone_callbackarg_t
from <dns/types.h>.
64. [func] The RBT, DB, and zone table APIs now allow the
caller find the most-enclosing superdomain of
a name.
63. [func] Generate NOTIFY messages.
62. [func] Add UDP refresh support.
61. [cleanup] Use single quotes consistently in log messages.
60. [func] Catch and disallow singleton types on message
parse.
59. [bug] Cause net/host unreachable to be a hard error
when sending and receiving.
58. [bug] bin/named/query.c could sometimes trigger the
(client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
== 0 assertion in query_newname().
57. [func] Added dns_nxt_typepresent()
56. [bug] SIG records were not properly returned in cached
negative answers.
55. [bug] Responses containing multiple names in the authority
section were not negatively cached.
54. [bug] If a fetch with sigrdataset==NULL joined one with
sigrdataset!=NULL or vice versa, the resolver
could catch an assertion or lose signature data,
respectively.
53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
<sys/param.h>.
52. [bug] rndc: taskmgr and socketmgr were not initialized
to NULL.
51. [cleanup] dns/compress.h and dns/zt.h did not need to include
dns/rbt.h; it was needed only by compress.c and zt.c.
50. [func] RBT deletion no longer requires a valid chain to work,
and dns_rbt_deletenode was added.
49. [func] Each cache now has its own mctx.
48. [func] isc_task_create() no longer takes an mctx.
isc_task_mem() has been eliminated.
47. [func] A number of modules now use memory context reference
counting.
46. [func] Memory contexts are now reference counted.
Added isc_mem_inuse() and isc_mem_preallocate().
Renamed isc_mem_destroy_check() to
isc_mem_setdestroycheck().
45. [bug] The trusted-key statement incorrectly loaded keys.
44. [bug] Don't include authority data if it would force us
to unset the AD bit in the message.
43. [bug] DNSSEC verification of cached rdatasets was failing.
42. [cleanup] Simplified logging of messages with embedded domain
names by introducing a new convenience function
dns_name_format().
41. [func] Use PR_SET_KEEPCAPS on Linux 2.3.99-pre3 and later
to allow 'named' to run as a non-root user while
retaining the ability to bind() to privileged
ports.
40. [func] Introduced new logging category "dnssec" and
logging module "dns/validator".
39. [cleanup] Moved the typedefs for isc_region_t, isc_textregion_t,
and isc_lex_t to <isc/types.h>.
38. [bug] TSIG signed incoming zone transfers work now.
37. [bug] If the first RR in an incoming zone transfer was
not an SOA, the server died with an assertion failure
instead of just reporting an error.
36. [cleanup] Change DNS_R_SUCCESS (and others) to ISC_R_SUCCESS
35. [performance] Log messages which are of a level too high to be
logged by any channel in the logging configuration
will not cause the log mutex to be locked.
34. [bug] Recursion was allowed even with 'recursion no'.
33. [func] The RBT now maintains a parent pointer at each node.
32. [cleanup] bin/lwresd/client.c needs <string.h> for memset()
prototype.
31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
30. [func] config file grammar change to support optional
class type for a view.
29. [func] support new config file view options:
auth-nxdomain recursion query-source
query-source-v6 transfer-source
transfer-source-v6 max-transfer-time-out
max-transfer-idle-out transfer-format
request-ixfr provide-ixfr cleaning-interval
fetch-glue notify rfc2308-type1 lame-ttl
max-ncache-ttl min-roots
28. [func] support lame-ttl, min-roots and serial-queries
config global options.
27. [bug] Only include <netinet6/in6.h> on BSD/OS 4.[01]*.
Including it on other platforms (eg, NetBSD) can
cause a forced #error from the C preprocessor.
26. [func] new match-clients statement in config file view.
25. [bug] make install failed to install <isc/log.h> and
<isc/ondestroy.h>.
24. [cleanup] Eliminate some unnecessary #includes of header
files from header files.
23. [cleanup] Provide more context in log messages about client
requests, using a new function ns_client_log().
22. [bug] SIGs weren't returned in the answer section when
the query resulted in a fetch.
21. [port] Look at STD_CINCLUDES after CINCLUDES during
compilation, so additional system include directories
can be searched but header files in the bind9 source
tree with conflicting names take precedence. This
avoids issues with installed versions of dnssafe and
openssl.
20. [func] Configuration file post-load validation of zones
failed if there were no zones.
19. [bug] dns_zone_notifyreceive() failed to unlock the zone
lock in certain error cases.
18. [bug] Use AC_TRY_LINK rather than AC_TRY_COMPILE in
configure.in to check for presence of in6addr_any.
17. [func] Do configuration file post-load validation of zones.
16. [bug] put quotes around key names on config file
output to avoid possible keyword clashes.
15. [func] Add dns_name_dupwithoffsets(). This function is
improves comparison performance for duped names.
14. [bug] free_rbtdb() could have 'put' unallocated memory in
an unlikely error path.
13. [bug] lib/dns/master.c and lib/dns/xfrin.c didn't ignore
out-of-zone data.
12. [bug] Fixed possible uninitialized variable error.
11. [bug] axfr_rrstream_first() didn't check the result code of
db_rr_iterator_first(), possibly causing an assertion
to be triggered later.
10. [bug] A bug in the code which makes EDNS0 OPT records in
bin/named/client.c and lib/dns/resolver.c could
trigger an assertion.
9. [cleanup] replaced bit-setting code in confctx.c and replaced
repeated code with macro calls.
8. [bug] Shutdown of incoming zone transfer accessed
freed memory.
7. [cleanup] removed 'listen-on' from view statement.
6. [bug] quote RR names when generating config file to
prevent possible clash with config file keywords
(such as 'key').
5. [func] syntax change to named.conf file: new ssu grant/deny
statements must now be enclosed by an 'update-policy'
block.
4. [port] bin/named/unix/os.c didn't compile on systems with
linux 2.3 kernel includes due to conflicts between
C library includes and the kernel includes. We now
get only what we need from <linux/capability.h>, and
avoid pulling in other linux kernel .h files.
3. [bug] TKEYs go in the answer section of responses, not
the additional section.
2. [bug] Generating cryptographic randomness failed on
systems without /dev/random.
1. [bug] The installdirs rule in
lib/isc/unix/include/isc/Makefile.in had a typo which
prevented the isc directory from being created if it
didn't exist.
--- 9.0.0b2 released ---
# This tells Emacs to use hard tabs in this file.
# Local Variables:
# indent-tabs-mode: t
# End: