CHANGES revision 4d41be5f9e86c11a6f00e2b005cfc5abae2c1ab3
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User4655. [bug] Lack of seccomp could be falsely reported. [RT #45599]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater4654. [cleanup] Don't use C++ keywords delete, new and namespace.
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews4652. [bug] Nsupdate could attempt to use a zeroed address on
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews server timeout. [RT #45417]
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User4651. [test] Silence coverity warnings in tsig_test.c. [RT #45528]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews --- 9.11.2rc2 released ---
e5a6871cd0635ecdb2bf792316a2d8c53206f4b2Tinderbox User4653. [bug] Reorder includes to move @DST_OPENSSL_INC@ and
950d203b64f512b85fcc093ee1e9e3e531a1aea3Tinderbox User @ISC_OPENSSL_INC@ after shipped include directories.
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont --- 9.11.2rc1 released ---
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews4649. [bug] The wrong zone was logged when a catalog zone is added.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews4648. [bug] "rndc reconfig" on a slave no longer causes all member
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews zones of configured catalog zones to be removed from
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont configuration. [RT #45310]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews4647. [bug] Change 4643 broke verification of TSIG signed TCP
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User message sequences where not all the messages contain
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews TSIG records. These may be used in AXFR and IXFR
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User responses. [RT #45509]
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User4645. [bug] Fix PKCS#11 RSA parsing when MD5 is disabled.
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews --- 9.11.2b1 released ---
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User4643. [security] An error in TSIG handling could permit unauthorized
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews zone transfers or zone updates. (CVE-2017-3142)
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User (CVE-2017-3143) [RT #45383]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User4642. [cleanup] Add more logging of RFC 5011 events affecting the
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews status of managed keys: newly observed keys,
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User deletion of revoked keys, etc. [RT #45354]
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User4641. [cleanup] Parallel builds (make -j) could fail with --with-atf /
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User --enable-developer. [RT #45373]
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User4640. [bug] If query_findversion failed in query_getdb due to
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews memory failure the error status was incorrectly
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt discarded. [RT #45331]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4639. [bug] Fix a regression in --with-tuning reporting introduced
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater by change 4488. [RT #45396]
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User4638. [bug] Reloading or reconfiguring named could fail on
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews some platforms when LMDB was in use. [RT #45203]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User4636. [bug] Normalize rpz policy zone names when checking for
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater existence. [RT #45358]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater4635. [bug] Fix RPZ NSDNAME logging that was logging
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews failures as NSIP. [RT #45052]
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews4634. [contrib] check5011.pl needs to handle optional space before
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User semi-colon in +multi-line output. [RT #45352]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4633. [maint] Updated AAAA (2001:500:200::b) for B.ROOT-SERVERS.NET.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4632. [security] The BIND installer on Windows used an unquoted
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews service path, which can enable privilege escalation.
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User (CVE-2017-3141) [RT #45229]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater4631. [security] Some RPZ configurations could go into an infinite
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews query loop when encountering responses with TTL=0.
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews (CVE-2017-3140) [RT #45181]
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews4630. [bug] "dyndb" is dependent on dlopen existing / being
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User enabled. [RT #45291]
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User4629. [bug] dns_client_startupdate could not be called with a
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User running client. [RT #45277]
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User4628. [bug] Fixed a potential reference leak in query_getdb().
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt4626. [test] Added more tests for handling of different record
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt ordering in CNAME and DNAME responses. [QA #430]
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews4625. [bug] Running "rndc addzone" and "rndc delzone" at close
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User to the same time could trigger a deadlock if using
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt LMDB. [RT #45209]
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User4623. [bug] Use --with-protobuf-c and --with-libfstrm to find
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews protoc-c and fstrm_capture. [RT #45187]
ee11dfc481f2ef6a032a715454f6290961a722d2Tinderbox User4622. [bug] Remove unnecessary escaping of semicolon in CAA and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews URI records. [RT #45216]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews4621. [port] Force alignment of oid arrays to silence loader
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User warnings. [RT #45131]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews4620. [port] Handle EPFNOSUPPORT being returned when probing
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User to see if a socket type is supported. [RT #45214]
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User4619. [bug] Call isc_mem_put instead of isc_mem_free in
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews bin/named/server.c:setup_newzones. [RT #45202]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User4618. [bug] Check isc_mem_strdup results in dns_view_setnewzones.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson Add logging for lmdb call failures. [RT #45204]
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews4617. [test] Update rndc system test to be more delay tolerant.
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User4616. [bug] When using LMDB, zones deleted using "rndc delzone"
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews were not correctly removed from the new-zone
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews database. [RT #45185]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4615. [bug] AD could be set on truncated answer with no records
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User present in the answer and authority sections.
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews4614. [test] Fixed an error in the sockaddr unit test. [RT #45146]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4612. [bug] Silence 'may be use uninitalised' warning and simplify
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User the code in lwres/getaddinfo:process_answer.
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews4611. [bug] The default LMDB mapsize was too low and caused
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User errors after few thousand zones were added using
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews rndc addzone. A new config option "lmdb-mapsize"
28a5dd720187fddb16055a0f64b63a7b66f29f64Mark Andrews has been introduced to configure the LMDB
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User mapsize depending on operational needs.
a450977e98155f6e828fe6f8d52cf24674231831Mark Andrews4609. [cleanup] Rearrange makefiles to enable parallel execution
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews (i.e. "make -j"). [RT #45078]
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User4608. [func] DiG now warns about .local queries which are reserved
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews for Multicast DNS. [RT #44783]
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont4606. [port] Stop using experimental "Experimental keys on scalar"
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User feature of perl as it has been removed. [RT #45012]
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont4604. [bug] Don't use ERR_load_crypto_strings() when building
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews with OpenSSL 1.1.0. [RT #45117]
5747235bf35e7398984fd6b4632743396895ea7aTinderbox User4603. [doc] Automatically generate named.conf(5) man page
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews from doc/misc/options. Thanks to Tony Finch.
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews4602. [func] Threads are now set to human-readable
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews names to assist debugging, when supported by
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews the OS. [RT #43234]
5747235bf35e7398984fd6b4632743396895ea7aTinderbox User4601. [bug] Reject incorrect RSA key lengths during key
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews generation and and sign/verify context
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews creation. [RT #45043]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews4600. [bug] Adjust RPZ trigger counts only when the entry
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews being deleted exists. [RT #43386]
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User4599. [bug] Fix inconsistencies in inline signing time
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews comparison that were introduced with the
01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrews introduction of rdatasetheader->resign_lsb.
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User4597. [bug] The validator now ignores SHA-1 DS digest type
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater when a DS record with SHA-384 digest type is
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews present and is a supported digest type.
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User4596. [bug] Validate glue before adding it to the additional
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater section. This also fixes incorrect TTL capping
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User when the RRSIG expired earlier than the TTL.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4593. [doc] Update README using markdown, remove outdated FAQ
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User file in favor of the knowledge base.
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User4592. [bug] A race condition on shutdown could trigger an
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews assertion failure in dispatch.c. [RT #43822]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4591. [port] Addressed some python 3 compatibility issues.
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User Thanks to Ville Skytta. [RT #44955] [RT #44956]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User4590. [bug] Support for PTHREAD_MUTEX_ADAPTIVE_NP was not being
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews properly detected. [RT #44871]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4589. [cleanup] "configure -q" is now silent. [RT #44829]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson4588. [bug] nsupdate could send queries for TKEY to the wrong
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User server when using GSSAPI. Thanks to Tomas Hozza.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4587. [bug] named-checkzone failed to handle occulted data below
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User DNAMEs correctly. [RT #44877]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User4586. [func] dig, host and nslookup now use TCP for ANY queries.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4585. [port] win32: Set CompileAS value. [RT #42474]
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater4584. [bug] A number of memory usage statistics were not properly
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User reported when they exceeded 4G. [RT #44750]
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User4574. [bug] Dig leaked memory with multiple +subnet options.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson4555. [func] dig +ednsopt: EDNS options can now be specified by
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User name in addition to numeric value. [RT #44461]
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User --- 9.11.1 released ---
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User --- 9.11.1rc3 released ---
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User4582. [security] 'rndc ""' could trigger a assertion failure in named.
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews (CVE-2017-3138) [RT #44924]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4581. [port] Linux: Add getpid and getrandom to the list of system
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User calls named uses for seccomp. [RT #44883]
70d987def5a58ebeb8243017c0ec2e9b2c326cf4Evan Hunt4580. [bug] 4578 introduced a regression when handling CNAME to
70d987def5a58ebeb8243017c0ec2e9b2c326cf4Evan Hunt referral below the current domain. [RT #44850]
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User --- 9.11.1rc2 released ---
933799f3641f4f78445d015008bad0038900a82aTinderbox User4578. [security] Some chaining (CNAME or DNAME) responses to upstream
f0c5e918974bf778af6cd1e25309ad13e30a79a6Tinderbox User queries could trigger assertion failures.
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews (CVE-2017-3137) [RT #44734]
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User4575. [security] DNS64 with "break-dnssec yes;" can result in an
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater assertion failure. (CVE-2017-3136) [RT #44653]
bac4435d473c9a0281507524f084480c34aa942aTinderbox User --- 9.11.1rc1 released ---
933799f3641f4f78445d015008bad0038900a82aTinderbox User4571. [bug] Out-of-tree builds of backtrace_test failed.
933799f3641f4f78445d015008bad0038900a82aTinderbox User4570. [cleanup] named did not correctly fall back to the built-in
4151211e6649332f7b5a55870cbe37128bcc7b29Tinderbox User initializing keys if the bind.keys file was present
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews but empty. [RT #44531]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4569. [func] Store both local and remote addresses in dnstap
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater logging, and modify dnstap-read output format to
f525041ae26958385b697cf82a30f108577024b6Tinderbox User print them. [RT #43595]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4568. [contrib] Added a --with-bind option to the dnsperf configure
ba8b771c371967dd1254c7fa82ebe4158ee04b24Tinderbox User script to specify BIND prefix path.
3ec8f7777ea2b04fc1ebb63077f0916f63b1011aTinderbox User4567. [port] Call getprotobyname and getservbyname prior to calling
c218e22e3e6cbd409b61a14f1480b5ce5c70bfc1Tinderbox User chroot so that shared libraries get loaded. [RT #44537]
933799f3641f4f78445d015008bad0038900a82aTinderbox User4565. [cleanup] The inline macro versions of isc_buffer_put*()
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater did not implement automatic buffer reallocation.
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater4564. [maint] Update the built in managed keys to include the
ecbc7ebb243a1f8a5dc6f28185ffe9e61d3b2102Mark Andrews upcoming root KSK. [RT #44579]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4563. [bug] Modified zones would occasionally fail to reload.
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews4561. [port] Silence a warning in strict C99 compilers. [RT #44414]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4560. [bug] mdig: add -m option to enable memory debugging rather
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User than having it on all the time. [RT #44509]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4559. [bug] openssl_link.c didn't compile if ISC_MEM_TRACKLINES
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater was turned off. [RT #44509]
5e82fe9a56d17bfbd120817d00d28c5952ab4ddcTinderbox User4558. [bug] Synthesised CNAME before matching DNAME was still
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater being cached when it should not have been. [RT #44318]
f2f7a53ba0ba69cfe8c505eea16f71bad9d8d449Tinderbox User4557. [security] Combining dns64 and rpz can result in dereferencing
c26604a73c4ce907ef6392f38b3fac838b1873a9Tinderbox User a NULL pointer (read). (CVE-2017-3135) [RT#44434]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4554. [bug] Remove double unlock in dns_dispatchmgr_setudp.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews4553. [bug] Named could deadlock there were multiple changes to
bac4435d473c9a0281507524f084480c34aa942aTinderbox User NSEC/NSEC3 parameters for a zone being processed at
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews the same time. [RT #42770]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews4552. [bug] Named could trigger a assertion when sending notify
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater messages. [RT #44019]
933799f3641f4f78445d015008bad0038900a82aTinderbox User4551. [test] Add system tests for integrity checks of MX and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater SRV records. [RT #43953]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews4550. [cleanup] Increased the number of available master file
da59e63e7af147a8bcef985b98b04443e04c3a0eTinderbox User output style flags from 32 to 64. [RT #44043]
757ff043760e4743dda1a10e7d58349275934902Tinderbox User4547. [port] Add support for --enable-native-pkcs11 on the AEP
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews Keyper HSM. [RT #42463]
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews --- 9.11.1b1 released ---
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4545. [func] Expand YAML output from dnstap-read to include
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews a detailed breakdown of the DNS message contents.
1bcc3273a80c256f11d9098a00ba2c041939e233Mark Andrews4544. [bug] Add message/payload size to dnstap-read YAML output.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4543. [bug] dns_client_startupdate now delays sending the update
ba8b771c371967dd1254c7fa82ebe4158ee04b24Tinderbox User request until isc_app_ctxrun has been called.
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User4541. [bug] rndc addzone should properly reject non master/slave
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User zones. [RT #43665]
3857cb6fcabeb79d85de4b3e3e4ab99912b701f8Mark Andrews4540. [bug] Correctly handle ecs entries in dns_acl_isinsecure.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews4539. [bug] Referencing a nonexistent zone with RPZ could lead
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User to a assertion failure when configuring. [RT #43787]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User4538. [bug] Call dns_client_startresolve from client->task.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4537. [bug] Handle timeouts better in dig/host/nslookup. [RT #43576]
ebdf202f2198158ab4d30f22c370a9c63760d071Tinderbox User4536. [bug] ISC_SOCKEVENTATTR_USEMINMTU was not being cleared
8292deab031e7599cd7622aa7675fbe139ca6095Mark Andrews when reusing the event structure. [RT #43885]
c1e2310a3725eeed45e5e7c86750c64c5a02e993Francis Dupont4535. [bug] Address race condition in setting / testing of
c1e2310a3725eeed45e5e7c86750c64c5a02e993Francis Dupont DNS_REQUEST_F_SENDING. [RT #43889]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews4533. [bug] dns_client_update should terminate on prerequisite
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews failures (NXDOMAIN, YXDOMAIN, NXRRSET, YXRRSET)
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont and also on BADZONE. [RT #43865]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews4532. [contrib] Make gen-data-queryperf.py python 3 compatible.
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews4531. [security] 'is_zone' was not being properly updated by redirect2
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews and subsequently preserved leading to an assertion
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews failure. (CVE-2016-9778) [RT #43837]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews4530. [bug] Change 4489 broke the handling of CNAME -> DNAME
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews in responses resulting in SERVFAIL being returned.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews4529. [cleanup] Silence noisy log warning when DSCP probe fails
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews due to firewall rules. [RT #43847]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4528. [bug] Only set the flag bits for the i/o we are waiting
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews for on EPOLLERR or EPOLLHUP. [RT #43617]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831]
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User4526. [doc] Corrected errors and improved formatting of
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews grammar definitions in the ARM. [RT #43739]
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater4525. [doc] Fixed outdated documentation on managed-keys.
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User4524. [bug] The net zero test was broken causing IPv4 servers
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews with addresses ending in .0 to be rejected. [RT #43776]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews4523. [doc] Expand config doc for <querysource4> and
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews <querysource6>. [RT #43768]
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User4522. [bug] Handle big gaps in log file version numbers better.
39cad8fb7d7ff3436bb24ce761354afcb80d295aMark Andrews4521. [cleanup] Log it as an error if an entropy source is not
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews found and there is no fallback available. [RT #43659]
01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrews4520. [cleanup] Alphabetize more of the grammar when printing it
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User out. Fix unbalanced indenting. [RT #43755]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews4519. [port] win32: handle ERROR_MORE_DATA. [RT #43534]
e64202536ea72d8f371dd0df9fc763f8d70bf886Tinderbox User4517. [security] Named could mishandle authority sections that were
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User missing RRSIGs triggering an assertion failure.
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User (CVE-2016-9444) [RT # 43632]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews4516. [bug] isc_socketmgr_renderjson was missing from the
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User windows build. [RT #43602]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews4515. [port] FreeBSD: Find readline headers when they are in
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews edit/readline/ instead of readline/. [RT #43658]
933799f3641f4f78445d015008bad0038900a82aTinderbox User4514. [port] NetBSD: strip -WL, from ld command line. [RT #43204]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4513. [cleanup] Minimum Python versions are now 2.7 and 3.2.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson4512. [bug] win32: @GEOIP_INC@ missing from delv.vcxproj.in.
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User4511. [bug] win32: mdig.exe-BNFT was missing Configure. [RT #43554]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4510. [security] Named mishandled some responses where covering RRSIG
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews records are returned without the requested data
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews resulting in a assertion failure. (CVE-2016-9147)
3a988722ad9e209ba4064604d482dc4efe0e19ebTinderbox User4509. [test] Make the rrl system test more reliable on slower
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington machines by using mdig instead of dig. [RT #43280]
a3ffa9ab0644ae2b52f2e13a00b5e85b879f612fTinderbox User4508. [security] Named incorrectly tried to cache TKEY records which
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont could trigger a assertion failure when there was
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews a class mismatch. (CVE-2016-9131) [RT #43522]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4507. [bug] Named could incorrectly log 'allows updates by IP
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews address, which is insecure' [RT #43432]
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews4505. [port] Use IP_PMTUDISC_OMIT if available. [RT #35494]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4504. [security] Allow the maximum number of records in a zone to
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User be specified. This provides a control for issues
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User raised in CVE-2016-6170. [RT #42143]
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews4503. [cleanup] "make uninstall" now removes files installed by
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews BIND. (This currently excludes Python files
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews due to lack of support in setup.py.) [RT #42912]
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews4502. [func] Report multiple and experimental options when printing
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont grammar. [RT #43134]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4500. [bug] Support modifier I64 in isc__print_printf. [RT #43526]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4499. [port] MacOSX: silence deprecated function warning
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington by using arc4random_stir() when available
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington instead of arc4random_addrandom(). [RT #43503]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4498. [test] Simplify prerequisite checks in system tests.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4497. [port] Add support for OpenSSL 1.1.0. [RT #41284]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4496. [func] dig: add +idnout to control whether labels are
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington display in punycode or not. Requires idn support
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to be enabled at compile time. [RT #43398]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4495. [bug] A isc_mutex_init call was not being checked.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4494. [bug] Look for <editline/readline.h>. [RT #43429]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4493. [bug] bin/tests/system/dyndb/driver/Makefile.in should use
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington SO_TARGETS. [RT# 43336]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4492. [bug] irs_resconf_load failed to initialize sortlistnxt
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington causing bad writes if resolv.conf contained a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington sortlist directive. [RT #43459]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4491. [bug] Improve message emitted when testing whether sendmsg
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington works with TOS/TCLASS fails. [RT #43483]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4490. [maint] Added AAAA (2001:500:12::d0d) for G.ROOT-SERVERS.NET.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4489. [security] It was possible to trigger assertions when processing
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington a response containing a DNAME answer. (CVE-2016-8864)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4488. [port] Darwin: use -framework for Kerberos. [RT #43418]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4487. [test] Make system tests work on Windows. [RT #42931]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4486. [bug] Look in $prefix/lib/pythonX.Y/site-packages for
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the python modules we install. [RT #43330]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4485. [bug] Failure to find readline when requested should be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington fatal to configure. [RT #43328]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4484. [func] Check prefixes in acls to make sure the address and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington prefix lengths are consistent. Warn only in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington BIND 9.11 and earlier. [RT #43367]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4483. [bug] Address use before require check and remove extraneous
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington dns_message_gettsigkey call in dns_tsig_sign.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4482. [cleanup] Change #4455 was incomplete. [RT #43252]
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews4478. [func] Add +continue option to mdig, allow continue on socket
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User errors. [RT #43281]
646fed0d28be4387e3e32fb0f5732a1f58b572baTinderbox User4477. [test] Fix mkeys test timing issues. [RT #41028]
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater4476. [test] Fix reclimit test on slower machines. [RT #43283]
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater4475. [doc] Update named-checkconf documentation. [RT #43153]
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater4474. [bug] win32: call WSAStartup in fromtext_in_wks so that
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User getprotobyname and getservbyname work. [RT #43197]
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater4473. [bug] Only call fsync / _commit on regular files. [RT #43196]
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater4472. [bug] Named could fail to find the correct NSEC3 records when
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater a zone was updated between looking for the answer and
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater looking for the NSEC3 records proving nonexistence
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater of the answer. [RT #43247]
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews --- 9.11.0 released ---
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User --- 9.11.0rc3 released ---
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User4471. [cleanup] Render client/query logging format consistent for
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User ease of log file parsing. (Note that this affects
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User "querylog" format: there is now an additional field
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User indicating the client object address.) [RT #43238]
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User4470. [bug] Reset message with intent parse before
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User calling dns_dispatch_getnext. [RT #43229]
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User --- 9.11.0rc2 released ---
a450977e98155f6e828fe6f8d52cf24674231831Mark Andrews4468. [bug] Address ECS option handling issues. [RT #43191]
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User4467. [security] It was possible to trigger an assertion when
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User rendering a message. (CVE-2016-2776) [RT #43139]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews4466. [bug] Interface scanning didn't work on a Windows system
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews without a non local IPv6 addresses. [RT #43130]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4465. [bug] Don't use "%z" as Windows doesn't support it.
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User4464. [bug] Fix windows python support. [RT #43173]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4463. [bug] The dnstap system test failed on some systems.
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4462. [bug] Don't describe a returned EDNS COOKIE as "good"
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont when there isn't a valid server cookie. [RT #43167]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4461. [bug] win32: not all external data was properly marked
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews as external data for windows dll. [RT #43161]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews --- 9.11.0rc1 released ---
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4460. [test] Add system test for dnstap using unix domain sockets.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4459. [bug] TCP client objects created to handle pipeline queries
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User were not cleaned up correctly, causing uncontrolled
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont memory growth. [RT #43106]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4458. [cleanup] Update assertions to be more correct, and also remove
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont use of a reserved word. [RT #43090]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4457. [maint] Added AAAA (2001:500:a8::e) for E.ROOT-SERVERS.NET.
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4456. [doc] Add DOCTYPE and lang attribute to <html> tags.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4455. [cleanup] Allow dyndb modules to correctly log the filename
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and line number when processing configuration text
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington from named.conf. [RT #43050]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4454. [bug] 'rndc dnstap -reopen' had a race issue. [RT #43089]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4453. [bug] Prefetching of DS records failed to update their
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington RRSIGs. [RT #42865]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4452. [bug] The default key manager policy file is now
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <sysdir>/dnssec-policy.conf (usually
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4451. [cleanup] Log more useful information if a PKCS#11 provider
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington library cannot be loaded. [RT #43076]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4450. [port] Provide more nuanced HSM support which better matches
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews the specific PKCS11 providers capabilities. [RT #42458]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4449. [test] Fix catalog zones test on slower systems. [RT #42997]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4448. [bug] win32: ::1 was not being found when iterating
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews interfaces. [RT #42993]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4447. [tuning] Allow the fstrm_iothr_init() options to be set using
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews named.conf to control how dnstap manages the data
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User flow. [RT #42974]
33d1cff1dd63494ffa00fac695a793f00c4ebf0bTinderbox User4446. [bug] The cache_find() and _findrdataset() functions
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews could find rdatasets that had been marked stale.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4445. [cleanup] isc_errno_toresult() can now be used to call the
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews formerly private function isc__errno2result().
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4444. [bug] Fixed some issues related to dyndb: A bug caused
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater braces to be omitted when passing configuration text
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont from named.conf to a dyndb driver, and there was a
bac4435d473c9a0281507524f084480c34aa942aTinderbox User use-after-free in the sample dyndb driver. [RT #43050]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4443. [func] Set TCP_MAXSEG in addition to IPV6_USE_MIN_MTU on
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews TCP sockets. [RT #42864]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4442. [bug] Fix RPZ CIDR tree insertion bug that corrupted
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington tree data structure with overlapping networks
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (longest prefix match was ineffective).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4441. [cleanup] Alphabetize host's help output. [RT #43031]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4440. [func] Enable TCP fast open support when available on the
b7aab05edae933e169d5f83c653935b17c7f0a8bMark Andrews server side. [RT #42866]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4439. [bug] Address race conditions getting ownernames of nodes.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews4438. [func] Use LIFO rather than FIFO when processing startup
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington notify and refresh queries. [RT #42825]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews4437. [func] Minimal-responses now has two additional modes
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington no-auth and no-auth-recursive which suppress
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington adding the NS records to the authority section
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington as well as the associated address records for the
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont nameservers. [RT #42005]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4436. [func] Return TLSA records as additional data for MX and SRV
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews lookups. [RT #42894]
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User4435. [tuning] Only set IPV6_USE_MIN_MTU for UDP when the message
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews will not fit into a single IPv4 encapsulated IPv6
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington UDP packet when transmitted over a Ethernet link.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4434. [protocol] Return EDNS EXPIRE option for master zones in addition
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to slave zones. [RT #43008]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4433. [cleanup] Report an error when passing an invalid option or
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington view name to "rndc dumpdb". [RT #42958]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4432. [test] Hide rndc output on expected failures in logfileconfig
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater system test. [RT #27996]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4431. [bug] named-checkconf now checks the rate-limit clause.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4430. [bug] Lwresd died if a search list was not defined.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Found by 0x710DDDD At Alibaba Security. [RT #42895]
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User4429. [bug] Address potential use after free on fclose() error.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews4428. [bug] The "test dispatch getnext" unit test could fail
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews in a threaded build. [RT #42979]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4427. [bug] The "query" and "response" parameters to the
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont "dnstap" option had their functions reversed.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews --- 9.11.0b3 released ---
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4426. [bug] Addressed Coverity warnings. [RT #42908]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4425. [bug] arpaname, dnstap-read and named-rrchecker were not
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont being installed into ${prefix}/bin. Tidy up
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont installation issues with CHANGE 4421. [RT #42910]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4424. [experimental] Named now sends _ta-XXXX.<trust-anchor>/NULL queries
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews to provide feedback to the trust-anchor administrators
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington about how key rollovers are progressing as per
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews draft-ietf-dnsop-edns-key-tag-02. This can be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington disabled using 'trust-anchor-telemetry no;'.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews4423. [maint] Added missing IPv6 address 2001:500:84::b for
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews4422. [port] Silence clang warnings in dig.c and dighost.c.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4421. [func] When built with LMDB (Lightning Memory-mapped
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Database), named will now use a database to store
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the configuration for zones added by "rndc addzone"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington instead of using a flat NZF file. This improves
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington performance of "rndc delzone" and "rndc modzone"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington significantly. Existing NZF files will
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington automatically by converted to NZD databases.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington To view the contents of an NZD or to roll back to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington NZF format, use "named-nzd2nzf". To disable
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington this feature, use "configure --without-lmdb".
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4420. [func] nslookup now looks for AAAA as well as A by default.
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews4419. [bug] Don't cause undefined result if the label of an
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User entry in catalog zone is changed. [RT #42708]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4418. [bug] Fix a compiler warning in GSSAPI code. [RT #42879]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User4417. [bug] dnssec-keymgr could fail to create successor keys
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont if the prepublication interval was set to a value
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User smaller than the default. [RT #42820]
757ff043760e4743dda1a10e7d58349275934902Tinderbox User4416. [bug] dnssec-keymgr: Domain names in policy files could
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews fail to match due to trailing dots. [RT #42807]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4415. [bug] dnssec-keymgr: Expired/deleted keys were not always
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews excluded. [RT #42884]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4414. [bug] Corrected a bug in the MIPS implementation of
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews isc_atomic_xadd(). [RT #41965]
22d32791e5daa0bc80335a0f10ab2de95f41ccdbTinderbox User4413. [bug] GSSAPI negotiation could fail if GSS_S_CONTINUE_NEEDED
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont was returned. [RT #42733]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews --- 9.11.0b2 released ---
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews4412. [cleanup] Make fixes for GCC 6. ISC_OFFSET_MAXIMUM macro was
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews removed. [RT #42721]
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews4411. [func] "rndc dnstap -roll" automatically rolls the
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User dnstap output file; the previous version is
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews saved with ".0" suffix, and earlier versions
1fdd58445074579ee3b65c871137a7a1740eb542Mark Andrews with ".1" and so on. An optional numeric argument
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User indicates how many prior files to save. [RT #42830]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User4410. [bug] Address use after free and memory leak with dnstap.
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4409. [bug] DNS64 should exclude mapped addresses by default when
ec8755f605d7dcb2de1076040e77bc2d7ec33b4aTinderbox User an exclude acl is not defined. [RT #42810]
ba8b771c371967dd1254c7fa82ebe4158ee04b24Tinderbox User4408. [func] Continue waiting for expected response when we the
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User response we get does not match the request. [RT #41026]
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater4407. [performance] Use GCC builtin for clz in RPZ lookup code.
91faa748a27dee38f6caea461d3e87f15b93abeaTinderbox User4406. [security] getrrsetbyname with a non absolute name could
1a63fb1d1448ed3f8fd7227ae57be67c2e71279eMark Andrews trigger an infinite recursion bug in lwresd
1a63fb1d1448ed3f8fd7227ae57be67c2e71279eMark Andrews and named with lwres configured if when combined
9e898948ed76bf5f175bf178866c90c449843c3eTinderbox User with a search list entry the resulting name is
f33f2b8afe60de897c53cdcb17911f10b552699fTinderbox User too long. (CVE-2016-2775) [RT #42694]
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews4405. [bug] Change 4342 introduced a regression where you could
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews not remove a delegation in a NSEC3 signed zone using
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews OPTOUT via nsupdate. [RT #42702]
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews4404. [misc] Allow krb5-config to be used when configuring gssapi.
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews4403. [bug] Rename variables and arguments that shadow: basename,
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews clone and gai_error.
7c8e44a2dc1121dbe3b615c9c934f37fb1741bb9Tinderbox User4402. [bug] protoc-c is now a hard requirement for --enable-dnstap.
93089a352d6903b0d7845a039de4ec2df9a0e35aTinderbox User --- 9.11.0b1 released ---
e8c17c74535be290abaaa160a434ed80bf0ad2feMark Andrews4401. [misc] Change LICENSE to MPL 2.0.
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater4400. [bug] ttl policy was not being inherited in policy.py.
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater4399. [bug] policy.py 'ECCGOST', 'ECDSAP256SHA256', and
9e898948ed76bf5f175bf178866c90c449843c3eTinderbox User 'ECDSAP384SHA384' don't have settable keysize.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater4398. [bug] Correct spelling of ECDSAP256SHA256 in policy.py.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater4397. [bug] Update Windows python support. [RT #42538]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater4396. [func] dnssec-keymgr now takes a '-r randomfile' option.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater4395. [bug] Improve out-of-tree installation of python modules.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater4394. [func] Add rndc command "dnstap-reopen" to close and
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater reopen dnstap output files. [RT #41803]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater4393. [bug] Address potential NULL pointer dereferences in
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater4392. [func] Collect statistics for RSSAC02v3 traffic-volume,
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater traffic-sizes and rcode-volume reporting. [RT #41475]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater4391. [contrib] Fix leaks in contrib DLZ code. [RT #42707]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater4390. [doc] Description of masters with TSIG, allow-query and
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater allow-transfer options in catalog zones. [RT #42692]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater4389. [test] Rewritten test suite for catalog zones. [RT #42676]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater4388. [func] Support for master entries with TSIG keys in catalog
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater zones. [RT #42577]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater4387. [bug] Change 4336 was not complete leading to SERVFAIL
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater being return as NS records expired. [RT #42683]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater4386. [bug] Remove shadowed overmem function/variable. [RT #42706]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater4385. [func] Add support for allow-query and allow-transfer ACLs
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater to catalog zones. [RT #42578]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater4384. [bug] Change 4256 accidentally disabled logging of the
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater rndc command. [RT #42654]
bbc0e1c4f47f101c4a64db3469352c49a49e734fTinderbox User4383. [bug] Correct spelling error in stats channel description of
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater "EDNS client subnet option received". [RT #42633]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater4382. [bug] rndc {addzone,modzone,delzone,showzone} should all
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User compare the zone name using a canonical format.
1404d301dd9e7e487a247b803f63909cd10cdf72Tinderbox User4381. [bug] Missing "zone-directory" option in catalog zone
3040b455151b1e1173193933664b2891b6159f24Mark Andrews definition caused BIND to crash. [RT #42579]
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater --- 9.11.0a3 released ---
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews4380. [experimental] Added a "zone-directory" option to "catalog-zones"
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews syntax, allowing local masterfiles for slaves
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews that are provisioned by catalog zones to be stored
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater in a directory other than the server's working
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater directory. [RT #42527]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater4379. [bug] An INSIST could be triggered if a zone contains
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater RRSIG records with expiry fields that loop
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater using serial number arithmetic. [RT #40571]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User4378. [contrib] #include <isc/string.h> for strlcat in zone2ldap.c.
4ea3649f028ea6a1e42377082a7ccf8f789fb950Automatic Updater4377. [bug] Don't reuse zero TTL responses beyond the current
40072ce70bc4125329addb4aaa56d18a1230bc17Automatic Updater client set (excludes ANY/SIG/RRSIG queries).
1404d301dd9e7e487a247b803f63909cd10cdf72Tinderbox User4376. [experimental] Added support for Catalog Zones, a new method for
1404d301dd9e7e487a247b803f63909cd10cdf72Tinderbox User provisioning secondary servers in which a list of
60d5d17479b47c03b9c7c86f54269718103750b8Automatic Updater zones to be served is stored in a DNS zone and can
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater be propagated to slaves via AXFR/IXFR. [RT #41581]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater4375. [func] Add support for automatic reallocation of isc_buffer
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater to isc_buffer_put* functions. [RT #42394]
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater4374. [bug] Use SAVE/RESTORE macros in query.c to reduce the
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater probability of reference counting errors as seen
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater in 4365. [RT #42405]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater4373. [bug] Address undefined behavior in getaddrinfo. [RT #42479]
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater4372. [bug] Address undefined behavior in libt_api. [RT #42480]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater4371. [func] New "minimal-any" option reduces the size of UDP
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater responses for qtype ANY by returning a single
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater arbitrarily selected RRset instead of all RRsets.
1404d301dd9e7e487a247b803f63909cd10cdf72Tinderbox User Thanks to Tony Finch. [RT #41615]
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater4370. [bug] Address python3 compatibility issues with RNDC module.
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater [RT #42499] [RT #42506]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater --- 9.11.0a2 released ---
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews4369. [bug] Fix 'make' and 'make install' out-of-tree python
3040b455151b1e1173193933664b2891b6159f24Mark Andrews support. [RT #42484]
3e1a17d65ec6227900f388ba2f7561365f7d4f5cTinderbox User4368. [bug] Fix a crash when calling "rndc stats" on some
33d1cff1dd63494ffa00fac695a793f00c4ebf0bTinderbox User Windows builds because some Visual Studio compilers
8aa098c6334de11c8fd117d30851cc457813c410Mark Andrews generated crashing code for the "%z" printf()
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont format specifier. [RT #42380]
8aa098c6334de11c8fd117d30851cc457813c410Mark Andrews4367. [bug] Remove unnecessary assignment of loadtime in
8aa098c6334de11c8fd117d30851cc457813c410Mark Andrews zone_touched. [RT #42440]
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User4366. [bug] Address race condition when updating rbtnode bit
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington fields. [RT #42379]
cc17f4a672fc4ce67327902dd797c4465f12c4c9Mark Andrews4365. [bug] Address zone reference counting errors involving
4fe0411487e8e4401477684c0a2bac041ca7c2d5Tinderbox User nxdomain-redirect. [RT #42258]
4fe0411487e8e4401477684c0a2bac041ca7c2d5Tinderbox User4364. [port] freebsd: add -Wl,-E to loader flags [RT #41690]
4fe0411487e8e4401477684c0a2bac041ca7c2d5Tinderbox User4363. [port] win32: Disable explicit triggering UAC when running
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews BINDInstall.
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews4362. [func] Changed rndc reconfig behavior so that newly added
fa0326cc2cf428f67575b6ba3b97b528a31b0010Tinderbox User zones are loaded asynchronously and the loading does
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews not block the server. [RT #41934]
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews4361. [cleanup] Where supported, file modification times returned
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews by isc_file_getmodtime() are now accurate to the
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews nanosecond. [RT #41968]
f45f40ec2814a5ff1ed443c968772a1b2e25c462Mark Andrews4360. [bug] Silence spurious 'bad key type' message when there is
f45f40ec2814a5ff1ed443c968772a1b2e25c462Mark Andrews a existing TSIG key. [RT #42195]
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User4359. [bug] Inherited 'also-notify' lists were not being checked
2bd56b2684882faf74a2b29cb0914e6671d8005bTinderbox User by named-checkconf. [RT #42174]
bac4435d473c9a0281507524f084480c34aa942aTinderbox User4358. [test] Added American Fuzzy Lop harness that allows
169f44b082b340b952e26c0fdb930c102a957752Mark Andrews feeding fuzzed packets into BIND.
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews4357. [func] Add the python RNDC module. [RT #42093]
11b6b0d74bb8dd6bd1ce0b60ba7f9b66323f06d4Tinderbox User4356. [func] Add the ability to specify whether to wait for
11b6b0d74bb8dd6bd1ce0b60ba7f9b66323f06d4Tinderbox User nameserver addresses to be looked up or not to
fedd407a76adfdd745eb7d2461673693c6f9fea9Mark Andrews RPZ with a new modifying directive 'nsip-wait-recurse'.
05d81eae94425a5124e07626af4bcc178960bd0eMark Andrews4355. [func] "pkcs11-list" now displays the extractability
05d81eae94425a5124e07626af4bcc178960bd0eMark Andrews attribute of private or secret keys stored in
05d81eae94425a5124e07626af4bcc178960bd0eMark Andrews an HSM, as either "true", "false", or "never"
05d81eae94425a5124e07626af4bcc178960bd0eMark Andrews Thanks to Daniel Stirnimann. [RT #36557]
05d81eae94425a5124e07626af4bcc178960bd0eMark Andrews4354. [bug] Check that the received HMAC length matches the
05d81eae94425a5124e07626af4bcc178960bd0eMark Andrews expected length prior to check the contents on the
05d81eae94425a5124e07626af4bcc178960bd0eMark Andrews control channel. This prevents a OOB read error.
05d81eae94425a5124e07626af4bcc178960bd0eMark Andrews This was reported by Lian Yihan, <lianyihan@360.cn>.
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User4353. [cleanup] Update PKCS#11 header files. [RT #42175]
789875a1bd6d50c00d3bd883cad17ead1d3c21cdMark Andrews4352. [cleanup] The ISC DNSSEC Lookaside Validation (DLV) service
789875a1bd6d50c00d3bd883cad17ead1d3c21cdMark Andrews is scheduled to be disabled in 2017. A warning is
c0cc232ba92b92c1c5a48d49449ef56f7ca05b56Tinderbox User now logged when named is configured to use it,
76fbdc591b3d46df28878a6ff844798622b85265Tinderbox User either explicitly or via "dnssec-lookaside auto;"
1efe84be7849c5327001ad7dbad93d92c66c1389Mark Andrews4351. [bug] 'dig +noignore' didn't work. [RT #42273]
7e8129652903780873ba91f379f9ffca1f59773cMark Andrews4350. [contrib] Declare result in dlz_filesystem_dynamic.c.
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews4349. [contrib] kasp2policy: A python script to create a DNSSEC
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews policy file from an OpenDNSSEC KASP XML file.
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews4348. [func] dnssec-keymgr: A new python-based DNSSEC key
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews management utility, which reads a policy definition
3040b455151b1e1173193933664b2891b6159f24Mark Andrews file and can create or update DNSSEC keys as needed
1efe84be7849c5327001ad7dbad93d92c66c1389Mark Andrews to ensure that a zone's keys match policy, roll over
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews correctly on schedule, etc. Thanks to Sebastian
1efe84be7849c5327001ad7dbad93d92c66c1389Mark Andrews Castro for assistance in development. [RT #39211]
f6ba5791728d244650c1887d8dd8ed771fd50a1dMark Andrews4347. [port] Corrected a build error on x86_64 Solaris. [RT #42150]
95c3a5e116c1da135f669c3f15398172fac6279dMark Andrews4346. [bug] Fixed a regression introduced in change #4337 which
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User caused signed domains with revoked KSKs to fail
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt validation. [RT #42147]
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt4345. [contrib] perftcpdns mishandled the return values from
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt clock_nanosleep. [RT #42131]
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt4344. [port] Address openssl version differences. [RT #42059]
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt4343. [bug] dns_dnssec_syncupdate mis-declared in <dns/dnssec.h>.
9e898948ed76bf5f175bf178866c90c449843c3eTinderbox User4342. [bug] 'rndc flushtree' could fail to clean the tree if there
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt wasn't a node at the specified name. [RT #41846]
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt --- 9.11.0a1 released ---
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4341. [bug] Correct the handling of ECS options with
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater address family 0. [RT #41377]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4340. [performance] Implement adaptive read-write locks, reducing the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater overhead of locks that are only held briefly.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4339. [test] Use "mdig" to test pipelined queries. [RT #41929]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4338. [bug] Reimplement change 4324 as it wasn't properly doing
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater all the required book keeping. [RT #41941]
9c2cf9e2017e6dd196e3b866808f32c6206eeedcMark Andrews4337. [bug] The previous change exposed a latent flaw in
9c2cf9e2017e6dd196e3b866808f32c6206eeedcMark Andrews key refresh queries for managed-keys when
9c2cf9e2017e6dd196e3b866808f32c6206eeedcMark Andrews a cached DNSKEY had TTL 0. [RT #41986]
cb40461f8744c5aeb369b84d5f48395a13a221a0Mark Andrews4336. [bug] Don't emit records with zero ttl unless the records
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews were learnt with a zero ttl. [RT #41687]
9f8051ea406dc3d98bb205df82cfc4d668a25d6eTinderbox User4335. [bug] zone->view could be detached too early. [RT #41942]
8f3657636521817d2971ae29aa3fb66e33709753Mark Andrews4334. [func] 'named -V' now reports zlib version. [RT #41913]
c19bf21885cdf78b52eee017dc1189a300657995Tinderbox User4333. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42 and
f525041ae26958385b697cf82a30f108577024b6Tinderbox User 2001:500:9f::42.
be0d1ec971748020cb0382e02b4642b493ea1e7bTinderbox User4332. [placeholder]
f525041ae26958385b697cf82a30f108577024b6Tinderbox User4331. [func] When loading managed signed zones detect if the
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews RRSIG's inception time is in the future and regenerate
5b56652059e2c22185a0b2bb1f5e58eb89a44426Tinderbox User the RRSIG immediately. [RT #41808]
c78c39caab4cf8b5daefc9c65878f7f5ed3eb7a0Tinderbox User4330. [protocol] Identify the PAD option as "PAD" when printing out
9f8051ea406dc3d98bb205df82cfc4d668a25d6eTinderbox User4329. [func] Warn about a common misconfiguration when forwarding
f525041ae26958385b697cf82a30f108577024b6Tinderbox User RFC 1918 zones. [RT #41441]
ff62ab3c2e6274f19190ded15548c723d38bbbe3Automatic Updater4328. [performance] Add dns_name_fromwire() benchmark test. [RT #41694]
ee23b913b6acccad68cf5af480b9e289a3d00510Tinderbox User4327. [func] Log query and depth counters during fetches when
9a5217f827ac0e006016745e5305b31dc0c7767fTinderbox User querytrace (./configure --enable-querytrace) is
e20309353e6246485c521278131d3fced73d7957Tinderbox User enabled (helps in diagnosing). [RT #41787]
ee23b913b6acccad68cf5af480b9e289a3d00510Tinderbox User4326. [protocol] Add support for AVC. [RT #41819]
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User4325. [func] Add a line to "rndc status" indicating the
9e8ee4ffd77aa2974cecbdbb2b122156b8d3a27aTinderbox User hostname and operating system details. [RT #41610]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User4324. [bug] When deleting records from a zone database, interior
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User nodes could be left empty but not deleted, damaging
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User search performance afterward. [RT #40997]
bac4435d473c9a0281507524f084480c34aa942aTinderbox User4323. [bug] Improve HTTP header processing on statschannel.
21b353c36cb484d022a0df8cb39c602649a46ae6Tinderbox User4322. [security] Duplicate EDNS COOKIE options in a response could
ecbc7ebb243a1f8a5dc6f28185ffe9e61d3b2102Mark Andrews trigger an assertion failure. (CVE-2016-2088)
ecbc7ebb243a1f8a5dc6f28185ffe9e61d3b2102Mark Andrews4321. [bug] Zones using mapped files containing out-of-zone data
ecbc7ebb243a1f8a5dc6f28185ffe9e61d3b2102Mark Andrews could return SERVFAIL instead of the expected NODATA
ecbc7ebb243a1f8a5dc6f28185ffe9e61d3b2102Mark Andrews or NXDOMAIN results. [RT #41596]
c0cc232ba92b92c1c5a48d49449ef56f7ca05b56Tinderbox User4320. [bug] Insufficient memory allocation when handling
ce67023ae3ad39a77da5361d0187ab6f3f0219cbMark Andrews "none" ACL could cause an assertion failure in
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews named when parsing ACL configuration. [RT #41745]
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews4319. [security] Fix resolver assertion failure due to improper
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews DNAME handling when parsing fetch reply messages.
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews (CVE-2016-1286) [RT #41753]
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews4318. [security] Malformed control messages can trigger assertions
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews in named and rndc. (CVE-2016-1285) [RT #41666]
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews4317. [bug] Age all unused servers on fetch timeout. [RT #41597]
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews4316. [func] Add option to tools to print RRs in unknown
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews presentation format [RT #41595].
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews4315. [bug] Check that configured view class isn't a meta class.
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews [RT #41572].
95c3a5e116c1da135f669c3f15398172fac6279dMark Andrews4314. [contrib] Added 'dnsperf-2.1.0.0-1', a set of performance
95c3a5e116c1da135f669c3f15398172fac6279dMark Andrews testing tools provided by Nominum, Inc.
95c3a5e116c1da135f669c3f15398172fac6279dMark Andrews4313. [bug] Handle ns_client_replace failures in test mode.
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt4312. [bug] dig's unknown DNS and EDNS flags (MBZ value) logging
d585233c52e283d9a8849f16f04f452419a2484eTinderbox User was not consistent. [RT #41600]
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews4311. [bug] Prevent "rndc delzone" from being used on
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User response-policy zones. [RT #41593]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User4310. [performance] Use __builtin_expect() where available to annotate
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User conditions with known behavior. [RT #41411]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4309. [cleanup] Remove the spurious "none" filename from log messages
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater when processing built-in configuration. [RT #41594]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4308. [func] Added operating system details to "named -V"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater output. [RT #41452]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User4307. [bug] "dig +subnet" and "mdig +subnet" could send
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User incorrectly-formatted Client Subnet options
fa0326cc2cf428f67575b6ba3b97b528a31b0010Tinderbox User if the prefix length was not divisible by 8.
fca737c98d2be3ef944cc96320c040fdb5f160e3Tinderbox User Also fixed a memory leak in "mdig". [RT #45178]
fca737c98d2be3ef944cc96320c040fdb5f160e3Tinderbox User4306. [maint] Added a PKCS#11 openssl patch supporting
fca737c98d2be3ef944cc96320c040fdb5f160e3Tinderbox User version 1.0.2f [RT #38312]
fca737c98d2be3ef944cc96320c040fdb5f160e3Tinderbox User4305. [bug] dnssec-signzone was not removing unnecessary rrsigs
fca737c98d2be3ef944cc96320c040fdb5f160e3Tinderbox User from the zone's apex. [RT #41483]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4304. [port] xfer system test failed as 'tail -n +value' is not
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater portable. [RT #41315]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4303. [bug] "dig +subnet" was unable to send a prefix length of
3040b455151b1e1173193933664b2891b6159f24Mark Andrews zero, as it was incorrectly changed to 32 for v4
88d58d79c5bc7ce3c20a42461a5070116c736836Automatic Updater prefixes or 128 for v6 prefixes. In addition to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater fixing this, "dig +subnet=0" has been added as a
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater short form for 0.0.0.0/0. The same changes have
3040b455151b1e1173193933664b2891b6159f24Mark Andrews also been made in "mdig". [RT #41553]
48b36fa08b2b5bc0d552dc2a4425b3f7007b3d59Automatic Updater4302. [port] win32: fixed a build error in VS 2015. [RT #41426]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4301. [bug] dnssec-settime -p [DP]sync was not working. [RT #41534]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4300. [bug] A flag could be set in the wrong field when setting
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater up non-recursive queries; this could cause the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater SERVFAIL cache to cache responses it shouldn't.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater New querytrace logging has been added which
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater identified this error. [RT #41155]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User4299. [bug] Check that exactly totallen bytes are read when
48b36fa08b2b5bc0d552dc2a4425b3f7007b3d59Automatic Updater reading a RRset from raw files in both single read
9fa39c73fc1d8bc44fdbbb79a1d26b837e7dd555Mark Andrews and incremental modes. [RT #41402]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4298. [bug] dns_rpz_add errors in loadzone were not being
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt propagated up the call stack. [RT #41425]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User4297. [test] Ensure delegations in RPZ zones fail robustly.
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater4296. [bug] TCP packet sizes were calculated incorrectly in the
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater stats channel; they could be counted in the wrong
3040b455151b1e1173193933664b2891b6159f24Mark Andrews histogram bucket. [RT #40587]
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt4295. [bug] An unchecked result in dns_message_pseudosectiontotext()
3040b455151b1e1173193933664b2891b6159f24Mark Andrews could allow incorrect text formatting of EDNS EXPIRE
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User options. [RT #41437]
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews4294. [bug] Fixed a regression in which "rndc stop -p" failed
d2247b4740cc5f740bf7d89ef9ce67fef015c95cMark Andrews to print the PID. [RT #41513]
d2247b4740cc5f740bf7d89ef9ce67fef015c95cMark Andrews4293. [bug] Address memory leak on priming query creation failure.
8bc194b266a17f89e6c54469d4dfbb408070f39eMark Andrews4292. [placeholder]
e6fc17ec5ad5ba1c4bf5730b2b97c82d1f2b8f3cMark Andrews4291. [cleanup] Added a required include to dns/forward.h. [RT #41474]
d2247b4740cc5f740bf7d89ef9ce67fef015c95cMark Andrews4290. [func] The timers returned by the statistics channel
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User (indicating current time, server boot time, and
7c8e44a2dc1121dbe3b615c9c934f37fb1741bb9Tinderbox User most recent reconfiguration time) are now reported
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater with millisecond accuracy. [RT #40082]
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater4289. [bug] The server could crash due to memory being used
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User after it was freed if a zone transfer timed out.
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4288. [bug] Fixed a regression in resolver.c:possibly_mark()
3040b455151b1e1173193933664b2891b6159f24Mark Andrews which caused known-bogus servers to be queried
213dd665a9f45c3acb5f6c5f853bbbd5fd1598a2Tinderbox User anyway. [RT #41321]
e5bf83fe0bbca838a0749e9071bd76d9ee0fb59bFrancis Dupont4287. [bug] Silence an overly noisy log message when message
e5bf83fe0bbca838a0749e9071bd76d9ee0fb59bFrancis Dupont parsing fails. [RT #41374]
4dca64bb8991502db368028aeeba2f832d3b971dAutomatic Updater4286. [security] render_ecs errors were mishandled when printing out
e5bf83fe0bbca838a0749e9071bd76d9ee0fb59bFrancis Dupont a OPT record resulting in a assertion failure.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User (CVE-2015-8705) [RT #41397]
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater4285. [security] Specific APL data could trigger a INSIST.
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater (CVE-2015-8704) [RT #41396]
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater4284. [bug] Some GeoIP options were incorrectly documented
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater using abbreviated forms which were not accepted by
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater named. The code has been updated to allow both
7169f76a893666eb20fc7750782e7f411db742d6Tinderbox User long and abbreviated forms. [RT #41381]
7169f76a893666eb20fc7750782e7f411db742d6Tinderbox User4283. [bug] OPENSSL_config is no longer re-callable. [RT #41348]
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater4282. [func] 'dig +[no]mapped' determine whether the use of mapped
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater IPv4 addresses over IPv6 is permitted or not. The
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater default is +mapped. [RT #41307]
2ba8f584b97cbab864570e38fd26b8cb90961428Tinderbox User4281. [bug] Teach dns_message_totext about BADCOOKIE. [RT #41257]
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater4280. [performance] Use optimal message sizes to improve compression
3040b455151b1e1173193933664b2891b6159f24Mark Andrews in AXFRs. This reduces network traffic. [RT #40996]
2ba8f584b97cbab864570e38fd26b8cb90961428Tinderbox User4279. [test] Don't use fixed ports when unit testing. [RT #41194]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4278. [bug] 'delv +short +[no]split[=##]' didn't work as expected.
d2f313886122eeb989e5c58cd9a70373222210c4Tinderbox User4277. [performance] Improve performance of the RBT, the central zone
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User datastructure: The aux hashtable was improved,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater hash function was updated to perform more
8eb631bc4a219650906a6dc6ca51af3034b6ba54Tinderbox User uniform mapping, uppernode was added to
3040b455151b1e1173193933664b2891b6159f24Mark Andrews dns_rbtnode, and other cleanups and performance
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater improvements were made. [RT #41165]
a450977e98155f6e828fe6f8d52cf24674231831Mark Andrews4276. [protocol] Add support for SMIMEA. [RT #40513]
a450977e98155f6e828fe6f8d52cf24674231831Mark Andrews4275. [performance] Lazily initialize dns_compress->table only when
a450977e98155f6e828fe6f8d52cf24674231831Mark Andrews compression is enabled. [RT #41189]
a450977e98155f6e828fe6f8d52cf24674231831Mark Andrews4274. [performance] Speed up typemap processing from text. [RT #41196]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater4273. [bug] Only call dns_test_begin() and dns_test_end() once each
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in nsec3_test as it fails with GOST if called multiple
8eb631bc4a219650906a6dc6ca51af3034b6ba54Tinderbox User4272. [bug] dig: the +norrcomments option didn't work with +multi.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4271. [test] Unit tests could deadlock in isc__taskmgr_pause().
e171a4137c6ba348957e61b7c4c3541493c0da02Automatic Updater4270. [security] Update allowed OpenSSL versions as named is
c53a6f37deaa396660adb6a4ca600c4a58adfd3fAutomatic Updater potentially vulnerable to CVE-2015-3193.
7fdbd6fc9df8728852ccaecb2d66241ab96a4084Tinderbox User4269. [bug] Zones using "map" format master files currently
e21f41f6504b3381be86cbe7f457f9ee1fff947bTinderbox User don't work as policy zones. This limitation has
e21f41f6504b3381be86cbe7f457f9ee1fff947bTinderbox User now been documented; attempting to use such zones
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in "response-policy" statements is now a
19ad308d84cbf446a144e5a91f2032389a9d65c1Tinderbox User configuration error. [RT #38321]
22bed5c0fa8aa33ebca97235c0509db335440811Tinderbox User4268. [func] "rndc status" now reports the path to the
b3386fba31414344f38f0c30849c056dceb22dceTinderbox User configuration file. [RT #36470]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4267. [test] Check sdlz error handling. [RT #41142]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater4266. [placeholder]
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater4265. [bug] Address unchecked isc_mem_get calls. [RT #41187]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater4264. [bug] Check const of strchr/strrchr assignments match
7fdbd6fc9df8728852ccaecb2d66241ab96a4084Tinderbox User argument's const status. [RT #41150]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater4263. [contrib] Address compiler warnings in mysqldyn module.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater4262. [bug] Fixed a bug in epoll socket code that caused
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater sockets to not be registered for ready
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater notification in some cases, causing named to not
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater read from or write to them, resulting in what
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater appear to the user as blocked connections.
4104e236f71eb5108fcfda6711878a97f6f4a8e7Automatic Updater4261. [maint] H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater4260. [security] Insufficient testing when parsing a message allowed
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater records with an incorrect class to be be accepted,
28a5dd720187fddb16055a0f64b63a7b66f29f64Mark Andrews triggering a REQUIRE failure when those records
28a5dd720187fddb16055a0f64b63a7b66f29f64Mark Andrews were subsequently cached. (CVE-2015-8000) [RT #40987]
4aec4843241dca64de7eb6363944df0b09cb83ecTinderbox User4259. [func] Add an option for non-destructive control channel
8e9f3b69914ee02a80b87c97b1f8093edb3e9ae0Automatic Updater access using a "read-only" clause. In such
8e9f3b69914ee02a80b87c97b1f8093edb3e9ae0Automatic Updater cases, a restricted set of rndc commands are
664917bedafa65dee4349c84324a31731aa1e228Francis Dupont allowed for querying information from named.
7fdbd6fc9df8728852ccaecb2d66241ab96a4084Tinderbox User4258. [bug] Limit rndc query message sizes to 32 KiB. This should
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User not break any legitimate rndc commands, but will
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User prevent a rogue rndc query from allocating too
50fa300826799727204b93cbe63bebc341c5eadeTinderbox User much memory. [RT #41073]
e97ad980e88f16c50e8fcd571a4f51121672e477Tinderbox User4257. [cleanup] Python scripts reported incorrect version. [RT #41080]
4aec4843241dca64de7eb6363944df0b09cb83ecTinderbox User4256. [bug] Allow rndc command arguments to be quoted so as
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to allow spaces. [RT #36665]
e20309353e6246485c521278131d3fced73d7957Tinderbox User4255. [performance] Add 'message-compression' option to disable DNS
e20309353e6246485c521278131d3fced73d7957Tinderbox User compression in responses. [RT #40726]
39cad8fb7d7ff3436bb24ce761354afcb80d295aMark Andrews4254. [bug] Address missing lock when getting zone's serial.
39cad8fb7d7ff3436bb24ce761354afcb80d295aMark Andrews4253. [security] Address fetch context reference count handling error
39cad8fb7d7ff3436bb24ce761354afcb80d295aMark Andrews on socket error. (CVE-2015-8461) [RT#40945]
76fbdc591b3d46df28878a6ff844798622b85265Tinderbox User4252. [func] Add support for automating the generation CDS and
4aec4843241dca64de7eb6363944df0b09cb83ecTinderbox User CDNSKEY rrsets to named and dnssec-signzone.
1921b850640ae984448e8b87870c8527fa9cddb6Evan Hunt4251. [bug] NTAs were deleted when the server was reconfigured
1921b850640ae984448e8b87870c8527fa9cddb6Evan Hunt or reloaded. [RT #41058]
1921b850640ae984448e8b87870c8527fa9cddb6Evan Hunt4250. [func] Log the TSIG key in use during inbound zone
1921b850640ae984448e8b87870c8527fa9cddb6Evan Hunt transfers. [RT #41075]
1921b850640ae984448e8b87870c8527fa9cddb6Evan Hunt4249. [func] Improve error reporting of TSIG / SIG(0) records in
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User the wrong location. [RT #41030]
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews4248. [performance] Add an isc_atomic_storeq() function, use it in
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews stats counters to improve performance.
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews [RT #39972] [RT #39979]
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews4247. [port] Require both HAVE_JSON and JSON_C_VERSION to be
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews defined to report json library version. [RT #41045]
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews4246. [test] Ensure the statschannel system test runs when BIND
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews is not built with libjson. [RT #40944]
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews4245. [placeholder]
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews4244. [bug] The parser was not reporting that use-ixfr is obsolete.
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews4243. [func] Improved stats reporting from Timothe Litt. [RT #38941]
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews4242. [bug] Replace the client if not already replaced when
3040b455151b1e1173193933664b2891b6159f24Mark Andrews prefetching. [RT #41001]
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User4241. [doc] Improved the TSIG, TKEY, and SIG(0) sections in
3040b455151b1e1173193933664b2891b6159f24Mark Andrews the ARM. [RT #40955]
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User4240. [port] Fix LibreSSL compatibility. [RT #40977]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4239. [func] Changed default servfail-ttl value to 1 second from 10.
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User Also, the maximum value is now 30 instead of 300.
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4238. [bug] Don't send to servers on net zero (0.0.0.0/8).
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews4237. [doc] Upgraded documentation toolchain to use DocBook 5
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews and dblatex. [RT #40766]
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews4236. [performance] On machines with 2 or more processors (CPU), the
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews default value for the number of UDP listeners
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews has been changed to the number of detected
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews processors minus one. [RT #40761]
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews4235. [func] Added support in named for "dnstap", a fast method of
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews capturing and logging DNS traffic, and a new command
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews "dnstap-read" to read a dnstap log file. Use
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews "configure --enable-dnstap" to enable this
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews feature (note that this requires libprotobuf-c
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews and libfstrm). See the ARM for configuration details.
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews Thanks to Robert Edmonds of Farsight Security.
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews4234. [func] Add deflate compression in statistics channel HTTP
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews server. [RT #40861]
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews4233. [test] Add tests for CDS and CDNSKEY with delegation-only.
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User4232. [contrib] Address unchecked memory allocation calls in
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User query-loc and zone2ldap. [RT #40789]
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User4231. [contrib] Address unchecked calloc call in dlz_mysqldyn_mod.c.
0a2ff769ecd0b5a6bda54b62bc1ec5fa6fd198a0Tinderbox User4230. [contrib] dlz_wildcard_dynamic.c:dlz_create could return a
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User uninitialized result. [RT #40839]
182bfea3ae9912f6d5e2f4fe3e13737719e06f97Tinderbox User4229. [bug] A variable could be used uninitialized in
09ee43766e232bd04066445db114c2703dd02bf8Tinderbox User dns_update_signaturesinc. [RT #40784]
08190bd4d89153cee463b34f9233ad6dd88965fcMark Andrews4228. [bug] Address race condition in dns_client_destroyrestrans.
08190bd4d89153cee463b34f9233ad6dd88965fcMark Andrews4227. [bug] Silence static analysis warnings. [RT #40828]
08190bd4d89153cee463b34f9233ad6dd88965fcMark Andrews4226. [bug] Address a theoretical shutdown race in
af60449fe472b8bea5ad04bf538c777c6b151112Tinderbox User zone.c:notify_send_queue(). [RT #38958]
51374c645c0e6dd77c369c13834c751785f96f14Tinderbox User4225. [port] freebsd/openbsd: Use '${CC} -shared' for building
51374c645c0e6dd77c369c13834c751785f96f14Tinderbox User shared libraries. [RT #39557]
51374c645c0e6dd77c369c13834c751785f96f14Tinderbox User4224. [func] Added support for "dyndb", a new interface for loading
51374c645c0e6dd77c369c13834c751785f96f14Tinderbox User zone data from an external database, developed by
51374c645c0e6dd77c369c13834c751785f96f14Tinderbox User Red Hat for the FreeIPA project.
51374c645c0e6dd77c369c13834c751785f96f14Tinderbox User DynDB drivers fully implement the BIND database
51374c645c0e6dd77c369c13834c751785f96f14Tinderbox User API, and are capable of significantly better
51374c645c0e6dd77c369c13834c751785f96f14Tinderbox User performance and functionality than DLZ drivers,
51374c645c0e6dd77c369c13834c751785f96f14Tinderbox User while taking advantage of advanced database
51374c645c0e6dd77c369c13834c751785f96f14Tinderbox User features not available in BIND such as multi-master
3040b455151b1e1173193933664b2891b6159f24Mark Andrews Thanks to Adam Tkac and Petr Spacek of Red Hat.
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews4223. [func] Add support for setting max-cache-size to percentage
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews of available physical memory, set default to 90%.
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews4222. [func] Bias IPv6 servers when selecting the next server to
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews query. [RT #40836]
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews4221. [bug] Resource leak on DNS_R_NXDOMAIN in fctx_create.
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews4220. [doc] Improve documentation for zone-statistics.
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User4219. [bug] Set event->result to ISC_R_WOULDBLOCK on EWOULDBLOCK,
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User EGAIN when these soft error are not retried for
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater isc_socket_send*().
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater4218. [bug] Potential null pointer dereference on out of memory
f09f1bf18e3ad40a0e8a6cc3dabf1c11f04992cbMark Andrews if mmap is not supported. [RT #40777]
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews4217. [protocol] Add support for CSYNC. [RT #40532]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User4216. [cleanup] Silence static analysis warnings. [RT #40649]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User4215. [bug] nsupdate: skip to next request on GSSTKEY create
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User failure. [RT #40685]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User4214. [protocol] Add support for TALINK. [RT #40544]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4213. [bug] Don't reuse a cache across multiple classes.
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater4212. [func] Re-query if we get a bad client cookie returned over
3040b455151b1e1173193933664b2891b6159f24Mark Andrews UDP. [RT #40748]
4c6bae917bec70e1fc4d1b761a9765075af78441Tinderbox User4211. [bug] Ensure that lwresd gets at least one task to work
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User with if enabled. [RT #40652]
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews4210. [cleanup] Silence use after free false positive. [RT #40743]
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews4209. [bug] Address resource leaks in dlz modules. [RT #40654]
ecbc7ebb243a1f8a5dc6f28185ffe9e61d3b2102Mark Andrews4208. [bug] Address null pointer dereferences on out of memory.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4207. [bug] Handle class mismatches with raw zone files.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4206. [bug] contrib: fixed a possible NULL dereference in
169f44b082b340b952e26c0fdb930c102a957752Mark Andrews DLZ wildcard module. [RT #40745]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4205. [bug] 'named-checkconf -p' could include unwanted spaces
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater when printing tuples with unset optional fields.
e007e3e5b0316c6c05698a71101885743aca22bdAutomatic Updater4204. [bug] 'dig +trace' failed to lookup the correct type if
e007e3e5b0316c6c05698a71101885743aca22bdAutomatic Updater the initial root NS query was retried. [RT #40296]
e5a6871cd0635ecdb2bf792316a2d8c53206f4b2Tinderbox User4203. [test] The rrchecker system test now tests conversion
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews to and from unknown-type format. [RT #40584]
3e9c07abfd4ad76b1f8085f0f96f5646f2d9e219Tinderbox User4202. [bug] isccc_cc_fromwire() could return an incorrect
1a63fb1d1448ed3f8fd7227ae57be67c2e71279eMark Andrews result. [RT #40614]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews4201. [func] The default preferred-glue is now the address record
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews type of the transport the query was received
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews over. [RT #40468]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews4200. [cleanup] win32: update BINDinstall to be BIND release
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews independent. [RT #38915]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews4199. [protocol] Add support for NINFO, RKEY, SINK, TA.
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews [RT #40545] [RT #40547] [RT #40561] [RT #40563]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews4198. [placeholder]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews4197. [bug] 'named-checkconf -z' didn't handle 'in-view' clauses.
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews4196. [doc] Improve how "enum + other" types are documented.
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews4195. [bug] 'max-zone-ttl unlimited;' was broken. [RT #40608]
3a26bfc09c833a8dc4d4c12b7cd271ed6d0843cbTinderbox User4194. [bug] named-checkconf -p failed to properly print a port
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews range. [RT #40634]
1a63fb1d1448ed3f8fd7227ae57be67c2e71279eMark Andrews4193. [bug] Handle broken servers that return BADVERS incorrectly.
1a63fb1d1448ed3f8fd7227ae57be67c2e71279eMark Andrews4192. [bug] The default rrset-order of random was not always being
7019b0441a234153dde155622c405960b0d35946Tinderbox User applied. [RT #40456]
2a3eef7f65270e3f9a954573d866b368b7857584Tinderbox User4191. [protocol] Accept DNS-SD non LDH PTR records in reverse zones
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews as per RFC 6763. [RT #37889]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews4190. [protocol] Accept Active Directory gc._msdcs.<forest> name as
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews valid with check-names. <forest> still needs to be
2a3eef7f65270e3f9a954573d866b368b7857584Tinderbox User LDH. [RT #40399]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews4189. [cleanup] Don't exit on overly long tokens in named.conf.
95de440e8d2b07bb130505b4146059e5734e2eeaTinderbox User4188. [bug] Support HTTP/1.0 client properly on the statistics
9e898948ed76bf5f175bf178866c90c449843c3eTinderbox User channel. [RT #40261]
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User4187. [func] When any RR type implementation doesn't
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington implement totext() for the RDATA's wire
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington representation and returns ISC_R_NOTIMPLEMENTED,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater such RDATA is now printed in unknown
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater presentation format (RFC 3597). RR types affected
bbf7c3fd96ae5e02cb84743c581862e35327032aAutomatic Updater include LOC(29) and APL(42). [RT #40317].
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4186. [bug] Fixed an RPZ bug where a QNAME would be matched
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater against a policy RR with wildcard owner name
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User (trigger) where the QNAME was the wildcard owner
fa0326cc2cf428f67575b6ba3b97b528a31b0010Tinderbox User name's parent. For example, the bug caused a query
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington with QNAME "example.com" to match a policy RR with
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews "*.example.com" as trigger. [RT #40357]
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater4185. [bug] Fixed an RPZ bug where a policy RR with wildcard
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater owner name (trigger) would prevent another policy RR
3040b455151b1e1173193933664b2891b6159f24Mark Andrews with its parent owner name from being
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater loaded. For example, the bug caused a policy RR
61932ed91732417e05c8c6fd335acf1be896c778Mark Andrews with trigger "example.com" to not have any
3040b455151b1e1173193933664b2891b6159f24Mark Andrews effect when a previous policy RR with trigger
e80c7005e3d59dfeb04dad186d36f3c15622954cTinderbox User "*.example.com" existed in that RPZ zone.
0e91f17da8a29086876a88962e0a3482094b6057Evan Hunt4184. [bug] Fixed a possible memory leak in name compression
28e0061dbcc2ae45d34541267a00d8b4de5b4a41Tinderbox User when rendering long messages. (Also, improved
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic Updater wire_test for testing such messages.) [RT #40375]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4183. [cleanup] Use timing-safe memory comparisons in cryptographic
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic Updater code. Also, the timing-safe comparison functions have
11b6b0d74bb8dd6bd1ce0b60ba7f9b66323f06d4Tinderbox User been renamed to avoid possible confusion with
08d53af7d51409036462fa80fb1bde7a8c2ac123Automatic Updater memcmp(). Thanks to Loganaden Velvindron of
08d53af7d51409036462fa80fb1bde7a8c2ac123Automatic Updater AFRINIC. [RT #40148]
ec7751119a08c6a7250f3187beed69a8b836d349Tinderbox User4182. [cleanup] Use mnemonics for RR class and type comparisons.
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic Updater4181. [bug] Queued notify messages could be dequeued from the
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic Updater wrong rate limiter queue. [RT #40350]
07d9d0dbcc0c79deb3c34f4a8af05ac68a6800e4Mark Andrews4180. [bug] Error responses in pipelined queries could
a66012b52c20200f118781463db4e4ee44454298Automatic Updater cause a crash in client.c. [RT #40289]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4179. [bug] Fix double frees in getaddrinfo() in libirs.
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User4178. [bug] Fix assertion failure in parsing UNSPEC(103) RR from
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User text. [RT #40274]
2fd1e3918971180155c10d09454a277f015daecaAutomatic Updater4177. [bug] Fix assertion failure in parsing NSAP records from
2fd1e3918971180155c10d09454a277f015daecaAutomatic Updater text. [RT #40285]
18920d790825d96ca3943aa2dcb6eb80dc611c5fTinderbox User4176. [bug] Address race issues with lwresd. [RT #40284]
2fd1e3918971180155c10d09454a277f015daecaAutomatic Updater4175. [bug] TKEY with GSS-API keys needed bigger buffers.
18920d790825d96ca3943aa2dcb6eb80dc611c5fTinderbox User4174. [bug] "dnssec-coverage -r" didn't handle time unit
18920d790825d96ca3943aa2dcb6eb80dc611c5fTinderbox User suffixes correctly. [RT #38444]
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User4173. [bug] dig +sigchase was not properly matching the trusted
f0877b0237674d0519006ca7f8436e5f92250d30Mark Andrews key. [RT #40188]
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User4172. [bug] Named / named-checkconf didn't handle a view of CLASS0.
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User4171. [bug] Fixed incorrect class checks in TSIG RR
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User implementation. [RT #40287]
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User4170. [security] An incorrect boundary check in the OPENPGPKEY
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User rdatatype could trigger an assertion failure.
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User (CVE-2015-5986) [RT #40286]
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User4169. [test] Added a 'wire_test -d' option to read input as
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User raw binary data, for use as a fuzzing harness.
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User4168. [security] A buffer accounting error could trigger an
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User assertion failure when parsing certain malformed
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User DNSSEC keys. (CVE-2015-5722) [RT #40212]
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User4167. [func] Update rndc's usage output to include recently added
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User commands. Thanks to Tony Finch for submitting a
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User patch. [RT #40010]
fdd0516065be2316409d0cc7dfb4e4f54eadc5afMark Andrews4166. [func] Print informative output from rndc showzone when
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User allow-new-zones is not enabled for a view. Thanks to
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User Tony Finch for submitting a patch. [RT #40009]
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User4165. [security] A failure to reset a value to NULL in tkey.c could
f0877b0237674d0519006ca7f8436e5f92250d30Mark Andrews result in an assertion failure. (CVE-2015-5477)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4164. [bug] Don't rename slave files and journals on out of memory.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4163. [bug] Address compiler warnings. [RT #40024]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4162. [bug] httpdmgr->flags was not being initialized. [RT #40017]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4161. [test] Add JSON test for traffic size stats; also test
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User for consistency between "rndc stats" and the XML
7c8e44a2dc1121dbe3b615c9c934f37fb1741bb9Tinderbox User and JSON statistics channel contents. [RT #38700]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User4160. [placeholder]
c2abd6efeb9affa70aabb63da2acb23e135cf7f2Mark Andrews4159. [cleanup] Alphabetize dig's help output. [RT #39966]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User4158. [placeholder]
9e898948ed76bf5f175bf178866c90c449843c3eTinderbox User4157. [placeholder]
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User4156. [func] Added statistics counters to track the sizes
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User of incoming queries and outgoing responses in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater histogram buckets, as specified in RSSAC002.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4155. [func] Allow RPZ rewrite logging to be configured on a
e062b72f783cdb436a1a57a630bdff471dbb3038Mark Andrews per-zone basis using a newly introduced log clause in
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater the response-policy option. [RT #39754]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4154. [bug] A OPT record should be included with the FORMERR
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater response when there is a malformed EDNS option.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User4153. [bug] Dig should zero non significant +subnet bits. Check
4ba21f60009e18c5950d18546a127e70be537effMark Andrews that non significant ECS bits are zero on receipt.
cc17f4a672fc4ce67327902dd797c4465f12c4c9Mark Andrews4152. [func] Implement DNS COOKIE option. This replaces the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater experimental SIT option of BIND 9.10. The following
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater named.conf directives are available: send-cookie,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater cookie-secret, cookie-algorithm, nocookie-udp-size
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and require-server-cookie. The following dig options
2cdbfcdad94eba75f3f8e77343a0eefabf553b8eAutomatic Updater are available: +[no]cookie[=value] and +[no]badcookie.
c855e7170a7ddb5d4ebab69a771f35dc93e95e43Mark Andrews4151. [bug] 'rndc flush' could cause a deadlock. [RT #39835]
c855e7170a7ddb5d4ebab69a771f35dc93e95e43Mark Andrews4150. [bug] win32: listen-on-v6 { any; }; was not working. Apply
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User minimal fix. [RT #39667]
7fdbd6fc9df8728852ccaecb2d66241ab96a4084Tinderbox User4149. [bug] Fixed a race condition in the getaddrinfo()
52cfbde0bd391cfb37e3c1a1b460c16ba6bf1a73Automatic Updater implementation in libirs, which caused the delv
4fda24d843edac463c98785ec0c850d912592dc1Tinderbox User utility to crash with an assertion failure when using
5f7586ddbd3edd11272cdd30ed613d936129328bTinderbox User the '@server' syntax with a hostname argument.
27c3c21f41520e8d6336d80a8094389e321cb6d2Mark Andrews4148. [bug] Fix a bug when printing zone names with '/' character
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt in XML and JSON statistics output. [RT #39873]
4fda24d843edac463c98785ec0c850d912592dc1Tinderbox User4147. [bug] Filter-aaaa / filter-aaaa-on-v4 / filter-aaaa-on-v6
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater was returning referrals rather than nodata responses
3040b455151b1e1173193933664b2891b6159f24Mark Andrews when the AAAA records were filtered. [RT #39843]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews4146. [bug] Address reference leak that could prevent a clean
3040b455151b1e1173193933664b2891b6159f24Mark Andrews shutdown. [RT #37125]
4aec4843241dca64de7eb6363944df0b09cb83ecTinderbox User4145. [bug] Not all unassociated adb entries where being printed.
4aec4843241dca64de7eb6363944df0b09cb83ecTinderbox User4144. [func] Add statistics counters for nxdomain redirections.
4aec4843241dca64de7eb6363944df0b09cb83ecTinderbox User4143. [placeholder]
4aec4843241dca64de7eb6363944df0b09cb83ecTinderbox User4142. [bug] rndc addzone with view specified saved NZF config
4aec4843241dca64de7eb6363944df0b09cb83ecTinderbox User that could not be read back by named. This has now
3b9123da1962e9e8240b4d99463d8dcd131b79bdTinderbox User been fixed. [RT #39845]
4aec4843241dca64de7eb6363944df0b09cb83ecTinderbox User4141. [bug] A formatting bug caused rndc zonestatus to print
1404d301dd9e7e487a247b803f63909cd10cdf72Tinderbox User negative numbers for large serial values. This has
1404d301dd9e7e487a247b803f63909cd10cdf72Tinderbox User now been fixed. [RT #39854]
1404d301dd9e7e487a247b803f63909cd10cdf72Tinderbox User4140. [cleanup] Remove redundant nzf_remove() call during delzone.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4139. [doc] Fix rpz-client-ip documentation. [RT #39783]
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater4138. [security] An uninitialized value in validator.c could result
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater in an assertion failure. (CVE-2015-4620) [RT #39795]
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater4137. [bug] Make rndc reconfig report configuration errors the
11b6b0d74bb8dd6bd1ce0b60ba7f9b66323f06d4Tinderbox User same way rndc reload does. [RT #39635]
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater4136. [bug] Stale statistics counters with the leading
b577ce9ed2153db6539fb975b4a7aa16d9b3baeeTinderbox User '#' prefix (such as #NXDOMAIN) were not being
b577ce9ed2153db6539fb975b4a7aa16d9b3baeeTinderbox User updated correctly. This has been fixed. [RT #39141]
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User4135. [cleanup] Log expired NTA at startup. [RT #39680]
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User4134. [cleanup] Include client-ip rules when logging the number
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User of RPZ rules of each type. [RT #39670]
ac2ad7b4e4e41e7e788dbe103c581f1605209d3bTinderbox User4133. [port] Update how various json libraries are handled.
12ee3c02ab36d7e7430bd705cc289db1a69a5733Mark Andrews4132. [cleanup] dig: added +rd as a synonym for +recurse,
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater added +class as an unabbreviated alternative
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews to +cl. [RT #39686]
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater4131. [bug] Addressed further problems with reloading RPZ
8aa098c6334de11c8fd117d30851cc457813c410Mark Andrews zones. [RT #39649]
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews4130. [bug] The compatibility shim for *printf() misprinted some
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews large numbers. [RT #39586]
cd839f5cf5f84cf163f55ff05cb88ce37efd24d1Automatic Updater4129. [port] Address API changes in OpenSSL 1.1.0. [RT #39532]
cd839f5cf5f84cf163f55ff05cb88ce37efd24d1Automatic Updater4128. [bug] Address issues raised by Coverity 7.6. [RT #39537]
76fbdc591b3d46df28878a6ff844798622b85265Tinderbox User4127. [protocol] CDS and CDNSKEY need to be signed by the key signing
3040b455151b1e1173193933664b2891b6159f24Mark Andrews key as per RFC 7344, Section 4.1. [RT #37215]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User4126. [bug] Addressed a regression introduced in change #4121.
fd8fb4df8499e292daeac765f599ac7c507d9ca3Mark Andrews4125. [test] Added tests for dig, renamed delv test to digdelv.
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater4124. [func] Log errors or warnings encountered when parsing the
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater internal default configuration. Clarify the logging
3040b455151b1e1173193933664b2891b6159f24Mark Andrews of errors and warnings encountered in rndc
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater addzone or modzone parameters. [RT #39440]
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater4123. [port] Added %z (size_t) format options to the portable
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater internal printf/sprintf implementation. [RT #39586]
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater4122. [bug] The server could match a shorter prefix than what was
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater available in CLIENT-IP policy triggers, and so, an
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater unexpected action could be taken. This has been
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater corrected. [RT #39481]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4121. [bug] On servers with one or more policy zones
cb40461f8744c5aeb369b84d5f48395a13a221a0Mark Andrews configured as slaves, if a policy zone updated
7c8e44a2dc1121dbe3b615c9c934f37fb1741bb9Tinderbox User during regular operation (rather than at
bac4435d473c9a0281507524f084480c34aa942aTinderbox User startup) using a full zone reload, such as via
bac4435d473c9a0281507524f084480c34aa942aTinderbox User AXFR, a bug could allow the RPZ summary data to
bac4435d473c9a0281507524f084480c34aa942aTinderbox User fall out of sync, potentially leading to an
bac4435d473c9a0281507524f084480c34aa942aTinderbox User assertion failure in rpz.c when further
bac4435d473c9a0281507524f084480c34aa942aTinderbox User incremental updates were made to the zone, such
bac4435d473c9a0281507524f084480c34aa942aTinderbox User as via IXFR. [RT #39567]
bac4435d473c9a0281507524f084480c34aa942aTinderbox User4120. [bug] A bug in RPZ could cause the server to crash if
bac4435d473c9a0281507524f084480c34aa942aTinderbox User policy zones were updated while recursion was
bac4435d473c9a0281507524f084480c34aa942aTinderbox User pending for RPZ processing of an active query.
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4119. [test] Allow dig to set the message opcode. [RT #39550]
bac4435d473c9a0281507524f084480c34aa942aTinderbox User4118. [bug] Teach isc-config.sh about irs. [RT #39213]
bac4435d473c9a0281507524f084480c34aa942aTinderbox User4117. [protocol] Add EMPTY.AS112.ARPA as per RFC 7534.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews4116. [bug] Fix a bug in RPZ that could cause some policy
45c349c278fd83acd4dcb91eec3482401a623e47Automatic Updater zones that did not specifically require
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews recursion to be treated as if they did;
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews consequently, setting qname-wait-recurse no; was
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews sometimes ineffective. [RT #39229]
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews4115. [func] "rndc -r" now prints the result code (e.g.,
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews ISC_R_SUCCESS, ISC_R_TIMEOUT, etc) after
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews running the requested command. [RT #38913]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews4114. [bug] Fix a regression in radix tree implementation
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews introduced by ECS code. This bug was never
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews released, but it was reported by a user testing
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews master. [RT #38983]
7c112f7d8f632412901d9f3c4445eb0db6db95feTinderbox User4113. [test] Check for Net::DNS is some system test
28e0061dbcc2ae45d34541267a00d8b4de5b4a41Tinderbox User prerequisites. [RT #39369]
9692d283bb43c9eab49a7fadfc1b74a6e20e6151Tinderbox User4112. [bug] Named failed to load when "root-delegation-only"
7c112f7d8f632412901d9f3c4445eb0db6db95feTinderbox User was used without a list of domains to exclude.
7c112f7d8f632412901d9f3c4445eb0db6db95feTinderbox User4111. [doc] Alphabetize rndc man page. [RT #39360]
7c112f7d8f632412901d9f3c4445eb0db6db95feTinderbox User4110. [bug] Address memory leaks / null pointer dereferences
7c112f7d8f632412901d9f3c4445eb0db6db95feTinderbox User on out of memory. [RT #39310]
7c112f7d8f632412901d9f3c4445eb0db6db95feTinderbox User4109. [port] linux: support reading the local port range from
28e0061dbcc2ae45d34541267a00d8b4de5b4a41Tinderbox User4108. [func] An additional NXDOMAIN redirect method (option
c218e22e3e6cbd409b61a14f1480b5ce5c70bfc1Tinderbox User "nxdomain-redirect") has been added, allowing
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater redirection to a specified DNS namespace instead
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater of a single redirect zone. [RT #37989]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater4107. [bug] Address potential deadlock when updating zone content.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater4106. [port] Improve readline support. [RT #38938]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater4105. [port] Misc fixes for Microsoft Visual Studio
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater 2015 CTP6 in 64 bit mode. [RT #39308]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4104. [bug] Address uninitialized elements. [RT #39252]
560d6da48f066000541dd43f5d407644dee12bebTinderbox User4103. [port] Misc fixes for Microsoft Visual Studio
9bc394fffdd50f6e47614b2d317da7274122366fTinderbox User 2015 CTP6. [RT #39267]
c218e22e3e6cbd409b61a14f1480b5ce5c70bfc1Tinderbox User4102. [bug] Fix a use after free bug introduced in change
c218e22e3e6cbd409b61a14f1480b5ce5c70bfc1Tinderbox User #4094. [RT #39281]
c218e22e3e6cbd409b61a14f1480b5ce5c70bfc1Tinderbox User4101. [bug] dig: the +split and +rrcomments options didn't
c218e22e3e6cbd409b61a14f1480b5ce5c70bfc1Tinderbox User work with +short. [RT #39291]
c218e22e3e6cbd409b61a14f1480b5ce5c70bfc1Tinderbox User4100. [bug] Inherited owernames on the line immediately following
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt a $INCLUDE were not working. [RT #39268]
c218e22e3e6cbd409b61a14f1480b5ce5c70bfc1Tinderbox User4099. [port] clang: make unknown commandline options hard errors
2c1632c71e2f4d8afa35efce3080b31602a6608cTinderbox User when determining what options are supported.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User4098. [bug] Address use-after-free issue when using a
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User predecessor key with dnssec-settime. [RT #39272]
1efe84be7849c5327001ad7dbad93d92c66c1389Mark Andrews4097. [func] Add additional logging about xfrin transfer status.
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater4096. [bug] Fix a use after free of query->sendevent.
a6e1f63f50af688610ebd2521ba7f028767b51f3Mark Andrews4095. [bug] zone->options2 was not being properly initialized.
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User4094. [bug] A race during shutdown or reconfiguration could
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater cause an assertion in mem.c. [RT #38979]
9e295ad801d5c986eb6c7745637b5dc0efb28711Tinderbox User4093. [func] Dig now learns the SIT value from truncated
2cdbfcdad94eba75f3f8e77343a0eefabf553b8eAutomatic Updater responses when it retries over TCP. [RT #39047]
9e295ad801d5c986eb6c7745637b5dc0efb28711Tinderbox User4092. [bug] 'in-view' didn't work for zones beneath a empty zone.
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater4091. [cleanup] Some cleanups in isc mem code. [RT #38896]
2c1632c71e2f4d8afa35efce3080b31602a6608cTinderbox User4090. [bug] Fix a crash while parsing malformed CAA RRs in
2c1632c71e2f4d8afa35efce3080b31602a6608cTinderbox User presentation format, i.e., from text such as
4d813066e967a36c407ee641155ada0c614d4dc6Automatic Updater from master files. Thanks to John Van de
c849f7acb025c73f56a8e28902a473f2aeaba39fTinderbox User Meulebrouck Brendgard for discovering and
2c1632c71e2f4d8afa35efce3080b31602a6608cTinderbox User reporting this problem. [RT #39003]
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User4089. [bug] Send notifies immediately for slave zones during
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User startup. [RT #38843]
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater4088. [port] Fixed errors when building with libressl. [RT #38899]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4087. [bug] Fix a crash due to use-after-free due to sequencing
cb40461f8744c5aeb369b84d5f48395a13a221a0Mark Andrews of tasks actions. [RT #38495]
850cfa4e86da9f63c1b97ec8c743c091ffd3546bFrancis Dupont4086. [bug] Fix out-of-srcdir build with native pkcs11. [RT #38831]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont4085. [bug] ISC_PLATFORM_HAVEXADDQ could be inconsistently set.
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User4084. [bug] Fix a possible race in updating stats counters.
862cad747c24bc3e608f31cde1d7eddb2409a316Tinderbox User4083. [cleanup] Print the number of CPUs and UDP listeners
3040b455151b1e1173193933664b2891b6159f24Mark Andrews consistently in the log and in "rndc status"
f0c5e918974bf778af6cd1e25309ad13e30a79a6Tinderbox User output; indicate whether threads are supported
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User in "named -V" output. [RT #38811]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4082. [bug] Incrementally sign large inline zone deltas.
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759]
e8e87ede5c36b95806c77bcd34894ad9c4b39a78Tinderbox User4080. [func] Completed change #4022, adding a "lock-file" option
e8e87ede5c36b95806c77bcd34894ad9c4b39a78Tinderbox User to named.conf to override the default lock file,
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews in addition to the "named -X <filename>" command
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews line option. Setting the lock file to "none"
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews using either method disables the check completely.
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews4079. [func] Preserve the case of the owner name of records to
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews the RRset level. [RT #37442]
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews4078. [bug] Handle the case where CMSG_SPACE(sizeof(int)) !=
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews CMSG_SPACE(sizeof(char)). [RT #38621]
eac5382be368b43df62e4ac32075131fb4997f03Tinderbox User4077. [test] Add static-stub regression test for DS NXDOMAIN
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews return making the static stub disappear. [RT #38564]
eac5382be368b43df62e4ac32075131fb4997f03Tinderbox User4076. [bug] Named could crash on shutdown with outstanding
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews reload / reconfig events. [RT #38622]
536da846f6cc03ad8abbb8bb9d5d8a6f607b8c33Mark Andrews4075. [placeholder]
ac5ed748602c890d596bed07b0b23b8b5f42b2f6Mark Andrews4074. [cleanup] Cleaned up more warnings from gcc -Wshadow. [RT #38708]
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews4073. [cleanup] Add libjson-c version number reporting to
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews "named -V"; normalize version number formatting.
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews4072. [func] Add a --enable-querytrace configure switch for
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews very verbose query trace logging. (This option
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews has a negative performance impact and should be
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews used only for debugging.) [RT #37520]
d98b4b724343547314bde32a54966c8f124a5f03Mark Andrews4071. [cleanup] Initialize pthread mutex attrs just once, instead of
d56349eff4a1ebb8f4370df5a8a507f1a8ecd0dfMark Andrews doing it per mutex creation. [RT #38547]
d56349eff4a1ebb8f4370df5a8a507f1a8ecd0dfMark Andrews4070. [bug] Fix a segfault in nslookup in a query such as
cb40461f8744c5aeb369b84d5f48395a13a221a0Mark Andrews4069. [doc] Reorganize options in the nsupdate man page.
5a6d22a5b3b014f6dd0b36999864bd2c3e0d8465Mark Andrews4068. [bug] Omit unknown serial number from JSON zone statistics.
0d13a9584b9f97693ab22d54322f1c484d578701Mark Andrews4067. [cleanup] Reduce noise from RRL when query logging is
0d13a9584b9f97693ab22d54322f1c484d578701Mark Andrews disabled. [RT #38648]
ecbc7ebb243a1f8a5dc6f28185ffe9e61d3b2102Mark Andrews4066. [doc] Reorganize options in the dig man page. [RT #38516]
5a6d22a5b3b014f6dd0b36999864bd2c3e0d8465Mark Andrews4065. [test] Additional RFC 5011 tests. [RT #38569]
5a6d22a5b3b014f6dd0b36999864bd2c3e0d8465Mark Andrews4064. [contrib] dnssec-keyset.sh: Generates a specified number
5a6d22a5b3b014f6dd0b36999864bd2c3e0d8465Mark Andrews of DNSSEC keys with timing set to implement a
0d13a9584b9f97693ab22d54322f1c484d578701Mark Andrews pre-publication key rollover strategy. Thanks
d56349eff4a1ebb8f4370df5a8a507f1a8ecd0dfMark Andrews to Jeffry A. Spain. [RT #38459]
ecbc7ebb243a1f8a5dc6f28185ffe9e61d3b2102Mark Andrews4063. [bug] Asynchronous zone loads were not handled
5a6d22a5b3b014f6dd0b36999864bd2c3e0d8465Mark Andrews correctly when the zone load was already in
5a6d22a5b3b014f6dd0b36999864bd2c3e0d8465Mark Andrews progress; this could trigger a crash in zt.c.
d56349eff4a1ebb8f4370df5a8a507f1a8ecd0dfMark Andrews4062. [bug] Fix an out-of-bounds read in RPZ code. If the
d56349eff4a1ebb8f4370df5a8a507f1a8ecd0dfMark Andrews read succeeded, it doesn't result in a bug
d56349eff4a1ebb8f4370df5a8a507f1a8ecd0dfMark Andrews during operation. If the read failed, named
d56349eff4a1ebb8f4370df5a8a507f1a8ecd0dfMark Andrews could segfault. [RT #38559]
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews4061. [bug] Handle timeout in legacy system test. [RT #38573]
6284b9b877d2205240dce1cf7f88d4dca888e44aTinderbox User4060. [bug] dns_rdata_freestruct could be called on a
e5a6871cd0635ecdb2bf792316a2d8c53206f4b2Tinderbox User uninitialized structure when handling a error.
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews4059. [bug] Addressed valgrind warnings. [RT #38549]
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews4058. [bug] UDP dispatches could use the wrong pseudorandom
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews number generator context. [RT #38578]
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews4057. [bug] 'dnssec-dsfromkey -T 0' failed to add ttl field.
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews4056. [bug] Expanded automatic testing of trust anchor
50cfe402e61ba8d816d845a9f297e3de18f4fc15Tinderbox User management and fixed several small bugs including
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews a memory leak and a possible loss of key state
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews information. [RT #38458]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews4055. [func] "rndc managed-keys" can be used to check status
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews of trust anchors or to force keys to be refreshed,
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews Also, the managed keys data file has easier-to-read
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews comments. [RT #38458]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews4054. [func] Added a new tool 'mdig', a lightweight clone of
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews dig able to send multiple pipelined queries.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews4053. [security] Revoking a managed trust anchor and supplying
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews an untrusted replacement could cause named
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews to crash with an assertion failure.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews (CVE-2015-1349) [RT #38344]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews4052. [bug] Fix a leak of query fetchlock. [RT #38454]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews4051. [bug] Fix a leak of pthread_mutexattr_t. [RT #38454]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews4050. [bug] RPZ could send spurious SERVFAILs in response
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews to duplicate queries. [RT #38510]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews4049. [bug] CDS and CDNSKEY had the wrong attributes. [RT #38491]
bbd726b86a5b0f97a192b6027958dc7b763dc48bTinderbox User4048. [bug] adb hash table was not being grown. [RT #38470]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4047. [cleanup] "named -V" now reports the current running versions
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater of OpenSSL and the libxml2 libraries, in addition to
c19bf21885cdf78b52eee017dc1189a300657995Tinderbox User the versions that were in use at build time.
3a988722ad9e209ba4064604d482dc4efe0e19ebTinderbox User4046. [bug] Accounting of "total use" in memory context
a450977e98155f6e828fe6f8d52cf24674231831Mark Andrews statistics was not correct. [RT #38370]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4045. [bug] Skip to next master on dns_request_createvia4 failure.
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews4044. [bug] Change 3955 was not complete, resulting in an assertion
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews failure if the timing was just right. [RT #38352]
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews4043. [func] "rndc modzone" can be used to modify the
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews configuration of an existing zone, using similar
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews syntax to "rndc addzone". [RT #37895]
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews4042. [bug] zone.c:iszonesecure was being called too late.
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews4041. [func] TCP sockets can now be shared while connecting.
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews (This will be used to enable client-side support
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews of pipelined queries.) [RT #38231]
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews4040. [func] Added server-side support for pipelined TCP
3040b455151b1e1173193933664b2891b6159f24Mark Andrews queries. Clients may continue sending queries via
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews TCP while previous queries are being processed
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews in parallel. (The new "keep-response-order"
3040b455151b1e1173193933664b2891b6159f24Mark Andrews option allows clients to be specified for which
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews the old behavior will still be used.) [RT #37821]
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User4039. [cleanup] Cleaned up warnings from gcc -Wshadow. [RT #37381]
f520803b46dc189fdaf84adc87ef327d3587b435Mark Andrews4038. [bug] Add 'rpz' flag to node and use it to determine whether
4ba21f60009e18c5950d18546a127e70be537effMark Andrews to call dns_rpz_delete. This should prevent unbalanced
4ba21f60009e18c5950d18546a127e70be537effMark Andrews add / delete calls. [RT #36888]
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews4037. [bug] also-notify was ignoring the tsig key when checking
f520803b46dc189fdaf84adc87ef327d3587b435Mark Andrews for duplicates resulting in some expected notify
f520803b46dc189fdaf84adc87ef327d3587b435Mark Andrews messages not being sent. [RT #38369]
9e898948ed76bf5f175bf178866c90c449843c3eTinderbox User4036. [bug] Make call to open a temporary file name safe during
8aa098c6334de11c8fd117d30851cc457813c410Mark Andrews NZF creation. [RT #38331]
8aa098c6334de11c8fd117d30851cc457813c410Mark Andrews4035. [bug] Close temporary and NZF FILE pointers before moving
8aa098c6334de11c8fd117d30851cc457813c410Mark Andrews the former into the latter's place, as required on
8aa098c6334de11c8fd117d30851cc457813c410Mark Andrews Windows. [RT #38332]
8aa098c6334de11c8fd117d30851cc457813c410Mark Andrews4034. [func] When added, negative trust anchors (NTA) are now
8aa098c6334de11c8fd117d30851cc457813c410Mark Andrews saved to files (viewname.nta), in order to
8aa098c6334de11c8fd117d30851cc457813c410Mark Andrews persist across restarts of the named server.
8aa098c6334de11c8fd117d30851cc457813c410Mark Andrews4033. [bug] Missing out of memory check in request.c:req_send.
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4032. [bug] Built-in "empty" zones did not correctly inherit the
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater "allow-transfer" ACL from the options or view.
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4031. [bug] named-checkconf -z failed to report a missing file
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User with a hint zone. [RT #38294]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4030. [func] "rndc delzone" is now applicable to zones that were
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater configured in named.conf, as well as zones that
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User were added via "rndc addzone". (Note, however, that
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews if named.conf is not also modified, the deleted zone
9a5217f827ac0e006016745e5305b31dc0c7767fTinderbox User will return when named is reloaded.) [RT #37887]
9c2cf9e2017e6dd196e3b866808f32c6206eeedcMark Andrews4029. [func] "rndc showzone" displays the current configuration
ba8b771c371967dd1254c7fa82ebe4158ee04b24Tinderbox User of a specified zone. [RT #37887]
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews4028. [bug] $GENERATE with a zero step was not being caught as a
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater error. A $GENERATE with a / but no step was not being
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater caught as a error. [RT #38262]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater4027. [port] Net::DNS 0.81 compatibility. [RT #38165]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater4026. [bug] Fix RFC 3658 reference in dig +sigchase. [RT #38173]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater4025. [port] bsdi: failed to build. [RT #38047]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater4024. [bug] dns_rdata_opt_first, dns_rdata_opt_next,
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater dns_rdata_opt_current, dns_rdata_txt_first,
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater dns_rdata_txt_next and dns_rdata_txt_current were
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater documented but not implemented. These have now been
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater dns_rdata_spf_first, dns_rdata_spf_next and
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews dns_rdata_spf_current were documented but not
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater implemented. The prototypes for these
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater functions have been removed. [RT #38068]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater4023. [bug] win32: socket handling with explicit ports and
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater invoking named with -4 was broken for some
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews configurations. [RT #38068]
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews4022. [func] Stop multiple spawns of named by limiting number of
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater processes to 1. This is done by using a lockfile and
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater checking whether we can listen on any configured
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater TCP interfaces. [RT #37908]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4021. [bug] Adjust max-recursion-queries to accommodate
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater the need for more queries when the cache is
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt empty. [RT #38104]
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews4020. [bug] Change 3736 broke nsupdate's SOA MNAME discovery
59602f2a7c4e4809941583bed3e94cd26e628f1aTinderbox User resulting in updates being sent to the wrong server.
4c6bae917bec70e1fc4d1b761a9765075af78441Tinderbox User4019. [func] If named is not configured to validate the answer
4c6bae917bec70e1fc4d1b761a9765075af78441Tinderbox User then allow fallback to plain DNS on timeout even
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User when we know the server supports EDNS. [RT #37978]
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User4018. [placeholder]
3d015b2a0aeaa8d763fc783c23f895125ca1e0b8Tinderbox User4017. [test] Add system test to check lookups to legacy servers
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User with broken DNS behavior. [RT #37965]
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User4016. [bug] Fix a dig segfault due to bad linked list usage.
5a6d22a5b3b014f6dd0b36999864bd2c3e0d8465Mark Andrews4015. [bug] Nameservers that are skipped due to them being
70d987def5a58ebeb8243017c0ec2e9b2c326cf4Evan Hunt CNAMEs were not being logged. They are now logged
3d015b2a0aeaa8d763fc783c23f895125ca1e0b8Tinderbox User to category 'cname' as per BIND 8. [RT #37935]
70d987def5a58ebeb8243017c0ec2e9b2c326cf4Evan Hunt4014. [bug] When including a master file origin_changed was
70d987def5a58ebeb8243017c0ec2e9b2c326cf4Evan Hunt not being properly set leading to a potentially
3d015b2a0aeaa8d763fc783c23f895125ca1e0b8Tinderbox User spurious 'inherited owner' warning. [RT #37919]
1bf507ca635310b340aea42d6c3e567819974a99Tinderbox User4013. [func] Add a new tcp-only option to server (config) /
3d015b2a0aeaa8d763fc783c23f895125ca1e0b8Tinderbox User peer (struct) to use TCP transport to send
3d015b2a0aeaa8d763fc783c23f895125ca1e0b8Tinderbox User queries (in place of UDP transport with a
70d987def5a58ebeb8243017c0ec2e9b2c326cf4Evan Hunt TCP fallback on truncated (TC set) response).
70d987def5a58ebeb8243017c0ec2e9b2c326cf4Evan Hunt4012. [cleanup] Check returned status of OpenSSL digest and HMAC
70d987def5a58ebeb8243017c0ec2e9b2c326cf4Evan Hunt functions when they return one. Note this applies
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User only to FIPS capable OpenSSL libraries put in
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User FIPS mode and MD5. [RT #37944]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4011. [bug] master's list port and dscp inheritance was not
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater properly implemented. [RT #37792]
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater4010. [cleanup] Clear the prefetchable state when initiating a
3a28155fe228cd6d59b15f1ca0b568be6620a9d2Tinderbox User prefetch. [RT #37399]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User4009. [func] delv: added a +tcp option. [RT #37855]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User4008. [contrib] Updated zkt to latest version (1.1.3). [RT #37886]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington4007. [doc] Remove acl forward reference restriction. [RT #37772]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater4006. [security] A flaw in delegation handling could be exploited
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to put named into an infinite loop. This has
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater been addressed by placing limits on the number
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of levels of recursion named will allow (default 7),
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and the number of iterative queries that it will
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater send (default 50) before terminating a recursive
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews query (CVE-2014-8500).
5c5c6d289db78e41f714007426a387498e15963cFrancis Dupont The recursion depth limit is configured via the
5c5c6d289db78e41f714007426a387498e15963cFrancis Dupont "max-recursion-depth" option, and the query limit
5c5c6d289db78e41f714007426a387498e15963cFrancis Dupont via the "max-recursion-queries" option. [RT #37580]
5c5c6d289db78e41f714007426a387498e15963cFrancis Dupont4005. [func] The buffer used for returning text from rndc
5c5c6d289db78e41f714007426a387498e15963cFrancis Dupont commands is now dynamically resizable, allowing
5c5c6d289db78e41f714007426a387498e15963cFrancis Dupont arbitrarily large amounts of text to be sent back
3040b455151b1e1173193933664b2891b6159f24Mark Andrews to the client. (Prior to this change, it was
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews possible for the output of "rndc tsig-list" to be
95de440e8d2b07bb130505b4146059e5734e2eeaTinderbox User truncated.) [RT #37731]
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User4004. [bug] When delegations had AAAA glue but not A, a
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont reference could be leaked causing an assertion
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont failure on shutdown. [RT #37796]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews4003. [security] When geoip-directory was reconfigured during
3040b455151b1e1173193933664b2891b6159f24Mark Andrews named run-time, the previously loaded GeoIP
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews data could remain, potentially causing wrong
3040b455151b1e1173193933664b2891b6159f24Mark Andrews ACLs to be used or wrong results to be served
3040b455151b1e1173193933664b2891b6159f24Mark Andrews based on geolocation (CVE-2014-8680). [RT #37720]
ec7751119a08c6a7250f3187beed69a8b836d349Tinderbox User4002. [security] Lookups in GeoIP databases that were not
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater loaded could cause an assertion failure
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User (CVE-2014-8680). [RT #37679]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User4001. [security] The caching of GeoIP lookups did not always
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User handle address families correctly, potentially
879391501ee0ffba072433120bf1baa4087f8899Automatic Updater resulting in an assertion failure (CVE-2014-8680).
8f536463f9fdfa7da6a8310e4f4895373beb2961Mark Andrews4000. [bug] NXDOMAIN redirection incorrectly handled NXRRSET
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User from the redirect zone. [RT #37722]
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt3999. [func] "mkeys" and "nzf" files are now named after
3040b455151b1e1173193933664b2891b6159f24Mark Andrews their corresponding views, unless the view name
3040b455151b1e1173193933664b2891b6159f24Mark Andrews contains characters that would be incompatible
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User with use in a filename (i.e., slash, backslash,
dcd42a39d311b44877161ffd1e27fa62700c0171Mark Andrews or capital letters). If a view name does contain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater these characters, the files will still be named
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater using a cryptographic hash of the view name.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Regardless of this, if a file using the old name
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater format is found to exist, it will continue to be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater used. [RT #37704]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3998. [bug] isc_radix_search was returning matches that were
3f68e9c0e5a6ce475d15eef04bfed9b08a22afa9Tinderbox User too precise. [RT #37680]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3997. [protocol] Add OPENGPGKEY record. [RT# 37671]
3f68e9c0e5a6ce475d15eef04bfed9b08a22afa9Tinderbox User3996. [bug] Address use after free on out of memory error in
3040b455151b1e1173193933664b2891b6159f24Mark Andrews keyring_add. [RT #37639]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews3995. [bug] receive_secure_serial holds the zone lock for too
c5f7f6aa6c51d35353a9485b32abbabfe8358b4eMark Andrews long. [RT #37626]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User3994. [func] Dig now supports setting the last unassigned DNS
7c8e44a2dc1121dbe3b615c9c934f37fb1741bb9Tinderbox User header flag bit (dig +zflag). [RT #37421]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3993. [func] Dig now supports EDNS negotiation by default.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (dig +[no]ednsnegotiation).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Note: This is disabled by default in BIND 9.10
22bed5c0fa8aa33ebca97235c0509db335440811Tinderbox User and enabled by default in BIND 9.11. [RT #37604]
22bed5c0fa8aa33ebca97235c0509db335440811Tinderbox User3992. [func] DiG can now send queries without questions
63654fea53d6a58a65112234bc8d0c322e0c81b5Automatic Updater (dig +header-only). [RT #37599]
22bed5c0fa8aa33ebca97235c0509db335440811Tinderbox User3991. [func] Add the ability to buffer logging output by specifying
22bed5c0fa8aa33ebca97235c0509db335440811Tinderbox User "buffered yes;" when defining a channel. [RT #26561]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3990. [test] Add tests for unknown DNSSEC algorithm handling.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3989. [cleanup] Remove redundant dns_db_resigned calls. [RT #35748]
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater3988. [func] Allow the zone serial of a dynamically updatable
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater zone to be updated via "rndc signing -serial".
3040b455151b1e1173193933664b2891b6159f24Mark Andrews3987. [port] Handle future Visual Studio 14 incompatible changes.
551271d8198ae06e37edf5da519d8ee153eeac0fTinderbox User3986. [doc] Add the BIND version number to page footers
3040b455151b1e1173193933664b2891b6159f24Mark Andrews in the ARM. [RT #37398]
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User3985. [doc] Describe how +ndots and +search interact in dig.
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User3984. [func] Accept 256 byte long PINs in native PKCS#11
63d024b4a80b39753d7b2976d46b1478913cc6a1Tinderbox User crypto. [RT #37410]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3983. [bug] Change #3940 was incomplete: negative trust anchors
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater could be set to last up to a week, but the
ab496cc3df1648e9ad992a87c35c2c0870fdc69dTinderbox User "nta-lifetime" and "nta-recheck" options were
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater still limited to one day. [RT #37522]
fedd407a76adfdd745eb7d2461673693c6f9fea9Mark Andrews3982. [doc] Include release notes in product documentation.
fedd407a76adfdd745eb7d2461673693c6f9fea9Mark Andrews3981. [bug] Cache DS/NXDOMAIN independently of other query types.
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User3980. [bug] Improve --with-tuning=large by self tuning of SO_RCVBUF
80f05de86cd3cd8e4a4215c4501643891b942dafTinderbox User size. [RT #37187]
ab496cc3df1648e9ad992a87c35c2c0870fdc69dTinderbox User3979. [bug] Negative trust anchor fetches were not properly
ab496cc3df1648e9ad992a87c35c2c0870fdc69dTinderbox User managed. [RT #37488]
5b4ef313da4283079786e516b4b07a1691e1dc50Mark Andrews3978. [test] Added a unit test for Diffie-Hellman key
5b4ef313da4283079786e516b4b07a1691e1dc50Mark Andrews computation, completing change #3974. [RT #37477]
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User3977. [cleanup] "rndc secroots" reported a "not found" error when
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User there were no negative trust anchors set. [RT #37506]
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User3976. [bug] When refreshing managed-key trust anchors, clear
3040b455151b1e1173193933664b2891b6159f24Mark Andrews any cached trust so that they will always be
cc17f4a672fc4ce67327902dd797c4465f12c4c9Mark Andrews revalidated with the current set of secure
cc17f4a672fc4ce67327902dd797c4465f12c4c9Mark Andrews roots. [RT #37506]
cc17f4a672fc4ce67327902dd797c4465f12c4c9Mark Andrews3975. [bug] Don't populate or use the bad cache for queries that
cc17f4a672fc4ce67327902dd797c4465f12c4c9Mark Andrews don't request or use recursion. [RT #37466]
5b4ef313da4283079786e516b4b07a1691e1dc50Mark Andrews3974. [bug] Handle DH_compute_key() failure correctly in
5b4ef313da4283079786e516b4b07a1691e1dc50Mark Andrews3973. [test] Added hooks for Google Performance Tools CPU profiler,
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater including real-time/wall-clock profiling. Use
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater "configure --with-gperftools-profiler" to enable.
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater3972. [bug] Fix host's usage statement. [RT #37397]
50cfe402e61ba8d816d845a9f297e3de18f4fc15Tinderbox User3971. [bug] Reduce the cascading failures due to a bad $TTL line
e5a6871cd0635ecdb2bf792316a2d8c53206f4b2Tinderbox User in named-checkconf / named-checkzone. [RT #37138]
9563f388c8ca1bb9ebb04db54e122815b0008c8aTinderbox User3970. [contrib] Fixed a use after free bug in the SDB LDAP driver.
551271d8198ae06e37edf5da519d8ee153eeac0fTinderbox User3969. [test] Added 'delv' system test. [RT #36901]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User3968. [bug] Silence spurious log messages when using 'named -[46]'.
9563f388c8ca1bb9ebb04db54e122815b0008c8aTinderbox User3967. [test] Add test for inlined signed zone in multiple views
50cfe402e61ba8d816d845a9f297e3de18f4fc15Tinderbox User with different DNSKEY sets. [RT #35759]
50cfe402e61ba8d816d845a9f297e3de18f4fc15Tinderbox User3966. [bug] Missing dns_db_closeversion call in receive_secure_db.
735e1ed9685077e25f744d692acf77c5bf5d4490Tinderbox User3965. [func] Log outgoing packets and improve packet logging to
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User support logging the remote address. [RT #36624]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3964. [func] nsupdate now performs check-names processing.
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater3963. [test] Added NXRRSET test cases to the "dlzexternal"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater system test. [RT #37344]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User3962. [bug] 'dig +topdown +trace +sigchase' address unhandled error
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User conditions. [RT #34663]
f46621af221784fd08339c6fe9509d9e48334561Tinderbox User3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with
f46621af221784fd08339c6fe9509d9e48334561Tinderbox User BADSIG. [RT #37216]
f46621af221784fd08339c6fe9509d9e48334561Tinderbox User3960. [bug] 'dig +sigchase' could loop forever. [RT #37220]
f46621af221784fd08339c6fe9509d9e48334561Tinderbox User3959. [bug] Updates could be lost if they arrived immediately
9e898948ed76bf5f175bf178866c90c449843c3eTinderbox User after a rndc thaw. [RT #37233]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3958. [bug] Detect when writeable files have multiple references
2beefc22e6debdb72d7b2a069787ff565fc79ec4Tinderbox User3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and ECDSAP384SHA384. [RT #37183]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3956. [func] Notify messages are now rate limited by notify-rate and
dd53726b246db5cc63c1c87ca86dae39568eeaa3Tinderbox User startup-notify-rate instead of serial-query-rate.
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt3955. [bug] Notify messages due to changes are no longer queued
dd53726b246db5cc63c1c87ca86dae39568eeaa3Tinderbox User behind startup notify messages. [RT #24454]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User3954. [bug] Unchecked mutex init in dlz_dlopen_driver.c [RT #37112]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3952. [bug] dns_name_fullcompare failed to set *nlabelsp when the
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews two name pointers were the same. [RT #37176]
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews3951. [func] Add the ability to set yet-to-be-defined EDNS flags
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User to dig (+ednsflags=#). [RT #37142]
33d1cff1dd63494ffa00fac695a793f00c4ebf0bTinderbox User3950. [port] Changed the bin/python Makefile to work around a
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews bmake bug in FreeBSD 10 and NetBSD 6. [RT #36993]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3949. [experimental] Experimental support for draft-andrews-edns1 by sending
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews EDNS(1) queries (define DRAFT_ANDREWS_EDNS1 when
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews building). Add support for limiting the EDNS version
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews advertised to servers: server { edns-version 0; };
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User Log the EDNS version received in the query log.
17198e77b87667f796e910d31a4f47a80e256d09Mark Andrews3948. [port] solaris: RCVBUFSIZE was too large on Solaris with
7c8e44a2dc1121dbe3b615c9c934f37fb1741bb9Tinderbox User --with-tuning=large. [RT #37059]
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater3947. [cleanup] Set the executable bit on libraries when using
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater libtool. [RT #36786]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User3946. [cleanup] Improved "configure" search for a python interpreter.
7c8e44a2dc1121dbe3b615c9c934f37fb1741bb9Tinderbox User3945. [bug] Invalid wildcard expansions could be incorrectly
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater accepted by the validator. [RT #37093]
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater3944. [test] Added a regression test for "server-id". [RT #37057]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User3943. [func] SERVFAIL responses can now be cached for a
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User limited time (configured by "servfail-ttl",
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User default 10 seconds, limit 30). This can reduce
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User the frequency of retries when an authoritative
de73ef7ecdb9e009155993a6fa8dee5cd1bde319Mark Andrews server is known to be failing, e.g., due to
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater ongoing DNSSEC validation problems. [RT #21347]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User3942. [bug] Wildcard responses from a optout range should be
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User marked as insecure. [RT #37072]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User3941. [doc] Include the BIND version number in the ARM. [RT #37067]
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater3940. [func] "rndc nta" now allows negative trust anchors to be
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater set for up to one week. [RT #37069]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User3939. [func] Improve UPDATE forwarding performance by allowing TCP
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User connections to be shared. [RT #37039]
0e98665878103743dac92b6e8e1556d927e5bc30Tinderbox User3938. [func] Added quotas to be used in recursive resolvers
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User that are under high query load for names in zones
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User whose authoritative servers are nonresponsive or
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User are experiencing a denial of service attack.
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater - "fetches-per-server" limits the number of
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews simultaneous queries that can be sent to any
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews single authoritative server. The configured
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews value is a starting point; it is automatically
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews adjusted downward if the server is partially or
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User completely non-responsive. The algorithm used to
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews adjust the quota can be configured via the
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews "fetch-quota-params" option.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews - "fetches-per-zone" limits the number of
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews simultaneous queries that can be sent for names
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews within a single domain. (Note: Unlike
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User "fetches-per-server", this value is not
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews self-tuning.)
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews - New stats counters have been added to count
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews queries spilled due to these quotas.
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews See the ARM for details of these options. [RT #37125]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3937. [func] Added some debug logging to better indicate the
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews conditions causing SERVFAILs when resolving.
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews3936. [func] Added authoritative support for the EDNS Client
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User Subnet (ECS) option.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews ACLs can now include "ecs" elements which specify
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews an address or network prefix; if an ECS option is
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews included in a DNS query, then the address encoded
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews in the option will be matched against "ecs" ACL
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews Also, if an ECS address is included in a query,
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews then it will be used instead of the client source
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews address when matching "geoip" ACL elements. This
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews behavior can be overridden with "geoip-use-ecs no;".
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User (Note: to enable "geoip" ACLs, use "configure
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews --with-geoip". This requires libGeoIP version
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews 1.5.0 or higher.)
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews When "ecs" or "geoip" ACL elements are used to
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews select a view for a query, the response will include
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User an ECS option to indicate which client network the
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews answer is valid for.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (Thanks to Vincent Bernat.) [RT #36781]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3935. [bug] "geoip asnum" ACL elements would not match unless
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the full organization name was specified. They
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont can now match against the AS number alone (e.g.,
7c8e44a2dc1121dbe3b615c9c934f37fb1741bb9Tinderbox User AS1234). [RT #36945]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews3934. [bug] Catch bad 'sit-secret' in named-checkconf. Improve
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont sit-secret documentation. [RT #36980]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews3933. [bug] Corrected the implementation of dns_rdata_casecompare()
1921b850640ae984448e8b87870c8527fa9cddb6Evan Hunt for the HIP rdata type. [RT #36911]
1921b850640ae984448e8b87870c8527fa9cddb6Evan Hunt3932. [test] Improved named-checkconf tests. [RT #36911]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews3931. [cleanup] Cleanup how dlz grammar is defined. [RT #36879]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3930. [bug] "rndc nta -r" could cause a server hang if the
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews NTA was not found. [RT #36909]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont3929. [bug] 'host -a' needed to clear idnoptions. [RT #36963]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews3928. [test] Improve rndc system test. [RT #36898]
ee11dfc481f2ef6a032a715454f6290961a722d2Tinderbox User3927. [bug] dig: report PKCS#11 error codes correctly when
088a5ec3df14e7af67b4602b143869a09f7eefb3Francis Dupont compiled with --enable-native-pkcs11. [RT #36956]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews3926. [doc] Added doc for geoip-directory. [RT #36877]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3924. [bug] Improve 'rndc addzone' error reporting. [RT #35187]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3923. [bug] Sanity check the xml2-config output. [RT #22246]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews3922. [bug] When resigning, dnssec-signzone was removing
757ff043760e4743dda1a10e7d58349275934902Tinderbox User all signatures from delegation nodes. It now
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews retains DS and (if applicable) NSEC signatures.
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater3921. [bug] AD was inappropriately set on RPZ responses. [RT #36833]
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews3920. [doc] Added doc for masterfile-style. [RT #36823]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3919. [bug] dig: continue to next line if a address lookup fails
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews in batch mode. [RT #36755]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3918. [doc] Update check-spf documentation. [RT #36910]
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User3917. [bug] dig, nslookup and host now continue on names that are
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews too long after applying a search list elements.
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User3916. [contrib] zone2sqlite checked wrong result code. Address
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews compiler warnings. [RT #36931]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3915. [bug] Address a assertion if a route event arrived while
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews shutting down. [RT #36887]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3914. [bug] Allow the URI target and CAA value fields to
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews be zero length. [RT #36737]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3913. [bug] Address race issue in dispatch. [RT #36731]
088a5ec3df14e7af67b4602b143869a09f7eefb3Francis Dupont3912. [bug] Address some unrecoverable lookup failures. [RT #36330]
088a5ec3df14e7af67b4602b143869a09f7eefb3Francis Dupont3911. [func] Implement EDNS EXPIRE option client side, allowing
088a5ec3df14e7af67b4602b143869a09f7eefb3Francis Dupont a slave server to set the expiration timer correctly
088a5ec3df14e7af67b4602b143869a09f7eefb3Francis Dupont when transferring zone data from another slave
c7f686829f05e44169d46746cfb25cadcf078585Tinderbox User server. [RT #35925]
c7f686829f05e44169d46746cfb25cadcf078585Tinderbox User3910. [bug] Fix races to free event during shutdown. [RT #36720]
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User3909. [bug] When computing the number of elements required for a
c7f686829f05e44169d46746cfb25cadcf078585Tinderbox User acl count_acl_elements could have a short count leading
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews to a assertion failure. Also zero out new acl elements
51901858be9d4632c1d0bed28cfa8f29932c1967Tinderbox User in dns_acl_merge. [RT #36675]
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews3908. [bug] rndc now differentiates between a zone in multiple
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User views and a zone that doesn't exist at all. [RT #36691]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3907. [cleanup] Alphabetize rndc help. [RT #36683]
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater3906. [protocol] Update URI record format to comply with
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews draft-faltstrom-uri-08. [RT #36642]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3905. [bug] Address deadlock between view.c and adb.c. [RT #36341]
4fe0411487e8e4401477684c0a2bac041ca7c2d5Tinderbox User3904. [func] Add the RPZ SOA to the additional section. [RT36507]
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User3903. [bug] Improve the accuracy of DiG's reported round trip
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews time. [RT 36611]
6284b9b877d2205240dce1cf7f88d4dca888e44aTinderbox User3902. [bug] liblwres wasn't handling link-local addresses in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater nameserver clauses in resolv.conf. [RT #36039]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3901. [protocol] Added support for CAA record type (RFC 6844).
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3900. [bug] Fix a crash in PostgreSQL DLZ driver. [RT #36637]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3899. [bug] "request-ixfr" is only applicable to slave and redirect
3a9593055ead76cbbb417aee2d2e656c2c92cf46Automatic Updater zones. [RT #36608]
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews3898. [bug] Too small a buffer in tohexstr() calls in test code.
bac4435d473c9a0281507524f084480c34aa942aTinderbox User3897. [bug] RPZ summary information was not properly being updated
8bc3d252395842452a6d2c775cf8445f6349e331Tinderbox User after a AXFR resulting in changes sometimes being
de7b9a1dac0c293b39994c91d4376883da25554fTinderbox User ignored. [RT #35885]
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User3896. [bug] Address performance issues with DSCP code on some
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater platforms. [RT #36534]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User3895. [func] Add the ability to set the DSCP code point to dig.
ab103cf2caf211985be8c4296d379e43d26268c4Tinderbox User3894. [bug] Buffers in isc_print_vsnprintf were not properly
467a823e57af687ebd486dfd73ea32f9d2a145beTinderbox User initialized leading to potential overflows when
467a823e57af687ebd486dfd73ea32f9d2a145beTinderbox User printing out quad values. [RT #36505]
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User3893. [bug] Peer DSCP values could be returned without being set.
950d203b64f512b85fcc093ee1e9e3e531a1aea3Tinderbox User3892. [bug] Setting '-t aaaa' in .digrc had unintended side
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User effects. [RT #36452]
e6fc17ec5ad5ba1c4bf5730b2b97c82d1f2b8f3cMark Andrews3891. [bug] Use ${INSTALL_SCRIPT} rather than ${INSTALL_PROGRAM}
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater to install python programs.
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User3890. [bug] RRSIG sets that were not loaded in a single transaction
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User at start up where not being correctly added to
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User re-signing heaps. [RT #36302]
402eda3e7d4254ffac1543bf2917c71248a09e4cTinderbox User3889. [port] hurd: configure fixes as per:
e6fc17ec5ad5ba1c4bf5730b2b97c82d1f2b8f3cMark Andrews https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746540
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews3888. [func] 'rndc status' now reports the number of automatic
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater zones. [RT #36015]
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews3887. [cleanup] Make all static symbols in rbtdb64 end in "64" so
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews they are easier to use in a debugger. [RT #36373]
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews3886. [bug] rbtdb_write_header should use a once to initialize
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews FILE_VERSION. [RT #36374]
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews3885. [port] Use 'open()' rather than 'file()' to open files in
f751b1576ee6fef4023bf7101d10167e4fe520f3Tinderbox User3884. [protocol] Add CDS and CDNSKEY record types. [RT #36333]
955ee8b865d70d02ad1fdc959382e6f8a07c1d14Tinderbox User3883. [placeholder]
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater3882. [func] By default, negative trust anchors will be tested
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater periodically to see whether data below them can be
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater validated, and if so, they will be allowed to
261ef37955c3468cbcb55d54b83c9a3b14e114dfTinderbox User expire early. The "rndc nta -force" option
22870a9f8df95488abe2b17ab92b7cb6a9fe6f14Tinderbox User overrides this behavior. The default NTA lifetime
22870a9f8df95488abe2b17ab92b7cb6a9fe6f14Tinderbox User and the recheck frequency can be configured by the
22870a9f8df95488abe2b17ab92b7cb6a9fe6f14Tinderbox User "nta-lifetime" and "nta-recheck" options. [RT #36146]
22870a9f8df95488abe2b17ab92b7cb6a9fe6f14Tinderbox User3881. [bug] Address memory leak with UPDATE error handling.
02d20c5d79600704d617d248642c477e9b5e6a2aTinderbox User3880. [test] Update ans.pl to work with new TSIG support in
02d20c5d79600704d617d248642c477e9b5e6a2aTinderbox User Net::DNS; add additional Net::DNS version prerequisite
02d20c5d79600704d617d248642c477e9b5e6a2aTinderbox User checks. [RT #36327]
02d20c5d79600704d617d248642c477e9b5e6a2aTinderbox User3879. [func] Add version printing option to various BIND utilities.
6d114a4c5cddb176ae5199eee154c0273d652ba4Tinderbox User3878. [bug] Using the incorrect filename for a DLZ module
02d20c5d79600704d617d248642c477e9b5e6a2aTinderbox User caused a segmentation fault on startup. [RT #36286]
02d20c5d79600704d617d248642c477e9b5e6a2aTinderbox User3877. [bug] Inserting and deleting parent and child nodes
02d20c5d79600704d617d248642c477e9b5e6a2aTinderbox User in response policy zones could trigger an assertion
02d20c5d79600704d617d248642c477e9b5e6a2aTinderbox User failure. [RT #36272]
02d20c5d79600704d617d248642c477e9b5e6a2aTinderbox User3876. [bug] Improve efficiency of DLZ redirect zones by
87d422bb38fa1c8f0fb29c2a1b8c044870a7df46Tinderbox User suppressing unnecessary database lookups. [RT #35835]
87d422bb38fa1c8f0fb29c2a1b8c044870a7df46Tinderbox User3875. [cleanup] Clarify log message when unable to read private
87d422bb38fa1c8f0fb29c2a1b8c044870a7df46Tinderbox User key files. [RT #24702]
87d422bb38fa1c8f0fb29c2a1b8c044870a7df46Tinderbox User3874. [test] Check that only "check-names master" is needed for
6d114a4c5cddb176ae5199eee154c0273d652ba4Tinderbox User updates to be accepted.
9e295ad801d5c986eb6c7745637b5dc0efb28711Tinderbox User3873. [protocol] Only warn for SPF without TXT spf record. [RT #36210]
955ee8b865d70d02ad1fdc959382e6f8a07c1d14Tinderbox User3872. [bug] Address issues found by static analysis. [RT #36209]
955ee8b865d70d02ad1fdc959382e6f8a07c1d14Tinderbox User3871. [bug] Don't publish an activated key automatically before
b8cc0c5d896c361525708a2be2e5af7df76c96d7Tinderbox User its publish time. [RT #35063]
959e5da49a2cff7dfd8fdb885cd11c5d7d94a292Tinderbox User3870. [func] Updated the random number generator used in
959e5da49a2cff7dfd8fdb885cd11c5d7d94a292Tinderbox User the resolver to use the updated ChaCha based one
0a2ff769ecd0b5a6bda54b62bc1ec5fa6fd198a0Tinderbox User (similar to OpenBSD's changes). Also moved the
959e5da49a2cff7dfd8fdb885cd11c5d7d94a292Tinderbox User RNG to libisc and added unit tests for it.
7a6494cfb6cc7d3f67af07359561e05e6bb8c0edTinderbox User3869. [doc] Document that in-view zones cannot be used for
7a6494cfb6cc7d3f67af07359561e05e6bb8c0edTinderbox User response policy zones. [RT #35941]
7a6494cfb6cc7d3f67af07359561e05e6bb8c0edTinderbox User3868. [bug] isc_mem_setwater incorrectly cleared hi_called
7a6494cfb6cc7d3f67af07359561e05e6bb8c0edTinderbox User potentially leaving over memory cleaner running.
02d20c5d79600704d617d248642c477e9b5e6a2aTinderbox User3867. [func] "rndc nta" can now be used to set a temporary
43c88753060df6335a789cd9bef2994d724d8be5Tinderbox User negative trust anchor, which disables DNSSEC
02d20c5d79600704d617d248642c477e9b5e6a2aTinderbox User validation below a specified name for a specified
2ec4ab21838e218863d052ebfa3e106e04f50820Evan Hunt period of time (not exceeding 24 hours). This
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User can be used when validation for a domain is known
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews to be failing due to a configuration error on
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the part of the domain owner rather than a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews spoofing attack. [RT #29358]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3866. [bug] Named could die on disk full in generate_session_key.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3865. [test] Improved testability of the red-black tree
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews implementation and added unit tests. [RT #35904]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3864. [bug] RPZ didn't work well when being used as forwarder.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3863. [bug] The "E" flag was missing from the query log as a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews unintended side effect of code rearrangement to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews support EDNS EXPIRE. [RT #36117]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3862. [cleanup] Return immediately if we are not going to log the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews message in ns_client_dumpmessage.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3861. [security] Missing isc_buffer_availablelength check results
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews in a REQUIRE assertion when printing out a packet
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (CVE-2014-3859). [RT #36078]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3860. [bug] ioctl(DP_POLL) array size needs to be determined
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews at run time as it is limited to {OPEN_MAX}.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3859. [placeholder]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3858. [bug] Disable GCC 4.9 "delete null pointer check".
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3857. [bug] Make it harder for a incorrect NOEDNS classification
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews to be made. [RT #36020]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3856. [bug] Configuring libjson without also configuring libxml
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews resulted in a REQUIRE assertion when retrieving
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statistics using json. [RT #36009]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3855. [bug] Limit smoothed round trip time aging to no more than
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews once a second. [RT #32909]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3854. [cleanup] Report unrecognized options, if any, in the final
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews configure summary. [RT #36014]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3853. [cleanup] Refactor dns_rdataslab_fromrdataset to separate out
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the handling of a rdataset with no records. [RT #35968]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3852. [func] Increase the default number of clients available
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews for servicing lightweight resolver queries, and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews make them configurable via the "lwres-tasks" and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews "lwres-clients" options. (Thanks to Tomas Hozza.)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3851. [func] Allow libseccomp based system-call filtering
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews on Linux; use "configure --enable-seccomp" to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews turn it on. Thanks to Loganaden Velvindron
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews of AFRINIC for the contribution. [RT #35347]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews3850. [bug] Disabling forwarding could trigger a REQUIRE assertion.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3849. [doc] Alphabetized dig's +options. [RT #35992]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3848. [bug] Adjust 'statistics-channels specified but not effective'
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews error message to account for JSON support. [RT #36008]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3847. [bug] 'configure --with-dlz-postgres' failed to fail when
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews there is not support available.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3846. [bug] "dig +notcp ixfr=<serial>" should result in a UDP
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews ixfr query. [RT #35980]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3845. [placeholder]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3844. [bug] Use the x64 version of the Microsoft Visual C++
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Redistributable when built for 64 bit Windows.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3843. [protocol] Check EDNS EXPIRE option in dns_rdata_fromwire.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3842. [bug] Adjust RRL log-only logging category. [RT #35945]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3841. [cleanup] Refactor zone.c:add_opt to use dns_message_buildopt.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3840. [port] Check for arc4random_addrandom() before using it;
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews it's been removed from OpenBSD 5.5. [RT #35907]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3839. [test] Use only posix-compatible shell in system tests.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3838. [protocol] EDNS EXPIRE as been assigned a code point of 9.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3837. [security] A NULL pointer is passed to query_prefetch resulting
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews a REQUIRE assertion failure when a fetch is actually
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews initiated (CVE-2014-3214). [RT #35899]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3836. [bug] Address C++ keyword usage in header file.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3835. [bug] Geoip ACL elements didn't work correctly when
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews referenced via named or nested ACLs. [RT #35879]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3834. [bug] The re-signing heaps were not being updated soon enough
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews leading to multiple re-generations of the same RRSIG
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews when a zone transfer was in progress. [RT #35273]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3833. [bug] Cross compiling was broken due to calling genrandom at
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews build time. [RT #35869]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3832. [func] "named -L <filename>" causes named to send log
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews messages to the specified file by default instead
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews of to the system log. (Thanks to Tony Finch.)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3831. [cleanup] Reduce logging noise when EDNS state changes occur.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3830. [func] When query logging is enabled, log query errors at
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the same level ('info') as the queries themselves.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3829. [func] "dig +ttlunits" causes dig to print TTL values
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews with time-unit suffixes: w, d, h, m, s for
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews weeks, days, hours, minutes, and seconds. (Thanks
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews to Tony Finch.) [RT #35823]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3828. [func] "dnssec-signzone -N date" updates serial number
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews to the current date in YYYYMMDDNN format.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3827. [placeholder]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3826. [bug] Corrected bad INSIST logic in isc_radix_remove().
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3825. [bug] Address sign extension bug in isc_regex_validate.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3824. [bug] A collision between two flag values could cause
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews problems with cache cleaning when SIT was enabled.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater3823. [func] Log the rpz cname target when rewriting. [RT #35667]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3822. [bug] Log the correct type of static-stub zones when
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews removing them. [RT #35842]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3821. [contrib] Added a new "mysqldyn" DLZ module with dynamic
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews update and transaction support. Thanks to Marty
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Lee for the contribution. [RT #35656]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3820. [func] The DLZ API doesn't pass the database version to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the lookup() function; this can cause DLZ modules
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews that allow dynamic updates to mishandle prerequisite
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User checks. This has been corrected by adding a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews 'dbversion' field to the dns_clientinfo_t
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews structure. [RT #35656]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3819. [bug] NSEC3 hashes need to be able to be entered and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews displayed without padding. This is not a issue for
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews currently defined algorithms but may be for future
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews hash algorithms. [RT #27925]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3818. [bug] Stop lying to the optimizer that 'void *arg' is a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews constant in isc_event_allocate.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3817. [func] The "delve" command is now spelled "delv" to avoid
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews a namespace collision with the Xapian project.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3816. [func] "dig +qr" now reports query size. (Thanks to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Tony Finch.) [RT #35822]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3815. [doc] Clarify "nsupdate -y" usage in man page. [RT #35808]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3814. [func] The "masterfile-style" zone option controls the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews formatting of dumped zone files. Options are
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews "relative" (multiline format) and "full" (one
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews record per line). The default is "relative".
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3813. [func] "host" now recognizes the "timeout", "attempts" and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews "debug" options when set in /etc/resolv.conf.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (Thanks to Adam Tkac at RedHat.) [RT #21885]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3812. [func] Dig now supports sending arbitrary EDNS options from
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the command line (+ednsopt=code[:value]). [RT #35584]
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User3811. [func] "serial-update-method date;" sets serial number
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt on dynamic update to today's date in YYYYMMDDNN
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt format. (Thanks to Bradley Forschinger.) [RT #24903]
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt3810. [bug] Work around broken nameservers that fail to ignore
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt unknown EDNS options. [RT #35766]
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt3809. [doc] Fix SIT and NSID documentation.
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt3808. [doc] Clean up "prefetch" documentation. [RT #35751]
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt3807. [bug] Fix sign extension bug in dns_name_fromtext when
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt lowercase is set. [RT #35743]
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt3806. [test] Improved system test portability. [RT #35625]
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt3805. [contrib] Added contrib/perftcpdns, a performance testing tool
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt for DNS over TCP. [RT #35710]
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt --- 9.10.0rc1 released ---
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User3804. [bug] Corrected a race condition in dispatch.c in which
ab272d2204a075b5ed0798d04733a9028782b8daEvan Hunt portentry could be reset leading to an assertion
214af784e91553d387246fd9ce46cb1291697b9aTinderbox User failure in socket_search(). (Change #3708
ab272d2204a075b5ed0798d04733a9028782b8daEvan Hunt addressed the same issue but was incomplete.)
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater3803. [bug] "named-checkconf -z" incorrectly rejected zones
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater using alternate data sources for not having a "file"
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater option. [RT #35685]
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater3802. [bug] Various header files were not being installed.
9e295ad801d5c986eb6c7745637b5dc0efb28711Tinderbox User3801. [port] Fix probing for gssapi support on FreeBSD. [RT #35615]
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater3800. [bug] A pending event on the route socket could cause an
9e295ad801d5c986eb6c7745637b5dc0efb28711Tinderbox User assertion failure when shutting down named. [RT #35674]
77932ac533c711eca5cd86de4e7eca8d91102b43Tinderbox User3799. [bug] Improve named's command line error reporting.
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater3798. [bug] 'rndc zonestatus' was reporting the wrong re-signing
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User time. [RT #35659]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson3797. [port] netbsd: geoip support probing was broken. [RT #35642]
66d24a46538c7c2d29fdb5611ab1173e83685b1dTinderbox User3796. [bug] Register dns and pkcs#11 error codes. [RT #35629]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson3795. [bug] Make named-checkconf detect raw masterfiles for
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson hint zones and reject them. [RT #35268]
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews3794. [maint] Added AAAA for C.ROOT-SERVERS.NET.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews3793. [bug] zone.c:save_nsec3param() could assert when out of
94df856897945fe58f130ba78765c57308bc5400Automatic Updater memory. [RT #35621]
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User3792. [func] Provide links to the alternate statistics views when
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User displaying in a browser. [RT #35605]
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User3791. [placeholder]
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User3790. [bug] Handle broken nameservers that send BADVERS in
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews response to unknown EDNS options. Maintain
9a9ca3c4f120971b7091b28a5530e5eaf362f7e6Tinderbox User statistics on BADVERS responses.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater3789. [bug] Null pointer dereference on rbt creation failure.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3788. [bug] dns_peer_getrequestsit was returning request_nsid by
9e295ad801d5c986eb6c7745637b5dc0efb28711Tinderbox User --- 9.10.0b2 released ---
da93950363b307b718d156514b95b9df93a63776Mark Andrews3787. [bug] The code that checks whether "auto-dnssec" is
da93950363b307b718d156514b95b9df93a63776Mark Andrews allowed was ignoring "allow-update" ACLs set at
9e295ad801d5c986eb6c7745637b5dc0efb28711Tinderbox User the options or view level. [RT #29536]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3786. [func] Provide more detailed error codes when using
9a9ca3c4f120971b7091b28a5530e5eaf362f7e6Tinderbox User native PKCS#11. "pkcs11-tokens" now fails robustly
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater rather than asserting when run against an HSM with
9a9ca3c4f120971b7091b28a5530e5eaf362f7e6Tinderbox User an incomplete PKCS#11 API implementation. [RT #35479]
9a9ca3c4f120971b7091b28a5530e5eaf362f7e6Tinderbox User3785. [bug] Debugging code dumphex didn't accept arbitrarily long
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User input (only compiled with -DDEBUG). [RT #35544]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3784. [bug] Using "rrset-order fixed" when it had not been
9a9ca3c4f120971b7091b28a5530e5eaf362f7e6Tinderbox User enabled at compile time caused inconsistent
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater results. It now works as documented, defaulting
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User to cyclic mode. [RT #28104]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3783. [func] "tsig-keygen" is now available as an alternate
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User command name for "ddns-confgen". It generates
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User a TSIG key in named.conf format without comments.
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3782. [func] Specifying "auto" as the salt when using
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User "rndc signing -nsec3param" causes named to
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User generate a 64-bit salt at random. [RT #35322]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3781. [tuning] Use adaptive mutex locks when available; this
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User has been found to improve performance under load
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User on many systems. "configure --with-locktype=standard"
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User restores conventional mutex locks. [RT #32576]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3780. [bug] $GENERATE handled negative numbers incorrectly.
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3779. [cleanup] Clarify the error message when using an option
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User that was not enabled at compile time. [RT #35504]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3778. [bug] Log a warning when the wrong address family is
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User used in "listen-on" or "listen-on-v6". [RT #17848]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3777. [bug] EDNS EXPIRE code could dump core when processing
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User DLZ queries. [RT #35493]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3776. [func] "rndc -q" suppresses output from successful
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User rndc commands. Errors are printed on stderr.
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3775. [bug] dlz_dlopen driver could return the wrong error
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User code on API version mismatch, leading to a segfault.
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3774. [func] When using "request-nsid", log the NSID value in
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User printable form as well as hex. [RT #20864]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3773. [func] "host", "nslookup" and "nsupdate" now have
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User options to print the version number and exit.
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3772. [contrib] Added sqlite3 dynamically-loadable DLZ module.
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User (Based in part on a contribution from Tim Tessier.)
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3771. [cleanup] Adjusted log level for "using built-in key"
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User messages. [RT #24383]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3770. [bug] "dig +trace" could fail with an assertion when it
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User needed to fall back to TCP due to a truncated
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User response. [RT #24660]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3769. [doc] Improved documentation of "rndc signing -list".
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3768. [bug] "dnssec-checkds" was missing the SHA-384 digest
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User algorithm. [RT #34000]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3767. [func] Log explicitly when using rndc.key to configure
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User command channel. [RT #35316]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3766. [cleanup] Fixed problems with building outside the source
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User tree when using native PKCS#11. [RT #35459]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3765. [bug] Fixed a bug in "rndc secroots" that could crash
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User named when dumping an empty keynode. [RT #35469]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3764. [bug] The dnssec-keygen/settime -S and -i options
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User (to set up a successor key and set the prepublication
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User interval) were missing from dnssec-keyfromlabel.
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3763. [bug] delve: Cache DNSSEC records to avoid the need to
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User re-fetch them when restarting validation. [RT #35476]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3762. [bug] Address build problems with --pkcs11-native +
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User --with-openssl with ECDSA support. [RT #35467]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3761. [bug] Address dangling reference bug in dns_keytable_add.
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3760. [bug] Improve SIT with native PKCS#11 and on Windows.
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3759. [port] Enable delve on Windows. [RT #35441]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3758. [port] Enable export library APIs on Windows. [RT #35382]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3757. [port] Enable Python tools (dnssec-coverage,
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User dnssec-checkds) to run on Windows. [RT #34355]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3756. [bug] GSSAPI Kerberos realm checking was broken in
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User check_config leading to spurious messages being
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User logged. [RT #35443]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User --- 9.10.0b1 released ---
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3755. [func] Add stats counters for known EDNS options + others.
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3754. [cleanup] win32: Installer now places files in the
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User Program Files area rather than system services.
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3753. [bug] allow-notify was ignoring keys. [RT #35425]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3752. [bug] Address potential REQUIRE failure if
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User DNS_STYLEFLAG_COMMENTDATA is set when printing out
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3751. [tuning] The default setting for the -U option (setting
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User the number of UDP listeners per interface) has
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User been adjusted to improve performance. [RT #35417]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3750. [experimental] Partially implement EDNS EXPIRE option as described
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User in draft-andrews-dnsext-expire-00. Retrieval of
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User the remaining time until expiry for slave zones
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User is supported.
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User EXPIRE uses an experimental option code (65002),
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User which is subject to change. [RT #35416]
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3749. [func] "dig +subnet" sends an EDNS client subnet option
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User containing the specified address/prefix when
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User querying. (Thanks to Wilmer van der Gaast.)
05c0db3923b93c36afa488bffc7862e0ae554698Tinderbox User3748. [test] Use delve to test dns_client interfaces. [RT #35383]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3747. [bug] A race condition could lead to a core dump when
933799f3641f4f78445d015008bad0038900a82aTinderbox User destroying a resolver fetch object. [RT #35385]
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User3746. [func] New "max-zone-ttl" option enforces maximum
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User TTLs for zones. If loading a zone containing a
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User higher TTL, the load fails. DDNS updates with
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User higher TTLs are accepted but the TTL is truncated.
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User (Note: Currently supported for master zones only;
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User inline-signing slaves will be added.) [RT #38405]
19558a04decde0e7261d489d92d04ad88104217bTinderbox User3745. [func] "configure --with-tuning=large" adjusts various
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User compiled-in constants and default settings to
d2f313886122eeb989e5c58cd9a70373222210c4Tinderbox User values suited to large servers with abundant
d2f313886122eeb989e5c58cd9a70373222210c4Tinderbox User memory. [RT #29538]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3744. [experimental] SIT: send and process Source Identity Tokens
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User (similar to DNS Cookies by Donald Eastlake 3rd),
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews which are designed to help clients detect off-path
39a3b65090ccfc86b66e416c949c6a938c7f1d4aTinderbox User spoofed responses and for servers to identify
1bf507ca635310b340aea42d6c3e567819974a99Tinderbox User legitimate clients.
5747235bf35e7398984fd6b4632743396895ea7aTinderbox User SIT uses an experimental EDNS option code (65001),
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews which will be changed to an IANA-assigned value
644973f327e9db74779e7c0426db90909173b284Automatic Updater if the experiment is deemed a success.
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews SIT can be enabled via "configure --enable-sit" (or
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews --enable-developer). It is enabled by default in
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User Servers can be configured to send smaller responses
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User to clients that have not identified themselves via
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User SIT. RRL processing has also been updated;
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User legitimate clients are not subject to rate
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User limiting. [RT #35389]
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User3743. [bug] delegation-only flag wasn't working in forward zone
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User declarations despite being documented. This is
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User needed to support turning off forwarding and turning
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User on delegation only at the same name. [RT #35392]
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User3742. [port] linux: libcap support: declare curval at start of
1921b850640ae984448e8b87870c8527fa9cddb6Evan Hunt block. [RT #35387]
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User3741. [func] "delve" (domain entity lookup and validation engine):
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User A new tool with dig-like semantics for performing DNS
ff8d6ca9d58a398b66cee8079cbbd6bfe2c80f0dTinderbox User lookups, with internal DNSSEC validation, using the
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User same resolver and validator logic as named. This
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User allows easy validation of DNSSEC data in environments
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User with untrustworthy resolvers, and assists with
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User troubleshooting of DNSSEC problems. [RT #32406]
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User3740. [contrib] Minor fixes to configure --with-dlz-bdb,
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User --with-dlz-postgres and --with-dlz-odbc. [RT #35340]
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User3739. [func] Added per-zone stats counters to track TCP and
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User UDP queries. [RT #35375]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3738. [bug] --enable-openssl-hash failed to build. [RT #35343]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3737. [bug] 'rndc retransfer' could trigger a assertion failure
19558a04decde0e7261d489d92d04ad88104217bTinderbox User with inline zones. [RT #35353]
933799f3641f4f78445d015008bad0038900a82aTinderbox User3736. [bug] nsupdate: When specifying a server by name,
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User fall back to alternate addresses if the first
af60449fe472b8bea5ad04bf538c777c6b151112Tinderbox User address for that name is not reachable. [RT #25784]
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User3735. [cleanup] Merged the libiscpk11 library into libisc
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews to simplify dependencies. [RT #35205]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3734. [bug] Improve building with libtool. [RT #35314]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3733. [func] Improve interface scanning support. Interface
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews information will be automatically updated if the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews OS supports routing sockets (MacOS, *BSD, Linux).
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews Use "automatic-interface-scan no;" to disable.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews Add "rndc scan" to trigger a scan. [RT #23027]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3732. [contrib] Fixed a type mismatch causing the ODBC DLZ
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews driver to dump core on 64-bit systems. [RT #35324]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3731. [func] Added a "no-case-compress" ACL, which causes
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews named to use case-insensitive compression
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews (disabling change #3645) for specified
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews clients. (This is useful when dealing
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews with broken client implementations that
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews use case-sensitive name comparisons,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews rejecting responses that fail to match the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews capitalization of the query that was sent.)
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3730. [cleanup] Added "never" as a synonym for "none" when
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews configuring key event dates in the dnssec tools.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3729. [bug] dnssec-keygen could set the publication date
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews incorrectly when only the activation date was
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews specified on the command line. [RT #35278]
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews3728. [doc] Expanded native-PKCS#11 documentation,
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User specifically pkcs11: URI labels. [RT #35287]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3727. [func] The isc_bitstring API is no longer used and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater has been removed from libisc. [RT #35284]
6306dd073e0eba562491222821c4d3b39f440718Evan Hunt3726. [cleanup] Clarified the error message when attempting
6306dd073e0eba562491222821c4d3b39f440718Evan Hunt to configure more than 32 response-policy zones.
6306dd073e0eba562491222821c4d3b39f440718Evan Hunt3725. [contrib] Updated zkt and nslint to newest versions,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User cleaned up and rearranged the contrib
f4193c2021ab0aeaad33fe0b3d1d49c80db5c725Mark Andrews directory, and added a README.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User --- 9.10.0a2 released ---
872a5b83f68b8058945298715b0fa53442aad52fAutomatic Updater3724. [bug] win32: Fixed a bug that prevented dig and
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews host from exiting properly after completing
bac4435d473c9a0281507524f084480c34aa942aTinderbox User a UDP query. [RT #35288]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3723. [cleanup] Imported keys are now handled the same way
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews regardless of DNSSEC algorithm. [RT #35215]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3722. [bug] Using geoip ACLs in a blackhole statement
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews could cause a segfault. [RT #35272]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3721. [doc] Improved documentation of the EDNS processing
5de1cdae8a44312ca0dbb2a0fd0388fa35676a84Tinderbox User enhancements introduced in change #3593. [RT #35275]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3720. [bug] Address compiler warnings. [RT #35261]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3719. [bug] Address memory leak in in peer.c. [RT #35255]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3718. [bug] A missing ISC_LINK_INIT in log.c. [RT #35260]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3717. [port] hpux: Treat EOPNOTSUPP as a expected error code when
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews probing to see if it is possible to set dscp values
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews on a per packet basis. [RT #35252]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3716. [bug] The dns_request code was setting dcsp values when not
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews requested. [RT #35252]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3715. [bug] The region and city databases could fail to
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews initialize when using some versions of libGeoIP,
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews causing assertion failures when named was
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User configured to use them. [RT #35427]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3714. [test] System tests that need to test for cryptography
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews support before running can now use a common
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews "testcrypto.sh" script to do so. [RT #35213]
bf1263835e8e35421960f65088c043f42aacef13Mark Andrews3713. [bug] Save memory by not storing "also-notify" addresses
15ae68f3db8261770fc33b8e0f83f5d8c7021e84Mark Andrews in zone objects that are configured not to send
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews notify requests. [RT #35195]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3712. [placeholder]
cb40461f8744c5aeb369b84d5f48395a13a221a0Mark Andrews3711. [placeholder]
a04588e781b513ae3b30e061ac98035802b5e8e8Mark Andrews3710. [bug] Address double dns_zone_detach when switching to
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews using automatic empty zones from regular zones.
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User3709. [port] Use built-in versions of strptime() and timegm()
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User on all platforms to avoid portability issues.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3708. [bug] Address a portentry locking issue in dispatch.c.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3707. [bug] irs_resconf_load now returns ISC_R_FILENOTFOUND
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater on a missing resolv.conf file and initializes the
10640b2e3efc7bc8034108136d7487f7407fbf37Andreas Gustafsson structure as if it had been configured with:
10640b2e3efc7bc8034108136d7487f7407fbf37Andreas Gustafsson nameserver ::1
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User nameserver 127.0.0.1
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User Note: Callers will need to be updated to treat
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews ISC_R_FILENOTFOUND as a qualified success or else
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater they will leak memory. The following code fragment
436aad11e01e916f75e68a2e9cb89ac217a990d3Tinderbox User will work with both old and new versions without
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater changing the behaviour of the existing code.
a450977e98155f6e828fe6f8d52cf24674231831Mark Andrews resconf = NULL;
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User result = irs_resconf_load(mctx, "/etc/resolv.conf",
76fbdc591b3d46df28878a6ff844798622b85265Tinderbox User if (result != ISC_SUCCESS) {
af682c183e3448c34da1145018a085ac45b1b660Tinderbox User if (resconf != NULL)
fe600c3ad88c0bb078283a953d048087d227c0e5Tinderbox User irs_resconf_destroy(&resconf);
09ee43766e232bd04066445db114c2703dd02bf8Tinderbox User3706. [contrib] queryperf: Fixed a possible integer overflow when
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater printing results. [RT #35182]
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User3705. [func] "configure --enable-native-pkcs11" enables BIND
bac4435d473c9a0281507524f084480c34aa942aTinderbox User to use the PKCS#11 API for all cryptographic
a450977e98155f6e828fe6f8d52cf24674231831Mark Andrews functions, so that it can drive a hardware service
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User module directly without the need to use a modified
f520803b46dc189fdaf84adc87ef327d3587b435Mark Andrews OpenSSL as intermediary (so long as the HSM's vendor
1921b850640ae984448e8b87870c8527fa9cddb6Evan Hunt provides a complete-enough implementation of the
6715db6593ce9a271ac3131cd7a886feaa386a2eEvan Hunt PKCS#11 interface). This has been tested successfully
6715db6593ce9a271ac3131cd7a886feaa386a2eEvan Hunt with the Thales nShield HSM and with SoftHSMv2 from
1921b850640ae984448e8b87870c8527fa9cddb6Evan Hunt the OpenDNSSEC project. [RT #29031]
a450977e98155f6e828fe6f8d52cf24674231831Mark Andrews3704. [protocol] Accept integer timestamps in RRSIG records. [RT #35185]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews3703. [func] To improve recursive resolver performance, cache
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater records which are still being requested by clients
0197efed438a96881ebd8d165f8479a89f1ba62fTinderbox User can now be automatically refreshed from the
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont authoritative server before they expire, reducing
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews or eliminating the time window in which no answer
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews is available in the cache. See the "prefetch" option
f0c5e918974bf778af6cd1e25309ad13e30a79a6Tinderbox User for more details. [RT #35041]
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews3702. [func] 'dnssec-coverage -l' option specifies a length
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews of time to check for coverage; events further into
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater the future are ignored. 'dnssec-coverage -z'
77932ac533c711eca5cd86de4e7eca8d91102b43Tinderbox User checks only ZSK events, and 'dnssec-coverage -k'
8f1a00cf8b3d9dc8d419a797b7ff4fb6ddba428eTinderbox User checks only KSK events. (Thanks to Peter Palfrader.)
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews3701. [func] named-checkconf can now obscure shared secrets
d6487e3c0a981bd8ac1e155d3a2d590c078d6c85Tinderbox User when printing by specifying '-x'. [RT #34465]
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews3700. [func] Allow access to subgroups of XML statistics via
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews special URLs http://<server>:<port>/xml/v3/server,
3e9c07abfd4ad76b1f8085f0f96f5646f2d9e219Tinderbox User /zones, /net, /tasks, /mem, and /status. [RT #35115]
8aa098c6334de11c8fd117d30851cc457813c410Mark Andrews3699. [bug] Improvements to statistics channel XSL stylesheet:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the stylesheet can now be cached by the browser;
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater section headers are omitted from the stats display
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews when there is no data in those sections to be
27c3c21f41520e8d6336d80a8094389e321cb6d2Mark Andrews displayed; counters are now right-justified for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater easier readability. [RT #35117]
955ee8b865d70d02ad1fdc959382e6f8a07c1d14Tinderbox User3698. [cleanup] Replaced all uses of memcpy() with memmove().
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3697. [bug] Handle "." as a search list element when IDN support
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is enabled. [RT #35133]
bac4435d473c9a0281507524f084480c34aa942aTinderbox User3696. [bug] dig failed to handle AXFR style IXFR responses which
71fa3534bfaf174f6a938dc1ba3522f66606c4e1Mark Andrews span multiple messages. [RT #35137]
e23761df2059ed612c8fb7cc248d93bb2c4f62dbTinderbox User3695. [bug] Address a possible race in dispatch.c. [RT #35107]
1921b850640ae984448e8b87870c8527fa9cddb6Evan Hunt3694. [bug] Warn when a key-directory is configured for a zone,
6715db6593ce9a271ac3131cd7a886feaa386a2eEvan Hunt but does not exist or is not a directory. [RT #35108]
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User3693. [security] memcpy was incorrectly called with overlapping
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews ranges resulting in malformed names being generated
02b3e44a996e9753d86306b6a1b6b579a73787fcTinderbox User on some platforms. This could cause INSIST failures
ecbc7ebb243a1f8a5dc6f28185ffe9e61d3b2102Mark Andrews when serving NSEC3 signed zones (CVE-2014-0591).
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews3692. [bug] Two calls to dns_db_getoriginnode were fatal if there
1a63fb1d1448ed3f8fd7227ae57be67c2e71279eMark Andrews was no data at the node. [RT #35080]
28a5dd720187fddb16055a0f64b63a7b66f29f64Mark Andrews3691. [contrib] Address null pointer dereference in LDAP and
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater MySQL DLZ modules.
4aec4843241dca64de7eb6363944df0b09cb83ecTinderbox User3690. [bug] Iterative responses could be missed when the source
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User port for an upstream query was the same as the
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater listener port (53). [RT #34925]
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater3689. [bug] Fixed a bug causing an insecure delegation from one
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews static-stub zone to another to fail with a broken
1921b850640ae984448e8b87870c8527fa9cddb6Evan Hunt trust chain. [RT #35081]
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews3688. [bug] loadnode could return a freed node on out of memory.
c74518d655c1c563060f49569dce71e4a00f5f4eTinderbox User3687. [bug] Address null pointer dereference in zone_xfrdone.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3686. [func] "dnssec-signzone -Q" drops signatures from keys
ecbc7ebb243a1f8a5dc6f28185ffe9e61d3b2102Mark Andrews that are still published but no longer active.
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User3685. [bug] "rndc refresh" didn't work correctly with slave
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater zones using inline-signing. [RT #35105]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3684. [bug] The list of included files would grow on reload.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3683. [cleanup] Add a more detailed "not found" message to rndc
713a5e3080f112b3efde9235e9c92035056ff966Automatic Updater commands which specify a zone name. [RT #35059]
bac4435d473c9a0281507524f084480c34aa942aTinderbox User3682. [bug] Correct the behavior of rndc retransfer to allow
51374c645c0e6dd77c369c13834c751785f96f14Tinderbox User inline-signing slave zones to retain NSEC3 parameters
f0c5e918974bf778af6cd1e25309ad13e30a79a6Tinderbox User instead of reverting to NSEC. [RT #34745]
cb40461f8744c5aeb369b84d5f48395a13a221a0Mark Andrews3681. [port] Update the Windows build system to support feature
f8b9948a4116226ac41b5509cca152849006c66cAutomatic Updater selection and WIN64 builds. This is a work in
8add7cdaa81ec881fe17df02ed8833722dc9e690Tinderbox User progress. [RT #34160]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3680. [bug] Ensure buffer space is available in "rndc zonestatus".
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater3679. [bug] dig could fail to clean up TCP sockets still
099b86fb8136a7dff81df85cf395978c16eb254cAutomatic Updater waiting on connect(). [RT #35074]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont3678. [port] Update config.guess and config.sub. [RT #35060]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3677. [bug] 'nsupdate' leaked memory if 'realm' was used multiple
572cb2c1c931f6bc6a4a019c103ae88239b0eb96Automatic Updater times. [RT #35073]
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater3676. [bug] "named-checkconf -z" now checks zones of type
c2abd6efeb9affa70aabb63da2acb23e135cf7f2Mark Andrews hint and redirect as well as master. [RT #35046]
28e0061dbcc2ae45d34541267a00d8b4de5b4a41Tinderbox User3675. [misc] Provide a place for third parties to add version
950d203b64f512b85fcc093ee1e9e3e531a1aea3Tinderbox User information for their extensions in the version
27c3c21f41520e8d6336d80a8094389e321cb6d2Mark Andrews file by setting the EXTENSIONS variable.
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews --- 9.10.0a1 released ---
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3674. [bug] RPZ zeroed ttls if the query type was '*'. [RT #35026]
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User3673. [func] New "in-view" zone option allows direct sharing
d6487e3c0a981bd8ac1e155d3a2d590c078d6c85Tinderbox User of zones between views. [RT #32968]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3672. [func] Local address can now be specified when using
3e9c07abfd4ad76b1f8085f0f96f5646f2d9e219Tinderbox User dns_client API. [RT #34811]
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews3671. [bug] Don't allow dnssec-importkey overwrite a existing
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater non-imported private key.
4aec4843241dca64de7eb6363944df0b09cb83ecTinderbox User3670. [bug] Address read after free in server side of
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews lwres_getrrsetbyname. [RT #29075]
fe600c3ad88c0bb078283a953d048087d227c0e5Tinderbox User3669. [port] freebsd: --with-gssapi needs -lhx509. [RT #35001]
c78c39caab4cf8b5daefc9c65878f7f5ed3eb7a0Tinderbox User3668. [bug] Fix cast in lex.c which could see 0xff treated as eof.
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews3667. [test] dig: add support to keep the TCP socket open between
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews successive queries (+[no]keepopen). [RT #34918]
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User3666. [func] Add a tool, named-rrchecker, for checking the syntax
d2f313886122eeb989e5c58cd9a70373222210c4Tinderbox User of individual resource records. This tool is intended
0197efed438a96881ebd8d165f8479a89f1ba62fTinderbox User to be called by provisioning systems so that the front
a450977e98155f6e828fe6f8d52cf24674231831Mark Andrews end does not need to be upgraded to support new DNS
0197efed438a96881ebd8d165f8479a89f1ba62fTinderbox User record types. [RT #34778]
5a6d22a5b3b014f6dd0b36999864bd2c3e0d8465Mark Andrews3665. [bug] Failure to release lock on error in receive_secure_db.
ecbc7ebb243a1f8a5dc6f28185ffe9e61d3b2102Mark Andrews3664. [bug] Updated OpenSSL PKCS#11 patches to fix active list
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews locking and other bugs. [RT #34855]
d6487e3c0a981bd8ac1e155d3a2d590c078d6c85Tinderbox User3663. [bug] Address bugs in dns_rdata_fromstruct and
5a6d22a5b3b014f6dd0b36999864bd2c3e0d8465Mark Andrews dns_rdata_tostruct for WKS and ISDN types. [RT #34910]
bcb68be0a8f3c3eca58d6a6a869267e5c1841de2Francis Dupont3662. [bug] 'host' could die if a UDP query timed out. [RT #34870]
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User3661. [bug] Address lock order reversal deadlock with inline zones.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3660. [cleanup] Changed the name of "isc-config.sh" to "bind9-config".
ecbc7ebb243a1f8a5dc6f28185ffe9e61d3b2102Mark Andrews3659. [port] solaris: don't add explicit dependencies/rules for
c505effec1da6664c37f0e4dbfc1c4f6b0e73367Tinderbox User python programs as make won't use the implicit rules.
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3658. [port] linux: Address platform specific compilation issue
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater when libcap-devel is installed. [RT #34838]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3657. [port] Some readline clones don't accept NULL pointers when
66458d12f373fb75e8543d36fd76864a7567057bTinderbox User calling add_history. [RT #34842]
00ce5d1add91ba5664de4da3cda8c3a5017ba6a7Tinderbox User3656. [security] Treat an all zero netmask as invalid when generating
e5a6871cd0635ecdb2bf792316a2d8c53206f4b2Tinderbox User the localnets acl. (The prior behavior could
00ce5d1add91ba5664de4da3cda8c3a5017ba6a7Tinderbox User allow unexpected matches when using some versions
e5a6871cd0635ecdb2bf792316a2d8c53206f4b2Tinderbox User of Winsock: CVE-2013-6320.) [RT #34687]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3655. [cleanup] Simplify TCP message processing when requesting a
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User zone transfer. [RT #34825]
8f1a00cf8b3d9dc8d419a797b7ff4fb6ddba428eTinderbox User3654. [bug] Address race condition with manual notify requests.
e5a6871cd0635ecdb2bf792316a2d8c53206f4b2Tinderbox User3653. [func] Create delegations for all "children" of empty zones
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User except "forward first". [RT #34826]
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3652. [bug] Address bug with rpz-drop policy. [RT #34816]
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3651. [tuning] Adjust when a master server is deemed unreachable.
a61158fed2e0281a40e3e97e0b7c3f9789a07b4eTinderbox User3650. [tuning] Use separate rate limiting queues for refresh and
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User notify requests. [RT #30589]
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3649. [cleanup] Include a comment in .nzf files, giving the name of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the associated view. [RT #34765]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3648. [test] Updated the ATF test framework to version 0.17.
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3647. [bug] Address a race condition when shutting down a zone.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3646. [bug] Journal filename string could be set incorrectly,
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User causing garbage in log messages. [RT #34738]
4aec4843241dca64de7eb6363944df0b09cb83ecTinderbox User3645. [protocol] Use case sensitive compression when responding to
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater queries. [RT #34737]
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews3644. [protocol] Check that EDNS subnet client options are well formed.
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3643. [doc] Clarify RRL "slip" documentation.
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3642. [func] Allow externally generated DNSKEY to be imported
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews into the DNSKEY management framework. A new tool
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User dnssec-importkey is used to do this. [RT #34698]
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3641. [bug] Handle changes to sig-validity-interval settings
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater better. [RT #34625]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3640. [bug] ndots was not being checked when searching. Only
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User continue searching on NXDOMAIN responses. Add the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater ability to specify ndots to nslookup. [RT #34711]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3639. [bug] Treat type 65533 (KEYDATA) as opaque except when used
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User in a key zone. [RT #34238]
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3638. [cleanup] Add the ability to handle ENOPROTOOPT in case it is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater encountered. [RT #34668]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3637. [bug] 'allow-query-on' was checking the source address
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User rather than the destination address. [RT #34590]
e5a6871cd0635ecdb2bf792316a2d8c53206f4b2Tinderbox User3636. [bug] Automatic empty zones now behave better with
e5a6871cd0635ecdb2bf792316a2d8c53206f4b2Tinderbox User forward only "zones" beneath them. [RT #34583]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3635. [bug] Signatures were not being removed from a zone with
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User only KSK keys for a algorithm. [RT #34439]
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3634. [func] Report build-id in rndc status. Report build-id
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater when building from a git repository. [RT #20422]
1b670d35282f1b9352692ad212be3c0aa97b0689Automatic Updater3633. [cleanup] Refactor OPT processing in named to make it easier
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User to support new EDNS options. [RT #34414]
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3632. [bug] Signature from newly inactive keys were not being
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater removed. [RT #32178]
316cd2460aa66e157f72890974ca5c21d65e70e6Tinderbox User3631. [bug] Remove spurious warning about missing signatures when
ecbc7ebb243a1f8a5dc6f28185ffe9e61d3b2102Mark Andrews qtype is SIG. [RT #34600]
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3630. [bug] Ensure correct ID computation for MD5 keys. [RT #33033]
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3629. [func] Allow the printing of cryptographic fields in DNSSEC
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater records by dig to be suppressed (dig +nocrypto).
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3628. [func] Report DNSKEY key id's when dumping the cache.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3627. [bug] RPZ changes were not effective on slaves. [RT #34450]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3626. [func] dig: NSID output now easier to read. [RT #21160]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3625. [bug] Don't send notify messages to machines outside of the
36c0c1405d4dd31afaf614668f4512e69637e159Tinderbox User3624. [bug] Look for 'json_object_new_int64' when looking for a
36c0c1405d4dd31afaf614668f4512e69637e159Tinderbox User the json library. [RT #34449]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3623. [placeholder]
6ee455a915d0e5cab50865da23152efe59ea1decTinderbox User3622. [tuning] Eliminate an unnecessary lock when incrementing
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User cache statistics. [RT #34339]
e5a6871cd0635ecdb2bf792316a2d8c53206f4b2Tinderbox User3621. [security] Incorrect bounds checking on private type 'keydata'
e5a6871cd0635ecdb2bf792316a2d8c53206f4b2Tinderbox User can lead to a remotely triggerable REQUIRE failure
0a2ff769ecd0b5a6bda54b62bc1ec5fa6fd198a0Tinderbox User (CVE-2013-4854). [RT #34238]
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3620. [func] Added "rpz-client-ip" policy triggers, enabling
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater RPZ responses to be configured on the basis of
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User the client IP address; this can be used, for
79b627f399ce925988bb326315e6742d5316cb6bTinderbox User example, to blacklist misbehaving recursive
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User or stub resolvers. [RT #33605]
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3619. [bug] Fixed a bug in RPZ with "recursive-only no;"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3618. [func] "rndc reload" now checks modification times of
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User include files as well as master files to determine
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater whether to skip reloading a zone. [RT #33936]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3617. [bug] Named was failing to answer queries during
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User "rndc reload" [RT #34098]
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3616. [bug] Change #3613 was incomplete. [RT #34177]
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3615. [cleanup] "configure" now finishes by printing a summary
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of optional BIND features and whether they are
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User active or inactive. ("configure --enable-full-report"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater increases the verbosity of the summary.) [RT #31777]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3614. [port] Check for <linux/types.h>. [RT #34162]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3613. [bug] named could crash when deleting inline-signing
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User zones with "rndc delzone". [RT #34066]
f525041ae26958385b697cf82a30f108577024b6Tinderbox User3612. [port] Check whether to use -ljson or -ljson-c. [RT #34115]
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User3611. [bug] Improved resistance to a theoretical authentication
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater attack based on differential timing. [RT #33939]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3610. [cleanup] win32: Some executables had been omitted from the
a05244bb01d5a5f71b2ac9abe1601589cde79570Tinderbox User installer. [RT #34116]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3609. [bug] Corrected a possible deadlock in applications using
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the export version of the isc_app API. [RT #33967]
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews3608. [port] win32: added todos.pl script to ensure all text files
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User the win32 build depends on are converted to DOS
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater newline format. [RT #22067]
af60449fe472b8bea5ad04bf538c777c6b151112Tinderbox User3607. [bug] dnssec-keygen had broken 'Invalid keyfile' error
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User message. [RT #34045]
a9d14bf051644716b5db9209c453d2c5eb83f174Tinderbox User3606. [func] "rndc flushtree" now flushes matching
5a23eb8cb48cee59999acc9af33f643dbcd76feaTinderbox User records in the address database and bad cache
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews as well as the DNS cache. (Previously only the
a450977e98155f6e828fe6f8d52cf24674231831Mark Andrews DNS cache was flushed.) [RT #33970]
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews3605. [port] win32: Addressed several compatibility issues
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater with newer versions of Visual Studio. [RT #33916]
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews3604. [bug] Fixed a compile-time error when building with
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater JSON but not XML. [RT #33959]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User3603. [bug] Install <isc/stat.h>. [RT #33956]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3602. [contrib] Added DLZ Perl module, allowing Perl scripts to
114f7780384371121918624ae2c80ecfce545683Tinderbox User integrate with named and serve DNS data.
33d1cff1dd63494ffa00fac695a793f00c4ebf0bTinderbox User (Contributed by John Eaglesham of Yahoo.)
169f44b082b340b952e26c0fdb930c102a957752Mark Andrews3601. [bug] Added to PKCS#11 openssl patches a value len
8f1a00cf8b3d9dc8d419a797b7ff4fb6ddba428eTinderbox User attribute in DH derive key. [RT #33928]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3600. [cleanup] dig: Fixed a typo in the warning output when receiving
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User an oversized response. [RT #33910]
169f44b082b340b952e26c0fdb930c102a957752Mark Andrews3599. [tuning] Check for pointer equivalence in name comparisons.
e64202536ea72d8f371dd0df9fc763f8d70bf886Tinderbox User3598. [cleanup] Improved portability of map file code. [RT #33820]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont3597. [bug] Ensure automatic-resigning heaps are reconstructed
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User when loading zones in map format. [RT #33381]
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User3596. [port] Updated win32 build documentation, added
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User dnssec-verify. [RT #22067]
36c0c1405d4dd31afaf614668f4512e69637e159Tinderbox User3595. [port] win32: Fix build problems introduced by change #3550.
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User3594. [maint] Update config.guess and config.sub. [RT #33816]
ecbc7ebb243a1f8a5dc6f28185ffe9e61d3b2102Mark Andrews3593. [func] Update EDNS processing to better track remote server
19ad308d84cbf446a144e5a91f2032389a9d65c1Tinderbox User capabilities. [RT #30655]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3592. [doc] Moved documentation of rndc command options to the
42c81cf2de732ec6d00e73fc755a399ca037e543Mark Andrews rndc man page. [RT #33506]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3591. [func] Use CRC-64 to detect map file corruption at load
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User time. [RT #33746]
1921b850640ae984448e8b87870c8527fa9cddb6Evan Hunt3590. [bug] When using RRL on recursive servers, defer
1921b850640ae984448e8b87870c8527fa9cddb6Evan Hunt rate-limiting until after recursion is complete;
1921b850640ae984448e8b87870c8527fa9cddb6Evan Hunt also, use correct rcode for slipped NXDOMAIN
1921b850640ae984448e8b87870c8527fa9cddb6Evan Hunt responses. [RT #33604]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3589. [func] Report serial numbers in when starting zone transfers.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater Report accepted NOTIFY requests including serial.
71fc4775d04aea66809e3eb5b5159c55413bdc5cMark Andrews3588. [bug] dig: addressed a memory leak in the sigchase code
71fc4775d04aea66809e3eb5b5159c55413bdc5cMark Andrews that could cause a shutdown crash. [RT #33733]
7d704e522860496310bb29c28e76064868401a9cMark Andrews3587. [func] 'named -g' now checks the logging configuration but
7d704e522860496310bb29c28e76064868401a9cMark Andrews does not use it. [RT #33473]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3586. [bug] Handle errors in xmlDocDumpFormatMemoryEnc. [RT #33706]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3585. [func] "rndc delzone -clean" option removes zone files
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater when deleting a zone. [RT #33570]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3584. [security] Caching data from an incompletely signed zone could
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater trigger an assertion failure in resolver.c
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater (CVE-2013-3919). [RT #33690]
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater3583. [bug] Address memory leak in GSS-API processing [RT #33574]
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater3582. [bug] Silence false positive warning regarding missing file
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater directive for inline slave zones. [RT #33662]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3581. [bug] Changed the tcp-listen-queue default to 10. [RT #33029]
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User3580. [bug] Addressed a possible race in acache.c [RT #33602]
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User3579. [maint] Updates to PKCS#11 openssl patches, supporting
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater versions 0.9.8y, 1.0.0k, 1.0.1e [RT #33463]
da24e725ff982595d74da7e75e9fbd6a696367ccAutomatic Updater3578. [bug] 'rndc -c file' now fails if 'file' does not exist.
28e0061dbcc2ae45d34541267a00d8b4de5b4a41Tinderbox User3577. [bug] Handle zero TTL values better. [RT #33411]
27c3c21f41520e8d6336d80a8094389e321cb6d2Mark Andrews3576. [bug] Address a shutdown race when validating. [RT #33573]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater3575. [func] Changed the logging category for RRL events from
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews 'queries' to 'query-errors'. [RT #33540]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3574. [doc] The 'hostname' keyword was missing from server-id
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews description in the named.conf man page. [RT #33476]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3573. [bug] "rndc addzone" and "rndc delzone" incorrectly handled
d2f313886122eeb989e5c58cd9a70373222210c4Tinderbox User zone names containing punctuation marks and other
5e82fe9a56d17bfbd120817d00d28c5952ab4ddcTinderbox User nonstandard characters. [RT #33419]
5e82fe9a56d17bfbd120817d00d28c5952ab4ddcTinderbox User3572. [func] Threads are now enabled by default on most
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews operating systems. [RT #25483]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3571. [bug] Address race condition in dns_client_startresolve().
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User3570. [bug] Check internal pointers are valid when loading map
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater files. [RT #33403]
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User3569. [contrib] Ported mysql DLZ driver to dynamically-loadable
76fbdc591b3d46df28878a6ff844798622b85265Tinderbox User module, and added multithread support. [RT #33394]
da59e63e7af147a8bcef985b98b04443e04c3a0eTinderbox User3568. [cleanup] Add a product description line to the version file,
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User to be reported by named -v/-V. [RT #33366]
6ee455a915d0e5cab50865da23152efe59ea1decTinderbox User3567. [bug] Silence clang static analyzer warnings. [RT #33365]
4c9f230f7ca5b2b08ea8fd7a6944135801dbe152Tinderbox User3566. [func] Log when forwarding updates to master. [RT #33240]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater3565. [placeholder]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater3564. [bug] Improved handling of corrupted map files. [RT #33380]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater3563. [contrib] zone2sqlite failed with some table names. [RT #33375]
8f1a00cf8b3d9dc8d419a797b7ff4fb6ddba428eTinderbox User3562. [func] Update map file header format to include a SHA-1 hash
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater of the database content, so that corrupted map files
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt can be rejected at load time. [RT #32459]
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt3561. [bug] dig: issue a warning if an EDNS query returns FORMERR
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User or NOTIMP. Adjust usage message. [RT #33363]
a8677ecad546c955406b341eb8344ed06768b11eTinderbox User3560. [bug] isc-config.sh did not honor includedir and libdir
a8677ecad546c955406b341eb8344ed06768b11eTinderbox User when set via configure. [RT #33345]
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt3559. [func] Check that both forms of Sender Policy Framework
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User records exist or do not exist. [RT #33355]
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews3558. [bug] IXFR of a DLZ stored zone was broken. [RT #33331]
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt3557. [bug] Reloading redirect zones was broken. [RT #33292]
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User3556. [maint] Added AAAA for D.ROOT-SERVERS.NET.
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews3555. [bug] Address theoretical race conditions in acache.c
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews (change #3553 was incomplete). [RT #33252]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User3554. [bug] RRL failed to correctly rate-limit upward
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User referrals and failed to count dropped error
603cf17f33da24d460616389ec40d6f2a6e110a0Automatic Updater responses in the statistics. [RT #33225]
e64202536ea72d8f371dd0df9fc763f8d70bf886Tinderbox User3553. [bug] Address suspected double free in acache. [RT #33252]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater3552. [bug] Wrong getopt option string for 'nsupdate -r'.
6d114a4c5cddb176ae5199eee154c0273d652ba4Tinderbox User3551. [bug] resolver.querydscp[46] were uninitialized. [RT #32686]
4aec4843241dca64de7eb6363944df0b09cb83ecTinderbox User3550. [func] Unified the internal and export versions of the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater BIND libraries, allowing external clients to use
7711228a135a2fe85765ba13a67b8e397ed73489Mark Andrews the same libraries as BIND. [RT #33131]
9692d283bb43c9eab49a7fadfc1b74a6e20e6151Tinderbox User3549. [doc] Documentation for "request-nsid" was missing.
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont3548. [bug] The NSID request code in resolver.c was broken
be0d1ec971748020cb0382e02b4642b493ea1e7bTinderbox User resulting in invalid EDNS options being sent.
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews3547. [bug] Some malformed unknown rdata records were not properly
6d114a4c5cddb176ae5199eee154c0273d652ba4Tinderbox User detected and rejected. [RT #33129]
5a6d22a5b3b014f6dd0b36999864bd2c3e0d8465Mark Andrews3546. [func] Add EUI48 and EUI64 types. [RT #33082]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User3545. [bug] RRL slip behavior was incorrect when set to 1.
365bb6f27eace1836cb5bc6b5f9ed8c88fe22e4aTinderbox User3544. [contrib] check5011.pl: Script to report the status of
27739dd25026283c24645c8a1044b95ef9eb5ac6Tinderbox User managed keys as recorded in managed-keys.bind.
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User Contributed by Tony Finch <dot@dotat.at>
e64202536ea72d8f371dd0df9fc763f8d70bf886Tinderbox User3543. [bug] Update socket structure before attaching to socket
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater manager after accept. [RT #33084]
be0d1ec971748020cb0382e02b4642b493ea1e7bTinderbox User3542. [placeholder]
71fa3534bfaf174f6a938dc1ba3522f66606c4e1Mark Andrews3541. [bug] Parts of libdns were not properly initialized when
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater built in libexport mode. [RT #33028]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3540. [test] libt_api: t_info and t_assert were not thread safe.
9692d283bb43c9eab49a7fadfc1b74a6e20e6151Tinderbox User3539. [port] win32: timestamp format didn't match other platforms.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater3538. [test] Running "make test" now requires loopback interfaces
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater to be set up. [RT #32452]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3537. [tuning] Slave zones, when updated, now send NOTIFY messages
6d114a4c5cddb176ae5199eee154c0273d652ba4Tinderbox User to peers before being dumped to disk rather than
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater after. [RT #27242]
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews3536. [func] Add support for setting Differentiated Services Code
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews Point (DSCP) values in named. Most configuration
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater options which take a "port" option (e.g.,
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews listen-on, forwarders, also-notify, masters,
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews notify-source, etc) can now also take a "dscp"
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews option specifying a code point for use with
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater outgoing traffic, if supported by the underlying
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater OS. [RT #27596]
8b8e37f252b0411e00a0a2775d570562aedce439Tinderbox User3535. [bug] Minor win32 cleanups. [RT #32962]
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews3534. [bug] Extra text after an embedded NULL was ignored when
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater parsing zone files. [RT #32699]
2ba8f584b97cbab864570e38fd26b8cb90961428Tinderbox User3533. [contrib] query-loc-0.4.0: memory leaks. [RT #32960]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3532. [contrib] zkt: fixed buffer overrun, resource leaks. [RT #32960]
ba8b771c371967dd1254c7fa82ebe4158ee04b24Tinderbox User3531. [bug] win32: A uninitialized value could be returned on out
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews of memory. [RT #32960]
098097efb95046a4a5285b6dae95dea3e3b70853Automatic Updater3530. [contrib] Better RTT tracking in queryperf. [RT #30128]
2964b1f272bab3e7ed3fbb4a0811da5e93646d34Tinderbox User3529. [func] Named now listens on both IPv4 and IPv6 interfaces
78bc8fdc2488c92d7228e8de19827e2c114c56caAutomatic Updater by default. Named previously only listened on IPv4
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater interfaces by default unless named was running in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater IPv6 only mode. [RT #32945]
0d13a9584b9f97693ab22d54322f1c484d578701Mark Andrews3528. [func] New "dnssec-coverage" command scans the timing
fe600c3ad88c0bb078283a953d048087d227c0e5Tinderbox User metadata for a set of DNSSEC keys and reports if a
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater lapse in signing coverage has been scheduled
0d13a9584b9f97693ab22d54322f1c484d578701Mark Andrews inadvertently. (Note: This tool depends on python;
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User it will not be built or installed on systems that
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater do not have a python interpreter.) [RT #28098]
1fff4d36fb18ccdca15acb0bae20c2aa8e833ceeTinderbox User3527. [compat] Add a URI to allow applications to explicitly
11b6b0d74bb8dd6bd1ce0b60ba7f9b66323f06d4Tinderbox User request a particular XML schema from the statistics
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater channel, returning 404 if not supported. [RT #32481]
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews3526. [cleanup] Set up dependencies for unit tests correctly during
e705db6d5d886dc14f4a75a2046a075c0750e7eeAutomatic Updater build. [RT #32803]
a8677ecad546c955406b341eb8344ed06768b11eTinderbox User3525. [func] Support for additional signing algorithms in rndc:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater hmac-sha1, -sha224, -sha256, -sha384, and -sha512.
5a6d22a5b3b014f6dd0b36999864bd2c3e0d8465Mark Andrews The -A option to rndc-confgen can be used to
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater select the algorithm for the generated key.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews (The default is still hmac-md5; this may
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews change in a future release.) [RT #20363]
37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox User3524. [func] Added an alternate statistics channel in JSON format,
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User when the server is built with the json-c library:
04bc14c887243e624469fdbd336c1d3cb8ed7cc7Tinderbox User http://[address]:[port]/json. [RT #32630]
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews3523. [contrib] Ported filesystem and ldap DLZ drivers to
fedd407a76adfdd745eb7d2461673693c6f9fea9Mark Andrews dynamically-loadable modules, and added the
1921b850640ae984448e8b87870c8527fa9cddb6Evan Hunt "wildcard" module based on a contribution from
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User Vadim Goncharov <vgoncharov@nic.ru>. [RT #23569]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews3522. [bug] DLZ lookups could fail to return SERVFAIL when
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews they ought to. [RT #32685]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3521. [bug] Address memory leak in opensslecdsa_link.c. [RT #32249]
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User3520. [bug] 'mctx' was not being referenced counted in some places
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt where it should have been. [RT #32794]
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt3519. [func] Full replay protection via four-way handshake is
a8677ecad546c955406b341eb8344ed06768b11eTinderbox User now mandatory for rndc clients. Very old versions
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User of rndc will no longer work. [RT #32798]
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt3518. [bug] Increase the size of dns_rrl_key.s.rtype by one bit
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt so that all dns_rrl_rtype_t enum values fit regardless
77932ac533c711eca5cd86de4e7eca8d91102b43Tinderbox User of whether it is teated as signed or unsigned by
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater the compiler. [RT #32792]
2bb3422dc683c013db7042f5736240de6b86f182Automatic Updater3517. [bug] Reorder destruction to avoid shutdown race. [RT #32777]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3516. [placeholder]
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User3515. [port] '%T' is not portable in strftime(). [RT #32763]
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User3514. [bug] The ranges for valid key sizes in ddns-confgen and
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User rndc-confgen were too constrained. Keys up to 512
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User bits are now allowed for most algorithms, and up
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User to 1024 bits for hmac-sha384 and hmac-sha512.
2964b1f272bab3e7ed3fbb4a0811da5e93646d34Tinderbox User3513. [func] "dig -u" prints times in microseconds rather than
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater milliseconds. [RT #32704]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3512. [func] "rndc validation check" reports the current status
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User of DNSSEC validation. [RT #21397]
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User3511. [doc] Improve documentation of redirect zones. [RT #32756]
137fdbc214e99c4cbe57551e9e14f2015c2e42aeTinderbox User3510. [func] "rndc status" and XML statistics channel now report
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater server start and reconfiguration times. [RT #21048]
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User3509. [cleanup] Added a product line to version file to allow for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater easy naming of different products (BIND
e64202536ea72d8f371dd0df9fc763f8d70bf886Tinderbox User vs BIND ESV, for example). [RT #32755]
4cde88fbf4c5e78a785d40f364cdcf60f3575f0cTinderbox User3508. [contrib] queryperf was incorrectly rejecting the -T option.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3507. [bug] Statistics channel XSL had a glitch when attempting
1ac49378a458420bc685293d12e567d7222d17b6Tinderbox User to chart query data before any queries had been
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont received. [RT #32620]
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews3506. [func] When setting "max-cache-size" and "max-acache-size",
681beefc668253b3e469a1de282fbc33a3752422Automatic Updater the keyword "unlimited" is no longer defined as equal
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User to 4 gigabytes (except on 32-bit platforms); it
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User means literally unlimited. [RT #32358]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3505. [bug] When setting "max-cache-size" and "max-acache-size",
0d13a9584b9f97693ab22d54322f1c484d578701Mark Andrews larger values than 4 gigabytes could not be set
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User explicitly, though larger sizes were available
b3386fba31414344f38f0c30849c056dceb22dceTinderbox User when setting cache size to 0. This has been
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User corrected; the full range is now available.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3504. [func] Add support for ACLs based on geographic location,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater using MaxMind GeoIP databases. Based on code
4cde88fbf4c5e78a785d40f364cdcf60f3575f0cTinderbox User contributed by Ken Brownfield <kb@slide.com>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3503. [doc] Clarify size_spec syntax. [RT #32449]
9e898948ed76bf5f175bf178866c90c449843c3eTinderbox User3502. [func] zone-statistics: "no" is now a synonym for "none",
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User instead of "terse". [RT #29165]
33d1cff1dd63494ffa00fac695a793f00c4ebf0bTinderbox User3501. [func] zone-statistics now takes three options: full,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater terse, and none. "yes" and "no" are retained as
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User synonyms for full and terse, respectively. [RT #29165]
5a6d22a5b3b014f6dd0b36999864bd2c3e0d8465Mark Andrews3500. [security] Support NAPTR regular expression validation on
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater all platforms without using libregex, which
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User can be vulnerable to memory exhaustion attack
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User (CVE-2013-2266). [RT #32688]
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews3499. [doc] Corrected ARM documentation of built-in zones.
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User3498. [bug] zone statistics for zones which matched a potential
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews empty zone could have their zone-statistics setting
77932ac533c711eca5cd86de4e7eca8d91102b43Tinderbox User3497. [func] When deleting a slave/stub zone using 'rndc delzone'
ca5ba35827e475a824ec79d489dbcdb3341a35ccTinderbox User report the files that were being used so they can
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews be cleaned up if desired. [RT #27899]
ca5ba35827e475a824ec79d489dbcdb3341a35ccTinderbox User3496. [placeholder]
e08cdffb3ae4ad409f37e3e5a218fe4b7e0e3904Tinderbox User3495. [func] Support multiple response-policy zones (up to 32),
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews while improving RPZ performance. "response-policy"
9e295ad801d5c986eb6c7745637b5dc0efb28711Tinderbox User syntax now includes a "min-ns-dots" clause, with
9692d283bb43c9eab49a7fadfc1b74a6e20e6151Tinderbox User default 1, to exclude top-level domains from
5ee9f7f23852d92772c08ca6e4b46c549beaf660Mark Andrews NSIP and NSDNAME checking. --enable-rpz-nsip and
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User --enable-rpz-nsdname are now the default. [RT #32251]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3494. [func] DNS RRL: Blunt the impact of DNS reflection and
b6e12209e3e7df826f5f8f949ad400ec6d1f6371Tinderbox User amplification attacks by rate-limiting substantially-
e08cdffb3ae4ad409f37e3e5a218fe4b7e0e3904Tinderbox User identical responses. [RT #28130]
fe600c3ad88c0bb078283a953d048087d227c0e5Tinderbox User3493. [contrib] Added BDBHPT dynamically-loadable DLZ module,
0d13a9584b9f97693ab22d54322f1c484d578701Mark Andrews contributed by Mark Goldfinch. [RT #32549]
316cd2460aa66e157f72890974ca5c21d65e70e6Tinderbox User3492. [bug] Fixed a regression in zone loading performance
646fed0d28be4387e3e32fb0f5732a1f58b572baTinderbox User due to lock contention. [RT #30399]
f0c5e918974bf778af6cd1e25309ad13e30a79a6Tinderbox User3491. [bug] Slave zones using inline-signing must specify a
5a6d22a5b3b014f6dd0b36999864bd2c3e0d8465Mark Andrews file name. [RT #31946]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont3490. [bug] When logging RDATA during update, truncate if it's
049728912c39135db248f9b48f8f26675f456e9dTinderbox User too long. [RT #32365]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3489. [bug] --enable-developer now turns on ISC_LIST_CHECKINIT.
5ee9f7f23852d92772c08ca6e4b46c549beaf660Mark Andrews dns_dlzcreate() failed to properly initialize
4aec4843241dca64de7eb6363944df0b09cb83ecTinderbox User dlzdb.link. When cloning a rdataset do not copy
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont the link contents. [RT #32651]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews3488. [bug] Use after free error with DH generated keys. [RT #32649]
af60449fe472b8bea5ad04bf538c777c6b151112Tinderbox User3487. [bug] Change 3444 was not complete. There was a additional
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User place where the NOQNAME proof needed to be saved.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3486. [bug] named could crash when using TKEY-negotiated keys
4f538e852f20912e629338e911e46ce26de3e965Tinderbox User that had been deleted and then recreated. [RT #32506]
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User3485. [cleanup] Only compile openssl_gostlink.c if we support GOST.
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont3484. [bug] Some statistics were incorrectly rendered in XML.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3483. [placeholder]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3482. [func] dig +nssearch now prints name servers that don't
fae2925c4d1b45056302be96e5e334f3ad5809c5Tinderbox User have address records (missing AAAA or A, or the name
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater doesn't exist). [RT #29348]
c288e47fb7d4baa1ed887156b1c5e5db394d4f52Tinderbox User3481. [cleanup] Removed use of const const in atf.
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater3480. [bug] Silence logging noise when setting up zone
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statistics. [RT #32525]
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt3479. [bug] Address potential memory leaks in gssapi support
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt code. [RT #32405]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3478. [port] Fix a build failure in strict C99 environments
39ae0eafed076ef769fef5c18b22a8051df5c93aTinderbox User3477. [func] Expand logging when adding records via DDNS update
ce0fd07045292942bfa3e755d9ce596941528a63Automatic Updater3476. [bug] "rndc zonestatus" could report a spurious "not
bac4435d473c9a0281507524f084480c34aa942aTinderbox User found" error on inline-signing zones. [RT #29226]
6ee455a915d0e5cab50865da23152efe59ea1decTinderbox User3475. [cleanup] Changed name of 'map' zone file format (previously
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater 'fast'). [RT #32458]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3474. [bug] nsupdate could assert when the local and remote
d2f313886122eeb989e5c58cd9a70373222210c4Tinderbox User address families didn't match. [RT #22897]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater3473. [bug] dnssec-signzone/verify could incorrectly report
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews an error condition due to an empty node above an
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User opt-out delegation lacking an NSEC3. [RT #32072]
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews3472. [bug] The active-connections counter in the socket
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews statistics could underflow. [RT #31747]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3471. [bug] The number of UDP dispatches now defaults to
4f538e852f20912e629338e911e46ce26de3e965Tinderbox User the number of CPUs even if -n has been set to
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews a higher value. [RT #30964]
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User3470. [bug] Slave zones could fail to dump when successfully
1bf507ca635310b340aea42d6c3e567819974a99Tinderbox User refreshing after an initial failure. [RT #31276]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3469. [bug] Handle DLZ lookup failures more gracefully. Improve
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater backward compatibility between versions of DLZ dlopen
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater API. [RT #32275]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3468. [security] RPZ rules to generate A records (but not AAAA records)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater could trigger an assertion failure when used in
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater conjunction with DNS64 (CVE-2012-5689). [RT #32141]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3467. [bug] Added checks in dnssec-keygen and dnssec-settime
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to check for delete date < inactive date. [RT #31719]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3466. [contrib] Corrected the DNS_CLIENTINFOMETHODS_VERSION check
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in DLZ example driver. [RT #32275]
0ead2ac0a4b59c3e4a731027f0f66fbe602b1289Tinderbox User3465. [bug] Handle isolated reserved ports. [RT #31778]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3464. [maint] Updates to PKCS#11 openssl patches, supporting
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater versions 0.9.8x, 1.0.0j, 1.0.1c [RT #29749]
4aec4843241dca64de7eb6363944df0b09cb83ecTinderbox User3463. [doc] Clarify managed-keys syntax in ARM. [RT #32232]
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt3462. [doc] Clarify server selection behavior of dig when using
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt -4 or -6 options. [RT #32181]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3461. [bug] Negative responses could incorrectly have AD=1
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater set. [RT #32237]
1bcc3273a80c256f11d9098a00ba2c041939e233Mark Andrews3460. [bug] Only link against readline where needed. [RT #29810]
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews3459. [func] Added -J option to named-checkzone/named-compilezone
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson to specify the path to the journal file. [RT #30958]
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews3458. [bug] Return FORMERR when presented with a overly long
d97783f18169fc9c5220a0b91fe53653efcd6b10Tinderbox User domain named in a request. [RT #29682]
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews3457. [protocol] Add ILNP records (NID, LP, L32, L64). [RT #31836]
cd6e9010079a4e58f7e30063df3dec0ff154ad59Tinderbox User3456. [port] g++47: ATF failed to compile. [RT #32012]
f520803b46dc189fdaf84adc87ef327d3587b435Mark Andrews3455. [contrib] queryperf: fix getopt option list. [RT #32338]
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews3454. [port] sparc64: improve atomic support. [RT #25182]
e705db6d5d886dc14f4a75a2046a075c0750e7eeAutomatic Updater3453. [bug] 'rndc addzone' of a zone with 'inline-signing yes;'
bac4435d473c9a0281507524f084480c34aa942aTinderbox User failed. [RT #31960]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3452. [bug] Accept duplicate singleton records. [RT #32329]
757ff043760e4743dda1a10e7d58349275934902Tinderbox User3451. [port] Increase per thread stack size from 64K to 1M.
d2f313886122eeb989e5c58cd9a70373222210c4Tinderbox User3450. [bug] Stop logfileconfig system test spam system logs.
bac4435d473c9a0281507524f084480c34aa942aTinderbox User3449. [bug] gen.c: use the pre-processor to construct format
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User strings so that compiler can perform sanity checks;
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User check the snprintf results. [RT #17576]
1bf507ca635310b340aea42d6c3e567819974a99Tinderbox User3448. [bug] The allow-query-on ACL was not processed correctly.
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User3447. [port] Add support for libxml2-2.9.x [RT #32231]
df3e5272b491e553904437a282a1fa0a1c2746e5Tinderbox User3446. [port] win32: Add source ID (see change #3400) to build.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3445. [bug] Warn about zone files with blank owner names
bcb68be0a8f3c3eca58d6a6a869267e5c1841de2Francis Dupont immediately after $ORIGIN directives. [RT #31848]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User3444. [bug] The NOQNAME proof was not being returned from cached
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User insecure responses. [RT #21409]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3443. [bug] ddns-confgen: Some TSIG algorithms were incorrectly
b779e1efb14f9616a35befd2b1cfc2578f1a4d70Tinderbox User rejected when generating keys. [RT #31927]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3442. [port] Net::DNS 0.69 introduced a non backwards compatible
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater change. [RT #32216]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3441. [maint] D.ROOT-SERVERS.NET is now 199.7.91.13.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3440. [bug] Reorder get_key_struct to not trigger a assertion when
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater cleaning up due to out of memory error. [RT #32131]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3439. [placeholder]
f0c5e918974bf778af6cd1e25309ad13e30a79a6Tinderbox User3438. [bug] Don't accept unknown data escape in quotes. [RT #32031]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialize
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater buffers with constant data. [RT #32064]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson3436. [bug] Check malloc/calloc return values. [RT #32088]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson3435. [bug] Cross compilation support in configure was broken.
f190095cae5e5a8734e0ff16055488d471569499Tinderbox User3434. [bug] Pass client info to the DLZ findzone() entry
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews point in addition to lookup(). This makes it
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater possible for a database to answer differently
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User whether it's authoritative for a name depending
0bb05fe2c2fa40c635ddc5fa38ff65e523b11d8eEvan Hunt on the address of the client. [RT #31775]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater3433. [bug] dlz_findzone() did not correctly handle
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User ISC_R_NOMORE. [RT #31172]
e213b38b48486b3a6349329655d9169085001fa0Tinderbox User3432. [func] Multiple DLZ databases can now be configured.
933799f3641f4f78445d015008bad0038900a82aTinderbox User DLZ databases are searched in the order configured,
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater unless set to "search no", in which case a
fca737c98d2be3ef944cc96320c040fdb5f160e3Tinderbox User zone can be configured to be retrieved from a
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater particular DLZ database by using a "dlz <name>"
1a63fb1d1448ed3f8fd7227ae57be67c2e71279eMark Andrews option in the zone statement. DLZ databases can
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater support type "master" and "redirect" zones.
933799f3641f4f78445d015008bad0038900a82aTinderbox User3431. [bug] ddns-confgen: Some valid key algorithms were
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater not accepted. [RT #31927]
933799f3641f4f78445d015008bad0038900a82aTinderbox User3430. [bug] win32: isc_time_formatISO8601 was missing the
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews 'T' between the date and time. [RT #32044]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews3429. [bug] dns_zone_getserial2 could a return success without
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews returning a valid serial. [RT #32007]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3428. [cleanup] dig: Add timezone to date output. [RT #2269]
a04588e781b513ae3b30e061ac98035802b5e8e8Mark Andrews3427. [bug] dig +trace incorrectly displayed name server
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User addresses instead of names. [RT #31641]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3426. [bug] dnssec-checkds: Clearer output when records are not
a04588e781b513ae3b30e061ac98035802b5e8e8Mark Andrews found. [RT #31968]
a900e4f99ff134b567b6df5ac2c841c7d0c551d3Automatic Updater3425. [bug] "acacheentry" reference counting was broken resulting
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User in use after free. [RT #31908]
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User3424. [func] dnssec-dsfromkey now emits the hash without spaces.
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User3423. [bug] "rndc signing -nsec3param" didn't accept the full
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont range of possible values. Address portability issues.
a900e4f99ff134b567b6df5ac2c841c7d0c551d3Automatic Updater3422. [bug] Added a clear error message for when the SOA does not
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater match the referral. [RT #31281]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3421. [bug] Named loops when re-signing if all keys are offline.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3420. [bug] Address VPATH compilation issues. [RT #31879]
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User3419. [bug] Memory leak on validation cancel. [RT #31869]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3418. [func] New XML schema (version 3.0) for the statistics channel
550d89df4dd30f214eedd18f399e280fd1b15953Evan Hunt adds query type statistics at the zone level, and
9563f388c8ca1bb9ebb04db54e122815b0008c8aTinderbox User flattens the XML tree and uses compressed format to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater optimize parsing. Includes new XSL that permits
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User charting via the Google Charts API on browsers that
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User support javascript in XSL. The old XML schema has been
77932ac533c711eca5cd86de4e7eca8d91102b43Tinderbox User deprecated. [RT #30023]
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User3417. [placeholder]
bcb68be0a8f3c3eca58d6a6a869267e5c1841de2Francis Dupont3416. [bug] Named could die on shutdown if running with 128 UDP
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews dispatches per interface. [RT #31743]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3415. [bug] named could die with a REQUIRE failure if a validation
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User was canceled. [RT #31804]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3414. [bug] Address locking issues found by Coverity. [RT #31626]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3413. [func] Record the number of DNS64 AAAA RRsets that have been
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews synthesized. [RT #27636]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3412. [bug] Copy timeval structure from control message data.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3411. [tuning] Use IPV6_USE_MIN_MTU or equivalent with TCP in addition
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews to UDP. [RT #31690]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3410. [bug] Addressed Coverity warnings. [RT #31626]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3409. [contrib] contrib/dane/mkdane.sh: Tool to generate TLSA RR's
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews from X.509 certificates, for use with DANE
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews (DNS-based Authentication of Named Entities).
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3408. [bug] Some DNSSEC-related options (update-check-ksk,
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews dnssec-loadkeys-interval, dnssec-dnskey-kskonly)
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews are now legal in slave zones as long as
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews inline-signing is in use. [RT #31078]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3407. [placeholder]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3406. [bug] mem.c: Fix compilation errors when building with
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews ISC_MEM_TRACKLINES or ISC_MEMPOOL_NAMES disabled.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Also, ISC_MEM_DEBUG is no longer optional. [RT #31559]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3405. [bug] Handle time going backwards in acache. [RT #31253]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3404. [bug] dnssec-signzone: When re-signing a zone, remove
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews RRSIG and NSEC records from nodes that used to be
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews in-zone but are now below a zone cut. [RT #31556]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3403. [bug] Silence noisy OpenSSL logging. [RT #31497]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3402. [test] The IPv6 interface numbers used for system
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews tests were incorrect on some platforms. [RT #25085]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3401. [bug] Addressed Coverity warnings. [RT #31484]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3400. [cleanup] "named -V" can now report a source ID string, defined
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews in the "srcid" file in the build tree and normally set
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews to the most recent git hash. [RT #31494]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3399. [port] netbsd: rename 'bool' parameter to avoid namespace
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews clash. [RT #31515]
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews3398. [bug] SOA parameters were not being updated with inline
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews signed zones if the zone was modified while the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater server was offline. [RT #29272]
e23256e740b238bddb4ba41ffac5f81a01c92245Automatic Updater3397. [bug] dig crashed when using +nssearch with +tcp. [RT #25298]
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User3396. [bug] OPT records were incorrectly removed from signed,
a04588e781b513ae3b30e061ac98035802b5e8e8Mark Andrews truncated responses. [RT #31439]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User3395. [protocol] Add RFC 6598 reverse zones to built in empty zones
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User list, 64.100.IN-ADDR.ARPA ... 127.100.IN-ADDR.ARPA.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3394. [bug] Adjust 'successfully validated after lower casing
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater signer' log level and category. [RT #31414]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User3393. [bug] 'host -C' could core dump if REFUSED was received.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3392. [func] Keep statistics on REFUSED responses. [RT #31412]
cd6e9010079a4e58f7e30063df3dec0ff154ad59Tinderbox User3391. [bug] A DNSKEY lookup that encountered a CNAME failed.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews3390. [bug] Silence clang compiler warnings. [RT #30417]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews3389. [bug] Always return NOERROR (not 0) in TSIG. [RT #31275]
f190095cae5e5a8734e0ff16055488d471569499Tinderbox User3388. [bug] Fixed several Coverity warnings.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews Note: This change includes a fix for a bug that
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews was subsequently determined to be an exploitable
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont security vulnerability, CVE-2012-5688: named could
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater die on specific queries with dns64 enabled.
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User3387. [func] DS digest can be disabled at runtime with
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User disable-ds-digests. [RT #21581]
22d32791e5daa0bc80335a0f10ab2de95f41ccdbTinderbox User3386. [bug] Address locking violation when generating new NSEC /
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont NSEC3 chains. [RT #31224]
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont3385. [bug] named-checkconf didn't detect missing master lists
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews in also-notify clauses. [RT #30810]
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt3384. [bug] Improved logging of crypto errors. [RT #30963]
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews3383. [security] A certain combination of records in the RBT could
f190095cae5e5a8734e0ff16055488d471569499Tinderbox User cause named to hang while populating the additional
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt section of a response. [RT #31090]
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt3382. [bug] SOA query from slave used use-v6-udp-ports range,
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt if set, regardless of the address family in use.
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt3381. [contrib] Update queryperf to support more RR types.
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt3380. [bug] named could die if a nonexistent master list was
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews referenced in a also-notify. [RT #31004]
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt3379. [bug] isc_interval_zero and isc_time_epoch should be
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt "const (type)* const". [RT #31069]
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt3378. [bug] Handle missing 'managed-keys-directory' better.
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt3377. [bug] Removed spurious newline from NSEC3 multiline
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt output. [RT #31044]
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt3376. [bug] Lack of EDNS support was being recorded without a
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews successful response. [RT #30811]
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt3375. [bug] 'rndc dumpdb' failed on empty caches. [RT #30808]
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt3374. [bug] isc_parse_uint32 failed to return a range error on
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt systems with 64 bit longs. [RT #30232]
f190095cae5e5a8734e0ff16055488d471569499Tinderbox User3373. [bug] win32: open raw files in binary mode. [RT #30944]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User3372. [bug] Silence spurious "deleted from unreachable cache"
713c3d5b18463f2479973e4d14f73248e60a5df7Mark Andrews messages. [RT #30501]
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User3371. [bug] AD=1 should behave like DO=1 when deciding whether to
37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox User add NS RRsets to the additional section or not.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3370. [bug] Address use after free while shutting down. [RT #30241]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3369. [bug] nsupdate terminated unexpectedly in interactive mode
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews if built with readline support. [RT #29550]
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User3368. [bug] <dns/iptable.h>, <dns/private.h> and <dns/zone.h>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews were not C++ safe.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3367. [bug] dns_dnsseckey_create() result was not being checked.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3366. [bug] Fixed Read-After-Write dependency violation for IA64
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews atomic operations. [RT #25181]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews3365. [bug] Removed spurious newlines from log messages in
bed0874e1a09e810575328c4bfc346a47514b69fMark Andrews3364. [security] Named could die on specially crafted record.
bed0874e1a09e810575328c4bfc346a47514b69fMark Andrews3363. [bug] Need to allow "forward" and "fowarders" options
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User in static-stub zones; this had been overlooked.
77932ac533c711eca5cd86de4e7eca8d91102b43Tinderbox User3362. [bug] Setting some option values to 0 in named.conf
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews could trigger an assertion failure on startup.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3361. [bug] "rndc signing -nsec3param" didn't work correctly
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User when salt was set to '-' (no salt). [RT #30099]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3360. [bug] 'host -w' could die. [RT #18723]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3359. [bug] An improperly-formed TSIG secret could cause a
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User memory leak. [RT #30607]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3358. [placeholder]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews3357. [port] Add support for libxml2-2.8.x [RT #30440]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3356. [bug] Cap the TTL of signed RRsets when RRSIGs are
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User approaching their expiry, so they don't remain
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User in caches after expiry. [RT #26429]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3355. [port] Use more portable awk in verify system test.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3354. [func] Improve OpenSSL error logging. [RT #29932]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3353. [bug] Use a single task for task exclusive operations.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3352. [bug] Ensure that learned server attributes timeout of the
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User adb cache. [RT #29856]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3351. [bug] isc_mem_put and isc_mem_putanddetach didn't report
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User caller if either ISC_MEM_DEBUGSIZE or ISC_MEM_DEBUGCTX
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews memory debugging flags are set. [RT #30243]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3350. [bug] Memory read overrun in isc___mem_reallocate if
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User ISC_MEM_DEBUGCTX memory debugging flag is set.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews3349. [bug] Change #3345 was incomplete. [RT #30233]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews3348. [bug] Prevent RRSIG data from being cached if a negative
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews record matching the covering type exists at a higher
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User trust level. Such data already can't be retrieved from
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User the cache since change 3218 -- this prevents it
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User being inserted into the cache as well. [RT #26809]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3347. [bug] dnssec-settime: Issue a warning when writing a new
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User private key file would cause a change in the
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User permissions of the existing file. [RT #27724]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3346. [security] Bad-cache data could be used before it was
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User initialized, causing an assert. [RT #30025]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3345. [bug] Addressed race condition when removing the last item
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User or inserting the first item in an ISC_QUEUE.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3344. [func] New "dnssec-checkds" command checks a zone to
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User determine which DS records should be published
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User in the parent zone, or which DLV records should be
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User published in a DLV zone, and queries the DNS to
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User ensure that it exists. (Note: This tool depends
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User on python; it will not be built or installed on
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User systems that do not have a python interpreter.)
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3343. [placeholder]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3342. [bug] Change #3314 broke saving of stub zones to disk
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User resulting in excessive cpu usage in some cases.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3341. [func] New "dnssec-verify" command checks a signed zone
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User to ensure correctness of signatures and of NSEC/NSEC3
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User chains. [RT #23673]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3340. [func] Added new 'map' zone file format, which is an image
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User of a zone database that can be loaded directly into
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User memory via mmap(), allowing much faster zone loading.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User (Note: Because of pointer sizes and other
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User considerations, this file format is platform-dependent;
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews 'map' zone files cannot always be transferred from one
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User server to another.) [RT #25419]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3339. [func] Allow the maximum supported rsa exponent size to be
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User specified: "max-rsa-exponent-size <value>;" [RT #29228]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3338. [bug] Address race condition in units tests: asyncload_zone
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User and asyncload_zt. [RT #26100]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3337. [bug] Change #3294 broke support for the multiple keys
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User in controls. [RT #29694]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3336. [func] Maintain statistics for RRsets tagged as "stale".
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3335. [func] nslookup: return a nonzero exit code when unable
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User to get an answer. [RT #29492]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3334. [bug] Hold a zone table reference while performing a
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User asynchronous load of a zone. [RT #28326]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews3333. [bug] Setting resolver-query-timeout too low can cause
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User named to not recover if it loses connectivity.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews3332. [bug] Re-use cached DS rrsets if possible. [RT #29446]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3331. [security] dns_rdataslab_fromrdataset could produce bad
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User rdataslabs. [RT #29644]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3330. [func] Fix missing signatures on NOERROR results despite
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews RPZ rewriting. Also
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User - add optional "recursive-only yes|no" to the
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User response-policy statement
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User - add optional "max-policy-ttl" to the response-policy
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User statement to limit the false data that
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User "recursive-only no" can introduce into
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User resolvers' caches
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User - add a RPZ performance test to bin/tests/system/rpz
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User when queryperf is available.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User - the encoding of PASSTHRU action to "rpz-passthru".
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews (The old encoding is still accepted.)
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3329. [bug] Handle RRSIG signer-name case consistently: We
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User generate RRSIG records with the signer-name in
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User lower case. We accept them with any case, but if
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User they fail to validate, we try again in lower case.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3328. [bug] Fixed inconsistent data checking in dst_parse.c.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3327. [func] Added 'filter-aaaa-on-v6' option; this is similar
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User to 'filter-aaaa-on-v4' but applies to IPv6
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews connections. (Use "configure --enable-filter-aaaa"
d3be47a4a841ca6fc07e8f18004cf72174e2d117Tinderbox User to enable this option.) [RT #27308]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3326. [func] Added task list statistics: task model, worker
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User threads, quantum, tasks running, tasks ready.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3325. [func] Report cache statistics: memory use, number of
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User nodes, number of hash buckets, hit and miss counts.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3324. [test] Add better tests for ADB stats [RT #27057]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3323. [func] Report the number of buckets the resolver is using.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews3322. [func] Monitor the number of active TCP and UDP dispatches.
3d2e052eb879189e6d853097f8b568d887323bebTinderbox User3321. [func] Monitor the number of recursive fetches and the
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User number of open sockets, and report these values in
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User the statistics channel. [RT #27054]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3320. [func] Added support for monitoring of recursing client
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User count. [RT #27009]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3319. [func] Added support for monitoring of ADB entry count and
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User hash size. [RT #27057]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3318. [tuning] Reduce the amount of work performed while holding a
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User bucket lock when finished with a fetch context.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3317. [func] Add ECDSA support (RFC 6605). [RT #21918]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3316. [tuning] Improved locking performance when recursing.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3315. [tuning] Use multiple dispatch objects for sending upstream
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User queries; this can improve performance on busy
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User multiprocessor systems by reducing lock contention.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3314. [bug] The masters list could be updated while stub_callback
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User or refresh_callback were using it. [RT #26732]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3313. [protocol] Add TLSA record type. [RT #28989]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3312. [bug] named-checkconf didn't detect a bad dns64 clients acl.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3311. [bug] Abort the zone dump if zone->db is NULL in
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews zone.c:zone_gotwritehandle. [RT #29028]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3310. [test] Increase table size for mutex profiling. [RT #28809]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3309. [bug] resolver.c:fctx_finddone() was not thread safe.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3308. [placeholder]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3307. [bug] Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews3306. [bug] Improve DNS64 reverse zone performance. [RT #28563]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3305. [func] Add wire format lookup method to sdb. [RT #28563]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3304. [bug] Use hmctx, not mctx when freeing rbtdb->heaps.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3303. [bug] named could die when reloading. [RT #28606]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3302. [bug] dns_dnssec_findmatchingkeys could fail to find
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User keys if the zone name contained character that
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews required special mappings. [RT #28600]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3301. [contrib] Update queryperf to build on darwin. Add -R flag
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater for non-recursive queries. [RT #28565]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3300. [bug] Named could die if gssapi was enabled in named.conf
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User but was not compiled in. [RT #28338]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3299. [bug] Make SDB handle errors from database drivers better.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3298. [bug] Named could dereference a NULL pointer in
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User zmgr_start_xfrin_ifquota if the zone was being removed.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3297. [bug] Named could die on a malformed master file. [RT #28467]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3296. [bug] Named could die with a INSIST failure in
3e1a17d65ec6227900f388ba2f7561365f7d4f5cTinderbox User client.c:exit_check. [RT #28346]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3295. [bug] Adjust isc_time_secondsastimet range check to be more
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User portable. [RT # 26542]
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews3294. [bug] isccc/cc.c:table_fromwire failed to free alist on
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User error. [RT #28265]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews3293. [func] nsupdate: list supported type. [RT #28261]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3292. [func] Log messages in the axfr stream at debug 10.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3291. [port] Fixed a build error on systems without ENOTSUP.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3290. [bug] <isc/hmacsha.h> was not being installed. [RT #28169]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3289. [bug] 'rndc retransfer' failed for inline zones. [RT #28036]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3288. [bug] dlz_destroy() function wasn't correctly registered
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User by the DLZ dlopen driver. [RT #28056]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3287. [port] Update ans.pl to work with Net::DNS 0.68. [RT #28028]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3286. [bug] Managed key maintenance timer could fail to start
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User after 'rndc reconfig'. [RT #26786]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3285. [bug] val-frdataset was incorrectly disassociated in
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews proveunsecure after calling startfinddlvsep.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews3284. [bug] Address race conditions with the handling of
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3283. [bug] Raw zones with with more than 512 records in a RRset
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User failed to load. [RT #27863]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3282. [bug] Restrict the TTL of NS RRset to no more than that
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User of the old NS RRset when replacing it.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User [RT #27792] [RT #27884]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3281. [bug] SOA refresh queries could be treated as cancelled
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User despite succeeding over the loopback interface.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3280. [bug] Potential double free of a rdataset on out of memory
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User with DNS64. [RT #27762]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3279. [bug] Hold a internal reference to the zone while performing
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User a asynchronous load. Address potential memory leak
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User if the asynchronous is cancelled. [RT #27750]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3278. [bug] Make sure automatic key maintenance is started
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User when "auto-dnssec maintain" is turned on during
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User "rndc reconfig". [RT #26805]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews3277. [bug] win32: isc_socket_dup is not implemented. [RT #27696]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews3276. [bug] win32: ns_os_openfile failed to return NULL on
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews safe_open failure. [RT #27696]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3275. [bug] Corrected rndc -h output; the 'rndc sync -clean'
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User option had been misspelled as '-clear'. (To avoid
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User future confusion, both options now work.) [RT #27173]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3274. [placeholder]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3273. [bug] AAAA responses could be returned in the additional
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User section even when filter-aaaa-on-v4 was in use.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews3272. [func] New "rndc zonestatus" command prints information
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User about the specified zone. [RT #21671]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User3271. [port] darwin: mksymtbl is not always stable, loop several
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User times before giving up. mksymtbl was using non
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User portable perl to covert 64 bit hex strings. [RT #27653]
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User --- 9.9.0rc2 released ---
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater3270. [bug] "rndc reload" didn't reuse existing zones correctly
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews when inline-signing was in use. [RT #27650]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater3269. [port] darwin 11 and later now built threaded by default.
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater3268. [bug] Convert RRSIG expiry times to 64 timestamps to work
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User out the earliest expiry time. [RT #23311]
081a44bd3019b18aec03c5c0746538fdc901da48Evan Hunt3267. [bug] Memory allocation failures could be mis-reported as
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews unexpected error. New ISC_R_UNSET result code.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3266. [bug] The maximum number of NSEC3 iterations for a
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User DNSKEY RRset was not being properly computed.
5f76877508748558eeb2e07254b0edbcbf2f2e43Tinderbox User3265. [bug] Corrected a problem with lock ordering in the
af9dbf1ccdd53933aaae9300d13ce0965d39b067Evan Hunt inline-signing code. [RT #27557]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3264. [bug] Automatic regeneration of signatures in an
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User inline-signing zone could stall when the server
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User was restarted. [RT #27344]
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater3263. [bug] "rndc sync" did not affect the unsigned side of an
c505effec1da6664c37f0e4dbfc1c4f6b0e73367Tinderbox User inline-signing zone. [RT #27337]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3262. [bug] Signed responses were handled incorrectly by RPZ.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3261. [func] RRset ordering now defaults to random. [RT #27174]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3260. [bug] "rrset-order cyclic" could appear not to rotate
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User for some query patterns. [RT #27170/27185]
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User --- 9.9.0rc1 released ---
ee11dfc481f2ef6a032a715454f6290961a722d2Tinderbox User3259. [bug] named-compilezone: Suppress "dump zone to <file>"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews message when writing to stdout. [RT #27109]
6284b9b877d2205240dce1cf7f88d4dca888e44aTinderbox User3258. [test] Add "forcing full sign with unreadable keys" test.
ee11dfc481f2ef6a032a715454f6290961a722d2Tinderbox User3257. [bug] Do not generate a error message when calling fsync()
16f6050f29b6b0422cee858e609f65e474e70ef2Tinderbox User in a pipe or socket. [RT #27109]
4fe0411487e8e4401477684c0a2bac041ca7c2d5Tinderbox User3256. [bug] Disable empty zones for lwresd -C. [RT #27139]
ee11dfc481f2ef6a032a715454f6290961a722d2Tinderbox User3255. [func] No longer require that a empty zones be explicitly
lib/dns/rbtdb.c:iszonesecure. [RT #26913]
3233. [bug] 'rndc freeze/thaw' didn't work for inline zones.
3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478]
3212. [bug] rbtdb.c: failed to remove a node from the deadnodes
3201. [func] 'rndc querylog' can now be given an on/off parameter
dnssec.h. [RT #26415]
3188. [bug] zone.c:zone_refreshkeys() could fail to detach
3186. [bug] Version/db mis-match in rpz code. [RT #26180]
sample external DLZ module in contrib/dlz/example.
- replace "NO-OP" named.conf policy override with
3169. [func] Catch db/version mis-matches when calling dns_db_*().
3163. [bug] Use finer-grained locking in client.c to address
3161. [bug] zone.c:del_sigs failed to always reset rdata leading
drivers (e.g., mysql, postgresql, etc). [RT #25710]
3145. [test] Capture output of ATF unit tests in "./atf.out" if
3093. [bug] Fix gssapi/kerberos dependencies [RT #23836]
3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
and add setup.sh in order to resolve changing
named.conf issue. [RT #23687]
3077. [bug] zone.c:zone_refreshkeys() incorrectly called
update.c:next_active. [RT #20256]
select the master/slave zones. [RT #23580]
- "dig +split=X" breaks hex/base64 records into
named.pid at startup. [RT #23290]
validator.c. Tests added to dnssec system test.
3038. [bug] Install <dns/rpz.h>. [RT #23342]
3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
3026. [bug] lib/isc/httpd.c: check that we have enough space
to 10. Allow setting this in named.conf using the new
in the named.conf options. [RT #21727]
3000. [bug] More TKEY/GSS fixes:
2992. [contrib] contrib/check-secure-delegation.pl: A simple tool
2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for
2987. [func] Improve ease of configuring TKEY/GSS updates by
zone, but the nameserver names and/or their IP
2978. [port] hpux: look for <devpoll.h> [RT #21919]
2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
2973. [bug] bind.keys.h was being removed by the "make clean"
(e.g. "%-1c"). [RT #22270]
2962. [port] win32: add more dependencies to BINDBuild.dsw.
2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
interfaces at reboot. See bin/tests/system/README
support for addzone/delzone feature (see change
new-zone-file in named.conf; this happens
2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
option at the view or options level in named.conf.
into named.conf in the appropriate view. (Note:
2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
was specified in named.conf. [RT #21416]
2903. [bug] managed-keys-directory missing from namedconf.c.
2893. [bug] Improve managed keys support. New named.conf option
2873. [bug] Canceling a dynamic update via the dns/client module
2872. [bug] Modify dns/client.c:dns_client_createx() to only
2871. [bug] Type mismatch in mem_api.c between the definition and
2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
2865. [bug] memset to zero event.data. [RT #20986]
2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
README.rfc5011 into the ARM. [RT #20899]
2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
2829. [bug] Fixed potential node inconsistency in rbtdb.c.
2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
2822. [bug] rbtdb.c:loadnode() could return the wrong result.
atomic.h is correctly installed by the architecture
(i.e., built without --enable-exportlib). [RT #20679]
named.conf: check-dup-records {ignore|warn|fail};
2794. [bug] Install <isc/namespace.h>. [RT #20677]
2791. [bug] The installation of isc-config.sh was broken.
2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
2770. [cleanup] Add log messages to resolver.c to indicate events
2756. [bug] Fixed corrupt logfile message in update.c. [RT #20597]
2746. [port] hpux: address signed/unsigned expansion mismatch of
dns_rbtnode_t.nsec. [RT #20542]
validator.c. [RT #19589]
2725. [doc] Added information about the file "managed-keys.bind"
2719. [func] Skip trusted/managed keys for unsupported algorithms.
2717. [bug] named failed to update the NSEC/NSEC3 record when
2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
2711. [port] win32: Add the bin/pkcs11 tools into the full
by the named.conf option 'secure-to-insecure'.
(i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
2699. [bug] Missing lock in rbtdb.c. [RT #20037]
S_IFREG are defined after including <isc/stat.h>.
2695. [func] DHCP/DDNS - update fdwatch code for use by
2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
2679. [func] dig -k can now accept TSIG keys in named.conf
- New "inactive" date (dnssec-keygen/settime -I)
2673. [bug] The managed-keys.bind zone file could fail to
2664. [bug] create_keydata() and minimal_update() in zone.c
applications. See README.libdns. [RT #19369]
2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
2632. [func] util/kit.sh: warn if documentation appears to be out of
2628. [port] linux: Allow /var/run/named/named.pid to be opened
2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
2617. [bug] ifconfig.sh failed to emit an error message when
2616. [bug] 'host' used the nameservers from resolv.conf even
configuration text for named.conf
from a NSEC3 signed master/slave zone. [RT #19464]
2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
2590. [func] Report zone/class of "update with no effect".
2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
of "dnssec-lookaside . trust-anchor dlv.isc.org;"
plus setting a trusted-key for dlv.isc.org.
by) $sysconfdir/bind.keys. As the ISC DLV key
the bind.keys file with a key downloaded from
https://www.isc.org/solutions/dlv. [RT #18685]
2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
2548. [bug] Install iterated_hash.h. [RT #19335]
2547. [bug] openssl_link.c:mem_realloc() could reference an
2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
2538. [bug] cache/ADB memory could grow over max-cache-size,
2519. [bug] dig/host with -4 or -6 didn't work if more than two
preceded in resolv.conf. [RT #19081]
document function in <isc/radix.h>. [RT #18534]
2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
are now /var/run/named/named.pid and
/var/run/lwresd/lwresd.pid respectively.
2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
specified in named.conf doesn't seem to work with
2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
2455. [bug] Stop metadata being transferred via axfr/ixfr.
2452. [func] Improve bin/test/journalprint. [RT #18316]
epoll and /dev/poll to be selected at compile
completion event send out canceled read/write
in rbtdb.c. [RT #18455]
2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
temporary, named.conf option reserved-sockets,
assertion in acl.c. [RT #18166]
2390. [bug] dispatch.c could make a false warning on 'odd socket'.
2387. [bug] Silence compiler warnings in lib/isc/radix.c.
2385. [bug] A condition variable in socket.c could leak in
2381. [port] dlz/mysql: support multiple install layouts for
mysql. <prefix>/include/{,mysql/}mysql.h and
2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
Documentation is in the new README.pkcs11 file.
were set at both the options/view level and in
named.conf. [RT #17581]
See <isc/mem.h> for details.
2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
rbtdb.c. Implement dead node processing in zones as
lib/dns/rdata/in_1/apl_42.c. [RT #17469]
2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
addresses in acl.c. [RT #17519]
bin/named/lwdnoop.c. [RT #17476]
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
debug/fatal messages. [RT #17501]
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
2306. [bug] Remove potential race from lib/dns/resolver.c.
2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
bin/tests/system/lwresd/lwtest.c. [RT #17474]
bin/tests/names/t_names.c. [RT #17473]
bin/nsupdate/nsupdate.c. [RT #17475]
bin/tests/timers/t_timers.c. [RT #17468]
bin/tests/dst/t_dst.c. [RT #17467]
2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
2276. [bug] Install <dst/gssapi.h>. [RT #17359]
stub/slave master and journal files. [RT #17279]
2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
2266. [bug] client.c:get_clientmctx() returned the same mctx
2257. [bug] win32: Use the full path to vcredist_x86.exe when
bindevt.dll. [RT #17159]
2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
2254. [bug] timer.c:dispatch() failed to lock timer->lock
2247. [doc] Sort doc/misc/options. [RT #17067]
2246. [bug] Make the startup of test servers (ans.pl) more
2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
If allow-query-cache is not set in named.conf then
If allow-recursion is not set in named.conf then
2194. [bug] Close journal before calling 'done' in xfrin.c.
2193. [port] win32: BINDInstall.exe is now linked statically.
2192. [port] win32: use vcredist_x86.exe to install Visual
2184. [bug] bind9.xsl.h didn't build out of the source tree.
2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
need to ship Microsoft.VC80.MFCLOC.
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
Fix a memory leak in rbtdb.c:free_noqname().
Make lookup.c:lookup_find() robust against
2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
dighost.c:get_trusted_key(). [RT #16678]
hmac_link.c. [RT #16437]
2145. [bug] Check DS/DLV digest lengths for known digests.
2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
in adb.c. [RT #16670]
2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2137. [port] Mips little endian and/or mips 64 bit are now
2136. [bug] nslookup/host looped if there was no search list
2135. [bug] Uninitialized rdataset in sdlz.c. [RT #16656]
2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
2114. [bug] dig/host/nslookup: searches for names with multiple
2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
2103. [port] Add /usr/sfw to list of locations for OpenSSL
2100. [port] win32: copy libeay32.dll to Build\Debug.
2098. [bug] Race in rbtdb.c:no_references(), which occasionally
if resolv.conf does not exist or no nameservers
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
2085. [doc] win32: added index.html and README to zip. [RT #16201]
2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
2080. [port] libbind: res_init.c did not compile on older versions
2076. [bug] Several files were missing #include <config.h>
of authoritative servers that drop EDNS and/or CD
2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
2043. [port] nsupdate/nslookup: Force the flushing of the prompt
2038. [bug] dig/nslookup/host was unlinking from wrong list
a non slave/stub zone. [RT # 16073]
2028. [port] linux: socket.c compatibility for old systems.
2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
2008. [func] It is now possible to enable/disable DNSSEC
breaks DNSSEC (firewall/proxy). [RT #15592]
2003. [bug] libbind: The DNS name/address lookup functions could
1988. [bug] Remove a bus error from the SHA256/SHA512 support.
1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
1981. [bug] win32: condition.c:wait() could fail to reattain
1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
now be set in named.conf (max-udp-size). This is
xfrin.c:maybe_free() if named ran out of memory.
1944. [cleanup] isc_hash_create() does not need a read/write lock.
1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
1922. [bug] check-tool.c:setup_logging() missing call to
1919. [contrib] queryperf: a set of new features: collecting/printing
'RD' was set in the query. host/nslookup skip servers
1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
1866. [bug] resolv.conf parse errors were being ignored by
dig/host/nslookup. [RT #14841]
1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
when CFLAGS contains "-I /usr/local/include"
1839. [bug] <isc/hash.h> was not being installed.
1836. [cleanup] Silence compiler warnings in hash_test.c.
1834. [bug] Bad memset in rdata_test.c. [RT #13658]
rbtdb.c:subtractrdataset(). [RT #13519]
option in named.conf can be used to specify a
1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
1810. [bug] configure, lib/bind/configure make different default
1808. [bug] zone.c:notify_zone() contained a race condition,
1788. [bug] libbind9.la/libbind9.so needs to link against
1785. [bug] libbind9.la/libbind9.so needs to link against
1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
file clause for rbt{64} master/hint zones. [RT #13009]
1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
1748. [func] dig now returns the byte count for axfr/ixfr.
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
1745. [bug] Dig/host/nslookup accept replies from link locals
1731. [port] darwin: relax version test in ifconfig.sh.
1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
1717. [port] solaris: ifconfig.sh did not support Solaris 10.
"ifconfig.sh down" didn't work for Solaris 9.
1716. [doc] named.conf(5) was being installed in the wrong
1714. [bug] dig/host/nslookup were only trying the first
1707. [contrib] sdb/ldap updated to version 1.0-beta.
1705. [func] Allow the journal's name to be changed via named.conf.
"#include <isc/print.h>". [RT #12321]
1701. [doc] A minimal named.conf man page.
are defined in named.conf. [RT #12023]
/usr/lib. [RT #11971]
1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
adb.c:set_target(). [RT #11582]
1648. [func] Update dnssec-lookaside named.conf syntax to support
1625. [bug] named failed to load/transfer RFC2535 signed zones
1612. [bug] check-names at the option/view level could trigger
1599. [bug] Fix memory leak on error path when checking named.conf.
DNSSEC specify "dnssec-enable yes;" in named.conf.
1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
1566. [port] Support for the cmsg framework on Solaris and HP/UX.
were specified in /etc/resolv.conf. [RT #8232]
1551. [port] Open "/dev/null" before calling chroot().
1532. [port] netbsd: the configure test for <sys/sysctl.h>
requires <sys/param.h>.
1517. [port] Support for IPv6 interface scanning on HP/UX and
only (e.g. DE, LV, US and MUSEUM) these can be excluded
1503. [port] win32: install libeay32.dll outside of system32.
named.conf, tcp-listen-queue.
1498. [port] bsdos: 5.x support.
1478. [port] ifconfig.sh didn't account for other virtual
1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
doc/misc/options. [RT #5616]
via named.conf (edns-udp-size).
1425. [port] linux/libbind: define __USE_MISC when testing *_r()
function prototypes in netdb.h. [RT #4921]
1422. [func] Log name/type/class when denying a query. [RT #4663]
1419. [port] openbsd: use /dev/arandom. [RT #4950]
1417. [func] ID.SERVER/CHAOS is now a built in zone.
1410. [func] Handle records that live in the parent zone, e.g. DS.
1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
'recursing-file = "named.recursing";'.
1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
1353. [contrib] sdb/ldap to version 0.9.
in socket.c and eliminating a host of socket
1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
1336. [func] Nibble lookups under IP6.ARPA are now supported by
1334. [bug] When signing/verifying rdatasets, duplicate rdatas
1326. [bug] DNAME/CNAME signatures were not being cached when
1324. [port] darwin: ifconfig.sh now supports darwin.
1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
1276. [bug] libbind: const pointer conflicts in res_debug.c.
1269. [port] Openserver: ifconfig.sh support.
<sys/param.h> is included or not. Be consistent.
1247. [bug] Don't reset the interface index for link/site local
1234. [bug] contrib/sdb: 'zonetodb' failed to call
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
at the named.conf checking stage. [RT #2431]
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
lib/dns to use this function instead of local one.
occurs when parsing named.conf. [RT #2275]
1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
1145. [func] "host" no longer reports a NOERROR/NODATA response
named/lwresd at compile time. [RT #1982]
1119. [func] Added support in Win32 for NTFS file/directory ACL's
could cause an assertion failure in resolver.c
violation in adb.c. [RT #2017]
1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
1088. [port] libbind: MPE/iX C.70 (incomplete)
on load/reload if views were used. [RT #1947]
1041. [bug] Dig/host/nslookup could catch an assertion failure
1032. [func] hostname.bind/txt/chaos now returns the name of
1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
1030. [bug] On systems with no resolv.conf file, nsupdate
1029. [bug] Some named.conf errors did not cause the loading
1002. [bug] When reporting an unknown class name in named.conf,
972. [bug] The file modification time code in zone.c was using the
non-existent nlist.h. [RT #1640]
957. [bug] sys/select.h inclusion was broken on older platforms.
in named/win32/os.c due to code changes in
updated to add include path for os.h header.
953. [func] The /var/run/named.key file from change #843
has been replaced by /etc/rndc.key. Both
method (rndc.conf / controls). Unlike
bin/tests. [RT #1555].
946. [cleanup] doc/misc/options is now machine-generated from the
when installing isc-config.sh.
were not accepted in named.conf. [RT #1469]
and added lib/isc/win32/entropy.c.
900. [bug] A config.guess update changed the system identification
bin/tests/system/ifconfig.sh now recognize the new
899. [bug] lib/dns/soa.c failed to compile on many platforms
897. [bug] A config.guess update changed the system identification
to Darwin. This was derived from the config.guess
849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
just as <lwres/net.h> does.
843. [func] If no controls statement is present in named.conf,
generated by named and an rndc.conf-style file
named named.key will be written that uses it. rndc
838. [port] UnixWare 7.x.x is now suported by
833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
<dns/soa.h>, and extended them to support
832. [bug] The default location for named.conf in named-checkconf
825. [bug] zone.c:ns_query() detached from the wrong zone
character (i.e. "/") in its name and the directory
down-cased when signing/verifying records. [RT #1186]
in rndc.conf.
786. [bug] When DNSSEC signing/verifying data, owner names were
755. [bug] Fix incorrectly formatted log messages in zone.c.
748. [doc] List supported RFCs in doc/misc/rfc-compliance.
739. [port] Look for /dev/random in configure, rather than
737. [port] stdtime.c failed to compile on certain platforms.
dispatch.c:do_cancel(). [RT #733]
718. [cleanup] "internal" is no longer a reserved word in named.conf.
failure in adb.c. [RT #738]
703. [port] sys/select.h is needed on older platforms. [RT #695]
702. [func] If the address 0.0.0.0 is seen in resolv.conf,
693. [bug] An empty lwres statement in named.conf caused
685. [bug] nslookup should use the search list/domain options
from resolv.conf by default. [RT #405, #630]
646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
for syntax checking named.conf files and zone files,
604. [bug] The named.conf parser could print incorrect line
577. [func] Log illegal RDATA combinations. e.g. multiple
570. [bug] rbtdb.c allowed zones containing nodes which had
568. [func] Add sample simple database drivers in contrib/sdb.
of rdata type/class mnemonics in log messages.
516. [bug] Cache lookups which had a NULL node pointer, e.g.
DNAME, would trigger an INSIST(!search.need_cleanup)
490. [func] When a slave/stub zone has not yet successfully
from the named.conf "listen-on" statement, sockets
477. [bug] The the isc-config.sh script could be installed before
471. [bug] nsupdate didn't compile on HP/UX 10.20
and subsequent name servers in resolv.conf if the
457. [bug] Dig/host/hslookup didn't properly handle connect
documented as such in named.conf. [RT #304, RT #311]
is specified in named.conf. [RT #306]
is specified in named.conf. [RT #301]
432. [func] Added refresh/retry jitter. The actual refresh/
428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
(e.g. glue). This could cause SERVFAILs when
e.g. due to corrupt zones with multiple SOA records.
an argc/argv style vector of words and sets
view/global one for CNAME targets and additional
369. [func] Support new named.conf options, view and zone
the distribution, in doc/man/dnssec.
353. [bug] double increment in lwres/gethost.c:copytobuf().
348. [func] New boolean named.conf options 'additional-from-auth'
345. [bug] Large-scale changes/cleanups to dig:
341. [func] Support 'key' clause in named.conf zone masters
327. [bug] rndc.conf parser wasn't correctly recognizing an IP
320. [func] Multiple rndc changes: parses an rndc.conf file,
319. [func] The named.conf "controls" statement is now used
314. [func] The named.conf controls statement can now have
313. [bug] When parsing resolv.conf, don't terminate on an
resolv.conf search path from 6 to 8. If there
resolv.conf was empty or a comment.
310. [func] Changes to named.conf "controls" statement (inet
are listed in resolv.conf, silently ignore them
each library's ipv6.h defines the wrapper symbol of
any $sbindir/dig from a previous release.)
that lack /dev/random.
280. [func] Add isc-config.sh, which can be used to more
two or more files in libomapi.a were not namespace
278. [bug] bin/named/logconf.c:category_fromconf() didn't take
266. [bug] zone.c:save_nsrrset() node was not initialized.
262. [bug] 'master' was not initialized in zone.c:stub_callback().
for global options block of named.conf. Both accept
258. [bug] Fixed printing of lwres_addr_t.address field.
256. [func] isc_ratelimiter_t now has attach/detach semantics, and
253. [func] resolv.conf parser now recognizes ';' and '#' as
252. [bug] resolv.conf parser mishandled masks on sortlists.
244. [bug] empty named.conf file and empty options statement are
243. [func] new cachesize option for named.conf
+ missing sigwait prototype on BSD/OS 4.0/4.0.1.
BSD/OS 4.*, Linux and Solaris 2.8.
230. [func] Replace the dst sign/verify API with a cleaner one.
from confparser.c, because of yacc's code, are
212. [func] Added dns_message_get/settsigkey, to make TSIG
compiling in the lib/dns/sec/{dnssafe,openssl}
204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
run on a PA 1.x system."
201. [cleanup] Removed the test/sdig program, it has been
replaced by bin/dig/dig.
(e.g., running out of network buffers) were
and/or interfaces. [19-May-2000 explorer]
191. [func] Patched to compile on UnixWare 7.x. This platform
range for overflow/underflow. In the case of
184. [cleanup] Variables/functions which began with two leading
underscores were made to conform to the ANSI/ISO
179. [func] options named.conf statement *must* now come
178. [func] Post-load of named.conf check verifies a slave zone
168. [bug] include statements in named.conf caused syntax errors
162. [bug] Ensure proper range for arguments to ctype.h functions.
masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
util/check-includes for how this was tested.
145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
<isc/result.h>.
of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
need <isc/eventclass.h>.
instead of <isc/time.h>.
128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
and creates null keys/sets zone status bit for
<isc/result.h>.
<isc/result.h>. Multiple inclusion protection
isc_symtab_t moved to <isc/types.h>.
<isc/net.h>.
118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
117. [cleanup] libdns.a changes:
116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
<isc/list.h>.
<isc/mutex.h>.
<isc/list.h>.
bin/tests/{db,mem,sockaddr,tasks,timers}/.
108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
105. [doc] doc/dev/coding.html expanded with other
103. [func] libisc buffer API changes for <isc/buffer.h>:
on BSD/OS 4.1.
101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
<isc/event.h>.
or <isc/result.h>.
<isc/result.h>.
90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
from <named/listenlist.h>.
<isc/mem.h>. isc_interface_t and isc_interfaceiter_t
moved to <isc/types.h>.
86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
<isc/types.h>.
<isc/int.h>.
<isc/lang.h>.
subsumed by file.o.
OpenSSL libraries/headers.
from <dns/types.h>.
59. [bug] Cause net/host unreachable to be a hard error
58. [bug] bin/named/query.c could sometimes trigger the
(client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
<sys/param.h>.
logging module "dns/validator".
and isc_lex_t to <isc/types.h>.
31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
25. [bug] make install failed to install <isc/log.h> and
configure.in to check for presence of in6addr_any.
9. [cleanup] replaced bit-setting code in confctx.c and replaced
4. [port] bin/named/unix/os.c didn't compile on systems with
get only what we need from <linux/capability.h>, and
systems without /dev/random.
lib/isc/unix/include/isc/Makefile.in had a typo which