CHANGES revision dab4aac006fadcaf3c5a9ccd983188b37ead08ee
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3460. [bug] Only link against readline where needed. [RT #29810]
a02a0a8a7eb461619931f4a0e896afa247b52c54Mark Andrews3459. [func] Added -J option to named-checkzone/named-compilezone
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews to specify the path to the journal file. [RT #30958]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3458. [bug] Return FORMERR when presented with a overly long
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews domain named in a request. [RT #29682]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3457. [protocol] Add ILNP records (NID, LP, L32, L64). [RT #31836]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3456. [port] g++47: ATF failed to compile. [RT #32012]
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews3455. [contrib] queryperf: fix getopt option list. [RT #32338]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3454. [port] sparc64: improve atomic support. [RT #25182]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3453. [bug] 'rndc addzone' of a zone with 'inline-signing yes;'
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews failed. [RT #31960]
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews3452. [bug] Accept duplicate singleton records. [RT #32329]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3451. [port] Increase per thread stack size from 64K to 1M.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3450. [bug] Stop logfileconfig system test spam system logs.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3449. [bug] gen.c: use the pre-processor to construct format
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington strings so that compiler can perform sanity checks;
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews check the snprintf results. [RT #17576]
bac2ed6ec3fbb5420e6ce69dd1218745d4e02b1eMark Andrews3448. [bug] The allow-query-on ACL was not processed correctly.
bac2ed6ec3fbb5420e6ce69dd1218745d4e02b1eMark Andrews3447. [port] Add support for libxml2-2.9.x [RT #32231]
4038ab55037184d76153afd3c469aa8c85adf85dMark Andrews3446. [port] win32: Add source ID (see change #3400) to build.
bac2ed6ec3fbb5420e6ce69dd1218745d4e02b1eMark Andrews3445. [bug] Warn about zone files with blank owner names
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews immediately after $ORIGIN directives. [RT #31848]
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews3444. [bug] The NOQNAME proof was not being returned from cached
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews insecure responses. [RT #21409]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3443. [bug] ddns-confgen: Some TSIG algorithms were incorrectly
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews rejected when generating keys. [RT #31927]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3442. [port] Net::DNS 0.69 introduced a non backwards compatible
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews change. [RT #32216]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3441. [maint] D.ROOT-SERVERS.NET is now 199.7.91.13.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3440. [bug] Reorder get_key_struct to not trigger a assertion when
26a77b80bb7ee886c6fa704348d5e80a011d8811Mark Andrews cleaning up due to out of memory error. [RT #32131]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3439. [placeholder]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3438. [bug] Don't accept unknown data escape in quotes. [RT #32031]
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialise
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews buffers with constant data. [RT #32064]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3436. [bug] Check malloc/calloc return values. [RT #32088]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3435. [bug] Cross compilation support in configure was broken.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3434. [bug] Pass client info to the DLZ findzone() entry
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson point in addition to lookup(). This makes it
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson possible for a database to answer differently
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson whether it's authoritative for a name depending
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson on the address of the client. [RT #31775]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3433. [bug] dlz_findzone() did not correctly handle
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson ISC_R_NOMORE. [RT #31172]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3432. [func] Multiple DLZ databases can now be configured.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson DLZ databases are searched in the order configured,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington unless set to "search no", in which case a
c25080dc50542213058c240226c9f342186e6285Mark Andrews zone can be configured to be retrieved from a
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews particular DLZ database by using a "dlz <name>"
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews option in the zone statement. DLZ databases can
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews support type "master" and "redirect" zones.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3431. [bug] ddns-confgen: Some valid key algorithms were
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews not accepted. [RT #31927]
c25080dc50542213058c240226c9f342186e6285Mark Andrews3430. [bug] win32: isc_time_formatISO8601 was missing the
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews 'T' between the date and time. [RT #32044]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3429. [bug] dns_zone_getserial2 could a return success without
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews returning a valid serial. [RT #32007]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3428. [cleanup] dig: Add timezone to date output. [RT #2269]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3427. [bug] dig +trace incorrectly displayed name server
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews addresses instead of names. [RT #31641]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3426. [bug] dnssec-checkds: Clearer output when records are not
642e0716c8b4ab82ebc8e60f94c9e897ee89f19aMark Andrews found. [RT #31968]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3425. [bug] "acacheentry" reference counting was broken resulting
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews in use after free. [RT #31908]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3424. [func] dnssec-dsfromkey now emits the hash without spaces.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3423. [bug] "rndc signing -nsec3param" didn't accept the full
c25080dc50542213058c240226c9f342186e6285Mark Andrews range of possible values. Address portability issues.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3422. [bug] Added a clear error message for when the SOA does not
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews match the referral. [RT #31281]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3421. [bug] Named loops when re-signing if all keys are offline.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3420. [bug] Address VPATH compilation issues. [RT #31879]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3419. [bug] Memory leak on validation cancel. [RT #31869]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3418. [func] New XML schema (version 3.0) for the statistics channel
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews adds query type statistics at the zone level, and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews flattens the XML tree and uses compressed format to
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews optimize parsing. Includes new XSL that permits
642e0716c8b4ab82ebc8e60f94c9e897ee89f19aMark Andrews charting via the Google Charts API on browsers that
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews support javascript in XSL. The old XML schema has been
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews deprecated. [RT #30023]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3417. [placeholder]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3416. [bug] Named could die on shutdown if running with 128 UDP
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews dispatches per interface. [RT #31743]
c25080dc50542213058c240226c9f342186e6285Mark Andrews3415. [bug] named could die with a REQUIRE failure if a valdation
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews was canceled. [RT #31804]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3414. [bug] Address locking issues found by Coverity. [RT #31626]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3413. [func] Record the number of DNS64 AAAA RRsets that have been
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews synthesized. [RT #27636]
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews3412. [bug] Copy timeval structure from control message data.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3411. [tuning] Use IPV6_USE_MIN_MTU or equivalent with TCP in addition
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson to UDP. [RT #31690]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3410. [bug] Addressed Coverity warnings. [RT #31626]
7c40ffd67bd1e73907f83a79a6ff8c635f4a4a74Mark Andrews3409. [contrib] contrib/dane/mkdane.sh: Tool to generate TLSA RR's
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews from X.509 certificates, for use with DANE
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (DNS-based Authentication of Named Entities).
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews3408. [bug] Some DNSSEC-related options (update-check-ksk,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews dnssec-loadkeys-interval, dnssec-dnskey-kskonly)
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews are now legal in slave zones as long as
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson inline-signing is in use. [RT #31078]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3407. [placeholder]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3406. [bug] mem.c: Fix compilation errors when building with
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews ISC_MEM_TRACKLINES or ISC_MEMPOOL_NAMES disabled.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Also, ISC_MEM_DEBUG is no longer optional. [RT #31559]
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews3405. [bug] Handle time going backwards in acache. [RT #31253]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3404. [bug] dnssec-signzone: When re-signing a zone, remove
5752b9e296f14034f103149f18188770c2cc5239Mark Andrews RRSIG and NSEC records from nodes that used to be
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews in-zone but are now below a zone cut. [RT #31556]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3403. [bug] Silence noisy OpenSSL logging. [RT #31497]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3402. [test] The IPv6 interface numbers used for system
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews tests were incorrect on some platforms. [RT #25085]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3401. [bug] Addressed Coverity warnings. [RT #31484]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3400. [cleanup] "named -V" can now report a source ID string, defined
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews in the "srcid" file in the build tree and normally set
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson to the most recent git hash. [RT #31494]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3399. [port] netbsd: rename 'bool' parameter to avoid namespace
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews clash. [RT #31515]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3398. [bug] SOA parameters were not being updated with inline
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews signed zones if the zone was modified while the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington server was offline. [RT #29272]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3397. [bug] dig crashed when using +nssearch with +tcp. [RT #25298]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3396. [bug] OPT records were incorrectly removed from signed,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews truncated responses. [RT #31439]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3395. [protocol] Add RFC 6598 reverse zones to built in empty zones
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews list, 64.100.IN-ADDR.ARPA ... 127.100.IN-ADDR.ARPA.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3394. [bug] Adjust 'successfully validated after lower casing
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews signer' log level and category. [RT #31414]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3393. [bug] 'host -C' could core dump if REFUSED was received.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3392. [func] Keep statistics on REFUSED responses. [RT #31412]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3391. [bug] A DNSKEY lookup that encountered a CNAME failed.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3390. [bug] Silence clang compiler warnings. [RT #30417]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3389. [bug] Always return NOERROR (not 0) in TSIG. [RT #31275]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3388. [bug] Fixed several Coverity warnings. [RT #30996]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3387. [func] DS digest can be disabled at runtime with
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington disable-ds-digests. [RT #21581]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3386. [bug] Address locking violation when generating new NSEC /
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington NSEC3 chains. [RT #31224]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3385. [bug] named-checkconf didn't detect missing master lists
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington in also-notify clauses. [RT #30810]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3384. [bug] Improved logging of crypto errors. [RT #30963]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3383. [security] A certain combination of records in the RBT could
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington cause named to hang while populating the additional
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington section of a response. [RT #31090]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3382. [bug] SOA query from slave used use-v6-udp-ports range,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington if set, regardless of the address family in use.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3381. [contrib] Update queryperf to support more RR types.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3380. [bug] named could die if a non-existant master list was
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington referenced in a also-notify. [RT #31004]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3379. [bug] isc_interval_zero and isc_time_epoch should be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington "const (type)* const". [RT #31069]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3378. [bug] Handle missing 'managed-keys-directory' better.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3377. [bug] Removed spurious newline from NSEC3 multiline
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington output. [RT #31044]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3376. [bug] Lack of EDNS support was being recorded without a
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews successful response. [RT #30811]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3375. [bug] 'rndc dumpdb' failed on empty caches. [RT #30808]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington3374. [bug] isc_parse_uint32 failed to return a range error on
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington systems with 64 bit longs. [RT #30232]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington3373. [bug] win32: open raw files in binary mode. [RT #30944]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3372. [bug] Silence spurious "deleted from unreachable cache"
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington messages. [RT #30501]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington3371. [bug] AD=1 should behave like DO=1 when deciding whether to
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews add NS RRsets to the additional section or not.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3370. [bug] Address use after free while shutting down. [RT #30241]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3369. [bug] nsupdate terminated unexpectedly in interactive mode
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington if built with readline support. [RT #29550]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3368. [bug] <dns/iptable.h>, <dns/private.h> and <dns/zone.h>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews were not C++ safe.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3367. [bug] dns_dnsseckey_create() result was not being checked.
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews3366. [bug] Fixed Read-After-Write dependency violation for IA64
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews atomic operations. [RT #25181]
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews3365. [bug] Removed spurious newlines from log messages in
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews3364. [security] Named could die on specially crafted record.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3363. [bug] Need to allow "forward" and "fowarders" options
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington in static-stub zones; this had been overlooked.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3362. [bug] Setting some option values to 0 in named.conf
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington could trigger an assertion failure on startup.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3361. [bug] "rndc signing -nsec3param" didn't work correctly
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington when salt was set to '-' (no salt). [RT #30099]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3360. [bug] 'host -w' could die. [RT #18723]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3359. [bug] An improperly-formed TSIG secret could cause a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington memory leak. [RT #30607]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3358. [placeholder]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3357. [port] Add support for libxml2-2.8.x [RT #30440]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3356. [bug] Cap the TTL of signed RRsets when RRSIGs are
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington approaching their expiry, so they don't remain
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington in caches after expiry. [RT #26429]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3355. [port] Use more portable awk in verify system test.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3354. [func] Improve OpenSSL error logging. [RT #29932]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3353. [bug] Use a single task for task exclusive operations.
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews3352. [bug] Ensure that learned server attributes timeout of the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews adb cache. [RT #29856]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3351. [bug] isc_mem_put and isc_mem_putanddetach didn't report
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington caller if either ISC_MEM_DEBUGSIZE or ISC_MEM_DEBUGCTX
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington memory debugging flags are set. [RT #30243]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3350. [bug] Memory read overrun in isc___mem_reallocate if
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington ISC_MEM_DEBUGCTX memory debugging flag is set.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3349. [bug] Change #3345 was incomplete. [RT #30233]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3348. [bug] Prevent RRSIG data from being cached if a negative
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington record matching the covering type exists at a higher
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington trust level. Such data already can't be retrieved from
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the cache since change 3218 -- this prevents it
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington being inserted into the cache as well. [RT #26809]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3347. [bug] dnssec-settime: Issue a warning when writing a new
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington private key file would cause a change in the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington permissions of the existing file. [RT #27724]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3346. [security] Bad-cache data could be used before it was
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington initialized, causing an assert. [RT #30025]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3345. [bug] Addressed race condition when removing the last item
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington or inserting the first item in an ISC_QUEUE.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3344. [func] New "dnssec-checkds" command checks a zone to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington determine which DS records should be published
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington in the parent zone, or which DLV records should be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington published in a DLV zone, and queries the DNS to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington ensure that it exists. (Note: This tool depends
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington on python; it will not be built or installed on
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington systems that do not have a python interpreter.)
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3343. [placeholder]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3342. [bug] Change #3314 broke saving of stub zones to disk
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews resulting in excessive cpu usage in some cases.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3341. [func] New "dnssec-verify" command checks a signed zone
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews to ensure correctness of signatures and of NSEC/NSEC3
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews chains. [RT #23673]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3340. [func] Added new 'fast' zone file format, which is an image
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews of a zone database that can be loaded directly into
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews memory via mmap(), allowing much faster zone loading.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (Note: Because of pointer sizes and other
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews considerations, this file format is platform-dependent;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington 'fast' zone files cannot always be transfered from one
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington server to another.) [RT #25419]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3339. [func] Allow the maximum supported rsa exponent size to be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington specified: "max-rsa-exponent-size <value>;" [RT #29228]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3338. [bug] Address race condition in units tests: asyncload_zone
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and asyncload_zt. [RT #26100]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3337. [bug] Change #3294 broke support for the multiple keys
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington in controls. [RT #29694]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3336. [func] Maintain statistics for RRsets tagged as "stale".
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3335. [func] nslookup: return a nonzero exit code when unable
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to get an answer. [RT #29492]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3334. [bug] Hold a zone table reference while performing a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington asyncronous load of a zone. [RT #28326]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3333. [bug] Setting resolver-query-timeout too low can cause
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews named to not recover if it loses connectivity.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3332. [bug] Re-use cached DS rrsets if possible. [RT #29446]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3331. [security] dns_rdataslab_fromrdataset could produce bad
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews rdataslabs. [RT #29644]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3330. [func] Fix missing signatures on NOERROR results despite
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews RPZ rewriting. Also
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews - add optional "recursive-only yes|no" to the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington response-policy statement
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews - add optional "max-policy-ttl" to the response-policy
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews statement to limit the false data that
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews "recursive-only no" can introduce into
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington resolvers' caches
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews - add a RPZ performance test to bin/tests/system/rpz
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews when queryperf is available.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews - the encoding of PASSTHRU action to "rpz-passthru".
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington (The old encoding is still accepted.)
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3329. [bug] Handle RRSIG signer-name case consistently: We
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington generate RRSIG records with the signer-name in
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews lower case. We accept them with any case, but if
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews they fail to validate, we try again in lower case.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3328. [bug] Fixed inconsistent data checking in dst_parse.c.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3327. [func] Added 'filter-aaaa-on-v6' option; this is similar
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews to 'filter-aaaa-on-v4' but applies to IPv6
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews connections. (Use "configure --enable-filter-aaaa"
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews to enable this option.) [RT #27308]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3326. [func] Added task list statistics: task model, worker
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews threads, quantum, tasks running, tasks ready.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3325. [func] Report cache statistics: memory use, number of
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews nodes, number of hash buckets, hit and miss counts.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3324. [test] Add better tests for ADB stats [RT #27057]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3323. [func] Report the number of buckets the resolver is using.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3322. [func] Monitor the number of active TCP and UDP dispatches.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3321. [func] Monitor the number of recursive fetches and the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington number of open sockets, and report these values in
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews the statistics channel. [RT #27054]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3320. [func] Added support for monitoring of recursing client
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews count. [RT #27009]
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews3319. [func] Added support for monitoring of ADB entry count and
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews hash size. [RT #27057]
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews3318. [tuning] Reduce the amount of work performed while holding a
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews bucket lock when finshed with a fetch context.
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews3317. [func] Add ECDSA support (RFC 6605). [RT #21918]
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews3316. [tuning] Improved locking performance when recursing.
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews3315. [tuning] Use multiple dispatch objects for sending upstream
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews queries; this can improve performance on busy
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews multiprocessor systems by reducing lock contention.
48b492d73ae5328c5efef4b9e0f22063e0ab058aMark Andrews3314. [bug] The masters list could be updated while refesh_callback
48b492d73ae5328c5efef4b9e0f22063e0ab058aMark Andrews and stub_callback were using it. [RT #26732]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3313. [protocol] Add TLSA record type. [RT #28989]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3312. [bug] named-checkconf didn't detect a bad dns64 clients acl.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3311. [bug] Abort the zone dump if zone->db is NULL in
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews zone.c:zone_gotwritehandle. [RT #29028]
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews3310. [test] Increase table size for mutex profiling. [RT #28809]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3309. [bug] resolver.c:fctx_finddone() was not threadsafe.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3308. [placeholder]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3307. [bug] Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3306. [bug] Improve DNS64 reverse zone performance. [RT #28563]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3305. [func] Add wire format lookup method to sdb. [RT #28563]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3304. [bug] Use hmctx, not mctx when freeing rbtdb->heaps.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3303. [bug] named could die when reloading. [RT #28606]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3302. [bug] dns_dnssec_findmatchingkeys could fail to find
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews keys if the zone name contained character that
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews required special mappings. [RT #28600]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3301. [contrib] Update queryperf to build on darwin. Add -R flag
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews for non-recursive queries. [RT #28565]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3300. [bug] Named could die if gssapi was enabled in named.conf
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington but was not compiled in. [RT #28338]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3299. [bug] Make SDB handle errors from database drivers better.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3298. [bug] Named could dereference a NULL pointer in
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews zmgr_start_xfrin_ifquota if the zone was being removed.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3297. [bug] Named could die on a malformed master file. [RT #28467]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3296. [bug] Named could die with a INSIST failure in
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews client.c:exit_check. [RT #28346]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3295. [bug] Adjust isc_time_secondsastimet range check to be more
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews portable. [RT # 26542]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3294. [bug] isccc/cc.c:table_fromwire failed to free alist on
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington error. [RT #28265]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3293. [func] nsupdate: list supported type. [RT #28261]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3292. [func] Log messages in the axfr stream at debug 10.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3291. [port] Fixed a build error on systems without ENOTSUP.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3290. [bug] <isc/hmacsha.h> was not being installed. [RT #28169]
7a6ad11e0185a73984410f3252f3c49c3a301dbdBrian Wellington3289. [bug] 'rndc retransfer' failed for inline zones. [RT #28036]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3288. [bug] dlz_destroy() function wasn't correctly registered
7a6ad11e0185a73984410f3252f3c49c3a301dbdBrian Wellington by the DLZ dlopen driver. [RT #28056]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3287. [port] Update ans.pl to work with Net::DNS 0.68. [RT #28028]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3286. [bug] Managed key maintenance timer could fail to start
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington after 'rndc reconfig'. [RT #26786]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3285. [bug] val-frdataset was incorrectly disassociated in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington proveunsecure after calling startfinddlvsep.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3284. [bug] Address race conditions with the handling of
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3283. [bug] Raw zones with with more than 512 records in a RRset
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington failed to load. [RT #27863]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3282. [bug] Restrict the TTL of NS RRset to no more than that
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews of the old NS RRset when replacing it.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [RT #27792] [RT #27884]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3281. [bug] SOA refresh queries could be treated as cancelled
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews despite succeeding over the loopback interface.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3280. [bug] Potential double free of a rdataset on out of memory
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews with DNS64. [RT #27762]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3279. [bug] Hold a internal reference to the zone while performing
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews a asynchronous load. Address potential memory leak
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews if the asynchronous is cancelled. [RT #27750]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3278. [bug] Make sure automatic key maintenance is started
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson when "auto-dnssec maintain" is turned on during
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson "rndc reconfig". [RT #26805]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3277. [bug] win32: isc_socket_dup is not implemented. [RT #27696]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3276. [bug] win32: ns_os_openfile failed to return NULL on
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews safe_open failure. [RT #27696]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3275. [bug] Corrected rndc -h output; the 'rndc sync -clean'
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington option had been misspelled as '-clear'. (To avoid
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews future confusion, both options now work.) [RT #27173]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3274. [placeholder]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3273. [bug] AAAA responses could be returned in the additional
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews section even when filter-aaaa-on-v4 was in use.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3272. [func] New "rndc zonestatus" command prints information
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews about the specified zone. [RT #21671]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3271. [port] darwin: mksymtbl is not always stable, loop several
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington times before giving up. mksymtbl was using non
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews portable perl to covert 64 bit hex strings. [RT #27653]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington --- 9.9.0rc2 released ---
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3270. [bug] "rndc reload" didn't reuse existing zones correctly
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews when inline-signing was in use. [RT #27650]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3269. [port] darwin 11 and later now built threaded by default.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3268. [bug] Convert RRSIG expiry times to 64 timestamps to work
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews out the earliest expiry time. [RT #23311]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3267. [bug] Memory allocation failures could be mis-reported as
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews unexpected error. New ISC_R_UNSET result code.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3266. [bug] The maximum number of NSEC3 iterations for a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington DNSKEY RRset was not being properly computed.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3265. [bug] Corrected a problem with lock ordering in the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews inline-signing code. [RT #27557]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3264. [bug] Automatic regeneration of signatures in an
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews inline-signing zone could stall when the server
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington was restarted. [RT #27344]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3263. [bug] "rndc sync" did not affect the unsigned side of an
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews inline-signing zone. [RT #27337]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3262. [bug] Signed responses were handled incorrectly by RPZ.
53aed64e0f8553762fc0c380ee41cb42f514c7d5Brian Wellington3261. [func] RRset ordering now defaults to random. [RT #27174]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3260. [bug] "rrset-order cyclic" could appear not to rotate
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews for some query patterns. [RT #27170/27185]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews --- 9.9.0rc1 released ---
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3259. [bug] named-compilezone: Suppress "dump zone to <file>"
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews message when writing to stdout. [RT #27109]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3258. [test] Add "forcing full sign with unreadable keys" test.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3257. [bug] Do not generate a error message when calling fsync()
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews in a pipe or socket. [RT #27109]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3256. [bug] Disable empty zones for lwresd -C. [RT #27139]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3255. [func] No longer require that a empty zones be explicitly
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews enabled or that a empty zone is disabled for
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington RFC 1918 empty zones to be configured. [RT #27139]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3254. [bug] Set isc_socket_ipv6only() on the IPv6 control channels.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3253. [bug] Return DNS_R_SYNTAX when the input to a text field is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington too long. [RT #26956]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3252. [bug] When master zones using inline-signing were
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews updated while the server was offline, the source
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews zone could fall out of sync with the signed
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews copy. They can now resynchronize. [RT #26676]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3251. [bug] Enforce a upper bound (65535 bytes) on the amount of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington memory dns_sdlz_putrr() can allocate per record to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington prevent run away memory consumption on ISC_R_NOSPACE.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3250. [func] 'configure --enable-developer'; turn on various
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews configure options, normally off by default, that
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews we want developers to build and test with. [RT #27103]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3249. [bug] Update log message when saving slave zones files for
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews analysis after load failures. [RT #27087]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3248. [bug] Configure options --enable-fixed-rrset and
73eb75dc212911e4da58a3ce0a4672d3910193ebBrian Wellington --enable-exportlib were incompatible with each
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews other. [RT #27087]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3247. [bug] 'raw' format zones failed to preserve load order
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews breaking 'fixed' sort order. [RT #27087]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3246. [bug] Named failed to start with a empty also-notify list.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3245. [bug] Don't report a error unchanged serials unless there
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews were other changes when thawing a zone with
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews ixfr-fromdifferences. [RT #26845]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3244. [func] Added readline support to nslookup and nsupdate.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews Also simplified nsupdate syntax to make "update"
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews and "prereq" optional. [RT #24659]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3243. [port] freebsd,netbsd,bsdi: the thread defaults were not
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews being properly set.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3242. [func] Extended the header of raw-format master files to
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews include the serial number of the zone from which
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews they were generated, if different (as in the case
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews of inline-signing zones). This is to be used in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington inline-signing zones, to track changes between the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington unsigned and signed versions of the zone, which may
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington have different serial numbers.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (Note: raw zonefiles generated by this version of
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews BIND are no longer compatble with prior versions.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews To generate a backward-compatible raw zonefile
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington using dnssec-signzone or named-compilezone, specify
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews output format "raw=0" instead of simply "raw".)
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3241. [bug] Address race conditions in the resolver code.
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson3240. [bug] DNSKEY state change events could be missed. [RT #26874]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3239. [bug] dns_dnssec_findmatchingkeys needs to use a consistent
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson timestamp. [RT #26883]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3238. [bug] keyrdata was not being reinitialized in
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews lib/dns/rbtdb.c:iszonesecure. [RT#26913]
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson3237. [bug] dig -6 didn't work with +trace. [RT #26906]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3236. [bug] Backed out changes #3182 and #3202, related to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington EDNS(0) fallback behavior. [RT #26416]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3235. [func] dns_db_diffx, a extended dns_db_diff which returns
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews the generated diff and optionally writes it to a
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews journal. [RT #26386]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3234. [bug] 'make depend' produced invalid makefiles. [RT #26830]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3233. [bug] 'rndc freeze/thaw' didn't work for inline zones.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3232. [bug] Zero zone->curmaster before return in
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews dns_zone_setmasterswithkeys(). [RT #26732]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3231. [bug] named could fail to send a uncompressable zone.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3230. [bug] 'dig axfr' failed to properly handle a multi-message
99f467f016d9354c7548b7d24b65ac986b118a52Andreas Gustafsson axfr with a serial of 0. [RT #26796]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3229. [bug] Fix local variable to struct var assignment
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews found by CLANG warning.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3228. [tuning] Dynamically grow symbol table to improve zone
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews loading performance. [RT #26523]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3227. [bug] Interim fix to make WKS's use of getprotobyname()
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews and getservbyname() self thread safe. [RT #26232]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3226. [bug] Address minor resource leakages. [RT #26624]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3225. [bug] Silence spurious "setsockopt(517, IPV6_V6ONLY) failed"
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews messages. [RT #26507]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3224. [bug] 'rndc signing' argument parsing was broken. [RT #26684]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3223. [bug] 'task_test privilege_drop' generated false positives.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3222. [cleanup] Replace dns_journal_{get,set}_bitws with
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews dns_journal_{get,set}_sourceserial. [RT #26634]
832cebe0cbc843785897f1c124ae54958028c4e7Mark Andrews3221. [bug] Fixed a potential coredump on shutdown due to
832cebe0cbc843785897f1c124ae54958028c4e7Mark Andrews referencing fetch context after it's been freed.
832cebe0cbc843785897f1c124ae54958028c4e7Mark Andrews --- 9.9.0b2 released ---
832cebe0cbc843785897f1c124ae54958028c4e7Mark Andrews3220. [bug] Change #3186 was incomplete; dns_db_rpz_findips()
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews could fail to set the database version correctly,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews causing an assertion failure. [RT #26180]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3219. [bug] Disable NOEDNS caching following a timeout.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3218. [security] Cache lookup could return RRSIG data associated with
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington nonexistent records, leading to an assertion
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews failure. [RT #26590]
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews3217. [cleanup] Fix build problem with --disable-static. [RT #26476]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3215. [bug] 'rndc recursing' could cause a core dump. [RT #26495]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3214. [func] Add 'named -U' option to set the number of UDP
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews listener threads per interface. [RT #26485]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3213. [doc] Clarify ixfr-from-differences behavior. [RT #25188]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3212. [bug] rbtdb.c: failed to remove a node from the deadnodes
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson list prior to adding a reference to it leading a
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson possible assertion failure. [RT #23219]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3211. [func] dnssec-signzone: "-f -" prints to stdout; "-O full"
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews option prints in single-line-per-record format.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3210. [bug] Canceling the oldest query due to recursive-client
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson overload could trigger an assertion failure. [RT #26463]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3209. [func] Add "dnssec-lookaside 'no'". [RT #24858]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3208. [bug] 'dig -y' handle unknown tsig alorithm better.
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews3207. [contrib] Fixed build error in Berkeley DB DLZ module. [RT #26444]
ca12f7f4cf72e2368ee946f3eb4915ab73576cdcMark Andrews3206. [cleanup] Add ISC information to log at start time. [RT #25484]
fca6550a9766fe9b0e203ff91399fae4ef3f4030Mark Andrews3205. [func] Upgrade dig's defaults to better reflect modern
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews nameserver behaviour. Enable "dig +adflag" and
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews "dig +edns=0" by default. Enable "+dnssec" when
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews running "dig +trace". [RT #23497]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3204. [bug] When a master server that has been marked as
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington unreachable sends a NOTIFY, mark it reachable
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews again. [RT #25960]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3203. [bug] Increase log level to 'info' for validation failures
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews from expired or not-yet-valid RRSIGs. [RT #21796]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3202. [bug] NOEDNS caching on timeout was too agressive.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3201. [func] 'rndc querylog' can now be given an on/off parameter
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews instead of only being used as a toggle. [RT #18351]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3200. [doc] Some rndc functions were undocumented or were
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews missing from 'rndc -h' output. [RT #25555]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3199. [func] When logging client information, include the name
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews being queried. [RT #25944]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3198. [doc] Clarified that dnssec-settime can alter keyfile
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews permissions. [RT #24866]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3197. [bug] Don't try to log the filename and line number when
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the config parser can't open a file. [RT #22263]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3196. [bug] nsupdate: return nonzero exit code when target zone
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews doesn't exist. [RT #25783]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3195. [cleanup] Silence "file not found" warnings when loading
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews managed-keys zone. [RT #26340]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3194. [doc] Updated RFC references in the 'empty-zones-enable'
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews documentation. [RT #25203]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3193. [cleanup] Changed MAXZONEKEYS to DNS_MAXZONEKEYS, moved to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3192. [bug] A query structure could be used after being freed.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3191. [bug] Print NULL records using "unknown" format. [RT #26392]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3190. [bug] Underflow in error handling in isc_mutexblock_init.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3189. [test] Added a summary report after system tests. [RT #25517]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3188. [bug] zone.c:zone_refreshkeys() could fail to detach
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews references correctly when errors occurred, causing
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews a hang on shutdown. [RT #26372]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3187. [port] win32: support for Visual Studio 2008. [RT #26356]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews --- 9.9.0b1 released ---
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3186. [bug] Version/db mis-match in rpz code. [RT #26180]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3185. [func] New 'rndc signing' option for auto-dnssec zones:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews - 'rndc signing -list' displays the current
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews state of signing operations
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews - 'rndc signing -clear' clears the signing state
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews records for keys that have fully signed the zone
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews - 'rndc signing -nsec3param' sets the NSEC3
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews parameters for the zone
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The 'rndc keydone' syntax is removed. [RT #23729]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3184. [bug] named had excessive cpu usage when a redirect zone was
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews configured. [RT #26013]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3183. [bug] Added RTLD_GLOBAL flag to dlopen call. [RT #26301]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3182. [bug] Auth servers behind firewalls which block packets
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews greater than 512 bytes may cause other servers to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews perform poorly. Now, adb retains edns information
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews and caches noedns servers. [RT #23392/24964]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3181. [func] Inline-signing is now supported for master zones.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3180. [func] Local copies of slave zones are now saved in raw
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews format by default, to improve startup performance.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews 'masterfile-format text;' can be used to override
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the default, if desired. [RT #25867]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3179. [port] kfreebsd: build issues. [RT #26273]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3178. [bug] A race condition introduced by change #3163 could
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews cause an assertion failure on shutdown. [RT #26271]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3177. [func] 'rndc keydone', remove the indicator record that
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews named has finished signing the zone with the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews corresponding key. [RT #26206]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3176. [doc] Corrected example code and added a README to the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sample external DLZ module in contrib/dlz/example.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3175. [bug] Fix how DNSSEC positive wildcard responses from a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews NSEC3 signed zone are validated. Stop sending a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews unnecessary NSEC3 record when generating such
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews responses. [RT #26200]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3174. [bug] Always compute to revoked key tag from scratch.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3173. [port] Correctly validate root DS responses. [RT #25726]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3172. [port] darwin 10.* and freebsd [89] are now built threaded by
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3171. [bug] Exclusively lock the task when adding a zone using
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews 'rndc addzone'. [RT #25600]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews --- 9.9.0a3 released ---
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3170. [func] RPZ update:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews - fix precedence among competing rules
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews - improve ARM text including documenting rule precedence
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews - try to rewrite CNAME chains until first hit
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews - new "rpz" logging channel
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews - RDATA for CNAME rules can include wildcards
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews - replace "NO-OP" named.conf policy override with
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews "PASSTHRU" and add "DISABLED" override ("NO-OP"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews is still recognized)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3169. [func] Catch db/version mis-matches when calling dns_db_*().
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3168. [bug] Nxdomain redirection could trigger an assert with
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews a ANY query. [RT #26017]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3167. [bug] Negative answers from forwarders were not being
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews correctly tagged making them appear to not be cached.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3166. [bug] Upgrading a zone to support inline-signing failed.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3165. [bug] dnssec-signzone could generate new signatures when
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews resigning, even when valid signatures were already
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews present. [RT #26025]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3164. [func] Enable DLZ modules to retrieve client information,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews so that responses can be changed depending on the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews source address of the query. [RT #25768]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3163. [bug] Use finer-grained locking in client.c to address
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews concurrency problems with large numbers of threads.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3162. [test] start.pl: modified to allow for "named.args" in
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews ns*/ subdirectory to override stock arguments to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews named. Largely from RT#26044, but no separate ticket.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3161. [bug] zone.c:del_sigs failed to always reset rdata leading
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews assertion failures. [RT #25880]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3160. [bug] When printing out a NSEC3 record in multiline form
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the newline was not being printed causing type codes
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews to be run together. [RT #25873]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3159. [bug] On some platforms, named could assert on startup
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews when running in a chrooted environment without
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews /proc. [RT #25863]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3158. [bug] Recursive servers would prefer a particular UDP
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews socket instead of using all available sockets.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3157. [tuning] Reduce the time spent in "rndc reconfig" by parsing
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the config file before pausing the server. [RT #21373]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3156. [placeholder]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews --- 9.9.0a2 released ---
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3155. [bug] Fixed a build failure when using contrib DLZ
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews drivers (e.g., mysql, postgresql, etc). [RT #25710]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3154. [bug] Attempting to print an empty rdataset could trigger
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews an assert. [RT #25452]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3153. [func] Extend request-ixfr to zone level and remove the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews side effect of forcing an AXFR. [RT #25156]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3152. [cleanup] Some versions of gcc and clang failed due to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews incorrect use of __builtin_expect. [RT #25183]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3151. [bug] Queries for type RRSIG or SIG could be handled
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews incorrectly. [RT #21050]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3150. [func] Improved startup and reconfiguration time by
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews enabling zones to load in multiple threads. [RT #25333]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3149. [placeholder]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3148. [bug] Processing of normal queries could be stalled when
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews forwarding a UPDATE message. [RT #24711]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3147. [func] Initial inline signing support. [RT #23657]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews --- 9.9.0a1 released ---
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3146. [test] Fixed gcc4.6.0 errors in ATF. [RT #25598]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3145. [test] Capture output of ATF unit tests in "./atf.out" if
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews there were any errors while running them. [RT #25527]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3144. [bug] dns_dbiterator_seek() could trigger an assert when
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews used with a nonexistent database node. [RT #25358]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3143. [bug] Silence clang compiler warnings. [RT #25174]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3142. [bug] NAPTR is class agnostic. [RT #25429]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3141. [bug] Silence spurious "zone serial (0) unchanged" messages
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews associated with empty zones. [RT #25079]
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews3140. [func] New command "rndc flushtree <name>" clears the
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews specified name from the server cache along with
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews all names under it. [RT #19970]
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews3139. [test] Added tests from RFC 6234, RFC 2202, and RFC 1321
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews for the hashing algorithms (md5, sha1 - sha512, and
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews their hmac counterparts). [RT #25067]
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews3138. [bug] Address memory leaks and out-of-order operations when
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews shutting named down. [RT #25210]
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews3137. [func] Improve hardware scalability by allowing multiple
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews worker threads to process incoming UDP packets.
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews This can significantly increase query throughput
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews on some systems. [RT #22992]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson3136. [func] Add RFC 1918 reverse zones to the list of built-in
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson empty zones switched on by the 'empty-zones-enable'
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson option. [RT #24990]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson See http://www.freebsd.org/cgi/query-pr.cgi?pr=158307
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews3134. [bug] Improve the accuracy of dnssec-signzone's signing
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews statistics. [RT #16030]
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews3133. [bug] Change #3114 was incomplete. [RT #24577]
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews3132. [placeholder]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3131. [tuning] Improve scalability by allocating one zone task
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews per 100 zones at startup time, rather than using a
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews fixed-size task table. [RT #24406]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3130. [func] Support alternate methods for managing a dynamic
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews zone's serial number. Two methods are currently
da93950363b307b718d156514b95b9df93a63776Mark Andrews defined using serial-update-method, "increment"
da93950363b307b718d156514b95b9df93a63776Mark Andrews (default) and "unixtime". [RT #23849]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3129. [bug] Named could crash on 'rndc reconfig' when
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews allow-new-zones was set to yes and named ACLs
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews were used. [RT #22739]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3128. [func] Inserting an NSEC3PARAM via dynamic update in an
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews auto-dnssec zone that has not been signed yet
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews will cause it to be signed with the specified NSEC3
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews parameters when keys are activated. The
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington NSEC3PARAM record will not appear in the zone until
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews it is signed, but the parameters will be stored.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3127. [bug] 'rndc thaw' will now remove a zone's journal file
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews if the zone serial number has been changed and
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews ixfr-from-differences is not in use. [RT #24687]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3126. [security] Using DNAME record to generate replacements caused
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews RPZ to exit with a assertion failure. [RT #24766]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3125. [security] Using wildcard CNAME records as a replacement with
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews RPZ caused named to exit with a assertion failure.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3124. [bug] Use an rdataset attribute flag to indicate
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington negative-cache records rather than using rrtype 0;
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews this will prevent problems when that rrtype is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington used in actual DNS packets. [RT #24777]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3123. [security] Change #2912 exposed a latent flaw in
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews dns_rdataset_totext() that could cause named to
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews crash with an assertion failure. [RT #24777]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3121. [security] An authoritative name server sending a negative
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews response containing a very large RRset could
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews trigger an off-by-one error in the ncache code
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews and crash named. [RT #24650]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3120. [bug] Named could fail to validate zones listed in a DLV
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews that validated insecure without using DLV and had
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews DS records in the parent zone. [RT #24631]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3119. [bug] When rolling to a new DNSSEC key, a private-type
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews record could be created and never marked complete.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3118. [bug] nsupdate could dump core on shutdown when using
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews SIG(0) keys. [RT #24604]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3117. [cleanup] Remove doc and parser references to the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews never-implemented 'auto-dnssec create' option.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3116. [func] New 'dnssec-update-mode' option controls updates
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews of DNSSEC records in signed dynamic zones. Set to
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews 'no-resign' to disable automatic RRSIG regeneration
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews while retaining the ability to sign new or changed
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews data. [RT #24533]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3115. [bug] Named could fail to return requested data when
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews following a CNAME that points into the same zone.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3114. [bug] Retain expired RRSIGs in dynamic zones if key is
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews inactive and there is no replacement key. [RT #23136]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3113. [doc] Document the relationship between serial-query-rate
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews and NOTIFY messages.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3112. [doc] Add missing descriptions of the update policy name
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington types "ms-self", "ms-subdomain", "krb5-self" and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington "krb5-subdomain", which allow machines to update
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington their own records, to the BIND 9 ARM.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3111. [bug] Improved consistency checks for dnssec-enable and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington dnssec-validation, added test cases to the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington checkconf system test. [RT #24398]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3110. [bug] dnssec-signzone: Wrong error message could appear
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews when attempting to sign with no KSK. [RT #24369]
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews3109. [func] The also-notify option now uses the same syntax
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews as a zone's masters clause. This means it is
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews now possible to specify a TSIG key to use when
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews sending notifies to a given server, or to include
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews an explicit named masters list in an also-notfiy
6c68e68fc550c947100581eb7b5340b81c062c94Andreas Gustafsson statement. [RT #23508]
6c68e68fc550c947100581eb7b5340b81c062c94Andreas Gustafsson3108. [cleanup] dnssec-signzone: Clarified some error and
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews warning messages; removed #ifdef ALLOW_KSKLESS_ZONES
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington code (use -P instead). [RT #20852]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3107. [bug] dnssec-signzone: Report the correct number of ZSKs
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews when using -x. [RT #20852]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews3106. [func] When logging client requests, include the name of
7a6ad11e0185a73984410f3252f3c49c3a301dbdBrian Wellington the TSIG key if any. [RT #23619]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson3105. [bug] GOST support can be suppressed by "configure
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson --without-gost" [RT #24367]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3104. [bug] Better support for cross-compiling. [RT #24367]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3103. [bug] Configuring 'dnssec-validation auto' in a view
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews instead of in the options statement could trigger
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews an assertion failure in named-checkconf. [RT #24382]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3102. [func] New 'dnssec-loadkeys-interval' option configures
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews how often, in minutes, to check the key repository
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews for updates when using automatic key maintenance.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews Default is every 60 minutes (formerly hard-coded
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews to 12 hours). [RT #23744]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3101. [bug] Zones using automatic key maintenance could fail
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews to check the key repository for updates. [RT #23744]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3100. [security] Certain response policy zone configurations could
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews trigger an INSIST when receiving a query of type
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews RRSIG. [RT #24280]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson3099. [test] "dlz" system test now runs but gives R:SKIPPED if
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews not compiled with --with-dlz-filesystem. [RT #24146]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3098. [bug] DLZ zones were answering without setting the AA bit.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3097. [test] Add a tool to test handling of malformed packets.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson3096. [bug] Set KRB5_KTNAME before calling log_cred() in
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews dst_gssapi_acceptctx(). [RT #24004]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3095. [bug] Handle isolated reserved ports in the port range.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3094. [doc] Expand dns64 documentation.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3093. [bug] Fix gssapi/kerberos dependencies [RT #23836]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3092. [bug] Signatures for records at the zone apex could go
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews stale due to an incorrect timer setting. [RT #23769]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3091. [bug] Fixed a bug in which zone keys that were published
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews and then subsequently activated could fail to trigger
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews automatic signing. [RT #22911]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3090. [func] Make --with-gssapi default [RT #23738]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3089. [func] dnssec-dsfromkey now supports reading keys from
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews standard input "dnssec-dsfromkey -f -". [RT# 20662]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews and add setup.sh in order to resolve changing
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson named.conf issue. [RT #23687]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3087. [bug] DDNS updates using SIG(0) with update-policy match
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews type "external" could cause a crash. [RT #23735]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3086. [bug] Running dnssec-settime -f on an old-style key will
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews now force an update to the new key format even if no
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews other change has been specified, using "-P now -A now"
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews as default values. [RT #22474]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3085. [func] New '-R' option in dnssec-signzone forces removal
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews of signatures which have not yet expired but
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews were generated by a key that no longer exists.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3084. [func] A new command "rndc sync" dumps pending changes in
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews a dynamic zone to disk; "rndc sync -clean" also
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson removes the journal file after syncing. Also,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews "rndc freeze" no longer removes journal files.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3083. [bug] NOTIFY messages were not being sent when generating
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews a NSEC3 chain incrementally. [RT #23702]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3082. [port] strtok_r is threads only. [RT #23747]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3081. [bug] Failure of DNAME substitution did not return
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews YXDOMAIN. [RT #23591]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3080. [cleanup] Replaced compile time constant by STDTIME_ON_32BITS.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3079. [bug] Handle isc_event_allocate failures in t_tasks.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3078. [func] Added a new include file with function typedefs
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews for the DLZ "dlopen" driver. [RT #23629]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3077. [bug] zone.c:zone_refreshkeys() incorrectly called
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews dns_zone_attach(), use zone->irefs instead. [RT #23303]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews dnssec-keyfromlabel sets the default TTL of the
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews key. When possible, automatic signing will use that
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews TTL when the key is published. [RT #23304]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistant
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews timestamp when determining which keys are active.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3074. [bug] Make the adb cache read through for zone data and
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews glue learn for zone named is authoritative for.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3073. [bug] managed-keys changes were not properly being recorded.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3071. [bug] has_nsec could be used unintialised in
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews update.c:next_active. [RT #20256]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3070. [bug] dnssec-signzone potential NULL pointer dereference.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3069. [cleanup] Silence warnings messages from clang static analysis.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3068. [bug] Named failed to build with a OpenSSL without engine
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews support. [RT #23473]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3067. [bug] ixfr-from-differences {master|slave}; failed to
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews select the master/slave zones. [RT #23580]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3066. [func] The DLZ "dlopen" driver is now built by default,
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews no longer requiring a configure option. To
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews disable it, use "configure --without-dlopen".
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews Driver also supported on win32. [RT #23467]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3065. [bug] RRSIG could have time stamps too far in the future.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3064. [bug] powerpc: add sync instructions to the end of atomic
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews operations. [RT #23469]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3063. [contrib] More verbose error reporting from DLZ LDAP. [RT #23402]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3062. [func] Made several changes to enhance human readability
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson of DNSSEC data in dig output and in generated
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews - DNSKEY record comments are more verbose, no
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews longer used in multiline mode only
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews - multiline RRSIG records reformatted
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews - multiline output mode for NSEC3PARAM records
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews - "dig +norrcomments" suppresses DNSKEY comments
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews - "dig +split=X" breaks hex/base64 records into
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews fields of width X; "dig +nosplit" disables this.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3061. [func] New option "dnssec-signzone -D", only write out
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews generated DNSSEC records. [RT #22896]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3060. [func] New option "dnssec-signzone -X <date>" allows
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews specification of a separate expiration date
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews for DNSKEY RRSIGs and other RRSIGs. [RT #22141]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3059. [test] Added a regression test for change #3023.
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews3058. [bug] Cause named to terminate at startup or rndc reconfig/
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews reload to fail, if a log file specified in the conf
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews file isn't a plain file. [RT #22771]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3057. [bug] "rndc secroots" would abort after the first error
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews and so could miss some views. [RT #23488]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3056. [func] Added support for URI resource record. [RT #23386]
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews3055. [placeholder]
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews3054. [bug] Added elliptic curve support check in
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews GOST OpenSSL engine detection. [RT #23485]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson3053. [bug] Under a sustained high query load with a finite
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson max-cache-size, it was possible for cache memory
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews to be exhausted and not recovered. [RT #23371]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3052. [test] Fixed last autosign test report. [RT #23256]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3051. [bug] NS records obsure DNAME records at the bottom of the
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews zone if both are present. [RT #23035]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews3050. [bug] The autosign system test was timing dependent.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews Wait for the initial autosigning to complete
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews before running the rest of the test. [RT #23035]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3049. [bug] Save and restore the gid when creating creating
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews named.pid at startup. [RT #23290]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson3048. [bug] Fully separate view key mangement. [RT #23419]
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews3047. [bug] DNSKEY NODATA responses not cached fixed in
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews validator.c. Tests added to dnssec system test.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3046. [bug] Use RRSIG original TTL to compute validated RRset
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson and RRSIG TTL. [RT #23332]
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews3045. [removed] Replaced by change #3050.
39afe995c2bc1790061312b48ee294fd4907439fMark Andrews3044. [bug] Hold the socket manager lock while freeing the socket.
39afe995c2bc1790061312b48ee294fd4907439fMark Andrews3043. [test] Merged in the NetBSD ATF test framework (currently
39afe995c2bc1790061312b48ee294fd4907439fMark Andrews version 0.12) for development of future unit tests.
39afe995c2bc1790061312b48ee294fd4907439fMark Andrews Use configure --with-atf to build ATF internally
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews or configure --with-atf=prefix to use an external
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews copy. [RT #23209]
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews3042. [bug] dig +trace could fail attempting to use IPv6
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews addresses on systems with only IPv4 connectivity.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3041. [bug] dnssec-signzone failed to generate new signatures on
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson ttl changes. [RT #23330]
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews3040. [bug] Named failed to validate insecure zones where a node
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews with a CNAME existed between the trust anchor and the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews top of the zone. [RT #23338]
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews3039. [func] Redirect on NXDOMAIN support. [RT #23146]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3038. [bug] Install <dns/rpz.h>. [RT #23342]
f345258dabf4e8ad8a1573c56810f52fca50f5d4Mark Andrews3037. [doc] Update COPYRIGHT to contain all the individual
f345258dabf4e8ad8a1573c56810f52fca50f5d4Mark Andrews copyright notices that cover various parts.
f345258dabf4e8ad8a1573c56810f52fca50f5d4Mark Andrews3036. [bug] Check built-in zone arguments to see if the zone
f345258dabf4e8ad8a1573c56810f52fca50f5d4Mark Andrews is re-usable or not. [RT #21914]
f345258dabf4e8ad8a1573c56810f52fca50f5d4Mark Andrews3035. [cleanup] Simplify by using strlcpy. [RT #22521]
f345258dabf4e8ad8a1573c56810f52fca50f5d4Mark Andrews3034. [cleanup] nslookup: use strlcpy instead of safecopy. [RT #22521]
f345258dabf4e8ad8a1573c56810f52fca50f5d4Mark Andrews3033. [cleanup] Add two INSIST(bucket != DNS_ADB_INVALIDBUCKET).
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews3031. [bug] dns_rdataclass_format() handle a zero sized buffer.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3030. [bug] dns_rdatatype_format() handle a zero sized buffer.
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews3029. [bug] isc_netaddr_format() handle a zero sized buffer.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3028. [bug] isc_sockaddr_format() handle a zero sized buffer.
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews3027. [bug] Add documented REQUIREs to cfg_obj_asnetprefix() to
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews catch NULL pointer dereferences before they happen.
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews3026. [bug] lib/isc/httpd.c: check that we have enough space
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews after calling grow_headerspace() and if not
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews re-call grow_headerspace() until we do. [RT #22521]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3025. [bug] Fixed a possible deadlock due to zone resigning.
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews3024. [func] RTT Banding removed due to minor security increase
4e6b8a18ff7dd22797970208060cca9f99f54dafAndreas Gustafsson but major impact on resolver latency. [RT #23310]
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews3023. [bug] Named could be left in an inconsistent state when
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews receiving multiple AXFR response messages that were
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews not all TSIG-signed. [RT #23254]
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews3022. [bug] Fixed rpz SERVFAILs after failed zone transfers
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3021. [bug] Change #3010 was incomplete. [RT #22296]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson3020. [bug] auto-dnssec failed to correctly update the zone when
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews changing the DNSKEY RRset. [RT #23232]
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews3019. [test] Test: check apex NSEC3 records after adding DNSKEY
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews record via UPDATE. [RT #23229]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3018. [bug] Named failed to check for the "none;" acl when deciding
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson if a zone may need to be re-signed. [RT #23120]
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews3017. [doc] dnssec-keyfromlabel -I was not properly documented.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3016. [bug] rndc usage missing '-b'. [RT #22937]
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews3015. [port] win32: fix IN6_IS_ADDR_LINKLOCAL and
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews IN6_IS_ADDR_SITELOCAL macros. [RT #22724]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3014. [placeholder]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson3013. [bug] The DNS64 ttl was not always being set as expected.
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews3012. [bug] Remove DNSKEY TTL change pairs before generating
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews signing records for any remaining DNSKEY changes.
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews3011. [func] Change the default query timeout from 30 seconds
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews to 10. Allow setting this in named.conf using the new
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews 'resolver-query-timeout' option, which specifies a max
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews time in seconds. 0 means 'default' and anything longer
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson than 30 will be silently set to 30. [RT #22852]
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews3010. [bug] Fixed a bug where "rndc reconfig" stopped the timer
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews for refreshing managed-keys. [RT #22296]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson3009. [bug] clients-per-query code didn't work as expected with
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews particular query patterns. [RT #22972]
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews --- 9.8.0b1 released ---
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3008. [func] Response policy zones (RPZ) support. [RT #21726]
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews3007. [bug] Named failed to preserve the case of domain names in
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews rdata which is not compressible when writing master
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews files. [RT #22863]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3006. [func] Allow dynamically generated TSIG keys to be preserved
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews across restarts of named. Initially this is for
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson TSIG keys generated using GSSAPI. [RT #22639]
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews3005. [port] Solaris: Work around the lack of
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews gsskrb5_register_acceptor_identity() by setting
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews the KRB5_KTNAME environment variable to the
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews contents of tkey-gssapi-keytab. Also fixed
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews test errors on MacOSX. [RT #22853]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3004. [func] DNS64 reverse support. [RT #22769]
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews3003. [experimental] Added update-policy match type "external",
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews enabling named to defer the decision of whether to
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews allow a dynamic update to an external daemon.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews (Contributed by Andrew Tridgell.) [RT #22758]
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews3002. [bug] isc_mutex_init_errcheck() failed to destroy attr.
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews3001. [func] Added a default trust anchor for the root zone, which
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews can be switched on by setting "dnssec-validation auto;"
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews in the named.conf options. [RT #21727]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson3000. [bug] More TKEY/GSS fixes:
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews - nsupdate can now get the default realm from
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews the user's Kerberos principal
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews - corrected gsstest compilation flags
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews - improved documentation
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson - fixed some NULL dereferences
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews2999. [func] Add GOST support (RFC 5933). [RT #20639]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews2998. [func] Add isc_task_beginexclusive and isc_task_endexclusive
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews to the task api. [RT #22776]
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews2997. [func] named -V now reports the OpenSSL and libxml2 verions
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews it was compiled against. [RT #22687]
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews2996. [security] Temporarily disable SO_ACCEPTFILTER support.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson2995. [bug] The Kerberos realm was not being correctly extracted
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews from the signer's identity. [RT #22770]
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews2994. [port] NetBSD: use pthreads by default on NetBSD >= 5.0, and
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews do not use threads on earlier versions. Also kill
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews the unproven-pthreads, mit-pthreads, and ptl2 support.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews2993. [func] Dynamically grow adb hash tables. [RT #21186]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson2992. [contrib] contrib/check-secure-delegation.pl: A simple tool
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews for looking at a secure delegation. [RT #22059]
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews dynamic zones. [RT #22365]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson2990. [bug] 'dnssec-settime -S' no longer tests prepublication
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews interval validity when the interval is set to 0.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews2989. [func] Added support for writable DLZ zones. (Contributed
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews by Andrew Tridgell of the Samba project.) [RT #22629]
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews of external DLZ drivers that can be loaded as
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews shared objects at runtime rather than linked with
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews named. Currently this is switched on via a
ca12f7f4cf72e2368ee946f3eb4915ab73576cdcMark Andrews compile-time option, "configure --with-dlz-dlopen".
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews Note: the syntax for configuring DLZ zones
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews is likely to be refined in future releases.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson (Contributed by Andrew Tridgell of the Samba
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews project.) [RT #22629]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews2987. [func] Improve ease of configuring TKEY/GSS updates by
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews adding a "tkey-gssapi-keytab" option. If set,
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews updates will be allowed with any key matching
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews a principal in the specified keytab file.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews "tkey-gssapi-credential" is no longer required
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews and is expected to be deprecated. (Contributed
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews by Andrew Tridgell of the Samba project.)
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews2986. [func] Add new zone type "static-stub". It's like a stub
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews zone, but the nameserver names and/or their IP
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews addresses are statically configured. [RT #21474]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews2985. [bug] Add a regression test for change #2896. [RT #21324]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews2984. [bug] Don't run MX checks when the target of the MX record
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews is ".". [RT #22645]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2983. [bug] Include "loadkeys" in rndc help output. [RT #22493]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews --- 9.8.0a1 released ---
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2982. [bug] Reference count dst keys. dst_key_attach() can be used
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews increment the reference count.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews Note: dns_tsigkey_createfromkey() callers should now
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews always call dst_key_free() rather than setting it
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews to NULL on success. [RT #22672]
10640b2e3efc7bc8034108136d7487f7407fbf37Andreas Gustafsson2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews2980. [bug] named didn't properly handle UPDATES that changed the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews TTL of the NSEC3PARAM RRset. [RT #22363]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews2979. [bug] named could deadlock during shutdown if two
036b375184c14c1b12bd347c1f920278970f3f41Mark Andrews "rndc stop" commands were issued at the same
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews time. [RT #22108]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington2978. [port] hpux: look for <devpoll.h> [RT #21919]
ca12f7f4cf72e2368ee946f3eb4915ab73576cdcMark Andrews2977. [bug] 'nsupdate -l' report if the session key is missing.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2976. [bug] named could die on exit after negotiating a GSS-TSIG
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews key. [RT #22573]
6274add733f4a16dfef4455dafb71a6a4721a0dfMark Andrews2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
fca6550a9766fe9b0e203ff91399fae4ef3f4030Mark Andrews wrong lock which could lead to server deadlock.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2974. [bug] Some valid UPDATE requests could fail due to a
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews consistency check examining the existing version
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews of the zone rather than the new version resulting
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews from the UPDATE. [RT #22413]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2973. [bug] bind.keys.h was being removed by the "make clean"
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews at the end of configure resulting in build failures
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews where there is very old version of perl installed.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews Move it to "make maintainer-clean". [RT #22230]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2972. [bug] win32: address windows socket errors. [RT #21906]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2971. [bug] Fixed a bug that caused journal files not to be
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews compacted on Windows systems as a result of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington non-POSIX-compliant rename() semantics. [RT #22434]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington2970. [security] Adding a NO DATA negative cache entry failed to clear
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews any matching RRSIG records. A subsequent lookup of
7fa947fc828e282156744ade7cdcd2ce7a708ff9Mark Andrews of NO DATA cache entry could trigger a INSIST when the
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews unexpected RRSIG was also returned with the NO DATA
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews cache entry.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews CVE-2010-3613, VU#706148. [RT #22288]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2969. [security] Fix acl type processing so that allow-query works
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews in options and view statements. Also add a new
7c40ffd67bd1e73907f83a79a6ff8c635f4a4a74Mark Andrews set of tests to verify proper functioning.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews CVE-2010-3615, VU#510208. [RT #22418]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2968. [security] Named could fail to prove a data set was insecure
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews before marking it as insecure. One set of conditions
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews that can trigger this occurs naturally when rolling
7c40ffd67bd1e73907f83a79a6ff8c635f4a4a74Mark Andrews DNSKEY algorithms.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews CVE-2010-3614, VU#837744. [RT #22309]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2967. [bug] 'host -D' now turns on debugging messages earlier.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2966. [bug] isc_print_vsnprintf() failed to check if there was
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews space available in the buffer when adding a left
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews justified character with a non zero width,
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews (e.g. "%-1c"). [RT #22270]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2965. [func] Test HMAC functions using test data from RFC 2104 and
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews RFC 4634. [RT #21702]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2964. [placeholder]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2963. [security] The allow-query acl was being applied instead of the
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews allow-query-cache acl to cache lookups. [RT #22114]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2962. [port] win32: add more dependencies to BINDBuild.dsw.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2961. [bug] Be still more selective about the non-authoritative
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews answers we apply change 2748 to. [RT #22074]
ca12f7f4cf72e2368ee946f3eb4915ab73576cdcMark Andrews2960. [func] Check that named accepts non-authoritative answers.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2959. [func] Check that named starts with a missing masterfile.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2958. [bug] named failed to start with a missing master file.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2957. [bug] entropy_get() and entropy_getpseudo() failed to match
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews the API for RAND_bytes() and RAND_pseudo_bytes()
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews respectively. [RT #21962]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2956. [port] Enable atomic operations on the PowerPC64. [RT #21899]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2955. [func] Provide more detail in the recursing log. [RT #22043]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews build_sqldbinstance failure. [RT #21623]
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews2953. [bug] Silence spurious "expected covering NSEC3, got an
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews exact match" message when returning a wildcard
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews no data response. [RT #21744]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2952. [port] win32: named-checkzone and named-checkconf failed
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews to initialise winsock. [RT #21932]
5752b9e296f14034f103149f18188770c2cc5239Mark Andrews2951. [bug] named failed to generate a correct signed response
494576ce20cfd98d74955698cf8f7b37dce2f740Mark Andrews in a optout, delegation only zone with no secure
494576ce20cfd98d74955698cf8f7b37dce2f740Mark Andrews delegations. [RT #22007]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2950. [bug] named failed to perform a SOA up to date check when
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews falling back to TCP on UDP timeouts when
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews ixfr-from-differences was set. [RT #21595]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2949. [bug] dns_view_setnewzones() contained a memory leak if
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews it was called multiple times. [RT #21942]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2948. [port] MacOS: provide a mechanism to configure the test
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews interfaces at reboot. See bin/tests/system/README
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews for details.
ca12f7f4cf72e2368ee946f3eb4915ab73576cdcMark Andrews2947. [placeholder]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2946. [doc] Document the default values for the minimum and maximum
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews zone refresh and retry values in the ARM. [RT #21886]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2945. [doc] Update empty-zones list in ARM. [RT #21772]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2944. [maint] Remove ORCHID prefix from built in empty zones.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2943. [func] Add support to load new keys into managed zones
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews without signing immediately with "rndc loadkeys".
ca12f7f4cf72e2368ee946f3eb4915ab73576cdcMark Andrews Add support to link keys with "dnssec-keygen -S"
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews and "dnssec-settime -S". [RT #21351]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2942. [contrib] zone2sqlite failed to setup the entropy sources.
5985ae96cdb38a19ed361ebbfd867d7fd9d1bed4Mark Andrews2941. [bug] sdb and sdlz (dlz's zone database) failed to support
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews DNAME at the zone apex. [RT #21610]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2940. [port] Remove connection aborted error message on
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews Windows. [RT #21549]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews2939. [func] Check that named successfully skips NSEC3 records
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews that fail to match the NSEC3PARAM record currently
18ee329936d7b96c0a9ae8a1d16b5a0bd6c86e0bMark Andrews in use. [RT# 21868]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews2938. [bug] When generating signed responses, from a signed zone
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews that uses NSEC3, named would use a uninitialised
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews pointer if it needed to skip a NSEC3 record because
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews it didn't match the selected NSEC3PARAM record for
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews zone. [RT# 21868]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2937. [bug] Worked around an apparent race condition in over
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews memory conditions. Without this fix a DNS cache DB or
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews ADB could incorrectly stay in an over memory state,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews effectively refusing further caching, which
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews subsequently made a BIND 9 caching server unworkable.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews This fix prevents this problem from happening by
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews polling the state of the memory context, rather than
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews making a copy of the state, which appeared to cause
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews a race. This is a "workaround" in that it doesn't
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews solve the possible race per se, but several experiments
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews proved this change solves the symptom. Also, the
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews polling overhead hasn't been reported to be an issue.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews This bug should only affect a caching server that
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews specifies a finite max-cache-size. It's also quite
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews likely that the bug happens only when enabling threads,
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews but it's not confirmed yet. [RT #21818]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2936. [func] Improved configuration syntax and multiple-view
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews support for addzone/delzone feature (see change
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews #2930). Removed "new-zone-file" option, replaced
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews with "allow-new-zones (yes|no)". The new-zone-file
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews for each view is now created automatically, with
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews a filename generated from a hash of the view name.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews It is no longer necessary to "include" the
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews new-zone-file in named.conf; this happens
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews automatically. Zones that were not added via
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews "rndc addzone" can no longer be removed with
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews "rndc delzone". [RT #19447]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2935. [bug] nsupdate: improve 'file not found' error message.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2933. [bug] 'dig +nsid' used stack memory after it went out of
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews scope. This could potentially result in a unknown,
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews potentially malformed, EDNS option being sent instead
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews of the desired NSID option. [RT #21781]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2932. [cleanup] Corrected a numbering error in the "dnssec" test.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2931. [bug] Temporarily and partially disable change 2864
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews because it would cause infinite attempts of RRSIG
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews queries. This is an urgent care fix; we'll
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews revisit the issue and complete the fix later.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2930. [experimental] New "rndc addzone" and "rndc delzone" commads
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews allow dynamic addition and deletion of zones.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews To enable this feature, specify a "new-zone-file"
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews option at the view or options level in named.conf.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews Zone configuration information for the new zones
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews will be written into that file. To make the new
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews zones persist after a restart, "include" the file
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews into named.conf in the appropriate view. (Note:
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews This feature is not yet documented, and its syntax
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews is expected to change.) [RT #19447]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews2929. [bug] Improved handling of GSS security contexts:
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews - added LRU expiration for generated TSIGs
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews - added the ability to use a non-default realm
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews - added new "realm" keyword in nsupdate
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews - limited lifetime of generated keys to 1 hour
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews or the lifetime of the context (whichever is
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2928. [bug] Be more selective about the non-authoritative
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews answer we apply change 2748 to. [RT #21594]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2927. [placeholder]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2926. [placeholder]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2925. [bug] Named failed to accept uncachable negative responses
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews from insecure zones. [RT# 21555]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2924. [func] 'rndc secroots' dump a combined summary of the
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews current managed keys combined with trusted keys.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2923. [bug] 'dig +trace' could drop core after "connection
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews timeout". [RT #21514]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2922. [contrib] Update zkt to version 1.0.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2921. [bug] The resolver could attempt to destroy a fetch context
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews too soon. [RT #19878]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
1da87201292c454b0e5e3d3f38d9bb086196b87fMark Andrews to IPv4 clients. New acl 'filter-aaaa' (default any).
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2917. [func] Virtual time test framework. [RT #20801]
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews2916. [func] Add framework to use IPv6 in tests.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2915. [cleanup] Be smarter about which objects we attempt to compile
5752b9e296f14034f103149f18188770c2cc5239Mark Andrews based on configure options. [RT #21444]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson2914. [bug] Make the "autosign" system test more portable.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews2913. [func] Add pkcs#11 system tests. [RT #20784]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson2912. [func] Windows clients don't like UPDATE responses that clear
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews the zone section. [RT #20986]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2911. [bug] dnssec-signzone didn't handle out of zone records well.
5752b9e296f14034f103149f18188770c2cc5239Mark Andrews2910. [func] Sanity check Kerberos credentials. [RT #20986]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews2909. [bug] named-checkconf -p could die if "update-policy local;"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington was specified in named.conf. [RT #21416]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2908. [bug] It was possible for re-signing to stop after removing
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews a DNSKEY. [RT #21384]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2907. [bug] The export version of libdns had undefined references.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2906. [bug] Address RFC 5011 implementation issues. [RT #20903]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2905. [port] aix: set use_atomic=yes with native compiler.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2904. [bug] When using DLV, sub-zones of the zones in the DLV,
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews could be incorrectly marked as insecure instead of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington secure leading to negative proofs failing. This was
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews a unintended outcome from change 2890. [RT# 21392]
1b66648a10f0fc8dc92470859ed127938eec5647Mark Andrews2903. [bug] managed-keys-directory missing from namedconf.c.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2902. [func] Add regression test for change 2897. [RT #21040]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2900. [bug] The placeholder negative caching element was not
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews properly constructed triggering a INSIST in
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews dns_ncache_towire(). [RT #21346]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2899. [port] win32: Support linking against OpenSSL 1.0.0.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2898. [bug] nslookup leaked memory when -domain=value was
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews specified. [RT #21301]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2897. [bug] NSEC3 chains could be left behind when transitioning
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews to insecure. [RT #21040]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2896. [bug] "rndc sign" failed to properly update the zone
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews when adding a DNSKEY for publication only. [RT #21045]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2895. [func] genrandom: add support for the generation of multiple
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews files. [RT #20917]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2893. [bug] Improve managed keys support. New named.conf option
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews managed-keys-directory. [RT #20924]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2892. [bug] Handle REVOKED keys better. [RT #20961]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2891. [maint] Update empty-zones list to match
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2890. [bug] Handle the introduction of new trusted-keys and
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews DS, DLV RRsets better. [RT #21097]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2889. [bug] Elements of the grammar where not properly reported.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2888. [bug] Only the first EDNS option was displayed. [RT #21273]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2887. [bug] Report the keytag times in UTC in the .key file,
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews local time is presented as a comment within the
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews comment. [RT #21223]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2886. [bug] ctime() is not thread safe. [RT #21223]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2885. [bug] Improve -fno-strict-aliasing support probing in
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews configure. [RT #21080]
fca6550a9766fe9b0e203ff91399fae4ef3f4030Mark Andrews2884. [bug] Insufficient validation in dns_name_getlabelsequence().
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2883. [bug] 'dig +short' failed to handle really large datasets.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2882. [bug] Remove memory context from list of active contexts
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews before clearing 'magic'. [RT #21274]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2881. [bug] Reduce the amount of time the rbtdb write lock
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews is held when closing a version. [RT #21198]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews consistent. [RT #21078]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2878. [func] Incrementally write the master file after performing
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews a AXFR. [RT #21010]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2877. [bug] The validator failed to skip obviously mismatching
67afb42794e0efcbb1c96108037733127544787cMark Andrews RRSIGs. [RT #21138]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington2876. [bug] Named could return SERVFAIL for negative responses
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews from unsigned zones. [RT #21131]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington2875. [bug] dns_time64_fromtext() could accept non digits.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington2874. [bug] Cache lack of EDNS support only after the server
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews successfully responds to the query using plain DNS.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2873. [bug] Cancelling a dynamic update via the dns/client module
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews could trigger an assertion failure. [RT #21133]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2872. [bug] Modify dns/client.c:dns_client_createx() to only
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews require one of IPv4 or IPv6 rather than both.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2871. [bug] Type mismatch in mem_api.c between the definition and
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews the header file, causing build failure with
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington --enable-exportlib. [RT #21138]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2868. [cleanup] Run "make clean" at the end of configure to ensure
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews any changes made by configure are integrated.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews Use --with-make-clean=no to disable. [RT #20994]
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews don't like it. [RT #20986]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2866. [bug] Windows does not like the TSIG name being compressed.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2865. [bug] memset to zero event.data. [RT #20986]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2862. [bug] nsupdate didn't default to the parent zone when
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews updating DS records. [RT #20896]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2861. [doc] dnssec-settime man pages didn't correctly document the
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews inactivation time. [RT #21039]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2860. [bug] named-checkconf's usage was out of date. [RT #21039]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2859. [bug] When cancelling validation it was possible to leak
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews memory. [RT #20800]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2858. [bug] RTT estimates were not being adjusted on ICMP errors.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2857. [bug] named-checkconf did not fail on a bad trusted key.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington2856. [bug] The size of a memory allocation was not always properly
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews recorded. [RT #20927]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2855. [func] nsupdate will now preserve the entered case of domain
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews names in update requests it sends. [RT #20928]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2854. [func] dig: allow the final soa record in a axfr response to
fca6550a9766fe9b0e203ff91399fae4ef3f4030Mark Andrews be suppressed, dig +onesoa. [RT #20929]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2851. [doc] nslookup.1, removed <informalexample> from the docbook
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews source as it produced bad nroff. [RT #21007]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2850. [bug] If isc_heap_insert() failed due to memory shortage
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews the heap would have corrupted entries. [RT #20951]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2849. [bug] Don't treat errors from the xml2 library as fatal.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2848. [doc] Moved README.dnssec, README.libdns, README.pkcs11 and
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews README.rfc5011 into the ARM. [RT #20899]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2846. [bug] EOF on unix domain sockets was not being handled
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews correctly. [RT #20731]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2845. [bug] RFC 5011 client could crash on shutdown. [RT #20903]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2844. [doc] notify-delay default in ARM was wrong. It should have
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews been five (5) seconds.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2843. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews creating key files if there is a chance that the new
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews key ID will collide with an existing one after
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews either of the keys has been revoked. (To override
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews this in the case of dnssec-keyfromlabel, use the -y
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington option. dnssec-keygen will simply create a
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews different, non-colliding key, so an override is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington not necessary.) [RT #20838]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2842. [func] Added "smartsign" and improved "autosign" and
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews "dnssec" regression tests. [RT #20865]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2841. [bug] Change 2836 was not complete. [RT #20883]
d8d02f9aecba21ccea1b11597e12548eafa0e4fcMark Andrews2840. [bug] Temporary fixed pkcs11-destroy usage check.
fca6550a9766fe9b0e203ff91399fae4ef3f4030Mark Andrews2839. [bug] A KSK revoked by named could not be deleted.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2838. [placeholder]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2837. [port] Prevent Linux spurious warnings about fwrite().
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2836. [bug] Keys that were scheduled to become active could
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews be delayed. [RT #20874]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2835. [bug] Key inactivity dates were inadvertently stored in
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews the private key file with the outdated tag
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews "Unpublish" rather than "Inactive". This has been
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews fixed; however, any existing keys that had Inactive
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews dates set will now need to have them reset, using
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews 'dnssec-settime -I'. [RT #20868]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews2834. [bug] HMAC-SHA* keys that were longer than the algorithm
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson digest length were used incorrectly, leading to
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews interoperability problems with other DNS
fca6550a9766fe9b0e203ff91399fae4ef3f4030Mark Andrews implementations. This has been corrected.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews (Note: If an oversize key is in use, and
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews compatibility is needed with an older release of
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews BIND, the new tool "isc-hmac-fixup" can convert
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews the key secret to a form that will work with all
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews versions.) [RT #20751]
fca6550a9766fe9b0e203ff91399fae4ef3f4030Mark Andrews2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews to avoid redefinition in some OSs [RT 20831]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2831. [security] Do not attempt to validate or cache
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews out-of-bailiwick data returned with a secure
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews answer; it must be re-fetched from its original
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews source and validated in that context. [RT #20819]
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington2830. [bug] Changing the OPTOUT setting could take multiple
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews passes. [RT #20813]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington2829. [bug] Fixed potential node inconsistency in rbtdb.c.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2828. [security] Cached CNAME or DNAME RR could be returned to clients
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington without DNSSEC validation. [RT #20737]
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2826. [bug] NSEC3->NSEC transitions could fail due to a lock not
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews being released. [RT #20740]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews was in the process of being created was not properly
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews recorded in the zone. [RT #20786]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2824. [bug] "rndc sign" was not being run by the correct task.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2822. [bug] rbtdb.c:loadnode() could return the wrong result.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2821. [doc] Add note that named-checkconf doesn't automatically
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2820. [func] Handle read access failure of OpenSSL configuration
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson file more user friendly (PKCS#11 engine patch).
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define.
c25080dc50542213058c240226c9f342186e6285Mark Andrews2818. [cleanup] rndc could return an incorrect error code
369ed36db553e24f0170c9e0063b075cbab99fe1Mark Andrews when a zone was not found. [RT #20767]
11ba7973f989b3657cbb27447bdcdd976c71ac56Brian Wellington2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
c25080dc50542213058c240226c9f342186e6285Mark Andrews2816. [bug] previous_closest_nsec() could fail to return
369ed36db553e24f0170c9e0063b075cbab99fe1Mark Andrews data for NSEC3 nodes [RT #29730]
67afb42794e0efcbb1c96108037733127544787cMark Andrews2815. [bug] Exclusively lock the task when freezing a zone.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2814. [func] Provide a definitive error message when a master
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews zone is not loaded. [RT #20757]
67afb42794e0efcbb1c96108037733127544787cMark Andrews2813. [bug] Better handling of unreadable DNSSEC key files.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews2812. [bug] Make sure updates can't result in a zone with
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews NSEC-only keys and NSEC3 records. [RT #20748]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews2811. [cleanup] Add "rndc sign" to list of commands in rndc usage
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews output. [RT #20733]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews2810. [doc] Clarified the process of transitioning an NSEC3 zone
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to insecure. [RT #20746]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2809. [cleanup] Restored accidentally-deleted text in usage output
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews in dnssec-settime and dnssec-revoke [RT #20739]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2808. [bug] Remove the attempt to install atomic.h from lib/isc.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews atomic.h is correctly installed by the architecture
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews specific subdirectories. [RT #20722]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2807. [bug] Fixed a possible ASSERT when reconfiguring zone
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews keys. [RT #20720]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews --- 9.7.0rc1 released ---
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2806. [bug] "rdnc sign" could delay re-signing the DNSKEY
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews when it had changed. [RT #20703]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2805. [bug] Fixed namespace problems encountered when building
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews external programs using non-exported BIND9 libraries
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews (i.e., built without --enable-exportlib). [RT #20679]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2804. [bug] Send notifies when a zone is signed with "rndc sign"
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews or as a result of a scheduled key change. [RT #20700]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2803. [port] win32: Install named-journalprint, nsec3hash, arpaname
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews and genrandom under windows. [RT #20670]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2802. [cleanup] Rename journalprint to named-journalprint. [RT #20670]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2801. [func] Detect and report records that are different according
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews to DNSSEC but are semantically equal according to plain
bac2ed6ec3fbb5420e6ce69dd1218745d4e02b1eMark Andrews DNS. Apply plain DNS comparisons rather than DNSSEC
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews comparisons when processing UPDATE requests.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews dnssec-signzone now removes such semantically duplicate
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews records prior to signing the RRset.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews named-checkzone -r {ignore|warn|fail} (default warn)
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews named-compilezone -r {ignore|warn|fail} (default warn)
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews named.conf: check-dup-records {ignore|warn|fail};
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2800. [func] Reject zones which have NS records which refer to
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews CNAMEs, DNAMEs or don't have address record (class IN
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews only). Reject UPDATEs which would cause the zone
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews to fail the above checks if committed. [RT #20678]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2799. [cleanup] Changed the "secure-to-insecure" option to
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews "dnssec-secure-to-insecure", and "dnskey-ksk-only"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2798. [bug] Addressed bugs in managed-keys initialization
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews and rollover. [RT #20683]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2797. [bug] Don't decrement the dispatch manager's maxbuffers.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2796. [bug] Missing dns_rdataset_disassociate() call in
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews dns_nsec3_delnsec3sx(). [RT #20681]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2795. [cleanup] Add text to differentiate "update with no effect"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews log messages. [RT #18889]
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews2794. [bug] Install <isc/namespace.h>. [RT #20677]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2793. [func] Add "autosign" and "metadata" tests to the
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews automatic tests. [RT #19946]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2792. [func] "filter-aaaa-on-v4" can now be set in view
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews options (if compiled in). [RT #20635]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2791. [bug] The installation of isc-config.sh was broken.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2790. [bug] Handle DS queries to stub zones. [RT #20440]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2788. [bug] dnssec-signzone could sign with keys that were
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews not requested [RT #20625]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2787. [bug] Spurious log message when zone keys were
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews dynamically reconfigured. [RT #20659]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2786. [bug] Additional could be promoted to answer. [RT #20663]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews --- 9.7.0b3 released ---
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2785. [bug] Revoked keys could fail to self-sign [RT #20652]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2784. [bug] TC was not always being set when required glue was
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews dropped. [RT #20655]
6bb1d8fc6d7f858315190cfb2c2048a6b3135a41Mark Andrews2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
794b06660baff2e96867c5216e28235d320ba2cdMark Andrews buffer size of 512 or less. [RT #20654]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2782. [port] win32: use getaddrinfo() for hostname lookups.
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson2781. [bug] Inactive keys could be used for signing. [RT #20649]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews2780. [bug] dnssec-keygen -A none didn't properly unset the
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews activation date in all cases. [RT #20648]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2779. [bug] Dynamic key revocation could fail. [RT #20644]
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson2778. [bug] dnssec-signzone could fail when a key was revoked
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews without deleting the unrevoked version. [RT #20638]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2776. [bug] Change #2762 was not correct. [RT #20647]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2775. [bug] Accept RSASHA256 and RSASHA512 as NSEC3 compatible
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson in dnssec-keyfromlabel. [RT #20643]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson2774. [bug] Existing cache DB wasn't being reused after
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews reconfiguration. [RT #20629]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2773. [bug] In autosigned zones, the SOA could be signed
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington with the KSK. [RT #20628]
713c3d5b18463f2479973e4d14f73248e60a5df7Mark Andrews2772. [security] When validating, track whether pending data was from
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the additional section or not and only return it if
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews validates as secure. [RT #20438]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2771. [bug] dnssec-signzone: DNSKEY records could be
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews corrupted when importing from key files [RT #20624]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2770. [cleanup] Add log messages to resolver.c to indicate events
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson causing FORMERR responses. [RT #20526]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson2769. [cleanup] Change #2742 was incomplete. [RT #19589]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington2767. [bug] named could crash on startup if a zone was
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews configured with auto-dnssec and there was no
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews key-directory. [RT #20615]
777f6bff4bd28f0065bea340c3ac06bfc9a70079Mark Andrews2766. [bug] isc_socket_fdwatchpoke() should only update the
922e6a3c2ac4ef900dd9dc99f0cc137f18372583Andreas Gustafsson socketmgr state if the socket is not pending on a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington read or write. [RT #20603]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington2765. [bug] Skip masters for which the TSIG key cannot be found.
11ba7973f989b3657cbb27447bdcdd976c71ac56Brian Wellington2764. [bug] "rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2763. [bug] "rndc sign" didn't create an NSEC chain. [RT #20591]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2762. [bug] DLV validation failed with a local slave DLV zone.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2761. [cleanup] Enable internal symbol table for backtrace only for
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews systems that are known to work. Currently, BSD
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews variants, Linux and Solaris are supported. [RT# 20202]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2759. [doc] Add information about .jbk/.jnw files to
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews the ARM. [RT #20303]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2758. [bug] win32: Added a workaround for a windows 2008 bug
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews that could cause the UDP client handler to shut
e4dfb763224a6c8b83b3e94ba543a894d2b355cbMark Andrews down. [RT #19176]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2757. [bug] dig: assertion failure could occur in connect
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington timeout. [RT #20599]
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597]
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews2755. [placeholder]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews2754. [bug] Secure-to-insecure transitions failed when zone
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews was signed with NSEC3. [RT #20587]
2746. [port] hpux: address signed/unsigned expansion mismatch of
dns_rbtnode_t.nsec. [RT #20542]
validator.c. [RT #19589]
2725. [doc] Added information about the file "managed-keys.bind"
2719. [func] Skip trusted/managed keys for unsupported algorithms.
2717. [bug] named failed to update the NSEC/NSEC3 record when
2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
2711. [port] win32: Add the bin/pkcs11 tools into the full
by the named.conf option 'secure-to-insecure'.
(i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
2699. [bug] Missing lock in rbtdb.c. [RT #20037]
S_IFREG are defined after including <isc/stat.h>.
2695. [func] DHCP/DDNS - update fdwatch code for use by
2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
2679. [func] dig -k can now accept TSIG keys in named.conf
- New "inactive" date (dnssec-keygen/settime -I)
2673. [bug] The managed-keys.bind zone file could fail to
2664. [bug] create_keydata() and minimal_update() in zone.c
applications. See README.libdns. [RT #19369]
2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
2632. [func] util/kit.sh: warn if documentation appears to be out of
2628. [port] linux: Allow /var/run/named/named.pid to be opened
2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
2617. [bug] ifconfig.sh failed to emit an error message when
2616. [bug] 'host' used the nameservers from resolv.conf even
configuration text for named.conf
from a NSEC3 signed master/slave zone. [RT #19464]
2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
2590. [func] Report zone/class of "update with no effect".
2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
of "dnssec-lookaside . trust-anchor dlv.isc.org;"
plus setting a trusted-key for dlv.isc.org.
by) $sysconfdir/bind.keys. As the ISC DLV key
the bind.keys file with a key downloaded from
https://www.isc.org/solutions/dlv. [RT #18685]
2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
2548. [bug] Install iterated_hash.h. [RT #19335]
2547. [bug] openssl_link.c:mem_realloc() could reference an
2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
2538. [bug] cache/ADB memory could grow over max-cache-size,
2519. [bug] dig/host with -4 or -6 didn't work if more than two
preceded in resolv.conf. [RT #19081]
document function in <isc/radix.h>. [RT #18534]
2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
are now /var/run/named/named.pid and
/var/run/lwresd/lwresd.pid respectively.
2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
specified in named.conf doesn't seem to work with
2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
2455. [bug] Stop metadata being transferred via axfr/ixfr.
2452. [func] Improve bin/test/journalprint. [RT #18316]
epoll and /dev/poll to be selected at compile
completion event send out canceled read/write
in rbtdb.c. [RT #18455]
2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
temporary, named.conf option reserved-sockets,
assertion in acl.c. [RT #18166]
2390. [bug] dispatch.c could make a false warning on 'odd socket'.
2387. [bug] Silence compiler warnings in lib/isc/radix.c.
2385. [bug] A condition variable in socket.c could leak in
2381. [port] dlz/mysql: support multiple install layouts for
mysql. <prefix>/include/{,mysql/}mysql.h and
2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
Documentation is in the new README.pkcs11 file.
were set at both the options/view level and in
named.conf. [RT #17581]
See <isc/mem.h> for details.
2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
rbtdb.c. Implement dead node processing in zones as
lib/dns/rdata/in_1/apl_42.c. [RT #17469]
2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
addresses in acl.c. [RT #17519]
bin/named/lwdnoop.c. [RT #17476]
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
debug/fatal messages. [RT #17501]
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
2306. [bug] Remove potential race from lib/dns/resolver.c.
2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
bin/tests/system/lwresd/lwtest.c. [RT #17474]
bin/tests/names/t_names.c. [RT #17473]
bin/nsupdate/nsupdate.c. [RT #17475]
bin/tests/timers/t_timers.c. [RT #17468]
bin/tests/dst/t_dst.c. [RT #17467]
2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
stub/slave master and journal files. [RT# 17279]
2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
2266. [bug] client.c:get_clientmctx() returned the same mctx
2257. [bug] win32: Use the full path to vcredist_x86.exe when
bindevt.dll. [RT #17159]
2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
2254. [bug] timer.c:dispatch() failed to lock timer->lock
2247. [doc] Sort doc/misc/options. [RT #17067]
2246. [bug] Make the startup of test servers (ans.pl) more
2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
If allow-query-cache is not set in named.conf then
If allow-recursion is not set in named.conf then
2194. [bug] Close journal before calling 'done' in xfrin.c.
2193. [port] win32: BINDInstall.exe is now linked statically.
2192. [port] win32: use vcredist_x86.exe to install Visual
2184. [bug] bind9.xsl.h didn't build out of the source tree.
2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
need to ship Microsoft.VC80.MFCLOC.
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
Fix a memory leak in rbtdb.c:free_noqname().
Make lookup.c:lookup_find() robust against
2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
dighost.c:get_trusted_key(). [RT #16678]
hmac_link.c. [RT #16437]
2145. [bug] Check DS/DLV digest lengths for known digests.
2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
in adb.c. [RT #16670]
2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2137. [port] Mips little endian and/or mips 64 bit are now
2136. [bug] nslookup/host looped if there was no search list
2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
2114. [bug] dig/host/nslookup: searches for names with multiple
2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
2103. [port] Add /usr/sfw to list of locations for OpenSSL
2100. [port] win32: copy libeay32.dll to Build\Debug.
2098. [bug] Race in rbtdb.c:no_references(), which occasionally
if resolv.conf does not exist or no nameservers
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
2085. [doc] win32: added index.html and README to zip. [RT #16201]
2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
2080. [port] libbind: res_init.c did not compile on older versions
2076. [bug] Several files were missing #include <config.h>
of authoritative servers that drop EDNS and/or CD
2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
2043. [port] nsupdate/nslookup: Force the flushing of the prompt
2038. [bug] dig/nslookup/host was unlinking from wrong list
a non slave/stub zone. [RT # 16073]
2028. [port] linux: socket.c compatibility for old systems.
2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
2008. [func] It is now possible to enable/disable DNSSEC
breaks DNSSEC (firewall/proxy). [RT #15592]
2003. [bug] libbind: The DNS name/address lookup functions could
1988. [bug] Remove a bus error from the SHA256/SHA512 support.
1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
1981. [bug] win32: condition.c:wait() could fail to reattain
1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
now be set in named.conf (max-udp-size). This is
xfrin.c:maybe_free() if named ran out of memory.
1944. [cleanup] isc_hash_create() does not need a read/write lock.
1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
1922. [bug] check-tool.c:setup_logging() missing call to
1919. [contrib] queryperf: a set of new features: collecting/printing
'RD' was set in the query. host/nslookup skip servers
1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
1866. [bug] resolv.conf parse errors were being ignored by
dig/host/nslookup. [RT #14841]
1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
when CFLAGS contains "-I /usr/local/include"
1839. [bug] <isc/hash.h> was not being installed.
1836. [cleanup] Silence compiler warnings in hash_test.c.
1834. [bug] Bad memset in rdata_test.c. [RT #13658]
rbtdb.c:subtractrdataset(). [RT #13519]
option in named.conf can be used to specify a
1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
1810. [bug] configure, lib/bind/configure make different default
1808. [bug] zone.c:notify_zone() contained a race condition,
1788. [bug] libbind9.la/libbind9.so needs to link against
1785. [bug] libbind9.la/libbind9.so needs to link against
1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
file clause for rbt{64} master/hint zones. [RT#13009]
1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
1748. [func] dig now returns the byte count for axfr/ixfr.
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
1745. [bug] Dig/host/nslookup accept replies from link locals
1731. [port] darwin: relax version test in ifconfig.sh.
1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
1717. [port] solaris: ifconfig.sh did not support Solaris 10.
"ifconfig.sh down" didn't work for Solaris 9.
1716. [doc] named.conf(5) was being installed in the wrong
1714. [bug] dig/host/nslookup were only trying the first
1707. [contrib] sdb/ldap updated to version 1.0-beta.
1705. [func] Allow the journal's name to be changed via named.conf.
"#include <isc/print.h>". [RT #12321]
1701. [doc] A minimal named.conf man page.
are defined in named.conf. [RT #12023]
/usr/lib. [RT #11971]
1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
adb.c:set_target(). [RT #11582]
1648. [func] Update dnssec-lookaside named.conf syntax to support
1625. [bug] named failed to load/transfer RFC2535 signed zones
1612. [bug] check-names at the option/view level could trigger
1599. [bug] Fix memory leak on error path when checking named.conf.
DNSSEC specify "dnssec-enable yes;" in named.conf.
1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
1566. [port] Support for the cmsg framework on Solaris and HP/UX.
were specified in /etc/resolv.conf. [RT #8232]
1551. [port] Open "/dev/null" before calling chroot().
1532. [port] netbsd: the configure test for <sys/sysctl.h>
requires <sys/param.h>.
1517. [port] Support for IPv6 interface scanning on HP/UX and
only (e.g. DE, LV, US and MUSEUM) these can be excluded
1503. [port] win32: install libeay32.dll outside of system32.
named.conf, tcp-listen-queue.
1498. [port] bsdos: 5.x support.
1478. [port] ifconfig.sh didn't account for other virtual
1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
doc/misc/options. [RT #5616]
via named.conf (edns-udp-size).
1425. [port] linux/libbind: define __USE_MISC when testing *_r()
function prototypes in netdb.h. [RT #4921]
1422. [func] Log name/type/class when denying a query. [RT #4663]
1419. [port] openbsd: use /dev/arandom. [RT #4950]
1417. [func] ID.SERVER/CHAOS is now a built in zone.
1410. [func] Handle records that live in the parent zone, e.g. DS.
1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
'recursing-file = "named.recursing";'.
1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
1353. [contrib] sdb/ldap to version 0.9.
in socket.c and eliminating a host of socket
1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
1336. [func] Nibble lookups under IP6.ARPA are now supported by
1334. [bug] When signing/verifying rdatasets, duplicate rdatas
1326. [bug] DNAME/CNAME signatures were not being cached when
1324. [port] darwin: ifconfig.sh now supports darwin.
1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
1276. [bug] libbind: const pointer conflicts in res_debug.c.
1269. [port] Openserver: ifconfig.sh support.
<sys/param.h> is included or not. Be consistent.
1247. [bug] Don't reset the interface index for link/site local
1234. [bug] contrib/sdb: 'zonetodb' failed to call
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
at the named.conf checking stage. [RT #2431]
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
lib/dns to use this function instead of local one.
occurs when parsing named.conf. [RT #2275]
1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
1145. [func] "host" no longer reports a NOERROR/NODATA response
named/lwresd at compile time. [RT #1982]
1119. [func] Added support in Win32 for NTFS file/directory ACL's
could cause an assertion failure in resolver.c
violation in adb.c. [RT #2017]
1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
1088. [port] libbind: MPE/iX C.70 (incomplete)
on load/reload if views were used. [RT #1947]
1041. [bug] Dig/host/nslookup could catch an assertion failure
1032. [func] hostname.bind/txt/chaos now returns the name of
1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
1030. [bug] On systems with no resolv.conf file, nsupdate
1029. [bug] Some named.conf errors did not cause the loading
1002. [bug] When reporting an unknown class name in named.conf,
972. [bug] The file modification time code in zone.c was using the
non-existent nlist.h. [RT #1640]
957. [bug] sys/select.h inclusion was broken on older platforms.
in named/win32/os.c due to code changes in
updated to add include path for os.h header.
953. [func] The /var/run/named.key file from change #843
has been replaced by /etc/rndc.key. Both
method (rndc.conf / controls). Unlike
bin/tests. [RT #1555].
946. [cleanup] doc/misc/options is now machine-generated from the
when installing isc-config.sh.
were not accepted in named.conf. [RT #1469]
and added lib/isc/win32/entropy.c.
900. [bug] A config.guess update changed the system identification
bin/tests/system/ifconfig.sh now recognize the new
899. [bug] lib/dns/soa.c failed to compile on many platforms
897. [bug] A config.guess update changed the system identification
to Darwin. This was derived from the config.guess
849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
just as <lwres/net.h> does.
843. [func] If no controls statement is present in named.conf,
generated by named and an rndc.conf-style file
named named.key will be written that uses it. rndc
838. [port] UnixWare 7.x.x is now suported by
833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
<dns/soa.h>, and extended them to support
832. [bug] The default location for named.conf in named-checkconf
825. [bug] zone.c:ns_query() detached from the wrong zone
character (i.e. "/") in its name and the directory
down-cased when signing/verifying records. [RT #1186]
in rndc.conf.
786. [bug] When DNSSEC signing/verifying data, owner names were
755. [bug] Fix incorrectly formatted log messages in zone.c.
748. [doc] List supported RFCs in doc/misc/rfc-compliance.
739. [port] Look for /dev/random in configure, rather than
737. [port] stdtime.c failed to compile on certain platforms.
dispatch.c:do_cancel(). [RT #733]
718. [cleanup] "internal" is no longer a reserved word in named.conf.
failure in adb.c. [RT #738]
703. [port] sys/select.h is needed on older platforms. [RT #695]
702. [func] If the address 0.0.0.0 is seen in resolv.conf,
693. [bug] An empty lwres statement in named.conf caused
685. [bug] nslookup should use the search list/domain options
from resolv.conf by default. [RT #405, #630]
646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
for syntax checking named.conf files and zone files,
604. [bug] The named.conf parser could print incorrect line
577. [func] Log illegal RDATA combinations. e.g. multiple
570. [bug] rbtdb.c allowed zones containing nodes which had
568. [func] Add sample simple database drivers in contrib/sdb.
of rdata type/class mnemonics in log messages.
516. [bug] Cache lookups which had a NULL node pointer, e.g.
DNAME, would trigger an INSIST(!search.need_cleanup)
490. [func] When a slave/stub zone has not yet successfully
from the named.conf "listen-on" statement, sockets
477. [bug] The the isc-config.sh script could be installed before
471. [bug] nsupdate didn't compile on HP/UX 10.20
and subsequent name servers in resolv.conf if the
457. [bug] Dig/host/hslookup didn't properly handle connect
documented as such in named.conf. [RT #304, RT #311]
is specified in named.conf. [RT #306]
is specified in named.conf. [RT #301]
432. [func] Added refresh/retry jitter. The actual refresh/
428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
(e.g. glue). This could cause SERVFAILs when
e.g. due to corrupt zones with multiple SOA records.
an argc/argv style vector of words and sets
view/global one for CNAME targets and additional
369. [func] Support new named.conf options, view and zone
the distribution, in doc/man/dnssec.
353. [bug] double increment in lwres/gethost.c:copytobuf().
348. [func] New boolean named.conf options 'additional-from-auth'
345. [bug] Large-scale changes/cleanups to dig:
341. [func] Support 'key' clause in named.conf zone masters
327. [bug] rndc.conf parser wasn't correctly recognizing an IP
320. [func] Multiple rndc changes: parses an rndc.conf file,
319. [func] The named.conf "controls" statement is now used
314. [func] The named.conf controls statement can now have
313. [bug] When parsing resolv.conf, don't terminate on an
resolv.conf search path from 6 to 8. If there
resolv.conf was empty or a comment.
310. [func] Changes to named.conf "controls" statement (inet
are listed in resolv.conf, silently ignore them
each library's ipv6.h defines the wrapper symbol of
any $sbindir/dig from a previous release.)
that lack /dev/random.
280. [func] Add isc-config.sh, which can be used to more
two or more files in libomapi.a were not namespace
278. [bug] bin/named/logconf.c:category_fromconf() didn't take
266. [bug] zone.c:save_nsrrset() node was not initialized.
262. [bug] 'master' was not initialized in zone.c:stub_callback().
for global options block of named.conf. Both accept
258. [bug] Fixed printing of lwres_addr_t.address field.
256. [func] isc_ratelimiter_t now has attach/detach semantics, and
253. [func] resolv.conf parser now recognizes ';' and '#' as
252. [bug] resolv.conf parser mishandled masks on sortlists.
244. [bug] empty named.conf file and empty options statement are
243. [func] new cachesize option for named.conf
+ missing sigwait prototype on BSD/OS 4.0/4.0.1.
BSD/OS 4.*, Linux and Solaris 2.8.
230. [func] Replace the dst sign/verify API with a cleaner one.
from confparser.c, because of yacc's code, are
212. [func] Added dns_message_get/settsigkey, to make TSIG
compiling in the lib/dns/sec/{dnssafe,openssl}
204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
run on a PA 1.x system."
201. [cleanup] Removed the test/sdig program, it has been
replaced by bin/dig/dig.
(e.g., running out of network buffers) were
and/or interfaces. [19-May-2000 explorer]
191. [func] Patched to compile on UnixWare 7.x. This platform
range for overflow/underflow. In the case of
184. [cleanup] Variables/functions which began with two leading
underscores were made to conform to the ANSI/ISO
179. [func] options named.conf statement *must* now come
178. [func] Post-load of named.conf check verifies a slave zone
168. [bug] include statements in named.conf caused syntax errors
162. [bug] Ensure proper range for arguments to ctype.h functions.
masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
util/check-includes for how this was tested.
145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
<isc/result.h>.
of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
need <isc/eventclass.h>.
instead of <isc/time.h>.
128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
and creates null keys/sets zone status bit for
<isc/result.h>.
<isc/result.h>. Multiple inclusion protection
isc_symtab_t moved to <isc/types.h>.
<isc/net.h>.
118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
117. [cleanup] libdns.a changes:
116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
<isc/list.h>.
<isc/mutex.h>.
<isc/list.h>.
bin/tests/{db,mem,sockaddr,tasks,timers}/.
108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
105. [doc] doc/dev/coding.html expanded with other
103. [func] libisc buffer API changes for <isc/buffer.h>:
on BSD/OS 4.1.
101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
<isc/event.h>.
or <isc/result.h>.
<isc/result.h>.
90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
from <named/listenlist.h>.
<isc/mem.h>. isc_interface_t and isc_interfaceiter_t
moved to <isc/types.h>.
86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
<isc/types.h>.
<isc/int.h>.
<isc/lang.h>.
subsumed by file.o.
OpenSSL libraries/headers.
from <dns/types.h>.
59. [bug] Cause net/host unreachable to be a hard error
58. [bug] bin/named/query.c could sometimes trigger the
(client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
<sys/param.h>.
logging module "dns/validator".
and isc_lex_t to <isc/types.h>.
31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
25. [bug] make install failed to install <isc/log.h> and
configure.in to check for presence of in6addr_any.
9. [cleanup] replaced bit-setting code in confctx.c and replaced
4. [port] bin/named/unix/os.c didn't compile on systems with
get only what we need from <linux/capability.h>, and
systems without /dev/random.
lib/isc/unix/include/isc/Makefile.in had a typo which