CHANGES revision e02c1d738bd326beceabbe4a04692ea0282225ed
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering --- 9.8.0b1 released ---
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering3008. [func] Response policy zones (RPZ) support. [RT #21726]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering3007. [bug] Named failed to preserve the case of domain names in
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John rdata which is not compressible when writing master
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John files. [RT #22863]
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John3006. [func] Allow dynamically generated TSIG keys to be preserved
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John across restarts of named. Initially this is for
4670e9d5f23fc39360c086fb58eadf8b157ee205Jan Engelhardt TSIG keys generated using GSSAPI. [RT #22639]
4670e9d5f23fc39360c086fb58eadf8b157ee205Jan Engelhardt3005. [port] Solaris: Work around the lack of
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek gsskrb5_register_acceptor_identity() by setting
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek the KRB5_KTNAME environment variable to the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering contents of tkey-gssapi-keytab. Also fixed
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering test errors on MacOSX. [RT #22853]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering3004. [func] DNS64 reverse support. [RT #22769]
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt3003. [experimental] Added update-policy match type "external",
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering enabling named to defer the decision of whether to
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering allow a dynamic update to an external daemon.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering (Contributed by Andrew Tridgell.) [RT #22758]
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John3002. [bug] isc_mutex_init_errcheck() failed to destroy attr.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering3001. [func] Added a default trust anchor for the root zone, which
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering can be switched on by setting "dnssec-validation auto;"
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt in the named.conf options. [RT #21727]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering3000. [bug] More TKEY/GSS fixes:
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering - nsupdate can now get the default realm from
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering the user's Kerberos principal
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John - corrected gsstest compilation flags
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt - improved documentation
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John - fixed some NULL dereferences
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2999. [func] Add GOST support (RFC 5933). [RT #20639]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2998. [func] Add isc_task_beginexclusive and isc_task_endexclusive
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering to the task api. [RT #22776]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2997. [func] named -V now reports the OpenSSL and libxml2 verions
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering it was compiled against. [RT #22687]
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt2996. [security] Temporarily disable SO_ACCEPTFILTER support.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2995. [bug] The Kerberos realm was not being correctly extracted
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering from the signer's identity. [RT #22770]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2994. [port] NetBSD: use pthreads by default on NetBSD >= 5.0, and
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering do not use threads on earlier versions. Also kill
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering the unproven-pthreads, mit-pthreads, and ptl2 support.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2993. [func] Dynamically grow adb hash tables. [RT #21186]
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John2992. [contrib] contrib/check-secure-delegation.pl: A simple tool
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering for looking at a secure delegation. [RT #22059]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering dynamic zones. [RT #22365]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2990. [bug] 'dnssec-settime -S' no longer tests prepublication
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering interval validity when the interval is set to 0.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2989. [func] Added support for writable DLZ zones. (Contributed
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering by Andrew Tridgell of the Samba project.) [RT #22629]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering of external DLZ drivers that can be loaded as
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering shared objects at runtime rather than linked with
b97610038a122ff30e60b1996369ca4b979d8b19Kay Sievers named. Currently this is switched on via a
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering compile-time option, "configure --with-dlz-dlopen".
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Note: the syntax for configuring DLZ zones
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering is likely to be refined in future releases.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering (Contributed by Andrew Tridgell of the Samba
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering project.) [RT #22629]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2987. [func] Improve ease of configuring TKEY/GSS updates by
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering adding a "tkey-gssapi-keytab" option. If set,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering updates will be allowed with any key matching
7e95eda5b36f4a5259e1e86989b5aee824d83d03Patrik Flykt a principal in the specified keytab file.
7e95eda5b36f4a5259e1e86989b5aee824d83d03Patrik Flykt "tkey-gssapi-credential" is no longer required
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering and is expected to be deprecated. (Contributed
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering by Andrew Tridgell of the Samba project.)
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John2986. [func] Add new zone type "static-stub". It's like a stub
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John zone, but the nameserver names and/or their IP
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John addresses are statically configured. [RT #21474]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2985. [bug] Add a regression test for change #2896. [RT #21324]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2984. [bug] Don't run MX checks when the target of the MX record
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering is ".". [RT #22645]
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John2983. [bug] Include "loadkeys" in rndc help output. [RT #22493]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering --- 9.8.0a1 released ---
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2982. [bug] Reference count dst keys. dst_key_attach() can be used
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering increment the reference count.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Note: dns_tsigkey_createfromkey() callers should now
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering always call dst_key_free() rather than setting it
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering to NULL on success. [RT #22672]
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991]
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John2980. [bug] named didn't properly handle UPDATES that changed the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering TTL of the NSEC3PARAM RRset. [RT #22363]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2979. [bug] named could deadlock during shutdown if two
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering "rndc stop" commands were issued at the same
8e420494bc59d8b9d43e6d34d8ec8bb765946c74Lennart Poettering time. [RT #22108]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2978. [port] hpux: look for <devpoll.h> [RT #21919]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2977. [bug] 'nsupdate -l' report if the session key is missing.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2976. [bug] named could die on exit after negotiating a GSS-TSIG
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering key. [RT #22573]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() aquired the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering wrong lock which could lead to server deadlock.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2974. [bug] Some vaild UPDATE requests could fail due to a
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering consistency check examining the existing version
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering of the zone rather than the new version resulting
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John from the UPDATE. [RT #22413]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2973. [bug] bind.keys.h was being removed by the "make clean"
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering at the end of configure resulting in build failures
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering where there is very old version of perl installed.
b97610038a122ff30e60b1996369ca4b979d8b19Kay Sievers Move it to "make maintainer-clean". [RT #22230]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2972. [bug] win32: address windows socket errors. [RT #21906]
270f1624022039b370b9db311f9d33492833ad24Lennart Poettering2971. [bug] Fixed a bug that caused journal files not to be
8e420494bc59d8b9d43e6d34d8ec8bb765946c74Lennart Poettering compacted on Windows systems as a result of
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering non-POSIX-compliant rename() semantics. [RT #22434]
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek2970. [security] Adding a NO DATA negative cache entry failed to clear
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek any matching RRSIG records. A subsequent lookup of
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering of NO DATA cache entry could trigger a INSIST when the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering unexpected RRSIG was also returned with the NO DATA
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering CVE-2010-3613, VU#706148. [RT #22288]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2969. [security] Fix acl type processing so that allow-query works
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering in options and view statements. Also add a new
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering set of tests to verify proper functioning.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering CVE-2010-3615, VU#510208. [RT #22418]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2968. [security] Named could fail to prove a data set was insecure
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek before marking it as insecure. One set of conditions
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek that can trigger this occurs naturally when rolling
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering DNSKEY algorithms.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering CVE-2010-3614, VU#837744. [RT #22309]
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek2967. [bug] 'host -D' now turns on debugging messages earlier.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2966. [bug] isc_print_vsnprintf() failed to check if there was
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering space available in the buffer when adding a left
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering justified character with a non zero width,
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt (e.g. "%-1c"). [RT #22270]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2965. [func] Test HMAC functions using test data from RFC 2104 and
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering RFC 4634. [RT #21702]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2964. [placeholder]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2963. [security] The allow-query acl was being applied instead of the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering allow-query-cache acl to cache lookups. [RT #22114]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2962. [port] win32: add more dependencies to BINDBuild.dsw.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2961. [bug] Be still more selective about the non-authoritative
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering answers we apply change 2748 to. [RT #22074]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2960. [func] Check that named accepts non-authoritative answers.
8e420494bc59d8b9d43e6d34d8ec8bb765946c74Lennart Poettering2959. [func] Check that named starts with a missing masterfile.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2958. [bug] named failed to start with a missing master file.
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek2957. [bug] entropy_get() and entropy_getpseudo() failed to match
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering the API for RAND_bytes() and RAND_pseudo_bytes()
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering respectively. [RT #21962]
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt2956. [port] Enable atomic operations on the PowerPC64. [RT #21899]
4670e9d5f23fc39360c086fb58eadf8b157ee205Jan Engelhardt2955. [func] Provide more detail in the recursing log. [RT #22043]
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek build_sqldbinstance failure. [RT #21623]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2953. [bug] Silence spurious "expected covering NSEC3, got an
c0c5af00bec95567435bdfb818c69b2b669adfedDaniel Buch exact match" message when returning a wildcard
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt no data response. [RT #21744]
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt2952. [port] win32: named-checkzone and named-checkconf failed
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt to initialise winsock. [RT #21932]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2951. [bug] named failed to generate a correct signed response
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John in a optout, delegation only zone with no secure
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering delegations. [RT #22007]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2950. [bug] named failed to perform a SOA up to date check when
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering falling back to TCP on UDP timeouts when
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt ixfr-from-differences was set. [RT #21595]
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John2949. [bug] dns_view_setnewzones() contained a memory leak if
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering it was called multiple times. [RT #21942]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2948. [port] MacOS: provide a mechanism to configure the test
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John interfaces at reboot. See bin/tests/system/README
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2947. [placeholder]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2946. [doc] Document the default values for the minimum and maximum
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering zone refresh and retry values in the ARM. [RT #21886]
7e95eda5b36f4a5259e1e86989b5aee824d83d03Patrik Flykt2945. [doc] Update empty-zones list in ARM. [RT #21772]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2944. [maint] Remove ORCHID prefix from built in empty zones.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2943. [func] Add support to load new keys into managed zones
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering without signing immediately with "rndc loadkeys".
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Add support to link keys with "dnssec-keygen -S"
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John and "dnssec-settime -S". [RT #21351]
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John2942. [contrib] zone2sqlite failed to setup the entropy sources.
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt2941. [bug] sdb and sdlz (dlz's zone database) failed to support
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering DNAME at the zone apex. [RT #21610]
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt2940. [port] Remove connection aborted error message on
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Windows. [RT #21549]
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers2939. [func] Check that named successfully skips NSEC3 records
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers that fail to match the NSEC3PARAM record currently
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering in use. [RT# 21868]
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt2938. [bug] When generating signed responses, from a signed zone
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt that uses NSEC3, named would use a uninitialised
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt pointer if it needed to skip a NSEC3 record because
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering it didn't match the selected NSEC3PARAM record for
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John zone. [RT# 21868]
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John2937. [bug] Worked around an apparent race condition in over
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers memory conditions. Without this fix a DNS cache DB or
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John ADB could incorrectly stay in an over memory state,
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers effectively refusing further caching, which
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers subsequently made a BIND 9 caching server unworkable.
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers This fix prevents this problem from happening by
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers polling the state of the memory context, rather than
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers making a copy of the state, which appeared to cause
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers a race. This is a "workaround" in that it doesn't
ad42cf7308c45fb8a77c15b313f45361c5ea8fb5Kay Sievers solve the possible race per se, but several experiments
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering proved this change solves the symptom. Also, the
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt polling overhead hasn't been reported to be an issue.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering This bug should only affect a caching server that
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering specifies a finite max-cache-size. It's also quite
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering likely that the bug happens only when enabling threads,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering but it's not confirmed yet. [RT #21818]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2936. [func] Improved configuration syntax and multiple-view
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering support for addzone/delzone feature (see change
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt #2930). Removed "new-zone-file" option, replaced
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John with "allow-new-zones (yes|no)". The new-zone-file
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering for each view is now created automatically, with
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering a filename generated from a hash of the view name.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering It is no longer necessary to "include" the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering new-zone-file in named.conf; this happens
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering automatically. Zones that were not added via
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering "rndc addzone" can no longer be removed with
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John "rndc delzone". [RT #19447]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2935. [bug] nsupdate: improve 'file not found' error message.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek2933. [bug] 'dig +nsid' used stack memory after it went out of
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek scope. This could potentially result in a unknown,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering potentially malformed, EDNS option being sent instead
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek of the desired NSID option. [RT #21781]
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek2932. [cleanup] Corrected a numbering error in the "dnssec" test.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2931. [bug] Temporarily and partially disable change 2864
8e420494bc59d8b9d43e6d34d8ec8bb765946c74Lennart Poettering because it would cause infinite attempts of RRSIG
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek queries. This is an urgent care fix; we'll
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek revisit the issue and complete the fix later.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2930. [experimental] New "rndc addzone" and "rndc delzone" commads
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John allow dynamic addition and deletion of zones.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering To enable this feature, specify a "new-zone-file"
8e420494bc59d8b9d43e6d34d8ec8bb765946c74Lennart Poettering option at the view or options level in named.conf.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Zone configuration information for the new zones
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering will be written into that file. To make the new
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt zones persist after a restart, "include" the file
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt into named.conf in the appropriate view. (Note:
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering This feature is not yet documented, and its syntax
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering is expected to change.) [RT #19447]
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John2929. [bug] Improved handling of GSS security contexts:
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering - added LRU expiration for generated TSIGs
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering - added the ability to use a non-default realm
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering - added new "realm" keyword in nsupdate
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek - limited lifetime of generated keys to 1 hour
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering or the lifetime of the context (whichever is
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2928. [bug] Be more selective about the non-authoritative
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering answer we apply change 2748 to. [RT #21594]
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek2927. [placeholder]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2926. [placeholder]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2925. [bug] Named failed to accept uncachable negative responses
b97610038a122ff30e60b1996369ca4b979d8b19Kay Sievers from insecure zones. [RT# 21555]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2924. [func] 'rndc secroots' dump a combined summary of the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering current managed keys combined with trusted keys.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2923. [bug] 'dig +trace' could drop core after "connection
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering timeout". [RT #21514]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2922. [contrib] Update zkt to version 1.0.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2921. [bug] The resolver could attempt to destroy a fetch context
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering too soon. [RT #19878]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering to IPv4 clients. New acl 'filter-aaaa' (default any).
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.
8e420494bc59d8b9d43e6d34d8ec8bb765946c74Lennart Poettering2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2917. [func] Virtual time test framework. [RT #20801]
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John2916. [func] Add framework to use IPv6 in tests.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2915. [cleanup] Be smarter about which objects we attempt to compile
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering based on configure options. [RT #21444]
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt2914. [bug] Make the "autosign" system test more portable.
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John2913. [func] Add pkcs#11 system tests. [RT #20784]
6afc95b73605833e6e966af1c466b5c08feb953fLennart Poettering2912. [func] Windows clients don't like UPDATE responses that clear
6afc95b73605833e6e966af1c466b5c08feb953fLennart Poettering the zone section. [RT #20986]
ca721e36083e70709ce21376c0b89bc797e53f91Lennart Poettering2911. [bug] dnssec-signzone didn't handle out of zone records well.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2910. [func] Sanity check Kerberos credentials. [RT #20986]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2909. [bug] named-checkconf -p could die if "update-policy local;"
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering was specified in named.conf. [RT #21416]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2908. [bug] It was possible for re-signing to stop after removing
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering a DNSKEY. [RT #21384]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2907. [bug] The export version of libdns had undefined references.
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John2906. [bug] Address RFC 5011 implementation issues. [RT #20903]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2905. [port] aix: set use_atomic=yes with native compiler.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2904. [bug] When using DLV, sub-zones of the zones in the DLV,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering could be incorrectly marked as insecure instead of
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering secure leading to negative proofs failing. This was
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering a unintended outcome from change 2890. [RT# 21392]
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John2903. [bug] managed-keys-directory missing from namedconf.c.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2902. [func] Add regression test for change 2897. [RT #21040]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John2900. [bug] The placeholder negative caching element was not
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering properly constructed triggering a INSIST in
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering dns_ncache_towire(). [RT #21346]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2899. [port] win32: Support linking against OpenSSL 1.0.0.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2898. [bug] nslookup leaked memory when -domain=value was
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering specified. [RT #21301]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2897. [bug] NSEC3 chains could be left behind when transitioning
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering to insecure. [RT #21040]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2896. [bug] "rndc sign" failed to properly update the zone
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering when adding a DNSKEY for publication only. [RT #21045]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2895. [func] genrandom: add support for the generation of multiple
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering files. [RT #20917]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2893. [bug] Improve managed keys support. New named.conf option
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering managed-keys-directory. [RT #20924]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2892. [bug] Handle REVOKED keys better. [RT #20961]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2891. [maint] Update empty-zones list to match
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering2890. [bug] Handle the introduction of new trusted-keys and
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering DS, DLV RRsets better. [RT #21097]
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2889. [bug] Elements of the grammar where not properly reported.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2888. [bug] Only the first EDNS option was displayed. [RT #21273]
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2887. [bug] Report the keytag times in UTC in the .key file,
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering local time is presented as a comment within the
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering comment. [RT #21223]
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2886. [bug] ctime() is not thread safe. [RT #21223]
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2885. [bug] Improve -fno-strict-aliasing support probing in
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering configure. [RT #21080]
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2884. [bug] Insufficient validation in dns_name_getlabelsequence().
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2883. [bug] 'dig +short' failed to handle really large datasets.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2882. [bug] Remove memory context from list of active contexts
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering before clearing 'magic'. [RT #21274]
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2881. [bug] Reduce the amount of time the rbtdb write lock
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering is held when closing a version. [RT #21198]
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering consistent. [RT #21078]
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2878. [func] Incrementally write the master file after performing
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering a AXFR. [RT #21010]
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2877. [bug] The validator failed to skip obviously mismatching
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering RRSIGs. [RT #21138]
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2876. [bug] Named could return SERVFAIL for negative responses
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering from unsigned zones. [RT #21131]
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2875. [bug] dns_time64_fromtext() could accept non digits.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2874. [bug] Cache lack of EDNS support only after the server
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering successfully responds to the query using plain DNS.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2873. [bug] Cancelling a dynamic update via the dns/client module
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering could trigger an assertion failure. [RT #21133]
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2872. [bug] Modify dns/client.c:dns_client_createx() to only
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering require one of IPv4 or IPv6 rather than both.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2871. [bug] Type mismatch in mem_api.c between the definition and
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering the header file, causing build failure with
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering --enable-exportlib. [RT #21138]
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2868. [cleanup] Run "make clean" at the end of configure to ensure
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering any changes made by configure are integrated.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering Use --with-make-clean=no to disable. [RT #20994]
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering don't like it. [RT #20986]
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2866. [bug] Windows does not like the TSIG name being compressed.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2865. [bug] memset to zero event.data. [RT #20986]
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2862. [bug] nsupdate didn't default to the parent zone when
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering updating DS records. [RT #20896]
cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering2861. [doc] dnssec-settime man pages didn't correctly document the
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering inactivation time. [RT #21039]
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2860. [bug] named-checkconf's usage was out of date. [RT #21039]
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2859. [bug] When cancelling validation it was possible to leak
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering memory. [RT #20800]
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2858. [bug] RTT estimates were not being adjusted on ICMP errors.
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2857. [bug] named-checkconf did not fail on a bad trusted key.
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2856. [bug] The size of a memory allocation was not always properly
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering recorded. [RT #20927]
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2855. [func] nsupdate will now preserve the entered case of domain
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering names in update requests it sends. [RT #20928]
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2854. [func] dig: allow the final soa record in a axfr response to
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering be suppressed, dig +onesoa. [RT #20929]
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2851. [doc] nslookup.1, removed <informalexample> from the docbook
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering source as it produced bad nroff. [RT #21007]
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2850. [bug] If isc_heap_insert() failed due to memory shortage
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering the heap would have corrupted entries. [RT #20951]
f3a165b05d117b9a9657076fed6b265eb40d5ba3Kay Sievers2849. [bug] Don't treat errors from the xml2 library as fatal.
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2848. [doc] Moved README.dnssec, README.libdns, README.pkcs11 and
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering README.rfc5011 into the ARM. [RT #20899]
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921]
f3a165b05d117b9a9657076fed6b265eb40d5ba3Kay Sievers2846. [bug] EOF on unix domain sockets was not being handled
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering correctly. [RT #20731]
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2845. [bug] RFC 5011 client could crash on shutdown. [RT #20903]
f3a165b05d117b9a9657076fed6b265eb40d5ba3Kay Sievers2844. [doc] notify-delay default in ARM was wrong. It should have
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering been five (5) seconds.
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2843. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering creating key files if there is a chance that the new
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering key ID will collide with an existing one after
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering either of the keys has been revoked. (To override
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering this in the case of dnssec-keyfromlabel, use the -y
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering option. dnssec-keygen will simply create a
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering different, non-colliding key, so an override is
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering not necessary.) [RT #20838]
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2842. [func] Added "smartsign" and improved "autosign" and
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering "dnssec" regression tests. [RT #20865]
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2841. [bug] Change 2836 was not complete. [RT #20883]
387abf80ad40e4a6c2f4725c8eff4d66bf110d1fLennart Poettering2840. [bug] Temporary fixed pkcs11-destroy usage check.
387abf80ad40e4a6c2f4725c8eff4d66bf110d1fLennart Poettering2839. [bug] A KSK revoked by named could not be deleted.
387abf80ad40e4a6c2f4725c8eff4d66bf110d1fLennart Poettering2838. [placeholder]
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2837. [port] Prevent Linux spurious warnings about fwrite().
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2836. [bug] Keys that were scheduled to become active could
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering be delayed. [RT #20874]
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2835. [bug] Key inactivity dates were inadvertently stored in
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering the private key file with the outdated tag
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering "Unpublish" rather than "Inactive". This has been
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering fixed; however, any existing keys that had Inactive
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering dates set will now need to have them reset, using
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering 'dnssec-settime -I'. [RT #20868]
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2834. [bug] HMAC-SHA* keys that were longer than the algorithm
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering digest length were used incorrectly, leading to
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering interoperability problems with other DNS
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering implementations. This has been corrected.
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering (Note: If an oversize key is in use, and
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering compatibility is needed with an older release of
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering BIND, the new tool "isc-hmac-fixup" can convert
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering the key secret to a form that will work with all
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering versions.) [RT #20751]
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime.
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering to avoid redefinition in some OSs [RT 20831]
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering2831. [security] Do not attempt to validate or cache
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering out-of-bailiwick data returned with a secure
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering answer; it must be re-fetched from its original
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering source and validated in that context. [RT #20819]
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering2830. [bug] Changing the OPTOUT setting could take multiple
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering passes. [RT #20813]
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering2829. [bug] Fixed potential node inconsistency in rbtdb.c.
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering2828. [security] Cached CNAME or DNAME RR could be returned to clients
33b521be152f67cd722695ba9a2966eda5ee6765Maciej Wereski without DNSSEC validation. [RT #20737]
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering2826. [bug] NSEC3->NSEC transitions could fail due to a lock not
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering being released. [RT #20740]
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering was in the process of being created was not properly
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering recorded in the zone. [RT #20786]
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering2824. [bug] "rndc sign" was not being run by the correct task.
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering2822. [bug] rbtdb.c:loadnode() could return the wrong result.
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering2821. [doc] Add note that named-checkconf doesn't automatically
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering2820. [func] Handle read access failure of OpenSSL configuration
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering file more user friendly (PKCS#11 engine patch).
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define.
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering2818. [cleanup] rndc could return an incorrect error code
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering when a zone was not found. [RT #20767]
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering2816. [bug] previous_closest_nsec() could fail to return
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering data for NSEC3 nodes [RT #29730]
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering2815. [bug] Exclusively lock the task when freezing a zone.
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering2814. [func] Provide a definitive error message when a master
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering zone is not loaded. [RT #20757]
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering2813. [bug] Better handling of unreadable DNSSEC key files.
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering2812. [bug] Make sure updates can't result in a zone with
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering NSEC-only keys and NSEC3 records. [RT 20748]
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering2811. [cleanup] Add "rndc sign" to list of commands in rndc usage
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering output. [RT #20733]
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering2810. [doc] Clarified the process of transitioning an NSEC3 zone
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering to insecure. [RT #20746]
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering2809. [cleanup] Restored accidentally-deleted text in usage output
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering in dnssec-settime and dnssec-revoke [RT #20739]
28f5c779e5513ab1301ac103471009711b0961e0Kay Sievers2808. [bug] Remove the attempt to install atomic.h from lib/isc.
28f5c779e5513ab1301ac103471009711b0961e0Kay Sievers atomic.h is correctly installed by the architecture
28f5c779e5513ab1301ac103471009711b0961e0Kay Sievers specific subdirectories. [RT #20722]
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering2807. [bug] Fixed a possible ASSERT when reconfiguring zone
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering keys. [RT #20720]
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering --- 9.7.0rc1 released ---
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering2806. [bug] "rdnc sign" could delay re-signing the DNSKEY
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering when it had changed. [RT #20703]
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering2805. [bug] Fixed namespace problems encountered when building
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering external programs using non-exported BIND9 libraries
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering (i.e., built without --enable-exportlib). [RT #20679]
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering2804. [bug] Send notifies when a zone is signed with "rndc sign"
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering or as a result of a scheduled key change. [RT #20700]
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering2803. [port] win32: Install named-journalprint, nsec3hash, arpaname
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering and genrandom under windows. [RT #20670]
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering2802. [cleanup] Rename journalprint to named-journalprint. [RT #20670]
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering2801. [func] Detect and report records that are different according
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering to DNSSEC but are semantically equal according to plain
251cc8194228ac86c9a7a4c75a54a94cea2095c7Lennart Poettering DNS. Apply plain DNS comparisons rather than DNSSEC
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering comparisons when processing UPDATE requests.
4f0be680b5323e037314cfbd3dba34f03e637c8fLennart Poettering dnssec-signzone now removes such semantically duplicate
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering records prior to signing the RRset.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering named-checkzone -r {ignore|warn|fail} (default warn)
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering named-compilezone -r {ignore|warn|fail} (default warn)
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering named.conf: check-dup-records {ignore|warn|fail};
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2800. [func] Reject zones which have NS records which refer to
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering CNAMEs, DNAMEs or don't have address record (class IN
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering only). Reject UPDATEs which would cause the zone
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering to fail the above checks if committed. [RT #20678]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2799. [cleanup] Changed the "secure-to-insecure" option to
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering "dnssec-secure-to-insecure", and "dnskey-ksk-only"
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2798. [bug] Addressed bugs in managed-keys initialization
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering and rollover. [RT #20683]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2797. [bug] Don't decrement the dispatch manager's maxbuffers.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2796. [bug] Missing dns_rdataset_disassociate() call in
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering dns_nsec3_delnsec3sx(). [RT #20681]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2795. [cleanup] Add text to differentiate "update with no effect"
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering log messages. [RT #18889]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2794. [bug] Install <isc/namespace.h>. [RT #20677]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2793. [func] Add "autosign" and "metadata" tests to the
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering automatic tests. [RT #19946]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2792. [func] "filter-aaaa-on-v4" can now be set in view
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering options (if compiled in). [RT #20635]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2791. [bug] The installation of isc-config.sh was broken.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2790. [bug] Handle DS queries to stub zones. [RT #20440]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2788. [bug] dnssec-signzone could sign with keys that were
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering not requested [RT #20625]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2787. [bug] Spurious log message when zone keys were
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering dynamically reconfigured. [RT #20659]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2786. [bug] Additional could be promoted to answer. [RT #20663]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering --- 9.7.0b3 released ---
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2785. [bug] Revoked keys could fail to self-sign [RT #20652]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2784. [bug] TC was not always being set when required glue was
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering dropped. [RT #20655]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering buffer size of 512 or less. [RT #20654]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2782. [port] win32: use getaddrinfo() for hostname lookups.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2781. [bug] Inactive keys could be used for signing. [RT #20649]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2780. [bug] dnssec-keygen -A none didn't properly unset the
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering activation date in all cases. [RT #20648]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2779. [bug] Dynamic key revocation could fail. [RT #20644]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2778. [bug] dnssec-signzone could fail when a key was revoked
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering without deleting the unrevoked version. [RT #20638]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2776. [bug] Change #2762 was not correct. [RT #20647]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2775. [bug] Accept RSASHA256 and RSASHA512 as NSEC3 compatible
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering in dnssec-keyfromlabel. [RT #20643]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2774. [bug] Existing cache DB wasn't being reused after
1fda0ab5fc9cf7454c8da32941e433dc38ba9991Zbigniew Jędrzejewski-Szmek reconfiguration. [RT #20629]
1fda0ab5fc9cf7454c8da32941e433dc38ba9991Zbigniew Jędrzejewski-Szmek2773. [bug] In autosigned zones, the SOA could be signed
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering with the KSK. [RT #20628]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2772. [security] When validating, track whether pending data was from
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering the additional section or not and only return it if
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering validates as secure. [RT #20438]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2771. [bug] dnssec-signzone: DNSKEY records could be
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering corrupted when importing from key files [RT #20624]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2770. [cleanup] Add log messages to resolver.c to indicate events
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering causing FORMERR responses. [RT #20526]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2769. [cleanup] Change #2742 was incomplete. [RT #19589]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568]
1fda0ab5fc9cf7454c8da32941e433dc38ba9991Zbigniew Jędrzejewski-Szmek2767. [bug] named could crash on startup if a zone was
1fda0ab5fc9cf7454c8da32941e433dc38ba9991Zbigniew Jędrzejewski-Szmek configured with auto-dnssec and there was no
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering key-directory. [RT #20615]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2766. [bug] isc_socket_fdwatchpoke() should only update the
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering socketmgr state if the socket is not pending on a
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering read or write. [RT #20603]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2765. [bug] Skip masters for which the TSIG key cannot be found.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2764. [bug] "rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2763. [bug] "rndc sign" didn't create an NSEC chain. [RT #20591]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2762. [bug] DLV validation failed with a local slave DLV zone.
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2761. [cleanup] Enable internal symbol table for backtrace only for
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering systems that are known to work. Currently, BSD
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering variants, Linux and Solaris are supported. [RT# 20202]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2759. [doc] Add information about .jbk/.jnw files to
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering the ARM. [RT #20303]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2758. [bug] win32: Added a workaround for a windows 2008 bug
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering that could cause the UDP client handler to shut
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering down. [RT #19176]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2757. [bug] dig: assertion failure could occur in connect
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering timeout. [RT #20599]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2755. [placeholder]
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering2754. [bug] Secure-to-insecure transitions failed when zone
00aa832b948a27507c33e2157e46963852cffc85Lennart Poettering was signed with NSEC3. [RT #20587]
606c24e3bd41207c395f24a56bcfcad791e265a5Lennart Poettering2753. [bug] Removed an unnecessary warning that could appear when
606c24e3bd41207c395f24a56bcfcad791e265a5Lennart Poettering building an NSEC chain. [RT #20589]
606c24e3bd41207c395f24a56bcfcad791e265a5Lennart Poettering2752. [bug] Locking violation. [RT #20587]
606c24e3bd41207c395f24a56bcfcad791e265a5Lennart Poettering2751. [bug] Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]
606c24e3bd41207c395f24a56bcfcad791e265a5Lennart Poettering2750. [bug] dig: assertion failure could occur when a server
606c24e3bd41207c395f24a56bcfcad791e265a5Lennart Poettering didn't have an address. [RT #20579]
606c24e3bd41207c395f24a56bcfcad791e265a5Lennart Poettering2749. [bug] ixfr-from-differences generated a non-minimal ixfr
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering for NSEC3 signed zones. [RT #20452]
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2748. [func] Identify bad answers from GTLD servers and treat them
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering as referrals. [RT #18884]
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2747. [bug] Journal roll forwards failed to set the re-signing
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering time of RRSIGs correctly. [RT #20541]
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2746. [port] hpux: address signed/unsigned expansion mismatch of
b82eed9af95668ab38cac33c7996e4d665f8709aLennart Poettering2745. [bug] configure script didn't probe the return type of
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering gai_strerror(3) correctly. [RT #20573]
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2744. [func] Log if a query was over TCP. [RT #19961]
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering for a insecure delegation.
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering --- 9.7.0b2 released ---
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2742. [cleanup] Clarify some DNSSEC-related log messages in
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2741. [func] Allow the dnssec-keygen progress messages to be
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering suppressed (dnssec-keygen -q). Automatically
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering suppress the progress messages when stdin is not
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering a tty. [RT #20474]
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2740. [placeholder]
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2739. [cleanup] Clean up API for initializing and clearing trust
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering anchors for a view. [RT #20211]
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering test. [RT #20453]
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2737. [func] UPDATE requests can leak existence information.
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2736. [func] Improve the performance of NSEC signed zones with
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering more than a normal amount of glue below a delegation.
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2735. [bug] dnssec-signzone could fail to read keys
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering that were specified on the command line with
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering full paths, but weren't in the current
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering directory. [RT #20421]
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2734. [port] cygwin: arpaname did not compile. [RT #20473]
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2733. [cleanup] Clean up coding style in pkcs11-* tools. [RT #20355]
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2732. [func] Add optional filter-aaaa-on-v4 option, available
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering if built with './configure --enable-filter-aaaa'.
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering Filters out AAAA answers to clients connecting
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering via IPv4. (This is NOT recommended for general
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering use.) [RT #20339]
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2731. [func] Additional work on change 2709. The key parser
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering will now ignore unrecognized fields when the
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering minor version number of the private key format
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering has been increased. It will reject any key with
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering the major version number increased. [RT #20310]
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2730. [func] Have dnssec-keygen display a progress indication
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering a la 'openssl genrsa' on standard error. Note
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering when the first '.' is followed by a long stop
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering one has the choice between slow generation vs.
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering poor random quality, i.e., '-r /dev/urandom'.
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2729. [func] When constructing a CNAME from a DNAME use the DNAME
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering TTL. [RT #20451]
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2728. [bug] dnssec-keygen, dnssec-keyfromlabel and
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering dnssec-signzone now warn immediately if asked to
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering write into a nonexistent directory. [RT #20278]
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering2727. [func] The 'key-directory' option can now specify a relative
2f3fcf85c5fa6c9c483b31823a0efdd28914c756Lennart Poettering path. [RT #20154]
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering2726. [func] Added support for SHA-2 DNSSEC algorithms,
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering RSASHA256 and RSASHA512. [RT #20023]
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering2725. [doc] Added information about the file "managed-keys.bind"
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering to the ARM. [RT #20235]
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering2724. [bug] Updates to a existing node in secure zone using NSEC
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering were failing. [RT #20448]
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering2723. [bug] isc_base32_totext(), isc_base32hex_totext(), and
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering isc_base64_totext(), didn't always mark regions of
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering memory as fully consumed after conversion. [RT #20445]
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering2722. [bug] Ensure that the memory associated with the name of
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering a node in a rbt tree is not altered during the life
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering of the node. [RT #20431]
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering2721. [port] Have dst__entropy_status() prime the random number
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering generator. [RT #20369]
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering2720. [bug] RFC 5011 trust anchor updates could trigger an
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering assert if the DNSKEY record was unsigned. [RT #20406]
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering2719. [func] Skip trusted/managed keys for unsupported algorithms.
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering2718. [bug] The space calculations in opensslrsa_todns() were
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering incorrect. [RT #20394]
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering2717. [bug] named failed to update the NSEC/NSEC3 record when
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering the last private type record was removed as a result
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering of completing the signing the zone with a key.
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering2716. [bug] nslookup debug mode didn't return the ttl. [RT #20414]
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering --- 9.7.0b1 released ---
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering2715. [bug] Require OpenSSL support to be explicitly disabled.
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering2713. [bug] powerpc: atomic operations missing asm("ics") /
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering __isync() calls.
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering2712. [func] New 'auto-dnssec' zone option allows zone signing
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering to be fully automated in zones configured for
7c04ad2da1cf08ebf53b9aa9671c8c1dc9577135Lennart Poettering dynamic DNS. 'auto-dnssec allow;' permits a zone
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering to be signed by creating keys for it in the
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering key-directory and using 'rndc sign <zone>'.
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering 'auto-dnssec maintain;' allows that too, plus it
cbeabcfbc5a5fa27385e5794780e8f034e090606Zbigniew Jędrzejewski-Szmek also keeps the zone's DNSSEC keys up to date
cbeabcfbc5a5fa27385e5794780e8f034e090606Zbigniew Jędrzejewski-Szmek according to their timing metadata. [RT #19943]
cbeabcfbc5a5fa27385e5794780e8f034e090606Zbigniew Jędrzejewski-Szmek2711. [port] win32: Add the bin/pkcs11 tools into the full
cbeabcfbc5a5fa27385e5794780e8f034e090606Zbigniew Jędrzejewski-Szmek build. [RT #20372]
cbeabcfbc5a5fa27385e5794780e8f034e090606Zbigniew Jędrzejewski-Szmek2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only'
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering zone option cause a zone to be signed with only KSKs
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering signing the DNSKEY RRset, not ZSKs. This reduces
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering the size of a DNSKEY answer. [RT #20340]
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering2709. [func] Added some data fields, currently unused, to the
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering private key file format, to allow implementation
ef3b5246879094e29cc99c4d24cbfeb19b7da49bLennart Poettering of explicit key rollover in a future release
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering without impairing backward or forward compatibility.
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering2708. [func] Insecure to secure and NSEC3 parameter changes via
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering update are now fully supported and no longer require
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering defines to enable. We now no longer overload the
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering NSEC3PARAM flag field, nor the NSEC OPT bit at the
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering apex. Secure to insecure changes are controlled by
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering by the named.conf option 'secure-to-insecure'.
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering Warning: If you had previously enabled support by
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering adding defines at compile time to BIND 9.6 you should
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering ensure that all changes that are in progress have
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering completed prior to upgrading to BIND 9.7. BIND 9.7
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering is not backwards compatible.
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering2707. [func] dnssec-keyfromlabel no longer require engine name
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering to be specified in the label if there is a default
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering engine or the -E option has been used. Also, it
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering now uses default algorithms as dnssec-keygen does
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering (i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering2706. [bug] Loading a zone with a very large NSEC3 salt could
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering trigger an assert. [RT #20368]
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering2705. [placeholder]
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering2704. [bug] Serial of dynamic and stub zones could be inconsistent
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering with their SOA serial. [RT #19387]
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering2703. [func] Introduce an OpenSSL "engine" argument with -E
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering for all binaries which can take benefit of
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering crypto hardware. [RT #20230]
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering2701. [doc] Correction to ARM: hmac-md5 is no longer the only
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering supported TSIG key algorithm. [RT #18046]
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering2700. [doc] The match-mapped-addresses option is discouraged.
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering2699. [bug] Missing lock in rbtdb.c. [RT #20037]
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering2698. [placeholder]
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering S_IFREG are defined after including <isc/stat.h>.
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering2696. [bug] named failed to successfully process some valid
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering acl constructs. [RT #20308]
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering2695. [func] DHCP/DDNS - update fdwatch code for use by
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering DHCP. Modify the api to isc_sockfdwatch_t (the
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering callback funciton for isc_socket_fdwatchcreate)
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering to include information about the direction (read
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering or write) and add isc_socket_fdwatchpoke.
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering2694. [bug] Reduce default NSEC3 iterations from 100 to 10.
d3a86981d1ae4c1d668e18868c3e6c9d2f23c144Lennart Poettering2693. [port] Add some noreturn attributes. [RT #20257]
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering2692. [port] win32: 32/64 bit cleanups. [RT #20335]
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering chain when re-signing a previously-signed zone.
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering Use -u to modify NSEC3 parameters or switch
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering between NSEC and NSEC3. [RT #20304]
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering2690. [bug] win32: fix isc_thread_key_getspecific() prototype.
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering2689. [bug] Correctly handle snprintf result. [RT #20306]
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering to decide to fetch the destination address. [RT #20305]
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering2687. [bug] Fixed dnssec-signzone -S handling of revoked keys.
9ca3c17f207121b3c19a44217558b056a7585944Lennart Poettering Also, added warnings when revoking a ZSK, as this is
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering not defined by protocol (but is legal). [RT #19943]
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering2686. [bug] dnssec-signzone should clean the old NSEC chain when
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering signing with NSEC3 and vice versa. [RT #20301]
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering2684. [cleanup] dig: formalize +ad and +cd as synonyms for
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering +adflag and +cdflag. [RT #19305]
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering2683. [bug] dnssec-signzone should clean out old NSEC3 chains when
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering the NSEC3 parameters used to sign the zone change.
a87197f5a22688626dc9bead29ddc1c572b074b9Zbigniew Jędrzejewski-Szmek2682. [bug] "configure --enable-symtable=all" failed to
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering build. [RT #20282]
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering decoded. [RT #20269]
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering2680. [func] Move contrib/pkcs11-keygen to bin/pkcs11. [RT #20067]
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering2679. [func] dig -k can now accept TSIG keys in named.conf
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering format. [RT #20031]
a87197f5a22688626dc9bead29ddc1c572b074b9Zbigniew Jędrzejewski-Szmek2678. [func] Treat DS queries as if "minimal-response yes;"
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering was set. [RT #20258]
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering2677. [func] Changes to key metadata behavior:
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering - Keys without "publish" or "active" dates set will
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering no longer be used for smart signing. However,
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering those dates will be set to "now" by default when
c20d8298029a39cc3e9602b30a4d23b951e11df8Kay Sievers a key is created; to generate a key but not use
a87197f5a22688626dc9bead29ddc1c572b074b9Zbigniew Jędrzejewski-Szmek it yet, use dnssec-keygen -G.
a87197f5a22688626dc9bead29ddc1c572b074b9Zbigniew Jędrzejewski-Szmek - New "inactive" date (dnssec-keygen/settime -I)
a87197f5a22688626dc9bead29ddc1c572b074b9Zbigniew Jędrzejewski-Szmek sets the time when a key is no longer used for
a87197f5a22688626dc9bead29ddc1c572b074b9Zbigniew Jędrzejewski-Szmek signing but is still published.
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering - The "unpublished" date (-U) is deprecated in
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering favor of "deleted" (-D).
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering2676. [bug] --with-export-installdir should have been
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering --with-export-includedir. [RT #20252]
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering2675. [bug] dnssec-signzone could crash if the key directory
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering did not exist. [RT #20232]
6a7d3d68bf1ae9bcdaa3a17bc76f72bb7b988ec4Lennart Poettering --- 9.7.0a3 released ---
6a7d3d68bf1ae9bcdaa3a17bc76f72bb7b988ec4Lennart Poettering2674. [bug] "dnssec-lookaside auto;" crashed if named was built
a87197f5a22688626dc9bead29ddc1c572b074b9Zbigniew Jędrzejewski-Szmek without openssl. [RT #20231]
c20d8298029a39cc3e9602b30a4d23b951e11df8Kay Sievers2673. [bug] The managed-keys.bind zone file could fail to
ab06eef8101866dd1337c4759002f7360a9db416Anatol Pomozov load due to a spurious result from sync_keyzone()
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering2672. [bug] Don't enable searching in 'host' when doing reverse
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering lookups. [RT #20218]
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering2671. [bug] Add support for PKCS#11 providers not returning
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering the public exponent in RSA private keys
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering (OpenCryptoki for instance) in
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering dnssec-keyfromlabel. [RT #19294]
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering2670. [bug] Unexpected connect failures failed to log enough
35911459410714a0e9108b35da78f96919b65ee7Lennart Poettering information to be useful. [RT #20205]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2669. [func] Update PKCS#11 support to support Keyper HSM.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering Update PKCS#11 patch to be against openssl-0.9.8i.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2668. [func] Several improvements to dnssec-* tools, including:
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering - dnssec-keygen and dnssec-settime can now set key
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering metadata fields 0 (to unset a value, use "none")
ad88e758d1b08a21d25971b074e119c167757109Zbigniew Jędrzejewski-Szmek - dnssec-revoke sets the revocation date in
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering addition to the revoke bit
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering - dnssec-settime can now print individual metadata
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering fields instead of always printing all of them,
40e21da873c120936faff0aa42a6533f6933edf7Kay Sievers and can print them in unix epoch time format for
40e21da873c120936faff0aa42a6533f6933edf7Kay Sievers use by scripts
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2667. [func] Add support for logging stack backtrace on assertion
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering failure (not available for all platforms). [RT #19780]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2666. [func] Added an 'options' argument to dns_name_fromstring()
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering (API change from 9.7.0a2). [RT #20196]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2665. [func] Clarify syntax for managed-keys {} statement, add
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering ARM documentation about RFC 5011 support. [RT #19874]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2664. [bug] create_keydata() and minimal_update() in zone.c
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering didn't properly check return values for some
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering functions. [RT #19956]
156f7d09add8fc93cae8a3f13adcb2564931fee4Kay Sievers2663. [func] win32: allow named to run as a service using
156f7d09add8fc93cae8a3f13adcb2564931fee4Kay Sievers "NT AUTHORITY\LocalService" as the account. [RT #19977]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering returned a misleading error code when lwresd was
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering down. [RT #20028]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2661. [bug] Check whether socket fd exceeds FD_SETSIZE when
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering creating lwres context. [RT #20029]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2660. [func] Add a new set of DNS libraries for non-BIND9
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering applications. See README.libdns. [RT #19369]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2659. [doc] Clarify dnssec-keygen doc: key name must match zone
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering name for DNSSEC keys. [RT #19938]
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering2658. [bug] dnssec-settime and dnssec-revoke didn't process
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering key file paths correctly. [RT #20078]
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering2657. [cleanup] Lower "journal file <path> does not exist, creating it"
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering log level to debug 1. [RT #20058]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2656. [func] win32: add a "tools only" check box to the installer
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering which causes it to only install dig, host, nslookup,
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering nsupdate and relevant DLLs. [RT #19998]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2655. [doc] Document that key-directory does not affect
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering bind.keys, rndc.key or session.key. [RT #20155]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2654. [bug] Improve error reporting on duplicated names for
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering deny-answer-xxx. [RT #20164]
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering2653. [bug] Treat ENGINE_load_private_key() failures as key
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering not found rather than out of memory. [RT #18033]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2652. [func] Provide more detail about what record is being
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering deleted. [RT #20061]
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering2651. [bug] Dates could print incorrectly in K*.key files on
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering 64-bit systems. [RT #20076]
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering2650. [bug] Assertion failure in dnssec-signzone when trying
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering to read keyset-* files. [RT #20075]
40e21da873c120936faff0aa42a6533f6933edf7Kay Sievers2649. [bug] Set the domain for forward only zones. [RT #19944]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2647. [bug] Remove unnecessary SOA updates when a new KSK is
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering added. [RT #19913]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering which default to 64 bits. [RT #19927]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering --- 9.7.0a2 released ---
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2644. [bug] Change #2628 caused a regression on some systems;
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering named was unable to write the PID file and would
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering fail on startup. [RT #20001]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2643. [bug] Stub zones interacted badly with NSEC3 support.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2642. [bug] nsupdate could dump core on solaris when reading
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering improperly formatted key files. [RT #20015]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2641. [bug] Fixed an error in parsing update-policy syntax,
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering added a regression test to check it. [RT #20007]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2640. [security] A specially crafted update packet will cause named
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering to exit. [RT #20000]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2639. [bug] Silence compiler warnings in gssapi code. [RT #19954]
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering2638. [bug] Install arpaname. [RT #19957]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering2636. [func] Simplify zone signing and key maintenance with the
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering dnssec-* tools. Major changes:
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering - all dnssec-* tools now take a -K option to
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering specify a directory in which key files will be
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering - DNSSEC can now store metadata indicating when
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering they are scheduled to be published, activated,
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering revoked or removed; these values can be set by
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering dnssec-keygen or overwritten by the new
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering dnssec-settime command
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering - dnssec-signzone -S (for "smart") option reads key
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering metadata and uses it to determine automatically
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering which keys to publish to the zone, use for
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering signing, revoke, or remove from the zone
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2634. [port] win32: Add support for libxml2, enable
40e21da873c120936faff0aa42a6533f6933edf7Kay Sievers statschannel. [RT #19773]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2633. [bug] Handle 15 bit rand() functions. [RT #19783]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2632. [func] util/kit.sh: warn if documentation appears to be out of
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering date. [RT #19922]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2631. [bug] Handle "//", "/./" and "/../" in mkdirpath().
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2630. [func] Improved syntax for DDNS autoconfiguration: use
bf9335608821264163058a8b036a00775a8ffbe4Kay Sievers "update-policy local;" to switch on local DDNS in a
bf9335608821264163058a8b036a00775a8ffbe4Kay Sievers zone. (The "ddns-autoconf" option has been removed.)
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2629. [port] Check for seteuid()/setegid(), use setresuid()/
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering setresgid() if not present. [RT #19932]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2628. [port] linux: Allow /var/run/named/named.pid to be opened
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering at startup with reduced capabilities in operation.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2627. [bug] Named aborted if the same key was included in
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering trusted-keys more than once. [RT #19918]
40e21da873c120936faff0aa42a6533f6933edf7Kay Sievers2626. [bug] Multiple trusted-keys could trigger an assertion
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering failure. [RT #19914]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2624. [func] 'named-checkconf -p' will print out the parsed
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering configuration. [RT #18871]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2623. [bug] Named started seaches for DS non-optimally. [RT #19915]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2621. [doc] Made copyright boilterplate consistent. [RT #19833]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2620. [bug] Delay thawing the zone until the reload of it has
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering completed successfully. [RT #19750]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2619. [func] Add support for RFC 5011, automatic trust anchor
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering maintenance. The new "managed-keys" statement can
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering be used in place of "trusted-keys" for zones which
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering support this protocol. (Note: this syntax is
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering expected to change prior to 9.7.0 final.) [RT #19248]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2618. [bug] The sdb and sdlz db_interator_seek() methods could
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering loop infinitely. [RT #19847]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2617. [bug] ifconfig.sh failed to emit an error message when
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering run from the wrong location. [RT #19375]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2616. [bug] 'host' used the nameservers from resolv.conf even
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering when a explicit nameserver was specified. [RT #19852]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2615. [bug] "__attribute__((unused))" was in the wrong place
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering for ia64 gcc builds. [RT #19854]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2614. [port] win32: 'named -v' should automatically be executed
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering in the foreground. [RT #19844]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2613. [placeholder]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering --- 9.7.0a1 released ---
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2612. [func] Add default values for the arguments to
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering dnssec-keygen. Without arguments, it will now
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering generate a 1024-bit RSASHA1 zone-signing key,
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering or with the -f KSK option, a 2048-bit RSASHA1
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering key-signing key. [RT #19300]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2611. [func] Add -l option to dnssec-dsfromkey to generate
43447fb72693d62363a1a271dacc70d400ed685bLennart Poettering DLV records instead of DS records. [RT #19300]
43447fb72693d62363a1a271dacc70d400ed685bLennart Poettering2610. [port] sunos: Change #2363 was not complete. [RT #19796]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2609. [func] Simplify the configuration of dynamic zones:
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering - add ddns-confgen command to generate
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering configuration text for named.conf
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering - add zone option "ddns-autoconf yes;", which
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering causes named to generate a TSIG session key
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering and allow updates to the zone using that key
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering - add '-l' (localhost) option to nsupdate, which
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering causes nsupdate to connect to a locally-running
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering named process using the session key generated
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2608. [func] Perform post signing verification checks in
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering dnssec-signzone. These can be disabled with -P.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering The post sign verification test ensures that for each
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering algorithm in use there is at least one non revoked
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering self signed KSK key. That all revoked KSK keys are
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering self signed. That all records in the zone are signed
6aa8d43ade72e24c9426e604f7fc4b7582b9db7cLennart Poettering by the algorithm. [RT #19653]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2607. [bug] named could incorrectly delete NSEC3 records for
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering empty nodes when processing a update request.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2606. [bug] "delegation-only" was not being accepted in
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering delegation-only type zones. [RT #19717]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2605. [bug] Accept DS responses from delegation only zones.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2604. [func] Add support for DNS rebinding attack prevention through
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering new options, deny-answer-addresses and
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering deny-answer-aliases. Based on contributed code from
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering JD Nurmi, Google. [RT #18192]
40e21da873c120936faff0aa42a6533f6933edf7Kay Sievers2603. [port] win32: handle .exe extension of named-checkzone and
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering named-comilezone argv[0] names under windows.
1aed45907715ad4dce7dbc84a957cd5de8cca36eLennart Poettering2602. [port] win32: fix debugging command line build of libisccfg.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2601. [doc] Mention file creation mode mask in the
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering named manual page.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2600. [doc] ARM: miscellaneous reformatting for different
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering page widths. [RT #19574]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2599. [bug] Address rapid memory growth when validation fails.
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2598. [func] Reserve the -F flag. [RT #19657]
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering2597. [bug] Handle a validation failure with a insecure delegation
85d683970b7dc2c4470b2b7d60c3d9dce28c1471Lennart Poettering from a NSEC3 signed master/slave zone. [RT #19464]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering long, leading to inefficient memory usage or rejecting
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering newer cache entries in the worst case. [RT #19563]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2594. [func] Have rndc warn if using its default configuration
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering file when the key file also exists. [RT #19424]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2593. [bug] Improve a corner source of SERVFAILs [RT #19632]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2591. [bug] named could die when processing a update in
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering removed_orphaned_ds(). [RT #19507]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2590. [func] Report zone/class of "update with no effect".
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2588. [bug] SO_REUSEADDR could be set unconditionally after failure
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering of bind(2) call. This should be rare and mostly
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering harmless, but may cause interference with other
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering processes that happen to use the same port. [RT #19642]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2587. [func] Improve logging by reporting serial numbers for
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering when zone serial has gone backwards or unchanged.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering or SDB. [RT #19577]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2585. [bug] Uninitialized socket name could be referenced via a
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering statistics channel, triggering an assertion failure in
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering XML rendering. [RT #19427]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2584. [bug] alpha: gcc optimization could break atomic operations.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2583. [port] netbsd: provide a control to not add the compile
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering date to the version string, -DNO_VERSION_DATE.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2582. [bug] Don't emit warning log message when we attempt to
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering remove non-existent journal. [RT #19516]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Requires MySQL 5.0.19 or later. [RT #19084]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2580. [bug] UpdateRej statistics counter could be incremented twice
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering for one rejection. [RT #19476]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2579. [bug] DNSSEC lookaside validation failed to handle unknown
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering algorithms. [RT #19479]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2578. [bug] Changed default sig-signing-type to 65534, because
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering 65535 turns out to be reserved. [RT #19477]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2577. [doc] Clarified some statistics counters. [RT #19454]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2576. [bug] NSEC record were not being correctly signed when
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering a zone transitions from insecure to secure.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Handle such incorrectly signed zones. [RT #19114]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2575. [func] New functions dns_name_fromstring() and
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering dns_name_tostring(), to simplify conversion
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering of a string to a dns_name structure and vice
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering versa. [RT #19451]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2574. [doc] Document nsupdate -g and -o. [RT #19351]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2573. [bug] Replacing a non-CNAME record with a CNAME record in a
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering single transaction in a signed zone failed. [RT #19397]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2572. [func] Simplify DLV configuration, with a new option
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering "dnssec-lookaside auto;" This is the equivalent
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering of "dnssec-lookaside . trust-anchor dlv.isc.org;"
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering plus setting a trusted-key for dlv.isc.org.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering Note: The trusted key is hard-coded into named,
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering but is also stored in (and can be overridden
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering by) $sysconfdir/bind.keys. As the ISC DLV key
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering rolls over it can be kept up to date by replacing
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering the bind.keys file with a key downloaded from
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering https://www.isc.org/solutions/dlv. [RT #18685]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2571. [func] Add a new tool "arpaname" which translates IP addresses
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering to the corresponding IN-ADDR.ARPA or IP6.ARPA name.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2570. [func] Log the destination address the query was sent to.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2569. [func] Move journalprint, nsec3hash, and genrandom
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering "make install" will put them in $sbindir. [RT #19301]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2568. [bug] Report when the write to indicate a otherwise
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering successful start fails. [RT #19360]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2567. [bug] dst__privstruct_writefile() could miss write errors.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering write_public_key() could miss write errors.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering dnssec-dsfromkey could miss write errors.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2566. [cleanup] Clarify logged message when an insecure DNSSEC
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering response arrives from a zone thought to be secure:
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering "insecurity proof failed" instead of "not
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering insecure". [RT #19400]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2565. [func] Add support for HIP record. Includes new functions
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering dns_rdata_hip_first(), dns_rdata_hip_next()
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering and dns_rdata_hip_current(). [RT #19384]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2564. [bug] Only take EDNS fallback steps when processing timeouts.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2563. [bug] Dig could leak a socket causing it to wait forever
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering to exit. [RT #19359]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2562. [doc] ARM: miscellaneous improvements, reorganization,
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering and some new content.
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2559. [bug] dnssec-dsfromkey could compute bad DS records when
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering reading from a K* files. [RT #19357]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2558. [func] Set the ownership of missing directories created
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering for pid-file if -u has been specified on the command
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering line. [RT #19328]
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering2557. [cleanup] PCI compliance:
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * new libisc log module file
8ad2685909f988602eca32ccba5c8ea4159e7f2eLennart Poettering * isc_dir_chroot() now also changes the working
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering directory to "/".
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering * additional INSISTs
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering * additional logging when files can't be removed.
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering error checks in the correct order resulting in the
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering wrong error code sometimes being returned. [RT #19249]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2555. [func] dig: when emitting a hex dump also display the
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering corresponding characters. [RT #19258]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2554. [bug] Validation of uppercase queries from NSEC3 zones could
96ec33c079caacdf9c7cdfb2cad2f1bc48dfca65Lennart Poettering fail. [RT #19297]
96ec33c079caacdf9c7cdfb2cad2f1bc48dfca65Lennart Poettering2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2552. [bug] zero-no-soa-ttl-cache was not being honoured.
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2551. [bug] Potential Reference leak on return. [RT #19341]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2549. [port] linux: define NR_OPEN if not currently defined.
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2548. [bug] Install iterated_hash.h. [RT #19335]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2547. [bug] openssl_link.c:mem_realloc() could reference an
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering out-of-range area of the source buffer. New public
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering function isc_mem_reallocate() was introduced to address
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering this bug. [RT #19313]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2546. [func] Add --enable-openssl-hash configure flag to use
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering OpenSSL (in place of internal routine) for hash
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering functions (MD5, SHA[12] and HMAC). [RT #18815]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2545. [doc] ARM: Legal hostname checking (check-names) is
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering for SRV RDATA too. [RT #19304]
ab06eef8101866dd1337c4759002f7360a9db416Anatol Pomozov2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2542. [doc] Update the description of dig +adflag. [RT #19290]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2541. [bug] Conditionally update dispatch manager statistics.
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2540. [func] Add a nibble mode to $GENERATE. [RT #18872]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2539. [security] Update the interaction between recursion, allow-query,
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering allow-query-cache and allow-recursion. [RT #19198]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2538. [bug] cache/ADB memory could grow over max-cache-size,
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering especially with threads and smaller max-cache-size
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering values. [RT #19240]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2537. [func] Added more statistics counters including those on socket
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering I/O events and query RTT histograms. [RT #18802]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2536. [cleanup] Silence some warnings when -Werror=format-security is
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering specified. [RT #19083]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2534. [func] Check NAPTR records regular expressions and
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering replacement strings to ensure they are syntactically
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering valid and consistant. [RT #18168]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2533. [doc] ARM: document @ (at-sign). [RT #17144]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2532. [bug] dig: check the question section of the response to
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering see if it matches the asked question. [RT #18495]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2531. [bug] Change #2207 was incomplete. [RT #19098]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2530. [bug] named failed to reject insecure to secure transitions
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering via UPDATE. [RT #19101]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2529. [cleanup] Upgrade libtool to silence complaints from recent
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering version of autoconf. [RT #18657]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2528. [cleanup] Silence spurious configure warning about
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering --datarootdir [RT #19096]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2527. [placeholder]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2526. [func] New named option "attach-cache" that allows multiple
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering views to share a single cache to save memory and
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering improve lookup efficiency. Based on contributed code
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering from Barclay Osborn, Google. [RT #18905]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2525. [func] New logging category "query-errors" to provide detailed
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering internal information about query failures, especially
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering about server failures. [RT #19027]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2523. [bug] Random type rdata freed by dns_nsec_typepresent().
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2521. [bug] Improve epoll cross compilation support. [RT #19047]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2520. [bug] Update xml statistics version number to 2.0 as change
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering #2388 made the schema incompatible to the previous
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering version. [RT #19080]
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering2519. [bug] dig/host with -4 or -6 didn't work if more than two
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering nameserver addresses of the excluded address family
0428ddb729d12563b827510e04663de9cb4056f3Lennart Poettering preceded in resolv.conf. [RT #19081]
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2518. [func] Add support for the new CERT types from RFC 4398.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2517. [bug] dig +trace with -4 or -6 failed when it chose a
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering nameserver address of the excluded address type.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2516. [bug] glue sort for responses was performed even when not
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering needed. [RT #19039]
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering a nameserver of the excluded address family.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2513. [bug] Fix windows cli build. [RT #19062]
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2512. [func] Print a summary of the cached records which make up
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering the negative response. [RT #18885]
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2509. [bug] Specifying a fixed query source port was broken.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2508. [placeholder]
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2507. [func] Log the recursion quota values when killing the
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering oldest query or refusing to recurse due to quota.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2506. [port] solaris: Check at configure time if
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering hack_shutup_pthreadonceinit is needed. [RT #19037]
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2505. [port] Treat amd64 similarly to x86_64 when determining
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering atomic operation support. [RT #19031]
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2504. [bug] Address race condition in the socket code. [RT #18899]
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2503. [port] linux: improve compatibility with Linux Standard
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering Base. [RT #18793]
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2502. [cleanup] isc_radix: Improve compliance with coding style,
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering document function in <isc/radix.h>. [RT #18534]
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2501. [func] $GENERATE now supports all rdata types. Multi-field
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering rdata types need to be quoted. See the ARM for
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering details. [RT #18368]
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering function. [RT #18582]
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering --- 9.6.0rc1 released ---
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2498. [bug] Removed a bogus function argument used with
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering ISC_SOCKET_USE_POLLWATCH: it could cause compiler
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering warning or crash named with the debug 1 level
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering of logging. [RT #18917]
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2497. [bug] Don't add RRSIG bit to NSEC3 bit map for insecure
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2496. [bug] Add sanity length checks to NSID option. [RT #18813]
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering2495. [bug] Tighten RRSIG checks. [RT #18795]
4d92e078e9d7e9a9d346065ea5e4afbafbdadb48Lennart Poettering2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
4d92e078e9d7e9a9d346065ea5e4afbafbdadb48Lennart Poettering installed. [RT #18826]
4d92e078e9d7e9a9d346065ea5e4afbafbdadb48Lennart Poettering2493. [bug] The linux capabilities code was not correctly cleaning
139ee8cc316a861bcc8a8ebdf4a8449dffe16f79Lennart Poettering up after itself. [RT #18767]
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering2492. [func] Rndc status now reports the number of cpus discovered
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering and the number of worker threads when running
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering multi-threaded. [RT #18273]
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering2491. [func] Attempt to re-use a local port if we are already using
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering the port. [RT #18548]
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering is cleared when IPV6_V6ONLY is set. [RT #18785]
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering2489. [port] solaris: Workaround Solaris's kernel bug about
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering Define ISC_SOCKET_USE_POLLWATCH at build time to enable
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering this workaround. [RT #18870]
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering2488. [func] Added a tool, dnssec-dsfromkey, to generate DS records
f9b557200b6d59a3dce1623d0873a259ee2fe421Lennart Poettering from keyset and .key files. [RT #18694]
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering2487. [bug] Give TCP connections longer to complete. [RT #18675]
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering2486. [func] The default locations for named.pid and lwresd.pid
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering This allows the owner of the containing directory
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering to be set, for "named -u" support, and allows there
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering to be a permanent symbolic link in the path, for
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering "named -t" support. [RT #18306]
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering2485. [bug] Change update's the handling of obscured RRSIG
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering records. Not all orphaned DS records were being
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering removed. [RT #18828]
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering2484. [bug] It was possible to trigger a REQUIRE failure when
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering adding NSEC3 proofs to the response in
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering query_addwildcardproof(). [RT #18828]
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering2483. [port] win32: chroot() is not supported. [RT #18805]
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering2482. [port] libxml2: support versions 2.7.* in addition
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering to 2.6.*. [RT #18806]
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering --- 9.6.0b1 released ---
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering collisions. [RT #18812]
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering2480. [bug] named could fail to emit all the required NSEC3
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering records. [RT #18812]
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering2479. [bug] xfrout:covers was not properly initialized. [RT #18801]
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering2478. [bug] 'addresses' could be used uninitialized in
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering configure_forward(). [RT #18800]
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering2477. [bug] dig: the global option to print the command line is
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering +cmd not print_cmd. Update the output to reflect
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering this. [RT #17008]
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering2476. [doc] ARM: improve documentation for max-journal-size and
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering ixfr-from-differences. [RT #15909] [RT #18541]
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering2475. [bug] LRU cache cleanup under overmem condition could purge
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering particular entries more aggressively. [RT #17628]
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering2474. [bug] ACL structures could be allocated with insufficient
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering space, causing an array overrun. [RT #18765]
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering2473. [port] linux: raise the limit on open files to the possible
075d4ecb4026c5bc55e73bd2d44e3fc4d679adc7Lennart Poettering maximum value before spawning threads; 'files'
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering specified in named.conf doesn't seem to work with
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering threads as expected. [RT #18784]
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering2472. [port] linux: check the number of available cpu's before
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering calling chroot as it depends on "/proc". [RT #16923]
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering2471. [bug] named-checkzone was not reporting missing mandatory
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering glue when sibling checks were disabled. [RT #18768]
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering2470. [bug] Elements of the isc_radix_node_t could be incorrectly
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering overwritten. [RT# 18719]
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering2469. [port] solaris: Work around Solaris's select() limitations.
6563b535a062055ae68f2e574018d9d04a864b65Lennart Poettering2468. [bug] Resolver could try unreachable servers multiple times.
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
6563b535a062055ae68f2e574018d9d04a864b65Lennart Poettering2465. [bug] Adb's handling of lame addresses was different
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering for IPv4 and IPv6. [RT #18738]
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering2464. [port] linux: check that a capability is present before
6563b535a062055ae68f2e574018d9d04a864b65Lennart Poettering trying to set it. [RT #18135]
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering API and glibc hides parts of the IPv6 Advanced Socket
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering API as a result. This is stupid as it breaks how the
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering two halves (Basic and Advanced) of the IPv6 Socket API
597c52cfedb5edd13ee1635fa6be72fc80e587c3Lennart Poettering were designed to be used but we have to live with it.
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering API. [RT #18388]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2462. [doc] Document -m (enable memory usage debugging)
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering option for dig. [RT #18757]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2461. [port] sunos: Change #2363 was not complete. [RT #17513]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering --- 9.6.0a1 released ---
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2460. [bug] Don't call dns_db_getnsec3parameters() on the cache.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2458. [doc] ARM: update and correction for max-cache-size.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2457. [tuning] max-cache-size is reverted to 0, the previous
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering default. It should be safe because expired cache
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering entries are also purged. [RT #18684]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering address, regardless of family. They now correctly
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering distinguish IPv4 from IPv6. [RT #18559]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2455. [bug] Stop metadata being transferred via axfr/ixfr.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2454. [func] nsupdate: you can now set a default ttl. [RT #18317]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2453. [bug] Remove NULL pointer dereference in dns_journal_print().
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2452. [func] Improve bin/test/journalprint. [RT #18316]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2451. [port] solaris: handle runtime linking better. [RT #18356]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2450. [doc] Fix lwresd docbook problem for manual page.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2449. [placeholder]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2448. [func] Add NSEC3 support. [RT #15452]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2447. [cleanup] libbind has been split out as a separate product.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2446. [func] Add a new log message about build options on startup.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering A new command-line option '-V' for named is also
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering provided to show this information. [RT# 18645]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2445. [doc] ARM out-of-date on empty reverse zones (list includes
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering RFC1918 address, but these are not yet compiled in).
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering (clear DF) for UDP responses and requests.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2443. [bug] win32: UDP connect() would not generate an event,
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering and so connected UDP sockets would never clean up.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering Fix this by doing an immediate WSAConnect() rather
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering than an io completion port type for UDP.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2442. [bug] A lock could be destroyed twice. [RT# 18626]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2441. [bug] isc_radix_insert() could copy radix tree nodes
a98d5d64720bdf32e3b5f72f896b583e23f730adLennart Poettering incompletely. [RT #18573]
a98d5d64720bdf32e3b5f72f896b583e23f730adLennart Poettering2440. [bug] named-checkconf used an incorrect test to determine
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering if an ACL was set to none.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2438. [bug] Timeouts could be logged incorrectly under win32.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2437. [bug] Sockets could be closed too early, leading to
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering inconsistent states in the socket module. [RT #18298]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2435. [bug] Fixed an ACL memory leak affecting win32.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2434. [bug] Fixed a minor error-reporting bug in
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2433. [tuning] Set initial timeout to 800ms.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2432. [bug] More Windows socket handling improvements. Stop
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering using I/O events and use IO Completion Ports
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering throughout. Rewrite the receive path logic to make
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering it easier to support multiple simultaneous
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering requesters in the future. Add stricter consistency
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering checking as a compile-time option (define
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2431. [bug] Acl processing could leak memory. [RT #18323]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2430. [bug] win32: isc_interval_set() could round down to
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering zero if the input was less than NS_INTERVAL
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering nanoseconds. Round up instead. [RT #18549]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2429. [doc] nsupdate should be in section 1 of the man pages.
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2428. [bug] dns_iptable_merge() mishandled merges of negative
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering tables. [RT #18409]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering was set. [RT #18528]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2426. [bug] libbind: inet_net_pton() can sometimes return the
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering wrong value if excessively large net masks are
aad803af990f7c88e94427b9278d88afe3a12d38Lennart Poettering supplied. [RT #18512]
aad803af990f7c88e94427b9278d88afe3a12d38Lennart Poettering2425. [bug] named didn't detect unavailable query source addresses
aad803af990f7c88e94427b9278d88afe3a12d38Lennart Poettering at load time. [RT #18536]
aad803af990f7c88e94427b9278d88afe3a12d38Lennart Poettering2424. [port] configure now probes for a working epoll
aad803af990f7c88e94427b9278d88afe3a12d38Lennart Poettering implementation. Allow the use of kqueue,
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering epoll and /dev/poll to be selected at compile
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering time. [RT #18277]
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering2423. [security] Randomize server selection on queries, so as to
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering make forgery a little more difficult. Instead of
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering always preferring the server with the lowest RTT,
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering pick a server with RTT within the same 128
0c11f949db8d6d9899e0c473bf1f8cca0614493eLennart Poettering millisecond band. [RT #18441]
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering2422. [bug] Handle the special return value of a empty node as
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering if it was a NXRRSET in the validator. [RT #18447]
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering2421. [func] Add new command line option '-S' for named to specify
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering the max number of sockets. [RT #18493]
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering Use caution: this option may not work for some
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering operating systems without rebuilding named.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering2420. [bug] Windows socket handling cleanup. Let the io
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering completion event send out canceled read/write
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering done events, which keeps us from writing to memory
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering we no longer have ownership of. Add debugging
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering socket_log() function. Rework TCP socket handling
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering to not leak sockets.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering should not be used for isc_sockettype_fdwatch sockets.
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering2417. [bug] Connecting UDP sockets for outgoing queries could
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering unexpectedly fail with an 'address already in use'
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering error. [RT #18411]
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering2416. [func] Log file descriptors that cause exceeding the
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering internal maximum. [RT #18460]
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering2415. [bug] 'rndc dumpdb' could trigger various assertion failures
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering2414. [bug] A masterdump context held the database lock too long,
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering causing various troubles such as dead lock and
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering recursive lock acquisition. [RT #18311, #18456]
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering2412. [bug] win32: address a resource leak. [RT #18374]
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering at compilation time. [RT #18433]
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering Note: with changes #2469 and #2421 above, there is no
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering2410. [bug] Correctly delete m_versionInfo. [RT #18432]
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering2409. [bug] Only log that we disabled EDNS processing if we were
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering subsequently successful. [RT #18029]
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering2408. [bug] A duplicate TCP dispatch event could be sent, which
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering could then trigger an assertion failure in
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering resquery_response(). [RT #18275]
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2406. [placeholder]
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2405. [cleanup] The default value for dnssec-validation was changed to
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering "yes" in 9.5.0-P1 and all subsequent releases; this
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering was inadvertently omitted from CHANGES at the time.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2404. [port] hpux: files unlimited support.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2403. [bug] TSIG context leak. [RT #18341]
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2402. [port] Support Solaris 2.11 and over. [RT #18362]
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2401. [bug] Expect to get E[MN]FILE errno internal_accept()
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering (from accept() or fcntl() system calls). [RT #18358]
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2399. [placeholder]
ab06eef8101866dd1337c4759002f7360a9db416Anatol Pomozov2398. [bug] Improve file descriptor management. New,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering temporary, named.conf option reserved-sockets,
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering default 512. [RT #18344]
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2397. [bug] gssapi_functions had too many elements. [RT #18355]
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2396. [bug] Don't set SO_REUSEADDR for randomized ports.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2395. [port] Avoid warning and no effect from "files unlimited"
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering on Linux when running as root. [RT #18335]
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2394. [bug] Default configuration options set the limit for
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering open files to 'unlimited' as described in the
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering documentation. [RT #18331]
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2393. [bug] nested acls containing keys could trigger an
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering assertion in acl.c. [RT #18166]
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2392. [bug] remove 'grep -q' from acl test script, some platforms
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering don't support it. [RT #18253]
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2391. [port] hpux: cover additional recvmsg() error codes.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2390. [bug] dispatch.c could make a false warning on 'odd socket'.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2389. [bug] Move the "working directory writable" check to after
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering the ns_os_changeuser() call. [RT #18326]
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2388. [bug] Avoid using tables for layout purposes in
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering statistics XSL [RT #18159].
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2387. [bug] Silence compiler warnings in lib/isc/radix.c.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering [RT #18147] [RT #18258]
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2386. [func] Add warning about too small 'open files' limit.
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2385. [bug] A condition variable in socket.c could leak in
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering rare error handling [RT #17968].
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2384. [security] Fully randomize UDP query ports to improve
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering forgery resilience. [RT #17949, #18098]
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2383. [bug] named could double queries when they resulted in
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering SERVFAIL due to overkilling EDNS0 failure detection.
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
c269cec334f940d82146f70d69125b1caef08baaLennart Poettering2381. [port] dlz/mysql: support multiple install layouts for
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering mysql. <prefix>/include/{,mysql/}mysql.h and
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering <prefix>/lib/{,mysql/}. [RT #18152]
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering proofs which, in turn, caused validation failures
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering for insecure zones immediately below a secure zone
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering the server was authoritative for. [RT #18112]
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering TLDs and supported RRs with TTLs [RT #17972]
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2376. [bug] Change #2144 was not complete.
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2375. [placeholder]
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2374. [bug] "blackhole" ACLs could cause named to segfault due
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering to some uninitialized memory. [RT #18095]
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2373. [bug] Default values of zone ACLs were re-parsed each time a
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering new zone was configured, causing an overconsumption
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering of memory. [RT #18092]
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2372. [bug] Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2371. [doc] Add +nsid option to dig man page. [RT #18039]
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2370. [bug] "rndc freeze" could trigger an assertion in named
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering when called on a nonexistent zone. [RT #18050]
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2369. [bug] libbind: Array bounds overrun on read in bitncmp().
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2368. [port] Linux: use libcap for capability management if
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering possible. [RT# 18026]
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2367. [bug] Improve counting of dns_resstatscounter_retry
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2366. [bug] Adb shutdown race. [RT #18021]
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2365. [bug] Fix a bug that caused dns_acl_isany() to return
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering spurious results. [RT #18000]
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2364. [bug] named could trigger a assertion when serving a
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering malformed signed zone. [RT #17828]
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2362. [cleanup] Make "rrset-order fixed" a compile-time option.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering settable by "./configure --enable-fixed-rrset".
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Disabled by default. [RT #17977]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2361. [bug] "recursion" statistics counter could be counted
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering multiple times for a single query. [RT #17990]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2360. [bug] Fix a condition where we release a database version
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering (which may acquire a lock) while holding the lock.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2359. [bug] Fix NSID bug. [RT #17942]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2358. [doc] Update host's default query description. [RT #17934]
d1f9edafe7b832c507931640f32069d001916b0eLennart Poettering2357. [port] Don't use OpenSSL's engine support in versions before
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering OpenSSL 0.9.7f. [RT #17922]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2356. [bug] Built in mutex profiler was not scalable enough.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2355. [func] Extend the number statistics counters available.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2354. [bug] Failed to initialize some rdatasetheader_t elements.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2353. [func] Add support for Name Server ID (RFC 5001).
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering 'dig +nsid' requests NSID from server.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering 'request-nsid yes;' causes recursive server to send
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering NSID requests to upstream servers. Server responds
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering to NSID requests with the string configured by
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering 'server-id' option. [RT #17091]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2352. [bug] Various GSS_API fixups. [RT #17729]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2350. [port] win32: IPv6 support. [RT #17797]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2349. [func] Provide incremental re-signing support for secure
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering dynamic zones. [RT #1091]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2348. [func] Use the EVP interface to OpenSSL. Add PKCS#11 support.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Documentation is in the new README.pkcs11 file.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering New tool, dnssec-keyfromlabel, which takes the
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering label of a key pair in a HSM and constructs a DNS
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering key pair for use by named and dnssec-signzone.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2347. [bug] Delete now traverses the RB tree in the canonical
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering order. [RT #17451]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2346. [func] Memory statistics now cover all active memory contexts
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering in increased detail. [RT #17580]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2345. [bug] named-checkconf failed to detect when forwarders
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering were set at both the options/view level and in
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering a root zone. [RT #17671]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2344. [bug] Improve "logging{ file ...; };" documentation.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2343. [bug] (Seemingly) duplicate IPv6 entries could be
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering created in ADB. [RT #17837]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2342. [func] Use getifaddrs() if available under Linux. [RT #17224]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2341. [bug] libbind: add missing -I../include for off source
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering tree builds. [RT #17606]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2340. [port] openbsd: interface configuration. [RT #17700]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2339. [port] tru64: support for libbind. [RT #17589]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2338. [bug] check_ds() could be called with a non DS rdataset.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2336. [func] If "named -6" is specified then listen on all IPv6
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering interfaces if there are not listen-on-v6 clauses in
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2335. [port] sunos: libbind and *printf() support for long long.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering bug in fromstruct_txt(). [RT #17609]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2333. [bug] Fix off by one error in isc_time_nowplusinterval().
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2332. [contrib] query-loc-0.4.0. [RT #17602]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2331. [bug] Failure to regenerate any signatures was not being
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering reported nor being past back to the UPDATE client.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2330. [bug] Remove potential race condition when handling
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering over memory events. [RT #17572]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering WARNING: API CHANGE: over memory callback
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering function now needs to call isc_mem_waterack().
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering See <isc/mem.h> for details.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2329. [bug] Clearer help text for dig's '-x' and '-i' options.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2327. [bug] It was possible to dereference a NULL pointer in
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering rbtdb.c. Implement dead node processing in zones as
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering we do for caches. [RT #17312]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2326. [bug] It was possible to trigger a INSIST in the acache
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2325. [port] Linux: use capset() function if available. [RT #17557]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2324. [bug] Fix IPv6 matching against "any;". [RT #17533]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2323. [port] tru64: namespace clash. [RT #17547]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2322. [port] MacOS: work around the limitation of setrlimit()
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering for RLIMIT_NOFILE. [RT #17526]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2321. [placeholder]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2320. [func] Make statistics counters thread-safe for platforms
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering that support certain atomic operations. [RT #17466]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2319. [bug] Silence Coverity warnings in
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2318. [port] sunos fixes for libbind. [RT #17514]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
2d938ac75d013f713c1225def78a53583af6a596Lennart Poettering2315. [bug] Used incorrect address family for mapped IPv4
2d938ac75d013f713c1225def78a53583af6a596Lennart Poettering addresses in acl.c. [RT #17519]
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers2314. [bug] Uninitialized memory use on error path in
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers2313. [cleanup] Silence Coverity warnings. Handle private stacks.
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers [RT #17447] [RT #17478]
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2311. [bug] IPv6 addresses could match IPv4 ACL entries and
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering vice versa. [RT #17462]
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering2310. [bug] dig, host, nslookup: flush stdout before emitting
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering debug/fatal messages. [RT #17501]
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering2306. [bug] Remove potential race from lib/dns/resolver.c.
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering2305. [security] inet_network() buffer overflow. CVE-2008-0122.
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering2304. [bug] Check returns from all dns_rdata_tostruct() calls.
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2301. [bug] Remove resource leak and fix error messages in
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering bin/tests/system/lwresd/lwtest.c. [RT #17474]
187076d47907f7b3fcd61b2ef5eef9820915946aLennart Poettering2300. [bug] Fixed failure to close open file in
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers2299. [bug] Remove unnecessary NULL check in
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers2298. [bug] isc_mutex_lock() failure not caught in
07cd4fc16806783d3b6b3008db222ac6a024805cKay Sievers2297. [bug] isc_entropy_createfilesource() failure not caught in
f13b388f97bc3ba8db844bd3413d510e2466a0b6Kay Sievers2296. [port] Allow docbook stylesheet location to be specified to
64661ee70d5a10c6208a1cb66ecd8b158e2d8bc5Kay Sievers configure. [RT #17457]
2d13da8821b8197e62f819b5b996750800e910abKay Sievers2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers2294. [func] Allow the experimental statistics channels to have
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers multiple connections and ACL.
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers Note: the stats-server and stats-server-v6 options
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers available in the previous beta releases are replaced
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering with the generic statistics-channels statement.
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers2293. [func] Add ACL regression test. [RT #17375]
f13b388f97bc3ba8db844bd3413d510e2466a0b6Kay Sievers2292. [bug] Log if the working directory is not writable.
f13b388f97bc3ba8db844bd3413d510e2466a0b6Kay Sievers2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering failure to set PR_SET_DUMPABLE. [RT #17312]
c195956988799837b763ab1b9f078e5f0b7f26e6Kay Sievers2290. [bug] Let AD in the query signal that the client wants AD
c195956988799837b763ab1b9f078e5f0b7f26e6Kay Sievers set in the response. [RT #17301]
c195956988799837b763ab1b9f078e5f0b7f26e6Kay Sievers2289. [func] named-checkzone now reports the out-of-zone CNAME
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering found. [RT #17309]
18b754d345ecb0b15e369978aaffa72e9814b86aKay Sievers2288. [port] win32: mark service as running when we have finished
18b754d345ecb0b15e369978aaffa72e9814b86aKay Sievers loading. [RT #17441]
18b754d345ecb0b15e369978aaffa72e9814b86aKay Sievers2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
18b754d345ecb0b15e369978aaffa72e9814b86aKay Sievers2286. [func] Allow a TCP connection to be used as a weak
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering authentication method for reverse zones.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering New update-policy methods tcp-self and 6to4-self.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2285. [func] Test framework for client memory context management.
49f43d5f91a99b23f745726aa351d8f159774357Ville Skyttä2284. [bug] Memory leak in UPDATE prerequisite processing.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2283. [bug] TSIG keys were not attaching to the memory
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering context. TSIG keys should use the rings
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering memory context rather than the clients memory
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering context. [RT #17377]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2282. [bug] Acl code fixups. [RT #17346] [RT #17374]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2281. [bug] Attempts to use undefined acls were not being logged.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2280. [func] Allow the experimental http server to be reached
3943231cfeb3d76dc4ec0b9f845c3f874593a9deLennart Poettering over IPv6 as well as IPv4. [RT #17332]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering to protect applications from receiving spurious
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering SIGPIPE signals when using the resolver.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2278. [bug] win32: handle the case where Windows returns no
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering search list or DNS suffix. [RT #17354]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2277. [bug] Empty zone names were not correctly being caught at
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering in the post parse checks. [RT #17357]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2275. [func] Add support to dig to perform IXFR queries over UDP.
439d6dfd12f58d7230bcae06d73b841eb3bc588aLennart Poettering2274. [func] Log zone transfer statistics. [RT #17336]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2273. [bug] Adjust log level to WARNING when saving inconsistent
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering stub/slave master and journal files. [RT# 17279]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2271. [bug] Fix a memory leak in http server code [RT #17100]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2270. [bug] dns_db_closeversion() version->writer could be reset
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering before it is tested. [RT #17290]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
3943231cfeb3d76dc4ec0b9f845c3f874593a9deLennart Poettering2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering --- 9.5.0b1 released ---
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2267. [bug] Radix tree node_num value could be set incorrectly,
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering causing positive ACL matches to look like negative
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering ones. [RT #17311]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2266. [bug] client.c:get_clientmctx() returned the same mctx
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering once the pool of mctx's was filled. [RT #17218]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2265. [bug] Test that the memory context's basic_table is non NULL
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering before freeing. [RT #17265]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2264. [bug] Server prefix length was being ignored. [RT #17308]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2263. [bug] "named-checkconf -z" failed to set default value
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering for "check-integrity". [RT #17306]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2262. [bug] Error status from all but the last view could be
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering lost. [RT #17292]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2260. [bug] Reported wrong clients-per-query when increasing the
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering value. [RT #17236]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2259. [placeholder]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering --- 9.5.0a7 released ---
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2257. [bug] win32: Use the full path to vcredist_x86.exe when
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering calling it. [RT #17222]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2256. [bug] win32: Correctly register the installation location of
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
f8c0a2cb695e3b8140b51cb40637a09ba6eff48eLennart Poettering2254. [bug] timer.c:dispatch() failed to lock timer->lock
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering when reading timer->idle allowing it to see
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering intermediate values as timer->idle was reset by
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering isc_timer_touch(). [RT #17243]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2253. [func] "max-cache-size" defaults to 32M.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering "max-acache-size" defaults to 16M.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2252. [bug] Fixed errors in sortlist code [RT #17216]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2251. [placeholder]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2250. [func] New flag 'memstatistics' to state whether the
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering memory statistics file should be written or not.
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering Additionally named's -m option will cause the
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering statistics file to be written. [RT #17113]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2249. [bug] Only set Authentic Data bit if client requested
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering DNSSEC, per RFC 3655 [RT #17175]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2247. [doc] Sort doc/misc/options. [RT #17067]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2246. [bug] Make the startup of test servers (ans.pl) more
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering robust. [RT #17147]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2245. [bug] Validating lack of DS records at trust anchors wasn't
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering working. [RT #17151]
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering2244. [func] Allow the check of nameserver names against the
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering SOA MNAME field to be disabled by specifying
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering 'notify-to-soa yes;'. [RT #17073]
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering2243. [func] Configuration files without a newline at the end now
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering parse without error. [RT #17120]
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering library could require a source of random data.
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering2241. [func] nsupdate: add a interactive 'help' command. [RT #17099]
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
79849bf9f47f9867c72c7eb76b981bb354d0e30eLennart Poettering a number of INSIST()s into plain fatal() errors
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering which report the triggering result code.
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering The 'key' command wasn't disabling GSS-TSIG.
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering2238. [bug] It was possible to trigger a REQUIRE when a
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering validation was canceled. [RT #17106]
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
ab06eef8101866dd1337c4759002f7360a9db416Anatol Pomozov2236. [bug] dnssec-signzone failed to preserve the case of
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering of wildcard owner names. [RT #17085]
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering2233. [func] Add support for O(1) ACL processing, based on
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering radix tree code originally written by Kevin
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering Brintnall. [RT #16288]
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering2232. [bug] dns_adb_findaddrinfo() could fail and return
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering ISC_R_SUCCESS. [RT #17137]
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering2230. [bug] We could INSIST reading a corrupted journal.
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering2229. [bug] Null pointer dereference on query pool creation
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering failure. [RT #17133]
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering2228. [contrib] contrib: Change 2188 was incomplete.
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering2227. [cleanup] Tidied up the FAQ. [RT #17121]
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering2226. [placeholder]
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering2225. [bug] More support for systems with no IPv4 addresses.
16f1239e1ece27257c0deedcf01aa39474f66241Lennart Poettering2224. [bug] Defer journal compaction if a xfrin is in progress.
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering2223. [bug] Make a new journal when compacting. [RT #17119]
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering2222. [func] named-checkconf now checks server key references.
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering2221. [bug] Set the event result code to reflect the actual
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering record turned to caller when a cache update is
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering rejected due to a more credible answer existing.
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering2220. [bug] win32: Address a race condition in final shutdown of
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering the Windows socket code. [RT #17028]
437b7dee328738b7aca89a9c7527f228ff8f2d34Lennart Poettering2219. [bug] Apply zone consistency checks to additions, not
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering removals, when updating. [RT #17049]
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering2217. [func] Adjust update log levels. [RT #17092]
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering2216. [cleanup] Fix a number of errors reported by Coverity.
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering2214. [bug] Deregister OpenSSL lock callback when cleaning
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering up. Reorder OpenSSL cleanup so that RAND_cleanup()
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering is called before the locks are destroyed. [RT #17098]
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering2213. [bug] SIG0 diagnostic failure messages were looking at the
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering wrong status code. [RT #17101]
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering2212. [func] 'host -m' now causes memory statistics and active
204fa33c82588c47ebeef3f8c4c0b7da750e37f7Lennart Poettering memory to be printed at exit. [RT 17028]
e0d25329b23a43332ea340f9907721873a316f4eKay Sievers2211. [func] Update "dynamic update temporarily disabled" message.
e0d25329b23a43332ea340f9907721873a316f4eKay Sievers2210. [bug] Deleting class specific records via UPDATE could
e0d25329b23a43332ea340f9907721873a316f4eKay Sievers fail. [RT #17074]
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering2209. [port] osx: linking against user supplied static OpenSSL
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering libraries failed as the system ones were still being
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering found. [RT #17078]
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering2208. [port] win32: make sure both build methods produce the
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering same output. [RT #17058]
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering2207. [port] Some implementations of getaddrinfo() fail to set
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering ai_canonname correctly. [RT #17061]
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering --- 9.5.0a6 released ---
ccd07a083e8040a5bb091c5036ab1b4493ff8363Lennart Poettering2206. [security] "allow-query-cache" and "allow-recursion" now
353e12c2f4a9e96a47eb80b80d2ffb7bc1d44a1bLennart Poettering cross inherit from each other.
353e12c2f4a9e96a47eb80b80d2ffb7bc1d44a1bLennart Poettering If allow-query-cache is not set in named.conf then
353e12c2f4a9e96a47eb80b80d2ffb7bc1d44a1bLennart Poettering allow-recursion is used if set, otherwise allow-query
353e12c2f4a9e96a47eb80b80d2ffb7bc1d44a1bLennart Poettering is used if set, otherwise the default (localnets;
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering localhost;) is used.
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering If allow-recursion is not set in named.conf then
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering allow-query-cache is used if set, otherwise allow-query
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering is used if set, otherwise the default (localnets;
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering localhost;) is used.
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering2204. [bug] "rndc flushanme name unknown-view" caused named
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering to crash. [RT #16984]
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering2203. [security] Query id generation was cryptographically weak.
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering2202. [security] The default acls for allow-query-cache and
d26e4270409506cd398875216413b651d6ee7de6Lennart Poettering allow-recursion were not being applied. [RT #16960]
b13df9644bc6d4823b5a84e8a6bbf3bbb2c207c2Lennart Poettering2201. [bug] The build failed in a separate object directory.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2200. [bug] The search for cached NSEC records was stopping to
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering early leading to excessive DLV queries. [RT #16930]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2199. [bug] win32: don't call WSAStartup() while loading dlls.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2198. [bug] win32: RegCloseKey() could be called when
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering RegOpenKeyEx() failed. [RT #16911]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2197. [bug] Add INSIST to catch negative responses which are
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering not setting the event result code appropriately.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2196. [port] win32: yield processor while waiting for once to
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering to complete. [RT #16958]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2195. [func] dnssec-keygen now defaults to nametype "ZONE"
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering when generating DNSKEYs. [RT #16954]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2194. [bug] Close journal before calling 'done' in xfrin.c.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering --- 9.5.0a5 released ---
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2193. [port] win32: BINDInstall.exe is now linked statically.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2192. [port] win32: use vcredist_x86.exe to install Visual
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Studio's redistributable dlls if building with
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Visual Stdio 2005 or later.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2191. [func] named-checkzone now allows dumping to stdout (-).
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering named-checkconf now has -h for help.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering named-checkzone now has -h for help.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering rndc now has -h for help.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering Better handling of '-?' for usage summaries.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2190. [func] Make fallback to plain DNS from EDNS due to timeouts
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering more visible. New logging category "edns-disabled".
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2189. [bug] Handle socket() returning EINTR. [RT #15949]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2188. [contrib] queryperf: autoconf changes to make the search for
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering libresolv or libbind more robust. [RT #16299]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2187. [bug] query_addds(), query_addwildcardproof() and
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering query_addnxrrsetnsec() should take a version
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering argument. [RT #16368]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2186. [port] cygwin: libbind: check for struct sockaddr_storage
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering independently of IPv6. [RT #16482]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2185. [port] sunos: libbind: check for ssize_t, memmove() and
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering memchr(). [RT #16463]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2184. [bug] bind9.xsl.h didn't build out of the source tree.
b6a867398de9f75fb623a84db7c6181d26b0a8d5Lennart Poettering2183. [bug] dnssec-signzone didn't handle offline private keys
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering well. [RT #16832]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering could return ISC_R_SUCCESS when they ran out of
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering memory. [RT #16365]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2180. [cleanup] Remove bit test from 'compress_test' as they
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering are no longer needed. [RT #16497]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2179. [func] 'rndc command zone' will now find 'zone' if it is
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering unique to all the views. [RT #16821]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2178. [bug] 'rndc reload' of a slave or stub zone resulted in
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering a reference leak. [RT #16867]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2177. [bug] Array bounds overrun on read (rcodetext) at
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering debug level 10+. [RT #16798]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2176. [contrib] dbus update to handle race condition during
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering initialization (Bugzilla 235809). [RT #16842]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2175. [bug] win32: windows broadcast condition variable support
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering was broken. [RT #16592]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2174. [bug] I/O errors should always be fatal when reading
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering master files. [RT #16825]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2173. [port] win32: When compiling with MSVS 2005 SP1 we also
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering --- 9.5.0a4 released ---
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2172. [bug] query_addsoa() was being called with a non zone db.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2171. [bug] Handle breaks in DNSSEC trust chains where the parent
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering servers are not DS aware (DS queries to the parent
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering return a referral to the child).
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2170. [func] Add acache processing to test suite. [RT #16711]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2169. [bug] host, nslookup: when reporting NXDOMAIN report the
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering given name and not the last name searched for.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2168. [bug] nsupdate: in non-interactive mode treat syntax errors
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering as fatal errors. [RT #16785]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2167. [bug] When re-using a automatic zone named failed to
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering attach it to the new view. [RT #16786]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering --- 9.5.0a3 released ---
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2166. [bug] When running in batch mode, dig could misinterpret
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering a server address as a name to be looked up, causing
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering unexpected output. [RT #16743]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2165. [func] Allow the destination address of a query to determine
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering if we will answer the query or recurse.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering allow-query-on, allow-recursion-on and
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering allow-query-cache-on. [RT #16291]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2164. [bug] The code to determine how named-checkzone /
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering named-compilezone was called failed under windows.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2163. [bug] If only one of query-source and query-source-v6
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering specified a port the query pools code broke (change
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering 2129). [RT #16768]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2162. [func] Allow "rrset-order fixed" to be disabled at compile
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering time. [RT #16665]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2161. [bug] Fix which log messages are emitted for 'rndc flush'.
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering from getifaddrs(). [RT #16708]
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering --- 9.5.0a2 released ---
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2159. [bug] Array bounds overrun in acache processing. [RT #16710]
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering2158. [bug] ns_client_isself() failed to initialize key
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
Fix a memory leak in rbtdb.c:free_noqname().
Make lookup.c:lookup_find() robust against
2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
dighost.c:get_trusted_key(). [RT #16678]
hmac_link.c. [RT #16437]
2145. [bug] Check DS/DLV digest lengths for known digests.
2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
in adb.c. [RT #16670]
2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2137. [port] Mips little endian and/or mips 64 bit are now
2136. [bug] nslookup/host looped if there was no search list
2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
2114. [bug] dig/host/nslookup: searches for names with multiple
2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
2103. [port] Add /usr/sfw to list of locations for OpenSSL
2100. [port] win32: copy libeay32.dll to Build\Debug.
2098. [bug] Race in rbtdb.c:no_references(), which occasionally
if resolv.conf does not exist or no nameservers
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
2085. [doc] win32: added index.html and README to zip. [RT #16201]
2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
2080. [port] libbind: res_init.c did not compile on older versions
2076. [bug] Several files were missing #include <config.h>
of authoritative servers that drop EDNS and/or CD
2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
2043. [port] nsupdate/nslookup: Force the flushing of the prompt
2038. [bug] dig/nslookup/host was unlinking from wrong list
a non slave/stub zone. [RT # 16073]
2028. [port] linux: socket.c compatibility for old systems.
2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
2008. [func] It is now possible to enable/disable DNSSEC
breaks DNSSEC (firewall/proxy). [RT #15592]
2003. [bug] libbind: The DNS name/address lookup functions could
1988. [bug] Remove a bus error from the SHA256/SHA512 support.
1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
1981. [bug] win32: condition.c:wait() could fail to reattain
1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
now be set in named.conf (max-udp-size). This is
xfrin.c:maybe_free() if named ran out of memory.
1944. [cleanup] isc_hash_create() does not need a read/write lock.
1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
1922. [bug] check-tool.c:setup_logging() missing call to
1919. [contrib] queryperf: a set of new features: collecting/printing
'RD' was set in the query. host/nslookup skip servers
1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
1866. [bug] resolv.conf parse errors were being ignored by
dig/host/nslookup. [RT #14841]
1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
when CFLAGS contains "-I /usr/local/include"
1839. [bug] <isc/hash.h> was not being installed.
1836. [cleanup] Silence compiler warnings in hash_test.c.
1834. [bug] Bad memset in rdata_test.c. [RT #13658]
rbtdb.c:subtractrdataset(). [RT #13519]
option in named.conf can be used to specify a
1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
1810. [bug] configure, lib/bind/configure make different default
1808. [bug] zone.c:notify_zone() contained a race condition,
1788. [bug] libbind9.la/libbind9.so needs to link against
1785. [bug] libbind9.la/libbind9.so needs to link against
1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
file clause for rbt{64} master/hint zones. [RT#13009]
1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
1748. [func] dig now returns the byte count for axfr/ixfr.
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
1745. [bug] Dig/host/nslookup accept replies from link locals
1731. [port] darwin: relax version test in ifconfig.sh.
1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
1717. [port] solaris: ifconfig.sh did not support Solaris 10.
"ifconfig.sh down" didn't work for Solaris 9.
1716. [doc] named.conf(5) was being installed in the wrong
1714. [bug] dig/host/nslookup were only trying the first
1707. [contrib] sdb/ldap updated to version 1.0-beta.
1705. [func] Allow the journal's name to be changed via named.conf.
"#include <isc/print.h>". [RT #12321]
1701. [doc] A minimal named.conf man page.
are defined in named.conf. [RT #12023]
/usr/lib. [RT #11971]
1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
adb.c:set_target(). [RT #11582]
1648. [func] Update dnssec-lookaside named.conf syntax to support
1625. [bug] named failed to load/transfer RFC2535 signed zones
1612. [bug] check-names at the option/view level could trigger
1599. [bug] Fix memory leak on error path when checking named.conf.
DNSSEC specify "dnssec-enable yes;" in named.conf.
1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
1566. [port] Support for the cmsg framework on Solaris and HP/UX.
were specified in /etc/resolv.conf. [RT #8232]
1551. [port] Open "/dev/null" before calling chroot().
1532. [port] netbsd: the configure test for <sys/sysctl.h>
requires <sys/param.h>.
1517. [port] Support for IPv6 interface scanning on HP/UX and
only (e.g. DE, LV, US and MUSEUM) these can be excluded
1503. [port] win32: install libeay32.dll outside of system32.
named.conf, tcp-listen-queue.
1498. [port] bsdos: 5.x support.
1478. [port] ifconfig.sh didn't account for other virtual
1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
doc/misc/options. [RT #5616]
via named.conf (edns-udp-size).
1425. [port] linux/libbind: define __USE_MISC when testing *_r()
function prototypes in netdb.h. [RT #4921]
1422. [func] Log name/type/class when denying a query. [RT #4663]
1419. [port] openbsd: use /dev/arandom. [RT #4950]
1417. [func] ID.SERVER/CHAOS is now a built in zone.
1410. [func] Handle records that live in the parent zone, e.g. DS.
1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
'recursing-file = "named.recursing";'.
1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
1353. [contrib] sdb/ldap to version 0.9.
in socket.c and eliminating a host of socket
1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
1336. [func] Nibble lookups under IP6.ARPA are now supported by
1334. [bug] When signing/verifying rdatasets, duplicate rdatas
1326. [bug] DNAME/CNAME signatures were not being cached when
1324. [port] darwin: ifconfig.sh now supports darwin.
1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
1276. [bug] libbind: const pointer conflicts in res_debug.c.
1269. [port] Openserver: ifconfig.sh support.
<sys/param.h> is included or not. Be consistent.
1247. [bug] Don't reset the interface index for link/site local
1234. [bug] contrib/sdb: 'zonetodb' failed to call
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
at the named.conf checking stage. [RT #2431]
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
lib/dns to use this function instead of local one.
occurs when parsing named.conf. [RT #2275]
1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
1145. [func] "host" no longer reports a NOERROR/NODATA response
named/lwresd at compile time. [RT #1982]
1119. [func] Added support in Win32 for NTFS file/directory ACL's
could cause an assertion failure in resolver.c
violation in adb.c. [RT #2017]
1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
1088. [port] libbind: MPE/iX C.70 (incomplete)
on load/reload if views were used. [RT #1947]
1041. [bug] Dig/host/nslookup could catch an assertion failure
1032. [func] hostname.bind/txt/chaos now returns the name of
1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
1030. [bug] On systems with no resolv.conf file, nsupdate
1029. [bug] Some named.conf errors did not cause the loading
1002. [bug] When reporting an unknown class name in named.conf,
972. [bug] The file modification time code in zone.c was using the
non-existent nlist.h. [RT #1640]
957. [bug] sys/select.h inclusion was broken on older platforms.
in named/win32/os.c due to code changes in
updated to add include path for os.h header.
953. [func] The /var/run/named.key file from change #843
has been replaced by /etc/rndc.key. Both
method (rndc.conf / controls). Unlike
bin/tests. [RT #1555].
946. [cleanup] doc/misc/options is now machine-generated from the
when installing isc-config.sh.
were not accepted in named.conf. [RT #1469]
and added lib/isc/win32/entropy.c.
900. [bug] A config.guess update changed the system identification
bin/tests/system/ifconfig.sh now recognize the new
899. [bug] lib/dns/soa.c failed to compile on many platforms
897. [bug] A config.guess update changed the system identification
to Darwin. This was derived from the config.guess
849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
just as <lwres/net.h> does.
843. [func] If no controls statement is present in named.conf,
generated by named and an rndc.conf-style file
named named.key will be written that uses it. rndc
838. [port] UnixWare 7.x.x is now suported by
833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
<dns/soa.h>, and extended them to support
832. [bug] The default location for named.conf in named-checkconf
825. [bug] zone.c:ns_query() detached from the wrong zone
character (i.e. "/") in its name and the directory
down-cased when signing/verifying records. [RT #1186]
in rndc.conf.
786. [bug] When DNSSEC signing/verifying data, owner names were
755. [bug] Fix incorrectly formatted log messages in zone.c.
748. [doc] List supported RFCs in doc/misc/rfc-compliance.
739. [port] Look for /dev/random in configure, rather than
737. [port] stdtime.c failed to compile on certain platforms.
dispatch.c:do_cancel(). [RT #733]
718. [cleanup] "internal" is no longer a reserved word in named.conf.
failure in adb.c. [RT #738]
703. [port] sys/select.h is needed on older platforms. [RT #695]
702. [func] If the address 0.0.0.0 is seen in resolv.conf,
693. [bug] An empty lwres statement in named.conf caused
685. [bug] nslookup should use the search list/domain options
from resolv.conf by default. [RT #405, #630]
646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
for syntax checking named.conf files and zone files,
604. [bug] The named.conf parser could print incorrect line
577. [func] Log illegal RDATA combinations. e.g. multiple
570. [bug] rbtdb.c allowed zones containing nodes which had
568. [func] Add sample simple database drivers in contrib/sdb.
of rdata type/class mnemonics in log messages.
516. [bug] Cache lookups which had a NULL node pointer, e.g.
DNAME, would trigger an INSIST(!search.need_cleanup)
490. [func] When a slave/stub zone has not yet successfully
from the named.conf "listen-on" statement, sockets
477. [bug] The the isc-config.sh script could be installed before
471. [bug] nsupdate didn't compile on HP/UX 10.20
and subsequent name servers in resolv.conf if the
457. [bug] Dig/host/hslookup didn't properly handle connect
documented as such in named.conf. [RT #304, RT #311]
is specified in named.conf. [RT #306]
is specified in named.conf. [RT #301]
432. [func] Added refresh/retry jitter. The actual refresh/
428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
(e.g. glue). This could cause SERVFAILs when
e.g. due to corrupt zones with multiple SOA records.
an argc/argv style vector of words and sets
view/global one for CNAME targets and additional
369. [func] Support new named.conf options, view and zone
the distribution, in doc/man/dnssec.
353. [bug] double increment in lwres/gethost.c:copytobuf().
348. [func] New boolean named.conf options 'additional-from-auth'
345. [bug] Large-scale changes/cleanups to dig:
341. [func] Support 'key' clause in named.conf zone masters
327. [bug] rndc.conf parser wasn't correctly recognizing an IP
320. [func] Multiple rndc changes: parses an rndc.conf file,
319. [func] The named.conf "controls" statement is now used
314. [func] The named.conf controls statement can now have
313. [bug] When parsing resolv.conf, don't terminate on an
resolv.conf search path from 6 to 8. If there
resolv.conf was empty or a comment.
310. [func] Changes to named.conf "controls" statement (inet
are listed in resolv.conf, silently ignore them
each library's ipv6.h defines the wrapper symbol of
any $sbindir/dig from a previous release.)
that lack /dev/random.
280. [func] Add isc-config.sh, which can be used to more
two or more files in libomapi.a were not namespace
278. [bug] bin/named/logconf.c:category_fromconf() didn't take
266. [bug] zone.c:save_nsrrset() node was not initialized.
262. [bug] 'master' was not initialized in zone.c:stub_callback().
for global options block of named.conf. Both accept
258. [bug] Fixed printing of lwres_addr_t.address field.
256. [func] isc_ratelimiter_t now has attach/detach semantics, and
253. [func] resolv.conf parser now recognizes ';' and '#' as
252. [bug] resolv.conf parser mishandled masks on sortlists.
244. [bug] empty named.conf file and empty options statement are
243. [func] new cachesize option for named.conf
+ missing sigwait prototype on BSD/OS 4.0/4.0.1.
BSD/OS 4.*, Linux and Solaris 2.8.
230. [func] Replace the dst sign/verify API with a cleaner one.
from confparser.c, because of yacc's code, are
212. [func] Added dns_message_get/settsigkey, to make TSIG
compiling in the lib/dns/sec/{dnssafe,openssl}
204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
run on a PA 1.x system."
201. [cleanup] Removed the test/sdig program, it has been
replaced by bin/dig/dig.
(e.g., running out of network buffers) were
and/or interfaces. [19-May-2000 explorer]
191. [func] Patched to compile on UnixWare 7.x. This platform
range for overflow/underflow. In the case of
184. [cleanup] Variables/functions which began with two leading
underscores were made to conform to the ANSI/ISO
179. [func] options named.conf statement *must* now come
178. [func] Post-load of named.conf check verifies a slave zone
168. [bug] include statements in named.conf caused syntax errors
162. [bug] Ensure proper range for arguments to ctype.h functions.
masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
util/check-includes for how this was tested.
145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
<isc/result.h>.
of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
need <isc/eventclass.h>.
instead of <isc/time.h>.
128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
and creates null keys/sets zone status bit for
<isc/result.h>.
<isc/result.h>. Multiple inclusion protection
isc_symtab_t moved to <isc/types.h>.
<isc/net.h>.
118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
117. [cleanup] libdns.a changes:
116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
<isc/list.h>.
<isc/mutex.h>.
<isc/list.h>.
bin/tests/{db,mem,sockaddr,tasks,timers}/.
108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
105. [doc] doc/dev/coding.html expanded with other
103. [func] libisc buffer API changes for <isc/buffer.h>:
on BSD/OS 4.1.
101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
<isc/event.h>.
or <isc/result.h>.
<isc/result.h>.
90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
from <named/listenlist.h>.
<isc/mem.h>. isc_interface_t and isc_interfaceiter_t
moved to <isc/types.h>.
86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
<isc/types.h>.
<isc/int.h>.
<isc/lang.h>.
subsumed by file.o.
OpenSSL libraries/headers.
from <dns/types.h>.
59. [bug] Cause net/host unreachable to be a hard error
58. [bug] bin/named/query.c could sometimes trigger the
(client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
<sys/param.h>.
logging module "dns/validator".
and isc_lex_t to <isc/types.h>.
31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
25. [bug] make install failed to install <isc/log.h> and
configure.in to check for presence of in6addr_any.
9. [cleanup] replaced bit-setting code in confctx.c and replaced
4. [port] bin/named/unix/os.c didn't compile on systems with
get only what we need from <linux/capability.h>, and
systems without /dev/random.
lib/isc/unix/include/isc/Makefile.in had a typo which