CHANGES revision e02c1d738bd326beceabbe4a04692ea0282225ed
11e9368a226272085c337e9e74b79808c16fbdbaTinderbox User --- 9.8.0b1 released ---
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein3008. [func] Response policy zones (RPZ) support. [RT #21726]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein3007. [bug] Named failed to preserve the case of domain names in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein rdata which is not compressible when writing master
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein files. [RT #22863]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein3006. [func] Allow dynamically generated TSIG keys to be preserved
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein across restarts of named. Initially this is for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein TSIG keys generated using GSSAPI. [RT #22639]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein3005. [port] Solaris: Work around the lack of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein gsskrb5_register_acceptor_identity() by setting
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the KRB5_KTNAME environment variable to the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein contents of tkey-gssapi-keytab. Also fixed
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein test errors on MacOSX. [RT #22853]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein3004. [func] DNS64 reverse support. [RT #22769]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt3003. [experimental] Added update-policy match type "external",
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein enabling named to defer the decision of whether to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein allow a dynamic update to an external daemon.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (Contributed by Andrew Tridgell.) [RT #22758]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein3002. [bug] isc_mutex_init_errcheck() failed to destroy attr.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein3001. [func] Added a default trust anchor for the root zone, which
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein can be switched on by setting "dnssec-validation auto;"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein in the named.conf options. [RT #21727]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein3000. [bug] More TKEY/GSS fixes:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - nsupdate can now get the default realm from
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the user's Kerberos principal
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - corrected gsstest compilation flags
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - improved documentation
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - fixed some NULL dereferences
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2999. [func] Add GOST support (RFC 5933). [RT #20639]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2998. [func] Add isc_task_beginexclusive and isc_task_endexclusive
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to the task api. [RT #22776]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2997. [func] named -V now reports the OpenSSL and libxml2 verions
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt it was compiled against. [RT #22687]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2996. [security] Temporarily disable SO_ACCEPTFILTER support.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2995. [bug] The Kerberos realm was not being correctly extracted
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein from the signer's identity. [RT #22770]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2994. [port] NetBSD: use pthreads by default on NetBSD >= 5.0, and
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User do not use threads on earlier versions. Also kill
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User the unproven-pthreads, mit-pthreads, and ptl2 support.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2993. [func] Dynamically grow adb hash tables. [RT #21186]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2992. [contrib] contrib/check-secure-delegation.pl: A simple tool
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt for looking at a secure delegation. [RT #22059]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User dynamic zones. [RT #22365]
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater2990. [bug] 'dnssec-settime -S' no longer tests prepublication
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt interval validity when the interval is set to 0.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2989. [func] Added support for writable DLZ zones. (Contributed
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User by Andrew Tridgell of the Samba project.) [RT #22629]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User of external DLZ drivers that can be loaded as
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User shared objects at runtime rather than linked with
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User named. Currently this is switched on via a
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User compile-time option, "configure --with-dlz-dlopen".
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Note: the syntax for configuring DLZ zones
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User is likely to be refined in future releases.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User (Contributed by Andrew Tridgell of the Samba
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User project.) [RT #22629]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2987. [func] Improve ease of configuring TKEY/GSS updates by
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater adding a "tkey-gssapi-keytab" option. If set,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User updates will be allowed with any key matching
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User a principal in the specified keytab file.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User "tkey-gssapi-credential" is no longer required
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt and is expected to be deprecated. (Contributed
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User by Andrew Tridgell of the Samba project.)
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2986. [func] Add new zone type "static-stub". It's like a stub
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User zone, but the nameserver names and/or their IP
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User addresses are statically configured. [RT #21474]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2985. [bug] Add a regression test for change #2896. [RT #21324]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2984. [bug] Don't run MX checks when the target of the MX record
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater is ".". [RT #22645]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2983. [bug] Include "loadkeys" in rndc help output. [RT #22493]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt --- 9.8.0a1 released ---
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2982. [bug] Reference count dst keys. dst_key_attach() can be used
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User increment the reference count.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User Note: dns_tsigkey_createfromkey() callers should now
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User always call dst_key_free() rather than setting it
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User to NULL on success. [RT #22672]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2980. [bug] named didn't properly handle UPDATES that changed the
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User TTL of the NSEC3PARAM RRset. [RT #22363]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2979. [bug] named could deadlock during shutdown if two
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "rndc stop" commands were issued at the same
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein time. [RT #22108]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2978. [port] hpux: look for <devpoll.h> [RT #21919]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2977. [bug] 'nsupdate -l' report if the session key is missing.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2976. [bug] named could die on exit after negotiating a GSS-TSIG
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt key. [RT #22573]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() aquired the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein wrong lock which could lead to server deadlock.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2974. [bug] Some vaild UPDATE requests could fail due to a
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt consistency check examining the existing version
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt of the zone rather than the new version resulting
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt from the UPDATE. [RT #22413]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2973. [bug] bind.keys.h was being removed by the "make clean"
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User at the end of configure resulting in build failures
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews where there is very old version of perl installed.
dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User Move it to "make maintainer-clean". [RT #22230]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2972. [bug] win32: address windows socket errors. [RT #21906]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2971. [bug] Fixed a bug that caused journal files not to be
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews compacted on Windows systems as a result of
dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User non-POSIX-compliant rename() semantics. [RT #22434]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2970. [security] Adding a NO DATA negative cache entry failed to clear
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User any matching RRSIG records. A subsequent lookup of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of NO DATA cache entry could trigger a INSIST when the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein unexpected RRSIG was also returned with the NO DATA
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein CVE-2010-3613, VU#706148. [RT #22288]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2969. [security] Fix acl type processing so that allow-query works
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein in options and view statements. Also add a new
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User set of tests to verify proper functioning.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt CVE-2010-3615, VU#510208. [RT #22418]
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater2968. [security] Named could fail to prove a data set was insecure
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User before marking it as insecure. One set of conditions
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt that can trigger this occurs naturally when rolling
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updater DNSKEY algorithms.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt CVE-2010-3614, VU#837744. [RT #22309]
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater2967. [bug] 'host -D' now turns on debugging messages earlier.
66f25f2ceeb589e67efe7af2413baaa3426b0042Automatic Updater2966. [bug] isc_print_vsnprintf() failed to check if there was
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt space available in the buffer when adding a left
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt justified character with a non zero width,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt (e.g. "%-1c"). [RT #22270]
66f25f2ceeb589e67efe7af2413baaa3426b0042Automatic Updater2965. [func] Test HMAC functions using test data from RFC 2104 and
66f25f2ceeb589e67efe7af2413baaa3426b0042Automatic Updater RFC 4634. [RT #21702]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2964. [placeholder]
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater2963. [security] The allow-query acl was being applied instead of the
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater allow-query-cache acl to cache lookups. [RT #22114]
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater2962. [port] win32: add more dependencies to BINDBuild.dsw.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2961. [bug] Be still more selective about the non-authoritative
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein answers we apply change 2748 to. [RT #22074]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2960. [func] Check that named accepts non-authoritative answers.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2959. [func] Check that named starts with a missing masterfile.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2958. [bug] named failed to start with a missing master file.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2957. [bug] entropy_get() and entropy_getpseudo() failed to match
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the API for RAND_bytes() and RAND_pseudo_bytes()
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein respectively. [RT #21962]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2956. [port] Enable atomic operations on the PowerPC64. [RT #21899]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2955. [func] Provide more detail in the recursing log. [RT #22043]
3a5fe5abf08f16b8d31ab8ee9a788063110ef000Automatic Updater2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
3a5fe5abf08f16b8d31ab8ee9a788063110ef000Automatic Updater build_sqldbinstance failure. [RT #21623]
3a5fe5abf08f16b8d31ab8ee9a788063110ef000Automatic Updater2953. [bug] Silence spurious "expected covering NSEC3, got an
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein exact match" message when returning a wildcard
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User no data response. [RT #21744]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2952. [port] win32: named-checkzone and named-checkconf failed
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to initialise winsock. [RT #21932]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2951. [bug] named failed to generate a correct signed response
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User in a optout, delegation only zone with no secure
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein delegations. [RT #22007]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2950. [bug] named failed to perform a SOA up to date check when
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein falling back to TCP on UDP timeouts when
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User ixfr-from-differences was set. [RT #21595]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2949. [bug] dns_view_setnewzones() contained a memory leak if
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews it was called multiple times. [RT #21942]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2948. [port] MacOS: provide a mechanism to configure the test
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein interfaces at reboot. See bin/tests/system/README
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User2947. [placeholder]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2946. [doc] Document the default values for the minimum and maximum
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User zone refresh and retry values in the ARM. [RT #21886]
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User2945. [doc] Update empty-zones list in ARM. [RT #21772]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2944. [maint] Remove ORCHID prefix from built in empty zones.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2943. [func] Add support to load new keys into managed zones
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User without signing immediately with "rndc loadkeys".
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User Add support to link keys with "dnssec-keygen -S"
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User and "dnssec-settime -S". [RT #21351]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2942. [contrib] zone2sqlite failed to setup the entropy sources.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2941. [bug] sdb and sdlz (dlz's zone database) failed to support
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User DNAME at the zone apex. [RT #21610]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2940. [port] Remove connection aborted error message on
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Windows. [RT #21549]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2939. [func] Check that named successfully skips NSEC3 records
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein that fail to match the NSEC3PARAM record currently
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt in use. [RT# 21868]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2938. [bug] When generating signed responses, from a signed zone
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews that uses NSEC3, named would use a uninitialised
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein pointer if it needed to skip a NSEC3 record because
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein it didn't match the selected NSEC3PARAM record for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein zone. [RT# 21868]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2937. [bug] Worked around an apparent race condition in over
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein memory conditions. Without this fix a DNS cache DB or
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt ADB could incorrectly stay in an over memory state,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein effectively refusing further caching, which
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein subsequently made a BIND 9 caching server unworkable.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User This fix prevents this problem from happening by
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews polling the state of the memory context, rather than
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein making a copy of the state, which appeared to cause
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a race. This is a "workaround" in that it doesn't
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt solve the possible race per se, but several experiments
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt proved this change solves the symptom. Also, the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein polling overhead hasn't been reported to be an issue.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User This bug should only affect a caching server that
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User specifies a finite max-cache-size. It's also quite
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein likely that the bug happens only when enabling threads,
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User but it's not confirmed yet. [RT #21818]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2936. [func] Improved configuration syntax and multiple-view
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews support for addzone/delzone feature (see change
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews #2930). Removed "new-zone-file" option, replaced
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews with "allow-new-zones (yes|no)". The new-zone-file
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein for each view is now created automatically, with
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User a filename generated from a hash of the view name.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein It is no longer necessary to "include" the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein new-zone-file in named.conf; this happens
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein automatically. Zones that were not added via
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "rndc addzone" can no longer be removed with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "rndc delzone". [RT #19447]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2935. [bug] nsupdate: improve 'file not found' error message.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2933. [bug] 'dig +nsid' used stack memory after it went out of
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User scope. This could potentially result in a unknown,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein potentially malformed, EDNS option being sent instead
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of the desired NSID option. [RT #21781]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2932. [cleanup] Corrected a numbering error in the "dnssec" test.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2931. [bug] Temporarily and partially disable change 2864
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews because it would cause infinite attempts of RRSIG
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User queries. This is an urgent care fix; we'll
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User revisit the issue and complete the fix later.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2930. [experimental] New "rndc addzone" and "rndc delzone" commads
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User allow dynamic addition and deletion of zones.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User To enable this feature, specify a "new-zone-file"
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User option at the view or options level in named.conf.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User Zone configuration information for the new zones
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User will be written into that file. To make the new
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User zones persist after a restart, "include" the file
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User into named.conf in the appropriate view. (Note:
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User This feature is not yet documented, and its syntax
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User is expected to change.) [RT #19447]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2929. [bug] Improved handling of GSS security contexts:
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - added LRU expiration for generated TSIGs
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User - added the ability to use a non-default realm
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User - added new "realm" keyword in nsupdate
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User - limited lifetime of generated keys to 1 hour
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User or the lifetime of the context (whichever is
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2928. [bug] Be more selective about the non-authoritative
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User answer we apply change 2748 to. [RT #21594]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2927. [placeholder]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2926. [placeholder]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2925. [bug] Named failed to accept uncachable negative responses
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User from insecure zones. [RT# 21555]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2924. [func] 'rndc secroots' dump a combined summary of the
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User current managed keys combined with trusted keys.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2923. [bug] 'dig +trace' could drop core after "connection
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User timeout". [RT #21514]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2922. [contrib] Update zkt to version 1.0.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2921. [bug] The resolver could attempt to destroy a fetch context
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User too soon. [RT #19878]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User to IPv4 clients. New acl 'filter-aaaa' (default any).
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2917. [func] Virtual time test framework. [RT #20801]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2916. [func] Add framework to use IPv6 in tests.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2915. [cleanup] Be smarter about which objects we attempt to compile
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User based on configure options. [RT #21444]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2914. [bug] Make the "autosign" system test more portable.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2913. [func] Add pkcs#11 system tests. [RT #20784]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2912. [func] Windows clients don't like UPDATE responses that clear
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User the zone section. [RT #20986]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2911. [bug] dnssec-signzone didn't handle out of zone records well.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2910. [func] Sanity check Kerberos credentials. [RT #20986]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2909. [bug] named-checkconf -p could die if "update-policy local;"
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User was specified in named.conf. [RT #21416]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2908. [bug] It was possible for re-signing to stop after removing
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User a DNSKEY. [RT #21384]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2907. [bug] The export version of libdns had undefined references.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2906. [bug] Address RFC 5011 implementation issues. [RT #20903]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2905. [port] aix: set use_atomic=yes with native compiler.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2904. [bug] When using DLV, sub-zones of the zones in the DLV,
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User could be incorrectly marked as insecure instead of
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User secure leading to negative proofs failing. This was
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User a unintended outcome from change 2890. [RT# 21392]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2903. [bug] managed-keys-directory missing from namedconf.c.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2902. [func] Add regression test for change 2897. [RT #21040]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2900. [bug] The placeholder negative caching element was not
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User properly constructed triggering a INSIST in
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User dns_ncache_towire(). [RT #21346]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2899. [port] win32: Support linking against OpenSSL 1.0.0.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2898. [bug] nslookup leaked memory when -domain=value was
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User specified. [RT #21301]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2897. [bug] NSEC3 chains could be left behind when transitioning
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User to insecure. [RT #21040]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2896. [bug] "rndc sign" failed to properly update the zone
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User when adding a DNSKEY for publication only. [RT #21045]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2895. [func] genrandom: add support for the generation of multiple
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User files. [RT #20917]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
c71787bd6356c92e9c7d0a174cd63ab17fcf34c6Eric Luce2893. [bug] Improve managed keys support. New named.conf option
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein managed-keys-directory. [RT #20924]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2892. [bug] Handle REVOKED keys better. [RT #20961]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2891. [maint] Update empty-zones list to match
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater2890. [bug] Handle the introduction of new trusted-keys and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews DS, DLV RRsets better. [RT #21097]
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater2889. [bug] Elements of the grammar where not properly reported.
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater2888. [bug] Only the first EDNS option was displayed. [RT #21273]
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater2887. [bug] Report the keytag times in UTC in the .key file,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce local time is presented as a comment within the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce comment. [RT #21223]
c71787bd6356c92e9c7d0a174cd63ab17fcf34c6Eric Luce2886. [bug] ctime() is not thread safe. [RT #21223]
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater2885. [bug] Improve -fno-strict-aliasing support probing in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce configure. [RT #21080]
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater2884. [bug] Insufficient validation in dns_name_getlabelsequence().
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2883. [bug] 'dig +short' failed to handle really large datasets.
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater2882. [bug] Remove memory context from list of active contexts
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater before clearing 'magic'. [RT #21274]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2881. [bug] Reduce the amount of time the rbtdb write lock
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce is held when closing a version. [RT #21198]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce consistent. [RT #21078]
c71787bd6356c92e9c7d0a174cd63ab17fcf34c6Eric Luce2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2878. [func] Incrementally write the master file after performing
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce a AXFR. [RT #21010]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2877. [bug] The validator failed to skip obviously mismatching
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce RRSIGs. [RT #21138]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2876. [bug] Named could return SERVFAIL for negative responses
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce from unsigned zones. [RT #21131]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2875. [bug] dns_time64_fromtext() could accept non digits.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2874. [bug] Cache lack of EDNS support only after the server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce successfully responds to the query using plain DNS.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2873. [bug] Cancelling a dynamic update via the dns/client module
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User could trigger an assertion failure. [RT #21133]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2872. [bug] Modify dns/client.c:dns_client_createx() to only
c71787bd6356c92e9c7d0a174cd63ab17fcf34c6Eric Luce require one of IPv4 or IPv6 rather than both.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2871. [bug] Type mismatch in mem_api.c between the definition and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce the header file, causing build failure with
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce --enable-exportlib. [RT #21138]
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater2868. [cleanup] Run "make clean" at the end of configure to ensure
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater any changes made by configure are integrated.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Use --with-make-clean=no to disable. [RT #20994]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
c71787bd6356c92e9c7d0a174cd63ab17fcf34c6Eric Luce don't like it. [RT #20986]
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater2866. [bug] Windows does not like the TSIG name being compressed.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2865. [bug] memset to zero event.data. [RT #20986]
c71787bd6356c92e9c7d0a174cd63ab17fcf34c6Eric Luce2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2862. [bug] nsupdate didn't default to the parent zone when
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein updating DS records. [RT #20896]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2861. [doc] dnssec-settime man pages didn't correctly document the
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User inactivation time. [RT #21039]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2860. [bug] named-checkconf's usage was out of date. [RT #21039]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2859. [bug] When cancelling validation it was possible to leak
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce memory. [RT #20800]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2858. [bug] RTT estimates were not being adjusted on ICMP errors.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2857. [bug] named-checkconf did not fail on a bad trusted key.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2856. [bug] The size of a memory allocation was not always properly
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User recorded. [RT #20927]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2855. [func] nsupdate will now preserve the entered case of domain
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User names in update requests it sends. [RT #20928]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2854. [func] dig: allow the final soa record in a axfr response to
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User be suppressed, dig +onesoa. [RT #20929]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2851. [doc] nslookup.1, removed <informalexample> from the docbook
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User source as it produced bad nroff. [RT #21007]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2850. [bug] If isc_heap_insert() failed due to memory shortage
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User the heap would have corrupted entries. [RT #20951]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2849. [bug] Don't treat errors from the xml2 library as fatal.
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2848. [doc] Moved README.dnssec, README.libdns, README.pkcs11 and
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User README.rfc5011 into the ARM. [RT #20899]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2846. [bug] EOF on unix domain sockets was not being handled
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User correctly. [RT #20731]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2845. [bug] RFC 5011 client could crash on shutdown. [RT #20903]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2844. [doc] notify-delay default in ARM was wrong. It should have
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User been five (5) seconds.
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2843. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User creating key files if there is a chance that the new
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein key ID will collide with an existing one after
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User either of the keys has been revoked. (To override
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein this in the case of dnssec-keyfromlabel, use the -y
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User option. dnssec-keygen will simply create a
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User different, non-colliding key, so an override is
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User not necessary.) [RT #20838]
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User2842. [func] Added "smartsign" and improved "autosign" and
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User "dnssec" regression tests. [RT #20865]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2841. [bug] Change 2836 was not complete. [RT #20883]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2840. [bug] Temporary fixed pkcs11-destroy usage check.
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2839. [bug] A KSK revoked by named could not be deleted.
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2838. [placeholder]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2837. [port] Prevent Linux spurious warnings about fwrite().
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2836. [bug] Keys that were scheduled to become active could
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User be delayed. [RT #20874]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2835. [bug] Key inactivity dates were inadvertently stored in
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User the private key file with the outdated tag
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User "Unpublish" rather than "Inactive". This has been
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User fixed; however, any existing keys that had Inactive
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User dates set will now need to have them reset, using
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User 'dnssec-settime -I'. [RT #20868]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2834. [bug] HMAC-SHA* keys that were longer than the algorithm
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User digest length were used incorrectly, leading to
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User interoperability problems with other DNS
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein implementations. This has been corrected.
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User (Note: If an oversize key is in use, and
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User compatibility is needed with an older release of
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User BIND, the new tool "isc-hmac-fixup" can convert
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User the key secret to a form that will work with all
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User versions.) [RT #20751]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime.
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User to avoid redefinition in some OSs [RT 20831]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2831. [security] Do not attempt to validate or cache
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User out-of-bailiwick data returned with a secure
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User answer; it must be re-fetched from its original
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User source and validated in that context. [RT #20819]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2830. [bug] Changing the OPTOUT setting could take multiple
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User passes. [RT #20813]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2829. [bug] Fixed potential node inconsistency in rbtdb.c.
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2828. [security] Cached CNAME or DNAME RR could be returned to clients
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User without DNSSEC validation. [RT #20737]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2826. [bug] NSEC3->NSEC transitions could fail due to a lock not
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User being released. [RT #20740]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User was in the process of being created was not properly
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User recorded in the zone. [RT #20786]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2824. [bug] "rndc sign" was not being run by the correct task.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2822. [bug] rbtdb.c:loadnode() could return the wrong result.
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2821. [doc] Add note that named-checkconf doesn't automatically
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2820. [func] Handle read access failure of OpenSSL configuration
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User file more user friendly (PKCS#11 engine patch).
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define.
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2818. [cleanup] rndc could return an incorrect error code
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User when a zone was not found. [RT #20767]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2816. [bug] previous_closest_nsec() could fail to return
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User data for NSEC3 nodes [RT #29730]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2815. [bug] Exclusively lock the task when freezing a zone.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2814. [func] Provide a definitive error message when a master
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein zone is not loaded. [RT #20757]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2813. [bug] Better handling of unreadable DNSSEC key files.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2812. [bug] Make sure updates can't result in a zone with
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User NSEC-only keys and NSEC3 records. [RT 20748]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2811. [cleanup] Add "rndc sign" to list of commands in rndc usage
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User output. [RT #20733]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2810. [doc] Clarified the process of transitioning an NSEC3 zone
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User to insecure. [RT #20746]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2809. [cleanup] Restored accidentally-deleted text in usage output
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User in dnssec-settime and dnssec-revoke [RT #20739]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2808. [bug] Remove the attempt to install atomic.h from lib/isc.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User atomic.h is correctly installed by the architecture
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User specific subdirectories. [RT #20722]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2807. [bug] Fixed a possible ASSERT when reconfiguring zone
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User keys. [RT #20720]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User --- 9.7.0rc1 released ---
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2806. [bug] "rdnc sign" could delay re-signing the DNSKEY
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User when it had changed. [RT #20703]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2805. [bug] Fixed namespace problems encountered when building
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User external programs using non-exported BIND9 libraries
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User (i.e., built without --enable-exportlib). [RT #20679]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2804. [bug] Send notifies when a zone is signed with "rndc sign"
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User or as a result of a scheduled key change. [RT #20700]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2803. [port] win32: Install named-journalprint, nsec3hash, arpaname
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User and genrandom under windows. [RT #20670]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2802. [cleanup] Rename journalprint to named-journalprint. [RT #20670]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2801. [func] Detect and report records that are different according
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User to DNSSEC but are semantically equal according to plain
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt DNS. Apply plain DNS comparisons rather than DNSSEC
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt comparisons when processing UPDATE requests.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dnssec-signzone now removes such semantically duplicate
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User records prior to signing the RRset.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein named-checkzone -r {ignore|warn|fail} (default warn)
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User named-compilezone -r {ignore|warn|fail} (default warn)
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User named.conf: check-dup-records {ignore|warn|fail};
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2800. [func] Reject zones which have NS records which refer to
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User CNAMEs, DNAMEs or don't have address record (class IN
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User only). Reject UPDATEs which would cause the zone
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User to fail the above checks if committed. [RT #20678]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2799. [cleanup] Changed the "secure-to-insecure" option to
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User "dnssec-secure-to-insecure", and "dnskey-ksk-only"
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2798. [bug] Addressed bugs in managed-keys initialization
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User and rollover. [RT #20683]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2797. [bug] Don't decrement the dispatch manager's maxbuffers.
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2796. [bug] Missing dns_rdataset_disassociate() call in
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User dns_nsec3_delnsec3sx(). [RT #20681]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2795. [cleanup] Add text to differentiate "update with no effect"
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User log messages. [RT #18889]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2794. [bug] Install <isc/namespace.h>. [RT #20677]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2793. [func] Add "autosign" and "metadata" tests to the
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User automatic tests. [RT #19946]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2792. [func] "filter-aaaa-on-v4" can now be set in view
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User options (if compiled in). [RT #20635]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2791. [bug] The installation of isc-config.sh was broken.
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2790. [bug] Handle DS queries to stub zones. [RT #20440]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2788. [bug] dnssec-signzone could sign with keys that were
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User not requested [RT #20625]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2787. [bug] Spurious log message when zone keys were
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User dynamically reconfigured. [RT #20659]
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User2786. [bug] Additional could be promoted to answer. [RT #20663]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User --- 9.7.0b3 released ---
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2785. [bug] Revoked keys could fail to self-sign [RT #20652]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2784. [bug] TC was not always being set when required glue was
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User dropped. [RT #20655]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User buffer size of 512 or less. [RT #20654]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2782. [port] win32: use getaddrinfo() for hostname lookups.
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2781. [bug] Inactive keys could be used for signing. [RT #20649]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2780. [bug] dnssec-keygen -A none didn't properly unset the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein activation date in all cases. [RT #20648]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2779. [bug] Dynamic key revocation could fail. [RT #20644]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2778. [bug] dnssec-signzone could fail when a key was revoked
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User without deleting the unrevoked version. [RT #20638]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2776. [bug] Change #2762 was not correct. [RT #20647]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2775. [bug] Accept RSASHA256 and RSASHA512 as NSEC3 compatible
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User in dnssec-keyfromlabel. [RT #20643]
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User2774. [bug] Existing cache DB wasn't being reused after
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User reconfiguration. [RT #20629]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2773. [bug] In autosigned zones, the SOA could be signed
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User with the KSK. [RT #20628]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2772. [security] When validating, track whether pending data was from
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User the additional section or not and only return it if
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews validates as secure. [RT #20438]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2771. [bug] dnssec-signzone: DNSKEY records could be
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User corrupted when importing from key files [RT #20624]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2770. [cleanup] Add log messages to resolver.c to indicate events
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein causing FORMERR responses. [RT #20526]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2769. [cleanup] Change #2742 was incomplete. [RT #19589]
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2767. [bug] named could crash on startup if a zone was
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User configured with auto-dnssec and there was no
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein key-directory. [RT #20615]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2766. [bug] isc_socket_fdwatchpoke() should only update the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein socketmgr state if the socket is not pending on a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein read or write. [RT #20603]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2765. [bug] Skip masters for which the TSIG key cannot be found.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2764. [bug] "rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2763. [bug] "rndc sign" didn't create an NSEC chain. [RT #20591]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2762. [bug] DLV validation failed with a local slave DLV zone.
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews2761. [cleanup] Enable internal symbol table for backtrace only for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein systems that are known to work. Currently, BSD
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein variants, Linux and Solaris are supported. [RT# 20202]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2759. [doc] Add information about .jbk/.jnw files to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the ARM. [RT #20303]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2758. [bug] win32: Added a workaround for a windows 2008 bug
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User that could cause the UDP client handler to shut
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein down. [RT #19176]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2757. [bug] dig: assertion failure could occur in connect
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt timeout. [RT #20599]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2755. [placeholder]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2754. [bug] Secure-to-insecure transitions failed when zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein was signed with NSEC3. [RT #20587]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2753. [bug] Removed an unnecessary warning that could appear when
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein building an NSEC chain. [RT #20589]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2752. [bug] Locking violation. [RT #20587]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2751. [bug] Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2750. [bug] dig: assertion failure could occur when a server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein didn't have an address. [RT #20579]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2749. [bug] ixfr-from-differences generated a non-minimal ixfr
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein for NSEC3 signed zones. [RT #20452]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2748. [func] Identify bad answers from GTLD servers and treat them
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein as referrals. [RT #18884]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2747. [bug] Journal roll forwards failed to set the re-signing
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews time of RRSIGs correctly. [RT #20541]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2746. [port] hpux: address signed/unsigned expansion mismatch of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2745. [bug] configure script didn't probe the return type of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein gai_strerror(3) correctly. [RT #20573]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2744. [func] Log if a query was over TCP. [RT #19961]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User for a insecure delegation.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein --- 9.7.0b2 released ---
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2742. [cleanup] Clarify some DNSSEC-related log messages in
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2741. [func] Allow the dnssec-keygen progress messages to be
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater suppressed (dnssec-keygen -q). Automatically
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User suppress the progress messages when stdin is not
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a tty. [RT #20474]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2740. [placeholder]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2739. [cleanup] Clean up API for initializing and clearing trust
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User anchors for a view. [RT #20211]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User test. [RT #20453]
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater2737. [func] UPDATE requests can leak existence information.
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater2736. [func] Improve the performance of NSEC signed zones with
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater more than a normal amount of glue below a delegation.
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater2735. [bug] dnssec-signzone could fail to read keys
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater that were specified on the command line with
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater full paths, but weren't in the current
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater directory. [RT #20421]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2734. [port] cygwin: arpaname did not compile. [RT #20473]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2733. [cleanup] Clean up coding style in pkcs11-* tools. [RT #20355]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2732. [func] Add optional filter-aaaa-on-v4 option, available
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if built with './configure --enable-filter-aaaa'.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Filters out AAAA answers to clients connecting
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein via IPv4. (This is NOT recommended for general
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein use.) [RT #20339]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2731. [func] Additional work on change 2709. The key parser
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein will now ignore unrecognized fields when the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein minor version number of the private key format
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein has been increased. It will reject any key with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the major version number increased. [RT #20310]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2730. [func] Have dnssec-keygen display a progress indication
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User a la 'openssl genrsa' on standard error. Note
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews when the first '.' is followed by a long stop
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein one has the choice between slow generation vs.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2729. [func] When constructing a CNAME from a DNAME use the DNAME
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User TTL. [RT #20451]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2728. [bug] dnssec-keygen, dnssec-keyfromlabel and
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User dnssec-signzone now warn immediately if asked to
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User write into a nonexistent directory. [RT #20278]
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews2727. [func] The 'key-directory' option can now specify a relative
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt path. [RT #20154]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2726. [func] Added support for SHA-2 DNSSEC algorithms,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RSASHA256 and RSASHA512. [RT #20023]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2725. [doc] Added information about the file "managed-keys.bind"
ebabe300b615154d08f5577822cfd8726d2643c8Automatic Updater to the ARM. [RT #20235]
ebabe300b615154d08f5577822cfd8726d2643c8Automatic Updater2724. [bug] Updates to a existing node in secure zone using NSEC
ebabe300b615154d08f5577822cfd8726d2643c8Automatic Updater were failing. [RT #20448]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2723. [bug] isc_base32_totext(), isc_base32hex_totext(), and
ebabe300b615154d08f5577822cfd8726d2643c8Automatic Updater isc_base64_totext(), didn't always mark regions of
ebabe300b615154d08f5577822cfd8726d2643c8Automatic Updater memory as fully consumed after conversion. [RT #20445]
ebabe300b615154d08f5577822cfd8726d2643c8Automatic Updater2722. [bug] Ensure that the memory associated with the name of
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt a node in a rbt tree is not altered during the life
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt of the node. [RT #20431]
ebabe300b615154d08f5577822cfd8726d2643c8Automatic Updater2721. [port] Have dst__entropy_status() prime the random number
ebabe300b615154d08f5577822cfd8726d2643c8Automatic Updater generator. [RT #20369]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2720. [bug] RFC 5011 trust anchor updates could trigger an
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt assert if the DNSKEY record was unsigned. [RT #20406]
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews2719. [func] Skip trusted/managed keys for unsupported algorithms.
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews2718. [bug] The space calculations in opensslrsa_todns() were
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews incorrect. [RT #20394]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2717. [bug] named failed to update the NSEC/NSEC3 record when
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater the last private type record was removed as a result
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater of completing the signing the zone with a key.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2716. [bug] nslookup debug mode didn't return the ttl. [RT #20414]
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews --- 9.7.0b1 released ---
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2715. [bug] Require OpenSSL support to be explicitly disabled.
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2713. [bug] powerpc: atomic operations missing asm("ics") /
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews __isync() calls.
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews2712. [func] New 'auto-dnssec' zone option allows zone signing
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews to be fully automated in zones configured for
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews dynamic DNS. 'auto-dnssec allow;' permits a zone
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt to be signed by creating keys for it in the
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater key-directory and using 'rndc sign <zone>'.
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews 'auto-dnssec maintain;' allows that too, plus it
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews also keeps the zone's DNSSEC keys up to date
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews according to their timing metadata. [RT #19943]
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews2711. [port] win32: Add the bin/pkcs11 tools into the full
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater build. [RT #20372]
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only'
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater zone option cause a zone to be signed with only KSKs
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater signing the DNSKEY RRset, not ZSKs. This reduces
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater the size of a DNSKEY answer. [RT #20340]
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater2709. [func] Added some data fields, currently unused, to the
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater private key file format, to allow implementation
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater of explicit key rollover in a future release
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater without impairing backward or forward compatibility.
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater2708. [func] Insecure to secure and NSEC3 parameter changes via
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater update are now fully supported and no longer require
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater defines to enable. We now no longer overload the
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater NSEC3PARAM flag field, nor the NSEC OPT bit at the
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater apex. Secure to insecure changes are controlled by
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater by the named.conf option 'secure-to-insecure'.
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater Warning: If you had previously enabled support by
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater adding defines at compile time to BIND 9.6 you should
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater ensure that all changes that are in progress have
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater completed prior to upgrading to BIND 9.7. BIND 9.7
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater is not backwards compatible.
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater2707. [func] dnssec-keyfromlabel no longer require engine name
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater to be specified in the label if there is a default
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater engine or the -E option has been used. Also, it
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater now uses default algorithms as dnssec-keygen does
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater (i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater2706. [bug] Loading a zone with a very large NSEC3 salt could
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater trigger an assert. [RT #20368]
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater2705. [placeholder]
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater2704. [bug] Serial of dynamic and stub zones could be inconsistent
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater with their SOA serial. [RT #19387]
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews2703. [func] Introduce an OpenSSL "engine" argument with -E
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews for all binaries which can take benefit of
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews crypto hardware. [RT #20230]
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews2701. [doc] Correction to ARM: hmac-md5 is no longer the only
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews supported TSIG key algorithm. [RT #18046]
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews2700. [doc] The match-mapped-addresses option is discouraged.
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews2699. [bug] Missing lock in rbtdb.c. [RT #20037]
dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User2698. [placeholder]
cbf7f1435f332b31f51a98611ccbfcd07c42c032Automatic Updater2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
cbf7f1435f332b31f51a98611ccbfcd07c42c032Automatic Updater S_IFREG are defined after including <isc/stat.h>.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2696. [bug] named failed to successfully process some valid
cbf7f1435f332b31f51a98611ccbfcd07c42c032Automatic Updater acl constructs. [RT #20308]
cbf7f1435f332b31f51a98611ccbfcd07c42c032Automatic Updater2695. [func] DHCP/DDNS - update fdwatch code for use by
cbf7f1435f332b31f51a98611ccbfcd07c42c032Automatic Updater DHCP. Modify the api to isc_sockfdwatch_t (the
5d564da348e890e42f63eebf2dced9a05b41f4fbTinderbox User callback funciton for isc_socket_fdwatchcreate)
cbf7f1435f332b31f51a98611ccbfcd07c42c032Automatic Updater to include information about the direction (read
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User or write) and add isc_socket_fdwatchpoke.
cbf7f1435f332b31f51a98611ccbfcd07c42c032Automatic Updater2694. [bug] Reduce default NSEC3 iterations from 100 to 10.
cbf7f1435f332b31f51a98611ccbfcd07c42c032Automatic Updater2693. [port] Add some noreturn attributes. [RT #20257]
cbf7f1435f332b31f51a98611ccbfcd07c42c032Automatic Updater2692. [port] win32: 32/64 bit cleanups. [RT #20335]
cbf7f1435f332b31f51a98611ccbfcd07c42c032Automatic Updater2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3
cbf7f1435f332b31f51a98611ccbfcd07c42c032Automatic Updater chain when re-signing a previously-signed zone.
cbf7f1435f332b31f51a98611ccbfcd07c42c032Automatic Updater Use -u to modify NSEC3 parameters or switch
cbf7f1435f332b31f51a98611ccbfcd07c42c032Automatic Updater between NSEC and NSEC3. [RT #20304]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2690. [bug] win32: fix isc_thread_key_getspecific() prototype.
cbf7f1435f332b31f51a98611ccbfcd07c42c032Automatic Updater2689. [bug] Correctly handle snprintf result. [RT #20306]
cbf7f1435f332b31f51a98611ccbfcd07c42c032Automatic Updater2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User to decide to fetch the destination address. [RT #20305]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2687. [bug] Fixed dnssec-signzone -S handling of revoked keys.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Also, added warnings when revoking a ZSK, as this is
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater not defined by protocol (but is legal). [RT #19943]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2686. [bug] dnssec-signzone should clean the old NSEC chain when
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater signing with NSEC3 and vice versa. [RT #20301]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2684. [cleanup] dig: formalize +ad and +cd as synonyms for
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User +adflag and +cdflag. [RT #19305]
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User2683. [bug] dnssec-signzone should clean out old NSEC3 chains when
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User the NSEC3 parameters used to sign the zone change.
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User2682. [bug] "configure --enable-symtable=all" failed to
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt build. [RT #20282]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User decoded. [RT #20269]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2680. [func] Move contrib/pkcs11-keygen to bin/pkcs11. [RT #20067]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2679. [func] dig -k can now accept TSIG keys in named.conf
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt format. [RT #20031]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2678. [func] Treat DS queries as if "minimal-response yes;"
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User was set. [RT #20258]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2677. [func] Changes to key metadata behavior:
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater - Keys without "publish" or "active" dates set will
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater no longer be used for smart signing. However,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User those dates will be set to "now" by default when
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User a key is created; to generate a key but not use
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User it yet, use dnssec-keygen -G.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - New "inactive" date (dnssec-keygen/settime -I)
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt sets the time when a key is no longer used for
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt signing but is still published.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - The "unpublished" date (-U) is deprecated in
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt favor of "deleted" (-D).
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2676. [bug] --with-export-installdir should have been
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User --with-export-includedir. [RT #20252]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2675. [bug] dnssec-signzone could crash if the key directory
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater did not exist. [RT #20232]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User --- 9.7.0a3 released ---
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2674. [bug] "dnssec-lookaside auto;" crashed if named was built
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater without openssl. [RT #20231]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2673. [bug] The managed-keys.bind zone file could fail to
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt load due to a spurious result from sync_keyzone()
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2672. [bug] Don't enable searching in 'host' when doing reverse
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt lookups. [RT #20218]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2671. [bug] Add support for PKCS#11 providers not returning
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User the public exponent in RSA private keys
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt (OpenCryptoki for instance) in
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater dnssec-keyfromlabel. [RT #19294]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2670. [bug] Unexpected connect failures failed to log enough
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User information to be useful. [RT #20205]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2669. [func] Update PKCS#11 support to support Keyper HSM.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Update PKCS#11 patch to be against openssl-0.9.8i.
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User2668. [func] Several improvements to dnssec-* tools, including:
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User - dnssec-keygen and dnssec-settime can now set key
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User metadata fields 0 (to unset a value, use "none")
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User - dnssec-revoke sets the revocation date in
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater addition to the revoke bit
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User - dnssec-settime can now print individual metadata
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User fields instead of always printing all of them,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt and can print them in unix epoch time format for
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater use by scripts
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2667. [func] Add support for logging stack backtrace on assertion
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater failure (not available for all platforms). [RT #19780]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2666. [func] Added an 'options' argument to dns_name_fromstring()
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater (API change from 9.7.0a2). [RT #20196]
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User2665. [func] Clarify syntax for managed-keys {} statement, add
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater ARM documentation about RFC 5011 support. [RT #19874]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2664. [bug] create_keydata() and minimal_update() in zone.c
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater didn't properly check return values for some
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater functions. [RT #19956]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2663. [func] win32: allow named to run as a service using
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater "NT AUTHORITY\LocalService" as the account. [RT #19977]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater returned a misleading error code when lwresd was
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User down. [RT #20028]
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User2661. [bug] Check whether socket fd exceeds FD_SETSIZE when
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt creating lwres context. [RT #20029]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2660. [func] Add a new set of DNS libraries for non-BIND9
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater applications. See README.libdns. [RT #19369]
ef8014e56f35bb36daa5fd2c313f5e7963e97aa1Tinderbox User2659. [doc] Clarify dnssec-keygen doc: key name must match zone
ef8014e56f35bb36daa5fd2c313f5e7963e97aa1Tinderbox User name for DNSSEC keys. [RT #19938]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2658. [bug] dnssec-settime and dnssec-revoke didn't process
ef8014e56f35bb36daa5fd2c313f5e7963e97aa1Tinderbox User key file paths correctly. [RT #20078]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2657. [cleanup] Lower "journal file <path> does not exist, creating it"
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater log level to debug 1. [RT #20058]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2656. [func] win32: add a "tools only" check box to the installer
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater which causes it to only install dig, host, nslookup,
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater nsupdate and relevant DLLs. [RT #19998]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2655. [doc] Document that key-directory does not affect
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater bind.keys, rndc.key or session.key. [RT #20155]
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User2654. [bug] Improve error reporting on duplicated names for
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt deny-answer-xxx. [RT #20164]
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User2653. [bug] Treat ENGINE_load_private_key() failures as key
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt not found rather than out of memory. [RT #18033]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2652. [func] Provide more detail about what record is being
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User deleted. [RT #20061]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2651. [bug] Dates could print incorrectly in K*.key files on
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater 64-bit systems. [RT #20076]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2650. [bug] Assertion failure in dnssec-signzone when trying
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater to read keyset-* files. [RT #20075]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2649. [bug] Set the domain for forward only zones. [RT #19944]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2647. [bug] Remove unnecessary SOA updates when a new KSK is
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater added. [RT #19913]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater which default to 64 bits. [RT #19927]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater --- 9.7.0a2 released ---
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2644. [bug] Change #2628 caused a regression on some systems;
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater named was unable to write the PID file and would
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater fail on startup. [RT #20001]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2643. [bug] Stub zones interacted badly with NSEC3 support.
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2642. [bug] nsupdate could dump core on solaris when reading
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User improperly formatted key files. [RT #20015]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2641. [bug] Fixed an error in parsing update-policy syntax,
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater added a regression test to check it. [RT #20007]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2640. [security] A specially crafted update packet will cause named
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater to exit. [RT #20000]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2639. [bug] Silence compiler warnings in gssapi code. [RT #19954]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2638. [bug] Install arpaname. [RT #19957]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2636. [func] Simplify zone signing and key maintenance with the
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User dnssec-* tools. Major changes:
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - all dnssec-* tools now take a -K option to
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User specify a directory in which key files will be
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - DNSSEC can now store metadata indicating when
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User they are scheduled to be published, activated,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt revoked or removed; these values can be set by
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater dnssec-keygen or overwritten by the new
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater dnssec-settime command
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater - dnssec-signzone -S (for "smart") option reads key
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User metadata and uses it to determine automatically
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater which keys to publish to the zone, use for
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User signing, revoke, or remove from the zone
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2634. [port] win32: Add support for libxml2, enable
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User statschannel. [RT #19773]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2633. [bug] Handle 15 bit rand() functions. [RT #19783]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2632. [func] util/kit.sh: warn if documentation appears to be out of
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User date. [RT #19922]
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User2631. [bug] Handle "//", "/./" and "/../" in mkdirpath().
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt [RT #19926 ]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2630. [func] Improved syntax for DDNS autoconfiguration: use
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater "update-policy local;" to switch on local DDNS in a
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater zone. (The "ddns-autoconf" option has been removed.)
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2629. [port] Check for seteuid()/setegid(), use setresuid()/
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater setresgid() if not present. [RT #19932]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2628. [port] linux: Allow /var/run/named/named.pid to be opened
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User at startup with reduced capabilities in operation.
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2627. [bug] Named aborted if the same key was included in
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater trusted-keys more than once. [RT #19918]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2626. [bug] Multiple trusted-keys could trigger an assertion
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User failure. [RT #19914]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2624. [func] 'named-checkconf -p' will print out the parsed
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater configuration. [RT #18871]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2623. [bug] Named started seaches for DS non-optimally. [RT #19915]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2621. [doc] Made copyright boilterplate consistent. [RT #19833]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2620. [bug] Delay thawing the zone until the reload of it has
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User completed successfully. [RT #19750]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2619. [func] Add support for RFC 5011, automatic trust anchor
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater maintenance. The new "managed-keys" statement can
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater be used in place of "trusted-keys" for zones which
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User support this protocol. (Note: this syntax is
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User expected to change prior to 9.7.0 final.) [RT #19248]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2618. [bug] The sdb and sdlz db_interator_seek() methods could
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User loop infinitely. [RT #19847]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2617. [bug] ifconfig.sh failed to emit an error message when
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater run from the wrong location. [RT #19375]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2616. [bug] 'host' used the nameservers from resolv.conf even
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User when a explicit nameserver was specified. [RT #19852]
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater2615. [bug] "__attribute__((unused))" was in the wrong place
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater for ia64 gcc builds. [RT #19854]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2614. [port] win32: 'named -v' should automatically be executed
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User in the foreground. [RT #19844]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2613. [placeholder]
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User --- 9.7.0a1 released ---
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User2612. [func] Add default values for the arguments to
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt dnssec-keygen. Without arguments, it will now
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater generate a 1024-bit RSASHA1 zone-signing key,
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater or with the -f KSK option, a 2048-bit RSASHA1
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater key-signing key. [RT #19300]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2611. [func] Add -l option to dnssec-dsfromkey to generate
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater DLV records instead of DS records. [RT #19300]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2610. [port] sunos: Change #2363 was not complete. [RT #19796]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2609. [func] Simplify the configuration of dynamic zones:
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater - add ddns-confgen command to generate
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater configuration text for named.conf
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - add zone option "ddns-autoconf yes;", which
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater causes named to generate a TSIG session key
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User and allow updates to the zone using that key
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - add '-l' (localhost) option to nsupdate, which
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User causes nsupdate to connect to a locally-running
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt named process using the session key generated
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2608. [func] Perform post signing verification checks in
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User dnssec-signzone. These can be disabled with -P.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User The post sign verification test ensures that for each
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User algorithm in use there is at least one non revoked
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater self signed KSK key. That all revoked KSK keys are
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater self signed. That all records in the zone are signed
6478b87fd23bcd3ab74c25b261021fe19a239c4fTinderbox User by the algorithm. [RT #19653]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2607. [bug] named could incorrectly delete NSEC3 records for
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater empty nodes when processing a update request.
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater2606. [bug] "delegation-only" was not being accepted in
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater delegation-only type zones. [RT #19717]
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater2605. [bug] Accept DS responses from delegation only zones.
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User2604. [func] Add support for DNS rebinding attack prevention through
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User new options, deny-answer-addresses and
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt deny-answer-aliases. Based on contributed code from
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater JD Nurmi, Google. [RT #18192]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2603. [port] win32: handle .exe extension of named-checkzone and
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater named-comilezone argv[0] names under windows.
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater2602. [port] win32: fix debugging command line build of libisccfg.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2601. [doc] Mention file creation mode mask in the
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User named manual page.
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater2600. [doc] ARM: miscellaneous reformatting for different
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User page widths. [RT #19574]
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater2599. [bug] Address rapid memory growth when validation fails.
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater2598. [func] Reserve the -F flag. [RT #19657]
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater2597. [bug] Handle a validation failure with a insecure delegation
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User from a NSEC3 signed master/slave zone. [RT #19464]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater long, leading to inefficient memory usage or rejecting
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater newer cache entries in the worst case. [RT #19563]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User2594. [func] Have rndc warn if using its default configuration
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt file when the key file also exists. [RT #19424]
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater2593. [bug] Improve a corner source of SERVFAILs [RT #19632]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater2591. [bug] named could die when processing a update in
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater removed_orphaned_ds(). [RT #19507]
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater2590. [func] Report zone/class of "update with no effect".
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2588. [bug] SO_REUSEADDR could be set unconditionally after failure
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User of bind(2) call. This should be rare and mostly
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User harmless, but may cause interference with other
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User processes that happen to use the same port. [RT #19642]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2587. [func] Improve logging by reporting serial numbers for
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User when zone serial has gone backwards or unchanged.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User or SDB. [RT #19577]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2585. [bug] Uninitialized socket name could be referenced via a
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User statistics channel, triggering an assertion failure in
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User XML rendering. [RT #19427]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2584. [bug] alpha: gcc optimization could break atomic operations.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2583. [port] netbsd: provide a control to not add the compile
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User date to the version string, -DNO_VERSION_DATE.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2582. [bug] Don't emit warning log message when we attempt to
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User remove non-existent journal. [RT #19516]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User Requires MySQL 5.0.19 or later. [RT #19084]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2580. [bug] UpdateRej statistics counter could be incremented twice
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User for one rejection. [RT #19476]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2579. [bug] DNSSEC lookaside validation failed to handle unknown
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User algorithms. [RT #19479]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2578. [bug] Changed default sig-signing-type to 65534, because
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User 65535 turns out to be reserved. [RT #19477]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2577. [doc] Clarified some statistics counters. [RT #19454]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2576. [bug] NSEC record were not being correctly signed when
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User a zone transitions from insecure to secure.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User Handle such incorrectly signed zones. [RT #19114]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2575. [func] New functions dns_name_fromstring() and
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User dns_name_tostring(), to simplify conversion
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User of a string to a dns_name structure and vice
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User versa. [RT #19451]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2574. [doc] Document nsupdate -g and -o. [RT #19351]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2573. [bug] Replacing a non-CNAME record with a CNAME record in a
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User single transaction in a signed zone failed. [RT #19397]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2572. [func] Simplify DLV configuration, with a new option
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User "dnssec-lookaside auto;" This is the equivalent
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User of "dnssec-lookaside . trust-anchor dlv.isc.org;"
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User plus setting a trusted-key for dlv.isc.org.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Note: The trusted key is hard-coded into named,
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User but is also stored in (and can be overridden
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User by) $sysconfdir/bind.keys. As the ISC DLV key
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User rolls over it can be kept up to date by replacing
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User the bind.keys file with a key downloaded from
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User https://www.isc.org/solutions/dlv. [RT #18685]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2571. [func] Add a new tool "arpaname" which translates IP addresses
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User to the corresponding IN-ADDR.ARPA or IP6.ARPA name.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2570. [func] Log the destination address the query was sent to.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2569. [func] Move journalprint, nsec3hash, and genrandom
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User "make install" will put them in $sbindir. [RT #19301]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2568. [bug] Report when the write to indicate a otherwise
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User successful start fails. [RT #19360]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2567. [bug] dst__privstruct_writefile() could miss write errors.
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User write_public_key() could miss write errors.
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User dnssec-dsfromkey could miss write errors.
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2566. [cleanup] Clarify logged message when an insecure DNSSEC
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User response arrives from a zone thought to be secure:
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User "insecurity proof failed" instead of "not
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User insecure". [RT #19400]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2565. [func] Add support for HIP record. Includes new functions
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User dns_rdata_hip_first(), dns_rdata_hip_next()
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User and dns_rdata_hip_current(). [RT #19384]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2564. [bug] Only take EDNS fallback steps when processing timeouts.
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2563. [bug] Dig could leak a socket causing it to wait forever
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User to exit. [RT #19359]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2562. [doc] ARM: miscellaneous improvements, reorganization,
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User and some new content.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2559. [bug] dnssec-dsfromkey could compute bad DS records when
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User reading from a K* files. [RT #19357]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2558. [func] Set the ownership of missing directories created
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User for pid-file if -u has been specified on the command
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User line. [RT #19328]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2557. [cleanup] PCI compliance:
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User * new libisc log module file
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User * isc_dir_chroot() now also changes the working
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User directory to "/".
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User * additional INSISTs
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User * additional logging when files can't be removed.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User error checks in the correct order resulting in the
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User wrong error code sometimes being returned. [RT #19249]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2555. [func] dig: when emitting a hex dump also display the
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User corresponding characters. [RT #19258]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2554. [bug] Validation of uppercase queries from NSEC3 zones could
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User fail. [RT #19297]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2552. [bug] zero-no-soa-ttl-cache was not being honoured.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2551. [bug] Potential Reference leak on return. [RT #19341]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2549. [port] linux: define NR_OPEN if not currently defined.
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2548. [bug] Install iterated_hash.h. [RT #19335]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2547. [bug] openssl_link.c:mem_realloc() could reference an
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User out-of-range area of the source buffer. New public
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User function isc_mem_reallocate() was introduced to address
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User this bug. [RT #19313]
a24330c4805a224191ab687d0291963062fe3355Tinderbox User2546. [func] Add --enable-openssl-hash configure flag to use
6825f304c5f0cc2d4ba22fa2b6f7a431f9c1de59Tinderbox User OpenSSL (in place of internal routine) for hash
6825f304c5f0cc2d4ba22fa2b6f7a431f9c1de59Tinderbox User functions (MD5, SHA[12] and HMAC). [RT #18815]
6825f304c5f0cc2d4ba22fa2b6f7a431f9c1de59Tinderbox User2545. [doc] ARM: Legal hostname checking (check-names) is
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User for SRV RDATA too. [RT #19304]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
6825f304c5f0cc2d4ba22fa2b6f7a431f9c1de59Tinderbox User2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2542. [doc] Update the description of dig +adflag. [RT #19290]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2541. [bug] Conditionally update dispatch manager statistics.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2540. [func] Add a nibble mode to $GENERATE. [RT #18872]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2539. [security] Update the interaction between recursion, allow-query,
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User allow-query-cache and allow-recursion. [RT #19198]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2538. [bug] cache/ADB memory could grow over max-cache-size,
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User especially with threads and smaller max-cache-size
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User values. [RT #19240]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2537. [func] Added more statistics counters including those on socket
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User I/O events and query RTT histograms. [RT #18802]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2536. [cleanup] Silence some warnings when -Werror=format-security is
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User specified. [RT #19083]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2534. [func] Check NAPTR records regular expressions and
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User replacement strings to ensure they are syntactically
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User valid and consistant. [RT #18168]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2533. [doc] ARM: document @ (at-sign). [RT #17144]
dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User2532. [bug] dig: check the question section of the response to
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User see if it matches the asked question. [RT #18495]
dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User2531. [bug] Change #2207 was incomplete. [RT #19098]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2530. [bug] named failed to reject insecure to secure transitions
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User via UPDATE. [RT #19101]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2529. [cleanup] Upgrade libtool to silence complaints from recent
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User version of autoconf. [RT #18657]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2528. [cleanup] Silence spurious configure warning about
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User --datarootdir [RT #19096]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2527. [placeholder]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2526. [func] New named option "attach-cache" that allows multiple
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User views to share a single cache to save memory and
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User improve lookup efficiency. Based on contributed code
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User from Barclay Osborn, Google. [RT #18905]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2525. [func] New logging category "query-errors" to provide detailed
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User internal information about query failures, especially
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User about server failures. [RT #19027]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2523. [bug] Random type rdata freed by dns_nsec_typepresent().
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2521. [bug] Improve epoll cross compilation support. [RT #19047]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2520. [bug] Update xml statistics version number to 2.0 as change
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User #2388 made the schema incompatible to the previous
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User version. [RT #19080]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2519. [bug] dig/host with -4 or -6 didn't work if more than two
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User nameserver addresses of the excluded address family
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User preceded in resolv.conf. [RT #19081]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2518. [func] Add support for the new CERT types from RFC 4398.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2517. [bug] dig +trace with -4 or -6 failed when it chose a
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User nameserver address of the excluded address type.
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2516. [bug] glue sort for responses was performed even when not
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User needed. [RT #19039]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User a nameserver of the excluded address family.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2513. [bug] Fix windows cli build. [RT #19062]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2512. [func] Print a summary of the cached records which make up
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User the negative response. [RT #18885]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2509. [bug] Specifying a fixed query source port was broken.
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2508. [placeholder]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2507. [func] Log the recursion quota values when killing the
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User oldest query or refusing to recurse due to quota.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2506. [port] solaris: Check at configure time if
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User hack_shutup_pthreadonceinit is needed. [RT #19037]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2505. [port] Treat amd64 similarly to x86_64 when determining
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User atomic operation support. [RT #19031]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2504. [bug] Address race condition in the socket code. [RT #18899]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2503. [port] linux: improve compatibility with Linux Standard
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Base. [RT #18793]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2502. [cleanup] isc_radix: Improve compliance with coding style,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User document function in <isc/radix.h>. [RT #18534]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2501. [func] $GENERATE now supports all rdata types. Multi-field
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User rdata types need to be quoted. See the ARM for
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User details. [RT #18368]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User function. [RT #18582]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User --- 9.6.0rc1 released ---
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2498. [bug] Removed a bogus function argument used with
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User ISC_SOCKET_USE_POLLWATCH: it could cause compiler
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User warning or crash named with the debug 1 level
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User of logging. [RT #18917]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2497. [bug] Don't add RRSIG bit to NSEC3 bit map for insecure
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2496. [bug] Add sanity length checks to NSID option. [RT #18813]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2495. [bug] Tighten RRSIG checks. [RT #18795]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User installed. [RT #18826]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2493. [bug] The linux capabilities code was not correctly cleaning
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User up after itself. [RT #18767]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2492. [func] Rndc status now reports the number of cpus discovered
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User and the number of worker threads when running
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User multi-threaded. [RT #18273]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2491. [func] Attempt to re-use a local port if we are already using
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User the port. [RT #18548]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User is cleared when IPV6_V6ONLY is set. [RT #18785]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2489. [port] solaris: Workaround Solaris's kernel bug about
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Define ISC_SOCKET_USE_POLLWATCH at build time to enable
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User this workaround. [RT #18870]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2488. [func] Added a tool, dnssec-dsfromkey, to generate DS records
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User from keyset and .key files. [RT #18694]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2487. [bug] Give TCP connections longer to complete. [RT #18675]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2486. [func] The default locations for named.pid and lwresd.pid
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User This allows the owner of the containing directory
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User to be set, for "named -u" support, and allows there
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User to be a permanent symbolic link in the path, for
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User "named -t" support. [RT #18306]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2485. [bug] Change update's the handling of obscured RRSIG
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User records. Not all orphaned DS records were being
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User removed. [RT #18828]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2484. [bug] It was possible to trigger a REQUIRE failure when
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User adding NSEC3 proofs to the response in
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User query_addwildcardproof(). [RT #18828]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2483. [port] win32: chroot() is not supported. [RT #18805]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2482. [port] libxml2: support versions 2.7.* in addition
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User to 2.6.*. [RT #18806]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User --- 9.6.0b1 released ---
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User collisions. [RT #18812]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2480. [bug] named could fail to emit all the required NSEC3
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User records. [RT #18812]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2479. [bug] xfrout:covers was not properly initialized. [RT #18801]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2478. [bug] 'addresses' could be used uninitialized in
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User configure_forward(). [RT #18800]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2477. [bug] dig: the global option to print the command line is
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User +cmd not print_cmd. Update the output to reflect
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User this. [RT #17008]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2476. [doc] ARM: improve documentation for max-journal-size and
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User ixfr-from-differences. [RT #15909] [RT #18541]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2475. [bug] LRU cache cleanup under overmem condition could purge
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User particular entries more aggressively. [RT #17628]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2474. [bug] ACL structures could be allocated with insufficient
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User space, causing an array overrun. [RT #18765]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2473. [port] linux: raise the limit on open files to the possible
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User maximum value before spawning threads; 'files'
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User specified in named.conf doesn't seem to work with
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User threads as expected. [RT #18784]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2472. [port] linux: check the number of available cpu's before
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User calling chroot as it depends on "/proc". [RT #16923]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2471. [bug] named-checkzone was not reporting missing mandatory
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User glue when sibling checks were disabled. [RT #18768]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2470. [bug] Elements of the isc_radix_node_t could be incorrectly
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User overwritten. [RT# 18719]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2469. [port] solaris: Work around Solaris's select() limitations.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2468. [bug] Resolver could try unreachable servers multiple times.
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2465. [bug] Adb's handling of lame addresses was different
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt for IPv4 and IPv6. [RT #18738]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2464. [port] linux: check that a capability is present before
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User trying to set it. [RT #18135]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User API and glibc hides parts of the IPv6 Advanced Socket
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User API as a result. This is stupid as it breaks how the
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User two halves (Basic and Advanced) of the IPv6 Socket API
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User were designed to be used but we have to live with it.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User API. [RT #18388]
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User2462. [doc] Document -m (enable memory usage debugging)
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt option for dig. [RT #18757]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2461. [port] sunos: Change #2363 was not complete. [RT #17513]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt --- 9.6.0a1 released ---
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2460. [bug] Don't call dns_db_getnsec3parameters() on the cache.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2458. [doc] ARM: update and correction for max-cache-size.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2457. [tuning] max-cache-size is reverted to 0, the previous
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User default. It should be safe because expired cache
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User entries are also purged. [RT #18684]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User address, regardless of family. They now correctly
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User distinguish IPv4 from IPv6. [RT #18559]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2455. [bug] Stop metadata being transferred via axfr/ixfr.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2454. [func] nsupdate: you can now set a default ttl. [RT #18317]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2453. [bug] Remove NULL pointer dereference in dns_journal_print().
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2452. [func] Improve bin/test/journalprint. [RT #18316]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2451. [port] solaris: handle runtime linking better. [RT #18356]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2450. [doc] Fix lwresd docbook problem for manual page.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2449. [placeholder]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2448. [func] Add NSEC3 support. [RT #15452]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2447. [cleanup] libbind has been split out as a separate product.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2446. [func] Add a new log message about build options on startup.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User A new command-line option '-V' for named is also
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User provided to show this information. [RT# 18645]
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User2445. [doc] ARM out-of-date on empty reverse zones (list includes
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User RFC1918 address, but these are not yet compiled in).
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User (clear DF) for UDP responses and requests.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2443. [bug] win32: UDP connect() would not generate an event,
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User and so connected UDP sockets would never clean up.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Fix this by doing an immediate WSAConnect() rather
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User than an io completion port type for UDP.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2442. [bug] A lock could be destroyed twice. [RT# 18626]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2441. [bug] isc_radix_insert() could copy radix tree nodes
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User incompletely. [RT #18573]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2440. [bug] named-checkconf used an incorrect test to determine
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User if an ACL was set to none.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2438. [bug] Timeouts could be logged incorrectly under win32.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2437. [bug] Sockets could be closed too early, leading to
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User inconsistent states in the socket module. [RT #18298]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2435. [bug] Fixed an ACL memory leak affecting win32.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2434. [bug] Fixed a minor error-reporting bug in
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2433. [tuning] Set initial timeout to 800ms.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2432. [bug] More Windows socket handling improvements. Stop
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User using I/O events and use IO Completion Ports
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User throughout. Rewrite the receive path logic to make
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User it easier to support multiple simultaneous
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User requesters in the future. Add stricter consistency
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User checking as a compile-time option (define
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2431. [bug] Acl processing could leak memory. [RT #18323]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2430. [bug] win32: isc_interval_set() could round down to
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User zero if the input was less than NS_INTERVAL
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User nanoseconds. Round up instead. [RT #18549]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2429. [doc] nsupdate should be in section 1 of the man pages.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2428. [bug] dns_iptable_merge() mishandled merges of negative
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User tables. [RT #18409]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User was set. [RT #18528]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2426. [bug] libbind: inet_net_pton() can sometimes return the
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User wrong value if excessively large net masks are
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User supplied. [RT #18512]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2425. [bug] named didn't detect unavailable query source addresses
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User at load time. [RT #18536]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2424. [port] configure now probes for a working epoll
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User implementation. Allow the use of kqueue,
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User epoll and /dev/poll to be selected at compile
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User time. [RT #18277]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2423. [security] Randomize server selection on queries, so as to
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User make forgery a little more difficult. Instead of
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User always preferring the server with the lowest RTT,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User pick a server with RTT within the same 128
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User millisecond band. [RT #18441]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2422. [bug] Handle the special return value of a empty node as
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User if it was a NXRRSET in the validator. [RT #18447]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2421. [func] Add new command line option '-S' for named to specify
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User the max number of sockets. [RT #18493]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User Use caution: this option may not work for some
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User operating systems without rebuilding named.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2420. [bug] Windows socket handling cleanup. Let the io
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User completion event send out canceled read/write
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User done events, which keeps us from writing to memory
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User we no longer have ownership of. Add debugging
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User socket_log() function. Rework TCP socket handling
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User to not leak sockets.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User should not be used for isc_sockettype_fdwatch sockets.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2417. [bug] Connecting UDP sockets for outgoing queries could
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User unexpectedly fail with an 'address already in use'
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User error. [RT #18411]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2416. [func] Log file descriptors that cause exceeding the
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User internal maximum. [RT #18460]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2415. [bug] 'rndc dumpdb' could trigger various assertion failures
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User in rbtdb.c. [RT #18455]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2414. [bug] A masterdump context held the database lock too long,
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User causing various troubles such as dead lock and
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User recursive lock acquisition. [RT #18311, #18456]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2412. [bug] win32: address a resource leak. [RT #18374]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User at compilation time. [RT #18433]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Note: with changes #2469 and #2421 above, there is no
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2410. [bug] Correctly delete m_versionInfo. [RT #18432]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2409. [bug] Only log that we disabled EDNS processing if we were
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt subsequently successful. [RT #18029]
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User2408. [bug] A duplicate TCP dispatch event could be sent, which
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User could then trigger an assertion failure in
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User resquery_response(). [RT #18275]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2406. [placeholder]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2405. [cleanup] The default value for dnssec-validation was changed to
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User "yes" in 9.5.0-P1 and all subsequent releases; this
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User was inadvertently omitted from CHANGES at the time.
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2404. [port] hpux: files unlimited support.
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2403. [bug] TSIG context leak. [RT #18341]
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2402. [port] Support Solaris 2.11 and over. [RT #18362]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2401. [bug] Expect to get E[MN]FILE errno internal_accept()
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User (from accept() or fcntl() system calls). [RT #18358]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2399. [placeholder]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2398. [bug] Improve file descriptor management. New,
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User temporary, named.conf option reserved-sockets,
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User default 512. [RT #18344]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2397. [bug] gssapi_functions had too many elements. [RT #18355]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2396. [bug] Don't set SO_REUSEADDR for randomized ports.
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User2395. [port] Avoid warning and no effect from "files unlimited"
2f161339d28f61a05dd92bbe01ce754e32e35addTinderbox User on Linux when running as root. [RT #18335]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User2394. [bug] Default configuration options set the limit for
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User open files to 'unlimited' as described in the
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User documentation. [RT #18331]
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater2393. [bug] nested acls containing keys could trigger an
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User assertion in acl.c. [RT #18166]
a24330c4805a224191ab687d0291963062fe3355Tinderbox User2392. [bug] remove 'grep -q' from acl test script, some platforms
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User don't support it. [RT #18253]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2391. [port] hpux: cover additional recvmsg() error codes.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2390. [bug] dispatch.c could make a false warning on 'odd socket'.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt [RT #18301].
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2389. [bug] Move the "working directory writable" check to after
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User the ns_os_changeuser() call. [RT #18326]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2388. [bug] Avoid using tables for layout purposes in
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User statistics XSL [RT #18159].
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2387. [bug] Silence compiler warnings in lib/isc/radix.c.
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User [RT #18147] [RT #18258]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2386. [func] Add warning about too small 'open files' limit.
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2385. [bug] A condition variable in socket.c could leak in
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User rare error handling [RT #17968].
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2384. [security] Fully randomize UDP query ports to improve
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt forgery resilience. [RT #17949, #18098]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2383. [bug] named could double queries when they resulted in
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User SERVFAIL due to overkilling EDNS0 failure detection.
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2381. [port] dlz/mysql: support multiple install layouts for
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User mysql. <prefix>/include/{,mysql/}mysql.h and
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <prefix>/lib/{,mysql/}. [RT #18152]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User proofs which, in turn, caused validation failures
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User for insecure zones immediately below a secure zone
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User the server was authoritative for. [RT #18112]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt TLDs and supported RRs with TTLs [RT #17972]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2376. [bug] Change #2144 was not complete.
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2375. [placeholder]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2374. [bug] "blackhole" ACLs could cause named to segfault due
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User to some uninitialized memory. [RT #18095]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2373. [bug] Default values of zone ACLs were re-parsed each time a
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User new zone was configured, causing an overconsumption
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User of memory. [RT #18092]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2372. [bug] Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2371. [doc] Add +nsid option to dig man page. [RT #18039]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2370. [bug] "rndc freeze" could trigger an assertion in named
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User when called on a nonexistent zone. [RT #18050]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2369. [bug] libbind: Array bounds overrun on read in bitncmp().
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2368. [port] Linux: use libcap for capability management if
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt possible. [RT# 18026]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2367. [bug] Improve counting of dns_resstatscounter_retry
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2366. [bug] Adb shutdown race. [RT #18021]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2365. [bug] Fix a bug that caused dns_acl_isany() to return
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User spurious results. [RT #18000]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2364. [bug] named could trigger a assertion when serving a
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User malformed signed zone. [RT #17828]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2362. [cleanup] Make "rrset-order fixed" a compile-time option.
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User settable by "./configure --enable-fixed-rrset".
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User Disabled by default. [RT #17977]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2361. [bug] "recursion" statistics counter could be counted
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User multiple times for a single query. [RT #17990]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2360. [bug] Fix a condition where we release a database version
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt (which may acquire a lock) while holding the lock.
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2359. [bug] Fix NSID bug. [RT #17942]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2358. [doc] Update host's default query description. [RT #17934]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2357. [port] Don't use OpenSSL's engine support in versions before
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User OpenSSL 0.9.7f. [RT #17922]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2356. [bug] Built in mutex profiler was not scalable enough.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2355. [func] Extend the number statistics counters available.
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2354. [bug] Failed to initialize some rdatasetheader_t elements.
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2353. [func] Add support for Name Server ID (RFC 5001).
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User 'dig +nsid' requests NSID from server.
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User 'request-nsid yes;' causes recursive server to send
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User NSID requests to upstream servers. Server responds
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User to NSID requests with the string configured by
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User 'server-id' option. [RT #17091]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2352. [bug] Various GSS_API fixups. [RT #17729]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2350. [port] win32: IPv6 support. [RT #17797]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2349. [func] Provide incremental re-signing support for secure
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User dynamic zones. [RT #1091]
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User2348. [func] Use the EVP interface to OpenSSL. Add PKCS#11 support.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Documentation is in the new README.pkcs11 file.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User New tool, dnssec-keyfromlabel, which takes the
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User label of a key pair in a HSM and constructs a DNS
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User key pair for use by named and dnssec-signzone.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2347. [bug] Delete now traverses the RB tree in the canonical
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User order. [RT #17451]
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2346. [func] Memory statistics now cover all active memory contexts
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User in increased detail. [RT #17580]
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2345. [bug] named-checkconf failed to detect when forwarders
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User were set at both the options/view level and in
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User a root zone. [RT #17671]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2344. [bug] Improve "logging{ file ...; };" documentation.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2343. [bug] (Seemingly) duplicate IPv6 entries could be
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User created in ADB. [RT #17837]
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2342. [func] Use getifaddrs() if available under Linux. [RT #17224]
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2341. [bug] libbind: add missing -I../include for off source
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User tree builds. [RT #17606]
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2340. [port] openbsd: interface configuration. [RT #17700]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2339. [port] tru64: support for libbind. [RT #17589]
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2338. [bug] check_ds() could be called with a non DS rdataset.
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2336. [func] If "named -6" is specified then listen on all IPv6
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User interfaces if there are not listen-on-v6 clauses in
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2335. [port] sunos: libbind and *printf() support for long long.
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User bug in fromstruct_txt(). [RT #17609]
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2333. [bug] Fix off by one error in isc_time_nowplusinterval().
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2332. [contrib] query-loc-0.4.0. [RT #17602]
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2331. [bug] Failure to regenerate any signatures was not being
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User reported nor being past back to the UPDATE client.
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2330. [bug] Remove potential race condition when handling
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User over memory events. [RT #17572]
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User WARNING: API CHANGE: over memory callback
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User function now needs to call isc_mem_waterack().
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User See <isc/mem.h> for details.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2329. [bug] Clearer help text for dig's '-x' and '-i' options.
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2327. [bug] It was possible to dereference a NULL pointer in
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User rbtdb.c. Implement dead node processing in zones as
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User we do for caches. [RT #17312]
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2326. [bug] It was possible to trigger a INSIST in the acache
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2325. [port] Linux: use capset() function if available. [RT #17557]
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2324. [bug] Fix IPv6 matching against "any;". [RT #17533]
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2323. [port] tru64: namespace clash. [RT #17547]
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2322. [port] MacOS: work around the limitation of setrlimit()
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User for RLIMIT_NOFILE. [RT #17526]
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2321. [placeholder]
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User2320. [func] Make statistics counters thread-safe for platforms
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User that support certain atomic operations. [RT #17466]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2319. [bug] Silence Coverity warnings in
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2318. [port] sunos fixes for libbind. [RT #17514]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
f1f5f896c193cda4cdf5fcbfd4996e94002fd480Tinderbox User2315. [bug] Used incorrect address family for mapped IPv4
f1f5f896c193cda4cdf5fcbfd4996e94002fd480Tinderbox User addresses in acl.c. [RT #17519]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2314. [bug] Uninitialized memory use on error path in
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2313. [cleanup] Silence Coverity warnings. Handle private stacks.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User [RT #17447] [RT #17478]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2311. [bug] IPv6 addresses could match IPv4 ACL entries and
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User vice versa. [RT #17462]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2310. [bug] dig, host, nslookup: flush stdout before emitting
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User debug/fatal messages. [RT #17501]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2306. [bug] Remove potential race from lib/dns/resolver.c.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2305. [security] inet_network() buffer overflow. CVE-2008-0122.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2304. [bug] Check returns from all dns_rdata_tostruct() calls.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2301. [bug] Remove resource leak and fix error messages in
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User bin/tests/system/lwresd/lwtest.c. [RT #17474]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2300. [bug] Fixed failure to close open file in
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2299. [bug] Remove unnecessary NULL check in
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2298. [bug] isc_mutex_lock() failure not caught in
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2297. [bug] isc_entropy_createfilesource() failure not caught in
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2296. [port] Allow docbook stylesheet location to be specified to
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User configure. [RT #17457]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2294. [func] Allow the experimental statistics channels to have
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User multiple connections and ACL.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User Note: the stats-server and stats-server-v6 options
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User available in the previous beta releases are replaced
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User with the generic statistics-channels statement.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2293. [func] Add ACL regression test. [RT #17375]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2292. [bug] Log if the working directory is not writable.
f1f5f896c193cda4cdf5fcbfd4996e94002fd480Tinderbox User2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User failure to set PR_SET_DUMPABLE. [RT #17312]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2290. [bug] Let AD in the query signal that the client wants AD
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User set in the response. [RT #17301]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2289. [func] named-checkzone now reports the out-of-zone CNAME
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User found. [RT #17309]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2288. [port] win32: mark service as running when we have finished
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User loading. [RT #17441]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2286. [func] Allow a TCP connection to be used as a weak
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User authentication method for reverse zones.
1e126d80e1b8a0dd541a733283907656424634dcTinderbox User New update-policy methods tcp-self and 6to4-self.
1e126d80e1b8a0dd541a733283907656424634dcTinderbox User2285. [func] Test framework for client memory context management.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2284. [bug] Memory leak in UPDATE prerequisite processing.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2283. [bug] TSIG keys were not attaching to the memory
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User context. TSIG keys should use the rings
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User memory context rather than the clients memory
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User context. [RT #17377]
1e126d80e1b8a0dd541a733283907656424634dcTinderbox User2282. [bug] Acl code fixups. [RT #17346] [RT #17374]
1e126d80e1b8a0dd541a733283907656424634dcTinderbox User2281. [bug] Attempts to use undefined acls were not being logged.
f1f5f896c193cda4cdf5fcbfd4996e94002fd480Tinderbox User2280. [func] Allow the experimental http server to be reached
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User over IPv6 as well as IPv4. [RT #17332]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User to protect applications from receiving spurious
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User SIGPIPE signals when using the resolver.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2278. [bug] win32: handle the case where Windows returns no
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User search list or DNS suffix. [RT #17354]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2277. [bug] Empty zone names were not correctly being caught at
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User in the post parse checks. [RT #17357]
1e126d80e1b8a0dd541a733283907656424634dcTinderbox User2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
1e126d80e1b8a0dd541a733283907656424634dcTinderbox User2275. [func] Add support to dig to perform IXFR queries over UDP.
1e126d80e1b8a0dd541a733283907656424634dcTinderbox User2274. [func] Log zone transfer statistics. [RT #17336]
1e126d80e1b8a0dd541a733283907656424634dcTinderbox User2273. [bug] Adjust log level to WARNING when saving inconsistent
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User stub/slave master and journal files. [RT# 17279]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2271. [bug] Fix a memory leak in http server code [RT #17100]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2270. [bug] dns_db_closeversion() version->writer could be reset
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User before it is tested. [RT #17290]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User --- 9.5.0b1 released ---
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2267. [bug] Radix tree node_num value could be set incorrectly,
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User causing positive ACL matches to look like negative
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User ones. [RT #17311]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2266. [bug] client.c:get_clientmctx() returned the same mctx
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User once the pool of mctx's was filled. [RT #17218]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2265. [bug] Test that the memory context's basic_table is non NULL
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User before freeing. [RT #17265]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2264. [bug] Server prefix length was being ignored. [RT #17308]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2263. [bug] "named-checkconf -z" failed to set default value
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User for "check-integrity". [RT #17306]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2262. [bug] Error status from all but the last view could be
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User lost. [RT #17292]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2260. [bug] Reported wrong clients-per-query when increasing the
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User value. [RT #17236]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2259. [placeholder]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User --- 9.5.0a7 released ---
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2257. [bug] win32: Use the full path to vcredist_x86.exe when
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User calling it. [RT #17222]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2256. [bug] win32: Correctly register the installation location of
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2254. [bug] timer.c:dispatch() failed to lock timer->lock
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User when reading timer->idle allowing it to see
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User intermediate values as timer->idle was reset by
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User isc_timer_touch(). [RT #17243]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2253. [func] "max-cache-size" defaults to 32M.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User "max-acache-size" defaults to 16M.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2252. [bug] Fixed errors in sortlist code [RT #17216]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2251. [placeholder]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2250. [func] New flag 'memstatistics' to state whether the
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User memory statistics file should be written or not.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User Additionally named's -m option will cause the
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User statistics file to be written. [RT #17113]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2249. [bug] Only set Authentic Data bit if client requested
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User DNSSEC, per RFC 3655 [RT #17175]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2247. [doc] Sort doc/misc/options. [RT #17067]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2246. [bug] Make the startup of test servers (ans.pl) more
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User robust. [RT #17147]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2245. [bug] Validating lack of DS records at trust anchors wasn't
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User working. [RT #17151]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2244. [func] Allow the check of nameserver names against the
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User SOA MNAME field to be disabled by specifying
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User 'notify-to-soa yes;'. [RT #17073]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2243. [func] Configuration files without a newline at the end now
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User parse without error. [RT #17120]
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User library could require a source of random data.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User2241. [func] nsupdate: add a interactive 'help' command. [RT #17099]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews a number of INSIST()s into plain fatal() errors
cbf7f1435f332b31f51a98611ccbfcd07c42c032Automatic Updater which report the triggering result code.
cbf7f1435f332b31f51a98611ccbfcd07c42c032Automatic Updater The 'key' command wasn't disabling GSS-TSIG.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews2238. [bug] It was possible to trigger a REQUIRE when a
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews validation was canceled. [RT #17106]
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2236. [bug] dnssec-signzone failed to preserve the case of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of wildcard owner names. [RT #17085]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews2233. [func] Add support for O(1) ACL processing, based on
5d564da348e890e42f63eebf2dced9a05b41f4fbTinderbox User radix tree code originally written by Kevin
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Brintnall. [RT #16288]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews2232. [bug] dns_adb_findaddrinfo() could fail and return
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews ISC_R_SUCCESS. [RT #17137]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2230. [bug] We could INSIST reading a corrupted journal.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt2229. [bug] Null pointer dereference on query pool creation
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein failure. [RT #17133]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2228. [contrib] contrib: Change 2188 was incomplete.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2227. [cleanup] Tidied up the FAQ. [RT #17121]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews2226. [placeholder]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2225. [bug] More support for systems with no IPv4 addresses.
3eb9ec750c9088869170dda63e8899b2ba462823Mark Andrews2224. [bug] Defer journal compaction if a xfrin is in progress.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews2223. [bug] Make a new journal when compacting. [RT #17119]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2222. [func] named-checkconf now checks server key references.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2221. [bug] Set the event result code to reflect the actual
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User record turned to caller when a cache update is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein rejected due to a more credible answer existing.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2220. [bug] win32: Address a race condition in final shutdown of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the Windows socket code. [RT #17028]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2219. [bug] Apply zone consistency checks to additions, not
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein removals, when updating. [RT #17049]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2217. [func] Adjust update log levels. [RT #17092]
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater2216. [cleanup] Fix a number of errors reported by Coverity.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2214. [bug] Deregister OpenSSL lock callback when cleaning
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein up. Reorder OpenSSL cleanup so that RAND_cleanup()
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is called before the locks are destroyed. [RT #17098]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2213. [bug] SIG0 diagnostic failure messages were looking at the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein wrong status code. [RT #17101]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2212. [func] 'host -m' now causes memory statistics and active
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein memory to be printed at exit. [RT 17028]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2211. [func] Update "dynamic update temporarily disabled" message.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews2210. [bug] Deleting class specific records via UPDATE could
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein fail. [RT #17074]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein2209. [port] osx: linking against user supplied static OpenSSL
1e126d80e1b8a0dd541a733283907656424634dcTinderbox User libraries failed as the system ones were still being
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein found. [RT #17078]
If allow-query-cache is not set in named.conf then
If allow-recursion is not set in named.conf then
2194. [bug] Close journal before calling 'done' in xfrin.c.
2193. [port] win32: BINDInstall.exe is now linked statically.
2192. [port] win32: use vcredist_x86.exe to install Visual
2184. [bug] bind9.xsl.h didn't build out of the source tree.
2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
need to ship Microsoft.VC80.MFCLOC.
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
Fix a memory leak in rbtdb.c:free_noqname().
Make lookup.c:lookup_find() robust against
2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
dighost.c:get_trusted_key(). [RT #16678]
hmac_link.c. [RT #16437]
2145. [bug] Check DS/DLV digest lengths for known digests.
2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
in adb.c. [RT #16670]
2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2137. [port] Mips little endian and/or mips 64 bit are now
2136. [bug] nslookup/host looped if there was no search list
2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
2114. [bug] dig/host/nslookup: searches for names with multiple
2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
2103. [port] Add /usr/sfw to list of locations for OpenSSL
2100. [port] win32: copy libeay32.dll to Build\Debug.
2098. [bug] Race in rbtdb.c:no_references(), which occasionally
if resolv.conf does not exist or no nameservers
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
2085. [doc] win32: added index.html and README to zip. [RT #16201]
2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
2080. [port] libbind: res_init.c did not compile on older versions
2076. [bug] Several files were missing #include <config.h>
of authoritative servers that drop EDNS and/or CD
2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
2043. [port] nsupdate/nslookup: Force the flushing of the prompt
2038. [bug] dig/nslookup/host was unlinking from wrong list
a non slave/stub zone. [RT # 16073]
2028. [port] linux: socket.c compatibility for old systems.
2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
2008. [func] It is now possible to enable/disable DNSSEC
breaks DNSSEC (firewall/proxy). [RT #15592]
2003. [bug] libbind: The DNS name/address lookup functions could
1988. [bug] Remove a bus error from the SHA256/SHA512 support.
1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
1981. [bug] win32: condition.c:wait() could fail to reattain
1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
now be set in named.conf (max-udp-size). This is
xfrin.c:maybe_free() if named ran out of memory.
1944. [cleanup] isc_hash_create() does not need a read/write lock.
1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
1922. [bug] check-tool.c:setup_logging() missing call to
1919. [contrib] queryperf: a set of new features: collecting/printing
'RD' was set in the query. host/nslookup skip servers
1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
1866. [bug] resolv.conf parse errors were being ignored by
dig/host/nslookup. [RT #14841]
1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
when CFLAGS contains "-I /usr/local/include"
1839. [bug] <isc/hash.h> was not being installed.
1836. [cleanup] Silence compiler warnings in hash_test.c.
1834. [bug] Bad memset in rdata_test.c. [RT #13658]
rbtdb.c:subtractrdataset(). [RT #13519]
option in named.conf can be used to specify a
1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
1810. [bug] configure, lib/bind/configure make different default
1808. [bug] zone.c:notify_zone() contained a race condition,
1788. [bug] libbind9.la/libbind9.so needs to link against
1785. [bug] libbind9.la/libbind9.so needs to link against
1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
file clause for rbt{64} master/hint zones. [RT#13009]
1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
1748. [func] dig now returns the byte count for axfr/ixfr.
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
1745. [bug] Dig/host/nslookup accept replies from link locals
1731. [port] darwin: relax version test in ifconfig.sh.
1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
1717. [port] solaris: ifconfig.sh did not support Solaris 10.
"ifconfig.sh down" didn't work for Solaris 9.
1716. [doc] named.conf(5) was being installed in the wrong
1714. [bug] dig/host/nslookup were only trying the first
1707. [contrib] sdb/ldap updated to version 1.0-beta.
1705. [func] Allow the journal's name to be changed via named.conf.
"#include <isc/print.h>". [RT #12321]
1701. [doc] A minimal named.conf man page.
are defined in named.conf. [RT #12023]
/usr/lib. [RT #11971]
1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
adb.c:set_target(). [RT #11582]
1648. [func] Update dnssec-lookaside named.conf syntax to support
1625. [bug] named failed to load/transfer RFC2535 signed zones
1612. [bug] check-names at the option/view level could trigger
1599. [bug] Fix memory leak on error path when checking named.conf.
DNSSEC specify "dnssec-enable yes;" in named.conf.
1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
1566. [port] Support for the cmsg framework on Solaris and HP/UX.
were specified in /etc/resolv.conf. [RT #8232]
1551. [port] Open "/dev/null" before calling chroot().
1532. [port] netbsd: the configure test for <sys/sysctl.h>
requires <sys/param.h>.
1517. [port] Support for IPv6 interface scanning on HP/UX and
only (e.g. DE, LV, US and MUSEUM) these can be excluded
1503. [port] win32: install libeay32.dll outside of system32.
named.conf, tcp-listen-queue.
1498. [port] bsdos: 5.x support.
1478. [port] ifconfig.sh didn't account for other virtual
1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
doc/misc/options. [RT #5616]
via named.conf (edns-udp-size).
1425. [port] linux/libbind: define __USE_MISC when testing *_r()
function prototypes in netdb.h. [RT #4921]
1422. [func] Log name/type/class when denying a query. [RT #4663]
1419. [port] openbsd: use /dev/arandom. [RT #4950]
1417. [func] ID.SERVER/CHAOS is now a built in zone.
1410. [func] Handle records that live in the parent zone, e.g. DS.
1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
'recursing-file = "named.recursing";'.
1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
1353. [contrib] sdb/ldap to version 0.9.
in socket.c and eliminating a host of socket
1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
1336. [func] Nibble lookups under IP6.ARPA are now supported by
1334. [bug] When signing/verifying rdatasets, duplicate rdatas
1326. [bug] DNAME/CNAME signatures were not being cached when
1324. [port] darwin: ifconfig.sh now supports darwin.
1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
1276. [bug] libbind: const pointer conflicts in res_debug.c.
1269. [port] Openserver: ifconfig.sh support.
<sys/param.h> is included or not. Be consistent.
1247. [bug] Don't reset the interface index for link/site local
1234. [bug] contrib/sdb: 'zonetodb' failed to call
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
at the named.conf checking stage. [RT #2431]
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
lib/dns to use this function instead of local one.
occurs when parsing named.conf. [RT #2275]
1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
1145. [func] "host" no longer reports a NOERROR/NODATA response
named/lwresd at compile time. [RT #1982]
1119. [func] Added support in Win32 for NTFS file/directory ACL's
could cause an assertion failure in resolver.c
violation in adb.c. [RT #2017]
1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
1088. [port] libbind: MPE/iX C.70 (incomplete)
on load/reload if views were used. [RT #1947]
1041. [bug] Dig/host/nslookup could catch an assertion failure
1032. [func] hostname.bind/txt/chaos now returns the name of
1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
1030. [bug] On systems with no resolv.conf file, nsupdate
1029. [bug] Some named.conf errors did not cause the loading
1002. [bug] When reporting an unknown class name in named.conf,
972. [bug] The file modification time code in zone.c was using the
non-existent nlist.h. [RT #1640]
957. [bug] sys/select.h inclusion was broken on older platforms.
in named/win32/os.c due to code changes in
updated to add include path for os.h header.
953. [func] The /var/run/named.key file from change #843
has been replaced by /etc/rndc.key. Both
method (rndc.conf / controls). Unlike
bin/tests. [RT #1555].
946. [cleanup] doc/misc/options is now machine-generated from the
when installing isc-config.sh.
were not accepted in named.conf. [RT #1469]
and added lib/isc/win32/entropy.c.
900. [bug] A config.guess update changed the system identification
bin/tests/system/ifconfig.sh now recognize the new
899. [bug] lib/dns/soa.c failed to compile on many platforms
897. [bug] A config.guess update changed the system identification
to Darwin. This was derived from the config.guess
849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
just as <lwres/net.h> does.
843. [func] If no controls statement is present in named.conf,
generated by named and an rndc.conf-style file
named named.key will be written that uses it. rndc
838. [port] UnixWare 7.x.x is now suported by
833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
<dns/soa.h>, and extended them to support
832. [bug] The default location for named.conf in named-checkconf
825. [bug] zone.c:ns_query() detached from the wrong zone
character (i.e. "/") in its name and the directory
down-cased when signing/verifying records. [RT #1186]
in rndc.conf.
786. [bug] When DNSSEC signing/verifying data, owner names were
755. [bug] Fix incorrectly formatted log messages in zone.c.
748. [doc] List supported RFCs in doc/misc/rfc-compliance.
739. [port] Look for /dev/random in configure, rather than
737. [port] stdtime.c failed to compile on certain platforms.
dispatch.c:do_cancel(). [RT #733]
718. [cleanup] "internal" is no longer a reserved word in named.conf.
failure in adb.c. [RT #738]
703. [port] sys/select.h is needed on older platforms. [RT #695]
702. [func] If the address 0.0.0.0 is seen in resolv.conf,
693. [bug] An empty lwres statement in named.conf caused
685. [bug] nslookup should use the search list/domain options
from resolv.conf by default. [RT #405, #630]
646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
for syntax checking named.conf files and zone files,
604. [bug] The named.conf parser could print incorrect line
577. [func] Log illegal RDATA combinations. e.g. multiple
570. [bug] rbtdb.c allowed zones containing nodes which had
568. [func] Add sample simple database drivers in contrib/sdb.
of rdata type/class mnemonics in log messages.
516. [bug] Cache lookups which had a NULL node pointer, e.g.
DNAME, would trigger an INSIST(!search.need_cleanup)
490. [func] When a slave/stub zone has not yet successfully
from the named.conf "listen-on" statement, sockets
477. [bug] The the isc-config.sh script could be installed before
471. [bug] nsupdate didn't compile on HP/UX 10.20
and subsequent name servers in resolv.conf if the
457. [bug] Dig/host/hslookup didn't properly handle connect
documented as such in named.conf. [RT #304, RT #311]
is specified in named.conf. [RT #306]
is specified in named.conf. [RT #301]
432. [func] Added refresh/retry jitter. The actual refresh/
428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
(e.g. glue). This could cause SERVFAILs when
e.g. due to corrupt zones with multiple SOA records.
an argc/argv style vector of words and sets
view/global one for CNAME targets and additional
369. [func] Support new named.conf options, view and zone
the distribution, in doc/man/dnssec.
353. [bug] double increment in lwres/gethost.c:copytobuf().
348. [func] New boolean named.conf options 'additional-from-auth'
345. [bug] Large-scale changes/cleanups to dig:
341. [func] Support 'key' clause in named.conf zone masters
327. [bug] rndc.conf parser wasn't correctly recognizing an IP
320. [func] Multiple rndc changes: parses an rndc.conf file,
319. [func] The named.conf "controls" statement is now used
314. [func] The named.conf controls statement can now have
313. [bug] When parsing resolv.conf, don't terminate on an
resolv.conf search path from 6 to 8. If there
resolv.conf was empty or a comment.
310. [func] Changes to named.conf "controls" statement (inet
are listed in resolv.conf, silently ignore them
each library's ipv6.h defines the wrapper symbol of
any $sbindir/dig from a previous release.)
that lack /dev/random.
280. [func] Add isc-config.sh, which can be used to more
two or more files in libomapi.a were not namespace
278. [bug] bin/named/logconf.c:category_fromconf() didn't take
266. [bug] zone.c:save_nsrrset() node was not initialized.
262. [bug] 'master' was not initialized in zone.c:stub_callback().
for global options block of named.conf. Both accept
258. [bug] Fixed printing of lwres_addr_t.address field.
256. [func] isc_ratelimiter_t now has attach/detach semantics, and
253. [func] resolv.conf parser now recognizes ';' and '#' as
252. [bug] resolv.conf parser mishandled masks on sortlists.
244. [bug] empty named.conf file and empty options statement are
243. [func] new cachesize option for named.conf
+ missing sigwait prototype on BSD/OS 4.0/4.0.1.
BSD/OS 4.*, Linux and Solaris 2.8.
230. [func] Replace the dst sign/verify API with a cleaner one.
from confparser.c, because of yacc's code, are
212. [func] Added dns_message_get/settsigkey, to make TSIG
compiling in the lib/dns/sec/{dnssafe,openssl}
204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
run on a PA 1.x system."
201. [cleanup] Removed the test/sdig program, it has been
replaced by bin/dig/dig.
(e.g., running out of network buffers) were
and/or interfaces. [19-May-2000 explorer]
191. [func] Patched to compile on UnixWare 7.x. This platform
range for overflow/underflow. In the case of
184. [cleanup] Variables/functions which began with two leading
underscores were made to conform to the ANSI/ISO
179. [func] options named.conf statement *must* now come
178. [func] Post-load of named.conf check verifies a slave zone
168. [bug] include statements in named.conf caused syntax errors
162. [bug] Ensure proper range for arguments to ctype.h functions.
masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
util/check-includes for how this was tested.
145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
<isc/result.h>.
of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
need <isc/eventclass.h>.
instead of <isc/time.h>.
128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
and creates null keys/sets zone status bit for
<isc/result.h>.
<isc/result.h>. Multiple inclusion protection
isc_symtab_t moved to <isc/types.h>.
<isc/net.h>.
118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
117. [cleanup] libdns.a changes:
116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
<isc/list.h>.
<isc/mutex.h>.
<isc/list.h>.
bin/tests/{db,mem,sockaddr,tasks,timers}/.
108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
105. [doc] doc/dev/coding.html expanded with other
103. [func] libisc buffer API changes for <isc/buffer.h>:
on BSD/OS 4.1.
101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
<isc/event.h>.
or <isc/result.h>.
<isc/result.h>.
90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
from <named/listenlist.h>.
<isc/mem.h>. isc_interface_t and isc_interfaceiter_t
moved to <isc/types.h>.
86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
<isc/types.h>.
<isc/int.h>.
<isc/lang.h>.
subsumed by file.o.
OpenSSL libraries/headers.
from <dns/types.h>.
59. [bug] Cause net/host unreachable to be a hard error
58. [bug] bin/named/query.c could sometimes trigger the
(client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
<sys/param.h>.
logging module "dns/validator".
and isc_lex_t to <isc/types.h>.
31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
25. [bug] make install failed to install <isc/log.h> and
configure.in to check for presence of in6addr_any.
9. [cleanup] replaced bit-setting code in confctx.c and replaced
4. [port] bin/named/unix/os.c didn't compile on systems with
get only what we need from <linux/capability.h>, and
systems without /dev/random.
lib/isc/unix/include/isc/Makefile.in had a typo which