CHANGES revision e8555412f186ad05a064591bcb25c2f7d7395756
bf43fdafa3bff9e84cb03f1a19aca74514d2516eBob Halley4402. [bug] protoc-c is now a hard requirement for --enable-dnstap.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence --- 9.11.0b1 released ---
bf43fdafa3bff9e84cb03f1a19aca74514d2516eBob Halley4401. [misc] Change LICENSE to MPL 2.0.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence4400. [bug] ttl policy was not being inherited in policy.py.
15a44745412679c30a6d022733925af70a38b715David Lawrence4399. [bug] policy.py 'ECCGOST', 'ECDSAP256SHA256', and
15a44745412679c30a6d022733925af70a38b715David Lawrence 'ECDSAP384SHA384' don't have settable keysize.
15a44745412679c30a6d022733925af70a38b715David Lawrence4398. [bug] Correct spelling of ECDSAP256SHA256 in policy.py.
bf43fdafa3bff9e84cb03f1a19aca74514d2516eBob Halley4397. [bug] Update Windows python support. [RT #42538]
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence4396. [func] dnssec-keymgr now takes a '-r randomfile' option.
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence4395. [bug] Improve out-of-tree installation of python modules.
e419f613d8591885df608cb73065921be07dd12eBob Halley4394. [func] Add rndc command "dnstap-reopen" to close and
9695ae1c24b168996e3a267855dc754971ccb32cBob Halley reopen dnstap output files. [RT #41803]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4393. [bug] Address potential NULL pointer dereferences in
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4392. [func] Collect statistics for RSSAC02v3 traffic-volume,
1b1e1fda4638334b484aa38c15f53a131c0b0fdfAndreas Gustafsson traffic-sizes and rcode-volume reporting. [RT #41475]
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews4391. [bug] Fix leaks in contrib DLZ code. [RT #42707]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4390. [doc] Description of masters with TSIG, allow-query and
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington allow-transfer options in catalog zones. [RT #42692]
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrence4389. [test] Rewritten test suite for catalog zones. [RT #42676]
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrence4388. [func] Support for master entries with TSIG keys in catalog
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrence zones. [RT #42577]
e419f613d8591885df608cb73065921be07dd12eBob Halley4387. [bug] Change 4336 was not complete leading to SERVFAIL
92ef1a9b9dbd48ecb507b42ac62c15afefdaf838David Lawrence being return as NS records expired. [RT #42683]
bf43fdafa3bff9e84cb03f1a19aca74514d2516eBob Halley4386. [bug] Remove shadowed overmem function/variable. [RT #42706]
5c6117688525d0e8d247f50c63364f66bd8d4185Brian Wellington4385. [func] Add support for allow-query and allow-transfer ACLs
6bc1a645619a14707da68b130dafe41721fd2f25Brian Wellington to catalog zones. [RT #42578]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4384. [bug] Change 4256 accidentally disabled logging of the
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley rndc command. [RT #42654]
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence4383. [bug] Correct spelling error in stats channel description of
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews "EDNS client subnet option received". [RT #42633]
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington4382. [bug] rndc {addzone,modzone,delzone,showzone} should all
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews compare the zone name using a canonical format.
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington4381. [bug] Missing "zone-directory" option in catalog zone
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence definition caused BIND to crash. [RT #42579]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews --- 9.11.0a3 released ---
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4380. [experimental] Added a "zone-directory" option to "catalog-zones"
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington syntax, allowing local masterfiles for slaves
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews that are provisioned by catalog zones to be stored
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence in a directory other than the server's working
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington directory. [RT #42527]
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence4379. [bug] An INSIST could be triggered if a zone contains
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington RRSIG records with expiry fields that loop
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington using serial number arithmetic. [RT #40571]
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington4378. [contrib] #include <isc/string.h> for strlcat in zone2ldap.c.
76c8294c81fb48b1da6e1fc5b83322a4cedb8e58Andreas Gustafsson4377. [bug] Don't reuse zero TTL responses beyond the current
76c8294c81fb48b1da6e1fc5b83322a4cedb8e58Andreas Gustafsson client set (excludes ANY/SIG/RRSIG queries).
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4376. [experimental] Added support for Catalog Zones, a new method for
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews provisioning secondary servers in which a list of
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews zones to be served is stored in a DNS zone and can
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews be propagated to slaves via AXFR/IXFR. [RT #41581]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4375. [func] Add support for automatic reallocation of isc_buffer
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley to isc_buffer_put* functions. [RT #42394]
9cd6710f91bdffef5aed68ab02533e398f6134d7Brian Wellington4374. [bug] Use SAVE/RESTORE macros in query.c to reduce the
9cd6710f91bdffef5aed68ab02533e398f6134d7Brian Wellington probability of reference counting errors as seen
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley in 4365. [RT #42405]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4373. [bug] Address undefined behaviour in getaddrinfo. [RT #42479]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4372. [bug] Address undefined behaviour in libt_api. [RT #42480]
e44487bfc23599b6b240e09d83d1c862fecfcc82Michael Graff4371. [func] New "minimal-any" option reduces the size of UDP
e44487bfc23599b6b240e09d83d1c862fecfcc82Michael Graff responses for qtype ANY by returning a single
e44487bfc23599b6b240e09d83d1c862fecfcc82Michael Graff arbitrarily selected RRset instead of all RRsets.
e44487bfc23599b6b240e09d83d1c862fecfcc82Michael Graff Thanks to Tony Finch. [RT #41615]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4370. [bug] Address python3 compatibility issues with RNDC module.
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley [RT #42499] [RT #42506]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews --- 9.11.0a2 released ---
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4369. [bug] Fix 'make' and 'make install' out-of-tree python
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews support. [RT #42484]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4368. [bug] Fix a crash when calling "rndc stats" on some
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews Windows builds because some Visual Studio compilers
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews generated crashing code for the "%z" printf()
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews format specifier. [RT #42380]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4367. [bug] Remove unnecessary assignment of loadtime in
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews zone_touched. [RT #42440]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4366. [bug] Address race condition when updating rbtnode bit
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews fields. [RT #42379]
98d010a24a9f1b4b45ce9791845941ef90426d0cBrian Wellington4365. [bug] Address zone reference counting errors involving
98d010a24a9f1b4b45ce9791845941ef90426d0cBrian Wellington nxdomain-redirect. [RT #42258]
98d010a24a9f1b4b45ce9791845941ef90426d0cBrian Wellington4364. [port] freebsd: add -Wl,-E to loader flags [RT #41690]
98d010a24a9f1b4b45ce9791845941ef90426d0cBrian Wellington4363. [port] win32: Disable explicit triggering UAC when running
98d010a24a9f1b4b45ce9791845941ef90426d0cBrian Wellington4362. [func] Changed rndc reconfig behaviour so that newly added
98d010a24a9f1b4b45ce9791845941ef90426d0cBrian Wellington zones are loaded asynchronously and the loading does
98d010a24a9f1b4b45ce9791845941ef90426d0cBrian Wellington not block the server. [RT #41934]
98d010a24a9f1b4b45ce9791845941ef90426d0cBrian Wellington4361. [cleanup] Where supported, file modification times returned
98d010a24a9f1b4b45ce9791845941ef90426d0cBrian Wellington by isc_file_getmodtime() are now accurate to the
98d010a24a9f1b4b45ce9791845941ef90426d0cBrian Wellington nanosecond. [RT #41968]
98d010a24a9f1b4b45ce9791845941ef90426d0cBrian Wellington4360. [bug] Silence spurious 'bad key type' message when there is
98d010a24a9f1b4b45ce9791845941ef90426d0cBrian Wellington a existing TSIG key. [RT #42195]
98d010a24a9f1b4b45ce9791845941ef90426d0cBrian Wellington4359. [bug] Inherited 'also-notify' lists were not being checked
98d010a24a9f1b4b45ce9791845941ef90426d0cBrian Wellington by named-checkconf. [RT #42174]
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews4358. [test] Added American Fuzzy Lop harness that allows
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews feeding fuzzed packets into BIND.
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews4357. [func] Add the python RNDC module. [RT #42093]
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews4356. [func] Add the ability to specify whether to wait for
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews nameserver addresses to be looked up or not to
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews RPZ with a new modifying directive 'nsip-wait-recurse'.
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews4355. [func] "pkcs11-list" now displays the extractability
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews attribute of private or secret keys stored in
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews an HSM, as either "true", "false", or "never"
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews Thanks to Daniel Stirnimann. [RT #36557]
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews4354. [bug] Check that the received HMAC length matches the
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews expected length prior to check the contents on the
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews control channel. This prevents a OOB read error.
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews This was reported by Lian Yihan, <lianyihan@360.cn>.
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews4353. [cleanup] Update PKCS#11 header files. [RT #42175]
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews4352. [cleanup] The ISC DNSSEC Lookaside Validation (DLV) service
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews is scheduled to be disabled in 2017. A warning is
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews now logged when named is configured to use it,
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews either explicitly or via "dnssec-lookaside auto;"
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews4351. [bug] 'dig +noignore' didn't work. [RT #42273]
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews4350. [contrib] Declare result in dlz_filesystem_dynamic.c.
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington4349. [contrib] kasp2policy: A python script to create a DNSSEC
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington policy file from an OpenDNSSEC KASP XML file.
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington4348. [func] dnssec-keymgr: A new python-based DNSSEC key
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews management utility, which reads a policy definition
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington file and can create or update DNSSEC keys as needed
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington to ensure that a zone's keys match policy, roll over
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington correctly on schedule, etc. Thanks to Sebastian
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington Castro for assistance in development. [RT #39211]
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington4347. [port] Corrected a build error on x86_64 Solaris. [RT #42150]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4346. [bug] Fixed a regression introduced in change #4337 which
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington caused signed domains with revoked KSKs to fail
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington validation. [RT #42147]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4345. [contrib] perftcpdns mishandled the return values from
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington clock_nanosleep. [RT #42131]
9cd6710f91bdffef5aed68ab02533e398f6134d7Brian Wellington4344. [port] Address openssl version differences. [RT #42059]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4343. [bug] dns_dnssec_syncupdate misdeclared in <dns/dnssec.h>.
5c6117688525d0e8d247f50c63364f66bd8d4185Brian Wellington4342. [bug] 'rndc flushtree' could fail to clean the tree if there
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington wasn't a node at the specified name. [RT #41846]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington --- 9.11.0a1 released ---
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4341. [bug] Correct the handling of ECS options with
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington address family 0. [RT #41377]
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington4340. [performance] Implement adaptive read-write locks, reducing the
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington overhead of locks that are only held briefly.
17a3fcecd069130a5f318685493b0db5639a77c9Brian Wellington4339. [test] Use "mdig" to test pipelined queries. [RT #41929]
1b1e1fda4638334b484aa38c15f53a131c0b0fdfAndreas Gustafsson4338. [bug] Reimplement change 4324 as it wasn't properly doing
18b7133679efa8f60fd4e396c628576f3f416b3eBrian Wellington all the required book keeping. [RT #41941]
8839b6acbf816fedc15b8e9e1c71fd606a9cd8eaBrian Wellington4337. [bug] The previous change exposed a latent flaw in
8839b6acbf816fedc15b8e9e1c71fd606a9cd8eaBrian Wellington key refresh queries for managed-keys when
8839b6acbf816fedc15b8e9e1c71fd606a9cd8eaBrian Wellington a cached DNSKEY had TTL 0. [RT #41986]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4336. [bug] Don't emit records with zero ttl unless the records
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington were learnt with a zero ttl. [RT #41687]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4335. [bug] zone->view could be detached too early. [RT #41942]
3676eeb6ca95c66aae1256f37af8c990d9f25eb4Brian Wellington4334. [func] 'named -V' now reports zlib version. [RT #41913]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4333. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42 and
48ed268b3378a8b729a0037bc4ae2ed73647a96aBrian Wellington 2001:500:9f::42.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4332. [placeholder]
48ed268b3378a8b729a0037bc4ae2ed73647a96aBrian Wellington4331. [func] When loading managed signed zones detect if the
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington RRSIG's inception time is in the future and regenerate
48ed268b3378a8b729a0037bc4ae2ed73647a96aBrian Wellington the RRSIG immediately. [RT #41808]
48ed268b3378a8b729a0037bc4ae2ed73647a96aBrian Wellington4330. [protocol] Identify the PAD option as "PAD" when printing out
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4329. [func] Warn about a common misconfiguration when forwarding
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington RFC 1918 zones. [RT #41441]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4328. [performance] Add dns_name_fromwire() benchmark test. [RT #41694]
9cd6710f91bdffef5aed68ab02533e398f6134d7Brian Wellington4327. [func] Log query and depth counters during fetches when
8839b6acbf816fedc15b8e9e1c71fd606a9cd8eaBrian Wellington querytrace (./configure --enable-querytrace) is
9cd6710f91bdffef5aed68ab02533e398f6134d7Brian Wellington enabled (helps in diagnosing). [RT #41787]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4326. [protocol] Add support for AVC. [RT #41819]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4325. [func] Add a line to "rndc status" indicating the
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews hostname and operating system details. [RT #41610]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4324. [bug] When deleting records from a zone database, interior
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews nodes could be left empty but not deleted, damaging
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews search performance afterward. [RT #40997]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4323. [bug] Improve HTTP header processing on statschannel.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4322. [security] Duplicate EDNS COOKIE options in a response could
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews trigger an assertion failure. (CVE-2016-2088)
48ed268b3378a8b729a0037bc4ae2ed73647a96aBrian Wellington4321. [bug] Zones using mapped files containing out-of-zone data
17a3fcecd069130a5f318685493b0db5639a77c9Brian Wellington could return SERVFAIL instead of the expected NODATA
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson or NXDOMAIN results. [RT #41596]
18b7133679efa8f60fd4e396c628576f3f416b3eBrian Wellington4320. [bug] Insufficient memory allocation when handling
8839b6acbf816fedc15b8e9e1c71fd606a9cd8eaBrian Wellington "none" ACL could cause an assertion failure in
8839b6acbf816fedc15b8e9e1c71fd606a9cd8eaBrian Wellington named when parsing ACL configuration. [RT #41745]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4319. [security] Fix resolver assertion failure due to improper
17a3fcecd069130a5f318685493b0db5639a77c9Brian Wellington DNAME handling when parsing fetch reply messages.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews (CVE-2016-1286) [RT #41753]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4318. [security] Malformed control messages can trigger assertions
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews in named and rndc. (CVE-2016-1285) [RT #41666]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4317. [bug] Age all unused servers on fetch timeout. [RT #41597]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4316. [func] Add option to tools to print RRs in unknown
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews presentation format [RT #41595].
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4315. [bug] Check that configured view class isn't a meta class.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews [RT #41572].
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4314. [contrib] Added 'dnsperf-2.1.0.0-1', a set of performance
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews testing tools provided by Nominum, Inc.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4313. [bug] Handle ns_client_replace failures in test mode.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4312. [bug] dig's unknown DNS and EDNS flags (MBZ value) logging
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews was not consistent. [RT #41600]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4311. [bug] Prevent "rndc delzone" from being used on
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews response-policy zones. [RT #41593]
48ed268b3378a8b729a0037bc4ae2ed73647a96aBrian Wellington4310. [performance] Use __builtin_expect() where available to annotate
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews conditions with known behavior. [RT #41411]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4309. [cleanup] Remove the spurious "none" filename from log messages
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews when processing built-in configuration. [RT #41594]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4308. [func] Added operating system details to "named -V"
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews output. [RT #41452]
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews4307. [bug] "dig +subnet" and "mdig +subnet" could send
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews incorrectly-formatted Client Subnet options
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews if the prefix length was not divisible by 8.
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews Also fixed a memory leak in "mdig". [RT #45178]
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews4306. [maint] Added a PKCS#11 openssl patch supporting
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews version 1.0.2f [RT #38312]
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews4305. [bug] dnssec-signzone was not removing unnecessary rrsigs
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews from the zone's apex. [RT #41483]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4304. [port] xfer system test failed as 'tail -n +value' is not
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews portable. [RT #41315]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4303. [bug] "dig +subnet" was unable to send a prefix length of
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews zero, as it was incorrectly changed to 32 for v4
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews prefixes or 128 for v6 prefixes. In addition to
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews fixing this, "dig +subnet=0" has been added as a
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews short form for 0.0.0.0/0. The same changes have
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews also been made in "mdig". [RT #41553]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4302. [port] win32: fixed a build error in VS 2015. [RT #41426]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4301. [bug] dnssec-settime -p [DP]sync was not working. [RT #41534]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4300. [bug] A flag could be set in the wrong field when setting
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews up non-recursive queries; this could cause the
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews SERVFAIL cache to cache responses it shouldn't.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews New querytrace logging has been added which
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews identified this error. [RT #41155]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4299. [bug] Check that exactly totallen bytes are read when
48ed268b3378a8b729a0037bc4ae2ed73647a96aBrian Wellington reading a RRset from raw files in both single read
48ed268b3378a8b729a0037bc4ae2ed73647a96aBrian Wellington and incremental modes. [RT #41402]
3676eeb6ca95c66aae1256f37af8c990d9f25eb4Brian Wellington4298. [bug] dns_rpz_add errors in loadzone were not being
3676eeb6ca95c66aae1256f37af8c990d9f25eb4Brian Wellington propagated up the call stack. [RT #41425]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4297. [test] Ensure delegations in RPZ zones fail robustly.
3676eeb6ca95c66aae1256f37af8c990d9f25eb4Brian Wellington4296. [bug] TCP packet sizes were calculated incorrectly in the
3676eeb6ca95c66aae1256f37af8c990d9f25eb4Brian Wellington stats channel; they could be counted in the wrong
e44487bfc23599b6b240e09d83d1c862fecfcc82Michael Graff histogram bucket. [RT #40587]
6f071989da905bb5ab2c6dfd01a71ee5ecea5918Brian Wellington4295. [bug] An unchecked result in dns_message_pseudosectiontotext()
6f071989da905bb5ab2c6dfd01a71ee5ecea5918Brian Wellington could allow incorrect text formatting of EDNS EXPIRE
6f071989da905bb5ab2c6dfd01a71ee5ecea5918Brian Wellington options. [RT #41437]
6f071989da905bb5ab2c6dfd01a71ee5ecea5918Brian Wellington4294. [bug] Fixed a regression in which "rndc stop -p" failed
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews to print the PID. [RT #41513]
8839b6acbf816fedc15b8e9e1c71fd606a9cd8eaBrian Wellington4293. [bug] Address memory leak on priming query creation failure.
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4292. [placeholder]
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson4291. [cleanup] Added a required include to dns/forward.h. [RT #41474]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4290. [func] The timers returned by the statistics channel
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington (indicating current time, server boot time, and
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington most recent reconfiguration time) are now reported
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington with millisecond accuracy. [RT #40082]
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington4289. [bug] The server could crash due to memory being used
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews after it was freed if a zone transfer timed out.
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson4288. [bug] Fixed a regression in resolver.c:possibly_mark()
1b1e1fda4638334b484aa38c15f53a131c0b0fdfAndreas Gustafsson which caused known-bogus servers to be queried
18b7133679efa8f60fd4e396c628576f3f416b3eBrian Wellington anyway. [RT #41321]
17a3fcecd069130a5f318685493b0db5639a77c9Brian Wellington4287. [bug] Silence an overly noisy log message when message
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews parsing fails. [RT #41374]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4286. [security] render_ecs errors were mishandled when printing out
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews a OPT record resulting in a assertion failure.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews (CVE-2015-8705) [RT #41397]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4285. [security] Specific APL data could trigger a INSIST.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews (CVE-2015-8704) [RT #41396]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4284. [bug] Some GeoIP options were incorrectly documented
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews using abbreviated forms which were not accepted by
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews named. The code has been updated to allow both
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews long and abbreviated forms. [RT #41381]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4283. [bug] OPENSSL_config is no longer re-callable. [RT #41348]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4282. [func] 'dig +[no]mapped' determine whether the use of mapped
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews IPv4 addresses over IPv6 is permitted or not. The
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews default is +mapped. [RT #41307]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4281. [bug] Teach dns_message_totext about BADCOOKIE. [RT #41257]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4280. [performance] Use optimal message sizes to improve compression
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews in AXFRs. This reduces network traffic. [RT #40996]
17a3fcecd069130a5f318685493b0db5639a77c9Brian Wellington4279. [test] Don't use fixed ports when unit testing. [RT #41194]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4278. [bug] 'delv +short +[no]split[=##]' didn't work as expected.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4277. [performance] Improve performance of the RBT, the central zone
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews datastructure: The aux hashtable was improved,
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews hash function was updated to perform more
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews uniform mapping, uppernode was added to
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews dns_rbtnode, and other cleanups and performance
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews improvements were made. [RT #41165]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4276. [protocol] Add support for SMIMEA. [RT #40513]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4275. [performance] Lazily initialize dns_compress->table only when
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews compression is enabled. [RT #41189]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4274. [performance] Speed up typemap processing from text. [RT #41196]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4273. [bug] Only call dns_test_begin() and dns_test_end() once each
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews in nsec3_test as it fails with GOST if called multiple
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4272. [bug] dig: the +norrcomments option didn't work with +multi.
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews4271. [test] Unit tests could deadlock in isc__taskmgr_pause().
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews4270. [security] Update allowed OpenSSL versions as named is
c99d9017ba00099bfa89e1ed53e63a5cb07d28d5Mark Andrews potentially vulnerable to CVE-2015-3193.
421e4cf66e4cba0b0751a34a9c027e39fe0474f9Mark Andrews4269. [bug] Zones using "map" format master files currently
8b5de9701428e2b5eb50aba96af23dc1186124ddMark Andrews don't work as policy zones. This limitation has
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington now been documented; attempting to use such zones
c99d9017ba00099bfa89e1ed53e63a5cb07d28d5Mark Andrews in "response-policy" statements is now a
c99d9017ba00099bfa89e1ed53e63a5cb07d28d5Mark Andrews configuration error. [RT #38321]
c99d9017ba00099bfa89e1ed53e63a5cb07d28d5Mark Andrews4268. [func] "rndc status" now reports the path to the
c99d9017ba00099bfa89e1ed53e63a5cb07d28d5Mark Andrews configuration file. [RT #36470]
c99d9017ba00099bfa89e1ed53e63a5cb07d28d5Mark Andrews4267. [test] Check sdlz error handling. [RT #41142]
c70908209ee26c51a8e7242a56fdb73847249728Brian Wellington4266. [placeholder]
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews4265. [bug] Address unchecked isc_mem_get calls. [RT #41187]
c70908209ee26c51a8e7242a56fdb73847249728Brian Wellington4264. [bug] Check const of strchr/strrchr assignments match
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews argument's const status. [RT #41150]
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews4263. [contrib] Address compiler warnings in mysqldyn module.
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4262. [bug] Fixed a bug in epoll socket code that caused
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington sockets to not be registered for ready
c99d9017ba00099bfa89e1ed53e63a5cb07d28d5Mark Andrews notification in some cases, causing named to not
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington read from or write to them, resulting in what
c99d9017ba00099bfa89e1ed53e63a5cb07d28d5Mark Andrews appear to the user as blocked connections.
c99d9017ba00099bfa89e1ed53e63a5cb07d28d5Mark Andrews4261. [maint] H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53.
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson4260. [security] Insufficient testing when parsing a message allowed
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson records with an incorrect class to be be accepted,
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington triggering a REQUIRE failure when those records
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington were subsequently cached. (CVE-2015-8000) [RT #40987]
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews4259. [func] Add an option for non-destructive control channel
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson access using a "read-only" clause. In such
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington cases, a restricted set of rndc commands are
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington allowed for querying information from named.
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4258. [bug] Limit rndc query message sizes to 32 KiB. This should
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews not break any legitimate rndc commands, but will
d1cbf714097e900ed1703529584d3e1a50e8a4a8Brian Wellington prevent a rogue rndc query from allocating too
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington much memory. [RT #41073]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4257. [cleanup] Python scripts reported incorrect version. [RT #41080]
421e4cf66e4cba0b0751a34a9c027e39fe0474f9Mark Andrews4256. [bug] Allow rndc command arguments to be quoted so as
421e4cf66e4cba0b0751a34a9c027e39fe0474f9Mark Andrews to allow spaces. [RT #36665]
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews4255. [performance] Add 'message-compression' option to disable DNS
421e4cf66e4cba0b0751a34a9c027e39fe0474f9Mark Andrews compression in responses. [RT #40726]
421e4cf66e4cba0b0751a34a9c027e39fe0474f9Mark Andrews4254. [bug] Address missing lock when getting zone's serial.
8b5de9701428e2b5eb50aba96af23dc1186124ddMark Andrews4253. [security] Address fetch context reference count handling error
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews on socket error. (CVE-2015-8461) [RT#40945]
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews4252. [func] Add support for automating the generation CDS and
8b5de9701428e2b5eb50aba96af23dc1186124ddMark Andrews CDNSKEY rrsets to named and dnssec-signzone.
8b5de9701428e2b5eb50aba96af23dc1186124ddMark Andrews4251. [bug] NTAs were deleted when the server was reconfigured
8b5de9701428e2b5eb50aba96af23dc1186124ddMark Andrews or reloaded. [RT #41058]
8b5de9701428e2b5eb50aba96af23dc1186124ddMark Andrews4250. [func] Log the TSIG key in use during inbound zone
8b5de9701428e2b5eb50aba96af23dc1186124ddMark Andrews transfers. [RT #41075]
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews4249. [func] Improve error reporting of TSIG / SIG(0) records in
8b5de9701428e2b5eb50aba96af23dc1186124ddMark Andrews the wrong location. [RT #41030]
8b5de9701428e2b5eb50aba96af23dc1186124ddMark Andrews4248. [performance] Add an isc_atomic_storeq() function, use it in
8b5de9701428e2b5eb50aba96af23dc1186124ddMark Andrews stats counters to improve performance.
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews [RT #39972] [RT #39979]
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews4247. [port] Require both HAVE_JSON and JSON_C_VERSION to be
8b5de9701428e2b5eb50aba96af23dc1186124ddMark Andrews defined to report json library version. [RT #41045]
421e4cf66e4cba0b0751a34a9c027e39fe0474f9Mark Andrews4246. [test] Ensure the statschannel system test runs when BIND
8b5de9701428e2b5eb50aba96af23dc1186124ddMark Andrews is not built with libjson. [RT #40944]
8b5de9701428e2b5eb50aba96af23dc1186124ddMark Andrews4245. [placeholder]
c99d9017ba00099bfa89e1ed53e63a5cb07d28d5Mark Andrews4244. [bug] The parser was not reporting that use-ixfr is obsolete.
c99d9017ba00099bfa89e1ed53e63a5cb07d28d5Mark Andrews4243. [func] Improved stats reporting from Timothe Litt. [RT #38941]
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews4242. [bug] Replace the client if not already replaced when
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews prefetching. [RT #41001]
638fe804a524ee0c028863c0301b999c79de7651Mark Andrews4241. [doc] Improved the TSIG, TKEY, and SIG(0) sections in
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews the ARM. [RT #40955]
638fe804a524ee0c028863c0301b999c79de7651Mark Andrews4240. [port] Fix LibreSSL compatibility. [RT #40977]
638fe804a524ee0c028863c0301b999c79de7651Mark Andrews4239. [func] Changed default servfail-ttl value to 1 second from 10.
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews Also, the maximum value is now 30 instead of 300.
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews4238. [bug] Don't send to servers on net zero (0.0.0.0/8).
368b37b616234fce3d23099eb180f1dd38e1fb62Mark Andrews4237. [doc] Upgraded documentation toolchain to use DocBook 5
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews and dblatex. [RT #40766]
421e4cf66e4cba0b0751a34a9c027e39fe0474f9Mark Andrews4236. [performance] On machines with 2 or more processors (CPU), the
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington default value for the number of UDP listeners
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews has been changed to the number of detected
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington processors minus one. [RT #40761]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4235. [func] Added support in named for "dnstap", a fast method of
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews capturing and logging DNS traffic, and a new command
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson "dnstap-read" to read a dnstap log file. Use
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington "configure --enable-dnstap" to enable this
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews feature (note that this requires libprotobuf-c
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington and libfstrm). See the ARM for configuration details.
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson Thanks to Robert Edmonds of Farsight Security.
421e4cf66e4cba0b0751a34a9c027e39fe0474f9Mark Andrews4234. [func] Add deflate compression in statistics channel HTTP
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews server. [RT #40861]
421e4cf66e4cba0b0751a34a9c027e39fe0474f9Mark Andrews4233. [test] Add tests for CDS and CDNSKEY with delegation-only.
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews4232. [contrib] Address unchecked memory allocation calls in
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington query-loc and zone2ldap. [RT #40789]
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews4231. [contrib] Address unchecked calloc call in dlz_mysqldyn_mod.c.
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews4230. [contrib] dlz_wildcard_dynamic.c:dlz_create could return a
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington uninitialized result. [RT #40839]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4229. [bug] A variable could be used uninitialized in
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington dns_update_signaturesinc. [RT #40784]
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington4228. [bug] Address race condition in dns_client_destroyrestrans.
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington4227. [bug] Silence static analysis warnings. [RT #40828]
e27021ee1f37185ab839a7a3b6bc078c24255e62Brian Wellington4226. [bug] Address a theoretical shutdown race in
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews zone.c:notify_send_queue(). [RT #38958]
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington4225. [port] freebsd/openbsd: Use '${CC} -shared' for building
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington shared libraries. [RT #39557]
9cd6710f91bdffef5aed68ab02533e398f6134d7Brian Wellington4224. [func] Added support for "dyndb", a new interface for loading
6f071989da905bb5ab2c6dfd01a71ee5ecea5918Brian Wellington zone data from an external database, developed by
6f071989da905bb5ab2c6dfd01a71ee5ecea5918Brian Wellington Red Hat for the FreeIPA project.
6f071989da905bb5ab2c6dfd01a71ee5ecea5918Brian Wellington DynDB drivers fully implement the BIND database
b0d31c78bc24080d4c470a8bd98862375f6e3055Mark Andrews API, and are capable of significantly better
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews performance and functionality than DLZ drivers,
6f071989da905bb5ab2c6dfd01a71ee5ecea5918Brian Wellington while taking advantage of advanced database
8839b6acbf816fedc15b8e9e1c71fd606a9cd8eaBrian Wellington features not available in BIND such as multi-master
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington Thanks to Adam Tkac and Petr Spacek of Red Hat.
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington4223. [func] Add support for setting max-cache-size to percentage
b0d31c78bc24080d4c470a8bd98862375f6e3055Mark Andrews of available physical memory, set default to 90%.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4222. [func] Bias IPv6 servers when selecting the next server to
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews query. [RT #40836]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4221. [bug] Resource leak on DNS_R_NXDOMAIN in fctx_create.
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews4220. [doc] Improve documentation for zone-statistics.
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4219. [bug] Set event->result to ISC_R_WOULDBLOCK on EWOULDBLOCK,
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington EGAIN when these soft error are not retried for
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews isc_socket_send*().
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4218. [bug] Potential null pointer dereference on out of memory
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington if mmap is not supported. [RT #40777]
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington4217. [protocol] Add support for CSYNC. [RT #40532]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4216. [cleanup] Silence static analysis warnings. [RT #40649]
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington4215. [bug] nsupdate: skip to next request on GSSTKEY create
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington failure. [RT #40685]
5c6117688525d0e8d247f50c63364f66bd8d4185Brian Wellington4214. [protocol] Add support for TALINK. [RT #40544]
5c6117688525d0e8d247f50c63364f66bd8d4185Brian Wellington4213. [bug] Don't reuse a cache across multiple classes.
5c6117688525d0e8d247f50c63364f66bd8d4185Brian Wellington4212. [func] Re-query if we get a bad client cookie returned over
5c6117688525d0e8d247f50c63364f66bd8d4185Brian Wellington UDP. [RT #40748]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4211. [bug] Ensure that lwresd gets at least one task to work
5c6117688525d0e8d247f50c63364f66bd8d4185Brian Wellington with if enabled. [RT #40652]
5c6117688525d0e8d247f50c63364f66bd8d4185Brian Wellington4210. [cleanup] Silence use after free false positive. [RT #40743]
6f071989da905bb5ab2c6dfd01a71ee5ecea5918Brian Wellington4209. [bug] Address resource leaks in dlz modules. [RT #40654]
6f071989da905bb5ab2c6dfd01a71ee5ecea5918Brian Wellington4208. [bug] Address null pointer dereferences on out of memory.
6f071989da905bb5ab2c6dfd01a71ee5ecea5918Brian Wellington4207. [bug] Handle class mismatches with raw zone files.
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson4206. [bug] contrib: fixed a possible NULL dereference in
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington DLZ wildcard module. [RT #40745]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4205. [bug] 'named-checkconf -p' could include unwanted spaces
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson when printing tuples with unset optional fields.
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4204. [bug] 'dig +trace' failed to lookup the correct type if
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington the initial root NS query was retried. [RT #40296]
5c6117688525d0e8d247f50c63364f66bd8d4185Brian Wellington4203. [test] The rrchecker system test now tests conversion
18b7133679efa8f60fd4e396c628576f3f416b3eBrian Wellington to and from unknown-type format. [RT #40584]
5c6117688525d0e8d247f50c63364f66bd8d4185Brian Wellington4202. [bug] isccc_cc_fromwire() could return an incorrect
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews result. [RT #40614]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4201. [func] The default preferred-glue is now the address record
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews type of the transport the query was received
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews over. [RT #40468]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4200. [cleanup] win32: update BINDinstall to be BIND release
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews independent. [RT #38915]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4199. [protocol] Add support for NINFO, RKEY, SINK, TA.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews [RT #40545] [RT #40547] [RT #40561] [RT #40563]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4198. [placeholder]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4197. [bug] 'named-checkconf -z' didn't handle 'in-view' clauses.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4196. [doc] Improve how "enum + other" types are documented.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4195. [bug] 'max-zone-ttl unlimited;' was broken. [RT #40608]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4194. [bug] named-checkconf -p failed to properly print a port
6f071989da905bb5ab2c6dfd01a71ee5ecea5918Brian Wellington range. [RT #40634]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4193. [bug] Handle broken servers that return BADVERS incorrectly.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4192. [bug] The default rrset-order of random was not always being
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews applied. [RT #40456]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4191. [protocol] Accept DNS-SD non LDH PTR records in reverse zones
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews as per RFC 6763. [RT #37889]
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington4190. [protocol] Accept Active Directory gc._msdcs.<forest> name as
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews valid with check-names. <forest> still needs to be
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews LDH. [RT #40399]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4189. [cleanup] Don't exit on overly long tokens in named.conf.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4188. [bug] Support HTTP/1.0 client properly on the statistics
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington channel. [RT #40261]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4187. [func] When any RR type implementation doesn't
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington implement totext() for the RDATA's wire
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews representation and returns ISC_R_NOTIMPLEMENTED,
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews such RDATA is now printed in unknown
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews presentation format (RFC 3597). RR types affected
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews include LOC(29) and APL(42). [RT #40317].
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4186. [bug] Fixed an RPZ bug where a QNAME would be matched
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews against a policy RR with wildcard owner name
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews (trigger) where the QNAME was the wildcard owner
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews name's parent. For example, the bug caused a query
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews with QNAME "example.com" to match a policy RR with
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews "*.example.com" as trigger. [RT #40357]
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington4185. [bug] Fixed an RPZ bug where a policy RR with wildcard
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington owner name (trigger) would prevent another policy RR
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews with its parent owner name from being
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews loaded. For example, the bug caused a policy RR
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews with trigger "example.com" to not have any
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews effect when a previous policy RR with trigger
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews "*.example.com" existed in that RPZ zone.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4184. [bug] Fixed a possible memory leak in name compression
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews when rendering long messages. (Also, improved
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews wire_test for testing such messages.) [RT #40375]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4183. [cleanup] Use timing-safe memory comparisons in cryptographic
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews code. Also, the timing-safe comparison functions have
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews been renamed to avoid possible confusion with
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews memcmp(). Thanks to Loganaden Velvindron of
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews AFRINIC. [RT #40148]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4182. [cleanup] Use mnemonics for RR class and type comparisons.
93c786e0924aeca2c258e32355349e6ae60a0f72Andreas Gustafsson4181. [bug] Queued notify messages could be dequeued from the
93c786e0924aeca2c258e32355349e6ae60a0f72Andreas Gustafsson wrong rate limiter queue. [RT #40350]
93c786e0924aeca2c258e32355349e6ae60a0f72Andreas Gustafsson4180. [bug] Error responses in pipelined queries could
93c786e0924aeca2c258e32355349e6ae60a0f72Andreas Gustafsson cause a crash in client.c. [RT #40289]
93c786e0924aeca2c258e32355349e6ae60a0f72Andreas Gustafsson4179. [bug] Fix double frees in getaddrinfo() in libirs.
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4178. [bug] Fix assertion failure in parsing UNSPEC(103) RR from
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley text. [RT #40274]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4177. [bug] Fix assertion failure in parsing NSAP records from
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews text. [RT #40285]
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington4176. [bug] Address race issues with lwresd. [RT #40284]
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington4175. [bug] TKEY with GSS-API keys needed bigger buffers.
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington4174. [bug] "dnssec-coverage -r" didn't handle time unit
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington suffixes correctly. [RT #38444]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4173. [bug] dig +sigchase was not properly matching the trusted
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley key. [RT #40188]
feb40fc5f911d0b2050fb9fd34950a52930b981dBrian Wellington4172. [bug] Named / named-checkconf didn't handle a view of CLASS0.
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4171. [bug] Fixed incorrect class checks in TSIG RR
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence implementation. [RT #40287]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4170. [security] An incorrect boundary check in the OPENPGPKEY
5c29047792191d6141f69b2684314d0b762fedebBrian Wellington rdatatype could trigger an assertion failure.
5c29047792191d6141f69b2684314d0b762fedebBrian Wellington (CVE-2015-5986) [RT #40286]
feb40fc5f911d0b2050fb9fd34950a52930b981dBrian Wellington4169. [test] Added a 'wire_test -d' option to read input as
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley raw binary data, for use as a fuzzing harness.
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4168. [security] A buffer accounting error could trigger an
63bf060be4ff2a7ade02fd86abb98694a5afc250Brian Wellington assertion failure when parsing certain malformed
63bf060be4ff2a7ade02fd86abb98694a5afc250Brian Wellington DNSSEC keys. (CVE-2015-5722) [RT #40212]
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington4167. [func] Update rndc's usage output to include recently added
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington commands. Thanks to Tony Finch for submitting a
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington patch. [RT #40010]
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington4166. [func] Print informative output from rndc showzone when
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington allow-new-zones is not enabled for a view. Thanks to
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington Tony Finch for submitting a patch. [RT #40009]
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington4165. [security] A failure to reset a value to NULL in tkey.c could
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley result in an assertion failure. (CVE-2015-5477)
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4164. [bug] Don't rename slave files and journals on out of memory.
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4163. [bug] Address compiler warnings. [RT #40024]
feb40fc5f911d0b2050fb9fd34950a52930b981dBrian Wellington4162. [bug] httpdmgr->flags was not being initialized. [RT #40017]
c50936eb40263b65ebf6afe4e6556e2dc67c10e4Brian Wellington4161. [test] Add JSON test for traffic size stats; also test
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington for consistency between "rndc stats" and the XML
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley and JSON statistics channel contents. [RT #38700]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4160. [placeholder]
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews4159. [cleanup] Alphabetize dig's help output. [RT #39966]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4158. [placeholder]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4157. [placeholder]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4156. [func] Added statistics counters to track the sizes
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington of incoming queries and outgoing responses in
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington histogram buckets, as specified in RSSAC002.
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4155. [func] Allow RPZ rewrite logging to be configured on a
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington per-zone basis using a newly introduced log clause in
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley the response-policy option. [RT #39754]
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington4154. [bug] A OPT record should be included with the FORMERR
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley response when there is a malformed EDNS option.
78951552dccf0d0004d61072bbc71fa4b1aab30fAndreas Gustafsson4153. [bug] Dig should zero non significant +subnet bits. Check
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews that non significant ECS bits are zero on receipt.
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews4152. [func] Implement DNS COOKIE option. This replaces the
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews experimental SIT option of BIND 9.10. The following
78951552dccf0d0004d61072bbc71fa4b1aab30fAndreas Gustafsson named.conf directives are available: send-cookie,
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews cookie-secret, cookie-algorithm, nocookie-udp-size
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews and require-server-cookie. The following dig options
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews are available: +[no]cookie[=value] and +[no]badcookie.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4151. [bug] 'rndc flush' could cause a deadlock. [RT #39835]
a9ba7e65644c50e1549b38150ba8d4787e1fe643Brian Wellington4150. [bug] win32: listen-on-v6 { any; }; was not working. Apply
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley minimal fix. [RT #39667]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4149. [bug] Fixed a race condition in the getaddrinfo()
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews implementation in libirs, which caused the delv
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley utility to crash with an assertion failure when using
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley the '@server' syntax with a hostname argument.
77c67dfb2607618f5e7940486daebafd42a502abBrian Wellington4148. [bug] Fix a bug when printing zone names with '/' character
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington in XML and JSON statistics output. [RT #39873]
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington4147. [bug] Filter-aaaa / filter-aaaa-on-v4 / filter-aaaa-on-v6
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley was returning referrals rather than nodata responses
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley when the AAAA records were filtered. [RT #39843]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4146. [bug] Address reference leak that could prevent a clean
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews shutdown. [RT #37125]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4145. [bug] Not all unassociated adb entries where being printed.
3676eeb6ca95c66aae1256f37af8c990d9f25eb4Brian Wellington4144. [func] Add statistics counters for nxdomain redirections.
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4143. [placeholder]
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington4142. [bug] rndc addzone with view specified saved NZF config
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington that could not be read back by named. This has now
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley been fixed. [RT #39845]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4141. [bug] A formatting bug caused rndc zonestatus to print
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington negative numbers for large serial values. This has
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington now been fixed. [RT #39854]
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington4140. [cleanup] Remove redundant nzf_remove() call during delzone.
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington4139. [doc] Fix rpz-client-ip documentation. [RT #39783]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4138. [security] An uninitialized value in validator.c could result
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley in an assertion failure. (CVE-2015-4620) [RT #39795]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4137. [bug] Make rndc reconfig report configuration errors the
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington same way rndc reload does. [RT #39635]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4136. [bug] Stale statistics counters with the leading
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley '#' prefix (such as #NXDOMAIN) were not being
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley updated correctly. This has been fixed. [RT #39141]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4135. [cleanup] Log expired NTA at startup. [RT #39680]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4134. [cleanup] Include client-ip rules when logging the number
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley of RPZ rules of each type. [RT #39670]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4133. [port] Update how various json libraries are handled.
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4132. [cleanup] dig: added +rd as a synonym for +recurse,
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews added +class as an unabbreviated alternative
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews to +cl. [RT #39686]
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington4131. [bug] Addressed further problems with reloading RPZ
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington zones. [RT #39649]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4130. [bug] The compatibility shim for *printf() misprinted some
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley large numbers. [RT #39586]
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington4129. [port] Address API changes in OpenSSL 1.1.0. [RT #39532]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4128. [bug] Address issues raised by Coverity 7.6. [RT #39537]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4127. [protocol] CDS and CDNSKEY need to be signed by the key signing
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley key as per RFC 7344, Section 4.1. [RT #37215]
77c67dfb2607618f5e7940486daebafd42a502abBrian Wellington4126. [bug] Addressed a regression introduced in change #4121.
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4125. [test] Added tests for dig, renamed delv test to digdelv.
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4124. [func] Log errors or warnings encountered when parsing the
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley internal default configuration. Clarify the logging
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley of errors and warnings encountered in rndc
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews addzone or modzone parameters. [RT #39440]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4123. [port] Added %z (size_t) format options to the portable
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews internal printf/sprintf implementation. [RT #39586]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4122. [bug] The server could match a shorter prefix than what was
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews available in CLIENT-IP policy triggers, and so, an
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews unexpected action could be taken. This has been
25496cebadd170fd5fae2aabf0469eef551259aaBrian Wellington corrected. [RT #39481]
25496cebadd170fd5fae2aabf0469eef551259aaBrian Wellington4121. [bug] On servers with one or more policy zones
25496cebadd170fd5fae2aabf0469eef551259aaBrian Wellington configured as slaves, if a policy zone updated
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews during regular operation (rather than at
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews startup) using a full zone reload, such as via
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews AXFR, a bug could allow the RPZ summary data to
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews fall out of sync, potentially leading to an
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews assertion failure in rpz.c when further
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews incremental updates were made to the zone, such
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews as via IXFR. [RT #39567]
25496cebadd170fd5fae2aabf0469eef551259aaBrian Wellington4120. [bug] A bug in RPZ could cause the server to crash if
25496cebadd170fd5fae2aabf0469eef551259aaBrian Wellington policy zones were updated while recursion was
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews pending for RPZ processing of an active query.
25496cebadd170fd5fae2aabf0469eef551259aaBrian Wellington4119. [test] Allow dig to set the message opcode. [RT #39550]
25496cebadd170fd5fae2aabf0469eef551259aaBrian Wellington4118. [bug] Teach isc-config.sh about irs. [RT #39213]
25496cebadd170fd5fae2aabf0469eef551259aaBrian Wellington4117. [protocol] Add EMPTY.AS112.ARPA as per RFC 7534.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4116. [bug] Fix a bug in RPZ that could cause some policy
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews zones that did not specifically require
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews recursion to be treated as if they did;
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews consequently, setting qname-wait-recurse no; was
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews sometimes ineffective. [RT #39229]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4115. [func] "rndc -r" now prints the result code (e.g.,
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews ISC_R_SUCCESS, ISC_R_TIMEOUT, etc) after
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews running the requested command. [RT #38913]
25496cebadd170fd5fae2aabf0469eef551259aaBrian Wellington4114. [bug] Fix a regression in radix tree implementation
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews introduced by ECS code. This bug was never
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews released, but it was reported by a user testing
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews master. [RT #38983]
25496cebadd170fd5fae2aabf0469eef551259aaBrian Wellington4113. [test] Check for Net::DNS is some system test
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews prerequisites. [RT #39369]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4112. [bug] Named failed to load when "root-delegation-only"
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews was used without a list of domains to exclude.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4111. [doc] Alphabetize rndc man page. [RT #39360]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4110. [bug] Address memory leaks / null pointer dereferences
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews on out of memory. [RT #39310]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4109. [port] linux: support reading the local port range from
25496cebadd170fd5fae2aabf0469eef551259aaBrian Wellington4108. [func] An additional NXDOMAIN redirect method (option
25496cebadd170fd5fae2aabf0469eef551259aaBrian Wellington "nxdomain-redirect") has been added, allowing
3ce4b8b03ebd017c1d1b320429219ba91e705ea4Andreas Gustafsson redirection to a specified DNS namespace instead
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews of a single redirect zone. [RT #37989]
3ce4b8b03ebd017c1d1b320429219ba91e705ea4Andreas Gustafsson4107. [bug] Address potential deadlock when updating zone content.
3ce4b8b03ebd017c1d1b320429219ba91e705ea4Andreas Gustafsson4106. [port] Improve readline support. [RT #38938]
3ce4b8b03ebd017c1d1b320429219ba91e705ea4Andreas Gustafsson4105. [port] Misc fixes for Microsoft Visual Studio
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington 2015 CTP6 in 64 bit mode. [RT #39308]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4104. [bug] Address uninitialized elements. [RT #39252]
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews4103. [port] Misc fixes for Microsoft Visual Studio
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley 2015 CTP6. [RT #39267]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4102. [bug] Fix a use after free bug introduced in change
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley #4094. [RT #39281]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4101. [bug] dig: the +split and +rrcomments options didn't
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley work with +short. [RT #39291]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence4100. [bug] Inherited owernames on the line immediately following
78951552dccf0d0004d61072bbc71fa4b1aab30fAndreas Gustafsson a $INCLUDE were not working. [RT #39268]
93c786e0924aeca2c258e32355349e6ae60a0f72Andreas Gustafsson4099. [port] clang: make unknown commandline options hard errors
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson when determining what options are supported.
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4098. [bug] Address use-after-free issue when using a
93c786e0924aeca2c258e32355349e6ae60a0f72Andreas Gustafsson predecessor key with dnssec-settime. [RT #39272]
93c786e0924aeca2c258e32355349e6ae60a0f72Andreas Gustafsson4097. [func] Add additional logging about xfrin transfer status.
368b37b616234fce3d23099eb180f1dd38e1fb62Mark Andrews4096. [bug] Fix a use after free of query->sendevent.
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington4095. [bug] zone->options2 was not being properly initialized.
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington4094. [bug] A race during shutdown or reconfiguration could
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington cause an assertion in mem.c. [RT #38979]
1f1d36a87b65186d9f89aac7f456ab1fd2a39ef6Andreas Gustafsson4093. [func] Dig now learns the SIT value from truncated
1f1d36a87b65186d9f89aac7f456ab1fd2a39ef6Andreas Gustafsson responses when it retries over TCP. [RT #39047]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4092. [bug] 'in-view' didn't work for zones beneath a empty zone.
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4091. [cleanup] Some cleanups in isc mem code. [RT #38896]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence4090. [bug] Fix a crash while parsing malformed CAA RRs in
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley presentation format, i.e., from text such as
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington from master files. Thanks to John Van de
93c786e0924aeca2c258e32355349e6ae60a0f72Andreas Gustafsson Meulebrouck Brendgard for discovering and
93c786e0924aeca2c258e32355349e6ae60a0f72Andreas Gustafsson reporting this problem. [RT #39003]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley4089. [bug] Send notifies immediately for slave zones during
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley startup. [RT #38843]
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington4088. [port] Fixed errors when building with libressl. [RT #38899]
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington4087. [bug] Fix a crash due to use-after-free due to sequencing
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington of tasks actions. [RT #38495]
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington4086. [bug] Fix out-of-srcdir build with native pkcs11. [RT #38831]
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington4085. [bug] ISC_PLATFORM_HAVEXADDQ could be inconsistently set.
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington4084. [bug] Fix a possible race in updating stats counters.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4083. [cleanup] Print the number of CPUs and UDP listeners
ba393f380e4cd93029f6a7291d6c2d14f9022b3cBrian Wellington consistently in the log and in "rndc status"
ba393f380e4cd93029f6a7291d6c2d14f9022b3cBrian Wellington output; indicate whether threads are supported
ba393f380e4cd93029f6a7291d6c2d14f9022b3cBrian Wellington in "named -V" output. [RT #38811]
e49c834de8cdf92d4b85ef0fbf1d9dc59620a342Brian Wellington4082. [bug] Incrementally sign large inline zone deltas.
e49c834de8cdf92d4b85ef0fbf1d9dc59620a342Brian Wellington4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759]
e49c834de8cdf92d4b85ef0fbf1d9dc59620a342Brian Wellington4080. [func] Completed change #4022, adding a "lock-file" option
e49c834de8cdf92d4b85ef0fbf1d9dc59620a342Brian Wellington to named.conf to override the default lock file,
e49c834de8cdf92d4b85ef0fbf1d9dc59620a342Brian Wellington in addition to the "named -X <filename>" command
e49c834de8cdf92d4b85ef0fbf1d9dc59620a342Brian Wellington line option. Setting the lock file to "none"
ba393f380e4cd93029f6a7291d6c2d14f9022b3cBrian Wellington using either method disables the check completely.
feb40fc5f911d0b2050fb9fd34950a52930b981dBrian Wellington4079. [func] Preserve the case of the owner name of records to
feb40fc5f911d0b2050fb9fd34950a52930b981dBrian Wellington the RRset level. [RT #37442]
ba393f380e4cd93029f6a7291d6c2d14f9022b3cBrian Wellington4078. [bug] Handle the case where CMSG_SPACE(sizeof(int)) !=
feb40fc5f911d0b2050fb9fd34950a52930b981dBrian Wellington CMSG_SPACE(sizeof(char)). [RT #38621]
d6643ef587324e40d8bda63e9f80be8141e101edBrian Wellington4077. [test] Add static-stub regression test for DS NXDOMAIN
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson return making the static stub disappear. [RT #38564]
75f6c57d9544aa77a3b1a04587b4702c07343c90Brian Wellington4076. [bug] Named could crash on shutdown with outstanding
75f6c57d9544aa77a3b1a04587b4702c07343c90Brian Wellington reload / reconfig events. [RT #38622]
75f6c57d9544aa77a3b1a04587b4702c07343c90Brian Wellington4075. [placeholder]
75f6c57d9544aa77a3b1a04587b4702c07343c90Brian Wellington4074. [cleanup] Cleaned up more warnings from gcc -Wshadow. [RT #38708]
75f6c57d9544aa77a3b1a04587b4702c07343c90Brian Wellington4073. [cleanup] Add libjson-c version number reporting to
75f6c57d9544aa77a3b1a04587b4702c07343c90Brian Wellington "named -V"; normalize version number formatting.
75f6c57d9544aa77a3b1a04587b4702c07343c90Brian Wellington4072. [func] Add a --enable-querytrace configure switch for
75f6c57d9544aa77a3b1a04587b4702c07343c90Brian Wellington very verbose query trace logging. (This option
e83cae7fa837e4757c687035d6f6c0900f152749Brian Wellington has a negative performance impact and should be
e83cae7fa837e4757c687035d6f6c0900f152749Brian Wellington used only for debugging.) [RT #37520]
feb40fc5f911d0b2050fb9fd34950a52930b981dBrian Wellington4071. [cleanup] Initialize pthread mutex attrs just once, instead of
feb40fc5f911d0b2050fb9fd34950a52930b981dBrian Wellington doing it per mutex creation. [RT #38547]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington4070. [bug] Fix a segfault in nslookup in a query such as
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington "nslookup isc.org AMS.SNS-PB.ISC.ORG -all".
feb40fc5f911d0b2050fb9fd34950a52930b981dBrian Wellington4069. [doc] Reorganize options in the nsupdate man page.
538fea1c91c68c0a5569c7b8552c8fd0490055efBrian Wellington4068. [bug] Omit unknown serial number from JSON zone statistics.
5c6117688525d0e8d247f50c63364f66bd8d4185Brian Wellington4067. [cleanup] Reduce noise from RRL when query logging is
538fea1c91c68c0a5569c7b8552c8fd0490055efBrian Wellington disabled. [RT #38648]
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson4066. [doc] Reorganize options in the dig man page. [RT #38516]
e49c834de8cdf92d4b85ef0fbf1d9dc59620a342Brian Wellington4065. [test] Additional RFC 5011 tests. [RT #38569]
25276bd1ecb372b82c9235648e5defab0655dcd5Mark Andrews4064. [contrib] dnssec-keyset.sh: Generates a specified number
93c786e0924aeca2c258e32355349e6ae60a0f72Andreas Gustafsson of DNSSEC keys with timing set to implement a
c70908209ee26c51a8e7242a56fdb73847249728Brian Wellington pre-publication key rollover strategy. Thanks
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson to Jeffry A. Spain. [RT #38459]
c70908209ee26c51a8e7242a56fdb73847249728Brian Wellington4063. [bug] Asynchronous zone loads were not handled
c70908209ee26c51a8e7242a56fdb73847249728Brian Wellington correctly when the zone load was already in
c70908209ee26c51a8e7242a56fdb73847249728Brian Wellington progress; this could trigger a crash in zt.c.
e1f16346db02486f751c6db683fffe53c866c186Andreas Gustafsson4062. [bug] Fix an out-of-bounds read in RPZ code. If the
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley read succeeded, it doesn't result in a bug
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley during operation. If the read failed, named
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews could segfault. [RT #38559]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4061. [bug] Handle timeout in legacy system test. [RT #38573]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4060. [bug] dns_rdata_freestruct could be called on a
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews uninitialized structure when handling a error.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4059. [bug] Addressed valgrind warnings. [RT #38549]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4058. [bug] UDP dispatches could use the wrong pseudorandom
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews number generator context. [RT #38578]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4057. [bug] 'dnssec-dsfromkey -T 0' failed to add ttl field.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4056. [bug] Expanded automatic testing of trust anchor
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews management and fixed several small bugs including
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews a memory leak and a possible loss of key state
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews information. [RT #38458]
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews4055. [func] "rndc managed-keys" can be used to check status
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews of trust anchors or to force keys to be refreshed,
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews Also, the managed keys data file has easier-to-read
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews comments. [RT #38458]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4054. [func] Added a new tool 'mdig', a lightweight clone of
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews dig able to send multiple pipelined queries.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4053. [security] Revoking a managed trust anchor and supplying
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews an untrusted replacement could cause named
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews to crash with an assertion failure.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews (CVE-2015-1349) [RT #38344]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4052. [bug] Fix a leak of query fetchlock. [RT #38454]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4051. [bug] Fix a leak of pthread_mutexattr_t. [RT #38454]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4050. [bug] RPZ could send spurious SERVFAILs in response
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews to duplicate queries. [RT #38510]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4049. [bug] CDS and CDNSKEY had the wrong attributes. [RT #38491]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4048. [bug] adb hash table was not being grown. [RT #38470]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4047. [cleanup] "named -V" now reports the current running versions
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews of OpenSSL and the libxml2 libraries, in addition to
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews the versions that were in use at build time.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4046. [bug] Accounting of "total use" in memory context
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews statistics was not correct. [RT #38370]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4045. [bug] Skip to next master on dns_request_createvia4 failure.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4044. [bug] Change 3955 was not complete, resulting in an assertion
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews failure if the timing was just right. [RT #38352]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4043. [func] "rndc modzone" can be used to modify the
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews configuration of an existing zone, using similar
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews syntax to "rndc addzone". [RT #37895]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4042. [bug] zone.c:iszonesecure was being called too late.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4041. [func] TCP sockets can now be shared while connecting.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews (This will be used to enable client-side support
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews of pipelined queries.) [RT #38231]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4040. [func] Added server-side support for pipelined TCP
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews queries. Clients may continue sending queries via
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews TCP while previous queries are being processed
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews in parallel. (The new "keep-response-order"
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews option allows clients to be specified for which
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews the old behavior will still be used.) [RT #37821]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4039. [cleanup] Cleaned up warnings from gcc -Wshadow. [RT #37381]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4038. [bug] Add 'rpz' flag to node and use it to determine whether
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews to call dns_rpz_delete. This should prevent unbalanced
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews add / delete calls. [RT #36888]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4037. [bug] also-notify was ignoring the tsig key when checking
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews for duplicates resulting in some expected notify
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews messages not being sent. [RT #38369]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4036. [bug] Make call to open a temporary file name safe during
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews NZF creation. [RT #38331]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4035. [bug] Close temporary and NZF FILE pointers before moving
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews the former into the latter's place, as required on
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews Windows. [RT #38332]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4034. [func] When added, negative trust anchors (NTA) are now
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews saved to files (viewname.nta), in order to
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews persist across restarts of the named server.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4033. [bug] Missing out of memory check in request.c:req_send.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4032. [bug] Built-in "empty" zones did not correctly inherit the
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews "allow-transfer" ACL from the options or view.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4031. [bug] named-checkconf -z failed to report a missing file
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews with a hint zone. [RT #38294]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4030. [func] "rndc delzone" is now applicable to zones that were
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews configured in named.conf, as well as zones that
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews were added via "rndc addzone". (Note, however, that
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews if named.conf is not also modified, the deleted zone
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews will return when named is reloaded.) [RT #37887]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4029. [func] "rndc showzone" displays the current configuration
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews of a specified zone. [RT #37887]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4028. [bug] $GENERATE with a zero step was not being caught as a
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews error. A $GENERATE with a / but no step was not being
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews caught as a error. [RT #38262]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4027. [port] Net::DNS 0.81 compatibility. [RT #38165]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4026. [bug] Fix RFC 3658 reference in dig +sigchase. [RT #38173]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4025. [port] bsdi: failed to build. [RT #38047]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4024. [bug] dns_rdata_opt_first, dns_rdata_opt_next,
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews dns_rdata_opt_current, dns_rdata_txt_first,
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews dns_rdata_txt_next and dns_rdata_txt_current were
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews documented but not implemented. These have now been
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews implemented.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews dns_rdata_spf_first, dns_rdata_spf_next and
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews dns_rdata_spf_current were documented but not
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews implemented. The prototypes for these
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews functions have been removed. [RT #38068]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4023. [bug] win32: socket handling with explicit ports and
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews invoking named with -4 was broken for some
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews configurations. [RT #38068]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4022. [func] Stop multiple spawns of named by limiting number of
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews processes to 1. This is done by using a lockfile and
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews checking whether we can listen on any configured
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews TCP interfaces. [RT #37908]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4021. [bug] Adjust max-recursion-queries to accommodate
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews the need for more queries when the cache is
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews empty. [RT #38104]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4020. [bug] Change 3736 broke nsupdate's SOA MNAME discovery
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews resulting in updates being sent to the wrong server.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4019. [func] If named is not configured to validate the answer
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews then allow fallback to plain DNS on timeout even
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews when we know the server supports EDNS. [RT #37978]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4018. [placeholder]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4017. [test] Add system test to check lookups to legacy servers
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews with broken DNS behavior. [RT #37965]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4016. [bug] Fix a dig segfault due to bad linked list usage.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4015. [bug] Nameservers that are skipped due to them being
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews CNAMEs were not being logged. They are now logged
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews to category 'cname' as per BIND 8. [RT #37935]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4014. [bug] When including a master file origin_changed was
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews not being properly set leading to a potentially
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews spurious 'inherited owner' warning. [RT #37919]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4013. [func] Add a new tcp-only option to server (config) /
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews peer (struct) to use TCP transport to send
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews queries (in place of UDP transport with a
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews TCP fallback on truncated (TC set) response).
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4012. [cleanup] Check returned status of OpenSSL digest and HMAC
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews functions when they return one. Note this applies
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews only to FIPS capable OpenSSL libraries put in
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews FIPS mode and MD5. [RT #37944]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4011. [bug] master's list port and dscp inheritance was not
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews properly implemented. [RT #37792]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4010. [cleanup] Clear the prefetchable state when initiating a
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews prefetch. [RT #37399]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4009. [func] delv: added a +tcp option. [RT #37855]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4008. [contrib] Updated zkt to latest version (1.1.3). [RT #37886]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4007. [doc] Remove acl forward reference restriction. [RT #37772]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4006. [security] A flaw in delegation handling could be exploited
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews to put named into an infinite loop. This has
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews been addressed by placing limits on the number
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews of levels of recursion named will allow (default 7),
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews and the number of iterative queries that it will
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews send (default 50) before terminating a recursive
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews query (CVE-2014-8500).
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews The recursion depth limit is configured via the
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews "max-recursion-depth" option, and the query limit
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews via the "max-recursion-queries" option. [RT #37580]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4005. [func] The buffer used for returning text from rndc
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews commands is now dynamically resizable, allowing
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews arbitrarily large amounts of text to be sent back
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews to the client. (Prior to this change, it was
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews possible for the output of "rndc tsig-list" to be
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews truncated.) [RT #37731]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4004. [bug] When delegations had AAAA glue but not A, a
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews reference could be leaked causing an assertion
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews failure on shutdown. [RT #37796]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4003. [security] When geoip-directory was reconfigured during
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews named run-time, the previously loaded GeoIP
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews data could remain, potentially causing wrong
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews ACLs to be used or wrong results to be served
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews based on geolocation (CVE-2014-8680). [RT #37720]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4002. [security] Lookups in GeoIP databases that were not
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews loaded could cause an assertion failure
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews (CVE-2014-8680). [RT #37679]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4001. [security] The caching of GeoIP lookups did not always
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews handle address families correctly, potentially
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews resulting in an assertion failure (CVE-2014-8680).
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews4000. [bug] NXDOMAIN redirection incorrectly handled NXRRSET
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews from the redirect zone. [RT #37722]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3999. [func] "mkeys" and "nzf" files are now named after
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews their corresponding views, unless the view name
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews contains characters that would be incompatible
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews with use in a filename (i.e., slash, backslash,
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews or capital letters). If a view name does contain
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews these characters, the files will still be named
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews using a cryptographic hash of the view name.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews Regardless of this, if a file using the old name
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews format is found to exist, it will continue to be
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews used. [RT #37704]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3998. [bug] isc_radix_search was returning matches that were
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews too precise. [RT #37680]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3997. [protocol] Add OPENGPGKEY record. [RT# 37671]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3996. [bug] Address use after free on out of memory error in
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews keyring_add. [RT #37639]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3995. [bug] receive_secure_serial holds the zone lock for too
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews long. [RT #37626]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3994. [func] Dig now supports setting the last unassigned DNS
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews header flag bit (dig +zflag). [RT #37421]
e83cae7fa837e4757c687035d6f6c0900f152749Brian Wellington3993. [func] Dig now supports EDNS negotiation by default.
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington (dig +[no]ednsnegotiation).
e83cae7fa837e4757c687035d6f6c0900f152749Brian Wellington Note: This is disabled by default in BIND 9.10
e83cae7fa837e4757c687035d6f6c0900f152749Brian Wellington and enabled by default in BIND 9.11. [RT #37604]
e83cae7fa837e4757c687035d6f6c0900f152749Brian Wellington3992. [func] DiG can now send queries without questions
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews (dig +header-only). [RT #37599]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3991. [func] Add the ability to buffer logging output by specifying
e83cae7fa837e4757c687035d6f6c0900f152749Brian Wellington "buffered yes;" when defining a channel. [RT #26561]
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington3990. [testing] Add tests for unknown DNSSEC algorithm handling.
e83cae7fa837e4757c687035d6f6c0900f152749Brian Wellington3989. [cleanup] Remove redundant dns_db_resigned calls. [RT #35748]
e83cae7fa837e4757c687035d6f6c0900f152749Brian Wellington3988. [func] Allow the zone serial of a dynamically updatable
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington zone to be updated via "rndc signing -serial".
e83cae7fa837e4757c687035d6f6c0900f152749Brian Wellington3987. [port] Handle future Visual Studio 14 incompatible changes.
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington3986. [doc] Add the BIND version number to page footers
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington in the ARM. [RT #37398]
f15af68028adc665d3bdddf955fc52bad83f0514Brian Wellington3985. [doc] Describe how +ndots and +search interact in dig.
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington3984. [func] Accept 256 byte long PINs in native PKCS#11
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington crypto. [RT #37410]
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington3983. [bug] Change #3940 was incomplete: negative trust anchors
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews could be set to last up to a week, but the
e83cae7fa837e4757c687035d6f6c0900f152749Brian Wellington "nta-lifetime" and "nta-recheck" options were
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington still limited to one day. [RT #37522]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3982. [doc] Include release notes in product documentation.
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews3981. [bug] Cache DS/NXDOMAIN independently of other query types.
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington3980. [bug] Improve --with-tuning=large by self tuning of SO_RCVBUF
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington size. [RT #37187]
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington3979. [bug] Negative trust anchor fetches were not properly
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews managed. [RT #37488]
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington3978. [test] Added a unit test for Diffie-Hellman key
e83cae7fa837e4757c687035d6f6c0900f152749Brian Wellington computation, completing change #3974. [RT #37477]
5c6117688525d0e8d247f50c63364f66bd8d4185Brian Wellington3977. [cleanup] "rndc secroots" reported a "not found" error when
5c6117688525d0e8d247f50c63364f66bd8d4185Brian Wellington there were no negative trust anchors set. [RT #37506]
d6be55c63f83194d97a565d0fd7b632b31b52a68Brian Wellington3976. [bug] When refreshing managed-key trust anchors, clear
d6be55c63f83194d97a565d0fd7b632b31b52a68Brian Wellington any cached trust so that they will always be
d6be55c63f83194d97a565d0fd7b632b31b52a68Brian Wellington revalidated with the current set of secure
d6be55c63f83194d97a565d0fd7b632b31b52a68Brian Wellington roots. [RT #37506]
d6be55c63f83194d97a565d0fd7b632b31b52a68Brian Wellington3975. [bug] Don't populate or use the bad cache for queries that
d6be55c63f83194d97a565d0fd7b632b31b52a68Brian Wellington don't request or use recursion. [RT #37466]
d6be55c63f83194d97a565d0fd7b632b31b52a68Brian Wellington3974. [bug] Handle DH_compute_key() failure correctly in
32b2cdf212de957e3f9b0efca59f098ed4fb42deBrian Wellington3973. [test] Added hooks for Google Performance Tools CPU profiler,
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews including real-time/wall-clock profiling. Use
32b2cdf212de957e3f9b0efca59f098ed4fb42deBrian Wellington "configure --with-gperftools-profiler" to enable.
32b2cdf212de957e3f9b0efca59f098ed4fb42deBrian Wellington3972. [bug] Fix host's usage statement. [RT #37397]
c70908209ee26c51a8e7242a56fdb73847249728Brian Wellington3971. [bug] Reduce the cascading failures due to a bad $TTL line
c70908209ee26c51a8e7242a56fdb73847249728Brian Wellington in named-checkconf / named-checkzone. [RT #37138]
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews3970. [contrib] Fixed a use after free bug in the SDB LDAP driver.
32b2cdf212de957e3f9b0efca59f098ed4fb42deBrian Wellington3969. [test] Added 'delv' system test. [RT #36901]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3968. [bug] Silence spurious log messages when using 'named -[46]'.
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews3967. [test] Add test for inlined signed zone in multiple views
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington with different DNSKEY sets. [RT #35759]
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington3966. [bug] Missing dns_db_closeversion call in receive_secure_db.
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington3965. [func] Log outgoing packets and improve packet logging to
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington support logging the remote address. [RT #36624]
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington3964. [func] nsupdate now performs check-names processing.
5c6117688525d0e8d247f50c63364f66bd8d4185Brian Wellington3963. [test] Added NXRRSET test cases to the "dlzexternal"
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews system test. [RT #37344]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3962. [bug] 'dig +topdown +trace +sigchase' address unhandled error
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews conditions. [RT #34663]
5c6117688525d0e8d247f50c63364f66bd8d4185Brian Wellington3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with
5c6117688525d0e8d247f50c63364f66bd8d4185Brian Wellington BADSIG. [RT #37216]
5c6117688525d0e8d247f50c63364f66bd8d4185Brian Wellington3960. [bug] 'dig +sigchase' could loop forever. [RT #37220]
5c6117688525d0e8d247f50c63364f66bd8d4185Brian Wellington3959. [bug] Updates could be lost if they arrived immediately
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews after a rndc thaw. [RT #37233]
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson3958. [bug] Detect when writeable files have multiple references
e83cae7fa837e4757c687035d6f6c0900f152749Brian Wellington3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256
e83cae7fa837e4757c687035d6f6c0900f152749Brian Wellington and ECDSAP384SHA384. [RT #37183]
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington3956. [func] Notify messages are now rate limited by notify-rate and
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington startup-notify-rate instead of serial-query-rate.
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington3955. [bug] Notify messages due to changes are no longer queued
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington behind startup notify messages. [RT #24454]
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington3954. [bug] Unchecked mutex init in dlz_dlopen_driver.c [RT #37112]
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159]
e27021ee1f37185ab839a7a3b6bc078c24255e62Brian Wellington3952. [bug] dns_name_fullcompare failed to set *nlabelsp when the
e27021ee1f37185ab839a7a3b6bc078c24255e62Brian Wellington two name pointers were the same. [RT #37176]
e27021ee1f37185ab839a7a3b6bc078c24255e62Brian Wellington3951. [func] Add the ability to set yet-to-be-defined EDNS flags
e27021ee1f37185ab839a7a3b6bc078c24255e62Brian Wellington to dig (+ednsflags=#). [RT #37142]
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington3950. [port] Changed the bin/python Makefile to work around a
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington bmake bug in FreeBSD 10 and NetBSD 6. [RT #36993]
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington3949. [experimental] Experimental support for draft-andrews-edns1 by sending
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington EDNS(1) queries (define DRAFT_ANDREWS_EDNS1 when
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson building). Add support for limiting the EDNS version
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington advertised to servers: server { edns-version 0; };
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington Log the EDNS version received in the query log.
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington3948. [port] solaris: RCVBUFSIZE was too large on Solaris with
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington --with-tuning=large. [RT #37059]
60e9e7065418e658c069ce91cc6f27c4a55bb4a5Brian Wellington3947. [cleanup] Set the executable bit on libraries when using
6036112f4874637240d461c3ccbcb8dbfb1f405bAndreas Gustafsson libtool. [RT #36786]
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington3946. [cleanup] Improved "configure" search for a python interpreter.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3945. [bug] Invalid wildcard expansions could be incorrectly
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington accepted by the validator. [RT #37093]
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington3944. [test] Added a regression test for "server-id". [RT #37057]
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington3943. [func] SERVFAIL responses can now be cached for a
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington limited time (configured by "servfail-ttl",
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington default 10 seconds, limit 30). This can reduce
6036112f4874637240d461c3ccbcb8dbfb1f405bAndreas Gustafsson the frequency of retries when an authoritative
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson server is known to be failing, e.g., due to
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews ongoing DNSSEC validation problems. [RT #21347]
6036112f4874637240d461c3ccbcb8dbfb1f405bAndreas Gustafsson3942. [bug] Wildcard responses from a optout range should be
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews marked as insecure. [RT #37072]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3941. [doc] Include the BIND version number in the ARM. [RT #37067]
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews3940. [func] "rndc nta" now allows negative trust anchors to be
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews set for up to one week. [RT #37069]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3939. [func] Improve UPDATE forwarding performance by allowing TCP
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews connections to be shared. [RT #37039]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3938. [func] Added quotas to be used in recursive resolvers
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews that are under high query load for names in zones
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews whose authoritative servers are nonresponsive or
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews are experiencing a denial of service attack.
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington - "fetches-per-server" limits the number of
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews simultaneous queries that can be sent to any
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews single authoritative server. The configured
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews value is a starting point; it is automatically
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews adjusted downward if the server is partially or
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews completely non-responsive. The algorithm used to
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews adjust the quota can be configured via the
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews "fetch-quota-params" option.
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews - "fetches-per-zone" limits the number of
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews simultaneous queries that can be sent for names
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews within a single domain. (Note: Unlike
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews "fetches-per-server", this value is not
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington self-tuning.)
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews - New stats counters have been added to count
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews queries spilled due to these quotas.
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington See the ARM for details of these options. [RT #37125]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3937. [func] Added some debug logging to better indicate the
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews conditions causing SERVFAILs when resolving.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3936. [func] Added authoritative support for the EDNS Client
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington Subnet (ECS) option.
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington ACLs can now include "ecs" elements which specify
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews an address or network prefix; if an ECS option is
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews included in a DNS query, then the address encoded
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews in the option will be matched against "ecs" ACL
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews Also, if an ECS address is included in a query,
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews then it will be used instead of the client source
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews address when matching "geoip" ACL elements. This
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews behavior can be overridden with "geoip-use-ecs no;".
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews (Note: to enable "geoip" ACLs, use "configure
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews --with-geoip". This requires libGeoIP version
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews 1.5.0 or higher.)
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews When "ecs" or "geoip" ACL elements are used to
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews select a view for a query, the response will include
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews an ECS option to indicate which client network the
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews answer is valid for.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews (Thanks to Vincent Bernat.) [RT #36781]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3935. [bug] "geoip asnum" ACL elements would not match unless
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews the full organization name was specified. They
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews can now match against the AS number alone (e.g.,
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews AS1234). [RT #36945]
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington3934. [bug] Catch bad 'sit-secret' in named-checkconf. Improve
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews sit-secret documentation. [RT #36980]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3933. [bug] Corrected the implementation of dns_rdata_casecompare()
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews for the HIP rdata type. [RT #36911]
48ed268b3378a8b729a0037bc4ae2ed73647a96aBrian Wellington3932. [test] Improved named-checkconf tests. [RT #36911]
48ed268b3378a8b729a0037bc4ae2ed73647a96aBrian Wellington3931. [cleanup] Cleanup how dlz grammar is defined. [RT #36879]
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington3930. [bug] "rndc nta -r" could cause a server hang if the
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson NTA was not found. [RT #36909]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington3929. [bug] 'host -a' needed to clear idnoptions. [RT #36963]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington3928. [test] Improve rndc system test. [RT #36898]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington3927. [bug] dig: report PKCS#11 error codes correctly when
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington compiled with --enable-native-pkcs11. [RT #36956]
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington3926. [doc] Added doc for geoip-directory. [RT #36877]
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917]
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington3924. [bug] Improve 'rndc addzone' error reporting. [RT #35187]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3923. [bug] Sanity check the xml2-config output. [RT #22246]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley3922. [bug] When resigning, dnssec-signzone was removing
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington all signatures from delegation nodes. It now
e44487bfc23599b6b240e09d83d1c862fecfcc82Michael Graff retains DS and (if applicable) NSEC signatures.
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington3921. [bug] AD was inappropriately set on RPZ responses. [RT #36833]
9cd6710f91bdffef5aed68ab02533e398f6134d7Brian Wellington3920. [doc] Added doc for masterfile-style. [RT #36823]
9cd6710f91bdffef5aed68ab02533e398f6134d7Brian Wellington3919. [bug] dig: continue to next line if a address lookup fails
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson in batch mode. [RT #36755]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley3918. [doc] Update check-spf documentation. [RT #36910]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley3917. [bug] dig, nslookup and host now continue on names that are
60783293cc27f74a84ec93c95c5d46edd30bd8e0Brian Wellington too long after applying a search list elements.
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley3916. [contrib] zone2sqlite checked wrong result code. Address
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington compiler warnings. [RT #36931]
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson3915. [bug] Address a assertion if a route event arrived while
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington shutting down. [RT #36887]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3914. [bug] Allow the URI target and CAA value fields to
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews be zero length. [RT #36737]
6bc1a645619a14707da68b130dafe41721fd2f25Brian Wellington3913. [bug] Address race issue in dispatch. [RT #36731]
6bc1a645619a14707da68b130dafe41721fd2f25Brian Wellington3912. [bug] Address some unrecoverable lookup failures. [RT #36330]
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson3911. [func] Implement EDNS EXPIRE option client side, allowing
6bc1a645619a14707da68b130dafe41721fd2f25Brian Wellington a slave server to set the expiration timer correctly
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews when transferring zone data from another slave
6bc1a645619a14707da68b130dafe41721fd2f25Brian Wellington server. [RT #35925]
60783293cc27f74a84ec93c95c5d46edd30bd8e0Brian Wellington3910. [bug] Fix races to free event during shutdown. [RT #36720]
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington3909. [bug] When computing the number of elements required for a
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington acl count_acl_elements could have a short count leading
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson to a assertion failure. Also zero out new acl elements
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson in dns_acl_merge. [RT #36675]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3908. [bug] rndc now differentiates between a zone in multiple
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson views and a zone that doesn't exist at all. [RT #36691]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3907. [cleanup] Alphabetize rndc help. [RT #36683]
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington3906. [protocol] Update URI record format to comply with
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington draft-faltstrom-uri-08. [RT #36642]
e83cae7fa837e4757c687035d6f6c0900f152749Brian Wellington3905. [bug] Address deadlock between view.c and adb.c. [RT #36341]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley3904. [func] Add the RPZ SOA to the additional section. [RT36507]
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson3903. [bug] Improve the accuracy of DiG's reported round trip
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington time. [RT 36611]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3902. [bug] liblwres wasn't handling link-local addresses in
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews nameserver clauses in resolv.conf. [RT #36039]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence3901. [protocol] Added support for CAA record type (RFC 6844).
613efcd8fbd0d1ce0d0afd1ac85d95cf85bffc27Brian Wellington3900. [bug] Fix a crash in PostgreSQL DLZ driver. [RT #36637]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley3899. [bug] "request-ixfr" is only applicable to slave and redirect
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews zones. [RT #36608]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley3898. [bug] Too small a buffer in tohexstr() calls in test code.
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley3897. [bug] RPZ summary information was not properly being updated
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews after a AXFR resulting in changes sometimes being
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews ignored. [RT #35885]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley3896. [bug] Address performance issues with DSCP code on some
bf43fdafa3bff9e84cb03f1a19aca74514d2516eBob Halley platforms. [RT #36534]
bf43fdafa3bff9e84cb03f1a19aca74514d2516eBob Halley3895. [func] Add the ability to set the DSCP code point to dig.
bf43fdafa3bff9e84cb03f1a19aca74514d2516eBob Halley3894. [bug] Buffers in isc_print_vsnprintf were not properly
bf43fdafa3bff9e84cb03f1a19aca74514d2516eBob Halley initialized leading to potential overflows when
e419f613d8591885df608cb73065921be07dd12eBob Halley printing out quad values. [RT #36505]
e419f613d8591885df608cb73065921be07dd12eBob Halley3893. [bug] Peer DSCP values could be returned without being set.
ec371edc34e2adb9e337b774d1a6e613f5863655Brian Wellington3892. [bug] Setting '-t aaaa' in .digrc had unintended side
59e99793307eed0914f8467243d1c4ac761b1d9cAndreas Gustafsson effects. [RT #36452]
ec371edc34e2adb9e337b774d1a6e613f5863655Brian Wellington3891. [bug] Use ${INSTALL_SCRIPT} rather than ${INSTALL_PROGRAM}
264fd373f3f6cc7f271bdff14a020385620015f1Andreas Gustafsson to install python programs.
bf43fdafa3bff9e84cb03f1a19aca74514d2516eBob Halley3890. [bug] RRSIG sets that were not loaded in a single transaction
e419f613d8591885df608cb73065921be07dd12eBob Halley at start up where not being correctly added to
e419f613d8591885df608cb73065921be07dd12eBob Halley re-signing heaps. [RT #36302]
f3ca27e9fe307b55e35ea8d7b37351650630e5a3Andreas Gustafsson3889. [port] hurd: configure fixes as per:
e419f613d8591885df608cb73065921be07dd12eBob Halley https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746540
62a84c4a27033bb0e7316256964a6950b1e230bdAndreas Gustafsson3888. [func] 'rndc status' now reports the number of automatic
ef97e09e20da2133adc731cf7e29e72d04dfc93fAndreas Gustafsson zones. [RT #36015]
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington3887. [cleanup] Make all static symbols in rbtdb64 end in "64" so
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington they are easier to use in a debugger. [RT #36373]
f3ca27e9fe307b55e35ea8d7b37351650630e5a3Andreas Gustafsson3886. [bug] rbtdb_write_header should use a once to initialize
e419f613d8591885df608cb73065921be07dd12eBob Halley FILE_VERSION. [RT #36374]
e419f613d8591885df608cb73065921be07dd12eBob Halley3885. [port] Use 'open()' rather than 'file()' to open files in
e419f613d8591885df608cb73065921be07dd12eBob Halley3884. [protocol] Add CDS and CDNSKEY record types. [RT #36333]
e419f613d8591885df608cb73065921be07dd12eBob Halley3883. [placeholder]
e419f613d8591885df608cb73065921be07dd12eBob Halley3882. [func] By default, negative trust anchors will be tested
e419f613d8591885df608cb73065921be07dd12eBob Halley periodically to see whether data below them can be
e419f613d8591885df608cb73065921be07dd12eBob Halley validated, and if so, they will be allowed to
e419f613d8591885df608cb73065921be07dd12eBob Halley expire early. The "rndc nta -force" option
e419f613d8591885df608cb73065921be07dd12eBob Halley overrides this behavior. The default NTA lifetime
e419f613d8591885df608cb73065921be07dd12eBob Halley and the recheck frequency can be configured by the
e419f613d8591885df608cb73065921be07dd12eBob Halley "nta-lifetime" and "nta-recheck" options. [RT #36146]
e419f613d8591885df608cb73065921be07dd12eBob Halley3881. [bug] Address memory leak with UPDATE error handling.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3880. [test] Update ans.pl to work with new TSIG support in
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington Net::DNS; add additional Net::DNS version prerequisite
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington checks. [RT #36327]
3676eeb6ca95c66aae1256f37af8c990d9f25eb4Brian Wellington3879. [func] Add version printing option to various BIND utilities.
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington3878. [bug] Using the incorrect filename for a DLZ module
b5debbe212097d1c573a2ba3bd9a3d526d86b0aeBrian Wellington caused a segmentation fault on startup. [RT #36286]
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington3877. [bug] Inserting and deleting parent and child nodes
feb40fc5f911d0b2050fb9fd34950a52930b981dBrian Wellington in response policy zones could trigger an assertion
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews failure. [RT #36272]
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews3876. [bug] Improve efficiency of DLZ redirect zones by
86f6b92e35c7bdb5fc1fd1021af75b981863313eMark Andrews suppressing unnecessary database lookups. [RT #35835]
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington3875. [cleanup] Clarify log message when unable to read private
ca9af3aaf798f98624fc1dc69d8c7d51bf01334dBrian Wellington key files. [RT #24702]
e419f613d8591885df608cb73065921be07dd12eBob Halley3874. [test] Check that only "check-names master" is needed for
e419f613d8591885df608cb73065921be07dd12eBob Halley updates to be accepted.
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley3873. [protocol] Only warn for SPF without TXT spf record. [RT #36210]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley3872. [bug] Address issues found by static analysis. [RT #36209]
e419f613d8591885df608cb73065921be07dd12eBob Halley3871. [bug] Don't publish an activated key automatically before
e419f613d8591885df608cb73065921be07dd12eBob Halley its publish time. [RT #35063]
e419f613d8591885df608cb73065921be07dd12eBob Halley3870. [func] Updated the random number generator used in
e419f613d8591885df608cb73065921be07dd12eBob Halley the resolver to use the updated ChaCha based one
e419f613d8591885df608cb73065921be07dd12eBob Halley (similar to OpenBSD's changes). Also moved the
ef97e09e20da2133adc731cf7e29e72d04dfc93fAndreas Gustafsson RNG to libisc and added unit tests for it.
e419f613d8591885df608cb73065921be07dd12eBob Halley3869. [doc] Document that in-view zones cannot be used for
bf43fdafa3bff9e84cb03f1a19aca74514d2516eBob Halley response policy zones. [RT #35941]
bf43fdafa3bff9e84cb03f1a19aca74514d2516eBob Halley3868. [bug] isc_mem_setwater incorrectly cleared hi_called
bf43fdafa3bff9e84cb03f1a19aca74514d2516eBob Halley potentially leaving over memory cleaner running.
e419f613d8591885df608cb73065921be07dd12eBob Halley3867. [func] "rndc nta" can now be used to set a temporary
264fd373f3f6cc7f271bdff14a020385620015f1Andreas Gustafsson negative trust anchor, which disables DNSSEC
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson validation below a specified name for a specified
9cd6710f91bdffef5aed68ab02533e398f6134d7Brian Wellington period of time (not exceeding 24 hours). This
e419f613d8591885df608cb73065921be07dd12eBob Halley can be used when validation for a domain is known
264fd373f3f6cc7f271bdff14a020385620015f1Andreas Gustafsson to be failing due to a configuration error on
264fd373f3f6cc7f271bdff14a020385620015f1Andreas Gustafsson the part of the domain owner rather than a
264fd373f3f6cc7f271bdff14a020385620015f1Andreas Gustafsson spoofing attack. [RT #29358]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3866. [bug] Named could die on disk full in generate_session_key.
e419f613d8591885df608cb73065921be07dd12eBob Halley3865. [test] Improved testability of the red-black tree
e419f613d8591885df608cb73065921be07dd12eBob Halley implementation and added unit tests. [RT #35904]
e419f613d8591885df608cb73065921be07dd12eBob Halley3864. [bug] RPZ didn't work well when being used as forwarder.
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley3863. [bug] The "E" flag was missing from the query log as a
e419f613d8591885df608cb73065921be07dd12eBob Halley unintended side effect of code rearrangement to
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley support EDNS EXPIRE. [RT #36117]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley3862. [cleanup] Return immediately if we are not going to log the
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley message in ns_client_dumpmessage.
c50936eb40263b65ebf6afe4e6556e2dc67c10e4Brian Wellington3861. [security] Missing isc_buffer_availablelength check results
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington in a REQUIRE assertion when printing out a packet
23e4260821eefa5019808e18e14e2b366461aad7Brian Wellington (CVE-2014-3859). [RT #36078]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3860. [bug] ioctl(DP_POLL) array size needs to be determined
1872808932603066d401d3de97db11af8ffee78aAndreas Gustafsson at run time as it is limited to {OPEN_MAX}.
5e387b9ce6bafdfadedb5b34e4c33a4404e5d589Brian Wellington3859. [placeholder]
1872808932603066d401d3de97db11af8ffee78aAndreas Gustafsson3858. [bug] Disable GCC 4.9 "delete null pointer check".
bf43fdafa3bff9e84cb03f1a19aca74514d2516eBob Halley3857. [bug] Make it harder for a incorrect NOEDNS classification
bf43fdafa3bff9e84cb03f1a19aca74514d2516eBob Halley to be made. [RT #36020]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley3856. [bug] Configuring libjson without also configuring libxml
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley resulted in a REQUIRE assertion when retrieving
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley statistics using json. [RT #36009]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley3855. [bug] Limit smoothed round trip time aging to no more than
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley once a second. [RT #32909]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley3854. [cleanup] Report unrecognized options, if any, in the final
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley configure summary. [RT #36014]
34aa7909371f13b4bc0ba6d155cfc38bfa1e3c5cAndreas Gustafsson3853. [cleanup] Refactor dns_rdataslab_fromrdataset to separate out
9cd6710f91bdffef5aed68ab02533e398f6134d7Brian Wellington the handling of a rdataset with no records. [RT #35968]
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley3852. [func] Increase the default number of clients available
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley for servicing lightweight resolver queries, and
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley make them configurable via the "lwres-tasks" and
0ec4b862c9abd11c82c88ed62438f0cf06fed25dBob Halley "lwres-clients" options. (Thanks to Tomas Hozza.)
e419f613d8591885df608cb73065921be07dd12eBob Halley3851. [func] Allow libseccomp based system-call filtering
bf43fdafa3bff9e84cb03f1a19aca74514d2516eBob Halley on Linux; use "configure --enable-seccomp" to
1b1e1fda4638334b484aa38c15f53a131c0b0fdfAndreas Gustafsson turn it on. Thanks to Loganaden Velvindron
1b1e1fda4638334b484aa38c15f53a131c0b0fdfAndreas Gustafsson of AFRINIC for the contribution. [RT #35347]
9cd6710f91bdffef5aed68ab02533e398f6134d7Brian Wellington3850. [bug] Disabling forwarding could trigger a REQUIRE assertion.
1b1e1fda4638334b484aa38c15f53a131c0b0fdfAndreas Gustafsson3849. [doc] Alphabetized dig's +options. [RT #35992]
1b1e1fda4638334b484aa38c15f53a131c0b0fdfAndreas Gustafsson3848. [bug] Adjust 'statistics-channels specified but not effective'
94766449d6125cd5870891b70d46573e5deaceb4Brian Wellington error message to account for JSON support. [RT #36008]
18b7133679efa8f60fd4e396c628576f3f416b3eBrian Wellington3847. [bug] 'configure --with-dlz-postgres' failed to fail when
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence there is not support available.
18b7133679efa8f60fd4e396c628576f3f416b3eBrian Wellington3846. [bug] "dig +notcp ixfr=<serial>" should result in a UDP
18b7133679efa8f60fd4e396c628576f3f416b3eBrian Wellington ixfr query. [RT #35980]
18b7133679efa8f60fd4e396c628576f3f416b3eBrian Wellington3845. [placeholder]
1b1e1fda4638334b484aa38c15f53a131c0b0fdfAndreas Gustafsson3844. [bug] Use the x64 version of the Microsoft Visual C++
1b1e1fda4638334b484aa38c15f53a131c0b0fdfAndreas Gustafsson Redistributable when built for 64 bit Windows.
1b1e1fda4638334b484aa38c15f53a131c0b0fdfAndreas Gustafsson3843. [protocol] Check EDNS EXPIRE option in dns_rdata_fromwire.
18b7133679efa8f60fd4e396c628576f3f416b3eBrian Wellington3842. [bug] Adjust RRL log-only logging category. [RT #35945]
5b0413f993b1c1ed837d23641e9f696cda1ee293Brian Wellington3841. [cleanup] Refactor zone.c:add_opt to use dns_message_buildopt.
5b0413f993b1c1ed837d23641e9f696cda1ee293Brian Wellington3840. [port] Check for arc4random_addrandom() before using it;
1b1e1fda4638334b484aa38c15f53a131c0b0fdfAndreas Gustafsson it's been removed from OpenBSD 5.5. [RT #35907]
1b1e1fda4638334b484aa38c15f53a131c0b0fdfAndreas Gustafsson3839. [test] Use only posix-compatible shell in system tests.
1b1e1fda4638334b484aa38c15f53a131c0b0fdfAndreas Gustafsson3838. [protocol] EDNS EXPIRE as been assigned a code point of 9.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3837. [security] A NULL pointer is passed to query_prefetch resulting
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews a REQUIRE assertion failure when a fetch is actually
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews initiated (CVE-2014-3214). [RT #35899]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3836. [bug] Address C++ keyword usage in header file.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3835. [bug] Geoip ACL elements didn't work correctly when
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews referenced via named or nested ACLs. [RT #35879]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews3834. [bug] The re-signing heaps were not being updated soon enough
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews leading to multiple re-generations of the same RRSIG
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews when a zone transfer was in progress. [RT #35273]
"debug" options when set in /etc/resolv.conf.
3805. [contrib] Added contrib/perftcpdns, a performance testing tool
3804. [bug] Corrected a race condition in dispatch.c in which
3794. [maint] Added AAAA for C.ROOT-SERVERS.NET.
3793. [bug] zone.c:save_nsec3param() could assert when out of
a TSIG key in named.conf format without comments.
3767. [func] Log explicitly when using rndc.key to configure
3764. [bug] The dnssec-keygen/settime -S and -i options
containing the specified address/prefix when
3719. [bug] Address memory leak in in peer.c. [RT #35255]
3718. [bug] A missing ISC_LINK_INIT in log.c. [RT #35260]
"testcrypto.sh" script to do so. [RT #35213]
3708. [bug] Address a portentry locking issue in dispatch.c.
on a missing resolv.conf file and initializes the
result = irs_resconf_load(mctx, "/etc/resolv.conf",
special URLs http://<server>:<port>/xml/v3/server,
3695. [bug] Address a possible race in dispatch.c. [RT #35107]
3668. [bug] Fix cast in lex.c which could see 0xff treated as eof.
3660. [cleanup] Changed the name of "isc-config.sh" to "bind9-config".
3659. [port] solaris: don't add explicit dependencies/rules for
3614. [port] Check for <linux/types.h>. [RT #34162]
3608. [port] win32: added todos.pl script to ensure all text files
3603. [bug] Install <isc/stat.h>. [RT #33956]
trigger an assertion failure in resolver.c
3580. [bug] Addressed a possible race in acache.c [RT #33602]
description in the named.conf man page. [RT #33476]
3560. [bug] isc-config.sh did not honor includedir and libdir
3556. [maint] Added AAAA for D.ROOT-SERVERS.NET.
3555. [bug] Address theoretical race conditions in acache.c
3551. [bug] resolver.querydscp[46] were uninitialized. [RT #32686]
3548. [bug] The NSID request code in resolver.c was broken
3544. [contrib] check5011.pl: Script to report the status of
managed keys as recorded in managed-keys.bind.
options which take a "port" option (e.g.,
3521. [bug] Address memory leak in opensslecdsa_link.c. [RT #32249]
3518. [bug] Increase the size of dns_rrl_key.s.rtype by one bit
3497. [func] When deleting a slave/stub zone using 'rndc delzone'
dlzdb.link. When cloning a rdataset do not copy
3485. [cleanup] Only compile openssl_gostlink.c if we support GOST.
3473. [bug] dnssec-signzone/verify could incorrectly report
3459. [func] Added -J option to named-checkzone/named-compilezone
3449. [bug] gen.c: use the pre-processor to construct format
3447. [port] Add support for libxml2-2.9.x [RT #32231]
3441. [maint] D.ROOT-SERVERS.NET is now 199.7.91.13.
3436. [bug] Check malloc/calloc return values. [RT #32088]
3409. [contrib] contrib/dane/mkdane.sh: Tool to generate TLSA RR's
3406. [bug] mem.c: Fix compilation errors when building with
zone.c [RT #30675]
3362. [bug] Setting some option values to 0 in named.conf
3357. [port] Add support for libxml2-2.8.x [RT #30440]
to ensure correctness of signatures and of NSEC/NSEC3
- add a RPZ performance test to bin/tests/system/rpz
3328. [bug] Fixed inconsistent data checking in dst_parse.c.
zone.c:zone_gotwritehandle. [RT #29028]
3309. [bug] resolver.c:fctx_finddone() was not thread safe.
3300. [bug] Named could die if gssapi was enabled in named.conf
client.c:exit_check. [RT #28346]
3294. [bug] isccc/cc.c:table_fromwire failed to free alist on
3290. [bug] <isc/hmacsha.h> was not being installed. [RT #28169]
3287. [port] Update ans.pl to work with Net::DNS 0.68. [RT #28028]
rbtnode.deadlink. [RT #27738]
lib/dns/rbtdb.c:iszonesecure. [RT #26913]
3233. [bug] 'rndc freeze/thaw' didn't work for inline zones.
3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478]
3212. [bug] rbtdb.c: failed to remove a node from the deadnodes
3201. [func] 'rndc querylog' can now be given an on/off parameter
dnssec.h. [RT #26415]
3188. [bug] zone.c:zone_refreshkeys() could fail to detach
3186. [bug] Version/db mis-match in rpz code. [RT #26180]
sample external DLZ module in contrib/dlz/example.
- replace "NO-OP" named.conf policy override with
3169. [func] Catch db/version mis-matches when calling dns_db_*().
3163. [bug] Use finer-grained locking in client.c to address
3161. [bug] zone.c:del_sigs failed to always reset rdata leading
drivers (e.g., mysql, postgresql, etc). [RT #25710]
3145. [test] Capture output of ATF unit tests in "./atf.out" if
3093. [bug] Fix gssapi/kerberos dependencies [RT #23836]
3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
and add setup.sh in order to resolve changing
named.conf issue. [RT #23687]
3077. [bug] zone.c:zone_refreshkeys() incorrectly called
update.c:next_active. [RT #20256]
select the master/slave zones. [RT #23580]
- "dig +split=X" breaks hex/base64 records into
named.pid at startup. [RT #23290]
validator.c. Tests added to dnssec system test.
3038. [bug] Install <dns/rpz.h>. [RT #23342]
3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
3026. [bug] lib/isc/httpd.c: check that we have enough space
to 10. Allow setting this in named.conf using the new
in the named.conf options. [RT #21727]
3000. [bug] More TKEY/GSS fixes:
2992. [contrib] contrib/check-secure-delegation.pl: A simple tool
2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for
2987. [func] Improve ease of configuring TKEY/GSS updates by
zone, but the nameserver names and/or their IP
2978. [port] hpux: look for <devpoll.h> [RT #21919]
2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
2973. [bug] bind.keys.h was being removed by the "make clean"
(e.g. "%-1c"). [RT #22270]
2962. [port] win32: add more dependencies to BINDBuild.dsw.
2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
interfaces at reboot. See bin/tests/system/README
support for addzone/delzone feature (see change
new-zone-file in named.conf; this happens
2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
option at the view or options level in named.conf.
into named.conf in the appropriate view. (Note:
2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
was specified in named.conf. [RT #21416]
2903. [bug] managed-keys-directory missing from namedconf.c.
2893. [bug] Improve managed keys support. New named.conf option
2873. [bug] Canceling a dynamic update via the dns/client module
2872. [bug] Modify dns/client.c:dns_client_createx() to only
2871. [bug] Type mismatch in mem_api.c between the definition and
2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
2865. [bug] memset to zero event.data. [RT #20986]
2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
README.rfc5011 into the ARM. [RT #20899]
2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
2829. [bug] Fixed potential node inconsistency in rbtdb.c.
2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
2822. [bug] rbtdb.c:loadnode() could return the wrong result.
atomic.h is correctly installed by the architecture
(i.e., built without --enable-exportlib). [RT #20679]
named.conf: check-dup-records {ignore|warn|fail};
2794. [bug] Install <isc/namespace.h>. [RT #20677]
2791. [bug] The installation of isc-config.sh was broken.
2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
2770. [cleanup] Add log messages to resolver.c to indicate events
2756. [bug] Fixed corrupt logfile message in update.c. [RT #20597]
2746. [port] hpux: address signed/unsigned expansion mismatch of
dns_rbtnode_t.nsec. [RT #20542]
validator.c. [RT #19589]
2725. [doc] Added information about the file "managed-keys.bind"
2719. [func] Skip trusted/managed keys for unsupported algorithms.
2717. [bug] named failed to update the NSEC/NSEC3 record when
2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
2711. [port] win32: Add the bin/pkcs11 tools into the full
by the named.conf option 'secure-to-insecure'.
(i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
2699. [bug] Missing lock in rbtdb.c. [RT #20037]
S_IFREG are defined after including <isc/stat.h>.
2695. [func] DHCP/DDNS - update fdwatch code for use by
2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
2679. [func] dig -k can now accept TSIG keys in named.conf
- New "inactive" date (dnssec-keygen/settime -I)
2673. [bug] The managed-keys.bind zone file could fail to
2664. [bug] create_keydata() and minimal_update() in zone.c
applications. See README.libdns. [RT #19369]
2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
2632. [func] util/kit.sh: warn if documentation appears to be out of
2628. [port] linux: Allow /var/run/named/named.pid to be opened
2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
2617. [bug] ifconfig.sh failed to emit an error message when
2616. [bug] 'host' used the nameservers from resolv.conf even
configuration text for named.conf
from a NSEC3 signed master/slave zone. [RT #19464]
2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
2590. [func] Report zone/class of "update with no effect".
2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
of "dnssec-lookaside . trust-anchor dlv.isc.org;"
plus setting a trusted-key for dlv.isc.org.
by) $sysconfdir/bind.keys. As the ISC DLV key
the bind.keys file with a key downloaded from
https://www.isc.org/solutions/dlv. [RT #18685]
2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
2548. [bug] Install iterated_hash.h. [RT #19335]
2547. [bug] openssl_link.c:mem_realloc() could reference an
2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
2538. [bug] cache/ADB memory could grow over max-cache-size,
2519. [bug] dig/host with -4 or -6 didn't work if more than two
preceded in resolv.conf. [RT #19081]
document function in <isc/radix.h>. [RT #18534]
2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
are now /var/run/named/named.pid and
/var/run/lwresd/lwresd.pid respectively.
2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
specified in named.conf doesn't seem to work with
2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
2455. [bug] Stop metadata being transferred via axfr/ixfr.
2452. [func] Improve bin/test/journalprint. [RT #18316]
epoll and /dev/poll to be selected at compile
completion event send out canceled read/write
in rbtdb.c. [RT #18455]
2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
temporary, named.conf option reserved-sockets,
assertion in acl.c. [RT #18166]
2390. [bug] dispatch.c could make a false warning on 'odd socket'.
2387. [bug] Silence compiler warnings in lib/isc/radix.c.
2385. [bug] A condition variable in socket.c could leak in
2381. [port] dlz/mysql: support multiple install layouts for
mysql. <prefix>/include/{,mysql/}mysql.h and
2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
Documentation is in the new README.pkcs11 file.
were set at both the options/view level and in
named.conf. [RT #17581]
See <isc/mem.h> for details.
2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
rbtdb.c. Implement dead node processing in zones as
lib/dns/rdata/in_1/apl_42.c. [RT #17469]
2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
addresses in acl.c. [RT #17519]
bin/named/lwdnoop.c. [RT #17476]
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
debug/fatal messages. [RT #17501]
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
2306. [bug] Remove potential race from lib/dns/resolver.c.
2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
bin/tests/system/lwresd/lwtest.c. [RT #17474]
bin/tests/names/t_names.c. [RT #17473]
bin/nsupdate/nsupdate.c. [RT #17475]
bin/tests/timers/t_timers.c. [RT #17468]
bin/tests/dst/t_dst.c. [RT #17467]
2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
2276. [bug] Install <dst/gssapi.h>. [RT #17359]
stub/slave master and journal files. [RT #17279]
2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
2266. [bug] client.c:get_clientmctx() returned the same mctx
2257. [bug] win32: Use the full path to vcredist_x86.exe when
bindevt.dll. [RT #17159]
2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
2254. [bug] timer.c:dispatch() failed to lock timer->lock
2247. [doc] Sort doc/misc/options. [RT #17067]
2246. [bug] Make the startup of test servers (ans.pl) more
2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
If allow-query-cache is not set in named.conf then
If allow-recursion is not set in named.conf then
2194. [bug] Close journal before calling 'done' in xfrin.c.
2193. [port] win32: BINDInstall.exe is now linked statically.
2192. [port] win32: use vcredist_x86.exe to install Visual
2184. [bug] bind9.xsl.h didn't build out of the source tree.
2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
need to ship Microsoft.VC80.MFCLOC.
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
Fix a memory leak in rbtdb.c:free_noqname().
Make lookup.c:lookup_find() robust against
2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
dighost.c:get_trusted_key(). [RT #16678]
hmac_link.c. [RT #16437]
2145. [bug] Check DS/DLV digest lengths for known digests.
2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
in adb.c. [RT #16670]
2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2137. [port] Mips little endian and/or mips 64 bit are now
2136. [bug] nslookup/host looped if there was no search list
2135. [bug] Uninitialized rdataset in sdlz.c. [RT #16656]
2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
2114. [bug] dig/host/nslookup: searches for names with multiple
2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
2103. [port] Add /usr/sfw to list of locations for OpenSSL
2100. [port] win32: copy libeay32.dll to Build\Debug.
2098. [bug] Race in rbtdb.c:no_references(), which occasionally
if resolv.conf does not exist or no nameservers
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
2085. [doc] win32: added index.html and README to zip. [RT #16201]
2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
2080. [port] libbind: res_init.c did not compile on older versions
2076. [bug] Several files were missing #include <config.h>
of authoritative servers that drop EDNS and/or CD
2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
2043. [port] nsupdate/nslookup: Force the flushing of the prompt
2038. [bug] dig/nslookup/host was unlinking from wrong list
a non slave/stub zone. [RT # 16073]
2028. [port] linux: socket.c compatibility for old systems.
2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
2008. [func] It is now possible to enable/disable DNSSEC
breaks DNSSEC (firewall/proxy). [RT #15592]
2003. [bug] libbind: The DNS name/address lookup functions could
1988. [bug] Remove a bus error from the SHA256/SHA512 support.
1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
1981. [bug] win32: condition.c:wait() could fail to reattain
1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
now be set in named.conf (max-udp-size). This is
xfrin.c:maybe_free() if named ran out of memory.
1944. [cleanup] isc_hash_create() does not need a read/write lock.
1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
1922. [bug] check-tool.c:setup_logging() missing call to
1919. [contrib] queryperf: a set of new features: collecting/printing
'RD' was set in the query. host/nslookup skip servers
1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
1866. [bug] resolv.conf parse errors were being ignored by
dig/host/nslookup. [RT #14841]
1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
when CFLAGS contains "-I /usr/local/include"
1839. [bug] <isc/hash.h> was not being installed.
1836. [cleanup] Silence compiler warnings in hash_test.c.
1834. [bug] Bad memset in rdata_test.c. [RT #13658]
rbtdb.c:subtractrdataset(). [RT #13519]
option in named.conf can be used to specify a
1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
1810. [bug] configure, lib/bind/configure make different default
1808. [bug] zone.c:notify_zone() contained a race condition,
1788. [bug] libbind9.la/libbind9.so needs to link against
1785. [bug] libbind9.la/libbind9.so needs to link against
1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
file clause for rbt{64} master/hint zones. [RT #13009]
1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
1748. [func] dig now returns the byte count for axfr/ixfr.
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
1745. [bug] Dig/host/nslookup accept replies from link locals
1731. [port] darwin: relax version test in ifconfig.sh.
1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
1717. [port] solaris: ifconfig.sh did not support Solaris 10.
"ifconfig.sh down" didn't work for Solaris 9.
1716. [doc] named.conf(5) was being installed in the wrong
1714. [bug] dig/host/nslookup were only trying the first
1707. [contrib] sdb/ldap updated to version 1.0-beta.
1705. [func] Allow the journal's name to be changed via named.conf.
"#include <isc/print.h>". [RT #12321]
1701. [doc] A minimal named.conf man page.
are defined in named.conf. [RT #12023]
/usr/lib. [RT #11971]
1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
adb.c:set_target(). [RT #11582]
1648. [func] Update dnssec-lookaside named.conf syntax to support
1625. [bug] named failed to load/transfer RFC2535 signed zones
1612. [bug] check-names at the option/view level could trigger
1599. [bug] Fix memory leak on error path when checking named.conf.
DNSSEC specify "dnssec-enable yes;" in named.conf.
1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
1566. [port] Support for the cmsg framework on Solaris and HP/UX.
were specified in /etc/resolv.conf. [RT #8232]
1551. [port] Open "/dev/null" before calling chroot().
1532. [port] netbsd: the configure test for <sys/sysctl.h>
requires <sys/param.h>.
1517. [port] Support for IPv6 interface scanning on HP/UX and
only (e.g. DE, LV, US and MUSEUM) these can be excluded
1503. [port] win32: install libeay32.dll outside of system32.
named.conf, tcp-listen-queue.
1498. [port] bsdos: 5.x support.
1478. [port] ifconfig.sh didn't account for other virtual
1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
doc/misc/options. [RT #5616]
via named.conf (edns-udp-size).
1425. [port] linux/libbind: define __USE_MISC when testing *_r()
function prototypes in netdb.h. [RT #4921]
1422. [func] Log name/type/class when denying a query. [RT #4663]
1419. [port] openbsd: use /dev/arandom. [RT #4950]
1417. [func] ID.SERVER/CHAOS is now a built in zone.
1410. [func] Handle records that live in the parent zone, e.g. DS.
1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
'recursing-file = "named.recursing";'.
1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
1353. [contrib] sdb/ldap to version 0.9.
in socket.c and eliminating a host of socket
1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
1336. [func] Nibble lookups under IP6.ARPA are now supported by
1334. [bug] When signing/verifying rdatasets, duplicate rdatas
1326. [bug] DNAME/CNAME signatures were not being cached when
1324. [port] darwin: ifconfig.sh now supports darwin.
1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
1276. [bug] libbind: const pointer conflicts in res_debug.c.
1269. [port] Openserver: ifconfig.sh support.
<sys/param.h> is included or not. Be consistent.
1247. [bug] Don't reset the interface index for link/site local
1234. [bug] contrib/sdb: 'zonetodb' failed to call
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
at the named.conf checking stage. [RT #2431]
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
lib/dns to use this function instead of local one.
occurs when parsing named.conf. [RT #2275]
1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
1145. [func] "host" no longer reports a NOERROR/NODATA response
named/lwresd at compile time. [RT #1982]
1119. [func] Added support in Win32 for NTFS file/directory ACL's
could cause an assertion failure in resolver.c
violation in adb.c. [RT #2017]
1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
1088. [port] libbind: MPE/iX C.70 (incomplete)
on load/reload if views were used. [RT #1947]
1041. [bug] Dig/host/nslookup could catch an assertion failure
1032. [func] hostname.bind/txt/chaos now returns the name of
1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
1030. [bug] On systems with no resolv.conf file, nsupdate
1029. [bug] Some named.conf errors did not cause the loading
1002. [bug] When reporting an unknown class name in named.conf,
972. [bug] The file modification time code in zone.c was using the
non-existent nlist.h. [RT #1640]
957. [bug] sys/select.h inclusion was broken on older platforms.
in named/win32/os.c due to code changes in
updated to add include path for os.h header.
953. [func] The /var/run/named.key file from change #843
has been replaced by /etc/rndc.key. Both
method (rndc.conf / controls). Unlike
bin/tests. [RT #1555].
946. [cleanup] doc/misc/options is now machine-generated from the
when installing isc-config.sh.
were not accepted in named.conf. [RT #1469]
and added lib/isc/win32/entropy.c.
900. [bug] A config.guess update changed the system identification
bin/tests/system/ifconfig.sh now recognize the new
899. [bug] lib/dns/soa.c failed to compile on many platforms
897. [bug] A config.guess update changed the system identification
to Darwin. This was derived from the config.guess
849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
just as <lwres/net.h> does.
843. [func] If no controls statement is present in named.conf,
generated by named and an rndc.conf-style file
named named.key will be written that uses it. rndc
838. [port] UnixWare 7.x.x is now suported by
833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
<dns/soa.h>, and extended them to support
832. [bug] The default location for named.conf in named-checkconf
825. [bug] zone.c:ns_query() detached from the wrong zone
character (i.e. "/") in its name and the directory
down-cased when signing/verifying records. [RT #1186]
in rndc.conf.
786. [bug] When DNSSEC signing/verifying data, owner names were
755. [bug] Fix incorrectly formatted log messages in zone.c.
748. [doc] List supported RFCs in doc/misc/rfc-compliance.
739. [port] Look for /dev/random in configure, rather than
737. [port] stdtime.c failed to compile on certain platforms.
dispatch.c:do_cancel(). [RT #733]
718. [cleanup] "internal" is no longer a reserved word in named.conf.
failure in adb.c. [RT #738]
703. [port] sys/select.h is needed on older platforms. [RT #695]
702. [func] If the address 0.0.0.0 is seen in resolv.conf,
693. [bug] An empty lwres statement in named.conf caused
685. [bug] nslookup should use the search list/domain options
from resolv.conf by default. [RT #405, #630]
646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
for syntax checking named.conf files and zone files,
604. [bug] The named.conf parser could print incorrect line
577. [func] Log illegal RDATA combinations. e.g. multiple
570. [bug] rbtdb.c allowed zones containing nodes which had
568. [func] Add sample simple database drivers in contrib/sdb.
of rdata type/class mnemonics in log messages.
516. [bug] Cache lookups which had a NULL node pointer, e.g.
DNAME, would trigger an INSIST(!search.need_cleanup)
490. [func] When a slave/stub zone has not yet successfully
from the named.conf "listen-on" statement, sockets
477. [bug] The the isc-config.sh script could be installed before
471. [bug] nsupdate didn't compile on HP/UX 10.20
and subsequent name servers in resolv.conf if the
457. [bug] Dig/host/hslookup didn't properly handle connect
documented as such in named.conf. [RT #304, RT #311]
is specified in named.conf. [RT #306]
is specified in named.conf. [RT #301]
432. [func] Added refresh/retry jitter. The actual refresh/
428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
(e.g. glue). This could cause SERVFAILs when
e.g. due to corrupt zones with multiple SOA records.
an argc/argv style vector of words and sets
view/global one for CNAME targets and additional
369. [func] Support new named.conf options, view and zone
the distribution, in doc/man/dnssec.
353. [bug] double increment in lwres/gethost.c:copytobuf().
348. [func] New boolean named.conf options 'additional-from-auth'
345. [bug] Large-scale changes/cleanups to dig:
341. [func] Support 'key' clause in named.conf zone masters
327. [bug] rndc.conf parser wasn't correctly recognizing an IP
320. [func] Multiple rndc changes: parses an rndc.conf file,
319. [func] The named.conf "controls" statement is now used
314. [func] The named.conf controls statement can now have
313. [bug] When parsing resolv.conf, don't terminate on an
resolv.conf search path from 6 to 8. If there
resolv.conf was empty or a comment.
310. [func] Changes to named.conf "controls" statement (inet
are listed in resolv.conf, silently ignore them
each library's ipv6.h defines the wrapper symbol of
any $sbindir/dig from a previous release.)
that lack /dev/random.
280. [func] Add isc-config.sh, which can be used to more
two or more files in libomapi.a were not namespace
278. [bug] bin/named/logconf.c:category_fromconf() didn't take
266. [bug] zone.c:save_nsrrset() node was not initialized.
262. [bug] 'master' was not initialized in zone.c:stub_callback().
for global options block of named.conf. Both accept
258. [bug] Fixed printing of lwres_addr_t.address field.
256. [func] isc_ratelimiter_t now has attach/detach semantics, and
253. [func] resolv.conf parser now recognizes ';' and '#' as
252. [bug] resolv.conf parser mishandled masks on sortlists.
244. [bug] empty named.conf file and empty options statement are
243. [func] new cachesize option for named.conf
+ missing sigwait prototype on BSD/OS 4.0/4.0.1.
BSD/OS 4.*, Linux and Solaris 2.8.
230. [func] Replace the dst sign/verify API with a cleaner one.
from confparser.c, because of yacc's code, are
212. [func] Added dns_message_get/settsigkey, to make TSIG
compiling in the lib/dns/sec/{dnssafe,openssl}
204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
run on a PA 1.x system."
201. [cleanup] Removed the test/sdig program, it has been
replaced by bin/dig/dig.
(e.g., running out of network buffers) were
and/or interfaces. [19-May-2000 explorer]
191. [func] Patched to compile on UnixWare 7.x. This platform
range for overflow/underflow. In the case of
184. [cleanup] Variables/functions which began with two leading
underscores were made to conform to the ANSI/ISO
179. [func] options named.conf statement *must* now come
178. [func] Post-load of named.conf check verifies a slave zone
168. [bug] include statements in named.conf caused syntax errors
162. [bug] Ensure proper range for arguments to ctype.h functions.
masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
util/check-includes for how this was tested.
145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
<isc/result.h>.
of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
need <isc/eventclass.h>.
instead of <isc/time.h>.
128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
and creates null keys/sets zone status bit for
<isc/result.h>.
<isc/result.h>. Multiple inclusion protection
isc_symtab_t moved to <isc/types.h>.
<isc/net.h>.
118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
117. [cleanup] libdns.a changes:
116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
<isc/list.h>.
<isc/mutex.h>.
<isc/list.h>.
bin/tests/{db,mem,sockaddr,tasks,timers}/.
108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
105. [doc] doc/dev/coding.html expanded with other
103. [func] libisc buffer API changes for <isc/buffer.h>:
on BSD/OS 4.1.
101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
<isc/event.h>.
or <isc/result.h>.
<isc/result.h>.
90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
from <named/listenlist.h>.
<isc/mem.h>. isc_interface_t and isc_interfaceiter_t
moved to <isc/types.h>.
86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
<isc/types.h>.
<isc/int.h>.
<isc/lang.h>.
subsumed by file.o.
OpenSSL libraries/headers.
from <dns/types.h>.
59. [bug] Cause net/host unreachable to be a hard error
58. [bug] bin/named/query.c could sometimes trigger the
(client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
<sys/param.h>.
logging module "dns/validator".
and isc_lex_t to <isc/types.h>.
31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
25. [bug] make install failed to install <isc/log.h> and
configure.in to check for presence of in6addr_any.
9. [cleanup] replaced bit-setting code in confctx.c and replaced
4. [port] bin/named/unix/os.c didn't compile on systems with
get only what we need from <linux/capability.h>, and
systems without /dev/random.
lib/isc/unix/include/isc/Makefile.in had a typo which