CHANGES revision eff7f78bc65f30efd87a398e66084ddab72799d3
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3061. [func] New option "dnssec-signzone -D", only write out
17131a9459e5b30f764bc77f4fed288907a5b5e0Tinderbox User generated DNSSEC records. [RT #22896]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3060. [func] New option "dnssec-signzone -X <date>" allows
ec5347e2c775f027573ce5648b910361aa926c01Automatic Updater specification of a separate expiration date
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson for DNSKEY RRSIGs and other RRSIGs. [RT #22141]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3059. [test] Added a regression test for change #3023.
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews3058. [bug] Cause named to terminate at startup or rndc reconfig/
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews reload to fail, if a log file specified in the conf
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews file isn't a plain file. (RT #22771]
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews3057. [bug] "rndc secroots" would abort after the first error
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews and so could miss some views. [RT #23488]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3056. [func] Added support for URI resource record. [RT #23386]
28a8f5b0de57d269cf2845c69cb6abe18cbd3b3aMark Andrews3055. [placeholder]
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein3054. [bug] Added elliptic curve support check in
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence GOST OpenSSL engine detection. [RT #23485]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3053. [bug] Under a sustained high query load with a finite
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson max-cache-size, it was possible for cache memory
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson to be exhausted and not recovered. [RT #23371]
3e14b69d196a3ebeecc4662c426344dcfd7db678Andreas Gustafsson3052. [test] Fixed last autosign test report. [RT #23256]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence3051. [bug] NS records obsure DS records at the bottom of the
16a68807e13caea3183a41a5292f1b3f48b81a26Mark Andrews zone if both are present. [RT #23035]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence3050. [bug] The autosign system test was timing dependent.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews Wait for the initial autosigning to complete
261a6a1f7d95eaf0cd882f3123dcfd775517a54fMark Andrews before running the rest of the test. [RT #23035]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3049. [bug] Save and restore the gid when creating creating
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence named.pid at startup. [RT #23290]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews3048. [bug] Fully separate view key mangement. [RT #23419]
261a6a1f7d95eaf0cd882f3123dcfd775517a54fMark Andrews3047. [bug] DNSKEY NODATA responses not cached fixed in
3e14b69d196a3ebeecc4662c426344dcfd7db678Andreas Gustafsson validator.c. Tests added to dnssec system test.
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews3046. [bug] Use RRSIG original TTL to compute validated RRset
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson and RRSIG TTL. [RT #23332]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3045. [removed] Replaced by change #3050.
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence3044. [bug] Hold the socket manager lock while freeing the socket.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3043. [test] Merged in the NetBSD ATF test framework (currently
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson version 0.12) for development of future unit tests.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews Use configure --with-atf to build ATF internally
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews or configure --with-atf=prefix to use an external
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews copy. [RT #23209]
600cfa2ba4c50017581b6c14e3a688a82ecebbe0David Lawrence3042. [bug] dig +trace could fail attempting to use IPv6
600cfa2ba4c50017581b6c14e3a688a82ecebbe0David Lawrence addresses on systems with only IPv4 connectivity.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3041. [bug] dnssec-signzone failed to generate new signatures on
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews ttl changes. [RT #23330]
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews3040. [bug] Named failed to validate insecure zones where a node
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews with a CNAME existed between the trust anchor and the
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews top of the zone. [RT #23338]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3039. [func] Redirect on NXDOMAIN support. [RT #23146]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3038. [bug] Install <dns/rpz.h>. [RT #23342]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3037. [doc] Update COPYRIGHT to contain all the individual
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson copyright notices that cover various parts.
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Hunt3036. [bug] Check built-in zone arguments to see if the zone
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson is re-usable or not. [RT #21914]
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein3035. [cleanup] Simplify by using strlcpy. [RT #22521]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence3034. [cleanup] nslookup: use strlcpy instead of safecopy. [RT #22521]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3033. [cleanup] Add two INSIST(bucket != DNS_ADB_INVALIDBUCKET).
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3031. [bug] dns_rdataclass_format() handle a zero sized buffer.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3030. [bug] dns_rdatatype_format() handle a zero sized buffer.
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson3029. [bug] isc_netaddr_format() handle a zero sized buffer.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3028. [bug] isc_sockaddr_format() handle a zero sized buffer.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3027. [bug] Add documented REQUIREs to cfg_obj_asnetprefix() to
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson catch NULL pointer dereferences before they happen.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3026. [bug] lib/isc/httpd.c: check that we have enough space
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson after calling grow_headerspace() and if not
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson re-call grow_headerspace() until we do. [RT #22521]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3025. [bug] Fixed a possible deadlock due to zone resigning.
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Hunt3024. [func] RTT Banding removed due to minor security increase
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson but major impact on resolver latency. [RT #23310]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington3023. [bug] Named could be left in an inconsistent state when
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington receiving multiple AXFR response messages that were
d0aebc5a55b6145297d94f8aee939852357c59fcMark Andrews not all TSIG-signed. [RT #23254]
a76b380643a22f23a67a9df284e86cd7ef7608c1Mark Andrews3022. [bug] Fixed rpz SERVFAILs after failed zone transfers
d0aebc5a55b6145297d94f8aee939852357c59fcMark Andrews3021. [bug] Change #3010 was incomplete. [RT #22296]
f621719829356f27e831507b75e88e8a655e48d8Danny Mayer3020. [bug] auto-dnssec failed to correctly update the zone when
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington changing the DNSKEY RRset. [RT #23232]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington3019. [test] Test: check apex NSEC3 records after adding DNSKEY
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington record via UPDATE. [RT #23229]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington3018. [bug] Named failed to check for the "none;" acl when deciding
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Hunt if a zone may need to be re-signed. [RT #23120]
b76715a02fbe0c373a5a03c4f09ac0d6de5abc43Mark Andrews3017. [doc] dnssec-keyfromlabel -I was not properly documented.
e61793f0865117ad87a19d6e245bea8f3b712d1bDanny Mayer3016. [bug] rndc usage missing '-b'. [RT #22937]
2883651930dc85cacae940fe2a81277dfc14807dBrian Wellington3015. [port] win32: fix IN6_IS_ADDR_LINKLOCAL and
2883651930dc85cacae940fe2a81277dfc14807dBrian Wellington IN6_IS_ADDR_SITELOCAL macros. [RT #22724]
16bd30ae6987cd4ba4fe3b873e72abf5b7178c26Mark Andrews3014. [placeholder]
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson3013. [bug] The DNS64 ttl was not always being set as expected.
2883651930dc85cacae940fe2a81277dfc14807dBrian Wellington3012. [bug] Remove DNSKEY TTL change pairs before generating
459d31fa838619cee728a90984d27d18345dc18aAndreas Gustafsson signing records for any remaining DNSKEY changes.
b76715a02fbe0c373a5a03c4f09ac0d6de5abc43Mark Andrews3011. [func] Change the default query timeout from 30 seconds
c67496c94321dfb68d209019f2b5872a81289c66Michael Sawyer to 10. Allow setting this in named.conf using the new
c67496c94321dfb68d209019f2b5872a81289c66Michael Sawyer 'resolver-query-timeout' option, which specifies a max
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein time in seconds. 0 means 'default' and anything longer
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson than 30 will be silently set to 30. [RT #22852]
f621719829356f27e831507b75e88e8a655e48d8Danny Mayer3010. [bug] Fixed a bug where "rndc reconfig" stopped the timer
bfe313722d5b2eff6c80336ed1f19c2f99a53de6Andreas Gustafsson for refreshing managed-keys. [RT #22296]
b76715a02fbe0c373a5a03c4f09ac0d6de5abc43Mark Andrews3009. [bug] clients-per-query code didn't work as expected with
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson particular query patterns. [RT #22972]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson --- 9.8.0b1 released ---
68e4926b2262571e004b4be00b905ec776c01d9cMichael Graff3008. [func] Response policy zones (RPZ) support. [RT #21726]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson3007. [bug] Named failed to preserve the case of domain names in
68e4926b2262571e004b4be00b905ec776c01d9cMichael Graff rdata which is not compressible when writing master
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson files. [RT #22863]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews3006. [func] Allow dynamically generated TSIG keys to be preserved
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews across restarts of named. Initially this is for
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews TSIG keys generated using GSSAPI. [RT #22639]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews3005. [port] Solaris: Work around the lack of
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews gsskrb5_register_acceptor_identity() by setting
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews the KRB5_KTNAME environment variable to the
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews contents of tkey-gssapi-keytab. Also fixed
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews test errors on MacOSX. [RT #22853]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews3004. [func] DNS64 reverse support. [RT #22769]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews3003. [experimental] Added update-policy match type "external",
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews enabling named to defer the decision of whether to
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews allow a dynamic update to an external daemon.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews (Contributed by Andrew Tridgell.) [RT #22758]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews3002. [bug] isc_mutex_init_errcheck() failed to destroy attr.
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews3001. [func] Added a default trust anchor for the root zone, which
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt can be switched on by setting "dnssec-validation auto;"
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews in the named.conf options. [RT #21727]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews3000. [bug] More TKEY/GSS fixes:
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews - nsupdate can now get the default realm from
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews the user's Kerberos principal
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafsson - corrected gsstest compilation flags
e672951ed28b2e9cc7a19c3d7fa4a258382f981cAutomatic Updater - improved documentation
d788d738e3d29037651b42566519c9a0a66ba219Mark Andrews - fixed some NULL dereferences
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2999. [func] Add GOST support (RFC 5933). [RT #20639]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2998. [func] Add isc_task_beginexclusive and isc_task_endexclusive
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff to the task api. [RT #22776]
42a5f9c8f535fb2a6d1cbfaa38533176e1f1667aBob Halley2997. [func] named -V now reports the OpenSSL and libxml2 verions
42a5f9c8f535fb2a6d1cbfaa38533176e1f1667aBob Halley it was compiled against. [RT #22687]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2996. [security] Temporarily disable SO_ACCEPTFILTER support.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2995. [bug] The Kerberos realm was not being correctly extracted
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson from the signer's identity. [RT #22770]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2994. [port] NetBSD: use pthreads by default on NetBSD >= 5.0, and
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson do not use threads on earlier versions. Also kill
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson the unproven-pthreads, mit-pthreads, and ptl2 support.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence2993. [func] Dynamically grow adb hash tables. [RT #21186]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2992. [contrib] contrib/check-secure-delegation.pl: A simple tool
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson for looking at a secure delegation. [RT #22059]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff dynamic zones. [RT #22365]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence2990. [bug] 'dnssec-settime -S' no longer tests prepublication
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson interval validity when the interval is set to 0.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2989. [func] Added support for writable DLZ zones. (Contributed
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson by Andrew Tridgell of the Samba project.) [RT #22629]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson of external DLZ drivers that can be loaded as
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson shared objects at runtime rather than linked with
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson named. Currently this is switched on via a
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson compile-time option, "configure --with-dlz-dlopen".
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson Note: the syntax for configuring DLZ zones
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson is likely to be refined in future releases.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson (Contributed by Andrew Tridgell of the Samba
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson project.) [RT #22629]
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence2987. [func] Improve ease of configuring TKEY/GSS updates by
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson adding a "tkey-gssapi-keytab" option. If set,
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff updates will be allowed with any key matching
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson a principal in the specified keytab file.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson "tkey-gssapi-credential" is no longer required
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence and is expected to be deprecated. (Contributed
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson by Andrew Tridgell of the Samba project.)
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2986. [func] Add new zone type "static-stub". It's like a stub
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson zone, but the nameserver names and/or their IP
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson addresses are statically configured. [RT #21474]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2985. [bug] Add a regression test for change #2896. [RT #21324]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2984. [bug] Don't run MX checks when the target of the MX record
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson is ".". [RT #22645]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2983. [bug] Include "loadkeys" in rndc help output. [RT #22493]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff --- 9.8.0a1 released ---
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2982. [bug] Reference count dst keys. dst_key_attach() can be used
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence increment the reference count.
ec7493d8d1966a3dc5f5306fc0a96519e0de6dceAndreas Gustafsson Note: dns_tsigkey_createfromkey() callers should now
ec7493d8d1966a3dc5f5306fc0a96519e0de6dceAndreas Gustafsson always call dst_key_free() rather than setting it
ec7493d8d1966a3dc5f5306fc0a96519e0de6dceAndreas Gustafsson to NULL on success. [RT #22672]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2980. [bug] named didn't properly handle UPDATES that changed the
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence TTL of the NSEC3PARAM RRset. [RT #22363]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2979. [bug] named could deadlock during shutdown if two
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson "rndc stop" commands were issued at the same
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson time. [RT #22108]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2978. [port] hpux: look for <devpoll.h> [RT #21919]
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence2977. [bug] 'nsupdate -l' report if the session key is missing.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2976. [bug] named could die on exit after negotiating a GSS-TSIG
2e715dbdc263f859c01b57a9d733c1dfbf28b90eBob Halley key. [RT #22573]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson wrong lock which could lead to server deadlock.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2974. [bug] Some valid UPDATE requests could fail due to a
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff consistency check examining the existing version
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence of the zone rather than the new version resulting
47b7dfffe5d806c6a5e99ef17f07bcde812c2132Francis Dupont from the UPDATE. [RT #22413]
2e715dbdc263f859c01b57a9d733c1dfbf28b90eBob Halley2973. [bug] bind.keys.h was being removed by the "make clean"
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson at the end of configure resulting in build failures
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff where there is very old version of perl installed.
2e715dbdc263f859c01b57a9d733c1dfbf28b90eBob Halley Move it to "make maintainer-clean". [RT #22230]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2972. [bug] win32: address windows socket errors. [RT #21906]
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence2971. [bug] Fixed a bug that caused journal files not to be
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson compacted on Windows systems as a result of
2e715dbdc263f859c01b57a9d733c1dfbf28b90eBob Halley non-POSIX-compliant rename() semantics. [RT #22434]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2970. [security] Adding a NO DATA negative cache entry failed to clear
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson any matching RRSIG records. A subsequent lookup of
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson of NO DATA cache entry could trigger a INSIST when the
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson unexpected RRSIG was also returned with the NO DATA
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson CVE-2010-3613, VU#706148. [RT #22288]
ec7493d8d1966a3dc5f5306fc0a96519e0de6dceAndreas Gustafsson2969. [security] Fix acl type processing so that allow-query works
ec7493d8d1966a3dc5f5306fc0a96519e0de6dceAndreas Gustafsson in options and view statements. Also add a new
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence set of tests to verify proper functioning.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson CVE-2010-3615, VU#510208. [RT #22418]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2968. [security] Named could fail to prove a data set was insecure
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson before marking it as insecure. One set of conditions
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson that can trigger this occurs naturally when rolling
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson DNSKEY algorithms.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson CVE-2010-3614, VU#837744. [RT #22309]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2967. [bug] 'host -D' now turns on debugging messages earlier.
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson2966. [bug] isc_print_vsnprintf() failed to check if there was
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson space available in the buffer when adding a left
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson justified character with a non zero width,
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson (e.g. "%-1c"). [RT #22270]
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson2965. [func] Test HMAC functions using test data from RFC 2104 and
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson RFC 4634. [RT #21702]
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson2964. [placeholder]
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson2963. [security] The allow-query acl was being applied instead of the
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson allow-query-cache acl to cache lookups. [RT #22114]
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson2962. [port] win32: add more dependencies to BINDBuild.dsw.
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews2961. [bug] Be still more selective about the non-authoritative
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews answers we apply change 2748 to. [RT #22074]
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews2960. [func] Check that named accepts non-authoritative answers.
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews2959. [func] Check that named starts with a missing masterfile.
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews2958. [bug] named failed to start with a missing master file.
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews2957. [bug] entropy_get() and entropy_getpseudo() failed to match
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews the API for RAND_bytes() and RAND_pseudo_bytes()
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews respectively. [RT #21962]
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews2956. [port] Enable atomic operations on the PowerPC64. [RT #21899]
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews2955. [func] Provide more detail in the recursing log. [RT #22043]
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews build_sqldbinstance failure. [RT #21623]
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews2953. [bug] Silence spurious "expected covering NSEC3, got an
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews exact match" message when returning a wildcard
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews no data response. [RT #21744]
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews2952. [port] win32: named-checkzone and named-checkconf failed
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Hunt to initialise winsock. [RT #21932]
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews2951. [bug] named failed to generate a correct signed response
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews in a optout, delegation only zone with no secure
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews delegations. [RT #22007]
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews2950. [bug] named failed to perform a SOA up to date check when
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews falling back to TCP on UDP timeouts when
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews ixfr-from-differences was set. [RT #21595]
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews2949. [bug] dns_view_setnewzones() contained a memory leak if
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews it was called multiple times. [RT #21942]
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews2948. [port] MacOS: provide a mechanism to configure the test
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews interfaces at reboot. See bin/tests/system/README
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews for details.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2947. [placeholder]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2946. [doc] Document the default values for the minimum and maximum
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson zone refresh and retry values in the ARM. [RT #21886]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2945. [doc] Update empty-zones list in ARM. [RT #21772]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2944. [maint] Remove ORCHID prefix from built in empty zones.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2943. [func] Add support to load new keys into managed zones
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson without signing immediately with "rndc loadkeys".
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson Add support to link keys with "dnssec-keygen -S"
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson and "dnssec-settime -S". [RT #21351]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2942. [contrib] zone2sqlite failed to setup the entropy sources.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2941. [bug] sdb and sdlz (dlz's zone database) failed to support
11c7a43642def4aaa2bed001ff018a0bb0b65c29Danny Mayer DNAME at the zone apex. [RT #21610]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence2940. [port] Remove connection aborted error message on
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson Windows. [RT #21549]
d76ed813a51465e5c47d521ab09ea20c06f1428dMark Andrews2939. [func] Check that named successfully skips NSEC3 records
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson that fail to match the NSEC3PARAM record currently
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson in use. [RT# 21868]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2938. [bug] When generating signed responses, from a signed zone
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson that uses NSEC3, named would use a uninitialised
84f0bd3bc7ac72289cc0dfedd3d17872ad1169feEvan Hunt pointer if it needed to skip a NSEC3 record because
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson it didn't match the selected NSEC3PARAM record for
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence zone. [RT# 21868]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2937. [bug] Worked around an apparent race condition in over
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence memory conditions. Without this fix a DNS cache DB or
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson ADB could incorrectly stay in an over memory state,
c801dd02ed98321f3ccab93c159a1dce61961c58Bob Halley effectively refusing further caching, which
c801dd02ed98321f3ccab93c159a1dce61961c58Bob Halley subsequently made a BIND 9 caching server unworkable.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson This fix prevents this problem from happening by
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson polling the state of the memory context, rather than
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson making a copy of the state, which appeared to cause
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson a race. This is a "workaround" in that it doesn't
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson solve the possible race per se, but several experiments
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson proved this change solves the symptom. Also, the
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson polling overhead hasn't been reported to be an issue.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson This bug should only affect a caching server that
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence specifies a finite max-cache-size. It's also quite
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence likely that the bug happens only when enabling threads,
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence but it's not confirmed yet. [RT #21818]
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews2936. [func] Improved configuration syntax and multiple-view
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews support for addzone/delzone feature (see change
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews #2930). Removed "new-zone-file" option, replaced
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson with "allow-new-zones (yes|no)". The new-zone-file
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson for each view is now created automatically, with
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson a filename generated from a hash of the view name.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson It is no longer necessary to "include" the
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson new-zone-file in named.conf; this happens
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson automatically. Zones that were not added via
806c235ecf533b98d068b3f8df9d7abbe1e30cf9Mark Andrews "rndc addzone" can no longer be removed with
806c235ecf533b98d068b3f8df9d7abbe1e30cf9Mark Andrews "rndc delzone". [RT #19447]
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence2935. [bug] nsupdate: improve 'file not found' error message.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2933. [bug] 'dig +nsid' used stack memory after it went out of
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson scope. This could potentially result in a unknown,
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence potentially malformed, EDNS option being sent instead
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson of the desired NSID option. [RT #21781]
c801dd02ed98321f3ccab93c159a1dce61961c58Bob Halley2932. [cleanup] Corrected a numbering error in the "dnssec" test.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2931. [bug] Temporarily and partially disable change 2864
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson because it would cause infinite attempts of RRSIG
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson queries. This is an urgent care fix; we'll
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence revisit the issue and complete the fix later.
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews2930. [experimental] New "rndc addzone" and "rndc delzone" commads
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews allow dynamic addition and deletion of zones.
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews To enable this feature, specify a "new-zone-file"
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson option at the view or options level in named.conf.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson Zone configuration information for the new zones
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson will be written into that file. To make the new
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson zones persist after a restart, "include" the file
c801dd02ed98321f3ccab93c159a1dce61961c58Bob Halley into named.conf in the appropriate view. (Note:
c801dd02ed98321f3ccab93c159a1dce61961c58Bob Halley This feature is not yet documented, and its syntax
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff is expected to change.) [RT #19447]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2929. [bug] Improved handling of GSS security contexts:
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson - added LRU expiration for generated TSIGs
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson - added the ability to use a non-default realm
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence - added new "realm" keyword in nsupdate
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence - limited lifetime of generated keys to 1 hour
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence or the lifetime of the context (whichever is
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson2928. [bug] Be more selective about the non-authoritative
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson answer we apply change 2748 to. [RT #21594]
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson2927. [placeholder]
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Hunt2926. [placeholder]
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Hunt2925. [bug] Named failed to accept uncachable negative responses
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Hunt from insecure zones. [RT# 21555]
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Hunt2924. [func] 'rndc secroots' dump a combined summary of the
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Hunt current managed keys combined with trusted keys.
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2923. [bug] 'dig +trace' could drop core after "connection
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence timeout". [RT #21514]
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Hunt2922. [contrib] Update zkt to version 1.0.
d788d738e3d29037651b42566519c9a0a66ba219Mark Andrews2921. [bug] The resolver could attempt to destroy a fetch context
d788d738e3d29037651b42566519c9a0a66ba219Mark Andrews too soon. [RT #19878]
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews to IPv4 clients. New acl 'filter-aaaa' (default any).
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews2917. [func] Virtual time test framework. [RT #20801]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2916. [func] Add framework to use IPv6 in tests.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson2915. [cleanup] Be smarter about which objects we attempt to compile
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson based on configure options. [RT #21444]
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson2914. [bug] Make the "autosign" system test more portable.
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson2913. [func] Add pkcs#11 system tests. [RT #20784]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2912. [func] Windows clients don't like UPDATE responses that clear
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence the zone section. [RT #20986]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2911. [bug] dnssec-signzone didn't handle out of zone records well.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2910. [func] Sanity check Kerberos credentials. [RT #20986]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2909. [bug] named-checkconf -p could die if "update-policy local;"
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson was specified in named.conf. [RT #21416]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2908. [bug] It was possible for re-signing to stop after removing
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff a DNSKEY. [RT #21384]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2907. [bug] The export version of libdns had undefined references.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence2906. [bug] Address RFC 5011 implementation issues. [RT #20903]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2905. [port] aix: set use_atomic=yes with native compiler.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2904. [bug] When using DLV, sub-zones of the zones in the DLV,
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson could be incorrectly marked as insecure instead of
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson secure leading to negative proofs failing. This was
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson a unintended outcome from change 2890. [RT# 21392]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2903. [bug] managed-keys-directory missing from namedconf.c.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2902. [func] Add regression test for change 2897. [RT #21040]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2900. [bug] The placeholder negative caching element was not
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson properly constructed triggering a INSIST in
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson dns_ncache_towire(). [RT #21346]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2899. [port] win32: Support linking against OpenSSL 1.0.0.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2898. [bug] nslookup leaked memory when -domain=value was
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson specified. [RT #21301]
c801dd02ed98321f3ccab93c159a1dce61961c58Bob Halley2897. [bug] NSEC3 chains could be left behind when transitioning
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson to insecure. [RT #21040]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2896. [bug] "rndc sign" failed to properly update the zone
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff when adding a DNSKEY for publication only. [RT #21045]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2895. [func] genrandom: add support for the generation of multiple
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson files. [RT #20917]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2893. [bug] Improve managed keys support. New named.conf option
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson managed-keys-directory. [RT #20924]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2892. [bug] Handle REVOKED keys better. [RT #20961]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2891. [maint] Update empty-zones list to match
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2890. [bug] Handle the introduction of new trusted-keys and
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson DS, DLV RRsets better. [RT #21097]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2889. [bug] Elements of the grammar where not properly reported.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2888. [bug] Only the first EDNS option was displayed. [RT #21273]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2887. [bug] Report the keytag times in UTC in the .key file,
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson local time is presented as a comment within the
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson comment. [RT #21223]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2886. [bug] ctime() is not thread safe. [RT #21223]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2885. [bug] Improve -fno-strict-aliasing support probing in
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff configure. [RT #21080]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2884. [bug] Insufficient validation in dns_name_getlabelsequence().
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence2883. [bug] 'dig +short' failed to handle really large datasets.
c801dd02ed98321f3ccab93c159a1dce61961c58Bob Halley2882. [bug] Remove memory context from list of active contexts
c801dd02ed98321f3ccab93c159a1dce61961c58Bob Halley before clearing 'magic'. [RT #21274]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2881. [bug] Reduce the amount of time the rbtdb write lock
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson is held when closing a version. [RT #21198]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson consistent. [RT #21078]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2878. [func] Incrementally write the master file after performing
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson a AXFR. [RT #21010]
bfe313722d5b2eff6c80336ed1f19c2f99a53de6Andreas Gustafsson2877. [bug] The validator failed to skip obviously mismatching
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff RRSIGs. [RT #21138]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2876. [bug] Named could return SERVFAIL for negative responses
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff from unsigned zones. [RT #21131]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2875. [bug] dns_time64_fromtext() could accept non digits.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2874. [bug] Cache lack of EDNS support only after the server
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson successfully responds to the query using plain DNS.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2873. [bug] Cancelling a dynamic update via the dns/client module
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson could trigger an assertion failure. [RT #21133]
421551db8a61283420b0b6aed4ac28f9d76b9770Andreas Gustafsson2872. [bug] Modify dns/client.c:dns_client_createx() to only
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence require one of IPv4 or IPv6 rather than both.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence2871. [bug] Type mismatch in mem_api.c between the definition and
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson the header file, causing build failure with
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson --enable-exportlib. [RT #21138]
421551db8a61283420b0b6aed4ac28f9d76b9770Andreas Gustafsson2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
421551db8a61283420b0b6aed4ac28f9d76b9770Andreas Gustafsson2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
421551db8a61283420b0b6aed4ac28f9d76b9770Andreas Gustafsson2868. [cleanup] Run "make clean" at the end of configure to ensure
421551db8a61283420b0b6aed4ac28f9d76b9770Andreas Gustafsson any changes made by configure are integrated.
421551db8a61283420b0b6aed4ac28f9d76b9770Andreas Gustafsson Use --with-make-clean=no to disable. [RT #20994]
421551db8a61283420b0b6aed4ac28f9d76b9770Andreas Gustafsson2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
421551db8a61283420b0b6aed4ac28f9d76b9770Andreas Gustafsson don't like it. [RT #20986]
421551db8a61283420b0b6aed4ac28f9d76b9770Andreas Gustafsson2866. [bug] Windows does not like the TSIG name being compressed.
421551db8a61283420b0b6aed4ac28f9d76b9770Andreas Gustafsson2865. [bug] memset to zero event.data. [RT #20986]
421551db8a61283420b0b6aed4ac28f9d76b9770Andreas Gustafsson2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
421551db8a61283420b0b6aed4ac28f9d76b9770Andreas Gustafsson2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
421551db8a61283420b0b6aed4ac28f9d76b9770Andreas Gustafsson2862. [bug] nsupdate didn't default to the parent zone when
421551db8a61283420b0b6aed4ac28f9d76b9770Andreas Gustafsson updating DS records. [RT #20896]
bed7a352934efc8055902d83c750dca2d0cd6aaaAndreas Gustafsson2861. [doc] dnssec-settime man pages didn't correctly document the
bed7a352934efc8055902d83c750dca2d0cd6aaaAndreas Gustafsson inactivation time. [RT #21039]
bed7a352934efc8055902d83c750dca2d0cd6aaaAndreas Gustafsson2860. [bug] named-checkconf's usage was out of date. [RT #21039]
bed7a352934efc8055902d83c750dca2d0cd6aaaAndreas Gustafsson2859. [bug] When cancelling validation it was possible to leak
bed7a352934efc8055902d83c750dca2d0cd6aaaAndreas Gustafsson memory. [RT #20800]
bed7a352934efc8055902d83c750dca2d0cd6aaaAndreas Gustafsson2858. [bug] RTT estimates were not being adjusted on ICMP errors.
421551db8a61283420b0b6aed4ac28f9d76b9770Andreas Gustafsson2857. [bug] named-checkconf did not fail on a bad trusted key.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence2856. [bug] The size of a memory allocation was not always properly
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson recorded. [RT #20927]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2855. [func] nsupdate will now preserve the entered case of domain
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson names in update requests it sends. [RT #20928]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2854. [func] dig: allow the final soa record in a axfr response to
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence be suppressed, dig +onesoa. [RT #20929]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2851. [doc] nslookup.1, removed <informalexample> from the docbook
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson source as it produced bad nroff. [RT #21007]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2850. [bug] If isc_heap_insert() failed due to memory shortage
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence the heap would have corrupted entries. [RT #20951]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2849. [bug] Don't treat errors from the xml2 library as fatal.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2848. [doc] Moved README.dnssec, README.libdns, README.pkcs11 and
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson README.rfc5011 into the ARM. [RT #20899]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2846. [bug] EOF on unix domain sockets was not being handled
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff correctly. [RT #20731]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2845. [bug] RFC 5011 client could crash on shutdown. [RT #20903]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2844. [doc] notify-delay default in ARM was wrong. It should have
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson been five (5) seconds.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2843. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson creating key files if there is a chance that the new
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson key ID will collide with an existing one after
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson either of the keys has been revoked. (To override
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence this in the case of dnssec-keyfromlabel, use the -y
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson option. dnssec-keygen will simply create a
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson different, non-colliding key, so an override is
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson not necessary.) [RT #20838]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2842. [func] Added "smartsign" and improved "autosign" and
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence "dnssec" regression tests. [RT #20865]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2841. [bug] Change 2836 was not complete. [RT #20883]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2840. [bug] Temporary fixed pkcs11-destroy usage check.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2839. [bug] A KSK revoked by named could not be deleted.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2838. [placeholder]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2837. [port] Prevent Linux spurious warnings about fwrite().
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2836. [bug] Keys that were scheduled to become active could
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff be delayed. [RT #20874]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2835. [bug] Key inactivity dates were inadvertently stored in
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence the private key file with the outdated tag
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence "Unpublish" rather than "Inactive". This has been
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence fixed; however, any existing keys that had Inactive
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence dates set will now need to have them reset, using
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence 'dnssec-settime -I'. [RT #20868]
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence2834. [bug] HMAC-SHA* keys that were longer than the algorithm
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson digest length were used incorrectly, leading to
c0d0a59d1b665423b8a0d1829d0f0da121cb3473Andreas Gustafsson interoperability problems with other DNS
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence implementations. This has been corrected.
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence (Note: If an oversize key is in use, and
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson compatibility is needed with an older release of
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence BIND, the new tool "isc-hmac-fixup" can convert
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff the key secret to a form that will work with all
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson versions.) [RT #20751]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime.
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson to avoid redefinition in some OSs [RT 20831]
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2831. [security] Do not attempt to validate or cache
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson out-of-bailiwick data returned with a secure
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson answer; it must be re-fetched from its original
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson source and validated in that context. [RT #20819]
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2830. [bug] Changing the OPTOUT setting could take multiple
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson passes. [RT #20813]
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2829. [bug] Fixed potential node inconsistency in rbtdb.c.
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2828. [security] Cached CNAME or DNAME RR could be returned to clients
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson without DNSSEC validation. [RT #20737]
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2826. [bug] NSEC3->NSEC transitions could fail due to a lock not
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson being released. [RT #20740]
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson was in the process of being created was not properly
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson recorded in the zone. [RT #20786]
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2824. [bug] "rndc sign" was not being run by the correct task.
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2822. [bug] rbtdb.c:loadnode() could return the wrong result.
e694d4e2016c0ab1f3c2bbe493c45379770e830dDavid Lawrence2821. [doc] Add note that named-checkconf doesn't automatically
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2820. [func] Handle read access failure of OpenSSL configuration
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson file more user friendly (PKCS#11 engine patch).
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define.
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2818. [cleanup] rndc could return an incorrect error code
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson when a zone was not found. [RT #20767]
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2816. [bug] previous_closest_nsec() could fail to return
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews data for NSEC3 nodes [RT #29730]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2815. [bug] Exclusively lock the task when freezing a zone.
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2814. [func] Provide a definitive error message when a master
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson zone is not loaded. [RT #20757]
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2813. [bug] Better handling of unreadable DNSSEC key files.
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2812. [bug] Make sure updates can't result in a zone with
692ae2fff922f1c072169d1ddda8e600cb572a9bMark Andrews NSEC-only keys and NSEC3 records. [RT 20748]
692ae2fff922f1c072169d1ddda8e600cb572a9bMark Andrews2811. [cleanup] Add "rndc sign" to list of commands in rndc usage
692ae2fff922f1c072169d1ddda8e600cb572a9bMark Andrews output. [RT #20733]
692ae2fff922f1c072169d1ddda8e600cb572a9bMark Andrews2810. [doc] Clarified the process of transitioning an NSEC3 zone
692ae2fff922f1c072169d1ddda8e600cb572a9bMark Andrews to insecure. [RT #20746]
692ae2fff922f1c072169d1ddda8e600cb572a9bMark Andrews2809. [cleanup] Restored accidentally-deleted text in usage output
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson in dnssec-settime and dnssec-revoke [RT #20739]
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2808. [bug] Remove the attempt to install atomic.h from lib/isc.
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson atomic.h is correctly installed by the architecture
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson specific subdirectories. [RT #20722]
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2807. [bug] Fixed a possible ASSERT when reconfiguring zone
674f1cfb1d7dfa92e52db950dbe80e60ef8f5cddBrian Wellington keys. [RT #20720]
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson --- 9.7.0rc1 released ---
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2806. [bug] "rdnc sign" could delay re-signing the DNSKEY
674f1cfb1d7dfa92e52db950dbe80e60ef8f5cddBrian Wellington when it had changed. [RT #20703]
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson2805. [bug] Fixed namespace problems encountered when building
4100ae5109c69d8269a8fa626f217a15a633cd7fMark Andrews external programs using non-exported BIND9 libraries
4100ae5109c69d8269a8fa626f217a15a633cd7fMark Andrews (i.e., built without --enable-exportlib). [RT #20679]
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson2804. [bug] Send notifies when a zone is signed with "rndc sign"
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson or as a result of a scheduled key change. [RT #20700]
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2803. [port] win32: Install named-journalprint, nsec3hash, arpaname
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson and genrandom under windows. [RT #20670]
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2802. [cleanup] Rename journalprint to named-journalprint. [RT #20670]
123a3dddc94534d3a6c6f81c118a5b63dc5994c3Andreas Gustafsson2801. [func] Detect and report records that are different according
123a3dddc94534d3a6c6f81c118a5b63dc5994c3Andreas Gustafsson to DNSSEC but are semantically equal according to plain
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson DNS. Apply plain DNS comparisons rather than DNSSEC
a76b380643a22f23a67a9df284e86cd7ef7608c1Mark Andrews comparisons when processing UPDATE requests.
a76b380643a22f23a67a9df284e86cd7ef7608c1Mark Andrews dnssec-signzone now removes such semantically duplicate
a76b380643a22f23a67a9df284e86cd7ef7608c1Mark Andrews records prior to signing the RRset.
a76b380643a22f23a67a9df284e86cd7ef7608c1Mark Andrews named-checkzone -r {ignore|warn|fail} (default warn)
a76b380643a22f23a67a9df284e86cd7ef7608c1Mark Andrews named-compilezone -r {ignore|warn|fail} (default warn)
a76b380643a22f23a67a9df284e86cd7ef7608c1Mark Andrews named.conf: check-dup-records {ignore|warn|fail};
e482a1c91ecb5e47bc26617bf310d6b5c41fad91Andreas Gustafsson2800. [func] Reject zones which have NS records which refer to
674f1cfb1d7dfa92e52db950dbe80e60ef8f5cddBrian Wellington CNAMEs, DNAMEs or don't have address record (class IN
674f1cfb1d7dfa92e52db950dbe80e60ef8f5cddBrian Wellington only). Reject UPDATEs which would cause the zone
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson to fail the above checks if committed. [RT #20678]
674f1cfb1d7dfa92e52db950dbe80e60ef8f5cddBrian Wellington2799. [cleanup] Changed the "secure-to-insecure" option to
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson "dnssec-secure-to-insecure", and "dnskey-ksk-only"
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2798. [bug] Addressed bugs in managed-keys initialization
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson and rollover. [RT #20683]
674f1cfb1d7dfa92e52db950dbe80e60ef8f5cddBrian Wellington2797. [bug] Don't decrement the dispatch manager's maxbuffers.
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson2796. [bug] Missing dns_rdataset_disassociate() call in
593cb00bd17e5e2ab0dcb7c635a9a81082dc5d0eAndreas Gustafsson dns_nsec3_delnsec3sx(). [RT #20681]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2795. [cleanup] Add text to differentiate "update with no effect"
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews log messages. [RT #18889]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2794. [bug] Install <isc/namespace.h>. [RT #20677]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2793. [func] Add "autosign" and "metadata" tests to the
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews automatic tests. [RT #19946]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2792. [func] "filter-aaaa-on-v4" can now be set in view
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews options (if compiled in). [RT #20635]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2791. [bug] The installation of isc-config.sh was broken.
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2790. [bug] Handle DS queries to stub zones. [RT #20440]
67dc2f0536bcbbfa0970eb2893dcbc1c6713fad4Mark Andrews2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2788. [bug] dnssec-signzone could sign with keys that were
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews not requested [RT #20625]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2787. [bug] Spurious log message when zone keys were
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews dynamically reconfigured. [RT #20659]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2786. [bug] Additional could be promoted to answer. [RT #20663]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews --- 9.7.0b3 released ---
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2785. [bug] Revoked keys could fail to self-sign [RT #20652]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2784. [bug] TC was not always being set when required glue was
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews dropped. [RT #20655]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews buffer size of 512 or less. [RT #20654]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2782. [port] win32: use getaddrinfo() for hostname lookups.
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2781. [bug] Inactive keys could be used for signing. [RT #20649]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2780. [bug] dnssec-keygen -A none didn't properly unset the
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews activation date in all cases. [RT #20648]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2779. [bug] Dynamic key revocation could fail. [RT #20644]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2778. [bug] dnssec-signzone could fail when a key was revoked
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews without deleting the unrevoked version. [RT #20638]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2776. [bug] Change #2762 was not correct. [RT #20647]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2775. [bug] Accept RSASHA256 and RSASHA512 as NSEC3 compatible
203629e729b756601646c639c0dbfb267030a617Mark Andrews in dnssec-keyfromlabel. [RT #20643]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2774. [bug] Existing cache DB wasn't being reused after
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews reconfiguration. [RT #20629]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2773. [bug] In autosigned zones, the SOA could be signed
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews with the KSK. [RT #20628]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2772. [security] When validating, track whether pending data was from
203629e729b756601646c639c0dbfb267030a617Mark Andrews the additional section or not and only return it if
203629e729b756601646c639c0dbfb267030a617Mark Andrews validates as secure. [RT #20438]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2771. [bug] dnssec-signzone: DNSKEY records could be
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews corrupted when importing from key files [RT #20624]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2770. [cleanup] Add log messages to resolver.c to indicate events
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews causing FORMERR responses. [RT #20526]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2769. [cleanup] Change #2742 was incomplete. [RT #19589]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2767. [bug] named could crash on startup if a zone was
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews configured with auto-dnssec and there was no
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews key-directory. [RT #20615]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2766. [bug] isc_socket_fdwatchpoke() should only update the
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews socketmgr state if the socket is not pending on a
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews read or write. [RT #20603]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2765. [bug] Skip masters for which the TSIG key cannot be found.
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2764. [bug] "rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2763. [bug] "rndc sign" didn't create an NSEC chain. [RT #20591]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2762. [bug] DLV validation failed with a local slave DLV zone.
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2761. [cleanup] Enable internal symbol table for backtrace only for
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews systems that are known to work. Currently, BSD
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews variants, Linux and Solaris are supported. [RT# 20202]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2759. [doc] Add information about .jbk/.jnw files to
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews the ARM. [RT #20303]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2758. [bug] win32: Added a workaround for a windows 2008 bug
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews that could cause the UDP client handler to shut
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews down. [RT #19176]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2757. [bug] dig: assertion failure could occur in connect
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews timeout. [RT #20599]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2755. [placeholder]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2754. [bug] Secure-to-insecure transitions failed when zone
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews was signed with NSEC3. [RT #20587]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2753. [bug] Removed an unnecessary warning that could appear when
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews building an NSEC chain. [RT #20589]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2752. [bug] Locking violation. [RT #20587]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2751. [bug] Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2750. [bug] dig: assertion failure could occur when a server
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews didn't have an address. [RT #20579]
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Hunt2749. [bug] ixfr-from-differences generated a non-minimal ixfr
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews for NSEC3 signed zones. [RT #20452]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2748. [func] Identify bad answers from GTLD servers and treat them
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews as referrals. [RT #18884]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2747. [bug] Journal roll forwards failed to set the re-signing
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews time of RRSIGs correctly. [RT #20541]
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews2746. [port] hpux: address signed/unsigned expansion mismatch of
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2745. [bug] configure script didn't probe the return type of
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews gai_strerror(3) correctly. [RT #20573]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2744. [func] Log if a query was over TCP. [RT #19961]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
7829fad4093f2c1985b1efb7cea00287ff015d2bckb for a insecure delegation.
c9611b45736af157e2993c6ef852e55e8e24ca83Evan Hunt --- 9.7.0b2 released ---
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2742. [cleanup] Clarify some DNSSEC-related log messages in
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2741. [func] Allow the dnssec-keygen progress messages to be
7829fad4093f2c1985b1efb7cea00287ff015d2bckb suppressed (dnssec-keygen -q). Automatically
7829fad4093f2c1985b1efb7cea00287ff015d2bckb suppress the progress messages when stdin is not
7829fad4093f2c1985b1efb7cea00287ff015d2bckb a tty. [RT #20474]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2740. [placeholder]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2739. [cleanup] Clean up API for initializing and clearing trust
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson anchors for a view. [RT #20211]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson test. [RT #20453]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2737. [func] UPDATE requests can leak existence information.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2736. [func] Improve the performance of NSEC signed zones with
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson more than a normal amount of glue below a delegation.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2735. [bug] dnssec-signzone could fail to read keys
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews that were specified on the command line with
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews full paths, but weren't in the current
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews directory. [RT #20421]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2734. [port] cygwin: arpaname did not compile. [RT #20473]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2733. [cleanup] Clean up coding style in pkcs11-* tools. [RT #20355]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2732. [func] Add optional filter-aaaa-on-v4 option, available
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews if built with './configure --enable-filter-aaaa'.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews Filters out AAAA answers to clients connecting
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews via IPv4. (This is NOT recommended for general
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews use.) [RT #20339]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2731. [func] Additional work on change 2709. The key parser
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews will now ignore unrecognized fields when the
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews minor version number of the private key format
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews has been increased. It will reject any key with
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews the major version number increased. [RT #20310]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2730. [func] Have dnssec-keygen display a progress indication
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews a la 'openssl genrsa' on standard error. Note
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews when the first '.' is followed by a long stop
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews one has the choice between slow generation vs.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2729. [func] When constructing a CNAME from a DNAME use the DNAME
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews TTL. [RT #20451]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2728. [bug] dnssec-keygen, dnssec-keyfromlabel and
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews dnssec-signzone now warn immediately if asked to
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews write into a nonexistent directory. [RT #20278]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2727. [func] The 'key-directory' option can now specify a relative
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews path. [RT #20154]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2726. [func] Added support for SHA-2 DNSSEC algorithms,
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews RSASHA256 and RSASHA512. [RT #20023]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2725. [doc] Added information about the file "managed-keys.bind"
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews to the ARM. [RT #20235]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2724. [bug] Updates to a existing node in secure zone using NSEC
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews were failing. [RT #20448]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2723. [bug] isc_base32_totext(), isc_base32hex_totext(), and
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews isc_base64_totext(), didn't always mark regions of
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews memory as fully consumed after conversion. [RT #20445]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2722. [bug] Ensure that the memory associated with the name of
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews a node in a rbt tree is not altered during the life
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews of the node. [RT #20431]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2721. [port] Have dst__entropy_status() prime the random number
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews generator. [RT #20369]
ed03e26c44347ec20aff6608de6082e3594d95fbMark Andrews2720. [bug] RFC 5011 trust anchor updates could trigger an
e672951ed28b2e9cc7a19c3d7fa4a258382f981cAutomatic Updater assert if the DNSKEY record was unsigned. [RT #20406]
ed03e26c44347ec20aff6608de6082e3594d95fbMark Andrews2719. [func] Skip trusted/managed keys for unsupported algorithms.
ed03e26c44347ec20aff6608de6082e3594d95fbMark Andrews2718. [bug] The space calculations in opensslrsa_todns() were
a76b380643a22f23a67a9df284e86cd7ef7608c1Mark Andrews incorrect. [RT #20394]
ed03e26c44347ec20aff6608de6082e3594d95fbMark Andrews2717. [bug] named failed to update the NSEC/NSEC3 record when
ed03e26c44347ec20aff6608de6082e3594d95fbMark Andrews the last private type record was removed as a result
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews of completing the signing the zone with a key.
fcb54ce0a4f7377486df5bec83b3aa4711bf4131Mark Andrews2716. [bug] nslookup debug mode didn't return the ttl. [RT #20414]
fcb54ce0a4f7377486df5bec83b3aa4711bf4131Mark Andrews --- 9.7.0b1 released ---
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2715. [bug] Require OpenSSL support to be explicitly disabled.
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2713. [bug] powerpc: atomic operations missing asm("ics") /
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt __isync() calls.
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt2712. [func] New 'auto-dnssec' zone option allows zone signing
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt to be fully automated in zones configured for
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt dynamic DNS. 'auto-dnssec allow;' permits a zone
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt to be signed by creating keys for it in the
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt key-directory and using 'rndc sign <zone>'.
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt 'auto-dnssec maintain;' allows that too, plus it
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt also keeps the zone's DNSSEC keys up to date
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt according to their timing metadata. [RT #19943]
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt2711. [port] win32: Add the bin/pkcs11 tools into the full
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews build. [RT #20372]
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only'
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt zone option cause a zone to be signed with only KSKs
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt signing the DNSKEY RRset, not ZSKs. This reduces
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt the size of a DNSKEY answer. [RT #20340]
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt2709. [func] Added some data fields, currently unused, to the
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt private key file format, to allow implementation
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt of explicit key rollover in a future release
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt without impairing backward or forward compatibility.
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt2708. [func] Insecure to secure and NSEC3 parameter changes via
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt update are now fully supported and no longer require
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt defines to enable. We now no longer overload the
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt NSEC3PARAM flag field, nor the NSEC OPT bit at the
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt apex. Secure to insecure changes are controlled by
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt by the named.conf option 'secure-to-insecure'.
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt Warning: If you had previously enabled support by
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt adding defines at compile time to BIND 9.6 you should
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt ensure that all changes that are in progress have
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt completed prior to upgrading to BIND 9.7. BIND 9.7
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt is not backwards compatible.
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt2707. [func] dnssec-keyfromlabel no longer require engine name
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt to be specified in the label if there is a default
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt engine or the -E option has been used. Also, it
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt now uses default algorithms as dnssec-keygen does
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews (i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2706. [bug] Loading a zone with a very large NSEC3 salt could
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews trigger an assert. [RT #20368]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2705. [placeholder]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2704. [bug] Serial of dynamic and stub zones could be inconsistent
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews with their SOA serial. [RT #19387]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2703. [func] Introduce an OpenSSL "engine" argument with -E
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews for all binaries which can take benefit of
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews crypto hardware. [RT #20230]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2701. [doc] Correction to ARM: hmac-md5 is no longer the only
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews supported TSIG key algorithm. [RT #18046]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2700. [doc] The match-mapped-addresses option is discouraged.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2699. [bug] Missing lock in rbtdb.c. [RT #20037]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2698. [placeholder]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson S_IFREG are defined after including <isc/stat.h>.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2696. [bug] named failed to successfully process some valid
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews acl constructs. [RT #20308]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2695. [func] DHCP/DDNS - update fdwatch code for use by
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews DHCP. Modify the api to isc_sockfdwatch_t (the
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews callback functon for isc_socket_fdwatchcreate)
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews to include information about the direction (read
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews or write) and add isc_socket_fdwatchpoke.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2694. [bug] Reduce default NSEC3 iterations from 100 to 10.
4e681da26da4fff442b3ae24b0da2de1f240c43cMark Andrews2693. [port] Add some noreturn attributes. [RT #20257]
4e681da26da4fff442b3ae24b0da2de1f240c43cMark Andrews2692. [port] win32: 32/64 bit cleanups. [RT #20335]
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews chain when re-signing a previously-signed zone.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews Use -u to modify NSEC3 parameters or switch
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews between NSEC and NSEC3. [RT #20304]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2690. [bug] win32: fix isc_thread_key_getspecific() prototype.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2689. [bug] Correctly handle snprintf result. [RT #20306]
b7e6fb4e8464ceb4a62a8c00e3127da3c2839329Mark Andrews2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
fcb54ce0a4f7377486df5bec83b3aa4711bf4131Mark Andrews to decide to fetch the destination address. [RT #20305]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2687. [bug] Fixed dnssec-signzone -S handling of revoked keys.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews Also, added warnings when revoking a ZSK, as this is
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews not defined by protocol (but is legal). [RT #19943]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence2686. [bug] dnssec-signzone should clean the old NSEC chain when
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews signing with NSEC3 and vice versa. [RT #20301]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2684. [cleanup] dig: formalize +ad and +cd as synonyms for
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews +adflag and +cdflag. [RT #19305]
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews2683. [bug] dnssec-signzone should clean out old NSEC3 chains when
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson the NSEC3 parameters used to sign the zone change.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2682. [bug] "configure --enable-symtable=all" failed to
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews build. [RT #20282]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews decoded. [RT #20269]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2680. [func] Move contrib/pkcs11-keygen to bin/pkcs11. [RT #20067]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2679. [func] dig -k can now accept TSIG keys in named.conf
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews format. [RT #20031]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2678. [func] Treat DS queries as if "minimal-response yes;"
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews was set. [RT #20258]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2677. [func] Changes to key metadata behavior:
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews - Keys without "publish" or "active" dates set will
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt no longer be used for smart signing. However,
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt those dates will be set to "now" by default when
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt a key is created; to generate a key but not use
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt it yet, use dnssec-keygen -G.
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews - New "inactive" date (dnssec-keygen/settime -I)
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews sets the time when a key is no longer used for
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews signing but is still published.
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews - The "unpublished" date (-U) is deprecated in
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews favour of "deleted" (-D).
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2676. [bug] --with-export-installdir should have been
c9611b45736af157e2993c6ef852e55e8e24ca83Evan Hunt --with-export-includedir. [RT #20252]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2675. [bug] dnssec-signzone could crash if the key directory
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews did not exist. [RT #20232]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews --- 9.7.0a3 released ---
fcb54ce0a4f7377486df5bec83b3aa4711bf4131Mark Andrews2674. [bug] "dnssec-lookaside auto;" crashed if named was built
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews without openssl. [RT #20231]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2673. [bug] The managed-keys.bind zone file could fail to
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews load due to a spurious result from sync_keyzone()
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2672. [bug] Don't enable searching in 'host' when doing reverse
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews lookups. [RT #20218]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2671. [bug] Add support for PKCS#11 providers not returning
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews the public exponent in RSA private keys
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews (OpenCryptoki for instance) in
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews dnssec-keyfromlabel. [RT #19294]
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews2670. [bug] Unexpected connect failures failed to log enough
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews information to be useful. [RT #20205]
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews2669. [func] Update PKCS#11 support to support Keyper HSM.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews Update PKCS#11 patch to be against openssl-0.9.8i.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2668. [func] Several improvements to dnssec-* tools, including:
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews - dnssec-keygen and dnssec-settime can now set key
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff metadata fields 0 (to unset a value, use "none")
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews - dnssec-revoke sets the revocation date in
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews addition to the revoke bit
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews - dnssec-settime can now print individual metadata
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews fields instead of always printing all of them,
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews and can print them in unix epoch time format for
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews use by scripts
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2667. [func] Add support for logging stack backtrace on assertion
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews failure (not available for all platforms). [RT #19780]
fcb54ce0a4f7377486df5bec83b3aa4711bf4131Mark Andrews2666. [func] Added an 'options' argument to dns_name_fromstring()
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews (API change from 9.7.0a2). [RT #20196]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2665. [func] Clarify syntax for managed-keys {} statement, add
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews ARM documentation about RFC 5011 support. [RT #19874]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2664. [bug] create_keydata() and minimal_update() in zone.c
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews didn't properly check return values for some
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews functions. [RT #19956]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2663. [func] win32: allow named to run as a service using
7829fad4093f2c1985b1efb7cea00287ff015d2bckb "NT AUTHORITY\LocalService" as the account. [RT #19977]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews returned a misleading error code when lwresd was
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews down. [RT #20028]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2661. [bug] Check whether socket fd exceeds FD_SETSIZE when
8e6b386ab7e2d1bd8efedecbb8f4efb6b572a866Tinderbox User creating lwres context. [RT #20029]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2660. [func] Add a new set of DNS libraries for non-BIND9
7829fad4093f2c1985b1efb7cea00287ff015d2bckb applications. See README.libdns. [RT #19369]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2659. [doc] Clarify dnssec-keygen doc: key name must match zone
8e6b386ab7e2d1bd8efedecbb8f4efb6b572a866Tinderbox User name for DNSSEC keys. [RT #19938]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2658. [bug] dnssec-settime and dnssec-revoke didn't process
7829fad4093f2c1985b1efb7cea00287ff015d2bckb key file paths correctly. [RT #20078]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2657. [cleanup] Lower "journal file <path> does not exist, creating it"
7829fad4093f2c1985b1efb7cea00287ff015d2bckb log level to debug 1. [RT #20058]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2656. [func] win32: add a "tools only" check box to the installer
7829fad4093f2c1985b1efb7cea00287ff015d2bckb which causes it to only install dig, host, nslookup,
7829fad4093f2c1985b1efb7cea00287ff015d2bckb nsupdate and relevant DLLs. [RT #19998]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2655. [doc] Document that key-directory does not affect
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2654. [bug] Improve error reporting on duplicated names for
7829fad4093f2c1985b1efb7cea00287ff015d2bckb deny-answer-xxx. [RT #20164]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2653. [bug] Treat ENGINE_load_private_key() failures as key
7829fad4093f2c1985b1efb7cea00287ff015d2bckb not found rather than out of memory. [RT #18033]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2652. [func] Provide more detail about what record is being
7829fad4093f2c1985b1efb7cea00287ff015d2bckb deleted. [RT #20061]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2651. [bug] Dates could print incorrectly in K*.key files on
7829fad4093f2c1985b1efb7cea00287ff015d2bckb 64-bit systems. [RT #20076]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2650. [bug] Assertion failure in dnssec-signzone when trying
7829fad4093f2c1985b1efb7cea00287ff015d2bckb to read keyset-* files. [RT #20075]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2649. [bug] Set the domain for forward only zones. [RT #19944]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2647. [bug] Remove unnecessary SOA updates when a new KSK is
7829fad4093f2c1985b1efb7cea00287ff015d2bckb added. [RT #19913]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
7829fad4093f2c1985b1efb7cea00287ff015d2bckb which default to 64 bits. [RT #19927]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb --- 9.7.0a2 released ---
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2644. [bug] Change #2628 caused a regression on some systems;
7829fad4093f2c1985b1efb7cea00287ff015d2bckb named was unable to write the PID file and would
7829fad4093f2c1985b1efb7cea00287ff015d2bckb fail on startup. [RT #20001]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2643. [bug] Stub zones interacted badly with NSEC3 support.
7829fad4093f2c1985b1efb7cea00287ff015d2bckb [RT #19777]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2642. [bug] nsupdate could dump core on solaris when reading
7829fad4093f2c1985b1efb7cea00287ff015d2bckb improperly formatted key files. [RT #20015]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2641. [bug] Fixed an error in parsing update-policy syntax,
7829fad4093f2c1985b1efb7cea00287ff015d2bckb added a regression test to check it. [RT #20007]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2640. [security] A specially crafted update packet will cause named
7829fad4093f2c1985b1efb7cea00287ff015d2bckb to exit. [RT #20000]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2639. [bug] Silence compiler warnings in gssapi code. [RT #19954]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2638. [bug] Install arpaname. [RT #19957]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
7829fad4093f2c1985b1efb7cea00287ff015d2bckb [RT #19959]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2636. [func] Simplify zone signing and key maintenance with the
7829fad4093f2c1985b1efb7cea00287ff015d2bckb dnssec-* tools. Major changes:
7829fad4093f2c1985b1efb7cea00287ff015d2bckb - all dnssec-* tools now take a -K option to
7829fad4093f2c1985b1efb7cea00287ff015d2bckb specify a directory in which key files will be
7829fad4093f2c1985b1efb7cea00287ff015d2bckb - DNSSEC can now store metadata indicating when
7829fad4093f2c1985b1efb7cea00287ff015d2bckb they are scheduled to be published, activated,
7829fad4093f2c1985b1efb7cea00287ff015d2bckb revoked or removed; these values can be set by
7829fad4093f2c1985b1efb7cea00287ff015d2bckb dnssec-keygen or overwritten by the new
7829fad4093f2c1985b1efb7cea00287ff015d2bckb dnssec-settime command
7829fad4093f2c1985b1efb7cea00287ff015d2bckb - dnssec-signzone -S (for "smart") option reads key
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews metadata and uses it to determine automatically
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews which keys to publish to the zone, use for
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews signing, revoke, or remove from the zone
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2634. [port] win32: Add support for libxml2, enable
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews statschannel. [RT #19773]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2633. [bug] Handle 15 bit rand() functions. [RT #19783]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2632. [func] util/kit.sh: warn if documentation appears to be out of
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews date. [RT #19922]
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt2631. [bug] Handle "//", "/./" and "/../" in mkdirpath().
7829fad4093f2c1985b1efb7cea00287ff015d2bckb [RT #19926 ]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2630. [func] Improved syntax for DDNS autoconfiguration: use
7829fad4093f2c1985b1efb7cea00287ff015d2bckb "update-policy local;" to switch on local DDNS in a
7829fad4093f2c1985b1efb7cea00287ff015d2bckb zone. (The "ddns-autoconf" option has been removed.)
7829fad4093f2c1985b1efb7cea00287ff015d2bckb [RT #19875]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2629. [port] Check for seteuid()/setegid(), use setresuid()/
7829fad4093f2c1985b1efb7cea00287ff015d2bckb setresgid() if not present. [RT #19932]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2628. [port] linux: Allow /var/run/named/named.pid to be opened
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews at startup with reduced capabilities in operation.
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2627. [bug] Named aborted if the same key was included in
7829fad4093f2c1985b1efb7cea00287ff015d2bckb trusted-keys more than once. [RT #19918]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2626. [bug] Multiple trusted-keys could trigger an assertion
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews failure. [RT #19914]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2624. [func] 'named-checkconf -p' will print out the parsed
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson configuration. [RT #18871]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2623. [bug] Named started searches for DS non-optimally. [RT #19915]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2621. [doc] Made copyright boilerplate consistent. [RT #19833]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2620. [bug] Delay thawing the zone until the reload of it has
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews completed successfully. [RT #19750]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2619. [func] Add support for RFC 5011, automatic trust anchor
7829fad4093f2c1985b1efb7cea00287ff015d2bckb maintenance. The new "managed-keys" statement can
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews be used in place of "trusted-keys" for zones which
692ae2fff922f1c072169d1ddda8e600cb572a9bMark Andrews support this protocol. (Note: this syntax is
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson expected to change prior to 9.7.0 final.) [RT #19248]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2618. [bug] The sdb and sdlz db_interator_seek() methods could
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff loop infinitely. [RT #19847]
7829fad4093f2c1985b1efb7cea00287ff015d2bckb2617. [bug] ifconfig.sh failed to emit an error message when
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson run from the wrong location. [RT #19375]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2616. [bug] 'host' used the nameservers from resolv.conf even
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews when a explicit nameserver was specified. [RT #19852]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2615. [bug] "__attribute__((unused))" was in the wrong place
7829fad4093f2c1985b1efb7cea00287ff015d2bckb for ia64 gcc builds. [RT #19854]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2614. [port] win32: 'named -v' should automatically be executed
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews in the foreground. [RT #19844]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2613. [placeholder]
4c1817c29c78d533eae9f4bdf8c9b4d5c90ebfdbMark Andrews --- 9.7.0a1 released ---
4c1817c29c78d533eae9f4bdf8c9b4d5c90ebfdbMark Andrews2612. [func] Add default values for the arguments to
4c1817c29c78d533eae9f4bdf8c9b4d5c90ebfdbMark Andrews dnssec-keygen. Without arguments, it will now
4c1817c29c78d533eae9f4bdf8c9b4d5c90ebfdbMark Andrews generate a 1024-bit RSASHA1 zone-signing key,
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews or with the -f KSK option, a 2048-bit RSASHA1
4c1817c29c78d533eae9f4bdf8c9b4d5c90ebfdbMark Andrews key-signing key. [RT #19300]
261a6a1f7d95eaf0cd882f3123dcfd775517a54fMark Andrews2611. [func] Add -l option to dnssec-dsfromkey to generate
261a6a1f7d95eaf0cd882f3123dcfd775517a54fMark Andrews DLV records instead of DS records. [RT #19300]
261a6a1f7d95eaf0cd882f3123dcfd775517a54fMark Andrews2610. [port] sunos: Change #2363 was not complete. [RT #19796]
261a6a1f7d95eaf0cd882f3123dcfd775517a54fMark Andrews2609. [func] Simplify the configuration of dynamic zones:
4c1817c29c78d533eae9f4bdf8c9b4d5c90ebfdbMark Andrews - add ddns-confgen command to generate
261a6a1f7d95eaf0cd882f3123dcfd775517a54fMark Andrews configuration text for named.conf
261a6a1f7d95eaf0cd882f3123dcfd775517a54fMark Andrews - add zone option "ddns-autoconf yes;", which
261a6a1f7d95eaf0cd882f3123dcfd775517a54fMark Andrews causes named to generate a TSIG session key
261a6a1f7d95eaf0cd882f3123dcfd775517a54fMark Andrews and allow updates to the zone using that key
261a6a1f7d95eaf0cd882f3123dcfd775517a54fMark Andrews - add '-l' (localhost) option to nsupdate, which
261a6a1f7d95eaf0cd882f3123dcfd775517a54fMark Andrews causes nsupdate to connect to a locally-running
261a6a1f7d95eaf0cd882f3123dcfd775517a54fMark Andrews named process using the session key generated
4c1817c29c78d533eae9f4bdf8c9b4d5c90ebfdbMark Andrews2608. [func] Perform post signing verification checks in
4c1817c29c78d533eae9f4bdf8c9b4d5c90ebfdbMark Andrews dnssec-signzone. These can be disabled with -P.
4c1817c29c78d533eae9f4bdf8c9b4d5c90ebfdbMark Andrews The post sign verification test ensures that for each
4c1817c29c78d533eae9f4bdf8c9b4d5c90ebfdbMark Andrews algorithm in use there is at least one non revoked
4c1817c29c78d533eae9f4bdf8c9b4d5c90ebfdbMark Andrews self signed KSK key. That all revoked KSK keys are
4c1817c29c78d533eae9f4bdf8c9b4d5c90ebfdbMark Andrews self signed. That all records in the zone are signed
4c1817c29c78d533eae9f4bdf8c9b4d5c90ebfdbMark Andrews by the algorithm. [RT #19653]
cfaf65f53fb0c1779e7b2e07216e5fbfd3a2d52eMark Andrews2607. [bug] named could incorrectly delete NSEC3 records for
cfaf65f53fb0c1779e7b2e07216e5fbfd3a2d52eMark Andrews empty nodes when processing a update request.
261a6a1f7d95eaf0cd882f3123dcfd775517a54fMark Andrews2606. [bug] "delegation-only" was not being accepted in
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews delegation-only type zones. [RT #19717]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2605. [bug] Accept DS responses from delegation only zones.
7829fad4093f2c1985b1efb7cea00287ff015d2bckb [RT # 19296]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2604. [func] Add support for DNS rebinding attack prevention through
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews new options, deny-answer-addresses and
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews deny-answer-aliases. Based on contributed code from
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews JD Nurmi, Google. [RT #18192]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2603. [port] win32: handle .exe extension of named-checkzone and
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews named-comilezone argv[0] names under windows.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2602. [port] win32: fix debugging command line build of libisccfg.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2601. [doc] Mention file creation mode mask in the
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews named manual page.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2600. [doc] ARM: miscellaneous reformatting for different
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews page widths. [RT #19574]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence2599. [bug] Address rapid memory growth when validation fails.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2598. [func] Reserve the -F flag. [RT #19657]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2597. [bug] Handle a validation failure with a insecure delegation
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews from a NSEC3 signed master/slave zone. [RT #19464]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews long, leading to inefficient memory usage or rejecting
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews newer cache entries in the worst case. [RT #19563]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2594. [func] Have rndc warn if using its default configuration
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence file when the key file also exists. [RT #19424]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2593. [bug] Improve a corner source of SERVFAILs [RT #19632]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2591. [bug] named could die when processing a update in
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews removed_orphaned_ds(). [RT #19507]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2590. [func] Report zone/class of "update with no effect".
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt2588. [bug] SO_REUSEADDR could be set unconditionally after failure
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews of bind(2) call. This should be rare and mostly
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews harmless, but may cause interference with other
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews processes that happen to use the same port. [RT #19642]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2587. [func] Improve logging by reporting serial numbers for
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews when zone serial has gone backwards or unchanged.
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt or SDB. [RT #19577]
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt2585. [bug] Uninitialized socket name could be referenced via a
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt statistics channel, triggering an assertion failure in
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt XML rendering. [RT #19427]
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt2584. [bug] alpha: gcc optimization could break atomic operations.
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2583. [port] netbsd: provide a control to not add the compile
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews date to the version string, -DNO_VERSION_DATE.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2582. [bug] Don't emit warning log message when we attempt to
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt remove non-existent journal. [RT #19516]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews Requires MySQL 5.0.19 or later. [RT #19084]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2580. [bug] UpdateRej statistics counter could be incremented twice
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews for one rejection. [RT #19476]
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt2579. [bug] DNSSEC lookaside validation failed to handle unknown
d9eebc08497af272b2d44c07f4eb85153dec4253Evan Hunt algorithms. [RT #19479]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2578. [bug] Changed default sig-signing-type to 65534, because
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews 65535 turns out to be reserved. [RT #19477]
7e9d637131516486630290d36c4c0db544cb700eMark Andrews2577. [doc] Clarified some statistics counters. [RT #19454]
913bc4304db0c4e0613bf1404c1caa29f9530180Andreas Gustafsson2576. [bug] NSEC record were not being correctly signed when
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff a zone transitions from insecure to secure.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews Handle such incorrectly signed zones. [RT #19114]
913bc4304db0c4e0613bf1404c1caa29f9530180Andreas Gustafsson2575. [func] New functions dns_name_fromstring() and
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews dns_name_tostring(), to simplify conversion
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews of a string to a dns_name structure and vice
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson versa. [RT #19451]
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson2574. [doc] Document nsupdate -g and -o. [RT #19351]
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson2573. [bug] Replacing a non-CNAME record with a CNAME record in a
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson single transaction in a signed zone failed. [RT #19397]
7e9d637131516486630290d36c4c0db544cb700eMark Andrews2572. [func] Simplify DLV configuration, with a new option
7e9d637131516486630290d36c4c0db544cb700eMark Andrews "dnssec-lookaside auto;" This is the equivalent
7e9d637131516486630290d36c4c0db544cb700eMark Andrews of "dnssec-lookaside . trust-anchor dlv.isc.org;"
7e9d637131516486630290d36c4c0db544cb700eMark Andrews plus setting a trusted-key for dlv.isc.org.
3e14b69d196a3ebeecc4662c426344dcfd7db678Andreas Gustafsson Note: The trusted key is hard-coded into named,
913bc4304db0c4e0613bf1404c1caa29f9530180Andreas Gustafsson but is also stored in (and can be overridden
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson by) $sysconfdir/bind.keys. As the ISC DLV key
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson rolls over it can be kept up to date by replacing
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson the bind.keys file with a key downloaded from
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson https://www.isc.org/solutions/dlv. [RT #18685]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2571. [func] Add a new tool "arpaname" which translates IP addresses
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews to the corresponding IN-ADDR.ARPA or IP6.ARPA name.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2570. [func] Log the destination address the query was sent to.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2569. [func] Move journalprint, nsec3hash, and genrandom
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews "make install" will put them in $sbindir. [RT #19301]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2568. [bug] Report when the write to indicate a otherwise
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews successful start fails. [RT #19360]
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt2567. [bug] dst__privstruct_writefile() could miss write errors.
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews write_public_key() could miss write errors.
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt dnssec-dsfromkey could miss write errors.
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2566. [cleanup] Clarify logged message when an insecure DNSSEC
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews response arrives from a zone thought to be secure:
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews "insecurity proof failed" instead of "not
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews insecure". [RT #19400]
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt2565. [func] Add support for HIP record. Includes new functions
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt dns_rdata_hip_first(), dns_rdata_hip_next()
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt and dns_rdata_hip_current(). [RT #19384]
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt2564. [bug] Only take EDNS fallback steps when processing timeouts.
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt2563. [bug] Dig could leak a socket causing it to wait forever
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt to exit. [RT #19359]
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt2562. [doc] ARM: miscellaneous improvements, reorganization,
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews and some new content.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2559. [bug] dnssec-dsfromkey could compute bad DS records when
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews reading from a K* files. [RT #19357]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2558. [func] Set the ownership of missing directories created
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews for pid-file if -u has been specified on the command
7e9d637131516486630290d36c4c0db544cb700eMark Andrews line. [RT #19328]
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson2557. [cleanup] PCI compliance:
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson * new libisc log module file
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt * isc_dir_chroot() now also changes the working
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt directory to "/".
7231717254c3e872f5d2ca87c554dbbb4bddeeecMark Andrews * additional INSISTs
7231717254c3e872f5d2ca87c554dbbb4bddeeecMark Andrews * additional logging when files can't be removed.
7231717254c3e872f5d2ca87c554dbbb4bddeeecMark Andrews2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
7231717254c3e872f5d2ca87c554dbbb4bddeeecMark Andrews error checks in the correct order resulting in the
7231717254c3e872f5d2ca87c554dbbb4bddeeecMark Andrews wrong error code sometimes being returned. [RT #19249]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2555. [func] dig: when emitting a hex dump also display the
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews corresponding characters. [RT #19258]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2554. [bug] Validation of uppercase queries from NSEC3 zones could
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews fail. [RT #19297]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2552. [bug] zero-no-soa-ttl-cache was not being honoured.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2551. [bug] Potential Reference leak on return. [RT #19341]
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2549. [port] linux: define NR_OPEN if not currently defined.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2548. [bug] Install iterated_hash.h. [RT #19335]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2547. [bug] openssl_link.c:mem_realloc() could reference an
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews out-of-range area of the source buffer. New public
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews function isc_mem_reallocate() was introduced to address
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews this bug. [RT #19313]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2546. [func] Add --enable-openssl-hash configure flag to use
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews OpenSSL (in place of internal routine) for hash
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt functions (MD5, SHA[12] and HMAC). [RT #18815]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2545. [doc] ARM: Legal hostname checking (check-names) is
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews for SRV RDATA too. [RT #19304]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt2542. [doc] Update the description of dig +adflag. [RT #19290]
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt2541. [bug] Conditionally update dispatch manager statistics.
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt2540. [func] Add a nibble mode to $GENERATE. [RT #18872]
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt2539. [security] Update the interaction between recursion, allow-query,
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews allow-query-cache and allow-recursion. [RT #19198]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2538. [bug] cache/ADB memory could grow over max-cache-size,
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews especially with threads and smaller max-cache-size
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews values. [RT #19240]
7e9d637131516486630290d36c4c0db544cb700eMark Andrews2537. [func] Added more statistics counters including those on socket
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews I/O events and query RTT histograms. [RT #18802]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2536. [cleanup] Silence some warnings when -Werror=format-security is
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt specified. [RT #19083]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2534. [func] Check NAPTR records regular expressions and
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews replacement strings to ensure they are syntactically
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews valid and consistant. [RT #18168]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews2533. [doc] ARM: document @ (at-sign). [RT #17144]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2532. [bug] dig: check the question section of the response to
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson see if it matches the asked question. [RT #18495]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2531. [bug] Change #2207 was incomplete. [RT #19098]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2530. [bug] named failed to reject insecure to secure transitions
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington via UPDATE. [RT #19101]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2529. [cleanup] Upgrade libtool to silence complaints from recent
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington version of autoconf. [RT #18657]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2528. [cleanup] Silence spurious configure warning about
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington --datarootdir [RT #19096]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2527. [placeholder]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2526. [func] New named option "attach-cache" that allows multiple
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington views to share a single cache to save memory and
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington improve lookup efficiency. Based on contributed code
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington from Barclay Osborn, Google. [RT #18905]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2525. [func] New logging category "query-errors" to provide detailed
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington internal information about query failures, especially
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington about server failures. [RT #19027]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2523. [bug] Random type rdata freed by dns_nsec_typepresent().
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2521. [bug] Improve epoll cross compilation support. [RT #19047]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2520. [bug] Update xml statistics version number to 2.0 as change
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington #2388 made the schema incompatible to the previous
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington version. [RT #19080]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2519. [bug] dig/host with -4 or -6 didn't work if more than two
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington nameserver addresses of the excluded address family
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington preceded in resolv.conf. [RT #19081]
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews2518. [func] Add support for the new CERT types from RFC 4398.
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2517. [bug] dig +trace with -4 or -6 failed when it chose a
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington nameserver address of the excluded address type.
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2516. [bug] glue sort for responses was performed even when not
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington needed. [RT #19039]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington a nameserver of the excluded address family.
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2513. [bug] Fix windows cli build. [RT #19062]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2512. [func] Print a summary of the cached records which make up
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington the negative response. [RT #18885]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2509. [bug] Specifying a fixed query source port was broken.
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews2508. [placeholder]
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews2507. [func] Log the recursion quota values when killing the
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews oldest query or refusing to recurse due to quota.
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews2506. [port] solaris: Check at configure time if
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews hack_shutup_pthreadonceinit is needed. [RT #19037]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2505. [port] Treat amd64 similarly to x86_64 when determining
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington atomic operation support. [RT #19031]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2504. [bug] Address race condition in the socket code. [RT #18899]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2503. [port] linux: improve compatibility with Linux Standard
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington Base. [RT #18793]
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington2502. [cleanup] isc_radix: Improve compliance with coding style,
19f4d25fd5b35b1375b0b9f13b66770ee4a66154Brian Wellington document function in <isc/radix.h>. [RT #18534]
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews2501. [func] $GENERATE now supports all rdata types. Multi-field
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews rdata types need to be quoted. See the ARM for
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews details. [RT #18368]
a76b380643a22f23a67a9df284e86cd7ef7608c1Mark Andrews2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
a76b380643a22f23a67a9df284e86cd7ef7608c1Mark Andrews function. [RT #18582]
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Hunt2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Hunt --- 9.6.0rc1 released ---
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Hunt2498. [bug] Removed a bogus function argument used with
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Hunt ISC_SOCKET_USE_POLLWATCH: it could cause compiler
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Hunt warning or crash named with the debug 1 level
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Hunt of logging. [RT #18917]
0e27506ce3135f9bd49e12564ad0e15256135118Automatic Updater2497. [bug] Don't add RRSIG bit to NSEC3 bit map for insecure
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews2496. [bug] Add sanity length checks to NSID option. [RT #18813]
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews2495. [bug] Tighten RRSIG checks. [RT #18795]
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews installed. [RT #18826]
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews2493. [bug] The linux capabilities code was not correctly cleaning
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews up after itself. [RT #18767]
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews2492. [func] Rndc status now reports the number of cpus discovered
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews and the number of worker threads when running
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews multi-threaded. [RT #18273]
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews2491. [func] Attempt to re-use a local port if we are already using
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Hunt the port. [RT #18548]
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews is cleared when IPV6_V6ONLY is set. [RT #18785]
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews2489. [port] solaris: Workaround Solaris's kernel bug about
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews Define ISC_SOCKET_USE_POLLWATCH at build time to enable
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews this workaround. [RT #18870]
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews2488. [func] Added a tool, dnssec-dsfromkey, to generate DS records
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews from keyset and .key files. [RT #18694]
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews2487. [bug] Give TCP connections longer to complete. [RT #18675]
are now /var/run/named/named.pid and
/var/run/lwresd/lwresd.pid respectively.
2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
specified in named.conf doesn't seem to work with
2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
2455. [bug] Stop metadata being transferred via axfr/ixfr.
2452. [func] Improve bin/test/journalprint. [RT #18316]
epoll and /dev/poll to be selected at compile
completion event send out canceled read/write
in rbtdb.c. [RT #18455]
2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
temporary, named.conf option reserved-sockets,
assertion in acl.c. [RT #18166]
2390. [bug] dispatch.c could make a false warning on 'odd socket'.
2387. [bug] Silence compiler warnings in lib/isc/radix.c.
2385. [bug] A condition variable in socket.c could leak in
2381. [port] dlz/mysql: support multiple install layouts for
mysql. <prefix>/include/{,mysql/}mysql.h and
2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
Documentation is in the new README.pkcs11 file.
were set at both the options/view level and in
named.conf. [RT #17581]
See <isc/mem.h> for details.
2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
rbtdb.c. Implement dead node processing in zones as
lib/dns/rdata/in_1/apl_42.c. [RT #17469]
2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
addresses in acl.c. [RT #17519]
bin/named/lwdnoop.c. [RT #17476]
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
debug/fatal messages. [RT #17501]
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
2306. [bug] Remove potential race from lib/dns/resolver.c.
2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
bin/tests/system/lwresd/lwtest.c. [RT #17474]
bin/tests/names/t_names.c. [RT #17473]
bin/nsupdate/nsupdate.c. [RT #17475]
bin/tests/timers/t_timers.c. [RT #17468]
bin/tests/dst/t_dst.c. [RT #17467]
2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
stub/slave master and journal files. [RT# 17279]
2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
2266. [bug] client.c:get_clientmctx() returned the same mctx
2257. [bug] win32: Use the full path to vcredist_x86.exe when
bindevt.dll. [RT #17159]
2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
2254. [bug] timer.c:dispatch() failed to lock timer->lock
2247. [doc] Sort doc/misc/options. [RT #17067]
2246. [bug] Make the startup of test servers (ans.pl) more
2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
If allow-query-cache is not set in named.conf then
If allow-recursion is not set in named.conf then
2194. [bug] Close journal before calling 'done' in xfrin.c.
2193. [port] win32: BINDInstall.exe is now linked statically.
2192. [port] win32: use vcredist_x86.exe to install Visual
2184. [bug] bind9.xsl.h didn't build out of the source tree.
2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
need to ship Microsoft.VC80.MFCLOC.
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
Fix a memory leak in rbtdb.c:free_noqname().
Make lookup.c:lookup_find() robust against
2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
dighost.c:get_trusted_key(). [RT #16678]
hmac_link.c. [RT #16437]
2145. [bug] Check DS/DLV digest lengths for known digests.
2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
in adb.c. [RT #16670]
2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2137. [port] Mips little endian and/or mips 64 bit are now
2136. [bug] nslookup/host looped if there was no search list
2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
2114. [bug] dig/host/nslookup: searches for names with multiple
2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
2103. [port] Add /usr/sfw to list of locations for OpenSSL
2100. [port] win32: copy libeay32.dll to Build\Debug.
2098. [bug] Race in rbtdb.c:no_references(), which occasionally
if resolv.conf does not exist or no nameservers
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
2085. [doc] win32: added index.html and README to zip. [RT #16201]
2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
2080. [port] libbind: res_init.c did not compile on older versions
2076. [bug] Several files were missing #include <config.h>
of authoritative servers that drop EDNS and/or CD
2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
2043. [port] nsupdate/nslookup: Force the flushing of the prompt
2038. [bug] dig/nslookup/host was unlinking from wrong list
a non slave/stub zone. [RT # 16073]
2028. [port] linux: socket.c compatibility for old systems.
2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
2008. [func] It is now possible to enable/disable DNSSEC
breaks DNSSEC (firewall/proxy). [RT #15592]
2003. [bug] libbind: The DNS name/address lookup functions could
1988. [bug] Remove a bus error from the SHA256/SHA512 support.
1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
1981. [bug] win32: condition.c:wait() could fail to reattain
1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
now be set in named.conf (max-udp-size). This is
xfrin.c:maybe_free() if named ran out of memory.
1944. [cleanup] isc_hash_create() does not need a read/write lock.
1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
1922. [bug] check-tool.c:setup_logging() missing call to
1919. [contrib] queryperf: a set of new features: collecting/printing
'RD' was set in the query. host/nslookup skip servers
1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
1866. [bug] resolv.conf parse errors were being ignored by
dig/host/nslookup. [RT #14841]
1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
when CFLAGS contains "-I /usr/local/include"
1839. [bug] <isc/hash.h> was not being installed.
1836. [cleanup] Silence compiler warnings in hash_test.c.
1834. [bug] Bad memset in rdata_test.c. [RT #13658]
rbtdb.c:subtractrdataset(). [RT #13519]
option in named.conf can be used to specify a
1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
1810. [bug] configure, lib/bind/configure make different default
1808. [bug] zone.c:notify_zone() contained a race condition,
1788. [bug] libbind9.la/libbind9.so needs to link against
1785. [bug] libbind9.la/libbind9.so needs to link against
1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
file clause for rbt{64} master/hint zones. [RT#13009]
1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
1748. [func] dig now returns the byte count for axfr/ixfr.
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
1745. [bug] Dig/host/nslookup accept replies from link locals
1731. [port] darwin: relax version test in ifconfig.sh.
1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
1717. [port] solaris: ifconfig.sh did not support Solaris 10.
"ifconfig.sh down" didn't work for Solaris 9.
1716. [doc] named.conf(5) was being installed in the wrong
1714. [bug] dig/host/nslookup were only trying the first
1707. [contrib] sdb/ldap updated to version 1.0-beta.
1705. [func] Allow the journal's name to be changed via named.conf.
"#include <isc/print.h>". [RT #12321]
1701. [doc] A minimal named.conf man page.
are defined in named.conf. [RT #12023]
/usr/lib. [RT #11971]
1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
adb.c:set_target(). [RT #11582]
1648. [func] Update dnssec-lookaside named.conf syntax to support
1625. [bug] named failed to load/transfer RFC2535 signed zones
1612. [bug] check-names at the option/view level could trigger
1599. [bug] Fix memory leak on error path when checking named.conf.
DNSSEC specify "dnssec-enable yes;" in named.conf.
1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
1566. [port] Support for the cmsg framework on Solaris and HP/UX.
were specified in /etc/resolv.conf. [RT #8232]
1551. [port] Open "/dev/null" before calling chroot().
1532. [port] netbsd: the configure test for <sys/sysctl.h>
requires <sys/param.h>.
1517. [port] Support for IPv6 interface scanning on HP/UX and
only (e.g. DE, LV, US and MUSEUM) these can be excluded
1503. [port] win32: install libeay32.dll outside of system32.
named.conf, tcp-listen-queue.
1498. [port] bsdos: 5.x support.
1478. [port] ifconfig.sh didn't account for other virtual
1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
doc/misc/options. [RT #5616]
via named.conf (edns-udp-size).
1425. [port] linux/libbind: define __USE_MISC when testing *_r()
function prototypes in netdb.h. [RT #4921]
1422. [func] Log name/type/class when denying a query. [RT #4663]
1419. [port] openbsd: use /dev/arandom. [RT #4950]
1417. [func] ID.SERVER/CHAOS is now a built in zone.
1410. [func] Handle records that live in the parent zone, e.g. DS.
1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
'recursing-file = "named.recursing";'.
1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
1353. [contrib] sdb/ldap to version 0.9.
in socket.c and eliminating a host of socket
1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
1336. [func] Nibble lookups under IP6.ARPA are now supported by
1334. [bug] When signing/verifying rdatasets, duplicate rdatas
1326. [bug] DNAME/CNAME signatures were not being cached when
1324. [port] darwin: ifconfig.sh now supports darwin.
1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
1276. [bug] libbind: const pointer conflicts in res_debug.c.
1269. [port] Openserver: ifconfig.sh support.
<sys/param.h> is included or not. Be consistent.
1247. [bug] Don't reset the interface index for link/site local
1234. [bug] contrib/sdb: 'zonetodb' failed to call
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
at the named.conf checking stage. [RT #2431]
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
lib/dns to use this function instead of local one.
occurs when parsing named.conf. [RT #2275]
1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
1145. [func] "host" no longer reports a NOERROR/NODATA response
named/lwresd at compile time. [RT #1982]
1119. [func] Added support in Win32 for NTFS file/directory ACL's
could cause an assertion failure in resolver.c
violation in adb.c. [RT #2017]
1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
1088. [port] libbind: MPE/iX C.70 (incomplete)
on load/reload if views were used. [RT #1947]
1041. [bug] Dig/host/nslookup could catch an assertion failure
1032. [func] hostname.bind/txt/chaos now returns the name of
1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
1030. [bug] On systems with no resolv.conf file, nsupdate
1029. [bug] Some named.conf errors did not cause the loading
1002. [bug] When reporting an unknown class name in named.conf,
972. [bug] The file modification time code in zone.c was using the
non-existent nlist.h. [RT #1640]
957. [bug] sys/select.h inclusion was broken on older platforms.
in named/win32/os.c due to code changes in
updated to add include path for os.h header.
953. [func] The /var/run/named.key file from change #843
has been replaced by /etc/rndc.key. Both
method (rndc.conf / controls). Unlike
bin/tests. [RT #1555].
946. [cleanup] doc/misc/options is now machine-generated from the
when installing isc-config.sh.
were not accepted in named.conf. [RT #1469]
and added lib/isc/win32/entropy.c.
900. [bug] A config.guess update changed the system identification
bin/tests/system/ifconfig.sh now recognize the new
899. [bug] lib/dns/soa.c failed to compile on many platforms
897. [bug] A config.guess update changed the system identification
to Darwin. This was derived from the config.guess
849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
just as <lwres/net.h> does.
843. [func] If no controls statement is present in named.conf,
generated by named and an rndc.conf-style file
named named.key will be written that uses it. rndc
838. [port] UnixWare 7.x.x is now suported by
833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
<dns/soa.h>, and extended them to support
832. [bug] The default location for named.conf in named-checkconf
825. [bug] zone.c:ns_query() detached from the wrong zone
character (i.e. "/") in its name and the directory
down-cased when signing/verifying records. [RT #1186]
in rndc.conf.
786. [bug] When DNSSEC signing/verifying data, owner names were
755. [bug] Fix incorrectly formatted log messages in zone.c.
748. [doc] List supported RFCs in doc/misc/rfc-compliance.
739. [port] Look for /dev/random in configure, rather than
737. [port] stdtime.c failed to compile on certain platforms.
dispatch.c:do_cancel(). [RT #733]
718. [cleanup] "internal" is no longer a reserved word in named.conf.
failure in adb.c. [RT #738]
703. [port] sys/select.h is needed on older platforms. [RT #695]
702. [func] If the address 0.0.0.0 is seen in resolv.conf,
693. [bug] An empty lwres statement in named.conf caused
685. [bug] nslookup should use the search list/domain options
from resolv.conf by default. [RT #405, #630]
646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
for syntax checking named.conf files and zone files,
604. [bug] The named.conf parser could print incorrect line
577. [func] Log illegal RDATA combinations. e.g. multiple
570. [bug] rbtdb.c allowed zones containing nodes which had
568. [func] Add sample simple database drivers in contrib/sdb.
of rdata type/class mnemonics in log messages.
516. [bug] Cache lookups which had a NULL node pointer, e.g.
DNAME, would trigger an INSIST(!search.need_cleanup)
490. [func] When a slave/stub zone has not yet successfully
from the named.conf "listen-on" statement, sockets
477. [bug] The the isc-config.sh script could be installed before
471. [bug] nsupdate didn't compile on HP/UX 10.20
and subsequent name servers in resolv.conf if the
457. [bug] Dig/host/hslookup didn't properly handle connect
documented as such in named.conf. [RT #304, RT #311]
is specified in named.conf. [RT #306]
is specified in named.conf. [RT #301]
432. [func] Added refresh/retry jitter. The actual refresh/
428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
(e.g. glue). This could cause SERVFAILs when
e.g. due to corrupt zones with multiple SOA records.
an argc/argv style vector of words and sets
view/global one for CNAME targets and additional
369. [func] Support new named.conf options, view and zone
the distribution, in doc/man/dnssec.
353. [bug] double increment in lwres/gethost.c:copytobuf().
348. [func] New boolean named.conf options 'additional-from-auth'
345. [bug] Large-scale changes/cleanups to dig:
341. [func] Support 'key' clause in named.conf zone masters
327. [bug] rndc.conf parser wasn't correctly recognizing an IP
320. [func] Multiple rndc changes: parses an rndc.conf file,
319. [func] The named.conf "controls" statement is now used
314. [func] The named.conf controls statement can now have
313. [bug] When parsing resolv.conf, don't terminate on an
resolv.conf search path from 6 to 8. If there
resolv.conf was empty or a comment.
310. [func] Changes to named.conf "controls" statement (inet
are listed in resolv.conf, silently ignore them
each library's ipv6.h defines the wrapper symbol of
any $sbindir/dig from a previous release.)
that lack /dev/random.
280. [func] Add isc-config.sh, which can be used to more
two or more files in libomapi.a were not namespace
278. [bug] bin/named/logconf.c:category_fromconf() didn't take
266. [bug] zone.c:save_nsrrset() node was not initialized.
262. [bug] 'master' was not initialized in zone.c:stub_callback().
for global options block of named.conf. Both accept
258. [bug] Fixed printing of lwres_addr_t.address field.
256. [func] isc_ratelimiter_t now has attach/detach semantics, and
253. [func] resolv.conf parser now recognizes ';' and '#' as
252. [bug] resolv.conf parser mishandled masks on sortlists.
244. [bug] empty named.conf file and empty options statement are
243. [func] new cachesize option for named.conf
+ missing sigwait prototype on BSD/OS 4.0/4.0.1.
BSD/OS 4.*, Linux and Solaris 2.8.
230. [func] Replace the dst sign/verify API with a cleaner one.
from confparser.c, because of yacc's code, are
212. [func] Added dns_message_get/settsigkey, to make TSIG
compiling in the lib/dns/sec/{dnssafe,openssl}
204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
run on a PA 1.x system."
201. [cleanup] Removed the test/sdig program, it has been
replaced by bin/dig/dig.
(e.g., running out of network buffers) were
and/or interfaces. [19-May-2000 explorer]
191. [func] Patched to compile on UnixWare 7.x. This platform
range for overflow/underflow. In the case of
184. [cleanup] Variables/functions which began with two leading
underscores were made to conform to the ANSI/ISO
179. [func] options named.conf statement *must* now come
178. [func] Post-load of named.conf check verifies a slave zone
168. [bug] include statements in named.conf caused syntax errors
162. [bug] Ensure proper range for arguments to ctype.h functions.
masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
util/check-includes for how this was tested.
145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
<isc/result.h>.
of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
need <isc/eventclass.h>.
instead of <isc/time.h>.
128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
and creates null keys/sets zone status bit for
<isc/result.h>.
<isc/result.h>. Multiple inclusion protection
isc_symtab_t moved to <isc/types.h>.
<isc/net.h>.
118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
117. [cleanup] libdns.a changes:
116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
<isc/list.h>.
<isc/mutex.h>.
<isc/list.h>.
bin/tests/{db,mem,sockaddr,tasks,timers}/.
108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
105. [doc] doc/dev/coding.html expanded with other
103. [func] libisc buffer API changes for <isc/buffer.h>:
on BSD/OS 4.1.
101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
<isc/event.h>.
or <isc/result.h>.
<isc/result.h>.
90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
from <named/listenlist.h>.
<isc/mem.h>. isc_interface_t and isc_interfaceiter_t
moved to <isc/types.h>.
86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
<isc/types.h>.
<isc/int.h>.
<isc/lang.h>.
subsumed by file.o.
OpenSSL libraries/headers.
from <dns/types.h>.
59. [bug] Cause net/host unreachable to be a hard error
58. [bug] bin/named/query.c could sometimes trigger the
(client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
<sys/param.h>.
logging module "dns/validator".
and isc_lex_t to <isc/types.h>.
31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
25. [bug] make install failed to install <isc/log.h> and
configure.in to check for presence of in6addr_any.
9. [cleanup] replaced bit-setting code in confctx.c and replaced
4. [port] bin/named/unix/os.c didn't compile on systems with
get only what we need from <linux/capability.h>, and
systems without /dev/random.
lib/isc/unix/include/isc/Makefile.in had a typo which