diff options
| author | dougb <dougb@FreeBSD.org> | 2007-06-02 23:21:47 +0000 |
|---|---|---|
| committer | dougb <dougb@FreeBSD.org> | 2007-06-02 23:21:47 +0000 |
| commit | 6df9693fc1899de774712d6421c2fc401db2eadd (patch) | |
| tree | 6e65ba28d6d850f4d5c07cd37f26842e97b4aecf /contrib/bind9/CHANGES | |
| parent | fb8cb3b3a3d2367752c01dc81b68c0b7390f7760 (diff) | |
| download | FreeBSD-src-6df9693fc1899de774712d6421c2fc401db2eadd.zip FreeBSD-src-6df9693fc1899de774712d6421c2fc401db2eadd.tar.gz | |
Vendor import of BIND 9.4.1
Diffstat (limited to 'contrib/bind9/CHANGES')
| -rw-r--r-- | contrib/bind9/CHANGES | 2084 |
1 files changed, 1286 insertions, 798 deletions
diff --git a/contrib/bind9/CHANGES b/contrib/bind9/CHANGES index acf2817..358128e 100644 --- a/contrib/bind9/CHANGES +++ b/contrib/bind9/CHANGES @@ -1,12 +1,79 @@ - --- 9.3.4 released --- + --- 9.4.1 released --- + +2172. [bug] query_addsoa() was being called with a non zone db. + [RT #16834] + + --- 9.4.0 released --- + +2138. [bug] Lock order reversal in resolver.c. [RT #16653] + +2137. [port] Mips little endian and/or mips 64 bit are now + supported for atomic operations. [RT#16648] + +2136. [bug] nslookup/host looped if there was no search list + and the host didn't exist. [RT #16657] + +2135. [bug] Uninitialised rdataset in sdlz.c. [RT# 16656] + +2133. [port] powerpc: Support both IBM and MacOS Power PC + assembler syntaxes. [RT #16647] + +2132. [bug] Missing unlock on out of memory in + dns_dispatchmgr_setudp(). + +2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630] + +2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635] + + --- 9.4.0rc2 released --- + +2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563] 2126. [security] Serialise validation of type ANY responses. [RT #16555] +2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ + was defined. [RT #16574] + 2124. [security] It was possible to dereference a freed fetch context. [RT #16584] - --- 9.3.3 released --- +2120. [doc] Fix markup on nsupdate man page. [RT #16556] + + --- 9.4.0rc1 released --- + +2118. [bug] Handle response with long chains of domain name + compression pointers which point to other compression + pointers. [RT #16427] + +2117. [bug] DNSSEC fixes: named could fail to cache NSEC records + which could lead to validation failures. named didn't + handle negative DS responses that were in the process + of being validated. Check CNAME bit before accepting + NODATA proof. To be able to ignore a child NSEC there + must be SOA (and NS) set in the bitmap. [RT #16399] + +2116. [bug] 'rndc reload' could cause the cache to continually + be cleaned. [RT #16401] + +2115. [bug] 'rndc reconfig' could trigger a INSIST if the + number of masters for a zone was reduced. [RT #16444] + +2114. [bug] dig/host/nslookup: searches for names with multiple + labels were failing. [RT #16447] + +2113. [bug] nsupdate: if a zone is specified it should be used + for server discover. [RT# 16455] + +2112. [security] Warn if weak RSA exponent is used. [RT #16460] + +2111. [bug] Fix a number of errors reported by Coverity. + [RT #16507] + +2110. [bug] "minimal-response yes;" interacted badly with BIND 8 + priming queries. [RT #16491] + +2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502] 2107. [bug] dighost.c: more cleanup of buffers. [RT #16499] @@ -17,14 +84,24 @@ 2102. [port] Silence solaris 10 warnings. + --- 9.4.0b4 released --- + 2101. [bug] OpenSSL version checks were not quite right. [RT #16476] 2100. [port] win32: copy libeay32.dll to Build\Debug. + Copy Debug\named-checkzone to Debug\named-compilezone. 2099. [port] win32: more manifiest issues. - --- 9.3.3rc3 released --- +2098. [bug] Race in rbtdb.c:no_references(), which occasionally + triggered an INSIST failure about the node lock + reference. [RT #16411] + + --- 9.4.0b3 released --- + +2097. [bug] named could reference a destroyed memory context + after being reloaded / reconfigured. [RT #16428] 2096. [bug] libbind: handle applications that fail to detect res_init() failures better. @@ -34,6 +111,8 @@ 2094. [contrib] Update named-bootconf. [RT# 16404] +2093. [bug] named-checkzone -s was broken. + 2092. [bug] win32: dig, host, nslookup. Use registry config if resolv.conf does not exist or no nameservers listed. [RT #15877] @@ -51,6 +130,9 @@ 2088. [security] Change the default RSA exponent from 3 to 65537. [RT #16391] +2087. [port] libisc failed to compile on OS's w/o a vsnprintf. + [RT #16382] + 2086. [port] libbind: FreeBSD now has get*by*_r() functions. [RT #16403] @@ -62,7 +144,7 @@ 2082. [doc] Document 'cache-file' as a test only option. - --- 9.3.3rc2 released --- + --- 9.4.0b2 released --- 2081. [port] libbind: minor 64-bit portability fix in memcluster.c. [RT #16360] @@ -70,16 +152,30 @@ 2080. [port] libbind: res_init.c did not compile on older versions of Solaris. [RT #16363] +2079. [bug] The lame cache was not handling multiple types + correctly. [RT #16361] + +2078. [bug] dnssec-checkzone output style "default" was badly + named. It is now called "relative". [RT #16326] + +2077. [bug] 'dnssec-signzone -O raw' wasn't outputing the + complete signed zone. [RT #16326] + 2076. [bug] Several files were missing #include <config.h> causing build failures on OSF. [RT #16341] +2075. [bug] The spillat timer event hander could leak memory. + [RT #16357] + 2074. [bug] dns_request_createvia2(), dns_request_createvia3(), dns_request_createraw2() and dns_request_createraw3() failed to send multiple UDP requests. [RT #16349] -2066. [security] Handle SIG queries gracefully. [RT #16300] +2073. [bug] Incorrect semantics check for update policy "wildcard". + [RT #16353] - --- 9.3.3rc1 released --- +2072. [bug] We were not generating valid HMAC SHA digests. + [RT #16320] 2071. [port] Test whether gcc accepts -fno-strict-aliasing. [RT #16324] @@ -89,9 +185,14 @@ 2069. [bug] Cross compiling was not working. [RT #16330] +2068. [cleanup] Lower incremental tuning message to debug 1. + [RT #16319] + 2067. [bug] 'rndc' could close the socket too early triggering a INSIST under Windows. [RT #16317] +2066. [security] Handle SIG queries gracefully. [RT #16300] + 2065. [bug] libbind: probe for HPUX prototypes for endprotoent_r() and endservent_r(). [RT 16313] @@ -103,8 +204,24 @@ 2062. [bug] 'dig +nssearch' was reusing a buffer before it had been returned by the socket code. [RT #16307] -2057. [bug] Make setting "ra" dependent on both allow-query and - allow-recursion. [RT #16290] +2061. [bug] Accept expired wildcard message reversed. [RT #16296] + +2060. [bug] Enabling DLZ support could leave views partially + configured. [RT #16295] + + --- 9.4.0b1 released --- + +2059. [bug] Search into cache rbtdb could trigger an INSIST + failure while cleaning up a stale rdataset. + [RT #16292] + +2058. [bug] Adjust how we calculate rtt estimates in the presence + of authoritative servers that drop EDNS and/or CD + requests. Also fallback to EDNS/512 and plain DNS + faster for zones with less than 3 servers. [RT #16187] + +2057. [bug] Make setting "ra" dependent on both allow-query-cache + and allow-recursion. [RT #16290] 2056. [bug] dig: ixfr= was not being treated case insensitively at all times. [RT #15955] @@ -138,9 +255,31 @@ 2047. [bug] Failed to initialise the interface flags to zero. [RT #16245] +2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate + cleanup [RT #16247]. + +2045. [func] Use lock buckets for acache entries to limit memory + consumption. [RT #16183] + +2044. [port] Add support for atomic operations for Itanium. + [RT #16179] + 2043. [port] nsupdate/nslookup: Force the flushing of the prompt for interactive sessions. [RT#16148] +2042. [bug] named-checkconf was incorrectly rejecting the + logging category "config". [RT #16117] + +2041. [bug] "configure --with-dlz-bdb=yes" produced a bad + set of libraries to be linked. [RT #16129] + +2040. [bug] rbtdb no_references() could trigger an INSIST + failure with --enable-atomic. [RT #16022] + +2039. [func] Check that all buffers passed to the socket code + have been retrieved when the socket event is freed. + [RT #16122] + 2038. [bug] dig/nslookup/host was unlinking from wrong list when handling errors. [RT #16122] @@ -153,7 +292,12 @@ 2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124] - --- 9.3.3b1 released --- +2033. [bug] We wern't creating multiple client memory contexts + on demand as expected. [RT #16095] + + --- 9.4.0a6 released --- + +2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074] 2031. [bug] Emit a error message when "rndc refresh" is called on a non slave/stub zone. [RT # 16073] @@ -172,21 +316,80 @@ 2026. [bug] Rate limit the two recursive client exceeded messages. [RT #16044] +2025. [func] Update "zone serial unchanged" message. [RT #16026] + 2024. [bug] named emited spurious "zone serial unchanged" messages on reload. [RT #16027] 2023. [bug] "make install" should create ${localstatedir}/run and ${sysconfdir} if they do not exist. [RT #16033] +2022. [bug] If dnssec validation is disabled only assert CD if + CD was requested. [RT #16037] + +2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037] + +2020. [bug] rdataset_setadditional() could leak memory. [RT #16034] + +2019. [tuning] Reduce the amount of work performed per quantum + when cleaning the cache. [RT #15986] + +2018. [bug] Checking if the HMAC MD5 private file was broken. + [RT #15960] + +2017. [bug] allow-query default was not correct. [RT #15946] + 2016. [bug] Return a partial answer if recursion is not allowed but requested and we had the answer to the original qname. [RT #15945] + --- 9.4.0a5 released --- + +2015. [cleanup] use-additional-cache is now acache-enable for + consistancy. Default acache-enable off in BIND 9.4 + as it requires memory usage to be configured. + It may be enabled by default in BIND 9.5 once we + have more experience with it. + +2014. [func] Statistics about acache now recorded and sent + to log. [RT #15976] + 2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR responses more gracefully. [RT #15941] +2012. [func] Don't insert new acache entries if acache is full. + [RT #15970] + +2011. [func] dnssec-signzone can now update the SOA record of + the signed zone, either as an increment or as the + system time(). [RT #15633] + + --- 9.4.0a4 released --- + 2009. [bug] libbind: coverity fixes. [RT #15808] +2008. [func] It is now posssible to enable/disable DNSSEC + validation from rndc. This is useful for the + mobile hosts where the current connection point + breaks DNSSEC (firewall/proxy). [RT #15592] + + rndc validation newstate [view] + +2007. [func] It is now possible to explicitly enable DNSSEC + validation. default dnssec-validation no; to + be changed to yes in 9.5.0. [RT #15674] + +2006. [security] Allow-query-cache and allow-recursion now default + to the builtin acls "localnets" and "localhost". + + This is being done to make caching servers less + attractive as reflective amplifying targets for + spoofed traffic. This still leave authoritative + servers exposed. + + The best fix is for full BCP 38 deployment to + remove spoofed traffic. + 2005. [bug] libbind: Retransmission timeouts should be based on which attempt it is to the nameserver and not the nameserver itself. [RT #13548] @@ -202,8 +405,13 @@ 2002. [bug] libbind: tighten the constraints on when struct addrinfo._ai_pad exists. [RT #15783] +2001. [func] Check the KSK flag when updating a secure dynamic zone. + New zone option "update-check-ksk yes;". [RT #15817] + 2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812] +1999. [func] Implement "rrset-order fixed". [RT #13662] + 1998. [bug] Restrict handling of fifos as sockets to just SunOS. This allows named to connect to entropy gathering daemons that use fifos instead of sockets. [RT #15840] @@ -212,6 +420,9 @@ when a positive one for the type was learnt. [RT #15818] +1996. [bug] nsupdate: if a zone has been specified it should + appear in the output of 'show'. [RT #15797] + 1995. [bug] 'host' was reporting multiple "is an alias" messages. [RT #15702] @@ -221,6 +432,9 @@ after the timestamp if "print-time yes" was specified. [RT #15844] +1992. [bug] Not all incoming zone transfer messages included the + view. [RT #15825] + 1991. [cleanup] The configuration data, once read, should be treated as readonly. Expand the use of const to enforce this at compile time. [RT #15813] @@ -232,6 +446,13 @@ 1989. [bug] win32: don't check the service password when re-installing. [RT #15882] +1988. [bug] Remove a bus error from the SHA256/SHA512 support. + [RT #15878] + +1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608] + +1986. [func] Report when a zone is removed. [RT #15849] + 1985. [protocol] DLV has now been assigned a official type code of 32769. [RT #15807] @@ -243,6 +464,12 @@ zone. You do not however have to upgrade all servers for a zone with DLV records simultaniously. +1984. [func] dig, nslookup and host now advertise a 4096 byte + EDNS UDP buffer size by default. [RT #15855] + +1983. [func] Two new update policies. "selfsub" and "selfwild". + [RT #12895] + 1982. [bug] DNSKEY was being accepted on the parent side of a delegation. KEY is still accepted there for RFC 3007 validated updates. [RT #15620] @@ -250,6 +477,9 @@ 1981. [bug] win32: condition.c:wait() could fail to reattain the mutex lock. +1980. [func] dnssec-signzone: output the SOA record as the + first record in the signed zone. [RT #15758] + 1979. [port] linux: allow named to drop core after changing user ids. [RT #15753] @@ -266,6 +496,9 @@ 1974. [doc] List each of the zone types and associated zone options seperately in the ARM. +1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and + HMACSHA512 support. [RT #13606] + 1972. [contrib] DBUS dynamic forwarders integation from Jason Vas Dias <jvdias@redhat.com>. @@ -280,9 +513,16 @@ 1968. [bug] Missing lock in resolver.c:validated(). [RT #15739] +1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779] + 1966. [bug] Don't set CD when we have fallen back to plain DNS. [RT #15727] +1965. [func] Suppress spurious "recusion requested but not + available" warning with 'dig +qr'. [RT #15780]. + +1964. [func] Seperate out MX and SRV to CNAME checks. [RT #15723] + 1963. [port] Tru64 4.0E doesn't support send() and recv(). [RT #15586] @@ -295,6 +535,10 @@ 1960. [bug] Update code should set NSEC ttls from SOA MINIMUM. [RT #15465] +1959. [func] Control the zeroing of the negative response TTL to + a soa query. Defaults "zero-no-soa-ttl yes;" and + "zero-no-soa-ttl-cache no;". [RT #15460] + 1958. [bug] Named failed to update the zone's secure state until the zone was reloaded. [RT #15412] @@ -307,6 +551,15 @@ 1955. [bug] Pre-allocate the cache cleaning interator. [RT #14998] +1954. [func] Named now falls back to advertising EDNS with a + 512 byte receive buffer if the initial EDNS queries + fail. [RT #14852] + +1953. [func] The maximum EDNS UDP response named will send can + now be set in named.conf (max-udp-size). This is + independent of the advertised receive buffer + (edns-udp-size). [RT #14852] + 1952. [port] hpux: tell the linker to build a runtime link path "-Wl,+b:". [RT #14816]. @@ -318,19 +571,36 @@ a TCP socket. This prevents the source address being set for TCP connections. [RT #15628] +1949. [func] Addition memory leakage checks. [RT #15544] + 1948. [bug] If was possible to trigger a REQUIRE failure in xfrin.c:maybe_free() if named ran out of memory. [RT #15568] +1947. [func] It is now possible to configure named to accept + expired RRSIGs. Default "dnssec-accept-expired no;". + Setting "dnssec-accept-expired yes;" leaves named + vulnerable to replay attacks. [RT #14685] + 1946. [bug] resume_dslookup() could trigger a REQUIRE failure when using forwarders. [RT #15549] +1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is nolonger recommended. + To generate a RSAMD5 key you must explicitly request + RSAMD5. [RT #13780] + 1944. [cleanup] isc_hash_create() does not need a read/write lock. [RT #15522] 1943. [bug] Set the loadtime after rolling forward the journal. [RT #15647] +1597. [func] Allow notify-source and query-source to be specified + on a per server basis similar to transfer-source. + [RT #6496] + + --- 9.4.0a3 released --- + 1942. [bug] If the name of a DNSKEY match that of one in trusted-keys do not attempt to validate the DNSKEY using the parents DS RRset. [RT #15649] @@ -341,31 +611,46 @@ 1940. [bug] Fixed a number of error conditions reported by Coverity. -1939. [bug] The resolver could dereference a null pointer after +1939. [bug] The resolver could dereference a null pointer after validation if all the queries have timed out. [RT #15528] 1938. [bug] The validator was not correctly handling unsecure negative responses at or below a SEP. [RT #15528] +1937. [bug] sdlz doesn't handle RRSIG records. [RT #15564] + +1936. [bug] The validator could leak memory. [RT #15544] + +1935. [bug] 'acache' was DO sensitive. [RT #15430] + +1934. [func] Validate pending NS RRsets, in the authority section, + prior to returning them if it can be done without + requiring DNSKEYs to be fetched. [RT #15430] + 1919. [contrib] queryperf: a set of new features: collecting/printing response delays, printing intermediate results, and adjusting query rate for the "target" qps. - --- 9.3.2 released --- + --- 9.4.0a2 released --- - --- 9.3.2rc1 released --- - -1936. [bug] The validator could leak memory. [RT #15544] +1933. [bug] dump_rdataset_raw() had a incorrect INSIST. [RT #15534] 1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530] - --- 9.3.2b2 released --- +1931. [bug] Per-client mctx could require a huge amount of memory, + particularly for a busy caching server. [RT #15519] 1930. [port] HPUX: ia64 support. [RT #15473] 1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM. +1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517] + +1927. [bug] Access to soanode or nsnode in rbtdb violated the + lock order rule and could cause a dead lock. + [RT# 15518] + 1926. [bug] The Windows installer did not check for empty passwords. BINDinstall was being installed in the wrong place. [RT #15483] @@ -377,17 +662,35 @@ 1923. [bug] ns_client_detach() called too early. [RT #15499] - --- 9.3.2b1 released --- +1922. [bug] check-tool.c:setup_logging() missing call to + dns_log_setcontext(). + +1921. [bug] Client memory contexts were not using internal + malloc. [RT# 15434] + +1920. [bug] The cache rbtdb lock array was too small to + have the desired performance characteristics. + [RT #15454] + + --- 9.4.0a1 released --- + +1918. [bug] Memory leak when checking acls. [RT #15391] 1917. [doc] funcsynopsisinfo wasn't being treated as verbatim when generating man pages. [RT #15385] +1916. [func] Integrate contibuted IDN code from JPNIC. [RT #15383] + 1915. [bug] dig +ndots was broken. [RT #15215] 1914. [protocol] DS is required to accept mnemonic algorithms (RFC 4034). Still emit numeric algorithms for compatability with RFC 3658. [RT #15354] +1913. [func] Integrate contibuted DLZ code into named. [RT #11382] + +1912. [port] aix: atomic locking for powerpc. [RT #15020] + 1911. [bug] Update windows socket code. [RT #14965] 1910. [bug] dig's +sigchase code overhauled. [RT #14933] @@ -395,44 +698,113 @@ 1909. [bug] The DLV code has been re-worked to make no longer query order sensitive. [RT #14933] +1908. [func] dig now warns if 'RA' is not set in the answer when + 'RD' was set in the query. host/nslookup skip servers + that fail to set 'RA' when 'RD' is set unless a server + is explicitly set. [RT #15005] + +1907. [func] host/nslookup now continue (default)/fail on SERVFAIL. + [RT #15006] + +1906. [func] dig now has a '-q queryname' and '+showsearch' options. + [RT #15034] + 1905. [bug] Strings returned from cfg_obj_asstring() should be - treated as read-only. [RT #15256] + treated as read-only. The prototype for + cfg_obj_asstring() has been updated to reflect this. + [RT #15256] + +1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and + friends. Note: RFC 1918 zones are not yet covered by + this but are likely to be in a future release. + + New options: empty-server, empty-contact, + empty-zones-enable and disable-empty-zone. + +1903. [func] ISC string copy API. + +1902. [func] Attempt to make the amount of work performed in a + iteration self tuning. The covers nodes clean from + the cache per iteration, nodes written to disk when + rewriting a master file and nodes destroyed per + iteration when destroying a zone or a cache. + [RT #14996] 1901. [cleanup] Don't add DNSKEY records to the additional section. 1900. [bug] ixfr-from-differences failed to ensure that the serial number increased. [RT #15036] -1896. [bug] Extend ISC_SOCKADDR_FORMATSIZE and +1899. [func] named-checkconf now validates update-policy entries. + [RT #14963] + +1898. [bug] Extend ISC_SOCKADDR_FORMATSIZE and ISC_NETADDR_FORMATSIZE to allow for scope details. -1894. [bug] Recursive clients soft quota support wasn't working +1897. [func] x86 and x86_64 now have seperate atomic locking + implementations. + +1896. [bug] Recursive clients soft quota support wasn't working as expected. [RT #15103] -1893. [bug] A escaped character is, potentially, converted to +1895. [bug] A escaped character is, potentially, converted to the output character set too early. [RT #14666] -1892. [port] Use uintptr_t if available. [RT #14606] +1894. [doc] Review ARM for BIND 9.4. + +1893. [port] Use uintptr_t if available. [RT #14606] + +1892. [func] Support for SPF rdata type. [RT #15033] + +1891. [port] freebsd: pthread_mutex_init can fail if it runs out + of memory. [RT #14995] + +1890. [func] Raise the UDP recieve buffer size to 32k if it is + less than 32k. [RT #14953] 1889. [port] sunos: non blocking i/o support. [RT #14951] +1888. [func] Support for IPSECKEY rdata type. [RT #14967] + 1887. [bug] The cache could delete expired records too fast for clients with a virtual time in the past. [RT #14991] 1886. [bug] fctx_create() could return success even though it failed. [RT #14993] +1885. [func] dig: report the number of extra bytes still left in + the packet after processing all the records. + 1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>. 1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug levels. [RT #14962] +1882. [func] Limit the number of recursive clients that can be + waiting for a single query (<qname,qtype,qclass>) to + resolve. New options clients-per-query and + max-clients-per-query. + 1881. [func] Add a system test for named-checkconf. [RT #14931] +1880. [func] The lame cache is now done on a <qname,qclass,qtype> + basis as some servers only appear to be lame for + certain query types. [RT #14916] + +1879. [func] "USE INTERNAL MALLOC" is now runtime selectable. + [RT #14892] + +1878. [func] Detect duplicates of UDP queries we are recursing on + and drop them. New stats category "duplicates". + [RT #2471] + 1877. [bug] Fix unreasonably low quantum on call to dns_rbt_destroy2(). Remove unnecessay unhash_node() call. [RT #14919] +1876. [func] Additional memory debugging support to track size + and mctx arguments. [RT #14814] + 1875. [bug] process_dhtkey() was using the wrong memory context to free some memory. [RT #14890] @@ -443,6 +815,15 @@ 1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753] +1870. [func] Added framework for handling multiple EDNS versions. + [RT #14873] + +1869. [func] dig can now specify the EDNS version when making + a query. [RT #14873] + +1868. [func] edns-udp-size can now be overridden on a per + server basis. [RT #14851] + 1867. [bug] It was possible to trigger a INSIST in dlv_validatezonekey(). [RT #14846] @@ -458,12 +839,21 @@ 1863. [bug] rrset-order "fixed" error messages not complete. +1862. [func] Add additional zone data constancy checks. + named-checkzone has extended checking of NS, MX and + SRV record and the hosts they reference. + named has extended post zone load checks. + New zone options: check-mx and integrity-check. + [RT #4940] + 1861. [bug] dig could trigger a INSIST on certain malformed responses. [RT #14801] 1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was incorrectly set. [RT #14775] +1859. [func] Add support for CH A record. [RT #14695] + 1858. [bug] The flush-zones-on-shutdown option wasn't being parsed. [RT #14686] @@ -486,6 +876,8 @@ 1852. [cleanup] Remove last vestiges of dnssec-signkey and dnssec-makekeyset (removed from Makefile years ago). +1851. [doc] Doxygen comment markup. [RT #11398] + 1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591] 1849. [doc] All forms of the man pages (docbook, man, html) should @@ -520,6 +912,9 @@ 1841. [bug] "dig +nssearch" now makes a recursive query to find the list of nameservers to query. [RT #13694] +1840. [func] dnssec-signzone can now randomize signature end times + (dnssec-signzone -j jitter). [RT #13609] + 1839. [bug] <isc/hash.h> was not being installed. 1838. [cleanup] Don't allow Linux capabilities to be inherited. @@ -564,16 +959,23 @@ 1822. [bug] check-names test for RT was reversed. [RT #13382] -1821. [doc] acls definitions are no longer required to be - in named.conf prior to reference. They can be - defined after being referenced. - 1820. [bug] Gracefully handle acl loops. [RT #13659] 1819. [bug] The validator needed to check both the algorithm and digest types of the DS to determine if it could be used to introduce a secure zone. [RT #13593] +1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599] + +1817. [func] Add support for additional zone file formats for + improving loading performance. The masterfile-format + option in named.conf can be used to specify a + non-default format. A separate command + named-compilezone was provided to generate zone files + in the new format. Additionally, the -I and -O options + for dnssec-signzone specify the input and output + formats. + 1816. [port] UnixWare: failed to compile lib/isc/unix/net.c. [RT #13597] @@ -581,6 +983,21 @@ without also setting the zone and it encountered a CNAME and was using TSIG. [RT #13086] +1814. [func] UNIX domain controls are now supported. + +1813. [func] Restructured the data locking framework using + architecture dependent atomic operations (when + available), improving response performance on + multi-processor machines significantly. + x86, x86_64, alpha, powerpc, and mips are currently + supported. + +1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect. + [RT #13453] + +1811. [func] Preserve the case of domain names in rdata during + zone transfers. [RT #13547] + 1810. [bug] configure, lib/bind/configure make different default decisions about whether to do a threaded build. [RT #13212] @@ -588,9 +1005,19 @@ 1809. [bug] "make distclean" failed for libbind if the platform is not supported. +1808. [bug] zone.c:notify_zone() contained a race condition, + zone->db could change underneath it. [RT #13511] + 1807. [bug] When forwarding (forward only) set the active domain from the forward zone name. [RT #13526] - + +1806. [bug] The resolver returned the wrong result when a CNAME / + DNAME was encountered when fetching glue from a + secure namespace. [RT #13501] + +1805. [bug] Pending status was not being cleared when DLV was + active. [RT #13501] + 1804. [bug] Ensure that if we are queried for glue that it fits in the additional section or TC is set to tell the client to retry using TCP. [RT #10114] @@ -600,40 +1027,36 @@ 1802. [bug] Handle connection resets better. [RT #11280] -1799. [bug] 'rndc flushname' failed to flush negative cache - entries. [RT #13438] - -1795. [bug] "rndc dumpdb" was not fully documented. Minor - formating issues with "rndc dumpdb -all". [RT #13396] +1801. [func] Report differences between hints and real NS rrset + and associated address records. -1791. [bug] 'host -t a' still printed out AAAA and MX records. - [RT #13230] - - --- 9.3.1 released --- +1800. [bug] Changes #1719 allowed a INSIST to be triggered. + [RT #13428] -1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599] +1799. [bug] 'rndc flushname' failed to flush negative cache + entries. [RT #13438] - --- 9.3.1rc1 released --- +1798. [func] The server syntax has been extended to support a + range of servers. [RT #11132] -1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect. - [RT #13453] +1797. [func] named-checkconf now check acls to verify that they + only refer to existing acls. [RT #13101] -1808. [bug] zone.c:notify_zone() contained a race condition, - zone->db could change underneath it. [RT #13511] +1796. [func] "rndc freeze/thaw" now freezes/thaws all zones. -1806. [bug] The resolver returned the wrong result when a CNAME / - DNAME was encountered when fetching glue from a - secure namespace. [RT #13501] +1795. [bug] "rndc dumpdb" was not fully documented. Minor + formating issues with "rndc dumpdb -all". [RT #13396] -1805. [bug] Pending status was not being cleared when DLV was - active. [RT #13501] +1794. [func] Named and named-checkzone can now both check for + non-terminal wildcard records. - --- 9.3.1beta2 released --- +1793. [func] Extend adjusting TTL warning messages. [RT #13378] -1800. [bug] Changes #1719 allowed a INSIST to be triggered. - [RT #13428] +1792. [func] New zone option "notify-delay". Specify a minimum + delay between sets of NOTIFY messages. - --- 9.3.1beta1 released --- +1791. [bug] 'host -t a' still printed out AAAA and MX records. + [RT #13230] 1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should allow parallel make to succeed. @@ -706,6 +1129,9 @@ if there was no SOA record in the replacment db. [RT #13016] +1763. [func] Perform sanity checks on NS records which refer to + 'in zone' names. [RT #13002] + 1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS even when it failed. [RT #12995] @@ -718,6 +1144,16 @@ 1759. [bug] Named failed to startup if the OS supported IPv6 but had no IPv6 interfaces configured. [RT #12942] +1758. [func] Don't send notify messages to self. [RT #12933] + +1757. [func] host now can turn on memory debugging flags with '-m'. + +1756. [func] named-checkconf now checks the logging configuration. + [RT #12352] + +1755. [func] allow-update is now settable at the options / view + level. [RT #6636] + 1754. [bug] We wern't always attempting to query the parent server for the DS records at the zone cut. [RT #12774] @@ -737,9 +1173,14 @@ 1749. [bug] 'check-names response ignore;' failed to ignore. [RT #12866] +1748. [func] dig now returns the byte count for axfr/ixfr. + 1747. [bug] BIND 8 compatability: named/named-checkconf failed to parse "host-statistics-max" in named.conf. +1746. [func] Make public the function to read a key file, + dst_key_read_public(). [RT #12450] + 1745. [bug] Dig/host/nslookup accept replies from link locals regardless of scope if no scope was specified when query was sent. [RT #12745] @@ -796,6 +1237,8 @@ 1730. [port] Determine the length type used by the socket API. [RT #12581] +1729. [func] Improve check-names error messages. + 1728. [doc] Update check-names documentation. 1727. [bug] named-checkzone: check-names support didn't match @@ -833,6 +1276,9 @@ 1716. [doc] named.conf(5) was being installed in the wrong location. [RT# 12441] +1715. [func] 'dig +trace' now randomly selects the next servers + to try. Report if there is a bad delegation. + 1714. [bug] dig/host/nslookup were only trying the first address when a nameserver was specified by name. [RT #12286] @@ -843,13 +1289,12 @@ 1712. [bug] Missing FULLCHECK for "trusted-key" in dig. - --- 9.3.0 released --- - 1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'. - --- 9.3.0rc4 released --- +1710. [func] 'rndc notify zone [class [view]]' resend the NOTIFY + messages for the specified zone. [RT #9479] -1709. [port] solaris: add SMF support. +1709. [port] solaris: add SMF support from Sun. 1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash() for conformance to the name space convention. Binary @@ -861,6 +1306,8 @@ 1706. [bug] 'rndc stop' failed to cause zones to be flushed sometimes. [RT #12328] +1705. [func] Allow the journal's name to be changed via named.conf. + 1704. [port] lwres needed a snprintf() implementation for platforms without snprintf(). Add missing "#include <isc/print.h>". [RT #12321] @@ -885,8 +1332,6 @@ specified one of listening addresses and a different port than the listening port. [RT #12257] - --- 9.3.0rc3 released --- - 1696. [bug] dnssec-signzone failed to clean out nodes that consisted of only NSEC and RRSIG records. [RT #12154] @@ -918,10 +1363,11 @@ 1686. [bug] Named sent a extraneous NOTIFY when it received a redundant UPDATE request. [RT #11943] - --- 9.3.0rc2 released --- - 1685. [bug] Change #1679 loop tests weren't quite right. +1684. [func] ixfr-from-differences now takes master and slave in + addition to yes and no at the options and view levels. + 1683. [bug] dig +sigchase could leak memory. [RT #11445] 1682. [port] Update configure test for (long long) printf format. @@ -930,6 +1376,8 @@ 1681. [bug] Only set SO_REUSEADDR when a port is specified in isc_socket_bind(). [RT #11742] +1680. [func] rndc: the source address can now be specified. + 1679. [bug] When there was a single nameserver with multiple addresses for a zone not all addresses were tried. [RT #11706] @@ -938,6 +1386,13 @@ 1677. [bug] dig: +aaonly didn't work, +aaflag undocumented. +1676. [func] New option "allow-query-cache". This lets + allow-query be used to specify the default zone + access level rather than having to have every + zone override the global value. allow-query-cache + can be set at both the options and view levels. + If allow-query-cache is not set allow-query applies. + 1675. [bug] named would sometimes add extra NSEC records to the authority section. @@ -963,21 +1418,22 @@ 1666. [bug] The optional port on hostnames in dual-stack-servers was being ignored. +1665. [func] rndc now allows addresses to be set in the + server clauses. + +1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY. + 1663. [func] Look for OpenSSL by default. +1662. [bug] Change #1658 failed to change one use of 'type' + to 'keytype'. + 1661. [bug] Restore dns_name_concatenate() call in adb.c:set_target(). [RT #11582] 1660. [bug] win32: connection_reset_fix() was being called unconditionally. [RT #11595] - --- 9.3.0rc1 released --- - -1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY. - -1662. [bug] Change #1658 failed to change one use of 'type' - to 'keytype'. - 1659. [cleanup] Cleanup some messages that were referring to KEY vs DNSKEY, NXT vs NSEC and SIG vs RRSIG. @@ -1034,8 +1490,6 @@ 1641. [bug] Update the check-names description in ARM. [RT #11389] - --- 9.3.0beta4 released --- - 1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was incorrectly closing the socket. [RT #11291] @@ -1080,12 +1534,6 @@ 1625. [bug] named failed to load/transfer RFC2535 signed zones which contained CNAMES. [RT# 11237] -1606. [bug] DLV insecurity proof was failing. - -1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC. - - --- 9.3.0beta3 released --- - 1624. [bug] zonemgr_putio() call should be locked. [RT# 11163] 1623. [bug] A serial number of zero was being displayed in the @@ -1130,16 +1578,6 @@ address type to be looked up with "@server". [RT #11069] -1600. [bug] Duplicate zone pre-load checks were not case - insensitive. - -1599. [bug] Fix memory leak on error path when checking named.conf. - -1598. [func] Specify that certain parts of the namespace must - be secure (dnssec-must-be-secure). - - --- 9.3.0beta2 released --- - 1609. [func] dig now has support to chase DNSSEC signature chains. Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES. @@ -1153,6 +1591,10 @@ 1607. [bug] dig, host and nslookup were still using random() to generate query ids. [RT# 11013] +1606. [bug] DLV insecurity proof was failing. + +1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC. + 1604. [bug] A xfrout_ctx_create() failure would result in xfrout_ctx_destroy() being called with a partially initialized structure. @@ -1167,15 +1609,26 @@ "allow-recursion" active' warning from view "_bind". [RT# 10920] +1600. [bug] Duplicate zone pre-load checks were not case + insensitive. + +1599. [bug] Fix memory leak on error path when checking named.conf. + +1598. [func] Specify that certain parts of the namespace must + be secure (dnssec-must-be-secure). + +1596. [func] Accept 'notify-source' style syntax for query-source. + +1595. [func] New notify type 'master-only'. Enable notify for + master zones only. + 1594. [bug] 'rndc dumpdb' could prevent named from answering queries while the dump was in progress. [RT #10565] 1593. [bug] rndc should return "unknown command" to unknown commands. [RT# 10642] - --- 9.3.0beta1 released --- - -1592. [bug] configure_view() could leak a dispatch. [RT #10675] +1592. [bug] configure_view() could leak a dispatch. [RT# 10675] 1591. [bug] libbind: updated to BIND 8.4.5. @@ -1190,6 +1643,8 @@ 1586. [func] "check-names" is now implemented. +1585. [placeholder] + 1584. [bug] "make test" failed with a read only source tree. [RT #10461] @@ -1320,6 +1775,8 @@ 1543. [bug] Logging using "versions unlimited" did not work. +1542. [placeholder] + 1541. [func] NSEC now uses new bitmap format. 1540. [bug] "rndc reload <dynamiczone>" was silently accepted. @@ -1328,12 +1785,16 @@ 1539. [bug] Open UDP sockets for notify-source and transfer-source that use reserved ports at startup. [RT #9475] +1538. [placeholder] rt9997 + 1537. [func] New option "querylog". If set specify whether query logging is to be enabled or disabled at startup. 1536. [bug] Windows socket code failed to log a error description when returning ISC_R_UNEXPECTED. [RT #9998] +1535. [placeholder] + 1534. [bug] Race condition when priming cache. [RT# 9940] 1533. [func] Warn if both "recursion no;" and "allow-recursion" @@ -1357,6 +1818,12 @@ 1527. [cleanup] Reduce the number of gettimeofday() calls without losing necessary timer granularity. +1526. [func] Implemented "additional section caching (or acache)", + an internal cache framework for additional section + content to improve response performance. Several + configuration options were provided to control the + behavior. + 1525. [bug] dns_cache_create() could trigger a REQUIRE failure in isc_mem_put() during error cleanup. [RT# 9360] @@ -1435,581 +1902,12 @@ 1500. [bug] host failed to lookup MX records. Also look up AAAA records. -1475. [port] Probe for old sprintf(). - -1474. [port] Provide strtoul() and memmove() for platforms - without them. - -1469. [func] Log end of outgoing zone transfer at same level - as the start of transfer is logged. [RT #4441] - -1468. [func] Internal zones are no longer counted for - 'rndc status'. [RT #4706] - -1467. [func] $GENERATES now supports optional class and ttl. - -1458. [cleanup] sprintf() -> snprintf(). - -1457. [port] Provide strlcat() and strlcpy() for platforms without - them. - -1455. [bug] <netaddr> missing from server grammar in - doc/misc/options. [RT #5616] - -1454. [port] Use getifaddrs() if available for interface scanning. - --disable-getifaddrs to override. Glibc currently - has a getifaddrs() that does not support IPv6. - Use --enable-getifaddrs=glibc to force the use of - this version under linux machines. - -1446. [func] Implemented undocumented alternate transfer sources - from BIND 8. See use-alt-transfer-source, - alt-transfer-source and alt-transfer-source-v6. - - SECURITY: use-alt-transfer-source is ENABLED unless - you are using views. This may cause a security risk - resulting in accidental disclosure of wrong zone - content if the master supplying different source - content based on IP address. If you are not certain - ISC recommends setting use-alt-transfer-source no; - -1444. [func] dns_view_findzonecut2() allows you to specify if the - cache should be searched for zone cuts. - -1443. [func] Masters lists can now be specified and referenced - in zone masters clauses and other masters lists. - -1442. [func] New functions for manipulating port lists: - dns_portlist_create(), dns_portlist_add(), - dns_portlist_remove(), dns_portlist_match(), - dns_portlist_attach() and dns_portlist_detach(). - -1441. [func] It is now possible to tell dig to bind to a specific - source port. - -1440. [func] It is now possible to tell named to avoid using - certain source ports (avoid-v4-udp-ports, - avoid-v6-udp-ports). - -1438. [func] Log TSIG (if any) when logging NOTIFY requests. - -1436. [func] dns_zonemgr_resumexfrs() can be used to restart - stalled transfers. - -1433. [bug] named could trigger a REQUIRE failure if it could - not get a file descriptor when attempting to write - a master file. [RT #4347] - -1432. [func] The advertised EDNS UDP buffer size can now be set - via named.conf (edns-udp-size). - -1430. [port] linux: IPv6 interface scanning support. - -1422. [func] Log name/type/class when denying a query. [RT #4663] - -1421. [func] Differentiate updates that don't succeed due to - prerequisites (unsuccessful) vs other reasons - (failed). - -1417. [func] ID.SERVER/CHAOS is now a built in zone. - See "server-id" for how to configure. - -1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived - from SOA MINIMUM. - -1414. [func] Support for KSK flag. - -1413. [func] Explicitly request the (re-)generation of DS records - from keysets (dnssec-signzone -g). - -1412. [func] You can now specify servers to be tried if a nameserver - has IPv6 address and you only support IPv4 or the - reverse. See dual-stack-servers. - -1410. [func] Handle records that live in the parent zone, e.g. DS. - -1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC. - -1404. [bug] libbind: ns_name_ntol() could overwrite a zero length - buffer. - -1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset - dnssec-signkey now report their version in the - usage message. - -1402. [cleanup] A6 has been moved to experimental and is no longer - fully supported. - -1400. [bug] Block the addition of wildcard NS records by IXFR - or UPDATE. [RT #3502] - -1398. [doc] ARM: notify-also should have been also-notify. - [RT #4345] - -1396. [func] dnssec-signzone: adjust the default signing time by - 1 hour to allow for clock skew. - -1394. [func] It is now possible to check if a particular element is - in a acl. Remove duplicate entries from the localnets - acl. - -1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY - is not available in the kernel to prevent accidently - listening on IPv4 interfaces. - -1392. [bug] named-checkzone: update usage. - -1391. [func] Add support for IPv6 scoped addresses in named. - -1390. [func] host now supports ixfr. - -1386. [bug] named-checkzone -z stopped on errors in a zone. - [RT #3653] - -1383. [func] Track the serial number in a IXFR response and log if - a mismatch occurs. This is a more specific error than - "not exact". [RT #3445] - -1380. [func] 'rndc recursing' dump recursing queries to - 'recursing-file = "named.recursing";'. - -1379. [func] 'rndc status' now reports tcp and recursion quota - states. - -1378. [func] Improved positive feedback for 'rndc {reload|refresh}. - -1377. [func] dns_zone_load{new}() now reports if the zone was - loaded, queued for loading to up to date. - -1376. [func] New function dns_zone_logc() to log to specified - category. - -1375. [func] 'rndc dumpdb' now dumps the adb cache along with the - data cache. - -1374. [func] dns_adb_dump() now logs the lame zones associated - with each server. - -1371. [bug] notify-source-v6, transfer-source-v6 and - query-source-v6 with explicit addresses and using the - same ports as named was listening on could interfere - with named's ability to answer queries sent to those - addresses. - -1368. [func] remove support for bitstring labels. - -1367. [func] Use response times to select forwarders. - -1365. [func] "localhost" and "localnets" acls now include IPv6 - addresses / prefixes. - -1364. [func] Log file name when unable to open memory statistics - and dump database files. [RT# 3437] - -1363. [func] Listen-on-v6 now supports specific addresses. - -1362. [bug] remove IFF_RUNNING test when scanning interfaces. - -1361. [func] log the reason for rejecting a server when resolving - queries. - -1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME. - -1344. [func] Log if the serial number on the master has gone - backwards. - If you have multiple machines specified in the masters - clause you may want to set 'multi-master yes;' to - suppress this warning. - -1343. [func] Log successful notifies received (info). Adjust log - level for failed notifies to notice. - -1342. [func] Log remote address with TCP dispatch failures. - -1341. [func] Allow a rate limiter to be stalled. - -1339. [func] dig, host and nslookup now use IP6.ARPA for nibble - lookups. Bit string lookups are no longer attempted. - -1336. [func] Nibble lookups under IP6.ARPA are now supported by - dns_byaddr_create(). dns_byaddr_createptrname() is - deprecated, use dns_byaddr_createptrname2() instead. - -1332. [func] Report the current serial with periodic commits when - rolling forward the journal. - -1331. [func] Generate DNSSEC wildcard proofs. - -1329. [func] named-checkzone will now check if nameservers that - appear to be IP addresses. Available modes "fail", - "warn" (default) and "ignore" the results of the - check. - -1328. [bug] The validator could incorrectly verify an invalid - negative proof. - -1322. [bug] dnssec-signzone usage message was misleading. - -1321. [bug] If the last RRset in a zone is glue, dnssec-signzone - would incorrectly duplicate its output and sign it. - -1313. [func] Query log now says if the query was signed (S) or - if EDNS was used (E). - -1312. [func] Log TSIG key used w/ outgoing zone transfers. - -1309. [func] Log that a zone transfer was covered by a TSIG. - -1308. [func] DS (delegation signer) support. - -1304. [func] New function: dns_zone_name(). - -1303. [func] Option 'flush-zones-on-shutdown <boolean>;'. - -1302. [func] Extended rndc dumpdb to support dumping of zones and - view selection: 'dumpdb [-all|-zones|-cache] [view]'. - -1301. [func] New category 'update-security'. - -1300. [port] Compaq Trucluster support. - -1293. [func] Entropy can now be retrieved from EGDs. [RT #2438] - -1292. [func] Enable IPv6 support when using ioctl style interface - scanning and OS supports SIOCGLIFADDR using struct - if_laddrreq. - -1291. [func] Enable IPv6 support when using sysctl style interface - scanning. - -1290. [func] "dig axfr" now reports the number of messages - as well as the number of records. - -1285. [func] lwres: probe the system to see what address families - are currently in use. - -1283. [func] Use "dataready" accept filter if available. - -1281. [func] Log zone when unable to get private keys to update - zone. Log zone when NXT records are missing from - secure zone. - -1278. [func] dig: now supports +[no]cl +[no]ttlid. - -1277. [func] You can now create your own customized printing - styles: dns_master_stylecreate() and - dns_master_styledestroy(). - -1271. [bug] "recursion available: {denied,approved}" was too - confusing. - -1267. [func] isc_file_openunique() now creates file using mode - 0666 rather than 0600. - -1254. [func] preferred-glue option from BIND 8.3. - -1250. [func] Nsupdate will report the address the update was - sent to. - -1247. [bug] Don't reset the interface index for link/site local - addresses. [RT #2576] - -1246. [func] New functions isc_sockaddr_issitelocal(), - isc_sockaddr_islinklocal(), isc_netaddr_issitelocal() - and isc_netaddr_islinklocal(). - -1243. [bug] It was possible to trigger a REQUIRE() in - dns_message_findtype(). [RT #2659] - -1235. [func] Report 'out of memory' errors from openssl. - -1234. [bug] contrib/sdb: 'zonetodb' failed to call - dns_result_register(). DNS_R_SEENINCLUDE should not - be fatal. - -1233. [bug] The flags field of a KEY record can be expressed in - hex as well as decimal. - -1226. [func] Use EDNS for zone refresh queries. [RT #2551] - -1225. [func] dns_message_setopt() no longer requires that - dns_message_renderbegin() to have been called. - -1224. [bug] 'rrset-order' and 'sortlist' should be additive - not exclusive. - -1223. [func] 'rrset-order' partially works 'cyclic' and 'random' - are supported. - -1220. [func] Support for APL rdata type. - -1219. [func] Named now reports the TSIG extended error code when - signature verification fails. [RT #1651] - -1217. [func] Report locations of previous key definition when a - duplicate is detected. - -1213. [func] Report view associated with client if it is not a - standard view (_default or _bind). - -1203. [func] Report locations of previous acl and zone definitions - when a duplicate is detected. - -1202. [func] New functions: cfg_obj_line() and cfg_obj_file(). - -1192. [bug] The seconds fields in LOC records were restricted - to three decimal places. More decimal places should - be allowed but warned about. - -1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands. - [RT #2394] - -1187. [bug] named was incorrectly returning DNSSEC records - in negative responses when the DO bit was not set. - -1181. [func] Add the "key-directory" configuration statement, - which allows the server to look for online signing - keys in alternate directories. - -1180. [func] dnssec-keygen should always generate keys with - protocol 3 (DNSSEC), since it's less confusing - that way. - -1179. [func] Add SIG(0) support to nsupdate. - -1177. [func] Report view when loading zones if it is not a - standard view (_default or _bind). [RT #2270] - -1171. [func] Added function isc_region_compare(), updated files in - lib/dns to use this function instead of local one. - -1169. [func] Identify recursive queries in the query log. - -1163. [func] isc_time_formattimestamp() now includes the year. - -1159. [bug] MD and MF are not permitted to be loaded by RFC1123. - -1158. [func] Report the client's address when logging notify - messages. - -1157. [func] match-clients and match-destinations now accept - keys. [RT #2045] - -1155. [func] Recover from master files being removed from under - us. - -1153. [func] 'rndc {stop|halt} -p' now reports the process id - of the instance of named being shutdown. - -1151. [bug] nslookup failed to check that the arguments to - the port, timeout, and retry options were - valid integers and in range. [RT #2099] - -1150. [bug] named incorrectly accepted TTL values - containing plus or minus signs, such as - 1d+1h-1s. - -1149. [func] New function isc_parse_uint32(). - -1148. [func] 'rndc-confgen -a' now provides positive feedback. - -1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by - the OS. listen-on-v6 { any; }; should no longer - result in IPv4 queries be accepted. Similarly - control { inet :: ... }; should no longer result - in IPv4 connections being accepted. This can be - overridden at compile time by defining - ISC_ALLOW_MAPPED=1. - -1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if - supported by the OS by a new function - isc_socket_ipv6only(). - -1145. [func] "host" no longer reports a NOERROR/NODATA response - by printing nothing. [RT #2065] - -1143. [bug] When a trusted-keys statement was present and named - was built without crypto support, it would leak memory. - -1139. [func] It is now possible to flush a given name from the - cache(s) via 'rndc flushname name [view]'. [RT #2051] - -1138. [func] It is now possible to flush a given name from the - cache by calling the new function - dns_cache_flushname(). - -1137. [func] It is now possible to flush a given name from the - ADB by calling the new function dns_adb_flushname(). - -1135. [func] You can now override the default syslog() facility for - named/lwresd at compile time. [RT #1982] - -1132. [func] Improve UPDATE prerequisite failure diagnostic messages. - -1128. [func] sdb drivers can now provide RR data in either text - or wire format, the latter using the new functions - dns_sdb_putrdata() and dns_sdb_putnamedrdata(). - -1127. [func] rndc: If the server to contact has multiple addresses, - try all of them. - -1119. [func] Added support in Win32 for NTFS file/directory ACL's - for access control. - -1115. [func] Set maximum values for cleaning-interval, - heartbeat-interval, interface-interval, - max-transfer-idle-in, max-transfer-idle-out, - max-transfer-time-in, max-transfer-time-out, - statistics-interval of 28 days and - sig-validity-interval of 3660 days. [RT #2002] - -1110. [bug] dig should only accept valid abbreviations of +options. - [RT #2003] - -1105. [port] OpenUNIX 8 enable threads by default. [RT #1970] - -1080. [bug] BIND 8 compatibility: accept bare IP prefixes - as the second element of a two-element top level - sort list statement. [RT #1964] - -1079. [bug] BIND 8 compatibility: accept bare elements at top - level of sort list treating them as if they were - a single element list. [RT #1963] - -1077. [func] Do not accept further recursive clients when - the total number of recursive lookups being - processed exceeds max-recursive-clients, even - if some of the lookups are internally generated. - [RT #1915, #1938] - -1073. [bug] The ADB cache cleaning should also be space driven. - [RT #1915, #1938] - -1067. [func] Allow quotas to be soft, isc_quota_soft(). - -1065. [func] Runtime support to select new / old style interface - scanning using ioctls. - -1060. [func] Move refresh, stub and notify UDP retry processing - into dns_request. - -1059. [func] dns_request now support will now retry UDP queries, - dns_request_createvia2() and dns_request_createraw2(). - -1058. [func] Limited lifetime ticker timers are now available, - isc_timertype_limited. - -1055. [func] Version and hostname queries can now be disabled - using "version none;" and "hostname none;", - respectively. - -1049. [func] "pid-file none;" will disable writing a pid file. - [RT #1848] - -1037. [bug] Negative responses whose authority section contain - SOA or NS records whose owner names are not equal - equal to or parents of the query name should be - rejected. [RT #1862] - -1036. [func] Silently drop requests received via multicast as - long as there is no final multicast DNS standard. - -1035. [bug] If we respond to multicast queries (which we - currently do not), respond from a unicast address - as specified in RFC 1123. [RT #137] - -1034. [bug] Ignore the RD bit on multicast queries as specified - in RFC 1123. [RT #137] - -1032. [func] hostname.bind/txt/chaos now returns the name of - the machine hosting the nameserver. This is useful - in diagnosing problems with anycast servers. - -1025. [bug] Don't use multicast addresses to resolve iterative - queries. [RT #101] - -1024. [port] Compilation failed on HP-UX 11.11 due to - incompatible use of the SIOCGLIFCONF macro - name. [RT #1831] - -1023. [func] Accept hints without TTLs. - -1011. [cleanup] Removed isc_dir_current(). - -1009. [port] OpenUNIX 8 support. [RT #1728] - -1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2. - -1007. [port] config.guess, config.sub from autoconf-2.52. - -1003. [func] Add the +retry option to dig. - - 999. [func] "rndc retransfer zone [class [view]]" added. - [RT #1752] - - 998. [func] named-checkzone now has arguments to specify the - chroot directory (-t) and working directory (-w). - [RT #1755] - - 997. [func] Add support for RSA-SHA1 keys (RFC3110). - - 996. [func] Issue warning if the configuration filename contains - the chroot path. - - 994. [func] Treat non-authoritative responses to queries for type - NS as referrals even if the NS records are in the - answer section, because BIND 8 servers incorrectly - send them that way. This is necessary for DNSSEC - validation of the NS records of a secure zone to - succeed when the parent is a BIND 8 server. [RT #1706] - - 993. [func] dig: -v now reports the version. - - 991. [func] Lower UDP refresh timeout messages to level - debug 1. - - 985. [func] Consider network interfaces to be up iff they have - a nonzero IP address rather than based on the - IFF_UP flag. [RT #1160] - - 983. [func] The server now supports generating IXFR difference - sequences for non-dynamic zones by comparing zone - versions, when enabled using the new config - option "ixfr-from-differences". [RT #1727] - - 982. [func] If "memstatistics-file" is set in options the memory - statistics will be written to it. - - 981. [func] The dnssec tools can now take multiple '-r randomfile' - arguments. - - 979. [func] Incremental master file dumping. dns_master_dumpinc(), - dns_master_dumptostreaminc(), dns_dumpctx_attach(), - dns_dumpctx_detach(), dns_dumpctx_cancel(), - dns_dumpctx_db() and dns_dumpctx_version(). - - 976. [func] named-checkconf can now test load master zones - (named-checkconf -z). [RT #1468] - - 970. [func] 'max-journal-size' can now be used to set a target - size for a journal. - - 969. [func] dig now supports the undocumented dig 8 feature - of allowing arbitrary labels, not just dotted - decimal quads, with the -x option. This can be - used to conveniently look up RFC2317 names as in - "dig -x 10.0.0.0-127". [RT #827, #1576, #1598] - - --- 9.2.3rc1 released --- - 1499. [bug] isc_random need to be seeded better if arc4random() is not used. 1498. [port] bsdos: 5.x support. -1497. [protocol] dig, nslookup and host now perform nibble lookups - under IP6.ARPA, use -i for IP6.INT (dig and host). - lwres now uses IP6.ARPA. +1497. [placeholder] 1496. [port] test for pthread_attr_setstacksize(). @@ -2017,7 +1915,7 @@ 1494. [security] Turn on RSA BLINDING as a precaution. -1493. [doc] A6 and "bitstring" labels are now experimental. +1493. [placeholder] 1492. [cleanup] Preserve rwlock quota context when upgrading / downgrading. [RT #5599] @@ -2073,8 +1971,12 @@ 1477. [bug] memory leak using stub zones and TSIG. -1476. [port] win32: port unreachables were blocking further i/o - on sockets (Windows 2000 SP2 and later). +1476. [placeholder] + +1475. [port] Probe for old sprintf(). + +1474. [port] Provide strtoul() and memmove() for platforms + without them. 1473. [bug] create_map() and create_string() failed to handle out of memory cleanup. [RT #6813] @@ -2085,6 +1987,14 @@ 1470. [bug] Incorrect length passed to snprintf. [RT #5966] +1469. [func] Log end of outgoing zone transfer at same level + as the start of transfer is logged. [RT #4441] + +1468. [func] Internal zones are no longer counted for + 'rndc status'. [RT #4706] + +1467. [func] $GENERATES now supports optional class and ttl. + 1466. [bug] lwresd configuration errors resulted in memory and lock leaks. [RT #5228] @@ -2106,15 +2016,27 @@ 1460. [bug] inet_pton() failed to reject certain malformed IPv6 literals. -1459. [bug] win32: we were leaking a bits in the exception - fd_set resulting in "Socket operation on non-socket" - errors from select(). [RT #2966] +1459. [placeholder] + +1458. [cleanup] sprintf() -> snprintf(). + +1457. [port] Provide strlcat() and strlcpy() for platforms without + them. 1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer. +1455. [bug] <netaddr> missing from server grammar in + doc/misc/options. [RT #5616] + +1454. [port] Use getifaddrs() if available for interface scanning. + --disable-getifaddrs to override. Glibc currently + has a getifaddrs() that does not support IPv6. + Use --enable-getifaddrs=glibc to force the use of + this version under linux machines. + 1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298] -1452. [bug] Bad #ifdef, ISC_RFC2335 -> ISC_RFC2535. +1452. [placeholder] 1451. [bug] rndc-confgen didn't exit with a error code for all failures. [RT #5209] @@ -2131,44 +2053,121 @@ rdataset->private4 is now rdataset->privateuint4 to reflect a type change. +1446. [func] Implemented undocumented alternate transfer sources + from BIND 8. See use-alt-transfer-source, + alt-transfer-source and alt-transfer-source-v6. + + SECURITY: use-alt-transfer-source is ENABLED unless + you are using views. This may cause a security risk + resulting in accidental disclosure of wrong zone + content if the master supplying different source + content based on IP address. If you are not certain + ISC recommends setting use-alt-transfer-source no; + 1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has been replaced with DNS_ADBFIND_STARTATZONE which causes the search to start using the closest zone. +1444. [func] dns_view_findzonecut2() allows you to specify if the + cache should be searched for zone cuts. + +1443. [func] Masters lists can now be specified and referenced + in zone masters clauses and other masters lists. + +1442. [func] New functions for manipulating port lists: + dns_portlist_create(), dns_portlist_add(), + dns_portlist_remove(), dns_portlist_match(), + dns_portlist_attach() and dns_portlist_detach(). + +1441. [func] It is now possible to tell dig to bind to a specific + source port. + +1440. [func] It is now possible to tell named to avoid using + certain source ports (avoid-v4-udp-ports, + avoid-v6-udp-ports). + 1439. [bug] Named could return NOERROR with certain NOTIFY failures. Return NOTAUTH if the NOTIFY zone is not being served. +1438. [func] Log TSIG (if any) when logging NOTIFY requests. + +1437. [bug] Leave space for stdio to work in. [RT #5033] + +1436. [func] dns_zonemgr_resumexfrs() can be used to restart + stalled transfers. + 1435. [bug] zmgr_resume_xfrs() was being called read locked rather than write locked. zmgr_resume_xfrs() was not being called if the zone was being shutdown. -1437. [bug] Leave space for stdio to work in. [RT #5033] - 1434. [bug] "rndc reconfig" failed to initiate the initial zone transfer of new slave zones. +1433. [bug] named could trigger a REQUIRE failure if it could + not get a file descriptor when attempting to write + a master file. [RT #4347] + +1432. [func] The advertised EDNS UDP buffer size can now be set + via named.conf (edns-udp-size). + 1431. [bug] isc_print_snprintf() "%s" with precision could walk off end of argument. [RT #5191] +1430. [port] linux: IPv6 interface scanning support. + 1429. [bug] Prevent the cache getting locked to old servers. +1428. [placeholder] + +1427. [bug] Race condition in adb with threaded build. + +1426. [placeholder] + +1425. [port] linux/libbind: define __USE_MISC when testing *_r() + function prototypes in netdb.h. [RT #4921] + 1424. [bug] EDNS version not being correctly printed. 1423. [contrib] queryperf: added A6 and SRV. +1422. [func] Log name/type/class when denying a query. [RT #4663] + +1421. [func] Differentiate updates that don't succeed due to + prerequisites (unsuccessful) vs other reasons + (failed). + 1420. [port] solaris: work around gcc optimizer bug. 1419. [port] openbsd: use /dev/arandom. [RT #4950] 1418. [bug] 'rndc reconfig' did not cause new slaves to load. +1417. [func] ID.SERVER/CHAOS is now a built in zone. + See "server-id" for how to configure. + 1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN. [RT #4715] +1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived + from SOA MINIMUM. + +1414. [func] Support for KSK flag. + +1413. [func] Explicitly request the (re-)generation of DS records + from keysets (dnssec-signzone -g). + +1412. [func] You can now specify servers to be tried if a nameserver + has IPv6 address and you only support IPv4 or the + reverse. See dual-stack-servers. + 1411. [bug] empty nodes should stop wildcard matches. [RT #4802] +1410. [func] Handle records that live in the parent zone, e.g. DS. + +1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC. + 1408. [bug] "make distclean" was not complete. [RT #4700] 1407. [bug] lfsr incorrectly implements the shift register. @@ -2179,13 +2178,49 @@ 1405. [func] Use arc4random() if available. +1404. [bug] libbind: ns_name_ntol() could overwrite a zero length + buffer. + +1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset + dnssec-signkey now report their version in the + usage message. + +1402. [cleanup] A6 has been moved to experimental and is no longer + fully supported. + 1401. [bug] adb wasn't clearing state when the timer expired. +1400. [bug] Block the addition of wildcard NS records by IXFR + or UPDATE. [RT #3502] + 1399. [bug] Use serial number arithmetic when testing SIG timestamps. [RT #4268] +1398. [doc] ARM: notify-also should have been also-notify. + [RT #4345] + 1397. [bug] J.ROOT-SERVERS.NET is now 192.58.128.30. +1396. [func] dnssec-signzone: adjust the default signing time by + 1 hour to allow for clock skew. + +1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't + have a working implementation. [RT #4079] + +1394. [func] It is now possible to check if a particular element is + in a acl. Remove duplicate entries from the localnets + acl. + +1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY + is not available in the kernel to prevent accidently + listening on IPv4 interfaces. + +1392. [bug] named-checkzone: update usage. + +1391. [func] Add support for IPv6 scoped addresses in named. + +1390. [func] host now supports ixfr. + 1389. [bug] named could fail to rotate long log files. [RT #3666] 1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before @@ -2195,68 +2230,81 @@ space (which caused an assertion failure) in incremental cleaning. [RT #3588] +1386. [bug] named-checkzone -z stopped on errors in a zone. + [RT #3653] + 1385. [bug] Setting serial-query-rate to 10 would trigger a REQUIRE failure. 1384. [bug] host was incompatible with BIND 8 in its exit code and in the output with the -l option. [RT #3536] -1373. [bug] Recovery from expired glue failed under certain - circumstances. +1383. [func] Track the serial number in a IXFR response and log if + a mismatch occurs. This is a more specific error than + "not exact". [RT #3445] -1372. [bug] named crashes with an assertion failure on exit when - sharing the same port for listening and querying, and - changing listening addresses several times. [RT# 3509] +1382. [bug] make install failed with --enable-libbind. [RT #3656] -1370. [bug] dig '+[no]recurse' was incorrectly documented. +1381. [bug] named failed to correctly process answers that + contained DNAME records where the resulting CNAME + resulted in a negative answer. -1369. [bug] Adding an NS record as the lexicographically last - record in a secure zone didn't work. +1380. [func] 'rndc recursing' dump recursing queries to + 'recursing-file = "named.recursing";'. -1366. [contrib] queryperf usage was incomplete. Add '-h' for help. +1379. [func] 'rndc status' now reports tcp and recursion quota + states. -1348. [port] win32: Rewrote code to use I/O Completion Ports - in socket.c and eliminating a host of socket - errors. Performance is enhanced. +1378. [func] Improved positive feedback for 'rndc {reload|refresh}. -1333. [contrib] queryperf now reports a summary of returned - rcodes (-c), rcodes are printed in mnemonic form (-v). +1377. [func] dns_zone_load{new}() now reports if the zone was + loaded, queued for loading to up to date. -1299. [bug] Set AI_ADDRCONFIG when looking up addresses - via getaddrinfo() (affects dig, host, nslookup, rndc - and nsupdate). +1376. [func] New function dns_zone_logc() to log to specified + category. -1199. [doc] ARM reference to RFC 2157 should have been RFC 1918. - [RT #2436] +1375. [func] 'rndc dumpdb' now dumps the adb cache along with the + data cache. -1122. [tuning] Resolution timeout reduced from 90 to 30 seconds. - [RT #2046] +1374. [func] dns_adb_dump() now logs the lame zones associated + with each server. - 992. [doc] dig: ~/.digrc is now documented. +1373. [bug] Recovery from expired glue failed under certain + circumstances. - --- 9.2.2 released --- +1372. [bug] named crashes with an assertion failure on exit when + sharing the same port for listening and querying, and + changing listening addresses several times. [RT# 3509] -1428. [port] hpux: temporary work around of hpux 11.11 interface - scanning. +1371. [bug] notify-source-v6, transfer-source-v6 and + query-source-v6 with explicit addresses and using the + same ports as named was listening on could interfere + with named's ability to answer queries sent to those + addresses. -1427. [bug] Race condition in adb with threaded build. +1370. [bug] dig '+[no]recurse' was incorrectly documented. -1426. [cleanup] Disable RFC2535 style DNSSEC. This is incompatible - with the forthcoming DS style DNSSEC. +1369. [bug] Adding an NS record as the lexicographically last + record in a secure zone didn't work. -1425. [port] linux/libbind: define __USE_MISC when testing *_r() - function prototypes in netdb.h. [RT #4921] +1368. [func] remove support for bitstring labels. -1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't - have a working implementation. [RT #4079] +1367. [func] Use response times to select forwarders. -1382. [bug] make install failed with --enable-libbind. [RT #3656] +1366. [contrib] queryperf usage was incomplete. Add '-h' for help. -1381. [bug] named failed to correctly process answers that - contained DNAME records where the resulting CNAME - resulted in a negative answer. +1365. [func] "localhost" and "localnets" acls now include IPv6 + addresses / prefixes. - --- 9.2.2rc1 released --- +1364. [func] Log file name when unable to open memory statistics + and dump database files. [RT# 3437] + +1363. [func] Listen-on-v6 now supports specific addresses. + +1362. [bug] remove IFF_RUNNING test when scanning interfaces. + +1361. [func] log the reason for rejecting a server when resolving + queries. 1360. [bug] --enable-libbind would fail when not built in the source tree for certain OS's. @@ -2271,6 +2319,8 @@ 1356. [tuning] Reduce the number of events / quantum for zone tasks. +1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME. + 1354. [doc] lwres man pages had illegal nroff. 1353. [contrib] sdb/ldap to version 0.9. @@ -2288,26 +2338,68 @@ 1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a). http://www.cert.org/advisories/CA-2002-23.html -1346. [bug] Win32: select timeout in socket.c was too small - as value given was meant to be milliseconds and - timeval structure requires microseconds. This - caused high CPU loads with a compute bound loop. - [RT #3358] +1348. [port] win32: Rewrote code to use I/O Completion Ports + in socket.c and eliminating a host of socket + errors. Performance is enhanced. + +1347. [placeholder] + +1346. [placeholder] 1345. [port] Use a explicit -Wformat with gcc. Not all versions include it in -Wall. +1344. [func] Log if the serial number on the master has gone + backwards. + If you have multiple machines specified in the masters + clause you may want to set 'multi-master yes;' to + suppress this warning. + +1343. [func] Log successful notifies received (info). Adjust log + level for failed notifies to notice. + +1342. [func] Log remote address with TCP dispatch failures. + +1341. [func] Allow a rate limiter to be stalled. + 1340. [bug] Delay and spread out the startup refresh load. +1339. [func] dig, host and nslookup now use IP6.ARPA for nibble + lookups. Bit string lookups are no longer attempted. + +1338. [placeholder] + +1337. [placeholder] + +1336. [func] Nibble lookups under IP6.ARPA are now supported by + dns_byaddr_create(). dns_byaddr_createptrname() is + deprecated, use dns_byaddr_createptrname2() instead. + 1335. [bug] When performing a nonexistence proof, the validator should discard parent NXTs from higher in the DNS. 1334. [bug] When signing/verifying rdatasets, duplicate rdatas need to be suppressed. +1333. [contrib] queryperf now reports a summary of returned + rcodes (-c), rcodes are printed in mnemonic form (-v). + +1332. [func] Report the current serial with periodic commits when + rolling forward the journal. + +1331. [func] Generate DNSSEC wildcard proofs. + 1330. [bug] When processing events (non-threaded) only allow the task one chance to use to use its quantum. +1329. [func] named-checkzone will now check if nameservers that + appear to be IP addresses. Available modes "fail", + "warn" (default) and "ignore" the results of the + check. + +1328. [bug] The validator could incorrectly verify an invalid + negative proof. + 1327. [bug] The validator would incorrectly mark data as insecure when seeing a bogus signature before a correct signature. @@ -2322,6 +2414,11 @@ 1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205] +1322. [bug] dnssec-signzone usage message was misleading. + +1321. [bug] If the last RRset in a zone is glue, dnssec-signzone + would incorrectly duplicate its output and sign it. + 1320. [doc] query-source-v6 was missing from options section. [RT #3218] @@ -2339,11 +2436,20 @@ 1314. [port] Handle ECONNRESET from sendmsg() [unix]. +1313. [func] Query log now says if the query was signed (S) or + if EDNS was used (E). + +1312. [func] Log TSIG key used w/ outgoing zone transfers. + 1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159] 1310. [bug] 'rndc stop' failed to cause zones to be flushed sometimes. [RT #3157] +1309. [func] Log that a zone transfer was covered by a TSIG. + +1308. [func] DS (delegation signer) support. + 1307. [bug] nsupdate: allow white space base64 key data. 1306. [bug] Badly encoded LOC record when the size, horizontal @@ -2352,6 +2458,21 @@ 1305. [bug] Document that internal zones are included in the rndc status results. +1304. [func] New function: dns_zone_name(). + +1303. [func] Option 'flush-zones-on-shutdown <boolean>;'. + +1302. [func] Extended rndc dumpdb to support dumping of zones and + view selection: 'dumpdb [-all|-zones|-cache] [view]'. + +1301. [func] New category 'update-security'. + +1300. [port] Compaq Trucluster support. + +1299. [bug] Set AI_ADDRCONFIG when looking up addresses + via getaddrinfo() (affects dig, host, nslookup, rndc + and nsupdate). + 1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile could be left with a trailing "\" after configure has been run. @@ -2369,6 +2490,18 @@ IPv6 reverse resolution. Try IP6.ARPA then IP6.INT for nibble style resolution. +1293. [func] Entropy can now be retrieved from EGDs. [RT #2438] + +1292. [func] Enable IPv6 support when using ioctl style interface + scanning and OS supports SIOCGLIFADDR using struct + if_laddrreq. + +1291. [func] Enable IPv6 support when using sysctl style interface + scanning. + +1290. [func] "dig axfr" now reports the number of messages + as well as the number of records. + 1289. [port] See if -ldl is required for OpenSSL? [RT #2672] 1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better @@ -2381,16 +2514,31 @@ 1286. [bug] dns_name_downcase() enforce requirement that target != NULL or name->buffer != NULL. +1285. [func] lwres: probe the system to see what address families + are currently in use. + 1284. [bug] The RTT estimate on unused servers was not aged. [RT #2569] +1283. [func] Use "dataready" accept filter if available. + 1282. [port] libbind: hpux 11.11 interface scanning. +1281. [func] Log zone when unable to get private keys to update + zone. Log zone when NXT records are missing from + secure zone. + 1280. [bug] libbind: escape '(' and ')' when converting to presentation form. 1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590] +1278. [func] dig: now supports +[no]cl +[no]ttlid. + +1277. [func] You can now create your own customized printing + styles: dns_master_stylecreate() and + dns_master_styledestroy(). + 1276. [bug] libbind: const pointer conflicts in res_debug.c. 1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN. @@ -2402,6 +2550,9 @@ 1272. [contrib] Berkeley DB 4.0 sdb implementation from Nuno Miguel Rodrigues <nmr@co.sapo.pt>. +1271. [bug] "recursion available: {denied,approved}" was too + confusing. + 1270. [bug] Check that system inet_pton() and inet_ntop() support AF_INET6. @@ -2410,6 +2561,9 @@ 1268. [port] Openserver: the value FD_SETSIZE depends on whether <sys/param.h> is included or not. Be consistent. +1267. [func] isc_file_openunique() now creates file using mode + 0666 rather than 0600. + 1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE, __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE are not C++ compatible, use *_TYPE versions instead. @@ -2417,6 +2571,8 @@ 1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with C++, use LINK_INIT_TYPE and UNLINK_TYPE instead. +1264. [placeholder] + 1263. [bug] Reference after free error if dns_dispatchmgr_create() failed. @@ -2446,6 +2602,8 @@ next name, and for NOERROR NODATA responses, check that the type is not present in the NXT bitmap. +1254. [func] preferred-glue option from BIND 8.3. + 1253. [bug] The dnssec system test failed to remove the correct files. @@ -2453,48 +2611,38 @@ the answer was coming from against the address it was sent to. [RT# 2692] -1248. [bug] DESTDIR was not being propagated between makes. - -1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for - accept(). - -1242. [bug] named-checkzone failed if a journal existed. [RT #2657] - -1241. [bug] Drop received UDP messages with a zero source port - as these are invariably forged. [RT #2621] - -1209. [bug] Dig, host, nslookup were not checking the message ids - on the responses. [RT #2454] - -1097. [func] libbind: RES_PRF_TRUNC for dig. - -1096. [func] libbind: "DNSSEC OK" (DO) support. +1251. [port] win32: a make file contained absolute version specific + references. -1095. [func] libbind: resolver option: no-tld-query. disables - trying unqualified as a tld. no_tld_query is also - supported for FreeBSD compatibility. +1250. [func] Nsupdate will report the address the update was + sent to. -1094. [func] libbind: add support gcc's format string checking. +1249. [bug] Missing masters clause was not handled gracefully. + [RT #2703] -1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6 - support. +1248. [bug] DESTDIR was not being propagated between makes. - --- 9.2.1 released --- +1247. [bug] Don't reset the interface index for link/site local + addresses. [RT #2576] -1251. [port] win32: a make file contained absolute version specific - references. +1246. [func] New functions isc_sockaddr_issitelocal(), + isc_sockaddr_islinklocal(), isc_netaddr_issitelocal() + and isc_netaddr_islinklocal(). -1249. [bug] Missing masters clause was not handled gracefully. - [RT #2703] +1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for + accept(). 1244. [bug] Receiving a TCP message from a blackhole address would prevent further messages being received over that interface. -1178. [bug] Follow and cache (if appropriate) A6 and other - data chains to completion in the additional section. +1243. [bug] It was possible to trigger a REQUIRE() in + dns_message_findtype(). [RT #2659] + +1242. [bug] named-checkzone failed if a journal existed. [RT #2657] - --- 9.2.1rc2 released --- +1241. [bug] Drop received UDP messages with a zero source port + as these are invariably forged. [RT #2621] 1240. [bug] It was possible to leak zone references by specifying an incorrect zone to rndc. @@ -2511,6 +2659,15 @@ 1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non NULL terminated text regions. [RT #2588] +1235. [func] Report 'out of memory' errors from openssl. + +1234. [bug] contrib/sdb: 'zonetodb' failed to call + dns_result_register(). DNS_R_SEENINCLUDE should not + be fatal. + +1233. [bug] The flags field of a KEY record can be expressed in + hex as well as decimal. + 1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL. 1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL. @@ -2526,15 +2683,34 @@ if a number was expected and some other token was found. [RT#2532] +1226. [func] Use EDNS for zone refresh queries. [RT #2551] + +1225. [func] dns_message_setopt() no longer requires that + dns_message_renderbegin() to have been called. + +1224. [bug] 'rrset-order' and 'sortlist' should be additive + not exclusive. + +1223. [func] 'rrset-order' partially works 'cyclic' and 'random' + are supported. + 1222. [bug] Specifying 'port *' did not always result in a system selected (non-reserved) port being used. [RT #2537] 1221. [bug] Zone types 'master', 'slave' and 'stub' were not being compared case insensitively. [RT #2542] +1220. [func] Support for APL rdata type. + +1219. [func] Named now reports the TSIG extended error code when + signature verification fails. [RT #1651] + 1218. [bug] Named incorrectly returned SERVFAIL rather than NOTAUTH when there was a TSIG BADTIME error. [RT #2519] +1217. [func] Report locations of previous key definition when a + duplicate is detected. + 1216. [bug] Multiple server clauses for the same server were not reported. [RT #2514] @@ -2543,6 +2719,9 @@ 1214. [bug] Win32: isc_file_renameunique() could leave zero length files behind. +1213. [func] Report view associated with client if it is not a + standard view (_default or _bind). + 1212. [port] libbind: 64k answer buffers were causing stack space to be exceeded for certain OS. Use heap space instead. @@ -2552,12 +2731,13 @@ 1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped / compatible addresses. [RT #2461] +1209. [bug] Dig, host, nslookup were not checking the message ids + on the responses. [RT #2454] + 1208. [bug] dns_master_load*() failed to log a error message if an error was detected when parsing the ownername of a record. [RT #2448] - --- 9.2.1rc1 released --- - 1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with an invalid pointer. @@ -2570,6 +2750,11 @@ 1204. [bug] libbind: res_nupdate() failed to update the name server addresses before sending the update. +1203. [func] Report locations of previous acl and zone definitions + when a duplicate is detected. + +1202. [func] New functions: cfg_obj_line() and cfg_obj_file(). + 1201. [bug] Require that if 'callbacks' is passed to dns_rdata_fromtext(), callbacks->error and callbacks->warn are initialized. @@ -2577,6 +2762,9 @@ 1200. [bug] Log 'errno' that we are unable to convert to isc_result_t. [RT #2404] +1199. [doc] ARM reference to RFC 2157 should have been RFC 1918. + [RT #2436] + 1198. [bug] OPT printing style was not consistent with the way the header fields are printed. The DO bit was not reported if set. Report if any of the MBZ bits are set. @@ -2592,11 +2780,20 @@ 1194. [bug] Not all duplicate zone definitions were being detected at the named.conf checking stage. [RT #2431] -1193. [bug] Best effort parsing didn't handle packet truncation. +1193. [bug] dig +besteffort parsing didn't handle packet + truncation. dns_message_parse() has new flag + DNS_MESSAGE_IGNORETRUNCATION. + +1192. [bug] The seconds fields in LOC records were restricted + to three decimal places. More decimal places should + be allowed but warned about. 1191. [bug] A dynamic update removing the last non-apex name in a secure zone would fail. [RT #2399] +1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands. + [RT #2394] + 1189. [bug] On some systems, malloc(0) returns NULL, which could cause the caller to report an out of memory error. [RT #2398] @@ -2604,6 +2801,9 @@ 1188. [bug] Dynamic updates of a signed zone would fail if some of the zone private keys were unavailable. +1187. [bug] named was incorrectly returning DNSSEC records + in negative responses when the DO bit was not set. + 1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the EOL token when reading to end of line. @@ -2619,14 +2819,30 @@ 1182. [bug] The server could throw an assertion failure when constructing a negative response packet. +1181. [func] Add the "key-directory" configuration statement, + which allows the server to look for online signing + keys in alternate directories. + +1180. [func] dnssec-keygen should always generate keys with + protocol 3 (DNSSEC), since it's less confusing + that way. + +1179. [func] Add SIG(0) support to nsupdate. + +1178. [bug] Follow and cache (if appropriate) A6 and other + data chains to completion in the additional section. + +1177. [func] Report view when loading zones if it is not a + standard view (_default or _bind). [RT #2270] + 1176. [doc] Document that allow-v6-synthesis is only performed for clients that are supplied recursive service. [RT #2260] -1175. [bug] named-checkzone failed to call dns_result_register() - at startup which could result in runtime - exceptions when printing "out of memory" errors. - [RT #2335] +1175. [bug] named-checkzone and named-checkconf failed to call + dns_result_register() at startup which could + result in runtime exceptions when printing + "out of memory" errors. [RT #2335] 1174. [bug] Win32: add WSAECONNRESET to the expected errors from connect(). [RT #2308] @@ -2637,9 +2853,14 @@ 1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to table of RR types in ARM. +1171. [func] Added function isc_region_compare(), updated files in + lib/dns to use this function instead of local one. + 1170. [bug] Don't attempt to print the token when a I/O error occurs when parsing named.conf. [RT #2275] +1169. [func] Identify recursive queries in the query log. + 1168. [bug] Empty also-notify clauses were not handled. [RT #2309] 1167. [contrib] nslint-2.1a3 (from author). @@ -2652,6 +2873,8 @@ 1164. [bug] Empty masters clauses in slave / stub zones were not handled gracefully. [RT #2262] +1163. [func] isc_time_formattimestamp() now includes the year. + 1162. [bug] The allow-notify option was not accepted in slave zone statements. @@ -2661,18 +2884,62 @@ 1160. [bug] Generating Diffie-Hellman keys longer than 1024 bits could fail. [RT #2241] +1159. [bug] MD and MF are not permitted to be loaded by RFC1123. + +1158. [func] Report the client's address when logging notify + messages. + +1157. [func] match-clients and match-destinations now accept + keys. [RT #2045] + 1156. [port] The configure test for strsep() incorrectly succeeded on certain patched versions of AIX 4.3.3. [RT #2190] +1155. [func] Recover from master files being removed from under + us. + 1154. [bug] Don't attempt to obtain the netmask of a interface if there is no address configured. [RT #2176] +1153. [func] 'rndc {stop|halt} -p' now reports the process id + of the instance of named being shutdown. + 1152. [bug] libbind: read buffer overflows. +1151. [bug] nslookup failed to check that the arguments to + the port, timeout, and retry options were + valid integers and in range. [RT #2099] + +1150. [bug] named incorrectly accepted TTL values + containing plus or minus signs, such as + 1d+1h-1s. + +1149. [func] New function isc_parse_uint32(). + +1148. [func] 'rndc-confgen -a' now provides positive feedback. + +1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by + the OS. listen-on-v6 { any; }; should no longer + result in IPv4 queries be accepted. Similarly + control { inet :: ... }; should no longer result + in IPv4 connections being accepted. This can be + overridden at compile time by defining + ISC_ALLOW_MAPPED=1. + +1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if + supported by the OS by a new function + isc_socket_ipv6only(). + +1145. [func] "host" no longer reports a NOERROR/NODATA response + by printing nothing. [RT #2065] + 1144. [bug] rndc-confgen would crash if both the -a and -t options were specified. [RT #2159] +1143. [bug] When a trusted-keys statement was present and named + was built without crypto support, it would leak memory. + 1142. [bug] dnssec-signzone would fail to delete temporary files in some failure cases. [RT #2144] @@ -2684,50 +2951,22 @@ 1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments to the -s option. [RT #2138] -1136. [bug] CNAME records synthesized from DNAMEs did not - have a TTL of zero as required by RFC2672. - [RT #2129] - -1125. [bug] rndc: -k option was missing from usage message. - [RT #2057] - -1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail - are now documented. [RT #2052] - -1123. [bug] dig +[no]fail did not match description. [RT #2052] - -1109. [bug] nsupdate accepted illegal ttl values. - -1108. [bug] On Win32, rndc was hanging when named was not running - due to failure to select for exceptional conditions - in select(). [RT #1870] - -1081. [bug] Multicast queries were incorrectly identified - based on the source address, not the destination - address. - -1072. [bug] The TCP client quota could be exceeded when - recursion occurred. [RT #1937] - -1071. [bug] Sockets listening for TCP DNS connections - specified an excessive listen backlog. [RT #1937] - -1070. [bug] Copy DNSSEC OK (DO) to response as specified by - draft-ietf-dnsext-dnssec-okbit-03.txt. - -1014. [bug] Some queries would cause statistics counters to - increment more than once or not at all. [RT #1321] +1139. [func] It is now possible to flush a given name from the + cache(s) via 'rndc flushname name [view]'. [RT #2051] -1012. [bug] The -p option to named did not behave as documented. +1138. [func] It is now possible to flush a given name from the + cache by calling the new function + dns_cache_flushname(). - 988. [bug] 'additional-from-auth no;' did not work reliably - in the case of queries answered from the cache. - [RT #1436] +1137. [func] It is now possible to flush a given name from the + ADB by calling the new function dns_adb_flushname(). - 995. [bug] dig, host, nslookup: using a raw IPv6 address as a - target address should be fatal on a IPv4 only system. +1136. [bug] CNAME records synthesized from DNAMEs did not + have a TTL of zero as required by RFC2672. + [RT #2129] - --- 9.2.0 released --- +1135. [func] You can now override the default syslog() facility for + named/lwresd at compile time. [RT #1982] 1134. [bug] Multi-threaded servers could deadlock in ferror() when reloading zone files. [RT #1951, #1998] @@ -2735,7 +2974,7 @@ 1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106] - --- 9.2.0rc10 released --- +1132. [func] Improve UPDATE prerequisite failure diagnostic messages. 1131. [bug] The match-destinations view option did not work with IPv6 destinations. [RT #2073, #2074] @@ -2747,16 +2986,37 @@ 1129. [bug] Multi-threaded servers could crash under heavy resolution load due to a race condition. [RT #2018] +1128. [func] sdb drivers can now provide RR data in either text + or wire format, the latter using the new functions + dns_sdb_putrdata() and dns_sdb_putnamedrdata(). + +1127. [func] rndc: If the server to contact has multiple addresses, + try all of them. + 1126. [bug] The server could access a freed event if shut down while a client start event was pending delivery. [RT #2061] +1125. [bug] rndc: -k option was missing from usage message. + [RT #2057] + +1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail + are now documented. [RT #2052] + +1123. [bug] dig +[no]fail did not match description. [RT #2052] + +1122. [tuning] Resolution timeout reduced from 90 to 30 seconds. + [RT #2046] + 1121. [bug] The server could attempt to access a NULL zone table if shut down while resolving. [RT #1587, #2054] 1120. [bug] Errors in options were not fatal. [RT #2002] +1119. [func] Added support in Win32 for NTFS file/directory ACL's + for access control. + 1118. [bug] On multi-threaded servers, a race condition could cause an assertion failure in resolver.c during resolver shutdown. [RT #2029] @@ -2770,16 +3030,32 @@ or transfers-per-ns to a value greater than 2147483647 disabled transfers. [RT #2002] +1115. [func] Set maximum values for cleaning-interval, + heartbeat-interval, interface-interval, + max-transfer-idle-in, max-transfer-idle-out, + max-transfer-time-in, max-transfer-time-out, + statistics-interval of 28 days and + sig-validity-interval of 3660 days. [RT #2002] + 1114. [port] Ignore more accept() errors. [RT #2021] 1113. [bug] The allow-update-forwarding option was ignored when specified in a view. [RT #2014] +1112. [placeholder] + 1111. [bug] Multi-threaded servers could deadlock processing recursive queries due to a locking hierarchy violation in adb.c. [RT #2017] - --- 9.2.0rc9 released --- +1110. [bug] dig should only accept valid abbreviations of +options. + [RT #2003] + +1109. [bug] nsupdate accepted illegal ttl values. + +1108. [bug] On Win32, rndc was hanging when named was not running + due to failure to select for exceptional conditions + in select(). [RT #1870] 1107. [bug] nsupdate could catch an assertion failure if an invalid domain name was given as the argument to @@ -2788,6 +3064,8 @@ 1106. [bug] After seeing an out of range TTL, nsupdate would treat all TTLs as out of range. [RT #2001] +1105. [port] OpenUNIX 8 enable threads by default. [RT #1970] + 1104. [bug] Invalid arguments to the transfer-format option could cause an assertion failure. [RT #1995] @@ -2805,6 +3083,16 @@ 1098. [bug] libbind: HMAC-MD5 key files are now mode 0600. +1097. [func] libbind: RES_PRF_TRUNC for dig. + +1096. [func] libbind: "DNSSEC OK" (DO) support. + +1095. [func] libbind: resolver option: no-tld-query. disables + trying unqualified as a tld. no_tld_query is also + supported for FreeBSD compatibility. + +1094. [func] libbind: add support gcc's format string checking. + 1093. [doc] libbind: miscellaneous nroff fixes. 1092. [bug] libbind: get*by*() failed to check if res_init() had @@ -2818,6 +3106,9 @@ wasting space. We weren't suppressing duplicate addresses. +1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6 + support. + 1088. [port] libbind: MPE/iX C.70 (incomplete) 1087. [bug] libbind: struct __res_state too large on 64 bit arch. @@ -2837,9 +3128,27 @@ to be sent to syslog in addition to stderr. [RT #1974] +1081. [bug] Multicast queries were incorrectly identified + based on the source address, not the destination + address. + +1080. [bug] BIND 8 compatibility: accept bare IP prefixes + as the second element of a two-element top level + sort list statement. [RT #1964] + +1079. [bug] BIND 8 compatibility: accept bare elements at top + level of sort list treating them as if they were + a single element list. [RT #1963] + 1078. [bug] We failed to correct bad tv_usec values in one case. [RT #1966] +1077. [func] Do not accept further recursive clients when + the total number of recursive lookups being + processed exceeds max-recursive-clients, even + if some of the lookups are internally generated. + [RT #1915, #1938] + 1076. [bug] A badly defined global key could trigger an assertion on load/reload if views were used. [RT #1947] @@ -2849,13 +3158,30 @@ 1074. [bug] Running out of memory in dump_rdataset() could cause an assertion failure. [RT #1946] - --- 9.2.0rc8 released --- +1073. [bug] The ADB cache cleaning should also be space driven. + [RT #1915, #1938] + +1072. [bug] The TCP client quota could be exceeded when + recursion occurred. [RT #1937] + +1071. [bug] Sockets listening for TCP DNS connections + specified an excessive listen backlog. [RT #1937] + +1070. [bug] Copy DNSSEC OK (DO) to response as specified by + draft-ietf-dnsext-dnssec-okbit-03.txt. + +1069. [placeholder] 1068. [bug] errno could be overwritten by catgets(). [RT #1921] +1067. [func] Allow quotas to be soft, isc_quota_soft(). + 1066. [bug] Provide a thread safe wrapper for strerror(). [RT #1689] +1065. [func] Runtime support to select new / old style interface + scanning using ioctls. + 1064. [bug] Do not shut down active network interfaces if we are unable to scan the interface list. [RT #1921] @@ -2871,6 +3197,15 @@ maximum cache size was in progress, the server could catch an assertion failure. [RT #1912] +1060. [func] Move refresh, stub and notify UDP retry processing + into dns_request. + +1059. [func] dns_request now support will now retry UDP queries, + dns_request_createvia2() and dns_request_createraw2(). + +1058. [func] Limited lifetime ticker timers are now available, + isc_timertype_limited. + 1057. [bug] Reloading the server after adding a "file" clause to a zone statement could cause the server to crash due to a typo in change 1016. @@ -2878,7 +3213,9 @@ 1056. [bug] Rndc could catch an assertion failure on SIGINT due to an uninitialized variable. [RT #1908] - --- 9.2.0rc7 released --- +1055. [func] Version and hostname queries can now be disabled + using "version none;" and "hostname none;", + respectively. 1054. [bug] On Win32, cfg_categories and cfg_modules need to be exported from the libisccfg DLL. @@ -2900,6 +3237,9 @@ failed to include the correct error code, file name, and line number. [RT #1890] +1049. [func] "pid-file none;" will disable writing a pid file. + [RT #1848] + 1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1 didn't work. @@ -2937,11 +3277,28 @@ TKEY queries with an owner name other than the root could cause an assertion failure. [RT #1866, #1869] +1037. [bug] Negative responses whose authority section contain + SOA or NS records whose owner names are not equal + equal to or parents of the query name should be + rejected. [RT #1862] + +1036. [func] Silently drop requests received via multicast as + long as there is no final multicast DNS standard. + +1035. [bug] If we respond to multicast queries (which we + currently do not), respond from a unicast address + as specified in RFC 1123. [RT #137] + +1034. [bug] Ignore the RD bit on multicast queries as specified + in RFC 1123. [RT #137] + 1033. [bug] Always respond to requests with an unsupported opcode with NOTIMP, even if we don't have a matching view or cannot determine the class. - --- 9.2.0rc6 released --- +1032. [func] hostname.bind/txt/chaos now returns the name of + the machine hosting the nameserver. This is useful + in diagnosing problems with anycast servers. 1031. [bug] libbind.a: isc__gettimeofday() infinite recursion. [RT #1858] @@ -2960,13 +3317,20 @@ 1027. [bug] RRs having the reserved type 0 should be rejected. [RT #1471] -1026. [port] Recognize OpenUNIX 8 in config.guess. [RT #1830] +1026. [placeholder] + +1025. [bug] Don't use multicast addresses to resolve iterative + queries. [RT #101] + +1024. [port] Compilation failed on HP-UX 11.11 due to + incompatible use of the SIOCGLIFCONF macro + name. [RT #1831] + +1023. [func] Accept hints without TTLs. 1022. [bug] Don't report empty root hints as "extra data". [RT #1802] - --- 9.2.0rc5 released --- - 1021. [bug] On Win32, log message timestamps were one month later than they should have been, and the server would exhibit unspecified behavior in December. @@ -2991,16 +3355,27 @@ "size" option failed to create numbered log files. [RT #1783] - --- 9.2.0rc4 released --- +1014. [bug] Some queries would cause statistics counters to + increment more than once or not at all. [RT #1321] 1013. [bug] It was possible to cancel a query twice when marking a server as bogus or by having a blackhole acl. [RT #1776] +1012. [bug] The -p option to named did not behave as documented. + +1011. [cleanup] Removed isc_dir_current(). + 1010. [bug] The server could attempt to execute a command channel command after initiating server shutdown, causing an assertion failure. [RT #1766] +1009. [port] OpenUNIX 8 support. [RT #1728] + +1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2. + +1007. [port] config.guess, config.sub from autoconf-2.52. + 1006. [bug] If a KEY RR was found missing during DNSSEC validation, an assertion failure could subsequently be triggered in the resolver. [RT #1763] @@ -3010,6 +3385,8 @@ 1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770] +1003. [func] Add the +retry option to dig. + 1002. [bug] When reporting an unknown class name in named.conf, including the file name and line number. [RT #1759] @@ -3020,31 +3397,83 @@ 1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias for class "HS". [RT #1759] - --- 9.2.0rc3 released --- + 999. [func] "rndc retransfer zone [class [view]]" added. + [RT #1752] + + 998. [func] named-checkzone now has arguments to specify the + chroot directory (-t) and working directory (-w). + [RT #1755] + + 997. [func] Add support for RSA-SHA1 keys (RFC3110). + + 996. [func] Issue warning if the configuration filename contains + the chroot path. + + 995. [bug] dig, host, nslookup: using a raw IPv6 address as a + target address should be fatal on a IPv4 only system. + + 994. [func] Treat non-authoritative responses to queries for type + NS as referrals even if the NS records are in the + answer section, because BIND 8 servers incorrectly + send them that way. This is necessary for DNSSEC + validation of the NS records of a secure zone to + succeed when the parent is a BIND 8 server. [RT #1706] + + 993. [func] dig: -v now reports the version. + + 992. [doc] dig: ~/.digrc is now documented. + + 991. [func] Lower UDP refresh timeout messages to level + debug 1. 990. [bug] The rndc-confgen man page was not installed. 989. [bug] Report filename if $INCLUDE fails for file related errors. [RT #1736] + 988. [bug] 'additional-from-auth no;' did not work reliably + in the case of queries answered from the cache. + [RT #1436] + 987. [bug] "dig -help" didn't show "+[no]stats". 986. [bug] "dig +noall" failed to clear stats and command printing. + 985. [func] Consider network interfaces to be up iff they have + a nonzero IP address rather than based on the + IFF_UP flag. [RT #1160] + 984. [bug] Multi-threading should be enabled by default on Solaris 2.7 and newer, but it wasn't. - --- 9.2.0rc2 released --- + 983. [func] The server now supports generating IXFR difference + sequences for non-dynamic zones by comparing zone + versions, when enabled using the new config + option "ixfr-from-differences". [RT #1727] + + 982. [func] If "memstatistics-file" is set in options the memory + statistics will be written to it. + + 981. [func] The dnssec tools can now take multiple '-r randomfile' + arguments. 980. [bug] Incoming zone transfers restarting after an error could trigger an assertion failure. [RT #1692] + 979. [func] Incremental master file dumping. dns_master_dumpinc(), + dns_master_dumptostreaminc(), dns_dumpctx_attach(), + dns_dumpctx_detach(), dns_dumpctx_cancel(), + dns_dumpctx_db() and dns_dumpctx_version(). + 978. [bug] dns_db_attachversion() had an invalid REQUIRE() condition. 977. [bug] Improve "not at top of zone" error message. + 976. [func] named-checkconf can now test load master zones + (named-checkconf -z). [RT #1468] + 975. [bug] "max-cache-size default;" as a view option caused an assertion failure. @@ -3058,6 +3487,17 @@ 972. [bug] The file modification time code in zone.c was using the wrong epoch. [RT #1667] + 971. [placeholder] + + 970. [func] 'max-journal-size' can now be used to set a target + size for a journal. + + 969. [func] dig now supports the undocumented dig 8 feature + of allowing arbitrary labels, not just dotted + decimal quads, with the -x option. This can be + used to conveniently look up RFC2317 names as in + "dig -x 10.0.0.0-127". [RT #827, #1576, #1598] + 968. [bug] On win32, the isc_time_now() function was unnecessarily calling strtime(). [RT #1671] @@ -3267,6 +3707,8 @@ 910. [port] Some pre-RFC2133 IPv6 implementations do not define IN6ADDR_ANY_INIT. [RT #1416] + 909. [placeholder] + 908. [func] New program, rndc-confgen, to simplify setting up rndc. 907. [func] The ability to get entropy from either the @@ -3349,6 +3791,46 @@ 887. [port] Detect broken compilers that can't call static functions from inline functions. [RT #1212] + 886. [placeholder] + + 885. [placeholder] + + 884. [placeholder] + + 883. [placeholder] + + 882. [placeholder] + + 881. [placeholder] + + 880. [placeholder] + + 879. [placeholder] + + 878. [placeholder] + + 877. [placeholder] + + 876. [placeholder] + + 875. [placeholder] + + 874. [placeholder] + + 873. [placeholder] + + 872. [placeholder] + + 871. [placeholder] + + 870. [placeholder] + + 869. [placeholder] + + 868. [placeholder] + + 867. [placeholder] + 866. [func] Close debug only file channels when debug is set to zero. [RT #1246] @@ -4156,6 +4638,8 @@ to be non-null. Also 'done' will not be called if dns_master_load*inc() fails immediately. [RT #565] + 619. [placeholder] + 618. [bug] Queries to a signed zone could sometimes cause an assertion failure. @@ -4388,6 +4872,8 @@ 548. [func] The lexer now ungets tokens more correctly. + 547. [placeholder] + 546. [func] Option 'lame-ttl' is now implemented. 545. [func] Name limit and counting options removed from dig; @@ -4413,6 +4899,8 @@ 538. [bug] fix buffer overruns by 1 in lwres_getnameinfo(). + 537. [placeholder] + 536. [func] Use transfer-source{-v6} when sending refresh queries. Transfer-source{-v6} now take a optional port parameter for setting the UDP source port. The port @@ -4986,6 +5474,8 @@ 364. [func] Added additional-from-{cache,auth} + 363. [placeholder] + 362. [bug] rndc no longer aborts if the configuration file is missing an options statement. [RT #209] @@ -5037,8 +5527,7 @@ 347. [bug] Don't crash if an argument is left off options in dig. - 346. [func] Add support for .digrc config file, in the - user's current directory. + 346. [placeholder] 345. [bug] Large-scale changes/cleanups to dig: * Significantly improve structure handling @@ -5598,7 +6087,6 @@ 201. [cleanup] Removed the test/sdig program, it has been replaced by bin/dig/dig. - --- 9.0.0b3 released --- 200. [bug] Failures in sending query responses to clients |
