summaryrefslogtreecommitdiffstats
path: root/usr.sbin/named
diff options
context:
space:
mode:
authorpeter <peter@FreeBSD.org>1996-01-22 04:55:42 +0000
committerpeter <peter@FreeBSD.org>1996-01-22 04:55:42 +0000
commitc6e5a825dc3199ca95f65ee182c7935523621f13 (patch)
treefeaf5c3dfa7150d418b8218913a491f2b1200667 /usr.sbin/named
parent65550ab4bf1a40a68b3fe1a06c5a21e96df6c811 (diff)
downloadFreeBSD-src-c6e5a825dc3199ca95f65ee182c7935523621f13.zip
FreeBSD-src-c6e5a825dc3199ca95f65ee182c7935523621f13.tar.gz
Import named-4.9.3-patch1
This is a small fix, as a result of talking to Ultrix Hesiod-enabled named's. Apparently there are some buffer overruns causing data mangling.
Diffstat (limited to 'usr.sbin/named')
-rw-r--r--usr.sbin/named/CHANGES2408
-rw-r--r--usr.sbin/named/OPTIONS411
-rw-r--r--usr.sbin/named/ns_main.c5
-rw-r--r--usr.sbin/named/ns_resp.c6
4 files changed, 2825 insertions, 5 deletions
diff --git a/usr.sbin/named/CHANGES b/usr.sbin/named/CHANGES
new file mode 100644
index 0000000..dcee379
--- /dev/null
+++ b/usr.sbin/named/CHANGES
@@ -0,0 +1,2408 @@
+$Id: CHANGES,v 8.27 1996/01/09 20:23:45 vixie Exp $
+
+ --- 4.9.3-p1 released ---
+
+575. [port] Ultrix/Hesiod named responses are oversized, we were
+ incorrectly accepting them and then overwriting the stack.
+
+574. [port] BSD/OS 2.1 required some ./BSD/Makefile changes.
+
+ --- 4.9.3-rel released ---
+
+573. [contrib] put in "951231" version of contrib/host.
+
+572. [doc] new file doc/info/SCO-2 concerning <sys/param.h> porting.
+
+571. [bug] zones whose master files contained only $INCLUDEs were
+ incorrectly considered to not have any RR's (old bug.)
+
+570. [doc] trivial man/named.8 tweak.
+
+569. [doc] minor documentation tweak to shres/solaris/ISSUES.
+
+ --- 4.9.3-beta34 released ---
+
+568. [bug] very minor initialization bug fixed in tools/dig.c.
+
+567. [bug] disabled VALIDATE; all this code is trash and will be removed
+ along with ALLOW_UPDATES very early in the next alpha cycle.
+ we are now back to the B26 level of stability, with several
+ minor bug fixes from intervening betas.
+
+566. [bug] fixed memory leak introduced in #565.
+
+ --- 4.9.3-beta33 released ---
+
+565. [proto] we were generating truncated RRsets due to VALIDATE bugs.
+
+564. [proto] we weren't stopping early enough on some kinds of truncation.
+
+563. [doc] added doc/info/Solaris, concerning Sun Patch-ID# 102165-02.
+
+562. [bug] named/ns_resp.c had an overzealous #ifdef.
+
+561. [port] tools/nslookup/getinfo.c had an ANSI C nit.
+
+560. [port] shres/netbsd and Makefile's netbsd stuff was wrong.
+
+559. [doc] shres/* documentation had more pathname problems.
+
+558. [port] SCO OSE5 portability problem (minor).
+
+557. [doc] added doc/misc/style.txt out of my archives.
+
+556. [contrib] updated contrib/arlib, contrib/dnsparse (really!).
+
+555. [bug] quoted newlines were still broken even after #509.
+
+554. [bug] dangling CNAME cache chains could make named dump core.
+
+553. [bug] forwarders didn't work well with VALIDATE.
+
+ --- 4.9.3-beta32 released ---
+
+552. [doc] ./Makefile had some out of date comments.
+
+551. [bug] shres/sunos/* needed some fine tuning.
+
+550. [contrib] contrib/dnsparse replaced with a later version.
+
+ --- 4.9.3-beta31 released ---
+
+549. [bug] "make links" hadn't been tested in a while; shres/* req'd chg.
+
+548. [bug] shres/sunos/* needed some fixups due to a late Sun patch.
+
+547. [doc] Makefile comments for Linux were out of date.
+
+546. [doc] OPTIONS had an incorrect path name and some factual errors.
+
+545. [bug] shres/sunos/Makefile had some incorrect path names.
+
+ --- 4.9.3-beta30 released ---
+
+544. [port] some systems with broken CPP's wouldn't compile ns_req.c.
+
+543. [bug] query restart bug in ns_resp.c.
+
+ --- 4.9.3-beta29 released ---
+
+542. [port] rearranged signal() calls to make POSIX + SYSV possible.
+
+541. [port] padded _res to 512 bytes; moved initialized data to res_data.c.
+
+540. [port] added experimental shres/netbsd/ directory.
+
+539. [bug] we weren't able to load 0 ttl's in zone files.
+
+538. [doc] BOG corrections.
+
+ --- 4.9.3-beta28 never released ---
+
+537. [contrib] new contrib/lamers/ directory.
+
+536. [bug] there was a possible deadlock condition over missing glue.
+
+535. [bug] previous patch to db_load() was misapplied.
+
+534. [bug] several ancient cache corruption bugs fixed in ns_resp().
+
+533. [root] root servers required a new ``no-fetch-glue'' option.
+
+532. [bug] all kinds of stuff was broken under shres/ due to new subdir.
+
+ --- 4.9.3-beta27 released ---
+
+531. [bug] limited support for labels containing \. (literal dot.)
+
+530. [bug] new root.cache file imported from internic.
+
+529. [bug] another set of bug fixes to the zone transfer scheduler.
+
+528. [bug] VALIDATE reenabled but without packet editing.
+
+527. [bug] glue passing through CNAMEs will now be cached properly.
+
+526. [bug] deleted zones should no longer cause core dumps.
+
+525. [func] several messages changed to be more informative.
+
+524. [bug] loc_ntoa() was returning a pointer to a stack variable.
+
+523. [bug] wildcard RR's were being deleted by purge_zone().
+
+522. [bug] "ndc start" didn't work if no pid file existed.
+
+521. [port] Sun SVR4 fixes, including shared library support.
+
+520. [bug] we weren't using "forwarders" if "options forward_only"
+ wasn't set (in some cases.)
+
+519. [bug] named-xfer wasn't called res_init().
+
+518. [bug] lots of byte order nits.
+
+517. [bug] "tools/host -a" now prints in RR format again.
+
+516. [proto] minimum TTL changes from five minutes to zero seconds.
+
+515. [bug] SOA TTL of zero is no longer considered an error.
+
+514. [bug] division by zero error corrected in ns_refreshtime().
+
+513. [bug] we had the #ifdefs nexted backwards in <netdb.h>.
+
+512. [bug] we were able to dump core while tracing due to a NULL pointer.
+
+511. [bug] DiG wasn't able to suppress all of res_debug.c's comments.
+
+510. [doc] BOG typos. new doc/misc/FAQ. new site in MIRRORS.
+
+509. [bug] another side effect of the inet_aton() change was fixed,
+ this time it was breaking escaped newlines in named.boot.
+
+508. [contrib] new contrib/host, contrib/misc/settransfer, contrib/msql.
+ contrib/umich/lame_delegation was withdrawn by the author.
+
+507. [bug] DiG didn't do ndots and was trigger happy about options.
+
+506. [port] NextStep, Interactive, SCO, Digital UNIX, ULTRIX improvements.
+
+505. [bug] we were overly restrictive about nonauthoritative NXDOMAINs.
+
+504. [bug] named was generating corrupt responses in au truncation.
+
+503. [port] shres/* now supports SunOS 4.1.4.
+
+502. [bug] nslookup wasn't behaving properly in the presence of "ndots".
+
+501. [bug] we now delay 5 seconds after an "ndc restart" or "ndc start".
+
+500. [bug] change #494 was incomplete.
+
+ --- 4.9.3-beta26 released ---
+
+499. [bug] we needed a SERVFAIL in an error case.
+
+498. [bug] some recently added byte order bugs were stomped;
+ data_inaddr() was made slightly more conservative.
+
+497. [port] local_hostname_length() moved to its own source file.
+
+496. [bug] Beta25's change to compat/Makefile was wrong.
+
+495. [bug] tools/host.c wasn't processing cnames properly.
+
+ --- 4.9.3-beta25 released ---
+
+494. [func] "include" directive in boot file is no longer fatal if the
+ specified file doesn't exist or is not readable.
+
+493. [bug] new interfaces' UDP sockets weren't affecting select()'s mask.
+
+492. [doc] another round of changes and cleanups to the BOG.
+
+491. [bug] various cleanups to lame server detection.
+
+490. [port] completely new shres/* from CKD.
+
+489. [doc] added a ***NOTE*** to ./INSTALL about operating system files.
+
+488. [port] GNU C Library changes for include/netdb.h.
+
+487. [func] named will try a little bit longer to bind() its stream socket.
+
+486. [contrib] new packages: contrib/inaddrtool and contrib/trnamed.
+
+485. [func] ns_forw will no longer forward to 0.0.0.0, 255.255.255.255,
+ or 127.0.0.1.
+
+484. [port] more POSIX_SIGNALS conversions.
+
+483. [bug] compat/Makefile wasn't passing on all definitions to submakes.
+
+482. [port] bad bug in NeXT C Library worked around.
+
+481. [doc] RFC 1794 is now included in doc/rfc.
+
+480. [bug] a debugging printf() was accessing freed memory.
+
+479. [port] doc/info/NCR has been replaced.
+
+478. [port] doc/info/interactive has been replaced by its author.
+
+477. [port] UNIXWARE 2.X changes.
+
+476. [bug] ns_init.c was creating files in "//tmp" rather than "/tmp".
+
+475. [bug] inet_aton() reverts to mostly previous behaviour.
+
+474. [bug] PTR->CNAME support added; name test fixed.
+
+473. [func] added gethostbyname2(), improved its man page.
+
+472. [port] Linux connect() can reconnect, res/res_send.c now knows this.
+
+471. [build] several "clean" targets were not removing ".depend" files.
+
+470. [bug] dqflush() was using memory after free()ing it and never closing
+ any file descriptors and not clearing select()'s mask bits.
+
+ --- 4.9.3-beta24 released ---
+
+469. [bug] We no longer share static return buffers across functions in
+ res_debug.c.
+
+468. [logging] An extraneous haveComplained() was removed from ns_resp.c.
+
+467. [portdoc] Linux build doc changes.
+
+ --- 4.9.3-beta23 released ---
+
+466. [doc] big reorg to BOG.
+
+465. [doc] minor corrections to man pages.
+
+464. [port] NEC Makefile changes.
+
+463. [contrib] random updates.
+
+462. [bug] res_send() wasn't always clearing errno, which led to
+ false-negative return conditions.
+
+461. [port] minor u_char-vs-char lint removed.
+
+460. [port] backed out a recent Linux portability change.
+
+ --- 4.9.3-beta22 released ---
+
+459. [port] made a major lint pass.
+
+458. [func] paved over a bad security hole in named-xfer.
+
+457. [bug] negative caching vs (secure_zone | cname checking) bugs.
+
+456. [port] moved all:: target to be first in top level Makefile.
+
+455. [bug] res/res_send.c had a bad macro definition.
+
+454. [doc] RUNSON moved to doc/info. MIRRORS file added.
+
+453. [quality] learntFrom() was reformatted.
+
+452. [doc] minor changes for shlib/ISSUES, tools/nslookup/nslookup.help.
+
+451. [port] linux, NCR, Solaris, NExT portability changes.
+
+450. [func] added RES_NOALIASES flag, needed for security.
+
+449. [bug] we were defining a nonstandard DNS header flag as PR. no more.
+
+ --- 4.9.3-beta21 released ---
+
+448. [port] systems with hundreds of network interfaces need big ioctl()'s.
+
+447. [func] zones without NS RR's or with mismatching SOA RR's are caught.
+
+446. [bug] miscellaneous fixes to res/gethnamaddr.c.
+
+445. [bug] the secure_zone logic was incomplete.
+
+444. [bug] bootfile "options" parsing was broken.
+
+443. [bug] named-xfer was munging incoming WKS RR's.
+
+442. [contrib] various cleanups.
+
+ --- 4.9.3-beta20 released ---
+
+441. [contrib] put in DOC 2.1.1.
+
+440. [func] change/addition to the "lame delegation" syslog message.
+
+439. [bug] emulation macros WIFSIGNALED and WIFEXITED were bogus.
+
+438. [bug] missing "#ifndef INVQ" added.
+
+437. [doc] man pages and BOG updated to include new B18/B19 features.
+
+436. [port] PIDDIR definition removed from Solaris 2.X.
+
+435. [port] shres/Makefile fixed for new location of inet_addr.c.
+
+434. [port] getnetnamaddr.c had a spurious "#if defined(sun)"
+
+433. [bugs] random typos and glitches from the beta19 afternoon rush.
+
+ --- 4.9.3-beta19 released ---
+
+432. [func] we should be much more resistant to root cache corruption now.
+
+431. [bug] tcp socket send buffer will now be set at 16K to avoid blocks.
+
+430. [bug] ns_req.c had two cases where it could overflow a buffer.
+
+429. [bug] the "." zone will now respect the setting of NO_GLUE.
+
+428. [func] 0.0.0.0 A RR's are allowed in the DB but we won't use them.
+
+427. [func] "options fake-iquery" added, users of Sun nslookup take note.
+
+426. [port] include/netdb.h now has some #ifdef sun defs in it.
+
+425. [bug] negative caching bugs in findns() and in ns_forw.c.
+
+424. [func] "limit transfers-per-ns" directive added.
+
+423. [bug] infinite loop fixed in named-xfer.c's version number printing.
+
+422. [bug] gethostbyname() of a dotted quad in an auto variable will
+ no longer cause the caller to consume random stack trash.
+
+421. [port] inet_aton() has moved from lib44bsd.a back to libresolv.a.
+
+420. [func] any punctuation character can now terminate an inet_aton().
+
+419. [port] use sigemptyset(), sigaddset() - in preference to sigmask().
+
+ --- 4.9.3-beta18 released ---
+
+418. [bug] ``close(11): interrupted system call'' now fixed.
+
+417. [bug] big name servers would never refresh all their zones since
+ tryxfer() wasn't a "fair" scheduler. it is now.
+
+416. [func] SOA syntax errors will now lead to dead zones, not dead srvrs.
+
+415. [func] expiration values lower than refresh values cause a warning.
+
+414. [func] added "options" and "limit" directives to named.boot.
+
+413. [port] new file: doc/info/solaris.too.
+
+412. [bug] possible div-by-zero in ns_init.c.
+
+411. [port] NeXTstep, UNIXWARE, ISC, AUX changes/additions to top Makefile.
+
+410. [port] POSIX_SIGNALS covers a bit more code now.
+
+409. [bug] CNAME->PTR responses were triggering syslog() unnecessarily.
+
+408. [port] res_send.c's socket() calls were using the wrong arguments.
+ this was benign but with IPv6 looming, we need to clean it up.
+
+407. [bug] the delayed free() logic (DATUMREFCNT) didn't account for
+ the possibility of some NULL pointers, in ns_resp.c.
+
+406. [bug] we were walking through purged list items in ns_forw.c.
+ this caused bad things to happen when glue expired.
+
+405. [bug] "attempted update to auth zone" is no longer a warning.
+
+404. [bug] fp_nquery() is now used everywhere, fp_query() is deprecated.
+
+403. [port] hstrerror()'s result is now declared as const.
+
+402. [bug] a flakey initialization in the resolver has been fixed.
+
+401. [port] removed some junk around getnetbyname(), needs testing on suns.
+
+400. [func] BIND's version number now appears as a comment in zone files
+ written by named-xfer.
+
+399. [func] older, bogus HINFO RR's will now be fixed up with warnings.
+
+398. [bug] "SOA class not same as zone's" is now a zone load error.
+
+397. [func] all of the syslog() priorities have been lowered.
+
+396. [doc] added doc/misc/{FAQ.1of2,FAQ.2of2,vixie-security.ps}.
+
+368. [port] top level Makefile updates: .depend files aren't shipped;
+ solaris, linux, dec osf/1, dynix build more cleanly.
+
+367. [port] LOC RR logic has had some lint removed. also named-xfer.c.
+
+366. [contrib] dnswalk 1.8.3 is now included.
+
+365. [security] initial query ID is no longer a fixed constant.
+
+ --- 4.9.3-beta17 released ---
+
+364. named/ndc.sh didn't always exit with nonzero on errors.
+
+363. include/arpa/Makefile was installing into //.
+
+362. convex cleanups. osf/1 cleanups.
+
+361. minor nit in sprintf() format string in tools/host.c.
+
+ --- 4.9.3-beta16 released ---
+
+360. CRED is long gone.
+
+359. convex systems have getrusage().
+
+358. CPPFLAGS wasn't quite right.
+
+ --- 4.9.3-beta15 released ---
+
+357. netdb.h now externs h_errno.
+
+356. fixed odd corner case bug in res_query().
+
+355. no BIND beta is complete without a patch to shres/PROBLEMS.
+
+354. minor addition to the "ndc" command line syntax.
+
+353. "." domain syslog() raised from LOG_DEBUG to LOG_WARNING.
+
+352. minor nit in named-xfer.c.
+
+351. the BSD/* Makefiles were mode 440, are now 444.
+
+350. new (undocumented) make target: "make mkdirs".
+
+349. output format change in tools/host.c.
+
+348. contrib/* updates.
+
+347. CPPFLAGS variable added to the Makefile tree, should quieten some makes.
+ nextstep, solaris, and svr4 systems have some new build parameters.
+
+346. BOG cleanups and addition of PX RR documentation.
+
+345. more items for RUNSON.
+
+344. several combinations and permutations of compilation options didn't work.
+
+ --- 4.9.3-beta14 released ---
+
+343. Type cast fix for #340.
+
+343. Small change to RUNSON.
+
+342. Removed fsync() call, it really wasn't nec'y and was causing trouble.
+
+ --- 4.9.3-beta13 released ---
+
+341. Small fix for #331.
+
+340. Inverse queries, if enabled, will be logged if QRYLOG is enabled and on.
+
+339. Nonrecursive servers (-r) will once again sysquery() for missing glue.
+
+338. named/ndc now preserves the user's $PATH.
+
+337. SUNSECURITY is now only on for shres/*.
+
+336. New version of contrib/host has been included.
+
+335. tools/nsquery.c and tools/nstest.c were moved to contrib/old/.
+
+334. Portability changes for HP-UX, Solaris, Linux, SCO UNIX.
+
+333. INVQ (inverse query support) now defaults to "off".
+
+332. Some of the internal hashing logic for syslog() rate limiting was not
+ accurate (more things were logged than should have been).
+
+ --- 4.9.3-beta12-patch2 released ---
+
+331. Default domain in $INCLUDE files is now intuitive (rather than ".").
+
+330. Lame delegations are now only logged for class "IN".
+
+329. Format change to XSTATS output to make it more readable.
+
+328. Bad responses could cause core dumps in DiG, nslookup, etc.
+
+327. The now-requisite change to shres/* was discovered and put in.
+
+326. Portability changes for Linux, SCO, ULTRIX3, NeXT.
+
+325. Bit the bullet and reset all the RCS revision numbers to 8.1==4.9.3.b12.
+
+ --- 4.9.3-beta12-patch1 released ---
+
+324. Added some missing pieces to the NSAP and NSAP_PTR handling.
+
+323. Tightened some of the GEN_AXFR code, fixed potential C_HS problem.
+
+322. Fixed minor niggle in the way "dig" parses its arguments.
+
+321. Final(?) tuning of the SunOS shres stuff.
+
+320. Reorganized the SunOS build params in the top level Makefile.
+
+ --- 4.9.3-beta12 released ---
+
+319. Fixed DiG so that ". IN NS" was the default if no args are given. (Vixie)
+
+318. Merged the resolver with 4.4BSD's; made a BSD/ subdirectory off the main
+ tree for easy integration into BSD/OS, FreeBSD, NetBSD, et al; moved the
+ "master" subdirectory to "conf/master" to cut down on top level clutter.
+
+317. Lots of last minute fiddling to make Beta12 "right". (cast of thousands)
+
+316. Minor byte order bug in BIND_NOTIFY. (Grange)
+
+315. Added code to db_load() to detect "no RR's found" case. (Vixie; Heiney)
+
+314. "Zone declared more than once" test added. (Grange; Vixie)
+
+313. XSTATS interval was changed from "no more than once a minute, and usually
+ every fifteen minutes" to "no more than once an hour, and usually every
+ hour". (Gianopoulos; Vixie)
+
+312. Minor stuff in BIND_NOTIFY and the Ultrix and OSF/1 builds. (Heiney)
+
+311. Continuing hacks to LOC RR (experimental) and shres/*. (Davis)
+
+ --- 4.9.3-beta11-patch5 released ---
+
+310. Minor BOG patches. (Shapiro)
+
+309. Minor LOC RR lint. (Heiney; Truck)
+
+308. Minor STUBS changes in ns_req.c. (Andrews)
+
+307. Ultrix and OSF/1 now install "man" (not "cat") pages. AIX now installs
+ *.[0-9] rather than *.0 pages. (Vixie, et al)
+
+306. conf/Info.* moved to new directory doc/info/*. (Vixie)
+
+305. NOTIFY could cause multiple simultaneous axfr's. (Andrews; Vixie)
+
+ --- 4.9.3-beta11-patch4 released ---
+
+304. Minor fixes to PURGE_ZONE, CLEANCACHE, RETURNSOA, and dig. (Mark Andrews)
+
+303. LOC RR support is now in. (Chris Davis; Vixie)
+
+302. General portability stuff (with ISC leanings). (Mark Galbraith)
+
+301. Minor DiG portability fix. (Dima Volodin)
+
+300. Yet more HINFO fixes. (Gianopoulos)
+
+299. Really minor patch to tools/nstest.c, plus AIX fixes. (David Bolen)
+
+298. More shres/* fixes. (Davis; Woods)
+
+297. Minor SCO fixups. (Eduard Vopicka)
+
+296. Fixed #include <signal.h> problem in db_glue.c. (cast of thousands)
+
+295. Minor goofs in the sources. (Grange; Gianopoulos)
+
+294. Minor patch to the BOG (font problem). (Shapiro; Vixie)
+
+ --- 4.9.3-beta11-patch3 released ---
+
+293. Minor #ifdef screwup corrected. (Mohamed Ellozy)
+
+292. Small HP-UX portability change. (Truck)
+
+291. Minor BOG correction. (Harlan Stenn)
+
+290. PX RR support. (Pierluigi Bonetti)
+
+289. Made random refresh interval a little more robust. (Miller; Vixie)
+
+288. Minor portability changes for DEC OSF/1. (Bob Heiney)
+
+287. We now do a setvbuf() on outbound AXFR streams since the system's
+ default size causes more write()'s (and therefore TCP segments)
+ than we really want. (Paul Mockapetris' idea; Paul Vixie's code.)
+
+286. Recast all uses of abort() to call private function panic(). This was
+ nec'y since we use the ABRT (IOT) signal to force a statistics dump, and
+ having it dump statistics inside of abort() was a bad thing.
+ (Mark Andrews noticed the problem; Paul Vixie fixed it.)
+
+285. Minor change to top-level Makefile for OSF/1 man pages. (Shapiro)
+
+284. Minor change to HINFO stuff. (Gianopoulos)
+
+283. Minor changes to XSTATS #ifdef's. (Benoit Grange)
+
+282. Minor change to top-level Makefile for ULTRIX/VAX. (William Gianopoulos)
+
+ --- 4.9.3-beta11-patch2 released ---
+
+281. Another batch of (minor) HINFO changes. (William Gianopoulos)
+
+280. Minor formatting changes to keep ctags happy. (Craig Leres)
+
+279. Minor changes to OPTIONS. (Mark Seiden)
+
+278. New option XSTATS (default "on" for now). (Benoit Grange)
+
+277. res_mkquery() wasn't calling res_init(). (Philip Gladstone)
+
+276. Minor cleanup to shres/INSTALL. (Chris Davis)
+
+275. We now set a SO_LINGER on outbound zone transfers. (Peter Wemm; Vixie)
+
+274. Minor portability fix for VAX Ultrix. (Stan Barber)
+
+273. Fixed two time warp problems. (Bob Heiney; Paul Vixie)
+
+272. Named-xfer will now log and error and abort if it encounters an RR type
+ it doesn't recognize. (Mark Andrews; Paul Vixie)
+
+271. Minor cleanups to the HINFO comparison code in db_update. (Bryan Beecher)
+
+270. Made CLEANCACHE less of a CPU hog. (Benoit Grange; Mark Andrews)
+
+269. Add even more branches to the cred/clev decision tree, to make it more
+ robust about borderline data at zone cuts. (Jack McCann; Mark Andrews)
+
+268. New option (default: "on" for now): PURGE_ZONE. (Mark Andrews)
+
+267. Added contrib/misc/{soa-easy,dnsfind}.shar. I will not be including
+ this in the b11p2 diffs, though it will be in the next full kit.
+ (Tim Cook)
+
+266. I finally broke down and made a recommendation in the BOG with respect to
+ "nameserver 127.0.0.1". (Greg Woods supplied the patch)
+
+265. Minor portability stuff for SunOS. (Greg Woods)
+
+ --- 4.9.3-beta11-patch1 released ---
+
+264. 900-second check removed; TTL==0 should work now. (Mark Andrews)
+
+263. Minor db_save() patch for initializing memory. (Bryan Beecher)
+
+262. Minor ESIX (SVR4.0.4/gcc) changes. (John Polstra)
+
+261. Minor dig-related patch to res_send.c. (Mark Andrews)
+
+260. Minor line number fix for ns_init(). (Havard Eidnes)
+
+259. NetBSD shared library stuff is now in contrib/misc/netbsd-shlib.shar.
+ (Matt Ragan)
+
+258. NeXT portability changes. (Allan Nathanson)
+
+257. Minor HP-UX portability stuff. (Lewis; Corrigan)
+
+256. Two medium sized bugs in BIND_NOTIFY. (Don "Truck" Lewis)
+
+255. Minor lint in ns_req.c. (Mark Andrews)
+
+254. Minor ndc.sh build problem. (Michael Corrigan)
+
+253. Minor coding inconsistency in res/res_comp.c. (Jeff Schreiber; Vixie)
+
+252. Minor BOG addition (SIGIOT). (Bryan Knowles)
+
+ --- 4.9.3-beta11 released ---
+
+251. If a master zone's serial number goes backwards, named now logs a
+ warning. (Mark Andrews)
+
+250. Minor portability nit in ns_forw(). (Simon Leinen)
+
+249. Another portability problem fixed in ndc.sh. (Corrigan)
+
+248. Declaration problem with findZonePri() fixed. (Corrigan)
+
+247. References to CNAMES from MX/NS/MB will now be explicitly logged. (Vixie)
+
+246. Made the BIND_NOTIFY logic more robust; it still does not match the
+ current I-D (no delays yet). (Vixie)
+
+245. Fixed a writable-string problem. Added a lot of ANSI "const"'s. (Vixie)
+
+ --- 4.9.3-beta10-patch1 released ---
+
+244. Added shres/PROBLEMS file. (Chris Davis)
+
+243. Corrected the BOG on the meaning of ".". (Doug Luce, Paul Vixie)
+
+242. SOA's can now be stored in $INCLUDE files. (John Lind)
+
+241. Rejection of 0.0.0.0 had a potential seg fault. (Mark Andrews)
+
+240. NoRecurse wasn't preventing queries for missing glue. (Mark Andrews)
+
+239. WKS nonaggregation test had bad length. (Ed Clarke, Chris Britton)
+
+238. NeXT library problem worked around. (Greg Wohletz)
+
+237. Core dump fixed in the dprintf() macro. (Eric Murray)
+
+236. MBZ fields in new queries were actually stack trash. (Olson, Vixie)
+
+235. Adds and changes to contrib/:
+ Added contrib/misc/dnstools.shar, from alt.sources. (Eric Murray)
+ Added contrib/misc/settransfer.shar (nonrecommended). (Tom Brisco)
+ Updated contrib/host/* with latest public version. (Eric Wassenaar)
+ Updated contrib/host/makezones with latest pub. version. (Philip Hazel)
+
+234. Made the "ps" command needed by ndc.sh a configurable parameter.
+
+ --- 4.9.3-beta10 released ---
+
+233. Added and reordered a lot of code in ns_resp() to cause it to be
+ slighly harder to spoof with bad packets. More work needs to be done,
+ so that named will be as spoof-proof as the resolver has become. (Vixie.)
+
+232. Added new RR types to include/arpa/nameser.h, per RFC 1700. (Vixie)
+
+231. New "ndc" command. (Vixie)
+
+230. The VALIDATE option is now formally deprecated. It has bugs its detection
+ of invalid responses, and is known to mutilate perfectly valid CNAME
+ responses, to the detriment of clients. This code will likely be deleted
+ in the next BIND release, to be replaced by an ``always restart query''
+ strategy. (Vixie)
+
+229. Moved a syslog() so that primary as well as secondary loads are logged.
+
+228. Resolver functions now reliably set h_errno. (Vixie, Wassenaar)
+
+227. Expired zones now lose their cached serial number information, giving
+ an opportunity to refresh a zone after a serial number goes backward.
+ (Andrews)
+
+226. Sun386i support crept in on little cat feet. (Brownlee)
+
+225. UDP packets could be overstuffed by 12 bytes. (Reilly, Vixie)
+
+224. failing connect()'s in named-xfer will no longer be logged. (Andrews)
+
+223. merged IETF stream (Vixie):
+ a. made ALLOW_UPDATES even more optional (it will disappear soon);
+ b. added NOTIFY option (experimental);
+ c. cleaned up some comments;
+ d. removed T_SA (was experimental, replaced by ROUND_ROBIN);
+ e. made named/Makefile's default CFLAGS -g (it usually inherits -O);
+ f. random code cleanup;
+ g. some internal errors are now fatal instead of warnings.
+ these changes were brought in once it became clear that there would be
+ another Beta of 4.9.3.
+
+222. tools/Makefile was using "make" instead of "${MAKE}". (Day)
+
+221. yet another bug was found and fixed in the SUNSECURITY code. (Brown)
+
+220. a variable reuse problem in the SUNSECURITY syslog()'s in gethnamaddr.c
+ was fixed. (Wohletz, Wemm, Vixie)
+
+219. "stub" root zones now affect the hint cache (STUBS is experimental).
+ in this situation it is reasonable to not have a "cache" directive,
+ and some code was reordered to make this possible. (Andrews)
+
+218. contrib/umich/lame-delegation/LISA-VI-paper.ps is now a proper
+ PostScript(tm) file. (Davis)
+
+217. syslog() cleanups in named-xfer.c. (Vixie, Barrett)
+
+216. shres/Makefile now forces -O. (Braniss, Ray)
+
+215. New contrib/misc/ctldns.sh. (Bush)
+
+214. New contrib/misc/dns-peers.info. (Wolfhugel)
+
+213. BOG and named(8) fixes. (Paffrath, Vixie, Hawkinson)
+
+212. database input errors will no longer cause the following line to
+ be ignored. (Gianopoulos)
+
+211. the TXT RR fixes done so far in 4.9.3 have been backed out; we're
+ back to the 4.9.2 behaviour. (Gianopoulos)
+
+210. the authority section will no longer duplicate the answer section
+ if both would contain the same NS RR set. (Vixie)
+
+ --- 4.9.3-beta9-patch1 released ---
+
+209. installed marka's patch to CRED that fixes BETA9's flaw.
+
+208. added comment to README about -l44bsd and inet_aton().
+
+207. new directory: contrib/multizdb. highly nonrecommended.
+
+206. small NextStep change in Makefile.
+
+ --- 4.9.3-beta9 released ---
+
+205. minor Makefile fix after beta9 was previewed on bind-workers; also, a
+ new file conf/Info.Linux-more has been included.
+
+204. BOG fixes.
+
+203. netlists elements are now
+ { addr [ "&" mask ] }
+ which for the EBNF-impaired, means that "&" introduces an explicit mask.
+ implicit masks are either by-class or 0xffffffff, depending on ALLOW_HOSTS
+ in the call to get_netlist().
+
+202. name compression is now case-insensitive.
+
+201. duplicate RRDATA won't trigger the new "auth warning" in db_update().
+
+ --- 4.9.3-beta8-patch2 released ---
+
+200. added a haveComplained() to limit auth warnings.
+
+199. fixed idiotic code reordering from patch1.
+
+ --- 4.9.3-beta8-patch1 released ---
+
+198. a bad-string-termination bug was fixed in getnetanswer().
+
+197. an uninitialized-variable bug was fixed in db_update().
+
+ --- 4.9.3-beta8 released ---
+
+196. Several minor corrections were made to the BOG.
+
+195. "clev" now distinguishes between root and TLD (wasn't worth a darn before)
+
+194. empty nodes in authority zones are now protected from non-auth updates.
+ (most of db_update() was rewritten to fix/support this.)
+
+193. negative cache items weren't updated before, now they are.
+
+192. zone updates from answers were prevented for new types but not if some
+ rr already existed with that type. fixed. also syslogged.
+
+191. the cache now distinguishes between authoritative answers and zone rr's.
+
+190. negative cache items are now marked appropriately authoritative.
+
+189. CRED is no longer optional.
+
+188. Another enhancement has been made to HINFO parsing. Named-xfer now
+ accepts RFC-bogus input formats generated by previous versions of BIND.
+
+187. SUNSECURITY now forces RES_DEFNAMES on so that relative "localhost" works.
+
+186. Minor portability fixes for DEC OSF/1, HP-UX.
+
+ --- 4.9.3-beta7-patch2 released ---
+
+186. i forgot to comment out template Linux lines in top Makefile. fixed.
+
+185. "bogusns" directive significantly strengthened, for IN-ADDR.ARPA problem.
+ also fixed a bug in hardcoded root server lame detection.
+
+ --- 4.9.3-beta7-patch1 released ---
+
+184. Yet another ULTRIX incompatibility has been worked around.
+
+183. Bogus HINFO RR's will no longer cause corrupt secondary zone files.
+
+182. NeXT support is now complete. Builds right out of the box.
+
+181. Updated TODO file.
+
+180. Added new INSTALL file.
+
+179. Minor doc fix in OPTIONS file.
+
+178. Security-related bug fix to new sunos shres/* stuff.
+
+177. Limited Linux portability was added.
+
+176. Trailing dots on zone names in named.boot are now ignored.
+
+175. Random lint was removed.
+
+174. DiG changes: increment version number (2.1), allow default domain (.).
+
+ --- 4.9.3-beta7 released ---
+
+173. named-xfer would act strangely if trailing dot domains given as arguments.
+
+172. setenv() now provided on systems that need it (NeXTStep, e.g.).
+
+171. doc changes for shres/*.
+
+170. fixed debugging output problem in ns_req.c.
+
+169. fixed portability "bugs" on ultrix systems (some tools wouldn't link).
+
+168. minor functionality change in named/ns_validate.c.
+
+167. minor lint in res/res_comp.c.
+
+166. minor change to contrib/doc-2.0/*.
+
+ --- 4.9.3-beta6 released ---
+
+165. another small adjustment to the Apollo section of the Makefile.
+
+164. a completely new shres/* was submitted; contrib/sunlibc is deprecated.
+
+163. INVQ is back on again by default. See README.
+
+162. another set of patches for obscure corner cases in the HINFO parser.
+
+161. added new SUNOS4 macro to Makefile and conf/portability.h; this should
+ fix the trouble folks were having with strerror() on SunOS 4.X systems.
+
+160. minor Makefile changes.
+
+159. processes which send outbound zone transfers now close all inherited
+ descriptors, since they can be longer-lived than the main named.
+
+ --- 4.9.3-beta5 released ---
+
+158. various lint involving options which are rarely defined.
+
+157. sunos needed -DBSD=43 rather than -DBSD.
+
+156. minor memory leak fixed in ns_req.c.
+
+155. some install directories for DGUX were wrong.
+
+ --- 4.9.3-beta4 released ---
+
+154. a new man/* hierarchy was installed which should be more portable.
+
+153. a new contrib/host has been included.
+
+152. a parsing problem in HINFO was fixed.
+
+151. a few minor changes to contrib/sunlibc/Makefile.
+
+150. typo in res_send.c fixed.
+
+149. fine tuning the credibility-level heuristics.
+
+148. dn_expand() will fail on names which have bad characters in them.
+
+147. disappearing zones could cause a core dump in syslog() - fixed.
+
+146. text of warnings in named-xfer corrected.
+
+145. limited DGUX, RISCOS support added.
+
+144. contrib/sunlibc/Makefile MFLAGS/MARGS problem fixed.
+
+143. another SunOS recv() bug has been worked around.
+
+142. various BOG fixes.
+
+141. updated master/root.cache file from latest InterNIC version.
+
+140. Added ``max-fetch'' to named(8).
+
+139. NOT_BIND problem in named/tree.c fixed.
+
+138. minor lint, memory leaks, and portability problems were fixed.
+
+ --- 4.9.3-beta3 released ---
+
+137. some serious (and recently) dynamic memory bugs were killed.
+
+136. a reference to uninitialized data was fixed in res_query().
+
+135. a RES_STAYOPEN-related bug was fixed in res_send().
+
+134. isascii() and isxdigit() now simulated on systems which lack them.
+
+133. named's local setproctitle() has been renamed to avoid system conflicts.
+
+132. minor bugfix to negative caching code.
+
+131. minor bugfix in validation code.
+
+130. the typestats[] multiple definition problem was fixed.
+
+129. some Sequent portability changes were folded in.
+
+128. a new contrib/sunlibc was donated, but hasn't been tested.
+
+127. minor changes to contrib/sunlibc/Info.*. is anybody using shres/*, tho?
+
+126. STDIN_FILENO and STDOUT_FILENO are now defined by conf/portability.h.
+
+125. there is now a ``max-fetch'' directive in the boot file (see the BOG).
+
+124. there is now a RENICE option in conf/options.h.
+
+123. the toplevel Makefile has been made slightly more readable.
+
+122. <<DELETED>>
+
+121. minor fixups in the lame delegation code.
+
+ --- 4.9.3-beta2 released ---
+
+120. I upgraded my "-me" macros so that the included doc/bog/file.psf is OK.
+
+119. NXDOMAIN responses from the negative cache will now always be
+ authoritative. this is the least of all evils, trust me.
+
+118. strcasecmp() in compat/lib is now ANSI compliant.
+
+117. PTR RR's are no longer subject to ROUND_ROBIN processing.
+
+116. writev() emulation for SCO had a bug.
+
+115. the resolver no longer calls sscanf() or qsort().
+
+114. minor debugging nit cleaned up in res_querydomain().
+
+113. IP options on incoming connections are now logged and ignored. This
+ should probably be done for datagrams as well but not today.
+
+112. tree.c made portable to non-POSIX/ANSI systems.
+
+111. NSAP RR's are now supported. NSAP_PTR RR's are deprecated and so left out.
+
+110. outbound zone transfers are now logged.
+
+109. various lint cleaned up wrt 16-bit integer handling.
+
+108. named-xfer was exiting bogusly on some systems due to flakey kernel
+ interfaces. i've rewritten some of the code to avoid the problem,
+ and fixed plenty of lint in the process.
+
+ --- 4.9.3-beta1 released ---
+
+107. Apollo systems were dumping core because of a missing #include <resolv.h>.
+
+106. NSAP and NSAP_PTR RR's now recognized by res_debug() (but nothing else).
+
+105. NeXTstep 2.1/3.0 and Pyramid dcosx now nominally supported.
+
+104. res_querydomain() was doing Bad things if given an empty name.
+
+ --- 4.9.3.a5.p4 published ---
+
+103. named-xfer's exit cause is now syslog()'d more often/clearly (Paul Vixie).
+
+102. I left out a ";" in the new compat/lib/ftruncate.c file (Craig Leres).
+
+101. X25, ISDN, and RT RR support have been added (Michael A. Meiszl).
+
+ --- 4.9.3.a5.p3 published ---
+
+100. Another glitch (very minor this time) was found and fixed in the
+ QSERIAL logic. This was a performance problem only -- reliability
+ wasn't affected (Bob Heiney).
+
+99. SCO UNIX is now supported, thanks in part to Michael A. Meiszl.
+
+98. I witlessly used a GCC-only feature (automatic aggregate initialization)
+ in a5p2. Kazuhisa Shimizu was the first to report it.
+
+ --- 4.9.3.a5.p2 published ---
+
+97. NEC EWS4800 EWS-UX/V Rel4.0/Rel4.2 support (from Kazuhisa Shimizu).
+
+96. Some of the security checking logic in the new res/gethnamaddr.c's
+ getanswer() was happening in the wrong order (thanks, Bob Heiney).
+
+95. Minor typo in the man/host.1 man page (caught by Robert Elz).
+
+94. DiG was groping core if given more than 10 tokens in a lookup string
+ (Michael J. Corrigan provided the fix).
+
+93. Queries to INADDR_ANY ("0.0.0.0") come back from the system's primary
+ interface, and res_send() was discarding them. A proper fix would add
+ a lot of code to the resolver, so for now we'll just work around it
+ (Michael J. Corrigan reported this).
+
+92. The "data outside zone" syslog message was misleading (Bob Heiney).
+
+ --- 4.9.3.a5.p1 published ---
+
+91. res/gethnamaddr.c wouldn't compile on non-BSD systems since it depended
+ on LOG_AUTH which is a post-4.3 feature (Bob Heiney reported this).
+
+ ****** 4.9.3-alpha5 released ******
+
+90. redid most of my previous round of prototyping now that i truly
+ understand which variables and parameters should be u_char and which
+ ones should be char. (Vixie)
+
+89. added (optional) prototypes for _getshort() and _getlong(); this means
+ the calls all need casts of their argument since it usually isn't a
+ u_char*. Also prototyped res_query(), res_search, and the nominally
+ private but for some reason not static res_querydomain(). (Vixie)
+
+88. security related: responses from servers we didn't query are now ignored
+ by the resolver; answers with QDCOUNT!=1 are treated as errors; name
+ mismatches in the question or any part of the answer field are syslog()'d
+ and ignored. (Vixie)
+
+87. fixed a bug in the SUNSECURITY stuff. (Vixie)
+
+86. a long standing bug in the name hashing code that caused it to ``hash in''
+ the case of the name's characters, was found and fixed. (twice.) (Vixie)
+
+85. Bob Heiney did some performance analysis and concluded that samedomain()
+ was soaking down cycles at a rate disproportionate to its usefulness; he
+ reimplemented it in a way that violated the (good,fast,cheap) rule.
+
+84. the RFC1101 implementation of getnetby*() was using case-sensitive
+ string compares.
+
+83. fp_query() will no longer try to format packets larger than PACKETSZ,
+ and for perversity, dig and named are now prepared to handle replies
+ (via TCP) larger than PACKETSZ. new function: __fp_nquery(). (Vixie)
+
+82. multiline initial syslog() is fixed (Bill G).
+
+81. Don Lewis sent in a big update for the lame delegation logic. Vixie fixed
+ one bug. Bryan Beecher had a big hand in this.
+
+80. TCP replies can now be up to 8K in size (don walsh).
+
+79. validation bug fixed (don lewis).
+
+78. BOG patches from mike minnich and others.
+
+77. more lint fixes for Cray (norb brotz).
+
+76. a new hostname(7) man page was contributed by Art Harkin.
+
+75. DESTINC is now a settable Makefile parameter (Marion Hakanson).
+
+74. the zones-not-transferring bug is finally gone.
+
+73. now using LOG_PERROR in openlog(); many parallel dprintf()'s are gone.
+
+72. inability to retrieve serial number via UDP now forces TCP transfer.
+
+71. removing secondary zone files and SIGHUP'ing will now force a transfer.
+
+70. "cache" directives can now specify "/class" as documented in the BOG.
+
+69. Mark Andrews' fix for the ns_forw core dump is in.
+
+68. Keith Bostic fixed some typo's in the man pages.
+
+67. Compiling without NCACHE is possible now (John Hanley).
+
+66. Bill Gianopoulos and Alan Barrett finally agreed on what glue was and
+ Bill's alpha4 patch is mostly gone now, and one new idea was added.
+
+65. BOG improvements (Vixie, Brooks).
+
+64. Mark Andrews' CLEANCACHE (recommended) and RETURNSOA (__NOT__ recommended!)
+ are in. RETURNSOA should not be enabled at this time; there's nothing
+ wrong with the code but it will cause cache corruption in older servers
+ and may not be necessary. The jury is still out.
+
+63. outbound zone transfers are now logged (requested by Ron Johnson).
+
+62. serial number queries sent out for zone transfer purposes will now be
+ limited to a maximum of four (4) simultaneous outstanding; this keeps
+ BIND from overflowing its UDP socket buffer when hundreds of zones must
+ be checked (still trying to fix Paul Pomes' problem).
+
+61. short A RR's in responses will no longer lead to purify errors due to short
+ malloc()'s in savedata() (thanks to Nicholas Briggs for reporting this).
+
+ ****** 4.9.3-alpha4 released ******
+
+60. manifest constants used instead of "sizeof({u_,}int{16,32}_t)", for
+ systems which lack 16- and 32-bit integers (paul vixie for norm brotz).
+
+59. zone transfer anti-glue logic made RFC1034-compliant (bill gianopoulos).
+
+58. seg fault in sysquery() (from LAME_DELEGATION) fixed (mark andrews).
+
+ ****** 4.9.3-alpha3 released ******
+
+57. a big, hefty patch was made to the negative caching logic (mark andrews).
+
+56. named-xfer will no longer scramble the default origin (alan barrett).
+
+55. random bits of lint found and removed (mario guerra).
+
+54. convexos-10 is now supported (jukka ukkonen).
+
+53. seg fault in database dumps (from VALIDATE) fixed (don lewis).
+
+52. problem with extra bogus 0.0.0.0 A RR's from VALIDATE fixed (mark andrews).
+
+51. the LAME_DELEGATION logic once written into 4.8.3 by don lewis has
+ been substantially reworked and put into 4.9.3-alpha3 (bryan beecher).
+
+50. all instances of "sizeof(HEADER)" were changed to "HFIXEDSZ" to make
+ life easier for the cray. also, "struct HEADER" in include/arpa/nameser.h
+ uses just bit fields now, for portability to 64-bit systems without
+ 16-bit integer types. (norb brotz suggested it; paul vixie did it).
+
+49. build changes for NeXT and AIX systems (artur romao; c. wolfhugel).
+
+48. random sunshlib changes (piete brooks).
+
+47. minor fixes for solaris build (carson gaspar; paul pomes).
+
+48. a few bugs were wrung out of the BOG (per hedeland; vixie).
+
+ ****** 4.9.3-alpha2 released ******
+
+47. several obscure Makefile problems were fixed (vixie).
+
+46. there is now a per-primary-NS quota for simultaneous zone transfers; this
+ will cut down on the retry thrashing seen on servers that are secondary for
+ thousands of zones (vixie).
+
+45. a bug introduced by change #23 has been fixed (marten terpstra; apb).
+
+44. the "data outside zone" messages are now consistent (piete brooks; vixie).
+
+43. several #include's were reordered in res/*.c and a few #ifdef's were
+ changed; BIND should now run OK on DGUX (henry miller).
+
+42. several changes to the conf/options.h and Makefile (vixie):
+ -> SVR4 has been added as a top-level Makefile CDEFS option
+ -> SYSV has moved from conf/options.h to the top level Makefile
+ -> INVQ is now an "#ifdef" rather than a "#if"
+
+41. resolver no longer uses initialized static data, which should make shared
+ libraries easier to generate (vixie did it, at the urging of many others).
+
+40. now compiles on Apollo DomainOS (don lewis).
+
+ ****** 4.9.3-alpha1 released ******
+
+39. lots of lint found and fixed (craig leres).
+
+38. illegal enum compare fixed in named/ns_stats.c (vixie).
+
+37. missing ')' added in SUNSECURITY section of res/gethnamaddr.c (h miller).
+
+ ****** 4.9.3-prealpha released ******
+
+36. ***REMOVED***
+
+35. various bugs were fixed in the negative caching (vixie; mark andrews).
+
+34. several debugging and dump output problems were fixed (mark andrews).
+
+33. TXT RR's can now be read from zone files even if they lack quotes;
+ the RFC doesn't say quotes are needed (jim martin).
+
+32. limited support for AIX-3 is now included (christoph wolfhugel).
+
+31. SUNSECURITY is now an obvious default in ./Makefile (p killey; b beecher).
+
+30. VC queries that time out are now GC'd and SERVFAIL'd (mark andrews).
+
+29. HP-UX 9.0's top-level makefile variables have been changed (don lewis).
+
+28. various fixes for tools/host.c (jim martin; mark andrews).
+
+27. syslog messages logged by SUNSECURITY will now include the address of
+ the host that's having problems (david morrison).
+
+26. systems whose connect() calls fail if a socket is already connect()'d
+ will now have their sockets closed and recreated in res_send() (piete
+ brooks; mark andrews; vixie).
+
+25. res_send() will now corrected reset its "connected" variable when the
+ connectedness of a socket changes (mark andrews).
+
+24. SERVFAIL responses will no longer terminate the res_search() inner loop,
+ thus catastrophic problems with early search elements will no longer
+ prevent res_search() from trying later search elements (bryan beecher;vix).
+
+23. non-NS RR's for delegated subzones will no longer be accepted in a zone
+ transfer (alan p barrett).
+
+22. the setting for _PATH_PIDFILE is now overridden by the Makefile (l hume).
+
+21. named.restart.sh now has a smaller path with %DESTSBIN% first therein;
+ this should prevent the vendor version of named from being exec'd by
+ accident (leigh hume).
+
+20. big change: statistics are now kept "per name server" rather than as
+ a single global array. the /var/tmp/named.stats file format has changed
+ quite a bit, so older awk/perl scripts are likely to stop working.
+
+19. big change: every RR now keeps a pointer to a "nameser" struct; this
+ currently permits SIGINT-initiated dumps to include the address of all
+ non-zone data, which will help with tracking down corrupt data.
+
+18. db_load.c was missing two #ifdef/#endif's for CRED (mike minnich).
+
+17. don't aggregate SOA or WKS RR's in the cache (vixie).
+
+16. minor cosmetic changes (vixie).
+
+15. fixed typo in compat/Makefile ("LIBDIR" -> "DESTDIR") (rob davies).
+
+14. fixed spurious "accept: interrupted system calls" (vixie).
+
+13. named will now start as many named-xfer's as it should; previously it
+ lost track of the need for transfers at the beginning of each maint
+ cycle. also, we don't bother asking for an SOA if we know that our
+ zone is out of date. i've changed the transfer metrics so that more
+ transfers can happen concurrently, and maint cycles come more often.
+ (andrew partan; vixie).
+
+12. a number of LOG_ERR and LOG_CRIT syslogs were downgraded to LOG_NOTICE
+ (rob davies; vixie).
+
+11. sequence number checking now treats "zero" as a special case.
+ (craig leres; andrew partan; vixie).
+
+10. MFLAGS no longer used explicitly, since it is often used implicitly
+ (mark andrews; vixie).
+
+9. ADDAUTH is no longer considered experimental (tony stoneley; vixie).
+
+8. several obscure type bugs fixed (don lewis).
+
+7. signal handlers all now preserve errno (don lewis).
+
+6. TTL deprecation made more portable (don lewis).
+
+5. now compiles on Apollo DomainOS and is generally more POSIX-ish (don lewis).
+
+4. bryan beecher's "query" tool has been promoted to tools/ and renamed to
+ dnsquery. minor changes were required in several Makefiles (vixie).
+
+3. "make links" at the top level will now make a higher resolution link tree,
+ which makes porting easier on some systems (ian dickinson).
+
+2. Convex feof() bug now has a workaround (jukka ukkonen).
+
+1. gethostby*() will no longer overwrite its fixed-size array if a host with
+ too many addresses is handled (reported by piete brooks, fixed by vixie).
+
+-------------------------------------- 4.9.3 above, 4.9.2 below
+
+4.9.2 ------------------ FINAL ----------------- Paul Vixie
+
+57. updated TODO, README files.
+
+56. fix to contrib/sunlibc/Makefile.
+
+55. several new items in contrib/.
+
+54. Corrected bad command line parsing bug in tools/dig.c; also added the
+ old query timing code back in (thanks to Havard Eidnes).
+
+53. Ported contrib/decwrl/host.c to the modern interfaces.
+
+4.9.2 ------------------ BETA5 ----------------- Paul Vixie
+
+52. A number of optimizations that fell out of negative caching and/or the
+ validation code have been turned off in order to avoid confusing older
+ nameservers and their unfortunate assumptions about co-invariants.
+ Mark Andrews and Robert Elz were the principle debuggers and contributors
+ to this part of the effort.
+
+51. We're now much more portable to systems without Posix or BSD signals,
+ thanks to Bill Wisner.
+
+50. tools/host.c now has more reasonable error messages and can deal with
+ negative caching servers.
+
+49. Lots of Makefile gaffes are now fixed.
+
+48. New "host" in contrib/host/, complements of Eric Wassenaar.
+
+47. AFSDB support is now complete, thanks to Chris Everhart.
+
+46. The bug whereby named would sporadically return NXDOMAIN when it should
+ have sent back a referral has been fixed.
+
+4.9.2 ------------------ BETA3, BETA4 ----------------- Paul Vixie
+
+45. Robert Elz has provided updated LOCALDOMAIN environment variable
+ processing, making it more like resolv.conf's "search" than "domain".
+ In the spirit of this I have added a RES_OPTIONS environment variable
+ and a corresponding "options" keyword to resolv.conf. All of this is
+ documented in the man pages and in the BOG. Robert has also contributed
+ several bug fixes to the validation and negative caching code.
+
+4.9.2 ------------------ ALPHA ----------------- Paul Vixie
+
+44. BETA1, BETA2, and three patches to BETA2 have all come and gone without
+ itemized descriptions in this file. I'll provide the RCS history on the
+ code to anyone who asks, but basically what's been happening is that some
+ core dumps were fixed, others added, then those were fixed too. Meanwhile
+ RFC 1535 has been published, codifying CERT's concerns and our answer to
+ them. BIND is now RFC 1535 compatible. RFC's 1535, 1536, and 1537 are
+ now included in the doc/ directory. Note that Mark Andrews supplied many
+ of the fixes to the core dumps, some of which were introduced by me and
+ some by ISI's negative caching and/or validation code.
+
+43. patch05 to ALPHA2 (930908) released: this includes new DNSRCH logic to
+ correct a serious problem that CERT called me with today. the change is
+ subtle and will have the effect that names which could match either as
+ fully qualified names or partially qualified names using the local search
+ list will be found as fully qualified. previous releases would have found
+ them first through the local search list. local search lists are a bad
+ idea in my opinion; see new SEARCH_DEFAULT option in OPTIONS file for more
+ information. also in this release: limited Solaris support, in the form
+ of POSIX-style signal handling used on systems which support (or require)
+ it. as of this patch, 4.9.2 has a good chance of compiling out of the box
+ on Solaris, modulo makefile edits. dig and host should be more portable
+ now, too.
+
+42. patch04 to ALPHA2 (930908) released: this corrects several borderline
+ syntax errors in various Makefiles (Sun and Ultrix makes complained);
+ it corrects a coredump on Ultrix systems (which aren't really as POSIX
+ as i thought they were); it lets dig and nslookup compile again on SunOS;
+ and it cleans up some dirty junk in named-xfer.c. this stuff is really
+ really minor but i would like to see it tested on a Sun system before the
+ beta.
+
+41. patch03 to ALPHA2 (930908) released: this uses compat/include by default
+ which is helpful on BSD/386 systems and shouldn't hurt any others except
+ perhaps real 4.4BSD systems (and maybe not even those); it removes Bryan
+ Beecher's SHUFFLE_ADDRS option since he and I agree that Marshall Rose's
+ ROUND_ROBIN stuff is more general and cleaner; it includes various patches
+ to the documentation sent in by several folks (please print the BOG and
+ let me know if you find problems in it); it fixes "make depend" problem
+ in "man/" subdirectory; it fixes several outright bugs in Gregory Shapiro's
+ SECURE_ZONES code; it removes an obscure syslog() that should have been a
+ dprintf() ("validate_count -> 0"); it fixes a bug in NCACHE whereby a T_ANY
+ query for a name which was negatively cached but had children would return
+ _answers_ with the T_ANY type for subsequent queries; several newer syslog
+ messages were reworded to make them clearer; a portability bug in the
+ SUNSECURITY logic was fixed; another in the RFC1101 logic was fixed;
+ support for the PAGER environment variable was added to nslookup (sorry,
+ i know we're in functional freeze but this will enable development in the
+ next cycle and it was pretty simple) and only affects the "view" and "help"
+ commands.
+
+40. patch02 to ALPHA2 (930908) released; this includes more fixed from Mark
+ Andrews, this time to Anant's NCACHE stuff (memory leak and functional
+ bug). Also included is a patch from Gregory Neil Shapiro to his SECURE_
+ ZONES code, which I hadn't noticed since I don't run it here.
+
+39. patch01 to ALPHA2 (930908) released; this includes some fixes from Mark
+ Andrews to his "clev" and ADDAUTH stuff. The "clev" patch fixes a problem
+ on all servers; the ADDAUTH stuff is still experimental so most users will
+ not be affected by it. Dave Morrison also sent a patch for the USE_UTIME
+ logic, which is important for ULTRIX systems.
+
+38. 4.9.2-ALPHA2 released on 930908.
+
+37. Mark Andrews sent an initial attempt at implementing ADDAUTH, which will
+ eventually allow named to include authority and glue RR's with all
+ authoritative answers. I am not sure that the design goal is right, and
+ the implementation currently sends back glue RR's but no authority RR's,
+ so I'm recommending against using this for now. But since it changes some
+ internal interfaces in a harmless enough way, I'm including the changes.
+
+36. Marshall Rose's ROUND_ROBIN code snuck in at the last hour. This is the
+ best answer I've seen to the problems purported to be solved by SA RR's,
+ and my wording in the OPTIONS file shows this.
+
+35. These items from TODO is now done:
+
+ [vixie@pa.dec.com 25apr93]: clean up debugging
+ replace all "#ifdef DEBUG...fprintf(...)...#endif" with dprintf(...)
+ which would be a macro that only expands to an fprintf() if DEBUG is
+ set. dprintf(x, (args)) with x as the log level. perhaps change log
+ levels to be symbolic, and perhaps make them a mask instead of a limit.
+
+ [vixie@pa.dec.com 25apr93]: clean up #ifdef's and portability
+ add and use function prototypes. make everything static that can be.
+ externs should only be in .h files (add more .h files, per module if
+ needed, to cover these). add "export" keyword (null define) to make
+ it clear which names are exported and which are static. all top-blevel
+ names in a module must be "export" or "static".
+
+ [gshapiro@guest.wpi.edu and vixie@pa.dec.com 26apr93]: access control
+ "xfrnets" is ok but what we really need is full access control per
+ zone rather than a global list of acceptable client nets. this is
+ especially important if you send /etc/passwd via zone transfer.
+
+ [postel@isi.edu anant@isi.edu jaffe@noc.rutgers.edu
+ 28apr93]: negative caching
+ Paul:
+ We'ed like to have included in 4.9.1
+ our implemention for negative caching.
+ --jon & Anant.
+
+ [vixie@pa.dec.com 16may93]: inet_addr needs to die
+ to be replaced by calls to inet_aton, which doesn't confuse the
+ broadcast address with bad addresses.
+
+ [Paul: I know you said that you'd like to wait for the IETF DNS WG to
+ "bless" an official load balancing scheme, but I'll be adding my
+ shuffle A records to BIND 4.9 for use here at U-M anyhow. The code
+ mods to existing source files are minimal since the bulk of the work
+ is done in a separate .c I added. If you don't want SA records to
+ move into 4.9.1 unless they become official, please just toss this
+ first entry. --bryan@umich.edu]
+
+ [bryan@umich.edu 25apr93]: add "shuffle A" records
+ There are several schemes for adding some kind of load balancing
+ capability to the DNS. Our "Shuffle Address" (SA) records are one
+ stab at this, and since they're in use at U-M, I need to add them
+ so we can use BIND 4.9 here.
+
+ [bryan@umich.edu 25apr93]: add AFSDB records
+ AFSDB records were proposed in RFC xxxx. We use them here at the
+ University of Michigan, so I need to add them for our copy of
+ BIND 4.9.
+
+ [bryan@umich.edu 25apr93]: small fix to resolver's p_cdname()
+ The current copy of p_cdname() in the resolver does not work
+ for query responses larger than 512 bytes (which can happen when
+ using TCP). A very small modification changes the "sanity check"
+ argument (the second one) to dn_expand() from "msg + 512" to
+ "cp + MAXCDNAME". (This showed up very recently.)
+
+34. While waiting for some last minute changes from volunteers, I looked
+ at my work queue and saw that asp@uunet.uu.net had asked a while ago
+ that named not fork/exec a named-xfer unless it had already determined
+ that the serial number was out of date. This is important to sites like
+ UUNET and DECWRL, which have thousands of "secondary" lines in their
+ named.boot and can take hours to check all the serial numbers at boot
+ time if named forks/execs named-xfer and lets named-xfer compare the
+ serial numbers, rather than comparing them in named and only fork/exec'ing
+ a named-xfer if it's actually neccessary to do a transfer. In spite of
+ C's lack of threads, this only took a few hours to do. So it's in.
+
+33. Gregory Shapiro's "secure_zone" changes are in. See the BOG.
+
+32. Internals changes: STATS is no longer optional; ns_req() has been split
+ into three functions for readability. Convex systems are now supported.
+ You can now define LOG_FAC in conf/options.h if you want to syslog as
+ LOG_LOCAL1 or some other non-LOG_DAEMON value. The mkstemp() problem on
+ ULTRIX has been fixed. More dead code has been eliminated.
+
+31. Large TCP queries are now printable in debug mode (which is used by
+ "dig" and "nslookup"), thanks to a patch and a lot of patient explain-
+ ations from Bryan Beecher.
+
+30. Data from subdomains ("deeper zones") is now considered more credible
+ than data from parent zones, if both are authoritative. This permits
+ a subdomain's data to differ from its parents delegation information
+ and have the most-local information supercede the least-local. Mark
+ Andrews <marka@syd.dms.csiro.au> sent this in, and it is nonoptional.
+
+29. rossc@ucc.su.oz.au's SUNSECURITY patch is now included, along with
+ marka@syd.dms.csiro.au's performance improvement to it. Note that
+ I am violating my own policies by including this, since it came
+ without a corresponding patch to OPTIONS, conf/options.h, and the BOG.
+
+28. Interfaces with multiple addresses were not being handled properly.
+ This is an issue for 4.3-Reno and later BSD systems, including BNR2
+ ("Net-2") and 4.4BSD. Multiple addresses are not properly handled
+ as if they were all aliases for the localhost.
+
+27. Jukka Ukkonen <ukkonen@csc.fi> sent me some patches for the Convex,
+ which I've put it but cannot test.
+
+26. sob@tmc.edu (Stan Barber) sent me new versions of contrib/host/host.c
+ and contrib/host/send.c, which I have installed but not tested. I am
+ still waiting for someone to update the version in tools/host.c, which
+ is going to be a lot more work. Contact me via e-mail if you want to
+ help.
+
+25. My credibility stuff from the original 4.9 (and before that, KJB)
+ was operating under a ``scorched earth'' policy due to a brain fault
+ on my part when I wrote the code originally. Tim.Goodwin@pipex.net
+ discovered this and sent in a patch. Note that throwing out glue is
+ generally OK since glue is generally NOT OK, but disposing of it after
+ ~20 references is a lot better than disposing of it after 1 reference.
+
+24. NS RR sorting on forwarded and system queries was not happening
+ unless more than 1024 milliseconds of RTT variance existed among
+ the servers. This was a good value for development and testing
+ but not for production use. The value is now 128 milliseconds.
+ No, this should not be a configurable in the boot file.
+
+23. I am including a file doc/FAQ which was posted to usenet as:
+ From: craig@ecel.uwa.edu.au (Craig Richmond - division)
+ Newsgroups: comp.protocols.tcp-ip.domains
+ Subject: FAQ: Setting up a basic DNS server for a domain
+ Date: 3 Aug 1993 10:53:51 GMT
+ Organization: The University of Western Australia
+ Lines: 1088
+ Message-ID: <23lg3v$1go@uniwa.uwa.edu.au>
+ Summary: Step by Step implementation of a DNS server
+ Keywords: FAQ DNS setup
+
+22. named-xfer now syslogs if the remote server's serial number is _lower_
+ than ours, which does seem like a bad thing. per@erix.ericsson.se
+ (Per Hedeland) sent this in.
+
+21. man/resolver.3 had a typo on the exp_dn argument to dn_expand. fixed.
+ (Steve Alexander <stevea@lachman.com> sent this in.)
+
+20. include/sys/cdefs.h moved to compat/include/sys/cdefs.h since some
+ systems have their own which must be used. the top-level makefile
+ must be edited if you are on one of these systems, since the default
+ CFLAGS includes this new directory as a -I directive. sys/bitypes.h
+ has also moved.
+
+19. A neccessary bug fix for ISI's VALIDATE/NCACHE code has been incorporated.
+ If you had to rebuild without these turned on in options.h to get your
+ CNAME lookups to work again in an earlier 4.9.2 ALPHA, you can turn them
+ on again now.
+
+18. The q_system field of the query structure has been removed in favor of
+ a q_type field containing bit definitions. The old PRIMING_CACHE magic
+ cookie is no longer used. Go to the end of the universe, do not pass go.
+
+17. Converted to ANSI C. All functions are static unless they are actually
+ needed outside the current module ("file" in C terminology); static
+ functions are declared with prototypes if they are forward-referenced.
+ Externally visible functions are declared in separate header files, with
+ prototypes. ns.h and db.h have been split into four new header files:
+ db.h -> db_defs.h db_glob.h db_func.h
+ ns.h -> ns_defs.h ns_glob.h ns_func.h
+
+ The *_defs files contain only structure and type definitions, and macro
+ definitions. Nothing that generates text or data space in the executable
+ is declared here.
+
+ The *_glob files contain only global variable declarations, which used to
+ be defined in the various *.c files in a more or less random fashion. The
+ declarations are "extern" if included from non-main()-containing files, but
+ are defined globally and given initial values in main()-ish files. This
+ reuse of the same declarations insures that the type and size declarations
+ match between definitions and external references to them.
+
+ The *_func files contains function prototypes for global ("extern")
+ functions. The prototypes are all optional so will not break non-ANSI
+ systems. Note that I don't have such a system any more so I may be wrong.
+
+16. Removed all remaining references to "short" or "long" that did not
+ depend on the vague semantics of those types. Most uses were actually
+ depending on a size of 16 bits for short and 32 bits for long, and there
+ are processors/compilers where each of these types is different. This
+ work was begun in 4.9 and is now complete. Note that some structs that
+ are used in large data structures use "char" for 8-bit integers. It helps.
+
+05Jul93 - ALPHA Released
+
+This is the cleanup release after 4.9. I'm going to try the TCSH style of
+logging the changes; let me know if you think it's a bad way of doing it.
+
+15. the resolver now includes an implementation of RFC 1101, which allows
+ network names to be encoded in the DNS tree rather than in /etc/networks.
+ this implementation is by rps@matuc2.mat.uc.pt (Rui Pedro Mendes Salgueiro)
+ i put the test program and original documentation in contrib/rfc1101/. i
+ would like to see their main.c ("nettest") turned into a tools/nettest,
+ but i'm not willing to do the work myself. it needs a man page, etc.
+
+14. as expected the initial HS zone transfer stuff didn't work that well.
+ thanks to <per@ericsson.se>, retries after failed SOA queries will use
+ C_IN rather than falling through to C_HS inappropriately.
+
+13. ns_init.c was fcntl(SETFL)'ing in a destructive way. it now does a
+ fcntl(GETFL) to get the old option mask and then |'s in the new flag.
+ this patch came from Eduard Vopicka <Eduard.Vopicka@vse.cz>.
+
+12. there are two new conf/Info.* files; check 'em out.
+
+11. ultrix (some versions, especially the vax ones) libc.a had some bad
+ naming conventions for some resolver routines. getshort/putshort just
+ have to be real functions, not just macros, or you can't link anything
+ with this resolver. patch was sent by <aas@brain.physics.swin.oz.au>.
+
+10. sethostent(x) for host files was sticky for nonzero 'x' (avalon@anu.edu.au)
+
+9. hp9000s700 is now supported in include/arpa/nameser.h (avalon@anu.edu.au)
+
+8. statistics dumps now print the time in decimal-seconds-since-1970 in
+ addition to the old "ctime" format, for ease of debugging. (Peter Koch).
+
+7. systems with 14-character filename limitations have apparently been
+ having trouble in named-xfer since its temporary file names are bigger
+ than they can handle. ash@hp sent in some patches a while ago, enabled
+ with SHORT_FNAMES in conf/options.h, to deal with this appropriately.
+ We should probably just generate short names always.
+
+6. Some security stuff from ISI. According to Anant Kumar <anant@isi.edu>:
+
+ The validation procedure is the major change here. Currently, we
+ accept anything from a server, as long as we had asked it a question.
+ This implies that a malicious server can really send us any data and
+ we not only pass it on, we also cache it for as long as the TTL
+ holds. This can be really bad for our health and for that of those
+ who use the DNS.
+
+ We add this procedure to verify for each RR returned by a server
+ that it is indeed authoritative for either that zone, or for a
+ parent zone. We end up trusting the root servers for everything!
+ Also, the more rich our cache is the more choosy we become about the
+ data we add on to it. This stuff is all ifdef'd with "#ifdef VALIDATE"
+
+ The negative caching stuff adds on a d_rcode field to the databufs.
+ Any positive entry now shows a NOERROR there while negative entries
+ have either a NXDOMAIN or NOERROR_NODATA. NOERROR_NODATA rcode is
+ never returned. It is used only to differentiate, within the
+ internal database, between negative and positive entries. We use the
+ regular hash table (hashtab) to store negative entries, too. Only
+ authoritative answers are negative cached, for NTTL (parameterized,
+ currently 10 minutes) seconds. Non-authoritative NXDOMAINs or
+ NOERROR with zero RR count, now generated, are now accepted but
+ never cached. This is ifdef'd with "#ifdef NCACHE".
+
+5. "make install" now has a prayer of working for the man pages. an observation
+ was made that net2++ systems _require_ formatted "cat" pages and that older
+ systems are _able_ to use them, so that's all we install.
+
+4. i wrote man pages for named.reload, named.restart, and named-xfer. these
+ were actually in 4.9.1 for 4.4BSD.
+
+3. unneeded functions in compat/lib will now generate placeholder symbols, to
+ make sure that the linker doesn't generate ugly-but-harmless warnings.
+
+2. my ignorance of the true meaning of _POSIX_SOURCE has been corrected,
+ along with the ugly-but-working code in conf/portability.h and elsewhere.
+
+1. non-resolver routines moved from res/ to compat/lib/. this will shorten
+ libresolv.a and make it easier to integrate new BIND releases into Net-2
+ descendents such as 4.4BSD and BSD/386.
+
+4.9.1 ------------------
+
+This is the integration of the changes that were made for 4.4BSD. This
+release will not be published. Changes include:
+
+doc/BOG/*: many changes to improve appearance of the output, including
+ orphan-avoidance and better tab stops. Sent to me by someone on
+ the net who deserves thanks but I've lost the original mail. Oops.
+
+include/*: the CSRG people weren't entirely pleased with the interface
+ changes i made to the res_*() and inet_*() functions. in particular,
+ the changes from "long" to "u_int32_t" were too sweeping in their
+ opinion since Posix is already working on standardizing them and
+ might look unkindly on an apparently-still-evolving interface. also,
+ the possibility that all the vendors will change their implementations
+ to match the new interface is apparently rather dim. therefore most
+ externally-visible occurances of the int32_t type have been changed
+ back to "long" in the resolver interface. we believe that this should
+ still be portable to Cray and AXP machines, but i'll wait to hear from
+ someone who can actually try it out and let me know.
+
+tools/*: the "net2" version of "lex" requires some additional flags and libs,
+ and this had implications for the Makefiles and the dig.c source file.
+ nslookup's man page is now in man/ rather than tools/nslookup, for
+ consistency.
+
+named/*: last-minute 4.9-FINAL changes to named-xfer.c and db_load.c resulted
+ in corruption of TXT records on zone transfers, and a high number of
+ useless syslog(SYS_ERR) messages about zones already being up to date.
+ these last-minute changes have been massaged into better shape and are
+ now a lot readier for prime time than they were. a lesson was learned.
+
+ the inet_aton() function is now used where appropriate, rather than the
+ old inet_addr(). this is just an evolutionary move that should have no
+ practical implications. bad addresses in the "tcplist", "bogusns", and
+ "sortlist" directives (from named.boot) are now syslogged.
+
+ some open files are still inherited by named-xfer from named, but they
+ are properly closed now.
+
+ the SIGXFSZ signal is now accepted as an alias for SIGHUP, in support
+ of the wierd DEC Hesiod implementation. no practical significance.
+
+res/*: one important bug fix in the gethostent() stuff, and a whole bunch of
+ evolutionary include file changes.
+
+include/*: include/sys was moved to compat/include/sys, since systems that
+ do not need it really really really need to get their own instead.
+ at some point i'm going to move the res/*.c files that are needed for
+ compatibility but not really part of the resolver, into compat/lib.
+
+general: there are more settable parameters in the top-level Makefile, and
+ they are propagated downward into the subdirectories' Makefiles. you
+ should not have to edit any Makefile except the top-level one. Note
+ that "make links" still creates local Makefiles in the build directory
+ because "mkdep" still edits the Makefiles on most systems.
+
+4.9-FINAL -------------------
+
+Kevin Dunlap sent in some changes for the BOG. So did a lot of other folks.
+
+Someone asked about AXP-OSF, so I did a trivial 64-bit port. Porting to
+other 64-bit systems should be simple now. Someone also sent in some MIPS
+RISCOS portability changes, which were simple and therefore were put in.
+Note that some type names have been added to BSD 4.4 as a result of this
+work; they are going to be in <sys/types.h> in BSD 4.4 but they are in a
+local include file called <sys/bitypes.h> in this distribution, with
+appropriate #ifdef's in the include files that depend on them. Those of you
+who are porting to 64-bit platforms where "long" isn't 32 bits should be
+using these new names for your types; there was no standard before this,
+but the names we've added for BIND 4.9 and BSD 4.4 are going to be proposed
+to Posix at some point. Sometimes it's just not OK for "int" to be the
+"natural integer size of the machine" and you just _have_ to tell the compiler
+how many bits you want.
+
+The NIC added a new root server, thus pushing the size of a nonauthoritative
+root server response (which includes the root server list in the answer as
+well as the authority sections) over the 512-byte limit. This showed up a
+long-term BIND bug wherein it failed to set the TC ("truncation occurred")
+bit if truncation occurred anywhere but the answer section. Since truncation
+was occuring at the end of the packet, in the additional data section, this
+meant that BIND was generating truncated responses without setting TC in the
+response header. Upon further investigation, I found that BIND ignored TC
+on responses it received from other name servers. RFC 1035 states that RR's
+from truncated responses should not be cached; with creative interpretation
+of the exact 1035 wording, I found a way to reach this goal while still
+caching the answer section (as long as the truncation occurred in some other
+section, which 1035 gives no definitive way to determine but I'm happy with
+my guess).
+
+While researching the above, I finally broke down and added credibility
+output to the zone dump files. They are in the comments so should cause
+no trouble. There's more work to be done on the dump output; in particular,
+Phil Almquist proposed and even prototyped a "tagging" of all RR's with the
+A RR of the nameserver that sent them to us; this feature should be added
+and the dump output should include it. This would add a lot to our ability
+to track down corrupt data.
+
+Don Lewis and I had more discussions about TC and ended up agreeing that the
+right thing to do is to set TC on responses that overflow in the answer or
+authority section, truncating at an RR boundary, but do not set TC on responses
+that overflow in the additional-data section (truncating at a {name,type}
+boundary). This actually solves the root server problem pretty well, since
+BIND 4.9 will, when it tries to use an NS whose A isn't in the cache, generate
+a sysquery() for the missing A. (Heck, additional data TTL's are depreciated
+at the rate of 5% per use, so this would end up happening pretty quickly even
+if we did cache a partial {name,type} -- but now we won't have to.)
+
+While trying to fix all of this stuff I ended up moving some functions around
+to avoid duplicating them in different source files, and I reformatted some
+source lines that went over 80 characters. I also made a few things "static"
+that used to be unneccessarily global. More of that will happen in 4.9.1.
+
+DEC's product version of MIT Hesiod uses SIGXFSZ for what we do with SIGHUP;
+since the default for SIGXFSZ is to exit, it seemed prudent to wire it up to
+do what SIGHUP does instead, so that this BIND can run on DEC Hesiod servers.
+
+At the request of several people, I integrated the USC "dig" and Rutgers
+"host" tools into the distribution. This required some changes to the
+resolver library's debugging output formats, which will be visible in
+nslookup, nsquery, and any other tool that sets the RES_DEBUG option.
+Note that there is no support for "DEFNAMES" in this version of dig, due
+to design changes between 4.8 (from which "dig" is derived) and 4.9. there
+is no reason in principle why it can't be made to work, but it doesn't work
+now. therefore only fully-qualified names can be looked up with this "dig".
+
+I had to change the name of the resolver "state" structure to be "__res_state"
+for standards conformance (really, it is not reasonable to expect that because
+a program includes <resolv.h> it will never define its own structure called
+"state". This change highlights the imperative that any application which is
+relinked against this resolver must first be recompiled against these include
+files (notably <resolv.h>). This is true for almost all versions of libresolv.
+
+I asked for items for the "TODO" list and got quite a few. Check them out
+before you hack; someone else may already have started doing what you want to
+do. I also asked for tools for the "contrib" subdirectory and got 650KB worth.
+They make the BIND 4.9 distribution a lot larger than 4.8.3 was, but the extra
+bytes are well worth their weight.
+
+Kenneth Almquist (no relation to Phil, as far as I know) posted a patch for
+res_send() that lets it keep track of servers that are responding "SERVFAIL"
+or some other fatal condition; these servers are NOT used for retries of the
+current query. This information is not persistent between calls to res_send()
+since future calls will probably be for different {name,type} queries, which
+will not neccessarily fail in the same way. This change is trivial and makes
+a measurable difference in the amount of DNS traffic on my local net.
+
+4.9-BETA ------------------- April 17, 1993 -- Paul Vixie -- DECWRL
+
+"Peter Koch" <pk@TechFak.Uni-Bielefeld.DE>'s previous patch caused core
+dumps on some systems. I fixed part of it and Peter sent me a fix for
+the rest of it. All is now well.
+
+The Bind Operations Guide in doc/BOG has been updated to 4.9. Also, the
+man page in man/named.8 has had some patches applied. The copyrights are
+all fixed now. Let's get this thing OUT of here!
+
+4.9-ALPHA ------------------- March 15, 1993 -- Paul Vixie -- DECWRL
+
+There was a really bad bug affecting wildcards. I received a patch
+from "Peter Koch" <pk@TechFak.Uni-Bielefeld.DE> which fixes some of
+it, but I can't quite motivate myself to fix the rest of it since I
+know that what's _really_ wrong is going to require chainsaws and
+dynamite to fix and that'll add another year to the release. I think
+that this patch will hold us for a while.
+
+There are a LOT of portability changes that I'm holding onto, especially
+including 64-bit fixes. Do not submit any more portability changes
+until 4.9.1 opens. Go ahead and make them, but be prepared to remake
+them later. Let me know what you are doing but don't send me any diffs
+for portability until I ask for them. 4.9 has been stuck in the barrel
+for way too long already -- patches that don't fix RFC-noncompliance or
+core dumps will just go into my "todo" folder (which is presently a
+black hole of great mass).
+
+4.9-ALPHA ---------------- Febrtuary 2, 1992 -- Paul Vixie -- DECWRL
+
+Mostly portability fixes. The nslookup "lex" problem is BSDI-specific
+and I'm not going to hold up release because of it. This will be the
+last alpha release before the public beta. It is, as usual, running
+the DEC.COM primary name service and has done so for more than a week
+without any problems.
+
+4.9-ALPHA ---------------- January 10, 1993 -- Paul Vixie -- DECWRL
+
+Once I get the known bug in nslookup (see below) fixed, this version is going
+to go into public beta. I would appreciate it if everyone would try it out.
+
+KNOWN BUG IN THIS RELEASE: something wild is going on inside of the yylex()
+routing on BSD/386 systems. It only affects nslookup. I'm still trying to
+figure out how I'm going to debug this; lex experts, please see what's going
+on. None of the changes since the 930105 release should have been capable
+of producing this change, but something is sure doing it.
+
+I finally fixed the {GET,PUT}{SHORT,LONG} macros to stop issuing warnings
+on HP-UX systems. They are also warning-free on Ultrix(SPIM,VAX), BSDI(386),
+and SunOS(SPARC) systems. I took the plunge and changed the internal functions
+in res/res_comp.c to depend on these macros instead of duplicating the code,
+and everything still works.
+
+Tom Limoncelli found three ancient memory leaks. I fixed two of them
+but the last one looks too much like a "cannot happen" for me to be
+willing to experiment with it. Besides which, it's "very" minor.
+
+Uses setsid() on POSIX systems. PID file is now optional. (arc@sgi)
+
+Comments (";" or "#") are now allowed in resolv.conf (arc@sgi).
+
+Documentation and copyright changes in README.
+
+Known to compile on NeXT machines.
+
+Some portability changes for AIX, whose CC is very picky.
+
+I forgot to mention in the 921227 release that T_RP is supported (arc@sgi).
+
+I included a number of changes that Alan Barrett has been trying to get
+in since the 921221 version. Most are portability-related, and the few
+things that are functional are changes to my own previous additions :-),
+so I'm fairly sure that they are doing the right thing. Alan's changes
+include:
+
+ include/arpa/nameser.h
+ improved error diagnosis in the BYTE_ORDER configuration.
+
+ changed hp9000 test to hp9000s300. As far as I know, there is
+ no hp9000 preprocessor symbol. Should probably add other
+ hp9000s<whatever> tests, but have not done so.
+
+ named/ns.h
+ Moved the XFER-related stuff from the end of the file to near
+ the top, where it is grouped with similar stuff.
+
+ Makefiles:
+ Add SYSLIBS variable, so folk can compile with -lBSD easily.
+
+ Changed install targets to make them easier to customise.
+
+ make links wasn't handling named.{reload,restart}*
+
+ Add ${CDEBUG} flag to link step. Some debuggers don't work
+ right if the program isn't linked with the -g flag.
+
+ struct timeval members are declared as unsigned long on some systems.
+ Add casts to (long) in several if statements that appear to assume
+ that tv_sec is signed.
+
+ PID_FIX in ns_main.c controlled more than just whether or not the
+ pid file gets fixed.
+ Changed it to control only that one feature.
+
+ For debugging, it is useful for a nameserver to listen to non-standard
+ port, but to forward requests to a standard port.
+ Add "-p remote/local" option to named/ns_main.c.
+ Also needed some other changes elsewhere.
+
+ Don't forward back to the host that asked us a question, unless they
+ asked from some port other than their nameserver port. This allows a
+ dig or nslookup user on a host to ask us questions with
+ recursion-desired, where we are willing to recursively ask the
+ nameserver on their host. However, if a nameserver asks us something
+ we will not recurse back to them.
+ nslookup() in named/ns_forw.c checks for this and returns -1.
+ ns_forw() and sysquery() notice this and return SERVFAIL.
+
+ Moved the nsContainsUs functionality from a separate routine
+ into nslookup(). No need to do the same tree walk several times.
+
+ While trying to track down various problems, added detection
+ and logging of errors in several syscalls in ns_main.c.
+
+ Avoid integer overflow in roundtrip time calc in ns_resp.
+ This needs a definition for INT_MAX.
+
+ Fixed root zone transfer bug. Also corrected some slightly misleading
+ comments in the doaxfr() code, and added some more comments.
+
+4.9-ALPHA ---------------- January 5, 1993 -- Paul Vixie -- DECWRL
+
+This one was built and tested on Ultrix 4.2 (SPIM, MIPS CC and GCC),
+BSD/386 (Gamma.4), Sun SPARC (4.0.3, sorry, that's the latest I have),
+4.3BSD Reno (VAX, PCC), and Ultrix 3.0 (VAX PCC).
+
+Moved res/defs.h to conf/portability.h; named/options.h to conf/options.h.
+
+Portability changes for O_NDELAY. SUNOS is really strange about this.
+
+Removed some unneccessary goto's added to ns_main.c on 1jan. Oops.
+
+Art Harkin of HP sent in a number of small (read: obviously correct)
+improvements, some related to portability, some to functionality.
+
+4.9-ALPHA ---------------- January 1, 1993 -- Paul Vixie -- DECWRL
+
+Changed all O_NONBLOCK to O_NDELAY. Changed all {r}index to str{r}chr.
+
+Added some SysV support in the form of bcopy->memcpy, bzero->memset.
+
+Added C_HS support to named-xfer (greg@duke.cs.unlv.edu).
+
+Fixed a line-number problem in asp's "include" logic (asp@uunet.uu.net).
+
+streamq's were being used after free(). bug report from fuat@ans.net
+and jpe@ee.egr.duke.edu. bug fix by vixie.
+
+In the resolver, we now default to address 127.0.0.1 rather than 0.0.0.0.
+There's a comment in the code that explains why.
+
+In the resolver, arc@xingping.esg.sgi.com changed it to use inet_aton()
+and included that function for those not running 4.4bsd.
+
+arc@xingping.esg.sgi.com also provided lots of portability fixes and
+general cleanups, in particular to nslookup which he maintains for CSRG.
+
+4.9-ALPHA ---------------- December 27, 1992 -- Paul Vixie -- DECWRL
+
+Added strtoul() to libresolv.a since it's yet another neccessary function
+that older systems don't have. If we can stomach strcasecmp() we can sure
+handle this.
+
+Moved res/named/gethostnamadr.c to res/gethnamaddr.c (note basename change)
+and res/named/sethostent.c to res/sethostent.c. Since the host table stuff
+isn't in separate files any more I saw no reason to retain the subdirectory.
+
+Updated all the copyrights and applied the small lint changes that bring
+the baseline of this version from "4.8.3 as seen on ucbarpa" up to "4.8.3
+as released with net-2". Thanks to the alpha testers for pointing this out
+to me and for sending in the diffs.
+
+With much howling and screaming, I ported this to UMIPS (MIPS System V).
+There are a lot of really bad things going on in their libc.a, and now
+they're going on in BIND as well.
+
+I added a "res/defs.h" file and then proceeded to include it from all kinds
+of files that aren't in res/. I'm thinking of moving it but I'm also trying
+to figure out where -- include/ is the wrong place. res/defs.h has in it all
+the ugly ifdef's needed to figure out whether this is a late-model BSD system,
+a POSIX system, or just old.
+
+All the "#endif" and "#else" cpp directives now have comments around their
+annotations. It turns out that System V CPP complains about "#endif DEBUG"
+but has no problem with "#endif /*DEBUG*/". In many cases where the #ifdef
+was obviously visible and unambiguous, I simply removed the annotation.
+
+The "l" is now a ";". Thanks to all who replied :-).
+
+There was a very bad bug in the named-xfer interface. 'nuff said.
+
+AIX needs a 32-bit field for PID's. I can't imagine. But it's fixed.
+
+The "domain" directive in named.boot is now an option, defaulting to off.
+
+There was a benign bug in sqrm().
+
+doaxfr() is now shorter and clearer.
+
+There is an "include" directive in the named.boot file now. Its syntax is
+simple: "include somefile". No quotes, no "#", no <brackets>. This feature
+was in 4.9-ALPHA as well, courtesy of Andrew Partan. I forgot to document it.
+
+4.9-ALPHA ---------------- December 21, 1992 -- Paul Vixie -- DECWRL
+
+This release incorporates fixes from a lot of people, including many from
+DECWRL. Some fixes are just lint; some are to avoid dumping core on non-VAX
+computers; many are to fix promiscuity, corruption, and rudeness.
+
+Various internal DEC programmers have ported the old 4.8.3 code to various
+not-entirely-BSD-like platforms and turned up some interesting lint. All
+of this has been fixed. Also, we fixed a bad bug in the handling of timeouts
+and SERVFAIL's when forwarders and slave are both used.
+
+I have made major changes to the code inside the ALLOW_UPDATES ifdef's, but
+I don't use it and have never compiled with that option turned on so I don't
+know if it still works. Given that SNMP has come and there is an IETF WG for
+SNMP management of the DNS, I am thinking very seriously of purging all of the
+ALLOW_UPDATES code in 4.9.1. I suspect that Mike Schwartz will let me know if
+this is ok..
+
+(interrim "KJB" notes) ------------------- March, 1992 -- Paul Vixie -- DECWRL
+
+If we are about to forward a query for some zone for which we are one of the
+servers, we send back a SERVFAIL instead. If we don't have it, chances are
+good that the other name servers won't have it either. This is the major
+cause of "network meltdown" when the root servers declare you as a name server
+for some zone you don't know about and havn't configured yourself for.
+
+Fixed a memory leak such that if db_update() fails to update the database
+from a response packet, a databuf will no longer be orphaned. Also fixed
+what looks like a similar leak in the ALLOW_UPDATES code but I don't use it
+that hasn't been tested.
+
+Fixed a memory sponge such that if we forward a query to someone who is not
+ever going to answer it, we will eventually expire it from our query queue.
+Previously it would expire after N retries to N' different servers, which
+could be a very long time. Particularly in the case of lame delegations and
+other forwarding loops, we feel that 90 seconds (two max-retry intervals) is
+enough time for a query to be answered. While we were into this code we made
+several fields in the query structure into "short"'s since they were only
+being used to store smallish integers. The query list gets Very Long during
+a forwarding loop -- even 90 seconds worth of queries is a lot of queries.
+
+This version includes my hacks that assign a "credibility index" to each
+<name,type> such that when more credible data arrives for a given
+<name,type>, all old data is purged. When equally-credible data arrives it
+is aggregated in the way we all know and love; when less credible data
+arrives it is completely ignored. Credibility, from best to worst, is:
+ 1. zone files (primary or secondary)
+ 2. authoritative answers
+ 3. non-authoritative answers and authority records
+ 4. additional data
+ 5. zone files ("cache" or "bootstrap" information)
+You need this version of bind if you still show any A RR's in network
+32.0.0.0 when you look up uucp-gw-1.pa.dec.com's A or adobe.com's NS.
+
+I have also added some extra code to prevent pollution of the internal
+"hint cache." In all versions of BIND that I was able to test, any IN_A
+response to any sysquery() would cause the IN_A RR to be added to the
+fcachetab ("hint cache"). This resulted in lots of extra cruft in the hint
+cache, that wasn't timed out properly, which in turn resulted in lots of
+strange answers ('nuff said, take my word for it.)
+
+Though changes have been made to make the Ultrix and GNU (2.1) C compilers
+stop complaining about the source, it should still compile and run just
+about anywhere. In fact, after I cleaned up lots of old lint, this version
+of BIND is known to compile and run on:
+
+ Ultrix 4.2 (MIPS or VAX)
+ SunOS 4.0.3
+ BSD/386 (BSDi beta)
+
+This was being released as King James Bind because, like KJ Sendmail, it is
+a merge of every major variant of Bind that we know about. It was
+assembled and tested by Paul Vixie of DEC NSL/WRL, with generous donations
+of code and advice from Win Treese of DEC CRL. Changes from Don Lewis of
+Harris, Andrew Partan of UUNET, and Piet Beertema of EUNet are also included.
+See the OPTIONS file for a description of the changes you can control with
+#ifdef's.
+
+This server has been run on UUCP-GW-{1,2}.PA.DEC.COM, which are in the UUCP
+Zone. Our named.boot file has ~1900 lines in it. Before we instituted the
+changes in this release, our name server usually ran at about 16MB virtual,
+15MB physical, growing slowly but constantly until we restarted it.
+Whenever a new zone was added to the NIC's root zone listing us as a name
+server, our servers would kill themselves and eachother (and NS.UU.NET, one
+of the other UUCP Zone name servers) with forwarding loops. After these
+changes, we run at a fairly constant 8MB virtual and physical size, and our
+apparent CPU utilization is always 0.0% since we never finish a quantum and
+the scheduler always sees us as waiting for I-O. In other words, life is good.
+
+Notes from UCB version 4.8.3 follow:
+
+-------------------
+
+This is version 4.8.3 of bind. It is a test release that updates
+versions 4.8 and 4.8.1 with fixes, and is essentially the same as
+the version of named on the 4.3BSD Reno release. Although it is
+currently described as a test release, it is believed to be reasonably
+stable and more usable than the previously-released versions.
+Here are some of the more important changes:
+
+ o A list of domains may be specified for searching in resolv.conf instead
+ of just the local domain name.
+
+ o gethostbyname() will accept a dotted quad.
+
+ o Support has been added for the the T_TXT data type and for the class
+ C_HS. These are both used by Hesiod from Project Athena at MIT.
+
+ o All of the pathnames have been put into one header file. This
+ makes it easier to change the location based upon your local
+ configuration.
+
+ o Responses are only accepted from an address to which we might of sent
+ the request. This might cause problems if some server is multihomed
+ and is still running BIND 4.3, but it prevents attacks induced by
+ sending responses from another address.
+
+ o Numerous bugs have been fixed: Adding a new authoritative zone now
+ works when the server has a cached SOA record. Comparisons in the
+ db now look at type and class as well instead of dropping records
+ with identical data. Scheduling of maintenance interrupts has been
+ moved to one routine avoid spurious ones. Named goes into the background
+ after more of the initialization is done. Stream connection queue
+ handling was cleaned up including a bug that caused data corruption
+ and core dumps. Sys5 no longer can have multiple transfers of the
+ same zone occuring at the same time. Handle CNAME -> CNAME loops
+ more gracefully. Avoid making one server never get queried. Border
+ conditions in resolver are checked more accurately.
+
+ o Nslookup has been updated.
+
+There are several bug reports that have yet to be integrated into this
+version. Hopefully they will be dealt with in the next release. Please
+send feedback on this release.
+
+Notes from versions 4.8.1 and 4.8 follow:
+
+------------------
+
+This is version 4.8.1 of bind. It is a test release that includes
+version 4.8 with fixes, asynchronous zone transfer and better reload
+capabilities. Although it is currently described as a test release,
+it is believed to be reasonably stable and more usable than the currently-
+released version, 4.8. The changes of note are:
+
+ o The asynchronous zone transfer code previously posted to the bind
+ mailing list has been integrated, completed and tested. There are
+ a number of changes from the version posted, including fixes to
+ allow top-level domains to work and a simplification of the timer
+ code.
+
+ o The code for reloading the server has been changed so that only
+ primary zones master files that have changed are reloaded. The
+ cache and secondary zones are not flushed, and the sortlist, domain,
+ etc. are reset to correspond to the boot file contents.
+
+ o Several bugs have been fixed: the name "*" is not interpreted as
+ a wildcard in cached zones, only in primary zones. Secondary servers
+ no longer decrement the time-to-live of records by the time since
+ they verified the zone with the master; as a result, they never
+ hand out nameserver referrals with too short a TTL to be usable.
+ A bug was fixed that caused secondary servers with out-of-date
+ zones to return empty answers between the actual expiration time
+ and the next timeout.
+
+There are several other bugs that have been reported but have not yet
+been fixed. In addition, the next regular release of named will
+support negative caching, but this has not been integrated.
+
+I would appreciate receiving feedback on this release; in particular,
+problems (or lack of problems) when installing on various systems.
+I attempted to update the SysV code when integrating the zone-transfer,
+but haven't tested it.
+
+The notes from version 4.8 follow.
+
+----------
+Welcome to version 4.8 of bind.
+
+There have been several changes to the named boot file (/etc/named.boot)
+of which you should be aware. The "domain" line for each zone is no longer
+needed, but one such line may still be used to specify a default domain
+to be used for queries containing names with only a single component.
+The term "suffixes", which was added in version 4.7alpha, has been removed.
+
+The manual page on named (named.8) has been updated to reflect all
+these changes. Please read this and look at the example files
+before installation. You should also note the changes in the
+resolver code to support non-fully-qualified addresses and per-user
+host aliases. See hostname(7) for an overview. Two new routines
+have been added to the resolver library since the last test release:
+res_query formulates a query, sends it, waits for a response and does
+preliminary error checking; res_search implements the search rules
+of gethostbyname using res_query.
+
+The MX lookup routine in sendmail has been modified to use res_search.
+Also, dn_skip takes an additional parameter and has been renamed
+to dn_skipname. While old sendmail binaries will work with the new
+version of bind, because of these changes, it is desirable to install
+new sendmail sources and recompile sendmail. Do not rebuild sendmail
+from old sources. The new sendmail is on ucbarpa.Berkeley.EDU for
+anonymous FTP from pub/4.3/sendmail.MX.tar and pub/4.3/sendmail.MX.tar.Z.
+
+There have been numerous changes to named, fixing most of the known
+bugs that can be fixed without major structural changes in the server.
+Several server configurations that failed before should now work.
+Certain robustness problems have been fixed, in particular bounds-
+checking when processing incoming packets. Two changes have been made
+in preparation for negative caching: SOA records are sent in the authority
+section in negative responses with NXDOMAIN set, and a bug was fixed that
+caused confusion and repeated requests if a response had no error, no answer
+and an SOA in the authority section. As such responses are already sent
+by other servers, and will be sent by the next release of BIND, it is
+important that all sites upgrade to this version as quickly as possible.
+
+The root "hint" cache and cache file remain the largest problem area,
+along with named's naivete in accepting bogus server's data.
+These will be addressed in the next release, along with asynchronous
+zone transfers, intelligent reloading of zone files, faster startup,
+and caching of negative responses.
+
+This version (4.8) will replace the last officially released version (4.5).
+Version 4.5 has a serious bug that causes the generation of a continuous
+stream of bogons to the root domain servers (bogus queries with the query
+response bit set and possibly garbage for nsid and rcode). It is imperative
+that these versions of named be replaced as fast as possible. We urge you to
+field 4.8 quickly, for the sake of the root domain servers.
+
+ Mike Karels
+ Jean Wood
+ bind@ucbarpa.Berkeley.EDU
+
+## ++Copyright++
+## -
+## Copyright (c)
+## The Regents of the University of California. All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted provided that the following conditions
+## are met:
+## 1. Redistributions of source code must retain the above copyright
+## notice, this list of conditions and the following disclaimer.
+## 2. Redistributions in binary form must reproduce the above copyright
+## notice, this list of conditions and the following disclaimer in the
+## documentation and/or other materials provided with the distribution.
+## 3. All advertising materials mentioning features or use of this software
+## must display the following acknowledgement:
+## This product includes software developed by the University of
+## California, Berkeley and its contributors.
+## 4. Neither the name of the University nor the names of its contributors
+## may be used to endorse or promote products derived from this software
+## without specific prior written permission.
+##
+## THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+## ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+## ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+## FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+## DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+## OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+## OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+## SUCH DAMAGE.
+## -
+## Portions Copyright (c) 1993 by Digital Equipment Corporation.
+##
+## Permission to use, copy, modify, and distribute this software for any
+## purpose with or without fee is hereby granted, provided that the above
+## copyright notice and this permission notice appear in all copies, and that
+## the name of Digital Equipment Corporation not be used in advertising or
+## publicity pertaining to distribution of the document or software without
+## specific, written prior permission.
+##
+## THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
+## WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
+## OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
+## CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+## DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+## PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+## SOFTWARE.
+## -
+## --Copyright--
diff --git a/usr.sbin/named/OPTIONS b/usr.sbin/named/OPTIONS
new file mode 100644
index 0000000..ccc5e27
--- /dev/null
+++ b/usr.sbin/named/OPTIONS
@@ -0,0 +1,411 @@
+OPTIONS
+ Original: Paul Vixie, 28Mar92
+ Revised: $Id: OPTIONS,v 8.5 1995/12/29 21:08:13 vixie Exp $
+
+Options available in this version of BIND are controlled by conf/options.h,
+rather than by $(DEFS) in the Makefile. The options are:
+
+DEBUG (origin: U C Berkeley)
+ enables the -d command line option, and allows SIGUSR1 to increment
+and SIGUSR2 to clear the internal variable "debug", which in turn controls
+hundreds of fprintf()'s out to /usr/tmp/named.run.
+ you probably want this. it makes the binary bigger but not slower (or
+at least not much slower), but SIGUSR[12] are the only way you'll track down
+misconfigured name servers that hose you down with billions of bogus requests.
+ you may need this, it is on by default.
+
+ALLOW_T_UNSPEC (origin: MIT Project Athena)
+ enables the "unspec" RR type for ancient Athena software that does not
+know about TXT RR's.
+ you probably do not care about this, it is off by default.
+
+ALLOW_UPDATES (origin: Mike Schwartz, University of Washington)
+ enables "dynamic updates", described in "doc/DynamicUpdate". this lets
+you update named's in-memory database on the fly if you have the right client.
+there is absolutely no security around this; if you enable it, anyone who can
+reach your server can update your database.
+ this code doesn't compile any more and will be removed shortly.
+
+INVQ (origin: U C Berkeley, with #ifdef's by Paul Vixie)
+ enables "inverse queries", which in all of the internet only one
+client ever uses: ancient nslookup. if you build named with INVQ defined,
+you get the time-honored behaviour of supporting this whole class of queries
+for no real purpose other than to waste a few hundred kilobytes of your
+memory and about 3% of named's total CPU time. if you build with INVQ
+undefined, old nslookups will not be able to reach your server in their
+startup phase, and you will have to use the "server" command after it fails
+over to some other server, or use "nslookup - 0" to get in from the shell.
+ you probably do not want this.
+
+DSTORAGE (origin: U C Berkeley, with #ifdef's by Paul Vixie)
+ enables a malloc-debugger that checks for overruns on both ends of
+each allocated block of memory. used when debugging since C has no bounds
+or type checking.
+ you probably do not want this, it is off by default.
+
+DMALLOC (origin: Paul Vixie of Digital)
+ enables a malloc-debugger that traces all allocated blocks of memory
+such that SIGIOT's output (see STATS option) includes a list of all mallocs
+in the program, how many times each has been called, how many blocks of memory
+allocated by that malloc are not yet free, and how many bytes they use up.
+under each one will be a list of each free/realloc that has deallocated a block
+of that malloc's memory, and how many times it has done so.
+ this is extremely helpful for finding memory leaks. as such, you
+probably do not want this unless you are debugging named.
+ you probably do not need this, it is off by default.
+
+XFRNETS (origin: Paul Vixie of Digital)
+ enables the "xfrnets" command in named.boot. this has the same
+syntax as "forwarders" and "sortlist" -- that is, a list of dotted quads.
+each one is a network (16.0.0.0 and 130.180.0.0 are examples) or a host.
+if you put any xfrnets commands into your named.boot, then zone transfers
+will only be honored if they come from inside one of the specified
+networks. this is very useful if you want to keep people outside from
+being able to trivially map your entire network, but it doesn't stop them
+from iterating so it's more annoying than secure.
+ this feature was once called "tcplist" out of ignorance on my part,
+but with advice from phil almquist i decided to rename it "xfrnets" and make
+it only control zone transfers -- previously it controlled all TCP connections
+which made certain TCP-only resolvers unable to use our servers. the "tcplist"
+syntax still works; it is a synonym for "xfrnets".
+ it is also nice if you want to keep the outside world from making your
+nameserver fork and swap trying to do unauthorized zone transfers. if you have
+large zone files or use BIND for TXT records you will find this useful.
+ you probably want this, it is on by default.
+
+PID_FIX (origin: Don Lewis of Harris)
+ tells named that if it starts up but can't keep going because another
+nameserver is already running (and sitting on the server port), it should
+put the /etc/named.pid (/var/run/named.pid) file back the way it found it.
+ you probably want this, it is on by default.
+
+FWD_LOOP (origin: Don Lewis of Harris)
+ tells named that if you list any of your own IP addresses in a
+"forwarders" command in your named.boot file, you should be scolded.
+ you probably want this, it is on by default.
+
+NO_GLUE (origin: Don Lewis of Harris, and Andrew Partan of UUNET)
+ tells named-xfer that incoming zone transfers should be checked
+for "glue" that comes from a zone outside the zone being transfered, and
+comment this garbage out in the zone file so that when named reads in the
+zone file after named-xfer exits, the garbage will not be entered into the
+memory-resident database.
+ also tells named that when it is performing an outgoing zone
+transfer, it should not send any of these "glue" records.
+ you definitely want this, it is on by default.
+
+BOGUSNS (origin: Piet Beertema of EUNet)
+ enables the "bogusns" command in named.boot. this has the same
+syntax as forwarders and sortlist. any NS RR's that come in whose addresses
+are on the list of "bogusns" addresses will be ignored. this is the last
+resort when someone is bogusly advertising themselves as a root server.
+ just in case, though you won't use it often.
+ you probably want this, it is on by default.
+
+QRYLOG (origin: Bryan Beecher of UMich)
+ enables "query logging", such that SIGWINCH toggles tracing of all
+incoming queries. the trace is sent to syslog, and is huge, but when you
+need this you will need it bad and it does not slow named down or make it
+larger.
+ If you define QRYLOG you may also start up named in query logging
+mode by using the -q flag. If you do so you will probably want to analyze
+the logs produced, the dnsstats and lamers scrips (in the contrib/umich
+and contrib/lamers directories) will do it for you.
+ you probably want this, it is on by default.
+
+LOGFAC (origin: various people)
+ If you start up named with the -q flag you will be logging
+large amounts of data, and probably will not want them logged to the
+default logging facility, which is LOG_DAEMON. You will want to
+redefine LOGFAC, presumably to LOC_LOCALn (0 <= n <= 7). Remember to
+modify /etc/syslog.conf appropriately.
+ This only works on a system with a modern syslogd.
+ as such, it is on by default.
+
+YPKLUDGE (origin: Piet Beertema of EUNet)
+ certain versions of NIS/YP are capable of using the DNS for names
+that cannot be found in the YP servers. of these, certain versions can't
+tell the difference between a dotted quad and a domain name, and they send
+queries to the DNS for dotted quads as if they were domain names. if your
+named does not do anything special with these queries, they will end up
+getting forwarded to other servers, effectively hosing all of you down with
+endless useless network traffic. YPKLUDGE enables some checking in named
+that lets it catch these bogus queries and send back immediate errors.
+ If you run "ypserv -i" you definitely want this, as a malconfigured
+NIS server can cause DNS "flood" queries otherwise. Trust me.
+ this is off by default.
+
+TRACEROOT (origin: pma@cnd.hp.com and Bryan Beecher of UMich)
+ enables some checking in named for bogus root nameservers. This
+code has been in use at U-M for years, so it is pretty well tested, plus we
+have never been burned by the "bogus root NS scares" that have plagued the
+DNS off and on.
+ this feature people will very much want to use, it is on by default.
+
+LOCALDOM (origin: Berkeley)
+ if set, the "domain" directive is recognized in the named.boot file.
+this causes us to retry queries with the specified domain appended to the
+name if the first lookup fails. this is a very bad idea since a given name
+server will often be used by clients in more than one domain -- a name server
+should _not_ make any presumptions as to the "home domain" of a requestor.
+ you almost certainly do not want this, it is off by default.
+
+SLAVE_FORWARD (origin: pma@sdd.hp.com)
+ if set, "slave" servers behave in an arguably more-correct way. this
+is an experimental addition to BIND 4.9 that causes slaves to time out queries
+in 60/N seconds where N is the number of forwarders defined. previously a
+query would time out almost immediately, which caused a lot of unnecessary
+network traffic.
+ you probably want this, it is on by default.
+
+FORCED_RELOAD (origin: pma@sdd.hp.com)
+ if set, then when a HUP signal is received, all secondary zones are
+scheduled for serial-number comparison with the primaries. this has the effect
+that if you HUP your server, it will refresh any zones which have changed,
+even if those zones' refresh times have not been reached.
+ you probably want this, it is on by default.
+
+WANT_PIDFILE (origin: berkeley, parameterized by arc@sgi)
+ if set, a file called named.pid will be created in /etc or /var/run
+when the name server has started. this file can be used to send signals to
+BIND, as in "kill -HUP `cat /etc/named.pid`".
+ unless you are only on an SGI (where killall(1M) makes the pid file
+unnecessary);
+ you probably want this, it is on by default.
+
+DOTTED_SERIAL (origin: berkeley; parameterized by vixie)
+ if set, allows a somewhat arcane n.m syntax in the serial number
+field of an SOA. this is officially deprecated for 4.9; you should use
+straight integer values and find an encoding that does not depend on
+scaled-integer pseudodecimals. i suggest YYYYMMDDnn where YYYY is the
+four-digit year, MM is the two-digit month, DD is the two-digit day-of-month,
+and nn is a daily version number in case you change your serial number more
+than once in a day. this encoding will overflow in the year 4294 gregorian.
+ you almost certainly do not want this, but if you have old zone files
+lying around and you don't want to think your way through converting their
+serial numbers, this deprecated behaviour is available.
+ graciously, it is on by default.
+
+SENSIBLE_DOTS (origin: kagotani@cs.titech.ac.jp; parameterized by vixie)
+ if set, changes the semantics of an "n.m" serial number from
+ n*10^(3+int(0.9+log10(m))) + m
+to
+ n*10000+m
+ if you are using DOTTED_SERIAL in spite of its deprecated status,
+and you are interested in a more predictable and sensible interpretation of
+dotted numbers, then you probably want this.
+ it is off by default.
+
+VALIDATE (origin: USC/ISI)
+ enables a validation procedure to provide some security in an
+otherwise insecure environment. Any RRs are accepted from a server only if
+the server is authoritative over that domain. We consider a server
+authoritative (for validation purposes) for even the sub-domains that it has
+delegated to others. RRs are validated against the data we have in cache
+already. Invalid records are neither cached nor returned.
+ it is off by default because it is hopeless, and the code will all
+be ripped out of BIND in the near future.
+
+NCACHE (origin: USC/ISI)
+ enables negative caching. We cache only authoritative NXDOMAIN or
+authoritative NOERROR with zero RR count. Non-authoritative NXDOMAIN answers
+now contain NS records in the authority section. Non-authoritative NOERROR
+responses have no authority or additional records to differentiate them from
+referrals. They are cached for NTTL secs (currently 10 minutes) and are timed
+out when the ttl expires.
+ you probably want this, it is on by default.
+
+RESOLVSORT (origin: marka@syd.dms.csiro.au)
+ enable sorting of addresses returned by gethostbyname. Sorting order
+is specified by address/netmask pairs. This enables a host to override the
+sortlist specified in the nameserver.
+ you probably want this, it is on by default.
+
+STUBS (origin: marka@syd.dms.csiro.au)
+ enable transfer and loading of NS records only for a zone.
+still experimental. it won't hurt to enable it, but it may not work perfectly
+so using it could lead to some confusion.
+ you probably don't care, it is on by default.
+
+SUNSECURITY (origin: rossc@ucc.su.oz.au)
+ enable checking of PTR records in gethostbyaddr() to detect
+spoofing. Forced on SunOS 4 shared library as rlogin etc. depend on this.
+ you should probably not set this by hand.
+
+SECURE_ZONES (origin: gshapiro@guest.wpi.edu)
+ enables support for secure zones. This restricts access to
+information in the zone according to the information found in the
+secure_zone TXT RR found in the zone. If none is found, the zone is
+world-readable. For information on the format of the secure_zone TXT
+RR, see the Name Server Operations Guide for BIND.
+ you probably want this, it is on by default.
+
+ROUND_ROBIN (origin: Marshall Rose of TPC.INT)
+ if set, causes the databuf list in a namebuf to be rotated by one
+slot after each access to it. this has the effect that if multiple RR's
+of a given type are present, they will be given in "round robin" order
+instead of always being given in the same order.
+ you probably want this, it is on by default.
+
+ADDAUTH (origin: marka@syd.dms.csiro.au)
+ if set, cause NS and glue A records to be returned with authoritative
+answers. this causes slightly larger replies but less DNS traffic overall.
+ unless you have Mac's with an older version of Mac/TCP;
+ you probably want this, it is on by default.
+
+RFC1535 (origin: paul@vix.com)
+ if set, the resolver's default "search" list will be just the entire
+"domain" name rather than the sliding window it had before 4.9.2. this will
+make the default search list shorter, so folks who are saying "domain a.b.c"
+and relying on the implicit "search a.b.c a.b c" will miss "a.b" and "c".
+ this option is on for compatibility with RFC 1535.
+ you should NOT turn it off, it is on by default.
+
+GEN_AXFR (origin: mark@comp.vuw.ac.nz, tytso@ATHENA.MIT.EDU, gdmr@dcs.ed.ac.uk)
+ if set, allows specification of zones in classes other than "IN" in
+the named.boot file. Allows an optional "/class" on the "primary" and
+"secondary" directives. Also fixes zone transfers so only data in the class
+requested is transfered.
+ you probably want this, it is on by default.
+
+DATUMREFCNT (origin: mark andrews)
+ you want this. it will not be optional in future releases.
+
+LAME_DELEGATION (origin: don lewis; reworked by bryan beecher and don lewis)
+ this will detect the condition where some other server has told you
+that a given set of servers is authoritative for some domain, and at least
+one of those "delegated" servers disagrees (i.e., answers non-authoritatively).
+ you probably want this, it is on by default.
+
+LAME_LOGGING (origin: don lewis)
+ enable logging of lame delegations and set the log level
+ you may want this, it is on by default.
+
+RETURNSOA (origin: mark andrews)
+ This allows negative caching to work. Without this, older
+pre-4.9.3 nameservers will not accept -ve cached anwsers. We actually
+store the SOA record from the authority section rather that what was
+requested because it is the existence of the NXDOMAIN that matters not
+the type of data. The zone of the SOA record is tagged to the end of
+the SOA record to allow it to be reconstructed.
+ You probably DO NOT WANT THIS, it's experimental and dangerous.
+ it is off by default.
+
+CLEANCACHE (origin: mark andrews)
+ Bind consumes memory without bound without this option. This
+patch allows bind to periodically remove any stale entries in the
+cache. Bind's memory usage should stabilize after approximately 1 day of
+operation, as most TTL's are <= 1 day. Without this option stale entries
+are only removed when they are looked up.
+ You probably want this, it is on by default.
+
+PURGE_ZONE (origin: mark andrews)
+ Various junk below a zone tends to hang around and corrupt future
+zone data if a zone grows deeper. PURGE_ZONE will remove all traces of or
+data which could be part of zone before loading a new one.
+ You probably want this, it is on by default.
+
+STATS (origin: Paul Vixie)
+ Named's internal statistics can take a fair amount of memory and
+if you aren't interested in looking at these numbers you should disable
+the feature. Future versions may require this.
+ You probably want this, it is on by default.
+
+RENICE (origin: bp@deins.informatik.uni-dortmund.de)
+ if set, the process priority of the AXFR subprocesses is changed to
+"normal". If you are planning to raise the priority of the main nameserver
+process, you will use this.
+ You probably want this, it is on by default.
+
+GETSER_LOGGING (origin: Paul Vixie)
+ if set, errors that occur during the fetch of serial numbers for zone
+transfer consideration will be syslog()'d. this can lead to a lot of logging,
+but is very helpful if you don't know why a zone isn't transfering.
+ You may not want this, but it is on by default.
+
+SHORT_FNAMES (origin: pma@sdd.hp.com)
+ on systems whose file names can only be 14 characters long, the temp
+files created by named-xfer need to be constructed somewhat differently. this
+should probably become the default since it is harmless.
+ you probably don't care one way or the other, it is off by default.
+
+XSTATS (origin: Benoit.Grange@inria.fr)
+ if set, the name server keeps more STATS about requests
+received, and logs to syslog total counters from time to time. If you
+aren't interested in looking at these numbers you should disable the
+feature. Requires STATS.
+ You may want this, it is on by default.
+
+BIND_NOTIFY (origin: paul@vix.com)
+ experimental at this time; an internet draft is circulating. this
+option informs slaves ("secondary" servers in BIND's erroneous terminology)
+instantly when the master (primary, or another slave) loads a new zone. it
+works fine and seems to cause no problems with slaves that don't support it,
+but it does not implement the current internet draft (it lacks some necessary
+delays) and causes a lot of extra syslog traffic, especially at startup. if
+you don't mind running code that will absolutely NOT be compatible with the
+eventual standard when the RFC is released, go ahead and turn this on.
+ vendors should not enable this in versions shipped to customers.
+ You will want this when it becomes compliant, it is off by default.
+
+LOC_RR (origin: ckd@kei.com)
+ incorporates support for the LOC RR type, currently in the
+internet-draft stage.
+ you don't want this yet, it is off by default.
+
+SORT_RESPONSE (legacy)
+ should responses be sorted in what the server considers an optimal
+order for the client? this is on by default but it does very little good.
+
+## ++Copyright++ 1989
+## -
+## Copyright (c) 1989
+## The Regents of the University of California. All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted provided that the following conditions
+## are met:
+## 1. Redistributions of source code must retain the above copyright
+## notice, this list of conditions and the following disclaimer.
+## 2. Redistributions in binary form must reproduce the above copyright
+## notice, this list of conditions and the following disclaimer in the
+## documentation and/or other materials provided with the distribution.
+## 3. All advertising materials mentioning features or use of this software
+## must display the following acknowledgement:
+## This product includes software developed by the University of
+## California, Berkeley and its contributors.
+## 4. Neither the name of the University nor the names of its contributors
+## may be used to endorse or promote products derived from this software
+## without specific prior written permission.
+##
+## THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+## ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+## ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+## FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+## DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+## OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+## OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+## SUCH DAMAGE.
+## -
+## Portions Copyright (c) 1993 by Digital Equipment Corporation.
+##
+## Permission to use, copy, modify, and distribute this software for any
+## purpose with or without fee is hereby granted, provided that the above
+## copyright notice and this permission notice appear in all copies, and that
+## the name of Digital Equipment Corporation not be used in advertising or
+## publicity pertaining to distribution of the document or software without
+## specific, written prior permission.
+##
+## THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
+## WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
+## OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
+## CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+## DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+## PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+## SOFTWARE.
+## -
+## --Copyright--
diff --git a/usr.sbin/named/ns_main.c b/usr.sbin/named/ns_main.c
index 6e10230..add9fe4 100644
--- a/usr.sbin/named/ns_main.c
+++ b/usr.sbin/named/ns_main.c
@@ -1,6 +1,6 @@
#if !defined(lint) && !defined(SABER)
static char sccsid[] = "@(#)ns_main.c 4.55 (Berkeley) 7/1/91";
-static char rcsid[] = "$Id: ns_main.c,v 8.12 1995/12/29 07:16:18 vixie Exp $";
+static char rcsid[] = "$Id: ns_main.c,v 8.13 1996/01/09 20:23:55 vixie Exp $";
#endif /* not lint */
/*
@@ -652,7 +652,8 @@ main(argc, argv, envp)
for (udpcnt = 0; udpcnt < 42; udpcnt++) { /*XXX*/
int from_len = sizeof(from_addr);
- if ((n = recvfrom(dqp->dq_dfd, (char *)buf, sizeof(buf), 0,
+ if ((n = recvfrom(dqp->dq_dfd, (char *)buf,
+ MIN(PACKETSZ, sizeof buf), 0,
(struct sockaddr *)&from_addr, &from_len)) < 0)
{
#if defined(SPURIOUS_ECONNREFUSED)
diff --git a/usr.sbin/named/ns_resp.c b/usr.sbin/named/ns_resp.c
index 4a987ab8..c4b81b2 100644
--- a/usr.sbin/named/ns_resp.c
+++ b/usr.sbin/named/ns_resp.c
@@ -1,6 +1,6 @@
#if !defined(lint) && !defined(SABER)
static char sccsid[] = "@(#)ns_resp.c 4.65 (Berkeley) 3/3/91";
-static char rcsid[] = "$Id: ns_resp.c,v 8.18 1995/12/29 21:08:13 vixie Exp $";
+static char rcsid[] = "$Id: ns_resp.c,v 8.19 1996/01/09 20:23:55 vixie Exp $";
#endif /* not lint */
/*
@@ -944,10 +944,10 @@ ns_resp(msg, msglen)
*/
if ((!restart || !cname) && qp->q_cmsglen && ancount) {
dprintf(1, (ddt, "Cname second pass\n"));
- newmsglen = qp->q_cmsglen;
+ newmsglen = MIN(PACKETSZ, qp->q_cmsglen);
bcopy(qp->q_cmsg, newmsg, newmsglen);
} else {
- newmsglen = msglen;
+ newmsglen = MIN(PACKETSZ, msglen);
bcopy(msg, newmsg, newmsglen);
}
hp = (HEADER *) newmsg;
OpenPOWER on IntegriCloud