$Id: CHANGES,v 8.40 1996/08/05 08:31:20 vixie Exp $ --- 4.9.4-p1 released --- 657. [bug] some configurations were mistakenly disabling cache purges. 656. [doc] "\ " was causing a line break in zone file parsing. 655. [doc] named(8) wasn't describing the "response" literal. 654. [doc] formatting errors fixed in include/arpa/nameser.h. 653. [doc] doc/misc/DynamicUpdate now has a deprecating comment. 652. [bug] BSD/nslookup/Makefile was making the wrong links. 651. [bug] a hashing function should be as simple as possible, but not simpler. 650. [bug] dn_mailok() could walk off the end of the name buffer. 649. [bug] bad names were not exiting through the right code path. 648. [bug] we were referencing dynamic memory after free()'ing it. 647. [bug] savename() was bzero()'ing the wrong number of bytes. 646. [bug] ctypes.h needed to be included in res/res_debug.c. 645. [port] sys/types.h needed to be included in a lot of places. --- 4.9.4-rel released --- 644. [bug] gethnamadr.c:getanswer() wasn't decrementing buflen. 643. [contrib] new contrib/misc/gencidrzone. --- 4.9.4-t5b released --- 642. [bug] SOA serial checking was not trying backup servers. 641. [doc] added doc/rfc/rfc1713. 640. [bug] don't try to purge the cache on nonrecursive servers. 639. [bug] sysquery() was not recovering from lack of root servers. 638. [bug] dnsquery.c wasn't calling res_init(). 637. [bug] ns_resp() was erroneously detecting name errors. 636. [bug] nslookup() was returning failure even when fwdrs were avail. 635. [bug] inet_pton() was returning EINVAL rather than EAFNOSUPPORT. --- 4.9.4-t4b released --- 634. [bug] named-xfer was writing AAAA RRs to the wrong file pointer. 633. [port] ULTRIX and RISCOS both need NEED_STRDUP in conf/portability.h. 632. [bug] BSD/named/Makefile was installing its man page in section 1. --- 4.9.4-t4a released --- 631. [bug] nslookup was dumping core on bad 'server' commands. 630. [bug] dig was not able to print SRV RRs. 629. [bug] dig was seeing artificial protocol errors printing AAAA RRs. --- 4.9.4-t3b released --- 628. [bug] "stub ." changes were being updated in the wrong place. 627. [bug] forgot to remove fourth arg from inet_pton() in tools/addr.c. 626. [port] was missing -DSPRINTF_CHAR in one spot in the top Makefile. --- 4.9.4-t3a released --- 625. [api] inet_pton()'s signature changed due to ipng@sunroof discussion. 624. [port] shres/* should work again (was broken by inet_ntop, inet_pton) 623. [bug] sprintf() doesn't return "int" on DomainOS, either. --- 4.9.4-t2a released --- 622. [bug] sprintf() doesn't return "int" on SunOS or ULTRIX. --- 4.9.4-t1a released --- 622. [bug] more print errors in the name validation logic fixed. 621. [feature] added support for IPv6 addresses to the resolver and daemon. see doc/misc/IPv6 for details. 620. [perf] XSTATS off by default. client stats now in XSTATS. 619. [conf] LOC_RR is on by default (it's an RFC now). 618. [perf] pulled in memory saving NAME,NAMELEN,NAMESIZE logic from development source pool. 617. [bug] we were logging at INFO priority even when not loading a zone due to certain kinds of database format errors. 616. [bug] truncated responses were not being forwarded. 615. [contrib] added contrib/misc/gencidrzone.pl, updated contrib/host. 614. [bug] minor and latent bug in dcalloc() fixed. 613. [bug] the RFC952 + "_" code wasn't strict enough. 612. [bug] the PTR name check was using ipv6.int rather than ip6.int. 611. [conf] changed "check-names forwarded" to "check-names response". 610. [doc] man page said check-name, should have said check-names. 609. [bug] in res_send(), query ID mismatches weren't handled in VC's. 608. [bug] res_send() would overrun its buffer when parsing truncated replies for its diagnostic output. 607. [bug] EINTR wasn't causing a select() restart in res_send. 606. [bug] fixed a race condition related to SO_LINGER. 605. [bug] some "lame delegation" messages were printing wrong information 604. [bug] uncached out of zone CNAMEs were returning SERVFAIL rather than timing out; this prevented the client from retrying. 603. [bug] lame delegations will now try other servers rather than just SERVFAIL'ing. the old behaviour was too draconian. 602. [security] we were cycling back through the volatile cache when searching for glue to match the bootstrap cache. 601. [bug] we were not recognizing upward zone cuts in some circumstances 600. [API bug] getnetbyaddr() was taking a long, rather than a u_long. 599. [bug] PX RRs were not properly handled by named-xfer.c. 598. [bug] WKS RRs were written incorrectly in db_dump.c. 597. [bug] named would not create a brand new pid file. 596. [bug] memory leak in ns_resp.c plugged. 595. [bug] another wildcarding bug (in ns_maint.c) stomped. 594. [contrib] added contrib/misc/settransfer-gaine.shar. 593. [security] db_load() will allow invalid SOA ANAMEs, for now. 592. [bug] dig and nslookup needed code from 4.9.4-T1A for AXFR (#589). 591. [bug] dig and nslookup both dumped core if dn_expand() failed. 590. [port] changed __RES to 19960229 due to dn_isvalid() API addition. 589. [bug] named-xfer was unable to handle some compliant AXFR streams. 588. [security] call dn_isvalid() from db_load() to catch zone naming errors. 587. [security] added function dn_isvalid(), called from dn_expand(), per CERT. 586. [bug] dangling NS RR's (no A RR's in cache) weren't recoverable. 585. [bug] named was ignoring the cache for "." even after priming. 584. [bug] ns_resp() could dump core during some kinds of query restarts. 583. [bug] default logging priority for lame delegations now LOG_DEBUG. 582. [doc] added RFC 1912 which expands upon RFC 1537. 581. [port] BSD really does not have SIGIOT any more, stop using it. 580. [bug] getnetent() could mangle /etc/networks input lines. 579. [bug] db_dump was printing -1 for TTL wherever default TTL was used. 578. [port] many scanf/printf patterns misused %lu, DEC AXP didn't like it. 577. [bug] named-xfer and res_debug were mishandling "\\" in TXT/HINFO. 576. [bug] "limit" directive was setting current but not max system limit. --- 4.9.3-p1 released --- 575. [port] Ultrix/Hesiod named responses are oversized, we were incorrectly accepting them and then overwriting the stack. 574. [port] BSD/OS 2.1 required some ./BSD/Makefile changes. --- 4.9.3-rel released --- 573. [contrib] put in "951231" version of contrib/host. 572. [doc] new file doc/info/SCO-2 concerning porting. 571. [bug] zones whose master files contained only $INCLUDEs were incorrectly considered to not have any RR's (old bug.) 570. [doc] trivial man/named.8 tweak. 569. [doc] minor documentation tweak to shres/solaris/ISSUES. --- 4.9.3-beta34 released --- 568. [bug] very minor initialization bug fixed in tools/dig.c. 567. [bug] disabled VALIDATE; all this code is trash and will be removed along with ALLOW_UPDATES very early in the next alpha cycle. we are now back to the B26 level of stability, with several minor bug fixes from intervening betas. 566. [bug] fixed memory leak introduced in #565. --- 4.9.3-beta33 released --- 565. [proto] we were generating truncated RRsets due to VALIDATE bugs. 564. [proto] we weren't stopping early enough on some kinds of truncation. 563. [doc] added doc/info/Solaris, concerning Sun Patch-ID# 102165-02. 562. [bug] named/ns_resp.c had an overzealous #ifdef. 561. [port] tools/nslookup/getinfo.c had an ANSI C nit. 560. [port] shres/netbsd and Makefile's netbsd stuff was wrong. 559. [doc] shres/* documentation had more pathname problems. 558. [port] SCO OSE5 portability problem (minor). 557. [doc] added doc/misc/style.txt out of my archives. 556. [contrib] updated contrib/arlib, contrib/dnsparse (really!). 555. [bug] quoted newlines were still broken even after #509. 554. [bug] dangling CNAME cache chains could make named dump core. 553. [bug] forwarders didn't work well with VALIDATE. --- 4.9.3-beta32 released --- 552. [doc] ./Makefile had some out of date comments. 551. [bug] shres/sunos/* needed some fine tuning. 550. [contrib] contrib/dnsparse replaced with a later version. --- 4.9.3-beta31 released --- 549. [bug] "make links" hadn't been tested in a while; shres/* req'd chg. 548. [bug] shres/sunos/* needed some fixups due to a late Sun patch. 547. [doc] Makefile comments for Linux were out of date. 546. [doc] OPTIONS had an incorrect path name and some factual errors. 545. [bug] shres/sunos/Makefile had some incorrect path names. --- 4.9.3-beta30 released --- 544. [port] some systems with broken CPP's wouldn't compile ns_req.c. 543. [bug] query restart bug in ns_resp.c. --- 4.9.3-beta29 released --- 542. [port] rearranged signal() calls to make POSIX + SYSV possible. 541. [port] padded _res to 512 bytes; moved initialized data to res_data.c. 540. [port] added experimental shres/netbsd/ directory. 539. [bug] we weren't able to load 0 ttl's in zone files. 538. [doc] BOG corrections. --- 4.9.3-beta28 never released --- 537. [contrib] new contrib/lamers/ directory. 536. [bug] there was a possible deadlock condition over missing glue. 535. [bug] previous patch to db_load() was misapplied. 534. [bug] several ancient cache corruption bugs fixed in ns_resp(). 533. [root] root servers required a new ``no-fetch-glue'' option. 532. [bug] all kinds of stuff was broken under shres/ due to new subdir. --- 4.9.3-beta27 released --- 531. [bug] limited support for labels containing \. (literal dot.) 530. [bug] new root.cache file imported from internic. 529. [bug] another set of bug fixes to the zone transfer scheduler. 528. [bug] VALIDATE reenabled but without packet editing. 527. [bug] glue passing through CNAMEs will now be cached properly. 526. [bug] deleted zones should no longer cause core dumps. 525. [func] several messages changed to be more informative. 524. [bug] loc_ntoa() was returning a pointer to a stack variable. 523. [bug] wildcard RR's were being deleted by purge_zone(). 522. [bug] "ndc start" didn't work if no pid file existed. 521. [port] Sun SVR4 fixes, including shared library support. 520. [bug] we weren't using "forwarders" if "options forward_only" wasn't set (in some cases.) 519. [bug] named-xfer wasn't called res_init(). 518. [bug] lots of byte order nits. 517. [bug] "tools/host -a" now prints in RR format again. 516. [proto] minimum TTL changes from five minutes to zero seconds. 515. [bug] SOA TTL of zero is no longer considered an error. 514. [bug] division by zero error corrected in ns_refreshtime(). 513. [bug] we had the #ifdefs nexted backwards in . 512. [bug] we were able to dump core while tracing due to a NULL pointer. 511. [bug] DiG wasn't able to suppress all of res_debug.c's comments. 510. [doc] BOG typos. new doc/misc/FAQ. new site in MIRRORS. 509. [bug] another side effect of the inet_aton() change was fixed, this time it was breaking escaped newlines in named.boot. 508. [contrib] new contrib/host, contrib/misc/settransfer, contrib/msql. contrib/umich/lame_delegation was withdrawn by the author. 507. [bug] DiG didn't do ndots and was trigger happy about options. 506. [port] NextStep, Interactive, SCO, Digital UNIX, ULTRIX improvements. 505. [bug] we were overly restrictive about nonauthoritative NXDOMAINs. 504. [bug] named was generating corrupt responses in au truncation. 503. [port] shres/* now supports SunOS 4.1.4. 502. [bug] nslookup wasn't behaving properly in the presence of "ndots". 501. [bug] we now delay 5 seconds after an "ndc restart" or "ndc start". 500. [bug] change #494 was incomplete. --- 4.9.3-beta26 released --- 499. [bug] we needed a SERVFAIL in an error case. 498. [bug] some recently added byte order bugs were stomped; data_inaddr() was made slightly more conservative. 497. [port] local_hostname_length() moved to its own source file. 496. [bug] Beta25's change to compat/Makefile was wrong. 495. [bug] tools/host.c wasn't processing cnames properly. --- 4.9.3-beta25 released --- 494. [func] "include" directive in boot file is no longer fatal if the specified file doesn't exist or is not readable. 493. [bug] new interfaces' UDP sockets weren't affecting select()'s mask. 492. [doc] another round of changes and cleanups to the BOG. 491. [bug] various cleanups to lame server detection. 490. [port] completely new shres/* from CKD. 489. [doc] added a ***NOTE*** to ./INSTALL about operating system files. 488. [port] GNU C Library changes for include/netdb.h. 487. [func] named will try a little bit longer to bind() its stream socket. 486. [contrib] new packages: contrib/inaddrtool and contrib/trnamed. 485. [func] ns_forw will no longer forward to 0.0.0.0, 255.255.255.255, or 127.0.0.1. 484. [port] more POSIX_SIGNALS conversions. 483. [bug] compat/Makefile wasn't passing on all definitions to submakes. 482. [port] bad bug in NeXT C Library worked around. 481. [doc] RFC 1794 is now included in doc/rfc. 480. [bug] a debugging printf() was accessing freed memory. 479. [port] doc/info/NCR has been replaced. 478. [port] doc/info/interactive has been replaced by its author. 477. [port] UNIXWARE 2.X changes. 476. [bug] ns_init.c was creating files in "//tmp" rather than "/tmp". 475. [bug] inet_aton() reverts to mostly previous behaviour. 474. [bug] PTR->CNAME support added; name test fixed. 473. [func] added gethostbyname2(), improved its man page. 472. [port] Linux connect() can reconnect, res/res_send.c now knows this. 471. [build] several "clean" targets were not removing ".depend" files. 470. [bug] dqflush() was using memory after free()ing it and never closing any file descriptors and not clearing select()'s mask bits. --- 4.9.3-beta24 released --- 469. [bug] We no longer share static return buffers across functions in res_debug.c. 468. [logging] An extraneous haveComplained() was removed from ns_resp.c. 467. [portdoc] Linux build doc changes. --- 4.9.3-beta23 released --- 466. [doc] big reorg to BOG. 465. [doc] minor corrections to man pages. 464. [port] NEC Makefile changes. 463. [contrib] random updates. 462. [bug] res_send() wasn't always clearing errno, which led to false-negative return conditions. 461. [port] minor u_char-vs-char lint removed. 460. [port] backed out a recent Linux portability change. --- 4.9.3-beta22 released --- 459. [port] made a major lint pass. 458. [func] paved over a bad security hole in named-xfer. 457. [bug] negative caching vs (secure_zone | cname checking) bugs. 456. [port] moved all:: target to be first in top level Makefile. 455. [bug] res/res_send.c had a bad macro definition. 454. [doc] RUNSON moved to doc/info. MIRRORS file added. 453. [quality] learntFrom() was reformatted. 452. [doc] minor changes for shlib/ISSUES, tools/nslookup/nslookup.help. 451. [port] linux, NCR, Solaris, NExT portability changes. 450. [func] added RES_NOALIASES flag, needed for security. 449. [bug] we were defining a nonstandard DNS header flag as PR. no more. --- 4.9.3-beta21 released --- 448. [port] systems with hundreds of network interfaces need big ioctl()'s. 447. [func] zones without NS RR's or with mismatching SOA RR's are caught. 446. [bug] miscellaneous fixes to res/gethnamaddr.c. 445. [bug] the secure_zone logic was incomplete. 444. [bug] bootfile "options" parsing was broken. 443. [bug] named-xfer was munging incoming WKS RR's. 442. [contrib] various cleanups. --- 4.9.3-beta20 released --- 441. [contrib] put in DOC 2.1.1. 440. [func] change/addition to the "lame delegation" syslog message. 439. [bug] emulation macros WIFSIGNALED and WIFEXITED were bogus. 438. [bug] missing "#ifndef INVQ" added. 437. [doc] man pages and BOG updated to include new B18/B19 features. 436. [port] PIDDIR definition removed from Solaris 2.X. 435. [port] shres/Makefile fixed for new location of inet_addr.c. 434. [port] getnetnamaddr.c had a spurious "#if defined(sun)" 433. [bugs] random typos and glitches from the beta19 afternoon rush. --- 4.9.3-beta19 released --- 432. [func] we should be much more resistant to root cache corruption now. 431. [bug] tcp socket send buffer will now be set at 16K to avoid blocks. 430. [bug] ns_req.c had two cases where it could overflow a buffer. 429. [bug] the "." zone will now respect the setting of NO_GLUE. 428. [func] 0.0.0.0 A RR's are allowed in the DB but we won't use them. 427. [func] "options fake-iquery" added, users of Sun nslookup take note. 426. [port] include/netdb.h now has some #ifdef sun defs in it. 425. [bug] negative caching bugs in findns() and in ns_forw.c. 424. [func] "limit transfers-per-ns" directive added. 423. [bug] infinite loop fixed in named-xfer.c's version number printing. 422. [bug] gethostbyname() of a dotted quad in an auto variable will no longer cause the caller to consume random stack trash. 421. [port] inet_aton() has moved from lib44bsd.a back to libresolv.a. 420. [func] any punctuation character can now terminate an inet_aton(). 419. [port] use sigemptyset(), sigaddset() - in preference to sigmask(). --- 4.9.3-beta18 released --- 418. [bug] ``close(11): interrupted system call'' now fixed. 417. [bug] big name servers would never refresh all their zones since tryxfer() wasn't a "fair" scheduler. it is now. 416. [func] SOA syntax errors will now lead to dead zones, not dead srvrs. 415. [func] expiration values lower than refresh values cause a warning. 414. [func] added "options" and "limit" directives to named.boot. 413. [port] new file: doc/info/solaris.too. 412. [bug] possible div-by-zero in ns_init.c. 411. [port] NeXTstep, UNIXWARE, ISC, AUX changes/additions to top Makefile. 410. [port] POSIX_SIGNALS covers a bit more code now. 409. [bug] CNAME->PTR responses were triggering syslog() unnecessarily. 408. [port] res_send.c's socket() calls were using the wrong arguments. this was benign but with IPv6 looming, we need to clean it up. 407. [bug] the delayed free() logic (DATUMREFCNT) didn't account for the possibility of some NULL pointers, in ns_resp.c. 406. [bug] we were walking through purged list items in ns_forw.c. this caused bad things to happen when glue expired. 405. [bug] "attempted update to auth zone" is no longer a warning. 404. [bug] fp_nquery() is now used everywhere, fp_query() is deprecated. 403. [port] hstrerror()'s result is now declared as const. 402. [bug] a flakey initialization in the resolver has been fixed. 401. [port] removed some junk around getnetbyname(), needs testing on suns. 400. [func] BIND's version number now appears as a comment in zone files written by named-xfer. 399. [func] older, bogus HINFO RR's will now be fixed up with warnings. 398. [bug] "SOA class not same as zone's" is now a zone load error. 397. [func] all of the syslog() priorities have been lowered. 396. [doc] added doc/misc/{FAQ.1of2,FAQ.2of2,vixie-security.ps}. 368. [port] top level Makefile updates: .depend files aren't shipped; solaris, linux, dec osf/1, dynix build more cleanly. 367. [port] LOC RR logic has had some lint removed. also named-xfer.c. 366. [contrib] dnswalk 1.8.3 is now included. 365. [security] initial query ID is no longer a fixed constant. --- 4.9.3-beta17 released --- 364. named/ndc.sh didn't always exit with nonzero on errors. 363. include/arpa/Makefile was installing into //. 362. convex cleanups. osf/1 cleanups. 361. minor nit in sprintf() format string in tools/host.c. --- 4.9.3-beta16 released --- 360. CRED is long gone. 359. convex systems have getrusage(). 358. CPPFLAGS wasn't quite right. --- 4.9.3-beta15 released --- 357. netdb.h now externs h_errno. 356. fixed odd corner case bug in res_query(). 355. no BIND beta is complete without a patch to shres/PROBLEMS. 354. minor addition to the "ndc" command line syntax. 353. "." domain syslog() raised from LOG_DEBUG to LOG_WARNING. 352. minor nit in named-xfer.c. 351. the BSD/* Makefiles were mode 440, are now 444. 350. new (undocumented) make target: "make mkdirs". 349. output format change in tools/host.c. 348. contrib/* updates. 347. CPPFLAGS variable added to the Makefile tree, should quieten some makes. nextstep, solaris, and svr4 systems have some new build parameters. 346. BOG cleanups and addition of PX RR documentation. 345. more items for RUNSON. 344. several combinations and permutations of compilation options didn't work. --- 4.9.3-beta14 released --- 343. Type cast fix for #340. 343. Small change to RUNSON. 342. Removed fsync() call, it really wasn't nec'y and was causing trouble. --- 4.9.3-beta13 released --- 341. Small fix for #331. 340. Inverse queries, if enabled, will be logged if QRYLOG is enabled and on. 339. Nonrecursive servers (-r) will once again sysquery() for missing glue. 338. named/ndc now preserves the user's $PATH. 337. SUNSECURITY is now only on for shres/*. 336. New version of contrib/host has been included. 335. tools/nsquery.c and tools/nstest.c were moved to contrib/old/. 334. Portability changes for HP-UX, Solaris, Linux, SCO UNIX. 333. INVQ (inverse query support) now defaults to "off". 332. Some of the internal hashing logic for syslog() rate limiting was not accurate (more things were logged than should have been). --- 4.9.3-beta12-patch2 released --- 331. Default domain in $INCLUDE files is now intuitive (rather than "."). 330. Lame delegations are now only logged for class "IN". 329. Format change to XSTATS output to make it more readable. 328. Bad responses could cause core dumps in DiG, nslookup, etc. 327. The now-requisite change to shres/* was discovered and put in. 326. Portability changes for Linux, SCO, ULTRIX3, NeXT. 325. Bit the bullet and reset all the RCS revision numbers to 8.1==4.9.3.b12. --- 4.9.3-beta12-patch1 released --- 324. Added some missing pieces to the NSAP and NSAP_PTR handling. 323. Tightened some of the GEN_AXFR code, fixed potential C_HS problem. 322. Fixed minor niggle in the way "dig" parses its arguments. 321. Final(?) tuning of the SunOS shres stuff. 320. Reorganized the SunOS build params in the top level Makefile. --- 4.9.3-beta12 released --- 319. Fixed DiG so that ". IN NS" was the default if no args are given. (Vixie) 318. Merged the resolver with 4.4BSD's; made a BSD/ subdirectory off the main tree for easy integration into BSD/OS, FreeBSD, NetBSD, et al; moved the "master" subdirectory to "conf/master" to cut down on top level clutter. 317. Lots of last minute fiddling to make Beta12 "right". (cast of thousands) 316. Minor byte order bug in BIND_NOTIFY. (Grange) 315. Added code to db_load() to detect "no RR's found" case. (Vixie; Heiney) 314. "Zone declared more than once" test added. (Grange; Vixie) 313. XSTATS interval was changed from "no more than once a minute, and usually every fifteen minutes" to "no more than once an hour, and usually every hour". (Gianopoulos; Vixie) 312. Minor stuff in BIND_NOTIFY and the Ultrix and OSF/1 builds. (Heiney) 311. Continuing hacks to LOC RR (experimental) and shres/*. (Davis) --- 4.9.3-beta11-patch5 released --- 310. Minor BOG patches. (Shapiro) 309. Minor LOC RR lint. (Heiney; Truck) 308. Minor STUBS changes in ns_req.c. (Andrews) 307. Ultrix and OSF/1 now install "man" (not "cat") pages. AIX now installs *.[0-9] rather than *.0 pages. (Vixie, et al) 306. conf/Info.* moved to new directory doc/info/*. (Vixie) 305. NOTIFY could cause multiple simultaneous axfr's. (Andrews; Vixie) --- 4.9.3-beta11-patch4 released --- 304. Minor fixes to PURGE_ZONE, CLEANCACHE, RETURNSOA, and dig. (Mark Andrews) 303. LOC RR support is now in. (Chris Davis; Vixie) 302. General portability stuff (with ISC leanings). (Mark Galbraith) 301. Minor DiG portability fix. (Dima Volodin) 300. Yet more HINFO fixes. (Gianopoulos) 299. Really minor patch to tools/nstest.c, plus AIX fixes. (David Bolen) 298. More shres/* fixes. (Davis; Woods) 297. Minor SCO fixups. (Eduard Vopicka) 296. Fixed #include problem in db_glue.c. (cast of thousands) 295. Minor goofs in the sources. (Grange; Gianopoulos) 294. Minor patch to the BOG (font problem). (Shapiro; Vixie) --- 4.9.3-beta11-patch3 released --- 293. Minor #ifdef screwup corrected. (Mohamed Ellozy) 292. Small HP-UX portability change. (Truck) 291. Minor BOG correction. (Harlan Stenn) 290. PX RR support. (Pierluigi Bonetti) 289. Made random refresh interval a little more robust. (Miller; Vixie) 288. Minor portability changes for DEC OSF/1. (Bob Heiney) 287. We now do a setvbuf() on outbound AXFR streams since the system's default size causes more write()'s (and therefore TCP segments) than we really want. (Paul Mockapetris' idea; Paul Vixie's code.) 286. Recast all uses of abort() to call private function panic(). This was nec'y since we use the ABRT (IOT) signal to force a statistics dump, and having it dump statistics inside of abort() was a bad thing. (Mark Andrews noticed the problem; Paul Vixie fixed it.) 285. Minor change to top-level Makefile for OSF/1 man pages. (Shapiro) 284. Minor change to HINFO stuff. (Gianopoulos) 283. Minor changes to XSTATS #ifdef's. (Benoit Grange) 282. Minor change to top-level Makefile for ULTRIX/VAX. (William Gianopoulos) --- 4.9.3-beta11-patch2 released --- 281. Another batch of (minor) HINFO changes. (William Gianopoulos) 280. Minor formatting changes to keep ctags happy. (Craig Leres) 279. Minor changes to OPTIONS. (Mark Seiden) 278. New option XSTATS (default "on" for now). (Benoit Grange) 277. res_mkquery() wasn't calling res_init(). (Philip Gladstone) 276. Minor cleanup to shres/INSTALL. (Chris Davis) 275. We now set a SO_LINGER on outbound zone transfers. (Peter Wemm; Vixie) 274. Minor portability fix for VAX Ultrix. (Stan Barber) 273. Fixed two time warp problems. (Bob Heiney; Paul Vixie) 272. Named-xfer will now log and error and abort if it encounters an RR type it doesn't recognize. (Mark Andrews; Paul Vixie) 271. Minor cleanups to the HINFO comparison code in db_update. (Bryan Beecher) 270. Made CLEANCACHE less of a CPU hog. (Benoit Grange; Mark Andrews) 269. Add even more branches to the cred/clev decision tree, to make it more robust about borderline data at zone cuts. (Jack McCann; Mark Andrews) 268. New option (default: "on" for now): PURGE_ZONE. (Mark Andrews) 267. Added contrib/misc/{soa-easy,dnsfind}.shar. I will not be including this in the b11p2 diffs, though it will be in the next full kit. (Tim Cook) 266. I finally broke down and made a recommendation in the BOG with respect to "nameserver 127.0.0.1". (Greg Woods supplied the patch) 265. Minor portability stuff for SunOS. (Greg Woods) --- 4.9.3-beta11-patch1 released --- 264. 900-second check removed; TTL==0 should work now. (Mark Andrews) 263. Minor db_save() patch for initializing memory. (Bryan Beecher) 262. Minor ESIX (SVR4.0.4/gcc) changes. (John Polstra) 261. Minor dig-related patch to res_send.c. (Mark Andrews) 260. Minor line number fix for ns_init(). (Havard Eidnes) 259. NetBSD shared library stuff is now in contrib/misc/netbsd-shlib.shar. (Matt Ragan) 258. NeXT portability changes. (Allan Nathanson) 257. Minor HP-UX portability stuff. (Lewis; Corrigan) 256. Two medium sized bugs in BIND_NOTIFY. (Don "Truck" Lewis) 255. Minor lint in ns_req.c. (Mark Andrews) 254. Minor ndc.sh build problem. (Michael Corrigan) 253. Minor coding inconsistency in res/res_comp.c. (Jeff Schreiber; Vixie) 252. Minor BOG addition (SIGIOT). (Bryan Knowles) --- 4.9.3-beta11 released --- 251. If a master zone's serial number goes backwards, named now logs a warning. (Mark Andrews) 250. Minor portability nit in ns_forw(). (Simon Leinen) 249. Another portability problem fixed in ndc.sh. (Corrigan) 248. Declaration problem with findZonePri() fixed. (Corrigan) 247. References to CNAMES from MX/NS/MB will now be explicitly logged. (Vixie) 246. Made the BIND_NOTIFY logic more robust; it still does not match the current I-D (no delays yet). (Vixie) 245. Fixed a writable-string problem. Added a lot of ANSI "const"'s. (Vixie) --- 4.9.3-beta10-patch1 released --- 244. Added shres/PROBLEMS file. (Chris Davis) 243. Corrected the BOG on the meaning of ".". (Doug Luce, Paul Vixie) 242. SOA's can now be stored in $INCLUDE files. (John Lind) 241. Rejection of 0.0.0.0 had a potential seg fault. (Mark Andrews) 240. NoRecurse wasn't preventing queries for missing glue. (Mark Andrews) 239. WKS nonaggregation test had bad length. (Ed Clarke, Chris Britton) 238. NeXT library problem worked around. (Greg Wohletz) 237. Core dump fixed in the dprintf() macro. (Eric Murray) 236. MBZ fields in new queries were actually stack trash. (Olson, Vixie) 235. Adds and changes to contrib/: Added contrib/misc/dnstools.shar, from alt.sources. (Eric Murray) Added contrib/misc/settransfer.shar (nonrecommended). (Tom Brisco) Updated contrib/host/* with latest public version. (Eric Wassenaar) Updated contrib/host/makezones with latest pub. version. (Philip Hazel) 234. Made the "ps" command needed by ndc.sh a configurable parameter. --- 4.9.3-beta10 released --- 233. Added and reordered a lot of code in ns_resp() to cause it to be slighly harder to spoof with bad packets. More work needs to be done, so that named will be as spoof-proof as the resolver has become. (Vixie.) 232. Added new RR types to include/arpa/nameser.h, per RFC 1700. (Vixie) 231. New "ndc" command. (Vixie) 230. The VALIDATE option is now formally deprecated. It has bugs its detection of invalid responses, and is known to mutilate perfectly valid CNAME responses, to the detriment of clients. This code will likely be deleted in the next BIND release, to be replaced by an ``always restart query'' strategy. (Vixie) 229. Moved a syslog() so that primary as well as secondary loads are logged. 228. Resolver functions now reliably set h_errno. (Vixie, Wassenaar) 227. Expired zones now lose their cached serial number information, giving an opportunity to refresh a zone after a serial number goes backward. (Andrews) 226. Sun386i support crept in on little cat feet. (Brownlee) 225. UDP packets could be overstuffed by 12 bytes. (Reilly, Vixie) 224. failing connect()'s in named-xfer will no longer be logged. (Andrews) 223. merged IETF stream (Vixie): a. made ALLOW_UPDATES even more optional (it will disappear soon); b. added NOTIFY option (experimental); c. cleaned up some comments; d. removed T_SA (was experimental, replaced by ROUND_ROBIN); e. made named/Makefile's default CFLAGS -g (it usually inherits -O); f. random code cleanup; g. some internal errors are now fatal instead of warnings. these changes were brought in once it became clear that there would be another Beta of 4.9.3. 222. tools/Makefile was using "make" instead of "${MAKE}". (Day) 221. yet another bug was found and fixed in the SUNSECURITY code. (Brown) 220. a variable reuse problem in the SUNSECURITY syslog()'s in gethnamaddr.c was fixed. (Wohletz, Wemm, Vixie) 219. "stub" root zones now affect the hint cache (STUBS is experimental). in this situation it is reasonable to not have a "cache" directive, and some code was reordered to make this possible. (Andrews) 218. contrib/umich/lame-delegation/LISA-VI-paper.ps is now a proper PostScript(tm) file. (Davis) 217. syslog() cleanups in named-xfer.c. (Vixie, Barrett) 216. shres/Makefile now forces -O. (Braniss, Ray) 215. New contrib/misc/ctldns.sh. (Bush) 214. New contrib/misc/dns-peers.info. (Wolfhugel) 213. BOG and named(8) fixes. (Paffrath, Vixie, Hawkinson) 212. database input errors will no longer cause the following line to be ignored. (Gianopoulos) 211. the TXT RR fixes done so far in 4.9.3 have been backed out; we're back to the 4.9.2 behaviour. (Gianopoulos) 210. the authority section will no longer duplicate the answer section if both would contain the same NS RR set. (Vixie) --- 4.9.3-beta9-patch1 released --- 209. installed marka's patch to CRED that fixes BETA9's flaw. 208. added comment to README about -l44bsd and inet_aton(). 207. new directory: contrib/multizdb. highly nonrecommended. 206. small NextStep change in Makefile. --- 4.9.3-beta9 released --- 205. minor Makefile fix after beta9 was previewed on bind-workers; also, a new file conf/Info.Linux-more has been included. 204. BOG fixes. 203. netlists elements are now { addr [ "&" mask ] } which for the EBNF-impaired, means that "&" introduces an explicit mask. implicit masks are either by-class or 0xffffffff, depending on ALLOW_HOSTS in the call to get_netlist(). 202. name compression is now case-insensitive. 201. duplicate RRDATA won't trigger the new "auth warning" in db_update(). --- 4.9.3-beta8-patch2 released --- 200. added a haveComplained() to limit auth warnings. 199. fixed idiotic code reordering from patch1. --- 4.9.3-beta8-patch1 released --- 198. a bad-string-termination bug was fixed in getnetanswer(). 197. an uninitialized-variable bug was fixed in db_update(). --- 4.9.3-beta8 released --- 196. Several minor corrections were made to the BOG. 195. "clev" now distinguishes between root and TLD (wasn't worth a darn before) 194. empty nodes in authority zones are now protected from non-auth updates. (most of db_update() was rewritten to fix/support this.) 193. negative cache items weren't updated before, now they are. 192. zone updates from answers were prevented for new types but not if some rr already existed with that type. fixed. also syslogged. 191. the cache now distinguishes between authoritative answers and zone rr's. 190. negative cache items are now marked appropriately authoritative. 189. CRED is no longer optional. 188. Another enhancement has been made to HINFO parsing. Named-xfer now accepts RFC-bogus input formats generated by previous versions of BIND. 187. SUNSECURITY now forces RES_DEFNAMES on so that relative "localhost" works. 186. Minor portability fixes for DEC OSF/1, HP-UX. --- 4.9.3-beta7-patch2 released --- 186. i forgot to comment out template Linux lines in top Makefile. fixed. 185. "bogusns" directive significantly strengthened, for IN-ADDR.ARPA problem. also fixed a bug in hardcoded root server lame detection. --- 4.9.3-beta7-patch1 released --- 184. Yet another ULTRIX incompatibility has been worked around. 183. Bogus HINFO RR's will no longer cause corrupt secondary zone files. 182. NeXT support is now complete. Builds right out of the box. 181. Updated TODO file. 180. Added new INSTALL file. 179. Minor doc fix in OPTIONS file. 178. Security-related bug fix to new sunos shres/* stuff. 177. Limited Linux portability was added. 176. Trailing dots on zone names in named.boot are now ignored. 175. Random lint was removed. 174. DiG changes: increment version number (2.1), allow default domain (.). --- 4.9.3-beta7 released --- 173. named-xfer would act strangely if trailing dot domains given as arguments. 172. setenv() now provided on systems that need it (NeXTStep, e.g.). 171. doc changes for shres/*. 170. fixed debugging output problem in ns_req.c. 169. fixed portability "bugs" on ultrix systems (some tools wouldn't link). 168. minor functionality change in named/ns_validate.c. 167. minor lint in res/res_comp.c. 166. minor change to contrib/doc-2.0/*. --- 4.9.3-beta6 released --- 165. another small adjustment to the Apollo section of the Makefile. 164. a completely new shres/* was submitted; contrib/sunlibc is deprecated. 163. INVQ is back on again by default. See README. 162. another set of patches for obscure corner cases in the HINFO parser. 161. added new SUNOS4 macro to Makefile and conf/portability.h; this should fix the trouble folks were having with strerror() on SunOS 4.X systems. 160. minor Makefile changes. 159. processes which send outbound zone transfers now close all inherited descriptors, since they can be longer-lived than the main named. --- 4.9.3-beta5 released --- 158. various lint involving options which are rarely defined. 157. sunos needed -DBSD=43 rather than -DBSD. 156. minor memory leak fixed in ns_req.c. 155. some install directories for DGUX were wrong. --- 4.9.3-beta4 released --- 154. a new man/* hierarchy was installed which should be more portable. 153. a new contrib/host has been included. 152. a parsing problem in HINFO was fixed. 151. a few minor changes to contrib/sunlibc/Makefile. 150. typo in res_send.c fixed. 149. fine tuning the credibility-level heuristics. 148. dn_expand() will fail on names which have bad characters in them. 147. disappearing zones could cause a core dump in syslog() - fixed. 146. text of warnings in named-xfer corrected. 145. limited DGUX, RISCOS support added. 144. contrib/sunlibc/Makefile MFLAGS/MARGS problem fixed. 143. another SunOS recv() bug has been worked around. 142. various BOG fixes. 141. updated master/root.cache file from latest InterNIC version. 140. Added ``max-fetch'' to named(8). 139. NOT_BIND problem in named/tree.c fixed. 138. minor lint, memory leaks, and portability problems were fixed. --- 4.9.3-beta3 released --- 137. some serious (and recently) dynamic memory bugs were killed. 136. a reference to uninitialized data was fixed in res_query(). 135. a RES_STAYOPEN-related bug was fixed in res_send(). 134. isascii() and isxdigit() now simulated on systems which lack them. 133. named's local setproctitle() has been renamed to avoid system conflicts. 132. minor bugfix to negative caching code. 131. minor bugfix in validation code. 130. the typestats[] multiple definition problem was fixed. 129. some Sequent portability changes were folded in. 128. a new contrib/sunlibc was donated, but hasn't been tested. 127. minor changes to contrib/sunlibc/Info.*. is anybody using shres/*, tho? 126. STDIN_FILENO and STDOUT_FILENO are now defined by conf/portability.h. 125. there is now a ``max-fetch'' directive in the boot file (see the BOG). 124. there is now a RENICE option in conf/options.h. 123. the toplevel Makefile has been made slightly more readable. 122. <> 121. minor fixups in the lame delegation code. --- 4.9.3-beta2 released --- 120. I upgraded my "-me" macros so that the included doc/bog/file.psf is OK. 119. NXDOMAIN responses from the negative cache will now always be authoritative. this is the least of all evils, trust me. 118. strcasecmp() in compat/lib is now ANSI compliant. 117. PTR RR's are no longer subject to ROUND_ROBIN processing. 116. writev() emulation for SCO had a bug. 115. the resolver no longer calls sscanf() or qsort(). 114. minor debugging nit cleaned up in res_querydomain(). 113. IP options on incoming connections are now logged and ignored. This should probably be done for datagrams as well but not today. 112. tree.c made portable to non-POSIX/ANSI systems. 111. NSAP RR's are now supported. NSAP_PTR RR's are deprecated and so left out. 110. outbound zone transfers are now logged. 109. various lint cleaned up wrt 16-bit integer handling. 108. named-xfer was exiting bogusly on some systems due to flakey kernel interfaces. i've rewritten some of the code to avoid the problem, and fixed plenty of lint in the process. --- 4.9.3-beta1 released --- 107. Apollo systems were dumping core because of a missing #include . 106. NSAP and NSAP_PTR RR's now recognized by res_debug() (but nothing else). 105. NeXTstep 2.1/3.0 and Pyramid dcosx now nominally supported. 104. res_querydomain() was doing Bad things if given an empty name. --- 4.9.3.a5.p4 published --- 103. named-xfer's exit cause is now syslog()'d more often/clearly (Paul Vixie). 102. I left out a ";" in the new compat/lib/ftruncate.c file (Craig Leres). 101. X25, ISDN, and RT RR support have been added (Michael A. Meiszl). --- 4.9.3.a5.p3 published --- 100. Another glitch (very minor this time) was found and fixed in the QSERIAL logic. This was a performance problem only -- reliability wasn't affected (Bob Heiney). 99. SCO UNIX is now supported, thanks in part to Michael A. Meiszl. 98. I witlessly used a GCC-only feature (automatic aggregate initialization) in a5p2. Kazuhisa Shimizu was the first to report it. --- 4.9.3.a5.p2 published --- 97. NEC EWS4800 EWS-UX/V Rel4.0/Rel4.2 support (from Kazuhisa Shimizu). 96. Some of the security checking logic in the new res/gethnamaddr.c's getanswer() was happening in the wrong order (thanks, Bob Heiney). 95. Minor typo in the man/host.1 man page (caught by Robert Elz). 94. DiG was groping core if given more than 10 tokens in a lookup string (Michael J. Corrigan provided the fix). 93. Queries to INADDR_ANY ("0.0.0.0") come back from the system's primary interface, and res_send() was discarding them. A proper fix would add a lot of code to the resolver, so for now we'll just work around it (Michael J. Corrigan reported this). 92. The "data outside zone" syslog message was misleading (Bob Heiney). --- 4.9.3.a5.p1 published --- 91. res/gethnamaddr.c wouldn't compile on non-BSD systems since it depended on LOG_AUTH which is a post-4.3 feature (Bob Heiney reported this). ****** 4.9.3-alpha5 released ****** 90. redid most of my previous round of prototyping now that i truly understand which variables and parameters should be u_char and which ones should be char. (Vixie) 89. added (optional) prototypes for _getshort() and _getlong(); this means the calls all need casts of their argument since it usually isn't a u_char*. Also prototyped res_query(), res_search, and the nominally private but for some reason not static res_querydomain(). (Vixie) 88. security related: responses from servers we didn't query are now ignored by the resolver; answers with QDCOUNT!=1 are treated as errors; name mismatches in the question or any part of the answer field are syslog()'d and ignored. (Vixie) 87. fixed a bug in the SUNSECURITY stuff. (Vixie) 86. a long standing bug in the name hashing code that caused it to ``hash in'' the case of the name's characters, was found and fixed. (twice.) (Vixie) 85. Bob Heiney did some performance analysis and concluded that samedomain() was soaking down cycles at a rate disproportionate to its usefulness; he reimplemented it in a way that violated the (good,fast,cheap) rule. 84. the RFC1101 implementation of getnetby*() was using case-sensitive string compares. 83. fp_query() will no longer try to format packets larger than PACKETSZ, and for perversity, dig and named are now prepared to handle replies (via TCP) larger than PACKETSZ. new function: __fp_nquery(). (Vixie) 82. multiline initial syslog() is fixed (Bill G). 81. Don Lewis sent in a big update for the lame delegation logic. Vixie fixed one bug. Bryan Beecher had a big hand in this. 80. TCP replies can now be up to 8K in size (don walsh). 79. validation bug fixed (don lewis). 78. BOG patches from mike minnich and others. 77. more lint fixes for Cray (norb brotz). 76. a new hostname(7) man page was contributed by Art Harkin. 75. DESTINC is now a settable Makefile parameter (Marion Hakanson). 74. the zones-not-transferring bug is finally gone. 73. now using LOG_PERROR in openlog(); many parallel dprintf()'s are gone. 72. inability to retrieve serial number via UDP now forces TCP transfer. 71. removing secondary zone files and SIGHUP'ing will now force a transfer. 70. "cache" directives can now specify "/class" as documented in the BOG. 69. Mark Andrews' fix for the ns_forw core dump is in. 68. Keith Bostic fixed some typo's in the man pages. 67. Compiling without NCACHE is possible now (John Hanley). 66. Bill Gianopoulos and Alan Barrett finally agreed on what glue was and Bill's alpha4 patch is mostly gone now, and one new idea was added. 65. BOG improvements (Vixie, Brooks). 64. Mark Andrews' CLEANCACHE (recommended) and RETURNSOA (__NOT__ recommended!) are in. RETURNSOA should not be enabled at this time; there's nothing wrong with the code but it will cause cache corruption in older servers and may not be necessary. The jury is still out. 63. outbound zone transfers are now logged (requested by Ron Johnson). 62. serial number queries sent out for zone transfer purposes will now be limited to a maximum of four (4) simultaneous outstanding; this keeps BIND from overflowing its UDP socket buffer when hundreds of zones must be checked (still trying to fix Paul Pomes' problem). 61. short A RR's in responses will no longer lead to purify errors due to short malloc()'s in savedata() (thanks to Nicholas Briggs for reporting this). ****** 4.9.3-alpha4 released ****** 60. manifest constants used instead of "sizeof({u_,}int{16,32}_t)", for systems which lack 16- and 32-bit integers (paul vixie for norm brotz). 59. zone transfer anti-glue logic made RFC1034-compliant (bill gianopoulos). 58. seg fault in sysquery() (from LAME_DELEGATION) fixed (mark andrews). ****** 4.9.3-alpha3 released ****** 57. a big, hefty patch was made to the negative caching logic (mark andrews). 56. named-xfer will no longer scramble the default origin (alan barrett). 55. random bits of lint found and removed (mario guerra). 54. convexos-10 is now supported (jukka ukkonen). 53. seg fault in database dumps (from VALIDATE) fixed (don lewis). 52. problem with extra bogus 0.0.0.0 A RR's from VALIDATE fixed (mark andrews). 51. the LAME_DELEGATION logic once written into 4.8.3 by don lewis has been substantially reworked and put into 4.9.3-alpha3 (bryan beecher). 50. all instances of "sizeof(HEADER)" were changed to "HFIXEDSZ" to make life easier for the cray. also, "struct HEADER" in include/arpa/nameser.h uses just bit fields now, for portability to 64-bit systems without 16-bit integer types. (norb brotz suggested it; paul vixie did it). 49. build changes for NeXT and AIX systems (artur romao; c. wolfhugel). 48. random sunshlib changes (piete brooks). 47. minor fixes for solaris build (carson gaspar; paul pomes). 48. a few bugs were wrung out of the BOG (per hedeland; vixie). ****** 4.9.3-alpha2 released ****** 47. several obscure Makefile problems were fixed (vixie). 46. there is now a per-primary-NS quota for simultaneous zone transfers; this will cut down on the retry thrashing seen on servers that are secondary for thousands of zones (vixie). 45. a bug introduced by change #23 has been fixed (marten terpstra; apb). 44. the "data outside zone" messages are now consistent (piete brooks; vixie). 43. several #include's were reordered in res/*.c and a few #ifdef's were changed; BIND should now run OK on DGUX (henry miller). 42. several changes to the conf/options.h and Makefile (vixie): -> SVR4 has been added as a top-level Makefile CDEFS option -> SYSV has moved from conf/options.h to the top level Makefile -> INVQ is now an "#ifdef" rather than a "#if" 41. resolver no longer uses initialized static data, which should make shared libraries easier to generate (vixie did it, at the urging of many others). 40. now compiles on Apollo DomainOS (don lewis). ****** 4.9.3-alpha1 released ****** 39. lots of lint found and fixed (craig leres). 38. illegal enum compare fixed in named/ns_stats.c (vixie). 37. missing ')' added in SUNSECURITY section of res/gethnamaddr.c (h miller). ****** 4.9.3-prealpha released ****** 36. ***REMOVED*** 35. various bugs were fixed in the negative caching (vixie; mark andrews). 34. several debugging and dump output problems were fixed (mark andrews). 33. TXT RR's can now be read from zone files even if they lack quotes; the RFC doesn't say quotes are needed (jim martin). 32. limited support for AIX-3 is now included (christoph wolfhugel). 31. SUNSECURITY is now an obvious default in ./Makefile (p killey; b beecher). 30. VC queries that time out are now GC'd and SERVFAIL'd (mark andrews). 29. HP-UX 9.0's top-level makefile variables have been changed (don lewis). 28. various fixes for tools/host.c (jim martin; mark andrews). 27. syslog messages logged by SUNSECURITY will now include the address of the host that's having problems (david morrison). 26. systems whose connect() calls fail if a socket is already connect()'d will now have their sockets closed and recreated in res_send() (piete brooks; mark andrews; vixie). 25. res_send() will now corrected reset its "connected" variable when the connectedness of a socket changes (mark andrews). 24. SERVFAIL responses will no longer terminate the res_search() inner loop, thus catastrophic problems with early search elements will no longer prevent res_search() from trying later search elements (bryan beecher;vix). 23. non-NS RR's for delegated subzones will no longer be accepted in a zone transfer (alan p barrett). 22. the setting for _PATH_PIDFILE is now overridden by the Makefile (l hume). 21. named.restart.sh now has a smaller path with %DESTSBIN% first therein; this should prevent the vendor version of named from being exec'd by accident (leigh hume). 20. big change: statistics are now kept "per name server" rather than as a single global array. the /var/tmp/named.stats file format has changed quite a bit, so older awk/perl scripts are likely to stop working. 19. big change: every RR now keeps a pointer to a "nameser" struct; this currently permits SIGINT-initiated dumps to include the address of all non-zone data, which will help with tracking down corrupt data. 18. db_load.c was missing two #ifdef/#endif's for CRED (mike minnich). 17. don't aggregate SOA or WKS RR's in the cache (vixie). 16. minor cosmetic changes (vixie). 15. fixed typo in compat/Makefile ("LIBDIR" -> "DESTDIR") (rob davies). 14. fixed spurious "accept: interrupted system calls" (vixie). 13. named will now start as many named-xfer's as it should; previously it lost track of the need for transfers at the beginning of each maint cycle. also, we don't bother asking for an SOA if we know that our zone is out of date. i've changed the transfer metrics so that more transfers can happen concurrently, and maint cycles come more often. (andrew partan; vixie). 12. a number of LOG_ERR and LOG_CRIT syslogs were downgraded to LOG_NOTICE (rob davies; vixie). 11. sequence number checking now treats "zero" as a special case. (craig leres; andrew partan; vixie). 10. MFLAGS no longer used explicitly, since it is often used implicitly (mark andrews; vixie). 9. ADDAUTH is no longer considered experimental (tony stoneley; vixie). 8. several obscure type bugs fixed (don lewis). 7. signal handlers all now preserve errno (don lewis). 6. TTL deprecation made more portable (don lewis). 5. now compiles on Apollo DomainOS and is generally more POSIX-ish (don lewis). 4. bryan beecher's "query" tool has been promoted to tools/ and renamed to dnsquery. minor changes were required in several Makefiles (vixie). 3. "make links" at the top level will now make a higher resolution link tree, which makes porting easier on some systems (ian dickinson). 2. Convex feof() bug now has a workaround (jukka ukkonen). 1. gethostby*() will no longer overwrite its fixed-size array if a host with too many addresses is handled (reported by piete brooks, fixed by vixie). -------------------------------------- 4.9.3 above, 4.9.2 below 4.9.2 ------------------ FINAL ----------------- Paul Vixie 57. updated TODO, README files. 56. fix to contrib/sunlibc/Makefile. 55. several new items in contrib/. 54. Corrected bad command line parsing bug in tools/dig.c; also added the old query timing code back in (thanks to Havard Eidnes). 53. Ported contrib/decwrl/host.c to the modern interfaces. 4.9.2 ------------------ BETA5 ----------------- Paul Vixie 52. A number of optimizations that fell out of negative caching and/or the validation code have been turned off in order to avoid confusing older nameservers and their unfortunate assumptions about co-invariants. Mark Andrews and Robert Elz were the principle debuggers and contributors to this part of the effort. 51. We're now much more portable to systems without Posix or BSD signals, thanks to Bill Wisner. 50. tools/host.c now has more reasonable error messages and can deal with negative caching servers. 49. Lots of Makefile gaffes are now fixed. 48. New "host" in contrib/host/, complements of Eric Wassenaar. 47. AFSDB support is now complete, thanks to Chris Everhart. 46. The bug whereby named would sporadically return NXDOMAIN when it should have sent back a referral has been fixed. 4.9.2 ------------------ BETA3, BETA4 ----------------- Paul Vixie 45. Robert Elz has provided updated LOCALDOMAIN environment variable processing, making it more like resolv.conf's "search" than "domain". In the spirit of this I have added a RES_OPTIONS environment variable and a corresponding "options" keyword to resolv.conf. All of this is documented in the man pages and in the BOG. Robert has also contributed several bug fixes to the validation and negative caching code. 4.9.2 ------------------ ALPHA ----------------- Paul Vixie 44. BETA1, BETA2, and three patches to BETA2 have all come and gone without itemized descriptions in this file. I'll provide the RCS history on the code to anyone who asks, but basically what's been happening is that some core dumps were fixed, others added, then those were fixed too. Meanwhile RFC 1535 has been published, codifying CERT's concerns and our answer to them. BIND is now RFC 1535 compatible. RFC's 1535, 1536, and 1537 are now included in the doc/ directory. Note that Mark Andrews supplied many of the fixes to the core dumps, some of which were introduced by me and some by ISI's negative caching and/or validation code. 43. patch05 to ALPHA2 (930908) released: this includes new DNSRCH logic to correct a serious problem that CERT called me with today. the change is subtle and will have the effect that names which could match either as fully qualified names or partially qualified names using the local search list will be found as fully qualified. previous releases would have found them first through the local search list. local search lists are a bad idea in my opinion; see new SEARCH_DEFAULT option in OPTIONS file for more information. also in this release: limited Solaris support, in the form of POSIX-style signal handling used on systems which support (or require) it. as of this patch, 4.9.2 has a good chance of compiling out of the box on Solaris, modulo makefile edits. dig and host should be more portable now, too. 42. patch04 to ALPHA2 (930908) released: this corrects several borderline syntax errors in various Makefiles (Sun and Ultrix makes complained); it corrects a coredump on Ultrix systems (which aren't really as POSIX as i thought they were); it lets dig and nslookup compile again on SunOS; and it cleans up some dirty junk in named-xfer.c. this stuff is really really minor but i would like to see it tested on a Sun system before the beta. 41. patch03 to ALPHA2 (930908) released: this uses compat/include by default which is helpful on BSD/386 systems and shouldn't hurt any others except perhaps real 4.4BSD systems (and maybe not even those); it removes Bryan Beecher's SHUFFLE_ADDRS option since he and I agree that Marshall Rose's ROUND_ROBIN stuff is more general and cleaner; it includes various patches to the documentation sent in by several folks (please print the BOG and let me know if you find problems in it); it fixes "make depend" problem in "man/" subdirectory; it fixes several outright bugs in Gregory Shapiro's SECURE_ZONES code; it removes an obscure syslog() that should have been a dprintf() ("validate_count -> 0"); it fixes a bug in NCACHE whereby a T_ANY query for a name which was negatively cached but had children would return _answers_ with the T_ANY type for subsequent queries; several newer syslog messages were reworded to make them clearer; a portability bug in the SUNSECURITY logic was fixed; another in the RFC1101 logic was fixed; support for the PAGER environment variable was added to nslookup (sorry, i know we're in functional freeze but this will enable development in the next cycle and it was pretty simple) and only affects the "view" and "help" commands. 40. patch02 to ALPHA2 (930908) released; this includes more fixed from Mark Andrews, this time to Anant's NCACHE stuff (memory leak and functional bug). Also included is a patch from Gregory Neil Shapiro to his SECURE_ ZONES code, which I hadn't noticed since I don't run it here. 39. patch01 to ALPHA2 (930908) released; this includes some fixes from Mark Andrews to his "clev" and ADDAUTH stuff. The "clev" patch fixes a problem on all servers; the ADDAUTH stuff is still experimental so most users will not be affected by it. Dave Morrison also sent a patch for the USE_UTIME logic, which is important for ULTRIX systems. 38. 4.9.2-ALPHA2 released on 930908. 37. Mark Andrews sent an initial attempt at implementing ADDAUTH, which will eventually allow named to include authority and glue RR's with all authoritative answers. I am not sure that the design goal is right, and the implementation currently sends back glue RR's but no authority RR's, so I'm recommending against using this for now. But since it changes some internal interfaces in a harmless enough way, I'm including the changes. 36. Marshall Rose's ROUND_ROBIN code snuck in at the last hour. This is the best answer I've seen to the problems purported to be solved by SA RR's, and my wording in the OPTIONS file shows this. 35. These items from TODO is now done: [vixie@pa.dec.com 25apr93]: clean up debugging replace all "#ifdef DEBUG...fprintf(...)...#endif" with dprintf(...) which would be a macro that only expands to an fprintf() if DEBUG is set. dprintf(x, (args)) with x as the log level. perhaps change log levels to be symbolic, and perhaps make them a mask instead of a limit. [vixie@pa.dec.com 25apr93]: clean up #ifdef's and portability add and use function prototypes. make everything static that can be. externs should only be in .h files (add more .h files, per module if needed, to cover these). add "export" keyword (null define) to make it clear which names are exported and which are static. all top-blevel names in a module must be "export" or "static". [gshapiro@wpi.edu and vixie@pa.dec.com 26apr93]: access control "xfrnets" is ok but what we really need is full access control per zone rather than a global list of acceptable client nets. this is especially important if you send /etc/passwd via zone transfer. [postel@isi.edu anant@isi.edu jaffe@noc.rutgers.edu 28apr93]: negative caching Paul: We'ed like to have included in 4.9.1 our implemention for negative caching. --jon & Anant. [vixie@pa.dec.com 16may93]: inet_addr needs to die to be replaced by calls to inet_aton, which doesn't confuse the broadcast address with bad addresses. [Paul: I know you said that you'd like to wait for the IETF DNS WG to "bless" an official load balancing scheme, but I'll be adding my shuffle A records to BIND 4.9 for use here at U-M anyhow. The code mods to existing source files are minimal since the bulk of the work is done in a separate .c I added. If you don't want SA records to move into 4.9.1 unless they become official, please just toss this first entry. --bryan@umich.edu] [bryan@umich.edu 25apr93]: add "shuffle A" records There are several schemes for adding some kind of load balancing capability to the DNS. Our "Shuffle Address" (SA) records are one stab at this, and since they're in use at U-M, I need to add them so we can use BIND 4.9 here. [bryan@umich.edu 25apr93]: add AFSDB records AFSDB records were proposed in RFC xxxx. We use them here at the University of Michigan, so I need to add them for our copy of BIND 4.9. [bryan@umich.edu 25apr93]: small fix to resolver's p_cdname() The current copy of p_cdname() in the resolver does not work for query responses larger than 512 bytes (which can happen when using TCP). A very small modification changes the "sanity check" argument (the second one) to dn_expand() from "msg + 512" to "cp + MAXCDNAME". (This showed up very recently.) 34. While waiting for some last minute changes from volunteers, I looked at my work queue and saw that asp@uunet.uu.net had asked a while ago that named not fork/exec a named-xfer unless it had already determined that the serial number was out of date. This is important to sites like UUNET and DECWRL, which have thousands of "secondary" lines in their named.boot and can take hours to check all the serial numbers at boot time if named forks/execs named-xfer and lets named-xfer compare the serial numbers, rather than comparing them in named and only fork/exec'ing a named-xfer if it's actually neccessary to do a transfer. In spite of C's lack of threads, this only took a few hours to do. So it's in. 33. Gregory Shapiro's "secure_zone" changes are in. See the BOG. 32. Internals changes: STATS is no longer optional; ns_req() has been split into three functions for readability. Convex systems are now supported. You can now define LOG_FAC in conf/options.h if you want to syslog as LOG_LOCAL1 or some other non-LOG_DAEMON value. The mkstemp() problem on ULTRIX has been fixed. More dead code has been eliminated. 31. Large TCP queries are now printable in debug mode (which is used by "dig" and "nslookup"), thanks to a patch and a lot of patient explain- ations from Bryan Beecher. 30. Data from subdomains ("deeper zones") is now considered more credible than data from parent zones, if both are authoritative. This permits a subdomain's data to differ from its parents delegation information and have the most-local information supercede the least-local. Mark Andrews sent this in, and it is nonoptional. 29. rossc@ucc.su.oz.au's SUNSECURITY patch is now included, along with marka@syd.dms.csiro.au's performance improvement to it. Note that I am violating my own policies by including this, since it came without a corresponding patch to OPTIONS, conf/options.h, and the BOG. 28. Interfaces with multiple addresses were not being handled properly. This is an issue for 4.3-Reno and later BSD systems, including BNR2 ("Net-2") and 4.4BSD. Multiple addresses are not properly handled as if they were all aliases for the localhost. 27. Jukka Ukkonen sent me some patches for the Convex, which I've put it but cannot test. 26. sob@tmc.edu (Stan Barber) sent me new versions of contrib/host/host.c and contrib/host/send.c, which I have installed but not tested. I am still waiting for someone to update the version in tools/host.c, which is going to be a lot more work. Contact me via e-mail if you want to help. 25. My credibility stuff from the original 4.9 (and before that, KJB) was operating under a ``scorched earth'' policy due to a brain fault on my part when I wrote the code originally. Tim.Goodwin@pipex.net discovered this and sent in a patch. Note that throwing out glue is generally OK since glue is generally NOT OK, but disposing of it after ~20 references is a lot better than disposing of it after 1 reference. 24. NS RR sorting on forwarded and system queries was not happening unless more than 1024 milliseconds of RTT variance existed among the servers. This was a good value for development and testing but not for production use. The value is now 128 milliseconds. No, this should not be a configurable in the boot file. 23. I am including a file doc/FAQ which was posted to usenet as: From: craig@ecel.uwa.edu.au (Craig Richmond - division) Newsgroups: comp.protocols.tcp-ip.domains Subject: FAQ: Setting up a basic DNS server for a domain Date: 3 Aug 1993 10:53:51 GMT Organization: The University of Western Australia Lines: 1088 Message-ID: <23lg3v$1go@uniwa.uwa.edu.au> Summary: Step by Step implementation of a DNS server Keywords: FAQ DNS setup 22. named-xfer now syslogs if the remote server's serial number is _lower_ than ours, which does seem like a bad thing. per@erix.ericsson.se (Per Hedeland) sent this in. 21. man/resolver.3 had a typo on the exp_dn argument to dn_expand. fixed. (Steve Alexander sent this in.) 20. include/sys/cdefs.h moved to compat/include/sys/cdefs.h since some systems have their own which must be used. the top-level makefile must be edited if you are on one of these systems, since the default CFLAGS includes this new directory as a -I directive. sys/bitypes.h has also moved. 19. A neccessary bug fix for ISI's VALIDATE/NCACHE code has been incorporated. If you had to rebuild without these turned on in options.h to get your CNAME lookups to work again in an earlier 4.9.2 ALPHA, you can turn them on again now. 18. The q_system field of the query structure has been removed in favor of a q_type field containing bit definitions. The old PRIMING_CACHE magic cookie is no longer used. Go to the end of the universe, do not pass go. 17. Converted to ANSI C. All functions are static unless they are actually needed outside the current module ("file" in C terminology); static functions are declared with prototypes if they are forward-referenced. Externally visible functions are declared in separate header files, with prototypes. ns.h and db.h have been split into four new header files: db.h -> db_defs.h db_glob.h db_func.h ns.h -> ns_defs.h ns_glob.h ns_func.h The *_defs files contain only structure and type definitions, and macro definitions. Nothing that generates text or data space in the executable is declared here. The *_glob files contain only global variable declarations, which used to be defined in the various *.c files in a more or less random fashion. The declarations are "extern" if included from non-main()-containing files, but are defined globally and given initial values in main()-ish files. This reuse of the same declarations insures that the type and size declarations match between definitions and external references to them. The *_func files contains function prototypes for global ("extern") functions. The prototypes are all optional so will not break non-ANSI systems. Note that I don't have such a system any more so I may be wrong. 16. Removed all remaining references to "short" or "long" that did not depend on the vague semantics of those types. Most uses were actually depending on a size of 16 bits for short and 32 bits for long, and there are processors/compilers where each of these types is different. This work was begun in 4.9 and is now complete. Note that some structs that are used in large data structures use "char" for 8-bit integers. It helps. 05Jul93 - ALPHA Released This is the cleanup release after 4.9. I'm going to try the TCSH style of logging the changes; let me know if you think it's a bad way of doing it. 15. the resolver now includes an implementation of RFC 1101, which allows network names to be encoded in the DNS tree rather than in /etc/networks. this implementation is by rps@matuc2.mat.uc.pt (Rui Pedro Mendes Salgueiro) i put the test program and original documentation in contrib/rfc1101/. i would like to see their main.c ("nettest") turned into a tools/nettest, but i'm not willing to do the work myself. it needs a man page, etc. 14. as expected the initial HS zone transfer stuff didn't work that well. thanks to , retries after failed SOA queries will use C_IN rather than falling through to C_HS inappropriately. 13. ns_init.c was fcntl(SETFL)'ing in a destructive way. it now does a fcntl(GETFL) to get the old option mask and then |'s in the new flag. this patch came from Eduard Vopicka . 12. there are two new conf/Info.* files; check 'em out. 11. ultrix (some versions, especially the vax ones) libc.a had some bad naming conventions for some resolver routines. getshort/putshort just have to be real functions, not just macros, or you can't link anything with this resolver. patch was sent by . 10. sethostent(x) for host files was sticky for nonzero 'x' (avalon@anu.edu.au) 9. hp9000s700 is now supported in include/arpa/nameser.h (avalon@anu.edu.au) 8. statistics dumps now print the time in decimal-seconds-since-1970 in addition to the old "ctime" format, for ease of debugging. (Peter Koch). 7. systems with 14-character filename limitations have apparently been having trouble in named-xfer since its temporary file names are bigger than they can handle. ash@hp sent in some patches a while ago, enabled with SHORT_FNAMES in conf/options.h, to deal with this appropriately. We should probably just generate short names always. 6. Some security stuff from ISI. According to Anant Kumar : The validation procedure is the major change here. Currently, we accept anything from a server, as long as we had asked it a question. This implies that a malicious server can really send us any data and we not only pass it on, we also cache it for as long as the TTL holds. This can be really bad for our health and for that of those who use the DNS. We add this procedure to verify for each RR returned by a server that it is indeed authoritative for either that zone, or for a parent zone. We end up trusting the root servers for everything! Also, the more rich our cache is the more choosy we become about the data we add on to it. This stuff is all ifdef'd with "#ifdef VALIDATE" The negative caching stuff adds on a d_rcode field to the databufs. Any positive entry now shows a NOERROR there while negative entries have either a NXDOMAIN or NOERROR_NODATA. NOERROR_NODATA rcode is never returned. It is used only to differentiate, within the internal database, between negative and positive entries. We use the regular hash table (hashtab) to store negative entries, too. Only authoritative answers are negative cached, for NTTL (parameterized, currently 10 minutes) seconds. Non-authoritative NXDOMAINs or NOERROR with zero RR count, now generated, are now accepted but never cached. This is ifdef'd with "#ifdef NCACHE". 5. "make install" now has a prayer of working for the man pages. an observation was made that net2++ systems _require_ formatted "cat" pages and that older systems are _able_ to use them, so that's all we install. 4. i wrote man pages for named.reload, named.restart, and named-xfer. these were actually in 4.9.1 for 4.4BSD. 3. unneeded functions in compat/lib will now generate placeholder symbols, to make sure that the linker doesn't generate ugly-but-harmless warnings. 2. my ignorance of the true meaning of _POSIX_SOURCE has been corrected, along with the ugly-but-working code in conf/portability.h and elsewhere. 1. non-resolver routines moved from res/ to compat/lib/. this will shorten libresolv.a and make it easier to integrate new BIND releases into Net-2 descendents such as 4.4BSD and BSD/386. 4.9.1 ------------------ This is the integration of the changes that were made for 4.4BSD. This release will not be published. Changes include: doc/BOG/*: many changes to improve appearance of the output, including orphan-avoidance and better tab stops. Sent to me by someone on the net who deserves thanks but I've lost the original mail. Oops. include/*: the CSRG people weren't entirely pleased with the interface changes i made to the res_*() and inet_*() functions. in particular, the changes from "long" to "u_int32_t" were too sweeping in their opinion since Posix is already working on standardizing them and might look unkindly on an apparently-still-evolving interface. also, the possibility that all the vendors will change their implementations to match the new interface is apparently rather dim. therefore most externally-visible occurances of the int32_t type have been changed back to "long" in the resolver interface. we believe that this should still be portable to Cray and AXP machines, but i'll wait to hear from someone who can actually try it out and let me know. tools/*: the "net2" version of "lex" requires some additional flags and libs, and this had implications for the Makefiles and the dig.c source file. nslookup's man page is now in man/ rather than tools/nslookup, for consistency. named/*: last-minute 4.9-FINAL changes to named-xfer.c and db_load.c resulted in corruption of TXT records on zone transfers, and a high number of useless syslog(SYS_ERR) messages about zones already being up to date. these last-minute changes have been massaged into better shape and are now a lot readier for prime time than they were. a lesson was learned. the inet_aton() function is now used where appropriate, rather than the old inet_addr(). this is just an evolutionary move that should have no practical implications. bad addresses in the "tcplist", "bogusns", and "sortlist" directives (from named.boot) are now syslogged. some open files are still inherited by named-xfer from named, but they are properly closed now. the SIGXFSZ signal is now accepted as an alias for SIGHUP, in support of the wierd DEC Hesiod implementation. no practical significance. res/*: one important bug fix in the gethostent() stuff, and a whole bunch of evolutionary include file changes. include/*: include/sys was moved to compat/include/sys, since systems that do not need it really really really need to get their own instead. at some point i'm going to move the res/*.c files that are needed for compatibility but not really part of the resolver, into compat/lib. general: there are more settable parameters in the top-level Makefile, and they are propagated downward into the subdirectories' Makefiles. you should not have to edit any Makefile except the top-level one. Note that "make links" still creates local Makefiles in the build directory because "mkdep" still edits the Makefiles on most systems. 4.9-FINAL ------------------- Kevin Dunlap sent in some changes for the BOG. So did a lot of other folks. Someone asked about AXP-OSF, so I did a trivial 64-bit port. Porting to other 64-bit systems should be simple now. Someone also sent in some MIPS RISCOS portability changes, which were simple and therefore were put in. Note that some type names have been added to BSD 4.4 as a result of this work; they are going to be in in BSD 4.4 but they are in a local include file called in this distribution, with appropriate #ifdef's in the include files that depend on them. Those of you who are porting to 64-bit platforms where "long" isn't 32 bits should be using these new names for your types; there was no standard before this, but the names we've added for BIND 4.9 and BSD 4.4 are going to be proposed to Posix at some point. Sometimes it's just not OK for "int" to be the "natural integer size of the machine" and you just _have_ to tell the compiler how many bits you want. The NIC added a new root server, thus pushing the size of a nonauthoritative root server response (which includes the root server list in the answer as well as the authority sections) over the 512-byte limit. This showed up a long-term BIND bug wherein it failed to set the TC ("truncation occurred") bit if truncation occurred anywhere but the answer section. Since truncation was occuring at the end of the packet, in the additional data section, this meant that BIND was generating truncated responses without setting TC in the response header. Upon further investigation, I found that BIND ignored TC on responses it received from other name servers. RFC 1035 states that RR's from truncated responses should not be cached; with creative interpretation of the exact 1035 wording, I found a way to reach this goal while still caching the answer section (as long as the truncation occurred in some other section, which 1035 gives no definitive way to determine but I'm happy with my guess). While researching the above, I finally broke down and added credibility output to the zone dump files. They are in the comments so should cause no trouble. There's more work to be done on the dump output; in particular, Phil Almquist proposed and even prototyped a "tagging" of all RR's with the A RR of the nameserver that sent them to us; this feature should be added and the dump output should include it. This would add a lot to our ability to track down corrupt data. Don Lewis and I had more discussions about TC and ended up agreeing that the right thing to do is to set TC on responses that overflow in the answer or authority section, truncating at an RR boundary, but do not set TC on responses that overflow in the additional-data section (truncating at a {name,type} boundary). This actually solves the root server problem pretty well, since BIND 4.9 will, when it tries to use an NS whose A isn't in the cache, generate a sysquery() for the missing A. (Heck, additional data TTL's are depreciated at the rate of 5% per use, so this would end up happening pretty quickly even if we did cache a partial {name,type} -- but now we won't have to.) While trying to fix all of this stuff I ended up moving some functions around to avoid duplicating them in different source files, and I reformatted some source lines that went over 80 characters. I also made a few things "static" that used to be unneccessarily global. More of that will happen in 4.9.1. DEC's product version of MIT Hesiod uses SIGXFSZ for what we do with SIGHUP; since the default for SIGXFSZ is to exit, it seemed prudent to wire it up to do what SIGHUP does instead, so that this BIND can run on DEC Hesiod servers. At the request of several people, I integrated the USC "dig" and Rutgers "host" tools into the distribution. This required some changes to the resolver library's debugging output formats, which will be visible in nslookup, nsquery, and any other tool that sets the RES_DEBUG option. Note that there is no support for "DEFNAMES" in this version of dig, due to design changes between 4.8 (from which "dig" is derived) and 4.9. there is no reason in principle why it can't be made to work, but it doesn't work now. therefore only fully-qualified names can be looked up with this "dig". I had to change the name of the resolver "state" structure to be "__res_state" for standards conformance (really, it is not reasonable to expect that because a program includes it will never define its own structure called "state". This change highlights the imperative that any application which is relinked against this resolver must first be recompiled against these include files (notably ). This is true for almost all versions of libresolv. I asked for items for the "TODO" list and got quite a few. Check them out before you hack; someone else may already have started doing what you want to do. I also asked for tools for the "contrib" subdirectory and got 650KB worth. They make the BIND 4.9 distribution a lot larger than 4.8.3 was, but the extra bytes are well worth their weight. Kenneth Almquist (no relation to Phil, as far as I know) posted a patch for res_send() that lets it keep track of servers that are responding "SERVFAIL" or some other fatal condition; these servers are NOT used for retries of the current query. This information is not persistent between calls to res_send() since future calls will probably be for different {name,type} queries, which will not neccessarily fail in the same way. This change is trivial and makes a measurable difference in the amount of DNS traffic on my local net. 4.9-BETA ------------------- April 17, 1993 -- Paul Vixie -- DECWRL "Peter Koch" 's previous patch caused core dumps on some systems. I fixed part of it and Peter sent me a fix for the rest of it. All is now well. The Bind Operations Guide in doc/BOG has been updated to 4.9. Also, the man page in man/named.8 has had some patches applied. The copyrights are all fixed now. Let's get this thing OUT of here! 4.9-ALPHA ------------------- March 15, 1993 -- Paul Vixie -- DECWRL There was a really bad bug affecting wildcards. I received a patch from "Peter Koch" which fixes some of it, but I can't quite motivate myself to fix the rest of it since I know that what's _really_ wrong is going to require chainsaws and dynamite to fix and that'll add another year to the release. I think that this patch will hold us for a while. There are a LOT of portability changes that I'm holding onto, especially including 64-bit fixes. Do not submit any more portability changes until 4.9.1 opens. Go ahead and make them, but be prepared to remake them later. Let me know what you are doing but don't send me any diffs for portability until I ask for them. 4.9 has been stuck in the barrel for way too long already -- patches that don't fix RFC-noncompliance or core dumps will just go into my "todo" folder (which is presently a black hole of great mass). 4.9-ALPHA ---------------- Febrtuary 2, 1992 -- Paul Vixie -- DECWRL Mostly portability fixes. The nslookup "lex" problem is BSDI-specific and I'm not going to hold up release because of it. This will be the last alpha release before the public beta. It is, as usual, running the DEC.COM primary name service and has done so for more than a week without any problems. 4.9-ALPHA ---------------- January 10, 1993 -- Paul Vixie -- DECWRL Once I get the known bug in nslookup (see below) fixed, this version is going to go into public beta. I would appreciate it if everyone would try it out. KNOWN BUG IN THIS RELEASE: something wild is going on inside of the yylex() routing on BSD/386 systems. It only affects nslookup. I'm still trying to figure out how I'm going to debug this; lex experts, please see what's going on. None of the changes since the 930105 release should have been capable of producing this change, but something is sure doing it. I finally fixed the {GET,PUT}{SHORT,LONG} macros to stop issuing warnings on HP-UX systems. They are also warning-free on Ultrix(SPIM,VAX), BSDI(386), and SunOS(SPARC) systems. I took the plunge and changed the internal functions in res/res_comp.c to depend on these macros instead of duplicating the code, and everything still works. Tom Limoncelli found three ancient memory leaks. I fixed two of them but the last one looks too much like a "cannot happen" for me to be willing to experiment with it. Besides which, it's "very" minor. Uses setsid() on POSIX systems. PID file is now optional. (arc@sgi) Comments (";" or "#") are now allowed in resolv.conf (arc@sgi). Documentation and copyright changes in README. Known to compile on NeXT machines. Some portability changes for AIX, whose CC is very picky. I forgot to mention in the 921227 release that T_RP is supported (arc@sgi). I included a number of changes that Alan Barrett has been trying to get in since the 921221 version. Most are portability-related, and the few things that are functional are changes to my own previous additions :-), so I'm fairly sure that they are doing the right thing. Alan's changes include: include/arpa/nameser.h improved error diagnosis in the BYTE_ORDER configuration. changed hp9000 test to hp9000s300. As far as I know, there is no hp9000 preprocessor symbol. Should probably add other hp9000s tests, but have not done so. named/ns.h Moved the XFER-related stuff from the end of the file to near the top, where it is grouped with similar stuff. Makefiles: Add SYSLIBS variable, so folk can compile with -lBSD easily. Changed install targets to make them easier to customise. make links wasn't handling named.{reload,restart}* Add ${CDEBUG} flag to link step. Some debuggers don't work right if the program isn't linked with the -g flag. struct timeval members are declared as unsigned long on some systems. Add casts to (long) in several if statements that appear to assume that tv_sec is signed. PID_FIX in ns_main.c controlled more than just whether or not the pid file gets fixed. Changed it to control only that one feature. For debugging, it is useful for a nameserver to listen to non-standard port, but to forward requests to a standard port. Add "-p remote/local" option to named/ns_main.c. Also needed some other changes elsewhere. Don't forward back to the host that asked us a question, unless they asked from some port other than their nameserver port. This allows a dig or nslookup user on a host to ask us questions with recursion-desired, where we are willing to recursively ask the nameserver on their host. However, if a nameserver asks us something we will not recurse back to them. nslookup() in named/ns_forw.c checks for this and returns -1. ns_forw() and sysquery() notice this and return SERVFAIL. Moved the nsContainsUs functionality from a separate routine into nslookup(). No need to do the same tree walk several times. While trying to track down various problems, added detection and logging of errors in several syscalls in ns_main.c. Avoid integer overflow in roundtrip time calc in ns_resp. This needs a definition for INT_MAX. Fixed root zone transfer bug. Also corrected some slightly misleading comments in the doaxfr() code, and added some more comments. 4.9-ALPHA ---------------- January 5, 1993 -- Paul Vixie -- DECWRL This one was built and tested on Ultrix 4.2 (SPIM, MIPS CC and GCC), BSD/386 (Gamma.4), Sun SPARC (4.0.3, sorry, that's the latest I have), 4.3BSD Reno (VAX, PCC), and Ultrix 3.0 (VAX PCC). Moved res/defs.h to conf/portability.h; named/options.h to conf/options.h. Portability changes for O_NDELAY. SUNOS is really strange about this. Removed some unneccessary goto's added to ns_main.c on 1jan. Oops. Art Harkin of HP sent in a number of small (read: obviously correct) improvements, some related to portability, some to functionality. 4.9-ALPHA ---------------- January 1, 1993 -- Paul Vixie -- DECWRL Changed all O_NONBLOCK to O_NDELAY. Changed all {r}index to str{r}chr. Added some SysV support in the form of bcopy->memcpy, bzero->memset. Added C_HS support to named-xfer (greg@duke.cs.unlv.edu). Fixed a line-number problem in asp's "include" logic (asp@uunet.uu.net). streamq's were being used after free(). bug report from fuat@ans.net and jpe@ee.egr.duke.edu. bug fix by vixie. In the resolver, we now default to address 127.0.0.1 rather than 0.0.0.0. There's a comment in the code that explains why. In the resolver, arc@xingping.esg.sgi.com changed it to use inet_aton() and included that function for those not running 4.4bsd. arc@xingping.esg.sgi.com also provided lots of portability fixes and general cleanups, in particular to nslookup which he maintains for CSRG. 4.9-ALPHA ---------------- December 27, 1992 -- Paul Vixie -- DECWRL Added strtoul() to libresolv.a since it's yet another neccessary function that older systems don't have. If we can stomach strcasecmp() we can sure handle this. Moved res/named/gethostnamadr.c to res/gethnamaddr.c (note basename change) and res/named/sethostent.c to res/sethostent.c. Since the host table stuff isn't in separate files any more I saw no reason to retain the subdirectory. Updated all the copyrights and applied the small lint changes that bring the baseline of this version from "4.8.3 as seen on ucbarpa" up to "4.8.3 as released with net-2". Thanks to the alpha testers for pointing this out to me and for sending in the diffs. With much howling and screaming, I ported this to UMIPS (MIPS System V). There are a lot of really bad things going on in their libc.a, and now they're going on in BIND as well. I added a "res/defs.h" file and then proceeded to include it from all kinds of files that aren't in res/. I'm thinking of moving it but I'm also trying to figure out where -- include/ is the wrong place. res/defs.h has in it all the ugly ifdef's needed to figure out whether this is a late-model BSD system, a POSIX system, or just old. All the "#endif" and "#else" cpp directives now have comments around their annotations. It turns out that System V CPP complains about "#endif DEBUG" but has no problem with "#endif /*DEBUG*/". In many cases where the #ifdef was obviously visible and unambiguous, I simply removed the annotation. The "l" is now a ";". Thanks to all who replied :-). There was a very bad bug in the named-xfer interface. 'nuff said. AIX needs a 32-bit field for PID's. I can't imagine. But it's fixed. The "domain" directive in named.boot is now an option, defaulting to off. There was a benign bug in sqrm(). doaxfr() is now shorter and clearer. There is an "include" directive in the named.boot file now. Its syntax is simple: "include somefile". No quotes, no "#", no . This feature was in 4.9-ALPHA as well, courtesy of Andrew Partan. I forgot to document it. 4.9-ALPHA ---------------- December 21, 1992 -- Paul Vixie -- DECWRL This release incorporates fixes from a lot of people, including many from DECWRL. Some fixes are just lint; some are to avoid dumping core on non-VAX computers; many are to fix promiscuity, corruption, and rudeness. Various internal DEC programmers have ported the old 4.8.3 code to various not-entirely-BSD-like platforms and turned up some interesting lint. All of this has been fixed. Also, we fixed a bad bug in the handling of timeouts and SERVFAIL's when forwarders and slave are both used. I have made major changes to the code inside the ALLOW_UPDATES ifdef's, but I don't use it and have never compiled with that option turned on so I don't know if it still works. Given that SNMP has come and there is an IETF WG for SNMP management of the DNS, I am thinking very seriously of purging all of the ALLOW_UPDATES code in 4.9.1. I suspect that Mike Schwartz will let me know if this is ok.. (interrim "KJB" notes) ------------------- March, 1992 -- Paul Vixie -- DECWRL If we are about to forward a query for some zone for which we are one of the servers, we send back a SERVFAIL instead. If we don't have it, chances are good that the other name servers won't have it either. This is the major cause of "network meltdown" when the root servers declare you as a name server for some zone you don't know about and havn't configured yourself for. Fixed a memory leak such that if db_update() fails to update the database from a response packet, a databuf will no longer be orphaned. Also fixed what looks like a similar leak in the ALLOW_UPDATES code but I don't use it that hasn't been tested. Fixed a memory sponge such that if we forward a query to someone who is not ever going to answer it, we will eventually expire it from our query queue. Previously it would expire after N retries to N' different servers, which could be a very long time. Particularly in the case of lame delegations and other forwarding loops, we feel that 90 seconds (two max-retry intervals) is enough time for a query to be answered. While we were into this code we made several fields in the query structure into "short"'s since they were only being used to store smallish integers. The query list gets Very Long during a forwarding loop -- even 90 seconds worth of queries is a lot of queries. This version includes my hacks that assign a "credibility index" to each such that when more credible data arrives for a given , all old data is purged. When equally-credible data arrives it is aggregated in the way we all know and love; when less credible data arrives it is completely ignored. Credibility, from best to worst, is: 1. zone files (primary or secondary) 2. authoritative answers 3. non-authoritative answers and authority records 4. additional data 5. zone files ("cache" or "bootstrap" information) You need this version of bind if you still show any A RR's in network 32.0.0.0 when you look up uucp-gw-1.pa.dec.com's A or adobe.com's NS. I have also added some extra code to prevent pollution of the internal "hint cache." In all versions of BIND that I was able to test, any IN_A response to any sysquery() would cause the IN_A RR to be added to the fcachetab ("hint cache"). This resulted in lots of extra cruft in the hint cache, that wasn't timed out properly, which in turn resulted in lots of strange answers ('nuff said, take my word for it.) Though changes have been made to make the Ultrix and GNU (2.1) C compilers stop complaining about the source, it should still compile and run just about anywhere. In fact, after I cleaned up lots of old lint, this version of BIND is known to compile and run on: Ultrix 4.2 (MIPS or VAX) SunOS 4.0.3 BSD/386 (BSDi beta) This was being released as King James Bind because, like KJ Sendmail, it is a merge of every major variant of Bind that we know about. It was assembled and tested by Paul Vixie of DEC NSL/WRL, with generous donations of code and advice from Win Treese of DEC CRL. Changes from Don Lewis of Harris, Andrew Partan of UUNET, and Piet Beertema of EUNet are also included. See the OPTIONS file for a description of the changes you can control with #ifdef's. This server has been run on UUCP-GW-{1,2}.PA.DEC.COM, which are in the UUCP Zone. Our named.boot file has ~1900 lines in it. Before we instituted the changes in this release, our name server usually ran at about 16MB virtual, 15MB physical, growing slowly but constantly until we restarted it. Whenever a new zone was added to the NIC's root zone listing us as a name server, our servers would kill themselves and eachother (and NS.UU.NET, one of the other UUCP Zone name servers) with forwarding loops. After these changes, we run at a fairly constant 8MB virtual and physical size, and our apparent CPU utilization is always 0.0% since we never finish a quantum and the scheduler always sees us as waiting for I-O. In other words, life is good. Notes from UCB version 4.8.3 follow: ------------------- This is version 4.8.3 of bind. It is a test release that updates versions 4.8 and 4.8.1 with fixes, and is essentially the same as the version of named on the 4.3BSD Reno release. Although it is currently described as a test release, it is believed to be reasonably stable and more usable than the previously-released versions. Here are some of the more important changes: o A list of domains may be specified for searching in resolv.conf instead of just the local domain name. o gethostbyname() will accept a dotted quad. o Support has been added for the the T_TXT data type and for the class C_HS. These are both used by Hesiod from Project Athena at MIT. o All of the pathnames have been put into one header file. This makes it easier to change the location based upon your local configuration. o Responses are only accepted from an address to which we might of sent the request. This might cause problems if some server is multihomed and is still running BIND 4.3, but it prevents attacks induced by sending responses from another address. o Numerous bugs have been fixed: Adding a new authoritative zone now works when the server has a cached SOA record. Comparisons in the db now look at type and class as well instead of dropping records with identical data. Scheduling of maintenance interrupts has been moved to one routine avoid spurious ones. Named goes into the background after more of the initialization is done. Stream connection queue handling was cleaned up including a bug that caused data corruption and core dumps. Sys5 no longer can have multiple transfers of the same zone occuring at the same time. Handle CNAME -> CNAME loops more gracefully. Avoid making one server never get queried. Border conditions in resolver are checked more accurately. o Nslookup has been updated. There are several bug reports that have yet to be integrated into this version. Hopefully they will be dealt with in the next release. Please send feedback on this release. Notes from versions 4.8.1 and 4.8 follow: ------------------ This is version 4.8.1 of bind. It is a test release that includes version 4.8 with fixes, asynchronous zone transfer and better reload capabilities. Although it is currently described as a test release, it is believed to be reasonably stable and more usable than the currently- released version, 4.8. The changes of note are: o The asynchronous zone transfer code previously posted to the bind mailing list has been integrated, completed and tested. There are a number of changes from the version posted, including fixes to allow top-level domains to work and a simplification of the timer code. o The code for reloading the server has been changed so that only primary zones master files that have changed are reloaded. The cache and secondary zones are not flushed, and the sortlist, domain, etc. are reset to correspond to the boot file contents. o Several bugs have been fixed: the name "*" is not interpreted as a wildcard in cached zones, only in primary zones. Secondary servers no longer decrement the time-to-live of records by the time since they verified the zone with the master; as a result, they never hand out nameserver referrals with too short a TTL to be usable. A bug was fixed that caused secondary servers with out-of-date zones to return empty answers between the actual expiration time and the next timeout. There are several other bugs that have been reported but have not yet been fixed. In addition, the next regular release of named will support negative caching, but this has not been integrated. I would appreciate receiving feedback on this release; in particular, problems (or lack of problems) when installing on various systems. I attempted to update the SysV code when integrating the zone-transfer, but haven't tested it. The notes from version 4.8 follow. ---------- Welcome to version 4.8 of bind. There have been several changes to the named boot file (/etc/named.boot) of which you should be aware. The "domain" line for each zone is no longer needed, but one such line may still be used to specify a default domain to be used for queries containing names with only a single component. The term "suffixes", which was added in version 4.7alpha, has been removed. The manual page on named (named.8) has been updated to reflect all these changes. Please read this and look at the example files before installation. You should also note the changes in the resolver code to support non-fully-qualified addresses and per-user host aliases. See hostname(7) for an overview. Two new routines have been added to the resolver library since the last test release: res_query formulates a query, sends it, waits for a response and does preliminary error checking; res_search implements the search rules of gethostbyname using res_query. The MX lookup routine in sendmail has been modified to use res_search. Also, dn_skip takes an additional parameter and has been renamed to dn_skipname. While old sendmail binaries will work with the new version of bind, because of these changes, it is desirable to install new sendmail sources and recompile sendmail. Do not rebuild sendmail from old sources. The new sendmail is on ucbarpa.Berkeley.EDU for anonymous FTP from pub/4.3/sendmail.MX.tar and pub/4.3/sendmail.MX.tar.Z. There have been numerous changes to named, fixing most of the known bugs that can be fixed without major structural changes in the server. Several server configurations that failed before should now work. Certain robustness problems have been fixed, in particular bounds- checking when processing incoming packets. Two changes have been made in preparation for negative caching: SOA records are sent in the authority section in negative responses with NXDOMAIN set, and a bug was fixed that caused confusion and repeated requests if a response had no error, no answer and an SOA in the authority section. As such responses are already sent by other servers, and will be sent by the next release of BIND, it is important that all sites upgrade to this version as quickly as possible. The root "hint" cache and cache file remain the largest problem area, along with named's naivete in accepting bogus server's data. These will be addressed in the next release, along with asynchronous zone transfers, intelligent reloading of zone files, faster startup, and caching of negative responses. This version (4.8) will replace the last officially released version (4.5). Version 4.5 has a serious bug that causes the generation of a continuous stream of bogons to the root domain servers (bogus queries with the query response bit set and possibly garbage for nsid and rcode). It is imperative that these versions of named be replaced as fast as possible. We urge you to field 4.8 quickly, for the sake of the root domain servers. Mike Karels Jean Wood bind@ucbarpa.Berkeley.EDU ## ++Copyright++ ## - ## Copyright (c) ## The Regents of the University of California. All rights reserved. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted provided that the following conditions ## are met: ## 1. Redistributions of source code must retain the above copyright ## notice, this list of conditions and the following disclaimer. ## 2. Redistributions in binary form must reproduce the above copyright ## notice, this list of conditions and the following disclaimer in the ## documentation and/or other materials provided with the distribution. ## 3. All advertising materials mentioning features or use of this software ## must display the following acknowledgement: ## This product includes software developed by the University of ## California, Berkeley and its contributors. ## 4. Neither the name of the University nor the names of its contributors ## may be used to endorse or promote products derived from this software ## without specific prior written permission. ## ## THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ## ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ## ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE ## FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ## DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ## OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ## OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ## SUCH DAMAGE. ## - ## Portions Copyright (c) 1993 by Digital Equipment Corporation. ## ## Permission to use, copy, modify, and distribute this software for any ## purpose with or without fee is hereby granted, provided that the above ## copyright notice and this permission notice appear in all copies, and that ## the name of Digital Equipment Corporation not be used in advertising or ## publicity pertaining to distribution of the document or software without ## specific, written prior permission. ## ## THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL ## WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES ## OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT ## CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL ## DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR ## PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS ## SOFTWARE. ## - ## --Copyright--