--- 8.2.4-REL released --- (Wed May 9 14:36:23 PDT 2001) 1212. [bug] some function declarations wern't protected by __BEGIN_DECL/__END_DECL in resolv.h. 1211. [port] next: openstep is now supported as well as nextstep. 1210. [port] add: SCO Unix 5.0.6. 1209. [port] winnt: issues. --- 8.2.4-T2B released --- (Thu May 3 05:48:14 PDT 2001) 1207. [contrib] new h2n from author. 1206. [bug] ixfr_getdelta() uninitialised variable used. 1205. [bug] parse_cert_rr() passes wrong buffer size to b64_pton(). 1204. [bug] memory leak: pathname leaked specifing controls unix. 1203. [bug] detect corrupted ixfr logs. 1202. [bug] memory leak: dynamic update was leaking. 1200. [bug] memory leak: when following CNAMES from of req_query(). 1199. [bug] memory leak: when defining keys. 1195. [bug] memory leak: include in named.conf leaked file name. 1194. [port] MPE/IX port updated by Mark Bixby of the HP CSY MPE/iX Internet & Interoperability Team. 1193. [port] winnt: path separator. 1192. [bug] winnt: fix accept failures. 1191. [port] winnt: a CLI tool for controling named 'BINDcmd' now exists. 1190. [contrib] nslint upgraded from 1.5.1 to 2.0.2 (by author). 1189. [port] redo #1146 to cope w/ differing gettimeofday() function signatures. 1188. [bug] memory leak when removing multiple records via dynamic updates. --- 8.2.4-T1B released --- (Thu Apr 19 14:38:30 PDT 2001) 1187. [support] Don't accept in a query names which would be rejected in responses. 1186. [bug] DNSSEC key ids were computed incorrectly. 1185. [bug] remember if a notify came in while a zone transfer is in progress and perform a refresh check after the transfer completes. --- 8.2.4-T1A released --- (Sun Apr 1 12:15:48 PDT 2001) 1184. [support] notify delay limit now "nzones" rather than "nzones/5". 1183. [port] new port/cygwin contributed by s_c_biggs@bigfoot.com. 1182. [contrib] new contrib/mdnkit (V1.3) from author. 1181. [bug] dig -T was only delaying after the first batched query. 1180. [bug] NSAP processing did not support leading 0x as required by RFC 1706. 1179. [contrib] new contrib/adm from official ftp site. 1178. [contrib] new contrib/host from author. 1177. [contrib] new contrib/dnsp from author. 1176. [bug] fix memory and file descriptor leaks. 1175. [bug] statp->nsort could fail to be re-initialised if resolv.conf goes away. 1174. [port] winnt: missing call to sockout() in close(). 1173. [bug] suppress repeated notifies when a nameserver is a CNAME. 1172. [bug] allow res_{n}update to take a single unlinked element. 1171. [doc] rfc2308-type1 applies to answers from the cache. 1170. [port] winnt: does not have unix domain sockets. 1171. [bug] xfers_deferred could become out of sync. 1170. [bug] check the family before using a cached result from gethostbyname*(). 1169. [cleanup] namespace cleanup of prand_conf. 1168. [port] fix ctk ORD_32 problem on some HPUX 10.20 systems. 1167. [support] note possible HAVE_STRNDUP need for AIX4. 1166. [bug] bad $TTL could kill the contributed dns_signer. 1165. [func] INITIALZONES tuning for large servers (> 1000 zones). 1164. [bug] the resolver could leak a file descriptors under certain conditions. 1163. [func] ns_critical() is now available. 1162. [port] winnt: add strerror. 1161. [support] log out of memory during zone transfers. 1160. [support] extend "Response from unexpected source" message. 1159. [doc] query-source is used for TCP and that the port is ignored. 1158. [func] add A6, DNAME, SINK and OPT to list of known RR types in res_debug. 1157. [perf] add more ns_wouldlog() calls on mainline. 1156. [bug] don't use a known bogus key name. 1155. [support] log possible "TSIG BUG" exploit attempts. Requires LOG_TSIG_BUG to be defined in bin/named/named.h. 1154. [bug] RFC2317 support was broken in bin/host command again. 1153. [support] be more consist with the use of slave vs secondary. 1152. [bug] ixfr processing could leave Z_XFER_RUNNING set. 1151. [bug] failed to correctly parse the orginal ttl in SIG records. 1150. [bug] forwarders: it was possible to use freed memory. 1149. [support] zone rejected message to error level. 1148. [bug] non-glue now logged to category load. 1147. [bug] handle notify w/ SOA records better. 1146. [support] be more gentle in handling bad system clocks. 1145. [port] solaris: 2.4 does not have pthreads. 1144. [support] log class w/ denied messages. 1143. [bug] only use the query-source address, not port, for TCP connections. 1142. [doc] document change #924 better (doc/html/controls.html). 1141. [bug] DESTDIR is not part of the nslookup help file path. 1140. [bug] only reset interval timers if the value has changed. --- 8.2.3-REL released --- 1139. [bug] inet_{net_,}ntop() had an off-by-one error. 1138. [bug] purge_nonglue() should only be fatal on master servers. 1138. [port] add include/errs.h to various ports. winnt: #1130 caused linkage failures. --- 8.2.3-RC5 released --- 1137. [bug] rfc1034 escape sequences not processed when replaying updates. 1136. [port] winnt: named nolonger creates resolv.conf. 1135. [bug] fixup from #1130/1132. 1134. [port] winnt: SIOCGIFADDR, SIOCGIFFLAGS, SIOCGIFDSTADDR and mkstemp() fixes. 1133. [bug] sorting of SIG/non-SIG records prior to rrset ordering of was broken. --- 8.2.3-RC4 released --- 1132. [lint] more #1130. 1131. [support] TTL 0 is now allowed in zone files. 1130. [lint] massive, massive delinting from "gcc -Wall". 1129. [support] "max_log_size_ixfr" is now a scaled number (4m, etc). 1128. [contrib] updated mdnkit. 1127. [port] winnt: support for more interfaces, dnskeygen. 1126. [bug] resolver: close cached file descriptors when socket() fails. 1125. [bug] when ns_addr_list is rotated, rotate cached file descriptors. 1124. [bug] the select() timeout was not always being correctly computed. 1123. [bug] changes to ns_addr_list were not being reflected into our private copy. 1122. [port] sco: DESTRUN and DESTSBIN can't be the same. 1121. [cleanup] re-word "server is ??? priming" status message. 1120. [bug] more #1108 fine tuning. 1119. [bug] "delete all" RRs were not being printed correctly. 1118. [port] winnt: always install the named executable 1117. [port] linux: turn off returning ICMP port unreachables. 1116. [bug] minor tweak to #1108 1115. [bug] fail if tsig transfers are requested but we can't communicate the keys to named-xfer. 1114. [bug] remove extraneous semi-colon from ns_parser.y --- 8.2.3-T9B released --- 1113. [support] show config file name and age in "ndc status" 1112. [support] "ndc status" no longer mentions loading of config. 1111. [port] some versions of sunos don't have _POSIX_PATH_MAX 1110. [bug] zones with Null keys at delegation incorreclty rejected. 1109. [support] named-xfer was bombing on non-TSIG'd zones 1108. [support] ignore queries that come in during long synch ops 1107. [func] allow the default syslog facility to be set by adding -DISC_FACILITY= to CDEBUG in Makefile.set. 1106. [func] host statistics can now be cleared after they are dumped. Use "ndc stats clear". 1105. [func] host-statistics-max can be used to set a upper bound on the number hosts we collect statistics against. 1104. [func] the source of a record is no longer dependent on setting "host-statistics yes;" 1103. [doc] winnt: updated port specific notes. 1102. [port] winnt: BINDctrl fixes 1101. [port] winnt: install fixes 1100. [bug] named-xfer some memory allocations were not checked. 1099. [bug] more missing INIT_LINK's. 1098. [support] force gmake to fail if the sub-shell fails. 1097. [port] winnt: lower the logging level so that BINDCtrl status checks do not cause the eventlog to fillup. 1096. [bug] don't pass '-i' to named-xfer unless we are going to attempt a IXFR. 1095. [bug] dig: report missing arguements. 1094. [port] winnt: more cylink fixes, updated install. 1093. [bug] winnt: build lib cylink correctly 1092. [cleanup] winnt: snmpmib.c is nolonger required 1091. [support] winnt: workout the install directory. 1090. [bug] winnt: install was copying old over new. 1089. [bug] winnt: fix copyright for nameserver.c winnt: snmpmib.c not needed in libbind.dsp 1088. [bug] #1053 still contained NAPTR problems. --- 8.2.3-T8B released --- 1087. [port] sunos/gcc _POSIX_PATH_MAX isn't defined when it should be. 1086. [doc] malformed man page for heap. 1085. [bug] ixfr responses to zones we don't server were malformed. 1084. [bug] INIT_LINK before APPEND in four more places. 1083. [support] only log "no options before zone" config error before FIRST zone [kjd]. 1082. [bug] have client-side IXFR work in single answer mode [kjd]. 1081. [bug] have server-side IXFR work in single answer mode [kjd]. 1080. [support] still do IXFR's even when a file name is not specified for zone [kjd]. 1079. [support] need to have a file name for a hints zone [kjd]. 1078. [port] WinNT interface enumeration fixes from Danny Mayer. 1077. [support] format string audit. 1076. [port] now recognize RH7.0's "strndup()" 1075. [contrib] add contrib/resparse-1.3 [Henning Schulzrinne @CU] 1074. [support] INSIST that lists are correctly managed. 1073. [port] Win/NT port work from Danny Mayer. Dig, host and nslookup have been added. 1072. [port] work around a gcc bug on solaris. 1071. [bug] memory leak in res_nsendsigned(). 1070. [bug] We were accepting non syntactically valis SOA records. 1069. [port] movefile() is now part of libbind as isc_movefile(), remaining rename() calls converted to isc_movefile(). 1068. [bug] purge the zone from memory if an error is detected on loading. 1067. [bug] reload the parent zone if loading the child zone fails, the parent zone may otherwise be corrupted. 1066. [bug] refresh/retry timer need to be reset after IXFR 1065. [bug] IXFR change list could be freed to early. 1064. [bug] unchecked memget in sx_send_ixfr(). 1063. [bug] fix #1041 was incomplete. 1062. [bug] host printed out address records multiple times if they were at the end of a CNAME chain. 1061. [bug] host failed to look for A records for the second an subsequent entries in the search list when using the default lookup. 1060. [bug] $GENERATE did not reject a out of zone LHS. 1059. [bug] res_findzonecut() contained a bad debugging printf. 1058. [bug] possible NULL pointer de-reference in dst_key_to_buffer(). 1057. [doc] document that bogus causes anti-alias processing. 1056. [bug] ns_sprintrrf() could incorrectly print "." as "@". 1055. [bug] aa was being cleared on notify "queries" prior to testing. 1054. [bug] NAPTR records were using name compression. 1053. [bug] NAPTR records were not being printed correctly. 1052. [bug] UPDATES w/ NAPTR records were failing. 1051. [contrib] YADDAS: Yet another DNS database awk script. 1050. [bug] named-bootconf did not handle cacheless secondary/stub zones. NOTE cacheless secondary/stub zones are not recommended. 1049. [bug] buffer overruns by 1 in getnameinfo(). 1048. [bug] ns_ctl_install() was corrupting the server_controls list. 1047. [bug] req_iquery() wasn't doing a final update on buflenp. 1046. [port] Win/NT port improved by its author. --- 8.2.3-T7B released --- 1045. [bug] forwarded and initiated TCP queries weren't affected by the "query-source" config option, and weren't being set nonblocking. 1044. [support] add HITCOUNTS compile-time option (from lamont@hp.com). 1043. [bug] dnsquery's command line args could overflow buffers. 1042. [doc] maintain-ixfr-base had wrong description in named.conf(5). 1041. [bug] host assumed axfr returned "one-answer" responses. 1040. [bug] add d_rcnt processing to update processing. 1039. [bug] qcomp wasn't stable. 1038. [port] solaris needs a strerror that does not return NULL, call isc_strerror instead. 1037. [support] soften #1025 -- continue to accept !AA notify req's. 1036. [debug] add TKEY debugging support. 1035. [bug] ndc's "help" command worked in signal but not channel mode. 1034. [bug] loc_ntoa() failed to correctly print altitudes in the range [-0.99 .. -0.01]. 1033. [port] Win/NT portability infusion from Larry @NortelNetworks. 1032. [bug] fix minor signal buglet introduced in #1029. 1031. [bug] nslookup now correctly refuses to accept qtypes AXFR or IXFR. (use nslookup "ls", not queries, for this.) 1030. [protocol] nslookup "ls" command now uses writev() rather than two write()'s, to get msglen and query into same tcp seg. --- 8.2.3-T6B released --- 1029. [bug] incredibly busy systems could starve handle_needs(). 1028. [protocol] unrecognized TSIG was returning NOERROR (now NOTAUTH). 1027. [support] INSIST(), ENSURE(), et al, now always have sideeffects. 1026. [port] some kernels bogusly return tv_usec>1000000 from gettimeofday(). panic and dump core when this happens. 1025. [proto] NOTIFY messages should have AA. 1024. [bug] we were unwilling to use the last 10 octets of a response buffer in certain transaction types. 1023. [port] HP-UX 10.20 was looping inside contrib/dnssigner. 1022. [port] ensure that all handled signals are unblocked. 1021. [bug] the "host" command wasn't properly printing SRV RR's. 1020. [contrib] new "updatehosts" (V1.1.0) contributed by author. 1019. [port] separate CFLAGS and CPPFLAGS for unusual builds. 1018. [bug] When maintain_ixfr_base is set to "no" a zones IXFR file was still being written too. 1017. [doc] resolver(3) was out of date with respect to recent API changes. 1016. [bug] nslookup wasn't properly printing SIG RR's. 1015. [bug] when merging group information gr_name and gr_passwd could be left pointing at freed memory. 1014. [bug] iquery: DoS (potential), information leak. 1013. [bug] mangled hostent structures returned by gethostbyname_r() and friends. 1012. [doc] add named-bootconf example to INSTALL. 1011. [bug] if spawnxfer() fails we should return immediately. 1010. [bug] bad responses to the initial IXFR/SOA query could result in using an uninitalised variable. 1009. [port] Add support for darwin / Mac OS X 1008. [doc] specify allow-query default in named.conf. 1007. [bug] only set STREAM_AXFRIXFR if the original query is an IXFR. --- 8.2.3-T5B (RC3) released --- 1006. [port] Windows/NT does not have fchown(). 1005. [bug] RD was sometimes left set, inappropriately. 1004. [bug] cached NXT's were corrupted. 1003. [bug] correction to #997. 1002. [bug] file descriptor leak in res_nclose(). 1001. [port] some builds were too fast. --- 8.2.3-T4B (RC2) released --- 1000. [bug] #996 was wrongly implemented; replacement fix. --- 8.2.3-T3B released --- 999. [support] named now makes an effort to create its files with ownership as specified by -u and -g command options. 998. [support] show version number in NOTIFY log messages. 997. [support] forwarders are now used in order by measured RTT. 996. [protocol] if answering ixfr with full zone, used qtype axfr. 995. [bug] "dig -b" was broken due to missing switch "break;" 994. [bug] named-xfer did not handle empty question sections. 993. [bug] TSIG AXFR was completely broken in DiG. 992. [bug] OPTION_USE_IXFR and OPTION_MAINTAIN_IXFR_BASE had non-single-bit flag values in src/bin/named/ns_defs.h. 991. [protocol] send A6 glue records in xfr. 990. [bug] we could loose track of a bottom of zone cut if the write buffer filled up at just the correct moment. 989. [bug] apply to "fetch-glue no;" to notify processing. need to add A records that would be found this way w/ also-notify. 988. [support] report expired zones when detected in maintainence pass. 987. [feature] "ndc reconfig -noexpired" skip attempts to load expired zoned when reconfiguring. 986. [bug] pushlev only needs to be called for axfr/zxfr not ixfr. --- 8.2.3-T2B released --- 985. [support] remove "view" command from nslookup (it used mktemp()). 984. [bug] always restart processing query from scratch if we have chased a CNAME as we might still have the answer in the cache once the CNAME has been resolved. 983. [support] "notify from non-master server" is now debug, not info. 982. [bug] rollback the compression pointers array when a RRset/RR does not fit. 981. [port] decunix: typedef (u_)int#m_t 980. [bug] mishandled memget failure w/ TCP connections. 979. [bug] we were failing to call ns_stopxfrs() before calling purge_zone() in some cases. 978. [port] sco50: setsockopt(SO_REUSEADDR) fails on unix domain sockets 977. [bug] we should be returning notimpl for update forwarding rather than refused. a client receiving refused should terminate the update attempt. notimpl should just cause the client to skip to the next server. 976. [bug] some stats weren't getting incremented, & added a few. 975. [support] SLAVE_FORWARD is now redundant and has been removed. 974. [port] ultrix with vendor's y2k patch explicitly desupported. 973. [bug] some field names added in #935 conflicted with macros. 972. [support] restore heartbeat notifies. 971. [bug] out of order updates in log. 970. [port] solaris: add ipv6 interface scanning support. 969. [bug] post process a zone load to remove any non-glue at or below bottom of zone. 968. [bug] TSIGs failed to verify if the key name was compressed. 967. [bug] zones signed by the BIND 9 signer failed to load. --- 8.2.3-T1A released --- 966. [bug] nslookup and dig misprinted root zone in $ORIGIN. 965. [feature] dig's command line input buffer was rather small. 964. [bug] make res_nsearch() behave like res_search() of olde. 963. [bug] res_debug::do_section() can no longer spin all VM. 962. [bug] another almost-complete rewrite of IXFR from kjd (462) 961. [bug] acl "none" now fails to match but doesn't end search. 960. [bug] more hesiod library fixes from danny. 959. [doc] christos fixed several man page typos and brainos. 958. [bug] getnameinfo() should accept experimental/multicast. 957. [port] ultrix again. "cd" now presumed to be silent again. 956. [bug] multiline was not being cleared correctly. 955. [bug] explicit TTL on SOA records were being replaced with soa minimum. 954. [bug] cannot load a signed root zone. 953. [bug] memory overrun in set_zone_ixfr_file(). 952. [bug] errs was not being correctly adjusted if the included master file did not exist in db_load(). 951. [bug] contrib/dns_signer/signer: write_trim_name array bounds write error. 950. [bug] hesiod: ctx->res was not being initalised. 949. [port] aix32: add prand_conf.h and define WCOREDUMP 948. [bug] fixed logic error in a number of expressions causing res_ninit() not to be called when it should be. 947. [bug] sanity check in dst_read_key() wasn't. 946. [port] freebsd: threaded library support. 945. [bug] wrong file name logged in ixfr_have_log(). 944. [doc] add forwarders to zone types master/slave/stub in named.conf man page. 943. [bug] raise CNAME and OTHER / multiple CNAME logging to warning. 942. [bug] bad referrals logged for forwarders. 941. [bug] lame server detection wasn't checking for SOA record. 940. [clarity] unapproved -> denied in log messages. 939. [bug] reload_master and purgeandload should write the zone if it has been updated. 938. [bug] update and ixfr logs could get corrupted. fseek() before ftell() on fopen(, "a+") file. 937. [support] allow parallel makes to work. 936. [protocol] add preliminary A6 glue recognition in ns_req. 935. [cleanup] res_nsend() segmented into multiple functions for readability. also fixed two file descriptor leaks. CAN_RECONNECT is gone, keep one socket per nameserver. 934. [bug] Perror and Aerror where incorrect if DEBUG is not defined. 933. [port] cygwin port added 932. [port] sco42 does not have unix domain sockets or gethostid. 931. [bug] eventlib was not handling unix domain sockets correctly. 930. [bug] we wern't using all the potential compression pointers in the question section. 929. [bug] we were accepting updates (adds) with illegal ttls. 928. [bug] if we manage to get a illegal ttl stored, print it unsigened. 927. [port] hpux: (11.* 10.30) Makefile.set.gcc 926. [port] hpux10: gcc needs -D_HPUX_SOURCE and -fPIC 925. [protocol] when a slave loads it should notify others (RFC 1996). 924. [port] sunos solaris: #define NEED_SECURE_DIRECTORY to secure the directory containing unix domain socket rather than the socket itself. 923. [support] shutup "make clean" about missing threaded directories. 922. [bug] removing an cached zone file then performing a "ndc reload zone" should force a zone transfer. 921. [bug] nsupdate: listuprec was not being initalised. 920. [port] aix4: Makefile.set.gcc aix4: __P was being defined by 919 [port] linux: remove one level of symbolic linkage when performing make links on port/linux/include 918. [bug] update prerequisite could match w/ wildcard. 917. [port] irix: make the current IRIX release (6.5) work by not patching res_debug.c. see INSTALL if you have problems with 6.3. 916. [bug] removing / changing a zone type could result in Z_NOTIFY being cleared / tested against the wrong zone. 915. [bug] evNewWaitList() was not maintaining the prev chain. 914. [bug] signal EWOULDBLOCK if EV_POLL'ing with no timers. 913. [bug] input could get lost on the server side of a ctl sock. 912. [bug] nsupdate now allows explicit 0 TTL's on added RR's. 911. [bug] gethostbyname() should not return duplicate addresses. 910. [bug] address-sorting logic was exiting early. 909. [bug] dig wasn't respecting the +ti and +ret arguments. 908. [contrib] Tony Stoneley sent us an updated misc/makezones. 907. [port] winnt fixes from Larry at Nortel. 906. [bug] res_findzonecut() failed if the NS referred to a CNAME. 905. [doc] Minor fix to doc/man/Makefile for getnameinfo 904. [bug] bin/host wasn't looking up MX records if no -t flags were passed to it. --- 8.2.2-P6 released --- 903. [bug] divide by zero bug when querying for SIG records from a secure zone. 902. [support] don't attempt to set q_fzone if we won't be using it. 901. [support] delay notify timer setting until all zones have been loaded. 900. [port] hpux10 fix call to bison; sco call bison consistenly. 899. [bug] dynamically allocate buffer used to display RR rather than uses a fixed sized one. grow as needed. 898. [bug] if truncation caused no RR's to appear in the answer we mis-classified the answer on a NODATA. 897. [support] descriptors used by named should not be inherited by named-xfer. 896. [contrib] add contrib/adm/adm-nxt, an exploit for the NXT bug in 8.2 and 8.2.1. as before, we do not recommend its use, and we do recommend that you run the latest BIND. --- 8.2.2-P5 released --- 895. [port] minor NT build and documentation improvements. 894. [bug] incorrect "key" statements in named.conf weren't handled properly. --- 8.2.2-P4 released --- 893. [bug] DNSSEC logic in bin/host broke -t any 892. [bug] multiple SOA on AXFR bug --- 8.2.2-P3 released --- 891. [bug] options { also-notify { ... }; }; resulted in wrong pointer being memput with the wrong size on reload. 890. [port] A/UX portability improved. 889. [port] added IPv6 portability for OpenBSD, NetBSD, FreeBSD. --- 8.2.2-P2 released (internal release) --- 888. [support] add default: all tag to top src/Makefile so that "make" will work properly in some OS'. 887. [bug] "dig ... axfr" was printing spurious "TSIG ok" msgs. 886. [support] top-level Makefile now included in all tarballs. 885. [support] IXFR improvements. 884. [bug] some deprecated NXT RR forms weren't ignored properly. 883. [support] "host" command can now try to verify dnssec signatures. 882. [contrib] dns_signer/ had some last minute problems (by author). 881. [bug] possible sprintf() overflow prevented. 880. [support] minor tweak to bin/dig/dig.c TSIG code to clarify whether res_nsend or res_nsendsigned is being used. 879. [support] add "noesw" target to top-level Makefile (for PL1). 878. [port] aix4 HAS_INET6_STRUCTS was not being set based on the existance of _IN6_ADDR_STRUCT. 877. [port] freebsd + KAME need a different Makefile.set see INSTALL notes. 876. [port] IPv6 probe for MPE/IX, NetBSD. 875. [bug] bad NAPTR RRs could be loaded from zone files. 874. [port] update irix_patch in irix port. 873. [port] add SRC/tools to sco's make [std]links. --- 8.2.2-REL released --- 872. [bug] named-xfer could free() a string twice. 871. [port] linux support for broken IPv6. 870. [port] more NT fixes and improvements from larry at bay. 869. [bug] disable client side IXFR (in named-xfer) for now. 868. [bug] updated named-bootconf to handle case insensitive parts of named.boot. added stubs support. class was not being reset. 867. [support] updated INSTALL notes. 866. [port] More NT fixes from larry at bay. 865. [port] add #include to next's port_before.h 864. [port] change solaris' Makefile.set files to use yacc and lex. also clean up install and binary paths. 863. [bug] lib/isc/ctl_srvr.c needed fcntl.h #included --- 8.2.2-T8B (RC2) released --- 862. [port] another NT infusion from larry over at bay. 861. [support] improve support for tsig'd updates. 860. [port] add IPv6 probing to: decunix hpux irix lynxos mpe netbsd qnx rhapsody sco50 859. [bug] set control sockets to close-on-exec; potential file descriptor leaks in ctl_srvr. 858. [bug] make ns_samename() and use it instead of strcasecmp(). 857. [bug] unset update-log can lead to debugging msg mishaps. --- 8.2.2-T7B (RC1) released --- 856. [bug] IXFR finally works and is reenabled. 855. [port] more win/nt changes from bay. 854. [bug] /etc/hosts lines longer than 8K can crash gethostent(). 853. [bug] another linked list bug shaken out of ns_update. 852. [bug] compiled in pathname for nslookup help file was wrong. 851. [bug] ns_update had an off by 2 bug when checking names in SRV records causing unexpected failures. 850. [bug] empty updates triggered an overambitious INSIST(). --- 8.2.2-T6B released --- 849. [support] print rcode on failed UPDATE messages. 848. [port] paths.h and port_before.h tweaks from SCO for unixware7. 847. [port] add SRC/irix_patch to make links in IRIX 846. [support] restore some diagnotics lost when #634 was done. 845. [support] WATSQ patch from Ted Rule of Flextech Television. 844. [support] added src/DNSSEC with a note about BIND-8.1.2 interop. 843. [bug] IXFR fixes. 842. [bug] pointer arithmetic on (void *) not ANSI C. 841. [port] sco50: make install: libport.a not longer exists. 840. [bug] turning on touch_timer() in ctl_clnt.c found a bug. 839. [contrib] new version of contrib/host (from author). 838. [support] improve error reporting; remove lint. 837. [bug] bin/host/host.c was not RFC2317 compliant. 836. [port] hpux portability and speed improvements. 835. [port] some shell's "cd" produce output - fix in port/systype. --- 8.2.2-T5A released --- 834. [support] massive changes to dynupd API. 833. [port] more Win/NT. 832. [feature] boolean: treat-cr-as-space. If yes, BIND will treat '\r' the same as it treats ' ' and '\t' in zone files. 831. [bugs] DNSSEC/CAIRN workshop results (in addition to #826): - invalid size passed into b64_ntop in SIG parser - Invalid TSIG keys are now logged and ignored instead of panicing. - trusted-keys didn't work if a trailing dot was present - a DST problem that occurs when one of the multiprecision integers begins with a 0 byte. - TSIG signed truncated responses were mishandled. - minor RFC2535 changes. 830. [doc] Minor updates to INSTALL 829. [support] we need to cache SOA NXDOMAIN queries if only for a clock tick. 828. [support] multiple zone warning clearer. 827. [bug] the ctl interface was clearing already-cleared timers. 826. [contrib] various improvements to contrib/dns_signer (from TIS). 825. [support] change __NAMESER and __RES to 19991006. 824. [port] sco50 needed #define __BIND_RES_TEXT in port_after.h 823. [bug] named-xfer missed a SIG text format change 822. [bug] TSIG signed truncated responses crashed the server 821. [bug] potential reference after free bugs. 820. [port] ultrix finally works again. 819. [bug] removed test for missing glue from nslookup() as it got false matches. There is no simple test for missing glue. 818. [bug] back out #790, there was no memory leak. 817. [port] Solaris needed #define BSD_COMP in port_before.h. --- 8.2.2-T4B released --- 816. [bug] you could not raise the number of available file descriptors after the first call to res_send() and make use of them. 815. [feature] report version via command line option (-v). 814. [feature] getipnodebyname, getipnodebyaddr and freehostent added. These are RFC 2553 newcomers to the RFC 2133 set. 813. [support] better diagnostics when trying to clean up old unix control socket. 812. [bug] uninitalised variable. 811. [port] sco50 make links was not linking resolv.h.diffs 810. [bug] zone transfer did not transfer all DNSSEC records at delegation points. 809. [support] res_[n]sendupdate has died before it could be used. 808. [bug] res_send() wasn't checking for EINTR after select(). 807. [support] it's now possible to send TSIG'd updates. 806. [support] ns_parserr() was uncompressing from the wrong base in a certain corner case trod on by res_findzonecut(). 805. [bug] only set SO_LINGER if required by the OS, #define DO_SO_LINGER to do so. 804. [bug] another swath of IXFR fixes. 803. [port] Compaq Tru64 UNIX 4.0B with ZK3's experimental IPv6 kit installed will at least build, but hasn't been tested. 802. [support] we no longer cache NXDOMAIN if the QTYPE was SOA. 801. [bug] our negative caching logic would log spurious errors if the response had an empty question section. 800. [bug] #764 was too aggressive in one case. 799. [port] ultrix is a still-moving target. 798. [support] QRYLOG now logs the QCLASS 797. [bug] closing a thread which had called get*by*() would leak memory. 796. [support] deallocate_on_exit now frees memory allocated by irs. 795. [port] solaris 2.4 SO_REUSEADDR generates errors on unix domain sockets. 794. [bug] ixfr_have_log() was logging wrong file name. 793. [bug] clean_cache() was not alway removing complete RRsets. 792. [bug] deallocate-on-exit caused references to freed memory. 791. [support] MEMCLUSTER_DEBUG had an array size error. 790. [bug] fix minor memory leak in ixfr code. 789. [bug] #669 was too aggressive. more than cached data was removed. 788. [bugs] improvements to tsig and dnssec. 787. [port] win/nt lint. 786. [port] IRIX and emul_ioctl(). 785. [bug] #780 broke A record update support. 784. [bugs] still trying to get IXFR working again. --- 8.2.2-T3B released --- 783. [support] make res_send() more friendly to the java scheduler. 782. [support] dangling cnames aren't errors, stop logging them. 781. [support] add -n option to ndc command, to run nonstandard named. 780. [bug] UPDATE did not support the AAAA RR. 779. [bug] miscellaneous IXFR fixes. 778. [support] don't complain to syslog about negative caching RRs. --- 8.2.2-T2B released --- 777. [bug] getword() didn't increment lineno at EOF. 776. [bug] the NOERROR_NODATA cookie overlapped a valid rcode. 775. [protocol] we weren't sending properly formated FORMERR responses. 774. [bug] UPDATE did not support the SRV RR. 773. [bug] named-xfer was calling inet_ntoa in one printf. 772. [typo] Typo in ns_parser.y on maybe_zero_port: line. 771. [lint] UNLINK now performs a INIT_LINK so explicit INIT_LINK's are nolonger needed after UNLINK. 770. [protocol] dynamic update prerequisites were inappropiately matching wildcards, at variance with RFC 2136. 769. [bug] ordering of CNAMES was driven by original query type. 768. [support] MINROOTS is now a configuration option "min-roots". 767. [clarity] adjust XFR log messages to be more clear about cause. 766. [support] add "serial-queries" option to dynamify MAXQSERIAL. 765. [feature] added evInitID() and evTestID() for NOTIFY work. 764. [bug] DNSSEC changed the semantics of match() without changing all the call sites that cared about it. 763. [bug] NOTIFY events caused by dynamic update weren't being deferred, and multiple NOTIFY events weren't being coalesced. 762. [support] don't rotate log file versions on server startup. 761. [port] named-xfer's openlog() was unconditionally using the LOG_CONS option. now it does what named does. --- 8.2.2-T1A released --- 760. [port] preliminary win/nt from baynetworks (thanks!) 759. [support] new compile time option BIND_IXFR, defaults to "off", since our testing has shown up some problems with it. 758. [feature] new "ndc reconfig" command only finds new/gone zones, doesn't stat() master files or qserial() slave SOA's. 757. [support] FORCED_RELOAD is no longer optional. 756. [support] fixed output format of hmac keys; removed DST chaff. 755. [feature] "also-notify" is now a global option. 754. [bug] the control socket was not checked for event lib compatability. 753. [feature] "ndc help" now returns one line command summaries. 752. [feature] "ndc trace" now takes an optional "level" argument. 751. [support] debugging output could segfault in ns_print.c::addstr. 750. [port] A/UX 3.1.1. 749. [port] #9 has now been done for all Makefiles. 748. [feature] "transfer-source" is now a global option. 747. [support] SORT_RESPONSE is no longer a compile time option, since the behaviour can be turned off at runtime with the "rrset_order fixed;" option. 746. [bug] don't bother rescanning the interfaces if setuid!=root. 745. [protocol] IXFR transmission was just plain wrong in some cases. 744. [support] allow the calling location of strings to be recorded. 743. [feature] $GENERATE now supports more record types, and options. 742. [port] port/sco50 was using /usr/local/etc for its ndc socket. 741. [port] HPUX needed __BIND_RES_TEXT. 740. [bug] #634 had the unfortunate side effect of disabling IXFR. 739. [port] probe for IPv6 structures, solaris openbsd freebsd 738. [bug] invalidate pointers back into linked list when element is removed. 737. [port] solaris: expr is sensitive to LC_COLLATE 736. [bug] potential single file descriptor leak opening /dev/random. 735. [bug] memory leak: having rrset-order set and reconfiguring the server results in a memory leak. 734. [port] linux only fills in as many entries as will fill the buffer with SIOCGIFCONF. 733. [bug] RD is not being set on first message to first forwarder resulting in false "Lame Server" reports and degraded service. 732. [bug] errors reading keys from master files could cause the the server to drop core. 731. [bug] highestFD was not reflecting the highest value the library could cope with. 730. [port] rand() does not modify the LSB on BSD based systems. 729. [bug] allow-query responses were dependent upon cache contents. 728. [bug] it wasn't possible to specify the flags of trusted keys in hex, which was inconvenient since dig prints hex. 727. [bug] TSIG keys weren't properly shared with named-xfer if the zone named contained a slash (/). 726. [bug] TSIG keys weren't reloaded correctly with 'ndc reload'. 725. [bug] only the first key in an acl was matched correctly. 724. [bug] "ndc restart" needed a short delay before checking for the health of a newly started name server. 723. [bug] TSIG signed zone transfer failed on especially large zones. 722. [doc] the example named.conf file had invalid TSIG usage. 721. [bug] duplicate records were tripping the cname-and-otherdata test, which wasn't necessary since they'll be ignored. 720. [port] solaris doesn't have gethostid() the way we build. 719. [lint] lots of lint fixed by bob and paul. 718. [bug] multiple CNAME support was not cycling the cnames in an RRset properly. 717. [bug] wrong /bin/ps flags in solaris prand_conf.h. minor tweak to ports/prand_conf/prand_conf.c to ensure proper flags in future ports. 716. [bug] log files are now closed/reopened on a size basis. 715. [clarity] root servers don't need to be primed. 714. [typo] extra "q" in a message in ns_maint.c. --- 8.2.1 released --- 713. [bug] don't loop on untimely eof within config file. 712. [port] hp-ux signals; aix bit types. 711. [perf] don't call find_zone() four times from within qnew(). --- 8.2.1-t7b released --- 710. [bug] can fetch zone from own address if port is different. 709. [bug] make sure zones are properly reinited when they die. 708. [bug] end marker or sizeof, but not both please. --- 8.2.1-t7a released --- 707. [port] AIX, HPUX, SunOS. 706. [feature] zone forwarding can now be applied to master, slave and stub zones as well as forward zones. 705. [bug] some zone options were not being copied. 704. [bug] very obscure problem fixed in res_update(). 703. [bug] single-zone reload was stomping freed memory. --- 8.2.1-t6b released --- 702. [port] solaris vs. enum; linux vs. IPv6. 701. [bug] NOTIFY rejection logic still wasn't correct. 700. [bug] complete #697 --- 8.2.1-t5b (rc2) released --- 699. [bug] if getting the ixfr change log fails send a axfr style response. 698. [bug] res_notify() was rejecting valid NOTIFY messages. re-organise code so that logged messages are more appropriate. 697. [port] linux. some versions define _GNU_SOURCE in features.h some version require the compiler to set the byte order when probing for IPv6 structures. 696. [bug] don't use NULL file pointer if IXFR transaction log cannot be opened due to permission errors. 695. [lint] another considerable amount of lint was removed. 694. [bug] only the last two forwarders would be used. 693. [bug] nsfwdadd() needed to continue outer loop. 692. [bug] RD was not being cleared by ns_forw(). this could cause DNS storms between lame servers. 691. [bug] We still had some leftover named-xfer ixfr tmp files. 690. [bug] return IXFR in question section of AXFR style IXFR response. 689. [bug] we now return "up to date" response to IXFR queries when required. 688. [bug] UDP IXFR now tells the client to use TCP. 687. [bug] IXFR was incorrectly reporting errors on DNSSEC RRs. 686. [port] hpux Makefile.set improvement (+O2 -> +ESlit). 685. [feature] mark recursive queries in query log. 684. [bug] named-xfer now ignores out-of-class glue. --- 8.2.1-t4b (RC1) released --- 683. [lint] considerable lint was removed. 682. [perf] another round of performance tweaks from HP (thanks!). 681. [bug] SIG wasn't being ignored when generating NOTIFY msgs. 680. [feature] delay parent reload as long as we can after removing child zone to save multiple parent reloads. 679. [port] port probe now recognizes SCO 5.0.5. 678. [doc] not all man pages were being installed. 677. [feature] lost feature "allow-recursion" added back in. 676. [bug] "100" was too small for ndc message sizes. 675. [bug] we weren't storing a (needed) extra copy of the zname. 674. [bug] SIGTERM wasn't working the first time it was sent. --- 8.2.1-t3b released --- 673. [bug] nslookup wasn't accepting _ at the beginning of names. 672. [bug] ndc was only passing the verb across the command channel and not the arguements. Reload of a single zone "really" works now. 671. [feature] you can reload multiple zones with a single ndc reload command. e.g. ndc reload zone1 zone2 ... 670. [bug] db_load did not work unless a RR had the class defined. 669. [bug] the cache is now purged when a forwarder is {re}loaded. 668. [bug] complete #652. 667. [bug] allow-query wasn't being allowed for stub zones. 666. [usability] only try to chown()/chmod() a control socket when the owner or permissions _change_ between reloads. 665. [bug] "options topology" is now possible to set. 664. [security] add important solaris-related security note to README. 663. [bug] "ndc -q" now turns off initial header and EOF printing. --- 8.2.1-t2b released --- 662. [usability] src/conf/ added, containing some of ISC's config files. 661. [protocol] we weren't sending AAAA RR's as AXFR glue. 660. [port] IRIX. 659. [contrib] author-submitted changes to dnssigner, new cider2named. 658. [protocol] print better messages wrt TSIG. add p_rcode(). remove _res_resultcodes[]. improve key handling. 657. [port] apply cpp to /usr/include/netinet/in.h to work out if struct sockaddr_in6 and struct in6_addr/inaddr6 are defined. 656. [bug] Classless IN-ADDR support was broken. 655. [bug] major overhaul of IXFR code. 654. [bug] dynamic update of non top of zone SOA now ZONEERR. 653. [feature] check-names now applied dynamic updates as if the zone was being loaded. REFUSED returned. 652. [port/bug] many operating systems allow more descriptors than their default FD_SETSIZE has room for. we catch this now, both by asking the operating system not to do this and by treating as invalid any out-of-range descriptor. 651. [protocol] any soft failures in res_send() will now cause the final return value to be TRY_AGAIN. previously the last server response received was the one returned. 650. [doc] resolver.5 man page clarified and corrected; res_init() made to do what the man page now says it does. 649. [port] make header files c++ compatible. 648. [bug] multiple options definitions of allow-query / allow-transfer / sortlist / blackist / topology are not allowed. warn rather than silently applying the last definition. 647. [bug] options max-ixfr-log-size was not being applied. 646. [feature] memcluster debugging support improved. -DRECORD_MEMCLUSTER to enable. 645. [bug] memory leaks 644. [bug] res_update() could not delete the first CNAME in a chain. 643. [bug] res_update() did not correctly handle labels with periods. 642. [port] SCO 5.0 portability improved. 641. [feature] $TTL now takes TTLs of the form 1w6d7h32m20s. 640. [bug] was returning NODATA rather than NXDOMAIN after a dynamic update removed the last RR from a childless node. 639. [bug] another fix for "rrset_order fixed". --- 8.2.1-t1a released --- 638. [bug] ixfr was still creating the wrong file names sometimes. 637. [bug] bin/dnsquery/dnsquery.c wasn't init'ing the resolver correctly befloew calling gethostbyname(). 636. [port] inet_ntoa() had to go back to being non-const for now. 635. [bug] AXFR wasn't forcing an autoincrement of SOA.SERIAL following a batch of UPDATE requests. 634. [feature] check all master soa's and use best serial, rather than trying them in order and grabbing the first one who answers with one better than the local one. 633. [port] SunOS 4.1.4 has a broken recvfrom() with non-blocking sockets. 632. [bug] res_mkupdate() signed/unsigned stupidity. 631. [bug] HMAC-MD5 fixes 630. [bug] NSTATS output was spaceless. 629. [misc] improvements to TSIG error logging. 628. [bug] "rrset_order fixed" was LIFO rather than FIFO. 627. [bug] TSIG signed zone transfers broken. 626. [bug] multiple CNAME support was broken. 625. [bug] key names are really domains so they need to be made canonical. 624. [bug] ns_name_pton() accepted domains of the form "example.." when it should have rejected them. 623. [feature] it is occasionally useful to know the local address used to perform a zone transfer. this is now logged. 622. [bug] missing check for malloc() failures in strndup(). 621. [bug] various things were wrong with nslookup's "ls -d" cmd. 620. [feature] forwarders are now retried like queries to the delegated nameservers. forward only should be more robust as a result. 619. [protocol] don't refresh TTL's from delegation information. 618. [feature] ndc is now quiet and verbose when it should be. 617. [bug] SOA counters now have minima as well as maxima. 616. [bug] needs were not always processed in a timely fashion. 615. [bug] ns_shutdown() memput() the wrong amount of memory when freeing the zones array. 614. [feature] ndc can now reload single zones including the root zone. 613. [bug] check for old unix domain socket / fifo prior to attempting to establish control channel. error message no longer just noise. 612. [port] Solaris UNIX domain sockets return different error codes and also may use FIFOs. 611. [bug] extend control timeout to 10 minutes. reloads can take a long time. 610. [bug] when reloading via the control channel we were reporting that we were about to reload after the reload was performed. Ensure message is set prior to reloading. 609. [bug] zoneTypeString() could be called with NULL pointer. 608. [bug] set various pointers to NULL after associated memory has been released to prevent accidental use. 607. [bug] finddata() was returning SIG's inappropriately. 606. [bug] fix two memory leaks in db_sec.c. 605. [feature] better error reporting from named-xfer. 604. [bug] fix a bug in the handling of $TTL's absence. 603. [port] add contributed/untested rhapsody port. 602. [bug] multiple "type hint" zones are now supported. 601. [bug] z_ftime wasn't being reset when fopen() failed. 600. [bug] gen_res_get() was initializing the wrong variable. 599. [bug] "ndc reload" exercised an uninitialized variable. 598. [bug] "nslookup reports danger" was reported ambiguously. 597. [bug] we weren't priming the cache in forward-only mode. 596. [bugs] many small bugs in DNSSEC handling were fixed. 595. [bug] nsupdate failed to support quite a few rr types: sig,key,nxt,eid,numloc,srv,atma,naptr,kx,cert 594. [proto] BADID removed per I-D. 593. [bug] mk_update() didn't support SIG. 592. [bug] lcl_pr and lcl_ho were using uninitialized bufsizes. 591. [port] linux. 590. [port] irix. 589. [doc] hesiod(3) man page contrib'd in 1996 finally put in. 588. [bug] too many lame servers at once was fatal. --- 8.2 released --- 587. [perf] uses about 5% less memory than 8.1.2 now. 586. [perf] faster at tcp, therefore less blocking on udp. 585. [misc] various releng lint. 584. [bug] IXFR wasn't doing DNSSEC RRtypes. 583. [bug] dnskeygen now fully qualifies its names; better usage. 582. [port] irix needed some patches applied during the build. 581. [bug] match_order() could dump core after "ndc reload". 580. [bug] ip_match_is_none() could dump core. 579. [bug] state names were off by one in src/lib/isc/ctl_srvr.c. 578. [misc] try without "transfer-source" if axfr connect() fails. 577. [contrib] sqlbind-8. 576. [bug] insecure updates weren't supported. 575. [doc] better documentation of key, trusted-key, zone pubkey. 574. [bug] was freeing freed memory on exit. 573. [port] nextstep. 572. [misc] centralize the name hashing logic (widen in some cases) 571. [perf] the new db_marshal() code was taking too much memory. 570. [perf] the lame server storage was taking too much memory. 569. [bug] src/lib/isc/ctl_srvr.c had an incomplete assertion. 568. [doc] Brent Baccala contributed an nsupdate man page. 567. [port] mpe, nextstep. 566. [protocol] upgrade to tsig draft 08. 565. [lint] use right relative paths for dnssafe includes in dst. 564. [bug] default security level for update rr's wasn't set. 563. [bug] debugging output in dprint_key_info() could panic us. 562. [perf] 8.2-t6b used 30% more memory on root name servers than 8.1.2 did. most of that was db_marshal hash tables. --- 8.2-T6B released --- 561. [bug] DST more graceful in handling unsupported algorithms. 560. [feature] lame server ttl now a configuration option. Re-enable lame server negative caching. 559. [bug] sysquery() was still using the child's name when it switched to using the parent's NS list causing false lame server reports. 558. [bug] disable lame server negative caching for the present. 557. [bug] undersized tcp messages are now detected early. 556. [bug] DNSSEC fine tuning. 555. [bug] the named.conf lexer was depending on two characters worth of putback buffer, ansi c guarantees one char. 554. [port] port to "next" contributed by jack bryans. 553. [contrib] added "snoof", another script kiddie toy. 552. [bug] allow-query didn't interact well with external cnames. 551. [bug] validate_zone could crash the server. 550. [lint] ns_maint was using ns_log_default, not ns_log_in_xfer. 549. [port] netbsd and openbsd improved. prand_conf improved. 548. [bug] ns_resp was using the wrong logging category. 547. [bug] dig was reinit'ing its resolver flags incorrectly. 546. [bug] nsupdate didn't handle HINFO,ISDN,TXT,X25 correctly. 545. [feature] added dnssafe back in. 544. [feature] removed DES encryption support. 543. [port] cleaned cylink of non used definitons in headerfiles. 542. [bug] include/dst no longer needed 541. [bug] CERT records are allowed to have alg == 0. 540. [doc] Removed outdated doc/secure, updated dnssigner documentation, updated dnskeygen.1 539. [bug] db_dump() was misparsing CERT records. 538. [feature] The KEY set is along with SOA, NS, A, AAAA records. 537. [bug] Multiple signatures are handled correctly. 536. [bug] SIG record expiration should be checked when the SIG is verified. 535. [bug] Queries for SIG records of non-authoritative names should not look in the cache or cache the results. 534. [bug] DNSSEC SIG records are dropped when they don't sign any data correctly. 533. [bug] SIG and NXT records are correctly handled when received in responses by named 532. [bug] dynamic update data is now always considered insecure, rather than having no security status. 531. [bug] dynamic update can again remove all data associated with a name (type ANY, class ANY). 530. [lint] downgraded "ctl: unexpected eof" from error to debug. 529. [port] unixware 7 port received. 528. [bug] timeouts could make ctl_srvr dump core. 527. [bug] we were not reliably reaping our children. 526. [bug] Cached CNAMES pointing to servers returning Type 3/4 NXDOMAIN are translated to Type 3 NODATA responses. 525. [bug] nscount could be short if we had to recurse after following a cname and we got a negative response. NS rrset got split between AU and AD sections. 524. [protocol] RFC 2308 support added. 523. [feature] mark lame servers as such and don't use them for NTTL. 522. [port] solaris 7 is now known to work. 521. [port] sunos4 should be supported now. 520. [bug] inet_pton() was allowing some bad ipv6 addresses in. 519. [bug] refuse duplicate also-notify's; optimize logging. 518. [port] hpux portability fixes. 517. [contrib] dnswalk wasn't copying with 8.* "dig" output. 516. [port] MPE portability fix. --- 8.2-T5B released --- 515. [security] lib/dnssafe code removed; now a separate patch. 514. [port] freebsd patches. 513. [bug] memory leak in res_mkupdate(). 512. [bug] $GENERATE could use an unset ttl. 511. [bug] $TTL warning test was wrong. 510. [port] bugs and things found by the netbsd folks. 509. [bug] The labels field in the SIG record may be less than the number of labels in the domain name if the owner of the SIG is a wildcard. 508. [bug] rrset ordering contained an off-by-one error 507. [bug] NXT set processing was not distinguishing between the upper and lower sets at delegation points. 506. [contrib] more script-kiddie toys, this time contrib/adm. 505. [bug] the ixfr changes to named-xfer destabilized stubs. 504. [port] some IRIX problems fixed. 503. [bug] ixfr wasn't correctly setting up its qsp. --- 8.2-T4A released --- 502. [bug] some config file parsing was still using malloc(). 501. [feature] named sets the AD bit in the header when returning authenticated data 500. [bug] dst_verify_data returns the documented error codes 499. [bug] verify_set now verifies the correct data 498. [bug] ixfr was not completely finished. 497. [bug] don't put zone 0 on the free list. 496. [bug] Losing all but last RR of RRset. 495. [port] random portability noise. 494. [bug] sysquery() should not let nlookup() change its data. 493. [feature] add "options ... rrset_order ... cyclic|random|etc". this allows round robin to be turned off selectively, or replaced with pseudorandom ordering, or whatever. 492. [bug] src/bin/named/db_sec.c was memputting objects twice. 491. [feature] add IRP (Information Retrieval Protocol) and daemon. this is functionally similar to solaris "nscd". 490. [bug] lib/isc/ctl_srvr.c couldn't overlap read and write. (also: add session context set/get.) 489. [bug] "cname and other data" was more complex than thought. 488. [port] some netbsd portability stuff. (still not working?) 487. [port] digital unix 3.2 wasn't working (4.0d was though). 486. [feature] add "sortlist", which may yet be merged/renamed into the "topology" verb. 485. [bug] do not complain about default TTLs unless a master. 484. [contrib] add contrib/z0ne, a useful tool for crackers. 483. [contrib] add contrib/query-loc[-*] to look up LOC RR's. 482. [bug] all RR's must now be of the same class as the zone. 481. [bug] outbound zone transfers are killed on any UPDATE. --- 8.2-T3A released --- 480. [bug] ns_update was corrupting TXT records 479. [bug] res_mkupdate was not handling WKS, HINFO, TXT, X25, ISDN, NSAP and LOC records. 478. [bug] name_pack could leave a bad compression pointer. 477. [port] improved support for FreeBSD 3.0. 476. [bug] BSDI contributed some fixes to the /etc/group parsing. 475. [bug] another memory leak in hesiod_resolve(). 474. [bug] SRV RR names were being compressed on output. 473. [feature] IXFR is no longer optional and has been cleaned up. 472. [bug] IXFR was disabling USE_PID_FILE. 471. [feature] add support for CERT records. 470. [bug] rrset_db_upgrade was updating the wrong cache. 469. [performance] use a free list for unused zones. 468. [feature] add getaddrinfo, courtesy of WIDE. 467. [lint] include/dst/dst.h moved to include/isc/dst.h. 466. [bug] fix core dump introduced with tsig glue. --- 8.2-T2A released --- 465. [bug] ref counting bug in ns_xfr. 464. [bug] correct cut&pasteo in IXFR config syntax. 463. [lint] clean psf files after top level "make tar". --- 8.2-T1A released --- 462. [feature] we now use randomized query id's. 461. [feature] new option "version" added. 460. [feature] add initial IXFR support from Check Point Technologies. 459. [bug] res_update() was putting debugging info on stderr. 458. [doc] add named.conf(5), improve doc/html. 457. [feature] named-bootconf is now written in /bin/sh and it is now installed in ${DESTSBIN}. 456. [bug] res->defdname[] wasn't always properly \0 terminated. 455. [bug] _PATH_MEMSTATS was never being used. 454. [doc] the html docs weren't clear about logging having to be specified first in the named.conf file. 453. [feature] add zone type "forward" for selective forwarding (sometimes called "split horizon" or "fake root"). 452. [bug] lib/irs/* was generally not coping with oversized lines and files not ending in \n. 451. [port] BSD/OS 2.* is now a separate port. 450. [Feature] added DNS key generator in bin/dnskeygen. 449. [contrib] added DNS zone signer in contrib/dns_signer. 448. [doc] sample named.conf and html documentation include examples of DNSSEC / TSIG configurations. 447. [feature] named verifies TSIG records on incoming messages, and generates TSIG records on outgoing messages. 446. [feature] res_nsendsigned, res_nfindprimary, res_nsendupdate provide TSIG aware resolver functions. 445. [feature] ns_sign and ns_verify generate/authenticate TSIG signatures on DNS messages. ns_sign_tcp, ns_sign_tcp_init, ns_verify_tcp, and ns_verify_tcp_init are used for tcp transfers. 444. [feature] acls can now include shared key names. 443. [feature] added DNSSEC verification of zone data on load and partial verification of signed data received over the wire. 442. [feature] lib/dst (TIS digital signature toolkit), lib/dnssafe, and lib/cylink added to provide functionality needed for DNSSEC and transaction signatures. 441. [bug] fixed memory leak in hesoid support. 440. [bug] support for res in lib irs was a mess. _res now controls the behaviour of get*by*() again. 439. [bug] fix *END_RESULT macros in port/solaris/port_before.h. 438. [feature] permit the install user and group to be overridden. 437. [feature] TCP truncation now reports IP address of the server. 436. [bug] memory leaks in nsupdate. 435. [doc] updated resolver.3 434. [bug] named.run was not always being created when ndc trace was run. 433. [bug] req_notify required the slave zone to have been loaded. this may not be the case when a zone has expired or is being established over a dial on demand link. 432. [feature] blackhole queries from these nets. do not use these nets to resolve queries. 431. [feature] loop breaking with UDP based well known services. 430. [bug] memory leaks in dispatch_message. 429. [feature] fast retries on host/net unreachable. 428. [bug] CNAME and other data is now a hard error. 427. [feature] support very large numbers of virtual interfaces. 426. [bug] bring named closer into line with the data ranking in RFC 2181, Section 5.4.1. 425. [bug] removed spurious debug statment that generated a lot false bug reports. 424. [bug] closed file descriptor leaks in ns_update. 423. [feature] loc_ntoa() can now accept NULL like other _ntoa's. 422. [feature] you can now specify a port on the master statement to allow transfers from a non standard port. 421. [feature] warn when the root hints do not match reality. 420. [misc] added support for bcc (bounds checking compiler). 419. [feature] bring negative caching into RFC 2308 compliance. 418. [bug] expire now behaviour now as per RFC 1034/1035. 417. [bug] updates and zone transfers weren't locking eachother. 416. [port] support added for HPUX B.11.* 415. [feature] ndc is a C program now, uses new "controls" subsystem. 414. [feature] "controls" element of named.conf now live and working. 413. [feature] octal and hexadecimal numbers now parsed in named.conf. 412. [bug] we now support 2**24-1 (16M) zones. (need namespaces!) 411. [bug] fix *END_RESULT macros in port/bsdos/port_before.h 410. [feature] added support for dial on demand links between servers. 409. [port] remove aggregious use of snprintf(). 408. [feature] add -b option to dig to set srcaddr of tcp connects. 407. [feature] added $GENERATE to generate sets of RR's that only differ by an interator. 406. [doc] added manpage for inet_cidr_ntop() inet_cidr_pton(). 405. [bug] res_nsend() closed sockets unnecessarily on timeout. handle change NS list and RES_STAYOPEN generically. 404. [bug] inet_addr/inet_aton/inet_network accepted illegal inputs as legal. Also enforce octal input. 403. [bug] inet_cidr_ntop() was not producing correct output for all possible inputs. 402. [bug] fix retry/retransmit logic in face of network errors. 401. [doc] the "transfer-source" zone option wasn't documented. 400. [bug] bin/host was dumping core - converted to use getopt. 399. [port] use time() rather than gettimeofday() in dig. 398. [bug] named could exit silently on assertion failures, now assertion failures are logged using INSIST. 397. [port] add an AIX 3.2 port (requires GNU utilities). 396. [bug] dig and nslookup allowed sscanf/sprintf overflows. 395. [bug] dig and nslookup were unable to deal with 64KB answers. 394. [feature] add RES_NOCHECKNAME and "options no-check-names" (in resolv.conf) to turn off modern host/mail name checks. 393. [bug] lib/isc/tree.c was missing a critical \ (#if DEBUG). 392. [bug] inet_aton() wasn't requiring nonterminal octets to be in the range of octets, i.e., 1.300.1.1. 391. [bug] fix bug in MAX_XFERS_RUNNING logic. 390. [bug] ns_update() was capable of renaming an open file. 389. [feature] libbind.a now has a "ctl" subsystem, which is planned to replace signals as a the communication path between "ndc" and "named". preliminary support is in "named". 388. [feature] preliminary/nonfunctional/nonstandard ZXFR support. 387. [feature] inet_cidr_pton() and inet_cidr_ntop() added. 386. [bug] inet_net_pton() was not parsing hex correctly. 385. [feature] three new options for the RES_OPTIONS environment var or for the "options" directive in /etc/resolv.conf: attempts:NN default res.retry timeout:NN default res.retrans rotate use ALL listed nameservers 384. [feature] there is now a nearly-thread-safe resolver API, with the old non-thread-safe API being a set of stubs on top of this. it is possible to program without _res. note: the documentation has not been updated. also note: IRS is a thread-ready API, get*by*() is not. (see ../contrib/manyhosts for an example application.) 383. [contrib] bsdi contributed an /etc/services.db hack, which is currently conditionalized for bsd/os but would work on any modern BSD-derived system (DB, snprintf, etc). 382. [port] bsd/os 4.0 defines its own pselect(), which differs from the one we simulated. we now simulate the right one, and use the right one. 381. [contrib] added contrib/srv, the beginnings of SRV client side. --- 8.1.2 released --- 380. [bug] Replaying the dynamic update log could trigger an INSIST. 379. [port] Updated IRIX port. 378. [bug] The declaration for res_freeupdrec() in resolv.h didn't use __P(). 377. [func] The server now sets SO_SNDBUF on UDP sockets. 376. [port] The malloc() implementation on many systems didn't like memcluster.c's 4KB block allocations, sometimes causing huge amounts of memory to be wasted. memcluster.c now allocates bigger chunks and makes its own 4KB blocks. 375. [bug] If more than (sizeof u_long) gets occurred for a particular memory bucket, an INSIST about puts < gets might have been erroneously trigged. Now total gets and outstanding gets are counted. 374. [port] SCO 3.2v4.2 doesn't have initgroups(), so we do not want to define CAN_CHANGE_ID. 373. [port] Updated LynxOS port. 372. [port] Updated SCO 3.2v5.0.x port. 371. [bug] "make install" could fail on some Linux systems because src/port/linux/include/net/Makefile didn't cope with an empty HFILES variable. 370. [bug] Trying to update an expired slave zone would cause the server to panic. 369. [bug] The Makefile for named-xfer didn't try to create ${DESTDIR}${DESTEXEC} if it didn't exist. 368. [bug] Interface scanning could get confused on BSD-like systems if the sa_len of the address was less than sizeof (struct sockaddr). 367. [func] The default value for the host-statistics option has been changed to "no". --- 8.1.2-T3B released --- 366. [bug] Z_AUTH was set on the cache zone do_reload(). 365. [security] Missing bounds checking in inverse query handling allowed an attacker to overwrite the server's stack. 364. [port] Added support for HP MPE. 363. [bug] named-xfer automatically restarts the transfer if the SOA changes during the transfer. There was no limit on the number of restarts, resulting in a lot of wasted effort if the SOA was constantly changing. The number of restarts is now limited. 362. [security] Requesting a zone transfer for a domain name which had a resource record of a certain format would cause the server to abort(). 361. [bug] named-xfer tries to close files named might have had open. On Solaris, sysconf(_SC_OPEN_MAX) can return RLIM_INFINITY, and if it did named-xfer would try to close all those files. named-xfer now applies an upper limit of FD_SETSIZE. 360. [port] Solaris 2.5 systems needed to be included in port_after.h to get rlim_t. --- 8.1.2-T3A released --- 359. [func] IRS group support is now controlled by the WANT_IRS_GR define in port_before.h. 358. [port] Updated IRIX port. 357. [port] Added support for QNX. 356. [func] Added -u (set user id), -g (set group id), and -t (chroot) command line options to 'named'. 355. [func] If getnetconf() fails because it can't create the socket used to get the interface list, the server will log an error if it is doing a periodic interface scan, and panic otherwise. Previous versions of the server always panicked. 354. [security] Bounds checking in named-xfer, dig, host, and nslookup had problems similar to those in item 293. Added a few more bounds checks to the server. 353. [port] Paths are no longer overridden in port_after.h, and are now generated from the various DEST paths in Makefile.set. 352. [bug] Because of problems with setting an infinite rlim_max for RLIMIT_NOFILE on some systems, previous versions of the server implemented "limit files unlimited" by setting the limit to the value returned by sysconf(_SC_OPEN_MAX). The server will now use RLIM_INFINITY on systems which allow it. 351. [port] Updated HP/UX 10.x port. 350. [bug] errno could be changed by certain signal handlers. These signal handlers now save errno on entry and restore it on exit. This changes eliminates the need for the SPURIOUS_ECHILD #define. 349. [bug] hesiod.h wasn't installed. 348. [port] Added support for LynxOS. 347. [bug] res_update() leaked the zone section it allocated. This leak no longer occurs on normal returns, but still occurs when there is an abnormal return. This will be addressed in a future fix. 346. [bug] Fix 303 fixed one thing and broke another, resulting in a nonfunctional grscan(). 345. [bug] Fix 328 was bad, causing the root zone to be purged every time a toplevel domain was reloaded. 344. [bug] The priming fix in change 330 erroneously called unsched() twice, causing a core dump if priming failed. The priming fix could also erroneously query [0.0.0.0].0. 343. [bug] The REQUIRE() in free_rrecp() was wrong, and was triggered by an unapproved update. 342. [port] Added support for SCO UNIX 3.2v5.0.4. --- 8.1.2-T2A released --- 341. [port] The LOG_CONS option to openlog() does not work as documented on some systems. The server will now use LOG_CONS only if USE_LOG_CONS is defined by the port. Currently the bsdos, decunix, freebsd, linux, and netbsd ports define USE_LOG_CONS. 340. [bug] The pid file was updated before the configuration file had been read. 339. [port] #define HAVE_GETRUSAGE for Solaris >= 2.5. 338. [func] 'host' can now print AAAA records. 337. [bug] rm_datum() erroneously set dp->d_next to NULL when savedpp wasn't NULL. Given a dynamic update operation that deleted more than one RR, this bug would cause all but one of the RRs to be leaked, and would prevent correct rollback if the update failed. 336. [bug] Make sure 's' isn't negative in res_send(). This shouldn't happen, but there have been some reports suggesting it can happen. 335. [lint] Cleaned up more gcc warnings. 334. [port] Added support for HP-UX 9.x. 333. [bug] db_glue.c didn't compile if DEBUG wasn't defined. 332. [bug] named-bootconf.pl didn't convert secondary lines that didn't contain a filename correctly. 331. [bug] If the server was configured with forwarders (but not in forward-only mode), and a query ran out of forwarders and had no nameservers, then the server would erroneously forward the request to [0.0.0.0].0. 330. [bug] If priming of the root servers failed, recovery could take a long time. If using forwarders to prime and the query expired, the first forwarder would always be skipped on subsequent attempts. The server complained about priming problems in forward-only mode, even though it doesn't matter. 329. [port] Some versions of Linux apparently need SPURIOUS_ECHILD. 328. [bug] purge_zone() didn't recurse if given the root zone, causing old data and new data for the root zone to be merged. 327. [func] Add log_check() and log_check_channel(). 326. [func] Add r_prev field to ns_updrec in . 325. [bug] Rollback of a failed dynamic update was done in FIFO order instead of LIFO order. 324. [bug] evTryAccept() closed the wrong fd if getsockname() failed. 323. [bug] eventlib didn't clear bits that had been serviced or deselected out of ctx->{rd,wr,ex}Last. 322. [bug] evDestroy() destroyed the files list before destroying the streams list. If there were any active streams, this would cause a double destroy of the streams' file objects, very likely triggering an 'insist'. 321. [bug] The correct error code for a failed asynchronous connect was not reported. It now is, at least on systems that have the SO_ERROR socket option. 320. [func] Allow multiple pending accepts. evTryAccept() now reports the errno if an error was queued. 319. [bug] The toplevel Makefile passed MARGS before $settings, which prevented overriding a port's Makefile.set from the command line. 318. [bug] The Solaris port_after.h checked for SUNOS_2_5_1 instead of SUNOS_5_5_1. 317. [unused] [This change number was allocated but not used.] 316. [bug] evTryAccept() didn't append to the done list correctly if connLast wasn't NULL. 315. [bug] The dynamic update code was incorrectly converted to clean up ns_updrec structures using the new clustered memory allocator, and this would cause an 'insist' to be triggered some time after a dynamic update had been processed. Instead of freeing the ns_updrec fields directly in ns_update.c, res_freeupdrec() was added to the resolver. 314. [bug] Adding and then deleting an RR in a single dynamic update request would crash the server. 313. [bug] The nameserver would only try zone transfers from the master that answered its SOA query. If a master for some reason can answer the SOA but not the AXFR, the other masters (if any) should be tried. 312. [security] Bounds checking in the resolver and dynamic update code had problems similar to those in item 293. Added more checks to ns_resp.c. 311. [bug] The s_wbuf in the qstream structure was leaked in certain zone transfer failures. 310. [bug] If the server ran out of memory in ns_xfr(), the subsequent connection cleanup could modify the z_numxfrs field of zone 0 instead of the zone being transferred, causing an 'insist' to be triggered later. 309. [bug] NAMELEN() could return a negative length. 308. [func] Don't log ECONNRESET in stream_getlen(). 307. [bug] include/isc/assertions.h and include/isc/list.h weren't installed. 306. [bug] Timewarping into the future would cause repeating timers to generate an event for every interval between the previous time and the new time. Repeating timers are now rescheduled based on the last event time, not their due time. Idle timers now use the last event time to compute the idle interval instead of the due time. 305. [bug] The BOUNDS_CHECK() for the 5 32-bit integers in the SOA RR was wrong. 304. [bug] lib/isc/assertions.c and lib/isc/memcluster.c did not follow the port_{before/after}.h convention. memcluster.c #included eventlib.h but did not need it. --- 8.1.2-T1A released --- 303. [bug] 'bp' in grscan() in lib/irs/lcl_gr.c was incorrectly validated, potentially causing corrupt data to be read. 302. [port] #define HAVE_GETRUSAGE for Solaris >= 2.5.1. 301. [port] Added support for Solaris 2.6. 300. [bug] The space for the pathname of named-xfer in the options block leaked. 299. [bug] wasn't in the include directory, and wasn't included before "port_after.h". 298. [func] Added "deallocate-on-exit" and "memstatistics-file" options. If deallocate-on-exit is "yes", the server will painstakingly deallocate every object it allocated. This is slower than letting the OS clean things up, but is helpful in detecting memory leaks. 297. [port] GNU libc 2.0 doesn't have so in the Linux port we now provide a stub nlist.h that includes the real nlist.h if GNU libc < 2.0 and does nothing if >= 2.0. 296. [bug] "make stdlinks" didn't "mkdir /var/obj" if /var/obj didn't exist. 295. [bug] Specifying a query-source with and address and port that the server was listening to didn't work. 294. [security] The server was willing to answer queries on its forwarding sockets. 293. [security] rrextract() did insufficient bounds checking which could cause it to crash the server by reading from an invalid memory location. 292. [bug] The server sometimes leaked the flushset (ns_resp.c). 291. [bug] The server did not detect oversized UDP packets, causing useless retries. 290. [bug] free_listen_info_list() leaked the IP matching lists; the leak occurred when the config file was reloaded. 289. [bug] [This bug number was allocated for something that turned out not to be a bug.] 288. [func] Add new list and assertion code to the ISC library. 287. [bug] "dig +sort" doesn't do anything, but was mentioned in dig's usage message, as well as in the man page. 286. [bug] Some systems have a default FD_SETSIZE much smaller than the number of files that can be opened. This could cause problems in the resolver and eventlib. FD_SETSIZE may now be set in port/*/include/fd_setsize.h. 285. [bug] If OS probing failed to match any of the supported ports, the build would try to continue with BSD 4.4 settings, with poor results in most situations. An error message is now printed if probing fails. 284. [func] The interface list is now doubly-linked. 283. [bug] The server would panic if binding to an interface that it had discovered failed. Simply not listening to the interface is a better solution. 282. [bug] The nslookup Makefile didn't prefix DESTHELP with DESTDIR when setting DEFS. 281. [bug] A socket() called in ns_main.c used PF_INET instead of AF_INET. 280. [bug] The sample named.conf used "clean-interval" instead of "cleaning-interval". 279. [bug] Some panic() messages in the IP matching code in ns_config.c were wrong. 278. [bug] Setting an interval to zero (e.g. interface-interval) eventually caused random timer destruction. 277. [bug] ns_panic() used "args" twice, but only called va_start() and va_end() once. 276. [bug] nslookup's "ls" command always listed all records instead of behaving the way its man page describes. 275. [bug] add_related_additional() leaked memory if the name was already in the related array. 274. [bug] If a timer was cleared while in executing its callback, and a new non-repeating timer was created afterwards (but still in the callback), the new timer was erroneously destroyed when the callback completed. 273. [func] Added transfer-source and host-statistics options. 272. [func] The zone number is now unsigned, allowing up to 65536 zones instead of the previous limit of 32768. 271. [func] Added evDefer(). 270. [bug] The meaning of the count returned by select() varies somewhat by operating system. Under certain circumstances, this confused eventlib's accounting and caused the server to spin. 269. [func] Added evLastEventTime(). 268. [bug] Connections weren't cleaned up when the eventlib context was destroyed. 267. [func] Added evTimeRW() and evUntimeRW() to control idle timer usage in the eventlib streams module. 266. [func] Added file descriptor table to ev_files.c to improve performance of evSelect() and evDeselect(). 265. [func] Added evHold(), evUnhold(), and evTryAccept(). 264. [func] Double-link many eventlib lists to allow faster removal of list elements. 263. [bug] Remember the previous non-blocking status of sockets given to evListen(). 262. [func] Added idle timers to eventlib. 261. [func] Added clustered memory allocator to eventlib; eventlib and named now use this allocator. 260. [func] The value of FD_SETSIZE that eventlib uses can be set by changing include/fd_setsize.h. 259. [bug] Notification of hosts on the also-notify list stopped after the first successful notification. --- 8.1.1 released --- 258. [bug] Setting SO_SNDLOWAT to 0 in ns_xfr() wasn't doing what it was intended to do, and could trigger a kernel bug on various systems derived from BSD 4.4. 257. [bug] In lib/irs/dns_ho.c, variable needsort was used in addrsort() before it was initialized. 256. [func] Ignore ECHILD from select() if SPURIOUS_ECHILD is defined. 255. [bug] The contents of libport.a needed to be in libbind.a. libport.a has been removed. 254. [install] Install library and .h files under /usr/local/bind instead of /usr/local. When the include files were in /usr/local/include, some compilers would automatically use them. The clients would typically not link with -lbind, causing unresolved symbols at link time. 253. [port] Removed change 216. 252. [port] Added port for UnixWare 2.0.x. 251. [doc] Added a documentation on installing to non-default locations. 250. [bug] The Makefiles for the binaries didn't create the installation target directories if they didn't exist. 249. [bug] Change HAS_SA_LEN to HAVE_SA_LEN in the AIX 4 port. 248. [security] The server now caches only those response records that are within the current query domain. 247. [bug] Forwarding of dynamic update requests sent to a slave for the zone is broken. This will be fixed in a future release, but in the meantime the server will simply refuse the request. Cleaned up the way some update code indicated that the request should be refused. --- 8.1.1-T2B released --- 246. [bug] process_prereq() could core dump if the name being processed wasn't known. 245. [bug] It was possible to evSelectFD the same event bits on the same fd more than once. 244. [bug] eventlib didn't decrement fdCount correctly if the eventmask matched in multiple descriptor sets. 243. [lint] Improved comment in stale(). 242. [port] Added port for OpenBSD. 241. [bug] evConnect() didn't evDeselect() the fd if connect() failed, which would cause us to call select() with a mask that included a closed file. select() would then return EBADF and trigger an 'insist'. 240. [bug] evCancelConn() closed the fd. 239. [port] SunOS doesn't supply RAND_MAX. 238. [bug] fakeaddr() called inet_aton() which wasn't strict enough. inet_pton() is now used. 237. [port] Added UnixWare 2.1.2 port. 236. [bug] The buffer in res_querydomain could overflow. 235. [bug] Fixed memory allocation problems in lib/irs/nis_gr.c. 234. [bug] evDeselectFD didn't restore the fd's previous nonblocking status correctly. 233. [func] Define SPURIOUS_ECHILD in Solaris port. Don't complain about getting ECHILD from recvfrom() if SPURIOUS_ECHILD is defined. 232. [func] named-bootconf.pl now supplies a commented out query-source directive and instructions to use it if there's a firewall involved. 231. [bug] Changed a few strdup() calls in rrextract() into savestr() calls. This prevents "related" checking from being turned off if the server runs out of memory. 230. [bug] If the query control structure was reset in ns_resp.c, we leaked the memory used for the previous qp->q_domain. 229. [func] Added the "dump-file" and "statistics-file" options. 228. [bug] named.conf called "statistics-interval" "stats-interval". 227. [func] demoted "zones changed" and "zones shrunk" messages in tryxfer() to debug level 3. --- 8.1.1-T1A released --- 226. [bug] evCancelConn trashed the connections list if the first element was removed. This could cause a seg fault or trigger an 'insist'. 225. [bug] In the "cannot redefine listen-on for port ..." error message, the port was not converted to host byte order before being printed. 224. [port] Added port for AIX 4. 223. [bug] The dynamic update routine findzone() didn't match class, so if you had two zones with the same name but different classes (e.g. IN and HS), then the wrong allow-update ACL could be used, and the wrong zone could be updated. 222. [bug] If a dynamic master zone was updated and then was made non-dynamic by removing the allow-update ACL or changing it to "none" before the zone had been dumped, then the master file would not reflect the update. 221. [func] added 'also-notify'. 220. [func] revised HAVE_GETRUSAGE ifdefs in ns_config.c. The "cannot set resource limits on this system" message on systems without HAVE_GETRUSAGE will now be logged once per options block, and the message severity is now "info" instead of "warning". 219. [bug] If the root name was encoded in a message using a compression pointer, dn_expand() would erroneously return "." as the name instead of "". 218. [bug] when gethostans() in dns_ho.c encountered a CNAME while processing a PTR query, it erroneously required that the CNAME target pass the res_hnok() test (i.e. that it be an RFC 952 hostname). 217. [bug] dnsquery didn't work because it tried to use the obsolete and broken p_query() call instead of fp_nquery(). 216. [port] set SH=bash in port/freebsd/Makefile.set. 215. [port] #define ts_sec and ts_nsec to tv_sec and tv_nsec respectively in port/freebsd/include/port_before.h. 214. [bug] the clarification TTL changes (see change 145 below) set the SOA minimum field to zero if the MSB was set. The server now leaves the SOA RR alone, but sets z_minimum to zero if the MSB is set. 213. [bug] if the SOA refresh or retry fields of a slave zone were 0, an 'insist' would be triggered when zone maintenance was performed. The server still leaves the SOA RR alone, but now imposes a minimum value for z_refresh and z_retry. 212. [func] added the clean-interval, interface-interval, and statistics-interval options. 211. [func] scan for new or deleted interfaces periodically. 210. [func] the _PATH_DUMPFILE default is now "named_dump.db". 209. [bug] and were #included after port_after.h. They are now #included before it, since they #include system header files. ns_lexer.h was #including and ns_parseutil.h. Now it #includes neither one. These changes required that the definition of struct timespec be moved from port_after.h to port_before.h in the ULTRIX, SunOS, and A/UX ports. 208. [port] removed HAVE_GETRUSAGE from the Solaris port, since Solaris only has it if a Berkeley compatibility package is installed. 207. [bug] abortxfer() always used SIGKILL, which didn't give named-xfer a chance to clean up after itself. Now abortxfer() does a SIGTERM first. If the SIGTERM isn't successful, it will use SIGKILL. 206. [bug] If two zones with the same name but different classes (e.g. IN and HS) were defined, then a zone transfer of whichever zone loaded first would work normally, but a zone transfer of the second would give only the NS and SOA RRs. 205. [bug] certain operating systems (notably Solaris) return error codes the server didn't expect, and thus treated as fatal to the interface. More error codes are now recognized. The server will now log unrecognized errors, but will not delete the interface. Certain error results from recvfrom() and accept() now panic the server. 204. [bug] stub zone transfers would fail if there were no NS records in the SOA response. The stub logic now works as intended and has more error checking. 203. [bug] we logged a failure of bind() in opensocket_d() twice. 202. [port] Linux defines AF_INET6 as 10, so we use that value in port/linux/include/port_after.h. 201. [bug] library Makefiles want to press on if linking of an individual module fails. The 'ld' rule was set up to do this, but the subsequent 'mv' rule was not, causing the make to stop if the 'ld' failed. Now the 'mv' is done only if the 'ld' succeeds. 200. [bug] the value of timeout.tv_sec was printed in SendRequest (bin/nslookup/send.c). select() on some systems (such as Linux) modifies the value of the timeout, so printing it is useless since it will always be 0. 199. [func] if s is too big for FD_SETSIZE in res_send, complain and try another nameserver. 198. [bug] sysnotify() was too strict in requiring an NS RR for the server named in the SOA MNAME field. RFCs 1996 and 2136 say the NS RR is optional. 197. [bug] The parser erroneously freed zone_name if a zone redefinition was attempted. This would cause the server to dump core if a zone appeared more than once in a configuration file. 196. [bug] Makefiles below port/*/include had "fi \" followed by "done" on the next line. This made bash 2.0 unhappy. The "fi" is now followed by a ";". 195. [port] ULTRIX's sh doesn't like an empty "for x in ..." list, and that was causing "make install" to fail in the src/port/ultrix/include/rpc directory. 194. [port] add SH variable to toplevel Makefile, document the need to use SH=bash on systems where /bin/sh is derived from "ash". 193. [bug] named-bootconf.pl could repeat end-of-line comments 192. [bug] ndc was being installed in DESTBIN instead of DESTSBIN. 191. [bug] block delivery of all other signals when in SIGTERM handler in named-xfer. 190. [bug] named-bootconf.pl didn't handle non-masked xfrnets correctly if the network was class B or class C. --- 8.1-REL released --- 189. [port] update to the port/sco50 directory rcvd from author. 188. [func] to avoid potentially confusing log messages, don't set Z_DYNAMIC if "allow-update { none; };" is specified in the config file. 187. [bug] a panic() in new_ip_match_mask() erroneously referred to the function as "new_ip_match_pattern". 186. [bug] transfers-in couldn't be set higher than the default. It may now be set as high as 20. 185. [doc] add a stub example to named.conf. 184. [bug] the usage message was out-of-date. 183. [port] some systems don't define AF_INET6, so we define it if necessary in all port_after.h --- 8.1-T5B released --- 182. [bug] fix the way bindname is allocated in hesiod_to_bind(). 181. [bug] MAXHOSTNAMELEN wasn't defined on Solaris. 180. [bug] a check for zptr != NULL in res_update was wrong. It should have been zptr == NULL. 179. [bug] sq_remove() and sq_done() were calling ns_freexfr() when any stream was removed, resulting in a panic when the server was reloaded. ns_freexfr() is now only called when a zone transfer stream is removed. --- 8.1-T4B released --- 178. [bug] if the server was reloaded and then a zone was deleted and the server reloaded again, all within a short period of time, then pending NOTIFY messages would cause the server to panic when they ran. 177. [lint] replaced BUFSIZ with a more appropriate size in several places. 176. [func] change MAXDATA to 2*MAXDNAME + 5*INT32SZ. 175. [security] libirs now limits hostnames to MAXHOSTNAMELEN characters. 174. [bug] we called ns_refreshtime() instead of ns_retrytime() in the Z_NEED_RELOAD|Z_NEED_XFER|Z_QSERIAL case in zone_maint(). 173. [bug] the server didn't clear the Z_NEED_RELOAD flag in zoneinit(). 172. [bug] if a server was a slave for a zone, and an outbound transfer ever hung or terminated unusually, regular zone maintenance would cease for the zone. 171. [port] work around a bug in the Digital UNIX 4.0B SIOCGIFCONF ioctl. 170. [func] the message logged when a zone is loaded now indicates the class of the zone. 169. [func] the message logged when a zone is removed now indicates both the type and class of the zone. 168. [bug] if a zone's type changed from master to slave on a server reload, the server erroneously deleted the new zone data as part of cleaning up the old zone data. 167. [func] when converting from wire format to printable format, represent special characters ".;\@$ by escaping them with \ instead of converting them to \DDD. 166. [bug] when a slave zone expired, it was not scheduled for immedidate maintenance. 165. [port] added port for SCO OSE 5.0.2, renamed port for SCO UNIX 3.2v4.2. 164. [func] created the "response-checks" logging category. 163. [port] don't define AF_INET6 in nameser_compat.h. 162. [bug] the server panicked if a dynamic update request was sent for a dynamic zone which had not loaded because of syntax errors in the master file. The server now returns NOTAUTH. 161. [bug] debugging messages in process_prereq() referred to process_updates() instead of process_prereq(). 160. [bug] hp was not reset after a realloc() in named-xfer.c 159. [bug] named-bootconf.pl didn't translate stub zones. 158. [lint] cast a number of "no effect" statements to void so that gcc doesn't complain when invoked with -Wall -W -Wno-unused 157. [lint] a number of uses of the %lu printf() format were converted to %u; the corresponding casts to u_long were removed. 156. [lint] converted z_deferupdcnt and z_updatecnt from int to u_int32_t. 155. [func] maint_interval is now gone; SOA sanity checking related to it is gone too. 154. [bug] in named-xfer, unsigned 32-bit integers were sometimes stored in signed 32-bit variables and then printed using a cast to u_long and printf() format %lu. This would cause problems on 64-bit systems if the MSB of the 32-bit integer was set. The variable declarations have been changed to u_int32_t, and the printf format is now %u. 153. [bug] log_open_stream() had two syslogs that said the failing function was log_vwrite() instead of log_open_stream(). 152. [lint] made class, type, and dlen in rrextract() and named-xfer.c/print_output() u_int16_t. 151. [bug] the server was incrementing nssSentFErr in the formerr: code in ns_resp.c even though it wasn't sending FORMERR to anyone. 150. [func] in "check-names response fail" mode, instead of just dropping a failing response, we now send REFUSED to the client and drop the query. 149. [bug] if there wasn't a space between the SOA minimum value and a following ')' in a master file, the server would generate an error when it tried to parse the minimum value, causing the zone load to fail. 148. [func] the list of supported syslog facilities has been increased; the following facilities may now be used, provided they're available on the system 'named' is being built on: kern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, local[0-7]. 147. [bug] the maybe_syslog_facility, logging_opt, channel_severity, address_name, key_ref, key_stmt, acl_stmt, zone_stmt, optional_class, and size_spec rules in the parser either leaked memory or could leak memory. 146. [func] if an RR set in a reply differed from an RR set in the cache only in the TTL, we would not update the TTL of the RR set in the cache. We now update this TTL to that of the reply RR set if the reply RR set's TTL is greater. 145. [func] follow the direction of the clarification draft and treat TTLs as unsigned 32-bit integers, with a maximum value of 2^31 - 1. TTLs greater than the maximum will be converted to 0. A warning will be issued if this conversion occurs while loading a master zone or during inbound zone transfer. 144. [func] "dig version.bind. txt chaos" now returns only the version number (e.g. "8.1-T4B"). 143. [lint] fixed various mismatches between printf() format string components and their corresponding arguments. 142. [lint] SendRequest_close() in nslookup/send.c had a return type of int instead of void. 141. [port] converted bcopy() to memcpy() or memmove() as appropriate. 140. [bug] certain buffer size checking comparisons in rdata_expand() weren't working because they were checking to see if an unsigned value was < 0. 139. [func] convert a few address comparisons from == to using ina_equal(). 138. [bug] an address comparison used in marking a server as bad was done incorrectly in ns_resp.c because the comparison used = instead of ==. 137. [lint] cleaned up warnings caused by assignment used as truth-value in various source files. 136. [func] changed eventlib-related INSIST statements into INSIST_ERR, so that we can print out strerror(errno). 135. [lint] replaced _getshort() with ns_get16() and _getlong() with ns_get32() in various source files. 134. [lint] findzone() and rdata_expand() were used before they were declared in ns_update.c, and were not declared static. 133. [lint] merge_logs() was not declared in ns_func.h. 132. [lint] Linux port_after.h didn't declare daemon(). We now do so, but only if GNU libc < 2.0. 131. [lint] set_boolean_option() was not declared in ns_func.h. 130. [lint] yyparse() was not declared in ns_parser.y. 129. [lint] ns_lexer.h didn't declare lexer_end_file(). 128. [lint] db_dump.c, db_lookup.c, db_update.c, db_glue.c, db_save.c, ns_ncache.c, ns_req.c, ns_stats.c, and ns_xfr.c didn't #include 127. [lint] logging.c, ev_connects.c, ns_maint.c, ns_glue.c, ns_update.c, dig/dig.c, nslookup/list.c, nslookup/send.c, host/host.c, and dnsquery/dnsquery.c didn't #include . 126. [lint] res_update.c, heap.c, db_load.c, db_save.c, db_glue.c, ns_lexer.c, ns_forw.c, ns_maint.c, ns_req.c, ns_stats.c, ns_xfr.c, ns_glue.c, ns_config.c, ns_update.c, host/host.c, nslookup/list.c, and nslookup/getinfo.c didn't #include . 125. [lint] res_mkupdate.c, ns_update.c, nsupdate.c, ns_print.c, didn't #include . 124. [port] replaced bcmp() with memcmp(). 123. [func] while not required, it's nice to preserve the order of RRs as received when ROUND_ROBIN isn't on, so we now do so. 122. [bug] under certain improbable conditions, the server could erroneously set a maintenance timer for a master zone. When the timer went off, it would trigger the INSIST() in zone_maint(). 121. [port] replaced bzero() with memset(). 120. [func] added multiple-cnames option. 119. [bug] the timeout: code in ns_resp.c didn't clean up TCP connections. 118. [port] added port for IRIX 5.3, 6.2, 6.4 117. [bug] removed declaration of getnum_error from db_load.c, since it is now declared in ns_glob.h. 116. [bug] GNU libc 2.0 doesn't have a , so in the Linux port we now provide a stub net/route.h that includes the real if GNU libc < 2.0 and does nothing if >= 2.0. 115. [func] on Linux systems, avoid an often unnecessary 'ranlib' and the subsequent relinking of all binaries by using the 's' flag of 'ar'. 114. [bug] 'make install' didn't work on HP/UX because the path to the install script was wrong in many cases. 113. [bug] named-xfer didn't clean up properly when sent SIGTERM. 112. [bug] named-xfer didn't clean up properly if an error occured in print_output(). 111. [func] added "max-transfer-time-in" option. The server used to allow a maximum of 2 hours for an inbound zone transfer to complete. This time can now be set globally or on a per-zone basis. The parameter is the number of minutes a transfer can take. 110. [func] moved declaration of d_ns in struct databuf to improve structure alignment. 109. [bug] addname() in ns_print.c didn't write an "@" for RRs that contained a domain name which was the same as the zone origin (it wrote nothing). 108. [bug] the server didn't check for EINTR in readable() and writable() in ev_streams.c. 107. [bug] check for both EWOULDBLOCK and EAGAIN after certain system calls instead of using PORT_WOULDBLK. This fixes partial zone transfer problems reported on Sun systems. 106. [bug] db_load() couldn't read SOAs with ( ) that were only one line. 105. [bug] fixed typo in Linux Makefile.set MANROFF definition. 104. [func] move various rrset debugging messages, rm_datum, and nsfree messages to debug level 3. Moved a few rrset debugging messages to debug level 2. 103. [bug] d_rcnt could overflow; to prevent this it has been increased to 32 bits. d_mark was made unsigned and decreased to 12 bits. 102. [func] added macro DRCNTDEC to go along with DRCNTINC. 101. [bug] clean_cache() didn't count deleted RRs, so it always reported "Cleaned cache of 0 RRs". 100. [bug] heap_for_each() didn't return a status, and didn't check for a NULL context or a NULL action. heap_element() didn't set errno to EINVAL when given invalid arguments. 99. [bug] the category rule in the parser leaked memory. 98. [bug] "notify" was not recognized as a valid category name. 97. [security] zone access control wasn't applied correctly to names that didn't exist, allowing an attacker to determine whether or not a given name exists in a zone. 96. [bug] we didn't recognize certain non-fatal errno values when recvfrom() failed; this would result in us dropping an interface unnecessarily. --- 8.1-T3B released --- 95. [bug] named-bootconf.pl didn't process xfrnets correctly (if no netmask was specifed, it assumed a mask of 255.255.255.255 instead of the natural netmask for the class of the address). 94. [bug] named-bootconf.pl didn't handle lines ending in a comment. 93. [bug] if rename() failed in merge_logs(), we would return garbage instead of -1. 92. [bug] writemsg() in named-xfer.c was returning a random value instead of the number of bytes written. 91. [bug] schedretry() could set retry times in the past because it was relying on 'tt' which hadn't been updated. It now calls gettime(&tt). 90. [bug] 'tt' might not have been current when clean_cache() was called. 89. [bug] ns_lexer.h didn't #include 88. [cleanup] removed some relics of the early days of BIND 8's new logging system from the parser and ns_config.c. 87. [bug] when writing to a TCP socket, the server didn't handle errors from the write() correctly. Under the right circumstances, this will cause the server to spin. The most common trigger would be a large outbound zone transfer where the far end died. 86. [cleanup] fixed comment in dig.c that messed up font-lock mode in emacs. 85. [bug] inet_lnaof, inet_makeaddr, inet_netof, and inet_network were missing from lib/inet. 84. [func] improved log_channel creation and use by making the type more opaque. The logging API provides a more complete set of services. Added the LOG_CHANNEL_OFF flag. 83. [func] removed statistics_channel; it wasn't being used. 82. [lint] a few handler functions were declared as void (*)() instead of void (*)(void). All now have the latter declaration. 81. [port] added port for A/UX 3.1.1. 80. [port] added port for SCO UNIX 3.2v4.2. 79. [bug] when processsing slave zones during a config file reload, in the "backup file changed" (or missing) case we were calling purge_zone() and do_reload() even if we had never successfully transferred and loaded the zone. 78. [cleanup] moved writemsg() to named-xfer.c. 77. [cleanup] removed doupdate() from ns_resp.c. 76. [bug] writev() in lib/bsd would keep going if there was a partial write; this could cause incorrect output. 75. [func] added readv() to lib/bsd. 74. [bug] if evConnect() failed in tcp_send() we were aborting the server instead of just returning an error. 73. [port] automatically fix getgrgid() declaration in ULTRIX 4.5 grp.h. 72. [func] make port/*/Makefile invoke SUBDIR make in include. Add/modify include and include/sys Makefiles. 71. [port] added utimes() to lib/bsd. 70. [doc] README broken up into INSTALL, TODO, port/README. Added more info about many topics. 69. [bug] NOTIFY didn't handle an unknown NS target. E.g. if we had "test.domain NS unknown.name" and "unknown.name" was not known, NOTIFY wasn't doing an "A" query for "unknown.name". 68. [lint] tweaks to ERR() and OK() in eventlib_p.h. 67. [bug] 'ch' in main() was a char instead of an int. 66. [bug] in bin/named/Makefile, pathnames wasn't getting linked with ${LIBBIND}, ${LIBPORT}, and ${SYSLIBS}. 65. [port] automatically fix timespec in BSD/OS 2.1 includes. 64. [func] lib/isc/heap.c now includes port_before.h and port_after.h. Fix 58 (below) has been undone; with port_after.h we'll now use __ansi_realloc() from Fix 59. 63. [bug] STRIP and PS were missing from MARGS in bin/Makefile. 62. [func] RRs in the additional data section must relate to RRs in the answer and authority sections. Only certain RR types are allowed in the authority and additional data sections. 61. [bug] Dynamic update didn't understand SRV records. 60. [bug] SRV records weren't decoded properly. --- 8.1-T3A released --- 59. [bug] The IRS library also wanted an ANSI C realloc(). port/sunos now provides __ansi_realloc(). 58. [bug] SunOS didn't like heap.c doing realloc() on a NULL pointer (in ANSI C that is equivalent to malloc()), so we malloc() instead. 57. [bug] interface discovery complained about bogus interfaces on ULTRIX, SunOS, and HP/UX because SIOCGIFCONF_ADDR wasn't defined in their port_after.h. 56. [API] created lib/nameser/ns_name.c and moved a lot of the functionality from lib/resolv/res_comp.c into it. functions older than 8.1 were stubbed out, but new functions from 8.1 were just renamed/removed. 55. [bug] findzone in ns_update wasn't ignoring z_nil zones. 54. [bug] if the named-xfer exec() failed, a misleading message was printed. 53. [bug] interface discovery didn't work on NetBSD because HAVE_SA_LEN wasn't defined in port_after.h. 52. [func] log the host we got a NOTIFY message from 51. [bug] we weren't sending out NOTIFY messages if the SOA was changed as the result of a dynamic update. 50. [bug] req_notify() wasn't calling sched_zone_maint() after it called qserial_query(). 49. [bug] initial_{data,stack,core}_size and initial_num_files weren't in an #ifdef HAVE_GETRUSAGE block. 48. [func] use sysconf(_SC_OPEN_MAX) instead of getdtablesize() in all cases when USE_POSIX is defined. 47. [bug] printupdatelog() was printing the post-update serial number in the zone section instead of the pre-update serial number. 46. [bug] zp->z_serial wasn't being updated if a dynamic update changed the zone serial number. 45. [bug] the SEQ_GT test in db_update was backwards. 44. [func] merge_logs() didn't work because a 'break' wasn't removed when class and type lookups were converted to sym_ston. 43. [func] evResetTimer() added to eventlib. 42. [bug] incr_serial() doesn't need to call schedule_dump(). 41. [bug] reset_retrytimer() could clear a timer that had already been cleared. 40. [bug] some zone data structures weren't freed if the zone was removed. 39. [func] The eventlib timers module now uses a heap to implement the timer queue. 38. [bug] dynamic zones weren't dumped if they were removed from the configuration file. 37. [func] created the "load" logging category. 36. [func] find_zone now uses a hash table instead of a linear search. 35. [bug] we weren't scheduling a retry for dumps or soa serial increments that failed. 34. [func] instead of doing all NOTIFY messages five seconds after loading completes, we now spread them out over up to fifteen minutes (the maximum delay depends on how many zones there are). 33. [func] if there are too many qserials running, we'll try again in five to thirty seconds. 32. [bug] z_dumptime wasn't getting set to zero after a zone dump. 31. [func] Each zone now has a maintenance timer. sched_maint() is gone. The new programming rule: if you change zp->z_time, it's your reponsibility to ensure sched_zone_maint(zp) gets called. 30. [func] short circuit PrintTimers evPrintfs if not debugging at a level where PrintTimers would print something. 29. [bug] if a log message with a non-default category was logged to a default category channel which had print-category on, "default" was printed instead of the category name. 28. [func] the performance of the main loop has been improved. 27. [bug] NOTIFY messages weren't being delayed after a zone load. 26. [bug] the eventlib category wasn't working if the channel wasn't the default debugging channel. 25. [func] added the "maintenance" logging category. 24. [func] periodic statistics dumps are now done using an eventlib timer instead of in ns_maint(). 23. [bug] names which have multiple CNAME records are illegal, but the server was allowing them. 22. [func] convert to POSIX signals from eventlib signal handling; the eventlib API no longer provides signal support. 21. [func] converted assert() to INSIST() so that the logging system (category "insist") will be used if a consistency check fails. 20. [bug] the server could exit when it shouldn't, and without leaving a message or a core file, because it wasn't handling SIGPIPE. 19. [port] Solaris has trouble if the size of the buffer used for IP_OPTIONS processing isn't 40 bytes. 18. [bug] library Makefiles we were using 'ld' instead of ${LD}. Added LD_LIBFLAGS. 17. [bug] on at least one OS, ctime() can return NULL and this can cause problems. We now call checked_ctime() in ns_glue.c, which returns "\n" if ctime() fails. 16. [bug] some signal handlers were calling library routines which POSIX does not designate as safe for use by signal handlers. 15. [func] finished conversion to new options scheme of name checking and inbound zone transfer parameters. 14. [func] added os_change_directory(). 13. [bug] write_open() in ns_config.c wasn't checking if the file was regular before unlinking. 12. [func] added "os" logging category. 11. [bug] named-bootconf.pl used the deprecated channel name "default" instead of "default_syslog". 10. [bug] named-bootconf.pl didn't understand continuation lines. 9. [bug] remove -p from mkdep command in Makefiles for bin/named and bin/nslookup. 8. [bug] add CDEBUG to Makefiles that link using ${CC}. 7. [bug] timestamp and level were printed twice for file channels in lib/isc/logging.c. 6. [bug] off by one with on level_text subscript in lib/isc/logging.c. 5. [bug] broken channels sometimes weren't marked as broken in lib/isc/logging.c. 4. [bug] didn't set foundname=0 after try_again: in ns_resp.c. 3. [bug] update_pid_file() didn't put a newline after the pid. 2. [func] minor log message tweaks in ns_config.c. 1. [bug] zone names needed to be canonicalized in the parser. --- 8.1-T2B released ---