diff --git a/CHANGES b/CHANGES index df3e469d7c..931f231a9f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4965 +1,4967 @@ -1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY. +1517. [placeholder] -1515. [func] Allow transfer source to be set in a server statement. - [RT #6496] +1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY. -1514. [bug] named: isc_hash_destroy() was being called to early. - [RT #9160] +1515. [func] Allow transfer source to be set in a server statement. + [RT #6496] -1513. [doc] Add "US" to root-delgation-only exclude list. +1514. [bug] named: isc_hash_destroy() was being called to early. + [RT #9160] -1512. [bug] Extend the delegation-only logging to return query - type, class and responding nameserver. +1513. [doc] Add "US" to root-delgation-only exclude list. -1511. [bug] delegation-only was generating false positives - on negative answers from subzones. +1512. [bug] Extend the delegation-only logging to return query + type, class and responding nameserver. -1510. [func] New view option "root-delegation-only". Apply - delegation-only check to all TLDs and root. - Note there are some TLDs that are NOT delegation - only (e.g. DE, LV, US and MUSEUM) these can be excluded - from the checks by using exclude. +1511. [bug] delegation-only was generating false positives + on negative answers from subzones. - root-delegation-only exclude { - "DE"; "LV"; "US"; "MUSEUM"; - }; +1510. [func] New view option "root-delegation-only". Apply + delegation-only check to all TLDs and root. + Note there are some TLDs that are NOT delegation + only (e.g. DE, LV, US and MUSEUM) these can be excluded + from the checks by using exclude. -1509. [bug] Hint zones should accept delegation-only. Forward - zone should not accept delegation-only. + root-delegation-only exclude { + "DE"; "LV"; "US"; "MUSEUM"; + }; -1508. [bug] Don't apply delegation-only checks to answers from - forwarders. +1509. [bug] Hint zones should accept delegation-only. Forward + zone should not accept delegation-only. -1507. [bug] Handle BIND 8 style returns to NS queries to parents - when making delegation-only checks. +1508. [bug] Don't apply delegation-only checks to answers from + forwarders. -1506. [bug] Wrong return type for dns_view_isdelegationonly(). +1507. [bug] Handle BIND 8 style returns to NS queries to parents + when making delegation-only checks. -1505. [bug] Uninitialised rdataset in sdb. [RT #8750] +1506. [bug] Wrong return type for dns_view_isdelegationonly(). -1504. [func] New zone type "delegation-only". +1505. [bug] Uninitialised rdataset in sdb. [RT #8750] -1503. [port] win32: install libeay32.dll outside of system32. +1504. [func] New zone type "delegation-only". -1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP. +1503. [port] win32: install libeay32.dll outside of system32. -1501. [func] Allow TCP queue length to be specified via - named.conf, tcp-listen-queue. +1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP. -1500. [bug] host failed to lookup MX records. Also look up - AAAA records. +1501. [func] Allow TCP queue length to be specified via + named.conf, tcp-listen-queue. -1499. [bug] isc_random need to be seeded better if arc4random() - is not used. +1500. [bug] host failed to lookup MX records. Also look up + AAAA records. -1498. [port] bsdos: 5.x support. +1499. [bug] isc_random need to be seeded better if arc4random() + is not used. -1497. [placeholder] +1498. [port] bsdos: 5.x support. -1496. [port] test for pthread_attr_setstacksize(). +1497. [placeholder] -1495. [cleanup] Replace hash functions with universal hash. +1496. [port] test for pthread_attr_setstacksize(). -1494. [security] Turn on RSA BLINDING as a precaution. +1495. [cleanup] Replace hash functions with universal hash. -1493. [placeholder] +1494. [security] Turn on RSA BLINDING as a precaution. -1492. [cleanup] Preserve rwlock quota context when upgrading / - downgrading. [RT #5599] +1493. [placeholder] -1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN - lines. [RT #6206] +1492. [cleanup] Preserve rwlock quota context when upgrading / + downgrading. [RT #5599] -1490. [bug] Accept reading state as well as working state in - ns_client_next(). [RT #6813] +1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN + lines. [RT #6206] -1489. [compat] Treat 'allow-update' on slave zones as a warning. - [RT #3469] +1490. [bug] Accept reading state as well as working state in + ns_client_next(). [RT #6813] -1488. [bug] Don't override trust levels for glue addresses. - [RT #5764] +1489. [compat] Treat 'allow-update' on slave zones as a warning. + [RT #3469] -1487. [bug] A REQUIRE() failure could be triggered if a zone was - queued for transfer and the zone was then removed. - [RT #6189] +1488. [bug] Don't override trust levels for glue addresses. + [RT #5764] -1486. [bug] isc_print_snprintf() '%%' consumed one too many format - characters. [RT# 8230] +1487. [bug] A REQUIRE() failure could be triggered if a zone was + queued for transfer and the zone was then removed. + [RT #6189] -1485. [bug] gen failed to handle high type values. [RT #6225] +1486. [bug] isc_print_snprintf() '%%' consumed one too many format + characters. [RT# 8230] -1484. [bug] The number of records reported after a AXFR was wrong. - [RT #6229] +1485. [bug] gen failed to handle high type values. [RT #6225] -1483. [bug] dig axfr failed if the message id in the answer failed - to match that in the request. Only the id in the first - message is required to match. [RT #8138] +1484. [bug] The number of records reported after a AXFR was wrong. + [RT #6229] -1482. [bug] named could fail to start if the kernel supports - IPv6 but no interfaces are configured. Similarly - for IPv4. [RT #6229] +1483. [bug] dig axfr failed if the message id in the answer failed + to match that in the request. Only the id in the first + message is required to match. [RT #8138] -1481. [bug] Refresh and stub queries failed to use masters keys - if specified. [RT #7391] +1482. [bug] named could fail to start if the kernel supports + IPv6 but no interfaces are configured. Similarly + for IPv4. [RT #6229] -1480. [bug] Provide replay protection for rndc commands. Full - replay protection requires both rndc and named to - be updated. Partial replay protection (limited - exposure after restart) is provided if just named - is updated. +1481. [bug] Refresh and stub queries failed to use masters keys + if specified. [RT #7391] -1479. [bug] cfg_create_tuple() failed to handle out of - memory cleanup. parse_list() would leak memory - on syntax errors. +1480. [bug] Provide replay protection for rndc commands. Full + replay protection requires both rndc and named to + be updated. Partial replay protection (limited + exposure after restart) is provided if just named + is updated. -1478. [port] ifconfig.sh didn't account for other virtual - interfaces. It now takes a optional arguement - to specify the first interface number. [RT #3907] +1479. [bug] cfg_create_tuple() failed to handle out of + memory cleanup. parse_list() would leak memory + on syntax errors. -1477. [bug] memory leak using stub zones and TSIG. +1478. [port] ifconfig.sh didn't account for other virtual + interfaces. It now takes a optional arguement + to specify the first interface number. [RT #3907] -1476. [placeholder] +1477. [bug] memory leak using stub zones and TSIG. -1475. [port] Probe for old sprintf(). +1476. [placeholder] -1474. [port] Provide strtoul() and memmove() for platforms - without them. +1475. [port] Probe for old sprintf(). -1473. [bug] create_map() and create_string() failed to handle out - of memory cleanup. [RT #6813] +1474. [port] Provide strtoul() and memmove() for platforms + without them. -1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit. +1473. [bug] create_map() and create_string() failed to handle out + of memory cleanup. [RT #6813] -1471. [bug] libbind: updated to BIND 8.4.0. +1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit. -1470. [bug] Incorrect length passed to snprintf. [RT #5966] +1471. [bug] libbind: updated to BIND 8.4.0. -1469. [func] Log end of outgoing zone transfer at same level - as the start of transfer is logged. [RT #4441] +1470. [bug] Incorrect length passed to snprintf. [RT #5966] -1468. [func] Internal zones are no longer counted for - 'rndc status'. [RT #4706] +1469. [func] Log end of outgoing zone transfer at same level + as the start of transfer is logged. [RT #4441] -1467. [func] $GENERATES now supports optional class and ttl. +1468. [func] Internal zones are no longer counted for + 'rndc status'. [RT #4706] -1466. [bug] lwresd configuration errors resulted in memory - and lock leaks. [RT #5228] +1467. [func] $GENERATES now supports optional class and ttl. -1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer() - failed to check that trailing bits were zero allowing - some invalid base64 strings to be accepted. [RT #5397] +1466. [bug] lwresd configuration errors resulted in memory + and lock leaks. [RT #5228] -1464. [bug] Preserve "out of zone" data for outgoing zone - transfers. [RT #5192] +1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer() + failed to check that trailing bits were zero allowing + some invalid base64 strings to be accepted. [RT #5397] -1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad - NXT bit maps. [RT #5577] +1464. [bug] Preserve "out of zone" data for outgoing zone + transfers. [RT #5192] -1462. [bug] parse_sizeval() failed to check the token type. - [RT #5586] +1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad + NXT bit maps. [RT #5577] -1461. [bug] Remove deadlock from rbtdb code. [RT #5599] +1462. [bug] parse_sizeval() failed to check the token type. + [RT #5586] -1460. [bug] inet_pton() failed to reject certain malformed - IPv6 literals. +1461. [bug] Remove deadlock from rbtdb code. [RT #5599] -1459. [placeholder] +1460. [bug] inet_pton() failed to reject certain malformed + IPv6 literals. -1458. [cleanup] sprintf() -> snprintf(). +1459. [placeholder] -1457. [port] Provide strlcat() and strlcpy() for platforms without - them. +1458. [cleanup] sprintf() -> snprintf(). -1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer. +1457. [port] Provide strlcat() and strlcpy() for platforms without + them. -1455. [bug] missing from server grammar in - doc/misc/options. [RT #5616] +1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer. -1454. [port] Use getifaddrs() if available for interface scanning. - --disable-getifaddrs to override. Glibc currently - has a getifaddrs() that does not support IPv6. - Use --enable-getifaddrs=glibc to force the use of - this version under linux machines. +1455. [bug] missing from server grammar in + doc/misc/options. [RT #5616] -1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298] +1454. [port] Use getifaddrs() if available for interface scanning. + --disable-getifaddrs to override. Glibc currently + has a getifaddrs() that does not support IPv6. + Use --enable-getifaddrs=glibc to force the use of + this version under linux machines. -1452. [placeholder] +1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298] -1451. [bug] rndc-confgen didn't exit with a error code for all - failures. [RT #5209] +1452. [placeholder] -1450. [bug] Fetching expired glue failed under certain - circumstances. [RT #5124] +1451. [bug] rndc-confgen didn't exit with a error code for all + failures. [RT #5209] -1449. [bug] query_addbestns() didn't handle running out of memory - gracefully. +1450. [bug] Fetching expired glue failed under certain + circumstances. [RT #5124] -1448. [bug] Handle empty wildcards labels. +1449. [bug] query_addbestns() didn't handle running out of memory + gracefully. -1447. [bug] We were casting (unsigned int) to and from (void *). - rdataset->private4 is now rdataset->privateuint4 - to reflect a type change. +1448. [bug] Handle empty wildcards labels. -1446. [func] Implemented undocumented alternate transfer sources - from BIND 8. See use-alt-transfer-source, - alt-transfer-source and alt-transfer-source-v6. +1447. [bug] We were casting (unsigned int) to and from (void *). + rdataset->private4 is now rdataset->privateuint4 + to reflect a type change. - SECURITY: use-alt-transfer-source is ENABLED unless - you are using views. This may cause a security risk - resulting in accidental disclosure of wrong zone - content if the master supplying different source - content based on IP address. If you are not certain - ISC recommends setting use-alt-transfer-source no; +1446. [func] Implemented undocumented alternate transfer sources + from BIND 8. See use-alt-transfer-source, + alt-transfer-source and alt-transfer-source-v6. -1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has - been replaced with DNS_ADBFIND_STARTATZONE which - causes the search to start using the closest zone. + SECURITY: use-alt-transfer-source is ENABLED unless + you are using views. This may cause a security risk + resulting in accidental disclosure of wrong zone + content if the master supplying different source + content based on IP address. If you are not certain + ISC recommends setting use-alt-transfer-source no; -1444. [func] dns_view_findzonecut2() allows you to specify if the - cache should be searched for zone cuts. +1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has + been replaced with DNS_ADBFIND_STARTATZONE which + causes the search to start using the closest zone. -1443. [func] Masters lists can now be specified and referenced - in zone masters clauses and other masters lists. +1444. [func] dns_view_findzonecut2() allows you to specify if the + cache should be searched for zone cuts. -1442. [func] New functions for manipulating port lists: - dns_portlist_create(), dns_portlist_add(), - dns_portlist_remove(), dns_portlist_match(), - dns_portlist_attach() and dns_portlist_detach(). +1443. [func] Masters lists can now be specified and referenced + in zone masters clauses and other masters lists. -1441. [func] It is now possible to tell dig to bind to a specific - source port. +1442. [func] New functions for manipulating port lists: + dns_portlist_create(), dns_portlist_add(), + dns_portlist_remove(), dns_portlist_match(), + dns_portlist_attach() and dns_portlist_detach(). -1440. [func] It is now possible to tell named to avoid using - certain source ports (avoid-v4-udp-ports, - avoid-v6-udp-ports). +1441. [func] It is now possible to tell dig to bind to a specific + source port. -1439. [bug] Named could return NOERROR with certain NOTIFY - failures. Return NOTAUTH if the NOTIFY zone is - not being served. +1440. [func] It is now possible to tell named to avoid using + certain source ports (avoid-v4-udp-ports, + avoid-v6-udp-ports). -1438. [func] Log TSIG (if any) when logging NOTIFY requests. +1439. [bug] Named could return NOERROR with certain NOTIFY + failures. Return NOTAUTH if the NOTIFY zone is + not being served. -1437. [bug] Leave space for stdio to work in. [RT #5033] +1438. [func] Log TSIG (if any) when logging NOTIFY requests. -1436. [func] dns_zonemgr_resumexfrs() can be used to restart - stalled transfers. +1437. [bug] Leave space for stdio to work in. [RT #5033] -1435. [bug] zmgr_resume_xfrs() was being called read locked - rather than write locked. zmgr_resume_xfrs() - was not being called if the zone was being - shutdown. +1436. [func] dns_zonemgr_resumexfrs() can be used to restart + stalled transfers. -1434. [bug] "rndc reconfig" failed to initiate the initial - zone transfer of new slave zones. +1435. [bug] zmgr_resume_xfrs() was being called read locked + rather than write locked. zmgr_resume_xfrs() + was not being called if the zone was being + shutdown. -1433. [bug] named could trigger a REQUIRE failure if it could - not get a file descriptor when attempting to write - a master file. [RT #4347] +1434. [bug] "rndc reconfig" failed to initiate the initial + zone transfer of new slave zones. -1432. [func] The advertised EDNS UDP buffer size can now be set - via named.conf (edns-udp-size). +1433. [bug] named could trigger a REQUIRE failure if it could + not get a file descriptor when attempting to write + a master file. [RT #4347] -1431. [bug] isc_print_snprintf() "%s" with precision could walk off - end of argument. [RT #5191] +1432. [func] The advertised EDNS UDP buffer size can now be set + via named.conf (edns-udp-size). -1430. [port] linux: IPv6 interface scanning support. +1431. [bug] isc_print_snprintf() "%s" with precision could walk off + end of argument. [RT #5191] -1429. [bug] Prevent the cache getting locked to old servers. +1430. [port] linux: IPv6 interface scanning support. -1428. [placeholder] +1429. [bug] Prevent the cache getting locked to old servers. -1427. [bug] Race condition in adb with threaded build. +1428. [placeholder] -1426. [placeholder] +1427. [bug] Race condition in adb with threaded build. -1425. [port] linux/libbind: define __USE_MISC when testing *_r() - function prototypes in netdb.h. [RT #4921] +1426. [placeholder] -1424. [bug] EDNS version not being correctly printed. +1425. [port] linux/libbind: define __USE_MISC when testing *_r() + function prototypes in netdb.h. [RT #4921] -1423. [contrib] queryperf: added A6 and SRV. +1424. [bug] EDNS version not being correctly printed. -1422. [func] Log name/type/class when denying a query. [RT #4663] +1423. [contrib] queryperf: added A6 and SRV. -1421. [func] Differentiate updates that don't succeed due to - prerequisites (unsuccessful) vs other reasons - (failed). +1422. [func] Log name/type/class when denying a query. [RT #4663] -1420. [port] solaris: work around gcc optimiser bug. +1421. [func] Differentiate updates that don't succeed due to + prerequisites (unsuccessful) vs other reasons + (failed). -1419. [port] openbsd: use /dev/arandom. [RT #4950] +1420. [port] solaris: work around gcc optimiser bug. -1418. [bug] 'rndc reconfig' did not cause new slaves to load. +1419. [port] openbsd: use /dev/arandom. [RT #4950] -1417. [func] ID.SERVER/CHAOS is now a built in zone. - See "server-id" for how to configure. +1418. [bug] 'rndc reconfig' did not cause new slaves to load. -1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN. - [RT #4715] +1417. [func] ID.SERVER/CHAOS is now a built in zone. + See "server-id" for how to configure. -1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived - from SOA MINIMUM. +1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN. + [RT #4715] -1414. [func] Support for KSK flag. +1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived + from SOA MINIMUM. -1413. [func] Explictly request the (re-)generation of DS records from - keysets (dnssec-signzone -g). +1414. [func] Support for KSK flag. -1412. [func] You can now specify servers to be tried if a nameserver - has IPv6 address and you only support IPv4 or the - reverse. See dual-stack-servers. +1413. [func] Explictly request the (re-)generation of DS records from + keysets (dnssec-signzone -g). -1411. [bug] empty nodes should stop wildcard matches. [RT #4802] +1412. [func] You can now specify servers to be tried if a nameserver + has IPv6 address and you only support IPv4 or the + reverse. See dual-stack-servers. -1410. [func] handle records that live in the parent zone, e.g. DS. +1411. [bug] empty nodes should stop wildcard matches. [RT #4802] -1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC. +1410. [func] handle records that live in the parent zone, e.g. DS. -1408. [bug] distclean was not complete. [RT #4700] +1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC. -1407. [bug] lfsr incorrectly implements the shift register. - [RT #4617] +1408. [bug] distclean was not complete. [RT #4700] -1406. [bug] dispatch initialises one of the LFSR's with a incorrect - polynomial. [RT #4617] +1407. [bug] lfsr incorrectly implements the shift register. + [RT #4617] -1405. [func] Use arc4random() if available. +1406. [bug] dispatch initialises one of the LFSR's with a incorrect + polynomial. [RT #4617] -1404. [bug] libbind: ns_name_ntol() could overwrite a zero length - buffer. +1405. [func] Use arc4random() if available. -1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset - dnssec-signkey now report their version in the - usage message. +1404. [bug] libbind: ns_name_ntol() could overwrite a zero length + buffer. -1402. [cleanup] A6 has been moved to experimental and is no longer - fully supported. +1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset + dnssec-signkey now report their version in the + usage message. -1401. [bug] adb wasn't clearing state when the timer expired. +1402. [cleanup] A6 has been moved to experimental and is no longer + fully supported. -1400. [bug] Block the addition of wildcard NS records by IXFR - or UPDATE. [RT #3502] +1401. [bug] adb wasn't clearing state when the timer expired. -1399. [bug] Use serial number arithmetic when testing SIG - timestamps. [RT #4268] +1400. [bug] Block the addition of wildcard NS records by IXFR + or UPDATE. [RT #3502] -1398. [doc] ARM: notify-also should have been also-notify. - [RT #4345] +1399. [bug] Use serial number arithmetic when testing SIG + timestamps. [RT #4268] -1397. [bug] J.ROOT-SERVERS.NET is now 192.58.128.30. +1398. [doc] ARM: notify-also should have been also-notify. + [RT #4345] -1396. [func] dnssec-signzone: adjust the default signing time by - 1 hour to allow for clock skew. +1397. [bug] J.ROOT-SERVERS.NET is now 192.58.128.30. -1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't - have a working implementation. [RT #4079] +1396. [func] dnssec-signzone: adjust the default signing time by + 1 hour to allow for clock skew. -1394. [func] It is now possible to check if a particular element is - in a acl. Remove duplicate entries from the localnets - acl. +1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't + have a working implementation. [RT #4079] -1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY - is not available in the kernel to prevent accidently - listening on IPv4 interfaces. +1394. [func] It is now possible to check if a particular element is + in a acl. Remove duplicate entries from the localnets + acl. -1392. [bug] named-checkzone: update usage. +1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY + is not available in the kernel to prevent accidently + listening on IPv4 interfaces. -1391. [func] Add support for IPv6 scoped addresses in named. +1392. [bug] named-checkzone: update usage. -1390. [func] host now supports ixfr. +1391. [func] Add support for IPv6 scoped addresses in named. -1389. [bug] named could fail to rotate long log files. [RT #3666] +1390. [func] host now supports ixfr. -1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before - defining HAVE_IFLIST_SYSCTL. [RT #3770] +1389. [bug] named could fail to rotate long log files. [RT #3666] -1387. [bug] named could crash due to an access to invalid memory - space (which caused an assertion failure) in - incremental cleaning. [RT #3588] +1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before + defining HAVE_IFLIST_SYSCTL. [RT #3770] -1386. [bug] named-checkzone -z stopped on errors in a zone. - [RT #3653] +1387. [bug] named could crash due to an access to invalid memory + space (which caused an assertion failure) in + incremental cleaning. [RT #3588] -1385. [bug] Setting serial-query-rate to 10 would trigger a - REQUIRE failure. +1386. [bug] named-checkzone -z stopped on errors in a zone. + [RT #3653] -1384. [bug] host was incompatible with BIND 8 in its exit code and - in the output with the -l option. [RT #3536] +1385. [bug] Setting serial-query-rate to 10 would trigger a + REQUIRE failure. -1383. [func] Track the serial number in a IXFR response and log if - a mismatch occurs. This is a more specific error than - "not exact". [RT #3445] +1384. [bug] host was incompatible with BIND 8 in its exit code and + in the output with the -l option. [RT #3536] -1382. [bug] make install failed with --enable-libbind. [RT #3656] +1383. [func] Track the serial number in a IXFR response and log if + a mismatch occurs. This is a more specific error than + "not exact". [RT #3445] -1381. [bug] named failed to correctly process answers that - contained DNAME records where the resulting CNAME - resulted in a negative answer. +1382. [bug] make install failed with --enable-libbind. [RT #3656] -1380. [func] 'rndc recursing' dump recursing queries to - 'recursing-file = "named.recursing";'. +1381. [bug] named failed to correctly process answers that + contained DNAME records where the resulting CNAME + resulted in a negative answer. -1379. [func] 'rndc status' now reports tcp and recursion quota - states. +1380. [func] 'rndc recursing' dump recursing queries to + 'recursing-file = "named.recursing";'. -1378. [func] Improved positive feedback for 'rndc {reload|refresh}. +1379. [func] 'rndc status' now reports tcp and recursion quota + states. -1377. [func] dns_zone_load{new}() now reports if the zone was - loaded, queued for loading to up to date. +1378. [func] Improved positive feedback for 'rndc {reload|refresh}. -1376. [func] New function dns_zone_logc() to log to specified - category. +1377. [func] dns_zone_load{new}() now reports if the zone was + loaded, queued for loading to up to date. -1375. [func] 'rndc dumpdb' now dumps the adb cache along with the - data cache. +1376. [func] New function dns_zone_logc() to log to specified + category. -1374. [func] dns_adb_dump() now logs the lame zones associated - with each server. +1375. [func] 'rndc dumpdb' now dumps the adb cache along with the + data cache. -1373. [bug] Recovery from expired glue failed under certain - circumstances. +1374. [func] dns_adb_dump() now logs the lame zones associated + with each server. -1372. [bug] named crashes with an assertion failure on exit when - sharing the same port for listening and querying, and - changing listening addresses several times. [RT# 3509] +1373. [bug] Recovery from expired glue failed under certain + circumstances. -1371. [bug] notify-source-v6, transfer-source-v6 and - query-source-v6 with explicit addresses and using the - same ports as named was listening on could interfere - with nameds ability to answer queries sent to those - addresses. +1372. [bug] named crashes with an assertion failure on exit when + sharing the same port for listening and querying, and + changing listening addresses several times. [RT# 3509] -1370. [bug] dig '+[no]recurse' was incorrectly documented. +1371. [bug] notify-source-v6, transfer-source-v6 and + query-source-v6 with explicit addresses and using the + same ports as named was listening on could interfere + with nameds ability to answer queries sent to those + addresses. -1369. [bug] Adding an NS record as the lexicographically last - record in a secure zone didn't work. +1370. [bug] dig '+[no]recurse' was incorrectly documented. -1368. [func] remove support for bitstring labels. +1369. [bug] Adding an NS record as the lexicographically last + record in a secure zone didn't work. -1367. [func] Use response times to select forwarders. +1368. [func] remove support for bitstring labels. -1366. [contrib] queryperf usage was incomplete. Add '-h' for help. +1367. [func] Use response times to select forwarders. -1365. [func] "localhost" and "localnets" acls now include IPv6 - addresses / prefixes. +1366. [contrib] queryperf usage was incomplete. Add '-h' for help. -1364. [func] Log file name when unable to open memory statistics - and dump database files. [RT# 3437] +1365. [func] "localhost" and "localnets" acls now include IPv6 + addresses / prefixes. -1363. [func] Listen-on-v6 now supports specific addresses. +1364. [func] Log file name when unable to open memory statistics + and dump database files. [RT# 3437] -1362. [bug] remove IFF_RUNNING test when scanning interfaces. +1363. [func] Listen-on-v6 now supports specific addresses. -1361. [func] log the reason for rejecting a server when resolving - queries. +1362. [bug] remove IFF_RUNNING test when scanning interfaces. -1360. [bug] --enable-libbind would fail when not built in the - source tree for certain OS's. +1361. [func] log the reason for rejecting a server when resolving + queries. -1359. [security] Support patches OpenSSL libraries. - http://www.cert.org/advisories/CA-2002-23.html +1360. [bug] --enable-libbind would fail when not built in the + source tree for certain OS's. -1358. [bug] It was possible to trigger a INSIST when debugging - large dynamic updates. [RT #3390] +1359. [security] Support patches OpenSSL libraries. + http://www.cert.org/advisories/CA-2002-23.html -1357. [bug] nsupdate was extremely wasteful of memory. +1358. [bug] It was possible to trigger a INSIST when debugging + large dynamic updates. [RT #3390] -1356. [tuning] Reduce the number of events / quantum for zone tasks. +1357. [bug] nsupdate was extremely wasteful of memory. -1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME. +1356. [tuning] Reduce the number of events / quantum for zone tasks. -1354. [doc] lwres man pages had illegal nroff. +1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME. -1353. [contrib] sdb/ldap to version 0.9. +1354. [doc] lwres man pages had illegal nroff. -1352. [bug] dig, host, nslookup when falling back to TCP use the - current search entry (if any). [RT #3374] +1353. [contrib] sdb/ldap to version 0.9. -1351. [bug] lwres_getipnodebyname() returned the wrong name - when given a IPv4 literal, af=AF_INET6 and AI_MAPPED - was set. +1352. [bug] dig, host, nslookup when falling back to TCP use the + current search entry (if any). [RT #3374] -1350. [bug] dns_name_fromtext() failed to handle too many labels - gracefully. +1351. [bug] lwres_getipnodebyname() returned the wrong name + when given a IPv4 literal, af=AF_INET6 and AI_MAPPED + was set. -1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a). - http://www.cert.org/advisories/CA-2002-23.html +1350. [bug] dns_name_fromtext() failed to handle too many labels + gracefully. -1348. [port] win32: Rewrote code to use I/O Completion Ports - in socket.c and eliminating a host of socket - errors. Performance is enhanced. +1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a). + http://www.cert.org/advisories/CA-2002-23.html -1347. [placeholder] +1348. [port] win32: Rewrote code to use I/O Completion Ports + in socket.c and eliminating a host of socket + errors. Performance is enhanced. -1346. [placeholder] +1347. [placeholder] -1345. [port] Use a explicit -Wformat with gcc. Not all versions - include it in -Wall. +1346. [placeholder] -1344. [func] Log if the serial number on the master has gone - backwards. - If you have multiple machines specified in the masters - clause you may want to set 'multi-master yes;' to - suppress this warning. +1345. [port] Use a explicit -Wformat with gcc. Not all versions + include it in -Wall. -1343. [func] Log successful notifies received (info). Adjust log - level for failed notifies to notice. +1344. [func] Log if the serial number on the master has gone + backwards. + If you have multiple machines specified in the masters + clause you may want to set 'multi-master yes;' to + suppress this warning. -1342. [func] Log remote address with TCP dispatch failures. +1343. [func] Log successful notifies received (info). Adjust log + level for failed notifies to notice. -1341. [func] Allow a rate limiter to be stalled. +1342. [func] Log remote address with TCP dispatch failures. -1340. [bug] Delay and spread out the startup refresh load. +1341. [func] Allow a rate limiter to be stalled. -1339. [func] dig, host and nslookup now use IP6.ARPA for nibble - lookups. Bit string lookups are no longer attempted. +1340. [bug] Delay and spread out the startup refresh load. -1338. [placeholder] +1339. [func] dig, host and nslookup now use IP6.ARPA for nibble + lookups. Bit string lookups are no longer attempted. -1337. [placeholder] +1338. [placeholder] -1336. [func] Nibble lookups under IP6.ARPA are now supported by - dns_byaddr_create(). dns_byaddr_createptrname() is - deprecated, use dns_byaddr_createptrname2() instead. +1337. [placeholder] -1335. [bug] When performing a nonexistence proof, the validator - should discard parent NXTs from higher in the DNS. +1336. [func] Nibble lookups under IP6.ARPA are now supported by + dns_byaddr_create(). dns_byaddr_createptrname() is + deprecated, use dns_byaddr_createptrname2() instead. -1334. [bug] When signing/verifying rdatasets, duplicate rdatas - need to be suppressed. +1335. [bug] When performing a nonexistence proof, the validator + should discard parent NXTs from higher in the DNS. -1333. [contrib] queryperf now reports a summary of returned - rcodes (-c), rcodes are printed in mnemonic form (-v). +1334. [bug] When signing/verifying rdatasets, duplicate rdatas + need to be suppressed. -1332. [func] Report the current serial with periodic commits when - rolling forward the journal. +1333. [contrib] queryperf now reports a summary of returned + rcodes (-c), rcodes are printed in mnemonic form (-v). -1331. [func] Generate DNSSEC wildcard proofs. +1332. [func] Report the current serial with periodic commits when + rolling forward the journal. -1330. [bug] When processing events (non-threaded) only allow - the task one chance to use to use its quantum. +1331. [func] Generate DNSSEC wildcard proofs. -1329. [func] named-checkzone will now check if nameservers that - appear to be IP addresses. Available modes "fail", - "warn" (default) and "ignore" the results of the - check. +1330. [bug] When processing events (non-threaded) only allow + the task one chance to use to use its quantum. -1328. [bug] The validator could incorrectly verify an invalid - negative proof. +1329. [func] named-checkzone will now check if nameservers that + appear to be IP addresses. Available modes "fail", + "warn" (default) and "ignore" the results of the + check. -1327. [bug] The validator would incorrectly mark data as insecure - when seeing a bogus signature before a correct - signature. +1328. [bug] The validator could incorrectly verify an invalid + negative proof. -1326. [bug] DNAME/CNAME signatures were not being cached when - validation was not being performed. [RT #3284] +1327. [bug] The validator would incorrectly mark data as insecure + when seeing a bogus signature before a correct + signature. -1325. [bug] If the tcpquota was exhausted it was possible to - to trigger a INSIST() failure. +1326. [bug] DNAME/CNAME signatures were not being cached when + validation was not being performed. [RT #3284] -1324. [port] darwin: ifconfig.sh now supports darwin. +1325. [bug] If the tcpquota was exhausted it was possible to + to trigger a INSIST() failure. -1323. [port] linux: Slackware 4.0 needs . [RT #3205] +1324. [port] darwin: ifconfig.sh now supports darwin. -1322. [bug] dnssec-signzone usage message was misleading. +1323. [port] linux: Slackware 4.0 needs . [RT #3205] -1321. [bug] If the last RRset in a zone is glue, dnssec-signzone - would incorrectly duplicate its output and sign it. +1322. [bug] dnssec-signzone usage message was misleading. -1320. [doc] query-source-v6 was missing from options section. - [RT #3218] +1321. [bug] If the last RRset in a zone is glue, dnssec-signzone + would incorrectly duplicate its output and sign it. -1319. [func] libbind: log attempts to exploit #1318. +1320. [doc] query-source-v6 was missing from options section. + [RT #3218] -1318. [bug] libbind: Remote buffer overrun. +1319. [func] libbind: log attempts to exploit #1318. -1317. [port] libbind: TrueUNIX 5.1 does not like __align as a - element name. +1318. [bug] libbind: Remote buffer overrun. -1316. [bug] libbind: gethostans() could get out of sync parsing - the response if there was a very long CNAME chain. +1317. [port] libbind: TrueUNIX 5.1 does not like __align as a + element name. -1315. [bug] Options should apply to the internal _bind view. +1316. [bug] libbind: gethostans() could get out of sync parsing + the response if there was a very long CNAME chain. -1314. [port] Handle ECONNRESET from sendmsg() [unix]. +1315. [bug] Options should apply to the internal _bind view. -1313. [func] Query log now says if the query was signed (S) or - if EDNS was used (E). +1314. [port] Handle ECONNRESET from sendmsg() [unix]. -1312. [func] Log TSIG key used w/ outgoing zone transfers. +1313. [func] Query log now says if the query was signed (S) or + if EDNS was used (E). -1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159] +1312. [func] Log TSIG key used w/ outgoing zone transfers. -1310. [bug] 'rndc stop' failed to cause zones to be flushed - sometimes. [RT #3157] +1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159] -1309. [func] Log that a zone transfer was covered by a TSIG. +1310. [bug] 'rndc stop' failed to cause zones to be flushed + sometimes. [RT #3157] -1308. [func] DS (delegation signer) support. +1309. [func] Log that a zone transfer was covered by a TSIG. -1307. [bug] nsupdate: allow white space base64 key data. +1308. [func] DS (delegation signer) support. -1306. [bug] Badly encoded LOC record when the size, horizontal - precision or vertical precision was 0.1m. +1307. [bug] nsupdate: allow white space base64 key data. -1305. [bug] Document that internal zones are included in the - rndc status results. +1306. [bug] Badly encoded LOC record when the size, horizontal + precision or vertical precision was 0.1m. -1304. [func] New function: dns_zone_name(). +1305. [bug] Document that internal zones are included in the + rndc status results. -1303. [func] Option 'flush-zones-on-shutdown ;'. +1304. [func] New function: dns_zone_name(). -1302. [func] Extended rndc dumpdb to support dumping of zones and - view selection: 'dumpdb [-all|-zones|-cache] [view]'. +1303. [func] Option 'flush-zones-on-shutdown ;'. -1301. [func] New category 'update-security'. +1302. [func] Extended rndc dumpdb to support dumping of zones and + view selection: 'dumpdb [-all|-zones|-cache] [view]'. -1300. [port] Compaq Trucluster support. +1301. [func] New category 'update-security'. -1299. [bug] Set AI_ADDRCONFIG when looking up addresses - via getaddrinfo() (affects dig, host, nslookup, rndc - and nsupdate). +1300. [port] Compaq Trucluster support. -1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile - could be left with a trailing "\" after configure - has been run. +1299. [bug] Set AI_ADDRCONFIG when looking up addresses + via getaddrinfo() (affects dig, host, nslookup, rndc + and nsupdate). -1297. [port] linux: make handling EINVAL from socket() no longer - conditional on #ifdef LINUX. +1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile + could be left with a trailing "\" after configure + has been run. -1296. [bug] isc_log_closefilelogs() needed to lock the log - context. +1297. [port] linux: make handling EINVAL from socket() no longer + conditional on #ifdef LINUX. -1295. [bug] isc_log_setdebuglevel() needed to lock the log - context. +1296. [bug] isc_log_closefilelogs() needed to lock the log + context. -1294. [func] libbind: no longer attempts bit string labels for - IPv6 reverse resolution. Try IP6.ARPA then IP6.INT - for nibble style resolution. +1295. [bug] isc_log_setdebuglevel() needed to lock the log + context. -1293. [func] Entropy can now be retrieved from EGDs. [RT #2438] +1294. [func] libbind: no longer attempts bit string labels for + IPv6 reverse resolution. Try IP6.ARPA then IP6.INT + for nibble style resolution. -1292. [func] Enable IPv6 support when using ioctl style interface - scanning and OS supports SIOCGLIFADDR using struct - if_laddrreq. +1293. [func] Entropy can now be retrieved from EGDs. [RT #2438] -1291. [func] Enable IPv6 support when using sysctl style interface - scanning. +1292. [func] Enable IPv6 support when using ioctl style interface + scanning and OS supports SIOCGLIFADDR using struct + if_laddrreq. -1290. [func] "dig axfr" now reports the number of messages - as well as the number of records. +1291. [func] Enable IPv6 support when using sysctl style interface + scanning. -1289. [port] See if -ldl is required for OpenSSL? [RT #2672] +1290. [func] "dig axfr" now reports the number of messages + as well as the number of records. -1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better - reflect written requirements. +1289. [port] See if -ldl is required for OpenSSL? [RT #2672] -1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding - a rdataset to a zone db in the rbtdb implementation of - addrdataset. +1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better + reflect written requirements. -1286. [bug] dns_name_downcase() enforce requirement that - target != NULL or name->buffer != NULL. +1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding + a rdataset to a zone db in the rbtdb implementation of + addrdataset. -1285. [func] lwres: probe the system to see what address families - are currently in use. +1286. [bug] dns_name_downcase() enforce requirement that + target != NULL or name->buffer != NULL. -1284. [bug] The RTT estimate on unused servers was not aged. - [RT #2569] +1285. [func] lwres: probe the system to see what address families + are currently in use. -1283. [func] Use "dataready" accept filter if available. +1284. [bug] The RTT estimate on unused servers was not aged. + [RT #2569] -1282. [port] libbind: hpux 11.11 interface scaning. +1283. [func] Use "dataready" accept filter if available. -1281. [func] Log zone when unable to get private keys to update - zone. Log zone when NXT records are missing from - secure zone. +1282. [port] libbind: hpux 11.11 interface scaning. -1280. [bug] libbind: escape '(' and ')' when converting to - presentation form. +1281. [func] Log zone when unable to get private keys to update + zone. Log zone when NXT records are missing from + secure zone. -1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590] +1280. [bug] libbind: escape '(' and ')' when converting to + presentation form. -1278. [func] dig: now supports +[no]cl +[no]ttlid. +1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590] -1277. [func] You can now create your own customised printing - styles: dns_master_stylecreate() and - dns_master_styledestroy(). +1278. [func] dig: now supports +[no]cl +[no]ttlid. -1276. [bug] libbind: const pointer conflicts in res_debug.c. +1277. [func] You can now create your own customised printing + styles: dns_master_stylecreate() and + dns_master_styledestroy(). -1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN. +1276. [bug] libbind: const pointer conflicts in res_debug.c. -1274. [bug] Memory leak in lwres_gnbarequest_parse(). +1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN. -1273. [port] libbind: solaris: 64 bit binary compatibility. +1274. [bug] Memory leak in lwres_gnbarequest_parse(). -1272. [contrib] Berkeley DB 4.0 sdb implementation from - Nuno Miguel Rodrigues . +1273. [port] libbind: solaris: 64 bit binary compatibility. -1271. [bug] "recursion available: {denied,approved}" was too - confusing. +1272. [contrib] Berkeley DB 4.0 sdb implementation from + Nuno Miguel Rodrigues . -1270. [bug] Check that system inet_pton() and inet_ntop() support - AF_INET6. +1271. [bug] "recursion available: {denied,approved}" was too + confusing. -1269. [port] Openserver: ifconfig.sh support. +1270. [bug] Check that system inet_pton() and inet_ntop() support + AF_INET6. -1268. [port] Openserver: the value FD_SETSIZE depends on whether - is included or not. Be consistent. +1269. [port] Openserver: ifconfig.sh support. -1267. [func] isc_file_openunique() now creates file using mode - 0666 rather than 0600. +1268. [port] Openserver: the value FD_SETSIZE depends on whether + is included or not. Be consistent. -1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE, - __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE - are not C++ compatible, use *_TYPE versions instead. +1267. [func] isc_file_openunique() now creates file using mode + 0666 rather than 0600. -1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with - C++, use LINK_INIT_TYPE and UNLINK_TYPE instead. +1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE, + __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE + are not C++ compatible, use *_TYPE versions instead. -1264. [placeholder] +1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with + C++, use LINK_INIT_TYPE and UNLINK_TYPE instead. -1263. [bug] Reference after free error if dns_dispatchmgr_create() - failed. +1264. [placeholder] -1262. [bug] ns_server_destroy() failed to set *serverp to NULL. +1263. [bug] Reference after free error if dns_dispatchmgr_create() + failed. -1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide - support for compressed TSIG owner names. +1262. [bug] ns_server_destroy() failed to set *serverp to NULL. -1260. [func] libbind: res_update can now update IPv6 servers, - new function res_findzonecut2(). +1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide + support for compressed TSIG owner names. -1259. [bug] libbind: get_salen() IPv6 support was broken for OSs - w/o sa_len. +1260. [func] libbind: res_update can now update IPv6 servers, + new function res_findzonecut2(). -1258. [bug] libbind: res_nametotype() and res_nametoclass() were - broken. +1259. [bug] libbind: get_salen() IPv6 support was broken for OSs + w/o sa_len. -1257. [bug] Failure to write pid-file should not be fatal on - reload. [RT #2861] +1258. [bug] libbind: res_nametotype() and res_nametoclass() were + broken. -1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support. +1257. [bug] Failure to write pid-file should not be fatal on + reload. [RT #2861] -1255. [bug] When verifying that an NXT proves nonexistence, check - the rcode of the message and only do the matching NXT - check. That is, for NXDOMAIN responses, check that - the name is in the range between the NXT owner and - next name, and for NOERROR NODATA responses, check - that the type is not present in the NXT bitmap. +1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support. -1254. [func] preferred-glue option from BIND 8.3. +1255. [bug] When verifying that an NXT proves nonexistence, check + the rcode of the message and only do the matching NXT + check. That is, for NXDOMAIN responses, check that + the name is in the range between the NXT owner and + next name, and for NOERROR NODATA responses, check + that the type is not present in the NXT bitmap. -1253. [bug] The dnssec system test failed to remove the correct - files. +1254. [func] preferred-glue option from BIND 8.3. -1252. [bug] Dig, host and nslookup were not checking the address - the answer was coming from against the address it was - sent to. [RT# 2692] +1253. [bug] The dnssec system test failed to remove the correct + files. -1251. [port] win32: a make file contained absolute version specific - references. +1252. [bug] Dig, host and nslookup were not checking the address + the answer was coming from against the address it was + sent to. [RT# 2692] -1250. [func] Nsupdate will report the address the update was - sent to. +1251. [port] win32: a make file contained absolute version specific + references. -1249. [bug] Missing masters clause was not handled gracefully. - [RT #2703] +1250. [func] Nsupdate will report the address the update was + sent to. -1248. [bug] DESTDIR was not being propagated between makes. +1249. [bug] Missing masters clause was not handled gracefully. + [RT #2703] -1247. [bug] Don't reset the interface index for link/site local - addresses. [RT #2576] +1248. [bug] DESTDIR was not being propagated between makes. -1246. [func] New functions isc_sockaddr_issitelocal(), - isc_sockaddr_islinklocal(), isc_netaddr_issitelocal() - and isc_netaddr_islinklocal(). +1247. [bug] Don't reset the interface index for link/site local + addresses. [RT #2576] -1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for - accept(). +1246. [func] New functions isc_sockaddr_issitelocal(), + isc_sockaddr_islinklocal(), isc_netaddr_issitelocal() + and isc_netaddr_islinklocal(). -1244. [bug] Receiving a TCP message from a blackhole address would - prevent further messages being received over that - interface. +1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for + accept(). -1243. [bug] It was possible to trigger a REQUIRE() in - dns_message_findtype(). [RT #2659] +1244. [bug] Receiving a TCP message from a blackhole address would + prevent further messages being received over that + interface. -1242. [bug] named-checkzone failed if a journal existed. [RT #2657] +1243. [bug] It was possible to trigger a REQUIRE() in + dns_message_findtype(). [RT #2659] -1241. [bug] Drop received UDP messages with a zero source port - as these are invariably forged. [RT #2621] +1242. [bug] named-checkzone failed if a journal existed. [RT #2657] -1240. [bug] It was possible to leak zone references by - specifying an incorrect zone to rndc. +1241. [bug] Drop received UDP messages with a zero source port + as these are invariably forged. [RT #2621] -1239. [bug] Under certain circumstances named could continue to - use a name after it had been freed triggering - INSIST() failures. [RT #2614] +1240. [bug] It was possible to leak zone references by + specifying an incorrect zone to rndc. -1238. [bug] It is possible to lockup the server when shutting down - if notifies were being processed. [RT #2591] +1239. [bug] Under certain circumstances named could continue to + use a name after it had been freed triggering + INSIST() failures. [RT #2614] -1237. [bug] nslookup: "set q=type" failed. +1238. [bug] It is possible to lockup the server when shutting down + if notifies were being processed. [RT #2591] -1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non - NULL terminated text regions. [RT #2588] +1237. [bug] nslookup: "set q=type" failed. -1235. [func] Report 'out of memory' errors from openssl. +1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non + NULL terminated text regions. [RT #2588] -1234. [bug] contrib/sdb: 'zonetodb' failed to call - dns_result_register(). DNS_R_SEENINCLUDE should not - be fatal. +1235. [func] Report 'out of memory' errors from openssl. -1233. [bug] The flags field of a KEY record can be expressed in - hex as well as decimal. +1234. [bug] contrib/sdb: 'zonetodb' failed to call + dns_result_register(). DNS_R_SEENINCLUDE should not + be fatal. -1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL. +1233. [bug] The flags field of a KEY record can be expressed in + hex as well as decimal. -1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL. +1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL. -1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken. +1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL. -1229. [bug] named would crash if it received a TSIG signed - query as part of an AXFR response. [RT #2570] +1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken. -1228. [bug] 'make install' did not depend on 'make all'. [RT #2559] +1229. [bug] named would crash if it received a TSIG signed + query as part of an AXFR response. [RT #2570] -1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER - if a number was expected and some other token was - found. [RT#2532] +1228. [bug] 'make install' did not depend on 'make all'. [RT #2559] -1226. [func] Use EDNS for zone refresh queries. [RT #2551] +1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER + if a number was expected and some other token was + found. [RT#2532] -1225. [func] dns_message_setopt() no longer requires that - dns_message_renderbegin() to have been called. +1226. [func] Use EDNS for zone refresh queries. [RT #2551] -1224. [bug] 'rrset-order' and 'sortlist' should be additive - not exclusive. +1225. [func] dns_message_setopt() no longer requires that + dns_message_renderbegin() to have been called. -1223. [func] 'rrset-order' partially works 'cyclic' and 'random' - are supported. +1224. [bug] 'rrset-order' and 'sortlist' should be additive + not exclusive. -1222. [bug] Specifying 'port *' did not always result in a system - selected (non-reserved) port being used. [RT #2537] +1223. [func] 'rrset-order' partially works 'cyclic' and 'random' + are supported. -1221. [bug] Zone types 'master', 'slave' and 'stub' were not being - compared case insensitively. [RT #2542] +1222. [bug] Specifying 'port *' did not always result in a system + selected (non-reserved) port being used. [RT #2537] -1220. [func] Support for APL rdata type. +1221. [bug] Zone types 'master', 'slave' and 'stub' were not being + compared case insensitively. [RT #2542] -1219. [func] Named now reports the TSIG extended error code when - signature verification fails. [RT #1651] +1220. [func] Support for APL rdata type. -1218. [bug] Named incorrectly returned SERVFAIL rather than - NOTAUTH when there was a TSIG BADTIME error. [RT #2519] +1219. [func] Named now reports the TSIG extended error code when + signature verification fails. [RT #1651] -1217. [func] Report locations of previous key definition when a - duplicate is detected. +1218. [bug] Named incorrectly returned SERVFAIL rather than + NOTAUTH when there was a TSIG BADTIME error. [RT #2519] -1216. [bug] Multiple server clauses for the same server were not - reported. [RT #2514] +1217. [func] Report locations of previous key definition when a + duplicate is detected. -1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1 +1216. [bug] Multiple server clauses for the same server were not + reported. [RT #2514] -1214. [bug] Win32: isc_file_renameunique() could leave zero length - files behind. +1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1 -1213. [func] Report view associated with client if it is not a - standard view (_default or _bind). +1214. [bug] Win32: isc_file_renameunique() could leave zero length + files behind. -1212. [port] libbind: 64k answer buffers were causing stack space - to be exceeded for certain OS. Use heap space instead. +1213. [func] Report view associated with client if it is not a + standard view (_default or _bind). -1211. [bug] dns_name_fromtext() incorrectly handled certain - valid octal bitlabels. [RT #2483] +1212. [port] libbind: 64k answer buffers were causing stack space + to be exceeded for certain OS. Use heap space instead. -1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped / - compatible addresses. [RT #2461] +1211. [bug] dns_name_fromtext() incorrectly handled certain + valid octal bitlabels. [RT #2483] -1209. [bug] Dig, host, nslookup were not checking the message ids - on the responses. [RT #2454] +1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped / + compatible addresses. [RT #2461] -1208. [bug] dns_master_load*() failed to log a error message if - an error was detected when parsing the ownername of - a record. [RT #2448] +1209. [bug] Dig, host, nslookup were not checking the message ids + on the responses. [RT #2454] -1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with - an invalid pointer. +1208. [bug] dns_master_load*() failed to log a error message if + an error was detected when parsing the ownername of + a record. [RT #2448] -1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should - trigger a non-EDNS retry. +1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with + an invalid pointer. -1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class" - of the message. [RT #2449] +1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should + trigger a non-EDNS retry. -1204. [bug] libbind: res_nupdate() failed to update the name - server addresses before sending the update. +1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class" + of the message. [RT #2449] -1203. [func] Report locations of previous acl and zone definitions - when a duplicate is detected. +1204. [bug] libbind: res_nupdate() failed to update the name + server addresses before sending the update. -1202. [func] New functions: cfg_obj_line() and cfg_obj_file(). +1203. [func] Report locations of previous acl and zone definitions + when a duplicate is detected. -1201. [bug] Require that if 'callbacks' is passed to - dns_rdata_fromtext(), callbacks->error and - callbacks->warn are initialized. +1202. [func] New functions: cfg_obj_line() and cfg_obj_file(). -1200. [bug] Log 'errno' that we are unable to convert to - isc_result_t. [RT #2404] +1201. [bug] Require that if 'callbacks' is passed to + dns_rdata_fromtext(), callbacks->error and + callbacks->warn are initialized. -1199. [doc] ARM reference to RFC 2157 should have been RFC 1918. - [RT #2436] +1200. [bug] Log 'errno' that we are unable to convert to + isc_result_t. [RT #2404] -1198. [bug] OPT printing style was not consistent with the way the - header fields are printed. The DO bit was not reported - if set. Report if any of the MBZ bits are set. +1199. [doc] ARM reference to RFC 2157 should have been RFC 1918. + [RT #2436] -1197. [bug] Attempts to define the same acl multiple times were not - detected. +1198. [bug] OPT printing style was not consistent with the way the + header fields are printed. The DO bit was not reported + if set. Report if any of the MBZ bits are set. -1196. [contrib] update mdnkit to 2.2.3. +1197. [bug] Attempts to define the same acl multiple times were not + detected. -1195. [bug] Attempts to redefine builtin acls should be caught. - [RT #2403] +1196. [contrib] update mdnkit to 2.2.3. -1194. [bug] Not all duplicate zone definitions were being detected - at the named.conf checking stage. [RT #2431] +1195. [bug] Attempts to redefine builtin acls should be caught. + [RT #2403] -1193. [bug] dig +besteffort parsing didn't handle packet - truncation. dns_message_parse() has new flag - DNS_MESSAGE_IGNORETRUNCATION. +1194. [bug] Not all duplicate zone definitions were being detected + at the named.conf checking stage. [RT #2431] -1192. [bug] The seconds fields in LOC records were restricted - to three decimal places. More decimal places should - be allowed but warned about. +1193. [bug] dig +besteffort parsing didn't handle packet + truncation. dns_message_parse() has new flag + DNS_MESSAGE_IGNORETRUNCATION. -1191. [bug] A dynamic update removing the last non-apex name in - a secure zone would fail. [RT #2399] +1192. [bug] The seconds fields in LOC records were restricted + to three decimal places. More decimal places should + be allowed but warned about. -1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands. - [RT #2394] +1191. [bug] A dynamic update removing the last non-apex name in + a secure zone would fail. [RT #2399] -1189. [bug] On some systems, malloc(0) returns NULL, which - could cause the caller to report an out of memory - error. [RT #2398] +1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands. + [RT #2394] -1188. [bug] Dynamic updates of a signed zone would fail if - some of the zone private keys were unavailable. +1189. [bug] On some systems, malloc(0) returns NULL, which + could cause the caller to report an out of memory + error. [RT #2398] -1187. [bug] named was incorrectly returning DNSSEC records - in negative responses when the DO bit was not set. +1188. [bug] Dynamic updates of a signed zone would fail if + some of the zone private keys were unavailable. -1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the - EOL token when reading to end of line. +1187. [bug] named was incorrectly returning DNSSEC records + in negative responses when the DO bit was not set. -1185. [bug] libbind: don't assume statp->_u._ext.ext is valid - unless RES_INIT is set when calling res_*init(). +1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the + EOL token when reading to end of line. -1184. [bug] libbind: call res_ndestroy() if RES_INIT is set - when res_*init() is called. +1185. [bug] libbind: don't assume statp->_u._ext.ext is valid + unless RES_INIT is set when calling res_*init(). -1183. [bug] Handle ENOSR error when writing to the internal - control pipe. [RT #2395] +1184. [bug] libbind: call res_ndestroy() if RES_INIT is set + when res_*init() is called. -1182. [bug] The server could throw an assertion failure when - constructing a negative response packet. +1183. [bug] Handle ENOSR error when writing to the internal + control pipe. [RT #2395] -1181. [func] Add the "key-directory" configuration statement, - which allows the server to look for online signing - keys in alternate directories. +1182. [bug] The server could throw an assertion failure when + constructing a negative response packet. -1180. [func] dnssec-keygen should always generate keys with - protocol 3 (DNSSEC), since it's less confusing - that way. +1181. [func] Add the "key-directory" configuration statement, + which allows the server to look for online signing + keys in alternate directories. -1179. [func] Add SIG(0) support to nsupdate. +1180. [func] dnssec-keygen should always generate keys with + protocol 3 (DNSSEC), since it's less confusing + that way. -1178. [bug] Follow and cache (if appropriate) A6 and other - data chains to completion in the additional section. +1179. [func] Add SIG(0) support to nsupdate. -1177. [func] Report view when loading zones if it is not a - standard view (_default or _bind). [RT #2270] +1178. [bug] Follow and cache (if appropriate) A6 and other + data chains to completion in the additional section. -1176. [doc] Document that allow-v6-synthesis is only performed - for clients that are supplied recursive service. - [RT #2260] +1177. [func] Report view when loading zones if it is not a + standard view (_default or _bind). [RT #2270] -1175. [bug] named-checkzone and named-checkconf failed to call - dns_result_register() at startup which could - result in runtime exceptions when printing - "out of memory" errors. [RT #2335] +1176. [doc] Document that allow-v6-synthesis is only performed + for clients that are supplied recursive service. + [RT #2260] -1174. [bug] Win32: add WSAECONNRESET to the expected errors - from connect(). [RT #2308] +1175. [bug] named-checkzone and named-checkconf failed to call + dns_result_register() at startup which could + result in runtime exceptions when printing + "out of memory" errors. [RT #2335] -1173. [bug] Potential memory leaks in isc_log_create() and - isc_log_settag(). [RT #2336] +1174. [bug] Win32: add WSAECONNRESET to the expected errors + from connect(). [RT #2308] -1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to - table of RR types in ARM. +1173. [bug] Potential memory leaks in isc_log_create() and + isc_log_settag(). [RT #2336] -1171. [func] Added function isc_region_compare(), updated files in - lib/dns to use this function instead of local one. +1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to + table of RR types in ARM. -1170. [bug] Don't attempt to print the token when a I/O error - occurs when parsing named.conf. [RT #2275] +1171. [func] Added function isc_region_compare(), updated files in + lib/dns to use this function instead of local one. -1169. [func] Identify recursive queries in the query log. +1170. [bug] Don't attempt to print the token when a I/O error + occurs when parsing named.conf. [RT #2275] -1168. [bug] Empty also-notify clauses were not handled. [RT #2309] +1169. [func] Identify recursive queries in the query log. -1167. [contrib] nslint-2.1a3 (from author). +1168. [bug] Empty also-notify clauses were not handled. [RT #2309] -1166. [bug] "Not Implemented" should be reported as NOTIMP, - not NOTIMPL. [RT #2281] +1167. [contrib] nslint-2.1a3 (from author). -1165. [bug] We were rejecting notify-source{-v6} in zone clauses. +1166. [bug] "Not Implemented" should be reported as NOTIMP, + not NOTIMPL. [RT #2281] -1164. [bug] Empty masters clauses in slave / stub zones were not - handled gracefully. [RT #2262] +1165. [bug] We were rejecting notify-source{-v6} in zone clauses. -1163. [func] isc_time_formattimestamp() now includes the year. +1164. [bug] Empty masters clauses in slave / stub zones were not + handled gracefully. [RT #2262] -1162. [bug] The allow-notify option was not accepted in slave - zone statements. +1163. [func] isc_time_formattimestamp() now includes the year. -1161. [bug] named-checkzone looped on unbalanced brackets. - [RT #2248] +1162. [bug] The allow-notify option was not accepted in slave + zone statements. -1160. [bug] Generating Diffie-Hellman keys longer than 1024 - bits could fail. [RT #2241] +1161. [bug] named-checkzone looped on unbalanced brackets. + [RT #2248] -1159. [bug] MD and MF are not permitted to be loaded by RFC1123. +1160. [bug] Generating Diffie-Hellman keys longer than 1024 + bits could fail. [RT #2241] -1158. [func] Report the client's address when logging notify - messages. +1159. [bug] MD and MF are not permitted to be loaded by RFC1123. -1157. [func] match-clients and match-destinations now accept - keys. [RT #2045] +1158. [func] Report the client's address when logging notify + messages. -1156. [port] The configure test for strsep() incorrectly - succeeded on certain patched versions of - AIX 4.3.3. [RT #2190] +1157. [func] match-clients and match-destinations now accept + keys. [RT #2045] -1155. [func] Recover from master files being removed from under - us. +1156. [port] The configure test for strsep() incorrectly + succeeded on certain patched versions of + AIX 4.3.3. [RT #2190] -1154. [bug] Don't attempt to obtain the netmask of a interface - if there is no address configured. [RT #2176] +1155. [func] Recover from master files being removed from under + us. -1153. [func] 'rndc {stop|halt} -p' now reports the process id - of the instance of named being shutdown. +1154. [bug] Don't attempt to obtain the netmask of a interface + if there is no address configured. [RT #2176] -1152. [bug] libbind: read buffer overflows. +1153. [func] 'rndc {stop|halt} -p' now reports the process id + of the instance of named being shutdown. -1151. [bug] nslookup failed to check that the arguments to - the port, timeout, and retry options were - valid integers and in range. [RT #2099] +1152. [bug] libbind: read buffer overflows. -1150. [bug] named incorrectly accepted TTL values - containing plus or minus signs, such as - 1d+1h-1s. +1151. [bug] nslookup failed to check that the arguments to + the port, timeout, and retry options were + valid integers and in range. [RT #2099] -1149. [func] New function isc_parse_uint32(). +1150. [bug] named incorrectly accepted TTL values + containing plus or minus signs, such as + 1d+1h-1s. -1148. [func] 'rndc-confgen -a' now provides positive feedback. +1149. [func] New function isc_parse_uint32(). -1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by - the OS. listen-on-v6 { any; }; should no longer - result in IPv4 queries be accepted. Similarly - control { inet :: ... }; should no longer result - in IPv4 connections being accepted. This can be - overridden at compile time by defining - ISC_ALLOW_MAPPED=1. +1148. [func] 'rndc-confgen -a' now provides positive feedback. -1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if - supported by the OS by a new function - isc_socket_ipv6only(). +1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by + the OS. listen-on-v6 { any; }; should no longer + result in IPv4 queries be accepted. Similarly + control { inet :: ... }; should no longer result + in IPv4 connections being accepted. This can be + overridden at compile time by defining + ISC_ALLOW_MAPPED=1. -1145. [func] "host" no longer reports a NOERROR/NODATA response - by printing nothing. [RT #2065] +1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if + supported by the OS by a new function + isc_socket_ipv6only(). -1144. [bug] rndc-confgen would crash if both the -a and -t - options were specified. [RT #2159] +1145. [func] "host" no longer reports a NOERROR/NODATA response + by printing nothing. [RT #2065] -1143. [bug] When a trusted-keys statement was present and named - was built without crypto support, it would leak memory. +1144. [bug] rndc-confgen would crash if both the -a and -t + options were specified. [RT #2159] -1142. [bug] dnssec-signzone would fail to delete temporary files - in some failure cases. [RT #2144] +1143. [bug] When a trusted-keys statement was present and named + was built without crypto support, it would leak memory. -1141. [bug] When named rejected a control message, it would - leak a file descriptor and memory. It would also - fail to respond, causing rndc to hang. - [RT #2139, #2164] +1142. [bug] dnssec-signzone would fail to delete temporary files + in some failure cases. [RT #2144] -1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments - to the -s option. [RT #2138] +1141. [bug] When named rejected a control message, it would + leak a file descriptor and memory. It would also + fail to respond, causing rndc to hang. + [RT #2139, #2164] -1139. [func] It is now possible to flush a given name from the - cache(s) via 'rndc flushname name [view]'. [RT #2051] +1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments + to the -s option. [RT #2138] -1138. [func] It is now possible to flush a given name from the - cache by calling the new function - dns_cache_flushname(). +1139. [func] It is now possible to flush a given name from the + cache(s) via 'rndc flushname name [view]'. [RT #2051] -1137. [func] It is now possible to flush a given name from the - ADB by calling the new function dns_adb_flushname(). +1138. [func] It is now possible to flush a given name from the + cache by calling the new function + dns_cache_flushname(). -1136. [bug] CNAME records synthesised from DNAMEs did not - have a TTL of zero as required by RFC2672. - [RT #2129] +1137. [func] It is now possible to flush a given name from the + ADB by calling the new function dns_adb_flushname(). -1135. [func] You can now override the default syslog() facility for - named/lwresd at compile time. [RT #1982] +1136. [bug] CNAME records synthesised from DNAMEs did not + have a TTL of zero as required by RFC2672. + [RT #2129] -1134. [bug] Multi-threaded servers could deadlock in ferror() - when reloading zone files. [RT #1951, #1998] +1135. [func] You can now override the default syslog() facility for + named/lwresd at compile time. [RT #1982] -1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on - platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106] +1134. [bug] Multi-threaded servers could deadlock in ferror() + when reloading zone files. [RT #1951, #1998] -1132. [func] Improve UPDATE prerequisite failure diagnotic messages. +1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on + platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106] -1131. [bug] The match-destinations view option did not work with - IPv6 destinations. [RT #2073, #2074] +1132. [func] Improve UPDATE prerequisite failure diagnotic messages. -1130. [bug] Log messages reporting an out-of-range serial number - did not include the out-of-range number but the - following token. [RT #2076] +1131. [bug] The match-destinations view option did not work with + IPv6 destinations. [RT #2073, #2074] -1129. [bug] Multi-threaded servers could crash under heavy - resolution load due to a race condition. [RT #2018] +1130. [bug] Log messages reporting an out-of-range serial number + did not include the out-of-range number but the + following token. [RT #2076] -1128. [func] sdb drivers can now provide RR data in either text - or wire format, the latter using the new functions - dns_sdb_putrdata() and dns_sdb_putnamedrdata(). +1129. [bug] Multi-threaded servers could crash under heavy + resolution load due to a race condition. [RT #2018] -1127. [func] rndc: If the server to contact has multiple addresses, - try all of them. +1128. [func] sdb drivers can now provide RR data in either text + or wire format, the latter using the new functions + dns_sdb_putrdata() and dns_sdb_putnamedrdata(). -1126. [bug] The server could access a freed event if shut - down while a client start event was pending - delivery. [RT #2061] +1127. [func] rndc: If the server to contact has multiple addresses, + try all of them. -1125. [bug] rndc: -k option was missing from usage message. - [RT #2057] +1126. [bug] The server could access a freed event if shut + down while a client start event was pending + delivery. [RT #2061] -1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail - are now documented. [RT #2052] +1125. [bug] rndc: -k option was missing from usage message. + [RT #2057] -1123. [bug] dig +[no]fail did not match description. [RT #2052] +1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail + are now documented. [RT #2052] -1122. [tuning] Resolution timeout reduced from 90 to 30 seconds. - [RT #2046] +1123. [bug] dig +[no]fail did not match description. [RT #2052] -1121. [bug] The server could attempt to access a NULL zone - table if shut down while resolving. - [RT #1587, #2054] +1122. [tuning] Resolution timeout reduced from 90 to 30 seconds. + [RT #2046] -1120. [bug] Errors in options were not fatal. [RT #2002] +1121. [bug] The server could attempt to access a NULL zone + table if shut down while resolving. + [RT #1587, #2054] -1119. [func] Added support in Win32 for NTFS file/directory ACL's - for access control. +1120. [bug] Errors in options were not fatal. [RT #2002] -1118. [bug] On multi-threaded servers, a race condition - could cause an assertion failure in resolver.c - during resolver shutdown. [RT #2029] +1119. [func] Added support in Win32 for NTFS file/directory ACL's + for access control. -1117. [port] The configure check for in6addr_loopback incorrectly - succeeded on AIX 4.3 when compiling with -O2 - because the test code was optimised away. - [RT #2016] +1118. [bug] On multi-threaded servers, a race condition + could cause an assertion failure in resolver.c + during resolver shutdown. [RT #2029] -1116. [bug] Setting transfers in a server clause, transfers-in, - or transfers-per-ns to a value greater than - 2147483647 disabled transfers. [RT #2002] +1117. [port] The configure check for in6addr_loopback incorrectly + succeeded on AIX 4.3 when compiling with -O2 + because the test code was optimised away. + [RT #2016] -1115. [func] Set maximum values for cleaning-interval, - heartbeat-interval, interface-interval, - max-transfer-idle-in, max-transfer-idle-out, - max-transfer-time-in, max-transfer-time-out, - statistics-interval of 28 days and - sig-validity-interval of 3660 days. [RT #2002] +1116. [bug] Setting transfers in a server clause, transfers-in, + or transfers-per-ns to a value greater than + 2147483647 disabled transfers. [RT #2002] -1114. [port] Ignore more accept() errors. [RT #2021] +1115. [func] Set maximum values for cleaning-interval, + heartbeat-interval, interface-interval, + max-transfer-idle-in, max-transfer-idle-out, + max-transfer-time-in, max-transfer-time-out, + statistics-interval of 28 days and + sig-validity-interval of 3660 days. [RT #2002] -1113. [bug] The allow-update-forwarding option was ignored - when specified in a view. [RT #2014] +1114. [port] Ignore more accept() errors. [RT #2021] -1112. [placeholder] +1113. [bug] The allow-update-forwarding option was ignored + when specified in a view. [RT #2014] -1111. [bug] Multi-threaded servers could deadlock processing - recursive queries due to a locking hierarchy - violation in adb.c. [RT #2017] +1112. [placeholder] -1110. [bug] dig should only accept valid abbreviations of +options. - [RT #2003] +1111. [bug] Multi-threaded servers could deadlock processing + recursive queries due to a locking hierarchy + violation in adb.c. [RT #2017] -1109. [bug] nsupdate accepted illegal ttl values. +1110. [bug] dig should only accept valid abbreviations of +options. + [RT #2003] -1108. [bug] On Win32, rndc was hanging when named was not running - due to failure to select for exceptional conditions - in select(). [RT #1870] +1109. [bug] nsupdate accepted illegal ttl values. -1107. [bug] nsupdate could catch an assertion failure if an - invalid domain name was given as the argument to - the "zone" command. +1108. [bug] On Win32, rndc was hanging when named was not running + due to failure to select for exceptional conditions + in select(). [RT #1870] -1106. [bug] After seeing an out of range TTL, nsupdate would - treat all TTLs as out of range. [RT #2001] +1107. [bug] nsupdate could catch an assertion failure if an + invalid domain name was given as the argument to + the "zone" command. -1105. [port] OpenUNIX 8 enable threads by default. [RT #1970] +1106. [bug] After seeing an out of range TTL, nsupdate would + treat all TTLs as out of range. [RT #2001] -1104. [bug] Invalid arguments to the transfer-format option - could cause an assertion failure. [RT #1995] +1105. [port] OpenUNIX 8 enable threads by default. [RT #1970] -1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970] +1104. [bug] Invalid arguments to the transfer-format option + could cause an assertion failure. [RT #1995] -1102. [doc] Note that query logging is enabled by directing the - queries category to a channel. +1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970] -1101. [bug] Array bounds read error in lwres_gai_strerror. +1102. [doc] Note that query logging is enabled by directing the + queries category to a channel. -1100. [bug] libbind: DNSSEC key ids were computed incorrectly. +1101. [bug] Array bounds read error in lwres_gai_strerror. -1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused - compile time errors. +1100. [bug] libbind: DNSSEC key ids were computed incorrectly. -1098. [bug] libbind: HMAC-MD5 key files are now mode 0600. +1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused + compile time errors. -1097. [func] libbind: RES_PRF_TRUNC for dig. +1098. [bug] libbind: HMAC-MD5 key files are now mode 0600. -1096. [func] libbind: "DNSSEC OK" (DO) support. +1097. [func] libbind: RES_PRF_TRUNC for dig. -1095. [func] libbind: resolver option: no-tld-query. disables - trying unqualified as a tld. no_tld_query is also - supported for FreeBSD compatibility. +1096. [func] libbind: "DNSSEC OK" (DO) support. -1094. [func] libbind: add support gcc's format string checking. +1095. [func] libbind: resolver option: no-tld-query. disables + trying unqualified as a tld. no_tld_query is also + supported for FreeBSD compatibility. -1093. [doc] libbind: miscellaneous nroff fixes. +1094. [func] libbind: add support gcc's format string checking. -1092. [bug] libbind: get*by*() failed to check if res_init() had - been called. +1093. [doc] libbind: miscellaneous nroff fixes. -1091. [bug] libbind: misplaced va_end(). +1092. [bug] libbind: get*by*() failed to check if res_init() had + been called. -1090. [bug] libbind: dns_ho.c:add_hostent() was not returning - the amount of memory consumed resulting in garbage - address being returned. Alignment calculations were - wasting space. We weren't suppressing duplicate - addresses. +1091. [bug] libbind: misplaced va_end(). -1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6 - support. +1090. [bug] libbind: dns_ho.c:add_hostent() was not returning + the amount of memory consumed resulting in garbage + address being returned. Alignment calculations were + wasting space. We weren't suppressing duplicate + addresses. -1088. [port] libbind: MPE/iX C.70 (incomplete) +1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6 + support. -1087. [bug] libbind: struct __res_state too large on 64 bit arch. +1088. [port] libbind: MPE/iX C.70 (incomplete) -1086. [port] libbind: sunos: old sprintf. +1087. [bug] libbind: struct __res_state too large on 64 bit arch. -1085. [port] libbind: solaris: sys_nerr and sys_errlist do not - exist when compiling in 64 bit mode. +1086. [port] libbind: sunos: old sprintf. -1084. [cleanup] libbind: gai_strerror() rewritten. +1085. [port] libbind: solaris: sys_nerr and sys_errlist do not + exist when compiling in 64 bit mode. -1083. [bug] The default control channel listened on the - wildcard address, not the loopback as documented. - [RT #1975] +1084. [cleanup] libbind: gai_strerror() rewritten. -1082. [bug] The -g option to named incorrectly caused logging - to be sent to syslog in addition to stderr. - [RT #1974] +1083. [bug] The default control channel listened on the + wildcard address, not the loopback as documented. + [RT #1975] -1081. [bug] Multicast queries were incorrectly identified - based on the source address, not the destination - address. +1082. [bug] The -g option to named incorrectly caused logging + to be sent to syslog in addition to stderr. + [RT #1974] -1080. [bug] BIND 8 compatibility: accept bare IP prefixes - as the second element of a two-element top level - sort list statement. [RT #1964] +1081. [bug] Multicast queries were incorrectly identified + based on the source address, not the destination + address. -1079. [bug] BIND 8 compatibility: accept bare elements at top - level of sort list treating them as if they were - a single element list. [RT #1963] +1080. [bug] BIND 8 compatibility: accept bare IP prefixes + as the second element of a two-element top level + sort list statement. [RT #1964] -1078. [bug] We failed to correct bad tv_usec values in one case. - [RT #1966] +1079. [bug] BIND 8 compatibility: accept bare elements at top + level of sort list treating them as if they were + a single element list. [RT #1963] -1077. [func] Do not accept further recursive clients when - the total number of recursive lookups being - processed exceeds max-recursive-clients, even - if some of the lookups are internally generated. - [RT #1915, #1938] +1078. [bug] We failed to correct bad tv_usec values in one case. + [RT #1966] -1076. [bug] A badly defined global key could trigger an assertion - on load/reload if views were used. [RT #1947] +1077. [func] Do not accept further recursive clients when + the total number of recursive lookups being + processed exceeds max-recursive-clients, even + if some of the lookups are internally generated. + [RT #1915, #1938] -1075. [bug] Out-of-range network prefix lengths were not - reported. [RT #1954] +1076. [bug] A badly defined global key could trigger an assertion + on load/reload if views were used. [RT #1947] -1074. [bug] Running out of memory in dump_rdataset() could - cause an assertion failure. [RT #1946] +1075. [bug] Out-of-range network prefix lengths were not + reported. [RT #1954] -1073. [bug] The ADB cache cleaning should also be space driven. - [RT #1915, #1938] +1074. [bug] Running out of memory in dump_rdataset() could + cause an assertion failure. [RT #1946] -1072. [bug] The TCP client quota could be exceeded when - recursion occurred. [RT #1937] +1073. [bug] The ADB cache cleaning should also be space driven. + [RT #1915, #1938] -1071. [bug] Sockets listening for TCP DNS connections - specified an excessive listen backlog. [RT #1937] +1072. [bug] The TCP client quota could be exceeded when + recursion occurred. [RT #1937] -1070. [bug] Copy DNSSEC OK (DO) to response as specified by - draft-ietf-dnsext-dnssec-okbit-03.txt. +1071. [bug] Sockets listening for TCP DNS connections + specified an excessive listen backlog. [RT #1937] -1069. [placeholder] +1070. [bug] Copy DNSSEC OK (DO) to response as specified by + draft-ietf-dnsext-dnssec-okbit-03.txt. -1068. [bug] errno could be overwritten by catgets(). [RT #1921] +1069. [placeholder] -1067. [func] Allow quotas to be soft, isc_quota_soft(). +1068. [bug] errno could be overwritten by catgets(). [RT #1921] -1066. [bug] Provide a thread safe wrapper for strerror(). - [RT #1689] +1067. [func] Allow quotas to be soft, isc_quota_soft(). -1065. [func] Runtime support to select new / old style interface - scanning using ioctls. +1066. [bug] Provide a thread safe wrapper for strerror(). + [RT #1689] -1064. [bug] Do not shut down active network interfaces if we - are unable to scan the interface list. [RT #1921] +1065. [func] Runtime support to select new / old style interface + scanning using ioctls. -1063. [bug] libbind: "make install" was failing on IRIX. - [RT #1919] +1064. [bug] Do not shut down active network interfaces if we + are unable to scan the interface list. [RT #1921] -1062. [bug] If the control channel listener socket was shut - down before server exit, the listener object could - be freed twice. [RT #1916] +1063. [bug] libbind: "make install" was failing on IRIX. + [RT #1919] -1061. [bug] If periodic cache cleaning happened to start - while cleaning due to reaching the configured - maximum cache size was in progress, the server - could catch an assertion failure. [RT #1912] +1062. [bug] If the control channel listener socket was shut + down before server exit, the listener object could + be freed twice. [RT #1916] -1060. [func] Move refresh, stub and notify UDP retry processing - into dns_request. +1061. [bug] If periodic cache cleaning happened to start + while cleaning due to reaching the configured + maximum cache size was in progress, the server + could catch an assertion failure. [RT #1912] -1059. [func] dns_request now support will now retry UDP queries, - dns_request_createvia2() and dns_request_createraw2(). +1060. [func] Move refresh, stub and notify UDP retry processing + into dns_request. -1058. [func] Limited lifetime ticker timers are now available, - isc_timertype_limited. +1059. [func] dns_request now support will now retry UDP queries, + dns_request_createvia2() and dns_request_createraw2(). -1057. [bug] Reloading the server after adding a "file" clause - to a zone statement could cause the server to - crash due to a typo in change 1016. +1058. [func] Limited lifetime ticker timers are now available, + isc_timertype_limited. -1056. [bug] Rndc could catch an assertion failure on SIGINT due - to an uninitialized variable. [RT #1908] +1057. [bug] Reloading the server after adding a "file" clause + to a zone statement could cause the server to + crash due to a typo in change 1016. -1055. [func] Version and hostname queries can now be disabled - using "version none;" and "hostname none;", - respectively. +1056. [bug] Rndc could catch an assertion failure on SIGINT due + to an uninitialized variable. [RT #1908] -1054. [bug] On Win32, cfg_categories and cfg_modules need to be - exported from the libisccfg DLL. +1055. [func] Version and hostname queries can now be disabled + using "version none;" and "hostname none;", + respectively. -1053. [bug] Dig did not increase its timeout when receiving - AXFRs unless the +time option was used. [RT #1904] +1054. [bug] On Win32, cfg_categories and cfg_modules need to be + exported from the libisccfg DLL. -1052. [bug] Journals were not being created in binary mode - resulting in "journal format not recognized" error - under Win32. [RT #1889] +1053. [bug] Dig did not increase its timeout when receiving + AXFRs unless the +time option was used. [RT #1904] -1051. [bug] Do not ignore a network interface completely just - because it has a noncontiguous netmask. Instead, - omit it from the localnets ACL and issue a warning. - [RT #1891] +1052. [bug] Journals were not being created in binary mode + resulting in "journal format not recognized" error + under Win32. [RT #1889] -1050. [bug] Log messages reporting malformed IP addresses in - address lists such as that of the forwarders option - failed to include the correct error code, file - name, and line number. [RT #1890] +1051. [bug] Do not ignore a network interface completely just + because it has a noncontiguous netmask. Instead, + omit it from the localnets ACL and issue a warning. + [RT #1891] -1049. [func] "pid-file none;" will disable writing a pid file. - [RT #1848] +1050. [bug] Log messages reporting malformed IP addresses in + address lists such as that of the forwarders option + failed to include the correct error code, file + name, and line number. [RT #1890] -1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1 - didn't work. +1049. [func] "pid-file none;" will disable writing a pid file. + [RT #1848] -1047. [bug] named was incorrectly refusing all requests signed - with a TSIG key derived from an unsigned TKEY - negotiation with a NOERROR response. [RT #1886] +1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1 + didn't work. -1046. [bug] The help message for the --with-openssl configure - option was inaccurate. [RT #1880] +1047. [bug] named was incorrectly refusing all requests signed + with a TSIG key derived from an unsigned TKEY + negotiation with a NOERROR response. [RT #1886] -1045. [bug] It was possible to skip saving glue for a nameserver - for a stub zone. +1046. [bug] The help message for the --with-openssl configure + option was inaccurate. [RT #1880] -1044. [bug] Specifying allow-transfer, notify-source, or - notify-source-v6 in a stub zone was not treated - as an error. +1045. [bug] It was possible to skip saving glue for a nameserver + for a stub zone. -1043. [bug] Specifying a transfer-source or transfer-source-v6 - option in the zone statement for a master zone was - not treated as an error. [RT #1876] +1044. [bug] Specifying allow-transfer, notify-source, or + notify-source-v6 in a stub zone was not treated + as an error. -1042. [bug] The "config" logging category did not work properly. - [RT #1873] +1043. [bug] Specifying a transfer-source or transfer-source-v6 + option in the zone statement for a master zone was + not treated as an error. [RT #1876] -1041. [bug] Dig/host/nslookup could catch an assertion failure - on SIGINT due to an uninitialized variable. [RT #1867] +1042. [bug] The "config" logging category did not work properly. + [RT #1873] -1040. [bug] Multiple listen-on-v6 options with different ports - were not accepted. [RT #1875] +1041. [bug] Dig/host/nslookup could catch an assertion failure + on SIGINT due to an uninitialized variable. [RT #1867] -1039. [bug] Negative responses with CNAMEs in the answer section - were cached incorrectly. [RT #1862] +1040. [bug] Multiple listen-on-v6 options with different ports + were not accepted. [RT #1875] -1038. [bug] In servers configured with a tkey-domain option, - TKEY queries with an owner name other than the root - could cause an assertion failure. [RT #1866, #1869] +1039. [bug] Negative responses with CNAMEs in the answer section + were cached incorrectly. [RT #1862] -1037. [bug] Negative responses whose authority section contain - SOA or NS records whose owner names are not equal - equal to or parents of the query name should be - rejected. [RT #1862] +1038. [bug] In servers configured with a tkey-domain option, + TKEY queries with an owner name other than the root + could cause an assertion failure. [RT #1866, #1869] -1036. [func] Silently drop requests received via multicast as - long as there is no final multicast DNS standard. +1037. [bug] Negative responses whose authority section contain + SOA or NS records whose owner names are not equal + equal to or parents of the query name should be + rejected. [RT #1862] -1035. [bug] If we respond to multicast queries (which we - currently do not), respond from a unicast address - as specified in RFC 1123. [RT #137] +1036. [func] Silently drop requests received via multicast as + long as there is no final multicast DNS standard. -1034. [bug] Ignore the RD bit on multicast queries as specified - in RFC 1123. [RT #137] +1035. [bug] If we respond to multicast queries (which we + currently do not), respond from a unicast address + as specified in RFC 1123. [RT #137] -1033. [bug] Always respond to requests with an unsupported opcode - with NOTIMP, even if we don't have a matching view - or cannot determine the class. +1034. [bug] Ignore the RD bit on multicast queries as specified + in RFC 1123. [RT #137] -1032. [func] hostname.bind/txt/chaos now returns the name of - the machine hosting the nameserver. This is useful - in diagnosing problems with anycast servers. +1033. [bug] Always respond to requests with an unsupported opcode + with NOTIMP, even if we don't have a matching view + or cannot determine the class. -1031. [bug] libbind.a: isc__gettimeofday() infinite recursion. - [RT #1858] +1032. [func] hostname.bind/txt/chaos now returns the name of + the machine hosting the nameserver. This is useful + in diagnosing problems with anycast servers. -1030. [bug] On systems with no resolv.conf file, nsupdate - exited with an error rather than defaulting - to using the loopback address. [RT #1836] +1031. [bug] libbind.a: isc__gettimeofday() infinite recursion. + [RT #1858] -1029. [bug] Some named.conf errors did not cause the loading - of the configuration file to return a failure - status even though they were logged. [RT #1847] +1030. [bug] On systems with no resolv.conf file, nsupdate + exited with an error rather than defaulting + to using the loopback address. [RT #1836] -1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf - in the wrong directory. [RT #1833] +1029. [bug] Some named.conf errors did not cause the loading + of the configuration file to return a failure + status even though they were logged. [RT #1847] -1027. [bug] RRs having the reserved type 0 should be rejected. - [RT #1471] +1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf + in the wrong directory. [RT #1833] -1026. [placeholder] +1027. [bug] RRs having the reserved type 0 should be rejected. + [RT #1471] -1025. [bug] Don't use multicast addresses to resolve iterative - queries. [RT #101] +1026. [placeholder] -1024. [port] Compilation failed on HP-UX 11.11 due to - incompatible use of the SIOCGLIFCONF macro - name. [RT #1831] +1025. [bug] Don't use multicast addresses to resolve iterative + queries. [RT #101] -1023. [func] Accept hints without TTLs. +1024. [port] Compilation failed on HP-UX 11.11 due to + incompatible use of the SIOCGLIFCONF macro + name. [RT #1831] -1022. [bug] Don't report empty root hints as "extra data". - [RT #1802] +1023. [func] Accept hints without TTLs. -1021. [bug] On Win32, log message timestamps were one month - later than they should have been, and the server - would exhibit unspecified behavior in December. +1022. [bug] Don't report empty root hints as "extra data". + [RT #1802] -1020. [bug] IXFR log messages did not distinguish between - true IXFRs, AXFR-style IXFRs, and mere version - polls. [RT #1811] +1021. [bug] On Win32, log message timestamps were one month + later than they should have been, and the server + would exhibit unspecified behavior in December. -1019. [bug] The value of the lame-ttl option was limited to 18000 - seconds, not 1800 seconds as documented. [RT #1803] +1020. [bug] IXFR log messages did not distinguish between + true IXFRs, AXFR-style IXFRs, and mere version + polls. [RT #1811] -1018. [bug] The default log channel was not always initialized - correctly. [RT #1813] +1019. [bug] The value of the lame-ttl option was limited to 18000 + seconds, not 1800 seconds as documented. [RT #1803] -1017. [bug] When specifying TSIG keys to dig and nsupdate using - the -k option, they must be HMAC-MD5 keys. [RT #1810] +1018. [bug] The default log channel was not always initialized + correctly. [RT #1813] -1016. [bug] Slave zones with no backup file were re-transferred - on every server reload. +1017. [bug] When specifying TSIG keys to dig and nsupdate using + the -k option, they must be HMAC-MD5 keys. [RT #1810] -1015. [bug] Log channels that had a "versions" option but no - "size" option failed to create numbered log - files. [RT #1783] +1016. [bug] Slave zones with no backup file were re-transferred + on every server reload. -1014. [bug] Some queries would cause statistics counters to - increment more than once or not at all. [RT #1321] +1015. [bug] Log channels that had a "versions" option but no + "size" option failed to create numbered log + files. [RT #1783] -1013. [bug] It was possible to cancel a query twice when marking - a server as bogus or by having a blackhole acl. - [RT #1776] +1014. [bug] Some queries would cause statistics counters to + increment more than once or not at all. [RT #1321] -1012. [bug] The -p option to named did not behave as documented. +1013. [bug] It was possible to cancel a query twice when marking + a server as bogus or by having a blackhole acl. + [RT #1776] -1011. [cleanup] Removed isc_dir_current(). +1012. [bug] The -p option to named did not behave as documented. -1010. [bug] The server could attempt to execute a command channel - command after initiating server shutdown, causing - an assertion failure. [RT #1766] +1011. [cleanup] Removed isc_dir_current(). -1009. [port] OpenUNIX 8 support. [RT #1728] +1010. [bug] The server could attempt to execute a command channel + command after initiating server shutdown, causing + an assertion failure. [RT #1766] -1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2. +1009. [port] OpenUNIX 8 support. [RT #1728] -1007. [port] config.guess, config.sub from autoconf-2.52. +1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2. -1006. [bug] If a KEY RR was found missing during DNSSEC validation, - an assertion failure could subsequently be triggered - in the resolver. [RT #1763] +1007. [port] config.guess, config.sub from autoconf-2.52. -1005. [bug] Don't copy nonzero RCODEs from request to response. - [RT #1765] +1006. [bug] If a KEY RR was found missing during DNSSEC validation, + an assertion failure could subsequently be triggered + in the resolver. [RT #1763] -1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770] +1005. [bug] Don't copy nonzero RCODEs from request to response. + [RT #1765] -1003. [func] Add the +retry option to dig. +1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770] -1002. [bug] When reporting an unknown class name in named.conf, - including the file name and line number. [RT #1759] +1003. [func] Add the +retry option to dig. -1001. [bug] win32 socket code doio_recv was not catching a - WSACONNRESET error when a client was timing out - the request and closing its socket. [RT #1745] +1002. [bug] When reporting an unknown class name in named.conf, + including the file name and line number. [RT #1759] -1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias - for class "HS". [RT #1759] +1001. [bug] win32 socket code doio_recv was not catching a + WSACONNRESET error when a client was timing out + the request and closing its socket. [RT #1745] - 999. [func] "rndc retransfer zone [class [view]]" added. - [RT #1752] +1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias + for class "HS". [RT #1759] - 998. [func] named-checkzone now has arguments to specify the - chroot directory (-t) and working directory (-w). - [RT #1755] + 999. [func] "rndc retransfer zone [class [view]]" added. + [RT #1752] - 997. [func] Add support for RSA-SHA1 keys (RFC3110). + 998. [func] named-checkzone now has arguments to specify the + chroot directory (-t) and working directory (-w). + [RT #1755] - 996. [func] Issue warning if the configuration filename contains - the chroot path. + 997. [func] Add support for RSA-SHA1 keys (RFC3110). - 995. [bug] dig, host, nslookup: using a raw IPv6 address as a - target address should be fatal on a IPv4 only system. + 996. [func] Issue warning if the configuration filename contains + the chroot path. - 994. [func] Treat non-authoritative responses to queries for type - NS as referrals even if the NS records are in the - answer section, because BIND 8 servers incorrectly - send them that way. This is necessary for DNSSEC - validation of the NS records of a secure zone to - succeed when the parent is a BIND 8 server. [RT #1706] + 995. [bug] dig, host, nslookup: using a raw IPv6 address as a + target address should be fatal on a IPv4 only system. - 993. [func] dig: -v now reports the version. + 994. [func] Treat non-authoritative responses to queries for type + NS as referrals even if the NS records are in the + answer section, because BIND 8 servers incorrectly + send them that way. This is necessary for DNSSEC + validation of the NS records of a secure zone to + succeed when the parent is a BIND 8 server. [RT #1706] - 992. [doc] dig: ~/.digrc is now documented. + 993. [func] dig: -v now reports the version. - 991. [func] Lower UDP refresh timeout messages to level - debug 1. + 992. [doc] dig: ~/.digrc is now documented. - 990. [bug] The rndc-confgen man page was not installed. + 991. [func] Lower UDP refresh timeout messages to level + debug 1. - 989. [bug] Report filename if $INCLUDE fails for file related - errors. [RT #1736] + 990. [bug] The rndc-confgen man page was not installed. - 988. [bug] 'additional-from-auth no;' did not work reliably - in the case of queries answered from the cache. - [RT #1436] + 989. [bug] Report filename if $INCLUDE fails for file related + errors. [RT #1736] - 987. [bug] "dig -help" didn't show "+[no]stats". + 988. [bug] 'additional-from-auth no;' did not work reliably + in the case of queries answered from the cache. + [RT #1436] - 986. [bug] "dig +noall" failed to clear stats and command - printing. + 987. [bug] "dig -help" didn't show "+[no]stats". - 985. [func] Consider network interfaces to be up iff they have - a nonzero IP address rather than based on the - IFF_UP flag. [RT #1160] + 986. [bug] "dig +noall" failed to clear stats and command + printing. - 984. [bug] Multi-threading should be enabled by default on - Solaris 2.7 and newer, but it wasn't. + 985. [func] Consider network interfaces to be up iff they have + a nonzero IP address rather than based on the + IFF_UP flag. [RT #1160] - 983. [func] The server now supports generating IXFR difference - sequences for non-dynamic zones by comparing zone - versions, when enabled using the new config - option "ixfr-from-differences". [RT #1727] + 984. [bug] Multi-threading should be enabled by default on + Solaris 2.7 and newer, but it wasn't. - 982. [func] If "memstatistics-file" is set in options the memory - statistics will be written to it. + 983. [func] The server now supports generating IXFR difference + sequences for non-dynamic zones by comparing zone + versions, when enabled using the new config + option "ixfr-from-differences". [RT #1727] - 981. [func] The dnssec tools can now take multiple '-r randomfile' - arguments. + 982. [func] If "memstatistics-file" is set in options the memory + statistics will be written to it. - 980. [bug] Incoming zone transfers restarting after an error - could trigger an assertion failure. [RT #1692] + 981. [func] The dnssec tools can now take multiple '-r randomfile' + arguments. - 979. [func] Incremental master file dumping. dns_master_dumpinc(), - dns_master_dumptostreaminc(), dns_dumpctx_attach(), - dns_dumpctx_detach(), dns_dumpctx_cancel(), - dns_dumpctx_db() and dns_dumpctx_version(). + 980. [bug] Incoming zone transfers restarting after an error + could trigger an assertion failure. [RT #1692] - 978. [bug] dns_db_attachversion() had an invalid REQUIRE() - condition. + 979. [func] Incremental master file dumping. dns_master_dumpinc(), + dns_master_dumptostreaminc(), dns_dumpctx_attach(), + dns_dumpctx_detach(), dns_dumpctx_cancel(), + dns_dumpctx_db() and dns_dumpctx_version(). - 977. [bug] Improve "not at top of zone" error message. + 978. [bug] dns_db_attachversion() had an invalid REQUIRE() + condition. - 976. [func] named-checkconf can now test load master zones - (named-checkconf -z). [RT #1468] + 977. [bug] Improve "not at top of zone" error message. - 975. [bug] "max-cache-size default;" as a view option - caused an assertion failure. + 976. [func] named-checkconf can now test load master zones + (named-checkconf -z). [RT #1468] - 974. [bug] "max-cache-size unlimited;" as a global option - was not accepted. + 975. [bug] "max-cache-size default;" as a view option + caused an assertion failure. - 973. [bug] Failed to log the question name when logging: - "bad zone transfer request: non-authoritative zone - (NOTAUTH)". + 974. [bug] "max-cache-size unlimited;" as a global option + was not accepted. - 972. [bug] The file modification time code in zone.c was using the - wrong epoch. [RT #1667] + 973. [bug] Failed to log the question name when logging: + "bad zone transfer request: non-authoritative zone + (NOTAUTH)". - 971. [placeholder] + 972. [bug] The file modification time code in zone.c was using the + wrong epoch. [RT #1667] - 970. [func] 'max-journal-size' can now be used to set a target - size for a journal. + 971. [placeholder] - 969. [func] dig now supports the undocumented dig 8 feature - of allowing arbitrary labels, not just dotted - decimal quads, with the -x option. This can be - used to conveniently look up RFC2317 names as in - "dig -x 10.0.0.0-127". [RT #827, #1576, #1598] + 970. [func] 'max-journal-size' can now be used to set a target + size for a journal. - 968. [bug] On win32, the isc_time_now() function was unnecessarily - calling strtime(). [RT #1671] + 969. [func] dig now supports the undocumented dig 8 feature + of allowing arbitrary labels, not just dotted + decimal quads, with the -x option. This can be + used to conveniently look up RFC2317 names as in + "dig -x 10.0.0.0-127". [RT #827, #1576, #1598] - 967. [bug] On win32, the link for bindevt was not including the - required resource file to enable the event viewer - to interpret the error messages in the event log, - [RT #1668] + 968. [bug] On win32, the isc_time_now() function was unnecessarily + calling strtime(). [RT #1671] - 966. [placeholder] + 967. [bug] On win32, the link for bindevt was not including the + required resource file to enable the event viewer + to interpret the error messages in the event log, + [RT #1668] - 965. [bug] Including data other than root server NS and A - records in the root hint file could cause a rbtdb - node reference leak. [RT #1581, #1618] + 966. [placeholder] - 964. [func] Warn if data other than root server NS and A records - are found in the root hint file. [RT #1581, #1618] + 965. [bug] Including data other than root server NS and A + records in the root hint file could cause a rbtdb + node reference leak. [RT #1581, #1618] - 963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645] + 964. [func] Warn if data other than root server NS and A records + are found in the root hint file. [RT #1581, #1618] - 962. [bug] libbind: bad "#undef", don't attempt to install - non-existant nlist.h. [RT #1640] + 963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645] - 961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6 - was not defined. [RT #1482] + 962. [bug] libbind: bad "#undef", don't attempt to install + non-existant nlist.h. [RT #1640] - 960. [port] liblwres failed to build on systems with support for - getrrsetbyname() in the OS. [RT #1592] + 961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6 + was not defined. [RT #1482] - 959. [port] On FreeBSD, determine the number of CPUs by calling - sysctlbyname(). [RT #1584] + 960. [port] liblwres failed to build on systems with support for + getrrsetbyname() in the OS. [RT #1592] - 958. [port] ssize_t is not available on all platforms. [RT #1607] + 959. [port] On FreeBSD, determine the number of CPUs by calling + sysctlbyname(). [RT #1584] - 957. [bug] sys/select.h inclusion was broken on older platforms. - [RT #1607] + 958. [port] ssize_t is not available on all platforms. [RT #1607] - 956. [bug] ns_g_autorndcfile changed to ns_g_keyfile - in named/win32/os.c due to code changes in - change #953. win32 .make file for rndc-confgen - updated to add include path for os.h header. + 957. [bug] sys/select.h inclusion was broken on older platforms. + [RT #1607] - --- 9.2.0rc1 released --- + 956. [bug] ns_g_autorndcfile changed to ns_g_keyfile + in named/win32/os.c due to code changes in + change #953. win32 .make file for rndc-confgen + updated to add include path for os.h header. - 955. [bug] When using views, the zone's class was not being - inherited from the view's class. [RT #1583] + --- 9.2.0rc1 released --- - 954. [bug] When requesting AXFRs or IXFRs using dig, host, or - nslookup, the RD bit should not be set as zone - transfers are inherently nonrecursive. [RT #1575] + 955. [bug] When using views, the zone's class was not being + inherited from the view's class. [RT #1583] - 953. [func] The /var/run/named.key file from change #843 - has been replaced by /etc/rndc.key. Both - named and rndc will look for this file and use - it to configure a default control channel key - if not already configured using a different - method (rndc.conf / controls). Unlike - named.key, rndc.key is not created automatically; - it must be created by manually running - "rndc-confgen -a". + 954. [bug] When requesting AXFRs or IXFRs using dig, host, or + nslookup, the RD bit should not be set as zone + transfers are inherently nonrecursive. [RT #1575] - 952. [bug] The server required manual intervention to serve the - affected zones if it died between creating a journal - and committing the first change to it. + 953. [func] The /var/run/named.key file from change #843 + has been replaced by /etc/rndc.key. Both + named and rndc will look for this file and use + it to configure a default control channel key + if not already configured using a different + method (rndc.conf / controls). Unlike + named.key, rndc.key is not created automatically; + it must be created by manually running + "rndc-confgen -a". - 951. [bug] CFLAGS was not passed to the linker when - linking some of the test programs under - bin/tests. [RT #1555]. + 952. [bug] The server required manual intervention to serve the + affected zones if it died between creating a journal + and committing the first change to it. - 950. [bug] Explicit TTLs did not properly override $TTL - due to a bug in change 834. [RT #1558] + 951. [bug] CFLAGS was not passed to the linker when + linking some of the test programs under + bin/tests. [RT #1555]. - 949. [bug] host was unable to print records larger than 512 - bytes. [RT #1557] + 950. [bug] Explicit TTLs did not properly override $TTL + due to a bug in change 834. [RT #1558] - --- 9.2.0b2 released --- + 949. [bug] host was unable to print records larger than 512 + bytes. [RT #1557] - 948. [port] Integrated support for building on Windows NT / - Windows 2000. + --- 9.2.0b2 released --- - 947. [bug] dns_rdata_soa_t had a badly named element "mname" which - was really the RNAME field from RFC1035. To avoid - confusion and silent errors that would occur it the - "origin" and "mname" elements were given their correct - names "mname" and "rname" respectively, the "mname" - element is renamed to "contact". + 948. [port] Integrated support for building on Windows NT / + Windows 2000. - 946. [cleanup] doc/misc/options is now machine-generated from the - configuration parser syntax tables, and therefore - more likely to be correct. + 947. [bug] dns_rdata_soa_t had a badly named element "mname" which + was really the RNAME field from RFC1035. To avoid + confusion and silent errors that would occur it the + "origin" and "mname" elements were given their correct + names "mname" and "rname" respectively, the "mname" + element is renamed to "contact". - 945. [func] Add the new view-specific options - "match-destinations" and "match-recursive-only". + 946. [cleanup] doc/misc/options is now machine-generated from the + configuration parser syntax tables, and therefore + more likely to be correct. - 944. [func] Check for expired signatures on load. + 945. [func] Add the new view-specific options + "match-destinations" and "match-recursive-only". - 943. [bug] The server could crash when receiving a command - via rndc if the configuration file listed only - nonexistent keys in the controls statement. [RT #1530] + 944. [func] Check for expired signatures on load. - 942. [port] libbind: GETNETBYADDR_ADDR_T was not correctly - defined on some platforms. + 943. [bug] The server could crash when receiving a command + via rndc if the configuration file listed only + nonexistent keys in the controls statement. [RT #1530] - 941. [bug] The configuration checker crashed if a slave - zone didn't contain a masters statement. [RT #1514] + 942. [port] libbind: GETNETBYADDR_ADDR_T was not correctly + defined on some platforms. - 940. [bug] Double zone locking failure on error path. [RT #1510] + 941. [bug] The configuration checker crashed if a slave + zone didn't contain a masters statement. [RT #1514] - --- 9.2.0b1 released --- + 940. [bug] Double zone locking failure on error path. [RT #1510] - 939. [port] Add the --disable-linux-caps option to configure for - systems that manage capabilities outside of named. - [RT #1503] + --- 9.2.0b1 released --- - 938. [placeholder] + 939. [port] Add the --disable-linux-caps option to configure for + systems that manage capabilities outside of named. + [RT #1503] - 937. [bug] A race when shutting down a zone could trigger a - INSIST() failure. [RT #1034] + 938. [placeholder] - 936. [func] Warn about IPv4 addresses that are not complete - dotted quads. [RT #1084] + 937. [bug] A race when shutting down a zone could trigger a + INSIST() failure. [RT #1034] - 935. [bug] inet_pton failed to reject leading zeros. + 936. [func] Warn about IPv4 addresses that are not complete + dotted quads. [RT #1084] - 934. [port] Deal with systems where accept() spuriously returns - ECONNRESET. + 935. [bug] inet_pton failed to reject leading zeros. - 933. [bug] configure failed doing libbind on platforms not - supported by BIND 8. [RT #1496] + 934. [port] Deal with systems where accept() spuriously returns + ECONNRESET. - --- 9.2.0a3 released --- + 933. [bug] configure failed doing libbind on platforms not + supported by BIND 8. [RT #1496] - 932. [bug] Use INSTALL_SCRIPT, not INSTALL_PROGRAM, - when installing isc-config.sh. - [RT #198, #1466] + --- 9.2.0a3 released --- - 931. [bug] The controls statement only attempted to verify - messages using the first key in the key list. - (9.2.0a1/a2 only). + 932. [bug] Use INSTALL_SCRIPT, not INSTALL_PROGRAM, + when installing isc-config.sh. + [RT #198, #1466] - 930. [func] Query performance testing tool added as - contrib/queryperf. + 931. [bug] The controls statement only attempted to verify + messages using the first key in the key list. + (9.2.0a1/a2 only). - 929. [placeholder] + 930. [func] Query performance testing tool added as + contrib/queryperf. - 928. [bug] nsupdate would send empty update packets if the - send (or empty line) command was run after - another send but before any new updates or - prerequisites were specified. It should simply - ignore this command. + 929. [placeholder] - 927. [bug] Don't hold the zone lock for the entire dump to disk. - [RT #1423] + 928. [bug] nsupdate would send empty update packets if the + send (or empty line) command was run after + another send but before any new updates or + prerequisites were specified. It should simply + ignore this command. - 926. [bug] The resolver could deadlock with the ADB when - shutting down (multi-threaded builds only). - [RT #1324] + 927. [bug] Don't hold the zone lock for the entire dump to disk. + [RT #1423] - 925. [cleanup] Remove openssl from the distribution; require that - --with-openssl be specified if DNSSEC is needed. + 926. [bug] The resolver could deadlock with the ADB when + shutting down (multi-threaded builds only). + [RT #1324] - 924. [port] Extend support for pre-RFC2133 IPv6 implementation. - [RT #987] + 925. [cleanup] Remove openssl from the distribution; require that + --with-openssl be specified if DNSSEC is needed. - 923. [bug] Multiline TSIG secrets (and other multiline strings) - were not accepted in named.conf. [RT #1469] + 924. [port] Extend support for pre-RFC2133 IPv6 implementation. + [RT #987] - 922. [func] Added two new lwres_getrrsetbyname() result codes, - ERR_NONAME and ERR_NODATA. + 923. [bug] Multiline TSIG secrets (and other multiline strings) + were not accepted in named.conf. [RT #1469] - 921. [bug] lwres returned an incorrect error code if it received - a truncated message. + 922. [func] Added two new lwres_getrrsetbyname() result codes, + ERR_NONAME and ERR_NODATA. - 920. [func] Increase the lwres receive buffer size to 16K. - [RT #1451] + 921. [bug] lwres returned an incorrect error code if it received + a truncated message. - 919. [placeholder] + 920. [func] Increase the lwres receive buffer size to 16K. + [RT #1451] - 918. [func] In nsupdate, TSIG errors are no longer treated as - fatal errors. + 919. [placeholder] - 917. [func] New nsupdate command 'key', allowing TSIG keys to - be specified in the nsupdate command stream rather - than the command line. + 918. [func] In nsupdate, TSIG errors are no longer treated as + fatal errors. - 916. [bug] Specifying type ixfr to dig without specifying - a serial number failed in unexpected ways. + 917. [func] New nsupdate command 'key', allowing TSIG keys to + be specified in the nsupdate command stream rather + than the command line. - 915. [func] The named-checkconf and named-checkzone programs - now have a '-v' option for printing their version. - [RT #1151] + 916. [bug] Specifying type ixfr to dig without specifying + a serial number failed in unexpected ways. - 914. [bug] Global 'server' statements were rejected when - using views, even though they were accepted - in 9.1. [RT #1368] + 915. [func] The named-checkconf and named-checkzone programs + now have a '-v' option for printing their version. + [RT #1151] - 913. [bug] Cache cleaning was not sufficiently aggressive. - [RT #1441, #1444] + 914. [bug] Global 'server' statements were rejected when + using views, even though they were accepted + in 9.1. [RT #1368] - 912. [bug] Attempts to set the 'additional-from-cache' or - 'additional-from-auth' option to 'no' in a - server with recursion enabled will now - be ignored and cause a warning message. - [RT #1145] + 913. [bug] Cache cleaning was not sufficiently aggressive. + [RT #1441, #1444] - 911. [placeholder] + 912. [bug] Attempts to set the 'additional-from-cache' or + 'additional-from-auth' option to 'no' in a + server with recursion enabled will now + be ignored and cause a warning message. + [RT #1145] - 910. [port] Some pre-RFC2133 IPv6 implementations do not define - IN6ADDR_ANY_INIT. [RT #1416] + 911. [placeholder] - 909. [placeholder] + 910. [port] Some pre-RFC2133 IPv6 implementations do not define + IN6ADDR_ANY_INIT. [RT #1416] - 908. [func] New program, rndc-confgen, to simplify setting up rndc. + 909. [placeholder] - 907. [func] The ability to get entropy from either the - random device, a user-provided file or from - the keyboard was migrated from the DNSSEC tools - to libisc as isc_entropy_usebestsource(). + 908. [func] New program, rndc-confgen, to simplify setting up rndc. - 906. [port] Separated the system independent portion of - lib/isc/unix/entropy.c into lib/isc/entropy.c - and added lib/isc/win32/entropy.c. + 907. [func] The ability to get entropy from either the + random device, a user-provided file or from + the keyboard was migrated from the DNSSEC tools + to libisc as isc_entropy_usebestsource(). - 905. [bug] Configuring a forward "zone" for the root domain - did not work. [RT #1418] + 906. [port] Separated the system independent portion of + lib/isc/unix/entropy.c into lib/isc/entropy.c + and added lib/isc/win32/entropy.c. - 904. [bug] The server would leak memory if attempting to use - an expired TSIG key. [RT #1406] + 905. [bug] Configuring a forward "zone" for the root domain + did not work. [RT #1418] - 903. [bug] dig should not crash when receiving a TCP packet - of length 0. + 904. [bug] The server would leak memory if attempting to use + an expired TSIG key. [RT #1406] - 902. [bug] The -d option was ignored if both -t and -g were also - specified. + 903. [bug] dig should not crash when receiving a TCP packet + of length 0. - 901. [placeholder] + 902. [bug] The -d option was ignored if both -t and -g were also + specified. - 900. [bug] A config.guess update changed the system identification - string of FreeBSD systems; configure and - bin/tests/system/ifconfig.sh now recognize the new - string. + 901. [placeholder] - --- 9.2.0a2 released --- + 900. [bug] A config.guess update changed the system identification + string of FreeBSD systems; configure and + bin/tests/system/ifconfig.sh now recognize the new + string. - 899. [bug] lib/dns/soa.c failed to compile on many platforms - due to inappropriate use of a void value. - [RT #1372, #1373, #1386, #1387, #1395] + --- 9.2.0a2 released --- - 898. [bug] "dig" failed to set a nonzero exit status - on UDP query timeout. [RT #1323] + 899. [bug] lib/dns/soa.c failed to compile on many platforms + due to inappropriate use of a void value. + [RT #1372, #1373, #1386, #1387, #1395] - 897. [bug] A config.guess update changed the system identification - string of UnixWare systems; configure now recognizes - the new string. + 898. [bug] "dig" failed to set a nonzero exit status + on UDP query timeout. [RT #1323] - 896. [bug] If a configuration file is set on named's command line - and it has a relative pathname, the current directory - (after any possible jailing resulting from named -t) - will be prepended to it so that reloading works - properly even when a directory option is present. + 897. [bug] A config.guess update changed the system identification + string of UnixWare systems; configure now recognizes + the new string. - 895. [func] New function, isc_dir_current(), akin to POSIX's - getcwd(). + 896. [bug] If a configuration file is set on named's command line + and it has a relative pathname, the current directory + (after any possible jailing resulting from named -t) + will be prepended to it so that reloading works + properly even when a directory option is present. - 894. [bug] When using the DNSSEC tools, a message intended to warn - when the keyboard was being used because of the lack - of a suitable random device was not being printed. + 895. [func] New function, isc_dir_current(), akin to POSIX's + getcwd(). - 893. [func] Removed isc_file_test() and added isc_file_exists() - for the basic functionality that was being added - with isc_file_test(). + 894. [bug] When using the DNSSEC tools, a message intended to warn + when the keyboard was being used because of the lack + of a suitable random device was not being printed. - 892. [placeholder] + 893. [func] Removed isc_file_test() and added isc_file_exists() + for the basic functionality that was being added + with isc_file_test(). - 891. [bug] Return an error when a SIG(0) signed response to - an unsigned query is seen. This should actually - do the verification, but it's not currently - possible. [RT #1391] + 892. [placeholder] - 890. [cleanup] The man pages no longer require the mandoc macros - and should now format cleanly using most versions of - nroff, and HTML versions of the man pages have been - added. Both are generated from DocBook source. + 891. [bug] Return an error when a SIG(0) signed response to + an unsigned query is seen. This should actually + do the verification, but it's not currently + possible. [RT #1391] - 889. [port] Eliminated blank lines before .TH in nroff man - pages since they cause problems with some versions - of nroff. [RT #1390] + 890. [cleanup] The man pages no longer require the mandoc macros + and should now format cleanly using most versions of + nroff, and HTML versions of the man pages have been + added. Both are generated from DocBook source. - 888. [bug] Don't die when using TKEY to delete a nonexistent - TSIG key. [RT #1392] + 889. [port] Eliminated blank lines before .TH in nroff man + pages since they cause problems with some versions + of nroff. [RT #1390] - 887. [port] Detect broken compilers that can't call static - functions from inline functions. [RT #1212] + 888. [bug] Don't die when using TKEY to delete a nonexistent + TSIG key. [RT #1392] - 886. [placeholder] + 887. [port] Detect broken compilers that can't call static + functions from inline functions. [RT #1212] - 885. [placeholder] + 886. [placeholder] - 884. [placeholder] + 885. [placeholder] - 883. [placeholder] + 884. [placeholder] - 882. [placeholder] + 883. [placeholder] - 881. [placeholder] + 882. [placeholder] - 880. [placeholder] + 881. [placeholder] - 879. [placeholder] + 880. [placeholder] - 878. [placeholder] + 879. [placeholder] - 877. [placeholder] + 878. [placeholder] - 876. [placeholder] + 877. [placeholder] - 875. [placeholder] + 876. [placeholder] - 874. [placeholder] + 875. [placeholder] - 873. [placeholder] + 874. [placeholder] - 872. [placeholder] + 873. [placeholder] - 871. [placeholder] + 872. [placeholder] - 870. [placeholder] + 871. [placeholder] - 869. [placeholder] + 870. [placeholder] - 868. [placeholder] + 869. [placeholder] - 867. [placeholder] + 868. [placeholder] - 866. [func] Close debug only file channels when debug is set to - zero. [RT #1246] + 867. [placeholder] - 865. [bug] The new configuration parser did not allow - the optional debug level in a "severity debug" - clause of a logging channel to be omitted. - This is now allowed and treated as "severity - debug 1;" like it does in BIND 8.2.4, not as - "severity debug 0;" like it did in BIND 9.1. - [RT #1367] + 866. [func] Close debug only file channels when debug is set to + zero. [RT #1246] - 864. [cleanup] Multi-threading is now enabled by default on - OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX. + 865. [bug] The new configuration parser did not allow + the optional debug level in a "severity debug" + clause of a logging channel to be omitted. + This is now allowed and treated as "severity + debug 1;" like it does in BIND 8.2.4, not as + "severity debug 0;" like it did in BIND 9.1. + [RT #1367] - 863. [bug] If an error occurred while an outgoing zone transfer - was starting up, the server could access a domain - name that had already been freed when logging a - message saying that the transfer was starting. - [RT #1383] + 864. [cleanup] Multi-threading is now enabled by default on + OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX. - 862. [bug] Use after realloc(), non portable pointer arithmetic in - grmerge(). + 863. [bug] If an error occurred while an outgoing zone transfer + was starting up, the server could access a domain + name that had already been freed when logging a + message saying that the transfer was starting. + [RT #1383] - 861. [port] Add support for Mac OS X, by making it equivalent - to Darwin. This was derived from the config.guess - file shipped with Mac OS X. [RT #1355] + 862. [bug] Use after realloc(), non portable pointer arithmetic in + grmerge(). - 860. [func] Drop cross class glue in zone transfers. + 861. [port] Add support for Mac OS X, by making it equivalent + to Darwin. This was derived from the config.guess + file shipped with Mac OS X. [RT #1355] - 859. [bug] Cache cleaning now won't swamp the CPU if there - is a persistent overlimit condition. + 860. [func] Drop cross class glue in zone transfers. - 858. [func] isc_mem_setwater() no longer requires that when the - callback function is non-NULL then its hi_water - argument must be greater than its lo_water argument - (they can now be equal) or that they be non-zero. + 859. [bug] Cache cleaning now won't swamp the CPU if there + is a persistent overlimit condition. - 857. [cleanup] Use ISC_MAGIC() to define all magic numbers for - structs, for our friends in EBCDIC-land. + 858. [func] isc_mem_setwater() no longer requires that when the + callback function is non-NULL then its hi_water + argument must be greater than its lo_water argument + (they can now be equal) or that they be non-zero. - 856. [func] Allow partial rdatasets to be returned in answer and - authority sections to help non-TCP capable clients - recover from truncation. [RT #1301] + 857. [cleanup] Use ISC_MAGIC() to define all magic numbers for + structs, for our friends in EBCDIC-land. - 855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings. + 856. [func] Allow partial rdatasets to be returned in answer and + authority sections to help non-TCP capable clients + recover from truncation. [RT #1301] - 854. [bug] The config parser didn't properly handle config - options that were specified in units of time other - than seconds. [RT #1372] + 855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings. - 853. [bug] configure_view_acl() failed to detach existing acls. - [RT #1374] + 854. [bug] The config parser didn't properly handle config + options that were specified in units of time other + than seconds. [RT #1372] - 852. [bug] Handle responses from servers which do not know - about IXFR. + 853. [bug] configure_view_acl() failed to detach existing acls. + [RT #1374] - 851. [cleanup] The obsolete support-ixfr option was not properly - ignored. + 852. [bug] Handle responses from servers which do not know + about IXFR. - --- 9.2.0a1 released --- + 851. [cleanup] The obsolete support-ixfr option was not properly + ignored. - 850. [bug] dns_rbt_findnode() would not find nodes that were - split on a bitstring label somewhere other than in - the last label of the node. [RT #1351] + --- 9.2.0a1 released --- - 849. [func] will ensure INADDR_LOOPBACK is defined. + 850. [bug] dns_rbt_findnode() would not find nodes that were + split on a bitstring label somewhere other than in + the last label of the node. [RT #1351] - 848. [func] A minimum max-cache-size of two megabytes is enforced - by the cache cleaner. + 849. [func] will ensure INADDR_LOOPBACK is defined. - 847. [func] Added isc_file_test(), which currently only has - some very basic functionality to test for the - existence of a file, whether a pathname is absolute, - or whether a pathname is the fundamental representation - of the current directory. It is intended that this - function can be expanded to test other things a - programmer might want to know about a file. + 848. [func] A minimum max-cache-size of two megabytes is enforced + by the cache cleaner. - 846. [func] A non-zero 'param' to dst_key_generate() when making an - hmac-md5 key means that good entropy is not required. + 847. [func] Added isc_file_test(), which currently only has + some very basic functionality to test for the + existence of a file, whether a pathname is absolute, + or whether a pathname is the fundamental representation + of the current directory. It is intended that this + function can be expanded to test other things a + programmer might want to know about a file. - 845. [bug] The access rights on the public file of a symmetric - key are now restricted as soon as the file is opened, - rather than after it has been written and closed. + 846. [func] A non-zero 'param' to dst_key_generate() when making an + hmac-md5 key means that good entropy is not required. - 844. [func] will ensure INADDR_LOOPBACK is defined, - just as does. + 845. [bug] The access rights on the public file of a symmetric + key are now restricted as soon as the file is opened, + rather than after it has been written and closed. - 843. [func] If no controls statement is present in named.conf, - or if any inet phrase of a controls statement is - lacking a keys clause, then a key will be automatically - generated by named and an rndc.conf-style file - named named.key will be written that uses it. rndc - will use this file only if its normal configuration - file, or one provided on the command line, does not - exist. + 844. [func] will ensure INADDR_LOOPBACK is defined, + just as does. - 842. [func] 'rndc flush' now takes an optional view. + 843. [func] If no controls statement is present in named.conf, + or if any inet phrase of a controls statement is + lacking a keys clause, then a key will be automatically + generated by named and an rndc.conf-style file + named named.key will be written that uses it. rndc + will use this file only if its normal configuration + file, or one provided on the command line, does not + exist. - 841. [bug] When sdb modules were not declared threadsafe, their - create and destroy functions were not serialized. + 842. [func] 'rndc flush' now takes an optional view. - 840. [bug] The config file parser could print the wrong file - name if an error was detected after an included file - was parsed. [RT #1353] + 841. [bug] When sdb modules were not declared threadsafe, their + create and destroy functions were not serialized. - 839. [func] Dump packets for which there was no view or that the - class could not be determined to category "unmatched". + 840. [bug] The config file parser could print the wrong file + name if an error was detected after an included file + was parsed. [RT #1353] - 838. [port] UnixWare 7.x.x is now suported by - bin/tests/system/ifconfig.sh. + 839. [func] Dump packets for which there was no view or that the + class could not be determined to category "unmatched". - 837. [cleanup] Multi-threading is now enabled by default only on - OSF1, Solaris 2.7 and newer, and AIX. + 838. [port] UnixWare 7.x.x is now suported by + bin/tests/system/ifconfig.sh. - 836. [func] Upgraded libtool to 1.4. + 837. [cleanup] Multi-threading is now enabled by default only on + OSF1, Solaris 2.7 and newer, and AIX. - 835. [bug] The dispatcher could enter a busy loop if - it got an I/O error receiving on a UDP socket. - [RT #1293] + 836. [func] Upgraded libtool to 1.4. - 834. [func] Accept (but warn about) master files beginning with - an SOA record without an explicit TTL field and - lacking a $TTL directive, by using the SOA MINTTL - as a default TTL. This is for backwards compatibility - with old versions of BIND 8, which accepted such - files without warning although they are illegal - according to RFC1035. + 835. [bug] The dispatcher could enter a busy loop if + it got an I/O error receiving on a UDP socket. + [RT #1293] - 833. [cleanup] Moved dns_soa_*() from to - , and extended them to support - all the integer-valued fields of the SOA RR. + 834. [func] Accept (but warn about) master files beginning with + an SOA record without an explicit TTL field and + lacking a $TTL directive, by using the SOA MINTTL + as a default TTL. This is for backwards compatibility + with old versions of BIND 8, which accepted such + files without warning although they are illegal + according to RFC1035. - 832. [bug] The default location for named.conf in named-checkconf - should depend on --sysconfdir like it does in named. - [RT #1258] + 833. [cleanup] Moved dns_soa_*() from to + , and extended them to support + all the integer-valued fields of the SOA RR. - 831. [placeholder] + 832. [bug] The default location for named.conf in named-checkconf + should depend on --sysconfdir like it does in named. + [RT #1258] - 830. [func] Implement 'rndc status'. + 831. [placeholder] - 829. [bug] The DNS_R_ZONECUT result code should only be returned - when an ANY query is made with DNS_DBFIND_GLUEOK set. - In all other ANY query cases, returning the delegation - is better. + 830. [func] Implement 'rndc status'. - 828. [bug] The errno value from recvfrom() could be overwritten - by logging code. [RT #1293] + 829. [bug] The DNS_R_ZONECUT result code should only be returned + when an ANY query is made with DNS_DBFIND_GLUEOK set. + In all other ANY query cases, returning the delegation + is better. - 827. [bug] When an IXFR protocol error occurs, the slave - should retry with AXFR. + 828. [bug] The errno value from recvfrom() could be overwritten + by logging code. [RT #1293] - 826. [bug] Some IXFR protocol errors were not detected. + 827. [bug] When an IXFR protocol error occurs, the slave + should retry with AXFR. - 825. [bug] zone.c:ns_query() detached from the wrong zone - reference. [RT #1264] + 826. [bug] Some IXFR protocol errors were not detected. - 824. [bug] Correct line numbers reported by dns_master_load(). - [RT #1263] + 825. [bug] zone.c:ns_query() detached from the wrong zone + reference. [RT #1264] - 823. [func] The output of "dig -h" now goes to stdout so that it - can easily be piped through "more". [RT #1254] + 824. [bug] Correct line numbers reported by dns_master_load(). + [RT #1263] - 822. [bug] Sending nxrrset prerequisites would crash nsupdate. - [RT #1248] + 823. [func] The output of "dig -h" now goes to stdout so that it + can easily be piped through "more". [RT #1254] - 821. [bug] The program name used when logging to syslog should - be stripped of leading path components. - [RT #1178, #1232] + 822. [bug] Sending nxrrset prerequisites would crash nsupdate. + [RT #1248] - 820. [bug] Name server address lookups failed to follow - A6 chains into the glue of local authoritative - zones. + 821. [bug] The program name used when logging to syslog should + be stripped of leading path components. + [RT #1178, #1232] - 819. [bug] In certain cases, the resolver's attempts to - restart an address lookup at the root could cause - the fetch to deadlock (with itself) instead of - restarting. [RT #1225] + 820. [bug] Name server address lookups failed to follow + A6 chains into the glue of local authoritative + zones. - 818. [bug] Certain pathological responses to ANY queries could - cause an assertion failure. [RT #1218] + 819. [bug] In certain cases, the resolver's attempts to + restart an address lookup at the root could cause + the fetch to deadlock (with itself) instead of + restarting. [RT #1225] - 817. [func] Adjust timeouts for dialup zone queries. + 818. [bug] Certain pathological responses to ANY queries could + cause an assertion failure. [RT #1218] - 816. [bug] Report potential problems with log file accessibility - at configuration time, since such problems can't - reliably be reported at the time they actually occur. + 817. [func] Adjust timeouts for dialup zone queries. - 815. [bug] If a log file was specified with a path separator - character (i.e. "/") in its name and the directory - did not exist, the log file's name was treated as - though it were the directory name. [RT #1189] + 816. [bug] Report potential problems with log file accessibility + at configuration time, since such problems can't + reliably be reported at the time they actually occur. - 814. [bug] Socket objects left over from accept() failures - were incorrectly destroyed, causing corruption - of socket manager data structures. + 815. [bug] If a log file was specified with a path separator + character (i.e. "/") in its name and the directory + did not exist, the log file's name was treated as + though it were the directory name. [RT #1189] - 813. [bug] File descriptors exceeding FD_SETSIZE were handled - badly. [RT #1192] + 814. [bug] Socket objects left over from accept() failures + were incorrectly destroyed, causing corruption + of socket manager data structures. - 812. [bug] dig sometimes printed incomplete IXFR responses - due to an uninitialized variable. [RT #1188] + 813. [bug] File descriptors exceeding FD_SETSIZE were handled + badly. [RT #1192] - 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194] + 812. [bug] dig sometimes printed incomplete IXFR responses + due to an uninitialized variable. [RT #1188] - 810. [bug] The signer name in SIG records was not properly - downcased when signing/verifying records. [RT #1186] + 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194] - 809. [bug] Configuring a non-local address as a transfer-source - could cause an assertion failure during load. + 810. [bug] The signer name in SIG records was not properly + downcased when signing/verifying records. [RT #1186] - 808. [func] Add 'rndc flush' to flush the server's cache. + 809. [bug] Configuring a non-local address as a transfer-source + could cause an assertion failure during load. - 807. [bug] When setting up TCP connections for incoming zone - transfers, the transfer-source port was not - ignored like it should be. + 808. [func] Add 'rndc flush' to flush the server's cache. - 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up - the calling stack to the zone maintence level, causing - zones to not reload when an included file was touched - but the top-level zone file was not. + 807. [bug] When setting up TCP connections for incoming zone + transfers, the transfer-source port was not + ignored like it should be. - 805. [bug] When using "forward only", missing root hints should - not cause queries to fail. [RT #1143] + 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up + the calling stack to the zone maintence level, causing + zones to not reload when an included file was touched + but the top-level zone file was not. - 804. [bug] Attempting to obtain entropy could fail in some - situations. This would be most common on systems - with user-space threads. [RT #1131] + 805. [bug] When using "forward only", missing root hints should + not cause queries to fail. [RT #1143] - 803. [bug] Treat all SIG queries as if they have the CD bit set, - otherwise no data will be returned [RT #749] + 804. [bug] Attempting to obtain entropy could fail in some + situations. This would be most common on systems + with user-space threads. [RT #1131] - 802. [bug] DNSSEC key tags were computed incorrectly in almost - all cases. [RT #1146] + 803. [bug] Treat all SIG queries as if they have the CD bit set, + otherwise no data will be returned [RT #749] - 801. [bug] nsupdate should treat lines beginning with ';' as - comments. [RT #1139] + 802. [bug] DNSSEC key tags were computed incorrectly in almost + all cases. [RT #1146] - 800. [bug] dnssec-signzone produced incorrect statistics for - large zones. [RT #1133] + 801. [bug] nsupdate should treat lines beginning with ';' as + comments. [RT #1139] - 799. [bug] The ADB didn't find AAAA glue in a zone unless A6 - glue was also present. + 800. [bug] dnssec-signzone produced incorrect statistics for + large zones. [RT #1133] - 798. [bug] nsupdate should be able to reject bad input lines - and continue. [RT #1130] + 799. [bug] The ADB didn't find AAAA glue in a zone unless A6 + glue was also present. - 797. [func] Issue a warning if the 'directory' option contains - a relative path. [RT #269] + 798. [bug] nsupdate should be able to reject bad input lines + and continue. [RT #1130] - 796. [func] When a size limit is associated with a log file, - only roll it when the size is reached, not every - time the log file is opened. [RT #1096] + 797. [func] Issue a warning if the 'directory' option contains + a relative path. [RT #269] - 795. [func] Add the +multiline option to dig. [RT #1095] + 796. [func] When a size limit is associated with a log file, + only roll it when the size is reached, not every + time the log file is opened. [RT #1096] - 794. [func] Implement the "port" and "default-port" statements - in rndc.conf. + 795. [func] Add the +multiline option to dig. [RT #1095] - 793. [cleanup] The DNSSEC tools could create filenames that were - illegal or contained shell metacharacters. They - now use a different text encoding of names that - doesn't have these problems. [RT #1101] + 794. [func] Implement the "port" and "default-port" statements + in rndc.conf. - 792. [cleanup] Replace the OMAPI command channel protocol with a - simpler one. + 793. [cleanup] The DNSSEC tools could create filenames that were + illegal or contained shell metacharacters. They + now use a different text encoding of names that + doesn't have these problems. [RT #1101] - 791. [bug] The command channel now works over IPv6. + 792. [cleanup] Replace the OMAPI command channel protocol with a + simpler one. - 790. [bug] Wildcards created using dynamic update or IXFR - could fail to match. [RT #1111] + 791. [bug] The command channel now works over IPv6. - 789. [bug] The "localhost" and "localnets" ACLs did not match - when used as the second element of a two-element - sortlist item. + 790. [bug] Wildcards created using dynamic update or IXFR + could fail to match. [RT #1111] - 788. [func] Add the "match-mapped-addresses" option, which - causes IPv6 v4mapped addresses to be treated as - IPv4 addresses for the purpose of acl matching. + 789. [bug] The "localhost" and "localnets" ACLs did not match + when used as the second element of a two-element + sortlist item. - 787. [bug] The DNSSEC tools failed to downcase domain - names when mapping them into file names. + 788. [func] Add the "match-mapped-addresses" option, which + causes IPv6 v4mapped addresses to be treated as + IPv4 addresses for the purpose of acl matching. - 786. [bug] When DNSSEC signing/verifying data, owner names were - not properly downcased. + 787. [bug] The DNSSEC tools failed to downcase domain + names when mapping them into file names. - 785. [bug] A race condition in the resolver could cause - an assertion failure. [RT #673, #872, #1048] + 786. [bug] When DNSSEC signing/verifying data, owner names were + not properly downcased. - 784. [bug] nsupdate and other programs would not quit properly - if some signals were blocked by the caller. [RT #1081] + 785. [bug] A race condition in the resolver could cause + an assertion failure. [RT #673, #872, #1048] - 783. [bug] Following CNAMEs could cause an assertion failure - when either using an sdb database or under very - rare conditions. + 784. [bug] nsupdate and other programs would not quit properly + if some signals were blocked by the caller. [RT #1081] - 782. [func] Implement the "serial-query-rate" option. + 783. [bug] Following CNAMEs could cause an assertion failure + when either using an sdb database or under very + rare conditions. - 781. [func] Avoid error packet loops by dropping duplicate FORMERR - responses. [RT #1006] + 782. [func] Implement the "serial-query-rate" option. - 780. [bug] Error handling code dealing with out of memory or - other rare errors could lead to assertion failures - by calling functions on unitialized names. [RT #1065] + 781. [func] Avoid error packet loops by dropping duplicate FORMERR + responses. [RT #1006] - 779. [func] Added the "minimal-responses" option. + 780. [bug] Error handling code dealing with out of memory or + other rare errors could lead to assertion failures + by calling functions on unitialized names. [RT #1065] - 778. [bug] When starting cache cleaning, cleaning_timer_action() - returned without first pausing the iterator, which - could cause deadlock. [RT #998] + 779. [func] Added the "minimal-responses" option. - 777. [bug] An empty forwarders list in a zone failed to override - global forwarders. [RT #995] + 778. [bug] When starting cache cleaning, cleaning_timer_action() + returned without first pausing the iterator, which + could cause deadlock. [RT #998] - 776. [func] Improved error reporting in denied messages. [RT #252] + 777. [bug] An empty forwarders list in a zone failed to override + global forwarders. [RT #995] - 775. [placeholder] + 776. [func] Improved error reporting in denied messages. [RT #252] - 774. [func] max-cache-size is implemented. + 775. [placeholder] - 773. [func] Added isc_rwlock_trylock() to attempt to lock without - blocking. + 774. [func] max-cache-size is implemented. - 772. [bug] Owner names could be incorrectly omitted from cache - dumps in the presence of negative caching entries. - [RT #991] + 773. [func] Added isc_rwlock_trylock() to attempt to lock without + blocking. - 771. [cleanup] TSIG errors related to unsynchronized clocks - are logged better. [RT #919] + 772. [bug] Owner names could be incorrectly omitted from cache + dumps in the presence of negative caching entries. + [RT #991] - 770. [func] Add the "edns yes_or_no" statement to the server - clause. [RT #524] + 771. [cleanup] TSIG errors related to unsynchronized clocks + are logged better. [RT #919] - 769. [func] Improved error reporting when parsing rdata. [RT #740] + 770. [func] Add the "edns yes_or_no" statement to the server + clause. [RT #524] - 768. [bug] The server did not emit an SOA when a CNAME - or DNAME chain ended in NXDOMAIN in an - authoritative zone. + 769. [func] Improved error reporting when parsing rdata. [RT #740] - 767. [placeholder] + 768. [bug] The server did not emit an SOA when a CNAME + or DNAME chain ended in NXDOMAIN in an + authoritative zone. - 766. [bug] A few cases in query_find() could leak fname. - This would trigger the mpctx->allocated == 0 - assertion when the server exited. - [RT #739, #776, #798, #812, #818, #821, #845, - #892, #935, #966] + 767. [placeholder] - 765. [func] ACL names are once again case insensitive, like - in BIND 8. [RT #252] + 766. [bug] A few cases in query_find() could leak fname. + This would trigger the mpctx->allocated == 0 + assertion when the server exited. + [RT #739, #776, #798, #812, #818, #821, #845, + #892, #935, #966] - 764. [func] Configuration files now allow "include" directives - in more places, such as inside the "view" statement. - [RT #377, #728, #860] + 765. [func] ACL names are once again case insensitive, like + in BIND 8. [RT #252] - 763. [func] Configuration files no longer have reserved words. - [RT #731, #753] + 764. [func] Configuration files now allow "include" directives + in more places, such as inside the "view" statement. + [RT #377, #728, #860] - 762. [cleanup] The named.conf and rndc.conf file parsers have - been completely rewritten. + 763. [func] Configuration files no longer have reserved words. + [RT #731, #753] - 761. [bug] _REENTRANT was still defined when building with - --disable-threads. + 762. [cleanup] The named.conf and rndc.conf file parsers have + been completely rewritten. - 760. [contrib] Significant enhancements to the pgsql sdb driver. + 761. [bug] _REENTRANT was still defined when building with + --disable-threads. - 759. [bug] The resolver didn't turn off "avoid fetches" mode - when restarting, possibly causing resolution - to fail when it should not. This bug only affected - platforms which support both IPv4 and IPv6. [RT #927] + 760. [contrib] Significant enhancements to the pgsql sdb driver. - 758. [bug] The "avoid fetches" code did not treat negative - cache entries correctly, causing fetches that would - be useful to be avoided. This bug only affected - platforms which support both IPv4 and IPv6. [RT #927] + 759. [bug] The resolver didn't turn off "avoid fetches" mode + when restarting, possibly causing resolution + to fail when it should not. This bug only affected + platforms which support both IPv4 and IPv6. [RT #927] - 757. [func] Log zone transfers. + 758. [bug] The "avoid fetches" code did not treat negative + cache entries correctly, causing fetches that would + be useful to be avoided. This bug only affected + platforms which support both IPv4 and IPv6. [RT #927] - 756. [bug] dns_zone_load() could "return" success when no master - file was configured. + 757. [func] Log zone transfers. - 755. [bug] Fix incorrectly formatted log messages in zone.c. + 756. [bug] dns_zone_load() could "return" success when no master + file was configured. - 754. [bug] Certain failure conditions sending UDP packets - could cause the server to retry the transmission - indefinitely. [RT #902] + 755. [bug] Fix incorrectly formatted log messages in zone.c. - 753. [bug] dig, host, and nslookup would fail to contact a - remote server if getaddrinfo() returned an IPv6 - address on a system that doesn't support IPv6. - [RT #917] + 754. [bug] Certain failure conditions sending UDP packets + could cause the server to retry the transmission + indefinitely. [RT #902] - 752. [func] Correct bad tv_usec elements returned by - gettimeofday(). + 753. [bug] dig, host, and nslookup would fail to contact a + remote server if getaddrinfo() returned an IPv6 + address on a system that doesn't support IPv6. + [RT #917] - 751. [func] Log successful zone loads / transfers. [RT #898] + 752. [func] Correct bad tv_usec elements returned by + gettimeofday(). - 750. [bug] A query should not match a DNAME whose trust level - is pending. [RT #916] + 751. [func] Log successful zone loads / transfers. [RT #898] - 749. [bug] When a query matched a DNAME in a secure zone, the - server did not return the signature of the DNAME. - [RT #915] + 750. [bug] A query should not match a DNAME whose trust level + is pending. [RT #916] - 748. [doc] List supported RFCs in doc/misc/rfc-compliance. - [RT #781] + 749. [bug] When a query matched a DNAME in a secure zone, the + server did not return the signature of the DNAME. + [RT #915] - 747. [bug] The code to determine whether an IXFR was possible - did not properly check for a database that could - not have a journal. [RT #865, #908] + 748. [doc] List supported RFCs in doc/misc/rfc-compliance. + [RT #781] - 746. [bug] The sdb didn't clone rdatasets properly, causing - a crash when the server followed delegations. [RT #905] + 747. [bug] The code to determine whether an IXFR was possible + did not properly check for a database that could + not have a journal. [RT #865, #908] - 745. [func] Report the owner name of records that fail - semantic checks while loading. + 746. [bug] The sdb didn't clone rdatasets properly, causing + a crash when the server followed delegations. [RT #905] - 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the - result of an ANY or SIG query, the resolver failed - to setup the return event's rdatasets, causing an - assertion failure in the query code. [RT #881] + 745. [func] Report the owner name of records that fail + semantic checks while loading. - 743. [bug] Receiving a large number of certain malformed - answers could cause named to stop responding. - [RT #861] + 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the + result of an ANY or SIG query, the resolver failed + to setup the return event's rdatasets, causing an + assertion failure in the query code. [RT #881] - 742. [placeholder] + 743. [bug] Receiving a large number of certain malformed + answers could cause named to stop responding. + [RT #861] - 741. [port] Support openssl-engine. [RT #709] + 742. [placeholder] - 740. [port] Handle openssl library mismatches slightly better. + 741. [port] Support openssl-engine. [RT #709] - 739. [port] Look for /dev/random in configure, rather than - assuming it will be there for only a predefined - set of OSes. + 740. [port] Handle openssl library mismatches slightly better. - 738. [bug] If a non-threadsafe sdb driver supported AXFR and - received an AXFR request, it would deadlock or die - with an assertion failure. [RT #852] + 739. [port] Look for /dev/random in configure, rather than + assuming it will be there for only a predefined + set of OSes. - 737. [port] stdtime.c failed to compile on certain platforms. + 738. [bug] If a non-threadsafe sdb driver supported AXFR and + received an AXFR request, it would deadlock or die + with an assertion failure. [RT #852] - 736. [func] New functions isc_task_{begin,end}exclusive(). + 737. [port] stdtime.c failed to compile on certain platforms. - 735. [doc] Add BIND 4 migration notes. + 736. [func] New functions isc_task_{begin,end}exclusive(). - 734. [bug] An attempt to re-lock the zone lock could occur if - the server was shutdown during a zone tranfer. - [RT #830] + 735. [doc] Add BIND 4 migration notes. - 733. [bug] Reference counts of dns_acl_t objects need to be - locked but were not. [RT #801, #821] + 734. [bug] An attempt to re-lock the zone lock could occur if + the server was shutdown during a zone tranfer. + [RT #830] - 732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828] + 733. [bug] Reference counts of dns_acl_t objects need to be + locked but were not. [RT #801, #821] - 731. [bug] Certain zone errors could cause named-checkzone to - fail ungracefully. [RT #819] + 732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828] - 730. [bug] lwres_getaddrinfo() returns the correct result when - it fails to contact a server. [RT #768] + 731. [bug] Certain zone errors could cause named-checkzone to + fail ungracefully. [RT #819] - 729. [port] pthread_setconcurrency() needs to be called on Solaris. + 730. [bug] lwres_getaddrinfo() returns the correct result when + it fails to contact a server. [RT #768] - 728. [bug] Fix comment processing on master file directives. - [RT# 757] + 729. [port] pthread_setconcurrency() needs to be called on Solaris. - 727. [port] Work around OS bug where accept() succeeds but - fails to fill in the peer address of the accepted - connection, by treating it as an error rather than - an assertion failure. [RT #809] + 728. [bug] Fix comment processing on master file directives. + [RT# 757] - 726. [func] Implement the "trace" and "notrace" commands in rndc. + 727. [port] Work around OS bug where accept() succeeds but + fails to fill in the peer address of the accepted + connection, by treating it as an error rather than + an assertion failure. [RT #809] - 725. [bug] Installing man pages could fail. + 726. [func] Implement the "trace" and "notrace" commands in rndc. - 724. [func] New libisc functions isc_netaddr_any(), - isc_netaddr_any6(). + 725. [bug] Installing man pages could fail. - 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver - to return DNS_R_SERVFAIL. [RT #783] + 724. [func] New libisc functions isc_netaddr_any(), + isc_netaddr_any6(). - 722. [func] Allow incremental loads to be canceled. + 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver + to return DNS_R_SERVFAIL. [RT #783] - 721. [cleanup] Load manager and dns_master_loadfilequota() are no - more. + 722. [func] Allow incremental loads to be canceled. - 720. [bug] Server could enter infinite loop in - dispatch.c:do_cancel(). [RT #733] + 721. [cleanup] Load manager and dns_master_loadfilequota() are no + more. - 719. [bug] Rapid reloads could trigger an assertion failure. - [RT #743, #763] + 720. [bug] Server could enter infinite loop in + dispatch.c:do_cancel(). [RT #733] - 718. [cleanup] "internal" is no longer a reserved word in named.conf. - [RT #753, #731] + 719. [bug] Rapid reloads could trigger an assertion failure. + [RT #743, #763] - 717. [bug] Certain TKEY processing failure modes could - reference an uninitialized variable, causing the - server to crash. [RT #750] + 718. [cleanup] "internal" is no longer a reserved word in named.conf. + [RT #753, #731] - 716. [bug] The first line of a $INCLUDE master file was lost if - an origin was specified. [RT #744] + 717. [bug] Certain TKEY processing failure modes could + reference an uninitialized variable, causing the + server to crash. [RT #750] - 715. [bug] Resolving some A6 chains could cause an assertion - failure in adb.c. [RT #738] + 716. [bug] The first line of a $INCLUDE master file was lost if + an origin was specified. [RT #744] - 714. [bug] Preserve interval timers across reloads unless changed. - [RT# 729] + 715. [bug] Resolving some A6 chains could cause an assertion + failure in adb.c. [RT #738] - 713. [func] named-checkconf takes '-t directory' similar to named. - [RT #726] + 714. [bug] Preserve interval timers across reloads unless changed. + [RT# 729] - 712. [bug] Sending a large signed update message caused an - assertion failure. [RT #718] + 713. [func] named-checkconf takes '-t directory' similar to named. + [RT #726] - 711. [bug] The libisc and liblwres implementations of - inet_ntop contained an off by one error. + 712. [bug] Sending a large signed update message caused an + assertion failure. [RT #718] - 710. [func] The forwarders statement now takes an optional - port. [RT #418] + 711. [bug] The libisc and liblwres implementations of + inet_ntop contained an off by one error. - 709. [bug] ANY or SIG queries for data with a TTL of 0 - would return SERVFAIL. [RT #620] + 710. [func] The forwarders statement now takes an optional + port. [RT #418] - 708. [bug] When building with --with-openssl, the openssl headers - included with BIND 9 should not be used. [RT #702] + 709. [bug] ANY or SIG queries for data with a TTL of 0 + would return SERVFAIL. [RT #620] - 707. [func] The "filename" argument to named-checkzone is no - longer optional, to reduce confusion. [RT #612] + 708. [bug] When building with --with-openssl, the openssl headers + included with BIND 9 should not be used. [RT #702] - 706. [bug] Zones with an explicit "allow-update { none; };" - were considered dynamic and therefore not reloaded - on SIGHUP or "rndc reload". + 707. [func] The "filename" argument to named-checkzone is no + longer optional, to reduce confusion. [RT #612] - 705. [port] Work out resource limit type for use where rlim_t is - not available. [RT #695] + 706. [bug] Zones with an explicit "allow-update { none; };" + were considered dynamic and therefore not reloaded + on SIGHUP or "rndc reload". - 704. [port] RLIMIT_NOFILE is not available on all platforms. - [RT #695] + 705. [port] Work out resource limit type for use where rlim_t is + not available. [RT #695] - 703. [port] sys/select.h is needed on older platforms. [RT #695] + 704. [port] RLIMIT_NOFILE is not available on all platforms. + [RT #695] - 702. [func] If the address 0.0.0.0 is seen in resolv.conf, - use 127.0.0.1 instead. [RT #693] + 703. [port] sys/select.h is needed on older platforms. [RT #695] - 701. [func] Root hints are now fully optional. Class IN - views use compiled-in hints by default, as - before. Non-IN views with no root hints now - provide authoritative service but not recursion. - A warning is logged if a view has neither root - hints nor authoritative data for the root. [RT #696] + 702. [func] If the address 0.0.0.0 is seen in resolv.conf, + use 127.0.0.1 instead. [RT #693] - 700. [bug] $GENERATE range check was wrong. [RT #688] + 701. [func] Root hints are now fully optional. Class IN + views use compiled-in hints by default, as + before. Non-IN views with no root hints now + provide authoritative service but not recursion. + A warning is logged if a view has neither root + hints nor authoritative data for the root. [RT #696] - 699. [bug] The lexer mishandled empty quoted strings. [RT #694] + 700. [bug] $GENERATE range check was wrong. [RT #688] - 698. [bug] Aborting nsupdate with ^C would lead to several - race conditions. + 699. [bug] The lexer mishandled empty quoted strings. [RT #694] - 697. [bug] nsupdate was not compatible with the undocumented - BIND 8 behavior of ignoring TTLs in "update delete" - commands. [RT #693] + 698. [bug] Aborting nsupdate with ^C would lead to several + race conditions. - 696. [bug] lwresd would die with an assertion failure when passed - a zero-length name. [RT #692] + 697. [bug] nsupdate was not compatible with the undocumented + BIND 8 behavior of ignoring TTLs in "update delete" + commands. [RT #693] - 695. [bug] If the resolver attempted to query a blackholed or - bogus server, the resolution would fail immediately. + 696. [bug] lwresd would die with an assertion failure when passed + a zero-length name. [RT #692] - 694. [bug] $GENERATE did not produce the last entry. - [RT #682, #683] + 695. [bug] If the resolver attempted to query a blackholed or + bogus server, the resolution would fail immediately. - 693. [bug] An empty lwres statement in named.conf caused - the server to crash while loading. + 694. [bug] $GENERATE did not produce the last entry. + [RT #682, #683] - 692. [bug] Deal with systems that have getaddrinfo() but not - gai_strerror(). [RT #679] + 693. [bug] An empty lwres statement in named.conf caused + the server to crash while loading. - 691. [bug] Configuring per-view forwarders caused an assertion - failure. [RT #675, #734] + 692. [bug] Deal with systems that have getaddrinfo() but not + gai_strerror(). [RT #679] - 690. [func] $GENERATE now supports DNAME. [RT #654] + 691. [bug] Configuring per-view forwarders caused an assertion + failure. [RT #675, #734] - 689. [doc] man pages are now installed. [RT #210] + 690. [func] $GENERATE now supports DNAME. [RT #654] - 688. [func] "make tags" now works on systems with the - "Exuberant Ctags" etags. + 689. [doc] man pages are now installed. [RT #210] - 687. [bug] Only say we have IPv6, with sufficent functionality, - if it has actually been tested. [RT #586] + 688. [func] "make tags" now works on systems with the + "Exuberant Ctags" etags. - 686. [bug] dig and nslookup can now be properly aborted during - blocking operations. [RT #568] + 687. [bug] Only say we have IPv6, with sufficent functionality, + if it has actually been tested. [RT #586] - 685. [bug] nslookup should use the search list/domain options - from resolv.conf by default. [RT #405, #630] + 686. [bug] dig and nslookup can now be properly aborted during + blocking operations. [RT #568] - 684. [bug] Memory leak with view forwarders. [RT #656] + 685. [bug] nslookup should use the search list/domain options + from resolv.conf by default. [RT #405, #630] - 683. [bug] File descriptor leak in isc_lex_openfile(). + 684. [bug] Memory leak with view forwarders. [RT #656] - 682. [bug] nslookup displayed SOA records incorrectly. [RT #665] + 683. [bug] File descriptor leak in isc_lex_openfile(). - 681. [bug] $GENERATE specifying output format was broken. [RT #653] + 682. [bug] nslookup displayed SOA records incorrectly. [RT #665] - 680. [bug] dns_rdata_fromstruct() mishandled options bigger - than 255 octets. + 681. [bug] $GENERATE specifying output format was broken. [RT #653] - 679. [bug] $INCLUDE could leak memory and file descriptors on - reload. [RT #639] + 680. [bug] dns_rdata_fromstruct() mishandled options bigger + than 255 octets. - 678. [bug] "transfer-format one-answer;" could trigger an assertion - failure. [RT #646] + 679. [bug] $INCLUDE could leak memory and file descriptors on + reload. [RT #639] - 677. [bug] dnssec-signzone would occasionally use the wrong ttl - for database operations and fail. [RT #643] + 678. [bug] "transfer-format one-answer;" could trigger an assertion + failure. [RT #646] - 676. [bug] Log messages about lame servers to category - 'lame-servers' rather than 'resolver', so as not - to be gratuitously incompatible with BIND 8. + 677. [bug] dnssec-signzone would occasionally use the wrong ttl + for database operations and fail. [RT #643] - 675. [bug] TKEY queries could cause the server to leak - memory. + 676. [bug] Log messages about lame servers to category + 'lame-servers' rather than 'resolver', so as not + to be gratuitously incompatible with BIND 8. - 674. [func] Allow messages to be TSIG signed / verified using - a offset from the current time. + 675. [bug] TKEY queries could cause the server to leak + memory. - 673. [func] The server can now convert RFC1886-style recursive - lookup requests into RFC2874-style lookups, when - enabled using the new option "allow-v6-synthesis". + 674. [func] Allow messages to be TSIG signed / verified using + a offset from the current time. - 672. [bug] The wrong time was in the "time signed" field when - replying with BADTIME error. + 673. [func] The server can now convert RFC1886-style recursive + lookup requests into RFC2874-style lookups, when + enabled using the new option "allow-v6-synthesis". - 671. [bug] The message code was failing to parse a message with - no question section and a TSIG record. [RT #628] + 672. [bug] The wrong time was in the "time signed" field when + replying with BADTIME error. - 670. [bug] The lwres replacements for getaddrinfo and - getipnodebyname didn't properly check for the - existence of the sockaddr sa_len field. + 671. [bug] The message code was failing to parse a message with + no question section and a TSIG record. [RT #628] - 669. [bug] dnssec-keygen now makes the public key file - non-world-readable for symmetric keys. [RT #403] + 670. [bug] The lwres replacements for getaddrinfo and + getipnodebyname didn't properly check for the + existence of the sockaddr sa_len field. - 668. [func] named-checkzone now reports multiple errors in master - files. + 669. [bug] dnssec-keygen now makes the public key file + non-world-readable for symmetric keys. [RT #403] - 667. [bug] On Linux, running named with the -u option and a - non-world-readable configuration file didn't work. - [RT #626] + 668. [func] named-checkzone now reports multiple errors in master + files. - 666. [bug] If a request sent by dig is longer than 512 bytes, - use TCP. + 667. [bug] On Linux, running named with the -u option and a + non-world-readable configuration file didn't work. + [RT #626] - 665. [bug] Signed responses were not sent when the size of the - TSIG + question exceeded the maximum message size. - [RT #628] + 666. [bug] If a request sent by dig is longer than 512 bytes, + use TCP. - 664. [bug] The t_tasks and t_timers module tests are now skipped - when building without threads, since they require - threads. + 665. [bug] Signed responses were not sent when the size of the + TSIG + question exceeded the maximum message size. + [RT #628] - 663. [func] Accept a size_spec, not just an integer, in the - (unimplemented and ignored) max-ixfr-log-size option - for compatibility with recent versions of BIND 8. - [RT #613] + 664. [bug] The t_tasks and t_timers module tests are now skipped + when building without threads, since they require + threads. - 662. [bug] dns_rdata_fromtext() failed to log certain errors. + 663. [func] Accept a size_spec, not just an integer, in the + (unimplemented and ignored) max-ixfr-log-size option + for compatibility with recent versions of BIND 8. + [RT #613] - 661. [bug] Certain UDP IXFR requests caused an assertion failure - (mpctx->allocated == 0). [RT #355, #394, #623] + 662. [bug] dns_rdata_fromtext() failed to log certain errors. - 660. [port] Detect multiple CPUs on HP-UX and IRIX. + 661. [bug] Certain UDP IXFR requests caused an assertion failure + (mpctx->allocated == 0). [RT #355, #394, #623] - 659. [performance] Rewrite the name compression code to be much faster. + 660. [port] Detect multiple CPUs on HP-UX and IRIX. - 658. [cleanup] Remove all vestiges of 16 bit global compression. + 659. [performance] Rewrite the name compression code to be much faster. - 657. [bug] When a listen-on statement in an lwres block does not - specify a port, use 921, not 53. Also update the - listen-on documentation. [RT #616] + 658. [cleanup] Remove all vestiges of 16 bit global compression. - 656. [func] Treat an unescaped newline in a quoted string as - an error. This means that TXT records with missing - close quotes should have meaningful errors printed. + 657. [bug] When a listen-on statement in an lwres block does not + specify a port, use 921, not 53. Also update the + listen-on documentation. [RT #616] - 655. [bug] Improve error reporting on unexpected eof when loading - zones. [RT #611] + 656. [func] Treat an unescaped newline in a quoted string as + an error. This means that TXT records with missing + close quotes should have meaningful errors printed. - 654. [bug] Origin was being forgotten in TCP retries in dig. - [RT #574] + 655. [bug] Improve error reporting on unexpected eof when loading + zones. [RT #611] - 653. [bug] +defname option in dig was reversed in sense. - [RT #549] + 654. [bug] Origin was being forgotten in TCP retries in dig. + [RT #574] - 652. [bug] zone_saveunique() did not report the new name. + 653. [bug] +defname option in dig was reversed in sense. + [RT #549] - 651. [func] The AD bit in responses now has the meaning - specified in . + 652. [bug] zone_saveunique() did not report the new name. - 650. [bug] SIG(0) records were being generated and verified - incorrectly. [RT #606] + 651. [func] The AD bit in responses now has the meaning + specified in . - 649. [bug] It was possible to join to an already running fctx - after it had "cloned" its events, but before it sent - them. In this case, the event of the newly joined - fetch would not contain the answer, and would - trigger the INSIST() in fctx_sendevents(). In - BIND 9.0, this bug did not trigger an INSIST(), but - caused the fetch to fail with a SERVFAIL result. - [RT #588, #597, #605, #607] + 650. [bug] SIG(0) records were being generated and verified + incorrectly. [RT #606] - 648. [port] Add support for pre-RFC2133 IPv6 implementations. + 649. [bug] It was possible to join to an already running fctx + after it had "cloned" its events, but before it sent + them. In this case, the event of the newly joined + fetch would not contain the answer, and would + trigger the INSIST() in fctx_sendevents(). In + BIND 9.0, this bug did not trigger an INSIST(), but + caused the fetch to fail with a SERVFAIL result. + [RT #588, #597, #605, #607] - 647. [bug] Resolver queries sent after following multiple - referrals had excessively long retransmission - timeouts due to incorrectly counting the referrals - as "restarts". + 648. [port] Add support for pre-RFC2133 IPv6 implementations. - 646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h - didn't _cleanly_ fix the problem it was trying to fix. + 647. [bug] Resolver queries sent after following multiple + referrals had excessively long retransmission + timeouts due to incorrectly counting the referrals + as "restarts". - 645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603] + 646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h + didn't _cleanly_ fix the problem it was trying to fix. - 644. [bug] #622 needed more work. [RT #562] + 645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603] - 643. [bug] xfrin error messages made more verbose, added class - of the zone. [RT# 599] + 644. [bug] #622 needed more work. [RT #562] - 642. [bug] Break the exit_check() race in the zone module. - [RT #598] + 643. [bug] xfrin error messages made more verbose, added class + of the zone. [RT# 599] - --- 9.1.0b2 released --- + 642. [bug] Break the exit_check() race in the zone module. + [RT #598] - 641. [bug] $GENERATE caused a uninitialized link to be used. - [RT #595] + --- 9.1.0b2 released --- - 640. [bug] Memory leak in error path could cause - "mpctx->allocated == 0" failure. [RT #584] + 641. [bug] $GENERATE caused a uninitialized link to be used. + [RT #595] - 639. [bug] Reading entropy from the keyboard would sometimes fail. - [RT #591] + 640. [bug] Memory leak in error path could cause + "mpctx->allocated == 0" failure. [RT #584] - 638. [port] lib/isc/random.c needed to explicitly include time.h - to get a prototype for time() when pthreads was not - being used. [RT #592] + 639. [bug] Reading entropy from the keyboard would sometimes fail. + [RT #591] - 637. [port] Use isc_u?int64_t instead of (unsigned) long long in - lib/isc/print.c. Also allow lib/isc/print.c to - be compiled even if the platform does not need it. - [RT #592] + 638. [port] lib/isc/random.c needed to explicitly include time.h + to get a prototype for time() when pthreads was not + being used. [RT #592] - 636. [port] Shut up MSVC++ about a possible loss of precision - in the ISC__BUFFER_PUTUINT*() macros. [RT #592] + 637. [port] Use isc_u?int64_t instead of (unsigned) long long in + lib/isc/print.c. Also allow lib/isc/print.c to + be compiled even if the platform does not need it. + [RT #592] - 635. [bug] Reloading a server with a configured blackhole list - would cause an assertion. [RT #590] + 636. [port] Shut up MSVC++ about a possible loss of precision + in the ISC__BUFFER_PUTUINT*() macros. [RT #592] - 634. [bug] A log file will completely stop being written when - it reaches the maximum size in all cases, not just - when versioning is also enabled. [RT #570] + 635. [bug] Reloading a server with a configured blackhole list + would cause an assertion. [RT #590] - 633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575] + 634. [bug] A log file will completely stop being written when + it reaches the maximum size in all cases, not just + when versioning is also enabled. [RT #570] - 632. [bug] The index array of the journal file was - corrupted as it was written to disk. + 633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575] - 631. [port] Build without thread support on systems without - pthreads. + 632. [bug] The index array of the journal file was + corrupted as it was written to disk. - 630. [bug] Locking failure in zone code. [RT #582] + 631. [port] Build without thread support on systems without + pthreads. - 629. [bug] 9.1.0b1 dereferenced a null pointer and crashed - when responding to a UDP IXFR request. + 630. [bug] Locking failure in zone code. [RT #582] - 628. [bug] If the root hints contained only AAAA addresses, - named would be unable to perform resolution. + 629. [bug] 9.1.0b1 dereferenced a null pointer and crashed + when responding to a UDP IXFR request. - 627. [bug] The EDNS0 blackhole detection code of change 324 - waited for three retransmissions to each server, - which takes much too long when a domain has many - name servers and all of them drop EDNS0 queries. - Now we retry without EDNS0 after three consecutive - timeouts, even if they are all from different - servers. [RT #143] + 628. [bug] If the root hints contained only AAAA addresses, + named would be unable to perform resolution. - 626. [bug] The lightweight resolver daemon no longer crashes - when asked for a SIG rrset. [RT #558] + 627. [bug] The EDNS0 blackhole detection code of change 324 + waited for three retransmissions to each server, + which takes much too long when a domain has many + name servers and all of them drop EDNS0 queries. + Now we retry without EDNS0 after three consecutive + timeouts, even if they are all from different + servers. [RT #143] - 625. [func] Zones now inherit their class from the enclosing view. + 626. [bug] The lightweight resolver daemon no longer crashes + when asked for a SIG rrset. [RT #558] - 624. [bug] The zone object could get timer events after it had - been destroyed, causing a server crash. [RT #571] + 625. [func] Zones now inherit their class from the enclosing view. - 623. [func] Added "named-checkconf" and "named-checkzone" program - for syntax checking named.conf files and zone files, - respectively. + 624. [bug] The zone object could get timer events after it had + been destroyed, causing a server crash. [RT #571] - 622. [bug] A canceled request could be destroyed before - dns_request_destroy() was called. [RT #562] + 623. [func] Added "named-checkconf" and "named-checkzone" program + for syntax checking named.conf files and zone files, + respectively. - 621. [port] Disable IPv6 at runtime if IPv6 sockets are unusable. - This mostly affects Red Hat Linux 7.0, which has - conflicts between libc and the kernel. + 622. [bug] A canceled request could be destroyed before + dns_request_destroy() was called. [RT #562] - 620. [bug] dns_master_load*inc() now require 'task' and 'load' - to be non-null. Also 'done' will not be called if - dns_master_load*inc() fails immediately. [RT #565] + 621. [port] Disable IPv6 at runtime if IPv6 sockets are unusable. + This mostly affects Red Hat Linux 7.0, which has + conflicts between libc and the kernel. - 619. [placeholder] + 620. [bug] dns_master_load*inc() now require 'task' and 'load' + to be non-null. Also 'done' will not be called if + dns_master_load*inc() fails immediately. [RT #565] - 618. [bug] Queries to a signed zone could sometimes cause - an assertion failure. + 619. [placeholder] - 617. [bug] When using dynamic update to add a new RR to an - existing RRset with a different TTL, the journal - entries generated from the update did not include - explicit deletions and re-additions of the existing - RRs to update their TTL to the new value. + 618. [bug] Queries to a signed zone could sometimes cause + an assertion failure. - 616. [func] dnssec-signzone -t output now includes performance - statistics. + 617. [bug] When using dynamic update to add a new RR to an + existing RRset with a different TTL, the journal + entries generated from the update did not include + explicit deletions and re-additions of the existing + RRs to update their TTL to the new value. - 615. [bug] dnssec-signzone did not like child keysets signed - by multiple keys. + 616. [func] dnssec-signzone -t output now includes performance + statistics. - 614. [bug] Checks for uninitialized link fields were prone - to false positives, causing assertion failures. - The checks are now disabled by default and may - be re-enabled by defining ISC_LIST_CHECKINIT. + 615. [bug] dnssec-signzone did not like child keysets signed + by multiple keys. - 613. [bug] "rndc reload zone" now reloads primary zones. - It previously only updated slave and stub zones, - if an SOA query indicated an out of date serial. + 614. [bug] Checks for uninitialized link fields were prone + to false positives, causing assertion failures. + The checks are now disabled by default and may + be re-enabled by defining ISC_LIST_CHECKINIT. - 612. [cleanup] Shutup a ridiculously noisy HP-UX compiler that - complains relentlessly about how its treatment - of 'const' has changed as well as how casting - sometimes tightens alignment constraints. + 613. [bug] "rndc reload zone" now reloads primary zones. + It previously only updated slave and stub zones, + if an SOA query indicated an out of date serial. - 611. [func] allow-notify can be used to permit processing of - notify messages from hosts other than a slave's - masters. + 612. [cleanup] Shutup a ridiculously noisy HP-UX compiler that + complains relentlessly about how its treatment + of 'const' has changed as well as how casting + sometimes tightens alignment constraints. - 610. [func] rndc dumpdb is now supported. + 611. [func] allow-notify can be used to permit processing of + notify messages from hosts other than a slave's + masters. - 609. [bug] getrrsetbyname() would crash lwresd if the server - found more SIGs than answers. [RT #554] + 610. [func] rndc dumpdb is now supported. - 608. [func] dnssec-signzone now adds a comment to the zone - with the time the file was signed. + 609. [bug] getrrsetbyname() would crash lwresd if the server + found more SIGs than answers. [RT #554] - 607. [bug] nsupdate would fail if it encountered a CNAME or - DNAME in a response to an SOA query. [RT #515] + 608. [func] dnssec-signzone now adds a comment to the zone + with the time the file was signed. - 606. [bug] Compiling with --disable-threads failed due - to isc_thread_self() being incorrectly defined - as an integer rather than a function. + 607. [bug] nsupdate would fail if it encountered a CNAME or + DNAME in a response to an SOA query. [RT #515] - 605. [func] New function isc_lex_getlasttokentext(). + 606. [bug] Compiling with --disable-threads failed due + to isc_thread_self() being incorrectly defined + as an integer rather than a function. - 604. [bug] The named.conf parser could print incorrect line - numbers when long comments were present. + 605. [func] New function isc_lex_getlasttokentext(). - 603. [bug] Make dig handle multiple types or classes on the same - query more correctly. + 604. [bug] The named.conf parser could print incorrect line + numbers when long comments were present. - 602. [func] Cope automatically with UnixWare's broken - IN6_IS_ADDR_* macros. [RT #539] + 603. [bug] Make dig handle multiple types or classes on the same + query more correctly. - 601. [func] Return a non-zero exit code if an update fails - in nsupdate. + 602. [func] Cope automatically with UnixWare's broken + IN6_IS_ADDR_* macros. [RT #539] - 600. [bug] Reverse lookups sometimes failed in dig, etc... + 601. [func] Return a non-zero exit code if an update fails + in nsupdate. - 599. [func] Added four new functions to the libisc log API to - support i18n messages. isc_log_iwrite(), - isc_log_ivwrite(), isc_log_iwrite1() and - isc_log_ivwrite1() were added. + 600. [bug] Reverse lookups sometimes failed in dig, etc... - 598. [bug] An update-policy statement would cause the server - to assert while loading. [RT #536] + 599. [func] Added four new functions to the libisc log API to + support i18n messages. isc_log_iwrite(), + isc_log_ivwrite(), isc_log_iwrite1() and + isc_log_ivwrite1() were added. - 597. [func] dnssec-signzone is now multi-threaded. + 598. [bug] An update-policy statement would cause the server + to assert while loading. [RT #536] - 596. [bug] DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are - not mutually exclusive. + 597. [func] dnssec-signzone is now multi-threaded. - 595. [port] On Linux 2.2, socket() returns EINVAL when it - should return EAFNOSUPPORT. Work around this. - [RT #531] + 596. [bug] DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are + not mutually exclusive. - 594. [func] sdb drivers are now assumed to not be thread-safe - unless the DNS_SDBFLAG_THREADSAFE flag is supplied. + 595. [port] On Linux 2.2, socket() returns EINVAL when it + should return EAFNOSUPPORT. Work around this. + [RT #531] - 593. [bug] If a secure zone was missing all its NXTs and - a dynamic update was attempted, the server entered - an infinite loop. + 594. [func] sdb drivers are now assumed to not be thread-safe + unless the DNS_SDBFLAG_THREADSAFE flag is supplied. - 592. [bug] The sig-validity-interval option now specifies a - number of days, not seconds. This matches the - documentation. [RT #529] + 593. [bug] If a secure zone was missing all its NXTs and + a dynamic update was attempted, the server entered + an infinite loop. - --- 9.1.0b1 released --- + 592. [bug] The sig-validity-interval option now specifies a + number of days, not seconds. This matches the + documentation. [RT #529] - 591. [bug] Work around non-reentrancy in openssl by disabling - precomputation in keys. + --- 9.1.0b1 released --- - 590. [doc] There are now man pages for the lwres library in - doc/man/lwres. + 591. [bug] Work around non-reentrancy in openssl by disabling + precomputation in keys. - 589. [bug] The server could deadlock if a zone was updated - while being transferred out. + 590. [doc] There are now man pages for the lwres library in + doc/man/lwres. - 588. [bug] ctx->in_use was not being correctly initialized when - when pushing a file for $INCLUDE. [RT #523] + 589. [bug] The server could deadlock if a zone was updated + while being transferred out. - 587. [func] A warning is now printed if the "allow-update" - option allows updates based on the source IP - address, to alert users to the fact that this - is insecure and becoming increasingly so as - servers capable of update forwarding are being - deployed. + 588. [bug] ctx->in_use was not being correctly initialized when + when pushing a file for $INCLUDE. [RT #523] - 586. [bug] multiple views with the same name were fatal. [RT #516] + 587. [func] A warning is now printed if the "allow-update" + option allows updates based on the source IP + address, to alert users to the fact that this + is insecure and becoming increasingly so as + servers capable of update forwarding are being + deployed. - 585. [func] dns_db_addrdataset() and and dns_rdataslab_merge() - now support 'exact' additions in a similar manner to - dns_db_subtractrdataset() and dns_rdataslab_subtract(). + 586. [bug] multiple views with the same name were fatal. [RT #516] - 584. [func] You can now say 'notify explicit'; to suppress - notification of the servers listed in NS records - and notify only those servers listed in the - 'also-notify' option. + 585. [func] dns_db_addrdataset() and and dns_rdataslab_merge() + now support 'exact' additions in a similar manner to + dns_db_subtractrdataset() and dns_rdataslab_subtract(). - 583. [func] "rndc querylog" will now toggle logging of - queries, like "ndc querylog" in BIND 8. + 584. [func] You can now say 'notify explicit'; to suppress + notification of the servers listed in NS records + and notify only those servers listed in the + 'also-notify' option. - 582. [bug] dns_zone_idetach() failed to lock the zone. - [RT #199, #463] + 583. [func] "rndc querylog" will now toggle logging of + queries, like "ndc querylog" in BIND 8. - 581. [bug] log severity was not being correctly processed. - [RT #485] + 582. [bug] dns_zone_idetach() failed to lock the zone. + [RT #199, #463] - 580. [func] Ignore trailing garbage on incoming DNS packets, - for interoperability with broken server - implementations. [RT #491] + 581. [bug] log severity was not being correctly processed. + [RT #485] - 579. [bug] nsupdate did not take a filename to read update from. - [RT #492] + 580. [func] Ignore trailing garbage on incoming DNS packets, + for interoperability with broken server + implementations. [RT #491] - 578. [func] New config option "notify-source", to specify the - source address for notify messages. + 579. [bug] nsupdate did not take a filename to read update from. + [RT #492] - 577. [func] Log illegal RDATA combinations. e.g. multiple - singlton types, cname and other data. + 578. [func] New config option "notify-source", to specify the + source address for notify messages. - 576. [doc] isc_log_create() description did not match reality. + 577. [func] Log illegal RDATA combinations. e.g. multiple + singlton types, cname and other data. - 575. [bug] isc_log_create() was not setting internal state - correctly to reflect the default channels created. + 576. [doc] isc_log_create() description did not match reality. - 574. [bug] TSIG signed queries sent by the resolver would fail to - have their responses validated and would leak memory. + 575. [bug] isc_log_create() was not setting internal state + correctly to reflect the default channels created. - 573. [bug] The journal files of IXFRed slave zones were - inadvertantly discarded on server reload, causing - "journal out of sync with zone" errors on subsequent - reloads. [RT #482] + 574. [bug] TSIG signed queries sent by the resolver would fail to + have their responses validated and would leak memory. - 572. [bug] Quoted strings were not accepted as key names in - address match lists. + 573. [bug] The journal files of IXFRed slave zones were + inadvertantly discarded on server reload, causing + "journal out of sync with zone" errors on subsequent + reloads. [RT #482] - 571. [bug] It was possible to create an rdataset of singleton - type which had more than one rdata. [RT #154] - [RT #279] + 572. [bug] Quoted strings were not accepted as key names in + address match lists. - 570. [bug] rbtdb.c allowed zones containing nodes which had - both a CNAME and "other data". [RT #154] + 571. [bug] It was possible to create an rdataset of singleton + type which had more than one rdata. [RT #154] + [RT #279] - 569. [func] The DNSSEC AD bit will not be set on queries which - have not requested a DNSSEC response. + 570. [bug] rbtdb.c allowed zones containing nodes which had + both a CNAME and "other data". [RT #154] - 568. [func] Add sample simple database drivers in contrib/sdb. + 569. [func] The DNSSEC AD bit will not be set on queries which + have not requested a DNSSEC response. - 567. [bug] Setting the zone transfer timeout to zero caused an - assertion failure. [RT #302] + 568. [func] Add sample simple database drivers in contrib/sdb. - 566. [func] New public function dns_timer_setidle(). + 567. [bug] Setting the zone transfer timeout to zero caused an + assertion failure. [RT #302] - 565. [func] Log queries more like BIND 8: query logging is now - done to category "queries", level "info". [RT #169] + 566. [func] New public function dns_timer_setidle(). - 564. [func] Add sortlist support to lwresd. + 565. [func] Log queries more like BIND 8: query logging is now + done to category "queries", level "info". [RT #169] - 563. [func] New public functions dns_rdatatype_format() and - dns_rdataclass_format(), for convenient formatting - of rdata type/class mnemonics in log messages. + 564. [func] Add sortlist support to lwresd. - 562. [cleanup] Moved lib/dns/*conf.c to bin/named where they belong. + 563. [func] New public functions dns_rdatatype_format() and + dns_rdataclass_format(), for convenient formatting + of rdata type/class mnemonics in log messages. - 561. [func] The 'datasize', 'stacksize', 'coresize' and 'files' - clauses of the options{} statement are now implemented. + 562. [cleanup] Moved lib/dns/*conf.c to bin/named where they belong. - 560. [bug] dns_name_split did not properly the resulting prefix - when a maximal length bitstring label was split which - was preceded by another bitstring label. [RT #429] + 561. [func] The 'datasize', 'stacksize', 'coresize' and 'files' + clauses of the options{} statement are now implemented. - 559. [bug] dns_name_split did not properly create the suffix - when splitting within a maximal length bitstring label. + 560. [bug] dns_name_split did not properly the resulting prefix + when a maximal length bitstring label was split which + was preceded by another bitstring label. [RT #429] - 558. [func] New functions, isc_resource_getlimit and - isc_resource_setlimit. + 559. [bug] dns_name_split did not properly create the suffix + when splitting within a maximal length bitstring label. - 557. [func] Symbolic constants for libisc integral types. + 558. [func] New functions, isc_resource_getlimit and + isc_resource_setlimit. - 556. [func] The DNSSEC OK bit in the EDNS extended flags - is now implemented. Responses to queries without - this bit set will not contain any DNSSEC records. + 557. [func] Symbolic constants for libisc integral types. - 555. [bug] A slave server attempting a zone transfer could - crash with an assertion failure on certain - malformed responses from the master. [RT #457] + 556. [func] The DNSSEC OK bit in the EDNS extended flags + is now implemented. Responses to queries without + this bit set will not contain any DNSSEC records. - 554. [bug] In some cases, not all of the dnssec tools were - properly installed. + 555. [bug] A slave server attempting a zone transfer could + crash with an assertion failure on certain + malformed responses from the master. [RT #457] - 553. [bug] Incoming zone transfers deferred due to quota - were not started when quota was increased but - only when a transfer in progress finished. [RT #456] + 554. [bug] In some cases, not all of the dnssec tools were + properly installed. - 552. [bug] We were not correctly detecting the end of all c-style - comments. [RT #455] + 553. [bug] Incoming zone transfers deferred due to quota + were not started when quota was increased but + only when a transfer in progress finished. [RT #456] - 551. [func] Implemented the 'sortlist' option. + 552. [bug] We were not correctly detecting the end of all c-style + comments. [RT #455] - 550. [func] Support unknown rdata types and classes. + 551. [func] Implemented the 'sortlist' option. - 549. [bug] "make" did not immediately abort the build when a - subdirectory make failed [RT #450]. + 550. [func] Support unknown rdata types and classes. - 548. [func] The lexer now ungets tokens more correctly. + 549. [bug] "make" did not immediately abort the build when a + subdirectory make failed [RT #450]. - 547. [placeholder] + 548. [func] The lexer now ungets tokens more correctly. - 546. [func] Option 'lame-ttl' is now implemented. + 547. [placeholder] - 545. [func] Name limit and counting options removed from dig; - they didn't work properly, and cannot be correctly - implemented without significant changes. + 546. [func] Option 'lame-ttl' is now implemented. - 544. [func] Add statistics option, enable statistics-file option, - add RNDC option "dump-statistics" to write out a - query statistics file. + 545. [func] Name limit and counting options removed from dig; + they didn't work properly, and cannot be correctly + implemented without significant changes. - 543. [doc] The 'port' option is now documented. + 544. [func] Add statistics option, enable statistics-file option, + add RNDC option "dump-statistics" to write out a + query statistics file. - 542. [func] Add support for update forwarding as required for - full compliance with RFC2136. It is turned off - by default and can be enabled using the - 'allow-update-forwarding' option. + 543. [doc] The 'port' option is now documented. - 541. [func] Add bogus server support. + 542. [func] Add support for update forwarding as required for + full compliance with RFC2136. It is turned off + by default and can be enabled using the + 'allow-update-forwarding' option. - 540. [func] Add dialup support. + 541. [func] Add bogus server support. - 539. [func] Support the blackhole option. + 540. [func] Add dialup support. - 538. [bug] fix buffer overruns by 1 in lwres_getnameinfo(). + 539. [func] Support the blackhole option. - 537. [placeholder] + 538. [bug] fix buffer overruns by 1 in lwres_getnameinfo(). - 536. [func] Use transfer-source{-v6} when sending refresh queries. - Transfer-source{-v6} now take a optional port - parameter for setting the UDP source port. The port - parameter is ignored for TCP. + 537. [placeholder] - 535. [func] Use transfer-source{-v6} when forwarding update - requests. + 536. [func] Use transfer-source{-v6} when sending refresh queries. + Transfer-source{-v6} now take a optional port + parameter for setting the UDP source port. The port + parameter is ignored for TCP. - 534. [func] Ancestors have been removed from RBT chains. Ancestor - information can be discerned via node parent pointers. + 535. [func] Use transfer-source{-v6} when forwarding update + requests. - 533. [func] Incorporated name hashing into the RBT database to - improve search speed. + 534. [func] Ancestors have been removed from RBT chains. Ancestor + information can be discerned via node parent pointers. - 532. [func] Implement DNS UPDATE pseudo records using - DNS_RDATA_UPDATE flag. + 533. [func] Incorporated name hashing into the RBT database to + improve search speed. - 531. [func] Rdata really should be initialized before being assigned - to (dns_rdata_fromwire(), dns_rdata_fromtext(), - dns_rdata_clone(), dns_rdata_fromregion()), - check that it is. + 532. [func] Implement DNS UPDATE pseudo records using + DNS_RDATA_UPDATE flag. - 530. [func] New function dns_rdata_invalidate(). + 531. [func] Rdata really should be initialized before being assigned + to (dns_rdata_fromwire(), dns_rdata_fromtext(), + dns_rdata_clone(), dns_rdata_fromregion()), + check that it is. - 529. [bug] 521 contained a bug which caused zones to always - reload. [RT #410] + 530. [func] New function dns_rdata_invalidate(). - 528. [func] The ISC_LIST_XXXX macros now perform sanity checks - on their arguments. ISC_LIST_XXXXUNSAFE can be use - to skip the checks however use with caution. + 529. [bug] 521 contained a bug which caused zones to always + reload. [RT #410] - 527. [func] New function dns_rdata_clone(). + 528. [func] The ISC_LIST_XXXX macros now perform sanity checks + on their arguments. ISC_LIST_XXXXUNSAFE can be use + to skip the checks however use with caution. - 526. [bug] nsupdate incorrectly refused to add RRs with a TTL - of 0. + 527. [func] New function dns_rdata_clone(). - 525. [func] New arguments 'options' for dns_db_subtractrdataset(), - and 'flags' for dns_rdataslab_subtract() allowing you - to request that the RR's must exist prior to deletion. - DNS_R_NOTEXACT is returned if the condition is not met. + 526. [bug] nsupdate incorrectly refused to add RRs with a TTL + of 0. - 524. [func] The 'forward' and 'forwarders' statement in - non-forward zones should work now. + 525. [func] New arguments 'options' for dns_db_subtractrdataset(), + and 'flags' for dns_rdataslab_subtract() allowing you + to request that the RR's must exist prior to deletion. + DNS_R_NOTEXACT is returned if the condition is not met. - 523. [doc] The source to the Administrator Reference Manual is - now an XML file using the DocBook DTD, and is included - in the distribution. The plain text version of the - ARM is temporarily unavailable while we figure out - how to generate readable plain text from the XML. + 524. [func] The 'forward' and 'forwarders' statement in + non-forward zones should work now. - 522. [func] The lightweight resolver daemon can now use - a real configuration file, and its functionality - can be provided by a name server. Also, the -p and -P - options to lwresd have been reversed. + 523. [doc] The source to the Administrator Reference Manual is + now an XML file using the DocBook DTD, and is included + in the distribution. The plain text version of the + ARM is temporarily unavailable while we figure out + how to generate readable plain text from the XML. - 521. [bug] Detect master files which contain $INCLUDE and always - reload. [RT #196] + 522. [func] The lightweight resolver daemon can now use + a real configuration file, and its functionality + can be provided by a name server. Also, the -p and -P + options to lwresd have been reversed. - 520. [bug] Upgraded libtool to 1.3.5, which makes shared - library builds almost work on AIX (and possibly - others). + 521. [bug] Detect master files which contain $INCLUDE and always + reload. [RT #196] - 519. [bug] dns_name_split() would improperly split some bitstring - labels, zeroing a few of the least signficant bits in - the prefix part. When such an improperly created - prefix was returned to the RBT database, the bogus - label was dutifully stored, corrupting the tree. - [RT #369] + 520. [bug] Upgraded libtool to 1.3.5, which makes shared + library builds almost work on AIX (and possibly + others). - 518. [bug] The resolver did not realize that a DNAME which was - "the answer" to the client's query was "the answer", - and such queries would fail. [RT #399] + 519. [bug] dns_name_split() would improperly split some bitstring + labels, zeroing a few of the least signficant bits in + the prefix part. When such an improperly created + prefix was returned to the RBT database, the bogus + label was dutifully stored, corrupting the tree. + [RT #369] - 517. [bug] The resolver's DNAME code would trigger an assertion - if there was more than one DNAME in the chain. - [RT #399] + 518. [bug] The resolver did not realize that a DNAME which was + "the answer" to the client's query was "the answer", + and such queries would fail. [RT #399] - 516. [bug] Cache lookups which had a NULL node pointer, e.g. - those by dns_view_find(), and which would match a - DNAME, would trigger an INSIST(!search.need_cleanup) - assertion. [RT #399] + 517. [bug] The resolver's DNAME code would trigger an assertion + if there was more than one DNAME in the chain. + [RT #399] - 515. [bug] The ssu table was not being attached / detached - by dns_zone_[sg]etssutable. [RT#397] + 516. [bug] Cache lookups which had a NULL node pointer, e.g. + those by dns_view_find(), and which would match a + DNAME, would trigger an INSIST(!search.need_cleanup) + assertion. [RT #399] - 514. [func] Retry refresh and notify queries if they timeout. - [RT #388] + 515. [bug] The ssu table was not being attached / detached + by dns_zone_[sg]etssutable. [RT#397] - 513. [func] New functionality added to rdnc and server to allow - individual zones to be refreshed or reloaded. + 514. [func] Retry refresh and notify queries if they timeout. + [RT #388] - 512. [bug] The zone transfer code could throw an execption with - an invalid IXFR stream. + 513. [func] New functionality added to rdnc and server to allow + individual zones to be refreshed or reloaded. - 511. [bug] The message code could throw an assertion on an - out of memory failure. [RT #392] + 512. [bug] The zone transfer code could throw an execption with + an invalid IXFR stream. - 510. [bug] Remove spurious view notify warning. [RT #376] + 511. [bug] The message code could throw an assertion on an + out of memory failure. [RT #392] - 509. [func] Add support for write of zone files on shutdown. + 510. [bug] Remove spurious view notify warning. [RT #376] - 508. [func] dns_message_parse() can now do a best-effort - attempt, which should allow dig to print more invalid - messages. + 509. [func] Add support for write of zone files on shutdown. - 507. [func] New functions dns_zone_flush(), dns_zt_flushanddetach() - and dns_view_flushanddetach(). + 508. [func] dns_message_parse() can now do a best-effort + attempt, which should allow dig to print more invalid + messages. - 506. [func] Do not fail to start on errors in zone files. + 507. [func] New functions dns_zone_flush(), dns_zt_flushanddetach() + and dns_view_flushanddetach(). - 505. [bug] nsupdate was printing "unknown result code". [RT #373] + 506. [func] Do not fail to start on errors in zone files. - 504. [bug] The zone was not being marked as dirty when updated via - IXFR. + 505. [bug] nsupdate was printing "unknown result code". [RT #373] - 503. [bug] dumptime was not being set along with - DNS_ZONEFLG_NEEDDUMP. + 504. [bug] The zone was not being marked as dirty when updated via + IXFR. - 502. [func] On a SERVFAIL reply, DiG will now try the next server - in the list, unless the +fail option is specified. + 503. [bug] dumptime was not being set along with + DNS_ZONEFLG_NEEDDUMP. - 501. [bug] Incorrect port numbers were being displayed by - nslookup. [RT #352] + 502. [func] On a SERVFAIL reply, DiG will now try the next server + in the list, unless the +fail option is specified. - 500. [func] Nearly useless +details option removed from DiG. + 501. [bug] Incorrect port numbers were being displayed by + nslookup. [RT #352] - 499. [func] In DiG, specifying a class with -c or type with -t - changes command-line parsing so that classes and - types are only recognized if following -c or -t. - This allows hosts with the same name as a class or - type to be looked up. + 500. [func] Nearly useless +details option removed from DiG. - 498. [doc] There is now a man page for "dig" - in doc/man/bin/dig.1. + 499. [func] In DiG, specifying a class with -c or type with -t + changes command-line parsing so that classes and + types are only recognized if following -c or -t. + This allows hosts with the same name as a class or + type to be looked up. - 497. [bug] The error messages printed when an IP match list - contained a network address with a nonzero host - part where not sufficiently detailed. [RT #365] + 498. [doc] There is now a man page for "dig" + in doc/man/bin/dig.1. - 496. [bug] named didn't sanity check numeric parameters. [RT #361] + 497. [bug] The error messages printed when an IP match list + contained a network address with a nonzero host + part where not sufficiently detailed. [RT #365] - 495. [bug] nsupdate was unable to handle large records. [RT #368] + 496. [bug] named didn't sanity check numeric parameters. [RT #361] - 494. [func] Do not cache NXDOMAIN responses for SOA queries. + 495. [bug] nsupdate was unable to handle large records. [RT #368] - 493. [func] Return non-cachable (ttl = 0) NXDOMAIN responses - for SOA queries. This makes it easier to locate - the containing zone without polluting intermediate - caches. + 494. [func] Do not cache NXDOMAIN responses for SOA queries. - 492. [bug] attempting to reload a zone caused the server fail - to shutdown cleanly. [RT #360] + 493. [func] Return non-cachable (ttl = 0) NXDOMAIN responses + for SOA queries. This makes it easier to locate + the containing zone without polluting intermediate + caches. - 491. [bug] nsupdate would segfault when sending certain - prerequisites with empty RDATA. [RT #356] + 492. [bug] attempting to reload a zone caused the server fail + to shutdown cleanly. [RT #360] - 490. [func] When a slave/stub zone has not yet successfully - obtained an SOA containing the zone's configured - retry time, perform the SOA query retries using - exponential backoff. [RT #337] + 491. [bug] nsupdate would segfault when sending certain + prerequisites with empty RDATA. [RT #356] - 489. [func] The zone manager now has a "i/o" queue. + 490. [func] When a slave/stub zone has not yet successfully + obtained an SOA containing the zone's configured + retry time, perform the SOA query retries using + exponential backoff. [RT #337] - 488. [bug] Locks weren't properly destroyed in some cases. + 489. [func] The zone manager now has a "i/o" queue. - 487. [port] flockfile() is not defined on all systems. + 488. [bug] Locks weren't properly destroyed in some cases. - 486. [bug] nslookup: "set all" and "server" commands showed - the incorrect port number if a port other than 53 - was specified. [RT #352] + 487. [port] flockfile() is not defined on all systems. - 485. [func] When dig had more than one server to query, it would - send all of the messages at the same time. Add - rate limiting of the transmitted messages. + 486. [bug] nslookup: "set all" and "server" commands showed + the incorrect port number if a port other than 53 + was specified. [RT #352] - 484. [bug] When the server was reloaded after removing addresses - from the named.conf "listen-on" statement, sockets - were still listening on the removed addresses due - to reference count loops. [RT #325] + 485. [func] When dig had more than one server to query, it would + send all of the messages at the same time. Add + rate limiting of the transmitted messages. - 483. [bug] nslookup: "set all" showed a "search" option but it - was not settable. + 484. [bug] When the server was reloaded after removing addresses + from the named.conf "listen-on" statement, sockets + were still listening on the removed addresses due + to reference count loops. [RT #325] - 482. [bug] nslookup: a plain "server" or "lserver" should be - treated as a lookup. + 483. [bug] nslookup: "set all" showed a "search" option but it + was not settable. - 481. [bug] nslookup:get_next_command() stack size could exceed - per thread limit. + 482. [bug] nslookup: a plain "server" or "lserver" should be + treated as a lookup. - 480. [bug] strtok() is not thread safe. [RT #349] + 481. [bug] nslookup:get_next_command() stack size could exceed + per thread limit. - 479. [func] The test suite can now be run by typing "make check" - or "make test" at the top level. + 480. [bug] strtok() is not thread safe. [RT #349] - 478. [bug] "make install" failed if the directory specified with - --prefix did not already exist. + 479. [func] The test suite can now be run by typing "make check" + or "make test" at the top level. - 477. [bug] The the isc-config.sh script could be installed before - its directory was created. [RT #324] + 478. [bug] "make install" failed if the directory specified with + --prefix did not already exist. - 476. [bug] A zone could expire while a zone transfer was in - progress triggering a INSIST failure. [RT #329] + 477. [bug] The the isc-config.sh script could be installed before + its directory was created. [RT #324] - 475. [bug] query_getzonedb() sometimes returned a non-null version - on failure. This caused assertion failures when - generating query responses where names subject to - additional section processing pointed to a zone - to which access had been denied by means of the - allow-query option. [RT #336] + 476. [bug] A zone could expire while a zone transfer was in + progress triggering a INSIST failure. [RT #329] - 474. [bug] The mnemonic of the CHAOS class is CH according to - RFC1035, but it was printed and read only as CHAOS. - We now accept both forms as input, and print it - as CH. [RT #305] + 475. [bug] query_getzonedb() sometimes returned a non-null version + on failure. This caused assertion failures when + generating query responses where names subject to + additional section processing pointed to a zone + to which access had been denied by means of the + allow-query option. [RT #336] - 473. [bug] nsupdate overran the end of the list of name servers - when no servers could be reached, typically causing - it to print the error message "dns_request_create: - not implemented". + 474. [bug] The mnemonic of the CHAOS class is CH according to + RFC1035, but it was printed and read only as CHAOS. + We now accept both forms as input, and print it + as CH. [RT #305] - 472. [bug] Off-by-one error caused isc_time_add() to sometimes - produce invalid time values. + 473. [bug] nsupdate overran the end of the list of name servers + when no servers could be reached, typically causing + it to print the error message "dns_request_create: + not implemented". - 471. [bug] nsupdate didn't compile on HP/UX 10.20 + 472. [bug] Off-by-one error caused isc_time_add() to sometimes + produce invalid time values. - 470. [func] $GENERATE is now supported. See also - doc/misc/migration. + 471. [bug] nsupdate didn't compile on HP/UX 10.20 - 469. [bug] "query-source address * port 53;" now works. + 470. [func] $GENERATE is now supported. See also + doc/misc/migration. - 468. [bug] dns_master_load*() failed to report file and line - number in certain error conditions. + 469. [bug] "query-source address * port 53;" now works. - 467. [bug] dns_master_load*() failed to log an error if - pushfile() failed. + 468. [bug] dns_master_load*() failed to report file and line + number in certain error conditions. - 466. [bug] dns_master_load*() could return success when it failed. + 467. [bug] dns_master_load*() failed to log an error if + pushfile() failed. - 465. [cleanup] Allow 0 to be set as an omapi_value_t value by - omapi_value_storeint(). + 466. [bug] dns_master_load*() could return success when it failed. - 464. [cleanup] Build with openssl's RSA code instead of dnssafe. + 465. [cleanup] Allow 0 to be set as an omapi_value_t value by + omapi_value_storeint(). - 463. [bug] nsupdate sent malformed SOA queries to the second - and subsequent name servers in resolv.conf if the - query sent to the first one failed. + 464. [cleanup] Build with openssl's RSA code instead of dnssafe. - 462. [bug] --disable-ipv6 should work now. + 463. [bug] nsupdate sent malformed SOA queries to the second + and subsequent name servers in resolv.conf if the + query sent to the first one failed. - 461. [bug] Specifying an unknown key in the "keys" clause of the - "controls" statement caused a NULL pointer dereference. - [RT #316] + 462. [bug] --disable-ipv6 should work now. - 460. [bug] Much of the DNSSEC code only worked with class IN. + 461. [bug] Specifying an unknown key in the "keys" clause of the + "controls" statement caused a NULL pointer dereference. + [RT #316] - 459. [bug] Nslookup processed the "set" command incorrectly. + 460. [bug] Much of the DNSSEC code only worked with class IN. - 458. [bug] Nslookup didn't properly check class and type values. - [RT #305] + 459. [bug] Nslookup processed the "set" command incorrectly. - 457. [bug] Dig/host/hslookup didn't properly handle connect - timeouts in certain situations, causing an - unnecessary warning message to be printed. + 458. [bug] Nslookup didn't properly check class and type values. + [RT #305] - 456. [bug] Stub zones were not resetting the refresh and expire - counters, loadtime or clearing the DNS_ZONE_REFRESH - (refresh in progress) flag upon successful update. - This disabled further refreshing of the stub zone, - causing it to eventually expire. [RT #300] + 457. [bug] Dig/host/hslookup didn't properly handle connect + timeouts in certain situations, causing an + unnecessary warning message to be printed. - 455. [doc] Document IPv4 prefix notation does not require a - dotted decimal quad but may be just dotted decimal. + 456. [bug] Stub zones were not resetting the refresh and expire + counters, loadtime or clearing the DNS_ZONE_REFRESH + (refresh in progress) flag upon successful update. + This disabled further refreshing of the stub zone, + causing it to eventually expire. [RT #300] - 454. [bug] Enforce dotted decimal and dotted decimal quad where - documented as such in named.conf. [RT #304, RT #311] + 455. [doc] Document IPv4 prefix notation does not require a + dotted decimal quad but may be just dotted decimal. - 453. [bug] Warn if the obsolete option "maintain-ixfr-base" - is specified in named.conf. [RT #306] + 454. [bug] Enforce dotted decimal and dotted decimal quad where + documented as such in named.conf. [RT #304, RT #311] - 452. [bug] Warn if the unimplemented option "statistics-file" - is specified in named.conf. [RT #301] + 453. [bug] Warn if the obsolete option "maintain-ixfr-base" + is specified in named.conf. [RT #306] - 451. [func] Update forwarding implememted. + 452. [bug] Warn if the unimplemented option "statistics-file" + is specified in named.conf. [RT #301] - 450. [func] New function ns_client_sendraw(). + 451. [func] Update forwarding implememted. - 449. [bug] isc_bitstring_copy() only works correctly if the - two bitstrings have the same lsb0 value, but this - requirement was not documented, nor was there a - REQUIRE for it. + 450. [func] New function ns_client_sendraw(). - 448. [bug] Host output formatting change, to match v8. [RT #255] + 449. [bug] isc_bitstring_copy() only works correctly if the + two bitstrings have the same lsb0 value, but this + requirement was not documented, nor was there a + REQUIRE for it. - 447. [bug] Dig didn't properly retry in TCP mode after - a truncated reply. [RT #277] + 448. [bug] Host output formatting change, to match v8. [RT #255] - 446. [bug] Confusing notify log message. [RT #298] + 447. [bug] Dig didn't properly retry in TCP mode after + a truncated reply. [RT #277] - 445. [bug] Doing a 0 bit isc_bitstring_copy() of an lsb0 - bitstring triggered a REQUIRE statement. The REQUIRE - statement was incorrect. [RT #297] + 446. [bug] Confusing notify log message. [RT #298] - 444. [func] "recursion denied" messages are always logged at - debug level 1, now, rather than sometimes at ERROR. - This silences these warnings in the usual case, where - some clients set the RD bit in all queries. + 445. [bug] Doing a 0 bit isc_bitstring_copy() of an lsb0 + bitstring triggered a REQUIRE statement. The REQUIRE + statement was incorrect. [RT #297] - 443. [bug] When loading a master file failed because of an - unrecognized RR type name, the error message - did not include the file name and line number. - [RT #285] + 444. [func] "recursion denied" messages are always logged at + debug level 1, now, rather than sometimes at ERROR. + This silences these warnings in the usual case, where + some clients set the RD bit in all queries. - 442. [bug] TSIG signed messages that did not match any view - crashed the server. [RT #290] + 443. [bug] When loading a master file failed because of an + unrecognized RR type name, the error message + did not include the file name and line number. + [RT #285] - 441. [bug] Nodes obscured by a DNAME were inaccessible even - when DNS_DBFIND_GLUEOK was set. + 442. [bug] TSIG signed messages that did not match any view + crashed the server. [RT #290] - 440. [func] New function dns_zone_forwardupdate(). + 441. [bug] Nodes obscured by a DNAME were inaccessible even + when DNS_DBFIND_GLUEOK was set. - 439. [func] New function dns_request_createraw(). + 440. [func] New function dns_zone_forwardupdate(). - 438. [func] New function dns_message_getrawmessage(). + 439. [func] New function dns_request_createraw(). - 437. [func] Log NOTIFY activity to the notify channel. + 438. [func] New function dns_message_getrawmessage(). - 436. [bug] If recvmsg() returned EHOSTUNREACH or ENETUNREACH, - which sometimes happens on Linux, named would enter - a busy loop. Also, unexpected socket errors were - not logged at a high enough logging level to be - useful in diagnosing this situation. [RT #275] + 437. [func] Log NOTIFY activity to the notify channel. - 435. [bug] dns_zone_dump() overwrote existing zone files - rather than writing to a temporary file and - renaming. This could lead to empty or partial - zone files being left around in certain error - conditions involving the initial transfer of a - slave zone, interfering with subsequent server - startup. [RT #282] + 436. [bug] If recvmsg() returned EHOSTUNREACH or ENETUNREACH, + which sometimes happens on Linux, named would enter + a busy loop. Also, unexpected socket errors were + not logged at a high enough logging level to be + useful in diagnosing this situation. [RT #275] - 434. [func] New function isc_file_isabsolute(). + 435. [bug] dns_zone_dump() overwrote existing zone files + rather than writing to a temporary file and + renaming. This could lead to empty or partial + zone files being left around in certain error + conditions involving the initial transfer of a + slave zone, interfering with subsequent server + startup. [RT #282] - 433. [func] isc_base64_decodestring() now accepts newlines - within the base64 data. This makes it possible - to break up the key data in a "trusted-keys" - statement into multiple lines. [RT #284] + 434. [func] New function isc_file_isabsolute(). - 432. [func] Added refresh/retry jitter. The actual refresh/ - retry time is now a random value between 75% and - 100% of the configured value. + 433. [func] isc_base64_decodestring() now accepts newlines + within the base64 data. This makes it possible + to break up the key data in a "trusted-keys" + statement into multiple lines. [RT #284] - 431. [func] Log at ISC_LOG_INFO when a zone is successfully - loaded. + 432. [func] Added refresh/retry jitter. The actual refresh/ + retry time is now a random value between 75% and + 100% of the configured value. - 430. [bug] Rewrote the lightweight resolver client management - code to handle shutdown correctly and general - cleanup. + 431. [func] Log at ISC_LOG_INFO when a zone is successfully + loaded. - 429. [bug] The space reserved for a TSIG record in a response - was 2 bytes too short, leading to message - generation failures. + 430. [bug] Rewrote the lightweight resolver client management + code to handle shutdown correctly and general + cleanup. - 428. [bug] rbtdb.c:find_closest_nxt() erroneously returned - DNS_R_BADDB for nodes which had neither NXT nor SIG NXT - (e.g. glue). This could cause SERVFAILs when - generating negative responses in a secure zone. + 429. [bug] The space reserved for a TSIG record in a response + was 2 bytes too short, leading to message + generation failures. - 427. [bug] Avoid going into an infinite loop when the validator - gets a negative response to a key query where the - records are signed by the missing key. + 428. [bug] rbtdb.c:find_closest_nxt() erroneously returned + DNS_R_BADDB for nodes which had neither NXT nor SIG NXT + (e.g. glue). This could cause SERVFAILs when + generating negative responses in a secure zone. - 426. [bug] Attempting to generate an oversized RSA key could - cause dnssec-keygen to dump core. + 427. [bug] Avoid going into an infinite loop when the validator + gets a negative response to a key query where the + records are signed by the missing key. - 425. [bug] Warn about the auth-nxdomain default value change - if there is no auth-nxdomain statement in the - config file. [RT #287] + 426. [bug] Attempting to generate an oversized RSA key could + cause dnssec-keygen to dump core. - 424. [bug] notify_createmessage() could trigger an assertion - failure when creating the notify message failed, - e.g. due to corrupt zones with multiple SOA records. - [RT #279] + 425. [bug] Warn about the auth-nxdomain default value change + if there is no auth-nxdomain statement in the + config file. [RT #287] - 423. [bug] When responding to a recusive query, errors that occur - after following a CNAME should cause the query to fail. - [RT #274] + 424. [bug] notify_createmessage() could trigger an assertion + failure when creating the notify message failed, + e.g. due to corrupt zones with multiple SOA records. + [RT #279] - 422. [func] get rid of isc_random_t, and make isc_random_get() - and isc_random_jitter() use rand() internally - instead of local state. Note that isc_random_*() - functions are only for weak, non-critical "randomness" - such as timing jitter and such. + 423. [bug] When responding to a recusive query, errors that occur + after following a CNAME should cause the query to fail. + [RT #274] - 421. [bug] nslookup would exit when given a blank line as input. + 422. [func] get rid of isc_random_t, and make isc_random_get() + and isc_random_jitter() use rand() internally + instead of local state. Note that isc_random_*() + functions are only for weak, non-critical "randomness" + such as timing jitter and such. - 420. [bug] nslookup failed to implement the "exit" command. + 421. [bug] nslookup would exit when given a blank line as input. - 419. [bug] The certificate type PKIX was misspelled as SKIX. + 420. [bug] nslookup failed to implement the "exit" command. - 418. [bug] At debug levels >= 10, getting an unexpected - socket receive error would crash the server - while trying to log the error message. + 419. [bug] The certificate type PKIX was misspelled as SKIX. - 417. [func] Add isc_app_block() and isc_app_unblock(), which - allow an application to handle signals while - blocking. + 418. [bug] At debug levels >= 10, getting an unexpected + socket receive error would crash the server + while trying to log the error message. - 416. [bug] Slave zones with no master file tried to use a - NULL pointer for a journal file name when they - received an IXFR. [RT #273] + 417. [func] Add isc_app_block() and isc_app_unblock(), which + allow an application to handle signals while + blocking. - 415. [bug] The logging code leaked file descriptors. + 416. [bug] Slave zones with no master file tried to use a + NULL pointer for a journal file name when they + received an IXFR. [RT #273] - 414. [bug] Server did not shut down until all incoming zone - transfers were finished. + 415. [bug] The logging code leaked file descriptors. - 413. [bug] Notify could attempt to use the zone database after - it had been unloaded. [RT#267] + 414. [bug] Server did not shut down until all incoming zone + transfers were finished. - 412. [bug] named -v didn't print the version. + 413. [bug] Notify could attempt to use the zone database after + it had been unloaded. [RT#267] - 411. [bug] A typo in the HS A code caused an assertion failure. + 412. [bug] named -v didn't print the version. - 410. [bug] lwres_gethostbyname() and company set lwres_h_errno - to a random value on success. + 411. [bug] A typo in the HS A code caused an assertion failure. - 409. [bug] If named was shut down early in the startup - process, ns_omapi_shutdown() would attempt to lock - an unintialized mutex. [RT #262] + 410. [bug] lwres_gethostbyname() and company set lwres_h_errno + to a random value on success. - 408. [bug] stub zones could leak memory and reference counts if - all the masters were unreachable. + 409. [bug] If named was shut down early in the startup + process, ns_omapi_shutdown() would attempt to lock + an unintialized mutex. [RT #262] - 407. [bug] isc_rwlock_lock() would needlessly block - readers when it reached the read quota even - if no writers were waiting. + 408. [bug] stub zones could leak memory and reference counts if + all the masters were unreachable. - 406. [bug] Log messages were occasionally lost or corrupted - due to a race condition in isc_log_doit(). + 407. [bug] isc_rwlock_lock() would needlessly block + readers when it reached the read quota even + if no writers were waiting. - 405. [func] Add support for selective forwarding (forward zones) + 406. [bug] Log messages were occasionally lost or corrupted + due to a race condition in isc_log_doit(). - 404. [bug] The request library didn't completely work with IPv6. + 405. [func] Add support for selective forwarding (forward zones) - 403. [bug] "host" did not use the search list. + 404. [bug] The request library didn't completely work with IPv6. - 402. [bug] Treat undefined acls as errors, rather than - warning and then later throwing an assertion. - [RT #252] + 403. [bug] "host" did not use the search list. - 401. [func] Added simple database API. + 402. [bug] Treat undefined acls as errors, rather than + warning and then later throwing an assertion. + [RT #252] - 400. [bug] SIG(0) signing and verifying was done incorrectly. - [RT #249] + 401. [func] Added simple database API. - 399. [bug] When reloading the server with a config file - containing a syntax error, it could catch an - assertion failure trying to perform zone - maintenance on, or sending notifies from, - tentatively created zones whose views were - never fully configured and lacked an address - database and request manager. + 400. [bug] SIG(0) signing and verifying was done incorrectly. + [RT #249] - 398. [bug] "dig" sometimes caught an assertion failure when - using TSIG, depending on the key length. + 399. [bug] When reloading the server with a config file + containing a syntax error, it could catch an + assertion failure trying to perform zone + maintenance on, or sending notifies from, + tentatively created zones whose views were + never fully configured and lacked an address + database and request manager. - 397. [func] Added utility functions dns_view_gettsig() and - dns_view_getpeertsig(). + 398. [bug] "dig" sometimes caught an assertion failure when + using TSIG, depending on the key length. - 396. [doc] There is now a man page for "nsupdate" - in doc/man/bin/nsupdate.8. + 397. [func] Added utility functions dns_view_gettsig() and + dns_view_getpeertsig(). - 395. [bug] nslookup printed incorrect RR type mnemonics - for RRs of type >= 21 [RT #237]. + 396. [doc] There is now a man page for "nsupdate" + in doc/man/bin/nsupdate.8. - 394. [bug] Current name was not propagated via $INCLUDE. + 395. [bug] nslookup printed incorrect RR type mnemonics + for RRs of type >= 21 [RT #237]. - 393. [func] Initial answer while loading (awl) support. - Entry points: dns_master_loadfileinc(), - dns_master_loadstreaminc(), dns_master_loadbufferinc(). - Note: calls to dns_master_load*inc() should be rate - be rate limited so as to not use up all file - descriptors. + 394. [bug] Current name was not propagated via $INCLUDE. - 392. [func] Add ISC_R_FAMILYNOSUPPORT. Returned when OS does - not support the given address family requested. + 393. [func] Initial answer while loading (awl) support. + Entry points: dns_master_loadfileinc(), + dns_master_loadstreaminc(), dns_master_loadbufferinc(). + Note: calls to dns_master_load*inc() should be rate + be rate limited so as to not use up all file + descriptors. - 391. [clarity] ISC_R_FAMILY -> ISC_R_FAMILYMISMATCH. + 392. [func] Add ISC_R_FAMILYNOSUPPORT. Returned when OS does + not support the given address family requested. - 390. [func] The function dns_zone_setdbtype() now takes - an argc/argv style vector of words and sets - both the zone database type and its arguments, - making the functions dns_zone_adddbarg() - and dns_zone_cleardbargs() unnecessary. + 391. [clarity] ISC_R_FAMILY -> ISC_R_FAMILYMISMATCH. - 389. [bug] Attempting to send a reqeust over IPv6 using - dns_request_create() on a system without IPv6 - support caused an assertion failure [RT #235]. + 390. [func] The function dns_zone_setdbtype() now takes + an argc/argv style vector of words and sets + both the zone database type and its arguments, + making the functions dns_zone_adddbarg() + and dns_zone_cleardbargs() unnecessary. - 388. [func] dig and host can now do reverse ipv6 lookups. + 389. [bug] Attempting to send a reqeust over IPv6 using + dns_request_create() on a system without IPv6 + support caused an assertion failure [RT #235]. - 387. [func] Add dns_byaddr_createptrname(), which converts - an address into the name used by a PTR query. + 388. [func] dig and host can now do reverse ipv6 lookups. - 386. [bug] Missing strdup() of ACL name caused random - ACL matching failures [RT #228]. + 387. [func] Add dns_byaddr_createptrname(), which converts + an address into the name used by a PTR query. - 385. [cleanup] Removed functions dns_zone_equal(), dns_zone_print(), - and dns_zt_print(). + 386. [bug] Missing strdup() of ACL name caused random + ACL matching failures [RT #228]. - 384. [bug] nsupdate was incorrectly limiting TTLs to 65535 instead - of 2147483647. + 385. [cleanup] Removed functions dns_zone_equal(), dns_zone_print(), + and dns_zt_print(). - 383. [func] When writing a master file, print the SOA and NS - records (and their SIGs) before other records. + 384. [bug] nsupdate was incorrectly limiting TTLs to 65535 instead + of 2147483647. - 382. [bug] named -u failed on many Linux systems where the - libc provided kernel headers do not match - the current kernel. + 383. [func] When writing a master file, print the SOA and NS + records (and their SIGs) before other records. - 381. [bug] Check for IPV6_RECVPKTINFO and use it instead of - IPV6_PKTINFO if found. [RT #229] + 382. [bug] named -u failed on many Linux systems where the + libc provided kernel headers do not match + the current kernel. - 380. [bug] nsupdate didn't work with IPv6. + 381. [bug] Check for IPV6_RECVPKTINFO and use it instead of + IPV6_PKTINFO if found. [RT #229] - 379. [func] New library function isc_sockaddr_anyofpf(). + 380. [bug] nsupdate didn't work with IPv6. - 378. [func] named and lwresd will log the command line arguments - they were started with in the "starting ..." message. + 379. [func] New library function isc_sockaddr_anyofpf(). - 377. [bug] When additional data lookups were refused due to - "allow-query", the databases were still being - attached causing reference leaks. + 378. [func] named and lwresd will log the command line arguments + they were started with in the "starting ..." message. - 376. [bug] The server should always use good entropy when - performing cryptographic functions needing entropy. + 377. [bug] When additional data lookups were refused due to + "allow-query", the databases were still being + attached causing reference leaks. - 375. [bug] Per-zone "allow-query" did not properly override the - view/global one for CNAME targets and additional - data [RT #220]. + 376. [bug] The server should always use good entropy when + performing cryptographic functions needing entropy. - 374. [bug] SOA in authoritative negative responses had wrong TTL. + 375. [bug] Per-zone "allow-query" did not properly override the + view/global one for CNAME targets and additional + data [RT #220]. - 373. [func] nslookup is now installed by "make install". + 374. [bug] SOA in authoritative negative responses had wrong TTL. - 372. [bug] Deal with Microsoft DNS servers appending two bytes of - garbage to zone transfer requests. + 373. [func] nslookup is now installed by "make install". - 371. [bug] At high debug levels, doing an outgoing zone transfer - of a very large RRset could cause an assertion failure - during logging. + 372. [bug] Deal with Microsoft DNS servers appending two bytes of + garbage to zone transfer requests. - 370. [bug] The error messages for rollforward failures were - overly terse. + 371. [bug] At high debug levels, doing an outgoing zone transfer + of a very large RRset could cause an assertion failure + during logging. - 369. [func] Support new named.conf options, view and zone - statements: + 370. [bug] The error messages for rollforward failures were + overly terse. - max-retry-time, min-retry-time, - max-refresh-time, min-refresh-time. + 369. [func] Support new named.conf options, view and zone + statements: - 368. [func] Restructure the internal ".bind" view so that more - zones can be added to it. + max-retry-time, min-retry-time, + max-refresh-time, min-refresh-time. - 367. [bug] Allow proper selection of server on nslookup command - line. + 368. [func] Restructure the internal ".bind" view so that more + zones can be added to it. - 366. [func] Allow use of '-' batch file in dig for stdin. + 367. [bug] Allow proper selection of server on nslookup command + line. - 365. [bug] nsupdate -k leaked memory. + 366. [func] Allow use of '-' batch file in dig for stdin. - 364. [func] Added additional-from-{cache,auth} + 365. [bug] nsupdate -k leaked memory. - 363. [placeholder] + 364. [func] Added additional-from-{cache,auth} - 362. [bug] rndc no longer aborts if the configuration file is - missing an options statement. [RT #209] + 363. [placeholder] - 361. [func] When the RBT find or chain functions set the name and - origin for a node that stores the root label - the name is now set to an empty name, instead of ".", - to simplify later use of the name and origin by - dns_name_concatenate(), dns_name_totext() or - dns_name_format(). + 362. [bug] rndc no longer aborts if the configuration file is + missing an options statement. [RT #209] - 360. [func] dns_name_totext() and dns_name_format() now allow - an empty name to be passed, which is formatted as "@". + 361. [func] When the RBT find or chain functions set the name and + origin for a node that stores the root label + the name is now set to an empty name, instead of ".", + to simplify later use of the name and origin by + dns_name_concatenate(), dns_name_totext() or + dns_name_format(). - 359. [bug] dnssec-signzone occasionally signed glue records. + 360. [func] dns_name_totext() and dns_name_format() now allow + an empty name to be passed, which is formatted as "@". - 358. [cleanup] Rename the intermediate files used by the dnssec - programs. + 359. [bug] dnssec-signzone occasionally signed glue records. - 357. [bug] The zone file parser crashed if the argument - to $INCLUDE was a quoted string. + 358. [cleanup] Rename the intermediate files used by the dnssec + programs. - 356. [cleanup] isc_task_send no longer requires event->sender to - be non-null. + 357. [bug] The zone file parser crashed if the argument + to $INCLUDE was a quoted string. - 355. [func] Added isc_dir_createunique(), similar to mkdtemp(). + 356. [cleanup] isc_task_send no longer requires event->sender to + be non-null. - 354. [doc] Man pages for the dnssec tools are now included in - the distribution, in doc/man/dnssec. + 355. [func] Added isc_dir_createunique(), similar to mkdtemp(). - 353. [bug] double increment in lwres/gethost.c:copytobuf(). - [RT# 187] + 354. [doc] Man pages for the dnssec tools are now included in + the distribution, in doc/man/dnssec. - 352. [bug] Race condition in dns_client_t startup could cause - an assertion failure. + 353. [bug] double increment in lwres/gethost.c:copytobuf(). + [RT# 187] - 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG - signed query could crash the server. + 352. [bug] Race condition in dns_client_t startup could cause + an assertion failure. - 350. [bug] Also-notify lists specified in the global options - block were not correctly reference counted, causing - a memory leak. + 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG + signed query could crash the server. - 349. [bug] Processing a query with the CD bit set now works - as expected. + 350. [bug] Also-notify lists specified in the global options + block were not correctly reference counted, causing + a memory leak. - 348. [func] New boolean named.conf options 'additional-from-auth' - and 'additional-from-cache' now supported in view and - global options statement. + 349. [bug] Processing a query with the CD bit set now works + as expected. - 347. [bug] Don't crash if an argument is left off options in dig. + 348. [func] New boolean named.conf options 'additional-from-auth' + and 'additional-from-cache' now supported in view and + global options statement. - 346. [placeholder] + 347. [bug] Don't crash if an argument is left off options in dig. - 345. [bug] Large-scale changes/cleanups to dig: - * Significantly improve structure handling - * Don't pre-load entire batch files - * Add name/rr counting/limiting - * Fix SIGINT handling - * Shorten timeouts to match v8's behavior + 346. [placeholder] - 344. [bug] When shutting down, lwresd sometimes tried - to shut down its client tasks twice, - triggering an assertion. + 345. [bug] Large-scale changes/cleanups to dig: + * Significantly improve structure handling + * Don't pre-load entire batch files + * Add name/rr counting/limiting + * Fix SIGINT handling + * Shorten timeouts to match v8's behavior - 343. [bug] Although zone maintenance SOA queries and - notify requests were signed with TSIG keys - when configured for the server in case, - the TSIG was not verified on the response. + 344. [bug] When shutting down, lwresd sometimes tried + to shut down its client tasks twice, + triggering an assertion. - 342. [bug] The wrong name was being passed to - dns_name_dup() when generating a TSIG - key using TKEY. + 343. [bug] Although zone maintenance SOA queries and + notify requests were signed with TSIG keys + when configured for the server in case, + the TSIG was not verified on the response. - 341. [func] Support 'key' clause in named.conf zone masters - statement to allow authentication via TSIG keys: + 342. [bug] The wrong name was being passed to + dns_name_dup() when generating a TSIG + key using TKEY. - masters { - 10.0.0.1 port 5353 key "foo"; - 10.0.0.2 ; - }; + 341. [func] Support 'key' clause in named.conf zone masters + statement to allow authentication via TSIG keys: - 340. [bug] The top-level COPYRIGHT file was missing from - the distribution. + masters { + 10.0.0.1 port 5353 key "foo"; + 10.0.0.2 ; + }; - 339. [bug] DNSSEC validation of the response to an ANY - query at a name with a CNAME RR in a secure - zone triggered an assertion failure. + 340. [bug] The top-level COPYRIGHT file was missing from + the distribution. - 338. [bug] lwresd logged to syslog as named, not lwresd. + 339. [bug] DNSSEC validation of the response to an ANY + query at a name with a CNAME RR in a secure + zone triggered an assertion failure. - 337. [bug] "dig" did not recognize "nsap-ptr" as an RR type - on the command line. + 338. [bug] lwresd logged to syslog as named, not lwresd. - 336. [bug] "dig -f" used 64 k of memory for each line in - the file. It now uses much less, though still - proportionally to the file size. + 337. [bug] "dig" did not recognize "nsap-ptr" as an RR type + on the command line. - 335. [bug] named would occasionally attempt recursion when - it was disallowed or undesired. + 336. [bug] "dig -f" used 64 k of memory for each line in + the file. It now uses much less, though still + proportionally to the file size. - 334. [func] Added hmac-md5 to libisc. + 335. [bug] named would occasionally attempt recursion when + it was disallowed or undesired. - 333. [bug] The resolver incorrectly accepted referrals to - domains that were not parents of the query name, - causing assertion failures. + 334. [func] Added hmac-md5 to libisc. - 332. [func] New function dns_name_reset(). + 333. [bug] The resolver incorrectly accepted referrals to + domains that were not parents of the query name, + causing assertion failures. - 331. [bug] Only log "recursion denied" if RD is set. [RT #178] + 332. [func] New function dns_name_reset(). - 330. [bug] Many debugging messages were partially formatted - even when debugging was turned off, causing a - significant decrease in query performance. + 331. [bug] Only log "recursion denied" if RD is set. [RT #178] - 329. [func] omapi_auth_register() now takes a size_t argument for - the length of a key's secret data. Previously - OMAPI only stored secrets up to the first NUL byte. + 330. [bug] Many debugging messages were partially formatted + even when debugging was turned off, causing a + significant decrease in query performance. - 328. [func] Added isc_base64_decodestring(). + 329. [func] omapi_auth_register() now takes a size_t argument for + the length of a key's secret data. Previously + OMAPI only stored secrets up to the first NUL byte. - 327. [bug] rndc.conf parser wasn't correctly recognising an IP - address where a host specification was required. + 328. [func] Added isc_base64_decodestring(). - 326. [func] 'keys' in an 'inet' control statement is now - required and must have at least one item in it. - A "not supported" warning is now issued if a 'unix' - control channel is defined. + 327. [bug] rndc.conf parser wasn't correctly recognising an IP + address where a host specification was required. - 325. [bug] isc_lex_gettoken was processing octal strings when - ISC_LEXOPT_CNUMBER was not set. + 326. [func] 'keys' in an 'inet' control statement is now + required and must have at least one item in it. + A "not supported" warning is now issued if a 'unix' + control channel is defined. - 324. [func] In the resolver, turn EDNS0 off if there is no - response after a number of retransmissions. - This is to allow queries some chance of succeeding - even if all the authoritative servers of a zone - silently discard EDNS0 requests instead of - sending an error response like they ought to. + 325. [bug] isc_lex_gettoken was processing octal strings when + ISC_LEXOPT_CNUMBER was not set. - 323. [bug] dns_rbt_findname() did not ignore empty rbt nodes. - Because of this, servers authoritative for a parent - and grandchild zone but not authoritative for the - intervening child zone did not correctly issue - referrals to the servers of the child zone. + 324. [func] In the resolver, turn EDNS0 off if there is no + response after a number of retransmissions. + This is to allow queries some chance of succeeding + even if all the authoritative servers of a zone + silently discard EDNS0 requests instead of + sending an error response like they ought to. - 322. [bug] Queries for KEY RRs are now sent to the parent - server before the authoritative one, making - DNSSEC insecurity proofs work in many cases - where they previously didn't. + 323. [bug] dns_rbt_findname() did not ignore empty rbt nodes. + Because of this, servers authoritative for a parent + and grandchild zone but not authoritative for the + intervening child zone did not correctly issue + referrals to the servers of the child zone. - 321. [bug] When synthesizing a CNAME RR for a DNAME - response, query_addcname() failed to intitialize - the type and class of the CNAME dns_rdata_t, - causing random failures. + 322. [bug] Queries for KEY RRs are now sent to the parent + server before the authoritative one, making + DNSSEC insecurity proofs work in many cases + where they previously didn't. - 320. [func] Multiple rndc changes: parses an rndc.conf file, - uses authentication to talk to named, command - line syntax changed. This will all be described - in the ARM. + 321. [bug] When synthesizing a CNAME RR for a DNAME + response, query_addcname() failed to intitialize + the type and class of the CNAME dns_rdata_t, + causing random failures. - 319. [func] The named.conf "controls" statement is now used - to configure the OMAPI command channel. + 320. [func] Multiple rndc changes: parses an rndc.conf file, + uses authentication to talk to named, command + line syntax changed. This will all be described + in the ARM. - 318. [func] dns_c_ndcctx_destroy() could never return anything - except ISC_R_SUCCESS; made it have void return instead. + 319. [func] The named.conf "controls" statement is now used + to configure the OMAPI command channel. - 317. [func] Use callbacks from libomapi to determine if a - new connection is valid, and if a key requested - to be used with that connection is valid. + 318. [func] dns_c_ndcctx_destroy() could never return anything + except ISC_R_SUCCESS; made it have void return instead. - 316. [bug] Generate a warning if we detect an unexpected - but treat as . + 317. [func] Use callbacks from libomapi to determine if a + new connection is valid, and if a key requested + to be used with that connection is valid. - 315. [bug] Handle non-empty blanks lines. [RT #163] + 316. [bug] Generate a warning if we detect an unexpected + but treat as . - 314. [func] The named.conf controls statement can now have - more than one key specified for the inet clause. + 315. [bug] Handle non-empty blanks lines. [RT #163] - 313. [bug] When parsing resolv.conf, don't terminate on an - error. Instead, parse as much as possible, but - still return an error if one was found. + 314. [func] The named.conf controls statement can now have + more than one key specified for the inet clause. - 312. [bug] Increase the number of allowed elements in the - resolv.conf search path from 6 to 8. If there - are more than this, ignore the remainder rather - than returning a failure in lwres_conf_parse. + 313. [bug] When parsing resolv.conf, don't terminate on an + error. Instead, parse as much as possible, but + still return an error if one was found. - 311. [bug] lwres_conf_parse failed when the first line of - resolv.conf was empty or a comment. + 312. [bug] Increase the number of allowed elements in the + resolv.conf search path from 6 to 8. If there + are more than this, ignore the remainder rather + than returning a failure in lwres_conf_parse. - 310. [func] Changes to named.conf "controls" statement (inet - subtype only) + 311. [bug] lwres_conf_parse failed when the first line of + resolv.conf was empty or a comment. - - support "keys" clause + 310. [func] Changes to named.conf "controls" statement (inet + subtype only) - controls { - inet * port 1024 - allow { any; } keys { "foo"; } - } + - support "keys" clause - - allow "port xxx" to be left out of statement, - in which case it defaults to omapi's default port - of 953. - - 309. [bug] When sending a referral, the server did not look - for name server addresses as glue in the zone - holding the NS RRset in the case where this zone - was not the same as the one where it looked for - name server addresses as authoritative data. - - 308. [bug] Treat a SOA record not at top of zone as an error - when loading a zone. [RT #154] - - 307. [bug] When canceling a query, the resolver didn't check for - isc_socket_sendto() calls that did not yet have their - completion events posted, so it could (rarely) end up - destroying the query context and then want to use - it again when the send event posted, triggering an - assertion as it tried to cancel an already-canceled - query. [RT #77] - - 306. [bug] Reading HMAC-MD5 private key files didn't work. - - 305. [bug] When reloading the server with a config file - containing a syntax error, it could catch an - assertion failure trying to perform zone - maintenance on tentatively created zones whose - views were never fully configured and lacked - an address database. - - 304. [bug] If more than LWRES_CONFMAXNAMESERVERS servers - are listed in resolv.conf, silently ignore them - instead of returning failure. - - 303. [bug] Add additional sanity checks to differentiate a AXFR - response vs a IXFR response. [RT #157] - - 302. [bug] In dig, host, and nslookup, MXNAME should be large - enough to hold any legal domain name in presentation - format + terminating NULL. - - 301. [bug] Uninitialized pointer in host:printmessage(). [RT #159] - - 300. [bug] Using both and didn't work - on platforms lacking IPv6 because each included their - own ipv6 header file for the missing definitions. Now - each library's ipv6.h defines the wrapper symbol of - the other (ISC_IPV6_H and LWRES_IPV6_H). + controls { + inet * port 1024 + allow { any; } keys { "foo"; } + } - 299. [cleanup] Get the user and group information before changing the - root directory, so the administrator does not need to - keep a copy of the user and group databases in the - chroot'ed environment. Suggested by Hakan Olsson. + - allow "port xxx" to be left out of statement, + in which case it defaults to omapi's default port + of 953. + + 309. [bug] When sending a referral, the server did not look + for name server addresses as glue in the zone + holding the NS RRset in the case where this zone + was not the same as the one where it looked for + name server addresses as authoritative data. + + 308. [bug] Treat a SOA record not at top of zone as an error + when loading a zone. [RT #154] + + 307. [bug] When canceling a query, the resolver didn't check for + isc_socket_sendto() calls that did not yet have their + completion events posted, so it could (rarely) end up + destroying the query context and then want to use + it again when the send event posted, triggering an + assertion as it tried to cancel an already-canceled + query. [RT #77] + + 306. [bug] Reading HMAC-MD5 private key files didn't work. + + 305. [bug] When reloading the server with a config file + containing a syntax error, it could catch an + assertion failure trying to perform zone + maintenance on tentatively created zones whose + views were never fully configured and lacked + an address database. + + 304. [bug] If more than LWRES_CONFMAXNAMESERVERS servers + are listed in resolv.conf, silently ignore them + instead of returning failure. + + 303. [bug] Add additional sanity checks to differentiate a AXFR + response vs a IXFR response. [RT #157] + + 302. [bug] In dig, host, and nslookup, MXNAME should be large + enough to hold any legal domain name in presentation + format + terminating NULL. + + 301. [bug] Uninitialized pointer in host:printmessage(). [RT #159] + + 300. [bug] Using both and didn't work + on platforms lacking IPv6 because each included their + own ipv6 header file for the missing definitions. Now + each library's ipv6.h defines the wrapper symbol of + the other (ISC_IPV6_H and LWRES_IPV6_H). - 298. [bug] A mutex deadlock occurred during shutdown of the - interface manager under certain conditions. - Digital Unix systems were the most affected. + 299. [cleanup] Get the user and group information before changing the + root directory, so the administrator does not need to + keep a copy of the user and group databases in the + chroot'ed environment. Suggested by Hakan Olsson. - 297. [bug] Specifying a key name that wasn't fully qualified - in certain parts of the config file could cause - an assertion failure. + 298. [bug] A mutex deadlock occurred during shutdown of the + interface manager under certain conditions. + Digital Unix systems were the most affected. - 296. [bug] "make install" from a separate build directory - failed unless configure had been run in the source - directory, too. + 297. [bug] Specifying a key name that wasn't fully qualified + in certain parts of the config file could cause + an assertion failure. - 295. [bug] When invoked with type==CNAME and a message - not constructed by dns_message_parse(), - dns_message_findname() failed to find anything - due to checking for attribute bits that are set - only in dns_message_parse(). This caused an - infinite loop when constructing the response to - an ANY query at a CNAME in a secure zone. + 296. [bug] "make install" from a separate build directory + failed unless configure had been run in the source + directory, too. - 294. [bug] If we run out of space in while processing glue - when reading a master file and commit "current name" - reverts to "name_current" instead of staying as - "name_glue". - - 293. [port] Add support for FreeBSD 4.0 system tests. + 295. [bug] When invoked with type==CNAME and a message + not constructed by dns_message_parse(), + dns_message_findname() failed to find anything + due to checking for attribute bits that are set + only in dns_message_parse(). This caused an + infinite loop when constructing the response to + an ANY query at a CNAME in a secure zone. - 292. [bug] Due to problems with the way some operating systems - handle simultaneous listening on IPv4 and IPv6 - addresses, the server no longer listens on IPv6 - addresses by default. To revert to the previous - behavior, specify "listen-on-v6 { any; };" in - the config file. + 294. [bug] If we run out of space in while processing glue + when reading a master file and commit "current name" + reverts to "name_current" instead of staying as + "name_glue". + + 293. [port] Add support for FreeBSD 4.0 system tests. - 291. [func] Caching servers no longer send outgoing queries - over TCP just because the incoming recursive query - was a TCP one. + 292. [bug] Due to problems with the way some operating systems + handle simultaneous listening on IPv4 and IPv6 + addresses, the server no longer listens on IPv6 + addresses by default. To revert to the previous + behavior, specify "listen-on-v6 { any; };" in + the config file. - 290. [cleanup] +twiddle option to dig (for testing only) removed. + 291. [func] Caching servers no longer send outgoing queries + over TCP just because the incoming recursive query + was a TCP one. - 289. [cleanup] dig is now installed in $bindir instead of $sbindir. - host is now installed in $bindir. (Be sure to remove - any $sbindir/dig from a previous release.) + 290. [cleanup] +twiddle option to dig (for testing only) removed. - 288. [func] rndc is now installed by "make install" into $sbindir. + 289. [cleanup] dig is now installed in $bindir instead of $sbindir. + host is now installed in $bindir. (Be sure to remove + any $sbindir/dig from a previous release.) - 287. [bug] rndc now works again as "rndc 127.1 reload" (for - only that task). Parsing its configuration file and - using digital signatures for authentication has been - disabled until named supports the "controls" statement, - post-9.0.0. + 288. [func] rndc is now installed by "make install" into $sbindir. - 286. [bug] On Solaris 2, when named inherited a signal state - where SIGHUP had the SIG_IGN action, SIGHUP would - be ignored rather than causing the server to reload - its configuration. + 287. [bug] rndc now works again as "rndc 127.1 reload" (for + only that task). Parsing its configuration file and + using digital signatures for authentication has been + disabled until named supports the "controls" statement, + post-9.0.0. - 285. [bug] A change made to the dst API for beta4 inadvertently - broke OMAPI's creation of a dst key from an incoming - message, causing an assertion to be triggered. Fixed. + 286. [bug] On Solaris 2, when named inherited a signal state + where SIGHUP had the SIG_IGN action, SIGHUP would + be ignored rather than causing the server to reload + its configuration. - 284. [func] The DNSSEC key generation and signing tools now - generate randomness from keyboard input on systems - that lack /dev/random. + 285. [bug] A change made to the dst API for beta4 inadvertently + broke OMAPI's creation of a dst key from an incoming + message, causing an assertion to be triggered. Fixed. - 283. [cleanup] The 'lwresd' program is now a link to 'named'. + 284. [func] The DNSSEC key generation and signing tools now + generate randomness from keyboard input on systems + that lack /dev/random. - 282. [bug] The lexer now returns ISC_R_RANGE if parsed integer is - too big for an unsigned long. + 283. [cleanup] The 'lwresd' program is now a link to 'named'. - 281. [bug] Fixed list of recognized config file category names. + 282. [bug] The lexer now returns ISC_R_RANGE if parsed integer is + too big for an unsigned long. - 280. [func] Add isc-config.sh, which can be used to more - easily build applications that link with - our libraries. + 281. [bug] Fixed list of recognized config file category names. - 279. [bug] Private omapi function symbols shared between - two or more files in libomapi.a were not namespace - protected using the ISC convention of starting with - the library name and two underscores ("omapi__"...) + 280. [func] Add isc-config.sh, which can be used to more + easily build applications that link with + our libraries. - 278. [bug] bin/named/logconf.c:category_fromconf() didn't take - note of when isc_log_categorybyname() wasn't able - to find the category name and would then apply the - channel list of the unknown category to all categories. + 279. [bug] Private omapi function symbols shared between + two or more files in libomapi.a were not namespace + protected using the ISC convention of starting with + the library name and two underscores ("omapi__"...) - 277. [bug] isc_log_categorybyname() and isc_log_modulebyname() - would fail to find the first member of any category - or module array apart from the internal defaults. - Thus, for example, the "notify" category was improperly - configured by named. + 278. [bug] bin/named/logconf.c:category_fromconf() didn't take + note of when isc_log_categorybyname() wasn't able + to find the category name and would then apply the + channel list of the unknown category to all categories. - 276. [bug] dig now supports maximum sized TCP messages. + 277. [bug] isc_log_categorybyname() and isc_log_modulebyname() + would fail to find the first member of any category + or module array apart from the internal defaults. + Thus, for example, the "notify" category was improperly + configured by named. - 275. [bug] The definition of lwres_gai_strerror() was missing - the lwres_ prefix. + 276. [bug] dig now supports maximum sized TCP messages. - 274. [bug] TSIG AXFR verify failed when talking to a BIND 8 - server. + 275. [bug] The definition of lwres_gai_strerror() was missing + the lwres_ prefix. - 273. [func] The default for the 'transfer-format' option is - now 'many-answers'. This will break zone transfers - to BIND 4.9.5 and older unless there is an explicit - 'one-answer' configuration. + 274. [bug] TSIG AXFR verify failed when talking to a BIND 8 + server. - 272. [bug] The sending of large TCP responses was canceled - in mid-transmission due to a race condition - caused by the failure to set the client object's - "newstate" variable correctly when transitioning - to the "working" state. + 273. [func] The default for the 'transfer-format' option is + now 'many-answers'. This will break zone transfers + to BIND 4.9.5 and older unless there is an explicit + 'one-answer' configuration. - 271. [func] Attempt to probe the number of cpus in named - if unspecified rather than defaulting to 1. + 272. [bug] The sending of large TCP responses was canceled + in mid-transmission due to a race condition + caused by the failure to set the client object's + "newstate" variable correctly when transitioning + to the "working" state. - 270. [func] Allow maximum sized TCP answers. + 271. [func] Attempt to probe the number of cpus in named + if unspecified rather than defaulting to 1. - 269. [bug] Failed DNSSEC validations could cause an assertion - failure by causing clone_results() to be called with - with hevent->node == NULL. + 270. [func] Allow maximum sized TCP answers. - 268. [doc] A plain text version of the Administrator - Reference Manual is now included in the distribution, - as doc/arm/Bv9ARM.txt. + 269. [bug] Failed DNSSEC validations could cause an assertion + failure by causing clone_results() to be called with + with hevent->node == NULL. - 267. [func] Nsupdate is now provided in the distribution. + 268. [doc] A plain text version of the Administrator + Reference Manual is now included in the distribution, + as doc/arm/Bv9ARM.txt. - 266. [bug] zone.c:save_nsrrset() node was not initialized. + 267. [func] Nsupdate is now provided in the distribution. - 265. [bug] dns_request_create() now works for TCP. + 266. [bug] zone.c:save_nsrrset() node was not initialized. - 264. [func] Dispatch can not take TCP sockets in connecting - state. Set DNS_DISPATCHATTR_CONNECTED when calling - dns_dispatch_createtcp() for connected TCP sockets - or call dns_dispatch_starttcp() when the socket is - connected. + 265. [bug] dns_request_create() now works for TCP. - 263. [func] New logging channel type 'stderr' + 264. [func] Dispatch can not take TCP sockets in connecting + state. Set DNS_DISPATCHATTR_CONNECTED when calling + dns_dispatch_createtcp() for connected TCP sockets + or call dns_dispatch_starttcp() when the socket is + connected. - channel some-name { - stderr; - severity error; - } + 263. [func] New logging channel type 'stderr' - 262. [bug] 'master' was not initialized in zone.c:stub_callback(). + channel some-name { + stderr; + severity error; + } - 261. [func] Add dns_zone_markdirty(). + 262. [bug] 'master' was not initialized in zone.c:stub_callback(). - 260. [bug] Running named as a non-root user failed on Linux - kernels new enough to support retaining capabilities - after setuid(). + 261. [func] Add dns_zone_markdirty(). - 259. [func] New random-device and random-seed-file statements - for global options block of named.conf. Both accept - a single string argument. + 260. [bug] Running named as a non-root user failed on Linux + kernels new enough to support retaining capabilities + after setuid(). - 258. [bug] Fixed printing of lwres_addr_t.address field. + 259. [func] New random-device and random-seed-file statements + for global options block of named.conf. Both accept + a single string argument. - 257. [bug] The server detached the last zone manager reference - too early, while it could still be in use by queries. - This manifested itself as assertion failures during the - shutdown process for busy name servers. [RT #133] + 258. [bug] Fixed printing of lwres_addr_t.address field. - 256. [func] isc_ratelimiter_t now has attach/detach semantics, and - isc_ratelimiter_shutdown guarantees that the rate - limiter is detached from its task. + 257. [bug] The server detached the last zone manager reference + too early, while it could still be in use by queries. + This manifested itself as assertion failures during the + shutdown process for busy name servers. [RT #133] - 255. [func] New function dns_zonemgr_attach(). + 256. [func] isc_ratelimiter_t now has attach/detach semantics, and + isc_ratelimiter_shutdown guarantees that the rate + limiter is detached from its task. - 254. [bug] Suppress "query denied" messages on additional data - lookups. + 255. [func] New function dns_zonemgr_attach(). - --- 9.0.0b4 released --- + 254. [bug] Suppress "query denied" messages on additional data + lookups. - 253. [func] resolv.conf parser now recognises ';' and '#' as - comments (anywhere in line, not just as the beginning). + --- 9.0.0b4 released --- - 252. [bug] resolv.conf parser mishandled masks on sortlists. - It also aborted when an unrecognized keyword was seen, - now it silently ignores the entire line. + 253. [func] resolv.conf parser now recognises ';' and '#' as + comments (anywhere in line, not just as the beginning). - 251. [bug] lwresd caught an assertion failure on startup. + 252. [bug] resolv.conf parser mishandled masks on sortlists. + It also aborted when an unrecognized keyword was seen, + now it silently ignores the entire line. - 250. [bug] fixed handling of size+unit when value would be too - large for internal representation. + 251. [bug] lwresd caught an assertion failure on startup. - 249. [cleanup] max-cache-size config option now takes a size-spec - like 'datasize', except 'default' is not allowed. + 250. [bug] fixed handling of size+unit when value would be too + large for internal representation. - 248. [bug] global lame-ttl option was not being printed when - config structures were written out. + 249. [cleanup] max-cache-size config option now takes a size-spec + like 'datasize', except 'default' is not allowed. - 247. [cleanup] Rename cache-size config option to max-cache-size. + 248. [bug] global lame-ttl option was not being printed when + config structures were written out. - 246. [func] Rename global option cachesize to cache-size and - add corresponding option to view statement. + 247. [cleanup] Rename cache-size config option to max-cache-size. - 245. [bug] If an uncompressed name will take more than 255 - bytes and the buffer is sufficiently long, - dns_name_fromwire should return DNS_R_FORMERR, - not ISC_R_NOSPACE. This bug caused cause the - server to catch an assertion failure when it - received a query for a name longer than 255 - bytes. + 246. [func] Rename global option cachesize to cache-size and + add corresponding option to view statement. - 244. [bug] empty named.conf file and empty options statement are - now parsed properly. + 245. [bug] If an uncompressed name will take more than 255 + bytes and the buffer is sufficiently long, + dns_name_fromwire should return DNS_R_FORMERR, + not ISC_R_NOSPACE. This bug caused cause the + server to catch an assertion failure when it + received a query for a name longer than 255 + bytes. - 243. [func] new cachesize option for named.conf + 244. [bug] empty named.conf file and empty options statement are + now parsed properly. - 242. [cleanup] fixed incorrect warning about auth-nxdomain usage. + 243. [func] new cachesize option for named.conf - 241. [cleanup] nscount and soacount have been removed from the - dns_master_*() argument lists. + 242. [cleanup] fixed incorrect warning about auth-nxdomain usage. - 240. [func] databases now come in three flavours: zone, cache - and stub. + 241. [cleanup] nscount and soacount have been removed from the + dns_master_*() argument lists. - 239. [func] If ISC_MEM_DEBUG is enabled, the variable - isc_mem_debugging controls whether messages - are printed or not. + 240. [func] databases now come in three flavours: zone, cache + and stub. - 238. [cleanup] A few more compilation warnings have been quieted: - + missing sigwait prototype on BSD/OS 4.0/4.0.1. - + PTHREAD_ONCE_INIT unbraced initializer warnings on - Solaris 2.8. - + IN6ADDR_ANY_INIT unbraced initializer warnings on - BSD/OS 4.*, Linux and Solaris 2.8. + 239. [func] If ISC_MEM_DEBUG is enabled, the variable + isc_mem_debugging controls whether messages + are printed or not. - 237. [bug] If connect() returned ENOBUFS when the resolver was - initiating a TCP query, the socket didn't get - destroyed, and the server did not shut down cleanly. + 238. [cleanup] A few more compilation warnings have been quieted: + + missing sigwait prototype on BSD/OS 4.0/4.0.1. + + PTHREAD_ONCE_INIT unbraced initializer warnings on + Solaris 2.8. + + IN6ADDR_ANY_INIT unbraced initializer warnings on + BSD/OS 4.*, Linux and Solaris 2.8. - 236. [func] Added new listen-on-v6 config file statement. + 237. [bug] If connect() returned ENOBUFS when the resolver was + initiating a TCP query, the socket didn't get + destroyed, and the server did not shut down cleanly. - 235. [func] Consider it a config file error if a listen-on - statement has an IPv6 address in it, or a - listen-on-v6 statement has an IPv4 address in it. + 236. [func] Added new listen-on-v6 config file statement. - 234. [bug] Allow a trusted-key's first field (domain-name) be - either a quoted or an unquoted string, instead of - requiring a quoted string. + 235. [func] Consider it a config file error if a listen-on + statement has an IPv6 address in it, or a + listen-on-v6 statement has an IPv4 address in it. - 233. [cleanup] Convert all config structure integer values to unsigned - integer (isc_uint32_t) to match grammer. + 234. [bug] Allow a trusted-key's first field (domain-name) be + either a quoted or an unquoted string, instead of + requiring a quoted string. - 232. [bug] Allow slave zones to not have a file. + 233. [cleanup] Convert all config structure integer values to unsigned + integer (isc_uint32_t) to match grammer. - 231. [func] Support new 'port' clause in config file options - section. Causes 'listen-on', 'masters' and - 'also-notify' statements to use its value instead of - default (53). + 232. [bug] Allow slave zones to not have a file. - 230. [func] Replace the dst sign/verify API with a cleaner one. + 231. [func] Support new 'port' clause in config file options + section. Causes 'listen-on', 'masters' and + 'also-notify' statements to use its value instead of + default (53). - 229. [func] Support config file sig-validity-interval statement - in options, views and zone statements (master - zones only). + 230. [func] Replace the dst sign/verify API with a cleaner one. - 228. [cleanup] Logging messages in config module stripped of - trailing period. + 229. [func] Support config file sig-validity-interval statement + in options, views and zone statements (master + zones only). - 227. [cleanup] The enumerated identifiers dns_rdataclass_*, - dns_rcode_*, dns_opcode_*, and dns_trust_* are - also now cast to their appropriate types, as with - dns_rdatatype_* in item number 225 below. + 228. [cleanup] Logging messages in config module stripped of + trailing period. - 226. [func] dns_name_totext() now always prints the root name as - '.', even when omit_final_dot is true. + 227. [cleanup] The enumerated identifiers dns_rdataclass_*, + dns_rcode_*, dns_opcode_*, and dns_trust_* are + also now cast to their appropriate types, as with + dns_rdatatype_* in item number 225 below. - 225. [cleanup] The enumerated dns_rdatatype_* identifiers are now - cast to dns_rdatatype_t via macros of their same name - so that they are of the proper integral type wherever - a dns_rdatatype_t is needed. + 226. [func] dns_name_totext() now always prints the root name as + '.', even when omit_final_dot is true. - 224. [cleanup] The entire project builds cleanly with gcc's - -Wcast-qual and -Wwrite-strings warnings enabled, - which is now the default when using gcc. (Warnings - from confparser.c, because of yacc's code, are - unfortunately to be expected.) + 225. [cleanup] The enumerated dns_rdatatype_* identifiers are now + cast to dns_rdatatype_t via macros of their same name + so that they are of the proper integral type wherever + a dns_rdatatype_t is needed. - 223. [func] Several functions were reprototyped to qualify one - or more of their arguments with "const". Similarly, - several functions that return pointers now have - those pointers qualified with const. + 224. [cleanup] The entire project builds cleanly with gcc's + -Wcast-qual and -Wwrite-strings warnings enabled, + which is now the default when using gcc. (Warnings + from confparser.c, because of yacc's code, are + unfortunately to be expected.) - 222. [bug] The global 'also-notify' option was ignored. + 223. [func] Several functions were reprototyped to qualify one + or more of their arguments with "const". Similarly, + several functions that return pointers now have + those pointers qualified with const. - 221. [bug] An uninitialized variable was sometimes passed to - dns_rdata_freestruct() when loading a zone, causing - an assertion failure. + 222. [bug] The global 'also-notify' option was ignored. - 220. [cleanup] Set the default outgoing port in the view, and - set it in sockaddrs returned from the ADB. - [31-May-2000 explorer] + 221. [bug] An uninitialized variable was sometimes passed to + dns_rdata_freestruct() when loading a zone, causing + an assertion failure. - 219. [bug] Signed truncated messages more correctly follow - the respective specs. + 220. [cleanup] Set the default outgoing port in the view, and + set it in sockaddrs returned from the ADB. + [31-May-2000 explorer] - 218. [func] When an rdataset is signed, its ttl is normalized - based on the signature validity period. + 219. [bug] Signed truncated messages more correctly follow + the respective specs. - 217. [func] Also-notify and trusted-keys can now be used in - the 'view' statement. + 218. [func] When an rdataset is signed, its ttl is normalized + based on the signature validity period. - 216. [func] The 'max-cache-ttl' and 'max-ncache-ttl' options - now work. + 217. [func] Also-notify and trusted-keys can now be used in + the 'view' statement. - 215. [bug] Failures at certain points in request processing - could cause the assertion INSIST(client->lockview - == NULL) to be triggered. + 216. [func] The 'max-cache-ttl' and 'max-ncache-ttl' options + now work. - 214. [func] New public function isc_netaddr_format(), for - formatting network addresses in log messages. + 215. [bug] Failures at certain points in request processing + could cause the assertion INSIST(client->lockview + == NULL) to be triggered. - 213. [bug] Don't leak memory when reloading the zone if - an update-policy clause was present in the old zone. + 214. [func] New public function isc_netaddr_format(), for + formatting network addresses in log messages. - 212. [func] Added dns_message_get/settsigkey, to make TSIG - key management reasonable. + 213. [bug] Don't leak memory when reloading the zone if + an update-policy clause was present in the old zone. - 211. [func] The 'key' and 'server' statements can now occur - inside 'view' statements. + 212. [func] Added dns_message_get/settsigkey, to make TSIG + key management reasonable. - 210. [bug] The 'allow-transfer' option was ignored for slave - zones, and the 'transfers-per-ns' option was - was ignored for all zones. + 211. [func] The 'key' and 'server' statements can now occur + inside 'view' statements. - 209. [cleanup] Upgraded openssl files to new version 0.9.5a + 210. [bug] The 'allow-transfer' option was ignored for slave + zones, and the 'transfers-per-ns' option was + was ignored for all zones. - 208. [func] Added ISC_OFFSET_MAXIMUM for the maximum value - of an isc_offset_t. + 209. [cleanup] Upgraded openssl files to new version 0.9.5a - 207. [func] The dnssec tools properly use the logging subsystem. + 208. [func] Added ISC_OFFSET_MAXIMUM for the maximum value + of an isc_offset_t. - 206. [cleanup] dst now stores the key name as a dns_name_t, not - a char *. + 207. [func] The dnssec tools properly use the logging subsystem. - 205. [cleanup] On IRIX, turn off the mostly harmless warnings 1692 - ("prototyped function redeclared without prototype") - and 1552 ("variable ... set but not used") when - compiling in the lib/dns/sec/{dnssafe,openssl} - directories, which contain code imported from outside - sources. + 206. [cleanup] dst now stores the key name as a dns_name_t, not + a char *. - 204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker - to quiet the warnings that "The linked output may not - run on a PA 1.x system." + 205. [cleanup] On IRIX, turn off the mostly harmless warnings 1692 + ("prototyped function redeclared without prototype") + and 1552 ("variable ... set but not used") when + compiling in the lib/dns/sec/{dnssafe,openssl} + directories, which contain code imported from outside + sources. - 203. [func] notify and zone soa queries are now tsig signed when - appropriate. + 204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker + to quiet the warnings that "The linked output may not + run on a PA 1.x system." - 202. [func] isc_lex_getsourceline() changed from returning int - to returning unsigned long, the type of its underlying - counter. + 203. [func] notify and zone soa queries are now tsig signed when + appropriate. - 201. [cleanup] Removed the test/sdig program, it has been - replaced by bin/dig/dig. + 202. [func] isc_lex_getsourceline() changed from returning int + to returning unsigned long, the type of its underlying + counter. + 201. [cleanup] Removed the test/sdig program, it has been + replaced by bin/dig/dig. - --- 9.0.0b3 released --- - 200. [bug] Failures in sending query responses to clients - (e.g., running out of network buffers) were - not logged. + --- 9.0.0b3 released --- - 199. [bug] isc_heap_delete() sometimes violated the heap - invariant, causing timer events not to be posted - when due. + 200. [bug] Failures in sending query responses to clients + (e.g., running out of network buffers) were + not logged. - 198. [func] Dispatch managers hold memory pools which - any managed dispatcher may use. This allows - us to avoid dipping into the memory context for - most allocations. [19-May-2000 explorer] + 199. [bug] isc_heap_delete() sometimes violated the heap + invariant, causing timer events not to be posted + when due. - 197. [bug] When an incoming AXFR or IXFR completes, the - zone's internal state is refreshed from the - SOA data. [19-May-2000 explorer] + 198. [func] Dispatch managers hold memory pools which + any managed dispatcher may use. This allows + us to avoid dipping into the memory context for + most allocations. [19-May-2000 explorer] - 196. [func] Dispatchers can be shared easily between views - and/or interfaces. [19-May-2000 explorer] + 197. [bug] When an incoming AXFR or IXFR completes, the + zone's internal state is refreshed from the + SOA data. [19-May-2000 explorer] - 195. [bug] Including the NXT record of the root domain - in a negative response caused an assertion - failure. + 196. [func] Dispatchers can be shared easily between views + and/or interfaces. [19-May-2000 explorer] - 194. [doc] The PDF version of the Administrator's Reference - Manual is no longer included in the ISC BIND9 - distribution. + 195. [bug] Including the NXT record of the root domain + in a negative response caused an assertion + failure. - 193. [func] changed dst_key_free() prototype. + 194. [doc] The PDF version of the Administrator's Reference + Manual is no longer included in the ISC BIND9 + distribution. - 192. [bug] Zone configuration validation is now done at end - of config file parsing, and before loading - callbacks. + 193. [func] changed dst_key_free() prototype. - 191. [func] Patched to compile on UnixWare 7.x. This platform - is not directly supported by the ISC. + 192. [bug] Zone configuration validation is now done at end + of config file parsing, and before loading + callbacks. - 190. [cleanup] The DNSSEC tools have been moved to a separate - directory dnssec/ and given the following new, - more descriptive names: + 191. [func] Patched to compile on UnixWare 7.x. This platform + is not directly supported by the ISC. - dnssec-keygen - dnssec-signzone - dnssec-signkey - dnssec-makekeyset + 190. [cleanup] The DNSSEC tools have been moved to a separate + directory dnssec/ and given the following new, + more descriptive names: - Their command line arguments have also been changed to - be more consistent. dnssec-keygen now prints the - name of the generated key files (sans extension) - on standard output to simplify its use in automated - scripts. + dnssec-keygen + dnssec-signzone + dnssec-signkey + dnssec-makekeyset - 189. [func] isc_time_secondsastimet(), a new function, will ensure - that the number of seconds in an isc_time_t does not - exceed the range of a time_t, or return ISC_R_RANGE. - Similarly, isc_time_now(), isc_time_nowplusinterval(), - isc_time_add() and isc_time_subtract() now check the - range for overflow/underflow. In the case of - isc_time_subtract, this changed a calling requirement - (ie, something that could generate an assertion) - into merely a condition that returns an error result. - isc_time_add() and isc_time_subtract() were void- - valued before but now return isc_result_t. + Their command line arguments have also been changed to + be more consistent. dnssec-keygen now prints the + name of the generated key files (sans extension) + on standard output to simplify its use in automated + scripts. - 188. [func] Log a warning message when an incoming zone transfer - contains out-of-zone data. + 189. [func] isc_time_secondsastimet(), a new function, will ensure + that the number of seconds in an isc_time_t does not + exceed the range of a time_t, or return ISC_R_RANGE. + Similarly, isc_time_now(), isc_time_nowplusinterval(), + isc_time_add() and isc_time_subtract() now check the + range for overflow/underflow. In the case of + isc_time_subtract, this changed a calling requirement + (ie, something that could generate an assertion) + into merely a condition that returns an error result. + isc_time_add() and isc_time_subtract() were void- + valued before but now return isc_result_t. - 187. [func] isc_ratelimter_enqueue() has an additional argument - 'task'. + 188. [func] Log a warning message when an incoming zone transfer + contains out-of-zone data. - 186. [func] dns_request_getresponse() has an additional argument - 'preserve_order'. + 187. [func] isc_ratelimter_enqueue() has an additional argument + 'task'. - 185. [bug] Fixed up handling of ISC_MEMCLUSTER_LEGACY. Several - public functions did not have an isc__ prefix, and - referred to functions that had previously been - renamed. + 186. [func] dns_request_getresponse() has an additional argument + 'preserve_order'. - 184. [cleanup] Variables/functions which began with two leading - underscores were made to conform to the ANSI/ISO - standard, which says that such names are reserved. + 185. [bug] Fixed up handling of ISC_MEMCLUSTER_LEGACY. Several + public functions did not have an isc__ prefix, and + referred to functions that had previously been + renamed. - 183. [func] ISC_LOG_PRINTTAG option for log channels. Useful - for logging the program name or other identifier. + 184. [cleanup] Variables/functions which began with two leading + underscores were made to conform to the ANSI/ISO + standard, which says that such names are reserved. - 182. [cleanup] New commandline parameters for dnssec tools + 183. [func] ISC_LOG_PRINTTAG option for log channels. Useful + for logging the program name or other identifier. - 181. [func] Added dst_key_buildfilename and dst_key_parsefilename + 182. [cleanup] New commandline parameters for dnssec tools - 180. [func] New isc_result_t ISC_R_RANGE. Supersedes DNS_R_RANGE. + 181. [func] Added dst_key_buildfilename and dst_key_parsefilename - 179. [func] options named.conf statement *must* now come - before any zone or view statements. + 180. [func] New isc_result_t ISC_R_RANGE. Supersedes DNS_R_RANGE. - 178. [func] Post-load of named.conf check verifies a slave zone - has non-empty list of masters defined. + 179. [func] options named.conf statement *must* now come + before any zone or view statements. - 177. [func] New per-zone boolean: + 178. [func] Post-load of named.conf check verifies a slave zone + has non-empty list of masters defined. - enable-zone yes | no ; + 177. [func] New per-zone boolean: - intended to let a zone be disabled without having - to comment out the entire zone statement. + enable-zone yes | no ; - 176. [func] New global and per-view option: + intended to let a zone be disabled without having + to comment out the entire zone statement. - max-cache-ttl number + 176. [func] New global and per-view option: - 175. [func] New global and per-view option: + max-cache-ttl number - additional-data internal | minimal | maximal; + 175. [func] New global and per-view option: - 174. [func] New public function isc_sockaddr_format(), for - formatting socket addresses in log messages. + additional-data internal | minimal | maximal; - 173. [func] Keep a queue of zones waiting for zone transfer - quota so that a new transfer can be dispatched - immediately whenever quota becomes available. + 174. [func] New public function isc_sockaddr_format(), for + formatting socket addresses in log messages. - 172. [bug] $TTL directive was sometimes missing from dumped - master files because totext_ctx_init() failed to - initialize ctx->current_ttl_valid. + 173. [func] Keep a queue of zones waiting for zone transfer + quota so that a new transfer can be dispatched + immediately whenever quota becomes available. - 171. [cleanup] On NetBSD systems, the mit-pthreads or - unproven-pthreads library is now always used - unless --with-ptl2 is explicitly specified on - the configure command line. The - --with-mit-pthreads option is no longer needed - and has been removed. + 172. [bug] $TTL directive was sometimes missing from dumped + master files because totext_ctx_init() failed to + initialize ctx->current_ttl_valid. - 170. [cleanup] Remove inter server consistancy checks from zone, - these should return as a seperate module in 9.1. - dns_zone_checkservers(), dns_zone_checkparents(), - dns_zone_checkchildren(), dns_zone_checkglue(). + 171. [cleanup] On NetBSD systems, the mit-pthreads or + unproven-pthreads library is now always used + unless --with-ptl2 is explicitly specified on + the configure command line. The + --with-mit-pthreads option is no longer needed + and has been removed. - Remove dns_zone_setadb(), dns_zone_setresolver(), - dns_zone_setrequestmgr() these should now be found - via the view. + 170. [cleanup] Remove inter server consistancy checks from zone, + these should return as a seperate module in 9.1. + dns_zone_checkservers(), dns_zone_checkparents(), + dns_zone_checkchildren(), dns_zone_checkglue(). - 169. [func] ratelimiter can now process N events per interval. + Remove dns_zone_setadb(), dns_zone_setresolver(), + dns_zone_setrequestmgr() these should now be found + via the view. - 168. [bug] include statements in named.conf caused syntax errors - due to not consuming the semicolon ending the include - statement before switching input streams. + 169. [func] ratelimiter can now process N events per interval. - 167. [bug] Make lack of masters for a slave zone a soft error. + 168. [bug] include statements in named.conf caused syntax errors + due to not consuming the semicolon ending the include + statement before switching input streams. - 166. [bug] Keygen was overwriting existing keys if key_id - conflicted, now it will retry, and non-null keys - with key_id == 0 are not generated anymore. Key - was not able to generate NOAUTHCONF DSA key, - increased RSA key size to 2048 bits. + 167. [bug] Make lack of masters for a slave zone a soft error. - 165. [cleanup] Silence "end-of-loop condition not reached" warnings - from Solaris compiler. + 166. [bug] Keygen was overwriting existing keys if key_id + conflicted, now it will retry, and non-null keys + with key_id == 0 are not generated anymore. Key + was not able to generate NOAUTHCONF DSA key, + increased RSA key size to 2048 bits. - 164. [func] Added functions isc_stdio_open(), isc_stdio_close(), - isc_stdio_seek(), isc_stdio_read(), isc_stdio_write(), - isc_stdio_flush(), isc_stdio_sync(), isc_file_remove() - to encapsulate nonportable usage of errno and sync. + 165. [cleanup] Silence "end-of-loop condition not reached" warnings + from Solaris compiler. - 163. [func] Added result codes ISC_R_FILENOTFOUND and - ISC_R_FILEEXISTS. + 164. [func] Added functions isc_stdio_open(), isc_stdio_close(), + isc_stdio_seek(), isc_stdio_read(), isc_stdio_write(), + isc_stdio_flush(), isc_stdio_sync(), isc_file_remove() + to encapsulate nonportable usage of errno and sync. - 162. [bug] Ensure proper range for arguments to ctype.h functions. + 163. [func] Added result codes ISC_R_FILENOTFOUND and + ISC_R_FILEEXISTS. - 161. [cleanup] error in yyparse prototype that only HPUX caught. + 162. [bug] Ensure proper range for arguments to ctype.h functions. - 160. [cleanup] getnet*() are not going to be implemented at this - stage. + 161. [cleanup] error in yyparse prototype that only HPUX caught. - 159. [func] Redefinition of config file elements is now an - error (instead of a warning). + 160. [cleanup] getnet*() are not going to be implemented at this + stage. - 158. [bug] Log channel and category list copy routines - weren't assigning properly to output parameter. + 159. [func] Redefinition of config file elements is now an + error (instead of a warning). - 157. [port] Fix missing prototype for getopt(). + 158. [bug] Log channel and category list copy routines + weren't assigning properly to output parameter. - 156. [func] Support new 'database' statement in zone. + 157. [port] Fix missing prototype for getopt(). - database "quoted-string"; + 156. [func] Support new 'database' statement in zone. - 155. [bug] ns_notify_start() was not detaching the found zone. + database "quoted-string"; - 154. [func] The signer now logs libdns warnings to stderr even when - not verbose, and in a nicer format. + 155. [bug] ns_notify_start() was not detaching the found zone. - 153. [func] dns_rdata_tostruct() 'mctx' is now optional. If 'mctx' - is NULL then you need to preserve the 'rdata' until - you have finished using the structure as there may be - references to the associated memory. If 'mctx' is - non-NULL it is guaranteed that there are no references - to memory associated with 'rdata'. + 154. [func] The signer now logs libdns warnings to stderr even when + not verbose, and in a nicer format. - dns_rdata_freestruct() must be called if 'mctx' was - non-NULL and may safely be called if 'mctx' was NULL. + 153. [func] dns_rdata_tostruct() 'mctx' is now optional. If 'mctx' + is NULL then you need to preserve the 'rdata' until + you have finished using the structure as there may be + references to the associated memory. If 'mctx' is + non-NULL it is guaranteed that there are no references + to memory associated with 'rdata'. - 152. [bug] keygen dumped core if domain name argument was omitted - from command line. + dns_rdata_freestruct() must be called if 'mctx' was + non-NULL and may safely be called if 'mctx' was NULL. - 151. [func] Support 'disabled' statement in zone config (causes - zone to be parsed and then ignored). Currently must - come after the 'type' clause. + 152. [bug] keygen dumped core if domain name argument was omitted + from command line. - 150. [func] Support optional ports in masters and also-notify - statements: + 151. [func] Support 'disabled' statement in zone config (causes + zone to be parsed and then ignored). Currently must + come after the 'type' clause. - masters [ port xxx ] { y.y.y.y [ port zzz ] ; } + 150. [func] Support optional ports in masters and also-notify + statements: - 149. [cleanup] Removed usused argument 'olist' from - dns_c_view_unsetordering(). + masters [ port xxx ] { y.y.y.y [ port zzz ] ; } - 148. [cleanup] Stop issuing some warnings about some configuration - file statements that were not implemented, but now are. + 149. [cleanup] Removed usused argument 'olist' from + dns_c_view_unsetordering(). - 147. [bug] Changed yacc union size to be smaller for yaccs that - put yacc-stack on the real stack. + 148. [cleanup] Stop issuing some warnings about some configuration + file statements that were not implemented, but now are. - 146. [cleanup] More general redundant header file cleanup. Rather - than continuing to itemize every header which changed, - this changelog entry just notes that if a header file - did not need another header file that it was including - in order to provide its advertized functionality, the - inclusion of the other header file was removed. See - util/check-includes for how this was tested. + 147. [bug] Changed yacc union size to be smaller for yaccs that + put yacc-stack on the real stack. - 145. [cleanup] Added and ISC_LANG_BEGINDECLS/ - ISC_LANG_ENDDECLS to header files that had function - prototypes, and removed it from those that did not. + 146. [cleanup] More general redundant header file cleanup. Rather + than continuing to itemize every header which changed, + this changelog entry just notes that if a header file + did not need another header file that it was including + in order to provide its advertized functionality, the + inclusion of the other header file was removed. See + util/check-includes for how this was tested. - 144. [cleanup] libdns header files too numerous to name were made - to conform to the same style for multiple inclusion - protection. + 145. [cleanup] Added and ISC_LANG_BEGINDECLS/ + ISC_LANG_ENDDECLS to header files that had function + prototypes, and removed it from those that did not. - 143. [func] Added function dns_rdatatype_isknown(). + 144. [cleanup] libdns header files too numerous to name were made + to conform to the same style for multiple inclusion + protection. - 142. [cleanup] does not need or - . + 143. [func] Added function dns_rdatatype_isknown(). - 141. [bug] Corrupt requests with multiple questions could - cause an assertion failure. + 142. [cleanup] does not need or + . - 140. [cleanup] does not need or . + 141. [bug] Corrupt requests with multiple questions could + cause an assertion failure. - 139. [cleanup] now includes instead of - and . + 140. [cleanup] does not need or . - 138. [cleanup] isc_strtouq moved from str.[ch] to string.[ch] and - renamed isc_string_touint64. isc_strsep moved from - strsep.c to string.c and renamed isc_string_separate. + 139. [cleanup] now includes instead of + and . - 137. [cleanup] , , - , and - made to conform to the same style for multiple - inclusion protection. + 138. [cleanup] isc_strtouq moved from str.[ch] to string.[ch] and + renamed isc_string_touint64. isc_strsep moved from + strsep.c to string.c and renamed isc_string_separate. - 136. [cleanup] , , - and Win32's needed - ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS. + 137. [cleanup] , , + , and + made to conform to the same style for multiple + inclusion protection. - 135. [cleanup] Win32's did not need - or , now uses in place - of , and needed ISC_LANG_BEGINDECLS - and ISC_LANG_ENDDECLS. + 136. [cleanup] , , + and Win32's needed + ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS. - 134. [cleanup] does not need . + 135. [cleanup] Win32's did not need + or , now uses in place + of , and needed ISC_LANG_BEGINDECLS + and ISC_LANG_ENDDECLS. - 133. [cleanup] needs . + 134. [cleanup] does not need . - 132. [cleanup] does not need , but does - need . + 133. [cleanup] needs . - 131. [cleanup] and need - for ISC_R_* codes used in macros. + 132. [cleanup] does not need , but does + need . - 130. [cleanup] does not need or - , and now includes - instead of . + 131. [cleanup] and need + for ISC_R_* codes used in macros. - 129. [bug] The 'default_debug' log channel was not set up when - 'category default' was present in the config file + 130. [cleanup] does not need or + , and now includes + instead of . - 128. [cleanup] had ISC_LANG_BEGINDECLS instead of - ISC_LANG_ENDDECLS at end of header. + 129. [bug] The 'default_debug' log channel was not set up when + 'category default' was present in the config file - 127. [cleanup] The contracts for the comparision routines - dns_name_fullcompare(), dns_name_compare(), - dns_name_rdatacompare(), and dns_rdata_compare() now - specify that the order value returned is < 0, 0, or > 0 - instead of -1, 0, or 1. + 128. [cleanup] had ISC_LANG_BEGINDECLS instead of + ISC_LANG_ENDDECLS at end of header. - 126. [cleanup] and need . + 127. [cleanup] The contracts for the comparision routines + dns_name_fullcompare(), dns_name_compare(), + dns_name_rdatacompare(), and dns_rdata_compare() now + specify that the order value returned is < 0, 0, or > 0 + instead of -1, 0, or 1. - 125. [cleanup] , , , - , , , and - do not need . + 126. [cleanup] and need . - 124. [func] signer now imports parent's zone key signature - and creates null keys/sets zone status bit for - children when necessary + 125. [cleanup] , , , + , , , and + do not need . - 123. [cleanup] does not need . + 124. [func] signer now imports parent's zone key signature + and creates null keys/sets zone status bit for + children when necessary - 122. [cleanup] does not need or - . + 123. [cleanup] does not need . - 121. [cleanup] does not need or - . Multiple inclusion protection - symbol fixed from ISC_SYMBOL_H to ISC_SYMTAB_H. - isc_symtab_t moved to . + 122. [cleanup] does not need or + . - 120. [cleanup] does not need , - , , or - . + 121. [cleanup] does not need or + . Multiple inclusion protection + symbol fixed from ISC_SYMBOL_H to ISC_SYMTAB_H. + isc_symtab_t moved to . - 119. [cleanup] structure definitions for generic rdata stuctures do - not have _generic_ in their names. + 120. [cleanup] does not need , + , , or + . - 118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting - YACC crust (yyparse, etc) [2000-apr-27 explorer] + 119. [cleanup] structure definitions for generic rdata stuctures do + not have _generic_ in their names. - 117. [cleanup] libdns.a changes: - dns_zone_clearnotify() and dns_zone_addnotify() - are replaced by dns_zone_setnotifyalso(). - dns_zone_clearmasters() and dns_zone_addmaster() - are replaced by dns_zone_setmasters(). + 118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting + YACC crust (yyparse, etc) [2000-apr-27 explorer] - 116. [func] Added for isc_offset_t (aka off_t - on Unix systems). + 117. [cleanup] libdns.a changes: + dns_zone_clearnotify() and dns_zone_addnotify() + are replaced by dns_zone_setnotifyalso(). + dns_zone_clearmasters() and dns_zone_addmaster() + are replaced by dns_zone_setmasters(). - 115. [port] Shut up the -Wmissing-declarations warning about - 's __sputaux on BSD/OS pre-4.1. + 116. [func] Added for isc_offset_t (aka off_t + on Unix systems). - 114. [cleanup] does not need or - . + 115. [port] Shut up the -Wmissing-declarations warning about + 's __sputaux on BSD/OS pre-4.1. - 113. [func] Utility programs dig and host added. + 114. [cleanup] does not need or + . - 112. [cleanup] does not need . + 113. [func] Utility programs dig and host added. - 111. [cleanup] does not need or - . + 112. [cleanup] does not need . - 110. [cleanup] does not need or - . + 111. [cleanup] does not need or + . - 109. [bug] "make depend" did nothing for - bin/tests/{db,mem,sockaddr,tasks,timers}/. + 110. [cleanup] does not need or + . - 108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from - to and renamed to - DNS_BIT_SET/DNS_BIT_GET/DNS_BIT_CLEAR. + 109. [bug] "make depend" did nothing for + bin/tests/{db,mem,sockaddr,tasks,timers}/. - 107. [func] Add keysigner and keysettool. + 108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from + to and renamed to + DNS_BIT_SET/DNS_BIT_GET/DNS_BIT_CLEAR. - 106. [func] Allow dnssec verifications to ignore the validity - period. Used by several of the dnssec tools. + 107. [func] Add keysigner and keysettool. - 105. [doc] doc/dev/coding.html expanded with other - implicit conventions the developers have used. + 106. [func] Allow dnssec verifications to ignore the validity + period. Used by several of the dnssec tools. - 104. [bug] Made compress_add and compress_find static to - lib/dns/compress.c. + 105. [doc] doc/dev/coding.html expanded with other + implicit conventions the developers have used. - 103. [func] libisc buffer API changes for : - Added: - isc_buffer_base(b) (pointer) - isc_buffer_current(b) (pointer) - isc_buffer_active(b) (pointer) - isc_buffer_used(b) (pointer) - isc_buffer_length(b) (int) - isc_buffer_usedlength(b) (int) - isc_buffer_consumedlength(b) (int) - isc_buffer_remaininglength(b) (int) - isc_buffer_activelength(b) (int) - isc_buffer_availablelength(b) (int) - Removed: - ISC_BUFFER_USEDCOUNT(b) - ISC_BUFFER_AVAILABLECOUNT(b) - isc_buffer_type(b) - Changed names: - isc_buffer_used(b, r) -> - isc_buffer_usedregion(b, r) - isc_buffer_available(b, r) -> - isc_buffer_available_region(b, r) - isc_buffer_consumed(b, r) -> - isc_buffer_consumedregion(b, r) - isc_buffer_active(b, r) -> - isc_buffer_activeregion(b, r) - isc_buffer_remaining(b, r) -> - isc_buffer_remainingregion(b, r) + 104. [bug] Made compress_add and compress_find static to + lib/dns/compress.c. - Buffer types were removed, so the ISC_BUFFERTYPE_* - macros are no more, and the type argument to - isc_buffer_init and isc_buffer_allocate were removed. - isc_buffer_putstr is now void (instead of isc_result_t) - and requires that the caller ensure that there - is enough available buffer space for the string. + 103. [func] libisc buffer API changes for : + Added: + isc_buffer_base(b) (pointer) + isc_buffer_current(b) (pointer) + isc_buffer_active(b) (pointer) + isc_buffer_used(b) (pointer) + isc_buffer_length(b) (int) + isc_buffer_usedlength(b) (int) + isc_buffer_consumedlength(b) (int) + isc_buffer_remaininglength(b) (int) + isc_buffer_activelength(b) (int) + isc_buffer_availablelength(b) (int) + Removed: + ISC_BUFFER_USEDCOUNT(b) + ISC_BUFFER_AVAILABLECOUNT(b) + isc_buffer_type(b) + Changed names: + isc_buffer_used(b, r) -> + isc_buffer_usedregion(b, r) + isc_buffer_available(b, r) -> + isc_buffer_available_region(b, r) + isc_buffer_consumed(b, r) -> + isc_buffer_consumedregion(b, r) + isc_buffer_active(b, r) -> + isc_buffer_activeregion(b, r) + isc_buffer_remaining(b, r) -> + isc_buffer_remainingregion(b, r) - 102. [port] Correctly detect inet_aton, inet_pton and inet_ptop - on BSD/OS 4.1. + Buffer types were removed, so the ISC_BUFFERTYPE_* + macros are no more, and the type argument to + isc_buffer_init and isc_buffer_allocate were removed. + isc_buffer_putstr is now void (instead of isc_result_t) + and requires that the caller ensure that there + is enough available buffer space for the string. - 101. [cleanup] Quieted EGCS warnings from lib/isc/print.c. + 102. [port] Correctly detect inet_aton, inet_pton and inet_ptop + on BSD/OS 4.1. - 100. [cleanup] does not need or - . isc_random_t moved to . + 101. [cleanup] Quieted EGCS warnings from lib/isc/print.c. - 99. [cleanup] Rate limiter now has separate shutdown() and - destroy() functions, and it guarantees that all - queued events are delivered even in the shutdown case. + 100. [cleanup] does not need or + . isc_random_t moved to . - 98. [cleanup] does not need or - unless ISC_PLATFORM_NEEDVSNPRINTF is defined. + 99. [cleanup] Rate limiter now has separate shutdown() and + destroy() functions, and it guarantees that all + queued events are delivered even in the shutdown case. - 97. [cleanup] does not need or - . + 98. [cleanup] does not need or + unless ISC_PLATFORM_NEEDVSNPRINTF is defined. - 96. [cleanup] does not need . + 97. [cleanup] does not need or + . - 95. [cleanup] does not need . + 96. [cleanup] does not need . - 94. [cleanup] Some installed header files did not compile as C++. + 95. [cleanup] does not need . - 93. [cleanup] does not need . + 94. [cleanup] Some installed header files did not compile as C++. - 92. [cleanup] does not need , , - or . + 93. [cleanup] does not need . - 91. [cleanup] does not need or - . + 92. [cleanup] does not need , , + or . - 90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS - from . + 91. [cleanup] does not need or + . - 89. [cleanup] does not need . + 90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS + from . - 88. [cleanup] does not need or - . isc_interface_t and isc_interfaceiter_t - moved to . + 89. [cleanup] does not need . - 87. [cleanup] does not need , - or . + 88. [cleanup] does not need or + . isc_interface_t and isc_interfaceiter_t + moved to . - 86. [cleanup] isc_bufferlist_t moved from to - . + 87. [cleanup] does not need , + or . - 85. [cleanup] does not need , - , , or - . + 86. [cleanup] isc_bufferlist_t moved from to + . - 84. [func] allow-query ACL checks now apply to all data - added to a response. + 85. [cleanup] does not need , + , , or + . - 83. [func] If the server is authoritative for both a - delegating zone and its (nonsecure) delegatee, and - a query is made for a KEY RR at the top of the - delegatee, then the server will look for a KEY - in the delegator if it is not found in the delegatee. + 84. [func] allow-query ACL checks now apply to all data + added to a response. - 82. [cleanup] does not need . + 83. [func] If the server is authoritative for both a + delegating zone and its (nonsecure) delegatee, and + a query is made for a KEY RR at the top of the + delegatee, then the server will look for a KEY + in the delegator if it is not found in the delegatee. - 81. [cleanup] and do not need - . + 82. [cleanup] does not need . - 80. [cleanup] does not need or . + 81. [cleanup] and do not need + . - 79. [cleanup] does not need . + 80. [cleanup] does not need or . - 78. [cleanup] lwres_conftest renamed to lwresconf_test for - consistency with other *_test programs. + 79. [cleanup] does not need . - 77. [cleanup] typedef of isc_time_t and isc_interval_t moved from - to . + 78. [cleanup] lwres_conftest renamed to lwresconf_test for + consistency with other *_test programs. - 76. [cleanup] Rewrote keygen. + 77. [cleanup] typedef of isc_time_t and isc_interval_t moved from + to . - 75. [func] Don't load a zone if its database file is older - than the last time the zone was loaded. + 76. [cleanup] Rewrote keygen. - 74. [cleanup] Removed mktemplate.o and ufile.o from libisc.a, - subsumed by file.o. + 75. [func] Don't load a zone if its database file is older + than the last time the zone was loaded. - 73. [func] New "file" API in libisc, including new function - isc_file_getmodtime, isc_mktemplate renamed to - isc_file_mktemplate and isc_ufile renamed to - isc_file_openunique. By no means an exhaustive API, - it is just what's needed for now. + 74. [cleanup] Removed mktemplate.o and ufile.o from libisc.a, + subsumed by file.o. - 72. [func] DNS_RBTFIND_NOPREDECESSOR and DNS_RBTFIND_NOOPTIONS - added for dns_rbt_findnode, the former to disable the - setting of the chain to the predecessor, and the - latter to make clear when no options are set. + 73. [func] New "file" API in libisc, including new function + isc_file_getmodtime, isc_mktemplate renamed to + isc_file_mktemplate and isc_ufile renamed to + isc_file_openunique. By no means an exhaustive API, + it is just what's needed for now. - 71. [cleanup] Made explicit the implicit REQUIREs of - isc_time_seconds, isc_time_nanoseconds, and - isc_time_subtract. + 72. [func] DNS_RBTFIND_NOPREDECESSOR and DNS_RBTFIND_NOOPTIONS + added for dns_rbt_findnode, the former to disable the + setting of the chain to the predecessor, and the + latter to make clear when no options are set. - 70. [func] isc_time_set() added. + 71. [cleanup] Made explicit the implicit REQUIREs of + isc_time_seconds, isc_time_nanoseconds, and + isc_time_subtract. - 69. [bug] The zone object's master and also-notify lists grew - longer with each server reload. + 70. [func] isc_time_set() added. - 68. [func] Partial support for SIG(0) on incoming messages. + 69. [bug] The zone object's master and also-notify lists grew + longer with each server reload. - 67. [performance] Allow use of alternate (compile-time supplied) - OpenSSL libraries/headers. + 68. [func] Partial support for SIG(0) on incoming messages. - 66. [func] Data in authoritative zones should have a trust level - beyond secure. + 67. [performance] Allow use of alternate (compile-time supplied) + OpenSSL libraries/headers. - 65. [cleanup] Removed obsolete typedef of dns_zone_callbackarg_t - from . + 66. [func] Data in authoritative zones should have a trust level + beyond secure. - 64. [func] The RBT, DB, and zone table APIs now allow the - caller find the most-enclosing superdomain of - a name. + 65. [cleanup] Removed obsolete typedef of dns_zone_callbackarg_t + from . - 63. [func] Generate NOTIFY messages. + 64. [func] The RBT, DB, and zone table APIs now allow the + caller find the most-enclosing superdomain of + a name. - 62. [func] Add UDP refresh support. + 63. [func] Generate NOTIFY messages. - 61. [cleanup] Use single quotes consistently in log messages. + 62. [func] Add UDP refresh support. - 60. [func] Catch and disallow singleton types on message - parse. + 61. [cleanup] Use single quotes consistently in log messages. - 59. [bug] Cause net/host unreachable to be a hard error - when sending and receiving. + 60. [func] Catch and disallow singleton types on message + parse. - 58. [bug] bin/named/query.c could sometimes trigger the - (client->query.attributes & NS_QUERYATTR_NAMEBUFUSED) - == 0 assertion in query_newname(). + 59. [bug] Cause net/host unreachable to be a hard error + when sending and receiving. - 57. [func] Added dns_nxt_typepresent() + 58. [bug] bin/named/query.c could sometimes trigger the + (client->query.attributes & NS_QUERYATTR_NAMEBUFUSED) + == 0 assertion in query_newname(). - 56. [bug] SIG records were not properly returned in cached - negative answers. + 57. [func] Added dns_nxt_typepresent() - 55. [bug] Responses containing multiple names in the authority - section were not negatively cached. + 56. [bug] SIG records were not properly returned in cached + negative answers. - 54. [bug] If a fetch with sigrdataset==NULL joined one with - sigrdataset!=NULL or vice versa, the resolver - could catch an assertion or lose signature data, - respectively. + 55. [bug] Responses containing multiple names in the authority + section were not negatively cached. - 53. [port] freebsd 4.0: lib/isc/unix/socket.c requires - . + 54. [bug] If a fetch with sigrdataset==NULL joined one with + sigrdataset!=NULL or vice versa, the resolver + could catch an assertion or lose signature data, + respectively. - 52. [bug] rndc: taskmgr and socketmgr were not initialized - to NULL. + 53. [port] freebsd 4.0: lib/isc/unix/socket.c requires + . - 51. [cleanup] dns/compress.h and dns/zt.h did not need to include - dns/rbt.h; it was needed only by compress.c and zt.c. + 52. [bug] rndc: taskmgr and socketmgr were not initialized + to NULL. - 50. [func] RBT deletion no longer requires a valid chain to work, - and dns_rbt_deletenode was added. + 51. [cleanup] dns/compress.h and dns/zt.h did not need to include + dns/rbt.h; it was needed only by compress.c and zt.c. - 49. [func] Each cache now has its own mctx. + 50. [func] RBT deletion no longer requires a valid chain to work, + and dns_rbt_deletenode was added. - 48. [func] isc_task_create() no longer takes an mctx. - isc_task_mem() has been eliminated. + 49. [func] Each cache now has its own mctx. - 47. [func] A number of modules now use memory context reference - counting. + 48. [func] isc_task_create() no longer takes an mctx. + isc_task_mem() has been eliminated. - 46. [func] Memory contexts are now reference counted. - Added isc_mem_inuse() and isc_mem_preallocate(). - Renamed isc_mem_destroy_check() to - isc_mem_setdestroycheck(). + 47. [func] A number of modules now use memory context reference + counting. - 45. [bug] The trusted-key statement incorrectly loaded keys. + 46. [func] Memory contexts are now reference counted. + Added isc_mem_inuse() and isc_mem_preallocate(). + Renamed isc_mem_destroy_check() to + isc_mem_setdestroycheck(). - 44. [bug] Don't include authority data if it would force us - to unset the AD bit in the message. + 45. [bug] The trusted-key statement incorrectly loaded keys. - 43. [bug] DNSSEC verification of cached rdatasets was failing. + 44. [bug] Don't include authority data if it would force us + to unset the AD bit in the message. - 42. [cleanup] Simplified logging of messages with embedded domain - names by introducing a new convenience function - dns_name_format(). + 43. [bug] DNSSEC verification of cached rdatasets was failing. - 41. [func] Use PR_SET_KEEPCAPS on Linux 2.3.99-pre3 and later - to allow 'named' to run as a non-root user while - retaining the ability to bind() to privileged - ports. + 42. [cleanup] Simplified logging of messages with embedded domain + names by introducing a new convenience function + dns_name_format(). - 40. [func] Introduced new logging category "dnssec" and - logging module "dns/validator". + 41. [func] Use PR_SET_KEEPCAPS on Linux 2.3.99-pre3 and later + to allow 'named' to run as a non-root user while + retaining the ability to bind() to privileged + ports. - 39. [cleanup] Moved the typedefs for isc_region_t, isc_textregion_t, - and isc_lex_t to . + 40. [func] Introduced new logging category "dnssec" and + logging module "dns/validator". - 38. [bug] TSIG signed incoming zone transfers work now. + 39. [cleanup] Moved the typedefs for isc_region_t, isc_textregion_t, + and isc_lex_t to . - 37. [bug] If the first RR in an incoming zone transfer was - not an SOA, the server died with an assertion failure - instead of just reporting an error. + 38. [bug] TSIG signed incoming zone transfers work now. - 36. [cleanup] Change DNS_R_SUCCESS (and others) to ISC_R_SUCCESS + 37. [bug] If the first RR in an incoming zone transfer was + not an SOA, the server died with an assertion failure + instead of just reporting an error. - 35. [performance] Log messages which are of a level too high to be - logged by any channel in the logging configuration - will not cause the log mutex to be locked. + 36. [cleanup] Change DNS_R_SUCCESS (and others) to ISC_R_SUCCESS - 34. [bug] Recursion was allowed even with 'recursion no'. + 35. [performance] Log messages which are of a level too high to be + logged by any channel in the logging configuration + will not cause the log mutex to be locked. - 33. [func] The RBT now maintains a parent pointer at each node. + 34. [bug] Recursion was allowed even with 'recursion no'. - 32. [cleanup] bin/lwresd/client.c needs for memset() - prototype. + 33. [func] The RBT now maintains a parent pointer at each node. - 31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@. + 32. [cleanup] bin/lwresd/client.c needs for memset() + prototype. - 30. [func] config file grammer change to support optional - class type for a view. + 31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@. - 29. [func] support new config file view options: + 30. [func] config file grammer change to support optional + class type for a view. - auth-nxdomain recursion query-source - query-source-v6 transfer-source - transfer-source-v6 max-transfer-time-out - max-transfer-idle-out transfer-format - request-ixfr provide-ixfr cleaning-interval - fetch-glue notify rfc2308-type1 lame-ttl - max-ncache-ttl min-roots + 29. [func] support new config file view options: - 28. [func] support lame-ttl, min-roots and serial-queries - config global options. + auth-nxdomain recursion query-source + query-source-v6 transfer-source + transfer-source-v6 max-transfer-time-out + max-transfer-idle-out transfer-format + request-ixfr provide-ixfr cleaning-interval + fetch-glue notify rfc2308-type1 lame-ttl + max-ncache-ttl min-roots - 27. [bug] Only include on BSD/OS 4.[01]*. - Including it on other platforms (eg, NetBSD) can - cause a forced #error from the C preprocessor. + 28. [func] support lame-ttl, min-roots and serial-queries + config global options. - 26. [func] new match-clients statement in config file view. + 27. [bug] Only include on BSD/OS 4.[01]*. + Including it on other platforms (eg, NetBSD) can + cause a forced #error from the C preprocessor. - 25. [bug] make install failed to install and - . + 26. [func] new match-clients statement in config file view. - 24. [cleanup] Eliminate some unnecessary #includes of header - files from header files. + 25. [bug] make install failed to install and + . - 23. [cleanup] Provide more context in log messages about client - requests, using a new function ns_client_log(). + 24. [cleanup] Eliminate some unnecessary #includes of header + files from header files. - 22. [bug] SIGs weren't returned in the answer section when - the query resulted in a fetch. + 23. [cleanup] Provide more context in log messages about client + requests, using a new function ns_client_log(). - 21. [port] Look at STD_CINCLUDES after CINCLUDES during - compilation, so additional system include directories - can be searched but header files in the bind9 source - tree with conflicting names take precedence. This - avoids issues with installed versions of dnssafe and - openssl. + 22. [bug] SIGs weren't returned in the answer section when + the query resulted in a fetch. - 20. [func] Configuration file post-load validation of zones - failed if there were no zones. + 21. [port] Look at STD_CINCLUDES after CINCLUDES during + compilation, so additional system include directories + can be searched but header files in the bind9 source + tree with conflicting names take precedence. This + avoids issues with installed versions of dnssafe and + openssl. - 19. [bug] dns_zone_notifyreceive() failed to unlock the zone - lock in certain error cases. + 20. [func] Configuration file post-load validation of zones + failed if there were no zones. - 18. [bug] Use AC_TRY_LINK rather than AC_TRY_COMPILE in - configure.in to check for presence of in6addr_any. + 19. [bug] dns_zone_notifyreceive() failed to unlock the zone + lock in certain error cases. - 17. [func] Do configuration file post-load validation of zones. + 18. [bug] Use AC_TRY_LINK rather than AC_TRY_COMPILE in + configure.in to check for presence of in6addr_any. - 16. [bug] put quotes around key names on config file - output to avoid possible keyword clashes. + 17. [func] Do configuration file post-load validation of zones. - 15. [func] Add dns_name_dupwithoffsets(). This function is - improves comparison performance for duped names. + 16. [bug] put quotes around key names on config file + output to avoid possible keyword clashes. - 14. [bug] free_rbtdb() could have 'put' unallocated memory in - an unlikely error path. + 15. [func] Add dns_name_dupwithoffsets(). This function is + improves comparison performance for duped names. - 13. [bug] lib/dns/master.c and lib/dns/xfrin.c didn't ignore - out-of-zone data. + 14. [bug] free_rbtdb() could have 'put' unallocated memory in + an unlikely error path. - 12. [bug] Fixed possible unitialized variable error. + 13. [bug] lib/dns/master.c and lib/dns/xfrin.c didn't ignore + out-of-zone data. - 11. [bug] axfr_rrstream_first() didn't check the result code of - db_rr_iterator_first(), possibly causing an assertion - to be triggered later. + 12. [bug] Fixed possible unitialized variable error. - 10. [bug] A bug in the code which makes EDNS0 OPT records in - bin/named/client.c and lib/dns/resolver.c could - trigger an assertion. + 11. [bug] axfr_rrstream_first() didn't check the result code of + db_rr_iterator_first(), possibly causing an assertion + to be triggered later. - 9. [cleanup] replaced bit-setting code in confctx.c and replaced - repeated code with macro calls. + 10. [bug] A bug in the code which makes EDNS0 OPT records in + bin/named/client.c and lib/dns/resolver.c could + trigger an assertion. - 8. [bug] Shutdown of incoming zone transfer accessed - freed memory. + 9. [cleanup] replaced bit-setting code in confctx.c and replaced + repeated code with macro calls. - 7. [cleanup] removed 'listen-on' from view statement. + 8. [bug] Shutdown of incoming zone transfer accessed + freed memory. - 6. [bug] quote RR names when generating config file to - prevent possible clash with config file keywords - (such as 'key'). + 7. [cleanup] removed 'listen-on' from view statement. - 5. [func] syntax change to named.conf file: new ssu grant/deny - statements must now be enclosed by an 'update-policy' - block. + 6. [bug] quote RR names when generating config file to + prevent possible clash with config file keywords + (such as 'key'). - 4. [port] bin/named/unix/os.c didn't compile on systems with - linux 2.3 kernel includes due to conflicts between - C library includes and the kernel includes. We now - get only what we need from , and - avoid pulling in other linux kernel .h files. + 5. [func] syntax change to named.conf file: new ssu grant/deny + statements must now be enclosed by an 'update-policy' + block. - 3. [bug] TKEYs go in the answer section of responses, not - the additional section. + 4. [port] bin/named/unix/os.c didn't compile on systems with + linux 2.3 kernel includes due to conflicts between + C library includes and the kernel includes. We now + get only what we need from , and + avoid pulling in other linux kernel .h files. - 2. [bug] Generating cryptographic randomness failed on - systems without /dev/random. + 3. [bug] TKEYs go in the answer section of responses, not + the additional section. - 1. [bug] The installdirs rule in - lib/isc/unix/include/isc/Makefile.in had a typo which - prevented the isc directory from being created if it - didn't exist. + 2. [bug] Generating cryptographic randomness failed on + systems without /dev/random. - --- 9.0.0b2 released --- + 1. [bug] The installdirs rule in + lib/isc/unix/include/isc/Makefile.in had a typo which + prevented the isc directory from being created if it + didn't exist. + + --- 9.0.0b2 released --- # This tells Emacs to use hard tabs in this file. # Local Variables: