| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
1335. [bug] When performing a nonexistence proof, the validator
should discard parent NXTs from higher in the DNS.
1334. [bug] When signing/verifying rdatasets, duplicate rdatas
need to be suppressed.
1333. [contrib] queryperf now reports a summary of returned
rcodes (-c), rcodes are printed in mnemonic form (-v).
1332. [func] Report the current serial with periodic commits when
rolling forward the journal.
1331. [func] Generate DNSSEC wildcard proofs.
1330. [bug] When processing events (non-threaded) only allow
the task one chance to use to use its quantum.
1329. [func] named-checkzone will now check if nameservers that
appear to be IP addresses. Available modes "fail",
"warn" (default) and "ignore" the results of the
check.
1328. [bug] The validator could incorrectly verify an invalid
negative proof.
1327. [bug] The validator would incorrectly mark data as insecure
when seeing a bogus signature before a correct
signature.
1326. [bug] DNAME/CNAME signatures were not being cached when
validation was not being performed. [RT #3284]
1325. [bug] If the tcpquota was exhausted it was possible to
to trigger a INSIST() failure.
1324. [port] darwin: ifconfig.sh now supports darwin.
1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
1322. [bug] dnssec-signzone usage message was misleading.
1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
would incorrectly duplicate its output and sign it.
1320. [doc] query-source-v6 was missing from options section.
[RT #3218]
1319. [func] libbind: log attempts to exploit #1318.
1318. [bug] libbind: Remote buffer overrun.
1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
element name.
1316. [bug] libbind: gethostans() could get out of sync parsing
the response if there was a very long CNAME chain.
1315. [bug] Options should apply to the internal _bind view.
1314. [port] Handle ECONNRESET from sendmsg() [unix].
1313. [func] Query log now says if the query was signed (S) or
if EDNS was used (E).
1312. [func] Log TSIG key used w/ outgoing zone transfers.
1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
1310. [bug] 'rndc stop' failed to cause zones to be flushed
sometimes. [RT #3157]
1309. [func] Log that a zone transfer was covered by a TSIG.
1308. [func] DS (delegation signer) support.
1307. [bug] nsupdate: allow white space base64 key data.
1306. [bug] Badly encoded LOC record when the size, horizontal
precision or vertical precision was 0.1m.
1305. [bug] Document that internal zones are included in the
rndc status results.
1304. [func] New function: dns_zone_name().
1303. [func] Option 'flush-zones-on-shutdown <boolean>;'.
1302. [func] Extended rndc dumpdb to support dumping of zones and
view selection: 'dumpdb [-all|-zones|-cache] [view]'.
1301. [func] New category 'update-security'.
1300. [port] Compaq Trucluster support.
1299. [bug] Set AI_ADDRCONFIG when looking up addresses
via getaddrinfo() (affects dig, host, nslookup, rndc
and nsupdate).
1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
could be left with a trailing "\" after configure
has been run.
1297. [port] linux: make handling EINVAL from socket() no longer
conditional on #ifdef LINUX.
1296. [bug] isc_log_closefilelogs() needed to lock the log
context.
1295. [bug] isc_log_setdebuglevel() needed to lock the log
context.
1294. [func] libbind: no longer attempts bit string labels for
IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
for nibble style resolution.
1293. [func] Entropy can now be retrieved from EGDs. [RT #2438]
1292. [func] Enable IPv6 support when using ioctl style interface
scanning and OS supports SIOCGLIFADDR using struct
if_laddrreq.
1291. [func] Enable IPv6 support when using sysctl style interface
scanning.
1290. [func] "dig axfr" now reports the number of messages
as well as the number of records.
1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
reflect written requirements.
1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
a rdataset to a zone db in the rbtdb implementation of
addrdataset.
1286. [bug] dns_name_downcase() enforce requirement that
target != NULL or name->buffer != NULL.
1285. [func] lwres: probe the system to see what address families
are currently in use.
1284. [bug] The RTT estimate on unused servers was not aged.
[RT #2569]
1283. [func] Use "dataready" accept filter if available.
1282. [port] libbind: hpux 11.11 interface scaning.
1281. [func] Log zone when unable to get private keys to update
zone. Log zone when NXT records are missing from
secure zone.
1280. [bug] libbind: escape '(' and ')' when coverting to
presentation form.
1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
1278. [func] dig: now supports +[no]cl +[no]ttlid.
1277. [func] You can now create your own customised printing
styles: dns_master_stylecreate() and
dns_master_styledestroy().
1276. [bug] libbind: const pointer conficts in res_debug.c.
1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
1274. [bug] Memory leak in lwres_gnbarequest_parse().
1273. [port] libbind: solaris: 64 bit binary compatability.
1272. [contrib] Berkeley DB 4.0 sdb implementation from
Nuno Miguel Rodrigues <nmr@co.sapo.pt>.
1271. [bug] "recursion available: {denied,approved}" was too
confusing.
1270. [bug] Check that system inet_pton() and inet_ntop() support
AF_INET6.
1269. [port] Openserver: ifconfig.sh support.
1268. [port] Openserver: the value FD_SETSIZE depends on whether
<sys/param.h> is included or not. Be consistant.
1267. [func] isc_file_openunique() now creates file using mode
0666 rather than 0600.
1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
__ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
are not C++ compatible, use *_TYPE versions instead.
1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
1264. [placeholder]
1263. [bug] Reference after free error if dns_dispatchmgr_create()
failed.
1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
support for compressed TSIG owner names.
1260. [func] libbind: res_update can now update IPv6 servers,
new function res_findzonecut2().
1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
w/o sa_len.
1258. [bug] libbind: res_nametotype() and res_nametoclass() were
broken.
1257. [bug] Failure to write pid-file should not be fatal on
reload. [RT #2861]
1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
1255. [bug] When verifying that an NXT proves nonexistence, check
the rcode of the message and only do the matching NXT
check. That is, for NXDOMAIN responses, check that
the name is in the range between the NXT owner and
next name, and for NOERROR NODATA responses, check
that the type is not present in the NXT bitmap.
1254. [func] preferred-glue option from BIND 8.3.
1253. [bug] The dnssec system test failed to remove the correct
files.
1252. [bug] Dig, host and nslookup were not checking the address
the answer was coming from against the address it was
sent to. [RT# 2692]
1251. [port] win32: a make file contained absolute version specific
references.
1250. [func] Nsupdate will report the address the update was
sent to.
1249. [bug] Missing masters clause was not handled gracefully.
[RT #2703]
1248. [bug] DESTDIR was not being propogated between makes.
1247. [bug] Don't reset the interface index for link/site local
addresses. [RT #2576]
1246. [func] New functions isc_sockaddr_issitelocal(),
isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
and isc_netaddr_islinklocal().
1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
accept().
1244. [bug] Receiving a TCP message from a blackhole address would
prevent further messages being received over that
interface.
1243. [bug] It was possible to trigger a REQUIRE() in
dns_message_findtype(). [RT #2659]
1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
1241. [bug] Drop received UDP messsages with a zero source port
as these are invariably forged. [RT #2621]
1240. [bug] It was possible to leak zone references by
specifying an incorrect zone to rndc.
1239. [bug] Under certain circumstances named could continue to
use a name after it had been freed triggering
INSIST() failures. [RT #2614]
1238. [bug] It is possible to lockup the server when shutting down
if notifies were being processed. [RT #2591]
1237. [bug] nslookup: "set q=type" failed.
1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
NULL terminated text regions. [RT #2588]
1235. [func] Report 'out of memory' errors from openssl.
1234. [bug] contrib/sdb: 'zonetodb' failed to call
dns_result_register(). DNS_R_SEENINCLUDE should not
be fatal.
1233. [bug] The flags field of a KEY record can be expressed in
hex as well as decimal.
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
1229. [bug] named would crash if it received a TSIG signed
query as part of an AXFR response. [RT #2570]
1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
if a number was expected and some other token was
found. [RT#2532]
1226. [func] Use EDNS for zone refresh queries. [RT #2551]
1225. [func] dns_message_setopt() no longer requires that
dns_message_renderbegin() to have been called.
1224. [bug] 'rrset-order' and 'sortlist' should be additive
not exclusive.
1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
are supported.
1222. [bug] Specifying 'port *' did not always result in a system
selected (non-reserved) port being used. [RT #2537]
1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
compared case insensitively. [RT #2542]
1220. [func] Support for APL rdata type.
1219. [func] Named now reports the TSIG extended error code when
signature verification fails. [RT #1651]
1218. [bug] Named incorrectly returned SERVFAIL rather than
NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
1217. [func] Report locations of previous key definition when a
duplicate is detected.
1216. [bug] Multiple server clauses for the same server were not
reported. [RT #2514]
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
1214. [bug] Win32: isc_file_renameunique() could leave zero length
files behind.
1213. [func] Report view associated with client if it is not a
standard view (_default or _bind).
1212. [port] libbind: 64k answer buffers were causing stack space
to be exceeded for certain OS. Use heap space instead.
1211. [bug] dns_name_fromtext() incorrectly handled certain
valid octal bitlabels. [RT #2483]
1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
compatible addresses. [RT #2461]
1209. [bug] Dig, host, nslookup were not checking the message ids
on the responses. [RT #2454]
1208. [bug] dns_master_load*() failed to log a error message if
an error was detected when parsing the ownername of
a record. [RT #2448]
1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
an invalid pointer.
1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
trigger a non-EDNS retry.
1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
of the message. [RT #2449]
1204. [bug] libbind: res_nupdate() failed to update the name
server addresses before sending the update.
1203. [func] Report locations of previous acl and zone definitions
when a duplicate is detected.
1202. [func] New functions: cfg_obj_line() and cfg_obj_file().
1201. [bug] Require that if 'callbacks' is passed to
dns_rdata_fromtext(), callbacks->error and
callbacks->warn are initialized.
1200. [bug] Log 'errno' that we are unable to convert to
isc_result_t. [RT #2404]
1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
[RT #2436]
1198. [bug] OPT printing style was not consistant with the way the
header fields are printed. The DO bit was not reported
if set. Report if any of the MBZ bits are set.
1197. [bug] Attempts to define the same acl multiple times were not
detected.
1196. [contrib] update mdnkit to 2.2.3.
1195. [bug] Attempts to redefine builtin acls should be caught.
[RT #2403]
1194. [bug] Not all duplicate zone definitions were being detected
at the named.conf checking stage. [RT #2431]
1193. [bug] dig +besteffort parsing didn't handle packet
truncation. dns_message_parse() has new flag
DNS_MESSAGE_IGNORETRUNCATION.
1192. [bug] The seconds fields in LOC records were restricted
to three decimal places. More decimal places should
be allowed but warned about.
1191. [bug] A dynamic update removing the last non-apex name in
a secure zone would fail. [RT #2399]
1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands.
[RT #2394]
1189. [bug] On some systems, malloc(0) returns NULL, which
could cause the caller to report an out of memory
error. [RT #2398]
1188. [bug] Dynamic updates of a signed zone would fail if
some of the zone private keys were unavailable.
1187. [bug] named was incorrectly returning DNSSEC records
in negative responses when the DO bit was not set.
1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
EOL token when reading to end of line.
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
unless RES_INIT is set when calling res_*init().
1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
when res_*init() is called.
1183. [bug] Handle ENOSR error when writing to the internal
control pipe. [RT #2395]
1182. [bug] The server could throw an assertion failure when
constructing a negative response packet.
1181. [func] Add the "key-directory" configuration statement,
which allows the server to look for online signing
keys in alternate directories.
1180. [func] dnssec-keygen should always generate keys with
protocol 3 (DNSSEC), since it's less confusing
that way.
1179. [func] Add SIG(0) support to nsupdate.
1178. [func] Follow and cache (if appropriate) A6 and other
data chains to completion in the additional section.
1177. [func] Report view when loading zones if it is not a
standard view (_default or _bind). [RT #2270]
1176. [doc] Document that allow-v6-synthesis is only performed
for clients that are supplied recursive service.
[RT #2260]
1175. [bug] named-checkzone and named-checkconf failed to call
dns_result_register() at startup which could
result in runtime exceptions when printing
"out of memory" errors. [RT #2335]
1174. [bug] Win32: add WSAECONNRESET to the expected errors
from connect(). [RT #2308]
1173. [bug] Potential memory leaks in isc_log_create() and
isc_log_settag(). [RT #2336]
1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
table of RR types in ARM.
1171. [func] Added function isc_region_compare(), updated files in
lib/dns to use this function instead of local one.
1170. [bug] Don't attempt to print the token when a I/O error
occurs when parsing named.conf. [RT #2275]
1169. [func] Identify recursive queries in the query log.
1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
1167. [contrib] nslint-2.1a3 (from author).
1166. [bug] "Not Implemented" should be reported as NOTIMP,
not NOTIMPL. [RT #2281]
1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
1164. [bug] Empty masters clauses in slave / stub zones were not
handled gracefully. [RT #2262]
1163. [func] isc_time_formattimestamp() now includes the year.
1162. [bug] The allow-notify option was not accepted in slave
zone statements.
1161. [bug] named-checkzone looped on unbalanced brackets.
[RT #2248]
1160. [bug] Generating Diffie-Hellman keys longer than 1024
bits could fail. [RT #2241]
1159. [bug] MD and MF are not permitted to be loaded by RFC1123.
1158. [func] Report the client's address when logging notify
messages.
1157. [func] match-clients and match-destinations now accept
keys. [RT #2045]
1156. [port] The configure test for strsep() incorrectly
succeeded on certain patched versions of
AIX 4.3.3. [RT #2190]
1155. [func] Recover from master files being removed from under
us.
1154. [bug] Don't attempt to obtain the netmask of a interface
if there is no address configured. [RT #2176]
1153. [func] 'rndc {stop|halt} -p' now reports the process id
of the instance of named being shutdown.
1152. [bug] libbind: read buffer overflows.
1151. [bug] nslookup failed to check that the arguments to
the port, timeout, and retry options were
valid integers and in range. [RT #2099]
1150. [bug] named incorrectly accepted TTL values
containing plus or minus signs, such as
1d+1h-1s.
1149. [func] New function isc_parse_uint32().
1148. [func] 'rndc-confgen -a' now provides positive feedback.
1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by
the OS. listen-on-v6 { any; }; should no longer
result in IPv4 queries be accepted. Similarly
control { inet :: ... }; should no longer result
in IPv4 connections being accepted. This can be
overridden at compile time by defining
ISC_ALLOW_MAPPED=1.
1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
supported by the OS by a new function
isc_socket_ipv6only().
1145. [func] "host" no longer reports a NOERROR/NODATA response
by printing nothing. [RT #2065]
1144. [bug] rndc-confgen would crash if both the -a and -t
options were specified. [RT #2159]
1143. [bug] When a trusted-keys statement was present and named
was built without crypto support, it would leak memory.
1142. [bug] dnssec-signzone would fail to delete temporary files
in some failure cases. [RT #2144]
1141. [bug] When named rejected a control message, it would
leak a file descriptor and memory. It would also
fail to respond, causing rndc to hang.
[RT #2139, #2164]
1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
to the -s option. [RT #2138]
1139. [func] It is now possible to flush a given name from the
cache(s) via 'rndc flushname name [view]'. [RT #2051]
1138. [func] It is now possible to flush a given name from the
cache by calling the new function
dns_cache_flushname().
1137. [func] It is now possible to flush a given name from the
ADB by calling the new function dns_adb_flushname().
1136. [bug] CNAME records synthesized from DNAMEs did not
have a TTL of zero as required by RFC2672.
[RT #2129]
1135. [func] You can now override the default syslog() facility for
named/lwresd at compile time. [RT #1982]
1134. [bug] Multithreaded servers could deadlock in ferror()
when reloading zone files. [RT #1951, #1998]
1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on
platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]
1132. [func] Improve UPDATE prerequisite failure diagnotic messages.
1131. [bug] The match-destinations view option did not work with
IPv6 destinations. [RT #2073, #2074]
1130. [bug] Log messages reporting an out-of-range serial number
did not include the out-of-range number but the
following token. [RT #2076]
1129. [bug] Multithreaded servers could crash under heavy
resolution load due to a race condition. [RT #2018]
1128. [func] sdb drivers can now provide RR data in either text
or wire format, the latter using the new functions
dns_sdb_putrdata() and dns_sdb_putnamedrdata().
1127. [func] rndc: If the server to contact has multiple addresses,
try all of them.
1126. [bug] The server could access a freed event if shut
down while a client start event was pending
delivery. [RT #2061]
1125. [bug] rndc: -k option was missing from usage message.
[RT #2057]
1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
are now documented. [RT #2052]
1123. [bug] dig +[no]fail did not match description. [RT #2052]
1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
[RT #2046]
1121. [bug] The server could attempt to access a NULL zone
table if shut down while resolving.
[RT #1587, #2054]
1120. [bug] Errors in options were not fatal. [RT #2002]
1119. [func] Added support in Win32 for NTFS file/directory ACL's
for access control.
1118. [bug] On multithreaded servers, a race condition
could cause an assertion failure in resolver.c
during resolver shutdown. [RT #2029]
1117. [port] The configure check for in6addr_loopback incorrectly
succeeded on AIX 4.3 when compiling with -O2
because the test code was optimized away.
[RT #2016]
1116. [bug] Setting transfers in a server clause, transfers-in,
or transfers-per-ns to a value greater than
2147483647 disabled transfers. [RT #2002]
1115. [func] Set maximum values for cleaning-interval,
heartbeat-interval, interface-interval,
max-transfer-idle-in, max-transfer-idle-out,
max-transfer-time-in, max-transfer-time-out,
statistics-interval of 28 days and
sig-validity-interval of 3660 days. [RT #2002]
1114. [port] Ignore more accept() errors. [RT #2021]
1113. [bug] The allow-update-forwarding option was ignored
when specified in a view. [RT #2014]
1112. [placeholder]
1111. [bug] Multithreaded servers could deadlock processing
recursive queries due to a locking hieararchy
violation in adb.c. [RT #2017]
1110. [bug] dig should only accept valid abbreviations of +options.
[RT #2003]
1109. [bug] nsupdate accepted illegal ttl values.
1108. [bug] On Win32, rndc was hanging when named was not running
due to failure to select for exceptional conditions
in select(). [RT #1870]
1107. [bug] nsupdate could catch an assertion failure if an
invalid domain name was given as the argument to
the "zone" command.
1106. [bug] After seeing an out of range TTL, nsupdate would
treat all TTLs as out of range. [RT #2001]
1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
1104. [bug] Invalid arguments to the transfer-format option
could cause an assertion failure. [RT #1995]
1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
1102. [doc] Note that query logging is enabled by directing the
queries category to a channel.
1101. [bug] Array bounds read error in lwres_gai_strerror.
1100. [bug] libbind: DNSSEC key ids were computed incorrectly.
1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
compile time errors.
1098. [bug] libbind: HMAC-MD5 key files are now mode 0600.
1097. [func] libbind: RES_PRF_TRUNC for dig.
1096. [func] libbind: "DNSSEC OK" (DO) support.
1095. [func] libbind: resolver option: no-tld-query. disables
trying unqualified as a tld. no_tld_query is also
supported for FreeBSD compatability.
1094. [func] libbind: add support gcc's format string checking.
1093. [doc] libbind: miscellaneous nroff fixes.
1092. [bug] libbind: get*by*() failed to check if res_init() had
been called.
1091. [bug] libbind: misplaced va_end().
1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
the amount of memory consumed resulting in garbage
address being returned. Alignment calculations were
wasting space. We weren't suppressing duplicate
addresses.
1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
support.
1088. [port] libbind: MPE/iX C.70 (incomplete)
1087. [bug] libbind: struct __res_state too large on 64 bit arch.
1086. [port] libbind: sunos: old sprintf.
1085. [port] libbind: solaris: sys_nerr and sys_errlist do not
exist when compiling in 64 bit mode.
1084. [cleanup] libbind: gai_strerror() re-written.
1083. [bug] The default control channel listened on the
wildcard adress, not the loopback as documented.
[RT #1975]
1082. [bug] The -g option to named incorrectly caused logging
to be sent to syslog in addition to stderr.
[RT #1974]
1081. [bug] Multicast queries were incorrectly identified
based on the source address, not the destination
address.
1080. [bug] BIND 8 compatibility: accept bare IP prefixes
as the second element of a two-element top level
sort list statement. [RT #1964]
1079. [bug] BIND 8 compatibility: accept bare elements at top
level of sort list treating them as if they were
a single element list. [RT #1963]
1078. [bug] We failed to correct bad tv_usec values in one case.
[RT #1966]
1077. [func] Do not accept further recursive clients when
the total number of of recursive lookups being
processed exceeds max-recursive-clients, even
if some of the lookups are internally generated.
[RT #1915, #1938]
1076. [bug] A badly defined global key could trigger an assertion
on load/reload if views were used. [RT #1947]
1075. [bug] Out-of-range network prefix lengths were not
reported. [RT #1954]
1074. [bug] Running out of memory in dump_rdataset() could
cause an assertion failure. [RT #1946]
1073. [bug] The ADB cache cleaning should also be space driven.
[RT #1915, #1938]
1072. [bug] The TCP client quota could be exceeded when
recursion occurred. [RT #1937]
1071. [bug] Sockets listening for TCP DNS connections
specified an excessive listen backlog. [RT #1937]
1070. [bug] Copy DNSSEC OK (DO) to response as specified by
draft-ietf-dnsext-dnssec-okbit-03.txt.
1069. [placeholder]
1068. [bug] errno could be overwritten by catgets(). [RT #1921]
1067. [func] Allow quotas to be soft, isc_quota_soft().
1066. [bug] Provide a thread safe wrapper for strerror().
[RT #1689]
1065. [func] Runtime support to select new / old style interface
scanning using ioctls.
1064. [bug] Do not shut down active network interfaces if we
are unable to scan the interface list. [RT #1921]
1063. [bug] libbind: "make install" was failing on IRIX.
[RT #1919]
1062. [bug] If the control channel listener socket was shut
down before server exit, the listener object could
be freed twice. [RT #1916]
1061. [bug] If periodic cache cleaning happened to start
while cleaning due to reaching the configured
maximum cache size was in progress, the server
could catch an assertion failure. [RT #1912]
1060. [func] Move refresh, stub and notify UDP retry processing
into dns_request.
1059. [func] dns_request now support will now retry UDP queries,
dns_request_createvia2() and dns_request_createraw2().
1058. [func] Limited lifetime ticker timers are now available,
isc_timertype_limited.
1057. [bug] Reloading the server after adding a "file" clause
to a zone statement could cause the server to
crash due to a typo in change 1016.
1056. [bug] Rndc could catch an assertion failure on SIGINT due
to an uninitialized variable. [RT #1908]
1055. [func] Version and hostname queries can now be disabled
using "version none;" and "hostname none;",
respectively.
1054. [bug] On Win32, cfg_categories and cfg_modules need to be
exported from the libisccfg DLL.
1053. [bug] Dig did not increase its timeout when receiving
AXFRs unless the +time option was used. [RT #1904]
1052. [bug] Journals were not being created in binary mode
resulting in "journal format not recognized" error
under Win32. [RT #1889]
1051. [bug] Do not ignore a network interface completely just
because it has a noncontiguous netmask. Instead,
omit it from the localnets ACL and issue a warning.
[RT #1891]
1050. [bug] Log messages reporting malformed IP addresses in
address lists such as that of the forwarders option
failed to include the correct error code, file
name, and line number. [RT #1890]
1049. [func] "pid-file none;" will disable writing a pid file.
[RT #1848]
1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
didn't work.
1047. [bug] named was incorrectly refusing all requests signed
with a TSIG key derived from an unsigned TKEY
negotiation with a NOERROR response. [RT #1886]
1046. [bug] The help message for the --with-openssl configure
option was inaccurate. [RT #1880]
1045. [bug] It was possible to skip saving glue for a nameserver
for a stub zone.
1044. [bug] Specifying allow-transfer, notify-source, or
notify-source-v6 in a stub zone was not treated
as an error.
1043. [bug] Specifying a transfer-source or transfer-source-v6
option in the zone statement for a master zone was
not treated as an error. [RT #1876]
1042. [bug] The "config" logging category did not work properly.
[RT #1873]
1041. [bug] Dig/host/nslookup could catch an assertion failure
on SIGINT due to an uninitialized variable. [RT #1867]
1040. [bug] Multiple listen-on-v6 options with different ports
were not accepted. [RT #1875]
1039. [bug] Negative responses with CNAMEs in the answer section
were cached incorrectly. [RT #1862]
1038. [bug] In servers configured with a tkey-domain option,
TKEY queries with an owner name other than the root
could cause an assertion failure. [RT #1866, #1869]
1037. [bug] Negative responses whose authority section contain
SOA or NS records whose owner names are not equal
equal to or parents of the query name should be
rejected. [RT #1862]
1036. [func] Silently drop requests received via multicast as
long as there is no final multicast DNS standard.
1035. [bug] If we respond to multicast queries (which we
currently do not), respond from a unicast address
as specified in RFC 1123. [RT #137]
1034. [bug] Ignore the RD bit on multicast queries as specified
in RFC 1123. [RT #137]
1033. [bug] Always respond to requests with an unsupported opcode
with NOTIMP, even if we don't have a matching view
or cannot determine the class.
1032. [func] hostname.bind/txt/chaos now returns the name of
the machine hosting the nameserver. This is useful
in diagnosing problems with anycast servers.
1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
[RT #1858]
1030. [bug] On systems with no resolv.conf file, nsupdate
exited with an error rather than defaulting
to using the loopback address. [RT #1836]
1029. [bug] Some named.conf errors did not cause the loading
of the configuration file to return a failure
status even though they were logged. [RT #1847]
1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf
in the wrong directory. [RT #1833]
1027. [bug] RRs having the reserved type 0 should be rejected.
[RT #1471]
1026. [placeholder]
1025. [bug] Don't use multicast addresses to resolve iterative
queries. [RT #101]
1024. [port] Compilation failed on HP-UX 11.11 due to
incompatible use of the SIOCGLIFCONF macro
name. [RT #1831]
1023. [func] Accept hints without TTLs.
1022. [bug] Don't report empty root hints as "extra data".
[RT #1802]
1021. [bug] On Win32, log message timestamps were one month
later than they should have been, and the server
would exhibit unspecified behavior in December.
1020. [bug] IXFR log messages did not distinguish between
true IXFRs, AXFR-style IXFRs, and mere version
polls. [RT #1811]
1019. [bug] The value of the lame-ttl option was limited to 18000
seconds, not 1800 seconds as documented. [RT #1803]
1018. [bug] The default log channel was not always initialized
correctly. [RT #1813]
1017. [bug] When specifying TSIG keys to dig and nsupdate using
the -k option, they must be HMAC-MD5 keys. [RT #1810]
1016. [bug] Slave zones with no backup file were re-transferred
on every server reload.
1015. [bug] Log channels that had a "versions" option but no
"size" option failed to create numbered log
files. [RT #1783]
1014. [bug] Some queries would cause statistics counters to
increment more than once or not at all. [RT #1321]
1013. [bug] It was possible to cancel a query twice when marking
a server as bogus or by having a blackhole acl.
[RT #1776]
1012. [bug] The -p option to named did not behave as documented.
1011. [cleanup] Removed isc_dir_current().
1010. [bug] The server could attempt to execute a command channel
command after initiating server shutdown, causing
an assertion failure. [RT #1766]
1009. [port] OpenUNIX 8 support. [RT #1728]
1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2.
1007. [port] config.guess, config.sub from autoconf-2.52.
1006. [bug] If a KEY RR was found missing during DNSSEC validation,
an assertion failure could subsequently be triggered
in the resolver. [RT #1763]
1005. [bug] Don't copy nonzero RCODEs from request to response.
[RT #1765]
1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770]
1003. [func] Add the +retry option to dig.
1002. [bug] When reporting an unknown class name in named.conf,
including the file name and line number. [RT #1759]
1001. [bug] win32 socket code doio_recv was not catching a
WSACONNRESET error when a client was timing out
the request and closing its socket. [RT #1745]
1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias
for class "HS". [RT #1759]
999. [func] "rndc retransfer zone [class [view]]" added.
[RT #1752]
998. [func] named-checkzone now has arguments to specify the
chroot directory (-t) and working directory (-w).
[RT #1755]
997. [func] Add support for RSA-SHA1 keys (RFC3110).
996. [func] Issue warning if the configuration filename contains
the chroot path.
995. [bug] dig, host, nslookup: using a raw IPv6 address as a
target address should be fatal on a IPv4 only system.
994. [func] Treat non-authoritative responses to queries for type
NS as referrals even if the NS records are in the
answer section, because BIND 8 servers incorrectly
send them that way. This is necessary for DNSSEC
validation of the NS records of a secure zone to
succeed when the parent is a BIND 8 server. [RT #1706]
993. [func] dig: -v now reports the version.
992. [doc] dig: ~/.digrc is now documented.
991. [func] Lower UDP refresh timeout messages to level
debug 1.
990. [bug] The rndc-confgen man page was not installed.
989. [bug] Report filename if $INCLUDE fails for file related
errors. [RT #1736]
988. [bug] 'additional-from-auth no;' did not work reliably
in the case of queries answered from the cache.
[RT #1436]
987. [bug] "dig -help" didn't show "+[no]stats".
986. [bug] "dig +noall" failed to clear stats and command
printing.
985. [func] Consider network interfaces to be up iff they have
a nonzero IP address rather than based on the
IFF_UP flag. [RT #1160]
984. [bug] Multithreading should be enabled by default on
Solaris 2.7 and newer, but it wasn't.
983. [func] The server now supports generating IXFR difference
sequences for non-dynamic zones by comparing zone
versions, when enabled using the new config
option "ixfr-from-differences". [RT #1727]
982. [func] If "memstatistics-file" is set in options the memory
statistics will be written to it.
981. [func] The dnssec tools can now take multiple '-r randomfile'
arguments.
980. [bug] Incoming zone transfers restarting after an error
could trigger an assertion failure. [RT #1692]
979. [func] Incremental master file dumping. dns_master_dumpinc(),
dns_master_dumptostreaminc(), dns_dumpctx_attach(),
dns_dumpctx_detach(), dns_dumpctx_cancel(),
dns_dumpctx_db() and dns_dumpctx_version().
978. [bug] dns_db_attachversion() had an invalid REQUIRE()
condition.
977. [bug] Improve "not at top of zone" error message.
976. [func] named-checkconf can now test load master zones
(named-checkconf -z). [RT #1468]
975. [bug] "max-cache-size default;" as a view option
caused an assertion failure.
974. [bug] "max-cache-size unlimited;" as a global option
was not accepted.
973. [bug] Failed to log the question name when logging:
"bad zone transfer request: non-authoritative zone
(NOTAUTH)".
972. [bug] The file modification time code in zone.c was using the
wrong epoch. [RT #1667]
971. [placeholder]
970. [func] 'max-journal-size' can now be used to set a target
size for a journal.
969. [func] dig now supports the undocumented dig 8 feature
of allowing arbitrary labels, not just dotted
decimal quads, with the -x option. This can be
used to conveniently look up RFC2317 names as in
"dig -x 10.0.0.0-127". [RT #827, #1576, #1598]
968. [bug] On win32, the isc_time_now() function was unnecessarily
calling strtime(). [RT #1671]
967. [bug] On win32, the link for bindevt was not including the
required resource file to enable the event viewer
to interpret the error messages in the event log,
[RT #1668]
966. [placeholder]
965. [bug] Including data other than root server NS and A
records in the root hint file could cause a rbtdb
node reference leak. [RT #1581, #1618]
964. [func] Warn if data other than root server NS and A records
are found in the root hint file. [RT #1581, #1618]
963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
962. [bug] libbind: bad "#undef", don't attempt to install
non-existant nlist.h. [RT #1640]
961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
was not defined. [RT #1482]
960. [port] liblwres failed to build on systems with support for
getrrsetbyname() in the OS. [RT #1592]
959. [port] On FreeBSD, determine the number of CPUs by calling
sysctlbyname(). [RT #1584]
958. [port] ssize_t is not available on all platforms. [RT #1607]
957. [bug] sys/select.h inclusion was broken on older platforms.
[RT #1607]
956. [bug] ns_g_autorndcfile changed to ns_g_keyfile
in named/win32/os.c due to code changes in
change #953. win32 .make file for rndc-confgen
updated to add include path for os.h header.
|
|
|
|
|
|
|
|
--- 9.2.1rc2 released ---
1240. [bug] It was possible to leak zone references by
specifying an incorrect zone to rndc.
1239. [bug] Under certain circumstances named could continue to
use a name after it had been freed triggering
INSIST() failures. [RT #2614]
1238. [bug] It is possible to lockup the server when shutting down
if notifies are being processed. [RT #2591]
1237. [bug] nslookup: "set q=type" failed.
1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
NULL terminated text regions. [RT #2588]
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
1229. [bug] named would crash if it received a TSIG signed
query as part of an AXFR response. [RT #2570]
1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
if a number was expected and some other token was
found. [RT#2532]
1222. [bug] Specifying 'port *' did not always result in a system
selected (non-reserved) port being used. [RT #2537]
1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
compared case insensitively. [RT #2542]
1218. [bug] Named incorrectly returned SERVFAIL rather than
NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
1216. [bug] Multiple server clauses for the same server were not
reported. [RT #2514]
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
1214. [bug] Win32: isc_file_renameunique() could leave zero length
files behind.
1212. [port] libbind: 64k answer buffers were causing stack space
to be exceeded for certian OS. Use heap space instead.
1211. [bug] dns_name_fromtext() incorrectly handled certain
valid octal bitlabels. [RT #2483]
1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
compatible addresses. [RT #2461]
1208. [bug] dns_master_load*() failed to log a error message if
an error was detected when parsing the ownername of
a record. [RT #2448]
|
|
--- 9.2.1rc1 released ---
1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
an invalid pointer.
1206. [bug] SERVFAIL and NOTIMP responses to a EDNS should trigger
a non-EDNS retry.
1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
of the message. [RT #2449]
1204. [bug] libbind: res_nupdate() failed to update the name
server addresses before sending the update.
1201. [bug] Require that if 'callbacks' is passed to
dns_rdata_fromtext(), callbacks->error and
callbacks->warn are initialized.
1200. [bug] Log 'errno' that we are unable to convert to
isc_result_t. [RT #2404]
1198. [bug] OPT printing style was not consistant with the way the
header fields are printed. The DO bit was not reported
if set. Report if any of the MBZ bits are set.
1197. [bug] Attempts to define the same acl multiple times were not
detected.
1196. [contrib] update mdnkit to 2.2.3.
1195. [bug] Attempts to redefine builtin acls should be caught.
[RT #2403]
1194. [bug] Not all duplicate zone definitions were being detected
at the named.conf checking stage. [RT #2431]
1193. [bug] Best effort parsing didn't handle packet truncation.
1191. [bug] A dynamic update removing the last non-apex name in
a secure zone would fail. [RT #2399]
1189. [bug] On some systems, malloc(0) returns NULL, which
could cause the caller to report an out of memory
error. [RT #2398]
1188. [bug] Dynamic updates of a signed zone would fail if
some of the zone private keys were unavailable.
1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
EOL token when reading to end of line.
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
unless RES_INIT is set when calling res_*init().
1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
when res_*init() is called.
1183. [bug] Handle ENOSR error when writing to the internal
control pipe. [RT #2395]
1182. [bug] The server could throw an assertion failure when
constructing a negative response packet.
1176. [doc] Document that allow-v6-synthesis is only performed
for clients that are supplied recursive service.
[RT #2260]
1175. [bug] named-checkzone failed to call dns_result_register()
at startup which could result in runtime
exceptions when printing "out of memory" errors.
[RT #2335]
1174. [bug] Win32: add WSAECONNRESET to the expected errors
from connect(). [RT #2308]
1173. [bug] Potential memory leaks in isc_log_create() and
isc_log_settag(). [RT #2336]
1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
table of RR types in ARM.
1170. [bug] Don't attempt to print the token when a I/O error
occurs when parsing named.conf. [RT #2275]
1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
1167. [contrib] nslint-2.1a3 (from author).
1166. [bug] "Not Implemented" should be reported as NOTIMP,
not NOTIMPL. [RT #2281]
1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
1164. [bug] Empty masters clauses in slave / stub zones were not
handled gracefully. [RT #2262]
1162. [bug] The allow-notify option was not accepted in slave
zone statements.
1161. [bug] named-checkzone looped on unbalanced brackets.
[RT #2248]
1160. [bug] Generating Diffie-Hellman keys longer than 1024
bits could fail. [RT #2241]
1156. [port] The configure test for strsep() incorrectly
succeeded on certain patched versions of
AIX 4.3.3. [RT #2190]
1154. [bug] Don't attempt to obtain the netmask of a interface
if there is no address configured. [RT #2176]
1152. [bug] libbind: read buffer overflows.
1144. [bug] rndc-confgen would crash if both the -a and -t
options were specified. [RT #2159]
1142. [bug] dnssec-signzone would fail to delete temporary files
in some failure cases. [RT #2144]
1141. [bug] When named rejected a control message, it would
leak a file descriptor and memory. It would also
fail to respond, causing rndc to hang.
[RT #2139, #2164]
1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
to the -s option. [RT #2138]
1136. [bug] CNAME records synthesized from DNAMEs did not
have a TTL of zero as required by RFC2672.
[RT #2129]
1125. [bug] rndc: -k option was missing from usage message.
[RT #2057]
1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
are now documented. [RT #2052]
1123. [bug] dig +[no]fail did not match description. [RT #2052]
1109. [bug] nsupdate accepted illegal ttl values.
1108. [bug] On Win32, rndc was hanging when named was not running
due to failure to select for exceptional conditions
in select(). [RT #1870]
1081. [bug] Multicast queries were incorrectly identified
based on the source address, not the destination
address.
1072. [bug] The TCP client quota could be exceeded when
recursion occurred. [RT #1937]
1071. [bug] Sockets listening for TCP DNS connections
specified an excessive listen backlog. [RT #1937]
1070. [bug] Copy DNSSEC OK (DO) to response as specified by
draft-ietf-dnsext-dnssec-okbit-03.txt.
1014. [bug] Some queries would cause statistics counters to
increment more than once or not at all. [RT #1321]
1012. [bug] The -p option to named did not behave as documented.
988. [bug] 'additional-from-auth no;' did not work reliably
in the case of queries answered from the cache.
[RT #1436]
995. [bug] dig, host, nslookup: using a raw IPv6 address as a
target address should be fatal on a IPv4 only system.
|
|
(will overwrite net/bind9 by net/bind9-current)
|
|
change summary from ISC announcement:
Several bugs in 9.2.0rc9 have been fixed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
release note for details.
|
|
|
|
bug fixes.
|
|
work/*/HISTORY indicates the full change history. basically bug fixes.
|
|
--- 9.2.0a2 released ---
899. [bug] lib/dns/soa.c failed to compile on many platforms
due to inappropriate use of a void value.
[RT #1372, #1373, #1386, #1387, #1395]
898. [bug] "dig" failed to set a nonzero exit status
on UDP query timeout. [RT #1323]
897. [bug] A config.guess update changed the system identification
string of UnixWare systems; configure now recognizes
the new string.
896. [bug] If a configuration file is set on named's command line
and it has a relative pathname, the current directory
(after any possible jailing resulting from named -t)
will be prepended to it so that reloading works
properly even when a directory option is present.
895. [func] New function, isc_dir_current(), akin to POSIX's
getcwd().
894. [bug] When using the DNSSEC tools, a message intended to warn
when the keyboard was being used because of the lack
of a suitable random device was not being printed.
893. [func] Removed isc_file_test() and added isc_file_exists()
for the basic functionality that was being added
with isc_file_test().
892. [placeholder]
891. [bug] Return an error when a SIG(0) signed response to
an unsigned query is seen. This should actually
do the verification, but it's not currently
possible. [RT #1391]
890. [cleanup] The man pages no longer require the mandoc macros
and should now format cleanly using most versions of
nroff, and HTML versions of the man pages have been
added. Both are generated from DocBook source.
889. [port] Eliminated blank lines before .TH in nroff man
pages since they cause problems with some versions
of nroff. [RT #1390]
888. [bug] Don't die when using TKEY to delete a nonexistent
TSIG key. [RT #1392]
887. [port] Detect broken compilers that can't call static
functions from inline functions. [RT #1212]
866. [func] Close debug only file channels when debug is set to
zero. [RT #1246]
865. [bug] The new configuration parser did not allow
the optional debug level in a "severity debug"
clause of a logging channel to be omitted.
This is now allowed and treated as "severity
debug 1;" like it does in BIND 8.2.4, not as
"severity debug 0;" like it did in BIND 9.1.
[RT #1367]
864. [cleanup] Multithreading is now enabled by default on
OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.
863. [bug] If an error occurred while an outgoing zone transfer
was starting up, the server could access a domain
name that had already been freed when logging a
message saying that the transfer was starting.
[RT #1383]
862. [bug] Use after realloc(), non portable pointer arithmetic in
grmerge().
861. [port] Add support for Mac OS X, by making it equivalent
to Darwin. This was derived from the config.guess
file shipped with Mac OS X. [RT #1355]
860. [func] Drop cross class glue in zone transfers.
859. [bug] Cache cleaning now won't swamp the CPU if there
is a persistent overlimit condition.
858. [func] isc_mem_setwater() no longer requires that when the
callback function is non-NULL then its hi_water
argument must be greater than its lo_water argument
(they can now be equal) or that they be non-zero.
857. [cleanup] Use ISC_MAGIC() to define all magic numbers for
structs, for our friends in EBCDIC-land.
856. [func] Allow partial rdatasets to be returned in answer and
authority sections to help non-TCP capable clients
recover from truncation. [RT #1301]
855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings.
854. [bug] The config parser didn't properly handle config
options that were specified in units of time other
than seconds. [RT #1372]
853. [bug] configure_view_acl() failed to detach existing acls.
[RT #1374]
852. [bug] Handle responses from servers which do not know
about IXFR.
851. [cleanup] The obsolete support-ixfr option was not properly
ignored.
|
|
--- 9.2.0a1 released ---
850. [bug] dns_rbt_findnode() would not find nodes that were
split on a bitstring label somewhere other than in
the last label of the node. [RT #1351]
849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
848. [func] A minimum max-cache-size of two megabytes is enforced
by the cache cleaner.
847. [func] Added isc_file_test(), which currently only has
some very basic functionality to test for the
existence of a file, whether a pathname is absolute,
or whether a pathname is the fundamental representation
of the current directory. It is intended that this
function can be expanded to test other things a
programmer might want to know about a file.
846. [func] A non-zero 'param' do dst_key_generate() when making an
hmac-md5 key means that good entropy is not required.
845. [bug] The access rights on the public file of a symmetric
key are now restricted as soon as the file is opened,
rather than after it has been written and closed.
844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
just as <lwres/net.h> does.
843. [func] If no controls statement is present in named.conf,
or if any inet phrase of a controls statement is
lacking a keys clause, then a key will be automatically
generated by named and an rndc.conf-style file
named named.key will be written that uses it. rndc
will use this file only if its normal configuration
file, or one provided on the command line, does not
exist.
842. [func] 'rndc flush' now takes an optional view.
841. [bug] When sdb modules were not declared threadsafe, their
create and destroy functions were not serialized.
840. [bug] The config file parser could print the wrong file
name if an error was detected after an included file
was parsed. [RT #1353]
839. [func] Dump packets for which there was no view or that the
class could not be determined to category "unmatched".
838. [port] UnixWare 7.x.x is now suported by
bin/tests/system/ifconfig.sh.
837. [cleanup] Multithreading is now enabled by default only on
OSF1, Solaris 2.7 and newer, and AIX.
836. [func] Upgraded libtool to 1.4.
835. [bug] The dispatcher could enter a busy loop if
it got an I/O error receiving on a UDP socket.
[RT #1293]
834. [func] Accept (but warn about) master files beginning with
an SOA record without an explicit TTL field and
lacking a $TTL directive, by using the SOA MINTTL
as a default TTL. This is for backwards compatibility
with old versions of BIND 8, which accepted such
files without warning although they are illegal
according to RFC1035.
833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
<dns/soa.h>, and extended them to support
all the integer-valued fields of the SOA RR.
832. [bug] The default location for named.conf in named-checkconf
should depend on --sysconfdir like it does in named.
[RT #1258]
831. [placeholder]
830. [func] Implement 'rndc status'.
829. [bug] The DNS_R_ZONECUT result code should only be returned
when an ANY query is made with DNS_DBFIND_GLUEOK set.
In all other ANY query cases, returning the delegation
is better.
828. [bug] The errno value from recvfrom() could be overwritten
by logging code. [RT #1293]
827. [bug] When an IXFR protocol error occurs, the slave
should retry with AXFR.
826. [bug] Some IXFR protocol errors were not detected.
825. [bug] zone.c:ns_query() detached from the wrong zone
reference. [RT #1264]
824. [bug] Correct line numbers reported by dns_master_load().
[RT #1263]
823. [func] The output of "dig -h" now goes to stdout so that it
can easily be piped through "more". [RT #1254]
822. [bug] Sending nxrrset prerequisites would crash nsupdate.
[RT #1248]
821. [bug] The program name used when logging to syslog should
be stripped of leading path components.
[RT #1178, #1232]
820. [bug] Name server address lookups failed to follow
A6 chains into the glue of local authoritative
zones.
819. [bug] In certain cases, the resolver's attempts to
restart an address lookup at the root could cause
the fetch to deadlock (with itself) instead of
restarting. [RT #1225]
818. [bug] Certain pathological responses to ANY queries could
cause an assertion failure. [RT #1218]
817. [func] Adjust timeouts for dialup zone queries.
816. [bug] Report potential problems with log file accessibility
at configuration time, since such problems can't
reliably be reported at the time they actually occur.
815. [bug] If a log file was specified with a path separator
character (i.e. "/") in its name and the directory
did not exist, the log file's name was treated as
though it were the directory name. [RT #1189]
814. [bug] Socket objects left over from accept() failures
were incorrectly destroyed, causing corruption
of socket manager data structures.
813. [bug] File descriptors exceeding FD_SETSIZE were handled
badly. [RT #1192]
812. [bug] dig sometimes printed incomplete IXFR responses
due to an uninitialized variable. [RT #1188]
811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
810. [bug] The signer name in SIG records was not properly
downcased when signing/verifying records. [RT #1186]
809. [bug] Configuring a non-local address as a transfer-source
could cause an assertion failure during load.
808. [func] Add 'rndc flush' to flush the server's cache.
807. [bug] When setting up TCP connections for incoming zone
transfers, the transfer-source port was not
ignored like it should be.
806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
the calling stack to the zone maintence level, causing
zones to not reload when an included file was touched
but the top-level zone file was not.
805. [bug] When using "forward only", missing root hints should
not cause queries to fail. [RT #1143]
804. [bug] Attempting to obtain entropy could fail in some
situations. This would be most common on systems
with user-space threads. [RT #1131]
803. [bug] Treat all SIG queries as if they have the CD bit set,
otherwise no data will be returned [RT #749]
802. [bug] DNSSEC key tags were computed incorrectly in almost
all cases. [RT #1146]
801. [bug] nsupdate should treat lines beginning with ';' as
comments. [RT #1139]
800. [bug] dnssec-signzone produced incorrect statistics for
large zones. [RT #1133]
799. [bug] The ADB didn't find AAAA glue in a zone unless A6
glue was also present.
798. [bug] nsupdate should be able to reject bad input lines
and continue. [RT #1130]
797. [func] Issue a warning if the 'directory' option contains
a relative path. [RT #269]
796. [func] When a size limit is associated with a log file,
only roll it when the size is reached, not every
time the log file is opened. [RT #1096]
795. [func] Add the +multiline option to dig. [RT #1095]
794. [func] Implement the "port" and "default-port" statements
in rndc.conf.
793. [cleanup] The DNSSEC tools could create filenames that were
illegal or contained shell metacharacters. They
now use a different text encoding of names that
doesn't have these problems. [RT #1101]
792. [cleanup] Replace the OMAPI command channel protocol with a
simpler one.
791. [bug] The command channel now works over IPv6.
790. [bug] Wildcards created using dynamic update or IXFR
could fail to match. [RT #1111]
789. [bug] The "localhost" and "localnets" ACLs did not match
when used as the second element of a two-element
sortlist item.
788. [func] Add the "match-mapped-addresses" option, which
causes IPv6 v4mapped addresses to be treated as
IPv4 addresses for the purpose of acl matching.
787. [bug] The DNSSEC tools failed to downcase domain
names when mapping them into file names.
786. [bug] When DNSSEC signing/verifying data, owner names were
not properly downcased.
785. [bug] A race condition in the resolver could cause
an assertion failure. [RT #673, #872, #1048]
784. [bug] nsupdate and other programs would not quit properly
if some signals were blocked by the caller. [RT #1081]
783. [bug] Following CNAMEs could cause an assertion failure
when either using an sdb database or under very
rare conditions.
782. [func] Implement the "serial-query-rate" option.
781. [func] Avoid error packet loops by dropping duplicate FORMERR
responses. [RT #1006]
780. [bug] Error handling code dealing with out of memory or
other rare errors could lead to assertion failures
by calling functions on unitialized names. [RT #1065]
779. [func] Added the "minimal-responses" option.
778. [bug] When starting cache cleaning, cleaning_timer_action()
returned without first pausing the iterator, which
could cause deadlock. [RT #998]
777. [bug] An empty forwarders list in a zone failed to override
global forwarders. [RT #995]
776. [func] Improved error reporting in denied messages. [RT #252]
775. [placeholder]
774. [func] max-cache-size is implemented.
773. [func] Added isc_rwlock_trylock() to attempt to lock without
blocking.
772. [bug] Owner names could be incorrectly omitted from cache
dumps in the presence of negative caching entries.
[RT #991]
771. [cleanup] TSIG errors related to unsynchronized clocks
are logged better. [RT #919]
770. [func] Add the "edns yes_or_no" statement to the server
clause. [RT #524]
769. [func] Improved error reporting when parsing rdata. [RT #740]
768. [bug] The server did not emit an SOA when a CNAME
or DNAME chain ended in NXDOMAIN in an
authoritative zone.
767. [placeholder]
766. [bug] A few cases in query_find() could leak fname.
This would trigger the mpctx->allocated == 0
assertion when the server exited.
[RT #739, #776, #798, #812, #818, #821, #845,
#892, #935, #966]
765. [func] ACL names are once again case insensitive, like
in BIND 8. [RT #252]
764. [func] Configuration files now allow "include" directives
in more places, such as inside the "view" statement.
[RT #377, #728, #860]
763. [func] Configuration files no longer have reserved words.
[RT #731, #753]
762. [cleanup] The named.conf and rndc.conf file parsers have
been completely rewritten.
761. [bug] _REENTRANT was still defined when building with
--disable-threads.
760. [contrib] Significant enhancements to the pgsql sdb driver.
759. [bug] The resolver didn't turn off "avoid fetches" mode
when restarting, possibly causing resolution
to fail when it should not. This bug only affected
platforms which support both IPv4 and IPv6. [RT #927]
758. [bug] The "avoid fetches" code did not treat negative
cache entries correctly, causing fetches that would
be useful to be avoided. This bug only affected
platforms which support both IPv4 and IPv6. [RT #927]
757. [func] Log zone transfers.
756. [bug] dns_zone_load() could "return" success when no master
file was configured.
755. [bug] Fix incorrectly formatted log messages in zone.c.
754. [bug] Certain failure conditions sending UDP packets
could cause the server to retry the transmission
indefinitely. [RT #902]
753. [bug] dig, host, and nslookup would fail to contact a
remote server if getaddrinfo() returned an IPv6
address on a system that doesn't support IPv6.
[RT #917]
752. [func] Correct bad tv_usec elements returned by
gettimeofday().
751. [func] Log successful zone loads / transfers. [RT #898]
750. [bug] A query should not match a DNAME whose trust level
is pending. [RT #916]
749. [bug] When a query matched a DNAME in a secure zone, the
server did not return the signature of the DNAME.
[RT #915]
748. [doc] List supported RFCs in doc/misc/rfc-compliance.
[RT #781]
747. [bug] The code to determine whether an IXFR was possible
did not properly check for a database that could
not have a journal. [RT #865, #908]
746. [bug] The sdb didn't clone rdatasets properly, causing
a crash when the server followed delegations. [RT #905]
745. [func] Report the owner name of records that fail
semantic checks while loading.
744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the
result of an ANY or SIG query, the resolver failed
to setup the return event's rdatasets, causing an
assertion failure in the query code. [RT #881]
743. [bug] Receiving a large number of certain malformed
answers could cause named to stop responding.
[RT #861]
|
|
|
|
+ move the patch digest/checksum values from files/patch-sum to distinfo
|
|
/dev/urandom.
|
|
741. [port] Support openssl-engine. [RT #709]
740. [port] Handle openssl library mismatches slightly better.
739. [port] Look for /dev/random in configure, rather than
assuming it will be there for only a predefined
set of OSes.
738. [bug] If a non-threadsafe sdb driver supported AXFR and
received an AXFR request, it would deadlock or die
with an assertion failure. [RT #852]
737. [port] stdtime.c failed to compile on certain platforms.
736. [func] New functions isc_task_{begin,end}exclusive().
735. [doc] Add BIND 4 migration notes.
734. [bug] An attempt to re-lock the zone lock could occur if
the server was shutdown during a zone tranfer.
[RT #830]
733. [bug] Reference counts of dns_acl_t objects need to be
locked but were not. [RT #801, #821]
732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828]
731. [bug] Certain zone errors could cause named-checkzone to
fail ungracefully. [RT #819]
730. [bug] lwres_getaddrinfo() returns the correct result when
it fails to contact a server. [RT #768]
729. [port] pthread_setconcurrency() needs to be called on Solaris.
728. [bug] Fix comment processing on master file directives.
[RT# 757]
727. [port] Work around OS bug where accept() succeeds but
fails to fill in the peer address of the accepted
connection, by treating it as an error rather than
an assertion failure. [RT #809]
726. [func] Implement the "trace" and "notrace" commands in rndc.
725. [bug] Installing man pages could fail.
724. [func] New libisc functions isc_netaddr_any(),
isc_netaddr_any6().
723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
to return DNS_R_SERVFAIL. [RT #783]
722. [func] Allow incremental loads to be canceled.
721. [cleanup] Load manager and dns_master_loadfilequota() are no
more.
720. [bug] Server could enter infinite loop in
dispatch.c:do_cancel(). [RT #733]
719. [bug] Rapid reloads could trigger an assertion failure.
[RT #743, #763]
718. [cleanup] "internal" is no longer a reserved word in named.conf.
[RT #753, #731]
717. [bug] Certain TKEY processing failure modes could
reference an uninitialized variable, causing the
server to crash. [RT #750]
716. [bug] The first line of a $INCLUDE master file was lost if
an origin was specified. [RT #744]
715. [bug] Resolving some A6 chains could cause an assertion
failure in adb.c. [RT #738]
714. [bug] Preserve interval timers across reloads unless changed.
[RT# 729]
713. [func] named-checkconf takes '-t directory' similar to named.
[RT #726]
712. [bug] Sending a large signed update message caused an
assertion failure. [RT #718]
711. [bug] The libisc and liblwres implementations of
inet_ntop contained an off by one error.
710. [func] The forwarders statement now takes an optional
port. [RT #418]
709. [bug] ANY or SIG queries for data with a TTL of 0
would return SERVFAIL. [RT #620]
708. [bug] When building with --with-openssl, the openssl headers
included with BIND 9 should not be used. [RT #702]
707. [func] The "filename" argument to named-checkzone is no
longer optional, to reduce confusion. [RT #612]
706. [bug] Zones with an explicit "allow-update { none; };"
were considered dynamic and therefore not reloaded
on SIGHUP or "rndc reload".
705. [port] Work out resource limit type for use where rlim_t is
not available. [RT #695]
704. [port] RLIMIT_NOFILE is not available on all platforms.
[RT #695]
703. [port] sys/select.h is needed on older platforms. [RT #695]
702. [func] If the address 0.0.0.0 is seen in resolv.conf,
use 127.0.0.1 instead. [RT #693]
701. [func] Root hints are now fully optional. Class IN
views use compiled-in hints by default, as
before. Non-IN views with no root hints now
provide authoritative service but not recursion.
A warning is logged if a view has neither root
hints nor authoritative data for the root. [RT #696]
700. [bug] $GENERATE range check was wrong. [RT #688]
699. [bug] The lexer mishandled empty quoted strings. [RT #694]
698. [bug] Aborting nsupdate with ^C would lead to several
race conditions.
697. [bug] nsupdate was not compatible with the undocumented
BIND 8 behavior of ignoring TTLs in "update delete"
commands. [RT #693]
696. [bug] lwresd would die with an assertion failure when passed
a zero-length name. [RT #692]
695. [bug] If the resolver attempted to query a blackholed or
bogus server, the resolution would fail immediately.
|
|
XXX need to teach pkglint to be more picky about this
|
|
|
|
|
|
|
|
to sync with net/bind9, patches/patch-a[bc] are renamed into patches-a[ij].
|
|
|
|
|
|
694. [bug] $GENERATE did not produce the last entry.
[RT #682, #683]
693. [bug] An empty lwres statement in named.conf caused
the server to crash while loading.
692. [bug] Deal with systems that have getaddrinfo() but not
gai_strerror(). [RT #679]
691. [bug] Configuring per-view forwarders caused an assertion
failure. [RT #675]
690. [func] $GENERATE now supports DNAME. [RT #654]
689. [doc] man pages are now installed. [RT #210]
688. [func] "make tags" now works on systems with the
"Exuberant Ctags" etags.
|
|
|
|
out of date - it was based on a.out OBJECT_FMT, and added entries in the
generated PLISTs to reflect the symlinks that ELF packages uses. It also
tried to be clever, and removed and recreated any symbolic links that were
created, which has resulted in some fun, especially with packages which
use dlopen(3) to load modules. Some recent changes to our ld.so to bring
it more into line with other Operating Systems also exposed some cracks.
+ Modify bsd.pkg.mk and its shared object handling, so that PLISTs now contain
the ELF symlinks.
+ Don't mess about with file system entries when handling shared objects in
bsd.pkg.mk, since it's likely that libtool and the BSD *.mk processing will
have got it right, and have a much better idea than we do.
+ Modify PLISTs to contain "ELF symlinks"
+ On a.out platforms, delete any "ELF symlinks" from the generated PLISTs
+ On ELF platforms, no extra processing needs to be done in bsd.pkg.mk
+ Modify print-PLIST target in bsd.pkg.mk to add dummy symlink entries on
a.out platforms
+ Update the documentation in Packages.txt
With many thanks to Thomas Klausner for keeping me honest with this.
|
|
--- 9.1.0b2 released ---
641. [bug] $GENERATE caused a uninitialized link to be used.
[RT #595]
640. [bug] Memory leak in error path could cause
"mpctx->allocated == 0" failure. [RT #584]
639. [bug] Reading entropy from the keyboard would sometimes fail.
[RT #591]
638. [port] lib/isc/random.c needed to explicitly include
time.h explicitly to get a prototype for time() when
pthreads was not being used. [RT #592]
637. [port] Use isc_u?int64_t instead of (unsigned) long long in
lib/isc/print.c. Also allow lib/isc/print.c to
be compiled even if the platform does not need it.
[RT #592]
636. [port] Shut up MSVC++ about a possible loss of precision
in the ISC__BUFFER_PUTUINT*() macros. [RT #592]
635. [bug] Reloading a server with a configured blackhole list
would cause an assertion. [RT #590]
634. [bug] A log file will completely stop being written when
it reaches the maximum size in all cases, not just
when versioning is also enabled. [RT #570]
633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
632. [bug] The index array of the journal file was
corrupted as it was written to disk.
631. [port] Build without thread support on systems without
pthreads.
630. [bug] Locking failure in zone code. [RT #582]
629. [bug] 9.1.0b1 dereferenced a null pointer and crashed
when responding to a UDP IXFR request.
628. [bug] If the root hints contained only AAAA addresses,
named would be unable to perform resolution.
627. [bug] The EDNS0 blackhole detection code of changed 324
waited for three retransmissions to each server,
which takes much too long when a domain has many
name servers and all of them drop EDNS0 queries.
Now we retry without EDNS0 after three consecutive
timeouts, even if they are all from different
servers. [RT #143]
626. [bug] The lightweight resolver daemon no longer crashes
when asked for a SIG rrset. [RT #558]
625. [func] Zones now inherit their class from the enclosing view.
624. [bug] The zone object could get timer events after it had
been destroyed, causing a server crash. [RT #571]
623. [func] Added "named-checkconf" and "named-checkzone" program
for syntax checking named.conf files and zone files,
respectively.
622. [bug] A canceled request could be destroyed before
dns_request_destroy() was called. [RT #562]
621. [port] Disable IPv6 at runtime if IPv6 sockets are unusable.
This mostly affects Red Hat Linux 7.0, which has
conflicts between libc and the kernel.
620. [bug] dns_master_load*inc() now require 'task' and 'load'
to be non-null. Also 'done' will not be called if
dns_master_load*inc() fails immediately. [RT #565]
618. [bug] Queries to a signed zone could sometimes cause
an assertion failure.
617. [bug] When using dynamic update to add a new RR to an
existing RRset with a different TTL, the journal
entries generated from the update did not include
explicit deletions and re-additions of the existing
RRs to update their TTL to the new value.
616. [func] dnssec-signzone -t output now includes performance
statistics.
615. [bug] dnssec-signzone did not like child keysets signed
by multiple keys.
614. [bug] Checks for uninitialized link fields were prone
to false positives, causing assertion failures.
The checks are now disabled by default and may
be re-enabled by defining ISC_LIST_CHECKINIT.
613. [bug] "rndc reload zone" now reloads primary zones.
It previously only updated slave and stub zones,
if an SOA query indicated an out of date serial.
612. [cleanup] Shutup a ridiculously noisy HP-UX compiler that
complains relentlessly about how its treatment
of 'const' has changed as well as how casting
sometimes tightens alignment constraints.
611. [func] allow-notify can be used to permit processing of
notify messages from hosts other than a slave's
masters.
610. [func] rndc dumpdb is now supported.
609. [bug] getrrsetbyname() would crash lwresd if the server
found more SIGs than answers. [RT #554]
608. [func] dnssec-signzone now adds a comment to the zone
with the time the file was signed.
607. [bug] nsupdate would fail if it encountered a CNAME or
DNAME in a response to an SOA query. [RT #515]
606. [bug] Compiling with --disable-threads failed due
to isc_thread_self() being incorrectly defined
as an integer rather than a function.
605. [func] New function isc_lex_getlasttokentext().
604. [bug] The named.conf parser could print incorrect line
numbers when long comments were present.
603. [bug] Make dig handle multiple types or classes on the same
query more correctly.
602. [func] Cope automatically with UnixWare's broken
IN6_IS_ADDR_* macros. [RT #539]
601. [func] Return a non-zero exit code if an update fails
in nsupdate.
600. [bug] Reverse lookups sometimes failed in dig, etc...
599. [func] Added four new functions to the libisc log API to
support i18n messages. isc_log_iwrite(),
isc_log_ivwrite(), isc_log_iwrite1() and
isc_log_ivwrite1() were added.
598. [bug] An update-policy statement would cause the server
to assert while loading. [RT #536]
597. [func] dnssec-signzone is now multithreaded.
596. [bug] DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
not mutually exclusive.
595. [port] On Linux 2.2, socket() returns EINVAL when it
should return EAFNOSUPPORT. Work around this.
[RT #531]
594. [func] sdb drivers are now assumed to not be thread-safe
unless the DNS_SDBFLAG_THREADSAFE flag is supplied.
593. [bug] If a secure zone was missing all its NXTs and
a dynamic update was attempted, the server entered
an infinite loop.
592. [bug] The sig-validity-interval option now specifies a
number of days, not seconds. This matches the
documentation. [RT #529]
|
|
Remove ONLY_FOR_PLATFORM, and let it fail while installing the DEPENDS.
|
|
|
|
(briefly discussed at dnssec workshop after IETF49).
|
|
|
|
|
|
|
