summaryrefslogtreecommitdiff
path: root/net/bind9/files
AgeCommit message (Collapse)AuthorFilesLines
2002-09-23add missing RCS Id.grant2-2/+6
2001-04-17+ move the distfile digest/checksum value from files/md5 to distinfoagc2-8/+0
+ move the patch digest/checksum values from files/patch-sum to distinfo
2001-03-29upgrade to 9.1.1. functionality equal to 9.1.1rc7 (= 9.1.0.7)itojun1-2/+2
2001-03-27upgrade to 9.1.1rc7.itojun1-2/+2
--- 9.1.1rc7 released --- 791. [bug] The control channel did not work over IPv6. 790. [bug] Wildcards created using dynamic update or IXFR could fail to match. [RT #1111] 787. [bug] The DNSSEC tools failed to downcase domain names when mapping them into file names. 786. [bug] When DNSSEC signing/verifying data, owner names were not properly downcased. --- 9.1.1rc6 released --- 785. [bug] A race condition in the resolver could cause an assertion failure. [RT #673, #872, #1048] 784. [bug] nsupdate and other programs would not quit properly if some signals were blocked by the caller. [RT #1081] 783. [bug] Following CNAMEs could cause an assertion failure when either using an sdb database or under very rare conditions. 780. [bug] Error handling code dealing with out of memory or other rare errors could lead to assertion failures by calling functions on unitialized names. [RT #1065]
2001-03-16upgrade to 9.1.1rc5 (version # is 9.1.0.5 to prevent going backward)itojun1-2/+2
--- 9.1.1rc5 released --- 778. [bug] When starting cache cleaning, cleaning_timer_action() returned without first pausing the iterator, which could cause deadlock. [RT #998] 777. [bug] An empty forwarders list in a zone failed to override global forwarders. [RT #995] 775. [bug] Address match lists with invalid netmasks caused the configuration parser to abort with an assertion failure. [RT #996] 772. [bug] Owner names could be incorrectly omitted from cache dumps in the presence of negative caching entries. [RT #991] 686. [bug] dig and nslookup can now be properly aborted during blocking operations. [RT #568]
2001-03-07upgrade to 9.1.1rc4.itojun1-2/+2
--- 9.1.1rc4 released --- 767. [bug] The configuration parser handled invalid ports badly. [RT #961] 766. [bug] A few cases in query_find() could leak fname. This would trigger the mpctx->allocated == 0 assertion when the server exited. [RT #739, #776, #798, #812, #818, #821, #845, #892, #935, #966] 759. [bug] The resolver didn't turn off "avoid fetches" mode when restarting, possibly causing resolution to fail when it should not. This bug only affected platforms which support both IPv4 and IPv6. [RT #927] 758. [bug] The "avoid fetches" code did not treat negative cache entries correctly, causing fetches that would be useful to be avoided. This bug only affected platforms which support both IPv4 and IPv6. [RT #927] 756. [bug] dns_zone_load() could "return" success when no master file was configured. 755. [bug] Fix incorrectly formatted log messages in zone.c. 709. [bug] ANY or SIG queries for data with a TTL of 0 would return SERVFAIL. [RT #620]
2001-02-27upgrade to 9.1.1rc3 (package version # is 9.1.0.3 as rc3 is prior to 9.1.1).itojun1-2/+2
--- 9.1.1rc3 released --- 754. [bug] Certain failure conditions sending UDP packets could cause the server to retry the transmission indefinitely. [RT #902] 753. [bug] dig, host, and nslookup would fail to contact a remote server if getaddrinfo() returned an IPv6 address on a system that doesn't support IPv6. [RT #917] 750. [bug] A query should not match a DNAME whose trust level is pending. [RT #916] 749. [bug] When a query matched a DNAME in a secure zone, the server did not return the signature of the DNAME. [RT #915] 747. [bug] The code to determine whether an IXFR was possible did not properly check for a database that could not have a journal. [RT #865, #908] 746. [bug] The sdb didn't clone rdatasets properly, causing a crash when the server followed delegations. [RT #905] 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the result of an ANY or SIG query, the resolver failed to setup the return event's rdatasets, causing an assertion failure in the query code. [RT #881] 743. [bug] Receiving a large number of certain malformed answers could cause named to stop responding. [RT #861] 742. [bug] dig +domain did not work. [RT #850] 738. [bug] If a non-threadsafe sdb driver supported AXFR and received an AXFR request, it would deadlock or die with an assertion failure. [RT #852] 737. [port] stdtime.c failed to compile on certain platforms. 648. [port] Add support for pre-RFC2133 IPv6 implementations. --- 9.1.1rc2 released --- 733. [bug] Reference counts of dns_acl_t objects need to be locked but were not. [RT #801, #821] 708. [bug] When building with --with-openssl, the openssl headers included with BIND 9 should not be used. [RT #702]
2001-02-08use 9.1.1rc1. we upgrade to release candidate for important fixesitojun1-2/+2
(change id 727 is very important). hack: package version number is set to 9.1.0.1, as 9.1.1rc1 is prior to 9.1.1. 729. [port] pthread_setconcurrency() needs to be called on Solaris. 727. [port] Work around OS bug where accept() succeeds but fails to fill in the peer address of the accepted connection, by treating it as an error rather than an assertion failure. [RT #809] 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver to return DNS_R_SERVFAIL. [RT #783] 720. [bug] Server could enter infinite loop in dispatch.c:do_cancel(). [RT #743] 719. [bug] Rapid reloads could trigger an assertion failure. [RT #743, #763] 717. [bug] Certain TKEY processing failure modes could reference an uninitialized variable, causing the server to crash. [RT #750] 716. [bug] The first line of a $INCLUDE master file was lost if an origin was specified. [RT #744] 715. [bug] Resolving some A6 chains could cause an assertion failure in adb.c. [RT #738] 711. [bug] The libisc and liblwres implementations of inet_ntop contained an off by one error. 706. [bug] Zones with an explicit "allow-update { none; };" were considered dynamic and therefore not reloaded on SIGHUP or "rndc reload". 700. [bug] $GENERATE range check was wrong. [RT #688] 698. [bug] Aborting nsupdate with ^C would lead to several race conditions. 699. [bug] The lexer mishandled empty quoted strings. [RT #694] 694. [bug] $GENERATE did not produce the last entry. [RT #682, #683] 693. [bug] An empty lwres statement in named.conf caused the server to crash while loading. 692. [bug] Deal with systems that have getaddrinfo() but not gai_strerror(). [RT #679] 691. [bug] Configuring per-view forwarders caused an assertion failure. [RT #675, #734]
2001-02-04add rc.d/lwresditojun1-0/+16
2001-01-28test NI_NUMERICSCOPE on getnameinfo scope supportitojun1-2/+2
2001-01-28support KAME scope identifier (interface names).itojun1-1/+3
vanilla BIND9 supports numeric scope identifiers.
2001-01-26Add a startup scripthubertf1-0/+28
2001-01-18upgrade to 9.1.0 from ISC.itojun2-4/+4
too many changes to be mentioned here.
2000-11-13upgrade to 9.0.1 from ISC.itojun1-2/+2
--- 9.0.1 released --- 547. [bug] dnssafe doesn't correctly handle RSA keys longer than 2000 bits. Disable support for long keys. --- 9.0.1rc2 released --- 527. [bug] When a hint zone was configured, the spurious warning messages "Hint zones do not have a forward field" and "Hint zones do not have a forwarders field" were printed. [RT #439] --- 9.0.1rc1 released --- 526. [bug] nsupdate incorrectly refused to add RRs with a TTL of 0. 523. [doc] The source to the Administrator Reference Manual is now an XML file using the DocBook DTD, and is included in the distribution. The plain text version of the ARM is temporarily unavailable while we figure out how to generate readable plain text from the XML. 520. [bug] Upgraded libtool to 1.3.5, which makes shared library builds almost work on AIX (and possibly others). 519. [bug] dns_name_split() would improperly split some bitstring labels, zeroing a few of the least signficant bits in the prefix part. When such an improperly created prefix was returned to the RBT database, the bogus label was dutifully stored, corrupting the tree. [RT #369] 518. [bug] The resolver did not realize that a DNAME which was "the answer" to the client's query was "the answer", and such queries would fail. [RT #399] 517. [bug] The resolver's DNAME code would trigger an assertion if there was more than one DNAME in the chain. [RT #399] 516. [bug] Cache lookups which had a NULL node pointer, e.g. those by dns_view_find(), and which would match a DNAME, would trigger an INSIST(!search.need_cleanup) assertion. [RT #399] 515. [bug] The ssu table was not being attached / detached by dns_zone_[sg]etssutable. [RT#397] 511. [bug] The message code could throw an assertion on an out of memory failure. [RT #392] 510. [bug] Remove spurious view notify warning. [RT #376] 505. [bug] nsupdate was printing "unknown result code". [RT #373] 502. [func] On a SERVFAIL reply, DiG will now try the next server in the list, unless the +fail option is specified. 501. [bug] Incorrect port numbers were being displayed by nslookup. [RT #352] 500. [func] Nearly useless +details option removed from DiG. 499. [func] In DiG, specifying a class with -c or type with -t changes command-line parsing so that classes and types are only recognized if following -c or -t. This allows hosts with the same name as a class or type to be looked up. 498. [doc] There is now a man page for "dig" in doc/man/bin/dig.1. 495. [bug] nsupdate was unable to handle large records. [RT #368] 491. [bug] nsupdate would segfault when sending certain prerequisites with empty RDATA. [RT #356] 488. [bug] Locks weren't properly destroyed in some cases. 486. [bug] nslookup: "set all" and "server" commands showed the incorrect port number if a port other than 53 was specified. [RT #352] 485. [func] When dig had more than one server to query, it would send all of the messages at the same time. Add rate limiting of the transmitted messages. 483. [bug] nslookup: "set all" showed a "search" option but it was not settable. 482. [bug] nslookup: a plain "server" or "lserver" should be treated as a lookup. 481. [bug] nslookup:get_next_command() stack size could exceed per thread limit. 480. [bug] strtok() is not thread safe. [RT #349] 476. [bug] A zone could expire while a zone transfer was in progress triggering a INSIST failure. [RT #329] 475. [bug] query_getzonedb() sometimes returned a non-null version on failure. This caused assertion failures when generating query responses where names subject to additional section processing pointed to a zone to which access had been denied by means of the allow-query option. [RT #336] 474. [bug] The mnemonic of the CHAOS class is CH according to RFC1035, but it was printed and read only as CHAOS. We now accept both forms as input, and print it as CH. [RT #305] 473. [bug] nsupdate overran the end of the list of name servers when no servers could be reached, typically causing it to print the error message "dns_request_create: not implemented". 472. [bug] Off-by-one error caused isc_time_add() to sometimes produce invalid time values. 471. [bug] nsupdate didn't compile on HP/UX 10.20 463. [bug] nsupdate sent malformed SOA queries to the second and subsequent name servers in resolv.conf if the query sent to the first one failed. 459. [bug] Nslookup processed the "set" command incorrectly. 458. [bug] Nslookup didn't properly check class and type values. [RT #305] 457. [bug] Dig/host/hslookup didn't properly handle connect timeouts in certain situations, causing an unnecessary warning message to be printed. 447. [bug] Dig didn't properly retry in TCP mode after a truncated reply. [RT #277] 403. [bug] "host" did not use the search list. 395. [bug] nslookup printed incorrect RR type mnemonics for RRs of type >= 21 [RT #237]. 388. [func] dig and host can now do reverse ipv6 lookups. 387. [func] Add dns_byaddr_createptrname(), which converts an address into the name used by a PTR query. 379. [func] New library function isc_sockaddr_anyofpf(). 347. [bug] Don't crash if an argument is left off options in dig. 346. [func] Add support for .digrc config file, in the user's current directory 345. [bug] Large-scale changes/cleanups to dig: * Significantly improve structure handling * Don't pre-load entire batch files * Add name/rr counting/limiting * Fix SIGINT handling * Shorten timeouts to match v8's behavior --- 9.0.0 released ---
2000-09-18Update bind9 to 9.0.0 (release version) as requested by hubertf to get thisrh1-2/+2
in before the 1.5 release. Changes are bugfixes only.
2000-08-29Update bind9 to 9.0.0rc5. Changes are bugfixes only, including a fix thatrh2-4/+3
makes patch-ab unnecessary: * A typo in the HS A code caused an assertion failure. * lwres_gethostbyname() and company set lwres_h_errno to a random value on success. * If named was shut down early in the startup process, ns_omapi_shutdown() would attempt to lock an unintialized mutex. [RT #262] * stub zones could leak memory and reference counts if all the masters were unreachable. * isc_rwlock_lock() would needlessly block readers when it reached the read quota even if no writers were waiting. * Log messages were occasionally lost or corrupted due to a race condition in isc_log_doit(). * The request library didn't completely work with IPv6. * Check for IPV6_RECVPKTINFO and use it instead of IPV6_PKTINFO if found. [RT #229]
2000-08-23Fix PLIST to include bin/nslookup -- thanks to hubert's new leftover listrh1-2/+2
for finding this. Update bind to 9.0.0rc4. Changes and fixes are: * "host" did not use the search list. * Treat undefined acls as errors, rather than warning and then later throwing an assertion. * SIG(0) signing and verifying was done incorrectly. * When reloading the server with a config file containing a syntax error, it could catch an assertion failure trying to perform zone maintenance on, or sending notifies from, tentatively created zones whose views were never fully configured and lacked an address database and request manager. * "dig" sometimes caught an assertion failure when using TSIG, depending on the key length. * Many debugging messages were partially formatted even when debugging was turned off, causing a significant decrease in query performance. * There is now a man page for "nsupdate" * nslookup printed incorrect RR type mnemonics for RRs of type >= 21 * Attempting to send a reqeust over IPv6 using dns_request_create() on a system without IPv6 support caused an assertion failure [RT #235]. * Missing strdup() of ACL name caused random ACL matching failures [RT #228]. * nsupdate was incorrectly limiting TTLs to 65535 instead of 2147483647. * When writing a master file, print the SOA and NS records (and their SIGs) before other records. * named -u failed on many Linux systems where the libc provided kernel headers do not match the current kernel. * nsupdate didn't work with IPv6.
2000-08-10upgrade to 9.0.0rc2.itojun2-3/+4
add patch to help 2292bis environment (= latest KAME, Solaris8). --- rc1 -> rc2 --- 9.0.0rc2 released --- 377. [bug] When additional data lookups were refused due to "allow-query", the databases were still being attached causing reference leaks. 376. [bug] The server should always use good entropy when performing cryptographic functions needing entropy. 375. [bug] Per-zone allow-query did not properly override the view/global one for CNAME targets and additional data [RT #220]. 374. [bug] SOA in authoritative negative responses had wrong TTL. 373. [func] nslookup is now installed by "make install". 372. [bug] Deal with Microsoft DNS servers appending two bytes of garbage to zone transfer requests. 371. [bug] At high debug levels, doing an outgoing zone transfer of a very large RRset could cause an assertion failure during logging. 370. [bug] The error messages for rollforward failures were overly terse. 367. [bug] Allow proper selection of server on nslookup command line. 365. [bug] nsupdate -k leaked memory. 362. [bug] rndc no longer aborts if the configuration file is missing an options statement. [RT #209] 359. [bug] dnssec-signzone occasionally signed glue records. 357. [bug] The zone file parser crashed if the argument to $INCLUDE was a quoted string. 354. [doc] Man pages for the dnssec tools are now included in the distribution, in doc/man/dnssec. 353. [bug] double increment in lwres/gethost.c:copytobuf(). (RT# 187) 352. [bug] Race condition in dns_client_t startup could cause an assertion failure. 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG signed query could crash the server. 350. [bug] Also-notify lists specified in the global options block were not correctly reference counted, causing a memory leak. 349. [bug] Processing a query with the CD bit set now works as expected. 344. [bug] When shutting down, lwresd sometimes tried to shut down its client tasks twice, triggering an assertion. 343. [bug] Although zone maintenance SOA queries and notify requests were signed with TSIG keys when configured for the server in case, the TSIG was not verified on the response. 342. [bug] The wrong name was being passed to dns_name_dup() when generating a TSIG key using TKEY. 340. [bug] The top-level COPYRIGHT file was missing from the distribution. 339. [bug] DNSSEC validation of the response to an ANY query at a name with a CNAME RR in a secure zone triggered an assertion failure. 337. [bug] "dig" did not recognize "nsap-ptr" as an RR type on the command line. 336. [bug] "dig -f" used 64 k of memory for each line in the file. It now uses much less, though still proportionally to the file size. 335. [bug] named would occasionally attempt recursion when it was disallowed or undesired. 333. [bug] The resolver incorrectly accepted referrals to domains that were not parents of the query name, causing assertion failures. 331. [bug] Only log "recursion denied" if RD is set. (RT #178)
2000-07-26Update bind9 to 9.0.0rc1. This is the first release candidate for bind9.rh2-7/+4
Changes are too numerous to list here in detail, but highlights are: The communication between "rndc" and "named" is now authenticated using digital signatures. Because of this, rndc now requires a configuration file "rndc.conf" containing a shared secret, with a corresponding "controls" clause in named.conf. When the server is chrooted using the -t option, it no longer needs copies of the passwd and group files in the chroot environment. Various bug fixes and cleanups, especially in the dig, host, nslookup, and nsupdate programs. There are a few known bugs: The option "query-source * port 53;" will not work as expected. Instead of the wildcard address "*", you need to use an explicit source IP address. On some systems, IPv6 and IPv4 sockets interact in unexpected ways. For details, see doc/misc/ipv6. To reduce the impact of these problems, the server no longer listens for requests on IPv6 addresses by default. If you need to accept DNS queries over IPv6, you must specify "listen-on-v6 { any; };" in the named.conf options statement. There are known problems with thread signal handling under Solaris 2.6.
2000-06-19Updated bind to V9.0.0b4.hubertf1-2/+2
Changes: This is still _not_ a release candidate for BIND 9.0.0; More configuration options can be specified separately for each view, including the "key" and "server" statements; Fixed: Numerous bugs have been fixed and the code has been cleaned up. Added: Stub zones have been implemented; Additional configuration options have been implemented, such as "max-cache-ttl" and "max-ncache-ttl".
2000-06-01s,bind/9.0.0b3,bind/9.0.0b2,veego1-2/+2
2000-05-25Update to 9.0.0b3. Changes:hubertf2-4/+7
The "dig" and "host" tools have been completely rewritten and are included in the base distribution. Fixed: Most bugs reported against beta 2. Added: The server now supports "views", a mechanism for answering DNS queries differently to different requestors. This will make split DNS setups much easier to build; NOTIFY (RFC1996) has been implemented; Basic support for validation of DNSSEC signatures has been implemented (for details, see "doc/misc/dnssec").
2000-04-03remove some unneeded patcheshubertf1-3/+1
2000-03-31Update to bind9.0.0 beta2. Changes:hubertf2-10/+5
Many more config file options implemented (see doc/misc/options for a summary of the current implementation status), portability improvements, (works much better than beta 1 on FreeBSD 3.4), and bugfixes (almost all bugs reported against beta 1 have been fixed).
2000-02-22 BIND 9.0.0b1 is the first public release of BIND 9 code. It willhubertf2-0/+13
be most useful to advanced users working with IPv6 or DNSSEC. BIND 9.0.0b1 is not functionally complete, and is not a release candidate for BIND 9.0.0. The ISC anticipates a number of additional beta releases between now and May, when BIND 9.0.0 is scheduled to be released. The ISC does not recommend using BIND 9.0.0b1 for "production" services.