summaryrefslogtreecommitdiff
path: root/net/bind9
AgeCommit message (Collapse)AuthorFilesLines
2003-05-12Add a buildlink2.mk file, as requested in PR pkg/21552 by Marc Recht.jmmv1-0/+35
2003-03-14(1) Publicly export the value of _OPSYS_RPATH_NAME as RPATH_FLAG;jlam1-2/+2
Makefiles simply need to use this value often, for better or for worse. (2) Create a new variable FIX_RPATH that lists variables that should be cleansed of -R or -rpath values if ${_USE_RPATH} is "no". By default, FIX_RPATH contains LIBS, X11_LDFLAGS, and LDFLAGS, and additional variables may be appended from package Makefiles.
2003-03-10Make the USE_INET6/IPV6H handling a bit more readable.hubertf1-3/+4
(won't fix PR 20019 though...)
2003-03-10Recognize native threads.hubertf5-1/+181
Addresses PR 20641 by Kimmo Suominen <kim@tac.nyc.ny.us>
2003-03-05Update bind9 to 9.2.2hubertf3-11/+11
Changes: many, at least 1 security related.
2002-10-06buildlink1 -> buildlink2seb1-3/+12
Add support for native pthread via mk/pthread.buildlink2.mk
2002-09-23add missing RCS Id.grant2-2/+6
2002-08-26use USE_INET6 to determine whether or not to installgrant1-3/+3
include/isc/ipv6.h
2002-08-26this extra doublequote causes "make plist" to failitojun1-2/+2
2002-08-20deal with optional installation of ipv6.h on non-ipv6 platforms.grant2-2/+10
2002-07-24override built-in libtool to fix shared library major versions ongrant1-1/+5
non-NetBSD systems.
2002-07-19Use INSTALL_SCRIPT to install the startup files.martti1-3/+3
2002-06-27As seen in libc, prevent gcc's memory usage from exploding duringkleink2-1/+87
optimizing by moving each round into a separate function on sparc64.
2002-06-17Use openssl buildlink.mk instead of USE_SSL.wiz1-8/+9
2002-05-04Update bind9 pacakge to 9.2.1 (with pkglint free).taca3-15/+15
--- 9.2.1 released --- 1271. [port] win32: a make file contained absolute version specific references. 1269. [bug] Missing masters clause was not handled gracefully. [RT #2703] 1244. [bug] Receiving a TCP message from a blackhole address would prevent further messages being received over that interface. 1178. [bug] Follow and cache (if appropriate) A6 and other data chains to completion in the additional section. --- 9.2.1rc2 released --- 1240. [bug] It was possible to leak zone references by specifying an incorrect zone to rndc. 1239. [bug] Under certain circumstances named could continue to use a name after it had been freed triggering INSIST() failures. [RT #2614] 1238. [bug] It is possible to lockup the server when shutting down if notifies are being processed. [RT #2591] 1237. [bug] nslookup: "set q=type" failed. 1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non NULL terminated text regions. [RT #2588] 1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL. 1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL. 1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken. 1229. [bug] named would crash if it received a TSIG signed query as part of an AXFR response. [RT #2570] 1228. [bug] 'make install' did not depend on 'make all'. [RT #2559] 1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER if a number was expected and some other token was found. [RT#2532] 1222. [bug] Specifying 'port *' did not always result in a system selected (non-reserved) port being used. [RT #2537] 1221. [bug] Zone types 'master', 'slave' and 'stub' were not being compared case insensitively. [RT #2542] 1218. [bug] Named incorrectly returned SERVFAIL rather than NOTAUTH when there was a TSIG BADTIME error. [RT #2519] 1216. [bug] Multiple server clauses for the same server were not reported. [RT #2514] 1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1 1214. [bug] Win32: isc_file_renameunique() could leave zero length files behind. 1212. [port] libbind: 64k answer buffers were causing stack space to be exceeded for certian OS. Use heap space instead. 1211. [bug] dns_name_fromtext() incorrectly handled certain valid octal bitlabels. [RT #2483] 1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped / compatible addresses. [RT #2461] 1208. [bug] dns_master_load*() failed to log a error message if an error was detected when parsing the ownername of a record. [RT #2448] --- 9.2.1rc1 released --- 1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with an invalid pointer. 1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should trigger a non-EDNS retry. 1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class" of the message. [RT #2449] 1204. [bug] libbind: res_nupdate() failed to update the name server addresses before sending the update. 1201. [bug] Require that if 'callbacks' is passed to dns_rdata_fromtext(), callbacks->error and callbacks->warn are initialized. 1200. [bug] Log 'errno' that we are unable to convert to isc_result_t. [RT #2404] 1198. [bug] OPT printing style was not consistant with the way the header fields are printed. The DO bit was not reported if set. Report if any of the MBZ bits are set. 1197. [bug] Attempts to define the same acl multiple times were not detected. 1196. [contrib] update mdnkit to 2.2.3. 1195. [bug] Attempts to redefine builtin acls should be caught. [RT #2403] 1194. [bug] Not all duplicate zone definitions were being detected at the named.conf checking stage. [RT #2431] 1193. [bug] Best effort parsing didn't handle packet truncation. 1191. [bug] A dynamic update removing the last non-apex name in a secure zone would fail. [RT #2399] 1189. [bug] On some systems, malloc(0) returns NULL, which could cause the caller to report an out of memory error. [RT #2398] 1188. [bug] Dynamic updates of a signed zone would fail if some of the zone private keys were unavailable. 1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the EOL token when reading to end of line. 1185. [bug] libbind: don't assume statp->_u._ext.ext is valid unless RES_INIT is set when calling res_*init(). 1184. [bug] libbind: call res_ndestroy() if RES_INIT is set when res_*init() is called. 1183. [bug] Handle ENOSR error when writing to the internal control pipe. [RT #2395] 1182. [bug] The server could throw an assertion failure when constructing a negative response packet. 1176. [doc] Document that allow-v6-synthesis is only performed for clients that are supplied recursive service. [RT #2260] 1175. [bug] named-checkzone failed to call dns_result_register() at startup which could result in runtime exceptions when printing "out of memory" errors. [RT #2335] 1174. [bug] Win32: add WSAECONNRESET to the expected errors from connect(). [RT #2308] 1173. [bug] Potential memory leaks in isc_log_create() and isc_log_settag(). [RT #2336] 1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to table of RR types in ARM. 1170. [bug] Don't attempt to print the token when a I/O error occurs when parsing named.conf. [RT #2275] 1168. [bug] Empty also-notify clauses were not handled. [RT #2309] 1167. [contrib] nslint-2.1a3 (from author). 1166. [bug] "Not Implemented" should be reported as NOTIMP, not NOTIMPL. [RT #2281] 1165. [bug] We were rejecting notify-source{-v6} in zone clauses. 1164. [bug] Empty masters clauses in slave / stub zones were not handled gracefully. [RT #2262] 1162. [bug] The allow-notify option was not accepted in slave zone statements. 1161. [bug] named-checkzone looped on unbalanced brackets. [RT #2248] 1160. [bug] Generating Diffie-Hellman keys longer than 1024 bits could fail. [RT #2241] 1156. [port] The configure test for strsep() incorrectly succeeded on certain patched versions of AIX 4.3.3. [RT #2190] 1154. [bug] Don't attempt to obtain the netmask of a interface if there is no address configured. [RT #2176] 1152. [bug] libbind: read buffer overflows. 1144. [bug] rndc-confgen would crash if both the -a and -t options were specified. [RT #2159] 1142. [bug] dnssec-signzone would fail to delete temporary files in some failure cases. [RT #2144] 1141. [bug] When named rejected a control message, it would leak a file descriptor and memory. It would also fail to respond, causing rndc to hang. [RT #2139, #2164] 1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments to the -s option. [RT #2138] 1136. [bug] CNAME records synthesized from DNAMEs did not have a TTL of zero as required by RFC2672. [RT #2129] 1125. [bug] rndc: -k option was missing from usage message. [RT #2057] 1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail are now documented. [RT #2052] 1123. [bug] dig +[no]fail did not match description. [RT #2052] 1109. [bug] nsupdate accepted illegal ttl values. 1108. [bug] On Win32, rndc was hanging when named was not running due to failure to select for exceptional conditions in select(). [RT #1870] 1081. [bug] Multicast queries were incorrectly identified based on the source address, not the destination address. 1072. [bug] The TCP client quota could be exceeded when recursion occurred. [RT #1937] 1071. [bug] Sockets listening for TCP DNS connections specified an excessive listen backlog. [RT #1937] 1070. [bug] Copy DNSSEC OK (DO) to response as specified by draft-ietf-dnsext-dnssec-okbit-03.txt. 1014. [bug] Some queries would cause statistics counters to increment more than once or not at all. [RT #1321] 1012. [bug] The -p option to named did not behave as documented. 988. [bug] 'additional-from-auth no;' did not work reliably in the case of queries answered from the cache. [RT #1436] 995. [bug] dig, host, nslookup: using a raw IPv6 address as a target address should be fatal on a IPv4 only system.
2001-11-27upgrade to 9.2.0.itojun7-94/+165
list of changes between 9.1.3 to 9.2.0 is available at: http://www.isc.org/products/BIND/bind9.html
2001-10-31Move pkg/ files into package's toplevel directoryzuntum2-1/+1
2001-07-04upgrade to 9.1.3 from ISC. changes between 9.1.2 to 9.1.3:itojun2-6/+6
--- 9.1.3 released --- --- 9.1.3rc3 released --- 911. [bug] Fail gracefully with multiple hint zones. [RT #1433] 910. [port] Some pre-RFC2133 IPv6 implementations do not define IN6ADDR_ANY_INIT. [RT #1416] --- 9.1.3rc2 released --- 904. [bug] The server would leak memory if attempting to use an expired TSIG key. [RT #1406] 903. [bug] dig should not crash when receiving a TCP packet of length 0. 902. [bug] The -d option was ignored if both -t and -g were also specified. 901. [cleanup] The man pages no longer have empty lines outside of literal blocks. 898. [bug] "dig" failed to set a nonzero exit status on UDP query timeout. [RT #1323] 894. [bug] When using the DNSSEC tools, a message intended to warn when the keyboard was being used because of the lack of a suitable random device was not being printed. 892. [bug] The server could attempt to refresh a zone that was being loaded, causing an assertion failure. [RT #1335] 891. [bug] Return an error when a SIG(0) signed response to an unsigned query is seen. This should actually do the verification, but it's not currently possible. [RT #1391] 888. [bug] Don't die when using TKEY to delete a nonexistent TSIG key. [RT #1392] 860. [interop] Drop cross class glue in zone transfers. 852. [bug] Handle responses from servers which do not now about IXFR. 850. [bug] dns_rbt_findnode() would not find nodes that were split on a bitstring label somewhere other than in the last label of the node. [RT #1351] 705. [port] Work out resource limit type for use where rlim_t is not available. [RT #695] 704. [port] RLIMIT_NOFILE is not available on all platforms. 703. [port] sys/select.h is needed on older platforms. [RT #695] --- 9.1.3rc1 released --- 831. [bug] The configure script tried to determine endianness before making its final decision on which C compiler to use, causing Solaris/x86 systems with gcc to be incorrectly identified as big-endian. [RT #1315] 827. [bug] When an IXFR protocol error occurs, the slave should retry with AXFR. 826. [bug] Some IXFR protocol errors were not detected. 825. [bug] zone.c:ns_query() detached from the wrong zone reference. [RT #1264] 824. [bug] Correct line numbers reported by dns_master_load(). [RT #1263] 822. [bug] Sending nxrrset prerequisites would crash nsupdate. [RT #1248] 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up the calling stack to the zone maintence level, causing zones to not reload when an included file was touched but the top-level zone file was not. 771. [cleanup] TSIG errors related to unsynchronized clocks are logged better. [RT #919] 734. [bug] An attempt to re-lock the zone lock could occur if the server was shutdown during a zone tranfer. [RT #830] 712. [bug] Sending a large signed update message caused an assertion failure. [RT #718] 669. [bug] dnssec-keygen now makes the public key file non-world-readable for symmetric keys. [RT #403]
2001-05-06upgrade to 9.1.2.itojun2-6/+6
--- 9.1.2 released --- --- 9.1.2rc1 released --- 820. [bug] Name server address lookups failed to follow A6 chains into the glue of local authoritative zones. 819. [bug] In certain cases, the resolver's attempts to restart an address lookup at the root could cause the fetch to deadlock (with itself) instead of restarting. [RT #1225] 818. [bug] Certain pathological responses to ANY queries could cause an assertion failure. [RT #1218] 816. [bug] Report potential problems with log file accessibility at configuration time, since such problems can't reliably be reported at the time they actually occur. 815. [bug] If a log file was specified with a path separator character (i.e. "/") in its name and the directory did not exist, the log file's name was treated as though it were the directory name. [RT #1189] 814. [bug] Socket objects left over from accept() failures were incorrectly destroyed, causing corruption of socket manager data structures. 813. [bug] File descriptors exceeding FD_SETSIZE were handled badly. [RT #1192] 812. [bug] dig sometimes printed incomplete IXFR responses due to an uninitialized variable. [RT #1188] 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194] 810. [bug] The signer name in SIG records was not properly downcased when signing/verifying records. [RT #1186] 807. [bug] When setting up TCP connections for incoming zone transfers, the transfer-source port was not ignored like it should be. 804. [bug] Attempting to obtain entropy could fail in some situations. This would be most common on systems with user-space threads. [RT #1131] 802. [bug] DNSSEC key tags were computed incorrectly in almost all cases. [RT #1146] 801. [bug] nsupdate should treat lines beginning with ';' as comments. [RT #1139] 800. [bug] dnssec-signzone produced incorrect statistics for large zones. [RT #1133] 799. [bug] The ADB didn't find AAAA glue in a zone unless A6 glue was also present.
2001-04-21Move to sha1 checksum, and/or add distfile sizes.wiz1-1/+2
2001-04-17+ move the distfile digest/checksum value from files/md5 to distinfoagc3-8/+6
+ move the patch digest/checksum values from files/patch-sum to distinfo
2001-04-12on bind9 mailing list isc/niminum people recommended against the use ofitojun1-4/+2
/dev/urandom.
2001-03-29upgrade to 9.1.1. functionality equal to 9.1.1rc7 (= 9.1.0.7)itojun2-6/+5
2001-03-27upgrade to 9.1.1rc7.itojun2-6/+6
--- 9.1.1rc7 released --- 791. [bug] The control channel did not work over IPv6. 790. [bug] Wildcards created using dynamic update or IXFR could fail to match. [RT #1111] 787. [bug] The DNSSEC tools failed to downcase domain names when mapping them into file names. 786. [bug] When DNSSEC signing/verifying data, owner names were not properly downcased. --- 9.1.1rc6 released --- 785. [bug] A race condition in the resolver could cause an assertion failure. [RT #673, #872, #1048] 784. [bug] nsupdate and other programs would not quit properly if some signals were blocked by the caller. [RT #1081] 783. [bug] Following CNAMEs could cause an assertion failure when either using an sdb database or under very rare conditions. 780. [bug] Error handling code dealing with out of memory or other rare errors could lead to assertion failures by calling functions on unitialized names. [RT #1065]
2001-03-16upgrade to 9.1.1rc5 (version # is 9.1.0.5 to prevent going backward)itojun2-6/+6
--- 9.1.1rc5 released --- 778. [bug] When starting cache cleaning, cleaning_timer_action() returned without first pausing the iterator, which could cause deadlock. [RT #998] 777. [bug] An empty forwarders list in a zone failed to override global forwarders. [RT #995] 775. [bug] Address match lists with invalid netmasks caused the configuration parser to abort with an assertion failure. [RT #996] 772. [bug] Owner names could be incorrectly omitted from cache dumps in the presence of negative caching entries. [RT #991] 686. [bug] dig and nslookup can now be properly aborted during blocking operations. [RT #568]
2001-03-07upgrade to 9.1.1rc4.itojun2-6/+6
--- 9.1.1rc4 released --- 767. [bug] The configuration parser handled invalid ports badly. [RT #961] 766. [bug] A few cases in query_find() could leak fname. This would trigger the mpctx->allocated == 0 assertion when the server exited. [RT #739, #776, #798, #812, #818, #821, #845, #892, #935, #966] 759. [bug] The resolver didn't turn off "avoid fetches" mode when restarting, possibly causing resolution to fail when it should not. This bug only affected platforms which support both IPv4 and IPv6. [RT #927] 758. [bug] The "avoid fetches" code did not treat negative cache entries correctly, causing fetches that would be useful to be avoided. This bug only affected platforms which support both IPv4 and IPv6. [RT #927] 756. [bug] dns_zone_load() could "return" success when no master file was configured. 755. [bug] Fix incorrectly formatted log messages in zone.c. 709. [bug] ANY or SIG queries for data with a TTL of 0 would return SERVFAIL. [RT #620]
2001-02-27upgrade to 9.1.1rc3 (package version # is 9.1.0.3 as rc3 is prior to 9.1.1).itojun3-12/+12
--- 9.1.1rc3 released --- 754. [bug] Certain failure conditions sending UDP packets could cause the server to retry the transmission indefinitely. [RT #902] 753. [bug] dig, host, and nslookup would fail to contact a remote server if getaddrinfo() returned an IPv6 address on a system that doesn't support IPv6. [RT #917] 750. [bug] A query should not match a DNAME whose trust level is pending. [RT #916] 749. [bug] When a query matched a DNAME in a secure zone, the server did not return the signature of the DNAME. [RT #915] 747. [bug] The code to determine whether an IXFR was possible did not properly check for a database that could not have a journal. [RT #865, #908] 746. [bug] The sdb didn't clone rdatasets properly, causing a crash when the server followed delegations. [RT #905] 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the result of an ANY or SIG query, the resolver failed to setup the return event's rdatasets, causing an assertion failure in the query code. [RT #881] 743. [bug] Receiving a large number of certain malformed answers could cause named to stop responding. [RT #861] 742. [bug] dig +domain did not work. [RT #850] 738. [bug] If a non-threadsafe sdb driver supported AXFR and received an AXFR request, it would deadlock or die with an assertion failure. [RT #852] 737. [port] stdtime.c failed to compile on certain platforms. 648. [port] Add support for pre-RFC2133 IPv6 implementations. --- 9.1.1rc2 released --- 733. [bug] Reference counts of dns_acl_t objects need to be locked but were not. [RT #801, #821] 708. [bug] When building with --with-openssl, the openssl headers included with BIND 9 should not be used. [RT #702]
2001-02-25Cleanup MKDIR usage => INSTALL_*_DIRhubertf1-6/+6
XXX need to teach pkglint to be more picky about this
2001-02-17Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.wiz2-2/+2
2001-02-13build it with internal openssl. 9.1.1rc1 has issues with include search path.itojun1-3/+4
2001-02-08use 9.1.1rc1. we upgrade to release candidate for important fixesitojun3-154/+13
(change id 727 is very important). hack: package version number is set to 9.1.0.1, as 9.1.1rc1 is prior to 9.1.1. 729. [port] pthread_setconcurrency() needs to be called on Solaris. 727. [port] Work around OS bug where accept() succeeds but fails to fill in the peer address of the accepted connection, by treating it as an error rather than an assertion failure. [RT #809] 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver to return DNS_R_SERVFAIL. [RT #783] 720. [bug] Server could enter infinite loop in dispatch.c:do_cancel(). [RT #743] 719. [bug] Rapid reloads could trigger an assertion failure. [RT #743, #763] 717. [bug] Certain TKEY processing failure modes could reference an uninitialized variable, causing the server to crash. [RT #750] 716. [bug] The first line of a $INCLUDE master file was lost if an origin was specified. [RT #744] 715. [bug] Resolving some A6 chains could cause an assertion failure in adb.c. [RT #738] 711. [bug] The libisc and liblwres implementations of inet_ntop contained an off by one error. 706. [bug] Zones with an explicit "allow-update { none; };" were considered dynamic and therefore not reloaded on SIGHUP or "rndc reload". 700. [bug] $GENERATE range check was wrong. [RT #688] 698. [bug] Aborting nsupdate with ^C would lead to several race conditions. 699. [bug] The lexer mishandled empty quoted strings. [RT #694] 694. [bug] $GENERATE did not produce the last entry. [RT #682, #683] 693. [bug] An empty lwres statement in named.conf caused the server to crash while loading. 692. [bug] Deal with systems that have getaddrinfo() but not gai_strerror(). [RT #679] 691. [bug] Configuring per-view forwarders caused an assertion failure. [RT #675, #734]
2001-02-04add rc.d/lwresditojun3-2/+23
2001-01-31make the rc.d script's name a bit more obvioushubertf2-4/+4
2001-01-28use OpenSSL shipped with netbsd 1.5, or in pkgsrc/security/openssl.itojun1-2/+5
2001-01-28test NI_NUMERICSCOPE on getnameinfo scope supportitojun2-12/+11
2001-01-28use urandom (should be good enough), otherwise dnssec-keygen will take foreveritojun1-2/+4
2001-01-28support KAME scope identifier (interface names).itojun3-1/+76
vanilla BIND9 supports numeric scope identifiers.
2001-01-26After discussion with Michael Graff, disable threads until we get ahubertf2-19/+20
in-tree threads implementation. Benefit of this is that the pkg now works on all platforms (Tested: 1.5/sparc).
2001-01-26Add a startup scripthubertf4-2/+40
2001-01-18upgrade to 9.1.0 from ISC.itojun5-44/+103
too many changes to be mentioned here.
2001-01-04The way that shared objects were handled in the PLISTs and bsd.pkg.mk wasagc1-1/+9
out of date - it was based on a.out OBJECT_FMT, and added entries in the generated PLISTs to reflect the symlinks that ELF packages uses. It also tried to be clever, and removed and recreated any symbolic links that were created, which has resulted in some fun, especially with packages which use dlopen(3) to load modules. Some recent changes to our ld.so to bring it more into line with other Operating Systems also exposed some cracks. + Modify bsd.pkg.mk and its shared object handling, so that PLISTs now contain the ELF symlinks. + Don't mess about with file system entries when handling shared objects in bsd.pkg.mk, since it's likely that libtool and the BSD *.mk processing will have got it right, and have a much better idea than we do. + Modify PLISTs to contain "ELF symlinks" + On a.out platforms, delete any "ELF symlinks" from the generated PLISTs + On ELF platforms, no extra processing needs to be done in bsd.pkg.mk + Modify print-PLIST target in bsd.pkg.mk to add dummy symlink entries on a.out platforms + Update the documentation in Packages.txt With many thanks to Thomas Klausner for keeping me honest with this.
2000-12-30Manually syncing ONLY_FOR_PLATFORM is not the way to go.wiz1-5/+1
Remove ONLY_FOR_PLATFORM, and let it fail while installing the DEPENDS.
2000-12-28Sync ONLY_FOR_PLATFORM with devel/unproven-pthreads.wiz1-2/+3
2000-11-13Setting CC in CONFIGURE_ENV doesn't work as it will be overwrittentoshii1-3/+2
by the configure. Instead, set LDFLAGS so that unproven-pthreads can be found before pth. Fixes pr #11418.
2000-11-13upgrade to 9.0.1 from ISC.itojun3-18/+19
--- 9.0.1 released --- 547. [bug] dnssafe doesn't correctly handle RSA keys longer than 2000 bits. Disable support for long keys. --- 9.0.1rc2 released --- 527. [bug] When a hint zone was configured, the spurious warning messages "Hint zones do not have a forward field" and "Hint zones do not have a forwarders field" were printed. [RT #439] --- 9.0.1rc1 released --- 526. [bug] nsupdate incorrectly refused to add RRs with a TTL of 0. 523. [doc] The source to the Administrator Reference Manual is now an XML file using the DocBook DTD, and is included in the distribution. The plain text version of the ARM is temporarily unavailable while we figure out how to generate readable plain text from the XML. 520. [bug] Upgraded libtool to 1.3.5, which makes shared library builds almost work on AIX (and possibly others). 519. [bug] dns_name_split() would improperly split some bitstring labels, zeroing a few of the least signficant bits in the prefix part. When such an improperly created prefix was returned to the RBT database, the bogus label was dutifully stored, corrupting the tree. [RT #369] 518. [bug] The resolver did not realize that a DNAME which was "the answer" to the client's query was "the answer", and such queries would fail. [RT #399] 517. [bug] The resolver's DNAME code would trigger an assertion if there was more than one DNAME in the chain. [RT #399] 516. [bug] Cache lookups which had a NULL node pointer, e.g. those by dns_view_find(), and which would match a DNAME, would trigger an INSIST(!search.need_cleanup) assertion. [RT #399] 515. [bug] The ssu table was not being attached / detached by dns_zone_[sg]etssutable. [RT#397] 511. [bug] The message code could throw an assertion on an out of memory failure. [RT #392] 510. [bug] Remove spurious view notify warning. [RT #376] 505. [bug] nsupdate was printing "unknown result code". [RT #373] 502. [func] On a SERVFAIL reply, DiG will now try the next server in the list, unless the +fail option is specified. 501. [bug] Incorrect port numbers were being displayed by nslookup. [RT #352] 500. [func] Nearly useless +details option removed from DiG. 499. [func] In DiG, specifying a class with -c or type with -t changes command-line parsing so that classes and types are only recognized if following -c or -t. This allows hosts with the same name as a class or type to be looked up. 498. [doc] There is now a man page for "dig" in doc/man/bin/dig.1. 495. [bug] nsupdate was unable to handle large records. [RT #368] 491. [bug] nsupdate would segfault when sending certain prerequisites with empty RDATA. [RT #356] 488. [bug] Locks weren't properly destroyed in some cases. 486. [bug] nslookup: "set all" and "server" commands showed the incorrect port number if a port other than 53 was specified. [RT #352] 485. [func] When dig had more than one server to query, it would send all of the messages at the same time. Add rate limiting of the transmitted messages. 483. [bug] nslookup: "set all" showed a "search" option but it was not settable. 482. [bug] nslookup: a plain "server" or "lserver" should be treated as a lookup. 481. [bug] nslookup:get_next_command() stack size could exceed per thread limit. 480. [bug] strtok() is not thread safe. [RT #349] 476. [bug] A zone could expire while a zone transfer was in progress triggering a INSIST failure. [RT #329] 475. [bug] query_getzonedb() sometimes returned a non-null version on failure. This caused assertion failures when generating query responses where names subject to additional section processing pointed to a zone to which access had been denied by means of the allow-query option. [RT #336] 474. [bug] The mnemonic of the CHAOS class is CH according to RFC1035, but it was printed and read only as CHAOS. We now accept both forms as input, and print it as CH. [RT #305] 473. [bug] nsupdate overran the end of the list of name servers when no servers could be reached, typically causing it to print the error message "dns_request_create: not implemented". 472. [bug] Off-by-one error caused isc_time_add() to sometimes produce invalid time values. 471. [bug] nsupdate didn't compile on HP/UX 10.20 463. [bug] nsupdate sent malformed SOA queries to the second and subsequent name servers in resolv.conf if the query sent to the first one failed. 459. [bug] Nslookup processed the "set" command incorrectly. 458. [bug] Nslookup didn't properly check class and type values. [RT #305] 457. [bug] Dig/host/hslookup didn't properly handle connect timeouts in certain situations, causing an unnecessary warning message to be printed. 447. [bug] Dig didn't properly retry in TCP mode after a truncated reply. [RT #277] 403. [bug] "host" did not use the search list. 395. [bug] nslookup printed incorrect RR type mnemonics for RRs of type >= 21 [RT #237]. 388. [func] dig and host can now do reverse ipv6 lookups. 387. [func] Add dns_byaddr_createptrname(), which converts an address into the name used by a PTR query. 379. [func] New library function isc_sockaddr_anyofpf(). 347. [bug] Don't crash if an argument is left off options in dig. 346. [func] Add support for .digrc config file, in the user's current directory 345. [bug] Large-scale changes/cleanups to dig: * Significantly improve structure handling * Don't pre-load entire batch files * Add name/rr counting/limiting * Fix SIGINT handling * Shorten timeouts to match v8's behavior --- 9.0.0 released ---
2000-09-18Update bind9 to 9.0.0 (release version) as requested by hubertf to get thisrh2-4/+4
in before the 1.5 release. Changes are bugfixes only.
2000-08-29Update bind9 to 9.0.0rc5. Changes are bugfixes only, including a fix thatrh4-28/+5
makes patch-ab unnecessary: * A typo in the HS A code caused an assertion failure. * lwres_gethostbyname() and company set lwres_h_errno to a random value on success. * If named was shut down early in the startup process, ns_omapi_shutdown() would attempt to lock an unintialized mutex. [RT #262] * stub zones could leak memory and reference counts if all the masters were unreachable. * isc_rwlock_lock() would needlessly block readers when it reached the read quota even if no writers were waiting. * Log messages were occasionally lost or corrupted due to a race condition in isc_log_doit(). * The request library didn't completely work with IPv6. * Check for IPV6_RECVPKTINFO and use it instead of IPV6_PKTINFO if found. [RT #229]
2000-08-23Fix PLIST to include bin/nslookup -- thanks to hubert's new leftover listrh3-5/+9
for finding this. Update bind to 9.0.0rc4. Changes and fixes are: * "host" did not use the search list. * Treat undefined acls as errors, rather than warning and then later throwing an assertion. * SIG(0) signing and verifying was done incorrectly. * When reloading the server with a config file containing a syntax error, it could catch an assertion failure trying to perform zone maintenance on, or sending notifies from, tentatively created zones whose views were never fully configured and lacked an address database and request manager. * "dig" sometimes caught an assertion failure when using TSIG, depending on the key length. * Many debugging messages were partially formatted even when debugging was turned off, causing a significant decrease in query performance. * There is now a man page for "nsupdate" * nslookup printed incorrect RR type mnemonics for RRs of type >= 21 * Attempting to send a reqeust over IPv6 using dns_request_create() on a system without IPv6 support caused an assertion failure [RT #235]. * Missing strdup() of ACL name caused random ACL matching failures [RT #228]. * nsupdate was incorrectly limiting TTLs to 65535 instead of 2147483647. * When writing a master file, print the SOA and NS records (and their SIGs) before other records. * named -u failed on many Linux systems where the libc provided kernel headers do not match the current kernel. * nsupdate didn't work with IPv6.
2000-08-10upgrade to 9.0.0rc2.itojun5-6/+40
add patch to help 2292bis environment (= latest KAME, Solaris8). --- rc1 -> rc2 --- 9.0.0rc2 released --- 377. [bug] When additional data lookups were refused due to "allow-query", the databases were still being attached causing reference leaks. 376. [bug] The server should always use good entropy when performing cryptographic functions needing entropy. 375. [bug] Per-zone allow-query did not properly override the view/global one for CNAME targets and additional data [RT #220]. 374. [bug] SOA in authoritative negative responses had wrong TTL. 373. [func] nslookup is now installed by "make install". 372. [bug] Deal with Microsoft DNS servers appending two bytes of garbage to zone transfer requests. 371. [bug] At high debug levels, doing an outgoing zone transfer of a very large RRset could cause an assertion failure during logging. 370. [bug] The error messages for rollforward failures were overly terse. 367. [bug] Allow proper selection of server on nslookup command line. 365. [bug] nsupdate -k leaked memory. 362. [bug] rndc no longer aborts if the configuration file is missing an options statement. [RT #209] 359. [bug] dnssec-signzone occasionally signed glue records. 357. [bug] The zone file parser crashed if the argument to $INCLUDE was a quoted string. 354. [doc] Man pages for the dnssec tools are now included in the distribution, in doc/man/dnssec. 353. [bug] double increment in lwres/gethost.c:copytobuf(). (RT# 187) 352. [bug] Race condition in dns_client_t startup could cause an assertion failure. 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG signed query could crash the server. 350. [bug] Also-notify lists specified in the global options block were not correctly reference counted, causing a memory leak. 349. [bug] Processing a query with the CD bit set now works as expected. 344. [bug] When shutting down, lwresd sometimes tried to shut down its client tasks twice, triggering an assertion. 343. [bug] Although zone maintenance SOA queries and notify requests were signed with TSIG keys when configured for the server in case, the TSIG was not verified on the response. 342. [bug] The wrong name was being passed to dns_name_dup() when generating a TSIG key using TKEY. 340. [bug] The top-level COPYRIGHT file was missing from the distribution. 339. [bug] DNSSEC validation of the response to an ANY query at a name with a CNAME RR in a secure zone triggered an assertion failure. 337. [bug] "dig" did not recognize "nsap-ptr" as an RR type on the command line. 336. [bug] "dig -f" used 64 k of memory for each line in the file. It now uses much less, though still proportionally to the file size. 335. [bug] named would occasionally attempt recursion when it was disallowed or undesired. 333. [bug] The resolver incorrectly accepted referrals to domains that were not parents of the query name, causing assertion failures. 331. [bug] Only log "recursion denied" if RD is set. (RT #178)
2000-07-26Update bind9 to 9.0.0rc1. This is the first release candidate for bind9.rh6-33/+55
Changes are too numerous to list here in detail, but highlights are: The communication between "rndc" and "named" is now authenticated using digital signatures. Because of this, rndc now requires a configuration file "rndc.conf" containing a shared secret, with a corresponding "controls" clause in named.conf. When the server is chrooted using the -t option, it no longer needs copies of the passwd and group files in the chroot environment. Various bug fixes and cleanups, especially in the dig, host, nslookup, and nsupdate programs. There are a few known bugs: The option "query-source * port 53;" will not work as expected. Instead of the wildcard address "*", you need to use an explicit source IP address. On some systems, IPv6 and IPv4 sockets interact in unexpected ways. For details, see doc/misc/ipv6. To reduce the impact of these problems, the server no longer listens for requests on IPv6 addresses by default. If you need to accept DNS queries over IPv6, you must specify "listen-on-v6 { any; };" in the named.conf options statement. There are known problems with thread signal handling under Solaris 2.6.