CHANGES 240 KB
Newer Older
1 2 3
2311.   [bug]           IPv6 addresses could match IPv4 ACL entries and
                        vice versa. [RT #17462]

Mark Andrews's avatar
Mark Andrews committed
4
2310.	[bug]		dig, host, nslookup: flush stdout before emitting
5
			debug/fatal messages.  [RT #17501]
6

7 8 9
2309.   [cleanup]       Fix Coverity warnings in lib/dns/acl.c and iptable.c.
                        [RT #17455]

10 11 12
2308.	[cleanup]	Silence Coverity warning in bin/named/controlconf.c.
			[RT #17495]

13 14
2307.	[bug]		Remove infinite loop from lib/dns/sdb.c. [RT #17496]

15 16 17
2306.	[bug]		Remove potential race from lib/dns/resolver.c.
			[RT #17470]

18 19
2305.	[security]	inet_network() buffer overflow. CVE-2008-0122.

20 21 22
2304.	[bug]		Check returns from all dns_rdata_tostruct() calls.
			[RT #17460]

23 24 25
2303.	[bug]		Remove unnecessary code from bin/named/lwdgnba.c.
			[RT #17471]

26 27
2302.	[bug]		Fix memset() calls in lib/tests/t_api.c. [RT #17472]

28 29 30
2301.	[bug]		Remove resource leak and fix error messages in
			bin/tests/system/lwresd/lwtest.c. [RT #17474]

31 32 33
2300.	[bug]		Fixed failure to close open file in 
			bin/tests/names/t_names.c. [RT #17473]

34 35 36
2299.	[bug]		Remove unnecessary NULL check in
			bin/nsupdate/nsupdate.c. [RT #17475]

37 38 39
2298.	[bug]		isc_mutex_lock() failure not caught in
			bin/tests/timers/t_timers.c. [RT #17468]

40 41 42
2297.	[bug]		isc_entropy_createfilesource() failure not caught in
			bin/tests/dst/t_dst.c. [RT #17467]

43 44 45
2296.	[port]		Allow docbook stylesheet location to be specified to
			configure. [RT #17457]

46 47 48
2295.	[bug]		Silence static overrun error in bin/named/lwaddr.c.
			[RT #17459]

49 50 51 52 53
2294.	[func]		Allow the experimental statistics channels to have
			multiple connections and ACL.
			Note: the stats-server and stats-server-v6 options
			available in the previous beta releases are replaced
			with the generic statistics-channels statment.
54

55 56
2293.	[func]		Add ACL regression test. [RT #17375]

57 58 59 60 61 62
2292.	[bug]		Log if the working directory is not writable.
			[RT #17312]

2291.   [bug]           PR_SET_DUMPABLE may be set too late.  Also report
			failure to set PR_SET_DUMPABLE. [RT #17312]

63 64 65
2290.	[bug]		Let AD in the query signal that the client wants AD
			set in the response. [RT #17301]

66 67 68
2289.	[func]		named-checkzone now reports the out-of-zone CNAME
			found. [RT #17309]

69 70 71
2288.	[port]		win32: mark service as running when we have finished
			loading.  [RT #17441]

72 73
2287.	[bug]		Use 'volatile' if the compiler supports it. [RT #17413]

74 75 76 77 78
2286.	[func]		Allow a TCP connection to be used as a weak
			authentication method for reverse zones.
			New update-policy methods tcp-self and 6to4-self.
			[RT #17378]

79 80 81
2285.	[func]		Test framework for client memory context management.
			[RT #17377]

82 83 84
2284.	[bug]		Memory leak in UPDATE prerequisite processing.
			[RT #17377]

85 86 87 88 89
2283.	[bug]		TSIG keys were not attaching to the memory
			context.  TSIG keys should use the rings
			memory context rather than the clients memory
			context. [RT #17377]

90
2282.	[bug]		Acl code fixups. [RT #17346] [RT #17374]
91

92 93 94
2281.	[bug]		Attempts to use undefined acls were not being logged.
			[RT #17307]

95 96 97
2280.	[func]		Allow the experimental http server to be reached
			over IPv6 as well as IPv4. [RT #17332]

98 99 100 101
2279.   [bug]           Use setsockopt(SO_NOSIGPIPE), when available,
			to protect applications from receiving spurious
			SIGPIPE signals when using the resolver.

102 103 104
2278.	[bug]		win32: handle the case where Windows returns no
			searchlist or DNS suffix. [RT #17354]

105 106 107
2277.	[bug]		Empty zone names were not correctly being caught at
			in the post parse checks. [RT #17357]

108 109
2276.	[bug]		Install <dst/gssapi.h>.  [RT# 17359]

110 111 112
2275.	[func]		Add support to dig to perform IXFR queries over UDP.
			[RT #17235]

113 114
2274.	[func]		Log zone transfer statistics. [RT #17161]

115 116 117
2273.	[bug]		Adjust log level to WARNING when saving inconsistant
			stub/slave master and journal files. [RT# 17279]

118 119 120
2272.	[bug]		Handle illegal dnssec-lookaside trust-anchor names.
			[RT #17262]

Michael Graff's avatar
Michael Graff committed
121 122
2271.	[bug]		Fix a memory leak in http server code [RT #17100]

123 124 125
2270.	[bug]		dns_db_closeversion() version->writer could be reset
			before it is tested. [RT #17290]

126 127
2269.	[contrib]	dbus memory leaks and missing va_end calls. [RT #17232]

128 129 130
2268.	[bug]		0.IN-ADDR.ARPA was missing from the empty zones
			list.

131 132
	--- 9.5.0b1 released ---

133 134 135 136
2267.   [bug]           Radix tree node_num value could be set incorrectly,
                        causing positive ACL matches to look like negative
                        ones.  [RT #17311]

137 138 139
2266.	[bug]		client.c:get_clientmctx() returned the same mctx
			once the pool of mctx's was filled. [RT #17218]

140 141 142
2265.	[bug]		Test that the memory context's basic_table is non NULL
			before freeing.  [RT #17265]

143 144
2264.	[bug]		Server prefix length was being ignored. [RT #17308]

145 146 147
2263.	[bug]		"named-checkconf -z" failed to set default value
			for "check-integrity".  [RT #17306]

148 149 150
2262.	[bug]		Error status from all but the last view could be
			lost. [RT #17292]

151 152
2261.   [bug]           Fix memory leak with "any" and "none" ACLs [RT #17272]

153
2260.	[bug]		Reported wrong clients-per-query when increasing the
154
                        value. [RT #17236]
Mark Andrews's avatar
Mark Andrews committed
155

156 157
2259.	[placeholder]

Mark Andrews's avatar
Mark Andrews committed
158 159
	--- 9.5.0a7 released ---

160 161 162
2258.	[bug]		Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
			[RT #17241]

163 164 165
2257.	[bug]		win32: Use the full path to vcredist_x86.exe when
			calling it. [RT #17222]

166 167 168
2256.	[bug]		win32: Correctly register the installation location of
			bindevt.dll. [RT #17159]

169 170
2255.	[bug]		L.ROOT-SERVERS.NET is now 199.7.83.42.

171 172 173 174 175
2254.	[bug]		timer.c:dispatch() failed to lock timer->lock
			when reading timer->idle allowing it to see
			intermediate values as timer->idle was reset by
			isc_timer_touch(). [RT #17243]

Mark Andrews's avatar
Mark Andrews committed
176
2253.	[func]	 	"max-cache-size" defaults to 32M.
Mark Andrews's avatar
Mark Andrews committed
177 178
			"max-acache-size" defaults to 16M.

179
2252.   [bug]           Fixed errors in sortlist code [RT #17216]
180

181 182 183 184 185 186 187
2251.	[placeholder]

2250.	[func]		New flag 'memstatistics' to state whether the
			memory statistics file should be written or not.
			Additionally named's -m option will cause the
			statistics file to be written. [RT #17113]
			
188 189 190
2249.   [bug]           Only set Authentic Data bit if client requested
                        DNSSEC, per RFC 3655 [RT #17175]

191 192
2248.   [cleanup]       Fix several errors reported by Coverity. [RT #17160]

193 194
2247.	[doc]		Sort doc/misc/options. [RT #17067]

195 196 197
2246.	[bug]		Make the startup of test servers (ans.pl) more
			robust. [RT #17147]

198 199 200
2245.	[bug]		Validating lack of DS records at trust anchors wasn't
			working. [RT #17151]

201 202 203 204
2244.	[func]		Allow the check of nameserver names against the
			SOA MNAME field to be disabled by specifying
			'notify-to-soa yes;'.  [RT #17073]

205 206 207
2243.	[func]		Configuration files without a newline at the end now
			parse without error. [RT #17120]

208 209 210 211
2242.	[bug]		nsupdate: GSS-TSIG support using the Heimdal Kerberos
			library could require a source of random data.
			[RT #17127]

212 213 214 215 216 217 218 219
2241.	[func]		nsupdate: add a interative 'help' command. [RT #17099]

2240.	[bug]		Cleanup nsupdates GSS-TSIG support.  Convert
			a number of INSIST()s into plain fatal() errors
			which report the triggering result code.
			The 'key' command wasn't disabling GSS-TSIG.
			[RT #17099]

220 221
2239.	[func]		Ship a prebuilt bin/named/bind9.xsl.h. [RT #17114]

222 223 224
2238.	[bug]		It was possible to trigger a REQUIRE when a
			validation was cancelled. [RT #17106]

225 226
2237.	[bug]		libbind: res_init() was not thread aware. [RT #17123]

Mark Andrews's avatar
Mark Andrews committed
227
2236.	[bug]		dnssec-signzone failed to preserve the case of
Mark Andrews's avatar
Mark Andrews committed
228
			of wildcard owner names. [RT #17085]
229

230 231
2235.	[bug]		<isc/atomic.h> was not being installed. [RT #17135]

Evan Hunt's avatar
Evan Hunt committed
232 233
2234.   [port]          Correct some compiler warnings on SCO OSr5 [RT #17134]
  
234 235 236 237
2233.   [func]          Add support for O(1) ACL processing, based on
                        radix tree code originally written by kevin
                        brintnall. [RT #16288]

238 239 240
2232.	[bug]		dns_adb_findaddrinfo() could fail and return
			ISC_R_SUCCESS. [RT #17137]

241 242 243
2231.	[bug]		Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
			[RT #17088]

244 245 246
2230.	[bug]		We could INSIST reading a corrupted journal.
			[RT #17132]

Mark Andrews's avatar
Mark Andrews committed
247
2229.	[bug]		Null pointer dereference on query pool creation
248 249
			failure. [RT #17133]

Mark Andrews's avatar
Mark Andrews committed
250
2228.	[contrib]	contrib: Change 2188 was incomplete.
251

252 253
2227.	[cleanup]	Tidied up the FAQ. [RT #17121]

Mark Andrews's avatar
Mark Andrews committed
254 255
2226.	[placeholder]

256 257 258
2225.	[bug]		More support for systems with no IPv4 addresses.
		        [RT #17111]

259 260 261 262 263
2224.	[bug]		Defer journal compaction if a xfrin is in progress.
			[RT #17119]

2223.	[bug]		Make a new journal when compacting. [RT #17119]

264 265 266
2222.	[func]		named-checkconf now checks server key references.
		        [RT #17097]

267
2221.	[bug]		Set the event result code to reflect the actual
Mark Andrews's avatar
Mark Andrews committed
268 269 270
			record turned to caller when a cache update is
			rejected due to a more credible answer existing.
			[RT #17017]
271

272 273 274
2220.	[bug]		win32: Address a race condition in final shutdown of
			the Windows socket code. [RT #17028]
			
275
2219.	[bug]		Apply zone consistancy checks to additions, not
Mark Andrews's avatar
Mark Andrews committed
276
			removals, when updating. [RT #17049]
277

278 279 280
2218.	[bug]		Remove unnecessary REQUIRE from dns_validator_create().
			[RT #16976]

281 282
2217.	[func]		Adjust update log levels. [RT #17092]

283 284 285
2216.	[cleanup]	Fix a number of errors reported by Coverity.
		        [RT #17094]

286 287
2215.	[bug]		Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]

288 289 290 291
2214.	[bug]		Deregister OpenSSL lock callback when cleaning
			up.  Reorder OpenSSL cleanup so that RAND_cleanup()
			is called before the locks are destroyed. [RT #17098]

292 293 294
2213.	[bug]		SIG0 diagnostic failure messages were looking at the
			wrong status code. [RT #17101]

Mark Andrews's avatar
Mark Andrews committed
295
2212.	[func]		'host -m' now causes memory statistics and active
296 297
			memory to be printed at exit. [RT 17028]

298 299 300
2211.	[func]		Update "dynamic update temporarily disabled" message.
			[RT #17065]

301 302 303
2210.	[bug]		Deleting class specific records via UPDATE could
			fail.  [RT #17074]

304 305 306 307
2209.	[port]		osx: linking against user supplied static OpenSSL
			libraries failed as the system ones were still being
			found. [RT #17078]

308 309 310
2208.	[port]		win32: make sure both build methods produce the
			same output. [RT #17058]

311 312
2207.	[port]		Some implementations of getaddrinfo() fail to set
			ai_canonname correctly. [RT #17061]
Mark Andrews's avatar
Mark Andrews committed
313 314 315

	--- 9.5.0a6 released ---

316 317 318 319 320 321 322 323 324 325 326 327 328 329 330
2206.	[security]	"allow-query-cache" and "allow-recursion" now
			cross inherit from each other.

			If allow-query-cache is not set in named.conf then
			allow-recursion is used if set, otherwise allow-query
			is used if set, otherwise the default (localnets;
			localhost;) is used.

			If allow-recursion is not set in named.conf then
			allow-query-cache is used if set, otherwise allow-query
			is used if set, otherwise the default (localnets;
			localhost;) is used.

			[RT #16987]
	
331 332
2205.	[bug]		libbind: change #2119 broke thread support. [RT #16982]

Mark Andrews's avatar
Mark Andrews committed
333
2204.	[bug]		"rndc flushanme name unknown-view" caused named
334
			to crash. [RT #16984]
Mark Andrews's avatar
9.5.0a6  
Mark Andrews committed
335

336 337 338
2203.	[security]	Query id generation was cryptographically weak.
			[RT # 16915]

339 340 341
2202.	[security]	The default acls for allow-query-cache and
			allow-recursion were not being applied. [RT #16960]

Mark Andrews's avatar
Mark Andrews committed
342
2201.	[bug]		The build failed in a separate object directory.
343 344
			[RT #16943]

345 346 347
2200.	[bug]		The search for cached NSEC records was stopping to
			early leading to excessive DLV queries. [RT #16930]

348 349 350
2199.	[bug]		win32: don't call WSAStartup() while loading dlls.
			[RT #16911]

351 352 353
2198.	[bug]		win32: RegCloseKey() could be called when
			RegOpenKeyEx() failed. [RT #16911]

354 355 356 357
2197.	[bug]		Add INSIST to catch negative responses which are
			not setting the event result code appropriately.
			[RT #16909]

358
2196.	[port]		win32: yield processor while waiting for once to
359
			to complete. [RT #16958]
360

361 362 363
2195.	[func]		dnssec-keygen now defaults to nametype "ZONE"
			when generating DNSKEYs. [RT #16954]

364
2194.	[bug]		Close journal before calling 'done' in xfrin.c.
Mark Andrews's avatar
9.5.0a5  
Mark Andrews committed
365 366 367

	--- 9.5.0a5 released ---

Mark Andrews's avatar
Mark Andrews committed
368 369 370
2193.	[port]		win32: BINDInstall.exe is now linked statically.
			[RT #16906]

371 372 373 374
2192.	[port]		win32: use vcredist_x86.exe to install Visual
			Studio's redistributable dlls if building with
			Visual Stdio 2005 or later.

375 376 377
2191.	[func]		named-checkzone now allows dumping to stdout (-).
			named-checkconf now has -h for help.
			named-checkzone now has -h for help.
Mark Andrews's avatar
Mark Andrews committed
378
			rndc now has -h for help.
379 380 381
			Better handling of '-?' for usage summaries.
			[RT #16707]

382 383 384 385
2190.	[func]		Make fallback to plain DNS from EDNS due to timeouts
			more visible.  New logging category "edns-disabled".
			[RT #16871]

386 387
2189.	[bug]		Handle socket() returning EINTR. [RT #15949]

Mark Andrews's avatar
Mark Andrews committed
388
2188.	[contrib]	queryperf: autoconf changes to make the search for
389 390
			libresolv or libbind more robust. [RT #16299]

391 392 393 394
2187.	[bug]		query_addds(), query_addwildcardproof() and
			query_addnxrrsetnsec() should take a version
			arguement. [RT #16368]

395 396 397
2186.	[port]		cygwin: libbind: check for struct sockaddr_storage
			independently of IPv6. [RT #16482]

398 399 400
2185.	[port]		sunos: libbind: check for ssize_t, memmove() and
			memchr(). [RT #16463]

401 402 403
2184.	[bug]		bind9.xsl.h didn't build out of the source tree.
			[RT #16830]

404 405 406
2183.	[bug]		dnssec-signzone didn't handle offline private keys
			well.  [RT #16832]

407 408 409 410
2182.	[bug]		dns_dispatch_createtcp() and dispatch_createudp()
			could return ISC_R_SUCCESS when they ran out of
			memory. [RT #16365]

411 412
2181.	[port]		sunos: libbind: add paths.h from BIND 8. [RT #16462]

413 414 415
2180.	[cleanup]	Remove bit test from 'compress_test' as they
			are no longer needed. [RT #16497]

416 417 418
2179.	[func]		'rndc command zone' will now find 'zone' if it is
			unique to all the views. [RT #16821]

419 420 421
2178.	[bug]		'rndc reload' of a slave or stub zone resulted in
			a reference leak. [RT #16867]

422 423
2177.	[bug]		Array bounds overrun on read (rcodetext) at
			debug level 10+. [RT #16798]
424

425 426 427
2176.	[contrib]	dbus update to handle race condition during
			initialisation (Bugzilla 235809). [RT #16842]

Mark Andrews's avatar
Mark Andrews committed
428
2175.	[bug]		win32: windows broadcast condition variable support
429 430
			was broken. [RT #16592]

431 432 433
2174.	[bug]		I/O errors should always be fatal when reading
			master files. [RT #16825]

434 435
2173.	[port]		win32: When compiling with MSVS 2005 SP1 we also
			need to ship Microsoft.VC80.MFCLOC.
Mark Andrews's avatar
9.5.0a4  
Mark Andrews committed
436 437 438

	--- 9.5.0a4 released ---

439 440 441
2172.	[bug]		query_addsoa() was being called with a non zone db.
			[RT #16834]

442 443 444 445
2171.	[bug]		Handle breaks in DNSSEC trust chains where the parent
			servers are not DS aware (DS queries to the parent
			return a referral to the child).

446 447
2170.	[func]		Add acache processing to test suite. [RT #16711]

448 449 450
2169.	[bug]		host, nslookup: when reporting NXDOMAIN report the
			given name and not the last name searched for.
			[RT #16763]
451

452 453 454
2168.	[bug]		nsupdate: in non-interactive mode treat syntax errors
			as fatal errors. [RT #16785]

455 456
2167.	[bug]		When re-using a automatic zone named failed to
			attach it to the new view. [RT #16786]
Evan Hunt's avatar
9.5.0a3  
Evan Hunt committed
457 458 459

	--- 9.5.0a3 released ---

460 461 462 463
2166.	[bug]		When running in batch mode, dig could misinterpret
			a server address as a name to be looked up, causing
			unexpected output. [RT #16743]

464 465 466 467 468
2165.	[func]		Allow the destination address of a query to determine
			if we will answer the query or recurse.
			allow-query-on, allow-recursion-on and
			allow-query-cache-on. [RT #16291]

469 470 471 472
2164.	[bug]		The code to determine how named-checkzone / 
			named-compilezone was called failed under windows.
			[RT #16764]

473 474 475 476
2163.	[bug]		If only one of query-source and query-source-v6
			specified a port the query pools code broke (change
			2129).  [RT #16768]

477 478 479
2162.	[func]		Allow "rrset-order fixed" to be disabled at compile
			time. [RT #16665]

480 481 482
2161.	[bug]		Fix which log messages are emitted for 'rndc flush'.
			[RT #16698]

483 484 485
2160.	[bug]		libisc wasn't handling NULL ifa_addr pointers returned
			from getifaddrs(). [RT #16708]

Mark Andrews's avatar
9.5.0a2  
Mark Andrews committed
486 487
	--- 9.5.0a2 released ---

Mark Andrews's avatar
Mark Andrews committed
488 489
2159.	[bug]		Array bounds overrun in acache processing. [RT #16710]

490 491 492
2158.	[bug]		ns_client_isself() failed to initialise key
			leading to a REQUIRE failure. [RT #16688]

493 494 495 496 497 498 499 500
2157.	[func]		dns_db_transfernode() created. [RT #16685]

2156.	[bug]		Fix node reference leaks in lookup.c:lookup_find(),
			resolver.c:validated() and resolver.c:cache_name().
			Fix a memory leak in rbtdb.c:free_noqname().
			Make lookup.c:lookup_find() robust against
			event leaks. [RT #16685]

501 502 503
2155.	[contrib]	SQLite sdb module from jaboydjr@netwalk.com.
			[RT #16694]

504 505 506
2154.	[func]		Scoped (e.g. IPv6 link-local) addresses may now be
			matched in acls by omitting the scope. [RT #16599]

507 508
2153.	[bug]		nsupdate could leak memory. [RT #16691]

509 510 511
2152.	[cleanup]	Use sizeof(buf) instead of fixed number in
			dighost.c:get_trusted_key(). [RT #16678]

512 513 514
2151.	[bug]		Missing newline in usage message for journalprint.
			[RT #16679]

515 516 517 518
2150.	[bug]		'rrset-order cyclic' uniformly distribute the
			starting point for the first response for a given
			RRset. [RT #16655]

519 520 521 522
2149.	[bug]		isc_mem_checkdestroyed() failed to abort on
			if there were still active memory contexts.
			[RT #16672]

523 524
2148.	[func]		Add positive logging for rndc commands. [RT #14623]

525 526 527
2147.	[bug]		libbind: remove potential buffer overflow from
			hmac_link.c. [RT #16437]

528 529 530
2146.	[cleanup]	Silence Linux's spurious "obsolete setsockopt
			SO_BSDCOMPAT" message. [RT #16641]

531 532 533
2145.	[bug]		Check DS/DLV digest lengths for known digests.
			[RT #16622]

534 535 536
2144.	[cleanup]	Suppress logging of SERVFAIL from forwarders.
			[RT #16619]

537 538 539 540
2143.	[bug]		We failed to restart the IPv6 client when the
			kernel failed to return the destination the
			packet was sent to. [RT #16613]

Mark Andrews's avatar
Mark Andrews committed
541
2142.	[bug]		Handle master files with a modification time that
542 543
			matches the epoch. [RT# 16612]

544 545 546
2141.	[bug]		dig/host should not be setting IDN_ASCCHECK (IDN
			equivalent of LDH checks).  [RT #16609]

547 548 549
2140.	[bug]		libbind: missing unlock on pthread_key_create()
			failures. [RT #16654]

550 551 552
2139.	[bug]		dns_view_find() was being called with wrong type
			in adb.c. [RT #16670]

553 554
2138.	[bug]		Lock order reversal in resolver.c. [RT #16653]

555
2137.	[port]		Mips little endian and/or mips 64 bit are now
Mark Andrews's avatar
Mark Andrews committed
556
			supported for atomic operations. [RT#16648]
557

558 559 560
2136.	[bug]		nslookup/host looped if there was no search list
			and the host didn't exist. [RT #16657]

561 562
2135.	[bug]		Uninitialised rdataset in sdlz.c. [RT# 16656]

563 564
2134.	[func]		Additional statistics support. [RT #16666]

565 566 567
2133.	[port]		powerpc:  Support both IBM and MacOS Power PC
			assembler syntaxes. [RT #16647]

568 569 570
2132.	[bug]		Missing unlock on out of memory in
			dns_dispatchmgr_setudp().

571 572
2131.	[contrib]	dlz/mysql: AXFR was broken. [RT #16630]

573 574
2130.	[func]		Log if CD or DO were set. [RT #16640]

575 576 577 578
2129.	[func]		Provide a pool of UDP sockets for queries to be
			made over. See use-queryport-pool, queryport-pool-ports
			and queryport-pool-updateinterval.  [RT #16415]

579 580
2128.	[doc]		xsltproc --nonet, update DTD versions.  [RT #16635]

581 582
2127.	[port]		Improved OpenSSL 0.9.8 support. [RT #16563]

Mark Andrews's avatar
Mark Andrews committed
583
2126.	[security]	Serialise validation of type ANY responses. [RT #16555]
584

585 586 587
2125.	[bug]		dns_zone_getzeronosoattl() REQUIRE failure if DLZ
			was defined. [RT #16574]

Mark Andrews's avatar
Mark Andrews committed
588
2124.	[security]	It was possible to dereference a freed fetch
589
			context. [RT #16584]
Mark Andrews's avatar
9.5.0a1  
Mark Andrews committed
590 591 592

	--- 9.5.0a1 released ---

593 594 595
2123.	[func]		Use Doxygen to generate internal documention.
			[RT #11398]

596 597 598
2122.	[func]		Experimental http server and statistics support
			for named via xml.

599 600 601
2121.	[func]		Add a 10 slot dead masters cache (LRU) with a 600
			second timeout. [RT #16553]

602 603
2120.	[doc]		Fix markup on nsupdate man page. [RT #16556]

604 605 606 607
2119.	[compat]	libbind: allow res_init() to succeed enough to
			return the default domain even if it was unable
			to allocate memory.

608 609 610 611
2118.	[bug]		Handle response with long chains of domain name
			compression pointers which point to other compression
			pointers. [RT #16427]

612 613 614 615 616 617 618
2117.	[bug]		DNSSEC fixes: named could fail to cache NSEC records
			which could lead to validation failures.  named didn't
			handle negative DS responses that were in the process
			of being validated.  Check CNAME bit before accepting
			NODATA proof. To be able to ignore a child NSEC there
			must be SOA (and NS) set in the bitmap. [RT #16399]

619 620 621
2116.	[bug]		'rndc reload' could cause the cache to continually
			be cleaned. [RT #16401]

622 623 624
2115.	[bug]		'rndc reconfig' could trigger a INSIST if the
			number of masters for a zone was reduced. [RT #16444]

625
2114.	[bug]		dig/host/nslookup: searches for names with multiple
Mark Andrews's avatar
Mark Andrews committed
626
			labels were failing. [RT #16447]
627

628 629 630
2113.	[bug]		nsupdate: if a zone is specified it should be used
			for server discover. [RT# 16455]

631 632
2112.	[security]	Warn if weak RSA exponent is used. [RT #16460]

633 634 635
2111.	[bug]		Fix a number of errors reported by Coverity.
			[RT #16507]

636 637 638
2110.	[bug]		"minimal-response yes;" interacted badly with BIND 8
			priming queries. [RT #16491]

639 640
2109.	[port]		libbind: silence aix 5.3 compiler warnings. [RT #16502]

641 642
2108.	[func]		DHCID support. [RT #16456]

643 644
2107.	[bug]		dighost.c: more cleanup of buffers. [RT #16499]

645 646
2106.	[func]		'rndc status' now reports named's version. [RT #16426]

647 648
2105.	[func]		GSS-TSIG support (RFC 3645).

649 650
2104.	[port]		Fix Solaris SMF error message.

651 652 653
2103.	[port]		Add /usr/sfw to list of locations for OpenSSL
			under Solaris.

654 655
2102.	[port]		Silence solaris 10 warnings.

656 657 658
2101.	[bug]		OpenSSL version checks were not quite right.
			[RT #16476]

659 660 661
2100.	[port]		win32: copy libeay32.dll to Build\Debug.
			Copy Debug\named-checkzone to Debug\named-compilezone.

662 663
2099.	[port]		win32: more manifiest issues.

Mark Andrews's avatar
Mark Andrews committed
664
2098.	[bug]		Race in rbtdb.c:no_references(), which occasionally
665 666
			triggered an INSIST failure about the node lock
			reference.  [RT #16411]
667

668 669 670
2097.	[bug]		named could reference a destroyed memory context
			after being reloaded / reconfigured. [RT #16428]

671 672 673
2096.	[bug]		libbind: handle applications that fail to detect
			res_init() failures better.

674 675 676
2095.	[port]		libbind: alway prototype inet_cidr_ntop_ipv6() and
			net_cidr_ntop_ipv6(). [RT #16388]
 
677 678
2094.	[contrib]	Update named-bootconf.  [RT# 16404]

679 680
2093.	[bug]		named-checkzone -s was broken.

681 682 683 684
2092.	[bug]		win32: dig, host, nslookup.  Use registry config
			if resolv.conf does not exist or no nameservers
			listed. [RT #15877] 

685 686
2091.	[port]		dighost.c: race condition on cleanup. [RT #16417]

687 688 689
2090.	[port]		win32: Visual C++ 2005 command line manifest support.
			[RT #16417]

690 691 692 693 694 695 696 697
2089.	[security]	Raise the minimum safe OpenSSL versions to
			OpenSSL 0.9.7l and OpenSSL 0.9.8d.  Versions
			prior to these have known security flaws which
			are (potentially) exploitable in named. [RT #16391]

2088.	[security]	Change the default RSA exponent from 3 to 65537.
			[RT #16391]

698 699 700
2087.	[port]		libisc failed to compile on OS's w/o a vsnprintf.
			[RT #16382]

701 702 703
2086.	[port]		libbind: FreeBSD now has get*by*_r() functions.
			[RT #16403]

704 705
2085.	[doc]		win32: added index.html and README to zip. [RT #16201]

706 707
2084.	[contrib]	dbus update for 9.3.3rc2.

708 709
2083.	[port]		win32: Visual C++ 2005 support.

710 711
2082.	[doc]		Document 'cache-file' as a test only option.

712 713 714
2081.	[port]		libbind: minor 64-bit portability fix in memcluster.c.
			[RT #16360]

715 716 717
2080.	[port]		libbind: res_init.c did not compile on older versions
			of Solaris. [RT #16363]

718 719 720
2079.	[bug]		The lame cache was not handling multiple types
			correctly. [RT #16361]

721 722 723 724 725 726
2078.	[bug]		dnssec-checkzone output style "default" was badly
			named.  It is now called "relative". [RT #16326]

2077.	[bug]		'dnssec-signzone -O raw' wasn't outputing the
			complete signed zone. [RT #16326]

727 728 729
2076.	[bug]		Several files were missing #include <config.h>
			causing build failures on OSF. [RT #16341]

730 731 732
2075.	[bug]		The spillat timer event hander could leak memory.
			[RT #16357]

Mark Andrews's avatar
Mark Andrews committed
733
2074.	[bug]		dns_request_createvia2(), dns_request_createvia3(),
734 735 736
			dns_request_createraw2() and dns_request_createraw3()
			failed to send multiple UDP requests. [RT #16349]

737 738 739
2073.	[bug]		Incorrect semantics check for update policy "wildcard".
			[RT #16353]

740 741 742
2072.	[bug]		We were not generating valid HMAC SHA digests.
			[RT #16320]

743 744 745
2071.	[port]		Test whether gcc accepts -fno-strict-aliasing.
			[RT #16324]

746 747 748
2070.	[bug]		The remote address was not always displayed when
			reporting dispatch failures. [RT #16315]

749 750
2069.	[bug]		Cross compiling was not working. [RT #16330]

751 752 753
2068.	[cleanup]	Lower incremental tuning message to debug 1.
			[RT #16319]

754 755 756
2067.	[bug]		'rndc' could close the socket too early triggering
			a INSIST under Windows. [RT #16317]

757
2066.	[security]	Handle SIG queries gracefully. [RT #16300]
Mark Andrews's avatar
Mark Andrews committed
758

759 760 761
2065.	[bug]		libbind: probe for HPUX prototypes for
			endprotoent_r() and endservent_r().  [RT 16313]

762 763
2064.	[bug]		libbind: silence AIX compiler warnings. [RT #16218]

764 765 766
2063.	[bug]		Change #1955 introduced a bug which caused the first
			'rndc flush' call to not free memory. [RT #16244]

Mark Andrews's avatar
Mark Andrews committed
767
2062.	[bug]		'dig +nssearch' was reusing a buffer before it had
768 769
			been returned by the socket code. [RT #16307]

770 771
2061.	[bug]		Accept expired wildcard message reversed. [RT #16296]

772 773 774
2060.	[bug]		Enabling DLZ support could leave views partially
			configured. [RT #16295]

775 776 777
2059.	[bug]		Search into cache rbtdb could trigger an INSIST
			failure while cleaning up a stale rdataset.
			[RT #16292]
778

779
2058.	[bug]		Adjust how we calculate rtt estimates in the presence
Mark Andrews's avatar
Mark Andrews committed
780
			of authoritative servers that drop EDNS and/or CD
781 782 783
			requests.  Also fallback to EDNS/512 and plain DNS
			faster for zones with less than 3 servers.  [RT #16187]

784 785 786
2057.	[bug]		Make setting "ra" dependent on both allow-query-cache
			and allow-recursion. [RT #16290]

787 788 789
2056.	[bug]		dig: ixfr= was not being treated case insensitively
			at all times. [RT #15955]

790 791 792
2055.	[bug]		Missing goto after dropping multicast query.
			[RT #15944]

793 794 795
2054.	[port]		freebsd: do not explicitly link against -lpthread.
			[RT #16170]

796 797
2053.	[port]		netbsd:libbind: silence compiler warnings. [RT #16220]

798 799 800
2052.	[bug]		'rndc' improve connect failed message to report
			the failing address. [RT #15978]

801 802
2051.	[port]		More strtol() fixes. [RT #16249]

803 804 805
2050.	[bug]		Parsing of NSAP records was not case insensitive.
			[RT #16287]

806 807 808 809 810
2049.	[bug]		Restore SOA before AXFR when falling back from
			a attempted IXFR when transfering in a zone.
			Allow a initial SOA query before attempting
			a AXFR to be requested. [RT #16156]

811 812 813 814 815
2048.	[bug]		It was possible to loop forever when using
			avoid-v4-udp-ports / avoid-v6-udp-ports when
			the OS always returned the same local port.
			[RT #16182]

816 817 818
2047.	[bug]		Failed to initialise the interface flags to zero.
			[RT #16245]

819
2046.	[bug]		rbtdb.c:rdataset_setadditional() could cause duplicate
820
			cleanup [RT #16247].
821

822
2045.	[func]		Use lock buckets for acache entries to limit memory
823
			consumption. [RT #16183]
824

825
2044.	[port]		Add support for atomic operations for Itanium.
826
			[RT #16179]
827

828 829 830
2043.	[port]		nsupdate/nslookup: Force the flushing of the prompt
			for interactive sessions. [RT#16148]

831 832 833
2042.	[bug]		named-checkconf was incorrectly rejecting the
			logging category "config". [RT #16117]

834 835 836
2041.	[bug]		"configure --with-dlz-bdb=yes" produced a bad
			set of libraries to be linked. [RT #16129]

837 838
2040.	[bug]		rbtdb no_references() could trigger an INSIST
			failure with --enable-atomic.  [RT #16022]
839

840
2039.	[func]		Check that all buffers passed to the socket code
Mark Andrews's avatar
Mark Andrews committed
841
			have been retrieved when the socket event is freed.
842 843 844 845 846
			[RT #16122]

2038.	[bug]		dig/nslookup/host was unlinking from wrong list
			when handling errors. [RT #16122]

847 848 849 850
2037.	[func]		When unlinking the first or last element in a list
			check that the list head points to the element to
			be unlinked. [RT #15959]

851 852 853
2036.	[bug]		'rndc recursing' could cause trigger a REQUIRE.
			[RT #16075]

854 855 856 857
2035.	[func]		Make falling back to TCP on UDP refresh failure
			optional. Default "try-tcp-refresh yes;" for BIND 8
			compatibility. [RT #16123]

858 859
2034.	[bug]		gcc: set -fno-strict-aliasing. [RT #16124]

860 861 862
2033.	[bug]		We wern't creating multiple client memory contexts
			on demand as expected. [RT #16095]

863 864
2032.	[bug]		Remove a INSIST in query_addadditional2(). [RT #16074]

865 866 867
2031.	[bug]		Emit a error message when "rndc refresh" is called on
			a non slave/stub zone. [RT # 16073]

868 869 870
2030.	[bug]		We were being overly conservative when disabling
			openssl engine support. [RT #16030]

871 872 873
2029.	[bug]		host printed out the server multiple times when
			specified on the command line. [RT #15992]

Mark Andrews's avatar
Mark Andrews committed
874
2028.	[port]		linux: socket.c compatability for old systems.
875 876
			[RT #16015]

Mark Andrews's avatar
Mark Andrews committed
877
2027.	[port]		libbind: Solaris x86 support. [RT #16020]
878

879 880 881
2026.	[bug]		Rate limit the two recursive client exceeded messages.
			[RT #16044]

882 883
2025.	[func]		Update "zone serial unchanged" message. [RT #16026]

884 885 886
2024.	[bug]		named emited spurious "zone serial unchanged"
			messages on reload. [RT #16027]

887 888 889
2023.	[bug]		"make install" should create ${localstatedir}/run and
			${sysconfdir} if they do not exist. [RT #16033]

890 891 892 893 894
2022.	[bug]		If dnssec validation is disabled only assert CD if
			CD was requested. [RT #16037]

2021.	[bug]		dnssec-enable no; triggered a REQUIRE. [RT #16037]

895 896
2020.	[bug]		rdataset_setadditional() could leak memory. [RT #16034]

897 898 899
2019.	[tuning]	Reduce the amount of work performed per quantum
			when cleaning the cache. [RT #15986]

900 901 902 903
2018.	[bug]		Checking if the HMAC MD5 private file was broken.
			[RT #15960]

2017.	[bug]		allow-query default was not correct. [RT #15946]
904

905 906 907 908
2016.	[bug]		Return a partial answer if recursion is not
			allowed but requested and we had the answer
			to the original qname. [RT #15945]

909 910 911 912 913 914
2015.	[cleanup]	use-additional-cache is now acache-enable for
			consistancy.  Default acache-enable off in BIND 9.4
			as it requires memory usage to be configured.
			It may be enabled by default in BIND 9.5 once we
			have more experience with it.

Shane Kerr's avatar
Shane Kerr committed
915 916 917
2014.	[func]		Statistics about acache now recorded and sent
			to log. [RT #15976]

918 919 920
2013.	[bug]		Handle unexpected TSIGs on unsigned AXFR/IXFR
			responses more gracefully. [RT #15941]

921 922 923
2012.	[func]		Don't insert new acache entries if acache is full.
			[RT #15970]

924 925 926 927
2011.	[func]		dnssec-signzone can now update the SOA record of
			the signed zone, either as an increment or as the
			system time(). [RT #15633]

928 929
2010.	[placeholder]	rt15958

930 931
2009.	[bug]		libbind: coverity fixes. [RT #15808]

932 933 934 935 936 937 938
2008.	[func]		It is now posssible to enable/disable DNSSEC
			validation from rndc.  This is useful for the
			mobile hosts where the current connection point
			breaks DNSSEC (firewall/proxy).  [RT #15592]

				rndc validation newstate [view]

939 940 941 942
2007.	[func]		It is now possible to explicitly enable DNSSEC
			validation.  default dnssec-validation no; to
			be changed to yes in 9.5.0.  [RT #15674]

943 944 945 946 947 948 949 950 951 952 953
2006.	[security]	Allow-query-cache and allow-recursion now default
			to the builtin acls "localnets" and "localhost".

			This is being done to make caching servers less
			attractive as reflective amplifying targets for
			spoofed traffic.  This still leave authoritative
			servers exposed.

			The best fix is for full BCP 38 deployment to
			remove spoofed traffic.

954 955 956 957
2005.	[bug]		libbind: Retransmission timeouts should be
			based on which attempt it is to the nameserver
			and not the nameserver itself. [RT #13548]

958 959 960 961
2004.	[bug]		dns_tsig_sign() could pass a NULL pointer to
			dst_context_destroy() when cleaning up after a
			error. [RT #15835]

962 963 964 965 966
2003.	[bug]		libbind: The DNS name/address lookup functions could
			occasionally follow a random pointer due to
			structures not being completely zeroed. [RT #15806]

2002.	[bug]		libbind: tighten the constraints on when
967 968
			struct addrinfo._ai_pad exists.  [RT #15783]

969 970 971 972
2001.	[func]		Check the KSK flag when updating a secure dynamic zone.
			New zone option "update-check-ksk yes;".  [RT #15817]

2000.	[bug]		memmove()/strtol() fix was incomplete. [RT #15812]
973

974 975
1999.	[func]		Implement "rrset-order fixed". [RT #13662]

976 977 978 979
1998.	[bug]		Restrict handling of fifos as sockets to just SunOS.
			This allows named to connect to entropy gathering
			daemons that use fifos instead of sockets. [RT #15840]

980 981 982 983
1997.	[bug]		Named was failing to replace negative cache entries
			when a positive one for the type was learnt.
			[RT #15818]

984 985 986
1996.	[bug]		nsupdate: if a zone has been specified it should
			appear in the output of 'show'. [RT #15797]

987 988 989
1995.	[bug]		'host' was reporting multiple "is an alias" messages.
			[RT #15702]

990 991
1994.	[port]		OpenSSL 0.9.8 support. [RT #15694]

992 993 994 995
1993.	[bug]		Log messsage, via syslog, were missing the space
			after the timestamp if "print-time yes" was specified.
			[RT #15844]

Mark Andrews's avatar
Mark Andrews committed
996
1992.	[bug]		Not all incoming zone transfer messages included the
997 998
			view.  [RT #15825]

999 1000 1001 1002
1991.	[cleanup]	The configuration data, once read, should be treated
			as readonly.  Expand the use of const to enforce this
			at compile time. [RT #15813]

1003 1004 1005 1006
1990.	[bug]		libbind:  isc's override of broken gettimeofday()
			implementions was not always effective.
			[RT #15709]

1007 1008 1009
1989.	[bug]		win32: don't check the service password when
			re-installing. [RT #15882]

1010 1011 1012
1988.	[bug]		Remove a bus error from the SHA256/SHA512 support.
			[RT #15878]

1013 1014
1987.	[func]		DS/DLV SHA256 digest algorithm support. [RT #15608]

1015 1016
1986.	[func]		Report when a zone is removed. [RT #15849]

1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027
1985.	[protocol]	DLV has now been assigned a official type code of
			32769. [RT #15807]

			Note: care should be taken to ensure you upgrade
			both named and dnssec-signzone at the same time for
			zones with DLV records where named is the master
			server for the zone.  Also any zones that contain
			DLV records should be removed when upgrading a slave
			zone.  You do not however have to upgrade all
			servers for a zone with DLV records simultaniously.

1028 1029 1030
1984.	[func]		dig, nslookup and host now advertise a 4096 byte
			EDNS UDP buffer size by default. [RT #15855]

1031 1032 1033
1983.	[func]		Two new update policies.  "selfsub" and "selfwild".
			[RT #12895]

1034 1035 1036 1037
1982.	[bug]		DNSKEY was being accepted on the parent side of
			a delegation.  KEY is still accepted there for
			RFC 3007 validated updates. [RT #15620]

1038 1039 1040
1981.	[bug]		win32: condition.c:wait() could fail to reattain
			the mutex lock.

1041 1042 1043
1980.	[func]		dnssec-signzone: output the SOA record as the
			first record in the signed zone. [RT #15758]

1044 1045 1046
1979.	[port]		linux: allow named to drop core after changing
			user ids. [RT #15753]

1047 1048 1049
1978.	[port]		Handle systems which have a broken recvmsg().
			[RT #15742]

1050 1051
1977.	[bug]		Silence noisy log message. [RT #15704]

1052 1053
1976.	[bug]		Handle systems with no IPv4 addresses. [RT #15695]

1054 1055 1056
1975.	[bug]		libbind: isc_gethexstring() could misparse multi-line
			hex strings with comments. [RT #15814]

1057
1974.	[doc]		List each of the zone types and associated zone
Mark Andrews's avatar
Mark Andrews committed
1058
			options separately in the ARM.
1059

1060 1061 1062
1973.	[func]		TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
			HMACSHA512 support. [RT #13606]