CHANGES 223 KB
Newer Older
1
2
1586.	[func]		"check-names" is now implemented.

Mark Andrews's avatar
Mark Andrews committed
3
4
1585.	[placeholder]	rt10497

Mark Andrews's avatar
Mark Andrews committed
5
6
1584.	[placeholder]	rt10461

Mark Andrews's avatar
Mark Andrews committed
7
8
1583.	[placeholder]	rt10452

9
10
1582.	[bug]		rrset-order failed to work on RRsets with more
			than 32 elements. [RT #10381]
Mark Andrews's avatar
Mark Andrews committed
11

12
13
14
1581.	[func]		Disable DNSSEC support by default.  To enable
			DNSSEC specify "enable-dnssec yes;" in named.conf.

Mark Andrews's avatar
Mark Andrews committed
15
16
17
18
1580.	[placeholder]	rt3746a

1579.	[placeholder]	rt3746a

19
20
1578.	[bug]		Don't use CLASS E IPv4 addresses when resolving.
			[RT #10346]
Mark Andrews's avatar
Mark Andrews committed
21

Mark Andrews's avatar
Mark Andrews committed
22
23
1577.	[placeholder]	rt10331

24
25
1576.	[bug]		Race condition in dns_dispatch_addresponse().
			[RT# 10272]
Mark Andrews's avatar
Mark Andrews committed
26

27
1575.	[func]		Log TSIG name on TSIG verify failure. [RT #4404]
Mark Andrews's avatar
Mark Andrews committed
28

29
30
31
1574.	[bug]		Don't attempt to open the controls socket(s) when
			running tests. [RT #9091]

Mark Andrews's avatar
Mark Andrews committed
32

33
34
35
1573.	[port]		linux: update to libtool 1.5.2 so that
			"make install DESTDIR=/xx" works with
			"configure --with-libtool".  [RT #9941]
Mark Andrews's avatar
Mark Andrews committed
36

37
38
1572.	[bug]		nsupdate: sign the soa query to find the enclosing
			zone if the server is specified. [RT #10148]
Mark Andrews's avatar
Mark Andrews committed
39

40
41
1571.	[bug]		rbt:hash_node() could fail leaving the hash table
			in an inconsistant state.  [RT #10208]
Mark Andrews's avatar
Mark Andrews committed
42

Mark Andrews's avatar
Mark Andrews committed
43
44
1570.	[placeholder]	rt10202

Mark Andrews's avatar
Mark Andrews committed
45
46
47
48
1569.	[placeholder]	rt10236

1568.	[placeholder]	rt10236

49
50
1567.	[bug]		B.ROOT-SERVERS.NET is now 192.228.79.201.

51
52
53
54
1566.	[port]		Support for the cmsg framework on Solaris and HP/UX.
			This also solved the problem that match-destinations
			for IPv6 addresses did not work on these systems.
			[RT #10221]
55

Mark Andrews's avatar
Mark Andrews committed
56
57
58
1565.	[bug]		CD flag should be copied to outgoing queries unless
			the query is under a secure entry point in which case
			CD should be set.
59

60
61
62
63
64
1564.	[func]		Attempt to provide a fallback entropy source to be
			used if named is running chrooted and named is unable
			to open entropy source within the chroot area.
			[RT #10133]

Mark Andrews's avatar
Mark Andrews committed
65
66
1563.	[bug]		Gracefully fail when unable to obtain neither an IPv4
			nor an IPv6 dispatch. [RT #10230]
67

68
69
70
1562.	[bug]		isc_socket_create() and isc_socket_accept() could
			leak memory under error conditions. [RT #10230]

71
72
73
1561.	[bug]		It was possible to release the same name twice if
			named ran out of memory. [RT #10197]

74
75
76
1560.	[port]		FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
			and EAI_NONAME to the same value.

Mark Andrews's avatar
Mark Andrews committed
77
78
1559.	[placeholder]	rt10194

79
80
81
82
83
84
85
86
87
1558.	[func]		New DNSSEC 'disable-algorithms'.  Support entry into
			child zones for which we don't have a supported
			algorithm.  Such child zones are treated as unsigned.

1557.	[func]		Implement missing DNSSEC tests for
			* NOQNAME proof with wildcard answers.
			* NOWILDARD proof with NXDOMAIN.
			Cache and return NOQNAME with wildcard answers.

88
89
1556.   [bug]		nsupdate now treats all names as fully qualified.
			[RT #6427]
Mark Andrews's avatar
Mark Andrews committed
90

Mark Andrews's avatar
now->no    
Mark Andrews committed
91
1555.	[func]		'rrset-order cyclic' no longer has a random starting
92
93
			point. [RT #7572]

94
95
96
1554.	[bug]		dig, host, nsloolup failed when no nameservers
			were specified in /etc/resolv.conf. [RT #8232]

97
1553.	[bug]		The windows socket code could stop accepting
Mark Andrews's avatar
Mark Andrews committed
98
			connections. [RT#10115]
99

100
101
1552.	[bug]		Accept NOTIFY requests from mapped masters if
			matched-mapped is set. [RT #10049]
Mark Andrews's avatar
Mark Andrews committed
102

103
104
1551.	[port]		Open "/dev/null" before calling chroot().

105
106
1550.	[port]		Call tzset(), if available, before calling chroot().

107
108
109
1549.	[func]		named-checkzone can now write out the zone contents
			in a easily parsable format (-D and -o).

Mark Andrews's avatar
Mark Andrews committed
110
111
112
1548.	[bug]		When parsing APL records it was possible to silently
			accept out of range ADDRESSFAMILY values. [RT# 9979]

113
114
115
1547.	[bug]		Named wasted memory recording duplicate lame zone
			entries. [RT #9341]

116
117
118
1546.	[bug]		We were rejecting valid secure CNAME to negative
			answers.

119
120
121
122
1545.	[bug]		It was possible to leak memory if named was unable to
			bind to the specified transfer source and TSIG was
			being used. [RT #10120]

123
124
125
126
1544.	[bug]		Named would logged a single entry to a file despite it
			being over the specified size limit.
			
1543.	[bug]		Logging using "versions unlimited" did not work.
Mark Andrews's avatar
Mark Andrews committed
127

Mark Andrews's avatar
Mark Andrews committed
128
129
1542.	[placeholder]

130
1541.	[func]		NSEC now uses new bitmap format.
Mark Andrews's avatar
Mark Andrews committed
131

132
133
1540.	[bug]		"rndc reload <dynamiczone>" was silently accepted.
			[RT #8934]
Mark Andrews's avatar
Mark Andrews committed
134

135
136
1539.	[bug]		Open UDP sockets for notify-source and transfer-source
			that use reserved ports at startup. [RT #9475]
Mark Andrews's avatar
Mark Andrews committed
137

Mark Andrews's avatar
Mark Andrews committed
138
139
1538.	[placeholder]	rt9997

140
141
1537.	[func]		New option "querylog".  If set specify whether query
			logging	is to be enabled or disabled at startup.
Mark Andrews's avatar
Mark Andrews committed
142

143
144
1536.	[bug]		Windows socket code failed to log a error description
			when returning ISC_R_UNEXPECTED. [RT #9998]
Mark Andrews's avatar
Mark Andrews committed
145

Mark Andrews's avatar
Mark Andrews committed
146
147
1535.	[placeholder]

148
1534.	[bug]		Race condition when priming cache. [RT# 9940]
Mark Andrews's avatar
Mark Andrews committed
149

150
151
1533.	[func]		Warn if both "recusion no;" and "allow-recursion"
			are active. [RT# 4389]
Mark Andrews's avatar
Mark Andrews committed
152

153
154
155
1532.	[port]		netbsd: the configure test for <sys/sysctl.h>
			requires <sys/param.h>.

Mark Andrews's avatar
Mark Andrews committed
156
1531.	[port]		AIX more libtool fixes.
157

158
1530.	[bug]		It was possible to trigger a INSIST() failure if a
Mark Andrews's avatar
grammar    
Mark Andrews committed
159
			slave master file was removed at just the correct
160
161
			moment. [RT #9462]

162
163
1529.	[bug]		"notify explict;" failed to log that NOTIFY messages
			were being sent for the zone.
Mark Andrews's avatar
Mark Andrews committed
164

165
166
1528.	[cleanup]	Simplify some dns_name_ functions based on the
			deprecation of bitstring labels.
167

168
169
1527.	[cleanup]	Reduce the number of gettimeofday() calls without
			losing necessary timer granularity.
170

171
172
1526.	[placeholder]

Mark Andrews's avatar
Mark Andrews committed
173
174
1525.	[bug]		dns_cache_create() could trigger a REQUIRE
			failure in isc_mem_put() during error cleanup.
175
			[RT# 9360]
176

177
178
179
1524.	[port]		AIX needs to be able to resolve all symbols when
			creating shared libraries (--with-libtool).

180
181
1523.	[bug]		Fix race condition in rbtdb. [RT# 9189]

182
183
184
1522.	[bug]		dns_db_findnode() relax the requirements on 'name'.
			[RT# 9286]

185
186
187
1521.	[bug]		dns_view_createresolver() failed to check the
			result from isc_mem_create(). [RT# 9294]

188
189
1520.	[protocol]	Add SSHFP (SSH Finger Print) type.

190
191
192
1519.	[bug]		dnssec-signzone:nsec_setbit() computed the wrong
			length of the new bitmap.

193
194
195
196
1518.   [bug]           dns_nsec_buildrdata(), and hence dns_nsec_build(),
			contained a off-by-one error when working out the
			number of octets in the bitmap.

197
198
1517.   [port]          Support for IPv6 interface scanning on HP/UX and
                        TrueUNIX 5.1.
199

200
1516.   [func]          Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
201

202
203
1515.   [func]          Allow transfer source to be set in a server statement.
                        [RT #6496]
204

205
1514.   [bug]           named: isc_hash_destroy() was being called too early.
206
                        [RT #9160]
207

208
1513.   [doc]           Add "US" to root-delgation-only exclude list.
209

210
211
1512.   [bug]           Extend the delegation-only logging to return query
                        type, class and responding nameserver.
212

213
214
1511.   [bug]           delegation-only was generating false positives
                        on negative answers from subzones.
215

216
217
218
219
220
1510.   [func]          New view option "root-delegation-only".  Apply
                        delegation-only check to all TLDs and root.
                        Note there are some TLDs that are NOT delegation
                        only (e.g. DE, LV, US and MUSEUM) these can be excluded
                        from the checks by using exclude.
221

222
223
224
                        root-delegation-only exclude {
                                "DE"; "LV"; "US"; "MUSEUM";
                        };
225

226
227
1509.   [bug]           Hint zones should accept delegation-only.  Forward
                        zone should not accept delegation-only.
228

229
230
1508.   [bug]           Don't apply delegation-only checks to answers from
                        forwarders.
231

232
233
1507.   [bug]           Handle BIND 8 style returns to NS queries to parents
                        when making delegation-only checks.
234

235
1506.   [bug]           Wrong return type for dns_view_isdelegationonly().
236

237
1505.   [bug]           Uninitialised rdataset in sdb. [RT #8750]
238

239
1504.   [func]          New zone type "delegation-only".
240

241
1503.   [port]          win32: install libeay32.dll outside of system32.
242

243
1502.   [bug]           nsupdate: adjust timeouts for UPDATE requests over TCP.
244

245
246
1501.   [func]          Allow TCP queue length to be specified via
                        named.conf, tcp-listen-queue.
247

248
249
1500.   [bug]           host failed to lookup MX records.  Also look up
                        AAAA records.
250

251
252
1499.   [bug]           isc_random need to be seeded better if arc4random()
                        is not used.
253

254
1498.   [port]          bsdos: 5.x support.
Mark Andrews's avatar
Mark Andrews committed
255

256
1497.   [placeholder]
257

258
1496.   [port]          test for pthread_attr_setstacksize().
259

260
1495.   [cleanup]       Replace hash functions with universal hash.
261

262
1494.   [security]      Turn on RSA BLINDING as a precaution.
Mark Andrews's avatar
Mark Andrews committed
263

264
1493.   [placeholder]
265

266
267
1492.   [cleanup]       Preserve rwlock quota context when upgrading /
                        downgrading. [RT #5599]
268

269
270
1491.   [bug]           dns_master_dump*() would produce extraneous $ORIGIN
                        lines. [RT #6206]
271

272
273
1490.   [bug]           Accept reading state as well as working state in
                        ns_client_next(). [RT #6813]
274

275
276
1489.   [compat]        Treat 'allow-update' on slave zones as a warning.
                        [RT #3469]
277

278
279
1488.   [bug]           Don't override trust levels for glue addresses.
                        [RT #5764]
280

281
282
283
1487.   [bug]           A REQUIRE() failure could be triggered if a zone was
                        queued for transfer and the zone was then removed.
                        [RT #6189]
284

285
286
1486.   [bug]           isc_print_snprintf() '%%' consumed one too many format
                        characters. [RT# 8230]
287

288
1485.   [bug]           gen failed to handle high type values. [RT #6225]
289

290
291
1484.   [bug]           The number of records reported after a AXFR was wrong.
                        [RT #6229]
292

293
294
295
1483.   [bug]           dig axfr failed if the message id in the answer failed
                        to match that in the request.  Only the id in the first
                        message is required to match. [RT #8138]
Mark Andrews's avatar
Mark Andrews committed
296

297
298
299
1482.   [bug]           named could fail to start if the kernel supports
                        IPv6 but no interfaces are configured.  Similarly
                        for IPv4. [RT #6229]
300

301
302
1481.   [bug]           Refresh and stub queries failed to use masters keys
                        if specified. [RT #7391]
303

304
305
306
307
308
1480.   [bug]           Provide replay protection for rndc commands.  Full
                        replay protection requires both rndc and named to
                        be updated.  Partial replay protection (limited
                        exposure after restart) is provided if just named
                        is updated.
309

310
311
312
1479.   [bug]           cfg_create_tuple() failed to handle out of
                        memory cleanup.  parse_list() would leak memory
                        on syntax errors.
Mark Andrews's avatar
Mark Andrews committed
313

314
315
316
1478.   [port]          ifconfig.sh didn't account for other virtual
                        interfaces.  It now takes a optional arguement
                        to specify the first interface number. [RT #3907]
317

318
1477.   [bug]           memory leak using stub zones and TSIG.
Mark Andrews's avatar
Mark Andrews committed
319

320
1476.   [placeholder]
321

322
1475.   [port]          Probe for old sprintf().
323

324
325
1474.   [port]          Provide strtoul() and memmove() for platforms
                        without them.
326

327
328
1473.   [bug]           create_map() and create_string() failed to handle out
                        of memory cleanup.  [RT #6813]
329

330
1472.   [contrib]       idnkit-1.0 from JPNIC, replaces mdnkit.
331

332
1471.   [bug]           libbind: updated to BIND 8.4.0.
333

334
1470.   [bug]           Incorrect length passed to snprintf. [RT #5966]
335

336
337
1469.   [func]          Log end of outgoing zone transfer at same level
                        as the start of transfer is logged. [RT #4441]
338

339
340
1468.   [func]          Internal zones are no longer counted for
                        'rndc status'.  [RT #4706]
341

342
1467.   [func]          $GENERATES now supports optional class and ttl.
343

344
345
1466.   [bug]           lwresd configuration errors resulted in memory
                        and lock leaks.  [RT #5228]
346

347
348
349
1465.   [bug]           isc_base64_decodestring() and isc_base64_tobuffer()
                        failed to check that trailing bits were zero allowing
                        some invalid base64 strings to be accepted.  [RT #5397]
350

351
352
1464.   [bug]           Preserve "out of zone" data for outgoing zone
                        transfers. [RT #5192]
353

354
355
1463.   [bug]           dns_rdata_from{wire,struct}() failed to catch bad
                        NXT bit maps. [RT #5577]
356

357
358
1462.   [bug]           parse_sizeval() failed to check the token type.
                        [RT #5586]
359

360
1461.   [bug]           Remove deadlock from rbtdb code. [RT #5599]
361

362
363
1460.   [bug]           inet_pton() failed to reject certain malformed
                        IPv6 literals.
Mark Andrews's avatar
Mark Andrews committed
364

365
1459.   [placeholder]
366

367
1458.   [cleanup]       sprintf() -> snprintf().
368

369
370
1457.   [port]          Provide strlcat() and strlcpy() for platforms without
                        them.
371

372
1456.   [contrib]       gen-data-queryperf.py from Stephane Bortzmeyer.
373

374
375
1455.   [bug]           <netaddr> missing from server grammar in
                        doc/misc/options. [RT #5616]
376

377
378
379
380
381
1454.   [port]          Use getifaddrs() if available for interface scanning.
                        --disable-getifaddrs to override.  Glibc currently
                        has a getifaddrs() that does not support IPv6.
                        Use --enable-getifaddrs=glibc to force the use of
                        this version under linux machines.
382

383
1453.   [doc]           ARM: $GENERATE example wasn't accurate. [RT #5298]
Mark Andrews's avatar
Mark Andrews committed
384

385
1452.   [placeholder]
386

387
388
1451.   [bug]           rndc-confgen didn't exit with a error code for all
                        failures. [RT #5209]
389

390
391
1450.   [bug]           Fetching expired glue failed under certain
                        circumstances.  [RT #5124]
392

393
394
1449.   [bug]           query_addbestns() didn't handle running out of memory
                        gracefully.
395

396
1448.   [bug]           Handle empty wildcards labels.
397

398
399
400
1447.   [bug]           We were casting (unsigned int) to and from (void *).
                        rdataset->private4 is now rdataset->privateuint4
                        to reflect a type change.
401

402
403
404
1446.   [func]          Implemented undocumented alternate transfer sources
                        from BIND 8.  See use-alt-transfer-source,
                        alt-transfer-source and alt-transfer-source-v6.
405

406
407
408
409
410
411
                        SECURITY: use-alt-transfer-source is ENABLED unless
                        you are using views.  This may cause a security risk
                        resulting in accidental disclosure of wrong zone
                        content if the master supplying different source
                        content based on IP address.  If you are not certain
                        ISC recommends setting use-alt-transfer-source no;
412

413
414
415
1445.   [bug]           DNS_ADBFIND_STARTATROOT broke stub zones.  This has
                        been replaced with DNS_ADBFIND_STARTATZONE which
                        causes the search to start using the closest zone.
416

417
418
1444.   [func]          dns_view_findzonecut2() allows you to specify if the
                        cache should be searched for zone cuts.
419

420
421
1443.   [func]          Masters lists can now be specified and referenced
                        in zone masters clauses and other masters lists.
422

423
424
425
426
1442.   [func]          New functions for manipulating port lists:
                        dns_portlist_create(), dns_portlist_add(),
                        dns_portlist_remove(), dns_portlist_match(),
                        dns_portlist_attach() and dns_portlist_detach().
427

428
429
1441.   [func]          It is now possible to tell dig to bind to a specific
                        source port.
430

431
432
433
1440.   [func]          It is now possible to tell named to avoid using
                        certain source ports (avoid-v4-udp-ports,
                        avoid-v6-udp-ports).
434

435
436
437
1439.   [bug]           Named could return NOERROR with certain NOTIFY
                        failures.  Return NOTAUTH if the NOTIFY zone is
                        not being served.
438

439
1438.   [func]          Log TSIG (if any) when logging NOTIFY requests.
440

441
1437.   [bug]           Leave space for stdio to work in. [RT #5033]
442

443
444
1436.   [func]          dns_zonemgr_resumexfrs() can be used to restart
                        stalled transfers.
445

446
447
448
449
1435.   [bug]           zmgr_resume_xfrs() was being called read locked
                        rather than write locked.  zmgr_resume_xfrs()
                        was not being called if the zone was being
                        shutdown.
450

451
452
1434.   [bug]           "rndc reconfig" failed to initiate the initial
                        zone transfer of new slave zones.
453

454
455
456
1433.   [bug]           named could trigger a REQUIRE failure if it could
                        not get a file descriptor when attempting to write
                        a master file. [RT #4347]
457

458
459
1432.   [func]          The advertised EDNS UDP buffer size can now be set
                        via named.conf (edns-udp-size).
460

461
462
1431.   [bug]           isc_print_snprintf() "%s" with precision could walk off
                        end of argument. [RT #5191]
463

464
1430.   [port]          linux: IPv6 interface scanning support.
465

466
1429.   [bug]           Prevent the cache getting locked to old servers.
Mark Andrews's avatar
Mark Andrews committed
467

468
1428.   [placeholder]
469

470
1427.   [bug]           Race condition in adb with threaded build.
Mark Andrews's avatar
Mark Andrews committed
471

472
1426.   [placeholder]
473

474
475
1425.   [port]          linux/libbind: define __USE_MISC when testing *_r()
                        function prototypes in netdb.h.  [RT #4921]
476

477
1424.   [bug]           EDNS version not being correctly printed.
478

479
1423.   [contrib]       queryperf: added A6 and SRV.
480

481
1422.   [func]          Log name/type/class when denying a query.  [RT #4663]
482

483
484
485
1421.   [func]          Differentiate updates that don't succeed due to
                        prerequisites (unsuccessful) vs other reasons
                        (failed).
486

487
1420.   [port]          solaris: work around gcc optimiser bug.
488

489
1419.   [port]          openbsd: use /dev/arandom. [RT #4950]
490

491
1418.   [bug]           'rndc reconfig' did not cause new slaves to load.
492

493
494
1417.   [func]          ID.SERVER/CHAOS is now a built in zone.
                        See "server-id" for how to configure.
495

496
497
1416.   [bug]           Empty node should return NOERROR NODATA, not NXDOMAIN.
                        [RT #4715]
498

499
500
1415.   [func]          DS TTL now derived from NS ttl.  NXT TTL now derived
                        from SOA MINIMUM.
501

502
1414.   [func]          Support for KSK flag.
503

504
505
1413.   [func]          Explictly request the (re-)generation of DS records from
                        keysets (dnssec-signzone -g).
506

507
508
509
1412.   [func]          You can now specify servers to be tried if a nameserver
                        has IPv6 address and you only support IPv4 or the
                        reverse. See dual-stack-servers.
510

511
1411.   [bug]           empty nodes should stop wildcard matches. [RT #4802]
512

513
1410.   [func]          handle records that live in the parent zone, e.g. DS.
514

515
1409.   [bug]           DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
516

517
1408.   [bug]           distclean was not complete. [RT #4700]
518

519
520
1407.   [bug]           lfsr incorrectly implements the shift register.
                        [RT #4617]
521

522
523
1406.   [bug]           dispatch initialises one of the LFSR's with a incorrect
                        polynomial.  [RT #4617]
524

525
1405.   [func]          Use arc4random() if available.
Mark Andrews's avatar
Mark Andrews committed
526

527
528
1404.   [bug]           libbind: ns_name_ntol() could overwrite a zero length
                        buffer.
529

530
531
532
1403.   [func]          dnssec-signzone, dnssec-keygen, dnssec-makekeyset
                        dnssec-signkey now report their version in the
                        usage message.
533

534
535
1402.   [cleanup]       A6 has been moved to experimental and is no longer
                        fully supported.
536

537
1401.   [bug]           adb wasn't clearing state when the timer expired.
538

539
540
1400.   [bug]           Block the addition of wildcard NS records by IXFR
                        or UPDATE. [RT #3502]
541

542
543
1399.   [bug]           Use serial number arithmetic when testing SIG
                        timestamps. [RT #4268]
544

545
546
1398.   [doc]           ARM: notify-also should have been also-notify.
                        [RT #4345]
547

548
1397.   [bug]           J.ROOT-SERVERS.NET is now 192.58.128.30.
549

550
551
1396.   [func]          dnssec-signzone: adjust the default signing time by
                        1 hour to allow for clock skew.
552

553
554
1395.   [port]          OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
                        have a working implementation.  [RT #4079]
555

556
557
558
1394.   [func]          It is now possible to check if a particular element is
                        in a acl.  Remove duplicate entries from the localnets
                        acl.
559

560
561
562
1393.   [port]          Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
                        is not available in the kernel to prevent accidently
                        listening on IPv4 interfaces.
563

564
1392.   [bug]           named-checkzone: update usage.
565

566
1391.   [func]          Add support for IPv6 scoped addresses in named.
567

568
1390.   [func]          host now supports ixfr.
569

570
1389.   [bug]           named could fail to rotate long log files.  [RT #3666]
571

572
573
1388.   [port]          irix: check for sys/sysctl.h and NET_RT_IFLIST before
                        defining HAVE_IFLIST_SYSCTL. [RT #3770]
574

575
576
577
1387.   [bug]           named could crash due to an access to invalid memory
                        space (which caused an assertion failure) in
                        incremental cleaning.  [RT #3588]
578

579
580
1386.   [bug]           named-checkzone -z stopped on errors in a zone.
                        [RT #3653]
581

582
583
1385.   [bug]           Setting serial-query-rate to 10 would trigger a
                        REQUIRE failure.
584

585
586
1384.   [bug]           host was incompatible with BIND 8 in its exit code and
                        in the output with the -l option.  [RT #3536]
587

588
589
590
1383.   [func]          Track the serial number in a IXFR response and log if
                        a mismatch occurs.  This is a more specific error than
                        "not exact". [RT #3445]
591

592
1382.   [bug]           make install failed with --enable-libbind. [RT #3656]
593

594
595
596
1381.   [bug]           named failed to correctly process answers that
                        contained DNAME records where the resulting CNAME
                        resulted in a negative answer.
597

598
599
1380.   [func]          'rndc recursing' dump recursing queries to
                        'recursing-file = "named.recursing";'.
600

601
602
1379.   [func]          'rndc status' now reports tcp and recursion quota
                        states.
603

604
1378.   [func]          Improved positive feedback for 'rndc {reload|refresh}.
605

606
607
1377.   [func]          dns_zone_load{new}() now reports if the zone was
                        loaded, queued for loading to up to date.
608

609
610
1376.   [func]          New function dns_zone_logc() to log to specified
                        category.
611

612
613
1375.   [func]          'rndc dumpdb' now dumps the adb cache along with the
                        data cache.
614

615
616
1374.   [func]          dns_adb_dump() now logs the lame zones associated
                        with each server.
617

618
619
1373.   [bug]           Recovery from expired glue failed under certain
                        circumstances.
620

621
622
623
1372.   [bug]           named crashes with an assertion failure on exit when
                        sharing the same port for listening and querying, and
                        changing listening addresses several times. [RT# 3509]
Mark Andrews's avatar
Mark Andrews committed
624

625
626
627
628
629
1371.   [bug]           notify-source-v6, transfer-source-v6 and
                        query-source-v6 with explicit addresses and using the
                        same ports as named was listening on could interfere
                        with nameds ability to answer queries sent to those
                        addresses.
Mark Andrews's avatar
Mark Andrews committed
630

631
1370.   [bug]           dig '+[no]recurse' was incorrectly documented.
Mark Andrews's avatar
Mark Andrews committed
632

633
634
1369.   [bug]           Adding an NS record as the lexicographically last
                        record in a secure zone didn't work.
Mark Andrews's avatar
Mark Andrews committed
635

636
1368.   [func]          remove support for bitstring labels.
Mark Andrews's avatar
Mark Andrews committed
637

638
1367.   [func]          Use response times to select forwarders.
Mark Andrews's avatar
Mark Andrews committed
639

640
1366.   [contrib]       queryperf usage was incomplete.  Add '-h' for help.
Mark Andrews's avatar
Mark Andrews committed
641

642
643
1365.   [func]          "localhost" and "localnets" acls now include IPv6
                        addresses / prefixes.
Mark Andrews's avatar
Mark Andrews committed
644

645
646
1364.   [func]          Log file name when unable to open memory statistics
                        and dump database files. [RT# 3437]
Mark Andrews's avatar
Mark Andrews committed
647

648
1363.   [func]          Listen-on-v6 now supports specific addresses.
Mark Andrews's avatar
Mark Andrews committed
649

650
1362.   [bug]           remove IFF_RUNNING test when scanning interfaces.
651

652
653
1361.   [func]          log the reason for rejecting a server when resolving
                        queries.
654

655
656
1360.   [bug]           --enable-libbind would fail when not built in the
                        source tree for certain OS's.
657

658
659
1359.   [security]      Support patches OpenSSL libraries.
                        http://www.cert.org/advisories/CA-2002-23.html
660

661
662
1358.   [bug]           It was possible to trigger a INSIST when debugging
                        large dynamic updates. [RT #3390]
663

664
1357.   [bug]           nsupdate was extremely wasteful of memory.
665

666
1356.   [tuning]        Reduce the number of events / quantum for zone tasks.
667

668
1355.   [bug]           Fix DNSSEC wildcard proof for CNAME/DNAME.
669

670
1354.   [doc]           lwres man pages had illegal nroff.
671

672
1353.   [contrib]       sdb/ldap to version 0.9.
673

674
675
1352.   [bug]           dig, host, nslookup when falling back to TCP use the
                        current search entry (if any). [RT #3374]
676

677
678
679
1351.   [bug]           lwres_getipnodebyname() returned the wrong name
                        when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
                        was set.
680

681
682
1350.   [bug]           dns_name_fromtext() failed to handle too many labels
                        gracefully.
683

684
685
1349.   [security]      Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
                        http://www.cert.org/advisories/CA-2002-23.html
686

687
688
689
1348.   [port]          win32: Rewrote code to use I/O Completion Ports
                        in socket.c and eliminating a host of socket
                        errors. Performance is enhanced.
690

691
1347.   [placeholder]
Danny Mayer's avatar
Danny Mayer committed
692

693
1346.   [placeholder]
694

695
696
1345.   [port]          Use a explicit -Wformat with gcc.  Not all versions
                        include it in -Wall.
697

698
699
700
701
702
1344.   [func]          Log if the serial number on the master has gone
                        backwards.
                        If you have multiple machines specified in the masters
                        clause you may want to set 'multi-master yes;' to
                        suppress this warning.
703

704
705
1343.   [func]          Log successful notifies received (info).  Adjust log
                        level for failed notifies to notice.
706

707
1342.   [func]          Log remote address with TCP dispatch failures.
708

709
1341.   [func]          Allow a rate limiter to be stalled.
710

711
1340.   [bug]           Delay and spread out the startup refresh load.
712

713
714
1339.   [func]          dig, host and nslookup now use IP6.ARPA for nibble
                        lookups.  Bit string lookups are no longer attempted.
715

716
1338.   [placeholder]
717

718
1337.   [placeholder]
719

720
721
722
1336.   [func]          Nibble lookups under IP6.ARPA are now supported by
                        dns_byaddr_create().  dns_byaddr_createptrname() is
                        deprecated, use dns_byaddr_createptrname2() instead.
723

724
725
1335.   [bug]           When performing a nonexistence proof, the validator
                        should discard parent NXTs from higher in the DNS.
726

727
728
1334.   [bug]           When signing/verifying rdatasets, duplicate rdatas
                        need to be suppressed.
729

730
731
1333.   [contrib]       queryperf now reports a summary of returned
                        rcodes (-c), rcodes are printed in mnemonic form (-v).
732

733
734
1332.   [func]          Report the current serial with periodic commits when
                        rolling forward the journal.
735

736
1331.   [func]          Generate DNSSEC wildcard proofs.
737

738
739
1330.   [bug]           When processing events (non-threaded) only allow
                        the task one chance to use to use its quantum.
740

741
742
743
744
1329.   [func]          named-checkzone will now check if nameservers that
                        appear to be IP addresses.  Available modes "fail",
                        "warn" (default) and "ignore" the results of the
                        check.
745

746
747
1328.   [bug]           The validator could incorrectly verify an invalid
                        negative proof.
748

749
750
751
1327.   [bug]           The validator would incorrectly mark data as insecure
                        when seeing a bogus signature before a correct
                        signature.
752

753
754
1326.   [bug]           DNAME/CNAME signatures were not being cached when
                        validation was not being performed. [RT #3284]
755

756
757
1325.   [bug]           If the tcpquota was exhausted it was possible to
                        to trigger a INSIST() failure.
758

759
1324.   [port]          darwin: ifconfig.sh now supports darwin.
760

761
1323.   [port]          linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
762

763
1322.   [bug]           dnssec-signzone usage message was misleading.
764

765
766
1321.   [bug]           If the last RRset in a zone is glue, dnssec-signzone
                        would incorrectly duplicate its output and sign it.
767

768
769
1320.   [doc]           query-source-v6 was missing from options section.
                        [RT #3218]
770

771
1319.   [func]          libbind: log attempts to exploit #1318.
772

773
1318.   [bug]           libbind: Remote buffer overrun.
774

775
776
1317.   [port]          libbind: TrueUNIX 5.1 does not like __align as a
                        element name.
Mark Andrews's avatar
Mark Andrews committed
777

778
779
1316.   [bug]           libbind: gethostans() could get out of sync parsing
                        the response if there was a very long CNAME chain.
780

781
1315.   [bug]           Options should apply to the internal _bind view.
782

783
1314.   [port]          Handle ECONNRESET from sendmsg() [unix].
784

785
786
1313.   [func]          Query log now says if the query was signed (S) or
                        if EDNS was used (E).
787

788
1312.   [func]          Log TSIG key used w/ outgoing zone transfers.
789

790
1311.   [bug]           lwres_getrrsetbyname leaked memory.  [RT #3159]
791

792
793
1310.   [bug]           'rndc stop' failed to cause zones to be flushed
                        sometimes. [RT #3157]
794

795
1309.   [func]          Log that a zone transfer was covered by a TSIG.
796

797
1308.   [func]          DS (delegation signer) support.
798

799
1307.   [bug]           nsupdate: allow white space base64 key data.
800

801
802
1306.   [bug]           Badly encoded LOC record when the size, horizontal
                        precision or vertical precision was 0.1m.
803