CHANGES 71.8 KB
Newer Older
1
2
3
 604.	[bug]		The named.conf parser could print incorrect line
			numbers when long comments were present.

Michael Sawyer's avatar
Michael Sawyer committed
4
5
6
 603.	[bug]		Make dig handle multiple types or classes on the same
			query more correctly.

7
8
9
 602.	[func]		Cope automatically with UnixWare's broken
			IN6_IS_ADDR_* macros. [RT #539]

10
11
12
 601.	[func]		Return a non-zero exit code if an update fails
			in nsupdate.

13
14
 600.	[bug]		Reverse lookups sometimes failed in dig, etc...

15
16
 599.	[func]		Updated the libisc log API to support i18n message
			arguments to isc_log_{,v}write{,1}.
17

18
19
20
 598.	[bug]		An update-policy statement would cause the server
			to assert while loading. [RT #536]

21
22
 597.	[func]		dnssec-signzone is now multithreaded.

23
24
25
 596.	[bug]		DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
			not mutually exclusive.

26
27
 595.	[port]		On Linux 2.2, socket() returns EINVAL when it
			should return EAFNOSUPPORT.  Work around this.
Brian Wellington's avatar
Brian Wellington committed
28
			[RT #531]
29

30
31
32
 594.	[func]		sdb drivers are now assumed to not be thread-safe
			unless the DNS_SDBFLAG_THREADSAFE flag is supplied.

33
34
35
36
 593.	[bug]		If a secure zone was missing all its NXTs and
			a dynamic update was attempted, the server entered
			an infinite loop.

37
38
39
 592.	[bug]		The sig-validity-interval option now specifies a
			number of days, not seconds.  This matches the
			documentation. [RT #529]
40

41
42
	--- 9.1.0b1 released ---

43
44
45
 591.	[bug]		Work around non-reentrancy in openssl by disabling
			precomputation in keys.

46
47
48
 590.	[doc]		There are now man pages for the lwres library in
			doc/man/lwres.

49
50
51
 589.	[bug]		The server could deadlock if a zone was updated 
			while being transferred out.

52
53
 588.	[bug]		ctx->in_use was not being correctly initalised when
			when pushing a file for $INCLUDE. [RT #523]
54
55
56
57
58
59
60
61

 587.	[func]		A warning is now printed if the "allow-update"
			option allows updates based on the source IP
			address, to alert users to the fact that this
			is insecure and becoming increasingly so as
			servers capable of update forwarding are being
			deployed.

62
63
 586.	[bug]		multiple views with the same name were fatal. [RT #516]

64
65
66
 585.	[func]		dns_db_addrdataset() and and dns_rdataslab_merge()
			now support 'exact' additions in a similar manner to
			dns_db_subtractrdataset() and dns_rdataslab_subtract().
67
68
69
70
71
72

 584.	[func]		You can now say 'notify explicit'; to suppress
			notification of the servers listed in NS records
			and notify only those servers listed in the
			'also-notify' option.

73
74
75
 583.	[func]		"rndc querylog" will now toggle logging of
			queries, like "ndc querylog" in BIND 8.

76
77
78
 582.	[bug]		dns_zone_idetach() failed to lock the zone.
			[RT #199, #463]

79
80
 581.	[bug]		log severity was not being correctly processed.
			[RT #485]
81

82
83
84
85
 580.	[func]		Ignore trailing garbage on incoming DNS packets,
			for interoperability with broken server
			implementations. [RT #491]

86
87
88
 579.	[bug]		nsupdate did not take a filename to read update from.
			[RT #492]

Andreas Gustafsson's avatar
Andreas Gustafsson committed
89
90
 578.	[func]		New config option "notify-source", to specify the
			source address for notify messages.
91

92
93
94
 577.	[func]		Log illegal RDATA combinations. e.g. multiple
			singlton types, cname and other data.

95
96
97
98
 576.	[doc]		isc_log_create() description did not match reality.

 575.	[bug]		isc_log_create() was not setting internal state
			correctly to reflect the default channels created.
99

Andreas Gustafsson's avatar
Andreas Gustafsson committed
100
 574.	[bug]		TSIG signed queries sent by the resolver would fail to
101
102
			have their responses validated and would leak memory.

103
104
105
 573.	[bug]		The journal files of IXFRed slave zones were
			inadvertantly discarded on server reload, causing
			"journal out of sync with zone" errors on subsequent
Andreas Gustafsson's avatar
Andreas Gustafsson committed
106
			reloads. [RT #482]
107

108
109
110
 572.	[bug]		Quoted strings were not accepted as key names in
			address match lists.

111
112
113
114
115
116
117
 571.	[bug]		It was possible to create an rdataset of singleton
			type which had more than one rdata.  [RT #154]
			[RT #279]

 570.	[bug]		rbtdb.c allowed zones containing nodes which had
			both a CNAME and "other data". [RT #154]

118
119
120
 569.	[func]		The DNSSEC AD bit will not be set on queries which
			have not requested a DNSSEC response.

121
 568.	[func]		Add sample simple database drivers in contrib/sdb.
122
123
124
125
126
127

 567.	[bug]		Setting the zone transfer timeout to zero caused an
			assertion failure. [RT #302]

 566.	[func]		New public function dns_timer_setidle().

128
129
 565.	[func]		Log queries more like BIND 8: query logging is now
			done to category "queries", level "info". [RT #169]
130

131
132
 564.	[func]		Add sortlist support to lwresd.

133
134
135
136
 563.	[func]		New public functions dns_rdatatype_format() and
			dns_rdataclass_format(), for convenient formatting
			of rdata type/class mnemonics in log messages.

137
138
 562.	[cleanup]	Moved lib/dns/*conf.c to bin/named where they belong.

139
140
141
142
143
144
145
146
147
148
149
150
151
152
 561.	[func]		The 'datasize', 'stacksize', 'coresize' and 'files'
			clauses of the options{} statement are now implemented.

 560.	[bug]		dns_name_split did not properly the resulting prefix
			when a maximal length bitstring label was split which
			was preceded by another bitstring label. [RT #429]

 559.	[bug]		dns_name_split did not properly create the suffix
			when splitting within a maximal length bitstring label.

 558.	[func]		New functions, isc_resource_getlimit and
			isc_resource_setlimit.

 557.	[func]		Symbolic constants for libisc integral types.
153

154
155
156
157
 556.	[func]		The DNSSEC OK bit in the EDNS extended flags
			is now implemented.  Responses to queries without
			this bit set will not contain any DNSSEC records.

158
159
160
161
 555.	[bug]		A slave server attempting a zone transfer could 
			crash with an assertion failure on certain
			malformed responses from the master. [RT #457]

162
163
164
 554.	[bug]		In some cases, not all of the dnssec tools were
			properly installed.

165
166
167
168
 553.	[bug]		Incoming zone transfers deferred due to quota 
			were not started when quota was increased but 
			only when a transfer in progress finished. [RT #456]

169
170
 552.	[bug]		We were not correctly detecting the end of all c-style
			comments.  [RT #455]
171

172
173
 551.	[func]		Implemented the 'sortlist' option.

174
175
 550.	[func]		Support unknown rdata types and classes.

176
177
178
 549.	[bug]		"make" did not immediately abort the build when a
			subdirectory make failed [RT #450].

179
 548.	[func]		The lexer now ungets tokens more correctly.
Brian Wellington's avatar
Brian Wellington committed
180

181
182
 546.	[func]		Option 'lame-ttl' is now implemented.

183
184
185
186
 545.	[func]		Name limit and counting options removed from dig;
			they didn't work properly, and cannot be correctly
			implemented without significant changes.

187
188
189
190
 544.	[func]		Add statistics option, enable statistics-file option,
			add RNDC option "dump-statistics" to write out a
			query statistics file.

191
192
 543.	[doc]		The 'port' option is now documented.

193
194
195
196
 542.	[func]		Add support for update forwarding as required for
			full compliance with RFC2136.  It is turned off
			by default and can be enabled using the
			'allow-update-forwarding' option.
197

198
199
 541.	[func]		Add bogus server support.

Mark Andrews's avatar
Mark Andrews committed
200
201
 540.	[func]		Add dialup support.

202
203
 539.	[func]		Support the blackhole option.

204
205
 538.	[bug]		fix buffer overruns by 1 in lwres_getnameinfo().

206
207
208
209
210
211
212
 536.	[func]		Use transfer-source{-v6} when sending refresh queries.
			Transfer-source{-v6} now take a optional port
			parameter for setting the UDP source port.  The port
			parameter is ignored for TCP.

 535.	[func]		Use transfer-source{-v6} when forwarding update
			requests.
213

214
215
216
217
218
219
 534.	[func]		Ancestors have been removed from RBT chains.  Ancestor
			information can be discerned via node parent pointers.

 533.	[func]		Incorporated name hashing into the RBT database to
			improve search speed.

220
221
222
 532.	[func]		Implement DNS UPDATE pseudo records using
			DNS_RDATA_UPDATE flag.

223
224
 531.	[func]		Rdata really should be initalized before being assigned
			to (dns_rdata_fromwire(), dns_rdata_fromtext(),
225
226
227
			dns_rdata_clone(), dns_rdata_fromregion()),
			check that it is.

228
229
 530.	[func]		New function dns_rdata_invalidate().

230
231
232
 529.	[bug]		521 contained a bug which caused zones to always
			reload.  [RT #410]
	
233
234
235
236
 528.	[func]		The ISC_LIST_XXXX macros now perform sanity checks
			on their arguements.  ISC_LIST_XXXXUNSAFE can be use
			to skip the checks however use with caution.

237
238
 527.	[func]		New function dns_rdata_clone().

239
240
241
 526.	[bug]		nsupdate incorrectly refused to add RRs with a TTL
			of 0.

242
243
244
245
 525.	[func]		New arguments 'options' for dns_db_subtractrdataset(),
			and 'flags' for dns_rdataslab_subtract() allowing you
			to request that the RR's must exist prior to deletion.
			DNS_R_NOTEXACT is returned if the condition is not met.
246

247
248
249
 524.	[func]		The 'forward' and 'forwarders' statement in
			non-forward zones should work now.

250
251
252
253
254
255
 523.	[doc]		The source to the Administrator Reference Manual is
			now an XML file using the DocBook DTD, and is included
			in the distribution.  The plain text version of the
			ARM is temporarily unavailable while we figure out
			how to generate readable plain text from the XML.

256
257
258
259
260
 522.	[func]		The lightweight resolver daemon can now use
			a real configuration file, and its functionality
			can be provided by a name server.  Also, the -p and -P
			options to lwresd have been reversed.

261
262
263
 521.	[bug]		Detect master files which contain $INCLUDE and always
			reload. [RT #196]

264
265
266
 520.	[bug]		Upgraded libtool to 1.3.5, which makes shared
			library builds almost work on AIX (and possibly 
			others).
267

268
269
270
271
272
273
274
 519.	[bug]		dns_name_split() would improperly split some bitstring
			labels, zeroing a few of the least signficant bits in
			the prefix part.  When such an improperly created
			prefix was returned to the RBT database, the bogus
			label was dutifully stored, corrupting the tree.
			[RT #369]

275
276
 518.	[bug]		The resolver did not realize that a DNAME which was
			"the answer" to the client's query was "the answer",
Brian Wellington's avatar
Brian Wellington committed
277
			and such queries would fail. [RT #399]
278
279
280

 517.	[bug]		The resolver's DNAME code would trigger an assertion
			if there was more than one DNAME in the chain.
Brian Wellington's avatar
Brian Wellington committed
281
			[RT #399]
282
283
284
285

 516.	[bug]		Cache lookups which had a NULL node pointer, e.g.
			those by dns_view_find(), and which would match a
			DNAME, would trigger an INSIST(!search.need_cleanup)
Brian Wellington's avatar
Brian Wellington committed
286
			assertion. [RT #399]
287

Andreas Gustafsson's avatar
typo    
Andreas Gustafsson committed
288
289
 515.	[bug]		The ssu table was not being attached / detached
			by dns_zone_[sg]etssutable. [RT#397]
290

291
292
293
 514.	[func]		Retry refresh and notify queries if they timeout.
			[RT #388]

294
 513.	[func]		New functionality added to rdnc and server to allow
Andreas Gustafsson's avatar
typo    
Andreas Gustafsson committed
295
			individual zones to be refreshed or reloaded.
296

Andreas Gustafsson's avatar
typos    
Andreas Gustafsson committed
297
 512.	[bug]		The zone transfer code could throw an execption with
298
299
			an invalid IXFR stream.

300
301
302
 511.	[bug]		The message code could throw an assertion on an
			out of memory failure. [RT #392]

303
304
 510.	[bug]		Remove spurious view notify warning. [RT #376]

305
306
 509.	[func]		Add support for write of zone files on shutdown.

307
308
309
310
 508.	[func]		dns_message_parse() can now do a best-effort
			attempt, which should allow dig to print more invalid
			messages.

311
312
313
 507.	[func]		New functions dns_zone_flush(), dns_zt_flushanddetach()
			and dns_view_flushanddetach().

314
315
 506.	[func]		Do not fail to start on errors in zone files.

316
317
 505.	[bug]		nsupdate was printing "unknown result code". [RT #373]

318
319
320
321
322
323
 504.	[bug]		The zone was not being marked as dirty when updated via
			IXFR.

 503.	[bug]		dumptime was not being set along with
			DNS_ZONEFLG_NEEDDUMP.

324
325
326
327
328
329
 502.	[func]		On a SERVFAIL reply, DiG will now try the next server
			in the list, unless the +fail option is specified.

 501.	[bug]		Incorrect port numbers were being displayed by
			nslookup.  [RT #352]

330
 500.	[func]		Nearly useless +details option removed from DiG.
331
332
333
334
335
336
337

 499.	[func]		In DiG, specifying a class with -c or type with -t
			changes command-line parsing so that classes and
			types are only recognized if following -c or -t.
			This allows hosts with the same name as a class or
			type to be looked up.

338
339
340
 498.	[doc]		There is now a man page for "dig" 
			in doc/man/bin/dig.1.

341
342
343
344
 497.	[bug]		The error messages printed when an IP match list
			contained a network address with a nonzero host
			part where not sufficiently detailed. [RT #365]

345
 496.	[bug]		named didn't sanity check numeric parameters. [RT #361]
346

347
 495.	[bug]		nsupdate was unable to handle large records. [RT #368]
348

349
350
 494.	[func]		Do not cache NXDOMAIN responses for SOA queries.

351
352
353
354
355
 493.	[func]		Return non-cachable (ttl = 0) NXDOMAIN responses
			for SOA queries.  This makes it easier to locate
			the containing zone without polluting intermediate
			caches.

356
357
 492.	[bug]		attempting to reload a zone caused the server fail
			to shutdown cleanly. [RT #360]
358

359
 491.	[bug]		nsupdate would segfault when sending certain
360
			prerequisites with empty RDATA. [RT #356]
361

362
363
364
365
366
 490.	[func]		When a slave/stub zone has not yet successfully
			obtained an SOA containing the zone's configured
			retry time, perform the SOA query retries using
			exponential backoff. [RT #337]

367
368
 489.	[func]		The zone manager now has a "i/o" queue.

369
370
 488.	[bug]		Locks weren't properly destroyed in some cases.

371
372
 487.	[port]		flockfile() is not defined on all systems.

373
374
375
376
 486.	[bug]		nslookup: "set all" and "server" commands showed
			the incorrect port number if a port other than 53
			was specified. [RT #352]

377
378
379
380
 485.	[func]		When dig had more than one server to query, it would
			send all of the messages at the same time.  Add
			rate limiting of the transmitted messages.

381
382
383
384
385
 484.	[bug]		When the server was reloaded after removing addresses 
			from the named.conf "listen-on" statement, sockets
			were still listening on the removed addresses due
			to reference count loops. [RT #325]

386
387
 483.	[bug]		nslookup: "set all" showed a "search" option but it 
			was not settable.
388

389
390
391
 482.	[bug]		nslookup: a plain "server" or "lserver" should be
			treated as a lookup.

392
 481.	[bug]		nslookup:get_next_command() stack size could exceed
393
394
395
396
			per thread limit.

 480.	[bug]		strtok() is not thread safe. [RT #349]

397
398
399
 479.	[func]		The test suite can now be run by typing "make check"
			or "make test" at the top level.

400
401
402
 478.	[bug]		"make install" failed if the directory specified with
			--prefix did not already exist.

403
404
405
 477.	[bug]		The the isc-config.sh script could be installed before
			its directory was created. [RT #324]

406
407
 476.	[bug]		A zone could expire while a zone transfer was in
			progress triggering a INSIST failure. [RT #329]
Andreas Gustafsson's avatar
Andreas Gustafsson committed
408

409
410
411
412
413
414
415
 475.	[bug]		query_getzonedb() sometimes returned a non-null version
			on failure.  This caused assertion failures when
			generating query responses where names subject to
			additional section processing pointed to a zone
			to which access had been denied by means of the
			allow-query option. [RT #336]

416
417
418
 474.	[bug]		The mnemonic of the CHAOS class is CH according to
			RFC1035, but it was printed and read only as CHAOS.
			We now accept both forms as input, and print it
Andreas Gustafsson's avatar
Andreas Gustafsson committed
419
			as CH. [RT #305]
420

Andreas Gustafsson's avatar
Andreas Gustafsson committed
421
422
423
424
 473.	[bug]		nsupdate overran the end of the list of name servers
			when no servers could be reached, typically causing 
			it to print the error message "dns_request_create:
			not implemented".
425
426
427
428

 472.	[bug]		Off-by-one error caused isc_time_add() to sometimes
			produce invalid time values.

429
430
 471.	[bug]		nsupdate didn't compile on HP/UX 10.20

431
432
433
 470.	[feature]	$GENERATE is now supported.  See also
			doc/misc/migration.

434
435
 469.	[bug]		"query-source address * port 53;" now works.

436
437
438
439
440
441
442
443
 468.	[bug]		dns_master_load*() failed to report file and line
			number in certain error conditions.

 467.	[bug]		dns_master_load*() failed to log an error if
			pushfile() failed.

 466.	[bug]		dns_master_load*() could return success when it failed.

444
445
 465.	[cleanup]	Allow 0 to be set as an omapi_value_t value by
			omapi_value_storeint().
Andreas Gustafsson's avatar
Andreas Gustafsson committed
446

447
 464.	[cleanup]	Build with openssl's RSA code instead of dnssafe.
448

Andreas Gustafsson's avatar
Andreas Gustafsson committed
449
450
451
 463.	[bug]		nsupdate sent malformed SOA queries to the second
			and subsequent name servers in resolv.conf if the
			query sent to the first one failed.
452

453
454
 462.	[bug]		--disable-ipv6 should work now.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
455
456
457
 461.	[bug]		Specifying an unknown key in the "keys" clause of the
			"controls" statement caused a NULL pointer dereference.
			[RT #316]
458

459
460
 460.	[bug]		Much of the DNSSEC code only worked with class IN.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
461
 459.	[bug]		Nslookup processed the "set" command incorrectly.
462

463
 458.	[bug]		Nslookup didn't properly check class and type values.
Michael Sawyer's avatar
Michael Sawyer committed
464
			[RT #305]
465

Andreas Gustafsson's avatar
Andreas Gustafsson committed
466
467
 457.	[bug]		Dig/host/hslookup didn't properly handle connect
			timeouts in certain situations, causing an 
Andreas Gustafsson's avatar
Andreas Gustafsson committed
468
			unnecessary warning message to be printed.
469

470
471
472
 456.	[bug]		Stub zones were not resetting the refresh and expire
			counters, loadtime or clearing the DNS_ZONE_REFRESH
			(refresh in progress) flag upon successful update.
473
474
			This disabled further refreshing of the stub zone,
			causing it to eventually expire. [RT #300]
475

476
477
478
 455.	[doc]		Document IPv4 prefix notation does not require a
			dotted decimal quad but may be just dotted decimal.

479
 454.	[bug]		Enforce dotted decimal and dotted decimal quad where
480
			documented as such in named.conf. [RT #304, RT #311]
481

482
483
484
 453.	[bug]		Warn if the obsolete option "maintain-ixfr-base"
			is specified in named.conf. [RT #306]

485
486
487
488
 452.	[bug]		Warn if the unimplemented option "statistics-file"
			is specified in named.conf. [RT #301]

 451.	[func]		Update forwarding implememted.
489
490
491

 450.	[func]		New function ns_client_sendraw().

492
493
494
495
496
 449.	[bug]		isc_bitstring_copy() only works correctly if the
			two bitstrings have the same lsb0 value, but this
			requirement was not documented, nor was there a
			REQUIRE for it.

497
 448.	[bug]		Host output formatting change, to match v8. [RT #255]
498

499
 447.	[bug]		Dig didn't properly retry in TCP mode after
500
501
			a truncated reply.  [RT #277]

502
503
 446.	[bug]		Confusing notify log message. [RT #298]

504
505
506
507
 445.	[bug]		Doing a 0 bit isc_bitstring_copy() of an lsb0
			bitstring triggered a REQUIRE statement.  The REQUIRE
			statement was incorrect. [RT #297]

508
509
510
511
512
 444.	[func]		"recursion denied" messages are always logged at
			debug level 1, now, rather than sometimes at ERROR.
			This silences these warnings in the usual case, where
			some clients set the RD bit in all queries.

513
514
515
516
517
 443.	[bug]		When loading a master file failed because of an
			unrecognized RR type name, the error message
			did not include the file name and line number. 
			[RT #285]

518
519
520
 442.	[bug]		TSIG signed messages that did not match any view
			crashed the server. [RT #290]

521
522
523
 441.	[bug]		Nodes obscured by a DNAME were inaccessible even
			when DNS_DBFIND_GLUEOK was set.

524
525
 440.	[func]		New function dns_zone_forwardupdate().

526
527
 439.	[func]		New function dns_request_createraw().

528
529
 438.	[func]		New function dns_message_getrawmessage().

530
 437.	[func]		Log NOTIFY activity to the notify channel.
Michael Graff's avatar
Michael Graff committed
531

532
533
534
535
 436.	[bug]		If recvmsg() returned EHOSTUNREACH or ENETUNREACH,
			which sometimes happens on Linux, named would enter
			a busy loop.  Also, unexpected socket errors were
			not logged at a high enough logging level to be
536
			useful in diagnosing this situation. [RT #275]
537

538
539
540
541
542
543
544
545
 435.	[bug]		dns_zone_dump() overwrote existing zone files 
			rather than writing to a temporary file and
			renaming.  This could lead to empty or partial
			zone files being left around in certain error
			conditions involving the initial transfer of a
			slave zone, interfering with subsequent server
			startup. [RT #282]

546
547
 434.	[func]		New function isc_file_isabsolute().

548
 433.	[func]		isc_base64_decodestring() now accepts newlines
549
			within the base64 data.	 This makes it possible 
550
551
552
			to break up the key data in a "trusted-keys"
			statement into multiple lines. [RT #284]

553
554
555
 432.	[func]		Added refresh/retry jitter.  The actual refresh/
			retry time is now a random value between 75% and
			100% of the configured value.
Michael Graff's avatar
Michael Graff committed
556
557
558
559
560
561
562
563

 431.	[func]		Log at ISC_LOG_INFO when a zone is successfully
			loaded.

 430.	[bug]		Rewrote the lightweight resolver client management
			code to handle shutdown correctly and general
			cleanup.

564
565
566
567
 429.	[bug]		The space reserved for a TSIG record in a response
			was 2 bytes too short, leading to message
			generation failures.

568
 428.	[bug]		rbtdb.c:find_closest_nxt() erroneously returned
569
570
571
572
			DNS_R_BADDB for nodes which had neither NXT nor SIG NXT
			(e.g. glue).  This could cause SERVFAILs when
			generating negative responses in a secure zone.

573
574
575
576
 427.	[bug]		Avoid going into an infinite loop when the validator
			gets a negative response to a key query where the
			records are signed by the missing key.

577
578
579
 426.	[bug]		Attempting to generate an oversized RSA key could
			cause dnssec-keygen to dump core.

580
581
582
 425.	[bug]		Warn about the auth-nxdomain default value change
			if there is no auth-nxdomain statement in the
			config file. [RT #287]
Andreas Gustafsson's avatar
Andreas Gustafsson committed
583

Michael Graff's avatar
Michael Graff committed
584
585
586
587
 424.	[bug]		notify_createmessage() could trigger an assertion
			failure when creating the notify message failed,
			e.g. due to corrupt zones with multiple SOA records.
			[RT #279]
588

589
590
591
592
 423.	[bug]		When responding to a recusive query, errors that occur
			after following a CNAME should cause the query to fail.
			[RT #274]

593
594
 422.	[func]		get rid of isc_random_t, and make isc_random_get()
			and isc_random_jitter() use rand() internally
595
			instead of local state.	 Note that isc_random_*()
596
597
598
			functions are only for weak, non-critical "randomness"
			such as timing jitter and such.

599
600
 421.	[bug]		nslookup would exit when given a blank line as input.

601
602
 420.	[bug]		nslookup failed to implement the "exit" command.

603
604
 419.	[bug]		The certificate type PKIX was misspelled as SKIX.

605
606
607
608
 418.	[bug]		At debug levels >= 10, getting an unexpected
			socket receive error would crash the server
			while trying to log the error message.

609
610
611
612
 417.	[func]		Add isc_app_block() and isc_app_unblock(), which
			allow an application to handle signals while
			blocking.		

613
614
 416.	[bug]		Slave zones with no master file tried to use a
			NULL pointer for a journal file name when they
Andreas Gustafsson's avatar
Andreas Gustafsson committed
615
			received an IXFR. [RT #273]
616

617
618
 415.	[bug]		The logging code leaked file descriptors.

619
620
621
 414.	[bug]		Server did not shut down until all incoming zone 
			transfers were finished.

622
623
 413.	[bug]		Notify could attempt to use the zone database after
			it had been unloaded. [RT#267]
624

625
626
 412.	[bug]		named -v didn't print the version.

627
628
 411.	[bug]		A typo in the HS A code caused an assertion failure.

629
630
631
 410.	[bug]		lwres_gethostbyname() and company set lwres_h_errno
			to a random value on success.

632
633
634
635
 409.	[bug]		If named was shut down early in the startup
			process, ns_omapi_shutdown() would attempt to lock
			an unintialized mutex. [RT #262]

Andreas Gustafsson's avatar
typo    
Andreas Gustafsson committed
636
 408.	[bug]		stub zones could leak memory and reference counts if
637
			all the masters were unreachable.
638

639
 407.	[bug]		isc_rwlock_lock() would needlessly block
Andreas Gustafsson's avatar
typo    
Andreas Gustafsson committed
640
			readers when it reached the read quota even
641
642
			if no writers were waiting.

643
644
645
 406.	[bug]		Log messages were occasionally lost or corrupted
			due to a race condition in isc_log_doit().

646
647
 405.	[func]		Add support for selective forwarding (forward zones)

648
649
 404.	[bug]		The request library didn't completely work with IPv6.

650
651
 403.	[bug]		"host" did not use the search list.

652
653
654
655
 402.	[bug]		Treat undefined acls as errors, rather than
			warning and then later throwing an assertion.
			[RT #252]

656
657
658
 400.	[bug]		SIG(0) signing and verifying was done incorrectly.
			[RT #249]

659
660
661
662
663
664
665
666
 399.	[bug]		When reloading the server with a config file
			containing a syntax error, it could catch an
			assertion failure trying to perform zone
			maintenance on, or sending notifies from,
			tentatively created zones whose	views were
			never fully configured and lacked an address 
			database and request manager.

667
668
669
 398.	[bug]		"dig" sometimes caught an assertion failure when
			using TSIG, depending on the key length.

670
671
 397.	[func]		Added utility functions dns_view_gettsig() and
			dns_view_getpeertsig().
672

673
674
675
 396.	[doc]		There is now a man page for "nsupdate" 
			in doc/man/bin/nsupdate.8.

676
677
678
 395.	[bug]		nslookup printed incorrect RR type mnemonics
			for RRs of type >= 21 [RT #237].

679
680
681
682
683
684
685
686
687
 394.	[bug]		Current name was not propagated via $INCLUDE.

 393.	[func]		Initial answer while loading (awl) support.
			Entry points: dns_master_loadfileinc(),
			dns_master_loadstreaminc(), dns_master_loadbufferinc().
			Note: calls to dns_master_load*inc() should be rate
			be rate limited so as to not use up all file
			descriptors.

688
689
690
691
692
 392.	[func]		Add ISC_R_FAMILYNOSUPPORT.  Returned when OS does
			not support the given address family requested. 

 391.	[clarity]	ISC_R_FAMILY -> ISC_R_FAMILYMISMATCH.

693
694
695
696
697
 390.	[func]		The function dns_zone_setdbtype() now takes
			an argc/argv style vector of words and sets 
			both the zone database type and its arguments,
			making the functions dns_zone_adddbarg()
			and dns_zone_cleardbargs() unnecessary.
Andreas Gustafsson's avatar
   
Andreas Gustafsson committed
698

699
700
701
702
 389.	[bug]		Attempting to send a reqeust over IPv6 using 
			dns_request_create() on a system without IPv6
			support caused an assertion failure [RT #235].

Brian Wellington's avatar
Brian Wellington committed
703
 388.	[func]		dig and host can now do reverse ipv6 lookups.
704

705
706
707
 387.	[func]		Add dns_byaddr_createptrname(), which converts
			an address into the name used by a PTR query.

708
 386.	[bug]		Missing strdup() of ACL name caused random
709
			ACL matching failures [RT #228].
710

711
712
 385.	[cleanup]	Removed functions dns_zone_equal(), dns_zone_print(),
			and dns_zt_print().
Andreas Gustafsson's avatar
   
Andreas Gustafsson committed
713

714
715
 384.	[bug]		nsupdate was incorrectly limiting TTLs to 65535 instead
			of 2147483647.
716

717
718
719
 383.	[func]		When writing a master file, print the SOA and NS
			records (and their SIGs) before other records.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
720
721
722
 382.	[bug]		named -u failed on many Linux systems where the
			libc provided kernel headers do not match
			the current kernel.
723

724
725
726
 381.	[bug]		Check for IPV6_RECVPKTINFO and use it instead of
			IPV6_PKTINFO if found. [RT #229]

727
728
 380.	[bug]		nsupdate didn't work with IPv6.

729
730
 379.	[func]		New library function isc_sockaddr_anyofpf().

731
732
 378.	[func]		named and lwresd will log the command line arguments
			they were started with in the "starting ..." message.
733

Brian Wellington's avatar
typo    
Brian Wellington committed
734
 377.	[bug]		When additional data lookups were refused due to 
735
736
737
			"allow-query", the databases were still being
			attached causing reference leaks.

738
739
740
 376.	[bug]		The server should always use good entropy when
			performing cryptographic functions needing entropy.

741
742
743
744
745
746
 375.	[bug]		Per-zone "allow-query" did not properly override the
			view/global one for CNAME targets and additional
			data [RT #220].

 374.	[bug]		SOA in authoritative negative responses had wrong TTL.

747
748
 373.	[func]		nslookup is now installed by "make install".

749
 372.	[bug]		Deal with Microsoft DNS servers appending two bytes of
750
751
			garbage to zone transfer requests.

752
753
754
755
 371.	[bug]		At high debug levels, doing an outgoing zone transfer
			of a very large RRset could cause an assertion failure
			during logging.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
756
 370.	[bug]		The error messages for rollforward failures were
757
758
			overly terse.

759
760
761
762
 369.	[func]		Support new named.conf options, view and zone 
			statements: 

				max-retry-time, min-retry-time, 
763
				max-refresh-time, min-refresh-time.
764

765
766
767
 368.	[func]		Restructure the internal ".bind" view so that more
			zones can be added to it.

David Lawrence's avatar
tabify    
David Lawrence committed
768
 367.	[bug]		Allow proper selection of server on nslookup command
769
770
			line.

David Lawrence's avatar
tabify    
David Lawrence committed
771
 366.	[func]		Allow use of '-' batch file in dig for stdin.
772

773
774
 365.	[bug]		nsupdate -k leaked memory.

Michael Graff's avatar
Michael Graff committed
775
776
 364.	[func]		Added additional-from-{cache,auth}

777
778
779
 362.	[bug]		rndc no longer aborts if the configuration file is
			missing an options statement. [RT #209]

780
781
782
783
784
785
786
787
788
789
 361.	[func]		When the RBT find or chain functions set the name and
			origin for a node that stores the root label
			the name is now set to an empty name, instead of ".",
			to simplify later use of the name and origin by
			dns_name_concatenate(), dns_name_totext() or
			dns_name_format().

 360.	[func]		dns_name_totext() and dns_name_format() now allow
			an empty name to be passed, which is formatted as "@".

790
791
 359.	[bug]		dnssec-signzone occasionally signed glue records.

792
793
794
 358.	[cleanup]	Rename the intermediate files used by the dnssec
			programs.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
795
796
 357.	[bug]		The zone file parser crashed if the argument
			to $INCLUDE was a quoted string.
797

798
799
800
 356.	[cleanup]	isc_task_send no longer requires event->sender to
			be non-null.

801
802
 355.	[func]		Added isc_dir_createunique(), similar to mkdtemp().

803
804
805
 354.	[doc]		Man pages for the dnssec tools are now included in
			the distribution, in doc/man/dnssec.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
806
 353.	[bug]		double increment in lwres/gethost.c:copytobuf().
807
			(RT# 187)
808

809
810
811
 352.	[bug]		Race condition in dns_client_t startup could cause
			an assertion failure.

812
813
814
 351.	[bug]		Constructing a response with rcode SERVFAIL to a TSIG
			signed query could crash the server.

815
816
817
818
 350.	[bug]		Also-notify lists specified in the global options
			block were not correctly reference counted, causing
			a memory leak.

819
 349.	[bug]		Processing a query with the CD bit set now works
820
821
			as expected.

822
823
824
 348.	[func]		New boolean named.conf options 'additional-from-auth'
			and 'additional-from-cache' now supported in view and
			global options statement.
825

826
 347.	[bug]		Don't crash if an argument is left off options in dig.
827

828
829
830
 346.	[func]		Add support for .digrc config file, in the
			user's current directory

831
832
833
834
835
836
 345.	[bug]		Large-scale changes/cleanups to dig:
			* Significantly improve structure handling
			* Don't pre-load entire batch files
			* Add name/rr counting/limiting
			* Fix SIGINT handling
			* Shorten timeouts to match v8's behavior
837
838

 344.	[bug]		When shutting down, lwresd sometimes tried
839
			to shut down its client tasks twice,
840
841
			triggering an assertion.

842
843
844
845
846
847
848
849
850
 343.	[bug]		Although zone maintenance SOA queries and
			notify requests were signed with TSIG keys
			when configured for the server in case,
			the TSIG was not verified on the response.

 342.	[bug]		The wrong name was being passed to
			dns_name_dup() when generating a TSIG
			key using TKEY.

851
852
853
 340.	[bug]		The top-level COPYRIGHT file was missing from
			the distribution.

Andreas Gustafsson's avatar
   
Andreas Gustafsson committed
854
855
856
857
 339.	[bug]		DNSSEC validation of the response to an ANY
			query at a name with a CNAME RR in a secure
			zone triggered an assertion failure.

858
859
 338.	[bug]		lwresd logged to syslog as named, not lwresd.

860
861
862
 337.	[bug]		"dig" did not recognize "nsap-ptr" as an RR type
			on the command line.

863
864
865
866
 336.	[bug]		"dig -f" used 64 k of memory for each line in
			the file.  It now uses much less, though still
			proportionally to the file size.

867
868
869
 335.	[bug]		named would occasionally attempt recursion when
			it was disallowed or undesired.

870
871
 334.	[func]		Added hmac-md5 to libisc.

872
 333.	[bug]		The resolver incorrectly accepted referrals to
873
874
			domains that were not parents of the query name,
			causing assertion failures.
875

876
877
 332.	[func]		New function dns_name_reset().

878
879
 331.	[bug]		Only log "recursion denied" if RD is set. (RT #178)

880
881
882
 330.	[bug]		Many debugging messages were partially formatted
			even when debugging was turned off, causing a
			significant decrease in query performance.
883

884
885
886
887
 329.	[func]		omapi_auth_register() now takes a size_t argument for
			the length of a key's secret data.  Previously
			OMAPI only stored secrets up to the first NUL byte.

888
889
 328.	[func]		Added isc_base64_decodestring().

890
891
892
 327.	[bug]		rndc.conf parser wasn't correctly recognising an IP
			address where a host specification was required.

893
894
 326.	[func]		'keys' in an 'inet' control statement is now
			required and must have at least one item in it.
895
896
			A "not supported" warning is now issued if a 'unix'
			control channel is defined.
897

898
899
 325.	[bug]		isc_lex_gettoken was processing octal strings when
			ISC_LEXOPT_CNUMBER was not set.
Andreas Gustafsson's avatar
Andreas Gustafsson committed
900

901
902
903
904
 324.	[func]		In the resolver, turn EDNS0 off if there is no
			response after a number of retransmissions.
			This is to allow queries some chance of succeeding
			even if all the authoritative servers of a zone
905
			silently discard EDNS0 requests instead of
906
907
			sending an error response like they ought to.

908
 323.	[bug]		dns_rbt_findname() did not ignore empty rbt nodes.
909
			Because of this, servers authoritative for a parent
910
911
912
913
			and grandchild zone but not authoritative for the
			intervening child zone did not correctly issue
			referrals to the servers of the child zone.

914
 322.	[bug]		Queries for KEY RRs are now sent to the parent
Andreas Gustafsson's avatar
Andreas Gustafsson committed
915
			server before the authoritative one, making
916
917
918
			DNSSEC insecurity proofs work in many cases
			where they previously didn't.

919
920
921
922
923
 321.	[bug]		When synthesizing a CNAME RR for a DNAME
			response, query_addcname() failed to intitialize
			the type and class of the CNAME dns_rdata_t,
			causing random failures.

924
925
926
927
928
 320.	[func]		Multiple rndc changes: parses an rndc.conf file,
			uses authentication to talk to named, command
			line syntax changed.  This will all be described
			in the ARM.

929
930
931
 319.	[func]		The named.conf "controls" statement is now used
			to configure the OMAPI command channel.

932
933
934
 318.	[func]		dns_c_ndcctx_destroy() could never return anything
			except ISC_R_SUCCESS; made it have void return instead.

935
936
937
938
 317.	[func]		Use callbacks from libomapi to determine if a
			new connection is valid, and if a key requested
			to be used with that connection is valid.

939
940
 316.	[bug]		Generate a warning if we detect an unexpected <eof>
			but treat as <eol><eof>.
941

Mark Andrews's avatar
Mark Andrews committed
942
 315.	[bug]		Handle non-empty blanks lines. (RT #163)
943

944
 314.	[func]		The named.conf controls statement can now have
945
			more than one key specified for the inet clause.
946

947
 313.	[bug]		When parsing resolv.conf, don't terminate on an
948
			error.	Instead, parse as much as possible, but
949
950
			still return an error if one was found.

951
952
953
954
955
 312.	[bug]		Increase the number of allowed elements in the
			resolv.conf search path from 6 to 8.  If there
			are more than this, ignore the remainder rather
			than returning a failure in lwres_conf_parse.

956
957
958
 311.	[bug]		lwres_conf_parse failed when the first line of
			resolv.conf was empty or a comment.

959
960
961
962
963
964
965
966
967
968
969
970
971
 310.	[func]		Changes to named.conf "controls" statement (inet
			subtype only)

			  - support "keys" clause

				controls {
				   inet * port 1024
					allow { any; } keys { "foo"; }
				}

			  - allow "port xxx" to be left out of statement,
			    in which case it defaults to omapi's default port
			    of 953.
972

973
974
975
976
977
978
 309.	[bug]		When sending a referral, the server did not look
			for name server addresses as glue in the zone
			holding the NS RRset in the case where this zone
			was not the same as the one where it looked for
			name server addresses as authoritative data.

979
980
981
 308.	[bug]		Treat a SOA record not at top of zone as an error
			when loading a zone. (RT #154)

982
983
984
985
986
987
 307.	[bug]		When canceling a query, the resolver didn't check for
			isc_socket_sendto() calls that did not yet have their
			completion events posted, so it could (rarely) end up
			destroying the query context and then want to use
			it again when the send event posted, triggering an
			assertion as it tried to cancel an already-canceled
988
			query.	(RT #77)
989

990
 306.	[bug]		Reading HMAC-MD5 private key files didn't work.
991

992
 305.	[bug]		When reloading the server with a config file
Andreas Gustafsson's avatar
style    
Andreas Gustafsson committed
993
994
995
996
997
998
			containing a syntax error, it could catch an
			assertion failure trying to perform zone
			maintenance on tentatively created zones whose
			views were never fully configured and lacked
			an address database.

999
1000
1001
1002
 304.	[bug]		If more than LWRES_CONFMAXNAMESERVERS servers
			are listed in resolv.conf, silently ignore them
			instead of returning failure.

1003
 303.	[bug]		Add additional sanity checks to differentiate a AXFR
1004
1005
			response vs a IXFR response. (RT #157)

1006
 302.	[bug]		In dig, host, and nslookup, MXNAME should be large
Andreas Gustafsson's avatar
style    
Andreas Gustafsson committed
1007
1008
			enough to hold any legal domain name in presentation
			format + terminating NULL.
1009

Andreas Gustafsson's avatar
style    
Andreas Gustafsson committed
1010
 301.	[bug]		Uninitalised pointer in host:printmessage(). (RT #159)
1011

1012
1013
1014
1015
1016
1017
 300.	[bug]		Using both <isc/net.h> and <lwres/net.h> didn't work
			on platforms lacking IPv6 because each included their
			own ipv6 header file for the missing definitions.  Now
			each library's ipv6.h defines the wrapper symbol of
			the other (ISC_IPV6_H and LWRES_IPV6_H).

1018
1019
1020
 299.	[cleanup]	Get the user and group information before changing the
			root directory, so the administrator does not need to
			keep a copy of the user and group databases in the
1021
			chroot'ed environment.	Suggested by Hakan Olsson.
1022

1023
1024
1025
1026
 298.	[bug]		A mutex deadlock occurred during shutdown of the
			interface manager under certain conditions.
			Digital Unix systems were the most affected.

1027
1028
 297.	[bug]		Specifying a key name that wasn't fully qualified
			in certain parts of the config file could cause
1029
			an assertion failure.
1030

1031
1032
1033
1034
 296.	[bug]		"make install" from a separate build directory
			failed unless configure had been run in the source
			directory, too.

1035
1036
1037
1038
1039
1040
1041
1042
 295.	[bug]		When invoked with type==CNAME and a message
			not constructed by dns_message_parse(),
			dns_message_findname() failed to find anything
			due to checking for attribute bits that are set
			only in dns_message_parse().   This caused an
			infinite loop when constructing the response to
			an ANY query at a CNAME in a secure zone.

1043
1044
1045
1046
1047
 294.	[bug]		If we run out of space in while processing glue
			when reading a master file and commit "current name"
			reverts to "name_current" instead of staying as
			"name_glue".

1048
 293.	[port]		Add support for FreeBSD 4.0 system tests.
1049

1050
1051
1052
1053
1054
1055
1056
 292.	[bug]		Due to problems with the way some operating systems
			handle simultaneous listening on IPv4 and IPv6
			addresses, the server no longer listens on IPv6
			addresses by default.  To revert to the previous
			behavior, specify "listen-on-v6 { any; };" in
			the config file.

1057
1058
1059
1060
 291.	[func]		Caching servers no longer send outgoing queries
			over TCP just because the incoming recursive query
			was a TCP one.

1061
 290.	[cleanup]	+twiddle option to dig (for testing only) removed.
1062

1063
1064
1065
1066
1067
1068
1069
1070
1071
 289.	[cleanup]	dig is now installed in $bindir instead of $sbindir.
			host is now installed in $bindir.  (Be sure to remove
			any $sbindir/dig from a previous release.)

 288.	[func]		rndc is now installed by "make install" into $sbindir.

 287.	[bug]		rndc now works again as "rndc 127.1 reload" (for
			only that task).  Parsing its configuration file and
			using digital signatures for authentication has been
David Lawrence's avatar
typos    
David Lawrence committed
1072
			disabled until named supports the "controls" statement,
1073
1074
			post-9.0.0.

1075
 286.	[bug]		On Solaris 2, when named inherited a signal state
1076
1077
1078
1079
			where SIGHUP had the SIG_IGN action, SIGHUP would
			be ignored rather than causing the server to reload
			its configuration.

1080
1081
 285.	[bug]		A change made to the dst API for beta4 inadvertently
			broke OMAPI's creation of a dst key from an incoming
1082
			message, causing an assertion to be triggered.	Fixed.
1083

1084
1085
1086
1087
1088
1089
 284.	[func]		The DNSSEC key generation and signing tools now
			generate randomness from keyboard input on systems
			that lack /dev/random.

 283.	[cleanup]	The 'lwresd' program is now a link to 'named'.

1090
 282.	[bug]		The lexer now returns ISC_R_RANGE if parsed integer is
1091
			too big for an unsigned long.
1092

1093
 281.	[bug]		Fixed list of recognized config file category names.
1094

1095
 280.	[func]		Add isc-config.sh, which can be used to more
Brian Wellington's avatar
Brian Wellington committed
1096
1097
1098
			easily build applications that link with
			our libraries.

1099
1100
1101
1102
 279.	[bug]		Private omapi function symbols shared between
			two or more files in libomapi.a were not namespace
			protected using the ISC convention of starting with
			the library name and two underscores ("omapi__"...)
1103

1104
1105
1106
1107
 278.	[bug]		bin/named/logconf.c:category_fromconf() didn't take
			note of when isc_log_categorybyname() wasn't able
			to find the category name and would then apply the
			channel list of the unknown category to all categories.
1108

1109
1110
1111
1112
1113
 277.	[bug]		isc_log_categorybyname() and isc_log_modulebyname()
			would fail to find the first member of any category
			or module array apart from the internal defaults.
			Thus, for example, the "notify" category was improperly
			configured by named.
1114

1115
1116
 276.	[bug]		dig now supports maximum sized TCP messages.

1117
 275.	[bug]		The definition of lwres_gai_strerror() was missing
Andreas Gustafsson's avatar
Andreas Gustafsson committed
1118
			the lwres_ prefix.
1119

Andreas Gustafsson's avatar
Andreas Gustafsson committed
1120
1121
 274.	[bug]		TSIG AXFR verify failed when talking to a BIND 8
			server.
1122

1123
1124
1125
1126
1127
 273.	[func]		The default for the 'transfer-format' option is
			now 'many-answers'.  This will break zone transfers
			to BIND 4.9.5 and older unless there is an explicit
			'one-answer' configuration.

1128
1129
1130
1131
1132
1133
 272.	[bug]		The sending of large TCP responses was canceled
			in mid-transmission due to a race condition
			caused by the failure to set the client object's
			"newstate" variable correctly when transitioning
			to the "working" state.

Brian Wellington's avatar
Brian Wellington committed
1134
1135
1136
 271.	[func]		Attempt to probe the number of cpus in named
			if unspecified rather than defaulting to 1.

1137
1138
 270.	[func]		Allow maximum sized TCP answers.

1139
1140
1141
1142
 269.	[bug]		Failed DNSSEC validations could cause an assertion
			failure by causing clone_results() to be called with
			with hevent->node == NULL.

1143
 268.	[doc]		A plain text version of the Administrator
1144
1145
1146
			Reference Manual is now included in the distribution,
			as doc/arm/Bv9ARM.txt.

1147
1148
 267.	[func]		Nsupdate is now provided in the distribution.

1149
 266.	[bug]		zone.c:save_nsrrset() node was not initalized.
1150

Mark Andrews's avatar
typo    
Mark Andrews committed
1151
 265.	[bug]		dns_request_create() now works for TCP.
1152
1153
1154
1155
1156
1157
1158

 264.	[func]		Dispatch can not take TCP sockets in connecting
			state.	Set DNS_DISPATCHATTR_CONNECTED when calling
			dns_dispatch_createtcp() for connected TCP sockets
			or call dns_dispatch_starttcp() when the socket is
			connected.

1159
1160
1161
1162
1163
1164
1165
 263.	[func]		New logging channel type 'stderr'

				channel some-name {
					stderr;
					severity error;
				}

Andreas Gustafsson's avatar