CHANGES 91.2 KB
Newer Older
1

Andreas Gustafsson's avatar
Andreas Gustafsson committed
2
3
 787.	[bug]		The DNSSEC tools failed to downcase domain
			names when mapping them into file names.
4

Andreas Gustafsson's avatar
Andreas Gustafsson committed
5
6
 786.	[bug]		When DNSSEC signing/verifying data, owner names were
			not properly downcased.
7

8
9
10
 785.	[bug]		A race condition in the resolver could cause
			an assertion failure. [RT #673, #872, #1048]

11
12
 784.	[bug]		nsupdate and other programs would not quit properly
			if some signals were blocked by the caller. [RT #1081]
13

14
15
16
17
 783.	[bug]		Following CNAMEs could cause an assertion failure
			when either using an sdb database or under very
			rare conditions.

18
19
 782.	[feature]	Implement the serial-query-rate option.

20
21
22
 781.	[func]		Avoid error packet loops by dropping duplicate FORMERR
			responses. [RT #1006]

23
24
 780.	[bug]		Error handling code dealing with out of memory or
			other rare errors could lead to assertion failures
Andreas Gustafsson's avatar
Andreas Gustafsson committed
25
			by calling functions on unitialized names. [RT #1065]
26

Bob Halley's avatar
Bob Halley committed
27
 779.	[func]		Added the "minimal-responses" option.
28
29
30
31
32

 778.	[bug]		When starting cache cleaning, cleaning_timer_action()
			returned without first pausing the iterator, which
			could cause deadlock. [RT #998]

33
34
 777.	[bug]		An empty forwarders list in a zone failed to override
			global forwarders. [RT #995]
Brian Wellington's avatar
Brian Wellington committed
35

36
37
 776.	[func]		Improved error reporting in denied messages. [RT #252]

Brian Wellington's avatar
Brian Wellington committed
38
 775.	[placeholder]
39

40
41
42
43
44
 774.	[func]		max-cache-size is implemented.

 773.	[func]		Added isc_rwlock_trylock() to attempt to lock without
			blocking.

45
46
47
48
 772.	[bug]		Owner names could be incorrectly omitted from cache
			dumps in the presence of negative caching entries.
			[RT #991]

49
 771.	[cleanup]	TSIG errors related to unsynchronized clocks
Andreas Gustafsson's avatar
Andreas Gustafsson committed
50
			are logged better. [RT #919]
51

52
53
54
 770.	[func]		Add the "edns yes_or_no" statement to the server
			clause. [RT #524]

55
56
 769.	[func]		Improved error reporting when parsing rdata. [RT #740]

57
58
59
60
 768.	[bug]		The server did not emit an SOA when a CNAME
			or DNAME chain ended in NXDOMAIN in an
			authoritative zone.

Brian Wellington's avatar
Brian Wellington committed
61
 767.	[placeholder]
62

Bob Halley's avatar
Bob Halley committed
63
64
 766.	[bug]		A few cases in query_find() could leak fname.
			This would trigger the mpctx->allocated == 0
65
66
67
			assertion when the server exited.
			[RT #739, #776, #798, #812, #818, #821, #845,
			#892, #935, #966]
Bob Halley's avatar
Bob Halley committed
68

69
70
71
72
73
74
75
76
77
78
79
80
 765.	[func]		ACL names are once again case insensitive, like
			in BIND 8. [RT #252]

 764.	[func]		Configuration files now allow "include" directives
			in more places, such as inside the "view" statement.
			[RT #377, #728, #860]

 763.	[func]		Configuration files no longer have reserved words.
			[RT #731, #753]

 762.	[cleanup]	The named.conf and rndc.conf file parsers have
			been completely rewritten.
81

82
83
84
 761.	[bug]		_REENTRANT was still defined when building with
			--disable-threads.

85
86
 760.	[contrib]	Significant enhancements to the pgsql sdb driver.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
87
88
89
90
91
92
93
94
95
96
 759.	[bug]		The resolver didn't turn off "avoid fetches" mode
			when restarting, possibly causing resolution
			to fail when it should not.  This bug only affected
			platforms which support both IPv4 and IPv6. [RT #927]

 758.	[bug]		The "avoid fetches" code did not treat negative
			cache entries correctly, causing fetches that would
			be useful to be avoided.  This bug only affected
			platforms which support both IPv4 and IPv6. [RT #927]

97
98
 757.	[func]		Log zone transfers.

99
100
101
 756.	[bug]		dns_zone_load() could "return" success when no master
			file was configured.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
102
 755.	[bug]		Fix incorrectly formatted log messages in zone.c.
103

104
105
 754.	[bug]		Certain failure conditions sending UDP packets
			could cause the server to retry the transmission
106
107
			indefinitely. [RT #902]

108
109
110
 753.	[bug]		dig, host, and nslookup would fail to contact a
			remote server if getaddrinfo() returned an IPv6
			address on a system that doesn't support IPv6.
Brian Wellington's avatar
Brian Wellington committed
111
			[RT #917]
112

Andreas Gustafsson's avatar
Andreas Gustafsson committed
113
114
 752.	[func]		Correct bad tv_usec elements returned by
			gettimeofday().
115

Mark Andrews's avatar
Mark Andrews committed
116
 751.	[func]		Log successful zone loads / transfers.	[RT #898]
117

118
119
120
121
122
123
 750.	[bug]		A query should not match a DNAME whose trust level
			is pending.  [RT #916]

 749.	[bug]		When a query matched a DNAME in a secure zone, the
			server did not return the signature of the DNAME.
			[RT #915]
124
125

 748.	[doc]		List supported RFCs in doc/misc/rfc-compliance.
Andreas Gustafsson's avatar
Andreas Gustafsson committed
126
			[RT #781]
127

128
129
 747.	[bug]		The code to determine whether an IXFR was possible
			did not properly check for a database that could
130
			not have a journal. [RT #865, #908]
131

132
133
134
 746.	[bug]		The sdb didn't clone rdatasets properly, causing
			a crash when the server followed delegations. [RT #905]

Andreas Gustafsson's avatar
Andreas Gustafsson committed
135
 745.	[func]		Report the owner name of records that fail
Mark Andrews's avatar
Mark Andrews committed
136
			semantic checks while loading.
137

138
139
140
141
142
 744.	[bug]		When returning DNS_R_CNAME or DNS_R_DNAME as the
			result of an ANY or SIG query, the resolver failed
			to setup the return event's rdatasets, causing an
			assertion failure in the query code.  [RT #881]

143
144
 743.	[bug]		Receiving a large number of certain malformed
			answers could cause named to stop responding.
Andreas Gustafsson's avatar
Andreas Gustafsson committed
145
			[RT #861]
146

Brian Wellington's avatar
Brian Wellington committed
147
148
 742.	[placeholder]

149
150
 741.	[port]		Support openssl-engine. [RT #709]

151
152
 740.	[port]		Handle openssl library mismatches slightly better.

153
154
155
156
 739.	[port]		Look for /dev/random in configure, rather than
			assuming it will be there for only a predefined
			set of OSes.

157
158
 738.	[bug]		If a non-threadsafe sdb driver supported AXFR and
			received an AXFR request, it would deadlock or die
159
			with an assertion failure. [RT #852]
160

Andreas Gustafsson's avatar
Andreas Gustafsson committed
161
 737.	[port]		stdtime.c failed to compile on certain platforms.
162
163
164

 736.	[func]		New functions isc_task_{begin,end}exclusive().

165
 735.	[doc]		Add BIND 4 migration notes.
166

167
 734.	[bug]		An attempt to re-lock the zone lock could occur if
Mark Andrews's avatar
Mark Andrews committed
168
169
			the server was shutdown during a zone tranfer.
			[RT #830]
170
171

 733.	[bug]		Reference counts of dns_acl_t objects need to be
172
			locked but were not. [RT #801, #821]
173

Bob Halley's avatar
Bob Halley committed
174
175
 732.	[bug]		Glue with 0 TTL could also cause SERVFAIL.  [RT #828]

Brian Wellington's avatar
Brian Wellington committed
176
 731.	[bug]		Certain zone errors could cause named-checkzone to
177
			fail ungracefully.  [RT #819]
178
179
180
181

 730.	[bug]		lwres_getaddrinfo() returns the correct result when
			it fails to contact a server. [RT #768]

182
183
 729.	[port]		pthread_setconcurrency() needs to be called on Solaris.

184
185
 728.	[bug]		Fix comment processing on master file directives.
			[RT# 757]
186

187
188
189
190
191
 727.	[port]		Work around OS bug where accept() succeeds but
			fails to fill in the peer address of the accepted
			connection, by treating it as an error rather than
			an assertion failure. [RT #809]

192
193
 726.	[func]		Implement the "trace" and "notrace" commands in rndc.

194
195
 725.	[bug]		Installing man pages could fail.

196
197
198
 724.	[func]		New libisc functions isc_netaddr_any(),
			isc_netaddr_any6().

199
200
201
202
 723.	[bug]		Referrals whose NS RRs had a 0 TTL caused the resolver
			to return DNS_R_SERVFAIL.  [RT #783]

 722.	[func]		Allow incremental loads to be canceled.
203
204
205

 721.	[cleanup]	Load manager and dns_master_loadfilequota() are no
			more.
206
207
208
209

 720.	[bug]		Server could enter infinite loop in
			dispatch.c:do_cancel(). [RT #733]

210
 719.	[bug]		Rapid reloads could trigger an assertion failure.
Andreas Gustafsson's avatar
Andreas Gustafsson committed
211
			[RT #743, #763]
212
213
214
215

 718.	[cleanup]	"internal" is no longer a reserved word in named.conf.
			[RT #753, #731]

216
217
218
219
 717.	[bug]		Certain TKEY processing failure modes could
			reference an uninitialized variable, causing the
			server to crash. [RT #750]

220
 716.	[bug]		The first line of a $INCLUDE master file was lost if
Andreas Gustafsson's avatar
grammar    
Andreas Gustafsson committed
221
			an origin was specified. [RT #744]
222
223
224
225

 715.	[bug]		Resolving some A6 chains could cause an assertion
			failure in adb.c. [RT #738]

226
227
228
 714.	[bug]		Preserve interval timers across reloads unless changed.
			[RT# 729]

229
230
 713.	[func]		named-checkconf takes '-t directory' similar to named.
			[RT #726]
Andreas Gustafsson's avatar
grammar    
Andreas Gustafsson committed
231

232
233
234
 712.	[bug]		Sending a large signed update message caused an
			assertion failure. [RT #718]

235
236
237
 711.	[bug]		The libisc and liblwres implementations of
			inet_ntop contained an off by one error.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
238
239
 710.	[func]		The forwarders statement now takes an optional
			port. [RT #418]
240

241
242
243
 709.	[bug]		ANY or SIG queries for data with a TTL of 0
			would return SERVFAIL. [RT #620]

244
 708.	[bug]		When building with --with-openssl, the openssl headers
Andreas Gustafsson's avatar
Andreas Gustafsson committed
245
			included with BIND 9 should not be used. [RT #702]
246

247
 707.	[func]		The "filename" argument to named-checkzone is no
Andreas Gustafsson's avatar
typo    
Andreas Gustafsson committed
248
			longer optional, to reduce confusion. [RT #612]
249

250
251
 706.	[bug]		Zones with an explicit "allow-update { none; };"
			were considered dynamic and therefore not reloaded
Andreas Gustafsson's avatar
typo    
Andreas Gustafsson committed
252
			on SIGHUP or "rndc reload".
253

Andreas Gustafsson's avatar
grammar    
Andreas Gustafsson committed
254
 705.	[port]		Work out resource limit type for use where rlim_t is
255
256
			not available. [RT #695]

Mark Andrews's avatar
Mark Andrews committed
257
 704.	[port]		RLIMIT_NOFILE is not available on all platforms.
258
259
			[RT #695]

260
 703.	[port]		sys/select.h is needed on older platforms. [RT #695]
261

262
263
264
 702.	[func]		If the address 0.0.0.0 is seen in resolv.conf,
			use 127.0.0.1 instead. [RT #693]

265
266
267
268
269
270
271
 701.	[func]		Root hints are now fully optional.  Class IN
			views use compiled-in hints by default, as
			before.  Non-IN views with no root hints now
			provide authoritative service but not recursion.
			A warning is logged if a view has neither root
			hints nor authoritative data for the root. [RT #696]

272
 700.	[bug]		$GENERATE range check was wrong. [RT #688]
273

274
275
 699.	[bug]		The lexer mishandled empty quoted strings. [RT #694]

276
277
278
 698.	[bug]		Aborting nsupdate with ^C would lead to several
			race conditions.

279
280
281
282
 697.	[bug]		nsupdate was not compatible with the undocumented
			BIND 8 behavior of ignoring TTLs in "update delete"
			commands. [RT #693]

283
284
285
 696.	[bug]		lwresd would die with an assertion failure when passed
			a zero-length name.  [RT #692]

286
287
288
 695.	[bug]		If the resolver attempted to query a blackholed or
			bogus server, the resolution would fail immediately.

289
290
 694.	[bug]		$GENERATE did not produce the last entry.
			[RT #682, #683]
291

292
293
294
 693.	[bug]		An empty lwres statement in named.conf caused
			the server to crash while loading.

295
296
297
 692.	[bug]		Deal with systems that have getaddrinfo() but not
			gai_strerror(). [RT #679]

298
 691.	[bug]		Configuring per-view forwarders caused an assertion
Andreas Gustafsson's avatar
Andreas Gustafsson committed
299
			failure. [RT #675, #734]
300

301
302
 690.	[func]		$GENERATE now supports DNAME. [RT #654]

303
304
 689.	[doc]		man pages are now installed. [RT #210]

Bob Halley's avatar
Bob Halley committed
305
306
 688.	[func]		"make tags" now works on systems with the
			"Exuberant Ctags" etags.
307

308
309
 687.	[bug]		Only say we have IPv6, with sufficent functionality,
			if it has actually been tested.  [RT #586]
Andreas Gustafsson's avatar
style    
Andreas Gustafsson committed
310

311
312
313
 686.	[bug]		dig and nslookup can now be properly aborted during
			blocking operations. [RT #568]

Andreas Gustafsson's avatar
style    
Andreas Gustafsson committed
314
 685.	[bug]		nslookup should use the search list/domain options
315
			from resolv.conf by default. [RT #405, #630]
316

Andreas Gustafsson's avatar
style    
Andreas Gustafsson committed
317
 684.	[bug]		Memory leak with view forwarders. [RT #656]
318

Andreas Gustafsson's avatar
style    
Andreas Gustafsson committed
319
 683.	[bug]		File descriptor leak in isc_lex_openfile().
320

Mark Andrews's avatar
Mark Andrews committed
321
 682.	[bug]		nslookup displayed SOA records incorrectly. [RT #665]
322

Andreas Gustafsson's avatar
style    
Andreas Gustafsson committed
323
 681.	[bug]		$GENERATE specifying output format was broken. [RT #653]
324

Andreas Gustafsson's avatar
style    
Andreas Gustafsson committed
325
 680.	[bug]		dns_rdata_fromstruct() mishandled options bigger
326
327
			than 255 octets.

328
329
330
 679.	[bug]		$INCLUDE could leak memory and file descriptors on
			reload. [RT #639]

Andreas Gustafsson's avatar
typo    
Andreas Gustafsson committed
331
 678.	[bug]		"transfer-format one-answer;" could trigger an assertion
332
			failure. [RT #646]
333

334
335
336
 677.	[bug]		dnssec-signzone would occasionally use the wrong ttl
			for database operations and fail. [RT #643]

337
338
339
340
 676.	[bug]		Log messages about lame servers to category
			'lame-servers' rather than 'resolver', so as not
			to be gratuitously incompatible with BIND 8.

Brian Wellington's avatar
Brian Wellington committed
341
 675.	[bug]		TKEY queries could cause the server to leak
342
343
			memory.

344
345
 674.	[func]		Allow messages to be TSIG signed / verified using
			a offset from the current time.
346
347
348
349
350

 673.	[func]		The server can now convert RFC1886-style recursive
			lookup requests into RFC2874-style lookups, when 
			enabled using the new option "allow-v6-synthesis".

351
352
353
 672.	[bug]		The wrong time was in the "time signed" field when
			replying with BADTIME error.

354
355
356
 671.	[bug]		The message code was failing to parse a message with
			no question section and a TSIG record. [RT #628]

357
358
359
360
 670.	[bug]		The lwres replacements for getaddrinfo and
			getipnodebyname didn't properly check for the
			existence of the sockaddr sa_len field.

361
362
363
 669.	[func]		dnssec-keygen now makes the public key file
			non-world-readable for symmetric keys. [RT #403]

364
365
366
 668.	[func]		named-checkzone now reports multiple errors in master
			files.

367
368
369
370
 667.	[bug]		On Linux, running named with the -u option and a
			non-world-readable configuration file didn't work.
			[RT #626]

Brian Wellington's avatar
Brian Wellington committed
371
372
 666.	[bug]		If a request sent by dig is longer than 512 bytes,
			use TCP.
373

374
375
376
 665.	[bug]		Signed responses were not sent when the size of the
			TSIG + question exceeded the maximum message size.
			[RT #628]
377

378
379
380
381
 664.	[bug]		The t_tasks and t_timers module tests are now skipped
			when building without threads, since they require
			threads.

382
383
384
385
386
 663.	[func]		Accept a size_spec, not just an integer, in the
			(unimplemented and ignored) max-ixfr-log-size option
			for compatibility with recent versions of BIND 8.
			[RT #613]

387
 662.	[bug]		dns_rdata_fromtext() failed to log certain errors.
388

389
390
 661.	[bug]		Certain UDP IXFR requests caused an assertion failure
			(mpctx->allocated == 0). [RT #355, #394, #623]
391

392
393
 660.	[port]		Detect multiple CPUs on HP-UX and IRIX.

394
395
396
397
 659.	[performance]	Rewrite the name compression code to be much faster.

 658.	[cleanup]	Remove all vestiges of 16 bit global compression.

398
 657.	[bug]		When a listen-on statement in an lwres block does not
Brian Wellington's avatar
Brian Wellington committed
399
			specify a port, use 921, not 53.  Also update the
400
401
			listen-on documentation. [RT #616]

402
403
404
405
 656.	[func]		Treat an unescaped newline in a quoted string as
			an error.  This means that TXT records with missing
			close quotes should have meaningful errors printed.

406
407
408
 655.	[bug]		Improve error reporting on unexpected eof when loading
			zones. [RT #611]

409
 654.	[bug]		Origin was being forgotten in TCP retries in dig.
410
			[RT #574]
411

412
413
 653.	[bug]		+defname option in dig was reversed in sense.  
			[RT #549]
414

415
416
 652.	[bug]		zone_saveunique() did not report the new name.

417
418
419
 651.	[func]		The AD bit in responses now has the meaning
			specified in <draft-ietf-dnsext-ad-is-secure>.

420
421
422
 650.	[bug]		SIG(0) records were being generated and verified
			incorrectly. [RT #606]

423
424
425
426
427
428
429
 649.	[bug]		It was possible to join to an already running fctx
			after it had "cloned" its events, but before it sent
			them.  In this case, the event of the newly joined
			fetch would not contain the answer, and would
			trigger the INSIST() in fctx_sendevents().  In
			BIND 9.0, this bug did not trigger an INSIST(), but
			caused the fetch to fail with a SERVFAIL result.
430
			[RT #588, #597, #605, #607]
431

432
 648.	[port]		Add support for pre-RFC2133 IPv6 implementations.
433

434
435
436
437
438
 647.	[bug]		Resolver queries sent after following multiple
			referrals had excessively long retransmission
			timeouts due to incorrectly counting the referrals
			as "restarts".

439
440
441
 646.	[bug]		The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
			didn't _cleanly_ fix the problem it was trying to fix.

442
443
444
 645.	[port]		BSD/OS 3.0 needs pthread_init(). [RT #603]

 644.	[bug]		#622 needed more work. [RT #562]
445

446
447
448
 643.	[bug]		xfrin error messages made more verbose, added class
			of the zone.  [RT# 599]

449
450
451
 642.	[bug]		Break the exit_check() race in the zone module.
			[RT #598]

452
453
	--- 9.1.0b2 released ---

454
455
 641.	[bug]		$GENERATE caused a uninitialized link to be used.
			[RT #595]
456

457
458
 640.	[bug]		Memory leak in error path could cause
			"mpctx->allocated == 0" failure. [RT #584]
459

460
461
462
 639.	[bug]		Reading entropy from the keyboard would sometimes fail.
			[RT #591]

463
464
465
 638.	[port]		lib/isc/random.c needed to explicitly include time.h
			to get a prototype for time() when pthreads was not
			being used. [RT #592]
466

467
468
469
470
471
 637.	[port]		Use isc_u?int64_t instead of (unsigned) long long in
			lib/isc/print.c.  Also allow lib/isc/print.c to
			be compiled even if the platform does not need it.
			[RT #592]

472
473
474
 636.	[port]		Shut up MSVC++ about a possible loss of precision
			in the ISC__BUFFER_PUTUINT*() macros. [RT #592]

475
476
477
 635.	[bug]		Reloading a server with a configured blackhole list
			would cause an assertion. [RT #590]

478
479
480
481
 634.	[bug]		A log file will completely stop being written when
			it reaches the maximum size in all cases, not just
			when versioning is also enabled. [RT #570]

482
483
 633.	[port]		Cope with rlim_t missing on BSD/OS systems. [RT #575]

484
485
 632.	[bug]		The index array of the journal file was 
			corrupted as it was written to disk.
486

487
488
489
 631.	[port]		Build without thread support on systems without
			pthreads.

490
 630.	[bug]		Locking failure in zone code. [RT #582]
491

Andreas Gustafsson's avatar
typo    
Andreas Gustafsson committed
492
 629.	[bug]		9.1.0b1 dereferenced a null pointer and crashed
Andreas Gustafsson's avatar
thinko    
Andreas Gustafsson committed
493
			when responding to a UDP IXFR request.
494

495
496
497
 628.	[bug]		If the root hints contained only AAAA addresses,
			named would be unable to perform resolution.

Brian Wellington's avatar
typo    
Brian Wellington committed
498
 627.	[bug]		The EDNS0 blackhole detection code of change 324
499
500
501
502
			waited for three retransmissions to each server,
			which takes much too long when a domain has many
			name servers and all of them drop EDNS0 queries.
			Now we retry without EDNS0 after three consecutive
Andreas Gustafsson's avatar
typo    
Andreas Gustafsson committed
503
504
			timeouts, even if they are all from different
			servers. [RT #143]
505

506
507
508
 626.	[bug]		The lightweight resolver daemon no longer crashes
			when asked for a SIG rrset. [RT #558]

Brian Wellington's avatar
grammar    
Brian Wellington committed
509
 625.	[func]		Zones now inherit their class from the enclosing view.
510

511
512
513
 624.	[bug]		The zone object could get timer events after it had
			been destroyed, causing a server crash. [RT #571]

514
515
516
517
 623.	[func]		Added "named-checkconf" and "named-checkzone" program
			for syntax checking named.conf files and zone files,
			respectively.

518
519
520
 622.	[bug]		A canceled request could be destroyed before
			dns_request_destroy() was called. [RT #562]

521
522
523
 621.	[port]		Disable IPv6 at runtime if IPv6 sockets are unusable.
			This mostly affects Red Hat Linux 7.0, which has
			conflicts between libc and the kernel.
524

525
 620.	[bug]		dns_master_load*inc() now require 'task' and 'load'
526
			to be non-null.	 Also 'done' will not be called if
527
			dns_master_load*inc() fails immediately. [RT #565]
528

529
530
531
 618.	[bug]		Queries to a signed zone could sometimes cause
			an assertion failure.

532
533
534
535
536
537
 617.	[bug]		When using dynamic update to add a new RR to an
			existing RRset with a different TTL, the journal
			entries generated from the update did not include
			explicit deletions and re-additions of the existing
			RRs to update their TTL to the new value.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
538
539
540
541
542
 616.	[func]		dnssec-signzone -t output now includes performance
			statistics.

 615.	[bug]		dnssec-signzone did not like child keysets signed 
			by multiple keys.
543

544
545
546
547
548
 614.	[bug]		Checks for uninitialized link fields were prone
			to false positives, causing assertion failures.
			The checks are now disabled by default and may
			be re-enabled by defining ISC_LIST_CHECKINIT.

549
550
551
552
 613.	[bug]		"rndc reload zone" now reloads primary zones.
			It previously only updated slave and stub zones,
			if an SOA query indicated an out of date serial.

553
554
555
556
557
 612.	[cleanup]	Shutup a ridiculously noisy HP-UX compiler that
			complains relentlessly about how its treatment
			of 'const' has changed as well as how casting
			sometimes tightens alignment constraints.

558
559
560
561
 611.	[func]		allow-notify can be used to permit processing of
			notify messages from hosts other than a slave's
			masters.

562
563
 610.	[func]		rndc dumpdb is now supported.

564
565
566
 609.	[bug]		getrrsetbyname() would crash lwresd if the server
			found more SIGs than answers. [RT #554]

567
568
569
 608.	[func]		dnssec-signzone now adds a comment to the zone
			with the time the file was signed.

570
571
572
 607.	[bug]		nsupdate would fail if it encountered a CNAME or
			DNAME in a response to an SOA query. [RT #515]

573
574
575
576
 606.	[bug]		Compiling with --disable-threads failed due
			to isc_thread_self() being incorrectly defined
			as an integer rather than a function.

577
578
 605.	[func]		New function isc_lex_getlasttokentext().

579
580
581
 604.	[bug]		The named.conf parser could print incorrect line
			numbers when long comments were present.

Michael Sawyer's avatar
Michael Sawyer committed
582
583
584
 603.	[bug]		Make dig handle multiple types or classes on the same
			query more correctly.

585
586
587
 602.	[func]		Cope automatically with UnixWare's broken
			IN6_IS_ADDR_* macros. [RT #539]

588
589
590
 601.	[func]		Return a non-zero exit code if an update fails
			in nsupdate.

591
592
 600.	[bug]		Reverse lookups sometimes failed in dig, etc...

593
 599.	[func]		Added four new functions to the libisc log API to
594
			support i18n messages.	isc_log_iwrite(),
595
596
			isc_log_ivwrite(), isc_log_iwrite1() and
			isc_log_ivwrite1() were added.
597

598
599
600
 598.	[bug]		An update-policy statement would cause the server
			to assert while loading. [RT #536]

601
602
 597.	[func]		dnssec-signzone is now multithreaded.

603
604
605
 596.	[bug]		DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
			not mutually exclusive.

606
607
 595.	[port]		On Linux 2.2, socket() returns EINVAL when it
			should return EAFNOSUPPORT.  Work around this.
Brian Wellington's avatar
Brian Wellington committed
608
			[RT #531]
609

610
611
612
 594.	[func]		sdb drivers are now assumed to not be thread-safe
			unless the DNS_SDBFLAG_THREADSAFE flag is supplied.

613
614
615
616
 593.	[bug]		If a secure zone was missing all its NXTs and
			a dynamic update was attempted, the server entered
			an infinite loop.

617
618
619
 592.	[bug]		The sig-validity-interval option now specifies a
			number of days, not seconds.  This matches the
			documentation. [RT #529]
620

621
622
	--- 9.1.0b1 released ---

623
624
625
 591.	[bug]		Work around non-reentrancy in openssl by disabling
			precomputation in keys.

626
627
628
 590.	[doc]		There are now man pages for the lwres library in
			doc/man/lwres.

629
630
631
 589.	[bug]		The server could deadlock if a zone was updated 
			while being transferred out.

632
633
 588.	[bug]		ctx->in_use was not being correctly initalised when
			when pushing a file for $INCLUDE. [RT #523]
634
635
636
637
638
639
640
641

 587.	[func]		A warning is now printed if the "allow-update"
			option allows updates based on the source IP
			address, to alert users to the fact that this
			is insecure and becoming increasingly so as
			servers capable of update forwarding are being
			deployed.

642
643
 586.	[bug]		multiple views with the same name were fatal. [RT #516]

644
645
646
 585.	[func]		dns_db_addrdataset() and and dns_rdataslab_merge()
			now support 'exact' additions in a similar manner to
			dns_db_subtractrdataset() and dns_rdataslab_subtract().
647
648
649
650
651
652

 584.	[func]		You can now say 'notify explicit'; to suppress
			notification of the servers listed in NS records
			and notify only those servers listed in the
			'also-notify' option.

653
654
655
 583.	[func]		"rndc querylog" will now toggle logging of
			queries, like "ndc querylog" in BIND 8.

656
657
658
 582.	[bug]		dns_zone_idetach() failed to lock the zone.
			[RT #199, #463]

659
660
 581.	[bug]		log severity was not being correctly processed.
			[RT #485]
661

662
663
664
665
 580.	[func]		Ignore trailing garbage on incoming DNS packets,
			for interoperability with broken server
			implementations. [RT #491]

666
667
668
 579.	[bug]		nsupdate did not take a filename to read update from.
			[RT #492]

Andreas Gustafsson's avatar
Andreas Gustafsson committed
669
670
 578.	[func]		New config option "notify-source", to specify the
			source address for notify messages.
671

672
673
674
 577.	[func]		Log illegal RDATA combinations. e.g. multiple
			singlton types, cname and other data.

675
676
677
678
 576.	[doc]		isc_log_create() description did not match reality.

 575.	[bug]		isc_log_create() was not setting internal state
			correctly to reflect the default channels created.
679

Andreas Gustafsson's avatar
Andreas Gustafsson committed
680
 574.	[bug]		TSIG signed queries sent by the resolver would fail to
681
682
			have their responses validated and would leak memory.

683
684
685
 573.	[bug]		The journal files of IXFRed slave zones were
			inadvertantly discarded on server reload, causing
			"journal out of sync with zone" errors on subsequent
Andreas Gustafsson's avatar
Andreas Gustafsson committed
686
			reloads. [RT #482]
687

688
689
690
 572.	[bug]		Quoted strings were not accepted as key names in
			address match lists.

691
692
693
694
695
696
697
 571.	[bug]		It was possible to create an rdataset of singleton
			type which had more than one rdata.  [RT #154]
			[RT #279]

 570.	[bug]		rbtdb.c allowed zones containing nodes which had
			both a CNAME and "other data". [RT #154]

698
699
700
 569.	[func]		The DNSSEC AD bit will not be set on queries which
			have not requested a DNSSEC response.

701
 568.	[func]		Add sample simple database drivers in contrib/sdb.
702
703
704
705
706
707

 567.	[bug]		Setting the zone transfer timeout to zero caused an
			assertion failure. [RT #302]

 566.	[func]		New public function dns_timer_setidle().

708
709
 565.	[func]		Log queries more like BIND 8: query logging is now
			done to category "queries", level "info". [RT #169]
710

711
712
 564.	[func]		Add sortlist support to lwresd.

713
714
715
716
 563.	[func]		New public functions dns_rdatatype_format() and
			dns_rdataclass_format(), for convenient formatting
			of rdata type/class mnemonics in log messages.

717
718
 562.	[cleanup]	Moved lib/dns/*conf.c to bin/named where they belong.

719
720
721
722
723
724
725
726
727
728
729
730
731
732
 561.	[func]		The 'datasize', 'stacksize', 'coresize' and 'files'
			clauses of the options{} statement are now implemented.

 560.	[bug]		dns_name_split did not properly the resulting prefix
			when a maximal length bitstring label was split which
			was preceded by another bitstring label. [RT #429]

 559.	[bug]		dns_name_split did not properly create the suffix
			when splitting within a maximal length bitstring label.

 558.	[func]		New functions, isc_resource_getlimit and
			isc_resource_setlimit.

 557.	[func]		Symbolic constants for libisc integral types.
733

734
735
736
737
 556.	[func]		The DNSSEC OK bit in the EDNS extended flags
			is now implemented.  Responses to queries without
			this bit set will not contain any DNSSEC records.

738
739
740
741
 555.	[bug]		A slave server attempting a zone transfer could 
			crash with an assertion failure on certain
			malformed responses from the master. [RT #457]

742
743
744
 554.	[bug]		In some cases, not all of the dnssec tools were
			properly installed.

745
746
747
748
 553.	[bug]		Incoming zone transfers deferred due to quota 
			were not started when quota was increased but 
			only when a transfer in progress finished. [RT #456]

749
750
 552.	[bug]		We were not correctly detecting the end of all c-style
			comments.  [RT #455]
751

752
753
 551.	[func]		Implemented the 'sortlist' option.

754
755
 550.	[func]		Support unknown rdata types and classes.

756
757
758
 549.	[bug]		"make" did not immediately abort the build when a
			subdirectory make failed [RT #450].

759
 548.	[func]		The lexer now ungets tokens more correctly.
Brian Wellington's avatar
Brian Wellington committed
760

761
762
 546.	[func]		Option 'lame-ttl' is now implemented.

763
764
765
766
 545.	[func]		Name limit and counting options removed from dig;
			they didn't work properly, and cannot be correctly
			implemented without significant changes.

767
768
769
770
 544.	[func]		Add statistics option, enable statistics-file option,
			add RNDC option "dump-statistics" to write out a
			query statistics file.

771
772
 543.	[doc]		The 'port' option is now documented.

773
774
775
776
 542.	[func]		Add support for update forwarding as required for
			full compliance with RFC2136.  It is turned off
			by default and can be enabled using the
			'allow-update-forwarding' option.
777

778
779
 541.	[func]		Add bogus server support.

Mark Andrews's avatar
Mark Andrews committed
780
781
 540.	[func]		Add dialup support.

782
783
 539.	[func]		Support the blackhole option.

784
785
 538.	[bug]		fix buffer overruns by 1 in lwres_getnameinfo().

786
787
788
789
790
791
792
 536.	[func]		Use transfer-source{-v6} when sending refresh queries.
			Transfer-source{-v6} now take a optional port
			parameter for setting the UDP source port.  The port
			parameter is ignored for TCP.

 535.	[func]		Use transfer-source{-v6} when forwarding update
			requests.
793

794
795
796
797
798
799
 534.	[func]		Ancestors have been removed from RBT chains.  Ancestor
			information can be discerned via node parent pointers.

 533.	[func]		Incorporated name hashing into the RBT database to
			improve search speed.

800
801
802
 532.	[func]		Implement DNS UPDATE pseudo records using
			DNS_RDATA_UPDATE flag.

803
804
 531.	[func]		Rdata really should be initalized before being assigned
			to (dns_rdata_fromwire(), dns_rdata_fromtext(),
805
806
807
			dns_rdata_clone(), dns_rdata_fromregion()),
			check that it is.

808
809
 530.	[func]		New function dns_rdata_invalidate().

810
 529.	[bug]		521 contained a bug which caused zones to always
811
			reload.	 [RT #410]
812
	
813
814
815
816
 528.	[func]		The ISC_LIST_XXXX macros now perform sanity checks
			on their arguements.  ISC_LIST_XXXXUNSAFE can be use
			to skip the checks however use with caution.

817
818
 527.	[func]		New function dns_rdata_clone().

819
820
821
 526.	[bug]		nsupdate incorrectly refused to add RRs with a TTL
			of 0.

822
823
824
825
 525.	[func]		New arguments 'options' for dns_db_subtractrdataset(),
			and 'flags' for dns_rdataslab_subtract() allowing you
			to request that the RR's must exist prior to deletion.
			DNS_R_NOTEXACT is returned if the condition is not met.
826

827
828
829
 524.	[func]		The 'forward' and 'forwarders' statement in
			non-forward zones should work now.

830
831
832
833
834
835
 523.	[doc]		The source to the Administrator Reference Manual is
			now an XML file using the DocBook DTD, and is included
			in the distribution.  The plain text version of the
			ARM is temporarily unavailable while we figure out
			how to generate readable plain text from the XML.

836
837
838
839
840
 522.	[func]		The lightweight resolver daemon can now use
			a real configuration file, and its functionality
			can be provided by a name server.  Also, the -p and -P
			options to lwresd have been reversed.

841
842
843
 521.	[bug]		Detect master files which contain $INCLUDE and always
			reload. [RT #196]

844
845
846
 520.	[bug]		Upgraded libtool to 1.3.5, which makes shared
			library builds almost work on AIX (and possibly 
			others).
847

848
849
850
851
852
853
854
 519.	[bug]		dns_name_split() would improperly split some bitstring
			labels, zeroing a few of the least signficant bits in
			the prefix part.  When such an improperly created
			prefix was returned to the RBT database, the bogus
			label was dutifully stored, corrupting the tree.
			[RT #369]

855
856
 518.	[bug]		The resolver did not realize that a DNAME which was
			"the answer" to the client's query was "the answer",
Brian Wellington's avatar
Brian Wellington committed
857
			and such queries would fail. [RT #399]
858
859
860

 517.	[bug]		The resolver's DNAME code would trigger an assertion
			if there was more than one DNAME in the chain.
Brian Wellington's avatar
Brian Wellington committed
861
			[RT #399]
862
863
864
865

 516.	[bug]		Cache lookups which had a NULL node pointer, e.g.
			those by dns_view_find(), and which would match a
			DNAME, would trigger an INSIST(!search.need_cleanup)
Brian Wellington's avatar
Brian Wellington committed
866
			assertion. [RT #399]
867

Andreas Gustafsson's avatar
typo    
Andreas Gustafsson committed
868
869
 515.	[bug]		The ssu table was not being attached / detached
			by dns_zone_[sg]etssutable. [RT#397]
870

871
872
873
 514.	[func]		Retry refresh and notify queries if they timeout.
			[RT #388]

874
 513.	[func]		New functionality added to rdnc and server to allow
Andreas Gustafsson's avatar
typo    
Andreas Gustafsson committed
875
			individual zones to be refreshed or reloaded.
876

Andreas Gustafsson's avatar
typos    
Andreas Gustafsson committed
877
 512.	[bug]		The zone transfer code could throw an execption with
878
879
			an invalid IXFR stream.

880
881
882
 511.	[bug]		The message code could throw an assertion on an
			out of memory failure. [RT #392]

883
884
 510.	[bug]		Remove spurious view notify warning. [RT #376]

885
886
 509.	[func]		Add support for write of zone files on shutdown.

887
888
889
890
 508.	[func]		dns_message_parse() can now do a best-effort
			attempt, which should allow dig to print more invalid
			messages.

891
892
893
 507.	[func]		New functions dns_zone_flush(), dns_zt_flushanddetach()
			and dns_view_flushanddetach().

894
895
 506.	[func]		Do not fail to start on errors in zone files.

896
897
 505.	[bug]		nsupdate was printing "unknown result code". [RT #373]

898
899
900
901
902
903
 504.	[bug]		The zone was not being marked as dirty when updated via
			IXFR.

 503.	[bug]		dumptime was not being set along with
			DNS_ZONEFLG_NEEDDUMP.

904
905
906
907
908
909
 502.	[func]		On a SERVFAIL reply, DiG will now try the next server
			in the list, unless the +fail option is specified.

 501.	[bug]		Incorrect port numbers were being displayed by
			nslookup.  [RT #352]

910
 500.	[func]		Nearly useless +details option removed from DiG.
911
912
913
914
915
916
917

 499.	[func]		In DiG, specifying a class with -c or type with -t
			changes command-line parsing so that classes and
			types are only recognized if following -c or -t.
			This allows hosts with the same name as a class or
			type to be looked up.

918
919
920
 498.	[doc]		There is now a man page for "dig" 
			in doc/man/bin/dig.1.

921
922
923
924
 497.	[bug]		The error messages printed when an IP match list
			contained a network address with a nonzero host
			part where not sufficiently detailed. [RT #365]

925
 496.	[bug]		named didn't sanity check numeric parameters. [RT #361]
926

927
 495.	[bug]		nsupdate was unable to handle large records. [RT #368]
928

929
930
 494.	[func]		Do not cache NXDOMAIN responses for SOA queries.

931
932
933
934
935
 493.	[func]		Return non-cachable (ttl = 0) NXDOMAIN responses
			for SOA queries.  This makes it easier to locate
			the containing zone without polluting intermediate
			caches.

936
937
 492.	[bug]		attempting to reload a zone caused the server fail
			to shutdown cleanly. [RT #360]
938

939
 491.	[bug]		nsupdate would segfault when sending certain
940
			prerequisites with empty RDATA. [RT #356]
941

942
943
944
945
946
 490.	[func]		When a slave/stub zone has not yet successfully
			obtained an SOA containing the zone's configured
			retry time, perform the SOA query retries using
			exponential backoff. [RT #337]

947
948
 489.	[func]		The zone manager now has a "i/o" queue.

949
950
 488.	[bug]		Locks weren't properly destroyed in some cases.

951
952
 487.	[port]		flockfile() is not defined on all systems.

953
954
955
956
 486.	[bug]		nslookup: "set all" and "server" commands showed
			the incorrect port number if a port other than 53
			was specified. [RT #352]

957
958
959
960
 485.	[func]		When dig had more than one server to query, it would
			send all of the messages at the same time.  Add
			rate limiting of the transmitted messages.

961
962
963
964
965
 484.	[bug]		When the server was reloaded after removing addresses 
			from the named.conf "listen-on" statement, sockets
			were still listening on the removed addresses due
			to reference count loops. [RT #325]

966
967
 483.	[bug]		nslookup: "set all" showed a "search" option but it 
			was not settable.
968

969
970
971
 482.	[bug]		nslookup: a plain "server" or "lserver" should be
			treated as a lookup.

972
 481.	[bug]		nslookup:get_next_command() stack size could exceed
973
974
975
976
			per thread limit.

 480.	[bug]		strtok() is not thread safe. [RT #349]

977
978
979
 479.	[func]		The test suite can now be run by typing "make check"
			or "make test" at the top level.

980
981
982
 478.	[bug]		"make install" failed if the directory specified with
			--prefix did not already exist.

983
984
985
 477.	[bug]		The the isc-config.sh script could be installed before
			its directory was created. [RT #324]

986
987
 476.	[bug]		A zone could expire while a zone transfer was in
			progress triggering a INSIST failure. [RT #329]
Andreas Gustafsson's avatar
Andreas Gustafsson committed
988

989
990
991
992
993
994
995
 475.	[bug]		query_getzonedb() sometimes returned a non-null version
			on failure.  This caused assertion failures when
			generating query responses where names subject to
			additional section processing pointed to a zone
			to which access had been denied by means of the
			allow-query option. [RT #336]

996
997
998
 474.	[bug]		The mnemonic of the CHAOS class is CH according to
			RFC1035, but it was printed and read only as CHAOS.
			We now accept both forms as input, and print it
Andreas Gustafsson's avatar
Andreas Gustafsson committed
999
			as CH. [RT #305]
1000

Andreas Gustafsson's avatar
Andreas Gustafsson committed
1001
1002
1003
1004
 473.	[bug]		nsupdate overran the end of the list of name servers
			when no servers could be reached, typically causing 
			it to print the error message "dns_request_create:
			not implemented".
1005
1006
1007
1008

 472.	[bug]		Off-by-one error caused isc_time_add() to sometimes
			produce invalid time values.

1009
1010
 471.	[bug]		nsupdate didn't compile on HP/UX 10.20

1011
1012
1013
 470.	[feature]	$GENERATE is now supported.  See also
			doc/misc/migration.

1014
1015
 469.	[bug]		"query-source address * port 53;" now works.

1016
1017
1018
1019
1020
1021
1022
1023
 468.	[bug]		dns_master_load*() failed to report file and line
			number in certain error conditions.

 467.	[bug]		dns_master_load*() failed to log an error if
			pushfile() failed.

 466.	[bug]		dns_master_load*() could return success when it failed.

1024
1025
 465.	[cleanup]	Allow 0 to be set as an omapi_value_t value by
			omapi_value_storeint().
Andreas Gustafsson's avatar
Andreas Gustafsson committed
1026

1027
 464.	[cleanup]	Build with openssl's RSA code instead of dnssafe.
1028

Andreas Gustafsson's avatar
Andreas Gustafsson committed
1029
1030
1031
 463.	[bug]		nsupdate sent malformed SOA queries to the second
			and subsequent name servers in resolv.conf if the
			query sent to the first one failed.
1032

1033
1034
 462.	[bug]		--disable-ipv6 should work now.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
1035
1036
1037
 461.	[bug]		Specifying an unknown key in the "keys" clause of the
			"controls" statement caused a NULL pointer dereference.
			[RT #316]
1038

1039
1040
 460.	[bug]		Much of the DNSSEC code only worked with class IN.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
1041
 459.	[bug]		Nslookup processed the "set" command incorrectly.
1042

1043
 458.	[bug]		Nslookup didn't properly check class and type values.
Michael Sawyer's avatar
Michael Sawyer committed
1044
			[RT #305]
1045

Andreas Gustafsson's avatar
Andreas Gustafsson committed
1046
1047
 457.	[bug]		Dig/host/hslookup didn't properly handle connect
			timeouts in certain situations, causing an 
Andreas Gustafsson's avatar
Andreas Gustafsson committed
1048
			unnecessary warning message to be printed.
1049

1050
1051
1052
 456.	[bug]		Stub zones were not resetting the refresh and expire
			counters, loadtime or clearing the DNS_ZONE_REFRESH
			(refresh in progress) flag upon successful update.
1053
1054
			This disabled further refreshing of the stub zone,
			causing it to eventually expire. [RT #300]
1055

1056
1057
1058
 455.	[doc]		Document IPv4 prefix notation does not require a
			dotted decimal quad but may be just dotted decimal.

1059
 454.	[bug]		Enforce dotted decimal and dotted decimal quad where
1060
			documented as such in named.conf. [RT #304, RT #311]
1061

1062
1063
1064
 453.	[bug]		Warn if the obsolete option "maintain-ixfr-base"
			is specified in named.conf. [RT #306]

1065
1066
1067
1068
 452.	[bug]		Warn if the unimplemented option "statistics-file"
			is specified in named.conf. [RT #301]

 451.	[func]		Update forwarding implememted.
1069
1070
1071

 450.	[func]		New function ns_client_sendraw().

1072
1073
1074
1075
1076
 449.	[bug]		isc_bitstring_copy() only works correctly if the
			two bitstrings have the same lsb0 value, but this
			requirement was not documented, nor was there a
			REQUIRE for it.

1077
 448.	[bug]		Host output formatting change, to match v8. [RT #255]
1078

1079
 447.	[bug]		Dig didn't properly retry in TCP mode after
1080
1081
			a truncated reply.  [RT #277]

1082
1083
 446.	[bug]		Confusing notify log message. [RT #298]

1084
1085
1086
1087
 445.	[bug]		Doing a 0 bit isc_bitstring_copy() of an lsb0
			bitstring triggered a REQUIRE statement.  The REQUIRE
			statement was incorrect. [RT #297]

1088
1089
1090
1091
1092
 444.	[func]		"recursion denied" messages are always logged at
			debug level 1, now, rather than sometimes at ERROR.
			This silences these warnings in the usual case, where
			some clients set the RD bit in all queries.

1093
1094
1095
1096
1097
 443.	[bug]		When loading a master file failed because of an
			unrecognized RR type name, the error message
			did not include the file name and line number. 
			[RT #285]

1098
1099
1100
 442.	[bug]		TSIG signed messages that did not match any view
			crashed the server. [RT #290]