CHANGES 184 KB
Newer Older
1
2
3
1747.	[bug]		BIND 8 compatability: named/named-checkconf failed
			to parse "host-statistics-max" in named.conf.

Mark Andrews's avatar
Mark Andrews committed
4
1746.	[func]		Make public the function to read a key file,
5
6
			dst_key_read_public(). [RT #12450]

Mark Andrews's avatar
Mark Andrews committed
7
8
1745.	[placeholder]	rt12745

9
10
11
1744.	[bug]		If tuple2msgname() failed to convert a tuple to
			a name a REQUIRE could be triggered. [RT #12796]

Mark Andrews's avatar
Mark Andrews committed
12
13
1743.	[placeholder]	rt12790

14
15
16
17
18
1742.	[bug]		If isc_taskmgr_create() was not able to create the
			requested number of worker threads then destruction
			of the manager would trigger an INSIST() failure.
			[RT #12790]
			
19
20
21
1741.	[bug]		Deleting all records at a node in a secure zone
			using a update-policy grant failed. [RT #12787]

Mark Andrews's avatar
Mark Andrews committed
22
23
1740.	[placeholder]	rt12729

24
25
1739.	[bug]		dns_rbt_deletetree() could incorrectly return
			ISC_R_QUOTA.  [RT #12695]
Mark Andrews's avatar
Mark Andrews committed
26

27
1738.	[bug]		Enable overrun checking by default. [RT #12695]
Mark Andrews's avatar
Mark Andrews committed
28

Mark Andrews's avatar
Mark Andrews committed
29
1737.	[bug]		named failed if more than 16 masters were specified.
30
31
			[RT #12627]

32
33
34
1736.	[bug]		dst_key_fromnamedfile() could fail to read a
			public key. [RT #12687]
			
35
36
37
1735.	[bug]		'dig +sigtrace' could die with a REQUIRE failure.
			[RE #12688]

38
39
40
1734.	[cleanup]	'rndc-confgen -a -t' remove extra '/' in path.
			[RT #12588]

41
42
1733.	[bug]		Return non-zero exit status on initial load failure.
			[RT #12658]
Mark Andrews's avatar
Mark Andrews committed
43

44
45
1732.	[bug]		'rrset-order name "*"' wasn't being applied to ".".
			[RT #12467]
Mark Andrews's avatar
Mark Andrews committed
46

47
48
1731.	[port]		darwin: relax version test in ifconfig.sh.
			[RT #12581]
Mark Andrews's avatar
Mark Andrews committed
49

50
51
1730.	[port]		Determine the length type used by the socket API.
			[RT #12581]
Mark Andrews's avatar
Mark Andrews committed
52

53
1729.	[func]		Improve check-names error messages.
Mark Andrews's avatar
Mark Andrews committed
54

55
1728.	[doc]		Update check-names documentation.
Mark Andrews's avatar
Mark Andrews committed
56

57
58
1727.	[bug]		named-checkzone: check-names support didn't match
			documentation.
Mark Andrews's avatar
Mark Andrews committed
59

Mark Andrews's avatar
aix5    
Mark Andrews committed
60
61
1726.	[port]		aix5: add support for aix5

62
63
1725.	[port]		linux: update error message on interaction of threads,
			capabilities and setuid support (named -u). [RT #12541]
Mark Andrews's avatar
Mark Andrews committed
64

65
66
1724.	[bug]		Look for DNSKEY records with "dig +sigtrace".
			[RT #12557]
Mark Andrews's avatar
Mark Andrews committed
67

68
69
1723.	[cleanup]	Silence compiler warnings from t_tasks.c. [RT #12493]

70
71
1722.	[bug]		Don't commit the journal on malformed ixfr streams.
			[RT #12519]
Mark Andrews's avatar
Mark Andrews committed
72

73
74
1721.	[bug]		Error message from the journal processing were not
			always identifing the relevent journal. [RT #12519]
Mark Andrews's avatar
Mark Andrews committed
75

76
77
1720.	[bug]		'dig +chase' did not terminate on a RFC 2308 Type 1
			negative response. [RT #12506]
Mark Andrews's avatar
Mark Andrews committed
78

79
80
1719.	[bug]		named was not correctly caching a RFC 2308 Type 1
			negative response. [RT #12506]
Mark Andrews's avatar
Mark Andrews committed
81

82
83
84
1718.	[bug]		nsupdate was not handling RFC 2308 Type 3 negative
			responses when looking for the zone / master server.
			[RT #12506]
Mark Andrews's avatar
Mark Andrews committed
85

86
87
88
1717.	[port]		solaris: ifconfig.sh did not support Solaris 10.
			"ifconfig.sh down" didn't work for Solaris 9.

89
90
91
1716.	[doc]		named.conf(5) was being installed in the wrong
			location.  [RT# 12441]

92
93
1715.	[func]		'dig +trace' now randomly selects the next servers
			to try.  Report if there is a bad delegation.
Mark Andrews's avatar
Mark Andrews committed
94

95
96
97
98
1714.	[bug]		dig/host/nslookup were only trying the first
			address when a nameserver was specified by name.
			[RT #12286]

99
100
101
1713.	[port]		linux: extend capset failure message to say:
			please ensure that the capset kernel module is
			loaded.  see insmod(8)
Mark Andrews's avatar
Mark Andrews committed
102

103
104
1712.	[bug]		Missing FULLCHECK for "trusted-key" in dig.

105
1711.	[func]		'rndc unfreeze' has been deprecated by 'rndc thaw'.
Mark Andrews's avatar
Mark Andrews committed
106

107
108
1710.	[func]		'rndc notify zone [class [view]]' resend the NOTIFY
			messages for the specified zone. [RT #9479]
Mark Andrews's avatar
Mark Andrews committed
109

110
1709.	[port]		solaris: add SMF support from Sun.
Mark Andrews's avatar
Mark Andrews committed
111

112
113
114
115
1708.	[cleanup]	Replaced dns_fullname_hash() with dns_name_fullhash()
			for conformance to the name space convention.  Binary
			backward compatibility to the old function name is
			provided. [RT #12376]
116

117
118
1707.	[contrib]	sdb/ldap updated to version 1.0-beta.

119
120
1706.	[bug]		'rndc stop' failed to cause zones to be flushed
			sometimes. [RT #12328]
Mark Andrews's avatar
Mark Andrews committed
121

122
1705.	[func]		Allow the journal's name to be changed via named.conf.
Mark Andrews's avatar
Mark Andrews committed
123

124
125
126
1704.	[port]		lwres needed a snprintf() implementation for
			platforms without snprintf().  Add missing
			"#include <isc/print.h>". [RT #12321]
Mark Andrews's avatar
Mark Andrews committed
127

128
129
1703.	[bug]		named would loop sending NOTIFY messages when it
			failed to receive a response. [RT #12322]
Mark Andrews's avatar
Mark Andrews committed
130

131
132
1702.	[bug]		also-notify should not be applied to builtin zones.
			[RT #12323]
Mark Andrews's avatar
Mark Andrews committed
133

134
135
1701.	[doc]		A minimal named.conf man page.

136
137
138
1700.	[func]		nslookup is no longer to be treated as deprecated.
			Remove "deprecated" warning message.  Add man page.

139
140
1699.	[bug]		dnssec-signzone can generate "not exact" errors
			when resigning. [RT #12281]
Mark Andrews's avatar
Mark Andrews committed
141

142
143
1698.	[doc]		Use reserved IPv6 documentation prefix.

144
145
146
147
1697.	[bug]		xxx-source{,-v6} was not effective when it
			specified one of listening addresses and a
			different port than the listening port. [RT #12257]

148
149
150
151
1696.	[bug]		dnssec-signzone failed to clean out nodes that
			consisted of only NSEC and RRSIG records.
			[RT #12154]

152
153
1695.	[bug]		DS records when forwarding require special handling.
			[RT #12133]
Mark Andrews's avatar
Mark Andrews committed
154

155
156
1694.	[bug]		Report if the builtin views of "_default" / "_bind"
			are defined in named.conf. [RT #12023]
Mark Andrews's avatar
Mark Andrews committed
157

158
159
1693.	[bug]		max-journal-size was not effective for master zones
			with ixfr-from-differences set. [RT# 12024]
Mark Andrews's avatar
Mark Andrews committed
160

Mark Andrews's avatar
Mark Andrews committed
161
1692.	[bug]		Don't set -I, -L and -R flags when libcrypto is in
162
163
			/usr/lib. [RT #11971]

164
165
1691.	[bug]		sdb's attachversion was not complete. [RT #11990]

166
167
1690.	[bug]		Delay detaching view from the client until UPDATE
			processing completes when shutting down. [RT #11714]
Mark Andrews's avatar
Mark Andrews committed
168

169
170
171
1689.	[bug]		DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
			contained gratuitous semicolons. [RT #11707]

172
173
1688.	[bug]		LDFLAGS was not supported.

174
175
1687.	[bug]		Race condition in dispatch. [RT #10272]

176
177
178
1686.	[bug]		Named sent a extraneous NOTIFY when it received a
			redundant UPDATE request. [RT #11943]

Rob Austein's avatar
Rob Austein committed
179
1685.	[bug]		Change #1679 loop tests weren't quite right.
180

181
182
1684.	[func]		ixfr-from-differences now takes master and slave in
			addition to yes and no at the options and view levels.
Mark Andrews's avatar
Mark Andrews committed
183

184
185
1683.	[bug]		dig +sigchase could leak memory. [RT #11445]

186
187
1682.	[port]		Update configure test for (long long) printf format.
			[RT #5066]
Mark Andrews's avatar
Mark Andrews committed
188

189
190
1681.	[bug]		Only set SO_REUSEADDR when a port is specified in
			isc_socket_bind(). [RT #11742]
Mark Andrews's avatar
Mark Andrews committed
191

192
1680.	[func]		rndc: the source address can now be specified.
Mark Andrews's avatar
Mark Andrews committed
193

194
195
196
1679.	[bug]		When there was a single nameserver with multiple
			addresses for a zone not all addresses were tried.
			[RT #11706]
Mark Andrews's avatar
Mark Andrews committed
197

198
199
1678.	[bug]		RRSIG should use TYPEXXXXX for unknown types.

200
201
1677.	[bug]		dig: +aaonly didn't work, +aaflag undocumented.

Mark Andrews's avatar
Mark Andrews committed
202
203
1676.	[placeholder]	rt10864

204
205
206
1675.	[bug]		named would sometimes add extra NSEC records to
			the authority section.
			
207
208
209
1674.	[port]		linux: increase buffer size used to scan
			/proc/net/if_inet6.

210
211
212
1673.	[port]		linux: issue a error messages if IPv6 interface
			scans fails.

Mark Andrews's avatar
Mark Andrews committed
213
1672.	[cleanup]	Tests which only function in a threaded build
214
215
216
217
			now return R:THREADONLY (rather than R:UNTESTED)
			in a non-threaded build.

1671.	[contrib]	queryperf: add NAPTR to the list of known types.
218

219
220
221
222
223
1670.	[func]		Log UPDATE requests to slave zones without an acl as
			"disabled" at debug level 3. [RT# 11657]

1669.	[placeholder]

224
225
1668.	[bug]		DIG_SIGCHASE was making bin/dig/host dump core.

226
227
1667.	[port]		linux: not all versions have IF_NAMESIZE.

228
229
1666.	[bug]		The optional port on hostnames in dual-stack-servers
			was being ignored.
Mark Andrews's avatar
Mark Andrews committed
230

231
232
1665.	[func]		rndc now allows addresses to be set in the
			server clauses.
Mark Andrews's avatar
Mark Andrews committed
233

Rob Austein's avatar
1664    
Rob Austein committed
234
235
1664.	[bug]		nsupdate needed KEY for SIG(0), not DNSKEY.

236
1663.	[func]		Look for OpenSSL by default.
Mark Andrews's avatar
Mark Andrews committed
237

Mark Andrews's avatar
wording    
Mark Andrews committed
238
239
1662.	[bug]		Change #1658 failed to change one use of 'type'
			to 'keytype'.
240

241
242
1661.	[bug]		Restore dns_name_concatenate() call in
			adb.c:set_target().  [RT #11582]
Mark Andrews's avatar
Mark Andrews committed
243

244
245
1660.	[bug]		win32: connection_reset_fix() was being called
			unconditionally.  [RT #11595]
Mark Andrews's avatar
Mark Andrews committed
246

247
248
249
250
251
252
253
1659.	[cleanup]	Cleanup some messages that were referring to KEY vs
			DNSKEY, NXT vs NSEC and SIG vs RRSIG.

1658.	[func]		Update dnssec-keygen to default to KEY for HMAC-MD5
			and DH.  Tighten which options apply to KEY and
			DNSKEY records.

254
255
256
257
258
1657.	[doc]		ARM: document query log output.

1656.	[doc]		Update DNSSEC description in ARM to cover DS, NSEC
			DNSKEY and RRSIG.  [RT #11542]

259
260
1655.	[bug]		Logging multiple versions w/o a size was broken.
			[RT #11446]
Mark Andrews's avatar
Mark Andrews committed
261

262
263
1654.	[bug]		isc_result_totext() contained array bounds read
			error.
Mark Andrews's avatar
Mark Andrews committed
264

265
266
267
1653.	[func]		Add key type checking to dst_key_fromfilename(),
			DST_TYPE_KEY should be used to read TSIG, TKEY and
			SIG(0) keys.
Mark Andrews's avatar
Mark Andrews committed
268

269
1652.	[bug]		TKEY still uses KEY.
Mark Andrews's avatar
Mark Andrews committed
270

271
272
273
274
1651.	[bug]		dig: process multiple dash options.

1650.	[bug]		dig, nslookup: flush standard out after each command.

275
276
1649.	[bug]		Silence "unexpected non-minimal diff" message.
			[RT #11206]
Mark Andrews's avatar
Mark Andrews committed
277

278
279
280
1648.	[func]		Update dnssec-lookaside named.conf syntax to support
			multiple dnssec-lookaside namespaces (not yet
			implemented).  
Mark Andrews's avatar
Mark Andrews committed
281

282
283
284
1647.	[bug]		It was possible trigger a INSIST when chasing a DS
			record that required walking back over a empty node.
			[RT #11445]
Mark Andrews's avatar
Mark Andrews committed
285

286
287
1646.	[bug]		win32: logging file versions didn't work with
			non-UNC filenames.  [RT#11486]
Mark Andrews's avatar
Mark Andrews committed
288

289
290
291
1645.	[bug]		named could trigger a REQUIRE failure if multiple
			masters with keys are specified.

292
293
1644.	[bug]		Update the journal modification time after a
			sucessfull refresh query. [RT #11436]
Mark Andrews's avatar
Mark Andrews committed
294

295
296
297
1643.	[bug]		dns_db_closeversion() could leak memory / node
			references. [RT #11163]

298
299
300
1642.	[port]		Support OpenSSL implementations which don't have
			DSA support. [RT #11360]

301
302
1641.	[bug]		Update the check-names description in ARM. [RT #11389]

303
304
305
1640.	[bug]		win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
			incorrectly closing the socket.  [RT #11291]

306
307
1639.	[func]		Initial dlv system test.

308
309
310
1638.	[bug]		"ixfr-from-differences" could generate a REQUIRE
			failure if the journal open failed. [RT #11347]
			
311
312
1637.	[bug]		Node reference leak on error in addnoqname().

313
314
315
316
1636.	[bug]		The dump done callback could get ISC_R_SUCCESS even if
			a error had occured.  The database version no longer
			matched the version of the database that was dumped.

317
318
1635.	[bug]		Memory leak on error in query_addds().

319
320
1634.	[bug]		named didn't supply a useful error message when it
			detected duplicate views.  [RT #11208]
Mark Andrews's avatar
Mark Andrews committed
321

322
323
324
1633.	[bug]		named should return NOTIMP to update requests to a
			slaves without a allow-update-forwarding acl specified.
			[RT #11331]
Mark Andrews's avatar
Mark Andrews committed
325

326
327
1632.	[bug]		nsupdate failed to send prerequisite only UPDATE
			messages. [RT #11288]
Mark Andrews's avatar
Mark Andrews committed
328

329
330
331
1631.	[bug]		dns_journal_compact() could sometimes corrupt the
			journal. [RT #11124]

332
1630.	[contrib]	queryperf: add support for IPv6 transport.
333

334
335
1629.	[func]		dig now supports IPv6 scoped addresses with the
			extended format in the local-server part. [RT #8753]
336

337
338
1628.	[bug]		Typo in Compaq Trucluster support. [RT# 11264]

339
340
341
1627.	[bug]		win32: sockets were not being closed when the
			last external reference was removed. [RT# 11179]

342
343
1626.	[bug]		--enable-getifaddrs was broken. [RT#11259]

344
345
1625.	[bug]		named failed to load/transfer RFC2535 signed zones
			which contained CNAMES. [RT# 11237]
Mark Andrews's avatar
Mark Andrews committed
346

347
348
1624.	[bug]		zonemgr_putio() call should be locked. [RT# 11163]

349
350
351
1623.	[bug]		A serial number of zero was being displayed in the
			"sending notifies" log message when also-notify was
			used. [RT #11177]
Mark Andrews's avatar
Mark Andrews committed
352

353
354
1622.	[func]		probe the system to see if IPV6_(RECV)PKTINFO is
			available, and suppress wildcard binding if not.
355

356
357
1621.	[bug]		match-destinations did not work for IPv6 TCP queries.
			[RT# 11156]
358

359
1620.	[func]		When loading a zone report if it is signed. [RT #11149]
Mark Andrews's avatar
Mark Andrews committed
360

361
362
363
1619.	[bug]		Missing ISC_LIST_UNLINK in end_reserved_dispatches().
			[RT# 11118]

364
365
366
1618.	[bug]		Fencepost errors in dns_name_ishostname() and
			dns_name_ismailbox() could trigger a INSIST().

367
368
1617.	[port]		win32: VC++ 6.0 support.

369
370
1616.	[compat]	Ensure that named's version is visible in the core
			dump. [RT #11127]
Mark Andrews's avatar
Mark Andrews committed
371

372
373
374
1615.	[port]		Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
			it is defined.

375
1614.	[port]		win32: silence resource limit messages. [RT# 11101]
Mark Andrews's avatar
Mark Andrews committed
376

377
378
379
1613.	[bug]		Builds would fail on machines w/o a if_nametoindex().
			Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
			[RT #11119]
Mark Andrews's avatar
Mark Andrews committed
380

381
382
1612.	[bug]		check-names at the option/view level could trigger
			an INSIST. [RT# 11116]
Mark Andrews's avatar
Mark Andrews committed
383

384
385
1611.	[bug]		solaris: IPv6 interface scanning failed to cope with
			no active IPv6 interfaces.
Mark Andrews's avatar
Mark Andrews committed
386

387
388
389
1610.	[bug]		On dual stack machines "dig -b" failed to set the
			address type to be looked up with "@server".
			[RT #11069]
Mark Andrews's avatar
Mark Andrews committed
390

391
392
393
1609.	[func]		dig now has support to chase DNSSEC signature chains.
			Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.

Mark Andrews's avatar
Mark Andrews committed
394
395
396
397
			DNSSEC validation code in dig coded by Olivier Courtay
			(olivier.courtay@irisa.fr) for the IDsA project
			(http://idsa.irisa.fr).

398
399
400
1608.	[func]		dig and host now accept -4/-6 to select IP transport
			to use when making queries.

401
402
403
1607.	[bug]		dig, host and nslookup were still using random()
			to generate query ids. [RT# 11013]

Mark Andrews's avatar
Mark Andrews committed
404
1606.	[bug]	 	DLV insecurity proof was failing.
405
406

1605.	[func]		New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
Mark Andrews's avatar
Mark Andrews committed
407

408
409
410
411
1604.	[bug]		A xfrout_ctx_create() failure would result in
			xfrout_ctx_destroy() being called with a
			partially initaliased structure.
			
412
413
1603.	[bug]		nsupdate: set interactive based on isatty().
			[RT# 10929]
Mark Andrews's avatar
Mark Andrews committed
414

415
416
1602.	[bug]		Logging to a file failed unless a size was specified.
			[RT# 10925]
Mark Andrews's avatar
Mark Andrews committed
417

418
419
420
1601.	[bug]		Silence spurious warning 'both "recursion no;" and 
			"allow-recursion" active' warning from view "_bind".
			[RT# 10920]
Mark Andrews's avatar
Mark Andrews committed
421

422
423
1600.	[bug]		Duplicate zone pre-load checks were not case
			insensitive.
Mark Andrews's avatar
Mark Andrews committed
424

425
1599.	[bug]		Fix memory leak on error path when checking named.conf.
Mark Andrews's avatar
Mark Andrews committed
426

427
428
1598.	[func]		Specify that certain parts of the namespace must
			be secure (dnssec-must-be-secure).
Mark Andrews's avatar
Mark Andrews committed
429

Mark Andrews's avatar
Mark Andrews committed
430
431
1597.	[placeholder]	rt6496a

432
1596.	[func]		Accept 'notify-source' style syntax for query-source.
Mark Andrews's avatar
Mark Andrews committed
433

434
435
1595.	[func]		New notify type 'master-only'.  Enable notify for
			master zones only.
Mark Andrews's avatar
Mark Andrews committed
436

437
438
1594.	[bug]		'rndc dumpdb' could prevent named from answering
			queries while the dump was in progress.  [RT #10565]
Mark Andrews's avatar
Mark Andrews committed
439

440
441
1593.	[bug]		rndc should return "unknown command" to unknown
			commands. [RT# 10642]
Mark Andrews's avatar
Mark Andrews committed
442

Mark Andrews's avatar
Mark Andrews committed
443
1592.	[bug]		configure_view() could leak a dispatch. [RT# 10675]
444

445
446
1591.	[bug]		libbind: updated to BIND 8.4.5.

447
448
1590.	[port]		netbsd: update thread support.

449
450
1589.	[func]		DNSSEC lookaside validation.

451
452
1588.	[bug]		win32: TCP sockets could become blocked. [RT #10115]

453
454
1587.	[bug]		dns_message_settsigkey() failed to clear existing key.
			[RT #10590]
Mark Andrews's avatar
Mark Andrews committed
455

456
457
1586.	[func]		"check-names" is now implemented.

Mark Andrews's avatar
Mark Andrews committed
458
1585.	[placeholder]
Mark Andrews's avatar
Mark Andrews committed
459

Mark Andrews's avatar
Mark Andrews committed
460
1584.	[bug]		"make test" failed with a read only source tree.
461
			[RT #10461]
Mark Andrews's avatar
Mark Andrews committed
462

463
464
1583.	[bug]		Records add via UPDATE failed to get the correct trust
			level. [RT #10452]
Mark Andrews's avatar
Mark Andrews committed
465

466
467
1582.	[bug]		rrset-order failed to work on RRsets with more
			than 32 elements. [RT #10381]
Mark Andrews's avatar
Mark Andrews committed
468

469
1581.	[func]		Disable DNSSEC support by default.  To enable
470
			DNSSEC specify "dnssec-enable yes;" in named.conf.
471

Mark Andrews's avatar
Mark Andrews committed
472
1580.	[bug]		Zone destruction on final detach takes a long time.
473
			[RT #3746]
Mark Andrews's avatar
Mark Andrews committed
474

475
1579.	[bug]		Multiple task managers could not be created.
Mark Andrews's avatar
Mark Andrews committed
476

477
478
1578.	[bug]		Don't use CLASS E IPv4 addresses when resolving.
			[RT #10346]
Mark Andrews's avatar
Mark Andrews committed
479

480
481
1577.	[bug]		Use isc_uint32_t in ultrasparc optimizer bug
			workaround code. [RT #10331]
Mark Andrews's avatar
Mark Andrews committed
482

483
484
1576.	[bug]		Race condition in dns_dispatch_addresponse().
			[RT# 10272]
Mark Andrews's avatar
Mark Andrews committed
485

486
1575.	[func]		Log TSIG name on TSIG verify failure. [RT #4404]
Mark Andrews's avatar
Mark Andrews committed
487

488
489
490
1574.	[bug]		Don't attempt to open the controls socket(s) when
			running tests. [RT #9091]

491
492
493
1573.	[port]		linux: update to libtool 1.5.2 so that
			"make install DESTDIR=/xx" works with
			"configure --with-libtool".  [RT #9941]
Mark Andrews's avatar
Mark Andrews committed
494

495
496
1572.	[bug]		nsupdate: sign the soa query to find the enclosing
			zone if the server is specified. [RT #10148]
Mark Andrews's avatar
Mark Andrews committed
497

498
1571.	[bug]		rbt:hash_node() could fail leaving the hash table
Mark Andrews's avatar
Mark Andrews committed
499
			in an inconsistent state.  [RT #10208]
Mark Andrews's avatar
Mark Andrews committed
500

501
502
503
1570.	[bug]		nsupdate failed to handle classes other than IN.
			New keyword 'class' which sets the default class.
			[RT #10202]
Mark Andrews's avatar
Mark Andrews committed
504

505
506
1569.	[func]		nsupdate new command 'answer' which displays the
			complete answer message to the last update.
Mark Andrews's avatar
Mark Andrews committed
507

508
1568.	[bug]		nsupdate now reports that the update failed in
Mark Andrews's avatar
Mark Andrews committed
509
			interactive mode. [RT# 10236]
Mark Andrews's avatar
Mark Andrews committed
510

511
512
1567.	[bug]		B.ROOT-SERVERS.NET is now 192.228.79.201.

513
514
515
516
1566.	[port]		Support for the cmsg framework on Solaris and HP/UX.
			This also solved the problem that match-destinations
			for IPv6 addresses did not work on these systems.
			[RT #10221]
517

Mark Andrews's avatar
Mark Andrews committed
518
519
520
1565.	[bug]		CD flag should be copied to outgoing queries unless
			the query is under a secure entry point in which case
			CD should be set.
521

522
523
524
525
526
1564.	[func]		Attempt to provide a fallback entropy source to be
			used if named is running chrooted and named is unable
			to open entropy source within the chroot area.
			[RT #10133]

Mark Andrews's avatar
Mark Andrews committed
527
528
1563.	[bug]		Gracefully fail when unable to obtain neither an IPv4
			nor an IPv6 dispatch. [RT #10230]
529

530
531
532
1562.	[bug]		isc_socket_create() and isc_socket_accept() could
			leak memory under error conditions. [RT #10230]

533
534
535
1561.	[bug]		It was possible to release the same name twice if
			named ran out of memory. [RT #10197]

536
537
538
1560.	[port]		FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
			and EAI_NONAME to the same value.

539
1559.	[port]		named should ignore SIGFSZ.
Mark Andrews's avatar
Mark Andrews committed
540

541
542
543
544
545
546
547
548
549
1558.	[func]		New DNSSEC 'disable-algorithms'.  Support entry into
			child zones for which we don't have a supported
			algorithm.  Such child zones are treated as unsigned.

1557.	[func]		Implement missing DNSSEC tests for
			* NOQNAME proof with wildcard answers.
			* NOWILDARD proof with NXDOMAIN.
			Cache and return NOQNAME with wildcard answers.

Mark Andrews's avatar
Mark Andrews committed
550
1556.	[bug]		nsupdate now treats all names as fully qualified.
551
			[RT #6427]
Mark Andrews's avatar
Mark Andrews committed
552

Mark Andrews's avatar
now->no    
Mark Andrews committed
553
1555.	[func]		'rrset-order cyclic' no longer has a random starting
554
555
			point. [RT #7572]

Mark Andrews's avatar
Mark Andrews committed
556
1554.	[bug]		dig, host, nslookup failed when no nameservers
557
558
			were specified in /etc/resolv.conf. [RT #8232]

559
1553.	[bug]		The windows socket code could stop accepting
Mark Andrews's avatar
Mark Andrews committed
560
			connections. [RT#10115]
561

562
563
1552.	[bug]		Accept NOTIFY requests from mapped masters if
			matched-mapped is set. [RT #10049]
Mark Andrews's avatar
Mark Andrews committed
564

565
566
1551.	[port]		Open "/dev/null" before calling chroot().

567
568
1550.	[port]		Call tzset(), if available, before calling chroot().

569
570
571
1549.	[func]		named-checkzone can now write out the zone contents
			in a easily parsable format (-D and -o).

Mark Andrews's avatar
Mark Andrews committed
572
573
574
1548.	[bug]		When parsing APL records it was possible to silently
			accept out of range ADDRESSFAMILY values. [RT# 9979]

575
576
577
1547.	[bug]		Named wasted memory recording duplicate lame zone
			entries. [RT #9341]

578
579
580
1546.	[bug]		We were rejecting valid secure CNAME to negative
			answers.

581
582
583
584
1545.	[bug]		It was possible to leak memory if named was unable to
			bind to the specified transfer source and TSIG was
			being used. [RT #10120]

585
586
1544.	[bug]		Named would logged a single entry to a file despite it
			being over the specified size limit.
Mark Andrews's avatar
Mark Andrews committed
587

588
1543.	[bug]		Logging using "versions unlimited" did not work.
Mark Andrews's avatar
Mark Andrews committed
589

Mark Andrews's avatar
Mark Andrews committed
590
591
1542.	[placeholder]

592
1541.	[func]		NSEC now uses new bitmap format.
Mark Andrews's avatar
Mark Andrews committed
593

594
595
1540.	[bug]		"rndc reload <dynamiczone>" was silently accepted.
			[RT #8934]
Mark Andrews's avatar
Mark Andrews committed
596

597
598
1539.	[bug]		Open UDP sockets for notify-source and transfer-source
			that use reserved ports at startup. [RT #9475]
Mark Andrews's avatar
Mark Andrews committed
599

Mark Andrews's avatar
Mark Andrews committed
600
601
1538.	[placeholder]	rt9997

602
1537.	[func]		New option "querylog".  If set specify whether query
Mark Andrews's avatar
Mark Andrews committed
603
			logging is to be enabled or disabled at startup.
Mark Andrews's avatar
Mark Andrews committed
604

605
606
1536.	[bug]		Windows socket code failed to log a error description
			when returning ISC_R_UNEXPECTED. [RT #9998]
Mark Andrews's avatar
Mark Andrews committed
607

Mark Andrews's avatar
Mark Andrews committed
608
609
1535.	[placeholder]

610
1534.	[bug]		Race condition when priming cache. [RT# 9940]
Mark Andrews's avatar
Mark Andrews committed
611

Mark Andrews's avatar
Mark Andrews committed
612
1533.	[func]		Warn if both "recursion no;" and "allow-recursion"
613
			are active. [RT# 4389]
Mark Andrews's avatar
Mark Andrews committed
614

615
616
617
1532.	[port]		netbsd: the configure test for <sys/sysctl.h>
			requires <sys/param.h>.

Mark Andrews's avatar
Mark Andrews committed
618
1531.	[port]		AIX more libtool fixes.
619

620
1530.	[bug]		It was possible to trigger a INSIST() failure if a
Mark Andrews's avatar
grammar    
Mark Andrews committed
621
			slave master file was removed at just the correct
622
623
			moment. [RT #9462]

Mark Andrews's avatar
Mark Andrews committed
624
1529.	[bug]		"notify explicit;" failed to log that NOTIFY messages
Mark Andrews's avatar
Mark Andrews committed
625
			were being sent for the zone. [RT# 9442]
Mark Andrews's avatar
Mark Andrews committed
626

627
628
1528.	[cleanup]	Simplify some dns_name_ functions based on the
			deprecation of bitstring labels.
629

630
631
1527.	[cleanup]	Reduce the number of gettimeofday() calls without
			losing necessary timer granularity.
632

633
634
1526.	[placeholder]

Mark Andrews's avatar
Mark Andrews committed
635
636
1525.	[bug]		dns_cache_create() could trigger a REQUIRE
			failure in isc_mem_put() during error cleanup.
637
			[RT# 9360]
638

639
640
641
1524.	[port]		AIX needs to be able to resolve all symbols when
			creating shared libraries (--with-libtool).

642
643
1523.	[bug]		Fix race condition in rbtdb. [RT# 9189]

644
645
646
1522.	[bug]		dns_db_findnode() relax the requirements on 'name'.
			[RT# 9286]

647
648
649
1521.	[bug]		dns_view_createresolver() failed to check the
			result from isc_mem_create(). [RT# 9294]

650
651
1520.	[protocol]	Add SSHFP (SSH Finger Print) type.

652
653
654
1519.	[bug]		dnssec-signzone:nsec_setbit() computed the wrong
			length of the new bitmap.

Mark Andrews's avatar
Mark Andrews committed
655
1518.	[bug]		dns_nsec_buildrdata(), and hence dns_nsec_build(),
656
657
658
			contained a off-by-one error when working out the
			number of octets in the bitmap.

Mark Andrews's avatar
Mark Andrews committed
659
660
1517.	[port]		Support for IPv6 interface scanning on HP/UX and
			TrueUNIX 5.1.
661

Mark Andrews's avatar
Mark Andrews committed
662
1516.	[func]		Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
663

Mark Andrews's avatar
Mark Andrews committed
664
665
1515.	[func]		Allow transfer source to be set in a server statement.
			[RT #6496]
666

Mark Andrews's avatar
Mark Andrews committed
667
668
1514.	[bug]		named: isc_hash_destroy() was being called too early.
			[RT #9160]
669

Mark Andrews's avatar
Mark Andrews committed
670
1513.	[doc]		Add "US" to root-delegation-only exclude list.
671

Mark Andrews's avatar
Mark Andrews committed
672
673
1512.	[bug]		Extend the delegation-only logging to return query
			type, class and responding nameserver.
674

Mark Andrews's avatar
Mark Andrews committed
675
676
1511.	[bug]		delegation-only was generating false positives
			on negative answers from subzones.
677

Mark Andrews's avatar
Mark Andrews committed
678
679
680
681
682
1510.	[func]		New view option "root-delegation-only".  Apply
			delegation-only check to all TLDs and root.
			Note there are some TLDs that are NOT delegation
			only (e.g. DE, LV, US and MUSEUM) these can be excluded
			from the checks by using exclude.
683

Mark Andrews's avatar
Mark Andrews committed
684
685
686
			root-delegation-only exclude {
				"DE"; "LV"; "US"; "MUSEUM";
			};
687

Mark Andrews's avatar
Mark Andrews committed
688
689
1509.	[bug]		Hint zones should accept delegation-only.  Forward
			zone should not accept delegation-only.
690

Mark Andrews's avatar
Mark Andrews committed
691
692
1508.	[bug]		Don't apply delegation-only checks to answers from
			forwarders.
693

Mark Andrews's avatar
Mark Andrews committed
694
695
1507.	[bug]		Handle BIND 8 style returns to NS queries to parents
			when making delegation-only checks.
696

Mark Andrews's avatar
Mark Andrews committed
697
1506.	[bug]		Wrong return type for dns_view_isdelegationonly().
698

Mark Andrews's avatar
Mark Andrews committed
699
1505.	[bug]		Uninitialized rdataset in sdb. [RT #8750]
700

Mark Andrews's avatar
Mark Andrews committed
701
1504.	[func]		New zone type "delegation-only".
702

Mark Andrews's avatar
Mark Andrews committed
703
1503.	[port]		win32: install libeay32.dll outside of system32.
704

Mark Andrews's avatar
Mark Andrews committed
705
1502.	[bug]		nsupdate: adjust timeouts for UPDATE requests over TCP.
706

Mark Andrews's avatar
Mark Andrews committed
707
708
1501.	[func]		Allow TCP queue length to be specified via
			named.conf, tcp-listen-queue.
709

Mark Andrews's avatar
Mark Andrews committed
710
711
1500.	[bug]		host failed to lookup MX records.  Also look up
			AAAA records.
712

Mark Andrews's avatar
Mark Andrews committed
713
714
1499.	[bug]		isc_random need to be seeded better if arc4random()
			is not used.
715

Mark Andrews's avatar
Mark Andrews committed
716
1498.	[port]		bsdos: 5.x support.
Mark Andrews's avatar
Mark Andrews committed
717

Mark Andrews's avatar
Mark Andrews committed
718
1497.	[placeholder]
719

Mark Andrews's avatar
Mark Andrews committed
720
1496.	[port]		test for pthread_attr_setstacksize().
721

Mark Andrews's avatar
Mark Andrews committed
722
1495.	[cleanup]	Replace hash functions with universal hash.
723

Mark Andrews's avatar
Mark Andrews committed
724
1494.	[security]	Turn on RSA BLINDING as a precaution.
Mark Andrews's avatar
Mark Andrews committed
725

Mark Andrews's avatar
Mark Andrews committed
726
1493.	[placeholder]
727

Mark Andrews's avatar
Mark Andrews committed
728
729
1492.	[cleanup]	Preserve rwlock quota context when upgrading /
			downgrading. [RT #5599]
730

Mark Andrews's avatar
Mark Andrews committed
731
732
1491.	[bug]		dns_master_dump*() would produce extraneous $ORIGIN
			lines. [RT #6206]
733

Mark Andrews's avatar
Mark Andrews committed
734
735
1490.	[bug]		Accept reading state as well as working state in
			ns_client_next(). [RT #6813]
736

Mark Andrews's avatar
Mark Andrews committed
737
738
1489.	[compat]	Treat 'allow-update' on slave zones as a warning.
			[RT #3469]
739

Mark Andrews's avatar
Mark Andrews committed
740
741
1488.	[bug]		Don't override trust levels for glue addresses.
			[RT #5764]
742

Mark Andrews's avatar
Mark Andrews committed
743
744
745
1487.	[bug]		A REQUIRE() failure could be triggered if a zone was
			queued for transfer and the zone was then removed.
			[RT #6189]
746

Mark Andrews's avatar
Mark Andrews committed
747
748
1486.	[bug]		isc_print_snprintf() '%%' consumed one too many format
			characters. [RT# 8230]
749

Mark Andrews's avatar
Mark Andrews committed
750
1485.	[bug]		gen failed to handle high type values. [RT #6225]
751

Mark Andrews's avatar
Mark Andrews committed
752
753
1484.	[bug]		The number of records reported after a AXFR was wrong.
			[RT #6229]
754

Mark Andrews's avatar
Mark Andrews committed
755
756
757
1483.	[bug]		dig axfr failed if the message id in the answer failed
			to match that in the request.  Only the id in the first
			message is required to match. [RT #8138]
Mark Andrews's avatar
Mark Andrews committed
758

Mark Andrews's avatar
Mark Andrews committed
759
760
761
1482.	[bug]		named could fail to start if the kernel supports
			IPv6 but no interfaces are configured.  Similarly
			for IPv4. [RT #6229]
762

Mark Andrews's avatar
Mark Andrews committed
763
764
1481.	[bug]		Refresh and stub queries failed to use masters keys
			if specified. [RT #7391]
765

Mark Andrews's avatar
Mark Andrews committed
766
767
768
769
770
1480.	[bug]		Provide replay protection for rndc commands.  Full
			replay protection requires both rndc and named to
			be updated.  Partial replay protection (limited
			exposure after restart) is provided if just named
			is updated.
771

Mark Andrews's avatar
Mark Andrews committed
772
773
774
1479.	[bug]		cfg_create_tuple() failed to handle out of
			memory cleanup.  parse_list() would leak memory
			on syntax errors.
Mark Andrews's avatar
Mark Andrews committed
775

Mark Andrews's avatar
Mark Andrews committed
776
1478.	[port]		ifconfig.sh didn't account for other virtual
Mark Andrews's avatar
Mark Andrews committed
777
			interfaces.  It now takes a optional argument
Mark Andrews's avatar
Mark Andrews committed
778
			to specify the first interface number. [RT #3907]
779

Mark Andrews's avatar
Mark Andrews committed
780
1477.	[bug]		memory leak using stub zones and TSIG.
Mark Andrews's avatar
Mark Andrews committed
781

Mark Andrews's avatar
Mark Andrews committed
782
1476.	[placeholder]
783

Mark Andrews's avatar
Mark Andrews committed
784
1475.	[port]		Probe for old sprintf().
785

Mark Andrews's avatar
Mark Andrews committed
786
787
1474.	[port]		Provide strtoul() and memmove() for platforms
			without them.
788

Mark Andrews's avatar
Mark Andrews committed
789
790
1473.	[bug]		create_map() and create_string() failed to handle out
			of memory cleanup.  [RT #6813]
791

Mark Andrews's avatar
Mark Andrews committed
792
1472.	[contrib]	idnkit-1.0 from JPNIC, replaces mdnkit.
793

Mark Andrews's avatar
Mark Andrews committed
794
1471.	[bug]		libbind: updated to BIND 8.4.0.
795

Mark Andrews's avatar
Mark Andrews committed
796
1470.	[bug]		Incorrect length passed to snprintf. [RT #5966]
797

Mark Andrews's avatar
Mark Andrews committed
798
799
1469.	[func]		Log end of outgoing zone transfer at same level
			as the start of transfer is logged. [RT #4441]
800

Mark Andrews's avatar
Mark Andrews committed
801
802
1468.	[func]		Internal zones are no longer counted for
			'rndc status'.  [RT #4706]
803

Mark Andrews's avatar
Mark Andrews committed
804
1467.	[func]		$GENERATES now supports optional class and ttl.
805

Mark Andrews's avatar
Mark Andrews committed
806
807
1466.	[bug]		lwresd configuration errors resulted in memory
			and lock leaks.  [RT #5228]
808

Mark Andrews's avatar
Mark Andrews committed
809
810
811
1465.	[bug]		isc_base64_decodestring() and isc_base64_tobuffer()
			failed to check that trailing bits were zero allowing
			some invalid base64 strings to be accepted.  [RT #5397]
812

Mark Andrews's avatar
Mark Andrews committed
813
814
1464.	[bug]		Preserve "out of zone" data for outgoing zone
			transfers. [RT #5192]
815

Mark Andrews's avatar
Mark Andrews committed
816
817
1463.	[bug]		dns_rdata_from{wire,struct}() failed to catch bad
			NXT bit maps. [RT #5577]
818

Mark Andrews's avatar
Mark Andrews committed
819
820
1462.	[bug]		parse_sizeval() failed to check the token type.
			[RT #5586]
821

Mark Andrews's avatar
Mark Andrews committed
822
1461.	[bug]		Remove deadlock from rbtdb code. [RT #5599]
823

Mark Andrews's avatar
Mark Andrews committed
824
825
1460.	[bug]		inet_pton() failed to reject certain malformed
			IPv6 literals.
Mark Andrews's avatar
Mark Andrews committed
826

Mark Andrews's avatar
Mark Andrews committed
827
1459.	[placeholder]
828

Mark Andrews's avatar
Mark Andrews committed
829
1458.	[cleanup]	sprintf() -> snprintf().
830

Mark Andrews's avatar
Mark Andrews committed
831
832
1457.	[port]		Provide strlcat() and strlcpy() for platforms without
			them.
833

Mark Andrews's avatar
Mark Andrews committed
834
1456.	[contrib]	gen-data-queryperf.py from Stephane Bortzmeyer.
835

Mark Andrews's avatar
Mark Andrews committed
836
837
1455.	[bug]		<netaddr> missing from server grammar in
			doc/misc/options. [RT #5616]
838

Mark Andrews's avatar
Mark Andrews committed
839
840
841
842
843
1454.	[port]		Use getifaddrs() if available for interface scanning.
			--disable-getifaddrs to override.  Glibc currently
			has a getifaddrs() that does not support IPv6.
			Use --enable-getifaddrs=glibc to force the use of
			this version under linux machines.
844

Mark Andrews's avatar
Mark Andrews committed
845
1453.	[doc]		ARM: $GENERATE example wasn't accurate. [RT #5298]
Mark Andrews's avatar
Mark Andrews committed
846

Mark Andrews's avatar
Mark Andrews committed
847
1452.	[placeholder]
848

Mark Andrews's avatar
Mark Andrews committed
849
850
1451.	[bug]		rndc-confgen didn't exit with a error code for all
			failures. [RT #5209]
851

Mark Andrews's avatar
Mark Andrews committed
852
853
1450.	[bug]		Fetching expired glue failed under certain
			circumstances.  [RT #5124]
854

Mark Andrews's avatar
Mark Andrews committed
855
856
1449.	[bug]		query_addbestns() didn't handle running out of memory
			gracefully.
857

Mark Andrews's avatar
Mark Andrews committed
858
1448.	[bug]		Handle empty wildcards labels.
859

Mark Andrews's avatar
Mark Andrews committed
860
861
862
1447.	[bug]		We were casting (unsigned int) to and from (void *).
			rdataset->private4 is now rdataset->privateuint4
			to reflect a type change.
863

Mark Andrews's avatar
Mark Andrews committed
864
865
866
1446.	[func]		Implemented undocumented alternate transfer sources
			from BIND 8.  See use-alt-transfer-source,
			alt-transfer-source and alt-transfer-source-v6.
867

Mark Andrews's avatar
Mark Andrews committed
868
869
870
871
872
873
			SECURITY: use-alt-transfer-source is ENABLED unless
			you are using views.  This may cause a security risk
			resulting in accidental disclosure of wrong zone
			content if the master supplying different source
			content based on IP address.  If you are not certain
			ISC recommends setting use-alt-transfer-source no;
874

Mark Andrews's avatar
Mark Andrews committed
875
876
877
1445.	[bug]		DNS_ADBFIND_STARTATROOT broke stub zones.  This has
			been replaced with DNS_ADBFIND_STARTATZONE which
			causes the search to start using the closest zone.
878

Mark Andrews's avatar
Mark Andrews committed
879
880
1444.	[func]		dns_view_findzonecut2() allows you to specify if the
			cache should be searched for zone cuts.
881

Mark Andrews's avatar
Mark Andrews committed
882
883
1443.	[func]		Masters lists can now be specified and referenced
			in zone masters clauses and other masters lists.
884

Mark Andrews's avatar
Mark Andrews committed
885
886
887
888
1442.	[func]		New functions for manipulating port lists:
			dns_portlist_create(), dns_portlist_add(),
			dns_portlist_remove(), dns_portlist_match(),
			dns_portlist_attach() and dns_portlist_detach().
889

Mark Andrews's avatar
Mark Andrews committed
890
891
1441.	[func]		It is now possible to tell dig to bind to a specific
			source port.
892

Mark Andrews's avatar
Mark Andrews committed
893
894
895
1440.	[func]		It is now possible to tell named to avoid using
			certain source ports (avoid-v4-udp-ports,
			avoid-v6-udp-ports).
896

Mark Andrews's avatar
Mark Andrews committed
897
898
899
1439.	[bug]		Named could return NOERROR with certain NOTIFY
			failures.  Return NOTAUTH if the NOTIFY zone is
			not being served.
900

Mark Andrews's avatar
Mark Andrews committed
901
1438.	[func]		Log TSIG (if any) when logging NOTIFY requests.
902

Mark Andrews's avatar
Mark Andrews committed
903
1437.	[bug]		Leave space for stdio to work in. [RT #5033]
904

Mark Andrews's avatar
Mark Andrews committed
905
906
1436.	[func]		dns_zonemgr_resumexfrs() can be used to restart
			stalled transfers.
907

Mark Andrews's avatar
Mark Andrews committed
908
909
910
911
1435.	[bug]		zmgr_resume_xfrs() was being called read locked
			rather than write locked.  zmgr_resume_xfrs()
			was not being called if the zone was being
			shutdown.
912

Mark Andrews's avatar
Mark Andrews committed
913
914
1434.	[bug]		"rndc reconfig" failed to initiate the initial
			zone transfer of new slave zones.
915

Mark Andrews's avatar
Mark Andrews committed
916
917
918
1433.	[bug]		named could trigger a REQUIRE failure if it could
			not get a file descriptor when attempting to write
			a master file. [RT #4347]
919

Mark Andrews's avatar
Mark Andrews committed
920
921
1432.	[func]		The advertised EDNS UDP buffer size can now be set
			via named.conf (edns-udp-size).
922

Mark Andrews's avatar
Mark Andrews committed
923
924
1431.	[bug]		isc_print_snprintf() "%s" with precision could walk off
			end of argument. [RT #5191]
925

Mark Andrews's avatar
Mark Andrews committed
926
1430.	[port]		linux: IPv6 interface scanning support.
927

Mark Andrews's avatar
Mark Andrews committed
928
1429.	[bug]		Prevent the cache getting locked to old servers.
Mark Andrews's avatar
Mark Andrews committed
929

Mark Andrews's avatar