CHANGES

1725.	[placeholder]	rt12541

1724.	[placeholder]	rt12557

1723.	[cleanup]	Silence compiler warnings from t_tasks.c. [RT #12493]

1722.	[bug]		Don't commit the journal on malformed ixfr streams.
			[RT #12519]

1721.	[bug]		Error message from the journal processing were not
			always identifing the relevent journal. [RT #12519]

1720.	[bug]		'dig +chase' did not terminate on a RFC 2308 Type 1
			negative response. [RT #12506]

1719.	[bug]		named was not correctly caching a RFC 2308 Type 1
			negative response. [RT #12506]

1718.	[bug]		nsupdate was not handling RFC 2308 Type 3 negative
			responses when looking for the zone / master server.
			[RT #12506]

1717.	[port]		solaris: ifconfig.sh did not support Solaris 10.
			"ifconfig.sh down" didn't work for Solaris 9.

1716.	[doc]		named.conf(5) was being installed in the wrong
			location.  [RT# 12441]

1715.	[placeholder]	rt11681

1714.	[bug]		dig/host/nslookup were only trying the first
			address when a nameserver was specified by name.
			[RT #12286]

1713.	[port]		linux: extend capset failure message to say:
			please ensure that the capset kernel module is
			loaded.  see insmod(8)

1712.	[bug]		Missing FULLCHECK for "trusted-key" in dig.

1711.	[func]		'rndc unfreeze' has been deprecated by 'rndc thaw'.

1710.	[placeholder]	rt9479

1709.	[port]		solaris: add SMF support from Sun.

1708.	[cleanup]	Replaced dns_fullname_hash() with dns_name_fullhash()
			for conformance to the name space convention.  Binary
			backward compatibility to the old function name is
			provided. [RT #12376]

1707.	[contrib]	sdb/ldap updated to version 1.0-beta.

1706.	[bug]		'rndc stop' failed to cause zones to be flushed
			sometimes. [RT #12328]

1705.	[placeholder]	rt12327

1704.	[port]		lwres needed a snprintf() implementation for
			platforms without snprintf().  Add missing
			"#include <isc/print.h>". [RT #12321]

1703.	[bug]		named would loop sending NOTIFY messages when it
			failed to receive a response. [RT #12322]

1702.	[bug]		also-notify should not be applied to builtin zones.
			[RT #12323]

1701.	[doc]		A minimal named.conf man page.

1700.	[func]		nslookup is no longer to be treated as deprecated.
			Remove "deprecated" warning message.  Add man page.

1699.	[bug]		dnssec-signzone can generate "not exact" errors
			when resigning. [RT #12281]

1698.	[doc]		Use reserved IPv6 documentation prefix.

1697.	[bug]		xxx-source{,-v6} was not effective when it
			specified one of listening addresses and a
			different port than the listening port. [RT #12257]

1696.	[bug]		dnssec-signzone failed to clean out nodes that
			consisted of only NSEC and RRSIG records.
			[RT #12154]

1695.	[bug]		DS records when forwarding require special handling.
			[RT #12133]

1694.	[bug]		Report if the builtin views of "_default" / "_bind"
			are defined in named.conf. [RT #12023]

1693.	[bug]		max-journal-size was not effective for master zones
			with ixfr-from-differences set. [RT# 12024]

1692.	[bug]		Don't set -I, -L and -R flags when libcrypto is in
			/usr/lib. [RT #11971]

1691.	[bug]		sdb's attachversion was not complete. [RT #11990]

1690.	[bug]		Delay detaching view from the client until UPDATE
			processing completes when shutting down. [RT #11714]

1689.	[bug]		DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
			contained gratuitous semicolons. [RT #11707]

1688.	[bug]		LDFLAGS was not supported.

1687.	[bug]		Race condition in dispatch. [RT #10272]

1686.	[bug]		Named sent a extraneous NOTIFY when it received a
			redundant UPDATE request. [RT #11943]

1685.	[bug]		Change #1679 loop tests weren't quite right.

1684.	[placeholder]	rt10704

1683.	[bug]		dig +sigchase could leak memory. [RT #11445]

1682.	[port]		Update configure test for (long long) printf format.
			[RT #5066]

1681.	[bug]		Only set SO_REUSEADDR when a port is specified in
			isc_socket_bind(). [RT #11742]

1680.	[func]		rndc: the source address can now be specified.

1679.	[bug]		When there was a single nameserver with multiple
			addresses for a zone not all addresses were tried.
			[RT #11706]

1678.	[bug]		RRSIG should use TYPEXXXXX for unknown types.

1677.	[bug]		dig: +aaonly didn't work, +aaflag undocumented.

1676.	[placeholder]	rt10864

1675.	[bug]		named would sometimes add extra NSEC records to
			the authority section.
			
1674.	[port]		linux: increase buffer size used to scan
			/proc/net/if_inet6.

1673.	[port]		linux: issue a error messages if IPv6 interface
			scans fails.

1672.	[cleanup]	Tests which only function in a threaded build
			now return R:THREADONLY (rather than R:UNTESTED)
			in a non-threaded build.

1671.	[contrib]	queryperf: add NAPTR to the list of known types.

1670.	[func]		Log UPDATE requests to slave zones without an acl as
			"disabled" at debug level 3. [RT# 11657]

1669.	[placeholder]

1668.	[bug]		DIG_SIGCHASE was making bin/dig/host dump core.

1667.	[port]		linux: not all versions have IF_NAMESIZE.

1666.	[bug]		The optional port on hostnames in dual-stack-servers
			was being ignored.

1665.	[func]		rndc now allows addresses to be set in the
			server clauses.

1664.	[bug]		nsupdate needed KEY for SIG(0), not DNSKEY.

1663.	[func]		Look for OpenSSL by default.

1662.	[bug]		Change #1658 failed to change one use of 'type'
			to 'keytype'.

1661.	[bug]		Restore dns_name_concatenate() call in
			adb.c:set_target().  [RT #11582]

1660.	[bug]		win32: connection_reset_fix() was being called
			unconditionally.  [RT #11595]

1659.	[cleanup]	Cleanup some messages that were referring to KEY vs
			DNSKEY, NXT vs NSEC and SIG vs RRSIG.

1658.	[func]		Update dnssec-keygen to default to KEY for HMAC-MD5
			and DH.  Tighten which options apply to KEY and
			DNSKEY records.

1657.	[doc]		ARM: document query log output.

1656.	[doc]		Update DNSSEC description in ARM to cover DS, NSEC
			DNSKEY and RRSIG.  [RT #11542]

1655.	[bug]		Logging multiple versions w/o a size was broken.
			[RT #11446]

1654.	[bug]		isc_result_totext() contained array bounds read
			error.

1653.	[func]		Add key type checking to dst_key_fromfilename(),
			DST_TYPE_KEY should be used to read TSIG, TKEY and
			SIG(0) keys.

1652.	[bug]		TKEY still uses KEY.

1651.	[bug]		dig: process multiple dash options.

1650.	[bug]		dig, nslookup: flush standard out after each command.

1649.	[bug]		Silence "unexpected non-minimal diff" message.
			[RT #11206]

1648.	[func]		Update dnssec-lookaside named.conf syntax to support
			multiple dnssec-lookaside namespaces (not yet
			implemented).  

1647.	[bug]		It was possible trigger a INSIST when chasing a DS
			record that required walking back over a empty node.
			[RT #11445]

1646.	[bug]		win32: logging file versions didn't work with
			non-UNC filenames.  [RT#11486]

1645.	[bug]		named could trigger a REQUIRE failure if multiple
			masters with keys are specified.

1644.	[bug]		Update the journal modification time after a
			sucessfull refresh query. [RT #11436]

1643.	[bug]		dns_db_closeversion() could leak memory / node
			references. [RT #11163]

1642.	[port]		Support OpenSSL implementations which don't have
			DSA support. [RT #11360]

1641.	[bug]		Update the check-names description in ARM. [RT #11389]

1640.	[bug]		win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
			incorrectly closing the socket.  [RT #11291]

1639.	[func]		Initial dlv system test.

1638.	[bug]		"ixfr-from-differences" could generate a REQUIRE
			failure if the journal open failed. [RT #11347]
			
1637.	[bug]		Node reference leak on error in addnoqname().

1636.	[bug]		The dump done callback could get ISC_R_SUCCESS even if
			a error had occured.  The database version no longer
			matched the version of the database that was dumped.

1635.	[bug]		Memory leak on error in query_addds().

1634.	[bug]		named didn't supply a useful error message when it
			detected duplicate views.  [RT #11208]

1633.	[bug]		named should return NOTIMP to update requests to a
			slaves without a allow-update-forwarding acl specified.
			[RT #11331]

1632.	[bug]		nsupdate failed to send prerequisite only UPDATE
			messages. [RT #11288]

1631.	[bug]		dns_journal_compact() could sometimes corrupt the
			journal. [RT #11124]

1630.	[contrib]	queryperf: add support for IPv6 transport.

1629.	[func]		dig now supports IPv6 scoped addresses with the
			extended format in the local-server part. [RT #8753]

1628.	[bug]		Typo in Compaq Trucluster support. [RT# 11264]

1627.	[bug]		win32: sockets were not being closed when the
			last external reference was removed. [RT# 11179]

1626.	[bug]		--enable-getifaddrs was broken. [RT#11259]

1625.	[bug]		named failed to load/transfer RFC2535 signed zones
			which contained CNAMES. [RT# 11237]

1624.	[bug]		zonemgr_putio() call should be locked. [RT# 11163]

1623.	[bug]		A serial number of zero was being displayed in the
			"sending notifies" log message when also-notify was
			used. [RT #11177]

1622.	[func]		probe the system to see if IPV6_(RECV)PKTINFO is
			available, and suppress wildcard binding if not.

1621.	[bug]		match-destinations did not work for IPv6 TCP queries.
			[RT# 11156]

1620.	[func]		When loading a zone report if it is signed. [RT #11149]

1619.	[bug]		Missing ISC_LIST_UNLINK in end_reserved_dispatches().
			[RT# 11118]

1618.	[bug]		Fencepost errors in dns_name_ishostname() and
			dns_name_ismailbox() could trigger a INSIST().

1617.	[port]		win32: VC++ 6.0 support.

1616.	[compat]	Ensure that named's version is visible in the core
			dump. [RT #11127]

1615.	[port]		Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
			it is defined.

1614.	[port]		win32: silence resource limit messages. [RT# 11101]

1613.	[bug]		Builds would fail on machines w/o a if_nametoindex().
			Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
			[RT #11119]

1612.	[bug]		check-names at the option/view level could trigger
			an INSIST. [RT# 11116]

1611.	[bug]		solaris: IPv6 interface scanning failed to cope with
			no active IPv6 interfaces.

1610.	[bug]		On dual stack machines "dig -b" failed to set the
			address type to be looked up with "@server".
			[RT #11069]

1609.	[func]		dig now has support to chase DNSSEC signature chains.
			Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.

1608.	[func]		dig and host now accept -4/-6 to select IP transport
			to use when making queries.

1607.	[bug]		dig, host and nslookup were still using random()
			to generate query ids. [RT# 11013]

1606.	[bug]	 	DLV insecurity proof was failing.

1605.	[func]		New dns_db_find() option DNS_DBFIND_COVERINGNSEC.

1604.	[bug]		A xfrout_ctx_create() failure would result in
			xfrout_ctx_destroy() being called with a
			partially initaliased structure.
			
1603.	[bug]		nsupdate: set interactive based on isatty().
			[RT# 10929]

1602.	[bug]		Logging to a file failed unless a size was specified.
			[RT# 10925]

1601.	[bug]		Silence spurious warning 'both "recursion no;" and 
			"allow-recursion" active' warning from view "_bind".
			[RT# 10920]

1600.	[bug]		Duplicate zone pre-load checks were not case
			insensitive.

1599.	[bug]		Fix memory leak on error path when checking named.conf.

1598.	[func]		Specify that certain parts of the namespace must
			be secure (dnssec-must-be-secure).

1597.	[placeholder]	rt6496a

1596.	[func]		Accept 'notify-source' style syntax for query-source.

1595.	[func]		New notify type 'master-only'.  Enable notify for
			master zones only.

1594.	[bug]		'rndc dumpdb' could prevent named from answering
			queries while the dump was in progress.  [RT #10565]

1593.	[bug]		rndc should return "unknown command" to unknown
			commands. [RT# 10642]

1592.	[bug]		configure_view() could leak a dispatch. [RT# 10675]

1591.	[bug]		libbind: updated to BIND 8.4.5.

1590.	[port]		netbsd: update thread support.

1589.	[func]		DNSSEC lookaside validation.

1588.	[bug]		win32: TCP sockets could become blocked. [RT #10115]

1587.	[bug]		dns_message_settsigkey() failed to clear existing key.
			[RT #10590]

1586.	[func]		"check-names" is now implemented.

1585.	[placeholder]

1584.	[bug]		"make test" failed with a read only source tree.
			[RT #10461]

1583.	[bug]		Records add via UPDATE failed to get the correct trust
			level. [RT #10452]

1582.	[bug]		rrset-order failed to work on RRsets with more
			than 32 elements. [RT #10381]

1581.	[func]		Disable DNSSEC support by default.  To enable
			DNSSEC specify "dnssec-enable yes;" in named.conf.

1580.	[bug]		Zone destruction on final detach takes a long time.
			[RT #3746]

1579.	[bug]		Multiple task managers could not be created.

1578.	[bug]		Don't use CLASS E IPv4 addresses when resolving.
			[RT #10346]

1577.	[bug]		Use isc_uint32_t in ultrasparc optimizer bug
			workaround code. [RT #10331]

1576.	[bug]		Race condition in dns_dispatch_addresponse().
			[RT# 10272]

1575.	[func]		Log TSIG name on TSIG verify failure. [RT #4404]

1574.	[bug]		Don't attempt to open the controls socket(s) when
			running tests. [RT #9091]

1573.	[port]		linux: update to libtool 1.5.2 so that
			"make install DESTDIR=/xx" works with
			"configure --with-libtool".  [RT #9941]

1572.	[bug]		nsupdate: sign the soa query to find the enclosing
			zone if the server is specified. [RT #10148]

1571.	[bug]		rbt:hash_node() could fail leaving the hash table
			in an inconsistent state.  [RT #10208]

1570.	[bug]		nsupdate failed to handle classes other than IN.
			New keyword 'class' which sets the default class.
			[RT #10202]

1569.	[func]		nsupdate new command 'answer' which displays the
			complete answer message to the last update.

1568.	[bug]		nsupdate now reports that the update failed in
			interactive mode. [RT# 10236]

1567.	[bug]		B.ROOT-SERVERS.NET is now 192.228.79.201.

1566.	[port]		Support for the cmsg framework on Solaris and HP/UX.
			This also solved the problem that match-destinations
			for IPv6 addresses did not work on these systems.
			[RT #10221]

1565.	[bug]		CD flag should be copied to outgoing queries unless
			the query is under a secure entry point in which case
			CD should be set.

1564.	[func]		Attempt to provide a fallback entropy source to be
			used if named is running chrooted and named is unable
			to open entropy source within the chroot area.
			[RT #10133]

1563.	[bug]		Gracefully fail when unable to obtain neither an IPv4
			nor an IPv6 dispatch. [RT #10230]

1562.	[bug]		isc_socket_create() and isc_socket_accept() could
			leak memory under error conditions. [RT #10230]

1561.	[bug]		It was possible to release the same name twice if
			named ran out of memory. [RT #10197]

1560.	[port]		FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
			and EAI_NONAME to the same value.

1559.	[port]		named should ignore SIGFSZ.

1558.	[func]		New DNSSEC 'disable-algorithms'.  Support entry into
			child zones for which we don't have a supported
			algorithm.  Such child zones are treated as unsigned.

1557.	[func]		Implement missing DNSSEC tests for
			* NOQNAME proof with wildcard answers.
			* NOWILDARD proof with NXDOMAIN.
			Cache and return NOQNAME with wildcard answers.

1556.	[bug]		nsupdate now treats all names as fully qualified.
			[RT #6427]

1555.	[func]		'rrset-order cyclic' no longer has a random starting
			point. [RT #7572]

1554.	[bug]		dig, host, nslookup failed when no nameservers
			were specified in /etc/resolv.conf. [RT #8232]

1553.	[bug]		The windows socket code could stop accepting
			connections. [RT#10115]

1552.	[bug]		Accept NOTIFY requests from mapped masters if
			matched-mapped is set. [RT #10049]

1551.	[port]		Open "/dev/null" before calling chroot().

1550.	[port]		Call tzset(), if available, before calling chroot().

1549.	[func]		named-checkzone can now write out the zone contents
			in a easily parsable format (-D and -o).

1548.	[bug]		When parsing APL records it was possible to silently
			accept out of range ADDRESSFAMILY values. [RT# 9979]

1547.	[bug]		Named wasted memory recording duplicate lame zone
			entries. [RT #9341]

1546.	[bug]		We were rejecting valid secure CNAME to negative
			answers.

1545.	[bug]		It was possible to leak memory if named was unable to
			bind to the specified transfer source and TSIG was
			being used. [RT #10120]

1544.	[bug]		Named would logged a single entry to a file despite it
			being over the specified size limit.

1543.	[bug]		Logging using "versions unlimited" did not work.

1542.	[placeholder]

1541.	[func]		NSEC now uses new bitmap format.

1540.	[bug]		"rndc reload <dynamiczone>" was silently accepted.
			[RT #8934]

1539.	[bug]		Open UDP sockets for notify-source and transfer-source
			that use reserved ports at startup. [RT #9475]

1538.	[placeholder]	rt9997

1537.	[func]		New option "querylog".  If set specify whether query
			logging is to be enabled or disabled at startup.

1536.	[bug]		Windows socket code failed to log a error description
			when returning ISC_R_UNEXPECTED. [RT #9998]

1535.	[placeholder]

1534.	[bug]		Race condition when priming cache. [RT# 9940]

1533.	[func]		Warn if both "recursion no;" and "allow-recursion"
			are active. [RT# 4389]

1532.	[port]		netbsd: the configure test for <sys/sysctl.h>
			requires <sys/param.h>.

1531.	[port]		AIX more libtool fixes.

1530.	[bug]		It was possible to trigger a INSIST() failure if a
			slave master file was removed at just the correct
			moment. [RT #9462]

1529.	[bug]		"notify explicit;" failed to log that NOTIFY messages
			were being sent for the zone. [RT# 9442]

1528.	[cleanup]	Simplify some dns_name_ functions based on the
			deprecation of bitstring labels.

1527.	[cleanup]	Reduce the number of gettimeofday() calls without
			losing necessary timer granularity.

1526.	[placeholder]

1525.	[bug]		dns_cache_create() could trigger a REQUIRE
			failure in isc_mem_put() during error cleanup.
			[RT# 9360]

1524.	[port]		AIX needs to be able to resolve all symbols when
			creating shared libraries (--with-libtool).

1523.	[bug]		Fix race condition in rbtdb. [RT# 9189]

1522.	[bug]		dns_db_findnode() relax the requirements on 'name'.
			[RT# 9286]

1521.	[bug]		dns_view_createresolver() failed to check the
			result from isc_mem_create(). [RT# 9294]

1520.	[protocol]	Add SSHFP (SSH Finger Print) type.

1519.	[bug]		dnssec-signzone:nsec_setbit() computed the wrong
			length of the new bitmap.

1518.	[bug]		dns_nsec_buildrdata(), and hence dns_nsec_build(),
			contained a off-by-one error when working out the
			number of octets in the bitmap.

1517.	[port]		Support for IPv6 interface scanning on HP/UX and
			TrueUNIX 5.1.

1516.	[func]		Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.

1515.	[func]		Allow transfer source to be set in a server statement.
			[RT #6496]

1514.	[bug]		named: isc_hash_destroy() was being called too early.
			[RT #9160]

1513.	[doc]		Add "US" to root-delegation-only exclude list.

1512.	[bug]		Extend the delegation-only logging to return query
			type, class and responding nameserver.

1511.	[bug]		delegation-only was generating false positives
			on negative answers from subzones.

1510.	[func]		New view option "root-delegation-only".  Apply
			delegation-only check to all TLDs and root.
			Note there are some TLDs that are NOT delegation
			only (e.g. DE, LV, US and MUSEUM) these can be excluded
			from the checks by using exclude.

			root-delegation-only exclude {
				"DE"; "LV"; "US"; "MUSEUM";
			};

1509.	[bug]		Hint zones should accept delegation-only.  Forward
			zone should not accept delegation-only.

1508.	[bug]		Don't apply delegation-only checks to answers from
			forwarders.

1507.	[bug]		Handle BIND 8 style returns to NS queries to parents
			when making delegation-only checks.

1506.	[bug]		Wrong return type for dns_view_isdelegationonly().

1505.	[bug]		Uninitialized rdataset in sdb. [RT #8750]

1504.	[func]		New zone type "delegation-only".

1503.	[port]		win32: install libeay32.dll outside of system32.

1502.	[bug]		nsupdate: adjust timeouts for UPDATE requests over TCP.

1501.	[func]		Allow TCP queue length to be specified via
			named.conf, tcp-listen-queue.

1500.	[bug]		host failed to lookup MX records.  Also look up
			AAAA records.

1499.	[bug]		isc_random need to be seeded better if arc4random()
			is not used.

1498.	[port]		bsdos: 5.x support.

1497.	[placeholder]

1496.	[port]		test for pthread_attr_setstacksize().

1495.	[cleanup]	Replace hash functions with universal hash.

1494.	[security]	Turn on RSA BLINDING as a precaution.

1493.	[placeholder]

1492.	[cleanup]	Preserve rwlock quota context when upgrading /
			downgrading. [RT #5599]

1491.	[bug]		dns_master_dump*() would produce extraneous $ORIGIN
			lines. [RT #6206]

1490.	[bug]		Accept reading state as well as working state in
			ns_client_next(). [RT #6813]

1489.	[compat]	Treat 'allow-update' on slave zones as a warning.
			[RT #3469]

1488.	[bug]		Don't override trust levels for glue addresses.
			[RT #5764]

1487.	[bug]		A REQUIRE() failure could be triggered if a zone was
			queued for transfer and the zone was then removed.
			[RT #6189]

1486.	[bug]		isc_print_snprintf() '%%' consumed one too many format
			characters. [RT# 8230]

1485.	[bug]		gen failed to handle high type values. [RT #6225]

1484.	[bug]		The number of records reported after a AXFR was wrong.
			[RT #6229]

1483.	[bug]		dig axfr failed if the message id in the answer failed
			to match that in the request.  Only the id in the first
			message is required to match. [RT #8138]

1482.	[bug]		named could fail to start if the kernel supports
			IPv6 but no interfaces are configured.  Similarly
			for IPv4. [RT #6229]

1481.	[bug]		Refresh and stub queries failed to use masters keys
			if specified. [RT #7391]

1480.	[bug]		Provide replay protection for rndc commands.  Full
			replay protection requires both rndc and named to
			be updated.  Partial replay protection (limited
			exposure after restart) is provided if just named
			is updated.

1479.	[bug]		cfg_create_tuple() failed to handle out of
			memory cleanup.  parse_list() would leak memory
			on syntax errors.

1478.	[port]		ifconfig.sh didn't account for other virtual
			interfaces.  It now takes a optional argument
			to specify the first interface number. [RT #3907]

1477.	[bug]		memory leak using stub zones and TSIG.

1476.	[placeholder]

1475.	[port]		Probe for old sprintf().

1474.	[port]		Provide strtoul() and memmove() for platforms
			without them.

1473.	[bug]		create_map() and create_string() failed to handle out
			of memory cleanup.  [RT #6813]

1472.	[contrib]	idnkit-1.0 from JPNIC, replaces mdnkit.

1471.	[bug]		libbind: updated to BIND 8.4.0.

1470.	[bug]		Incorrect length passed to snprintf. [RT #5966]

1469.	[func]		Log end of outgoing zone transfer at same level
			as the start of transfer is logged. [RT #4441]

1468.	[func]		Internal zones are no longer counted for
			'rndc status'.  [RT #4706]

1467.	[func]		$GENERATES now supports optional class and ttl.

1466.	[bug]		lwresd configuration errors resulted in memory
			and lock leaks.  [RT #5228]

1465.	[bug]		isc_base64_decodestring() and isc_base64_tobuffer()
			failed to check that trailing bits were zero allowing
			some invalid base64 strings to be accepted.  [RT #5397]

1464.	[bug]		Preserve "out of zone" data for outgoing zone
			transfers. [RT #5192]

1463.	[bug]		dns_rdata_from{wire,struct}() failed to catch bad
			NXT bit maps. [RT #5577]

1462.	[bug]		parse_sizeval() failed to check the token type.
			[RT #5586]

1461.	[bug]		Remove deadlock from rbtdb code. [RT #5599]

1460.	[bug]		inet_pton() failed to reject certain malformed
			IPv6 literals.

1459.	[placeholder]

1458.	[cleanup]	sprintf() -> snprintf().

1457.	[port]		Provide strlcat() and strlcpy() for platforms without
			them.

1456.	[contrib]	gen-data-queryperf.py from Stephane Bortzmeyer.

1455.	[bug]		<netaddr> missing from server grammar in
			doc/misc/options. [RT #5616]

1454.	[port]		Use getifaddrs() if available for interface scanning.
			--disable-getifaddrs to override.  Glibc currently
			has a getifaddrs() that does not support IPv6.
			Use --enable-getifaddrs=glibc to force the use of
			this version under linux machines.

1453.	[doc]		ARM: $GENERATE example wasn't accurate. [RT #5298]

1452.	[placeholder]

1451.	[bug]		rndc-confgen didn't exit with a error code for all
			failures. [RT #5209]

1450.	[bug]		Fetching expired glue failed under certain
			circumstances.  [RT #5124]

1449.	[bug]		query_addbestns() didn't handle running out of memory
			gracefully.

1448.	[bug]		Handle empty wildcards labels.

1447.	[bug]		We were casting (unsigned int) to and from (void *).
			rdataset->private4 is now rdataset->privateuint4
			to reflect a type change.

1446.	[func]		Implemented undocumented alternate transfer sources
			from BIND 8.  See use-alt-transfer-source,
			alt-transfer-source and alt-transfer-source-v6.

			SECURITY: use-alt-transfer-source is ENABLED unless
			you are using views.  This may cause a security risk
			resulting in accidental disclosure of wrong zone
			content if the master supplying different source
			content based on IP address.  If you are not certain
			ISC recommends setting use-alt-transfer-source no;

1445.	[bug]		DNS_ADBFIND_STARTATROOT broke stub zones.  This has
			been replaced with DNS_ADBFIND_STARTATZONE which
			causes the search to start using the closest zone.

1444.	[func]		dns_view_findzonecut2() allows you to specify if the
			cache should be searched for zone cuts.

1443.	[func]		Masters lists can now be specified and referenced
			in zone masters clauses and other masters lists.

1442.	[func]		New functions for manipulating port lists:
			dns_portlist_create(), dns_portlist_add(),
			dns_portlist_remove(), dns_portlist_match(),
			dns_portlist_attach() and dns_portlist_detach().

1441.	[func]		It is now possible to tell dig to bind to a specific
			source port.

1440.	[func]		It is now possible to tell named to avoid using
			certain source ports (avoid-v4-udp-ports,
			avoid-v6-udp-ports).

1439.	[bug]		Named could return NOERROR with certain NOTIFY
			failures.  Return NOTAUTH if the NOTIFY zone is
			not being served.

1438.	[func]		Log TSIG (if any) when logging NOTIFY requests.

1437.	[bug]		Leave space for stdio to work in. [RT #5033]

1436.	[func]		dns_zonemgr_resumexfrs() can be used to restart
			stalled transfers.

1435.	[bug]		zmgr_resume_xfrs() was being called read locked
			rather than write locked.  zmgr_resume_xfrs()
			was not being called if the zone was being
			shutdown.

1434.	[bug]		"rndc reconfig" failed to initiate the initial
			zone transfer of new slave zones.

1433.	[bug]		named could trigger a REQUIRE failure if it could
			not get a file descriptor when attempting to write
			a master file. [RT #4347]

1432.	[func]		The advertised EDNS UDP buffer size can now be set
			via named.conf (edns-udp-size).

1431.	[bug]		isc_print_snprintf() "%s" with precision could walk off
			end of argument. [RT #5191]

1430.	[port]		linux: IPv6 interface scanning support.

1429.	[bug]		Prevent the cache getting locked to old servers.

1428.	[placeholder]

1427.	[bug]		Race condition in adb with threaded build.

1426.	[placeholder]

1425.	[port]		linux/libbind: define __USE_MISC when testing *_r()
			function prototypes in netdb.h.  [RT #4921]

1424.	[bug]		EDNS version not being correctly printed.

1423.	[contrib]	queryperf: added A6 and SRV.

1422.	[func]		Log name/type/class when denying a query.  [RT #4663]

1421.	[func]		Differentiate updates that don't succeed due to
			prerequisites (unsuccessful) vs other reasons
			(failed).

1420.	[port]		solaris: work around gcc optimizer bug.

1419.	[port]		openbsd: use /dev/arandom. [RT #4950]

1418.	[bug]		'rndc reconfig' did not cause new slaves to load.