CHANGES 181 KB
Newer Older
Mark Andrews's avatar
Mark Andrews committed
1
2
1725.	[placeholder]	rt12541

Mark Andrews's avatar
Mark Andrews committed
3
4
1724.	[placeholder]	rt12557

5
6
1723.	[cleanup]	Silence compiler warnings from t_tasks.c. [RT #12493]

7
8
1722.	[bug]		Don't commit the journal on malformed ixfr streams.
			[RT #12519]
Mark Andrews's avatar
Mark Andrews committed
9

10
11
1721.	[bug]		Error message from the journal processing were not
			always identifing the relevent journal. [RT #12519]
Mark Andrews's avatar
Mark Andrews committed
12

13
14
1720.	[bug]		'dig +chase' did not terminate on a RFC 2308 Type 1
			negative response. [RT #12506]
Mark Andrews's avatar
Mark Andrews committed
15

16
17
1719.	[bug]		named was not correctly caching a RFC 2308 Type 1
			negative response. [RT #12506]
Mark Andrews's avatar
Mark Andrews committed
18

19
20
21
1718.	[bug]		nsupdate was not handling RFC 2308 Type 3 negative
			responses when looking for the zone / master server.
			[RT #12506]
Mark Andrews's avatar
Mark Andrews committed
22

23
24
25
1717.	[port]		solaris: ifconfig.sh did not support Solaris 10.
			"ifconfig.sh down" didn't work for Solaris 9.

26
27
28
1716.	[doc]		named.conf(5) was being installed in the wrong
			location.  [RT# 12441]

Mark Andrews's avatar
Mark Andrews committed
29
30
1715.	[placeholder]	rt11681

31
32
33
34
1714.	[bug]		dig/host/nslookup were only trying the first
			address when a nameserver was specified by name.
			[RT #12286]

35
36
37
1713.	[port]		linux: extend capset failure message to say:
			please ensure that the capset kernel module is
			loaded.  see insmod(8)
Mark Andrews's avatar
Mark Andrews committed
38

39
40
1712.	[bug]		Missing FULLCHECK for "trusted-key" in dig.

41
1711.	[func]		'rndc unfreeze' has been deprecated by 'rndc thaw'.
Mark Andrews's avatar
Mark Andrews committed
42

Mark Andrews's avatar
Mark Andrews committed
43
44
1710.	[placeholder]	rt9479

45
1709.	[port]		solaris: add SMF support from Sun.
Mark Andrews's avatar
Mark Andrews committed
46

47
48
49
50
1708.	[cleanup]	Replaced dns_fullname_hash() with dns_name_fullhash()
			for conformance to the name space convention.  Binary
			backward compatibility to the old function name is
			provided. [RT #12376]
51

52
53
1707.	[contrib]	sdb/ldap updated to version 1.0-beta.

54
55
1706.	[bug]		'rndc stop' failed to cause zones to be flushed
			sometimes. [RT #12328]
Mark Andrews's avatar
Mark Andrews committed
56

Mark Andrews's avatar
Mark Andrews committed
57
58
1705.	[placeholder]	rt12327

59
60
61
1704.	[port]		lwres needed a snprintf() implementation for
			platforms without snprintf().  Add missing
			"#include <isc/print.h>". [RT #12321]
Mark Andrews's avatar
Mark Andrews committed
62

63
64
1703.	[bug]		named would loop sending NOTIFY messages when it
			failed to receive a response. [RT #12322]
Mark Andrews's avatar
Mark Andrews committed
65

66
67
1702.	[bug]		also-notify should not be applied to builtin zones.
			[RT #12323]
Mark Andrews's avatar
Mark Andrews committed
68

69
70
1701.	[doc]		A minimal named.conf man page.

71
72
73
1700.	[func]		nslookup is no longer to be treated as deprecated.
			Remove "deprecated" warning message.  Add man page.

74
75
1699.	[bug]		dnssec-signzone can generate "not exact" errors
			when resigning. [RT #12281]
Mark Andrews's avatar
Mark Andrews committed
76

77
78
1698.	[doc]		Use reserved IPv6 documentation prefix.

79
80
81
82
1697.	[bug]		xxx-source{,-v6} was not effective when it
			specified one of listening addresses and a
			different port than the listening port. [RT #12257]

83
84
85
86
1696.	[bug]		dnssec-signzone failed to clean out nodes that
			consisted of only NSEC and RRSIG records.
			[RT #12154]

87
88
1695.	[bug]		DS records when forwarding require special handling.
			[RT #12133]
Mark Andrews's avatar
Mark Andrews committed
89

90
91
1694.	[bug]		Report if the builtin views of "_default" / "_bind"
			are defined in named.conf. [RT #12023]
Mark Andrews's avatar
Mark Andrews committed
92

93
94
1693.	[bug]		max-journal-size was not effective for master zones
			with ixfr-from-differences set. [RT# 12024]
Mark Andrews's avatar
Mark Andrews committed
95

Mark Andrews's avatar
Mark Andrews committed
96
1692.	[bug]		Don't set -I, -L and -R flags when libcrypto is in
97
98
			/usr/lib. [RT #11971]

99
100
1691.	[bug]		sdb's attachversion was not complete. [RT #11990]

101
102
1690.	[bug]		Delay detaching view from the client until UPDATE
			processing completes when shutting down. [RT #11714]
Mark Andrews's avatar
Mark Andrews committed
103

104
105
106
1689.	[bug]		DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
			contained gratuitous semicolons. [RT #11707]

107
108
1688.	[bug]		LDFLAGS was not supported.

109
110
1687.	[bug]		Race condition in dispatch. [RT #10272]

111
112
113
1686.	[bug]		Named sent a extraneous NOTIFY when it received a
			redundant UPDATE request. [RT #11943]

Rob Austein's avatar
Rob Austein committed
114
1685.	[bug]		Change #1679 loop tests weren't quite right.
115

Mark Andrews's avatar
Mark Andrews committed
116
117
1684.	[placeholder]	rt10704

118
119
1683.	[bug]		dig +sigchase could leak memory. [RT #11445]

120
121
1682.	[port]		Update configure test for (long long) printf format.
			[RT #5066]
Mark Andrews's avatar
Mark Andrews committed
122

123
124
1681.	[bug]		Only set SO_REUSEADDR when a port is specified in
			isc_socket_bind(). [RT #11742]
Mark Andrews's avatar
Mark Andrews committed
125

126
1680.	[func]		rndc: the source address can now be specified.
Mark Andrews's avatar
Mark Andrews committed
127

128
129
130
1679.	[bug]		When there was a single nameserver with multiple
			addresses for a zone not all addresses were tried.
			[RT #11706]
Mark Andrews's avatar
Mark Andrews committed
131

132
133
1678.	[bug]		RRSIG should use TYPEXXXXX for unknown types.

134
135
1677.	[bug]		dig: +aaonly didn't work, +aaflag undocumented.

Mark Andrews's avatar
Mark Andrews committed
136
137
1676.	[placeholder]	rt10864

138
139
140
1675.	[bug]		named would sometimes add extra NSEC records to
			the authority section.
			
141
142
143
1674.	[port]		linux: increase buffer size used to scan
			/proc/net/if_inet6.

144
145
146
1673.	[port]		linux: issue a error messages if IPv6 interface
			scans fails.

Mark Andrews's avatar
Mark Andrews committed
147
1672.	[cleanup]	Tests which only function in a threaded build
148
149
150
151
			now return R:THREADONLY (rather than R:UNTESTED)
			in a non-threaded build.

1671.	[contrib]	queryperf: add NAPTR to the list of known types.
152

153
154
155
156
157
1670.	[func]		Log UPDATE requests to slave zones without an acl as
			"disabled" at debug level 3. [RT# 11657]

1669.	[placeholder]

158
159
1668.	[bug]		DIG_SIGCHASE was making bin/dig/host dump core.

160
161
1667.	[port]		linux: not all versions have IF_NAMESIZE.

162
163
1666.	[bug]		The optional port on hostnames in dual-stack-servers
			was being ignored.
Mark Andrews's avatar
Mark Andrews committed
164

165
166
1665.	[func]		rndc now allows addresses to be set in the
			server clauses.
Mark Andrews's avatar
Mark Andrews committed
167

Rob Austein's avatar
1664    
Rob Austein committed
168
169
1664.	[bug]		nsupdate needed KEY for SIG(0), not DNSKEY.

170
1663.	[func]		Look for OpenSSL by default.
Mark Andrews's avatar
Mark Andrews committed
171

Mark Andrews's avatar
wording    
Mark Andrews committed
172
173
1662.	[bug]		Change #1658 failed to change one use of 'type'
			to 'keytype'.
174

175
176
1661.	[bug]		Restore dns_name_concatenate() call in
			adb.c:set_target().  [RT #11582]
Mark Andrews's avatar
Mark Andrews committed
177

178
179
1660.	[bug]		win32: connection_reset_fix() was being called
			unconditionally.  [RT #11595]
Mark Andrews's avatar
Mark Andrews committed
180

181
182
183
184
185
186
187
1659.	[cleanup]	Cleanup some messages that were referring to KEY vs
			DNSKEY, NXT vs NSEC and SIG vs RRSIG.

1658.	[func]		Update dnssec-keygen to default to KEY for HMAC-MD5
			and DH.  Tighten which options apply to KEY and
			DNSKEY records.

188
189
190
191
192
1657.	[doc]		ARM: document query log output.

1656.	[doc]		Update DNSSEC description in ARM to cover DS, NSEC
			DNSKEY and RRSIG.  [RT #11542]

193
194
1655.	[bug]		Logging multiple versions w/o a size was broken.
			[RT #11446]
Mark Andrews's avatar
Mark Andrews committed
195

196
197
1654.	[bug]		isc_result_totext() contained array bounds read
			error.
Mark Andrews's avatar
Mark Andrews committed
198

199
200
201
1653.	[func]		Add key type checking to dst_key_fromfilename(),
			DST_TYPE_KEY should be used to read TSIG, TKEY and
			SIG(0) keys.
Mark Andrews's avatar
Mark Andrews committed
202

203
1652.	[bug]		TKEY still uses KEY.
Mark Andrews's avatar
Mark Andrews committed
204

205
206
207
208
1651.	[bug]		dig: process multiple dash options.

1650.	[bug]		dig, nslookup: flush standard out after each command.

209
210
1649.	[bug]		Silence "unexpected non-minimal diff" message.
			[RT #11206]
Mark Andrews's avatar
Mark Andrews committed
211

212
213
214
1648.	[func]		Update dnssec-lookaside named.conf syntax to support
			multiple dnssec-lookaside namespaces (not yet
			implemented).  
Mark Andrews's avatar
Mark Andrews committed
215

216
217
218
1647.	[bug]		It was possible trigger a INSIST when chasing a DS
			record that required walking back over a empty node.
			[RT #11445]
Mark Andrews's avatar
Mark Andrews committed
219

220
221
1646.	[bug]		win32: logging file versions didn't work with
			non-UNC filenames.  [RT#11486]
Mark Andrews's avatar
Mark Andrews committed
222

223
224
225
1645.	[bug]		named could trigger a REQUIRE failure if multiple
			masters with keys are specified.

226
227
1644.	[bug]		Update the journal modification time after a
			sucessfull refresh query. [RT #11436]
Mark Andrews's avatar
Mark Andrews committed
228

229
230
231
1643.	[bug]		dns_db_closeversion() could leak memory / node
			references. [RT #11163]

232
233
234
1642.	[port]		Support OpenSSL implementations which don't have
			DSA support. [RT #11360]

235
236
1641.	[bug]		Update the check-names description in ARM. [RT #11389]

237
238
239
1640.	[bug]		win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
			incorrectly closing the socket.  [RT #11291]

240
241
1639.	[func]		Initial dlv system test.

242
243
244
1638.	[bug]		"ixfr-from-differences" could generate a REQUIRE
			failure if the journal open failed. [RT #11347]
			
245
246
1637.	[bug]		Node reference leak on error in addnoqname().

247
248
249
250
1636.	[bug]		The dump done callback could get ISC_R_SUCCESS even if
			a error had occured.  The database version no longer
			matched the version of the database that was dumped.

251
252
1635.	[bug]		Memory leak on error in query_addds().

253
254
1634.	[bug]		named didn't supply a useful error message when it
			detected duplicate views.  [RT #11208]
Mark Andrews's avatar
Mark Andrews committed
255

256
257
258
1633.	[bug]		named should return NOTIMP to update requests to a
			slaves without a allow-update-forwarding acl specified.
			[RT #11331]
Mark Andrews's avatar
Mark Andrews committed
259

260
261
1632.	[bug]		nsupdate failed to send prerequisite only UPDATE
			messages. [RT #11288]
Mark Andrews's avatar
Mark Andrews committed
262

263
264
265
1631.	[bug]		dns_journal_compact() could sometimes corrupt the
			journal. [RT #11124]

266
1630.	[contrib]	queryperf: add support for IPv6 transport.
267

268
269
1629.	[func]		dig now supports IPv6 scoped addresses with the
			extended format in the local-server part. [RT #8753]
270

271
272
1628.	[bug]		Typo in Compaq Trucluster support. [RT# 11264]

273
274
275
1627.	[bug]		win32: sockets were not being closed when the
			last external reference was removed. [RT# 11179]

276
277
1626.	[bug]		--enable-getifaddrs was broken. [RT#11259]

278
279
1625.	[bug]		named failed to load/transfer RFC2535 signed zones
			which contained CNAMES. [RT# 11237]
Mark Andrews's avatar
Mark Andrews committed
280

281
282
1624.	[bug]		zonemgr_putio() call should be locked. [RT# 11163]

283
284
285
1623.	[bug]		A serial number of zero was being displayed in the
			"sending notifies" log message when also-notify was
			used. [RT #11177]
Mark Andrews's avatar
Mark Andrews committed
286

287
288
1622.	[func]		probe the system to see if IPV6_(RECV)PKTINFO is
			available, and suppress wildcard binding if not.
289

290
291
1621.	[bug]		match-destinations did not work for IPv6 TCP queries.
			[RT# 11156]
292

293
1620.	[func]		When loading a zone report if it is signed. [RT #11149]
Mark Andrews's avatar
Mark Andrews committed
294

295
296
297
1619.	[bug]		Missing ISC_LIST_UNLINK in end_reserved_dispatches().
			[RT# 11118]

298
299
300
1618.	[bug]		Fencepost errors in dns_name_ishostname() and
			dns_name_ismailbox() could trigger a INSIST().

301
302
1617.	[port]		win32: VC++ 6.0 support.

303
304
1616.	[compat]	Ensure that named's version is visible in the core
			dump. [RT #11127]
Mark Andrews's avatar
Mark Andrews committed
305

306
307
308
1615.	[port]		Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
			it is defined.

309
1614.	[port]		win32: silence resource limit messages. [RT# 11101]
Mark Andrews's avatar
Mark Andrews committed
310

311
312
313
1613.	[bug]		Builds would fail on machines w/o a if_nametoindex().
			Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
			[RT #11119]
Mark Andrews's avatar
Mark Andrews committed
314

315
316
1612.	[bug]		check-names at the option/view level could trigger
			an INSIST. [RT# 11116]
Mark Andrews's avatar
Mark Andrews committed
317

318
319
1611.	[bug]		solaris: IPv6 interface scanning failed to cope with
			no active IPv6 interfaces.
Mark Andrews's avatar
Mark Andrews committed
320

321
322
323
1610.	[bug]		On dual stack machines "dig -b" failed to set the
			address type to be looked up with "@server".
			[RT #11069]
Mark Andrews's avatar
Mark Andrews committed
324

325
326
327
1609.	[func]		dig now has support to chase DNSSEC signature chains.
			Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.

328
329
330
1608.	[func]		dig and host now accept -4/-6 to select IP transport
			to use when making queries.

331
332
333
1607.	[bug]		dig, host and nslookup were still using random()
			to generate query ids. [RT# 11013]

Mark Andrews's avatar
Mark Andrews committed
334
1606.	[bug]	 	DLV insecurity proof was failing.
335
336

1605.	[func]		New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
Mark Andrews's avatar
Mark Andrews committed
337

338
339
340
341
1604.	[bug]		A xfrout_ctx_create() failure would result in
			xfrout_ctx_destroy() being called with a
			partially initaliased structure.
			
342
343
1603.	[bug]		nsupdate: set interactive based on isatty().
			[RT# 10929]
Mark Andrews's avatar
Mark Andrews committed
344

345
346
1602.	[bug]		Logging to a file failed unless a size was specified.
			[RT# 10925]
Mark Andrews's avatar
Mark Andrews committed
347

348
349
350
1601.	[bug]		Silence spurious warning 'both "recursion no;" and 
			"allow-recursion" active' warning from view "_bind".
			[RT# 10920]
Mark Andrews's avatar
Mark Andrews committed
351

352
353
1600.	[bug]		Duplicate zone pre-load checks were not case
			insensitive.
Mark Andrews's avatar
Mark Andrews committed
354

355
1599.	[bug]		Fix memory leak on error path when checking named.conf.
Mark Andrews's avatar
Mark Andrews committed
356

357
358
1598.	[func]		Specify that certain parts of the namespace must
			be secure (dnssec-must-be-secure).
Mark Andrews's avatar
Mark Andrews committed
359

Mark Andrews's avatar
Mark Andrews committed
360
361
1597.	[placeholder]	rt6496a

362
1596.	[func]		Accept 'notify-source' style syntax for query-source.
Mark Andrews's avatar
Mark Andrews committed
363

364
365
1595.	[func]		New notify type 'master-only'.  Enable notify for
			master zones only.
Mark Andrews's avatar
Mark Andrews committed
366

367
368
1594.	[bug]		'rndc dumpdb' could prevent named from answering
			queries while the dump was in progress.  [RT #10565]
Mark Andrews's avatar
Mark Andrews committed
369

370
371
1593.	[bug]		rndc should return "unknown command" to unknown
			commands. [RT# 10642]
Mark Andrews's avatar
Mark Andrews committed
372

Mark Andrews's avatar
Mark Andrews committed
373
1592.	[bug]		configure_view() could leak a dispatch. [RT# 10675]
374

375
376
1591.	[bug]		libbind: updated to BIND 8.4.5.

377
378
1590.	[port]		netbsd: update thread support.

379
380
1589.	[func]		DNSSEC lookaside validation.

381
382
1588.	[bug]		win32: TCP sockets could become blocked. [RT #10115]

383
384
1587.	[bug]		dns_message_settsigkey() failed to clear existing key.
			[RT #10590]
Mark Andrews's avatar
Mark Andrews committed
385

386
387
1586.	[func]		"check-names" is now implemented.

Mark Andrews's avatar
Mark Andrews committed
388
1585.	[placeholder]
Mark Andrews's avatar
Mark Andrews committed
389

Mark Andrews's avatar
Mark Andrews committed
390
1584.	[bug]		"make test" failed with a read only source tree.
391
			[RT #10461]
Mark Andrews's avatar
Mark Andrews committed
392

393
394
1583.	[bug]		Records add via UPDATE failed to get the correct trust
			level. [RT #10452]
Mark Andrews's avatar
Mark Andrews committed
395

396
397
1582.	[bug]		rrset-order failed to work on RRsets with more
			than 32 elements. [RT #10381]
Mark Andrews's avatar
Mark Andrews committed
398

399
1581.	[func]		Disable DNSSEC support by default.  To enable
400
			DNSSEC specify "dnssec-enable yes;" in named.conf.
401

Mark Andrews's avatar
Mark Andrews committed
402
1580.	[bug]		Zone destruction on final detach takes a long time.
403
			[RT #3746]
Mark Andrews's avatar
Mark Andrews committed
404

405
1579.	[bug]		Multiple task managers could not be created.
Mark Andrews's avatar
Mark Andrews committed
406

407
408
1578.	[bug]		Don't use CLASS E IPv4 addresses when resolving.
			[RT #10346]
Mark Andrews's avatar
Mark Andrews committed
409

410
411
1577.	[bug]		Use isc_uint32_t in ultrasparc optimizer bug
			workaround code. [RT #10331]
Mark Andrews's avatar
Mark Andrews committed
412

413
414
1576.	[bug]		Race condition in dns_dispatch_addresponse().
			[RT# 10272]
Mark Andrews's avatar
Mark Andrews committed
415

416
1575.	[func]		Log TSIG name on TSIG verify failure. [RT #4404]
Mark Andrews's avatar
Mark Andrews committed
417

418
419
420
1574.	[bug]		Don't attempt to open the controls socket(s) when
			running tests. [RT #9091]

421
422
423
1573.	[port]		linux: update to libtool 1.5.2 so that
			"make install DESTDIR=/xx" works with
			"configure --with-libtool".  [RT #9941]
Mark Andrews's avatar
Mark Andrews committed
424

425
426
1572.	[bug]		nsupdate: sign the soa query to find the enclosing
			zone if the server is specified. [RT #10148]
Mark Andrews's avatar
Mark Andrews committed
427

428
1571.	[bug]		rbt:hash_node() could fail leaving the hash table
Mark Andrews's avatar
Mark Andrews committed
429
			in an inconsistent state.  [RT #10208]
Mark Andrews's avatar
Mark Andrews committed
430

431
432
433
1570.	[bug]		nsupdate failed to handle classes other than IN.
			New keyword 'class' which sets the default class.
			[RT #10202]
Mark Andrews's avatar
Mark Andrews committed
434

435
436
1569.	[func]		nsupdate new command 'answer' which displays the
			complete answer message to the last update.
Mark Andrews's avatar
Mark Andrews committed
437

438
1568.	[bug]		nsupdate now reports that the update failed in
Mark Andrews's avatar
Mark Andrews committed
439
			interactive mode. [RT# 10236]
Mark Andrews's avatar
Mark Andrews committed
440

441
442
1567.	[bug]		B.ROOT-SERVERS.NET is now 192.228.79.201.

443
444
445
446
1566.	[port]		Support for the cmsg framework on Solaris and HP/UX.
			This also solved the problem that match-destinations
			for IPv6 addresses did not work on these systems.
			[RT #10221]
447

Mark Andrews's avatar
Mark Andrews committed
448
449
450
1565.	[bug]		CD flag should be copied to outgoing queries unless
			the query is under a secure entry point in which case
			CD should be set.
451

452
453
454
455
456
1564.	[func]		Attempt to provide a fallback entropy source to be
			used if named is running chrooted and named is unable
			to open entropy source within the chroot area.
			[RT #10133]

Mark Andrews's avatar
Mark Andrews committed
457
458
1563.	[bug]		Gracefully fail when unable to obtain neither an IPv4
			nor an IPv6 dispatch. [RT #10230]
459

460
461
462
1562.	[bug]		isc_socket_create() and isc_socket_accept() could
			leak memory under error conditions. [RT #10230]

463
464
465
1561.	[bug]		It was possible to release the same name twice if
			named ran out of memory. [RT #10197]

466
467
468
1560.	[port]		FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
			and EAI_NONAME to the same value.

469
1559.	[port]		named should ignore SIGFSZ.
Mark Andrews's avatar
Mark Andrews committed
470

471
472
473
474
475
476
477
478
479
1558.	[func]		New DNSSEC 'disable-algorithms'.  Support entry into
			child zones for which we don't have a supported
			algorithm.  Such child zones are treated as unsigned.

1557.	[func]		Implement missing DNSSEC tests for
			* NOQNAME proof with wildcard answers.
			* NOWILDARD proof with NXDOMAIN.
			Cache and return NOQNAME with wildcard answers.

Mark Andrews's avatar
Mark Andrews committed
480
1556.	[bug]		nsupdate now treats all names as fully qualified.
481
			[RT #6427]
Mark Andrews's avatar
Mark Andrews committed
482

Mark Andrews's avatar
now->no    
Mark Andrews committed
483
1555.	[func]		'rrset-order cyclic' no longer has a random starting
484
485
			point. [RT #7572]

Mark Andrews's avatar
Mark Andrews committed
486
1554.	[bug]		dig, host, nslookup failed when no nameservers
487
488
			were specified in /etc/resolv.conf. [RT #8232]

489
1553.	[bug]		The windows socket code could stop accepting
Mark Andrews's avatar
Mark Andrews committed
490
			connections. [RT#10115]
491

492
493
1552.	[bug]		Accept NOTIFY requests from mapped masters if
			matched-mapped is set. [RT #10049]
Mark Andrews's avatar
Mark Andrews committed
494

495
496
1551.	[port]		Open "/dev/null" before calling chroot().

497
498
1550.	[port]		Call tzset(), if available, before calling chroot().

499
500
501
1549.	[func]		named-checkzone can now write out the zone contents
			in a easily parsable format (-D and -o).

Mark Andrews's avatar
Mark Andrews committed
502
503
504
1548.	[bug]		When parsing APL records it was possible to silently
			accept out of range ADDRESSFAMILY values. [RT# 9979]

505
506
507
1547.	[bug]		Named wasted memory recording duplicate lame zone
			entries. [RT #9341]

508
509
510
1546.	[bug]		We were rejecting valid secure CNAME to negative
			answers.

511
512
513
514
1545.	[bug]		It was possible to leak memory if named was unable to
			bind to the specified transfer source and TSIG was
			being used. [RT #10120]

515
516
1544.	[bug]		Named would logged a single entry to a file despite it
			being over the specified size limit.
Mark Andrews's avatar
Mark Andrews committed
517

518
1543.	[bug]		Logging using "versions unlimited" did not work.
Mark Andrews's avatar
Mark Andrews committed
519

Mark Andrews's avatar
Mark Andrews committed
520
521
1542.	[placeholder]

522
1541.	[func]		NSEC now uses new bitmap format.
Mark Andrews's avatar
Mark Andrews committed
523

524
525
1540.	[bug]		"rndc reload <dynamiczone>" was silently accepted.
			[RT #8934]
Mark Andrews's avatar
Mark Andrews committed
526

527
528
1539.	[bug]		Open UDP sockets for notify-source and transfer-source
			that use reserved ports at startup. [RT #9475]
Mark Andrews's avatar
Mark Andrews committed
529

Mark Andrews's avatar
Mark Andrews committed
530
531
1538.	[placeholder]	rt9997

532
1537.	[func]		New option "querylog".  If set specify whether query
Mark Andrews's avatar
Mark Andrews committed
533
			logging is to be enabled or disabled at startup.
Mark Andrews's avatar
Mark Andrews committed
534

535
536
1536.	[bug]		Windows socket code failed to log a error description
			when returning ISC_R_UNEXPECTED. [RT #9998]
Mark Andrews's avatar
Mark Andrews committed
537

Mark Andrews's avatar
Mark Andrews committed
538
539
1535.	[placeholder]

540
1534.	[bug]		Race condition when priming cache. [RT# 9940]
Mark Andrews's avatar
Mark Andrews committed
541

Mark Andrews's avatar
Mark Andrews committed
542
1533.	[func]		Warn if both "recursion no;" and "allow-recursion"
543
			are active. [RT# 4389]
Mark Andrews's avatar
Mark Andrews committed
544

545
546
547
1532.	[port]		netbsd: the configure test for <sys/sysctl.h>
			requires <sys/param.h>.

Mark Andrews's avatar
Mark Andrews committed
548
1531.	[port]		AIX more libtool fixes.
549

550
1530.	[bug]		It was possible to trigger a INSIST() failure if a
Mark Andrews's avatar
grammar    
Mark Andrews committed
551
			slave master file was removed at just the correct
552
553
			moment. [RT #9462]

Mark Andrews's avatar
Mark Andrews committed
554
1529.	[bug]		"notify explicit;" failed to log that NOTIFY messages
Mark Andrews's avatar
Mark Andrews committed
555
			were being sent for the zone. [RT# 9442]
Mark Andrews's avatar
Mark Andrews committed
556

557
558
1528.	[cleanup]	Simplify some dns_name_ functions based on the
			deprecation of bitstring labels.
559

560
561
1527.	[cleanup]	Reduce the number of gettimeofday() calls without
			losing necessary timer granularity.
562

563
564
1526.	[placeholder]

Mark Andrews's avatar
Mark Andrews committed
565
566
1525.	[bug]		dns_cache_create() could trigger a REQUIRE
			failure in isc_mem_put() during error cleanup.
567
			[RT# 9360]
568

569
570
571
1524.	[port]		AIX needs to be able to resolve all symbols when
			creating shared libraries (--with-libtool).

572
573
1523.	[bug]		Fix race condition in rbtdb. [RT# 9189]

574
575
576
1522.	[bug]		dns_db_findnode() relax the requirements on 'name'.
			[RT# 9286]

577
578
579
1521.	[bug]		dns_view_createresolver() failed to check the
			result from isc_mem_create(). [RT# 9294]

580
581
1520.	[protocol]	Add SSHFP (SSH Finger Print) type.

582
583
584
1519.	[bug]		dnssec-signzone:nsec_setbit() computed the wrong
			length of the new bitmap.

Mark Andrews's avatar
Mark Andrews committed
585
1518.	[bug]		dns_nsec_buildrdata(), and hence dns_nsec_build(),
586
587
588
			contained a off-by-one error when working out the
			number of octets in the bitmap.

Mark Andrews's avatar
Mark Andrews committed
589
590
1517.	[port]		Support for IPv6 interface scanning on HP/UX and
			TrueUNIX 5.1.
591

Mark Andrews's avatar
Mark Andrews committed
592
1516.	[func]		Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
593

Mark Andrews's avatar
Mark Andrews committed
594
595
1515.	[func]		Allow transfer source to be set in a server statement.
			[RT #6496]
596

Mark Andrews's avatar
Mark Andrews committed
597
598
1514.	[bug]		named: isc_hash_destroy() was being called too early.
			[RT #9160]
599

Mark Andrews's avatar
Mark Andrews committed
600
1513.	[doc]		Add "US" to root-delegation-only exclude list.
601

Mark Andrews's avatar
Mark Andrews committed
602
603
1512.	[bug]		Extend the delegation-only logging to return query
			type, class and responding nameserver.
604

Mark Andrews's avatar
Mark Andrews committed
605
606
1511.	[bug]		delegation-only was generating false positives
			on negative answers from subzones.
607

Mark Andrews's avatar
Mark Andrews committed
608
609
610
611
612
1510.	[func]		New view option "root-delegation-only".  Apply
			delegation-only check to all TLDs and root.
			Note there are some TLDs that are NOT delegation
			only (e.g. DE, LV, US and MUSEUM) these can be excluded
			from the checks by using exclude.
613

Mark Andrews's avatar
Mark Andrews committed
614
615
616
			root-delegation-only exclude {
				"DE"; "LV"; "US"; "MUSEUM";
			};
617

Mark Andrews's avatar
Mark Andrews committed
618
619
1509.	[bug]		Hint zones should accept delegation-only.  Forward
			zone should not accept delegation-only.
620

Mark Andrews's avatar
Mark Andrews committed
621
622
1508.	[bug]		Don't apply delegation-only checks to answers from
			forwarders.
623

Mark Andrews's avatar
Mark Andrews committed
624
625
1507.	[bug]		Handle BIND 8 style returns to NS queries to parents
			when making delegation-only checks.
626

Mark Andrews's avatar
Mark Andrews committed
627
1506.	[bug]		Wrong return type for dns_view_isdelegationonly().
628

Mark Andrews's avatar
Mark Andrews committed
629
1505.	[bug]		Uninitialized rdataset in sdb. [RT #8750]
630

Mark Andrews's avatar
Mark Andrews committed
631
1504.	[func]		New zone type "delegation-only".
632

Mark Andrews's avatar
Mark Andrews committed
633
1503.	[port]		win32: install libeay32.dll outside of system32.
634

Mark Andrews's avatar
Mark Andrews committed
635
1502.	[bug]		nsupdate: adjust timeouts for UPDATE requests over TCP.
636

Mark Andrews's avatar
Mark Andrews committed
637
638
1501.	[func]		Allow TCP queue length to be specified via
			named.conf, tcp-listen-queue.
639

Mark Andrews's avatar
Mark Andrews committed
640
641
1500.	[bug]		host failed to lookup MX records.  Also look up
			AAAA records.
642

Mark Andrews's avatar
Mark Andrews committed
643
644
1499.	[bug]		isc_random need to be seeded better if arc4random()
			is not used.
645

Mark Andrews's avatar
Mark Andrews committed
646
1498.	[port]		bsdos: 5.x support.
Mark Andrews's avatar
Mark Andrews committed
647

Mark Andrews's avatar
Mark Andrews committed
648
1497.	[placeholder]
649

Mark Andrews's avatar
Mark Andrews committed
650
1496.	[port]		test for pthread_attr_setstacksize().
651

Mark Andrews's avatar
Mark Andrews committed
652
1495.	[cleanup]	Replace hash functions with universal hash.
653

Mark Andrews's avatar
Mark Andrews committed
654
1494.	[security]	Turn on RSA BLINDING as a precaution.
Mark Andrews's avatar
Mark Andrews committed
655

Mark Andrews's avatar
Mark Andrews committed
656
1493.	[placeholder]
657

Mark Andrews's avatar
Mark Andrews committed
658
659
1492.	[cleanup]	Preserve rwlock quota context when upgrading /
			downgrading. [RT #5599]
660

Mark Andrews's avatar
Mark Andrews committed
661
662
1491.	[bug]		dns_master_dump*() would produce extraneous $ORIGIN
			lines. [RT #6206]
663

Mark Andrews's avatar
Mark Andrews committed
664
665
1490.	[bug]		Accept reading state as well as working state in
			ns_client_next(). [RT #6813]
666

Mark Andrews's avatar
Mark Andrews committed
667
668
1489.	[compat]	Treat 'allow-update' on slave zones as a warning.
			[RT #3469]
669

Mark Andrews's avatar
Mark Andrews committed
670
671
1488.	[bug]		Don't override trust levels for glue addresses.
			[RT #5764]
672

Mark Andrews's avatar
Mark Andrews committed
673
674
675
1487.	[bug]		A REQUIRE() failure could be triggered if a zone was
			queued for transfer and the zone was then removed.
			[RT #6189]
676

Mark Andrews's avatar
Mark Andrews committed
677
678
1486.	[bug]		isc_print_snprintf() '%%' consumed one too many format
			characters. [RT# 8230]
679

Mark Andrews's avatar
Mark Andrews committed
680
1485.	[bug]		gen failed to handle high type values. [RT #6225]
681

Mark Andrews's avatar
Mark Andrews committed
682
683
1484.	[bug]		The number of records reported after a AXFR was wrong.
			[RT #6229]
684

Mark Andrews's avatar
Mark Andrews committed
685
686
687
1483.	[bug]		dig axfr failed if the message id in the answer failed
			to match that in the request.  Only the id in the first
			message is required to match. [RT #8138]
Mark Andrews's avatar
Mark Andrews committed
688

Mark Andrews's avatar
Mark Andrews committed
689
690
691
1482.	[bug]		named could fail to start if the kernel supports
			IPv6 but no interfaces are configured.  Similarly
			for IPv4. [RT #6229]
692

Mark Andrews's avatar
Mark Andrews committed
693
694
1481.	[bug]		Refresh and stub queries failed to use masters keys
			if specified. [RT #7391]
695

Mark Andrews's avatar
Mark Andrews committed
696
697
698
699
700
1480.	[bug]		Provide replay protection for rndc commands.  Full
			replay protection requires both rndc and named to
			be updated.  Partial replay protection (limited
			exposure after restart) is provided if just named
			is updated.
701

Mark Andrews's avatar
Mark Andrews committed
702
703
704
1479.	[bug]		cfg_create_tuple() failed to handle out of
			memory cleanup.  parse_list() would leak memory
			on syntax errors.
Mark Andrews's avatar
Mark Andrews committed
705

Mark Andrews's avatar
Mark Andrews committed
706
1478.	[port]		ifconfig.sh didn't account for other virtual
Mark Andrews's avatar
Mark Andrews committed
707
			interfaces.  It now takes a optional argument
Mark Andrews's avatar
Mark Andrews committed
708
			to specify the first interface number. [RT #3907]
709

Mark Andrews's avatar
Mark Andrews committed
710
1477.	[bug]		memory leak using stub zones and TSIG.
Mark Andrews's avatar
Mark Andrews committed
711

Mark Andrews's avatar
Mark Andrews committed
712
1476.	[placeholder]
713

Mark Andrews's avatar
Mark Andrews committed
714
1475.	[port]		Probe for old sprintf().
715

Mark Andrews's avatar
Mark Andrews committed
716
717
1474.	[port]		Provide strtoul() and memmove() for platforms
			without them.
718

Mark Andrews's avatar
Mark Andrews committed
719
720
1473.	[bug]		create_map() and create_string() failed to handle out
			of memory cleanup.  [RT #6813]
721

Mark Andrews's avatar
Mark Andrews committed
722
1472.	[contrib]	idnkit-1.0 from JPNIC, replaces mdnkit.
723

Mark Andrews's avatar
Mark Andrews committed
724
1471.	[bug]		libbind: updated to BIND 8.4.0.
725

Mark Andrews's avatar
Mark Andrews committed
726
1470.	[bug]		Incorrect length passed to snprintf. [RT #5966]
727

Mark Andrews's avatar
Mark Andrews committed
728
729
1469.	[func]		Log end of outgoing zone transfer at same level
			as the start of transfer is logged. [RT #4441]
730

Mark Andrews's avatar
Mark Andrews committed
731
732
1468.	[func]		Internal zones are no longer counted for
			'rndc status'.  [RT #4706]
733

Mark Andrews's avatar
Mark Andrews committed
734
1467.	[func]		$GENERATES now supports optional class and ttl.
735

Mark Andrews's avatar
Mark Andrews committed
736
737
1466.	[bug]		lwresd configuration errors resulted in memory
			and lock leaks.  [RT #5228]
738

Mark Andrews's avatar
Mark Andrews committed
739
740
741
1465.	[bug]		isc_base64_decodestring() and isc_base64_tobuffer()
			failed to check that trailing bits were zero allowing
			some invalid base64 strings to be accepted.  [RT #5397]
742

Mark Andrews's avatar
Mark Andrews committed
743
744
1464.	[bug]		Preserve "out of zone" data for outgoing zone
			transfers. [RT #5192]
745

Mark Andrews's avatar
Mark Andrews committed
746
747
1463.	[bug]		dns_rdata_from{wire,struct}() failed to catch bad
			NXT bit maps. [RT #5577]
748

Mark Andrews's avatar
Mark Andrews committed
749
750
1462.	[bug]		parse_sizeval() failed to check the token type.
			[RT #5586]
751

Mark Andrews's avatar
Mark Andrews committed
752
1461.	[bug]		Remove deadlock from rbtdb code. [RT #5599]
753

Mark Andrews's avatar
Mark Andrews committed
754
755
1460.	[bug]		inet_pton() failed to reject certain malformed
			IPv6 literals.
Mark Andrews's avatar
Mark Andrews committed
756

Mark Andrews's avatar
Mark Andrews committed
757
1459.	[placeholder]
758

Mark Andrews's avatar
Mark Andrews committed
759
1458.	[cleanup]	sprintf() -> snprintf().
760

Mark Andrews's avatar
Mark Andrews committed
761
762
1457.	[port]		Provide strlcat() and strlcpy() for platforms without
			them.
763

Mark Andrews's avatar
Mark Andrews committed
764
1456.	[contrib]	gen-data-queryperf.py from Stephane Bortzmeyer.
765

Mark Andrews's avatar
Mark Andrews committed
766
767
1455.	[bug]		<netaddr> missing from server grammar in
			doc/misc/options. [RT #5616]
768

Mark Andrews's avatar
Mark Andrews committed
769
770
771
772
773
1454.	[port]		Use getifaddrs() if available for interface scanning.
			--disable-getifaddrs to override.  Glibc currently
			has a getifaddrs() that does not support IPv6.
			Use --enable-getifaddrs=glibc to force the use of
			this version under linux machines.
774

Mark Andrews's avatar
Mark Andrews committed
775
1453.	[doc]		ARM: $GENERATE example wasn't accurate. [RT #5298]
Mark Andrews's avatar
Mark Andrews committed
776

Mark Andrews's avatar
Mark Andrews committed
777
1452.	[placeholder]
778

Mark Andrews's avatar
Mark Andrews committed
779
780
1451.	[bug]		rndc-confgen didn't exit with a error code for all
			failures. [RT #5209]
781

Mark Andrews's avatar
Mark Andrews committed
782
783
1450.	[bug]		Fetching expired glue failed under certain
			circumstances.  [RT #5124]
784

Mark Andrews's avatar
Mark Andrews committed
785
786
1449.	[bug]		query_addbestns() didn't handle running out of memory
			gracefully.
787

Mark Andrews's avatar
Mark Andrews committed
788
1448.	[bug]		Handle empty wildcards labels.
789

Mark Andrews's avatar
Mark Andrews committed
790
791
792
1447.	[bug]		We were casting (unsigned int) to and from (void *).
			rdataset->private4 is now rdataset->privateuint4
			to reflect a type change.
793

Mark Andrews's avatar
Mark Andrews committed
794
795
796
1446.	[func]		Implemented undocumented alternate transfer sources
			from BIND 8.  See use-alt-transfer-source,
			alt-transfer-source and alt-transfer-source-v6.
797

Mark Andrews's avatar
Mark Andrews committed
798
799
800
801
802
803
			SECURITY: use-alt-transfer-source is ENABLED unless
			you are using views.  This may cause a security risk
			resulting in accidental disclosure of wrong zone
			content if the master supplying different source
			content based on IP address.  If you are not certain
			ISC recommends setting use-alt-transfer-source no;
804

Mark Andrews's avatar
Mark Andrews committed
805
806
807
1445.	[bug]		DNS_ADBFIND_STARTATROOT broke stub zones.  This has
			been replaced with DNS_ADBFIND_STARTATZONE which
			causes the search to start using the closest zone.
808

Mark Andrews's avatar
Mark Andrews committed
809
810
1444.	[func]		dns_view_findzonecut2() allows you to specify if the
			cache should be searched for zone cuts.
811

Mark Andrews's avatar
Mark Andrews committed
812
813
1443.	[func]		Masters lists can now be specified and referenced
			in zone masters clauses and other masters lists.
814

Mark Andrews's avatar
Mark Andrews committed
815
816
817
818
1442.	[func]		New functions for manipulating port lists:
			dns_portlist_create(), dns_portlist_add(),
			dns_portlist_remove(), dns_portlist_match(),
			dns_portlist_attach() and dns_portlist_detach().
819

Mark Andrews's avatar
Mark Andrews committed
820
821
1441.	[func]		It is now possible to tell dig to bind to a specific
			source port.
822

Mark Andrews's avatar
Mark Andrews committed
823
824
825
1440.	[func]		It is now possible to tell named to avoid using
			certain source ports (avoid-v4-udp-ports,
			avoid-v6-udp-ports).
826

Mark Andrews's avatar
Mark Andrews committed
827
828
829
1439.	[bug]		Named could return NOERROR with certain NOTIFY
			failures.  Return NOTAUTH if the NOTIFY zone is
			not being served.
830

Mark Andrews's avatar
Mark Andrews committed
831
1438.	[func]		Log TSIG (if any) when logging NOTIFY requests.
832

Mark Andrews's avatar
Mark Andrews committed
833
1437.	[bug]		Leave space for stdio to work in. [RT #5033]
834

Mark Andrews's avatar
Mark Andrews committed
835
836
1436.	[func]		dns_zonemgr_resumexfrs() can be used to restart
			stalled transfers.
837

Mark Andrews's avatar
Mark Andrews committed
838
839
840
841
1435.	[bug]		zmgr_resume_xfrs() was being called read locked
			rather than write locked.  zmgr_resume_xfrs()
			was not being called if the zone was being
			shutdown.
842

Mark Andrews's avatar
Mark Andrews committed
843
844
1434.	[bug]		"rndc reconfig" failed to initiate the initial
			zone transfer of new slave zones.
845

Mark Andrews's avatar
Mark Andrews committed
846
847
848
1433.	[bug]		named could trigger a REQUIRE failure if it could
			not get a file descriptor when attempting to write
			a master file. [RT #4347]
849

Mark Andrews's avatar
Mark Andrews committed
850
851
1432.	[func]		The advertised EDNS UDP buffer size can now be set
			via named.conf (edns-udp-size).
852

Mark Andrews's avatar
Mark Andrews committed
853
854
1431.	[bug]		isc_print_snprintf() "%s" with precision could walk off
			end of argument. [RT #5191]
855

Mark Andrews's avatar
Mark Andrews committed
856
1430.	[port]		linux: IPv6 interface scanning support.
857

Mark Andrews's avatar
Mark Andrews committed
858
1429.	[bug]		Prevent the cache getting locked to old servers.
Mark Andrews's avatar
Mark Andrews committed
859

Mark Andrews's avatar
Mark Andrews committed
860
1428.	[placeholder]
861

Mark Andrews's avatar
Mark Andrews committed
862
1427.	[bug]		Race condition in adb with threaded build.
Mark Andrews's avatar
Mark Andrews committed
863

Mark Andrews's avatar
Mark Andrews committed
864
1426.	[placeholder]
865

Mark Andrews's avatar
Mark Andrews committed
866
867
1425.	[port]		linux/libbind: define __USE_MISC when testing *_r()
			function prototypes in netdb.h.  [RT #4921]
868

Mark Andrews's avatar
Mark Andrews committed
869
1424.	[bug]		EDNS version not being correctly printed.
870

Mark Andrews's avatar
Mark Andrews committed
871
1423.	[contrib]	queryperf: added A6 and SRV.
872

Mark Andrews's avatar
Mark Andrews committed
873
1422.	[func]		Log name/type/class when denying a query.  [RT #4663]
874

Mark Andrews's avatar
Mark Andrews committed
875
876
877
1421.	[func]		Differentiate updates that don't succeed due to
			prerequisites (unsuccessful) vs other reasons
			(failed).
878

Mark Andrews's avatar
Mark Andrews committed
879
1420.	[port]		solaris: work around gcc optimizer bug.
880

Mark Andrews's avatar
Mark Andrews committed
881
1419.	[port]		openbsd: use /dev/arandom. [RT #4950]
882

Mark Andrews's avatar
Mark Andrews committed
883
1418.	[bug]		'rndc reconfig' did not cause new slaves to load.
<