CHANGES 249 KB
Newer Older
1 2 3
2409.	[func]		Only log that we disabled EDNS processing if we were
			subsequently successful.  [RT #18029]

4 5 6 7
2408.	[bug]		A duplicate TCP dispatch event could be sent, which
			could then trigger an assertion failure in
			resquery_response().  [RT #18275]

8 9
2407.	[port]		hpux: test for sys/dyntune.h. [RT #18421]

10 11 12
2406.	[bug]		Sockets could be closed too early, leading to
			inconsistent states in the socket module. [RT #18298]

13 14 15 16
2405.   [cleanup]       The default value for dnssec-validation was changed to
                        "yes" in 9.5.0-P1 and all subsequent releases; this
                        was inadvertently omitted from CHANGES at the time.

17 18
2404.	[port]		hpux: files unlimited support.

19 20
2403.	[bug]		TSIG context leak. [RT #18341]

21 22
2402.	[port]		Support Solaris 2.11 and over. [RT #18362]

23 24 25
2401.	[bug]		Expect to get E[MN]FILE errno internal_accept()
			(from accept() or fcntl() system calls). [RT #18358]

Tatuya JINMEI 神明達哉's avatar
Tatuya JINMEI 神明達哉 committed
26
2400.	[bug]		Log if kqueue()/epoll_create()/open(/dev/poll) fails.
27 28
			[RT #18297]

29 30
2399.	[placeholder]

Mark Andrews's avatar
Mark Andrews committed
31 32
2398.	[placeholder]

33 34
2397.	[bug]		gssapi_functions had too many elements. [RT #18355]

35 36 37
2396.	[bug]		Don't set SO_REUSEADDR for randomized ports.
			[RT #18336]

38 39 40
2395.	[port]		Avoid warning and no effect from "files unlimited"
			on Linux when running as root. [RT #18335]

41 42 43
2394.	[bug]		Default configuration options set the limit for
			open files to 'unlimited' as described in the
			documentation. [RT #18331]
44

45 46 47 48 49
2393.	[bug]		nested acls containing keys could trigger an
			assertion in acl.c. [RT #18166]

2392.	[bug]		remove 'grep -q' from acl test script, some platforms
			don't support it. [RT #18253]
50 51

2391.	[port]		hpux: cover additional recvmsg() error codes.
52 53
			[RT #18301]

54
2390.	[bug]		dispatch.c could make a false warning on 'odd socket'.
55 56
			[RT #18301].

57
2389.	[bug]		Move the "working directory writable" check to after
Mark Andrews's avatar
Mark Andrews committed
58
			the ns_os_changeuser() call. [RT #18326]
59

60 61 62
2388.	[bug]		Avoid using tables for layout purposes in
			statistics XSL [RT #18159].

63 64 65
2387.	[bug]		Silence compiler warnings in lib/isc/radix.c.
			[RT #18147] [RT #18258]

66 67
2386.	[func]		Add warning about too small 'open files' limit.
			[RT #18269]
68

69 70 71
2385.	[bug]		A condition variable in socket.c could leak in
			rare error handling [RT #17968].

72 73 74
2384.	[security]	Fully randomize UDP query ports to improve
			forgery resilience. [RT #17949, #18098]

75 76
2383.	[bug]		named could double queries when they resulted in
			SERVFAIL due to overkilling EDNS0 failure detection.
Tatuya JINMEI 神明達哉's avatar
Tatuya JINMEI 神明達哉 committed
77
			[RT #18182]
78

79 80 81
2382.	[doc]		Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
			to ARM.

82 83 84 85
2381.	[port]		dlz/mysql: support multiple install layouts for
			mysql.  <prefix>/include/{,mysql/}mysql.h and
			<prefix>/lib/{,mysql/}. [RT #18152]

86 87 88 89 90
2380.	[bug]		dns_view_find() was not returning NXDOMAIN/NXRRSET
			proofs which, in turn, caused validation failures
			for insecure zones immediately below a secure zone
			the server was authoritative for. [RT #18112] 

91 92 93
2379.	[contrib]	queryperf/gen-data-queryperf.py: removed redundant
			TLDs and supported RRs with TTLs [RT #17972]

94 95 96
2378.	[bug]		gssapi_functions{} had a redundant member in BIND 9.5.
			[RT #18169]

97 98
2377.	[bug]		Address race condition in dnssec-signzone. [RT #18142]

Mark Andrews's avatar
Mark Andrews committed
99
2376.	[bug]		Change #2144 was not complete.
100

101
2375.	[placeholder]
Mark Andrews's avatar
Mark Andrews committed
102 103

2374.	[bug]		"blackhole" ACLs could cause named to segfault due
104 105
			to some uninitialized memory. [RT #18095]

Mark Andrews's avatar
Mark Andrews committed
106
2373.	[bug]		Default values of zone ACLs were re-parsed each time a
107 108
			new zone was configured, causing an overconsumption
			of memory. [RT #18092]
109

Mark Andrews's avatar
Mark Andrews committed
110
2372.	[bug]		Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
111

Mark Andrews's avatar
Mark Andrews committed
112
2371.	[doc]		Add +nsid option to dig man page. [RT #18039]
113

Mark Andrews's avatar
Mark Andrews committed
114 115
2370.	[bug]		"rndc freeze" could trigger an assertion in named
			when called on a nonexistent zone. [RT #18050]
116

117 118 119
2369.	[bug]		libbind: Array bounds overrun on read in bitncmp().
			[RT #18054]

Mark Andrews's avatar
Mark Andrews committed
120 121
2368.	[port]		Linux: use libcap for capability management if
			possible. [RT# 18026]
122

Mark Andrews's avatar
Mark Andrews committed
123 124
2367.	[bug]		Improve counting of dns_resstatscounter_retry
			[RT #18030]
125

126 127
2366.	[bug]		Adb shutdown race. [RT #18021]

Mark Andrews's avatar
Mark Andrews committed
128 129
2365.	[bug]		Fix a bug that caused dns_acl_isany() to return
			spurious results. [RT #18000]
130

131 132 133
2364.	[bug]		named could trigger a assertion when serving a
			malformed signed zone. [RT #17828]

134 135 136
2363.	[port]		sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
			[RT #17513]

Mark Andrews's avatar
Mark Andrews committed
137 138 139
2362.   [cleanup]	Make "rrset-order fixed" a compile-time option.
			settable by "./configure --enable-fixed-rrset".
			Disabled by default. [RT #17977]
140

141 142 143
2361.	[bug]		"recursion" statistics counter could be counted
			multiple times for a single query.  [RT #17990]

144 145 146
2360.	[bug]		Fix a condition where we release a database version
			(which may acquire a lock) while holding the lock.

147 148
2359.	[bug]		Fix NSID bug. [RT #17942]

149 150
2358.	[doc]		Update host's default query description. [RT #17934]

151 152 153
2357.	[port]		Don't use OpenSSL's engine support in versions before
			OpenSSL 0.9.7f. [RT #17922]

Mark Andrews's avatar
Mark Andrews committed
154
2356.	[bug]		Built in mutex profiler was not scalable enough.
155 156
			[RT #17436]

157 158 159
2355.	[func]		Extend the number statistics counters available.
			[RT #17590]

Mark Andrews's avatar
Mark Andrews committed
160
2354.	[bug]		Failed to initialize some rdatasetheader_t elements.
161 162
			[RT #17927]

163 164 165 166 167 168 169
2353.	[func]		Add support for Name Server ID (RFC 5001).
			'dig +nsid' requests NSID from server.
			'request-nsid yes;' causes recursive server to send
			NSID requests to upstream servers.  Server responds
			to NSID requests with the string configured by
			'server-id' option.  [RT #17091]

170 171
2352.	[bug]		Various GSS_API fixups. [RT #17729]

172 173
2351.	[bug]		convertxsl.pl generated very long lines. [RT #17906]

174 175
2350.	[port]		win32: IPv6 support. [RT #17797]

176 177 178
2349.	[func]		Provide incremental re-signing support for secure
			dynamic zones. [RT #1091]

Francis Dupont's avatar
Francis Dupont committed
179 180 181 182
2348.	[func]		Use the EVP interface to OpenSSL. Add PKCS#11 support.
			Documentation is in the new README.pkcs11 file.
			[RT #16844]

Francis Dupont's avatar
Francis Dupont committed
183 184 185
2347.	[bug]		Delete now traverses the RB tree in the canonical
			order. [RT #17451]

186 187 188
2346.	[func]		Memory statistics now cover all active memory contexts
			in increased detail. [RT #17580]

189 190 191 192
2345.	[bug]		named-checkconf failed to detect when forwarders
			were set at both the options/view level and in
			a root zone. [RT #17671]

193 194 195
2344.	[bug]		Improve "logging{ file ...; };" documentation.
			[RT #17888]

196 197 198
2343.	[bug]		(Seemingly) duplicate IPv6 entries could be
			created in ADB. [RT #17837]

199 200
2342.	[func]		Use getifaddrs() if available under Linux. [RT #17224]

201 202 203
2341.	[bug]		libbind: add missing -I../include for off source
			tree builds. [RT #17606]

204 205
2340.	[port]		openbsd: interface configuration. [RT #17700]

206 207
2339.	[port]		tru64: support for libbind. [RT #17589]

Mark Andrews's avatar
Mark Andrews committed
208
2338.	[bug]		check_ds() could be called with a non DS rdataset.
209 210
			[RT #17598]

Mark Andrews's avatar
Mark Andrews committed
211
2337.	[bug]		BUILD_LDFLAGS was not being correctly set.  [RT #17614]
212

213 214 215 216
2336.	[func]		If "named -6" is specified then listen on all IPv6
			interfaces if there are not listen-on-v6 clauses in
			named.conf.  [RT #17581]

217 218 219
2335.	[port]		sunos:  libbind and *printf() support for long long. 
			[RT #17513]

220 221 222
2334.	[bug]		Bad REQUIRES in fromstruct_in_naptr(),  off by one
			bug in fromstruct_txt(). [RT #17609]
			
223 224 225
2333.	[bug]		Fix off by one error in isc_time_nowplusinterval().
			[RT #17608]

226 227
2332.	[contrib]	query-loc-0.4.0. [RT #17602]

Mark Andrews's avatar
80 cols  
Mark Andrews committed
228
2331.	[bug]		Failure to regenerate any signatures was not being
Mark Andrews's avatar
Mark Andrews committed
229 230
			reported nor being past back to the UPDATE client.
			[RT #17570]
231

232 233 234 235 236 237 238
2330.	[bug]		Remove potential race condition when handling
			over memory events. [RT #17572]

			WARNING: API CHANGE: over memory callback
			function now needs to call isc_mem_waterack().
			See <isc/mem.h> for details.

239 240
2329.	[bug]		Clearer help text for dig's '-x' and '-i' options.

241
2328.	[maint]		Add AAAA addresses for A.ROOT-SERVERS.NET,
242 243 244 245
			F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
			J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
			M.ROOT-SERVERS.NET.

Mark Andrews's avatar
Mark Andrews committed
246
2327.	[bug]		It was possible to dereference a NULL pointer in
Mark Andrews's avatar
Mark Andrews committed
247
			rbtdb.c.  Implement dead node processing in zones as
Mark Andrews's avatar
Mark Andrews committed
248
			we do for caches. [RT #17312]
249

250 251 252
2326.	[bug]		It was possible to trigger a INSIST in the acache
			processing.

253 254
2325.	[port]		Linux: use capset() function if available. [RT #17557]

Mark Andrews's avatar
80 cols  
Mark Andrews committed
255
2324.	[bug]		Fix IPv6 matching against "any;". [RT #17533]
256

257 258
2323.	[port]		tru64: namespace clash. [RT #17547]

259 260 261
2322.	[port]		MacOS: work around the limitation of setrlimit()
			for RLIMIT_NOFILE. [RT #17526]

Mark Andrews's avatar
Mark Andrews committed
262 263
2321.	[placeholder]

Mark Andrews's avatar
Mark Andrews committed
264
2320.	[func]		Make statistics counters thread-safe for platforms
265 266
			that support certain atomic operations. [RT #17466]

267
2319.	[bug]		Silence Coverity warnings in 
Evan Hunt's avatar
Evan Hunt committed
268
			lib/dns/rdata/in_1/apl_42.c. [RT #17469]
269

270
2318.	[port]		sunos fixes for libbind.  [RT #17514]
271

272 273
2317.	[bug]		"make distclean" removed bind9.xsl.h. [RT #17518]

274 275 276
2316.	[port]		Missing #include <isc/print.h> in lib/dns/gssapictx.c.
			[RT #17513]

277 278 279
2315.   [bug]           Used incorrect address family for mapped IPv4
                        addresses in acl.c. [RT #17519]

280 281 282
2314.	[bug]		Uninitialized memory use on error path in
			bin/named/lwdnoop.c.  [RT #17476]

283 284 285
2313.	[cleanup]	Silence Coverity warnings. Handle private stacks.
			[RT #17447] [RT #17478]

286 287 288
2312.	[cleanup]	Silence Coverity warning in lib/isc/unix/socket.c.
			[RT #17458]

289 290 291
2311.   [bug]           IPv6 addresses could match IPv4 ACL entries and
                        vice versa. [RT #17462]

Mark Andrews's avatar
Mark Andrews committed
292
2310.	[bug]		dig, host, nslookup: flush stdout before emitting
293
			debug/fatal messages.  [RT #17501]
294

295 296 297
2309.   [cleanup]       Fix Coverity warnings in lib/dns/acl.c and iptable.c.
                        [RT #17455]

298 299 300
2308.	[cleanup]	Silence Coverity warning in bin/named/controlconf.c.
			[RT #17495]

301 302
2307.	[bug]		Remove infinite loop from lib/dns/sdb.c. [RT #17496]

303 304 305
2306.	[bug]		Remove potential race from lib/dns/resolver.c.
			[RT #17470]

306 307
2305.	[security]	inet_network() buffer overflow. CVE-2008-0122.

308 309 310
2304.	[bug]		Check returns from all dns_rdata_tostruct() calls.
			[RT #17460]

311 312 313
2303.	[bug]		Remove unnecessary code from bin/named/lwdgnba.c.
			[RT #17471]

314 315
2302.	[bug]		Fix memset() calls in lib/tests/t_api.c. [RT #17472]

316 317 318
2301.	[bug]		Remove resource leak and fix error messages in
			bin/tests/system/lwresd/lwtest.c. [RT #17474]

319 320 321
2300.	[bug]		Fixed failure to close open file in 
			bin/tests/names/t_names.c. [RT #17473]

322 323 324
2299.	[bug]		Remove unnecessary NULL check in
			bin/nsupdate/nsupdate.c. [RT #17475]

325 326 327
2298.	[bug]		isc_mutex_lock() failure not caught in
			bin/tests/timers/t_timers.c. [RT #17468]

328 329 330
2297.	[bug]		isc_entropy_createfilesource() failure not caught in
			bin/tests/dst/t_dst.c. [RT #17467]

331 332 333
2296.	[port]		Allow docbook stylesheet location to be specified to
			configure. [RT #17457]

334 335 336
2295.	[bug]		Silence static overrun error in bin/named/lwaddr.c.
			[RT #17459]

337 338 339 340
2294.	[func]		Allow the experimental statistics channels to have
			multiple connections and ACL.
			Note: the stats-server and stats-server-v6 options
			available in the previous beta releases are replaced
Mark Andrews's avatar
Mark Andrews committed
341
			with the generic statistics-channels statement.
342

343 344
2293.	[func]		Add ACL regression test. [RT #17375]

345 346 347 348 349 350
2292.	[bug]		Log if the working directory is not writable.
			[RT #17312]

2291.   [bug]           PR_SET_DUMPABLE may be set too late.  Also report
			failure to set PR_SET_DUMPABLE. [RT #17312]

351 352 353
2290.	[bug]		Let AD in the query signal that the client wants AD
			set in the response. [RT #17301]

354 355 356
2289.	[func]		named-checkzone now reports the out-of-zone CNAME
			found. [RT #17309]

357 358 359
2288.	[port]		win32: mark service as running when we have finished
			loading.  [RT #17441]

360 361
2287.	[bug]		Use 'volatile' if the compiler supports it. [RT #17413]

362 363 364 365 366
2286.	[func]		Allow a TCP connection to be used as a weak
			authentication method for reverse zones.
			New update-policy methods tcp-self and 6to4-self.
			[RT #17378]

367 368 369
2285.	[func]		Test framework for client memory context management.
			[RT #17377]

370 371 372
2284.	[bug]		Memory leak in UPDATE prerequisite processing.
			[RT #17377]

373 374 375 376 377
2283.	[bug]		TSIG keys were not attaching to the memory
			context.  TSIG keys should use the rings
			memory context rather than the clients memory
			context. [RT #17377]

378
2282.	[bug]		Acl code fixups. [RT #17346] [RT #17374]
379

380 381 382
2281.	[bug]		Attempts to use undefined acls were not being logged.
			[RT #17307]

383 384 385
2280.	[func]		Allow the experimental http server to be reached
			over IPv6 as well as IPv4. [RT #17332]

386 387 388 389
2279.   [bug]           Use setsockopt(SO_NOSIGPIPE), when available,
			to protect applications from receiving spurious
			SIGPIPE signals when using the resolver.

390
2278.	[bug]		win32: handle the case where Windows returns no
Mark Andrews's avatar
Mark Andrews committed
391
			search list or DNS suffix. [RT #17354]
392

393 394 395
2277.	[bug]		Empty zone names were not correctly being caught at
			in the post parse checks. [RT #17357]

396 397
2276.	[bug]		Install <dst/gssapi.h>.  [RT# 17359]

398 399 400
2275.	[func]		Add support to dig to perform IXFR queries over UDP.
			[RT #17235]

Mark Andrews's avatar
Mark Andrews committed
401
2274.	[func]		Log zone transfer statistics. [RT #17336]
402

Mark Andrews's avatar
Mark Andrews committed
403
2273.	[bug]		Adjust log level to WARNING when saving inconsistent
404 405
			stub/slave master and journal files. [RT# 17279]

406 407 408
2272.	[bug]		Handle illegal dnssec-lookaside trust-anchor names.
			[RT #17262]

Michael Graff's avatar
Michael Graff committed
409 410
2271.	[bug]		Fix a memory leak in http server code [RT #17100]

411 412 413
2270.	[bug]		dns_db_closeversion() version->writer could be reset
			before it is tested. [RT #17290]

414 415
2269.	[contrib]	dbus memory leaks and missing va_end calls. [RT #17232]

416 417 418
2268.	[bug]		0.IN-ADDR.ARPA was missing from the empty zones
			list.

419 420
	--- 9.5.0b1 released ---

421 422 423 424
2267.   [bug]           Radix tree node_num value could be set incorrectly,
                        causing positive ACL matches to look like negative
                        ones.  [RT #17311]

425 426 427
2266.	[bug]		client.c:get_clientmctx() returned the same mctx
			once the pool of mctx's was filled. [RT #17218]

428 429 430
2265.	[bug]		Test that the memory context's basic_table is non NULL
			before freeing.  [RT #17265]

431 432
2264.	[bug]		Server prefix length was being ignored. [RT #17308]

433 434 435
2263.	[bug]		"named-checkconf -z" failed to set default value
			for "check-integrity".  [RT #17306]

436 437 438
2262.	[bug]		Error status from all but the last view could be
			lost. [RT #17292]

439 440
2261.   [bug]           Fix memory leak with "any" and "none" ACLs [RT #17272]

441
2260.	[bug]		Reported wrong clients-per-query when increasing the
442
                        value. [RT #17236]
Mark Andrews's avatar
Mark Andrews committed
443

444 445
2259.	[placeholder]

Mark Andrews's avatar
Mark Andrews committed
446 447
	--- 9.5.0a7 released ---

448 449 450
2258.	[bug]		Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
			[RT #17241]

451 452 453
2257.	[bug]		win32: Use the full path to vcredist_x86.exe when
			calling it. [RT #17222]

454 455 456
2256.	[bug]		win32: Correctly register the installation location of
			bindevt.dll. [RT #17159]

457
2255.	[maint]		L.ROOT-SERVERS.NET is now 199.7.83.42.
458

459 460 461 462 463
2254.	[bug]		timer.c:dispatch() failed to lock timer->lock
			when reading timer->idle allowing it to see
			intermediate values as timer->idle was reset by
			isc_timer_touch(). [RT #17243]

Mark Andrews's avatar
Mark Andrews committed
464
2253.	[func]	 	"max-cache-size" defaults to 32M.
Mark Andrews's avatar
Mark Andrews committed
465 466
			"max-acache-size" defaults to 16M.

467
2252.   [bug]           Fixed errors in sortlist code [RT #17216]
468

469 470 471 472 473 474 475
2251.	[placeholder]

2250.	[func]		New flag 'memstatistics' to state whether the
			memory statistics file should be written or not.
			Additionally named's -m option will cause the
			statistics file to be written. [RT #17113]
			
476 477 478
2249.   [bug]           Only set Authentic Data bit if client requested
                        DNSSEC, per RFC 3655 [RT #17175]

479 480
2248.   [cleanup]       Fix several errors reported by Coverity. [RT #17160]

481 482
2247.	[doc]		Sort doc/misc/options. [RT #17067]

483 484 485
2246.	[bug]		Make the startup of test servers (ans.pl) more
			robust. [RT #17147]

486 487 488
2245.	[bug]		Validating lack of DS records at trust anchors wasn't
			working. [RT #17151]

489 490 491 492
2244.	[func]		Allow the check of nameserver names against the
			SOA MNAME field to be disabled by specifying
			'notify-to-soa yes;'.  [RT #17073]

493 494 495
2243.	[func]		Configuration files without a newline at the end now
			parse without error. [RT #17120]

496 497 498 499
2242.	[bug]		nsupdate: GSS-TSIG support using the Heimdal Kerberos
			library could require a source of random data.
			[RT #17127]

Mark Andrews's avatar
Mark Andrews committed
500
2241.	[func]		nsupdate: add a interactive 'help' command. [RT #17099]
501 502 503 504 505 506 507

2240.	[bug]		Cleanup nsupdates GSS-TSIG support.  Convert
			a number of INSIST()s into plain fatal() errors
			which report the triggering result code.
			The 'key' command wasn't disabling GSS-TSIG.
			[RT #17099]

Mark Andrews's avatar
Mark Andrews committed
508
2239.	[func]		Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
509

510
2238.	[bug]		It was possible to trigger a REQUIRE when a
Mark Andrews's avatar
Mark Andrews committed
511
			validation was canceled. [RT #17106]
512

513 514
2237.	[bug]		libbind: res_init() was not thread aware. [RT #17123]

Mark Andrews's avatar
Mark Andrews committed
515
2236.	[bug]		dnssec-signzone failed to preserve the case of
Mark Andrews's avatar
Mark Andrews committed
516
			of wildcard owner names. [RT #17085]
517

518 519
2235.	[bug]		<isc/atomic.h> was not being installed. [RT #17135]

Evan Hunt's avatar
Evan Hunt committed
520 521
2234.   [port]          Correct some compiler warnings on SCO OSr5 [RT #17134]
  
522
2233.   [func]          Add support for O(1) ACL processing, based on
Mark Andrews's avatar
Mark Andrews committed
523 524
                        radix tree code originally written by Kevin
                        Brintnall. [RT #16288]
525

526 527 528
2232.	[bug]		dns_adb_findaddrinfo() could fail and return
			ISC_R_SUCCESS. [RT #17137]

529 530 531
2231.	[bug]		Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
			[RT #17088]

532 533 534
2230.	[bug]		We could INSIST reading a corrupted journal.
			[RT #17132]

Mark Andrews's avatar
Mark Andrews committed
535
2229.	[bug]		Null pointer dereference on query pool creation
536 537
			failure. [RT #17133]

Mark Andrews's avatar
Mark Andrews committed
538
2228.	[contrib]	contrib: Change 2188 was incomplete.
539

540 541
2227.	[cleanup]	Tidied up the FAQ. [RT #17121]

Mark Andrews's avatar
Mark Andrews committed
542 543
2226.	[placeholder]

544 545 546
2225.	[bug]		More support for systems with no IPv4 addresses.
		        [RT #17111]

547 548 549 550 551
2224.	[bug]		Defer journal compaction if a xfrin is in progress.
			[RT #17119]

2223.	[bug]		Make a new journal when compacting. [RT #17119]

552 553 554
2222.	[func]		named-checkconf now checks server key references.
		        [RT #17097]

555
2221.	[bug]		Set the event result code to reflect the actual
Mark Andrews's avatar
Mark Andrews committed
556 557 558
			record turned to caller when a cache update is
			rejected due to a more credible answer existing.
			[RT #17017]
559

560 561 562
2220.	[bug]		win32: Address a race condition in final shutdown of
			the Windows socket code. [RT #17028]
			
Mark Andrews's avatar
Mark Andrews committed
563
2219.	[bug]		Apply zone consistency checks to additions, not
Mark Andrews's avatar
Mark Andrews committed
564
			removals, when updating. [RT #17049]
565

566 567 568
2218.	[bug]		Remove unnecessary REQUIRE from dns_validator_create().
			[RT #16976]

569 570
2217.	[func]		Adjust update log levels. [RT #17092]

571 572 573
2216.	[cleanup]	Fix a number of errors reported by Coverity.
		        [RT #17094]

574 575
2215.	[bug]		Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]

576 577 578 579
2214.	[bug]		Deregister OpenSSL lock callback when cleaning
			up.  Reorder OpenSSL cleanup so that RAND_cleanup()
			is called before the locks are destroyed. [RT #17098]

580 581 582
2213.	[bug]		SIG0 diagnostic failure messages were looking at the
			wrong status code. [RT #17101]

Mark Andrews's avatar
Mark Andrews committed
583
2212.	[func]		'host -m' now causes memory statistics and active
584 585
			memory to be printed at exit. [RT 17028]

586 587 588
2211.	[func]		Update "dynamic update temporarily disabled" message.
			[RT #17065]

589 590 591
2210.	[bug]		Deleting class specific records via UPDATE could
			fail.  [RT #17074]

592 593 594 595
2209.	[port]		osx: linking against user supplied static OpenSSL
			libraries failed as the system ones were still being
			found. [RT #17078]

596 597 598
2208.	[port]		win32: make sure both build methods produce the
			same output. [RT #17058]

599 600
2207.	[port]		Some implementations of getaddrinfo() fail to set
			ai_canonname correctly. [RT #17061]
Mark Andrews's avatar
Mark Andrews committed
601 602 603

	--- 9.5.0a6 released ---

604 605 606 607 608 609 610 611 612 613 614 615 616 617 618
2206.	[security]	"allow-query-cache" and "allow-recursion" now
			cross inherit from each other.

			If allow-query-cache is not set in named.conf then
			allow-recursion is used if set, otherwise allow-query
			is used if set, otherwise the default (localnets;
			localhost;) is used.

			If allow-recursion is not set in named.conf then
			allow-query-cache is used if set, otherwise allow-query
			is used if set, otherwise the default (localnets;
			localhost;) is used.

			[RT #16987]
	
619 620
2205.	[bug]		libbind: change #2119 broke thread support. [RT #16982]

Mark Andrews's avatar
Mark Andrews committed
621
2204.	[bug]		"rndc flushanme name unknown-view" caused named
622
			to crash. [RT #16984]
Mark Andrews's avatar
9.5.0a6  
Mark Andrews committed
623

624 625 626
2203.	[security]	Query id generation was cryptographically weak.
			[RT # 16915]

627 628 629
2202.	[security]	The default acls for allow-query-cache and
			allow-recursion were not being applied. [RT #16960]

Mark Andrews's avatar
Mark Andrews committed
630
2201.	[bug]		The build failed in a separate object directory.
631 632
			[RT #16943]

633 634 635
2200.	[bug]		The search for cached NSEC records was stopping to
			early leading to excessive DLV queries. [RT #16930]

636 637 638
2199.	[bug]		win32: don't call WSAStartup() while loading dlls.
			[RT #16911]

639 640 641
2198.	[bug]		win32: RegCloseKey() could be called when
			RegOpenKeyEx() failed. [RT #16911]

642 643 644 645
2197.	[bug]		Add INSIST to catch negative responses which are
			not setting the event result code appropriately.
			[RT #16909]

646
2196.	[port]		win32: yield processor while waiting for once to
647
			to complete. [RT #16958]
648

649 650 651
2195.	[func]		dnssec-keygen now defaults to nametype "ZONE"
			when generating DNSKEYs. [RT #16954]

652
2194.	[bug]		Close journal before calling 'done' in xfrin.c.
Mark Andrews's avatar
9.5.0a5  
Mark Andrews committed
653 654 655

	--- 9.5.0a5 released ---

Mark Andrews's avatar
Mark Andrews committed
656 657 658
2193.	[port]		win32: BINDInstall.exe is now linked statically.
			[RT #16906]

659 660 661 662
2192.	[port]		win32: use vcredist_x86.exe to install Visual
			Studio's redistributable dlls if building with
			Visual Stdio 2005 or later.

663 664 665
2191.	[func]		named-checkzone now allows dumping to stdout (-).
			named-checkconf now has -h for help.
			named-checkzone now has -h for help.
Mark Andrews's avatar
Mark Andrews committed
666
			rndc now has -h for help.
667 668 669
			Better handling of '-?' for usage summaries.
			[RT #16707]

670 671 672 673
2190.	[func]		Make fallback to plain DNS from EDNS due to timeouts
			more visible.  New logging category "edns-disabled".
			[RT #16871]

674 675
2189.	[bug]		Handle socket() returning EINTR. [RT #15949]

Mark Andrews's avatar
Mark Andrews committed
676
2188.	[contrib]	queryperf: autoconf changes to make the search for
677 678
			libresolv or libbind more robust. [RT #16299]

679 680
2187.	[bug]		query_addds(), query_addwildcardproof() and
			query_addnxrrsetnsec() should take a version
Mark Andrews's avatar
Mark Andrews committed
681
			argument. [RT #16368]
682

683 684 685
2186.	[port]		cygwin: libbind: check for struct sockaddr_storage
			independently of IPv6. [RT #16482]

686 687 688
2185.	[port]		sunos: libbind: check for ssize_t, memmove() and
			memchr(). [RT #16463]

689 690 691
2184.	[bug]		bind9.xsl.h didn't build out of the source tree.
			[RT #16830]

692 693 694
2183.	[bug]		dnssec-signzone didn't handle offline private keys
			well.  [RT #16832]

695 696 697 698
2182.	[bug]		dns_dispatch_createtcp() and dispatch_createudp()
			could return ISC_R_SUCCESS when they ran out of
			memory. [RT #16365]

699 700
2181.	[port]		sunos: libbind: add paths.h from BIND 8. [RT #16462]

701 702 703
2180.	[cleanup]	Remove bit test from 'compress_test' as they
			are no longer needed. [RT #16497]

704 705 706
2179.	[func]		'rndc command zone' will now find 'zone' if it is
			unique to all the views. [RT #16821]

707 708 709
2178.	[bug]		'rndc reload' of a slave or stub zone resulted in
			a reference leak. [RT #16867]

710 711
2177.	[bug]		Array bounds overrun on read (rcodetext) at
			debug level 10+. [RT #16798]
712

713
2176.	[contrib]	dbus update to handle race condition during
Mark Andrews's avatar
Mark Andrews committed
714
			initialization (Bugzilla 235809). [RT #16842]
715

Mark Andrews's avatar
Mark Andrews committed
716
2175.	[bug]		win32: windows broadcast condition variable support
717 718
			was broken. [RT #16592]

719 720 721
2174.	[bug]		I/O errors should always be fatal when reading
			master files. [RT #16825]

722 723
2173.	[port]		win32: When compiling with MSVS 2005 SP1 we also
			need to ship Microsoft.VC80.MFCLOC.
Mark Andrews's avatar
9.5.0a4  
Mark Andrews committed
724 725 726

	--- 9.5.0a4 released ---

727 728 729
2172.	[bug]		query_addsoa() was being called with a non zone db.
			[RT #16834]

730 731 732 733
2171.	[bug]		Handle breaks in DNSSEC trust chains where the parent
			servers are not DS aware (DS queries to the parent
			return a referral to the child).

734 735
2170.	[func]		Add acache processing to test suite. [RT #16711]

736 737 738
2169.	[bug]		host, nslookup: when reporting NXDOMAIN report the
			given name and not the last name searched for.
			[RT #16763]
739

740 741 742
2168.	[bug]		nsupdate: in non-interactive mode treat syntax errors
			as fatal errors. [RT #16785]

743 744
2167.	[bug]		When re-using a automatic zone named failed to
			attach it to the new view. [RT #16786]
Evan Hunt's avatar
9.5.0a3  
Evan Hunt committed
745 746 747

	--- 9.5.0a3 released ---

748 749 750 751
2166.	[bug]		When running in batch mode, dig could misinterpret
			a server address as a name to be looked up, causing
			unexpected output. [RT #16743]

752 753 754 755 756
2165.	[func]		Allow the destination address of a query to determine
			if we will answer the query or recurse.
			allow-query-on, allow-recursion-on and
			allow-query-cache-on. [RT #16291]

757 758 759 760
2164.	[bug]		The code to determine how named-checkzone / 
			named-compilezone was called failed under windows.
			[RT #16764]

761 762 763 764
2163.	[bug]		If only one of query-source and query-source-v6
			specified a port the query pools code broke (change
			2129).  [RT #16768]

765 766 767
2162.	[func]		Allow "rrset-order fixed" to be disabled at compile
			time. [RT #16665]

768 769 770
2161.	[bug]		Fix which log messages are emitted for 'rndc flush'.
			[RT #16698]

771 772 773
2160.	[bug]		libisc wasn't handling NULL ifa_addr pointers returned
			from getifaddrs(). [RT #16708]

Mark Andrews's avatar
9.5.0a2  
Mark Andrews committed
774 775
	--- 9.5.0a2 released ---

Mark Andrews's avatar
Mark Andrews committed
776 777
2159.	[bug]		Array bounds overrun in acache processing. [RT #16710]

Mark Andrews's avatar
Mark Andrews committed
778
2158.	[bug]		ns_client_isself() failed to initialize key
779 780
			leading to a REQUIRE failure. [RT #16688]

781 782 783 784 785 786 787 788
2157.	[func]		dns_db_transfernode() created. [RT #16685]

2156.	[bug]		Fix node reference leaks in lookup.c:lookup_find(),
			resolver.c:validated() and resolver.c:cache_name().
			Fix a memory leak in rbtdb.c:free_noqname().
			Make lookup.c:lookup_find() robust against
			event leaks. [RT #16685]

789 790 791
2155.	[contrib]	SQLite sdb module from jaboydjr@netwalk.com.
			[RT #16694]

792 793 794
2154.	[func]		Scoped (e.g. IPv6 link-local) addresses may now be
			matched in acls by omitting the scope. [RT #16599]

795 796
2153.	[bug]		nsupdate could leak memory. [RT #16691]

797 798 799
2152.	[cleanup]	Use sizeof(buf) instead of fixed number in
			dighost.c:get_trusted_key(). [RT #16678]

800 801 802
2151.	[bug]		Missing newline in usage message for journalprint.
			[RT #16679]

803 804 805 806
2150.	[bug]		'rrset-order cyclic' uniformly distribute the
			starting point for the first response for a given
			RRset. [RT #16655]

807 808 809 810
2149.	[bug]		isc_mem_checkdestroyed() failed to abort on
			if there were still active memory contexts.
			[RT #16672]

811 812
2148.	[func]		Add positive logging for rndc commands. [RT #14623]

813 814 815
2147.	[bug]		libbind: remove potential buffer overflow from
			hmac_link.c. [RT #16437]

816 817 818
2146.	[cleanup]	Silence Linux's spurious "obsolete setsockopt
			SO_BSDCOMPAT" message. [RT #16641]

819 820 821
2145.	[bug]		Check DS/DLV digest lengths for known digests.
			[RT #16622]

822 823 824
2144.	[cleanup]	Suppress logging of SERVFAIL from forwarders.
			[RT #16619]

825 826 827 828
2143.	[bug]		We failed to restart the IPv6 client when the
			kernel failed to return the destination the
			packet was sent to. [RT #16613]

Mark Andrews's avatar
Mark Andrews committed
829
2142.	[bug]		Handle master files with a modification time that
830 831
			matches the epoch. [RT# 16612]

832 833 834
2141.	[bug]		dig/host should not be setting IDN_ASCCHECK (IDN
			equivalent of LDH checks).  [RT #16609]

835 836 837
2140.	[bug]		libbind: missing unlock on pthread_key_create()
			failures. [RT #16654]

838 839 840
2139.	[bug]		dns_view_find() was being called with wrong type
			in adb.c. [RT #16670]

841 842
2138.	[bug]		Lock order reversal in resolver.c. [RT #16653]

843
2137.	[port]		Mips little endian and/or mips 64 bit are now
Mark Andrews's avatar
Mark Andrews committed
844
			supported for atomic operations. [RT#16648]
845

846 847 848
2136.	[bug]		nslookup/host looped if there was no search list
			and the host didn't exist. [RT #16657]

Mark Andrews's avatar
Mark Andrews committed
849
2135.	[bug]		Uninitialized rdataset in sdlz.c. [RT# 16656]
850

851 852
2134.	[func]		Additional statistics support. [RT #16666]

853 854 855
2133.	[port]		powerpc:  Support both IBM and MacOS Power PC
			assembler syntaxes. [RT #16647]

856 857 858
2132.	[bug]		Missing unlock on out of memory in
			dns_dispatchmgr_setudp().

859 860
2131.	[contrib]	dlz/mysql: AXFR was broken. [RT #16630]

861 862
2130.	[func]		Log if CD or DO were set. [RT #16640]

863 864 865 866
2129.	[func]		Provide a pool of UDP sockets for queries to be
			made over. See use-queryport-pool, queryport-pool-ports
			and queryport-pool-updateinterval.  [RT #16415]

867 868
2128.	[doc]		xsltproc --nonet, update DTD versions.  [RT #16635]

869 870
2127.	[port]		Improved OpenSSL 0.9.8 support. [RT #16563]

Mark Andrews's avatar
Mark Andrews committed
871
2126.	[security]	Serialize validation of type ANY responses. [RT #16555]
872

873 874 875
2125.	[bug]		dns_zone_getzeronosoattl() REQUIRE failure if DLZ
			was defined. [RT #16574]

Mark Andrews's avatar
Mark Andrews committed
876
2124.	[security]	It was possible to dereference a freed fetch
877
			context. [RT #16584]
Mark Andrews's avatar
9.5.0a1  
Mark Andrews committed
878 879 880

	--- 9.5.0a1 released ---

Mark Andrews's avatar
Mark Andrews committed
881
2123.	[func]		Use Doxygen to generate internal documentation.
882 883
			[RT #11398]

884 885 886
2122.	[func]		Experimental http server and statistics support
			for named via xml.

887 888 889
2121.	[func]		Add a 10 slot dead masters cache (LRU) with a 600
			second timeout. [RT #16553]

890 891
2120.	[doc]		Fix markup on nsupdate man page. [RT #16556]

892 893 894 895
2119.	[compat]	libbind: allow res_init() to succeed enough to
			return the default domain even if it was unable
			to allocate memory.

896 897 898 899
2118.	[bug]		Handle response with long chains of domain name
			compression pointers which point to other compression
			pointers. [RT #16427]

900 901 902 903 904 905 906
2117.	[bug]		DNSSEC fixes: named could fail to cache NSEC records
			which could lead to validation failures.  named didn't
			handle negative DS responses that were in the process
			of being validated.  Check CNAME bit before accepting
			NODATA proof. To be able to ignore a child NSEC there
			must be SOA (and NS) set in the bitmap. [RT #16399]

907 908 909
2116.	[bug]		'rndc reload' could cause the cache to continually
			be cleaned. [RT #16401]

910 911 912
2115.	[bug]		'rndc reconfig' could trigger a INSIST if the
			number of masters for a zone was reduced. [RT #16444]

913
2114.	[bug]		dig/host/nslookup: searches for names with multiple
Mark Andrews's avatar
Mark Andrews committed
914
			labels were failing. [RT #16447]
915

916 917 918
2113.	[bug]		nsupdate: if a zone is specified it should be used
			for server discover. [RT# 16455]

919 920
2112.	[security]	Warn if weak RSA exponent is used. [RT #16460]

921 922 923
2111.	[bug]		Fix a number of errors reported by Coverity.
			[RT #16507]

Tatuya JINMEI 神明達哉's avatar
typo  
Tatuya JINMEI 神明達哉 committed
924
2110.	[bug]		"minimal-responses yes;" interacted badly with BIND 8
925 926
			priming queries. [RT #16491]

927 928
2109.	[port]		libbind: silence aix 5.3 compiler warnings. [RT #16502]

929 930
2108.	[func]		DHCID support. [RT #16456]

931 932
2107.	[bug]		dighost.c: more cleanup of buffers. [RT #16499]

933 934
2106.	[func]		'rndc status' now reports named's version. [RT #16426]

935 936
2105.	[func]		GSS-TSIG support (RFC 3645).

937 938
2104.	[port]		Fix Solaris SMF error message.

939 940 941
2103.	[port]		Add /usr/sfw to list of locations for OpenSSL
			under Solaris.

Mark Andrews's avatar
Mark Andrews committed
942
2102.	[port]		Silence Solaris 10 warnings.
943

944 945 946
2101.	[bug]		OpenSSL version checks were not quite right.
			[RT #16476]

947 948 949
2100.	[port]		win32: copy libeay32.dll to Build\Debug.
			Copy Debug\named-checkzone to Debug\named-compilezone.

Mark Andrews's avatar
Mark Andrews committed
950
2099.	[port]		win32: more manifest issues.
951

Mark Andrews's avatar
Mark Andrews committed
952
2098.	[bug]		Race in rbtdb.c:no_references(), which occasionally
953 954
			triggered an INSIST failure about the node lock
			reference.  [RT #16411]
955

956 957 958
2097.	[bug]		named could reference a destroyed memory context
			after being reloaded / reconfigured. [RT #16428]

959 960 961
2096.	[bug]		libbind: handle applications that fail to detect
			res_init() failures better.

962 963 964
2095.	[port]		libbind: alway prototype inet_cidr_ntop_ipv6() and
			net_cidr_ntop_ipv6(). [RT #16388]
 
965 966
2094.	[contrib]	Update named-bootconf.  [RT# 16404]

967 968
2093.	[bug]		named-checkzone -s was broken.

969 970 971 972
2092.	[bug]		win32: dig, host, nslookup.  Use registry config
			if resolv.conf does not exist or no nameservers
			listed. [RT #15877] 

973 974
2091.	[port]		dighost.c: race condition on cleanup. [RT #16417]

975 976 977
2090.	[port]		win32: Visual C++ 2005 command line manifest support.
			[RT #16417]

978 979 980 981 982 983 984 985
2089.	[security]	Raise the minimum safe OpenSSL versions to
			OpenSSL 0.9.7l and OpenSSL 0.9.8d.  Versions
			prior to these have known security flaws which
			are (potentially) exploitable in named. [RT #16391]

2088.	[security]	Change the default RSA exponent from 3 to 65537.
			[RT #16391]

986 987 988
2087.	[port]		libisc failed to compile on OS's w/o a vsnprintf.
			[RT #16382]

989 990 991
2086.	[port]		libbind: FreeBSD now has get*by*_r() functions.
			[RT #16403]

992 993
2085.	[doc]		win32: added index.html and README to zip. [RT #16201]

994 995
2084.	[contrib]	dbus update for 9.3.3rc2.

996 997
2083.	[port]		win32: Visual C++ 2005 support.

998 999
2082.	[doc]		Document 'cache-file' as a test only option.

1000 1001 1002
2081.	[port]		libbind: minor 64-bit portability fix in memcluster.c.
			[RT #16360]

1003 1004 1005
2080.	[port]		libbind: res_init.c did not compile on older versions
			of Solaris. [RT #16363]

1006 1007 1008
2079.	[bug]		The lame cache was not handling multiple types
			correctly. [RT #16361]

1009 1010 1011
2078.	[bug]		dnssec-checkzone output style "default" was badly
			named.  It is now called "relative". [RT #16326]

Mark Andrews's avatar
Mark Andrews committed
1012
2077.	[bug]		'dnssec-signzone -O raw' wasn't outputting the
1013 1014
			complete signed zone. [RT #16326]

1015 1016 1017
2076.	[bug]		Several files were missing #include <config.h>
			causing build failures on OSF. [RT #16341]

1018 1019 1020
2075.	[bug]		The spillat timer event hander could leak memory.
			[RT #16357]

Mark Andrews's avatar
Mark Andrews committed
1021
2074.	[bug]		dns_request_createvia2(), dns_request_createvia3(),
1022 1023 1024
			dns_request_createraw2() and dns_request_createraw3()
			failed to send multiple UDP requests. [RT #16349]

1025 1026 1027
2073.	[bug]		Incorrect semantics check for update policy "wildcard".
			[RT #16353]

1028 1029 1030
2072.	[bug]		We were not generating valid HMAC SHA digests.
			[RT #16320]

1031 1032 1033
2071.	[port]		Test whether gcc accepts -fno-strict-aliasing.
			[RT #16324]

1034 1035 1036
2070.	[bug]		The remote address was not always displayed when
			reporting dispatch failures. [RT #16315]

1037 1038
2069.	[bug]		Cross compiling was not working. [RT #16330]

1039 1040 1041
2068.	[cleanup]	Lower incremental tuning message to debug 1.
			[RT #16319]

1042 1043 1044
2067.	[bug]		'rndc' could close the socket too early triggering
			a INSIST under Windows. [RT #16317]

1045
2066.	[security]	Handle SIG queries gracefully. [RT #16300]
Mark Andrews's avatar
Mark Andrews committed
1046

1047 1048 1049
2065.	[bug]		libbind: probe for HPUX prototypes for
			endprotoent_r() and endservent_r().  [RT 16313]

1050 1051
2064.	[bug]		libbind: silence AIX compiler warnings. [RT #16218]

1052 1053 1054
2063.	[bug]		Change #1955 introduced a bug which caused the first
			'rndc flush' call to not free memory. [RT #16244]

Mark Andrews's avatar
Mark Andrews committed
1055
2062.	[bug]		'dig +nssearch' was reusing a buffer before it had
1056 1057
			been returned by the socket code. [RT #16307]

1058 1059
2061.	[bug]		Accept expired wildcard message reversed. [RT #16296]

1060 1061 1062
2060.	[bug]		Enabling DLZ support could leave views partially
			configured. [RT #16295]

1063 1064 1065
2059.	[bug]		Search into cache rbtdb could trigger an INSIST
			failure while cleaning up a stale rdataset.
			[RT #16292]
1066