CHANGES 173 KB
Newer Older
1
2
3
1627.	[bug]		win32: sockets were not being closed when the
			last external reference was removed. [RT# 11179]

4
5
1626.	[bug]		--enable-getifaddrs was broken. [RT#11259]

Mark Andrews's avatar
Mark Andrews committed
6
7
1625.   [placeholder]	rt11237

8
9
1624.	[bug]		zonemgr_putio() call should be locked. [RT# 11163]

10
11
12
1623.	[bug]		A serial number of zero was being displayed in the
			"sending notifies" log message when also-notify was
			used. [RT #11177]
Mark Andrews's avatar
Mark Andrews committed
13

14
15
1622.	[func]		probe the system to see if IPV6_(RECV)PKTINFO is
			available, and suppress wildcard binding if not.
16

17
18
1621.	[bug]		match-destinations did not work for IPv6 TCP queries.
			[RT# 11156]
19

20
1620.	[func]		When loading a zone report if it is signed. [RT #11149]
Mark Andrews's avatar
Mark Andrews committed
21

22
23
24
1619.	[bug]		Missing ISC_LIST_UNLINK in end_reserved_dispatches().
			[RT# 11118]

25
26
27
1618.	[bug]		Fencepost errors in dns_name_ishostname() and
			dns_name_ismailbox() could trigger a INSIST().

28
29
1617.	[port]		win32: VC++ 6.0 support.

30
31
1616.	[compat]	Ensure that named's version is visible in the core
			dump. [RT #11127]
Mark Andrews's avatar
Mark Andrews committed
32

33
34
35
1615.	[port]		Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
			it is defined.

36
1614.	[port]		win32: silence resource limit messages. [RT# 11101]
Mark Andrews's avatar
Mark Andrews committed
37

38
39
40
1613.	[bug]		Builds would fail on machines w/o a if_nametoindex().
			Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
			[RT #11119]
Mark Andrews's avatar
Mark Andrews committed
41

42
43
1612.	[bug]		check-names at the option/view level could trigger
			an INSIST. [RT# 11116]
Mark Andrews's avatar
Mark Andrews committed
44

45
46
1611.	[bug]		solaris: IPv6 interface scanning failed to cope with
			no active IPv6 interfaces.
Mark Andrews's avatar
Mark Andrews committed
47

48
49
50
1610.	[bug]		On dual stack machines "dig -b" failed to set the
			address type to be looked up with "@server".
			[RT #11069]
Mark Andrews's avatar
Mark Andrews committed
51

52
53
54
1609.	[func]		dig now has support to chase DNSSEC signature chains.
			Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.

55
56
57
1608.	[func]		dig and host now accept -4/-6 to select IP transport
			to use when making queries.

58
59
60
1607.	[bug]		dig, host and nslookup were still using random()
			to generate query ids. [RT# 11013]

Mark Andrews's avatar
Mark Andrews committed
61
62
63
64
1606.	[placeholder]	rt10440a

1605.	[placeholder]	rt10440a

65
66
67
68
1604.	[bug]		A xfrout_ctx_create() failure would result in
			xfrout_ctx_destroy() being called with a
			partially initaliased structure.
			
69
70
1603.	[bug]		nsupdate: set interactive based on isatty().
			[RT# 10929]
Mark Andrews's avatar
Mark Andrews committed
71

72
73
1602.	[bug]		Logging to a file failed unless a size was specified.
			[RT# 10925]
Mark Andrews's avatar
Mark Andrews committed
74

75
76
77
1601.	[bug]		Silence spurious warning 'both "recursion no;" and 
			"allow-recursion" active' warning from view "_bind".
			[RT# 10920]
Mark Andrews's avatar
Mark Andrews committed
78

79
80
1600.	[bug]		Duplicate zone pre-load checks were not case
			insensitive.
Mark Andrews's avatar
Mark Andrews committed
81

82
1599.	[bug]		Fix memory leak on error path when checking named.conf.
Mark Andrews's avatar
Mark Andrews committed
83

84
85
1598.	[func]		Specify that certain parts of the namespace must
			be secure (dnssec-must-be-secure).
Mark Andrews's avatar
Mark Andrews committed
86

Mark Andrews's avatar
Mark Andrews committed
87
88
1597.	[placeholder]	rt6496a

89
1596.	[func]		Accept 'notify-source' style syntax for query-source.
Mark Andrews's avatar
Mark Andrews committed
90

91
92
1595.	[func]		New notify type 'master-only'.  Enable notify for
			master zones only.
Mark Andrews's avatar
Mark Andrews committed
93

94
95
1594.	[bug]		'rndc dumpdb' could prevent named from answering
			queries while the dump was in progress.  [RT #10565]
Mark Andrews's avatar
Mark Andrews committed
96

97
98
1593.	[bug]		rndc should return "unknown command" to unknown
			commands. [RT# 10642]
Mark Andrews's avatar
Mark Andrews committed
99

Mark Andrews's avatar
Mark Andrews committed
100
1592.	[bug]		configure_view() could leak a dispatch. [RT# 10675]
101

102
103
1591.	[bug]		libbind: updated to BIND 8.4.5.

104
105
1590.	[port]		netbsd: update thread support.

106
107
1589.	[func]		DNSSEC lookaside validation.

108
109
1588.	[bug]		win32: TCP sockets could become blocked. [RT #10115]

110
111
1587.	[bug]		dns_message_settsigkey() failed to clear existing key.
			[RT #10590]
Mark Andrews's avatar
Mark Andrews committed
112

113
114
1586.	[func]		"check-names" is now implemented.

Mark Andrews's avatar
Mark Andrews committed
115
1585.	[placeholder]
Mark Andrews's avatar
Mark Andrews committed
116

Mark Andrews's avatar
Mark Andrews committed
117
1584.	[bug]		"make test" failed with a read only source tree.
118
			[RT #10461]
Mark Andrews's avatar
Mark Andrews committed
119

120
121
1583.	[bug]		Records add via UPDATE failed to get the correct trust
			level. [RT #10452]
Mark Andrews's avatar
Mark Andrews committed
122

123
124
1582.	[bug]		rrset-order failed to work on RRsets with more
			than 32 elements. [RT #10381]
Mark Andrews's avatar
Mark Andrews committed
125

126
1581.	[func]		Disable DNSSEC support by default.  To enable
127
			DNSSEC specify "dnssec-enable yes;" in named.conf.
128

Mark Andrews's avatar
Mark Andrews committed
129
1580.	[bug]		Zone destruction on final detach takes a long time.
130
			[RT #3746]
Mark Andrews's avatar
Mark Andrews committed
131

132
1579.	[bug]		Multiple task managers could not be created.
Mark Andrews's avatar
Mark Andrews committed
133

134
135
1578.	[bug]		Don't use CLASS E IPv4 addresses when resolving.
			[RT #10346]
Mark Andrews's avatar
Mark Andrews committed
136

137
138
1577.	[bug]		Use isc_uint32_t in ultrasparc optimizer bug
			workaround code. [RT #10331]
Mark Andrews's avatar
Mark Andrews committed
139

140
141
1576.	[bug]		Race condition in dns_dispatch_addresponse().
			[RT# 10272]
Mark Andrews's avatar
Mark Andrews committed
142

143
1575.	[func]		Log TSIG name on TSIG verify failure. [RT #4404]
Mark Andrews's avatar
Mark Andrews committed
144

145
146
147
1574.	[bug]		Don't attempt to open the controls socket(s) when
			running tests. [RT #9091]

148
149
150
1573.	[port]		linux: update to libtool 1.5.2 so that
			"make install DESTDIR=/xx" works with
			"configure --with-libtool".  [RT #9941]
Mark Andrews's avatar
Mark Andrews committed
151

152
153
1572.	[bug]		nsupdate: sign the soa query to find the enclosing
			zone if the server is specified. [RT #10148]
Mark Andrews's avatar
Mark Andrews committed
154

155
1571.	[bug]		rbt:hash_node() could fail leaving the hash table
Mark Andrews's avatar
Mark Andrews committed
156
			in an inconsistent state.  [RT #10208]
Mark Andrews's avatar
Mark Andrews committed
157

158
159
160
1570.	[bug]		nsupdate failed to handle classes other than IN.
			New keyword 'class' which sets the default class.
			[RT #10202]
Mark Andrews's avatar
Mark Andrews committed
161

162
163
1569.	[func]		nsupdate new command 'answer' which displays the
			complete answer message to the last update.
Mark Andrews's avatar
Mark Andrews committed
164

165
1568.	[bug]		nsupdate now reports that the update failed in
Mark Andrews's avatar
Mark Andrews committed
166
			interactive mode. [RT# 10236]
Mark Andrews's avatar
Mark Andrews committed
167

168
169
1567.	[bug]		B.ROOT-SERVERS.NET is now 192.228.79.201.

170
171
172
173
1566.	[port]		Support for the cmsg framework on Solaris and HP/UX.
			This also solved the problem that match-destinations
			for IPv6 addresses did not work on these systems.
			[RT #10221]
174

Mark Andrews's avatar
Mark Andrews committed
175
176
177
1565.	[bug]		CD flag should be copied to outgoing queries unless
			the query is under a secure entry point in which case
			CD should be set.
178

179
180
181
182
183
1564.	[func]		Attempt to provide a fallback entropy source to be
			used if named is running chrooted and named is unable
			to open entropy source within the chroot area.
			[RT #10133]

Mark Andrews's avatar
Mark Andrews committed
184
185
1563.	[bug]		Gracefully fail when unable to obtain neither an IPv4
			nor an IPv6 dispatch. [RT #10230]
186

187
188
189
1562.	[bug]		isc_socket_create() and isc_socket_accept() could
			leak memory under error conditions. [RT #10230]

190
191
192
1561.	[bug]		It was possible to release the same name twice if
			named ran out of memory. [RT #10197]

193
194
195
1560.	[port]		FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
			and EAI_NONAME to the same value.

196
1559.	[port]		named should ignore SIGFSZ.
Mark Andrews's avatar
Mark Andrews committed
197

198
199
200
201
202
203
204
205
206
1558.	[func]		New DNSSEC 'disable-algorithms'.  Support entry into
			child zones for which we don't have a supported
			algorithm.  Such child zones are treated as unsigned.

1557.	[func]		Implement missing DNSSEC tests for
			* NOQNAME proof with wildcard answers.
			* NOWILDARD proof with NXDOMAIN.
			Cache and return NOQNAME with wildcard answers.

Mark Andrews's avatar
Mark Andrews committed
207
1556.	[bug]		nsupdate now treats all names as fully qualified.
208
			[RT #6427]
Mark Andrews's avatar
Mark Andrews committed
209

Mark Andrews's avatar
now->no    
Mark Andrews committed
210
1555.	[func]		'rrset-order cyclic' no longer has a random starting
211
212
			point. [RT #7572]

Mark Andrews's avatar
Mark Andrews committed
213
1554.	[bug]		dig, host, nslookup failed when no nameservers
214
215
			were specified in /etc/resolv.conf. [RT #8232]

216
1553.	[bug]		The windows socket code could stop accepting
Mark Andrews's avatar
Mark Andrews committed
217
			connections. [RT#10115]
218

219
220
1552.	[bug]		Accept NOTIFY requests from mapped masters if
			matched-mapped is set. [RT #10049]
Mark Andrews's avatar
Mark Andrews committed
221

222
223
1551.	[port]		Open "/dev/null" before calling chroot().

224
225
1550.	[port]		Call tzset(), if available, before calling chroot().

226
227
228
1549.	[func]		named-checkzone can now write out the zone contents
			in a easily parsable format (-D and -o).

Mark Andrews's avatar
Mark Andrews committed
229
230
231
1548.	[bug]		When parsing APL records it was possible to silently
			accept out of range ADDRESSFAMILY values. [RT# 9979]

232
233
234
1547.	[bug]		Named wasted memory recording duplicate lame zone
			entries. [RT #9341]

235
236
237
1546.	[bug]		We were rejecting valid secure CNAME to negative
			answers.

238
239
240
241
1545.	[bug]		It was possible to leak memory if named was unable to
			bind to the specified transfer source and TSIG was
			being used. [RT #10120]

242
243
1544.	[bug]		Named would logged a single entry to a file despite it
			being over the specified size limit.
Mark Andrews's avatar
Mark Andrews committed
244

245
1543.	[bug]		Logging using "versions unlimited" did not work.
Mark Andrews's avatar
Mark Andrews committed
246

Mark Andrews's avatar
Mark Andrews committed
247
248
1542.	[placeholder]

249
1541.	[func]		NSEC now uses new bitmap format.
Mark Andrews's avatar
Mark Andrews committed
250

251
252
1540.	[bug]		"rndc reload <dynamiczone>" was silently accepted.
			[RT #8934]
Mark Andrews's avatar
Mark Andrews committed
253

254
255
1539.	[bug]		Open UDP sockets for notify-source and transfer-source
			that use reserved ports at startup. [RT #9475]
Mark Andrews's avatar
Mark Andrews committed
256

Mark Andrews's avatar
Mark Andrews committed
257
258
1538.	[placeholder]	rt9997

259
1537.	[func]		New option "querylog".  If set specify whether query
Mark Andrews's avatar
Mark Andrews committed
260
			logging is to be enabled or disabled at startup.
Mark Andrews's avatar
Mark Andrews committed
261

262
263
1536.	[bug]		Windows socket code failed to log a error description
			when returning ISC_R_UNEXPECTED. [RT #9998]
Mark Andrews's avatar
Mark Andrews committed
264

Mark Andrews's avatar
Mark Andrews committed
265
266
1535.	[placeholder]

267
1534.	[bug]		Race condition when priming cache. [RT# 9940]
Mark Andrews's avatar
Mark Andrews committed
268

Mark Andrews's avatar
Mark Andrews committed
269
1533.	[func]		Warn if both "recursion no;" and "allow-recursion"
270
			are active. [RT# 4389]
Mark Andrews's avatar
Mark Andrews committed
271

272
273
274
1532.	[port]		netbsd: the configure test for <sys/sysctl.h>
			requires <sys/param.h>.

Mark Andrews's avatar
Mark Andrews committed
275
1531.	[port]		AIX more libtool fixes.
276

277
1530.	[bug]		It was possible to trigger a INSIST() failure if a
Mark Andrews's avatar
grammar    
Mark Andrews committed
278
			slave master file was removed at just the correct
279
280
			moment. [RT #9462]

Mark Andrews's avatar
Mark Andrews committed
281
1529.	[bug]		"notify explicit;" failed to log that NOTIFY messages
Mark Andrews's avatar
Mark Andrews committed
282
			were being sent for the zone. [RT# 9442]
Mark Andrews's avatar
Mark Andrews committed
283

284
285
1528.	[cleanup]	Simplify some dns_name_ functions based on the
			deprecation of bitstring labels.
286

287
288
1527.	[cleanup]	Reduce the number of gettimeofday() calls without
			losing necessary timer granularity.
289

290
291
1526.	[placeholder]

Mark Andrews's avatar
Mark Andrews committed
292
293
1525.	[bug]		dns_cache_create() could trigger a REQUIRE
			failure in isc_mem_put() during error cleanup.
294
			[RT# 9360]
295

296
297
298
1524.	[port]		AIX needs to be able to resolve all symbols when
			creating shared libraries (--with-libtool).

299
300
1523.	[bug]		Fix race condition in rbtdb. [RT# 9189]

301
302
303
1522.	[bug]		dns_db_findnode() relax the requirements on 'name'.
			[RT# 9286]

304
305
306
1521.	[bug]		dns_view_createresolver() failed to check the
			result from isc_mem_create(). [RT# 9294]

307
308
1520.	[protocol]	Add SSHFP (SSH Finger Print) type.

309
310
311
1519.	[bug]		dnssec-signzone:nsec_setbit() computed the wrong
			length of the new bitmap.

Mark Andrews's avatar
Mark Andrews committed
312
1518.	[bug]		dns_nsec_buildrdata(), and hence dns_nsec_build(),
313
314
315
			contained a off-by-one error when working out the
			number of octets in the bitmap.

Mark Andrews's avatar
Mark Andrews committed
316
317
1517.	[port]		Support for IPv6 interface scanning on HP/UX and
			TrueUNIX 5.1.
318

Mark Andrews's avatar
Mark Andrews committed
319
1516.	[func]		Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
320

Mark Andrews's avatar
Mark Andrews committed
321
322
1515.	[func]		Allow transfer source to be set in a server statement.
			[RT #6496]
323

Mark Andrews's avatar
Mark Andrews committed
324
325
1514.	[bug]		named: isc_hash_destroy() was being called too early.
			[RT #9160]
326

Mark Andrews's avatar
Mark Andrews committed
327
1513.	[doc]		Add "US" to root-delegation-only exclude list.
328

Mark Andrews's avatar
Mark Andrews committed
329
330
1512.	[bug]		Extend the delegation-only logging to return query
			type, class and responding nameserver.
331

Mark Andrews's avatar
Mark Andrews committed
332
333
1511.	[bug]		delegation-only was generating false positives
			on negative answers from subzones.
334

Mark Andrews's avatar
Mark Andrews committed
335
336
337
338
339
1510.	[func]		New view option "root-delegation-only".  Apply
			delegation-only check to all TLDs and root.
			Note there are some TLDs that are NOT delegation
			only (e.g. DE, LV, US and MUSEUM) these can be excluded
			from the checks by using exclude.
340

Mark Andrews's avatar
Mark Andrews committed
341
342
343
			root-delegation-only exclude {
				"DE"; "LV"; "US"; "MUSEUM";
			};
344

Mark Andrews's avatar
Mark Andrews committed
345
346
1509.	[bug]		Hint zones should accept delegation-only.  Forward
			zone should not accept delegation-only.
347

Mark Andrews's avatar
Mark Andrews committed
348
349
1508.	[bug]		Don't apply delegation-only checks to answers from
			forwarders.
350

Mark Andrews's avatar
Mark Andrews committed
351
352
1507.	[bug]		Handle BIND 8 style returns to NS queries to parents
			when making delegation-only checks.
353

Mark Andrews's avatar
Mark Andrews committed
354
1506.	[bug]		Wrong return type for dns_view_isdelegationonly().
355

Mark Andrews's avatar
Mark Andrews committed
356
1505.	[bug]		Uninitialized rdataset in sdb. [RT #8750]
357

Mark Andrews's avatar
Mark Andrews committed
358
1504.	[func]		New zone type "delegation-only".
359

Mark Andrews's avatar
Mark Andrews committed
360
1503.	[port]		win32: install libeay32.dll outside of system32.
361

Mark Andrews's avatar
Mark Andrews committed
362
1502.	[bug]		nsupdate: adjust timeouts for UPDATE requests over TCP.
363

Mark Andrews's avatar
Mark Andrews committed
364
365
1501.	[func]		Allow TCP queue length to be specified via
			named.conf, tcp-listen-queue.
366

Mark Andrews's avatar
Mark Andrews committed
367
368
1500.	[bug]		host failed to lookup MX records.  Also look up
			AAAA records.
369

Mark Andrews's avatar
Mark Andrews committed
370
371
1499.	[bug]		isc_random need to be seeded better if arc4random()
			is not used.
372

Mark Andrews's avatar
Mark Andrews committed
373
1498.	[port]		bsdos: 5.x support.
Mark Andrews's avatar
Mark Andrews committed
374

Mark Andrews's avatar
Mark Andrews committed
375
1497.	[placeholder]
376

Mark Andrews's avatar
Mark Andrews committed
377
1496.	[port]		test for pthread_attr_setstacksize().
378

Mark Andrews's avatar
Mark Andrews committed
379
1495.	[cleanup]	Replace hash functions with universal hash.
380

Mark Andrews's avatar
Mark Andrews committed
381
1494.	[security]	Turn on RSA BLINDING as a precaution.
Mark Andrews's avatar
Mark Andrews committed
382

Mark Andrews's avatar
Mark Andrews committed
383
1493.	[placeholder]
384

Mark Andrews's avatar
Mark Andrews committed
385
386
1492.	[cleanup]	Preserve rwlock quota context when upgrading /
			downgrading. [RT #5599]
387

Mark Andrews's avatar
Mark Andrews committed
388
389
1491.	[bug]		dns_master_dump*() would produce extraneous $ORIGIN
			lines. [RT #6206]
390

Mark Andrews's avatar
Mark Andrews committed
391
392
1490.	[bug]		Accept reading state as well as working state in
			ns_client_next(). [RT #6813]
393

Mark Andrews's avatar
Mark Andrews committed
394
395
1489.	[compat]	Treat 'allow-update' on slave zones as a warning.
			[RT #3469]
396

Mark Andrews's avatar
Mark Andrews committed
397
398
1488.	[bug]		Don't override trust levels for glue addresses.
			[RT #5764]
399

Mark Andrews's avatar
Mark Andrews committed
400
401
402
1487.	[bug]		A REQUIRE() failure could be triggered if a zone was
			queued for transfer and the zone was then removed.
			[RT #6189]
403

Mark Andrews's avatar
Mark Andrews committed
404
405
1486.	[bug]		isc_print_snprintf() '%%' consumed one too many format
			characters. [RT# 8230]
406

Mark Andrews's avatar
Mark Andrews committed
407
1485.	[bug]		gen failed to handle high type values. [RT #6225]
408

Mark Andrews's avatar
Mark Andrews committed
409
410
1484.	[bug]		The number of records reported after a AXFR was wrong.
			[RT #6229]
411

Mark Andrews's avatar
Mark Andrews committed
412
413
414
1483.	[bug]		dig axfr failed if the message id in the answer failed
			to match that in the request.  Only the id in the first
			message is required to match. [RT #8138]
Mark Andrews's avatar
Mark Andrews committed
415

Mark Andrews's avatar
Mark Andrews committed
416
417
418
1482.	[bug]		named could fail to start if the kernel supports
			IPv6 but no interfaces are configured.  Similarly
			for IPv4. [RT #6229]
419

Mark Andrews's avatar
Mark Andrews committed
420
421
1481.	[bug]		Refresh and stub queries failed to use masters keys
			if specified. [RT #7391]
422

Mark Andrews's avatar
Mark Andrews committed
423
424
425
426
427
1480.	[bug]		Provide replay protection for rndc commands.  Full
			replay protection requires both rndc and named to
			be updated.  Partial replay protection (limited
			exposure after restart) is provided if just named
			is updated.
428

Mark Andrews's avatar
Mark Andrews committed
429
430
431
1479.	[bug]		cfg_create_tuple() failed to handle out of
			memory cleanup.  parse_list() would leak memory
			on syntax errors.
Mark Andrews's avatar
Mark Andrews committed
432

Mark Andrews's avatar
Mark Andrews committed
433
1478.	[port]		ifconfig.sh didn't account for other virtual
Mark Andrews's avatar
Mark Andrews committed
434
			interfaces.  It now takes a optional argument
Mark Andrews's avatar
Mark Andrews committed
435
			to specify the first interface number. [RT #3907]
436

Mark Andrews's avatar
Mark Andrews committed
437
1477.	[bug]		memory leak using stub zones and TSIG.
Mark Andrews's avatar
Mark Andrews committed
438

Mark Andrews's avatar
Mark Andrews committed
439
1476.	[placeholder]
440

Mark Andrews's avatar
Mark Andrews committed
441
1475.	[port]		Probe for old sprintf().
442

Mark Andrews's avatar
Mark Andrews committed
443
444
1474.	[port]		Provide strtoul() and memmove() for platforms
			without them.
445

Mark Andrews's avatar
Mark Andrews committed
446
447
1473.	[bug]		create_map() and create_string() failed to handle out
			of memory cleanup.  [RT #6813]
448

Mark Andrews's avatar
Mark Andrews committed
449
1472.	[contrib]	idnkit-1.0 from JPNIC, replaces mdnkit.
450

Mark Andrews's avatar
Mark Andrews committed
451
1471.	[bug]		libbind: updated to BIND 8.4.0.
452

Mark Andrews's avatar
Mark Andrews committed
453
1470.	[bug]		Incorrect length passed to snprintf. [RT #5966]
454

Mark Andrews's avatar
Mark Andrews committed
455
456
1469.	[func]		Log end of outgoing zone transfer at same level
			as the start of transfer is logged. [RT #4441]
457

Mark Andrews's avatar
Mark Andrews committed
458
459
1468.	[func]		Internal zones are no longer counted for
			'rndc status'.  [RT #4706]
460

Mark Andrews's avatar
Mark Andrews committed
461
1467.	[func]		$GENERATES now supports optional class and ttl.
462

Mark Andrews's avatar
Mark Andrews committed
463
464
1466.	[bug]		lwresd configuration errors resulted in memory
			and lock leaks.  [RT #5228]
465

Mark Andrews's avatar
Mark Andrews committed
466
467
468
1465.	[bug]		isc_base64_decodestring() and isc_base64_tobuffer()
			failed to check that trailing bits were zero allowing
			some invalid base64 strings to be accepted.  [RT #5397]
469

Mark Andrews's avatar
Mark Andrews committed
470
471
1464.	[bug]		Preserve "out of zone" data for outgoing zone
			transfers. [RT #5192]
472

Mark Andrews's avatar
Mark Andrews committed
473
474
1463.	[bug]		dns_rdata_from{wire,struct}() failed to catch bad
			NXT bit maps. [RT #5577]
475

Mark Andrews's avatar
Mark Andrews committed
476
477
1462.	[bug]		parse_sizeval() failed to check the token type.
			[RT #5586]
478

Mark Andrews's avatar
Mark Andrews committed
479
1461.	[bug]		Remove deadlock from rbtdb code. [RT #5599]
480

Mark Andrews's avatar
Mark Andrews committed
481
482
1460.	[bug]		inet_pton() failed to reject certain malformed
			IPv6 literals.
Mark Andrews's avatar
Mark Andrews committed
483

Mark Andrews's avatar
Mark Andrews committed
484
1459.	[placeholder]
485

Mark Andrews's avatar
Mark Andrews committed
486
1458.	[cleanup]	sprintf() -> snprintf().
487

Mark Andrews's avatar
Mark Andrews committed
488
489
1457.	[port]		Provide strlcat() and strlcpy() for platforms without
			them.
490

Mark Andrews's avatar
Mark Andrews committed
491
1456.	[contrib]	gen-data-queryperf.py from Stephane Bortzmeyer.
492

Mark Andrews's avatar
Mark Andrews committed
493
494
1455.	[bug]		<netaddr> missing from server grammar in
			doc/misc/options. [RT #5616]
495

Mark Andrews's avatar
Mark Andrews committed
496
497
498
499
500
1454.	[port]		Use getifaddrs() if available for interface scanning.
			--disable-getifaddrs to override.  Glibc currently
			has a getifaddrs() that does not support IPv6.
			Use --enable-getifaddrs=glibc to force the use of
			this version under linux machines.
501

Mark Andrews's avatar
Mark Andrews committed
502
1453.	[doc]		ARM: $GENERATE example wasn't accurate. [RT #5298]
Mark Andrews's avatar
Mark Andrews committed
503

Mark Andrews's avatar
Mark Andrews committed
504
1452.	[placeholder]
505

Mark Andrews's avatar
Mark Andrews committed
506
507
1451.	[bug]		rndc-confgen didn't exit with a error code for all
			failures. [RT #5209]
508

Mark Andrews's avatar
Mark Andrews committed
509
510
1450.	[bug]		Fetching expired glue failed under certain
			circumstances.  [RT #5124]
511

Mark Andrews's avatar
Mark Andrews committed
512
513
1449.	[bug]		query_addbestns() didn't handle running out of memory
			gracefully.
514

Mark Andrews's avatar
Mark Andrews committed
515
1448.	[bug]		Handle empty wildcards labels.
516

Mark Andrews's avatar
Mark Andrews committed
517
518
519
1447.	[bug]		We were casting (unsigned int) to and from (void *).
			rdataset->private4 is now rdataset->privateuint4
			to reflect a type change.
520

Mark Andrews's avatar
Mark Andrews committed
521
522
523
1446.	[func]		Implemented undocumented alternate transfer sources
			from BIND 8.  See use-alt-transfer-source,
			alt-transfer-source and alt-transfer-source-v6.
524

Mark Andrews's avatar
Mark Andrews committed
525
526
527
528
529
530
			SECURITY: use-alt-transfer-source is ENABLED unless
			you are using views.  This may cause a security risk
			resulting in accidental disclosure of wrong zone
			content if the master supplying different source
			content based on IP address.  If you are not certain
			ISC recommends setting use-alt-transfer-source no;
531

Mark Andrews's avatar
Mark Andrews committed
532
533
534
1445.	[bug]		DNS_ADBFIND_STARTATROOT broke stub zones.  This has
			been replaced with DNS_ADBFIND_STARTATZONE which
			causes the search to start using the closest zone.
535

Mark Andrews's avatar
Mark Andrews committed
536
537
1444.	[func]		dns_view_findzonecut2() allows you to specify if the
			cache should be searched for zone cuts.
538

Mark Andrews's avatar
Mark Andrews committed
539
540
1443.	[func]		Masters lists can now be specified and referenced
			in zone masters clauses and other masters lists.
541

Mark Andrews's avatar
Mark Andrews committed
542
543
544
545
1442.	[func]		New functions for manipulating port lists:
			dns_portlist_create(), dns_portlist_add(),
			dns_portlist_remove(), dns_portlist_match(),
			dns_portlist_attach() and dns_portlist_detach().
546

Mark Andrews's avatar
Mark Andrews committed
547
548
1441.	[func]		It is now possible to tell dig to bind to a specific
			source port.
549

Mark Andrews's avatar
Mark Andrews committed
550
551
552
1440.	[func]		It is now possible to tell named to avoid using
			certain source ports (avoid-v4-udp-ports,
			avoid-v6-udp-ports).
553

Mark Andrews's avatar
Mark Andrews committed
554
555
556
1439.	[bug]		Named could return NOERROR with certain NOTIFY
			failures.  Return NOTAUTH if the NOTIFY zone is
			not being served.
557

Mark Andrews's avatar
Mark Andrews committed
558
1438.	[func]		Log TSIG (if any) when logging NOTIFY requests.
559

Mark Andrews's avatar
Mark Andrews committed
560
1437.	[bug]		Leave space for stdio to work in. [RT #5033]
561

Mark Andrews's avatar
Mark Andrews committed
562
563
1436.	[func]		dns_zonemgr_resumexfrs() can be used to restart
			stalled transfers.
564

Mark Andrews's avatar
Mark Andrews committed
565
566
567
568
1435.	[bug]		zmgr_resume_xfrs() was being called read locked
			rather than write locked.  zmgr_resume_xfrs()
			was not being called if the zone was being
			shutdown.
569

Mark Andrews's avatar
Mark Andrews committed
570
571
1434.	[bug]		"rndc reconfig" failed to initiate the initial
			zone transfer of new slave zones.
572

Mark Andrews's avatar
Mark Andrews committed
573
574
575
1433.	[bug]		named could trigger a REQUIRE failure if it could
			not get a file descriptor when attempting to write
			a master file. [RT #4347]
576

Mark Andrews's avatar
Mark Andrews committed
577
578
1432.	[func]		The advertised EDNS UDP buffer size can now be set
			via named.conf (edns-udp-size).
579

Mark Andrews's avatar
Mark Andrews committed
580
581
1431.	[bug]		isc_print_snprintf() "%s" with precision could walk off
			end of argument. [RT #5191]
582

Mark Andrews's avatar
Mark Andrews committed
583
1430.	[port]		linux: IPv6 interface scanning support.
584

Mark Andrews's avatar
Mark Andrews committed
585
1429.	[bug]		Prevent the cache getting locked to old servers.
Mark Andrews's avatar
Mark Andrews committed
586

Mark Andrews's avatar
Mark Andrews committed
587
1428.	[placeholder]
588

Mark Andrews's avatar
Mark Andrews committed
589
1427.	[bug]		Race condition in adb with threaded build.
Mark Andrews's avatar
Mark Andrews committed
590

Mark Andrews's avatar
Mark Andrews committed
591
1426.	[placeholder]
592

Mark Andrews's avatar
Mark Andrews committed
593
594
1425.	[port]		linux/libbind: define __USE_MISC when testing *_r()
			function prototypes in netdb.h.  [RT #4921]
595

Mark Andrews's avatar
Mark Andrews committed
596
1424.	[bug]		EDNS version not being correctly printed.
597

Mark Andrews's avatar
Mark Andrews committed
598
1423.	[contrib]	queryperf: added A6 and SRV.
599

Mark Andrews's avatar
Mark Andrews committed
600
1422.	[func]		Log name/type/class when denying a query.  [RT #4663]
601

Mark Andrews's avatar
Mark Andrews committed
602
603
604
1421.	[func]		Differentiate updates that don't succeed due to
			prerequisites (unsuccessful) vs other reasons
			(failed).
605

Mark Andrews's avatar
Mark Andrews committed
606
1420.	[port]		solaris: work around gcc optimizer bug.
607

Mark Andrews's avatar
Mark Andrews committed
608
1419.	[port]		openbsd: use /dev/arandom. [RT #4950]
609

Mark Andrews's avatar
Mark Andrews committed
610
1418.	[bug]		'rndc reconfig' did not cause new slaves to load.
611

Mark Andrews's avatar
Mark Andrews committed
612
613
1417.	[func]		ID.SERVER/CHAOS is now a built in zone.
			See "server-id" for how to configure.
614

Mark Andrews's avatar
Mark Andrews committed
615
616
1416.	[bug]		Empty node should return NOERROR NODATA, not NXDOMAIN.
			[RT #4715]
617

Mark Andrews's avatar
Mark Andrews committed
618
619
1415.	[func]		DS TTL now derived from NS ttl.  NXT TTL now derived
			from SOA MINIMUM.
620

Mark Andrews's avatar
Mark Andrews committed
621
1414.	[func]		Support for KSK flag.
622

Mark Andrews's avatar
Mark Andrews committed
623
624
1413.	[func]		Explictly request the (re-)generation of DS records from
			keysets (dnssec-signzone -g).
625

Mark Andrews's avatar
Mark Andrews committed
626
627
628
1412.	[func]		You can now specify servers to be tried if a nameserver
			has IPv6 address and you only support IPv4 or the
			reverse. See dual-stack-servers.
629

Mark Andrews's avatar
Mark Andrews committed
630
1411.	[bug]		empty nodes should stop wildcard matches. [RT #4802]
631

Mark Andrews's avatar
Mark Andrews committed
632
1410.	[func]		Handle records that live in the parent zone, e.g. DS.
633

Mark Andrews's avatar
Mark Andrews committed
634
1409.	[bug]		DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
635

Mark Andrews's avatar
Mark Andrews committed
636
1408.	[bug]		"make distclean" was not complete. [RT #4700]
637

Mark Andrews's avatar
Mark Andrews committed
638
639
1407.	[bug]		lfsr incorrectly implements the shift register.
			[RT #4617]
640

Mark Andrews's avatar
Mark Andrews committed
641
1406.	[bug]		dispatch initializes one of the LFSR's with a incorrect
Mark Andrews's avatar
Mark Andrews committed
642
			polynomial.  [RT #4617]
643

Mark Andrews's avatar
Mark Andrews committed
644
1405.	[func]		Use arc4random() if available.
Mark Andrews's avatar
Mark Andrews committed
645

Mark Andrews's avatar
Mark Andrews committed
646
647
1404.	[bug]		libbind: ns_name_ntol() could overwrite a zero length
			buffer.
648

Mark Andrews's avatar
Mark Andrews committed
649
650
651
1403.	[func]		dnssec-signzone, dnssec-keygen, dnssec-makekeyset
			dnssec-signkey now report their version in the
			usage message.
652

Mark Andrews's avatar
Mark Andrews committed
653
654
1402.	[cleanup]	A6 has been moved to experimental and is no longer
			fully supported.
655

Mark Andrews's avatar
Mark Andrews committed
656
1401.	[bug]		adb wasn't clearing state when the timer expired.
657

Mark Andrews's avatar
Mark Andrews committed
658
659
1400.	[bug]		Block the addition of wildcard NS records by IXFR
			or UPDATE. [RT #3502]
660

Mark Andrews's avatar
Mark Andrews committed
661
662
1399.	[bug]		Use serial number arithmetic when testing SIG
			timestamps. [RT #4268]
663

Mark Andrews's avatar
Mark Andrews committed
664
665
1398.	[doc]		ARM: notify-also should have been also-notify.
			[RT #4345]
666

Mark Andrews's avatar
Mark Andrews committed
667
1397.	[bug]		J.ROOT-SERVERS.NET is now 192.58.128.30.
668

Mark Andrews's avatar
Mark Andrews committed
669
670
1396.	[func]		dnssec-signzone: adjust the default signing time by
			1 hour to allow for clock skew.
671

Mark Andrews's avatar
Mark Andrews committed
672
673
1395.	[port]		OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
			have a working implementation.  [RT #4079]
674

Mark Andrews's avatar
Mark Andrews committed
675
676
677
1394.	[func]		It is now possible to check if a particular element is
			in a acl.  Remove duplicate entries from the localnets
			acl.
678

Mark Andrews's avatar
Mark Andrews committed
679
680
681
1393.	[port]		Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
			is not available in the kernel to prevent accidently
			listening on IPv4 interfaces.
682

Mark Andrews's avatar
Mark Andrews committed
683
1392.	[bug]		named-checkzone: update usage.
684

Mark Andrews's avatar
Mark Andrews committed
685
1391.	[func]		Add support for IPv6 scoped addresses in named.
686

Mark Andrews's avatar
Mark Andrews committed
687
1390.	[func]		host now supports ixfr.
688

Mark Andrews's avatar
Mark Andrews committed
689
1389.	[bug]		named could fail to rotate long log files.  [RT #3666]
690

Mark Andrews's avatar
Mark Andrews committed
691
692
1388.	[port]		irix: check for sys/sysctl.h and NET_RT_IFLIST before
			defining HAVE_IFLIST_SYSCTL. [RT #3770]
693

Mark Andrews's avatar
Mark Andrews committed
694
695
696
1387.	[bug]		named could crash due to an access to invalid memory
			space (which caused an assertion failure) in
			incremental cleaning.  [RT #3588]
697

Mark Andrews's avatar
Mark Andrews committed
698
699
1386.	[bug]		named-checkzone -z stopped on errors in a zone.
			[RT #3653]
700

Mark Andrews's avatar
Mark Andrews committed
701
702
1385.	[bug]		Setting serial-query-rate to 10 would trigger a
			REQUIRE failure.
703

Mark Andrews's avatar
Mark Andrews committed
704
705
1384.	[bug]		host was incompatible with BIND 8 in its exit code and
			in the output with the -l option.  [RT #3536]
706

Mark Andrews's avatar
Mark Andrews committed
707
708
709
1383.	[func]		Track the serial number in a IXFR response and log if
			a mismatch occurs.  This is a more specific error than
			"not exact". [RT #3445]
710

Mark Andrews's avatar
Mark Andrews committed
711
1382.	[bug]		make install failed with --enable-libbind. [RT #3656]
712

Mark Andrews's avatar
Mark Andrews committed
713
714
715
1381.	[bug]		named failed to correctly process answers that
			contained DNAME records where the resulting CNAME
			resulted in a negative answer.
716

Mark Andrews's avatar
Mark Andrews committed
717
718
1380.	[func]		'rndc recursing' dump recursing queries to
			'recursing-file = "named.recursing";'.
719

Mark Andrews's avatar
Mark Andrews committed
720
721
1379.	[func]		'rndc status' now reports tcp and recursion quota
			states.
722

Mark Andrews's avatar
Mark Andrews committed
723
1378.	[func]		Improved positive feedback for 'rndc {reload|refresh}.
724

Mark Andrews's avatar
Mark Andrews committed
725
726
1377.	[func]		dns_zone_load{new}() now reports if the zone was
			loaded, queued for loading to up to date.
727

Mark Andrews's avatar
Mark Andrews committed
728
729
1376.	[func]		New function dns_zone_logc() to log to specified
			category.
730

Mark Andrews's avatar
Mark Andrews committed
731
732
1375.	[func]		'rndc dumpdb' now dumps the adb cache along with the
			data cache.
733

Mark Andrews's avatar
Mark Andrews committed
734
735
1374.	[func]		dns_adb_dump() now logs the lame zones associated
			with each server.
736

Mark Andrews's avatar
Mark Andrews committed
737
738
1373.	[bug]		Recovery from expired glue failed under certain
			circumstances.
739

Mark Andrews's avatar
Mark Andrews committed
740
741
742
1372.	[bug]		named crashes with an assertion failure on exit when
			sharing the same port for listening and querying, and
			changing listening addresses several times. [RT# 3509]
Mark Andrews's avatar
Mark Andrews committed
743

Mark Andrews's avatar
Mark Andrews committed
744
745
746
1371.	[bug]		notify-source-v6, transfer-source-v6 and
			query-source-v6 with explicit addresses and using the
			same ports as named was listening on could interfere
Mark Andrews's avatar
Mark Andrews committed
747
			with named's ability to answer queries sent to those
Mark Andrews's avatar
Mark Andrews committed
748
			addresses.
Mark Andrews's avatar
Mark Andrews committed
749

Mark Andrews's avatar
Mark Andrews committed
750
1370.	[bug]		dig '+[no]recurse' was incorrectly documented.
Mark Andrews's avatar
Mark Andrews committed
751

Mark Andrews's avatar
Mark Andrews committed
752
753
1369.	[bug]		Adding an NS record as the lexicographically last
			record in a secure zone didn't work.
Mark Andrews's avatar
Mark Andrews committed
754

Mark Andrews's avatar
Mark Andrews committed
755
1368.	[func]		remove support for bitstring labels.
Mark Andrews's avatar
Mark Andrews committed
756

Mark Andrews's avatar
Mark Andrews committed
757
1367.	[func]		Use response times to select forwarders.
Mark Andrews's avatar
Mark Andrews committed
758

Mark Andrews's avatar
Mark Andrews committed
759
1366.	[contrib]	queryperf usage was incomplete.  Add '-h' for help.
Mark Andrews's avatar
Mark Andrews committed
760

Mark Andrews's avatar
Mark Andrews committed
761
762
1365.	[func]		"localhost" and "localnets" acls now include IPv6
			addresses / prefixes.
Mark Andrews's avatar
Mark Andrews committed
763

Mark Andrews's avatar
Mark Andrews committed
764
765
1364.	[func]		Log file name when unable to open memory statistics
			and dump database files. [RT# 3437]
Mark Andrews's avatar
Mark Andrews committed
766

Mark Andrews's avatar
Mark Andrews committed
767
1363.	[func]		Listen-on-v6 now supports specific addresses.
Mark Andrews's avatar
Mark Andrews committed
768

Mark Andrews's avatar
Mark Andrews committed
769
1362.	[bug]		remove IFF_RUNNING test when scanning interfaces.
770

Mark Andrews's avatar
Mark Andrews committed
771
772
1361.	[func]		log the reason for rejecting a server when resolving
			queries.
773

Mark Andrews's avatar
Mark Andrews committed
774
775
1360.	[bug]		--enable-libbind would fail when not built in the
			source tree for certain OS's.
776

Mark Andrews's avatar
Mark Andrews committed
777
778
1359.	[security]	Support patches OpenSSL libraries.
			http://www.cert.org/advisories/CA-2002-23.html
779

Mark Andrews's avatar
Mark Andrews committed
780
781
1358.	[bug]		It was possible to trigger a INSIST when debugging
			large dynamic updates. [RT #3390]
782

Mark Andrews's avatar
Mark Andrews committed
783
1357.	[bug]		nsupdate was extremely wasteful of memory.
784

Mark Andrews's avatar
Mark Andrews committed
785
1356.	[tuning]	Reduce the number of events / quantum for zone tasks.
786

Mark Andrews's avatar
Mark Andrews committed
787
1355.	[bug]		Fix DNSSEC wildcard proof for CNAME/DNAME.
788

Mark Andrews's avatar
Mark Andrews committed
789
1354.	[doc]		lwres man pages had illegal nroff.
790

Mark Andrews's avatar
Mark Andrews committed
791
1353.	[contrib]	sdb/ldap to version 0.9.
792

Mark Andrews's avatar
Mark Andrews committed
793
794
1352.	[bug]		dig, host, nslookup when falling back to TCP use the
			current search entry (if any). [RT #3374]
795

Mark Andrews's avatar
Mark Andrews committed
796
797
798
1351.	[bug]		lwres_getipnodebyname() returned the wrong name
			when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
			was set.
799

Mark Andrews's avatar
Mark Andrews committed
800
801
1350.	[bug]		dns_name_fromtext() failed to handle too many labels
			gracefully.
802

Mark Andrews's avatar
Mark Andrews committed
803
804
1349.	[security]	Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
			http://www.cert.org/advisories/CA-2002-23.html
805

Mark Andrews's avatar
Mark Andrews committed
806
807
808
1348.	[port]		win32: Rewrote code to use I/O Completion Ports
			in socket.c and eliminating a host of socket
			errors. Performance is enhanced.
809

Mark Andrews's avatar
Mark Andrews committed
810
1347.	[placeholder]
Danny Mayer's avatar
Danny Mayer committed
811

Mark Andrews's avatar
Mark Andrews committed
812
1346.	[placeholder]
813

Mark Andrews's avatar
Mark Andrews committed
814
815
1345.	[port]		Use a explicit -Wformat with gcc.  Not all versions
			include it in -Wall.
816

Mark Andrews's avatar
Mark Andrews committed
817
818
819
820
821
1344.	[func]		Log if the serial number on the master has gone
			backwards.
			If you have multiple machines specified in the masters
			clause you may want to set 'multi-master yes;' to
			suppress this warning.
822

Mark Andrews's avatar
Mark Andrews committed
823
824
1343.	[func]		Log successful notifies received (info).  Adjust log
			level for failed notifies to notice.
825

Mark Andrews's avatar
Mark Andrews committed
826
1342.	[func]		Log remote address with TCP dispatch failures.
827

Mark Andrews's avatar
Mark Andrews committed
828
1341.	[func]		Allow a rate limiter to be stalled.
829

Mark Andrews's avatar
Mark Andrews committed
830
1340.	[bug]		Delay and spread out the startup refresh load.
831

Mark Andrews's avatar
Mark Andrews committed
832
833
1339.	[func]		dig, host and nslookup now use IP6.ARPA for nibble
			lookups.  Bit string lookups are no longer attempted.
834

Mark Andrews's avatar
Mark Andrews committed
835
1338.	[placeholder]
836

Mark Andrews's avatar
Mark Andrews committed
837
1337.	[placeholder]
838

Mark Andrews's avatar
Mark Andrews committed
839
840
841
1336.	[func]		Nibble lookups under IP6.ARPA are now supported by
			dns_byaddr_create().  dns_byaddr_createptrname() is
			deprecated, use dns_byaddr_createptrname2() instead.
842

Mark Andrews's avatar
Mark Andrews committed
843
844
1335.	[bug]		When performing a nonexistence proof, the validator
			should discard parent NXTs from higher in the DNS.
845

Mark Andrews's avatar
Mark Andrews committed
846
847
1334.	[bug]		When signing/verifying rdatasets, duplicate rdatas
			need to be suppressed.
848

Mark Andrews's avatar
Mark Andrews committed
849
850
1333.	[contrib]	queryperf now reports a summary of returned
			rcodes (-c), rcodes are printed in mnemonic form (-v).
851

Mark Andrews's avatar
Mark Andrews committed
852
853
1332.	[func]		Report the current serial with periodic commits when
			rolling forward the journal.
854

Mark Andrews's avatar
Mark Andrews committed
855
1331.	[func]		Generate DNSSEC wildcard proofs.
856