CHANGES 226 KB
Newer Older
1 2
2173.	[port]		win32: When compiling with MSVS 2005 SP1 we also
			need to ship Microsoft.VC80.MFCLOC.
Mark Andrews's avatar
9.5.0a4  
Mark Andrews committed
3 4 5

	--- 9.5.0a4 released ---

6 7 8
2172.	[bug]		query_addsoa() was being called with a non zone db.
			[RT #16834]

9 10 11 12
2171.	[bug]		Handle breaks in DNSSEC trust chains where the parent
			servers are not DS aware (DS queries to the parent
			return a referral to the child).

13 14
2170.	[func]		Add acache processing to test suite. [RT #16711]

15 16 17
2169.	[bug]		host, nslookup: when reporting NXDOMAIN report the
			given name and not the last name searched for.
			[RT #16763]
18

19 20 21
2168.	[bug]		nsupdate: in non-interactive mode treat syntax errors
			as fatal errors. [RT #16785]

22 23
2167.	[bug]		When re-using a automatic zone named failed to
			attach it to the new view. [RT #16786]
Evan Hunt's avatar
9.5.0a3  
Evan Hunt committed
24 25 26

	--- 9.5.0a3 released ---

27 28 29 30
2166.	[bug]		When running in batch mode, dig could misinterpret
			a server address as a name to be looked up, causing
			unexpected output. [RT #16743]

31 32 33 34 35
2165.	[func]		Allow the destination address of a query to determine
			if we will answer the query or recurse.
			allow-query-on, allow-recursion-on and
			allow-query-cache-on. [RT #16291]

36 37 38 39
2164.	[bug]		The code to determine how named-checkzone / 
			named-compilezone was called failed under windows.
			[RT #16764]

40 41 42 43
2163.	[bug]		If only one of query-source and query-source-v6
			specified a port the query pools code broke (change
			2129).  [RT #16768]

44 45 46
2162.	[func]		Allow "rrset-order fixed" to be disabled at compile
			time. [RT #16665]

47 48 49
2161.	[bug]		Fix which log messages are emitted for 'rndc flush'.
			[RT #16698]

50 51 52
2160.	[bug]		libisc wasn't handling NULL ifa_addr pointers returned
			from getifaddrs(). [RT #16708]

Mark Andrews's avatar
9.5.0a2  
Mark Andrews committed
53 54
	--- 9.5.0a2 released ---

Mark Andrews's avatar
Mark Andrews committed
55 56
2159.	[bug]		Array bounds overrun in acache processing. [RT #16710]

57 58 59
2158.	[bug]		ns_client_isself() failed to initialise key
			leading to a REQUIRE failure. [RT #16688]

60 61 62 63 64 65 66 67
2157.	[func]		dns_db_transfernode() created. [RT #16685]

2156.	[bug]		Fix node reference leaks in lookup.c:lookup_find(),
			resolver.c:validated() and resolver.c:cache_name().
			Fix a memory leak in rbtdb.c:free_noqname().
			Make lookup.c:lookup_find() robust against
			event leaks. [RT #16685]

68 69 70
2155.	[contrib]	SQLite sdb module from jaboydjr@netwalk.com.
			[RT #16694]

71 72 73
2154.	[func]		Scoped (e.g. IPv6 link-local) addresses may now be
			matched in acls by omitting the scope. [RT #16599]

74 75
2153.	[bug]		nsupdate could leak memory. [RT #16691]

76 77 78
2152.	[cleanup]	Use sizeof(buf) instead of fixed number in
			dighost.c:get_trusted_key(). [RT #16678]

79 80 81
2151.	[bug]		Missing newline in usage message for journalprint.
			[RT #16679]

82 83 84 85
2150.	[bug]		'rrset-order cyclic' uniformly distribute the
			starting point for the first response for a given
			RRset. [RT #16655]

86 87 88 89
2149.	[bug]		isc_mem_checkdestroyed() failed to abort on
			if there were still active memory contexts.
			[RT #16672]

90 91
2148.	[func]		Add positive logging for rndc commands. [RT #14623]

92 93 94
2147.	[bug]		libbind: remove potential buffer overflow from
			hmac_link.c. [RT #16437]

95 96 97
2146.	[cleanup]	Silence Linux's spurious "obsolete setsockopt
			SO_BSDCOMPAT" message. [RT #16641]

98 99 100
2145.	[bug]		Check DS/DLV digest lengths for known digests.
			[RT #16622]

101 102 103
2144.	[cleanup]	Suppress logging of SERVFAIL from forwarders.
			[RT #16619]

104 105 106 107
2143.	[bug]		We failed to restart the IPv6 client when the
			kernel failed to return the destination the
			packet was sent to. [RT #16613]

Mark Andrews's avatar
Mark Andrews committed
108
2142.	[bug]		Handle master files with a modification time that
109 110
			matches the epoch. [RT# 16612]

111 112 113
2141.	[bug]		dig/host should not be setting IDN_ASCCHECK (IDN
			equivalent of LDH checks).  [RT #16609]

114 115 116
2140.	[bug]		libbind: missing unlock on pthread_key_create()
			failures. [RT #16654]

117 118 119
2139.	[bug]		dns_view_find() was being called with wrong type
			in adb.c. [RT #16670]

120 121
2138.	[bug]		Lock order reversal in resolver.c. [RT #16653]

122
2137.	[port]		Mips little endian and/or mips 64 bit are now
Mark Andrews's avatar
Mark Andrews committed
123
			supported for atomic operations. [RT#16648]
124

125 126 127
2136.	[bug]		nslookup/host looped if there was no search list
			and the host didn't exist. [RT #16657]

128 129
2135.	[bug]		Uninitialised rdataset in sdlz.c. [RT# 16656]

130 131
2134.	[func]		Additional statistics support. [RT #16666]

132 133 134
2133.	[port]		powerpc:  Support both IBM and MacOS Power PC
			assembler syntaxes. [RT #16647]

135 136 137
2132.	[bug]		Missing unlock on out of memory in
			dns_dispatchmgr_setudp().

138 139
2131.	[contrib]	dlz/mysql: AXFR was broken. [RT #16630]

140 141
2130.	[func]		Log if CD or DO were set. [RT #16640]

142 143 144 145
2129.	[func]		Provide a pool of UDP sockets for queries to be
			made over. See use-queryport-pool, queryport-pool-ports
			and queryport-pool-updateinterval.  [RT #16415]

146 147
2128.	[doc]		xsltproc --nonet, update DTD versions.  [RT #16635]

148 149
2127.	[port]		Improved OpenSSL 0.9.8 support. [RT #16563]

Mark Andrews's avatar
Mark Andrews committed
150
2126.	[security]	Serialise validation of type ANY responses. [RT #16555]
151

152 153 154
2125.	[bug]		dns_zone_getzeronosoattl() REQUIRE failure if DLZ
			was defined. [RT #16574]

Mark Andrews's avatar
Mark Andrews committed
155
2124.	[security]	It was possible to dereference a freed fetch
156
			context. [RT #16584]
Mark Andrews's avatar
9.5.0a1  
Mark Andrews committed
157 158 159

	--- 9.5.0a1 released ---

160 161 162
2123.	[func]		Use Doxygen to generate internal documention.
			[RT #11398]

163 164 165
2122.	[func]		Experimental http server and statistics support
			for named via xml.

166 167 168
2121.	[func]		Add a 10 slot dead masters cache (LRU) with a 600
			second timeout. [RT #16553]

169 170
2120.	[doc]		Fix markup on nsupdate man page. [RT #16556]

171 172 173 174
2119.	[compat]	libbind: allow res_init() to succeed enough to
			return the default domain even if it was unable
			to allocate memory.

175 176 177 178
2118.	[bug]		Handle response with long chains of domain name
			compression pointers which point to other compression
			pointers. [RT #16427]

179 180 181 182 183 184 185
2117.	[bug]		DNSSEC fixes: named could fail to cache NSEC records
			which could lead to validation failures.  named didn't
			handle negative DS responses that were in the process
			of being validated.  Check CNAME bit before accepting
			NODATA proof. To be able to ignore a child NSEC there
			must be SOA (and NS) set in the bitmap. [RT #16399]

186 187 188
2116.	[bug]		'rndc reload' could cause the cache to continually
			be cleaned. [RT #16401]

189 190 191
2115.	[bug]		'rndc reconfig' could trigger a INSIST if the
			number of masters for a zone was reduced. [RT #16444]

192
2114.	[bug]		dig/host/nslookup: searches for names with multiple
Mark Andrews's avatar
Mark Andrews committed
193
			labels were failing. [RT #16447]
194

195 196 197
2113.	[bug]		nsupdate: if a zone is specified it should be used
			for server discover. [RT# 16455]

198 199
2112.	[security]	Warn if weak RSA exponent is used. [RT #16460]

200 201 202
2111.	[bug]		Fix a number of errors reported by Coverity.
			[RT #16507]

203 204 205
2110.	[bug]		"minimal-response yes;" interacted badly with BIND 8
			priming queries. [RT #16491]

206 207
2109.	[port]		libbind: silence aix 5.3 compiler warnings. [RT #16502]

208 209
2108.	[func]		DHCID support. [RT #16456]

210 211
2107.	[bug]		dighost.c: more cleanup of buffers. [RT #16499]

212 213
2106.	[func]		'rndc status' now reports named's version. [RT #16426]

214 215
2105.	[func]		GSS-TSIG support (RFC 3645).

216 217
2104.	[port]		Fix Solaris SMF error message.

218 219 220
2103.	[port]		Add /usr/sfw to list of locations for OpenSSL
			under Solaris.

221 222
2102.	[port]		Silence solaris 10 warnings.

223 224 225
2101.	[bug]		OpenSSL version checks were not quite right.
			[RT #16476]

226 227 228
2100.	[port]		win32: copy libeay32.dll to Build\Debug.
			Copy Debug\named-checkzone to Debug\named-compilezone.

229 230
2099.	[port]		win32: more manifiest issues.

Mark Andrews's avatar
Mark Andrews committed
231
2098.	[bug]		Race in rbtdb.c:no_references(), which occasionally
232 233
			triggered an INSIST failure about the node lock
			reference.  [RT #16411]
234

235 236 237
2097.	[bug]		named could reference a destroyed memory context
			after being reloaded / reconfigured. [RT #16428]

238 239 240
2096.	[bug]		libbind: handle applications that fail to detect
			res_init() failures better.

241 242 243
2095.	[port]		libbind: alway prototype inet_cidr_ntop_ipv6() and
			net_cidr_ntop_ipv6(). [RT #16388]
 
244 245
2094.	[contrib]	Update named-bootconf.  [RT# 16404]

246 247
2093.	[bug]		named-checkzone -s was broken.

248 249 250 251
2092.	[bug]		win32: dig, host, nslookup.  Use registry config
			if resolv.conf does not exist or no nameservers
			listed. [RT #15877] 

252 253
2091.	[port]		dighost.c: race condition on cleanup. [RT #16417]

254 255 256
2090.	[port]		win32: Visual C++ 2005 command line manifest support.
			[RT #16417]

257 258 259 260 261 262 263 264
2089.	[security]	Raise the minimum safe OpenSSL versions to
			OpenSSL 0.9.7l and OpenSSL 0.9.8d.  Versions
			prior to these have known security flaws which
			are (potentially) exploitable in named. [RT #16391]

2088.	[security]	Change the default RSA exponent from 3 to 65537.
			[RT #16391]

265 266 267
2087.	[port]		libisc failed to compile on OS's w/o a vsnprintf.
			[RT #16382]

268 269 270
2086.	[port]		libbind: FreeBSD now has get*by*_r() functions.
			[RT #16403]

271 272
2085.	[doc]		win32: added index.html and README to zip. [RT #16201]

273 274
2084.	[contrib]	dbus update for 9.3.3rc2.

275 276
2083.	[port]		win32: Visual C++ 2005 support.

277 278
2082.	[doc]		Document 'cache-file' as a test only option.

279 280 281
2081.	[port]		libbind: minor 64-bit portability fix in memcluster.c.
			[RT #16360]

282 283 284
2080.	[port]		libbind: res_init.c did not compile on older versions
			of Solaris. [RT #16363]

285 286 287
2079.	[bug]		The lame cache was not handling multiple types
			correctly. [RT #16361]

288 289 290 291 292 293
2078.	[bug]		dnssec-checkzone output style "default" was badly
			named.  It is now called "relative". [RT #16326]

2077.	[bug]		'dnssec-signzone -O raw' wasn't outputing the
			complete signed zone. [RT #16326]

294 295 296
2076.	[bug]		Several files were missing #include <config.h>
			causing build failures on OSF. [RT #16341]

297 298 299
2075.	[bug]		The spillat timer event hander could leak memory.
			[RT #16357]

Mark Andrews's avatar
Mark Andrews committed
300
2074.	[bug]		dns_request_createvia2(), dns_request_createvia3(),
301 302 303
			dns_request_createraw2() and dns_request_createraw3()
			failed to send multiple UDP requests. [RT #16349]

304 305 306
2073.	[bug]		Incorrect semantics check for update policy "wildcard".
			[RT #16353]

307 308 309
2072.	[bug]		We were not generating valid HMAC SHA digests.
			[RT #16320]

310 311 312
2071.	[port]		Test whether gcc accepts -fno-strict-aliasing.
			[RT #16324]

313 314 315
2070.	[bug]		The remote address was not always displayed when
			reporting dispatch failures. [RT #16315]

316 317
2069.	[bug]		Cross compiling was not working. [RT #16330]

318 319 320
2068.	[cleanup]	Lower incremental tuning message to debug 1.
			[RT #16319]

321 322 323
2067.	[bug]		'rndc' could close the socket too early triggering
			a INSIST under Windows. [RT #16317]

324
2066.	[security]	Handle SIG queries gracefully. [RT #16300]
Mark Andrews's avatar
Mark Andrews committed
325

326 327 328
2065.	[bug]		libbind: probe for HPUX prototypes for
			endprotoent_r() and endservent_r().  [RT 16313]

329 330
2064.	[bug]		libbind: silence AIX compiler warnings. [RT #16218]

331 332 333
2063.	[bug]		Change #1955 introduced a bug which caused the first
			'rndc flush' call to not free memory. [RT #16244]

Mark Andrews's avatar
Mark Andrews committed
334
2062.	[bug]		'dig +nssearch' was reusing a buffer before it had
335 336
			been returned by the socket code. [RT #16307]

337 338
2061.	[bug]		Accept expired wildcard message reversed. [RT #16296]

339 340 341
2060.	[bug]		Enabling DLZ support could leave views partially
			configured. [RT #16295]

342 343 344
2059.	[bug]		Search into cache rbtdb could trigger an INSIST
			failure while cleaning up a stale rdataset.
			[RT #16292]
345

346
2058.	[bug]		Adjust how we calculate rtt estimates in the presence
Mark Andrews's avatar
Mark Andrews committed
347
			of authoritative servers that drop EDNS and/or CD
348 349 350
			requests.  Also fallback to EDNS/512 and plain DNS
			faster for zones with less than 3 servers.  [RT #16187]

351 352 353
2057.	[bug]		Make setting "ra" dependent on both allow-query-cache
			and allow-recursion. [RT #16290]

354 355 356
2056.	[bug]		dig: ixfr= was not being treated case insensitively
			at all times. [RT #15955]

357 358 359
2055.	[bug]		Missing goto after dropping multicast query.
			[RT #15944]

360 361 362
2054.	[port]		freebsd: do not explicitly link against -lpthread.
			[RT #16170]

363 364
2053.	[port]		netbsd:libbind: silence compiler warnings. [RT #16220]

365 366 367
2052.	[bug]		'rndc' improve connect failed message to report
			the failing address. [RT #15978]

368 369
2051.	[port]		More strtol() fixes. [RT #16249]

370 371 372
2050.	[bug]		Parsing of NSAP records was not case insensitive.
			[RT #16287]

373 374 375 376 377
2049.	[bug]		Restore SOA before AXFR when falling back from
			a attempted IXFR when transfering in a zone.
			Allow a initial SOA query before attempting
			a AXFR to be requested. [RT #16156]

378 379 380 381 382
2048.	[bug]		It was possible to loop forever when using
			avoid-v4-udp-ports / avoid-v6-udp-ports when
			the OS always returned the same local port.
			[RT #16182]

383 384 385
2047.	[bug]		Failed to initialise the interface flags to zero.
			[RT #16245]

386
2046.	[bug]		rbtdb.c:rdataset_setadditional() could cause duplicate
387
			cleanup [RT #16247].
388

389
2045.	[func]		Use lock buckets for acache entries to limit memory
390
			consumption. [RT #16183]
391

392
2044.	[port]		Add support for atomic operations for Itanium.
393
			[RT #16179]
394

395 396 397
2043.	[port]		nsupdate/nslookup: Force the flushing of the prompt
			for interactive sessions. [RT#16148]

398 399 400
2042.	[bug]		named-checkconf was incorrectly rejecting the
			logging category "config". [RT #16117]

401 402 403
2041.	[bug]		"configure --with-dlz-bdb=yes" produced a bad
			set of libraries to be linked. [RT #16129]

404 405
2040.	[bug]		rbtdb no_references() could trigger an INSIST
			failure with --enable-atomic.  [RT #16022]
406

407
2039.	[func]		Check that all buffers passed to the socket code
Mark Andrews's avatar
Mark Andrews committed
408
			have been retrieved when the socket event is freed.
409 410 411 412 413
			[RT #16122]

2038.	[bug]		dig/nslookup/host was unlinking from wrong list
			when handling errors. [RT #16122]

414 415 416 417
2037.	[func]		When unlinking the first or last element in a list
			check that the list head points to the element to
			be unlinked. [RT #15959]

418 419 420
2036.	[bug]		'rndc recursing' could cause trigger a REQUIRE.
			[RT #16075]

421 422 423 424
2035.	[func]		Make falling back to TCP on UDP refresh failure
			optional. Default "try-tcp-refresh yes;" for BIND 8
			compatibility. [RT #16123]

425 426
2034.	[bug]		gcc: set -fno-strict-aliasing. [RT #16124]

427 428 429
2033.	[bug]		We wern't creating multiple client memory contexts
			on demand as expected. [RT #16095]

430 431
2032.	[bug]		Remove a INSIST in query_addadditional2(). [RT #16074]

432 433 434
2031.	[bug]		Emit a error message when "rndc refresh" is called on
			a non slave/stub zone. [RT # 16073]

435 436 437
2030.	[bug]		We were being overly conservative when disabling
			openssl engine support. [RT #16030]

438 439 440
2029.	[bug]		host printed out the server multiple times when
			specified on the command line. [RT #15992]

Mark Andrews's avatar
Mark Andrews committed
441
2028.	[port]		linux: socket.c compatability for old systems.
442 443
			[RT #16015]

Mark Andrews's avatar
Mark Andrews committed
444
2027.	[port]		libbind: Solaris x86 support. [RT #16020]
445

446 447 448
2026.	[bug]		Rate limit the two recursive client exceeded messages.
			[RT #16044]

449 450
2025.	[func]		Update "zone serial unchanged" message. [RT #16026]

451 452 453
2024.	[bug]		named emited spurious "zone serial unchanged"
			messages on reload. [RT #16027]

454 455 456
2023.	[bug]		"make install" should create ${localstatedir}/run and
			${sysconfdir} if they do not exist. [RT #16033]

457 458 459 460 461
2022.	[bug]		If dnssec validation is disabled only assert CD if
			CD was requested. [RT #16037]

2021.	[bug]		dnssec-enable no; triggered a REQUIRE. [RT #16037]

462 463
2020.	[bug]		rdataset_setadditional() could leak memory. [RT #16034]

464 465 466
2019.	[tuning]	Reduce the amount of work performed per quantum
			when cleaning the cache. [RT #15986]

467 468 469 470
2018.	[bug]		Checking if the HMAC MD5 private file was broken.
			[RT #15960]

2017.	[bug]		allow-query default was not correct. [RT #15946]
471

472 473 474 475
2016.	[bug]		Return a partial answer if recursion is not
			allowed but requested and we had the answer
			to the original qname. [RT #15945]

476 477 478 479 480 481
2015.	[cleanup]	use-additional-cache is now acache-enable for
			consistancy.  Default acache-enable off in BIND 9.4
			as it requires memory usage to be configured.
			It may be enabled by default in BIND 9.5 once we
			have more experience with it.

Shane Kerr's avatar
Shane Kerr committed
482 483 484
2014.	[func]		Statistics about acache now recorded and sent
			to log. [RT #15976]

485 486 487
2013.	[bug]		Handle unexpected TSIGs on unsigned AXFR/IXFR
			responses more gracefully. [RT #15941]

488 489 490
2012.	[func]		Don't insert new acache entries if acache is full.
			[RT #15970]

491 492 493 494
2011.	[func]		dnssec-signzone can now update the SOA record of
			the signed zone, either as an increment or as the
			system time(). [RT #15633]

495 496
2010.	[placeholder]	rt15958

497 498
2009.	[bug]		libbind: coverity fixes. [RT #15808]

499 500 501 502 503 504 505
2008.	[func]		It is now posssible to enable/disable DNSSEC
			validation from rndc.  This is useful for the
			mobile hosts where the current connection point
			breaks DNSSEC (firewall/proxy).  [RT #15592]

				rndc validation newstate [view]

506 507 508 509
2007.	[func]		It is now possible to explicitly enable DNSSEC
			validation.  default dnssec-validation no; to
			be changed to yes in 9.5.0.  [RT #15674]

510 511 512 513 514 515 516 517 518 519 520
2006.	[security]	Allow-query-cache and allow-recursion now default
			to the builtin acls "localnets" and "localhost".

			This is being done to make caching servers less
			attractive as reflective amplifying targets for
			spoofed traffic.  This still leave authoritative
			servers exposed.

			The best fix is for full BCP 38 deployment to
			remove spoofed traffic.

521 522 523 524
2005.	[bug]		libbind: Retransmission timeouts should be
			based on which attempt it is to the nameserver
			and not the nameserver itself. [RT #13548]

525 526 527 528
2004.	[bug]		dns_tsig_sign() could pass a NULL pointer to
			dst_context_destroy() when cleaning up after a
			error. [RT #15835]

529 530 531 532 533
2003.	[bug]		libbind: The DNS name/address lookup functions could
			occasionally follow a random pointer due to
			structures not being completely zeroed. [RT #15806]

2002.	[bug]		libbind: tighten the constraints on when
534 535
			struct addrinfo._ai_pad exists.  [RT #15783]

536 537 538 539
2001.	[func]		Check the KSK flag when updating a secure dynamic zone.
			New zone option "update-check-ksk yes;".  [RT #15817]

2000.	[bug]		memmove()/strtol() fix was incomplete. [RT #15812]
540

541 542
1999.	[func]		Implement "rrset-order fixed". [RT #13662]

543 544 545 546
1998.	[bug]		Restrict handling of fifos as sockets to just SunOS.
			This allows named to connect to entropy gathering
			daemons that use fifos instead of sockets. [RT #15840]

547 548 549 550
1997.	[bug]		Named was failing to replace negative cache entries
			when a positive one for the type was learnt.
			[RT #15818]

551 552 553
1996.	[bug]		nsupdate: if a zone has been specified it should
			appear in the output of 'show'. [RT #15797]

554 555 556
1995.	[bug]		'host' was reporting multiple "is an alias" messages.
			[RT #15702]

557 558
1994.	[port]		OpenSSL 0.9.8 support. [RT #15694]

559 560 561 562
1993.	[bug]		Log messsage, via syslog, were missing the space
			after the timestamp if "print-time yes" was specified.
			[RT #15844]

Mark Andrews's avatar
Mark Andrews committed
563
1992.	[bug]		Not all incoming zone transfer messages included the
564 565
			view.  [RT #15825]

566 567 568 569
1991.	[cleanup]	The configuration data, once read, should be treated
			as readonly.  Expand the use of const to enforce this
			at compile time. [RT #15813]

570 571 572 573
1990.	[bug]		libbind:  isc's override of broken gettimeofday()
			implementions was not always effective.
			[RT #15709]

574 575 576
1989.	[bug]		win32: don't check the service password when
			re-installing. [RT #15882]

577 578 579
1988.	[bug]		Remove a bus error from the SHA256/SHA512 support.
			[RT #15878]

580 581
1987.	[func]		DS/DLV SHA256 digest algorithm support. [RT #15608]

582 583
1986.	[func]		Report when a zone is removed. [RT #15849]

584 585 586 587 588 589 590 591 592 593 594
1985.	[protocol]	DLV has now been assigned a official type code of
			32769. [RT #15807]

			Note: care should be taken to ensure you upgrade
			both named and dnssec-signzone at the same time for
			zones with DLV records where named is the master
			server for the zone.  Also any zones that contain
			DLV records should be removed when upgrading a slave
			zone.  You do not however have to upgrade all
			servers for a zone with DLV records simultaniously.

595 596 597
1984.	[func]		dig, nslookup and host now advertise a 4096 byte
			EDNS UDP buffer size by default. [RT #15855]

598 599 600
1983.	[func]		Two new update policies.  "selfsub" and "selfwild".
			[RT #12895]

601 602 603 604
1982.	[bug]		DNSKEY was being accepted on the parent side of
			a delegation.  KEY is still accepted there for
			RFC 3007 validated updates. [RT #15620]

605 606 607
1981.	[bug]		win32: condition.c:wait() could fail to reattain
			the mutex lock.

608 609 610
1980.	[func]		dnssec-signzone: output the SOA record as the
			first record in the signed zone. [RT #15758]

611 612 613
1979.	[port]		linux: allow named to drop core after changing
			user ids. [RT #15753]

614 615 616
1978.	[port]		Handle systems which have a broken recvmsg().
			[RT #15742]

617 618
1977.	[bug]		Silence noisy log message. [RT #15704]

619 620
1976.	[bug]		Handle systems with no IPv4 addresses. [RT #15695]

621 622 623
1975.	[bug]		libbind: isc_gethexstring() could misparse multi-line
			hex strings with comments. [RT #15814]

624 625 626
1974.	[doc]		List each of the zone types and associated zone
			options seperately in the ARM.

627 628 629
1973.	[func]		TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
			HMACSHA512 support. [RT #13606]

630 631 632
1972.	[contrib]	DBUS dynamic forwarders integation from
			Jason Vas Dias <jvdias@redhat.com>.

633
1971.	[port]		linux: make detection of missing IF_NAMESIZE more
634
			robust. [RT #15443]
635

636 637 638
1970.	[bug]		nsupdate: adjust UDP timeout when falling back to
			unsigned SOA query. [RT #15775]

639 640 641
1969.	[bug]		win32: the socket code was freeing the socket
			structure too early. [RT #15776]

642 643
1968.	[bug]		Missing lock in resolver.c:validated(). [RT #15739]

644 645
1967.	[func]		dig/nslookup/host: warn about missing "QR". [RT #15779]

Mark Andrews's avatar
Mark Andrews committed
646
1966.	[bug]		Don't set CD when we have fallen back to plain DNS.
647 648
			[RT #15727]

649 650 651
1965.	[func]		Suppress spurious "recusion requested but not
			available" warning with 'dig +qr'. [RT #15780].

652 653
1964.	[func]		Seperate out MX and SRV to CNAME checks. [RT #15723]

654 655 656
1963.	[port]		Tru64 4.0E doesn't support send() and recv(). 
			[RT #15586]

657 658 659
1962.	[bug]		Named failed to clear old update-policy when it
			was removed. [RT #15491]

660 661 662
1961.	[bug]		Check the port and address of responses forwarded
			to dispatch. [RT #15474]

663 664 665
1960.	[bug]		Update code should set NSEC ttls from SOA MINIMUM.
			[RT #15465]

666 667 668 669
1959.	[func]		Control the zeroing of the negative response TTL to
			a soa query.  Defaults "zero-no-soa-ttl yes;" and
			"zero-no-soa-ttl-cache no;". [RT #15460]

670 671 672
1958.	[bug]		Named failed to update the zone's secure state
			until the zone was reloaded. [RT #15412]

673 674 675
1957.	[bug]		Dig mishandled responses to class ANY queries.
			[RT #15402]

676 677 678 679
1956.	[bug]		Improve cross compile support, 'gen' is now built
			by native compiler.  See README for additional
			cross compile support information. [RT #15148]

680 681
1955.	[bug]		Pre-allocate the cache cleaning interator. [RT #14998]

Mark Andrews's avatar
Mark Andrews committed
682
1954.	[func]		Named now falls back to advertising EDNS with a
683 684 685
			512 byte receive buffer if the initial EDNS queries
			fail.  [RT #14852]

Mark Andrews's avatar
Mark Andrews committed
686
1953.	[func]		The maximum EDNS UDP response named will send can
687 688 689 690
			now be set in named.conf (max-udp-size).  This is
			independent of the advertised receive buffer
			(edns-udp-size). [RT #14852]

691 692 693
1952.	[port]		hpux: tell the linker to build a runtime link
			path "-Wl,+b:". [RT #14816].

694 695 696 697
1951.	[security]	Drop queries from particular well known ports.
			Don't return FORMERR to queries from particular
			well known ports.  [RT #15636]
			
698 699 700 701
1950.	[port]		Solaris 2.5.1 and earlier cannot bind() then connect()
			a TCP socket. This prevents the source address being
			set for TCP connections. [RT #15628]

702 703
1949.	[func]		Addition memory leakage checks. [RT #15544]

704 705 706 707
1948.	[bug]		If was possible to trigger a REQUIRE failure in
			xfrin.c:maybe_free() if named ran out of memory.
			[RT #15568]

708 709 710 711 712
1947.	[func]		It is now possible to configure named to accept
			expired RRSIGs.  Default "dnssec-accept-expired no;".
			Setting "dnssec-accept-expired yes;" leaves named
			vulnerable to replay attacks.  [RT #14685]

713 714 715
1946.	[bug]		resume_dslookup() could trigger a REQUIRE failure
			when using forwarders. [RT #15549]

716
1945.	[cleanup]	dnssec-keygen: RSA (RSAMD5) is nolonger recommended.
Mark Andrews's avatar
Mark Andrews committed
717
			To generate a RSAMD5 key you must explicitly request
718 719
			RSAMD5. [RT #13780]
			
720 721 722
1944.	[cleanup]	isc_hash_create() does not need a read/write lock.
			[RT #15522]

Mark Andrews's avatar
Mark Andrews committed
723
1943.	[bug]		Set the loadtime after rolling forward the journal.
724 725
			[RT #15647]

726 727 728 729
1942.	[bug]		If the name of a DNSKEY match that of one in
			trusted-keys do not attempt to validate the DNSKEY
			using the parents DS RRset. [RT #15649]

730 731 732
1941.	[bug]		ncache_adderesult() should set eresult even if no
			rdataset is passed to it. [RT #15642]

733 734 735
1940.	[bug]		Fixed a number of error conditions reported by
			Coverity.

736 737 738 739 740 741 742
1939.	[bug]		The resolver could dereference a null pointer after
			validation if all the queries have timed out.
			[RT #15528]

1938.	[bug]		The validator was not correctly handling unsecure
			negative responses at or below a SEP. [RT #15528]

743 744
1937.	[bug]		sdlz doesn't handle RRSIG records. [RT #15564]

Mark Andrews's avatar
Mark Andrews committed
745
1936.	[bug]		The validator could leak memory. [RT #15544]
746

747 748 749 750 751 752
1935.	[bug]		'acache' was DO sensitive. [RT #15430]

1934.	[func]		Validate pending NS RRsets, in the authority section,
			prior to returning them if it can be done without
			requiring DNSKEYs to be fetched.  [RT #15430]

Mark Andrews's avatar
Mark Andrews committed
753
1933.	[bug]		dump_rdataset_raw() had a incorrect INSIST. [RT #15534]
754

755 756
1932.	[bug]		hpux: LDFLAGS was getting corrupted. [RT #15530]

757 758
1931.	[bug]		Per-client mctx could require a huge amount of memory,
			particularly for a busy caching server. [RT #15519]
759

760 761 762 763
1930.	[port]		HPUX: ia64 support. [RT #15473]

1929.	[port]		FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.

764 765
1928.	[bug]		Race in rbtdb.c:currentversion(). [RT #15517]

766 767 768
1927.	[bug]		Access to soanode or nsnode in rbtdb violated the
			lock order rule and could cause a dead lock.
			[RT# 15518]
769

770
1926.	[bug]		The Windows installer did not check for empty
771 772
			passwords.  BINDinstall was being installed in
			the wrong place. [RT #15483]
773

774 775 776
1925.	[port]		All outer level AC_TRY_RUNs need cross compiling
			defaults. [RT #15469]

777 778
1924.	[port]		libbind: hpux ia64 support. [RT #15473]

779 780
1923.	[bug]		ns_client_detach() called too early. [RT #15499]

781 782 783
1922.	[bug]		check-tool.c:setup_logging() missing call to
			dns_log_setcontext().

Mark Andrews's avatar
Mark Andrews committed
784
1921.	[bug]		Client memory contexts were not using internal
785 786
			malloc. [RT# 15434]

Mark Andrews's avatar
update  
Mark Andrews committed
787
1920.	[bug]		The cache rbtdb lock array was too small to
788 789 790
			have the desired performance characteristics.
			[RT #15454]

791 792 793
1919.	[contrib]	queryperf: a set of new features: collecting/printing
			response delays, printing intermediate results, and
			adjusting query rate for the "target" qps.
794

795 796
1918.	[bug]		Memory leak when checking acls. [RT #15391]

797 798 799
1917.	[doc]		funcsynopsisinfo wasn't being treated as verbatim
			when generating man pages. [RT #15385]

800 801
1916.	[func]		Integrate contibuted IDN code from JPNIC. [RT #15383]

802 803
1915.	[bug]		dig +ndots was broken. [RT #15215]

804 805 806 807
1914.	[protocol]	DS is required to accept mnemonic algorithms
			(RFC 4034).  Still emit numeric algorithms for
			compatability with RFC 3658. [RT #15354]

808 809
1913.	[func]		Integrate contibuted DLZ code into named. [RT #11382]

Mark Andrews's avatar
Mark Andrews committed
810
1912.	[port]		aix: atomic locking for powerpc. [RT #15020]
811

Mark Andrews's avatar
Mark Andrews committed
812
1911.	[bug]		Update windows socket code. [RT #14965]
813

Mark Andrews's avatar
Mark Andrews committed
814
1910.	[bug]		dig's +sigchase code overhauled. [RT #14933]
815

Mark Andrews's avatar
Mark Andrews committed
816
1909.	[bug]		The DLV code has been re-worked to make no longer
817 818
			query order sensitive. [RT #14933]

Mark Andrews's avatar
Mark Andrews committed
819
1908.	[func]		dig now warns if 'RA' is not set in the answer when
820 821 822 823
			'RD' was set in the query.  host/nslookup skip servers
			that fail to set 'RA' when 'RD' is set unless a server
			is explicitly set.  [RT #15005]

Mark Andrews's avatar
Mark Andrews committed
824
1907.	[func]		host/nslookup now continue (default)/fail on SERVFAIL.
825 826
			[RT #15006]

Mark Andrews's avatar
Mark Andrews committed
827
1906.	[func]		dig now has a '-q queryname' and '+showsearch' options.
828 829
			[RT #15034]

Mark Andrews's avatar
Mark Andrews committed
830
1905.	[bug]		Strings returned from cfg_obj_asstring() should be
831 832 833 834
			treated as read-only.  The prototype for 
			cfg_obj_asstring() has been updated to reflect this.
			[RT #15256]

Mark Andrews's avatar
Mark Andrews committed
835
1904.	[func]		Automatic empty zone creation for D.F.IP6.ARPA and
836 837 838 839 840 841
			friends.  Note: RFC 1918 zones are not yet covered by
			this but are likely to be in a future release.

			New options: empty-server, empty-contact,
			empty-zones-enable and disable-empty-zone.

Mark Andrews's avatar
Mark Andrews committed
842
1903.	[func]		ISC string copy API.
843

Mark Andrews's avatar
Mark Andrews committed
844
1902.	[func]		Attempt to make the amount of work performed in a
845 846 847 848 849 850
			iteration self tuning.  The covers nodes clean from
			the cache per iteration, nodes written to disk when
			rewriting a master file and nodes destroyed per
			iteration when destroying a zone or a cache.
			[RT #14996]

Mark Andrews's avatar
Mark Andrews committed
851
1901.	[cleanup]	Don't add DNSKEY records to the additional section.
852

Mark Andrews's avatar
Mark Andrews committed
853
1900.	[bug]		ixfr-from-differences failed to ensure that the
854 855
			serial number increased. [RT #15036]

Mark Andrews's avatar
Mark Andrews committed
856
1899.	[func]		named-checkconf now validates update-policy entries.
857 858
			[RT #14963]

Mark Andrews's avatar
Mark Andrews committed
859
1898.	[bug]		Extend ISC_SOCKADDR_FORMATSIZE and
860 861
			ISC_NETADDR_FORMATSIZE to allow for scope details.

Mark Andrews's avatar
Mark Andrews committed
862
1897.	[func]		x86 and x86_64 now have seperate atomic locking
863 864
			implementations.

Mark Andrews's avatar
Mark Andrews committed
865
1896.	[bug]		Recursive clients soft quota support wasn't working
866 867
			as expected. [RT #15103]

Mark Andrews's avatar
Mark Andrews committed
868
1895.	[bug]		A escaped character is, potentially, converted to
869 870
			the output character set too early. [RT #14666]

Mark Andrews's avatar
Mark Andrews committed
871
1894.	[doc]		Review ARM for BIND 9.4.
872

Mark Andrews's avatar
Mark Andrews committed
873
1893.	[port]		Use uintptr_t if available. [RT #14606]
874

Mark Andrews's avatar
Mark Andrews committed
875
1892.	[func]		Support for SPF rdata type. [RT #15033]
876

Mark Andrews's avatar
Mark Andrews committed
877
1891.	[port]		freebsd: pthread_mutex_init can fail if it runs out
878 879
			of memory. [RT #14995]

Mark Andrews's avatar
Mark Andrews committed
880
1890.	[func]		Raise the UDP recieve buffer size to 32k if it is
881 882
			less than 32k. [RT #14953]

Mark Andrews's avatar
Mark Andrews committed
883
1889.	[port]		sunos: non blocking i/o support. [RT #14951]
884

Mark Andrews's avatar
Mark Andrews committed
885
1888.	[func]		Support for IPSECKEY rdata type. [RT #14967]
886

Mark Andrews's avatar
Mark Andrews committed
887
1887.	[bug]		The cache could delete expired records too fast for
888 889
			clients with a virtual time in the past. [RT #14991]

Mark Andrews's avatar
Mark Andrews committed
890
1886.	[bug]		fctx_create() could return success even though it
891 892
			failed. [RT #14993]

Mark Andrews's avatar
Mark Andrews committed
893
1885.	[func]		dig: report the number of extra bytes still left in
894 895
			the packet after processing all the records.

Mark Andrews's avatar
Mark Andrews committed
896
1884.	[cleanup]	dighost.c: move external declarations into <dig/dig.h>.
897

Mark Andrews's avatar
Mark Andrews committed
898
1883.	[bug]		dnssec-signzone, dnssec-keygen: handle negative debug
899 900
			levels. [RT #14962]

Mark Andrews's avatar
Mark Andrews committed
901
1882.	[func]		Limit the number of recursive clients that can be
902 903 904 905
			waiting for a single query (<qname,qtype,qclass>) to
			resolve.  New options clients-per-query and
			max-clients-per-query.

Mark Andrews's avatar
Mark Andrews committed
906
1881.	[func]		Add a system test for named-checkconf. [RT #14931]
907

Mark Andrews's avatar
Mark Andrews committed
908
1880.	[func]		The lame cache is now done on a <qname,qclass,qtype>
909 910 911
			basis as some servers only appear to be lame for
			certain query types.  [RT #14916]

Mark Andrews's avatar
Mark Andrews committed
912
1879.	[func]		"USE INTERNAL MALLOC" is now runtime selectable.
913 914
			[RT #14892]

Mark Andrews's avatar
Mark Andrews committed
915
1878.	[func]		Detect duplicates of UDP queries we are recursing on
916
			and drop them.  New stats category "duplicates".
917
			[RT #2471]
918

Mark Andrews's avatar
Mark Andrews committed
919
1877.	[bug]		Fix unreasonably low quantum on call to
920 921 922
			dns_rbt_destroy2().  Remove unnecessay unhash_node()
			call. [RT #14919]

Mark Andrews's avatar
Mark Andrews committed
923
1876.	[func]		Additional memory debugging support to track size
Mark Andrews's avatar
Mark Andrews committed
924
			and mctx arguments. [RT #14814]
925

Mark Andrews's avatar
Mark Andrews committed
926
1875.	[bug]		process_dhtkey() was using the wrong memory context
927 928
			to free some memory. [RT #14890]

Mark Andrews's avatar
Mark Andrews committed
929
1874.	[port]		sunos: portability fixes. [RT #14814]
930

Mark Andrews's avatar
Mark Andrews committed
931
1873.	[port]		win32: isc__errno2result() now reports its caller.
932 933
			[RT #13753]

Mark Andrews's avatar
Mark Andrews committed
934
1872.	[port]		win32: Handle ERROR_NETNAME_DELETED.  [RT #13753]
935

Mark Andrews's avatar
Mark Andrews committed
936
1871.	[placeholder]
937

Mark Andrews's avatar
Mark Andrews committed
938
1870.	[func]		Added framework for handling multiple EDNS versions.
939
			[RT #14873]
940

Mark Andrews's avatar
Mark Andrews committed
941
1869.	[func]		dig can now specify the EDNS version when making
942
			a query. [RT #14873]
943

944 945
1868.	[func]		edns-udp-size can now be overridden on a per
			server basis. [RT #14851]
Mark Andrews's avatar
Mark Andrews committed
946

947 948
1867.	[bug]		It was possible to trigger a INSIST in
			dlv_validatezonekey(). [RT #14846]
Mark Andrews's avatar
Mark Andrews committed
949

950 951
1866.	[bug]		resolv.conf parse errors were being ignored by
			dig/host/nslookup. [RT #14841]
Mark Andrews's avatar
Mark Andrews committed
952

953 954
1865.	[bug]		Silently ignore nameservers in /etc/resolv.conf with
			bad addresses. [RT #14841]
Mark Andrews's avatar
Mark Andrews committed
955

956 957 958
1864.	[bug]		Don't try the alternative transfer source if you
			got a answer / transfer with the main source
			address. [RT #14802]
Mark Andrews's avatar
Mark Andrews committed
959

960 961
1863.	[bug]		rrset-order "fixed" error messages not complete.

962 963 964 965 966 967 968
1862.	[func]		Add additional zone data constancy checks.
			named-checkzone has extended checking of NS, MX and 
			SRV record and the hosts they reference.
			named has extended post zone load checks.
			New zone options: check-mx and integrity-check. 
			[RT #4940]

969 970
1861.	[bug]		dig could trigger a INSIST on certain malformed
			responses. [RT #14801]
Mark Andrews's avatar
Mark Andrews committed
971

972 973
1860.	[port]		solaris 2.8: hack_shutup_pthreadmutexinit was
			incorrectly set. [RT #14775]
Mark Andrews's avatar
Mark Andrews committed
974

975
1859.	[func]		Add support for CH A record. [RT #14695]
Mark Andrews's avatar
Mark Andrews committed
976

977 978 979
1858.	[bug]		The flush-zones-on-shutdown option wasn't being
			parsed. [RT #14686]

980 981
1857.	[bug]		named could trigger a INSIST() if reconfigured /
			reloaded too fast.  [RT #14673]
Mark Andrews's avatar
Mark Andrews committed
982

Rob Austein's avatar
regen  
Rob Austein committed
983 984 985
1856.	[doc]		Switch Docbook toolchain from DSSSL to XSL.
			[RT #11398]