CHANGES 189 KB
Newer Older
Mark Andrews's avatar
Mark Andrews committed
1 2
1796.	[placeholder]	rt12498

Mark Andrews's avatar
Mark Andrews committed
3 4
1795.	[placeholder]	rt13396

5 6
1794.	[func]		Named and named-checkzone can now both check for
			non-terminal wildcard records.
Mark Andrews's avatar
Mark Andrews committed
7

Mark Andrews's avatar
Mark Andrews committed
8 9
1793.	[placeholder]	rt13378

Mark Andrews's avatar
Mark Andrews committed
10 11
1792.	[placeholder]	rt13124

Mark Andrews's avatar
Mark Andrews committed
12 13
1791.	[placeholder]	rt13230

14 15 16
1790.	[cleanup]	Move lib/dns/sec/dst up into lib/dns.  This should
			allow parallel make to succeed.

17 18 19
1789.	[bug]		Prerequisite test for tkey and dnssec could fail
			with "configure --with-libtool".

20 21 22
1788.	[bug]		libbind9.la/libbind9.so needs to link against
			libisccfg.la/libisccfg.so.

23 24
1787.	[port]		HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.

25 26 27 28
1786.	[port]		AIX: libt_api needs to be taught to look for
			T_testlist in the main executable (--with-libtool).
			[RT #13239]

29 30 31
1785.	[bug]		libbind9.la/libbind9.so needs to link against
			libisc.la/libisc.so.

32 33 34 35
1784.	[cleanup]	"libtool -allow-undefined" is the default.
			Leave hooks in configure to allow it to be set
			if needed in the future.

36 37 38
1783.	[cleanup]	We only need one copy of libtool.m4, ltmain.sh in the
			source tree.

39 40
1782.	[port]		OSX: --with-libtool + --enable-libbind broke on
			__evOptMonoTime.  [RT #13219]
Mark Andrews's avatar
Mark Andrews committed
41

42
1781.	[port]		FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
Mark Andrews's avatar
Mark Andrews committed
43

44 45
1780.	[bug]		Update libtool to 1.5.10.

46 47
1779.	[port]		OSF 5.1: libtool didn't handle -pthread correctly.

48 49 50
1778.   [port]   	HUX 11.11: fix broken IN6ADDR_ANY_INIT and
			IN6ADDR_LOOPBACK_INIT macros.

51 52
1777.   [port]   	OSF 5.1: fix broken IN6ADDR_ANY_INIT and
			IN6ADDR_LOOPBACK_INIT macros.
53

54 55
1776.   [port]   	Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
                        IN6ADDR_LOOPBACK_INIT macros.
Mark Andrews's avatar
Mark Andrews committed
56

57 58
1775.	[bug]		Only compile getnetent_r.c when threaded. [RT #13205]

59 60
1774.	[port]		Aix: Silence compiler warnings / build failures.
			[RT #13154]
Mark Andrews's avatar
Mark Andrews committed
61

62
1773.	[bug]		Fast retry on host / net unreachable. [RT #13153]
Mark Andrews's avatar
Mark Andrews committed
63

Mark Andrews's avatar
Mark Andrews committed
64 65
1772.	[placeholder]

Mark Andrews's avatar
Mark Andrews committed
66 67
1771.	[placeholder]

68 69 70
1770.	[bug]		named-checkconf failed to report missing a missing
			file clause for rbt{64} master/hint zones. [RT#13009]

71 72 73
1769.	[port]		win32: change compiler flags /MTd ==> /MDd,
			/MT ==> /MD.

74 75 76
1768.	[bug]		nsecnoexistnodata() could be called with a non-NSEC
			rdataset. [RT #12907]

77 78
1767.	[port]		Builds on IPv6 platforms without IPv6 Advanced API
			support for (struct in6_pktinfo) failed.  [RT #13077]
Mark Andrews's avatar
Mark Andrews committed
79

80 81
1766.	[bug]		Update the master file timestamp on successful refresh
			as well as the journal's timestamp. [RT# 13062]
Mark Andrews's avatar
Mark Andrews committed
82

83 84
1765.	[bug]		configure --with-openssl=auto failed. [RT #12937]

85 86 87
1764.	[bug]		dns_zone_replacedb failed to emit a error message
			if there was no SOA record in the replacment db.
			[RT #13016]
Mark Andrews's avatar
Mark Andrews committed
88

89 90
1763.	[func]		Perform sanity checks on NS records which refer to
			'in zone' names. [RT #13002]
Mark Andrews's avatar
Mark Andrews committed
91

92 93
1762.	[bug]		isc_interfaceiter_create() could return ISC_R_SUCCESS
			even when it failed. [RT #12995]
Mark Andrews's avatar
Mark Andrews committed
94

95 96
1761.	[bug]		'rndc dumpdb' didn't report unassociated entries.
			[RT #12971]
Mark Andrews's avatar
Mark Andrews committed
97

98 99
1760.	[bug]		Host / net unreachable was not penalising rtt
			estimates. [RT #12970]
Mark Andrews's avatar
Mark Andrews committed
100

101 102
1759.	[bug]		Named failed to startup if the OS supported IPv6
			but had no IPv6 interfaces configured. [RT #12942]
Mark Andrews's avatar
Mark Andrews committed
103

Mark Andrews's avatar
Mark Andrews committed
104 105
1758.	[placeholder]	rt12933

106
1757.	[func]		host now can turn on memory debugging flags with '-m'.
Mark Andrews's avatar
Mark Andrews committed
107

108 109
1756.	[func]		named-checkconf now checks the logging configuration.
			[RT #12352]
Mark Andrews's avatar
Mark Andrews committed
110

111 112
1755.	[func]		allow-update is now settable at the options / view
			level. [RT #6636]
Mark Andrews's avatar
Mark Andrews committed
113

114 115 116
1754.	[bug]		We wern't always attempting to query the parent
			server for the DS records at the zone cut.
			[RT #12774]
Mark Andrews's avatar
Mark Andrews committed
117

118 119 120
1753.	[bug]		Don't serve a slave zone which has no NS records.
			[RT #12894]

121 122 123 124
1752.	[port]		Move isc_app_start() to after ns_os_daemonise()
			as some fork() implementations unblock the signals
			that are blocked by isc_app_start(). [RT #12810]

125 126
1751.	[bug]		--enable-getifaddrs failed under linux. [RT #12867]

127 128 129
1750.	[port]		lib/bind/make/rules.in:subdirs was not bash friendly.
			[RT #12864]

130 131
1749.	[bug]		'check-names response ignore;' failed to ignore.
			[RT #12866]
Mark Andrews's avatar
Mark Andrews committed
132

133 134
1748.	[func]		dig now returns the byte count for axfr/ixfr.
			
135 136 137
1747.	[bug]		BIND 8 compatability: named/named-checkconf failed
			to parse "host-statistics-max" in named.conf.

Mark Andrews's avatar
Mark Andrews committed
138
1746.	[func]		Make public the function to read a key file,
139 140
			dst_key_read_public(). [RT #12450]

141 142 143
1745.	[bug]		Dig/host/nslookup accept replies from link locals
			regardless of scope if no scope was specified when
			query was sent. [RT #12745]
Mark Andrews's avatar
Mark Andrews committed
144

145 146 147
1744.	[bug]		If tuple2msgname() failed to convert a tuple to
			a name a REQUIRE could be triggered. [RT #12796]

148
1743.	[bug]		If isc_taskmgr_create() was not able to create the
149 150 151 152
			requested number of worker threads then destruction
			of the manager would trigger an INSIST() failure.
			[RT #12790]
			
153 154 155 156 157
1742.	[bug]		Deleting all records at a node then adding a
			previously existing record, in a single UPDATE
			transaction, failed to leave / regenerate the
			associated RRSIG records. [RT #12788]

158 159 160
1741.	[bug]		Deleting all records at a node in a secure zone
			using a update-policy grant failed. [RT #12787]

161 162 163 164 165 166
1740.	[bug]		Replace rbt's hash algorithm as it performed badly
			with certain zones. [RT #12729]
			
			NOTE: a hash context now needs to be established
			via isc_hash_create() if the application was not
			already doing this.
Mark Andrews's avatar
Mark Andrews committed
167

168 169
1739.	[bug]		dns_rbt_deletetree() could incorrectly return
			ISC_R_QUOTA.  [RT #12695]
Mark Andrews's avatar
Mark Andrews committed
170

171
1738.	[bug]		Enable overrun checking by default. [RT #12695]
Mark Andrews's avatar
Mark Andrews committed
172

Mark Andrews's avatar
Mark Andrews committed
173
1737.	[bug]		named failed if more than 16 masters were specified.
174 175
			[RT #12627]

176 177 178
1736.	[bug]		dst_key_fromnamedfile() could fail to read a
			public key. [RT #12687]
			
179 180 181
1735.	[bug]		'dig +sigtrace' could die with a REQUIRE failure.
			[RE #12688]

182 183 184
1734.	[cleanup]	'rndc-confgen -a -t' remove extra '/' in path.
			[RT #12588]

185 186
1733.	[bug]		Return non-zero exit status on initial load failure.
			[RT #12658]
Mark Andrews's avatar
Mark Andrews committed
187

188 189
1732.	[bug]		'rrset-order name "*"' wasn't being applied to ".".
			[RT #12467]
Mark Andrews's avatar
Mark Andrews committed
190

191 192
1731.	[port]		darwin: relax version test in ifconfig.sh.
			[RT #12581]
Mark Andrews's avatar
Mark Andrews committed
193

194 195
1730.	[port]		Determine the length type used by the socket API.
			[RT #12581]
Mark Andrews's avatar
Mark Andrews committed
196

197
1729.	[func]		Improve check-names error messages.
Mark Andrews's avatar
Mark Andrews committed
198

199
1728.	[doc]		Update check-names documentation.
Mark Andrews's avatar
Mark Andrews committed
200

201 202
1727.	[bug]		named-checkzone: check-names support didn't match
			documentation.
Mark Andrews's avatar
Mark Andrews committed
203

Mark Andrews's avatar
aix5  
Mark Andrews committed
204 205
1726.	[port]		aix5: add support for aix5

206 207
1725.	[port]		linux: update error message on interaction of threads,
			capabilities and setuid support (named -u). [RT #12541]
Mark Andrews's avatar
Mark Andrews committed
208

209 210
1724.	[bug]		Look for DNSKEY records with "dig +sigtrace".
			[RT #12557]
Mark Andrews's avatar
Mark Andrews committed
211

212 213
1723.	[cleanup]	Silence compiler warnings from t_tasks.c. [RT #12493]

214 215
1722.	[bug]		Don't commit the journal on malformed ixfr streams.
			[RT #12519]
Mark Andrews's avatar
Mark Andrews committed
216

217 218
1721.	[bug]		Error message from the journal processing were not
			always identifing the relevent journal. [RT #12519]
Mark Andrews's avatar
Mark Andrews committed
219

220 221
1720.	[bug]		'dig +chase' did not terminate on a RFC 2308 Type 1
			negative response. [RT #12506]
Mark Andrews's avatar
Mark Andrews committed
222

223 224
1719.	[bug]		named was not correctly caching a RFC 2308 Type 1
			negative response. [RT #12506]
Mark Andrews's avatar
Mark Andrews committed
225

226 227 228
1718.	[bug]		nsupdate was not handling RFC 2308 Type 3 negative
			responses when looking for the zone / master server.
			[RT #12506]
Mark Andrews's avatar
Mark Andrews committed
229

230 231 232
1717.	[port]		solaris: ifconfig.sh did not support Solaris 10.
			"ifconfig.sh down" didn't work for Solaris 9.

233 234 235
1716.	[doc]		named.conf(5) was being installed in the wrong
			location.  [RT# 12441]

236 237
1715.	[func]		'dig +trace' now randomly selects the next servers
			to try.  Report if there is a bad delegation.
Mark Andrews's avatar
Mark Andrews committed
238

239 240 241 242
1714.	[bug]		dig/host/nslookup were only trying the first
			address when a nameserver was specified by name.
			[RT #12286]

243 244 245
1713.	[port]		linux: extend capset failure message to say:
			please ensure that the capset kernel module is
			loaded.  see insmod(8)
Mark Andrews's avatar
Mark Andrews committed
246

247 248
1712.	[bug]		Missing FULLCHECK for "trusted-key" in dig.

249
1711.	[func]		'rndc unfreeze' has been deprecated by 'rndc thaw'.
Mark Andrews's avatar
Mark Andrews committed
250

251 252
1710.	[func]		'rndc notify zone [class [view]]' resend the NOTIFY
			messages for the specified zone. [RT #9479]
Mark Andrews's avatar
Mark Andrews committed
253

254
1709.	[port]		solaris: add SMF support from Sun.
Mark Andrews's avatar
Mark Andrews committed
255

256 257 258 259
1708.	[cleanup]	Replaced dns_fullname_hash() with dns_name_fullhash()
			for conformance to the name space convention.  Binary
			backward compatibility to the old function name is
			provided. [RT #12376]
260

261 262
1707.	[contrib]	sdb/ldap updated to version 1.0-beta.

263 264
1706.	[bug]		'rndc stop' failed to cause zones to be flushed
			sometimes. [RT #12328]
Mark Andrews's avatar
Mark Andrews committed
265

266
1705.	[func]		Allow the journal's name to be changed via named.conf.
Mark Andrews's avatar
Mark Andrews committed
267

268 269 270
1704.	[port]		lwres needed a snprintf() implementation for
			platforms without snprintf().  Add missing
			"#include <isc/print.h>". [RT #12321]
Mark Andrews's avatar
Mark Andrews committed
271

272 273
1703.	[bug]		named would loop sending NOTIFY messages when it
			failed to receive a response. [RT #12322]
Mark Andrews's avatar
Mark Andrews committed
274

275 276
1702.	[bug]		also-notify should not be applied to builtin zones.
			[RT #12323]
Mark Andrews's avatar
Mark Andrews committed
277

278 279
1701.	[doc]		A minimal named.conf man page.

280 281 282
1700.	[func]		nslookup is no longer to be treated as deprecated.
			Remove "deprecated" warning message.  Add man page.

283 284
1699.	[bug]		dnssec-signzone can generate "not exact" errors
			when resigning. [RT #12281]
Mark Andrews's avatar
Mark Andrews committed
285

286 287
1698.	[doc]		Use reserved IPv6 documentation prefix.

288 289 290 291
1697.	[bug]		xxx-source{,-v6} was not effective when it
			specified one of listening addresses and a
			different port than the listening port. [RT #12257]

292 293 294 295
1696.	[bug]		dnssec-signzone failed to clean out nodes that
			consisted of only NSEC and RRSIG records.
			[RT #12154]

296 297
1695.	[bug]		DS records when forwarding require special handling.
			[RT #12133]
Mark Andrews's avatar
Mark Andrews committed
298

299 300
1694.	[bug]		Report if the builtin views of "_default" / "_bind"
			are defined in named.conf. [RT #12023]
Mark Andrews's avatar
Mark Andrews committed
301

302 303
1693.	[bug]		max-journal-size was not effective for master zones
			with ixfr-from-differences set. [RT# 12024]
Mark Andrews's avatar
Mark Andrews committed
304

Mark Andrews's avatar
Mark Andrews committed
305
1692.	[bug]		Don't set -I, -L and -R flags when libcrypto is in
306 307
			/usr/lib. [RT #11971]

308 309
1691.	[bug]		sdb's attachversion was not complete. [RT #11990]

310 311
1690.	[bug]		Delay detaching view from the client until UPDATE
			processing completes when shutting down. [RT #11714]
Mark Andrews's avatar
Mark Andrews committed
312

313 314 315
1689.	[bug]		DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
			contained gratuitous semicolons. [RT #11707]

316 317
1688.	[bug]		LDFLAGS was not supported.

318 319
1687.	[bug]		Race condition in dispatch. [RT #10272]

320 321 322
1686.	[bug]		Named sent a extraneous NOTIFY when it received a
			redundant UPDATE request. [RT #11943]

Rob Austein's avatar
Rob Austein committed
323
1685.	[bug]		Change #1679 loop tests weren't quite right.
324

325 326
1684.	[func]		ixfr-from-differences now takes master and slave in
			addition to yes and no at the options and view levels.
Mark Andrews's avatar
Mark Andrews committed
327

328 329
1683.	[bug]		dig +sigchase could leak memory. [RT #11445]

330 331
1682.	[port]		Update configure test for (long long) printf format.
			[RT #5066]
Mark Andrews's avatar
Mark Andrews committed
332

333 334
1681.	[bug]		Only set SO_REUSEADDR when a port is specified in
			isc_socket_bind(). [RT #11742]
Mark Andrews's avatar
Mark Andrews committed
335

336
1680.	[func]		rndc: the source address can now be specified.
Mark Andrews's avatar
Mark Andrews committed
337

338 339 340
1679.	[bug]		When there was a single nameserver with multiple
			addresses for a zone not all addresses were tried.
			[RT #11706]
Mark Andrews's avatar
Mark Andrews committed
341

342 343
1678.	[bug]		RRSIG should use TYPEXXXXX for unknown types.

344 345
1677.	[bug]		dig: +aaonly didn't work, +aaflag undocumented.

346 347 348 349 350 351
1676.	[func]		New option "allow-query-cache".  This lets
			allow-query be used to specify the default zone
			access level rather than having to have every
			zone override the global value.  allow-query-cache
			can be set at both the options and view levels.
			If allow-query-cache is not set allow-query applies.
Mark Andrews's avatar
Mark Andrews committed
352

353 354 355
1675.	[bug]		named would sometimes add extra NSEC records to
			the authority section.
			
356 357 358
1674.	[port]		linux: increase buffer size used to scan
			/proc/net/if_inet6.

359 360 361
1673.	[port]		linux: issue a error messages if IPv6 interface
			scans fails.

Mark Andrews's avatar
Mark Andrews committed
362
1672.	[cleanup]	Tests which only function in a threaded build
363 364 365 366
			now return R:THREADONLY (rather than R:UNTESTED)
			in a non-threaded build.

1671.	[contrib]	queryperf: add NAPTR to the list of known types.
367

368 369 370 371 372
1670.	[func]		Log UPDATE requests to slave zones without an acl as
			"disabled" at debug level 3. [RT# 11657]

1669.	[placeholder]

373 374
1668.	[bug]		DIG_SIGCHASE was making bin/dig/host dump core.

375 376
1667.	[port]		linux: not all versions have IF_NAMESIZE.

377 378
1666.	[bug]		The optional port on hostnames in dual-stack-servers
			was being ignored.
Mark Andrews's avatar
Mark Andrews committed
379

380 381
1665.	[func]		rndc now allows addresses to be set in the
			server clauses.
Mark Andrews's avatar
Mark Andrews committed
382

Rob Austein's avatar
1664  
Rob Austein committed
383 384
1664.	[bug]		nsupdate needed KEY for SIG(0), not DNSKEY.

385
1663.	[func]		Look for OpenSSL by default.
Mark Andrews's avatar
Mark Andrews committed
386

Mark Andrews's avatar
wording  
Mark Andrews committed
387 388
1662.	[bug]		Change #1658 failed to change one use of 'type'
			to 'keytype'.
389

390 391
1661.	[bug]		Restore dns_name_concatenate() call in
			adb.c:set_target().  [RT #11582]
Mark Andrews's avatar
Mark Andrews committed
392

393 394
1660.	[bug]		win32: connection_reset_fix() was being called
			unconditionally.  [RT #11595]
Mark Andrews's avatar
Mark Andrews committed
395

396 397 398 399 400 401 402
1659.	[cleanup]	Cleanup some messages that were referring to KEY vs
			DNSKEY, NXT vs NSEC and SIG vs RRSIG.

1658.	[func]		Update dnssec-keygen to default to KEY for HMAC-MD5
			and DH.  Tighten which options apply to KEY and
			DNSKEY records.

403 404 405 406 407
1657.	[doc]		ARM: document query log output.

1656.	[doc]		Update DNSSEC description in ARM to cover DS, NSEC
			DNSKEY and RRSIG.  [RT #11542]

408 409
1655.	[bug]		Logging multiple versions w/o a size was broken.
			[RT #11446]
Mark Andrews's avatar
Mark Andrews committed
410

411 412
1654.	[bug]		isc_result_totext() contained array bounds read
			error.
Mark Andrews's avatar
Mark Andrews committed
413

414 415 416
1653.	[func]		Add key type checking to dst_key_fromfilename(),
			DST_TYPE_KEY should be used to read TSIG, TKEY and
			SIG(0) keys.
Mark Andrews's avatar
Mark Andrews committed
417

418
1652.	[bug]		TKEY still uses KEY.
Mark Andrews's avatar
Mark Andrews committed
419

420 421 422 423
1651.	[bug]		dig: process multiple dash options.

1650.	[bug]		dig, nslookup: flush standard out after each command.

424 425
1649.	[bug]		Silence "unexpected non-minimal diff" message.
			[RT #11206]
Mark Andrews's avatar
Mark Andrews committed
426

427 428 429
1648.	[func]		Update dnssec-lookaside named.conf syntax to support
			multiple dnssec-lookaside namespaces (not yet
			implemented).  
Mark Andrews's avatar
Mark Andrews committed
430

431 432 433
1647.	[bug]		It was possible trigger a INSIST when chasing a DS
			record that required walking back over a empty node.
			[RT #11445]
Mark Andrews's avatar
Mark Andrews committed
434

435 436
1646.	[bug]		win32: logging file versions didn't work with
			non-UNC filenames.  [RT#11486]
Mark Andrews's avatar
Mark Andrews committed
437

438 439 440
1645.	[bug]		named could trigger a REQUIRE failure if multiple
			masters with keys are specified.

441 442
1644.	[bug]		Update the journal modification time after a
			sucessfull refresh query. [RT #11436]
Mark Andrews's avatar
Mark Andrews committed
443

444 445 446
1643.	[bug]		dns_db_closeversion() could leak memory / node
			references. [RT #11163]

447 448 449
1642.	[port]		Support OpenSSL implementations which don't have
			DSA support. [RT #11360]

450 451
1641.	[bug]		Update the check-names description in ARM. [RT #11389]

452 453 454
1640.	[bug]		win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
			incorrectly closing the socket.  [RT #11291]

455 456
1639.	[func]		Initial dlv system test.

457 458 459
1638.	[bug]		"ixfr-from-differences" could generate a REQUIRE
			failure if the journal open failed. [RT #11347]
			
460 461
1637.	[bug]		Node reference leak on error in addnoqname().

462 463 464 465
1636.	[bug]		The dump done callback could get ISC_R_SUCCESS even if
			a error had occured.  The database version no longer
			matched the version of the database that was dumped.

466 467
1635.	[bug]		Memory leak on error in query_addds().

468 469
1634.	[bug]		named didn't supply a useful error message when it
			detected duplicate views.  [RT #11208]
Mark Andrews's avatar
Mark Andrews committed
470

471 472 473
1633.	[bug]		named should return NOTIMP to update requests to a
			slaves without a allow-update-forwarding acl specified.
			[RT #11331]
Mark Andrews's avatar
Mark Andrews committed
474

475 476
1632.	[bug]		nsupdate failed to send prerequisite only UPDATE
			messages. [RT #11288]
Mark Andrews's avatar
Mark Andrews committed
477

478 479 480
1631.	[bug]		dns_journal_compact() could sometimes corrupt the
			journal. [RT #11124]

481
1630.	[contrib]	queryperf: add support for IPv6 transport.
482

483 484
1629.	[func]		dig now supports IPv6 scoped addresses with the
			extended format in the local-server part. [RT #8753]
485

486 487
1628.	[bug]		Typo in Compaq Trucluster support. [RT# 11264]

488 489 490
1627.	[bug]		win32: sockets were not being closed when the
			last external reference was removed. [RT# 11179]

491 492
1626.	[bug]		--enable-getifaddrs was broken. [RT#11259]

493 494
1625.	[bug]		named failed to load/transfer RFC2535 signed zones
			which contained CNAMES. [RT# 11237]
Mark Andrews's avatar
Mark Andrews committed
495

496 497
1624.	[bug]		zonemgr_putio() call should be locked. [RT# 11163]

498 499 500
1623.	[bug]		A serial number of zero was being displayed in the
			"sending notifies" log message when also-notify was
			used. [RT #11177]
Mark Andrews's avatar
Mark Andrews committed
501

502 503
1622.	[func]		probe the system to see if IPV6_(RECV)PKTINFO is
			available, and suppress wildcard binding if not.
504

505 506
1621.	[bug]		match-destinations did not work for IPv6 TCP queries.
			[RT# 11156]
507

508
1620.	[func]		When loading a zone report if it is signed. [RT #11149]
Mark Andrews's avatar
Mark Andrews committed
509

510 511 512
1619.	[bug]		Missing ISC_LIST_UNLINK in end_reserved_dispatches().
			[RT# 11118]

513 514 515
1618.	[bug]		Fencepost errors in dns_name_ishostname() and
			dns_name_ismailbox() could trigger a INSIST().

516 517
1617.	[port]		win32: VC++ 6.0 support.

518 519
1616.	[compat]	Ensure that named's version is visible in the core
			dump. [RT #11127]
Mark Andrews's avatar
Mark Andrews committed
520

521 522 523
1615.	[port]		Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
			it is defined.

524
1614.	[port]		win32: silence resource limit messages. [RT# 11101]
Mark Andrews's avatar
Mark Andrews committed
525

526 527 528
1613.	[bug]		Builds would fail on machines w/o a if_nametoindex().
			Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
			[RT #11119]
Mark Andrews's avatar
Mark Andrews committed
529

530 531
1612.	[bug]		check-names at the option/view level could trigger
			an INSIST. [RT# 11116]
Mark Andrews's avatar
Mark Andrews committed
532

533 534
1611.	[bug]		solaris: IPv6 interface scanning failed to cope with
			no active IPv6 interfaces.
Mark Andrews's avatar
Mark Andrews committed
535

536 537 538
1610.	[bug]		On dual stack machines "dig -b" failed to set the
			address type to be looked up with "@server".
			[RT #11069]
Mark Andrews's avatar
Mark Andrews committed
539

540 541 542
1609.	[func]		dig now has support to chase DNSSEC signature chains.
			Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.

Mark Andrews's avatar
Mark Andrews committed
543 544 545 546
			DNSSEC validation code in dig coded by Olivier Courtay
			(olivier.courtay@irisa.fr) for the IDsA project
			(http://idsa.irisa.fr).

547 548 549
1608.	[func]		dig and host now accept -4/-6 to select IP transport
			to use when making queries.

550 551 552
1607.	[bug]		dig, host and nslookup were still using random()
			to generate query ids. [RT# 11013]

Mark Andrews's avatar
Mark Andrews committed
553
1606.	[bug]	 	DLV insecurity proof was failing.
554 555

1605.	[func]		New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
Mark Andrews's avatar
Mark Andrews committed
556

557 558 559 560
1604.	[bug]		A xfrout_ctx_create() failure would result in
			xfrout_ctx_destroy() being called with a
			partially initaliased structure.
			
561 562
1603.	[bug]		nsupdate: set interactive based on isatty().
			[RT# 10929]
Mark Andrews's avatar
Mark Andrews committed
563

564 565
1602.	[bug]		Logging to a file failed unless a size was specified.
			[RT# 10925]
Mark Andrews's avatar
Mark Andrews committed
566

567 568 569
1601.	[bug]		Silence spurious warning 'both "recursion no;" and 
			"allow-recursion" active' warning from view "_bind".
			[RT# 10920]
Mark Andrews's avatar
Mark Andrews committed
570

571 572
1600.	[bug]		Duplicate zone pre-load checks were not case
			insensitive.
Mark Andrews's avatar
Mark Andrews committed
573

574
1599.	[bug]		Fix memory leak on error path when checking named.conf.
Mark Andrews's avatar
Mark Andrews committed
575

576 577
1598.	[func]		Specify that certain parts of the namespace must
			be secure (dnssec-must-be-secure).
Mark Andrews's avatar
Mark Andrews committed
578

Mark Andrews's avatar
Mark Andrews committed
579 580
1597.	[placeholder]	rt6496a

581
1596.	[func]		Accept 'notify-source' style syntax for query-source.
Mark Andrews's avatar
Mark Andrews committed
582

583 584
1595.	[func]		New notify type 'master-only'.  Enable notify for
			master zones only.
Mark Andrews's avatar
Mark Andrews committed
585

586 587
1594.	[bug]		'rndc dumpdb' could prevent named from answering
			queries while the dump was in progress.  [RT #10565]
Mark Andrews's avatar
Mark Andrews committed
588

589 590
1593.	[bug]		rndc should return "unknown command" to unknown
			commands. [RT# 10642]
Mark Andrews's avatar
Mark Andrews committed
591

Mark Andrews's avatar
Mark Andrews committed
592
1592.	[bug]		configure_view() could leak a dispatch. [RT# 10675]
593

594 595
1591.	[bug]		libbind: updated to BIND 8.4.5.

596 597
1590.	[port]		netbsd: update thread support.

598 599
1589.	[func]		DNSSEC lookaside validation.

600 601
1588.	[bug]		win32: TCP sockets could become blocked. [RT #10115]

602 603
1587.	[bug]		dns_message_settsigkey() failed to clear existing key.
			[RT #10590]
Mark Andrews's avatar
Mark Andrews committed
604

605 606
1586.	[func]		"check-names" is now implemented.

Mark Andrews's avatar
Mark Andrews committed
607
1585.	[placeholder]
Mark Andrews's avatar
Mark Andrews committed
608

Mark Andrews's avatar
Mark Andrews committed
609
1584.	[bug]		"make test" failed with a read only source tree.
610
			[RT #10461]
Mark Andrews's avatar
Mark Andrews committed
611

612 613
1583.	[bug]		Records add via UPDATE failed to get the correct trust
			level. [RT #10452]
Mark Andrews's avatar
Mark Andrews committed
614

615 616
1582.	[bug]		rrset-order failed to work on RRsets with more
			than 32 elements. [RT #10381]
Mark Andrews's avatar
Mark Andrews committed
617

618
1581.	[func]		Disable DNSSEC support by default.  To enable
619
			DNSSEC specify "dnssec-enable yes;" in named.conf.
620

Mark Andrews's avatar
Mark Andrews committed
621
1580.	[bug]		Zone destruction on final detach takes a long time.
622
			[RT #3746]
Mark Andrews's avatar
Mark Andrews committed
623

624
1579.	[bug]		Multiple task managers could not be created.
Mark Andrews's avatar
Mark Andrews committed
625

626 627
1578.	[bug]		Don't use CLASS E IPv4 addresses when resolving.
			[RT #10346]
Mark Andrews's avatar
Mark Andrews committed
628

629 630
1577.	[bug]		Use isc_uint32_t in ultrasparc optimizer bug
			workaround code. [RT #10331]
Mark Andrews's avatar
Mark Andrews committed
631

632 633
1576.	[bug]		Race condition in dns_dispatch_addresponse().
			[RT# 10272]
Mark Andrews's avatar
Mark Andrews committed
634

635
1575.	[func]		Log TSIG name on TSIG verify failure. [RT #4404]
Mark Andrews's avatar
Mark Andrews committed
636

637 638 639
1574.	[bug]		Don't attempt to open the controls socket(s) when
			running tests. [RT #9091]

640 641 642
1573.	[port]		linux: update to libtool 1.5.2 so that
			"make install DESTDIR=/xx" works with
			"configure --with-libtool".  [RT #9941]
Mark Andrews's avatar
Mark Andrews committed
643

644 645
1572.	[bug]		nsupdate: sign the soa query to find the enclosing
			zone if the server is specified. [RT #10148]
Mark Andrews's avatar
Mark Andrews committed
646

647
1571.	[bug]		rbt:hash_node() could fail leaving the hash table
Mark Andrews's avatar
Mark Andrews committed
648
			in an inconsistent state.  [RT #10208]
Mark Andrews's avatar
Mark Andrews committed
649

650 651 652
1570.	[bug]		nsupdate failed to handle classes other than IN.
			New keyword 'class' which sets the default class.
			[RT #10202]
Mark Andrews's avatar
Mark Andrews committed
653

654 655
1569.	[func]		nsupdate new command 'answer' which displays the
			complete answer message to the last update.
Mark Andrews's avatar
Mark Andrews committed
656

657
1568.	[bug]		nsupdate now reports that the update failed in
Mark Andrews's avatar
Mark Andrews committed
658
			interactive mode. [RT# 10236]
Mark Andrews's avatar
Mark Andrews committed
659

660 661
1567.	[bug]		B.ROOT-SERVERS.NET is now 192.228.79.201.

662 663 664 665
1566.	[port]		Support for the cmsg framework on Solaris and HP/UX.
			This also solved the problem that match-destinations
			for IPv6 addresses did not work on these systems.
			[RT #10221]
666

Mark Andrews's avatar
Mark Andrews committed
667 668 669
1565.	[bug]		CD flag should be copied to outgoing queries unless
			the query is under a secure entry point in which case
			CD should be set.
670

671 672 673 674 675
1564.	[func]		Attempt to provide a fallback entropy source to be
			used if named is running chrooted and named is unable
			to open entropy source within the chroot area.
			[RT #10133]

Mark Andrews's avatar
Mark Andrews committed
676 677
1563.	[bug]		Gracefully fail when unable to obtain neither an IPv4
			nor an IPv6 dispatch. [RT #10230]
678

679 680 681
1562.	[bug]		isc_socket_create() and isc_socket_accept() could
			leak memory under error conditions. [RT #10230]

682 683 684
1561.	[bug]		It was possible to release the same name twice if
			named ran out of memory. [RT #10197]

685 686 687
1560.	[port]		FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
			and EAI_NONAME to the same value.

688
1559.	[port]		named should ignore SIGFSZ.
Mark Andrews's avatar
Mark Andrews committed
689

690 691 692 693 694 695 696 697 698
1558.	[func]		New DNSSEC 'disable-algorithms'.  Support entry into
			child zones for which we don't have a supported
			algorithm.  Such child zones are treated as unsigned.

1557.	[func]		Implement missing DNSSEC tests for
			* NOQNAME proof with wildcard answers.
			* NOWILDARD proof with NXDOMAIN.
			Cache and return NOQNAME with wildcard answers.

Mark Andrews's avatar
Mark Andrews committed
699
1556.	[bug]		nsupdate now treats all names as fully qualified.
700
			[RT #6427]
Mark Andrews's avatar
Mark Andrews committed
701

Mark Andrews's avatar
now->no  
Mark Andrews committed
702
1555.	[func]		'rrset-order cyclic' no longer has a random starting
703 704
			point. [RT #7572]

Mark Andrews's avatar
Mark Andrews committed
705
1554.	[bug]		dig, host, nslookup failed when no nameservers
706 707
			were specified in /etc/resolv.conf. [RT #8232]

708
1553.	[bug]		The windows socket code could stop accepting
Mark Andrews's avatar
Mark Andrews committed
709
			connections. [RT#10115]
710

711 712
1552.	[bug]		Accept NOTIFY requests from mapped masters if
			matched-mapped is set. [RT #10049]
Mark Andrews's avatar
Mark Andrews committed
713

714 715
1551.	[port]		Open "/dev/null" before calling chroot().

716 717
1550.	[port]		Call tzset(), if available, before calling chroot().

718 719 720
1549.	[func]		named-checkzone can now write out the zone contents
			in a easily parsable format (-D and -o).

Mark Andrews's avatar
Mark Andrews committed
721 722 723
1548.	[bug]		When parsing APL records it was possible to silently
			accept out of range ADDRESSFAMILY values. [RT# 9979]

724 725 726
1547.	[bug]		Named wasted memory recording duplicate lame zone
			entries. [RT #9341]

727 728 729
1546.	[bug]		We were rejecting valid secure CNAME to negative
			answers.

730 731 732 733
1545.	[bug]		It was possible to leak memory if named was unable to
			bind to the specified transfer source and TSIG was
			being used. [RT #10120]

734 735
1544.	[bug]		Named would logged a single entry to a file despite it
			being over the specified size limit.
Mark Andrews's avatar
Mark Andrews committed
736

737
1543.	[bug]		Logging using "versions unlimited" did not work.
Mark Andrews's avatar
Mark Andrews committed
738

Mark Andrews's avatar
Mark Andrews committed
739 740
1542.	[placeholder]

741
1541.	[func]		NSEC now uses new bitmap format.
Mark Andrews's avatar
Mark Andrews committed
742

743 744
1540.	[bug]		"rndc reload <dynamiczone>" was silently accepted.
			[RT #8934]
Mark Andrews's avatar
Mark Andrews committed
745

746 747
1539.	[bug]		Open UDP sockets for notify-source and transfer-source
			that use reserved ports at startup. [RT #9475]
Mark Andrews's avatar
Mark Andrews committed
748

Mark Andrews's avatar
Mark Andrews committed
749 750
1538.	[placeholder]	rt9997

751
1537.	[func]		New option "querylog".  If set specify whether query
Mark Andrews's avatar
Mark Andrews committed
752
			logging is to be enabled or disabled at startup.
Mark Andrews's avatar
Mark Andrews committed
753

754 755
1536.	[bug]		Windows socket code failed to log a error description
			when returning ISC_R_UNEXPECTED. [RT #9998]
Mark Andrews's avatar
Mark Andrews committed
756

Mark Andrews's avatar
Mark Andrews committed
757 758
1535.	[placeholder]

759
1534.	[bug]		Race condition when priming cache. [RT# 9940]
Mark Andrews's avatar
Mark Andrews committed
760

Mark Andrews's avatar
Mark Andrews committed
761
1533.	[func]		Warn if both "recursion no;" and "allow-recursion"
762
			are active. [RT# 4389]
Mark Andrews's avatar
Mark Andrews committed
763

764 765 766
1532.	[port]		netbsd: the configure test for <sys/sysctl.h>
			requires <sys/param.h>.

Mark Andrews's avatar
Mark Andrews committed
767
1531.	[port]		AIX more libtool fixes.
768

769
1530.	[bug]		It was possible to trigger a INSIST() failure if a
Mark Andrews's avatar
grammar  
Mark Andrews committed
770
			slave master file was removed at just the correct
771 772
			moment. [RT #9462]

Mark Andrews's avatar
Mark Andrews committed
773
1529.	[bug]		"notify explicit;" failed to log that NOTIFY messages
Mark Andrews's avatar
Mark Andrews committed
774
			were being sent for the zone. [RT# 9442]
Mark Andrews's avatar
Mark Andrews committed
775

776 777
1528.	[cleanup]	Simplify some dns_name_ functions based on the
			deprecation of bitstring labels.
778

779 780
1527.	[cleanup]	Reduce the number of gettimeofday() calls without
			losing necessary timer granularity.
781

782 783 784 785 786
1526.	[func]		Implemented "additional section caching (or acache)",
			an internal cache framework for additional section
			content to improve response performance.  Several
			configuration options were provided to control the
			behavior.
787

Mark Andrews's avatar
Mark Andrews committed
788 789
1525.	[bug]		dns_cache_create() could trigger a REQUIRE
			failure in isc_mem_put() during error cleanup.
790
			[RT# 9360]
791

792 793 794
1524.	[port]		AIX needs to be able to resolve all symbols when
			creating shared libraries (--with-libtool).

795 796
1523.	[bug]		Fix race condition in rbtdb. [RT# 9189]

797 798 799
1522.	[bug]		dns_db_findnode() relax the requirements on 'name'.
			[RT# 9286]

800 801 802
1521.	[bug]		dns_view_createresolver() failed to check the
			result from isc_mem_create(). [RT# 9294]

803 804
1520.	[protocol]	Add SSHFP (SSH Finger Print) type.

805 806 807
1519.	[bug]		dnssec-signzone:nsec_setbit() computed the wrong
			length of the new bitmap.

Mark Andrews's avatar
Mark Andrews committed
808
1518.	[bug]		dns_nsec_buildrdata(), and hence dns_nsec_build(),
809 810 811
			contained a off-by-one error when working out the
			number of octets in the bitmap.

Mark Andrews's avatar
Mark Andrews committed
812 813
1517.	[port]		Support for IPv6 interface scanning on HP/UX and
			TrueUNIX 5.1.
814

Mark Andrews's avatar
Mark Andrews committed
815
1516.	[func]		Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
816

Mark Andrews's avatar
Mark Andrews committed
817 818
1515.	[func]		Allow transfer source to be set in a server statement.
			[RT #6496]
819

Mark Andrews's avatar
Mark Andrews committed
820 821
1514.	[bug]		named: isc_hash_destroy() was being called too early.
			[RT #9160]
822

Mark Andrews's avatar
Mark Andrews committed
823
1513.	[doc]		Add "US" to root-delegation-only exclude list.
824

Mark Andrews's avatar
Mark Andrews committed
825 826
1512.	[bug]		Extend the delegation-only logging to return query
			type, class and responding nameserver.
827

Mark Andrews's avatar
Mark Andrews committed
828 829
1511.	[bug]		delegation-only was generating false positives
			on negative answers from subzones.
830

Mark Andrews's avatar
Mark Andrews committed
831 832 833 834 835
1510.	[func]		New view option "root-delegation-only".  Apply
			delegation-only check to all TLDs and root.
			Note there are some TLDs that are NOT delegation
			only (e.g. DE, LV, US and MUSEUM) these can be excluded
			from the checks by using exclude.
836

Mark Andrews's avatar
Mark Andrews committed
837 838 839
			root-delegation-only exclude {
				"DE"; "LV"; "US"; "MUSEUM";
			};
840

Mark Andrews's avatar
Mark Andrews committed
841 842
1509.	[bug]		Hint zones should accept delegation-only.  Forward
			zone should not accept delegation-only.
843

Mark Andrews's avatar
Mark Andrews committed
844 845
1508.	[bug]		Don't apply delegation-only checks to answers from
			forwarders.