CHANGES 196 KB
Newer Older
1
1879.	[func]		Added framework for handling multiple EDNS versions.
2
			[RT #14873]
3
4

1878.	[func]		dig can now specify the EDNS version when making
5
			a query. [RT #14873]
6

7
8
1868.	[func]		edns-udp-size can now be overridden on a per
			server basis. [RT #14851]
Mark Andrews's avatar
Mark Andrews committed
9

10
11
1867.	[bug]		It was possible to trigger a INSIST in
			dlv_validatezonekey(). [RT #14846]
Mark Andrews's avatar
Mark Andrews committed
12

13
14
1866.	[bug]		resolv.conf parse errors were being ignored by
			dig/host/nslookup. [RT #14841]
Mark Andrews's avatar
Mark Andrews committed
15

16
17
1865.	[bug]		Silently ignore nameservers in /etc/resolv.conf with
			bad addresses. [RT #14841]
Mark Andrews's avatar
Mark Andrews committed
18

19
20
21
1864.	[bug]		Don't try the alternative transfer source if you
			got a answer / transfer with the main source
			address. [RT #14802]
Mark Andrews's avatar
Mark Andrews committed
22

23
24
1863.	[bug]		rrset-order "fixed" error messages not complete.

25
26
27
28
29
30
31
1862.	[func]		Add additional zone data constancy checks.
			named-checkzone has extended checking of NS, MX and 
			SRV record and the hosts they reference.
			named has extended post zone load checks.
			New zone options: check-mx and integrity-check. 
			[RT #4940]

Mark Andrews's avatar
Mark Andrews committed
32
33
1861.	[placeholder]	rt14801

Mark Andrews's avatar
Mark Andrews committed
34
35
1860.	[placeholder]	rt14775

36
1859.	[func]		Add support for CH A record. [RT #14695]
Mark Andrews's avatar
Mark Andrews committed
37

38
39
40
1858.	[bug]		The flush-zones-on-shutdown option wasn't being
			parsed. [RT #14686]

Mark Andrews's avatar
Mark Andrews committed
41
42
1857.	[placeholder]	rt14673

Rob Austein's avatar
regen    
Rob Austein committed
43
44
45
1856.	[doc]		Switch Docbook toolchain from DSSSL to XSL.
			[RT #11398]

Mark Andrews's avatar
Mark Andrews committed
46
47
1855.	[placeholder]	rt14616

48
49
50
1854.	[bug]		lwres also needs to know the print format for
			(long long).  [RT #13754]

51
52
53
1853.	[bug]		Rework how DLV interacts with proveunsecure().
			[RT #13605]

54
55
56
1852.	[cleanup]	Remove last vestiges of dnssec-signkey and
			dnssec-makekeyset (removed from Makefile years ago).

57
58
1851.	[doc]		Doxygen comment markup. [RT #11398]

59
60
1850.	[bug]		Memory leak in lwres_getipnodebyaddr(). [RT #14591]

61
62
63
1849.	[doc]		All forms of the man pages (docbook, man, html) should
			have consistant copyright dates.

64
65
1848.	[bug]		Improve SMF integration. [RT #13238]

66
1847.	[bug]		isc_ondestroy_init() is called too late in
Mark Andrews's avatar
Mark Andrews committed
67
			dns_rbtdb_create()/dns_rbtdb64_create(). 
68
69
			[RT #13661]
			
70
71
72
1846.	[contrib]	query-loc-0.3.0 from Stephane Bortzmeyer
			<bortzmeyer@nic.fr>.

73
74
75
1845.	[bug]		Improve error reporting to distingish between
			accept()/fcntl() and socket()/fcntl() errors.
			[RT #13745]
Mark Andrews's avatar
Mark Andrews committed
76

77
78
79
80
81
82
1844.	[bug]		inet_pton() accepted more that 4 hexadecimal digits
			for each 16 bit piece of the IPv6 address.  The text
			representation of a IPv6 address has been tighted
			to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
			[RT #5662]

83
84
85
86
87
1843.	[cleanup]	CINCLUDES takes precedence over CFLAGS.  This helps
			when CFLAGS contains "-I /usr/local/include"
			resulting in old header files being used.

1842.	[port]		cmsg_len() could produce incorrect results on
88
89
			some platform. [RT #13744]

90
91
1841.	[bug]		"dig +nssearch" now makes a recursive query to
			find the list of nameservers to query. [RT #13694]
Mark Andrews's avatar
Mark Andrews committed
92

Mark Andrews's avatar
Mark Andrews committed
93
1840.	[func]		dnssec-signzone can now randomize signature end times
94
95
			(dnssec-signzone -j jitter). [RT #13609]

96
97
1839.	[bug]		<isc/hash.h> was not being installed.

98
99
1838.	[cleanup]	Don't allow Linux capabilities to be inherited.
			[RT #13707]
Mark Andrews's avatar
Mark Andrews committed
100

101
102
1837.	[bug]		Compile time option ISC_FACILITY was not effective
			for 'named -u <user>'.  [RT #13714]
Mark Andrews's avatar
Mark Andrews committed
103

104
105
1836.	[cleanup]	Silence compiler warnings in hash_test.c.

106
107
1835.	[bug]		Update dnssec-signzone's usage message. [RT #13657]

108
109
1834.	[bug]		Bad memset in rdata_test.c. [RT #13658]

110
111
1833.	[bug]		Race condition in isc_mutex_lock_profile(). [RT #13660]

112
113
114
1832.	[bug]		named fails to return BADKEY on unknown TSIG algorithm.
			[RT #13620]

115
116
1831.	[doc]		Update named-checkzone documentation. [RT#13604]

117
118
1830.	[bug]		adb lame cache has sence of test reversed. [RT #13600]

119
120
1829.	[bug]		win32: "pid-file none;" broken. [RT #13563]

121
122
123
1828.	[bug]		isc_rwlock_init() failed to properly cleanup if it
			encountered a error. [RT #13549]

124
125
1827.	[bug]		host: update usage message for '-a'. [RT #37116]

126
127
128
129
130
1826.	[bug]		Missing DESTROYLOCK() in isc_mem_createx() on out
			of memory error. [RT #13537]

1825.	[bug]		Missing UNLOCK() on out of memory error from in
			rbtdb.c:subtractrdataset(). [RT #13519]
131

132
133
134
1824.	[bug]		Memory leak on dns_zone_setdbtype() failure.
			[RT #13510]

135
136
137
1823.	[bug]		Wrong macro used to check for point to point interface.
			[RT#13418]

138
139
1822.	[bug]		check-names test for RT was reversed. [RT #13382]

Mark Andrews's avatar
Mark Andrews committed
140
141
1821.	[placeholder]

142
1820.	[bug]		Gracefully handle acl loops. [RT #13659]
Mark Andrews's avatar
Mark Andrews committed
143

144
145
146
147
1819.	[bug]		The validator needed to check both the algorithm and
			digest types of the DS to determine if it could be
			used to introduce a secure zone. [RT #13593]

148
149
1818.	[bug]		'named-checkconf -z' triggered an INSIST. [RT #13599]

150
151
1817.	[placeholder]	rt13587

152
153
1816.	[port]		UnixWare: failed to compile lib/isc/unix/net.c.
			[RT #13597]
Mark Andrews's avatar
Mark Andrews committed
154

155
156
157
1815.	[bug]		nsupdate triggered a REQUIRE if the server was set
			without also setting the zone and it encountered
			a CNAME and was using TSIG.  [RT #13086]
Mark Andrews's avatar
Mark Andrews committed
158

159
1814.	[func]		UNIX domain controls are now supported.
Mark Andrews's avatar
Mark Andrews committed
160

161
162
163
164
165
166
1813.	[func]		Restructured the data locking framework using
			architecture dependent atomic operations (when
			available), improving response performance on
			multi-processor machines significantly.
			x86, x86_64, alpha, and sparc64 are currently
			supported.
167

168
169
170
1812.	[port]		win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
			[RT #13453]

171
172
1811.	[func]		Preserve the case of domain names in rdata during
			zone transfers. [RT #13547]
Mark Andrews's avatar
Mark Andrews committed
173

174
175
176
1810.	[bug]		configure, lib/bind/configure make different default
			decisions about whether to do a threaded build.
			[RT #13212]
Mark Andrews's avatar
Mark Andrews committed
177

178
179
1809.	[bug]		"make distclean" failed for libbind if the platform
			is not supported.
Mark Andrews's avatar
Mark Andrews committed
180

181
182
1808.	[bug]		zone.c:notify_zone() contained a race condition,
			zone->db could change underneath it.  [RT #13511]
Mark Andrews's avatar
Mark Andrews committed
183

184
185
1807.	[bug]		When forwarding (forward only) set the active domain
			from the forward zone name. [RT #13526]
Mark Andrews's avatar
Mark Andrews committed
186

187
188
189
1806.	[bug]		The resolver returned the wrong result when a CNAME /
			DNAME was encountered when fetching glue from a
			secure namespace. [RT #13501]
Mark Andrews's avatar
Mark Andrews committed
190

191
192
1805.	[bug]		Pending status was not being cleared when DLV was
			active. [RT #13501]
Mark Andrews's avatar
Mark Andrews committed
193

194
195
196
1804.	[bug]		Ensure that if we are queried for glue that it fits
			in the additional section or TC is set to tell the
			client to retry using TCP. [RT #10114]
Mark Andrews's avatar
Mark Andrews committed
197

198
199
1803.	[bug]		dnssec-signzone sometimes failed to remove old
			RRSIGs. [RT #13483]
Mark Andrews's avatar
Mark Andrews committed
200

201
1802.	[bug]		Handle connection resets better. [RT #11280]
Mark Andrews's avatar
Mark Andrews committed
202

203
204
1801.	[func]		Report differences between hints and real NS rrset
			and associated address records.
Mark Andrews's avatar
Mark Andrews committed
205

206
207
208
1800.	[bug]		Changes #1719 allowed a INSIST to be triggered.
			[RT #13428]

209
210
1799.	[bug]		'rndc flushname' failed to flush negative cache
			entries. [RT #13438]
Mark Andrews's avatar
Mark Andrews committed
211

212
213
1798.	[func]		The server syntax has been extended to support a
			range of servers.  [RT #11132]
Mark Andrews's avatar
Mark Andrews committed
214

215
216
217
1797.	[func]		named-checkconf now check acls to verify that they
			only refer to existing acls. [RT #13101]

218
1796.	[func]		"rndc freeze/thaw" now freezes/thaws all zones.
Mark Andrews's avatar
Mark Andrews committed
219

Mark Andrews's avatar
Mark Andrews committed
220
1795.	[bug]		"rndc dumpdb" was not fully documented.  Minor
221
			formating issues with "rndc dumpdb -all".  [RT #13396]
Mark Andrews's avatar
Mark Andrews committed
222

223
224
1794.	[func]		Named and named-checkzone can now both check for
			non-terminal wildcard records.
Mark Andrews's avatar
Mark Andrews committed
225

226
1793.	[func]		Extend adjusting TTL warning messages. [RT #13378]
Mark Andrews's avatar
Mark Andrews committed
227

228
229
1792.	[func]		New zone option "notify-delay".  Specify a minimum
			delay between sets of NOTIFY messages.
Mark Andrews's avatar
Mark Andrews committed
230

231
232
1791.	[bug]		'host -t a' still printed out AAAA and MX records.
			[RT #13230]
Mark Andrews's avatar
Mark Andrews committed
233

234
235
236
1790.	[cleanup]	Move lib/dns/sec/dst up into lib/dns.  This should
			allow parallel make to succeed.

237
238
239
1789.	[bug]		Prerequisite test for tkey and dnssec could fail
			with "configure --with-libtool".

240
241
242
1788.	[bug]		libbind9.la/libbind9.so needs to link against
			libisccfg.la/libisccfg.so.

243
244
1787.	[port]		HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.

245
246
247
248
1786.	[port]		AIX: libt_api needs to be taught to look for
			T_testlist in the main executable (--with-libtool).
			[RT #13239]

249
250
251
1785.	[bug]		libbind9.la/libbind9.so needs to link against
			libisc.la/libisc.so.

252
253
254
255
1784.	[cleanup]	"libtool -allow-undefined" is the default.
			Leave hooks in configure to allow it to be set
			if needed in the future.

256
257
258
1783.	[cleanup]	We only need one copy of libtool.m4, ltmain.sh in the
			source tree.

259
260
1782.	[port]		OSX: --with-libtool + --enable-libbind broke on
			__evOptMonoTime.  [RT #13219]
Mark Andrews's avatar
Mark Andrews committed
261

262
1781.	[port]		FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
Mark Andrews's avatar
Mark Andrews committed
263

264
265
1780.	[bug]		Update libtool to 1.5.10.

266
267
1779.	[port]		OSF 5.1: libtool didn't handle -pthread correctly.

268
269
270
1778.   [port]   	HUX 11.11: fix broken IN6ADDR_ANY_INIT and
			IN6ADDR_LOOPBACK_INIT macros.

271
272
1777.   [port]   	OSF 5.1: fix broken IN6ADDR_ANY_INIT and
			IN6ADDR_LOOPBACK_INIT macros.
273

274
275
1776.   [port]   	Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
                        IN6ADDR_LOOPBACK_INIT macros.
Mark Andrews's avatar
Mark Andrews committed
276

277
278
1775.	[bug]		Only compile getnetent_r.c when threaded. [RT #13205]

279
280
1774.	[port]		Aix: Silence compiler warnings / build failures.
			[RT #13154]
Mark Andrews's avatar
Mark Andrews committed
281

282
1773.	[bug]		Fast retry on host / net unreachable. [RT #13153]
Mark Andrews's avatar
Mark Andrews committed
283

Mark Andrews's avatar
Mark Andrews committed
284
285
1772.	[placeholder]

Mark Andrews's avatar
Mark Andrews committed
286
287
1771.	[placeholder]

288
289
290
1770.	[bug]		named-checkconf failed to report missing a missing
			file clause for rbt{64} master/hint zones. [RT#13009]

291
292
293
1769.	[port]		win32: change compiler flags /MTd ==> /MDd,
			/MT ==> /MD.

294
295
296
1768.	[bug]		nsecnoexistnodata() could be called with a non-NSEC
			rdataset. [RT #12907]

297
298
1767.	[port]		Builds on IPv6 platforms without IPv6 Advanced API
			support for (struct in6_pktinfo) failed.  [RT #13077]
Mark Andrews's avatar
Mark Andrews committed
299

300
301
1766.	[bug]		Update the master file timestamp on successful refresh
			as well as the journal's timestamp. [RT# 13062]
Mark Andrews's avatar
Mark Andrews committed
302

303
304
1765.	[bug]		configure --with-openssl=auto failed. [RT #12937]

305
306
307
1764.	[bug]		dns_zone_replacedb failed to emit a error message
			if there was no SOA record in the replacment db.
			[RT #13016]
Mark Andrews's avatar
Mark Andrews committed
308

309
310
1763.	[func]		Perform sanity checks on NS records which refer to
			'in zone' names. [RT #13002]
Mark Andrews's avatar
Mark Andrews committed
311

312
313
1762.	[bug]		isc_interfaceiter_create() could return ISC_R_SUCCESS
			even when it failed. [RT #12995]
Mark Andrews's avatar
Mark Andrews committed
314

315
316
1761.	[bug]		'rndc dumpdb' didn't report unassociated entries.
			[RT #12971]
Mark Andrews's avatar
Mark Andrews committed
317

318
319
1760.	[bug]		Host / net unreachable was not penalising rtt
			estimates. [RT #12970]
Mark Andrews's avatar
Mark Andrews committed
320

321
322
1759.	[bug]		Named failed to startup if the OS supported IPv6
			but had no IPv6 interfaces configured. [RT #12942]
Mark Andrews's avatar
Mark Andrews committed
323

324
1758.	[func]		Don't send notify messages to self. [RT #12933]
Mark Andrews's avatar
Mark Andrews committed
325

326
1757.	[func]		host now can turn on memory debugging flags with '-m'.
Mark Andrews's avatar
Mark Andrews committed
327

328
329
1756.	[func]		named-checkconf now checks the logging configuration.
			[RT #12352]
Mark Andrews's avatar
Mark Andrews committed
330

331
332
1755.	[func]		allow-update is now settable at the options / view
			level. [RT #6636]
Mark Andrews's avatar
Mark Andrews committed
333

334
335
336
1754.	[bug]		We wern't always attempting to query the parent
			server for the DS records at the zone cut.
			[RT #12774]
Mark Andrews's avatar
Mark Andrews committed
337

338
339
340
1753.	[bug]		Don't serve a slave zone which has no NS records.
			[RT #12894]

341
342
343
344
1752.	[port]		Move isc_app_start() to after ns_os_daemonise()
			as some fork() implementations unblock the signals
			that are blocked by isc_app_start(). [RT #12810]

345
346
1751.	[bug]		--enable-getifaddrs failed under linux. [RT #12867]

347
348
349
1750.	[port]		lib/bind/make/rules.in:subdirs was not bash friendly.
			[RT #12864]

350
351
1749.	[bug]		'check-names response ignore;' failed to ignore.
			[RT #12866]
Mark Andrews's avatar
Mark Andrews committed
352

353
354
1748.	[func]		dig now returns the byte count for axfr/ixfr.
			
355
356
357
1747.	[bug]		BIND 8 compatability: named/named-checkconf failed
			to parse "host-statistics-max" in named.conf.

Mark Andrews's avatar
Mark Andrews committed
358
1746.	[func]		Make public the function to read a key file,
359
360
			dst_key_read_public(). [RT #12450]

361
362
363
1745.	[bug]		Dig/host/nslookup accept replies from link locals
			regardless of scope if no scope was specified when
			query was sent. [RT #12745]
Mark Andrews's avatar
Mark Andrews committed
364

365
366
367
1744.	[bug]		If tuple2msgname() failed to convert a tuple to
			a name a REQUIRE could be triggered. [RT #12796]

368
1743.	[bug]		If isc_taskmgr_create() was not able to create the
369
370
371
372
			requested number of worker threads then destruction
			of the manager would trigger an INSIST() failure.
			[RT #12790]
			
373
374
375
376
377
1742.	[bug]		Deleting all records at a node then adding a
			previously existing record, in a single UPDATE
			transaction, failed to leave / regenerate the
			associated RRSIG records. [RT #12788]

378
379
380
1741.	[bug]		Deleting all records at a node in a secure zone
			using a update-policy grant failed. [RT #12787]

381
382
383
384
385
386
1740.	[bug]		Replace rbt's hash algorithm as it performed badly
			with certain zones. [RT #12729]
			
			NOTE: a hash context now needs to be established
			via isc_hash_create() if the application was not
			already doing this.
Mark Andrews's avatar
Mark Andrews committed
387

388
389
1739.	[bug]		dns_rbt_deletetree() could incorrectly return
			ISC_R_QUOTA.  [RT #12695]
Mark Andrews's avatar
Mark Andrews committed
390

391
1738.	[bug]		Enable overrun checking by default. [RT #12695]
Mark Andrews's avatar
Mark Andrews committed
392

Mark Andrews's avatar
Mark Andrews committed
393
1737.	[bug]		named failed if more than 16 masters were specified.
394
395
			[RT #12627]

396
397
398
1736.	[bug]		dst_key_fromnamedfile() could fail to read a
			public key. [RT #12687]
			
399
400
401
1735.	[bug]		'dig +sigtrace' could die with a REQUIRE failure.
			[RE #12688]

402
403
404
1734.	[cleanup]	'rndc-confgen -a -t' remove extra '/' in path.
			[RT #12588]

405
406
1733.	[bug]		Return non-zero exit status on initial load failure.
			[RT #12658]
Mark Andrews's avatar
Mark Andrews committed
407

408
409
1732.	[bug]		'rrset-order name "*"' wasn't being applied to ".".
			[RT #12467]
Mark Andrews's avatar
Mark Andrews committed
410

411
412
1731.	[port]		darwin: relax version test in ifconfig.sh.
			[RT #12581]
Mark Andrews's avatar
Mark Andrews committed
413

414
415
1730.	[port]		Determine the length type used by the socket API.
			[RT #12581]
Mark Andrews's avatar
Mark Andrews committed
416

417
1729.	[func]		Improve check-names error messages.
Mark Andrews's avatar
Mark Andrews committed
418

419
1728.	[doc]		Update check-names documentation.
Mark Andrews's avatar
Mark Andrews committed
420

421
422
1727.	[bug]		named-checkzone: check-names support didn't match
			documentation.
Mark Andrews's avatar
Mark Andrews committed
423

Mark Andrews's avatar
aix5    
Mark Andrews committed
424
425
1726.	[port]		aix5: add support for aix5

426
427
1725.	[port]		linux: update error message on interaction of threads,
			capabilities and setuid support (named -u). [RT #12541]
Mark Andrews's avatar
Mark Andrews committed
428

429
430
1724.	[bug]		Look for DNSKEY records with "dig +sigtrace".
			[RT #12557]
Mark Andrews's avatar
Mark Andrews committed
431

432
433
1723.	[cleanup]	Silence compiler warnings from t_tasks.c. [RT #12493]

434
435
1722.	[bug]		Don't commit the journal on malformed ixfr streams.
			[RT #12519]
Mark Andrews's avatar
Mark Andrews committed
436

437
438
1721.	[bug]		Error message from the journal processing were not
			always identifing the relevent journal. [RT #12519]
Mark Andrews's avatar
Mark Andrews committed
439

440
441
1720.	[bug]		'dig +chase' did not terminate on a RFC 2308 Type 1
			negative response. [RT #12506]
Mark Andrews's avatar
Mark Andrews committed
442

443
444
1719.	[bug]		named was not correctly caching a RFC 2308 Type 1
			negative response. [RT #12506]
Mark Andrews's avatar
Mark Andrews committed
445

446
447
448
1718.	[bug]		nsupdate was not handling RFC 2308 Type 3 negative
			responses when looking for the zone / master server.
			[RT #12506]
Mark Andrews's avatar
Mark Andrews committed
449

450
451
452
1717.	[port]		solaris: ifconfig.sh did not support Solaris 10.
			"ifconfig.sh down" didn't work for Solaris 9.

453
454
455
1716.	[doc]		named.conf(5) was being installed in the wrong
			location.  [RT# 12441]

456
457
1715.	[func]		'dig +trace' now randomly selects the next servers
			to try.  Report if there is a bad delegation.
Mark Andrews's avatar
Mark Andrews committed
458

459
460
461
462
1714.	[bug]		dig/host/nslookup were only trying the first
			address when a nameserver was specified by name.
			[RT #12286]

463
464
465
1713.	[port]		linux: extend capset failure message to say:
			please ensure that the capset kernel module is
			loaded.  see insmod(8)
Mark Andrews's avatar
Mark Andrews committed
466

467
468
1712.	[bug]		Missing FULLCHECK for "trusted-key" in dig.

469
1711.	[func]		'rndc unfreeze' has been deprecated by 'rndc thaw'.
Mark Andrews's avatar
Mark Andrews committed
470

471
472
1710.	[func]		'rndc notify zone [class [view]]' resend the NOTIFY
			messages for the specified zone. [RT #9479]
Mark Andrews's avatar
Mark Andrews committed
473

474
1709.	[port]		solaris: add SMF support from Sun.
Mark Andrews's avatar
Mark Andrews committed
475

476
477
478
479
1708.	[cleanup]	Replaced dns_fullname_hash() with dns_name_fullhash()
			for conformance to the name space convention.  Binary
			backward compatibility to the old function name is
			provided. [RT #12376]
480

481
482
1707.	[contrib]	sdb/ldap updated to version 1.0-beta.

483
484
1706.	[bug]		'rndc stop' failed to cause zones to be flushed
			sometimes. [RT #12328]
Mark Andrews's avatar
Mark Andrews committed
485

486
1705.	[func]		Allow the journal's name to be changed via named.conf.
Mark Andrews's avatar
Mark Andrews committed
487

488
489
490
1704.	[port]		lwres needed a snprintf() implementation for
			platforms without snprintf().  Add missing
			"#include <isc/print.h>". [RT #12321]
Mark Andrews's avatar
Mark Andrews committed
491

492
493
1703.	[bug]		named would loop sending NOTIFY messages when it
			failed to receive a response. [RT #12322]
Mark Andrews's avatar
Mark Andrews committed
494

495
496
1702.	[bug]		also-notify should not be applied to builtin zones.
			[RT #12323]
Mark Andrews's avatar
Mark Andrews committed
497

498
499
1701.	[doc]		A minimal named.conf man page.

500
501
502
1700.	[func]		nslookup is no longer to be treated as deprecated.
			Remove "deprecated" warning message.  Add man page.

503
504
1699.	[bug]		dnssec-signzone can generate "not exact" errors
			when resigning. [RT #12281]
Mark Andrews's avatar
Mark Andrews committed
505

506
507
1698.	[doc]		Use reserved IPv6 documentation prefix.

508
509
510
511
1697.	[bug]		xxx-source{,-v6} was not effective when it
			specified one of listening addresses and a
			different port than the listening port. [RT #12257]

512
513
514
515
1696.	[bug]		dnssec-signzone failed to clean out nodes that
			consisted of only NSEC and RRSIG records.
			[RT #12154]

516
517
1695.	[bug]		DS records when forwarding require special handling.
			[RT #12133]
Mark Andrews's avatar
Mark Andrews committed
518

519
520
1694.	[bug]		Report if the builtin views of "_default" / "_bind"
			are defined in named.conf. [RT #12023]
Mark Andrews's avatar
Mark Andrews committed
521

522
523
1693.	[bug]		max-journal-size was not effective for master zones
			with ixfr-from-differences set. [RT# 12024]
Mark Andrews's avatar
Mark Andrews committed
524

Mark Andrews's avatar
Mark Andrews committed
525
1692.	[bug]		Don't set -I, -L and -R flags when libcrypto is in
526
527
			/usr/lib. [RT #11971]

528
529
1691.	[bug]		sdb's attachversion was not complete. [RT #11990]

530
531
1690.	[bug]		Delay detaching view from the client until UPDATE
			processing completes when shutting down. [RT #11714]
Mark Andrews's avatar
Mark Andrews committed
532

533
534
535
1689.	[bug]		DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
			contained gratuitous semicolons. [RT #11707]

536
537
1688.	[bug]		LDFLAGS was not supported.

538
539
1687.	[bug]		Race condition in dispatch. [RT #10272]

540
541
542
1686.	[bug]		Named sent a extraneous NOTIFY when it received a
			redundant UPDATE request. [RT #11943]

Rob Austein's avatar
Rob Austein committed
543
1685.	[bug]		Change #1679 loop tests weren't quite right.
544

545
546
1684.	[func]		ixfr-from-differences now takes master and slave in
			addition to yes and no at the options and view levels.
Mark Andrews's avatar
Mark Andrews committed
547

548
549
1683.	[bug]		dig +sigchase could leak memory. [RT #11445]

550
551
1682.	[port]		Update configure test for (long long) printf format.
			[RT #5066]
Mark Andrews's avatar
Mark Andrews committed
552

553
554
1681.	[bug]		Only set SO_REUSEADDR when a port is specified in
			isc_socket_bind(). [RT #11742]
Mark Andrews's avatar
Mark Andrews committed
555

556
1680.	[func]		rndc: the source address can now be specified.
Mark Andrews's avatar
Mark Andrews committed
557

558
559
560
1679.	[bug]		When there was a single nameserver with multiple
			addresses for a zone not all addresses were tried.
			[RT #11706]
Mark Andrews's avatar
Mark Andrews committed
561

562
563
1678.	[bug]		RRSIG should use TYPEXXXXX for unknown types.

564
565
1677.	[bug]		dig: +aaonly didn't work, +aaflag undocumented.

566
567
568
569
570
571
1676.	[func]		New option "allow-query-cache".  This lets
			allow-query be used to specify the default zone
			access level rather than having to have every
			zone override the global value.  allow-query-cache
			can be set at both the options and view levels.
			If allow-query-cache is not set allow-query applies.
Mark Andrews's avatar
Mark Andrews committed
572

573
574
575
1675.	[bug]		named would sometimes add extra NSEC records to
			the authority section.
			
576
577
578
1674.	[port]		linux: increase buffer size used to scan
			/proc/net/if_inet6.

579
580
581
1673.	[port]		linux: issue a error messages if IPv6 interface
			scans fails.

Mark Andrews's avatar
Mark Andrews committed
582
1672.	[cleanup]	Tests which only function in a threaded build
583
584
585
586
			now return R:THREADONLY (rather than R:UNTESTED)
			in a non-threaded build.

1671.	[contrib]	queryperf: add NAPTR to the list of known types.
587

588
589
590
591
592
1670.	[func]		Log UPDATE requests to slave zones without an acl as
			"disabled" at debug level 3. [RT# 11657]

1669.	[placeholder]

593
594
1668.	[bug]		DIG_SIGCHASE was making bin/dig/host dump core.

595
596
1667.	[port]		linux: not all versions have IF_NAMESIZE.

597
598
1666.	[bug]		The optional port on hostnames in dual-stack-servers
			was being ignored.
Mark Andrews's avatar
Mark Andrews committed
599

600
601
1665.	[func]		rndc now allows addresses to be set in the
			server clauses.
Mark Andrews's avatar
Mark Andrews committed
602

Rob Austein's avatar
1664    
Rob Austein committed
603
604
1664.	[bug]		nsupdate needed KEY for SIG(0), not DNSKEY.

605
1663.	[func]		Look for OpenSSL by default.
Mark Andrews's avatar
Mark Andrews committed
606

Mark Andrews's avatar
wording    
Mark Andrews committed
607
608
1662.	[bug]		Change #1658 failed to change one use of 'type'
			to 'keytype'.
609

610
611
1661.	[bug]		Restore dns_name_concatenate() call in
			adb.c:set_target().  [RT #11582]
Mark Andrews's avatar
Mark Andrews committed
612

613
614
1660.	[bug]		win32: connection_reset_fix() was being called
			unconditionally.  [RT #11595]
Mark Andrews's avatar
Mark Andrews committed
615

616
617
618
619
620
621
622
1659.	[cleanup]	Cleanup some messages that were referring to KEY vs
			DNSKEY, NXT vs NSEC and SIG vs RRSIG.

1658.	[func]		Update dnssec-keygen to default to KEY for HMAC-MD5
			and DH.  Tighten which options apply to KEY and
			DNSKEY records.

623
624
625
626
627
1657.	[doc]		ARM: document query log output.

1656.	[doc]		Update DNSSEC description in ARM to cover DS, NSEC
			DNSKEY and RRSIG.  [RT #11542]

628
629
1655.	[bug]		Logging multiple versions w/o a size was broken.
			[RT #11446]
Mark Andrews's avatar
Mark Andrews committed
630

631
632
1654.	[bug]		isc_result_totext() contained array bounds read
			error.
Mark Andrews's avatar
Mark Andrews committed
633

634
635
636
1653.	[func]		Add key type checking to dst_key_fromfilename(),
			DST_TYPE_KEY should be used to read TSIG, TKEY and
			SIG(0) keys.
Mark Andrews's avatar
Mark Andrews committed
637

638
1652.	[bug]		TKEY still uses KEY.
Mark Andrews's avatar
Mark Andrews committed
639

640
641
642
643
1651.	[bug]		dig: process multiple dash options.

1650.	[bug]		dig, nslookup: flush standard out after each command.

644
645
1649.	[bug]		Silence "unexpected non-minimal diff" message.
			[RT #11206]
Mark Andrews's avatar
Mark Andrews committed
646

647
648
649
1648.	[func]		Update dnssec-lookaside named.conf syntax to support
			multiple dnssec-lookaside namespaces (not yet
			implemented).  
Mark Andrews's avatar
Mark Andrews committed
650

651
652
653
1647.	[bug]		It was possible trigger a INSIST when chasing a DS
			record that required walking back over a empty node.
			[RT #11445]
Mark Andrews's avatar
Mark Andrews committed
654

655
656
1646.	[bug]		win32: logging file versions didn't work with
			non-UNC filenames.  [RT#11486]
Mark Andrews's avatar
Mark Andrews committed
657

658
659
660
1645.	[bug]		named could trigger a REQUIRE failure if multiple
			masters with keys are specified.

661
662
1644.	[bug]		Update the journal modification time after a
			sucessfull refresh query. [RT #11436]
Mark Andrews's avatar
Mark Andrews committed
663

664
665
666
1643.	[bug]		dns_db_closeversion() could leak memory / node
			references. [RT #11163]

667
668
669
1642.	[port]		Support OpenSSL implementations which don't have
			DSA support. [RT #11360]

670
671
1641.	[bug]		Update the check-names description in ARM. [RT #11389]

672
673
674
1640.	[bug]		win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
			incorrectly closing the socket.  [RT #11291]

675
676
1639.	[func]		Initial dlv system test.

677
678
679
1638.	[bug]		"ixfr-from-differences" could generate a REQUIRE
			failure if the journal open failed. [RT #11347]
			
680
681
1637.	[bug]		Node reference leak on error in addnoqname().

682
683
684
685
1636.	[bug]		The dump done callback could get ISC_R_SUCCESS even if
			a error had occured.  The database version no longer
			matched the version of the database that was dumped.

686
687
1635.	[bug]		Memory leak on error in query_addds().

688
689
1634.	[bug]		named didn't supply a useful error message when it
			detected duplicate views.  [RT #11208]
Mark Andrews's avatar
Mark Andrews committed
690

691
692
693
1633.	[bug]		named should return NOTIMP to update requests to a
			slaves without a allow-update-forwarding acl specified.
			[RT #11331]
Mark Andrews's avatar
Mark Andrews committed
694

695
696
1632.	[bug]		nsupdate failed to send prerequisite only UPDATE
			messages. [RT #11288]
Mark Andrews's avatar
Mark Andrews committed
697

698
699
700
1631.	[bug]		dns_journal_compact() could sometimes corrupt the
			journal. [RT #11124]

701
1630.	[contrib]	queryperf: add support for IPv6 transport.
702

703
704
1629.	[func]		dig now supports IPv6 scoped addresses with the
			extended format in the local-server part. [RT #8753]
705

706
707
1628.	[bug]		Typo in Compaq Trucluster support. [RT# 11264]

708
709
710
1627.	[bug]		win32: sockets were not being closed when the
			last external reference was removed. [RT# 11179]

711
712
1626.	[bug]		--enable-getifaddrs was broken. [RT#11259]

713
714
1625.	[bug]		named failed to load/transfer RFC2535 signed zones
			which contained CNAMES. [RT# 11237]
Mark Andrews's avatar
Mark Andrews committed
715

716
717
1624.	[bug]		zonemgr_putio() call should be locked. [RT# 11163]

718
719
720
1623.	[bug]		A serial number of zero was being displayed in the
			"sending notifies" log message when also-notify was
			used. [RT #11177]
Mark Andrews's avatar
Mark Andrews committed
721

722
723
1622.	[func]		probe the system to see if IPV6_(RECV)PKTINFO is
			available, and suppress wildcard binding if not.
724

725
726
1621.	[bug]		match-destinations did not work for IPv6 TCP queries.
			[RT# 11156]
727

728
1620.	[func]		When loading a zone report if it is signed. [RT #11149]
Mark Andrews's avatar
Mark Andrews committed
729

730
731
732
1619.	[bug]		Missing ISC_LIST_UNLINK in end_reserved_dispatches().
			[RT# 11118]

733
734
735
1618.	[bug]		Fencepost errors in dns_name_ishostname() and
			dns_name_ismailbox() could trigger a INSIST().

736
737
1617.	[port]		win32: VC++ 6.0 support.

738
739
1616.	[compat]	Ensure that named's version is visible in the core
			dump. [RT #11127]
Mark Andrews's avatar
Mark Andrews committed
740

741
742
743
1615.	[port]		Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
			it is defined.

744
1614.	[port]		win32: silence resource limit messages. [RT# 11101]
Mark Andrews's avatar
Mark Andrews committed
745

746
747
748
1613.	[bug]		Builds would fail on machines w/o a if_nametoindex().
			Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
			[RT #11119]
Mark Andrews's avatar
Mark Andrews committed
749

750
751
1612.	[bug]		check-names at the option/view level could trigger
			an INSIST. [RT# 11116]
Mark Andrews's avatar
Mark Andrews committed
752

753
754
1611.	[bug]		solaris: IPv6 interface scanning failed to cope with
			no active IPv6 interfaces.
Mark Andrews's avatar
Mark Andrews committed
755

756
757
758
1610.	[bug]		On dual stack machines "dig -b" failed to set the
			address type to be looked up with "@server".
			[RT #11069]
Mark Andrews's avatar
Mark Andrews committed
759

760
761
762
1609.	[func]		dig now has support to chase DNSSEC signature chains.
			Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.

Mark Andrews's avatar
Mark Andrews committed
763
764
765
766
			DNSSEC validation code in dig coded by Olivier Courtay
			(olivier.courtay@irisa.fr) for the IDsA project
			(http://idsa.irisa.fr).

767
768
769
1608.	[func]		dig and host now accept -4/-6 to select IP transport
			to use when making queries.

770
771
772
1607.	[bug]		dig, host and nslookup were still using random()
			to generate query ids. [RT# 11013]

Mark Andrews's avatar
Mark Andrews committed
773
1606.	[bug]	 	DLV insecurity proof was failing.
774
775

1605.	[func]		New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
Mark Andrews's avatar
Mark Andrews committed
776

777
778
779
780
1604.	[bug]		A xfrout_ctx_create() failure would result in
			xfrout_ctx_destroy() being called with a
			partially initaliased structure.
			
781
782
1603.	[bug]		nsupdate: set interactive based on isatty().
			[RT# 10929]
Mark Andrews's avatar
Mark Andrews committed
783

784
785
1602.	[bug]		Logging to a file failed unless a size was specified.
			[RT# 10925]
Mark Andrews's avatar
Mark Andrews committed
786

787
788
789
1601.	[bug]		Silence spurious warning 'both "recursion no;" and 
			"allow-recursion" active' warning from view "_bind".
			[RT# 10920]
Mark Andrews's avatar
Mark Andrews committed
790

791
792
1600.	[bug]		Duplicate zone pre-load checks were not case
			insensitive.
Mark Andrews's avatar
Mark Andrews committed
793

794
1599.	[bug]		Fix memory leak on error path when checking named.conf.
Mark Andrews's avatar
Mark Andrews committed
795

796
797
1598.	[func]		Specify that certain parts of the namespace must
			be secure (dnssec-must-be-secure).
Mark Andrews's avatar
Mark Andrews committed
798

Mark Andrews's avatar
Mark Andrews committed
799
800
1597.	[placeholder]	rt6496a

801
1596.	[func]		Accept 'notify-source' style syntax for query-source.
Mark Andrews's avatar
Mark Andrews committed
802

803
804
1595.	[func]		New notify type 'master-only'.  Enable notify for
			master zones only.
Mark Andrews's avatar
Mark Andrews committed
805

806
807
1594.	[bug]		'rndc dumpdb' could prevent named from answering
			queries while the dump was in progress.  [RT #10565]
Mark Andrews's avatar
Mark Andrews committed
808

809
810
1593.	[bug]		rndc should return "unknown command" to unknown
			commands. [RT# 10642]
Mark Andrews's avatar
Mark Andrews committed
811

Mark Andrews's avatar
Mark Andrews committed
812
1592.	[bug]		configure_view() could leak a dispatch. [RT# 10675]
813

814
815
1591.	[bug]		libbind: updated to BIND 8.4.5.

816
817
1590.	[port]		netbsd: update thread support.

818
819
1589.	[func]		DNSSEC lookaside validation.

820
821
1588.	[bug]		win32: TCP sockets could become blocked. [RT #10115]

822
823
1587.	[bug]		dns_message_settsigkey() failed to clear existing key.
			[RT #10590]
Mark Andrews's avatar
Mark Andrews committed
824

825
826
1586.	[func]		"check-names" is now implemented.

Mark Andrews's avatar
Mark Andrews committed
827
1585.	[placeholder]
Mark Andrews's avatar
Mark Andrews committed
828

Mark Andrews's avatar
Mark Andrews committed
829
1584.	[bug]		"make test" failed with a read only source tree.
830
			[RT #10461]
Mark Andrews's avatar
Mark Andrews committed
831

832
833
1583.	[bug]		Records add via UPDATE failed to get the correct trust
			level. [RT #10452]
Mark Andrews's avatar
Mark Andrews committed
834

835
836
1582.	[bug]		rrset-order failed to work on RRsets with more
			than 32 elements. [RT #10381]
Mark Andrews's avatar
Mark Andrews committed
837

838
1581.	[func]		Disable DNSSEC support by default.  To enable
839
			DNSSEC specify "dnssec-enable yes;" in named.conf.
840

Mark Andrews's avatar
Mark Andrews committed
841
1580.	[bug]		Zone destruction on final detach takes a long time.
842
			[RT #3746]
Mark Andrews's avatar
Mark Andrews committed
843

844
1579.	[bug]		Multiple task managers could not be created.
Mark Andrews's avatar
Mark Andrews committed
845

846
847
1578.	[bug]		Don't use CLASS E IPv4 addresses when resolving.
			[RT #10346]
Mark Andrews's avatar
Mark Andrews committed
848

849
850
1577.	[bug]		Use isc_uint32_t in ultrasparc optimizer bug
			workaround code. [RT #10331]
Mark Andrews's avatar
Mark Andrews committed
851

852
853
1576.	[bug]		Race condition in dns_dispatch_addresponse().
			[RT# 10272]
Mark Andrews's avatar
Mark Andrews committed
854

855
1575.	[func]		Log TSIG name on TSIG verify failure. [RT #4404]
Mark Andrews's avatar
Mark Andrews committed
856

857
858
859
1574.	[bug]		Don't attempt to open the controls socket(s) when
			running tests. [RT #9091]

860
861
862
1573.	[port]		linux: update to libtool 1.5.2 so that
			"make install DESTDIR=/xx" works with
			"configure --with-libtool".  [RT #9941]
Mark Andrews's avatar
Mark Andrews committed
863

864
865
1572.	[bug]		nsupdate: sign the soa query to find the enclosing
			zone if the server is specified. [RT #10148]
Mark Andrews's avatar
Mark Andrews committed
866

867
1571.	[bug]		rbt:hash_node() could fail leaving the hash table
Mark Andrews's avatar
Mark Andrews committed
868
			in an inconsistent state.  [RT #10208]
Mark Andrews's avatar
Mark Andrews committed
869

870
871
872
1570.	[bug]		nsupdate failed to handle classes other than IN.
			New keyword 'class' which sets the default class.
			[RT #10202]
Mark Andrews's avatar
Mark Andrews committed
873

874
875
1569.	[func]		nsupdate new command 'answer' which displays the
			complete answer message to the last update.
Mark Andrews's avatar
Mark Andrews committed
876

877
1568.	[bug]		nsupdate now reports that the update failed in
Mark Andrews's avatar
Mark Andrews committed
878
			interactive mode. [RT# 10236]
Mark Andrews's avatar
Mark Andrews committed
879

880
881
1567.	[bug]		B.ROOT-SERVERS.NET is now 192.228.79.201.

882
883
884
885
1566.	[port]		Support for the cmsg framework on Solaris and HP/UX.
			This also solved the problem that match-destinations
			for IPv6 addresses did not work on these systems.
			[RT #10221]
886

Mark Andrews's avatar
Mark Andrews committed
887
888
889
1565.	[bug]		CD flag should be copied to outgoing queries unless
			the query is under a secure entry point in which case
			CD should be set.
890

891
892
893
894
895
1564.	[func]		Attempt to provide a fallback entropy source to be
			used if named is running chrooted and named is unable
			to open entropy source within the chroot area.
			[RT #10133]

Mark Andrews's avatar
Mark Andrews committed
896
897
1563.	[bug]		Gracefully fail when unable to obtain neither an IPv4
			nor an IPv6 dispatch. [RT #10230]
898

899
900
901
1562.	[bug]		isc_socket_create() and isc_socket_accept() could
			leak memory under error conditions. [RT #10230]

902
903
904
1561.	[bug]		It was possible to release the same name twice if
			named ran out of memory. [RT #10197]

905
906
907
1560.	[port]		FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
			and EAI_NONAME to the same value.

908
1559.	[port]		named should ignore SIGFSZ.
Mark Andrews's avatar
Mark Andrews committed
909

910
911
912
913
914
915
916
917
918
1558.	[func]		New DNSSEC 'disable-algorithms'.  Support entry into
			child zones for which we don't have a supported
			algorithm.  Such child zones are treated as unsigned.

1557.	[func]		Implement missing DNSSEC tests for
			* NOQNAME proof with wildcard answers.
			* NOWILDARD proof with NXDOMAIN.
			Cache and return NOQNAME with wildcard answers.

Mark Andrews's avatar
Mark Andrews committed
919
1556.	[bug]		nsupdate now treats all names as fully qualified.
920
			[RT #6427]
Mark Andrews's avatar
Mark Andrews committed
921

Mark Andrews's avatar
now->no    
Mark Andrews committed
922
1555.	[func]		'rrset-order cyclic' no longer has a random starting
923
924
			point. [RT #7572]

Mark Andrews's avatar
Mark Andrews committed
925
1554.	[bug]		dig, host, nslookup failed when no nameservers
926
927
			were specified in /etc/resolv.conf. [RT #8232]

928
1553.	[bug]		The windows socket code could stop accepting
Mark Andrews's avatar
Mark Andrews committed
929
			connections. [RT#10115]
930

931
932
1552.	[bug]		Accept NOTIFY requests from mapped masters if
			matched-mapped is set. [RT #10049]
Mark Andrews's avatar
Mark Andrews committed
933

934
935
1551.	[port]		Open "/dev/null" before calling chroot().

936
937
1550.	[port]		Call tzset(), if available, before calling chroot().

938
939
940
1549.	[func]		named-checkzone can now write out the zone contents
			in a easily parsable format (-D and -o).

Mark Andrews's avatar
Mark Andrews committed
941
942
943
1548.	[bug]		When parsing APL records it was possible to silently
			accept out of range ADDRESSFAMILY values. [RT# 9979]

944
945
946
1547.	[bug]		Named wasted memory recording duplicate lame zone
			entries. [RT #9341]

947
948
949
1546.	[bug]		We were rejecting valid secure CNAME to negative
			answers.

950
951
952
953
1545.	[bug]		It was possible to leak memory if named was unable to
			bind to the specified transfer source and TSIG was
			being used. [RT #10120]

954
955
1544.	[bug]		Named would logged a single entry to a file despite it
			being over the specified size limit.
Mark Andrews's avatar
Mark Andrews committed
956

957
1543.	[bug]		Logging using "versions unlimited" did not work.
Mark Andrews's avatar
Mark Andrews committed
958

Mark Andrews's avatar
Mark Andrews committed
959
960
1542.	[placeholder]

961
1541.	[func]		NSEC now uses new bitmap format.
Mark Andrews's avatar
Mark Andrews committed
962

963
964
1540.	[bug]		"rndc reload <dynamiczone>" was silently accepted.
			[RT #8934]