CHANGES 245 KB
Newer Older
1 2 3 4
2362.   [cleanup]       Make "rrset-order fixed" a compile-time option.
                        settable by "./configure --enable-fixed-rrset".
                        Disabled by default. [rt17977]

5 6 7
2361.	[bug]		"recursion" statistics counter could be counted
			multiple times for a single query.  [RT #17990]

8 9 10
2360.	[bug]		Fix a condition where we release a database version
			(which may acquire a lock) while holding the lock.

11 12
2359.	[bug]		Fix NSID bug. [RT #17942]

13 14
2358.	[doc]		Update host's default query description. [RT #17934]

15 16 17
2357.	[port]		Don't use OpenSSL's engine support in versions before
			OpenSSL 0.9.7f. [RT #17922]

18 19 20
2356.	[bug]		Builtin mutex profiler was not scalable enough.
			[RT #17436]

21 22 23
2355.	[func]		Extend the number statistics counters available.
			[RT #17590]

24 25 26
2354.	[bug]		Failed to initialise sone rdatasetheader_t elements.
			[RT #17927]

27 28 29 30 31 32 33
2353.	[func]		Add support for Name Server ID (RFC 5001).
			'dig +nsid' requests NSID from server.
			'request-nsid yes;' causes recursive server to send
			NSID requests to upstream servers.  Server responds
			to NSID requests with the string configured by
			'server-id' option.  [RT #17091]

34 35
2352.	[bug]		Various GSS_API fixups. [RT #17729]

36 37
2351.	[bug]		convertxsl.pl generated very long lines. [RT #17906]

38 39
2350.	[port]		win32: IPv6 support. [RT #17797]

40 41 42
2349.	[func]		Provide incremental re-signing support for secure
			dynamic zones. [RT #1091]

Francis Dupont's avatar
Francis Dupont committed
43 44 45 46
2348.	[func]		Use the EVP interface to OpenSSL. Add PKCS#11 support.
			Documentation is in the new README.pkcs11 file.
			[RT #16844]

Francis Dupont's avatar
Francis Dupont committed
47 48 49
2347.	[bug]		Delete now traverses the RB tree in the canonical
			order. [RT #17451]

50 51 52
2346.	[func]		Memory statistics now cover all active memory contexts
			in increased detail. [RT #17580]

53 54 55 56
2345.	[bug]		named-checkconf failed to detect when forwarders
			were set at both the options/view level and in
			a root zone. [RT #17671]

57 58 59
2344.	[bug]		Improve "logging{ file ...; };" documentation.
			[RT #17888]

60 61 62
2343.	[bug]		(Seemingly) duplicate IPv6 entries could be
			created in ADB. [RT #17837]

63 64
2342.	[func]		Use getifaddrs() if available under Linux. [RT #17224]

65 66 67
2341.	[bug]		libbind: add missing -I../include for off source
			tree builds. [RT #17606]

68 69
2340.	[port]		openbsd: interface configuration. [RT #17700]

70 71
2339.	[port]		tru64: support for libbind. [RT #17589]

Mark Andrews's avatar
Mark Andrews committed
72
2338.	[bug]		check_ds() could be called with a non DS rdataset.
73 74
			[RT #17598]

Mark Andrews's avatar
Mark Andrews committed
75
2337.	[bug]		BUILD_LDFLAGS was not being correctly set.  [RT #17614]
76

77 78 79 80
2336.	[func]		If "named -6" is specified then listen on all IPv6
			interfaces if there are not listen-on-v6 clauses in
			named.conf.  [RT #17581]

81 82 83
2335.	[port]		sunos:  libbind and *printf() support for long long. 
			[RT #17513]

84 85 86
2334.	[bug]		Bad REQUIRES in fromstruct_in_naptr(),  off by one
			bug in fromstruct_txt(). [RT #17609]
			
87 88 89
2333.	[bug]		Fix off by one error in isc_time_nowplusinterval().
			[RT #17608]

90 91
2332.	[contrib]	query-loc-0.4.0. [RT #17602]

Mark Andrews's avatar
80 cols  
Mark Andrews committed
92
2331.	[bug]		Failure to regenerate any signatures was not being
Mark Andrews's avatar
Mark Andrews committed
93 94
			reported nor being past back to the UPDATE client.
			[RT #17570]
95

96 97 98 99 100 101 102
2330.	[bug]		Remove potential race condition when handling
			over memory events. [RT #17572]

			WARNING: API CHANGE: over memory callback
			function now needs to call isc_mem_waterack().
			See <isc/mem.h> for details.

103 104
2329.	[bug]		Clearer help text for dig's '-x' and '-i' options.

105
2328.	[maint]		Add AAAA addresses for A.ROOT-SERVERS.NET,
106 107 108 109
			F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
			J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
			M.ROOT-SERVERS.NET.

Mark Andrews's avatar
Mark Andrews committed
110 111 112
2327.	[bug]		It was possible to dereference a NULL pointer in
			rbtdb.c.  Implement deadnode processing in zones as
			we do for caches. [RT #17312]
113

114 115 116
2326.	[bug]		It was possible to trigger a INSIST in the acache
			processing.

117 118
2325.	[port]		Linux: use capset() function if available. [RT #17557]

Mark Andrews's avatar
80 cols  
Mark Andrews committed
119
2324.	[bug]		Fix IPv6 matching against "any;". [RT #17533]
120

121 122
2323.	[port]		tru64: namespace clash. [RT #17547]

123 124 125
2322.	[port]		MacOS: work around the limitation of setrlimit()
			for RLIMIT_NOFILE. [RT #17526]

Mark Andrews's avatar
Mark Andrews committed
126 127
2321.	[placeholder]

128 129 130
2320.	[func]		Make statistics couters thread-safe for platforms
			that support certain atomic operations. [RT #17466]

131
2319.	[bug]		Silence Coverity warnings in 
Evan Hunt's avatar
Evan Hunt committed
132
			lib/dns/rdata/in_1/apl_42.c. [RT #17469]
133

134
2318.	[port]		sunos fixes for libbind.  [RT #17514]
135

136 137
2317.	[bug]		"make distclean" removed bind9.xsl.h. [RT #17518]

138 139 140
2316.	[port]		Missing #include <isc/print.h> in lib/dns/gssapictx.c.
			[RT #17513]

141 142 143
2315.   [bug]           Used incorrect address family for mapped IPv4
                        addresses in acl.c. [RT #17519]

144 145 146
2314.	[bug]		Uninitialized memory use on error path in
			bin/named/lwdnoop.c.  [RT #17476]

147 148 149
2313.	[cleanup]	Silence Coverity warnings. Handle private stacks.
			[RT #17447] [RT #17478]

150 151 152
2312.	[cleanup]	Silence Coverity warning in lib/isc/unix/socket.c.
			[RT #17458]

153 154 155
2311.   [bug]           IPv6 addresses could match IPv4 ACL entries and
                        vice versa. [RT #17462]

Mark Andrews's avatar
Mark Andrews committed
156
2310.	[bug]		dig, host, nslookup: flush stdout before emitting
157
			debug/fatal messages.  [RT #17501]
158

159 160 161
2309.   [cleanup]       Fix Coverity warnings in lib/dns/acl.c and iptable.c.
                        [RT #17455]

162 163 164
2308.	[cleanup]	Silence Coverity warning in bin/named/controlconf.c.
			[RT #17495]

165 166
2307.	[bug]		Remove infinite loop from lib/dns/sdb.c. [RT #17496]

167 168 169
2306.	[bug]		Remove potential race from lib/dns/resolver.c.
			[RT #17470]

170 171
2305.	[security]	inet_network() buffer overflow. CVE-2008-0122.

172 173 174
2304.	[bug]		Check returns from all dns_rdata_tostruct() calls.
			[RT #17460]

175 176 177
2303.	[bug]		Remove unnecessary code from bin/named/lwdgnba.c.
			[RT #17471]

178 179
2302.	[bug]		Fix memset() calls in lib/tests/t_api.c. [RT #17472]

180 181 182
2301.	[bug]		Remove resource leak and fix error messages in
			bin/tests/system/lwresd/lwtest.c. [RT #17474]

183 184 185
2300.	[bug]		Fixed failure to close open file in 
			bin/tests/names/t_names.c. [RT #17473]

186 187 188
2299.	[bug]		Remove unnecessary NULL check in
			bin/nsupdate/nsupdate.c. [RT #17475]

189 190 191
2298.	[bug]		isc_mutex_lock() failure not caught in
			bin/tests/timers/t_timers.c. [RT #17468]

192 193 194
2297.	[bug]		isc_entropy_createfilesource() failure not caught in
			bin/tests/dst/t_dst.c. [RT #17467]

195 196 197
2296.	[port]		Allow docbook stylesheet location to be specified to
			configure. [RT #17457]

198 199 200
2295.	[bug]		Silence static overrun error in bin/named/lwaddr.c.
			[RT #17459]

201 202 203 204 205
2294.	[func]		Allow the experimental statistics channels to have
			multiple connections and ACL.
			Note: the stats-server and stats-server-v6 options
			available in the previous beta releases are replaced
			with the generic statistics-channels statment.
206

207 208
2293.	[func]		Add ACL regression test. [RT #17375]

209 210 211 212 213 214
2292.	[bug]		Log if the working directory is not writable.
			[RT #17312]

2291.   [bug]           PR_SET_DUMPABLE may be set too late.  Also report
			failure to set PR_SET_DUMPABLE. [RT #17312]

215 216 217
2290.	[bug]		Let AD in the query signal that the client wants AD
			set in the response. [RT #17301]

218 219 220
2289.	[func]		named-checkzone now reports the out-of-zone CNAME
			found. [RT #17309]

221 222 223
2288.	[port]		win32: mark service as running when we have finished
			loading.  [RT #17441]

224 225
2287.	[bug]		Use 'volatile' if the compiler supports it. [RT #17413]

226 227 228 229 230
2286.	[func]		Allow a TCP connection to be used as a weak
			authentication method for reverse zones.
			New update-policy methods tcp-self and 6to4-self.
			[RT #17378]

231 232 233
2285.	[func]		Test framework for client memory context management.
			[RT #17377]

234 235 236
2284.	[bug]		Memory leak in UPDATE prerequisite processing.
			[RT #17377]

237 238 239 240 241
2283.	[bug]		TSIG keys were not attaching to the memory
			context.  TSIG keys should use the rings
			memory context rather than the clients memory
			context. [RT #17377]

242
2282.	[bug]		Acl code fixups. [RT #17346] [RT #17374]
243

244 245 246
2281.	[bug]		Attempts to use undefined acls were not being logged.
			[RT #17307]

247 248 249
2280.	[func]		Allow the experimental http server to be reached
			over IPv6 as well as IPv4. [RT #17332]

250 251 252 253
2279.   [bug]           Use setsockopt(SO_NOSIGPIPE), when available,
			to protect applications from receiving spurious
			SIGPIPE signals when using the resolver.

254 255 256
2278.	[bug]		win32: handle the case where Windows returns no
			searchlist or DNS suffix. [RT #17354]

257 258 259
2277.	[bug]		Empty zone names were not correctly being caught at
			in the post parse checks. [RT #17357]

260 261
2276.	[bug]		Install <dst/gssapi.h>.  [RT# 17359]

262 263 264
2275.	[func]		Add support to dig to perform IXFR queries over UDP.
			[RT #17235]

Mark Andrews's avatar
Mark Andrews committed
265
2274.	[func]		Log zone transfer statistics. [RT #17336]
266

267 268 269
2273.	[bug]		Adjust log level to WARNING when saving inconsistant
			stub/slave master and journal files. [RT# 17279]

270 271 272
2272.	[bug]		Handle illegal dnssec-lookaside trust-anchor names.
			[RT #17262]

Michael Graff's avatar
Michael Graff committed
273 274
2271.	[bug]		Fix a memory leak in http server code [RT #17100]

275 276 277
2270.	[bug]		dns_db_closeversion() version->writer could be reset
			before it is tested. [RT #17290]

278 279
2269.	[contrib]	dbus memory leaks and missing va_end calls. [RT #17232]

280 281 282
2268.	[bug]		0.IN-ADDR.ARPA was missing from the empty zones
			list.

283 284
	--- 9.5.0b1 released ---

285 286 287 288
2267.   [bug]           Radix tree node_num value could be set incorrectly,
                        causing positive ACL matches to look like negative
                        ones.  [RT #17311]

289 290 291
2266.	[bug]		client.c:get_clientmctx() returned the same mctx
			once the pool of mctx's was filled. [RT #17218]

292 293 294
2265.	[bug]		Test that the memory context's basic_table is non NULL
			before freeing.  [RT #17265]

295 296
2264.	[bug]		Server prefix length was being ignored. [RT #17308]

297 298 299
2263.	[bug]		"named-checkconf -z" failed to set default value
			for "check-integrity".  [RT #17306]

300 301 302
2262.	[bug]		Error status from all but the last view could be
			lost. [RT #17292]

303 304
2261.   [bug]           Fix memory leak with "any" and "none" ACLs [RT #17272]

305
2260.	[bug]		Reported wrong clients-per-query when increasing the
306
                        value. [RT #17236]
Mark Andrews's avatar
Mark Andrews committed
307

308 309
2259.	[placeholder]

Mark Andrews's avatar
Mark Andrews committed
310 311
	--- 9.5.0a7 released ---

312 313 314
2258.	[bug]		Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
			[RT #17241]

315 316 317
2257.	[bug]		win32: Use the full path to vcredist_x86.exe when
			calling it. [RT #17222]

318 319 320
2256.	[bug]		win32: Correctly register the installation location of
			bindevt.dll. [RT #17159]

321
2255.	[maint]		L.ROOT-SERVERS.NET is now 199.7.83.42.
322

323 324 325 326 327
2254.	[bug]		timer.c:dispatch() failed to lock timer->lock
			when reading timer->idle allowing it to see
			intermediate values as timer->idle was reset by
			isc_timer_touch(). [RT #17243]

Mark Andrews's avatar
Mark Andrews committed
328
2253.	[func]	 	"max-cache-size" defaults to 32M.
Mark Andrews's avatar
Mark Andrews committed
329 330
			"max-acache-size" defaults to 16M.

331
2252.   [bug]           Fixed errors in sortlist code [RT #17216]
332

333 334 335 336 337 338 339
2251.	[placeholder]

2250.	[func]		New flag 'memstatistics' to state whether the
			memory statistics file should be written or not.
			Additionally named's -m option will cause the
			statistics file to be written. [RT #17113]
			
340 341 342
2249.   [bug]           Only set Authentic Data bit if client requested
                        DNSSEC, per RFC 3655 [RT #17175]

343 344
2248.   [cleanup]       Fix several errors reported by Coverity. [RT #17160]

345 346
2247.	[doc]		Sort doc/misc/options. [RT #17067]

347 348 349
2246.	[bug]		Make the startup of test servers (ans.pl) more
			robust. [RT #17147]

350 351 352
2245.	[bug]		Validating lack of DS records at trust anchors wasn't
			working. [RT #17151]

353 354 355 356
2244.	[func]		Allow the check of nameserver names against the
			SOA MNAME field to be disabled by specifying
			'notify-to-soa yes;'.  [RT #17073]

357 358 359
2243.	[func]		Configuration files without a newline at the end now
			parse without error. [RT #17120]

360 361 362 363
2242.	[bug]		nsupdate: GSS-TSIG support using the Heimdal Kerberos
			library could require a source of random data.
			[RT #17127]

364 365 366 367 368 369 370 371
2241.	[func]		nsupdate: add a interative 'help' command. [RT #17099]

2240.	[bug]		Cleanup nsupdates GSS-TSIG support.  Convert
			a number of INSIST()s into plain fatal() errors
			which report the triggering result code.
			The 'key' command wasn't disabling GSS-TSIG.
			[RT #17099]

372 373
2239.	[func]		Ship a prebuilt bin/named/bind9.xsl.h. [RT #17114]

374 375 376
2238.	[bug]		It was possible to trigger a REQUIRE when a
			validation was cancelled. [RT #17106]

377 378
2237.	[bug]		libbind: res_init() was not thread aware. [RT #17123]

Mark Andrews's avatar
Mark Andrews committed
379
2236.	[bug]		dnssec-signzone failed to preserve the case of
Mark Andrews's avatar
Mark Andrews committed
380
			of wildcard owner names. [RT #17085]
381

382 383
2235.	[bug]		<isc/atomic.h> was not being installed. [RT #17135]

Evan Hunt's avatar
Evan Hunt committed
384 385
2234.   [port]          Correct some compiler warnings on SCO OSr5 [RT #17134]
  
386 387 388 389
2233.   [func]          Add support for O(1) ACL processing, based on
                        radix tree code originally written by kevin
                        brintnall. [RT #16288]

390 391 392
2232.	[bug]		dns_adb_findaddrinfo() could fail and return
			ISC_R_SUCCESS. [RT #17137]

393 394 395
2231.	[bug]		Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
			[RT #17088]

396 397 398
2230.	[bug]		We could INSIST reading a corrupted journal.
			[RT #17132]

Mark Andrews's avatar
Mark Andrews committed
399
2229.	[bug]		Null pointer dereference on query pool creation
400 401
			failure. [RT #17133]

Mark Andrews's avatar
Mark Andrews committed
402
2228.	[contrib]	contrib: Change 2188 was incomplete.
403

404 405
2227.	[cleanup]	Tidied up the FAQ. [RT #17121]

Mark Andrews's avatar
Mark Andrews committed
406 407
2226.	[placeholder]

408 409 410
2225.	[bug]		More support for systems with no IPv4 addresses.
		        [RT #17111]

411 412 413 414 415
2224.	[bug]		Defer journal compaction if a xfrin is in progress.
			[RT #17119]

2223.	[bug]		Make a new journal when compacting. [RT #17119]

416 417 418
2222.	[func]		named-checkconf now checks server key references.
		        [RT #17097]

419
2221.	[bug]		Set the event result code to reflect the actual
Mark Andrews's avatar
Mark Andrews committed
420 421 422
			record turned to caller when a cache update is
			rejected due to a more credible answer existing.
			[RT #17017]
423

424 425 426
2220.	[bug]		win32: Address a race condition in final shutdown of
			the Windows socket code. [RT #17028]
			
427
2219.	[bug]		Apply zone consistancy checks to additions, not
Mark Andrews's avatar
Mark Andrews committed
428
			removals, when updating. [RT #17049]
429

430 431 432
2218.	[bug]		Remove unnecessary REQUIRE from dns_validator_create().
			[RT #16976]

433 434
2217.	[func]		Adjust update log levels. [RT #17092]

435 436 437
2216.	[cleanup]	Fix a number of errors reported by Coverity.
		        [RT #17094]

438 439
2215.	[bug]		Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]

440 441 442 443
2214.	[bug]		Deregister OpenSSL lock callback when cleaning
			up.  Reorder OpenSSL cleanup so that RAND_cleanup()
			is called before the locks are destroyed. [RT #17098]

444 445 446
2213.	[bug]		SIG0 diagnostic failure messages were looking at the
			wrong status code. [RT #17101]

Mark Andrews's avatar
Mark Andrews committed
447
2212.	[func]		'host -m' now causes memory statistics and active
448 449
			memory to be printed at exit. [RT 17028]

450 451 452
2211.	[func]		Update "dynamic update temporarily disabled" message.
			[RT #17065]

453 454 455
2210.	[bug]		Deleting class specific records via UPDATE could
			fail.  [RT #17074]

456 457 458 459
2209.	[port]		osx: linking against user supplied static OpenSSL
			libraries failed as the system ones were still being
			found. [RT #17078]

460 461 462
2208.	[port]		win32: make sure both build methods produce the
			same output. [RT #17058]

463 464
2207.	[port]		Some implementations of getaddrinfo() fail to set
			ai_canonname correctly. [RT #17061]
Mark Andrews's avatar
Mark Andrews committed
465 466 467

	--- 9.5.0a6 released ---

468 469 470 471 472 473 474 475 476 477 478 479 480 481 482
2206.	[security]	"allow-query-cache" and "allow-recursion" now
			cross inherit from each other.

			If allow-query-cache is not set in named.conf then
			allow-recursion is used if set, otherwise allow-query
			is used if set, otherwise the default (localnets;
			localhost;) is used.

			If allow-recursion is not set in named.conf then
			allow-query-cache is used if set, otherwise allow-query
			is used if set, otherwise the default (localnets;
			localhost;) is used.

			[RT #16987]
	
483 484
2205.	[bug]		libbind: change #2119 broke thread support. [RT #16982]

Mark Andrews's avatar
Mark Andrews committed
485
2204.	[bug]		"rndc flushanme name unknown-view" caused named
486
			to crash. [RT #16984]
Mark Andrews's avatar
9.5.0a6  
Mark Andrews committed
487

488 489 490
2203.	[security]	Query id generation was cryptographically weak.
			[RT # 16915]

491 492 493
2202.	[security]	The default acls for allow-query-cache and
			allow-recursion were not being applied. [RT #16960]

Mark Andrews's avatar
Mark Andrews committed
494
2201.	[bug]		The build failed in a separate object directory.
495 496
			[RT #16943]

497 498 499
2200.	[bug]		The search for cached NSEC records was stopping to
			early leading to excessive DLV queries. [RT #16930]

500 501 502
2199.	[bug]		win32: don't call WSAStartup() while loading dlls.
			[RT #16911]

503 504 505
2198.	[bug]		win32: RegCloseKey() could be called when
			RegOpenKeyEx() failed. [RT #16911]

506 507 508 509
2197.	[bug]		Add INSIST to catch negative responses which are
			not setting the event result code appropriately.
			[RT #16909]

510
2196.	[port]		win32: yield processor while waiting for once to
511
			to complete. [RT #16958]
512

513 514 515
2195.	[func]		dnssec-keygen now defaults to nametype "ZONE"
			when generating DNSKEYs. [RT #16954]

516
2194.	[bug]		Close journal before calling 'done' in xfrin.c.
Mark Andrews's avatar
9.5.0a5  
Mark Andrews committed
517 518 519

	--- 9.5.0a5 released ---

Mark Andrews's avatar
Mark Andrews committed
520 521 522
2193.	[port]		win32: BINDInstall.exe is now linked statically.
			[RT #16906]

523 524 525 526
2192.	[port]		win32: use vcredist_x86.exe to install Visual
			Studio's redistributable dlls if building with
			Visual Stdio 2005 or later.

527 528 529
2191.	[func]		named-checkzone now allows dumping to stdout (-).
			named-checkconf now has -h for help.
			named-checkzone now has -h for help.
Mark Andrews's avatar
Mark Andrews committed
530
			rndc now has -h for help.
531 532 533
			Better handling of '-?' for usage summaries.
			[RT #16707]

534 535 536 537
2190.	[func]		Make fallback to plain DNS from EDNS due to timeouts
			more visible.  New logging category "edns-disabled".
			[RT #16871]

538 539
2189.	[bug]		Handle socket() returning EINTR. [RT #15949]

Mark Andrews's avatar
Mark Andrews committed
540
2188.	[contrib]	queryperf: autoconf changes to make the search for
541 542
			libresolv or libbind more robust. [RT #16299]

543 544 545 546
2187.	[bug]		query_addds(), query_addwildcardproof() and
			query_addnxrrsetnsec() should take a version
			arguement. [RT #16368]

547 548 549
2186.	[port]		cygwin: libbind: check for struct sockaddr_storage
			independently of IPv6. [RT #16482]

550 551 552
2185.	[port]		sunos: libbind: check for ssize_t, memmove() and
			memchr(). [RT #16463]

553 554 555
2184.	[bug]		bind9.xsl.h didn't build out of the source tree.
			[RT #16830]

556 557 558
2183.	[bug]		dnssec-signzone didn't handle offline private keys
			well.  [RT #16832]

559 560 561 562
2182.	[bug]		dns_dispatch_createtcp() and dispatch_createudp()
			could return ISC_R_SUCCESS when they ran out of
			memory. [RT #16365]

563 564
2181.	[port]		sunos: libbind: add paths.h from BIND 8. [RT #16462]

565 566 567
2180.	[cleanup]	Remove bit test from 'compress_test' as they
			are no longer needed. [RT #16497]

568 569 570
2179.	[func]		'rndc command zone' will now find 'zone' if it is
			unique to all the views. [RT #16821]

571 572 573
2178.	[bug]		'rndc reload' of a slave or stub zone resulted in
			a reference leak. [RT #16867]

574 575
2177.	[bug]		Array bounds overrun on read (rcodetext) at
			debug level 10+. [RT #16798]
576

577 578 579
2176.	[contrib]	dbus update to handle race condition during
			initialisation (Bugzilla 235809). [RT #16842]

Mark Andrews's avatar
Mark Andrews committed
580
2175.	[bug]		win32: windows broadcast condition variable support
581 582
			was broken. [RT #16592]

583 584 585
2174.	[bug]		I/O errors should always be fatal when reading
			master files. [RT #16825]

586 587
2173.	[port]		win32: When compiling with MSVS 2005 SP1 we also
			need to ship Microsoft.VC80.MFCLOC.
Mark Andrews's avatar
9.5.0a4  
Mark Andrews committed
588 589 590

	--- 9.5.0a4 released ---

591 592 593
2172.	[bug]		query_addsoa() was being called with a non zone db.
			[RT #16834]

594 595 596 597
2171.	[bug]		Handle breaks in DNSSEC trust chains where the parent
			servers are not DS aware (DS queries to the parent
			return a referral to the child).

598 599
2170.	[func]		Add acache processing to test suite. [RT #16711]

600 601 602
2169.	[bug]		host, nslookup: when reporting NXDOMAIN report the
			given name and not the last name searched for.
			[RT #16763]
603

604 605 606
2168.	[bug]		nsupdate: in non-interactive mode treat syntax errors
			as fatal errors. [RT #16785]

607 608
2167.	[bug]		When re-using a automatic zone named failed to
			attach it to the new view. [RT #16786]
Evan Hunt's avatar
9.5.0a3  
Evan Hunt committed
609 610 611

	--- 9.5.0a3 released ---

612 613 614 615
2166.	[bug]		When running in batch mode, dig could misinterpret
			a server address as a name to be looked up, causing
			unexpected output. [RT #16743]

616 617 618 619 620
2165.	[func]		Allow the destination address of a query to determine
			if we will answer the query or recurse.
			allow-query-on, allow-recursion-on and
			allow-query-cache-on. [RT #16291]

621 622 623 624
2164.	[bug]		The code to determine how named-checkzone / 
			named-compilezone was called failed under windows.
			[RT #16764]

625 626 627 628
2163.	[bug]		If only one of query-source and query-source-v6
			specified a port the query pools code broke (change
			2129).  [RT #16768]

629 630 631
2162.	[func]		Allow "rrset-order fixed" to be disabled at compile
			time. [RT #16665]

632 633 634
2161.	[bug]		Fix which log messages are emitted for 'rndc flush'.
			[RT #16698]

635 636 637
2160.	[bug]		libisc wasn't handling NULL ifa_addr pointers returned
			from getifaddrs(). [RT #16708]

Mark Andrews's avatar
9.5.0a2  
Mark Andrews committed
638 639
	--- 9.5.0a2 released ---

Mark Andrews's avatar
Mark Andrews committed
640 641
2159.	[bug]		Array bounds overrun in acache processing. [RT #16710]

642 643 644
2158.	[bug]		ns_client_isself() failed to initialise key
			leading to a REQUIRE failure. [RT #16688]

645 646 647 648 649 650 651 652
2157.	[func]		dns_db_transfernode() created. [RT #16685]

2156.	[bug]		Fix node reference leaks in lookup.c:lookup_find(),
			resolver.c:validated() and resolver.c:cache_name().
			Fix a memory leak in rbtdb.c:free_noqname().
			Make lookup.c:lookup_find() robust against
			event leaks. [RT #16685]

653 654 655
2155.	[contrib]	SQLite sdb module from jaboydjr@netwalk.com.
			[RT #16694]

656 657 658
2154.	[func]		Scoped (e.g. IPv6 link-local) addresses may now be
			matched in acls by omitting the scope. [RT #16599]

659 660
2153.	[bug]		nsupdate could leak memory. [RT #16691]

661 662 663
2152.	[cleanup]	Use sizeof(buf) instead of fixed number in
			dighost.c:get_trusted_key(). [RT #16678]

664 665 666
2151.	[bug]		Missing newline in usage message for journalprint.
			[RT #16679]

667 668 669 670
2150.	[bug]		'rrset-order cyclic' uniformly distribute the
			starting point for the first response for a given
			RRset. [RT #16655]

671 672 673 674
2149.	[bug]		isc_mem_checkdestroyed() failed to abort on
			if there were still active memory contexts.
			[RT #16672]

675 676
2148.	[func]		Add positive logging for rndc commands. [RT #14623]

677 678 679
2147.	[bug]		libbind: remove potential buffer overflow from
			hmac_link.c. [RT #16437]

680 681 682
2146.	[cleanup]	Silence Linux's spurious "obsolete setsockopt
			SO_BSDCOMPAT" message. [RT #16641]

683 684 685
2145.	[bug]		Check DS/DLV digest lengths for known digests.
			[RT #16622]

686 687 688
2144.	[cleanup]	Suppress logging of SERVFAIL from forwarders.
			[RT #16619]

689 690 691 692
2143.	[bug]		We failed to restart the IPv6 client when the
			kernel failed to return the destination the
			packet was sent to. [RT #16613]

Mark Andrews's avatar
Mark Andrews committed
693
2142.	[bug]		Handle master files with a modification time that
694 695
			matches the epoch. [RT# 16612]

696 697 698
2141.	[bug]		dig/host should not be setting IDN_ASCCHECK (IDN
			equivalent of LDH checks).  [RT #16609]

699 700 701
2140.	[bug]		libbind: missing unlock on pthread_key_create()
			failures. [RT #16654]

702 703 704
2139.	[bug]		dns_view_find() was being called with wrong type
			in adb.c. [RT #16670]

705 706
2138.	[bug]		Lock order reversal in resolver.c. [RT #16653]

707
2137.	[port]		Mips little endian and/or mips 64 bit are now
Mark Andrews's avatar
Mark Andrews committed
708
			supported for atomic operations. [RT#16648]
709

710 711 712
2136.	[bug]		nslookup/host looped if there was no search list
			and the host didn't exist. [RT #16657]

713 714
2135.	[bug]		Uninitialised rdataset in sdlz.c. [RT# 16656]

715 716
2134.	[func]		Additional statistics support. [RT #16666]

717 718 719
2133.	[port]		powerpc:  Support both IBM and MacOS Power PC
			assembler syntaxes. [RT #16647]

720 721 722
2132.	[bug]		Missing unlock on out of memory in
			dns_dispatchmgr_setudp().

723 724
2131.	[contrib]	dlz/mysql: AXFR was broken. [RT #16630]

725 726
2130.	[func]		Log if CD or DO were set. [RT #16640]

727 728 729 730
2129.	[func]		Provide a pool of UDP sockets for queries to be
			made over. See use-queryport-pool, queryport-pool-ports
			and queryport-pool-updateinterval.  [RT #16415]

731 732
2128.	[doc]		xsltproc --nonet, update DTD versions.  [RT #16635]

733 734
2127.	[port]		Improved OpenSSL 0.9.8 support. [RT #16563]

Mark Andrews's avatar
Mark Andrews committed
735
2126.	[security]	Serialise validation of type ANY responses. [RT #16555]
736

737 738 739
2125.	[bug]		dns_zone_getzeronosoattl() REQUIRE failure if DLZ
			was defined. [RT #16574]

Mark Andrews's avatar
Mark Andrews committed
740
2124.	[security]	It was possible to dereference a freed fetch
741
			context. [RT #16584]
Mark Andrews's avatar
9.5.0a1  
Mark Andrews committed
742 743 744

	--- 9.5.0a1 released ---

745 746 747
2123.	[func]		Use Doxygen to generate internal documention.
			[RT #11398]

748 749 750
2122.	[func]		Experimental http server and statistics support
			for named via xml.

751 752 753
2121.	[func]		Add a 10 slot dead masters cache (LRU) with a 600
			second timeout. [RT #16553]

754 755
2120.	[doc]		Fix markup on nsupdate man page. [RT #16556]

756 757 758 759
2119.	[compat]	libbind: allow res_init() to succeed enough to
			return the default domain even if it was unable
			to allocate memory.

760 761 762 763
2118.	[bug]		Handle response with long chains of domain name
			compression pointers which point to other compression
			pointers. [RT #16427]

764 765 766 767 768 769 770
2117.	[bug]		DNSSEC fixes: named could fail to cache NSEC records
			which could lead to validation failures.  named didn't
			handle negative DS responses that were in the process
			of being validated.  Check CNAME bit before accepting
			NODATA proof. To be able to ignore a child NSEC there
			must be SOA (and NS) set in the bitmap. [RT #16399]

771 772 773
2116.	[bug]		'rndc reload' could cause the cache to continually
			be cleaned. [RT #16401]

774 775 776
2115.	[bug]		'rndc reconfig' could trigger a INSIST if the
			number of masters for a zone was reduced. [RT #16444]

777
2114.	[bug]		dig/host/nslookup: searches for names with multiple
Mark Andrews's avatar
Mark Andrews committed
778
			labels were failing. [RT #16447]
779

780 781 782
2113.	[bug]		nsupdate: if a zone is specified it should be used
			for server discover. [RT# 16455]

783 784
2112.	[security]	Warn if weak RSA exponent is used. [RT #16460]

785 786 787
2111.	[bug]		Fix a number of errors reported by Coverity.
			[RT #16507]

788 789 790
2110.	[bug]		"minimal-response yes;" interacted badly with BIND 8
			priming queries. [RT #16491]

791 792
2109.	[port]		libbind: silence aix 5.3 compiler warnings. [RT #16502]

793 794
2108.	[func]		DHCID support. [RT #16456]

795 796
2107.	[bug]		dighost.c: more cleanup of buffers. [RT #16499]

797 798
2106.	[func]		'rndc status' now reports named's version. [RT #16426]

799 800
2105.	[func]		GSS-TSIG support (RFC 3645).

801 802
2104.	[port]		Fix Solaris SMF error message.

803 804 805
2103.	[port]		Add /usr/sfw to list of locations for OpenSSL
			under Solaris.

806 807
2102.	[port]		Silence solaris 10 warnings.

808 809 810
2101.	[bug]		OpenSSL version checks were not quite right.
			[RT #16476]

811 812 813
2100.	[port]		win32: copy libeay32.dll to Build\Debug.
			Copy Debug\named-checkzone to Debug\named-compilezone.

814 815
2099.	[port]		win32: more manifiest issues.

Mark Andrews's avatar
Mark Andrews committed
816
2098.	[bug]		Race in rbtdb.c:no_references(), which occasionally
817 818
			triggered an INSIST failure about the node lock
			reference.  [RT #16411]
819

820 821 822
2097.	[bug]		named could reference a destroyed memory context
			after being reloaded / reconfigured. [RT #16428]

823 824 825
2096.	[bug]		libbind: handle applications that fail to detect
			res_init() failures better.

826 827 828
2095.	[port]		libbind: alway prototype inet_cidr_ntop_ipv6() and
			net_cidr_ntop_ipv6(). [RT #16388]
 
829 830
2094.	[contrib]	Update named-bootconf.  [RT# 16404]

831 832
2093.	[bug]		named-checkzone -s was broken.

833 834 835 836
2092.	[bug]		win32: dig, host, nslookup.  Use registry config
			if resolv.conf does not exist or no nameservers
			listed. [RT #15877] 

837 838
2091.	[port]		dighost.c: race condition on cleanup. [RT #16417]

839 840 841
2090.	[port]		win32: Visual C++ 2005 command line manifest support.
			[RT #16417]

842 843 844 845 846 847 848 849
2089.	[security]	Raise the minimum safe OpenSSL versions to
			OpenSSL 0.9.7l and OpenSSL 0.9.8d.  Versions
			prior to these have known security flaws which
			are (potentially) exploitable in named. [RT #16391]

2088.	[security]	Change the default RSA exponent from 3 to 65537.
			[RT #16391]

850 851 852
2087.	[port]		libisc failed to compile on OS's w/o a vsnprintf.
			[RT #16382]

853 854 855
2086.	[port]		libbind: FreeBSD now has get*by*_r() functions.
			[RT #16403]

856 857
2085.	[doc]		win32: added index.html and README to zip. [RT #16201]

858 859
2084.	[contrib]	dbus update for 9.3.3rc2.

860 861
2083.	[port]		win32: Visual C++ 2005 support.

862 863
2082.	[doc]		Document 'cache-file' as a test only option.

864 865 866
2081.	[port]		libbind: minor 64-bit portability fix in memcluster.c.
			[RT #16360]

867 868 869
2080.	[port]		libbind: res_init.c did not compile on older versions
			of Solaris. [RT #16363]

870 871 872
2079.	[bug]		The lame cache was not handling multiple types
			correctly. [RT #16361]

873 874 875 876 877 878
2078.	[bug]		dnssec-checkzone output style "default" was badly
			named.  It is now called "relative". [RT #16326]

2077.	[bug]		'dnssec-signzone -O raw' wasn't outputing the
			complete signed zone. [RT #16326]

879 880 881
2076.	[bug]		Several files were missing #include <config.h>
			causing build failures on OSF. [RT #16341]

882 883 884
2075.	[bug]		The spillat timer event hander could leak memory.
			[RT #16357]

Mark Andrews's avatar
Mark Andrews committed
885
2074.	[bug]		dns_request_createvia2(), dns_request_createvia3(),
886 887 888
			dns_request_createraw2() and dns_request_createraw3()
			failed to send multiple UDP requests. [RT #16349]

889 890 891
2073.	[bug]		Incorrect semantics check for update policy "wildcard".
			[RT #16353]

892 893 894
2072.	[bug]		We were not generating valid HMAC SHA digests.
			[RT #16320]

895 896 897
2071.	[port]		Test whether gcc accepts -fno-strict-aliasing.
			[RT #16324]

898 899 900
2070.	[bug]		The remote address was not always displayed when
			reporting dispatch failures. [RT #16315]

901 902
2069.	[bug]		Cross compiling was not working. [RT #16330]

903 904 905
2068.	[cleanup]	Lower incremental tuning message to debug 1.
			[RT #16319]

906 907 908
2067.	[bug]		'rndc' could close the socket too early triggering
			a INSIST under Windows. [RT #16317]

909
2066.	[security]	Handle SIG queries gracefully. [RT #16300]
Mark Andrews's avatar
Mark Andrews committed
910

911 912 913
2065.	[bug]		libbind: probe for HPUX prototypes for
			endprotoent_r() and endservent_r().  [RT 16313]

914 915
2064.	[bug]		libbind: silence AIX compiler warnings. [RT #16218]

916 917 918
2063.	[bug]		Change #1955 introduced a bug which caused the first
			'rndc flush' call to not free memory. [RT #16244]

Mark Andrews's avatar
Mark Andrews committed
919
2062.	[bug]		'dig +nssearch' was reusing a buffer before it had
920 921
			been returned by the socket code. [RT #16307]

922 923
2061.	[bug]		Accept expired wildcard message reversed. [RT #16296]

924 925 926
2060.	[bug]		Enabling DLZ support could leave views partially
			configured. [RT #16295]

927 928 929
2059.	[bug]		Search into cache rbtdb could trigger an INSIST
			failure while cleaning up a stale rdataset.
			[RT #16292]
930

931
2058.	[bug]		Adjust how we calculate rtt estimates in the presence
Mark Andrews's avatar
Mark Andrews committed
932
			of authoritative servers that drop EDNS and/or CD
933 934 935
			requests.  Also fallback to EDNS/512 and plain DNS
			faster for zones with less than 3 servers.  [RT #16187]

936 937 938
2057.	[bug]		Make setting "ra" dependent on both allow-query-cache
			and allow-recursion. [RT #16290]

939 940 941
2056.	[bug]		dig: ixfr= was not being treated case insensitively
			at all times. [RT #15955]

942 943 944
2055.	[bug]		Missing goto after dropping multicast query.
			[RT #15944]

945 946 947
2054.	[port]		freebsd: do not explicitly link against -lpthread.
			[RT #16170]

948 949
2053.	[port]		netbsd:libbind: silence compiler warnings. [RT #16220]

950 951 952
2052.	[bug]		'rndc' improve connect failed message to report
			the failing address. [RT #15978]

953 954
2051.	[port]		More strtol() fixes. [RT #16249]

955 956 957
2050.	[bug]		Parsing of NSAP records was not case insensitive.
			[RT #16287]

958 959 960 961 962
2049.	[bug]		Restore SOA before AXFR when falling back from
			a attempted IXFR when transfering in a zone.
			Allow a initial SOA query before attempting
			a AXFR to be requested. [RT #16156]

963 964 965 966 967
2048.	[bug]		It was possible to loop forever when using
			avoid-v4-udp-ports / avoid-v6-udp-ports when
			the OS always returned the same local port.
			[RT #16182]

968 969 970
2047.	[bug]		Failed to initialise the interface flags to zero.
			[RT #16245]

971
2046.	[bug]		rbtdb.c:rdataset_setadditional() could cause duplicate
972
			cleanup [RT #16247].
973

974
2045.	[func]		Use lock buckets for acache entries to limit memory
975
			consumption. [RT #16183]
976

977
2044.	[port]		Add support for atomic operations for Itanium.
978
			[RT #16179]
979

980 981 982
2043.	[port]		nsupdate/nslookup: Force the flushing of the prompt
			for interactive sessions. [RT#16148]

983 984 985
2042.	[bug]		named-checkconf was incorrectly rejecting the
			logging category "config". [RT #16117]

986 987 988
2041.	[bug]		"configure --with-dlz-bdb=yes" produced a bad
			set of libraries to be linked. [RT #16129]

989 990
2040.	[bug]		rbtdb no_references() could trigger an INSIST
			failure with --enable-atomic.  [RT #16022]
991

992
2039.	[func]		Check that all buffers passed to the socket code
Mark Andrews's avatar
Mark Andrews committed
993
			have been retrieved when the socket event is freed.
994 995 996 997 998
			[RT #16122]

2038.	[bug]		dig/nslookup/host was unlinking from wrong list
			when handling errors. [RT #16122]

999 1000 1001 1002
2037.	[func]		When unlinking the first or last element in a list
			check that the list head points to the element to
			be unlinked. [RT #15959]

1003 1004 1005
2036.	[bug]		'rndc recursing' could cause trigger a REQUIRE.
			[RT #16075]

1006 1007 1008 1009
2035.	[func]		Make falling back to TCP on UDP refresh failure
			optional. Default "try-tcp-refresh yes;" for BIND 8
			compatibility. [RT #16123]

1010 1011
2034.	[bug]		gcc: set -fno-strict-aliasing. [RT #16124]

1012 1013 1014
2033.	[bug]		We wern't creating multiple client memory contexts
			on demand as expected. [RT #16095]

1015 1016
2032.	[bug]		Remove a INSIST in query_addadditional2(). [RT #16074]

1017 1018 1019
2031.	[bug]		Emit a error message when "rndc refresh" is called on
			a non slave/stub zone. [RT # 16073]

1020 1021 1022
2030.	[bug]		We were being overly conservative when disabling
			openssl engine support. [RT #16030]

1023 1024 1025
2029.	[bug]		host printed out the server multiple times when
			specified on the command line. [RT #15992]

Mark Andrews's avatar
Mark Andrews committed
1026
2028.	[port]		linux: socket.c compatability for old systems.
1027 1028
			[RT #16015]

Mark Andrews's avatar
Mark Andrews committed
1029
2027.	[port]		libbind: Solaris x86 support. [RT #16020]
1030

1031 1032 1033
2026.	[bug]		Rate limit the two recursive client exceeded messages.
			[RT #16044]