CHANGES 252 KB
Newer Older
Mark Andrews's avatar
Mark Andrews committed
1 2
2436.	[placeholder]

3 4
2435.	[bug]		Fixed an ACL memory leak affecting win32.

Evan Hunt's avatar
Evan Hunt committed
5 6
2434.	[placeholder]

7 8
2433.	[tuning]	Set initial timeout to 800ms.

Evan Hunt's avatar
Evan Hunt committed
9 10
2432.   [placeholder]

11 12
2431.	[bug]		Acl processing could leak memory. [RT #18323]

13 14 15 16
2430.	[bug]		win32: isc_interval_set() could round down to
			zero if the input was less than NS_INTERVAL
			nanoseconds.  Round up instead. [RT #18549]

17 18 19
2429.	[doc]		nsupdate should be in section 1 of the man pages.
			[RT #18283]

20 21 22
2428.	[bug]		dns_iptable_merge() mishandled merges of negative
			tables. [RT #18409]

23 24 25
2427.	[func]		Treat DNSKEY queries as if "minimal-response yes;"
			was set. [RT #18528]

26 27 28 29
2426.	[bug]		libbind: inet_net_pton() can sometimes return the
			wrong value if excessively large netmasks are
			supplied. [RT #18512]

30 31 32
2425.	[bug]		named didn't detect unavailable query source addresses
			at load time. [RT #18536]

33 34 35 36 37
2424.	[port]		configure now probes for a working epoll
			implementation.  Allow the use of kqueue,
			epoll and /dev/poll to be selected at compile
			time. [RT #18277]
			
Evan Hunt's avatar
Evan Hunt committed
38 39 40 41 42 43 44
2423.   [security]      Randomize server selection on queries, so as to
                        make forgery a little more difficult.  Instead of
                        always preferring the server with the lowest RTT,
                        pick a server with RTT within the same 128
                        millisecond band.  [RT #18441]

2422.	[bug]		Handle the special return value of a empty node as
45 46
			if it was a NXRRSET in the validator. [RT #18447]

Evan Hunt's avatar
Evan Hunt committed
47
2421.	[func]		Add new command line option '-S' for named to specify
48 49 50 51
			the max number of sockets. [RT #18493]
			Use caution: this option may not work for some
			operating systems without rebuilding named.

Evan Hunt's avatar
Evan Hunt committed
52 53
2420.   [placeholder]

54 55 56 57
2419.	[cleanup]	Document that isc_socket_create() and isc_socket_open()
			should not be used for isc_sockettype_fdwatch sockets.
			[RT #18521]

58 59 60
2418.	[bug]		AXFR request on a DLZ could trigger a REQUIRE failure
			[RT #18430]

61 62 63 64
2417.	[bug]		Connecting UDP sockets for outgoing queries could
			unexpectedly fail with an 'address already in use'
			error. [RT #18411]

65 66 67
2416.	[func]		Log file descriptors that cause exceeding the
			internal maximum. [RT #18460]

68 69 70
2415.	[bug]		'rndc dumpdb' could trigger various assertion failures
			in rbtdb.c. [RT #18455]

71 72 73 74
2414.	[bug]		A masterdump context held the database lock too long,
			causing various troubles such as dead lock and
			recursive lock acquisition. [RT #18311, #18456]

75 76
2413.	[bug]		Fixed an unreachable code path in socket.c. [RT #18442]

77 78
2412.	[bug]		win32: address a resourse leak. [RT #18374]

79 80 81 82
2411.	[bug]		Allow using a larger number of sockets than FD_SETSIZE
			for select().  To enable this, set ISC_SOCKET_MAXSOCKETS
			at compilation time.  [RT #18433]

83 84
2410.	[bug]		Correctly delete m_versionInfo. [RT #18432]

Mark Andrews's avatar
Mark Andrews committed
85
2409.	[bug]		Only log that we disabled EDNS processing if we were
86 87
			subsequently successful.  [RT #18029]

88 89 90 91
2408.	[bug]		A duplicate TCP dispatch event could be sent, which
			could then trigger an assertion failure in
			resquery_response().  [RT #18275]

92 93
2407.	[port]		hpux: test for sys/dyntune.h. [RT #18421]

94 95 96
2406.	[bug]		Sockets could be closed too early, leading to
			inconsistent states in the socket module. [RT #18298]

97 98 99 100
2405.   [cleanup]       The default value for dnssec-validation was changed to
                        "yes" in 9.5.0-P1 and all subsequent releases; this
                        was inadvertently omitted from CHANGES at the time.

101 102
2404.	[port]		hpux: files unlimited support.

103 104
2403.	[bug]		TSIG context leak. [RT #18341]

105 106
2402.	[port]		Support Solaris 2.11 and over. [RT #18362]

107 108 109
2401.	[bug]		Expect to get E[MN]FILE errno internal_accept()
			(from accept() or fcntl() system calls). [RT #18358]

Tatuya JINMEI 神明達哉's avatar
Tatuya JINMEI 神明達哉 committed
110
2400.	[bug]		Log if kqueue()/epoll_create()/open(/dev/poll) fails.
111 112
			[RT #18297]

113 114
2399.	[placeholder]

115
2398.	[bug]           Improve file descriptor management.  New,
116 117 118
			temporary, named.conf option reserved-sockets,
			default 512. [RT #18344]

119 120
2397.	[bug]		gssapi_functions had too many elements. [RT #18355]

121 122 123
2396.	[bug]		Don't set SO_REUSEADDR for randomized ports.
			[RT #18336]

124 125 126
2395.	[port]		Avoid warning and no effect from "files unlimited"
			on Linux when running as root. [RT #18335]

127 128 129
2394.	[bug]		Default configuration options set the limit for
			open files to 'unlimited' as described in the
			documentation. [RT #18331]
130

131 132 133 134 135
2393.	[bug]		nested acls containing keys could trigger an
			assertion in acl.c. [RT #18166]

2392.	[bug]		remove 'grep -q' from acl test script, some platforms
			don't support it. [RT #18253]
136 137

2391.	[port]		hpux: cover additional recvmsg() error codes.
138 139
			[RT #18301]

140
2390.	[bug]		dispatch.c could make a false warning on 'odd socket'.
141 142
			[RT #18301].

143
2389.	[bug]		Move the "working directory writable" check to after
Mark Andrews's avatar
Mark Andrews committed
144
			the ns_os_changeuser() call. [RT #18326]
145

146 147 148
2388.	[bug]		Avoid using tables for layout purposes in
			statistics XSL [RT #18159].

149 150 151
2387.	[bug]		Silence compiler warnings in lib/isc/radix.c.
			[RT #18147] [RT #18258]

152 153
2386.	[func]		Add warning about too small 'open files' limit.
			[RT #18269]
154

155 156 157
2385.	[bug]		A condition variable in socket.c could leak in
			rare error handling [RT #17968].

158 159 160
2384.	[security]	Fully randomize UDP query ports to improve
			forgery resilience. [RT #17949, #18098]

161 162
2383.	[bug]		named could double queries when they resulted in
			SERVFAIL due to overkilling EDNS0 failure detection.
Tatuya JINMEI 神明達哉's avatar
Tatuya JINMEI 神明達哉 committed
163
			[RT #18182]
164

165 166 167
2382.	[doc]		Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
			to ARM.

168 169 170 171
2381.	[port]		dlz/mysql: support multiple install layouts for
			mysql.  <prefix>/include/{,mysql/}mysql.h and
			<prefix>/lib/{,mysql/}. [RT #18152]

172 173 174 175 176
2380.	[bug]		dns_view_find() was not returning NXDOMAIN/NXRRSET
			proofs which, in turn, caused validation failures
			for insecure zones immediately below a secure zone
			the server was authoritative for. [RT #18112] 

177 178 179
2379.	[contrib]	queryperf/gen-data-queryperf.py: removed redundant
			TLDs and supported RRs with TTLs [RT #17972]

180 181 182
2378.	[bug]		gssapi_functions{} had a redundant member in BIND 9.5.
			[RT #18169]

183 184
2377.	[bug]		Address race condition in dnssec-signzone. [RT #18142]

Mark Andrews's avatar
Mark Andrews committed
185
2376.	[bug]		Change #2144 was not complete.
186

187
2375.	[placeholder]
Mark Andrews's avatar
Mark Andrews committed
188 189

2374.	[bug]		"blackhole" ACLs could cause named to segfault due
190 191
			to some uninitialized memory. [RT #18095]

Mark Andrews's avatar
Mark Andrews committed
192
2373.	[bug]		Default values of zone ACLs were re-parsed each time a
193 194
			new zone was configured, causing an overconsumption
			of memory. [RT #18092]
195

Mark Andrews's avatar
Mark Andrews committed
196
2372.	[bug]		Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
197

Mark Andrews's avatar
Mark Andrews committed
198
2371.	[doc]		Add +nsid option to dig man page. [RT #18039]
199

Mark Andrews's avatar
Mark Andrews committed
200 201
2370.	[bug]		"rndc freeze" could trigger an assertion in named
			when called on a nonexistent zone. [RT #18050]
202

203 204 205
2369.	[bug]		libbind: Array bounds overrun on read in bitncmp().
			[RT #18054]

Mark Andrews's avatar
Mark Andrews committed
206 207
2368.	[port]		Linux: use libcap for capability management if
			possible. [RT# 18026]
208

Mark Andrews's avatar
Mark Andrews committed
209 210
2367.	[bug]		Improve counting of dns_resstatscounter_retry
			[RT #18030]
211

212 213
2366.	[bug]		Adb shutdown race. [RT #18021]

Mark Andrews's avatar
Mark Andrews committed
214 215
2365.	[bug]		Fix a bug that caused dns_acl_isany() to return
			spurious results. [RT #18000]
216

217 218 219
2364.	[bug]		named could trigger a assertion when serving a
			malformed signed zone. [RT #17828]

220 221 222
2363.	[port]		sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
			[RT #17513]

Mark Andrews's avatar
Mark Andrews committed
223 224 225
2362.   [cleanup]	Make "rrset-order fixed" a compile-time option.
			settable by "./configure --enable-fixed-rrset".
			Disabled by default. [RT #17977]
226

227 228 229
2361.	[bug]		"recursion" statistics counter could be counted
			multiple times for a single query.  [RT #17990]

230 231 232
2360.	[bug]		Fix a condition where we release a database version
			(which may acquire a lock) while holding the lock.

233 234
2359.	[bug]		Fix NSID bug. [RT #17942]

235 236
2358.	[doc]		Update host's default query description. [RT #17934]

237 238 239
2357.	[port]		Don't use OpenSSL's engine support in versions before
			OpenSSL 0.9.7f. [RT #17922]

Mark Andrews's avatar
Mark Andrews committed
240
2356.	[bug]		Built in mutex profiler was not scalable enough.
241 242
			[RT #17436]

243 244 245
2355.	[func]		Extend the number statistics counters available.
			[RT #17590]

Mark Andrews's avatar
Mark Andrews committed
246
2354.	[bug]		Failed to initialize some rdatasetheader_t elements.
247 248
			[RT #17927]

249 250 251 252 253 254 255
2353.	[func]		Add support for Name Server ID (RFC 5001).
			'dig +nsid' requests NSID from server.
			'request-nsid yes;' causes recursive server to send
			NSID requests to upstream servers.  Server responds
			to NSID requests with the string configured by
			'server-id' option.  [RT #17091]

256 257
2352.	[bug]		Various GSS_API fixups. [RT #17729]

258 259
2351.	[bug]		convertxsl.pl generated very long lines. [RT #17906]

260 261
2350.	[port]		win32: IPv6 support. [RT #17797]

262 263 264
2349.	[func]		Provide incremental re-signing support for secure
			dynamic zones. [RT #1091]

Francis Dupont's avatar
Francis Dupont committed
265 266 267 268
2348.	[func]		Use the EVP interface to OpenSSL. Add PKCS#11 support.
			Documentation is in the new README.pkcs11 file.
			[RT #16844]

Francis Dupont's avatar
Francis Dupont committed
269 270 271
2347.	[bug]		Delete now traverses the RB tree in the canonical
			order. [RT #17451]

272 273 274
2346.	[func]		Memory statistics now cover all active memory contexts
			in increased detail. [RT #17580]

275 276 277 278
2345.	[bug]		named-checkconf failed to detect when forwarders
			were set at both the options/view level and in
			a root zone. [RT #17671]

279 280 281
2344.	[bug]		Improve "logging{ file ...; };" documentation.
			[RT #17888]

282 283 284
2343.	[bug]		(Seemingly) duplicate IPv6 entries could be
			created in ADB. [RT #17837]

285 286
2342.	[func]		Use getifaddrs() if available under Linux. [RT #17224]

287 288 289
2341.	[bug]		libbind: add missing -I../include for off source
			tree builds. [RT #17606]

290 291
2340.	[port]		openbsd: interface configuration. [RT #17700]

292 293
2339.	[port]		tru64: support for libbind. [RT #17589]

Mark Andrews's avatar
Mark Andrews committed
294
2338.	[bug]		check_ds() could be called with a non DS rdataset.
295 296
			[RT #17598]

Mark Andrews's avatar
Mark Andrews committed
297
2337.	[bug]		BUILD_LDFLAGS was not being correctly set.  [RT #17614]
298

299 300 301 302
2336.	[func]		If "named -6" is specified then listen on all IPv6
			interfaces if there are not listen-on-v6 clauses in
			named.conf.  [RT #17581]

303 304 305
2335.	[port]		sunos:  libbind and *printf() support for long long. 
			[RT #17513]

306 307 308
2334.	[bug]		Bad REQUIRES in fromstruct_in_naptr(),  off by one
			bug in fromstruct_txt(). [RT #17609]
			
309 310 311
2333.	[bug]		Fix off by one error in isc_time_nowplusinterval().
			[RT #17608]

312 313
2332.	[contrib]	query-loc-0.4.0. [RT #17602]

Mark Andrews's avatar
80 cols  
Mark Andrews committed
314
2331.	[bug]		Failure to regenerate any signatures was not being
Mark Andrews's avatar
Mark Andrews committed
315 316
			reported nor being past back to the UPDATE client.
			[RT #17570]
317

318 319 320 321 322 323 324
2330.	[bug]		Remove potential race condition when handling
			over memory events. [RT #17572]

			WARNING: API CHANGE: over memory callback
			function now needs to call isc_mem_waterack().
			See <isc/mem.h> for details.

325 326
2329.	[bug]		Clearer help text for dig's '-x' and '-i' options.

327
2328.	[maint]		Add AAAA addresses for A.ROOT-SERVERS.NET,
328 329 330 331
			F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
			J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
			M.ROOT-SERVERS.NET.

Mark Andrews's avatar
Mark Andrews committed
332
2327.	[bug]		It was possible to dereference a NULL pointer in
Mark Andrews's avatar
Mark Andrews committed
333
			rbtdb.c.  Implement dead node processing in zones as
Mark Andrews's avatar
Mark Andrews committed
334
			we do for caches. [RT #17312]
335

336 337 338
2326.	[bug]		It was possible to trigger a INSIST in the acache
			processing.

339 340
2325.	[port]		Linux: use capset() function if available. [RT #17557]

Mark Andrews's avatar
80 cols  
Mark Andrews committed
341
2324.	[bug]		Fix IPv6 matching against "any;". [RT #17533]
342

343 344
2323.	[port]		tru64: namespace clash. [RT #17547]

345 346 347
2322.	[port]		MacOS: work around the limitation of setrlimit()
			for RLIMIT_NOFILE. [RT #17526]

Mark Andrews's avatar
Mark Andrews committed
348 349
2321.	[placeholder]

Mark Andrews's avatar
Mark Andrews committed
350
2320.	[func]		Make statistics counters thread-safe for platforms
351 352
			that support certain atomic operations. [RT #17466]

353
2319.	[bug]		Silence Coverity warnings in 
Evan Hunt's avatar
Evan Hunt committed
354
			lib/dns/rdata/in_1/apl_42.c. [RT #17469]
355

356
2318.	[port]		sunos fixes for libbind.  [RT #17514]
357

358 359
2317.	[bug]		"make distclean" removed bind9.xsl.h. [RT #17518]

360 361 362
2316.	[port]		Missing #include <isc/print.h> in lib/dns/gssapictx.c.
			[RT #17513]

363 364 365
2315.   [bug]           Used incorrect address family for mapped IPv4
                        addresses in acl.c. [RT #17519]

366 367 368
2314.	[bug]		Uninitialized memory use on error path in
			bin/named/lwdnoop.c.  [RT #17476]

369 370 371
2313.	[cleanup]	Silence Coverity warnings. Handle private stacks.
			[RT #17447] [RT #17478]

372 373 374
2312.	[cleanup]	Silence Coverity warning in lib/isc/unix/socket.c.
			[RT #17458]

375 376 377
2311.   [bug]           IPv6 addresses could match IPv4 ACL entries and
                        vice versa. [RT #17462]

Mark Andrews's avatar
Mark Andrews committed
378
2310.	[bug]		dig, host, nslookup: flush stdout before emitting
379
			debug/fatal messages.  [RT #17501]
380

381 382 383
2309.   [cleanup]       Fix Coverity warnings in lib/dns/acl.c and iptable.c.
                        [RT #17455]

384 385 386
2308.	[cleanup]	Silence Coverity warning in bin/named/controlconf.c.
			[RT #17495]

387 388
2307.	[bug]		Remove infinite loop from lib/dns/sdb.c. [RT #17496]

389 390 391
2306.	[bug]		Remove potential race from lib/dns/resolver.c.
			[RT #17470]

392 393
2305.	[security]	inet_network() buffer overflow. CVE-2008-0122.

394 395 396
2304.	[bug]		Check returns from all dns_rdata_tostruct() calls.
			[RT #17460]

397 398 399
2303.	[bug]		Remove unnecessary code from bin/named/lwdgnba.c.
			[RT #17471]

400 401
2302.	[bug]		Fix memset() calls in lib/tests/t_api.c. [RT #17472]

402 403 404
2301.	[bug]		Remove resource leak and fix error messages in
			bin/tests/system/lwresd/lwtest.c. [RT #17474]

405 406 407
2300.	[bug]		Fixed failure to close open file in 
			bin/tests/names/t_names.c. [RT #17473]

408 409 410
2299.	[bug]		Remove unnecessary NULL check in
			bin/nsupdate/nsupdate.c. [RT #17475]

411 412 413
2298.	[bug]		isc_mutex_lock() failure not caught in
			bin/tests/timers/t_timers.c. [RT #17468]

414 415 416
2297.	[bug]		isc_entropy_createfilesource() failure not caught in
			bin/tests/dst/t_dst.c. [RT #17467]

417 418 419
2296.	[port]		Allow docbook stylesheet location to be specified to
			configure. [RT #17457]

420 421 422
2295.	[bug]		Silence static overrun error in bin/named/lwaddr.c.
			[RT #17459]

423 424 425 426
2294.	[func]		Allow the experimental statistics channels to have
			multiple connections and ACL.
			Note: the stats-server and stats-server-v6 options
			available in the previous beta releases are replaced
Mark Andrews's avatar
Mark Andrews committed
427
			with the generic statistics-channels statement.
428

429 430
2293.	[func]		Add ACL regression test. [RT #17375]

431 432 433 434 435 436
2292.	[bug]		Log if the working directory is not writable.
			[RT #17312]

2291.   [bug]           PR_SET_DUMPABLE may be set too late.  Also report
			failure to set PR_SET_DUMPABLE. [RT #17312]

437 438 439
2290.	[bug]		Let AD in the query signal that the client wants AD
			set in the response. [RT #17301]

440 441 442
2289.	[func]		named-checkzone now reports the out-of-zone CNAME
			found. [RT #17309]

443 444 445
2288.	[port]		win32: mark service as running when we have finished
			loading.  [RT #17441]

446 447
2287.	[bug]		Use 'volatile' if the compiler supports it. [RT #17413]

448 449 450 451 452
2286.	[func]		Allow a TCP connection to be used as a weak
			authentication method for reverse zones.
			New update-policy methods tcp-self and 6to4-self.
			[RT #17378]

453 454 455
2285.	[func]		Test framework for client memory context management.
			[RT #17377]

456 457 458
2284.	[bug]		Memory leak in UPDATE prerequisite processing.
			[RT #17377]

459 460 461 462 463
2283.	[bug]		TSIG keys were not attaching to the memory
			context.  TSIG keys should use the rings
			memory context rather than the clients memory
			context. [RT #17377]

464
2282.	[bug]		Acl code fixups. [RT #17346] [RT #17374]
465

466 467 468
2281.	[bug]		Attempts to use undefined acls were not being logged.
			[RT #17307]

469 470 471
2280.	[func]		Allow the experimental http server to be reached
			over IPv6 as well as IPv4. [RT #17332]

472 473 474 475
2279.   [bug]           Use setsockopt(SO_NOSIGPIPE), when available,
			to protect applications from receiving spurious
			SIGPIPE signals when using the resolver.

476
2278.	[bug]		win32: handle the case where Windows returns no
Mark Andrews's avatar
Mark Andrews committed
477
			search list or DNS suffix. [RT #17354]
478

479 480 481
2277.	[bug]		Empty zone names were not correctly being caught at
			in the post parse checks. [RT #17357]

482 483
2276.	[bug]		Install <dst/gssapi.h>.  [RT# 17359]

484 485 486
2275.	[func]		Add support to dig to perform IXFR queries over UDP.
			[RT #17235]

Mark Andrews's avatar
Mark Andrews committed
487
2274.	[func]		Log zone transfer statistics. [RT #17336]
488

Mark Andrews's avatar
Mark Andrews committed
489
2273.	[bug]		Adjust log level to WARNING when saving inconsistent
490 491
			stub/slave master and journal files. [RT# 17279]

492 493 494
2272.	[bug]		Handle illegal dnssec-lookaside trust-anchor names.
			[RT #17262]

Michael Graff's avatar
Michael Graff committed
495 496
2271.	[bug]		Fix a memory leak in http server code [RT #17100]

497 498 499
2270.	[bug]		dns_db_closeversion() version->writer could be reset
			before it is tested. [RT #17290]

500 501
2269.	[contrib]	dbus memory leaks and missing va_end calls. [RT #17232]

502 503 504
2268.	[bug]		0.IN-ADDR.ARPA was missing from the empty zones
			list.

505 506
	--- 9.5.0b1 released ---

507 508 509 510
2267.   [bug]           Radix tree node_num value could be set incorrectly,
                        causing positive ACL matches to look like negative
                        ones.  [RT #17311]

511 512 513
2266.	[bug]		client.c:get_clientmctx() returned the same mctx
			once the pool of mctx's was filled. [RT #17218]

514 515 516
2265.	[bug]		Test that the memory context's basic_table is non NULL
			before freeing.  [RT #17265]

517 518
2264.	[bug]		Server prefix length was being ignored. [RT #17308]

519 520 521
2263.	[bug]		"named-checkconf -z" failed to set default value
			for "check-integrity".  [RT #17306]

522 523 524
2262.	[bug]		Error status from all but the last view could be
			lost. [RT #17292]

525 526
2261.   [bug]           Fix memory leak with "any" and "none" ACLs [RT #17272]

527
2260.	[bug]		Reported wrong clients-per-query when increasing the
528
                        value. [RT #17236]
Mark Andrews's avatar
Mark Andrews committed
529

530 531
2259.	[placeholder]

Mark Andrews's avatar
Mark Andrews committed
532 533
	--- 9.5.0a7 released ---

534 535 536
2258.	[bug]		Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
			[RT #17241]

537 538 539
2257.	[bug]		win32: Use the full path to vcredist_x86.exe when
			calling it. [RT #17222]

540 541 542
2256.	[bug]		win32: Correctly register the installation location of
			bindevt.dll. [RT #17159]

543
2255.	[maint]		L.ROOT-SERVERS.NET is now 199.7.83.42.
544

545 546 547 548 549
2254.	[bug]		timer.c:dispatch() failed to lock timer->lock
			when reading timer->idle allowing it to see
			intermediate values as timer->idle was reset by
			isc_timer_touch(). [RT #17243]

Mark Andrews's avatar
Mark Andrews committed
550
2253.	[func]	 	"max-cache-size" defaults to 32M.
Mark Andrews's avatar
Mark Andrews committed
551 552
			"max-acache-size" defaults to 16M.

553
2252.   [bug]           Fixed errors in sortlist code [RT #17216]
554

555 556 557 558 559 560 561
2251.	[placeholder]

2250.	[func]		New flag 'memstatistics' to state whether the
			memory statistics file should be written or not.
			Additionally named's -m option will cause the
			statistics file to be written. [RT #17113]
			
562 563 564
2249.   [bug]           Only set Authentic Data bit if client requested
                        DNSSEC, per RFC 3655 [RT #17175]

565 566
2248.   [cleanup]       Fix several errors reported by Coverity. [RT #17160]

567 568
2247.	[doc]		Sort doc/misc/options. [RT #17067]

569 570 571
2246.	[bug]		Make the startup of test servers (ans.pl) more
			robust. [RT #17147]

572 573 574
2245.	[bug]		Validating lack of DS records at trust anchors wasn't
			working. [RT #17151]

575 576 577 578
2244.	[func]		Allow the check of nameserver names against the
			SOA MNAME field to be disabled by specifying
			'notify-to-soa yes;'.  [RT #17073]

579 580 581
2243.	[func]		Configuration files without a newline at the end now
			parse without error. [RT #17120]

582 583 584 585
2242.	[bug]		nsupdate: GSS-TSIG support using the Heimdal Kerberos
			library could require a source of random data.
			[RT #17127]

Mark Andrews's avatar
Mark Andrews committed
586
2241.	[func]		nsupdate: add a interactive 'help' command. [RT #17099]
587 588 589 590 591 592 593

2240.	[bug]		Cleanup nsupdates GSS-TSIG support.  Convert
			a number of INSIST()s into plain fatal() errors
			which report the triggering result code.
			The 'key' command wasn't disabling GSS-TSIG.
			[RT #17099]

Mark Andrews's avatar
Mark Andrews committed
594
2239.	[func]		Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
595

596
2238.	[bug]		It was possible to trigger a REQUIRE when a
Mark Andrews's avatar
Mark Andrews committed
597
			validation was canceled. [RT #17106]
598

599 600
2237.	[bug]		libbind: res_init() was not thread aware. [RT #17123]

Mark Andrews's avatar
Mark Andrews committed
601
2236.	[bug]		dnssec-signzone failed to preserve the case of
Mark Andrews's avatar
Mark Andrews committed
602
			of wildcard owner names. [RT #17085]
603

604 605
2235.	[bug]		<isc/atomic.h> was not being installed. [RT #17135]

Evan Hunt's avatar
Evan Hunt committed
606 607
2234.   [port]          Correct some compiler warnings on SCO OSr5 [RT #17134]
  
608
2233.   [func]          Add support for O(1) ACL processing, based on
Mark Andrews's avatar
Mark Andrews committed
609 610
                        radix tree code originally written by Kevin
                        Brintnall. [RT #16288]
611

612 613 614
2232.	[bug]		dns_adb_findaddrinfo() could fail and return
			ISC_R_SUCCESS. [RT #17137]

615 616 617
2231.	[bug]		Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
			[RT #17088]

618 619 620
2230.	[bug]		We could INSIST reading a corrupted journal.
			[RT #17132]

Mark Andrews's avatar
Mark Andrews committed
621
2229.	[bug]		Null pointer dereference on query pool creation
622 623
			failure. [RT #17133]

Mark Andrews's avatar
Mark Andrews committed
624
2228.	[contrib]	contrib: Change 2188 was incomplete.
625

626 627
2227.	[cleanup]	Tidied up the FAQ. [RT #17121]

Mark Andrews's avatar
Mark Andrews committed
628 629
2226.	[placeholder]

630 631 632
2225.	[bug]		More support for systems with no IPv4 addresses.
		        [RT #17111]

633 634 635 636 637
2224.	[bug]		Defer journal compaction if a xfrin is in progress.
			[RT #17119]

2223.	[bug]		Make a new journal when compacting. [RT #17119]

638 639 640
2222.	[func]		named-checkconf now checks server key references.
		        [RT #17097]

641
2221.	[bug]		Set the event result code to reflect the actual
Mark Andrews's avatar
Mark Andrews committed
642 643 644
			record turned to caller when a cache update is
			rejected due to a more credible answer existing.
			[RT #17017]
645

646 647 648
2220.	[bug]		win32: Address a race condition in final shutdown of
			the Windows socket code. [RT #17028]
			
Mark Andrews's avatar
Mark Andrews committed
649
2219.	[bug]		Apply zone consistency checks to additions, not
Mark Andrews's avatar
Mark Andrews committed
650
			removals, when updating. [RT #17049]
651

652 653 654
2218.	[bug]		Remove unnecessary REQUIRE from dns_validator_create().
			[RT #16976]

655 656
2217.	[func]		Adjust update log levels. [RT #17092]

657 658 659
2216.	[cleanup]	Fix a number of errors reported by Coverity.
		        [RT #17094]

660 661
2215.	[bug]		Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]

662 663 664 665
2214.	[bug]		Deregister OpenSSL lock callback when cleaning
			up.  Reorder OpenSSL cleanup so that RAND_cleanup()
			is called before the locks are destroyed. [RT #17098]

666 667 668
2213.	[bug]		SIG0 diagnostic failure messages were looking at the
			wrong status code. [RT #17101]

Mark Andrews's avatar
Mark Andrews committed
669
2212.	[func]		'host -m' now causes memory statistics and active
670 671
			memory to be printed at exit. [RT 17028]

672 673 674
2211.	[func]		Update "dynamic update temporarily disabled" message.
			[RT #17065]

675 676 677
2210.	[bug]		Deleting class specific records via UPDATE could
			fail.  [RT #17074]

678 679 680 681
2209.	[port]		osx: linking against user supplied static OpenSSL
			libraries failed as the system ones were still being
			found. [RT #17078]

682 683 684
2208.	[port]		win32: make sure both build methods produce the
			same output. [RT #17058]

685 686
2207.	[port]		Some implementations of getaddrinfo() fail to set
			ai_canonname correctly. [RT #17061]
Mark Andrews's avatar
Mark Andrews committed
687 688 689

	--- 9.5.0a6 released ---

690 691 692 693 694 695 696 697 698 699 700 701 702 703 704
2206.	[security]	"allow-query-cache" and "allow-recursion" now
			cross inherit from each other.

			If allow-query-cache is not set in named.conf then
			allow-recursion is used if set, otherwise allow-query
			is used if set, otherwise the default (localnets;
			localhost;) is used.

			If allow-recursion is not set in named.conf then
			allow-query-cache is used if set, otherwise allow-query
			is used if set, otherwise the default (localnets;
			localhost;) is used.

			[RT #16987]
	
705 706
2205.	[bug]		libbind: change #2119 broke thread support. [RT #16982]

Mark Andrews's avatar
Mark Andrews committed
707
2204.	[bug]		"rndc flushanme name unknown-view" caused named
708
			to crash. [RT #16984]
Mark Andrews's avatar
9.5.0a6  
Mark Andrews committed
709

710 711 712
2203.	[security]	Query id generation was cryptographically weak.
			[RT # 16915]

713 714 715
2202.	[security]	The default acls for allow-query-cache and
			allow-recursion were not being applied. [RT #16960]

Mark Andrews's avatar
Mark Andrews committed
716
2201.	[bug]		The build failed in a separate object directory.
717 718
			[RT #16943]

719 720 721
2200.	[bug]		The search for cached NSEC records was stopping to
			early leading to excessive DLV queries. [RT #16930]

722 723 724
2199.	[bug]		win32: don't call WSAStartup() while loading dlls.
			[RT #16911]

725 726 727
2198.	[bug]		win32: RegCloseKey() could be called when
			RegOpenKeyEx() failed. [RT #16911]

728 729 730 731
2197.	[bug]		Add INSIST to catch negative responses which are
			not setting the event result code appropriately.
			[RT #16909]

732
2196.	[port]		win32: yield processor while waiting for once to
733
			to complete. [RT #16958]
734

735 736 737
2195.	[func]		dnssec-keygen now defaults to nametype "ZONE"
			when generating DNSKEYs. [RT #16954]

738
2194.	[bug]		Close journal before calling 'done' in xfrin.c.
Mark Andrews's avatar
9.5.0a5  
Mark Andrews committed
739 740 741

	--- 9.5.0a5 released ---

Mark Andrews's avatar
Mark Andrews committed
742 743 744
2193.	[port]		win32: BINDInstall.exe is now linked statically.
			[RT #16906]

745 746 747 748
2192.	[port]		win32: use vcredist_x86.exe to install Visual
			Studio's redistributable dlls if building with
			Visual Stdio 2005 or later.

749 750 751
2191.	[func]		named-checkzone now allows dumping to stdout (-).
			named-checkconf now has -h for help.
			named-checkzone now has -h for help.
Mark Andrews's avatar
Mark Andrews committed
752
			rndc now has -h for help.
753 754 755
			Better handling of '-?' for usage summaries.
			[RT #16707]

756 757 758 759
2190.	[func]		Make fallback to plain DNS from EDNS due to timeouts
			more visible.  New logging category "edns-disabled".
			[RT #16871]

760 761
2189.	[bug]		Handle socket() returning EINTR. [RT #15949]

Mark Andrews's avatar
Mark Andrews committed
762
2188.	[contrib]	queryperf: autoconf changes to make the search for
763 764
			libresolv or libbind more robust. [RT #16299]

765 766
2187.	[bug]		query_addds(), query_addwildcardproof() and
			query_addnxrrsetnsec() should take a version
Mark Andrews's avatar
Mark Andrews committed
767
			argument. [RT #16368]
768

769 770 771
2186.	[port]		cygwin: libbind: check for struct sockaddr_storage
			independently of IPv6. [RT #16482]

772 773 774
2185.	[port]		sunos: libbind: check for ssize_t, memmove() and
			memchr(). [RT #16463]

775 776 777
2184.	[bug]		bind9.xsl.h didn't build out of the source tree.
			[RT #16830]

778 779 780
2183.	[bug]		dnssec-signzone didn't handle offline private keys
			well.  [RT #16832]

781 782 783 784
2182.	[bug]		dns_dispatch_createtcp() and dispatch_createudp()
			could return ISC_R_SUCCESS when they ran out of
			memory. [RT #16365]

785 786
2181.	[port]		sunos: libbind: add paths.h from BIND 8. [RT #16462]

787 788 789
2180.	[cleanup]	Remove bit test from 'compress_test' as they
			are no longer needed. [RT #16497]

790 791 792
2179.	[func]		'rndc command zone' will now find 'zone' if it is
			unique to all the views. [RT #16821]

793 794 795
2178.	[bug]		'rndc reload' of a slave or stub zone resulted in
			a reference leak. [RT #16867]

796 797
2177.	[bug]		Array bounds overrun on read (rcodetext) at
			debug level 10+. [RT #16798]
798

799
2176.	[contrib]	dbus update to handle race condition during
Mark Andrews's avatar
Mark Andrews committed
800
			initialization (Bugzilla 235809). [RT #16842]
801

Mark Andrews's avatar
Mark Andrews committed
802
2175.	[bug]		win32: windows broadcast condition variable support
803 804
			was broken. [RT #16592]

805 806 807
2174.	[bug]		I/O errors should always be fatal when reading
			master files. [RT #16825]

808 809
2173.	[port]		win32: When compiling with MSVS 2005 SP1 we also
			need to ship Microsoft.VC80.MFCLOC.
Mark Andrews's avatar
9.5.0a4  
Mark Andrews committed
810 811 812

	--- 9.5.0a4 released ---

813 814 815
2172.	[bug]		query_addsoa() was being called with a non zone db.
			[RT #16834]

816 817 818 819
2171.	[bug]		Handle breaks in DNSSEC trust chains where the parent
			servers are not DS aware (DS queries to the parent
			return a referral to the child).

820 821
2170.	[func]		Add acache processing to test suite. [RT #16711]

822 823 824
2169.	[bug]		host, nslookup: when reporting NXDOMAIN report the
			given name and not the last name searched for.
			[RT #16763]
825

826 827 828
2168.	[bug]		nsupdate: in non-interactive mode treat syntax errors
			as fatal errors. [RT #16785]

829 830
2167.	[bug]		When re-using a automatic zone named failed to
			attach it to the new view. [RT #16786]
Evan Hunt's avatar
9.5.0a3  
Evan Hunt committed
831 832 833

	--- 9.5.0a3 released ---

834 835 836 837
2166.	[bug]		When running in batch mode, dig could misinterpret
			a server address as a name to be looked up, causing
			unexpected output. [RT #16743]

838 839 840 841 842
2165.	[func]		Allow the destination address of a query to determine
			if we will answer the query or recurse.
			allow-query-on, allow-recursion-on and
			allow-query-cache-on. [RT #16291]

843 844 845 846
2164.	[bug]		The code to determine how named-checkzone / 
			named-compilezone was called failed under windows.
			[RT #16764]

847 848 849 850
2163.	[bug]		If only one of query-source and query-source-v6
			specified a port the query pools code broke (change
			2129).  [RT #16768]

851 852 853
2162.	[func]		Allow "rrset-order fixed" to be disabled at compile
			time. [RT #16665]

854 855 856
2161.	[bug]		Fix which log messages are emitted for 'rndc flush'.
			[RT #16698]

857 858 859
2160.	[bug]		libisc wasn't handling NULL ifa_addr pointers returned
			from getifaddrs(). [RT #16708]

Mark Andrews's avatar
9.5.0a2  
Mark Andrews committed
860 861
	--- 9.5.0a2 released ---

Mark Andrews's avatar
Mark Andrews committed
862 863
2159.	[bug]		Array bounds overrun in acache processing. [RT #16710]

Mark Andrews's avatar
Mark Andrews committed
864
2158.	[bug]		ns_client_isself() failed to initialize key
865 866
			leading to a REQUIRE failure. [RT #16688]

867 868 869 870 871 872 873 874
2157.	[func]		dns_db_transfernode() created. [RT #16685]

2156.	[bug]		Fix node reference leaks in lookup.c:lookup_find(),
			resolver.c:validated() and resolver.c:cache_name().
			Fix a memory leak in rbtdb.c:free_noqname().
			Make lookup.c:lookup_find() robust against
			event leaks. [RT #16685]

875 876 877
2155.	[contrib]	SQLite sdb module from jaboydjr@netwalk.com.
			[RT #16694]

878 879 880
2154.	[func]		Scoped (e.g. IPv6 link-local) addresses may now be
			matched in acls by omitting the scope. [RT #16599]

881 882
2153.	[bug]		nsupdate could leak memory. [RT #16691]

883 884 885
2152.	[cleanup]	Use sizeof(buf) instead of fixed number in
			dighost.c:get_trusted_key(). [RT #16678]

886 887 888
2151.	[bug]		Missing newline in usage message for journalprint.
			[RT #16679]

889 890 891 892
2150.	[bug]		'rrset-order cyclic' uniformly distribute the
			starting point for the first response for a given
			RRset. [RT #16655]

893 894 895 896
2149.	[bug]		isc_mem_checkdestroyed() failed to abort on
			if there were still active memory contexts.
			[RT #16672]

897 898
2148.	[func]		Add positive logging for rndc commands. [RT #14623]

899 900 901
2147.	[bug]		libbind: remove potential buffer overflow from
			hmac_link.c. [RT #16437]

902 903 904
2146.	[cleanup]	Silence Linux's spurious "obsolete setsockopt
			SO_BSDCOMPAT" message. [RT #16641]

905 906 907
2145.	[bug]		Check DS/DLV digest lengths for known digests.
			[RT #16622]

908 909 910
2144.	[cleanup]	Suppress logging of SERVFAIL from forwarders.
			[RT #16619]

911 912 913 914
2143.	[bug]		We failed to restart the IPv6 client when the
			kernel failed to return the destination the
			packet was sent to. [RT #16613]

Mark Andrews's avatar
Mark Andrews committed
915
2142.	[bug]		Handle master files with a modification time that
916 917
			matches the epoch. [RT# 16612]

918 919 920
2141.	[bug]		dig/host should not be setting IDN_ASCCHECK (IDN
			equivalent of LDH checks).  [RT #16609]

921 922 923
2140.	[bug]		libbind: missing unlock on pthread_key_create()
			failures. [RT #16654]

924 925 926
2139.	[bug]		dns_view_find() was being called with wrong type
			in adb.c. [RT #16670]

927 928
2138.	[bug]		Lock order reversal in resolver.c. [RT #16653]

929
2137.	[port]		Mips little endian and/or mips 64 bit are now
Mark Andrews's avatar
Mark Andrews committed
930
			supported for atomic operations. [RT#16648]
931

932 933 934
2136.	[bug]		nslookup/host looped if there was no search list
			and the host didn't exist. [RT #16657]

Mark Andrews's avatar
Mark Andrews committed
935
2135.	[bug]		Uninitialized rdataset in sdlz.c. [RT# 16656]
936

937 938
2134.	[func]		Additional statistics support. [RT #16666]

939 940 941
2133.	[port]		powerpc:  Support both IBM and MacOS Power PC
			assembler syntaxes. [RT #16647]

942 943 944
2132.	[bug]		Missing unlock on out of memory in
			dns_dispatchmgr_setudp().

945 946
2131.	[contrib]	dlz/mysql: AXFR was broken. [RT #16630]

947 948
2130.	[func]		Log if CD or DO were set. [RT #16640]

949 950 951 952
2129.	[func]		Provide a pool of UDP sockets for queries to be
			made over. See use-queryport-pool, queryport-pool-ports
			and queryport-pool-updateinterval.  [RT #16415]

953 954
2128.	[doc]		xsltproc --nonet, update DTD versions.  [RT #16635]

955 956
2127.	[port]		Improved OpenSSL 0.9.8 support. [RT #16563]

Mark Andrews's avatar
Mark Andrews committed
957
2126.	[security]	Serialize validation of type ANY responses. [RT #16555]
958

959 960 961
2125.	[bug]		dns_zone_getzeronosoattl() REQUIRE failure if DLZ
			was defined. [RT #16574]

Mark Andrews's avatar
Mark Andrews committed
962
2124.	[security]	It was possible to dereference a freed fetch
963
			context. [RT #16584]
Mark Andrews's avatar
9.5.0a1  
Mark Andrews committed
964 965 966

	--- 9.5.0a1 released ---

Mark Andrews's avatar
Mark Andrews committed
967
2123.	[func]		Use Doxygen to generate internal documentation.
968 969
			[RT #11398]

970 971 972
2122.	[func]		Experimental http server and statistics support
			for named via xml.

973 974 975
2121.	[func]		Add a 10 slot dead masters cache (LRU) with a 600
			second timeout. [RT #16553]

976 977
2120.	[doc]		Fix markup on nsupdate man page. [RT #16556]

978 979 980 981
2119.	[compat]	libbind: allow res_init() to succeed enough to
			return the default domain even if it was unable
			to allocate memory.

982 983 984 985
2118.	[bug]		Handle response with long chains of domain name
			compression pointers which point to other compression
			pointers. [RT #16427]

986 987 988 989 990 991 992
2117.	[bug]		DNSSEC fixes: named could fail to cache NSEC records
			which could lead to validation failures.  named didn't
			handle negative DS responses that were in the process
			of being validated.  Check CNAME bit before accepting
			NODATA proof. To be able to ignore a child NSEC there
			must be SOA (and NS) set in the bitmap. [RT #16399]

993 994 995
2116.	[bug]		'rndc reload' could cause the cache to continually
			be cleaned. [RT #16401]

996 997 998
2115.	[bug]		'rndc reconfig' could trigger a INSIST if the
			number of masters for a zone was reduced. [RT #16444]

999