CHANGES 91.6 KB
Newer Older
1
 791.	[bug]		The command channel now works over IPv6.
2

3
4
5
 790.	[bug]		Wildcards created using dynamic update or IXFR
			could fail to match. [RT #1111]

6
7
8
9
 789.	[bug]		The "localhost" and "localnets" ACLs did not match
			when used as the second element of a two-element
			sortlist item.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
10
 788.	[func]		Add the "match-mapped-addresses" option, which
11
12
13
 			causes IPv6 v4mapped addresses to be treated as
			IPv4 addresses for the purpose of acl matching.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
14
15
 787.	[bug]		The DNSSEC tools failed to downcase domain
			names when mapping them into file names.
16

Andreas Gustafsson's avatar
Andreas Gustafsson committed
17
18
 786.	[bug]		When DNSSEC signing/verifying data, owner names were
			not properly downcased.
19

20
21
22
 785.	[bug]		A race condition in the resolver could cause
			an assertion failure. [RT #673, #872, #1048]

23
24
 784.	[bug]		nsupdate and other programs would not quit properly
			if some signals were blocked by the caller. [RT #1081]
25

26
27
28
29
 783.	[bug]		Following CNAMEs could cause an assertion failure
			when either using an sdb database or under very
			rare conditions.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
30
 782.	[func]		Implement the "serial-query-rate" option.
31

32
33
34
 781.	[func]		Avoid error packet loops by dropping duplicate FORMERR
			responses. [RT #1006]

35
36
 780.	[bug]		Error handling code dealing with out of memory or
			other rare errors could lead to assertion failures
Andreas Gustafsson's avatar
Andreas Gustafsson committed
37
			by calling functions on unitialized names. [RT #1065]
38

Bob Halley's avatar
Bob Halley committed
39
 779.	[func]		Added the "minimal-responses" option.
40
41
42
43
44

 778.	[bug]		When starting cache cleaning, cleaning_timer_action()
			returned without first pausing the iterator, which
			could cause deadlock. [RT #998]

45
46
 777.	[bug]		An empty forwarders list in a zone failed to override
			global forwarders. [RT #995]
Brian Wellington's avatar
Brian Wellington committed
47

48
49
 776.	[func]		Improved error reporting in denied messages. [RT #252]

Brian Wellington's avatar
Brian Wellington committed
50
 775.	[placeholder]
51

52
53
54
55
56
 774.	[func]		max-cache-size is implemented.

 773.	[func]		Added isc_rwlock_trylock() to attempt to lock without
			blocking.

57
58
59
60
 772.	[bug]		Owner names could be incorrectly omitted from cache
			dumps in the presence of negative caching entries.
			[RT #991]

61
 771.	[cleanup]	TSIG errors related to unsynchronized clocks
Andreas Gustafsson's avatar
Andreas Gustafsson committed
62
			are logged better. [RT #919]
63

64
65
66
 770.	[func]		Add the "edns yes_or_no" statement to the server
			clause. [RT #524]

67
68
 769.	[func]		Improved error reporting when parsing rdata. [RT #740]

69
70
71
72
 768.	[bug]		The server did not emit an SOA when a CNAME
			or DNAME chain ended in NXDOMAIN in an
			authoritative zone.

Brian Wellington's avatar
Brian Wellington committed
73
 767.	[placeholder]
74

Bob Halley's avatar
Bob Halley committed
75
76
 766.	[bug]		A few cases in query_find() could leak fname.
			This would trigger the mpctx->allocated == 0
77
78
79
			assertion when the server exited.
			[RT #739, #776, #798, #812, #818, #821, #845,
			#892, #935, #966]
Bob Halley's avatar
Bob Halley committed
80

81
82
83
84
85
86
87
88
89
90
91
92
 765.	[func]		ACL names are once again case insensitive, like
			in BIND 8. [RT #252]

 764.	[func]		Configuration files now allow "include" directives
			in more places, such as inside the "view" statement.
			[RT #377, #728, #860]

 763.	[func]		Configuration files no longer have reserved words.
			[RT #731, #753]

 762.	[cleanup]	The named.conf and rndc.conf file parsers have
			been completely rewritten.
93

94
95
96
 761.	[bug]		_REENTRANT was still defined when building with
			--disable-threads.

97
98
 760.	[contrib]	Significant enhancements to the pgsql sdb driver.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
99
100
101
102
103
104
105
106
107
108
 759.	[bug]		The resolver didn't turn off "avoid fetches" mode
			when restarting, possibly causing resolution
			to fail when it should not.  This bug only affected
			platforms which support both IPv4 and IPv6. [RT #927]

 758.	[bug]		The "avoid fetches" code did not treat negative
			cache entries correctly, causing fetches that would
			be useful to be avoided.  This bug only affected
			platforms which support both IPv4 and IPv6. [RT #927]

109
110
 757.	[func]		Log zone transfers.

111
112
113
 756.	[bug]		dns_zone_load() could "return" success when no master
			file was configured.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
114
 755.	[bug]		Fix incorrectly formatted log messages in zone.c.
115

116
117
 754.	[bug]		Certain failure conditions sending UDP packets
			could cause the server to retry the transmission
118
119
			indefinitely. [RT #902]

120
121
122
 753.	[bug]		dig, host, and nslookup would fail to contact a
			remote server if getaddrinfo() returned an IPv6
			address on a system that doesn't support IPv6.
Brian Wellington's avatar
Brian Wellington committed
123
			[RT #917]
124

Andreas Gustafsson's avatar
Andreas Gustafsson committed
125
126
 752.	[func]		Correct bad tv_usec elements returned by
			gettimeofday().
127

Mark Andrews's avatar
Mark Andrews committed
128
 751.	[func]		Log successful zone loads / transfers.	[RT #898]
129

130
131
132
133
134
135
 750.	[bug]		A query should not match a DNAME whose trust level
			is pending.  [RT #916]

 749.	[bug]		When a query matched a DNAME in a secure zone, the
			server did not return the signature of the DNAME.
			[RT #915]
136
137

 748.	[doc]		List supported RFCs in doc/misc/rfc-compliance.
Andreas Gustafsson's avatar
Andreas Gustafsson committed
138
			[RT #781]
139

140
141
 747.	[bug]		The code to determine whether an IXFR was possible
			did not properly check for a database that could
142
			not have a journal. [RT #865, #908]
143

144
145
146
 746.	[bug]		The sdb didn't clone rdatasets properly, causing
			a crash when the server followed delegations. [RT #905]

Andreas Gustafsson's avatar
Andreas Gustafsson committed
147
 745.	[func]		Report the owner name of records that fail
Mark Andrews's avatar
Mark Andrews committed
148
			semantic checks while loading.
149

150
151
152
153
154
 744.	[bug]		When returning DNS_R_CNAME or DNS_R_DNAME as the
			result of an ANY or SIG query, the resolver failed
			to setup the return event's rdatasets, causing an
			assertion failure in the query code.  [RT #881]

155
156
 743.	[bug]		Receiving a large number of certain malformed
			answers could cause named to stop responding.
Andreas Gustafsson's avatar
Andreas Gustafsson committed
157
			[RT #861]
158

Brian Wellington's avatar
Brian Wellington committed
159
160
 742.	[placeholder]

161
162
 741.	[port]		Support openssl-engine. [RT #709]

163
164
 740.	[port]		Handle openssl library mismatches slightly better.

165
166
167
168
 739.	[port]		Look for /dev/random in configure, rather than
			assuming it will be there for only a predefined
			set of OSes.

169
170
 738.	[bug]		If a non-threadsafe sdb driver supported AXFR and
			received an AXFR request, it would deadlock or die
171
			with an assertion failure. [RT #852]
172

Andreas Gustafsson's avatar
Andreas Gustafsson committed
173
 737.	[port]		stdtime.c failed to compile on certain platforms.
174
175
176

 736.	[func]		New functions isc_task_{begin,end}exclusive().

177
 735.	[doc]		Add BIND 4 migration notes.
178

179
 734.	[bug]		An attempt to re-lock the zone lock could occur if
Mark Andrews's avatar
Mark Andrews committed
180
181
			the server was shutdown during a zone tranfer.
			[RT #830]
182
183

 733.	[bug]		Reference counts of dns_acl_t objects need to be
184
			locked but were not. [RT #801, #821]
185

Bob Halley's avatar
Bob Halley committed
186
187
 732.	[bug]		Glue with 0 TTL could also cause SERVFAIL.  [RT #828]

Brian Wellington's avatar
Brian Wellington committed
188
 731.	[bug]		Certain zone errors could cause named-checkzone to
189
			fail ungracefully.  [RT #819]
190
191
192
193

 730.	[bug]		lwres_getaddrinfo() returns the correct result when
			it fails to contact a server. [RT #768]

194
195
 729.	[port]		pthread_setconcurrency() needs to be called on Solaris.

196
197
 728.	[bug]		Fix comment processing on master file directives.
			[RT# 757]
198

199
200
201
202
203
 727.	[port]		Work around OS bug where accept() succeeds but
			fails to fill in the peer address of the accepted
			connection, by treating it as an error rather than
			an assertion failure. [RT #809]

204
205
 726.	[func]		Implement the "trace" and "notrace" commands in rndc.

206
207
 725.	[bug]		Installing man pages could fail.

208
209
210
 724.	[func]		New libisc functions isc_netaddr_any(),
			isc_netaddr_any6().

211
212
213
214
 723.	[bug]		Referrals whose NS RRs had a 0 TTL caused the resolver
			to return DNS_R_SERVFAIL.  [RT #783]

 722.	[func]		Allow incremental loads to be canceled.
215
216
217

 721.	[cleanup]	Load manager and dns_master_loadfilequota() are no
			more.
218
219
220
221

 720.	[bug]		Server could enter infinite loop in
			dispatch.c:do_cancel(). [RT #733]

222
 719.	[bug]		Rapid reloads could trigger an assertion failure.
Andreas Gustafsson's avatar
Andreas Gustafsson committed
223
			[RT #743, #763]
224
225
226
227

 718.	[cleanup]	"internal" is no longer a reserved word in named.conf.
			[RT #753, #731]

228
229
230
231
 717.	[bug]		Certain TKEY processing failure modes could
			reference an uninitialized variable, causing the
			server to crash. [RT #750]

232
 716.	[bug]		The first line of a $INCLUDE master file was lost if
Andreas Gustafsson's avatar
grammar    
Andreas Gustafsson committed
233
			an origin was specified. [RT #744]
234
235
236
237

 715.	[bug]		Resolving some A6 chains could cause an assertion
			failure in adb.c. [RT #738]

238
239
240
 714.	[bug]		Preserve interval timers across reloads unless changed.
			[RT# 729]

241
242
 713.	[func]		named-checkconf takes '-t directory' similar to named.
			[RT #726]
Andreas Gustafsson's avatar
grammar    
Andreas Gustafsson committed
243

244
245
246
 712.	[bug]		Sending a large signed update message caused an
			assertion failure. [RT #718]

247
248
249
 711.	[bug]		The libisc and liblwres implementations of
			inet_ntop contained an off by one error.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
250
251
 710.	[func]		The forwarders statement now takes an optional
			port. [RT #418]
252

253
254
255
 709.	[bug]		ANY or SIG queries for data with a TTL of 0
			would return SERVFAIL. [RT #620]

256
 708.	[bug]		When building with --with-openssl, the openssl headers
Andreas Gustafsson's avatar
Andreas Gustafsson committed
257
			included with BIND 9 should not be used. [RT #702]
258

259
 707.	[func]		The "filename" argument to named-checkzone is no
Andreas Gustafsson's avatar
typo    
Andreas Gustafsson committed
260
			longer optional, to reduce confusion. [RT #612]
261

262
263
 706.	[bug]		Zones with an explicit "allow-update { none; };"
			were considered dynamic and therefore not reloaded
Andreas Gustafsson's avatar
typo    
Andreas Gustafsson committed
264
			on SIGHUP or "rndc reload".
265

Andreas Gustafsson's avatar
grammar    
Andreas Gustafsson committed
266
 705.	[port]		Work out resource limit type for use where rlim_t is
267
268
			not available. [RT #695]

Mark Andrews's avatar
Mark Andrews committed
269
 704.	[port]		RLIMIT_NOFILE is not available on all platforms.
270
271
			[RT #695]

272
 703.	[port]		sys/select.h is needed on older platforms. [RT #695]
273

274
275
276
 702.	[func]		If the address 0.0.0.0 is seen in resolv.conf,
			use 127.0.0.1 instead. [RT #693]

277
278
279
280
281
282
283
 701.	[func]		Root hints are now fully optional.  Class IN
			views use compiled-in hints by default, as
			before.  Non-IN views with no root hints now
			provide authoritative service but not recursion.
			A warning is logged if a view has neither root
			hints nor authoritative data for the root. [RT #696]

284
 700.	[bug]		$GENERATE range check was wrong. [RT #688]
285

286
287
 699.	[bug]		The lexer mishandled empty quoted strings. [RT #694]

288
289
290
 698.	[bug]		Aborting nsupdate with ^C would lead to several
			race conditions.

291
292
293
294
 697.	[bug]		nsupdate was not compatible with the undocumented
			BIND 8 behavior of ignoring TTLs in "update delete"
			commands. [RT #693]

295
296
297
 696.	[bug]		lwresd would die with an assertion failure when passed
			a zero-length name.  [RT #692]

298
299
300
 695.	[bug]		If the resolver attempted to query a blackholed or
			bogus server, the resolution would fail immediately.

301
302
 694.	[bug]		$GENERATE did not produce the last entry.
			[RT #682, #683]
303

304
305
306
 693.	[bug]		An empty lwres statement in named.conf caused
			the server to crash while loading.

307
308
309
 692.	[bug]		Deal with systems that have getaddrinfo() but not
			gai_strerror(). [RT #679]

310
 691.	[bug]		Configuring per-view forwarders caused an assertion
Andreas Gustafsson's avatar
Andreas Gustafsson committed
311
			failure. [RT #675, #734]
312

313
314
 690.	[func]		$GENERATE now supports DNAME. [RT #654]

315
316
 689.	[doc]		man pages are now installed. [RT #210]

Bob Halley's avatar
Bob Halley committed
317
318
 688.	[func]		"make tags" now works on systems with the
			"Exuberant Ctags" etags.
319

320
321
 687.	[bug]		Only say we have IPv6, with sufficent functionality,
			if it has actually been tested.  [RT #586]
Andreas Gustafsson's avatar
style    
Andreas Gustafsson committed
322

323
324
325
 686.	[bug]		dig and nslookup can now be properly aborted during
			blocking operations. [RT #568]

Andreas Gustafsson's avatar
style    
Andreas Gustafsson committed
326
 685.	[bug]		nslookup should use the search list/domain options
327
			from resolv.conf by default. [RT #405, #630]
328

Andreas Gustafsson's avatar
style    
Andreas Gustafsson committed
329
 684.	[bug]		Memory leak with view forwarders. [RT #656]
330

Andreas Gustafsson's avatar
style    
Andreas Gustafsson committed
331
 683.	[bug]		File descriptor leak in isc_lex_openfile().
332

Mark Andrews's avatar
Mark Andrews committed
333
 682.	[bug]		nslookup displayed SOA records incorrectly. [RT #665]
334

Andreas Gustafsson's avatar
style    
Andreas Gustafsson committed
335
 681.	[bug]		$GENERATE specifying output format was broken. [RT #653]
336

Andreas Gustafsson's avatar
style    
Andreas Gustafsson committed
337
 680.	[bug]		dns_rdata_fromstruct() mishandled options bigger
338
339
			than 255 octets.

340
341
342
 679.	[bug]		$INCLUDE could leak memory and file descriptors on
			reload. [RT #639]

Andreas Gustafsson's avatar
typo    
Andreas Gustafsson committed
343
 678.	[bug]		"transfer-format one-answer;" could trigger an assertion
344
			failure. [RT #646]
345

346
347
348
 677.	[bug]		dnssec-signzone would occasionally use the wrong ttl
			for database operations and fail. [RT #643]

349
350
351
352
 676.	[bug]		Log messages about lame servers to category
			'lame-servers' rather than 'resolver', so as not
			to be gratuitously incompatible with BIND 8.

Brian Wellington's avatar
Brian Wellington committed
353
 675.	[bug]		TKEY queries could cause the server to leak
354
355
			memory.

356
357
 674.	[func]		Allow messages to be TSIG signed / verified using
			a offset from the current time.
358
359
360
361
362

 673.	[func]		The server can now convert RFC1886-style recursive
			lookup requests into RFC2874-style lookups, when 
			enabled using the new option "allow-v6-synthesis".

363
364
365
 672.	[bug]		The wrong time was in the "time signed" field when
			replying with BADTIME error.

366
367
368
 671.	[bug]		The message code was failing to parse a message with
			no question section and a TSIG record. [RT #628]

369
370
371
372
 670.	[bug]		The lwres replacements for getaddrinfo and
			getipnodebyname didn't properly check for the
			existence of the sockaddr sa_len field.

373
374
375
 669.	[func]		dnssec-keygen now makes the public key file
			non-world-readable for symmetric keys. [RT #403]

376
377
378
 668.	[func]		named-checkzone now reports multiple errors in master
			files.

379
380
381
382
 667.	[bug]		On Linux, running named with the -u option and a
			non-world-readable configuration file didn't work.
			[RT #626]

Brian Wellington's avatar
Brian Wellington committed
383
384
 666.	[bug]		If a request sent by dig is longer than 512 bytes,
			use TCP.
385

386
387
388
 665.	[bug]		Signed responses were not sent when the size of the
			TSIG + question exceeded the maximum message size.
			[RT #628]
389

390
391
392
393
 664.	[bug]		The t_tasks and t_timers module tests are now skipped
			when building without threads, since they require
			threads.

394
395
396
397
398
 663.	[func]		Accept a size_spec, not just an integer, in the
			(unimplemented and ignored) max-ixfr-log-size option
			for compatibility with recent versions of BIND 8.
			[RT #613]

399
 662.	[bug]		dns_rdata_fromtext() failed to log certain errors.
400

401
402
 661.	[bug]		Certain UDP IXFR requests caused an assertion failure
			(mpctx->allocated == 0). [RT #355, #394, #623]
403

404
405
 660.	[port]		Detect multiple CPUs on HP-UX and IRIX.

406
407
408
409
 659.	[performance]	Rewrite the name compression code to be much faster.

 658.	[cleanup]	Remove all vestiges of 16 bit global compression.

410
 657.	[bug]		When a listen-on statement in an lwres block does not
Brian Wellington's avatar
Brian Wellington committed
411
			specify a port, use 921, not 53.  Also update the
412
413
			listen-on documentation. [RT #616]

414
415
416
417
 656.	[func]		Treat an unescaped newline in a quoted string as
			an error.  This means that TXT records with missing
			close quotes should have meaningful errors printed.

418
419
420
 655.	[bug]		Improve error reporting on unexpected eof when loading
			zones. [RT #611]

421
 654.	[bug]		Origin was being forgotten in TCP retries in dig.
422
			[RT #574]
423

424
425
 653.	[bug]		+defname option in dig was reversed in sense.  
			[RT #549]
426

427
428
 652.	[bug]		zone_saveunique() did not report the new name.

429
430
431
 651.	[func]		The AD bit in responses now has the meaning
			specified in <draft-ietf-dnsext-ad-is-secure>.

432
433
434
 650.	[bug]		SIG(0) records were being generated and verified
			incorrectly. [RT #606]

435
436
437
438
439
440
441
 649.	[bug]		It was possible to join to an already running fctx
			after it had "cloned" its events, but before it sent
			them.  In this case, the event of the newly joined
			fetch would not contain the answer, and would
			trigger the INSIST() in fctx_sendevents().  In
			BIND 9.0, this bug did not trigger an INSIST(), but
			caused the fetch to fail with a SERVFAIL result.
442
			[RT #588, #597, #605, #607]
443

444
 648.	[port]		Add support for pre-RFC2133 IPv6 implementations.
445

446
447
448
449
450
 647.	[bug]		Resolver queries sent after following multiple
			referrals had excessively long retransmission
			timeouts due to incorrectly counting the referrals
			as "restarts".

451
452
453
 646.	[bug]		The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
			didn't _cleanly_ fix the problem it was trying to fix.

454
455
456
 645.	[port]		BSD/OS 3.0 needs pthread_init(). [RT #603]

 644.	[bug]		#622 needed more work. [RT #562]
457

458
459
460
 643.	[bug]		xfrin error messages made more verbose, added class
			of the zone.  [RT# 599]

461
462
463
 642.	[bug]		Break the exit_check() race in the zone module.
			[RT #598]

464
465
	--- 9.1.0b2 released ---

466
467
 641.	[bug]		$GENERATE caused a uninitialized link to be used.
			[RT #595]
468

469
470
 640.	[bug]		Memory leak in error path could cause
			"mpctx->allocated == 0" failure. [RT #584]
471

472
473
474
 639.	[bug]		Reading entropy from the keyboard would sometimes fail.
			[RT #591]

475
476
477
 638.	[port]		lib/isc/random.c needed to explicitly include time.h
			to get a prototype for time() when pthreads was not
			being used. [RT #592]
478

479
480
481
482
483
 637.	[port]		Use isc_u?int64_t instead of (unsigned) long long in
			lib/isc/print.c.  Also allow lib/isc/print.c to
			be compiled even if the platform does not need it.
			[RT #592]

484
485
486
 636.	[port]		Shut up MSVC++ about a possible loss of precision
			in the ISC__BUFFER_PUTUINT*() macros. [RT #592]

487
488
489
 635.	[bug]		Reloading a server with a configured blackhole list
			would cause an assertion. [RT #590]

490
491
492
493
 634.	[bug]		A log file will completely stop being written when
			it reaches the maximum size in all cases, not just
			when versioning is also enabled. [RT #570]

494
495
 633.	[port]		Cope with rlim_t missing on BSD/OS systems. [RT #575]

496
497
 632.	[bug]		The index array of the journal file was 
			corrupted as it was written to disk.
498

499
500
501
 631.	[port]		Build without thread support on systems without
			pthreads.

502
 630.	[bug]		Locking failure in zone code. [RT #582]
503

Andreas Gustafsson's avatar
typo    
Andreas Gustafsson committed
504
 629.	[bug]		9.1.0b1 dereferenced a null pointer and crashed
Andreas Gustafsson's avatar
thinko    
Andreas Gustafsson committed
505
			when responding to a UDP IXFR request.
506

507
508
509
 628.	[bug]		If the root hints contained only AAAA addresses,
			named would be unable to perform resolution.

Brian Wellington's avatar
typo    
Brian Wellington committed
510
 627.	[bug]		The EDNS0 blackhole detection code of change 324
511
512
513
514
			waited for three retransmissions to each server,
			which takes much too long when a domain has many
			name servers and all of them drop EDNS0 queries.
			Now we retry without EDNS0 after three consecutive
Andreas Gustafsson's avatar
typo    
Andreas Gustafsson committed
515
516
			timeouts, even if they are all from different
			servers. [RT #143]
517

518
519
520
 626.	[bug]		The lightweight resolver daemon no longer crashes
			when asked for a SIG rrset. [RT #558]

Brian Wellington's avatar
grammar    
Brian Wellington committed
521
 625.	[func]		Zones now inherit their class from the enclosing view.
522

523
524
525
 624.	[bug]		The zone object could get timer events after it had
			been destroyed, causing a server crash. [RT #571]

526
527
528
529
 623.	[func]		Added "named-checkconf" and "named-checkzone" program
			for syntax checking named.conf files and zone files,
			respectively.

530
531
532
 622.	[bug]		A canceled request could be destroyed before
			dns_request_destroy() was called. [RT #562]

533
534
535
 621.	[port]		Disable IPv6 at runtime if IPv6 sockets are unusable.
			This mostly affects Red Hat Linux 7.0, which has
			conflicts between libc and the kernel.
536

537
 620.	[bug]		dns_master_load*inc() now require 'task' and 'load'
538
			to be non-null.	 Also 'done' will not be called if
539
			dns_master_load*inc() fails immediately. [RT #565]
540

541
542
543
 618.	[bug]		Queries to a signed zone could sometimes cause
			an assertion failure.

544
545
546
547
548
549
 617.	[bug]		When using dynamic update to add a new RR to an
			existing RRset with a different TTL, the journal
			entries generated from the update did not include
			explicit deletions and re-additions of the existing
			RRs to update their TTL to the new value.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
550
551
552
553
554
 616.	[func]		dnssec-signzone -t output now includes performance
			statistics.

 615.	[bug]		dnssec-signzone did not like child keysets signed 
			by multiple keys.
555

556
557
558
559
560
 614.	[bug]		Checks for uninitialized link fields were prone
			to false positives, causing assertion failures.
			The checks are now disabled by default and may
			be re-enabled by defining ISC_LIST_CHECKINIT.

561
562
563
564
 613.	[bug]		"rndc reload zone" now reloads primary zones.
			It previously only updated slave and stub zones,
			if an SOA query indicated an out of date serial.

565
566
567
568
569
 612.	[cleanup]	Shutup a ridiculously noisy HP-UX compiler that
			complains relentlessly about how its treatment
			of 'const' has changed as well as how casting
			sometimes tightens alignment constraints.

570
571
572
573
 611.	[func]		allow-notify can be used to permit processing of
			notify messages from hosts other than a slave's
			masters.

574
575
 610.	[func]		rndc dumpdb is now supported.

576
577
578
 609.	[bug]		getrrsetbyname() would crash lwresd if the server
			found more SIGs than answers. [RT #554]

579
580
581
 608.	[func]		dnssec-signzone now adds a comment to the zone
			with the time the file was signed.

582
583
584
 607.	[bug]		nsupdate would fail if it encountered a CNAME or
			DNAME in a response to an SOA query. [RT #515]

585
586
587
588
 606.	[bug]		Compiling with --disable-threads failed due
			to isc_thread_self() being incorrectly defined
			as an integer rather than a function.

589
590
 605.	[func]		New function isc_lex_getlasttokentext().

591
592
593
 604.	[bug]		The named.conf parser could print incorrect line
			numbers when long comments were present.

Michael Sawyer's avatar
Michael Sawyer committed
594
595
596
 603.	[bug]		Make dig handle multiple types or classes on the same
			query more correctly.

597
598
599
 602.	[func]		Cope automatically with UnixWare's broken
			IN6_IS_ADDR_* macros. [RT #539]

600
601
602
 601.	[func]		Return a non-zero exit code if an update fails
			in nsupdate.

603
604
 600.	[bug]		Reverse lookups sometimes failed in dig, etc...

605
 599.	[func]		Added four new functions to the libisc log API to
606
			support i18n messages.	isc_log_iwrite(),
607
608
			isc_log_ivwrite(), isc_log_iwrite1() and
			isc_log_ivwrite1() were added.
609

610
611
612
 598.	[bug]		An update-policy statement would cause the server
			to assert while loading. [RT #536]

613
614
 597.	[func]		dnssec-signzone is now multithreaded.

615
616
617
 596.	[bug]		DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
			not mutually exclusive.

618
619
 595.	[port]		On Linux 2.2, socket() returns EINVAL when it
			should return EAFNOSUPPORT.  Work around this.
Brian Wellington's avatar
Brian Wellington committed
620
			[RT #531]
621

622
623
624
 594.	[func]		sdb drivers are now assumed to not be thread-safe
			unless the DNS_SDBFLAG_THREADSAFE flag is supplied.

625
626
627
628
 593.	[bug]		If a secure zone was missing all its NXTs and
			a dynamic update was attempted, the server entered
			an infinite loop.

629
630
631
 592.	[bug]		The sig-validity-interval option now specifies a
			number of days, not seconds.  This matches the
			documentation. [RT #529]
632

633
634
	--- 9.1.0b1 released ---

635
636
637
 591.	[bug]		Work around non-reentrancy in openssl by disabling
			precomputation in keys.

638
639
640
 590.	[doc]		There are now man pages for the lwres library in
			doc/man/lwres.

641
642
643
 589.	[bug]		The server could deadlock if a zone was updated 
			while being transferred out.

644
645
 588.	[bug]		ctx->in_use was not being correctly initalised when
			when pushing a file for $INCLUDE. [RT #523]
646
647
648
649
650
651
652
653

 587.	[func]		A warning is now printed if the "allow-update"
			option allows updates based on the source IP
			address, to alert users to the fact that this
			is insecure and becoming increasingly so as
			servers capable of update forwarding are being
			deployed.

654
655
 586.	[bug]		multiple views with the same name were fatal. [RT #516]

656
657
658
 585.	[func]		dns_db_addrdataset() and and dns_rdataslab_merge()
			now support 'exact' additions in a similar manner to
			dns_db_subtractrdataset() and dns_rdataslab_subtract().
659
660
661
662
663
664

 584.	[func]		You can now say 'notify explicit'; to suppress
			notification of the servers listed in NS records
			and notify only those servers listed in the
			'also-notify' option.

665
666
667
 583.	[func]		"rndc querylog" will now toggle logging of
			queries, like "ndc querylog" in BIND 8.

668
669
670
 582.	[bug]		dns_zone_idetach() failed to lock the zone.
			[RT #199, #463]

671
672
 581.	[bug]		log severity was not being correctly processed.
			[RT #485]
673

674
675
676
677
 580.	[func]		Ignore trailing garbage on incoming DNS packets,
			for interoperability with broken server
			implementations. [RT #491]

678
679
680
 579.	[bug]		nsupdate did not take a filename to read update from.
			[RT #492]

Andreas Gustafsson's avatar
Andreas Gustafsson committed
681
682
 578.	[func]		New config option "notify-source", to specify the
			source address for notify messages.
683

684
685
686
 577.	[func]		Log illegal RDATA combinations. e.g. multiple
			singlton types, cname and other data.

687
688
689
690
 576.	[doc]		isc_log_create() description did not match reality.

 575.	[bug]		isc_log_create() was not setting internal state
			correctly to reflect the default channels created.
691

Andreas Gustafsson's avatar
Andreas Gustafsson committed
692
 574.	[bug]		TSIG signed queries sent by the resolver would fail to
693
694
			have their responses validated and would leak memory.

695
696
697
 573.	[bug]		The journal files of IXFRed slave zones were
			inadvertantly discarded on server reload, causing
			"journal out of sync with zone" errors on subsequent
Andreas Gustafsson's avatar
Andreas Gustafsson committed
698
			reloads. [RT #482]
699

700
701
702
 572.	[bug]		Quoted strings were not accepted as key names in
			address match lists.

703
704
705
706
707
708
709
 571.	[bug]		It was possible to create an rdataset of singleton
			type which had more than one rdata.  [RT #154]
			[RT #279]

 570.	[bug]		rbtdb.c allowed zones containing nodes which had
			both a CNAME and "other data". [RT #154]

710
711
712
 569.	[func]		The DNSSEC AD bit will not be set on queries which
			have not requested a DNSSEC response.

713
 568.	[func]		Add sample simple database drivers in contrib/sdb.
714
715
716
717
718
719

 567.	[bug]		Setting the zone transfer timeout to zero caused an
			assertion failure. [RT #302]

 566.	[func]		New public function dns_timer_setidle().

720
721
 565.	[func]		Log queries more like BIND 8: query logging is now
			done to category "queries", level "info". [RT #169]
722

723
724
 564.	[func]		Add sortlist support to lwresd.

725
726
727
728
 563.	[func]		New public functions dns_rdatatype_format() and
			dns_rdataclass_format(), for convenient formatting
			of rdata type/class mnemonics in log messages.

729
730
 562.	[cleanup]	Moved lib/dns/*conf.c to bin/named where they belong.

731
732
733
734
735
736
737
738
739
740
741
742
743
744
 561.	[func]		The 'datasize', 'stacksize', 'coresize' and 'files'
			clauses of the options{} statement are now implemented.

 560.	[bug]		dns_name_split did not properly the resulting prefix
			when a maximal length bitstring label was split which
			was preceded by another bitstring label. [RT #429]

 559.	[bug]		dns_name_split did not properly create the suffix
			when splitting within a maximal length bitstring label.

 558.	[func]		New functions, isc_resource_getlimit and
			isc_resource_setlimit.

 557.	[func]		Symbolic constants for libisc integral types.
745

746
747
748
749
 556.	[func]		The DNSSEC OK bit in the EDNS extended flags
			is now implemented.  Responses to queries without
			this bit set will not contain any DNSSEC records.

750
751
752
753
 555.	[bug]		A slave server attempting a zone transfer could 
			crash with an assertion failure on certain
			malformed responses from the master. [RT #457]

754
755
756
 554.	[bug]		In some cases, not all of the dnssec tools were
			properly installed.

757
758
759
760
 553.	[bug]		Incoming zone transfers deferred due to quota 
			were not started when quota was increased but 
			only when a transfer in progress finished. [RT #456]

761
762
 552.	[bug]		We were not correctly detecting the end of all c-style
			comments.  [RT #455]
763

764
765
 551.	[func]		Implemented the 'sortlist' option.

766
767
 550.	[func]		Support unknown rdata types and classes.

768
769
770
 549.	[bug]		"make" did not immediately abort the build when a
			subdirectory make failed [RT #450].

771
 548.	[func]		The lexer now ungets tokens more correctly.
Brian Wellington's avatar
Brian Wellington committed
772

773
774
 546.	[func]		Option 'lame-ttl' is now implemented.

775
776
777
778
 545.	[func]		Name limit and counting options removed from dig;
			they didn't work properly, and cannot be correctly
			implemented without significant changes.

779
780
781
782
 544.	[func]		Add statistics option, enable statistics-file option,
			add RNDC option "dump-statistics" to write out a
			query statistics file.

783
784
 543.	[doc]		The 'port' option is now documented.

785
786
787
788
 542.	[func]		Add support for update forwarding as required for
			full compliance with RFC2136.  It is turned off
			by default and can be enabled using the
			'allow-update-forwarding' option.
789

790
791
 541.	[func]		Add bogus server support.

Mark Andrews's avatar
Mark Andrews committed
792
793
 540.	[func]		Add dialup support.

794
795
 539.	[func]		Support the blackhole option.

796
797
 538.	[bug]		fix buffer overruns by 1 in lwres_getnameinfo().

798
799
800
801
802
803
804
 536.	[func]		Use transfer-source{-v6} when sending refresh queries.
			Transfer-source{-v6} now take a optional port
			parameter for setting the UDP source port.  The port
			parameter is ignored for TCP.

 535.	[func]		Use transfer-source{-v6} when forwarding update
			requests.
805

806
807
808
809
810
811
 534.	[func]		Ancestors have been removed from RBT chains.  Ancestor
			information can be discerned via node parent pointers.

 533.	[func]		Incorporated name hashing into the RBT database to
			improve search speed.

812
813
814
 532.	[func]		Implement DNS UPDATE pseudo records using
			DNS_RDATA_UPDATE flag.

815
816
 531.	[func]		Rdata really should be initalized before being assigned
			to (dns_rdata_fromwire(), dns_rdata_fromtext(),
817
818
819
			dns_rdata_clone(), dns_rdata_fromregion()),
			check that it is.

820
821
 530.	[func]		New function dns_rdata_invalidate().

822
 529.	[bug]		521 contained a bug which caused zones to always
823
			reload.	 [RT #410]
824
	
825
826
827
828
 528.	[func]		The ISC_LIST_XXXX macros now perform sanity checks
			on their arguements.  ISC_LIST_XXXXUNSAFE can be use
			to skip the checks however use with caution.

829
830
 527.	[func]		New function dns_rdata_clone().

831
832
833
 526.	[bug]		nsupdate incorrectly refused to add RRs with a TTL
			of 0.

834
835
836
837
 525.	[func]		New arguments 'options' for dns_db_subtractrdataset(),
			and 'flags' for dns_rdataslab_subtract() allowing you
			to request that the RR's must exist prior to deletion.
			DNS_R_NOTEXACT is returned if the condition is not met.
838

839
840
841
 524.	[func]		The 'forward' and 'forwarders' statement in
			non-forward zones should work now.

842
843
844
845
846
847
 523.	[doc]		The source to the Administrator Reference Manual is
			now an XML file using the DocBook DTD, and is included
			in the distribution.  The plain text version of the
			ARM is temporarily unavailable while we figure out
			how to generate readable plain text from the XML.

848
849
850
851
852
 522.	[func]		The lightweight resolver daemon can now use
			a real configuration file, and its functionality
			can be provided by a name server.  Also, the -p and -P
			options to lwresd have been reversed.

853
854
855
 521.	[bug]		Detect master files which contain $INCLUDE and always
			reload. [RT #196]

856
857
858
 520.	[bug]		Upgraded libtool to 1.3.5, which makes shared
			library builds almost work on AIX (and possibly 
			others).
859

860
861
862
863
864
865
866
 519.	[bug]		dns_name_split() would improperly split some bitstring
			labels, zeroing a few of the least signficant bits in
			the prefix part.  When such an improperly created
			prefix was returned to the RBT database, the bogus
			label was dutifully stored, corrupting the tree.
			[RT #369]

867
868
 518.	[bug]		The resolver did not realize that a DNAME which was
			"the answer" to the client's query was "the answer",
Brian Wellington's avatar
Brian Wellington committed
869
			and such queries would fail. [RT #399]
870
871
872

 517.	[bug]		The resolver's DNAME code would trigger an assertion
			if there was more than one DNAME in the chain.
Brian Wellington's avatar
Brian Wellington committed
873
			[RT #399]
874
875
876
877

 516.	[bug]		Cache lookups which had a NULL node pointer, e.g.
			those by dns_view_find(), and which would match a
			DNAME, would trigger an INSIST(!search.need_cleanup)
Brian Wellington's avatar
Brian Wellington committed
878
			assertion. [RT #399]
879

Andreas Gustafsson's avatar
typo    
Andreas Gustafsson committed
880
881
 515.	[bug]		The ssu table was not being attached / detached
			by dns_zone_[sg]etssutable. [RT#397]
882

883
884
885
 514.	[func]		Retry refresh and notify queries if they timeout.
			[RT #388]

886
 513.	[func]		New functionality added to rdnc and server to allow
Andreas Gustafsson's avatar
typo    
Andreas Gustafsson committed
887
			individual zones to be refreshed or reloaded.
888

Andreas Gustafsson's avatar
typos    
Andreas Gustafsson committed
889
 512.	[bug]		The zone transfer code could throw an execption with
890
891
			an invalid IXFR stream.

892
893
894
 511.	[bug]		The message code could throw an assertion on an
			out of memory failure. [RT #392]

895
896
 510.	[bug]		Remove spurious view notify warning. [RT #376]

897
898
 509.	[func]		Add support for write of zone files on shutdown.

899
900
901
902
 508.	[func]		dns_message_parse() can now do a best-effort
			attempt, which should allow dig to print more invalid
			messages.

903
904
905
 507.	[func]		New functions dns_zone_flush(), dns_zt_flushanddetach()
			and dns_view_flushanddetach().

906
907
 506.	[func]		Do not fail to start on errors in zone files.

908
909
 505.	[bug]		nsupdate was printing "unknown result code". [RT #373]

910
911
912
913
914
915
 504.	[bug]		The zone was not being marked as dirty when updated via
			IXFR.

 503.	[bug]		dumptime was not being set along with
			DNS_ZONEFLG_NEEDDUMP.

916
917
918
919
920
921
 502.	[func]		On a SERVFAIL reply, DiG will now try the next server
			in the list, unless the +fail option is specified.

 501.	[bug]		Incorrect port numbers were being displayed by
			nslookup.  [RT #352]

922
 500.	[func]		Nearly useless +details option removed from DiG.
923
924
925
926
927
928
929

 499.	[func]		In DiG, specifying a class with -c or type with -t
			changes command-line parsing so that classes and
			types are only recognized if following -c or -t.
			This allows hosts with the same name as a class or
			type to be looked up.

930
931
932
 498.	[doc]		There is now a man page for "dig" 
			in doc/man/bin/dig.1.

933
934
935
936
 497.	[bug]		The error messages printed when an IP match list
			contained a network address with a nonzero host
			part where not sufficiently detailed. [RT #365]

937
 496.	[bug]		named didn't sanity check numeric parameters. [RT #361]
938

939
 495.	[bug]		nsupdate was unable to handle large records. [RT #368]
940

941
942
 494.	[func]		Do not cache NXDOMAIN responses for SOA queries.

943
944
945
946
947
 493.	[func]		Return non-cachable (ttl = 0) NXDOMAIN responses
			for SOA queries.  This makes it easier to locate
			the containing zone without polluting intermediate
			caches.

948
949
 492.	[bug]		attempting to reload a zone caused the server fail
			to shutdown cleanly. [RT #360]
950

951
 491.	[bug]		nsupdate would segfault when sending certain
952
			prerequisites with empty RDATA. [RT #356]
953

954
955
956
957
958
 490.	[func]		When a slave/stub zone has not yet successfully
			obtained an SOA containing the zone's configured
			retry time, perform the SOA query retries using
			exponential backoff. [RT #337]

959
960
 489.	[func]		The zone manager now has a "i/o" queue.

961
962
 488.	[bug]		Locks weren't properly destroyed in some cases.

963
964
 487.	[port]		flockfile() is not defined on all systems.

965
966
967
968
 486.	[bug]		nslookup: "set all" and "server" commands showed
			the incorrect port number if a port other than 53
			was specified. [RT #352]

969
970
971
972
 485.	[func]		When dig had more than one server to query, it would
			send all of the messages at the same time.  Add
			rate limiting of the transmitted messages.

973
974
975
976
977
 484.	[bug]		When the server was reloaded after removing addresses 
			from the named.conf "listen-on" statement, sockets
			were still listening on the removed addresses due
			to reference count loops. [RT #325]

978
979
 483.	[bug]		nslookup: "set all" showed a "search" option but it 
			was not settable.
980

981
982
983
 482.	[bug]		nslookup: a plain "server" or "lserver" should be
			treated as a lookup.

984
 481.	[bug]		nslookup:get_next_command() stack size could exceed
985
986
987
988
			per thread limit.

 480.	[bug]		strtok() is not thread safe. [RT #349]

989
990
991
 479.	[func]		The test suite can now be run by typing "make check"
			or "make test" at the top level.

992
993
994
 478.	[bug]		"make install" failed if the directory specified with
			--prefix did not already exist.

995
996
997
 477.	[bug]		The the isc-config.sh script could be installed before
			its directory was created. [RT #324]

998
999
 476.	[bug]		A zone could expire while a zone transfer was in
			progress triggering a INSIST failure. [RT #329]
Andreas Gustafsson's avatar
Andreas Gustafsson committed
1000

1001
1002
1003
1004
1005
1006
1007
 475.	[bug]		query_getzonedb() sometimes returned a non-null version
			on failure.  This caused assertion failures when
			generating query responses where names subject to
			additional section processing pointed to a zone
			to which access had been denied by means of the
			allow-query option. [RT #336]

1008
1009
1010
 474.	[bug]		The mnemonic of the CHAOS class is CH according to
			RFC1035, but it was printed and read only as CHAOS.
			We now accept both forms as input, and print it
Andreas Gustafsson's avatar
Andreas Gustafsson committed
1011
			as CH. [RT #305]
1012

Andreas Gustafsson's avatar
Andreas Gustafsson committed
1013
1014
1015
1016
 473.	[bug]		nsupdate overran the end of the list of name servers
			when no servers could be reached, typically causing 
			it to print the error message "dns_request_create:
			not implemented".
1017
1018
1019
1020

 472.	[bug]		Off-by-one error caused isc_time_add() to sometimes
			produce invalid time values.

1021
1022
 471.	[bug]		nsupdate didn't compile on HP/UX 10.20

Andreas Gustafsson's avatar
Andreas Gustafsson committed
1023
 470.	[func]		$GENERATE is now supported.  See also
1024
1025
			doc/misc/migration.

1026
1027
 469.	[bug]		"query-source address * port 53;" now works.

1028
1029
1030
1031
1032
1033
1034
1035
 468.	[bug]		dns_master_load*() failed to report file and line
			number in certain error conditions.

 467.	[bug]		dns_master_load*() failed to log an error if
			pushfile() failed.

 466.	[bug]		dns_master_load*() could return success when it failed.

1036
1037
 465.	[cleanup]	Allow 0 to be set as an omapi_value_t value by
			omapi_value_storeint().
Andreas Gustafsson's avatar
Andreas Gustafsson committed
1038

1039
 464.	[cleanup]	Build with openssl's RSA code instead of dnssafe.
1040

Andreas Gustafsson's avatar
Andreas Gustafsson committed
1041
1042
1043
 463.	[bug]		nsupdate sent malformed SOA queries to the second
			and subsequent name servers in resolv.conf if the
			query sent to the first one failed.
1044

1045
1046
 462.	[bug]		--disable-ipv6 should work now.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
1047
1048
1049
 461.	[bug]		Specifying an unknown key in the "keys" clause of the
			"controls" statement caused a NULL pointer dereference.
			[RT #316]
1050

1051
1052
 460.	[bug]		Much of the DNSSEC code only worked with class IN.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
1053
 459.	[bug]		Nslookup processed the "set" command incorrectly.
1054

1055
 458.	[bug]		Nslookup didn't properly check class and type values.
Michael Sawyer's avatar
Michael Sawyer committed
1056
			[RT #305]
1057

Andreas Gustafsson's avatar
Andreas Gustafsson committed
1058
1059
 457.	[bug]		Dig/host/hslookup didn't properly handle connect
			timeouts in certain situations, causing an 
Andreas Gustafsson's avatar
Andreas Gustafsson committed
1060
			unnecessary warning message to be printed.
1061

1062
1063
1064
 456.	[bug]		Stub zones were not resetting the refresh and expire
			counters, loadtime or clearing the DNS_ZONE_REFRESH
			(refresh in progress) flag upon successful update.
1065
1066
			This disabled further refreshing of the stub zone,
			causing it to eventually expire. [RT #300]
1067

1068
1069
1070
 455.	[doc]		Document IPv4 prefix notation does not require a
			dotted decimal quad but may be just dotted decimal.

1071
 454.	[bug]		Enforce dotted decimal and dotted decimal quad where
1072
			documented as such in named.conf. [RT #304, RT #311]
1073

1074
1075
1076
 453.	[bug]		Warn if the obsolete option "maintain-ixfr-base"
			is specified in named.conf. [RT #306]

1077
1078
1079
1080
 452.	[bug]		Warn if the unimplemented option "statistics-file"
			is specified in named.conf. [RT #301]

 451.	[func]		Update forwarding implememted.
1081
1082
1083

 450.	[func]		New function ns_client_sendraw().

1084
1085
1086
1087
1088
 449.	[bug]		isc_bitstring_copy() only works correctly if the
			two bitstrings have the same lsb0 value, but this
			requirement was not documented, nor was there a
			REQUIRE for it.

1089
 448.	[bug]		Host output formatting change, to match v8. [RT #255]
1090

1091
 447.	[bug]		Dig didn't properly retry in TCP mode after