CHANGES 207 KB
Newer Older
1
2
1977.	[bug]		Silence noisy log message. [RT #15704]

3
4
1976.	[bug]		Handle systems with no IPv4 addresses. [RT #15695]

5
6
7
1975.	[bug]		libbind: isc_gethexstring() could misparse multi-line
			hex strings with comments. [RT #15814]

8
9
10
1974.	[doc]		List each of the zone types and associated zone
			options seperately in the ARM.

11
12
13
1973.	[func]		TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
			HMACSHA512 support. [RT #13606]

14
15
16
1972.	[contrib]	DBUS dynamic forwarders integation from
			Jason Vas Dias <jvdias@redhat.com>.

17
18
19
1971.	[port]		linux: make detection of missing IF_NAMESIZE more
                        robust. [RT #15443]

20
21
22
1970.	[bug]		nsupdate: adjust UDP timeout when falling back to
			unsigned SOA query. [RT #15775]

23
24
25
1969.	[bug]		win32: the socket code was freeing the socket
			structure too early. [RT #15776]

26
27
1968.	[bug]		Missing lock in resolver.c:validated(). [RT #15739]

28
29
1967.	[func]		dig/nslookup/host: warn about missing "QR". [RT #15779]

Mark Andrews's avatar
Mark Andrews committed
30
1966.	[bug]		Don't set CD when we have fallen back to plain DNS.
31
32
			[RT #15727]

33
34
35
1965.	[func]		Suppress spurious "recusion requested but not
			available" warning with 'dig +qr'. [RT #15780].

36
37
1964.	[func]		Seperate out MX and SRV to CNAME checks. [RT #15723]

38
39
40
1963.	[port]		Tru64 4.0E doesn't support send() and recv(). 
			[RT #15586]

41
42
43
1962.	[bug]		Named failed to clear old update-policy when it
			was removed. [RT #15491]

44
45
46
1961.	[bug]		Check the port and address of responses forwarded
			to dispatch. [RT #15474]

47
48
49
1960.	[bug]		Update code should set NSEC ttls from SOA MINIMUM.
			[RT #15465]

50
51
52
53
1959.	[func]		Control the zeroing of the negative response TTL to
			a soa query.  Defaults "zero-no-soa-ttl yes;" and
			"zero-no-soa-ttl-cache no;". [RT #15460]

54
55
56
1958.	[bug]		Named failed to update the zone's secure state
			until the zone was reloaded. [RT #15412]

57
58
59
1957.	[bug]		Dig mishandled responses to class ANY queries.
			[RT #15402]

60
61
62
63
1956.	[bug]		Improve cross compile support, 'gen' is now built
			by native compiler.  See README for additional
			cross compile support information. [RT #15148]

64
65
1955.	[bug]		Pre-allocate the cache cleaning interator. [RT #14998]

Mark Andrews's avatar
Mark Andrews committed
66
1954.	[func]		Named now falls back to advertising EDNS with a
67
68
69
			512 byte receive buffer if the initial EDNS queries
			fail.  [RT #14852]

Mark Andrews's avatar
Mark Andrews committed
70
1953.	[func]		The maximum EDNS UDP response named will send can
71
72
73
74
			now be set in named.conf (max-udp-size).  This is
			independent of the advertised receive buffer
			(edns-udp-size). [RT #14852]

75
76
77
1952.	[port]		hpux: tell the linker to build a runtime link
			path "-Wl,+b:". [RT #14816].

78
79
80
81
1951.	[security]	Drop queries from particular well known ports.
			Don't return FORMERR to queries from particular
			well known ports.  [RT #15636]
			
82
83
84
85
1950.	[port]		Solaris 2.5.1 and earlier cannot bind() then connect()
			a TCP socket. This prevents the source address being
			set for TCP connections. [RT #15628]

86
87
1949.	[func]		Addition memory leakage checks. [RT #15544]

88
89
90
91
1948.	[bug]		If was possible to trigger a REQUIRE failure in
			xfrin.c:maybe_free() if named ran out of memory.
			[RT #15568]

92
93
94
95
96
1947.	[func]		It is now possible to configure named to accept
			expired RRSIGs.  Default "dnssec-accept-expired no;".
			Setting "dnssec-accept-expired yes;" leaves named
			vulnerable to replay attacks.  [RT #14685]

97
98
99
1946.	[bug]		resume_dslookup() could trigger a REQUIRE failure
			when using forwarders. [RT #15549]

100
101
102
103
1945.	[cleanup]	dnssec-keygen: RSA (RSAMD5) is nolonger recommended.
			To generate a RSAMD5 key you must explictly request
			RSAMD5. [RT #13780]
			
104
105
106
1944.	[cleanup]	isc_hash_create() does not need a read/write lock.
			[RT #15522]

Mark Andrews's avatar
Mark Andrews committed
107
1943.	[bug]		Set the loadtime after rolling forward the journal.
108
109
			[RT #15647]

110
111
112
113
1942.	[bug]		If the name of a DNSKEY match that of one in
			trusted-keys do not attempt to validate the DNSKEY
			using the parents DS RRset. [RT #15649]

114
115
116
1941.	[bug]		ncache_adderesult() should set eresult even if no
			rdataset is passed to it. [RT #15642]

117
118
119
1940.	[bug]		Fixed a number of error conditions reported by
			Coverity.

120
121
122
123
124
125
126
1939.	[bug]		The resolver could dereference a null pointer after
			validation if all the queries have timed out.
			[RT #15528]

1938.	[bug]		The validator was not correctly handling unsecure
			negative responses at or below a SEP. [RT #15528]

127
128
1937.	[bug]		sdlz doesn't handle RRSIG records. [RT #15564]

Mark Andrews's avatar
Mark Andrews committed
129
1936.	[bug]		The validator could leak memory. [RT #15544]
130

131
132
133
134
135
136
1935.	[bug]		'acache' was DO sensitive. [RT #15430]

1934.	[func]		Validate pending NS RRsets, in the authority section,
			prior to returning them if it can be done without
			requiring DNSKEYs to be fetched.  [RT #15430]

Mark Andrews's avatar
Mark Andrews committed
137
1933.	[bug]		dump_rdataset_raw() had a incorrect INSIST. [RT #15534]
138

139
140
1932.	[bug]		hpux: LDFLAGS was getting corrupted. [RT #15530]

141
142
1931.	[bug]		Per-client mctx could require a huge amount of memory,
			particularly for a busy caching server. [RT #15519]
143

144
145
146
147
1930.	[port]		HPUX: ia64 support. [RT #15473]

1929.	[port]		FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.

148
149
1928.	[bug]		Race in rbtdb.c:currentversion(). [RT #15517]

150
151
152
1927.	[bug]		Access to soanode or nsnode in rbtdb violated the
			lock order rule and could cause a dead lock.
			[RT# 15518]
153

154
1926.	[bug]		The Windows installer did not check for empty
155
156
			passwords.  BINDinstall was being installed in
			the wrong place. [RT #15483]
157

158
159
160
1925.	[port]		All outer level AC_TRY_RUNs need cross compiling
			defaults. [RT #15469]

161
162
1924.	[port]		libbind: hpux ia64 support. [RT #15473]

163
164
1923.	[bug]		ns_client_detach() called too early. [RT #15499]

165
166
167
1922.	[bug]		check-tool.c:setup_logging() missing call to
			dns_log_setcontext().

Mark Andrews's avatar
Mark Andrews committed
168
1921.	[bug]		Client memory contexts were not using internal
169
170
			malloc. [RT# 15434]

Mark Andrews's avatar
update    
Mark Andrews committed
171
1920.	[bug]		The cache rbtdb lock array was too small to
172
173
174
			have the desired performance characteristics.
			[RT #15454]

175
176
177
1919.	[contrib]	queryperf: a set of new features: collecting/printing
			response delays, printing intermediate results, and
			adjusting query rate for the "target" qps.
178

179
180
1918.	[bug]		Memory leak when checking acls. [RT #15391]

181
182
183
1917.	[doc]		funcsynopsisinfo wasn't being treated as verbatim
			when generating man pages. [RT #15385]

184
185
1916.	[func]		Integrate contibuted IDN code from JPNIC. [RT #15383]

186
187
1915.	[bug]		dig +ndots was broken. [RT #15215]

188
189
190
191
1914.	[protocol]	DS is required to accept mnemonic algorithms
			(RFC 4034).  Still emit numeric algorithms for
			compatability with RFC 3658. [RT #15354]

192
193
1913.	[func]		Integrate contibuted DLZ code into named. [RT #11382]

Mark Andrews's avatar
Mark Andrews committed
194
1912.	[port]		aix: atomic locking for powerpc. [RT #15020]
195

Mark Andrews's avatar
Mark Andrews committed
196
1911.	[bug]		Update windows socket code. [RT #14965]
197

Mark Andrews's avatar
Mark Andrews committed
198
1910.	[bug]		dig's +sigchase code overhauled. [RT #14933]
199

Mark Andrews's avatar
Mark Andrews committed
200
1909.	[bug]		The DLV code has been re-worked to make no longer
201
202
			query order sensitive. [RT #14933]

Mark Andrews's avatar
Mark Andrews committed
203
1908.	[func]		dig now warns if 'RA' is not set in the answer when
204
205
206
207
			'RD' was set in the query.  host/nslookup skip servers
			that fail to set 'RA' when 'RD' is set unless a server
			is explicitly set.  [RT #15005]

Mark Andrews's avatar
Mark Andrews committed
208
1907.	[func]		host/nslookup now continue (default)/fail on SERVFAIL.
209
210
			[RT #15006]

Mark Andrews's avatar
Mark Andrews committed
211
1906.	[func]		dig now has a '-q queryname' and '+showsearch' options.
212
213
			[RT #15034]

Mark Andrews's avatar
Mark Andrews committed
214
1905.	[bug]		Strings returned from cfg_obj_asstring() should be
215
216
217
218
			treated as read-only.  The prototype for 
			cfg_obj_asstring() has been updated to reflect this.
			[RT #15256]

Mark Andrews's avatar
Mark Andrews committed
219
1904.	[func]		Automatic empty zone creation for D.F.IP6.ARPA and
220
221
222
223
224
225
			friends.  Note: RFC 1918 zones are not yet covered by
			this but are likely to be in a future release.

			New options: empty-server, empty-contact,
			empty-zones-enable and disable-empty-zone.

Mark Andrews's avatar
Mark Andrews committed
226
1903.	[func]		ISC string copy API.
227

Mark Andrews's avatar
Mark Andrews committed
228
1902.	[func]		Attempt to make the amount of work performed in a
229
230
231
232
233
234
			iteration self tuning.  The covers nodes clean from
			the cache per iteration, nodes written to disk when
			rewriting a master file and nodes destroyed per
			iteration when destroying a zone or a cache.
			[RT #14996]

Mark Andrews's avatar
Mark Andrews committed
235
1901.	[cleanup]	Don't add DNSKEY records to the additional section.
236

Mark Andrews's avatar
Mark Andrews committed
237
1900.	[bug]		ixfr-from-differences failed to ensure that the
238
239
			serial number increased. [RT #15036]

Mark Andrews's avatar
Mark Andrews committed
240
1899.	[func]		named-checkconf now validates update-policy entries.
241
242
			[RT #14963]

Mark Andrews's avatar
Mark Andrews committed
243
1898.	[bug]		Extend ISC_SOCKADDR_FORMATSIZE and
244
245
			ISC_NETADDR_FORMATSIZE to allow for scope details.

Mark Andrews's avatar
Mark Andrews committed
246
1897.	[func]		x86 and x86_64 now have seperate atomic locking
247
248
			implementations.

Mark Andrews's avatar
Mark Andrews committed
249
1896.	[bug]		Recursive clients soft quota support wasn't working
250
251
			as expected. [RT #15103]

Mark Andrews's avatar
Mark Andrews committed
252
1895.	[bug]		A escaped character is, potentially, converted to
253
254
			the output character set too early. [RT #14666]

Mark Andrews's avatar
Mark Andrews committed
255
1894.	[doc]		Review ARM for BIND 9.4.
256

Mark Andrews's avatar
Mark Andrews committed
257
1893.	[port]		Use uintptr_t if available. [RT #14606]
258

Mark Andrews's avatar
Mark Andrews committed
259
1892.	[func]		Support for SPF rdata type. [RT #15033]
260

Mark Andrews's avatar
Mark Andrews committed
261
1891.	[port]		freebsd: pthread_mutex_init can fail if it runs out
262
263
			of memory. [RT #14995]

Mark Andrews's avatar
Mark Andrews committed
264
1890.	[func]		Raise the UDP recieve buffer size to 32k if it is
265
266
			less than 32k. [RT #14953]

Mark Andrews's avatar
Mark Andrews committed
267
1889.	[port]		sunos: non blocking i/o support. [RT #14951]
268

Mark Andrews's avatar
Mark Andrews committed
269
1888.	[func]		Support for IPSECKEY rdata type. [RT #14967]
270

Mark Andrews's avatar
Mark Andrews committed
271
1887.	[bug]		The cache could delete expired records too fast for
272
273
			clients with a virtual time in the past. [RT #14991]

Mark Andrews's avatar
Mark Andrews committed
274
1886.	[bug]		fctx_create() could return success even though it
275
276
			failed. [RT #14993]

Mark Andrews's avatar
Mark Andrews committed
277
1885.	[func]		dig: report the number of extra bytes still left in
278
279
			the packet after processing all the records.

Mark Andrews's avatar
Mark Andrews committed
280
1884.	[cleanup]	dighost.c: move external declarations into <dig/dig.h>.
281

Mark Andrews's avatar
Mark Andrews committed
282
1883.	[bug]		dnssec-signzone, dnssec-keygen: handle negative debug
283
284
			levels. [RT #14962]

Mark Andrews's avatar
Mark Andrews committed
285
1882.	[func]		Limit the number of recursive clients that can be
286
287
288
289
			waiting for a single query (<qname,qtype,qclass>) to
			resolve.  New options clients-per-query and
			max-clients-per-query.

Mark Andrews's avatar
Mark Andrews committed
290
1881.	[func]		Add a system test for named-checkconf. [RT #14931]
291

Mark Andrews's avatar
Mark Andrews committed
292
1880.	[func]		The lame cache is now done on a <qname,qclass,qtype>
293
294
295
			basis as some servers only appear to be lame for
			certain query types.  [RT #14916]

Mark Andrews's avatar
Mark Andrews committed
296
1879.	[func]		"USE INTERNAL MALLOC" is now runtime selectable.
297
298
			[RT #14892]

Mark Andrews's avatar
Mark Andrews committed
299
1878.	[func]		Detect duplicates of UDP queries we are recursing on
300
			and drop them.  New stats category "duplicates".
301
			[RT #2471]
302

Mark Andrews's avatar
Mark Andrews committed
303
1877.	[bug]		Fix unreasonably low quantum on call to
304
305
306
			dns_rbt_destroy2().  Remove unnecessay unhash_node()
			call. [RT #14919]

Mark Andrews's avatar
Mark Andrews committed
307
1876.	[func]		Additional memory debugging support to track size
Mark Andrews's avatar
Mark Andrews committed
308
			and mctx arguments. [RT #14814]
309

Mark Andrews's avatar
Mark Andrews committed
310
1875.	[bug]		process_dhtkey() was using the wrong memory context
311
312
			to free some memory. [RT #14890]

Mark Andrews's avatar
Mark Andrews committed
313
1874.	[port]		sunos: portability fixes. [RT #14814]
314

Mark Andrews's avatar
Mark Andrews committed
315
1873.	[port]		win32: isc__errno2result() now reports its caller.
316
317
			[RT #13753]

Mark Andrews's avatar
Mark Andrews committed
318
1872.	[port]		win32: Handle ERROR_NETNAME_DELETED.  [RT #13753]
319

Mark Andrews's avatar
Mark Andrews committed
320
1871.	[placeholder]
321

Mark Andrews's avatar
Mark Andrews committed
322
1870.	[func]		Added framework for handling multiple EDNS versions.
323
			[RT #14873]
324

Mark Andrews's avatar
Mark Andrews committed
325
1869.	[func]		dig can now specify the EDNS version when making
326
			a query. [RT #14873]
327

328
329
1868.	[func]		edns-udp-size can now be overridden on a per
			server basis. [RT #14851]
Mark Andrews's avatar
Mark Andrews committed
330

331
332
1867.	[bug]		It was possible to trigger a INSIST in
			dlv_validatezonekey(). [RT #14846]
Mark Andrews's avatar
Mark Andrews committed
333

334
335
1866.	[bug]		resolv.conf parse errors were being ignored by
			dig/host/nslookup. [RT #14841]
Mark Andrews's avatar
Mark Andrews committed
336

337
338
1865.	[bug]		Silently ignore nameservers in /etc/resolv.conf with
			bad addresses. [RT #14841]
Mark Andrews's avatar
Mark Andrews committed
339

340
341
342
1864.	[bug]		Don't try the alternative transfer source if you
			got a answer / transfer with the main source
			address. [RT #14802]
Mark Andrews's avatar
Mark Andrews committed
343

344
345
1863.	[bug]		rrset-order "fixed" error messages not complete.

346
347
348
349
350
351
352
1862.	[func]		Add additional zone data constancy checks.
			named-checkzone has extended checking of NS, MX and 
			SRV record and the hosts they reference.
			named has extended post zone load checks.
			New zone options: check-mx and integrity-check. 
			[RT #4940]

353
354
1861.	[bug]		dig could trigger a INSIST on certain malformed
			responses. [RT #14801]
Mark Andrews's avatar
Mark Andrews committed
355

356
357
1860.	[port]		solaris 2.8: hack_shutup_pthreadmutexinit was
			incorrectly set. [RT #14775]
Mark Andrews's avatar
Mark Andrews committed
358

359
1859.	[func]		Add support for CH A record. [RT #14695]
Mark Andrews's avatar
Mark Andrews committed
360

361
362
363
1858.	[bug]		The flush-zones-on-shutdown option wasn't being
			parsed. [RT #14686]

364
365
1857.	[bug]		named could trigger a INSIST() if reconfigured /
			reloaded too fast.  [RT #14673]
Mark Andrews's avatar
Mark Andrews committed
366

Rob Austein's avatar
regen    
Rob Austein committed
367
368
369
1856.	[doc]		Switch Docbook toolchain from DSSSL to XSL.
			[RT #11398]

370
371
372
1855.	[bug]		ixfr-from-differences was failing to detect changes
			of ttl due to dns_diff_subtract() was ignoring the ttl
			of records.  [RT #14616]
Mark Andrews's avatar
Mark Andrews committed
373

374
375
376
1854.	[bug]		lwres also needs to know the print format for
			(long long).  [RT #13754]

377
378
379
1853.	[bug]		Rework how DLV interacts with proveunsecure().
			[RT #13605]

380
381
382
1852.	[cleanup]	Remove last vestiges of dnssec-signkey and
			dnssec-makekeyset (removed from Makefile years ago).

383
384
1851.	[doc]		Doxygen comment markup. [RT #11398]

385
386
1850.	[bug]		Memory leak in lwres_getipnodebyaddr(). [RT #14591]

387
388
389
1849.	[doc]		All forms of the man pages (docbook, man, html) should
			have consistant copyright dates.

390
391
1848.	[bug]		Improve SMF integration. [RT #13238]

392
1847.	[bug]		isc_ondestroy_init() is called too late in
Mark Andrews's avatar
Mark Andrews committed
393
			dns_rbtdb_create()/dns_rbtdb64_create(). 
394
395
			[RT #13661]
			
396
397
398
1846.	[contrib]	query-loc-0.3.0 from Stephane Bortzmeyer
			<bortzmeyer@nic.fr>.

399
400
401
1845.	[bug]		Improve error reporting to distingish between
			accept()/fcntl() and socket()/fcntl() errors.
			[RT #13745]
Mark Andrews's avatar
Mark Andrews committed
402

403
404
405
406
407
408
1844.	[bug]		inet_pton() accepted more that 4 hexadecimal digits
			for each 16 bit piece of the IPv6 address.  The text
			representation of a IPv6 address has been tighted
			to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
			[RT #5662]

409
410
411
412
413
1843.	[cleanup]	CINCLUDES takes precedence over CFLAGS.  This helps
			when CFLAGS contains "-I /usr/local/include"
			resulting in old header files being used.

1842.	[port]		cmsg_len() could produce incorrect results on
414
415
			some platform. [RT #13744]

416
417
1841.	[bug]		"dig +nssearch" now makes a recursive query to
			find the list of nameservers to query. [RT #13694]
Mark Andrews's avatar
Mark Andrews committed
418

Mark Andrews's avatar
Mark Andrews committed
419
1840.	[func]		dnssec-signzone can now randomize signature end times
420
421
			(dnssec-signzone -j jitter). [RT #13609]

422
423
1839.	[bug]		<isc/hash.h> was not being installed.

424
425
1838.	[cleanup]	Don't allow Linux capabilities to be inherited.
			[RT #13707]
Mark Andrews's avatar
Mark Andrews committed
426

427
428
1837.	[bug]		Compile time option ISC_FACILITY was not effective
			for 'named -u <user>'.  [RT #13714]
Mark Andrews's avatar
Mark Andrews committed
429

430
431
1836.	[cleanup]	Silence compiler warnings in hash_test.c.

432
433
1835.	[bug]		Update dnssec-signzone's usage message. [RT #13657]

434
435
1834.	[bug]		Bad memset in rdata_test.c. [RT #13658]

436
437
1833.	[bug]		Race condition in isc_mutex_lock_profile(). [RT #13660]

438
439
440
1832.	[bug]		named fails to return BADKEY on unknown TSIG algorithm.
			[RT #13620]

441
442
1831.	[doc]		Update named-checkzone documentation. [RT#13604]

443
444
1830.	[bug]		adb lame cache has sence of test reversed. [RT #13600]

445
446
1829.	[bug]		win32: "pid-file none;" broken. [RT #13563]

447
448
449
1828.	[bug]		isc_rwlock_init() failed to properly cleanup if it
			encountered a error. [RT #13549]

450
451
1827.	[bug]		host: update usage message for '-a'. [RT #37116]

452
453
454
455
456
1826.	[bug]		Missing DESTROYLOCK() in isc_mem_createx() on out
			of memory error. [RT #13537]

1825.	[bug]		Missing UNLOCK() on out of memory error from in
			rbtdb.c:subtractrdataset(). [RT #13519]
457

458
459
460
1824.	[bug]		Memory leak on dns_zone_setdbtype() failure.
			[RT #13510]

461
462
463
1823.	[bug]		Wrong macro used to check for point to point interface.
			[RT#13418]

464
465
1822.	[bug]		check-names test for RT was reversed. [RT #13382]

Mark Andrews's avatar
Mark Andrews committed
466
467
1821.	[placeholder]

468
1820.	[bug]		Gracefully handle acl loops. [RT #13659]
Mark Andrews's avatar
Mark Andrews committed
469

470
471
472
473
1819.	[bug]		The validator needed to check both the algorithm and
			digest types of the DS to determine if it could be
			used to introduce a secure zone. [RT #13593]

474
475
1818.	[bug]		'named-checkconf -z' triggered an INSIST. [RT #13599]

476
1817.	[func]		Add support for additional zone file formats for
477
478
			improving loading performance.  The masterfile-format
			option in named.conf can be used to specify a
479
			non-default format.  A separate command
480
			named-compilezone was provided to generate zone files
481
482
483
			in the new format.  Additionally, the -I and -O options
			for dnssec-signzone specify the input and output
			formats.
484

485
486
1816.	[port]		UnixWare: failed to compile lib/isc/unix/net.c.
			[RT #13597]
Mark Andrews's avatar
Mark Andrews committed
487

488
489
490
1815.	[bug]		nsupdate triggered a REQUIRE if the server was set
			without also setting the zone and it encountered
			a CNAME and was using TSIG.  [RT #13086]
Mark Andrews's avatar
Mark Andrews committed
491

492
1814.	[func]		UNIX domain controls are now supported.
Mark Andrews's avatar
Mark Andrews committed
493

494
495
496
497
1813.	[func]		Restructured the data locking framework using
			architecture dependent atomic operations (when
			available), improving response performance on
			multi-processor machines significantly.
498
			x86, x86_64, alpha, powerpc, and mips are currently
499
			supported.
500

501
502
503
1812.	[port]		win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
			[RT #13453]

504
505
1811.	[func]		Preserve the case of domain names in rdata during
			zone transfers. [RT #13547]
Mark Andrews's avatar
Mark Andrews committed
506

507
508
509
1810.	[bug]		configure, lib/bind/configure make different default
			decisions about whether to do a threaded build.
			[RT #13212]
Mark Andrews's avatar
Mark Andrews committed
510

511
512
1809.	[bug]		"make distclean" failed for libbind if the platform
			is not supported.
Mark Andrews's avatar
Mark Andrews committed
513

514
515
1808.	[bug]		zone.c:notify_zone() contained a race condition,
			zone->db could change underneath it.  [RT #13511]
Mark Andrews's avatar
Mark Andrews committed
516

517
518
1807.	[bug]		When forwarding (forward only) set the active domain
			from the forward zone name. [RT #13526]
Mark Andrews's avatar
Mark Andrews committed
519

520
521
522
1806.	[bug]		The resolver returned the wrong result when a CNAME /
			DNAME was encountered when fetching glue from a
			secure namespace. [RT #13501]
Mark Andrews's avatar
Mark Andrews committed
523

524
525
1805.	[bug]		Pending status was not being cleared when DLV was
			active. [RT #13501]
Mark Andrews's avatar
Mark Andrews committed
526

527
528
529
1804.	[bug]		Ensure that if we are queried for glue that it fits
			in the additional section or TC is set to tell the
			client to retry using TCP. [RT #10114]
Mark Andrews's avatar
Mark Andrews committed
530

531
532
1803.	[bug]		dnssec-signzone sometimes failed to remove old
			RRSIGs. [RT #13483]
Mark Andrews's avatar
Mark Andrews committed
533

534
1802.	[bug]		Handle connection resets better. [RT #11280]
Mark Andrews's avatar
Mark Andrews committed
535

536
537
1801.	[func]		Report differences between hints and real NS rrset
			and associated address records.
Mark Andrews's avatar
Mark Andrews committed
538

539
540
541
1800.	[bug]		Changes #1719 allowed a INSIST to be triggered.
			[RT #13428]

542
543
1799.	[bug]		'rndc flushname' failed to flush negative cache
			entries. [RT #13438]
Mark Andrews's avatar
Mark Andrews committed
544

545
546
1798.	[func]		The server syntax has been extended to support a
			range of servers.  [RT #11132]
Mark Andrews's avatar
Mark Andrews committed
547

548
549
550
1797.	[func]		named-checkconf now check acls to verify that they
			only refer to existing acls. [RT #13101]

551
1796.	[func]		"rndc freeze/thaw" now freezes/thaws all zones.
Mark Andrews's avatar
Mark Andrews committed
552

Mark Andrews's avatar
Mark Andrews committed
553
1795.	[bug]		"rndc dumpdb" was not fully documented.  Minor
554
			formating issues with "rndc dumpdb -all".  [RT #13396]
Mark Andrews's avatar
Mark Andrews committed
555

556
557
1794.	[func]		Named and named-checkzone can now both check for
			non-terminal wildcard records.
Mark Andrews's avatar
Mark Andrews committed
558

559
1793.	[func]		Extend adjusting TTL warning messages. [RT #13378]
Mark Andrews's avatar
Mark Andrews committed
560

561
562
1792.	[func]		New zone option "notify-delay".  Specify a minimum
			delay between sets of NOTIFY messages.
Mark Andrews's avatar
Mark Andrews committed
563

564
565
1791.	[bug]		'host -t a' still printed out AAAA and MX records.
			[RT #13230]
Mark Andrews's avatar
Mark Andrews committed
566

567
568
569
1790.	[cleanup]	Move lib/dns/sec/dst up into lib/dns.  This should
			allow parallel make to succeed.

570
571
572
1789.	[bug]		Prerequisite test for tkey and dnssec could fail
			with "configure --with-libtool".

573
574
575
1788.	[bug]		libbind9.la/libbind9.so needs to link against
			libisccfg.la/libisccfg.so.

576
577
1787.	[port]		HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.

578
579
580
581
1786.	[port]		AIX: libt_api needs to be taught to look for
			T_testlist in the main executable (--with-libtool).
			[RT #13239]

582
583
584
1785.	[bug]		libbind9.la/libbind9.so needs to link against
			libisc.la/libisc.so.

585
586
587
588
1784.	[cleanup]	"libtool -allow-undefined" is the default.
			Leave hooks in configure to allow it to be set
			if needed in the future.

589
590
591
1783.	[cleanup]	We only need one copy of libtool.m4, ltmain.sh in the
			source tree.

592
593
1782.	[port]		OSX: --with-libtool + --enable-libbind broke on
			__evOptMonoTime.  [RT #13219]
Mark Andrews's avatar
Mark Andrews committed
594

595
1781.	[port]		FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
Mark Andrews's avatar
Mark Andrews committed
596

597
598
1780.	[bug]		Update libtool to 1.5.10.

599
600
1779.	[port]		OSF 5.1: libtool didn't handle -pthread correctly.

601
602
603
1778.   [port]   	HUX 11.11: fix broken IN6ADDR_ANY_INIT and
			IN6ADDR_LOOPBACK_INIT macros.

604
605
1777.   [port]   	OSF 5.1: fix broken IN6ADDR_ANY_INIT and
			IN6ADDR_LOOPBACK_INIT macros.
606

607
608
1776.   [port]   	Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
                        IN6ADDR_LOOPBACK_INIT macros.
Mark Andrews's avatar
Mark Andrews committed
609

610
611
1775.	[bug]		Only compile getnetent_r.c when threaded. [RT #13205]

612
613
1774.	[port]		Aix: Silence compiler warnings / build failures.
			[RT #13154]
Mark Andrews's avatar
Mark Andrews committed
614

615
1773.	[bug]		Fast retry on host / net unreachable. [RT #13153]
Mark Andrews's avatar
Mark Andrews committed
616

Mark Andrews's avatar
Mark Andrews committed
617
618
1772.	[placeholder]

Mark Andrews's avatar
Mark Andrews committed
619
620
1771.	[placeholder]

621
622
623
1770.	[bug]		named-checkconf failed to report missing a missing
			file clause for rbt{64} master/hint zones. [RT#13009]

624
625
626
1769.	[port]		win32: change compiler flags /MTd ==> /MDd,
			/MT ==> /MD.

627
628
629
1768.	[bug]		nsecnoexistnodata() could be called with a non-NSEC
			rdataset. [RT #12907]

630
631
1767.	[port]		Builds on IPv6 platforms without IPv6 Advanced API
			support for (struct in6_pktinfo) failed.  [RT #13077]
Mark Andrews's avatar
Mark Andrews committed
632

633
634
1766.	[bug]		Update the master file timestamp on successful refresh
			as well as the journal's timestamp. [RT# 13062]
Mark Andrews's avatar
Mark Andrews committed
635

636
637
1765.	[bug]		configure --with-openssl=auto failed. [RT #12937]

638
639
640
1764.	[bug]		dns_zone_replacedb failed to emit a error message
			if there was no SOA record in the replacment db.
			[RT #13016]
Mark Andrews's avatar
Mark Andrews committed
641

642
643
1763.	[func]		Perform sanity checks on NS records which refer to
			'in zone' names. [RT #13002]
Mark Andrews's avatar
Mark Andrews committed
644

645
646
1762.	[bug]		isc_interfaceiter_create() could return ISC_R_SUCCESS
			even when it failed. [RT #12995]
Mark Andrews's avatar
Mark Andrews committed
647

648
649
1761.	[bug]		'rndc dumpdb' didn't report unassociated entries.
			[RT #12971]
Mark Andrews's avatar
Mark Andrews committed
650

651
652
1760.	[bug]		Host / net unreachable was not penalising rtt
			estimates. [RT #12970]
Mark Andrews's avatar
Mark Andrews committed
653

654
655
1759.	[bug]		Named failed to startup if the OS supported IPv6
			but had no IPv6 interfaces configured. [RT #12942]
Mark Andrews's avatar
Mark Andrews committed
656

657
1758.	[func]		Don't send notify messages to self. [RT #12933]
Mark Andrews's avatar
Mark Andrews committed
658

659
1757.	[func]		host now can turn on memory debugging flags with '-m'.
Mark Andrews's avatar
Mark Andrews committed
660

661
662
1756.	[func]		named-checkconf now checks the logging configuration.
			[RT #12352]
Mark Andrews's avatar
Mark Andrews committed
663

664
665
1755.	[func]		allow-update is now settable at the options / view
			level. [RT #6636]
Mark Andrews's avatar
Mark Andrews committed
666

667
668
669
1754.	[bug]		We wern't always attempting to query the parent
			server for the DS records at the zone cut.
			[RT #12774]
Mark Andrews's avatar
Mark Andrews committed
670

671
672
673
1753.	[bug]		Don't serve a slave zone which has no NS records.
			[RT #12894]

674
675
676
677
1752.	[port]		Move isc_app_start() to after ns_os_daemonise()
			as some fork() implementations unblock the signals
			that are blocked by isc_app_start(). [RT #12810]

678
679
1751.	[bug]		--enable-getifaddrs failed under linux. [RT #12867]

680
681
682
1750.	[port]		lib/bind/make/rules.in:subdirs was not bash friendly.
			[RT #12864]

683
684
1749.	[bug]		'check-names response ignore;' failed to ignore.
			[RT #12866]
Mark Andrews's avatar
Mark Andrews committed
685

686
687
1748.	[func]		dig now returns the byte count for axfr/ixfr.
			
688
689
690
1747.	[bug]		BIND 8 compatability: named/named-checkconf failed
			to parse "host-statistics-max" in named.conf.

Mark Andrews's avatar
Mark Andrews committed
691
1746.	[func]		Make public the function to read a key file,
692
693
			dst_key_read_public(). [RT #12450]

694
695
696
1745.	[bug]		Dig/host/nslookup accept replies from link locals
			regardless of scope if no scope was specified when
			query was sent. [RT #12745]
Mark Andrews's avatar
Mark Andrews committed
697

698
699
700
1744.	[bug]		If tuple2msgname() failed to convert a tuple to
			a name a REQUIRE could be triggered. [RT #12796]

701
1743.	[bug]		If isc_taskmgr_create() was not able to create the
702
703
704
705
			requested number of worker threads then destruction
			of the manager would trigger an INSIST() failure.
			[RT #12790]
			
706
707
708
709
710
1742.	[bug]		Deleting all records at a node then adding a
			previously existing record, in a single UPDATE
			transaction, failed to leave / regenerate the
			associated RRSIG records. [RT #12788]

711
712
713
1741.	[bug]		Deleting all records at a node in a secure zone
			using a update-policy grant failed. [RT #12787]

714
715
716
717
718
719
1740.	[bug]		Replace rbt's hash algorithm as it performed badly
			with certain zones. [RT #12729]
			
			NOTE: a hash context now needs to be established
			via isc_hash_create() if the application was not
			already doing this.
Mark Andrews's avatar
Mark Andrews committed
720

721
722
1739.	[bug]		dns_rbt_deletetree() could incorrectly return
			ISC_R_QUOTA.  [RT #12695]
Mark Andrews's avatar
Mark Andrews committed
723

724
1738.	[bug]		Enable overrun checking by default. [RT #12695]
Mark Andrews's avatar
Mark Andrews committed
725

Mark Andrews's avatar
Mark Andrews committed
726
1737.	[bug]		named failed if more than 16 masters were specified.
727
728
			[RT #12627]

729
730
731
1736.	[bug]		dst_key_fromnamedfile() could fail to read a
			public key. [RT #12687]
			
732
733
734
1735.	[bug]		'dig +sigtrace' could die with a REQUIRE failure.
			[RE #12688]

735
736
737
1734.	[cleanup]	'rndc-confgen -a -t' remove extra '/' in path.
			[RT #12588]

738
739
1733.	[bug]		Return non-zero exit status on initial load failure.
			[RT #12658]
Mark Andrews's avatar
Mark Andrews committed
740

741
742
1732.	[bug]		'rrset-order name "*"' wasn't being applied to ".".
			[RT #12467]
Mark Andrews's avatar
Mark Andrews committed
743

744
745
1731.	[port]		darwin: relax version test in ifconfig.sh.
			[RT #12581]
Mark Andrews's avatar
Mark Andrews committed
746

747
748
1730.	[port]		Determine the length type used by the socket API.
			[RT #12581]
Mark Andrews's avatar
Mark Andrews committed
749

750
1729.	[func]		Improve check-names error messages.
Mark Andrews's avatar
Mark Andrews committed
751

752
1728.	[doc]		Update check-names documentation.
Mark Andrews's avatar
Mark Andrews committed
753

754
755
1727.	[bug]		named-checkzone: check-names support didn't match
			documentation.
Mark Andrews's avatar
Mark Andrews committed
756

Mark Andrews's avatar
Mark Andrews committed
757
1726.	[port]		aix5: add support for aix5.
Mark Andrews's avatar
aix5    
Mark Andrews committed
758

759
760
1725.	[port]		linux: update error message on interaction of threads,
			capabilities and setuid support (named -u). [RT #12541]
Mark Andrews's avatar
Mark Andrews committed
761

762
763
1724.	[bug]		Look for DNSKEY records with "dig +sigtrace".
			[RT #12557]
Mark Andrews's avatar
Mark Andrews committed
764

765
766
1723.	[cleanup]	Silence compiler warnings from t_tasks.c. [RT #12493]

767
768
1722.	[bug]		Don't commit the journal on malformed ixfr streams.
			[RT #12519]
Mark Andrews's avatar
Mark Andrews committed
769

770
771
1721.	[bug]		Error message from the journal processing were not
			always identifing the relevent journal. [RT #12519]
Mark Andrews's avatar
Mark Andrews committed
772

773
774
1720.	[bug]		'dig +chase' did not terminate on a RFC 2308 Type 1
			negative response. [RT #12506]
Mark Andrews's avatar
Mark Andrews committed
775

776
777
1719.	[bug]		named was not correctly caching a RFC 2308 Type 1
			negative response. [RT #12506]
Mark Andrews's avatar
Mark Andrews committed
778

779
780
781
1718.	[bug]		nsupdate was not handling RFC 2308 Type 3 negative
			responses when looking for the zone / master server.
			[RT #12506]
Mark Andrews's avatar
Mark Andrews committed
782

783
784
785
1717.	[port]		solaris: ifconfig.sh did not support Solaris 10.
			"ifconfig.sh down" didn't work for Solaris 9.

786
787
788
1716.	[doc]		named.conf(5) was being installed in the wrong
			location.  [RT# 12441]

789
790
1715.	[func]		'dig +trace' now randomly selects the next servers
			to try.  Report if there is a bad delegation.
Mark Andrews's avatar
Mark Andrews committed
791

792
793
794
795
1714.	[bug]		dig/host/nslookup were only trying the first
			address when a nameserver was specified by name.
			[RT #12286]

796
797
798
1713.	[port]		linux: extend capset failure message to say:
			please ensure that the capset kernel module is
			loaded.  see insmod(8)
Mark Andrews's avatar
Mark Andrews committed
799

800
801
1712.	[bug]		Missing FULLCHECK for "trusted-key" in dig.

802
1711.	[func]		'rndc unfreeze' has been deprecated by 'rndc thaw'.
Mark Andrews's avatar
Mark Andrews committed
803

804
805
1710.	[func]		'rndc notify zone [class [view]]' resend the NOTIFY
			messages for the specified zone. [RT #9479]
Mark Andrews's avatar
Mark Andrews committed
806

807
1709.	[port]		solaris: add SMF support from Sun.
Mark Andrews's avatar
Mark Andrews committed
808

809
810
811
812
1708.	[cleanup]	Replaced dns_fullname_hash() with dns_name_fullhash()
			for conformance to the name space convention.  Binary
			backward compatibility to the old function name is
			provided. [RT #12376]
813

814
815
1707.	[contrib]	sdb/ldap updated to version 1.0-beta.

816
817
1706.	[bug]		'rndc stop' failed to cause zones to be flushed
			sometimes. [RT #12328]
Mark Andrews's avatar
Mark Andrews committed
818

819
1705.	[func]		Allow the journal's name to be changed via named.conf.
Mark Andrews's avatar
Mark Andrews committed
820

821
822
823
1704.	[port]		lwres needed a snprintf() implementation for
			platforms without snprintf().  Add missing
			"#include <isc/print.h>". [RT #12321]
Mark Andrews's avatar
Mark Andrews committed
824

825
826
1703.	[bug]		named would loop sending NOTIFY messages when it
			failed to receive a response. [RT #12322]
Mark Andrews's avatar
Mark Andrews committed
827

828
829
1702.	[bug]		also-notify should not be applied to builtin zones.
			[RT #12323]
Mark Andrews's avatar
Mark Andrews committed
830

831
832
1701.	[doc]		A minimal named.conf man page.

833
834
835
1700.	[func]		nslookup is no longer to be treated as deprecated.
			Remove "deprecated" warning message.  Add man page.

836
837
1699.	[bug]		dnssec-signzone can generate "not exact" errors
			when resigning. [RT #12281]
Mark Andrews's avatar
Mark Andrews committed
838

839
840
1698.	[doc]		Use reserved IPv6 documentation prefix.

841
842
843
844
1697.	[bug]		xxx-source{,-v6} was not effective when it
			specified one of listening addresses and a
			different port than the listening port. [RT #12257]

845
846
847
848
1696.	[bug]		dnssec-signzone failed to clean out nodes that
			consisted of only NSEC and RRSIG records.
			[RT #12154]

849
850
1695.	[bug]		DS records when forwarding require special handling.
			[RT #12133]
Mark Andrews's avatar
Mark Andrews committed
851

852
853
1694.	[bug]		Report if the builtin views of "_default" / "_bind"
			are defined in named.conf. [RT #12023]
Mark Andrews's avatar
Mark Andrews committed
854

855
856
1693.	[bug]		max-journal-size was not effective for master zones
			with ixfr-from-differences set. [RT# 12024]
Mark Andrews's avatar
Mark Andrews committed
857

Mark Andrews's avatar
Mark Andrews committed
858
1692.	[bug]		Don't set -I, -L and -R flags when libcrypto is in
859
860
			/usr/lib. [RT #11971]

861
862
1691.	[bug]		sdb's attachversion was not complete. [RT #11990]

863
864
1690.	[bug]		Delay detaching view from the client until UPDATE
			processing completes when shutting down. [RT #11714]
Mark Andrews's avatar
Mark Andrews committed
865

866
867
868
1689.	[bug]		DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
			contained gratuitous semicolons. [RT #11707]

869
870
1688.	[bug]		LDFLAGS was not supported.

871
872
1687.	[bug]		Race condition in dispatch. [RT #10272]

873
874
875
1686.	[bug]		Named sent a extraneous NOTIFY when it received a
			redundant UPDATE request. [RT #11943]

Rob Austein's avatar
Rob Austein committed
876
1685.	[bug]		Change #1679 loop tests weren't quite right.
877

878
879
1684.	[func]		ixfr-from-differences now takes master and slave in
			addition to yes and no at the options and view levels.
Mark Andrews's avatar
Mark Andrews committed
880

881
882
1683.	[bug]		dig +sigchase could leak memory. [RT #11445]

883
884
1682.	[port]		Update configure test for (long long) printf format.
			[RT #5066]
Mark Andrews's avatar
Mark Andrews committed
885

886
887
1681.	[bug]		Only set SO_REUSEADDR when a port is specified in
			isc_socket_bind(). [RT #11742]
Mark Andrews's avatar
Mark Andrews committed
888

889
1680.	[func]		rndc: the source address can now be specified.
Mark Andrews's avatar
Mark Andrews committed
890

891
892
893
1679.	[bug]		When there was a single nameserver with multiple
			addresses for a zone not all addresses were tried.
			[RT #11706]
Mark Andrews's avatar
Mark Andrews committed
894

895
896
1678.	[bug]		RRSIG should use TYPEXXXXX for unknown types.

897
898
1677.	[bug]		dig: +aaonly didn't work, +aaflag undocumented.

899
900
901
902
903
904
1676.	[func]		New option "allow-query-cache".  This lets
			allow-query be used to specify the default zone
			access level rather than having to have every
			zone override the global value.  allow-query-cache
			can be set at both the options and view levels.
			If allow-query-cache is not set allow-query applies.
Mark Andrews's avatar
Mark Andrews committed
905

906
907
908
1675.	[bug]		named would sometimes add extra NSEC records to
			the authority section.
			
909
910
911
1674.	[port]		linux: increase buffer size used to scan
			/proc/net/if_inet6.

912
913
914
1673.	[port]		linux: issue a error messages if IPv6 interface
			scans fails.

Mark Andrews's avatar
Mark Andrews committed
915
1672.	[cleanup]	Tests which only function in a threaded build
916
917
918
919
			now return R:THREADONLY (rather than R:UNTESTED)
			in a non-threaded build.

1671.	[contrib]	queryperf: add NAPTR to the list of known types.
920

921
922
923
924
925
1670.	[func]		Log UPDATE requests to slave zones without an acl as
			"disabled" at debug level 3. [RT# 11657]

1669.	[placeholder]

926
927
1668.	[bug]		DIG_SIGCHASE was making bin/dig/host dump core.

928
929
1667.	[port]		linux: not all versions have IF_NAMESIZE.

930
931
1666.	[bug]		The optional port on hostnames in dual-stack-servers
			was being ignored.
Mark Andrews's avatar
Mark Andrews committed
932

933
934
1665.	[func]		rndc now allows addresses to be set in the
			server clauses.
Mark Andrews's avatar
Mark Andrews committed
935

Rob Austein's avatar
1664    
Rob Austein committed
936
937
1664.	[bug]		nsupdate needed KEY for SIG(0), not DNSKEY.

938
1663.	[func]		Look for OpenSSL by default.
Mark Andrews's avatar
Mark Andrews committed
939

Mark Andrews's avatar
wording    
Mark Andrews committed
940
941
1662.	[bug]		Change #1658 failed to change one use of 'type'
			to 'keytype'.
942

943
944
1661.	[bug]		Restore dns_name_concatenate() call in
			adb.c:set_target().  [RT #11582]
Mark Andrews's avatar
Mark Andrews committed
945

946
947
1660.	[bug]		win32: connection_reset_fix() was being called
			unconditionally.  [RT #11595]
Mark Andrews's avatar
Mark Andrews committed
948

949
950
951
952
953
954
955
1659.	[cleanup]	Cleanup some messages that were referring to KEY vs
			DNSKEY, NXT vs NSEC and SIG vs RRSIG.

1658.	[func]		Update dnssec-keygen to default to KEY for HMAC-MD5
			and DH.  Tighten which options apply to KEY and
			DNSKEY records.

956
957
958
959
960
1657.	[doc]		ARM: document query log output.

1656.	[doc]		Update DNSSEC description in ARM to cover DS, NSEC
			DNSKEY and RRSIG.  [RT #11542]

961
962
1655.	[bug]		Logging multiple versions w/o a size was broken.
			[RT #11446]
Mark Andrews's avatar
Mark Andrews committed
963

964
965
1654.	[bug]		isc_result_totext() contained array bounds read
			error.
Mark Andrews's avatar
Mark Andrews committed
966

967
968
969
1653.	[func]		Add key type checking to dst_key_fromfilename(),
			DST_TYPE_KEY should be used to read TSIG, TKEY and
			SIG(0) keys.
Mark Andrews's avatar
Mark Andrews committed
970

971
1652.	[bug]		TKEY still uses KEY.
Mark Andrews's avatar
Mark Andrews committed
972

973
974
975
976
1651.	[bug]		dig: process multiple dash options.

1650.	[bug]		dig, nslookup: flush standard out after each command.

977
978
1649.	[bug]		Silence "unexpected non-minimal diff" message.
			[RT #11206]