CHANGES 254 KB
Newer Older
1 2 3
2455.	[bug]		Stop metadata being transfered via axfr/ixfr.
			[RT #18639]

4 5
2454.	[func]		nsupdate: you can now set a default ttl. [RT #18317]

6 7 8 9 10
2453.	[bug]		Remove NULL pointer dereference in dns_journal_print().
			[RT #18316]

2452.	[func]		Improve bin/test/journalprint. [RT #18316]

11 12
2451.	[port]		solaris: handle runtime linking better. [RT #18356]

13 14 15
2450.	[doc]		Fix lwresd docbook problem for manual page.
			[RT #18672]

Mark Andrews's avatar
Mark Andrews committed
16 17
2449.	[placeholder]

18 19
2448.	[func]		Add NSEC3 support. [RT #15452]

Mark Andrews's avatar
Mark Andrews committed
20
2447.	[cleanup]	libbind has been split out as a seperate product.
21

22 23 24 25
2446.	[func]		Add a new log message about build options on startup.
			A new command-line option '-V' for named is also
			provided to show this information. [RT# 18645]

26 27 28 29
2445.	[doc]		ARM out-of-date on empty reverse zones (list includes
			RFC1918 address, but these are not yet compiled in).
			[RT #18578]

Mark Andrews's avatar
Mark Andrews committed
30
2444.	[port]		Linux, FreeBSD, AIX: Turn off path mtu discovery
31 32
			(clear DF) for UDP responses and requests.

33 34 35 36 37
2443.	[bug]		win32: UDP connect() would not generate an event,
			and so connected UDP sockets would never clean up.
			Fix this by doing an immediate WSAConnect() rather
			than an io completion port type for UDP.

38 39
2442.	[bug]		A lock could be destroyed twice. [RT# 18626]

40 41 42 43 44 45 46 47 48
2441.   [bug]           isc_radix_insert() could copy radix tree nodes
			incompletely. [RT #18573]

2440.   [bug]		named-checkconf used an incorrect test to determine
			if an ACL was set to none.

2439.   [bug]		Potential NULL dereference in dns_acl_isanyornone().
			[RT #18559]

49
2438.   [bug]		Timeouts could be logged incorrectly under win32.
Evan Hunt's avatar
Evan Hunt committed
50

Evan Hunt's avatar
Evan Hunt committed
51 52 53
2437.	[bug]		Sockets could be closed too early, leading to
			inconsistent states in the socket module. [RT #18298]

54
2436.	[security]	win32: UDP client handler can be shutdown. [RT #18576]
Mark Andrews's avatar
Mark Andrews committed
55

56 57
2435.	[bug]		Fixed an ACL memory leak affecting win32.

58 59
2434.	[bug]		Fixed a minor error-reporting bug in
			lib/isc/win32/socket.c.
Evan Hunt's avatar
Evan Hunt committed
60

61 62
2433.	[tuning]	Set initial timeout to 800ms.

63 64 65 66 67 68 69
2432.   [bug]		More Windows socket handling improvements.  Stop
			using I/O events and use IO Completion Ports
			throughout.  Rewrite the receive path logic to make
			it easier to support multiple simultaneous
			requestrs in the future.  Add stricter consistency
			checking as a compile-time option (define
			ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
Evan Hunt's avatar
Evan Hunt committed
70

71 72
2431.	[bug]		Acl processing could leak memory. [RT #18323]

73 74 75 76
2430.	[bug]		win32: isc_interval_set() could round down to
			zero if the input was less than NS_INTERVAL
			nanoseconds.  Round up instead. [RT #18549]

77 78 79
2429.	[doc]		nsupdate should be in section 1 of the man pages.
			[RT #18283]

80 81 82
2428.	[bug]		dns_iptable_merge() mishandled merges of negative
			tables. [RT #18409]

83 84 85
2427.	[func]		Treat DNSKEY queries as if "minimal-response yes;"
			was set. [RT #18528]

86 87 88 89
2426.	[bug]		libbind: inet_net_pton() can sometimes return the
			wrong value if excessively large netmasks are
			supplied. [RT #18512]

90 91 92
2425.	[bug]		named didn't detect unavailable query source addresses
			at load time. [RT #18536]

93 94 95 96 97
2424.	[port]		configure now probes for a working epoll
			implementation.  Allow the use of kqueue,
			epoll and /dev/poll to be selected at compile
			time. [RT #18277]
			
98
2423.   [security]	Randomize server selection on queries, so as to
Evan Hunt's avatar
Evan Hunt committed
99 100 101 102 103 104
                        make forgery a little more difficult.  Instead of
                        always preferring the server with the lowest RTT,
                        pick a server with RTT within the same 128
                        millisecond band.  [RT #18441]

2422.	[bug]		Handle the special return value of a empty node as
105 106
			if it was a NXRRSET in the validator. [RT #18447]

Evan Hunt's avatar
Evan Hunt committed
107
2421.	[func]		Add new command line option '-S' for named to specify
108 109 110 111
			the max number of sockets. [RT #18493]
			Use caution: this option may not work for some
			operating systems without rebuilding named.

112 113 114 115 116 117
2420.   [bug]		Windows socket handling cleanup.  Let the io
			completion event send out cancelled read/write
			done events, which keeps us from writing to memeory
			we no longer have ownership of.  Add debugging
			socket_log() function.  Rework TCP socket handling
			to not leak sockets.
Evan Hunt's avatar
Evan Hunt committed
118

119 120 121 122
2419.	[cleanup]	Document that isc_socket_create() and isc_socket_open()
			should not be used for isc_sockettype_fdwatch sockets.
			[RT #18521]

123 124 125
2418.	[bug]		AXFR request on a DLZ could trigger a REQUIRE failure
			[RT #18430]

126 127 128 129
2417.	[bug]		Connecting UDP sockets for outgoing queries could
			unexpectedly fail with an 'address already in use'
			error. [RT #18411]

130 131 132
2416.	[func]		Log file descriptors that cause exceeding the
			internal maximum. [RT #18460]

133 134 135
2415.	[bug]		'rndc dumpdb' could trigger various assertion failures
			in rbtdb.c. [RT #18455]

136 137 138 139
2414.	[bug]		A masterdump context held the database lock too long,
			causing various troubles such as dead lock and
			recursive lock acquisition. [RT #18311, #18456]

140 141
2413.	[bug]		Fixed an unreachable code path in socket.c. [RT #18442]

142 143
2412.	[bug]		win32: address a resourse leak. [RT #18374]

144 145 146 147
2411.	[bug]		Allow using a larger number of sockets than FD_SETSIZE
			for select().  To enable this, set ISC_SOCKET_MAXSOCKETS
			at compilation time.  [RT #18433]

148 149
2410.	[bug]		Correctly delete m_versionInfo. [RT #18432]

Mark Andrews's avatar
Mark Andrews committed
150
2409.	[bug]		Only log that we disabled EDNS processing if we were
151 152
			subsequently successful.  [RT #18029]

153 154 155 156
2408.	[bug]		A duplicate TCP dispatch event could be sent, which
			could then trigger an assertion failure in
			resquery_response().  [RT #18275]

157 158
2407.	[port]		hpux: test for sys/dyntune.h. [RT #18421]

Evan Hunt's avatar
Evan Hunt committed
159
2406.	[placeholder]
160

161 162 163 164
2405.   [cleanup]       The default value for dnssec-validation was changed to
                        "yes" in 9.5.0-P1 and all subsequent releases; this
                        was inadvertently omitted from CHANGES at the time.

165 166
2404.	[port]		hpux: files unlimited support.

167 168
2403.	[bug]		TSIG context leak. [RT #18341]

169 170
2402.	[port]		Support Solaris 2.11 and over. [RT #18362]

171 172 173
2401.	[bug]		Expect to get E[MN]FILE errno internal_accept()
			(from accept() or fcntl() system calls). [RT #18358]

Tatuya JINMEI 神明達哉's avatar
Tatuya JINMEI 神明達哉 committed
174
2400.	[bug]		Log if kqueue()/epoll_create()/open(/dev/poll) fails.
175 176
			[RT #18297]

177 178
2399.	[placeholder]

179
2398.	[bug]           Improve file descriptor management.  New,
180 181 182
			temporary, named.conf option reserved-sockets,
			default 512. [RT #18344]

183 184
2397.	[bug]		gssapi_functions had too many elements. [RT #18355]

185 186 187
2396.	[bug]		Don't set SO_REUSEADDR for randomized ports.
			[RT #18336]

188 189 190
2395.	[port]		Avoid warning and no effect from "files unlimited"
			on Linux when running as root. [RT #18335]

191 192 193
2394.	[bug]		Default configuration options set the limit for
			open files to 'unlimited' as described in the
			documentation. [RT #18331]
194

195 196 197 198 199
2393.	[bug]		nested acls containing keys could trigger an
			assertion in acl.c. [RT #18166]

2392.	[bug]		remove 'grep -q' from acl test script, some platforms
			don't support it. [RT #18253]
200 201

2391.	[port]		hpux: cover additional recvmsg() error codes.
202 203
			[RT #18301]

204
2390.	[bug]		dispatch.c could make a false warning on 'odd socket'.
205 206
			[RT #18301].

207
2389.	[bug]		Move the "working directory writable" check to after
Mark Andrews's avatar
Mark Andrews committed
208
			the ns_os_changeuser() call. [RT #18326]
209

210 211 212
2388.	[bug]		Avoid using tables for layout purposes in
			statistics XSL [RT #18159].

213 214 215
2387.	[bug]		Silence compiler warnings in lib/isc/radix.c.
			[RT #18147] [RT #18258]

216 217
2386.	[func]		Add warning about too small 'open files' limit.
			[RT #18269]
218

219 220 221
2385.	[bug]		A condition variable in socket.c could leak in
			rare error handling [RT #17968].

222 223 224
2384.	[security]	Fully randomize UDP query ports to improve
			forgery resilience. [RT #17949, #18098]

225 226
2383.	[bug]		named could double queries when they resulted in
			SERVFAIL due to overkilling EDNS0 failure detection.
Tatuya JINMEI 神明達哉's avatar
Tatuya JINMEI 神明達哉 committed
227
			[RT #18182]
228

229 230 231
2382.	[doc]		Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
			to ARM.

232 233 234 235
2381.	[port]		dlz/mysql: support multiple install layouts for
			mysql.  <prefix>/include/{,mysql/}mysql.h and
			<prefix>/lib/{,mysql/}. [RT #18152]

236 237 238 239 240
2380.	[bug]		dns_view_find() was not returning NXDOMAIN/NXRRSET
			proofs which, in turn, caused validation failures
			for insecure zones immediately below a secure zone
			the server was authoritative for. [RT #18112] 

241 242 243
2379.	[contrib]	queryperf/gen-data-queryperf.py: removed redundant
			TLDs and supported RRs with TTLs [RT #17972]

244 245 246
2378.	[bug]		gssapi_functions{} had a redundant member in BIND 9.5.
			[RT #18169]

247 248
2377.	[bug]		Address race condition in dnssec-signzone. [RT #18142]

Mark Andrews's avatar
Mark Andrews committed
249
2376.	[bug]		Change #2144 was not complete.
250

251
2375.	[placeholder]
Mark Andrews's avatar
Mark Andrews committed
252 253

2374.	[bug]		"blackhole" ACLs could cause named to segfault due
254 255
			to some uninitialized memory. [RT #18095]

Mark Andrews's avatar
Mark Andrews committed
256
2373.	[bug]		Default values of zone ACLs were re-parsed each time a
257 258
			new zone was configured, causing an overconsumption
			of memory. [RT #18092]
259

Mark Andrews's avatar
Mark Andrews committed
260
2372.	[bug]		Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
261

Mark Andrews's avatar
Mark Andrews committed
262
2371.	[doc]		Add +nsid option to dig man page. [RT #18039]
263

Mark Andrews's avatar
Mark Andrews committed
264 265
2370.	[bug]		"rndc freeze" could trigger an assertion in named
			when called on a nonexistent zone. [RT #18050]
266

267 268 269
2369.	[bug]		libbind: Array bounds overrun on read in bitncmp().
			[RT #18054]

Mark Andrews's avatar
Mark Andrews committed
270 271
2368.	[port]		Linux: use libcap for capability management if
			possible. [RT# 18026]
272

Mark Andrews's avatar
Mark Andrews committed
273 274
2367.	[bug]		Improve counting of dns_resstatscounter_retry
			[RT #18030]
275

276 277
2366.	[bug]		Adb shutdown race. [RT #18021]

Mark Andrews's avatar
Mark Andrews committed
278 279
2365.	[bug]		Fix a bug that caused dns_acl_isany() to return
			spurious results. [RT #18000]
280

281 282 283
2364.	[bug]		named could trigger a assertion when serving a
			malformed signed zone. [RT #17828]

284 285 286
2363.	[port]		sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
			[RT #17513]

Mark Andrews's avatar
Mark Andrews committed
287 288 289
2362.   [cleanup]	Make "rrset-order fixed" a compile-time option.
			settable by "./configure --enable-fixed-rrset".
			Disabled by default. [RT #17977]
290

291 292 293
2361.	[bug]		"recursion" statistics counter could be counted
			multiple times for a single query.  [RT #17990]

294 295 296
2360.	[bug]		Fix a condition where we release a database version
			(which may acquire a lock) while holding the lock.

297 298
2359.	[bug]		Fix NSID bug. [RT #17942]

299 300
2358.	[doc]		Update host's default query description. [RT #17934]

301 302 303
2357.	[port]		Don't use OpenSSL's engine support in versions before
			OpenSSL 0.9.7f. [RT #17922]

Mark Andrews's avatar
Mark Andrews committed
304
2356.	[bug]		Built in mutex profiler was not scalable enough.
305 306
			[RT #17436]

307 308 309
2355.	[func]		Extend the number statistics counters available.
			[RT #17590]

Mark Andrews's avatar
Mark Andrews committed
310
2354.	[bug]		Failed to initialize some rdatasetheader_t elements.
311 312
			[RT #17927]

313 314 315 316 317 318 319
2353.	[func]		Add support for Name Server ID (RFC 5001).
			'dig +nsid' requests NSID from server.
			'request-nsid yes;' causes recursive server to send
			NSID requests to upstream servers.  Server responds
			to NSID requests with the string configured by
			'server-id' option.  [RT #17091]

320 321
2352.	[bug]		Various GSS_API fixups. [RT #17729]

322 323
2351.	[bug]		convertxsl.pl generated very long lines. [RT #17906]

324 325
2350.	[port]		win32: IPv6 support. [RT #17797]

326 327 328
2349.	[func]		Provide incremental re-signing support for secure
			dynamic zones. [RT #1091]

Francis Dupont's avatar
Francis Dupont committed
329 330 331 332
2348.	[func]		Use the EVP interface to OpenSSL. Add PKCS#11 support.
			Documentation is in the new README.pkcs11 file.
			[RT #16844]

Francis Dupont's avatar
Francis Dupont committed
333 334 335
2347.	[bug]		Delete now traverses the RB tree in the canonical
			order. [RT #17451]

336 337 338
2346.	[func]		Memory statistics now cover all active memory contexts
			in increased detail. [RT #17580]

339 340 341 342
2345.	[bug]		named-checkconf failed to detect when forwarders
			were set at both the options/view level and in
			a root zone. [RT #17671]

343 344 345
2344.	[bug]		Improve "logging{ file ...; };" documentation.
			[RT #17888]

346 347 348
2343.	[bug]		(Seemingly) duplicate IPv6 entries could be
			created in ADB. [RT #17837]

349 350
2342.	[func]		Use getifaddrs() if available under Linux. [RT #17224]

351 352 353
2341.	[bug]		libbind: add missing -I../include for off source
			tree builds. [RT #17606]

354 355
2340.	[port]		openbsd: interface configuration. [RT #17700]

356 357
2339.	[port]		tru64: support for libbind. [RT #17589]

Mark Andrews's avatar
Mark Andrews committed
358
2338.	[bug]		check_ds() could be called with a non DS rdataset.
359 360
			[RT #17598]

Mark Andrews's avatar
Mark Andrews committed
361
2337.	[bug]		BUILD_LDFLAGS was not being correctly set.  [RT #17614]
362

363 364 365 366
2336.	[func]		If "named -6" is specified then listen on all IPv6
			interfaces if there are not listen-on-v6 clauses in
			named.conf.  [RT #17581]

367 368 369
2335.	[port]		sunos:  libbind and *printf() support for long long. 
			[RT #17513]

370 371 372
2334.	[bug]		Bad REQUIRES in fromstruct_in_naptr(),  off by one
			bug in fromstruct_txt(). [RT #17609]
			
373 374 375
2333.	[bug]		Fix off by one error in isc_time_nowplusinterval().
			[RT #17608]

376 377
2332.	[contrib]	query-loc-0.4.0. [RT #17602]

Mark Andrews's avatar
80 cols  
Mark Andrews committed
378
2331.	[bug]		Failure to regenerate any signatures was not being
Mark Andrews's avatar
Mark Andrews committed
379 380
			reported nor being past back to the UPDATE client.
			[RT #17570]
381

382 383 384 385 386 387 388
2330.	[bug]		Remove potential race condition when handling
			over memory events. [RT #17572]

			WARNING: API CHANGE: over memory callback
			function now needs to call isc_mem_waterack().
			See <isc/mem.h> for details.

389 390
2329.	[bug]		Clearer help text for dig's '-x' and '-i' options.

391
2328.	[maint]		Add AAAA addresses for A.ROOT-SERVERS.NET,
392 393 394 395
			F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
			J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
			M.ROOT-SERVERS.NET.

Mark Andrews's avatar
Mark Andrews committed
396
2327.	[bug]		It was possible to dereference a NULL pointer in
Mark Andrews's avatar
Mark Andrews committed
397
			rbtdb.c.  Implement dead node processing in zones as
Mark Andrews's avatar
Mark Andrews committed
398
			we do for caches. [RT #17312]
399

400 401 402
2326.	[bug]		It was possible to trigger a INSIST in the acache
			processing.

403 404
2325.	[port]		Linux: use capset() function if available. [RT #17557]

Mark Andrews's avatar
80 cols  
Mark Andrews committed
405
2324.	[bug]		Fix IPv6 matching against "any;". [RT #17533]
406

407 408
2323.	[port]		tru64: namespace clash. [RT #17547]

409 410 411
2322.	[port]		MacOS: work around the limitation of setrlimit()
			for RLIMIT_NOFILE. [RT #17526]

Mark Andrews's avatar
Mark Andrews committed
412 413
2321.	[placeholder]

Mark Andrews's avatar
Mark Andrews committed
414
2320.	[func]		Make statistics counters thread-safe for platforms
415 416
			that support certain atomic operations. [RT #17466]

417
2319.	[bug]		Silence Coverity warnings in 
Evan Hunt's avatar
Evan Hunt committed
418
			lib/dns/rdata/in_1/apl_42.c. [RT #17469]
419

420
2318.	[port]		sunos fixes for libbind.  [RT #17514]
421

422 423
2317.	[bug]		"make distclean" removed bind9.xsl.h. [RT #17518]

424 425 426
2316.	[port]		Missing #include <isc/print.h> in lib/dns/gssapictx.c.
			[RT #17513]

427 428 429
2315.   [bug]           Used incorrect address family for mapped IPv4
                        addresses in acl.c. [RT #17519]

430 431 432
2314.	[bug]		Uninitialized memory use on error path in
			bin/named/lwdnoop.c.  [RT #17476]

433 434 435
2313.	[cleanup]	Silence Coverity warnings. Handle private stacks.
			[RT #17447] [RT #17478]

436 437 438
2312.	[cleanup]	Silence Coverity warning in lib/isc/unix/socket.c.
			[RT #17458]

439 440 441
2311.   [bug]           IPv6 addresses could match IPv4 ACL entries and
                        vice versa. [RT #17462]

Mark Andrews's avatar
Mark Andrews committed
442
2310.	[bug]		dig, host, nslookup: flush stdout before emitting
443
			debug/fatal messages.  [RT #17501]
444

445 446 447
2309.   [cleanup]       Fix Coverity warnings in lib/dns/acl.c and iptable.c.
                        [RT #17455]

448 449 450
2308.	[cleanup]	Silence Coverity warning in bin/named/controlconf.c.
			[RT #17495]

451 452
2307.	[bug]		Remove infinite loop from lib/dns/sdb.c. [RT #17496]

453 454 455
2306.	[bug]		Remove potential race from lib/dns/resolver.c.
			[RT #17470]

456 457
2305.	[security]	inet_network() buffer overflow. CVE-2008-0122.

458 459 460
2304.	[bug]		Check returns from all dns_rdata_tostruct() calls.
			[RT #17460]

461 462 463
2303.	[bug]		Remove unnecessary code from bin/named/lwdgnba.c.
			[RT #17471]

464 465
2302.	[bug]		Fix memset() calls in lib/tests/t_api.c. [RT #17472]

466 467 468
2301.	[bug]		Remove resource leak and fix error messages in
			bin/tests/system/lwresd/lwtest.c. [RT #17474]

469 470 471
2300.	[bug]		Fixed failure to close open file in 
			bin/tests/names/t_names.c. [RT #17473]

472 473 474
2299.	[bug]		Remove unnecessary NULL check in
			bin/nsupdate/nsupdate.c. [RT #17475]

475 476 477
2298.	[bug]		isc_mutex_lock() failure not caught in
			bin/tests/timers/t_timers.c. [RT #17468]

478 479 480
2297.	[bug]		isc_entropy_createfilesource() failure not caught in
			bin/tests/dst/t_dst.c. [RT #17467]

481 482 483
2296.	[port]		Allow docbook stylesheet location to be specified to
			configure. [RT #17457]

484 485 486
2295.	[bug]		Silence static overrun error in bin/named/lwaddr.c.
			[RT #17459]

487 488 489 490
2294.	[func]		Allow the experimental statistics channels to have
			multiple connections and ACL.
			Note: the stats-server and stats-server-v6 options
			available in the previous beta releases are replaced
Mark Andrews's avatar
Mark Andrews committed
491
			with the generic statistics-channels statement.
492

493 494
2293.	[func]		Add ACL regression test. [RT #17375]

495 496 497 498 499 500
2292.	[bug]		Log if the working directory is not writable.
			[RT #17312]

2291.   [bug]           PR_SET_DUMPABLE may be set too late.  Also report
			failure to set PR_SET_DUMPABLE. [RT #17312]

501 502 503
2290.	[bug]		Let AD in the query signal that the client wants AD
			set in the response. [RT #17301]

504 505 506
2289.	[func]		named-checkzone now reports the out-of-zone CNAME
			found. [RT #17309]

507 508 509
2288.	[port]		win32: mark service as running when we have finished
			loading.  [RT #17441]

510 511
2287.	[bug]		Use 'volatile' if the compiler supports it. [RT #17413]

512 513 514 515 516
2286.	[func]		Allow a TCP connection to be used as a weak
			authentication method for reverse zones.
			New update-policy methods tcp-self and 6to4-self.
			[RT #17378]

517 518 519
2285.	[func]		Test framework for client memory context management.
			[RT #17377]

520 521 522
2284.	[bug]		Memory leak in UPDATE prerequisite processing.
			[RT #17377]

523 524 525 526 527
2283.	[bug]		TSIG keys were not attaching to the memory
			context.  TSIG keys should use the rings
			memory context rather than the clients memory
			context. [RT #17377]

528
2282.	[bug]		Acl code fixups. [RT #17346] [RT #17374]
529

530 531 532
2281.	[bug]		Attempts to use undefined acls were not being logged.
			[RT #17307]

533 534 535
2280.	[func]		Allow the experimental http server to be reached
			over IPv6 as well as IPv4. [RT #17332]

536 537 538 539
2279.   [bug]           Use setsockopt(SO_NOSIGPIPE), when available,
			to protect applications from receiving spurious
			SIGPIPE signals when using the resolver.

540
2278.	[bug]		win32: handle the case where Windows returns no
Mark Andrews's avatar
Mark Andrews committed
541
			search list or DNS suffix. [RT #17354]
542

543 544 545
2277.	[bug]		Empty zone names were not correctly being caught at
			in the post parse checks. [RT #17357]

546 547
2276.	[bug]		Install <dst/gssapi.h>.  [RT# 17359]

548 549 550
2275.	[func]		Add support to dig to perform IXFR queries over UDP.
			[RT #17235]

Mark Andrews's avatar
Mark Andrews committed
551
2274.	[func]		Log zone transfer statistics. [RT #17336]
552

Mark Andrews's avatar
Mark Andrews committed
553
2273.	[bug]		Adjust log level to WARNING when saving inconsistent
554 555
			stub/slave master and journal files. [RT# 17279]

556 557 558
2272.	[bug]		Handle illegal dnssec-lookaside trust-anchor names.
			[RT #17262]

Michael Graff's avatar
Michael Graff committed
559 560
2271.	[bug]		Fix a memory leak in http server code [RT #17100]

561 562 563
2270.	[bug]		dns_db_closeversion() version->writer could be reset
			before it is tested. [RT #17290]

564 565
2269.	[contrib]	dbus memory leaks and missing va_end calls. [RT #17232]

566 567 568
2268.	[bug]		0.IN-ADDR.ARPA was missing from the empty zones
			list.

569 570
	--- 9.5.0b1 released ---

571 572 573 574
2267.   [bug]           Radix tree node_num value could be set incorrectly,
                        causing positive ACL matches to look like negative
                        ones.  [RT #17311]

575 576 577
2266.	[bug]		client.c:get_clientmctx() returned the same mctx
			once the pool of mctx's was filled. [RT #17218]

578 579 580
2265.	[bug]		Test that the memory context's basic_table is non NULL
			before freeing.  [RT #17265]

581 582
2264.	[bug]		Server prefix length was being ignored. [RT #17308]

583 584 585
2263.	[bug]		"named-checkconf -z" failed to set default value
			for "check-integrity".  [RT #17306]

586 587 588
2262.	[bug]		Error status from all but the last view could be
			lost. [RT #17292]

589 590
2261.   [bug]           Fix memory leak with "any" and "none" ACLs [RT #17272]

591
2260.	[bug]		Reported wrong clients-per-query when increasing the
592
                        value. [RT #17236]
Mark Andrews's avatar
Mark Andrews committed
593

594 595
2259.	[placeholder]

Mark Andrews's avatar
Mark Andrews committed
596 597
	--- 9.5.0a7 released ---

598 599 600
2258.	[bug]		Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
			[RT #17241]

601 602 603
2257.	[bug]		win32: Use the full path to vcredist_x86.exe when
			calling it. [RT #17222]

604 605 606
2256.	[bug]		win32: Correctly register the installation location of
			bindevt.dll. [RT #17159]

607
2255.	[maint]		L.ROOT-SERVERS.NET is now 199.7.83.42.
608

609 610 611 612 613
2254.	[bug]		timer.c:dispatch() failed to lock timer->lock
			when reading timer->idle allowing it to see
			intermediate values as timer->idle was reset by
			isc_timer_touch(). [RT #17243]

Mark Andrews's avatar
Mark Andrews committed
614
2253.	[func]	 	"max-cache-size" defaults to 32M.
Mark Andrews's avatar
Mark Andrews committed
615 616
			"max-acache-size" defaults to 16M.

617
2252.   [bug]           Fixed errors in sortlist code [RT #17216]
618

619 620 621 622 623 624 625
2251.	[placeholder]

2250.	[func]		New flag 'memstatistics' to state whether the
			memory statistics file should be written or not.
			Additionally named's -m option will cause the
			statistics file to be written. [RT #17113]
			
626 627 628
2249.   [bug]           Only set Authentic Data bit if client requested
                        DNSSEC, per RFC 3655 [RT #17175]

629 630
2248.   [cleanup]       Fix several errors reported by Coverity. [RT #17160]

631 632
2247.	[doc]		Sort doc/misc/options. [RT #17067]

633 634 635
2246.	[bug]		Make the startup of test servers (ans.pl) more
			robust. [RT #17147]

636 637 638
2245.	[bug]		Validating lack of DS records at trust anchors wasn't
			working. [RT #17151]

639 640 641 642
2244.	[func]		Allow the check of nameserver names against the
			SOA MNAME field to be disabled by specifying
			'notify-to-soa yes;'.  [RT #17073]

643 644 645
2243.	[func]		Configuration files without a newline at the end now
			parse without error. [RT #17120]

646 647 648 649
2242.	[bug]		nsupdate: GSS-TSIG support using the Heimdal Kerberos
			library could require a source of random data.
			[RT #17127]

Mark Andrews's avatar
Mark Andrews committed
650
2241.	[func]		nsupdate: add a interactive 'help' command. [RT #17099]
651 652 653 654 655 656 657

2240.	[bug]		Cleanup nsupdates GSS-TSIG support.  Convert
			a number of INSIST()s into plain fatal() errors
			which report the triggering result code.
			The 'key' command wasn't disabling GSS-TSIG.
			[RT #17099]

Mark Andrews's avatar
Mark Andrews committed
658
2239.	[func]		Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
659

660
2238.	[bug]		It was possible to trigger a REQUIRE when a
Mark Andrews's avatar
Mark Andrews committed
661
			validation was canceled. [RT #17106]
662

663 664
2237.	[bug]		libbind: res_init() was not thread aware. [RT #17123]

Mark Andrews's avatar
Mark Andrews committed
665
2236.	[bug]		dnssec-signzone failed to preserve the case of
Mark Andrews's avatar
Mark Andrews committed
666
			of wildcard owner names. [RT #17085]
667

668 669
2235.	[bug]		<isc/atomic.h> was not being installed. [RT #17135]

Evan Hunt's avatar
Evan Hunt committed
670 671
2234.   [port]          Correct some compiler warnings on SCO OSr5 [RT #17134]
  
672
2233.   [func]          Add support for O(1) ACL processing, based on
Mark Andrews's avatar
Mark Andrews committed
673 674
                        radix tree code originally written by Kevin
                        Brintnall. [RT #16288]
675

676 677 678
2232.	[bug]		dns_adb_findaddrinfo() could fail and return
			ISC_R_SUCCESS. [RT #17137]

679 680 681
2231.	[bug]		Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
			[RT #17088]

682 683 684
2230.	[bug]		We could INSIST reading a corrupted journal.
			[RT #17132]

Mark Andrews's avatar
Mark Andrews committed
685
2229.	[bug]		Null pointer dereference on query pool creation
686 687
			failure. [RT #17133]

Mark Andrews's avatar
Mark Andrews committed
688
2228.	[contrib]	contrib: Change 2188 was incomplete.
689

690 691
2227.	[cleanup]	Tidied up the FAQ. [RT #17121]

Mark Andrews's avatar
Mark Andrews committed
692 693
2226.	[placeholder]

694 695 696
2225.	[bug]		More support for systems with no IPv4 addresses.
		        [RT #17111]

697 698 699 700 701
2224.	[bug]		Defer journal compaction if a xfrin is in progress.
			[RT #17119]

2223.	[bug]		Make a new journal when compacting. [RT #17119]

702 703 704
2222.	[func]		named-checkconf now checks server key references.
		        [RT #17097]

705
2221.	[bug]		Set the event result code to reflect the actual
Mark Andrews's avatar
Mark Andrews committed
706 707 708
			record turned to caller when a cache update is
			rejected due to a more credible answer existing.
			[RT #17017]
709

710 711 712
2220.	[bug]		win32: Address a race condition in final shutdown of
			the Windows socket code. [RT #17028]
			
Mark Andrews's avatar
Mark Andrews committed
713
2219.	[bug]		Apply zone consistency checks to additions, not
Mark Andrews's avatar
Mark Andrews committed
714
			removals, when updating. [RT #17049]
715

716 717 718
2218.	[bug]		Remove unnecessary REQUIRE from dns_validator_create().
			[RT #16976]

719 720
2217.	[func]		Adjust update log levels. [RT #17092]

721 722 723
2216.	[cleanup]	Fix a number of errors reported by Coverity.
		        [RT #17094]

724 725
2215.	[bug]		Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]

726 727 728 729
2214.	[bug]		Deregister OpenSSL lock callback when cleaning
			up.  Reorder OpenSSL cleanup so that RAND_cleanup()
			is called before the locks are destroyed. [RT #17098]

730 731 732
2213.	[bug]		SIG0 diagnostic failure messages were looking at the
			wrong status code. [RT #17101]

Mark Andrews's avatar
Mark Andrews committed
733
2212.	[func]		'host -m' now causes memory statistics and active
734 735
			memory to be printed at exit. [RT 17028]

736 737 738
2211.	[func]		Update "dynamic update temporarily disabled" message.
			[RT #17065]

739 740 741
2210.	[bug]		Deleting class specific records via UPDATE could
			fail.  [RT #17074]

742 743 744 745
2209.	[port]		osx: linking against user supplied static OpenSSL
			libraries failed as the system ones were still being
			found. [RT #17078]

746 747 748
2208.	[port]		win32: make sure both build methods produce the
			same output. [RT #17058]

749 750
2207.	[port]		Some implementations of getaddrinfo() fail to set
			ai_canonname correctly. [RT #17061]
Mark Andrews's avatar
Mark Andrews committed
751 752 753

	--- 9.5.0a6 released ---

754 755 756 757 758 759 760 761 762 763 764 765 766 767 768
2206.	[security]	"allow-query-cache" and "allow-recursion" now
			cross inherit from each other.

			If allow-query-cache is not set in named.conf then
			allow-recursion is used if set, otherwise allow-query
			is used if set, otherwise the default (localnets;
			localhost;) is used.

			If allow-recursion is not set in named.conf then
			allow-query-cache is used if set, otherwise allow-query
			is used if set, otherwise the default (localnets;
			localhost;) is used.

			[RT #16987]
	
769 770
2205.	[bug]		libbind: change #2119 broke thread support. [RT #16982]

Mark Andrews's avatar
Mark Andrews committed
771
2204.	[bug]		"rndc flushanme name unknown-view" caused named
772
			to crash. [RT #16984]
Mark Andrews's avatar
9.5.0a6  
Mark Andrews committed
773

774 775 776
2203.	[security]	Query id generation was cryptographically weak.
			[RT # 16915]

777 778 779
2202.	[security]	The default acls for allow-query-cache and
			allow-recursion were not being applied. [RT #16960]

Mark Andrews's avatar
Mark Andrews committed
780
2201.	[bug]		The build failed in a separate object directory.
781 782
			[RT #16943]

783 784 785
2200.	[bug]		The search for cached NSEC records was stopping to
			early leading to excessive DLV queries. [RT #16930]

786 787 788
2199.	[bug]		win32: don't call WSAStartup() while loading dlls.
			[RT #16911]

789 790 791
2198.	[bug]		win32: RegCloseKey() could be called when
			RegOpenKeyEx() failed. [RT #16911]

792 793 794 795
2197.	[bug]		Add INSIST to catch negative responses which are
			not setting the event result code appropriately.
			[RT #16909]

796
2196.	[port]		win32: yield processor while waiting for once to
797
			to complete. [RT #16958]
798

799 800 801
2195.	[func]		dnssec-keygen now defaults to nametype "ZONE"
			when generating DNSKEYs. [RT #16954]

802
2194.	[bug]		Close journal before calling 'done' in xfrin.c.
Mark Andrews's avatar
9.5.0a5  
Mark Andrews committed
803 804 805

	--- 9.5.0a5 released ---

Mark Andrews's avatar
Mark Andrews committed
806 807 808
2193.	[port]		win32: BINDInstall.exe is now linked statically.
			[RT #16906]

809 810 811 812
2192.	[port]		win32: use vcredist_x86.exe to install Visual
			Studio's redistributable dlls if building with
			Visual Stdio 2005 or later.

813 814 815
2191.	[func]		named-checkzone now allows dumping to stdout (-).
			named-checkconf now has -h for help.
			named-checkzone now has -h for help.
Mark Andrews's avatar
Mark Andrews committed
816
			rndc now has -h for help.
817 818 819
			Better handling of '-?' for usage summaries.
			[RT #16707]

820 821 822 823
2190.	[func]		Make fallback to plain DNS from EDNS due to timeouts
			more visible.  New logging category "edns-disabled".
			[RT #16871]

824 825
2189.	[bug]		Handle socket() returning EINTR. [RT #15949]

Mark Andrews's avatar
Mark Andrews committed
826
2188.	[contrib]	queryperf: autoconf changes to make the search for
827 828
			libresolv or libbind more robust. [RT #16299]

829 830
2187.	[bug]		query_addds(), query_addwildcardproof() and
			query_addnxrrsetnsec() should take a version
Mark Andrews's avatar
Mark Andrews committed
831
			argument. [RT #16368]
832

833 834 835
2186.	[port]		cygwin: libbind: check for struct sockaddr_storage
			independently of IPv6. [RT #16482]

836 837 838
2185.	[port]		sunos: libbind: check for ssize_t, memmove() and
			memchr(). [RT #16463]

839 840 841
2184.	[bug]		bind9.xsl.h didn't build out of the source tree.
			[RT #16830]

842 843 844
2183.	[bug]		dnssec-signzone didn't handle offline private keys
			well.  [RT #16832]

845 846 847 848
2182.	[bug]		dns_dispatch_createtcp() and dispatch_createudp()
			could return ISC_R_SUCCESS when they ran out of
			memory. [RT #16365]

849 850
2181.	[port]		sunos: libbind: add paths.h from BIND 8. [RT #16462]

851 852 853
2180.	[cleanup]	Remove bit test from 'compress_test' as they
			are no longer needed. [RT #16497]

854 855 856
2179.	[func]		'rndc command zone' will now find 'zone' if it is
			unique to all the views. [RT #16821]

857 858 859
2178.	[bug]		'rndc reload' of a slave or stub zone resulted in
			a reference leak. [RT #16867]

860 861
2177.	[bug]		Array bounds overrun on read (rcodetext) at
			debug level 10+. [RT #16798]
862

863
2176.	[contrib]	dbus update to handle race condition during
Mark Andrews's avatar
Mark Andrews committed
864
			initialization (Bugzilla 235809). [RT #16842]
865

Mark Andrews's avatar
Mark Andrews committed
866
2175.	[bug]		win32: windows broadcast condition variable support
867 868
			was broken. [RT #16592]

869 870 871
2174.	[bug]		I/O errors should always be fatal when reading
			master files. [RT #16825]

872 873
2173.	[port]		win32: When compiling with MSVS 2005 SP1 we also
			need to ship Microsoft.VC80.MFCLOC.
Mark Andrews's avatar
9.5.0a4  
Mark Andrews committed
874 875 876

	--- 9.5.0a4 released ---

877 878 879
2172.	[bug]		query_addsoa() was being called with a non zone db.
			[RT #16834]

880 881 882 883
2171.	[bug]		Handle breaks in DNSSEC trust chains where the parent
			servers are not DS aware (DS queries to the parent
			return a referral to the child).

884 885
2170.	[func]		Add acache processing to test suite. [RT #16711]

886 887 888
2169.	[bug]		host, nslookup: when reporting NXDOMAIN report the
			given name and not the last name searched for.
			[RT #16763]
889

890 891 892
2168.	[bug]		nsupdate: in non-interactive mode treat syntax errors
			as fatal errors. [RT #16785]

893 894
2167.	[bug]		When re-using a automatic zone named failed to
			attach it to the new view. [RT #16786]
Evan Hunt's avatar
9.5.0a3  
Evan Hunt committed
895 896 897

	--- 9.5.0a3 released ---

898 899 900 901
2166.	[bug]		When running in batch mode, dig could misinterpret
			a server address as a name to be looked up, causing
			unexpected output. [RT #16743]

902 903 904 905 906
2165.	[func]		Allow the destination address of a query to determine
			if we will answer the query or recurse.
			allow-query-on, allow-recursion-on and
			allow-query-cache-on. [RT #16291]

907 908 909 910
2164.	[bug]		The code to determine how named-checkzone / 
			named-compilezone was called failed under windows.
			[RT #16764]

911 912 913 914
2163.	[bug]		If only one of query-source and query-source-v6
			specified a port the query pools code broke (change
			2129).  [RT #16768]

915 916 917
2162.	[func]		Allow "rrset-order fixed" to be disabled at compile
			time. [RT #16665]

918 919 920
2161.	[bug]		Fix which log messages are emitted for 'rndc flush'.
			[RT #16698]

921 922 923
2160.	[bug]		libisc wasn't handling NULL ifa_addr pointers returned
			from getifaddrs(). [RT #16708]

Mark Andrews's avatar
9.5.0a2  
Mark Andrews committed
924 925
	--- 9.5.0a2 released ---

Mark Andrews's avatar
Mark Andrews committed
926 927
2159.	[bug]		Array bounds overrun in acache processing. [RT #16710]

Mark Andrews's avatar
Mark Andrews committed
928
2158.	[bug]		ns_client_isself() failed to initialize key
929 930
			leading to a REQUIRE failure. [RT #16688]

931 932 933 934 935 936 937 938
2157.	[func]		dns_db_transfernode() created. [RT #16685]

2156.	[bug]		Fix node reference leaks in lookup.c:lookup_find(),
			resolver.c:validated() and resolver.c:cache_name().
			Fix a memory leak in rbtdb.c:free_noqname().
			Make lookup.c:lookup_find() robust against
			event leaks. [RT #16685]

939 940 941
2155.	[contrib]	SQLite sdb module from jaboydjr@netwalk.com.
			[RT #16694]

942 943 944
2154.	[func]		Scoped (e.g. IPv6 link-local) addresses may now be
			matched in acls by omitting the scope. [RT #16599]

945 946
2153.	[bug]		nsupdate could leak memory. [RT #16691]

947 948 949
2152.	[cleanup]	Use sizeof(buf) instead of fixed number in
			dighost.c:get_trusted_key(). [RT #16678]

950 951 952
2151.	[bug]		Missing newline in usage message for journalprint.
			[RT #16679]

953 954 955 956
2150.	[bug]		'rrset-order cyclic' uniformly distribute the
			starting point for the first response for a given
			RRset. [RT #16655]

957 958 959 960
2149.	[bug]		isc_mem_checkdestroyed() failed to abort on
			if there were still active memory contexts.
			[RT #16672]

961 962
2148.	[func]		Add positive logging for rndc commands. [RT #14623]

963 964 965
2147.	[bug]		libbind: remove potential buffer overflow from
			hmac_link.c. [RT #16437]

966 967 968
2146.	[cleanup]	Silence Linux's spurious "obsolete setsockopt
			SO_BSDCOMPAT" message. [RT #16641]

969 970 971
2145.	[bug]		Check DS/DLV digest lengths for known digests.
			[RT #16622]

972 973 974
2144.	[cleanup]	Suppress logging of SERVFAIL from forwarders.
			[RT #16619]

975 976 977 978
2143.	[bug]		We failed to restart the IPv6 client when the
			kernel failed to return the destination the
			packet was sent to. [RT #16613]

Mark Andrews's avatar
Mark Andrews committed
979
2142.	[bug]		Handle master files with a modification time that
980 981
			matches the epoch. [RT# 16612]

982 983 984
2141.	[bug]		dig/host should not be setting IDN_ASCCHECK (IDN
			equivalent of LDH checks).  [RT #16609]

985 986 987
2140.	[bug]		libbind: missing unlock on pthread_key_create()
			failures. [RT #16654]

988 989 990
2139.	[bug]		dns_view_find() was being called with wrong type
			in adb.c. [RT #16670]

991 992
2138.	[bug]		Lock order reversal in resolver.c. [RT #16653]

993
2137.	[port]		Mips little endian and/or mips 64 bit are now
Mark Andrews's avatar
Mark Andrews committed
994
			supported for atomic operations. [RT#16648]
995

996 997 998
2136.	[bug]		nslookup/host looped if there was no search list
			and the host didn't exist. [RT #16657]

Mark Andrews's avatar
Mark Andrews committed
999
2135.	[bug]		Uninitialized rdataset in sdlz.c. [RT# 16656]
1000

1001 1002
2134.	[func]		Additional statistics support. [RT #16666]

1003 1004 1005
2133.	[port]		powerpc:  Support both IBM and MacOS Power PC
			assembler syntaxes. [RT #16647]

1006 1007 1008
2132.	[bug]		Missing unlock on out of memory in
			dns_dispatchmgr_setudp().

1009 1010
2131.	[contrib]	dlz/mysql: AXFR was broken. [RT #16630]

1011 1012
2130.	[func]		Log if CD or DO were set. [RT #16640]

1013 1014 1015 1016
2129.	[func]		Provide a pool of UDP sockets for queries to be
			made over. See use-queryport-pool, queryport-pool-ports
			and queryport-pool-updateinterval.  [RT #16415]

1017 1018
2128.	[doc]		xsltproc --nonet, update DTD versions.  [RT #16635]

1019 1020
2127.	[port]		Improved OpenSSL 0.9.8 support. [RT #16563]

Mark Andrews's avatar
Mark Andrews committed
1021
2126.	[security]	Serialize validation of type ANY responses. [RT #16555]
1022

1023 1024 1025
2125.	[bug]		dns_zone_getzeronosoattl() REQUIRE failure if DLZ
			was defined. [RT #16574]

Mark Andrews's avatar
Mark Andrews committed
1026
2124.	[security]	It was possible to dereference a freed fetch
1027
			context. [RT #16584]
Mark Andrews's avatar
9.5.0a1  
Mark Andrews committed
1028 1029 1030

	--- 9.5.0a1 released ---

Mark Andrews's avatar
Mark Andrews committed
1031
2123.	[func]		Use Doxygen to generate internal documentation.
1032 1033
			[RT #11398]

1034 1035 1036
2122.	[func]		Experimental http server and statistics support
			for named via xml.

1037 1038 1039
2121.	[func]		Add a 10 slot dead masters cache (LRU) with a 600
			second timeout. [RT #16553]