aboutsummaryrefslogtreecommitdiffstats
path: root/CHANGES
diff options
context:
space:
mode:
authorDoug Barton <dougb@FreeBSD.org>2009-05-31 00:11:36 +0000
committerDoug Barton <dougb@FreeBSD.org>2009-05-31 00:11:36 +0000
commitb0e69f719c1db2c19fcfba96f0dac9a5a2277350 (patch)
tree72d567a9bc3fb8adcfcbaa9baedc122d53071209 /CHANGES
parentfe9c1406ede29d1f2b9969c75785beef87a4bf87 (diff)
downloadsrc-b0e69f719c1db2c19fcfba96f0dac9a5a2277350.tar.gz
src-b0e69f719c1db2c19fcfba96f0dac9a5a2277350.zip
Vendor import of BIND 9.6.1rc1
Notes
Notes: svn path=/vendor/bind9/dist/; revision=193141
Diffstat (limited to 'CHANGES')
-rw-r--r--CHANGES902
1 files changed, 765 insertions, 137 deletions
diff --git a/CHANGES b/CHANGES
index 8d1f22b8e381..4f55ca2aa0e8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,18 +1,258 @@
- --- 9.4.3-P2 released ---
+
+ --- 9.6.1rc1 released ---
+
+2599. [bug] Address rapid memory growth when validation fails.
+ [RT #19654]
+
+2597. [bug] Handle a validation failure with a insecure delegation
+ from a NSEC3 signed master/slave zone. [RT #19464]
+
+2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
+ long, leading to inefficient memory usage or rejecting
+ newer cache entries in the worst case. [RT #19563]
+
+2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
+
+2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
+
+2591. [bug] named could die when processing a update in
+ removed_orphaned_ds(). [RT #19507]
+
+2588. [bug] SO_REUSEADDR could be set unconditionally after failure
+ of bind(2) call. This should be rare and mostly
+ harmless, but may cause interference with other
+ processes that happen to use the same port. [RT #19642]
+
+2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
+ or SDB. [RT #19577]
+
+2585. [bug] Uninitialized socket name could be referenced via a
+ statistics channel, triggering an assertion failure in
+ XML rendering. [RT #19427]
+
+2584. [bug] alpha: gcc optimization could break atomic operations.
+ [RT #19227]
+
+2583. [port] netbsd: provide a control to not add the compile
+ date to the version string, -DNO_VERSION_DATE.
+
+2582. [bug] Don't emit warning log message when we attempt to
+ remove non-existant journal. [RT #19516]
2579. [bug] DNSSEC lookaside validation failed to handle unknown
algorithms. [RT #19479]
- --- 9.4.3-P1 released ---
+2578. [bug] Changed default sig-signing-type to 65534, because
+ 65535 turns out to be reserved. [RT #19477]
+
+2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
+ [RT #18837]
+
+ --- 9.6.1b1 released ---
+
+2577. [doc] Clarified some statistics counters. [RT #19454]
+
+2576. [bug] NSEC record were not being correctly signed when
+ a zone transitions from insecure to secure.
+ Handle such incorrectly signed zones. [RT #19114]
+
+2574. [doc] Document nsupdate -g and -o. [RT #19351]
+
+2573. [bug] Replacing a non-CNAME record with a CNAME record in a
+ single transaction in a signed zone failed. [RT #19397]
+
+2568. [bug] Report when the write to indicate a otherwise
+ successful start fails. [RT #19360]
+
+2567. [bug] dst__privstruct_writefile() could miss write errors.
+ write_public_key() could miss write errors.
+ dnssec-dsfromkey could miss write errors.
+ [RT #19360]
+
+2564. [bug] Only take EDNS fallback steps when processing timeouts.
+ [RT #19405]
+
+2563. [bug] Dig could leak a socket causing it to wait forever
+ to exit. [RT #19359]
+
+2562. [doc] ARM: miscellaneous improvements, reorganization,
+ and some new content.
+
+2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
+
+2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
+
+2559. [bug] dnssec-dsfromkey could compute bad DS records when
+ reading from a K* files. [RT #19357]
+
+2557. [cleanup] PCI compliance:
+ * new libisc log module file
+ * isc_dir_chroot() now also changes the working
+ directory to "/".
+ * additional INSISTs
+ * additional logging when files can't be removed.
+
+2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
+ error checks in the correct order resulting in the
+ wrong error code sometimes being returned. [RT #19249]
+
+2554. [bug] Validation of uppercase queries from NSEC3 zones could
+ fail. [RT #19297]
+
+2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
+
+2552. [bug] zero-no-soa-ttl-cache was not being honoured.
+ [RT #19340]
+
+2551. [bug] Potential Reference leak on return. [RT #19341]
+
+2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
+ [RT #19343]
+
+2549. [port] linux: define NR_OPEN if not currently defined.
+ [RT #19344]
+
+2548. [bug] Install iterated_hash.h. [RT #19335]
+
+2547. [bug] openssl_link.c:mem_realloc() could reference an
+ out-of-range area of the source buffer. New public
+ function isc_mem_reallocate() was introduced to address
+ this bug. [RT #19313]
+
+2545. [doc] ARM: Legal hostname checking (check-names) is
+ for SRV RDATA too. [RT #19304]
+
+2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
+
+2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
+
+2542. [doc] Update the description of dig +adflag. [RT #19290]
+
+2541. [bug] Conditionally update dispatch manager statistics.
+ [RT #19247]
+
+2539. [security] Update the interaction between recursion, allow-query,
+ allow-query-cache and allow-recursion. [RT #19198]
+
+2538. [bug] cache/ADB memory could grow over max-cache-size,
+ especially with threads and smaller max-cache-size
+ values. [RT #19240]
+
+2537. [experimental] Added more statistics counters including those on socket
+ I/O events and query RTT histograms. [RT #18802]
+
+2536. [cleanup] Silence some warnings when -Werror=format-security is
+ specified. [RT #19083]
+
+2535. [bug] dig +showsearh and +trace interacted badly. [RT #19091]
+
+2532. [bug] dig: check the question section of the response to
+ see if it matches the asked question. [RT #18495]
+
+2531. [bug] Change #2207 was incomplete. [RT #19098]
+
+2530. [bug] named failed to reject insecure to secure transitions
+ via UPDATE. [RT #19101]
+
+2529. [cleanup] Upgrade libtool to silence complaints from recent
+ version of autoconf. [RT #18657]
+
+2528. [cleanup] Silence spurious configure warning about
+ --datarootdir [RT #19096]
+
+2527. [bug] named could reuse cache on reload with
+ enabling/disabling validation. [RT #19119]
+
+2525. [experimental] New logging category "query-errors" to provide detailed
+ internal information about query failures, especially
+ about server failures. [RT #19027]
+
+2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
+
+2523. [bug] Random type rdata freed by dns_nsec_typepresent().
+ [RT #19112]
+
+2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
+
+2521. [bug] Improve epoll cross compilation support. [RT #19047]
+
+2519. [bug] dig/host with -4 or -6 didn't work if more than two
+ nameserver addresses of the excluded address family
+ preceded in resolv.conf. [RT #19081]
+
+2517. [bug] dig +trace with -4 or -6 failed when it chose a
+ nameserver address of the excluded address.
+ [RT #18843]
+
+2516. [bug] glue sort for responses was performed even when not
+ needed. [RT #19039]
+
+2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
+ a nameserver of the excluded address family.
+ [RT #18848]
+
+2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
+ [RT #18885]
+
+2506. [port] solaris: Check at configure time if
+ hack_shutup_pthreadonceinit is needed. [RT #19037]
+
+2505. [port] Treat amd64 similarly to x86_64 when determining
+ atomic operation support. [RT #19031]
+
+2503. [port] linux: improve compatibility with Linux Standard
+ Base. [RT #18793]
+
+2502. [cleanup] isc_radix: Improve compliance with coding style,
+ document function in <isc/radix.h>. [RT #18534]
+
+ --- 9.6.0 released ---
+
+2520. [bug] Update xml statistics version number to 2.0 as change
+ #2388 made the schema incompatible to the previous
+ version. [RT #19080]
+
+ --- 9.6.0rc2 released ---
+
+2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
+ [RT #19063]
+
+2513 [bug] Fix windows cli build. [RT #19062]
+
+2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
+ [RT #19033]
+
+2509. [bug] Specifying a fixed query source port was broken.
+ [RT #19051]
+
+2504. [bug] Address race condition in the socket code. [RT #18899]
-2522. [security] Handle -1 from DSA_do_verify().
+ --- 9.6.0rc1 released ---
2498. [bug] Removed a bogus function argument used with
ISC_SOCKET_USE_POLLWATCH: it could cause compiler
warning or crash named with the debug 1 level
of logging. [RT #18917]
- --- 9.4.3 released ---
+2497. [bug] Don't add RRSIG bit to NSEC3 bit map for insecure
+ delegation.
+
+2496. [bug] Add sanity length checks to NSID option. [RT #18813]
+
+2495. [bug] Tighten RRSIG checks. [RT #18795]
+
+2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
+ installed. [RT #18826]
+
+2493. [bug] The linux capabilities code was not correctly cleaning
+ up after itself. [RT #18767]
+
+2492. [func] Rndc status now reports the number of cpus discovered
+ and the number of worker threads when running
+ multi-threaded. [RT #18273]
+
+2491. [func] Attempt to re-use a local port if we are already using
+ the port. [RT #18548]
2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
is cleared when IPV6_V6ONLY is set. [RT #18785]
@@ -23,7 +263,58 @@
Define ISC_SOCKET_USE_POLLWATCH at build time to enable
this workaround. [RT #18870]
- --- 9.4.3rc1 released ---
+2488. [func] Added a tool, dnssec-dsfromkey, to generate DS records
+ from keyset and .key files. [RT #18694]
+
+2487. [bug] Give TCP connections longer to complete. [RT #18675]
+
+2486. [func] The default locations for named.pid and lwresd.pid
+ are now /var/run/named/named.pid and
+ /var/run/lwresd/lwresd.pid respectively.
+
+ This allows the owner of the containing directory
+ to be set, for "named -u" support, and allows there
+ to be a permanent symbolic link in the path, for
+ "named -t" support. [RT #18306]
+
+2485. [bug] Change update's the handling of obscured RRSIG
+ records. Not all orphaned DS records were being
+ removed. [RT #18828]
+
+2484. [bug] It was possible to trigger a REQUIRE failure when
+ adding NSEC3 proofs to the response in
+ query_addwildcardproof(). [RT #18828]
+
+2483. [port] win32: chroot() is not supported. [RT #18805]
+
+2482. [port] libxml2: support versions 2.7.* in addition
+ to 2.6.*. [RT #18806]
+
+ --- 9.6.0b1 released ---
+
+2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
+ collisions. [RT #18812]
+
+2480. [bug] named could fail to emit all the required NSEC3
+ records. [RT #18812]
+
+2479. [bug] xfrout:covers was not properly initialized. [RT #18801]
+
+2478. [bug] 'addresses' could be used uninitialized in
+ configure_forward(). [RT #18800]
+
+2477. [bug] dig: the global option to print the command line is
+ +cmd not print_cmd. Update the output to reflect
+ this. [RT #17008]
+
+2476. [doc] ARM: improve documentation for max-journal-size and
+ ixfr-from-differences. [RT #15909] [RT #18541]
+
+2475. [bug] LRU cache cleanup under overmem condition could purge
+ particular entries more aggressively. [RT #17628]
+
+2474. [bug] ACL structures could be allocated with insufficient
+ space, causing an array overrun. [RT #18765]
2473. [port] linux: raise the limit on open files to the possible
maximum value before spawning threads; 'files'
@@ -33,9 +324,12 @@
2472. [port] linux: check the number of available cpu's before
calling chroot as it depends on "/proc". [RT #16923]
-2471. [bug] named-checkzone was not reporting missing manditory
+2471. [bug] named-checkzone was not reporting missing mandatory
glue when sibling checks were disabled. [RT #18768]
+2470. [bug] Elements of the isc_radix_node_t could be incorrectly
+ overwritten. [RT# 18719]
+
2469. [port] solaris: Work around Solaris's select() limitations.
[RT #18769]
@@ -50,10 +344,14 @@
2465. [bug] Adb's handling of lame addresses was different
for IPv4 and IPv6. [RT #18738]
+2464. [port] linux: check that a capability is present before
+ trying to set it. [RT #18135]
+
2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
API and glibc hides parts of the IPv6 Advanced Socket
API as a result. This is stupid as it breaks how the
- two halves (Basic and Advanced) of the IPv6 Socket API were designed to be used but we have to live with it.
+ two halves (Basic and Advanced) of the IPv6 Socket API
+ were designed to be used but we have to live with it.
Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
API. [RT #18388]
@@ -62,17 +360,48 @@
2461. [port] sunos: Change #2363 was not complete. [RT #17513]
+ --- 9.6.0a1 released ---
+
+2460. [bug] Don't call dns_db_getnsec3parameters() on the cache.
+ [RT #18697]
+
+2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
+
2458. [doc] ARM: update and correction for max-cache-size.
[RT #18294]
-2455. [bug] Stop metadata being transfered via axfr/ixfr.
+2457. [tuning] max-cache-size is reverted to 0, the previous
+ default. It should be safe because expired cache
+ entries are also purged. [RT #18684]
+
+2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
+ address, regardless of family. They now correctly
+ distinguish IPv4 from IPv6. [RT #18559]
+
+2455. [bug] Stop metadata being transferred via axfr/ixfr.
[RT #18639]
+2454. [func] nsupdate: you can now set a default ttl. [RT #18317]
+
2453. [bug] Remove NULL pointer dereference in dns_journal_print().
[RT #18316]
-2449. [bug] libbind: Out of bounds reference in dns_ho.c:addrsort.
- [RT #18044]
+2452. [func] Improve bin/test/journalprint. [RT #18316]
+
+2451. [port] solaris: handle runtime linking better. [RT #18356]
+
+2450. [doc] Fix lwresd docbook problem for manual page.
+ [RT #18672]
+
+2449. [placeholder]
+
+2448. [func] Add NSEC3 support. [RT #15452]
+
+2447. [cleanup] libbind has been split out as a separate product.
+
+2446. [func] Add a new log message about build options on startup.
+ A new command-line option '-V' for named is also
+ provided to show this information. [RT# 18645]
2445. [doc] ARM out-of-date on empty reverse zones (list includes
RFC1918 address, but these are not yet compiled in).
@@ -81,31 +410,46 @@
2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
(clear DF) for UDP responses and requests.
- --- 9.4.3b3 released ---
-
2443. [bug] win32: UDP connect() would not generate an event,
and so connected UDP sockets would never clean up.
Fix this by doing an immediate WSAConnect() rather
than an io completion port type for UDP.
-2438. [bug] Timeouts could be logged incorrectly under win32.
- [RT #18617]
+2442. [bug] A lock could be destroyed twice. [RT# 18626]
+
+2441. [bug] isc_radix_insert() could copy radix tree nodes
+ incompletely. [RT #18573]
+
+2440. [bug] named-checkconf used an incorrect test to determine
+ if an ACL was set to none.
+
+2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
+ [RT #18559]
+
+2438. [bug] Timeouts could be logged incorrectly under win32.
2437. [bug] Sockets could be closed too early, leading to
inconsistent states in the socket module. [RT #18298]
2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
+2435. [bug] Fixed an ACL memory leak affecting win32.
+
+2434. [bug] Fixed a minor error-reporting bug in
+ lib/isc/win32/socket.c.
+
2433. [tuning] Set initial timeout to 800ms.
-2432. [bug] More Windows socket handling improvements. Stop
+2432. [bug] More Windows socket handling improvements. Stop
using I/O events and use IO Completion Ports
throughout. Rewrite the receive path logic to make
it easier to support multiple simultaneous
- requestrs in the future. Add stricter consistency
+ requesters in the future. Add stricter consistency
checking as a compile-time option (define
ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
+2431. [bug] Acl processing could leak memory. [RT #18323]
+
2430. [bug] win32: isc_interval_set() could round down to
zero if the input was less than NS_INTERVAL
nanoseconds. Round up instead. [RT #18549]
@@ -113,8 +457,14 @@
2429. [doc] nsupdate should be in section 1 of the man pages.
[RT #18283]
+2428. [bug] dns_iptable_merge() mishandled merges of negative
+ tables. [RT #18409]
+
+2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
+ was set. [RT #18528]
+
2426. [bug] libbind: inet_net_pton() can sometimes return the
- wrong value if excessively large netmasks are
+ wrong value if excessively large net masks are
supplied. [RT #18512]
2425. [bug] named didn't detect unavailable query source addresses
@@ -125,6 +475,12 @@
epoll and /dev/poll to be selected at compile
time. [RT #18277]
+2423. [security] Randomize server selection on queries, so as to
+ make forgery a little more difficult. Instead of
+ always preferring the server with the lowest RTT,
+ pick a server with RTT within the same 128
+ millisecond band. [RT #18441]
+
2422. [bug] Handle the special return value of a empty node as
if it was a NXRRSET in the validator. [RT #18447]
@@ -133,13 +489,20 @@
Use caution: this option may not work for some
operating systems without rebuilding named.
-2420. [bug] Windows socket handling cleanup. Let the io
- completion event send out cancelled read/write
- done events, which keeps us from writing to memeory
+2420. [bug] Windows socket handling cleanup. Let the io
+ completion event send out canceled read/write
+ done events, which keeps us from writing to memory
we no longer have ownership of. Add debugging
socket_log() function. Rework TCP socket handling
to not leak sockets.
+2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
+ should not be used for isc_sockettype_fdwatch sockets.
+ [RT #18521]
+
+2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
+ [RT #18430]
+
2417. [bug] Connecting UDP sockets for outgoing queries could
unexpectedly fail with an 'address already in use'
error. [RT #18411]
@@ -147,26 +510,42 @@
2416. [func] Log file descriptors that cause exceeding the
internal maximum. [RT #18460]
+2415. [bug] 'rndc dumpdb' could trigger various assertion failures
+ in rbtdb.c. [RT #18455]
+
2414. [bug] A masterdump context held the database lock too long,
causing various troubles such as dead lock and
recursive lock acquisition. [RT #18311, #18456]
2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
-2412. [bug] win32: address a resourse leak. [RT #18374]
+2412. [bug] win32: address a resource leak. [RT #18374]
2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
at compilation time. [RT #18433]
+ Note: with changes #2469 and #2421 above, there is no
+ need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
+ any more.
+
2410. [bug] Correctly delete m_versionInfo. [RT #18432]
+2409. [bug] Only log that we disabled EDNS processing if we were
+ subsequently successful. [RT #18029]
+
2408. [bug] A duplicate TCP dispatch event could be sent, which
could then trigger an assertion failure in
resquery_response(). [RT #18275]
2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
+2406. [placeholder]
+
+2405. [cleanup] The default value for dnssec-validation was changed to
+ "yes" in 9.5.0-P1 and all subsequent releases; this
+ was inadvertently omitted from CHANGES at the time.
+
2404. [port] hpux: files unlimited support.
2403. [bug] TSIG context leak. [RT #18341]
@@ -176,13 +555,17 @@
2401. [bug] Expect to get E[MN]FILE errno internal_accept()
(from accept() or fcntl() system calls). [RT #18358]
-2399. [bug] Abort timeout queries to reduce the number of open
- UDP sockets. [RT #18367]
+2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
+ [RT #18297]
+
+2399. [placeholder]
2398. [bug] Improve file descriptor management. New,
temporary, named.conf option reserved-sockets,
default 512. [RT #18344]
+2397. [bug] gssapi_functions had too many elements. [RT #18355]
+
2396. [bug] Don't set SO_REUSEADDR for randomized ports.
[RT #18336]
@@ -193,35 +576,42 @@
open files to 'unlimited' as described in the
documentation. [RT #18331]
+2393. [bug] nested acls containing keys could trigger an
+ assertion in acl.c. [RT #18166]
+
2392. [bug] remove 'grep -q' from acl test script, some platforms
don't support it. [RT #18253]
-2391 [port] hpux: cover additional recvmsg() error codes.
+2391. [port] hpux: cover additional recvmsg() error codes.
[RT #18301]
-2390 [bug] dispatch.c could make a false warning on 'odd socket'.
+2390. [bug] dispatch.c could make a false warning on 'odd socket'.
[RT #18301].
-2389 [bug] Move the "working directory writable" check to after
+2389. [bug] Move the "working directory writable" check to after
the ns_os_changeuser() call. [RT #18326]
+2388. [bug] Avoid using tables for layout purposes in
+ statistics XSL [RT #18159].
+
+2387. [bug] Silence compiler warnings in lib/isc/radix.c.
+ [RT #18147] [RT #18258]
+
2386. [func] Add warning about too small 'open files' limit.
[RT #18269]
- --- 9.4.3b2 released ---
-
2385. [bug] A condition variable in socket.c could leak in
rare error handling [RT #17968].
-2384. [security] Additional support for query port randomization (change
- #2375) including performance improvement and port range
- specification. [RT #17949, #18098]
+2384. [security] Fully randomize UDP query ports to improve
+ forgery resilience. [RT #17949, #18098]
2383. [bug] named could double queries when they resulted in
SERVFAIL due to overkilling EDNS0 failure detection.
[RT #18182]
-2382. [doc] Add descriptions of IPSECKEY, SPF and SSHFP to ARM.
+2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
+ to ARM.
2381. [port] dlz/mysql: support multiple install layouts for
mysql. <prefix>/include/{,mysql/}mysql.h and
@@ -235,41 +625,104 @@
2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
TLDs and supported RRs with TTLs [RT #17972]
+2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
+ [RT #18169]
+
2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
2376. [bug] Change #2144 was not complete.
-2375. [security] Fully randomize UDP query ports to improve
- forgery resilience. [RT #17949]
+2375. [placeholder]
+
+2374. [bug] "blackhole" ACLs could cause named to segfault due
+ to some uninitialized memory. [RT #18095]
+
+2373. [bug] Default values of zone ACLs were re-parsed each time a
+ new zone was configured, causing an overconsumption
+ of memory. [RT #18092]
+
+2372. [bug] Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
-2372. [bug] fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
+2371. [doc] Add +nsid option to dig man page. [RT #18039]
+
+2370. [bug] "rndc freeze" could trigger an assertion in named
+ when called on a nonexistent zone. [RT #18050]
2369. [bug] libbind: Array bounds overrun on read in bitncmp().
[RT #18054]
+2368. [port] Linux: use libcap for capability management if
+ possible. [RT# 18026]
+
+2367. [bug] Improve counting of dns_resstatscounter_retry
+ [RT #18030]
+
+2366. [bug] Adb shutdown race. [RT #18021]
+
+2365. [bug] Fix a bug that caused dns_acl_isany() to return
+ spurious results. [RT #18000]
+
2364. [bug] named could trigger a assertion when serving a
malformed signed zone. [RT #17828]
2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
[RT #17513]
+2362. [cleanup] Make "rrset-order fixed" a compile-time option.
+ settable by "./configure --enable-fixed-rrset".
+ Disabled by default. [RT #17977]
+
2361. [bug] "recursion" statistics counter could be counted
multiple times for a single query. [RT #17990]
- --- 9.4.3b1 released ---
+2360. [bug] Fix a condition where we release a database version
+ (which may acquire a lock) while holding the lock.
+
+2359. [bug] Fix NSID bug. [RT #17942]
2358. [doc] Update host's default query description. [RT #17934]
+2357. [port] Don't use OpenSSL's engine support in versions before
+ OpenSSL 0.9.7f. [RT #17922]
+
2356. [bug] Built in mutex profiler was not scalable enough.
[RT #17436]
-2353. [func] libbind: nsid support. [RT #17091]
+2355. [func] Extend the number statistics counters available.
+ [RT #17590]
+
+2354. [bug] Failed to initialize some rdatasetheader_t elements.
+ [RT #17927]
+
+2353. [func] Add support for Name Server ID (RFC 5001).
+ 'dig +nsid' requests NSID from server.
+ 'request-nsid yes;' causes recursive server to send
+ NSID requests to upstream servers. Server responds
+ to NSID requests with the string configured by
+ 'server-id' option. [RT #17091]
+
+2352. [bug] Various GSS_API fixups. [RT #17729]
+
+2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
2350. [port] win32: IPv6 support. [RT #17797]
+2349. [func] Provide incremental re-signing support for secure
+ dynamic zones. [RT #1091]
+
+2348. [func] Use the EVP interface to OpenSSL. Add PKCS#11 support.
+ Documentation is in the new README.pkcs11 file.
+ New tool, dnssec-keyfromlabel, which takes the
+ label of a key pair in a HSM and constructs a DNS
+ key pair for use by named and dnssec-signzone.
+ [RT #16844]
+
2347. [bug] Delete now traverses the RB tree in the canonical
order. [RT #17451]
+2346. [func] Memory statistics now cover all active memory contexts
+ in increased detail. [RT #17580]
+
2345. [bug] named-checkconf failed to detect when forwarders
were set at both the options/view level and in
a root zone. [RT #17671]
@@ -280,6 +733,8 @@
2343. [bug] (Seemingly) duplicate IPv6 entries could be
created in ADB. [RT #17837]
+2342. [func] Use getifaddrs() if available under Linux. [RT #17224]
+
2341. [bug] libbind: add missing -I../include for off source
tree builds. [RT #17606]
@@ -292,12 +747,16 @@
2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
-2335. [port] sunos: libbind and *printf() support for long long.
+2336. [func] If "named -6" is specified then listen on all IPv6
+ interfaces if there are not listen-on-v6 clauses in
+ named.conf. [RT #17581]
+
+2335. [port] sunos: libbind and *printf() support for long long.
[RT #17513]
2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
bug in fromstruct_txt(). [RT #17609]
-
+
2333. [bug] Fix off by one error in isc_time_nowplusinterval().
[RT #17608]
@@ -321,21 +780,40 @@
J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
M.ROOT-SERVERS.NET.
+2327. [bug] It was possible to dereference a NULL pointer in
+ rbtdb.c. Implement dead node processing in zones as
+ we do for caches. [RT #17312]
+
2326. [bug] It was possible to trigger a INSIST in the acache
processing.
2325. [port] Linux: use capset() function if available. [RT #17557]
+2324. [bug] Fix IPv6 matching against "any;". [RT #17533]
+
2323. [port] tru64: namespace clash. [RT #17547]
2322. [port] MacOS: work around the limitation of setrlimit()
for RLIMIT_NOFILE. [RT #17526]
-2319. [bug] Silence Coverity warnings in
+2321. [placeholder]
+
+2320. [func] Make statistics counters thread-safe for platforms
+ that support certain atomic operations. [RT #17466]
+
+2319. [bug] Silence Coverity warnings in
lib/dns/rdata/in_1/apl_42.c. [RT #17469]
2318. [port] sunos fixes for libbind. [RT #17514]
+2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
+
+2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
+ [RT #17513]
+
+2315. [bug] Used incorrect address family for mapped IPv4
+ addresses in acl.c. [RT #17519]
+
2314. [bug] Uninitialized memory use on error path in
bin/named/lwdnoop.c. [RT #17476]
@@ -345,11 +823,15 @@
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
[RT #17458]
-2311. [func] Update ACL regression test. [RT #17462]
+2311. [bug] IPv6 addresses could match IPv4 ACL entries and
+ vice versa. [RT #17462]
2310. [bug] dig, host, nslookup: flush stdout before emitting
debug/fatal messages. [RT #17501]
+2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
+ [RT #17455]
+
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
[RT #17495]
@@ -371,7 +853,7 @@
2301. [bug] Remove resource leak and fix error messages in
bin/tests/system/lwresd/lwtest.c. [RT #17474]
-2300. [bug] Fixed failure to close open file in
+2300. [bug] Fixed failure to close open file in
bin/tests/names/t_names.c. [RT #17473]
2299. [bug] Remove unnecessary NULL check in
@@ -389,22 +871,39 @@
2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
[RT #17459]
+2294. [func] Allow the experimental statistics channels to have
+ multiple connections and ACL.
+ Note: the stats-server and stats-server-v6 options
+ available in the previous beta releases are replaced
+ with the generic statistics-channels statement.
+
2293. [func] Add ACL regression test. [RT #17375]
2292. [bug] Log if the working directory is not writable.
[RT #17312]
-2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
+2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
failure to set PR_SET_DUMPABLE. [RT #17312]
2290. [bug] Let AD in the query signal that the client wants AD
set in the response. [RT #17301]
+2289. [func] named-checkzone now reports the out-of-zone CNAME
+ found. [RT #17309]
+
2288. [port] win32: mark service as running when we have finished
loading. [RT #17441]
2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
+2286. [func] Allow a TCP connection to be used as a weak
+ authentication method for reverse zones.
+ New update-policy methods tcp-self and 6to4-self.
+ [RT #17378]
+
+2285. [func] Test framework for client memory context management.
+ [RT #17377]
+
2284. [bug] Memory leak in UPDATE prerequisite processing.
[RT #17377]
@@ -413,7 +912,15 @@
memory context rather than the clients memory
context. [RT #17377]
-2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
+2282. [bug] Acl code fixups. [RT #17346] [RT #17374]
+
+2281. [bug] Attempts to use undefined acls were not being logged.
+ [RT #17307]
+
+2280. [func] Allow the experimental http server to be reached
+ over IPv6 as well as IPv4. [RT #17332]
+
+2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
to protect applications from receiving spurious
SIGPIPE signals when using the resolver.
@@ -423,12 +930,21 @@
2277. [bug] Empty zone names were not correctly being caught at
in the post parse checks. [RT #17357]
+2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
+
+2275. [func] Add support to dig to perform IXFR queries over UDP.
+ [RT #17235]
+
+2274. [func] Log zone transfer statistics. [RT #17336]
+
2273. [bug] Adjust log level to WARNING when saving inconsistent
stub/slave master and journal files. [RT# 17279]
2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
[RT #17262]
+2271. [bug] Fix a memory leak in http server code [RT #17100]
+
2270. [bug] dns_db_closeversion() version->writer could be reset
before it is tested. [RT #17290]
@@ -437,6 +953,12 @@
2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
list.
+ --- 9.5.0b1 released ---
+
+2267. [bug] Radix tree node_num value could be set incorrectly,
+ causing positive ACL matches to look like negative
+ ones. [RT #17311]
+
2266. [bug] client.c:get_clientmctx() returned the same mctx
once the pool of mctx's was filled. [RT #17218]
@@ -451,21 +973,14 @@
2262. [bug] Error status from all but the last view could be
lost. [RT #17292]
-2260. [bug] Reported wrong clients-per-query when increasing the
- value. [RT #17236]
-
-2247. [doc] Sort doc/misc/options. [RT #17067]
+2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
-2246. [bug] Make the startup of test servers (ans.pl) more
- robust. [RT #17147]
-
- --- 9.4.2 released ---
+2260. [bug] Reported wrong clients-per-query when increasing the
+ value. [RT #17236]
- --- 9.4.2rc2 released ---
+2259. [placeholder]
-2259. [bug] Reverse incorrect LIBINTERFACE bump of libisc
- in 9.4.2rc1. Applications built against 9.4.2rc1
- will need to be rebuilt.
+ --- 9.5.0a7 released ---
2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
[RT #17241]
@@ -483,20 +998,52 @@
intermediate values as timer->idle was reset by
isc_timer_touch(). [RT #17243]
- --- 9.4.2rc1 released ---
+2253. [func] "max-cache-size" defaults to 32M.
+ "max-acache-size" defaults to 16M.
-2251. [doc] Update memstatistics-file documentation to reflect
- reality. Note there is behaviour change for BIND 9.5.
- [RT #17113]
+2252. [bug] Fixed errors in sortlist code [RT #17216]
-2249. [bug] Only set Authentic Data bit if client requested
- DNSSEC, per RFC 3655 [RT #17175]
+2251. [placeholder]
+
+2250. [func] New flag 'memstatistics' to state whether the
+ memory statistics file should be written or not.
+ Additionally named's -m option will cause the
+ statistics file to be written. [RT #17113]
+
+2249. [bug] Only set Authentic Data bit if client requested
+ DNSSEC, per RFC 3655 [RT #17175]
-2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
+2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
+
+2247. [doc] Sort doc/misc/options. [RT #17067]
+
+2246. [bug] Make the startup of test servers (ans.pl) more
+ robust. [RT #17147]
2245. [bug] Validating lack of DS records at trust anchors wasn't
working. [RT #17151]
+2244. [func] Allow the check of nameserver names against the
+ SOA MNAME field to be disabled by specifying
+ 'notify-to-soa yes;'. [RT #17073]
+
+2243. [func] Configuration files without a newline at the end now
+ parse without error. [RT #17120]
+
+2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
+ library could require a source of random data.
+ [RT #17127]
+
+2241. [func] nsupdate: add a interactive 'help' command. [RT #17099]
+
+2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
+ a number of INSIST()s into plain fatal() errors
+ which report the triggering result code.
+ The 'key' command wasn't disabling GSS-TSIG.
+ [RT #17099]
+
+2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
+
2238. [bug] It was possible to trigger a REQUIRE when a
validation was canceled. [RT #17106]
@@ -507,7 +1054,11 @@
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
-2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
+2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
+
+2233. [func] Add support for O(1) ACL processing, based on
+ radix tree code originally written by Kevin
+ Brintnall. [RT #16288]
2232. [bug] dns_adb_findaddrinfo() could fail and return
ISC_R_SUCCESS. [RT #17137]
@@ -518,34 +1069,44 @@
2230. [bug] We could INSIST reading a corrupted journal.
[RT #17132]
+2229. [bug] Null pointer dereference on query pool creation
+ failure. [RT #17133]
+
2228. [contrib] contrib: Change 2188 was incomplete.
2227. [cleanup] Tidied up the FAQ. [RT #17121]
+2226. [placeholder]
+
2225. [bug] More support for systems with no IPv4 addresses.
- [RT #17111]
+ [RT #17111]
2224. [bug] Defer journal compaction if a xfrin is in progress.
[RT #17119]
2223. [bug] Make a new journal when compacting. [RT #17119]
+2222. [func] named-checkconf now checks server key references.
+ [RT #17097]
+
2221. [bug] Set the event result code to reflect the actual
- record returned to caller when a cache update is
+ record turned to caller when a cache update is
rejected due to a more credible answer existing.
[RT #17017]
2220. [bug] win32: Address a race condition in final shutdown of
the Windows socket code. [RT #17028]
-
+
2219. [bug] Apply zone consistency checks to additions, not
removals, when updating. [RT #17049]
2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
[RT #16976]
+2217. [func] Adjust update log levels. [RT #17092]
+
2216. [cleanup] Fix a number of errors reported by Coverity.
- [RT #17094]
+ [RT #17094]
2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
@@ -559,6 +1120,9 @@
2212. [func] 'host -m' now causes memory statistics and active
memory to be printed at exit. [RT 17028]
+2211. [func] Update "dynamic update temporarily disabled" message.
+ [RT #17065]
+
2210. [bug] Deleting class specific records via UPDATE could
fail. [RT #17074]
@@ -572,7 +1136,7 @@
2207. [port] Some implementations of getaddrinfo() fail to set
ai_canonname correctly. [RT #17061]
- --- 9.4.2b1 released ---
+ --- 9.5.0a6 released ---
2206. [security] "allow-query-cache" and "allow-recursion" now
cross inherit from each other.
@@ -588,15 +1152,21 @@
localhost;) is used.
[RT #16987]
-
+
2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
+2204. [bug] "rndc flushanme name unknown-view" caused named
+ to crash. [RT #16984]
+
2203. [security] Query id generation was cryptographically weak.
[RT # 16915]
2202. [security] The default acls for allow-query-cache and
allow-recursion were not being applied. [RT #16960]
+2201. [bug] The build failed in a separate object directory.
+ [RT #16943]
+
2200. [bug] The search for cached NSEC records was stopping to
early leading to excessive DLV queries. [RT #16930]
@@ -613,8 +1183,13 @@
2196. [port] win32: yield processor while waiting for once to
to complete. [RT #16958]
+2195. [func] dnssec-keygen now defaults to nametype "ZONE"
+ when generating DNSKEYs. [RT #16954]
+
2194. [bug] Close journal before calling 'done' in xfrin.c.
+ --- 9.5.0a5 released ---
+
2193. [port] win32: BINDInstall.exe is now linked statically.
[RT #16906]
@@ -622,6 +1197,17 @@
Studio's redistributable dlls if building with
Visual Stdio 2005 or later.
+2191. [func] named-checkzone now allows dumping to stdout (-).
+ named-checkconf now has -h for help.
+ named-checkzone now has -h for help.
+ rndc now has -h for help.
+ Better handling of '-?' for usage summaries.
+ [RT #16707]
+
+2190. [func] Make fallback to plain DNS from EDNS due to timeouts
+ more visible. New logging category "edns-disabled".
+ [RT #16871]
+
2189. [bug] Handle socket() returning EINTR. [RT #15949]
2188. [contrib] queryperf: autoconf changes to make the search for
@@ -637,6 +1223,9 @@
2185. [port] sunos: libbind: check for ssize_t, memmove() and
memchr(). [RT #16463]
+2184. [bug] bind9.xsl.h didn't build out of the source tree.
+ [RT #16830]
+
2183. [bug] dnssec-signzone didn't handle offline private keys
well. [RT #16832]
@@ -649,6 +1238,9 @@
2180. [cleanup] Remove bit test from 'compress_test' as they
are no longer needed. [RT #16497]
+2179. [func] 'rndc command zone' will now find 'zone' if it is
+ unique to all the views. [RT #16821]
+
2178. [bug] 'rndc reload' of a slave or stub zone resulted in
a reference leak. [RT #16867]
@@ -667,6 +1259,11 @@
2173. [port] win32: When compiling with MSVS 2005 SP1 we also
need to ship Microsoft.VC80.MFCLOC.
+ --- 9.5.0a4 released ---
+
+2172. [bug] query_addsoa() was being called with a non zone db.
+ [RT #16834]
+
2171. [bug] Handle breaks in DNSSEC trust chains where the parent
servers are not DS aware (DS queries to the parent
return a referral to the child).
@@ -683,27 +1280,43 @@
2167. [bug] When re-using a automatic zone named failed to
attach it to the new view. [RT #16786]
+ --- 9.5.0a3 released ---
+
2166. [bug] When running in batch mode, dig could misinterpret
a server address as a name to be looked up, causing
unexpected output. [RT #16743]
-2164. [bug] The code to determine how named-checkzone /
+2165. [func] Allow the destination address of a query to determine
+ if we will answer the query or recurse.
+ allow-query-on, allow-recursion-on and
+ allow-query-cache-on. [RT #16291]
+
+2164. [bug] The code to determine how named-checkzone /
named-compilezone was called failed under windows.
[RT #16764]
+2163. [bug] If only one of query-source and query-source-v6
+ specified a port the query pools code broke (change
+ 2129). [RT #16768]
+
2162. [func] Allow "rrset-order fixed" to be disabled at compile
time. [RT #16665]
-2161. [bug] 'rndc flush' could report a false success. [RT #16698]
+2161. [bug] Fix which log messages are emitted for 'rndc flush'.
+ [RT #16698]
2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
from getifaddrs(). [RT #16708]
+ --- 9.5.0a2 released ---
+
2159. [bug] Array bounds overrun in acache processing. [RT #16710]
2158. [bug] ns_client_isself() failed to initialize key
leading to a REQUIRE failure. [RT #16688]
+2157. [func] dns_db_transfernode() created. [RT #16685]
+
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
resolver.c:validated() and resolver.c:cache_name().
Fix a memory leak in rbtdb.c:free_noqname().
@@ -713,6 +1326,9 @@
2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com.
[RT #16694]
+2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
+ matched in acls by omitting the scope. [RT #16599]
+
2153. [bug] nsupdate could leak memory. [RT #16691]
2152. [cleanup] Use sizeof(buf) instead of fixed number in
@@ -729,6 +1345,8 @@
if there were still active memory contexts.
[RT #16672]
+2148. [func] Add positive logging for rndc commands. [RT #14623]
+
2147. [bug] libbind: remove potential buffer overflow from
hmac_link.c. [RT #16437]
@@ -757,17 +1375,6 @@
2139. [bug] dns_view_find() was being called with wrong type
in adb.c. [RT #16670]
-2119. [compat] libbind: allow res_init() to succeed enough to
- return the default domain even if it was unable
- to allocate memory.
-
- --- 9.4.1 released ---
-
-2172. [bug] query_addsoa() was being called with a non zone db.
- [RT #16834]
-
- --- 9.4.0 released ---
-
2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2137. [port] Mips little endian and/or mips 64 bit are now
@@ -778,6 +1385,8 @@
2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
+2134. [func] Additional statistics support. [RT #16666]
+
2133. [port] powerpc: Support both IBM and MacOS Power PC
assembler syntaxes. [RT #16647]
@@ -786,9 +1395,13 @@
2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
-2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
+2130. [func] Log if CD or DO were set. [RT #16640]
- --- 9.4.0rc2 released ---
+2129. [func] Provide a pool of UDP sockets for queries to be
+ made over. See use-queryport-pool, queryport-pool-ports
+ and queryport-pool-updateinterval. [RT #16415]
+
+2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
@@ -800,9 +1413,22 @@
2124. [security] It was possible to dereference a freed fetch
context. [RT #16584]
+ --- 9.5.0a1 released ---
+
+2123. [func] Use Doxygen to generate internal documentation.
+ [RT #11398]
+
+2122. [func] Experimental http server and statistics support
+ for named via xml.
+
+2121. [func] Add a 10 slot dead masters cache (LRU) with a 600
+ second timeout. [RT #16553]
+
2120. [doc] Fix markup on nsupdate man page. [RT #16556]
- --- 9.4.0rc1 released ---
+2119. [compat] libbind: allow res_init() to succeed enough to
+ return the default domain even if it was unable
+ to allocate memory.
2118. [bug] Handle response with long chains of domain name
compression pointers which point to other compression
@@ -837,8 +1463,14 @@
2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
+2108. [func] DHCID support. [RT #16456]
+
2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
+2106. [func] 'rndc status' now reports named's version. [RT #16426]
+
+2105. [func] GSS-TSIG support (RFC 3645).
+
2104. [port] Fix Solaris SMF error message.
2103. [port] Add /usr/sfw to list of locations for OpenSSL
@@ -846,8 +1478,6 @@
2102. [port] Silence Solaris 10 warnings.
- --- 9.4.0b4 released ---
-
2101. [bug] OpenSSL version checks were not quite right.
[RT #16476]
@@ -860,8 +1490,6 @@
triggered an INSIST failure about the node lock
reference. [RT #16411]
- --- 9.4.0b3 released ---
-
2097. [bug] named could reference a destroyed memory context
after being reloaded / reconfigured. [RT #16428]
@@ -870,14 +1498,14 @@
2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
net_cidr_ntop_ipv6(). [RT #16388]
-
+
2094. [contrib] Update named-bootconf. [RT# 16404]
2093. [bug] named-checkzone -s was broken.
2092. [bug] win32: dig, host, nslookup. Use registry config
if resolv.conf does not exist or no nameservers
- listed. [RT #15877]
+ listed. [RT #15877]
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
@@ -906,8 +1534,6 @@
2082. [doc] Document 'cache-file' as a test only option.
- --- 9.4.0b2 released ---
-
2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
[RT #16360]
@@ -971,8 +1597,6 @@
2060. [bug] Enabling DLZ support could leave views partially
configured. [RT #16295]
- --- 9.4.0b1 released ---
-
2059. [bug] Search into cache rbtdb could trigger an INSIST
failure while cleaning up a stale rdataset.
[RT #16292]
@@ -1052,13 +1676,15 @@
2036. [bug] 'rndc recursing' could cause trigger a REQUIRE.
[RT #16075]
+2035. [func] Make falling back to TCP on UDP refresh failure
+ optional. Default "try-tcp-refresh yes;" for BIND 8
+ compatibility. [RT #16123]
+
2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
2033. [bug] We weren't creating multiple client memory contexts
on demand as expected. [RT #16095]
- --- 9.4.0a6 released ---
-
2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074]
2031. [bug] Emit a error message when "rndc refresh" is called on
@@ -1105,8 +1731,6 @@
allowed but requested and we had the answer
to the original qname. [RT #15945]
- --- 9.4.0a5 released ---
-
2015. [cleanup] use-additional-cache is now acache-enable for
consistency. Default acache-enable off in BIND 9.4
as it requires memory usage to be configured.
@@ -1126,7 +1750,7 @@
the signed zone, either as an increment or as the
system time(). [RT #15633]
- --- 9.4.0a4 released ---
+2010. [placeholder] rt15958
2009. [bug] libbind: Coverity fixes. [RT #15808]
@@ -1280,12 +1904,12 @@
1966. [bug] Don't set CD when we have fallen back to plain DNS.
[RT #15727]
-1965. [func] Suppress spurious "recusion requested but not
+1965. [func] Suppress spurious "recursion requested but not
available" warning with 'dig +qr'. [RT #15780].
1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
-1963. [port] Tru64 4.0E doesn't support send() and recv().
+1963. [port] Tru64 4.0E doesn't support send() and recv().
[RT #15586]
1962. [bug] Named failed to clear old update-policy when it
@@ -1328,7 +1952,7 @@
1951. [security] Drop queries from particular well known ports.
Don't return FORMERR to queries from particular
well known ports. [RT #15636]
-
+
1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
a TCP socket. This prevents the source address being
set for TCP connections. [RT #15628]
@@ -1350,19 +1974,13 @@
1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
To generate a RSAMD5 key you must explicitly request
RSAMD5. [RT #13780]
-
+
1944. [cleanup] isc_hash_create() does not need a read/write lock.
[RT #15522]
1943. [bug] Set the loadtime after rolling forward the journal.
[RT #15647]
-1597. [func] Allow notify-source and query-source to be specified
- on a per server basis similar to transfer-source.
- [RT #6496]
-
- --- 9.4.0a3 released ---
-
1942. [bug] If the name of a DNSKEY match that of one in
trusted-keys do not attempt to validate the DNSKEY
using the parents DS RRset. [RT #15649]
@@ -1390,12 +2008,6 @@
prior to returning them if it can be done without
requiring DNSKEYs to be fetched. [RT #15430]
-1919. [contrib] queryperf: a set of new features: collecting/printing
- response delays, printing intermediate results, and
- adjusting query rate for the "target" qps.
-
- --- 9.4.0a2 released ---
-
1933. [bug] dump_rdataset_raw() had a incorrect INSIST. [RT #15534]
1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
@@ -1434,7 +2046,9 @@
have the desired performance characteristics.
[RT #15454]
- --- 9.4.0a1 released ---
+1919. [contrib] queryperf: a set of new features: collecting/printing
+ response delays, printing intermediate results, and
+ adjusting query rate for the "target" qps.
1918. [bug] Memory leak when checking acls. [RT #15391]
@@ -1472,7 +2086,7 @@
[RT #15034]
1905. [bug] Strings returned from cfg_obj_asstring() should be
- treated as read-only. The prototype for
+ treated as read-only. The prototype for
cfg_obj_asstring() has been updated to reflect this.
[RT #15256]
@@ -1577,6 +2191,8 @@
1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
+1871. [placeholder]
+
1870. [func] Added framework for handling multiple EDNS versions.
[RT #14873]
@@ -1602,10 +2218,10 @@
1863. [bug] rrset-order "fixed" error messages not complete.
1862. [func] Add additional zone data constancy checks.
- named-checkzone has extended checking of NS, MX and
+ named-checkzone has extended checking of NS, MX and
SRV record and the hosts they reference.
named has extended post zone load checks.
- New zone options: check-mx and integrity-check.
+ New zone options: check-mx and integrity-check.
[RT #4940]
1861. [bug] dig could trigger a INSIST on certain malformed
@@ -1648,9 +2264,9 @@
1848. [bug] Improve SMF integration. [RT #13238]
1847. [bug] isc_ondestroy_init() is called too late in
- dns_rbtdb_create()/dns_rbtdb64_create().
+ dns_rbtdb_create()/dns_rbtdb64_create().
[RT #13661]
-
+
1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
<bortzmeyer@nic.fr>.
@@ -1721,6 +2337,8 @@
1822. [bug] check-names test for RT was reversed. [RT #13382]
+1821. [placeholder]
+
1820. [bug] Gracefully handle acl loops. [RT #13659]
1819. [bug] The validator needed to check both the algorithm and
@@ -1870,6 +2488,10 @@
1773. [bug] Fast retry on host / net unreachable. [RT #13153]
+1772. [placeholder]
+
+1771. [placeholder]
+
1770. [bug] named-checkconf failed to report missing a missing
file clause for rbt{64} master/hint zones. [RT#13009]
@@ -1936,7 +2558,7 @@
[RT #12866]
1748. [func] dig now returns the byte count for axfr/ixfr.
-
+
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
@@ -1954,7 +2576,7 @@
requested number of worker threads then destruction
of the manager would trigger an INSIST() failure.
[RT #12790]
-
+
1742. [bug] Deleting all records at a node then adding a
previously existing record, in a single UPDATE
transaction, failed to leave / regenerate the
@@ -1965,7 +2587,7 @@
1740. [bug] Replace rbt's hash algorithm as it performed badly
with certain zones. [RT #12729]
-
+
NOTE: a hash context now needs to be established
via isc_hash_create() if the application was not
already doing this.
@@ -1980,7 +2602,7 @@
1736. [bug] dst_key_fromnamedfile() could fail to read a
public key. [RT #12687]
-
+
1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
[RE #12688]
@@ -2157,7 +2779,7 @@
1675. [bug] named would sometimes add extra NSEC records to
the authority section.
-
+
1674. [port] linux: increase buffer size used to scan
/proc/net/if_inet6.
@@ -2173,6 +2795,8 @@
1670. [func] Log UPDATE requests to slave zones without an acl as
"disabled" at debug level 3. [RT# 11657]
+1669. [placeholder]
+
1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
1667. [port] linux: not all versions have IF_NAMESIZE.
@@ -2229,7 +2853,7 @@
1648. [func] Update dnssec-lookaside named.conf syntax to support
multiple dnssec-lookaside namespaces (not yet
- implemented).
+ implemented).
1647. [bug] It was possible trigger a INSIST when chasing a DS
record that required walking back over a empty node.
@@ -2259,7 +2883,7 @@
1638. [bug] "ixfr-from-differences" could generate a REQUIRE
failure if the journal open failed. [RT #11347]
-
+
1637. [bug] Node reference leak on error in addnoqname().
1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
@@ -2353,21 +2977,21 @@
1607. [bug] dig, host and nslookup were still using random()
to generate query ids. [RT# 11013]
-1606. [bug] DLV insecurity proof was failing.
+1606. [bug] DLV insecurity proof was failing.
1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
1604. [bug] A xfrout_ctx_create() failure would result in
xfrout_ctx_destroy() being called with a
partially initialized structure.
-
+
1603. [bug] nsupdate: set interactive based on isatty().
[RT# 10929]
1602. [bug] Logging to a file failed unless a size was specified.
[RT# 10925]
-1601. [bug] Silence spurious warning 'both "recursion no;" and
+1601. [bug] Silence spurious warning 'both "recursion no;" and
"allow-recursion" active' warning from view "_bind".
[RT# 10920]
@@ -2379,6 +3003,10 @@
1598. [func] Specify that certain parts of the namespace must
be secure (dnssec-must-be-secure).
+1597. [func] Allow notify-source and query-source to be specified
+ on a per server basis similar to transfer-source.
+ [RT #6496]
+
1596. [func] Accept 'notify-source' style syntax for query-source.
1595. [func] New notify type 'master-only'. Enable notify for
@@ -4280,7 +4908,7 @@
963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
962. [bug] libbind: bad "#undef", don't attempt to install
- non-existant nlist.h. [RT #1640]
+ non-existent nlist.h. [RT #1640]
961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
was not defined. [RT #1482]
@@ -6918,7 +7546,7 @@
188. [func] Log a warning message when an incoming zone transfer
contains out-of-zone data.
- 187. [func] isc_ratelimter_enqueue() has an additional argument
+ 187. [func] isc_ratelimiter_enqueue() has an additional argument
'task'.
186. [func] dns_request_getresponse() has an additional argument
@@ -7061,7 +7689,7 @@
masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
- 149. [cleanup] Removed usused argument 'olist' from
+ 149. [cleanup] Removed unused argument 'olist' from
dns_c_view_unsetordering().
148. [cleanup] Stop issuing some warnings about some configuration
@@ -7137,7 +7765,7 @@
128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
ISC_LANG_ENDDECLS at end of header.
- 127. [cleanup] The contracts for the comparision routines
+ 127. [cleanup] The contracts for the comparison routines
dns_name_fullcompare(), dns_name_compare(),
dns_name_rdatacompare(), and dns_rdata_compare() now
specify that the order value returned is < 0, 0, or > 0