From b0e69f719c1db2c19fcfba96f0dac9a5a2277350 Mon Sep 17 00:00:00 2001 From: Doug Barton Date: Sun, 31 May 2009 00:11:36 +0000 Subject: Vendor import of BIND 9.6.1rc1 --- CHANGES | 902 ++++++++++++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 765 insertions(+), 137 deletions(-) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index 8d1f22b8e381..4f55ca2aa0e8 100644 --- a/CHANGES +++ b/CHANGES @@ -1,18 +1,258 @@ - --- 9.4.3-P2 released --- + + --- 9.6.1rc1 released --- + +2599. [bug] Address rapid memory growth when validation fails. + [RT #19654] + +2597. [bug] Handle a validation failure with a insecure delegation + from a NSEC3 signed master/slave zone. [RT #19464] + +2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay + long, leading to inefficient memory usage or rejecting + newer cache entries in the worst case. [RT #19563] + +2595. [bug] Fix unknown extended rcodes in dig. [RT #19625] + +2592. [bug] Treat "any" as a type in nsupdate. [RT #19455] + +2591. [bug] named could die when processing a update in + removed_orphaned_ds(). [RT #19507] + +2588. [bug] SO_REUSEADDR could be set unconditionally after failure + of bind(2) call. This should be rare and mostly + harmless, but may cause interference with other + processes that happen to use the same port. [RT #19642] + +2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB + or SDB. [RT #19577] + +2585. [bug] Uninitialized socket name could be referenced via a + statistics channel, triggering an assertion failure in + XML rendering. [RT #19427] + +2584. [bug] alpha: gcc optimization could break atomic operations. + [RT #19227] + +2583. [port] netbsd: provide a control to not add the compile + date to the version string, -DNO_VERSION_DATE. + +2582. [bug] Don't emit warning log message when we attempt to + remove non-existant journal. [RT #19516] 2579. [bug] DNSSEC lookaside validation failed to handle unknown algorithms. [RT #19479] - --- 9.4.3-P1 released --- +2578. [bug] Changed default sig-signing-type to 65534, because + 65535 turns out to be reserved. [RT #19477] + +2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash. + [RT #18837] + + --- 9.6.1b1 released --- + +2577. [doc] Clarified some statistics counters. [RT #19454] + +2576. [bug] NSEC record were not being correctly signed when + a zone transitions from insecure to secure. + Handle such incorrectly signed zones. [RT #19114] + +2574. [doc] Document nsupdate -g and -o. [RT #19351] + +2573. [bug] Replacing a non-CNAME record with a CNAME record in a + single transaction in a signed zone failed. [RT #19397] + +2568. [bug] Report when the write to indicate a otherwise + successful start fails. [RT #19360] + +2567. [bug] dst__privstruct_writefile() could miss write errors. + write_public_key() could miss write errors. + dnssec-dsfromkey could miss write errors. + [RT #19360] + +2564. [bug] Only take EDNS fallback steps when processing timeouts. + [RT #19405] + +2563. [bug] Dig could leak a socket causing it to wait forever + to exit. [RT #19359] + +2562. [doc] ARM: miscellaneous improvements, reorganization, + and some new content. + +2561. [doc] Add isc-config.sh(1) man page. [RT #16378] + +2560. [bug] Add #include to iptable.c. [RT #18258] + +2559. [bug] dnssec-dsfromkey could compute bad DS records when + reading from a K* files. [RT #19357] + +2557. [cleanup] PCI compliance: + * new libisc log module file + * isc_dir_chroot() now also changes the working + directory to "/". + * additional INSISTs + * additional logging when files can't be removed. + +2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the + error checks in the correct order resulting in the + wrong error code sometimes being returned. [RT #19249] + +2554. [bug] Validation of uppercase queries from NSEC3 zones could + fail. [RT #19297] + +2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291] + +2552. [bug] zero-no-soa-ttl-cache was not being honoured. + [RT #19340] + +2551. [bug] Potential Reference leak on return. [RT #19341] + +2550. [bug] Check --with-openssl= finds . + [RT #19343] + +2549. [port] linux: define NR_OPEN if not currently defined. + [RT #19344] + +2548. [bug] Install iterated_hash.h. [RT #19335] + +2547. [bug] openssl_link.c:mem_realloc() could reference an + out-of-range area of the source buffer. New public + function isc_mem_reallocate() was introduced to address + this bug. [RT #19313] + +2545. [doc] ARM: Legal hostname checking (check-names) is + for SRV RDATA too. [RT #19304] + +2544. [cleanup] Removed unused structure members in adb.c. [RT #19225] + +2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113] + +2542. [doc] Update the description of dig +adflag. [RT #19290] + +2541. [bug] Conditionally update dispatch manager statistics. + [RT #19247] + +2539. [security] Update the interaction between recursion, allow-query, + allow-query-cache and allow-recursion. [RT #19198] + +2538. [bug] cache/ADB memory could grow over max-cache-size, + especially with threads and smaller max-cache-size + values. [RT #19240] + +2537. [experimental] Added more statistics counters including those on socket + I/O events and query RTT histograms. [RT #18802] + +2536. [cleanup] Silence some warnings when -Werror=format-security is + specified. [RT #19083] + +2535. [bug] dig +showsearh and +trace interacted badly. [RT #19091] + +2532. [bug] dig: check the question section of the response to + see if it matches the asked question. [RT #18495] + +2531. [bug] Change #2207 was incomplete. [RT #19098] + +2530. [bug] named failed to reject insecure to secure transitions + via UPDATE. [RT #19101] + +2529. [cleanup] Upgrade libtool to silence complaints from recent + version of autoconf. [RT #18657] + +2528. [cleanup] Silence spurious configure warning about + --datarootdir [RT #19096] + +2527. [bug] named could reuse cache on reload with + enabling/disabling validation. [RT #19119] + +2525. [experimental] New logging category "query-errors" to provide detailed + internal information about query failures, especially + about server failures. [RT #19027] + +2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129] + +2523. [bug] Random type rdata freed by dns_nsec_typepresent(). + [RT #19112] + +2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal(). + +2521. [bug] Improve epoll cross compilation support. [RT #19047] + +2519. [bug] dig/host with -4 or -6 didn't work if more than two + nameserver addresses of the excluded address family + preceded in resolv.conf. [RT #19081] + +2517. [bug] dig +trace with -4 or -6 failed when it chose a + nameserver address of the excluded address. + [RT #18843] + +2516. [bug] glue sort for responses was performed even when not + needed. [RT #19039] + +2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains + a nameserver of the excluded address family. + [RT #18848] + +2511. [cleanup] dns_rdata_tofmttext() add const to linebreak. + [RT #18885] + +2506. [port] solaris: Check at configure time if + hack_shutup_pthreadonceinit is needed. [RT #19037] + +2505. [port] Treat amd64 similarly to x86_64 when determining + atomic operation support. [RT #19031] + +2503. [port] linux: improve compatibility with Linux Standard + Base. [RT #18793] + +2502. [cleanup] isc_radix: Improve compliance with coding style, + document function in . [RT #18534] + + --- 9.6.0 released --- + +2520. [bug] Update xml statistics version number to 2.0 as change + #2388 made the schema incompatible to the previous + version. [RT #19080] + + --- 9.6.0rc2 released --- + +2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel. + [RT #19063] + +2513 [bug] Fix windows cli build. [RT #19062] + +2510. [bug] "dig +sigchase" could trigger REQUIRE failures. + [RT #19033] + +2509. [bug] Specifying a fixed query source port was broken. + [RT #19051] + +2504. [bug] Address race condition in the socket code. [RT #18899] -2522. [security] Handle -1 from DSA_do_verify(). + --- 9.6.0rc1 released --- 2498. [bug] Removed a bogus function argument used with ISC_SOCKET_USE_POLLWATCH: it could cause compiler warning or crash named with the debug 1 level of logging. [RT #18917] - --- 9.4.3 released --- +2497. [bug] Don't add RRSIG bit to NSEC3 bit map for insecure + delegation. + +2496. [bug] Add sanity length checks to NSID option. [RT #18813] + +2495. [bug] Tighten RRSIG checks. [RT #18795] + +2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being + installed. [RT #18826] + +2493. [bug] The linux capabilities code was not correctly cleaning + up after itself. [RT #18767] + +2492. [func] Rndc status now reports the number of cpus discovered + and the number of worker threads when running + multi-threaded. [RT #18273] + +2491. [func] Attempt to re-use a local port if we are already using + the port. [RT #18548] 2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO is cleared when IPV6_V6ONLY is set. [RT #18785] @@ -23,7 +263,58 @@ Define ISC_SOCKET_USE_POLLWATCH at build time to enable this workaround. [RT #18870] - --- 9.4.3rc1 released --- +2488. [func] Added a tool, dnssec-dsfromkey, to generate DS records + from keyset and .key files. [RT #18694] + +2487. [bug] Give TCP connections longer to complete. [RT #18675] + +2486. [func] The default locations for named.pid and lwresd.pid + are now /var/run/named/named.pid and + /var/run/lwresd/lwresd.pid respectively. + + This allows the owner of the containing directory + to be set, for "named -u" support, and allows there + to be a permanent symbolic link in the path, for + "named -t" support. [RT #18306] + +2485. [bug] Change update's the handling of obscured RRSIG + records. Not all orphaned DS records were being + removed. [RT #18828] + +2484. [bug] It was possible to trigger a REQUIRE failure when + adding NSEC3 proofs to the response in + query_addwildcardproof(). [RT #18828] + +2483. [port] win32: chroot() is not supported. [RT #18805] + +2482. [port] libxml2: support versions 2.7.* in addition + to 2.6.*. [RT #18806] + + --- 9.6.0b1 released --- + +2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain + collisions. [RT #18812] + +2480. [bug] named could fail to emit all the required NSEC3 + records. [RT #18812] + +2479. [bug] xfrout:covers was not properly initialized. [RT #18801] + +2478. [bug] 'addresses' could be used uninitialized in + configure_forward(). [RT #18800] + +2477. [bug] dig: the global option to print the command line is + +cmd not print_cmd. Update the output to reflect + this. [RT #17008] + +2476. [doc] ARM: improve documentation for max-journal-size and + ixfr-from-differences. [RT #15909] [RT #18541] + +2475. [bug] LRU cache cleanup under overmem condition could purge + particular entries more aggressively. [RT #17628] + +2474. [bug] ACL structures could be allocated with insufficient + space, causing an array overrun. [RT #18765] 2473. [port] linux: raise the limit on open files to the possible maximum value before spawning threads; 'files' @@ -33,9 +324,12 @@ 2472. [port] linux: check the number of available cpu's before calling chroot as it depends on "/proc". [RT #16923] -2471. [bug] named-checkzone was not reporting missing manditory +2471. [bug] named-checkzone was not reporting missing mandatory glue when sibling checks were disabled. [RT #18768] +2470. [bug] Elements of the isc_radix_node_t could be incorrectly + overwritten. [RT# 18719] + 2469. [port] solaris: Work around Solaris's select() limitations. [RT #18769] @@ -50,10 +344,14 @@ 2465. [bug] Adb's handling of lame addresses was different for IPv4 and IPv6. [RT #18738] +2464. [port] linux: check that a capability is present before + trying to set it. [RT #18135] + 2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket API and glibc hides parts of the IPv6 Advanced Socket API as a result. This is stupid as it breaks how the - two halves (Basic and Advanced) of the IPv6 Socket API were designed to be used but we have to live with it. + two halves (Basic and Advanced) of the IPv6 Socket API + were designed to be used but we have to live with it. Define _GNU_SOURCE to pull in the IPv6 Advanced Socket API. [RT #18388] @@ -62,17 +360,48 @@ 2461. [port] sunos: Change #2363 was not complete. [RT #17513] + --- 9.6.0a1 released --- + +2460. [bug] Don't call dns_db_getnsec3parameters() on the cache. + [RT #18697] + +2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448] + 2458. [doc] ARM: update and correction for max-cache-size. [RT #18294] -2455. [bug] Stop metadata being transfered via axfr/ixfr. +2457. [tuning] max-cache-size is reverted to 0, the previous + default. It should be safe because expired cache + entries are also purged. [RT #18684] + +2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any + address, regardless of family. They now correctly + distinguish IPv4 from IPv6. [RT #18559] + +2455. [bug] Stop metadata being transferred via axfr/ixfr. [RT #18639] +2454. [func] nsupdate: you can now set a default ttl. [RT #18317] + 2453. [bug] Remove NULL pointer dereference in dns_journal_print(). [RT #18316] -2449. [bug] libbind: Out of bounds reference in dns_ho.c:addrsort. - [RT #18044] +2452. [func] Improve bin/test/journalprint. [RT #18316] + +2451. [port] solaris: handle runtime linking better. [RT #18356] + +2450. [doc] Fix lwresd docbook problem for manual page. + [RT #18672] + +2449. [placeholder] + +2448. [func] Add NSEC3 support. [RT #15452] + +2447. [cleanup] libbind has been split out as a separate product. + +2446. [func] Add a new log message about build options on startup. + A new command-line option '-V' for named is also + provided to show this information. [RT# 18645] 2445. [doc] ARM out-of-date on empty reverse zones (list includes RFC1918 address, but these are not yet compiled in). @@ -81,31 +410,46 @@ 2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery (clear DF) for UDP responses and requests. - --- 9.4.3b3 released --- - 2443. [bug] win32: UDP connect() would not generate an event, and so connected UDP sockets would never clean up. Fix this by doing an immediate WSAConnect() rather than an io completion port type for UDP. -2438. [bug] Timeouts could be logged incorrectly under win32. - [RT #18617] +2442. [bug] A lock could be destroyed twice. [RT# 18626] + +2441. [bug] isc_radix_insert() could copy radix tree nodes + incompletely. [RT #18573] + +2440. [bug] named-checkconf used an incorrect test to determine + if an ACL was set to none. + +2439. [bug] Potential NULL dereference in dns_acl_isanyornone(). + [RT #18559] + +2438. [bug] Timeouts could be logged incorrectly under win32. 2437. [bug] Sockets could be closed too early, leading to inconsistent states in the socket module. [RT #18298] 2436. [security] win32: UDP client handler can be shutdown. [RT #18576] +2435. [bug] Fixed an ACL memory leak affecting win32. + +2434. [bug] Fixed a minor error-reporting bug in + lib/isc/win32/socket.c. + 2433. [tuning] Set initial timeout to 800ms. -2432. [bug] More Windows socket handling improvements. Stop +2432. [bug] More Windows socket handling improvements. Stop using I/O events and use IO Completion Ports throughout. Rewrite the receive path logic to make it easier to support multiple simultaneous - requestrs in the future. Add stricter consistency + requesters in the future. Add stricter consistency checking as a compile-time option (define ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off). +2431. [bug] Acl processing could leak memory. [RT #18323] + 2430. [bug] win32: isc_interval_set() could round down to zero if the input was less than NS_INTERVAL nanoseconds. Round up instead. [RT #18549] @@ -113,8 +457,14 @@ 2429. [doc] nsupdate should be in section 1 of the man pages. [RT #18283] +2428. [bug] dns_iptable_merge() mishandled merges of negative + tables. [RT #18409] + +2427. [func] Treat DNSKEY queries as if "minimal-response yes;" + was set. [RT #18528] + 2426. [bug] libbind: inet_net_pton() can sometimes return the - wrong value if excessively large netmasks are + wrong value if excessively large net masks are supplied. [RT #18512] 2425. [bug] named didn't detect unavailable query source addresses @@ -125,6 +475,12 @@ epoll and /dev/poll to be selected at compile time. [RT #18277] +2423. [security] Randomize server selection on queries, so as to + make forgery a little more difficult. Instead of + always preferring the server with the lowest RTT, + pick a server with RTT within the same 128 + millisecond band. [RT #18441] + 2422. [bug] Handle the special return value of a empty node as if it was a NXRRSET in the validator. [RT #18447] @@ -133,13 +489,20 @@ Use caution: this option may not work for some operating systems without rebuilding named. -2420. [bug] Windows socket handling cleanup. Let the io - completion event send out cancelled read/write - done events, which keeps us from writing to memeory +2420. [bug] Windows socket handling cleanup. Let the io + completion event send out canceled read/write + done events, which keeps us from writing to memory we no longer have ownership of. Add debugging socket_log() function. Rework TCP socket handling to not leak sockets. +2419. [cleanup] Document that isc_socket_create() and isc_socket_open() + should not be used for isc_sockettype_fdwatch sockets. + [RT #18521] + +2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure + [RT #18430] + 2417. [bug] Connecting UDP sockets for outgoing queries could unexpectedly fail with an 'address already in use' error. [RT #18411] @@ -147,26 +510,42 @@ 2416. [func] Log file descriptors that cause exceeding the internal maximum. [RT #18460] +2415. [bug] 'rndc dumpdb' could trigger various assertion failures + in rbtdb.c. [RT #18455] + 2414. [bug] A masterdump context held the database lock too long, causing various troubles such as dead lock and recursive lock acquisition. [RT #18311, #18456] 2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442] -2412. [bug] win32: address a resourse leak. [RT #18374] +2412. [bug] win32: address a resource leak. [RT #18374] 2411. [bug] Allow using a larger number of sockets than FD_SETSIZE for select(). To enable this, set ISC_SOCKET_MAXSOCKETS at compilation time. [RT #18433] + Note: with changes #2469 and #2421 above, there is no + need to tweak ISC_SOCKET_MAXSOCKETS at compilation time + any more. + 2410. [bug] Correctly delete m_versionInfo. [RT #18432] +2409. [bug] Only log that we disabled EDNS processing if we were + subsequently successful. [RT #18029] + 2408. [bug] A duplicate TCP dispatch event could be sent, which could then trigger an assertion failure in resquery_response(). [RT #18275] 2407. [port] hpux: test for sys/dyntune.h. [RT #18421] +2406. [placeholder] + +2405. [cleanup] The default value for dnssec-validation was changed to + "yes" in 9.5.0-P1 and all subsequent releases; this + was inadvertently omitted from CHANGES at the time. + 2404. [port] hpux: files unlimited support. 2403. [bug] TSIG context leak. [RT #18341] @@ -176,13 +555,17 @@ 2401. [bug] Expect to get E[MN]FILE errno internal_accept() (from accept() or fcntl() system calls). [RT #18358] -2399. [bug] Abort timeout queries to reduce the number of open - UDP sockets. [RT #18367] +2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails. + [RT #18297] + +2399. [placeholder] 2398. [bug] Improve file descriptor management. New, temporary, named.conf option reserved-sockets, default 512. [RT #18344] +2397. [bug] gssapi_functions had too many elements. [RT #18355] + 2396. [bug] Don't set SO_REUSEADDR for randomized ports. [RT #18336] @@ -193,35 +576,42 @@ open files to 'unlimited' as described in the documentation. [RT #18331] +2393. [bug] nested acls containing keys could trigger an + assertion in acl.c. [RT #18166] + 2392. [bug] remove 'grep -q' from acl test script, some platforms don't support it. [RT #18253] -2391 [port] hpux: cover additional recvmsg() error codes. +2391. [port] hpux: cover additional recvmsg() error codes. [RT #18301] -2390 [bug] dispatch.c could make a false warning on 'odd socket'. +2390. [bug] dispatch.c could make a false warning on 'odd socket'. [RT #18301]. -2389 [bug] Move the "working directory writable" check to after +2389. [bug] Move the "working directory writable" check to after the ns_os_changeuser() call. [RT #18326] +2388. [bug] Avoid using tables for layout purposes in + statistics XSL [RT #18159]. + +2387. [bug] Silence compiler warnings in lib/isc/radix.c. + [RT #18147] [RT #18258] + 2386. [func] Add warning about too small 'open files' limit. [RT #18269] - --- 9.4.3b2 released --- - 2385. [bug] A condition variable in socket.c could leak in rare error handling [RT #17968]. -2384. [security] Additional support for query port randomization (change - #2375) including performance improvement and port range - specification. [RT #17949, #18098] +2384. [security] Fully randomize UDP query ports to improve + forgery resilience. [RT #17949, #18098] 2383. [bug] named could double queries when they resulted in SERVFAIL due to overkilling EDNS0 failure detection. [RT #18182] -2382. [doc] Add descriptions of IPSECKEY, SPF and SSHFP to ARM. +2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP + to ARM. 2381. [port] dlz/mysql: support multiple install layouts for mysql. /include/{,mysql/}mysql.h and @@ -235,41 +625,104 @@ 2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant TLDs and supported RRs with TTLs [RT #17972] +2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5. + [RT #18169] + 2377. [bug] Address race condition in dnssec-signzone. [RT #18142] 2376. [bug] Change #2144 was not complete. -2375. [security] Fully randomize UDP query ports to improve - forgery resilience. [RT #17949] +2375. [placeholder] + +2374. [bug] "blackhole" ACLs could cause named to segfault due + to some uninitialized memory. [RT #18095] + +2373. [bug] Default values of zone ACLs were re-parsed each time a + new zone was configured, causing an overconsumption + of memory. [RT #18092] + +2372. [bug] Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047] -2372. [bug] fixed incorrect TAG_HMACSHA256_BITS value [RT #18047] +2371. [doc] Add +nsid option to dig man page. [RT #18039] + +2370. [bug] "rndc freeze" could trigger an assertion in named + when called on a nonexistent zone. [RT #18050] 2369. [bug] libbind: Array bounds overrun on read in bitncmp(). [RT #18054] +2368. [port] Linux: use libcap for capability management if + possible. [RT# 18026] + +2367. [bug] Improve counting of dns_resstatscounter_retry + [RT #18030] + +2366. [bug] Adb shutdown race. [RT #18021] + +2365. [bug] Fix a bug that caused dns_acl_isany() to return + spurious results. [RT #18000] + 2364. [bug] named could trigger a assertion when serving a malformed signed zone. [RT #17828] 2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;". [RT #17513] +2362. [cleanup] Make "rrset-order fixed" a compile-time option. + settable by "./configure --enable-fixed-rrset". + Disabled by default. [RT #17977] + 2361. [bug] "recursion" statistics counter could be counted multiple times for a single query. [RT #17990] - --- 9.4.3b1 released --- +2360. [bug] Fix a condition where we release a database version + (which may acquire a lock) while holding the lock. + +2359. [bug] Fix NSID bug. [RT #17942] 2358. [doc] Update host's default query description. [RT #17934] +2357. [port] Don't use OpenSSL's engine support in versions before + OpenSSL 0.9.7f. [RT #17922] + 2356. [bug] Built in mutex profiler was not scalable enough. [RT #17436] -2353. [func] libbind: nsid support. [RT #17091] +2355. [func] Extend the number statistics counters available. + [RT #17590] + +2354. [bug] Failed to initialize some rdatasetheader_t elements. + [RT #17927] + +2353. [func] Add support for Name Server ID (RFC 5001). + 'dig +nsid' requests NSID from server. + 'request-nsid yes;' causes recursive server to send + NSID requests to upstream servers. Server responds + to NSID requests with the string configured by + 'server-id' option. [RT #17091] + +2352. [bug] Various GSS_API fixups. [RT #17729] + +2351. [bug] convertxsl.pl generated very long lines. [RT #17906] 2350. [port] win32: IPv6 support. [RT #17797] +2349. [func] Provide incremental re-signing support for secure + dynamic zones. [RT #1091] + +2348. [func] Use the EVP interface to OpenSSL. Add PKCS#11 support. + Documentation is in the new README.pkcs11 file. + New tool, dnssec-keyfromlabel, which takes the + label of a key pair in a HSM and constructs a DNS + key pair for use by named and dnssec-signzone. + [RT #16844] + 2347. [bug] Delete now traverses the RB tree in the canonical order. [RT #17451] +2346. [func] Memory statistics now cover all active memory contexts + in increased detail. [RT #17580] + 2345. [bug] named-checkconf failed to detect when forwarders were set at both the options/view level and in a root zone. [RT #17671] @@ -280,6 +733,8 @@ 2343. [bug] (Seemingly) duplicate IPv6 entries could be created in ADB. [RT #17837] +2342. [func] Use getifaddrs() if available under Linux. [RT #17224] + 2341. [bug] libbind: add missing -I../include for off source tree builds. [RT #17606] @@ -292,12 +747,16 @@ 2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614] -2335. [port] sunos: libbind and *printf() support for long long. +2336. [func] If "named -6" is specified then listen on all IPv6 + interfaces if there are not listen-on-v6 clauses in + named.conf. [RT #17581] + +2335. [port] sunos: libbind and *printf() support for long long. [RT #17513] 2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one bug in fromstruct_txt(). [RT #17609] - + 2333. [bug] Fix off by one error in isc_time_nowplusinterval(). [RT #17608] @@ -321,21 +780,40 @@ J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and M.ROOT-SERVERS.NET. +2327. [bug] It was possible to dereference a NULL pointer in + rbtdb.c. Implement dead node processing in zones as + we do for caches. [RT #17312] + 2326. [bug] It was possible to trigger a INSIST in the acache processing. 2325. [port] Linux: use capset() function if available. [RT #17557] +2324. [bug] Fix IPv6 matching against "any;". [RT #17533] + 2323. [port] tru64: namespace clash. [RT #17547] 2322. [port] MacOS: work around the limitation of setrlimit() for RLIMIT_NOFILE. [RT #17526] -2319. [bug] Silence Coverity warnings in +2321. [placeholder] + +2320. [func] Make statistics counters thread-safe for platforms + that support certain atomic operations. [RT #17466] + +2319. [bug] Silence Coverity warnings in lib/dns/rdata/in_1/apl_42.c. [RT #17469] 2318. [port] sunos fixes for libbind. [RT #17514] +2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518] + +2316. [port] Missing #include in lib/dns/gssapictx.c. + [RT #17513] + +2315. [bug] Used incorrect address family for mapped IPv4 + addresses in acl.c. [RT #17519] + 2314. [bug] Uninitialized memory use on error path in bin/named/lwdnoop.c. [RT #17476] @@ -345,11 +823,15 @@ 2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c. [RT #17458] -2311. [func] Update ACL regression test. [RT #17462] +2311. [bug] IPv6 addresses could match IPv4 ACL entries and + vice versa. [RT #17462] 2310. [bug] dig, host, nslookup: flush stdout before emitting debug/fatal messages. [RT #17501] +2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c. + [RT #17455] + 2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c. [RT #17495] @@ -371,7 +853,7 @@ 2301. [bug] Remove resource leak and fix error messages in bin/tests/system/lwresd/lwtest.c. [RT #17474] -2300. [bug] Fixed failure to close open file in +2300. [bug] Fixed failure to close open file in bin/tests/names/t_names.c. [RT #17473] 2299. [bug] Remove unnecessary NULL check in @@ -389,22 +871,39 @@ 2295. [bug] Silence static overrun error in bin/named/lwaddr.c. [RT #17459] +2294. [func] Allow the experimental statistics channels to have + multiple connections and ACL. + Note: the stats-server and stats-server-v6 options + available in the previous beta releases are replaced + with the generic statistics-channels statement. + 2293. [func] Add ACL regression test. [RT #17375] 2292. [bug] Log if the working directory is not writable. [RT #17312] -2291. [bug] PR_SET_DUMPABLE may be set too late. Also report +2291. [bug] PR_SET_DUMPABLE may be set too late. Also report failure to set PR_SET_DUMPABLE. [RT #17312] 2290. [bug] Let AD in the query signal that the client wants AD set in the response. [RT #17301] +2289. [func] named-checkzone now reports the out-of-zone CNAME + found. [RT #17309] + 2288. [port] win32: mark service as running when we have finished loading. [RT #17441] 2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413] +2286. [func] Allow a TCP connection to be used as a weak + authentication method for reverse zones. + New update-policy methods tcp-self and 6to4-self. + [RT #17378] + +2285. [func] Test framework for client memory context management. + [RT #17377] + 2284. [bug] Memory leak in UPDATE prerequisite processing. [RT #17377] @@ -413,7 +912,15 @@ memory context rather than the clients memory context. [RT #17377] -2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available, +2282. [bug] Acl code fixups. [RT #17346] [RT #17374] + +2281. [bug] Attempts to use undefined acls were not being logged. + [RT #17307] + +2280. [func] Allow the experimental http server to be reached + over IPv6 as well as IPv4. [RT #17332] + +2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available, to protect applications from receiving spurious SIGPIPE signals when using the resolver. @@ -423,12 +930,21 @@ 2277. [bug] Empty zone names were not correctly being caught at in the post parse checks. [RT #17357] +2276. [bug] Install . [RT# 17359] + +2275. [func] Add support to dig to perform IXFR queries over UDP. + [RT #17235] + +2274. [func] Log zone transfer statistics. [RT #17336] + 2273. [bug] Adjust log level to WARNING when saving inconsistent stub/slave master and journal files. [RT# 17279] 2272. [bug] Handle illegal dnssec-lookaside trust-anchor names. [RT #17262] +2271. [bug] Fix a memory leak in http server code [RT #17100] + 2270. [bug] dns_db_closeversion() version->writer could be reset before it is tested. [RT #17290] @@ -437,6 +953,12 @@ 2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones list. + --- 9.5.0b1 released --- + +2267. [bug] Radix tree node_num value could be set incorrectly, + causing positive ACL matches to look like negative + ones. [RT #17311] + 2266. [bug] client.c:get_clientmctx() returned the same mctx once the pool of mctx's was filled. [RT #17218] @@ -451,21 +973,14 @@ 2262. [bug] Error status from all but the last view could be lost. [RT #17292] -2260. [bug] Reported wrong clients-per-query when increasing the - value. [RT #17236] - -2247. [doc] Sort doc/misc/options. [RT #17067] +2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272] -2246. [bug] Make the startup of test servers (ans.pl) more - robust. [RT #17147] - - --- 9.4.2 released --- +2260. [bug] Reported wrong clients-per-query when increasing the + value. [RT #17236] - --- 9.4.2rc2 released --- +2259. [placeholder] -2259. [bug] Reverse incorrect LIBINTERFACE bump of libisc - in 9.4.2rc1. Applications built against 9.4.2rc1 - will need to be rebuilt. + --- 9.5.0a7 released --- 2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken. [RT #17241] @@ -483,20 +998,52 @@ intermediate values as timer->idle was reset by isc_timer_touch(). [RT #17243] - --- 9.4.2rc1 released --- +2253. [func] "max-cache-size" defaults to 32M. + "max-acache-size" defaults to 16M. -2251. [doc] Update memstatistics-file documentation to reflect - reality. Note there is behaviour change for BIND 9.5. - [RT #17113] +2252. [bug] Fixed errors in sortlist code [RT #17216] -2249. [bug] Only set Authentic Data bit if client requested - DNSSEC, per RFC 3655 [RT #17175] +2251. [placeholder] + +2250. [func] New flag 'memstatistics' to state whether the + memory statistics file should be written or not. + Additionally named's -m option will cause the + statistics file to be written. [RT #17113] + +2249. [bug] Only set Authentic Data bit if client requested + DNSSEC, per RFC 3655 [RT #17175] -2248. [cleanup] Fix several errors reported by Coverity. [RT #17160] +2248. [cleanup] Fix several errors reported by Coverity. [RT #17160] + +2247. [doc] Sort doc/misc/options. [RT #17067] + +2246. [bug] Make the startup of test servers (ans.pl) more + robust. [RT #17147] 2245. [bug] Validating lack of DS records at trust anchors wasn't working. [RT #17151] +2244. [func] Allow the check of nameserver names against the + SOA MNAME field to be disabled by specifying + 'notify-to-soa yes;'. [RT #17073] + +2243. [func] Configuration files without a newline at the end now + parse without error. [RT #17120] + +2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos + library could require a source of random data. + [RT #17127] + +2241. [func] nsupdate: add a interactive 'help' command. [RT #17099] + +2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert + a number of INSIST()s into plain fatal() errors + which report the triggering result code. + The 'key' command wasn't disabling GSS-TSIG. + [RT #17099] + +2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114] + 2238. [bug] It was possible to trigger a REQUIRE when a validation was canceled. [RT #17106] @@ -507,7 +1054,11 @@ 2235. [bug] was not being installed. [RT #17135] -2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134] +2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134] + +2233. [func] Add support for O(1) ACL processing, based on + radix tree code originally written by Kevin + Brintnall. [RT #16288] 2232. [bug] dns_adb_findaddrinfo() could fail and return ISC_R_SUCCESS. [RT #17137] @@ -518,34 +1069,44 @@ 2230. [bug] We could INSIST reading a corrupted journal. [RT #17132] +2229. [bug] Null pointer dereference on query pool creation + failure. [RT #17133] + 2228. [contrib] contrib: Change 2188 was incomplete. 2227. [cleanup] Tidied up the FAQ. [RT #17121] +2226. [placeholder] + 2225. [bug] More support for systems with no IPv4 addresses. - [RT #17111] + [RT #17111] 2224. [bug] Defer journal compaction if a xfrin is in progress. [RT #17119] 2223. [bug] Make a new journal when compacting. [RT #17119] +2222. [func] named-checkconf now checks server key references. + [RT #17097] + 2221. [bug] Set the event result code to reflect the actual - record returned to caller when a cache update is + record turned to caller when a cache update is rejected due to a more credible answer existing. [RT #17017] 2220. [bug] win32: Address a race condition in final shutdown of the Windows socket code. [RT #17028] - + 2219. [bug] Apply zone consistency checks to additions, not removals, when updating. [RT #17049] 2218. [bug] Remove unnecessary REQUIRE from dns_validator_create(). [RT #16976] +2217. [func] Adjust update log levels. [RT #17092] + 2216. [cleanup] Fix a number of errors reported by Coverity. - [RT #17094] + [RT #17094] 2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094] @@ -559,6 +1120,9 @@ 2212. [func] 'host -m' now causes memory statistics and active memory to be printed at exit. [RT 17028] +2211. [func] Update "dynamic update temporarily disabled" message. + [RT #17065] + 2210. [bug] Deleting class specific records via UPDATE could fail. [RT #17074] @@ -572,7 +1136,7 @@ 2207. [port] Some implementations of getaddrinfo() fail to set ai_canonname correctly. [RT #17061] - --- 9.4.2b1 released --- + --- 9.5.0a6 released --- 2206. [security] "allow-query-cache" and "allow-recursion" now cross inherit from each other. @@ -588,15 +1152,21 @@ localhost;) is used. [RT #16987] - + 2205. [bug] libbind: change #2119 broke thread support. [RT #16982] +2204. [bug] "rndc flushanme name unknown-view" caused named + to crash. [RT #16984] + 2203. [security] Query id generation was cryptographically weak. [RT # 16915] 2202. [security] The default acls for allow-query-cache and allow-recursion were not being applied. [RT #16960] +2201. [bug] The build failed in a separate object directory. + [RT #16943] + 2200. [bug] The search for cached NSEC records was stopping to early leading to excessive DLV queries. [RT #16930] @@ -613,8 +1183,13 @@ 2196. [port] win32: yield processor while waiting for once to to complete. [RT #16958] +2195. [func] dnssec-keygen now defaults to nametype "ZONE" + when generating DNSKEYs. [RT #16954] + 2194. [bug] Close journal before calling 'done' in xfrin.c. + --- 9.5.0a5 released --- + 2193. [port] win32: BINDInstall.exe is now linked statically. [RT #16906] @@ -622,6 +1197,17 @@ Studio's redistributable dlls if building with Visual Stdio 2005 or later. +2191. [func] named-checkzone now allows dumping to stdout (-). + named-checkconf now has -h for help. + named-checkzone now has -h for help. + rndc now has -h for help. + Better handling of '-?' for usage summaries. + [RT #16707] + +2190. [func] Make fallback to plain DNS from EDNS due to timeouts + more visible. New logging category "edns-disabled". + [RT #16871] + 2189. [bug] Handle socket() returning EINTR. [RT #15949] 2188. [contrib] queryperf: autoconf changes to make the search for @@ -637,6 +1223,9 @@ 2185. [port] sunos: libbind: check for ssize_t, memmove() and memchr(). [RT #16463] +2184. [bug] bind9.xsl.h didn't build out of the source tree. + [RT #16830] + 2183. [bug] dnssec-signzone didn't handle offline private keys well. [RT #16832] @@ -649,6 +1238,9 @@ 2180. [cleanup] Remove bit test from 'compress_test' as they are no longer needed. [RT #16497] +2179. [func] 'rndc command zone' will now find 'zone' if it is + unique to all the views. [RT #16821] + 2178. [bug] 'rndc reload' of a slave or stub zone resulted in a reference leak. [RT #16867] @@ -667,6 +1259,11 @@ 2173. [port] win32: When compiling with MSVS 2005 SP1 we also need to ship Microsoft.VC80.MFCLOC. + --- 9.5.0a4 released --- + +2172. [bug] query_addsoa() was being called with a non zone db. + [RT #16834] + 2171. [bug] Handle breaks in DNSSEC trust chains where the parent servers are not DS aware (DS queries to the parent return a referral to the child). @@ -683,27 +1280,43 @@ 2167. [bug] When re-using a automatic zone named failed to attach it to the new view. [RT #16786] + --- 9.5.0a3 released --- + 2166. [bug] When running in batch mode, dig could misinterpret a server address as a name to be looked up, causing unexpected output. [RT #16743] -2164. [bug] The code to determine how named-checkzone / +2165. [func] Allow the destination address of a query to determine + if we will answer the query or recurse. + allow-query-on, allow-recursion-on and + allow-query-cache-on. [RT #16291] + +2164. [bug] The code to determine how named-checkzone / named-compilezone was called failed under windows. [RT #16764] +2163. [bug] If only one of query-source and query-source-v6 + specified a port the query pools code broke (change + 2129). [RT #16768] + 2162. [func] Allow "rrset-order fixed" to be disabled at compile time. [RT #16665] -2161. [bug] 'rndc flush' could report a false success. [RT #16698] +2161. [bug] Fix which log messages are emitted for 'rndc flush'. + [RT #16698] 2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned from getifaddrs(). [RT #16708] + --- 9.5.0a2 released --- + 2159. [bug] Array bounds overrun in acache processing. [RT #16710] 2158. [bug] ns_client_isself() failed to initialize key leading to a REQUIRE failure. [RT #16688] +2157. [func] dns_db_transfernode() created. [RT #16685] + 2156. [bug] Fix node reference leaks in lookup.c:lookup_find(), resolver.c:validated() and resolver.c:cache_name(). Fix a memory leak in rbtdb.c:free_noqname(). @@ -713,6 +1326,9 @@ 2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com. [RT #16694] +2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be + matched in acls by omitting the scope. [RT #16599] + 2153. [bug] nsupdate could leak memory. [RT #16691] 2152. [cleanup] Use sizeof(buf) instead of fixed number in @@ -729,6 +1345,8 @@ if there were still active memory contexts. [RT #16672] +2148. [func] Add positive logging for rndc commands. [RT #14623] + 2147. [bug] libbind: remove potential buffer overflow from hmac_link.c. [RT #16437] @@ -757,17 +1375,6 @@ 2139. [bug] dns_view_find() was being called with wrong type in adb.c. [RT #16670] -2119. [compat] libbind: allow res_init() to succeed enough to - return the default domain even if it was unable - to allocate memory. - - --- 9.4.1 released --- - -2172. [bug] query_addsoa() was being called with a non zone db. - [RT #16834] - - --- 9.4.0 released --- - 2138. [bug] Lock order reversal in resolver.c. [RT #16653] 2137. [port] Mips little endian and/or mips 64 bit are now @@ -778,6 +1385,8 @@ 2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656] +2134. [func] Additional statistics support. [RT #16666] + 2133. [port] powerpc: Support both IBM and MacOS Power PC assembler syntaxes. [RT #16647] @@ -786,9 +1395,13 @@ 2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630] -2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635] +2130. [func] Log if CD or DO were set. [RT #16640] - --- 9.4.0rc2 released --- +2129. [func] Provide a pool of UDP sockets for queries to be + made over. See use-queryport-pool, queryport-pool-ports + and queryport-pool-updateinterval. [RT #16415] + +2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635] 2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563] @@ -800,9 +1413,22 @@ 2124. [security] It was possible to dereference a freed fetch context. [RT #16584] + --- 9.5.0a1 released --- + +2123. [func] Use Doxygen to generate internal documentation. + [RT #11398] + +2122. [func] Experimental http server and statistics support + for named via xml. + +2121. [func] Add a 10 slot dead masters cache (LRU) with a 600 + second timeout. [RT #16553] + 2120. [doc] Fix markup on nsupdate man page. [RT #16556] - --- 9.4.0rc1 released --- +2119. [compat] libbind: allow res_init() to succeed enough to + return the default domain even if it was unable + to allocate memory. 2118. [bug] Handle response with long chains of domain name compression pointers which point to other compression @@ -837,8 +1463,14 @@ 2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502] +2108. [func] DHCID support. [RT #16456] + 2107. [bug] dighost.c: more cleanup of buffers. [RT #16499] +2106. [func] 'rndc status' now reports named's version. [RT #16426] + +2105. [func] GSS-TSIG support (RFC 3645). + 2104. [port] Fix Solaris SMF error message. 2103. [port] Add /usr/sfw to list of locations for OpenSSL @@ -846,8 +1478,6 @@ 2102. [port] Silence Solaris 10 warnings. - --- 9.4.0b4 released --- - 2101. [bug] OpenSSL version checks were not quite right. [RT #16476] @@ -860,8 +1490,6 @@ triggered an INSIST failure about the node lock reference. [RT #16411] - --- 9.4.0b3 released --- - 2097. [bug] named could reference a destroyed memory context after being reloaded / reconfigured. [RT #16428] @@ -870,14 +1498,14 @@ 2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and net_cidr_ntop_ipv6(). [RT #16388] - + 2094. [contrib] Update named-bootconf. [RT# 16404] 2093. [bug] named-checkzone -s was broken. 2092. [bug] win32: dig, host, nslookup. Use registry config if resolv.conf does not exist or no nameservers - listed. [RT #15877] + listed. [RT #15877] 2091. [port] dighost.c: race condition on cleanup. [RT #16417] @@ -906,8 +1534,6 @@ 2082. [doc] Document 'cache-file' as a test only option. - --- 9.4.0b2 released --- - 2081. [port] libbind: minor 64-bit portability fix in memcluster.c. [RT #16360] @@ -971,8 +1597,6 @@ 2060. [bug] Enabling DLZ support could leave views partially configured. [RT #16295] - --- 9.4.0b1 released --- - 2059. [bug] Search into cache rbtdb could trigger an INSIST failure while cleaning up a stale rdataset. [RT #16292] @@ -1052,13 +1676,15 @@ 2036. [bug] 'rndc recursing' could cause trigger a REQUIRE. [RT #16075] +2035. [func] Make falling back to TCP on UDP refresh failure + optional. Default "try-tcp-refresh yes;" for BIND 8 + compatibility. [RT #16123] + 2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124] 2033. [bug] We weren't creating multiple client memory contexts on demand as expected. [RT #16095] - --- 9.4.0a6 released --- - 2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074] 2031. [bug] Emit a error message when "rndc refresh" is called on @@ -1105,8 +1731,6 @@ allowed but requested and we had the answer to the original qname. [RT #15945] - --- 9.4.0a5 released --- - 2015. [cleanup] use-additional-cache is now acache-enable for consistency. Default acache-enable off in BIND 9.4 as it requires memory usage to be configured. @@ -1126,7 +1750,7 @@ the signed zone, either as an increment or as the system time(). [RT #15633] - --- 9.4.0a4 released --- +2010. [placeholder] rt15958 2009. [bug] libbind: Coverity fixes. [RT #15808] @@ -1280,12 +1904,12 @@ 1966. [bug] Don't set CD when we have fallen back to plain DNS. [RT #15727] -1965. [func] Suppress spurious "recusion requested but not +1965. [func] Suppress spurious "recursion requested but not available" warning with 'dig +qr'. [RT #15780]. 1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723] -1963. [port] Tru64 4.0E doesn't support send() and recv(). +1963. [port] Tru64 4.0E doesn't support send() and recv(). [RT #15586] 1962. [bug] Named failed to clear old update-policy when it @@ -1328,7 +1952,7 @@ 1951. [security] Drop queries from particular well known ports. Don't return FORMERR to queries from particular well known ports. [RT #15636] - + 1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect() a TCP socket. This prevents the source address being set for TCP connections. [RT #15628] @@ -1350,19 +1974,13 @@ 1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended. To generate a RSAMD5 key you must explicitly request RSAMD5. [RT #13780] - + 1944. [cleanup] isc_hash_create() does not need a read/write lock. [RT #15522] 1943. [bug] Set the loadtime after rolling forward the journal. [RT #15647] -1597. [func] Allow notify-source and query-source to be specified - on a per server basis similar to transfer-source. - [RT #6496] - - --- 9.4.0a3 released --- - 1942. [bug] If the name of a DNSKEY match that of one in trusted-keys do not attempt to validate the DNSKEY using the parents DS RRset. [RT #15649] @@ -1390,12 +2008,6 @@ prior to returning them if it can be done without requiring DNSKEYs to be fetched. [RT #15430] -1919. [contrib] queryperf: a set of new features: collecting/printing - response delays, printing intermediate results, and - adjusting query rate for the "target" qps. - - --- 9.4.0a2 released --- - 1933. [bug] dump_rdataset_raw() had a incorrect INSIST. [RT #15534] 1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530] @@ -1434,7 +2046,9 @@ have the desired performance characteristics. [RT #15454] - --- 9.4.0a1 released --- +1919. [contrib] queryperf: a set of new features: collecting/printing + response delays, printing intermediate results, and + adjusting query rate for the "target" qps. 1918. [bug] Memory leak when checking acls. [RT #15391] @@ -1472,7 +2086,7 @@ [RT #15034] 1905. [bug] Strings returned from cfg_obj_asstring() should be - treated as read-only. The prototype for + treated as read-only. The prototype for cfg_obj_asstring() has been updated to reflect this. [RT #15256] @@ -1577,6 +2191,8 @@ 1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753] +1871. [placeholder] + 1870. [func] Added framework for handling multiple EDNS versions. [RT #14873] @@ -1602,10 +2218,10 @@ 1863. [bug] rrset-order "fixed" error messages not complete. 1862. [func] Add additional zone data constancy checks. - named-checkzone has extended checking of NS, MX and + named-checkzone has extended checking of NS, MX and SRV record and the hosts they reference. named has extended post zone load checks. - New zone options: check-mx and integrity-check. + New zone options: check-mx and integrity-check. [RT #4940] 1861. [bug] dig could trigger a INSIST on certain malformed @@ -1648,9 +2264,9 @@ 1848. [bug] Improve SMF integration. [RT #13238] 1847. [bug] isc_ondestroy_init() is called too late in - dns_rbtdb_create()/dns_rbtdb64_create(). + dns_rbtdb_create()/dns_rbtdb64_create(). [RT #13661] - + 1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer . @@ -1721,6 +2337,8 @@ 1822. [bug] check-names test for RT was reversed. [RT #13382] +1821. [placeholder] + 1820. [bug] Gracefully handle acl loops. [RT #13659] 1819. [bug] The validator needed to check both the algorithm and @@ -1870,6 +2488,10 @@ 1773. [bug] Fast retry on host / net unreachable. [RT #13153] +1772. [placeholder] + +1771. [placeholder] + 1770. [bug] named-checkconf failed to report missing a missing file clause for rbt{64} master/hint zones. [RT#13009] @@ -1936,7 +2558,7 @@ [RT #12866] 1748. [func] dig now returns the byte count for axfr/ixfr. - + 1747. [bug] BIND 8 compatibility: named/named-checkconf failed to parse "host-statistics-max" in named.conf. @@ -1954,7 +2576,7 @@ requested number of worker threads then destruction of the manager would trigger an INSIST() failure. [RT #12790] - + 1742. [bug] Deleting all records at a node then adding a previously existing record, in a single UPDATE transaction, failed to leave / regenerate the @@ -1965,7 +2587,7 @@ 1740. [bug] Replace rbt's hash algorithm as it performed badly with certain zones. [RT #12729] - + NOTE: a hash context now needs to be established via isc_hash_create() if the application was not already doing this. @@ -1980,7 +2602,7 @@ 1736. [bug] dst_key_fromnamedfile() could fail to read a public key. [RT #12687] - + 1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure. [RE #12688] @@ -2157,7 +2779,7 @@ 1675. [bug] named would sometimes add extra NSEC records to the authority section. - + 1674. [port] linux: increase buffer size used to scan /proc/net/if_inet6. @@ -2173,6 +2795,8 @@ 1670. [func] Log UPDATE requests to slave zones without an acl as "disabled" at debug level 3. [RT# 11657] +1669. [placeholder] + 1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core. 1667. [port] linux: not all versions have IF_NAMESIZE. @@ -2229,7 +2853,7 @@ 1648. [func] Update dnssec-lookaside named.conf syntax to support multiple dnssec-lookaside namespaces (not yet - implemented). + implemented). 1647. [bug] It was possible trigger a INSIST when chasing a DS record that required walking back over a empty node. @@ -2259,7 +2883,7 @@ 1638. [bug] "ixfr-from-differences" could generate a REQUIRE failure if the journal open failed. [RT #11347] - + 1637. [bug] Node reference leak on error in addnoqname(). 1636. [bug] The dump done callback could get ISC_R_SUCCESS even if @@ -2353,21 +2977,21 @@ 1607. [bug] dig, host and nslookup were still using random() to generate query ids. [RT# 11013] -1606. [bug] DLV insecurity proof was failing. +1606. [bug] DLV insecurity proof was failing. 1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC. 1604. [bug] A xfrout_ctx_create() failure would result in xfrout_ctx_destroy() being called with a partially initialized structure. - + 1603. [bug] nsupdate: set interactive based on isatty(). [RT# 10929] 1602. [bug] Logging to a file failed unless a size was specified. [RT# 10925] -1601. [bug] Silence spurious warning 'both "recursion no;" and +1601. [bug] Silence spurious warning 'both "recursion no;" and "allow-recursion" active' warning from view "_bind". [RT# 10920] @@ -2379,6 +3003,10 @@ 1598. [func] Specify that certain parts of the namespace must be secure (dnssec-must-be-secure). +1597. [func] Allow notify-source and query-source to be specified + on a per server basis similar to transfer-source. + [RT #6496] + 1596. [func] Accept 'notify-source' style syntax for query-source. 1595. [func] New notify type 'master-only'. Enable notify for @@ -4280,7 +4908,7 @@ 963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645] 962. [bug] libbind: bad "#undef", don't attempt to install - non-existant nlist.h. [RT #1640] + non-existent nlist.h. [RT #1640] 961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6 was not defined. [RT #1482] @@ -6918,7 +7546,7 @@ 188. [func] Log a warning message when an incoming zone transfer contains out-of-zone data. - 187. [func] isc_ratelimter_enqueue() has an additional argument + 187. [func] isc_ratelimiter_enqueue() has an additional argument 'task'. 186. [func] dns_request_getresponse() has an additional argument @@ -7061,7 +7689,7 @@ masters [ port xxx ] { y.y.y.y [ port zzz ] ; } - 149. [cleanup] Removed usused argument 'olist' from + 149. [cleanup] Removed unused argument 'olist' from dns_c_view_unsetordering(). 148. [cleanup] Stop issuing some warnings about some configuration @@ -7137,7 +7765,7 @@ 128. [cleanup] had ISC_LANG_BEGINDECLS instead of ISC_LANG_ENDDECLS at end of header. - 127. [cleanup] The contracts for the comparision routines + 127. [cleanup] The contracts for the comparison routines dns_name_fullcompare(), dns_name_compare(), dns_name_rdatacompare(), and dns_rdata_compare() now specify that the order value returned is < 0, 0, or > 0 -- cgit v1.2.3