aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDag-Erling Smørgrav <des@FreeBSD.org>2013-09-30 17:23:45 +0000
committerDag-Erling Smørgrav <des@FreeBSD.org>2013-09-30 17:23:45 +0000
commit56b72efe825d4190e0e2fdbc07ebb295cac299df (patch)
tree1a2886b0de387ddff665d0e370f40ffc32778840
parent8cdb4d896719648d4d1976c133bad53d24090573 (diff)
downloadsrc-56b72efe825d4190e0e2fdbc07ebb295cac299df.tar.gz
src-56b72efe825d4190e0e2fdbc07ebb295cac299df.zip
Remove BIND.
Approved by: re (gjb)
Notes
Notes: svn path=/head/; revision=255949
-rw-r--r--Makefile.inc16
-rw-r--r--ObsoleteFiles.inc229
-rw-r--r--contrib/bind9/CHANGES11412
-rw-r--r--contrib/bind9/COPYRIGHT518
-rw-r--r--contrib/bind9/FAQ893
-rw-r--r--contrib/bind9/FAQ.xml1613
-rw-r--r--contrib/bind9/HISTORY365
-rw-r--r--contrib/bind9/Makefile.in90
-rw-r--r--contrib/bind9/README374
-rw-r--r--contrib/bind9/acconfig.h148
-rw-r--r--contrib/bind9/aclocal.m45
-rw-r--r--contrib/bind9/bin/Makefile.in26
-rw-r--r--contrib/bind9/bin/check/Makefile.in100
-rw-r--r--contrib/bind9/bin/check/check-tool.c697
-rw-r--r--contrib/bind9/bin/check/check-tool.h61
-rw-r--r--contrib/bind9/bin/check/named-checkconf.8119
-rw-r--r--contrib/bind9/bin/check/named-checkconf.c556
-rw-r--r--contrib/bind9/bin/check/named-checkconf.docbook195
-rw-r--r--contrib/bind9/bin/check/named-checkconf.html113
-rw-r--r--contrib/bind9/bin/check/named-checkzone.8308
-rw-r--r--contrib/bind9/bin/check/named-checkzone.c544
-rw-r--r--contrib/bind9/bin/check/named-checkzone.docbook509
-rw-r--r--contrib/bind9/bin/check/named-checkzone.html293
-rw-r--r--contrib/bind9/bin/confgen/Makefile.in101
-rw-r--r--contrib/bind9/bin/confgen/ddns-confgen.8143
-rw-r--r--contrib/bind9/bin/confgen/ddns-confgen.c258
-rw-r--r--contrib/bind9/bin/confgen/ddns-confgen.docbook218
-rw-r--r--contrib/bind9/bin/confgen/ddns-confgen.html141
-rw-r--r--contrib/bind9/bin/confgen/include/confgen/os.h39
-rw-r--r--contrib/bind9/bin/confgen/keygen.c222
-rw-r--r--contrib/bind9/bin/confgen/keygen.h41
-rw-r--r--contrib/bind9/bin/confgen/rndc-confgen.8211
-rw-r--r--contrib/bind9/bin/confgen/rndc-confgen.c269
-rw-r--r--contrib/bind9/bin/confgen/rndc-confgen.docbook287
-rw-r--r--contrib/bind9/bin/confgen/rndc-confgen.html188
-rw-r--r--contrib/bind9/bin/confgen/unix/Makefile.in35
-rw-r--r--contrib/bind9/bin/confgen/unix/os.c43
-rw-r--r--contrib/bind9/bin/confgen/util.c56
-rw-r--r--contrib/bind9/bin/confgen/util.h52
-rw-r--r--contrib/bind9/bin/dig/Makefile.in107
-rw-r--r--contrib/bind9/bin/dig/dig.1603
-rw-r--r--contrib/bind9/bin/dig/dig.c1868
-rw-r--r--contrib/bind9/bin/dig/dig.docbook1003
-rw-r--r--contrib/bind9/bin/dig/dig.html673
-rw-r--r--contrib/bind9/bin/dig/dighost.c5789
-rw-r--r--contrib/bind9/bin/dig/host.1219
-rw-r--r--contrib/bind9/bin/dig/host.c892
-rw-r--r--contrib/bind9/bin/dig/host.docbook279
-rw-r--r--contrib/bind9/bin/dig/host.html212
-rw-r--r--contrib/bind9/bin/dig/include/dig/dig.h419
-rw-r--r--contrib/bind9/bin/dig/nslookup.1258
-rw-r--r--contrib/bind9/bin/dig/nslookup.c921
-rw-r--r--contrib/bind9/bin/dig/nslookup.docbook497
-rw-r--r--contrib/bind9/bin/dig/nslookup.html309
-rw-r--r--contrib/bind9/bin/dnssec/Makefile.in120
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-dsfromkey.8157
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-dsfromkey.c559
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-dsfromkey.docbook279
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-dsfromkey.html169
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-keyfromlabel.8228
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-keyfromlabel.c587
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-keyfromlabel.docbook446
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-keyfromlabel.html275
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-keygen.8308
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-keygen.c1054
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-keygen.docbook623
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-keygen.html411
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-revoke.888
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-revoke.c276
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-revoke.docbook161
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-revoke.html92
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-settime.8175
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-settime.c624
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-settime.docbook338
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-settime.html220
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-signzone.8434
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-signzone.c3746
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-signzone.docbook782
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-signzone.html491
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-verify.897
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-verify.c328
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-verify.docbook185
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-verify.html117
-rw-r--r--contrib/bind9/bin/dnssec/dnssectool.c1801
-rw-r--r--contrib/bind9/bin/dnssec/dnssectool.h97
-rw-r--r--contrib/bind9/bin/named/Makefile.in185
-rw-r--r--contrib/bind9/bin/named/bind.keys.h99
-rw-r--r--contrib/bind9/bin/named/bind9.ver3.xsl738
-rw-r--r--contrib/bind9/bin/named/bind9.ver3.xsl.h740
-rw-r--r--contrib/bind9/bin/named/bind9.xsl492
-rw-r--r--contrib/bind9/bin/named/bind9.xsl.h497
-rw-r--r--contrib/bind9/bin/named/builtin.c576
-rw-r--r--contrib/bind9/bin/named/client.c2918
-rw-r--r--contrib/bind9/bin/named/config.c863
-rw-r--r--contrib/bind9/bin/named/control.c219
-rw-r--r--contrib/bind9/bin/named/controlconf.c1458
-rwxr-xr-xcontrib/bind9/bin/named/convertxsl.pl57
-rw-r--r--contrib/bind9/bin/named/include/dlz/dlz_dlopen_driver.h27
-rw-r--r--contrib/bind9/bin/named/include/named/builtin.h31
-rw-r--r--contrib/bind9/bin/named/include/named/client.h387
-rw-r--r--contrib/bind9/bin/named/include/named/config.h82
-rw-r--r--contrib/bind9/bin/named/include/named/control.h103
-rw-r--r--contrib/bind9/bin/named/include/named/globals.h166
-rw-r--r--contrib/bind9/bin/named/include/named/interfacemgr.h179
-rw-r--r--contrib/bind9/bin/named/include/named/listenlist.h105
-rw-r--r--contrib/bind9/bin/named/include/named/log.h99
-rw-r--r--contrib/bind9/bin/named/include/named/logconf.h34
-rw-r--r--contrib/bind9/bin/named/include/named/lwaddr.h36
-rw-r--r--contrib/bind9/bin/named/include/named/lwdclient.h234
-rw-r--r--contrib/bind9/bin/named/include/named/lwresd.h121
-rw-r--r--contrib/bind9/bin/named/include/named/lwsearch.h112
-rw-r--r--contrib/bind9/bin/named/include/named/main.h35
-rw-r--r--contrib/bind9/bin/named/include/named/notify.h55
-rw-r--r--contrib/bind9/bin/named/include/named/ns_smf_globals.h44
-rw-r--r--contrib/bind9/bin/named/include/named/query.h102
-rw-r--r--contrib/bind9/bin/named/include/named/server.h353
-rw-r--r--contrib/bind9/bin/named/include/named/sortlist.h87
-rw-r--r--contrib/bind9/bin/named/include/named/statschannel.h61
-rw-r--r--contrib/bind9/bin/named/include/named/tkeyconf.h53
-rw-r--r--contrib/bind9/bin/named/include/named/tsigconf.h50
-rw-r--r--contrib/bind9/bin/named/include/named/types.h48
-rw-r--r--contrib/bind9/bin/named/include/named/update.h50
-rw-r--r--contrib/bind9/bin/named/include/named/xfrout.h39
-rw-r--r--contrib/bind9/bin/named/include/named/zoneconf.h78
-rw-r--r--contrib/bind9/bin/named/interfacemgr.c1003
-rw-r--r--contrib/bind9/bin/named/listenlist.c138
-rw-r--r--contrib/bind9/bin/named/log.c236
-rw-r--r--contrib/bind9/bin/named/logconf.c314
-rw-r--r--contrib/bind9/bin/named/lwaddr.c94
-rw-r--r--contrib/bind9/bin/named/lwdclient.c468
-rw-r--r--contrib/bind9/bin/named/lwderror.c80
-rw-r--r--contrib/bind9/bin/named/lwdgabn.c657
-rw-r--r--contrib/bind9/bin/named/lwdgnba.c270
-rw-r--r--contrib/bind9/bin/named/lwdgrbn.c513
-rw-r--r--contrib/bind9/bin/named/lwdnoop.c87
-rw-r--r--contrib/bind9/bin/named/lwresd.8223
-rw-r--r--contrib/bind9/bin/named/lwresd.c869
-rw-r--r--contrib/bind9/bin/named/lwresd.docbook374
-rw-r--r--contrib/bind9/bin/named/lwresd.html225
-rw-r--r--contrib/bind9/bin/named/lwsearch.c206
-rw-r--r--contrib/bind9/bin/named/main.c1170
-rw-r--r--contrib/bind9/bin/named/named.8286
-rw-r--r--contrib/bind9/bin/named/named.conf.5600
-rw-r--r--contrib/bind9/bin/named/named.conf.docbook687
-rw-r--r--contrib/bind9/bin/named/named.conf.html638
-rw-r--r--contrib/bind9/bin/named/named.docbook489
-rw-r--r--contrib/bind9/bin/named/named.html310
-rw-r--r--contrib/bind9/bin/named/notify.c174
-rw-r--r--contrib/bind9/bin/named/query.c7659
-rw-r--r--contrib/bind9/bin/named/server.c8267
-rw-r--r--contrib/bind9/bin/named/sortlist.c170
-rw-r--r--contrib/bind9/bin/named/statschannel.c1978
-rw-r--r--contrib/bind9/bin/named/tkeyconf.c136
-rw-r--r--contrib/bind9/bin/named/tsigconf.c183
-rw-r--r--contrib/bind9/bin/named/unix/Makefile.in37
-rw-r--r--contrib/bind9/bin/named/unix/dlz_dlopen_driver.c625
-rw-r--r--contrib/bind9/bin/named/unix/include/named/os.h75
-rw-r--r--contrib/bind9/bin/named/unix/os.c965
-rw-r--r--contrib/bind9/bin/named/update.c3377
-rw-r--r--contrib/bind9/bin/named/xfrout.c1666
-rw-r--r--contrib/bind9/bin/named/zoneconf.c1722
-rw-r--r--contrib/bind9/bin/nsupdate/Makefile.in94
-rw-r--r--contrib/bind9/bin/nsupdate/nsupdate.1441
-rw-r--r--contrib/bind9/bin/nsupdate/nsupdate.c3022
-rw-r--r--contrib/bind9/bin/nsupdate/nsupdate.docbook770
-rw-r--r--contrib/bind9/bin/nsupdate/nsupdate.html584
-rw-r--r--contrib/bind9/bin/rndc/Makefile.in92
-rw-r--r--contrib/bind9/bin/rndc/include/rndc/os.h40
-rw-r--r--contrib/bind9/bin/rndc/rndc.8148
-rw-r--r--contrib/bind9/bin/rndc/rndc.c905
-rw-r--r--contrib/bind9/bin/rndc/rndc.conf47
-rw-r--r--contrib/bind9/bin/rndc/rndc.conf.5214
-rw-r--r--contrib/bind9/bin/rndc/rndc.conf.docbook252
-rw-r--r--contrib/bind9/bin/rndc/rndc.conf.html217
-rw-r--r--contrib/bind9/bin/rndc/rndc.docbook253
-rw-r--r--contrib/bind9/bin/rndc/rndc.html165
-rw-r--r--contrib/bind9/bin/rndc/util.c57
-rw-r--r--contrib/bind9/bin/rndc/util.h53
-rw-r--r--contrib/bind9/bin/tools/Makefile.in103
-rw-r--r--contrib/bind9/bin/tools/arpaname.148
-rw-r--r--contrib/bind9/bin/tools/arpaname.c53
-rw-r--r--contrib/bind9/bin/tools/arpaname.docbook76
-rw-r--r--contrib/bind9/bin/tools/arpaname.html52
-rw-r--r--contrib/bind9/bin/tools/genrandom.869
-rw-r--r--contrib/bind9/bin/tools/genrandom.c137
-rw-r--r--contrib/bind9/bin/tools/genrandom.docbook120
-rw-r--r--contrib/bind9/bin/tools/genrandom.html73
-rw-r--r--contrib/bind9/bin/tools/isc-hmac-fixup.861
-rw-r--r--contrib/bind9/bin/tools/isc-hmac-fixup.c136
-rw-r--r--contrib/bind9/bin/tools/isc-hmac-fixup.docbook110
-rw-r--r--contrib/bind9/bin/tools/isc-hmac-fixup.html83
-rw-r--r--contrib/bind9/bin/tools/named-journalprint.860
-rw-r--r--contrib/bind9/bin/tools/named-journalprint.c86
-rw-r--r--contrib/bind9/bin/tools/named-journalprint.docbook101
-rw-r--r--contrib/bind9/bin/tools/named-journalprint.html73
-rw-r--r--contrib/bind9/bin/tools/nsec3hash.870
-rw-r--r--contrib/bind9/bin/tools/nsec3hash.c122
-rw-r--r--contrib/bind9/bin/tools/nsec3hash.docbook125
-rw-r--r--contrib/bind9/bin/tools/nsec3hash.html78
-rw-r--r--contrib/bind9/config.guess1447
-rw-r--r--contrib/bind9/config.h.in463
-rw-r--r--contrib/bind9/config.sub1555
-rw-r--r--contrib/bind9/config.threads.in135
-rw-r--r--contrib/bind9/configure.in3840
-rw-r--r--contrib/bind9/doc/Makefile.in29
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM-book.xml17126
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch01.html562
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch02.html158
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch03.html1057
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch04.html1921
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch05.html143
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch06.html11220
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch07.html251
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch08.html139
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch09.html1103
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch10.html144
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.html352
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.pdf19705
-rw-r--r--contrib/bind9/doc/arm/Makefile.in71
-rw-r--r--contrib/bind9/doc/arm/README-SGML329
-rw-r--r--contrib/bind9/doc/arm/dnssec.xml289
-rw-r--r--contrib/bind9/doc/arm/isc-logo.eps5022
-rw-r--r--contrib/bind9/doc/arm/isc-logo.pdf1193
-rw-r--r--contrib/bind9/doc/arm/libdns.xml530
-rw-r--r--contrib/bind9/doc/arm/man.arpaname.html91
-rw-r--r--contrib/bind9/doc/arm/man.ddns-confgen.html180
-rw-r--r--contrib/bind9/doc/arm/man.dig.html709
-rw-r--r--contrib/bind9/doc/arm/man.dnssec-dsfromkey.html208
-rw-r--r--contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html314
-rw-r--r--contrib/bind9/doc/arm/man.dnssec-keygen.html449
-rw-r--r--contrib/bind9/doc/arm/man.dnssec-revoke.html131
-rw-r--r--contrib/bind9/doc/arm/man.dnssec-settime.html259
-rw-r--r--contrib/bind9/doc/arm/man.dnssec-signzone.html529
-rw-r--r--contrib/bind9/doc/arm/man.dnssec-verify.html156
-rw-r--r--contrib/bind9/doc/arm/man.genrandom.html112
-rw-r--r--contrib/bind9/doc/arm/man.host.html249
-rw-r--r--contrib/bind9/doc/arm/man.isc-hmac-fixup.html122
-rw-r--r--contrib/bind9/doc/arm/man.named-checkconf.html151
-rw-r--r--contrib/bind9/doc/arm/man.named-checkzone.html331
-rw-r--r--contrib/bind9/doc/arm/man.named-journalprint.html112
-rw-r--r--contrib/bind9/doc/arm/man.named.html348
-rw-r--r--contrib/bind9/doc/arm/man.nsec3hash.html113
-rw-r--r--contrib/bind9/doc/arm/man.nsupdate.html622
-rw-r--r--contrib/bind9/doc/arm/man.rndc-confgen.html226
-rw-r--r--contrib/bind9/doc/arm/man.rndc.conf.html255
-rw-r--r--contrib/bind9/doc/arm/man.rndc.html203
-rw-r--r--contrib/bind9/doc/arm/managed-keys.xml100
-rw-r--r--contrib/bind9/doc/arm/pkcs11.xml443
-rw-r--r--contrib/bind9/doc/misc/Makefile.in50
-rw-r--r--contrib/bind9/doc/misc/dnssec84
-rw-r--r--contrib/bind9/doc/misc/format-options.pl49
-rw-r--r--contrib/bind9/doc/misc/ipv6113
-rw-r--r--contrib/bind9/doc/misc/migration267
-rw-r--r--contrib/bind9/doc/misc/migration-4to957
-rw-r--r--contrib/bind9/doc/misc/options650
-rw-r--r--contrib/bind9/doc/misc/rfc-compliance62
-rw-r--r--contrib/bind9/doc/misc/roadmap47
-rw-r--r--contrib/bind9/doc/misc/sdb169
-rwxr-xr-xcontrib/bind9/doc/misc/sort-options.pl50
-rwxr-xr-xcontrib/bind9/install-sh250
-rw-r--r--contrib/bind9/isc-config.sh.in161
-rw-r--r--contrib/bind9/lib/Makefile.in34
-rw-r--r--contrib/bind9/lib/bind9/Makefile.in85
-rw-r--r--contrib/bind9/lib/bind9/api9
-rw-r--r--contrib/bind9/lib/bind9/check.c2935
-rw-r--r--contrib/bind9/lib/bind9/getaddresses.c231
-rw-r--r--contrib/bind9/lib/bind9/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/bind9/include/bind9/Makefile.in42
-rw-r--r--contrib/bind9/lib/bind9/include/bind9/check.h57
-rw-r--r--contrib/bind9/lib/bind9/include/bind9/getaddresses.h61
-rw-r--r--contrib/bind9/lib/bind9/include/bind9/version.h28
-rw-r--r--contrib/bind9/lib/bind9/version.c28
-rw-r--r--contrib/bind9/lib/dns/Makefile.in186
-rw-r--r--contrib/bind9/lib/dns/acache.c1800
-rw-r--r--contrib/bind9/lib/dns/acl.c633
-rw-r--r--contrib/bind9/lib/dns/adb.c4148
-rw-r--r--contrib/bind9/lib/dns/api9
-rw-r--r--contrib/bind9/lib/dns/byaddr.c318
-rw-r--r--contrib/bind9/lib/dns/cache.c1280
-rw-r--r--contrib/bind9/lib/dns/callbacks.c115
-rw-r--r--contrib/bind9/lib/dns/client.c3043
-rw-r--r--contrib/bind9/lib/dns/clientinfo.c38
-rw-r--r--contrib/bind9/lib/dns/compress.c341
-rw-r--r--contrib/bind9/lib/dns/db.c1027
-rw-r--r--contrib/bind9/lib/dns/dbiterator.c143
-rw-r--r--contrib/bind9/lib/dns/dbtable.c292
-rw-r--r--contrib/bind9/lib/dns/diff.c661
-rw-r--r--contrib/bind9/lib/dns/dispatch.c3859
-rw-r--r--contrib/bind9/lib/dns/dlz.c655
-rw-r--r--contrib/bind9/lib/dns/dns64.c301
-rw-r--r--contrib/bind9/lib/dns/dnssec.c1884
-rw-r--r--contrib/bind9/lib/dns/ds.c183
-rw-r--r--contrib/bind9/lib/dns/dst_api.c1862
-rw-r--r--contrib/bind9/lib/dns/dst_internal.h254
-rw-r--r--contrib/bind9/lib/dns/dst_lib.c67
-rw-r--r--contrib/bind9/lib/dns/dst_openssl.h60
-rw-r--r--contrib/bind9/lib/dns/dst_parse.c727
-rw-r--r--contrib/bind9/lib/dns/dst_parse.h142
-rw-r--r--contrib/bind9/lib/dns/dst_result.c89
-rw-r--r--contrib/bind9/lib/dns/ecdb.c827
-rw-r--r--contrib/bind9/lib/dns/forward.c215
-rw-r--r--contrib/bind9/lib/dns/gen-unix.h97
-rw-r--r--contrib/bind9/lib/dns/gen.c910
-rw-r--r--contrib/bind9/lib/dns/gssapi_link.c394
-rw-r--r--contrib/bind9/lib/dns/gssapictx.c872
-rw-r--r--contrib/bind9/lib/dns/hmac_link.c1734
-rw-r--r--contrib/bind9/lib/dns/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/dns/include/dns/Makefile.in52
-rw-r--r--contrib/bind9/lib/dns/include/dns/acache.h448
-rw-r--r--contrib/bind9/lib/dns/include/dns/acl.h239
-rw-r--r--contrib/bind9/lib/dns/include/dns/adb.h634
-rw-r--r--contrib/bind9/lib/dns/include/dns/bit.h39
-rw-r--r--contrib/bind9/lib/dns/include/dns/byaddr.h171
-rw-r--r--contrib/bind9/lib/dns/include/dns/cache.h311
-rw-r--r--contrib/bind9/lib/dns/include/dns/callbacks.h95
-rw-r--r--contrib/bind9/lib/dns/include/dns/cert.h69
-rw-r--r--contrib/bind9/lib/dns/include/dns/client.h621
-rw-r--r--contrib/bind9/lib/dns/include/dns/clientinfo.h85
-rw-r--r--contrib/bind9/lib/dns/include/dns/compress.h269
-rw-r--r--contrib/bind9/lib/dns/include/dns/db.h1573
-rw-r--r--contrib/bind9/lib/dns/include/dns/dbiterator.h297
-rw-r--r--contrib/bind9/lib/dns/include/dns/dbtable.h165
-rw-r--r--contrib/bind9/lib/dns/include/dns/diff.h291
-rw-r--r--contrib/bind9/lib/dns/include/dns/dispatch.h563
-rw-r--r--contrib/bind9/lib/dns/include/dns/dlz.h346
-rw-r--r--contrib/bind9/lib/dns/include/dns/dlz_dlopen.h171
-rw-r--r--contrib/bind9/lib/dns/include/dns/dns64.h175
-rw-r--r--contrib/bind9/lib/dns/include/dns/dnssec.h350
-rw-r--r--contrib/bind9/lib/dns/include/dns/ds.h69
-rw-r--r--contrib/bind9/lib/dns/include/dns/ecdb.h54
-rw-r--r--contrib/bind9/lib/dns/include/dns/events.h86
-rw-r--r--contrib/bind9/lib/dns/include/dns/fixedname.h86
-rw-r--r--contrib/bind9/lib/dns/include/dns/forward.h133
-rw-r--r--contrib/bind9/lib/dns/include/dns/iptable.h72
-rw-r--r--contrib/bind9/lib/dns/include/dns/journal.h309
-rw-r--r--contrib/bind9/lib/dns/include/dns/keydata.h55
-rw-r--r--contrib/bind9/lib/dns/include/dns/keyflags.h54
-rw-r--r--contrib/bind9/lib/dns/include/dns/keytable.h457
-rw-r--r--contrib/bind9/lib/dns/include/dns/keyvalues.h112
-rw-r--r--contrib/bind9/lib/dns/include/dns/lib.h59
-rw-r--r--contrib/bind9/lib/dns/include/dns/log.h110
-rw-r--r--contrib/bind9/lib/dns/include/dns/lookup.h137
-rw-r--r--contrib/bind9/lib/dns/include/dns/master.h324
-rw-r--r--contrib/bind9/lib/dns/include/dns/masterdump.h372
-rw-r--r--contrib/bind9/lib/dns/include/dns/message.h1379
-rw-r--r--contrib/bind9/lib/dns/include/dns/name.h1364
-rw-r--r--contrib/bind9/lib/dns/include/dns/ncache.h191
-rw-r--r--contrib/bind9/lib/dns/include/dns/nsec.h116
-rw-r--r--contrib/bind9/lib/dns/include/dns/nsec3.h262
-rw-r--r--contrib/bind9/lib/dns/include/dns/opcode.h51
-rw-r--r--contrib/bind9/lib/dns/include/dns/order.h99
-rw-r--r--contrib/bind9/lib/dns/include/dns/peer.h219
-rw-r--r--contrib/bind9/lib/dns/include/dns/portlist.h101
-rw-r--r--contrib/bind9/lib/dns/include/dns/private.h72
-rw-r--r--contrib/bind9/lib/dns/include/dns/rbt.h942
-rw-r--r--contrib/bind9/lib/dns/include/dns/rcode.h113
-rw-r--r--contrib/bind9/lib/dns/include/dns/rdata.h774
-rw-r--r--contrib/bind9/lib/dns/include/dns/rdataclass.h81
-rw-r--r--contrib/bind9/lib/dns/include/dns/rdatalist.h124
-rw-r--r--contrib/bind9/lib/dns/include/dns/rdataset.h682
-rw-r--r--contrib/bind9/lib/dns/include/dns/rdatasetiter.h170
-rw-r--r--contrib/bind9/lib/dns/include/dns/rdataslab.h170
-rw-r--r--contrib/bind9/lib/dns/include/dns/rdatatype.h84
-rw-r--r--contrib/bind9/lib/dns/include/dns/request.h381
-rw-r--r--contrib/bind9/lib/dns/include/dns/resolver.h580
-rw-r--r--contrib/bind9/lib/dns/include/dns/result.h196
-rw-r--r--contrib/bind9/lib/dns/include/dns/rootns.h45
-rw-r--r--contrib/bind9/lib/dns/include/dns/rpz.h204
-rw-r--r--contrib/bind9/lib/dns/include/dns/rriterator.h187
-rw-r--r--contrib/bind9/lib/dns/include/dns/sdb.h219
-rw-r--r--contrib/bind9/lib/dns/include/dns/sdlz.h376
-rw-r--r--contrib/bind9/lib/dns/include/dns/secalg.h78
-rw-r--r--contrib/bind9/lib/dns/include/dns/secproto.h71
-rw-r--r--contrib/bind9/lib/dns/include/dns/soa.h103
-rw-r--r--contrib/bind9/lib/dns/include/dns/ssu.h212
-rw-r--r--contrib/bind9/lib/dns/include/dns/stats.h376
-rw-r--r--contrib/bind9/lib/dns/include/dns/tcpmsg.h147
-rw-r--r--contrib/bind9/lib/dns/include/dns/time.h78
-rw-r--r--contrib/bind9/lib/dns/include/dns/timer.h52
-rw-r--r--contrib/bind9/lib/dns/include/dns/tkey.h252
-rw-r--r--contrib/bind9/lib/dns/include/dns/tsec.h137
-rw-r--r--contrib/bind9/lib/dns/include/dns/tsig.h294
-rw-r--r--contrib/bind9/lib/dns/include/dns/ttl.h78
-rw-r--r--contrib/bind9/lib/dns/include/dns/types.h399
-rw-r--r--contrib/bind9/lib/dns/include/dns/update.h64
-rw-r--r--contrib/bind9/lib/dns/include/dns/validator.h261
-rw-r--r--contrib/bind9/lib/dns/include/dns/version.h28
-rw-r--r--contrib/bind9/lib/dns/include/dns/view.h1114
-rw-r--r--contrib/bind9/lib/dns/include/dns/xfrin.h111
-rw-r--r--contrib/bind9/lib/dns/include/dns/zone.h2104
-rw-r--r--contrib/bind9/lib/dns/include/dns/zonekey.h42
-rw-r--r--contrib/bind9/lib/dns/include/dns/zt.h215
-rw-r--r--contrib/bind9/lib/dns/include/dst/Makefile.in37
-rw-r--r--contrib/bind9/lib/dns/include/dst/dst.h929
-rw-r--r--contrib/bind9/lib/dns/include/dst/gssapi.h214
-rw-r--r--contrib/bind9/lib/dns/include/dst/lib.h41
-rw-r--r--contrib/bind9/lib/dns/include/dst/result.h73
-rw-r--r--contrib/bind9/lib/dns/iptable.c189
-rw-r--r--contrib/bind9/lib/dns/journal.c2337
-rw-r--r--contrib/bind9/lib/dns/key.c192
-rw-r--r--contrib/bind9/lib/dns/keydata.c89
-rw-r--r--contrib/bind9/lib/dns/keytable.c674
-rw-r--r--contrib/bind9/lib/dns/lib.c168
-rw-r--r--contrib/bind9/lib/dns/log.c101
-rw-r--r--contrib/bind9/lib/dns/lookup.c498
-rw-r--r--contrib/bind9/lib/dns/master.c3005
-rw-r--r--contrib/bind9/lib/dns/masterdump.c1912
-rw-r--r--contrib/bind9/lib/dns/message.c3552
-rw-r--r--contrib/bind9/lib/dns/name.c2506
-rw-r--r--contrib/bind9/lib/dns/ncache.c756
-rw-r--r--contrib/bind9/lib/dns/nsec.c451
-rw-r--r--contrib/bind9/lib/dns/nsec3.c2087
-rw-r--r--contrib/bind9/lib/dns/openssl_link.c392
-rw-r--r--contrib/bind9/lib/dns/openssldh_link.c678
-rw-r--r--contrib/bind9/lib/dns/openssldsa_link.c659
-rw-r--r--contrib/bind9/lib/dns/opensslecdsa_link.c607
-rw-r--r--contrib/bind9/lib/dns/opensslgost_link.c445
-rw-r--r--contrib/bind9/lib/dns/opensslrsa_link.c1491
-rw-r--r--contrib/bind9/lib/dns/order.c167
-rw-r--r--contrib/bind9/lib/dns/peer.c712
-rw-r--r--contrib/bind9/lib/dns/portlist.c266
-rw-r--r--contrib/bind9/lib/dns/private.c371
-rw-r--r--contrib/bind9/lib/dns/rbt.c2679
-rw-r--r--contrib/bind9/lib/dns/rbtdb.c9343
-rw-r--r--contrib/bind9/lib/dns/rbtdb.h57
-rw-r--r--contrib/bind9/lib/dns/rbtdb64.c23
-rw-r--r--contrib/bind9/lib/dns/rbtdb64.h45
-rw-r--r--contrib/bind9/lib/dns/rcode.c515
-rw-r--r--contrib/bind9/lib/dns/rdata.c2175
-rw-r--r--contrib/bind9/lib/dns/rdata/any_255/tsig_250.c603
-rw-r--r--contrib/bind9/lib/dns/rdata/any_255/tsig_250.h38
-rw-r--r--contrib/bind9/lib/dns/rdata/ch_3/a_1.c320
-rw-r--r--contrib/bind9/lib/dns/rdata/ch_3/a_1.h34
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/afsdb_18.c313
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/afsdb_18.h34
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/cert_37.c287
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/cert_37.h34
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/cname_5.c237
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/cname_5.h29
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/dlv_32769.c355
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/dlv_32769.h33
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/dname_39.c237
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/dname_39.h32
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/dnskey_48.c361
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/dnskey_48.h37
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/ds_43.c355
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/ds_43.h35
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/eui48_108.c215
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/eui48_108.h26
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/eui64_109.c220
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/eui64_109.h26
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/gpos_27.c257
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/gpos_27.h37
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/hinfo_13.c228
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/hinfo_13.h32
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/hip_55.c506
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/hip_55.h47
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/ipseckey_45.c501
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/ipseckey_45.h35
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/isdn_20.c239
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/isdn_20.h35
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/key_25.c348
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/key_25.h37
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/keydata_65533.c395
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/keydata_65533.h35
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/l32_105.c233
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/l32_105.h27
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/l64_106.c228
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/l64_106.h27
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/loc_29.c804
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/loc_29.h43
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/lp_107.c275
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/lp_107.h28
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mb_7.c239
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mb_7.h30
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/md_3.c241
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/md_3.h31
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mf_4.c240
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mf_4.h30
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mg_8.c235
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mg_8.h30
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/minfo_14.c329
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/minfo_14.h31
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mr_9.c236
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mr_9.h30
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mx_15.c323
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/mx_15.h31
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/naptr_35.c671
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/naptr_35.h40
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/nid_104.c228
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/nid_104.h27
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/ns_2.c256
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/ns_2.h31
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/nsec3_50.c505
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/nsec3_50.h118
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/nsec3param_51.c319
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/nsec3param_51.h38
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/nsec_47.c396
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/nsec_47.h34
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/null_10.c193
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/null_10.h32
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/nxt_30.c333
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/nxt_30.h34
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/opt_41.c289
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/opt_41.h55
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/proforma.c190
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/proforma.h30
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/ptr_12.c295
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/ptr_12.h30
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/rp_17.c318
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/rp_17.h34
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/rrsig_46.c593
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/rrsig_46.h41
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/rt_21.c316
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/rt_21.h33
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/sig_24.c585
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/sig_24.h42
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/soa_6.c449
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/soa_6.h37
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/spf_99.c242
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/spf_99.h51
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/sshfp_44.c270
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/sshfp_44.h35
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/tkey_249.c565
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/tkey_249.h41
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/tlsa_52.c290
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/tlsa_52.h35
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/txt_16.c250
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/txt_16.h52
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/unspec_103.c194
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/unspec_103.h31
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/uri_256.c331
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/uri_256.h31
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/x25_19.c224
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/x25_19.h33
-rw-r--r--contrib/bind9/lib/dns/rdata/hs_4/a_1.c237
-rw-r--r--contrib/bind9/lib/dns/rdata/hs_4/a_1.h29
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/a6_38.c466
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/a6_38.h34
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/a_1.c241
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/a_1.h29
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/aaaa_28.c237
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/aaaa_28.h31
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/apl_42.c458
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/apl_42.h56
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/dhcid_49.c237
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/dhcid_49.h30
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/kx_36.c293
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/kx_36.h33
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/nsap-ptr_23.c250
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/nsap-ptr_23.h32
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/nsap_22.c259
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/nsap_22.h33
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/px_26.c379
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/px_26.h34
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/srv_33.c378
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/srv_33.h37
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/wks_11.c383
-rw-r--r--contrib/bind9/lib/dns/rdata/in_1/wks_11.h32
-rw-r--r--contrib/bind9/lib/dns/rdata/rdatastructpre.h42
-rw-r--r--contrib/bind9/lib/dns/rdata/rdatastructsuf.h22
-rw-r--r--contrib/bind9/lib/dns/rdatalist.c369
-rw-r--r--contrib/bind9/lib/dns/rdatalist_p.h64
-rw-r--r--contrib/bind9/lib/dns/rdataset.c802
-rw-r--r--contrib/bind9/lib/dns/rdatasetiter.c80
-rw-r--r--contrib/bind9/lib/dns/rdataslab.c1109
-rw-r--r--contrib/bind9/lib/dns/request.c1499
-rw-r--r--contrib/bind9/lib/dns/resolver.c9040
-rw-r--r--contrib/bind9/lib/dns/result.c284
-rw-r--r--contrib/bind9/lib/dns/rootns.c528
-rw-r--r--contrib/bind9/lib/dns/rpz.c1192
-rw-r--r--contrib/bind9/lib/dns/rriterator.c204
-rw-r--r--contrib/bind9/lib/dns/sdb.c1596
-rw-r--r--contrib/bind9/lib/dns/sdlz.c2103
-rw-r--r--contrib/bind9/lib/dns/soa.c147
-rw-r--r--contrib/bind9/lib/dns/spnego.asn152
-rw-r--r--contrib/bind9/lib/dns/spnego.c1820
-rw-r--r--contrib/bind9/lib/dns/spnego.h71
-rw-r--r--contrib/bind9/lib/dns/spnego_asn1.c867
-rwxr-xr-xcontrib/bind9/lib/dns/spnego_asn1.pl200
-rw-r--r--contrib/bind9/lib/dns/ssu.c613
-rw-r--r--contrib/bind9/lib/dns/ssu_external.c264
-rw-r--r--contrib/bind9/lib/dns/stats.c404
-rw-r--r--contrib/bind9/lib/dns/tcpmsg.c243
-rw-r--r--contrib/bind9/lib/dns/time.c203
-rw-r--r--contrib/bind9/lib/dns/timer.c60
-rw-r--r--contrib/bind9/lib/dns/tkey.c1460
-rw-r--r--contrib/bind9/lib/dns/tsec.c160
-rw-r--r--contrib/bind9/lib/dns/tsig.c1883
-rw-r--r--contrib/bind9/lib/dns/ttl.c217
-rw-r--r--contrib/bind9/lib/dns/update.c1865
-rw-r--r--contrib/bind9/lib/dns/validator.c3960
-rw-r--r--contrib/bind9/lib/dns/version.c28
-rw-r--r--contrib/bind9/lib/dns/view.c1845
-rw-r--r--contrib/bind9/lib/dns/xfrin.c1556
-rw-r--r--contrib/bind9/lib/dns/zone.c16753
-rw-r--r--contrib/bind9/lib/dns/zonekey.c55
-rw-r--r--contrib/bind9/lib/dns/zt.c539
-rw-r--r--contrib/bind9/lib/export/Makefile.in27
-rw-r--r--contrib/bind9/lib/export/dns/Makefile.in181
-rw-r--r--contrib/bind9/lib/export/dns/include/Makefile.in23
-rw-r--r--contrib/bind9/lib/export/dns/include/dns/Makefile.in56
-rw-r--r--contrib/bind9/lib/export/dns/include/dst/Makefile.in36
-rw-r--r--contrib/bind9/lib/export/irs/Makefile.in87
-rw-r--r--contrib/bind9/lib/export/irs/include/Makefile.in24
-rw-r--r--contrib/bind9/lib/export/irs/include/irs/Makefile.in46
-rw-r--r--contrib/bind9/lib/export/isc/Makefile.in138
-rw-r--r--contrib/bind9/lib/export/isc/include/Makefile.in24
-rw-r--r--contrib/bind9/lib/export/isc/include/isc/Makefile.in66
-rw-r--r--contrib/bind9/lib/export/isc/include/isc/bind9.h30
-rw-r--r--contrib/bind9/lib/export/isc/nls/Makefile.in37
-rw-r--r--contrib/bind9/lib/export/isc/nothreads/Makefile.in42
-rw-r--r--contrib/bind9/lib/export/isc/nothreads/include/Makefile.in24
-rw-r--r--contrib/bind9/lib/export/isc/nothreads/include/isc/Makefile.in36
-rw-r--r--contrib/bind9/lib/export/isc/pthreads/Makefile.in40
-rw-r--r--contrib/bind9/lib/export/isc/pthreads/include/Makefile.in24
-rw-r--r--contrib/bind9/lib/export/isc/pthreads/include/isc/Makefile.in36
-rw-r--r--contrib/bind9/lib/export/isc/unix/Makefile.in59
-rw-r--r--contrib/bind9/lib/export/isc/unix/include/Makefile.in24
-rw-r--r--contrib/bind9/lib/export/isc/unix/include/isc/Makefile.in37
-rw-r--r--contrib/bind9/lib/export/isccfg/Makefile.in83
-rw-r--r--contrib/bind9/lib/export/isccfg/include/Makefile.in24
-rw-r--r--contrib/bind9/lib/export/isccfg/include/isccfg/Makefile.in42
-rw-r--r--contrib/bind9/lib/export/samples/Makefile-postinstall.in78
-rw-r--r--contrib/bind9/lib/export/samples/Makefile.in99
-rw-r--r--contrib/bind9/lib/export/samples/nsprobe.c1220
-rw-r--r--contrib/bind9/lib/export/samples/sample-async.c402
-rw-r--r--contrib/bind9/lib/export/samples/sample-gai.c77
-rw-r--r--contrib/bind9/lib/export/samples/sample-request.c265
-rw-r--r--contrib/bind9/lib/export/samples/sample-update.c755
-rw-r--r--contrib/bind9/lib/export/samples/sample.c384
-rw-r--r--contrib/bind9/lib/irs/Makefile.in80
-rw-r--r--contrib/bind9/lib/irs/api9
-rw-r--r--contrib/bind9/lib/irs/context.c396
-rw-r--r--contrib/bind9/lib/irs/dnsconf.c269
-rw-r--r--contrib/bind9/lib/irs/gai_strerror.c93
-rw-r--r--contrib/bind9/lib/irs/getaddrinfo.c1297
-rw-r--r--contrib/bind9/lib/irs/getnameinfo.c409
-rw-r--r--contrib/bind9/lib/irs/include/Makefile.in24
-rw-r--r--contrib/bind9/lib/irs/include/irs/Makefile.in44
-rw-r--r--contrib/bind9/lib/irs/include/irs/context.h159
-rw-r--r--contrib/bind9/lib/irs/include/irs/dnsconf.h94
-rw-r--r--contrib/bind9/lib/irs/include/irs/netdb.h.in167
-rw-r--r--contrib/bind9/lib/irs/include/irs/platform.h.in45
-rw-r--r--contrib/bind9/lib/irs/include/irs/resconf.h113
-rw-r--r--contrib/bind9/lib/irs/include/irs/types.h31
-rw-r--r--contrib/bind9/lib/irs/include/irs/version.h27
-rw-r--r--contrib/bind9/lib/irs/resconf.c637
-rw-r--r--contrib/bind9/lib/irs/version.c27
-rw-r--r--contrib/bind9/lib/isc/Makefile.in135
-rw-r--r--contrib/bind9/lib/isc/alpha/Makefile.in24
-rw-r--r--contrib/bind9/lib/isc/alpha/include/Makefile.in24
-rw-r--r--contrib/bind9/lib/isc/alpha/include/isc/Makefile.in36
-rw-r--r--contrib/bind9/lib/isc/alpha/include/isc/atomic.h184
-rw-r--r--contrib/bind9/lib/isc/api9
-rw-r--r--contrib/bind9/lib/isc/app_api.c136
-rw-r--r--contrib/bind9/lib/isc/arm/include/isc/atomic.h81
-rw-r--r--contrib/bind9/lib/isc/assertions.c139
-rw-r--r--contrib/bind9/lib/isc/backtrace-emptytbl.c34
-rw-r--r--contrib/bind9/lib/isc/backtrace.c285
-rw-r--r--contrib/bind9/lib/isc/base32.c373
-rw-r--r--contrib/bind9/lib/isc/base64.c252
-rw-r--r--contrib/bind9/lib/isc/bitstring.c127
-rw-r--r--contrib/bind9/lib/isc/buffer.c489
-rw-r--r--contrib/bind9/lib/isc/bufferlist.c64
-rw-r--r--contrib/bind9/lib/isc/commandline.c225
-rw-r--r--contrib/bind9/lib/isc/entropy.c1277
-rw-r--r--contrib/bind9/lib/isc/error.c106
-rw-r--r--contrib/bind9/lib/isc/event.c88
-rw-r--r--contrib/bind9/lib/isc/fsaccess.c102
-rw-r--r--contrib/bind9/lib/isc/hash.c404
-rw-r--r--contrib/bind9/lib/isc/heap.c265
-rw-r--r--contrib/bind9/lib/isc/hex.c201
-rw-r--r--contrib/bind9/lib/isc/hmacmd5.c149
-rw-r--r--contrib/bind9/lib/isc/hmacsha.c594
-rw-r--r--contrib/bind9/lib/isc/httpd.c1028
-rw-r--r--contrib/bind9/lib/isc/ia64/Makefile.in24
-rw-r--r--contrib/bind9/lib/isc/ia64/include/Makefile.in24
-rw-r--r--contrib/bind9/lib/isc/ia64/include/isc/Makefile.in36
-rw-r--r--contrib/bind9/lib/isc/ia64/include/isc/atomic.h100
-rw-r--r--contrib/bind9/lib/isc/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/isc/include/isc/Makefile.in61
-rw-r--r--contrib/bind9/lib/isc/include/isc/app.h375
-rw-r--r--contrib/bind9/lib/isc/include/isc/assertions.h126
-rw-r--r--contrib/bind9/lib/isc/include/isc/backtrace.h131
-rw-r--r--contrib/bind9/lib/isc/include/isc/base32.h128
-rw-r--r--contrib/bind9/lib/isc/include/isc/base64.h99
-rw-r--r--contrib/bind9/lib/isc/include/isc/bind9.h30
-rw-r--r--contrib/bind9/lib/isc/include/isc/bitstring.h157
-rw-r--r--contrib/bind9/lib/isc/include/isc/boolean.h31
-rw-r--r--contrib/bind9/lib/isc/include/isc/buffer.h906
-rw-r--r--contrib/bind9/lib/isc/include/isc/bufferlist.h86
-rw-r--r--contrib/bind9/lib/isc/include/isc/commandline.h50
-rw-r--r--contrib/bind9/lib/isc/include/isc/entropy.h314
-rw-r--r--contrib/bind9/lib/isc/include/isc/error.h63
-rw-r--r--contrib/bind9/lib/isc/include/isc/event.h121
-rw-r--r--contrib/bind9/lib/isc/include/isc/eventclass.h53
-rw-r--r--contrib/bind9/lib/isc/include/isc/file.h331
-rw-r--r--contrib/bind9/lib/isc/include/isc/formatcheck.h40
-rw-r--r--contrib/bind9/lib/isc/include/isc/fsaccess.h178
-rw-r--r--contrib/bind9/lib/isc/include/isc/hash.h185
-rw-r--r--contrib/bind9/lib/isc/include/isc/heap.h172
-rw-r--r--contrib/bind9/lib/isc/include/isc/hex.h98
-rw-r--r--contrib/bind9/lib/isc/include/isc/hmacmd5.h72
-rw-r--r--contrib/bind9/lib/isc/include/isc/hmacsha.h169
-rw-r--r--contrib/bind9/lib/isc/include/isc/httpd.h64
-rw-r--r--contrib/bind9/lib/isc/include/isc/interfaceiter.h133
-rw-r--r--contrib/bind9/lib/isc/include/isc/ipv6.h148
-rw-r--r--contrib/bind9/lib/isc/include/isc/iterated_hash.h47
-rw-r--r--contrib/bind9/lib/isc/include/isc/lang.h33
-rw-r--r--contrib/bind9/lib/isc/include/isc/lex.h431
-rw-r--r--contrib/bind9/lib/isc/include/isc/lfsr.h130
-rw-r--r--contrib/bind9/lib/isc/include/isc/lib.h50
-rw-r--r--contrib/bind9/lib/isc/include/isc/list.h199
-rw-r--r--contrib/bind9/lib/isc/include/isc/log.h914
-rw-r--r--contrib/bind9/lib/isc/include/isc/magic.h41
-rw-r--r--contrib/bind9/lib/isc/include/isc/md5.h83
-rw-r--r--contrib/bind9/lib/isc/include/isc/mem.h733
-rw-r--r--contrib/bind9/lib/isc/include/isc/msgcat.h131
-rw-r--r--contrib/bind9/lib/isc/include/isc/msgs.h194
-rw-r--r--contrib/bind9/lib/isc/include/isc/mutexblock.h71
-rw-r--r--contrib/bind9/lib/isc/include/isc/namespace.h174
-rw-r--r--contrib/bind9/lib/isc/include/isc/netaddr.h180
-rw-r--r--contrib/bind9/lib/isc/include/isc/netscope.h43
-rw-r--r--contrib/bind9/lib/isc/include/isc/ondestroy.h116
-rw-r--r--contrib/bind9/lib/isc/include/isc/os.h38
-rw-r--r--contrib/bind9/lib/isc/include/isc/parseint.h64
-rw-r--r--contrib/bind9/lib/isc/include/isc/platform.h.in367
-rw-r--r--contrib/bind9/lib/isc/include/isc/pool.h149
-rw-r--r--contrib/bind9/lib/isc/include/isc/portset.h141
-rw-r--r--contrib/bind9/lib/isc/include/isc/print.h87
-rw-r--r--contrib/bind9/lib/isc/include/isc/queue.h165
-rw-r--r--contrib/bind9/lib/isc/include/isc/quota.h119
-rw-r--r--contrib/bind9/lib/isc/include/isc/radix.h242
-rw-r--r--contrib/bind9/lib/isc/include/isc/random.h62
-rw-r--r--contrib/bind9/lib/isc/include/isc/ratelimiter.h134
-rw-r--r--contrib/bind9/lib/isc/include/isc/refcount.h233
-rw-r--r--contrib/bind9/lib/isc/include/isc/regex.h39
-rw-r--r--contrib/bind9/lib/isc/include/isc/region.h104
-rw-r--r--contrib/bind9/lib/isc/include/isc/resource.h97
-rw-r--r--contrib/bind9/lib/isc/include/isc/result.h109
-rw-r--r--contrib/bind9/lib/isc/include/isc/resultclass.h51
-rw-r--r--contrib/bind9/lib/isc/include/isc/rwlock.h135
-rw-r--r--contrib/bind9/lib/isc/include/isc/serial.h75
-rw-r--r--contrib/bind9/lib/isc/include/isc/sha1.h68
-rw-r--r--contrib/bind9/lib/isc/include/isc/sha2.h145
-rw-r--r--contrib/bind9/lib/isc/include/isc/sockaddr.h242
-rw-r--r--contrib/bind9/lib/isc/include/isc/socket.h1176
-rw-r--r--contrib/bind9/lib/isc/include/isc/stats.h121
-rw-r--r--contrib/bind9/lib/isc/include/isc/stdio.h77
-rw-r--r--contrib/bind9/lib/isc/include/isc/stdlib.h40
-rw-r--r--contrib/bind9/lib/isc/include/isc/string.h231
-rw-r--r--contrib/bind9/lib/isc/include/isc/symtab.h139
-rw-r--r--contrib/bind9/lib/isc/include/isc/task.h823
-rw-r--r--contrib/bind9/lib/isc/include/isc/taskpool.h157
-rw-r--r--contrib/bind9/lib/isc/include/isc/timer.h432
-rw-r--r--contrib/bind9/lib/isc/include/isc/types.h129
-rw-r--r--contrib/bind9/lib/isc/include/isc/util.h238
-rw-r--r--contrib/bind9/lib/isc/include/isc/version.h28
-rw-r--r--contrib/bind9/lib/isc/include/isc/xml.h41
-rw-r--r--contrib/bind9/lib/isc/inet_aton.c196
-rw-r--r--contrib/bind9/lib/isc/inet_ntop.c199
-rw-r--r--contrib/bind9/lib/isc/inet_pton.c214
-rw-r--r--contrib/bind9/lib/isc/iterated_hash.c48
-rw-r--r--contrib/bind9/lib/isc/lex.c959
-rw-r--r--contrib/bind9/lib/isc/lfsr.c161
-rw-r--r--contrib/bind9/lib/isc/lib.c103
-rw-r--r--contrib/bind9/lib/isc/log.c1764
-rw-r--r--contrib/bind9/lib/isc/md5.c277
-rw-r--r--contrib/bind9/lib/isc/mem.c2514
-rw-r--r--contrib/bind9/lib/isc/mem_api.c303
-rw-r--r--contrib/bind9/lib/isc/mips/Makefile.in24
-rw-r--r--contrib/bind9/lib/isc/mips/include/Makefile.in24
-rw-r--r--contrib/bind9/lib/isc/mips/include/isc/Makefile.in36
-rw-r--r--contrib/bind9/lib/isc/mips/include/isc/atomic.h98
-rw-r--r--contrib/bind9/lib/isc/mutexblock.c58
-rw-r--r--contrib/bind9/lib/isc/netaddr.c434
-rw-r--r--contrib/bind9/lib/isc/netscope.c76
-rw-r--r--contrib/bind9/lib/isc/nls/Makefile.in37
-rw-r--r--contrib/bind9/lib/isc/nls/msgcat.c131
-rw-r--r--contrib/bind9/lib/isc/noatomic/Makefile.in24
-rw-r--r--contrib/bind9/lib/isc/noatomic/include/Makefile.in24
-rw-r--r--contrib/bind9/lib/isc/noatomic/include/isc/Makefile.in36
-rw-r--r--contrib/bind9/lib/isc/noatomic/include/isc/atomic.h24
-rw-r--r--contrib/bind9/lib/isc/nothreads/Makefile.in40
-rw-r--r--contrib/bind9/lib/isc/nothreads/condition.c24
-rw-r--r--contrib/bind9/lib/isc/nothreads/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/isc/nothreads/include/isc/Makefile.in37
-rw-r--r--contrib/bind9/lib/isc/nothreads/include/isc/condition.h59
-rw-r--r--contrib/bind9/lib/isc/nothreads/include/isc/mutex.h39
-rw-r--r--contrib/bind9/lib/isc/nothreads/include/isc/once.h32
-rw-r--r--contrib/bind9/lib/isc/nothreads/include/isc/thread.h35
-rw-r--r--contrib/bind9/lib/isc/nothreads/mutex.c25
-rw-r--r--contrib/bind9/lib/isc/nothreads/thread.c28
-rw-r--r--contrib/bind9/lib/isc/ondestroy.c85
-rw-r--r--contrib/bind9/lib/isc/parseint.c79
-rw-r--r--contrib/bind9/lib/isc/pool.c177
-rw-r--r--contrib/bind9/lib/isc/portset.c143
-rw-r--r--contrib/bind9/lib/isc/powerpc/Makefile.in24
-rw-r--r--contrib/bind9/lib/isc/powerpc/include/Makefile.in24
-rw-r--r--contrib/bind9/lib/isc/powerpc/include/isc/Makefile.in36
-rw-r--r--contrib/bind9/lib/isc/powerpc/include/isc/atomic.h197
-rw-r--r--contrib/bind9/lib/isc/print.c624
-rw-r--r--contrib/bind9/lib/isc/pthreads/Makefile.in38
-rw-r--r--contrib/bind9/lib/isc/pthreads/condition.c81
-rw-r--r--contrib/bind9/lib/isc/pthreads/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/isc/pthreads/include/isc/Makefile.in37
-rw-r--r--contrib/bind9/lib/isc/pthreads/include/isc/condition.h65
-rw-r--r--contrib/bind9/lib/isc/pthreads/include/isc/mutex.h145
-rw-r--r--contrib/bind9/lib/isc/pthreads/include/isc/once.h50
-rw-r--r--contrib/bind9/lib/isc/pthreads/include/isc/thread.h60
-rw-r--r--contrib/bind9/lib/isc/pthreads/mutex.c275
-rw-r--r--contrib/bind9/lib/isc/pthreads/thread.c76
-rw-r--r--contrib/bind9/lib/isc/quota.c101
-rw-r--r--contrib/bind9/lib/isc/radix.c707
-rw-r--r--contrib/bind9/lib/isc/random.c113
-rw-r--r--contrib/bind9/lib/isc/ratelimiter.c329
-rw-r--r--contrib/bind9/lib/isc/refcount.c37
-rw-r--r--contrib/bind9/lib/isc/regex.c370
-rw-r--r--contrib/bind9/lib/isc/region.c45
-rw-r--r--contrib/bind9/lib/isc/result.c214
-rw-r--r--contrib/bind9/lib/isc/rwlock.c809
-rw-r--r--contrib/bind9/lib/isc/serial.c59
-rw-r--r--contrib/bind9/lib/isc/sha1.c354
-rw-r--r--contrib/bind9/lib/isc/sha2.c1449
-rw-r--r--contrib/bind9/lib/isc/sockaddr.c505
-rw-r--r--contrib/bind9/lib/isc/socket_api.c254
-rw-r--r--contrib/bind9/lib/isc/sparc64/Makefile.in24
-rw-r--r--contrib/bind9/lib/isc/sparc64/include/Makefile.in24
-rw-r--r--contrib/bind9/lib/isc/sparc64/include/isc/Makefile.in36
-rw-r--r--contrib/bind9/lib/isc/sparc64/include/isc/atomic.h126
-rw-r--r--contrib/bind9/lib/isc/stats.c326
-rw-r--r--contrib/bind9/lib/isc/string.c271
-rw-r--r--contrib/bind9/lib/isc/strtoul.c129
-rw-r--r--contrib/bind9/lib/isc/symtab.c303
-rw-r--r--contrib/bind9/lib/isc/task.c1860
-rw-r--r--contrib/bind9/lib/isc/task_api.c255
-rw-r--r--contrib/bind9/lib/isc/task_p.h39
-rw-r--r--contrib/bind9/lib/isc/taskpool.c187
-rw-r--r--contrib/bind9/lib/isc/timer.c1072
-rw-r--r--contrib/bind9/lib/isc/timer_api.c144
-rw-r--r--contrib/bind9/lib/isc/timer_p.h31
-rw-r--r--contrib/bind9/lib/isc/unix/Makefile.in51
-rw-r--r--contrib/bind9/lib/isc/unix/app.c946
-rw-r--r--contrib/bind9/lib/isc/unix/dir.c251
-rw-r--r--contrib/bind9/lib/isc/unix/entropy.c604
-rw-r--r--contrib/bind9/lib/isc/unix/errno2result.c122
-rw-r--r--contrib/bind9/lib/isc/unix/errno2result.h41
-rw-r--r--contrib/bind9/lib/isc/unix/file.c593
-rw-r--r--contrib/bind9/lib/isc/unix/fsaccess.c93
-rw-r--r--contrib/bind9/lib/isc/unix/ifiter_getifaddrs.c234
-rw-r--r--contrib/bind9/lib/isc/unix/ifiter_ioctl.c931
-rw-r--r--contrib/bind9/lib/isc/unix/ifiter_sysctl.c302
-rw-r--r--contrib/bind9/lib/isc/unix/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/Makefile.in38
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/dir.h94
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/int.h55
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/keyboard.h52
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/net.h364
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/netdb.h57
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/offset.h46
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/stat.h52
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/stdtime.h64
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/strerror.h45
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/syslog.h47
-rw-r--r--contrib/bind9/lib/isc/unix/include/isc/time.h334
-rw-r--r--contrib/bind9/lib/isc/unix/interfaceiter.c312
-rw-r--r--contrib/bind9/lib/isc/unix/ipv6.c27
-rw-r--r--contrib/bind9/lib/isc/unix/keyboard.c126
-rw-r--r--contrib/bind9/lib/isc/unix/net.c521
-rw-r--r--contrib/bind9/lib/isc/unix/os.c94
-rw-r--r--contrib/bind9/lib/isc/unix/resource.c231
-rw-r--r--contrib/bind9/lib/isc/unix/socket.c6043
-rw-r--r--contrib/bind9/lib/isc/unix/socket_p.h33
-rw-r--r--contrib/bind9/lib/isc/unix/stdio.c129
-rw-r--r--contrib/bind9/lib/isc/unix/stdtime.c86
-rw-r--r--contrib/bind9/lib/isc/unix/strerror.c74
-rw-r--r--contrib/bind9/lib/isc/unix/syslog.c84
-rw-r--r--contrib/bind9/lib/isc/unix/time.c420
-rw-r--r--contrib/bind9/lib/isc/version.c28
-rw-r--r--contrib/bind9/lib/isc/x86_32/Makefile.in24
-rw-r--r--contrib/bind9/lib/isc/x86_32/include/Makefile.in24
-rw-r--r--contrib/bind9/lib/isc/x86_32/include/isc/Makefile.in36
-rw-r--r--contrib/bind9/lib/isc/x86_32/include/isc/atomic.h176
-rw-r--r--contrib/bind9/lib/isc/x86_64/Makefile.in24
-rw-r--r--contrib/bind9/lib/isc/x86_64/include/Makefile.in24
-rw-r--r--contrib/bind9/lib/isc/x86_64/include/isc/Makefile.in36
-rw-r--r--contrib/bind9/lib/isc/x86_64/include/isc/atomic.h123
-rw-r--r--contrib/bind9/lib/isccc/Makefile.in86
-rw-r--r--contrib/bind9/lib/isccc/alist.c312
-rw-r--r--contrib/bind9/lib/isccc/api9
-rw-r--r--contrib/bind9/lib/isccc/base64.c78
-rw-r--r--contrib/bind9/lib/isccc/cc.c853
-rw-r--r--contrib/bind9/lib/isccc/ccmsg.c235
-rw-r--r--contrib/bind9/lib/isccc/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/Makefile.in42
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/alist.h87
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/base64.h85
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/cc.h122
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/ccmsg.h148
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/events.h50
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/lib.h55
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/result.h73
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/sexpr.h124
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/symtab.h135
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/symtype.h44
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/types.h59
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/util.h225
-rw-r--r--contrib/bind9/lib/isccc/include/isccc/version.h28
-rw-r--r--contrib/bind9/lib/isccc/lib.c78
-rw-r--r--contrib/bind9/lib/isccc/result.c85
-rw-r--r--contrib/bind9/lib/isccc/sexpr.c325
-rw-r--r--contrib/bind9/lib/isccc/symtab.c293
-rw-r--r--contrib/bind9/lib/isccc/version.c28
-rw-r--r--contrib/bind9/lib/isccfg/Makefile.in84
-rw-r--r--contrib/bind9/lib/isccfg/aclconf.c494
-rw-r--r--contrib/bind9/lib/isccfg/api9
-rw-r--r--contrib/bind9/lib/isccfg/dnsconf.c69
-rw-r--r--contrib/bind9/lib/isccfg/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/isccfg/include/isccfg/Makefile.in42
-rw-r--r--contrib/bind9/lib/isccfg/include/isccfg/aclconf.h83
-rw-r--r--contrib/bind9/lib/isccfg/include/isccfg/cfg.h445
-rw-r--r--contrib/bind9/lib/isccfg/include/isccfg/dnsconf.h35
-rw-r--r--contrib/bind9/lib/isccfg/include/isccfg/grammar.h474
-rw-r--r--contrib/bind9/lib/isccfg/include/isccfg/log.h55
-rw-r--r--contrib/bind9/lib/isccfg/include/isccfg/namedconf.h57
-rw-r--r--contrib/bind9/lib/isccfg/include/isccfg/version.h28
-rw-r--r--contrib/bind9/lib/isccfg/log.c52
-rw-r--r--contrib/bind9/lib/isccfg/namedconf.c2889
-rw-r--r--contrib/bind9/lib/isccfg/parser.c2484
-rw-r--r--contrib/bind9/lib/isccfg/version.c29
-rw-r--r--contrib/bind9/lib/lwres/Makefile.in84
-rw-r--r--contrib/bind9/lib/lwres/api9
-rw-r--r--contrib/bind9/lib/lwres/assert_p.h36
-rw-r--r--contrib/bind9/lib/lwres/context.c504
-rw-r--r--contrib/bind9/lib/lwres/context_p.h67
-rw-r--r--contrib/bind9/lib/lwres/gai_strerror.c83
-rw-r--r--contrib/bind9/lib/lwres/getaddrinfo.c800
-rw-r--r--contrib/bind9/lib/lwres/gethost.c362
-rw-r--r--contrib/bind9/lib/lwres/getipnode.c1166
-rw-r--r--contrib/bind9/lib/lwres/getnameinfo.c347
-rw-r--r--contrib/bind9/lib/lwres/getrrset.c292
-rw-r--r--contrib/bind9/lib/lwres/herror.c122
-rw-r--r--contrib/bind9/lib/lwres/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/Makefile.in46
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/context.h136
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/int.h34
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/ipv6.h124
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/lang.h33
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/list.h121
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/lwbuffer.h406
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/lwpacket.h159
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/lwres.h579
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/netdb.h.in520
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/platform.h.in120
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/result.h42
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/stdlib.h40
-rw-r--r--contrib/bind9/lib/lwres/include/lwres/version.h28
-rw-r--r--contrib/bind9/lib/lwres/lwbuffer.c361
-rw-r--r--contrib/bind9/lib/lwres/lwconfig.c729
-rw-r--r--contrib/bind9/lib/lwres/lwinetaton.c205
-rw-r--r--contrib/bind9/lib/lwres/lwinetntop.c197
-rw-r--r--contrib/bind9/lib/lwres/lwinetpton.c214
-rw-r--r--contrib/bind9/lib/lwres/lwpacket.c129
-rw-r--r--contrib/bind9/lib/lwres/lwres_gabn.c505
-rw-r--r--contrib/bind9/lib/lwres/lwres_gnba.c415
-rw-r--r--contrib/bind9/lib/lwres/lwres_grbn.c426
-rw-r--r--contrib/bind9/lib/lwres/lwres_noop.c342
-rw-r--r--contrib/bind9/lib/lwres/lwresutil.c576
-rw-r--r--contrib/bind9/lib/lwres/man/Makefile.in232
-rw-r--r--contrib/bind9/lib/lwres/man/lwres.3165
-rw-r--r--contrib/bind9/lib/lwres/man/lwres.docbook266
-rw-r--r--contrib/bind9/lib/lwres/man/lwres.html218
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_buffer.3233
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_buffer.docbook394
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_buffer.html455
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_config.3106
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_config.docbook173
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_config.html156
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_context.3170
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_context.docbook262
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_context.html295
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gabn.3195
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gabn.docbook260
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gabn.html324
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gai_strerror.3129
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gai_strerror.docbook200
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gai_strerror.html124
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getaddrinfo.3246
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getaddrinfo.docbook387
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html322
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gethostent.3315
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gethostent.docbook439
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gethostent.html466
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getipnode.3206
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getipnode.docbook331
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getipnode.html279
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getnameinfo.3117
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getnameinfo.docbook205
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getnameinfo.html176
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.3164
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.docbook223
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html192
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gnba.3183
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gnba.docbook261
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_gnba.html316
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_hstrerror.399
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_hstrerror.docbook152
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_hstrerror.html104
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_inetntop.377
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_inetntop.docbook120
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_inetntop.html103
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_noop.3183
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_noop.docbook255
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_noop.html317
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_packet.3170
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_packet.docbook291
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_packet.html235
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_resutil.3170
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_resutil.docbook238
-rw-r--r--contrib/bind9/lib/lwres/man/lwres_resutil.html258
-rw-r--r--contrib/bind9/lib/lwres/print.c565
-rw-r--r--contrib/bind9/lib/lwres/print_p.h95
-rw-r--r--contrib/bind9/lib/lwres/strtoul.c135
-rw-r--r--contrib/bind9/lib/lwres/unix/Makefile.in25
-rw-r--r--contrib/bind9/lib/lwres/unix/include/Makefile.in25
-rw-r--r--contrib/bind9/lib/lwres/unix/include/lwres/Makefile.in34
-rw-r--r--contrib/bind9/lib/lwres/unix/include/lwres/net.h135
-rw-r--r--contrib/bind9/lib/lwres/version.c28
-rw-r--r--contrib/bind9/libtool.m4/libtool.m47982
-rw-r--r--contrib/bind9/libtool.m4/ltoptions.m4384
-rw-r--r--contrib/bind9/libtool.m4/ltsugar.m4123
-rw-r--r--contrib/bind9/libtool.m4/ltversion.m423
-rw-r--r--contrib/bind9/ltmain.sh9706
-rw-r--r--contrib/bind9/make/Makefile.in28
-rw-r--r--contrib/bind9/make/includes.in48
-rw-r--r--contrib/bind9/make/mkdep.in187
-rw-r--r--contrib/bind9/make/rules.in369
-rwxr-xr-xcontrib/bind9/mkinstalldirs40
-rw-r--r--contrib/bind9/version12
-rw-r--r--etc/Makefile20
-rw-r--r--etc/mtree/BIND.chroot.dist35
-rw-r--r--etc/mtree/BIND.include.dist22
-rw-r--r--etc/mtree/BSD.var.dist4
-rw-r--r--include/Makefile5
-rw-r--r--lib/Makefile5
-rw-r--r--lib/bind/Makefile5
-rw-r--r--lib/bind/bind9/Makefile31
-rw-r--r--lib/bind/config.h463
-rw-r--r--lib/bind/config.mk139
-rw-r--r--lib/bind/dns/Makefile159
-rw-r--r--lib/bind/dns/code.h1990
-rw-r--r--lib/bind/dns/dns/enumclass.h50
-rw-r--r--lib/bind/dns/dns/enumtype.h172
-rw-r--r--lib/bind/dns/dns/rdatastruct.h2391
-rw-r--r--lib/bind/isc/Makefile155
-rw-r--r--lib/bind/isc/backtrace-emptytbl.c36
-rw-r--r--lib/bind/isc/isc/platform.h404
-rw-r--r--lib/bind/isccc/Makefile43
-rw-r--r--lib/bind/isccfg/Makefile34
-rw-r--r--lib/bind/lwres/Makefile130
-rw-r--r--lib/bind/lwres/lwres/netdb.h522
-rw-r--r--lib/bind/lwres/lwres/platform.h122
-rw-r--r--release/Makefile3
-rw-r--r--share/doc/Makefile5
-rw-r--r--share/doc/bind9/Makefile32
-rw-r--r--share/mk/bsd.libnames.mk12
-rw-r--r--share/mk/bsd.own.mk34
-rw-r--r--tools/build/mk/OptionalObsoleteFiles.inc250
-rw-r--r--tools/build/options/WITHOUT_BIND_DNSSEC5
-rw-r--r--tools/build/options/WITHOUT_BIND_ETC3
-rw-r--r--tools/build/options/WITHOUT_BIND_LIBS_LWRES3
-rw-r--r--tools/build/options/WITHOUT_BIND_MTREE8
-rw-r--r--tools/build/options/WITHOUT_BIND_NAMED9
-rw-r--r--tools/build/options/WITHOUT_BIND_UTILS7
-rw-r--r--tools/build/options/WITH_BIND2
-rw-r--r--tools/build/options/WITH_BIND_IDN3
-rw-r--r--tools/build/options/WITH_BIND_LARGE_FILE2
-rw-r--r--tools/build/options/WITH_BIND_LIBS2
-rw-r--r--tools/build/options/WITH_BIND_SIGCHASE2
-rw-r--r--tools/build/options/WITH_BIND_XML3
-rw-r--r--usr.bin/Makefile7
-rw-r--r--usr.bin/host/Makefile28
-rw-r--r--usr.bin/nslookup/Makefile25
-rw-r--r--usr.bin/nsupdate/Makefile29
-rw-r--r--usr.sbin/Makefile23
-rw-r--r--usr.sbin/arpaname/Makefile24
-rw-r--r--usr.sbin/ddns-confgen/Makefile31
-rw-r--r--usr.sbin/dnssec-dsfromkey/Makefile24
-rw-r--r--usr.sbin/dnssec-keyfromlabel/Makefile24
-rw-r--r--usr.sbin/dnssec-keygen/Makefile24
-rw-r--r--usr.sbin/dnssec-revoke/Makefile24
-rw-r--r--usr.sbin/dnssec-settime/Makefile24
-rw-r--r--usr.sbin/dnssec-signzone/Makefile24
-rw-r--r--usr.sbin/dnssec-verify/Makefile25
-rw-r--r--usr.sbin/genrandom/Makefile24
-rw-r--r--usr.sbin/isc-hmac-fixup/Makefile24
-rw-r--r--usr.sbin/named-checkconf/Makefile27
-rw-r--r--usr.sbin/named-checkzone/Makefile28
-rw-r--r--usr.sbin/named-journalprint/Makefile24
-rw-r--r--usr.sbin/named/Makefile68
-rw-r--r--usr.sbin/nsec3hash/Makefile24
-rw-r--r--usr.sbin/rndc-confgen/Makefile31
-rw-r--r--usr.sbin/rndc/Makefile28
1104 files changed, 231 insertions, 487338 deletions
diff --git a/Makefile.inc1 b/Makefile.inc1
index 84208d9fb6cc..f6bbdbf9ad53 100644
--- a/Makefile.inc1
+++ b/Makefile.inc1
@@ -395,7 +395,7 @@ LIB32WMAKEFLAGS+= \
-DNO_LINT
LIB32WMAKE= ${LIB32WMAKEENV} ${MAKE} ${LIB32WMAKEFLAGS} \
- -DWITHOUT_BIND -DWITHOUT_MAN -DWITHOUT_INFO -DWITHOUT_HTML
+ -DWITHOUT_MAN -DWITHOUT_INFO -DWITHOUT_HTML
LIB32IMAKE= ${LIB32WMAKE:NINSTALL=*:NDESTDIR=*:N_LDSCRIPTROOT=*} -DNO_INCS \
${IMAKE_INSTALL}
.endif
@@ -485,10 +485,6 @@ _worldtmp:
mtree -deU -f ${.CURDIR}/etc/mtree/BSD.debug.dist \
-p ${WORLDTMP}/usr/lib >/dev/null
.endif
-.if ${MK_BIND_LIBS} != "no"
- mtree -deU -f ${.CURDIR}/etc/mtree/BIND.include.dist \
- -p ${WORLDTMP}/usr/include >/dev/null
-.endif
.for _mtree in ${LOCAL_MTREE}
mtree -deU -f ${.CURDIR}/${_mtree} -p ${WORLDTMP} > /dev/null
.endfor
diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc
index e093be4fabd5..f3eaa6961a15 100644
--- a/ObsoleteFiles.inc
+++ b/ObsoleteFiles.inc
@@ -38,6 +38,235 @@
# xargs -n1 | sort | uniq -d;
# done
+# 20130930: BIND removed from base
+OLD_FILES+=etc/namedb
+OLD_FILES+=etc/periodic/daily/470.status-named
+OLD_FILES+=usr/bin/dig
+OLD_FILES+=usr/bin/nslookup
+OLD_FILES+=usr/bin/nsupdate
+OLD_DIRS+=usr/include/lwres
+OLD_FILES+=usr/include/lwres/context.h
+OLD_FILES+=usr/include/lwres/int.h
+OLD_FILES+=usr/include/lwres/ipv6.h
+OLD_FILES+=usr/include/lwres/lang.h
+OLD_FILES+=usr/include/lwres/list.h
+OLD_FILES+=usr/include/lwres/lwbuffer.h
+OLD_FILES+=usr/include/lwres/lwpacket.h
+OLD_FILES+=usr/include/lwres/lwres.h
+OLD_FILES+=usr/include/lwres/net.h
+OLD_FILES+=usr/include/lwres/netdb.h
+OLD_FILES+=usr/include/lwres/platform.h
+OLD_FILES+=usr/include/lwres/result.h
+OLD_FILES+=usr/include/lwres/version.h
+OLD_FILES+=usr/lib/liblwres.a
+OLD_FILES+=usr/lib/liblwres.so
+OLD_LIBS+=usr/lib/liblwres.so.50
+OLD_FILES+=usr/lib/liblwres_p.a
+OLD_FILES+=usr/sbin/arpaname
+OLD_FILES+=usr/sbin/ddns-confgen
+OLD_FILES+=usr/sbin/dnssec-dsfromkey
+OLD_FILES+=usr/sbin/dnssec-keyfromlabel
+OLD_FILES+=usr/sbin/dnssec-keygen
+OLD_FILES+=usr/sbin/dnssec-revoke
+OLD_FILES+=usr/sbin/dnssec-settime
+OLD_FILES+=usr/sbin/dnssec-signzone
+OLD_FILES+=usr/sbin/genrandom
+OLD_FILES+=usr/sbin/isc-hmac-fixup
+OLD_FILES+=usr/sbin/lwresd
+OLD_FILES+=usr/sbin/named
+OLD_FILES+=usr/sbin/named-checkconf
+OLD_FILES+=usr/sbin/named-checkzone
+OLD_FILES+=usr/sbin/named-compilezone
+OLD_FILES+=usr/sbin/named-journalprint
+OLD_FILES+=usr/sbin/named.reconfig
+OLD_FILES+=usr/sbin/named.reload
+OLD_FILES+=usr/sbin/nsec3hash
+OLD_FILES+=usr/sbin/rndc
+OLD_FILES+=usr/sbin/rndc-confgen
+OLD_DIRS+=usr/share/doc/bind9
+OLD_FILES+=usr/share/doc/bind9/CHANGES
+OLD_FILES+=usr/share/doc/bind9/COPYRIGHT
+OLD_FILES+=usr/share/doc/bind9/FAQ
+OLD_FILES+=usr/share/doc/bind9/HISTORY
+OLD_FILES+=usr/share/doc/bind9/README
+OLD_DIRS+=usr/share/doc/bind9/arm
+OLD_FILES+=usr/share/doc/bind9/arm/Bv9ARM.ch01.html
+OLD_FILES+=usr/share/doc/bind9/arm/Bv9ARM.ch02.html
+OLD_FILES+=usr/share/doc/bind9/arm/Bv9ARM.ch03.html
+OLD_FILES+=usr/share/doc/bind9/arm/Bv9ARM.ch04.html
+OLD_FILES+=usr/share/doc/bind9/arm/Bv9ARM.ch05.html
+OLD_FILES+=usr/share/doc/bind9/arm/Bv9ARM.ch06.html
+OLD_FILES+=usr/share/doc/bind9/arm/Bv9ARM.ch07.html
+OLD_FILES+=usr/share/doc/bind9/arm/Bv9ARM.ch08.html
+OLD_FILES+=usr/share/doc/bind9/arm/Bv9ARM.ch09.html
+OLD_FILES+=usr/share/doc/bind9/arm/Bv9ARM.ch10.html
+OLD_FILES+=usr/share/doc/bind9/arm/Bv9ARM.html
+OLD_FILES+=usr/share/doc/bind9/arm/Bv9ARM.pdf
+OLD_FILES+=usr/share/doc/bind9/arm/man.arpaname.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.ddns-confgen.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.dig.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.dnssec-dsfromkey.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.dnssec-keyfromlabel.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.dnssec-keygen.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.dnssec-revoke.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.dnssec-settime.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.dnssec-signzone.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.dnssec-verify.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.genrandom.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.host.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.isc-hmac-fixup.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.named-checkconf.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.named-checkzone.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.named-journalprint.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.named.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.nsec3hash.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.nsupdate.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.rndc-confgen.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.rndc.conf.html
+OLD_FILES+=usr/share/doc/bind9/arm/man.rndc.html
+OLD_DIRS+=usr/share/doc/bind9/misc
+OLD_FILES+=usr/share/doc/bind9/misc/dnssec
+OLD_FILES+=usr/share/doc/bind9/misc/format-options.pl
+OLD_FILES+=usr/share/doc/bind9/misc/ipv6
+OLD_FILES+=usr/share/doc/bind9/misc/migration
+OLD_FILES+=usr/share/doc/bind9/misc/migration-4to9
+OLD_FILES+=usr/share/doc/bind9/misc/options
+OLD_FILES+=usr/share/doc/bind9/misc/rfc-compliance
+OLD_FILES+=usr/share/doc/bind9/misc/roadmap
+OLD_FILES+=usr/share/doc/bind9/misc/sdb
+OLD_FILES+=usr/share/doc/bind9/misc/sort-options.pl
+OLD_FILES+=usr/share/man/man1/arpaname.1.gz
+OLD_FILES+=usr/share/man/man1/dig.1.gz
+OLD_FILES+=usr/share/man/man1/nslookup.1.gz
+OLD_FILES+=usr/share/man/man1/nsupdate.1.gz
+OLD_FILES+=usr/share/man/man3/lwres.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_addr_parse.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_buffer.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_buffer_add.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_buffer_back.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_buffer_clear.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_buffer_first.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_buffer_forward.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_buffer_getmem.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_buffer_getuint16.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_buffer_getuint32.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_buffer_getuint8.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_buffer_init.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_buffer_invalidate.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_buffer_putmem.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_buffer_putuint16.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_buffer_putuint32.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_buffer_putuint8.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_buffer_subtract.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_conf_clear.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_conf_get.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_conf_init.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_conf_parse.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_conf_print.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_config.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_context.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_context_allocmem.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_context_create.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_context_destroy.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_context_freemem.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_context_initserial.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_context_nextserial.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_context_sendrecv.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_endhostent.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_endhostent_r.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_freeaddrinfo.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_freehostent.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gabn.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gabnrequest_free.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gabnrequest_parse.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gabnrequest_render.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gabnresponse_free.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gabnresponse_parse.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gabnresponse_render.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gai_strerror.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_getaddrinfo.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_getaddrsbyname.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gethostbyaddr.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gethostbyaddr_r.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gethostbyname.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gethostbyname2.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gethostbyname_r.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gethostent.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gethostent_r.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_getipnode.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_getipnodebyaddr.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_getipnodebyname.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_getnamebyaddr.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_getnameinfo.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_getrrsetbyname.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gnba.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gnbarequest_free.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gnbarequest_parse.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gnbarequest_render.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gnbaresponse_free.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gnbaresponse_parse.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_gnbaresponse_render.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_herror.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_hstrerror.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_inetntop.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_lwpacket_parseheader.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_lwpacket_renderheader.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_net_ntop.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_noop.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_nooprequest_free.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_nooprequest_parse.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_nooprequest_render.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_noopresponse_free.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_noopresponse_parse.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_noopresponse_render.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_packet.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_resutil.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_sethostent.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_sethostent_r.3.gz
+OLD_FILES+=usr/share/man/man3/lwres_string_parse.3.gz
+OLD_FILES+=usr/share/man/man5/named.conf.5.gz
+OLD_FILES+=usr/share/man/man5/rndc.conf.5.gz
+OLD_FILES+=usr/share/man/man8/ddns-confgen.8.gz
+OLD_FILES+=usr/share/man/man8/dnssec-dsfromkey.8.gz
+OLD_FILES+=usr/share/man/man8/dnssec-keyfromlabel.8.gz
+OLD_FILES+=usr/share/man/man8/dnssec-keygen.8.gz
+OLD_FILES+=usr/share/man/man8/dnssec-revoke.8.gz
+OLD_FILES+=usr/share/man/man8/dnssec-settime.8.gz
+OLD_FILES+=usr/share/man/man8/dnssec-signzone.8.gz
+OLD_FILES+=usr/share/man/man8/genrandom.8.gz
+OLD_FILES+=usr/share/man/man8/isc-hmac-fixup.8.gz
+OLD_FILES+=usr/share/man/man8/lwresd.8.gz
+OLD_FILES+=usr/share/man/man8/named-checkconf.8.gz
+OLD_FILES+=usr/share/man/man8/named-checkzone.8.gz
+OLD_FILES+=usr/share/man/man8/named-compilezone.8.gz
+OLD_FILES+=usr/share/man/man8/named-journalprint.8.gz
+OLD_FILES+=usr/share/man/man8/named.8.gz
+OLD_FILES+=usr/share/man/man8/named.reconfig.8.gz
+OLD_FILES+=usr/share/man/man8/named.reload.8.gz
+OLD_FILES+=usr/share/man/man8/nsec3hash.8.gz
+OLD_FILES+=usr/share/man/man8/rndc-confgen.8.gz
+OLD_FILES+=usr/share/man/man8/rndc.8.gz
+OLD_DIRS+=var/named/dev
+OLD_DIRS+=var/named/etc
+OLD_DIRS+=var/named/etc/namedb
+OLD_FILES+=var/named/etc/namedb/PROTO.localhost-v6.rev
+OLD_FILES+=var/named/etc/namedb/PROTO.localhost.rev
+OLD_DIRS+=var/named/etc/namedb/dynamic
+OLD_FILES+=var/named/etc/namedb/make-localhost
+OLD_DIRS+=var/named/etc/namedb/master
+OLD_FILES+=var/named/etc/namedb/master/empty.db
+OLD_FILES+=var/named/etc/namedb/master/localhost-forward.db
+OLD_FILES+=var/named/etc/namedb/master/localhost-reverse.db
+#OLD_FILES+=var/named/etc/namedb/named.conf # intentionally left out
+OLD_FILES+=var/named/etc/namedb/named.root
+OLD_DIRS+=var/named/etc/namedb/slave
+OLD_DIRS+=var/named/var
+OLD_DIRS+=var/named/var/dump
+OLD_DIRS+=var/named/var/log
+OLD_DIRS+=var/named/var/run
+OLD_DIRS+=var/named/var/run/named
+OLD_DIRS+=var/named/var/stats
+OLD_DIRS+=var/run/named
# 20130908: libssh becomes private
OLD_FILES+=usr/lib/libssh.a
OLD_FILES+=usr/lib/libssh.so
diff --git a/contrib/bind9/CHANGES b/contrib/bind9/CHANGES
deleted file mode 100644
index 4e3152fd0bb7..000000000000
--- a/contrib/bind9/CHANGES
+++ /dev/null
@@ -1,11412 +0,0 @@
- --- 9.9.3-P2 released ---
-
-3621. [security] Incorrect bounds checking on private type 'keydata'
- can lead to a remotely triggerable REQUIRE failure
- (CVE-2013-4854). [RT #34238]
-
- --- 9.9.3-P1 released ---
-
-3584. [security] Caching data from an incompletely signed zone could
- trigger an assertion failure in resolver.c [RT #33690]
-
- --- 9.9.3 released ---
-
-3568. [cleanup] Add a product description line to the version file,
- to be reported by named -v/-V. [RT #33366]
-
-3567. [bug] Silence clang static analyzer warnings. [RT #33365]
-
-3563. [contrib] zone2sqlite failed with some table names. [RT #33375]
-
-3561. [bug] dig: issue a warning if an EDNS query returns FORMERR
- or NOTIMP. Adjust usage message. [RT #33363]
-
- --- 9.9.3rc2 released ---
-
-3560. [bug] isc-config.sh did not honor includedir and libdir
- when set via configure. [RT #33345]
-
-3559. [func] Check that both forms of Sender Policy Framework
- records exist or do not exist. [RT #33355]
-
-3558. [bug] IXFR of a DLZ stored zone was broken. [RT #33331]
-
-3557. [bug] Reloading redirect zones was broken. [RT #33292]
-
-3556. [maint] Added AAAA for D.ROOT-SERVERS.NET.
-
-3555. [bug] Address theoretical race conditions in acache.c
- (change #3553 was incomplete). [RT #33252]
-
-3553. [bug] Address suspected double free in acache. [RT #33252]
-
-3552. [bug] Wrong getopt option string for 'nsupdate -r'.
- [RT #33280]
-
-3549. [doc] Documentation for "request-nsid" was missing.
- [RT #33153]
-
-3548. [bug] The NSID request code in resolver.c was broken
- resulting in invalid EDNS options being sent.
- [RT #33153]
-
-3547. [bug] Some malformed unknown rdata records were not properly
- detected and rejected. [RT #33129]
-
- --- 9.9.3rc1 released ---
-
-3546. [func] Add EUI48 and EUI64 types. [RT #33082]
-
-3544. [contrib] check5011.pl: Script to report the status of
- managed keys as recorded in managed-keys.bind.
- Contributed by Tony Finch <dot@dotat.at>
-
-3543. [bug] Update socket structure before attaching to socket
- manager after accept. [RT #33084]
-
-3541. [bug] Parts of libdns were not properly initialized when
- built in libexport mode. [RT #33028]
-
-3540. [test] libt_api: t_info and t_assert were not thread safe.
-
-3539. [port] win32: timestamp format didn't match other platforms.
-
-3538. [test] Running "make test" now requires loopback interfaces
- to be set up. [RT #32452]
-
-3537. [tuning] Slave zones, when updated, now send NOTIFY messages
- to peers before being dumped to disk rather than
- after. [RT #27242]
-
-3535. [bug] Minor win32 cleanups. [RT #32962]
-
-3534. [bug] Extra text after an embedded NULL was ignored when
- parsing zone files. [RT #32699]
-
-3533. [contrib] query-loc-0.4.0: memory leaks. [RT #32960]
-
-3532. [contrib] zkt: fixed buffer overrun, resource leaks. [RT #32960]
-
-3531. [bug] win32: A uninitialized value could be returned on out
- of memory. [RT #32960]
-
-3530. [contrib] Better RTT tracking in queryperf. [RT #30128]
-
-3528. [func] New "dnssec-coverage" command scans the timing
- metadata for a set of DNSSEC keys and reports if a
- lapse in signing coverage has been scheduled
- inadvertently. (Note: This tool depends on python;
- it will not be built or installed on systems that
- do not have a python interpreter.) [RT #28098]
-
-3527. [compat] Add a URI to allow applications to explicitly
- request a particular XML schema from the statistics
- channel, returning 404 if not supported. [RT #32481]
-
-3526. [cleanup] Set up dependencies for unit tests correctly during
- build. [RT #32803]
-
-3521. [bug] Address memory leak in opensslecdsa_link.c. [RT #32249]
-
-3520. [bug] 'mctx' was not being referenced counted in some places
- where it should have been. [RT #32794]
-
- --- 9.9.3b2 released ---
-
-3517. [bug] Reorder destruction to avoid shutdown race. [RT #32777]
-
-3515. [port] '%T' is not portable in strftime(). [RT #32763]
-
-3514. [bug] The ranges for valid key sizes in ddns-confgen and
- rndc-confgen were too constrained. Keys up to 512
- bits are now allowed for most algorithms, and up
- to 1024 bits for hmac-sha384 and hmac-sha512.
- [RT #32753]
-
-3511. [doc] Improve documentation of redirect zones. [RT #32756]
-
-3509. [cleanup] Added a product line to version file to allow for
- easy naming of different products (BIND
- vs BIND ESV, for example). [RT #32755]
-
-3508. [contrib] queryperf was incorrectly rejecting the -T option.
- [RT #32338]
-
-3507. [bug] Statistics channel XSL (when built with
- --enable-newstats) had a glitch when attempting
- to chart query data before any queries had been
- received. [RT #32620]
-
-3505. [bug] When setting "max-cache-size" and "max-acache-size",
- larger values than 4 gigabytes could not be set
- explicitly, though larger sizes were available
- when setting cache size to 0. This has been
- corrected; the full range is now available.
- [RT #32358]
-
-3503. [doc] Clarify size_spec syntax. [RT #32449]
-
-3501. [func] zone-statistics now takes three options: full,
- terse, and none. "yes" and "no" are retained as
- synonyms for full and terse, respectively. [RT #29165]
-
-3500. [security] Support NAPTR regular expression validation on
- all platforms without using libregex, which
- can be vulnerable to memory exhaustion attack
- (CVE-2013-2266). [RT #32688]
-
-3499. [doc] Corrected ARM documentation of built-in zones.
- [RT #32694]
-
-3498. [bug] zone statistics for zones which matched a potential
- empty zone could have their zone-statistics setting
- overridden.
-
-3496. [func] Improvements to RPZ performance. The "response-policy"
- syntax now includes a "min-ns-dots" clause, with
- default 1, to exclude top-level domains from
- NSIP and NSDNAME checking. --enable-rpz-nsip and
- --enable-rpz-nsdname are now the default. [RT #32251]
-
-3493. [contrib] Added BDBHPT dynamically-lodable DLZ module,
- contributed by Mark Goldfinch. [RT #32549]
-
-3492. [bug] Fixed a regression in zone loading performance
- due to lock contention. [RT #30399]
-
-3491. [bug] Slave zones using inline-signing must specify a
- file name. [RT #31946]
-
-3489. [bug] --enable-developer now turns on ISC_LIST_CHECKINIT.
- When cloning a rdataset do not copy the link contents.
- [RT #32651]
-
-3488. [bug] Use after free error with DH generated keys. [RT #32649]
-
-3487. [bug] Change 3444 was not complete. There was a additional
- place where the NOQNAME proof needed to be saved.
- [RT #32629]
-
-3486. [bug] named could crash when using TKEY-negotiated keys
- that had been deleted and then recreated. [RT #32506]
-
-3485. [cleanup] Only compile openssl_gostlink.c if we support GOST.
-
-3483. [bug] Corrected XSL code in use with --enable-newstats.
- [RT #32587]
-
-3481. [cleanup] Removed use of const const in atf.
-
-3480. [bug] Silence logging noise when setting up zone
- statistics. [RT #32525]
-
-3479. [bug] Address potential memory leaks in gssapi support
- code. [RT #32405]
-
-3478. [port] Fix a build failure in strict C99 environments
- [RT #32475]
-
-3474. [bug] nsupdate could assert when the local and remote
- address families didn't match. [RT #22897]
-
-3473. [bug] dnssec-signzone/verify could incorrectly report
- an error condition due to an empty node above an
- opt-out delegation lacking an NSEC3. [RT #32072]
-
-3471. [bug] The number of UDP dispatches now defaults to
- the number of CPUs even if -n has been set to
- a higher value. [RT #30964]
-
-3470. [bug] Slave zones could fail to dump when successfully
- refreshing after an initial failure. [RT #31276]
-
- --- 9.9.3b1 released ---
-
-3468. [security] RPZ rules to generate A records (but not AAAA records)
- could trigger an assertion failure when used in
- conjunction with DNS64 (CVE-2012-5689). [RT #32141]
-
-3467. [bug] Added checks in dnssec-keygen and dnssec-settime
- to check for delete date < inactive date. [RT #31719]
-
-3466. [contrib] Corrected the DNS_CLIENTINFOMETHODS_VERSION check
- in DLZ example driver. [RT #32275]
-
-3465. [bug] Handle isolated reserved ports. [RT #31778]
-
-3464. [maint] Updates to PKCS#11 openssl patches, supporting
- versions 0.9.8x, 1.0.0j, 1.0.1c [RT #29749]
-
-3463. [doc] Clarify managed-keys syntax in ARM. [RT #32232]
-
-3462. [doc] Clarify server selection behavior of dig when using
- -4 or -6 options. [RT #32181]
-
-3461. [bug] Negative responses could incorrectly have AD=1
- set. [RT #32237]
-
-3460. [bug] Only link against readline where needed. [RT #29810]
-
-3458. [bug] Return FORMERR when presented with a overly long
- domain named in a request. [RT #29682]
-
-3457. [protocol] Add ILNP records (NID, LP, L32, L64). [RT #31836]
-
-3456. [port] g++47: ATF failed to compile. [RT #32012]
-
-3455. [contrib] queryperf: fix getopt option list. [RT #32338]
-
-3454. [port] sparc64: improve atomic support. [RT #25182]
-
-3453. [bug] 'rndc addzone' of a zone with 'inline-signing yes;'
- failed. [RT #31960]
-
-3452. [bug] Accept duplicate singleton records. [RT #32329]
-
-3451. [port] Increase per thread stack size from 64K to 1M.
- [RT #32230]
-
-3450. [bug] Stop logfileconfig system test spam system logs.
- [RT #32315]
-
-3449. [bug] gen.c: use the pre-processor to construct format
- strings so that compiler can perform sanity checks;
- check the snprintf results. [RT #17576]
-
-3448. [bug] The allow-query-on ACL was not processed correctly.
- [RT #29486]
-
-3447. [port] Add support for libxml2-2.9.x [RT #32231]
-
-3446. [port] win32: Add source ID (see change #3400) to build.
- [RT #31683]
-
-3445. [bug] Warn about zone files with blank owner names
- immediately after $ORIGIN directives. [RT #31848]
-
-3444. [bug] The NOQNAME proof was not being returned from cached
- insecure responses. [RT #21409]
-
-3443. [bug] ddns-confgen: Some TSIG algorithms were incorrectly
- rejected when generating keys. [RT #31927]
-
-3442. [port] Net::DNS 0.69 introduced a non backwards compatible
- change. [RT #32216]
-
-3441. [maint] D.ROOT-SERVERS.NET is now 199.7.91.13.
-
-3440. [bug] Reorder get_key_struct to not trigger a assertion when
- cleaning up due to out of memory error. [RT #32131]
-
-3439. [bug] contrib/dlz error checking fixes. [RT #32102]
-
-3438. [bug] Don't accept unknown data escape in quotes. [RT #32031]
-
-3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialize
- buffers with constant data. [RT #32064]
-
-3436. [bug] Check malloc/calloc return values. [RT #32088]
-
-3435. [bug] Cross compilation support in configure was broken.
- [RT #32078]
-
-3431. [bug] ddns-confgen: Some valid key algorithms were
- not accepted. [RT #31927]
-
-3430. [bug] win32: isc_time_formatISO8601 was missing the
- 'T' between the date and time. [RT #32044]
-
-3429. [bug] dns_zone_getserial2 could a return success without
- returning a valid serial. [RT #32007]
-
-3428. [cleanup] dig: Add timezone to date output. [RT #2269]
-
-3427. [bug] dig +trace incorrectly displayed name server
- addresses instead of names. [RT #31641]
-
-3426. [bug] dnssec-checkds: Clearer output when records are not
- found. [RT #31968]
-
-3425. [bug] "acacheentry" reference counting was broken resulting
- in use after free. [RT #31908]
-
-3424. [func] dnssec-dsfromkey now emits the hash without spaces.
- [RT #31951]
-
-3423. [bug] "rndc signing -nsec3param" didn't accept the full
- range of possible values. Address portability issues.
- [RT #31938]
-
-3422. [bug] Added a clear error message for when the SOA does not
- match the referral. [RT #31281]
-
-3421. [bug] Named loops when re-signing if all keys are offline.
- [RT #31916]
-
-3420. [bug] Address VPATH compilation issues. [RT #31879]
-
-3419. [bug] Memory leak on validation cancel. [RT #31869]
-
-3417. [func] Optional new XML schema (version 3.0) for the
- statistics channel adds query type statistics at the
- zone level, and flattens the XML tree and uses
- compressed format to optimize parsing. Includes new XSL
- that permits charting via the Google Charts API on
- browsers that support javascript in XSL. To enable,
- build with "configure --enable-newstats". [RT #30023]
-
-3416. [bug] Named could die on shutdown if running with 128 UDP
- dispatches per interface. [RT #31743]
-
-3415. [bug] named could die with a REQUIRE failure if a validation
- was canceled. [RT #31804]
-
-3414. [bug] Address locking issues found by Coverity. [RT #31626]
-
-3412. [bug] Copy timeval structure from control message data.
- [RT #31548]
-
-3411. [tuning] Use IPV6_USE_MIN_MTU or equivalent with TCP in addition
- to UDP. [RT #31690]
-
-3410. [bug] Addressed Coverity warnings. [RT #31626]
-
-3409. [contrib] contrib/dane/mkdane.sh: Tool to generate TLSA RR's
- from X.509 certificates, for use with DANE
- (DNS-based Authentication of Named Entities).
- [RT #30513]
-
-3408. [bug] Some DNSSEC-related options (update-check-ksk,
- dnssec-loadkeys-interval, dnssec-dnskey-kskonly)
- are now legal in slave zones as long as
- inline-signing is in use. [RT #31078]
-
-3406. [bug] mem.c: Fix compilation errors when building with
- ISC_MEM_TRACKLINES or ISC_MEMPOOL_NAMES disabled.
- Also, ISC_MEM_DEBUG is no longer optional. [RT #31559]
-
-3405. [bug] Handle time going backwards in acache. [RT #31253]
-
-3404. [bug] dnssec-signzone: When re-signing a zone, remove
- RRSIG and NSEC records from nodes that used to be
- in-zone but are now below a zone cut. [RT #31556]
-
-3403. [bug] Silence noisy OpenSSL logging. [RT #31497]
-
-3402. [test] The IPv6 interface numbers used for system
- tests were incorrect on some platforms. [RT #25085]
-
-3401. [bug] Addressed Coverity warnings. [RT #31484]
-
-3400. [cleanup] "named -V" can now report a source ID string, defined
- in the "srcid" file in the build tree and normally set
- to the most recent git hash. [RT #31494]
-
-3399. [port] netbsd: rename 'bool' parameter to avoid namespace
- clash. [RT #31515]
-
-3398. [bug] SOA parameters were not being updated with inline
- signed zones if the zone was modified while the
- server was offline. [RT #29272]
-
-3397. [bug] dig crashed when using +nssearch with +tcp. [RT #25298]
-
-3396. [bug] OPT records were incorrectly removed from signed,
- truncated responses. [RT #31439]
-
-3395. [protocol] Add RFC 6598 reverse zones to built in empty zones
- list, 64.100.IN-ADDR.ARPA ... 127.100.IN-ADDR.ARPA.
- [RT #31336]
-
-3394. [bug] Adjust 'successfully validated after lower casing
- signer' log level and category. [RT #31414]
-
-3393. [bug] 'host -C' could core dump if REFUSED was received.
- [RT #31381]
-
-3391. [bug] A DNSKEY lookup that encountered a CNAME failed.
- [RT #31262]
-
-3390. [bug] Silence clang compiler warnings. [RT #30417]
-
-3389. [bug] Always return NOERROR (not 0) in TSIG. [RT #31275]
-
-3388. [bug] Fixed several Coverity warnings.
- Note: This change includes a fix for a bug that
- was subsequently determined to be an exploitable
- security vulnerability, CVE-2012-5688: named could
- die on specific queries with dns64 enabled.
- [RT #30996]
-
-3386. [bug] Address locking violation when generating new NSEC /
- NSEC3 chains. [RT #31224]
-
-3385. [bug] named-checkconf didn't detect missing master lists
- in also-notify clauses. [RT #30810]
-
-3384. [bug] Improved logging of crypto errors. [RT #30963]
-
-3382. [bug] SOA query from slave used use-v6-udp-ports range,
- if set, regardless of the address family in use.
- [RT #24173]
-
-3381. [contrib] Update queryperf to support more RR types.
- [RT #30762]
-
-3380. [bug] named could die if a nonexistent master list was
- referenced in a also-notify. [RT #31004]
-
-3379. [bug] isc_interval_zero and isc_time_epoch should be
- "const (type)* const". [RT #31069]
-
-3378. [bug] Handle missing 'managed-keys-directory' better.
- [RT #30625]
-
-3377. [bug] Removed spurious newline from NSEC3 multiline
- output. [RT #31044]
-
-3376. [bug] Lack of EDNS support was being recorded without a
- successful response. [RT #30811]
-
-3375. [func] Check that 'rndc dumpdb' works on a empty cache.
- [RT #30808]
-
-3374. [bug] isc_parse_uint32 failed to return a range error on
- systems with 64 bit longs. [RT #30232]
-
-3372. [bug] Silence spurious "deleted from unreachable cache"
- messages. [RT #30501]
-
-3371. [bug] AD=1 should behave like DO=1 when deciding whether to
- add NS RRsets to the additional section or not.
- [RT #30479]
-
-3316. [tuning] Improved locking performance when recursing.
- [RT #28836]
-
-3315. [tuning] Use multiple dispatch objects for sending upstream
- queries; this can improve performance on busy
- multiprocessor systems by reducing lock contention.
- [RT #28605]
-
- --- 9.9.2 released ---
-
-3383. [security] A certain combination of records in the RBT could
- cause named to hang while populating the additional
- section of a response. [RT #31090]
-
-3373. [bug] win32: open raw files in binary mode. [RT #30944]
-
-3364. [security] Named could die on specially crafted record.
- [RT #30416]
-
- --- 9.9.2rc1 released ---
-
-3370. [bug] Address use after free while shutting down. [RT #30241]
-
-3369. [bug] nsupdate terminated unexpectedly in interactive mode
- if built with readline support. [RT #29550]
-
-3368. [bug] <dns/iptable.h>, <dns/private.h> and <dns/zone.h>
- were not C++ safe.
-
-3367. [bug] dns_dnsseckey_create() result was not being checked.
- [RT #30685]
-
-3366. [bug] Fixed Read-After-Write dependency violation for IA64
- atomic operations. [RT #25181]
-
-3365. [bug] Removed spurious newlines from log messages in
- zone.c [RT #30675]
-
-3363. [bug] Need to allow "forward" and "fowarders" options
- in static-stub zones; this had been overlooked.
- [RT #30482]
-
-3362. [bug] Setting some option values to 0 in named.conf
- could trigger an assertion failure on startup.
- [RT #27730]
-
-3361. [bug] "rndc signing -nsec3param" didn't work correctly
- when salt was set to '-' (no salt). [RT #30099]
-
-3360. [bug] 'host -w' could die. [RT #18723]
-
-3359. [bug] An improperly-formed TSIG secret could cause a
- memory leak. [RT #30607]
-
-3357. [port] Add support for libxml2-2.8.x [RT #30440]
-
-3356. [bug] Cap the TTL of signed RRsets when RRSIGs are
- approaching their expiry, so they don't remain
- in caches after expiry. [RT #26429]
-
-3355. [port] Use more portable awk in verify system test.
-
-3354. [func] Improve OpenSSL error logging. [RT #29932]
-
- --- 9.9.2b1 released ---
-
-3353. [bug] Use a single task for task exclusive operations.
- [RT #29872]
-
-3352. [bug] Ensure that learned server attributes timeout of the
- adb cache. [RT #29856]
-
-3351. [bug] isc_mem_put and isc_mem_putanddetach didn't report
- caller if either ISC_MEM_DEBUGSIZE or ISC_MEM_DEBUGCTX
- memory debugging flags are set. [RT #30243]
-
-3350. [bug] Memory read overrun in isc___mem_reallocate if
- ISC_MEM_DEBUGCTX memory debugging flag is set.
- [RT #30240]
-
-3349. [bug] Change #3345 was incomplete. [RT #30233]
-
-3348. [bug] Prevent RRSIG data from being cached if a negative
- record matching the covering type exists at a higher
- trust level. Such data already can't be retrieved from
- the cache since change 3218 -- this prevents it
- being inserted into the cache as well. [RT #26809]
-
-3347. [bug] dnssec-settime: Issue a warning when writing a new
- private key file would cause a change in the
- permissions of the existing file. [RT #27724]
-
-3346. [security] Bad-cache data could be used before it was
- initialized, causing an assert. [RT #30025]
-
-3345. [bug] Addressed race condition when removing the last item
- or inserting the first item in an ISC_QUEUE.
- [RT #29539]
-
-3344. [func] New "dnssec-checkds" command checks a zone to
- determine which DS records should be published
- in the parent zone, or which DLV records should be
- published in a DLV zone, and queries the DNS to
- ensure that it exists. (Note: This tool depends
- on python; it will not be built or installed on
- systems that do not have a python interpreter.)
- [RT #28099]
-
-3342. [bug] Change #3314 broke saving of stub zones to disk
- resulting in excessive cpu usage in some cases.
- [RT #29952]
-
-3341. [func] New "dnssec-verify" command checks a signed zone
- to ensure correctness of signatures and of NSEC/NSEC3
- chains. [RT #23673]
-
-3339. [func] Allow the maximum supported rsa exponent size to be
- specified: "max-rsa-exponent-size <value>;" [RT #29228]
-
-3338. [bug] Address race condition in units tests: asyncload_zone
- and asyncload_zt. [RT #26100]
-
-3337. [bug] Change #3294 broke support for the multiple keys
- in controls. [RT #29694]
-
-3335. [func] nslookup: return a nonzero exit code when unable
- to get an answer. [RT #29492]
-
-3334. [bug] Hold a zone table reference while performing a
- asynchronous load of a zone. [RT #28326]
-
-3333. [bug] Setting resolver-query-timeout too low can cause
- named to not recover if it loses connectivity.
- [RT #29623]
-
-3332. [bug] Re-use cached DS rrsets if possible. [RT #29446]
-
-3331. [security] dns_rdataslab_fromrdataset could produce bad
- rdataslabs. [RT #29644]
-
-3330. [func] Fix missing signatures on NOERROR results despite
- RPZ rewriting. Also
- - add optional "recursive-only yes|no" to the
- response-policy statement
- - add optional "max-policy-ttl" to the response-policy
- statement to limit the false data that
- "recursive-only no" can introduce into
- resolvers' caches
- - add a RPZ performance test to bin/tests/system/rpz
- when queryperf is available.
- - the encoding of PASSTHRU action to "rpz-passthru".
- (The old encoding is still accepted.)
- [RT #26172]
-
-
-3329. [bug] Handle RRSIG signer-name case consistently: We
- generate RRSIG records with the signer-name in
- lower case. We accept them with any case, but if
- they fail to validate, we try again in lower case.
- [RT #27451]
-
-3328. [bug] Fixed inconsistent data checking in dst_parse.c.
- [RT #29401]
-
-3317. [func] Add ECDSA support (RFC 6605). [RT #21918]
-
- --- 9.9.1 released ---
-
-3318. [tuning] Reduce the amount of work performed while holding a
- bucket lock when finished with a fetch context.
- [RT #29239]
-
-3314. [bug] The masters list could be updated while stub_callback
- or refresh_callback were using it. [RT #26732]
-
-3313. [protocol] Add TLSA record type. [RT #28989]
-
-3312. [bug] named-checkconf didn't detect a bad dns64 clients acl.
- [RT #27631]
-
-3311. [bug] Abort the zone dump if zone->db is NULL in
- zone.c:zone_gotwritehandle. [RT #29028]
-
-3310. [test] Increase table size for mutex profiling. [RT #28809]
-
-3309. [bug] resolver.c:fctx_finddone() was not thread safe.
- [RT #27995]
-
-3307. [bug] Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS.
- [RT #28956]
-
-3306. [bug] Improve DNS64 reverse zone performance. [RT #28563]
-
-3305. [func] Add wire format lookup method to sdb. [RT #28563]
-
-3304. [bug] Use hmctx, not mctx when freeing rbtdb->heaps.
- [RT #28571]
-
-3303. [bug] named could die when reloading. [RT #28606]
-
-3302. [bug] dns_dnssec_findmatchingkeys could fail to find
- keys if the zone name contained character that
- required special mappings. [RT #28600]
-
-3301. [contrib] Update queryperf to build on darwin. Add -R flag
- for non-recursive queries. [RT #28565]
-
-3300. [bug] Named could die if gssapi was enabled in named.conf
- but was not compiled in. [RT #28338]
-
-3299. [bug] Make SDB handle errors from database drivers better.
- [RT #28534]
-
-3298. [bug] Named could dereference a NULL pointer in
- zmgr_start_xfrin_ifquota if the zone was being removed.
- [RT #28419]
-
-3297. [bug] Named could die on a malformed master file. [RT #28467]
-
-3296. [bug] Named could die with a INSIST failure in
- client.c:exit_check. [RT #28346]
-
-3295. [bug] Adjust isc_time_secondsastimet range check to be more
- portable. [RT # 26542]
-
-3294. [bug] isccc/cc.c:table_fromwire failed to free alist on
- error. [RT #28265]
-
-3291. [port] Fixed a build error on systems without ENOTSUP.
- [RT #28200]
-
-3290. [bug] <isc/hmacsha.h> was not being installed. [RT #28169]
-
-3273. [bug] AAAA responses could be returned in the additional
- section even when filter-aaaa-on-v4 was in use.
- [RT #27292]
-
- --- 9.9.0 released ---
-
- --- 9.9.0rc4 released ---
-
-3289. [bug] 'rndc retransfer' failed for inline zones. [RT #28036]
-
-3288. [bug] dlz_destroy() function wasn't correctly registered
- by the DLZ dlopen driver. [RT #28056]
-
-3287. [port] Update ans.pl to work with Net::DNS 0.68. [RT #28028]
-
-3286. [bug] Managed key maintenance timer could fail to start
- after 'rndc reconfig'. [RT #26786]
-
- --- 9.9.0rc3 released ---
-
-3285. [bug] val-frdataset was incorrectly disassociated in
- proveunsecure after calling startfinddlvsep.
- [RT #27928]
-
-3284. [bug] Address race conditions with the handling of
- rbtnode.deadlink. [RT #27738]
-
-3283. [bug] Raw zones with with more than 512 records in a RRset
- failed to load. [RT #27863]
-
-3282. [bug] Restrict the TTL of NS RRset to no more than that
- of the old NS RRset when replacing it.
- [RT #27792] [RT #27884]
-
-3281. [bug] SOA refresh queries could be treated as cancelled
- despite succeeding over the loopback interface.
- [RT #27782]
-
-3280. [bug] Potential double free of a rdataset on out of memory
- with DNS64. [RT #27762]
-
-3279. [bug] Hold a internal reference to the zone while performing
- a asynchronous load. Address potential memory leak
- if the asynchronous is cancelled. [RT #27750]
-
-3278. [bug] Make sure automatic key maintenance is started
- when "auto-dnssec maintain" is turned on during
- "rndc reconfig". [RT #26805]
-
-3277. [bug] win32: isc_socket_dup is not implemented. [RT #27696]
-
-3276. [bug] win32: ns_os_openfile failed to return NULL on
- safe_open failure. [RT #27696]
-
-3275. [bug] Corrected rndc -h output; the 'rndc sync -clean'
- option had been misspelled as '-clear'. (To avoid
- future confusion, both options now work.) [RT #27173]
-
-3271. [port] darwin: mksymtbl is not always stable, loop several
- times before giving up. mksymtbl was using non
- portable perl to covert 64 bit hex strings. [RT #27653]
-
- --- 9.9.0rc2 released ---
-
-3270. [bug] "rndc reload" didn't reuse existing zones correctly
- when inline-signing was in use. [RT #27650]
-
-3269. [port] darwin 11 and later now built threaded by default.
-
-3268. [bug] Convert RRSIG expiry times to 64 timestamps to work
- out the earliest expiry time. [RT #23311]
-
-3267. [bug] Memory allocation failures could be mis-reported as
- unexpected error. New ISC_R_UNSET result code.
- [RT #27336]
-
-3266. [bug] The maximum number of NSEC3 iterations for a
- DNSKEY RRset was not being properly computed.
- [RT #26543]
-
-3265. [bug] Corrected a problem with lock ordering in the
- inline-signing code. [RT #27557]
-
-3264. [bug] Automatic regeneration of signatures in an
- inline-signing zone could stall when the server
- was restarted. [RT #27344]
-
-3263. [bug] "rndc sync" did not affect the unsigned side of an
- inline-signing zone. [RT #27337]
-
-3262. [bug] Signed responses were handled incorrectly by RPZ.
- [RT #27316]
-
-3261. [func] RRset ordering now defaults to random. [RT #27174]
-
-3260. [bug] "rrset-order cyclic" could appear not to rotate
- for some query patterns. [RT #27170/27185]
-
- --- 9.9.0rc1 released ---
-
-3259. [bug] named-compilezone: Suppress "dump zone to <file>"
- message when writing to stdout. [RT #27109]
-
-3258. [test] Add "forcing full sign with unreadable keys" test.
- [RT #27153]
-
-3257. [bug] Do not generate a error message when calling fsync()
- in a pipe or socket. [RT #27109]
-
-3256. [bug] Disable empty zones for lwresd -C. [RT #27139]
-
-3255. [func] No longer require that a empty zones be explicitly
- enabled or that a empty zone is disabled for
- RFC 1918 empty zones to be configured. [RT #27139]
-
-3254. [bug] Set isc_socket_ipv6only() on the IPv6 control channels.
- [RT #22249]
-
-3253. [bug] Return DNS_R_SYNTAX when the input to a text field is
- too long. [RT #26956]
-
-3252. [bug] When master zones using inline-signing were
- updated while the server was offline, the source
- zone could fall out of sync with the signed
- copy. They can now resynchronize. [RT #26676]
-
-3251. [bug] Enforce a upper bound (65535 bytes) on the amount of
- memory dns_sdlz_putrr() can allocate per record to
- prevent run away memory consumption on ISC_R_NOSPACE.
- [RT #26956]
-
-3250. [func] 'configure --enable-developer'; turn on various
- configure options, normally off by default, that
- we want developers to build and test with. [RT #27103]
-
-3249. [bug] Update log message when saving slave zones files for
- analysis after load failures. [RT #27087]
-
-3248. [bug] Configure options --enable-fixed-rrset and
- --enable-exportlib were incompatible with each
- other. [RT #27087]
-
-3247. [bug] 'raw' format zones failed to preserve load order
- breaking 'fixed' sort order. [RT #27087]
-
-3246. [bug] Named failed to start with a empty also-notify list.
- [RT #27087]
-
-3245. [bug] Don't report a error unchanged serials unless there
- were other changes when thawing a zone with
- ixfr-fromdifferences. [RT #26845]
-
-3244. [func] Added readline support to nslookup and nsupdate.
- Also simplified nsupdate syntax to make "update"
- and "prereq" optional. [RT #24659]
-
-3243. [port] freebsd,netbsd,bsdi: the thread defaults were not
- being properly set.
-
-3242. [func] Extended the header of raw-format master files to
- include the serial number of the zone from which
- they were generated, if different (as in the case
- of inline-signing zones). This is to be used in
- inline-signing zones, to track changes between the
- unsigned and signed versions of the zone, which may
- have different serial numbers.
-
- (Note: raw zonefiles generated by this version of
- BIND are no longer compatible with prior versions.
- To generate a backward-compatible raw zonefile
- using dnssec-signzone or named-compilezone, specify
- output format "raw=0" instead of simply "raw".)
- [RT #26587]
-
-3241. [bug] Address race conditions in the resolver code.
- [RT #26889]
-
-3240. [bug] DNSKEY state change events could be missed. [RT #26874]
-
-3239. [bug] dns_dnssec_findmatchingkeys needs to use a consistent
- timestamp. [RT #26883]
-
-3238. [bug] keyrdata was not being reinitialized in
- lib/dns/rbtdb.c:iszonesecure. [RT#26913]
-
-3237. [bug] dig -6 didn't work with +trace. [RT #26906]
-
-3236. [bug] Backed out changes #3182 and #3202, related to
- EDNS(0) fallback behavior. [RT #26416]
-
-3235. [func] dns_db_diffx, a extended dns_db_diff which returns
- the generated diff and optionally writes it to a
- journal. [RT #26386]
-
-3234. [bug] 'make depend' produced invalid makefiles. [RT #26830]
-
-3233. [bug] 'rndc freeze/thaw' didn't work for inline zones.
- [RT #26632]
-
-3232. [bug] Zero zone->curmaster before return in
- dns_zone_setmasterswithkeys(). [RT #26732]
-
-3231. [bug] named could fail to send a incompressible zone.
- [RT #26796]
-
-3230. [bug] 'dig axfr' failed to properly handle a multi-message
- axfr with a serial of 0. [RT #26796]
-
-3229. [bug] Fix local variable to struct var assignment
- found by CLANG warning.
-
-3228. [tuning] Dynamically grow symbol table to improve zone
- loading performance. [RT #26523]
-
-3227. [bug] Interim fix to make WKS's use of getprotobyname()
- and getservbyname() self thread safe. [RT #26232]
-
-3226. [bug] Address minor resource leakages. [RT #26624]
-
-3225. [bug] Silence spurious "setsockopt(517, IPV6_V6ONLY) failed"
- messages. [RT #26507]
-
-3224. [bug] 'rndc signing' argument parsing was broken. [RT #26684]
-
-3223. [bug] 'task_test privilege_drop' generated false positives.
- [RT #26766]
-
-3222. [cleanup] Replace dns_journal_{get,set}_bitws with
- dns_journal_{get,set}_sourceserial. [RT #26634]
-
-3221. [bug] Fixed a potential core dump on shutdown due to
- referencing fetch context after it's been freed.
- [RT #26720]
-
- --- 9.9.0b2 released ---
-
-3220. [bug] Change #3186 was incomplete; dns_db_rpz_findips()
- could fail to set the database version correctly,
- causing an assertion failure. [RT #26180]
-
-3219. [bug] Disable NOEDNS caching following a timeout.
-
-3218. [security] Cache lookup could return RRSIG data associated with
- nonexistent records, leading to an assertion
- failure. [RT #26590]
-
-3217. [cleanup] Fix build problem with --disable-static. [RT #26476]
-
-3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478]
-
-3215. [bug] 'rndc recursing' could cause a core dump. [RT #26495]
-
-3214. [func] Add 'named -U' option to set the number of UDP
- listener threads per interface. [RT #26485]
-
-3213. [doc] Clarify ixfr-from-differences behavior. [RT #25188]
-
-3212. [bug] rbtdb.c: failed to remove a node from the deadnodes
- list prior to adding a reference to it leading a
- possible assertion failure. [RT #23219]
-
-3211. [func] dnssec-signzone: "-f -" prints to stdout; "-O full"
- option prints in single-line-per-record format.
- [RT #20287]
-
-3210. [bug] Canceling the oldest query due to recursive-client
- overload could trigger an assertion failure. [RT #26463]
-
-3209. [func] Add "dnssec-lookaside 'no'". [RT #24858]
-
-3208. [bug] 'dig -y' handle unknown tsig algorithm better.
- [RT #25522]
-
-3207. [contrib] Fixed build error in Berkeley DB DLZ module. [RT #26444]
-
-3206. [cleanup] Add ISC information to log at start time. [RT #25484]
-
-3205. [func] Upgrade dig's defaults to better reflect modern
- nameserver behavior. Enable "dig +adflag" and
- "dig +edns=0" by default. Enable "+dnssec" when
- running "dig +trace". [RT #23497]
-
-3204. [bug] When a master server that has been marked as
- unreachable sends a NOTIFY, mark it reachable
- again. [RT #25960]
-
-3203. [bug] Increase log level to 'info' for validation failures
- from expired or not-yet-valid RRSIGs. [RT #21796]
-
-3202. [bug] NOEDNS caching on timeout was too aggressive.
- [RT #26416]
-
-3201. [func] 'rndc querylog' can now be given an on/off parameter
- instead of only being used as a toggle. [RT #18351]
-
-3200. [doc] Some rndc functions were undocumented or were
- missing from 'rndc -h' output. [RT #25555]
-
-3199. [func] When logging client information, include the name
- being queried. [RT #25944]
-
-3198. [doc] Clarified that dnssec-settime can alter keyfile
- permissions. [RT #24866]
-
-3197. [bug] Don't try to log the filename and line number when
- the config parser can't open a file. [RT #22263]
-
-3196. [bug] nsupdate: return nonzero exit code when target zone
- doesn't exist. [RT #25783]
-
-3195. [cleanup] Silence "file not found" warnings when loading
- managed-keys zone. [RT #26340]
-
-3194. [doc] Updated RFC references in the 'empty-zones-enable'
- documentation. [RT #25203]
-
-3193. [cleanup] Changed MAXZONEKEYS to DNS_MAXZONEKEYS, moved to
- dnssec.h. [RT #26415]
-
-3192. [bug] A query structure could be used after being freed.
- [RT #22208]
-
-3191. [bug] Print NULL records using "unknown" format. [RT #26392]
-
-3190. [bug] Underflow in error handling in isc_mutexblock_init.
- [RT #26397]
-
-3189. [test] Added a summary report after system tests. [RT #25517]
-
-3188. [bug] zone.c:zone_refreshkeys() could fail to detach
- references correctly when errors occurred, causing
- a hang on shutdown. [RT #26372]
-
-3187. [port] win32: support for Visual Studio 2008. [RT #26356]
-
- --- 9.9.0b1 released ---
-
-3186. [bug] Version/db mis-match in rpz code. [RT #26180]
-
-3185. [func] New 'rndc signing' option for auto-dnssec zones:
- - 'rndc signing -list' displays the current
- state of signing operations
- - 'rndc signing -clear' clears the signing state
- records for keys that have fully signed the zone
- - 'rndc signing -nsec3param' sets the NSEC3
- parameters for the zone
- The 'rndc keydone' syntax is removed. [RT #23729]
-
-3184. [bug] named had excessive cpu usage when a redirect zone was
- configured. [RT #26013]
-
-3183. [bug] Added RTLD_GLOBAL flag to dlopen call. [RT #26301]
-
-3182. [bug] Auth servers behind firewalls which block packets
- greater than 512 bytes may cause other servers to
- perform poorly. Now, adb retains edns information
- and caches noedns servers. [RT #23392/24964]
-
-3181. [func] Inline-signing is now supported for master zones.
- [RT #26224]
-
-3180. [func] Local copies of slave zones are now saved in raw
- format by default, to improve startup performance.
- 'masterfile-format text;' can be used to override
- the default, if desired. [RT #25867]
-
-3179. [port] kfreebsd: build issues. [RT #26273]
-
-3178. [bug] A race condition introduced by change #3163 could
- cause an assertion failure on shutdown. [RT #26271]
-
-3177. [func] 'rndc keydone', remove the indicator record that
- named has finished signing the zone with the
- corresponding key. [RT #26206]
-
-3176. [doc] Corrected example code and added a README to the
- sample external DLZ module in contrib/dlz/example.
- [RT #26215]
-
-3175. [bug] Fix how DNSSEC positive wildcard responses from a
- NSEC3 signed zone are validated. Stop sending a
- unnecessary NSEC3 record when generating such
- responses. [RT #26200]
-
-3174. [bug] Always compute to revoked key tag from scratch.
- [RT #26186]
-
-3173. [port] Correctly validate root DS responses. [RT #25726]
-
-3172. [port] darwin 10.* and freebsd [89] are now built threaded by
- default.
-
-3171. [bug] Exclusively lock the task when adding a zone using
- 'rndc addzone'. [RT #25600]
-
- --- 9.9.0a3 released ---
-
-3170. [func] RPZ update:
- - fix precedence among competing rules
- - improve ARM text including documenting rule precedence
- - try to rewrite CNAME chains until first hit
- - new "rpz" logging channel
- - RDATA for CNAME rules can include wildcards
- - replace "NO-OP" named.conf policy override with
- "PASSTHRU" and add "DISABLED" override ("NO-OP"
- is still recognized)
- [RT #25172]
-
-3169. [func] Catch db/version mis-matches when calling dns_db_*().
- [RT #26017]
-
-3168. [bug] Nxdomain redirection could trigger an assert with
- a ANY query. [RT #26017]
-
-3167. [bug] Negative answers from forwarders were not being
- correctly tagged making them appear to not be cached.
- [RT #25380]
-
-3166. [bug] Upgrading a zone to support inline-signing failed.
- [RT #26014]
-
-3165. [bug] dnssec-signzone could generate new signatures when
- resigning, even when valid signatures were already
- present. [RT #26025]
-
-3164. [func] Enable DLZ modules to retrieve client information,
- so that responses can be changed depending on the
- source address of the query. [RT #25768]
-
-3163. [bug] Use finer-grained locking in client.c to address
- concurrency problems with large numbers of threads.
- [RT #26044]
-
-3162. [test] start.pl: modified to allow for "named.args" in
- ns*/ subdirectory to override stock arguments to
- named. Largely from RT#26044, but no separate ticket.
-
-3161. [bug] zone.c:del_sigs failed to always reset rdata leading
- assertion failures. [RT #25880]
-
-3160. [bug] When printing out a NSEC3 record in multiline form
- the newline was not being printed causing type codes
- to be run together. [RT #25873]
-
-3159. [bug] On some platforms, named could assert on startup
- when running in a chrooted environment without
- /proc. [RT #25863]
-
-3158. [bug] Recursive servers would prefer a particular UDP
- socket instead of using all available sockets.
- [RT #26038]
-
-3157. [tuning] Reduce the time spent in "rndc reconfig" by parsing
- the config file before pausing the server. [RT #21373]
-
-3156. [placeholder]
-
- --- 9.9.0a2 released ---
-
-3155. [bug] Fixed a build failure when using contrib DLZ
- drivers (e.g., mysql, postgresql, etc). [RT #25710]
-
-3154. [bug] Attempting to print an empty rdataset could trigger
- an assert. [RT #25452]
-
-3153. [func] Extend request-ixfr to zone level and remove the
- side effect of forcing an AXFR. [RT #25156]
-
-3152. [cleanup] Some versions of gcc and clang failed due to
- incorrect use of __builtin_expect. [RT #25183]
-
-3151. [bug] Queries for type RRSIG or SIG could be handled
- incorrectly. [RT #21050]
-
-3150. [func] Improved startup and reconfiguration time by
- enabling zones to load in multiple threads. [RT #25333]
-
-3149. [placeholder]
-
-3148. [bug] Processing of normal queries could be stalled when
- forwarding a UPDATE message. [RT #24711]
-
-3147. [func] Initial inline signing support. [RT #23657]
-
- --- 9.9.0a1 released ---
-
-3146. [test] Fixed gcc4.6.0 errors in ATF. [RT #25598]
-
-3145. [test] Capture output of ATF unit tests in "./atf.out" if
- there were any errors while running them. [RT #25527]
-
-3144. [bug] dns_dbiterator_seek() could trigger an assert when
- used with a nonexistent database node. [RT #25358]
-
-3143. [bug] Silence clang compiler warnings. [RT #25174]
-
-3142. [bug] NAPTR is class agnostic. [RT #25429]
-
-3141. [bug] Silence spurious "zone serial (0) unchanged" messages
- associated with empty zones. [RT #25079]
-
-3140. [func] New command "rndc flushtree <name>" clears the
- specified name from the server cache along with
- all names under it. [RT #19970]
-
-3139. [test] Added tests from RFC 6234, RFC 2202, and RFC 1321
- for the hashing algorithms (md5, sha1 - sha512, and
- their hmac counterparts). [RT #25067]
-
-3138. [bug] Address memory leaks and out-of-order operations when
- shutting named down. [RT #25210]
-
-3137. [func] Improve hardware scalability by allowing multiple
- worker threads to process incoming UDP packets.
- This can significantly increase query throughput
- on some systems. [RT #22992]
-
-3136. [func] Add RFC 1918 reverse zones to the list of built-in
- empty zones switched on by the 'empty-zones-enable'
- option. [RT #24990]
-
-3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing.
- See http://www.freebsd.org/cgi/query-pr.cgi?pr=158307
- [RT #24950]
-
-3134. [bug] Improve the accuracy of dnssec-signzone's signing
- statistics. [RT #16030]
-
-3133. [bug] Change #3114 was incomplete. [RT #24577]
-
-3132. [placeholder]
-
-3131. [tuning] Improve scalability by allocating one zone task
- per 100 zones at startup time, rather than using a
- fixed-size task table. [RT #24406]
-
-3130. [func] Support alternate methods for managing a dynamic
- zone's serial number. Two methods are currently
- defined using serial-update-method, "increment"
- (default) and "unixtime". [RT #23849]
-
-3129. [bug] Named could crash on 'rndc reconfig' when
- allow-new-zones was set to yes and named ACLs
- were used. [RT #22739]
-
-3128. [func] Inserting an NSEC3PARAM via dynamic update in an
- auto-dnssec zone that has not been signed yet
- will cause it to be signed with the specified NSEC3
- parameters when keys are activated. The
- NSEC3PARAM record will not appear in the zone until
- it is signed, but the parameters will be stored.
- [RT #23684]
-
-3127. [bug] 'rndc thaw' will now remove a zone's journal file
- if the zone serial number has been changed and
- ixfr-from-differences is not in use. [RT #24687]
-
-3126. [security] Using DNAME record to generate replacements caused
- RPZ to exit with a assertion failure. [RT #24766]
-
-3125. [security] Using wildcard CNAME records as a replacement with
- RPZ caused named to exit with a assertion failure.
- [RT #24715]
-
-3124. [bug] Use an rdataset attribute flag to indicate
- negative-cache records rather than using rrtype 0;
- this will prevent problems when that rrtype is
- used in actual DNS packets. [RT #24777]
-
-3123. [security] Change #2912 exposed a latent flaw in
- dns_rdataset_totext() that could cause named to
- crash with an assertion failure. [RT #24777]
-
-3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664]
-
-3121. [security] An authoritative name server sending a negative
- response containing a very large RRset could
- trigger an off-by-one error in the ncache code
- and crash named. [RT #24650]
-
-3120. [bug] Named could fail to validate zones listed in a DLV
- that validated insecure without using DLV and had
- DS records in the parent zone. [RT #24631]
-
-3119. [bug] When rolling to a new DNSSEC key, a private-type
- record could be created and never marked complete.
- [RT #23253]
-
-3118. [bug] nsupdate could dump core on shutdown when using
- SIG(0) keys. [RT #24604]
-
-3117. [cleanup] Remove doc and parser references to the
- never-implemented 'auto-dnssec create' option.
- [RT #24533]
-
-3116. [func] New 'dnssec-update-mode' option controls updates
- of DNSSEC records in signed dynamic zones. Set to
- 'no-resign' to disable automatic RRSIG regeneration
- while retaining the ability to sign new or changed
- data. [RT #24533]
-
-3115. [bug] Named could fail to return requested data when
- following a CNAME that points into the same zone.
- [RT #24455]
-
-3114. [bug] Retain expired RRSIGs in dynamic zones if key is
- inactive and there is no replacement key. [RT #23136]
-
-3113. [doc] Document the relationship between serial-query-rate
- and NOTIFY messages.
-
-3112. [doc] Add missing descriptions of the update policy name
- types "ms-self", "ms-subdomain", "krb5-self" and
- "krb5-subdomain", which allow machines to update
- their own records, to the BIND 9 ARM.
-
-3111. [bug] Improved consistency checks for dnssec-enable and
- dnssec-validation, added test cases to the
- checkconf system test. [RT #24398]
-
-3110. [bug] dnssec-signzone: Wrong error message could appear
- when attempting to sign with no KSK. [RT #24369]
-
-3109. [func] The also-notify option now uses the same syntax
- as a zone's masters clause. This means it is
- now possible to specify a TSIG key to use when
- sending notifies to a given server, or to include
- an explicit named masters list in an also-notfiy
- statement. [RT #23508]
-
-3108. [cleanup] dnssec-signzone: Clarified some error and
- warning messages; removed #ifdef ALLOW_KSKLESS_ZONES
- code (use -P instead). [RT #20852]
-
-3107. [bug] dnssec-signzone: Report the correct number of ZSKs
- when using -x. [RT #20852]
-
-3106. [func] When logging client requests, include the name of
- the TSIG key if any. [RT #23619]
-
-3105. [bug] GOST support can be suppressed by "configure
- --without-gost" [RT #24367]
-
-3104. [bug] Better support for cross-compiling. [RT #24367]
-
-3103. [bug] Configuring 'dnssec-validation auto' in a view
- instead of in the options statement could trigger
- an assertion failure in named-checkconf. [RT #24382]
-
-3102. [func] New 'dnssec-loadkeys-interval' option configures
- how often, in minutes, to check the key repository
- for updates when using automatic key maintenance.
- Default is every 60 minutes (formerly hard-coded
- to 12 hours). [RT #23744]
-
-3101. [bug] Zones using automatic key maintenance could fail
- to check the key repository for updates. [RT #23744]
-
-3100. [security] Certain response policy zone configurations could
- trigger an INSIST when receiving a query of type
- RRSIG. [RT #24280]
-
-3099. [test] "dlz" system test now runs but gives R:SKIPPED if
- not compiled with --with-dlz-filesystem. [RT #24146]
-
-3098. [bug] DLZ zones were answering without setting the AA bit.
- [RT #24146]
-
-3097. [test] Add a tool to test handling of malformed packets.
- [RT #24096]
-
-3096. [bug] Set KRB5_KTNAME before calling log_cred() in
- dst_gssapi_acceptctx(). [RT #24004]
-
-3095. [bug] Handle isolated reserved ports in the port range.
- [RT #23957]
-
-3094. [doc] Expand dns64 documentation.
-
-3093. [bug] Fix gssapi/kerberos dependencies [RT #23836]
-
-3092. [bug] Signatures for records at the zone apex could go
- stale due to an incorrect timer setting. [RT #23769]
-
-3091. [bug] Fixed a bug in which zone keys that were published
- and then subsequently activated could fail to trigger
- automatic signing. [RT #22911]
-
-3090. [func] Make --with-gssapi default [RT #23738]
-
-3089. [func] dnssec-dsfromkey now supports reading keys from
- standard input "dnssec-dsfromkey -f -". [RT# 20662]
-
-3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
- and add setup.sh in order to resolve changing
- named.conf issue. [RT #23687]
-
-3087. [bug] DDNS updates using SIG(0) with update-policy match
- type "external" could cause a crash. [RT #23735]
-
-3086. [bug] Running dnssec-settime -f on an old-style key will
- now force an update to the new key format even if no
- other change has been specified, using "-P now -A now"
- as default values. [RT #22474]
-
-3085. [func] New '-R' option in dnssec-signzone forces removal
- of signatures which have not yet expired but
- were generated by a key that no longer exists.
- [RT #22471]
-
-3084. [func] A new command "rndc sync" dumps pending changes in
- a dynamic zone to disk; "rndc sync -clean" also
- removes the journal file after syncing. Also,
- "rndc freeze" no longer removes journal files.
- [RT #22473]
-
-3083. [bug] NOTIFY messages were not being sent when generating
- a NSEC3 chain incrementally. [RT #23702]
-
-3082. [port] strtok_r is threads only. [RT #23747]
-
-3081. [bug] Failure of DNAME substitution did not return
- YXDOMAIN. [RT #23591]
-
-3080. [cleanup] Replaced compile time constant by STDTIME_ON_32BITS.
- [RT #23587]
-
-3079. [bug] Handle isc_event_allocate failures in t_tasks.
- [RT #23572]
-
-3078. [func] Added a new include file with function typedefs
- for the DLZ "dlopen" driver. [RT #23629]
-
-3077. [bug] zone.c:zone_refreshkeys() incorrectly called
- dns_zone_attach(), use zone->irefs instead. [RT #23303]
-
-3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and
- dnssec-keyfromlabel sets the default TTL of the
- key. When possible, automatic signing will use that
- TTL when the key is published. [RT #23304]
-
-3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistent
- timestamp when determining which keys are active.
- [RT #23642]
-
-3074. [bug] Make the adb cache read through for zone data and
- glue learn for zone named is authoritative for.
- [RT #22842]
-
-3073. [bug] managed-keys changes were not properly being recorded.
- [RT #20256]
-
-3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference.
- [RT #20256]
-
-3071. [bug] has_nsec could be used uninitialized in
- update.c:next_active. [RT #20256]
-
-3070. [bug] dnssec-signzone potential NULL pointer dereference.
- [RT #20256]
-
-3069. [cleanup] Silence warnings messages from clang static analysis.
- [RT #20256]
-
-3068. [bug] Named failed to build with a OpenSSL without engine
- support. [RT #23473]
-
-3067. [bug] ixfr-from-differences {master|slave}; failed to
- select the master/slave zones. [RT #23580]
-
-3066. [func] The DLZ "dlopen" driver is now built by default,
- no longer requiring a configure option. To
- disable it, use "configure --without-dlopen".
- Driver also supported on win32. [RT #23467]
-
-3065. [bug] RRSIG could have time stamps too far in the future.
- [RT #23356]
-
-3064. [bug] powerpc: add sync instructions to the end of atomic
- operations. [RT #23469]
-
-3063. [contrib] More verbose error reporting from DLZ LDAP. [RT #23402]
-
-3062. [func] Made several changes to enhance human readability
- of DNSSEC data in dig output and in generated
- zone files:
- - DNSKEY record comments are more verbose, no
- longer used in multiline mode only
- - multiline RRSIG records reformatted
- - multiline output mode for NSEC3PARAM records
- - "dig +norrcomments" suppresses DNSKEY comments
- - "dig +split=X" breaks hex/base64 records into
- fields of width X; "dig +nosplit" disables this.
- [RT #22820]
-
-3061. [func] New option "dnssec-signzone -D", only write out
- generated DNSSEC records. [RT #22896]
-
-3060. [func] New option "dnssec-signzone -X <date>" allows
- specification of a separate expiration date
- for DNSKEY RRSIGs and other RRSIGs. [RT #22141]
-
-3059. [test] Added a regression test for change #3023.
-
-3058. [bug] Cause named to terminate at startup or rndc reconfig/
- reload to fail, if a log file specified in the conf
- file isn't a plain file. [RT #22771]
-
-3057. [bug] "rndc secroots" would abort after the first error
- and so could miss some views. [RT #23488]
-
-3056. [func] Added support for URI resource record. [RT #23386]
-
-3055. [placeholder]
-
-3054. [bug] Added elliptic curve support check in
- GOST OpenSSL engine detection. [RT #23485]
-
-3053. [bug] Under a sustained high query load with a finite
- max-cache-size, it was possible for cache memory
- to be exhausted and not recovered. [RT #23371]
-
-3052. [test] Fixed last autosign test report. [RT #23256]
-
-3051. [bug] NS records obscure DNAME records at the bottom of the
- zone if both are present. [RT #23035]
-
-3050. [bug] The autosign system test was timing dependent.
- Wait for the initial autosigning to complete
- before running the rest of the test. [RT #23035]
-
-3049. [bug] Save and restore the gid when creating creating
- named.pid at startup. [RT #23290]
-
-3048. [bug] Fully separate view key management. [RT #23419]
-
-3047. [bug] DNSKEY NODATA responses not cached fixed in
- validator.c. Tests added to dnssec system test.
- [RT #22908]
-
-3046. [bug] Use RRSIG original TTL to compute validated RRset
- and RRSIG TTL. [RT #23332]
-
-3045. [removed] Replaced by change #3050.
-
-3044. [bug] Hold the socket manager lock while freeing the socket.
- [RT #23333]
-
-3043. [test] Merged in the NetBSD ATF test framework (currently
- version 0.12) for development of future unit tests.
- Use configure --with-atf to build ATF internally
- or configure --with-atf=prefix to use an external
- copy. [RT #23209]
-
-3042. [bug] dig +trace could fail attempting to use IPv6
- addresses on systems with only IPv4 connectivity.
- [RT #23297]
-
-3041. [bug] dnssec-signzone failed to generate new signatures on
- ttl changes. [RT #23330]
-
-3040. [bug] Named failed to validate insecure zones where a node
- with a CNAME existed between the trust anchor and the
- top of the zone. [RT #23338]
-
-3039. [func] Redirect on NXDOMAIN support. [RT #23146]
-
-3038. [bug] Install <dns/rpz.h>. [RT #23342]
-
-3037. [doc] Update COPYRIGHT to contain all the individual
- copyright notices that cover various parts.
-
-3036. [bug] Check built-in zone arguments to see if the zone
- is re-usable or not. [RT #21914]
-
-3035. [cleanup] Simplify by using strlcpy. [RT #22521]
-
-3034. [cleanup] nslookup: use strlcpy instead of safecopy. [RT #22521]
-
-3033. [cleanup] Add two INSIST(bucket != DNS_ADB_INVALIDBUCKET).
- [RT #22521]
-
-3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
-
-3031. [bug] dns_rdataclass_format() handle a zero sized buffer.
- [RT #22521]
-
-3030. [bug] dns_rdatatype_format() handle a zero sized buffer.
- [RT #22521]
-
-3029. [bug] isc_netaddr_format() handle a zero sized buffer.
- [RT #22521]
-
-3028. [bug] isc_sockaddr_format() handle a zero sized buffer.
- [RT #22521]
-
-3027. [bug] Add documented REQUIREs to cfg_obj_asnetprefix() to
- catch NULL pointer dereferences before they happen.
- [RT #22521]
-
-3026. [bug] lib/isc/httpd.c: check that we have enough space
- after calling grow_headerspace() and if not
- re-call grow_headerspace() until we do. [RT #22521]
-
-3025. [bug] Fixed a possible deadlock due to zone resigning.
- [RT #22964]
-
-3024. [func] RTT Banding removed due to minor security increase
- but major impact on resolver latency. [RT #23310]
-
-3023. [bug] Named could be left in an inconsistent state when
- receiving multiple AXFR response messages that were
- not all TSIG-signed. [RT #23254]
-
-3022. [bug] Fixed rpz SERVFAILs after failed zone transfers
- [RT #23246]
-
-3021. [bug] Change #3010 was incomplete. [RT #22296]
-
-3020. [bug] auto-dnssec failed to correctly update the zone when
- changing the DNSKEY RRset. [RT #23232]
-
-3019. [test] Test: check apex NSEC3 records after adding DNSKEY
- record via UPDATE. [RT #23229]
-
-3018. [bug] Named failed to check for the "none;" acl when deciding
- if a zone may need to be re-signed. [RT #23120]
-
-3017. [doc] dnssec-keyfromlabel -I was not properly documented.
- [RT #22887]
-
-3016. [bug] rndc usage missing '-b'. [RT #22937]
-
-3015. [port] win32: fix IN6_IS_ADDR_LINKLOCAL and
- IN6_IS_ADDR_SITELOCAL macros. [RT #22724]
-
-3014. [placeholder]
-
-3013. [bug] The DNS64 ttl was not always being set as expected.
- [RT #23034]
-
-3012. [bug] Remove DNSKEY TTL change pairs before generating
- signing records for any remaining DNSKEY changes.
- [RT #22590]
-
-3011. [func] Change the default query timeout from 30 seconds
- to 10. Allow setting this in named.conf using the new
- 'resolver-query-timeout' option, which specifies a max
- time in seconds. 0 means 'default' and anything longer
- than 30 will be silently set to 30. [RT #22852]
-
-3010. [bug] Fixed a bug where "rndc reconfig" stopped the timer
- for refreshing managed-keys. [RT #22296]
-
-3009. [bug] clients-per-query code didn't work as expected with
- particular query patterns. [RT #22972]
-
- --- 9.8.0b1 released ---
-
-3008. [func] Response policy zones (RPZ) support. [RT #21726]
-
-3007. [bug] Named failed to preserve the case of domain names in
- rdata which is not compressible when writing master
- files. [RT #22863]
-
-3006. [func] Allow dynamically generated TSIG keys to be preserved
- across restarts of named. Initially this is for
- TSIG keys generated using GSSAPI. [RT #22639]
-
-3005. [port] Solaris: Work around the lack of
- gsskrb5_register_acceptor_identity() by setting
- the KRB5_KTNAME environment variable to the
- contents of tkey-gssapi-keytab. Also fixed
- test errors on MacOSX. [RT #22853]
-
-3004. [func] DNS64 reverse support. [RT #22769]
-
-3003. [experimental] Added update-policy match type "external",
- enabling named to defer the decision of whether to
- allow a dynamic update to an external daemon.
- (Contributed by Andrew Tridgell.) [RT #22758]
-
-3002. [bug] isc_mutex_init_errcheck() failed to destroy attr.
- [RT #22766]
-
-3001. [func] Added a default trust anchor for the root zone, which
- can be switched on by setting "dnssec-validation auto;"
- in the named.conf options. [RT #21727]
-
-3000. [bug] More TKEY/GSS fixes:
- - nsupdate can now get the default realm from
- the user's Kerberos principal
- - corrected gsstest compilation flags
- - improved documentation
- - fixed some NULL dereferences
- [RT #22795]
-
-2999. [func] Add GOST support (RFC 5933). [RT #20639]
-
-2998. [func] Add isc_task_beginexclusive and isc_task_endexclusive
- to the task api. [RT #22776]
-
-2997. [func] named -V now reports the OpenSSL and libxml2 verions
- it was compiled against. [RT #22687]
-
-2996. [security] Temporarily disable SO_ACCEPTFILTER support.
- [RT #22589]
-
-2995. [bug] The Kerberos realm was not being correctly extracted
- from the signer's identity. [RT #22770]
-
-2994. [port] NetBSD: use pthreads by default on NetBSD >= 5.0, and
- do not use threads on earlier versions. Also kill
- the unproven-pthreads, mit-pthreads, and ptl2 support.
-
-2993. [func] Dynamically grow adb hash tables. [RT #21186]
-
-2992. [contrib] contrib/check-secure-delegation.pl: A simple tool
- for looking at a secure delegation. [RT #22059]
-
-2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for
- dynamic zones. [RT #22365]
-
-2990. [bug] 'dnssec-settime -S' no longer tests prepublication
- interval validity when the interval is set to 0.
- [RT #22761]
-
-2989. [func] Added support for writable DLZ zones. (Contributed
- by Andrew Tridgell of the Samba project.) [RT #22629]
-
-2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation
- of external DLZ drivers that can be loaded as
- shared objects at runtime rather than linked with
- named. Currently this is switched on via a
- compile-time option, "configure --with-dlz-dlopen".
- Note: the syntax for configuring DLZ zones
- is likely to be refined in future releases.
- (Contributed by Andrew Tridgell of the Samba
- project.) [RT #22629]
-
-2987. [func] Improve ease of configuring TKEY/GSS updates by
- adding a "tkey-gssapi-keytab" option. If set,
- updates will be allowed with any key matching
- a principal in the specified keytab file.
- "tkey-gssapi-credential" is no longer required
- and is expected to be deprecated. (Contributed
- by Andrew Tridgell of the Samba project.)
- [RT #22629]
-
-2986. [func] Add new zone type "static-stub". It's like a stub
- zone, but the nameserver names and/or their IP
- addresses are statically configured. [RT #21474]
-
-2985. [bug] Add a regression test for change #2896. [RT #21324]
-
-2984. [bug] Don't run MX checks when the target of the MX record
- is ".". [RT #22645]
-
-2983. [bug] Include "loadkeys" in rndc help output. [RT #22493]
-
- --- 9.8.0a1 released ---
-
-2982. [bug] Reference count dst keys. dst_key_attach() can be used
- increment the reference count.
-
- Note: dns_tsigkey_createfromkey() callers should now
- always call dst_key_free() rather than setting it
- to NULL on success. [RT #22672]
-
-2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991]
-
-2980. [bug] named didn't properly handle UPDATES that changed the
- TTL of the NSEC3PARAM RRset. [RT #22363]
-
-2979. [bug] named could deadlock during shutdown if two
- "rndc stop" commands were issued at the same
- time. [RT #22108]
-
-2978. [port] hpux: look for <devpoll.h> [RT #21919]
-
-2977. [bug] 'nsupdate -l' report if the session key is missing.
- [RT #21670]
-
-2976. [bug] named could die on exit after negotiating a GSS-TSIG
- key. [RT #22573]
-
-2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
- wrong lock which could lead to server deadlock.
- [RT #22614]
-
-2974. [bug] Some valid UPDATE requests could fail due to a
- consistency check examining the existing version
- of the zone rather than the new version resulting
- from the UPDATE. [RT #22413]
-
-2973. [bug] bind.keys.h was being removed by the "make clean"
- at the end of configure resulting in build failures
- where there is very old version of perl installed.
- Move it to "make maintainer-clean". [RT #22230]
-
-2972. [bug] win32: address windows socket errors. [RT #21906]
-
-2971. [bug] Fixed a bug that caused journal files not to be
- compacted on Windows systems as a result of
- non-POSIX-compliant rename() semantics. [RT #22434]
-
-2970. [security] Adding a NO DATA negative cache entry failed to clear
- any matching RRSIG records. A subsequent lookup of
- of NO DATA cache entry could trigger a INSIST when the
- unexpected RRSIG was also returned with the NO DATA
- cache entry.
-
- CVE-2010-3613, VU#706148. [RT #22288]
-
-2969. [security] Fix acl type processing so that allow-query works
- in options and view statements. Also add a new
- set of tests to verify proper functioning.
-
- CVE-2010-3615, VU#510208. [RT #22418]
-
-2968. [security] Named could fail to prove a data set was insecure
- before marking it as insecure. One set of conditions
- that can trigger this occurs naturally when rolling
- DNSKEY algorithms.
-
- CVE-2010-3614, VU#837744. [RT #22309]
-
-2967. [bug] 'host -D' now turns on debugging messages earlier.
- [RT #22361]
-
-2966. [bug] isc_print_vsnprintf() failed to check if there was
- space available in the buffer when adding a left
- justified character with a non zero width,
- (e.g. "%-1c"). [RT #22270]
-
-2965. [func] Test HMAC functions using test data from RFC 2104 and
- RFC 4634. [RT #21702]
-
-2964. [placeholder]
-
-2963. [security] The allow-query acl was being applied instead of the
- allow-query-cache acl to cache lookups. [RT #22114]
-
-2962. [port] win32: add more dependencies to BINDBuild.dsw.
- [RT #22062]
-
-2961. [bug] Be still more selective about the non-authoritative
- answers we apply change 2748 to. [RT #22074]
-
-2960. [func] Check that named accepts non-authoritative answers.
- [RT #21594]
-
-2959. [func] Check that named starts with a missing masterfile.
- [RT #22076]
-
-2958. [bug] named failed to start with a missing master file.
- [RT #22076]
-
-2957. [bug] entropy_get() and entropy_getpseudo() failed to match
- the API for RAND_bytes() and RAND_pseudo_bytes()
- respectively. [RT #21962]
-
-2956. [port] Enable atomic operations on the PowerPC64. [RT #21899]
-
-2955. [func] Provide more detail in the recursing log. [RT #22043]
-
-2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
- build_sqldbinstance failure. [RT #21623]
-
-2953. [bug] Silence spurious "expected covering NSEC3, got an
- exact match" message when returning a wildcard
- no data response. [RT #21744]
-
-2952. [port] win32: named-checkzone and named-checkconf failed
- to initialize winsock. [RT #21932]
-
-2951. [bug] named failed to generate a correct signed response
- in a optout, delegation only zone with no secure
- delegations. [RT #22007]
-
-2950. [bug] named failed to perform a SOA up to date check when
- falling back to TCP on UDP timeouts when
- ixfr-from-differences was set. [RT #21595]
-
-2949. [bug] dns_view_setnewzones() contained a memory leak if
- it was called multiple times. [RT #21942]
-
-2948. [port] MacOS: provide a mechanism to configure the test
- interfaces at reboot. See bin/tests/system/README
- for details.
-
-2947. [placeholder]
-
-2946. [doc] Document the default values for the minimum and maximum
- zone refresh and retry values in the ARM. [RT #21886]
-
-2945. [doc] Update empty-zones list in ARM. [RT #21772]
-
-2944. [maint] Remove ORCHID prefix from built in empty zones.
- [RT #21772]
-
-2943. [func] Add support to load new keys into managed zones
- without signing immediately with "rndc loadkeys".
- Add support to link keys with "dnssec-keygen -S"
- and "dnssec-settime -S". [RT #21351]
-
-2942. [contrib] zone2sqlite failed to setup the entropy sources.
- [RT #21610]
-
-2941. [bug] sdb and sdlz (dlz's zone database) failed to support
- DNAME at the zone apex. [RT #21610]
-
-2940. [port] Remove connection aborted error message on
- Windows. [RT #21549]
-
-2939. [func] Check that named successfully skips NSEC3 records
- that fail to match the NSEC3PARAM record currently
- in use. [RT# 21868]
-
-2938. [bug] When generating signed responses, from a signed zone
- that uses NSEC3, named would use a uninitialized
- pointer if it needed to skip a NSEC3 record because
- it didn't match the selected NSEC3PARAM record for
- zone. [RT# 21868]
-
-2937. [bug] Worked around an apparent race condition in over
- memory conditions. Without this fix a DNS cache DB or
- ADB could incorrectly stay in an over memory state,
- effectively refusing further caching, which
- subsequently made a BIND 9 caching server unworkable.
- This fix prevents this problem from happening by
- polling the state of the memory context, rather than
- making a copy of the state, which appeared to cause
- a race. This is a "workaround" in that it doesn't
- solve the possible race per se, but several experiments
- proved this change solves the symptom. Also, the
- polling overhead hasn't been reported to be an issue.
- This bug should only affect a caching server that
- specifies a finite max-cache-size. It's also quite
- likely that the bug happens only when enabling threads,
- but it's not confirmed yet. [RT #21818]
-
-2936. [func] Improved configuration syntax and multiple-view
- support for addzone/delzone feature (see change
- #2930). Removed "new-zone-file" option, replaced
- with "allow-new-zones (yes|no)". The new-zone-file
- for each view is now created automatically, with
- a filename generated from a hash of the view name.
- It is no longer necessary to "include" the
- new-zone-file in named.conf; this happens
- automatically. Zones that were not added via
- "rndc addzone" can no longer be removed with
- "rndc delzone". [RT #19447]
-
-2935. [bug] nsupdate: improve 'file not found' error message.
- [RT #21871]
-
-2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
- [RT #21871]
-
-2933. [bug] 'dig +nsid' used stack memory after it went out of
- scope. This could potentially result in a unknown,
- potentially malformed, EDNS option being sent instead
- of the desired NSID option. [RT #21781]
-
-2932. [cleanup] Corrected a numbering error in the "dnssec" test.
- [RT #21597]
-
-2931. [bug] Temporarily and partially disable change 2864
- because it would cause infinite attempts of RRSIG
- queries. This is an urgent care fix; we'll
- revisit the issue and complete the fix later.
- [RT #21710]
-
-2930. [experimental] New "rndc addzone" and "rndc delzone" commands
- allow dynamic addition and deletion of zones.
- To enable this feature, specify a "new-zone-file"
- option at the view or options level in named.conf.
- Zone configuration information for the new zones
- will be written into that file. To make the new
- zones persist after a restart, "include" the file
- into named.conf in the appropriate view. (Note:
- This feature is not yet documented, and its syntax
- is expected to change.) [RT #19447]
-
-2929. [bug] Improved handling of GSS security contexts:
- - added LRU expiration for generated TSIGs
- - added the ability to use a non-default realm
- - added new "realm" keyword in nsupdate
- - limited lifetime of generated keys to 1 hour
- or the lifetime of the context (whichever is
- smaller)
- [RT #19737]
-
-2928. [bug] Be more selective about the non-authoritative
- answer we apply change 2748 to. [RT #21594]
-
-2927. [placeholder]
-
-2926. [placeholder]
-
-2925. [bug] Named failed to accept uncachable negative responses
- from insecure zones. [RT# 21555]
-
-2924. [func] 'rndc secroots' dump a combined summary of the
- current managed keys combined with trusted keys.
- [RT #20904]
-
-2923. [bug] 'dig +trace' could drop core after "connection
- timeout". [RT #21514]
-
-2922. [contrib] Update zkt to version 1.0.
-
-2921. [bug] The resolver could attempt to destroy a fetch context
- too soon. [RT #19878]
-
-2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
- to IPv4 clients. New acl 'filter-aaaa' (default any).
-
-2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.
- [RT #20840]
-
-2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
-
-2917. [func] Virtual time test framework. [RT #20801]
-
-2916. [func] Add framework to use IPv6 in tests.
- fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
-
-2915. [cleanup] Be smarter about which objects we attempt to compile
- based on configure options. [RT #21444]
-
-2914. [bug] Make the "autosign" system test more portable.
- [RT #20997]
-
-2913. [func] Add pkcs#11 system tests. [RT #20784]
-
-2912. [func] Windows clients don't like UPDATE responses that clear
- the zone section. [RT #20986]
-
-2911. [bug] dnssec-signzone didn't handle out of zone records well.
- [RT #21367]
-
-2910. [func] Sanity check Kerberos credentials. [RT #20986]
-
-2909. [bug] named-checkconf -p could die if "update-policy local;"
- was specified in named.conf. [RT #21416]
-
-2908. [bug] It was possible for re-signing to stop after removing
- a DNSKEY. [RT #21384]
-
-2907. [bug] The export version of libdns had undefined references.
- [RT #21444]
-
-2906. [bug] Address RFC 5011 implementation issues. [RT #20903]
-
-2905. [port] aix: set use_atomic=yes with native compiler.
- [RT #21402]
-
-2904. [bug] When using DLV, sub-zones of the zones in the DLV,
- could be incorrectly marked as insecure instead of
- secure leading to negative proofs failing. This was
- a unintended outcome from change 2890. [RT# 21392]
-
-2903. [bug] managed-keys-directory missing from namedconf.c.
- [RT #21370]
-
-2902. [func] Add regression test for change 2897. [RT #21040]
-
-2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
-
-2900. [bug] The placeholder negative caching element was not
- properly constructed triggering a INSIST in
- dns_ncache_towire(). [RT #21346]
-
-2899. [port] win32: Support linking against OpenSSL 1.0.0.
-
-2898. [bug] nslookup leaked memory when -domain=value was
- specified. [RT #21301]
-
-2897. [bug] NSEC3 chains could be left behind when transitioning
- to insecure. [RT #21040]
-
-2896. [bug] "rndc sign" failed to properly update the zone
- when adding a DNSKEY for publication only. [RT #21045]
-
-2895. [func] genrandom: add support for the generation of multiple
- files. [RT #20917]
-
-2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
-
-2893. [bug] Improve managed keys support. New named.conf option
- managed-keys-directory. [RT #20924]
-
-2892. [bug] Handle REVOKED keys better. [RT #20961]
-
-2891. [maint] Update empty-zones list to match
- draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
-
-2890. [bug] Handle the introduction of new trusted-keys and
- DS, DLV RRsets better. [RT #21097]
-
-2889. [bug] Elements of the grammar where not properly reported.
- [RT #21046]
-
-2888. [bug] Only the first EDNS option was displayed. [RT #21273]
-
-2887. [bug] Report the keytag times in UTC in the .key file,
- local time is presented as a comment within the
- comment. [RT #21223]
-
-2886. [bug] ctime() is not thread safe. [RT #21223]
-
-2885. [bug] Improve -fno-strict-aliasing support probing in
- configure. [RT #21080]
-
-2884. [bug] Insufficient validation in dns_name_getlabelsequence().
- [RT #21283]
-
-2883. [bug] 'dig +short' failed to handle really large datasets.
- [RT #21113]
-
-2882. [bug] Remove memory context from list of active contexts
- before clearing 'magic'. [RT #21274]
-
-2881. [bug] Reduce the amount of time the rbtdb write lock
- is held when closing a version. [RT #21198]
-
-2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
- consistent. [RT #21078]
-
-2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
- [RT #21106]
-
-2878. [func] Incrementally write the master file after performing
- a AXFR. [RT #21010]
-
-2877. [bug] The validator failed to skip obviously mismatching
- RRSIGs. [RT #21138]
-
-2876. [bug] Named could return SERVFAIL for negative responses
- from unsigned zones. [RT #21131]
-
-2875. [bug] dns_time64_fromtext() could accept non digits.
- [RT #21033]
-
-2874. [bug] Cache lack of EDNS support only after the server
- successfully responds to the query using plain DNS.
- [RT #20930]
-
-2873. [bug] Canceling a dynamic update via the dns/client module
- could trigger an assertion failure. [RT #21133]
-
-2872. [bug] Modify dns/client.c:dns_client_createx() to only
- require one of IPv4 or IPv6 rather than both.
- [RT #21122]
-
-2871. [bug] Type mismatch in mem_api.c between the definition and
- the header file, causing build failure with
- --enable-exportlib. [RT #21138]
-
-2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
-
-2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
- [RT #20877]
-
-2868. [cleanup] Run "make clean" at the end of configure to ensure
- any changes made by configure are integrated.
- Use --with-make-clean=no to disable. [RT #20994]
-
-2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
- don't like it. [RT #20986]
-
-2866. [bug] Windows does not like the TSIG name being compressed.
- [RT #20986]
-
-2865. [bug] memset to zero event.data. [RT #20986]
-
-2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
- [RT #21050]
-
-2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
- [RT #21056]
-
-2862. [bug] nsupdate didn't default to the parent zone when
- updating DS records. [RT #20896]
-
-2861. [doc] dnssec-settime man pages didn't correctly document the
- inactivation time. [RT #21039]
-
-2860. [bug] named-checkconf's usage was out of date. [RT #21039]
-
-2859. [bug] When canceling validation it was possible to leak
- memory. [RT #20800]
-
-2858. [bug] RTT estimates were not being adjusted on ICMP errors.
- [RT #20772]
-
-2857. [bug] named-checkconf did not fail on a bad trusted key.
- [RT #20705]
-
-2856. [bug] The size of a memory allocation was not always properly
- recorded. [RT #20927]
-
-2855. [func] nsupdate will now preserve the entered case of domain
- names in update requests it sends. [RT #20928]
-
-2854. [func] dig: allow the final soa record in a axfr response to
- be suppressed, dig +onesoa. [RT #20929]
-
-2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
-
-2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
-
-2851. [doc] nslookup.1, removed <informalexample> from the docbook
- source as it produced bad nroff. [RT #21007]
-
-2850. [bug] If isc_heap_insert() failed due to memory shortage
- the heap would have corrupted entries. [RT #20951]
-
-2849. [bug] Don't treat errors from the xml2 library as fatal.
- [RT #20945]
-
-2848. [doc] Moved README.dnssec, README.libdns, README.pkcs11 and
- README.rfc5011 into the ARM. [RT #20899]
-
-2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921]
-
-2846. [bug] EOF on unix domain sockets was not being handled
- correctly. [RT #20731]
-
-2845. [bug] RFC 5011 client could crash on shutdown. [RT #20903]
-
-2844. [doc] notify-delay default in ARM was wrong. It should have
- been five (5) seconds.
-
-2843. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from
- creating key files if there is a chance that the new
- key ID will collide with an existing one after
- either of the keys has been revoked. (To override
- this in the case of dnssec-keyfromlabel, use the -y
- option. dnssec-keygen will simply create a
- different, non-colliding key, so an override is
- not necessary.) [RT #20838]
-
-2842. [func] Added "smartsign" and improved "autosign" and
- "dnssec" regression tests. [RT #20865]
-
-2841. [bug] Change 2836 was not complete. [RT #20883]
-
-2840. [bug] Temporary fixed pkcs11-destroy usage check.
- [RT #20760]
-
-2839. [bug] A KSK revoked by named could not be deleted.
- [RT #20881]
-
-2838. [placeholder]
-
-2837. [port] Prevent Linux spurious warnings about fwrite().
- [RT #20812]
-
-2836. [bug] Keys that were scheduled to become active could
- be delayed. [RT #20874]
-
-2835. [bug] Key inactivity dates were inadvertently stored in
- the private key file with the outdated tag
- "Unpublish" rather than "Inactive". This has been
- fixed; however, any existing keys that had Inactive
- dates set will now need to have them reset, using
- 'dnssec-settime -I'. [RT #20868]
-
-2834. [bug] HMAC-SHA* keys that were longer than the algorithm
- digest length were used incorrectly, leading to
- interoperability problems with other DNS
- implementations. This has been corrected.
- (Note: If an oversize key is in use, and
- compatibility is needed with an older release of
- BIND, the new tool "isc-hmac-fixup" can convert
- the key secret to a form that will work with all
- versions.) [RT #20751]
-
-2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime.
- [RT #20851]
-
-2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
- to avoid redefinition in some OSs [RT 20831]
-
-2831. [security] Do not attempt to validate or cache
- out-of-bailiwick data returned with a secure
- answer; it must be re-fetched from its original
- source and validated in that context. [RT #20819]
-
-2830. [bug] Changing the OPTOUT setting could take multiple
- passes. [RT #20813]
-
-2829. [bug] Fixed potential node inconsistency in rbtdb.c.
- [RT #20808]
-
-2828. [security] Cached CNAME or DNAME RR could be returned to clients
- without DNSSEC validation. [RT #20737]
-
-2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
-
-2826. [bug] NSEC3->NSEC transitions could fail due to a lock not
- being released. [RT #20740]
-
-2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
- was in the process of being created was not properly
- recorded in the zone. [RT #20786]
-
-2824. [bug] "rndc sign" was not being run by the correct task.
- [RT #20759]
-
-2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
-
-2822. [bug] rbtdb.c:loadnode() could return the wrong result.
- [RT #20802]
-
-2821. [doc] Add note that named-checkconf doesn't automatically
- read rndc.key and bind.keys [RT #20758]
-
-2820. [func] Handle read access failure of OpenSSL configuration
- file more user friendly (PKCS#11 engine patch).
- [RT #20668]
-
-2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define.
- [RT #20771]
-
-2818. [cleanup] rndc could return an incorrect error code
- when a zone was not found. [RT #20767]
-
-2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
- [RT #20768]
-
-2816. [bug] previous_closest_nsec() could fail to return
- data for NSEC3 nodes [RT #29730]
-
-2815. [bug] Exclusively lock the task when freezing a zone.
- [RT #19838]
-
-2814. [func] Provide a definitive error message when a master
- zone is not loaded. [RT #20757]
-
-2813. [bug] Better handling of unreadable DNSSEC key files.
- [RT #20710]
-
-2812. [bug] Make sure updates can't result in a zone with
- NSEC-only keys and NSEC3 records. [RT #20748]
-
-2811. [cleanup] Add "rndc sign" to list of commands in rndc usage
- output. [RT #20733]
-
-2810. [doc] Clarified the process of transitioning an NSEC3 zone
- to insecure. [RT #20746]
-
-2809. [cleanup] Restored accidentally-deleted text in usage output
- in dnssec-settime and dnssec-revoke [RT #20739]
-
-2808. [bug] Remove the attempt to install atomic.h from lib/isc.
- atomic.h is correctly installed by the architecture
- specific subdirectories. [RT #20722]
-
-2807. [bug] Fixed a possible ASSERT when reconfiguring zone
- keys. [RT #20720]
-
- --- 9.7.0rc1 released ---
-
-2806. [bug] "rdnc sign" could delay re-signing the DNSKEY
- when it had changed. [RT #20703]
-
-2805. [bug] Fixed namespace problems encountered when building
- external programs using non-exported BIND9 libraries
- (i.e., built without --enable-exportlib). [RT #20679]
-
-2804. [bug] Send notifies when a zone is signed with "rndc sign"
- or as a result of a scheduled key change. [RT #20700]
-
-2803. [port] win32: Install named-journalprint, nsec3hash, arpaname
- and genrandom under windows. [RT #20670]
-
-2802. [cleanup] Rename journalprint to named-journalprint. [RT #20670]
-
-2801. [func] Detect and report records that are different according
- to DNSSEC but are semantically equal according to plain
- DNS. Apply plain DNS comparisons rather than DNSSEC
- comparisons when processing UPDATE requests.
- dnssec-signzone now removes such semantically duplicate
- records prior to signing the RRset.
-
- named-checkzone -r {ignore|warn|fail} (default warn)
- named-compilezone -r {ignore|warn|fail} (default warn)
-
- named.conf: check-dup-records {ignore|warn|fail};
-
-2800. [func] Reject zones which have NS records which refer to
- CNAMEs, DNAMEs or don't have address record (class IN
- only). Reject UPDATEs which would cause the zone
- to fail the above checks if committed. [RT #20678]
-
-2799. [cleanup] Changed the "secure-to-insecure" option to
- "dnssec-secure-to-insecure", and "dnskey-ksk-only"
- to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
-
-2798. [bug] Addressed bugs in managed-keys initialization
- and rollover. [RT #20683]
-
-2797. [bug] Don't decrement the dispatch manager's maxbuffers.
- [RT #20613]
-
-2796. [bug] Missing dns_rdataset_disassociate() call in
- dns_nsec3_delnsec3sx(). [RT #20681]
-
-2795. [cleanup] Add text to differentiate "update with no effect"
- log messages. [RT #18889]
-
-2794. [bug] Install <isc/namespace.h>. [RT #20677]
-
-2793. [func] Add "autosign" and "metadata" tests to the
- automatic tests. [RT #19946]
-
-2792. [func] "filter-aaaa-on-v4" can now be set in view
- options (if compiled in). [RT #20635]
-
-2791. [bug] The installation of isc-config.sh was broken.
- [RT #20667]
-
-2790. [bug] Handle DS queries to stub zones. [RT #20440]
-
-2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
-
-2788. [bug] dnssec-signzone could sign with keys that were
- not requested [RT #20625]
-
-2787. [bug] Spurious log message when zone keys were
- dynamically reconfigured. [RT #20659]
-
-2786. [bug] Additional could be promoted to answer. [RT #20663]
-
- --- 9.7.0b3 released ---
-
-2785. [bug] Revoked keys could fail to self-sign [RT #20652]
-
-2784. [bug] TC was not always being set when required glue was
- dropped. [RT #20655]
-
-2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
- buffer size of 512 or less. [RT #20654]
-
-2782. [port] win32: use getaddrinfo() for hostname lookups.
- [RT #20650]
-
-2781. [bug] Inactive keys could be used for signing. [RT #20649]
-
-2780. [bug] dnssec-keygen -A none didn't properly unset the
- activation date in all cases. [RT #20648]
-
-2779. [bug] Dynamic key revocation could fail. [RT #20644]
-
-2778. [bug] dnssec-signzone could fail when a key was revoked
- without deleting the unrevoked version. [RT #20638]
-
-2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
-
-2776. [bug] Change #2762 was not correct. [RT #20647]
-
-2775. [bug] Accept RSASHA256 and RSASHA512 as NSEC3 compatible
- in dnssec-keyfromlabel. [RT #20643]
-
-2774. [bug] Existing cache DB wasn't being reused after
- reconfiguration. [RT #20629]
-
-2773. [bug] In autosigned zones, the SOA could be signed
- with the KSK. [RT #20628]
-
-2772. [security] When validating, track whether pending data was from
- the additional section or not and only return it if
- validates as secure. [RT #20438]
-
-2771. [bug] dnssec-signzone: DNSKEY records could be
- corrupted when importing from key files [RT #20624]
-
-2770. [cleanup] Add log messages to resolver.c to indicate events
- causing FORMERR responses. [RT #20526]
-
-2769. [cleanup] Change #2742 was incomplete. [RT #19589]
-
-2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568]
-
-2767. [bug] named could crash on startup if a zone was
- configured with auto-dnssec and there was no
- key-directory. [RT #20615]
-
-2766. [bug] isc_socket_fdwatchpoke() should only update the
- socketmgr state if the socket is not pending on a
- read or write. [RT #20603]
-
-2765. [bug] Skip masters for which the TSIG key cannot be found.
- [RT #20595]
-
-2764. [bug] "rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
-
-2763. [bug] "rndc sign" didn't create an NSEC chain. [RT #20591]
-
-2762. [bug] DLV validation failed with a local slave DLV zone.
- [RT #20577]
-
-2761. [cleanup] Enable internal symbol table for backtrace only for
- systems that are known to work. Currently, BSD
- variants, Linux and Solaris are supported. [RT# 20202]
-
-2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
-
-2759. [doc] Add information about .jbk/.jnw files to
- the ARM. [RT #20303]
-
-2758. [bug] win32: Added a workaround for a windows 2008 bug
- that could cause the UDP client handler to shut
- down. [RT #19176]
-
-2757. [bug] dig: assertion failure could occur in connect
- timeout. [RT #20599]
-
-2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597]
-
-2755. [placeholder]
-
-2754. [bug] Secure-to-insecure transitions failed when zone
- was signed with NSEC3. [RT #20587]
-
-2753. [bug] Removed an unnecessary warning that could appear when
- building an NSEC chain. [RT #20589]
-
-2752. [bug] Locking violation. [RT #20587]
-
-2751. [bug] Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]
-
-2750. [bug] dig: assertion failure could occur when a server
- didn't have an address. [RT #20579]
-
-2749. [bug] ixfr-from-differences generated a non-minimal ixfr
- for NSEC3 signed zones. [RT #20452]
-
-2748. [func] Identify bad answers from GTLD servers and treat them
- as referrals. [RT #18884]
-
-2747. [bug] Journal roll forwards failed to set the re-signing
- time of RRSIGs correctly. [RT #20541]
-
-2746. [port] hpux: address signed/unsigned expansion mismatch of
- dns_rbtnode_t.nsec. [RT #20542]
-
-2745. [bug] configure script didn't probe the return type of
- gai_strerror(3) correctly. [RT #20573]
-
-2744. [func] Log if a query was over TCP. [RT #19961]
-
-2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
- for a insecure delegation.
-
- --- 9.7.0b2 released ---
-
-2742. [cleanup] Clarify some DNSSEC-related log messages in
- validator.c. [RT #19589]
-
-2741. [func] Allow the dnssec-keygen progress messages to be
- suppressed (dnssec-keygen -q). Automatically
- suppress the progress messages when stdin is not
- a tty. [RT #20474]
-
-2740. [placeholder]
-
-2739. [cleanup] Clean up API for initializing and clearing trust
- anchors for a view. [RT #20211]
-
-2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system
- test. [RT #20453]
-
-2737. [func] UPDATE requests can leak existence information.
- [RT #17261]
-
-2736. [func] Improve the performance of NSEC signed zones with
- more than a normal amount of glue below a delegation.
- [RT #20191]
-
-2735. [bug] dnssec-signzone could fail to read keys
- that were specified on the command line with
- full paths, but weren't in the current
- directory. [RT #20421]
-
-2734. [port] cygwin: arpaname did not compile. [RT #20473]
-
-2733. [cleanup] Clean up coding style in pkcs11-* tools. [RT #20355]
-
-2732. [func] Add optional filter-aaaa-on-v4 option, available
- if built with './configure --enable-filter-aaaa'.
- Filters out AAAA answers to clients connecting
- via IPv4. (This is NOT recommended for general
- use.) [RT #20339]
-
-2731. [func] Additional work on change 2709. The key parser
- will now ignore unrecognized fields when the
- minor version number of the private key format
- has been increased. It will reject any key with
- the major version number increased. [RT #20310]
-
-2730. [func] Have dnssec-keygen display a progress indication
- a la 'openssl genrsa' on standard error. Note
- when the first '.' is followed by a long stop
- one has the choice between slow generation vs.
- poor random quality, i.e., '-r /dev/urandom'.
- [RT #20284]
-
-2729. [func] When constructing a CNAME from a DNAME use the DNAME
- TTL. [RT #20451]
-
-2728. [bug] dnssec-keygen, dnssec-keyfromlabel and
- dnssec-signzone now warn immediately if asked to
- write into a nonexistent directory. [RT #20278]
-
-2727. [func] The 'key-directory' option can now specify a relative
- path. [RT #20154]
-
-2726. [func] Added support for SHA-2 DNSSEC algorithms,
- RSASHA256 and RSASHA512. [RT #20023]
-
-2725. [doc] Added information about the file "managed-keys.bind"
- to the ARM. [RT #20235]
-
-2724. [bug] Updates to a existing node in secure zone using NSEC
- were failing. [RT #20448]
-
-2723. [bug] isc_base32_totext(), isc_base32hex_totext(), and
- isc_base64_totext(), didn't always mark regions of
- memory as fully consumed after conversion. [RT #20445]
-
-2722. [bug] Ensure that the memory associated with the name of
- a node in a rbt tree is not altered during the life
- of the node. [RT #20431]
-
-2721. [port] Have dst__entropy_status() prime the random number
- generator. [RT #20369]
-
-2720. [bug] RFC 5011 trust anchor updates could trigger an
- assert if the DNSKEY record was unsigned. [RT #20406]
-
-2719. [func] Skip trusted/managed keys for unsupported algorithms.
- [RT #20392]
-
-2718. [bug] The space calculations in opensslrsa_todns() were
- incorrect. [RT #20394]
-
-2717. [bug] named failed to update the NSEC/NSEC3 record when
- the last private type record was removed as a result
- of completing the signing the zone with a key.
- [RT #20399]
-
-2716. [bug] nslookup debug mode didn't return the ttl. [RT #20414]
-
- --- 9.7.0b1 released ---
-
-2715. [bug] Require OpenSSL support to be explicitly disabled.
- [RT #20288]
-
-2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
- flags.
-
-2713. [bug] powerpc: atomic operations missing asm("ics") /
- __isync() calls.
-
-2712. [func] New 'auto-dnssec' zone option allows zone signing
- to be fully automated in zones configured for
- dynamic DNS. 'auto-dnssec allow;' permits a zone
- to be signed by creating keys for it in the
- key-directory and using 'rndc sign <zone>'.
- 'auto-dnssec maintain;' allows that too, plus it
- also keeps the zone's DNSSEC keys up to date
- according to their timing metadata. [RT #19943]
-
-2711. [port] win32: Add the bin/pkcs11 tools into the full
- build. [RT #20372]
-
-2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only'
- zone option cause a zone to be signed with only KSKs
- signing the DNSKEY RRset, not ZSKs. This reduces
- the size of a DNSKEY answer. [RT #20340]
-
-2709. [func] Added some data fields, currently unused, to the
- private key file format, to allow implementation
- of explicit key rollover in a future release
- without impairing backward or forward compatibility.
- [RT #20310]
-
-2708. [func] Insecure to secure and NSEC3 parameter changes via
- update are now fully supported and no longer require
- defines to enable. We now no longer overload the
- NSEC3PARAM flag field, nor the NSEC OPT bit at the
- apex. Secure to insecure changes are controlled by
- by the named.conf option 'secure-to-insecure'.
-
- Warning: If you had previously enabled support by
- adding defines at compile time to BIND 9.6 you should
- ensure that all changes that are in progress have
- completed prior to upgrading to BIND 9.7. BIND 9.7
- is not backwards compatible.
-
-2707. [func] dnssec-keyfromlabel no longer require engine name
- to be specified in the label if there is a default
- engine or the -E option has been used. Also, it
- now uses default algorithms as dnssec-keygen does
- (i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
- [RT #20371]
-
-2706. [bug] Loading a zone with a very large NSEC3 salt could
- trigger an assert. [RT #20368]
-
-2705. [placeholder]
-
-2704. [bug] Serial of dynamic and stub zones could be inconsistent
- with their SOA serial. [RT #19387]
-
-2703. [func] Introduce an OpenSSL "engine" argument with -E
- for all binaries which can take benefit of
- crypto hardware. [RT #20230]
-
-2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
-
-2701. [doc] Correction to ARM: hmac-md5 is no longer the only
- supported TSIG key algorithm. [RT #18046]
-
-2700. [doc] The match-mapped-addresses option is discouraged.
- [RT #12252]
-
-2699. [bug] Missing lock in rbtdb.c. [RT #20037]
-
-2698. [placeholder]
-
-2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
- S_IFREG are defined after including <isc/stat.h>.
- [RT #20309]
-
-2696. [bug] named failed to successfully process some valid
- acl constructs. [RT #20308]
-
-2695. [func] DHCP/DDNS - update fdwatch code for use by
- DHCP. Modify the api to isc_sockfdwatch_t (the
- callback function for isc_socket_fdwatchcreate)
- to include information about the direction (read
- or write) and add isc_socket_fdwatchpoke.
- [RT #20253]
-
-2694. [bug] Reduce default NSEC3 iterations from 100 to 10.
- [RT #19970]
-
-2693. [port] Add some noreturn attributes. [RT #20257]
-
-2692. [port] win32: 32/64 bit cleanups. [RT #20335]
-
-2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3
- chain when re-signing a previously-signed zone.
- Use -u to modify NSEC3 parameters or switch
- between NSEC and NSEC3. [RT #20304]
-
-2690. [bug] win32: fix isc_thread_key_getspecific() prototype.
- [RT #20315]
-
-2689. [bug] Correctly handle snprintf result. [RT #20306]
-
-2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
- to decide to fetch the destination address. [RT #20305]
-
-2687. [bug] Fixed dnssec-signzone -S handling of revoked keys.
- Also, added warnings when revoking a ZSK, as this is
- not defined by protocol (but is legal). [RT #19943]
-
-2686. [bug] dnssec-signzone should clean the old NSEC chain when
- signing with NSEC3 and vice versa. [RT #20301]
-
-2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
-
-2684. [cleanup] dig: formalize +ad and +cd as synonyms for
- +adflag and +cdflag. [RT #19305]
-
-2683. [bug] dnssec-signzone should clean out old NSEC3 chains when
- the NSEC3 parameters used to sign the zone change.
- [RT #20246]
-
-2682. [bug] "configure --enable-symtable=all" failed to
- build. [RT #20282]
-
-2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
- decoded. [RT #20269]
-
-2680. [func] Move contrib/pkcs11-keygen to bin/pkcs11. [RT #20067]
-
-2679. [func] dig -k can now accept TSIG keys in named.conf
- format. [RT #20031]
-
-2678. [func] Treat DS queries as if "minimal-response yes;"
- was set. [RT #20258]
-
-2677. [func] Changes to key metadata behavior:
- - Keys without "publish" or "active" dates set will
- no longer be used for smart signing. However,
- those dates will be set to "now" by default when
- a key is created; to generate a key but not use
- it yet, use dnssec-keygen -G.
- - New "inactive" date (dnssec-keygen/settime -I)
- sets the time when a key is no longer used for
- signing but is still published.
- - The "unpublished" date (-U) is deprecated in
- favor of "deleted" (-D).
- [RT #20247]
-
-2676. [bug] --with-export-installdir should have been
- --with-export-includedir. [RT #20252]
-
-2675. [bug] dnssec-signzone could crash if the key directory
- did not exist. [RT #20232]
-
- --- 9.7.0a3 released ---
-
-2674. [bug] "dnssec-lookaside auto;" crashed if named was built
- without openssl. [RT #20231]
-
-2673. [bug] The managed-keys.bind zone file could fail to
- load due to a spurious result from sync_keyzone()
- [RT #20045]
-
-2672. [bug] Don't enable searching in 'host' when doing reverse
- lookups. [RT #20218]
-
-2671. [bug] Add support for PKCS#11 providers not returning
- the public exponent in RSA private keys
- (OpenCryptoki for instance) in
- dnssec-keyfromlabel. [RT #19294]
-
-2670. [bug] Unexpected connect failures failed to log enough
- information to be useful. [RT #20205]
-
-2669. [func] Update PKCS#11 support to support Keyper HSM.
- Update PKCS#11 patch to be against openssl-0.9.8i.
-
-2668. [func] Several improvements to dnssec-* tools, including:
- - dnssec-keygen and dnssec-settime can now set key
- metadata fields 0 (to unset a value, use "none")
- - dnssec-revoke sets the revocation date in
- addition to the revoke bit
- - dnssec-settime can now print individual metadata
- fields instead of always printing all of them,
- and can print them in unix epoch time format for
- use by scripts
- [RT #19942]
-
-2667. [func] Add support for logging stack backtrace on assertion
- failure (not available for all platforms). [RT #19780]
-
-2666. [func] Added an 'options' argument to dns_name_fromstring()
- (API change from 9.7.0a2). [RT #20196]
-
-2665. [func] Clarify syntax for managed-keys {} statement, add
- ARM documentation about RFC 5011 support. [RT #19874]
-
-2664. [bug] create_keydata() and minimal_update() in zone.c
- didn't properly check return values for some
- functions. [RT #19956]
-
-2663. [func] win32: allow named to run as a service using
- "NT AUTHORITY\LocalService" as the account. [RT #19977]
-
-2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
- returned a misleading error code when lwresd was
- down. [RT #20028]
-
-2661. [bug] Check whether socket fd exceeds FD_SETSIZE when
- creating lwres context. [RT #20029]
-
-2660. [func] Add a new set of DNS libraries for non-BIND9
- applications. See README.libdns. [RT #19369]
-
-2659. [doc] Clarify dnssec-keygen doc: key name must match zone
- name for DNSSEC keys. [RT #19938]
-
-2658. [bug] dnssec-settime and dnssec-revoke didn't process
- key file paths correctly. [RT #20078]
-
-2657. [cleanup] Lower "journal file <path> does not exist, creating it"
- log level to debug 1. [RT #20058]
-
-2656. [func] win32: add a "tools only" check box to the installer
- which causes it to only install dig, host, nslookup,
- nsupdate and relevant DLLs. [RT #19998]
-
-2655. [doc] Document that key-directory does not affect
- bind.keys, rndc.key or session.key. [RT #20155]
-
-2654. [bug] Improve error reporting on duplicated names for
- deny-answer-xxx. [RT #20164]
-
-2653. [bug] Treat ENGINE_load_private_key() failures as key
- not found rather than out of memory. [RT #18033]
-
-2652. [func] Provide more detail about what record is being
- deleted. [RT #20061]
-
-2651. [bug] Dates could print incorrectly in K*.key files on
- 64-bit systems. [RT #20076]
-
-2650. [bug] Assertion failure in dnssec-signzone when trying
- to read keyset-* files. [RT #20075]
-
-2649. [bug] Set the domain for forward only zones. [RT #19944]
-
-2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
-
-2647. [bug] Remove unnecessary SOA updates when a new KSK is
- added. [RT #19913]
-
-2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
-
-2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
- which default to 64 bits. [RT #19927]
-
- --- 9.7.0a2 released ---
-
-2644. [bug] Change #2628 caused a regression on some systems;
- named was unable to write the PID file and would
- fail on startup. [RT #20001]
-
-2643. [bug] Stub zones interacted badly with NSEC3 support.
- [RT #19777]
-
-2642. [bug] nsupdate could dump core on solaris when reading
- improperly formatted key files. [RT #20015]
-
-2641. [bug] Fixed an error in parsing update-policy syntax,
- added a regression test to check it. [RT #20007]
-
-2640. [security] A specially crafted update packet will cause named
- to exit. [RT #20000]
-
-2639. [bug] Silence compiler warnings in gssapi code. [RT #19954]
-
-2638. [bug] Install arpaname. [RT #19957]
-
-2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
- [RT #19959]
-
-2636. [func] Simplify zone signing and key maintenance with the
- dnssec-* tools. Major changes:
- - all dnssec-* tools now take a -K option to
- specify a directory in which key files will be
- stored
- - DNSSEC can now store metadata indicating when
- they are scheduled to be published, activated,
- revoked or removed; these values can be set by
- dnssec-keygen or overwritten by the new
- dnssec-settime command
- - dnssec-signzone -S (for "smart") option reads key
- metadata and uses it to determine automatically
- which keys to publish to the zone, use for
- signing, revoke, or remove from the zone
- [RT #19816]
-
-2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
- [RT #19716]
-
-2634. [port] win32: Add support for libxml2, enable
- statschannel. [RT #19773]
-
-2633. [bug] Handle 15 bit rand() functions. [RT #19783]
-
-2632. [func] util/kit.sh: warn if documentation appears to be out of
- date. [RT #19922]
-
-2631. [bug] Handle "//", "/./" and "/../" in mkdirpath().
- [RT #19926 ]
-
-2630. [func] Improved syntax for DDNS autoconfiguration: use
- "update-policy local;" to switch on local DDNS in a
- zone. (The "ddns-autoconf" option has been removed.)
- [RT #19875]
-
-2629. [port] Check for seteuid()/setegid(), use setresuid()/
- setresgid() if not present. [RT #19932]
-
-2628. [port] linux: Allow /var/run/named/named.pid to be opened
- at startup with reduced capabilities in operation.
- [RT #19884]
-
-2627. [bug] Named aborted if the same key was included in
- trusted-keys more than once. [RT #19918]
-
-2626. [bug] Multiple trusted-keys could trigger an assertion
- failure. [RT #19914]
-
-2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
-
-2624. [func] 'named-checkconf -p' will print out the parsed
- configuration. [RT #18871]
-
-2623. [bug] Named started searches for DS non-optimally. [RT #19915]
-
-2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
-
-2621. [doc] Made copyright boilerplate consistent. [RT #19833]
-
-2620. [bug] Delay thawing the zone until the reload of it has
- completed successfully. [RT #19750]
-
-2619. [func] Add support for RFC 5011, automatic trust anchor
- maintenance. The new "managed-keys" statement can
- be used in place of "trusted-keys" for zones which
- support this protocol. (Note: this syntax is
- expected to change prior to 9.7.0 final.) [RT #19248]
-
-2618. [bug] The sdb and sdlz db_interator_seek() methods could
- loop infinitely. [RT #19847]
-
-2617. [bug] ifconfig.sh failed to emit an error message when
- run from the wrong location. [RT #19375]
-
-2616. [bug] 'host' used the nameservers from resolv.conf even
- when a explicit nameserver was specified. [RT #19852]
-
-2615. [bug] "__attribute__((unused))" was in the wrong place
- for ia64 gcc builds. [RT #19854]
-
-2614. [port] win32: 'named -v' should automatically be executed
- in the foreground. [RT #19844]
-
-2613. [placeholder]
-
- --- 9.7.0a1 released ---
-
-2612. [func] Add default values for the arguments to
- dnssec-keygen. Without arguments, it will now
- generate a 1024-bit RSASHA1 zone-signing key,
- or with the -f KSK option, a 2048-bit RSASHA1
- key-signing key. [RT #19300]
-
-2611. [func] Add -l option to dnssec-dsfromkey to generate
- DLV records instead of DS records. [RT #19300]
-
-2610. [port] sunos: Change #2363 was not complete. [RT #19796]
-
-2609. [func] Simplify the configuration of dynamic zones:
- - add ddns-confgen command to generate
- configuration text for named.conf
- - add zone option "ddns-autoconf yes;", which
- causes named to generate a TSIG session key
- and allow updates to the zone using that key
- - add '-l' (localhost) option to nsupdate, which
- causes nsupdate to connect to a locally-running
- named process using the session key generated
- by named
- [RT #19284]
-
-2608. [func] Perform post signing verification checks in
- dnssec-signzone. These can be disabled with -P.
-
- The post sign verification test ensures that for each
- algorithm in use there is at least one non revoked
- self signed KSK key. That all revoked KSK keys are
- self signed. That all records in the zone are signed
- by the algorithm. [RT #19653]
-
-2607. [bug] named could incorrectly delete NSEC3 records for
- empty nodes when processing a update request.
- [RT #19749]
-
-2606. [bug] "delegation-only" was not being accepted in
- delegation-only type zones. [RT #19717]
-
-2605. [bug] Accept DS responses from delegation only zones.
- [RT # 19296]
-
-2604. [func] Add support for DNS rebinding attack prevention through
- new options, deny-answer-addresses and
- deny-answer-aliases. Based on contributed code from
- JD Nurmi, Google. [RT #18192]
-
-2603. [port] win32: handle .exe extension of named-checkzone and
- named-comilezone argv[0] names under windows.
- [RT #19767]
-
-2602. [port] win32: fix debugging command line build of libisccfg.
- [RT #19767]
-
-2601. [doc] Mention file creation mode mask in the
- named manual page.
-
-2600. [doc] ARM: miscellaneous reformatting for different
- page widths. [RT #19574]
-
-2599. [bug] Address rapid memory growth when validation fails.
- [RT #19654]
-
-2598. [func] Reserve the -F flag. [RT #19657]
-
-2597. [bug] Handle a validation failure with a insecure delegation
- from a NSEC3 signed master/slave zone. [RT #19464]
-
-2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
- long, leading to inefficient memory usage or rejecting
- newer cache entries in the worst case. [RT #19563]
-
-2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
-
-2594. [func] Have rndc warn if using its default configuration
- file when the key file also exists. [RT #19424]
-
-2593. [bug] Improve a corner source of SERVFAILs [RT #19632]
-
-2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
-
-2591. [bug] named could die when processing a update in
- removed_orphaned_ds(). [RT #19507]
-
-2590. [func] Report zone/class of "update with no effect".
- [RT #19542]
-
-2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
- [RT #19626]
-
-2588. [bug] SO_REUSEADDR could be set unconditionally after failure
- of bind(2) call. This should be rare and mostly
- harmless, but may cause interference with other
- processes that happen to use the same port. [RT #19642]
-
-2587. [func] Improve logging by reporting serial numbers for
- when zone serial has gone backwards or unchanged.
- [RT #19506]
-
-2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
- or SDB. [RT #19577]
-
-2585. [bug] Uninitialized socket name could be referenced via a
- statistics channel, triggering an assertion failure in
- XML rendering. [RT #19427]
-
-2584. [bug] alpha: gcc optimization could break atomic operations.
- [RT #19227]
-
-2583. [port] netbsd: provide a control to not add the compile
- date to the version string, -DNO_VERSION_DATE.
-
-2582. [bug] Don't emit warning log message when we attempt to
- remove non-existent journal. [RT #19516]
-
-2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
- Requires MySQL 5.0.19 or later. [RT #19084]
-
-2580. [bug] UpdateRej statistics counter could be incremented twice
- for one rejection. [RT #19476]
-
-2579. [bug] DNSSEC lookaside validation failed to handle unknown
- algorithms. [RT #19479]
-
-2578. [bug] Changed default sig-signing-type to 65534, because
- 65535 turns out to be reserved. [RT #19477]
-
-2577. [doc] Clarified some statistics counters. [RT #19454]
-
-2576. [bug] NSEC record were not being correctly signed when
- a zone transitions from insecure to secure.
- Handle such incorrectly signed zones. [RT #19114]
-
-2575. [func] New functions dns_name_fromstring() and
- dns_name_tostring(), to simplify conversion
- of a string to a dns_name structure and vice
- versa. [RT #19451]
-
-2574. [doc] Document nsupdate -g and -o. [RT #19351]
-
-2573. [bug] Replacing a non-CNAME record with a CNAME record in a
- single transaction in a signed zone failed. [RT #19397]
-
-2572. [func] Simplify DLV configuration, with a new option
- "dnssec-lookaside auto;" This is the equivalent
- of "dnssec-lookaside . trust-anchor dlv.isc.org;"
- plus setting a trusted-key for dlv.isc.org.
-
- Note: The trusted key is hard-coded into named,
- but is also stored in (and can be overridden
- by) $sysconfdir/bind.keys. As the ISC DLV key
- rolls over it can be kept up to date by replacing
- the bind.keys file with a key downloaded from
- https://www.isc.org/solutions/dlv. [RT #18685]
-
-2571. [func] Add a new tool "arpaname" which translates IP addresses
- to the corresponding IN-ADDR.ARPA or IP6.ARPA name.
- [RT #18976]
-
-2570. [func] Log the destination address the query was sent to.
- [RT #19209]
-
-2569. [func] Move journalprint, nsec3hash, and genrandom
- commands from bin/tests into bin/tools;
- "make install" will put them in $sbindir. [RT #19301]
-
-2568. [bug] Report when the write to indicate a otherwise
- successful start fails. [RT #19360]
-
-2567. [bug] dst__privstruct_writefile() could miss write errors.
- write_public_key() could miss write errors.
- dnssec-dsfromkey could miss write errors.
- [RT #19360]
-
-2566. [cleanup] Clarify logged message when an insecure DNSSEC
- response arrives from a zone thought to be secure:
- "insecurity proof failed" instead of "not
- insecure". [RT #19400]
-
-2565. [func] Add support for HIP record. Includes new functions
- dns_rdata_hip_first(), dns_rdata_hip_next()
- and dns_rdata_hip_current(). [RT #19384]
-
-2564. [bug] Only take EDNS fallback steps when processing timeouts.
- [RT #19405]
-
-2563. [bug] Dig could leak a socket causing it to wait forever
- to exit. [RT #19359]
-
-2562. [doc] ARM: miscellaneous improvements, reorganization,
- and some new content.
-
-2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
-
-2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
-
-2559. [bug] dnssec-dsfromkey could compute bad DS records when
- reading from a K* files. [RT #19357]
-
-2558. [func] Set the ownership of missing directories created
- for pid-file if -u has been specified on the command
- line. [RT #19328]
-
-2557. [cleanup] PCI compliance:
- * new libisc log module file
- * isc_dir_chroot() now also changes the working
- directory to "/".
- * additional INSISTs
- * additional logging when files can't be removed.
-
-2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
- error checks in the correct order resulting in the
- wrong error code sometimes being returned. [RT #19249]
-
-2555. [func] dig: when emitting a hex dump also display the
- corresponding characters. [RT #19258]
-
-2554. [bug] Validation of uppercase queries from NSEC3 zones could
- fail. [RT #19297]
-
-2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
-
-2552. [bug] zero-no-soa-ttl-cache was not being honored.
- [RT #19340]
-
-2551. [bug] Potential Reference leak on return. [RT #19341]
-
-2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
- [RT #19343]
-
-2549. [port] linux: define NR_OPEN if not currently defined.
- [RT #19344]
-
-2548. [bug] Install iterated_hash.h. [RT #19335]
-
-2547. [bug] openssl_link.c:mem_realloc() could reference an
- out-of-range area of the source buffer. New public
- function isc_mem_reallocate() was introduced to address
- this bug. [RT #19313]
-
-2546. [func] Add --enable-openssl-hash configure flag to use
- OpenSSL (in place of internal routine) for hash
- functions (MD5, SHA[12] and HMAC). [RT #18815]
-
-2545. [doc] ARM: Legal hostname checking (check-names) is
- for SRV RDATA too. [RT #19304]
-
-2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
-
-2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
-
-2542. [doc] Update the description of dig +adflag. [RT #19290]
-
-2541. [bug] Conditionally update dispatch manager statistics.
- [RT #19247]
-
-2540. [func] Add a nibble mode to $GENERATE. [RT #18872]
-
-2539. [security] Update the interaction between recursion, allow-query,
- allow-query-cache and allow-recursion. [RT #19198]
-
-2538. [bug] cache/ADB memory could grow over max-cache-size,
- especially with threads and smaller max-cache-size
- values. [RT #19240]
-
-2537. [func] Added more statistics counters including those on socket
- I/O events and query RTT histograms. [RT #18802]
-
-2536. [cleanup] Silence some warnings when -Werror=format-security is
- specified. [RT #19083]
-
-2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
-
-2534. [func] Check NAPTR records regular expressions and
- replacement strings to ensure they are syntactically
- valid and consistent. [RT #18168]
-
-2533. [doc] ARM: document @ (at-sign). [RT #17144]
-
-2532. [bug] dig: check the question section of the response to
- see if it matches the asked question. [RT #18495]
-
-2531. [bug] Change #2207 was incomplete. [RT #19098]
-
-2530. [bug] named failed to reject insecure to secure transitions
- via UPDATE. [RT #19101]
-
-2529. [cleanup] Upgrade libtool to silence complaints from recent
- version of autoconf. [RT #18657]
-
-2528. [cleanup] Silence spurious configure warning about
- --datarootdir [RT #19096]
-
-2527. [placeholder]
-
-2526. [func] New named option "attach-cache" that allows multiple
- views to share a single cache to save memory and
- improve lookup efficiency. Based on contributed code
- from Barclay Osborn, Google. [RT #18905]
-
-2525. [func] New logging category "query-errors" to provide detailed
- internal information about query failures, especially
- about server failures. [RT #19027]
-
-2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
-
-2523. [bug] Random type rdata freed by dns_nsec_typepresent().
- [RT #19112]
-
-2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
-
-2521. [bug] Improve epoll cross compilation support. [RT #19047]
-
-2520. [bug] Update xml statistics version number to 2.0 as change
- #2388 made the schema incompatible to the previous
- version. [RT #19080]
-
-2519. [bug] dig/host with -4 or -6 didn't work if more than two
- nameserver addresses of the excluded address family
- preceded in resolv.conf. [RT #19081]
-
-2518. [func] Add support for the new CERT types from RFC 4398.
- [RT #19077]
-
-2517. [bug] dig +trace with -4 or -6 failed when it chose a
- nameserver address of the excluded address type.
- [RT #18843]
-
-2516. [bug] glue sort for responses was performed even when not
- needed. [RT #19039]
-
-2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
- [RT #19063]
-
-2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
- a nameserver of the excluded address family.
- [RT #18848]
-
-2513. [bug] Fix windows cli build. [RT #19062]
-
-2512. [func] Print a summary of the cached records which make up
- the negative response. [RT #18885]
-
-2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
- [RT #18885]
-
-2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
- [RT #19033]
-
-2509. [bug] Specifying a fixed query source port was broken.
- [RT #19051]
-
-2508. [placeholder]
-
-2507. [func] Log the recursion quota values when killing the
- oldest query or refusing to recurse due to quota.
- [RT #19022]
-
-2506. [port] solaris: Check at configure time if
- hack_shutup_pthreadonceinit is needed. [RT #19037]
-
-2505. [port] Treat amd64 similarly to x86_64 when determining
- atomic operation support. [RT #19031]
-
-2504. [bug] Address race condition in the socket code. [RT #18899]
-
-2503. [port] linux: improve compatibility with Linux Standard
- Base. [RT #18793]
-
-2502. [cleanup] isc_radix: Improve compliance with coding style,
- document function in <isc/radix.h>. [RT #18534]
-
-2501. [func] $GENERATE now supports all rdata types. Multi-field
- rdata types need to be quoted. See the ARM for
- details. [RT #18368]
-
-2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
- function. [RT #18582]
-
-2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
- [RT #18837]
-
- --- 9.6.0rc1 released ---
-
-2498. [bug] Removed a bogus function argument used with
- ISC_SOCKET_USE_POLLWATCH: it could cause compiler
- warning or crash named with the debug 1 level
- of logging. [RT #18917]
-
-2497. [bug] Don't add RRSIG bit to NSEC3 bit map for insecure
- delegation.
-
-2496. [bug] Add sanity length checks to NSID option. [RT #18813]
-
-2495. [bug] Tighten RRSIG checks. [RT #18795]
-
-2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
- installed. [RT #18826]
-
-2493. [bug] The linux capabilities code was not correctly cleaning
- up after itself. [RT #18767]
-
-2492. [func] Rndc status now reports the number of cpus discovered
- and the number of worker threads when running
- multi-threaded. [RT #18273]
-
-2491. [func] Attempt to re-use a local port if we are already using
- the port. [RT #18548]
-
-2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
- is cleared when IPV6_V6ONLY is set. [RT #18785]
-
-2489. [port] solaris: Workaround Solaris's kernel bug about
- /dev/poll:
- http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
- Define ISC_SOCKET_USE_POLLWATCH at build time to enable
- this workaround. [RT #18870]
-
-2488. [func] Added a tool, dnssec-dsfromkey, to generate DS records
- from keyset and .key files. [RT #18694]
-
-2487. [bug] Give TCP connections longer to complete. [RT #18675]
-
-2486. [func] The default locations for named.pid and lwresd.pid
- are now /var/run/named/named.pid and
- /var/run/lwresd/lwresd.pid respectively.
-
- This allows the owner of the containing directory
- to be set, for "named -u" support, and allows there
- to be a permanent symbolic link in the path, for
- "named -t" support. [RT #18306]
-
-2485. [bug] Change update's the handling of obscured RRSIG
- records. Not all orphaned DS records were being
- removed. [RT #18828]
-
-2484. [bug] It was possible to trigger a REQUIRE failure when
- adding NSEC3 proofs to the response in
- query_addwildcardproof(). [RT #18828]
-
-2483. [port] win32: chroot() is not supported. [RT #18805]
-
-2482. [port] libxml2: support versions 2.7.* in addition
- to 2.6.*. [RT #18806]
-
- --- 9.6.0b1 released ---
-
-2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
- collisions. [RT #18812]
-
-2480. [bug] named could fail to emit all the required NSEC3
- records. [RT #18812]
-
-2479. [bug] xfrout:covers was not properly initialized. [RT #18801]
-
-2478. [bug] 'addresses' could be used uninitialized in
- configure_forward(). [RT #18800]
-
-2477. [bug] dig: the global option to print the command line is
- +cmd not print_cmd. Update the output to reflect
- this. [RT #17008]
-
-2476. [doc] ARM: improve documentation for max-journal-size and
- ixfr-from-differences. [RT #15909] [RT #18541]
-
-2475. [bug] LRU cache cleanup under overmem condition could purge
- particular entries more aggressively. [RT #17628]
-
-2474. [bug] ACL structures could be allocated with insufficient
- space, causing an array overrun. [RT #18765]
-
-2473. [port] linux: raise the limit on open files to the possible
- maximum value before spawning threads; 'files'
- specified in named.conf doesn't seem to work with
- threads as expected. [RT #18784]
-
-2472. [port] linux: check the number of available cpu's before
- calling chroot as it depends on "/proc". [RT #16923]
-
-2471. [bug] named-checkzone was not reporting missing mandatory
- glue when sibling checks were disabled. [RT #18768]
-
-2470. [bug] Elements of the isc_radix_node_t could be incorrectly
- overwritten. [RT# 18719]
-
-2469. [port] solaris: Work around Solaris's select() limitations.
- [RT #18769]
-
-2468. [bug] Resolver could try unreachable servers multiple times.
- [RT #18739]
-
-2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
-
-2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
- [RT #18302]
-
-2465. [bug] Adb's handling of lame addresses was different
- for IPv4 and IPv6. [RT #18738]
-
-2464. [port] linux: check that a capability is present before
- trying to set it. [RT #18135]
-
-2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
- API and glibc hides parts of the IPv6 Advanced Socket
- API as a result. This is stupid as it breaks how the
- two halves (Basic and Advanced) of the IPv6 Socket API
- were designed to be used but we have to live with it.
- Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
- API. [RT #18388]
-
-2462. [doc] Document -m (enable memory usage debugging)
- option for dig. [RT #18757]
-
-2461. [port] sunos: Change #2363 was not complete. [RT #17513]
-
- --- 9.6.0a1 released ---
-
-2460. [bug] Don't call dns_db_getnsec3parameters() on the cache.
- [RT #18697]
-
-2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
-
-2458. [doc] ARM: update and correction for max-cache-size.
- [RT #18294]
-
-2457. [tuning] max-cache-size is reverted to 0, the previous
- default. It should be safe because expired cache
- entries are also purged. [RT #18684]
-
-2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
- address, regardless of family. They now correctly
- distinguish IPv4 from IPv6. [RT #18559]
-
-2455. [bug] Stop metadata being transferred via axfr/ixfr.
- [RT #18639]
-
-2454. [func] nsupdate: you can now set a default ttl. [RT #18317]
-
-2453. [bug] Remove NULL pointer dereference in dns_journal_print().
- [RT #18316]
-
-2452. [func] Improve bin/test/journalprint. [RT #18316]
-
-2451. [port] solaris: handle runtime linking better. [RT #18356]
-
-2450. [doc] Fix lwresd docbook problem for manual page.
- [RT #18672]
-
-2449. [placeholder]
-
-2448. [func] Add NSEC3 support. [RT #15452]
-
-2447. [cleanup] libbind has been split out as a separate product.
-
-2446. [func] Add a new log message about build options on startup.
- A new command-line option '-V' for named is also
- provided to show this information. [RT# 18645]
-
-2445. [doc] ARM out-of-date on empty reverse zones (list includes
- RFC1918 address, but these are not yet compiled in).
- [RT #18578]
-
-2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
- (clear DF) for UDP responses and requests.
-
-2443. [bug] win32: UDP connect() would not generate an event,
- and so connected UDP sockets would never clean up.
- Fix this by doing an immediate WSAConnect() rather
- than an io completion port type for UDP.
-
-2442. [bug] A lock could be destroyed twice. [RT# 18626]
-
-2441. [bug] isc_radix_insert() could copy radix tree nodes
- incompletely. [RT #18573]
-
-2440. [bug] named-checkconf used an incorrect test to determine
- if an ACL was set to none.
-
-2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
- [RT #18559]
-
-2438. [bug] Timeouts could be logged incorrectly under win32.
-
-2437. [bug] Sockets could be closed too early, leading to
- inconsistent states in the socket module. [RT #18298]
-
-2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
-
-2435. [bug] Fixed an ACL memory leak affecting win32.
-
-2434. [bug] Fixed a minor error-reporting bug in
- lib/isc/win32/socket.c.
-
-2433. [tuning] Set initial timeout to 800ms.
-
-2432. [bug] More Windows socket handling improvements. Stop
- using I/O events and use IO Completion Ports
- throughout. Rewrite the receive path logic to make
- it easier to support multiple simultaneous
- requesters in the future. Add stricter consistency
- checking as a compile-time option (define
- ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
-
-2431. [bug] Acl processing could leak memory. [RT #18323]
-
-2430. [bug] win32: isc_interval_set() could round down to
- zero if the input was less than NS_INTERVAL
- nanoseconds. Round up instead. [RT #18549]
-
-2429. [doc] nsupdate should be in section 1 of the man pages.
- [RT #18283]
-
-2428. [bug] dns_iptable_merge() mishandled merges of negative
- tables. [RT #18409]
-
-2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
- was set. [RT #18528]
-
-2426. [bug] libbind: inet_net_pton() can sometimes return the
- wrong value if excessively large net masks are
- supplied. [RT #18512]
-
-2425. [bug] named didn't detect unavailable query source addresses
- at load time. [RT #18536]
-
-2424. [port] configure now probes for a working epoll
- implementation. Allow the use of kqueue,
- epoll and /dev/poll to be selected at compile
- time. [RT #18277]
-
-2423. [security] Randomize server selection on queries, so as to
- make forgery a little more difficult. Instead of
- always preferring the server with the lowest RTT,
- pick a server with RTT within the same 128
- millisecond band. [RT #18441]
-
-2422. [bug] Handle the special return value of a empty node as
- if it was a NXRRSET in the validator. [RT #18447]
-
-2421. [func] Add new command line option '-S' for named to specify
- the max number of sockets. [RT #18493]
- Use caution: this option may not work for some
- operating systems without rebuilding named.
-
-2420. [bug] Windows socket handling cleanup. Let the io
- completion event send out canceled read/write
- done events, which keeps us from writing to memory
- we no longer have ownership of. Add debugging
- socket_log() function. Rework TCP socket handling
- to not leak sockets.
-
-2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
- should not be used for isc_sockettype_fdwatch sockets.
- [RT #18521]
-
-2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
- [RT #18430]
-
-2417. [bug] Connecting UDP sockets for outgoing queries could
- unexpectedly fail with an 'address already in use'
- error. [RT #18411]
-
-2416. [func] Log file descriptors that cause exceeding the
- internal maximum. [RT #18460]
-
-2415. [bug] 'rndc dumpdb' could trigger various assertion failures
- in rbtdb.c. [RT #18455]
-
-2414. [bug] A masterdump context held the database lock too long,
- causing various troubles such as dead lock and
- recursive lock acquisition. [RT #18311, #18456]
-
-2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
-
-2412. [bug] win32: address a resource leak. [RT #18374]
-
-2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
- for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
- at compilation time. [RT #18433]
-
- Note: with changes #2469 and #2421 above, there is no
- need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
- any more.
-
-2410. [bug] Correctly delete m_versionInfo. [RT #18432]
-
-2409. [bug] Only log that we disabled EDNS processing if we were
- subsequently successful. [RT #18029]
-
-2408. [bug] A duplicate TCP dispatch event could be sent, which
- could then trigger an assertion failure in
- resquery_response(). [RT #18275]
-
-2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
-
-2406. [placeholder]
-
-2405. [cleanup] The default value for dnssec-validation was changed to
- "yes" in 9.5.0-P1 and all subsequent releases; this
- was inadvertently omitted from CHANGES at the time.
-
-2404. [port] hpux: files unlimited support.
-
-2403. [bug] TSIG context leak. [RT #18341]
-
-2402. [port] Support Solaris 2.11 and over. [RT #18362]
-
-2401. [bug] Expect to get E[MN]FILE errno internal_accept()
- (from accept() or fcntl() system calls). [RT #18358]
-
-2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
- [RT #18297]
-
-2399. [placeholder]
-
-2398. [bug] Improve file descriptor management. New,
- temporary, named.conf option reserved-sockets,
- default 512. [RT #18344]
-
-2397. [bug] gssapi_functions had too many elements. [RT #18355]
-
-2396. [bug] Don't set SO_REUSEADDR for randomized ports.
- [RT #18336]
-
-2395. [port] Avoid warning and no effect from "files unlimited"
- on Linux when running as root. [RT #18335]
-
-2394. [bug] Default configuration options set the limit for
- open files to 'unlimited' as described in the
- documentation. [RT #18331]
-
-2393. [bug] nested acls containing keys could trigger an
- assertion in acl.c. [RT #18166]
-
-2392. [bug] remove 'grep -q' from acl test script, some platforms
- don't support it. [RT #18253]
-
-2391. [port] hpux: cover additional recvmsg() error codes.
- [RT #18301]
-
-2390. [bug] dispatch.c could make a false warning on 'odd socket'.
- [RT #18301].
-
-2389. [bug] Move the "working directory writable" check to after
- the ns_os_changeuser() call. [RT #18326]
-
-2388. [bug] Avoid using tables for layout purposes in
- statistics XSL [RT #18159].
-
-2387. [bug] Silence compiler warnings in lib/isc/radix.c.
- [RT #18147] [RT #18258]
-
-2386. [func] Add warning about too small 'open files' limit.
- [RT #18269]
-
-2385. [bug] A condition variable in socket.c could leak in
- rare error handling [RT #17968].
-
-2384. [security] Fully randomize UDP query ports to improve
- forgery resilience. [RT #17949, #18098]
-
-2383. [bug] named could double queries when they resulted in
- SERVFAIL due to overkilling EDNS0 failure detection.
- [RT #18182]
-
-2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
- to ARM.
-
-2381. [port] dlz/mysql: support multiple install layouts for
- mysql. <prefix>/include/{,mysql/}mysql.h and
- <prefix>/lib/{,mysql/}. [RT #18152]
-
-2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
- proofs which, in turn, caused validation failures
- for insecure zones immediately below a secure zone
- the server was authoritative for. [RT #18112]
-
-2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
- TLDs and supported RRs with TTLs [RT #17972]
-
-2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
- [RT #18169]
-
-2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
-
-2376. [bug] Change #2144 was not complete.
-
-2375. [placeholder]
-
-2374. [bug] "blackhole" ACLs could cause named to segfault due
- to some uninitialized memory. [RT #18095]
-
-2373. [bug] Default values of zone ACLs were re-parsed each time a
- new zone was configured, causing an overconsumption
- of memory. [RT #18092]
-
-2372. [bug] Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
-
-2371. [doc] Add +nsid option to dig man page. [RT #18039]
-
-2370. [bug] "rndc freeze" could trigger an assertion in named
- when called on a nonexistent zone. [RT #18050]
-
-2369. [bug] libbind: Array bounds overrun on read in bitncmp().
- [RT #18054]
-
-2368. [port] Linux: use libcap for capability management if
- possible. [RT# 18026]
-
-2367. [bug] Improve counting of dns_resstatscounter_retry
- [RT #18030]
-
-2366. [bug] Adb shutdown race. [RT #18021]
-
-2365. [bug] Fix a bug that caused dns_acl_isany() to return
- spurious results. [RT #18000]
-
-2364. [bug] named could trigger a assertion when serving a
- malformed signed zone. [RT #17828]
-
-2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
- [RT #17513]
-
-2362. [cleanup] Make "rrset-order fixed" a compile-time option.
- settable by "./configure --enable-fixed-rrset".
- Disabled by default. [RT #17977]
-
-2361. [bug] "recursion" statistics counter could be counted
- multiple times for a single query. [RT #17990]
-
-2360. [bug] Fix a condition where we release a database version
- (which may acquire a lock) while holding the lock.
-
-2359. [bug] Fix NSID bug. [RT #17942]
-
-2358. [doc] Update host's default query description. [RT #17934]
-
-2357. [port] Don't use OpenSSL's engine support in versions before
- OpenSSL 0.9.7f. [RT #17922]
-
-2356. [bug] Built in mutex profiler was not scalable enough.
- [RT #17436]
-
-2355. [func] Extend the number statistics counters available.
- [RT #17590]
-
-2354. [bug] Failed to initialize some rdatasetheader_t elements.
- [RT #17927]
-
-2353. [func] Add support for Name Server ID (RFC 5001).
- 'dig +nsid' requests NSID from server.
- 'request-nsid yes;' causes recursive server to send
- NSID requests to upstream servers. Server responds
- to NSID requests with the string configured by
- 'server-id' option. [RT #17091]
-
-2352. [bug] Various GSS_API fixups. [RT #17729]
-
-2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
-
-2350. [port] win32: IPv6 support. [RT #17797]
-
-2349. [func] Provide incremental re-signing support for secure
- dynamic zones. [RT #1091]
-
-2348. [func] Use the EVP interface to OpenSSL. Add PKCS#11 support.
- Documentation is in the new README.pkcs11 file.
- New tool, dnssec-keyfromlabel, which takes the
- label of a key pair in a HSM and constructs a DNS
- key pair for use by named and dnssec-signzone.
- [RT #16844]
-
-2347. [bug] Delete now traverses the RB tree in the canonical
- order. [RT #17451]
-
-2346. [func] Memory statistics now cover all active memory contexts
- in increased detail. [RT #17580]
-
-2345. [bug] named-checkconf failed to detect when forwarders
- were set at both the options/view level and in
- a root zone. [RT #17671]
-
-2344. [bug] Improve "logging{ file ...; };" documentation.
- [RT #17888]
-
-2343. [bug] (Seemingly) duplicate IPv6 entries could be
- created in ADB. [RT #17837]
-
-2342. [func] Use getifaddrs() if available under Linux. [RT #17224]
-
-2341. [bug] libbind: add missing -I../include for off source
- tree builds. [RT #17606]
-
-2340. [port] openbsd: interface configuration. [RT #17700]
-
-2339. [port] tru64: support for libbind. [RT #17589]
-
-2338. [bug] check_ds() could be called with a non DS rdataset.
- [RT #17598]
-
-2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
-
-2336. [func] If "named -6" is specified then listen on all IPv6
- interfaces if there are not listen-on-v6 clauses in
- named.conf. [RT #17581]
-
-2335. [port] sunos: libbind and *printf() support for long long.
- [RT #17513]
-
-2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
- bug in fromstruct_txt(). [RT #17609]
-
-2333. [bug] Fix off by one error in isc_time_nowplusinterval().
- [RT #17608]
-
-2332. [contrib] query-loc-0.4.0. [RT #17602]
-
-2331. [bug] Failure to regenerate any signatures was not being
- reported nor being past back to the UPDATE client.
- [RT #17570]
-
-2330. [bug] Remove potential race condition when handling
- over memory events. [RT #17572]
-
- WARNING: API CHANGE: over memory callback
- function now needs to call isc_mem_waterack().
- See <isc/mem.h> for details.
-
-2329. [bug] Clearer help text for dig's '-x' and '-i' options.
-
-2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
- F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
- J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
- M.ROOT-SERVERS.NET.
-
-2327. [bug] It was possible to dereference a NULL pointer in
- rbtdb.c. Implement dead node processing in zones as
- we do for caches. [RT #17312]
-
-2326. [bug] It was possible to trigger a INSIST in the acache
- processing.
-
-2325. [port] Linux: use capset() function if available. [RT #17557]
-
-2324. [bug] Fix IPv6 matching against "any;". [RT #17533]
-
-2323. [port] tru64: namespace clash. [RT #17547]
-
-2322. [port] MacOS: work around the limitation of setrlimit()
- for RLIMIT_NOFILE. [RT #17526]
-
-2321. [placeholder]
-
-2320. [func] Make statistics counters thread-safe for platforms
- that support certain atomic operations. [RT #17466]
-
-2319. [bug] Silence Coverity warnings in
- lib/dns/rdata/in_1/apl_42.c. [RT #17469]
-
-2318. [port] sunos fixes for libbind. [RT #17514]
-
-2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
-
-2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
- [RT #17513]
-
-2315. [bug] Used incorrect address family for mapped IPv4
- addresses in acl.c. [RT #17519]
-
-2314. [bug] Uninitialized memory use on error path in
- bin/named/lwdnoop.c. [RT #17476]
-
-2313. [cleanup] Silence Coverity warnings. Handle private stacks.
- [RT #17447] [RT #17478]
-
-2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
- [RT #17458]
-
-2311. [bug] IPv6 addresses could match IPv4 ACL entries and
- vice versa. [RT #17462]
-
-2310. [bug] dig, host, nslookup: flush stdout before emitting
- debug/fatal messages. [RT #17501]
-
-2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
- [RT #17455]
-
-2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
- [RT #17495]
-
-2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
-
-2306. [bug] Remove potential race from lib/dns/resolver.c.
- [RT #17470]
-
-2305. [security] inet_network() buffer overflow. CVE-2008-0122.
-
-2304. [bug] Check returns from all dns_rdata_tostruct() calls.
- [RT #17460]
-
-2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
- [RT #17471]
-
-2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
-
-2301. [bug] Remove resource leak and fix error messages in
- bin/tests/system/lwresd/lwtest.c. [RT #17474]
-
-2300. [bug] Fixed failure to close open file in
- bin/tests/names/t_names.c. [RT #17473]
-
-2299. [bug] Remove unnecessary NULL check in
- bin/nsupdate/nsupdate.c. [RT #17475]
-
-2298. [bug] isc_mutex_lock() failure not caught in
- bin/tests/timers/t_timers.c. [RT #17468]
-
-2297. [bug] isc_entropy_createfilesource() failure not caught in
- bin/tests/dst/t_dst.c. [RT #17467]
-
-2296. [port] Allow docbook stylesheet location to be specified to
- configure. [RT #17457]
-
-2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
- [RT #17459]
-
-2294. [func] Allow the experimental statistics channels to have
- multiple connections and ACL.
- Note: the stats-server and stats-server-v6 options
- available in the previous beta releases are replaced
- with the generic statistics-channels statement.
-
-2293. [func] Add ACL regression test. [RT #17375]
-
-2292. [bug] Log if the working directory is not writable.
- [RT #17312]
-
-2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
- failure to set PR_SET_DUMPABLE. [RT #17312]
-
-2290. [bug] Let AD in the query signal that the client wants AD
- set in the response. [RT #17301]
-
-2289. [func] named-checkzone now reports the out-of-zone CNAME
- found. [RT #17309]
-
-2288. [port] win32: mark service as running when we have finished
- loading. [RT #17441]
-
-2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
-
-2286. [func] Allow a TCP connection to be used as a weak
- authentication method for reverse zones.
- New update-policy methods tcp-self and 6to4-self.
- [RT #17378]
-
-2285. [func] Test framework for client memory context management.
- [RT #17377]
-
-2284. [bug] Memory leak in UPDATE prerequisite processing.
- [RT #17377]
-
-2283. [bug] TSIG keys were not attaching to the memory
- context. TSIG keys should use the rings
- memory context rather than the clients memory
- context. [RT #17377]
-
-2282. [bug] Acl code fixups. [RT #17346] [RT #17374]
-
-2281. [bug] Attempts to use undefined acls were not being logged.
- [RT #17307]
-
-2280. [func] Allow the experimental http server to be reached
- over IPv6 as well as IPv4. [RT #17332]
-
-2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
- to protect applications from receiving spurious
- SIGPIPE signals when using the resolver.
-
-2278. [bug] win32: handle the case where Windows returns no
- search list or DNS suffix. [RT #17354]
-
-2277. [bug] Empty zone names were not correctly being caught at
- in the post parse checks. [RT #17357]
-
-2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
-
-2275. [func] Add support to dig to perform IXFR queries over UDP.
- [RT #17235]
-
-2274. [func] Log zone transfer statistics. [RT #17336]
-
-2273. [bug] Adjust log level to WARNING when saving inconsistent
- stub/slave master and journal files. [RT# 17279]
-
-2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
- [RT #17262]
-
-2271. [bug] Fix a memory leak in http server code [RT #17100]
-
-2270. [bug] dns_db_closeversion() version->writer could be reset
- before it is tested. [RT #17290]
-
-2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
-
-2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
- list.
-
- --- 9.5.0b1 released ---
-
-2267. [bug] Radix tree node_num value could be set incorrectly,
- causing positive ACL matches to look like negative
- ones. [RT #17311]
-
-2266. [bug] client.c:get_clientmctx() returned the same mctx
- once the pool of mctx's was filled. [RT #17218]
-
-2265. [bug] Test that the memory context's basic_table is non NULL
- before freeing. [RT #17265]
-
-2264. [bug] Server prefix length was being ignored. [RT #17308]
-
-2263. [bug] "named-checkconf -z" failed to set default value
- for "check-integrity". [RT #17306]
-
-2262. [bug] Error status from all but the last view could be
- lost. [RT #17292]
-
-2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
-
-2260. [bug] Reported wrong clients-per-query when increasing the
- value. [RT #17236]
-
-2259. [placeholder]
-
- --- 9.5.0a7 released ---
-
-2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
- [RT #17241]
-
-2257. [bug] win32: Use the full path to vcredist_x86.exe when
- calling it. [RT #17222]
-
-2256. [bug] win32: Correctly register the installation location of
- bindevt.dll. [RT #17159]
-
-2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
-
-2254. [bug] timer.c:dispatch() failed to lock timer->lock
- when reading timer->idle allowing it to see
- intermediate values as timer->idle was reset by
- isc_timer_touch(). [RT #17243]
-
-2253. [func] "max-cache-size" defaults to 32M.
- "max-acache-size" defaults to 16M.
-
-2252. [bug] Fixed errors in sortlist code [RT #17216]
-
-2251. [placeholder]
-
-2250. [func] New flag 'memstatistics' to state whether the
- memory statistics file should be written or not.
- Additionally named's -m option will cause the
- statistics file to be written. [RT #17113]
-
-2249. [bug] Only set Authentic Data bit if client requested
- DNSSEC, per RFC 3655 [RT #17175]
-
-2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
-
-2247. [doc] Sort doc/misc/options. [RT #17067]
-
-2246. [bug] Make the startup of test servers (ans.pl) more
- robust. [RT #17147]
-
-2245. [bug] Validating lack of DS records at trust anchors wasn't
- working. [RT #17151]
-
-2244. [func] Allow the check of nameserver names against the
- SOA MNAME field to be disabled by specifying
- 'notify-to-soa yes;'. [RT #17073]
-
-2243. [func] Configuration files without a newline at the end now
- parse without error. [RT #17120]
-
-2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
- library could require a source of random data.
- [RT #17127]
-
-2241. [func] nsupdate: add a interactive 'help' command. [RT #17099]
-
-2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
- a number of INSIST()s into plain fatal() errors
- which report the triggering result code.
- The 'key' command wasn't disabling GSS-TSIG.
- [RT #17099]
-
-2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
-
-2238. [bug] It was possible to trigger a REQUIRE when a
- validation was canceled. [RT #17106]
-
-2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
-
-2236. [bug] dnssec-signzone failed to preserve the case of
- of wildcard owner names. [RT #17085]
-
-2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
-
-2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
-
-2233. [func] Add support for O(1) ACL processing, based on
- radix tree code originally written by Kevin
- Brintnall. [RT #16288]
-
-2232. [bug] dns_adb_findaddrinfo() could fail and return
- ISC_R_SUCCESS. [RT #17137]
-
-2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
- [RT #17088]
-
-2230. [bug] We could INSIST reading a corrupted journal.
- [RT #17132]
-
-2229. [bug] Null pointer dereference on query pool creation
- failure. [RT #17133]
-
-2228. [contrib] contrib: Change 2188 was incomplete.
-
-2227. [cleanup] Tidied up the FAQ. [RT #17121]
-
-2226. [placeholder]
-
-2225. [bug] More support for systems with no IPv4 addresses.
- [RT #17111]
-
-2224. [bug] Defer journal compaction if a xfrin is in progress.
- [RT #17119]
-
-2223. [bug] Make a new journal when compacting. [RT #17119]
-
-2222. [func] named-checkconf now checks server key references.
- [RT #17097]
-
-2221. [bug] Set the event result code to reflect the actual
- record turned to caller when a cache update is
- rejected due to a more credible answer existing.
- [RT #17017]
-
-2220. [bug] win32: Address a race condition in final shutdown of
- the Windows socket code. [RT #17028]
-
-2219. [bug] Apply zone consistency checks to additions, not
- removals, when updating. [RT #17049]
-
-2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
- [RT #16976]
-
-2217. [func] Adjust update log levels. [RT #17092]
-
-2216. [cleanup] Fix a number of errors reported by Coverity.
- [RT #17094]
-
-2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
-
-2214. [bug] Deregister OpenSSL lock callback when cleaning
- up. Reorder OpenSSL cleanup so that RAND_cleanup()
- is called before the locks are destroyed. [RT #17098]
-
-2213. [bug] SIG0 diagnostic failure messages were looking at the
- wrong status code. [RT #17101]
-
-2212. [func] 'host -m' now causes memory statistics and active
- memory to be printed at exit. [RT 17028]
-
-2211. [func] Update "dynamic update temporarily disabled" message.
- [RT #17065]
-
-2210. [bug] Deleting class specific records via UPDATE could
- fail. [RT #17074]
-
-2209. [port] osx: linking against user supplied static OpenSSL
- libraries failed as the system ones were still being
- found. [RT #17078]
-
-2208. [port] win32: make sure both build methods produce the
- same output. [RT #17058]
-
-2207. [port] Some implementations of getaddrinfo() fail to set
- ai_canonname correctly. [RT #17061]
-
- --- 9.5.0a6 released ---
-
-2206. [security] "allow-query-cache" and "allow-recursion" now
- cross inherit from each other.
-
- If allow-query-cache is not set in named.conf then
- allow-recursion is used if set, otherwise allow-query
- is used if set, otherwise the default (localnets;
- localhost;) is used.
-
- If allow-recursion is not set in named.conf then
- allow-query-cache is used if set, otherwise allow-query
- is used if set, otherwise the default (localnets;
- localhost;) is used.
-
- [RT #16987]
-
-2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
-
-2204. [bug] "rndc flushanme name unknown-view" caused named
- to crash. [RT #16984]
-
-2203. [security] Query id generation was cryptographically weak.
- [RT # 16915]
-
-2202. [security] The default acls for allow-query-cache and
- allow-recursion were not being applied. [RT #16960]
-
-2201. [bug] The build failed in a separate object directory.
- [RT #16943]
-
-2200. [bug] The search for cached NSEC records was stopping to
- early leading to excessive DLV queries. [RT #16930]
-
-2199. [bug] win32: don't call WSAStartup() while loading dlls.
- [RT #16911]
-
-2198. [bug] win32: RegCloseKey() could be called when
- RegOpenKeyEx() failed. [RT #16911]
-
-2197. [bug] Add INSIST to catch negative responses which are
- not setting the event result code appropriately.
- [RT #16909]
-
-2196. [port] win32: yield processor while waiting for once to
- to complete. [RT #16958]
-
-2195. [func] dnssec-keygen now defaults to nametype "ZONE"
- when generating DNSKEYs. [RT #16954]
-
-2194. [bug] Close journal before calling 'done' in xfrin.c.
-
- --- 9.5.0a5 released ---
-
-2193. [port] win32: BINDInstall.exe is now linked statically.
- [RT #16906]
-
-2192. [port] win32: use vcredist_x86.exe to install Visual
- Studio's redistributable dlls if building with
- Visual Stdio 2005 or later.
-
-2191. [func] named-checkzone now allows dumping to stdout (-).
- named-checkconf now has -h for help.
- named-checkzone now has -h for help.
- rndc now has -h for help.
- Better handling of '-?' for usage summaries.
- [RT #16707]
-
-2190. [func] Make fallback to plain DNS from EDNS due to timeouts
- more visible. New logging category "edns-disabled".
- [RT #16871]
-
-2189. [bug] Handle socket() returning EINTR. [RT #15949]
-
-2188. [contrib] queryperf: autoconf changes to make the search for
- libresolv or libbind more robust. [RT #16299]
-
-2187. [bug] query_addds(), query_addwildcardproof() and
- query_addnxrrsetnsec() should take a version
- argument. [RT #16368]
-
-2186. [port] cygwin: libbind: check for struct sockaddr_storage
- independently of IPv6. [RT #16482]
-
-2185. [port] sunos: libbind: check for ssize_t, memmove() and
- memchr(). [RT #16463]
-
-2184. [bug] bind9.xsl.h didn't build out of the source tree.
- [RT #16830]
-
-2183. [bug] dnssec-signzone didn't handle offline private keys
- well. [RT #16832]
-
-2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
- could return ISC_R_SUCCESS when they ran out of
- memory. [RT #16365]
-
-2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
-
-2180. [cleanup] Remove bit test from 'compress_test' as they
- are no longer needed. [RT #16497]
-
-2179. [func] 'rndc command zone' will now find 'zone' if it is
- unique to all the views. [RT #16821]
-
-2178. [bug] 'rndc reload' of a slave or stub zone resulted in
- a reference leak. [RT #16867]
-
-2177. [bug] Array bounds overrun on read (rcodetext) at
- debug level 10+. [RT #16798]
-
-2176. [contrib] dbus update to handle race condition during
- initialization (Bugzilla 235809). [RT #16842]
-
-2175. [bug] win32: windows broadcast condition variable support
- was broken. [RT #16592]
-
-2174. [bug] I/O errors should always be fatal when reading
- master files. [RT #16825]
-
-2173. [port] win32: When compiling with MSVS 2005 SP1 we also
- need to ship Microsoft.VC80.MFCLOC.
-
- --- 9.5.0a4 released ---
-
-2172. [bug] query_addsoa() was being called with a non zone db.
- [RT #16834]
-
-2171. [bug] Handle breaks in DNSSEC trust chains where the parent
- servers are not DS aware (DS queries to the parent
- return a referral to the child).
-
-2170. [func] Add acache processing to test suite. [RT #16711]
-
-2169. [bug] host, nslookup: when reporting NXDOMAIN report the
- given name and not the last name searched for.
- [RT #16763]
-
-2168. [bug] nsupdate: in non-interactive mode treat syntax errors
- as fatal errors. [RT #16785]
-
-2167. [bug] When re-using a automatic zone named failed to
- attach it to the new view. [RT #16786]
-
- --- 9.5.0a3 released ---
-
-2166. [bug] When running in batch mode, dig could misinterpret
- a server address as a name to be looked up, causing
- unexpected output. [RT #16743]
-
-2165. [func] Allow the destination address of a query to determine
- if we will answer the query or recurse.
- allow-query-on, allow-recursion-on and
- allow-query-cache-on. [RT #16291]
-
-2164. [bug] The code to determine how named-checkzone /
- named-compilezone was called failed under windows.
- [RT #16764]
-
-2163. [bug] If only one of query-source and query-source-v6
- specified a port the query pools code broke (change
- 2129). [RT #16768]
-
-2162. [func] Allow "rrset-order fixed" to be disabled at compile
- time. [RT #16665]
-
-2161. [bug] Fix which log messages are emitted for 'rndc flush'.
- [RT #16698]
-
-2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
- from getifaddrs(). [RT #16708]
-
- --- 9.5.0a2 released ---
-
-2159. [bug] Array bounds overrun in acache processing. [RT #16710]
-
-2158. [bug] ns_client_isself() failed to initialize key
- leading to a REQUIRE failure. [RT #16688]
-
-2157. [func] dns_db_transfernode() created. [RT #16685]
-
-2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
- resolver.c:validated() and resolver.c:cache_name().
- Fix a memory leak in rbtdb.c:free_noqname().
- Make lookup.c:lookup_find() robust against
- event leaks. [RT #16685]
-
-2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com.
- [RT #16694]
-
-2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
- matched in acls by omitting the scope. [RT #16599]
-
-2153. [bug] nsupdate could leak memory. [RT #16691]
-
-2152. [cleanup] Use sizeof(buf) instead of fixed number in
- dighost.c:get_trusted_key(). [RT #16678]
-
-2151. [bug] Missing newline in usage message for journalprint.
- [RT #16679]
-
-2150. [bug] 'rrset-order cyclic' uniformly distribute the
- starting point for the first response for a given
- RRset. [RT #16655]
-
-2149. [bug] isc_mem_checkdestroyed() failed to abort on
- if there were still active memory contexts.
- [RT #16672]
-
-2148. [func] Add positive logging for rndc commands. [RT #14623]
-
-2147. [bug] libbind: remove potential buffer overflow from
- hmac_link.c. [RT #16437]
-
-2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
- SO_BSDCOMPAT" message. [RT #16641]
-
-2145. [bug] Check DS/DLV digest lengths for known digests.
- [RT #16622]
-
-2144. [cleanup] Suppress logging of SERVFAIL from forwarders.
- [RT #16619]
-
-2143. [bug] We failed to restart the IPv6 client when the
- kernel failed to return the destination the
- packet was sent to. [RT #16613]
-
-2142. [bug] Handle master files with a modification time that
- matches the epoch. [RT# 16612]
-
-2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
- equivalent of LDH checks). [RT #16609]
-
-2140. [bug] libbind: missing unlock on pthread_key_create()
- failures. [RT #16654]
-
-2139. [bug] dns_view_find() was being called with wrong type
- in adb.c. [RT #16670]
-
-2138. [bug] Lock order reversal in resolver.c. [RT #16653]
-
-2137. [port] Mips little endian and/or mips 64 bit are now
- supported for atomic operations. [RT#16648]
-
-2136. [bug] nslookup/host looped if there was no search list
- and the host didn't exist. [RT #16657]
-
-2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
-
-2134. [func] Additional statistics support. [RT #16666]
-
-2133. [port] powerpc: Support both IBM and MacOS Power PC
- assembler syntaxes. [RT #16647]
-
-2132. [bug] Missing unlock on out of memory in
- dns_dispatchmgr_setudp().
-
-2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
-
-2130. [func] Log if CD or DO were set. [RT #16640]
-
-2129. [func] Provide a pool of UDP sockets for queries to be
- made over. See use-queryport-pool, queryport-pool-ports
- and queryport-pool-updateinterval. [RT #16415]
-
-2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
-
-2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
-
-2126. [security] Serialize validation of type ANY responses. [RT #16555]
-
-2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ
- was defined. [RT #16574]
-
-2124. [security] It was possible to dereference a freed fetch
- context. [RT #16584]
-
- --- 9.5.0a1 released ---
-
-2123. [func] Use Doxygen to generate internal documentation.
- [RT #11398]
-
-2122. [func] Experimental http server and statistics support
- for named via xml.
-
-2121. [func] Add a 10 slot dead masters cache (LRU) with a 600
- second timeout. [RT #16553]
-
-2120. [doc] Fix markup on nsupdate man page. [RT #16556]
-
-2119. [compat] libbind: allow res_init() to succeed enough to
- return the default domain even if it was unable
- to allocate memory.
-
-2118. [bug] Handle response with long chains of domain name
- compression pointers which point to other compression
- pointers. [RT #16427]
-
-2117. [bug] DNSSEC fixes: named could fail to cache NSEC records
- which could lead to validation failures. named didn't
- handle negative DS responses that were in the process
- of being validated. Check CNAME bit before accepting
- NODATA proof. To be able to ignore a child NSEC there
- must be SOA (and NS) set in the bitmap. [RT #16399]
-
-2116. [bug] 'rndc reload' could cause the cache to continually
- be cleaned. [RT #16401]
-
-2115. [bug] 'rndc reconfig' could trigger a INSIST if the
- number of masters for a zone was reduced. [RT #16444]
-
-2114. [bug] dig/host/nslookup: searches for names with multiple
- labels were failing. [RT #16447]
-
-2113. [bug] nsupdate: if a zone is specified it should be used
- for server discover. [RT# 16455]
-
-2112. [security] Warn if weak RSA exponent is used. [RT #16460]
-
-2111. [bug] Fix a number of errors reported by Coverity.
- [RT #16507]
-
-2110. [bug] "minimal-responses yes;" interacted badly with BIND 8
- priming queries. [RT #16491]
-
-2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
-
-2108. [func] DHCID support. [RT #16456]
-
-2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
-
-2106. [func] 'rndc status' now reports named's version. [RT #16426]
-
-2105. [func] GSS-TSIG support (RFC 3645).
-
-2104. [port] Fix Solaris SMF error message.
-
-2103. [port] Add /usr/sfw to list of locations for OpenSSL
- under Solaris.
-
-2102. [port] Silence Solaris 10 warnings.
-
-2101. [bug] OpenSSL version checks were not quite right.
- [RT #16476]
-
-2100. [port] win32: copy libeay32.dll to Build\Debug.
- Copy Debug\named-checkzone to Debug\named-compilezone.
-
-2099. [port] win32: more manifest issues.
-
-2098. [bug] Race in rbtdb.c:no_references(), which occasionally
- triggered an INSIST failure about the node lock
- reference. [RT #16411]
-
-2097. [bug] named could reference a destroyed memory context
- after being reloaded / reconfigured. [RT #16428]
-
-2096. [bug] libbind: handle applications that fail to detect
- res_init() failures better.
-
-2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
- net_cidr_ntop_ipv6(). [RT #16388]
-
-2094. [contrib] Update named-bootconf. [RT# 16404]
-
-2093. [bug] named-checkzone -s was broken.
-
-2092. [bug] win32: dig, host, nslookup. Use registry config
- if resolv.conf does not exist or no nameservers
- listed. [RT #15877]
-
-2091. [port] dighost.c: race condition on cleanup. [RT #16417]
-
-2090. [port] win32: Visual C++ 2005 command line manifest support.
- [RT #16417]
-
-2089. [security] Raise the minimum safe OpenSSL versions to
- OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
- prior to these have known security flaws which
- are (potentially) exploitable in named. [RT #16391]
-
-2088. [security] Change the default RSA exponent from 3 to 65537.
- [RT #16391]
-
-2087. [port] libisc failed to compile on OS's w/o a vsnprintf.
- [RT #16382]
-
-2086. [port] libbind: FreeBSD now has get*by*_r() functions.
- [RT #16403]
-
-2085. [doc] win32: added index.html and README to zip. [RT #16201]
-
-2084. [contrib] dbus update for 9.3.3rc2.
-
-2083. [port] win32: Visual C++ 2005 support.
-
-2082. [doc] Document 'cache-file' as a test only option.
-
-2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
- [RT #16360]
-
-2080. [port] libbind: res_init.c did not compile on older versions
- of Solaris. [RT #16363]
-
-2079. [bug] The lame cache was not handling multiple types
- correctly. [RT #16361]
-
-2078. [bug] dnssec-checkzone output style "default" was badly
- named. It is now called "relative". [RT #16326]
-
-2077. [bug] 'dnssec-signzone -O raw' wasn't outputting the
- complete signed zone. [RT #16326]
-
-2076. [bug] Several files were missing #include <config.h>
- causing build failures on OSF. [RT #16341]
-
-2075. [bug] The spillat timer event hander could leak memory.
- [RT #16357]
-
-2074. [bug] dns_request_createvia2(), dns_request_createvia3(),
- dns_request_createraw2() and dns_request_createraw3()
- failed to send multiple UDP requests. [RT #16349]
-
-2073. [bug] Incorrect semantics check for update policy "wildcard".
- [RT #16353]
-
-2072. [bug] We were not generating valid HMAC SHA digests.
- [RT #16320]
-
-2071. [port] Test whether gcc accepts -fno-strict-aliasing.
- [RT #16324]
-
-2070. [bug] The remote address was not always displayed when
- reporting dispatch failures. [RT #16315]
-
-2069. [bug] Cross compiling was not working. [RT #16330]
-
-2068. [cleanup] Lower incremental tuning message to debug 1.
- [RT #16319]
-
-2067. [bug] 'rndc' could close the socket too early triggering
- a INSIST under Windows. [RT #16317]
-
-2066. [security] Handle SIG queries gracefully. [RT #16300]
-
-2065. [bug] libbind: probe for HPUX prototypes for
- endprotoent_r() and endservent_r(). [RT 16313]
-
-2064. [bug] libbind: silence AIX compiler warnings. [RT #16218]
-
-2063. [bug] Change #1955 introduced a bug which caused the first
- 'rndc flush' call to not free memory. [RT #16244]
-
-2062. [bug] 'dig +nssearch' was reusing a buffer before it had
- been returned by the socket code. [RT #16307]
-
-2061. [bug] Accept expired wildcard message reversed. [RT #16296]
-
-2060. [bug] Enabling DLZ support could leave views partially
- configured. [RT #16295]
-
-2059. [bug] Search into cache rbtdb could trigger an INSIST
- failure while cleaning up a stale rdataset.
- [RT #16292]
-
-2058. [bug] Adjust how we calculate rtt estimates in the presence
- of authoritative servers that drop EDNS and/or CD
- requests. Also fallback to EDNS/512 and plain DNS
- faster for zones with less than 3 servers. [RT #16187]
-
-2057. [bug] Make setting "ra" dependent on both allow-query-cache
- and allow-recursion. [RT #16290]
-
-2056. [bug] dig: ixfr= was not being treated case insensitively
- at all times. [RT #15955]
-
-2055. [bug] Missing goto after dropping multicast query.
- [RT #15944]
-
-2054. [port] freebsd: do not explicitly link against -lpthread.
- [RT #16170]
-
-2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220]
-
-2052. [bug] 'rndc' improve connect failed message to report
- the failing address. [RT #15978]
-
-2051. [port] More strtol() fixes. [RT #16249]
-
-2050. [bug] Parsing of NSAP records was not case insensitive.
- [RT #16287]
-
-2049. [bug] Restore SOA before AXFR when falling back from
- a attempted IXFR when transferring in a zone.
- Allow a initial SOA query before attempting
- a AXFR to be requested. [RT #16156]
-
-2048. [bug] It was possible to loop forever when using
- avoid-v4-udp-ports / avoid-v6-udp-ports when
- the OS always returned the same local port.
- [RT #16182]
-
-2047. [bug] Failed to initialize the interface flags to zero.
- [RT #16245]
-
-2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
- cleanup [RT #16247].
-
-2045. [func] Use lock buckets for acache entries to limit memory
- consumption. [RT #16183]
-
-2044. [port] Add support for atomic operations for Itanium.
- [RT #16179]
-
-2043. [port] nsupdate/nslookup: Force the flushing of the prompt
- for interactive sessions. [RT#16148]
-
-2042. [bug] named-checkconf was incorrectly rejecting the
- logging category "config". [RT #16117]
-
-2041. [bug] "configure --with-dlz-bdb=yes" produced a bad
- set of libraries to be linked. [RT #16129]
-
-2040. [bug] rbtdb no_references() could trigger an INSIST
- failure with --enable-atomic. [RT #16022]
-
-2039. [func] Check that all buffers passed to the socket code
- have been retrieved when the socket event is freed.
- [RT #16122]
-
-2038. [bug] dig/nslookup/host was unlinking from wrong list
- when handling errors. [RT #16122]
-
-2037. [func] When unlinking the first or last element in a list
- check that the list head points to the element to
- be unlinked. [RT #15959]
-
-2036. [bug] 'rndc recursing' could cause trigger a REQUIRE.
- [RT #16075]
-
-2035. [func] Make falling back to TCP on UDP refresh failure
- optional. Default "try-tcp-refresh yes;" for BIND 8
- compatibility. [RT #16123]
-
-2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
-
-2033. [bug] We weren't creating multiple client memory contexts
- on demand as expected. [RT #16095]
-
-2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074]
-
-2031. [bug] Emit a error message when "rndc refresh" is called on
- a non slave/stub zone. [RT # 16073]
-
-2030. [bug] We were being overly conservative when disabling
- openssl engine support. [RT #16030]
-
-2029. [bug] host printed out the server multiple times when
- specified on the command line. [RT #15992]
-
-2028. [port] linux: socket.c compatibility for old systems.
- [RT #16015]
-
-2027. [port] libbind: Solaris x86 support. [RT #16020]
-
-2026. [bug] Rate limit the two recursive client exceeded messages.
- [RT #16044]
-
-2025. [func] Update "zone serial unchanged" message. [RT #16026]
-
-2024. [bug] named emitted spurious "zone serial unchanged"
- messages on reload. [RT #16027]
-
-2023. [bug] "make install" should create ${localstatedir}/run and
- ${sysconfdir} if they do not exist. [RT #16033]
-
-2022. [bug] If dnssec validation is disabled only assert CD if
- CD was requested. [RT #16037]
-
-2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037]
-
-2020. [bug] rdataset_setadditional() could leak memory. [RT #16034]
-
-2019. [tuning] Reduce the amount of work performed per quantum
- when cleaning the cache. [RT #15986]
-
-2018. [bug] Checking if the HMAC MD5 private file was broken.
- [RT #15960]
-
-2017. [bug] allow-query default was not correct. [RT #15946]
-
-2016. [bug] Return a partial answer if recursion is not
- allowed but requested and we had the answer
- to the original qname. [RT #15945]
-
-2015. [cleanup] use-additional-cache is now acache-enable for
- consistency. Default acache-enable off in BIND 9.4
- as it requires memory usage to be configured.
- It may be enabled by default in BIND 9.5 once we
- have more experience with it.
-
-2014. [func] Statistics about acache now recorded and sent
- to log. [RT #15976]
-
-2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
- responses more gracefully. [RT #15941]
-
-2012. [func] Don't insert new acache entries if acache is full.
- [RT #15970]
-
-2011. [func] dnssec-signzone can now update the SOA record of
- the signed zone, either as an increment or as the
- system time(). [RT #15633]
-
-2010. [placeholder] rt15958
-
-2009. [bug] libbind: Coverity fixes. [RT #15808]
-
-2008. [func] It is now possible to enable/disable DNSSEC
- validation from rndc. This is useful for the
- mobile hosts where the current connection point
- breaks DNSSEC (firewall/proxy). [RT #15592]
-
- rndc validation newstate [view]
-
-2007. [func] It is now possible to explicitly enable DNSSEC
- validation. default dnssec-validation no; to
- be changed to yes in 9.5.0. [RT #15674]
-
-2006. [security] Allow-query-cache and allow-recursion now default
- to the built in acls "localnets" and "localhost".
-
- This is being done to make caching servers less
- attractive as reflective amplifying targets for
- spoofed traffic. This still leave authoritative
- servers exposed.
-
- The best fix is for full BCP 38 deployment to
- remove spoofed traffic.
-
-2005. [bug] libbind: Retransmission timeouts should be
- based on which attempt it is to the nameserver
- and not the nameserver itself. [RT #13548]
-
-2004. [bug] dns_tsig_sign() could pass a NULL pointer to
- dst_context_destroy() when cleaning up after a
- error. [RT #15835]
-
-2003. [bug] libbind: The DNS name/address lookup functions could
- occasionally follow a random pointer due to
- structures not being completely zeroed. [RT #15806]
-
-2002. [bug] libbind: tighten the constraints on when
- struct addrinfo._ai_pad exists. [RT #15783]
-
-2001. [func] Check the KSK flag when updating a secure dynamic zone.
- New zone option "update-check-ksk yes;". [RT #15817]
-
-2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812]
-
-1999. [func] Implement "rrset-order fixed". [RT #13662]
-
-1998. [bug] Restrict handling of fifos as sockets to just SunOS.
- This allows named to connect to entropy gathering
- daemons that use fifos instead of sockets. [RT #15840]
-
-1997. [bug] Named was failing to replace negative cache entries
- when a positive one for the type was learnt.
- [RT #15818]
-
-1996. [bug] nsupdate: if a zone has been specified it should
- appear in the output of 'show'. [RT #15797]
-
-1995. [bug] 'host' was reporting multiple "is an alias" messages.
- [RT #15702]
-
-1994. [port] OpenSSL 0.9.8 support. [RT #15694]
-
-1993. [bug] Log messages, via syslog, were missing the space
- after the timestamp if "print-time yes" was specified.
- [RT #15844]
-
-1992. [bug] Not all incoming zone transfer messages included the
- view. [RT #15825]
-
-1991. [cleanup] The configuration data, once read, should be treated
- as read only. Expand the use of const to enforce this
- at compile time. [RT #15813]
-
-1990. [bug] libbind: isc's override of broken gettimeofday()
- implementations was not always effective.
- [RT #15709]
-
-1989. [bug] win32: don't check the service password when
- re-installing. [RT #15882]
-
-1988. [bug] Remove a bus error from the SHA256/SHA512 support.
- [RT #15878]
-
-1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
-
-1986. [func] Report when a zone is removed. [RT #15849]
-
-1985. [protocol] DLV has now been assigned a official type code of
- 32769. [RT #15807]
-
- Note: care should be taken to ensure you upgrade
- both named and dnssec-signzone at the same time for
- zones with DLV records where named is the master
- server for the zone. Also any zones that contain
- DLV records should be removed when upgrading a slave
- zone. You do not however have to upgrade all
- servers for a zone with DLV records simultaneously.
-
-1984. [func] dig, nslookup and host now advertise a 4096 byte
- EDNS UDP buffer size by default. [RT #15855]
-
-1983. [func] Two new update policies. "selfsub" and "selfwild".
- [RT #12895]
-
-1982. [bug] DNSKEY was being accepted on the parent side of
- a delegation. KEY is still accepted there for
- RFC 3007 validated updates. [RT #15620]
-
-1981. [bug] win32: condition.c:wait() could fail to reattain
- the mutex lock.
-
-1980. [func] dnssec-signzone: output the SOA record as the
- first record in the signed zone. [RT #15758]
-
-1979. [port] linux: allow named to drop core after changing
- user ids. [RT #15753]
-
-1978. [port] Handle systems which have a broken recvmsg().
- [RT #15742]
-
-1977. [bug] Silence noisy log message. [RT #15704]
-
-1976. [bug] Handle systems with no IPv4 addresses. [RT #15695]
-
-1975. [bug] libbind: isc_gethexstring() could misparse multi-line
- hex strings with comments. [RT #15814]
-
-1974. [doc] List each of the zone types and associated zone
- options separately in the ARM.
-
-1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
- HMACSHA512 support. [RT #13606]
-
-1972. [contrib] DBUS dynamic forwarders integration from
- Jason Vas Dias <jvdias@redhat.com>.
-
-1971. [port] linux: make detection of missing IF_NAMESIZE more
- robust. [RT #15443]
-
-1970. [bug] nsupdate: adjust UDP timeout when falling back to
- unsigned SOA query. [RT #15775]
-
-1969. [bug] win32: the socket code was freeing the socket
- structure too early. [RT #15776]
-
-1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
-
-1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
-
-1966. [bug] Don't set CD when we have fallen back to plain DNS.
- [RT #15727]
-
-1965. [func] Suppress spurious "recursion requested but not
- available" warning with 'dig +qr'. [RT #15780].
-
-1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
-
-1963. [port] Tru64 4.0E doesn't support send() and recv().
- [RT #15586]
-
-1962. [bug] Named failed to clear old update-policy when it
- was removed. [RT #15491]
-
-1961. [bug] Check the port and address of responses forwarded
- to dispatch. [RT #15474]
-
-1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
- [RT #15465]
-
-1959. [func] Control the zeroing of the negative response TTL to
- a soa query. Defaults "zero-no-soa-ttl yes;" and
- "zero-no-soa-ttl-cache no;". [RT #15460]
-
-1958. [bug] Named failed to update the zone's secure state
- until the zone was reloaded. [RT #15412]
-
-1957. [bug] Dig mishandled responses to class ANY queries.
- [RT #15402]
-
-1956. [bug] Improve cross compile support, 'gen' is now built
- by native compiler. See README for additional
- cross compile support information. [RT #15148]
-
-1955. [bug] Pre-allocate the cache cleaning iterator. [RT #14998]
-
-1954. [func] Named now falls back to advertising EDNS with a
- 512 byte receive buffer if the initial EDNS queries
- fail. [RT #14852]
-
-1953. [func] The maximum EDNS UDP response named will send can
- now be set in named.conf (max-udp-size). This is
- independent of the advertised receive buffer
- (edns-udp-size). [RT #14852]
-
-1952. [port] hpux: tell the linker to build a runtime link
- path "-Wl,+b:". [RT #14816].
-
-1951. [security] Drop queries from particular well known ports.
- Don't return FORMERR to queries from particular
- well known ports. [RT #15636]
-
-1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
- a TCP socket. This prevents the source address being
- set for TCP connections. [RT #15628]
-
-1949. [func] Addition memory leakage checks. [RT #15544]
-
-1948. [bug] If was possible to trigger a REQUIRE failure in
- xfrin.c:maybe_free() if named ran out of memory.
- [RT #15568]
-
-1947. [func] It is now possible to configure named to accept
- expired RRSIGs. Default "dnssec-accept-expired no;".
- Setting "dnssec-accept-expired yes;" leaves named
- vulnerable to replay attacks. [RT #14685]
-
-1946. [bug] resume_dslookup() could trigger a REQUIRE failure
- when using forwarders. [RT #15549]
-
-1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
- To generate a RSAMD5 key you must explicitly request
- RSAMD5. [RT #13780]
-
-1944. [cleanup] isc_hash_create() does not need a read/write lock.
- [RT #15522]
-
-1943. [bug] Set the loadtime after rolling forward the journal.
- [RT #15647]
-
-1942. [bug] If the name of a DNSKEY match that of one in
- trusted-keys do not attempt to validate the DNSKEY
- using the parents DS RRset. [RT #15649]
-
-1941. [bug] ncache_adderesult() should set eresult even if no
- rdataset is passed to it. [RT #15642]
-
-1940. [bug] Fixed a number of error conditions reported by
- Coverity.
-
-1939. [bug] The resolver could dereference a null pointer after
- validation if all the queries have timed out.
- [RT #15528]
-
-1938. [bug] The validator was not correctly handling unsecure
- negative responses at or below a SEP. [RT #15528]
-
-1937. [bug] sdlz doesn't handle RRSIG records. [RT #15564]
-
-1936. [bug] The validator could leak memory. [RT #15544]
-
-1935. [bug] 'acache' was DO sensitive. [RT #15430]
-
-1934. [func] Validate pending NS RRsets, in the authority section,
- prior to returning them if it can be done without
- requiring DNSKEYs to be fetched. [RT #15430]
-
-1933. [bug] dump_rdataset_raw() had a incorrect INSIST. [RT #15534]
-
-1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
-
-1931. [bug] Per-client mctx could require a huge amount of memory,
- particularly for a busy caching server. [RT #15519]
-
-1930. [port] HPUX: ia64 support. [RT #15473]
-
-1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
-
-1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
-
-1927. [bug] Access to soanode or nsnode in rbtdb violated the
- lock order rule and could cause a dead lock.
- [RT# 15518]
-
-1926. [bug] The Windows installer did not check for empty
- passwords. BINDinstall was being installed in
- the wrong place. [RT #15483]
-
-1925. [port] All outer level AC_TRY_RUNs need cross compiling
- defaults. [RT #15469]
-
-1924. [port] libbind: hpux ia64 support. [RT #15473]
-
-1923. [bug] ns_client_detach() called too early. [RT #15499]
-
-1922. [bug] check-tool.c:setup_logging() missing call to
- dns_log_setcontext().
-
-1921. [bug] Client memory contexts were not using internal
- malloc. [RT# 15434]
-
-1920. [bug] The cache rbtdb lock array was too small to
- have the desired performance characteristics.
- [RT #15454]
-
-1919. [contrib] queryperf: a set of new features: collecting/printing
- response delays, printing intermediate results, and
- adjusting query rate for the "target" qps.
-
-1918. [bug] Memory leak when checking acls. [RT #15391]
-
-1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
- when generating man pages. [RT #15385]
-
-1916. [func] Integrate contributed IDN code from JPNIC. [RT #15383]
-
-1915. [bug] dig +ndots was broken. [RT #15215]
-
-1914. [protocol] DS is required to accept mnemonic algorithms
- (RFC 4034). Still emit numeric algorithms for
- compatibility with RFC 3658. [RT #15354]
-
-1913. [func] Integrate contributed DLZ code into named. [RT #11382]
-
-1912. [port] aix: atomic locking for powerpc. [RT #15020]
-
-1911. [bug] Update windows socket code. [RT #14965]
-
-1910. [bug] dig's +sigchase code overhauled. [RT #14933]
-
-1909. [bug] The DLV code has been re-worked to make no longer
- query order sensitive. [RT #14933]
-
-1908. [func] dig now warns if 'RA' is not set in the answer when
- 'RD' was set in the query. host/nslookup skip servers
- that fail to set 'RA' when 'RD' is set unless a server
- is explicitly set. [RT #15005]
-
-1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
- [RT #15006]
-
-1906. [func] dig now has a '-q queryname' and '+showsearch' options.
- [RT #15034]
-
-1905. [bug] Strings returned from cfg_obj_asstring() should be
- treated as read-only. The prototype for
- cfg_obj_asstring() has been updated to reflect this.
- [RT #15256]
-
-1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
- friends. Note: RFC 1918 zones are not yet covered by
- this but are likely to be in a future release.
-
- New options: empty-server, empty-contact,
- empty-zones-enable and disable-empty-zone.
-
-1903. [func] ISC string copy API.
-
-1902. [func] Attempt to make the amount of work performed in a
- iteration self tuning. The covers nodes clean from
- the cache per iteration, nodes written to disk when
- rewriting a master file and nodes destroyed per
- iteration when destroying a zone or a cache.
- [RT #14996]
-
-1901. [cleanup] Don't add DNSKEY records to the additional section.
-
-1900. [bug] ixfr-from-differences failed to ensure that the
- serial number increased. [RT #15036]
-
-1899. [func] named-checkconf now validates update-policy entries.
- [RT #14963]
-
-1898. [bug] Extend ISC_SOCKADDR_FORMATSIZE and
- ISC_NETADDR_FORMATSIZE to allow for scope details.
-
-1897. [func] x86 and x86_64 now have separate atomic locking
- implementations.
-
-1896. [bug] Recursive clients soft quota support wasn't working
- as expected. [RT #15103]
-
-1895. [bug] A escaped character is, potentially, converted to
- the output character set too early. [RT #14666]
-
-1894. [doc] Review ARM for BIND 9.4.
-
-1893. [port] Use uintptr_t if available. [RT #14606]
-
-1892. [func] Support for SPF rdata type. [RT #15033]
-
-1891. [port] freebsd: pthread_mutex_init can fail if it runs out
- of memory. [RT #14995]
-
-1890. [func] Raise the UDP receive buffer size to 32k if it is
- less than 32k. [RT #14953]
-
-1889. [port] sunos: non blocking i/o support. [RT #14951]
-
-1888. [func] Support for IPSECKEY rdata type. [RT #14967]
-
-1887. [bug] The cache could delete expired records too fast for
- clients with a virtual time in the past. [RT #14991]
-
-1886. [bug] fctx_create() could return success even though it
- failed. [RT #14993]
-
-1885. [func] dig: report the number of extra bytes still left in
- the packet after processing all the records.
-
-1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>.
-
-1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug
- levels. [RT #14962]
-
-1882. [func] Limit the number of recursive clients that can be
- waiting for a single query (<qname,qtype,qclass>) to
- resolve. New options clients-per-query and
- max-clients-per-query.
-
-1881. [func] Add a system test for named-checkconf. [RT #14931]
-
-1880. [func] The lame cache is now done on a <qname,qclass,qtype>
- basis as some servers only appear to be lame for
- certain query types. [RT #14916]
-
-1879. [func] "USE INTERNAL MALLOC" is now runtime selectable.
- [RT #14892]
-
-1878. [func] Detect duplicates of UDP queries we are recursing on
- and drop them. New stats category "duplicate".
- [RT #2471]
-
-1877. [bug] Fix unreasonably low quantum on call to
- dns_rbt_destroy2(). Remove unnecessary unhash_node()
- call. [RT #14919]
-
-1876. [func] Additional memory debugging support to track size
- and mctx arguments. [RT #14814]
-
-1875. [bug] process_dhtkey() was using the wrong memory context
- to free some memory. [RT #14890]
-
-1874. [port] sunos: portability fixes. [RT #14814]
-
-1873. [port] win32: isc__errno2result() now reports its caller.
- [RT #13753]
-
-1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
-
-1871. [placeholder]
-
-1870. [func] Added framework for handling multiple EDNS versions.
- [RT #14873]
-
-1869. [func] dig can now specify the EDNS version when making
- a query. [RT #14873]
-
-1868. [func] edns-udp-size can now be overridden on a per
- server basis. [RT #14851]
-
-1867. [bug] It was possible to trigger a INSIST in
- dlv_validatezonekey(). [RT #14846]
-
-1866. [bug] resolv.conf parse errors were being ignored by
- dig/host/nslookup. [RT #14841]
-
-1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
- bad addresses. [RT #14841]
-
-1864. [bug] Don't try the alternative transfer source if you
- got a answer / transfer with the main source
- address. [RT #14802]
-
-1863. [bug] rrset-order "fixed" error messages not complete.
-
-1862. [func] Add additional zone data constancy checks.
- named-checkzone has extended checking of NS, MX and
- SRV record and the hosts they reference.
- named has extended post zone load checks.
- New zone options: check-mx and integrity-check.
- [RT #4940]
-
-1861. [bug] dig could trigger a INSIST on certain malformed
- responses. [RT #14801]
-
-1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
- incorrectly set. [RT #14775]
-
-1859. [func] Add support for CH A record. [RT #14695]
-
-1858. [bug] The flush-zones-on-shutdown option wasn't being
- parsed. [RT #14686]
-
-1857. [bug] named could trigger a INSIST() if reconfigured /
- reloaded too fast. [RT #14673]
-
-1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
- [RT #11398]
-
-1855. [bug] ixfr-from-differences was failing to detect changes
- of ttl due to dns_diff_subtract() was ignoring the ttl
- of records. [RT #14616]
-
-1854. [bug] lwres also needs to know the print format for
- (long long). [RT #13754]
-
-1853. [bug] Rework how DLV interacts with proveunsecure().
- [RT #13605]
-
-1852. [cleanup] Remove last vestiges of dnssec-signkey and
- dnssec-makekeyset (removed from Makefile years ago).
-
-1851. [doc] Doxygen comment markup. [RT #11398]
-
-1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
-
-1849. [doc] All forms of the man pages (docbook, man, html) should
- have consistent copyright dates.
-
-1848. [bug] Improve SMF integration. [RT #13238]
-
-1847. [bug] isc_ondestroy_init() is called too late in
- dns_rbtdb_create()/dns_rbtdb64_create().
- [RT #13661]
-
-1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
- <bortzmeyer@nic.fr>.
-
-1845. [bug] Improve error reporting to distinguish between
- accept()/fcntl() and socket()/fcntl() errors.
- [RT #13745]
-
-1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
- for each 16 bit piece of the IPv6 address. The text
- representation of a IPv6 address has been tightened
- to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
- [RT #5662]
-
-1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps
- when CFLAGS contains "-I /usr/local/include"
- resulting in old header files being used.
-
-1842. [port] cmsg_len() could produce incorrect results on
- some platform. [RT #13744]
-
-1841. [bug] "dig +nssearch" now makes a recursive query to
- find the list of nameservers to query. [RT #13694]
-
-1840. [func] dnssec-signzone can now randomize signature end times
- (dnssec-signzone -j jitter). [RT #13609]
-
-1839. [bug] <isc/hash.h> was not being installed.
-
-1838. [cleanup] Don't allow Linux capabilities to be inherited.
- [RT #13707]
-
-1837. [bug] Compile time option ISC_FACILITY was not effective
- for 'named -u <user>'. [RT #13714]
-
-1836. [cleanup] Silence compiler warnings in hash_test.c.
-
-1835. [bug] Update dnssec-signzone's usage message. [RT #13657]
-
-1834. [bug] Bad memset in rdata_test.c. [RT #13658]
-
-1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660]
-
-1832. [bug] named fails to return BADKEY on unknown TSIG algorithm.
- [RT #13620]
-
-1831. [doc] Update named-checkzone documentation. [RT#13604]
-
-1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
-
-1829. [bug] win32: "pid-file none;" broken. [RT #13563]
-
-1828. [bug] isc_rwlock_init() failed to properly cleanup if it
- encountered a error. [RT #13549]
-
-1827. [bug] host: update usage message for '-a'. [RT #37116]
-
-1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out
- of memory error. [RT #13537]
-
-1825. [bug] Missing UNLOCK() on out of memory error from in
- rbtdb.c:subtractrdataset(). [RT #13519]
-
-1824. [bug] Memory leak on dns_zone_setdbtype() failure.
- [RT #13510]
-
-1823. [bug] Wrong macro used to check for point to point interface.
- [RT#13418]
-
-1822. [bug] check-names test for RT was reversed. [RT #13382]
-
-1821. [placeholder]
-
-1820. [bug] Gracefully handle acl loops. [RT #13659]
-
-1819. [bug] The validator needed to check both the algorithm and
- digest types of the DS to determine if it could be
- used to introduce a secure zone. [RT #13593]
-
-1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599]
-
-1817. [func] Add support for additional zone file formats for
- improving loading performance. The masterfile-format
- option in named.conf can be used to specify a
- non-default format. A separate command
- named-compilezone was provided to generate zone files
- in the new format. Additionally, the -I and -O options
- for dnssec-signzone specify the input and output
- formats.
-
-1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
- [RT #13597]
-
-1815. [bug] nsupdate triggered a REQUIRE if the server was set
- without also setting the zone and it encountered
- a CNAME and was using TSIG. [RT #13086]
-
-1814. [func] UNIX domain controls are now supported.
-
-1813. [func] Restructured the data locking framework using
- architecture dependent atomic operations (when
- available), improving response performance on
- multi-processor machines significantly.
- x86, x86_64, alpha, powerpc, and mips are currently
- supported.
-
-1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
- [RT #13453]
-
-1811. [func] Preserve the case of domain names in rdata during
- zone transfers. [RT #13547]
-
-1810. [bug] configure, lib/bind/configure make different default
- decisions about whether to do a threaded build.
- [RT #13212]
-
-1809. [bug] "make distclean" failed for libbind if the platform
- is not supported.
-
-1808. [bug] zone.c:notify_zone() contained a race condition,
- zone->db could change underneath it. [RT #13511]
-
-1807. [bug] When forwarding (forward only) set the active domain
- from the forward zone name. [RT #13526]
-
-1806. [bug] The resolver returned the wrong result when a CNAME /
- DNAME was encountered when fetching glue from a
- secure namespace. [RT #13501]
-
-1805. [bug] Pending status was not being cleared when DLV was
- active. [RT #13501]
-
-1804. [bug] Ensure that if we are queried for glue that it fits
- in the additional section or TC is set to tell the
- client to retry using TCP. [RT #10114]
-
-1803. [bug] dnssec-signzone sometimes failed to remove old
- RRSIGs. [RT #13483]
-
-1802. [bug] Handle connection resets better. [RT #11280]
-
-1801. [func] Report differences between hints and real NS rrset
- and associated address records.
-
-1800. [bug] Changes #1719 allowed a INSIST to be triggered.
- [RT #13428]
-
-1799. [bug] 'rndc flushname' failed to flush negative cache
- entries. [RT #13438]
-
-1798. [func] The server syntax has been extended to support a
- range of servers. [RT #11132]
-
-1797. [func] named-checkconf now check acls to verify that they
- only refer to existing acls. [RT #13101]
-
-1796. [func] "rndc freeze/thaw" now freezes/thaws all zones.
-
-1795. [bug] "rndc dumpdb" was not fully documented. Minor
- formating issues with "rndc dumpdb -all". [RT #13396]
-
-1794. [func] Named and named-checkzone can now both check for
- non-terminal wildcard records.
-
-1793. [func] Extend adjusting TTL warning messages. [RT #13378]
-
-1792. [func] New zone option "notify-delay". Specify a minimum
- delay between sets of NOTIFY messages.
-
-1791. [bug] 'host -t a' still printed out AAAA and MX records.
- [RT #13230]
-
-1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
- allow parallel make to succeed.
-
-1789. [bug] Prerequisite test for tkey and dnssec could fail
- with "configure --with-libtool".
-
-1788. [bug] libbind9.la/libbind9.so needs to link against
- libisccfg.la/libisccfg.so.
-
-1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.
-
-1786. [port] AIX: libt_api needs to be taught to look for
- T_testlist in the main executable (--with-libtool).
- [RT #13239]
-
-1785. [bug] libbind9.la/libbind9.so needs to link against
- libisc.la/libisc.so.
-
-1784. [cleanup] "libtool -allow-undefined" is the default.
- Leave hooks in configure to allow it to be set
- if needed in the future.
-
-1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the
- source tree.
-
-1782. [port] OSX: --with-libtool + --enable-libbind broke on
- __evOptMonoTime. [RT #13219]
-
-1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
-
-1780. [bug] Update libtool to 1.5.10.
-
-1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
-
-1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
- IN6ADDR_LOOPBACK_INIT macros.
-
-1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
- IN6ADDR_LOOPBACK_INIT macros.
-
-1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
- IN6ADDR_LOOPBACK_INIT macros.
-
-1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
-
-1774. [port] Aix: Silence compiler warnings / build failures.
- [RT #13154]
-
-1773. [bug] Fast retry on host / net unreachable. [RT #13153]
-
-1772. [placeholder]
-
-1771. [placeholder]
-
-1770. [bug] named-checkconf failed to report missing a missing
- file clause for rbt{64} master/hint zones. [RT#13009]
-
-1769. [port] win32: change compiler flags /MTd ==> /MDd,
- /MT ==> /MD.
-
-1768. [bug] nsecnoexistnodata() could be called with a non-NSEC
- rdataset. [RT #12907]
-
-1767. [port] Builds on IPv6 platforms without IPv6 Advanced API
- support for (struct in6_pktinfo) failed. [RT #13077]
-
-1766. [bug] Update the master file timestamp on successful refresh
- as well as the journal's timestamp. [RT# 13062]
-
-1765. [bug] configure --with-openssl=auto failed. [RT #12937]
-
-1764. [bug] dns_zone_replacedb failed to emit a error message
- if there was no SOA record in the replacement db.
- [RT #13016]
-
-1763. [func] Perform sanity checks on NS records which refer to
- 'in zone' names. [RT #13002]
-
-1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS
- even when it failed. [RT #12995]
-
-1761. [bug] 'rndc dumpdb' didn't report unassociated entries.
- [RT #12971]
-
-1760. [bug] Host / net unreachable was not penalising rtt
- estimates. [RT #12970]
-
-1759. [bug] Named failed to startup if the OS supported IPv6
- but had no IPv6 interfaces configured. [RT #12942]
-
-1758. [func] Don't send notify messages to self. [RT #12933]
-
-1757. [func] host now can turn on memory debugging flags with '-m'.
-
-1756. [func] named-checkconf now checks the logging configuration.
- [RT #12352]
-
-1755. [func] allow-update is now settable at the options / view
- level. [RT #6636]
-
-1754. [bug] We weren't always attempting to query the parent
- server for the DS records at the zone cut.
- [RT #12774]
-
-1753. [bug] Don't serve a slave zone which has no NS records.
- [RT #12894]
-
-1752. [port] Move isc_app_start() to after ns_os_daemonise()
- as some fork() implementations unblock the signals
- that are blocked by isc_app_start(). [RT #12810]
-
-1751. [bug] --enable-getifaddrs failed under linux. [RT #12867]
-
-1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
- [RT #12864]
-
-1749. [bug] 'check-names response ignore;' failed to ignore.
- [RT #12866]
-
-1748. [func] dig now returns the byte count for axfr/ixfr.
-
-1747. [bug] BIND 8 compatibility: named/named-checkconf failed
- to parse "host-statistics-max" in named.conf.
-
-1746. [func] Make public the function to read a key file,
- dst_key_read_public(). [RT #12450]
-
-1745. [bug] Dig/host/nslookup accept replies from link locals
- regardless of scope if no scope was specified when
- query was sent. [RT #12745]
-
-1744. [bug] If tuple2msgname() failed to convert a tuple to
- a name a REQUIRE could be triggered. [RT #12796]
-
-1743. [bug] If isc_taskmgr_create() was not able to create the
- requested number of worker threads then destruction
- of the manager would trigger an INSIST() failure.
- [RT #12790]
-
-1742. [bug] Deleting all records at a node then adding a
- previously existing record, in a single UPDATE
- transaction, failed to leave / regenerate the
- associated RRSIG records. [RT #12788]
-
-1741. [bug] Deleting all records at a node in a secure zone
- using a update-policy grant failed. [RT #12787]
-
-1740. [bug] Replace rbt's hash algorithm as it performed badly
- with certain zones. [RT #12729]
-
- NOTE: a hash context now needs to be established
- via isc_hash_create() if the application was not
- already doing this.
-
-1739. [bug] dns_rbt_deletetree() could incorrectly return
- ISC_R_QUOTA. [RT #12695]
-
-1738. [bug] Enable overrun checking by default. [RT #12695]
-
-1737. [bug] named failed if more than 16 masters were specified.
- [RT #12627]
-
-1736. [bug] dst_key_fromnamedfile() could fail to read a
- public key. [RT #12687]
-
-1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
- [RE #12688]
-
-1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path.
- [RT #12588]
-
-1733. [bug] Return non-zero exit status on initial load failure.
- [RT #12658]
-
-1732. [bug] 'rrset-order name "*"' wasn't being applied to ".".
- [RT #12467]
-
-1731. [port] darwin: relax version test in ifconfig.sh.
- [RT #12581]
-
-1730. [port] Determine the length type used by the socket API.
- [RT #12581]
-
-1729. [func] Improve check-names error messages.
-
-1728. [doc] Update check-names documentation.
-
-1727. [bug] named-checkzone: check-names support didn't match
- documentation.
-
-1726. [port] aix5: add support for aix5.
-
-1725. [port] linux: update error message on interaction of threads,
- capabilities and setuid support (named -u). [RT #12541]
-
-1724. [bug] Look for DNSKEY records with "dig +sigtrace".
- [RT #12557]
-
-1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
-
-1722. [bug] Don't commit the journal on malformed ixfr streams.
- [RT #12519]
-
-1721. [bug] Error message from the journal processing were not
- always identifying the relevant journal. [RT #12519]
-
-1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1
- negative response. [RT #12506]
-
-1719. [bug] named was not correctly caching a RFC 2308 Type 1
- negative response. [RT #12506]
-
-1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative
- responses when looking for the zone / master server.
- [RT #12506]
-
-1717. [port] solaris: ifconfig.sh did not support Solaris 10.
- "ifconfig.sh down" didn't work for Solaris 9.
-
-1716. [doc] named.conf(5) was being installed in the wrong
- location. [RT# 12441]
-
-1715. [func] 'dig +trace' now randomly selects the next servers
- to try. Report if there is a bad delegation.
-
-1714. [bug] dig/host/nslookup were only trying the first
- address when a nameserver was specified by name.
- [RT #12286]
-
-1713. [port] linux: extend capset failure message to say:
- please ensure that the capset kernel module is
- loaded. see insmod(8)
-
-1712. [bug] Missing FULLCHECK for "trusted-key" in dig.
-
-1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'.
-
-1710. [func] 'rndc notify zone [class [view]]' resend the NOTIFY
- messages for the specified zone. [RT #9479]
-
-1709. [port] solaris: add SMF support from Sun.
-
-1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
- for conformance to the name space convention. Binary
- backward compatibility to the old function name is
- provided. [RT #12376]
-
-1707. [contrib] sdb/ldap updated to version 1.0-beta.
-
-1706. [bug] 'rndc stop' failed to cause zones to be flushed
- sometimes. [RT #12328]
-
-1705. [func] Allow the journal's name to be changed via named.conf.
-
-1704. [port] lwres needed a snprintf() implementation for
- platforms without snprintf(). Add missing
- "#include <isc/print.h>". [RT #12321]
-
-1703. [bug] named would loop sending NOTIFY messages when it
- failed to receive a response. [RT #12322]
-
-1702. [bug] also-notify should not be applied to built in zones.
- [RT #12323]
-
-1701. [doc] A minimal named.conf man page.
-
-1700. [func] nslookup is no longer to be treated as deprecated.
- Remove "deprecated" warning message. Add man page.
-
-1699. [bug] dnssec-signzone can generate "not exact" errors
- when resigning. [RT #12281]
-
-1698. [doc] Use reserved IPv6 documentation prefix.
-
-1697. [bug] xxx-source{,-v6} was not effective when it
- specified one of listening addresses and a
- different port than the listening port. [RT #12257]
-
-1696. [bug] dnssec-signzone failed to clean out nodes that
- consisted of only NSEC and RRSIG records.
- [RT #12154]
-
-1695. [bug] DS records when forwarding require special handling.
- [RT #12133]
-
-1694. [bug] Report if the builtin views of "_default" / "_bind"
- are defined in named.conf. [RT #12023]
-
-1693. [bug] max-journal-size was not effective for master zones
- with ixfr-from-differences set. [RT# 12024]
-
-1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
- /usr/lib. [RT #11971]
-
-1691. [bug] sdb's attachversion was not complete. [RT #11990]
-
-1690. [bug] Delay detaching view from the client until UPDATE
- processing completes when shutting down. [RT #11714]
-
-1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
- contained gratuitous semicolons. [RT #11707]
-
-1688. [bug] LDFLAGS was not supported.
-
-1687. [bug] Race condition in dispatch. [RT #10272]
-
-1686. [bug] Named sent a extraneous NOTIFY when it received a
- redundant UPDATE request. [RT #11943]
-
-1685. [bug] Change #1679 loop tests weren't quite right.
-
-1684. [func] ixfr-from-differences now takes master and slave in
- addition to yes and no at the options and view levels.
-
-1683. [bug] dig +sigchase could leak memory. [RT #11445]
-
-1682. [port] Update configure test for (long long) printf format.
- [RT #5066]
-
-1681. [bug] Only set SO_REUSEADDR when a port is specified in
- isc_socket_bind(). [RT #11742]
-
-1680. [func] rndc: the source address can now be specified.
-
-1679. [bug] When there was a single nameserver with multiple
- addresses for a zone not all addresses were tried.
- [RT #11706]
-
-1678. [bug] RRSIG should use TYPEXXXXX for unknown types.
-
-1677. [bug] dig: +aaonly didn't work, +aaflag undocumented.
-
-1676. [func] New option "allow-query-cache". This lets
- allow-query be used to specify the default zone
- access level rather than having to have every
- zone override the global value. allow-query-cache
- can be set at both the options and view levels.
- If allow-query-cache is not set allow-query applies.
-
-1675. [bug] named would sometimes add extra NSEC records to
- the authority section.
-
-1674. [port] linux: increase buffer size used to scan
- /proc/net/if_inet6.
-
-1673. [port] linux: issue a error messages if IPv6 interface
- scans fails.
-
-1672. [cleanup] Tests which only function in a threaded build
- now return R:THREADONLY (rather than R:UNTESTED)
- in a non-threaded build.
-
-1671. [contrib] queryperf: add NAPTR to the list of known types.
-
-1670. [func] Log UPDATE requests to slave zones without an acl as
- "disabled" at debug level 3. [RT# 11657]
-
-1669. [placeholder]
-
-1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
-
-1667. [port] linux: not all versions have IF_NAMESIZE.
-
-1666. [bug] The optional port on hostnames in dual-stack-servers
- was being ignored.
-
-1665. [func] rndc now allows addresses to be set in the
- server clauses.
-
-1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.
-
-1663. [func] Look for OpenSSL by default.
-
-1662. [bug] Change #1658 failed to change one use of 'type'
- to 'keytype'.
-
-1661. [bug] Restore dns_name_concatenate() call in
- adb.c:set_target(). [RT #11582]
-
-1660. [bug] win32: connection_reset_fix() was being called
- unconditionally. [RT #11595]
-
-1659. [cleanup] Cleanup some messages that were referring to KEY vs
- DNSKEY, NXT vs NSEC and SIG vs RRSIG.
-
-1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
- and DH. Tighten which options apply to KEY and
- DNSKEY records.
-
-1657. [doc] ARM: document query log output.
-
-1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
- DNSKEY and RRSIG. [RT #11542]
-
-1655. [bug] Logging multiple versions w/o a size was broken.
- [RT #11446]
-
-1654. [bug] isc_result_totext() contained array bounds read
- error.
-
-1653. [func] Add key type checking to dst_key_fromfilename(),
- DST_TYPE_KEY should be used to read TSIG, TKEY and
- SIG(0) keys.
-
-1652. [bug] TKEY still uses KEY.
-
-1651. [bug] dig: process multiple dash options.
-
-1650. [bug] dig, nslookup: flush standard out after each command.
-
-1649. [bug] Silence "unexpected non-minimal diff" message.
- [RT #11206]
-
-1648. [func] Update dnssec-lookaside named.conf syntax to support
- multiple dnssec-lookaside namespaces (not yet
- implemented).
-
-1647. [bug] It was possible trigger a INSIST when chasing a DS
- record that required walking back over a empty node.
- [RT #11445]
-
-1646. [bug] win32: logging file versions didn't work with
- non-UNC filenames. [RT#11486]
-
-1645. [bug] named could trigger a REQUIRE failure if multiple
- masters with keys are specified.
-
-1644. [bug] Update the journal modification time after a
- successful refresh query. [RT #11436]
-
-1643. [bug] dns_db_closeversion() could leak memory / node
- references. [RT #11163]
-
-1642. [port] Support OpenSSL implementations which don't have
- DSA support. [RT #11360]
-
-1641. [bug] Update the check-names description in ARM. [RT #11389]
-
-1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
- incorrectly closing the socket. [RT #11291]
-
-1639. [func] Initial dlv system test.
-
-1638. [bug] "ixfr-from-differences" could generate a REQUIRE
- failure if the journal open failed. [RT #11347]
-
-1637. [bug] Node reference leak on error in addnoqname().
-
-1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
- a error had occurred. The database version no longer
- matched the version of the database that was dumped.
-
-1635. [bug] Memory leak on error in query_addds().
-
-1634. [bug] named didn't supply a useful error message when it
- detected duplicate views. [RT #11208]
-
-1633. [bug] named should return NOTIMP to update requests to a
- slaves without a allow-update-forwarding acl specified.
- [RT #11331]
-
-1632. [bug] nsupdate failed to send prerequisite only UPDATE
- messages. [RT #11288]
-
-1631. [bug] dns_journal_compact() could sometimes corrupt the
- journal. [RT #11124]
-
-1630. [contrib] queryperf: add support for IPv6 transport.
-
-1629. [func] dig now supports IPv6 scoped addresses with the
- extended format in the local-server part. [RT #8753]
-
-1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]
-
-1627. [bug] win32: sockets were not being closed when the
- last external reference was removed. [RT# 11179]
-
-1626. [bug] --enable-getifaddrs was broken. [RT#11259]
-
-1625. [bug] named failed to load/transfer RFC2535 signed zones
- which contained CNAMES. [RT# 11237]
-
-1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
-
-1623. [bug] A serial number of zero was being displayed in the
- "sending notifies" log message when also-notify was
- used. [RT #11177]
-
-1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
- available, and suppress wildcard binding if not.
-
-1621. [bug] match-destinations did not work for IPv6 TCP queries.
- [RT# 11156]
-
-1620. [func] When loading a zone report if it is signed. [RT #11149]
-
-1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
- [RT# 11118]
-
-1618. [bug] Fencepost errors in dns_name_ishostname() and
- dns_name_ismailbox() could trigger a INSIST().
-
-1617. [port] win32: VC++ 6.0 support.
-
-1616. [compat] Ensure that named's version is visible in the core
- dump. [RT #11127]
-
-1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
- it is defined.
-
-1614. [port] win32: silence resource limit messages. [RT# 11101]
-
-1613. [bug] Builds would fail on machines w/o a if_nametoindex().
- Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
- [RT #11119]
-
-1612. [bug] check-names at the option/view level could trigger
- an INSIST. [RT# 11116]
-
-1611. [bug] solaris: IPv6 interface scanning failed to cope with
- no active IPv6 interfaces.
-
-1610. [bug] On dual stack machines "dig -b" failed to set the
- address type to be looked up with "@server".
- [RT #11069]
-
-1609. [func] dig now has support to chase DNSSEC signature chains.
- Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.
-
- DNSSEC validation code in dig coded by Olivier Courtay
- (olivier.courtay@irisa.fr) for the IDsA project
- (http://idsa.irisa.fr).
-
-1608. [func] dig and host now accept -4/-6 to select IP transport
- to use when making queries.
-
-1607. [bug] dig, host and nslookup were still using random()
- to generate query ids. [RT# 11013]
-
-1606. [bug] DLV insecurity proof was failing.
-
-1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
-
-1604. [bug] A xfrout_ctx_create() failure would result in
- xfrout_ctx_destroy() being called with a
- partially initialized structure.
-
-1603. [bug] nsupdate: set interactive based on isatty().
- [RT# 10929]
-
-1602. [bug] Logging to a file failed unless a size was specified.
- [RT# 10925]
-
-1601. [bug] Silence spurious warning 'both "recursion no;" and
- "allow-recursion" active' warning from view "_bind".
- [RT# 10920]
-
-1600. [bug] Duplicate zone pre-load checks were not case
- insensitive.
-
-1599. [bug] Fix memory leak on error path when checking named.conf.
-
-1598. [func] Specify that certain parts of the namespace must
- be secure (dnssec-must-be-secure).
-
-1597. [func] Allow notify-source and query-source to be specified
- on a per server basis similar to transfer-source.
- [RT #6496]
-
-1596. [func] Accept 'notify-source' style syntax for query-source.
-
-1595. [func] New notify type 'master-only'. Enable notify for
- master zones only.
-
-1594. [bug] 'rndc dumpdb' could prevent named from answering
- queries while the dump was in progress. [RT #10565]
-
-1593. [bug] rndc should return "unknown command" to unknown
- commands. [RT# 10642]
-
-1592. [bug] configure_view() could leak a dispatch. [RT# 10675]
-
-1591. [bug] libbind: updated to BIND 8.4.5.
-
-1590. [port] netbsd: update thread support.
-
-1589. [func] DNSSEC lookaside validation.
-
-1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
-
-1587. [bug] dns_message_settsigkey() failed to clear existing key.
- [RT #10590]
-
-1586. [func] "check-names" is now implemented.
-
-1585. [placeholder]
-
-1584. [bug] "make test" failed with a read only source tree.
- [RT #10461]
-
-1583. [bug] Records add via UPDATE failed to get the correct trust
- level. [RT #10452]
-
-1582. [bug] rrset-order failed to work on RRsets with more
- than 32 elements. [RT #10381]
-
-1581. [func] Disable DNSSEC support by default. To enable
- DNSSEC specify "dnssec-enable yes;" in named.conf.
-
-1580. [bug] Zone destruction on final detach takes a long time.
- [RT #3746]
-
-1579. [bug] Multiple task managers could not be created.
-
-1578. [bug] Don't use CLASS E IPv4 addresses when resolving.
- [RT #10346]
-
-1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug
- workaround code. [RT #10331]
-
-1576. [bug] Race condition in dns_dispatch_addresponse().
- [RT# 10272]
-
-1575. [func] Log TSIG name on TSIG verify failure. [RT #4404]
-
-1574. [bug] Don't attempt to open the controls socket(s) when
- running tests. [RT #9091]
-
-1573. [port] linux: update to libtool 1.5.2 so that
- "make install DESTDIR=/xx" works with
- "configure --with-libtool". [RT #9941]
-
-1572. [bug] nsupdate: sign the soa query to find the enclosing
- zone if the server is specified. [RT #10148]
-
-1571. [bug] rbt:hash_node() could fail leaving the hash table
- in an inconsistent state. [RT #10208]
-
-1570. [bug] nsupdate failed to handle classes other than IN.
- New keyword 'class' which sets the default class.
- [RT #10202]
-
-1569. [func] nsupdate new command 'answer' which displays the
- complete answer message to the last update.
-
-1568. [bug] nsupdate now reports that the update failed in
- interactive mode. [RT# 10236]
-
-1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
-
-1566. [port] Support for the cmsg framework on Solaris and HP/UX.
- This also solved the problem that match-destinations
- for IPv6 addresses did not work on these systems.
- [RT #10221]
-
-1565. [bug] CD flag should be copied to outgoing queries unless
- the query is under a secure entry point in which case
- CD should be set.
-
-1564. [func] Attempt to provide a fallback entropy source to be
- used if named is running chrooted and named is unable
- to open entropy source within the chroot area.
- [RT #10133]
-
-1563. [bug] Gracefully fail when unable to obtain neither an IPv4
- nor an IPv6 dispatch. [RT #10230]
-
-1562. [bug] isc_socket_create() and isc_socket_accept() could
- leak memory under error conditions. [RT #10230]
-
-1561. [bug] It was possible to release the same name twice if
- named ran out of memory. [RT #10197]
-
-1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
- and EAI_NONAME to the same value.
-
-1559. [port] named should ignore SIGFSZ.
-
-1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
- child zones for which we don't have a supported
- algorithm. Such child zones are treated as unsigned.
-
-1557. [func] Implement missing DNSSEC tests for
- * NOQNAME proof with wildcard answers.
- * NOWILDARD proof with NXDOMAIN.
- Cache and return NOQNAME with wildcard answers.
-
-1556. [bug] nsupdate now treats all names as fully qualified.
- [RT #6427]
-
-1555. [func] 'rrset-order cyclic' no longer has a random starting
- point per query. [RT #7572]
-
-1554. [bug] dig, host, nslookup failed when no nameservers
- were specified in /etc/resolv.conf. [RT #8232]
-
-1553. [bug] The windows socket code could stop accepting
- connections. [RT#10115]
-
-1552. [bug] Accept NOTIFY requests from mapped masters if
- matched-mapped is set. [RT #10049]
-
-1551. [port] Open "/dev/null" before calling chroot().
-
-1550. [port] Call tzset(), if available, before calling chroot().
-
-1549. [func] named-checkzone can now write out the zone contents
- in a easily parsable format (-D and -o).
-
-1548. [bug] When parsing APL records it was possible to silently
- accept out of range ADDRESSFAMILY values. [RT# 9979]
-
-1547. [bug] Named wasted memory recording duplicate lame zone
- entries. [RT #9341]
-
-1546. [bug] We were rejecting valid secure CNAME to negative
- answers.
-
-1545. [bug] It was possible to leak memory if named was unable to
- bind to the specified transfer source and TSIG was
- being used. [RT #10120]
-
-1544. [bug] Named would logged a single entry to a file despite it
- being over the specified size limit.
-
-1543. [bug] Logging using "versions unlimited" did not work.
-
-1542. [placeholder]
-
-1541. [func] NSEC now uses new bitmap format.
-
-1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
- [RT #8934]
-
-1539. [bug] Open UDP sockets for notify-source and transfer-source
- that use reserved ports at startup. [RT #9475]
-
-1538. [placeholder] rt9997
-
-1537. [func] New option "querylog". If set specify whether query
- logging is to be enabled or disabled at startup.
-
-1536. [bug] Windows socket code failed to log a error description
- when returning ISC_R_UNEXPECTED. [RT #9998]
-
-1535. [placeholder]
-
-1534. [bug] Race condition when priming cache. [RT# 9940]
-
-1533. [func] Warn if both "recursion no;" and "allow-recursion"
- are active. [RT# 4389]
-
-1532. [port] netbsd: the configure test for <sys/sysctl.h>
- requires <sys/param.h>.
-
-1531. [port] AIX more libtool fixes.
-
-1530. [bug] It was possible to trigger a INSIST() failure if a
- slave master file was removed at just the correct
- moment. [RT #9462]
-
-1529. [bug] "notify explicit;" failed to log that NOTIFY messages
- were being sent for the zone. [RT# 9442]
-
-1528. [cleanup] Simplify some dns_name_ functions based on the
- deprecation of bitstring labels.
-
-1527. [cleanup] Reduce the number of gettimeofday() calls without
- losing necessary timer granularity.
-
-1526. [func] Implemented "additional section caching (or acache)",
- an internal cache framework for additional section
- content to improve response performance. Several
- configuration options were provided to control the
- behavior.
-
-1525. [bug] dns_cache_create() could trigger a REQUIRE
- failure in isc_mem_put() during error cleanup.
- [RT# 9360]
-
-1524. [port] AIX needs to be able to resolve all symbols when
- creating shared libraries (--with-libtool).
-
-1523. [bug] Fix race condition in rbtdb. [RT# 9189]
-
-1522. [bug] dns_db_findnode() relax the requirements on 'name'.
- [RT# 9286]
-
-1521. [bug] dns_view_createresolver() failed to check the
- result from isc_mem_create(). [RT# 9294]
-
-1520. [protocol] Add SSHFP (SSH Finger Print) type.
-
-1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
- length of the new bitmap.
-
-1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(),
- contained a off-by-one error when working out the
- number of octets in the bitmap.
-
-1517. [port] Support for IPv6 interface scanning on HP/UX and
- TrueUNIX 5.1.
-
-1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
-
-1515. [func] Allow transfer source to be set in a server statement.
- [RT #6496]
-
-1514. [bug] named: isc_hash_destroy() was being called too early.
- [RT #9160]
-
-1513. [doc] Add "US" to root-delegation-only exclude list.
-
-1512. [bug] Extend the delegation-only logging to return query
- type, class and responding nameserver.
-
-1511. [bug] delegation-only was generating false positives
- on negative answers from sub-zones.
-
-1510. [func] New view option "root-delegation-only". Apply
- delegation-only check to all TLDs and root.
- Note there are some TLDs that are NOT delegation
- only (e.g. DE, LV, US and MUSEUM) these can be excluded
- from the checks by using exclude.
-
- root-delegation-only exclude {
- "DE"; "LV"; "US"; "MUSEUM";
- };
-
-1509. [bug] Hint zones should accept delegation-only. Forward
- zone should not accept delegation-only.
-
-1508. [bug] Don't apply delegation-only checks to answers from
- forwarders.
-
-1507. [bug] Handle BIND 8 style returns to NS queries to parents
- when making delegation-only checks.
-
-1506. [bug] Wrong return type for dns_view_isdelegationonly().
-
-1505. [bug] Uninitialized rdataset in sdb. [RT #8750]
-
-1504. [func] New zone type "delegation-only".
-
-1503. [port] win32: install libeay32.dll outside of system32.
-
-1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP.
-
-1501. [func] Allow TCP queue length to be specified via
- named.conf, tcp-listen-queue.
-
-1500. [bug] host failed to lookup MX records. Also look up
- AAAA records.
-
-1499. [bug] isc_random need to be seeded better if arc4random()
- is not used.
-
-1498. [port] bsdos: 5.x support.
-
-1497. [placeholder]
-
-1496. [port] test for pthread_attr_setstacksize().
-
-1495. [cleanup] Replace hash functions with universal hash.
-
-1494. [security] Turn on RSA BLINDING as a precaution.
-
-1493. [placeholder]
-
-1492. [cleanup] Preserve rwlock quota context when upgrading /
- downgrading. [RT #5599]
-
-1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
- lines. [RT #6206]
-
-1490. [bug] Accept reading state as well as working state in
- ns_client_next(). [RT #6813]
-
-1489. [compat] Treat 'allow-update' on slave zones as a warning.
- [RT #3469]
-
-1488. [bug] Don't override trust levels for glue addresses.
- [RT #5764]
-
-1487. [bug] A REQUIRE() failure could be triggered if a zone was
- queued for transfer and the zone was then removed.
- [RT #6189]
-
-1486. [bug] isc_print_snprintf() '%%' consumed one too many format
- characters. [RT# 8230]
-
-1485. [bug] gen failed to handle high type values. [RT #6225]
-
-1484. [bug] The number of records reported after a AXFR was wrong.
- [RT #6229]
-
-1483. [bug] dig axfr failed if the message id in the answer failed
- to match that in the request. Only the id in the first
- message is required to match. [RT #8138]
-
-1482. [bug] named could fail to start if the kernel supports
- IPv6 but no interfaces are configured. Similarly
- for IPv4. [RT #6229]
-
-1481. [bug] Refresh and stub queries failed to use masters keys
- if specified. [RT #7391]
-
-1480. [bug] Provide replay protection for rndc commands. Full
- replay protection requires both rndc and named to
- be updated. Partial replay protection (limited
- exposure after restart) is provided if just named
- is updated.
-
-1479. [bug] cfg_create_tuple() failed to handle out of
- memory cleanup. parse_list() would leak memory
- on syntax errors.
-
-1478. [port] ifconfig.sh didn't account for other virtual
- interfaces. It now takes a optional argument
- to specify the first interface number. [RT #3907]
-
-1477. [bug] memory leak using stub zones and TSIG.
-
-1476. [placeholder]
-
-1475. [port] Probe for old sprintf().
-
-1474. [port] Provide strtoul() and memmove() for platforms
- without them.
-
-1473. [bug] create_map() and create_string() failed to handle out
- of memory cleanup. [RT #6813]
-
-1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
-
-1471. [bug] libbind: updated to BIND 8.4.0.
-
-1470. [bug] Incorrect length passed to snprintf. [RT #5966]
-
-1469. [func] Log end of outgoing zone transfer at same level
- as the start of transfer is logged. [RT #4441]
-
-1468. [func] Internal zones are no longer counted for
- 'rndc status'. [RT #4706]
-
-1467. [func] $GENERATES now supports optional class and ttl.
-
-1466. [bug] lwresd configuration errors resulted in memory
- and lock leaks. [RT #5228]
-
-1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
- failed to check that trailing bits were zero allowing
- some invalid base64 strings to be accepted. [RT #5397]
-
-1464. [bug] Preserve "out of zone" data for outgoing zone
- transfers. [RT #5192]
-
-1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
- NXT bit maps. [RT #5577]
-
-1462. [bug] parse_sizeval() failed to check the token type.
- [RT #5586]
-
-1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
-
-1460. [bug] inet_pton() failed to reject certain malformed
- IPv6 literals.
-
-1459. [placeholder]
-
-1458. [cleanup] sprintf() -> snprintf().
-
-1457. [port] Provide strlcat() and strlcpy() for platforms without
- them.
-
-1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
-
-1455. [bug] <netaddr> missing from server grammar in
- doc/misc/options. [RT #5616]
-
-1454. [port] Use getifaddrs() if available for interface scanning.
- --disable-getifaddrs to override. Glibc currently
- has a getifaddrs() that does not support IPv6.
- Use --enable-getifaddrs=glibc to force the use of
- this version under linux machines.
-
-1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
-
-1452. [placeholder]
-
-1451. [bug] rndc-confgen didn't exit with a error code for all
- failures. [RT #5209]
-
-1450. [bug] Fetching expired glue failed under certain
- circumstances. [RT #5124]
-
-1449. [bug] query_addbestns() didn't handle running out of memory
- gracefully.
-
-1448. [bug] Handle empty wildcards labels.
-
-1447. [bug] We were casting (unsigned int) to and from (void *).
- rdataset->private4 is now rdataset->privateuint4
- to reflect a type change.
-
-1446. [func] Implemented undocumented alternate transfer sources
- from BIND 8. See use-alt-transfer-source,
- alt-transfer-source and alt-transfer-source-v6.
-
- SECURITY: use-alt-transfer-source is ENABLED unless
- you are using views. This may cause a security risk
- resulting in accidental disclosure of wrong zone
- content if the master supplying different source
- content based on IP address. If you are not certain
- ISC recommends setting use-alt-transfer-source no;
-
-1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
- been replaced with DNS_ADBFIND_STARTATZONE which
- causes the search to start using the closest zone.
-
-1444. [func] dns_view_findzonecut2() allows you to specify if the
- cache should be searched for zone cuts.
-
-1443. [func] Masters lists can now be specified and referenced
- in zone masters clauses and other masters lists.
-
-1442. [func] New functions for manipulating port lists:
- dns_portlist_create(), dns_portlist_add(),
- dns_portlist_remove(), dns_portlist_match(),
- dns_portlist_attach() and dns_portlist_detach().
-
-1441. [func] It is now possible to tell dig to bind to a specific
- source port.
-
-1440. [func] It is now possible to tell named to avoid using
- certain source ports (avoid-v4-udp-ports,
- avoid-v6-udp-ports).
-
-1439. [bug] Named could return NOERROR with certain NOTIFY
- failures. Return NOTAUTH if the NOTIFY zone is
- not being served.
-
-1438. [func] Log TSIG (if any) when logging NOTIFY requests.
-
-1437. [bug] Leave space for stdio to work in. [RT #5033]
-
-1436. [func] dns_zonemgr_resumexfrs() can be used to restart
- stalled transfers.
-
-1435. [bug] zmgr_resume_xfrs() was being called read locked
- rather than write locked. zmgr_resume_xfrs()
- was not being called if the zone was being
- shutdown.
-
-1434. [bug] "rndc reconfig" failed to initiate the initial
- zone transfer of new slave zones.
-
-1433. [bug] named could trigger a REQUIRE failure if it could
- not get a file descriptor when attempting to write
- a master file. [RT #4347]
-
-1432. [func] The advertised EDNS UDP buffer size can now be set
- via named.conf (edns-udp-size).
-
-1431. [bug] isc_print_snprintf() "%s" with precision could walk off
- end of argument. [RT #5191]
-
-1430. [port] linux: IPv6 interface scanning support.
-
-1429. [bug] Prevent the cache getting locked to old servers.
-
-1428. [placeholder]
-
-1427. [bug] Race condition in adb with threaded build.
-
-1426. [placeholder]
-
-1425. [port] linux/libbind: define __USE_MISC when testing *_r()
- function prototypes in netdb.h. [RT #4921]
-
-1424. [bug] EDNS version not being correctly printed.
-
-1423. [contrib] queryperf: added A6 and SRV.
-
-1422. [func] Log name/type/class when denying a query. [RT #4663]
-
-1421. [func] Differentiate updates that don't succeed due to
- prerequisites (unsuccessful) vs other reasons
- (failed).
-
-1420. [port] solaris: work around gcc optimizer bug.
-
-1419. [port] openbsd: use /dev/arandom. [RT #4950]
-
-1418. [bug] 'rndc reconfig' did not cause new slaves to load.
-
-1417. [func] ID.SERVER/CHAOS is now a built in zone.
- See "server-id" for how to configure.
-
-1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
- [RT #4715]
-
-1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
- from SOA MINIMUM.
-
-1414. [func] Support for KSK flag.
-
-1413. [func] Explicitly request the (re-)generation of DS records
- from keysets (dnssec-signzone -g).
-
-1412. [func] You can now specify servers to be tried if a nameserver
- has IPv6 address and you only support IPv4 or the
- reverse. See dual-stack-servers.
-
-1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
-
-1410. [func] Handle records that live in the parent zone, e.g. DS.
-
-1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
-
-1408. [bug] "make distclean" was not complete. [RT #4700]
-
-1407. [bug] lfsr incorrectly implements the shift register.
- [RT #4617]
-
-1406. [bug] dispatch initializes one of the LFSR's with a incorrect
- polynomial. [RT #4617]
-
-1405. [func] Use arc4random() if available.
-
-1404. [bug] libbind: ns_name_ntol() could overwrite a zero length
- buffer.
-
-1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset
- dnssec-signkey now report their version in the
- usage message.
-
-1402. [cleanup] A6 has been moved to experimental and is no longer
- fully supported.
-
-1401. [bug] adb wasn't clearing state when the timer expired.
-
-1400. [bug] Block the addition of wildcard NS records by IXFR
- or UPDATE. [RT #3502]
-
-1399. [bug] Use serial number arithmetic when testing SIG
- timestamps. [RT #4268]
-
-1398. [doc] ARM: notify-also should have been also-notify.
- [RT #4345]
-
-1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
-
-1396. [func] dnssec-signzone: adjust the default signing time by
- 1 hour to allow for clock skew.
-
-1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
- have a working implementation. [RT #4079]
-
-1394. [func] It is now possible to check if a particular element is
- in a acl. Remove duplicate entries from the localnets
- acl.
-
-1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
- is not available in the kernel to prevent accidently
- listening on IPv4 interfaces.
-
-1392. [bug] named-checkzone: update usage.
-
-1391. [func] Add support for IPv6 scoped addresses in named.
-
-1390. [func] host now supports ixfr.
-
-1389. [bug] named could fail to rotate long log files. [RT #3666]
-
-1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
- defining HAVE_IFLIST_SYSCTL. [RT #3770]
-
-1387. [bug] named could crash due to an access to invalid memory
- space (which caused an assertion failure) in
- incremental cleaning. [RT #3588]
-
-1386. [bug] named-checkzone -z stopped on errors in a zone.
- [RT #3653]
-
-1385. [bug] Setting serial-query-rate to 10 would trigger a
- REQUIRE failure.
-
-1384. [bug] host was incompatible with BIND 8 in its exit code and
- in the output with the -l option. [RT #3536]
-
-1383. [func] Track the serial number in a IXFR response and log if
- a mismatch occurs. This is a more specific error than
- "not exact". [RT #3445]
-
-1382. [bug] make install failed with --enable-libbind. [RT #3656]
-
-1381. [bug] named failed to correctly process answers that
- contained DNAME records where the resulting CNAME
- resulted in a negative answer.
-
-1380. [func] 'rndc recursing' dump recursing queries to
- 'recursing-file = "named.recursing";'.
-
-1379. [func] 'rndc status' now reports tcp and recursion quota
- states.
-
-1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
-
-1377. [func] dns_zone_load{new}() now reports if the zone was
- loaded, queued for loading to up to date.
-
-1376. [func] New function dns_zone_logc() to log to specified
- category.
-
-1375. [func] 'rndc dumpdb' now dumps the adb cache along with the
- data cache.
-
-1374. [func] dns_adb_dump() now logs the lame zones associated
- with each server.
-
-1373. [bug] Recovery from expired glue failed under certain
- circumstances.
-
-1372. [bug] named crashes with an assertion failure on exit when
- sharing the same port for listening and querying, and
- changing listening addresses several times. [RT# 3509]
-
-1371. [bug] notify-source-v6, transfer-source-v6 and
- query-source-v6 with explicit addresses and using the
- same ports as named was listening on could interfere
- with named's ability to answer queries sent to those
- addresses.
-
-1370. [bug] dig '+[no]recurse' was incorrectly documented.
-
-1369. [bug] Adding an NS record as the lexicographically last
- record in a secure zone didn't work.
-
-1368. [func] remove support for bitstring labels.
-
-1367. [func] Use response times to select forwarders.
-
-1366. [contrib] queryperf usage was incomplete. Add '-h' for help.
-
-1365. [func] "localhost" and "localnets" acls now include IPv6
- addresses / prefixes.
-
-1364. [func] Log file name when unable to open memory statistics
- and dump database files. [RT# 3437]
-
-1363. [func] Listen-on-v6 now supports specific addresses.
-
-1362. [bug] remove IFF_RUNNING test when scanning interfaces.
-
-1361. [func] log the reason for rejecting a server when resolving
- queries.
-
-1360. [bug] --enable-libbind would fail when not built in the
- source tree for certain OS's.
-
-1359. [security] Support patches OpenSSL libraries.
- http://www.cert.org/advisories/CA-2002-23.html
-
-1358. [bug] It was possible to trigger a INSIST when debugging
- large dynamic updates. [RT #3390]
-
-1357. [bug] nsupdate was extremely wasteful of memory.
-
-1356. [tuning] Reduce the number of events / quantum for zone tasks.
-
-1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
-
-1354. [doc] lwres man pages had illegal nroff.
-
-1353. [contrib] sdb/ldap to version 0.9.
-
-1352. [bug] dig, host, nslookup when falling back to TCP use the
- current search entry (if any). [RT #3374]
-
-1351. [bug] lwres_getipnodebyname() returned the wrong name
- when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
- was set.
-
-1350. [bug] dns_name_fromtext() failed to handle too many labels
- gracefully.
-
-1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
- http://www.cert.org/advisories/CA-2002-23.html
-
-1348. [port] win32: Rewrote code to use I/O Completion Ports
- in socket.c and eliminating a host of socket
- errors. Performance is enhanced.
-
-1347. [placeholder]
-
-1346. [placeholder]
-
-1345. [port] Use a explicit -Wformat with gcc. Not all versions
- include it in -Wall.
-
-1344. [func] Log if the serial number on the master has gone
- backwards.
- If you have multiple machines specified in the masters
- clause you may want to set 'multi-master yes;' to
- suppress this warning.
-
-1343. [func] Log successful notifies received (info). Adjust log
- level for failed notifies to notice.
-
-1342. [func] Log remote address with TCP dispatch failures.
-
-1341. [func] Allow a rate limiter to be stalled.
-
-1340. [bug] Delay and spread out the startup refresh load.
-
-1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
- lookups. Bit string lookups are no longer attempted.
-
-1338. [placeholder]
-
-1337. [placeholder]
-
-1336. [func] Nibble lookups under IP6.ARPA are now supported by
- dns_byaddr_create(). dns_byaddr_createptrname() is
- deprecated, use dns_byaddr_createptrname2() instead.
-
-1335. [bug] When performing a nonexistence proof, the validator
- should discard parent NXTs from higher in the DNS.
-
-1334. [bug] When signing/verifying rdatasets, duplicate rdatas
- need to be suppressed.
-
-1333. [contrib] queryperf now reports a summary of returned
- rcodes (-c), rcodes are printed in mnemonic form (-v).
-
-1332. [func] Report the current serial with periodic commits when
- rolling forward the journal.
-
-1331. [func] Generate DNSSEC wildcard proofs.
-
-1330. [bug] When processing events (non-threaded) only allow
- the task one chance to use to use its quantum.
-
-1329. [func] named-checkzone will now check if nameservers that
- appear to be IP addresses. Available modes "fail",
- "warn" (default) and "ignore" the results of the
- check.
-
-1328. [bug] The validator could incorrectly verify an invalid
- negative proof.
-
-1327. [bug] The validator would incorrectly mark data as insecure
- when seeing a bogus signature before a correct
- signature.
-
-1326. [bug] DNAME/CNAME signatures were not being cached when
- validation was not being performed. [RT #3284]
-
-1325. [bug] If the tcpquota was exhausted it was possible to
- to trigger a INSIST() failure.
-
-1324. [port] darwin: ifconfig.sh now supports darwin.
-
-1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
-
-1322. [bug] dnssec-signzone usage message was misleading.
-
-1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
- would incorrectly duplicate its output and sign it.
-
-1320. [doc] query-source-v6 was missing from options section.
- [RT #3218]
-
-1319. [func] libbind: log attempts to exploit #1318.
-
-1318. [bug] libbind: Remote buffer overrun.
-
-1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
- element name.
-
-1316. [bug] libbind: gethostans() could get out of sync parsing
- the response if there was a very long CNAME chain.
-
-1315. [bug] Options should apply to the internal _bind view.
-
-1314. [port] Handle ECONNRESET from sendmsg() [unix].
-
-1313. [func] Query log now says if the query was signed (S) or
- if EDNS was used (E).
-
-1312. [func] Log TSIG key used w/ outgoing zone transfers.
-
-1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
-
-1310. [bug] 'rndc stop' failed to cause zones to be flushed
- sometimes. [RT #3157]
-
-1309. [func] Log that a zone transfer was covered by a TSIG.
-
-1308. [func] DS (delegation signer) support.
-
-1307. [bug] nsupdate: allow white space base64 key data.
-
-1306. [bug] Badly encoded LOC record when the size, horizontal
- precision or vertical precision was 0.1m.
-
-1305. [bug] Document that internal zones are included in the
- rndc status results.
-
-1304. [func] New function: dns_zone_name().
-
-1303. [func] Option 'flush-zones-on-shutdown <boolean>;'.
-
-1302. [func] Extended rndc dumpdb to support dumping of zones and
- view selection: 'dumpdb [-all|-zones|-cache] [view]'.
-
-1301. [func] New category 'update-security'.
-
-1300. [port] Compaq Trucluster support.
-
-1299. [bug] Set AI_ADDRCONFIG when looking up addresses
- via getaddrinfo() (affects dig, host, nslookup, rndc
- and nsupdate).
-
-1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
- could be left with a trailing "\" after configure
- has been run.
-
-1297. [port] linux: make handling EINVAL from socket() no longer
- conditional on #ifdef LINUX.
-
-1296. [bug] isc_log_closefilelogs() needed to lock the log
- context.
-
-1295. [bug] isc_log_setdebuglevel() needed to lock the log
- context.
-
-1294. [func] libbind: no longer attempts bit string labels for
- IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
- for nibble style resolution.
-
-1293. [func] Entropy can now be retrieved from EGDs. [RT #2438]
-
-1292. [func] Enable IPv6 support when using ioctl style interface
- scanning and OS supports SIOCGLIFADDR using struct
- if_laddrreq.
-
-1291. [func] Enable IPv6 support when using sysctl style interface
- scanning.
-
-1290. [func] "dig axfr" now reports the number of messages
- as well as the number of records.
-
-1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
-
-1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
- reflect written requirements.
-
-1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
- a rdataset to a zone db in the rbtdb implementation of
- addrdataset.
-
-1286. [bug] dns_name_downcase() enforce requirement that
- target != NULL or name->buffer != NULL.
-
-1285. [func] lwres: probe the system to see what address families
- are currently in use.
-
-1284. [bug] The RTT estimate on unused servers was not aged.
- [RT #2569]
-
-1283. [func] Use "dataready" accept filter if available.
-
-1282. [port] libbind: hpux 11.11 interface scanning.
-
-1281. [func] Log zone when unable to get private keys to update
- zone. Log zone when NXT records are missing from
- secure zone.
-
-1280. [bug] libbind: escape '(' and ')' when converting to
- presentation form.
-
-1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
-
-1278. [func] dig: now supports +[no]cl +[no]ttlid.
-
-1277. [func] You can now create your own customized printing
- styles: dns_master_stylecreate() and
- dns_master_styledestroy().
-
-1276. [bug] libbind: const pointer conflicts in res_debug.c.
-
-1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
-
-1274. [bug] Memory leak in lwres_gnbarequest_parse().
-
-1273. [port] libbind: solaris: 64 bit binary compatibility.
-
-1272. [contrib] Berkeley DB 4.0 sdb implementation from
- Nuno Miguel Rodrigues <nmr@co.sapo.pt>.
-
-1271. [bug] "recursion available: {denied,approved}" was too
- confusing.
-
-1270. [bug] Check that system inet_pton() and inet_ntop() support
- AF_INET6.
-
-1269. [port] Openserver: ifconfig.sh support.
-
-1268. [port] Openserver: the value FD_SETSIZE depends on whether
- <sys/param.h> is included or not. Be consistent.
-
-1267. [func] isc_file_openunique() now creates file using mode
- 0666 rather than 0600.
-
-1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
- __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
- are not C++ compatible, use *_TYPE versions instead.
-
-1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
- C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
-
-1264. [placeholder]
-
-1263. [bug] Reference after free error if dns_dispatchmgr_create()
- failed.
-
-1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
-
-1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
- support for compressed TSIG owner names.
-
-1260. [func] libbind: res_update can now update IPv6 servers,
- new function res_findzonecut2().
-
-1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
- w/o sa_len.
-
-1258. [bug] libbind: res_nametotype() and res_nametoclass() were
- broken.
-
-1257. [bug] Failure to write pid-file should not be fatal on
- reload. [RT #2861]
-
-1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
-
-1255. [bug] When verifying that an NXT proves nonexistence, check
- the rcode of the message and only do the matching NXT
- check. That is, for NXDOMAIN responses, check that
- the name is in the range between the NXT owner and
- next name, and for NOERROR NODATA responses, check
- that the type is not present in the NXT bitmap.
-
-1254. [func] preferred-glue option from BIND 8.3.
-
-1253. [bug] The dnssec system test failed to remove the correct
- files.
-
-1252. [bug] Dig, host and nslookup were not checking the address
- the answer was coming from against the address it was
- sent to. [RT# 2692]
-
-1251. [port] win32: a make file contained absolute version specific
- references.
-
-1250. [func] Nsupdate will report the address the update was
- sent to.
-
-1249. [bug] Missing masters clause was not handled gracefully.
- [RT #2703]
-
-1248. [bug] DESTDIR was not being propagated between makes.
-
-1247. [bug] Don't reset the interface index for link/site local
- addresses. [RT #2576]
-
-1246. [func] New functions isc_sockaddr_issitelocal(),
- isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
- and isc_netaddr_islinklocal().
-
-1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
- accept().
-
-1244. [bug] Receiving a TCP message from a blackhole address would
- prevent further messages being received over that
- interface.
-
-1243. [bug] It was possible to trigger a REQUIRE() in
- dns_message_findtype(). [RT #2659]
-
-1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
-
-1241. [bug] Drop received UDP messages with a zero source port
- as these are invariably forged. [RT #2621]
-
-1240. [bug] It was possible to leak zone references by
- specifying an incorrect zone to rndc.
-
-1239. [bug] Under certain circumstances named could continue to
- use a name after it had been freed triggering
- INSIST() failures. [RT #2614]
-
-1238. [bug] It is possible to lockup the server when shutting down
- if notifies were being processed. [RT #2591]
-
-1237. [bug] nslookup: "set q=type" failed.
-
-1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
- NULL terminated text regions. [RT #2588]
-
-1235. [func] Report 'out of memory' errors from openssl.
-
-1234. [bug] contrib/sdb: 'zonetodb' failed to call
- dns_result_register(). DNS_R_SEENINCLUDE should not
- be fatal.
-
-1233. [bug] The flags field of a KEY record can be expressed in
- hex as well as decimal.
-
-1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
-
-1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
-
-1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
-
-1229. [bug] named would crash if it received a TSIG signed
- query as part of an AXFR response. [RT #2570]
-
-1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
-
-1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
- if a number was expected and some other token was
- found. [RT#2532]
-
-1226. [func] Use EDNS for zone refresh queries. [RT #2551]
-
-1225. [func] dns_message_setopt() no longer requires that
- dns_message_renderbegin() to have been called.
-
-1224. [bug] 'rrset-order' and 'sortlist' should be additive
- not exclusive.
-
-1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
- are supported.
-
-1222. [bug] Specifying 'port *' did not always result in a system
- selected (non-reserved) port being used. [RT #2537]
-
-1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
- compared case insensitively. [RT #2542]
-
-1220. [func] Support for APL rdata type.
-
-1219. [func] Named now reports the TSIG extended error code when
- signature verification fails. [RT #1651]
-
-1218. [bug] Named incorrectly returned SERVFAIL rather than
- NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
-
-1217. [func] Report locations of previous key definition when a
- duplicate is detected.
-
-1216. [bug] Multiple server clauses for the same server were not
- reported. [RT #2514]
-
-1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
-
-1214. [bug] Win32: isc_file_renameunique() could leave zero length
- files behind.
-
-1213. [func] Report view associated with client if it is not a
- standard view (_default or _bind).
-
-1212. [port] libbind: 64k answer buffers were causing stack space
- to be exceeded for certain OS. Use heap space instead.
-
-1211. [bug] dns_name_fromtext() incorrectly handled certain
- valid octal bitlabels. [RT #2483]
-
-1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
- compatible addresses. [RT #2461]
-
-1209. [bug] Dig, host, nslookup were not checking the message ids
- on the responses. [RT #2454]
-
-1208. [bug] dns_master_load*() failed to log a error message if
- an error was detected when parsing the ownername of
- a record. [RT #2448]
-
-1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
- an invalid pointer.
-
-1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
- trigger a non-EDNS retry.
-
-1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
- of the message. [RT #2449]
-
-1204. [bug] libbind: res_nupdate() failed to update the name
- server addresses before sending the update.
-
-1203. [func] Report locations of previous acl and zone definitions
- when a duplicate is detected.
-
-1202. [func] New functions: cfg_obj_line() and cfg_obj_file().
-
-1201. [bug] Require that if 'callbacks' is passed to
- dns_rdata_fromtext(), callbacks->error and
- callbacks->warn are initialized.
-
-1200. [bug] Log 'errno' that we are unable to convert to
- isc_result_t. [RT #2404]
-
-1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
- [RT #2436]
-
-1198. [bug] OPT printing style was not consistent with the way the
- header fields are printed. The DO bit was not reported
- if set. Report if any of the MBZ bits are set.
-
-1197. [bug] Attempts to define the same acl multiple times were not
- detected.
-
-1196. [contrib] update mdnkit to 2.2.3.
-
-1195. [bug] Attempts to redefine builtin acls should be caught.
- [RT #2403]
-
-1194. [bug] Not all duplicate zone definitions were being detected
- at the named.conf checking stage. [RT #2431]
-
-1193. [bug] dig +besteffort parsing didn't handle packet
- truncation. dns_message_parse() has new flag
- DNS_MESSAGE_IGNORETRUNCATION.
-
-1192. [bug] The seconds fields in LOC records were restricted
- to three decimal places. More decimal places should
- be allowed but warned about.
-
-1191. [bug] A dynamic update removing the last non-apex name in
- a secure zone would fail. [RT #2399]
-
-1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands.
- [RT #2394]
-
-1189. [bug] On some systems, malloc(0) returns NULL, which
- could cause the caller to report an out of memory
- error. [RT #2398]
-
-1188. [bug] Dynamic updates of a signed zone would fail if
- some of the zone private keys were unavailable.
-
-1187. [bug] named was incorrectly returning DNSSEC records
- in negative responses when the DO bit was not set.
-
-1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
- EOL token when reading to end of line.
-
-1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
- unless RES_INIT is set when calling res_*init().
-
-1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
- when res_*init() is called.
-
-1183. [bug] Handle ENOSR error when writing to the internal
- control pipe. [RT #2395]
-
-1182. [bug] The server could throw an assertion failure when
- constructing a negative response packet.
-
-1181. [func] Add the "key-directory" configuration statement,
- which allows the server to look for online signing
- keys in alternate directories.
-
-1180. [func] dnssec-keygen should always generate keys with
- protocol 3 (DNSSEC), since it's less confusing
- that way.
-
-1179. [func] Add SIG(0) support to nsupdate.
-
-1178. [bug] Follow and cache (if appropriate) A6 and other
- data chains to completion in the additional section.
-
-1177. [func] Report view when loading zones if it is not a
- standard view (_default or _bind). [RT #2270]
-
-1176. [doc] Document that allow-v6-synthesis is only performed
- for clients that are supplied recursive service.
- [RT #2260]
-
-1175. [bug] named-checkzone and named-checkconf failed to call
- dns_result_register() at startup which could
- result in runtime exceptions when printing
- "out of memory" errors. [RT #2335]
-
-1174. [bug] Win32: add WSAECONNRESET to the expected errors
- from connect(). [RT #2308]
-
-1173. [bug] Potential memory leaks in isc_log_create() and
- isc_log_settag(). [RT #2336]
-
-1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
- table of RR types in ARM.
-
-1171. [func] Added function isc_region_compare(), updated files in
- lib/dns to use this function instead of local one.
-
-1170. [bug] Don't attempt to print the token when a I/O error
- occurs when parsing named.conf. [RT #2275]
-
-1169. [func] Identify recursive queries in the query log.
-
-1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
-
-1167. [contrib] nslint-2.1a3 (from author).
-
-1166. [bug] "Not Implemented" should be reported as NOTIMP,
- not NOTIMPL. [RT #2281]
-
-1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
-
-1164. [bug] Empty masters clauses in slave / stub zones were not
- handled gracefully. [RT #2262]
-
-1163. [func] isc_time_formattimestamp() now includes the year.
-
-1162. [bug] The allow-notify option was not accepted in slave
- zone statements.
-
-1161. [bug] named-checkzone looped on unbalanced brackets.
- [RT #2248]
-
-1160. [bug] Generating Diffie-Hellman keys longer than 1024
- bits could fail. [RT #2241]
-
-1159. [bug] MD and MF are not permitted to be loaded by RFC1123.
-
-1158. [func] Report the client's address when logging notify
- messages.
-
-1157. [func] match-clients and match-destinations now accept
- keys. [RT #2045]
-
-1156. [port] The configure test for strsep() incorrectly
- succeeded on certain patched versions of
- AIX 4.3.3. [RT #2190]
-
-1155. [func] Recover from master files being removed from under
- us.
-
-1154. [bug] Don't attempt to obtain the netmask of a interface
- if there is no address configured. [RT #2176]
-
-1153. [func] 'rndc {stop|halt} -p' now reports the process id
- of the instance of named being shutdown.
-
-1152. [bug] libbind: read buffer overflows.
-
-1151. [bug] nslookup failed to check that the arguments to
- the port, timeout, and retry options were
- valid integers and in range. [RT #2099]
-
-1150. [bug] named incorrectly accepted TTL values
- containing plus or minus signs, such as
- 1d+1h-1s.
-
-1149. [func] New function isc_parse_uint32().
-
-1148. [func] 'rndc-confgen -a' now provides positive feedback.
-
-1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by
- the OS. listen-on-v6 { any; }; should no longer
- result in IPv4 queries be accepted. Similarly
- control { inet :: ... }; should no longer result
- in IPv4 connections being accepted. This can be
- overridden at compile time by defining
- ISC_ALLOW_MAPPED=1.
-
-1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
- supported by the OS by a new function
- isc_socket_ipv6only().
-
-1145. [func] "host" no longer reports a NOERROR/NODATA response
- by printing nothing. [RT #2065]
-
-1144. [bug] rndc-confgen would crash if both the -a and -t
- options were specified. [RT #2159]
-
-1143. [bug] When a trusted-keys statement was present and named
- was built without crypto support, it would leak memory.
-
-1142. [bug] dnssec-signzone would fail to delete temporary files
- in some failure cases. [RT #2144]
-
-1141. [bug] When named rejected a control message, it would
- leak a file descriptor and memory. It would also
- fail to respond, causing rndc to hang.
- [RT #2139, #2164]
-
-1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
- to the -s option. [RT #2138]
-
-1139. [func] It is now possible to flush a given name from the
- cache(s) via 'rndc flushname name [view]'. [RT #2051]
-
-1138. [func] It is now possible to flush a given name from the
- cache by calling the new function
- dns_cache_flushname().
-
-1137. [func] It is now possible to flush a given name from the
- ADB by calling the new function dns_adb_flushname().
-
-1136. [bug] CNAME records synthesized from DNAMEs did not
- have a TTL of zero as required by RFC2672.
- [RT #2129]
-
-1135. [func] You can now override the default syslog() facility for
- named/lwresd at compile time. [RT #1982]
-
-1134. [bug] Multi-threaded servers could deadlock in ferror()
- when reloading zone files. [RT #1951, #1998]
-
-1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on
- platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]
-
-1132. [func] Improve UPDATE prerequisite failure diagnostic messages.
-
-1131. [bug] The match-destinations view option did not work with
- IPv6 destinations. [RT #2073, #2074]
-
-1130. [bug] Log messages reporting an out-of-range serial number
- did not include the out-of-range number but the
- following token. [RT #2076]
-
-1129. [bug] Multi-threaded servers could crash under heavy
- resolution load due to a race condition. [RT #2018]
-
-1128. [func] sdb drivers can now provide RR data in either text
- or wire format, the latter using the new functions
- dns_sdb_putrdata() and dns_sdb_putnamedrdata().
-
-1127. [func] rndc: If the server to contact has multiple addresses,
- try all of them.
-
-1126. [bug] The server could access a freed event if shut
- down while a client start event was pending
- delivery. [RT #2061]
-
-1125. [bug] rndc: -k option was missing from usage message.
- [RT #2057]
-
-1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
- are now documented. [RT #2052]
-
-1123. [bug] dig +[no]fail did not match description. [RT #2052]
-
-1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
- [RT #2046]
-
-1121. [bug] The server could attempt to access a NULL zone
- table if shut down while resolving.
- [RT #1587, #2054]
-
-1120. [bug] Errors in options were not fatal. [RT #2002]
-
-1119. [func] Added support in Win32 for NTFS file/directory ACL's
- for access control.
-
-1118. [bug] On multi-threaded servers, a race condition
- could cause an assertion failure in resolver.c
- during resolver shutdown. [RT #2029]
-
-1117. [port] The configure check for in6addr_loopback incorrectly
- succeeded on AIX 4.3 when compiling with -O2
- because the test code was optimized away.
- [RT #2016]
-
-1116. [bug] Setting transfers in a server clause, transfers-in,
- or transfers-per-ns to a value greater than
- 2147483647 disabled transfers. [RT #2002]
-
-1115. [func] Set maximum values for cleaning-interval,
- heartbeat-interval, interface-interval,
- max-transfer-idle-in, max-transfer-idle-out,
- max-transfer-time-in, max-transfer-time-out,
- statistics-interval of 28 days and
- sig-validity-interval of 3660 days. [RT #2002]
-
-1114. [port] Ignore more accept() errors. [RT #2021]
-
-1113. [bug] The allow-update-forwarding option was ignored
- when specified in a view. [RT #2014]
-
-1112. [placeholder]
-
-1111. [bug] Multi-threaded servers could deadlock processing
- recursive queries due to a locking hierarchy
- violation in adb.c. [RT #2017]
-
-1110. [bug] dig should only accept valid abbreviations of +options.
- [RT #2003]
-
-1109. [bug] nsupdate accepted illegal ttl values.
-
-1108. [bug] On Win32, rndc was hanging when named was not running
- due to failure to select for exceptional conditions
- in select(). [RT #1870]
-
-1107. [bug] nsupdate could catch an assertion failure if an
- invalid domain name was given as the argument to
- the "zone" command.
-
-1106. [bug] After seeing an out of range TTL, nsupdate would
- treat all TTLs as out of range. [RT #2001]
-
-1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
-
-1104. [bug] Invalid arguments to the transfer-format option
- could cause an assertion failure. [RT #1995]
-
-1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
-
-1102. [doc] Note that query logging is enabled by directing the
- queries category to a channel.
-
-1101. [bug] Array bounds read error in lwres_gai_strerror.
-
-1100. [bug] libbind: DNSSEC key ids were computed incorrectly.
-
-1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
- compile time errors.
-
-1098. [bug] libbind: HMAC-MD5 key files are now mode 0600.
-
-1097. [func] libbind: RES_PRF_TRUNC for dig.
-
-1096. [func] libbind: "DNSSEC OK" (DO) support.
-
-1095. [func] libbind: resolver option: no-tld-query. disables
- trying unqualified as a tld. no_tld_query is also
- supported for FreeBSD compatibility.
-
-1094. [func] libbind: add support gcc's format string checking.
-
-1093. [doc] libbind: miscellaneous nroff fixes.
-
-1092. [bug] libbind: get*by*() failed to check if res_init() had
- been called.
-
-1091. [bug] libbind: misplaced va_end().
-
-1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
- the amount of memory consumed resulting in garbage
- address being returned. Alignment calculations were
- wasting space. We weren't suppressing duplicate
- addresses.
-
-1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
- support.
-
-1088. [port] libbind: MPE/iX C.70 (incomplete)
-
-1087. [bug] libbind: struct __res_state too large on 64 bit arch.
-
-1086. [port] libbind: sunos: old sprintf.
-
-1085. [port] libbind: solaris: sys_nerr and sys_errlist do not
- exist when compiling in 64 bit mode.
-
-1084. [cleanup] libbind: gai_strerror() rewritten.
-
-1083. [bug] The default control channel listened on the
- wildcard address, not the loopback as documented.
- [RT #1975]
-
-1082. [bug] The -g option to named incorrectly caused logging
- to be sent to syslog in addition to stderr.
- [RT #1974]
-
-1081. [bug] Multicast queries were incorrectly identified
- based on the source address, not the destination
- address.
-
-1080. [bug] BIND 8 compatibility: accept bare IP prefixes
- as the second element of a two-element top level
- sort list statement. [RT #1964]
-
-1079. [bug] BIND 8 compatibility: accept bare elements at top
- level of sort list treating them as if they were
- a single element list. [RT #1963]
-
-1078. [bug] We failed to correct bad tv_usec values in one case.
- [RT #1966]
-
-1077. [func] Do not accept further recursive clients when
- the total number of recursive lookups being
- processed exceeds max-recursive-clients, even
- if some of the lookups are internally generated.
- [RT #1915, #1938]
-
-1076. [bug] A badly defined global key could trigger an assertion
- on load/reload if views were used. [RT #1947]
-
-1075. [bug] Out-of-range network prefix lengths were not
- reported. [RT #1954]
-
-1074. [bug] Running out of memory in dump_rdataset() could
- cause an assertion failure. [RT #1946]
-
-1073. [bug] The ADB cache cleaning should also be space driven.
- [RT #1915, #1938]
-
-1072. [bug] The TCP client quota could be exceeded when
- recursion occurred. [RT #1937]
-
-1071. [bug] Sockets listening for TCP DNS connections
- specified an excessive listen backlog. [RT #1937]
-
-1070. [bug] Copy DNSSEC OK (DO) to response as specified by
- draft-ietf-dnsext-dnssec-okbit-03.txt.
-
-1069. [placeholder]
-
-1068. [bug] errno could be overwritten by catgets(). [RT #1921]
-
-1067. [func] Allow quotas to be soft, isc_quota_soft().
-
-1066. [bug] Provide a thread safe wrapper for strerror().
- [RT #1689]
-
-1065. [func] Runtime support to select new / old style interface
- scanning using ioctls.
-
-1064. [bug] Do not shut down active network interfaces if we
- are unable to scan the interface list. [RT #1921]
-
-1063. [bug] libbind: "make install" was failing on IRIX.
- [RT #1919]
-
-1062. [bug] If the control channel listener socket was shut
- down before server exit, the listener object could
- be freed twice. [RT #1916]
-
-1061. [bug] If periodic cache cleaning happened to start
- while cleaning due to reaching the configured
- maximum cache size was in progress, the server
- could catch an assertion failure. [RT #1912]
-
-1060. [func] Move refresh, stub and notify UDP retry processing
- into dns_request.
-
-1059. [func] dns_request now support will now retry UDP queries,
- dns_request_createvia2() and dns_request_createraw2().
-
-1058. [func] Limited lifetime ticker timers are now available,
- isc_timertype_limited.
-
-1057. [bug] Reloading the server after adding a "file" clause
- to a zone statement could cause the server to
- crash due to a typo in change 1016.
-
-1056. [bug] Rndc could catch an assertion failure on SIGINT due
- to an uninitialized variable. [RT #1908]
-
-1055. [func] Version and hostname queries can now be disabled
- using "version none;" and "hostname none;",
- respectively.
-
-1054. [bug] On Win32, cfg_categories and cfg_modules need to be
- exported from the libisccfg DLL.
-
-1053. [bug] Dig did not increase its timeout when receiving
- AXFRs unless the +time option was used. [RT #1904]
-
-1052. [bug] Journals were not being created in binary mode
- resulting in "journal format not recognized" error
- under Win32. [RT #1889]
-
-1051. [bug] Do not ignore a network interface completely just
- because it has a noncontiguous netmask. Instead,
- omit it from the localnets ACL and issue a warning.
- [RT #1891]
-
-1050. [bug] Log messages reporting malformed IP addresses in
- address lists such as that of the forwarders option
- failed to include the correct error code, file
- name, and line number. [RT #1890]
-
-1049. [func] "pid-file none;" will disable writing a pid file.
- [RT #1848]
-
-1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
- didn't work.
-
-1047. [bug] named was incorrectly refusing all requests signed
- with a TSIG key derived from an unsigned TKEY
- negotiation with a NOERROR response. [RT #1886]
-
-1046. [bug] The help message for the --with-openssl configure
- option was inaccurate. [RT #1880]
-
-1045. [bug] It was possible to skip saving glue for a nameserver
- for a stub zone.
-
-1044. [bug] Specifying allow-transfer, notify-source, or
- notify-source-v6 in a stub zone was not treated
- as an error.
-
-1043. [bug] Specifying a transfer-source or transfer-source-v6
- option in the zone statement for a master zone was
- not treated as an error. [RT #1876]
-
-1042. [bug] The "config" logging category did not work properly.
- [RT #1873]
-
-1041. [bug] Dig/host/nslookup could catch an assertion failure
- on SIGINT due to an uninitialized variable. [RT #1867]
-
-1040. [bug] Multiple listen-on-v6 options with different ports
- were not accepted. [RT #1875]
-
-1039. [bug] Negative responses with CNAMEs in the answer section
- were cached incorrectly. [RT #1862]
-
-1038. [bug] In servers configured with a tkey-domain option,
- TKEY queries with an owner name other than the root
- could cause an assertion failure. [RT #1866, #1869]
-
-1037. [bug] Negative responses whose authority section contain
- SOA or NS records whose owner names are not equal
- equal to or parents of the query name should be
- rejected. [RT #1862]
-
-1036. [func] Silently drop requests received via multicast as
- long as there is no final multicast DNS standard.
-
-1035. [bug] If we respond to multicast queries (which we
- currently do not), respond from a unicast address
- as specified in RFC 1123. [RT #137]
-
-1034. [bug] Ignore the RD bit on multicast queries as specified
- in RFC 1123. [RT #137]
-
-1033. [bug] Always respond to requests with an unsupported opcode
- with NOTIMP, even if we don't have a matching view
- or cannot determine the class.
-
-1032. [func] hostname.bind/txt/chaos now returns the name of
- the machine hosting the nameserver. This is useful
- in diagnosing problems with anycast servers.
-
-1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
- [RT #1858]
-
-1030. [bug] On systems with no resolv.conf file, nsupdate
- exited with an error rather than defaulting
- to using the loopback address. [RT #1836]
-
-1029. [bug] Some named.conf errors did not cause the loading
- of the configuration file to return a failure
- status even though they were logged. [RT #1847]
-
-1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf
- in the wrong directory. [RT #1833]
-
-1027. [bug] RRs having the reserved type 0 should be rejected.
- [RT #1471]
-
-1026. [placeholder]
-
-1025. [bug] Don't use multicast addresses to resolve iterative
- queries. [RT #101]
-
-1024. [port] Compilation failed on HP-UX 11.11 due to
- incompatible use of the SIOCGLIFCONF macro
- name. [RT #1831]
-
-1023. [func] Accept hints without TTLs.
-
-1022. [bug] Don't report empty root hints as "extra data".
- [RT #1802]
-
-1021. [bug] On Win32, log message timestamps were one month
- later than they should have been, and the server
- would exhibit unspecified behavior in December.
-
-1020. [bug] IXFR log messages did not distinguish between
- true IXFRs, AXFR-style IXFRs, and mere version
- polls. [RT #1811]
-
-1019. [bug] The value of the lame-ttl option was limited to 18000
- seconds, not 1800 seconds as documented. [RT #1803]
-
-1018. [bug] The default log channel was not always initialized
- correctly. [RT #1813]
-
-1017. [bug] When specifying TSIG keys to dig and nsupdate using
- the -k option, they must be HMAC-MD5 keys. [RT #1810]
-
-1016. [bug] Slave zones with no backup file were re-transferred
- on every server reload.
-
-1015. [bug] Log channels that had a "versions" option but no
- "size" option failed to create numbered log
- files. [RT #1783]
-
-1014. [bug] Some queries would cause statistics counters to
- increment more than once or not at all. [RT #1321]
-
-1013. [bug] It was possible to cancel a query twice when marking
- a server as bogus or by having a blackhole acl.
- [RT #1776]
-
-1012. [bug] The -p option to named did not behave as documented.
-
-1011. [cleanup] Removed isc_dir_current().
-
-1010. [bug] The server could attempt to execute a command channel
- command after initiating server shutdown, causing
- an assertion failure. [RT #1766]
-
-1009. [port] OpenUNIX 8 support. [RT #1728]
-
-1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2.
-
-1007. [port] config.guess, config.sub from autoconf-2.52.
-
-1006. [bug] If a KEY RR was found missing during DNSSEC validation,
- an assertion failure could subsequently be triggered
- in the resolver. [RT #1763]
-
-1005. [bug] Don't copy nonzero RCODEs from request to response.
- [RT #1765]
-
-1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770]
-
-1003. [func] Add the +retry option to dig.
-
-1002. [bug] When reporting an unknown class name in named.conf,
- including the file name and line number. [RT #1759]
-
-1001. [bug] win32 socket code doio_recv was not catching a
- WSACONNRESET error when a client was timing out
- the request and closing its socket. [RT #1745]
-
-1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias
- for class "HS". [RT #1759]
-
- 999. [func] "rndc retransfer zone [class [view]]" added.
- [RT #1752]
-
- 998. [func] named-checkzone now has arguments to specify the
- chroot directory (-t) and working directory (-w).
- [RT #1755]
-
- 997. [func] Add support for RSA-SHA1 keys (RFC3110).
-
- 996. [func] Issue warning if the configuration filename contains
- the chroot path.
-
- 995. [bug] dig, host, nslookup: using a raw IPv6 address as a
- target address should be fatal on a IPv4 only system.
-
- 994. [func] Treat non-authoritative responses to queries for type
- NS as referrals even if the NS records are in the
- answer section, because BIND 8 servers incorrectly
- send them that way. This is necessary for DNSSEC
- validation of the NS records of a secure zone to
- succeed when the parent is a BIND 8 server. [RT #1706]
-
- 993. [func] dig: -v now reports the version.
-
- 992. [doc] dig: ~/.digrc is now documented.
-
- 991. [func] Lower UDP refresh timeout messages to level
- debug 1.
-
- 990. [bug] The rndc-confgen man page was not installed.
-
- 989. [bug] Report filename if $INCLUDE fails for file related
- errors. [RT #1736]
-
- 988. [bug] 'additional-from-auth no;' did not work reliably
- in the case of queries answered from the cache.
- [RT #1436]
-
- 987. [bug] "dig -help" didn't show "+[no]stats".
-
- 986. [bug] "dig +noall" failed to clear stats and command
- printing.
-
- 985. [func] Consider network interfaces to be up iff they have
- a nonzero IP address rather than based on the
- IFF_UP flag. [RT #1160]
-
- 984. [bug] Multi-threading should be enabled by default on
- Solaris 2.7 and newer, but it wasn't.
-
- 983. [func] The server now supports generating IXFR difference
- sequences for non-dynamic zones by comparing zone
- versions, when enabled using the new config
- option "ixfr-from-differences". [RT #1727]
-
- 982. [func] If "memstatistics-file" is set in options the memory
- statistics will be written to it.
-
- 981. [func] The dnssec tools can now take multiple '-r randomfile'
- arguments.
-
- 980. [bug] Incoming zone transfers restarting after an error
- could trigger an assertion failure. [RT #1692]
-
- 979. [func] Incremental master file dumping. dns_master_dumpinc(),
- dns_master_dumptostreaminc(), dns_dumpctx_attach(),
- dns_dumpctx_detach(), dns_dumpctx_cancel(),
- dns_dumpctx_db() and dns_dumpctx_version().
-
- 978. [bug] dns_db_attachversion() had an invalid REQUIRE()
- condition.
-
- 977. [bug] Improve "not at top of zone" error message.
-
- 976. [func] named-checkconf can now test load master zones
- (named-checkconf -z). [RT #1468]
-
- 975. [bug] "max-cache-size default;" as a view option
- caused an assertion failure.
-
- 974. [bug] "max-cache-size unlimited;" as a global option
- was not accepted.
-
- 973. [bug] Failed to log the question name when logging:
- "bad zone transfer request: non-authoritative zone
- (NOTAUTH)".
-
- 972. [bug] The file modification time code in zone.c was using the
- wrong epoch. [RT #1667]
-
- 971. [placeholder]
-
- 970. [func] 'max-journal-size' can now be used to set a target
- size for a journal.
-
- 969. [func] dig now supports the undocumented dig 8 feature
- of allowing arbitrary labels, not just dotted
- decimal quads, with the -x option. This can be
- used to conveniently look up RFC2317 names as in
- "dig -x 10.0.0.0-127". [RT #827, #1576, #1598]
-
- 968. [bug] On win32, the isc_time_now() function was unnecessarily
- calling strtime(). [RT #1671]
-
- 967. [bug] On win32, the link for bindevt was not including the
- required resource file to enable the event viewer
- to interpret the error messages in the event log,
- [RT #1668]
-
- 966. [placeholder]
-
- 965. [bug] Including data other than root server NS and A
- records in the root hint file could cause a rbtdb
- node reference leak. [RT #1581, #1618]
-
- 964. [func] Warn if data other than root server NS and A records
- are found in the root hint file. [RT #1581, #1618]
-
- 963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
-
- 962. [bug] libbind: bad "#undef", don't attempt to install
- non-existent nlist.h. [RT #1640]
-
- 961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
- was not defined. [RT #1482]
-
- 960. [port] liblwres failed to build on systems with support for
- getrrsetbyname() in the OS. [RT #1592]
-
- 959. [port] On FreeBSD, determine the number of CPUs by calling
- sysctlbyname(). [RT #1584]
-
- 958. [port] ssize_t is not available on all platforms. [RT #1607]
-
- 957. [bug] sys/select.h inclusion was broken on older platforms.
- [RT #1607]
-
- 956. [bug] ns_g_autorndcfile changed to ns_g_keyfile
- in named/win32/os.c due to code changes in
- change #953. win32 .make file for rndc-confgen
- updated to add include path for os.h header.
-
- --- 9.2.0rc1 released ---
-
- 955. [bug] When using views, the zone's class was not being
- inherited from the view's class. [RT #1583]
-
- 954. [bug] When requesting AXFRs or IXFRs using dig, host, or
- nslookup, the RD bit should not be set as zone
- transfers are inherently non-recursive. [RT #1575]
-
- 953. [func] The /var/run/named.key file from change #843
- has been replaced by /etc/rndc.key. Both
- named and rndc will look for this file and use
- it to configure a default control channel key
- if not already configured using a different
- method (rndc.conf / controls). Unlike
- named.key, rndc.key is not created automatically;
- it must be created by manually running
- "rndc-confgen -a".
-
- 952. [bug] The server required manual intervention to serve the
- affected zones if it died between creating a journal
- and committing the first change to it.
-
- 951. [bug] CFLAGS was not passed to the linker when
- linking some of the test programs under
- bin/tests. [RT #1555].
-
- 950. [bug] Explicit TTLs did not properly override $TTL
- due to a bug in change 834. [RT #1558]
-
- 949. [bug] host was unable to print records larger than 512
- bytes. [RT #1557]
-
- --- 9.2.0b2 released ---
-
- 948. [port] Integrated support for building on Windows NT /
- Windows 2000.
-
- 947. [bug] dns_rdata_soa_t had a badly named element "mname" which
- was really the RNAME field from RFC1035. To avoid
- confusion and silent errors that would occur it the
- "origin" and "mname" elements were given their correct
- names "mname" and "rname" respectively, the "mname"
- element is renamed to "contact".
-
- 946. [cleanup] doc/misc/options is now machine-generated from the
- configuration parser syntax tables, and therefore
- more likely to be correct.
-
- 945. [func] Add the new view-specific options
- "match-destinations" and "match-recursive-only".
-
- 944. [func] Check for expired signatures on load.
-
- 943. [bug] The server could crash when receiving a command
- via rndc if the configuration file listed only
- nonexistent keys in the controls statement. [RT #1530]
-
- 942. [port] libbind: GETNETBYADDR_ADDR_T was not correctly
- defined on some platforms.
-
- 941. [bug] The configuration checker crashed if a slave
- zone didn't contain a masters statement. [RT #1514]
-
- 940. [bug] Double zone locking failure on error path. [RT #1510]
-
- --- 9.2.0b1 released ---
-
- 939. [port] Add the --disable-linux-caps option to configure for
- systems that manage capabilities outside of named.
- [RT #1503]
-
- 938. [placeholder]
-
- 937. [bug] A race when shutting down a zone could trigger a
- INSIST() failure. [RT #1034]
-
- 936. [func] Warn about IPv4 addresses that are not complete
- dotted quads. [RT #1084]
-
- 935. [bug] inet_pton failed to reject leading zeros.
-
- 934. [port] Deal with systems where accept() spuriously returns
- ECONNRESET.
-
- 933. [bug] configure failed doing libbind on platforms not
- supported by BIND 8. [RT #1496]
-
- --- 9.2.0a3 released ---
-
- 932. [bug] Use INSTALL_SCRIPT, not INSTALL_PROGRAM,
- when installing isc-config.sh.
- [RT #198, #1466]
-
- 931. [bug] The controls statement only attempted to verify
- messages using the first key in the key list.
- (9.2.0a1/a2 only).
-
- 930. [func] Query performance testing tool added as
- contrib/queryperf.
-
- 929. [placeholder]
-
- 928. [bug] nsupdate would send empty update packets if the
- send (or empty line) command was run after
- another send but before any new updates or
- prerequisites were specified. It should simply
- ignore this command.
-
- 927. [bug] Don't hold the zone lock for the entire dump to disk.
- [RT #1423]
-
- 926. [bug] The resolver could deadlock with the ADB when
- shutting down (multi-threaded builds only).
- [RT #1324]
-
- 925. [cleanup] Remove openssl from the distribution; require that
- --with-openssl be specified if DNSSEC is needed.
-
- 924. [port] Extend support for pre-RFC2133 IPv6 implementation.
- [RT #987]
-
- 923. [bug] Multiline TSIG secrets (and other multiline strings)
- were not accepted in named.conf. [RT #1469]
-
- 922. [func] Added two new lwres_getrrsetbyname() result codes,
- ERR_NONAME and ERR_NODATA.
-
- 921. [bug] lwres returned an incorrect error code if it received
- a truncated message.
-
- 920. [func] Increase the lwres receive buffer size to 16K.
- [RT #1451]
-
- 919. [placeholder]
-
- 918. [func] In nsupdate, TSIG errors are no longer treated as
- fatal errors.
-
- 917. [func] New nsupdate command 'key', allowing TSIG keys to
- be specified in the nsupdate command stream rather
- than the command line.
-
- 916. [bug] Specifying type ixfr to dig without specifying
- a serial number failed in unexpected ways.
-
- 915. [func] The named-checkconf and named-checkzone programs
- now have a '-v' option for printing their version.
- [RT #1151]
-
- 914. [bug] Global 'server' statements were rejected when
- using views, even though they were accepted
- in 9.1. [RT #1368]
-
- 913. [bug] Cache cleaning was not sufficiently aggressive.
- [RT #1441, #1444]
-
- 912. [bug] Attempts to set the 'additional-from-cache' or
- 'additional-from-auth' option to 'no' in a
- server with recursion enabled will now
- be ignored and cause a warning message.
- [RT #1145]
-
- 911. [placeholder]
-
- 910. [port] Some pre-RFC2133 IPv6 implementations do not define
- IN6ADDR_ANY_INIT. [RT #1416]
-
- 909. [placeholder]
-
- 908. [func] New program, rndc-confgen, to simplify setting up rndc.
-
- 907. [func] The ability to get entropy from either the
- random device, a user-provided file or from
- the keyboard was migrated from the DNSSEC tools
- to libisc as isc_entropy_usebestsource().
-
- 906. [port] Separated the system independent portion of
- lib/isc/unix/entropy.c into lib/isc/entropy.c
- and added lib/isc/win32/entropy.c.
-
- 905. [bug] Configuring a forward "zone" for the root domain
- did not work. [RT #1418]
-
- 904. [bug] The server would leak memory if attempting to use
- an expired TSIG key. [RT #1406]
-
- 903. [bug] dig should not crash when receiving a TCP packet
- of length 0.
-
- 902. [bug] The -d option was ignored if both -t and -g were also
- specified.
-
- 901. [placeholder]
-
- 900. [bug] A config.guess update changed the system identification
- string of FreeBSD systems; configure and
- bin/tests/system/ifconfig.sh now recognize the new
- string.
-
- --- 9.2.0a2 released ---
-
- 899. [bug] lib/dns/soa.c failed to compile on many platforms
- due to inappropriate use of a void value.
- [RT #1372, #1373, #1386, #1387, #1395]
-
- 898. [bug] "dig" failed to set a nonzero exit status
- on UDP query timeout. [RT #1323]
-
- 897. [bug] A config.guess update changed the system identification
- string of UnixWare systems; configure now recognizes
- the new string.
-
- 896. [bug] If a configuration file is set on named's command line
- and it has a relative pathname, the current directory
- (after any possible jailing resulting from named -t)
- will be prepended to it so that reloading works
- properly even when a directory option is present.
-
- 895. [func] New function, isc_dir_current(), akin to POSIX's
- getcwd().
-
- 894. [bug] When using the DNSSEC tools, a message intended to warn
- when the keyboard was being used because of the lack
- of a suitable random device was not being printed.
-
- 893. [func] Removed isc_file_test() and added isc_file_exists()
- for the basic functionality that was being added
- with isc_file_test().
-
- 892. [placeholder]
-
- 891. [bug] Return an error when a SIG(0) signed response to
- an unsigned query is seen. This should actually
- do the verification, but it's not currently
- possible. [RT #1391]
-
- 890. [cleanup] The man pages no longer require the mandoc macros
- and should now format cleanly using most versions of
- nroff, and HTML versions of the man pages have been
- added. Both are generated from DocBook source.
-
- 889. [port] Eliminated blank lines before .TH in nroff man
- pages since they cause problems with some versions
- of nroff. [RT #1390]
-
- 888. [bug] Don't die when using TKEY to delete a nonexistent
- TSIG key. [RT #1392]
-
- 887. [port] Detect broken compilers that can't call static
- functions from inline functions. [RT #1212]
-
- 886. [placeholder]
-
- 885. [placeholder]
-
- 884. [placeholder]
-
- 883. [placeholder]
-
- 882. [placeholder]
-
- 881. [placeholder]
-
- 880. [placeholder]
-
- 879. [placeholder]
-
- 878. [placeholder]
-
- 877. [placeholder]
-
- 876. [placeholder]
-
- 875. [placeholder]
-
- 874. [placeholder]
-
- 873. [placeholder]
-
- 872. [placeholder]
-
- 871. [placeholder]
-
- 870. [placeholder]
-
- 869. [placeholder]
-
- 868. [placeholder]
-
- 867. [placeholder]
-
- 866. [func] Close debug only file channels when debug is set to
- zero. [RT #1246]
-
- 865. [bug] The new configuration parser did not allow
- the optional debug level in a "severity debug"
- clause of a logging channel to be omitted.
- This is now allowed and treated as "severity
- debug 1;" like it does in BIND 8.2.4, not as
- "severity debug 0;" like it did in BIND 9.1.
- [RT #1367]
-
- 864. [cleanup] Multi-threading is now enabled by default on
- OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.
-
- 863. [bug] If an error occurred while an outgoing zone transfer
- was starting up, the server could access a domain
- name that had already been freed when logging a
- message saying that the transfer was starting.
- [RT #1383]
-
- 862. [bug] Use after realloc(), non portable pointer arithmetic in
- grmerge().
-
- 861. [port] Add support for Mac OS X, by making it equivalent
- to Darwin. This was derived from the config.guess
- file shipped with Mac OS X. [RT #1355]
-
- 860. [func] Drop cross class glue in zone transfers.
-
- 859. [bug] Cache cleaning now won't swamp the CPU if there
- is a persistent over limit condition.
-
- 858. [func] isc_mem_setwater() no longer requires that when the
- callback function is non-NULL then its hi_water
- argument must be greater than its lo_water argument
- (they can now be equal) or that they be non-zero.
-
- 857. [cleanup] Use ISC_MAGIC() to define all magic numbers for
- structs, for our friends in EBCDIC-land.
-
- 856. [func] Allow partial rdatasets to be returned in answer and
- authority sections to help non-TCP capable clients
- recover from truncation. [RT #1301]
-
- 855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings.
-
- 854. [bug] The config parser didn't properly handle config
- options that were specified in units of time other
- than seconds. [RT #1372]
-
- 853. [bug] configure_view_acl() failed to detach existing acls.
- [RT #1374]
-
- 852. [bug] Handle responses from servers which do not know
- about IXFR.
-
- 851. [cleanup] The obsolete support-ixfr option was not properly
- ignored.
-
- --- 9.2.0a1 released ---
-
- 850. [bug] dns_rbt_findnode() would not find nodes that were
- split on a bitstring label somewhere other than in
- the last label of the node. [RT #1351]
-
- 849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
-
- 848. [func] A minimum max-cache-size of two megabytes is enforced
- by the cache cleaner.
-
- 847. [func] Added isc_file_test(), which currently only has
- some very basic functionality to test for the
- existence of a file, whether a pathname is absolute,
- or whether a pathname is the fundamental representation
- of the current directory. It is intended that this
- function can be expanded to test other things a
- programmer might want to know about a file.
-
- 846. [func] A non-zero 'param' to dst_key_generate() when making an
- hmac-md5 key means that good entropy is not required.
-
- 845. [bug] The access rights on the public file of a symmetric
- key are now restricted as soon as the file is opened,
- rather than after it has been written and closed.
-
- 844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
- just as <lwres/net.h> does.
-
- 843. [func] If no controls statement is present in named.conf,
- or if any inet phrase of a controls statement is
- lacking a keys clause, then a key will be automatically
- generated by named and an rndc.conf-style file
- named named.key will be written that uses it. rndc
- will use this file only if its normal configuration
- file, or one provided on the command line, does not
- exist.
-
- 842. [func] 'rndc flush' now takes an optional view.
-
- 841. [bug] When sdb modules were not declared threadsafe, their
- create and destroy functions were not serialized.
-
- 840. [bug] The config file parser could print the wrong file
- name if an error was detected after an included file
- was parsed. [RT #1353]
-
- 839. [func] Dump packets for which there was no view or that the
- class could not be determined to category "unmatched".
-
- 838. [port] UnixWare 7.x.x is now suported by
- bin/tests/system/ifconfig.sh.
-
- 837. [cleanup] Multi-threading is now enabled by default only on
- OSF1, Solaris 2.7 and newer, and AIX.
-
- 836. [func] Upgraded libtool to 1.4.
-
- 835. [bug] The dispatcher could enter a busy loop if
- it got an I/O error receiving on a UDP socket.
- [RT #1293]
-
- 834. [func] Accept (but warn about) master files beginning with
- an SOA record without an explicit TTL field and
- lacking a $TTL directive, by using the SOA MINTTL
- as a default TTL. This is for backwards compatibility
- with old versions of BIND 8, which accepted such
- files without warning although they are illegal
- according to RFC1035.
-
- 833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
- <dns/soa.h>, and extended them to support
- all the integer-valued fields of the SOA RR.
-
- 832. [bug] The default location for named.conf in named-checkconf
- should depend on --sysconfdir like it does in named.
- [RT #1258]
-
- 831. [placeholder]
-
- 830. [func] Implement 'rndc status'.
-
- 829. [bug] The DNS_R_ZONECUT result code should only be returned
- when an ANY query is made with DNS_DBFIND_GLUEOK set.
- In all other ANY query cases, returning the delegation
- is better.
-
- 828. [bug] The errno value from recvfrom() could be overwritten
- by logging code. [RT #1293]
-
- 827. [bug] When an IXFR protocol error occurs, the slave
- should retry with AXFR.
-
- 826. [bug] Some IXFR protocol errors were not detected.
-
- 825. [bug] zone.c:ns_query() detached from the wrong zone
- reference. [RT #1264]
-
- 824. [bug] Correct line numbers reported by dns_master_load().
- [RT #1263]
-
- 823. [func] The output of "dig -h" now goes to stdout so that it
- can easily be piped through "more". [RT #1254]
-
- 822. [bug] Sending nxrrset prerequisites would crash nsupdate.
- [RT #1248]
-
- 821. [bug] The program name used when logging to syslog should
- be stripped of leading path components.
- [RT #1178, #1232]
-
- 820. [bug] Name server address lookups failed to follow
- A6 chains into the glue of local authoritative
- zones.
-
- 819. [bug] In certain cases, the resolver's attempts to
- restart an address lookup at the root could cause
- the fetch to deadlock (with itself) instead of
- restarting. [RT #1225]
-
- 818. [bug] Certain pathological responses to ANY queries could
- cause an assertion failure. [RT #1218]
-
- 817. [func] Adjust timeouts for dialup zone queries.
-
- 816. [bug] Report potential problems with log file accessibility
- at configuration time, since such problems can't
- reliably be reported at the time they actually occur.
-
- 815. [bug] If a log file was specified with a path separator
- character (i.e. "/") in its name and the directory
- did not exist, the log file's name was treated as
- though it were the directory name. [RT #1189]
-
- 814. [bug] Socket objects left over from accept() failures
- were incorrectly destroyed, causing corruption
- of socket manager data structures.
-
- 813. [bug] File descriptors exceeding FD_SETSIZE were handled
- badly. [RT #1192]
-
- 812. [bug] dig sometimes printed incomplete IXFR responses
- due to an uninitialized variable. [RT #1188]
-
- 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
-
- 810. [bug] The signer name in SIG records was not properly
- down-cased when signing/verifying records. [RT #1186]
-
- 809. [bug] Configuring a non-local address as a transfer-source
- could cause an assertion failure during load.
-
- 808. [func] Add 'rndc flush' to flush the server's cache.
-
- 807. [bug] When setting up TCP connections for incoming zone
- transfers, the transfer-source port was not
- ignored like it should be.
-
- 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
- the calling stack to the zone maintenance level,
- causing zones to not reload when an included file was
- touched but the top-level zone file was not.
-
- 805. [bug] When using "forward only", missing root hints should
- not cause queries to fail. [RT #1143]
-
- 804. [bug] Attempting to obtain entropy could fail in some
- situations. This would be most common on systems
- with user-space threads. [RT #1131]
-
- 803. [bug] Treat all SIG queries as if they have the CD bit set,
- otherwise no data will be returned [RT #749]
-
- 802. [bug] DNSSEC key tags were computed incorrectly in almost
- all cases. [RT #1146]
-
- 801. [bug] nsupdate should treat lines beginning with ';' as
- comments. [RT #1139]
-
- 800. [bug] dnssec-signzone produced incorrect statistics for
- large zones. [RT #1133]
-
- 799. [bug] The ADB didn't find AAAA glue in a zone unless A6
- glue was also present.
-
- 798. [bug] nsupdate should be able to reject bad input lines
- and continue. [RT #1130]
-
- 797. [func] Issue a warning if the 'directory' option contains
- a relative path. [RT #269]
-
- 796. [func] When a size limit is associated with a log file,
- only roll it when the size is reached, not every
- time the log file is opened. [RT #1096]
-
- 795. [func] Add the +multiline option to dig. [RT #1095]
-
- 794. [func] Implement the "port" and "default-port" statements
- in rndc.conf.
-
- 793. [cleanup] The DNSSEC tools could create filenames that were
- illegal or contained shell meta-characters. They
- now use a different text encoding of names that
- doesn't have these problems. [RT #1101]
-
- 792. [cleanup] Replace the OMAPI command channel protocol with a
- simpler one.
-
- 791. [bug] The command channel now works over IPv6.
-
- 790. [bug] Wildcards created using dynamic update or IXFR
- could fail to match. [RT #1111]
-
- 789. [bug] The "localhost" and "localnets" ACLs did not match
- when used as the second element of a two-element
- sortlist item.
-
- 788. [func] Add the "match-mapped-addresses" option, which
- causes IPv6 v4mapped addresses to be treated as
- IPv4 addresses for the purpose of acl matching.
-
- 787. [bug] The DNSSEC tools failed to downcase domain
- names when mapping them into file names.
-
- 786. [bug] When DNSSEC signing/verifying data, owner names were
- not properly down-cased.
-
- 785. [bug] A race condition in the resolver could cause
- an assertion failure. [RT #673, #872, #1048]
-
- 784. [bug] nsupdate and other programs would not quit properly
- if some signals were blocked by the caller. [RT #1081]
-
- 783. [bug] Following CNAMEs could cause an assertion failure
- when either using an sdb database or under very
- rare conditions.
-
- 782. [func] Implement the "serial-query-rate" option.
-
- 781. [func] Avoid error packet loops by dropping duplicate FORMERR
- responses. [RT #1006]
-
- 780. [bug] Error handling code dealing with out of memory or
- other rare errors could lead to assertion failures
- by calling functions on uninitialized names. [RT #1065]
-
- 779. [func] Added the "minimal-responses" option.
-
- 778. [bug] When starting cache cleaning, cleaning_timer_action()
- returned without first pausing the iterator, which
- could cause deadlock. [RT #998]
-
- 777. [bug] An empty forwarders list in a zone failed to override
- global forwarders. [RT #995]
-
- 776. [func] Improved error reporting in denied messages. [RT #252]
-
- 775. [placeholder]
-
- 774. [func] max-cache-size is implemented.
-
- 773. [func] Added isc_rwlock_trylock() to attempt to lock without
- blocking.
-
- 772. [bug] Owner names could be incorrectly omitted from cache
- dumps in the presence of negative caching entries.
- [RT #991]
-
- 771. [cleanup] TSIG errors related to unsynchronized clocks
- are logged better. [RT #919]
-
- 770. [func] Add the "edns yes_or_no" statement to the server
- clause. [RT #524]
-
- 769. [func] Improved error reporting when parsing rdata. [RT #740]
-
- 768. [bug] The server did not emit an SOA when a CNAME
- or DNAME chain ended in NXDOMAIN in an
- authoritative zone.
-
- 767. [placeholder]
-
- 766. [bug] A few cases in query_find() could leak fname.
- This would trigger the mpctx->allocated == 0
- assertion when the server exited.
- [RT #739, #776, #798, #812, #818, #821, #845,
- #892, #935, #966]
-
- 765. [func] ACL names are once again case insensitive, like
- in BIND 8. [RT #252]
-
- 764. [func] Configuration files now allow "include" directives
- in more places, such as inside the "view" statement.
- [RT #377, #728, #860]
-
- 763. [func] Configuration files no longer have reserved words.
- [RT #731, #753]
-
- 762. [cleanup] The named.conf and rndc.conf file parsers have
- been completely rewritten.
-
- 761. [bug] _REENTRANT was still defined when building with
- --disable-threads.
-
- 760. [contrib] Significant enhancements to the pgsql sdb driver.
-
- 759. [bug] The resolver didn't turn off "avoid fetches" mode
- when restarting, possibly causing resolution
- to fail when it should not. This bug only affected
- platforms which support both IPv4 and IPv6. [RT #927]
-
- 758. [bug] The "avoid fetches" code did not treat negative
- cache entries correctly, causing fetches that would
- be useful to be avoided. This bug only affected
- platforms which support both IPv4 and IPv6. [RT #927]
-
- 757. [func] Log zone transfers.
-
- 756. [bug] dns_zone_load() could "return" success when no master
- file was configured.
-
- 755. [bug] Fix incorrectly formatted log messages in zone.c.
-
- 754. [bug] Certain failure conditions sending UDP packets
- could cause the server to retry the transmission
- indefinitely. [RT #902]
-
- 753. [bug] dig, host, and nslookup would fail to contact a
- remote server if getaddrinfo() returned an IPv6
- address on a system that doesn't support IPv6.
- [RT #917]
-
- 752. [func] Correct bad tv_usec elements returned by
- gettimeofday().
-
- 751. [func] Log successful zone loads / transfers. [RT #898]
-
- 750. [bug] A query should not match a DNAME whose trust level
- is pending. [RT #916]
-
- 749. [bug] When a query matched a DNAME in a secure zone, the
- server did not return the signature of the DNAME.
- [RT #915]
-
- 748. [doc] List supported RFCs in doc/misc/rfc-compliance.
- [RT #781]
-
- 747. [bug] The code to determine whether an IXFR was possible
- did not properly check for a database that could
- not have a journal. [RT #865, #908]
-
- 746. [bug] The sdb didn't clone rdatasets properly, causing
- a crash when the server followed delegations. [RT #905]
-
- 745. [func] Report the owner name of records that fail
- semantic checks while loading.
-
- 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the
- result of an ANY or SIG query, the resolver failed
- to setup the return event's rdatasets, causing an
- assertion failure in the query code. [RT #881]
-
- 743. [bug] Receiving a large number of certain malformed
- answers could cause named to stop responding.
- [RT #861]
-
- 742. [placeholder]
-
- 741. [port] Support openssl-engine. [RT #709]
-
- 740. [port] Handle openssl library mismatches slightly better.
-
- 739. [port] Look for /dev/random in configure, rather than
- assuming it will be there for only a predefined
- set of OSes.
-
- 738. [bug] If a non-threadsafe sdb driver supported AXFR and
- received an AXFR request, it would deadlock or die
- with an assertion failure. [RT #852]
-
- 737. [port] stdtime.c failed to compile on certain platforms.
-
- 736. [func] New functions isc_task_{begin,end}exclusive().
-
- 735. [doc] Add BIND 4 migration notes.
-
- 734. [bug] An attempt to re-lock the zone lock could occur if
- the server was shutdown during a zone transfer.
- [RT #830]
-
- 733. [bug] Reference counts of dns_acl_t objects need to be
- locked but were not. [RT #801, #821]
-
- 732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828]
-
- 731. [bug] Certain zone errors could cause named-checkzone to
- fail ungracefully. [RT #819]
-
- 730. [bug] lwres_getaddrinfo() returns the correct result when
- it fails to contact a server. [RT #768]
-
- 729. [port] pthread_setconcurrency() needs to be called on Solaris.
-
- 728. [bug] Fix comment processing on master file directives.
- [RT# 757]
-
- 727. [port] Work around OS bug where accept() succeeds but
- fails to fill in the peer address of the accepted
- connection, by treating it as an error rather than
- an assertion failure. [RT #809]
-
- 726. [func] Implement the "trace" and "notrace" commands in rndc.
-
- 725. [bug] Installing man pages could fail.
-
- 724. [func] New libisc functions isc_netaddr_any(),
- isc_netaddr_any6().
-
- 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
- to return DNS_R_SERVFAIL. [RT #783]
-
- 722. [func] Allow incremental loads to be canceled.
-
- 721. [cleanup] Load manager and dns_master_loadfilequota() are no
- more.
-
- 720. [bug] Server could enter infinite loop in
- dispatch.c:do_cancel(). [RT #733]
-
- 719. [bug] Rapid reloads could trigger an assertion failure.
- [RT #743, #763]
-
- 718. [cleanup] "internal" is no longer a reserved word in named.conf.
- [RT #753, #731]
-
- 717. [bug] Certain TKEY processing failure modes could
- reference an uninitialized variable, causing the
- server to crash. [RT #750]
-
- 716. [bug] The first line of a $INCLUDE master file was lost if
- an origin was specified. [RT #744]
-
- 715. [bug] Resolving some A6 chains could cause an assertion
- failure in adb.c. [RT #738]
-
- 714. [bug] Preserve interval timers across reloads unless changed.
- [RT# 729]
-
- 713. [func] named-checkconf takes '-t directory' similar to named.
- [RT #726]
-
- 712. [bug] Sending a large signed update message caused an
- assertion failure. [RT #718]
-
- 711. [bug] The libisc and liblwres implementations of
- inet_ntop contained an off by one error.
-
- 710. [func] The forwarders statement now takes an optional
- port. [RT #418]
-
- 709. [bug] ANY or SIG queries for data with a TTL of 0
- would return SERVFAIL. [RT #620]
-
- 708. [bug] When building with --with-openssl, the openssl headers
- included with BIND 9 should not be used. [RT #702]
-
- 707. [func] The "filename" argument to named-checkzone is no
- longer optional, to reduce confusion. [RT #612]
-
- 706. [bug] Zones with an explicit "allow-update { none; };"
- were considered dynamic and therefore not reloaded
- on SIGHUP or "rndc reload".
-
- 705. [port] Work out resource limit type for use where rlim_t is
- not available. [RT #695]
-
- 704. [port] RLIMIT_NOFILE is not available on all platforms.
- [RT #695]
-
- 703. [port] sys/select.h is needed on older platforms. [RT #695]
-
- 702. [func] If the address 0.0.0.0 is seen in resolv.conf,
- use 127.0.0.1 instead. [RT #693]
-
- 701. [func] Root hints are now fully optional. Class IN
- views use compiled-in hints by default, as
- before. Non-IN views with no root hints now
- provide authoritative service but not recursion.
- A warning is logged if a view has neither root
- hints nor authoritative data for the root. [RT #696]
-
- 700. [bug] $GENERATE range check was wrong. [RT #688]
-
- 699. [bug] The lexer mishandled empty quoted strings. [RT #694]
-
- 698. [bug] Aborting nsupdate with ^C would lead to several
- race conditions.
-
- 697. [bug] nsupdate was not compatible with the undocumented
- BIND 8 behavior of ignoring TTLs in "update delete"
- commands. [RT #693]
-
- 696. [bug] lwresd would die with an assertion failure when passed
- a zero-length name. [RT #692]
-
- 695. [bug] If the resolver attempted to query a blackholed or
- bogus server, the resolution would fail immediately.
-
- 694. [bug] $GENERATE did not produce the last entry.
- [RT #682, #683]
-
- 693. [bug] An empty lwres statement in named.conf caused
- the server to crash while loading.
-
- 692. [bug] Deal with systems that have getaddrinfo() but not
- gai_strerror(). [RT #679]
-
- 691. [bug] Configuring per-view forwarders caused an assertion
- failure. [RT #675, #734]
-
- 690. [func] $GENERATE now supports DNAME. [RT #654]
-
- 689. [doc] man pages are now installed. [RT #210]
-
- 688. [func] "make tags" now works on systems with the
- "Exuberant Ctags" etags.
-
- 687. [bug] Only say we have IPv6, with sufficient functionality,
- if it has actually been tested. [RT #586]
-
- 686. [bug] dig and nslookup can now be properly aborted during
- blocking operations. [RT #568]
-
- 685. [bug] nslookup should use the search list/domain options
- from resolv.conf by default. [RT #405, #630]
-
- 684. [bug] Memory leak with view forwarders. [RT #656]
-
- 683. [bug] File descriptor leak in isc_lex_openfile().
-
- 682. [bug] nslookup displayed SOA records incorrectly. [RT #665]
-
- 681. [bug] $GENERATE specifying output format was broken. [RT #653]
-
- 680. [bug] dns_rdata_fromstruct() mishandled options bigger
- than 255 octets.
-
- 679. [bug] $INCLUDE could leak memory and file descriptors on
- reload. [RT #639]
-
- 678. [bug] "transfer-format one-answer;" could trigger an assertion
- failure. [RT #646]
-
- 677. [bug] dnssec-signzone would occasionally use the wrong ttl
- for database operations and fail. [RT #643]
-
- 676. [bug] Log messages about lame servers to category
- 'lame-servers' rather than 'resolver', so as not
- to be gratuitously incompatible with BIND 8.
-
- 675. [bug] TKEY queries could cause the server to leak
- memory.
-
- 674. [func] Allow messages to be TSIG signed / verified using
- a offset from the current time.
-
- 673. [func] The server can now convert RFC1886-style recursive
- lookup requests into RFC2874-style lookups, when
- enabled using the new option "allow-v6-synthesis".
-
- 672. [bug] The wrong time was in the "time signed" field when
- replying with BADTIME error.
-
- 671. [bug] The message code was failing to parse a message with
- no question section and a TSIG record. [RT #628]
-
- 670. [bug] The lwres replacements for getaddrinfo and
- getipnodebyname didn't properly check for the
- existence of the sockaddr sa_len field.
-
- 669. [bug] dnssec-keygen now makes the public key file
- non-world-readable for symmetric keys. [RT #403]
-
- 668. [func] named-checkzone now reports multiple errors in master
- files.
-
- 667. [bug] On Linux, running named with the -u option and a
- non-world-readable configuration file didn't work.
- [RT #626]
-
- 666. [bug] If a request sent by dig is longer than 512 bytes,
- use TCP.
-
- 665. [bug] Signed responses were not sent when the size of the
- TSIG + question exceeded the maximum message size.
- [RT #628]
-
- 664. [bug] The t_tasks and t_timers module tests are now skipped
- when building without threads, since they require
- threads.
-
- 663. [func] Accept a size_spec, not just an integer, in the
- (unimplemented and ignored) max-ixfr-log-size option
- for compatibility with recent versions of BIND 8.
- [RT #613]
-
- 662. [bug] dns_rdata_fromtext() failed to log certain errors.
-
- 661. [bug] Certain UDP IXFR requests caused an assertion failure
- (mpctx->allocated == 0). [RT #355, #394, #623]
-
- 660. [port] Detect multiple CPUs on HP-UX and IRIX.
-
- 659. [performance] Rewrite the name compression code to be much faster.
-
- 658. [cleanup] Remove all vestiges of 16 bit global compression.
-
- 657. [bug] When a listen-on statement in an lwres block does not
- specify a port, use 921, not 53. Also update the
- listen-on documentation. [RT #616]
-
- 656. [func] Treat an unescaped newline in a quoted string as
- an error. This means that TXT records with missing
- close quotes should have meaningful errors printed.
-
- 655. [bug] Improve error reporting on unexpected eof when loading
- zones. [RT #611]
-
- 654. [bug] Origin was being forgotten in TCP retries in dig.
- [RT #574]
-
- 653. [bug] +defname option in dig was reversed in sense.
- [RT #549]
-
- 652. [bug] zone_saveunique() did not report the new name.
-
- 651. [func] The AD bit in responses now has the meaning
- specified in <draft-ietf-dnsext-ad-is-secure>.
-
- 650. [bug] SIG(0) records were being generated and verified
- incorrectly. [RT #606]
-
- 649. [bug] It was possible to join to an already running fctx
- after it had "cloned" its events, but before it sent
- them. In this case, the event of the newly joined
- fetch would not contain the answer, and would
- trigger the INSIST() in fctx_sendevents(). In
- BIND 9.0, this bug did not trigger an INSIST(), but
- caused the fetch to fail with a SERVFAIL result.
- [RT #588, #597, #605, #607]
-
- 648. [port] Add support for pre-RFC2133 IPv6 implementations.
-
- 647. [bug] Resolver queries sent after following multiple
- referrals had excessively long retransmission
- timeouts due to incorrectly counting the referrals
- as "restarts".
-
- 646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
- didn't _cleanly_ fix the problem it was trying to fix.
-
- 645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
-
- 644. [bug] #622 needed more work. [RT #562]
-
- 643. [bug] xfrin error messages made more verbose, added class
- of the zone. [RT# 599]
-
- 642. [bug] Break the exit_check() race in the zone module.
- [RT #598]
-
- --- 9.1.0b2 released ---
-
- 641. [bug] $GENERATE caused a uninitialized link to be used.
- [RT #595]
-
- 640. [bug] Memory leak in error path could cause
- "mpctx->allocated == 0" failure. [RT #584]
-
- 639. [bug] Reading entropy from the keyboard would sometimes fail.
- [RT #591]
-
- 638. [port] lib/isc/random.c needed to explicitly include time.h
- to get a prototype for time() when pthreads was not
- being used. [RT #592]
-
- 637. [port] Use isc_u?int64_t instead of (unsigned) long long in
- lib/isc/print.c. Also allow lib/isc/print.c to
- be compiled even if the platform does not need it.
- [RT #592]
-
- 636. [port] Shut up MSVC++ about a possible loss of precision
- in the ISC__BUFFER_PUTUINT*() macros. [RT #592]
-
- 635. [bug] Reloading a server with a configured blackhole list
- would cause an assertion. [RT #590]
-
- 634. [bug] A log file will completely stop being written when
- it reaches the maximum size in all cases, not just
- when versioning is also enabled. [RT #570]
-
- 633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
-
- 632. [bug] The index array of the journal file was
- corrupted as it was written to disk.
-
- 631. [port] Build without thread support on systems without
- pthreads.
-
- 630. [bug] Locking failure in zone code. [RT #582]
-
- 629. [bug] 9.1.0b1 dereferenced a null pointer and crashed
- when responding to a UDP IXFR request.
-
- 628. [bug] If the root hints contained only AAAA addresses,
- named would be unable to perform resolution.
-
- 627. [bug] The EDNS0 blackhole detection code of change 324
- waited for three retransmissions to each server,
- which takes much too long when a domain has many
- name servers and all of them drop EDNS0 queries.
- Now we retry without EDNS0 after three consecutive
- timeouts, even if they are all from different
- servers. [RT #143]
-
- 626. [bug] The lightweight resolver daemon no longer crashes
- when asked for a SIG rrset. [RT #558]
-
- 625. [func] Zones now inherit their class from the enclosing view.
-
- 624. [bug] The zone object could get timer events after it had
- been destroyed, causing a server crash. [RT #571]
-
- 623. [func] Added "named-checkconf" and "named-checkzone" program
- for syntax checking named.conf files and zone files,
- respectively.
-
- 622. [bug] A canceled request could be destroyed before
- dns_request_destroy() was called. [RT #562]
-
- 621. [port] Disable IPv6 at runtime if IPv6 sockets are unusable.
- This mostly affects Red Hat Linux 7.0, which has
- conflicts between libc and the kernel.
-
- 620. [bug] dns_master_load*inc() now require 'task' and 'load'
- to be non-null. Also 'done' will not be called if
- dns_master_load*inc() fails immediately. [RT #565]
-
- 619. [placeholder]
-
- 618. [bug] Queries to a signed zone could sometimes cause
- an assertion failure.
-
- 617. [bug] When using dynamic update to add a new RR to an
- existing RRset with a different TTL, the journal
- entries generated from the update did not include
- explicit deletions and re-additions of the existing
- RRs to update their TTL to the new value.
-
- 616. [func] dnssec-signzone -t output now includes performance
- statistics.
-
- 615. [bug] dnssec-signzone did not like child keysets signed
- by multiple keys.
-
- 614. [bug] Checks for uninitialized link fields were prone
- to false positives, causing assertion failures.
- The checks are now disabled by default and may
- be re-enabled by defining ISC_LIST_CHECKINIT.
-
- 613. [bug] "rndc reload zone" now reloads primary zones.
- It previously only updated slave and stub zones,
- if an SOA query indicated an out of date serial.
-
- 612. [cleanup] Shutup a ridiculously noisy HP-UX compiler that
- complains relentlessly about how its treatment
- of 'const' has changed as well as how casting
- sometimes tightens alignment constraints.
-
- 611. [func] allow-notify can be used to permit processing of
- notify messages from hosts other than a slave's
- masters.
-
- 610. [func] rndc dumpdb is now supported.
-
- 609. [bug] getrrsetbyname() would crash lwresd if the server
- found more SIGs than answers. [RT #554]
-
- 608. [func] dnssec-signzone now adds a comment to the zone
- with the time the file was signed.
-
- 607. [bug] nsupdate would fail if it encountered a CNAME or
- DNAME in a response to an SOA query. [RT #515]
-
- 606. [bug] Compiling with --disable-threads failed due
- to isc_thread_self() being incorrectly defined
- as an integer rather than a function.
-
- 605. [func] New function isc_lex_getlasttokentext().
-
- 604. [bug] The named.conf parser could print incorrect line
- numbers when long comments were present.
-
- 603. [bug] Make dig handle multiple types or classes on the same
- query more correctly.
-
- 602. [func] Cope automatically with UnixWare's broken
- IN6_IS_ADDR_* macros. [RT #539]
-
- 601. [func] Return a non-zero exit code if an update fails
- in nsupdate.
-
- 600. [bug] Reverse lookups sometimes failed in dig, etc...
-
- 599. [func] Added four new functions to the libisc log API to
- support i18n messages. isc_log_iwrite(),
- isc_log_ivwrite(), isc_log_iwrite1() and
- isc_log_ivwrite1() were added.
-
- 598. [bug] An update-policy statement would cause the server
- to assert while loading. [RT #536]
-
- 597. [func] dnssec-signzone is now multi-threaded.
-
- 596. [bug] DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
- not mutually exclusive.
-
- 595. [port] On Linux 2.2, socket() returns EINVAL when it
- should return EAFNOSUPPORT. Work around this.
- [RT #531]
-
- 594. [func] sdb drivers are now assumed to not be thread-safe
- unless the DNS_SDBFLAG_THREADSAFE flag is supplied.
-
- 593. [bug] If a secure zone was missing all its NXTs and
- a dynamic update was attempted, the server entered
- an infinite loop.
-
- 592. [bug] The sig-validity-interval option now specifies a
- number of days, not seconds. This matches the
- documentation. [RT #529]
-
- --- 9.1.0b1 released ---
-
- 591. [bug] Work around non-reentrancy in openssl by disabling
- pre-computation in keys.
-
- 590. [doc] There are now man pages for the lwres library in
- doc/man/lwres.
-
- 589. [bug] The server could deadlock if a zone was updated
- while being transferred out.
-
- 588. [bug] ctx->in_use was not being correctly initialized when
- when pushing a file for $INCLUDE. [RT #523]
-
- 587. [func] A warning is now printed if the "allow-update"
- option allows updates based on the source IP
- address, to alert users to the fact that this
- is insecure and becoming increasingly so as
- servers capable of update forwarding are being
- deployed.
-
- 586. [bug] multiple views with the same name were fatal. [RT #516]
-
- 585. [func] dns_db_addrdataset() and and dns_rdataslab_merge()
- now support 'exact' additions in a similar manner to
- dns_db_subtractrdataset() and dns_rdataslab_subtract().
-
- 584. [func] You can now say 'notify explicit'; to suppress
- notification of the servers listed in NS records
- and notify only those servers listed in the
- 'also-notify' option.
-
- 583. [func] "rndc querylog" will now toggle logging of
- queries, like "ndc querylog" in BIND 8.
-
- 582. [bug] dns_zone_idetach() failed to lock the zone.