Announcing the release of BIND 9.1.3rc2

Andreas Gustafsson Andreas.Gustafsson at
Tue Jun 19 22:07:18 UTC 2001

BIND 9.1.3rc2 is now available.  This is a release candidate for
BIND 9.1.3.  It contains fixes for a number of bugs in BIND 9.1.3rc1
but no new features.

BIND 9.1.3rc2 can be downloaded from

The PGP signature of the distribution is at

The signature was generated with the ISC public key, which is available
at <>.

A list of changes made since 9.1.0 follows.  For earlier changes,
see the file CHANGES in the distribution.


	--- 9.1.3rc2 released ---

 904.	[bug]		The server would leak memory if attempting to use
			an expired TSIG key. [RT #1406]

 903.	[bug]		dig should not crash when receiving a TCP packet
			of length 0.

 902.	[bug]		The -d option was ignored if both -t and -g were also

 901.	[cleanup]	The man pages no longer have empty lines outside of
			literal blocks.

 898.	[bug]		"dig" failed to set a nonzero exit status
			on UDP query timeout. [RT #1323]

 894.	[bug]		When using the DNSSEC tools, a message intended to warn
			when the keyboard was being used because of the lack
			of a suitable random device was not being printed.

 892.	[bug]		The server could attempt to refresh a zone that
			was being loaded, causing an assertion failure.
			[RT #1335]

 891.	[bug]		Return an error when a SIG(0) signed response to
			an unsigned query is seen.  This should actually
			do the verification, but it's not currently
			possible. [RT #1391]

 888.	[bug]		Don't die when using TKEY to delete a nonexistent
			TSIG key. [RT #1392]

 860.	[interop]	Drop cross class glue in zone transfers.

 852.	[bug]		Handle responses from servers which do not
			now about IXFR.

 850.	[bug]		dns_rbt_findnode() would not find nodes that were
			split on a bitstring label somewhere other than in
			the last label of the node. [RT #1351]

 705.	[port]		Work out resource limit type for use where rlim_t is
			not available. [RT #695]

 704.	[port]		RLIMIT_NOFILE is not available on all platforms.

 703.	[port]		sys/select.h is needed on older platforms. [RT #695]

	--- 9.1.3rc1 released ---

 831.	[bug]		The configure script tried to determine
			endianness before making its final decision on
			which C compiler to use, causing Solaris/x86
			systems with gcc to be incorrectly identified
			as big-endian. [RT #1315]

 827.	[bug]		When an IXFR protocol error occurs, the slave
			should retry with AXFR.

 826.	[bug]		Some IXFR protocol errors were not detected.

 825.	[bug]		zone.c:ns_query() detached from the wrong zone
			reference. [RT #1264] 

 824.	[bug]		Correct line numbers reported by dns_master_load().
			[RT #1263]

 822.	[bug]		Sending nxrrset prerequisites would crash nsupdate.
			[RT #1248]

 806.	[bug]		DNS_R_SEENINCLUDE was failing to propagate back up
			the calling stack to the zone maintence level, causing
			zones to not reload when an included file was touched
			but the top-level zone file was not.

 771.	[cleanup]	TSIG errors related to unsynchronized clocks
			are logged better. [RT #919]

 734.	[bug]		An attempt to re-lock the zone lock could occur if
			the server was shutdown during a zone tranfer.
			[RT #830]

 712.	[bug]		Sending a large signed update message caused an
			assertion failure. [RT #718]

 669.	[bug]		dnssec-keygen now makes the public key file
			non-world-readable for symmetric keys. [RT #403]

	--- 9.1.2 released ---

	--- 9.1.2rc1 released ---

 820.	[bug]		Name server address lookups failed to follow
			A6 chains into the glue of local authoritative

 819.	[bug]		In certain cases, the resolver's attempts to
			restart an address lookup at the root could cause
			the fetch to deadlock (with itself) instead of
			restarting. [RT #1225]

 818.	[bug]		Certain pathological responses to ANY queries could
			cause an assertion failure. [RT #1218]

 816.	[bug]		Report potential problems with log file accessibility
			at configuration time, since such problems can't
			reliably be reported at the time they actually occur.

 815.	[bug]		If a log file was specified with a path separator
			character (i.e. "/") in its name and the directory
			did not exist, the log file's name was treated as
			though it were the directory name. [RT #1189]

 814.	[bug]		Socket objects left over from accept() failures
			were incorrectly destroyed, causing corruption
			of socket manager data structures.

 813.	[bug]		File descriptors exceeding FD_SETSIZE were handled
			badly. [RT #1192]

 812.	[bug]		dig sometimes printed incomplete IXFR responses
			due to an uninitialized variable. [RT #1188]

 811.	[bug]		Parentheses were not quoted in zone dumps. [RT #1194]

 810.	[bug]		The signer name in SIG records was not properly
			downcased when signing/verifying records. [RT #1186]

 807.	[bug]		When setting up TCP connections for incoming zone
			transfers, the transfer-source port was not
			ignored like it should be.

 804.	[bug]		Attempting to obtain entropy could fail in some
			situations.  This would be most common on systems
			with user-space threads. [RT #1131]

 802.	[bug]		DNSSEC key tags were computed incorrectly in almost
			all cases. [RT #1146]

 801.	[bug]		nsupdate should treat lines beginning with ';' as
			comments. [RT #1139]

 800.	[bug]		dnssec-signzone produced incorrect statistics for
			large zones. [RT #1133]

 799.	[bug]		The ADB didn't find AAAA glue in a zone unless A6
			glue was also present.

	--- 9.1.1 released ---

	--- 9.1.1rc7 released ---

 791.	[bug]		The command channel now works over IPv6.

 790.	[bug]		Wildcards created using dynamic update or IXFR
			could fail to match. [RT #1111]

 787.	[bug]		The DNSSEC tools failed to downcase domain
			names when mapping them into file names.

 786.	[bug]		When DNSSEC signing/verifying data, owner names were
			not properly downcased.

	--- 9.1.1rc6 released ---

 785.	[bug]		A race condition in the resolver could cause
			an assertion failure. [RT #673, #872, #1048]

 784.	[bug]		nsupdate and other programs would not quit properly
			if some signals were blocked by the caller. [RT #1081]

 783.	[bug]		Following CNAMEs could cause an assertion failure
			when either using an sdb database or under very
			rare conditions.

 780.	[bug]		Error handling code dealing with out of memory or
			other rare errors could lead to assertion failures
			by calling functions on unitialized names. [RT #1065]

	--- 9.1.1rc5 released ---

 778.	[bug]		When starting cache cleaning, cleaning_timer_action()
			returned without first pausing the iterator, which
			could cause deadlock. [RT #998]

 777.	[bug]		An empty forwarders list in a zone failed to override
			global forwarders. [RT #995]

 775.	[bug]		Address match lists with invalid netmasks caused
			the configuration parser to abort with an assertion
			failure. [RT #996]

 772.	[bug]		Owner names could be incorrectly omitted from cache
			dumps in the presence of negative caching entries.
			[RT #991]

 686.	[bug]		dig and nslookup can now be properly aborted during
			blocking operations. [RT #568]

	--- 9.1.1rc4 released ---

 767.	[bug]		The configuration parser handled invalid ports badly.
			[RT #961]

 766.	[bug]		A few cases in query_find() could leak fname.
			This would trigger the mpctx->allocated == 0
			assertion when the server exited.
			[RT #739, #776, #798, #812, #818, #821, #845,
			#892, #935, #966]

 759.	[bug]		The resolver didn't turn off "avoid fetches" mode
			when restarting, possibly causing resolution
			to fail when it should not.  This bug only affected
			platforms which support both IPv4 and IPv6. [RT #927]

 758.	[bug]		The "avoid fetches" code did not treat negative
			cache entries correctly, causing fetches that would
			be useful to be avoided.  This bug only affected
			platforms which support both IPv4 and IPv6. [RT #927]

 756.	[bug]		dns_zone_load() could "return" success when no master
			file was configured.

 755.	[bug]		Fix incorrectly formatted log messages in zone.c.

 709.	[bug]		ANY or SIG queries for data with a TTL of 0
			would return SERVFAIL. [RT #620]

	--- 9.1.1rc3 released ---

 754.	[bug]		Certain failure conditions sending UDP packets
			could cause the server to retry the transmission
			indefinitely. [RT #902]

 753.	[bug]		dig, host, and nslookup would fail to contact a
			remote server if getaddrinfo() returned an IPv6
			address on a system that doesn't support IPv6.
			[RT #917]

 750.	[bug]		A query should not match a DNAME whose trust level
			is pending. [RT #916]

 749.	[bug]		When a query matched a DNAME in a secure zone, the
			server did not return the signature of the DNAME.
			[RT #915]

 747.	[bug]		The code to determine whether an IXFR was possible
			did not properly check for a database that could
			not have a journal. [RT #865, #908]

 746.	[bug]		The sdb didn't clone rdatasets properly, causing
			a crash when the server followed delegations. [RT #905]

 744.	[bug]		When returning DNS_R_CNAME or DNS_R_DNAME as the
			result of an ANY or SIG query, the resolver failed
			to setup the return event's rdatasets, causing an
			assertion failure in the query code. [RT #881]

 743.	[bug]		Receiving a large number of certain malformed
			answers could cause named to stop responding.
			[RT #861]

 742.	[bug]		dig +domain did not work. [RT #850]

 738.	[bug]		If a non-threadsafe sdb driver supported AXFR and
			received an AXFR request, it would deadlock or die
			with an assertion failure. [RT #852]

 737.	[port]		stdtime.c failed to compile on certain platforms.

 648.	[port]		Add support for pre-RFC2133 IPv6 implementations.

	--- 9.1.1rc2 released ---

 733.	[bug]		Reference counts of dns_acl_t objects need to be
			locked but were not. [RT #801, #821]

 708.	[bug]		When building with --with-openssl, the openssl headers
			included with BIND 9 should not be used. [RT #702]

	--- 9.1.1rc1 released ---

 729.	[port]		pthread_setconcurrency() needs to be called on Solaris.

 727.	[port]		Work around OS bug where accept() succeeds but
			fails to fill in the peer address of the accepted
			connection, by treating it as an error rather than
			an assertion failure. [RT #809]

 723.	[bug]		Referrals whose NS RRs had a 0 TTL caused the resolver
			to return DNS_R_SERVFAIL. [RT #783]

 720.	[bug]		Server could enter infinite loop in
			dispatch.c:do_cancel(). [RT #733]

 719.	[bug]		Rapid reloads could trigger an assertion failure.
			[RT #743, #763]

 717.	[bug]		Certain TKEY processing failure modes could
			reference an uninitialized variable, causing the
			server to crash. [RT #750]

 716.	[bug]		The first line of a $INCLUDE master file was lost if
			an origin was specified. [RT #744]

 715.	[bug]		Resolving some A6 chains could cause an assertion
			failure in adb.c. [RT #738]

 711.	[bug]		The libisc and liblwres implementations of
			inet_ntop contained an off by one error.

 706.	[bug]		Zones with an explicit "allow-update { none; };"
			were considered dynamic and therefore not reloaded
			on SIGHUP or "rndc reload".

 700.	[bug]		$GENERATE range check was wrong. [RT #688]

 698.	[bug]		Aborting nsupdate with ^C would lead to several
			race conditions.

 699.	[bug]		The lexer mishandled empty quoted strings. [RT #694]

 694.	[bug]		$GENERATE did not produce the last entry.
			[RT #682, #683]

 693.	[bug]		An empty lwres statement in named.conf caused
			the server to crash while loading.

 692.	[bug]		Deal with systems that have getaddrinfo() but not
			gai_strerror(). [RT #679]

 691.	[bug]		Configuring per-view forwarders caused an assertion
			failure. [RT #675, #734]

	--- 9.1.0 released ---

More information about the bind-announce mailing list