Announcing the release of BIND 9.1.2

Andreas Gustafsson Andreas.Gustafsson at
Sat May 5 03:37:17 UTC 2001

BIND 9.1.2 is now available.  This is a maintenance release,
containing fixes for a number of bugs in 9.1.1 but no new features.
We recommend that all users of earlier versions of BIND 9 upgrade to

DNSSEC users should note that DNSSEC validation involving algorithms
other than RSA will not interoperate between this version of BIND and
version 9.1.1 or older, because the older versions use an incorrect
formula for calculating key tags of non-RSA keys.  

BIND 9.1.2 can be downloaded from

The PGP signature of the distribution is at

The signature was generated with the ISC public key, which is available
at <>.

A list of changes made since 9.1.0 follows.  For earlier changes,
see the file CHANGES in the distribution.


	--- 9.1.2 released ---

	--- 9.1.2rc1 released ---

 820.	[bug]		Name server address lookups failed to follow
			A6 chains into the glue of local authoritative

 819.	[bug]		In certain cases, the resolver's attempts to
			restart an address lookup at the root could cause
			the fetch to deadlock (with itself) instead of
			restarting. [RT #1225]

 818.	[bug]		Certain pathological responses to ANY queries could
			cause an assertion failure. [RT #1218]

 816.	[bug]		Report potential problems with log file accessibility
			at configuration time, since such problems can't
			reliably be reported at the time they actually occur.

 815.	[bug]		If a log file was specified with a path separator
			character (i.e. "/") in its name and the directory
			did not exist, the log file's name was treated as
			though it were the directory name. [RT #1189]

 814.	[bug]		Socket objects left over from accept() failures
			were incorrectly destroyed, causing corruption
			of socket manager data structures.

 813.	[bug]		File descriptors exceeding FD_SETSIZE were handled
			badly. [RT #1192]

 812.	[bug]		dig sometimes printed incomplete IXFR responses
			due to an uninitialized variable. [RT #1188]

 811.	[bug]		Parentheses were not quoted in zone dumps. [RT #1194]

 810.	[bug]		The signer name in SIG records was not properly
 			downcased when signing/verifying records. [RT #1186]

 807.	[bug]		When setting up TCP connections for incoming zone
			transfers, the transfer-source port was not
			ignored like it should be.

 804.	[bug]		Attempting to obtain entropy could fail in some
 			situations.  This would be most common on systems
			with user-space threads. [RT #1131]

 802.	[bug]		DNSSEC key tags were computed incorrectly in almost
 			all cases. [RT #1146]

 801.	[bug]		nsupdate should treat lines beginning with ';' as
 			comments. [RT #1139]

 800.	[bug]		dnssec-signzone produced incorrect statistics for
 			large zones. [RT #1133]

 799.	[bug]		The ADB didn't find AAAA glue in a zone unless A6
			glue was also present.

	--- 9.1.1 released ---

	--- 9.1.1rc7 released ---

 791.	[bug]		The control channel did not work over IPv6.

 790.	[bug]		Wildcards created using dynamic update or IXFR
			could fail to match. [RT #1111]

 787.	[bug]		The DNSSEC tools failed to downcase domain
			names when mapping them into file names.

 786.	[bug]		When DNSSEC signing/verifying data, owner names were
			not properly downcased.

	--- 9.1.1rc6 released ---

 785.	[bug]		A race condition in the resolver could cause
			an assertion failure. [RT #673, #872, #1048]

 784.	[bug]		nsupdate and other programs would not quit properly
			if some signals were blocked by the caller. [RT #1081]

 783.	[bug]		Following CNAMEs could cause an assertion failure
			when either using an sdb database or under very
			rare conditions.

 780.	[bug]		Error handling code dealing with out of memory or
			other rare errors could lead to assertion failures
			by calling functions on unitialized names. [RT #1065]

	--- 9.1.1rc5 released ---

 778.	[bug]		When starting cache cleaning, cleaning_timer_action()
			returned without first pausing the iterator, which
			could cause deadlock. [RT #998]

 777.	[bug]		An empty forwarders list in a zone failed to override
			global forwarders. [RT #995]

 775.   [bug]		Address match lists with invalid netmasks caused
			the configuration parser to abort with an assertion
			failure. [RT #996]

 772.	[bug]		Owner names could be incorrectly omitted from cache
			dumps in the presence of negative caching entries.
			[RT #991]

 686.   [bug]		dig and nslookup can now be properly aborted during
			blocking operations. [RT #568]

	--- 9.1.1rc4 released ---

 767.	[bug]		The configuration parser handled invalid ports badly.
			[RT #961]

 766.	[bug]		A few cases in query_find() could leak fname.
			This would trigger the mpctx->allocated == 0
			assertion when the server exited.
			[RT #739, #776, #798, #812, #818, #821, #845,
			#892, #935, #966]

 759.	[bug]		The resolver didn't turn off "avoid fetches" mode
			when restarting, possibly causing resolution
			to fail when it should not.  This bug only affected
			platforms which support both IPv4 and IPv6. [RT #927]

 758.	[bug]		The "avoid fetches" code did not treat negative
			cache entries correctly, causing fetches that would
			be useful to be avoided.  This bug only affected
			platforms which support both IPv4 and IPv6. [RT #927]

 756.	[bug]		dns_zone_load() could "return" success when no master
			file was configured.

 755.	[bug]		Fix incorrectly formatted log messages in zone.c.

 709.	[bug]		ANY or SIG queries for data with a TTL of 0
			would return SERVFAIL. [RT #620]

	--- 9.1.1rc3 released ---

 754.	[bug]		Certain failure conditions sending UDP packets
			could cause the server to retry the transmission
			indefinitely. [RT #902]

 753.	[bug]		dig, host, and nslookup would fail to contact a
			remote server if getaddrinfo() returned an IPv6
			address on a system that doesn't support IPv6.
			[RT #917]

 750.	[bug]		A query should not match a DNAME whose trust level
			is pending.  [RT #916]

 749.	[bug]		When a query matched a DNAME in a secure zone, the
			server did not return the signature of the DNAME.
			[RT #915]

 747.	[bug]		The code to determine whether an IXFR was possible
			did not properly check for a database that could
			not have a journal. [RT #865, #908]

 746.	[bug]		The sdb didn't clone rdatasets properly, causing
			a crash when the server followed delegations. [RT #905]

 744.	[bug]		When returning DNS_R_CNAME or DNS_R_DNAME as the
			result of an ANY or SIG query, the resolver failed
			to setup the return event's rdatasets, causing an
			assertion failure in the query code.  [RT #881]

 743.	[bug]		Receiving a large number of certain malformed
			answers could cause named to stop responding.
			[RT #861]

 742.	[bug]		dig +domain did not work. [RT #850]

 738.	[bug]		If a non-threadsafe sdb driver supported AXFR and
			received an AXFR request, it would deadlock or die
			with an assertion failure. [RT #852]

 737.	[port]		stdtime.c failed to compile on certain platforms.

 648.	[port]		Add support for pre-RFC2133 IPv6 implementations.

	--- 9.1.1rc2 released ---

 733.	[bug]		Reference counts of dns_acl_t objects need to be
			locked but were not. [RT #801, #821]

 708.	[bug]		When building with --with-openssl, the openssl headers
			included with BIND 9 should not be used. [RT #702]

	--- 9.1.1rc1 released ---

 729.	[port]		pthread_setconcurrency() needs to be called on Solaris.

 727.	[port]		Work around OS bug where accept() succeeds but
			fails to fill in the peer address of the accepted
			connection, by treating it as an error rather than
			an assertion failure. [RT #809]

 723.	[bug]		Referrals whose NS RRs had a 0 TTL caused the resolver
			to return DNS_R_SERVFAIL. [RT #783]

 720.	[bug]		Server could enter infinite loop in
			dispatch.c:do_cancel(). [RT #733]

 719.	[bug]		Rapid reloads could trigger an assertion failure.
			[RT #743, #763]

 717.	[bug]		Certain TKEY processing failure modes could
			reference an uninitialized variable, causing the
			server to crash. [RT #750]

 716.	[bug]		The first line of a $INCLUDE master file was lost if
			an origin was specified. [RT #744]

 715.	[bug]		Resolving some A6 chains could cause an assertion
			failure in adb.c. [RT #738]

 711.	[bug]		The libisc and liblwres implementations of
			inet_ntop contained an off by one error.

 706.	[bug]		Zones with an explicit "allow-update { none; };"
			were considered dynamic and therefore not reloaded
			on SIGHUP or "rndc reload".

 700.	[bug]		$GENERATE range check was wrong. [RT #688]

 698.	[bug]		Aborting nsupdate with ^C would lead to several
			race conditions.

 699.	[bug]		The lexer mishandled empty quoted strings. [RT #694]

 694.	[bug]		$GENERATE did not produce the last entry.
			[RT #682, #683]

 693.   [bug]           An empty lwres statement in named.conf caused
                        the server to crash while loading.

 692.	[bug]		Deal with systems that have getaddrinfo() but not
			gai_strerror(). [RT #679]

 691.	[bug]		Configuring per-view forwarders caused an assertion
			failure. [RT #675, #734]

	--- 9.1.0 released ---


More information about the bind-announce mailing list