Announcing the release of BIND 9.2.0

Andreas Gustafsson Andreas_Gustafsson at isc.org
Mon Nov 26 21:53:15 UTC 2001


BIND 9.2.0 has been released.  Compared to BIND 9.1, BIND 9.2 has a
number of new features as well as numerous bug fixes and cleanups.

BIND 9.2.0 can be downloaded from

	ftp://ftp.isc.org/isc/bind9/9.2.0/bind-9.2.0.tar.gz

The PGP signature of the distribution is at

	ftp://ftp.isc.org/isc/bind9/9.2.0/bind-9.2.0.tar.gz.asc

The signature was generated with the ISC public key, which is
available at <http://www.isc.org/ISC/isckey.txt>.

A binary kit for Windows NT 4.0 and Windows 2000 is at

        ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.2.0/BIND9.2.0.zip

A list of changes made since 9.2.0a1 follows.  For earlier changes,
see the file CHANGES in the distribution.

--------

	--- 9.2.0 released ---

1134.	[bug]		Multithreaded servers could deadlock in ferror()
			when reloading zone files. [RT #1951, #1998]

1133.	[bug]		IN6_IS_ADDR_LOOPBACK was not portably defined on
			platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]

	--- 9.2.0rc10 released ---

1131.	[bug]		The match-destinations view option did not work with
			IPv6 destinations. [RT #2073, #2074]

1130.	[bug]		Log messages reporting an out-of-range serial number
			did not include the out-of-range number but the
			following token. [RT #2076]

1129.	[bug]		Multithreaded servers could crash under heavy
			resolution load due to a race condition. [RT #2018]

1126.	[bug]		The server could access a freed event if shut
			down while a client start event was pending
			delivery. [RT #2061]

1121.	[bug]		The server could attempt to access a NULL zone
			table if shut down while resolving.
			[RT #1587, #2054]

1120.	[bug]		Errors in options were not fatal. [RT #2002]

1118.	[bug]		On multithreaded servers, a race condition
			could cause an assertion failure in resolver.c
			during resolver shutdown. [RT #2029]

1117.	[port]		The configure check for in6addr_loopback incorrectly
			succeeded on AIX 4.3 when compiling with -O2
			because the test code was optimized away.
			[RT #2016]

1116.	[bug]		Setting transfers in a server clause, transfers-in,
			or transfers-per-ns to a value greater than
			2147483647 disabled transfers. [RT #2002]

1114.	[port]		Ignore more accept() errors. [RT #2021]

1113.	[bug]		The allow-update-forwarding option was ignored
			when specified in a view. [RT #2014]

1111.	[bug]		Multithreaded servers could deadlock processing
			recursive queries due to a locking hieararchy
			violation in adb.c. [RT #2017]

	--- 9.2.0rc9 released ---

1107.	[bug]		nsupdate could catch an assertion failure if an
			invalid domain name was given as the argument to
			the "zone" command.

1106.	[bug]		After seeing an out of range TTL, nsupdate would
			treat all TTLs as out of range. [RT #2001]

1104.	[bug]		Invalid arguments to the transfer-format option
			could cause an assertion failure. [RT #1995]

1103.	[port]		OpenUNIX 8 support (ifconfig.sh).  [RT #1970]

1102.	[doc]		Note that query logging is enabled by directing the
			queries category to a channel.

1101.	[bug]		Array bounds read error in lwres_gai_strerror.

1100.	[bug]		libbind: DNSSEC key ids were computed incorrectly.

1099.	[cleanup]	libbind: defining REPORT_ERRORS in lib/bind/dst caused
			compile time errors.

1098.	[bug]		libbind: HMAC-MD5 key files are now mode 0600.

1093.	[doc]		libbind: miscellaneous nroff fixes.

1092.	[bug]		libbind: get*by*() failed to check if res_init() had
			been called.

1091.	[bug]		libbind: misplaced va_end().

1090.	[bug]		libbind: dns_ho.c:add_hostent() was not returning
			the amount of memory consumed resulting in garbage
			address being returned.  Alignment calculations were   
			wasting space.  We weren't suppressing duplicate
			addresses.

1088.	[port]		libbind: MPE/iX C.70 (incomplete)

1087.	[bug]		libbind: struct __res_state too large on 64 bit arch.

1086.	[port]		libbind: sunos: old sprintf.

1085.	[port]		libbind: solaris: sys_nerr and sys_errlist do not
			exist when compiling in 64 bit mode.

1084.	[cleanup]	libbind: gai_strerror() rewritten.

1083.	[bug]		The default control channel listened on the
			wildcard adress, not the loopback as documented.
			[RT #1975]

1082.	[bug]		The -g option to named incorrectly caused logging
			to be sent to syslog in addition to stderr.
			[RT #1974]

1078.	[bug]		We failed to correct bad tv_usec values in one case.
			[RT #1966]

1076.	[bug]		A badly defined global key could trigger an assertion
			on load/reload if views were used. [RT #1947]

1075.	[bug]		Out-of-range network prefix lengths were not
			reported. [RT #1954]

1074.	[bug]		Running out of memory in dump_rdataset() could
			cause an assertion failure. [RT #1946]

	--- 9.2.0rc8 released ---

1068.	[bug]		errno could be overwritten by catgets(). [RT #1921]

1066.	[bug]		Provide a thread safe wrapper for strerror().
			[RT #1689]

1064.	[bug]		Do not shut down active network interfaces if we
			are unable to scan the interface list. [RT #1921]

1063.	[bug]		libbind: "make install" was failing on IRIX.

1062.	[bug]		If the control channel listener socket was shut
			down before server exit, the listener object could
			be freed twice. [RT #1916]

1061.	[bug]		If periodic cache cleaning happened to start
			while cleaning due to reaching the configured
			maximum cache size was in progress, the server
			could catch an assertion failure. [RT #1912]

1057.	[bug]		Reloading the server after adding a "file" clause
			to a zone statement could cause the server to
			crash due to a typo in change 1016.

1056.	[bug]		Rndc could catch an assertion failure on SIGINT due
			to an uninitialized variable. [RT #1908]

	--- 9.2.0rc7 released ---

1054.	[bug]		On Win32, cfg_categories and cfg_modules need to be
			exported from the libisccfg DLL.

1053.	[bug]		Dig did not increase its timeout when receiving
			AXFRs unless the +time option was used. [RT #1904]

1052.	[bug]		Journals were not being created in binary mode
			resulting in "journal format not recognized" error
			under Win32. [RT #1889]

1051.	[bug]		Do not ignore a network interface completely just
			because it has a noncontiguous netmask.	 Instead,
			omit it from the localnets ACL and issue a warning.
			[RT #1891]

1050.	[bug]		Log messages reporting malformed IP addresses in
			address lists such as that of the forwarders option
			failed to include the correct error code, file
			name, and line number. [RT #1890]

1048.	[bug]		Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
			didn't work.

1047.	[bug]		named was incorrectly refusing all requests signed
			with a TSIG key derived from an unsigned TKEY
			negotiation with a NOERROR response. [RT #1886]

1046.	[bug]		The help message for the --with-openssl configure
			option was inaccurate. [RT #1880]

1045.	[bug]		It was possible to skip saving glue for a nameserver
			for a stub zone.

1044.	[bug]		Specifying allow-transfer, notify-source, or
			notify-source-v6 in a stub zone was not treated
			as an error.

1043.	[bug]		Specifying a transfer-source or transfer-source-v6
			option in the zone statement for a master zone was
			not treated as an error. [RT #1876]

1042.	[bug]		The "config" logging category did not work properly.
			[RT #1873]

1041.	[bug]		Dig/host/nslookup could catch an assertion failure
			on SIGINT due to an uninitialized variable. [RT #1867]

1040.	[bug]		Multiple listen-on-v6 options with different ports
			were not accepted. [RT #1875]

1039.	[bug]		Negative responses with CNAMEs in the answer section
			were cached incorrectly. [RT #1862]

1038.	[bug]		In servers configured with a tkey-domain option,
			TKEY queries with an owner name other than the root
			could cause an assertion failure. [RT #1866, #1869]

1033.	[bug]		Always respond to requests with an unsupported opcode
			with NOTIMP, even if we don't have a matching view
			or cannot determine the class.

	--- 9.2.0rc6 released ---

1031.	[bug]		libbind.a: isc__gettimeofday() infinite recursion.
			[RT #1858]

1030.	[bug]		On systems with no resolv.conf file, nsupdate
			exited with an error rather than defaulting
			to using the loopback address. [RT #1836]

1029.	[bug]		Some named.conf errors did not cause the loading
			of the configuration file to return a failure
			status even though they were logged. [RT #1847]

1028.	[bug]		On Win32, dig/host/nslookup looked for resolv.conf
			in the wrong directory. [RT #1833]

1027.	[bug]		RRs having the reserved type 0 should be rejected.
			[RT #1471]

1026.	[port]		Recognize OpenUNIX 8 in config.guess. [RT #1830]

1022.	[bug]		Don't report empty root hints as "extra data".
			[RT #1802]

	--- 9.2.0rc5 released ---

1021.	[bug]		On Win32, log message timestamps were one month
			later than they should have been, and the server
			would exhibit unspecified behavior in December.

1020.	[bug]		IXFR log messages did not distinguish between
			true IXFRs, AXFR-style IXFRs, and mere version
			polls. [RT #1811]

1019.	[bug]		The value of the lame-ttl option was limited to 18000
			seconds, not 1800 seconds as documented. [RT #1803]

1018.	[bug]		The default log channel was not always initialized
			correctly. [RT #1813]

1017.	[bug]		When specifying TSIG keys to dig and nsupdate using
			the -k option, they must be HMAC-MD5 keys. [RT #1810]

1016.	[bug]		Slave zones with no backup file were re-transferred
			on every server reload.

1015.	[bug]		Log channels that had a "versions" option but no
			"size" option failed to create numbered log
			files. [RT #1783]
 
	--- 9.2.0rc4 released ---

1013.	[bug]		It was possible to cancel a query twice when marking
			a server as bogus or by having a blackhole acl.
			[RT #1776]

1010.	[bug]		The server could attempt to execute a command channel
			command after initiating server shutdown, causing
			an assertion failure. [RT #1766]

1006.	[bug]		If a KEY RR was found missing during DNSSEC validation,
			an assertion failure could subsequently be triggered
			in the resolver. [RT #1763]

1005.	[bug]		Don't copy nonzero RCODEs from request to response.
			[RT #1765]

1004.	[port]		Deal with recvfrom() returning EHOSTDOWN. [RT #1770]

1002.	[bug]		When reporting an unknown class name in named.conf,
			including the file name and line number. [RT #1759]

1001.	[bug]		win32 socket code doio_recv was not catching a
			WSACONNRESET error when a client was timing out
			the request and closing its socket. [RT #1745]

1000.	[bug]		BIND 8 compatibility: accept "HESIOD" as an alias
			for class "HS". [RT #1759]

	--- 9.2.0rc3 released ---

 990.	[bug]		The rndc-confgen man page was not installed.

 989.	[bug]		Report filename if $INCLUDE fails for file related
			errors. [RT #1736]

 987.	[bug]		"dig -help" didn't show "+[no]stats".

 986.	[bug]		"dig +noall" failed to clear stats and command
			printing.

 984.	[bug]		Multithreading should be enabled by default on
			Solaris 2.7 and newer, but it wasn't.

	--- 9.2.0rc2 released ---

 980.	[bug]		Incoming zone transfers restarting after an error
			could trigger an assertion failure. [RT #1692]

 978.	[bug]		dns_db_attachversion() had an invalid REQUIRE()
			condition.

 977.	[bug]		Improve "not at top of zone" error message.

 975.	[bug]		"max-cache-size default;" as a view option
			caused an assertion failure.

 974.	[bug]		"max-cache-size unlimited;" as a global option
			was not accepted.

 973.	[bug]		Failed to log the question name when logging:
			"bad zone transfer request: non-authoritative zone
			(NOTAUTH)".

 972.	[bug]		The file modification time code in zone.c was using the
			wrong epoch. [RT #1667]

 968.	[bug]		On win32, the isc_time_now() function was unnecessarily
			calling strtime(). [RT #1671]

 967.	[bug]		On win32, the link for bindevt was not including the
			required resource file to enable the event viewer
			to interpret the error messages in the event log,
			[RT #1668]

 966.	[placeholder]

 965.	[bug]		Including data other than root server NS and A
			records in the root hint file could cause a rbtdb
			node reference leak. [RT #1581, #1618]

 964.	[func]		Warn if data other than root server NS and A records
			are found in the root hint file. [RT #1581, #1618]

 963.	[bug]		Bad ISC_LANG_ENDDECLS. [RT #1645]

 962.	[bug]		libbind: bad "#undef", don't attempt to install
			non-existant nlist.h. [RT #1640]

 961.	[bug]		Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
			was not defined. [RT #1482]

 960.	[port]		liblwres failed to build on systems with support for
			getrrsetbyname() in the OS. [RT #1592]

 959.	[port]		On FreeBSD, determine the number of CPUs by calling
			sysctlbyname(). [RT #1584]

 958.	[port]		ssize_t is not available on all platforms. [RT #1607]

 957.	[bug]		sys/select.h inclusion was broken on older platforms.
			[RT #1607]

 956.	[bug]		ns_g_autorndcfile changed to ns_g_keyfile
			in named/win32/os.c due to code changes in
			change #953. win32 .make file for rndc-confgen
			updated to add include path for os.h header.

	--- 9.2.0rc1 released ---

 955.	[bug]		When using views, the zone's class was not being
			inherited from the view's class. [RT #1583]

 954.	[bug]		When requesting AXFRs or IXFRs using dig, host, or
			nslookup, the RD bit should not be set as zone
			transfers are inherently nonrecursive. [RT #1575]

 953.	[func]		The /var/run/named.key file from change #843
			has been replaced by /etc/rndc.key.  Both
			named and rndc will look for this file and use
			it to configure a default control channel key
			if not already configured using a different
			method (rndc.conf / controls).	Unlike
			named.key, rndc.key is not created automatically;
			it must be created by manually running
			"rndc-confgen -a".

 952.	[bug]		The server required manual intervention to serve the
			affected zones if it died between creating a journal
			and committing the first change to it.

 951.	[bug]		CFLAGS was not passed to the linker when
			linking some of the test programs under
			bin/tests. [RT #1555].

 950.	[bug]		Explicit TTLs did not properly override $TTL
			due to a bug in change 834. [RT #1558]

 949.	[bug]		host was unable to print records larger than 512
			bytes. [RT #1557]

	--- 9.2.0b2 released ---

 948.	[port]		Integrated support for building on Windows NT /
			Windows 2000.

 947.	[bug]		dns_rdata_soa_t had a badly named element "mname" which
			was really the RNAME field from RFC1035.  To avoid
			confusion and silent errors that would occur it the
			"origin" and "mname" elements were given their correct
			names "mname" and "rname" respectively, the "mname"
			element is renamed to "contact".

 946.	[cleanup]	doc/misc/options is now machine-generated from the
			configuration parser syntax tables, and therefore
			more likely to be correct.

 945.	[func]		Add the new view-specific options
			"match-destinations" and "match-recursive-only".

 944.	[func]		Check for expired signatures on load.

 943.	[bug]		The server could crash when receiving a command
			via rndc if the configuration file listed only
			nonexistent keys in the controls statement. [RT #1530]

 942.	[port]		libbind: GETNETBYADDR_ADDR_T was not correctly
			defined on some platforms.

 941.	[bug]		The configuration checker crashed if a slave
			zone didn't contain a masters statement. [RT #1514]

 940.	[bug]		Double zone locking failure on error path. [RT #1510]

	--- 9.2.0b1 released ---

 939.	[port]		Add the --disable-linux-caps option to configure for
			systems that manage capabilities outside of named.
			[RT #1503]

 938.	[placeholder]

 937.	[bug]		A race when shutting down a zone could trigger a
			INSIST() failure. [RT #1034]

 936.	[func]		Warn about IPv4 addresses that are not complete
			dotted quads. [RT #1084]

 935.	[bug]		inet_pton failed to reject leading zeros.

 934.	[port]		Deal with systems where accept() spuriously returns
			ECONNRESET.

 933.	[bug]		configure failed doing libbind on platforms not
			supported by BIND 8. [RT #1496]

	--- 9.2.0a3 released ---

 932.	[bug]		Use INSTALL_SCRIPT, not INSTALL_PROGRAM,
			when installing isc-config.sh.
			[RT #198, #1466]

 931.	[bug]		The controls statement only attempted to verify
			messages using the first key in the key list.
			(9.2.0a1/a2 only).

 930.	[func]		Query performance testing tool added as
			contrib/queryperf.

 929.	[placeholder]

 928.	[bug]		nsupdate would send empty update packets if the
			send (or empty line) command was run after
			another send but before any new updates or
			prerequisites were specified.  It should simply
			ignore this command.

 927.	[bug]		Don't hold the zone lock for the entire dump to disk.
			[RT #1423]

 926.	[bug]		The resolver could deadlock with the ADB when
			shutting down (multithreaded builds only).
			[RT #1324]

 925.	[cleanup]	Remove openssl from the distribution; require that
			--with-openssl be specified if DNSSEC is needed.

 924.	[port]		Extend support for pre-RFC2133 IPv6 implementation.
			[RT #987]

 923.	[bug]		Multiline TSIG secrets (and other multiline strings)
			were not accepted in named.conf. [RT #1469]

 922.	[func]		Added two new lwres_getrrsetbyname() result codes,
			ERR_NONAME and ERR_NODATA.

 921.	[bug]		lwres returned an incorrect error code if it received
			a truncated message.

 920.	[func]		Increase the lwres receive buffer size to 16K.
			[RT #1451]

 919.	[placeholder]

 918.	[func]		In nsupdate, TSIG errors are no longer treated as
			fatal errors.

 917.	[func]		New nsupdate command 'key', allowing TSIG keys to
			be specified in the nsupdate command stream rather
			than the command line.

 916.	[bug]		Specifying type ixfr to dig without specifying
			a serial number failed in unexpected ways.

 915.	[func]		The named-checkconf and named-checkzone programs
			now have a '-v' option for printing their version.
			[RT #1151]

 914.	[bug]		Global 'server' statements were rejected when
			using views, even though they were accepted
			in 9.1. [RT #1368]

 913.	[bug]		Cache cleaning was not sufficiently aggressive.
			[RT #1441, #1444]

 912.	[bug]		Attempts to set the 'additional-from-cache' or
			'additional-from-auth' option to 'no' in a
			server with recursion enabled will now
			be ignored and cause a warning message.
			[RT #1145]

 911.	[placeholder]

 910.	[port]		Some pre-RFC2133 IPv6 implementations do not define
			IN6ADDR_ANY_INIT. [RT #1416]

 908.	[func]		New program, rndc-confgen, to simplify setting up rndc.

 907.	[func]		The ability to get entropy from either the
			random device, a user-provided file or from
			the keyboard was migrated from the DNSSEC tools
			to libisc as isc_entropy_usebestsource().

 906.	[port]		Separated the system independent portion of
			lib/isc/unix/entropy.c into lib/isc/entropy.c
			and added lib/isc/win32/entropy.c.

 905.	[bug]		Configuring a forward "zone" for the root domain
			did not work. [RT #1418]

 904.	[bug]		The server would leak memory if attempting to use
			an expired TSIG key. [RT #1406]

 903.	[bug]		dig should not crash when receiving a TCP packet
			of length 0.

 902.	[bug]		The -d option was ignored if both -t and -g were also
			specified.

 901.	[placeholder]

 900.	[bug]		A config.guess update changed the system identification
			string of FreeBSD systems; configure and
			bin/tests/system/ifconfig.sh now recognize the new
			string. 

	--- 9.2.0a2 released ---

 899.	[bug]		lib/dns/soa.c failed to compile on many platforms
			due to inappropriate use of a void value.
			[RT #1372, #1373, #1386, #1387, #1395]

 898.	[bug]		"dig" failed to set a nonzero exit status
			on UDP query timeout. [RT #1323]

 897.	[bug]		A config.guess update changed the system identification
			string of UnixWare systems; configure now recognizes
			the new string.

 896.	[bug]		If a configuration file is set on named's command line
			and it has a relative pathname, the current directory
			(after any possible jailing resulting from named -t)
			will be prepended to it so that reloading works
			properly even when a directory option is present.

 895.	[func]		New function, isc_dir_current(), akin to POSIX's
			getcwd().

 894.	[bug]		When using the DNSSEC tools, a message intended to warn
			when the keyboard was being used because of the lack
			of a suitable random device was not being printed.

 893.	[func]		Removed isc_file_test() and added isc_file_exists()
			for the basic functionality that was being added
			with isc_file_test().

 892.	[placeholder]

 891.	[bug]		Return an error when a SIG(0) signed response to
			an unsigned query is seen.  This should actually
			do the verification, but it's not currently
			possible. [RT #1391]

 890.	[cleanup]	The man pages no longer require the mandoc macros
			and should now format cleanly using most versions of
			nroff, and HTML versions of the man pages have been
			added.	Both are generated from DocBook source.

 889.	[port]		Eliminated blank lines before .TH in nroff man
			pages since they cause problems with some versions
			of nroff. [RT #1390]

 888.	[bug]		Don't die when using TKEY to delete a nonexistent
			TSIG key. [RT #1392]

 887.	[port]		Detect broken compilers that can't call static
			functions from inline functions. [RT #1212]

 866.	[func]		Close debug only file channels when debug is set to
			zero. [RT #1246]

 865.	[bug]		The new configuration parser did not allow
			the optional debug level in a "severity debug"
			clause of a logging channel to be omitted.
			This is now allowed and treated as "severity
			debug 1;" like it does in BIND 8.2.4, not as
			"severity debug 0;" like it did in BIND 9.1.
			[RT #1367]

 864.	[cleanup]	Multithreading is now enabled by default on
			OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.

 863.	[bug]		If an error occurred while an outgoing zone transfer
			was starting up, the server could access a domain
			name that had already been freed when logging a
			message saying that the transfer was starting. 
			[RT #1383]

 862.	[bug]		Use after realloc(), non portable pointer arithmetic in
			grmerge().

 861.	[port]		Add support for Mac OS X, by making it equivalent
			to Darwin.  This was derived from the config.guess
			file shipped with Mac OS X. [RT #1355]

 860.	[func]		Drop cross class glue in zone transfers.

 859.	[bug]		Cache cleaning now won't swamp the CPU if there
			is a persistent overlimit condition.

 858.	[func]		isc_mem_setwater() no longer requires that when the
			callback function is non-NULL then its hi_water
			argument must be greater than its lo_water argument
			(they can now be equal) or that they be non-zero.

 857.	[cleanup]	Use ISC_MAGIC() to define all magic numbers for
			structs, for our friends in EBCDIC-land.

 856.	[func]		Allow partial rdatasets to be returned in answer and
			authority sections to help non-TCP capable clients
			recover from truncation. [RT #1301]

 855.	[bug]		Stop spurious "using RFC 1035 TTL semantics" warnings.

 854.	[bug]		The config parser didn't properly handle config
			options that were specified in units of time other
			than seconds. [RT #1372]

 853.	[bug]		configure_view_acl() failed to detach existing acls.
			[RT #1374]

 852.	[bug]		Handle responses from servers which do not know
			about IXFR.

 851.	[cleanup]	The obsolete support-ixfr option was not properly
			ignored.

	--- 9.2.0a1 released ---


More information about the bind-announce mailing list