BIND 9.2.6 is now available.
Mark Andrews
Mark_Andrews at isc.org
Wed Dec 21 04:44:06 UTC 2005
BIND 9.2.6 is now available.
BIND 9.2.6 is a maintenance release for BIND 9.2.
BIND 9.2.6 can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.2.6/bind-9.2.6.tar.gz
The PGP signature of the distribution is at
ftp://ftp.isc.org/isc/bind9/9.2.6/bind-9.2.6.tar.gz.asc
The signature was generated with the ISC public key, which is
available at <http://www.isc.org/about/openpgp/pgpkey2004.txt>.
A binary kit for Windows NT 4.0 and Windows 2000 is at
ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.2.6/BIND9.2.6.zip
ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.2.6/BIND9.2.6.debug.zip
The PGP signature of the binary kit for Windows NT 4.0 and Windows 2000 is at
ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.2.6/BIND9.2.6.zip.asc
ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.2.6/BIND9.2.6.debug.zip.asc
A list of changes made since 9.2.0 follows. For earlier changes,
see the file CHANGES in the distribution.
--------
--- 9.2.6 released ---
--- 9.2.6rc1 released ---
1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
--- 9.2.6b2 released ---
1930. [port] HPUX: ia64 support. [RT #15473]
1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
1926. [bug] BINDinstall was being installed in the wrong place.
[RT #15483]
1925. [port] All outer level AC_TRY_RUNs need cross compiling
defaults. [RT #15469]
1924. [port] libbind: hpux ia64 support. [RT #15473]
1923. [bug] ns_client_detach() called too early. [RT #15499]
--- 9.2.6b1 released ---
1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
when generating man pages. [RT #15385]
1911. [bug] Update windows socket code. [RT #14965]
1905. [bug] Strings returned from cfg_obj_asstring() should be
treated as read-only. [RT #15256]
1895. [bug] A escaped character is, potentially, converted to
the output character set too early. [RT #14666]
1893. [port] Use uintptr_t if available. [RT #14606]
1889. [port] sunos: non blocking i/o support. [RT #14951]
1887. [bug] The cache could delete expired records too fast for
clients with a virtual time in the past. [RT #14991]
1886. [bug] fctx_create() could return success even though it
failed. [RT #14993]
1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>.
1883. [bug] dnssec-signzone, dnssec-keygen, dnssec-signkey,
dnssec-makekeyset: handle negative debug levels.
[RT #14962]
1881. [func] Add a system test for named-checkconf. [RT #14931]
1877. [bug] Fix unreasonably low quantum on call to
dns_rbt_destroy2(). Remove unnecessay unhash_node()
call. [RT #14919]
1875. [bug] process_dhtkey() was using the wrong memory context
to free some memory. [RT #14890]
1873. [port] win32: isc__errno2result() now reports its caller.
[RT #13753]
1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
1871. [bug] dnssec_makekeyset and dnssec-signkey failed to
initalize the hash context. [RT #13771]
1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
bad addresses. [RT #14841]
1861. [bug] dig could trigger a INSIST on certain malformed
responses. [RT #14801]
1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
incorrectly set. [RT #14775]
1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
[RT #11398]
1854. [bug] lwres also needs to know the print format for
(long long). [RT #13754]
1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
1849. [doc] All forms of the man pages (docbook, man, html) should
have consistant copyright dates.
1848. [bug] Improve SMF integration. [RT #13238]
1847. [bug] isc_ondestroy_init() is called too late in
dns_rbtdb_create()/dns_rbtdb64_create().
[RT #13661]
1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
<bortzmeyer at nic.fr>.
1845. [bug] Improve error reporting to distingish between
accept()/fcntl() and socket()/fcntl() errors.
[RT #13745]
1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
for each 16 bit piece of the IPv6 address. The text
representation of a IPv6 address has been tighted
to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
[RT #5662]
1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps
when CFLAGS contains "-I /usr/local/include"
resulting in old header files being used.
1842. [port] cmsg_len() could produce incorrect results on
some platform. [RT #13744]
1841. [bug] "dig +nssearch" now makes a recursive query to
find the list of nameservers to query. [RT #13694]
1839. [bug] <isc/hash.h> was not being installed.
1838. [cleanup] Don't allow Linux capabilities to be inherited.
[RT #13707]
1836. [cleanup] Silence compiler warnings in hash_test.c.
1835. [bug] Update dnssec-signzone's usage message. [RT #13657]
1834. [bug] Bad memset in rdata_test.c. [RT #13658]
1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660]
1832. [bug] named fails to return BADKEY on unknown TSIG algorithm.
[RT #13620]
1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
1828. [bug] isc_rwlock_init() failed to properly cleanup if it
encountered a error. [RT #13549]
1827. [bug] host: update usage message for '-a'. [RT #37116]
1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out
of memory error. [RT #13537]
1825. [bug] Missing UNLOCK() on out of memory error from in
rbtdb.c:subtractrdataset(). [RT #13519]
1824. [bug] Memory leak on dns_zone_setdbtype() failure.
[RT #13510]
1823. [bug] Wrong macro used to check for point to point interface.
[RT#13418]
1821. [doc] acls definitions are no longer required to be
in named.conf prior to reference. They can be
defined after being referenced.
1820. [bug] Gracefully handle acl loops. [RT #13659]
1815. [bug] nsupdate triggered a REQUIRE if the server was set
without also setting the zone and it encountered
a CNAME and was using TSIG. [RT #13086]
1810. [bug] configure, lib/bind/configure make different default
decisions about whether to do a threaded build.
[RT #13212]
1809. [bug] "make distclean" failed for libbind if the platform
is not supported.
1807. [bug] When forwarding (forward only) set the active domain
from the forward zone name. [RT #13526]
1804. [bug] Ensure that if we are queried for glue that it fits
in the additional section or TC is set to tell the
client to retry using TCP. [RT #10114]
1802. [bug] Handle connection resets better. [RT #11280]
--- 9.2.5 released ---
--- 9.2.5rc1 released ---
1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
[RT #13453]
1808. [bug] zone.c:notify_zone() contained a race condition,
zone->db could change underneath it. [RT #13511]
--- 9.2.5beta2 released ---
1800. [bug] Changes #1719 allowed a INSIST to be triggered.
[RT #13428]
--- 9.2.5beta1 released ---
1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
allow parallel make to succeed.
1789. [bug] Prerequisite test for tkey and dnssec could fail
with "configure --with-libtool".
1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.
1786. [port] AIX: libt_api needs to be taught to look for
T_testlist in the main executable (--with-libtool).
[RT #13239]
1784. [cleanup] "libtool -allow-undefined" is the default.
Leave hooks in configure to allow it to be set
if needed in the future.
1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the
source tree.
1782. [port] OSX: --with-libtool + --enable-libbind broke on
__evOptMonoTime. [RT #13219]
1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
1780. [bug] Update libtool to 1.5.10.
1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
IN6ADDR_LOOPBACK_INIT macros.
1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
IN6ADDR_LOOPBACK_INIT macros.
1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
IN6ADDR_LOOPBACK_INIT macros.
1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
1774. [port] Aix: Silence compiler warnings / build failures.
[RT #13154]
1773. [bug] Fast retry on host / net unreachable. [RT #13153]
1772. [bug] Change #1740 needed more work in 9.2 as bit-labels
are still supported. [RT #13015]
1771. [bug] Built-in zones did not have SOA or NS records.
[RT #13015]
1770. [bug] named-checkconf failed to report missing a missing
file clause for rbt{64} master/hint zones. [RT#13009]
1769. [port] win32: change compiler flags /MTd ==> /MDd,
/MT ==> /MD.
1767. [port] Builds on IPv6 platforms without IPv6 Advanced API
support for (struct in6_pktinfo) failed. [RT #13077]
1766. [bug] Update the master file timestamp on successful refresh
as well as the journal's timestamp. [RT# 13062]
1764. [bug] dns_zone_replacedb failed to emit a error message
if there was no SOA record in the replacment db.
[RT #13016]
1760. [bug] Host / net unreachable was not penalising rtt
estimates. [RT #12970]
1753. [bug] Don't serve a slave zone which has no NS records.
[RT #12894]
1752. [port] Move isc_app_start() to after ns_os_daemonise()
as some fork() implementations unblock the signals
that are blocked by isc_app_start(). [RT #12810]
1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
[RT #12864]
1747. [bug] BIND 8 compatability: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
1744. [bug] If tuple2msgname() failed to convert a tuple to
a name a REQUIRE could be triggered. [RT #12796]
1743. [bug] If isc_taskmgr_create() was not able to create the
requested number of worker threads then destruction
of the manager would trigger an INSIST() failure.
[RT #12790]
1742. [bug] Deleting all records at a node then adding a
previously existing record, in a single UPDATE
transaction, failed to leave / regenerate the
associated SIG records. [RT #12788]
1741. [bug] Deleting all records at a node in a secure zone
using a update-policy grant failed. [RT #12787]
1740. [bug] Replace rbt's hash algorithm as it performed badly
with certain zones. [RT #12729]
NOTE: a hash context now needs to be established
via isc_hash_create() if the application was not
already doing this.
1739. [bug] dns_rbt_deletetree() could incorrectly return
ISC_R_QUOTA. [RT #12695]
1738. [bug] Enable overrun checking by default. [RT #12695]
1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path.
[RT #12588]
1733. [bug] Return non-zero exit status on initial load failure.
[RT #12658]
1731. [port] darwin: relax version test in ifconfig.sh.
[RT #12581]
1730. [port] Determine the length type used by the socket API.
[RT #12581]
1726. [port] aix5: add support for aix5.
1725. [port] linux: update error message on interaction of threads,
capabilities and setuid support (named -u). [RT #12541]
1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
1722. [bug] Don't commit the journal on malformed ixfr streams.
[RT #12519]
1721. [bug] Error message from the journal processing were not
always identifing the relevent journal. [RT #12519]
1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1
negative response. [RT #12506]
1719. [bug] named was not correctly caching a RFC 2308 Type 1
negative response. [RT #12506]
1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative
responses when looking for the zone / master server.
[RT #12506]
1717. [port] solaris: ifconfig.sh did not support Solaris 10.
"ifconfig.sh down" didn't work for Solaris 9.
1716. [doc] named.conf(5) was being installed in the wrong
location. [RT# 12441]
1714. [bug] dig/host/nslookup were only trying the first
address when a nameserver was specified by name.
[RT #12286]
1713. [port] linux: extend capset failure message to say:
please ensure that the capset kernel module is
loaded. see insmod(8)
--- 9.2.4 released ---
--- 9.2.4rc8 released ---
1709. [port] solaris: add SMF support from Sun.
1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
for conformance to the name space convention. Binary
backward compatibility to the old function name is
provided. [RT #12376]
1707. [contrib] sdb/ldap updated to version 1.0-beta.
1704. [port] lwres needed a snprintf() implementation for
platforms without snprintf(). [RT #12321]
1701. [doc] A minimal named.conf man page.
1700. [func] nslookup is no longer to be treated as deprecated.
Remove "deprecated" warning message. Add man page.
1698. [doc] Use reserved IPv6 documentation prefix.
--- 9.2.4rc7 released ---
1694. [bug] Report if the builtin views of "_default" / "_bind"
are defined in named.conf. [RT #12023]
1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
/usr/lib. [RT #11971]
1691. [bug] sdb's attachversion was not complete. [RT #11990]
1690. [bug] Delay detaching view from the client until UPDATE
processing completes when shutting down. [RT #11714]
1689. [bug] DNS_NAME_TOREGION() macros contained a gratuitous
semicolons. [RT #11707]
1688. [bug] LDFLAGS was not supported.
1687. [bug] Race condition in dispatch. [RT #10272]
1686. [bug] Named sent a extraneous NOTIFY when it received a
redundant UPDATE request. [RT #11943]
--- 9.2.4rc6 released ---
1685. [bug] Change #1679 loop tests weren't quite right.
1682. [port] Update configure test for (long long) printf format.
[RT #5066]
1681. [bug] Only set SO_REUSEADDR when a port is specified in
isc_socket_bind(). [RT #11742]
1679. [bug] When there was a single nameserver with multiple
addresses for a zone not all addresses were tried.
[RT #11706]
1672. [cleanup] Tests which only function in a threaded build
now return R:THREADONLY (rather than R:UNTESTED)
in a non-threaded build.
1671. [contrib] queryperf: add NAPTR to the list of known types.
1669. [bug] Restore "update forwarding denied" log messages
accidentally suppressed by change #1633. [RT# 11657]
1660. [bug] win32: connection_reset_fix() was being called
unconditionally. [RT #11595]
--- 9.2.4rc5 released ---
1655. [bug] Logging multiple versions w/o a size was broken.
[RT #11446]
1654. [bug] isc_result_totext() contained array bounds read
error.
1650. [bug] dig, nslookup: flush standard out after each command.
1649. [bug] Silence "unexpected non-minimal diff" message.
[RT #11206]
1646. [bug] win32: logging file versions didn't work with
non-UNC filenames. [RT#11486]
1644. [bug] Update the journal modification time after a
sucessfull refresh query. [RT #11436]
1643. [bug] dns_db_closeversion() could leak memory / node
references. [RT #11163]
--- 9.2.4rc4 released ---
1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
incorrectly closing the socket. [RT #11291]
1634. [bug] named didn't supply a useful error message when it
detected duplicate views. [RT #11208]
1633. [bug] named should return NOTIMP to update requests to a
slaves without a allow-update-forwarding acl specified.
[RT #11331]
1632. [bug] nsupdate failed to send prerequisite only UPDATE
messages. [RT #11288]
1627. [bug] win32: sockets were not being closed when the
last external reference was removed. [RT# 11179]
--- 9.2.4rc3 released ---
1623. [bug] A serial number of zero was being displayed in the
"sending notifies" log message when also-notify was
used. [RT #11177]
1621. [bug] match-destinations did not work for IPv6 TCP queries.
[RT# 11156]
1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
[RT# 11118]
1617. [port] win32: VC++ 6.0 support.
1616. [compat] Ensure that named's version is visible in the core
dump. [RT #11127]
1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
it is defined.
1614. [port] win32: silence resource limit messages. [RT# 11101]
1610. [bug] On dual stack machines "dig -b" failed to set the
address type to be looked up with "@server".
[RT #11069]
1600. [bug] Duplicate zone pre-load checks were not case
insensitive.
1599. [bug] Fix memory leak on error path when checking named.conf.
--- 9.2.4rc2 released ---
1607. [bug] dig, host and nslookup were still using random()
to generate query ids. [RT# 11013]
1604. [bug] A xfrout_ctx_create() failure would result in
xfrout_ctx_destroy() being called with a
partially initialized structure.
1603. [bug] nsupdate: set interactive based on isatty().
[RT# 10929]
1602. [bug] Logging to a file failed unless a size was specified.
[RT# 10925]
1601. [bug] Silence spurious warning 'both "recursion no;" and
"allow-recursion" active' warning from view "_bind".
[RT# 10920]
1455. [bug] <netaddr> missing from server grammar in
doc/misc/options. [RT #5616]
1593. [bug] rndc should return "unknown command" to unknown
commands. [RT# 10642]
--- 9.2.4rc1 released ---
1592. [bug] configure_view() could leak a dispatch. [RT# 10675]
1591. [bug] libbind: updated to BIND 8.4.5.
1590. [port] netbsd: update thread support.
1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
1587. [bug] dns_message_settsigkey() failed to clear existing key.
[RT #10590]
1585. [bug] allow-v6-synthesis was not performing lookups under
IP6.INT. allow-v6-synthesis now performs a nibble
lookups under IP6.ARPA rather than a bitstring lookups.
[RT #10497]
NOTE: allow-v6-synthesis has been deprecated.
1584. [bug] "make test" failed with a read only source tree.
[RT #10461]
1583. [bug] Records add via UPDATE failed to get the correct trust
level. [RT #10452]
1582. [bug] rrset-order failed to work on RRsets with more
than 32 elements. [RT #10381]
1580. [bug] Zone destruction on final detach takes a long time.
[RT #3746]
1579. [bug] Multiple task managers could not be created.
1578. [bug] Don't use CLASS E IPv4 addresses when resolving.
[RT #10346]
1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug
workaround code. [RT #10331]
1576. [bug] Race condition in dns_dispatch_addresponse().
[RT# 10272]
1574. [bug] Don't attempt to open the controls socket(s) when
running tests. [RT #9091]
1573. [port] linux: update to libtool 1.5.2 so that
"make install DESTDIR=/xx" works with
"configure --with-libtool". [RT #9941]
1572. [bug] nsupdate: sign the soa query to find the enclosing
zone if the server is specified. [RT #10148]
1571. [bug] rbt:hash_node() could fail leaving the hash table
in an inconsistent state. [RT #10208]
1570. [bug] nsupdate failed to handle classes other than IN.
New keyword 'class' which sets the default class.
[RT #10202]
1568. [bug] nsupdate now reports that the update failed in
interactive mode. [RT# 10236]
1567. [bug] B.ROOT-SERVERS.NET is now 192.228.79.201.
1566. [port] Support for the cmsg framework on Solaris and HP/UX.
This also solved the problem that match-destinations
for IPv6 addresses did not work on these systems.
[RT #10221]
1563. [bug] Gracefully fail when unable to obtain neither an IPv4
nor an IPv6 dispatch. [RT #10230]
1562. [bug] isc_socket_create() and isc_socket_accept() could
leak memory under error conditions. [RT #10230]
1561. [bug] It was possible to release the same name twice if
named ran out of memory. [RT #10197]
1559. [port] named should ignore SIGFSZ.
1556. [bug] nsupdate now treats all names as fully qualified.
[RT #6427]
1553. [bug] The windows socket code could stop accepting
connections.
1552. [bug] Accept NOTIFY requests from mapped masters if
matched-mapped is set. [RT #10049]
1551. [port] Open "/dev/null" before calling chroot().
1550. [port] Call tzset(), if available, before calling chroot().
1547. [bug] Named wasted memory recording duplicate lame zone
entries. [RT #9341]
1546. [bug] We were rejecting valid secure CNAME to negative
answers.
1545. [bug] It was possible to leak memory if named was unable to
bind to the specified transfer source and TSIG was
being used. [RT #10120]
1544. [bug] Named would logged a single entry to a file despite it
being over the specified size limit.
1543. [bug] Logging using "versions unlimited" did not work.
1542. [bug] Reversed timestamp sanity test on SIG. [RT #10095]
1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
[RT #8934]
1539. [bug] Open UDP sockets for notify-source and transfer-source
that use reserved ports at startup. [RT #9475]
1536. [bug] Windows socket code failed to log a error description
when returning ISC_R_UNEXPECTED. [RT #9998]
1535. [bug] dig -x of a partial IPv4 address broken. [RT# 9949]
1534. [bug] Race condition when priming cache. [RT# 9940]
1533. [func] Warn if both "recursion no;" and "allow-recursion"
are active. [RT# 4389]
1532. [port] netbsd: the configure test for <sys/sysctl.h>
requires <sys/param.h>.
1531. [port] AIX more libtool fixes.
1530. [bug] It was possible to trigger a INSIST() failure if a
slave master file was removed at just the correct
moment. [RT #9462]
1529. [bug] "notify explicit;" failed to log that NOTIFY messages
were being sent for the zone. [RT #9442]
1025. [bug] Don't use multicast addresses to resolve iterative
queries. [RT #101]
--- 9.2.3 released ---
1525. [bug] dns_cache_create() could trigger a REQUIRE
failure in isc_mem_put() during error cleanup.
1524. [port] AIX needs to be able to resolve all symbols when
creating shared libraries (--with-libtool).
1523. [bug] Fix race condition in rbtdb. [RT# 9189]
1522. [bug] dns_db_findnode() relax the requirements on 'name'.
[RT# 9286]
1518. [bug] dns_nxt_buildrdata(), and hence dns_nxt_build(),
contained a off-by-one error when working out the
number of octets in the bitmap.
1514. [bug] named: isc_hash_destroy() was being called too early.
[RT #9160]
1513. [doc] Add "US" to root-delegation-only exclude list.
--- 9.2.3rc4 released ---
1512. [bug] Extend the delegation-only logging to return query
type, class and responding nameserver.
1511. [bug] delegation-only was generating false positives
on negative answers from subzones.
--- 9.2.3rc3 released ---
1510. [func] New view option "root-delegation-only". Apply
delegation-only check to all TLDs and root.
Note there are some TLDs that are NOT delegation
only (e.g. DE, LV, US and MUSEUM) these can be excluded
from the checks by using exclude.
root-delegation-only exclude {
"DE"; "LV"; "US"; "MUSEUM";
};
1509. [bug] Hint zones should accept delegation-only. Forward
zone should not accept delegation-only.
1508. [bug] Don't apply delegation-only checks to answers from
forwarders.
1507. [bug] Handle BIND 8 style returns to NS queries to parents
when making delegation-only checks.
1506. [bug] Wrong return type for dns_view_isdelegationonly().
--- 9.2.3rc2 released ---
1505. [bug] Uninitialized rdataset in sdb. [RT #8750]
1504. [func] New zone type "delegation-only".
1503. [port] win32: install libeay32.dll outside of system32.
--- 9.2.3rc1 released ---
1499. [bug] isc_random need to be seeded better if arc4random()
is not used.
1498. [port] bsdos: 5.x support.
1497. [protocol] dig, nslookup and host now perform nibble lookups
under IP6.ARPA, use -i for IP6.INT (dig and host).
lwres now uses IP6.ARPA.
1496. [port] test for pthread_attr_setstacksize().
1495. [cleanup] Replace hash functions with universal hash.
1494. [security] Turn on RSA BLINDING as a precaution.
1493. [doc] A6 and "bitstring" labels are now experimental.
1492. [cleanup] Preserve rwlock quota context when upgrading /
downgrading. [RT #5599]
1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
lines. [RT #6206]
1490. [bug] Accept reading state as well as working state in
ns_client_next(). [RT #6813]
1489. [compat] Treat 'allow-update' on slave zones as a warning.
[RT #3469]
1488. [bug] Don't override trust levels for glue addresses.
[RT #5764]
1487. [bug] A REQUIRE() failure could be triggered if a zone was
queued for transfer and the zone was then removed.
[RT #6189]
1486. [bug] isc_print_snprintf() '%%' consumed one too many format
characters. [RT# 8230]
1485. [bug] gen failed to handle high type values. [RT #6225]
1484. [bug] The number of records reported after a AXFR was wrong.
[RT #6229]
1483. [bug] dig axfr failed if the message id in the answer failed
to match that in the request. Only the id in the first
message is required to match. [RT #8138]
1482. [bug] named could fail to start if the kernel supports
IPv6 but no interfaces are configured. Similarly
for IPv4. [RT #6229]
1481. [bug] Refresh and stub queries failed to use masters keys
if specified. [RT #7391]
1480. [bug] Provide replay protection for rndc commands. Full
replay protection requires both rndc and named to
be updated. Partial replay protection (limited
exposure after restart) is provided if just named
is updated.
1479. [bug] cfg_create_tuple() failed to handle out of
memory cleanup. parse_list() would leak memory
on syntax errors.
1478. [port] ifconfig.sh didn't account for other virtual
interfaces. It now takes a optional argument
to specify the first interface number. [RT #3907]
1477. [bug] memory leak using stub zones and TSIG.
1476. [port] win32: port unreachables were blocking further i/o
on sockets (Windows 2000 SP2 and later).
1473. [bug] create_map() and create_string() failed to handle out
of memory cleanup. [RT #6813]
1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
1471. [bug] libbind: updated to BIND 8.4.0.
1470. [bug] Incorrect length passed to snprintf. [RT #5966]
1466. [bug] lwresd configuration errors resulted in memory
and lock leaks. [RT #5228]
1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
failed to check that trailing bits were zero allowing
some invalid base64 strings to be accepted. [RT #5397]
1464. [bug] Preserve "out of zone" data for outgoing zone
transfers. [RT #5192]
1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
NXT bit maps. [RT #5577]
1462. [bug] parse_sizeval() failed to check the token type.
[RT #5586]
1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
1460. [bug] inet_pton() failed to reject certain malformed
IPv6 literals.
1459. [bug] win32: we were leaking a bits in the exception
fd_set resulting in "Socket operation on non-socket"
errors from select(). [RT #2966]
1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
1452. [bug] Bad #ifdef, ISC_RFC2335 -> ISC_RFC2535.
1451. [bug] rndc-confgen didn't exit with a error code for all
failures. [RT #5209]
1450. [bug] Fetching expired glue failed under certain
circumstances. [RT #5124]
1449. [bug] query_addbestns() didn't handle running out of memory
gracefully.
1448. [bug] Handle empty wildcards labels.
1447. [bug] We were casting (unsigned int) to and from (void *).
rdataset->private4 is now rdataset->privateuint4
to reflect a type change.
1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
been replaced with DNS_ADBFIND_STARTATZONE which
causes the search to start using the closest zone.
1439. [bug] Named could return NOERROR with certain NOTIFY
failures. Return NOTAUTH if the NOTIFY zone is
not being served.
1435. [bug] zmgr_resume_xfrs() was being called read locked
rather than write locked. zmgr_resume_xfrs()
was not being called if the zone was being
shutdown.
1437. [bug] Leave space for stdio to work in. [RT #5033]
1434. [bug] "rndc reconfig" failed to initiate the initial
zone transfer of new slave zones.
1431. [bug] isc_print_snprintf() "%s" with precision could walk off
end of argument. [RT #5191]
1429. [bug] Prevent the cache getting locked to old servers.
1424. [bug] EDNS version not being correctly printed.
1423. [contrib] queryperf: added A6 and SRV.
1420. [port] solaris: work around gcc optimizer bug.
1419. [port] openbsd: use /dev/arandom. [RT #4950]
1418. [bug] 'rndc reconfig' did not cause new slaves to load.
1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
[RT #4715]
1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
1408. [bug] "make distclean" was not complete. [RT #4700]
1407. [bug] lfsr incorrectly implements the shift register.
[RT #4617]
1406. [bug] dispatch initializes one of the LFSR's with a incorrect
polynomial. [RT #4617]
1405. [func] Use arc4random() if available.
1401. [bug] adb wasn't clearing state when the timer expired.
1399. [bug] Use serial number arithmetic when testing SIG
timestamps. [RT #4268]
1397. [bug] J.ROOT-SERVERS.NET is now 192.58.128.30.
1389. [bug] named could fail to rotate long log files. [RT #3666]
1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
defining HAVE_IFLIST_SYSCTL. [RT #3770]
1387. [bug] named could crash due to an access to invalid memory
space (which caused an assertion failure) in
incremental cleaning. [RT #3588]
1385. [bug] Setting serial-query-rate to 10 would trigger a
REQUIRE failure.
1384. [bug] host was incompatible with BIND 8 in its exit code and
in the output with the -l option. [RT #3536]
1373. [bug] Recovery from expired glue failed under certain
circumstances.
1372. [bug] named crashes with an assertion failure on exit when
sharing the same port for listening and querying, and
changing listening addresses several times. [RT# 3509]
1370. [bug] dig '+[no]recurse' was incorrectly documented.
1369. [bug] Adding an NS record as the lexicographically last
record in a secure zone didn't work.
1366. [contrib] queryperf usage was incomplete. Add '-h' for help.
1348. [port] win32: Rewrote code to use I/O Completion Ports
in socket.c and eliminating a host of socket
errors. Performance is enhanced.
1333. [contrib] queryperf now reports a summary of returned
rcodes (-c), rcodes are printed in mnemonic form (-v).
1299. [bug] Set AI_ADDRCONFIG when looking up addresses
via getaddrinfo() (affects dig, host, nslookup, rndc
and nsupdate).
1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
[RT #2436]
1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
[RT #2046]
992. [doc] dig: ~/.digrc is now documented.
--- 9.2.2 released ---
1428. [port] hpux: temporary work around of hpux 11.11 interface
scanning.
1427. [bug] Race condition in adb with threaded build.
1426. [cleanup] Disable RFC2535 style DNSSEC. This is incompatible
with the forthcoming DS style DNSSEC.
1425. [port] linux/libbind: define __USE_MISC when testing *_r()
function prototypes in netdb.h. [RT #4921]
1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
have a working implementation. [RT #4079]
1382. [bug] make install failed with --enable-libbind. [RT #3656]
1381. [bug] named failed to correctly process answers that
contained DNAME records where the resulting CNAME
resulted in a negative answer.
--- 9.2.2rc1 released ---
1360. [bug] --enable-libbind would fail when not built in the
source tree for certain OS's.
1359. [security] Support patches OpenSSL libraries.
http://www.cert.org/advisories/CA-2002-23.html
1358. [bug] It was possible to trigger a INSIST when debugging
large dynamic updates. [RT #3390]
1357. [bug] nsupdate was extremely wasteful of memory.
1356. [tuning] Reduce the number of events / quantum for zone tasks.
1354. [doc] lwres man pages had illegal nroff.
1353. [contrib] sdb/ldap to version 0.9.
1352. [bug] dig, host, nslookup when falling back to TCP use the
current search entry (if any). [RT #3374]
1351. [bug] lwres_getipnodebyname() returned the wrong name
when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
was set.
1350. [bug] dns_name_fromtext() failed to handle too many labels
gracefully.
1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
http://www.cert.org/advisories/CA-2002-23.html
1346. [bug] Win32: select timeout in socket.c was too small
as value given was meant to be milliseconds and
timeval structure requires microseconds. This
caused high CPU loads with a compute bound loop.
[RT #3358]
1345. [port] Use a explicit -Wformat with gcc. Not all versions
include it in -Wall.
1340. [bug] Delay and spread out the startup refresh load.
1335. [bug] When performing a nonexistence proof, the validator
should discard parent NXTs from higher in the DNS.
1334. [bug] When signing/verifying rdatasets, duplicate rdatas
need to be suppressed.
1330. [bug] When processing events (non-threaded) only allow
the task one chance to use to use its quantum.
1327. [bug] The validator would incorrectly mark data as insecure
when seeing a bogus signature before a correct
signature.
1326. [bug] DNAME/CNAME signatures were not being cached when
validation was not being performed. [RT #3284]
1325. [bug] If the tcpquota was exhausted it was possible to
to trigger a INSIST() failure.
1324. [port] darwin: ifconfig.sh now supports darwin.
1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
1320. [doc] query-source-v6 was missing from options section.
[RT #3218]
1319. [func] libbind: log attempts to exploit #1318.
1318. [bug] libbind: Remote buffer overrun.
1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
element name.
1316. [bug] libbind: gethostans() could get out of sync parsing
the response if there was a very long CNAME chain.
1315. [bug] Options should apply to the internal _bind view.
1314. [port] Handle ECONNRESET from sendmsg() [unix].
1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
1310. [bug] 'rndc stop' failed to cause zones to be flushed
sometimes. [RT #3157]
1307. [bug] nsupdate: allow white space base64 key data.
1306. [bug] Badly encoded LOC record when the size, horizontal
precision or vertical precision was 0.1m.
1305. [bug] Document that internal zones are included in the
rndc status results.
1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
could be left with a trailing "\" after configure
has been run.
1297. [port] linux: make handling EINVAL from socket() no longer
conditional on #ifdef LINUX.
1296. [bug] isc_log_closefilelogs() needed to lock the log
context.
1295. [bug] isc_log_setdebuglevel() needed to lock the log
context.
1294. [func] libbind: no longer attempts bit string labels for
IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
for nibble style resolution.
1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
reflect written requirements.
1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
a rdataset to a zone db in the rbtdb implementation of
addrdataset.
1286. [bug] dns_name_downcase() enforce requirement that
target != NULL or name->buffer != NULL.
1284. [bug] The RTT estimate on unused servers was not aged.
[RT #2569]
1282. [port] libbind: hpux 11.11 interface scanning.
1280. [bug] libbind: escape '(' and ')' when converting to
presentation form.
1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
1276. [bug] libbind: const pointer conflicts in res_debug.c.
1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
1274. [bug] Memory leak in lwres_gnbarequest_parse().
1273. [port] libbind: solaris: 64 bit binary compatibility.
1272. [contrib] Berkeley DB 4.0 sdb implementation from
Nuno Miguel Rodrigues <nmr at co.sapo.pt>.
1270. [bug] Check that system inet_pton() and inet_ntop() support
AF_INET6.
1269. [port] Openserver: ifconfig.sh support.
1268. [port] Openserver: the value FD_SETSIZE depends on whether
<sys/param.h> is included or not. Be consistent.
1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
__ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
are not C++ compatible, use *_TYPE versions instead.
1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
1263. [bug] Reference after free error if dns_dispatchmgr_create()
failed.
1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
support for compressed TSIG owner names.
1260. [func] libbind: res_update can now update IPv6 servers,
new function res_findzonecut2().
1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
w/o sa_len.
1258. [bug] libbind: res_nametotype() and res_nametoclass() were
broken.
1257. [bug] Failure to write pid-file should not be fatal on
reload. [RT #2861]
1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
1255. [bug] When verifying that an NXT proves nonexistence, check
the rcode of the message and only do the matching NXT
check. That is, for NXDOMAIN responses, check that
the name is in the range between the NXT owner and
next name, and for NOERROR NODATA responses, check
that the type is not present in the NXT bitmap.
1253. [bug] The dnssec system test failed to remove the correct
files.
1252. [bug] Dig, host and nslookup were not checking the address
the answer was coming from against the address it was
sent to. [RT# 2692]
1248. [bug] DESTDIR was not being propagated between makes.
1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
accept().
1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
1241. [bug] Drop received UDP messages with a zero source port
as these are invariably forged. [RT #2621]
1209. [bug] Dig, host, nslookup were not checking the message ids
on the responses. [RT #2454]
1097. [func] libbind: RES_PRF_TRUNC for dig.
1096. [func] libbind: "DNSSEC OK" (DO) support.
1095. [func] libbind: resolver option: no-tld-query. disables
trying unqualified as a tld. no_tld_query is also
supported for FreeBSD compatibility.
1094. [func] libbind: add support gcc's format string checking.
1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
support.
--- 9.2.1 released ---
1251. [port] win32: a make file contained absolute version specific
references.
1249. [bug] Missing masters clause was not handled gracefully.
[RT #2703]
1244. [bug] Receiving a TCP message from a blackhole address would
prevent further messages being received over that
interface.
1178. [bug] Follow and cache (if appropriate) A6 and other
data chains to completion in the additional section.
--- 9.2.1rc2 released ---
1240. [bug] It was possible to leak zone references by
specifying an incorrect zone to rndc.
1239. [bug] Under certain circumstances named could continue to
use a name after it had been freed triggering
INSIST() failures. [RT #2614]
1238. [bug] It is possible to lockup the server when shutting down
if notifies were being processed. [RT #2591]
1237. [bug] nslookup: "set q=type" failed.
1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
NULL terminated text regions. [RT #2588]
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
1229. [bug] named would crash if it received a TSIG signed
query as part of an AXFR response. [RT #2570]
1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
if a number was expected and some other token was
found. [RT#2532]
1222. [bug] Specifying 'port *' did not always result in a system
selected (non-reserved) port being used. [RT #2537]
1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
compared case insensitively. [RT #2542]
1218. [bug] Named incorrectly returned SERVFAIL rather than
NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
1216. [bug] Multiple server clauses for the same server were not
reported. [RT #2514]
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
1214. [bug] Win32: isc_file_renameunique() could leave zero length
files behind.
1212. [port] libbind: 64k answer buffers were causing stack space
to be exceeded for certain OS. Use heap space instead.
1211. [bug] dns_name_fromtext() incorrectly handled certain
valid octal bitlabels. [RT #2483]
1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
compatible addresses. [RT #2461]
1208. [bug] dns_master_load*() failed to log a error message if
an error was detected when parsing the ownername of
a record. [RT #2448]
--- 9.2.1rc1 released ---
1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
an invalid pointer.
1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
trigger a non-EDNS retry.
1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
of the message. [RT #2449]
1204. [bug] libbind: res_nupdate() failed to update the name
server addresses before sending the update.
1201. [bug] Require that if 'callbacks' is passed to
dns_rdata_fromtext(), callbacks->error and
callbacks->warn are initialized.
1200. [bug] Log 'errno' that we are unable to convert to
isc_result_t. [RT #2404]
1198. [bug] OPT printing style was not consistent with the way the
header fields are printed. The DO bit was not reported
if set. Report if any of the MBZ bits are set.
1197. [bug] Attempts to define the same acl multiple times were not
detected.
1196. [contrib] update mdnkit to 2.2.3.
1195. [bug] Attempts to redefine builtin acls should be caught.
[RT #2403]
1194. [bug] Not all duplicate zone definitions were being detected
at the named.conf checking stage. [RT #2431]
1193. [bug] Best effort parsing didn't handle packet truncation.
1191. [bug] A dynamic update removing the last non-apex name in
a secure zone would fail. [RT #2399]
1189. [bug] On some systems, malloc(0) returns NULL, which
could cause the caller to report an out of memory
error. [RT #2398]
1188. [bug] Dynamic updates of a signed zone would fail if
some of the zone private keys were unavailable.
1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
EOL token when reading to end of line.
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
unless RES_INIT is set when calling res_*init().
1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
when res_*init() is called.
1183. [bug] Handle ENOSR error when writing to the internal
control pipe. [RT #2395]
1182. [bug] The server could throw an assertion failure when
constructing a negative response packet.
1176. [doc] Document that allow-v6-synthesis is only performed
for clients that are supplied recursive service.
[RT #2260]
1175. [bug] named-checkzone failed to call dns_result_register()
at startup which could result in runtime
exceptions when printing "out of memory" errors.
[RT #2335]
1174. [bug] Win32: add WSAECONNRESET to the expected errors
from connect(). [RT #2308]
1173. [bug] Potential memory leaks in isc_log_create() and
isc_log_settag(). [RT #2336]
1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
table of RR types in ARM.
1170. [bug] Don't attempt to print the token when a I/O error
occurs when parsing named.conf. [RT #2275]
1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
1167. [contrib] nslint-2.1a3 (from author).
1166. [bug] "Not Implemented" should be reported as NOTIMP,
not NOTIMPL. [RT #2281]
1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
1164. [bug] Empty masters clauses in slave / stub zones were not
handled gracefully. [RT #2262]
1162. [bug] The allow-notify option was not accepted in slave
zone statements.
1161. [bug] named-checkzone looped on unbalanced brackets.
[RT #2248]
1160. [bug] Generating Diffie-Hellman keys longer than 1024
bits could fail. [RT #2241]
1156. [port] The configure test for strsep() incorrectly
succeeded on certain patched versions of
AIX 4.3.3. [RT #2190]
1154. [bug] Don't attempt to obtain the netmask of a interface
if there is no address configured. [RT #2176]
1152. [bug] libbind: read buffer overflows.
1144. [bug] rndc-confgen would crash if both the -a and -t
options were specified. [RT #2159]
1142. [bug] dnssec-signzone would fail to delete temporary files
in some failure cases. [RT #2144]
1141. [bug] When named rejected a control message, it would
leak a file descriptor and memory. It would also
fail to respond, causing rndc to hang.
[RT #2139, #2164]
1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
to the -s option. [RT #2138]
1136. [bug] CNAME records synthesized from DNAMEs did not
have a TTL of zero as required by RFC2672.
[RT #2129]
1125. [bug] rndc: -k option was missing from usage message.
[RT #2057]
1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
are now documented. [RT #2052]
1123. [bug] dig +[no]fail did not match description. [RT #2052]
1109. [bug] nsupdate accepted illegal ttl values.
1108. [bug] On Win32, rndc was hanging when named was not running
due to failure to select for exceptional conditions
in select(). [RT #1870]
1081. [bug] Multicast queries were incorrectly identified
based on the source address, not the destination
address.
1072. [bug] The TCP client quota could be exceeded when
recursion occurred. [RT #1937]
1071. [bug] Sockets listening for TCP DNS connections
specified an excessive listen backlog. [RT #1937]
1070. [bug] Copy DNSSEC OK (DO) to response as specified by
draft-ietf-dnsext-dnssec-okbit-03.txt.
1014. [bug] Some queries would cause statistics counters to
increment more than once or not at all. [RT #1321]
1012. [bug] The -p option to named did not behave as documented.
988. [bug] 'additional-from-auth no;' did not work reliably
in the case of queries answered from the cache.
[RT #1436]
995. [bug] dig, host, nslookup: using a raw IPv6 address as a
target address should be fatal on a IPv4 only system.
--- 9.2.0 released ---
More information about the bind-announce
mailing list