BIND 9.5.0a7 is now available.
Mark_Andrews at isc.org
Wed Nov 14 21:07:05 UTC 2007
BIND 9.5.0a7 is now available.
BIND 9.5.0a7 is a alpha release for BIND 9.5.0.
This is a technology preview of new functionality to be be
released in BIND 9.5.0. New APIs are not yet frozen.
Please as a minimum perform a test build on your operating
system. We don't have test platforms for every operating
system and sometimes we accidently break builds. Now is
the time to tell us about that. bind9-bugs at isc.org.
Bugs should be reported to bind9-bugs at isc.org.
BIND 9.5 has a number of new features over BIND 9.4, including:
BIND 9.5.0 has a number of new features over 9.4,
GSS-TSIG support (RFC 3645).
Experimental http server and statistics support for named via xml.
Use Doxygen to generate internal documention.
BIND 9.5.0a7 can be downloaded from
The PGP signature of the distribution is at
The signature was generated with the ISC public key, which is
available at <http://www.isc.org/about/openpgp/pgpkey2006.txt>.
A binary kit for Windows 2000, Windows XP and Window 2003 is at
The PGP signature of the binary kit for Windows 2000, Windows XP and
Window 2003 is at
Changes since 9.5.0a1
--- 9.5.0a7 released ---
2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
2257. [bug] win32: Use the full path to vcredist_x86.exe when
calling it. [RT #17222]
2256. [bug] win32: Correctly register the installation location of
bindevt.dll. [RT #17159]
2255. [bug] L.ROOT-SERVERS.NET is now 188.8.131.52.
2254. [bug] timer.c:dispatch() failed to lock timer->lock
when reading timer->idle allowing it to see
intermediate values as timer->idle was reset by
isc_timer_touch(). [RT #17243]
2253. [func] "max-cache-size" defaults to 32M.
"max-acache-size" defaults to 16M.
2252. [bug] Fixed errors in sortlist code [RT #17216]
2250. [func] New flag 'memstatistics' to state whether the
memory statistics file should be written or not.
Additionally named's -m option will cause the
statistics file to be written. [RT #17113]
2249. [bug] Only set Authentic Data bit if client requested
DNSSEC, per RFC 3655 [RT #17175]
2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
2247. [doc] Sort doc/misc/options. [RT #17067]
2246. [bug] Make the startup of test servers (ans.pl) more
robust. [RT #17147]
2245. [bug] Validating lack of DS records at trust anchors wasn't
working. [RT #17151]
2244. [func] Allow the check of nameserver names against the
SOA MNAME field to be disabled by specifying
'notify-to-soa yes;'. [RT #17073]
2243. [func] Configuration files without a newline at the end now
parse without error. [RT #17120]
2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
library could require a source of random data.
2241. [func] nsupdate: add a interative 'help' command. [RT #17099]
2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
a number of INSIST()s into plain fatal() errors
which report the triggering result code.
The 'key' command wasn't disabling GSS-TSIG.
2239. [func] Ship a prebuilt bin/named/bind9.xsl.h. [RT #17114]
2238. [bug] It was possible to trigger a REQUIRE when a
validation was cancelled. [RT #17106]
2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
2236. [bug] dnssec-signzone failed to preserve the case of
of wildcard owner names. [RT #17085]
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
2233. [func] Add support for O(1) ACL processing, based on
radix tree code originally written by kevin
brintnall. [RT #16288]
2232. [bug] dns_adb_findaddrinfo() could fail and return
ISC_R_SUCCESS. [RT #17137]
2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
2230. [bug] We could INSIST reading a corrupted journal.
2229. [bug] Null pointer dereference on query pool creation
failure. [RT #17133]
2228. [contrib] contrib: Change 2188 was incomplete.
2227. [cleanup] Tidied up the FAQ. [RT #17121]
2225. [bug] More support for systems with no IPv4 addresses.
2224. [bug] Defer journal compaction if a xfrin is in progress.
2223. [bug] Make a new journal when compacting. [RT #17119]
2222. [func] named-checkconf now checks server key references.
2221. [bug] Set the event result code to reflect the actual
record turned to caller when a cache update is
rejected due to a more credible answer existing.
2220. [bug] win32: Address a race condition in final shutdown of
the Windows socket code. [RT #17028]
2219. [bug] Apply zone consistancy checks to additions, not
removals, when updating. [RT #17049]
2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
2217. [func] Adjust update log levels. [RT #17092]
2216. [cleanup] Fix a number of errors reported by Coverity.
2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
2214. [bug] Deregister OpenSSL lock callback when cleaning
up. Reorder OpenSSL cleanup so that RAND_cleanup()
is called before the locks are destroyed. [RT #17098]
2213. [bug] SIG0 diagnostic failure messages were looking at the
wrong status code. [RT #17101]
2212. [func] 'host -m' now causes memory statistics and active
memory to be printed at exit. [RT 17028]
2211. [func] Update "dynamic update temporarily disabled" message.
2210. [bug] Deleting class specific records via UPDATE could
fail. [RT #17074]
2209. [port] osx: linking against user supplied static OpenSSL
libraries failed as the system ones were still being
found. [RT #17078]
2208. [port] win32: make sure both build methods produce the
same output. [RT #17058]
2207. [port] Some implementations of getaddrinfo() fail to set
ai_canonname correctly. [RT #17061]
--- 9.5.0a6 released ---
2206. [security] "allow-query-cache" and "allow-recursion" now
cross inherit from each other.
If allow-query-cache is not set in named.conf then
allow-recursion is used if set, otherwise allow-query
is used if set, otherwise the default (localnets;
localhost;) is used.
If allow-recursion is not set in named.conf then
allow-query-cache is used if set, otherwise allow-query
is used if set, otherwise the default (localnets;
localhost;) is used.
2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
2204. [bug] "rndc flushanme name unknown-view" caused named
to crash. [RT #16984]
2203. [security] Query id generation was cryptographically weak.
[RT # 16915]
2202. [security] The default acls for allow-query-cache and
allow-recursion were not being applied. [RT #16960]
2201. [bug] The build failed in a separate object directory.
2200. [bug] The search for cached NSEC records was stopping to
early leading to excessive DLV queries. [RT #16930]
2199. [bug] win32: don't call WSAStartup() while loading dlls.
2198. [bug] win32: RegCloseKey() could be called when
RegOpenKeyEx() failed. [RT #16911]
2197. [bug] Add INSIST to catch negative responses which are
not setting the event result code appropriately.
2196. [port] win32: yield processor while waiting for once to
to complete. [RT #16958]
2195. [func] dnssec-keygen now defaults to nametype "ZONE"
when generating DNSKEYs. [RT #16954]
2194. [bug] Close journal before calling 'done' in xfrin.c.
--- 9.5.0a5 released ---
2193. [port] win32: BINDInstall.exe is now linked statically.
2192. [port] win32: use vcredist_x86.exe to install Visual
Studio's redistributable dlls if building with
Visual Stdio 2005 or later.
2191. [func] named-checkzone now allows dumping to stdout (-).
named-checkconf now has -h for help.
named-checkzone now has -h for help.
rndc now has -h for help.
Better handling of '-?' for usage summaries.
2190. [func] Make fallback to plain DNS from EDNS due to timeouts
more visible. New logging category "edns-disabled".
2189. [bug] Handle socket() returning EINTR. [RT #15949]
2188. [contrib] queryperf: autoconf changes to make the search for
libresolv or libbind more robust. [RT #16299]
2187. [bug] query_addds(), query_addwildcardproof() and
query_addnxrrsetnsec() should take a version
arguement. [RT #16368]
2186. [port] cygwin: libbind: check for struct sockaddr_storage
independently of IPv6. [RT #16482]
2185. [port] sunos: libbind: check for ssize_t, memmove() and
memchr(). [RT #16463]
2184. [bug] bind9.xsl.h didn't build out of the source tree.
2183. [bug] dnssec-signzone didn't handle offline private keys
well. [RT #16832]
2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
could return ISC_R_SUCCESS when they ran out of
memory. [RT #16365]
2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
2180. [cleanup] Remove bit test from 'compress_test' as they
are no longer needed. [RT #16497]
2179. [func] 'rndc command zone' will now find 'zone' if it is
unique to all the views. [RT #16821]
2178. [bug] 'rndc reload' of a slave or stub zone resulted in
a reference leak. [RT #16867]
2177. [bug] Array bounds overrun on read (rcodetext) at
debug level 10+. [RT #16798]
2176. [contrib] dbus update to handle race condition during
initialisation (Bugzilla 235809). [RT #16842]
2175. [bug] win32: windows broadcast condition variable support
was broken. [RT #16592]
2174. [bug] I/O errors should always be fatal when reading
master files. [RT #16825]
2173. [port] win32: When compiling with MSVS 2005 SP1 we also
need to ship Microsoft.VC80.MFCLOC.
--- 9.5.0a4 released ---
2172. [bug] query_addsoa() was being called with a non zone db.
2171. [bug] Handle breaks in DNSSEC trust chains where the parent
servers are not DS aware (DS queries to the parent
return a referral to the child).
2170. [func] Add acache processing to test suite. [RT #16711]
2169. [bug] host, nslookup: when reporting NXDOMAIN report the
given name and not the last name searched for.
2168. [bug] nsupdate: in non-interactive mode treat syntax errors
as fatal errors. [RT #16785]
2167. [bug] When re-using a automatic zone named failed to
attach it to the new view. [RT #16786]
--- 9.5.0a3 released ---
2166. [bug] When running in batch mode, dig could misinterpret
a server address as a name to be looked up, causing
unexpected output. [RT #16743]
2165. [func] Allow the destination address of a query to determine
if we will answer the query or recurse.
allow-query-on, allow-recursion-on and
allow-query-cache-on. [RT #16291]
2164. [bug] The code to determine how named-checkzone /
named-compilezone was called failed under windows.
2163. [bug] If only one of query-source and query-source-v6
specified a port the query pools code broke (change
2129). [RT #16768]
2162. [func] Allow "rrset-order fixed" to be disabled at compile
time. [RT #16665]
2161. [bug] Fix which log messages are emitted for 'rndc flush'.
2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
from getifaddrs(). [RT #16708]
--- 9.5.0a2 released ---
2159. [bug] Array bounds overrun in acache processing. [RT #16710]
2158. [bug] ns_client_isself() failed to initialise key
leading to a REQUIRE failure. [RT #16688]
2157. [func] dns_db_transfernode() created. [RT #16685]
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
resolver.c:validated() and resolver.c:cache_name().
Fix a memory leak in rbtdb.c:free_noqname().
Make lookup.c:lookup_find() robust against
event leaks. [RT #16685]
2155. [contrib] SQLite sdb module from jaboydjr at netwalk.com.
2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
matched in acls by omitting the scope. [RT #16599]
2153. [bug] nsupdate could leak memory. [RT #16691]
2152. [cleanup] Use sizeof(buf) instead of fixed number in
dighost.c:get_trusted_key(). [RT #16678]
2151. [bug] Missing newline in usage message for journalprint.
2150. [bug] 'rrset-order cyclic' uniformly distribute the
starting point for the first response for a given
RRset. [RT #16655]
2149. [bug] isc_mem_checkdestroyed() failed to abort on
if there were still active memory contexts.
2148. [func] Add positive logging for rndc commands. [RT #14623]
2147. [bug] libbind: remove potential buffer overflow from
hmac_link.c. [RT #16437]
2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
SO_BSDCOMPAT" message. [RT #16641]
2145. [bug] Check DS/DLV digest lengths for known digests.
2144. [cleanup] Suppress logging of SERVFAIL from forwarders.
2143. [bug] We failed to restart the IPv6 client when the
kernel failed to return the destination the
packet was sent to. [RT #16613]
2142. [bug] Handle master files with a modification time that
matches the epoch. [RT# 16612]
2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
equivalent of LDH checks). [RT #16609]
2140. [bug] libbind: missing unlock on pthread_key_create()
failures. [RT #16654]
2139. [bug] dns_view_find() was being called with wrong type
in adb.c. [RT #16670]
2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2137. [port] Mips little endian and/or mips 64 bit are now
supported for atomic operations. [RT#16648]
2136. [bug] nslookup/host looped if there was no search list
and the host didn't exist. [RT #16657]
2135. [bug] Uninitialised rdataset in sdlz.c. [RT# 16656]
2134. [func] Additional statistics support. [RT #16666]
2133. [port] powerpc: Support both IBM and MacOS Power PC
assembler syntaxes. [RT #16647]
2132. [bug] Missing unlock on out of memory in
2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
2130. [func] Log if CD or DO were set. [RT #16640]
2129. [func] Provide a pool of UDP sockets for queries to be
made over. See use-queryport-pool, queryport-pool-ports
and queryport-pool-updateinterval. [RT #16415]
2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
2126. [security] Serialise validation of type ANY responses. [RT #16555]
2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ
was defined. [RT #16574]
2124. [security] It was possible to dereference a freed fetch
context. [RT #16584]
--- 9.5.0a1 released ---
More information about the bind-announce