BIND 9.2.9 Release Candidate 1 is now available.

Mark Andrews Mark_Andrews at
Fri Sep 14 00:56:34 UTC 2007

		BIND 9.2.9 Release Candidate 1 is now available.

	BIND 9.2.9rc1 is a release candidate maintenance release for BIND 9.2.

*                                                                              *
*       BIND 9.2.9 will be the last maintenance release for BIND 9.2.          *
*                                                                              *

BIND 9.2.9rc1 can be downloaded from

The PGP signature of the distribution is at

The signature was generated with the ISC public key, which is
available at <>.

A binary kit for Windows 2000, Windows XP and Window 2003 is at

The PGP signature of the binary kit for Windows 2000, Windows XP and
Window 2003 is at

Changes since 9.2.0.

	--- 9.2.9rc1 released ---

2221.	[bug]		Set the event result code to reflect the actual
			record returned to caller when a cache update is
			rejected due to a more credible answer existing.
			[RT #17017]

2220.	[bug]		win32: Address a race condition in final shutdown of
			the Windows socket code. [RT #17028]
2218.	[bug]		Remove unnecessary REQUIRE from dns_validator_create().
			[RT #16976]

2214.	[bug]		Deregister OpenSSL lock callback when cleaning
			up. [RT #17098]

2210.	[bug]		Deleting class specific records via UPDATE could
			fail.  [RT #17074]

2209.	[port]		osx: linking against user supplied static OpenSSL
			libraries failed as the system ones were still being
			found. [RT #17078]

	--- 9.2.9b1 released ---

2208.	[port]		win32: make sure both build methods produce the
			same output. [RT #17058]

2205.	[bug]		libbind: change #2119 broke thread support. [RT #16982]

2203.	[security]	Query id generation was cryptographically weak.
			[RT # 16915]

2199.	[bug]		win32: don't call WSAStartup() while loading dlls.
			[RT #16911]

2198.	[bug]		win32: RegCloseKey() could be called when
			RegOpenKeyEx() failed. [RT #16911]

2197.	[bug]		Add INSIST to catch negative responses which are
			not setting the event result code appropriately.
			[RT #16909]

2196.	[port]		win32: yield processor while waiting for once to
			to complete. [RT #16958]

2194.	[bug]		Close journal before calling 'done' in xfrin.c.

2193.	[port]		win32: BINDInstall.exe is now linked statically.
			[RT #16906]

2192.	[port]		win32: use vcredist_x86.exe to install Visual
			Studio's redistributable dlls if building with
			Visual Stdio 2005 or later.

2189.	[bug]		Handle socket() returning EINTR. [RT #15949]

2186.	[port]		cygwin: libbind: check for struct sockaddr_storage
			independently of IPv6. [RT #16482]

2185.	[port]		sunos: libbind: check for ssize_t, memmove() and
			memchr(). [RT #16463]

2182.	[bug]		dns_dispatch_createtcp() and dispatch_createudp()
			could return ISC_R_SUCCESS when they ran out of
			memory. [RT #16365]

2181.	[port]		sunos: libbind: add paths.h from BIND 8. [RT #16462]

2177.	[bug]		Array bounds overrun on read (rcodetext). [RT #16798]

2176.	[contrib]	dbus update to handle race condition during
			initialisation (Bugzilla 235809). [RT #16842]

2175.	[bug]		win32: windows broadcast condition variable support
			was broken. [RT #16592]

2174.	[bug]		I/O errors should always be fatal when reading
			master files. [RT #16825]

2173.	[port]		win32: When compiling with MSVS 2005 SP1 we also
			need to ship Microsoft.VC80.MFCLOC.

2172.	[bug]		query_addsoa() was being called with a non zone db.
			[RT #16834]

2169.	[bug]		host, nslookup: when reporting NXDOMAIN report the
			given name and not the last name searched for.
			[RT #16763]

2168.	[bug]		nsupdate: in non-interactive mode treat syntax errors
			as fatal errors. [RT #16785]

2166.	[bug]		When running in batch mode, dig could misinterpret
			a server address as a name to be looked up, causing
			unexpected output. [RT #16743]

2161.	[bug]		'rndc flush' could report a false success. [RT #16698]

2156.	[bug]		Fix node reference leaks in lookup.c:lookup_find(),
			resolver.c:validated() and resolver.c:cache_name().
			Make lookup.c:lookup_find() robust against
			event leaks. [RT #16685]

2155.	[contrib]	SQLite sdb module from jaboydjr at
			[RT #16694]

2151.	[bug]		Missing newline in usage message for journalprint.
			[RT #16679]

2147.	[bug]		libbind: remove potential buffer overflow from
			hmac_link.c. [RT #16437]

2146.	[cleanup]	Silence Linux's spurious "obsolete setsockopt
			SO_BSDCOMPAT" message. [RT #16641]

2143.	[bug]		We failed to restart the IPv6 client when the
			kernel failed to return the destination the
			packet was sent to. [RT #16613]

2142.	[bug]		Handle master files with a modification time that
			matches the epoch. [RT# 16612]

2140.	[bug]		libbind: missing unlock on pthread_key_create()
			failures. [RT #16654]

2139.	[bug]		dns_view_find() was being called with wrong type
			in adb.c. [RT #16670]

2136.	[bug]		nslookup/host looped if there was no search list
			and the host didn't exist. [RT #16657]

2132.	[bug]		Missing unlock on out of memory in

2128.	[doc]		xsltproc --nonet, update DTD versions.  [RT #16635]

2127.	[port]		Improved OpenSSL 0.9.8 support. [RT #16563]

2120.	[doc]		Fix markup on nsupdate man page. [RT #16556]

2119.	[compat]	libbind: allow res_init() to succeed enough to
			return the default domain even if it was unable
			to allocate memory.

2118.	[bug]		Handle response with long chains of domain name
			compression pointers which point to other compression
			pointers. [RT #16427]

2116.	[bug]		'rndc reload' could cause the cache to continually
			be cleaned. [RT #16401]

2115.	[bug]		'rndc reconfig' could trigger a INSIST if the
			number of masters for a zone was reduced. [RT #16444]

2114.	[bug]		dig/host/nslookup: searches for names with multiple
			labels were failing. [RT #16447]

2113.	[bug]		nsupdate: if a zone is specified it should be used
			for server discover. [RT# 16455]
2112.	[security]	Warn if weak RSA exponent is used. [RT #16460]

2111.	[bug]		Fix a number of errors reported by Coverity.
			[RT #16507]

2110.	[bug]		"minimal-response yes;" interacted badly with BIND 8
			priming queries. [RT #16491]

2109.	[port]		libbind: silence aix 5.3 compiler warnings. [RT #16502]

	--- 9.2.8 released ---

2126.	[security]	Serialise validation of type ANY responses. [RT #16555]

	--- 9.2.7 released ---

2107.	[bug]		dighost.c: more cleanup of buffers. [RT #16499]

2103.	[port]		Add /usr/sfw to list of locations for OpenSSL
			under Solaris.

2102.	[port]		Silence solaris 10 warnings.

2101.	[bug]		OpenSSL version checks were not quite right.
			[RT #16476]

2100.	[port]		win32: copy libeay32.dll to Build\Debug.

2099.	[port]		win32: more manifiest issues.

	--- 9.2.7rc3 released ---

2096.	[bug]		libbind: handle applications that fail to detect
			res_init() failures better.

2095.	[port]		libbind: alway prototype inet_cidr_ntop_ipv6() and
			net_cidr_ntop_ipv6(). [RT #16388]
2094.	[contrib]	Update named-bootconf.  [RT# 16404]

2091.	[port]		dighost.c: race condition on cleanup. [RT #16417]

2090.	[port]		win32: Visual C++ 2005 command line manifest support.
			[RT #16417]

2089.	[security]	Raise the minimum safe OpenSSL versions to
			OpenSSL 0.9.7l and OpenSSL 0.9.8d.  Versions
			prior to these have known security flaws which
			are (potentially) exploitable in named. [RT #16391]

2088.	[security]	Change the default RSA exponent from 3 to 65537.
			[RT #16391]

2086.	[port]		libbind: FreeBSD now has get*by*_r() functions.
			[RT #16403]

2085.	[doc]		win32: added index.html and README to zip. [RT #16201]

2084.	[contrib]	dbus update for 9.3.3rc2.

2083.	[port]		win32: Visual C++ 2005 support.

2082.	[doc]		Document 'cache-file' as a test only option.

	--- 9.2.7rc2 released ---

2081.	[port]		libbind: minor 64-bit portability fix in memcluster.c.
			[RT #16360]

2080.	[port]		libbind: res_init.c did not compile on older versions
			of Solaris. [RT #16363]

2076.	[bug]		Several files were missing #include <config.h>
			causing build failures on OSF. [RT #16341]

	--- 9.2.7rc1 released ---

2071.	[port]		Test whether gcc accepts -fno-strict-aliasing.
			[RT #16324]

2070.	[bug]		The remote address was not always displayed when
			reporting dispatch failures. [RT #16315]

2069.	[bug]		Cross compiling was not working. [RT #16330]

2067.	[bug]		'rndc' could close the socket too early triggering
			a INSIST under Windows. [RT #16317]

2065.	[bug]		libbind: probe for HPUX prototypes for
			endprotoent_r() and endservent_r().  [RT 16313]

2064.	[bug]		libbind: silence AIX compiler warnings. [RT #16218]

2063.	[bug]		Change #1955 introduced a bug which caused the first
			'rndc flush' call to not free memory. [RT #16244]

2062.	[bug]		'dig +nssearch' was reusing a buffer before it had
			been returned by the socket code. [RT #16307]

2057.	[bug]		Make setting "ra" dependent on both allow-query and
			allow-recursion. [RT #16290]

2056.	[bug]		dig: ixfr= was not being treated case insensitively
			at all times. [RT #15955]

2055.	[bug]		Missing goto after dropping multicast query.
			[RT #15944]

2054.	[port]		freebsd: do not explicitly link against -lpthread.
			[RT #16170]

2053.	[port]		netbsd:libbind: silence compiler warnings. [RT #16220]

2050.	[bug]		Parsing of NSAP records was not case insensitive.
			[RT #16287]

2043.	[port]		nsupdate/nslookup: Force the flushing of the prompt
			for interactive sessions. [RT#16148]

2038.	[bug]		dig/nslookup/host was unlinking from wrong list
			when handling errors. [RT #16122]

2037.	[func]		When unlinking the first or last element in a list
			check that the list head points to the element to
			be unlinked. [RT #15959]

2034.	[bug]		gcc: set -fno-strict-aliasing. [RT #16124]

1941.	[bug]		ncache_adderesult() should set eresult even if no
			rdataset is passed to it. [RT #15642]

	--- 9.2.7b1 released ---

2030.	[bug]		We were being overly conservative when disabling
			openssl engine support. [RT #16030]

2028.	[port]		linux: socket.c compatability for old systems.
			[RT #16015]

2027.	[port]		libbind: Solaris x86 support. [RT #16020]

2026.	[bug]		Rate limit the recursive client exceeded message.
			[RT #16044]

2024.	[bug]		named emited spurious "zone serial unchanged"
			messages on reload. [RT #16027]

2023.	[bug]		"make install" should create ${localstatedir}/run and
			${sysconfdir} if they do not exist. [RT #16033]

2016.	[bug]		Return a partial answer if recursion is not
			allowed but requested and we had the answer
			to the original qname. [RT #15945]

2013.	[bug]		Handle unexpected TSIGs on unsigned AXFR/IXFR
			responses more gracefully. [RT #15941]

2009.	[bug]		libbind: coverity fixes. [RT #15808]

2005.	[bug]		libbind: Retransmission timeouts should be
			based on which attempt it is to the nameserver
			and not the nameserver itself. [RT #13548]

2004.	[bug]		dns_tsig_sign() could pass a NULL pointer to
			dst_context_destroy() when cleaning up after a
			error. [RT #15835]

2003.	[bug]		libbind: The DNS name/address lookup functions could
			occasionally follow a random pointer due to
			structures not being completely zeroed. [RT #15806]

2002.	[bug]		libbind: tighten the constraints on when
			struct addrinfo._ai_pad exists.  [RT #15783]

1997.	[bug]		Named was failing to replace negative cache entries
			when a positive one for the type was learnt.
			[RT #15818]

1994.	[port]		OpenSSL 0.9.8 support. [RT #15694]

1991.	[cleanup]	The configuration data, once read, should be treated
			as readonly.  Expand the use of const to enforce this
			at compile time. [RT #15813]

1990.	[bug]		libbind:  isc's override of broken gettimeofday()
			implementions was not always effective.
			[RT #15709]

1981.	[bug]		win32: condition.c:wait() could fail to reattain
			the mutex lock.

1979.	[port]		linux: allow named to drop core after changing
			user ids. [RT #15753]

1978.	[port]		Handle systems which have a broken recvmsg().
			[RT #15742]

1977.	[bug]		Silence noisy log message. [RT #15704]

1976.	[bug]		Handle systems with no IPv4 addresses. [RT #15695]

1975.	[bug]		libbind: isc_gethexstring() could misparse multi-line
			hex strings with comments. [RT #15814]

1974.	[doc]		List each of the zone types and associated zone
			options separately in the ARM.

1972.	[contrib]	DBUS dynamic forwarders integation from
			Jason Vas Dias <jvdias at>.

1971.	[port]		linux: make detection of missing IF_NAMESIZE more
			robust. [RT #15443]

1969.	[bug]		win32: the socket code was freeing the socket
			structure too early. [RT #15776]

1966.	[bug]		Don't set CD when we have fallen back to plain DNS.
			[RT #15727]

1962.	[bug]		Named failed to clear old update-policy when it
			was removed. [RT #15491]

1961.	[bug]		Check the port and address of responses forwarded
			to dispatch. [RT #15474]

1960.	[bug]		Update code should set NXT ttls from SOA MINIMUM.
			[RT #15465]

1958.	[bug]		Named failed to update the zone's secure state
			until the zone was reloaded. [RT #15412]

1957.	[bug]		Dig mishandled responses to class ANY queries.
			[RT #15402]

1956.	[bug]		Improve cross compile support, 'gen' is now built
			by native compiler.  See README for additional
			cross compile support information. [RT #15148]

1955.	[bug]		Pre-allocate the cache cleaning interator. [RT #14998]

1952.	[port]		hpux: tell the linker to build a runtime link
			path "-Wl,+b:". [RT #14816].

1951.	[security]	Drop queries from particular well known ports.
			Don't return FORMERR to queries from particular
			well known ports.  [RT #15636]
1950.	[port]		Solaris 2.5.1 and earlier cannot bind() then connect()
			a TCP socket. This prevents the source address being
			set for TCP connections. [RT #15628]

1948.	[bug]		If was possible to trigger a REQUIRE failure in
			xfrin.c:maybe_free() if named ran out of memory.
			[RT #15568]

1944.	[cleanup]	isc_hash_create() does not need a read/write lock.
			[RT #15522]

1943.	[bug]		Set the loadtime after rolling forward the journal.
			[RT #15647]

1940.	[bug]		Fixed a number of error conditions reported by

	--- 9.2.6 released ---

	--- 9.2.6rc1 released ---

1932.	[bug]		hpux: LDFLAGS was getting corrupted. [RT #15530]

	--- 9.2.6b2 released ---

1930.	[port]		HPUX: ia64 support. [RT #15473]

1929.	[port]		FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.

1926.	[bug]		BINDinstall was being installed in the wrong place.
			[RT #15483]

1925.	[port]		All outer level AC_TRY_RUNs need cross compiling
			defaults. [RT #15469]

1924.	[port]		libbind: hpux ia64 support. [RT #15473]

1923.	[bug]		ns_client_detach() called too early. [RT #15499]

	--- 9.2.6b1 released ---

1917.	[doc]		funcsynopsisinfo wasn't being treated as verbatim
			when generating man pages. [RT #15385]

1911.	[bug]		Update windows socket code. [RT #14965]

1905.	[bug]		Strings returned from cfg_obj_asstring() should be
                        treated as read-only.  [RT #15256]

1895.	[bug]		A escaped character is, potentially, converted to
			the output character set too early. [RT #14666]

1893.	[port]		Use uintptr_t if available. [RT #14606]

1889.	[port]		sunos: non blocking i/o support. [RT #14951]

1887.	[bug]		The cache could delete expired records too fast for
			clients with a virtual time in the past. [RT #14991]

1886.	[bug]		fctx_create() could return success even though it
			failed. [RT #14993]

1884.	[cleanup]	dighost.c: move external declarations into <dig/dig.h>.

1883.	[bug]		dnssec-signzone, dnssec-keygen, dnssec-signkey,
			dnssec-makekeyset: handle negative debug levels.
			[RT #14962]

1881.	[func]		Add a system test for named-checkconf. [RT #14931]

1877.	[bug]		Fix unreasonably low quantum on call to
			dns_rbt_destroy2().  Remove unnecessay unhash_node()
			call. [RT #14919]

1875.	[bug]		process_dhtkey() was using the wrong memory context
			to free some memory. [RT #14890]

1873.	[port]		win32: isc__errno2result() now reports its caller.
			[RT #13753]

1872.	[port]		win32: Handle ERROR_NETNAME_DELETED.  [RT #13753]

1871.	[bug]		dnssec_makekeyset and dnssec-signkey failed to
			initalize the hash context. [RT #13771]

1865.	[bug]		Silently ignore nameservers in /etc/resolv.conf with
			bad addresses. [RT #14841]

1861.	[bug]		dig could trigger a INSIST on certain malformed
			responses. [RT #14801]

1860.	[port]		solaris 2.8: hack_shutup_pthreadmutexinit was
			incorrectly set. [RT #14775]

1856.	[doc]		Switch Docbook toolchain from DSSSL to XSL.
			[RT #11398]

1854.	[bug]		lwres also needs to know the print format for
			(long long).  [RT #13754]

1850.	[bug]		Memory leak in lwres_getipnodebyaddr(). [RT #14591]

1849.	[doc]		All forms of the man pages (docbook, man, html) should
			have consistant copyright dates.

1848.	[bug]		Improve SMF integration. [RT #13238]

1847.	[bug]		isc_ondestroy_init() is called too late in
			[RT #13661]
1846.	[contrib]	query-loc-0.3.0 from Stephane Bortzmeyer
			<bortzmeyer at>.

1845.	[bug]		Improve error reporting to distingish between
			accept()/fcntl() and socket()/fcntl() errors.
			[RT #13745]

1844.	[bug]		inet_pton() accepted more that 4 hexadecimal digits
			for each 16 bit piece of the IPv6 address.  The text
			representation of a IPv6 address has been tighted
			to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
			[RT #5662]

1843.	[cleanup]	CINCLUDES takes precedence over CFLAGS.  This helps
			when CFLAGS contains "-I /usr/local/include"
			resulting in old header files being used.

1842.	[port]		cmsg_len() could produce incorrect results on
			some platform. [RT #13744]

1841.	[bug]		"dig +nssearch" now makes a recursive query to
			find the list of nameservers to query. [RT #13694]

1839.	[bug]		<isc/hash.h> was not being installed.

1838.	[cleanup]	Don't allow Linux capabilities to be inherited.
			[RT #13707]

1836.	[cleanup]	Silence compiler warnings in hash_test.c.

1835.	[bug]		Update dnssec-signzone's usage message. [RT #13657]

1834.	[bug]		Bad memset in rdata_test.c. [RT #13658]

1833.	[bug]		Race condition in isc_mutex_lock_profile(). [RT #13660]

1832.	[bug]		named fails to return BADKEY on unknown TSIG algorithm.
			[RT #13620]

1830.	[bug]		adb lame cache has sence of test reversed. [RT #13600]

1828.	[bug]		isc_rwlock_init() failed to properly cleanup if it
			encountered a error. [RT #13549]

1827.	[bug]		host: update usage message for '-a'. [RT #37116]

1826.	[bug]		Missing DESTROYLOCK() in isc_mem_createx() on out
			of memory error. [RT #13537]

1825.	[bug]		Missing UNLOCK() on out of memory error from in
			rbtdb.c:subtractrdataset(). [RT #13519]

1824.	[bug]		Memory leak on dns_zone_setdbtype() failure.
			[RT #13510]

1823.	[bug]		Wrong macro used to check for point to point interface.

1821.	[doc]		acls definitions are no longer required to be
			in named.conf prior to reference.  They can be
			defined after being referenced.

1820.	[bug]		Gracefully handle acl loops. [RT #13659]

1815.	[bug]		nsupdate triggered a REQUIRE if the server was set
			without also setting the zone and it encountered
			a CNAME and was using TSIG.  [RT #13086]

1810.	[bug]		configure, lib/bind/configure make different default
			decisions about whether to do a threaded build.
			[RT #13212]

1809.	[bug]		"make distclean" failed for libbind if the platform
			is not supported.

1807.	[bug]		When forwarding (forward only) set the active domain
			from the forward zone name. [RT #13526]
1804.	[bug]		Ensure that if we are queried for glue that it fits
			in the additional section or TC is set to tell the
			client to retry using TCP. [RT #10114]

1802.	[bug]		Handle connection resets better. [RT #11280]

	--- 9.2.5 released ---

	--- 9.2.5rc1 released ---

1812.	[port]		win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
			[RT #13453]

1808.	[bug]		zone.c:notify_zone() contained a race condition,
			zone->db could change underneath it.  [RT #13511]

	--- 9.2.5beta2 released ---

1800.	[bug]		Changes #1719 allowed a INSIST to be triggered.
			[RT #13428]

	--- 9.2.5beta1 released ---

1790.	[cleanup]	Move lib/dns/sec/dst up into lib/dns.  This should
			allow parallel make to succeed.

1789.	[bug]		Prerequisite test for tkey and dnssec could fail
			with "configure --with-libtool".

1787.	[port]		HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.

1786.	[port]		AIX: libt_api needs to be taught to look for
			T_testlist in the main executable (--with-libtool).
			[RT #13239]

1784.	[cleanup]	"libtool -allow-undefined" is the default.
			Leave hooks in configure to allow it to be set
			if needed in the future.

1783.	[cleanup]	We only need one copy of libtool.m4, in the
			source tree.

1782.	[port]		OSX: --with-libtool + --enable-libbind broke on
			__evOptMonoTime.  [RT #13219]

1781.	[port]		FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]

1780.	[bug]		Update libtool to 1.5.10.

1779.	[port]		OSF 5.1: libtool didn't handle -pthread correctly.

1778.	[port]		HUX 11.11: fix broken IN6ADDR_ANY_INIT and

1777.	[port]		OSF 5.1: fix broken IN6ADDR_ANY_INIT and

1776.	[port]		Solaris 2.9: fix broken IN6ADDR_ANY_INIT and

1775.	[bug]		Only compile getnetent_r.c when threaded. [RT #13205]

1774.	[port]		Aix: Silence compiler warnings / build failures.
			[RT #13154]

1773.	[bug]		Fast retry on host / net unreachable. [RT #13153]

1772.	[bug]		Change #1740 needed more work in 9.2 as bit-labels
			are still supported. [RT #13015]

1771.	[bug]		Built-in zones did not have SOA or NS records.
			[RT #13015]

1770.	[bug]		named-checkconf failed to report missing a missing
			file clause for rbt{64} master/hint zones. [RT#13009]

1769.	[port]		win32: change compiler flags /MTd ==> /MDd,
			/MT ==> /MD.

1767.	[port]		Builds on IPv6 platforms without IPv6 Advanced API
			support for (struct in6_pktinfo) failed.  [RT #13077]

1766.	[bug]		Update the master file timestamp on successful refresh
			as well as the journal's timestamp. [RT# 13062]

1764.	[bug]		dns_zone_replacedb failed to emit a error message
			if there was no SOA record in the replacment db.
			[RT #13016]

1760.	[bug]		Host / net unreachable was not penalising rtt
			estimates. [RT #12970]

1753.	[bug]		Don't serve a slave zone which has no NS records.
			[RT #12894]

1752.	[port]		Move isc_app_start() to after ns_os_daemonise()
			as some fork() implementations unblock the signals
			that are blocked by isc_app_start(). [RT #12810]

1750.	[port]		lib/bind/make/ was not bash friendly.
			[RT #12864]

1747.	[bug]		BIND 8 compatability: named/named-checkconf failed
			to parse "host-statistics-max" in named.conf.

1744.	[bug]		If tuple2msgname() failed to convert a tuple to
			a name a REQUIRE could be triggered. [RT #12796]

1743.	[bug]		If isc_taskmgr_create() was not able to create the
			requested number of worker threads then destruction
			of the manager would trigger an INSIST() failure.
			[RT #12790]
1742.	[bug]		Deleting all records at a node then adding a
			previously existing record, in a single UPDATE
			transaction, failed to leave / regenerate the
			associated SIG records. [RT #12788]

1741.	[bug]		Deleting all records at a node in a secure zone
			using a update-policy grant failed. [RT #12787]

1740.	[bug]		Replace rbt's hash algorithm as it performed badly
			with certain zones. [RT #12729]
			NOTE: a hash context now needs to be established
			via isc_hash_create() if the application was not
			already doing this.

1739.	[bug]		dns_rbt_deletetree() could incorrectly return
			ISC_R_QUOTA.  [RT #12695]

1738.	[bug]		Enable overrun checking by default. [RT #12695]

1734.	[cleanup]	'rndc-confgen -a -t' remove extra '/' in path.
			[RT #12588]

1733.	[bug]		Return non-zero exit status on initial load failure.
			[RT #12658]

1731.	[port]		darwin: relax version test in
			[RT #12581]

1730.	[port]		Determine the length type used by the socket API.
			[RT #12581]

1726.	[port]		aix5: add support for aix5.

1725.	[port]		linux: update error message on interaction of threads,
			capabilities and setuid support (named -u). [RT #12541]

1723.	[cleanup]	Silence compiler warnings from t_tasks.c. [RT #12493]

1722.	[bug]		Don't commit the journal on malformed ixfr streams.
			[RT #12519]

1721.	[bug]		Error message from the journal processing were not
			always identifing the relevent journal. [RT #12519]

1720.	[bug]		'dig +chase' did not terminate on a RFC 2308 Type 1
			negative response. [RT #12506]

1719.	[bug]		named was not correctly caching a RFC 2308 Type 1
			negative response. [RT #12506]

1718.	[bug]		nsupdate was not handling RFC 2308 Type 3 negative
			responses when looking for the zone / master server.
			[RT #12506]

1717.	[port]		solaris: did not support Solaris 10.
			" down" didn't work for Solaris 9.

1716.	[doc]		named.conf(5) was being installed in the wrong
			location.  [RT# 12441]

1714.	[bug]		dig/host/nslookup were only trying the first
			address when a nameserver was specified by name.
			[RT #12286]

1713.	[port]		linux: extend capset failure message to say:
			please ensure that the capset kernel module is
			loaded.  see insmod(8)

	--- 9.2.4 released ---

	--- 9.2.4rc8 released ---

1709.	[port]		solaris: add SMF support from Sun.

1708.	[cleanup]	Replaced dns_fullname_hash() with dns_name_fullhash()
			for conformance to the name space convention.  Binary
			backward compatibility to the old function name is
			provided. [RT #12376]

1707.	[contrib]	sdb/ldap updated to version 1.0-beta.

1704.	[port]		lwres needed a snprintf() implementation for
			platforms without snprintf(). [RT #12321]

1701.	[doc]		A minimal named.conf man page.

1700.	[func]		nslookup is no longer to be treated as deprecated.
			Remove "deprecated" warning message.  Add man page.

1698.	[doc]		Use reserved IPv6 documentation prefix.

	--- 9.2.4rc7 released ---

1694.	[bug]		Report if the builtin views of "_default" / "_bind"
			are defined in named.conf. [RT #12023]

1692.	[bug]		Don't set -I, -L and -R flags when libcrypto is in
			/usr/lib. [RT #11971]

1691.	[bug]		sdb's attachversion was not complete. [RT #11990]

1690.	[bug]		Delay detaching view from the client until UPDATE
			processing completes when shutting down. [RT #11714]

1689.	[bug]		DNS_NAME_TOREGION() macros contained a gratuitous
			semicolons. [RT #11707]

1688.	[bug]		LDFLAGS was not supported.

1687.	[bug]		Race condition in dispatch. [RT #10272]

1686.	[bug]		Named sent a extraneous NOTIFY when it received a
			redundant UPDATE request. [RT #11943]

	--- 9.2.4rc6 released ---

1685.	[bug]		Change #1679 loop tests weren't quite right.

1682.	[port]		Update configure test for (long long) printf format.
			[RT #5066]

1681.	[bug]		Only set SO_REUSEADDR when a port is specified in
			isc_socket_bind(). [RT #11742]

1679.	[bug]		When there was a single nameserver with multiple
			addresses for a zone not all addresses were tried.
			[RT #11706]

1672.	[cleanup]	Tests which only function in a threaded build
			now return R:THREADONLY (rather than R:UNTESTED)
			in a non-threaded build.

1671.	[contrib]	queryperf: add NAPTR to the list of known types.

1669.	[bug]		Restore "update forwarding denied" log messages
			accidentally suppressed by change #1633. [RT# 11657]

1660.	[bug]		win32: connection_reset_fix() was being called
			unconditionally.  [RT #11595]

	--- 9.2.4rc5 released ---

1655.	[bug]		Logging multiple versions w/o a size was broken.
			[RT #11446]

1654.	[bug]		isc_result_totext() contained array bounds read

1650.	[bug]		dig, nslookup: flush standard out after each command.

1649.	[bug]		Silence "unexpected non-minimal diff" message.
			[RT #11206]

1646.	[bug]		win32: logging file versions didn't work with
			non-UNC filenames.  [RT#11486]

1644.	[bug]		Update the journal modification time after a
			sucessfull refresh query. [RT #11436]

1643.	[bug]		dns_db_closeversion() could leak memory / node
			references. [RT #11163]

	--- 9.2.4rc4 released ---

1640.	[bug]		win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
			incorrectly closing the socket.  [RT #11291]

1634.	[bug]		named didn't supply a useful error message when it
			detected duplicate views.  [RT #11208]

1633.	[bug]		named should return NOTIMP to update requests to a
			slaves without a allow-update-forwarding acl specified.
			[RT #11331]

1632.	[bug]		nsupdate failed to send prerequisite only UPDATE
			messages. [RT #11288]

1627.	[bug]		win32: sockets were not being closed when the
			last external reference was removed. [RT# 11179]

	--- 9.2.4rc3 released ---

1623.	[bug]		A serial number of zero was being displayed in the
			"sending notifies" log message when also-notify was
			used. [RT #11177]

1621.	[bug]		match-destinations did not work for IPv6 TCP queries.
			[RT# 11156]

1619.	[bug]		Missing ISC_LIST_UNLINK in end_reserved_dispatches().
			[RT# 11118]

1617.	[port]		win32: VC++ 6.0 support.

1616.	[compat]	Ensure that named's version is visible in the core
			dump. [RT #11127]

1615.	[port]		Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
			it is defined.

1614.	[port]		win32: silence resource limit messages. [RT# 11101]

1610.	[bug]		On dual stack machines "dig -b" failed to set the
			address type to be looked up with "@server".
			[RT #11069]

1600.	[bug]		Duplicate zone pre-load checks were not case

1599.	[bug]		Fix memory leak on error path when checking named.conf.

	--- 9.2.4rc2 released ---

1607.	[bug]		dig, host and nslookup were still using random()
			to generate query ids. [RT# 11013]

1604.	[bug]		A xfrout_ctx_create() failure would result in
			xfrout_ctx_destroy() being called with a
			partially initialized structure.
1603.	[bug]		nsupdate: set interactive based on isatty().
			[RT# 10929]

1602.	[bug]		Logging to a file failed unless a size was specified.
			[RT# 10925]

1601.	[bug]		Silence spurious warning 'both "recursion no;" and 
			"allow-recursion" active' warning from view "_bind".
			[RT# 10920]

1455.   [bug]           <netaddr> missing from server grammar in
                        doc/misc/options. [RT #5616]

1593.	[bug]		rndc should return "unknown command" to unknown
			commands. [RT# 10642]

	--- 9.2.4rc1 released ---

1592.	[bug]		configure_view() could leak a dispatch. [RT# 10675]

1591.	[bug]		libbind: updated to BIND 8.4.5.

1590.	[port]		netbsd: update thread support.

1588.	[bug]		win32: TCP sockets could become blocked. [RT #10115]

1587.	[bug]		dns_message_settsigkey() failed to clear existing key.
			[RT #10590]

1585.	[bug]		allow-v6-synthesis was not performing lookups under
			IP6.INT.  allow-v6-synthesis now performs a nibble
			lookups under IP6.ARPA rather than a bitstring lookups.
			[RT #10497]

			NOTE: allow-v6-synthesis has been deprecated.

1584.	[bug]		"make test" failed with a read only source tree.
			[RT #10461]

1583.	[bug]		Records add via UPDATE failed to get the correct trust
			level. [RT #10452]

1582.	[bug]		rrset-order failed to work on RRsets with more
			than 32 elements. [RT #10381]

1580.	[bug]		Zone destruction on final detach takes a long time.
			[RT #3746]

1579.	[bug]		Multiple task managers could not be created.

1578.	[bug]		Don't use CLASS E IPv4 addresses when resolving.
			[RT #10346]

1577.	[bug]		Use isc_uint32_t in ultrasparc optimizer bug
			workaround code. [RT #10331]

1576.	[bug]		Race condition in dns_dispatch_addresponse().
			[RT# 10272]

1574.	[bug]		Don't attempt to open the controls socket(s) when
			running tests. [RT #9091]

1573.	[port]		linux: update to libtool 1.5.2 so that
			"make install DESTDIR=/xx" works with
			"configure --with-libtool".  [RT #9941]

1572.	[bug]		nsupdate: sign the soa query to find the enclosing
			zone if the server is specified. [RT #10148]

1571.	[bug]		rbt:hash_node() could fail leaving the hash table
			in an inconsistent state.  [RT #10208]

1570.	[bug]		nsupdate failed to handle classes other than IN.
			New keyword 'class' which sets the default class.
			[RT #10202]

1568.	[bug]		nsupdate now reports that the update failed in
			interactive mode. [RT# 10236]

1567.	[bug]		B.ROOT-SERVERS.NET is now

1566.	[port]		Support for the cmsg framework on Solaris and HP/UX.
			This also solved the problem that match-destinations
			for IPv6 addresses did not work on these systems.
			[RT #10221]

1563.	[bug]		Gracefully fail when unable to obtain neither an IPv4
			nor an IPv6 dispatch. [RT #10230]

1562.	[bug]		isc_socket_create() and isc_socket_accept() could
			leak memory under error conditions. [RT #10230]

1561.	[bug]		It was possible to release the same name twice if
			named ran out of memory. [RT #10197]

1559.	[port]		named should ignore SIGFSZ.

1556.	[bug]		nsupdate now treats all names as fully qualified.
			[RT #6427]

1553.	[bug]		The windows socket code could stop accepting

1552.	[bug]		Accept NOTIFY requests from mapped masters if
			matched-mapped is set. [RT #10049]

1551.	[port]		Open "/dev/null" before calling chroot().

1550.	[port]		Call tzset(), if available, before calling chroot().

1547.	[bug]		Named wasted memory recording duplicate lame zone
			entries. [RT #9341]

1546.	[bug]		We were rejecting valid secure CNAME to negative

1545.	[bug]		It was possible to leak memory if named was unable to
			bind to the specified transfer source and TSIG was
			being used. [RT #10120]

1544.	[bug]		Named would logged a single entry to a file despite it
			being over the specified size limit.

1543.	[bug]		Logging using "versions unlimited" did not work.

1542.	[bug]		Reversed timestamp sanity test on SIG. [RT #10095]

1540.	[bug]		"rndc reload <dynamiczone>" was silently accepted.
			[RT #8934]

1539.	[bug]		Open UDP sockets for notify-source and transfer-source
			that use reserved ports at startup. [RT #9475]

1536.	[bug]		Windows socket code failed to log a error description
			when returning ISC_R_UNEXPECTED. [RT #9998]

1535.	[bug]		dig -x of a partial IPv4 address broken. [RT# 9949]

1534.	[bug]		Race condition when priming cache. [RT# 9940]

1533.	[func]		Warn if both "recursion no;" and "allow-recursion"
			are active. [RT# 4389]

1532.	[port]		netbsd: the configure test for <sys/sysctl.h>
			requires <sys/param.h>.

1531.	[port]		AIX more libtool fixes.

1530.	[bug]		It was possible to trigger a INSIST() failure if a
			slave master file was removed at just the correct
			moment. [RT #9462]

1529.	[bug]		"notify explicit;" failed to log that NOTIFY messages
			were being sent for the zone. [RT #9442]

1025.	[bug]		Don't use multicast addresses to resolve iterative
			queries. [RT #101]

	--- 9.2.3 released ---

1525.	[bug]		dns_cache_create() could trigger a REQUIRE
			failure in isc_mem_put() during error cleanup.

1524.	[port]		AIX needs to be able to resolve all symbols when
			creating shared libraries (--with-libtool).

1523.	[bug]		Fix race condition in rbtdb. [RT# 9189]

1522.	[bug]		dns_db_findnode() relax the requirements on 'name'.
			[RT# 9286]

1518.	[bug]		dns_nxt_buildrdata(), and hence dns_nxt_build(),
			contained a off-by-one error when working out the
			number of octets in the bitmap.

1514.	[bug]		named: isc_hash_destroy() was being called too early.
			[RT #9160]

1513.	[doc]		Add "US" to root-delegation-only exclude list.

	--- 9.2.3rc4 released ---

1512.	[bug]		Extend the delegation-only logging to return query
			type, class and responding nameserver.

1511.	[bug]		delegation-only was generating false positives
			on negative answers from subzones.

	--- 9.2.3rc3 released ---

1510.	[func]		New view option "root-delegation-only".  Apply
			delegation-only check to all TLDs and root.
			Note there are some TLDs that are NOT delegation
			only (e.g. DE, LV, US and MUSEUM) these can be excluded
			from the checks by using exclude.

			root-delegation-only exclude {
				"DE"; "LV"; "US"; "MUSEUM";

1509.	[bug]		Hint zones should accept delegation-only.  Forward
			zone should not accept delegation-only.

1508.	[bug]		Don't apply delegation-only checks to answers from

1507.	[bug]		Handle BIND 8 style returns to NS queries to parents
			when making delegation-only checks.

1506.	[bug]		Wrong return type for dns_view_isdelegationonly().

	--- 9.2.3rc2 released ---

1505.	[bug]		Uninitialized rdataset in sdb. [RT #8750]

1504.	[func]		New zone type "delegation-only".

1503.	[port]		win32: install libeay32.dll outside of system32.

	--- 9.2.3rc1 released ---

1499.	[bug]		isc_random need to be seeded better if arc4random()
			is not used.

1498.	[port]		bsdos: 5.x support.

1497.	[protocol]	dig, nslookup and host now perform nibble lookups
			under IP6.ARPA, use -i for IP6.INT (dig and host).
			lwres now uses IP6.ARPA.

1496.	[port]		test for pthread_attr_setstacksize().

1495.	[cleanup]	Replace hash functions with universal hash.

1494.	[security]	Turn on RSA BLINDING as a precaution.

1493.	[doc]		A6 and "bitstring" labels are now experimental.

1492.	[cleanup]	Preserve rwlock quota context when upgrading /
			downgrading. [RT #5599]

1491.	[bug]		dns_master_dump*() would produce extraneous $ORIGIN
			lines. [RT #6206]

1490.	[bug]		Accept reading state as well as working state in
			ns_client_next(). [RT #6813]

1489.	[compat]	Treat 'allow-update' on slave zones as a warning.
			[RT #3469]

1488.	[bug]		Don't override trust levels for glue addresses.
			[RT #5764]

1487.	[bug]		A REQUIRE() failure could be triggered if a zone was
			queued for transfer and the zone was then removed.
			[RT #6189]

1486.	[bug]		isc_print_snprintf() '%%' consumed one too many format
			characters. [RT# 8230]

1485.	[bug]		gen failed to handle high type values. [RT #6225]

1484.	[bug]		The number of records reported after a AXFR was wrong.
			[RT #6229]

1483.	[bug]		dig axfr failed if the message id in the answer failed
			to match that in the request.  Only the id in the first
			message is required to match. [RT #8138]

1482.	[bug]		named could fail to start if the kernel supports
			IPv6 but no interfaces are configured.  Similarly
			for IPv4. [RT #6229]

1481.	[bug]		Refresh and stub queries failed to use masters keys
			if specified. [RT #7391]

1480.	[bug]		Provide replay protection for rndc commands.  Full
			replay protection requires both rndc and named to
			be updated.  Partial replay protection (limited
			exposure after restart) is provided if just named
			is updated.

1479.	[bug]		cfg_create_tuple() failed to handle out of
			memory cleanup.  parse_list() would leak memory
			on syntax errors.

1478.	[port] didn't account for other virtual
			interfaces.  It now takes a optional argument
			to specify the first interface number. [RT #3907]

1477.	[bug]		memory leak using stub zones and TSIG.

1476.	[port]		win32: port unreachables were blocking further i/o
			on sockets (Windows 2000 SP2 and later).

1473.	[bug]		create_map() and create_string() failed to handle out
			of memory cleanup.  [RT #6813]

1472.	[contrib]	idnkit-1.0 from JPNIC, replaces mdnkit.

1471.	[bug]		libbind: updated to BIND 8.4.0.

1470.	[bug]		Incorrect length passed to snprintf. [RT #5966]

1466.	[bug]		lwresd configuration errors resulted in memory
			and lock leaks.  [RT #5228]

1465.	[bug]		isc_base64_decodestring() and isc_base64_tobuffer()
			failed to check that trailing bits were zero allowing
			some invalid base64 strings to be accepted.  [RT #5397]

1464.	[bug]		Preserve "out of zone" data for outgoing zone
			transfers. [RT #5192]

1463.	[bug]		dns_rdata_from{wire,struct}() failed to catch bad
			NXT bit maps. [RT #5577]

1462.	[bug]		parse_sizeval() failed to check the token type.
			[RT #5586]

1461.	[bug]		Remove deadlock from rbtdb code. [RT #5599]

1460.	[bug]		inet_pton() failed to reject certain malformed
			IPv6 literals.

1459.	[bug]		win32: we were leaking a bits in the exception
			fd_set resulting in "Socket operation on non-socket"
			errors from select(). [RT #2966]

1456.	[contrib] from Stephane Bortzmeyer.

1453.	[doc]		ARM: $GENERATE example wasn't accurate. [RT #5298]

1452.	[bug]		Bad #ifdef, ISC_RFC2335 -> ISC_RFC2535.

1451.	[bug]		rndc-confgen didn't exit with a error code for all
			failures. [RT #5209]

1450.	[bug]		Fetching expired glue failed under certain
			circumstances.  [RT #5124]

1449.	[bug]		query_addbestns() didn't handle running out of memory

1448.	[bug]		Handle empty wildcards labels.

1447.	[bug]		We were casting (unsigned int) to and from (void *).
			rdataset->private4 is now rdataset->privateuint4
			to reflect a type change.

1445.	[bug]		DNS_ADBFIND_STARTATROOT broke stub zones.  This has
			been replaced with DNS_ADBFIND_STARTATZONE which
			causes the search to start using the closest zone.

1439.	[bug]		Named could return NOERROR with certain NOTIFY
			failures.  Return NOTAUTH if the NOTIFY zone is
			not being served.

1435.	[bug]		zmgr_resume_xfrs() was being called read locked
			rather than write locked.  zmgr_resume_xfrs()
			was not being called if the zone was being

1437.	[bug]		Leave space for stdio to work in. [RT #5033]

1434.	[bug]		"rndc reconfig" failed to initiate the initial
			zone transfer of new slave zones.

1431.	[bug]		isc_print_snprintf() "%s" with precision could walk off
			end of argument. [RT #5191]

1429.	[bug]		Prevent the cache getting locked to old servers.

1424.	[bug]		EDNS version not being correctly printed.

1423.	[contrib]	queryperf: added A6 and SRV.

1420.	[port]		solaris: work around gcc optimizer bug.

1419.	[port]		openbsd: use /dev/arandom. [RT #4950]

1418.	[bug]		'rndc reconfig' did not cause new slaves to load.

1416.	[bug]		Empty node should return NOERROR NODATA, not NXDOMAIN.
			[RT #4715]

1411.	[bug]		empty nodes should stop wildcard matches. [RT #4802]

1408.	[bug]		"make distclean" was not complete. [RT #4700]

1407.	[bug]		lfsr incorrectly implements the shift register.
			[RT #4617]

1406.	[bug]		dispatch initializes one of the LFSR's with a incorrect
			polynomial.  [RT #4617]

1405.	[func]		Use arc4random() if available.

1401.	[bug]		adb wasn't clearing state when the timer expired.

1399.	[bug]		Use serial number arithmetic when testing SIG
			timestamps. [RT #4268]

1397.	[bug]		J.ROOT-SERVERS.NET is now

1389.	[bug]		named could fail to rotate long log files.  [RT #3666]

1388.	[port]		irix: check for sys/sysctl.h and NET_RT_IFLIST before
			defining HAVE_IFLIST_SYSCTL. [RT #3770]

1387.	[bug]		named could crash due to an access to invalid memory
			space (which caused an assertion failure) in
			incremental cleaning.  [RT #3588]

1385.	[bug]		Setting serial-query-rate to 10 would trigger a
			REQUIRE failure.

1384.	[bug]		host was incompatible with BIND 8 in its exit code and
			in the output with the -l option.  [RT #3536]

1373.	[bug]		Recovery from expired glue failed under certain

1372.	[bug]		named crashes with an assertion failure on exit when
			sharing the same port for listening and querying, and
			changing listening addresses several times. [RT# 3509]

1370.	[bug]		dig '+[no]recurse' was incorrectly documented.

1369.	[bug]		Adding an NS record as the lexicographically last
			record in a secure zone didn't work.

1366.	[contrib]	queryperf usage was incomplete.  Add '-h' for help.

1348.	[port]		win32: Rewrote code to use I/O Completion Ports
			in socket.c and eliminating a host of socket
			errors. Performance is enhanced.

1333.	[contrib]	queryperf now reports a summary of returned
			rcodes (-c), rcodes are printed in mnemonic form (-v).

1299.	[bug]		Set AI_ADDRCONFIG when looking up addresses
			via getaddrinfo() (affects dig, host, nslookup, rndc
			and nsupdate).

1199.	[doc]		ARM reference to RFC 2157 should have been RFC 1918.
			[RT #2436]

1122.	[tuning]	Resolution timeout reduced from 90 to 30 seconds.
			[RT #2046]

 992.	[doc]		dig: ~/.digrc is now documented.

	--- 9.2.2 released ---

1428.	[port]		hpux: temporary work around of hpux 11.11 interface

1427.	[bug]		Race condition in adb with threaded build.

1426.	[cleanup]	Disable RFC2535 style DNSSEC.  This is incompatible
			with the forthcoming DS style DNSSEC.

1425.	[port]		linux/libbind: define __USE_MISC when testing *_r()
			function prototypes in netdb.h.  [RT #4921]

1395.	[port]		OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
			have a working implementation.  [RT #4079]

1382.	[bug]		make install failed with --enable-libbind. [RT #3656]

1381.	[bug]		named failed to correctly process answers that
			contained DNAME records where the resulting CNAME
			resulted in a negative answer.

	--- 9.2.2rc1 released ---

1360.	[bug]		--enable-libbind would fail when not built in the
			source tree for certain OS's.

1359.	[security]	Support patches OpenSSL libraries.

1358.	[bug]		It was possible to trigger a INSIST when debugging
			large dynamic updates. [RT #3390]

1357.	[bug]		nsupdate was extremely wasteful of memory.

1356.	[tuning]	Reduce the number of events / quantum for zone tasks.

1354.	[doc]		lwres man pages had illegal nroff.

1353.	[contrib]	sdb/ldap to version 0.9.

1352.	[bug]		dig, host, nslookup when falling back to TCP use the
			current search entry (if any). [RT #3374]

1351.	[bug]		lwres_getipnodebyname() returned the wrong name
			when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
			was set.

1350.	[bug]		dns_name_fromtext() failed to handle too many labels

1349.	[security]	Minimum OpenSSL version now 0.9.6e (was 0.9.5a).

1346.	[bug]		Win32: select timeout in socket.c was too small
			as value given was meant to be milliseconds and
			timeval structure requires microseconds. This
			caused high CPU loads with a compute bound loop.
			[RT #3358]

1345.	[port]		Use a explicit -Wformat with gcc.  Not all versions
			include it in -Wall.

1340.	[bug]		Delay and spread out the startup refresh load.

1335.	[bug]		When performing a nonexistence proof, the validator
			should discard parent NXTs from higher in the DNS.

1334.	[bug]		When signing/verifying rdatasets, duplicate rdatas
			need to be suppressed.

1330.	[bug]		When processing events (non-threaded) only allow
			the task one chance to use to use its quantum.

1327.	[bug]		The validator would incorrectly mark data as insecure
			when seeing a bogus signature before a correct

1326.	[bug]		DNAME/CNAME signatures were not being cached when
			validation was not being performed. [RT #3284]

1325.	[bug]		If the tcpquota was exhausted it was possible to
			to trigger a INSIST() failure.

1324.	[port]		darwin: now supports darwin.

1323.	[port]		linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]

1320.	[doc]		query-source-v6 was missing from options section.
			[RT #3218]

1319.	[func]		libbind: log attempts to exploit #1318.

1318.	[bug]		libbind: Remote buffer overrun.

1317.	[port]		libbind: TrueUNIX 5.1 does not like __align as a
			element name.

1316.	[bug]		libbind: gethostans() could get out of sync parsing
			the response if there was a very long CNAME chain.

1315.	[bug]		Options should apply to the internal _bind view.

1314.	[port]		Handle ECONNRESET from sendmsg() [unix].

1311.	[bug]		lwres_getrrsetbyname leaked memory.  [RT #3159]

1310.	[bug]		'rndc stop' failed to cause zones to be flushed
			sometimes. [RT #3157]

1307.	[bug]		nsupdate: allow white space base64 key data.

1306.	[bug]		Badly encoded LOC record when the size, horizontal
			precision or vertical precision was 0.1m.

1305.	[bug]		Document that internal zones are included in the
			rndc status results.

1298.	[bug]		The CINCLUDES macro in lib/dns/sec/dst/Makefile
			could be left with a trailing "\" after configure
			has been run.

1297.	[port]		linux: make handling EINVAL from socket() no longer
			conditional on #ifdef LINUX.

1296.	[bug]		isc_log_closefilelogs() needed to lock the log

1295.	[bug]		isc_log_setdebuglevel() needed to lock the log

1294.	[func]		libbind: no longer attempts bit string labels for
			IPv6 reverse resolution.  Try IP6.ARPA then IP6.INT
			for nibble style resolution.

1289.	[port]		See if -ldl is required for OpenSSL? [RT #2672]

1288.	[bug]		Adjusted REQUIRE's in lib/dns/name.c to better
			reflect written requirements.

1287.	[bug]		REQUIRE that DNS_DBADD_MERGE only be set when adding
			a rdataset to a zone db in the rbtdb implementation of

1286.	[bug]		dns_name_downcase() enforce requirement that
			target != NULL or name->buffer != NULL.

1284.	[bug]		The RTT estimate on unused servers was not aged.
			[RT #2569]

1282.	[port]		libbind: hpux 11.11 interface scanning.

1280.	[bug]		libbind: escape '(' and ')' when converting to
			presentation form.

1279.	[port]		Darwin uses (unsigned long) for size_t. [RT #2590]

1276.	[bug]		libbind: const pointer conflicts in res_debug.c.

1275.	[port]		libbind: hpux: treat all hpux systems as BIG_ENDIAN.

1274.	[bug]		Memory leak in lwres_gnbarequest_parse().

1273.	[port]		libbind: solaris: 64 bit binary compatibility.

1272.	[contrib]	Berkeley DB 4.0 sdb implementation from
			Nuno Miguel Rodrigues <nmr at>.

1270.	[bug]		Check that system inet_pton() and inet_ntop() support

1269.	[port]		Openserver: support.

1268.	[port]		Openserver: the value FD_SETSIZE depends on whether
			<sys/param.h> is included or not.  Be consistent.

			are not C++ compatible, use *_TYPE versions instead.

1265.	[bug]		libbind: LINK_INIT and UNLINK were not compatible with
			C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.

1263.	[bug]		Reference after free error if dns_dispatchmgr_create()

1262.	[bug]		ns_server_destroy() failed to set *serverp to NULL.

1261.	[func]		libbind: ns_sign2() and ns_sign_tcp() now provide
			support for compressed TSIG owner names.

1260.	[func]		libbind: res_update can now update IPv6 servers,
			new function res_findzonecut2().

1259.	[bug]		libbind: get_salen() IPv6 support was broken for OSs
			w/o sa_len.

1258.	[bug]		libbind: res_nametotype() and res_nametoclass() were

1257.	[bug]		Failure to write pid-file should not be fatal on
			reload. [RT #2861]

1256.	[contrib]	'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.

1255.	[bug]		When verifying that an NXT proves nonexistence, check
			the rcode of the message and only do the matching NXT
			check.  That is, for NXDOMAIN responses, check that
			the name is in the range between the NXT owner and
			next name, and for NOERROR NODATA responses, check
			that the type is not present in the NXT bitmap.

1253.	[bug]		The dnssec system test failed to remove the correct

1252.	[bug]		Dig, host and nslookup were not checking the address
			the answer was coming from against the address it was
			sent to. [RT# 2692]

1248.	[bug]		DESTDIR was not being propagated between makes.

1245.	[bug]		Treat ENOBUFS, ENOMEM and ENFILE as soft errors for

1242.	[bug]		named-checkzone failed if a journal existed. [RT #2657]

1241.	[bug]		Drop received UDP messages with a zero source port
			as these are invariably forged. [RT #2621]

1209.	[bug]		Dig, host, nslookup were not checking the message ids
			on the responses. [RT #2454]

1097.	[func]		libbind: RES_PRF_TRUNC for dig.

1096.	[func]		libbind: "DNSSEC OK" (DO) support.

1095.	[func]		libbind: resolver option: no-tld-query.  disables
			trying unqualified as a tld.  no_tld_query is also
			supported for FreeBSD compatibility.

1094.	[func]		libbind: add support gcc's format string checking.

1089.	[func]		libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6

	--- 9.2.1 released ---

1251.	[port]		win32: a make file contained absolute version specific

1249.	[bug]		Missing masters clause was not handled gracefully.
			[RT #2703]

1244.	[bug]		Receiving a TCP message from a blackhole address would
			prevent further messages being received over that

1178.	[bug]		Follow and cache (if appropriate) A6 and other
			data chains to completion in the additional section.

	--- 9.2.1rc2 released ---

1240.	[bug]		It was possible to leak zone references by
			specifying an incorrect zone to rndc.

1239.	[bug]		Under certain circumstances named could continue to
			use a name after it had been freed triggering
			INSIST() failures.  [RT #2614]

1238.	[bug]		It is possible to lockup the server when shutting down
			if notifies were being processed. [RT #2591]

1237.	[bug]		nslookup: "set q=type" failed.

1236.	[bug]		dns_rdata{class,type}_fromtext() didn't handle non
			NULL terminated text regions. [RT #2588]

1232.	[bug]		unix/errno2result() didn't handle EADDRNOTAVAIL.

1231.	[port]		HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.

1230.	[bug]		isccc_cc_isreply() and isccc_cc_isack() were broken.

1229.	[bug]		named would crash if it received a TSIG signed
			query as part of an AXFR response. [RT #2570]

1228.	[bug]		'make install' did not depend on 'make all'. [RT #2559]

1227.	[bug]		dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
			if a number was expected and some other token was
			found. [RT#2532]

1222.	[bug]		Specifying 'port *' did not always result in a system
			selected (non-reserved) port being used. [RT #2537]

1221.	[bug]		Zone types 'master', 'slave' and 'stub' were not being
			compared case insensitively. [RT #2542]

1218.	[bug]		Named incorrectly returned SERVFAIL rather than
			NOTAUTH when there was a TSIG BADTIME error. [RT #2519]

1216.	[bug]		Multiple server clauses for the same server were not
			reported.  [RT #2514]

1215.	[port]		solaris: add support to for x86 2.5.1

1214.	[bug]		Win32: isc_file_renameunique() could leave zero length
			files behind.

1212.	[port]		libbind: 64k answer buffers were causing stack space
			to be exceeded for certain OS.  Use heap space instead.

1211.	[bug]		dns_name_fromtext() incorrectly handled certain
			valid octal bitlabels. [RT #2483]

1210.	[bug]		libbind: getnameinfo() failed to lookup IPv4 mapped /
			compatible addresses. [RT #2461]

1208.	[bug]		dns_master_load*() failed to log a error message if
			an error was detected when parsing the ownername of
			a record.  [RT #2448]

	--- 9.2.1rc1 released ---

1207.	[bug]		libbind: getaddrinfo() could call freeaddrinfo() with
			an invalid pointer.

1206.	[bug]		SERVFAIL and NOTIMP responses to an EDNS query should
			trigger a non-EDNS retry.

1205.	[bug]		OPT, TSIG and TKEY cannot be used to set the "class"
			of the message. [RT #2449]

1204.	[bug]		libbind: res_nupdate() failed to update the name
			server addresses before sending the update.

1201.	[bug]		Require that if 'callbacks' is passed to
			dns_rdata_fromtext(), callbacks->error and
			callbacks->warn are initialized.

1200.	[bug]		Log 'errno' that we are unable to convert to
			isc_result_t. [RT #2404]

1198.	[bug]		OPT printing style was not consistent with the way the
			header fields are printed.  The DO bit was not reported
			if set.  Report if any of the MBZ bits are set.

1197.	[bug]		Attempts to define the same acl multiple times were not

1196.	[contrib]	update mdnkit to 2.2.3.

1195.	[bug]		Attempts to redefine builtin acls should be caught.
			[RT #2403]

1194.	[bug]		Not all duplicate zone definitions were being detected
			at the named.conf checking stage. [RT #2431]

1193.	[bug]		Best effort parsing didn't handle packet truncation.

1191.	[bug]		A dynamic update removing the last non-apex name in
			a secure zone would fail. [RT #2399]

1189.	[bug]		On some systems, malloc(0) returns NULL, which
			could cause the caller to report an out of memory
			error. [RT #2398]

1188.	[bug]		Dynamic updates of a signed zone would fail if
			some of the zone private keys were unavailable.

1186.	[bug]		isc_hex_tobuffer(,,length = 0) failed to unget the
			EOL token when reading to end of line.

1185.	[bug]		libbind: don't assume statp->_u._ext.ext is valid
			unless RES_INIT is set when calling res_*init().

1184.	[bug]		libbind: call res_ndestroy() if RES_INIT is set
			when res_*init() is called.

1183.	[bug]		Handle ENOSR error when writing to the internal
			control pipe. [RT #2395]

1182.	[bug]		The server could throw an assertion failure when
			constructing a negative response packet.

1176.	[doc]		Document that allow-v6-synthesis is only performed
			for clients that are supplied recursive service.
			[RT #2260]

1175.	[bug]		named-checkzone failed to call dns_result_register()
			at startup which could result in runtime
			exceptions when printing "out of memory" errors.
			[RT #2335]

1174.	[bug]		Win32: add WSAECONNRESET to the expected errors
			from connect(). [RT #2308]

1173.	[bug]		Potential memory leaks in isc_log_create() and
			isc_log_settag(). [RT #2336]

1172.	[doc]		Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
			table of RR types in ARM.

1170.	[bug]		Don't attempt to print the token when a I/O error
			occurs when parsing named.conf. [RT #2275]

1168.	[bug]		Empty also-notify clauses were not handled. [RT #2309]

1167.	[contrib]	nslint-2.1a3 (from author).

1166.	[bug]		"Not Implemented" should be reported as NOTIMP,
			not NOTIMPL. [RT #2281]

1165.	[bug]		We were rejecting notify-source{-v6} in zone clauses.

1164.	[bug]		Empty masters clauses in slave / stub zones were not
			handled gracefully. [RT #2262]

1162.	[bug]		The allow-notify option was not accepted in slave
			zone statements.

1161.	[bug]		named-checkzone looped on unbalanced brackets.
			[RT #2248]

1160.	[bug]		Generating Diffie-Hellman keys longer than 1024
			bits could fail. [RT #2241]

1156.	[port]		The configure test for strsep() incorrectly
			succeeded on certain patched versions of
			AIX 4.3.3. [RT #2190]

1154.	[bug]		Don't attempt to obtain the netmask of a interface
			if there is no address configured. [RT #2176]

1152.	[bug]		libbind: read buffer overflows.

1144.	[bug]		rndc-confgen would crash if both the -a and -t
			options were specified. [RT #2159]

1142.	[bug]		dnssec-signzone would fail to delete temporary files
			in some failure cases. [RT #2144]

1141.	[bug]		When named rejected a control message, it would
			leak a file descriptor and memory.  It would also
			fail to respond, causing rndc to hang.
			[RT #2139, #2164]

1140.	[bug]		rndc-confgen did not accept IPv6 addresses as arguments
			to the -s option. [RT #2138]

1136.	[bug]		CNAME records synthesized from DNAMEs did not
			have a TTL of zero as required by RFC2672.
			[RT #2129]

1125.	[bug]		rndc: -k option was missing from usage message.
			[RT #2057]

1124.	[doc]		dig: +[no]dnssec, +[no]besteffort and +[no]fail
			are now documented. [RT #2052]

1123.	[bug]		dig +[no]fail did not match description. [RT #2052]

1109.	[bug]		nsupdate accepted illegal ttl values.

1108.	[bug]		On Win32, rndc was hanging when named was not running
			due to failure to select for exceptional conditions
			in select(). [RT #1870]

1081.	[bug]		Multicast queries were incorrectly identified
			based on the source address, not the destination

1072.	[bug]		The TCP client quota could be exceeded when
			recursion occurred. [RT #1937]

1071.	[bug]		Sockets listening for TCP DNS connections
			specified an excessive listen backlog. [RT #1937]

1070.	[bug]		Copy DNSSEC OK (DO) to response as specified by

1014.	[bug]		Some queries would cause statistics counters to
			increment more than once or not at all. [RT #1321]

1012.	[bug]		The -p option to named did not behave as documented.

 988.	[bug]		'additional-from-auth no;' did not work reliably
			in the case of queries answered from the cache.
			[RT #1436]

 995.	[bug]		dig, host, nslookup: using a raw IPv6 address as a
			target address should be fatal on a IPv4 only system.

	--- 9.2.0 released ---

More information about the bind-announce mailing list