BIND 9.2.3rc3 is now available.
William Stacey
staceyw at mvps.org
Thu Sep 18 13:45:29 UTC 2003
Hi Mark. How does this handle the Verisign issue exactly (i.e. another
query for NS records, etc?) The text on the fix is a little short. Can't
Verisign get around this by returning a NS record that is just one of their
NS's that would have the wildcard record?
--
William Stacey
<Mark_Andrews at isc.org> wrote in message news:bk996e$aun$1 at sf1.isc.org...
>
> BIND 9.2.3rc3 is now available.
>
> In response to high demand from our users, ISC is releasing a patch for
BIND
> to support the declaration of "delegation-only" zones in caching/recursive
> name servers. Briefly, a zone which has been declared "delegation-only"
will
> be effectively limited to containing NS RRs for subdomains, but no actual
> data outside its apex (for example, its SOA RR and apex NS RRset). This
can
> be used to filter out "wildcard" or "synthesized" data from NAT boxes or
from
> authoritative name servers whose undelegated (in-zone) data is of no
interest.
>
> BIND 9.2.2rc2 can be downloaded from
>
> ftp://ftp.isc.org/isc/bind9/9.2.3rc2/bind-9.2.3rc2.tar.gz
>
> The PGP signature of the distribution is at
>
> ftp://ftp.isc.org/isc/bind9/9.2.3rc2/bind-9.2.3rc2.tar.gz.asc
>
> The signature was generated with the ISC public key, which is
> available at <http://www.isc.org/ISC/isckey.txt>.
>
> A binary kit for Windows NT 4.0 and Windows 2000 is at
>
> ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.2.3rc2/BIND9.2.3rc2.zip
>
> The PGP signature of the binary kit for Windows NT 4.0 and Windows 2000 is
at
>
> ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.2.3rc2/BIND9.2.3rc2.zip.asc
>
> A list of changes made since 9.2.0 follows. For earlier changes,
> see the file CHANGES in the distribution.
>
> --------
>
> --- 9.2.3rc2 released ---
>
> 1505. [bug] Uninitaliased rdataset is sdb. [RT #8750]
>
> 1504. [func] New zone type "delegation-only".
>
> 1503. [port] win32: install libeay32.dll outside of system32.
>
> --- 9.2.3rc1 released ---
>
> 1499. [bug] isc_random need to be seeded better if arc4random()
> is not used.
>
> 1498. [port] bsdos: 5.x support.
>
> 1497. [protocol] dig, nslookup and host now perform nibble lookups
> under IP6.ARPA, use -i for IP6.INT (dig and host).
> lwres now uses IP6.ARPA.
>
> 1496. [port] test for pthread_attr_setstacksize().
>
> 1495. [cleanup] Replace hash functions with universal hash.
>
> 1494. [security] Turn on RSA BLINDING as a precaution.
>
> 1493. [doc] A6 and "bitstring" labels are now experimental.
>
> 1492. [cleanup] Preserve rwlock quota context when upgrading /
> downgrading. [RT #5599]
>
> 1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
> lines. [RT #6206]
>
> 1490. [bug] Accept reading state as well as working state in
> ns_client_next(). [RT #6813]
>
> 1489. [compat] Treat 'allow-update' on slave zones as a warning.
> [RT #3469]
>
> 1488. [bug] Don't override trust levels for glue addresses.
> [RT #5764]
>
> 1487. [bug] A REQUIRE() failure could be triggered if a zone was
> queued for transfer and the zone was then removed.
> [RT #6189]
>
> 1486. [bug] isc_print_snprintf() '%%' consumed one too many format
> characters. [RT# 8230]
>
> 1485. [bug] gen failed to handle high type values. [RT #6225]
>
> 1484. [bug] The number of records reported after a AXFR was wrong.
> [RT #6229]
>
> 1483. [bug] dig axfr failed if the message id in the answer failed
> to match that in the request. Only the id in the first
> message is required to match. [RT #8138]
>
> 1482. [bug] named could fail to start if the kernel supports
> IPv6 but no interfaces are configured. Similarly
> for IPv4. [RT #6229]
>
> 1481. [bug] Refresh and stub queries failed to use masters keys
> if specified. [RT #7391]
>
> 1480. [bug] Provide replay protection for rndc commands. Full
> replay protection requires both rndc and named to
> be updated. Partial replay protection (limited
> exposure after restart) is provided if just named
> is updated.
>
> 1479. [bug] cfg_create_tuple() failed to handle out of
> memory cleanup. parse_list() would leak memory
> on syntax errors.
>
> 1478. [port] ifconfig.sh didn't account for other virtual
> interfaces. It now takes a optional arguement
> to specify the first interface number. [RT #3907]
>
> 1477. [bug] memory leak using stub zones and TSIG.
>
> 1476. [port] win32: port unreachables were blocking further i/o
> on sockets (Windows 2000 SP2 and later).
>
> 1473. [bug] create_map() and create_string() failed to handle out
> of memory cleanup. [RT #6813]
>
> 1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
>
> 1471. [bug] libbind: updated to BIND 8.4.0.
>
> 1470. [bug] Incorrect length passed to snprintf. [RT #5966]
>
> 1466. [bug] lwresd configuration errors resulted in memory
> and lock leaks. [RT #5228]
>
> 1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
> failed to check that trailing bits were zero allowing
> some invalid base64 strings to be accepted. [RT #5397]
>
> 1464. [bug] Preserve "out of zone" data for outgoing zone
> transfers. [RT #5192]
>
> 1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
> NXT bit maps. [RT #5577]
>
> 1462. [bug] parse_sizeval() failed to check the token type.
> [RT #5586]
>
> 1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
>
> 1460. [bug] inet_pton() failed to reject certain malformed
> IPv6 literals.
>
> 1459. [bug] win32: we were leaking a bits in the exception
> fd_set resulting in "Socket operation on non-socket"
> errors from select(). [RT #2966]
>
> 1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
>
> 1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
>
> 1452. [bug] Bad #ifdef, ISC_RFC2335 -> ISC_RFC2535.
>
> 1451. [bug] rndc-confgen didn't exit with a error code for all
> failures. [RT #5209]
>
> 1450. [bug] Fetching expired glue failed under certain
> circumstances. [RT #5124]
>
> 1449. [bug] query_addbestns() didn't handle running out of memory
> gracefully.
>
> 1448. [bug] Handle empty wildcards labels.
>
> 1447. [bug] We were casting (unsigned int) to and from (void *).
> rdataset->private4 is now rdataset->privateuint4
> to reflect a type change.
>
> 1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
> been replaced with DNS_ADBFIND_STARTATZONE which
> causes the search to start using the closest zone.
>
> 1439. [bug] Named could return NOERROR with certain NOTIFY
> failures. Return NOTAUTH if the NOTIFY zone is
> not being served.
>
> 1435. [bug] zmgr_resume_xfrs() was being called read locked
> rather than write locked. zmgr_resume_xfrs()
> was not being called if the zone was being
> shutdown.
>
> 1437. [bug] Leave space for stdio to work in. [RT #5033]
>
> 1434. [bug] "rndc reconfig" failed to initiate the initial
> zone transfer of new slave zones.
>
> 1431. [bug] isc_print_snprintf() "%s" with precision could walk off
> end of argument. [RT #5191]
>
> 1429. [bug] Prevent the cache getting locked to old servers.
>
> 1424. [bug] EDNS version not being correctly printed.
>
> 1423. [contrib] queryperf: added A6 and SRV.
>
> 1420. [port] solaris: work around gcc optimiser bug.
>
> 1419. [port] openbsd: use /dev/arandom. [RT #4950]
>
> 1418. [bug] 'rndc reconfig' did not cause new slaves to load.
>
> 1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
> [RT #4715]
>
> 1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
>
> 1408. [bug] distclean was not complete. [RT #4700]
>
> 1407. [bug] lfsr incorrectly implements the shift register.
> [RT #4617]
>
> 1406. [bug] dispatch initialises one of the LFSR's with a incorrect
> polynomial. [RT #4617]
>
> 1405. [func] Use arc4random() if available.
>
> 1401. [bug] adb wasn't clearing state when the timer expired.
>
> 1399. [bug] Use serial number arithmetic when testing SIG
> timestamps. [RT #4268]
>
> 1397. [bug] J.ROOT-SERVERS.NET is now 192.58.128.30.
>
> 1389. [bug] named could fail to rotate long log files. [RT #3666]
>
> 1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
> defining HAVE_IFLIST_SYSCTL. [RT #3770]
>
> 1387. [bug] named could crash due to an access to invalid memory
> space (which caused an assertion failure) in
> incremental cleaning. [RT #3588]
>
> 1385. [bug] Setting serial-query-rate to 10 would trigger a
> REQUIRE failure.
>
> 1384. [bug] host was incompatible with BIND 8 in its exit code and
> in the output with the -l option. [RT #3536]
>
> 1373. [bug] Recovery from expired glue failed under certain
> circumstances.
>
> 1372. [bug] named crashes with an assertion failure on exit when
> sharing the same port for listening and querying, and
> changing listening addresses several times. [RT# 3509]
>
> 1370. [bug] dig '+[no]recurse' was incorrectly documented.
>
> 1369. [bug] Adding an NS record as the lexicographically last
> record in a secure zone didn't work.
>
> 1366. [contrib] queryperf usage was incomplete. Add '-h' for help.
>
> 1348. [port] win32: Rewrote code to use I/O Completion Ports
> in socket.c and eliminating a host of socket
> errors. Performance is enhanced.
>
> 1333. [contrib] queryperf now reports a summary of returned
> rcodes (-c), rcodes are printed in mnemonic form (-v).
>
> 1299. [bug] Set AI_ADDRCONFIG when looking up addresses
> via getaddrinfo() (affects dig, host, nslookup, rndc
> and nsupdate).
>
> 1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
> [RT #2436]
>
> 1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
> [RT #2046]
>
> 992. [doc] dig: ~/.digrc is now documented.
>
> --- 9.2.2 released ---
>
> 1428. [port] hpux: temporary work around of hpux 11.11 interface
> scanning.
>
> 1427. [bug] Race condition in adb with threaded build.
>
> 1426. [cleanup] Disable RFC2535 style DNSSEC. This is incompatible
> with the forthcoming DS style DNSSEC.
>
> 1425. [port] linux/libbind: define __USE_MISC when testing *_r()
> function prototypes in netdb.h. [RT #4921]
>
> 1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
> have a working implementation. [RT #4079]
>
> 1382. [bug] make install failed with --enable-libbind. [RT #3656]
>
> 1381. [bug] named failed to correctly process answers that
> contained DNAME records where the resulting CNAME
> resulted in a negative answer.
>
> --- 9.2.2rc1 released ---
>
> 1360. [bug] --enable-libbind would fail when not built in the
> source tree for certain OS's.
>
> 1359. [security] Support patches OpenSSL libraries.
> http://www.cert.org/advisories/CA-2002-23.html
>
> 1358. [bug] It was possible to trigger a INSIST when debugging
> large dynamic updates. [RT #3390]
>
> 1357. [bug] nsupdate was extremely wasteful of memory.
>
> 1356. [tuning] Reduce the number of events / quantum for zone tasks.
>
> 1354. [doc] lwres man pages had illegal nroff.
>
> 1353. [contrib] sdb/ldap to version 0.9.
>
> 1352. [bug] dig, host, nslookup when falling back to TCP use the
> current search entry (if any). [RT #3374]
>
> 1351. [bug] lwres_getipnodebyname() returned the wrong name
> when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
> was set.
>
> 1350. [bug] dns_name_fromtext() failed to handle too many labels
> gracefully.
>
> 1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
> http://www.cert.org/advisories/CA-2002-23.html
>
> 1346. [bug] Win32: select timeout in socket.c was too small
> as value given was meant to be milliseconds and
> timeval structure requires microseconds. This
> caused high CPU loads with a compute bound loop.
> [RT #3358]
>
> 1345. [port] Use a explicit -Wformat with gcc. Not all versions
> include it in -Wall.
>
> 1340. [bug] Delay and spread out the startup refresh load.
>
> 1335. [bug] When performing a nonexistence proof, the validator
> should discard parent NXTs from higher in the DNS.
>
> 1334. [bug] When signing/verifying rdatasets, duplicate rdatas
> need to be suppressed.
>
> 1330. [bug] When processing events (non-threaded) only allow
> the task one chance to use to use its quantum.
>
> 1327. [bug] The validator would incorrectly mark data as insecure
> when seeing a bogus signature before a correct
> signature.
>
> 1326. [bug] DNAME/CNAME signatures were not being cached when
> validation was not being performed. [RT #3284]
>
> 1325. [bug] If the tcpquota was exhausted it was possible to
> to trigger a INSIST() failure.
>
> 1324. [port] darwin: ifconfig.sh now supports darwin.
>
> 1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
>
> 1320. [doc] query-source-v6 was missing from options section.
> [RT #3218]
>
> 1319. [func] libbind: log attempts to exploit #1318.
>
> 1318. [bug] libbind: Remote buffer overrun.
>
> 1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
> element name.
>
> 1316. [bug] libbind: gethostans() could get out of sync parsing
> the response if there was a very long CNAME chain.
>
> 1315. [bug] Options should apply to the internal _bind view.
>
> 1314. [port] Handle ECONNRESET from sendmsg() [unix].
>
> 1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
>
> 1310. [bug] 'rndc stop' failed to cause zones to be flushed
> sometimes. [RT #3157]
>
> 1307. [bug] nsupdate: allow white space base64 key data.
>
> 1306. [bug] Badly encoded LOC record when the size, horizontal
> precision or vertical precision was 0.1m.
>
> 1305. [bug] Document that internal zones are included in the
> rndc status results.
>
> 1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
> could be left with a trailing "\" after configure
> has been run.
>
> 1297. [port] linux: make handling EINVAL from socket() no longer
> conditional on #ifdef LINUX.
>
> 1296. [bug] isc_log_closefilelogs() needed to lock the log
> context.
>
> 1295. [bug] isc_log_setdebuglevel() needed to lock the log
> context.
>
> 1294. [func] libbind: no longer attempts bit string labels for
> IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
> for nibble style resolution.
>
> 1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
>
> 1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
> reflect written requirements.
>
> 1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
> a rdataset to a zone db in the rbtdb implementation of
> addrdataset.
>
> 1286. [bug] dns_name_downcase() enforce requirement that
> target != NULL or name->buffer != NULL.
>
> 1284. [bug] The RTT estimate on unused servers was not aged.
> [RT #2569]
>
> 1282. [port] libbind: hpux 11.11 interface scaning.
>
> 1280. [bug] libbind: escape '(' and ')' when converting to
> presentation form.
>
> 1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
>
> 1276. [bug] libbind: const pointer conflicts in res_debug.c.
>
> 1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
>
> 1274. [bug] Memory leak in lwres_gnbarequest_parse().
>
> 1273. [port] libbind: solaris: 64 bit binary compatibility.
>
> 1272. [contrib] Berkeley DB 4.0 sdb implementation from
> Nuno Miguel Rodrigues <nmr at co.sapo.pt>.
>
> 1270. [bug] Check that system inet_pton() and inet_ntop() support
> AF_INET6.
>
> 1269. [port] Openserver: ifconfig.sh support.
>
> 1268. [port] Openserver: the value FD_SETSIZE depends on whether
> <sys/param.h> is included or not. Be consistent.
>
> 1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
> __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
> are not C++ compatible, use *_TYPE versions instead.
>
> 1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
> C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
>
> 1263. [bug] Reference after free error if dns_dispatchmgr_create()
> failed.
>
> 1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
>
> 1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
> support for compressed TSIG owner names.
>
> 1260. [func] libbind: res_update can now update IPv6 servers,
> new function res_findzonecut2().
>
> 1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
> w/o sa_len.
>
> 1258. [bug] libbind: res_nametotype() and res_nametoclass() were
> broken.
>
> 1257. [bug] Failure to write pid-file should not be fatal on
> reload. [RT #2861]
>
> 1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
>
> 1255. [bug] When verifying that an NXT proves nonexistence, check
> the rcode of the message and only do the matching NXT
> check. That is, for NXDOMAIN responses, check that
> the name is in the range between the NXT owner and
> next name, and for NOERROR NODATA responses, check
> that the type is not present in the NXT bitmap.
>
> 1253. [bug] The dnssec system test failed to remove the correct
> files.
>
> 1252. [bug] Dig, host and nslookup were not checking the address
> the answer was coming from against the address it was
> sent to. [RT# 2692]
>
> 1248. [bug] DESTDIR was not being propagated between makes.
>
> 1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
> accept().
>
> 1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
>
> 1241. [bug] Drop received UDP messages with a zero source port
> as these are invariably forged. [RT #2621]
>
> 1209. [bug] Dig, host, nslookup were not checking the message ids
> on the responses. [RT #2454]
>
> 1097. [func] libbind: RES_PRF_TRUNC for dig.
>
> 1096. [func] libbind: "DNSSEC OK" (DO) support.
>
> 1095. [func] libbind: resolver option: no-tld-query. disables
> trying unqualified as a tld. no_tld_query is also
> supported for FreeBSD compatibility.
>
> 1094. [func] libbind: add support gcc's format string checking.
>
> 1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
> support.
>
> --- 9.2.1 released ---
>
> 1251. [port] win32: a make file contained absolute version specific
> references.
>
> 1249. [bug] Missing masters clause was not handled gracefully.
> [RT #2703]
>
> 1244. [bug] Receiving a TCP message from a blackhole address would
> prevent further messages being received over that
> interface.
>
> 1178. [bug] Follow and cache (if appropriate) A6 and other
> data chains to completion in the additional section.
>
> --- 9.2.1rc2 released ---
>
> 1240. [bug] It was possible to leak zone references by
> specifying an incorrect zone to rndc.
>
> 1239. [bug] Under certain circumstances named could continue to
> use a name after it had been freed triggering
> INSIST() failures. [RT #2614]
>
> 1238. [bug] It is possible to lockup the server when shutting down
> if notifies were being processed. [RT #2591]
>
> 1237. [bug] nslookup: "set q=type" failed.
>
> 1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
> NULL terminated text regions. [RT #2588]
>
> 1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
>
> 1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
>
> 1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
>
> 1229. [bug] named would crash if it received a TSIG signed
> query as part of an AXFR response. [RT #2570]
>
> 1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
>
> 1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
> if a number was expected and some other token was
> found. [RT#2532]
>
> 1222. [bug] Specifying 'port *' did not always result in a system
> selected (non-reserved) port being used. [RT #2537]
>
> 1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
> compared case insensitively. [RT #2542]
>
> 1218. [bug] Named incorrectly returned SERVFAIL rather than
> NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
>
> 1216. [bug] Multiple server clauses for the same server were not
> reported. [RT #2514]
>
> 1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
>
> 1214. [bug] Win32: isc_file_renameunique() could leave zero length
> files behind.
>
> 1212. [port] libbind: 64k answer buffers were causing stack space
> to be exceeded for certain OS. Use heap space instead.
>
> 1211. [bug] dns_name_fromtext() incorrectly handled certain
> valid octal bitlabels. [RT #2483]
>
> 1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
> compatible addresses. [RT #2461]
>
> 1208. [bug] dns_master_load*() failed to log a error message if
> an error was detected when parsing the ownername of
> a record. [RT #2448]
>
> --- 9.2.1rc1 released ---
>
> 1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
> an invalid pointer.
>
> 1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
> trigger a non-EDNS retry.
>
> 1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
> of the message. [RT #2449]
>
> 1204. [bug] libbind: res_nupdate() failed to update the name
> server addresses before sending the update.
>
> 1201. [bug] Require that if 'callbacks' is passed to
> dns_rdata_fromtext(), callbacks->error and
> callbacks->warn are initialized.
>
> 1200. [bug] Log 'errno' that we are unable to convert to
> isc_result_t. [RT #2404]
>
> 1198. [bug] OPT printing style was not consistent with the way the
> header fields are printed. The DO bit was not reported
> if set. Report if any of the MBZ bits are set.
>
> 1197. [bug] Attempts to define the same acl multiple times were not
> detected.
>
> 1196. [contrib] update mdnkit to 2.2.3.
>
> 1195. [bug] Attempts to redefine builtin acls should be caught.
> [RT #2403]
>
> 1194. [bug] Not all duplicate zone definitions were being detected
> at the named.conf checking stage. [RT #2431]
>
> 1193. [bug] Best effort parsing didn't handle packet truncation.
>
> 1191. [bug] A dynamic update removing the last non-apex name in
> a secure zone would fail. [RT #2399]
>
> 1189. [bug] On some systems, malloc(0) returns NULL, which
> could cause the caller to report an out of memory
> error. [RT #2398]
>
> 1188. [bug] Dynamic updates of a signed zone would fail if
> some of the zone private keys were unavailable.
>
> 1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
> EOL token when reading to end of line.
>
> 1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
> unless RES_INIT is set when calling res_*init().
>
> 1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
> when res_*init() is called.
>
> 1183. [bug] Handle ENOSR error when writing to the internal
> control pipe. [RT #2395]
>
> 1182. [bug] The server could throw an assertion failure when
> constructing a negative response packet.
>
> 1176. [doc] Document that allow-v6-synthesis is only performed
> for clients that are supplied recursive service.
> [RT #2260]
>
> 1175. [bug] named-checkzone failed to call dns_result_register()
> at startup which could result in runtime
> exceptions when printing "out of memory" errors.
> [RT #2335]
>
> 1174. [bug] Win32: add WSAECONNRESET to the expected errors
> from connect(). [RT #2308]
>
> 1173. [bug] Potential memory leaks in isc_log_create() and
> isc_log_settag(). [RT #2336]
>
> 1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
> table of RR types in ARM.
>
> 1170. [bug] Don't attempt to print the token when a I/O error
> occurs when parsing named.conf. [RT #2275]
>
> 1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
>
> 1167. [contrib] nslint-2.1a3 (from author).
>
> 1166. [bug] "Not Implemented" should be reported as NOTIMP,
> not NOTIMPL. [RT #2281]
>
> 1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
>
> 1164. [bug] Empty masters clauses in slave / stub zones were not
> handled gracefully. [RT #2262]
>
> 1162. [bug] The allow-notify option was not accepted in slave
> zone statements.
>
> 1161. [bug] named-checkzone looped on unbalanced brackets.
> [RT #2248]
>
> 1160. [bug] Generating Diffie-Hellman keys longer than 1024
> bits could fail. [RT #2241]
>
> 1156. [port] The configure test for strsep() incorrectly
> succeeded on certain patched versions of
> AIX 4.3.3. [RT #2190]
>
> 1154. [bug] Don't attempt to obtain the netmask of a interface
> if there is no address configured. [RT #2176]
>
> 1152. [bug] libbind: read buffer overflows.
>
> 1144. [bug] rndc-confgen would crash if both the -a and -t
> options were specified. [RT #2159]
>
> 1142. [bug] dnssec-signzone would fail to delete temporary files
> in some failure cases. [RT #2144]
>
> 1141. [bug] When named rejected a control message, it would
> leak a file descriptor and memory. It would also
> fail to respond, causing rndc to hang.
> [RT #2139, #2164]
>
> 1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
> to the -s option. [RT #2138]
>
> 1136. [bug] CNAME records synthesised from DNAMEs did not
> have a TTL of zero as required by RFC2672.
> [RT #2129]
>
> 1125. [bug] rndc: -k option was missing from usage message.
> [RT #2057]
>
> 1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
> are now documented. [RT #2052]
>
> 1123. [bug] dig +[no]fail did not match description. [RT #2052]
>
> 1109. [bug] nsupdate accepted illegal ttl values.
>
> 1108. [bug] On Win32, rndc was hanging when named was not running
> due to failure to select for exceptional conditions
> in select(). [RT #1870]
>
> 1081. [bug] Multicast queries were incorrectly identified
> based on the source address, not the destination
> address.
>
> 1072. [bug] The TCP client quota could be exceeded when
> recursion occurred. [RT #1937]
>
> 1071. [bug] Sockets listening for TCP DNS connections
> specified an excessive listen backlog. [RT #1937]
>
> 1070. [bug] Copy DNSSEC OK (DO) to response as specified by
> draft-ietf-dnsext-dnssec-okbit-03.txt.
>
> 1014. [bug] Some queries would cause statistics counters to
> increment more than once or not at all. [RT #1321]
>
> 1012. [bug] The -p option to named did not behave as documented.
>
> 988. [bug] 'additional-from-auth no;' did not work reliably
> in the case of queries answered from the cache.
> [RT #1436]
>
> 995. [bug] dig, host, nslookup: using a raw IPv6 address as a
> target address should be fatal on a IPv4 only system.
>
> --- 9.2.0 released ---
>
More information about the bind-users
mailing list