BIND 9.2.7 Release Candidate 3 is now available. BIND 9.2.7rc3 is a maintenance release candidate for BIND 9.2. BIND 9.2.7rc3 can be downloaded from ftp://ftp.isc.org/isc/bind9/9.2.7rc3/bind-9.2.7rc3.tar.gz The PGP signature of the distribution is at ftp://ftp.isc.org/isc/bind9/9.2.7rc3/bind-9.2.7rc3.tar.gz.asc ftp://ftp.isc.org/isc/bind9/9.2.7rc3/bind-9.2.7rc3.tar.gz.sha256.asc ftp://ftp.isc.org/isc/bind9/9.2.7rc3/bind-9.2.7rc3.tar.gz.sha512.asc The signature was generated with the ISC public key, which is available at . A binary kit for Windows NT 4.0 and Windows 2000 is at ftp://ftp.isc.org/isc/bind9/9.2.7rc3/BIND9.2.7rc3.zip ftp://ftp.isc.org/isc/bind9/9.2.7rc3/BIND9.2.7rc3.debug.zip The PGP signature of the binary kit for Windows NT 4.0 and Windows 2000 is at ftp://ftp.isc.org/isc/bind9/9.2.7rc3/BIND9.2.7rc3.zip.asc ftp://ftp.isc.org/isc/bind9/9.2.7rc3/BIND9.2.7rc3.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.2.7rc3/BIND9.2.7rc3.zip.sha512.asc ftp://ftp.isc.org/isc/bind9/9.2.7rc3/BIND9.2.7rc3.debug.zip.asc ftp://ftp.isc.org/isc/bind9/9.2.7rc3/BIND9.2.7rc3.debug.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.2.7rc3/BIND9.2.7rc3.debug.zip.sha512.asc A list of changes made since 9.2.0 follows. For earlier changes, see the file CHANGES in the distribution. -------- --- 9.2.7rc3 released --- 2096. [bug] libbind: handle applications that fail to detect res_init() failures better. 2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and net_cidr_ntop_ipv6(). [RT #16388] 2094. [contrib] Update named-bootconf. [RT# 16404] 2091. [port] dighost.c: race condition on cleanup. [RT #16417] 2090. [port] win32: Visual C++ 2005 command line manifest support. [RT #16417] 2089. [security] Raise the minimum safe OpenSSL versions to OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions prior to these have known security flaws which are (potentially) exploitable in named. [RT #16391] 2088. [security] Change the default RSA exponent from 3 to 65537. [RT #16391] 2086. [port] libbind: FreeBSD now has get*by*_r() functions. [RT #16403] 2085. [doc] win32: added index.html and README to zip. [RT #16201] 2084. [contrib] dbus update for 9.3.3rc2. 2083. [port] win32: Visual C++ 2005 support. 2082. [doc] Document 'cache-file' as a test only option. --- 9.2.7rc2 released --- 2081. [port] libbind: minor 64-bit portability fix in memcluster.c. [RT #16360] 2080. [port] libbind: res_init.c did not compile on older versions of Solaris. [RT #16363] 2076. [bug] Several files were missing #include causing build failures on OSF. [RT #16341] --- 9.2.7rc1 released --- 2071. [port] Test whether gcc accepts -fno-strict-aliasing. [RT #16324] 2070. [bug] The remote address was not always displayed when reporting dispatch failures. [RT #16315] 2069. [bug] Cross compiling was not working. [RT #16330] 2067. [bug] 'rndc' could close the socket too early triggering a INSIST under Windows. [RT #16317] 2065. [bug] libbind: probe for HPUX prototypes for endprotoent_r() and endservent_r(). [RT 16313] 2064. [bug] libbind: silence AIX compiler warnings. [RT #16218] 2063. [bug] Change #1955 introduced a bug which caused the first 'rndc flush' call to not free memory. [RT #16244] 2062. [bug] 'dig +nssearch' was reusing a buffer before it had been returned by the socket code. [RT #16307] 2057. [bug] Make setting "ra" dependent on both allow-query and allow-recursion. [RT #16290] 2056. [bug] dig: ixfr= was not being treated case insensitively at all times. [RT #15955] 2055. [bug] Missing goto after dropping multicast query. [RT #15944] 2054. [port] freebsd: do not explicitly link against -lpthread. [RT #16170] 2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220] 2050. [bug] Parsing of NSAP records was not case insensitive. [RT #16287] 2043. [port] nsupdate/nslookup: Force the flushing of the prompt for interactive sessions. [RT#16148] 2038. [bug] dig/nslookup/host was unlinking from wrong list when handling errors. [RT #16122] 2037. [func] When unlinking the first or last element in a list check that the list head points to the element to be unlinked. [RT #15959] 2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124] 1941. [bug] ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642] --- 9.2.7b1 released --- 2030. [bug] We were being overly conservative when disabling openssl engine support. [RT #16030] 2028. [port] linux: socket.c compatability for old systems. [RT #16015] 2027. [port] libbind: Solaris x86 support. [RT #16020] 2026. [bug] Rate limit the recursive client exceeded message. [RT #16044] 2024. [bug] named emited spurious "zone serial unchanged" messages on reload. [RT #16027] 2023. [bug] "make install" should create ${localstatedir}/run and ${sysconfdir} if they do not exist. [RT #16033] 2016. [bug] Return a partial answer if recursion is not allowed but requested and we had the answer to the original qname. [RT #15945] 2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR responses more gracefully. [RT #15941] 2009. [bug] libbind: coverity fixes. [RT #15808] 2005. [bug] libbind: Retransmission timeouts should be based on which attempt it is to the nameserver and not the nameserver itself. [RT #13548] 2004. [bug] dns_tsig_sign() could pass a NULL pointer to dst_context_destroy() when cleaning up after a error. [RT #15835] 2003. [bug] libbind: The DNS name/address lookup functions could occasionally follow a random pointer due to structures not being completely zeroed. [RT #15806] 2002. [bug] libbind: tighten the constraints on when struct addrinfo._ai_pad exists. [RT #15783] 1997. [bug] Named was failing to replace negative cache entries when a positive one for the type was learnt. [RT #15818] 1994. [port] OpenSSL 0.9.8 support. [RT #15694] 1991. [cleanup] The configuration data, once read, should be treated as readonly. Expand the use of const to enforce this at compile time. [RT #15813] 1990. [bug] libbind: isc's override of broken gettimeofday() implementions was not always effective. [RT #15709] 1981. [bug] win32: condition.c:wait() could fail to reattain the mutex lock. 1979. [port] linux: allow named to drop core after changing user ids. [RT #15753] 1978. [port] Handle systems which have a broken recvmsg(). [RT #15742] 1977. [bug] Silence noisy log message. [RT #15704] 1976. [bug] Handle systems with no IPv4 addresses. [RT #15695] 1975. [bug] libbind: isc_gethexstring() could misparse multi-line hex strings with comments. [RT #15814] 1974. [doc] List each of the zone types and associated zone options seperately in the ARM. 1972. [contrib] DBUS dynamic forwarders integation from Jason Vas Dias . 1971. [port] linux: make detection of missing IF_NAMESIZE more robust. [RT #15443] 1969. [bug] win32: the socket code was freeing the socket structure too early. [RT #15776] 1966. [bug] Don't set CD when we have fallen back to plain DNS. [RT #15727] 1962. [bug] Named failed to clear old update-policy when it was removed. [RT #15491] 1961. [bug] Check the port and address of responses forwarded to dispatch. [RT #15474] 1960. [bug] Update code should set NXT ttls from SOA MINIMUM. [RT #15465] 1958. [bug] Named failed to update the zone's secure state until the zone was reloaded. [RT #15412] 1957. [bug] Dig mishandled responses to class ANY queries. [RT #15402] 1956. [bug] Improve cross compile support, 'gen' is now built by native compiler. See README for additional cross compile support information. [RT #15148] 1955. [bug] Pre-allocate the cache cleaning interator. [RT #14998] 1952. [port] hpux: tell the linker to build a runtime link path "-Wl,+b:". [RT #14816]. 1951. [security] Drop queries from particular well known ports. Don't return FORMERR to queries from particular well known ports. [RT #15636] 1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect() a TCP socket. This prevents the source address being set for TCP connections. [RT #15628] 1948. [bug] If was possible to trigger a REQUIRE failure in xfrin.c:maybe_free() if named ran out of memory. [RT #15568] 1944. [cleanup] isc_hash_create() does not need a read/write lock. [RT #15522] 1943. [bug] Set the loadtime after rolling forward the journal. [RT #15647] 1940. [bug] Fixed a number of error conditions reported by Coverity. --- 9.2.6 released --- --- 9.2.6rc1 released --- 1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530] --- 9.2.6b2 released --- 1930. [port] HPUX: ia64 support. [RT #15473] 1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM. 1926. [bug] BINDinstall was being installed in the wrong place. [RT #15483] 1925. [port] All outer level AC_TRY_RUNs need cross compiling defaults. [RT #15469] 1924. [port] libbind: hpux ia64 support. [RT #15473] 1923. [bug] ns_client_detach() called too early. [RT #15499] --- 9.2.6b1 released --- 1917. [doc] funcsynopsisinfo wasn't being treated as verbatim when generating man pages. [RT #15385] 1911. [bug] Update windows socket code. [RT #14965] 1905. [bug] Strings returned from cfg_obj_asstring() should be treated as read-only. [RT #15256] 1895. [bug] A escaped character is, potentially, converted to the output character set too early. [RT #14666] 1893. [port] Use uintptr_t if available. [RT #14606] 1889. [port] sunos: non blocking i/o support. [RT #14951] 1887. [bug] The cache could delete expired records too fast for clients with a virtual time in the past. [RT #14991] 1886. [bug] fctx_create() could return success even though it failed. [RT #14993] 1884. [cleanup] dighost.c: move external declarations into . 1883. [bug] dnssec-signzone, dnssec-keygen, dnssec-signkey, dnssec-makekeyset: handle negative debug levels. [RT #14962] 1881. [func] Add a system test for named-checkconf. [RT #14931] 1877. [bug] Fix unreasonably low quantum on call to dns_rbt_destroy2(). Remove unnecessay unhash_node() call. [RT #14919] 1875. [bug] process_dhtkey() was using the wrong memory context to free some memory. [RT #14890] 1873. [port] win32: isc__errno2result() now reports its caller. [RT #13753] 1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753] 1871. [bug] dnssec_makekeyset and dnssec-signkey failed to initalize the hash context. [RT #13771] 1865. [bug] Silently ignore nameservers in /etc/resolv.conf with bad addresses. [RT #14841] 1861. [bug] dig could trigger a INSIST on certain malformed responses. [RT #14801] 1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was incorrectly set. [RT #14775] 1856. [doc] Switch Docbook toolchain from DSSSL to XSL. [RT #11398] 1854. [bug] lwres also needs to know the print format for (long long). [RT #13754] 1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591] 1849. [doc] All forms of the man pages (docbook, man, html) should have consistant copyright dates. 1848. [bug] Improve SMF integration. [RT #13238] 1847. [bug] isc_ondestroy_init() is called too late in dns_rbtdb_create()/dns_rbtdb64_create(). [RT #13661] 1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer . 1845. [bug] Improve error reporting to distingish between accept()/fcntl() and socket()/fcntl() errors. [RT #13745] 1844. [bug] inet_pton() accepted more that 4 hexadecimal digits for each 16 bit piece of the IPv6 address. The text representation of a IPv6 address has been tighted to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt). [RT #5662] 1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps when CFLAGS contains "-I /usr/local/include" resulting in old header files being used. 1842. [port] cmsg_len() could produce incorrect results on some platform. [RT #13744] 1841. [bug] "dig +nssearch" now makes a recursive query to find the list of nameservers to query. [RT #13694] 1839. [bug] was not being installed. 1838. [cleanup] Don't allow Linux capabilities to be inherited. [RT #13707] 1836. [cleanup] Silence compiler warnings in hash_test.c. 1835. [bug] Update dnssec-signzone's usage message. [RT #13657] 1834. [bug] Bad memset in rdata_test.c. [RT #13658] 1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660] 1832. [bug] named fails to return BADKEY on unknown TSIG algorithm. [RT #13620] 1830. [bug] adb lame cache has sence of test reversed. [RT #13600] 1828. [bug] isc_rwlock_init() failed to properly cleanup if it encountered a error. [RT #13549] 1827. [bug] host: update usage message for '-a'. [RT #37116] 1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out of memory error. [RT #13537] 1825. [bug] Missing UNLOCK() on out of memory error from in rbtdb.c:subtractrdataset(). [RT #13519] 1824. [bug] Memory leak on dns_zone_setdbtype() failure. [RT #13510] 1823. [bug] Wrong macro used to check for point to point interface. [RT#13418] 1821. [doc] acls definitions are no longer required to be in named.conf prior to reference. They can be defined after being referenced. 1820. [bug] Gracefully handle acl loops. [RT #13659] 1815. [bug] nsupdate triggered a REQUIRE if the server was set without also setting the zone and it encountered a CNAME and was using TSIG. [RT #13086] 1810. [bug] configure, lib/bind/configure make different default decisions about whether to do a threaded build. [RT #13212] 1809. [bug] "make distclean" failed for libbind if the platform is not supported. 1807. [bug] When forwarding (forward only) set the active domain from the forward zone name. [RT #13526] 1804. [bug] Ensure that if we are queried for glue that it fits in the additional section or TC is set to tell the client to retry using TCP. [RT #10114] 1802. [bug] Handle connection resets better. [RT #11280] --- 9.2.5 released --- --- 9.2.5rc1 released --- 1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect. [RT #13453] 1808. [bug] zone.c:notify_zone() contained a race condition, zone->db could change underneath it. [RT #13511] --- 9.2.5beta2 released --- 1800. [bug] Changes #1719 allowed a INSIST to be triggered. [RT #13428] --- 9.2.5beta1 released --- 1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should allow parallel make to succeed. 1789. [bug] Prerequisite test for tkey and dnssec could fail with "configure --with-libtool". 1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings. 1786. [port] AIX: libt_api needs to be taught to look for T_testlist in the main executable (--with-libtool). [RT #13239] 1784. [cleanup] "libtool -allow-undefined" is the default. Leave hooks in configure to allow it to be set if needed in the future. 1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the source tree. 1782. [port] OSX: --with-libtool + --enable-libbind broke on __evOptMonoTime. [RT #13219] 1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810] 1780. [bug] Update libtool to 1.5.10. 1779. [port] OSF 5.1: libtool didn't handle -pthread correctly. 1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT macros. 1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT macros. 1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT macros. 1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205] 1774. [port] Aix: Silence compiler warnings / build failures. [RT #13154] 1773. [bug] Fast retry on host / net unreachable. [RT #13153] 1772. [bug] Change #1740 needed more work in 9.2 as bit-labels are still supported. [RT #13015] 1771. [bug] Built-in zones did not have SOA or NS records. [RT #13015] 1770. [bug] named-checkconf failed to report missing a missing file clause for rbt{64} master/hint zones. [RT#13009] 1769. [port] win32: change compiler flags /MTd ==> /MDd, /MT ==> /MD. 1767. [port] Builds on IPv6 platforms without IPv6 Advanced API support for (struct in6_pktinfo) failed. [RT #13077] 1766. [bug] Update the master file timestamp on successful refresh as well as the journal's timestamp. [RT# 13062] 1764. [bug] dns_zone_replacedb failed to emit a error message if there was no SOA record in the replacment db. [RT #13016] 1760. [bug] Host / net unreachable was not penalising rtt estimates. [RT #12970] 1753. [bug] Don't serve a slave zone which has no NS records. [RT #12894] 1752. [port] Move isc_app_start() to after ns_os_daemonise() as some fork() implementations unblock the signals that are blocked by isc_app_start(). [RT #12810] 1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly. [RT #12864] 1747. [bug] BIND 8 compatability: named/named-checkconf failed to parse "host-statistics-max" in named.conf. 1744. [bug] If tuple2msgname() failed to convert a tuple to a name a REQUIRE could be triggered. [RT #12796] 1743. [bug] If isc_taskmgr_create() was not able to create the requested number of worker threads then destruction of the manager would trigger an INSIST() failure. [RT #12790] 1742. [bug] Deleting all records at a node then adding a previously existing record, in a single UPDATE transaction, failed to leave / regenerate the associated SIG records. [RT #12788] 1741. [bug] Deleting all records at a node in a secure zone using a update-policy grant failed. [RT #12787] 1740. [bug] Replace rbt's hash algorithm as it performed badly with certain zones. [RT #12729] NOTE: a hash context now needs to be established via isc_hash_create() if the application was not already doing this. 1739. [bug] dns_rbt_deletetree() could incorrectly return ISC_R_QUOTA. [RT #12695] 1738. [bug] Enable overrun checking by default. [RT #12695] 1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path. [RT #12588] 1733. [bug] Return non-zero exit status on initial load failure. [RT #12658] 1731. [port] darwin: relax version test in ifconfig.sh. [RT #12581] 1730. [port] Determine the length type used by the socket API. [RT #12581] 1726. [port] aix5: add support for aix5. 1725. [port] linux: update error message on interaction of threads, capabilities and setuid support (named -u). [RT #12541] 1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493] 1722. [bug] Don't commit the journal on malformed ixfr streams. [RT #12519] 1721. [bug] Error message from the journal processing were not always identifing the relevent journal. [RT #12519] 1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1 negative response. [RT #12506] 1719. [bug] named was not correctly caching a RFC 2308 Type 1 negative response. [RT #12506] 1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative responses when looking for the zone / master server. [RT #12506] 1717. [port] solaris: ifconfig.sh did not support Solaris 10. "ifconfig.sh down" didn't work for Solaris 9. 1716. [doc] named.conf(5) was being installed in the wrong location. [RT# 12441] 1714. [bug] dig/host/nslookup were only trying the first address when a nameserver was specified by name. [RT #12286] 1713. [port] linux: extend capset failure message to say: please ensure that the capset kernel module is loaded. see insmod(8) --- 9.2.4 released --- --- 9.2.4rc8 released --- 1709. [port] solaris: add SMF support from Sun. 1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash() for conformance to the name space convention. Binary backward compatibility to the old function name is provided. [RT #12376] 1707. [contrib] sdb/ldap updated to version 1.0-beta. 1704. [port] lwres needed a snprintf() implementation for platforms without snprintf(). [RT #12321] 1701. [doc] A minimal named.conf man page. 1700. [func] nslookup is no longer to be treated as deprecated. Remove "deprecated" warning message. Add man page. 1698. [doc] Use reserved IPv6 documentation prefix. --- 9.2.4rc7 released --- 1694. [bug] Report if the builtin views of "_default" / "_bind" are defined in named.conf. [RT #12023] 1692. [bug] Don't set -I, -L and -R flags when libcrypto is in /usr/lib. [RT #11971] 1691. [bug] sdb's attachversion was not complete. [RT #11990] 1690. [bug] Delay detaching view from the client until UPDATE processing completes when shutting down. [RT #11714] 1689. [bug] DNS_NAME_TOREGION() macros contained a gratuitous semicolons. [RT #11707] 1688. [bug] LDFLAGS was not supported. 1687. [bug] Race condition in dispatch. [RT #10272] 1686. [bug] Named sent a extraneous NOTIFY when it received a redundant UPDATE request. [RT #11943] --- 9.2.4rc6 released --- 1685. [bug] Change #1679 loop tests weren't quite right. 1682. [port] Update configure test for (long long) printf format. [RT #5066] 1681. [bug] Only set SO_REUSEADDR when a port is specified in isc_socket_bind(). [RT #11742] 1679. [bug] When there was a single nameserver with multiple addresses for a zone not all addresses were tried. [RT #11706] 1672. [cleanup] Tests which only function in a threaded build now return R:THREADONLY (rather than R:UNTESTED) in a non-threaded build. 1671. [contrib] queryperf: add NAPTR to the list of known types. 1669. [bug] Restore "update forwarding denied" log messages accidentally suppressed by change #1633. [RT# 11657] 1660. [bug] win32: connection_reset_fix() was being called unconditionally. [RT #11595] --- 9.2.4rc5 released --- 1655. [bug] Logging multiple versions w/o a size was broken. [RT #11446] 1654. [bug] isc_result_totext() contained array bounds read error. 1650. [bug] dig, nslookup: flush standard out after each command. 1649. [bug] Silence "unexpected non-minimal diff" message. [RT #11206] 1646. [bug] win32: logging file versions didn't work with non-UNC filenames. [RT#11486] 1644. [bug] Update the journal modification time after a sucessfull refresh query. [RT #11436] 1643. [bug] dns_db_closeversion() could leak memory / node references. [RT #11163] --- 9.2.4rc4 released --- 1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was incorrectly closing the socket. [RT #11291] 1634. [bug] named didn't supply a useful error message when it detected duplicate views. [RT #11208] 1633. [bug] named should return NOTIMP to update requests to a slaves without a allow-update-forwarding acl specified. [RT #11331] 1632. [bug] nsupdate failed to send prerequisite only UPDATE messages. [RT #11288] 1627. [bug] win32: sockets were not being closed when the last external reference was removed. [RT# 11179] --- 9.2.4rc3 released --- 1623. [bug] A serial number of zero was being displayed in the "sending notifies" log message when also-notify was used. [RT #11177] 1621. [bug] match-destinations did not work for IPv6 TCP queries. [RT# 11156] 1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches(). [RT# 11118] 1617. [port] win32: VC++ 6.0 support. 1616. [compat] Ensure that named's version is visible in the core dump. [RT #11127] 1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if it is defined. 1614. [port] win32: silence resource limit messages. [RT# 11101] 1610. [bug] On dual stack machines "dig -b" failed to set the address type to be looked up with "@server". [RT #11069] 1600. [bug] Duplicate zone pre-load checks were not case insensitive. 1599. [bug] Fix memory leak on error path when checking named.conf. --- 9.2.4rc2 released --- 1607. [bug] dig, host and nslookup were still using random() to generate query ids. [RT# 11013] 1604. [bug] A xfrout_ctx_create() failure would result in xfrout_ctx_destroy() being called with a partially initialized structure. 1603. [bug] nsupdate: set interactive based on isatty(). [RT# 10929] 1602. [bug] Logging to a file failed unless a size was specified. [RT# 10925] 1601. [bug] Silence spurious warning 'both "recursion no;" and "allow-recursion" active' warning from view "_bind". [RT# 10920] 1455. [bug] missing from server grammar in doc/misc/options. [RT #5616] 1593. [bug] rndc should return "unknown command" to unknown commands. [RT# 10642] --- 9.2.4rc1 released --- 1592. [bug] configure_view() could leak a dispatch. [RT# 10675] 1591. [bug] libbind: updated to BIND 8.4.5. 1590. [port] netbsd: update thread support. 1588. [bug] win32: TCP sockets could become blocked. [RT #10115] 1587. [bug] dns_message_settsigkey() failed to clear existing key. [RT #10590] 1585. [bug] allow-v6-synthesis was not performing lookups under IP6.INT. allow-v6-synthesis now performs a nibble lookups under IP6.ARPA rather than a bitstring lookups. [RT #10497] NOTE: allow-v6-synthesis has been deprecated. 1584. [bug] "make test" failed with a read only source tree. [RT #10461] 1583. [bug] Records add via UPDATE failed to get the correct trust level. [RT #10452] 1582. [bug] rrset-order failed to work on RRsets with more than 32 elements. [RT #10381] 1580. [bug] Zone destruction on final detach takes a long time. [RT #3746] 1579. [bug] Multiple task managers could not be created. 1578. [bug] Don't use CLASS E IPv4 addresses when resolving. [RT #10346] 1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug workaround code. [RT #10331] 1576. [bug] Race condition in dns_dispatch_addresponse(). [RT# 10272] 1574. [bug] Don't attempt to open the controls socket(s) when running tests. [RT #9091] 1573. [port] linux: update to libtool 1.5.2 so that "make install DESTDIR=/xx" works with "configure --with-libtool". [RT #9941] 1572. [bug] nsupdate: sign the soa query to find the enclosing zone if the server is specified. [RT #10148] 1571. [bug] rbt:hash_node() could fail leaving the hash table in an inconsistent state. [RT #10208] 1570. [bug] nsupdate failed to handle classes other than IN. New keyword 'class' which sets the default class. [RT #10202] 1568. [bug] nsupdate now reports that the update failed in interactive mode. [RT# 10236] 1567. [bug] B.ROOT-SERVERS.NET is now 192.228.79.201. 1566. [port] Support for the cmsg framework on Solaris and HP/UX. This also solved the problem that match-destinations for IPv6 addresses did not work on these systems. [RT #10221] 1563. [bug] Gracefully fail when unable to obtain neither an IPv4 nor an IPv6 dispatch. [RT #10230] 1562. [bug] isc_socket_create() and isc_socket_accept() could leak memory under error conditions. [RT #10230] 1561. [bug] It was possible to release the same name twice if named ran out of memory. [RT #10197] 1559. [port] named should ignore SIGFSZ. 1556. [bug] nsupdate now treats all names as fully qualified. [RT #6427] 1553. [bug] The windows socket code could stop accepting connections. 1552. [bug] Accept NOTIFY requests from mapped masters if matched-mapped is set. [RT #10049] 1551. [port] Open "/dev/null" before calling chroot(). 1550. [port] Call tzset(), if available, before calling chroot(). 1547. [bug] Named wasted memory recording duplicate lame zone entries. [RT #9341] 1546. [bug] We were rejecting valid secure CNAME to negative answers. 1545. [bug] It was possible to leak memory if named was unable to bind to the specified transfer source and TSIG was being used. [RT #10120] 1544. [bug] Named would logged a single entry to a file despite it being over the specified size limit. 1543. [bug] Logging using "versions unlimited" did not work. 1542. [bug] Reversed timestamp sanity test on SIG. [RT #10095] 1540. [bug] "rndc reload " was silently accepted. [RT #8934] 1539. [bug] Open UDP sockets for notify-source and transfer-source that use reserved ports at startup. [RT #9475] 1536. [bug] Windows socket code failed to log a error description when returning ISC_R_UNEXPECTED. [RT #9998] 1535. [bug] dig -x of a partial IPv4 address broken. [RT# 9949] 1534. [bug] Race condition when priming cache. [RT# 9940] 1533. [func] Warn if both "recursion no;" and "allow-recursion" are active. [RT# 4389] 1532. [port] netbsd: the configure test for requires . 1531. [port] AIX more libtool fixes. 1530. [bug] It was possible to trigger a INSIST() failure if a slave master file was removed at just the correct moment. [RT #9462] 1529. [bug] "notify explicit;" failed to log that NOTIFY messages were being sent for the zone. [RT #9442] 1025. [bug] Don't use multicast addresses to resolve iterative queries. [RT #101] --- 9.2.3 released --- 1525. [bug] dns_cache_create() could trigger a REQUIRE failure in isc_mem_put() during error cleanup. 1524. [port] AIX needs to be able to resolve all symbols when creating shared libraries (--with-libtool). 1523. [bug] Fix race condition in rbtdb. [RT# 9189] 1522. [bug] dns_db_findnode() relax the requirements on 'name'. [RT# 9286] 1518. [bug] dns_nxt_buildrdata(), and hence dns_nxt_build(), contained a off-by-one error when working out the number of octets in the bitmap. 1514. [bug] named: isc_hash_destroy() was being called too early. [RT #9160] 1513. [doc] Add "US" to root-delegation-only exclude list. --- 9.2.3rc4 released --- 1512. [bug] Extend the delegation-only logging to return query type, class and responding nameserver. 1511. [bug] delegation-only was generating false positives on negative answers from subzones. --- 9.2.3rc3 released --- 1510. [func] New view option "root-delegation-only". Apply delegation-only check to all TLDs and root. Note there are some TLDs that are NOT delegation only (e.g. DE, LV, US and MUSEUM) these can be excluded from the checks by using exclude. root-delegation-only exclude { "DE"; "LV"; "US"; "MUSEUM"; }; 1509. [bug] Hint zones should accept delegation-only. Forward zone should not accept delegation-only. 1508. [bug] Don't apply delegation-only checks to answers from forwarders. 1507. [bug] Handle BIND 8 style returns to NS queries to parents when making delegation-only checks. 1506. [bug] Wrong return type for dns_view_isdelegationonly(). --- 9.2.3rc2 released --- 1505. [bug] Uninitialized rdataset in sdb. [RT #8750] 1504. [func] New zone type "delegation-only". 1503. [port] win32: install libeay32.dll outside of system32. --- 9.2.3rc1 released --- 1499. [bug] isc_random need to be seeded better if arc4random() is not used. 1498. [port] bsdos: 5.x support. 1497. [protocol] dig, nslookup and host now perform nibble lookups under IP6.ARPA, use -i for IP6.INT (dig and host). lwres now uses IP6.ARPA. 1496. [port] test for pthread_attr_setstacksize(). 1495. [cleanup] Replace hash functions with universal hash. 1494. [security] Turn on RSA BLINDING as a precaution. 1493. [doc] A6 and "bitstring" labels are now experimental. 1492. [cleanup] Preserve rwlock quota context when upgrading / downgrading. [RT #5599] 1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN lines. [RT #6206] 1490. [bug] Accept reading state as well as working state in ns_client_next(). [RT #6813] 1489. [compat] Treat 'allow-update' on slave zones as a warning. [RT #3469] 1488. [bug] Don't override trust levels for glue addresses. [RT #5764] 1487. [bug] A REQUIRE() failure could be triggered if a zone was queued for transfer and the zone was then removed. [RT #6189] 1486. [bug] isc_print_snprintf() '%%' consumed one too many format characters. [RT# 8230] 1485. [bug] gen failed to handle high type values. [RT #6225] 1484. [bug] The number of records reported after a AXFR was wrong. [RT #6229] 1483. [bug] dig axfr failed if the message id in the answer failed to match that in the request. Only the id in the first message is required to match. [RT #8138] 1482. [bug] named could fail to start if the kernel supports IPv6 but no interfaces are configured. Similarly for IPv4. [RT #6229] 1481. [bug] Refresh and stub queries failed to use masters keys if specified. [RT #7391] 1480. [bug] Provide replay protection for rndc commands. Full replay protection requires both rndc and named to be updated. Partial replay protection (limited exposure after restart) is provided if just named is updated. 1479. [bug] cfg_create_tuple() failed to handle out of memory cleanup. parse_list() would leak memory on syntax errors. 1478. [port] ifconfig.sh didn't account for other virtual interfaces. It now takes a optional argument to specify the first interface number. [RT #3907] 1477. [bug] memory leak using stub zones and TSIG. 1476. [port] win32: port unreachables were blocking further i/o on sockets (Windows 2000 SP2 and later). 1473. [bug] create_map() and create_string() failed to handle out of memory cleanup. [RT #6813] 1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit. 1471. [bug] libbind: updated to BIND 8.4.0. 1470. [bug] Incorrect length passed to snprintf. [RT #5966] 1466. [bug] lwresd configuration errors resulted in memory and lock leaks. [RT #5228] 1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer() failed to check that trailing bits were zero allowing some invalid base64 strings to be accepted. [RT #5397] 1464. [bug] Preserve "out of zone" data for outgoing zone transfers. [RT #5192] 1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad NXT bit maps. [RT #5577] 1462. [bug] parse_sizeval() failed to check the token type. [RT #5586] 1461. [bug] Remove deadlock from rbtdb code. [RT #5599] 1460. [bug] inet_pton() failed to reject certain malformed IPv6 literals. 1459. [bug] win32: we were leaking a bits in the exception fd_set resulting in "Socket operation on non-socket" errors from select(). [RT #2966] 1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer. 1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298] 1452. [bug] Bad #ifdef, ISC_RFC2335 -> ISC_RFC2535. 1451. [bug] rndc-confgen didn't exit with a error code for all failures. [RT #5209] 1450. [bug] Fetching expired glue failed under certain circumstances. [RT #5124] 1449. [bug] query_addbestns() didn't handle running out of memory gracefully. 1448. [bug] Handle empty wildcards labels. 1447. [bug] We were casting (unsigned int) to and from (void *). rdataset->private4 is now rdataset->privateuint4 to reflect a type change. 1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has been replaced with DNS_ADBFIND_STARTATZONE which causes the search to start using the closest zone. 1439. [bug] Named could return NOERROR with certain NOTIFY failures. Return NOTAUTH if the NOTIFY zone is not being served. 1435. [bug] zmgr_resume_xfrs() was being called read locked rather than write locked. zmgr_resume_xfrs() was not being called if the zone was being shutdown. 1437. [bug] Leave space for stdio to work in. [RT #5033] 1434. [bug] "rndc reconfig" failed to initiate the initial zone transfer of new slave zones. 1431. [bug] isc_print_snprintf() "%s" with precision could walk off end of argument. [RT #5191] 1429. [bug] Prevent the cache getting locked to old servers. 1424. [bug] EDNS version not being correctly printed. 1423. [contrib] queryperf: added A6 and SRV. 1420. [port] solaris: work around gcc optimizer bug. 1419. [port] openbsd: use /dev/arandom. [RT #4950] 1418. [bug] 'rndc reconfig' did not cause new slaves to load. 1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN. [RT #4715] 1411. [bug] empty nodes should stop wildcard matches. [RT #4802] 1408. [bug] "make distclean" was not complete. [RT #4700] 1407. [bug] lfsr incorrectly implements the shift register. [RT #4617] 1406. [bug] dispatch initializes one of the LFSR's with a incorrect polynomial. [RT #4617] 1405. [func] Use arc4random() if available. 1401. [bug] adb wasn't clearing state when the timer expired. 1399. [bug] Use serial number arithmetic when testing SIG timestamps. [RT #4268] 1397. [bug] J.ROOT-SERVERS.NET is now 192.58.128.30. 1389. [bug] named could fail to rotate long log files. [RT #3666] 1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before defining HAVE_IFLIST_SYSCTL. [RT #3770] 1387. [bug] named could crash due to an access to invalid memory space (which caused an assertion failure) in incremental cleaning. [RT #3588] 1385. [bug] Setting serial-query-rate to 10 would trigger a REQUIRE failure. 1384. [bug] host was incompatible with BIND 8 in its exit code and in the output with the -l option. [RT #3536] 1373. [bug] Recovery from expired glue failed under certain circumstances. 1372. [bug] named crashes with an assertion failure on exit when sharing the same port for listening and querying, and changing listening addresses several times. [RT# 3509] 1370. [bug] dig '+[no]recurse' was incorrectly documented. 1369. [bug] Adding an NS record as the lexicographically last record in a secure zone didn't work. 1366. [contrib] queryperf usage was incomplete. Add '-h' for help. 1348. [port] win32: Rewrote code to use I/O Completion Ports in socket.c and eliminating a host of socket errors. Performance is enhanced. 1333. [contrib] queryperf now reports a summary of returned rcodes (-c), rcodes are printed in mnemonic form (-v). 1299. [bug] Set AI_ADDRCONFIG when looking up addresses via getaddrinfo() (affects dig, host, nslookup, rndc and nsupdate). 1199. [doc] ARM reference to RFC 2157 should have been RFC 1918. [RT #2436] 1122. [tuning] Resolution timeout reduced from 90 to 30 seconds. [RT #2046] 992. [doc] dig: ~/.digrc is now documented. --- 9.2.2 released --- 1428. [port] hpux: temporary work around of hpux 11.11 interface scanning. 1427. [bug] Race condition in adb with threaded build. 1426. [cleanup] Disable RFC2535 style DNSSEC. This is incompatible with the forthcoming DS style DNSSEC. 1425. [port] linux/libbind: define __USE_MISC when testing *_r() function prototypes in netdb.h. [RT #4921] 1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't have a working implementation. [RT #4079] 1382. [bug] make install failed with --enable-libbind. [RT #3656] 1381. [bug] named failed to correctly process answers that contained DNAME records where the resulting CNAME resulted in a negative answer. --- 9.2.2rc1 released --- 1360. [bug] --enable-libbind would fail when not built in the source tree for certain OS's. 1359. [security] Support patches OpenSSL libraries. http://www.cert.org/advisories/CA-2002-23.html 1358. [bug] It was possible to trigger a INSIST when debugging large dynamic updates. [RT #3390] 1357. [bug] nsupdate was extremely wasteful of memory. 1356. [tuning] Reduce the number of events / quantum for zone tasks. 1354. [doc] lwres man pages had illegal nroff. 1353. [contrib] sdb/ldap to version 0.9. 1352. [bug] dig, host, nslookup when falling back to TCP use the current search entry (if any). [RT #3374] 1351. [bug] lwres_getipnodebyname() returned the wrong name when given a IPv4 literal, af=AF_INET6 and AI_MAPPED was set. 1350. [bug] dns_name_fromtext() failed to handle too many labels gracefully. 1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a). http://www.cert.org/advisories/CA-2002-23.html 1346. [bug] Win32: select timeout in socket.c was too small as value given was meant to be milliseconds and timeval structure requires microseconds. This caused high CPU loads with a compute bound loop. [RT #3358] 1345. [port] Use a explicit -Wformat with gcc. Not all versions include it in -Wall. 1340. [bug] Delay and spread out the startup refresh load. 1335. [bug] When performing a nonexistence proof, the validator should discard parent NXTs from higher in the DNS. 1334. [bug] When signing/verifying rdatasets, duplicate rdatas need to be suppressed. 1330. [bug] When processing events (non-threaded) only allow the task one chance to use to use its quantum. 1327. [bug] The validator would incorrectly mark data as insecure when seeing a bogus signature before a correct signature. 1326. [bug] DNAME/CNAME signatures were not being cached when validation was not being performed. [RT #3284] 1325. [bug] If the tcpquota was exhausted it was possible to to trigger a INSIST() failure. 1324. [port] darwin: ifconfig.sh now supports darwin. 1323. [port] linux: Slackware 4.0 needs . [RT #3205] 1320. [doc] query-source-v6 was missing from options section. [RT #3218] 1319. [func] libbind: log attempts to exploit #1318. 1318. [bug] libbind: Remote buffer overrun. 1317. [port] libbind: TrueUNIX 5.1 does not like __align as a element name. 1316. [bug] libbind: gethostans() could get out of sync parsing the response if there was a very long CNAME chain. 1315. [bug] Options should apply to the internal _bind view. 1314. [port] Handle ECONNRESET from sendmsg() [unix]. 1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159] 1310. [bug] 'rndc stop' failed to cause zones to be flushed sometimes. [RT #3157] 1307. [bug] nsupdate: allow white space base64 key data. 1306. [bug] Badly encoded LOC record when the size, horizontal precision or vertical precision was 0.1m. 1305. [bug] Document that internal zones are included in the rndc status results. 1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile could be left with a trailing "\" after configure has been run. 1297. [port] linux: make handling EINVAL from socket() no longer conditional on #ifdef LINUX. 1296. [bug] isc_log_closefilelogs() needed to lock the log context. 1295. [bug] isc_log_setdebuglevel() needed to lock the log context. 1294. [func] libbind: no longer attempts bit string labels for IPv6 reverse resolution. Try IP6.ARPA then IP6.INT for nibble style resolution. 1289. [port] See if -ldl is required for OpenSSL? [RT #2672] 1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better reflect written requirements. 1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding a rdataset to a zone db in the rbtdb implementation of addrdataset. 1286. [bug] dns_name_downcase() enforce requirement that target != NULL or name->buffer != NULL. 1284. [bug] The RTT estimate on unused servers was not aged. [RT #2569] 1282. [port] libbind: hpux 11.11 interface scanning. 1280. [bug] libbind: escape '(' and ')' when converting to presentation form. 1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590] 1276. [bug] libbind: const pointer conflicts in res_debug.c. 1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN. 1274. [bug] Memory leak in lwres_gnbarequest_parse(). 1273. [port] libbind: solaris: 64 bit binary compatibility. 1272. [contrib] Berkeley DB 4.0 sdb implementation from Nuno Miguel Rodrigues . 1270. [bug] Check that system inet_pton() and inet_ntop() support AF_INET6. 1269. [port] Openserver: ifconfig.sh support. 1268. [port] Openserver: the value FD_SETSIZE depends on whether is included or not. Be consistent. 1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE, __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE are not C++ compatible, use *_TYPE versions instead. 1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with C++, use LINK_INIT_TYPE and UNLINK_TYPE instead. 1263. [bug] Reference after free error if dns_dispatchmgr_create() failed. 1262. [bug] ns_server_destroy() failed to set *serverp to NULL. 1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide support for compressed TSIG owner names. 1260. [func] libbind: res_update can now update IPv6 servers, new function res_findzonecut2(). 1259. [bug] libbind: get_salen() IPv6 support was broken for OSs w/o sa_len. 1258. [bug] libbind: res_nametotype() and res_nametoclass() were broken. 1257. [bug] Failure to write pid-file should not be fatal on reload. [RT #2861] 1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support. 1255. [bug] When verifying that an NXT proves nonexistence, check the rcode of the message and only do the matching NXT check. That is, for NXDOMAIN responses, check that the name is in the range between the NXT owner and next name, and for NOERROR NODATA responses, check that the type is not present in the NXT bitmap. 1253. [bug] The dnssec system test failed to remove the correct files. 1252. [bug] Dig, host and nslookup were not checking the address the answer was coming from against the address it was sent to. [RT# 2692] 1248. [bug] DESTDIR was not being propagated between makes. 1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for accept(). 1242. [bug] named-checkzone failed if a journal existed. [RT #2657] 1241. [bug] Drop received UDP messages with a zero source port as these are invariably forged. [RT #2621] 1209. [bug] Dig, host, nslookup were not checking the message ids on the responses. [RT #2454] 1097. [func] libbind: RES_PRF_TRUNC for dig. 1096. [func] libbind: "DNSSEC OK" (DO) support. 1095. [func] libbind: resolver option: no-tld-query. disables trying unqualified as a tld. no_tld_query is also supported for FreeBSD compatibility. 1094. [func] libbind: add support gcc's format string checking. 1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6 support. --- 9.2.1 released --- 1251. [port] win32: a make file contained absolute version specific references. 1249. [bug] Missing masters clause was not handled gracefully. [RT #2703] 1244. [bug] Receiving a TCP message from a blackhole address would prevent further messages being received over that interface. 1178. [bug] Follow and cache (if appropriate) A6 and other data chains to completion in the additional section. --- 9.2.1rc2 released --- 1240. [bug] It was possible to leak zone references by specifying an incorrect zone to rndc. 1239. [bug] Under certain circumstances named could continue to use a name after it had been freed triggering INSIST() failures. [RT #2614] 1238. [bug] It is possible to lockup the server when shutting down if notifies were being processed. [RT #2591] 1237. [bug] nslookup: "set q=type" failed. 1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non NULL terminated text regions. [RT #2588] 1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL. 1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL. 1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken. 1229. [bug] named would crash if it received a TSIG signed query as part of an AXFR response. [RT #2570] 1228. [bug] 'make install' did not depend on 'make all'. [RT #2559] 1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER if a number was expected and some other token was found. [RT#2532] 1222. [bug] Specifying 'port *' did not always result in a system selected (non-reserved) port being used. [RT #2537] 1221. [bug] Zone types 'master', 'slave' and 'stub' were not being compared case insensitively. [RT #2542] 1218. [bug] Named incorrectly returned SERVFAIL rather than NOTAUTH when there was a TSIG BADTIME error. [RT #2519] 1216. [bug] Multiple server clauses for the same server were not reported. [RT #2514] 1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1 1214. [bug] Win32: isc_file_renameunique() could leave zero length files behind. 1212. [port] libbind: 64k answer buffers were causing stack space to be exceeded for certain OS. Use heap space instead. 1211. [bug] dns_name_fromtext() incorrectly handled certain valid octal bitlabels. [RT #2483] 1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped / compatible addresses. [RT #2461] 1208. [bug] dns_master_load*() failed to log a error message if an error was detected when parsing the ownername of a record. [RT #2448] --- 9.2.1rc1 released --- 1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with an invalid pointer. 1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should trigger a non-EDNS retry. 1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class" of the message. [RT #2449] 1204. [bug] libbind: res_nupdate() failed to update the name server addresses before sending the update. 1201. [bug] Require that if 'callbacks' is passed to dns_rdata_fromtext(), callbacks->error and callbacks->warn are initialized. 1200. [bug] Log 'errno' that we are unable to convert to isc_result_t. [RT #2404] 1198. [bug] OPT printing style was not consistent with the way the header fields are printed. The DO bit was not reported if set. Report if any of the MBZ bits are set. 1197. [bug] Attempts to define the same acl multiple times were not detected. 1196. [contrib] update mdnkit to 2.2.3. 1195. [bug] Attempts to redefine builtin acls should be caught. [RT #2403] 1194. [bug] Not all duplicate zone definitions were being detected at the named.conf checking stage. [RT #2431] 1193. [bug] Best effort parsing didn't handle packet truncation. 1191. [bug] A dynamic update removing the last non-apex name in a secure zone would fail. [RT #2399] 1189. [bug] On some systems, malloc(0) returns NULL, which could cause the caller to report an out of memory error. [RT #2398] 1188. [bug] Dynamic updates of a signed zone would fail if some of the zone private keys were unavailable. 1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the EOL token when reading to end of line. 1185. [bug] libbind: don't assume statp->_u._ext.ext is valid unless RES_INIT is set when calling res_*init(). 1184. [bug] libbind: call res_ndestroy() if RES_INIT is set when res_*init() is called. 1183. [bug] Handle ENOSR error when writing to the internal control pipe. [RT #2395] 1182. [bug] The server could throw an assertion failure when constructing a negative response packet. 1176. [doc] Document that allow-v6-synthesis is only performed for clients that are supplied recursive service. [RT #2260] 1175. [bug] named-checkzone failed to call dns_result_register() at startup which could result in runtime exceptions when printing "out of memory" errors. [RT #2335] 1174. [bug] Win32: add WSAECONNRESET to the expected errors from connect(). [RT #2308] 1173. [bug] Potential memory leaks in isc_log_create() and isc_log_settag(). [RT #2336] 1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to table of RR types in ARM. 1170. [bug] Don't attempt to print the token when a I/O error occurs when parsing named.conf. [RT #2275] 1168. [bug] Empty also-notify clauses were not handled. [RT #2309] 1167. [contrib] nslint-2.1a3 (from author). 1166. [bug] "Not Implemented" should be reported as NOTIMP, not NOTIMPL. [RT #2281] 1165. [bug] We were rejecting notify-source{-v6} in zone clauses. 1164. [bug] Empty masters clauses in slave / stub zones were not handled gracefully. [RT #2262] 1162. [bug] The allow-notify option was not accepted in slave zone statements. 1161. [bug] named-checkzone looped on unbalanced brackets. [RT #2248] 1160. [bug] Generating Diffie-Hellman keys longer than 1024 bits could fail. [RT #2241] 1156. [port] The configure test for strsep() incorrectly succeeded on certain patched versions of AIX 4.3.3. [RT #2190] 1154. [bug] Don't attempt to obtain the netmask of a interface if there is no address configured. [RT #2176] 1152. [bug] libbind: read buffer overflows. 1144. [bug] rndc-confgen would crash if both the -a and -t options were specified. [RT #2159] 1142. [bug] dnssec-signzone would fail to delete temporary files in some failure cases. [RT #2144] 1141. [bug] When named rejected a control message, it would leak a file descriptor and memory. It would also fail to respond, causing rndc to hang. [RT #2139, #2164] 1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments to the -s option. [RT #2138] 1136. [bug] CNAME records synthesized from DNAMEs did not have a TTL of zero as required by RFC2672. [RT #2129] 1125. [bug] rndc: -k option was missing from usage message. [RT #2057] 1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail are now documented. [RT #2052] 1123. [bug] dig +[no]fail did not match description. [RT #2052] 1109. [bug] nsupdate accepted illegal ttl values. 1108. [bug] On Win32, rndc was hanging when named was not running due to failure to select for exceptional conditions in select(). [RT #1870] 1081. [bug] Multicast queries were incorrectly identified based on the source address, not the destination address. 1072. [bug] The TCP client quota could be exceeded when recursion occurred. [RT #1937] 1071. [bug] Sockets listening for TCP DNS connections specified an excessive listen backlog. [RT #1937] 1070. [bug] Copy DNSSEC OK (DO) to response as specified by draft-ietf-dnsext-dnssec-okbit-03.txt. 1014. [bug] Some queries would cause statistics counters to increment more than once or not at all. [RT #1321] 1012. [bug] The -p option to named did not behave as documented. 988. [bug] 'additional-from-auth no;' did not work reliably in the case of queries answered from the cache. [RT #1436] 995. [bug] dig, host, nslookup: using a raw IPv6 address as a target address should be fatal on a IPv4 only system. --- 9.2.0 released ---