Subject: CVS commit: pkgsrc/net/bind9-current
To: None <pkgsrc-changes@netbsd.org>
From: Jun-ichiro itojun Hagino <itojun@netbsd.org>
List: pkgsrc-changes
Date: 08/26/2002 14:26:13
Module Name: pkgsrc
Committed By: itojun
Date: Mon Aug 26 11:26:12 UTC 2002
Added Files:
pkgsrc/net/bind9-current: DESCR Makefile PLIST distinfo
pkgsrc/net/bind9-current/files: lwresd.sh named.sh
pkgsrc/net/bind9-current/patches: patch-ab patch-ac patch-ai
Log Message:
pkgsrc for bind-9.3.0 snapshot (20020724).
1335. [bug] When performing a nonexistence proof, the validator
should discard parent NXTs from higher in the DNS.
1334. [bug] When signing/verifying rdatasets, duplicate rdatas
need to be suppressed.
1333. [contrib] queryperf now reports a summary of returned
rcodes (-c), rcodes are printed in mnemonic form (-v).
1332. [func] Report the current serial with periodic commits when
rolling forward the journal.
1331. [func] Generate DNSSEC wildcard proofs.
1330. [bug] When processing events (non-threaded) only allow
the task one chance to use to use its quantum.
1329. [func] named-checkzone will now check if nameservers that
appear to be IP addresses. Available modes "fail",
"warn" (default) and "ignore" the results of the
check.
1328. [bug] The validator could incorrectly verify an invalid
negative proof.
1327. [bug] The validator would incorrectly mark data as insecure
when seeing a bogus signature before a correct
signature.
1326. [bug] DNAME/CNAME signatures were not being cached when
validation was not being performed. [RT #3284]
1325. [bug] If the tcpquota was exhausted it was possible to
to trigger a INSIST() failure.
1324. [port] darwin: ifconfig.sh now supports darwin.
1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
1322. [bug] dnssec-signzone usage message was misleading.
1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
would incorrectly duplicate its output and sign it.
1320. [doc] query-source-v6 was missing from options section.
[RT #3218]
1319. [func] libbind: log attempts to exploit #1318.
1318. [bug] libbind: Remote buffer overrun.
1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
element name.
1316. [bug] libbind: gethostans() could get out of sync parsing
the response if there was a very long CNAME chain.
1315. [bug] Options should apply to the internal _bind view.
1314. [port] Handle ECONNRESET from sendmsg() [unix].
1313. [func] Query log now says if the query was signed (S) or
if EDNS was used (E).
1312. [func] Log TSIG key used w/ outgoing zone transfers.
1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
1310. [bug] 'rndc stop' failed to cause zones to be flushed
sometimes. [RT #3157]
1309. [func] Log that a zone transfer was covered by a TSIG.
1308. [func] DS (delegation signer) support.
1307. [bug] nsupdate: allow white space base64 key data.
1306. [bug] Badly encoded LOC record when the size, horizontal
precision or vertical precision was 0.1m.
1305. [bug] Document that internal zones are included in the
rndc status results.
1304. [func] New function: dns_zone_name().
1303. [func] Option 'flush-zones-on-shutdown <boolean>;'.
1302. [func] Extended rndc dumpdb to support dumping of zones and
view selection: 'dumpdb [-all|-zones|-cache] [view]'.
1301. [func] New category 'update-security'.
1300. [port] Compaq Trucluster support.
1299. [bug] Set AI_ADDRCONFIG when looking up addresses
via getaddrinfo() (affects dig, host, nslookup, rndc
and nsupdate).
1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
could be left with a trailing "\" after configure
has been run.
1297. [port] linux: make handling EINVAL from socket() no longer
conditional on #ifdef LINUX.
1296. [bug] isc_log_closefilelogs() needed to lock the log
context.
1295. [bug] isc_log_setdebuglevel() needed to lock the log
context.
1294. [func] libbind: no longer attempts bit string labels for
IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
for nibble style resolution.
1293. [func] Entropy can now be retrieved from EGDs. [RT #2438]
1292. [func] Enable IPv6 support when using ioctl style interface
scanning and OS supports SIOCGLIFADDR using struct
if_laddrreq.
1291. [func] Enable IPv6 support when using sysctl style interface
scanning.
1290. [func] "dig axfr" now reports the number of messages
as well as the number of records.
1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
reflect written requirements.
1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
a rdataset to a zone db in the rbtdb implementation of
addrdataset.
1286. [bug] dns_name_downcase() enforce requirement that
target != NULL or name->buffer != NULL.
1285. [func] lwres: probe the system to see what address families
are currently in use.
1284. [bug] The RTT estimate on unused servers was not aged.
[RT #2569]
1283. [func] Use "dataready" accept filter if available.
1282. [port] libbind: hpux 11.11 interface scaning.
1281. [func] Log zone when unable to get private keys to update
zone. Log zone when NXT records are missing from
secure zone.
1280. [bug] libbind: escape '(' and ')' when coverting to
presentation form.
1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
1278. [func] dig: now supports +[no]cl +[no]ttlid.
1277. [func] You can now create your own customised printing
styles: dns_master_stylecreate() and
dns_master_styledestroy().
1276. [bug] libbind: const pointer conficts in res_debug.c.
1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
1274. [bug] Memory leak in lwres_gnbarequest_parse().
1273. [port] libbind: solaris: 64 bit binary compatability.
1272. [contrib] Berkeley DB 4.0 sdb implementation from
Nuno Miguel Rodrigues <nmr@co.sapo.pt>.
1271. [bug] "recursion available: {denied,approved}" was too
confusing.
1270. [bug] Check that system inet_pton() and inet_ntop() support
AF_INET6.
1269. [port] Openserver: ifconfig.sh support.
1268. [port] Openserver: the value FD_SETSIZE depends on whether
<sys/param.h> is included or not. Be consistant.
1267. [func] isc_file_openunique() now creates file using mode
0666 rather than 0600.
1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
__ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
are not C++ compatible, use *_TYPE versions instead.
1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
1264. [placeholder]
1263. [bug] Reference after free error if dns_dispatchmgr_create()
failed.
1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
support for compressed TSIG owner names.
1260. [func] libbind: res_update can now update IPv6 servers,
new function res_findzonecut2().
1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
w/o sa_len.
1258. [bug] libbind: res_nametotype() and res_nametoclass() were
broken.
1257. [bug] Failure to write pid-file should not be fatal on
reload. [RT #2861]
1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
1255. [bug] When verifying that an NXT proves nonexistence, check
the rcode of the message and only do the matching NXT
check. That is, for NXDOMAIN responses, check that
the name is in the range between the NXT owner and
next name, and for NOERROR NODATA responses, check
that the type is not present in the NXT bitmap.
1254. [func] preferred-glue option from BIND 8.3.
1253. [bug] The dnssec system test failed to remove the correct
files.
1252. [bug] Dig, host and nslookup were not checking the address
the answer was coming from against the address it was
sent to. [RT# 2692]
1251. [port] win32: a make file contained absolute version specific
references.
1250. [func] Nsupdate will report the address the update was
sent to.
1249. [bug] Missing masters clause was not handled gracefully.
[RT #2703]
1248. [bug] DESTDIR was not being propogated between makes.
1247. [bug] Don't reset the interface index for link/site local
addresses. [RT #2576]
1246. [func] New functions isc_sockaddr_issitelocal(),
isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
and isc_netaddr_islinklocal().
1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
accept().
1244. [bug] Receiving a TCP message from a blackhole address would
prevent further messages being received over that
interface.
1243. [bug] It was possible to trigger a REQUIRE() in
dns_message_findtype(). [RT #2659]
1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
1241. [bug] Drop received UDP messsages with a zero source port
as these are invariably forged. [RT #2621]
1240. [bug] It was possible to leak zone references by
specifying an incorrect zone to rndc.
1239. [bug] Under certain circumstances named could continue to
use a name after it had been freed triggering
INSIST() failures. [RT #2614]
1238. [bug] It is possible to lockup the server when shutting down
if notifies were being processed. [RT #2591]
1237. [bug] nslookup: "set q=type" failed.
1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
NULL terminated text regions. [RT #2588]
1235. [func] Report 'out of memory' errors from openssl.
1234. [bug] contrib/sdb: 'zonetodb' failed to call
dns_result_register(). DNS_R_SEENINCLUDE should not
be fatal.
1233. [bug] The flags field of a KEY record can be expressed in
hex as well as decimal.
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
1229. [bug] named would crash if it received a TSIG signed
query as part of an AXFR response. [RT #2570]
1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
if a number was expected and some other token was
found. [RT#2532]
1226. [func] Use EDNS for zone refresh queries. [RT #2551]
1225. [func] dns_message_setopt() no longer requires that
dns_message_renderbegin() to have been called.
1224. [bug] 'rrset-order' and 'sortlist' should be additive
not exclusive.
1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
are supported.
1222. [bug] Specifying 'port *' did not always result in a system
selected (non-reserved) port being used. [RT #2537]
1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
compared case insensitively. [RT #2542]
1220. [func] Support for APL rdata type.
1219. [func] Named now reports the TSIG extended error code when
signature verification fails. [RT #1651]
1218. [bug] Named incorrectly returned SERVFAIL rather than
NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
1217. [func] Report locations of previous key definition when a
duplicate is detected.
1216. [bug] Multiple server clauses for the same server were not
reported. [RT #2514]
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
1214. [bug] Win32: isc_file_renameunique() could leave zero length
files behind.
1213. [func] Report view associated with client if it is not a
standard view (_default or _bind).
1212. [port] libbind: 64k answer buffers were causing stack space
to be exceeded for certain OS. Use heap space instead.
1211. [bug] dns_name_fromtext() incorrectly handled certain
valid octal bitlabels. [RT #2483]
1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
compatible addresses. [RT #2461]
1209. [bug] Dig, host, nslookup were not checking the message ids
on the responses. [RT #2454]
1208. [bug] dns_master_load*() failed to log a error message if
an error was detected when parsing the ownername of
a record. [RT #2448]
1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
an invalid pointer.
1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
trigger a non-EDNS retry.
1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
of the message. [RT #2449]
1204. [bug] libbind: res_nupdate() failed to update the name
server addresses before sending the update.
1203. [func] Report locations of previous acl and zone definitions
when a duplicate is detected.
1202. [func] New functions: cfg_obj_line() and cfg_obj_file().
1201. [bug] Require that if 'callbacks' is passed to
dns_rdata_fromtext(), callbacks->error and
callbacks->warn are initialized.
1200. [bug] Log 'errno' that we are unable to convert to
isc_result_t. [RT #2404]
1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
[RT #2436]
1198. [bug] OPT printing style was not consistant with the way the
header fields are printed. The DO bit was not reported
if set. Report if any of the MBZ bits are set.
1197. [bug] Attempts to define the same acl multiple times were not
detected.
1196. [contrib] update mdnkit to 2.2.3.
1195. [bug] Attempts to redefine builtin acls should be caught.
[RT #2403]
1194. [bug] Not all duplicate zone definitions were being detected
at the named.conf checking stage. [RT #2431]
1193. [bug] dig +besteffort parsing didn't handle packet
truncation. dns_message_parse() has new flag
DNS_MESSAGE_IGNORETRUNCATION.
1192. [bug] The seconds fields in LOC records were restricted
to three decimal places. More decimal places should
be allowed but warned about.
1191. [bug] A dynamic update removing the last non-apex name in
a secure zone would fail. [RT #2399]
1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands.
[RT #2394]
1189. [bug] On some systems, malloc(0) returns NULL, which
could cause the caller to report an out of memory
error. [RT #2398]
1188. [bug] Dynamic updates of a signed zone would fail if
some of the zone private keys were unavailable.
1187. [bug] named was incorrectly returning DNSSEC records
in negative responses when the DO bit was not set.
1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
EOL token when reading to end of line.
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
unless RES_INIT is set when calling res_*init().
1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
when res_*init() is called.
1183. [bug] Handle ENOSR error when writing to the internal
control pipe. [RT #2395]
1182. [bug] The server could throw an assertion failure when
constructing a negative response packet.
1181. [func] Add the "key-directory" configuration statement,
which allows the server to look for online signing
keys in alternate directories.
1180. [func] dnssec-keygen should always generate keys with
protocol 3 (DNSSEC), since it's less confusing
that way.
1179. [func] Add SIG(0) support to nsupdate.
1178. [func] Follow and cache (if appropriate) A6 and other
data chains to completion in the additional section.
1177. [func] Report view when loading zones if it is not a
standard view (_default or _bind). [RT #2270]
1176. [doc] Document that allow-v6-synthesis is only performed
for clients that are supplied recursive service.
[RT #2260]
1175. [bug] named-checkzone and named-checkconf failed to call
dns_result_register() at startup which could
result in runtime exceptions when printing
"out of memory" errors. [RT #2335]
1174. [bug] Win32: add WSAECONNRESET to the expected errors
from connect(). [RT #2308]
1173. [bug] Potential memory leaks in isc_log_create() and
isc_log_settag(). [RT #2336]
1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
table of RR types in ARM.
1171. [func] Added function isc_region_compare(), updated files in
lib/dns to use this function instead of local one.
1170. [bug] Don't attempt to print the token when a I/O error
occurs when parsing named.conf. [RT #2275]
1169. [func] Identify recursive queries in the query log.
1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
1167. [contrib] nslint-2.1a3 (from author).
1166. [bug] "Not Implemented" should be reported as NOTIMP,
not NOTIMPL. [RT #2281]
1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
1164. [bug] Empty masters clauses in slave / stub zones were not
handled gracefully. [RT #2262]
1163. [func] isc_time_formattimestamp() now includes the year.
1162. [bug] The allow-notify option was not accepted in slave
zone statements.
1161. [bug] named-checkzone looped on unbalanced brackets.
[RT #2248]
1160. [bug] Generating Diffie-Hellman keys longer than 1024
bits could fail. [RT #2241]
1159. [bug] MD and MF are not permitted to be loaded by RFC1123.
1158. [func] Report the client's address when logging notify
messages.
1157. [func] match-clients and match-destinations now accept
keys. [RT #2045]
1156. [port] The configure test for strsep() incorrectly
succeeded on certain patched versions of
AIX 4.3.3. [RT #2190]
1155. [func] Recover from master files being removed from under
us.
1154. [bug] Don't attempt to obtain the netmask of a interface
if there is no address configured. [RT #2176]
1153. [func] 'rndc {stop|halt} -p' now reports the process id
of the instance of named being shutdown.
1152. [bug] libbind: read buffer overflows.
1151. [bug] nslookup failed to check that the arguments to
the port, timeout, and retry options were
valid integers and in range. [RT #2099]
1150. [bug] named incorrectly accepted TTL values
containing plus or minus signs, such as
1d+1h-1s.
1149. [func] New function isc_parse_uint32().
1148. [func] 'rndc-confgen -a' now provides positive feedback.
1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by
the OS. listen-on-v6 { any; }; should no longer
result in IPv4 queries be accepted. Similarly
control { inet :: ... }; should no longer result
in IPv4 connections being accepted. This can be
overridden at compile time by defining
ISC_ALLOW_MAPPED=1.
1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
supported by the OS by a new function
isc_socket_ipv6only().
1145. [func] "host" no longer reports a NOERROR/NODATA response
by printing nothing. [RT #2065]
1144. [bug] rndc-confgen would crash if both the -a and -t
options were specified. [RT #2159]
1143. [bug] When a trusted-keys statement was present and named
was built without crypto support, it would leak memory.
1142. [bug] dnssec-signzone would fail to delete temporary files
in some failure cases. [RT #2144]
1141. [bug] When named rejected a control message, it would
leak a file descriptor and memory. It would also
fail to respond, causing rndc to hang.
[RT #2139, #2164]
1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
to the -s option. [RT #2138]
1139. [func] It is now possible to flush a given name from the
cache(s) via 'rndc flushname name [view]'. [RT #2051]
1138. [func] It is now possible to flush a given name from the
cache by calling the new function
dns_cache_flushname().
1137. [func] It is now possible to flush a given name from the
ADB by calling the new function dns_adb_flushname().
1136. [bug] CNAME records synthesized from DNAMEs did not
have a TTL of zero as required by RFC2672.
[RT #2129]
1135. [func] You can now override the default syslog() facility for
named/lwresd at compile time. [RT #1982]
1134. [bug] Multithreaded servers could deadlock in ferror()
when reloading zone files. [RT #1951, #1998]
1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on
platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]
1132. [func] Improve UPDATE prerequisite failure diagnotic messages.
1131. [bug] The match-destinations view option did not work with
IPv6 destinations. [RT #2073, #2074]
1130. [bug] Log messages reporting an out-of-range serial number
did not include the out-of-range number but the
following token. [RT #2076]
1129. [bug] Multithreaded servers could crash under heavy
resolution load due to a race condition. [RT #2018]
1128. [func] sdb drivers can now provide RR data in either text
or wire format, the latter using the new functions
dns_sdb_putrdata() and dns_sdb_putnamedrdata().
1127. [func] rndc: If the server to contact has multiple addresses,
try all of them.
1126. [bug] The server could access a freed event if shut
down while a client start event was pending
delivery. [RT #2061]
1125. [bug] rndc: -k option was missing from usage message.
[RT #2057]
1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
are now documented. [RT #2052]
1123. [bug] dig +[no]fail did not match description. [RT #2052]
1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
[RT #2046]
1121. [bug] The server could attempt to access a NULL zone
table if shut down while resolving.
[RT #1587, #2054]
1120. [bug] Errors in options were not fatal. [RT #2002]
1119. [func] Added support in Win32 for NTFS file/directory ACL's
for access control.
1118. [bug] On multithreaded servers, a race condition
could cause an assertion failure in resolver.c
during resolver shutdown. [RT #2029]
1117. [port] The configure check for in6addr_loopback incorrectly
succeeded on AIX 4.3 when compiling with -O2
because the test code was optimized away.
[RT #2016]
1116. [bug] Setting transfers in a server clause, transfers-in,
or transfers-per-ns to a value greater than
2147483647 disabled transfers. [RT #2002]
1115. [func] Set maximum values for cleaning-interval,
heartbeat-interval, interface-interval,
max-transfer-idle-in, max-transfer-idle-out,
max-transfer-time-in, max-transfer-time-out,
statistics-interval of 28 days and
sig-validity-interval of 3660 days. [RT #2002]
1114. [port] Ignore more accept() errors. [RT #2021]
1113. [bug] The allow-update-forwarding option was ignored
when specified in a view. [RT #2014]
1112. [placeholder]
1111. [bug] Multithreaded servers could deadlock processing
recursive queries due to a locking hieararchy
violation in adb.c. [RT #2017]
1110. [bug] dig should only accept valid abbreviations of +options.
[RT #2003]
1109. [bug] nsupdate accepted illegal ttl values.
1108. [bug] On Win32, rndc was hanging when named was not running
due to failure to select for exceptional conditions
in select(). [RT #1870]
1107. [bug] nsupdate could catch an assertion failure if an
invalid domain name was given as the argument to
the "zone" command.
1106. [bug] After seeing an out of range TTL, nsupdate would
treat all TTLs as out of range. [RT #2001]
1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
1104. [bug] Invalid arguments to the transfer-format option
could cause an assertion failure. [RT #1995]
1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
1102. [doc] Note that query logging is enabled by directing the
queries category to a channel.
1101. [bug] Array bounds read error in lwres_gai_strerror.
1100. [bug] libbind: DNSSEC key ids were computed incorrectly.
1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
compile time errors.
1098. [bug] libbind: HMAC-MD5 key files are now mode 0600.
1097. [func] libbind: RES_PRF_TRUNC for dig.
1096. [func] libbind: "DNSSEC OK" (DO) support.
1095. [func] libbind: resolver option: no-tld-query. disables
trying unqualified as a tld. no_tld_query is also
supported for FreeBSD compatability.
1094. [func] libbind: add support gcc's format string checking.
1093. [doc] libbind: miscellaneous nroff fixes.
1092. [bug] libbind: get*by*() failed to check if res_init() had
been called.
1091. [bug] libbind: misplaced va_end().
1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
the amount of memory consumed resulting in garbage
address being returned. Alignment calculations were
wasting space. We weren't suppressing duplicate
addresses.
1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
support.
1088. [port] libbind: MPE/iX C.70 (incomplete)
1087. [bug] libbind: struct __res_state too large on 64 bit arch.
1086. [port] libbind: sunos: old sprintf.
1085. [port] libbind: solaris: sys_nerr and sys_errlist do not
exist when compiling in 64 bit mode.
1084. [cleanup] libbind: gai_strerror() re-written.
1083. [bug] The default control channel listened on the
wildcard adress, not the loopback as documented.
[RT #1975]
1082. [bug] The -g option to named incorrectly caused logging
to be sent to syslog in addition to stderr.
[RT #1974]
1081. [bug] Multicast queries were incorrectly identified
based on the source address, not the destination
address.
1080. [bug] BIND 8 compatibility: accept bare IP prefixes
as the second element of a two-element top level
sort list statement. [RT #1964]
1079. [bug] BIND 8 compatibility: accept bare elements at top
level of sort list treating them as if they were
a single element list. [RT #1963]
1078. [bug] We failed to correct bad tv_usec values in one case.
[RT #1966]
1077. [func] Do not accept further recursive clients when
the total number of of recursive lookups being
processed exceeds max-recursive-clients, even
if some of the lookups are internally generated.
[RT #1915, #1938]
1076. [bug] A badly defined global key could trigger an assertion
on load/reload if views were used. [RT #1947]
1075. [bug] Out-of-range network prefix lengths were not
reported. [RT #1954]
1074. [bug] Running out of memory in dump_rdataset() could
cause an assertion failure. [RT #1946]
1073. [bug] The ADB cache cleaning should also be space driven.
[RT #1915, #1938]
1072. [bug] The TCP client quota could be exceeded when
recursion occurred. [RT #1937]
1071. [bug] Sockets listening for TCP DNS connections
specified an excessive listen backlog. [RT #1937]
1070. [bug] Copy DNSSEC OK (DO) to response as specified by
draft-ietf-dnsext-dnssec-okbit-03.txt.
1069. [placeholder]
1068. [bug] errno could be overwritten by catgets(). [RT #1921]
1067. [func] Allow quotas to be soft, isc_quota_soft().
1066. [bug] Provide a thread safe wrapper for strerror().
[RT #1689]
1065. [func] Runtime support to select new / old style interface
scanning using ioctls.
1064. [bug] Do not shut down active network interfaces if we
are unable to scan the interface list. [RT #1921]
1063. [bug] libbind: "make install" was failing on IRIX.
[RT #1919]
1062. [bug] If the control channel listener socket was shut
down before server exit, the listener object could
be freed twice. [RT #1916]
1061. [bug] If periodic cache cleaning happened to start
while cleaning due to reaching the configured
maximum cache size was in progress, the server
could catch an assertion failure. [RT #1912]
1060. [func] Move refresh, stub and notify UDP retry processing
into dns_request.
1059. [func] dns_request now support will now retry UDP queries,
dns_request_createvia2() and dns_request_createraw2().
1058. [func] Limited lifetime ticker timers are now available,
isc_timertype_limited.
1057. [bug] Reloading the server after adding a "file" clause
to a zone statement could cause the server to
crash due to a typo in change 1016.
1056. [bug] Rndc could catch an assertion failure on SIGINT due
to an uninitialized variable. [RT #1908]
1055. [func] Version and hostname queries can now be disabled
using "version none;" and "hostname none;",
respectively.
1054. [bug] On Win32, cfg_categories and cfg_modules need to be
exported from the libisccfg DLL.
1053. [bug] Dig did not increase its timeout when receiving
AXFRs unless the +time option was used. [RT #1904]
1052. [bug] Journals were not being created in binary mode
resulting in "journal format not recognized" error
under Win32. [RT #1889]
1051. [bug] Do not ignore a network interface completely just
because it has a noncontiguous netmask. Instead,
omit it from the localnets ACL and issue a warning.
[RT #1891]
1050. [bug] Log messages reporting malformed IP addresses in
address lists such as that of the forwarders option
failed to include the correct error code, file
name, and line number. [RT #1890]
1049. [func] "pid-file none;" will disable writing a pid file.
[RT #1848]
1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
didn't work.
1047. [bug] named was incorrectly refusing all requests signed
with a TSIG key derived from an unsigned TKEY
negotiation with a NOERROR response. [RT #1886]
1046. [bug] The help message for the --with-openssl configure
option was inaccurate. [RT #1880]
1045. [bug] It was possible to skip saving glue for a nameserver
for a stub zone.
1044. [bug] Specifying allow-transfer, notify-source, or
notify-source-v6 in a stub zone was not treated
as an error.
1043. [bug] Specifying a transfer-source or transfer-source-v6
option in the zone statement for a master zone was
not treated as an error. [RT #1876]
1042. [bug] The "config" logging category did not work properly.
[RT #1873]
1041. [bug] Dig/host/nslookup could catch an assertion failure
on SIGINT due to an uninitialized variable. [RT #1867]
1040. [bug] Multiple listen-on-v6 options with different ports
were not accepted. [RT #1875]
1039. [bug] Negative responses with CNAMEs in the answer section
were cached incorrectly. [RT #1862]
1038. [bug] In servers configured with a tkey-domain option,
TKEY queries with an owner name other than the root
could cause an assertion failure. [RT #1866, #1869]
1037. [bug] Negative responses whose authority section contain
SOA or NS records whose owner names are not equal
equal to or parents of the query name should be
rejected. [RT #1862]
1036. [func] Silently drop requests received via multicast as
long as there is no final multicast DNS standard.
1035. [bug] If we respond to multicast queries (which we
currently do not), respond from a unicast address
as specified in RFC 1123. [RT #137]
1034. [bug] Ignore the RD bit on multicast queries as specified
in RFC 1123. [RT #137]
1033. [bug] Always respond to requests with an unsupported opcode
with NOTIMP, even if we don't have a matching view
or cannot determine the class.
1032. [func] hostname.bind/txt/chaos now returns the name of
the machine hosting the nameserver. This is useful
in diagnosing problems with anycast servers.
1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
[RT #1858]
1030. [bug] On systems with no resolv.conf file, nsupdate
exited with an error rather than defaulting
to using the loopback address. [RT #1836]
1029. [bug] Some named.conf errors did not cause the loading
of the configuration file to return a failure
status even though they were logged. [RT #1847]
1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf
in the wrong directory. [RT #1833]
1027. [bug] RRs having the reserved type 0 should be rejected.
[RT #1471]
1026. [placeholder]
1025. [bug] Don't use multicast addresses to resolve iterative
queries. [RT #101]
1024. [port] Compilation failed on HP-UX 11.11 due to
incompatible use of the SIOCGLIFCONF macro
name. [RT #1831]
1023. [func] Accept hints without TTLs.
1022. [bug] Don't report empty root hints as "extra data".
[RT #1802]
1021. [bug] On Win32, log message timestamps were one month
later than they should have been, and the server
would exhibit unspecified behavior in December.
1020. [bug] IXFR log messages did not distinguish between
true IXFRs, AXFR-style IXFRs, and mere version
polls. [RT #1811]
1019. [bug] The value of the lame-ttl option was limited to 18000
seconds, not 1800 seconds as documented. [RT #1803]
1018. [bug] The default log channel was not always initialized
correctly. [RT #1813]
1017. [bug] When specifying TSIG keys to dig and nsupdate using
the -k option, they must be HMAC-MD5 keys. [RT #1810]
1016. [bug] Slave zones with no backup file were re-transferred
on every server reload.
1015. [bug] Log channels that had a "versions" option but no
"size" option failed to create numbered log
files. [RT #1783]
1014. [bug] Some queries would cause statistics counters to
increment more than once or not at all. [RT #1321]
1013. [bug] It was possible to cancel a query twice when marking
a server as bogus or by having a blackhole acl.
[RT #1776]
1012. [bug] The -p option to named did not behave as documented.
1011. [cleanup] Removed isc_dir_current().
1010. [bug] The server could attempt to execute a command channel
command after initiating server shutdown, causing
an assertion failure. [RT #1766]
1009. [port] OpenUNIX 8 support. [RT #1728]
1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2.
1007. [port] config.guess, config.sub from autoconf-2.52.
1006. [bug] If a KEY RR was found missing during DNSSEC validation,
an assertion failure could subsequently be triggered
in the resolver. [RT #1763]
1005. [bug] Don't copy nonzero RCODEs from request to response.
[RT #1765]
1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770]
1003. [func] Add the +retry option to dig.
1002. [bug] When reporting an unknown class name in named.conf,
including the file name and line number. [RT #1759]
1001. [bug] win32 socket code doio_recv was not catching a
WSACONNRESET error when a client was timing out
the request and closing its socket. [RT #1745]
1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias
for class "HS". [RT #1759]
999. [func] "rndc retransfer zone [class [view]]" added.
[RT #1752]
998. [func] named-checkzone now has arguments to specify the
chroot directory (-t) and working directory (-w).
[RT #1755]
997. [func] Add support for RSA-SHA1 keys (RFC3110).
996. [func] Issue warning if the configuration filename contains
the chroot path.
995. [bug] dig, host, nslookup: using a raw IPv6 address as a
target address should be fatal on a IPv4 only system.
994. [func] Treat non-authoritative responses to queries for type
NS as referrals even if the NS records are in the
answer section, because BIND 8 servers incorrectly
send them that way. This is necessary for DNSSEC
validation of the NS records of a secure zone to
succeed when the parent is a BIND 8 server. [RT #1706]
993. [func] dig: -v now reports the version.
992. [doc] dig: ~/.digrc is now documented.
991. [func] Lower UDP refresh timeout messages to level
debug 1.
990. [bug] The rndc-confgen man page was not installed.
989. [bug] Report filename if $INCLUDE fails for file related
errors. [RT #1736]
988. [bug] 'additional-from-auth no;' did not work reliably
in the case of queries answered from the cache.
[RT #1436]
987. [bug] "dig -help" didn't show "+[no]stats".
986. [bug] "dig +noall" failed to clear stats and command
printing.
985. [func] Consider network interfaces to be up iff they have
a nonzero IP address rather than based on the
IFF_UP flag. [RT #1160]
984. [bug] Multithreading should be enabled by default on
Solaris 2.7 and newer, but it wasn't.
983. [func] The server now supports generating IXFR difference
sequences for non-dynamic zones by comparing zone
versions, when enabled using the new config
option "ixfr-from-differences". [RT #1727]
982. [func] If "memstatistics-file" is set in options the memory
statistics will be written to it.
981. [func] The dnssec tools can now take multiple '-r randomfile'
arguments.
980. [bug] Incoming zone transfers restarting after an error
could trigger an assertion failure. [RT #1692]
979. [func] Incremental master file dumping. dns_master_dumpinc(),
dns_master_dumptostreaminc(), dns_dumpctx_attach(),
dns_dumpctx_detach(), dns_dumpctx_cancel(),
dns_dumpctx_db() and dns_dumpctx_version().
978. [bug] dns_db_attachversion() had an invalid REQUIRE()
condition.
977. [bug] Improve "not at top of zone" error message.
976. [func] named-checkconf can now test load master zones
(named-checkconf -z). [RT #1468]
975. [bug] "max-cache-size default;" as a view option
caused an assertion failure.
974. [bug] "max-cache-size unlimited;" as a global option
was not accepted.
973. [bug] Failed to log the question name when logging:
"bad zone transfer request: non-authoritative zone
(NOTAUTH)".
972. [bug] The file modification time code in zone.c was using the
wrong epoch. [RT #1667]
971. [placeholder]
970. [func] 'max-journal-size' can now be used to set a target
size for a journal.
969. [func] dig now supports the undocumented dig 8 feature
of allowing arbitrary labels, not just dotted
decimal quads, with the -x option. This can be
used to conveniently look up RFC2317 names as in
"dig -x 10.0.0.0-127". [RT #827, #1576, #1598]
968. [bug] On win32, the isc_time_now() function was unnecessarily
calling strtime(). [RT #1671]
967. [bug] On win32, the link for bindevt was not including the
required resource file to enable the event viewer
to interpret the error messages in the event log,
[RT #1668]
966. [placeholder]
965. [bug] Including data other than root server NS and A
records in the root hint file could cause a rbtdb
node reference leak. [RT #1581, #1618]
964. [func] Warn if data other than root server NS and A records
are found in the root hint file. [RT #1581, #1618]
963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
962. [bug] libbind: bad "#undef", don't attempt to install
non-existant nlist.h. [RT #1640]
961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
was not defined. [RT #1482]
960. [port] liblwres failed to build on systems with support for
getrrsetbyname() in the OS. [RT #1592]
959. [port] On FreeBSD, determine the number of CPUs by calling
sysctlbyname(). [RT #1584]
958. [port] ssize_t is not available on all platforms. [RT #1607]
957. [bug] sys/select.h inclusion was broken on older platforms.
[RT #1607]
956. [bug] ns_g_autorndcfile changed to ns_g_keyfile
in named/win32/os.c due to code changes in
change #953. win32 .make file for rndc-confgen
updated to add include path for os.h header.
To generate a diff of this commit:
cvs rdiff -r0 -r1.3 pkgsrc/net/bind9-current/DESCR
cvs rdiff -r0 -r1.37 pkgsrc/net/bind9-current/Makefile
cvs rdiff -r0 -r1.7 pkgsrc/net/bind9-current/PLIST
cvs rdiff -r0 -r1.20 pkgsrc/net/bind9-current/distinfo
cvs rdiff -r0 -r1.3 pkgsrc/net/bind9-current/files/lwresd.sh \
pkgsrc/net/bind9-current/files/named.sh
cvs rdiff -r0 -r1.5 pkgsrc/net/bind9-current/patches/patch-ab \
pkgsrc/net/bind9-current/patches/patch-ac
cvs rdiff -r0 -r1.3 pkgsrc/net/bind9-current/patches/patch-ai
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.