diff --git a/CHANGES b/CHANGES index c72034f2da..8468931c5c 100644 --- a/CHANGES +++ b/CHANGES @@ -84,7 +84,7 @@ ixfr-fromdifferences. [RT #26845] 3244. [func] Added readline support to nslookup and nsupdate. - Also simplified nsupdate syntax to make "update" + Also simplified nsupdate syntax to make "update" and "prereq" optional. [RT #24659] 3243. [port] freebsd,netbsd,bsdi: the thread defaults were not @@ -97,9 +97,9 @@ inline-signing zones, to track changes between the unsigned and signed versions of the zone, which may have different serial numbers. - + (Note: raw zonefiles generated by this version of - BIND are no longer compatble with prior versions. + BIND are no longer compatble with prior versions. To generate a backward-compatible raw zonefile using dnssec-signzone or named-compilezone, specify output format "raw=0" instead of simply "raw".) @@ -142,8 +142,8 @@ 3229. [bug] Fix local variable to struct var assignment found by CLANG warning. -3228. [tuning] Dynamically grow symbol table to improve zone - loading performance. [RT #26523] +3228. [tuning] Dynamically grow symbol table to improve zone + loading performance. [RT #26523] 3227. [bug] Interim fix to make WKS's use of getprotobyname() and getservbyname() self thread safe. [RT #26232] @@ -168,8 +168,8 @@ --- 9.9.0b2 released --- 3220. [bug] Change #3186 was incomplete; dns_db_rpz_findips() - could fail to set the database version correctly, - causing an assertion failure. [RT #26180] + could fail to set the database version correctly, + causing an assertion failure. [RT #26180] 3219. [bug] Disable NOEDNS caching following a timeout. @@ -185,12 +185,12 @@ 3214. [func] Add 'named -U' option to set the number of UDP listener threads per interface. [RT #26485] - + 3213. [doc] Clarify ixfr-from-differences behavior. [RT #25188] -3212. [bug] rbtdb.c: failed to remove a node from the deadnodes list - prior to adding a reference to it leading a possible - assertion failure. [RT #23219] +3212. [bug] rbtdb.c: failed to remove a node from the deadnodes + list prior to adding a reference to it leading a + possible assertion failure. [RT #23219] 3211. [func] dnssec-signzone: "-f -" prints to stdout; "-O full" option prints in single-line-per-record format. @@ -235,11 +235,11 @@ 3198. [doc] Clarified that dnssec-settime can alter keyfile permissions. [RT #24866] -3197. [bug] Don't try to log the filename and line number when +3197. [bug] Don't try to log the filename and line number when the config parser can't open a file. [RT #22263] -3196. [bug] nsupdate: return nonzero exit code when target zone - doesn't exist. [RT #25783] +3196. [bug] nsupdate: return nonzero exit code when target zone + doesn't exist. [RT #25783] 3195. [cleanup] Silence "file not found" warnings when loading managed-keys zone. [RT #26340] @@ -259,12 +259,12 @@ [RT #26397] 3189. [test] Added a summary report after system tests. [RT #25517] - + 3188. [bug] zone.c:zone_refreshkeys() could fail to detach references correctly when errors occurred, causing a hang on shutdown. [RT #26372] -3187. [port] win32: support for Visual Studio 2008. [RT #26356] +3187. [port] win32: support for Visual Studio 2008. [RT #26356] --- 9.9.0b1 released --- @@ -274,7 +274,7 @@ - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state - records for keys that have fully signed the zone + records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729] @@ -284,7 +284,7 @@ 3183. [bug] Added RTLD_GLOBAL flag to dlopen call. [RT #26301] -3182. [bug] Auth servers behind firewalls which block packets +3182. [bug] Auth servers behind firewalls which block packets greater than 512 bytes may cause other servers to perform poorly. Now, adb retains edns information and caches noedns servers. [RT #23392/24964] @@ -310,7 +310,7 @@ sample external DLZ module in contrib/dlz/example. [RT #26215] -3175. [bug] Fix how DNSSEC positive wildcard responses from a +3175. [bug] Fix how DNSSEC positive wildcard responses from a NSEC3 signed zone are validated. Stop sending a unnecessary NSEC3 record when generating such responses. [RT #26200] @@ -336,8 +336,8 @@ - RDATA for CNAME rules can include wildcards - replace "NO-OP" named.conf policy override with "PASSTHRU" and add "DISABLED" override ("NO-OP" - is still recognized) - [RT #25172] + is still recognized) + [RT #25172] 3169. [func] Catch db/version mis-matches when calling dns_db_*(). [RT #26017] @@ -374,7 +374,7 @@ 3160. [bug] When printing out a NSEC3 record in multiline form the newline was not being printed causing type codes to be run together. [RT #25873] - + 3159. [bug] On some platforms, named could assert on startup when running in a chrooted environment without /proc. [RT #25863] @@ -403,7 +403,7 @@ incorrect use of __builtin_expect. [RT #25183] 3151. [bug] Queries for type RRSIG or SIG could be handled - incorrectly. [RT #21050] + incorrectly. [RT #21050] 3150. [func] Improved startup and reconfiguration time by enabling zones to load in multiple threads. [RT #25333] @@ -417,7 +417,7 @@ --- 9.9.0a1 released --- -3146. [test] Fixed gcc4.6.0 errors in ATF. [RT #25598] +3146. [test] Fixed gcc4.6.0 errors in ATF. [RT #25598] 3145. [test] Capture output of ATF unit tests in "./atf.out" if there were any errors while running them. [RT #25527] @@ -432,13 +432,13 @@ 3141. [bug] Silence spurious "zone serial (0) unchanged" messages associated with empty zones. [RT #25079] -3140. [func] New command "rndc flushtree " clears the +3140. [func] New command "rndc flushtree " clears the specified name from the server cache along with all names under it. [RT #19970] 3139. [test] Added tests from RFC 6234, RFC 2202, and RFC 1321 for the hashing algorithms (md5, sha1 - sha512, and - their hmac counterparts). [RT #25067] + their hmac counterparts). [RT #25067] 3138. [bug] Address memory leaks and out-of-order operations when shutting named down. [RT #25210] @@ -448,7 +448,7 @@ This can significantly increase query throughput on some systems. [RT #22992] -3136. [func] Add RFC 1918 reverse zones to the list of built-in +3136. [func] Add RFC 1918 reverse zones to the list of built-in empty zones switched on by the 'empty-zones-enable' option. [RT #24990] @@ -506,10 +506,10 @@ 3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664] -3121. [security] An authoritative name server sending a negative - response containing a very large RRset could - trigger an off-by-one error in the ncache code - and crash named. [RT #24650] +3121. [security] An authoritative name server sending a negative + response containing a very large RRset could + trigger an off-by-one error in the ncache code + and crash named. [RT #24650] 3120. [bug] Named could fail to validate zones listed in a DLV that validated insecure without using DLV and had @@ -547,9 +547,9 @@ "krb5-subdomain", which allow machines to update their own records, to the BIND 9 ARM. -3111. [bug] Improved consistency checks for dnssec-enable and - dnssec-validation, added test cases to the - checkconf system test. [RT #24398] +3111. [bug] Improved consistency checks for dnssec-enable and + dnssec-validation, added test cases to the + checkconf system test. [RT #24398] 3110. [bug] dnssec-signzone: Wrong error message could appear when attempting to sign with no KSK. [RT #24369] @@ -564,17 +564,17 @@ 3108. [cleanup] dnssec-signzone: Clarified some error and warning messages; removed #ifdef ALLOW_KSKLESS_ZONES code (use -P instead). [RT #20852] - + 3107. [bug] dnssec-signzone: Report the correct number of ZSKs when using -x. [RT #20852] 3106. [func] When logging client requests, include the name of the TSIG key if any. [RT #23619] -3105. [bug] GOST support can be suppressed by "configure - --without-gost" [RT #24367] +3105. [bug] GOST support can be suppressed by "configure + --without-gost" [RT #24367] -3104. [bug] Better support for cross-compiling. [RT #24367] +3104. [bug] Better support for cross-compiling. [RT #24367] 3103. [bug] Configuring 'dnssec-validation auto' in a view instead of in the options statement could trigger @@ -585,7 +585,7 @@ for updates when using automatic key maintenance. Default is every 60 minutes (formerly hard-coded to 12 hours). [RT #23744] - + 3101. [bug] Zones using automatic key maintenance could fail to check the key repository for updates. [RT #23744] @@ -781,9 +781,9 @@ 3043. [test] Merged in the NetBSD ATF test framework (currently version 0.12) for development of future unit tests. - Use configure --with-atf to build ATF internally - or configure --with-atf=prefix to use an external - copy. [RT #23209] + Use configure --with-atf to build ATF internally + or configure --with-atf=prefix to use an external + copy. [RT #23209] 3042. [bug] dig +trace could fail attempting to use IPv6 addresses on systems with only IPv4 connectivity. @@ -1219,7 +1219,7 @@ 2929. [bug] Improved handling of GSS security contexts: - added LRU expiration for generated TSIGs - added the ability to use a non-default realm - - added new "realm" keyword in nsupdate + - added new "realm" keyword in nsupdate - limited lifetime of generated keys to 1 hour or the lifetime of the context (whichever is smaller) @@ -2048,7 +2048,7 @@ --with-export-includedir. [RT #20252] 2675. [bug] dnssec-signzone could crash if the key directory - did not exist. [RT #20232] + did not exist. [RT #20232] --- 9.7.0a3 released --- @@ -2139,7 +2139,7 @@ 64-bit systems. [RT #20076] 2650. [bug] Assertion failure in dnssec-signzone when trying - to read keyset-* files. [RT #20075] + to read keyset-* files. [RT #20075] 2649. [bug] Set the domain for forward only zones. [RT #19944] @@ -2211,7 +2211,7 @@ 2630. [func] Improved syntax for DDNS autoconfiguration: use "update-policy local;" to switch on local DDNS in a zone. (The "ddns-autoconf" option has been removed.) - [RT #19875] + [RT #19875] 2629. [port] Check for seteuid()/setegid(), use setresuid()/ setresgid() if not present. [RT #19932] @@ -2896,10 +2896,10 @@ time. [RT #18277] 2423. [security] Randomize server selection on queries, so as to - make forgery a little more difficult. Instead of - always preferring the server with the lowest RTT, - pick a server with RTT within the same 128 - millisecond band. [RT #18441] + make forgery a little more difficult. Instead of + always preferring the server with the lowest RTT, + pick a server with RTT within the same 128 + millisecond band. [RT #18441] 2422. [bug] Handle the special return value of a empty node as if it was a NXRRSET in the validator. [RT #18447] @@ -2980,7 +2980,7 @@ 2399. [placeholder] -2398. [bug] Improve file descriptor management. New, +2398. [bug] Improve file descriptor management. New, temporary, named.conf option reserved-sockets, default 512. [RT #18344]