ixfr-fromdifferences. [RT #26845]
3244. [func] Added readline support to nslookup and nsupdate.
- Also simplified nsupdate syntax to make "update"
+ Also simplified nsupdate syntax to make "update"
and "prereq" optional. [RT #24659]
3243. [port] freebsd,netbsd,bsdi: the thread defaults were not
inline-signing zones, to track changes between the
unsigned and signed versions of the zone, which may
have different serial numbers.
-
+
(Note: raw zonefiles generated by this version of
- BIND are no longer compatble with prior versions.
+ BIND are no longer compatble with prior versions.
To generate a backward-compatible raw zonefile
using dnssec-signzone or named-compilezone, specify
output format "raw=0" instead of simply "raw".)
3229. [bug] Fix local variable to struct var assignment
found by CLANG warning.
-3228. [tuning] Dynamically grow symbol table to improve zone
- loading performance. [RT #26523]
+3228. [tuning] Dynamically grow symbol table to improve zone
+ loading performance. [RT #26523]
3227. [bug] Interim fix to make WKS's use of getprotobyname()
and getservbyname() self thread safe. [RT #26232]
--- 9.9.0b2 released ---
3220. [bug] Change #3186 was incomplete; dns_db_rpz_findips()
- could fail to set the database version correctly,
- causing an assertion failure. [RT #26180]
+ could fail to set the database version correctly,
+ causing an assertion failure. [RT #26180]
3219. [bug] Disable NOEDNS caching following a timeout.
3214. [func] Add 'named -U' option to set the number of UDP
listener threads per interface. [RT #26485]
-
+
3213. [doc] Clarify ixfr-from-differences behavior. [RT #25188]
-3212. [bug] rbtdb.c: failed to remove a node from the deadnodes list
- prior to adding a reference to it leading a possible
- assertion failure. [RT #23219]
+3212. [bug] rbtdb.c: failed to remove a node from the deadnodes
+ list prior to adding a reference to it leading a
+ possible assertion failure. [RT #23219]
3211. [func] dnssec-signzone: "-f -" prints to stdout; "-O full"
option prints in single-line-per-record format.
3198. [doc] Clarified that dnssec-settime can alter keyfile
permissions. [RT #24866]
-3197. [bug] Don't try to log the filename and line number when
+3197. [bug] Don't try to log the filename and line number when
the config parser can't open a file. [RT #22263]
-3196. [bug] nsupdate: return nonzero exit code when target zone
- doesn't exist. [RT #25783]
+3196. [bug] nsupdate: return nonzero exit code when target zone
+ doesn't exist. [RT #25783]
3195. [cleanup] Silence "file not found" warnings when loading
managed-keys zone. [RT #26340]
[RT #26397]
3189. [test] Added a summary report after system tests. [RT #25517]
-
+
3188. [bug] zone.c:zone_refreshkeys() could fail to detach
references correctly when errors occurred, causing
a hang on shutdown. [RT #26372]
-3187. [port] win32: support for Visual Studio 2008. [RT #26356]
+3187. [port] win32: support for Visual Studio 2008. [RT #26356]
--- 9.9.0b1 released ---
- 'rndc signing -list' displays the current
state of signing operations
- 'rndc signing -clear' clears the signing state
- records for keys that have fully signed the zone
+ records for keys that have fully signed the zone
- 'rndc signing -nsec3param' sets the NSEC3
parameters for the zone
The 'rndc keydone' syntax is removed. [RT #23729]
3183. [bug] Added RTLD_GLOBAL flag to dlopen call. [RT #26301]
-3182. [bug] Auth servers behind firewalls which block packets
+3182. [bug] Auth servers behind firewalls which block packets
greater than 512 bytes may cause other servers to
perform poorly. Now, adb retains edns information
and caches noedns servers. [RT #23392/24964]
sample external DLZ module in contrib/dlz/example.
[RT #26215]
-3175. [bug] Fix how DNSSEC positive wildcard responses from a
+3175. [bug] Fix how DNSSEC positive wildcard responses from a
NSEC3 signed zone are validated. Stop sending a
unnecessary NSEC3 record when generating such
responses. [RT #26200]
- RDATA for CNAME rules can include wildcards
- replace "NO-OP" named.conf policy override with
"PASSTHRU" and add "DISABLED" override ("NO-OP"
- is still recognized)
- [RT #25172]
+ is still recognized)
+ [RT #25172]
3169. [func] Catch db/version mis-matches when calling dns_db_*().
[RT #26017]
3160. [bug] When printing out a NSEC3 record in multiline form
the newline was not being printed causing type codes
to be run together. [RT #25873]
-
+
3159. [bug] On some platforms, named could assert on startup
when running in a chrooted environment without
/proc. [RT #25863]
incorrect use of __builtin_expect. [RT #25183]
3151. [bug] Queries for type RRSIG or SIG could be handled
- incorrectly. [RT #21050]
+ incorrectly. [RT #21050]
3150. [func] Improved startup and reconfiguration time by
enabling zones to load in multiple threads. [RT #25333]
--- 9.9.0a1 released ---
-3146. [test] Fixed gcc4.6.0 errors in ATF. [RT #25598]
+3146. [test] Fixed gcc4.6.0 errors in ATF. [RT #25598]
3145. [test] Capture output of ATF unit tests in "./atf.out" if
there were any errors while running them. [RT #25527]
3141. [bug] Silence spurious "zone serial (0) unchanged" messages
associated with empty zones. [RT #25079]
-3140. [func] New command "rndc flushtree <name>" clears the
+3140. [func] New command "rndc flushtree <name>" clears the
specified name from the server cache along with
all names under it. [RT #19970]
3139. [test] Added tests from RFC 6234, RFC 2202, and RFC 1321
for the hashing algorithms (md5, sha1 - sha512, and
- their hmac counterparts). [RT #25067]
+ their hmac counterparts). [RT #25067]
3138. [bug] Address memory leaks and out-of-order operations when
shutting named down. [RT #25210]
This can significantly increase query throughput
on some systems. [RT #22992]
-3136. [func] Add RFC 1918 reverse zones to the list of built-in
+3136. [func] Add RFC 1918 reverse zones to the list of built-in
empty zones switched on by the 'empty-zones-enable'
option. [RT #24990]
3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664]
-3121. [security] An authoritative name server sending a negative
- response containing a very large RRset could
- trigger an off-by-one error in the ncache code
- and crash named. [RT #24650]
+3121. [security] An authoritative name server sending a negative
+ response containing a very large RRset could
+ trigger an off-by-one error in the ncache code
+ and crash named. [RT #24650]
3120. [bug] Named could fail to validate zones listed in a DLV
that validated insecure without using DLV and had
"krb5-subdomain", which allow machines to update
their own records, to the BIND 9 ARM.
-3111. [bug] Improved consistency checks for dnssec-enable and
- dnssec-validation, added test cases to the
- checkconf system test. [RT #24398]
+3111. [bug] Improved consistency checks for dnssec-enable and
+ dnssec-validation, added test cases to the
+ checkconf system test. [RT #24398]
3110. [bug] dnssec-signzone: Wrong error message could appear
when attempting to sign with no KSK. [RT #24369]
3108. [cleanup] dnssec-signzone: Clarified some error and
warning messages; removed #ifdef ALLOW_KSKLESS_ZONES
code (use -P instead). [RT #20852]
-
+
3107. [bug] dnssec-signzone: Report the correct number of ZSKs
when using -x. [RT #20852]
3106. [func] When logging client requests, include the name of
the TSIG key if any. [RT #23619]
-3105. [bug] GOST support can be suppressed by "configure
- --without-gost" [RT #24367]
+3105. [bug] GOST support can be suppressed by "configure
+ --without-gost" [RT #24367]
-3104. [bug] Better support for cross-compiling. [RT #24367]
+3104. [bug] Better support for cross-compiling. [RT #24367]
3103. [bug] Configuring 'dnssec-validation auto' in a view
instead of in the options statement could trigger
for updates when using automatic key maintenance.
Default is every 60 minutes (formerly hard-coded
to 12 hours). [RT #23744]
-
+
3101. [bug] Zones using automatic key maintenance could fail
to check the key repository for updates. [RT #23744]
3043. [test] Merged in the NetBSD ATF test framework (currently
version 0.12) for development of future unit tests.
- Use configure --with-atf to build ATF internally
- or configure --with-atf=prefix to use an external
- copy. [RT #23209]
+ Use configure --with-atf to build ATF internally
+ or configure --with-atf=prefix to use an external
+ copy. [RT #23209]
3042. [bug] dig +trace could fail attempting to use IPv6
addresses on systems with only IPv4 connectivity.
2929. [bug] Improved handling of GSS security contexts:
- added LRU expiration for generated TSIGs
- added the ability to use a non-default realm
- - added new "realm" keyword in nsupdate
+ - added new "realm" keyword in nsupdate
- limited lifetime of generated keys to 1 hour
or the lifetime of the context (whichever is
smaller)
--with-export-includedir. [RT #20252]
2675. [bug] dnssec-signzone could crash if the key directory
- did not exist. [RT #20232]
+ did not exist. [RT #20232]
--- 9.7.0a3 released ---
64-bit systems. [RT #20076]
2650. [bug] Assertion failure in dnssec-signzone when trying
- to read keyset-* files. [RT #20075]
+ to read keyset-* files. [RT #20075]
2649. [bug] Set the domain for forward only zones. [RT #19944]
2630. [func] Improved syntax for DDNS autoconfiguration: use
"update-policy local;" to switch on local DDNS in a
zone. (The "ddns-autoconf" option has been removed.)
- [RT #19875]
+ [RT #19875]
2629. [port] Check for seteuid()/setegid(), use setresuid()/
setresgid() if not present. [RT #19932]
time. [RT #18277]
2423. [security] Randomize server selection on queries, so as to
- make forgery a little more difficult. Instead of
- always preferring the server with the lowest RTT,
- pick a server with RTT within the same 128
- millisecond band. [RT #18441]
+ make forgery a little more difficult. Instead of
+ always preferring the server with the lowest RTT,
+ pick a server with RTT within the same 128
+ millisecond band. [RT #18441]
2422. [bug] Handle the special return value of a empty node as
if it was a NXRRSET in the validator. [RT #18447]
2399. [placeholder]
-2398. [bug] Improve file descriptor management. New,
+2398. [bug] Improve file descriptor management. New,
temporary, named.conf option reserved-sockets,
default 512. [RT #18344]
projects / thirdparty / bind9.git / commitdiff
