[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BIND 9.2.6 beta 1 is now available.

		BIND 9.2.6 beta 1 is now available.

BIND 9.2.6b1 is a beta maintenance release for BIND 9.2.

BIND 9.2.6b1 can be downloaded from


The PGP signature of the distribution is at


The signature was generated with the ISC public key, which is
available at <http://www.isc.org/about/openpgp/pgpkey2004.txt>.

A binary kit for Windows NT 4.0 and Windows 2000 is at


The PGP signature of the binary kit for Windows NT 4.0 and Windows 2000 is at

A list of changes made since 9.2.0 follows.  For earlier changes,
see the file CHANGES in the distribution.


	--- 9.2.6b1 released ---

1917.	[doc]		funcsynopsisinfo wasn't being treated as verbatim
			when generating man pages. [RT #15385]

1911.	[bug]		Update windows socket code. [RT #14965]

1905.	[bug]		Strings returned from cfg_obj_asstring() should be
                        treated as read-only.  [RT #15256]

1895.	[bug]		A escaped character is, potentially, converted to
			the output character set too early. [RT #14666]

1893.	[port]		Use uintptr_t if available. [RT #14606]

1889.	[port]		sunos: non blocking i/o support. [RT #14951]

1887.	[bug]		The cache could delete expired records too fast for
			clients with a virtual time in the past. [RT #14991]

1886.	[bug]		fctx_create() could return success even though it
			failed. [RT #14993]

1884.	[cleanup]	dighost.c: move external declarations into <dig/dig.h>.

1883.	[bug]		dnssec-signzone, dnssec-keygen, dnssec-signkey,
			dnssec-makekeyset: handle negative debug levels.
			[RT #14962]

1881.	[func]		Add a system test for named-checkconf. [RT #14931]

1877.	[bug]		Fix unreasonably low quantum on call to
			dns_rbt_destroy2().  Remove unnecessay unhash_node()
			call. [RT #14919]

1875.	[bug]		process_dhtkey() was using the wrong memory context
			to free some memory. [RT #14890]

1873.	[port]		win32: isc__errno2result() now reports its caller.
			[RT #13753]

1872.	[port]		win32: Handle ERROR_NETNAME_DELETED.  [RT #13753]

1871.	[bug]		dnssec_makekeyset and dnssec-signkey failed to
			initalize the hash context. [RT #13771]

1865.	[bug]		Silently ignore nameservers in /etc/resolv.conf with
			bad addresses. [RT #14841]

1861.	[bug]		dig could trigger a INSIST on certain malformed
			responses. [RT #14801]

1860.	[port]		solaris 2.8: hack_shutup_pthreadmutexinit was
			incorrectly set. [RT #14775]

1856.	[doc]		Switch Docbook toolchain from DSSSL to XSL.
			[RT #11398]

1854.	[bug]		lwres also needs to know the print format for
			(long long).  [RT #13754]

1850.	[bug]		Memory leak in lwres_getipnodebyaddr(). [RT #14591]

1849.	[doc]		All forms of the man pages (docbook, man, html) should
			have consistant copyright dates.

1848.	[bug]		Improve SMF integration. [RT #13238]

1847.	[bug]		isc_ondestroy_init() is called too late in
			[RT #13661]
1846.	[contrib]	query-loc-0.3.0 from Stephane Bortzmeyer

1845.	[bug]		Improve error reporting to distingish between
			accept()/fcntl() and socket()/fcntl() errors.
			[RT #13745]

1844.	[bug]		inet_pton() accepted more that 4 hexadecimal digits
			for each 16 bit piece of the IPv6 address.  The text
			representation of a IPv6 address has been tighted
			to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
			[RT #5662]

1843.	[cleanup]	CINCLUDES takes precedence over CFLAGS.  This helps
			when CFLAGS contains "-I /usr/local/include"
			resulting in old header files being used.

1842.	[port]		cmsg_len() could produce incorrect results on
			some platform. [RT #13744]

1841.	[bug]		"dig +nssearch" now makes a recursive query to
			find the list of nameservers to query. [RT #13694]

1839.	[bug]		<isc/hash.h> was not being installed.

1838.	[cleanup]	Don't allow Linux capabilities to be inherited.
			[RT #13707]

1836.	[cleanup]	Silence compiler warnings in hash_test.c.

1835.	[bug]		Update dnssec-signzone's usage message. [RT #13657]

1834.	[bug]		Bad memset in rdata_test.c. [RT #13658]

1833.	[bug]		Race condition in isc_mutex_lock_profile(). [RT #13660]

1832.	[bug]		named fails to return BADKEY on unknown TSIG algorithm.
			[RT #13620]

1830.	[bug]		adb lame cache has sence of test reversed. [RT #13600]

1828.	[bug]		isc_rwlock_init() failed to properly cleanup if it
			encountered a error. [RT #13549]

1827.	[bug]		host: update usage message for '-a'. [RT #37116]

1826.	[bug]		Missing DESTROYLOCK() in isc_mem_createx() on out
			of memory error. [RT #13537]

1825.	[bug]		Missing UNLOCK() on out of memory error from in
			rbtdb.c:subtractrdataset(). [RT #13519]

1824.	[bug]		Memory leak on dns_zone_setdbtype() failure.
			[RT #13510]

1823.	[bug]		Wrong macro used to check for point to point interface.

1821.	[doc]		acls definitions are no longer required to be
			in named.conf prior to reference.  They can be
			defined after being referenced.

1820.	[bug]		Gracefully handle acl loops. [RT #13659]

1815.	[bug]		nsupdate triggered a REQUIRE if the server was set
			without also setting the zone and it encountered
			a CNAME and was using TSIG.  [RT #13086]

1810.	[bug]		configure, lib/bind/configure make different default
			decisions about whether to do a threaded build.
			[RT #13212]

1809.	[bug]		"make distclean" failed for libbind if the platform
			is not supported.

1807.	[bug]		When forwarding (forward only) set the active domain
			from the forward zone name. [RT #13526]
1804.	[bug]		Ensure that if we are queried for glue that it fits
			in the additional section or TC is set to tell the
			client to retry using TCP. [RT #10114]

1802.	[bug]		Handle connection resets better. [RT #11280]

	--- 9.2.5 released ---

	--- 9.2.5rc1 released ---

1812.	[port]		win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
			[RT #13453]

1808.	[bug]		zone.c:notify_zone() contained a race condition,
			zone->db could change underneath it.  [RT #13511]

	--- 9.2.5beta2 released ---

1800.	[bug]		Changes #1719 allowed a INSIST to be triggered.
			[RT #13428]

	--- 9.2.5beta1 released ---

1790.	[cleanup]	Move lib/dns/sec/dst up into lib/dns.  This should
			allow parallel make to succeed.

1789.	[bug]		Prerequisite test for tkey and dnssec could fail
			with "configure --with-libtool".

1787.	[port]		HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.

1786.	[port]		AIX: libt_api needs to be taught to look for
			T_testlist in the main executable (--with-libtool).
			[RT #13239]

1784.	[cleanup]	"libtool -allow-undefined" is the default.
			Leave hooks in configure to allow it to be set
			if needed in the future.

1783.	[cleanup]	We only need one copy of libtool.m4, ltmain.sh in the
			source tree.

1782.	[port]		OSX: --with-libtool + --enable-libbind broke on
			__evOptMonoTime.  [RT #13219]

1781.	[port]		FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]

1780.	[bug]		Update libtool to 1.5.10.

1779.	[port]		OSF 5.1: libtool didn't handle -pthread correctly.

1778.   [port]   	HUX 11.11: fix broken IN6ADDR_ANY_INIT and

1777.   [port]   	OSF 5.1: fix broken IN6ADDR_ANY_INIT and

1776.   [port]   	Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
                        IN6ADDR_LOOPBACK_INIT macros.

1775.	[bug]		Only compile getnetent_r.c when threaded. [RT #13205]

1774.	[port]		Aix: Silence compiler warnings / build failures.
			[RT #13154]

1773.	[bug]		Fast retry on host / net unreachable. [RT #13153]

1772.	[bug]		Change #1740 needed more work in 9.2 as bit-labels
			are still supported. [RT #13015]

1771.	[bug]		Built-in zones did not have SOA or NS records.
			[RT #13015]

1770.	[bug]		named-checkconf failed to report missing a missing
			file clause for rbt{64} master/hint zones. [RT#13009]

1769.	[port]		win32: change compiler flags /MTd ==> /MDd,
			/MT ==> /MD.

1767.	[port]		Builds on IPv6 platforms without IPv6 Advanced API
			support for (struct in6_pktinfo) failed.  [RT #13077]

1766.	[bug]		Update the master file timestamp on successful refresh
			as well as the journal's timestamp. [RT# 13062]

1764.	[bug]		dns_zone_replacedb failed to emit a error message
			if there was no SOA record in the replacment db.
			[RT #13016]

1760.	[bug]		Host / net unreachable was not penalising rtt
			estimates. [RT #12970]

1753.	[bug]		Don't serve a slave zone which has no NS records.
			[RT #12894]

1752.	[port]		Move isc_app_start() to after ns_os_daemonise()
			as some fork() implementations unblock the signals
			that are blocked by isc_app_start(). [RT #12810]

1750.	[port]		lib/bind/make/rules.in:subdirs was not bash friendly.
			[RT #12864]

1747.	[bug]		BIND 8 compatability: named/named-checkconf failed
			to parse "host-statistics-max" in named.conf.

1744.	[bug]		If tuple2msgname() failed to convert a tuple to
			a name a REQUIRE could be triggered. [RT #12796]

1743.	[bug]		If isc_taskmgr_create() was not able to create the
			requested number of worker threads then destruction
			of the manager would trigger an INSIST() failure.
			[RT #12790]
1742.	[bug]		Deleting all records at a node then adding a
			previously existing record, in a single UPDATE
			transaction, failed to leave / regenerate the
			associated SIG records. [RT #12788]

1741.	[bug]		Deleting all records at a node in a secure zone
			using a update-policy grant failed. [RT #12787]

1740.	[bug]		Replace rbt's hash algorithm as it performed badly
			with certain zones. [RT #12729]
			NOTE: a hash context now needs to be established
			via isc_hash_create() if the application was not
			already doing this.

1739.	[bug]		dns_rbt_deletetree() could incorrectly return
			ISC_R_QUOTA.  [RT #12695]

1738.	[bug]		Enable overrun checking by default. [RT #12695]

1734.	[cleanup]	'rndc-confgen -a -t' remove extra '/' in path.
			[RT #12588]

1733.	[bug]		Return non-zero exit status on initial load failure.
			[RT #12658]

1731.	[port]		darwin: relax version test in ifconfig.sh.
			[RT #12581]

1730.	[port]		Determine the length type used by the socket API.
			[RT #12581]

1726.	[port]		aix5: add support for aix5.

1725.	[port]		linux: update error message on interaction of threads,
			capabilities and setuid support (named -u). [RT #12541]

1723.	[cleanup]	Silence compiler warnings from t_tasks.c. [RT #12493]

1722.	[bug]		Don't commit the journal on malformed ixfr streams.
			[RT #12519]

1721.	[bug]		Error message from the journal processing were not
			always identifing the relevent journal. [RT #12519]

1720.	[bug]		'dig +chase' did not terminate on a RFC 2308 Type 1
			negative response. [RT #12506]

1719.	[bug]		named was not correctly caching a RFC 2308 Type 1
			negative response. [RT #12506]

1718.	[bug]		nsupdate was not handling RFC 2308 Type 3 negative
			responses when looking for the zone / master server.
			[RT #12506]

1717.	[port]		solaris: ifconfig.sh did not support Solaris 10.
			"ifconfig.sh down" didn't work for Solaris 9.

1716.	[doc]		named.conf(5) was being installed in the wrong
			location.  [RT# 12441]

1714.	[bug]		dig/host/nslookup were only trying the first
			address when a nameserver was specified by name.
			[RT #12286]

1713.	[port]		linux: extend capset failure message to say:
			please ensure that the capset kernel module is
			loaded.  see insmod(8)

	--- 9.2.4 released ---

	--- 9.2.4rc8 released ---

1709.	[port]		solaris: add SMF support from Sun.

1708.	[cleanup]	Replaced dns_fullname_hash() with dns_name_fullhash()
			for conformance to the name space convention.  Binary
			backward compatibility to the old function name is
			provided. [RT #12376]

1707.	[contrib]	sdb/ldap updated to version 1.0-beta.

1704.	[port]		lwres needed a snprintf() implementation for
			platforms without snprintf(). [RT #12321]

1701.	[doc]		A minimal named.conf man page.

1700.	[func]		nslookup is no longer to be treated as deprecated.
			Remove "deprecated" warning message.  Add man page.

1698.	[doc]		Use reserved IPv6 documentation prefix.

	--- 9.2.4rc7 released ---

1694.	[bug]		Report if the builtin views of "_default" / "_bind"
			are defined in named.conf. [RT #12023]

1692.	[bug]		Don't set -I, -L and -R flags when libcrypto is in
			/usr/lib. [RT #11971]

1691.	[bug]		sdb's attachversion was not complete. [RT #11990]

1690.	[bug]		Delay detaching view from the client until UPDATE
			processing completes when shutting down. [RT #11714]

1689.	[bug]		DNS_NAME_TOREGION() macros contained a gratuitous
			semicolons. [RT #11707]

1688.	[bug]		LDFLAGS was not supported.

1687.	[bug]		Race condition in dispatch. [RT #10272]

1686.	[bug]		Named sent a extraneous NOTIFY when it received a
			redundant UPDATE request. [RT #11943]

	--- 9.2.4rc6 released ---

1685.	[bug]		Change #1679 loop tests weren't quite right.

1682.	[port]		Update configure test for (long long) printf format.
			[RT #5066]

1681.	[bug]		Only set SO_REUSEADDR when a port is specified in
			isc_socket_bind(). [RT #11742]

1679.	[bug]		When there was a single nameserver with multiple
			addresses for a zone not all addresses were tried.
			[RT #11706]

1672.	[cleanup]	Tests which only function in a threaded build
			now return R:THREADONLY (rather than R:UNTESTED)
			in a non-threaded build.

1671.	[contrib]	queryperf: add NAPTR to the list of known types.

1669.	[bug]		Restore "update forwarding denied" log messages
			accidentally suppressed by change #1633. [RT# 11657]

1660.	[bug]		win32: connection_reset_fix() was being called
			unconditionally.  [RT #11595]

	--- 9.2.4rc5 released ---

1655.	[bug]		Logging multiple versions w/o a size was broken.
			[RT #11446]

1654.	[bug]		isc_result_totext() contained array bounds read

1650.	[bug]		dig, nslookup: flush standard out after each command.

1649.	[bug]		Silence "unexpected non-minimal diff" message.
			[RT #11206]

1646.	[bug]		win32: logging file versions didn't work with
			non-UNC filenames.  [RT#11486]

1644.	[bug]		Update the journal modification time after a
			sucessfull refresh query. [RT #11436]

1643.	[bug]		dns_db_closeversion() could leak memory / node
			references. [RT #11163]

	--- 9.2.4rc4 released ---

1640.	[bug]		win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
			incorrectly closing the socket.  [RT #11291]

1634.	[bug]		named didn't supply a useful error message when it
			detected duplicate views.  [RT #11208]

1633.	[bug]		named should return NOTIMP to update requests to a
			slaves without a allow-update-forwarding acl specified.
			[RT #11331]

1632.	[bug]		nsupdate failed to send prerequisite only UPDATE
			messages. [RT #11288]

1627.	[bug]		win32: sockets were not being closed when the
			last external reference was removed. [RT# 11179]

	--- 9.2.4rc3 released ---

1623.	[bug]		A serial number of zero was being displayed in the
			"sending notifies" log message when also-notify was
			used. [RT #11177]

1621.	[bug]		match-destinations did not work for IPv6 TCP queries.
			[RT# 11156]

1619.	[bug]		Missing ISC_LIST_UNLINK in end_reserved_dispatches().
			[RT# 11118]

1617.	[port]		win32: VC++ 6.0 support.

1616.	[compat]	Ensure that named's version is visible in the core
			dump. [RT #11127]

1615.	[port]		Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
			it is defined.

1614.	[port]		win32: silence resource limit messages. [RT# 11101]

1610.	[bug]		On dual stack machines "dig -b" failed to set the
			address type to be looked up with "@server".
			[RT #11069]

1600.	[bug]		Duplicate zone pre-load checks were not case

1599.	[bug]		Fix memory leak on error path when checking named.conf.

	--- 9.2.4rc2 released ---

1607.	[bug]		dig, host and nslookup were still using random()
			to generate query ids. [RT# 11013]

1604.	[bug]		A xfrout_ctx_create() failure would result in
			xfrout_ctx_destroy() being called with a
			partially initialized structure.
1603.	[bug]		nsupdate: set interactive based on isatty().
			[RT# 10929]

1602.	[bug]		Logging to a file failed unless a size was specified.
			[RT# 10925]

1601.	[bug]		Silence spurious warning 'both "recursion no;" and 
			"allow-recursion" active' warning from view "_bind".
			[RT# 10920]

1455.   [bug]           <netaddr> missing from server grammar in
                        doc/misc/options. [RT #5616]

1593.	[bug]		rndc should return "unknown command" to unknown
			commands. [RT# 10642]

	--- 9.2.4rc1 released ---

1592.	[bug]		configure_view() could leak a dispatch. [RT# 10675]

1591.	[bug]		libbind: updated to BIND 8.4.5.

1590.	[port]		netbsd: update thread support.

1588.	[bug]		win32: TCP sockets could become blocked. [RT #10115]

1587.	[bug]		dns_message_settsigkey() failed to clear existing key.
			[RT #10590]

1585.	[bug]		allow-v6-synthesis was not performing lookups under
			IP6.INT.  allow-v6-synthesis now performs a nibble
			lookups under IP6.ARPA rather than a bitstring lookups.
			[RT #10497]

			NOTE: allow-v6-synthesis has been deprecated.

1584.	[bug]		"make test" failed with a read only source tree.
			[RT #10461]

1583.	[bug]		Records add via UPDATE failed to get the correct trust
			level. [RT #10452]

1582.	[bug]		rrset-order failed to work on RRsets with more
			than 32 elements. [RT #10381]

1580.	[bug]		Zone destruction on final detach takes a long time.
			[RT #3746]

1579.	[bug]		Multiple task managers could not be created.

1578.	[bug]		Don't use CLASS E IPv4 addresses when resolving.
			[RT #10346]

1577.	[bug]		Use isc_uint32_t in ultrasparc optimizer bug
			workaround code. [RT #10331]

1576.	[bug]		Race condition in dns_dispatch_addresponse().
			[RT# 10272]

1574.	[bug]		Don't attempt to open the controls socket(s) when
			running tests. [RT #9091]

1573.	[port]		linux: update to libtool 1.5.2 so that
			"make install DESTDIR=/xx" works with
			"configure --with-libtool".  [RT #9941]

1572.	[bug]		nsupdate: sign the soa query to find the enclosing
			zone if the server is specified. [RT #10148]

1571.	[bug]		rbt:hash_node() could fail leaving the hash table
			in an inconsistent state.  [RT #10208]

1570.	[bug]		nsupdate failed to handle classes other than IN.
			New keyword 'class' which sets the default class.
			[RT #10202]

1568.	[bug]		nsupdate now reports that the update failed in
			interactive mode. [RT# 10236]

1567.	[bug]		B.ROOT-SERVERS.NET is now

1566.	[port]		Support for the cmsg framework on Solaris and HP/UX.
			This also solved the problem that match-destinations
			for IPv6 addresses did not work on these systems.
			[RT #10221]

1563.	[bug]		Gracefully fail when unable to obtain neither an IPv4
			nor an IPv6 dispatch. [RT #10230]

1562.	[bug]		isc_socket_create() and isc_socket_accept() could
			leak memory under error conditions. [RT #10230]

1561.	[bug]		It was possible to release the same name twice if
			named ran out of memory. [RT #10197]

1559.	[port]		named should ignore SIGFSZ.

1556.	[bug]		nsupdate now treats all names as fully qualified.
			[RT #6427]

1553.	[bug]		The windows socket code could stop accepting

1552.	[bug]		Accept NOTIFY requests from mapped masters if
			matched-mapped is set. [RT #10049]

1551.	[port]		Open "/dev/null" before calling chroot().

1550.	[port]		Call tzset(), if available, before calling chroot().

1547.	[bug]		Named wasted memory recording duplicate lame zone
			entries. [RT #9341]

1546.	[bug]		We were rejecting valid secure CNAME to negative

1545.	[bug]		It was possible to leak memory if named was unable to
			bind to the specified transfer source and TSIG was
			being used. [RT #10120]

1544.	[bug]		Named would logged a single entry to a file despite it
			being over the specified size limit.

1543.	[bug]		Logging using "versions unlimited" did not work.

1542.	[bug]		Reversed timestamp sanity test on SIG. [RT #10095]

1540.	[bug]		"rndc reload <dynamiczone>" was silently accepted.
			[RT #8934]

1539.	[bug]		Open UDP sockets for notify-source and transfer-source
			that use reserved ports at startup. [RT #9475]

1536.	[bug]		Windows socket code failed to log a error description
			when returning ISC_R_UNEXPECTED. [RT #9998]

1535.	[bug]		dig -x of a partial IPv4 address broken. [RT# 9949]

1534.	[bug]		Race condition when priming cache. [RT# 9940]

1533.	[func]		Warn if both "recursion no;" and "allow-recursion"
			are active. [RT# 4389]

1532.	[port]		netbsd: the configure test for <sys/sysctl.h>
			requires <sys/param.h>.

1531.	[port]		AIX more libtool fixes.

1530.	[bug]		It was possible to trigger a INSIST() failure if a
			slave master file was removed at just the correct
			moment. [RT #9462]

1529.	[bug]		"notify explicit;" failed to log that NOTIFY messages
			were being sent for the zone. [RT #9442]

1025.	[bug]		Don't use multicast addresses to resolve iterative
			queries. [RT #101]

	--- 9.2.3 released ---

1525.	[bug]		dns_cache_create() could trigger a REQUIRE
			failure in isc_mem_put() during error cleanup.

1524.	[port]		AIX needs to be able to resolve all symbols when
			creating shared libraries (--with-libtool).

1523.	[bug]		Fix race condition in rbtdb. [RT# 9189]

1522.	[bug]		dns_db_findnode() relax the requirements on 'name'.
			[RT# 9286]

1518.	[bug]		dns_nxt_buildrdata(), and hence dns_nxt_build(),
			contained a off-by-one error when working out the
			number of octets in the bitmap.

1514.	[bug]		named: isc_hash_destroy() was being called too early.
			[RT #9160]

1513.	[doc]		Add "US" to root-delegation-only exclude list.

	--- 9.2.3rc4 released ---

1512.	[bug]		Extend the delegation-only logging to return query
			type, class and responding nameserver.

1511.	[bug]		delegation-only was generating false positives
			on negative answers from subzones.

	--- 9.2.3rc3 released ---

1510.	[func]		New view option "root-delegation-only".  Apply
			delegation-only check to all TLDs and root.
			Note there are some TLDs that are NOT delegation
			only (e.g. DE, LV, US and MUSEUM) these can be excluded
			from the checks by using exclude.

			root-delegation-only exclude {
				"DE"; "LV"; "US"; "MUSEUM";

1509.	[bug]		Hint zones should accept delegation-only.  Forward
			zone should not accept delegation-only.

1508.	[bug]		Don't apply delegation-only checks to answers from

1507.	[bug]		Handle BIND 8 style returns to NS queries to parents
			when making delegation-only checks.

1506.	[bug]		Wrong return type for dns_view_isdelegationonly().

	--- 9.2.3rc2 released ---

1505.	[bug]		Uninitialized rdataset in sdb. [RT #8750]

1504.	[func]		New zone type "delegation-only".

1503.	[port]		win32: install libeay32.dll outside of system32.

	--- 9.2.3rc1 released ---

1499.	[bug]		isc_random need to be seeded better if arc4random()
			is not used.

1498.	[port]		bsdos: 5.x support.

1497.	[protocol]	dig, nslookup and host now perform nibble lookups
			under IP6.ARPA, use -i for IP6.INT (dig and host).
			lwres now uses IP6.ARPA.

1496.	[port]		test for pthread_attr_setstacksize().

1495.	[cleanup]	Replace hash functions with universal hash.

1494.	[security]	Turn on RSA BLINDING as a precaution.

1493.	[doc]		A6 and "bitstring" labels are now experimental.

1492.	[cleanup]	Preserve rwlock quota context when upgrading /
			downgrading. [RT #5599]

1491.	[bug]		dns_master_dump*() would produce extraneous $ORIGIN
			lines. [RT #6206]

1490.	[bug]		Accept reading state as well as working state in
			ns_client_next(). [RT #6813]

1489.	[compat]	Treat 'allow-update' on slave zones as a warning.
			[RT #3469]

1488.	[bug]		Don't override trust levels for glue addresses.
			[RT #5764]

1487.	[bug]		A REQUIRE() failure could be triggered if a zone was
			queued for transfer and the zone was then removed.
			[RT #6189]

1486.	[bug]		isc_print_snprintf() '%%' consumed one too many format
			characters. [RT# 8230]

1485.	[bug]		gen failed to handle high type values. [RT #6225]

1484.	[bug]		The number of records reported after a AXFR was wrong.
			[RT #6229]

1483.	[bug]		dig axfr failed if the message id in the answer failed
			to match that in the request.  Only the id in the first
			message is required to match. [RT #8138]

1482.	[bug]		named could fail to start if the kernel supports
			IPv6 but no interfaces are configured.  Similarly
			for IPv4. [RT #6229]

1481.	[bug]		Refresh and stub queries failed to use masters keys
			if specified. [RT #7391]

1480.	[bug]		Provide replay protection for rndc commands.  Full
			replay protection requires both rndc and named to
			be updated.  Partial replay protection (limited
			exposure after restart) is provided if just named
			is updated.

1479.	[bug]		cfg_create_tuple() failed to handle out of
			memory cleanup.  parse_list() would leak memory
			on syntax errors.

1478.	[port]		ifconfig.sh didn't account for other virtual
			interfaces.  It now takes a optional argument
			to specify the first interface number. [RT #3907]

1477.	[bug]		memory leak using stub zones and TSIG.

1476.	[port]		win32: port unreachables were blocking further i/o
			on sockets (Windows 2000 SP2 and later).

1473.	[bug]		create_map() and create_string() failed to handle out
			of memory cleanup.  [RT #6813]

1472.	[contrib]	idnkit-1.0 from JPNIC, replaces mdnkit.

1471.	[bug]		libbind: updated to BIND 8.4.0.

1470.	[bug]		Incorrect length passed to snprintf. [RT #5966]

1466.	[bug]		lwresd configuration errors resulted in memory
			and lock leaks.  [RT #5228]

1465.	[bug]		isc_base64_decodestring() and isc_base64_tobuffer()
			failed to check that trailing bits were zero allowing
			some invalid base64 strings to be accepted.  [RT #5397]

1464.	[bug]		Preserve "out of zone" data for outgoing zone
			transfers. [RT #5192]

1463.	[bug]		dns_rdata_from{wire,struct}() failed to catch bad
			NXT bit maps. [RT #5577]

1462.	[bug]		parse_sizeval() failed to check the token type.
			[RT #5586]

1461.	[bug]		Remove deadlock from rbtdb code. [RT #5599]

1460.	[bug]		inet_pton() failed to reject certain malformed
			IPv6 literals.

1459.	[bug]		win32: we were leaking a bits in the exception
			fd_set resulting in "Socket operation on non-socket"
			errors from select(). [RT #2966]

1456.	[contrib]	gen-data-queryperf.py from Stephane Bortzmeyer.

1453.	[doc]		ARM: $GENERATE example wasn't accurate. [RT #5298]

1452.	[bug]		Bad #ifdef, ISC_RFC2335 -> ISC_RFC2535.

1451.	[bug]		rndc-confgen didn't exit with a error code for all
			failures. [RT #5209]

1450.	[bug]		Fetching expired glue failed under certain
			circumstances.  [RT #5124]

1449.	[bug]		query_addbestns() didn't handle running out of memory

1448.	[bug]		Handle empty wildcards labels.

1447.	[bug]		We were casting (unsigned int) to and from (void *).
			rdataset->private4 is now rdataset->privateuint4
			to reflect a type change.

1445.	[bug]		DNS_ADBFIND_STARTATROOT broke stub zones.  This has
			been replaced with DNS_ADBFIND_STARTATZONE which
			causes the search to start using the closest zone.

1439.	[bug]		Named could return NOERROR with certain NOTIFY
			failures.  Return NOTAUTH if the NOTIFY zone is
			not being served.

1435.	[bug]		zmgr_resume_xfrs() was being called read locked
			rather than write locked.  zmgr_resume_xfrs()
			was not being called if the zone was being

1437.	[bug]		Leave space for stdio to work in. [RT #5033]

1434.	[bug]		"rndc reconfig" failed to initiate the initial
			zone transfer of new slave zones.

1431.	[bug]		isc_print_snprintf() "%s" with precision could walk off
			end of argument. [RT #5191]

1429.	[bug]		Prevent the cache getting locked to old servers.

1424.	[bug]		EDNS version not being correctly printed.

1423.	[contrib]	queryperf: added A6 and SRV.

1420.	[port]		solaris: work around gcc optimizer bug.

1419.	[port]		openbsd: use /dev/arandom. [RT #4950]

1418.	[bug]		'rndc reconfig' did not cause new slaves to load.

1416.	[bug]		Empty node should return NOERROR NODATA, not NXDOMAIN.
			[RT #4715]

1411.	[bug]		empty nodes should stop wildcard matches. [RT #4802]

1408.	[bug]		"make distclean" was not complete. [RT #4700]

1407.	[bug]		lfsr incorrectly implements the shift register.
			[RT #4617]

1406.	[bug]		dispatch initializes one of the LFSR's with a incorrect
			polynomial.  [RT #4617]

1405.	[func]		Use arc4random() if available.

1401.	[bug]		adb wasn't clearing state when the timer expired.

1399.	[bug]		Use serial number arithmetic when testing SIG
			timestamps. [RT #4268]

1397.	[bug]		J.ROOT-SERVERS.NET is now

1389.	[bug]		named could fail to rotate long log files.  [RT #3666]

1388.	[port]		irix: check for sys/sysctl.h and NET_RT_IFLIST before
			defining HAVE_IFLIST_SYSCTL. [RT #3770]

1387.	[bug]		named could crash due to an access to invalid memory
			space (which caused an assertion failure) in
			incremental cleaning.  [RT #3588]

1385.	[bug]		Setting serial-query-rate to 10 would trigger a
			REQUIRE failure.

1384.	[bug]		host was incompatible with BIND 8 in its exit code and
			in the output with the -l option.  [RT #3536]

1373.	[bug]		Recovery from expired glue failed under certain

1372.	[bug]		named crashes with an assertion failure on exit when
			sharing the same port for listening and querying, and
			changing listening addresses several times. [RT# 3509]

1370.	[bug]		dig '+[no]recurse' was incorrectly documented.

1369.	[bug]		Adding an NS record as the lexicographically last
			record in a secure zone didn't work.

1366.	[contrib]	queryperf usage was incomplete.  Add '-h' for help.

1348.	[port]		win32: Rewrote code to use I/O Completion Ports
			in socket.c and eliminating a host of socket
			errors. Performance is enhanced.

1333.	[contrib]	queryperf now reports a summary of returned
			rcodes (-c), rcodes are printed in mnemonic form (-v).

1299.	[bug]		Set AI_ADDRCONFIG when looking up addresses
			via getaddrinfo() (affects dig, host, nslookup, rndc
			and nsupdate).

1199.	[doc]		ARM reference to RFC 2157 should have been RFC 1918.
			[RT #2436]

1122.	[tuning]	Resolution timeout reduced from 90 to 30 seconds.
			[RT #2046]

 992.	[doc]		dig: ~/.digrc is now documented.

	--- 9.2.2 released ---

1428.	[port]		hpux: temporary work around of hpux 11.11 interface

1427.	[bug]		Race condition in adb with threaded build.

1426.	[cleanup]	Disable RFC2535 style DNSSEC.  This is incompatible
			with the forthcoming DS style DNSSEC.

1425.	[port]		linux/libbind: define __USE_MISC when testing *_r()
			function prototypes in netdb.h.  [RT #4921]

1395.	[port]		OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
			have a working implementation.  [RT #4079]

1382.	[bug]		make install failed with --enable-libbind. [RT #3656]

1381.	[bug]		named failed to correctly process answers that
			contained DNAME records where the resulting CNAME
			resulted in a negative answer.

	--- 9.2.2rc1 released ---

1360.	[bug]		--enable-libbind would fail when not built in the
			source tree for certain OS's.

1359.	[security]	Support patches OpenSSL libraries.

1358.	[bug]		It was possible to trigger a INSIST when debugging
			large dynamic updates. [RT #3390]

1357.	[bug]		nsupdate was extremely wasteful of memory.

1356.	[tuning]	Reduce the number of events / quantum for zone tasks.

1354.	[doc]		lwres man pages had illegal nroff.

1353.	[contrib]	sdb/ldap to version 0.9.

1352.	[bug]		dig, host, nslookup when falling back to TCP use the
			current search entry (if any). [RT #3374]

1351.	[bug]		lwres_getipnodebyname() returned the wrong name
			when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
			was set.

1350.	[bug]		dns_name_fromtext() failed to handle too many labels

1349.	[security]	Minimum OpenSSL version now 0.9.6e (was 0.9.5a).

1346.	[bug]		Win32: select timeout in socket.c was too small
			as value given was meant to be milliseconds and
			timeval structure requires microseconds. This
			caused high CPU loads with a compute bound loop.
			[RT #3358]

1345.	[port]		Use a explicit -Wformat with gcc.  Not all versions
			include it in -Wall.

1340.	[bug]		Delay and spread out the startup refresh load.

1335.	[bug]		When performing a nonexistence proof, the validator
			should discard parent NXTs from higher in the DNS.

1334.	[bug]		When signing/verifying rdatasets, duplicate rdatas
			need to be suppressed.

1330.	[bug]		When processing events (non-threaded) only allow
			the task one chance to use to use its quantum.

1327.	[bug]		The validator would incorrectly mark data as insecure
			when seeing a bogus signature before a correct

1326.	[bug]		DNAME/CNAME signatures were not being cached when
			validation was not being performed. [RT #3284]

1325.	[bug]		If the tcpquota was exhausted it was possible to
			to trigger a INSIST() failure.

1324.	[port]		darwin: ifconfig.sh now supports darwin.

1323.	[port]		linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]

1320.	[doc]		query-source-v6 was missing from options section.
			[RT #3218]

1319.	[func]		libbind: log attempts to exploit #1318.

1318.	[bug]		libbind: Remote buffer overrun.

1317.	[port]		libbind: TrueUNIX 5.1 does not like __align as a
			element name.

1316.	[bug]		libbind: gethostans() could get out of sync parsing
			the response if there was a very long CNAME chain.

1315.	[bug]		Options should apply to the internal _bind view.

1314.	[port]		Handle ECONNRESET from sendmsg() [unix].

1311.	[bug]		lwres_getrrsetbyname leaked memory.  [RT #3159]

1310.	[bug]		'rndc stop' failed to cause zones to be flushed
			sometimes. [RT #3157]

1307.	[bug]		nsupdate: allow white space base64 key data.

1306.	[bug]		Badly encoded LOC record when the size, horizontal
			precision or vertical precision was 0.1m.

1305.	[bug]		Document that internal zones are included in the
			rndc status results.

1298.	[bug]		The CINCLUDES macro in lib/dns/sec/dst/Makefile
			could be left with a trailing "\" after configure
			has been run.

1297.	[port]		linux: make handling EINVAL from socket() no longer
			conditional on #ifdef LINUX.

1296.	[bug]		isc_log_closefilelogs() needed to lock the log

1295.	[bug]		isc_log_setdebuglevel() needed to lock the log

1294.	[func]		libbind: no longer attempts bit string labels for
			IPv6 reverse resolution.  Try IP6.ARPA then IP6.INT
			for nibble style resolution.

1289.	[port]		See if -ldl is required for OpenSSL? [RT #2672]

1288.	[bug]		Adjusted REQUIRE's in lib/dns/name.c to better
			reflect written requirements.

1287.	[bug]		REQUIRE that DNS_DBADD_MERGE only be set when adding
			a rdataset to a zone db in the rbtdb implementation of

1286.	[bug]		dns_name_downcase() enforce requirement that
			target != NULL or name->buffer != NULL.

1284.	[bug]		The RTT estimate on unused servers was not aged.
			[RT #2569]

1282.	[port]		libbind: hpux 11.11 interface scanning.

1280.	[bug]		libbind: escape '(' and ')' when converting to
			presentation form.

1279.	[port]		Darwin uses (unsigned long) for size_t. [RT #2590]

1276.	[bug]		libbind: const pointer conflicts in res_debug.c.

1275.	[port]		libbind: hpux: treat all hpux systems as BIG_ENDIAN.

1274.	[bug]		Memory leak in lwres_gnbarequest_parse().

1273.	[port]		libbind: solaris: 64 bit binary compatibility.

1272.	[contrib]	Berkeley DB 4.0 sdb implementation from
			Nuno Miguel Rodrigues <nmr@xxxxxxxxxx>.

1270.	[bug]		Check that system inet_pton() and inet_ntop() support

1269.	[port]		Openserver: ifconfig.sh support.

1268.	[port]		Openserver: the value FD_SETSIZE depends on whether
			<sys/param.h> is included or not.  Be consistent.

			are not C++ compatible, use *_TYPE versions instead.

1265.	[bug]		libbind: LINK_INIT and UNLINK were not compatible with
			C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.

1263.	[bug]		Reference after free error if dns_dispatchmgr_create()

1262.	[bug]		ns_server_destroy() failed to set *serverp to NULL.

1261.	[func]		libbind: ns_sign2() and ns_sign_tcp() now provide
			support for compressed TSIG owner names.

1260.	[func]		libbind: res_update can now update IPv6 servers,
			new function res_findzonecut2().

1259.	[bug]		libbind: get_salen() IPv6 support was broken for OSs
			w/o sa_len.

1258.	[bug]		libbind: res_nametotype() and res_nametoclass() were

1257.	[bug]		Failure to write pid-file should not be fatal on
			reload. [RT #2861]

1256.	[contrib]	'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.

1255.	[bug]		When verifying that an NXT proves nonexistence, check
			the rcode of the message and only do the matching NXT
			check.  That is, for NXDOMAIN responses, check that
			the name is in the range between the NXT owner and
			next name, and for NOERROR NODATA responses, check
			that the type is not present in the NXT bitmap.

1253.	[bug]		The dnssec system test failed to remove the correct

1252.	[bug]		Dig, host and nslookup were not checking the address
			the answer was coming from against the address it was
			sent to. [RT# 2692]

1248.	[bug]		DESTDIR was not being propagated between makes.

1245.	[bug]		Treat ENOBUFS, ENOMEM and ENFILE as soft errors for

1242.	[bug]		named-checkzone failed if a journal existed. [RT #2657]

1241.	[bug]		Drop received UDP messages with a zero source port
			as these are invariably forged. [RT #2621]

1209.	[bug]		Dig, host, nslookup were not checking the message ids
			on the responses. [RT #2454]

1097.	[func]		libbind: RES_PRF_TRUNC for dig.

1096.	[func]		libbind: "DNSSEC OK" (DO) support.

1095.	[func]		libbind: resolver option: no-tld-query.  disables
			trying unqualified as a tld.  no_tld_query is also
			supported for FreeBSD compatibility.

1094.	[func]		libbind: add support gcc's format string checking.

1089.	[func]		libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6

	--- 9.2.1 released ---

1251.	[port]		win32: a make file contained absolute version specific

1249.	[bug]		Missing masters clause was not handled gracefully.
			[RT #2703]

1244.	[bug]		Receiving a TCP message from a blackhole address would
			prevent further messages being received over that

1178.	[bug]		Follow and cache (if appropriate) A6 and other
			data chains to completion in the additional section.

	--- 9.2.1rc2 released ---

1240.	[bug]		It was possible to leak zone references by
			specifying an incorrect zone to rndc.

1239.	[bug]		Under certain circumstances named could continue to
			use a name after it had been freed triggering
			INSIST() failures.  [RT #2614]

1238.	[bug]		It is possible to lockup the server when shutting down
			if notifies were being processed. [RT #2591]

1237.	[bug]		nslookup: "set q=type" failed.

1236.	[bug]		dns_rdata{class,type}_fromtext() didn't handle non
			NULL terminated text regions. [RT #2588]

1232.	[bug]		unix/errno2result() didn't handle EADDRNOTAVAIL.

1231.	[port]		HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.

1230.	[bug]		isccc_cc_isreply() and isccc_cc_isack() were broken.

1229.	[bug]		named would crash if it received a TSIG signed
			query as part of an AXFR response. [RT #2570]

1228.	[bug]		'make install' did not depend on 'make all'. [RT #2559]

1227.	[bug]		dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
			if a number was expected and some other token was
			found. [RT#2532]

1222.	[bug]		Specifying 'port *' did not always result in a system
			selected (non-reserved) port being used. [RT #2537]

1221.	[bug]		Zone types 'master', 'slave' and 'stub' were not being
			compared case insensitively. [RT #2542]

1218.	[bug]		Named incorrectly returned SERVFAIL rather than
			NOTAUTH when there was a TSIG BADTIME error. [RT #2519]

1216.	[bug]		Multiple server clauses for the same server were not
			reported.  [RT #2514]

1215.	[port]		solaris: add support to ifconfig.sh for x86 2.5.1

1214.	[bug]		Win32: isc_file_renameunique() could leave zero length
			files behind.

1212.	[port]		libbind: 64k answer buffers were causing stack space
			to be exceeded for certain OS.  Use heap space instead.

1211.	[bug]		dns_name_fromtext() incorrectly handled certain
			valid octal bitlabels. [RT #2483]

1210.	[bug]		libbind: getnameinfo() failed to lookup IPv4 mapped /
			compatible addresses. [RT #2461]

1208.	[bug]		dns_master_load*() failed to log a error message if
			an error was detected when parsing the ownername of
			a record.  [RT #2448]

	--- 9.2.1rc1 released ---

1207.	[bug]		libbind: getaddrinfo() could call freeaddrinfo() with
			an invalid pointer.

1206.	[bug]		SERVFAIL and NOTIMP responses to an EDNS query should
			trigger a non-EDNS retry.

1205.	[bug]		OPT, TSIG and TKEY cannot be used to set the "class"
			of the message. [RT #2449]

1204.	[bug]		libbind: res_nupdate() failed to update the name
			server addresses before sending the update.

1201.	[bug]		Require that if 'callbacks' is passed to
			dns_rdata_fromtext(), callbacks->error and
			callbacks->warn are initialized.

1200.	[bug]		Log 'errno' that we are unable to convert to
			isc_result_t. [RT #2404]

1198.	[bug]		OPT printing style was not consistent with the way the
			header fields are printed.  The DO bit was not reported
			if set.  Report if any of the MBZ bits are set.

1197.	[bug]		Attempts to define the same acl multiple times were not

1196.	[contrib]	update mdnkit to 2.2.3.

1195.	[bug]		Attempts to redefine builtin acls should be caught.
			[RT #2403]

1194.	[bug]		Not all duplicate zone definitions were being detected
			at the named.conf checking stage. [RT #2431]

1193.	[bug]		Best effort parsing didn't handle packet truncation.

1191.	[bug]		A dynamic update removing the last non-apex name in
			a secure zone would fail. [RT #2399]

1189.	[bug]		On some systems, malloc(0) returns NULL, which
			could cause the caller to report an out of memory
			error. [RT #2398]

1188.	[bug]		Dynamic updates of a signed zone would fail if
			some of the zone private keys were unavailable.

1186.	[bug]		isc_hex_tobuffer(,,length = 0) failed to unget the
			EOL token when reading to end of line.

1185.	[bug]		libbind: don't assume statp->_u._ext.ext is valid
			unless RES_INIT is set when calling res_*init().

1184.	[bug]		libbind: call res_ndestroy() if RES_INIT is set
			when res_*init() is called.

1183.	[bug]		Handle ENOSR error when writing to the internal
			control pipe. [RT #2395]

1182.	[bug]		The server could throw an assertion failure when
			constructing a negative response packet.

1176.	[doc]		Document that allow-v6-synthesis is only performed
			for clients that are supplied recursive service.
			[RT #2260]

1175.	[bug]		named-checkzone failed to call dns_result_register()
			at startup which could result in runtime
			exceptions when printing "out of memory" errors.
			[RT #2335]

1174.	[bug]		Win32: add WSAECONNRESET to the expected errors
			from connect(). [RT #2308]

1173.	[bug]		Potential memory leaks in isc_log_create() and
			isc_log_settag(). [RT #2336]

1172.	[doc]		Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
			table of RR types in ARM.

1170.	[bug]		Don't attempt to print the token when a I/O error
			occurs when parsing named.conf. [RT #2275]

1168.	[bug]		Empty also-notify clauses were not handled. [RT #2309]

1167.	[contrib]	nslint-2.1a3 (from author).

1166.	[bug]		"Not Implemented" should be reported as NOTIMP,
			not NOTIMPL. [RT #2281]

1165.	[bug]		We were rejecting notify-source{-v6} in zone clauses.

1164.	[bug]		Empty masters clauses in slave / stub zones were not
			handled gracefully. [RT #2262]

1162.	[bug]		The allow-notify option was not accepted in slave
			zone statements.

1161.	[bug]		named-checkzone looped on unbalanced brackets.
			[RT #2248]

1160.	[bug]		Generating Diffie-Hellman keys longer than 1024
			bits could fail. [RT #2241]

1156.	[port]		The configure test for strsep() incorrectly
			succeeded on certain patched versions of
			AIX 4.3.3. [RT #2190]

1154.	[bug]		Don't attempt to obtain the netmask of a interface
			if there is no address configured. [RT #2176]

1152.	[bug]		libbind: read buffer overflows.

1144.	[bug]		rndc-confgen would crash if both the -a and -t
			options were specified. [RT #2159]

1142.	[bug]		dnssec-signzone would fail to delete temporary files
			in some failure cases. [RT #2144]

1141.	[bug]		When named rejected a control message, it would
			leak a file descriptor and memory.  It would also
			fail to respond, causing rndc to hang.
			[RT #2139, #2164]

1140.	[bug]		rndc-confgen did not accept IPv6 addresses as arguments
			to the -s option. [RT #2138]

1136.	[bug]		CNAME records synthesized from DNAMEs did not
			have a TTL of zero as required by RFC2672.
			[RT #2129]

1125.	[bug]		rndc: -k option was missing from usage message.
			[RT #2057]

1124.	[doc]		dig: +[no]dnssec, +[no]besteffort and +[no]fail
			are now documented. [RT #2052]

1123.	[bug]		dig +[no]fail did not match description. [RT #2052]

1109.	[bug]		nsupdate accepted illegal ttl values.

1108.	[bug]		On Win32, rndc was hanging when named was not running
			due to failure to select for exceptional conditions
			in select(). [RT #1870]

1081.	[bug]		Multicast queries were incorrectly identified
			based on the source address, not the destination

1072.	[bug]		The TCP client quota could be exceeded when
			recursion occurred. [RT #1937]

1071.	[bug]		Sockets listening for TCP DNS connections
			specified an excessive listen backlog. [RT #1937]

1070.	[bug]		Copy DNSSEC OK (DO) to response as specified by

1014.	[bug]		Some queries would cause statistics counters to
			increment more than once or not at all. [RT #1321]

1012.	[bug]		The -p option to named did not behave as documented.

 988.	[bug]		'additional-from-auth no;' did not work reliably
			in the case of queries answered from the cache.
			[RT #1436]

 995.	[bug]		dig, host, nslookup: using a raw IPv6 address as a
			target address should be fatal on a IPv4 only system.

	--- 9.2.0 released ---