svn commit: r254897 - in stable/9: contrib/bind9 contrib/bind9/bin contrib/bind9/bin/check contrib/bind9/bin/confgen contrib/bind9/bin/dig contrib/bind9/bin/dig/include/dig contrib/bind9/bin/dnssec...
Erwin Lansing
erwin at FreeBSD.org
Mon Aug 26 07:17:42 UTC 2013
Author: erwin
Date: Mon Aug 26 07:17:41 2013
New Revision: 254897
URL: http://svnweb.freebsd.org/changeset/base/254897
Log:
MFC r254651:
Update Bind to 9.9.3-P2
Notable new features:
* Elliptic Curve Digital Signature Algorithm keys and signatures in
DNSSEC are now supported per RFC 6605. [RT #21918]
* Introduces a new tool "dnssec-verify" that validates a signed zone,
checking for the correctness of signatures and NSEC/NSEC3 chains.
[RT #23673]
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
[RT #28989]
* The new "inline-signing" option, in combination with the
"auto-dnssec" option that was introduced in BIND 9.7, allows
named to sign zones completely transparently.
Approved by: delphij (mentor)
Sponsored by: DK Hostmaster A/S
Added:
stable/9/contrib/bind9/bin/dnssec/dnssec-verify.8
- copied unchanged from r254651, head/contrib/bind9/bin/dnssec/dnssec-verify.8
stable/9/contrib/bind9/bin/dnssec/dnssec-verify.c
- copied unchanged from r254651, head/contrib/bind9/bin/dnssec/dnssec-verify.c
stable/9/contrib/bind9/bin/dnssec/dnssec-verify.docbook
- copied unchanged from r254651, head/contrib/bind9/bin/dnssec/dnssec-verify.docbook
stable/9/contrib/bind9/bin/dnssec/dnssec-verify.html
- copied unchanged from r254651, head/contrib/bind9/bin/dnssec/dnssec-verify.html
stable/9/contrib/bind9/bin/named/bind9.ver3.xsl
- copied unchanged from r254651, head/contrib/bind9/bin/named/bind9.ver3.xsl
stable/9/contrib/bind9/bin/named/bind9.ver3.xsl.h
- copied unchanged from r254651, head/contrib/bind9/bin/named/bind9.ver3.xsl.h
stable/9/contrib/bind9/doc/arm/man.dnssec-verify.html
- copied unchanged from r254651, head/contrib/bind9/doc/arm/man.dnssec-verify.html
stable/9/contrib/bind9/lib/dns/clientinfo.c
- copied unchanged from r254651, head/contrib/bind9/lib/dns/clientinfo.c
stable/9/contrib/bind9/lib/dns/include/dns/clientinfo.h
- copied unchanged from r254651, head/contrib/bind9/lib/dns/include/dns/clientinfo.h
stable/9/contrib/bind9/lib/dns/include/dns/update.h
- copied unchanged from r254651, head/contrib/bind9/lib/dns/include/dns/update.h
stable/9/contrib/bind9/lib/dns/rdata/generic/naptr_35.c
- copied unchanged from r254651, head/contrib/bind9/lib/dns/rdata/generic/naptr_35.c
stable/9/contrib/bind9/lib/dns/rdata/generic/naptr_35.h
- copied unchanged from r254651, head/contrib/bind9/lib/dns/rdata/generic/naptr_35.h
stable/9/contrib/bind9/lib/dns/update.c
- copied unchanged from r254651, head/contrib/bind9/lib/dns/update.c
stable/9/contrib/bind9/lib/isc/include/isc/pool.h
- copied unchanged from r254651, head/contrib/bind9/lib/isc/include/isc/pool.h
stable/9/contrib/bind9/lib/isc/include/isc/queue.h
- copied unchanged from r254651, head/contrib/bind9/lib/isc/include/isc/queue.h
stable/9/contrib/bind9/lib/isc/pool.c
- copied unchanged from r254651, head/contrib/bind9/lib/isc/pool.c
stable/9/usr.sbin/dnssec-verify/
- copied from r254651, head/usr.sbin/dnssec-verify/
Deleted:
stable/9/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c
stable/9/contrib/bind9/lib/dns/rdata/in_1/naptr_35.h
Modified:
stable/9/contrib/bind9/CHANGES
stable/9/contrib/bind9/COPYRIGHT
stable/9/contrib/bind9/HISTORY
stable/9/contrib/bind9/Makefile.in
stable/9/contrib/bind9/README
stable/9/contrib/bind9/bin/Makefile.in
stable/9/contrib/bind9/bin/check/check-tool.c
stable/9/contrib/bind9/bin/check/check-tool.h
stable/9/contrib/bind9/bin/check/named-checkconf.c
stable/9/contrib/bind9/bin/check/named-checkzone.8
stable/9/contrib/bind9/bin/check/named-checkzone.c
stable/9/contrib/bind9/bin/check/named-checkzone.docbook
stable/9/contrib/bind9/bin/check/named-checkzone.html
stable/9/contrib/bind9/bin/confgen/ddns-confgen.c
stable/9/contrib/bind9/bin/confgen/rndc-confgen.c
stable/9/contrib/bind9/bin/dig/Makefile.in
stable/9/contrib/bind9/bin/dig/dig.1
stable/9/contrib/bind9/bin/dig/dig.c
stable/9/contrib/bind9/bin/dig/dig.docbook
stable/9/contrib/bind9/bin/dig/dig.html
stable/9/contrib/bind9/bin/dig/dighost.c
stable/9/contrib/bind9/bin/dig/host.c
stable/9/contrib/bind9/bin/dig/include/dig/dig.h
stable/9/contrib/bind9/bin/dig/nslookup.c
stable/9/contrib/bind9/bin/dnssec/Makefile.in
stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.8
stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.c
stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.docbook
stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html
stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.8
stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.c
stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.docbook
stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.html
stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.8
stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.c
stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.docbook
stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.html
stable/9/contrib/bind9/bin/dnssec/dnssec-revoke.c
stable/9/contrib/bind9/bin/dnssec/dnssec-revoke.docbook
stable/9/contrib/bind9/bin/dnssec/dnssec-settime.8
stable/9/contrib/bind9/bin/dnssec/dnssec-settime.c
stable/9/contrib/bind9/bin/dnssec/dnssec-settime.docbook
stable/9/contrib/bind9/bin/dnssec/dnssec-settime.html
stable/9/contrib/bind9/bin/dnssec/dnssec-signzone.8
stable/9/contrib/bind9/bin/dnssec/dnssec-signzone.c
stable/9/contrib/bind9/bin/dnssec/dnssec-signzone.docbook
stable/9/contrib/bind9/bin/dnssec/dnssec-signzone.html
stable/9/contrib/bind9/bin/dnssec/dnssectool.c
stable/9/contrib/bind9/bin/dnssec/dnssectool.h
stable/9/contrib/bind9/bin/named/Makefile.in
stable/9/contrib/bind9/bin/named/builtin.c
stable/9/contrib/bind9/bin/named/client.c
stable/9/contrib/bind9/bin/named/config.c
stable/9/contrib/bind9/bin/named/control.c
stable/9/contrib/bind9/bin/named/controlconf.c
stable/9/contrib/bind9/bin/named/include/dlz/dlz_dlopen_driver.h
stable/9/contrib/bind9/bin/named/include/named/client.h
stable/9/contrib/bind9/bin/named/include/named/control.h
stable/9/contrib/bind9/bin/named/include/named/globals.h
stable/9/contrib/bind9/bin/named/include/named/interfacemgr.h
stable/9/contrib/bind9/bin/named/include/named/server.h
stable/9/contrib/bind9/bin/named/include/named/zoneconf.h
stable/9/contrib/bind9/bin/named/interfacemgr.c
stable/9/contrib/bind9/bin/named/logconf.c
stable/9/contrib/bind9/bin/named/main.c
stable/9/contrib/bind9/bin/named/named.8
stable/9/contrib/bind9/bin/named/named.conf.5
stable/9/contrib/bind9/bin/named/named.conf.docbook
stable/9/contrib/bind9/bin/named/named.conf.html
stable/9/contrib/bind9/bin/named/named.docbook
stable/9/contrib/bind9/bin/named/named.html
stable/9/contrib/bind9/bin/named/query.c
stable/9/contrib/bind9/bin/named/server.c
stable/9/contrib/bind9/bin/named/statschannel.c
stable/9/contrib/bind9/bin/named/unix/Makefile.in
stable/9/contrib/bind9/bin/named/unix/dlz_dlopen_driver.c
stable/9/contrib/bind9/bin/named/unix/os.c
stable/9/contrib/bind9/bin/named/update.c
stable/9/contrib/bind9/bin/named/xfrout.c
stable/9/contrib/bind9/bin/named/zoneconf.c
stable/9/contrib/bind9/bin/nsupdate/Makefile.in
stable/9/contrib/bind9/bin/nsupdate/nsupdate.1
stable/9/contrib/bind9/bin/nsupdate/nsupdate.c
stable/9/contrib/bind9/bin/nsupdate/nsupdate.docbook
stable/9/contrib/bind9/bin/nsupdate/nsupdate.html
stable/9/contrib/bind9/bin/rndc/rndc.c
stable/9/contrib/bind9/bin/tools/genrandom.8
stable/9/contrib/bind9/bin/tools/genrandom.docbook
stable/9/contrib/bind9/bin/tools/genrandom.html
stable/9/contrib/bind9/bin/tools/nsec3hash.c
stable/9/contrib/bind9/config.h.in
stable/9/contrib/bind9/config.threads.in
stable/9/contrib/bind9/configure.in
stable/9/contrib/bind9/doc/arm/Bv9ARM-book.xml
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch01.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch03.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch04.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch05.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch06.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch07.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch08.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch09.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch10.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.pdf
stable/9/contrib/bind9/doc/arm/dnssec.xml
stable/9/contrib/bind9/doc/arm/man.arpaname.html
stable/9/contrib/bind9/doc/arm/man.ddns-confgen.html
stable/9/contrib/bind9/doc/arm/man.dig.html
stable/9/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html
stable/9/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html
stable/9/contrib/bind9/doc/arm/man.dnssec-keygen.html
stable/9/contrib/bind9/doc/arm/man.dnssec-revoke.html
stable/9/contrib/bind9/doc/arm/man.dnssec-settime.html
stable/9/contrib/bind9/doc/arm/man.dnssec-signzone.html
stable/9/contrib/bind9/doc/arm/man.genrandom.html
stable/9/contrib/bind9/doc/arm/man.host.html
stable/9/contrib/bind9/doc/arm/man.isc-hmac-fixup.html
stable/9/contrib/bind9/doc/arm/man.named-checkconf.html
stable/9/contrib/bind9/doc/arm/man.named-checkzone.html
stable/9/contrib/bind9/doc/arm/man.named-journalprint.html
stable/9/contrib/bind9/doc/arm/man.named.html
stable/9/contrib/bind9/doc/arm/man.nsec3hash.html
stable/9/contrib/bind9/doc/arm/man.nsupdate.html
stable/9/contrib/bind9/doc/arm/man.rndc-confgen.html
stable/9/contrib/bind9/doc/arm/man.rndc.conf.html
stable/9/contrib/bind9/doc/arm/man.rndc.html
stable/9/contrib/bind9/doc/arm/pkcs11.xml
stable/9/contrib/bind9/doc/misc/options
stable/9/contrib/bind9/lib/bind9/api
stable/9/contrib/bind9/lib/bind9/check.c
stable/9/contrib/bind9/lib/dns/Makefile.in
stable/9/contrib/bind9/lib/dns/acache.c
stable/9/contrib/bind9/lib/dns/acl.c
stable/9/contrib/bind9/lib/dns/adb.c
stable/9/contrib/bind9/lib/dns/api
stable/9/contrib/bind9/lib/dns/byaddr.c
stable/9/contrib/bind9/lib/dns/cache.c
stable/9/contrib/bind9/lib/dns/callbacks.c
stable/9/contrib/bind9/lib/dns/client.c
stable/9/contrib/bind9/lib/dns/db.c
stable/9/contrib/bind9/lib/dns/dbtable.c
stable/9/contrib/bind9/lib/dns/diff.c
stable/9/contrib/bind9/lib/dns/dispatch.c
stable/9/contrib/bind9/lib/dns/dns64.c
stable/9/contrib/bind9/lib/dns/dnssec.c
stable/9/contrib/bind9/lib/dns/dst_api.c
stable/9/contrib/bind9/lib/dns/dst_internal.h
stable/9/contrib/bind9/lib/dns/dst_openssl.h
stable/9/contrib/bind9/lib/dns/dst_parse.c
stable/9/contrib/bind9/lib/dns/ecdb.c
stable/9/contrib/bind9/lib/dns/gssapi_link.c
stable/9/contrib/bind9/lib/dns/gssapictx.c
stable/9/contrib/bind9/lib/dns/hmac_link.c
stable/9/contrib/bind9/lib/dns/include/dns/Makefile.in
stable/9/contrib/bind9/lib/dns/include/dns/acache.h
stable/9/contrib/bind9/lib/dns/include/dns/acl.h
stable/9/contrib/bind9/lib/dns/include/dns/adb.h
stable/9/contrib/bind9/lib/dns/include/dns/cache.h
stable/9/contrib/bind9/lib/dns/include/dns/callbacks.h
stable/9/contrib/bind9/lib/dns/include/dns/db.h
stable/9/contrib/bind9/lib/dns/include/dns/dispatch.h
stable/9/contrib/bind9/lib/dns/include/dns/dlz_dlopen.h
stable/9/contrib/bind9/lib/dns/include/dns/dnssec.h
stable/9/contrib/bind9/lib/dns/include/dns/events.h
stable/9/contrib/bind9/lib/dns/include/dns/journal.h
stable/9/contrib/bind9/lib/dns/include/dns/log.h
stable/9/contrib/bind9/lib/dns/include/dns/master.h
stable/9/contrib/bind9/lib/dns/include/dns/masterdump.h
stable/9/contrib/bind9/lib/dns/include/dns/nsec.h
stable/9/contrib/bind9/lib/dns/include/dns/nsec3.h
stable/9/contrib/bind9/lib/dns/include/dns/private.h
stable/9/contrib/bind9/lib/dns/include/dns/rdata.h
stable/9/contrib/bind9/lib/dns/include/dns/rdataset.h
stable/9/contrib/bind9/lib/dns/include/dns/resolver.h
stable/9/contrib/bind9/lib/dns/include/dns/result.h
stable/9/contrib/bind9/lib/dns/include/dns/rpz.h
stable/9/contrib/bind9/lib/dns/include/dns/rriterator.h
stable/9/contrib/bind9/lib/dns/include/dns/sdb.h
stable/9/contrib/bind9/lib/dns/include/dns/sdlz.h
stable/9/contrib/bind9/lib/dns/include/dns/time.h
stable/9/contrib/bind9/lib/dns/include/dns/types.h
stable/9/contrib/bind9/lib/dns/include/dns/view.h
stable/9/contrib/bind9/lib/dns/include/dns/zone.h
stable/9/contrib/bind9/lib/dns/include/dns/zt.h
stable/9/contrib/bind9/lib/dns/include/dst/dst.h
stable/9/contrib/bind9/lib/dns/iptable.c
stable/9/contrib/bind9/lib/dns/journal.c
stable/9/contrib/bind9/lib/dns/key.c
stable/9/contrib/bind9/lib/dns/keytable.c
stable/9/contrib/bind9/lib/dns/log.c
stable/9/contrib/bind9/lib/dns/lookup.c
stable/9/contrib/bind9/lib/dns/master.c
stable/9/contrib/bind9/lib/dns/masterdump.c
stable/9/contrib/bind9/lib/dns/message.c
stable/9/contrib/bind9/lib/dns/nsec.c
stable/9/contrib/bind9/lib/dns/nsec3.c
stable/9/contrib/bind9/lib/dns/openssldh_link.c
stable/9/contrib/bind9/lib/dns/openssldsa_link.c
stable/9/contrib/bind9/lib/dns/opensslecdsa_link.c
stable/9/contrib/bind9/lib/dns/opensslgost_link.c
stable/9/contrib/bind9/lib/dns/opensslrsa_link.c
stable/9/contrib/bind9/lib/dns/private.c
stable/9/contrib/bind9/lib/dns/rbt.c
stable/9/contrib/bind9/lib/dns/rbtdb.c
stable/9/contrib/bind9/lib/dns/rdata.c
stable/9/contrib/bind9/lib/dns/rdata/any_255/tsig_250.c
stable/9/contrib/bind9/lib/dns/rdata/generic/cert_37.c
stable/9/contrib/bind9/lib/dns/rdata/generic/dlv_32769.c
stable/9/contrib/bind9/lib/dns/rdata/generic/dnskey_48.c
stable/9/contrib/bind9/lib/dns/rdata/generic/ds_43.c
stable/9/contrib/bind9/lib/dns/rdata/generic/ipseckey_45.c
stable/9/contrib/bind9/lib/dns/rdata/generic/key_25.c
stable/9/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c
stable/9/contrib/bind9/lib/dns/rdata/generic/nsec3_50.c
stable/9/contrib/bind9/lib/dns/rdata/generic/nsec3_50.h
stable/9/contrib/bind9/lib/dns/rdata/generic/opt_41.c
stable/9/contrib/bind9/lib/dns/rdata/generic/rrsig_46.c
stable/9/contrib/bind9/lib/dns/rdata/generic/sig_24.c
stable/9/contrib/bind9/lib/dns/rdata/generic/soa_6.c
stable/9/contrib/bind9/lib/dns/rdata/generic/sshfp_44.c
stable/9/contrib/bind9/lib/dns/rdata/generic/tkey_249.c
stable/9/contrib/bind9/lib/dns/rdata/generic/uri_256.c
stable/9/contrib/bind9/lib/dns/rdata/generic/uri_256.h
stable/9/contrib/bind9/lib/dns/rdata/in_1/dhcid_49.c
stable/9/contrib/bind9/lib/dns/resolver.c
stable/9/contrib/bind9/lib/dns/sdb.c
stable/9/contrib/bind9/lib/dns/sdlz.c
stable/9/contrib/bind9/lib/dns/validator.c
stable/9/contrib/bind9/lib/dns/view.c
stable/9/contrib/bind9/lib/dns/xfrin.c
stable/9/contrib/bind9/lib/dns/zone.c
stable/9/contrib/bind9/lib/dns/zt.c
stable/9/contrib/bind9/lib/irs/api
stable/9/contrib/bind9/lib/isc/Makefile.in
stable/9/contrib/bind9/lib/isc/api
stable/9/contrib/bind9/lib/isc/include/isc/heap.h
stable/9/contrib/bind9/lib/isc/include/isc/list.h
stable/9/contrib/bind9/lib/isc/include/isc/mem.h
stable/9/contrib/bind9/lib/isc/include/isc/namespace.h
stable/9/contrib/bind9/lib/isc/include/isc/radix.h
stable/9/contrib/bind9/lib/isc/include/isc/socket.h
stable/9/contrib/bind9/lib/isc/include/isc/task.h
stable/9/contrib/bind9/lib/isc/include/isc/taskpool.h
stable/9/contrib/bind9/lib/isc/log.c
stable/9/contrib/bind9/lib/isc/radix.c
stable/9/contrib/bind9/lib/isc/socket_api.c
stable/9/contrib/bind9/lib/isc/task.c
stable/9/contrib/bind9/lib/isc/task_api.c
stable/9/contrib/bind9/lib/isc/task_p.h
stable/9/contrib/bind9/lib/isc/taskpool.c
stable/9/contrib/bind9/lib/isc/unix/socket.c
stable/9/contrib/bind9/lib/isccc/api
stable/9/contrib/bind9/lib/isccfg/api
stable/9/contrib/bind9/lib/isccfg/namedconf.c
stable/9/contrib/bind9/lib/lwres/api
stable/9/contrib/bind9/lib/lwres/man/lwres_config.3
stable/9/contrib/bind9/lib/lwres/man/lwres_config.docbook
stable/9/contrib/bind9/lib/lwres/man/lwres_config.html
stable/9/contrib/bind9/lib/lwres/man/lwres_context.3
stable/9/contrib/bind9/lib/lwres/man/lwres_context.docbook
stable/9/contrib/bind9/lib/lwres/man/lwres_context.html
stable/9/contrib/bind9/lib/lwres/man/lwres_gabn.3
stable/9/contrib/bind9/lib/lwres/man/lwres_gabn.docbook
stable/9/contrib/bind9/lib/lwres/man/lwres_gabn.html
stable/9/contrib/bind9/lib/lwres/man/lwres_gai_strerror.3
stable/9/contrib/bind9/lib/lwres/man/lwres_gai_strerror.docbook
stable/9/contrib/bind9/lib/lwres/man/lwres_gai_strerror.html
stable/9/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.3
stable/9/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.docbook
stable/9/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html
stable/9/contrib/bind9/lib/lwres/man/lwres_gethostent.3
stable/9/contrib/bind9/lib/lwres/man/lwres_gethostent.docbook
stable/9/contrib/bind9/lib/lwres/man/lwres_gethostent.html
stable/9/contrib/bind9/lib/lwres/man/lwres_getipnode.3
stable/9/contrib/bind9/lib/lwres/man/lwres_getipnode.docbook
stable/9/contrib/bind9/lib/lwres/man/lwres_getipnode.html
stable/9/contrib/bind9/lib/lwres/man/lwres_getnameinfo.3
stable/9/contrib/bind9/lib/lwres/man/lwres_getnameinfo.docbook
stable/9/contrib/bind9/lib/lwres/man/lwres_getnameinfo.html
stable/9/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.3
stable/9/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.docbook
stable/9/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html
stable/9/contrib/bind9/lib/lwres/man/lwres_gnba.3
stable/9/contrib/bind9/lib/lwres/man/lwres_gnba.docbook
stable/9/contrib/bind9/lib/lwres/man/lwres_gnba.html
stable/9/contrib/bind9/lib/lwres/man/lwres_hstrerror.3
stable/9/contrib/bind9/lib/lwres/man/lwres_hstrerror.docbook
stable/9/contrib/bind9/lib/lwres/man/lwres_hstrerror.html
stable/9/contrib/bind9/lib/lwres/man/lwres_inetntop.3
stable/9/contrib/bind9/lib/lwres/man/lwres_inetntop.docbook
stable/9/contrib/bind9/lib/lwres/man/lwres_inetntop.html
stable/9/contrib/bind9/lib/lwres/man/lwres_noop.3
stable/9/contrib/bind9/lib/lwres/man/lwres_noop.docbook
stable/9/contrib/bind9/lib/lwres/man/lwres_noop.html
stable/9/contrib/bind9/lib/lwres/man/lwres_packet.3
stable/9/contrib/bind9/lib/lwres/man/lwres_packet.docbook
stable/9/contrib/bind9/lib/lwres/man/lwres_packet.html
stable/9/contrib/bind9/lib/lwres/man/lwres_resutil.3
stable/9/contrib/bind9/lib/lwres/man/lwres_resutil.docbook
stable/9/contrib/bind9/lib/lwres/man/lwres_resutil.html
stable/9/contrib/bind9/lib/lwres/print_p.h
stable/9/contrib/bind9/lib/lwres/strtoul.c
stable/9/contrib/bind9/lib/lwres/unix/Makefile.in
stable/9/contrib/bind9/lib/lwres/unix/include/Makefile.in
stable/9/contrib/bind9/lib/lwres/unix/include/lwres/Makefile.in
stable/9/contrib/bind9/lib/lwres/unix/include/lwres/net.h
stable/9/contrib/bind9/lib/lwres/version.c
stable/9/contrib/bind9/make/Makefile.in
stable/9/contrib/bind9/make/includes.in
stable/9/contrib/bind9/make/rules.in
stable/9/contrib/bind9/mkinstalldirs
stable/9/contrib/bind9/version
stable/9/lib/bind/config.h
stable/9/lib/bind/dns/Makefile
stable/9/lib/bind/dns/code.h
stable/9/lib/bind/dns/dns/rdatastruct.h
stable/9/lib/bind/isc/Makefile
stable/9/share/doc/bind9/Makefile
stable/9/usr.bin/nslookup/Makefile
stable/9/usr.bin/nsupdate/Makefile
stable/9/usr.sbin/Makefile (contents, props changed)
Directory Properties:
stable/9/contrib/bind9/ (props changed)
stable/9/lib/bind/ (props changed)
stable/9/share/doc/bind9/ (props changed)
stable/9/usr.bin/ (props changed)
stable/9/usr.sbin/ (props changed)
Modified: stable/9/contrib/bind9/CHANGES
==============================================================================
--- stable/9/contrib/bind9/CHANGES Mon Aug 26 07:07:41 2013 (r254896)
+++ stable/9/contrib/bind9/CHANGES Mon Aug 26 07:17:41 2013 (r254897)
@@ -1,15 +1,15 @@
- --- 9.8.5-P2 released ---
+ --- 9.9.3-P2 released ---
3621. [security] Incorrect bounds checking on private type 'keydata'
can lead to a remotely triggerable REQUIRE failure
(CVE-2013-4854). [RT #34238]
- --- 9.8.5-P1 released ---
+ --- 9.9.3-P1 released ---
3584. [security] Caching data from an incompletely signed zone could
trigger an assertion failure in resolver.c [RT #33690]
- --- 9.8.5 released ---
+ --- 9.9.3 released ---
3568. [cleanup] Add a product description line to the version file,
to be reported by named -v/-V. [RT #33366]
@@ -21,7 +21,7 @@
3561. [bug] dig: issue a warning if an EDNS query returns FORMERR
or NOTIMP. Adjust usage message. [RT #33363]
- --- 9.8.5rc1 released ---
+ --- 9.9.3rc2 released ---
3560. [bug] isc-config.sh did not honor includedir and libdir
when set via configure. [RT #33345]
@@ -31,6 +31,8 @@
3558. [bug] IXFR of a DLZ stored zone was broken. [RT #33331]
+3557. [bug] Reloading redirect zones was broken. [RT #33292]
+
3556. [maint] Added AAAA for D.ROOT-SERVERS.NET.
3555. [bug] Address theoretical race conditions in acache.c
@@ -51,9 +53,7 @@
3547. [bug] Some malformed unknown rdata records were not properly
detected and rejected. [RT #33129]
-3056. [func] Added support for URI resource record. [RT #23386]
-
- --- 9.8.5rc1 released ---
+ --- 9.9.3rc1 released ---
3546. [func] Add EUI48 and EUI64 types. [RT #33082]
@@ -64,8 +64,6 @@
3543. [bug] Update socket structure before attaching to socket
manager after accept. [RT #33084]
-3542. [bug] masterformat system test was broken. [RT #33086]
-
3541. [bug] Parts of libdns were not properly initialized when
built in libexport mode. [RT #33028]
@@ -94,6 +92,17 @@
3530. [contrib] Better RTT tracking in queryperf. [RT #30128]
+3528. [func] New "dnssec-coverage" command scans the timing
+ metadata for a set of DNSSEC keys and reports if a
+ lapse in signing coverage has been scheduled
+ inadvertently. (Note: This tool depends on python;
+ it will not be built or installed on systems that
+ do not have a python interpreter.) [RT #28098]
+
+3527. [compat] Add a URI to allow applications to explicitly
+ request a particular XML schema from the statistics
+ channel, returning 404 if not supported. [RT #32481]
+
3526. [cleanup] Set up dependencies for unit tests correctly during
build. [RT #32803]
@@ -102,7 +111,7 @@
3520. [bug] 'mctx' was not being referenced counted in some places
where it should have been. [RT #32794]
- --- 9.8.5b2 released ---
+ --- 9.9.3b2 released ---
3517. [bug] Reorder destruction to avoid shutdown race. [RT #32777]
@@ -114,6 +123,8 @@
to 1024 bits for hmac-sha384 and hmac-sha512.
[RT #32753]
+3511. [doc] Improve documentation of redirect zones. [RT #32756]
+
3509. [cleanup] Added a product line to version file to allow for
easy naming of different products (BIND
vs BIND ESV, for example). [RT #32755]
@@ -121,8 +132,24 @@
3508. [contrib] queryperf was incorrectly rejecting the -T option.
[RT #32338]
+3507. [bug] Statistics channel XSL (when built with
+ --enable-newstats) had a glitch when attempting
+ to chart query data before any queries had been
+ received. [RT #32620]
+
+3505. [bug] When setting "max-cache-size" and "max-acache-size",
+ larger values than 4 gigabytes could not be set
+ explicitly, though larger sizes were available
+ when setting cache size to 0. This has been
+ corrected; the full range is now available.
+ [RT #32358]
+
3503. [doc] Clarify size_spec syntax. [RT #32449]
+3501. [func] zone-statistics now takes three options: full,
+ terse, and none. "yes" and "no" are retained as
+ synonyms for full and terse, respectively. [RT #29165]
+
3500. [security] Support NAPTR regular expression validation on
all platforms without using libregex, which
can be vulnerable to memory exhaustion attack
@@ -141,6 +168,15 @@
NSIP and NSDNAME checking. --enable-rpz-nsip and
--enable-rpz-nsdname are now the default. [RT #32251]
+3493. [contrib] Added BDBHPT dynamically-lodable DLZ module,
+ contributed by Mark Goldfinch. [RT #32549]
+
+3492. [bug] Fixed a regression in zone loading performance
+ due to lock contention. [RT #30399]
+
+3491. [bug] Slave zones using inline-signing must specify a
+ file name. [RT #31946]
+
3489. [bug] --enable-developer now turns on ISC_LIST_CHECKINIT.
When cloning a rdataset do not copy the link contents.
[RT #32651]
@@ -156,8 +192,14 @@
3485. [cleanup] Only compile openssl_gostlink.c if we support GOST.
+3483. [bug] Corrected XSL code in use with --enable-newstats.
+ [RT #32587]
+
3481. [cleanup] Removed use of const const in atf.
+3480. [bug] Silence logging noise when setting up zone
+ statistics. [RT #32525]
+
3479. [bug] Address potential memory leaks in gssapi support
code. [RT #32405]
@@ -167,10 +209,18 @@
3474. [bug] nsupdate could assert when the local and remote
address families didn't match. [RT #22897]
+3473. [bug] dnssec-signzone/verify could incorrectly report
+ an error condition due to an empty node above an
+ opt-out delegation lacking an NSEC3. [RT #32072]
+
+3471. [bug] The number of UDP dispatches now defaults to
+ the number of CPUs even if -n has been set to
+ a higher value. [RT #30964]
+
3470. [bug] Slave zones could fail to dump when successfully
refreshing after an initial failure. [RT #31276]
- --- 9.8.5b1 released ---
+ --- 9.9.3b1 released ---
3468. [security] RPZ rules to generate A records (but not AAAA records)
could trigger an assertion failure when used in
@@ -179,6 +229,9 @@
3467. [bug] Added checks in dnssec-keygen and dnssec-settime
to check for delete date < inactive date. [RT #31719]
+3466. [contrib] Corrected the DNS_CLIENTINFOMETHODS_VERSION check
+ in DLZ example driver. [RT #32275]
+
3465. [bug] Handle isolated reserved ports. [RT #31778]
3464. [maint] Updates to PKCS#11 openssl patches, supporting
@@ -192,6 +245,8 @@
3461. [bug] Negative responses could incorrectly have AD=1
set. [RT #32237]
+3460. [bug] Only link against readline where needed. [RT #29810]
+
3458. [bug] Return FORMERR when presented with a overly long
domain named in a request. [RT #29682]
@@ -203,6 +258,9 @@
3454. [port] sparc64: improve atomic support. [RT #25182]
+3453. [bug] 'rndc addzone' of a zone with 'inline-signing yes;'
+ failed. [RT #31960]
+
3452. [bug] Accept duplicate singleton records. [RT #32329]
3451. [port] Increase per thread stack size from 64K to 1M.
@@ -266,9 +324,19 @@
3427. [bug] dig +trace incorrectly displayed name server
addresses instead of names. [RT #31641]
+3426. [bug] dnssec-checkds: Clearer output when records are not
+ found. [RT #31968]
+
3425. [bug] "acacheentry" reference counting was broken resulting
in use after free. [RT #31908]
+3424. [func] dnssec-dsfromkey now emits the hash without spaces.
+ [RT #31951]
+
+3423. [bug] "rndc signing -nsec3param" didn't accept the full
+ range of possible values. Address portability issues.
+ [RT #31938]
+
3422. [bug] Added a clear error message for when the SOA does not
match the referral. [RT #31281]
@@ -279,9 +347,22 @@
3419. [bug] Memory leak on validation cancel. [RT #31869]
+3417. [func] Optional new XML schema (version 3.0) for the
+ statistics channel adds query type statistics at the
+ zone level, and flattens the XML tree and uses
+ compressed format to optimize parsing. Includes new XSL
+ that permits charting via the Google Charts API on
+ browsers that support javascript in XSL. To enable,
+ build with "configure --enable-newstats". [RT #30023]
+
+3416. [bug] Named could die on shutdown if running with 128 UDP
+ dispatches per interface. [RT #31743]
+
3415. [bug] named could die with a REQUIRE failure if a validation
was canceled. [RT #31804]
+3414. [bug] Address locking issues found by Coverity. [RT #31626]
+
3412. [bug] Copy timeval structure from control message data.
[RT #31548]
@@ -295,6 +376,11 @@
(DNS-based Authentication of Named Entities).
[RT #30513]
+3408. [bug] Some DNSSEC-related options (update-check-ksk,
+ dnssec-loadkeys-interval, dnssec-dnskey-kskonly)
+ are now legal in slave zones as long as
+ inline-signing is in use. [RT #31078]
+
3406. [bug] mem.c: Fix compilation errors when building with
ISC_MEM_TRACKLINES or ISC_MEMPOOL_NAMES disabled.
Also, ISC_MEM_DEBUG is no longer optional. [RT #31559]
@@ -316,6 +402,13 @@
in the "srcid" file in the build tree and normally set
to the most recent git hash. [RT #31494]
+3399. [port] netbsd: rename 'bool' parameter to avoid namespace
+ clash. [RT #31515]
+
+3398. [bug] SOA parameters were not being updated with inline
+ signed zones if the zone was modified while the
+ server was offline. [RT #29272]
+
3397. [bug] dig crashed when using +nssearch with +tcp. [RT #25298]
3396. [bug] OPT records were incorrectly removed from signed,
@@ -348,11 +441,10 @@
3386. [bug] Address locking violation when generating new NSEC /
NSEC3 chains. [RT #31224]
-3384. [bug] Improved logging of crypto errors. [RT #30963]
+3385. [bug] named-checkconf didn't detect missing master lists
+ in also-notify clauses. [RT #30810]
-3383. [security] A certain combination of records in the RBT could
- cause named to hang while populating the additional
- section of a response. [RT #31090]
+3384. [bug] Improved logging of crypto errors. [RT #30963]
3382. [bug] SOA query from slave used use-v6-udp-ports range,
if set, regardless of the address family in use.
@@ -370,6 +462,9 @@
3378. [bug] Handle missing 'managed-keys-directory' better.
[RT #30625]
+3377. [bug] Removed spurious newline from NSEC3 multiline
+ output. [RT #31044]
+
3376. [bug] Lack of EDNS support was being recorded without a
successful response. [RT #30811]
@@ -386,19 +481,34 @@
add NS RRsets to the additional section or not.
[RT #30479]
- --- 9.8.4 released ---
+3316. [tuning] Improved locking performance when recursing.
+ [RT #28836]
+
+3315. [tuning] Use multiple dispatch objects for sending upstream
+ queries; this can improve performance on busy
+ multiprocessor systems by reducing lock contention.
+ [RT #28605]
+
+ --- 9.9.2 released ---
+
+3383. [security] A certain combination of records in the RBT could
+ cause named to hang while populating the additional
+ section of a response. [RT #31090]
3373. [bug] win32: open raw files in binary mode. [RT #30944]
3364. [security] Named could die on specially crafted record.
[RT #30416]
- --- 9.8.4rc1 released ---
+ --- 9.9.2rc1 released ---
+
+3370. [bug] Address use after free while shutting down. [RT #30241]
3369. [bug] nsupdate terminated unexpectedly in interactive mode
if built with readline support. [RT #29550]
-3368. [bug] <dns/iptable.h> and <dns/zone.h> were not C++ safe.
+3368. [bug] <dns/iptable.h>, <dns/private.h> and <dns/zone.h>
+ were not C++ safe.
3367. [bug] dns_dnsseckey_create() result was not being checked.
[RT #30685]
@@ -417,6 +527,9 @@
could trigger an assertion failure on startup.
[RT #27730]
+3361. [bug] "rndc signing -nsec3param" didn't work correctly
+ when salt was set to '-' (no salt). [RT #30099]
+
3360. [bug] 'host -w' could die. [RT #18723]
3359. [bug] An improperly-formed TSIG secret could cause a
@@ -428,10 +541,12 @@
approaching their expiry, so they don't remain
in caches after expiry. [RT #26429]
- --- 9.8.4b1 released ---
+3355. [port] Use more portable awk in verify system test.
3354. [func] Improve OpenSSL error logging. [RT #29932]
+ --- 9.9.2b1 released ---
+
3353. [bug] Use a single task for task exclusive operations.
[RT #29872]
@@ -446,6 +561,8 @@
ISC_MEM_DEBUGCTX memory debugging flag is set.
[RT #30240]
+3349. [bug] Change #3345 was incomplete. [RT #30233]
+
3348. [bug] Prevent RRSIG data from being cached if a negative
record matching the covering type exists at a higher
trust level. Such data already can't be retrieved from
@@ -459,16 +576,42 @@
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
+3345. [bug] Addressed race condition when removing the last item
+ or inserting the first item in an ISC_QUEUE.
+ [RT #29539]
+
+3344. [func] New "dnssec-checkds" command checks a zone to
+ determine which DS records should be published
+ in the parent zone, or which DLV records should be
+ published in a DLV zone, and queries the DNS to
+ ensure that it exists. (Note: This tool depends
+ on python; it will not be built or installed on
+ systems that do not have a python interpreter.)
+ [RT #28099]
+
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
+3341. [func] New "dnssec-verify" command checks a signed zone
+ to ensure correctness of signatures and of NSEC/NSEC3
+ chains. [RT #23673]
+
+3339. [func] Allow the maximum supported rsa exponent size to be
+ specified: "max-rsa-exponent-size <value>;" [RT #29228]
+
+3338. [bug] Address race condition in units tests: asyncload_zone
+ and asyncload_zt. [RT #26100]
+
3337. [bug] Change #3294 broke support for the multiple keys
in controls. [RT #29694]
3335. [func] nslookup: return a nonzero exit code when unable
to get an answer. [RT #29492]
+3334. [bug] Hold a zone table reference while performing a
+ asynchronous load of a zone. [RT #28326]
+
3333. [bug] Setting resolver-query-timeout too low can cause
named to not recover if it loses connectivity.
[RT #29623]
@@ -504,7 +647,7 @@
3317. [func] Add ECDSA support (RFC 6605). [RT #21918]
- --- 9.8.3 released ---
+ --- 9.9.1 released ---
3318. [tuning] Reduce the amount of work performed while holding a
bucket lock when finished with a fetch context.
@@ -536,6 +679,8 @@
3304. [bug] Use hmctx, not mctx when freeing rbtdb->heaps.
[RT #28571]
+3303. [bug] named could die when reloading. [RT #28606]
+
3302. [bug] dns_dnssec_findmatchingkeys could fail to find
keys if the zone name contained character that
required special mappings. [RT #28600]
@@ -549,22 +694,15 @@
3299. [bug] Make SDB handle errors from database drivers better.
[RT #28534]
-3232. [bug] Zero zone->curmaster before return in
- dns_zone_setmasterswithkeys(). [RT #26732]
-
-3183. [bug] Added RTLD_GLOBAL flag to dlopen call. [RT #26301]
-
-3197. [bug] Don't try to log the filename and line number when
- the config parser can't open a file. [RT #22263]
-
- --- 9.8.2 released ---
-
3298. [bug] Named could dereference a NULL pointer in
zmgr_start_xfrin_ifquota if the zone was being removed.
[RT #28419]
3297. [bug] Named could die on a malformed master file. [RT #28467]
+3296. [bug] Named could die with a INSIST failure in
+ client.c:exit_check. [RT #28346]
+
3295. [bug] Adjust isc_time_secondsastimet range check to be more
portable. [RT # 26542]
@@ -576,6 +714,16 @@
3290. [bug] <isc/hmacsha.h> was not being installed. [RT #28169]
+3273. [bug] AAAA responses could be returned in the additional
+ section even when filter-aaaa-on-v4 was in use.
+ [RT #27292]
+
+ --- 9.9.0 released ---
+
+ --- 9.9.0rc4 released ---
+
+3289. [bug] 'rndc retransfer' failed for inline zones. [RT #28036]
+
3288. [bug] dlz_destroy() function wasn't correctly registered
by the DLZ dlopen driver. [RT #28056]
@@ -584,7 +732,7 @@
3286. [bug] Managed key maintenance timer could fail to start
after 'rndc reconfig'. [RT #26786]
- --- 9.8.2rc2 released ---
+ --- 9.9.0rc3 released ---
3285. [bug] val-frdataset was incorrectly disassociated in
proveunsecure after calling startfinddlvsep.
@@ -607,24 +755,34 @@
3280. [bug] Potential double free of a rdataset on out of memory
with DNS64. [RT #27762]
+3279. [bug] Hold a internal reference to the zone while performing
+ a asynchronous load. Address potential memory leak
+ if the asynchronous is cancelled. [RT #27750]
+
3278. [bug] Make sure automatic key maintenance is started
when "auto-dnssec maintain" is turned on during
"rndc reconfig". [RT #26805]
+3277. [bug] win32: isc_socket_dup is not implemented. [RT #27696]
+
3276. [bug] win32: ns_os_openfile failed to return NULL on
safe_open failure. [RT #27696]
-3274. [bug] Log when a zone is not reusable. Only set loadtime
- on successful loads. [RT #27650]
-
-3273. [bug] AAAA responses could be returned in the additional
- section even when filter-aaaa-on-v4 was in use.
- [RT #27292]
+3275. [bug] Corrected rndc -h output; the 'rndc sync -clean'
+ option had been misspelled as '-clear'. (To avoid
+ future confusion, both options now work.) [RT #27173]
3271. [port] darwin: mksymtbl is not always stable, loop several
times before giving up. mksymtbl was using non
portable perl to covert 64 bit hex strings. [RT #27653]
+ --- 9.9.0rc2 released ---
+
+3270. [bug] "rndc reload" didn't reuse existing zones correctly
+ when inline-signing was in use. [RT #27650]
+
+3269. [port] darwin 11 and later now built threaded by default.
+
3268. [bug] Convert RRSIG expiry times to 64 timestamps to work
out the earliest expiry time. [RT #23311]
@@ -636,14 +794,26 @@
DNSKEY RRset was not being properly computed.
[RT #26543]
+3265. [bug] Corrected a problem with lock ordering in the
+ inline-signing code. [RT #27557]
+
+3264. [bug] Automatic regeneration of signatures in an
+ inline-signing zone could stall when the server
+ was restarted. [RT #27344]
+
+3263. [bug] "rndc sync" did not affect the unsigned side of an
+ inline-signing zone. [RT #27337]
+
3262. [bug] Signed responses were handled incorrectly by RPZ.
[RT #27316]
- --- 9.8.2rc1 released ---
+3261. [func] RRset ordering now defaults to random. [RT #27174]
3260. [bug] "rrset-order cyclic" could appear not to rotate
for some query patterns. [RT #27170/27185]
+ --- 9.9.0rc1 released ---
+
3259. [bug] named-compilezone: Suppress "dump zone to <file>"
message when writing to stdout. [RT #27109]
@@ -655,12 +825,21 @@
3256. [bug] Disable empty zones for lwresd -C. [RT #27139]
+3255. [func] No longer require that a empty zones be explicitly
+ enabled or that a empty zone is disabled for
+ RFC 1918 empty zones to be configured. [RT #27139]
+
3254. [bug] Set isc_socket_ipv6only() on the IPv6 control channels.
[RT #22249]
3253. [bug] Return DNS_R_SYNTAX when the input to a text field is
too long. [RT #26956]
+3252. [bug] When master zones using inline-signing were
+ updated while the server was offline, the source
+ zone could fall out of sync with the signed
+ copy. They can now resynchronize. [RT #26676]
+
3251. [bug] Enforce a upper bound (65535 bytes) on the amount of
memory dns_sdlz_putrr() can allocate per record to
prevent run away memory consumption on ISC_R_NOSPACE.
@@ -680,8 +859,34 @@
3247. [bug] 'raw' format zones failed to preserve load order
breaking 'fixed' sort order. [RT #27087]
-3243. [port] netbsd,bsdi: the thread defaults were not being
- properly set.
+3246. [bug] Named failed to start with a empty also-notify list.
+ [RT #27087]
+
+3245. [bug] Don't report a error unchanged serials unless there
+ were other changes when thawing a zone with
+ ixfr-fromdifferences. [RT #26845]
+
+3244. [func] Added readline support to nslookup and nsupdate.
+ Also simplified nsupdate syntax to make "update"
+ and "prereq" optional. [RT #24659]
+
+3243. [port] freebsd,netbsd,bsdi: the thread defaults were not
+ being properly set.
+
+3242. [func] Extended the header of raw-format master files to
+ include the serial number of the zone from which
+ they were generated, if different (as in the case
+ of inline-signing zones). This is to be used in
+ inline-signing zones, to track changes between the
+ unsigned and signed versions of the zone, which may
+ have different serial numbers.
+
+ (Note: raw zonefiles generated by this version of
+ BIND are no longer compatible with prior versions.
+ To generate a backward-compatible raw zonefile
+ using dnssec-signzone or named-compilezone, specify
+ output format "raw=0" instead of simply "raw".)
+ [RT #26587]
3241. [bug] Address race conditions in the resolver code.
[RT #26889]
@@ -696,10 +901,21 @@
3237. [bug] dig -6 didn't work with +trace. [RT #26906]
- --- 9.8.2b1 released ---
+3236. [bug] Backed out changes #3182 and #3202, related to
+ EDNS(0) fallback behavior. [RT #26416]
+
+3235. [func] dns_db_diffx, a extended dns_db_diff which returns
+ the generated diff and optionally writes it to a
+ journal. [RT #26386]
3234. [bug] 'make depend' produced invalid makefiles. [RT #26830]
+3233. [bug] 'rndc freeze/thaw' didn't work for inline zones.
+ [RT #26632]
+
+3232. [bug] Zero zone->curmaster before return in
+ dns_zone_setmasterswithkeys(). [RT #26732]
+
3231. [bug] named could fail to send a incompressible zone.
[RT #26796]
@@ -717,14 +933,29 @@
3226. [bug] Address minor resource leakages. [RT #26624]
+3225. [bug] Silence spurious "setsockopt(517, IPV6_V6ONLY) failed"
+ messages. [RT #26507]
+
+3224. [bug] 'rndc signing' argument parsing was broken. [RT #26684]
+
+3223. [bug] 'task_test privilege_drop' generated false positives.
+ [RT #26766]
+
+3222. [cleanup] Replace dns_journal_{get,set}_bitws with
+ dns_journal_{get,set}_sourceserial. [RT #26634]
+
3221. [bug] Fixed a potential core dump on shutdown due to
referencing fetch context after it's been freed.
[RT #26720]
+ --- 9.9.0b2 released ---
+
3220. [bug] Change #3186 was incomplete; dns_db_rpz_findips()
could fail to set the database version correctly,
causing an assertion failure. [RT #26180]
+3219. [bug] Disable NOEDNS caching following a timeout.
+
3218. [security] Cache lookup could return RRSIG data associated with
nonexistent records, leading to an assertion
failure. [RT #26590]
@@ -733,12 +964,24 @@
3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478]
+3215. [bug] 'rndc recursing' could cause a core dump. [RT #26495]
+
+3214. [func] Add 'named -U' option to set the number of UDP
+ listener threads per interface. [RT #26485]
+
3213. [doc] Clarify ixfr-from-differences behavior. [RT #25188]
3212. [bug] rbtdb.c: failed to remove a node from the deadnodes
list prior to adding a reference to it leading a
possible assertion failure. [RT #23219]
+3211. [func] dnssec-signzone: "-f -" prints to stdout; "-O full"
+ option prints in single-line-per-record format.
+ [RT #20287]
+
+3210. [bug] Canceling the oldest query due to recursive-client
+ overload could trigger an assertion failure. [RT #26463]
+
3209. [func] Add "dnssec-lookaside 'no'". [RT #24858]
3208. [bug] 'dig -y' handle unknown tsig algorithm better.
@@ -748,6 +991,11 @@
3206. [cleanup] Add ISC information to log at start time. [RT #25484]
+3205. [func] Upgrade dig's defaults to better reflect modern
+ nameserver behavior. Enable "dig +adflag" and
+ "dig +edns=0" by default. Enable "+dnssec" when
+ running "dig +trace". [RT #23497]
+
3204. [bug] When a master server that has been marked as
unreachable sends a NOTIFY, mark it reachable
again. [RT #25960]
@@ -755,12 +1003,24 @@
3203. [bug] Increase log level to 'info' for validation failures
from expired or not-yet-valid RRSIGs. [RT #21796]
+3202. [bug] NOEDNS caching on timeout was too aggressive.
+ [RT #26416]
+
+3201. [func] 'rndc querylog' can now be given an on/off parameter
+ instead of only being used as a toggle. [RT #18351]
+
3200. [doc] Some rndc functions were undocumented or were
missing from 'rndc -h' output. [RT #25555]
+3199. [func] When logging client information, include the name
+ being queried. [RT #25944]
+
3198. [doc] Clarified that dnssec-settime can alter keyfile
permissions. [RT #24866]
+3197. [bug] Don't try to log the filename and line number when
+ the config parser can't open a file. [RT #22263]
+
3196. [bug] nsupdate: return nonzero exit code when target zone
doesn't exist. [RT #25783]
@@ -789,10 +1049,50 @@
3187. [port] win32: support for Visual Studio 2008. [RT #26356]
+ --- 9.9.0b1 released ---
+
3186. [bug] Version/db mis-match in rpz code. [RT #26180]
+3185. [func] New 'rndc signing' option for auto-dnssec zones:
+ - 'rndc signing -list' displays the current
+ state of signing operations
+ - 'rndc signing -clear' clears the signing state
+ records for keys that have fully signed the zone
+ - 'rndc signing -nsec3param' sets the NSEC3
+ parameters for the zone
+ The 'rndc keydone' syntax is removed. [RT #23729]
+
+3184. [bug] named had excessive cpu usage when a redirect zone was
+ configured. [RT #26013]
+
+3183. [bug] Added RTLD_GLOBAL flag to dlopen call. [RT #26301]
+
+3182. [bug] Auth servers behind firewalls which block packets
+ greater than 512 bytes may cause other servers to
+ perform poorly. Now, adb retains edns information
+ and caches noedns servers. [RT #23392/24964]
+
+3181. [func] Inline-signing is now supported for master zones.
+ [RT #26224]
+
+3180. [func] Local copies of slave zones are now saved in raw
+ format by default, to improve startup performance.
+ 'masterfile-format text;' can be used to override
+ the default, if desired. [RT #25867]
+
3179. [port] kfreebsd: build issues. [RT #26273]
+3178. [bug] A race condition introduced by change #3163 could
+ cause an assertion failure on shutdown. [RT #26271]
+
+3177. [func] 'rndc keydone', remove the indicator record that
+ named has finished signing the zone with the
+ corresponding key. [RT #26206]
+
+3176. [doc] Corrected example code and added a README to the
+ sample external DLZ module in contrib/dlz/example.
+ [RT #26215]
+
3175. [bug] Fix how DNSSEC positive wildcard responses from a
NSEC3 signed zone are validated. Stop sending a
unnecessary NSEC3 record when generating such
@@ -803,9 +1103,14 @@
3173. [port] Correctly validate root DS responses. [RT #25726]
+3172. [port] darwin 10.* and freebsd [89] are now built threaded by
+ default.
+
3171. [bug] Exclusively lock the task when adding a zone using
'rndc addzone'. [RT #25600]
+ --- 9.9.0a3 released ---
+
3170. [func] RPZ update:
- fix precedence among competing rules
- improve ARM text including documenting rule precedence
@@ -820,10 +1125,28 @@
3169. [func] Catch db/version mis-matches when calling dns_db_*().
[RT #26017]
+3168. [bug] Nxdomain redirection could trigger an assert with
+ a ANY query. [RT #26017]
+
3167. [bug] Negative answers from forwarders were not being
correctly tagged making them appear to not be cached.
[RT #25380]
+3166. [bug] Upgrading a zone to support inline-signing failed.
+ [RT #26014]
+
+3165. [bug] dnssec-signzone could generate new signatures when
+ resigning, even when valid signatures were already
+ present. [RT #26025]
+
+3164. [func] Enable DLZ modules to retrieve client information,
+ so that responses can be changed depending on the
+ source address of the query. [RT #25768]
+
+3163. [bug] Use finer-grained locking in client.c to address
+ concurrency problems with large numbers of threads.
+ [RT #26044]
+
3162. [test] start.pl: modified to allow for "named.args" in
ns*/ subdirectory to override stock arguments to
named. Largely from RT#26044, but no separate ticket.
@@ -831,24 +1154,52 @@
3161. [bug] zone.c:del_sigs failed to always reset rdata leading
assertion failures. [RT #25880]
+3160. [bug] When printing out a NSEC3 record in multiline form
+ the newline was not being printed causing type codes
+ to be run together. [RT #25873]
+
+3159. [bug] On some platforms, named could assert on startup
+ when running in a chrooted environment without
+ /proc. [RT #25863]
+
+3158. [bug] Recursive servers would prefer a particular UDP
+ socket instead of using all available sockets.
+ [RT #26038]
+
3157. [tuning] Reduce the time spent in "rndc reconfig" by parsing
the config file before pausing the server. [RT #21373]
+3156. [placeholder]
+
+ --- 9.9.0a2 released ---
+
3155. [bug] Fixed a build failure when using contrib DLZ
drivers (e.g., mysql, postgresql, etc). [RT #25710]
3154. [bug] Attempting to print an empty rdataset could trigger
an assert. [RT #25452]
+3153. [func] Extend request-ixfr to zone level and remove the
+ side effect of forcing an AXFR. [RT #25156]
+
3152. [cleanup] Some versions of gcc and clang failed due to
incorrect use of __builtin_expect. [RT #25183]
3151. [bug] Queries for type RRSIG or SIG could be handled
incorrectly. [RT #21050]
+3150. [func] Improved startup and reconfiguration time by
+ enabling zones to load in multiple threads. [RT #25333]
+
+3149. [placeholder]
+
3148. [bug] Processing of normal queries could be stalled when
forwarding a UPDATE message. [RT #24711]
+3147. [func] Initial inline signing support. [RT #23657]
+
+ --- 9.9.0a1 released ---
+
3146. [test] Fixed gcc4.6.0 errors in ATF. [RT #25598]
3145. [test] Capture output of ATF unit tests in "./atf.out" if
@@ -859,29 +1210,31 @@
3143. [bug] Silence clang compiler warnings. [RT #25174]
-3139. [test] Added tests from RFC 6234, RFC 2202, and RFC 1321
- for the hashing algorithms (md5, sha1 - sha512, and
- their hmac counterparts). [RT #25067]
-
- --- 9.8.1 released ---
-
- --- 9.8.1rc1 released ---
+3142. [bug] NAPTR is class agnostic. [RT #25429]
3141. [bug] Silence spurious "zone serial (0) unchanged" messages
associated with empty zones. [RT #25079]
+3140. [func] New command "rndc flushtree <name>" clears the
+ specified name from the server cache along with
+ all names under it. [RT #19970]
+
+3139. [test] Added tests from RFC 6234, RFC 2202, and RFC 1321
+ for the hashing algorithms (md5, sha1 - sha512, and
+ their hmac counterparts). [RT #25067]
+
3138. [bug] Address memory leaks and out-of-order operations when
shutting named down. [RT #25210]
+3137. [func] Improve hardware scalability by allowing multiple
+ worker threads to process incoming UDP packets.
+ This can significantly increase query throughput
+ on some systems. [RT #22992]
+
3136. [func] Add RFC 1918 reverse zones to the list of built-in
empty zones switched on by the 'empty-zones-enable'
option. [RT #24990]
- Note: empty-zones-enable must be "yes;" or a empty
- zone needs to be disabled in named.conf for RFC 1918
- zones to be activated. This requirement may be
- removed in future releases.
-
3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing.
See http://www.freebsd.org/cgi/query-pr.cgi?pr=158307
[RT #24950]
@@ -889,19 +1242,34 @@
3134. [bug] Improve the accuracy of dnssec-signzone's signing
statistics. [RT #16030]
- --- 9.8.1b3 released ---
-
3133. [bug] Change #3114 was incomplete. [RT #24577]
+3132. [placeholder]
+
3131. [tuning] Improve scalability by allocating one zone task
per 100 zones at startup time, rather than using a
fixed-size task table. [RT #24406]
+3130. [func] Support alternate methods for managing a dynamic
+ zone's serial number. Two methods are currently
+ defined using serial-update-method, "increment"
+ (default) and "unixtime". [RT #23849]
+
3129. [bug] Named could crash on 'rndc reconfig' when
allow-new-zones was set to yes and named ACLs
were used. [RT #22739]
- --- 9.8.1b2 released ---
+3128. [func] Inserting an NSEC3PARAM via dynamic update in an
+ auto-dnssec zone that has not been signed yet
+ will cause it to be signed with the specified NSEC3
+ parameters when keys are activated. The
+ NSEC3PARAM record will not appear in the zone until
+ it is signed, but the parameters will be stored.
+ [RT #23684]
+
+3127. [bug] 'rndc thaw' will now remove a zone's journal file
+ if the zone serial number has been changed and
+ ixfr-from-differences is not in use. [RT #24687]
3126. [security] Using DNAME record to generate replacements caused
RPZ to exit with a assertion failure. [RT #24766]
@@ -941,6 +1309,12 @@
never-implemented 'auto-dnssec create' option.
[RT #24533]
+3116. [func] New 'dnssec-update-mode' option controls updates
+ of DNSSEC records in signed dynamic zones. Set to
+ 'no-resign' to disable automatic RRSIG regeneration
+ while retaining the ability to sign new or changed
+ data. [RT #24533]
+
3115. [bug] Named could fail to return requested data when
following a CNAME that points into the same zone.
[RT #24455]
@@ -951,8 +1325,6 @@
3113. [doc] Document the relationship between serial-query-rate
and NOTIFY messages.
- --- 9.8.1b1 released ---
-
3112. [doc] Add missing descriptions of the update policy name
types "ms-self", "ms-subdomain", "krb5-self" and
"krb5-subdomain", which allow machines to update
@@ -965,9 +1337,23 @@
3110. [bug] dnssec-signzone: Wrong error message could appear
when attempting to sign with no KSK. [RT #24369]
+3109. [func] The also-notify option now uses the same syntax
+ as a zone's masters clause. This means it is
+ now possible to specify a TSIG key to use when
+ sending notifies to a given server, or to include
+ an explicit named masters list in an also-notfiy
+ statement. [RT #23508]
+
+3108. [cleanup] dnssec-signzone: Clarified some error and
+ warning messages; removed #ifdef ALLOW_KSKLESS_ZONES
+ code (use -P instead). [RT #20852]
+
3107. [bug] dnssec-signzone: Report the correct number of ZSKs
when using -x. [RT #20852]
+3106. [func] When logging client requests, include the name of
+ the TSIG key if any. [RT #23619]
+
3105. [bug] GOST support can be suppressed by "configure
--without-gost" [RT #24367]
@@ -977,6 +1363,12 @@
instead of in the options statement could trigger
an assertion failure in named-checkconf. [RT #24382]
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-stable-9
mailing list