svn commit: r224092 - in head/contrib/bind9: . bin bin/check
bin/confgen bin/dig bin/dig/include/dig bin/dnssec bin/named
bin/named/include/named bin/named/unix
bin/named/unix/include/named bin/nsu...
Doug Barton
dougb at FreeBSD.org
Sat Jul 16 11:12:09 UTC 2011
Author: dougb
Date: Sat Jul 16 11:12:09 2011
New Revision: 224092
URL: http://svn.freebsd.org/changeset/base/224092
Log:
Upgrade to version 9.8.0-P4
This version has many new features, see /usr/share/doc/bind9/README
for details.
Added:
head/contrib/bind9/HISTORY
- copied unchanged from r224091, vendor/bind9/dist/HISTORY
head/contrib/bind9/bin/confgen/
- copied from r224091, vendor/bind9/dist/bin/confgen/
head/contrib/bind9/bin/dnssec/dnssec-revoke.8
- copied unchanged from r224091, vendor/bind9/dist/bin/dnssec/dnssec-revoke.8
head/contrib/bind9/bin/dnssec/dnssec-revoke.c
- copied unchanged from r224091, vendor/bind9/dist/bin/dnssec/dnssec-revoke.c
head/contrib/bind9/bin/dnssec/dnssec-revoke.docbook
- copied unchanged from r224091, vendor/bind9/dist/bin/dnssec/dnssec-revoke.docbook
head/contrib/bind9/bin/dnssec/dnssec-revoke.html
- copied unchanged from r224091, vendor/bind9/dist/bin/dnssec/dnssec-revoke.html
head/contrib/bind9/bin/dnssec/dnssec-settime.8
- copied unchanged from r224091, vendor/bind9/dist/bin/dnssec/dnssec-settime.8
head/contrib/bind9/bin/dnssec/dnssec-settime.c
- copied unchanged from r224091, vendor/bind9/dist/bin/dnssec/dnssec-settime.c
head/contrib/bind9/bin/dnssec/dnssec-settime.docbook
- copied unchanged from r224091, vendor/bind9/dist/bin/dnssec/dnssec-settime.docbook
head/contrib/bind9/bin/dnssec/dnssec-settime.html
- copied unchanged from r224091, vendor/bind9/dist/bin/dnssec/dnssec-settime.html
head/contrib/bind9/bin/named/bind.keys.h
- copied unchanged from r224091, vendor/bind9/dist/bin/named/bind.keys.h
head/contrib/bind9/bin/tools/
- copied from r224091, vendor/bind9/dist/bin/tools/
head/contrib/bind9/doc/arm/dnssec.xml
- copied unchanged from r224091, vendor/bind9/dist/doc/arm/dnssec.xml
head/contrib/bind9/doc/arm/libdns.xml
- copied unchanged from r224091, vendor/bind9/dist/doc/arm/libdns.xml
head/contrib/bind9/doc/arm/man.arpaname.html
- copied unchanged from r224091, vendor/bind9/dist/doc/arm/man.arpaname.html
head/contrib/bind9/doc/arm/man.ddns-confgen.html
- copied unchanged from r224091, vendor/bind9/dist/doc/arm/man.ddns-confgen.html
head/contrib/bind9/doc/arm/man.dnssec-revoke.html
- copied unchanged from r224091, vendor/bind9/dist/doc/arm/man.dnssec-revoke.html
head/contrib/bind9/doc/arm/man.dnssec-settime.html
- copied unchanged from r224091, vendor/bind9/dist/doc/arm/man.dnssec-settime.html
head/contrib/bind9/doc/arm/man.genrandom.html
- copied unchanged from r224091, vendor/bind9/dist/doc/arm/man.genrandom.html
head/contrib/bind9/doc/arm/man.isc-hmac-fixup.html
- copied unchanged from r224091, vendor/bind9/dist/doc/arm/man.isc-hmac-fixup.html
head/contrib/bind9/doc/arm/man.named-journalprint.html
- copied unchanged from r224091, vendor/bind9/dist/doc/arm/man.named-journalprint.html
head/contrib/bind9/doc/arm/man.nsec3hash.html
- copied unchanged from r224091, vendor/bind9/dist/doc/arm/man.nsec3hash.html
head/contrib/bind9/doc/arm/managed-keys.xml
- copied unchanged from r224091, vendor/bind9/dist/doc/arm/managed-keys.xml
head/contrib/bind9/doc/arm/pkcs11.xml
- copied unchanged from r224091, vendor/bind9/dist/doc/arm/pkcs11.xml
head/contrib/bind9/lib/dns/client.c
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/client.c
head/contrib/bind9/lib/dns/dns64.c
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/dns64.c
head/contrib/bind9/lib/dns/ecdb.c
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/ecdb.c
head/contrib/bind9/lib/dns/include/dns/client.h
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/include/dns/client.h
head/contrib/bind9/lib/dns/include/dns/dns64.h
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/include/dns/dns64.h
head/contrib/bind9/lib/dns/include/dns/ecdb.h
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/include/dns/ecdb.h
head/contrib/bind9/lib/dns/include/dns/keydata.h
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/include/dns/keydata.h
head/contrib/bind9/lib/dns/include/dns/private.h
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/include/dns/private.h
head/contrib/bind9/lib/dns/include/dns/rpz.h
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/include/dns/rpz.h
head/contrib/bind9/lib/dns/include/dns/rriterator.h
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/include/dns/rriterator.h
head/contrib/bind9/lib/dns/include/dns/tsec.h
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/include/dns/tsec.h
head/contrib/bind9/lib/dns/keydata.c
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/keydata.c
head/contrib/bind9/lib/dns/opensslgost_link.c
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/opensslgost_link.c
head/contrib/bind9/lib/dns/private.c
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/private.c
head/contrib/bind9/lib/dns/rdata/generic/hip_55.c
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/rdata/generic/hip_55.c
head/contrib/bind9/lib/dns/rdata/generic/hip_55.h
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/rdata/generic/hip_55.h
head/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/rdata/generic/keydata_65533.c
head/contrib/bind9/lib/dns/rdata/generic/keydata_65533.h
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/rdata/generic/keydata_65533.h
head/contrib/bind9/lib/dns/rpz.c
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/rpz.c
head/contrib/bind9/lib/dns/rriterator.c
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/rriterator.c
head/contrib/bind9/lib/dns/ssu_external.c
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/ssu_external.c
head/contrib/bind9/lib/dns/tsec.c
- copied unchanged from r224091, vendor/bind9/dist/lib/dns/tsec.c
head/contrib/bind9/lib/export/
- copied from r224091, vendor/bind9/dist/lib/export/
head/contrib/bind9/lib/irs/
- copied from r224091, vendor/bind9/dist/lib/irs/
head/contrib/bind9/lib/isc/app_api.c
- copied unchanged from r224091, vendor/bind9/dist/lib/isc/app_api.c
head/contrib/bind9/lib/isc/backtrace-emptytbl.c
- copied unchanged from r224091, vendor/bind9/dist/lib/isc/backtrace-emptytbl.c
head/contrib/bind9/lib/isc/backtrace.c
- copied unchanged from r224091, vendor/bind9/dist/lib/isc/backtrace.c
head/contrib/bind9/lib/isc/include/isc/backtrace.h
- copied unchanged from r224091, vendor/bind9/dist/lib/isc/include/isc/backtrace.h
head/contrib/bind9/lib/isc/include/isc/bind9.h
- copied unchanged from r224091, vendor/bind9/dist/lib/isc/include/isc/bind9.h
head/contrib/bind9/lib/isc/include/isc/namespace.h
- copied unchanged from r224091, vendor/bind9/dist/lib/isc/include/isc/namespace.h
head/contrib/bind9/lib/isc/mem_api.c
- copied unchanged from r224091, vendor/bind9/dist/lib/isc/mem_api.c
head/contrib/bind9/lib/isc/socket_api.c
- copied unchanged from r224091, vendor/bind9/dist/lib/isc/socket_api.c
head/contrib/bind9/lib/isc/task_api.c
- copied unchanged from r224091, vendor/bind9/dist/lib/isc/task_api.c
head/contrib/bind9/lib/isc/timer_api.c
- copied unchanged from r224091, vendor/bind9/dist/lib/isc/timer_api.c
head/contrib/bind9/lib/isccfg/dnsconf.c
- copied unchanged from r224091, vendor/bind9/dist/lib/isccfg/dnsconf.c
head/contrib/bind9/lib/isccfg/include/isccfg/dnsconf.h
- copied unchanged from r224091, vendor/bind9/dist/lib/isccfg/include/isccfg/dnsconf.h
Deleted:
head/contrib/bind9/KNOWN-DEFECTS
head/contrib/bind9/NSEC3-NOTES
head/contrib/bind9/README.idnkit
head/contrib/bind9/README.pkcs11
head/contrib/bind9/bin/rndc/rndc-confgen.8
head/contrib/bind9/bin/rndc/rndc-confgen.c
head/contrib/bind9/bin/rndc/rndc-confgen.docbook
head/contrib/bind9/bin/rndc/rndc-confgen.html
head/contrib/bind9/bin/rndc/unix/Makefile.in
head/contrib/bind9/bin/rndc/unix/os.c
Modified:
head/contrib/bind9/CHANGES
head/contrib/bind9/COPYRIGHT
head/contrib/bind9/FAQ.xml
head/contrib/bind9/Makefile.in
head/contrib/bind9/README
head/contrib/bind9/acconfig.h
head/contrib/bind9/bin/Makefile.in
head/contrib/bind9/bin/check/Makefile.in
head/contrib/bind9/bin/check/check-tool.c
head/contrib/bind9/bin/check/check-tool.h
head/contrib/bind9/bin/check/named-checkconf.8
head/contrib/bind9/bin/check/named-checkconf.c
head/contrib/bind9/bin/check/named-checkconf.docbook
head/contrib/bind9/bin/check/named-checkconf.html
head/contrib/bind9/bin/check/named-checkzone.8
head/contrib/bind9/bin/check/named-checkzone.c
head/contrib/bind9/bin/check/named-checkzone.docbook
head/contrib/bind9/bin/check/named-checkzone.html
head/contrib/bind9/bin/dig/Makefile.in
head/contrib/bind9/bin/dig/dig.1
head/contrib/bind9/bin/dig/dig.c
head/contrib/bind9/bin/dig/dig.docbook
head/contrib/bind9/bin/dig/dig.html
head/contrib/bind9/bin/dig/dighost.c
head/contrib/bind9/bin/dig/host.1
head/contrib/bind9/bin/dig/host.c
head/contrib/bind9/bin/dig/host.docbook
head/contrib/bind9/bin/dig/host.html
head/contrib/bind9/bin/dig/include/dig/dig.h
head/contrib/bind9/bin/dig/nslookup.1
head/contrib/bind9/bin/dig/nslookup.c
head/contrib/bind9/bin/dig/nslookup.docbook
head/contrib/bind9/bin/dig/nslookup.html
head/contrib/bind9/bin/dnssec/Makefile.in
head/contrib/bind9/bin/dnssec/dnssec-dsfromkey.8
head/contrib/bind9/bin/dnssec/dnssec-dsfromkey.c
head/contrib/bind9/bin/dnssec/dnssec-dsfromkey.docbook
head/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html
head/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.8
head/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.c
head/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.docbook
head/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.html
head/contrib/bind9/bin/dnssec/dnssec-keygen.8
head/contrib/bind9/bin/dnssec/dnssec-keygen.c
head/contrib/bind9/bin/dnssec/dnssec-keygen.docbook
head/contrib/bind9/bin/dnssec/dnssec-keygen.html
head/contrib/bind9/bin/dnssec/dnssec-signzone.8
head/contrib/bind9/bin/dnssec/dnssec-signzone.c
head/contrib/bind9/bin/dnssec/dnssec-signzone.docbook
head/contrib/bind9/bin/dnssec/dnssec-signzone.html
head/contrib/bind9/bin/dnssec/dnssectool.c
head/contrib/bind9/bin/dnssec/dnssectool.h
head/contrib/bind9/bin/named/Makefile.in
head/contrib/bind9/bin/named/bind9.xsl
head/contrib/bind9/bin/named/bind9.xsl.h
head/contrib/bind9/bin/named/builtin.c
head/contrib/bind9/bin/named/client.c
head/contrib/bind9/bin/named/config.c
head/contrib/bind9/bin/named/control.c
head/contrib/bind9/bin/named/include/named/client.h
head/contrib/bind9/bin/named/include/named/config.h
head/contrib/bind9/bin/named/include/named/control.h
head/contrib/bind9/bin/named/include/named/globals.h
head/contrib/bind9/bin/named/include/named/log.h
head/contrib/bind9/bin/named/include/named/lwdclient.h
head/contrib/bind9/bin/named/include/named/main.h
head/contrib/bind9/bin/named/include/named/notify.h
head/contrib/bind9/bin/named/include/named/query.h
head/contrib/bind9/bin/named/include/named/server.h
head/contrib/bind9/bin/named/include/named/tsigconf.h
head/contrib/bind9/bin/named/include/named/types.h
head/contrib/bind9/bin/named/include/named/zoneconf.h
head/contrib/bind9/bin/named/interfacemgr.c
head/contrib/bind9/bin/named/log.c
head/contrib/bind9/bin/named/lwdgabn.c
head/contrib/bind9/bin/named/lwdgrbn.c
head/contrib/bind9/bin/named/lwresd.8
head/contrib/bind9/bin/named/lwresd.c
head/contrib/bind9/bin/named/lwresd.docbook
head/contrib/bind9/bin/named/lwresd.html
head/contrib/bind9/bin/named/main.c
head/contrib/bind9/bin/named/named.8
head/contrib/bind9/bin/named/named.conf.5
head/contrib/bind9/bin/named/named.conf.docbook
head/contrib/bind9/bin/named/named.conf.html
head/contrib/bind9/bin/named/named.docbook
head/contrib/bind9/bin/named/named.html
head/contrib/bind9/bin/named/query.c
head/contrib/bind9/bin/named/server.c
head/contrib/bind9/bin/named/statschannel.c
head/contrib/bind9/bin/named/tkeyconf.c
head/contrib/bind9/bin/named/tsigconf.c
head/contrib/bind9/bin/named/unix/Makefile.in
head/contrib/bind9/bin/named/unix/include/named/os.h
head/contrib/bind9/bin/named/unix/os.c
head/contrib/bind9/bin/named/update.c
head/contrib/bind9/bin/named/xfrout.c
head/contrib/bind9/bin/named/zoneconf.c
head/contrib/bind9/bin/nsupdate/Makefile.in
head/contrib/bind9/bin/nsupdate/nsupdate.1
head/contrib/bind9/bin/nsupdate/nsupdate.c
head/contrib/bind9/bin/nsupdate/nsupdate.docbook
head/contrib/bind9/bin/nsupdate/nsupdate.html
head/contrib/bind9/bin/rndc/Makefile.in
head/contrib/bind9/bin/rndc/include/rndc/os.h
head/contrib/bind9/bin/rndc/rndc.8
head/contrib/bind9/bin/rndc/rndc.c
head/contrib/bind9/bin/rndc/rndc.conf.5
head/contrib/bind9/bin/rndc/rndc.conf.html
head/contrib/bind9/bin/rndc/rndc.html
head/contrib/bind9/bin/rndc/util.h
head/contrib/bind9/config.guess
head/contrib/bind9/config.h.in
head/contrib/bind9/configure.in
head/contrib/bind9/doc/arm/Bv9ARM-book.xml
head/contrib/bind9/doc/arm/Bv9ARM.ch01.html
head/contrib/bind9/doc/arm/Bv9ARM.ch02.html
head/contrib/bind9/doc/arm/Bv9ARM.ch03.html
head/contrib/bind9/doc/arm/Bv9ARM.ch04.html
head/contrib/bind9/doc/arm/Bv9ARM.ch05.html
head/contrib/bind9/doc/arm/Bv9ARM.ch06.html
head/contrib/bind9/doc/arm/Bv9ARM.ch07.html
head/contrib/bind9/doc/arm/Bv9ARM.ch08.html
head/contrib/bind9/doc/arm/Bv9ARM.ch09.html
head/contrib/bind9/doc/arm/Bv9ARM.ch10.html
head/contrib/bind9/doc/arm/Bv9ARM.html
head/contrib/bind9/doc/arm/Bv9ARM.pdf
head/contrib/bind9/doc/arm/Makefile.in
head/contrib/bind9/doc/arm/man.dig.html
head/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html
head/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html
head/contrib/bind9/doc/arm/man.dnssec-keygen.html
head/contrib/bind9/doc/arm/man.dnssec-signzone.html
head/contrib/bind9/doc/arm/man.host.html
head/contrib/bind9/doc/arm/man.named-checkconf.html
head/contrib/bind9/doc/arm/man.named-checkzone.html
head/contrib/bind9/doc/arm/man.named.html
head/contrib/bind9/doc/arm/man.nsupdate.html
head/contrib/bind9/doc/arm/man.rndc-confgen.html
head/contrib/bind9/doc/arm/man.rndc.conf.html
head/contrib/bind9/doc/arm/man.rndc.html
head/contrib/bind9/doc/misc/Makefile.in
head/contrib/bind9/doc/misc/options
head/contrib/bind9/lib/bind9/Makefile.in
head/contrib/bind9/lib/bind9/api
head/contrib/bind9/lib/bind9/check.c
head/contrib/bind9/lib/bind9/include/bind9/getaddresses.h
head/contrib/bind9/lib/dns/Makefile.in
head/contrib/bind9/lib/dns/acl.c
head/contrib/bind9/lib/dns/adb.c
head/contrib/bind9/lib/dns/api
head/contrib/bind9/lib/dns/byaddr.c
head/contrib/bind9/lib/dns/cache.c
head/contrib/bind9/lib/dns/db.c
head/contrib/bind9/lib/dns/diff.c
head/contrib/bind9/lib/dns/dispatch.c
head/contrib/bind9/lib/dns/dlz.c
head/contrib/bind9/lib/dns/dnssec.c
head/contrib/bind9/lib/dns/ds.c
head/contrib/bind9/lib/dns/dst_api.c
head/contrib/bind9/lib/dns/dst_internal.h
head/contrib/bind9/lib/dns/dst_openssl.h
head/contrib/bind9/lib/dns/dst_parse.c
head/contrib/bind9/lib/dns/dst_parse.h
head/contrib/bind9/lib/dns/forward.c
head/contrib/bind9/lib/dns/gen-unix.h
head/contrib/bind9/lib/dns/gen.c
head/contrib/bind9/lib/dns/gssapi_link.c
head/contrib/bind9/lib/dns/gssapictx.c
head/contrib/bind9/lib/dns/hmac_link.c
head/contrib/bind9/lib/dns/include/dns/Makefile.in
head/contrib/bind9/lib/dns/include/dns/acl.h
head/contrib/bind9/lib/dns/include/dns/cache.h
head/contrib/bind9/lib/dns/include/dns/compress.h
head/contrib/bind9/lib/dns/include/dns/db.h
head/contrib/bind9/lib/dns/include/dns/diff.h
head/contrib/bind9/lib/dns/include/dns/dispatch.h
head/contrib/bind9/lib/dns/include/dns/dlz.h
head/contrib/bind9/lib/dns/include/dns/dnssec.h
head/contrib/bind9/lib/dns/include/dns/ds.h
head/contrib/bind9/lib/dns/include/dns/events.h
head/contrib/bind9/lib/dns/include/dns/forward.h
head/contrib/bind9/lib/dns/include/dns/journal.h
head/contrib/bind9/lib/dns/include/dns/keytable.h
head/contrib/bind9/lib/dns/include/dns/keyvalues.h
head/contrib/bind9/lib/dns/include/dns/lib.h
head/contrib/bind9/lib/dns/include/dns/log.h
head/contrib/bind9/lib/dns/include/dns/lookup.h
head/contrib/bind9/lib/dns/include/dns/master.h
head/contrib/bind9/lib/dns/include/dns/masterdump.h
head/contrib/bind9/lib/dns/include/dns/message.h
head/contrib/bind9/lib/dns/include/dns/name.h
head/contrib/bind9/lib/dns/include/dns/ncache.h
head/contrib/bind9/lib/dns/include/dns/nsec3.h
head/contrib/bind9/lib/dns/include/dns/peer.h
head/contrib/bind9/lib/dns/include/dns/rbt.h
head/contrib/bind9/lib/dns/include/dns/rdata.h
head/contrib/bind9/lib/dns/include/dns/rdataset.h
head/contrib/bind9/lib/dns/include/dns/request.h
head/contrib/bind9/lib/dns/include/dns/resolver.h
head/contrib/bind9/lib/dns/include/dns/result.h
head/contrib/bind9/lib/dns/include/dns/sdb.h
head/contrib/bind9/lib/dns/include/dns/sdlz.h
head/contrib/bind9/lib/dns/include/dns/secalg.h
head/contrib/bind9/lib/dns/include/dns/soa.h
head/contrib/bind9/lib/dns/include/dns/ssu.h
head/contrib/bind9/lib/dns/include/dns/stats.h
head/contrib/bind9/lib/dns/include/dns/tkey.h
head/contrib/bind9/lib/dns/include/dns/tsig.h
head/contrib/bind9/lib/dns/include/dns/types.h
head/contrib/bind9/lib/dns/include/dns/validator.h
head/contrib/bind9/lib/dns/include/dns/view.h
head/contrib/bind9/lib/dns/include/dns/xfrin.h
head/contrib/bind9/lib/dns/include/dns/zone.h
head/contrib/bind9/lib/dns/include/dst/dst.h
head/contrib/bind9/lib/dns/include/dst/gssapi.h
head/contrib/bind9/lib/dns/iptable.c
head/contrib/bind9/lib/dns/journal.c
head/contrib/bind9/lib/dns/keytable.c
head/contrib/bind9/lib/dns/lib.c
head/contrib/bind9/lib/dns/log.c
head/contrib/bind9/lib/dns/master.c
head/contrib/bind9/lib/dns/masterdump.c
head/contrib/bind9/lib/dns/message.c
head/contrib/bind9/lib/dns/name.c
head/contrib/bind9/lib/dns/ncache.c
head/contrib/bind9/lib/dns/nsec.c
head/contrib/bind9/lib/dns/nsec3.c
head/contrib/bind9/lib/dns/openssl_link.c
head/contrib/bind9/lib/dns/openssldh_link.c
head/contrib/bind9/lib/dns/openssldsa_link.c
head/contrib/bind9/lib/dns/opensslrsa_link.c
head/contrib/bind9/lib/dns/peer.c
head/contrib/bind9/lib/dns/rbt.c
head/contrib/bind9/lib/dns/rbtdb.c
head/contrib/bind9/lib/dns/rcode.c
head/contrib/bind9/lib/dns/rdata.c
head/contrib/bind9/lib/dns/rdata/any_255/tsig_250.c
head/contrib/bind9/lib/dns/rdata/ch_3/a_1.c
head/contrib/bind9/lib/dns/rdata/generic/afsdb_18.c
head/contrib/bind9/lib/dns/rdata/generic/cert_37.c
head/contrib/bind9/lib/dns/rdata/generic/cname_5.c
head/contrib/bind9/lib/dns/rdata/generic/dlv_32769.c
head/contrib/bind9/lib/dns/rdata/generic/dname_39.c
head/contrib/bind9/lib/dns/rdata/generic/dnskey_48.c
head/contrib/bind9/lib/dns/rdata/generic/ds_43.c
head/contrib/bind9/lib/dns/rdata/generic/gpos_27.c
head/contrib/bind9/lib/dns/rdata/generic/hinfo_13.c
head/contrib/bind9/lib/dns/rdata/generic/ipseckey_45.c
head/contrib/bind9/lib/dns/rdata/generic/isdn_20.c
head/contrib/bind9/lib/dns/rdata/generic/key_25.c
head/contrib/bind9/lib/dns/rdata/generic/loc_29.c
head/contrib/bind9/lib/dns/rdata/generic/mb_7.c
head/contrib/bind9/lib/dns/rdata/generic/md_3.c
head/contrib/bind9/lib/dns/rdata/generic/mf_4.c
head/contrib/bind9/lib/dns/rdata/generic/mg_8.c
head/contrib/bind9/lib/dns/rdata/generic/minfo_14.c
head/contrib/bind9/lib/dns/rdata/generic/mr_9.c
head/contrib/bind9/lib/dns/rdata/generic/mx_15.c
head/contrib/bind9/lib/dns/rdata/generic/ns_2.c
head/contrib/bind9/lib/dns/rdata/generic/nsec3_50.c
head/contrib/bind9/lib/dns/rdata/generic/nsec3param_51.c
head/contrib/bind9/lib/dns/rdata/generic/nsec_47.c
head/contrib/bind9/lib/dns/rdata/generic/null_10.c
head/contrib/bind9/lib/dns/rdata/generic/nxt_30.c
head/contrib/bind9/lib/dns/rdata/generic/opt_41.c
head/contrib/bind9/lib/dns/rdata/generic/proforma.c
head/contrib/bind9/lib/dns/rdata/generic/ptr_12.c
head/contrib/bind9/lib/dns/rdata/generic/rp_17.c
head/contrib/bind9/lib/dns/rdata/generic/rrsig_46.c
head/contrib/bind9/lib/dns/rdata/generic/rt_21.c
head/contrib/bind9/lib/dns/rdata/generic/sig_24.c
head/contrib/bind9/lib/dns/rdata/generic/soa_6.c
head/contrib/bind9/lib/dns/rdata/generic/spf_99.c
head/contrib/bind9/lib/dns/rdata/generic/sshfp_44.c
head/contrib/bind9/lib/dns/rdata/generic/tkey_249.c
head/contrib/bind9/lib/dns/rdata/generic/txt_16.c
head/contrib/bind9/lib/dns/rdata/generic/unspec_103.c
head/contrib/bind9/lib/dns/rdata/generic/x25_19.c
head/contrib/bind9/lib/dns/rdata/hs_4/a_1.c
head/contrib/bind9/lib/dns/rdata/in_1/a6_38.c
head/contrib/bind9/lib/dns/rdata/in_1/a_1.c
head/contrib/bind9/lib/dns/rdata/in_1/aaaa_28.c
head/contrib/bind9/lib/dns/rdata/in_1/apl_42.c
head/contrib/bind9/lib/dns/rdata/in_1/dhcid_49.c
head/contrib/bind9/lib/dns/rdata/in_1/kx_36.c
head/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c
head/contrib/bind9/lib/dns/rdata/in_1/nsap-ptr_23.c
head/contrib/bind9/lib/dns/rdata/in_1/nsap_22.c
head/contrib/bind9/lib/dns/rdata/in_1/px_26.c
head/contrib/bind9/lib/dns/rdata/in_1/srv_33.c
head/contrib/bind9/lib/dns/rdata/in_1/wks_11.c
head/contrib/bind9/lib/dns/rdatalist.c
head/contrib/bind9/lib/dns/rdataset.c
head/contrib/bind9/lib/dns/rdataslab.c
head/contrib/bind9/lib/dns/request.c
head/contrib/bind9/lib/dns/resolver.c
head/contrib/bind9/lib/dns/result.c
head/contrib/bind9/lib/dns/rootns.c
head/contrib/bind9/lib/dns/sdb.c
head/contrib/bind9/lib/dns/sdlz.c
head/contrib/bind9/lib/dns/soa.c
head/contrib/bind9/lib/dns/spnego.c
head/contrib/bind9/lib/dns/ssu.c
head/contrib/bind9/lib/dns/stats.c
head/contrib/bind9/lib/dns/time.c
head/contrib/bind9/lib/dns/tkey.c
head/contrib/bind9/lib/dns/tsig.c
head/contrib/bind9/lib/dns/validator.c
head/contrib/bind9/lib/dns/view.c
head/contrib/bind9/lib/dns/xfrin.c
head/contrib/bind9/lib/dns/zone.c
head/contrib/bind9/lib/isc/Makefile.in
head/contrib/bind9/lib/isc/alpha/include/isc/atomic.h
head/contrib/bind9/lib/isc/api
head/contrib/bind9/lib/isc/assertions.c
head/contrib/bind9/lib/isc/base32.c
head/contrib/bind9/lib/isc/base64.c
head/contrib/bind9/lib/isc/entropy.c
head/contrib/bind9/lib/isc/hash.c
head/contrib/bind9/lib/isc/heap.c
head/contrib/bind9/lib/isc/hmacmd5.c
head/contrib/bind9/lib/isc/hmacsha.c
head/contrib/bind9/lib/isc/httpd.c
head/contrib/bind9/lib/isc/ia64/include/isc/atomic.h
head/contrib/bind9/lib/isc/include/isc/Makefile.in
head/contrib/bind9/lib/isc/include/isc/app.h
head/contrib/bind9/lib/isc/include/isc/assertions.h
head/contrib/bind9/lib/isc/include/isc/buffer.h
head/contrib/bind9/lib/isc/include/isc/entropy.h
head/contrib/bind9/lib/isc/include/isc/error.h
head/contrib/bind9/lib/isc/include/isc/file.h
head/contrib/bind9/lib/isc/include/isc/fsaccess.h
head/contrib/bind9/lib/isc/include/isc/hash.h
head/contrib/bind9/lib/isc/include/isc/heap.h
head/contrib/bind9/lib/isc/include/isc/hmacmd5.h
head/contrib/bind9/lib/isc/include/isc/hmacsha.h
head/contrib/bind9/lib/isc/include/isc/lib.h
head/contrib/bind9/lib/isc/include/isc/log.h
head/contrib/bind9/lib/isc/include/isc/md5.h
head/contrib/bind9/lib/isc/include/isc/mem.h
head/contrib/bind9/lib/isc/include/isc/msgs.h
head/contrib/bind9/lib/isc/include/isc/netaddr.h
head/contrib/bind9/lib/isc/include/isc/netscope.h
head/contrib/bind9/lib/isc/include/isc/platform.h.in
head/contrib/bind9/lib/isc/include/isc/portset.h
head/contrib/bind9/lib/isc/include/isc/radix.h
head/contrib/bind9/lib/isc/include/isc/random.h
head/contrib/bind9/lib/isc/include/isc/ratelimiter.h
head/contrib/bind9/lib/isc/include/isc/refcount.h
head/contrib/bind9/lib/isc/include/isc/result.h
head/contrib/bind9/lib/isc/include/isc/resultclass.h
head/contrib/bind9/lib/isc/include/isc/serial.h
head/contrib/bind9/lib/isc/include/isc/sha1.h
head/contrib/bind9/lib/isc/include/isc/sha2.h
head/contrib/bind9/lib/isc/include/isc/sockaddr.h
head/contrib/bind9/lib/isc/include/isc/socket.h
head/contrib/bind9/lib/isc/include/isc/stats.h
head/contrib/bind9/lib/isc/include/isc/symtab.h
head/contrib/bind9/lib/isc/include/isc/task.h
head/contrib/bind9/lib/isc/include/isc/timer.h
head/contrib/bind9/lib/isc/include/isc/types.h
head/contrib/bind9/lib/isc/include/isc/util.h
head/contrib/bind9/lib/isc/inet_aton.c
head/contrib/bind9/lib/isc/inet_ntop.c
head/contrib/bind9/lib/isc/iterated_hash.c
head/contrib/bind9/lib/isc/lib.c
head/contrib/bind9/lib/isc/log.c
head/contrib/bind9/lib/isc/md5.c
head/contrib/bind9/lib/isc/mem.c
head/contrib/bind9/lib/isc/netaddr.c
head/contrib/bind9/lib/isc/nls/Makefile.in
head/contrib/bind9/lib/isc/nothreads/Makefile.in
head/contrib/bind9/lib/isc/powerpc/include/isc/atomic.h
head/contrib/bind9/lib/isc/print.c
head/contrib/bind9/lib/isc/pthreads/Makefile.in
head/contrib/bind9/lib/isc/pthreads/mutex.c
head/contrib/bind9/lib/isc/radix.c
head/contrib/bind9/lib/isc/random.c
head/contrib/bind9/lib/isc/rwlock.c
head/contrib/bind9/lib/isc/sha1.c
head/contrib/bind9/lib/isc/sha2.c
head/contrib/bind9/lib/isc/sockaddr.c
head/contrib/bind9/lib/isc/stats.c
head/contrib/bind9/lib/isc/task.c
head/contrib/bind9/lib/isc/task_p.h
head/contrib/bind9/lib/isc/timer.c
head/contrib/bind9/lib/isc/timer_p.h
head/contrib/bind9/lib/isc/unix/Makefile.in
head/contrib/bind9/lib/isc/unix/app.c
head/contrib/bind9/lib/isc/unix/dir.c
head/contrib/bind9/lib/isc/unix/entropy.c
head/contrib/bind9/lib/isc/unix/file.c
head/contrib/bind9/lib/isc/unix/ifiter_getifaddrs.c
head/contrib/bind9/lib/isc/unix/ifiter_ioctl.c
head/contrib/bind9/lib/isc/unix/include/isc/net.h
head/contrib/bind9/lib/isc/unix/include/isc/offset.h
head/contrib/bind9/lib/isc/unix/include/isc/strerror.h
head/contrib/bind9/lib/isc/unix/include/isc/time.h
head/contrib/bind9/lib/isc/unix/interfaceiter.c
head/contrib/bind9/lib/isc/unix/resource.c
head/contrib/bind9/lib/isc/unix/socket.c
head/contrib/bind9/lib/isc/unix/socket_p.h
head/contrib/bind9/lib/isc/unix/strerror.c
head/contrib/bind9/lib/isccc/Makefile.in
head/contrib/bind9/lib/isccc/api
head/contrib/bind9/lib/isccfg/Makefile.in
head/contrib/bind9/lib/isccfg/aclconf.c
head/contrib/bind9/lib/isccfg/api
head/contrib/bind9/lib/isccfg/include/isccfg/aclconf.h
head/contrib/bind9/lib/isccfg/include/isccfg/cfg.h
head/contrib/bind9/lib/isccfg/include/isccfg/grammar.h
head/contrib/bind9/lib/isccfg/include/isccfg/log.h
head/contrib/bind9/lib/isccfg/include/isccfg/namedconf.h
head/contrib/bind9/lib/isccfg/namedconf.c
head/contrib/bind9/lib/isccfg/parser.c
head/contrib/bind9/lib/lwres/api
head/contrib/bind9/lib/lwres/context.c
head/contrib/bind9/lib/lwres/context_p.h
head/contrib/bind9/lib/lwres/getaddrinfo.c
head/contrib/bind9/lib/lwres/getipnode.c
head/contrib/bind9/lib/lwres/include/lwres/context.h
head/contrib/bind9/lib/lwres/include/lwres/netdb.h.in
head/contrib/bind9/lib/lwres/lwconfig.c
head/contrib/bind9/lib/lwres/man/lwres.3
head/contrib/bind9/lib/lwres/man/lwres.html
head/contrib/bind9/lib/lwres/man/lwres_buffer.3
head/contrib/bind9/lib/lwres/man/lwres_buffer.html
head/contrib/bind9/lib/lwres/man/lwres_config.3
head/contrib/bind9/lib/lwres/man/lwres_config.html
head/contrib/bind9/lib/lwres/man/lwres_context.3
head/contrib/bind9/lib/lwres/man/lwres_context.html
head/contrib/bind9/lib/lwres/man/lwres_gabn.3
head/contrib/bind9/lib/lwres/man/lwres_gabn.html
head/contrib/bind9/lib/lwres/man/lwres_gai_strerror.3
head/contrib/bind9/lib/lwres/man/lwres_gai_strerror.html
head/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.3
head/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html
head/contrib/bind9/lib/lwres/man/lwres_gethostent.3
head/contrib/bind9/lib/lwres/man/lwres_gethostent.html
head/contrib/bind9/lib/lwres/man/lwres_getipnode.3
head/contrib/bind9/lib/lwres/man/lwres_getipnode.html
head/contrib/bind9/lib/lwres/man/lwres_getnameinfo.3
head/contrib/bind9/lib/lwres/man/lwres_getnameinfo.html
head/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.3
head/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html
head/contrib/bind9/lib/lwres/man/lwres_gnba.3
head/contrib/bind9/lib/lwres/man/lwres_gnba.html
head/contrib/bind9/lib/lwres/man/lwres_hstrerror.3
head/contrib/bind9/lib/lwres/man/lwres_hstrerror.html
head/contrib/bind9/lib/lwres/man/lwres_inetntop.3
head/contrib/bind9/lib/lwres/man/lwres_inetntop.html
head/contrib/bind9/lib/lwres/man/lwres_noop.3
head/contrib/bind9/lib/lwres/man/lwres_noop.html
head/contrib/bind9/lib/lwres/man/lwres_packet.3
head/contrib/bind9/lib/lwres/man/lwres_packet.html
head/contrib/bind9/lib/lwres/man/lwres_resutil.3
head/contrib/bind9/lib/lwres/man/lwres_resutil.html
head/contrib/bind9/lib/lwres/print_p.h
head/contrib/bind9/make/rules.in
head/contrib/bind9/version
Directory Properties:
head/contrib/bind9/ (props changed)
Modified: head/contrib/bind9/CHANGES
==============================================================================
--- head/contrib/bind9/CHANGES Sat Jul 16 10:51:12 2011 (r224091)
+++ head/contrib/bind9/CHANGES Sat Jul 16 11:12:09 2011 (r224092)
@@ -1,17 +1,28 @@
- --- 9.6-ESV-R4-P3 released ---
+ --- 9.8.0-P4 released ---
3124. [bug] Use an rdataset attribute flag to indicate
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777]
- --- 9.6-ESV-R4-P2 released (withdrawn) ---
+ --- 9.8.0-P3 released (withdrawn) ---
+
+3126. [security] Using DNAME record to generate replacements caused
+ RPZ to exit with a assertion failure. [RT #23766]
+
+3125. [security] Using wildcard CNAME records as a replacement with
+ RPZ caused named to exit with a assertion failure.
+ [RT #24715]
3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]
- --- 9.6-ESV-R4-P1 released ---
+3115. [bug] Named could fail to return requested data when
+ following a CNAME that points into the same zone.
+ [RT #2445]
+
+ --- 9.8.0-P2 released ---
3121. [security] An authoritative name server sending a negative
response containing a very large RRset could
@@ -22,22 +33,114 @@
that validated insecure without using DLV and had
DS records in the parent zone. [RT #24631]
- --- 9.6-ESV-R4 released ---
+ --- 9.8.0-P1 released ---
+
+3100. [security] Certain response policy zone configurations could
+ trigger an INSIST when receiving a query of type
+ RRSIG. [RT #24280]
+
+ --- 9.8.0 released ---
+
+3025. [bug] Fixed a possible deadlock due to zone resigning.
+ [RT #22964]
+
+3024. [func] RTT Banding removed due to minor security increase
+ but major impact on resolver latency. [RT #23310]
+
+3023. [bug] Named could be left in an inconsistent state when
+ receiving multiple AXFR response messages that were
+ not all TSIG-signed. [RT #23254]
+
+3022. [bug] Fixed rpz SERVFAILs after failed zone transfers
+ [RT #23246]
+
+3021. [bug] Change #3010 was incomplete. [RT #22296]
+
+3020. [bug] auto-dnssec failed to correctly update the zone when
+ changing the DNSKEY RRset. [RT #23232]
+
+3019. [test] Test: check apex NSEC3 records after adding DNSKEY
+ record via UPDATE. [RT #23229]
+
+ --- 9.8.0rc1 released ---
+
+3018. [bug] Named failed to check for the "none;" acl when deciding
+ if a zone may need to be re-signed. [RT #23120]
+
+3017. [doc] dnssec-keyfromlabel -I was not properly documented.
+ [RT #22887]
- --- 9.6.3 released ---
+3016. [bug] rndc usage missing '-b'. [RT #22937]
+
+3015. [port] win32: fix IN6_IS_ADDR_LINKLOCAL and
+ IN6_IS_ADDR_SITELOCAL macros. [RT #22724]
+
+3013. [bug] The DNS64 ttl was not always being set as expected.
+ [RT #23034]
+
+3012. [bug] Remove DNSKEY TTL change pairs before generating
+ signing records for any remaining DNSKEY changes.
+ [RT #22590]
+
+3011. [func] Allow setting this in named.conf using the new
+ 'resolver-query-timeout' option, which specifies a max
+ time in seconds. 0 means 'default' and anything longer
+ than 30 will be silently set to 30. [RT #22852]
+
+3010. [bug] Fixed a bug where "rndc reconfig" stopped the timer
+ for refreshing managed-keys. [RT #22296]
3009. [bug] clients-per-query code didn't work as expected with
particular query patterns. [RT #22972]
- --- 9.6.3rc1 released ---
+ --- 9.8.0b1 released ---
+
+3008. [func] Response policy zones (RPZ) support. [RT #21726]
3007. [bug] Named failed to preserve the case of domain names in
rdata which is not compressible when writing master
files. [RT #22863]
+3006. [func] Allow dynamically generated TSIG keys to be preserved
+ across restarts of named. Initially this is for
+ TSIG keys generated using GSSAPI. [RT #22639]
+
+3005. [port] Solaris: Work around the lack of
+ gsskrb5_register_acceptor_identity() by setting
+ the KRB5_KTNAME environment variable to the
+ contents of tkey-gssapi-keytab. Also fixed
+ test errors on MacOSX. [RT #22853]
+
+3004. [func] DNS64 reverse support. [RT #22769]
+
+3003. [experimental] Added update-policy match type "external",
+ enabling named to defer the decision of whether to
+ allow a dynamic update to an external daemon.
+ (Contributed by Andrew Tridgell.) [RT #22758]
+
3002. [bug] isc_mutex_init_errcheck() failed to destroy attr.
[RT #22766]
+3001. [func] Added a default trust anchor for the root zone, which
+ can be switched on by setting "dnssec-validation auto;"
+ in the named.conf options. [RT #21727]
+
+3000. [bug] More TKEY/GSS fixes:
+ - nsupdate can now get the default realm from
+ the user's Kerberos principal
+ - corrected gsstest compilation flags
+ - improved documentation
+ - fixed some NULL dereferences
+ [RT #22795]
+
+2999. [func] Add GOST support (RFC 5933). [RT #20639]
+
+2998. [func] Add isc_task_beginexclusive and isc_task_endexclusive
+ to the task api. [RT #22776]
+
+2997. [func] named -V now reports the OpenSSL and libxml2 verions
+ it was compiled against. [RT #22687]
+
2996. [security] Temporarily disable SO_ACCEPTFILTER support.
[RT #22589]
@@ -48,13 +151,52 @@
do not use threads on earlier versions. Also kill
the unproven-pthreads, mit-pthreads, and ptl2 support.
+2993. [func] Dynamically grow adb hash tables. [RT #21186]
+
+2992. [contrib] contrib/check-secure-delegation.pl: A simple tool
+ for looking at a secure delegation. [RT #22059]
+
+2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for
+ dynamic zones. [RT #22365]
+
+2990. [bug] 'dnssec-settime -S' no longer tests prepublication
+ interval validity when the interval is set to 0.
+ [RT #22761]
+
+2989. [func] Added support for writable DLZ zones. (Contributed
+ by Andrew Tridgell of the Samba project.) [RT #22629]
+
+2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation
+ of external DLZ drivers that can be loaded as
+ shared objects at runtime rather than linked with
+ named. Currently this is switched on via a
+ compile-time option, "configure --with-dlz-dlopen".
+ Note: the syntax for configuring DLZ zones
+ is likely to be refined in future releases.
+ (Contributed by Andrew Tridgell of the Samba
+ project.) [RT #22629]
+
+2987. [func] Improve ease of configuring TKEY/GSS updates by
+ adding a "tkey-gssapi-keytab" option. If set,
+ updates will be allowed with any key matching
+ a principal in the specified keytab file.
+ "tkey-gssapi-credential" is no longer required
+ and is expected to be deprecated. (Contributed
+ by Andrew Tridgell of the Samba project.)
+ [RT #22629]
+
+2986. [func] Add new zone type "static-stub". It's like a stub
+ zone, but the nameserver names and/or their IP
+ addresses are statically configured. [RT #21474]
+
+2985. [bug] Add a regression test for change #2896. [RT #21324]
+
2984. [bug] Don't run MX checks when the target of the MX record
is ".". [RT #22645]
-2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
- [RT #20768]
+2983. [bug] Include "loadkeys" in rndc help output. [RT #22493]
- --- 9.6.3b1 released ---
+ --- 9.8.0a1 released ---
2982. [bug] Reference count dst keys. dst_key_attach() can be used
increment the reference count.
@@ -63,34 +205,103 @@
always call dst_key_free() rather than setting it
to NULL on success. [RT #22672]
+2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991]
+
+2980. [bug] named didn't properly handle UPDATES that changed the
+ TTL of the NSEC3PARAM RRset. [RT #22363]
+
2979. [bug] named could deadlock during shutdown if two
"rndc stop" commands were issued at the same
time. [RT #22108]
2978. [port] hpux: look for <devpoll.h> [RT #21919]
+2977. [bug] 'nsupdate -l' report if the session key is missing.
+ [RT #21670]
+
2976. [bug] named could die on exit after negotiating a GSS-TSIG
key. [RT #22573]
-2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() aquired the
+2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
wrong lock which could lead to server deadlock.
[RT #22614]
+2974. [bug] Some valid UPDATE requests could fail due to a
+ consistency check examining the existing version
+ of the zone rather than the new version resulting
+ from the UPDATE. [RT #22413]
+
+2973. [bug] bind.keys.h was being removed by the "make clean"
+ at the end of configure resulting in build failures
+ where there is very old version of perl installed.
+ Move it to "make maintainer-clean". [RT #22230]
+
+2972. [bug] win32: address windows socket errors. [RT #21906]
+
+2971. [bug] Fixed a bug that caused journal files not to be
+ compacted on Windows systems as a result of
+ non-POSIX-compliant rename() semantics. [RT #22434]
+
+2970. [security] Adding a NO DATA negative cache entry failed to clear
+ any matching RRSIG records. A subsequent lookup of
+ of NO DATA cache entry could trigger a INSIST when the
+ unexpected RRSIG was also returned with the NO DATA
+ cache entry.
+
+ CVE-2010-3613, VU#706148. [RT #22288]
+
+2969. [security] Fix acl type processing so that allow-query works
+ in options and view statements. Also add a new
+ set of tests to verify proper functioning.
+
+ CVE-2010-3615, VU#510208. [RT #22418]
+
+2968. [security] Named could fail to prove a data set was insecure
+ before marking it as insecure. One set of conditions
+ that can trigger this occurs naturally when rolling
+ DNSKEY algorithms.
+
+ CVE-2010-3614, VU#837744. [RT #22309]
+
+2967. [bug] 'host -D' now turns on debugging messages earlier.
+ [RT #22361]
+
+2966. [bug] isc_print_vsnprintf() failed to check if there was
+ space available in the buffer when adding a left
+ justified character with a non zero width,
+ (e.g. "%-1c"). [RT #22270]
+
2965. [func] Test HMAC functions using test data from RFC 2104 and
RFC 4634. [RT #21702]
+2964. [placeholder]
+
+2963. [security] The allow-query acl was being applied instead of the
+ allow-query-cache acl to cache lookups. [RT #22114]
+
+2962. [port] win32: add more dependencies to BINDBuild.dsw.
+ [RT #22062]
+
+2961. [bug] Be still more selective about the non-authoritative
+ answers we apply change 2748 to. [RT #22074]
+
2960. [func] Check that named accepts non-authoritative answers.
[RT #21594]
2959. [func] Check that named starts with a missing masterfile.
[RT #22076]
+2958. [bug] named failed to start with a missing master file.
+ [RT #22076]
+
2957. [bug] entropy_get() and entropy_getpseudo() failed to match
the API for RAND_bytes() and RAND_pseudo_bytes()
respectively. [RT #21962]
2956. [port] Enable atomic operations on the PowerPC64. [RT #21899]
+2955. [func] Provide more detail in the recursing log. [RT #22043]
+
2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
build_sqldbinstance failure. [RT #21623]
@@ -98,10 +309,26 @@
exact match" message when returning a wildcard
no data response. [RT #21744]
+2952. [port] win32: named-checkzone and named-checkconf failed
+ to initialise winsock. [RT #21932]
+
+2951. [bug] named failed to generate a correct signed response
+ in a optout, delegation only zone with no secure
+ delegations. [RT #22007]
+
2950. [bug] named failed to perform a SOA up to date check when
falling back to TCP on UDP timeouts when
ixfr-from-differences was set. [RT #21595]
+2949. [bug] dns_view_setnewzones() contained a memory leak if
+ it was called multiple times. [RT #21942]
+
+2948. [port] MacOS: provide a mechanism to configure the test
+ interfaces at reboot. See bin/tests/system/README
+ for details.
+
+2947. [placeholder]
+
2946. [doc] Document the default values for the minimum and maximum
zone refresh and retry values in the ARM. [RT #21886]
@@ -110,12 +337,59 @@
2944. [maint] Remove ORCHID prefix from built in empty zones.
[RT #21772]
+2943. [func] Add support to load new keys into managed zones
+ without signing immediately with "rndc loadkeys".
+ Add support to link keys with "dnssec-keygen -S"
+ and "dnssec-settime -S". [RT #21351]
+
2942. [contrib] zone2sqlite failed to setup the entropy sources.
[RT #21610]
2941. [bug] sdb and sdlz (dlz's zone database) failed to support
DNAME at the zone apex. [RT #21610]
+2940. [port] Remove connection aborted error message on
+ Windows. [RT #21549]
+
+2939. [func] Check that named successfully skips NSEC3 records
+ that fail to match the NSEC3PARAM record currently
+ in use. [RT# 21868]
+
+2938. [bug] When generating signed responses, from a signed zone
+ that uses NSEC3, named would use a uninitialised
+ pointer if it needed to skip a NSEC3 record because
+ it didn't match the selected NSEC3PARAM record for
+ zone. [RT# 21868]
+
+2937. [bug] Worked around an apparent race condition in over
+ memory conditions. Without this fix a DNS cache DB or
+ ADB could incorrectly stay in an over memory state,
+ effectively refusing further caching, which
+ subsequently made a BIND 9 caching server unworkable.
+ This fix prevents this problem from happening by
+ polling the state of the memory context, rather than
+ making a copy of the state, which appeared to cause
+ a race. This is a "workaround" in that it doesn't
+ solve the possible race per se, but several experiments
+ proved this change solves the symptom. Also, the
+ polling overhead hasn't been reported to be an issue.
+ This bug should only affect a caching server that
+ specifies a finite max-cache-size. It's also quite
+ likely that the bug happens only when enabling threads,
+ but it's not confirmed yet. [RT #21818]
+
+2936. [func] Improved configuration syntax and multiple-view
+ support for addzone/delzone feature (see change
+ #2930). Removed "new-zone-file" option, replaced
+ with "allow-new-zones (yes|no)". The new-zone-file
+ for each view is now created automatically, with
+ a filename generated from a hash of the view name.
+ It is no longer necessary to "include" the
+ new-zone-file in named.conf; this happens
+ automatically. Zones that were not added via
+ "rndc addzone" can no longer be removed with
+ "rndc delzone". [RT #19447]
+
2935. [bug] nsupdate: improve 'file not found' error message.
[RT #21871]
@@ -136,6 +410,17 @@
revisit the issue and complete the fix later.
[RT #21710]
+2930. [experimental] New "rndc addzone" and "rndc delzone" commads
+ allow dynamic addition and deletion of zones.
+ To enable this feature, specify a "new-zone-file"
+ option at the view or options level in named.conf.
+ Zone configuration information for the new zones
+ will be written into that file. To make the new
+ zones persist after a restart, "include" the file
+ into named.conf in the appropriate view. (Note:
+ This feature is not yet documented, and its syntax
+ is expected to change.) [RT #19447]
+
2929. [bug] Improved handling of GSS security contexts:
- added LRU expiration for generated TSIGs
- added the ability to use a non-default realm
@@ -145,19 +430,49 @@
smaller)
[RT #19737]
+2928. [bug] Be more selective about the non-authoritative
+ answer we apply change 2748 to. [RT #21594]
+
+2927. [placeholder]
+
+2926. [placeholder]
+h
+2925. [bug] Named failed to accept uncachable negative responses
+ from insecure zones. [RT# 21555]
+
+2924. [func] 'rndc secroots' dump a combined summary of the
+ current managed keys combined with trusted keys.
+ [RT #20904]
+
2923. [bug] 'dig +trace' could drop core after "connection
timeout". [RT #21514]
2922. [contrib] Update zkt to version 1.0.
+2921. [bug] The resolver could attempt to destroy a fetch context
+ too soon. [RT #19878]
+
+2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
+ to IPv4 clients. New acl 'filter-aaaa' (default any).
+
+2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.
+ [RT #20840]
+
2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
+2917. [func] Virtual time test framework. [RT #20801]
+
2916. [func] Add framework to use IPv6 in tests.
fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
2915. [cleanup] Be smarter about which objects we attempt to compile
based on configure options. [RT #21444]
+2914. [bug] Make the "autosign" system test more portable.
+ [RT #20997]
+
+2913. [func] Add pkcs#11 system tests. [RT #20784]
+
2912. [func] Windows clients don't like UPDATE responses that clear
the zone section. [RT #20986]
@@ -166,9 +481,17 @@
2910. [func] Sanity check Kerberos credentials. [RT #20986]
+2909. [bug] named-checkconf -p could die if "update-policy local;"
+ was specified in named.conf. [RT #21416]
+
2908. [bug] It was possible for re-signing to stop after removing
a DNSKEY. [RT #21384]
+2907. [bug] The export version of libdns had undefined references.
+ [RT #21444]
+
+2906. [bug] Address RFC 5011 implementation issues. [RT #20903]
+
2905. [port] aix: set use_atomic=yes with native compiler.
[RT #21402]
@@ -177,23 +500,55 @@
secure leading to negative proofs failing. This was
a unintended outcome from change 2890. [RT# 21392]
+2903. [bug] managed-keys-directory missing from namedconf.c.
+ [RT #21370]
+
+2902. [func] Add regression test for change 2897. [RT #21040]
+
2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
+2900. [bug] The placeholder negative caching element was not
+ properly constructed triggering a INSIST in
+ dns_ncache_towire(). [RT #21346]
+
2899. [port] win32: Support linking against OpenSSL 1.0.0.
2898. [bug] nslookup leaked memory when -domain=value was
specified. [RT #21301]
+2897. [bug] NSEC3 chains could be left behind when transitioning
+ to insecure. [RT #21040]
+
+2896. [bug] "rndc sign" failed to properly update the zone
+ when adding a DNSKEY for publication only. [RT #21045]
+
+2895. [func] genrandom: add support for the generation of multiple
+ files. [RT #20917]
+
2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
+2893. [bug] Improve managed keys support. New named.conf option
+ managed-keys-directory. [RT #20924]
+
+2892. [bug] Handle REVOKED keys better. [RT #20961]
+
2891. [maint] Update empty-zones list to match
draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
+2890. [bug] Handle the introduction of new trusted-keys and
+ DS, DLV RRsets better. [RT #21097]
+
2889. [bug] Elements of the grammar where not properly reported.
[RT #21046]
2888. [bug] Only the first EDNS option was displayed. [RT #21273]
+2887. [bug] Report the keytag times in UTC in the .key file,
+ local time is presented as a comment within the
+ comment. [RT #21223]
+
+2886. [bug] ctime() is not thread safe. [RT #21223]
+
2885. [bug] Improve -fno-strict-aliasing support probing in
configure. [RT #21080]
@@ -209,12 +564,21 @@
2881. [bug] Reduce the amount of time the rbtdb write lock
is held when closing a version. [RT #21198]
+2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
+ consistent. [RT #21078]
+
2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
[RT #21106]
+2878. [func] Incrementally write the master file after performing
+ a AXFR. [RT #21010]
+
2877. [bug] The validator failed to skip obviously mismatching
RRSIGs. [RT #21138]
+2876. [bug] Named could return SERVFAIL for negative responses
+ from unsigned zones. [RT #21131]
+
2875. [bug] dns_time64_fromtext() could accept non digits.
[RT #21033]
@@ -222,8 +586,22 @@
successfully responds to the query using plain DNS.
[RT #20930]
+2873. [bug] Cancelling a dynamic update via the dns/client module
+ could trigger an assertion failure. [RT #21133]
+
+2872. [bug] Modify dns/client.c:dns_client_createx() to only
+ require one of IPv4 or IPv6 rather than both.
+ [RT #21122]
+
+2871. [bug] Type mismatch in mem_api.c between the definition and
+ the header file, causing build failure with
+ --enable-exportlib. [RT #21138]
+
2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
+2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
+ [RT #20877]
+
2868. [cleanup] Run "make clean" at the end of configure to ensure
any changes made by configure are integrated.
Use --with-make-clean=no to disable. [RT #20994]
@@ -245,6 +623,11 @@
2862. [bug] nsupdate didn't default to the parent zone when
updating DS records. [RT #20896]
+2861. [doc] dnssec-settime man pages didn't correctly document the
+ inactivation time. [RT #21039]
+
+2860. [bug] named-checkconf's usage was out of date. [RT #21039]
+
2859. [bug] When cancelling validation it was possible to leak
memory. [RT #20800]
@@ -257,111 +640,18 @@
2856. [bug] The size of a memory allocation was not always properly
recorded. [RT #20927]
-2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
-
-2851. [doc] nslookup.1, removed <informalexample> from the docbook
- source as it produced bad nroff. [RT #21007]
-
- --- 9.6-ESV-R3 released ---
-
-2972. [bug] win32: address windows socket errors. [RT #21906]
-
-2971. [bug] Fixed a bug that caused journal files not to be
- compacted on Windows systems as a result of
- non-POSIX-compliant rename() semantics. [RT #22434]
-
-2970. [security] Adding a NO DATA negative cache entry failed to clear
- any matching RRSIG records. A subsequent lookup of
- of NO DATA cache entry could trigger a INSIST when the
- unexpected RRSIG was also returned with the NO DATA
- cache entry.
-
- CVE-2010-3613, VU#706148. [RT #22288]
-
-2969. [security] Fix acl type processing so that allow-query works
- in options and view statements. Also add a new
- set of tests to verify proper functioning.
-
- CVE-2010-3615, VU#510208. [RT #22418]
-
-2968. [security] Named could fail to prove a data set was insecure
- before marking it as insecure. One set of conditions
- that can trigger this occurs naturally when rolling
- DNSKEY algorithms.
-
- CVE-2010-3614, VU#837744. [RT #22309]
-
-2967. [bug] 'host -D' now turns on debugging messages earlier.
- [RT #22361]
-
-2966. [bug] isc_print_vsnprintf() failed to check if there was
- space available in the buffer when adding a left
- justified character with a non zero width,
- (e.g. "%-1c"). [RT #22270]
-
-2964. [bug] view->queryacl was being overloaded. Seperate the
- usage into view->queryacl, view->cacheacl and
- view->queryonacl. [RT #22114]
-
-2962. [port] win32: add more dependencies to BINDBuild.dsw.
- [RT #22062]
-
-2952. [port] win32: named-checkzone and named-checkconf failed
- to initialise winsock. [RT #21932]
-
-2951. [bug] named failed to generate a correct signed response
- in a optout, delegation only zone with no secure
- delegations. [RT #22007]
-
- --- 9.6-ESV-R2 released ---
-
-2939. [func] Check that named successfully skips NSEC3 records
- that fail to match the NSEC3PARAM record currently
- in use. [RT# 21868]
-
-2937. [bug] Worked around an apparent race condition in over
- memory conditions. Without this fix a DNS cache DB or
- ADB could incorrectly stay in an over memory state,
- effectively refusing further caching, which
- subsequently made a BIND 9 caching server unworkable.
- This fix prevents this problem from happening by
- polling the state of the memory context, rather than
- making a copy of the state, which appeared to cause
- a race. This is a "workaround" in that it doesn't
- solve the possible race per se, but several experiments
- proved this change solves the symptom. Also, the
- polling overhead hasn't been reported to be an issue.
- This bug should only affect a caching server that
- specifies a finite max-cache-size. It's also quite
- likely that the bug happens only when enabling threads,
- but it's not confirmed yet. [RT #21818]
-
-2925. [bug] Named failed to accept uncachable negative responses
- from insecure zones. [RT# 21555]
+2855. [func] nsupdate will now preserve the entered case of domain
+ names in update requests it sends. [RT #20928]
-2921. [bug] The resolver could attempt to destroy a fetch context
- too soon. [RT #19878]
+2854. [func] dig: allow the final soa record in a axfr response to
+ be suppressed, dig +onesoa. [RT #20929]
-2900. [bug] The placeholder negative caching element was not
- properly constructed triggering a INSIST in
- dns_ncache_towire(). [RT #21346]
-
-2890. [bug] Handle the introduction of new trusted-keys and
- DS, DLV RRsets better. [RT #21097]
-
-2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
- [RT #20877]
-
- --- 9.6-ESV-R1 released ---
-
-2876. [bug] Named could return SERVFAIL for negative responses
- from unsigned zones. [RT #21131]
-
- --- 9.6-ESV released ---
+2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
- --- 9.6.2 released ---
+2851. [doc] nslookup.1, removed <informalexample> from the docbook
+ source as it produced bad nroff. [RT #21007]
2850. [bug] If isc_heap_insert() failed due to memory shortage
the heap would have corrupted entries. [RT #20951]
@@ -369,61 +659,225 @@
2849. [bug] Don't treat errors from the xml2 library as fatal.
[RT #20945]
+2848. [doc] Moved README.dnssec, README.libdns, README.pkcs11 and
+ README.rfc5011 into the ARM. [RT #20899]
+
+2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921]
+
2846. [bug] EOF on unix domain sockets was not being handled
correctly. [RT #20731]
+2845. [bug] RFC 5011 client could crash on shutdown. [RT #20903]
+
2844. [doc] notify-delay default in ARM was wrong. It should have
been five (5) seconds.
- --- 9.6.2rc1 released ---
+2843. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from
+ creating key files if there is a chance that the new
+ key ID will collide with an existing one after
+ either of the keys has been revoked. (To override
+ this in the case of dnssec-keyfromlabel, use the -y
+ option. dnssec-keygen will simply create a
+ different, non-colliding key, so an override is
+ not necessary.) [RT #20838]
+
+2842. [func] Added "smartsign" and improved "autosign" and
+ "dnssec" regression tests. [RT #20865]
+
+2841. [bug] Change 2836 was not complete. [RT #20883]
-2838. [func] Backport support for SHA-2 DNSSEC algorithms,
- RSASHA256 and RSASHA512, from BIND 9.7. (This
- incorporates changes 2726 and 2738 from that
- release branch.) [RT #20871]
+2840. [bug] Temporary fixed pkcs11-destroy usage check.
+ [RT #20760]
+
+2839. [bug] A KSK revoked by named could not be deleted.
+ [RT #20881]
+
+2838. [placeholder]
2837. [port] Prevent Linux spurious warnings about fwrite().
[RT #20812]
+2836. [bug] Keys that were scheduled to become active could
+ be delayed. [RT #20874]
+
+2835. [bug] Key inactivity dates were inadvertently stored in
+ the private key file with the outdated tag
+ "Unpublish" rather than "Inactive". This has been
+ fixed; however, any existing keys that had Inactive
+ dates set will now need to have them reset, using
+ 'dnssec-settime -I'. [RT #20868]
+
+2834. [bug] HMAC-SHA* keys that were longer than the algorithm
+ digest length were used incorrectly, leading to
+ interoperability problems with other DNS
+ implementations. This has been corrected.
+ (Note: If an oversize key is in use, and
+ compatibility is needed with an older release of
+ BIND, the new tool "isc-hmac-fixup" can convert
+ the key secret to a form that will work with all
+ versions.) [RT #20751]
+
+2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime.
+ [RT #20851]
+
+2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
+ to avoid redefinition in some OSs [RT 20831]
+
2831. [security] Do not attempt to validate or cache
out-of-bailiwick data returned with a secure
answer; it must be re-fetched from its original
source and validated in that context. [RT #20819]
+2830. [bug] Changing the OPTOUT setting could take multiple
+ passes. [RT #20813]
+
+2829. [bug] Fixed potential node inconsistency in rbtdb.c.
+ [RT #20808]
+
2828. [security] Cached CNAME or DNAME RR could be returned to clients
without DNSSEC validation. [RT #20737]
2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
+2826. [bug] NSEC3->NSEC transitions could fail due to a lock not
+ being released. [RT #20740]
+
2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
was in the process of being created was not properly
recorded in the zone. [RT #20786]
+2824. [bug] "rndc sign" was not being run by the correct task.
+ [RT #20759]
+
2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
+2822. [bug] rbtdb.c:loadnode() could return the wrong result.
+ [RT #20802]
+
+2821. [doc] Add note that named-checkconf doesn't automatically
+ read rndc.key and bind.keys [RT #20758]
+
+2820. [func] Handle read access failure of OpenSSL configuration
+ file more user friendly (PKCS#11 engine patch).
+ [RT #20668]
+
2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define.
[RT #20771]
2818. [cleanup] rndc could return an incorrect error code
when a zone was not found. [RT #20767]
+2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
+ [RT #20768]
+
+2816. [bug] previous_closest_nsec() could fail to return
+ data for NSEC3 nodes [RT #29730]
+
2815. [bug] Exclusively lock the task when freezing a zone.
[RT #19838]
2814. [func] Provide a definitive error message when a master
zone is not loaded. [RT #20757]
- --- 9.6.2b1 released ---
+2813. [bug] Better handling of unreadable DNSSEC key files.
+ [RT #20710]
+
+2812. [bug] Make sure updates can't result in a zone with
+ NSEC-only keys and NSEC3 records. [RT 20748]
+
+2811. [cleanup] Add "rndc sign" to list of commands in rndc usage
+ output. [RT #20733]
+
+2810. [doc] Clarified the process of transitioning an NSEC3 zone
+ to insecure. [RT #20746]
+
+2809. [cleanup] Restored accidentally-deleted text in usage output
+ in dnssec-settime and dnssec-revoke [RT #20739]
+
+2808. [bug] Remove the attempt to install atomic.h from lib/isc.
+ atomic.h is correctly installed by the architecture
+ specific subdirectories. [RT #20722]
+
+2807. [bug] Fixed a possible ASSERT when reconfiguring zone
+ keys. [RT #20720]
+
+ --- 9.7.0rc1 released ---
+
+2806. [bug] "rdnc sign" could delay re-signing the DNSKEY
+ when it had changed. [RT #20703]
+
+2805. [bug] Fixed namespace problems encountered when building
+ external programs using non-exported BIND9 libraries
+ (i.e., built without --enable-exportlib). [RT #20679]
+
+2804. [bug] Send notifies when a zone is signed with "rndc sign"
+ or as a result of a scheduled key change. [RT #20700]
+
+2803. [port] win32: Install named-journalprint, nsec3hash, arpaname
+ and genrandom under windows. [RT #20670]
+
+2802. [cleanup] Rename journalprint to named-journalprint. [RT #20670]
+
+2801. [func] Detect and report records that are different according
+ to DNSSEC but are semantically equal according to plain
+ DNS. Apply plain DNS comparisons rather than DNSSEC
+ comparisons when processing UPDATE requests.
+ dnssec-signzone now removes such semantically duplicate
+ records prior to signing the RRset.
+
+ named-checkzone -r {ignore|warn|fail} (default warn)
+ named-compilezone -r {ignore|warn|fail} (default warn)
+
+ named.conf: check-dup-records {ignore|warn|fail};
+
+2800. [func] Reject zones which have NS records which refer to
+ CNAMEs, DNAMEs or don't have address record (class IN
+ only). Reject UPDATEs which would cause the zone
+ to fail the above checks if committed. [RT #20678]
+
+2799. [cleanup] Changed the "secure-to-insecure" option to
+ "dnssec-secure-to-insecure", and "dnskey-ksk-only"
+ to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
+
+2798. [bug] Addressed bugs in managed-keys initialization
+ and rollover. [RT #20683]
2797. [bug] Don't decrement the dispatch manager's maxbuffers.
[RT #20613]
+2796. [bug] Missing dns_rdataset_disassociate() call in
+ dns_nsec3_delnsec3sx(). [RT #20681]
+
+2795. [cleanup] Add text to differentiate "update with no effect"
+ log messages. [RT #18889]
+
+2794. [bug] Install <isc/namespace.h>. [RT #20677]
+
+2793. [func] Add "autosign" and "metadata" tests to the
+ automatic tests. [RT #19946]
+
+2792. [func] "filter-aaaa-on-v4" can now be set in view
+ options (if compiled in). [RT #20635]
+
+2791. [bug] The installation of isc-config.sh was broken.
+ [RT #20667]
+
2790. [bug] Handle DS queries to stub zones. [RT #20440]
2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
+2788. [bug] dnssec-signzone could sign with keys that were
+ not requested [RT #20625]
+
+2787. [bug] Spurious log message when zone keys were
+ dynamically reconfigured. [RT #20659]
+
2786. [bug] Additional could be promoted to answer. [RT #20663]
+ --- 9.7.0b3 released ---
+
+2785. [bug] Revoked keys could fail to self-sign [RT #20652]
+
2784. [bug] TC was not always being set when required glue was
dropped. [RT #20655]
@@ -433,15 +887,65 @@
2782. [port] win32: use getaddrinfo() for hostname lookups.
[RT #20650]
+2781. [bug] Inactive keys could be used for signing. [RT #20649]
+
+2780. [bug] dnssec-keygen -A none didn't properly unset the
+ activation date in all cases. [RT #20648]
+
+2779. [bug] Dynamic key revocation could fail. [RT #20644]
+
+2778. [bug] dnssec-signzone could fail when a key was revoked
+ without deleting the unrevoked version. [RT #20638]
+
2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
+2776. [bug] Change #2762 was not correct. [RT #20647]
+
+2775. [bug] Accept RSASHA256 and RSASHA512 as NSEC3 compatible
+ in dnssec-keyfromlabel. [RT #20643]
+
+2774. [bug] Existing cache DB wasn't being reused after
+ reconfiguration. [RT #20629]
+
+2773. [bug] In autosigned zones, the SOA could be signed
+ with the KSK. [RT #20628]
+
2772. [security] When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]
+2771. [bug] dnssec-signzone: DNSKEY records could be
+ corrupted when importing from key files [RT #20624]
+
+2770. [cleanup] Add log messages to resolver.c to indicate events
+ causing FORMERR responses. [RT #20526]
+
+2769. [cleanup] Change #2742 was incomplete. [RT #19589]
+
+2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568]
+
+2767. [bug] named could crash on startup if a zone was
+ configured with auto-dnssec and there was no
+ key-directory. [RT #20615]
+
+2766. [bug] isc_socket_fdwatchpoke() should only update the
+ socketmgr state if the socket is not pending on a
+ read or write. [RT #20603]
+
2765. [bug] Skip masters for which the TSIG key cannot be found.
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-head
mailing list