From owner-svn-src-head@FreeBSD.ORG Sat Jul 16 11:12:09 2011 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DA116106566C; Sat, 16 Jul 2011 11:12:09 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id C43E78FC14; Sat, 16 Jul 2011 11:12:09 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p6GBC9tf025473; Sat, 16 Jul 2011 11:12:09 GMT (envelope-from dougb@svn.freebsd.org) Received: (from dougb@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p6GBC9oG025469; Sat, 16 Jul 2011 11:12:09 GMT (envelope-from dougb@svn.freebsd.org) Message-Id: <201107161112.p6GBC9oG025469@svn.freebsd.org> From: Doug Barton Date: Sat, 16 Jul 2011 11:12:09 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r224092 - in head/contrib/bind9: . bin bin/check bin/confgen bin/dig bin/dig/include/dig bin/dnssec bin/named bin/named/include/named bin/named/unix bin/named/unix/include/named bin/nsu... X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Jul 2011 11:12:09 -0000 Author: dougb Date: Sat Jul 16 11:12:09 2011 New Revision: 224092 URL: http://svn.freebsd.org/changeset/base/224092 Log: Upgrade to version 9.8.0-P4 This version has many new features, see /usr/share/doc/bind9/README for details. Added: head/contrib/bind9/HISTORY - copied unchanged from r224091, vendor/bind9/dist/HISTORY head/contrib/bind9/bin/confgen/ - copied from r224091, vendor/bind9/dist/bin/confgen/ head/contrib/bind9/bin/dnssec/dnssec-revoke.8 - copied unchanged from r224091, vendor/bind9/dist/bin/dnssec/dnssec-revoke.8 head/contrib/bind9/bin/dnssec/dnssec-revoke.c - copied unchanged from r224091, vendor/bind9/dist/bin/dnssec/dnssec-revoke.c head/contrib/bind9/bin/dnssec/dnssec-revoke.docbook - copied unchanged from r224091, vendor/bind9/dist/bin/dnssec/dnssec-revoke.docbook head/contrib/bind9/bin/dnssec/dnssec-revoke.html - copied unchanged from r224091, vendor/bind9/dist/bin/dnssec/dnssec-revoke.html head/contrib/bind9/bin/dnssec/dnssec-settime.8 - copied unchanged from r224091, vendor/bind9/dist/bin/dnssec/dnssec-settime.8 head/contrib/bind9/bin/dnssec/dnssec-settime.c - copied unchanged from r224091, vendor/bind9/dist/bin/dnssec/dnssec-settime.c head/contrib/bind9/bin/dnssec/dnssec-settime.docbook - copied unchanged from r224091, vendor/bind9/dist/bin/dnssec/dnssec-settime.docbook head/contrib/bind9/bin/dnssec/dnssec-settime.html - copied unchanged from r224091, vendor/bind9/dist/bin/dnssec/dnssec-settime.html head/contrib/bind9/bin/named/bind.keys.h - copied unchanged from r224091, vendor/bind9/dist/bin/named/bind.keys.h head/contrib/bind9/bin/tools/ - copied from r224091, vendor/bind9/dist/bin/tools/ head/contrib/bind9/doc/arm/dnssec.xml - copied unchanged from r224091, vendor/bind9/dist/doc/arm/dnssec.xml head/contrib/bind9/doc/arm/libdns.xml - copied unchanged from r224091, vendor/bind9/dist/doc/arm/libdns.xml head/contrib/bind9/doc/arm/man.arpaname.html - copied unchanged from r224091, vendor/bind9/dist/doc/arm/man.arpaname.html head/contrib/bind9/doc/arm/man.ddns-confgen.html - copied unchanged from r224091, vendor/bind9/dist/doc/arm/man.ddns-confgen.html head/contrib/bind9/doc/arm/man.dnssec-revoke.html - copied unchanged from r224091, vendor/bind9/dist/doc/arm/man.dnssec-revoke.html head/contrib/bind9/doc/arm/man.dnssec-settime.html - copied unchanged from r224091, vendor/bind9/dist/doc/arm/man.dnssec-settime.html head/contrib/bind9/doc/arm/man.genrandom.html - copied unchanged from r224091, vendor/bind9/dist/doc/arm/man.genrandom.html head/contrib/bind9/doc/arm/man.isc-hmac-fixup.html - copied unchanged from r224091, vendor/bind9/dist/doc/arm/man.isc-hmac-fixup.html head/contrib/bind9/doc/arm/man.named-journalprint.html - copied unchanged from r224091, vendor/bind9/dist/doc/arm/man.named-journalprint.html head/contrib/bind9/doc/arm/man.nsec3hash.html - copied unchanged from r224091, vendor/bind9/dist/doc/arm/man.nsec3hash.html head/contrib/bind9/doc/arm/managed-keys.xml - copied unchanged from r224091, vendor/bind9/dist/doc/arm/managed-keys.xml head/contrib/bind9/doc/arm/pkcs11.xml - copied unchanged from r224091, vendor/bind9/dist/doc/arm/pkcs11.xml head/contrib/bind9/lib/dns/client.c - copied unchanged from r224091, vendor/bind9/dist/lib/dns/client.c head/contrib/bind9/lib/dns/dns64.c - copied unchanged from r224091, vendor/bind9/dist/lib/dns/dns64.c head/contrib/bind9/lib/dns/ecdb.c - copied unchanged from r224091, vendor/bind9/dist/lib/dns/ecdb.c head/contrib/bind9/lib/dns/include/dns/client.h - copied unchanged from r224091, vendor/bind9/dist/lib/dns/include/dns/client.h head/contrib/bind9/lib/dns/include/dns/dns64.h - copied unchanged from r224091, vendor/bind9/dist/lib/dns/include/dns/dns64.h head/contrib/bind9/lib/dns/include/dns/ecdb.h - copied unchanged from r224091, vendor/bind9/dist/lib/dns/include/dns/ecdb.h head/contrib/bind9/lib/dns/include/dns/keydata.h - copied unchanged from r224091, vendor/bind9/dist/lib/dns/include/dns/keydata.h head/contrib/bind9/lib/dns/include/dns/private.h - copied unchanged from r224091, vendor/bind9/dist/lib/dns/include/dns/private.h head/contrib/bind9/lib/dns/include/dns/rpz.h - copied unchanged from r224091, vendor/bind9/dist/lib/dns/include/dns/rpz.h head/contrib/bind9/lib/dns/include/dns/rriterator.h - copied unchanged from r224091, vendor/bind9/dist/lib/dns/include/dns/rriterator.h head/contrib/bind9/lib/dns/include/dns/tsec.h - copied unchanged from r224091, vendor/bind9/dist/lib/dns/include/dns/tsec.h head/contrib/bind9/lib/dns/keydata.c - copied unchanged from r224091, vendor/bind9/dist/lib/dns/keydata.c head/contrib/bind9/lib/dns/opensslgost_link.c - copied unchanged from r224091, vendor/bind9/dist/lib/dns/opensslgost_link.c head/contrib/bind9/lib/dns/private.c - copied unchanged from r224091, vendor/bind9/dist/lib/dns/private.c head/contrib/bind9/lib/dns/rdata/generic/hip_55.c - copied unchanged from r224091, vendor/bind9/dist/lib/dns/rdata/generic/hip_55.c head/contrib/bind9/lib/dns/rdata/generic/hip_55.h - copied unchanged from r224091, vendor/bind9/dist/lib/dns/rdata/generic/hip_55.h head/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c - copied unchanged from r224091, vendor/bind9/dist/lib/dns/rdata/generic/keydata_65533.c head/contrib/bind9/lib/dns/rdata/generic/keydata_65533.h - copied unchanged from r224091, vendor/bind9/dist/lib/dns/rdata/generic/keydata_65533.h head/contrib/bind9/lib/dns/rpz.c - copied unchanged from r224091, vendor/bind9/dist/lib/dns/rpz.c head/contrib/bind9/lib/dns/rriterator.c - copied unchanged from r224091, vendor/bind9/dist/lib/dns/rriterator.c head/contrib/bind9/lib/dns/ssu_external.c - copied unchanged from r224091, vendor/bind9/dist/lib/dns/ssu_external.c head/contrib/bind9/lib/dns/tsec.c - copied unchanged from r224091, vendor/bind9/dist/lib/dns/tsec.c head/contrib/bind9/lib/export/ - copied from r224091, vendor/bind9/dist/lib/export/ head/contrib/bind9/lib/irs/ - copied from r224091, vendor/bind9/dist/lib/irs/ head/contrib/bind9/lib/isc/app_api.c - copied unchanged from r224091, vendor/bind9/dist/lib/isc/app_api.c head/contrib/bind9/lib/isc/backtrace-emptytbl.c - copied unchanged from r224091, vendor/bind9/dist/lib/isc/backtrace-emptytbl.c head/contrib/bind9/lib/isc/backtrace.c - copied unchanged from r224091, vendor/bind9/dist/lib/isc/backtrace.c head/contrib/bind9/lib/isc/include/isc/backtrace.h - copied unchanged from r224091, vendor/bind9/dist/lib/isc/include/isc/backtrace.h head/contrib/bind9/lib/isc/include/isc/bind9.h - copied unchanged from r224091, vendor/bind9/dist/lib/isc/include/isc/bind9.h head/contrib/bind9/lib/isc/include/isc/namespace.h - copied unchanged from r224091, vendor/bind9/dist/lib/isc/include/isc/namespace.h head/contrib/bind9/lib/isc/mem_api.c - copied unchanged from r224091, vendor/bind9/dist/lib/isc/mem_api.c head/contrib/bind9/lib/isc/socket_api.c - copied unchanged from r224091, vendor/bind9/dist/lib/isc/socket_api.c head/contrib/bind9/lib/isc/task_api.c - copied unchanged from r224091, vendor/bind9/dist/lib/isc/task_api.c head/contrib/bind9/lib/isc/timer_api.c - copied unchanged from r224091, vendor/bind9/dist/lib/isc/timer_api.c head/contrib/bind9/lib/isccfg/dnsconf.c - copied unchanged from r224091, vendor/bind9/dist/lib/isccfg/dnsconf.c head/contrib/bind9/lib/isccfg/include/isccfg/dnsconf.h - copied unchanged from r224091, vendor/bind9/dist/lib/isccfg/include/isccfg/dnsconf.h Deleted: head/contrib/bind9/KNOWN-DEFECTS head/contrib/bind9/NSEC3-NOTES head/contrib/bind9/README.idnkit head/contrib/bind9/README.pkcs11 head/contrib/bind9/bin/rndc/rndc-confgen.8 head/contrib/bind9/bin/rndc/rndc-confgen.c head/contrib/bind9/bin/rndc/rndc-confgen.docbook head/contrib/bind9/bin/rndc/rndc-confgen.html head/contrib/bind9/bin/rndc/unix/Makefile.in head/contrib/bind9/bin/rndc/unix/os.c Modified: head/contrib/bind9/CHANGES head/contrib/bind9/COPYRIGHT head/contrib/bind9/FAQ.xml head/contrib/bind9/Makefile.in head/contrib/bind9/README head/contrib/bind9/acconfig.h head/contrib/bind9/bin/Makefile.in head/contrib/bind9/bin/check/Makefile.in head/contrib/bind9/bin/check/check-tool.c head/contrib/bind9/bin/check/check-tool.h head/contrib/bind9/bin/check/named-checkconf.8 head/contrib/bind9/bin/check/named-checkconf.c head/contrib/bind9/bin/check/named-checkconf.docbook head/contrib/bind9/bin/check/named-checkconf.html head/contrib/bind9/bin/check/named-checkzone.8 head/contrib/bind9/bin/check/named-checkzone.c head/contrib/bind9/bin/check/named-checkzone.docbook head/contrib/bind9/bin/check/named-checkzone.html head/contrib/bind9/bin/dig/Makefile.in head/contrib/bind9/bin/dig/dig.1 head/contrib/bind9/bin/dig/dig.c head/contrib/bind9/bin/dig/dig.docbook head/contrib/bind9/bin/dig/dig.html head/contrib/bind9/bin/dig/dighost.c head/contrib/bind9/bin/dig/host.1 head/contrib/bind9/bin/dig/host.c head/contrib/bind9/bin/dig/host.docbook head/contrib/bind9/bin/dig/host.html head/contrib/bind9/bin/dig/include/dig/dig.h head/contrib/bind9/bin/dig/nslookup.1 head/contrib/bind9/bin/dig/nslookup.c head/contrib/bind9/bin/dig/nslookup.docbook head/contrib/bind9/bin/dig/nslookup.html head/contrib/bind9/bin/dnssec/Makefile.in head/contrib/bind9/bin/dnssec/dnssec-dsfromkey.8 head/contrib/bind9/bin/dnssec/dnssec-dsfromkey.c head/contrib/bind9/bin/dnssec/dnssec-dsfromkey.docbook head/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html head/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.8 head/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.c head/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.docbook head/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.html head/contrib/bind9/bin/dnssec/dnssec-keygen.8 head/contrib/bind9/bin/dnssec/dnssec-keygen.c head/contrib/bind9/bin/dnssec/dnssec-keygen.docbook head/contrib/bind9/bin/dnssec/dnssec-keygen.html head/contrib/bind9/bin/dnssec/dnssec-signzone.8 head/contrib/bind9/bin/dnssec/dnssec-signzone.c head/contrib/bind9/bin/dnssec/dnssec-signzone.docbook head/contrib/bind9/bin/dnssec/dnssec-signzone.html head/contrib/bind9/bin/dnssec/dnssectool.c head/contrib/bind9/bin/dnssec/dnssectool.h head/contrib/bind9/bin/named/Makefile.in head/contrib/bind9/bin/named/bind9.xsl head/contrib/bind9/bin/named/bind9.xsl.h head/contrib/bind9/bin/named/builtin.c head/contrib/bind9/bin/named/client.c head/contrib/bind9/bin/named/config.c head/contrib/bind9/bin/named/control.c head/contrib/bind9/bin/named/include/named/client.h head/contrib/bind9/bin/named/include/named/config.h head/contrib/bind9/bin/named/include/named/control.h head/contrib/bind9/bin/named/include/named/globals.h head/contrib/bind9/bin/named/include/named/log.h head/contrib/bind9/bin/named/include/named/lwdclient.h head/contrib/bind9/bin/named/include/named/main.h head/contrib/bind9/bin/named/include/named/notify.h head/contrib/bind9/bin/named/include/named/query.h head/contrib/bind9/bin/named/include/named/server.h head/contrib/bind9/bin/named/include/named/tsigconf.h head/contrib/bind9/bin/named/include/named/types.h head/contrib/bind9/bin/named/include/named/zoneconf.h head/contrib/bind9/bin/named/interfacemgr.c head/contrib/bind9/bin/named/log.c head/contrib/bind9/bin/named/lwdgabn.c head/contrib/bind9/bin/named/lwdgrbn.c head/contrib/bind9/bin/named/lwresd.8 head/contrib/bind9/bin/named/lwresd.c head/contrib/bind9/bin/named/lwresd.docbook head/contrib/bind9/bin/named/lwresd.html head/contrib/bind9/bin/named/main.c head/contrib/bind9/bin/named/named.8 head/contrib/bind9/bin/named/named.conf.5 head/contrib/bind9/bin/named/named.conf.docbook head/contrib/bind9/bin/named/named.conf.html head/contrib/bind9/bin/named/named.docbook head/contrib/bind9/bin/named/named.html head/contrib/bind9/bin/named/query.c head/contrib/bind9/bin/named/server.c head/contrib/bind9/bin/named/statschannel.c head/contrib/bind9/bin/named/tkeyconf.c head/contrib/bind9/bin/named/tsigconf.c head/contrib/bind9/bin/named/unix/Makefile.in head/contrib/bind9/bin/named/unix/include/named/os.h head/contrib/bind9/bin/named/unix/os.c head/contrib/bind9/bin/named/update.c head/contrib/bind9/bin/named/xfrout.c head/contrib/bind9/bin/named/zoneconf.c head/contrib/bind9/bin/nsupdate/Makefile.in head/contrib/bind9/bin/nsupdate/nsupdate.1 head/contrib/bind9/bin/nsupdate/nsupdate.c head/contrib/bind9/bin/nsupdate/nsupdate.docbook head/contrib/bind9/bin/nsupdate/nsupdate.html head/contrib/bind9/bin/rndc/Makefile.in head/contrib/bind9/bin/rndc/include/rndc/os.h head/contrib/bind9/bin/rndc/rndc.8 head/contrib/bind9/bin/rndc/rndc.c head/contrib/bind9/bin/rndc/rndc.conf.5 head/contrib/bind9/bin/rndc/rndc.conf.html head/contrib/bind9/bin/rndc/rndc.html head/contrib/bind9/bin/rndc/util.h head/contrib/bind9/config.guess head/contrib/bind9/config.h.in head/contrib/bind9/configure.in head/contrib/bind9/doc/arm/Bv9ARM-book.xml head/contrib/bind9/doc/arm/Bv9ARM.ch01.html head/contrib/bind9/doc/arm/Bv9ARM.ch02.html head/contrib/bind9/doc/arm/Bv9ARM.ch03.html head/contrib/bind9/doc/arm/Bv9ARM.ch04.html head/contrib/bind9/doc/arm/Bv9ARM.ch05.html head/contrib/bind9/doc/arm/Bv9ARM.ch06.html head/contrib/bind9/doc/arm/Bv9ARM.ch07.html head/contrib/bind9/doc/arm/Bv9ARM.ch08.html head/contrib/bind9/doc/arm/Bv9ARM.ch09.html head/contrib/bind9/doc/arm/Bv9ARM.ch10.html head/contrib/bind9/doc/arm/Bv9ARM.html head/contrib/bind9/doc/arm/Bv9ARM.pdf head/contrib/bind9/doc/arm/Makefile.in head/contrib/bind9/doc/arm/man.dig.html head/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html head/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html head/contrib/bind9/doc/arm/man.dnssec-keygen.html head/contrib/bind9/doc/arm/man.dnssec-signzone.html head/contrib/bind9/doc/arm/man.host.html head/contrib/bind9/doc/arm/man.named-checkconf.html head/contrib/bind9/doc/arm/man.named-checkzone.html head/contrib/bind9/doc/arm/man.named.html head/contrib/bind9/doc/arm/man.nsupdate.html head/contrib/bind9/doc/arm/man.rndc-confgen.html head/contrib/bind9/doc/arm/man.rndc.conf.html head/contrib/bind9/doc/arm/man.rndc.html head/contrib/bind9/doc/misc/Makefile.in head/contrib/bind9/doc/misc/options head/contrib/bind9/lib/bind9/Makefile.in head/contrib/bind9/lib/bind9/api head/contrib/bind9/lib/bind9/check.c head/contrib/bind9/lib/bind9/include/bind9/getaddresses.h head/contrib/bind9/lib/dns/Makefile.in head/contrib/bind9/lib/dns/acl.c head/contrib/bind9/lib/dns/adb.c head/contrib/bind9/lib/dns/api head/contrib/bind9/lib/dns/byaddr.c head/contrib/bind9/lib/dns/cache.c head/contrib/bind9/lib/dns/db.c head/contrib/bind9/lib/dns/diff.c head/contrib/bind9/lib/dns/dispatch.c head/contrib/bind9/lib/dns/dlz.c head/contrib/bind9/lib/dns/dnssec.c head/contrib/bind9/lib/dns/ds.c head/contrib/bind9/lib/dns/dst_api.c head/contrib/bind9/lib/dns/dst_internal.h head/contrib/bind9/lib/dns/dst_openssl.h head/contrib/bind9/lib/dns/dst_parse.c head/contrib/bind9/lib/dns/dst_parse.h head/contrib/bind9/lib/dns/forward.c head/contrib/bind9/lib/dns/gen-unix.h head/contrib/bind9/lib/dns/gen.c head/contrib/bind9/lib/dns/gssapi_link.c head/contrib/bind9/lib/dns/gssapictx.c head/contrib/bind9/lib/dns/hmac_link.c head/contrib/bind9/lib/dns/include/dns/Makefile.in head/contrib/bind9/lib/dns/include/dns/acl.h head/contrib/bind9/lib/dns/include/dns/cache.h head/contrib/bind9/lib/dns/include/dns/compress.h head/contrib/bind9/lib/dns/include/dns/db.h head/contrib/bind9/lib/dns/include/dns/diff.h head/contrib/bind9/lib/dns/include/dns/dispatch.h head/contrib/bind9/lib/dns/include/dns/dlz.h head/contrib/bind9/lib/dns/include/dns/dnssec.h head/contrib/bind9/lib/dns/include/dns/ds.h head/contrib/bind9/lib/dns/include/dns/events.h head/contrib/bind9/lib/dns/include/dns/forward.h head/contrib/bind9/lib/dns/include/dns/journal.h head/contrib/bind9/lib/dns/include/dns/keytable.h head/contrib/bind9/lib/dns/include/dns/keyvalues.h head/contrib/bind9/lib/dns/include/dns/lib.h head/contrib/bind9/lib/dns/include/dns/log.h head/contrib/bind9/lib/dns/include/dns/lookup.h head/contrib/bind9/lib/dns/include/dns/master.h head/contrib/bind9/lib/dns/include/dns/masterdump.h head/contrib/bind9/lib/dns/include/dns/message.h head/contrib/bind9/lib/dns/include/dns/name.h head/contrib/bind9/lib/dns/include/dns/ncache.h head/contrib/bind9/lib/dns/include/dns/nsec3.h head/contrib/bind9/lib/dns/include/dns/peer.h head/contrib/bind9/lib/dns/include/dns/rbt.h head/contrib/bind9/lib/dns/include/dns/rdata.h head/contrib/bind9/lib/dns/include/dns/rdataset.h head/contrib/bind9/lib/dns/include/dns/request.h head/contrib/bind9/lib/dns/include/dns/resolver.h head/contrib/bind9/lib/dns/include/dns/result.h head/contrib/bind9/lib/dns/include/dns/sdb.h head/contrib/bind9/lib/dns/include/dns/sdlz.h head/contrib/bind9/lib/dns/include/dns/secalg.h head/contrib/bind9/lib/dns/include/dns/soa.h head/contrib/bind9/lib/dns/include/dns/ssu.h head/contrib/bind9/lib/dns/include/dns/stats.h head/contrib/bind9/lib/dns/include/dns/tkey.h head/contrib/bind9/lib/dns/include/dns/tsig.h head/contrib/bind9/lib/dns/include/dns/types.h head/contrib/bind9/lib/dns/include/dns/validator.h head/contrib/bind9/lib/dns/include/dns/view.h head/contrib/bind9/lib/dns/include/dns/xfrin.h head/contrib/bind9/lib/dns/include/dns/zone.h head/contrib/bind9/lib/dns/include/dst/dst.h head/contrib/bind9/lib/dns/include/dst/gssapi.h head/contrib/bind9/lib/dns/iptable.c head/contrib/bind9/lib/dns/journal.c head/contrib/bind9/lib/dns/keytable.c head/contrib/bind9/lib/dns/lib.c head/contrib/bind9/lib/dns/log.c head/contrib/bind9/lib/dns/master.c head/contrib/bind9/lib/dns/masterdump.c head/contrib/bind9/lib/dns/message.c head/contrib/bind9/lib/dns/name.c head/contrib/bind9/lib/dns/ncache.c head/contrib/bind9/lib/dns/nsec.c head/contrib/bind9/lib/dns/nsec3.c head/contrib/bind9/lib/dns/openssl_link.c head/contrib/bind9/lib/dns/openssldh_link.c head/contrib/bind9/lib/dns/openssldsa_link.c head/contrib/bind9/lib/dns/opensslrsa_link.c head/contrib/bind9/lib/dns/peer.c head/contrib/bind9/lib/dns/rbt.c head/contrib/bind9/lib/dns/rbtdb.c head/contrib/bind9/lib/dns/rcode.c head/contrib/bind9/lib/dns/rdata.c head/contrib/bind9/lib/dns/rdata/any_255/tsig_250.c head/contrib/bind9/lib/dns/rdata/ch_3/a_1.c head/contrib/bind9/lib/dns/rdata/generic/afsdb_18.c head/contrib/bind9/lib/dns/rdata/generic/cert_37.c head/contrib/bind9/lib/dns/rdata/generic/cname_5.c head/contrib/bind9/lib/dns/rdata/generic/dlv_32769.c head/contrib/bind9/lib/dns/rdata/generic/dname_39.c head/contrib/bind9/lib/dns/rdata/generic/dnskey_48.c head/contrib/bind9/lib/dns/rdata/generic/ds_43.c head/contrib/bind9/lib/dns/rdata/generic/gpos_27.c head/contrib/bind9/lib/dns/rdata/generic/hinfo_13.c head/contrib/bind9/lib/dns/rdata/generic/ipseckey_45.c head/contrib/bind9/lib/dns/rdata/generic/isdn_20.c head/contrib/bind9/lib/dns/rdata/generic/key_25.c head/contrib/bind9/lib/dns/rdata/generic/loc_29.c head/contrib/bind9/lib/dns/rdata/generic/mb_7.c head/contrib/bind9/lib/dns/rdata/generic/md_3.c head/contrib/bind9/lib/dns/rdata/generic/mf_4.c head/contrib/bind9/lib/dns/rdata/generic/mg_8.c head/contrib/bind9/lib/dns/rdata/generic/minfo_14.c head/contrib/bind9/lib/dns/rdata/generic/mr_9.c head/contrib/bind9/lib/dns/rdata/generic/mx_15.c head/contrib/bind9/lib/dns/rdata/generic/ns_2.c head/contrib/bind9/lib/dns/rdata/generic/nsec3_50.c head/contrib/bind9/lib/dns/rdata/generic/nsec3param_51.c head/contrib/bind9/lib/dns/rdata/generic/nsec_47.c head/contrib/bind9/lib/dns/rdata/generic/null_10.c head/contrib/bind9/lib/dns/rdata/generic/nxt_30.c head/contrib/bind9/lib/dns/rdata/generic/opt_41.c head/contrib/bind9/lib/dns/rdata/generic/proforma.c head/contrib/bind9/lib/dns/rdata/generic/ptr_12.c head/contrib/bind9/lib/dns/rdata/generic/rp_17.c head/contrib/bind9/lib/dns/rdata/generic/rrsig_46.c head/contrib/bind9/lib/dns/rdata/generic/rt_21.c head/contrib/bind9/lib/dns/rdata/generic/sig_24.c head/contrib/bind9/lib/dns/rdata/generic/soa_6.c head/contrib/bind9/lib/dns/rdata/generic/spf_99.c head/contrib/bind9/lib/dns/rdata/generic/sshfp_44.c head/contrib/bind9/lib/dns/rdata/generic/tkey_249.c head/contrib/bind9/lib/dns/rdata/generic/txt_16.c head/contrib/bind9/lib/dns/rdata/generic/unspec_103.c head/contrib/bind9/lib/dns/rdata/generic/x25_19.c head/contrib/bind9/lib/dns/rdata/hs_4/a_1.c head/contrib/bind9/lib/dns/rdata/in_1/a6_38.c head/contrib/bind9/lib/dns/rdata/in_1/a_1.c head/contrib/bind9/lib/dns/rdata/in_1/aaaa_28.c head/contrib/bind9/lib/dns/rdata/in_1/apl_42.c head/contrib/bind9/lib/dns/rdata/in_1/dhcid_49.c head/contrib/bind9/lib/dns/rdata/in_1/kx_36.c head/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c head/contrib/bind9/lib/dns/rdata/in_1/nsap-ptr_23.c head/contrib/bind9/lib/dns/rdata/in_1/nsap_22.c head/contrib/bind9/lib/dns/rdata/in_1/px_26.c head/contrib/bind9/lib/dns/rdata/in_1/srv_33.c head/contrib/bind9/lib/dns/rdata/in_1/wks_11.c head/contrib/bind9/lib/dns/rdatalist.c head/contrib/bind9/lib/dns/rdataset.c head/contrib/bind9/lib/dns/rdataslab.c head/contrib/bind9/lib/dns/request.c head/contrib/bind9/lib/dns/resolver.c head/contrib/bind9/lib/dns/result.c head/contrib/bind9/lib/dns/rootns.c head/contrib/bind9/lib/dns/sdb.c head/contrib/bind9/lib/dns/sdlz.c head/contrib/bind9/lib/dns/soa.c head/contrib/bind9/lib/dns/spnego.c head/contrib/bind9/lib/dns/ssu.c head/contrib/bind9/lib/dns/stats.c head/contrib/bind9/lib/dns/time.c head/contrib/bind9/lib/dns/tkey.c head/contrib/bind9/lib/dns/tsig.c head/contrib/bind9/lib/dns/validator.c head/contrib/bind9/lib/dns/view.c head/contrib/bind9/lib/dns/xfrin.c head/contrib/bind9/lib/dns/zone.c head/contrib/bind9/lib/isc/Makefile.in head/contrib/bind9/lib/isc/alpha/include/isc/atomic.h head/contrib/bind9/lib/isc/api head/contrib/bind9/lib/isc/assertions.c head/contrib/bind9/lib/isc/base32.c head/contrib/bind9/lib/isc/base64.c head/contrib/bind9/lib/isc/entropy.c head/contrib/bind9/lib/isc/hash.c head/contrib/bind9/lib/isc/heap.c head/contrib/bind9/lib/isc/hmacmd5.c head/contrib/bind9/lib/isc/hmacsha.c head/contrib/bind9/lib/isc/httpd.c head/contrib/bind9/lib/isc/ia64/include/isc/atomic.h head/contrib/bind9/lib/isc/include/isc/Makefile.in head/contrib/bind9/lib/isc/include/isc/app.h head/contrib/bind9/lib/isc/include/isc/assertions.h head/contrib/bind9/lib/isc/include/isc/buffer.h head/contrib/bind9/lib/isc/include/isc/entropy.h head/contrib/bind9/lib/isc/include/isc/error.h head/contrib/bind9/lib/isc/include/isc/file.h head/contrib/bind9/lib/isc/include/isc/fsaccess.h head/contrib/bind9/lib/isc/include/isc/hash.h head/contrib/bind9/lib/isc/include/isc/heap.h head/contrib/bind9/lib/isc/include/isc/hmacmd5.h head/contrib/bind9/lib/isc/include/isc/hmacsha.h head/contrib/bind9/lib/isc/include/isc/lib.h head/contrib/bind9/lib/isc/include/isc/log.h head/contrib/bind9/lib/isc/include/isc/md5.h head/contrib/bind9/lib/isc/include/isc/mem.h head/contrib/bind9/lib/isc/include/isc/msgs.h head/contrib/bind9/lib/isc/include/isc/netaddr.h head/contrib/bind9/lib/isc/include/isc/netscope.h head/contrib/bind9/lib/isc/include/isc/platform.h.in head/contrib/bind9/lib/isc/include/isc/portset.h head/contrib/bind9/lib/isc/include/isc/radix.h head/contrib/bind9/lib/isc/include/isc/random.h head/contrib/bind9/lib/isc/include/isc/ratelimiter.h head/contrib/bind9/lib/isc/include/isc/refcount.h head/contrib/bind9/lib/isc/include/isc/result.h head/contrib/bind9/lib/isc/include/isc/resultclass.h head/contrib/bind9/lib/isc/include/isc/serial.h head/contrib/bind9/lib/isc/include/isc/sha1.h head/contrib/bind9/lib/isc/include/isc/sha2.h head/contrib/bind9/lib/isc/include/isc/sockaddr.h head/contrib/bind9/lib/isc/include/isc/socket.h head/contrib/bind9/lib/isc/include/isc/stats.h head/contrib/bind9/lib/isc/include/isc/symtab.h head/contrib/bind9/lib/isc/include/isc/task.h head/contrib/bind9/lib/isc/include/isc/timer.h head/contrib/bind9/lib/isc/include/isc/types.h head/contrib/bind9/lib/isc/include/isc/util.h head/contrib/bind9/lib/isc/inet_aton.c head/contrib/bind9/lib/isc/inet_ntop.c head/contrib/bind9/lib/isc/iterated_hash.c head/contrib/bind9/lib/isc/lib.c head/contrib/bind9/lib/isc/log.c head/contrib/bind9/lib/isc/md5.c head/contrib/bind9/lib/isc/mem.c head/contrib/bind9/lib/isc/netaddr.c head/contrib/bind9/lib/isc/nls/Makefile.in head/contrib/bind9/lib/isc/nothreads/Makefile.in head/contrib/bind9/lib/isc/powerpc/include/isc/atomic.h head/contrib/bind9/lib/isc/print.c head/contrib/bind9/lib/isc/pthreads/Makefile.in head/contrib/bind9/lib/isc/pthreads/mutex.c head/contrib/bind9/lib/isc/radix.c head/contrib/bind9/lib/isc/random.c head/contrib/bind9/lib/isc/rwlock.c head/contrib/bind9/lib/isc/sha1.c head/contrib/bind9/lib/isc/sha2.c head/contrib/bind9/lib/isc/sockaddr.c head/contrib/bind9/lib/isc/stats.c head/contrib/bind9/lib/isc/task.c head/contrib/bind9/lib/isc/task_p.h head/contrib/bind9/lib/isc/timer.c head/contrib/bind9/lib/isc/timer_p.h head/contrib/bind9/lib/isc/unix/Makefile.in head/contrib/bind9/lib/isc/unix/app.c head/contrib/bind9/lib/isc/unix/dir.c head/contrib/bind9/lib/isc/unix/entropy.c head/contrib/bind9/lib/isc/unix/file.c head/contrib/bind9/lib/isc/unix/ifiter_getifaddrs.c head/contrib/bind9/lib/isc/unix/ifiter_ioctl.c head/contrib/bind9/lib/isc/unix/include/isc/net.h head/contrib/bind9/lib/isc/unix/include/isc/offset.h head/contrib/bind9/lib/isc/unix/include/isc/strerror.h head/contrib/bind9/lib/isc/unix/include/isc/time.h head/contrib/bind9/lib/isc/unix/interfaceiter.c head/contrib/bind9/lib/isc/unix/resource.c head/contrib/bind9/lib/isc/unix/socket.c head/contrib/bind9/lib/isc/unix/socket_p.h head/contrib/bind9/lib/isc/unix/strerror.c head/contrib/bind9/lib/isccc/Makefile.in head/contrib/bind9/lib/isccc/api head/contrib/bind9/lib/isccfg/Makefile.in head/contrib/bind9/lib/isccfg/aclconf.c head/contrib/bind9/lib/isccfg/api head/contrib/bind9/lib/isccfg/include/isccfg/aclconf.h head/contrib/bind9/lib/isccfg/include/isccfg/cfg.h head/contrib/bind9/lib/isccfg/include/isccfg/grammar.h head/contrib/bind9/lib/isccfg/include/isccfg/log.h head/contrib/bind9/lib/isccfg/include/isccfg/namedconf.h head/contrib/bind9/lib/isccfg/namedconf.c head/contrib/bind9/lib/isccfg/parser.c head/contrib/bind9/lib/lwres/api head/contrib/bind9/lib/lwres/context.c head/contrib/bind9/lib/lwres/context_p.h head/contrib/bind9/lib/lwres/getaddrinfo.c head/contrib/bind9/lib/lwres/getipnode.c head/contrib/bind9/lib/lwres/include/lwres/context.h head/contrib/bind9/lib/lwres/include/lwres/netdb.h.in head/contrib/bind9/lib/lwres/lwconfig.c head/contrib/bind9/lib/lwres/man/lwres.3 head/contrib/bind9/lib/lwres/man/lwres.html head/contrib/bind9/lib/lwres/man/lwres_buffer.3 head/contrib/bind9/lib/lwres/man/lwres_buffer.html head/contrib/bind9/lib/lwres/man/lwres_config.3 head/contrib/bind9/lib/lwres/man/lwres_config.html head/contrib/bind9/lib/lwres/man/lwres_context.3 head/contrib/bind9/lib/lwres/man/lwres_context.html head/contrib/bind9/lib/lwres/man/lwres_gabn.3 head/contrib/bind9/lib/lwres/man/lwres_gabn.html head/contrib/bind9/lib/lwres/man/lwres_gai_strerror.3 head/contrib/bind9/lib/lwres/man/lwres_gai_strerror.html head/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.3 head/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html head/contrib/bind9/lib/lwres/man/lwres_gethostent.3 head/contrib/bind9/lib/lwres/man/lwres_gethostent.html head/contrib/bind9/lib/lwres/man/lwres_getipnode.3 head/contrib/bind9/lib/lwres/man/lwres_getipnode.html head/contrib/bind9/lib/lwres/man/lwres_getnameinfo.3 head/contrib/bind9/lib/lwres/man/lwres_getnameinfo.html head/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.3 head/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html head/contrib/bind9/lib/lwres/man/lwres_gnba.3 head/contrib/bind9/lib/lwres/man/lwres_gnba.html head/contrib/bind9/lib/lwres/man/lwres_hstrerror.3 head/contrib/bind9/lib/lwres/man/lwres_hstrerror.html head/contrib/bind9/lib/lwres/man/lwres_inetntop.3 head/contrib/bind9/lib/lwres/man/lwres_inetntop.html head/contrib/bind9/lib/lwres/man/lwres_noop.3 head/contrib/bind9/lib/lwres/man/lwres_noop.html head/contrib/bind9/lib/lwres/man/lwres_packet.3 head/contrib/bind9/lib/lwres/man/lwres_packet.html head/contrib/bind9/lib/lwres/man/lwres_resutil.3 head/contrib/bind9/lib/lwres/man/lwres_resutil.html head/contrib/bind9/lib/lwres/print_p.h head/contrib/bind9/make/rules.in head/contrib/bind9/version Directory Properties: head/contrib/bind9/ (props changed) Modified: head/contrib/bind9/CHANGES ============================================================================== --- head/contrib/bind9/CHANGES Sat Jul 16 10:51:12 2011 (r224091) +++ head/contrib/bind9/CHANGES Sat Jul 16 11:12:09 2011 (r224092) @@ -1,17 +1,28 @@ - --- 9.6-ESV-R4-P3 released --- + --- 9.8.0-P4 released --- 3124. [bug] Use an rdataset attribute flag to indicate negative-cache records rather than using rrtype 0; this will prevent problems when that rrtype is used in actual DNS packets. [RT #24777] - --- 9.6-ESV-R4-P2 released (withdrawn) --- + --- 9.8.0-P3 released (withdrawn) --- + +3126. [security] Using DNAME record to generate replacements caused + RPZ to exit with a assertion failure. [RT #23766] + +3125. [security] Using wildcard CNAME records as a replacement with + RPZ caused named to exit with a assertion failure. + [RT #24715] 3123. [security] Change #2912 exposed a latent flaw in dns_rdataset_totext() that could cause named to crash with an assertion failure. [RT #24777] - --- 9.6-ESV-R4-P1 released --- +3115. [bug] Named could fail to return requested data when + following a CNAME that points into the same zone. + [RT #2445] + + --- 9.8.0-P2 released --- 3121. [security] An authoritative name server sending a negative response containing a very large RRset could @@ -22,22 +33,114 @@ that validated insecure without using DLV and had DS records in the parent zone. [RT #24631] - --- 9.6-ESV-R4 released --- + --- 9.8.0-P1 released --- + +3100. [security] Certain response policy zone configurations could + trigger an INSIST when receiving a query of type + RRSIG. [RT #24280] + + --- 9.8.0 released --- + +3025. [bug] Fixed a possible deadlock due to zone resigning. + [RT #22964] + +3024. [func] RTT Banding removed due to minor security increase + but major impact on resolver latency. [RT #23310] + +3023. [bug] Named could be left in an inconsistent state when + receiving multiple AXFR response messages that were + not all TSIG-signed. [RT #23254] + +3022. [bug] Fixed rpz SERVFAILs after failed zone transfers + [RT #23246] + +3021. [bug] Change #3010 was incomplete. [RT #22296] + +3020. [bug] auto-dnssec failed to correctly update the zone when + changing the DNSKEY RRset. [RT #23232] + +3019. [test] Test: check apex NSEC3 records after adding DNSKEY + record via UPDATE. [RT #23229] + + --- 9.8.0rc1 released --- + +3018. [bug] Named failed to check for the "none;" acl when deciding + if a zone may need to be re-signed. [RT #23120] + +3017. [doc] dnssec-keyfromlabel -I was not properly documented. + [RT #22887] - --- 9.6.3 released --- +3016. [bug] rndc usage missing '-b'. [RT #22937] + +3015. [port] win32: fix IN6_IS_ADDR_LINKLOCAL and + IN6_IS_ADDR_SITELOCAL macros. [RT #22724] + +3013. [bug] The DNS64 ttl was not always being set as expected. + [RT #23034] + +3012. [bug] Remove DNSKEY TTL change pairs before generating + signing records for any remaining DNSKEY changes. + [RT #22590] + +3011. [func] Allow setting this in named.conf using the new + 'resolver-query-timeout' option, which specifies a max + time in seconds. 0 means 'default' and anything longer + than 30 will be silently set to 30. [RT #22852] + +3010. [bug] Fixed a bug where "rndc reconfig" stopped the timer + for refreshing managed-keys. [RT #22296] 3009. [bug] clients-per-query code didn't work as expected with particular query patterns. [RT #22972] - --- 9.6.3rc1 released --- + --- 9.8.0b1 released --- + +3008. [func] Response policy zones (RPZ) support. [RT #21726] 3007. [bug] Named failed to preserve the case of domain names in rdata which is not compressible when writing master files. [RT #22863] +3006. [func] Allow dynamically generated TSIG keys to be preserved + across restarts of named. Initially this is for + TSIG keys generated using GSSAPI. [RT #22639] + +3005. [port] Solaris: Work around the lack of + gsskrb5_register_acceptor_identity() by setting + the KRB5_KTNAME environment variable to the + contents of tkey-gssapi-keytab. Also fixed + test errors on MacOSX. [RT #22853] + +3004. [func] DNS64 reverse support. [RT #22769] + +3003. [experimental] Added update-policy match type "external", + enabling named to defer the decision of whether to + allow a dynamic update to an external daemon. + (Contributed by Andrew Tridgell.) [RT #22758] + 3002. [bug] isc_mutex_init_errcheck() failed to destroy attr. [RT #22766] +3001. [func] Added a default trust anchor for the root zone, which + can be switched on by setting "dnssec-validation auto;" + in the named.conf options. [RT #21727] + +3000. [bug] More TKEY/GSS fixes: + - nsupdate can now get the default realm from + the user's Kerberos principal + - corrected gsstest compilation flags + - improved documentation + - fixed some NULL dereferences + [RT #22795] + +2999. [func] Add GOST support (RFC 5933). [RT #20639] + +2998. [func] Add isc_task_beginexclusive and isc_task_endexclusive + to the task api. [RT #22776] + +2997. [func] named -V now reports the OpenSSL and libxml2 verions + it was compiled against. [RT #22687] + 2996. [security] Temporarily disable SO_ACCEPTFILTER support. [RT #22589] @@ -48,13 +151,52 @@ do not use threads on earlier versions. Also kill the unproven-pthreads, mit-pthreads, and ptl2 support. +2993. [func] Dynamically grow adb hash tables. [RT #21186] + +2992. [contrib] contrib/check-secure-delegation.pl: A simple tool + for looking at a secure delegation. [RT #22059] + +2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for + dynamic zones. [RT #22365] + +2990. [bug] 'dnssec-settime -S' no longer tests prepublication + interval validity when the interval is set to 0. + [RT #22761] + +2989. [func] Added support for writable DLZ zones. (Contributed + by Andrew Tridgell of the Samba project.) [RT #22629] + +2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation + of external DLZ drivers that can be loaded as + shared objects at runtime rather than linked with + named. Currently this is switched on via a + compile-time option, "configure --with-dlz-dlopen". + Note: the syntax for configuring DLZ zones + is likely to be refined in future releases. + (Contributed by Andrew Tridgell of the Samba + project.) [RT #22629] + +2987. [func] Improve ease of configuring TKEY/GSS updates by + adding a "tkey-gssapi-keytab" option. If set, + updates will be allowed with any key matching + a principal in the specified keytab file. + "tkey-gssapi-credential" is no longer required + and is expected to be deprecated. (Contributed + by Andrew Tridgell of the Samba project.) + [RT #22629] + +2986. [func] Add new zone type "static-stub". It's like a stub + zone, but the nameserver names and/or their IP + addresses are statically configured. [RT #21474] + +2985. [bug] Add a regression test for change #2896. [RT #21324] + 2984. [bug] Don't run MX checks when the target of the MX record is ".". [RT #22645] -2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls. - [RT #20768] +2983. [bug] Include "loadkeys" in rndc help output. [RT #22493] - --- 9.6.3b1 released --- + --- 9.8.0a1 released --- 2982. [bug] Reference count dst keys. dst_key_attach() can be used increment the reference count. @@ -63,34 +205,103 @@ always call dst_key_free() rather than setting it to NULL on success. [RT #22672] +2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991] + +2980. [bug] named didn't properly handle UPDATES that changed the + TTL of the NSEC3PARAM RRset. [RT #22363] + 2979. [bug] named could deadlock during shutdown if two "rndc stop" commands were issued at the same time. [RT #22108] 2978. [port] hpux: look for [RT #21919] +2977. [bug] 'nsupdate -l' report if the session key is missing. + [RT #21670] + 2976. [bug] named could die on exit after negotiating a GSS-TSIG key. [RT #22573] -2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() aquired the +2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the wrong lock which could lead to server deadlock. [RT #22614] +2974. [bug] Some valid UPDATE requests could fail due to a + consistency check examining the existing version + of the zone rather than the new version resulting + from the UPDATE. [RT #22413] + +2973. [bug] bind.keys.h was being removed by the "make clean" + at the end of configure resulting in build failures + where there is very old version of perl installed. + Move it to "make maintainer-clean". [RT #22230] + +2972. [bug] win32: address windows socket errors. [RT #21906] + +2971. [bug] Fixed a bug that caused journal files not to be + compacted on Windows systems as a result of + non-POSIX-compliant rename() semantics. [RT #22434] + +2970. [security] Adding a NO DATA negative cache entry failed to clear + any matching RRSIG records. A subsequent lookup of + of NO DATA cache entry could trigger a INSIST when the + unexpected RRSIG was also returned with the NO DATA + cache entry. + + CVE-2010-3613, VU#706148. [RT #22288] + +2969. [security] Fix acl type processing so that allow-query works + in options and view statements. Also add a new + set of tests to verify proper functioning. + + CVE-2010-3615, VU#510208. [RT #22418] + +2968. [security] Named could fail to prove a data set was insecure + before marking it as insecure. One set of conditions + that can trigger this occurs naturally when rolling + DNSKEY algorithms. + + CVE-2010-3614, VU#837744. [RT #22309] + +2967. [bug] 'host -D' now turns on debugging messages earlier. + [RT #22361] + +2966. [bug] isc_print_vsnprintf() failed to check if there was + space available in the buffer when adding a left + justified character with a non zero width, + (e.g. "%-1c"). [RT #22270] + 2965. [func] Test HMAC functions using test data from RFC 2104 and RFC 4634. [RT #21702] +2964. [placeholder] + +2963. [security] The allow-query acl was being applied instead of the + allow-query-cache acl to cache lookups. [RT #22114] + +2962. [port] win32: add more dependencies to BINDBuild.dsw. + [RT #22062] + +2961. [bug] Be still more selective about the non-authoritative + answers we apply change 2748 to. [RT #22074] + 2960. [func] Check that named accepts non-authoritative answers. [RT #21594] 2959. [func] Check that named starts with a missing masterfile. [RT #22076] +2958. [bug] named failed to start with a missing master file. + [RT #22076] + 2957. [bug] entropy_get() and entropy_getpseudo() failed to match the API for RAND_bytes() and RAND_pseudo_bytes() respectively. [RT #21962] 2956. [port] Enable atomic operations on the PowerPC64. [RT #21899] +2955. [func] Provide more detail in the recursing log. [RT #22043] + 2954. [bug] contrib: dlz_mysql_driver.c bad error handling on build_sqldbinstance failure. [RT #21623] @@ -98,10 +309,26 @@ exact match" message when returning a wildcard no data response. [RT #21744] +2952. [port] win32: named-checkzone and named-checkconf failed + to initialise winsock. [RT #21932] + +2951. [bug] named failed to generate a correct signed response + in a optout, delegation only zone with no secure + delegations. [RT #22007] + 2950. [bug] named failed to perform a SOA up to date check when falling back to TCP on UDP timeouts when ixfr-from-differences was set. [RT #21595] +2949. [bug] dns_view_setnewzones() contained a memory leak if + it was called multiple times. [RT #21942] + +2948. [port] MacOS: provide a mechanism to configure the test + interfaces at reboot. See bin/tests/system/README + for details. + +2947. [placeholder] + 2946. [doc] Document the default values for the minimum and maximum zone refresh and retry values in the ARM. [RT #21886] @@ -110,12 +337,59 @@ 2944. [maint] Remove ORCHID prefix from built in empty zones. [RT #21772] +2943. [func] Add support to load new keys into managed zones + without signing immediately with "rndc loadkeys". + Add support to link keys with "dnssec-keygen -S" + and "dnssec-settime -S". [RT #21351] + 2942. [contrib] zone2sqlite failed to setup the entropy sources. [RT #21610] 2941. [bug] sdb and sdlz (dlz's zone database) failed to support DNAME at the zone apex. [RT #21610] +2940. [port] Remove connection aborted error message on + Windows. [RT #21549] + +2939. [func] Check that named successfully skips NSEC3 records + that fail to match the NSEC3PARAM record currently + in use. [RT# 21868] + +2938. [bug] When generating signed responses, from a signed zone + that uses NSEC3, named would use a uninitialised + pointer if it needed to skip a NSEC3 record because + it didn't match the selected NSEC3PARAM record for + zone. [RT# 21868] + +2937. [bug] Worked around an apparent race condition in over + memory conditions. Without this fix a DNS cache DB or + ADB could incorrectly stay in an over memory state, + effectively refusing further caching, which + subsequently made a BIND 9 caching server unworkable. + This fix prevents this problem from happening by + polling the state of the memory context, rather than + making a copy of the state, which appeared to cause + a race. This is a "workaround" in that it doesn't + solve the possible race per se, but several experiments + proved this change solves the symptom. Also, the + polling overhead hasn't been reported to be an issue. + This bug should only affect a caching server that + specifies a finite max-cache-size. It's also quite + likely that the bug happens only when enabling threads, + but it's not confirmed yet. [RT #21818] + +2936. [func] Improved configuration syntax and multiple-view + support for addzone/delzone feature (see change + #2930). Removed "new-zone-file" option, replaced + with "allow-new-zones (yes|no)". The new-zone-file + for each view is now created automatically, with + a filename generated from a hash of the view name. + It is no longer necessary to "include" the + new-zone-file in named.conf; this happens + automatically. Zones that were not added via + "rndc addzone" can no longer be removed with + "rndc delzone". [RT #19447] + 2935. [bug] nsupdate: improve 'file not found' error message. [RT #21871] @@ -136,6 +410,17 @@ revisit the issue and complete the fix later. [RT #21710] +2930. [experimental] New "rndc addzone" and "rndc delzone" commads + allow dynamic addition and deletion of zones. + To enable this feature, specify a "new-zone-file" + option at the view or options level in named.conf. + Zone configuration information for the new zones + will be written into that file. To make the new + zones persist after a restart, "include" the file + into named.conf in the appropriate view. (Note: + This feature is not yet documented, and its syntax + is expected to change.) [RT #19447] + 2929. [bug] Improved handling of GSS security contexts: - added LRU expiration for generated TSIGs - added the ability to use a non-default realm @@ -145,19 +430,49 @@ smaller) [RT #19737] +2928. [bug] Be more selective about the non-authoritative + answer we apply change 2748 to. [RT #21594] + +2927. [placeholder] + +2926. [placeholder] +h +2925. [bug] Named failed to accept uncachable negative responses + from insecure zones. [RT# 21555] + +2924. [func] 'rndc secroots' dump a combined summary of the + current managed keys combined with trusted keys. + [RT #20904] + 2923. [bug] 'dig +trace' could drop core after "connection timeout". [RT #21514] 2922. [contrib] Update zkt to version 1.0. +2921. [bug] The resolver could attempt to destroy a fetch context + too soon. [RT #19878] + +2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively + to IPv4 clients. New acl 'filter-aaaa' (default any). + +2919. [func] Add autosign-ksk and autosign-zsk virtual time tests. + [RT #20840] + 2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET. +2917. [func] Virtual time test framework. [RT #20801] + 2916. [func] Add framework to use IPv6 in tests. fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7 2915. [cleanup] Be smarter about which objects we attempt to compile based on configure options. [RT #21444] +2914. [bug] Make the "autosign" system test more portable. + [RT #20997] + +2913. [func] Add pkcs#11 system tests. [RT #20784] + 2912. [func] Windows clients don't like UPDATE responses that clear the zone section. [RT #20986] @@ -166,9 +481,17 @@ 2910. [func] Sanity check Kerberos credentials. [RT #20986] +2909. [bug] named-checkconf -p could die if "update-policy local;" + was specified in named.conf. [RT #21416] + 2908. [bug] It was possible for re-signing to stop after removing a DNSKEY. [RT #21384] +2907. [bug] The export version of libdns had undefined references. + [RT #21444] + +2906. [bug] Address RFC 5011 implementation issues. [RT #20903] + 2905. [port] aix: set use_atomic=yes with native compiler. [RT #21402] @@ -177,23 +500,55 @@ secure leading to negative proofs failing. This was a unintended outcome from change 2890. [RT# 21392] +2903. [bug] managed-keys-directory missing from namedconf.c. + [RT #21370] + +2902. [func] Add regression test for change 2897. [RT #21040] + 2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316] +2900. [bug] The placeholder negative caching element was not + properly constructed triggering a INSIST in + dns_ncache_towire(). [RT #21346] + 2899. [port] win32: Support linking against OpenSSL 1.0.0. 2898. [bug] nslookup leaked memory when -domain=value was specified. [RT #21301] +2897. [bug] NSEC3 chains could be left behind when transitioning + to insecure. [RT #21040] + +2896. [bug] "rndc sign" failed to properly update the zone + when adding a DNSKEY for publication only. [RT #21045] + +2895. [func] genrandom: add support for the generation of multiple + files. [RT #20917] + 2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294] +2893. [bug] Improve managed keys support. New named.conf option + managed-keys-directory. [RT #20924] + +2892. [bug] Handle REVOKED keys better. [RT #20961] + 2891. [maint] Update empty-zones list to match draft-ietf-dnsop-default-local-zones-13. [RT# 21099] +2890. [bug] Handle the introduction of new trusted-keys and + DS, DLV RRsets better. [RT #21097] + 2889. [bug] Elements of the grammar where not properly reported. [RT #21046] 2888. [bug] Only the first EDNS option was displayed. [RT #21273] +2887. [bug] Report the keytag times in UTC in the .key file, + local time is presented as a comment within the + comment. [RT #21223] + +2886. [bug] ctime() is not thread safe. [RT #21223] + 2885. [bug] Improve -fno-strict-aliasing support probing in configure. [RT #21080] @@ -209,12 +564,21 @@ 2881. [bug] Reduce the amount of time the rbtdb write lock is held when closing a version. [RT #21198] +2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke + consistent. [RT #21078] + 2879. [contrib] DLZ bdbhpt driver fails to close correct cursor. [RT #21106] +2878. [func] Incrementally write the master file after performing + a AXFR. [RT #21010] + 2877. [bug] The validator failed to skip obviously mismatching RRSIGs. [RT #21138] +2876. [bug] Named could return SERVFAIL for negative responses + from unsigned zones. [RT #21131] + 2875. [bug] dns_time64_fromtext() could accept non digits. [RT #21033] @@ -222,8 +586,22 @@ successfully responds to the query using plain DNS. [RT #20930] +2873. [bug] Cancelling a dynamic update via the dns/client module + could trigger an assertion failure. [RT #21133] + +2872. [bug] Modify dns/client.c:dns_client_createx() to only + require one of IPv4 or IPv6 rather than both. + [RT #21122] + +2871. [bug] Type mismatch in mem_api.c between the definition and + the header file, causing build failure with + --enable-exportlib. [RT #21138] + 2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET. +2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call. + [RT #20877] + 2868. [cleanup] Run "make clean" at the end of configure to ensure any changes made by configure are integrated. Use --with-make-clean=no to disable. [RT #20994] @@ -245,6 +623,11 @@ 2862. [bug] nsupdate didn't default to the parent zone when updating DS records. [RT #20896] +2861. [doc] dnssec-settime man pages didn't correctly document the + inactivation time. [RT #21039] + +2860. [bug] named-checkconf's usage was out of date. [RT #21039] + 2859. [bug] When cancelling validation it was possible to leak memory. [RT #20800] @@ -257,111 +640,18 @@ 2856. [bug] The size of a memory allocation was not always properly recorded. [RT #20927] -2853. [bug] add_sigs() could run out of scratch space. [RT #21015] - -2851. [doc] nslookup.1, removed from the docbook - source as it produced bad nroff. [RT #21007] - - --- 9.6-ESV-R3 released --- - -2972. [bug] win32: address windows socket errors. [RT #21906] - -2971. [bug] Fixed a bug that caused journal files not to be - compacted on Windows systems as a result of - non-POSIX-compliant rename() semantics. [RT #22434] - -2970. [security] Adding a NO DATA negative cache entry failed to clear - any matching RRSIG records. A subsequent lookup of - of NO DATA cache entry could trigger a INSIST when the - unexpected RRSIG was also returned with the NO DATA - cache entry. - - CVE-2010-3613, VU#706148. [RT #22288] - -2969. [security] Fix acl type processing so that allow-query works - in options and view statements. Also add a new - set of tests to verify proper functioning. - - CVE-2010-3615, VU#510208. [RT #22418] - -2968. [security] Named could fail to prove a data set was insecure - before marking it as insecure. One set of conditions - that can trigger this occurs naturally when rolling - DNSKEY algorithms. - - CVE-2010-3614, VU#837744. [RT #22309] - -2967. [bug] 'host -D' now turns on debugging messages earlier. - [RT #22361] - -2966. [bug] isc_print_vsnprintf() failed to check if there was - space available in the buffer when adding a left - justified character with a non zero width, - (e.g. "%-1c"). [RT #22270] - -2964. [bug] view->queryacl was being overloaded. Seperate the - usage into view->queryacl, view->cacheacl and - view->queryonacl. [RT #22114] - -2962. [port] win32: add more dependencies to BINDBuild.dsw. - [RT #22062] - -2952. [port] win32: named-checkzone and named-checkconf failed - to initialise winsock. [RT #21932] - -2951. [bug] named failed to generate a correct signed response - in a optout, delegation only zone with no secure - delegations. [RT #22007] - - --- 9.6-ESV-R2 released --- - -2939. [func] Check that named successfully skips NSEC3 records - that fail to match the NSEC3PARAM record currently - in use. [RT# 21868] - -2937. [bug] Worked around an apparent race condition in over - memory conditions. Without this fix a DNS cache DB or - ADB could incorrectly stay in an over memory state, - effectively refusing further caching, which - subsequently made a BIND 9 caching server unworkable. - This fix prevents this problem from happening by - polling the state of the memory context, rather than - making a copy of the state, which appeared to cause - a race. This is a "workaround" in that it doesn't - solve the possible race per se, but several experiments - proved this change solves the symptom. Also, the - polling overhead hasn't been reported to be an issue. - This bug should only affect a caching server that - specifies a finite max-cache-size. It's also quite - likely that the bug happens only when enabling threads, - but it's not confirmed yet. [RT #21818] - -2925. [bug] Named failed to accept uncachable negative responses - from insecure zones. [RT# 21555] +2855. [func] nsupdate will now preserve the entered case of domain + names in update requests it sends. [RT #20928] -2921. [bug] The resolver could attempt to destroy a fetch context - too soon. [RT #19878] +2854. [func] dig: allow the final soa record in a axfr response to + be suppressed, dig +onesoa. [RT #20929] -2900. [bug] The placeholder negative caching element was not - properly constructed triggering a INSIST in - dns_ncache_towire(). [RT #21346] - -2890. [bug] Handle the introduction of new trusted-keys and - DS, DLV RRsets better. [RT #21097] - -2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call. - [RT #20877] - - --- 9.6-ESV-R1 released --- - -2876. [bug] Named could return SERVFAIL for negative responses - from unsigned zones. [RT #21131] - - --- 9.6-ESV released --- +2853. [bug] add_sigs() could run out of scratch space. [RT #21015] 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] - --- 9.6.2 released --- +2851. [doc] nslookup.1, removed from the docbook + source as it produced bad nroff. [RT #21007] 2850. [bug] If isc_heap_insert() failed due to memory shortage the heap would have corrupted entries. [RT #20951] @@ -369,61 +659,225 @@ 2849. [bug] Don't treat errors from the xml2 library as fatal. [RT #20945] +2848. [doc] Moved README.dnssec, README.libdns, README.pkcs11 and + README.rfc5011 into the ARM. [RT #20899] + +2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921] + 2846. [bug] EOF on unix domain sockets was not being handled correctly. [RT #20731] +2845. [bug] RFC 5011 client could crash on shutdown. [RT #20903] + 2844. [doc] notify-delay default in ARM was wrong. It should have been five (5) seconds. - --- 9.6.2rc1 released --- +2843. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from + creating key files if there is a chance that the new + key ID will collide with an existing one after + either of the keys has been revoked. (To override + this in the case of dnssec-keyfromlabel, use the -y + option. dnssec-keygen will simply create a + different, non-colliding key, so an override is + not necessary.) [RT #20838] + +2842. [func] Added "smartsign" and improved "autosign" and + "dnssec" regression tests. [RT #20865] + +2841. [bug] Change 2836 was not complete. [RT #20883] -2838. [func] Backport support for SHA-2 DNSSEC algorithms, - RSASHA256 and RSASHA512, from BIND 9.7. (This - incorporates changes 2726 and 2738 from that - release branch.) [RT #20871] +2840. [bug] Temporary fixed pkcs11-destroy usage check. + [RT #20760] + +2839. [bug] A KSK revoked by named could not be deleted. + [RT #20881] + +2838. [placeholder] 2837. [port] Prevent Linux spurious warnings about fwrite(). [RT #20812] +2836. [bug] Keys that were scheduled to become active could + be delayed. [RT #20874] + +2835. [bug] Key inactivity dates were inadvertently stored in + the private key file with the outdated tag + "Unpublish" rather than "Inactive". This has been + fixed; however, any existing keys that had Inactive + dates set will now need to have them reset, using + 'dnssec-settime -I'. [RT #20868] + +2834. [bug] HMAC-SHA* keys that were longer than the algorithm + digest length were used incorrectly, leading to + interoperability problems with other DNS + implementations. This has been corrected. + (Note: If an oversize key is in use, and + compatibility is needed with an older release of + BIND, the new tool "isc-hmac-fixup" can convert + the key secret to a form that will work with all + versions.) [RT #20751] + +2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime. + [RT #20851] + +2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c + to avoid redefinition in some OSs [RT 20831] + 2831. [security] Do not attempt to validate or cache out-of-bailiwick data returned with a secure answer; it must be re-fetched from its original source and validated in that context. [RT #20819] +2830. [bug] Changing the OPTOUT setting could take multiple + passes. [RT #20813] + +2829. [bug] Fixed potential node inconsistency in rbtdb.c. + [RT #20808] + 2828. [security] Cached CNAME or DNAME RR could be returned to clients without DNSSEC validation. [RT #20737] 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712] +2826. [bug] NSEC3->NSEC transitions could fail due to a lock not + being released. [RT #20740] + 2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that was in the process of being created was not properly recorded in the zone. [RT #20786] +2824. [bug] "rndc sign" was not being run by the correct task. + [RT #20759] + 2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781] +2822. [bug] rbtdb.c:loadnode() could return the wrong result. + [RT #20802] + +2821. [doc] Add note that named-checkconf doesn't automatically + read rndc.key and bind.keys [RT #20758] + +2820. [func] Handle read access failure of OpenSSL configuration + file more user friendly (PKCS#11 engine patch). + [RT #20668] + 2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define. [RT #20771] 2818. [cleanup] rndc could return an incorrect error code when a zone was not found. [RT #20767] +2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls. + [RT #20768] + +2816. [bug] previous_closest_nsec() could fail to return + data for NSEC3 nodes [RT #29730] + 2815. [bug] Exclusively lock the task when freezing a zone. [RT #19838] 2814. [func] Provide a definitive error message when a master zone is not loaded. [RT #20757] - --- 9.6.2b1 released --- +2813. [bug] Better handling of unreadable DNSSEC key files. + [RT #20710] + +2812. [bug] Make sure updates can't result in a zone with + NSEC-only keys and NSEC3 records. [RT 20748] + +2811. [cleanup] Add "rndc sign" to list of commands in rndc usage + output. [RT #20733] + +2810. [doc] Clarified the process of transitioning an NSEC3 zone + to insecure. [RT #20746] + +2809. [cleanup] Restored accidentally-deleted text in usage output + in dnssec-settime and dnssec-revoke [RT #20739] + +2808. [bug] Remove the attempt to install atomic.h from lib/isc. + atomic.h is correctly installed by the architecture + specific subdirectories. [RT #20722] + +2807. [bug] Fixed a possible ASSERT when reconfiguring zone + keys. [RT #20720] + + --- 9.7.0rc1 released --- + +2806. [bug] "rdnc sign" could delay re-signing the DNSKEY + when it had changed. [RT #20703] + +2805. [bug] Fixed namespace problems encountered when building + external programs using non-exported BIND9 libraries + (i.e., built without --enable-exportlib). [RT #20679] + +2804. [bug] Send notifies when a zone is signed with "rndc sign" + or as a result of a scheduled key change. [RT #20700] + +2803. [port] win32: Install named-journalprint, nsec3hash, arpaname + and genrandom under windows. [RT #20670] + +2802. [cleanup] Rename journalprint to named-journalprint. [RT #20670] + +2801. [func] Detect and report records that are different according + to DNSSEC but are semantically equal according to plain + DNS. Apply plain DNS comparisons rather than DNSSEC + comparisons when processing UPDATE requests. + dnssec-signzone now removes such semantically duplicate + records prior to signing the RRset. + + named-checkzone -r {ignore|warn|fail} (default warn) + named-compilezone -r {ignore|warn|fail} (default warn) + + named.conf: check-dup-records {ignore|warn|fail}; + +2800. [func] Reject zones which have NS records which refer to + CNAMEs, DNAMEs or don't have address record (class IN + only). Reject UPDATEs which would cause the zone + to fail the above checks if committed. [RT #20678] + +2799. [cleanup] Changed the "secure-to-insecure" option to + "dnssec-secure-to-insecure", and "dnskey-ksk-only" + to "dnssec-dnskey-kskonly", for clarity. [RT #20586] + +2798. [bug] Addressed bugs in managed-keys initialization + and rollover. [RT #20683] 2797. [bug] Don't decrement the dispatch manager's maxbuffers. [RT #20613] +2796. [bug] Missing dns_rdataset_disassociate() call in + dns_nsec3_delnsec3sx(). [RT #20681] + +2795. [cleanup] Add text to differentiate "update with no effect" + log messages. [RT #18889] + +2794. [bug] Install . [RT #20677] + +2793. [func] Add "autosign" and "metadata" tests to the + automatic tests. [RT #19946] + +2792. [func] "filter-aaaa-on-v4" can now be set in view + options (if compiled in). [RT #20635] + +2791. [bug] The installation of isc-config.sh was broken. + [RT #20667] + 2790. [bug] Handle DS queries to stub zones. [RT #20440] 2789. [bug] Fixed an INSIST in dispatch.c [RT #20576] +2788. [bug] dnssec-signzone could sign with keys that were + not requested [RT #20625] + +2787. [bug] Spurious log message when zone keys were + dynamically reconfigured. [RT #20659] + 2786. [bug] Additional could be promoted to answer. [RT #20663] + --- 9.7.0b3 released --- + +2785. [bug] Revoked keys could fail to self-sign [RT #20652] + 2784. [bug] TC was not always being set when required glue was dropped. [RT #20655] @@ -433,15 +887,65 @@ 2782. [port] win32: use getaddrinfo() for hostname lookups. [RT #20650] +2781. [bug] Inactive keys could be used for signing. [RT #20649] + +2780. [bug] dnssec-keygen -A none didn't properly unset the + activation date in all cases. [RT #20648] + +2779. [bug] Dynamic key revocation could fail. [RT #20644] + +2778. [bug] dnssec-signzone could fail when a key was revoked + without deleting the unrevoked version. [RT #20638] + 2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong. +2776. [bug] Change #2762 was not correct. [RT #20647] + +2775. [bug] Accept RSASHA256 and RSASHA512 as NSEC3 compatible + in dnssec-keyfromlabel. [RT #20643] + +2774. [bug] Existing cache DB wasn't being reused after + reconfiguration. [RT #20629] + +2773. [bug] In autosigned zones, the SOA could be signed + with the KSK. [RT #20628] + 2772. [security] When validating, track whether pending data was from the additional section or not and only return it if validates as secure. [RT #20438] +2771. [bug] dnssec-signzone: DNSKEY records could be + corrupted when importing from key files [RT #20624] + +2770. [cleanup] Add log messages to resolver.c to indicate events + causing FORMERR responses. [RT #20526] + +2769. [cleanup] Change #2742 was incomplete. [RT #19589] + +2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568] + +2767. [bug] named could crash on startup if a zone was + configured with auto-dnssec and there was no + key-directory. [RT #20615] + +2766. [bug] isc_socket_fdwatchpoke() should only update the + socketmgr state if the socket is not pending on a + read or write. [RT #20603] + 2765. [bug] Skip masters for which the TSIG key cannot be found. *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***