1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
1007. [port] config.guess, config.sub from autoconf-2.52.
1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2.
1009. [port] OpenUNIX 8 support. [RT #1728]
1011. [cleanup] Removed isc_dir_current().
1024. [port] Compilation failed on HP-UX 11.11 due to
incompatible use of the SIOCGLIFCONF macro
name. [RT #1831]
[needs more work]
1025. [bug] Don't use multicast addresses to resolve iterative
queries. [RT #101]
1034. [bug] Ignore the RD bit on multicast queries as specified
in RFC 1123. [RT #137]
1035. [bug] If we respond to multicast queries (which we
currently do not), respond from a unicast address
as specified in RFC 1123. [RT #137]
1037. [bug] Negative responses whose authority section contain
SOA or NS records whose owner names are not equal
equal to or parents of the query name should be
rejected. [RT #1862]
1073. [bug] The ADB cache cleaning should also be space driven.
[RT #1915, #1938]
[ New function dns_adb_setadbsize() ]
1079. [bug] BIND 8 compatibility: accept bare elements at top
level of sort list treating them as if they were
a single element list. [RT #1963]
1080. [bug] BIND 8 compatibility: accept bare IP prefixes
as the second element of a two-element top level
sort list statement. [RT #1964]
1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
[Functional change]
1110. [bug] dig should only accept valid abbreviations of +options.
[RT #2003]
[Potentially breaks scripts. Leave to 9.3.0.]
1143. [bug] When a trusted-keys statement was present and named
was built without crypto support, it would leak memory.
[ Not applicable to 9.2 ]
1150. [bug] named incorrectly accepted TTL values
containing plus or minus signs, such as
1d+1h-1s.
[ Uses new function isc_parse_uint32() ]
1151. [bug] nslookup failed to check that the arguments to
the port, timeout, and retry options were
valid integers and in range. [RT #2099]
[ Uses new function isc_parse_uint32() ]
1159. [bug] MD and MF are not permitted to be loaded by RFC1123
[ Could cause zones that loaded in 9.2.0 to fail
to load. Leave such breakages to 9.3.0. ]
1187. [bug] named was incorrectly returning DNSSEC records
in negative responses when the DO bit was not set.
[ Requires API change (new argument) to
dns_rdataset_towire(), dns_rdataset_towirepartial()
and dns_rdataset_towirepartial() ]
1192. [bug] The seconds fields in LOC records were restricted
to three decimal places. More decimal places should
be allowed but warned about.
1209. [bug] Dig, host, nslookup were not checking the message ids
on the responses. [RT #2454]
1224. [bug] 'rrset-order' and 'sortlist' should be additive
not exclusive.
[tightly coupled with 'cyclic' and 'random' support]
1233. [bug] The flags field of a KEY record can be expressed in
hex as well as decimal.
[ Not applicable to 9.2.x ]
1234. [bug] contrib/sdb: 'zonetodb' failed to call
dns_result_register(). DNS_R_SEENINCLUDE should not
be fatal.
1243. [bug] It was possible to trigger a REQUIRE() in
dns_message_findtype(). [RT #2659]
1247. [bug] Don't reset the interface index for link/site local
addresses. [RT #2576]
[depends on new functions]
1255. [bug] When verifying that an NXT proves nonexistence, check
the rcode of the message and only do the matching NXT
check. That is, for NXDOMAIN responses, check that
the name is in the range between the NXT owner and
next name, and for NOERROR NODATA responses, check
that the type is not present in the NXT bitmap.
[required changes from DS support]
1271. [bug] "recursion available: {denied,approved}" was too
confusing.
1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
would incorrectly duplicate its output and sign it.
[DS specific]
1322. [bug] dnssec-signzone usage message was misleading.
[DS specific]
1328. [bug] The validator could incorrectly verify an invalid
negative proof.
[DS specific]
1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
1362. [bug] remove IFF_RUNNING test when scanning interfaces.
1371. [bug] notify-source-v6, transfer-source-v6 and
query-source-v6 with explicit addresses and using the
same ports as named was listening on could interfere
with nameds ability to answer queries sent to those
addresses.
1386. [bug] named-checkzone -z stopped on errors in a zone.
[RT #3653]
1392. [bug] named-checkzone: update usage.
1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
is not available in the kernel to prevent accidently
listening on IPv4 interfaces.
1398. [doc] ARM: notify-also should have been also-notify.
[RT #4345]
1400. [bug] Block the addition of wildcard NS records by IXFR
or UPDATE. [RT #3502]
1404. [bug] libbind: ns_name_ntol() could overwrite a zero length
buffer.
1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
1430. [port] linux: IPv6 interface scanning support.
1433. [bug] named could trigger a REQUIRE failure if it could
not get a file descriptor when attempting to write
a master file. [RT #4347]
1454. [port] Use getifaddrs() if available for interface scanning.
--disable-getifaddrs to override. Glibc currently
has a getifaddrs() that does not support IPv6.
Use --enable-getifaddrs=glibc to force the use of
this version under linux machines.
|
