[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
BIND 8.2 released
highlights vs. 8.1.2:
preliminary dnssec
transaction signatures
incremental zone transfer
5% savings in memory
better response performance
improved portability
many bug fixes
a few security fixes
the distribution files are:
ftp://ftp.isc.org/isc/bind/src/8.2/bind-8.2-src.tar.gz
ftp://ftp.isc.org/isc/bind/src/8.2/bind-8.2-doc.tar.gz
ftp://ftp.isc.org/isc/bind/src/8.2/bind-8.2-contrib.tar.gz
the md5 checksums are:
8c12e47e5f5777abceaca488230ed5ef bind-8.2-contrib.tar.gz
a5bee5f073016c2e2fb2a835f087ba28 bind-8.2-doc.tar.gz
f45ad0d96c8f4d7338b4c669fee906d8 bind-8.2-src.tar.gz
top of CHANGES says:
--- 8.2 released ---
587. [perf] uses about 5% less memory than 8.1.2 now.
586. [perf] faster at tcp, therefore less blocking on udp.
585. [misc] various releng lint.
584. [bug] IXFR wasn't doing DNSSEC RRtypes.
583. [bug] dnskeygen now fully qualifies its names; better usage.
582. [port] irix needed some patches applied during the build.
581. [bug] match_order() could dump core after "ndc reload".
580. [bug] ip_match_is_none() could dump core.
579. [bug] state names were off by one in src/lib/isc/ctl_srvr.c.
578. [misc] try without "transfer-source" if axfr connect() fails.
577. [contrib] sqlbind-8.
576. [bug] insecure updates weren't supported.
575. [doc] better documentation of key, trusted-key, zone pubkey.
574. [bug] was freeing freed memory on exit.
573. [port] nextstep.
572. [misc] centralize the name hashing logic (widen in some cases)
571. [perf] the new db_marshal() code was taking too much memory.
570. [perf] the lame server storage was taking too much memory.
569. [bug] src/lib/isc/ctl_srvr.c had an incomplete assertion.
568. [doc] Brent Baccala contributed an nsupdate man page.
567. [port] mpe, nextstep.
566. [protocol] upgrade to tsig draft 08.
565. [lint] use right relative paths for dnssafe includes in dst.
564. [bug] default security level for update rr's wasn't set.
563. [bug] debugging output in dprint_key_info() could panic us.
562. [perf] 8.2-t6b used 30% more memory on root name servers than
8.1.2 did. most of that was db_marshal hash tables.
--- 8.2-T6B released ---
561. [bug] DST more graceful in handling unsupported algorithms.
560. [feature] lame server ttl now a configuration option. Re-enable
lame server negative caching.
559. [bug] sysquery() was still using the child's name when it
switched to using the parent's NS list causing false
lame server reports.
558. [bug] disable lame server negative caching for the present.
557. [bug] undersized tcp messages are now detected early.
556. [bug] DNSSEC fine tuning.
555. [bug] the named.conf lexer was depending on two characters
worth of putback buffer, ansi c guarantees one char.
554. [port] port to "next" contributed by jack bryans.
553. [contrib] added "snoof", another script kiddie toy.
552. [bug] allow-query didn't interact well with external cnames.
551. [bug] validate_zone could crash the server.
550. [lint] ns_maint was using ns_log_default, not ns_log_in_xfer.
549. [port] netbsd and openbsd improved. prand_conf improved.
548. [bug] ns_resp was using the wrong logging category.
547. [bug] dig was reinit'ing its resolver flags incorrectly.
546. [bug] nsupdate didn't handle HINFO,ISDN,TXT,X25 correctly.
545. [feature] added dnssafe back in.
544. [feature] removed DES encryption support.
543. [port] cleaned cylink of non used definitons in headerfiles.
542. [bug] include/dst no longer needed
541. [bug] CERT records are allowed to have alg == 0.
540. [doc] Removed outdated doc/secure, updated dnssigner
documentation, updated dnskeygen.1
539. [bug] db_dump() was misparsing CERT records.
538. [feature] The KEY set is along with SOA, NS, A, AAAA records.
537. [bug] Multiple signatures are handled correctly.
536. [bug] SIG record expiration should be checked when the
SIG is verified.
535. [bug] Queries for SIG records of non-authoritative
names should not look in the cache or cache the
results.
534. [bug] DNSSEC SIG records are dropped when they don't
sign any data correctly.
533. [bug] SIG and NXT records are correctly handled when
received in responses by named
532. [bug] dynamic update data is now always considered
insecure, rather than having no security status.
531. [bug] dynamic update can again remove all data associated
with a name (type ANY, class ANY).
530. [lint] downgraded "ctl: unexpected eof" from error to debug.
529. [port] unixware 7 port received.
528. [bug] timeouts could make ctl_srvr dump core.
527. [bug] we were not reliably reaping our children.
526. [bug] Cached CNAMES pointing to servers returning Type 3/4
NXDOMAIN are translated to Type 3 NODATA responses.
525. [bug] nscount could be short if we had to recurse after
following a cname and we got a negative response.
NS rrset got split between AU and AD sections.
524. [protocol] RFC 2308 support added.
523. [feature] mark lame servers as such and don't use them for NTTL.
522. [port] solaris 7 is now known to work.
521. [port] sunos4 should be supported now.
520. [bug] inet_pton() was allowing some bad ipv6 addresses in.
519. [bug] refuse duplicate also-notify's; optimize logging.
518. [port] hpux portability fixes.
517. [contrib] dnswalk wasn't copying with 8.* "dig" output.
516. [port] MPE portability fix.
--- 8.2-T5B released ---
515. [security] lib/dnssafe code removed; now a separate patch.
514. [port] freebsd patches.
513. [bug] memory leak in res_mkupdate().
512. [bug] $GENERATE could use an unset ttl.
511. [bug] $TTL warning test was wrong.
510. [port] bugs and things found by the netbsd folks.
509. [bug] The labels field in the SIG record may be less than
the number of labels in the domain name if the
owner of the SIG is a wildcard.
508. [bug] rrset ordering contained an off-by-one error
507. [bug] NXT set processing was not distinguishing
between the upper and lower sets at delegation
points.
506. [contrib] more script-kiddie toys, this time contrib/adm.
505. [bug] the ixfr changes to named-xfer destabilized stubs.
504. [port] some IRIX problems fixed.
503. [bug] ixfr wasn't correctly setting up its qsp.
--- 8.2-T4A released ---
502. [bug] some config file parsing was still using malloc().
501. [feature] named sets the AD bit in the header when returning
authenticated data
500. [bug] dst_verify_data returns the documented error codes
499. [bug] verify_set now verifies the correct data
498. [bug] ixfr was not completely finished.
497. [bug] don't put zone 0 on the free list.
496. [bug] Losing all but last RR of RRset.
495. [port] random portability noise.
494. [bug] sysquery() should not let nlookup() change its data.
493. [feature] add "options ... rrset_order ... cyclic|random|etc".
this allows round robin to be turned off selectively,
or replaced with pseudorandom ordering, or whatever.
492. [bug] src/bin/named/db_sec.c was memputting objects twice.
491. [feature] add IRP (Information Retrieval Protocol) and daemon.
this is functionally similar to solaris "nscd".
490. [bug] lib/isc/ctl_srvr.c couldn't overlap read and write.
(also: add session context set/get.)
489. [bug] "cname and other data" was more complex than thought.
488. [port] some netbsd portability stuff. (still not working?)
487. [port] digital unix 3.2 wasn't working (4.0d was though).
486. [feature] add "sortlist", which may yet be merged/renamed into
the "topology" verb.
485. [bug] do not complain about default TTLs unless a master.
484. [contrib] add contrib/z0ne, a useful tool for crackers.
483. [contrib] add contrib/query-loc[-*] to look up LOC RR's.
482. [bug] all RR's must now be of the same class as the zone.
481. [bug] outbound zone transfers are killed on any UPDATE.
--- 8.2-T3A released ---
480. [bug] ns_update was corrupting TXT records
479. [bug] res_mkupdate was not handling WKS, HINFO, TXT,
X25, ISDN, NSAP and LOC records.
478. [bug] name_pack could leave a bad compression pointer.
477. [port] improved support for FreeBSD 3.0.
476. [bug] BSDI contributed some fixes to the /etc/group parsing.
475. [bug] another memory leak in hesiod_resolve().
474. [bug] SRV RR names were being compressed on output.
473. [feature] IXFR is no longer optional and has been cleaned up.
472. [bug] IXFR was disabling USE_PID_FILE.
471. [feature] add support for CERT records.
470. [bug] rrset_db_upgrade was updating the wrong cache.
469. [performance] use a free list for unused zones.
468. [feature] add getaddrinfo, courtesy of WIDE.
467. [lint] include/dst/dst.h moved to include/isc/dst.h.
466. [bug] fix core dump introduced with tsig glue.
--- 8.2-T2A released ---
465. [bug] ref counting bug in ns_xfr.
464. [bug] correct cut&pasteo in IXFR config syntax.
463. [lint] clean psf files after top level "make tar".
--- 8.2-T1A released ---
462. [feature] we now use randomized query id's.
461. [feature] new option "version" added.
460. [feature] add initial IXFR support from Check Point Technologies.
459. [bug] res_update() was putting debugging info on stderr.
458. [doc] add named.conf(5), improve doc/html.
457. [feature] named-bootconf is now written in /bin/sh and it is
now installed in ${DESTSBIN}.
456. [bug] res->defdname[] wasn't always properly \0 terminated.
455. [bug] _PATH_MEMSTATS was never being used.
454. [doc] the html docs weren't clear about logging having to
be specified first in the named.conf file.
453. [feature] add zone type "forward" for selective forwarding
(sometimes called "split horizon" or "fake root").
452. [bug] lib/irs/* was generally not coping with
oversized lines and files not ending in \n.
451. [port] BSD/OS 2.* is now a separate port.
450. [Feature] added DNS key generator in bin/dnskeygen.
449. [contrib] added DNS zone signer in contrib/dns_signer.
448. [doc] sample named.conf and html documentation include
examples of DNSSEC / TSIG configurations.
447. [feature] named verifies TSIG records on incoming messages, and
generates TSIG records on outgoing messages.
446. [feature] res_nsendsigned, res_nfindprimary, res_nsendupdate
provide TSIG aware resolver functions.
445. [feature] ns_sign and ns_verify generate/authenticate TSIG
signatures on DNS messages. ns_sign_tcp,
ns_sign_tcp_init, ns_verify_tcp, and
ns_verify_tcp_init are used for tcp transfers.
444. [feature] acls can now include shared key names.
443. [feature] added DNSSEC verification of zone data on load and
partial verification of signed data received over
the wire.
442. [feature] lib/dst (TIS digital signature toolkit), lib/dnssafe,
and lib/cylink added to provide functionality
needed for DNSSEC and transaction signatures.
441. [bug] fixed memory leak in hesoid support.
440. [bug] support for res in lib irs was a mess. _res now
controls the behaviour of get*by*() again.
439. [bug] fix *END_RESULT macros in port/solaris/port_before.h.
438. [feature] permit the install user and group to be overridden.
437. [feature] TCP truncation now reports IP address of the server.
436. [bug] memory leaks in nsupdate.
435. [doc] updated resolver.3
434. [bug] named.run was not always being created when ndc trace
was run.
433. [bug] req_notify required the slave zone to have been loaded.
this may not be the case when a zone has expired or
is being established over a dial on demand link.
432. [feature] blackhole queries from these nets. do not use these
nets to resolve queries.
431. [feature] loop breaking with UDP based well known services.
430. [bug] memory leaks in dispatch_message.
429. [feature] fast retries on host/net unreachable.
428. [bug] CNAME and other data is now a hard error.
427. [feature] support very large numbers of virtual interfaces.
426. [bug] bring named closer into line with the data ranking
in RFC 2181, Section 5.4.1.
425. [bug] removed spurious debug statment that generated a lot
false bug reports.
424. [bug] closed file descriptor leaks in ns_update.
423. [feature] loc_ntoa() can now accept NULL like other _ntoa's.
422. [feature] you can now specify a port on the master statement
to allow transfers from a non standard port.
421. [feature] warn when the root hints do not match reality.
420. [misc] added support for bcc (bounds checking compiler).
419. [feature] bring negative caching into RFC 2308 compliance.
418. [bug] expire now behaviour now as per RFC 1034/1035.
417. [bug] updates and zone transfers weren't locking eachother.
416. [port] support added for HPUX B.11.*
415. [feature] ndc is a C program now, uses new "controls" subsystem.
414. [feature] "controls" element of named.conf now live and working.
413. [feature] octal and hexadecimal numbers now parsed in named.conf.
412. [bug] we now support 2**24-1 (16M) zones. (need namespaces!)
411. [bug] fix *END_RESULT macros in port/bsdos/port_before.h
410. [feature] added support for dial on demand links between
servers.
409. [port] remove aggregious use of snprintf().
408. [feature] add -b option to dig to set srcaddr of tcp connects.
407. [feature] added $GENERATE to generate sets of RR's that only
differ by an interator.
406. [doc] added manpage for inet_cidr_ntop() inet_cidr_pton().
405. [bug] res_nsend() closed sockets unnecessarily on timeout.
handle change NS list and RES_STAYOPEN generically.
404. [bug] inet_addr/inet_aton/inet_network accepted illegal
inputs as legal. Also enforce octal input.
403. [bug] inet_cidr_ntop() was not producing correct output for
all possible inputs.
402. [bug] fix retry/retransmit logic in face of network errors.
401. [doc] the "transfer-source" zone option wasn't documented.
400. [bug] bin/host was dumping core - converted to use getopt.
399. [port] use time() rather than gettimeofday() in dig.
398. [bug] named could exit silently on assertion failures,
now assertion failures are logged using INSIST.
397. [port] add an AIX 3.2 port (requires GNU utilities).
396. [bug] dig and nslookup allowed sscanf/sprintf overflows.
395. [bug] dig and nslookup were unable to deal with 64KB answers.
394. [feature] add RES_NOCHECKNAME and "options no-check-names" (in
resolv.conf) to turn off modern host/mail name checks.
393. [bug] lib/isc/tree.c was missing a critical \ (#if DEBUG).
392. [bug] inet_aton() wasn't requiring nonterminal octets to
be in the range of octets, i.e., 1.300.1.1.
391. [bug] fix bug in MAX_XFERS_RUNNING logic.
390. [bug] ns_update() was capable of renaming an open file.
389. [feature] libbind.a now has a "ctl" subsystem, which is planned
to replace signals as a the communication path between
"ndc" and "named". preliminary support is in "named".
388. [feature] preliminary/nonfunctional/nonstandard ZXFR support.
387. [feature] inet_cidr_pton() and inet_cidr_ntop() added.
386. [bug] inet_net_pton() was not parsing hex correctly.
385. [feature] three new options for the RES_OPTIONS environment var
or for the "options" directive in /etc/resolv.conf:
attempts:NN default res.retry
timeout:NN default res.retrans
rotate use ALL listed nameservers
384. [feature] there is now a nearly-thread-safe resolver API, with
the old non-thread-safe API being a set of stubs on
top of this. it is possible to program without _res.
note: the documentation has not been updated. also
note: IRS is a thread-ready API, get*by*() is not.
(see ../contrib/manyhosts for an example application.)
383. [contrib] bsdi contributed an /etc/services.db hack, which is
currently conditionalized for bsd/os but would work
on any modern BSD-derived system (DB, snprintf, etc).
382. [port] bsd/os 4.0 defines its own pselect(), which differs
from the one we simulated. we now simulate the right
one, and use the right one.
381. [contrib] added contrib/srv, the beginnings of SRV client side.
--- 8.1.2 released ---
...