1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-04 12:52:15 +00:00
freebsd/usr.sbin/named/CHANGES
Peter Wemm ebcbc731ab Import named-4.9.3-patch1
This is a small fix, as a result of talking to Ultrix Hesiod-enabled
named's.  Apparently there are some buffer overruns causing data
mangling.
1996-01-22 04:55:42 +00:00

2409 lines
97 KiB
Plaintext

$Id: CHANGES,v 8.27 1996/01/09 20:23:45 vixie Exp $
--- 4.9.3-p1 released ---
575. [port] Ultrix/Hesiod named responses are oversized, we were
incorrectly accepting them and then overwriting the stack.
574. [port] BSD/OS 2.1 required some ./BSD/Makefile changes.
--- 4.9.3-rel released ---
573. [contrib] put in "951231" version of contrib/host.
572. [doc] new file doc/info/SCO-2 concerning <sys/param.h> porting.
571. [bug] zones whose master files contained only $INCLUDEs were
incorrectly considered to not have any RR's (old bug.)
570. [doc] trivial man/named.8 tweak.
569. [doc] minor documentation tweak to shres/solaris/ISSUES.
--- 4.9.3-beta34 released ---
568. [bug] very minor initialization bug fixed in tools/dig.c.
567. [bug] disabled VALIDATE; all this code is trash and will be removed
along with ALLOW_UPDATES very early in the next alpha cycle.
we are now back to the B26 level of stability, with several
minor bug fixes from intervening betas.
566. [bug] fixed memory leak introduced in #565.
--- 4.9.3-beta33 released ---
565. [proto] we were generating truncated RRsets due to VALIDATE bugs.
564. [proto] we weren't stopping early enough on some kinds of truncation.
563. [doc] added doc/info/Solaris, concerning Sun Patch-ID# 102165-02.
562. [bug] named/ns_resp.c had an overzealous #ifdef.
561. [port] tools/nslookup/getinfo.c had an ANSI C nit.
560. [port] shres/netbsd and Makefile's netbsd stuff was wrong.
559. [doc] shres/* documentation had more pathname problems.
558. [port] SCO OSE5 portability problem (minor).
557. [doc] added doc/misc/style.txt out of my archives.
556. [contrib] updated contrib/arlib, contrib/dnsparse (really!).
555. [bug] quoted newlines were still broken even after #509.
554. [bug] dangling CNAME cache chains could make named dump core.
553. [bug] forwarders didn't work well with VALIDATE.
--- 4.9.3-beta32 released ---
552. [doc] ./Makefile had some out of date comments.
551. [bug] shres/sunos/* needed some fine tuning.
550. [contrib] contrib/dnsparse replaced with a later version.
--- 4.9.3-beta31 released ---
549. [bug] "make links" hadn't been tested in a while; shres/* req'd chg.
548. [bug] shres/sunos/* needed some fixups due to a late Sun patch.
547. [doc] Makefile comments for Linux were out of date.
546. [doc] OPTIONS had an incorrect path name and some factual errors.
545. [bug] shres/sunos/Makefile had some incorrect path names.
--- 4.9.3-beta30 released ---
544. [port] some systems with broken CPP's wouldn't compile ns_req.c.
543. [bug] query restart bug in ns_resp.c.
--- 4.9.3-beta29 released ---
542. [port] rearranged signal() calls to make POSIX + SYSV possible.
541. [port] padded _res to 512 bytes; moved initialized data to res_data.c.
540. [port] added experimental shres/netbsd/ directory.
539. [bug] we weren't able to load 0 ttl's in zone files.
538. [doc] BOG corrections.
--- 4.9.3-beta28 never released ---
537. [contrib] new contrib/lamers/ directory.
536. [bug] there was a possible deadlock condition over missing glue.
535. [bug] previous patch to db_load() was misapplied.
534. [bug] several ancient cache corruption bugs fixed in ns_resp().
533. [root] root servers required a new ``no-fetch-glue'' option.
532. [bug] all kinds of stuff was broken under shres/ due to new subdir.
--- 4.9.3-beta27 released ---
531. [bug] limited support for labels containing \. (literal dot.)
530. [bug] new root.cache file imported from internic.
529. [bug] another set of bug fixes to the zone transfer scheduler.
528. [bug] VALIDATE reenabled but without packet editing.
527. [bug] glue passing through CNAMEs will now be cached properly.
526. [bug] deleted zones should no longer cause core dumps.
525. [func] several messages changed to be more informative.
524. [bug] loc_ntoa() was returning a pointer to a stack variable.
523. [bug] wildcard RR's were being deleted by purge_zone().
522. [bug] "ndc start" didn't work if no pid file existed.
521. [port] Sun SVR4 fixes, including shared library support.
520. [bug] we weren't using "forwarders" if "options forward_only"
wasn't set (in some cases.)
519. [bug] named-xfer wasn't called res_init().
518. [bug] lots of byte order nits.
517. [bug] "tools/host -a" now prints in RR format again.
516. [proto] minimum TTL changes from five minutes to zero seconds.
515. [bug] SOA TTL of zero is no longer considered an error.
514. [bug] division by zero error corrected in ns_refreshtime().
513. [bug] we had the #ifdefs nexted backwards in <netdb.h>.
512. [bug] we were able to dump core while tracing due to a NULL pointer.
511. [bug] DiG wasn't able to suppress all of res_debug.c's comments.
510. [doc] BOG typos. new doc/misc/FAQ. new site in MIRRORS.
509. [bug] another side effect of the inet_aton() change was fixed,
this time it was breaking escaped newlines in named.boot.
508. [contrib] new contrib/host, contrib/misc/settransfer, contrib/msql.
contrib/umich/lame_delegation was withdrawn by the author.
507. [bug] DiG didn't do ndots and was trigger happy about options.
506. [port] NextStep, Interactive, SCO, Digital UNIX, ULTRIX improvements.
505. [bug] we were overly restrictive about nonauthoritative NXDOMAINs.
504. [bug] named was generating corrupt responses in au truncation.
503. [port] shres/* now supports SunOS 4.1.4.
502. [bug] nslookup wasn't behaving properly in the presence of "ndots".
501. [bug] we now delay 5 seconds after an "ndc restart" or "ndc start".
500. [bug] change #494 was incomplete.
--- 4.9.3-beta26 released ---
499. [bug] we needed a SERVFAIL in an error case.
498. [bug] some recently added byte order bugs were stomped;
data_inaddr() was made slightly more conservative.
497. [port] local_hostname_length() moved to its own source file.
496. [bug] Beta25's change to compat/Makefile was wrong.
495. [bug] tools/host.c wasn't processing cnames properly.
--- 4.9.3-beta25 released ---
494. [func] "include" directive in boot file is no longer fatal if the
specified file doesn't exist or is not readable.
493. [bug] new interfaces' UDP sockets weren't affecting select()'s mask.
492. [doc] another round of changes and cleanups to the BOG.
491. [bug] various cleanups to lame server detection.
490. [port] completely new shres/* from CKD.
489. [doc] added a ***NOTE*** to ./INSTALL about operating system files.
488. [port] GNU C Library changes for include/netdb.h.
487. [func] named will try a little bit longer to bind() its stream socket.
486. [contrib] new packages: contrib/inaddrtool and contrib/trnamed.
485. [func] ns_forw will no longer forward to 0.0.0.0, 255.255.255.255,
or 127.0.0.1.
484. [port] more POSIX_SIGNALS conversions.
483. [bug] compat/Makefile wasn't passing on all definitions to submakes.
482. [port] bad bug in NeXT C Library worked around.
481. [doc] RFC 1794 is now included in doc/rfc.
480. [bug] a debugging printf() was accessing freed memory.
479. [port] doc/info/NCR has been replaced.
478. [port] doc/info/interactive has been replaced by its author.
477. [port] UNIXWARE 2.X changes.
476. [bug] ns_init.c was creating files in "//tmp" rather than "/tmp".
475. [bug] inet_aton() reverts to mostly previous behaviour.
474. [bug] PTR->CNAME support added; name test fixed.
473. [func] added gethostbyname2(), improved its man page.
472. [port] Linux connect() can reconnect, res/res_send.c now knows this.
471. [build] several "clean" targets were not removing ".depend" files.
470. [bug] dqflush() was using memory after free()ing it and never closing
any file descriptors and not clearing select()'s mask bits.
--- 4.9.3-beta24 released ---
469. [bug] We no longer share static return buffers across functions in
res_debug.c.
468. [logging] An extraneous haveComplained() was removed from ns_resp.c.
467. [portdoc] Linux build doc changes.
--- 4.9.3-beta23 released ---
466. [doc] big reorg to BOG.
465. [doc] minor corrections to man pages.
464. [port] NEC Makefile changes.
463. [contrib] random updates.
462. [bug] res_send() wasn't always clearing errno, which led to
false-negative return conditions.
461. [port] minor u_char-vs-char lint removed.
460. [port] backed out a recent Linux portability change.
--- 4.9.3-beta22 released ---
459. [port] made a major lint pass.
458. [func] paved over a bad security hole in named-xfer.
457. [bug] negative caching vs (secure_zone | cname checking) bugs.
456. [port] moved all:: target to be first in top level Makefile.
455. [bug] res/res_send.c had a bad macro definition.
454. [doc] RUNSON moved to doc/info. MIRRORS file added.
453. [quality] learntFrom() was reformatted.
452. [doc] minor changes for shlib/ISSUES, tools/nslookup/nslookup.help.
451. [port] linux, NCR, Solaris, NExT portability changes.
450. [func] added RES_NOALIASES flag, needed for security.
449. [bug] we were defining a nonstandard DNS header flag as PR. no more.
--- 4.9.3-beta21 released ---
448. [port] systems with hundreds of network interfaces need big ioctl()'s.
447. [func] zones without NS RR's or with mismatching SOA RR's are caught.
446. [bug] miscellaneous fixes to res/gethnamaddr.c.
445. [bug] the secure_zone logic was incomplete.
444. [bug] bootfile "options" parsing was broken.
443. [bug] named-xfer was munging incoming WKS RR's.
442. [contrib] various cleanups.
--- 4.9.3-beta20 released ---
441. [contrib] put in DOC 2.1.1.
440. [func] change/addition to the "lame delegation" syslog message.
439. [bug] emulation macros WIFSIGNALED and WIFEXITED were bogus.
438. [bug] missing "#ifndef INVQ" added.
437. [doc] man pages and BOG updated to include new B18/B19 features.
436. [port] PIDDIR definition removed from Solaris 2.X.
435. [port] shres/Makefile fixed for new location of inet_addr.c.
434. [port] getnetnamaddr.c had a spurious "#if defined(sun)"
433. [bugs] random typos and glitches from the beta19 afternoon rush.
--- 4.9.3-beta19 released ---
432. [func] we should be much more resistant to root cache corruption now.
431. [bug] tcp socket send buffer will now be set at 16K to avoid blocks.
430. [bug] ns_req.c had two cases where it could overflow a buffer.
429. [bug] the "." zone will now respect the setting of NO_GLUE.
428. [func] 0.0.0.0 A RR's are allowed in the DB but we won't use them.
427. [func] "options fake-iquery" added, users of Sun nslookup take note.
426. [port] include/netdb.h now has some #ifdef sun defs in it.
425. [bug] negative caching bugs in findns() and in ns_forw.c.
424. [func] "limit transfers-per-ns" directive added.
423. [bug] infinite loop fixed in named-xfer.c's version number printing.
422. [bug] gethostbyname() of a dotted quad in an auto variable will
no longer cause the caller to consume random stack trash.
421. [port] inet_aton() has moved from lib44bsd.a back to libresolv.a.
420. [func] any punctuation character can now terminate an inet_aton().
419. [port] use sigemptyset(), sigaddset() - in preference to sigmask().
--- 4.9.3-beta18 released ---
418. [bug] ``close(11): interrupted system call'' now fixed.
417. [bug] big name servers would never refresh all their zones since
tryxfer() wasn't a "fair" scheduler. it is now.
416. [func] SOA syntax errors will now lead to dead zones, not dead srvrs.
415. [func] expiration values lower than refresh values cause a warning.
414. [func] added "options" and "limit" directives to named.boot.
413. [port] new file: doc/info/solaris.too.
412. [bug] possible div-by-zero in ns_init.c.
411. [port] NeXTstep, UNIXWARE, ISC, AUX changes/additions to top Makefile.
410. [port] POSIX_SIGNALS covers a bit more code now.
409. [bug] CNAME->PTR responses were triggering syslog() unnecessarily.
408. [port] res_send.c's socket() calls were using the wrong arguments.
this was benign but with IPv6 looming, we need to clean it up.
407. [bug] the delayed free() logic (DATUMREFCNT) didn't account for
the possibility of some NULL pointers, in ns_resp.c.
406. [bug] we were walking through purged list items in ns_forw.c.
this caused bad things to happen when glue expired.
405. [bug] "attempted update to auth zone" is no longer a warning.
404. [bug] fp_nquery() is now used everywhere, fp_query() is deprecated.
403. [port] hstrerror()'s result is now declared as const.
402. [bug] a flakey initialization in the resolver has been fixed.
401. [port] removed some junk around getnetbyname(), needs testing on suns.
400. [func] BIND's version number now appears as a comment in zone files
written by named-xfer.
399. [func] older, bogus HINFO RR's will now be fixed up with warnings.
398. [bug] "SOA class not same as zone's" is now a zone load error.
397. [func] all of the syslog() priorities have been lowered.
396. [doc] added doc/misc/{FAQ.1of2,FAQ.2of2,vixie-security.ps}.
368. [port] top level Makefile updates: .depend files aren't shipped;
solaris, linux, dec osf/1, dynix build more cleanly.
367. [port] LOC RR logic has had some lint removed. also named-xfer.c.
366. [contrib] dnswalk 1.8.3 is now included.
365. [security] initial query ID is no longer a fixed constant.
--- 4.9.3-beta17 released ---
364. named/ndc.sh didn't always exit with nonzero on errors.
363. include/arpa/Makefile was installing into //.
362. convex cleanups. osf/1 cleanups.
361. minor nit in sprintf() format string in tools/host.c.
--- 4.9.3-beta16 released ---
360. CRED is long gone.
359. convex systems have getrusage().
358. CPPFLAGS wasn't quite right.
--- 4.9.3-beta15 released ---
357. netdb.h now externs h_errno.
356. fixed odd corner case bug in res_query().
355. no BIND beta is complete without a patch to shres/PROBLEMS.
354. minor addition to the "ndc" command line syntax.
353. "." domain syslog() raised from LOG_DEBUG to LOG_WARNING.
352. minor nit in named-xfer.c.
351. the BSD/* Makefiles were mode 440, are now 444.
350. new (undocumented) make target: "make mkdirs".
349. output format change in tools/host.c.
348. contrib/* updates.
347. CPPFLAGS variable added to the Makefile tree, should quieten some makes.
nextstep, solaris, and svr4 systems have some new build parameters.
346. BOG cleanups and addition of PX RR documentation.
345. more items for RUNSON.
344. several combinations and permutations of compilation options didn't work.
--- 4.9.3-beta14 released ---
343. Type cast fix for #340.
343. Small change to RUNSON.
342. Removed fsync() call, it really wasn't nec'y and was causing trouble.
--- 4.9.3-beta13 released ---
341. Small fix for #331.
340. Inverse queries, if enabled, will be logged if QRYLOG is enabled and on.
339. Nonrecursive servers (-r) will once again sysquery() for missing glue.
338. named/ndc now preserves the user's $PATH.
337. SUNSECURITY is now only on for shres/*.
336. New version of contrib/host has been included.
335. tools/nsquery.c and tools/nstest.c were moved to contrib/old/.
334. Portability changes for HP-UX, Solaris, Linux, SCO UNIX.
333. INVQ (inverse query support) now defaults to "off".
332. Some of the internal hashing logic for syslog() rate limiting was not
accurate (more things were logged than should have been).
--- 4.9.3-beta12-patch2 released ---
331. Default domain in $INCLUDE files is now intuitive (rather than ".").
330. Lame delegations are now only logged for class "IN".
329. Format change to XSTATS output to make it more readable.
328. Bad responses could cause core dumps in DiG, nslookup, etc.
327. The now-requisite change to shres/* was discovered and put in.
326. Portability changes for Linux, SCO, ULTRIX3, NeXT.
325. Bit the bullet and reset all the RCS revision numbers to 8.1==4.9.3.b12.
--- 4.9.3-beta12-patch1 released ---
324. Added some missing pieces to the NSAP and NSAP_PTR handling.
323. Tightened some of the GEN_AXFR code, fixed potential C_HS problem.
322. Fixed minor niggle in the way "dig" parses its arguments.
321. Final(?) tuning of the SunOS shres stuff.
320. Reorganized the SunOS build params in the top level Makefile.
--- 4.9.3-beta12 released ---
319. Fixed DiG so that ". IN NS" was the default if no args are given. (Vixie)
318. Merged the resolver with 4.4BSD's; made a BSD/ subdirectory off the main
tree for easy integration into BSD/OS, FreeBSD, NetBSD, et al; moved the
"master" subdirectory to "conf/master" to cut down on top level clutter.
317. Lots of last minute fiddling to make Beta12 "right". (cast of thousands)
316. Minor byte order bug in BIND_NOTIFY. (Grange)
315. Added code to db_load() to detect "no RR's found" case. (Vixie; Heiney)
314. "Zone declared more than once" test added. (Grange; Vixie)
313. XSTATS interval was changed from "no more than once a minute, and usually
every fifteen minutes" to "no more than once an hour, and usually every
hour". (Gianopoulos; Vixie)
312. Minor stuff in BIND_NOTIFY and the Ultrix and OSF/1 builds. (Heiney)
311. Continuing hacks to LOC RR (experimental) and shres/*. (Davis)
--- 4.9.3-beta11-patch5 released ---
310. Minor BOG patches. (Shapiro)
309. Minor LOC RR lint. (Heiney; Truck)
308. Minor STUBS changes in ns_req.c. (Andrews)
307. Ultrix and OSF/1 now install "man" (not "cat") pages. AIX now installs
*.[0-9] rather than *.0 pages. (Vixie, et al)
306. conf/Info.* moved to new directory doc/info/*. (Vixie)
305. NOTIFY could cause multiple simultaneous axfr's. (Andrews; Vixie)
--- 4.9.3-beta11-patch4 released ---
304. Minor fixes to PURGE_ZONE, CLEANCACHE, RETURNSOA, and dig. (Mark Andrews)
303. LOC RR support is now in. (Chris Davis; Vixie)
302. General portability stuff (with ISC leanings). (Mark Galbraith)
301. Minor DiG portability fix. (Dima Volodin)
300. Yet more HINFO fixes. (Gianopoulos)
299. Really minor patch to tools/nstest.c, plus AIX fixes. (David Bolen)
298. More shres/* fixes. (Davis; Woods)
297. Minor SCO fixups. (Eduard Vopicka)
296. Fixed #include <signal.h> problem in db_glue.c. (cast of thousands)
295. Minor goofs in the sources. (Grange; Gianopoulos)
294. Minor patch to the BOG (font problem). (Shapiro; Vixie)
--- 4.9.3-beta11-patch3 released ---
293. Minor #ifdef screwup corrected. (Mohamed Ellozy)
292. Small HP-UX portability change. (Truck)
291. Minor BOG correction. (Harlan Stenn)
290. PX RR support. (Pierluigi Bonetti)
289. Made random refresh interval a little more robust. (Miller; Vixie)
288. Minor portability changes for DEC OSF/1. (Bob Heiney)
287. We now do a setvbuf() on outbound AXFR streams since the system's
default size causes more write()'s (and therefore TCP segments)
than we really want. (Paul Mockapetris' idea; Paul Vixie's code.)
286. Recast all uses of abort() to call private function panic(). This was
nec'y since we use the ABRT (IOT) signal to force a statistics dump, and
having it dump statistics inside of abort() was a bad thing.
(Mark Andrews noticed the problem; Paul Vixie fixed it.)
285. Minor change to top-level Makefile for OSF/1 man pages. (Shapiro)
284. Minor change to HINFO stuff. (Gianopoulos)
283. Minor changes to XSTATS #ifdef's. (Benoit Grange)
282. Minor change to top-level Makefile for ULTRIX/VAX. (William Gianopoulos)
--- 4.9.3-beta11-patch2 released ---
281. Another batch of (minor) HINFO changes. (William Gianopoulos)
280. Minor formatting changes to keep ctags happy. (Craig Leres)
279. Minor changes to OPTIONS. (Mark Seiden)
278. New option XSTATS (default "on" for now). (Benoit Grange)
277. res_mkquery() wasn't calling res_init(). (Philip Gladstone)
276. Minor cleanup to shres/INSTALL. (Chris Davis)
275. We now set a SO_LINGER on outbound zone transfers. (Peter Wemm; Vixie)
274. Minor portability fix for VAX Ultrix. (Stan Barber)
273. Fixed two time warp problems. (Bob Heiney; Paul Vixie)
272. Named-xfer will now log and error and abort if it encounters an RR type
it doesn't recognize. (Mark Andrews; Paul Vixie)
271. Minor cleanups to the HINFO comparison code in db_update. (Bryan Beecher)
270. Made CLEANCACHE less of a CPU hog. (Benoit Grange; Mark Andrews)
269. Add even more branches to the cred/clev decision tree, to make it more
robust about borderline data at zone cuts. (Jack McCann; Mark Andrews)
268. New option (default: "on" for now): PURGE_ZONE. (Mark Andrews)
267. Added contrib/misc/{soa-easy,dnsfind}.shar. I will not be including
this in the b11p2 diffs, though it will be in the next full kit.
(Tim Cook)
266. I finally broke down and made a recommendation in the BOG with respect to
"nameserver 127.0.0.1". (Greg Woods supplied the patch)
265. Minor portability stuff for SunOS. (Greg Woods)
--- 4.9.3-beta11-patch1 released ---
264. 900-second check removed; TTL==0 should work now. (Mark Andrews)
263. Minor db_save() patch for initializing memory. (Bryan Beecher)
262. Minor ESIX (SVR4.0.4/gcc) changes. (John Polstra)
261. Minor dig-related patch to res_send.c. (Mark Andrews)
260. Minor line number fix for ns_init(). (Havard Eidnes)
259. NetBSD shared library stuff is now in contrib/misc/netbsd-shlib.shar.
(Matt Ragan)
258. NeXT portability changes. (Allan Nathanson)
257. Minor HP-UX portability stuff. (Lewis; Corrigan)
256. Two medium sized bugs in BIND_NOTIFY. (Don "Truck" Lewis)
255. Minor lint in ns_req.c. (Mark Andrews)
254. Minor ndc.sh build problem. (Michael Corrigan)
253. Minor coding inconsistency in res/res_comp.c. (Jeff Schreiber; Vixie)
252. Minor BOG addition (SIGIOT). (Bryan Knowles)
--- 4.9.3-beta11 released ---
251. If a master zone's serial number goes backwards, named now logs a
warning. (Mark Andrews)
250. Minor portability nit in ns_forw(). (Simon Leinen)
249. Another portability problem fixed in ndc.sh. (Corrigan)
248. Declaration problem with findZonePri() fixed. (Corrigan)
247. References to CNAMES from MX/NS/MB will now be explicitly logged. (Vixie)
246. Made the BIND_NOTIFY logic more robust; it still does not match the
current I-D (no delays yet). (Vixie)
245. Fixed a writable-string problem. Added a lot of ANSI "const"'s. (Vixie)
--- 4.9.3-beta10-patch1 released ---
244. Added shres/PROBLEMS file. (Chris Davis)
243. Corrected the BOG on the meaning of ".". (Doug Luce, Paul Vixie)
242. SOA's can now be stored in $INCLUDE files. (John Lind)
241. Rejection of 0.0.0.0 had a potential seg fault. (Mark Andrews)
240. NoRecurse wasn't preventing queries for missing glue. (Mark Andrews)
239. WKS nonaggregation test had bad length. (Ed Clarke, Chris Britton)
238. NeXT library problem worked around. (Greg Wohletz)
237. Core dump fixed in the dprintf() macro. (Eric Murray)
236. MBZ fields in new queries were actually stack trash. (Olson, Vixie)
235. Adds and changes to contrib/:
Added contrib/misc/dnstools.shar, from alt.sources. (Eric Murray)
Added contrib/misc/settransfer.shar (nonrecommended). (Tom Brisco)
Updated contrib/host/* with latest public version. (Eric Wassenaar)
Updated contrib/host/makezones with latest pub. version. (Philip Hazel)
234. Made the "ps" command needed by ndc.sh a configurable parameter.
--- 4.9.3-beta10 released ---
233. Added and reordered a lot of code in ns_resp() to cause it to be
slighly harder to spoof with bad packets. More work needs to be done,
so that named will be as spoof-proof as the resolver has become. (Vixie.)
232. Added new RR types to include/arpa/nameser.h, per RFC 1700. (Vixie)
231. New "ndc" command. (Vixie)
230. The VALIDATE option is now formally deprecated. It has bugs its detection
of invalid responses, and is known to mutilate perfectly valid CNAME
responses, to the detriment of clients. This code will likely be deleted
in the next BIND release, to be replaced by an ``always restart query''
strategy. (Vixie)
229. Moved a syslog() so that primary as well as secondary loads are logged.
228. Resolver functions now reliably set h_errno. (Vixie, Wassenaar)
227. Expired zones now lose their cached serial number information, giving
an opportunity to refresh a zone after a serial number goes backward.
(Andrews)
226. Sun386i support crept in on little cat feet. (Brownlee)
225. UDP packets could be overstuffed by 12 bytes. (Reilly, Vixie)
224. failing connect()'s in named-xfer will no longer be logged. (Andrews)
223. merged IETF stream (Vixie):
a. made ALLOW_UPDATES even more optional (it will disappear soon);
b. added NOTIFY option (experimental);
c. cleaned up some comments;
d. removed T_SA (was experimental, replaced by ROUND_ROBIN);
e. made named/Makefile's default CFLAGS -g (it usually inherits -O);
f. random code cleanup;
g. some internal errors are now fatal instead of warnings.
these changes were brought in once it became clear that there would be
another Beta of 4.9.3.
222. tools/Makefile was using "make" instead of "${MAKE}". (Day)
221. yet another bug was found and fixed in the SUNSECURITY code. (Brown)
220. a variable reuse problem in the SUNSECURITY syslog()'s in gethnamaddr.c
was fixed. (Wohletz, Wemm, Vixie)
219. "stub" root zones now affect the hint cache (STUBS is experimental).
in this situation it is reasonable to not have a "cache" directive,
and some code was reordered to make this possible. (Andrews)
218. contrib/umich/lame-delegation/LISA-VI-paper.ps is now a proper
PostScript(tm) file. (Davis)
217. syslog() cleanups in named-xfer.c. (Vixie, Barrett)
216. shres/Makefile now forces -O. (Braniss, Ray)
215. New contrib/misc/ctldns.sh. (Bush)
214. New contrib/misc/dns-peers.info. (Wolfhugel)
213. BOG and named(8) fixes. (Paffrath, Vixie, Hawkinson)
212. database input errors will no longer cause the following line to
be ignored. (Gianopoulos)
211. the TXT RR fixes done so far in 4.9.3 have been backed out; we're
back to the 4.9.2 behaviour. (Gianopoulos)
210. the authority section will no longer duplicate the answer section
if both would contain the same NS RR set. (Vixie)
--- 4.9.3-beta9-patch1 released ---
209. installed marka's patch to CRED that fixes BETA9's flaw.
208. added comment to README about -l44bsd and inet_aton().
207. new directory: contrib/multizdb. highly nonrecommended.
206. small NextStep change in Makefile.
--- 4.9.3-beta9 released ---
205. minor Makefile fix after beta9 was previewed on bind-workers; also, a
new file conf/Info.Linux-more has been included.
204. BOG fixes.
203. netlists elements are now
{ addr [ "&" mask ] }
which for the EBNF-impaired, means that "&" introduces an explicit mask.
implicit masks are either by-class or 0xffffffff, depending on ALLOW_HOSTS
in the call to get_netlist().
202. name compression is now case-insensitive.
201. duplicate RRDATA won't trigger the new "auth warning" in db_update().
--- 4.9.3-beta8-patch2 released ---
200. added a haveComplained() to limit auth warnings.
199. fixed idiotic code reordering from patch1.
--- 4.9.3-beta8-patch1 released ---
198. a bad-string-termination bug was fixed in getnetanswer().
197. an uninitialized-variable bug was fixed in db_update().
--- 4.9.3-beta8 released ---
196. Several minor corrections were made to the BOG.
195. "clev" now distinguishes between root and TLD (wasn't worth a darn before)
194. empty nodes in authority zones are now protected from non-auth updates.
(most of db_update() was rewritten to fix/support this.)
193. negative cache items weren't updated before, now they are.
192. zone updates from answers were prevented for new types but not if some
rr already existed with that type. fixed. also syslogged.
191. the cache now distinguishes between authoritative answers and zone rr's.
190. negative cache items are now marked appropriately authoritative.
189. CRED is no longer optional.
188. Another enhancement has been made to HINFO parsing. Named-xfer now
accepts RFC-bogus input formats generated by previous versions of BIND.
187. SUNSECURITY now forces RES_DEFNAMES on so that relative "localhost" works.
186. Minor portability fixes for DEC OSF/1, HP-UX.
--- 4.9.3-beta7-patch2 released ---
186. i forgot to comment out template Linux lines in top Makefile. fixed.
185. "bogusns" directive significantly strengthened, for IN-ADDR.ARPA problem.
also fixed a bug in hardcoded root server lame detection.
--- 4.9.3-beta7-patch1 released ---
184. Yet another ULTRIX incompatibility has been worked around.
183. Bogus HINFO RR's will no longer cause corrupt secondary zone files.
182. NeXT support is now complete. Builds right out of the box.
181. Updated TODO file.
180. Added new INSTALL file.
179. Minor doc fix in OPTIONS file.
178. Security-related bug fix to new sunos shres/* stuff.
177. Limited Linux portability was added.
176. Trailing dots on zone names in named.boot are now ignored.
175. Random lint was removed.
174. DiG changes: increment version number (2.1), allow default domain (.).
--- 4.9.3-beta7 released ---
173. named-xfer would act strangely if trailing dot domains given as arguments.
172. setenv() now provided on systems that need it (NeXTStep, e.g.).
171. doc changes for shres/*.
170. fixed debugging output problem in ns_req.c.
169. fixed portability "bugs" on ultrix systems (some tools wouldn't link).
168. minor functionality change in named/ns_validate.c.
167. minor lint in res/res_comp.c.
166. minor change to contrib/doc-2.0/*.
--- 4.9.3-beta6 released ---
165. another small adjustment to the Apollo section of the Makefile.
164. a completely new shres/* was submitted; contrib/sunlibc is deprecated.
163. INVQ is back on again by default. See README.
162. another set of patches for obscure corner cases in the HINFO parser.
161. added new SUNOS4 macro to Makefile and conf/portability.h; this should
fix the trouble folks were having with strerror() on SunOS 4.X systems.
160. minor Makefile changes.
159. processes which send outbound zone transfers now close all inherited
descriptors, since they can be longer-lived than the main named.
--- 4.9.3-beta5 released ---
158. various lint involving options which are rarely defined.
157. sunos needed -DBSD=43 rather than -DBSD.
156. minor memory leak fixed in ns_req.c.
155. some install directories for DGUX were wrong.
--- 4.9.3-beta4 released ---
154. a new man/* hierarchy was installed which should be more portable.
153. a new contrib/host has been included.
152. a parsing problem in HINFO was fixed.
151. a few minor changes to contrib/sunlibc/Makefile.
150. typo in res_send.c fixed.
149. fine tuning the credibility-level heuristics.
148. dn_expand() will fail on names which have bad characters in them.
147. disappearing zones could cause a core dump in syslog() - fixed.
146. text of warnings in named-xfer corrected.
145. limited DGUX, RISCOS support added.
144. contrib/sunlibc/Makefile MFLAGS/MARGS problem fixed.
143. another SunOS recv() bug has been worked around.
142. various BOG fixes.
141. updated master/root.cache file from latest InterNIC version.
140. Added ``max-fetch'' to named(8).
139. NOT_BIND problem in named/tree.c fixed.
138. minor lint, memory leaks, and portability problems were fixed.
--- 4.9.3-beta3 released ---
137. some serious (and recently) dynamic memory bugs were killed.
136. a reference to uninitialized data was fixed in res_query().
135. a RES_STAYOPEN-related bug was fixed in res_send().
134. isascii() and isxdigit() now simulated on systems which lack them.
133. named's local setproctitle() has been renamed to avoid system conflicts.
132. minor bugfix to negative caching code.
131. minor bugfix in validation code.
130. the typestats[] multiple definition problem was fixed.
129. some Sequent portability changes were folded in.
128. a new contrib/sunlibc was donated, but hasn't been tested.
127. minor changes to contrib/sunlibc/Info.*. is anybody using shres/*, tho?
126. STDIN_FILENO and STDOUT_FILENO are now defined by conf/portability.h.
125. there is now a ``max-fetch'' directive in the boot file (see the BOG).
124. there is now a RENICE option in conf/options.h.
123. the toplevel Makefile has been made slightly more readable.
122. <<DELETED>>
121. minor fixups in the lame delegation code.
--- 4.9.3-beta2 released ---
120. I upgraded my "-me" macros so that the included doc/bog/file.psf is OK.
119. NXDOMAIN responses from the negative cache will now always be
authoritative. this is the least of all evils, trust me.
118. strcasecmp() in compat/lib is now ANSI compliant.
117. PTR RR's are no longer subject to ROUND_ROBIN processing.
116. writev() emulation for SCO had a bug.
115. the resolver no longer calls sscanf() or qsort().
114. minor debugging nit cleaned up in res_querydomain().
113. IP options on incoming connections are now logged and ignored. This
should probably be done for datagrams as well but not today.
112. tree.c made portable to non-POSIX/ANSI systems.
111. NSAP RR's are now supported. NSAP_PTR RR's are deprecated and so left out.
110. outbound zone transfers are now logged.
109. various lint cleaned up wrt 16-bit integer handling.
108. named-xfer was exiting bogusly on some systems due to flakey kernel
interfaces. i've rewritten some of the code to avoid the problem,
and fixed plenty of lint in the process.
--- 4.9.3-beta1 released ---
107. Apollo systems were dumping core because of a missing #include <resolv.h>.
106. NSAP and NSAP_PTR RR's now recognized by res_debug() (but nothing else).
105. NeXTstep 2.1/3.0 and Pyramid dcosx now nominally supported.
104. res_querydomain() was doing Bad things if given an empty name.
--- 4.9.3.a5.p4 published ---
103. named-xfer's exit cause is now syslog()'d more often/clearly (Paul Vixie).
102. I left out a ";" in the new compat/lib/ftruncate.c file (Craig Leres).
101. X25, ISDN, and RT RR support have been added (Michael A. Meiszl).
--- 4.9.3.a5.p3 published ---
100. Another glitch (very minor this time) was found and fixed in the
QSERIAL logic. This was a performance problem only -- reliability
wasn't affected (Bob Heiney).
99. SCO UNIX is now supported, thanks in part to Michael A. Meiszl.
98. I witlessly used a GCC-only feature (automatic aggregate initialization)
in a5p2. Kazuhisa Shimizu was the first to report it.
--- 4.9.3.a5.p2 published ---
97. NEC EWS4800 EWS-UX/V Rel4.0/Rel4.2 support (from Kazuhisa Shimizu).
96. Some of the security checking logic in the new res/gethnamaddr.c's
getanswer() was happening in the wrong order (thanks, Bob Heiney).
95. Minor typo in the man/host.1 man page (caught by Robert Elz).
94. DiG was groping core if given more than 10 tokens in a lookup string
(Michael J. Corrigan provided the fix).
93. Queries to INADDR_ANY ("0.0.0.0") come back from the system's primary
interface, and res_send() was discarding them. A proper fix would add
a lot of code to the resolver, so for now we'll just work around it
(Michael J. Corrigan reported this).
92. The "data outside zone" syslog message was misleading (Bob Heiney).
--- 4.9.3.a5.p1 published ---
91. res/gethnamaddr.c wouldn't compile on non-BSD systems since it depended
on LOG_AUTH which is a post-4.3 feature (Bob Heiney reported this).
****** 4.9.3-alpha5 released ******
90. redid most of my previous round of prototyping now that i truly
understand which variables and parameters should be u_char and which
ones should be char. (Vixie)
89. added (optional) prototypes for _getshort() and _getlong(); this means
the calls all need casts of their argument since it usually isn't a
u_char*. Also prototyped res_query(), res_search, and the nominally
private but for some reason not static res_querydomain(). (Vixie)
88. security related: responses from servers we didn't query are now ignored
by the resolver; answers with QDCOUNT!=1 are treated as errors; name
mismatches in the question or any part of the answer field are syslog()'d
and ignored. (Vixie)
87. fixed a bug in the SUNSECURITY stuff. (Vixie)
86. a long standing bug in the name hashing code that caused it to ``hash in''
the case of the name's characters, was found and fixed. (twice.) (Vixie)
85. Bob Heiney did some performance analysis and concluded that samedomain()
was soaking down cycles at a rate disproportionate to its usefulness; he
reimplemented it in a way that violated the (good,fast,cheap) rule.
84. the RFC1101 implementation of getnetby*() was using case-sensitive
string compares.
83. fp_query() will no longer try to format packets larger than PACKETSZ,
and for perversity, dig and named are now prepared to handle replies
(via TCP) larger than PACKETSZ. new function: __fp_nquery(). (Vixie)
82. multiline initial syslog() is fixed (Bill G).
81. Don Lewis sent in a big update for the lame delegation logic. Vixie fixed
one bug. Bryan Beecher had a big hand in this.
80. TCP replies can now be up to 8K in size (don walsh).
79. validation bug fixed (don lewis).
78. BOG patches from mike minnich and others.
77. more lint fixes for Cray (norb brotz).
76. a new hostname(7) man page was contributed by Art Harkin.
75. DESTINC is now a settable Makefile parameter (Marion Hakanson).
74. the zones-not-transferring bug is finally gone.
73. now using LOG_PERROR in openlog(); many parallel dprintf()'s are gone.
72. inability to retrieve serial number via UDP now forces TCP transfer.
71. removing secondary zone files and SIGHUP'ing will now force a transfer.
70. "cache" directives can now specify "/class" as documented in the BOG.
69. Mark Andrews' fix for the ns_forw core dump is in.
68. Keith Bostic fixed some typo's in the man pages.
67. Compiling without NCACHE is possible now (John Hanley).
66. Bill Gianopoulos and Alan Barrett finally agreed on what glue was and
Bill's alpha4 patch is mostly gone now, and one new idea was added.
65. BOG improvements (Vixie, Brooks).
64. Mark Andrews' CLEANCACHE (recommended) and RETURNSOA (__NOT__ recommended!)
are in. RETURNSOA should not be enabled at this time; there's nothing
wrong with the code but it will cause cache corruption in older servers
and may not be necessary. The jury is still out.
63. outbound zone transfers are now logged (requested by Ron Johnson).
62. serial number queries sent out for zone transfer purposes will now be
limited to a maximum of four (4) simultaneous outstanding; this keeps
BIND from overflowing its UDP socket buffer when hundreds of zones must
be checked (still trying to fix Paul Pomes' problem).
61. short A RR's in responses will no longer lead to purify errors due to short
malloc()'s in savedata() (thanks to Nicholas Briggs for reporting this).
****** 4.9.3-alpha4 released ******
60. manifest constants used instead of "sizeof({u_,}int{16,32}_t)", for
systems which lack 16- and 32-bit integers (paul vixie for norm brotz).
59. zone transfer anti-glue logic made RFC1034-compliant (bill gianopoulos).
58. seg fault in sysquery() (from LAME_DELEGATION) fixed (mark andrews).
****** 4.9.3-alpha3 released ******
57. a big, hefty patch was made to the negative caching logic (mark andrews).
56. named-xfer will no longer scramble the default origin (alan barrett).
55. random bits of lint found and removed (mario guerra).
54. convexos-10 is now supported (jukka ukkonen).
53. seg fault in database dumps (from VALIDATE) fixed (don lewis).
52. problem with extra bogus 0.0.0.0 A RR's from VALIDATE fixed (mark andrews).
51. the LAME_DELEGATION logic once written into 4.8.3 by don lewis has
been substantially reworked and put into 4.9.3-alpha3 (bryan beecher).
50. all instances of "sizeof(HEADER)" were changed to "HFIXEDSZ" to make
life easier for the cray. also, "struct HEADER" in include/arpa/nameser.h
uses just bit fields now, for portability to 64-bit systems without
16-bit integer types. (norb brotz suggested it; paul vixie did it).
49. build changes for NeXT and AIX systems (artur romao; c. wolfhugel).
48. random sunshlib changes (piete brooks).
47. minor fixes for solaris build (carson gaspar; paul pomes).
48. a few bugs were wrung out of the BOG (per hedeland; vixie).
****** 4.9.3-alpha2 released ******
47. several obscure Makefile problems were fixed (vixie).
46. there is now a per-primary-NS quota for simultaneous zone transfers; this
will cut down on the retry thrashing seen on servers that are secondary for
thousands of zones (vixie).
45. a bug introduced by change #23 has been fixed (marten terpstra; apb).
44. the "data outside zone" messages are now consistent (piete brooks; vixie).
43. several #include's were reordered in res/*.c and a few #ifdef's were
changed; BIND should now run OK on DGUX (henry miller).
42. several changes to the conf/options.h and Makefile (vixie):
-> SVR4 has been added as a top-level Makefile CDEFS option
-> SYSV has moved from conf/options.h to the top level Makefile
-> INVQ is now an "#ifdef" rather than a "#if"
41. resolver no longer uses initialized static data, which should make shared
libraries easier to generate (vixie did it, at the urging of many others).
40. now compiles on Apollo DomainOS (don lewis).
****** 4.9.3-alpha1 released ******
39. lots of lint found and fixed (craig leres).
38. illegal enum compare fixed in named/ns_stats.c (vixie).
37. missing ')' added in SUNSECURITY section of res/gethnamaddr.c (h miller).
****** 4.9.3-prealpha released ******
36. ***REMOVED***
35. various bugs were fixed in the negative caching (vixie; mark andrews).
34. several debugging and dump output problems were fixed (mark andrews).
33. TXT RR's can now be read from zone files even if they lack quotes;
the RFC doesn't say quotes are needed (jim martin).
32. limited support for AIX-3 is now included (christoph wolfhugel).
31. SUNSECURITY is now an obvious default in ./Makefile (p killey; b beecher).
30. VC queries that time out are now GC'd and SERVFAIL'd (mark andrews).
29. HP-UX 9.0's top-level makefile variables have been changed (don lewis).
28. various fixes for tools/host.c (jim martin; mark andrews).
27. syslog messages logged by SUNSECURITY will now include the address of
the host that's having problems (david morrison).
26. systems whose connect() calls fail if a socket is already connect()'d
will now have their sockets closed and recreated in res_send() (piete
brooks; mark andrews; vixie).
25. res_send() will now corrected reset its "connected" variable when the
connectedness of a socket changes (mark andrews).
24. SERVFAIL responses will no longer terminate the res_search() inner loop,
thus catastrophic problems with early search elements will no longer
prevent res_search() from trying later search elements (bryan beecher;vix).
23. non-NS RR's for delegated subzones will no longer be accepted in a zone
transfer (alan p barrett).
22. the setting for _PATH_PIDFILE is now overridden by the Makefile (l hume).
21. named.restart.sh now has a smaller path with %DESTSBIN% first therein;
this should prevent the vendor version of named from being exec'd by
accident (leigh hume).
20. big change: statistics are now kept "per name server" rather than as
a single global array. the /var/tmp/named.stats file format has changed
quite a bit, so older awk/perl scripts are likely to stop working.
19. big change: every RR now keeps a pointer to a "nameser" struct; this
currently permits SIGINT-initiated dumps to include the address of all
non-zone data, which will help with tracking down corrupt data.
18. db_load.c was missing two #ifdef/#endif's for CRED (mike minnich).
17. don't aggregate SOA or WKS RR's in the cache (vixie).
16. minor cosmetic changes (vixie).
15. fixed typo in compat/Makefile ("LIBDIR" -> "DESTDIR") (rob davies).
14. fixed spurious "accept: interrupted system calls" (vixie).
13. named will now start as many named-xfer's as it should; previously it
lost track of the need for transfers at the beginning of each maint
cycle. also, we don't bother asking for an SOA if we know that our
zone is out of date. i've changed the transfer metrics so that more
transfers can happen concurrently, and maint cycles come more often.
(andrew partan; vixie).
12. a number of LOG_ERR and LOG_CRIT syslogs were downgraded to LOG_NOTICE
(rob davies; vixie).
11. sequence number checking now treats "zero" as a special case.
(craig leres; andrew partan; vixie).
10. MFLAGS no longer used explicitly, since it is often used implicitly
(mark andrews; vixie).
9. ADDAUTH is no longer considered experimental (tony stoneley; vixie).
8. several obscure type bugs fixed (don lewis).
7. signal handlers all now preserve errno (don lewis).
6. TTL deprecation made more portable (don lewis).
5. now compiles on Apollo DomainOS and is generally more POSIX-ish (don lewis).
4. bryan beecher's "query" tool has been promoted to tools/ and renamed to
dnsquery. minor changes were required in several Makefiles (vixie).
3. "make links" at the top level will now make a higher resolution link tree,
which makes porting easier on some systems (ian dickinson).
2. Convex feof() bug now has a workaround (jukka ukkonen).
1. gethostby*() will no longer overwrite its fixed-size array if a host with
too many addresses is handled (reported by piete brooks, fixed by vixie).
-------------------------------------- 4.9.3 above, 4.9.2 below
4.9.2 ------------------ FINAL ----------------- Paul Vixie
57. updated TODO, README files.
56. fix to contrib/sunlibc/Makefile.
55. several new items in contrib/.
54. Corrected bad command line parsing bug in tools/dig.c; also added the
old query timing code back in (thanks to Havard Eidnes).
53. Ported contrib/decwrl/host.c to the modern interfaces.
4.9.2 ------------------ BETA5 ----------------- Paul Vixie
52. A number of optimizations that fell out of negative caching and/or the
validation code have been turned off in order to avoid confusing older
nameservers and their unfortunate assumptions about co-invariants.
Mark Andrews and Robert Elz were the principle debuggers and contributors
to this part of the effort.
51. We're now much more portable to systems without Posix or BSD signals,
thanks to Bill Wisner.
50. tools/host.c now has more reasonable error messages and can deal with
negative caching servers.
49. Lots of Makefile gaffes are now fixed.
48. New "host" in contrib/host/, complements of Eric Wassenaar.
47. AFSDB support is now complete, thanks to Chris Everhart.
46. The bug whereby named would sporadically return NXDOMAIN when it should
have sent back a referral has been fixed.
4.9.2 ------------------ BETA3, BETA4 ----------------- Paul Vixie
45. Robert Elz has provided updated LOCALDOMAIN environment variable
processing, making it more like resolv.conf's "search" than "domain".
In the spirit of this I have added a RES_OPTIONS environment variable
and a corresponding "options" keyword to resolv.conf. All of this is
documented in the man pages and in the BOG. Robert has also contributed
several bug fixes to the validation and negative caching code.
4.9.2 ------------------ ALPHA ----------------- Paul Vixie
44. BETA1, BETA2, and three patches to BETA2 have all come and gone without
itemized descriptions in this file. I'll provide the RCS history on the
code to anyone who asks, but basically what's been happening is that some
core dumps were fixed, others added, then those were fixed too. Meanwhile
RFC 1535 has been published, codifying CERT's concerns and our answer to
them. BIND is now RFC 1535 compatible. RFC's 1535, 1536, and 1537 are
now included in the doc/ directory. Note that Mark Andrews supplied many
of the fixes to the core dumps, some of which were introduced by me and
some by ISI's negative caching and/or validation code.
43. patch05 to ALPHA2 (930908) released: this includes new DNSRCH logic to
correct a serious problem that CERT called me with today. the change is
subtle and will have the effect that names which could match either as
fully qualified names or partially qualified names using the local search
list will be found as fully qualified. previous releases would have found
them first through the local search list. local search lists are a bad
idea in my opinion; see new SEARCH_DEFAULT option in OPTIONS file for more
information. also in this release: limited Solaris support, in the form
of POSIX-style signal handling used on systems which support (or require)
it. as of this patch, 4.9.2 has a good chance of compiling out of the box
on Solaris, modulo makefile edits. dig and host should be more portable
now, too.
42. patch04 to ALPHA2 (930908) released: this corrects several borderline
syntax errors in various Makefiles (Sun and Ultrix makes complained);
it corrects a coredump on Ultrix systems (which aren't really as POSIX
as i thought they were); it lets dig and nslookup compile again on SunOS;
and it cleans up some dirty junk in named-xfer.c. this stuff is really
really minor but i would like to see it tested on a Sun system before the
beta.
41. patch03 to ALPHA2 (930908) released: this uses compat/include by default
which is helpful on BSD/386 systems and shouldn't hurt any others except
perhaps real 4.4BSD systems (and maybe not even those); it removes Bryan
Beecher's SHUFFLE_ADDRS option since he and I agree that Marshall Rose's
ROUND_ROBIN stuff is more general and cleaner; it includes various patches
to the documentation sent in by several folks (please print the BOG and
let me know if you find problems in it); it fixes "make depend" problem
in "man/" subdirectory; it fixes several outright bugs in Gregory Shapiro's
SECURE_ZONES code; it removes an obscure syslog() that should have been a
dprintf() ("validate_count -> 0"); it fixes a bug in NCACHE whereby a T_ANY
query for a name which was negatively cached but had children would return
_answers_ with the T_ANY type for subsequent queries; several newer syslog
messages were reworded to make them clearer; a portability bug in the
SUNSECURITY logic was fixed; another in the RFC1101 logic was fixed;
support for the PAGER environment variable was added to nslookup (sorry,
i know we're in functional freeze but this will enable development in the
next cycle and it was pretty simple) and only affects the "view" and "help"
commands.
40. patch02 to ALPHA2 (930908) released; this includes more fixed from Mark
Andrews, this time to Anant's NCACHE stuff (memory leak and functional
bug). Also included is a patch from Gregory Neil Shapiro to his SECURE_
ZONES code, which I hadn't noticed since I don't run it here.
39. patch01 to ALPHA2 (930908) released; this includes some fixes from Mark
Andrews to his "clev" and ADDAUTH stuff. The "clev" patch fixes a problem
on all servers; the ADDAUTH stuff is still experimental so most users will
not be affected by it. Dave Morrison also sent a patch for the USE_UTIME
logic, which is important for ULTRIX systems.
38. 4.9.2-ALPHA2 released on 930908.
37. Mark Andrews sent an initial attempt at implementing ADDAUTH, which will
eventually allow named to include authority and glue RR's with all
authoritative answers. I am not sure that the design goal is right, and
the implementation currently sends back glue RR's but no authority RR's,
so I'm recommending against using this for now. But since it changes some
internal interfaces in a harmless enough way, I'm including the changes.
36. Marshall Rose's ROUND_ROBIN code snuck in at the last hour. This is the
best answer I've seen to the problems purported to be solved by SA RR's,
and my wording in the OPTIONS file shows this.
35. These items from TODO is now done:
[vixie@pa.dec.com 25apr93]: clean up debugging
replace all "#ifdef DEBUG...fprintf(...)...#endif" with dprintf(...)
which would be a macro that only expands to an fprintf() if DEBUG is
set. dprintf(x, (args)) with x as the log level. perhaps change log
levels to be symbolic, and perhaps make them a mask instead of a limit.
[vixie@pa.dec.com 25apr93]: clean up #ifdef's and portability
add and use function prototypes. make everything static that can be.
externs should only be in .h files (add more .h files, per module if
needed, to cover these). add "export" keyword (null define) to make
it clear which names are exported and which are static. all top-blevel
names in a module must be "export" or "static".
[gshapiro@guest.wpi.edu and vixie@pa.dec.com 26apr93]: access control
"xfrnets" is ok but what we really need is full access control per
zone rather than a global list of acceptable client nets. this is
especially important if you send /etc/passwd via zone transfer.
[postel@isi.edu anant@isi.edu jaffe@noc.rutgers.edu
28apr93]: negative caching
Paul:
We'ed like to have included in 4.9.1
our implemention for negative caching.
--jon & Anant.
[vixie@pa.dec.com 16may93]: inet_addr needs to die
to be replaced by calls to inet_aton, which doesn't confuse the
broadcast address with bad addresses.
[Paul: I know you said that you'd like to wait for the IETF DNS WG to
"bless" an official load balancing scheme, but I'll be adding my
shuffle A records to BIND 4.9 for use here at U-M anyhow. The code
mods to existing source files are minimal since the bulk of the work
is done in a separate .c I added. If you don't want SA records to
move into 4.9.1 unless they become official, please just toss this
first entry. --bryan@umich.edu]
[bryan@umich.edu 25apr93]: add "shuffle A" records
There are several schemes for adding some kind of load balancing
capability to the DNS. Our "Shuffle Address" (SA) records are one
stab at this, and since they're in use at U-M, I need to add them
so we can use BIND 4.9 here.
[bryan@umich.edu 25apr93]: add AFSDB records
AFSDB records were proposed in RFC xxxx. We use them here at the
University of Michigan, so I need to add them for our copy of
BIND 4.9.
[bryan@umich.edu 25apr93]: small fix to resolver's p_cdname()
The current copy of p_cdname() in the resolver does not work
for query responses larger than 512 bytes (which can happen when
using TCP). A very small modification changes the "sanity check"
argument (the second one) to dn_expand() from "msg + 512" to
"cp + MAXCDNAME". (This showed up very recently.)
34. While waiting for some last minute changes from volunteers, I looked
at my work queue and saw that asp@uunet.uu.net had asked a while ago
that named not fork/exec a named-xfer unless it had already determined
that the serial number was out of date. This is important to sites like
UUNET and DECWRL, which have thousands of "secondary" lines in their
named.boot and can take hours to check all the serial numbers at boot
time if named forks/execs named-xfer and lets named-xfer compare the
serial numbers, rather than comparing them in named and only fork/exec'ing
a named-xfer if it's actually neccessary to do a transfer. In spite of
C's lack of threads, this only took a few hours to do. So it's in.
33. Gregory Shapiro's "secure_zone" changes are in. See the BOG.
32. Internals changes: STATS is no longer optional; ns_req() has been split
into three functions for readability. Convex systems are now supported.
You can now define LOG_FAC in conf/options.h if you want to syslog as
LOG_LOCAL1 or some other non-LOG_DAEMON value. The mkstemp() problem on
ULTRIX has been fixed. More dead code has been eliminated.
31. Large TCP queries are now printable in debug mode (which is used by
"dig" and "nslookup"), thanks to a patch and a lot of patient explain-
ations from Bryan Beecher.
30. Data from subdomains ("deeper zones") is now considered more credible
than data from parent zones, if both are authoritative. This permits
a subdomain's data to differ from its parents delegation information
and have the most-local information supercede the least-local. Mark
Andrews <marka@syd.dms.csiro.au> sent this in, and it is nonoptional.
29. rossc@ucc.su.oz.au's SUNSECURITY patch is now included, along with
marka@syd.dms.csiro.au's performance improvement to it. Note that
I am violating my own policies by including this, since it came
without a corresponding patch to OPTIONS, conf/options.h, and the BOG.
28. Interfaces with multiple addresses were not being handled properly.
This is an issue for 4.3-Reno and later BSD systems, including BNR2
("Net-2") and 4.4BSD. Multiple addresses are not properly handled
as if they were all aliases for the localhost.
27. Jukka Ukkonen <ukkonen@csc.fi> sent me some patches for the Convex,
which I've put it but cannot test.
26. sob@tmc.edu (Stan Barber) sent me new versions of contrib/host/host.c
and contrib/host/send.c, which I have installed but not tested. I am
still waiting for someone to update the version in tools/host.c, which
is going to be a lot more work. Contact me via e-mail if you want to
help.
25. My credibility stuff from the original 4.9 (and before that, KJB)
was operating under a ``scorched earth'' policy due to a brain fault
on my part when I wrote the code originally. Tim.Goodwin@pipex.net
discovered this and sent in a patch. Note that throwing out glue is
generally OK since glue is generally NOT OK, but disposing of it after
~20 references is a lot better than disposing of it after 1 reference.
24. NS RR sorting on forwarded and system queries was not happening
unless more than 1024 milliseconds of RTT variance existed among
the servers. This was a good value for development and testing
but not for production use. The value is now 128 milliseconds.
No, this should not be a configurable in the boot file.
23. I am including a file doc/FAQ which was posted to usenet as:
From: craig@ecel.uwa.edu.au (Craig Richmond - division)
Newsgroups: comp.protocols.tcp-ip.domains
Subject: FAQ: Setting up a basic DNS server for a domain
Date: 3 Aug 1993 10:53:51 GMT
Organization: The University of Western Australia
Lines: 1088
Message-ID: <23lg3v$1go@uniwa.uwa.edu.au>
Summary: Step by Step implementation of a DNS server
Keywords: FAQ DNS setup
22. named-xfer now syslogs if the remote server's serial number is _lower_
than ours, which does seem like a bad thing. per@erix.ericsson.se
(Per Hedeland) sent this in.
21. man/resolver.3 had a typo on the exp_dn argument to dn_expand. fixed.
(Steve Alexander <stevea@lachman.com> sent this in.)
20. include/sys/cdefs.h moved to compat/include/sys/cdefs.h since some
systems have their own which must be used. the top-level makefile
must be edited if you are on one of these systems, since the default
CFLAGS includes this new directory as a -I directive. sys/bitypes.h
has also moved.
19. A neccessary bug fix for ISI's VALIDATE/NCACHE code has been incorporated.
If you had to rebuild without these turned on in options.h to get your
CNAME lookups to work again in an earlier 4.9.2 ALPHA, you can turn them
on again now.
18. The q_system field of the query structure has been removed in favor of
a q_type field containing bit definitions. The old PRIMING_CACHE magic
cookie is no longer used. Go to the end of the universe, do not pass go.
17. Converted to ANSI C. All functions are static unless they are actually
needed outside the current module ("file" in C terminology); static
functions are declared with prototypes if they are forward-referenced.
Externally visible functions are declared in separate header files, with
prototypes. ns.h and db.h have been split into four new header files:
db.h -> db_defs.h db_glob.h db_func.h
ns.h -> ns_defs.h ns_glob.h ns_func.h
The *_defs files contain only structure and type definitions, and macro
definitions. Nothing that generates text or data space in the executable
is declared here.
The *_glob files contain only global variable declarations, which used to
be defined in the various *.c files in a more or less random fashion. The
declarations are "extern" if included from non-main()-containing files, but
are defined globally and given initial values in main()-ish files. This
reuse of the same declarations insures that the type and size declarations
match between definitions and external references to them.
The *_func files contains function prototypes for global ("extern")
functions. The prototypes are all optional so will not break non-ANSI
systems. Note that I don't have such a system any more so I may be wrong.
16. Removed all remaining references to "short" or "long" that did not
depend on the vague semantics of those types. Most uses were actually
depending on a size of 16 bits for short and 32 bits for long, and there
are processors/compilers where each of these types is different. This
work was begun in 4.9 and is now complete. Note that some structs that
are used in large data structures use "char" for 8-bit integers. It helps.
05Jul93 - ALPHA Released
This is the cleanup release after 4.9. I'm going to try the TCSH style of
logging the changes; let me know if you think it's a bad way of doing it.
15. the resolver now includes an implementation of RFC 1101, which allows
network names to be encoded in the DNS tree rather than in /etc/networks.
this implementation is by rps@matuc2.mat.uc.pt (Rui Pedro Mendes Salgueiro)
i put the test program and original documentation in contrib/rfc1101/. i
would like to see their main.c ("nettest") turned into a tools/nettest,
but i'm not willing to do the work myself. it needs a man page, etc.
14. as expected the initial HS zone transfer stuff didn't work that well.
thanks to <per@ericsson.se>, retries after failed SOA queries will use
C_IN rather than falling through to C_HS inappropriately.
13. ns_init.c was fcntl(SETFL)'ing in a destructive way. it now does a
fcntl(GETFL) to get the old option mask and then |'s in the new flag.
this patch came from Eduard Vopicka <Eduard.Vopicka@vse.cz>.
12. there are two new conf/Info.* files; check 'em out.
11. ultrix (some versions, especially the vax ones) libc.a had some bad
naming conventions for some resolver routines. getshort/putshort just
have to be real functions, not just macros, or you can't link anything
with this resolver. patch was sent by <aas@brain.physics.swin.oz.au>.
10. sethostent(x) for host files was sticky for nonzero 'x' (avalon@anu.edu.au)
9. hp9000s700 is now supported in include/arpa/nameser.h (avalon@anu.edu.au)
8. statistics dumps now print the time in decimal-seconds-since-1970 in
addition to the old "ctime" format, for ease of debugging. (Peter Koch).
7. systems with 14-character filename limitations have apparently been
having trouble in named-xfer since its temporary file names are bigger
than they can handle. ash@hp sent in some patches a while ago, enabled
with SHORT_FNAMES in conf/options.h, to deal with this appropriately.
We should probably just generate short names always.
6. Some security stuff from ISI. According to Anant Kumar <anant@isi.edu>:
The validation procedure is the major change here. Currently, we
accept anything from a server, as long as we had asked it a question.
This implies that a malicious server can really send us any data and
we not only pass it on, we also cache it for as long as the TTL
holds. This can be really bad for our health and for that of those
who use the DNS.
We add this procedure to verify for each RR returned by a server
that it is indeed authoritative for either that zone, or for a
parent zone. We end up trusting the root servers for everything!
Also, the more rich our cache is the more choosy we become about the
data we add on to it. This stuff is all ifdef'd with "#ifdef VALIDATE"
The negative caching stuff adds on a d_rcode field to the databufs.
Any positive entry now shows a NOERROR there while negative entries
have either a NXDOMAIN or NOERROR_NODATA. NOERROR_NODATA rcode is
never returned. It is used only to differentiate, within the
internal database, between negative and positive entries. We use the
regular hash table (hashtab) to store negative entries, too. Only
authoritative answers are negative cached, for NTTL (parameterized,
currently 10 minutes) seconds. Non-authoritative NXDOMAINs or
NOERROR with zero RR count, now generated, are now accepted but
never cached. This is ifdef'd with "#ifdef NCACHE".
5. "make install" now has a prayer of working for the man pages. an observation
was made that net2++ systems _require_ formatted "cat" pages and that older
systems are _able_ to use them, so that's all we install.
4. i wrote man pages for named.reload, named.restart, and named-xfer. these
were actually in 4.9.1 for 4.4BSD.
3. unneeded functions in compat/lib will now generate placeholder symbols, to
make sure that the linker doesn't generate ugly-but-harmless warnings.
2. my ignorance of the true meaning of _POSIX_SOURCE has been corrected,
along with the ugly-but-working code in conf/portability.h and elsewhere.
1. non-resolver routines moved from res/ to compat/lib/. this will shorten
libresolv.a and make it easier to integrate new BIND releases into Net-2
descendents such as 4.4BSD and BSD/386.
4.9.1 ------------------
This is the integration of the changes that were made for 4.4BSD. This
release will not be published. Changes include:
doc/BOG/*: many changes to improve appearance of the output, including
orphan-avoidance and better tab stops. Sent to me by someone on
the net who deserves thanks but I've lost the original mail. Oops.
include/*: the CSRG people weren't entirely pleased with the interface
changes i made to the res_*() and inet_*() functions. in particular,
the changes from "long" to "u_int32_t" were too sweeping in their
opinion since Posix is already working on standardizing them and
might look unkindly on an apparently-still-evolving interface. also,
the possibility that all the vendors will change their implementations
to match the new interface is apparently rather dim. therefore most
externally-visible occurances of the int32_t type have been changed
back to "long" in the resolver interface. we believe that this should
still be portable to Cray and AXP machines, but i'll wait to hear from
someone who can actually try it out and let me know.
tools/*: the "net2" version of "lex" requires some additional flags and libs,
and this had implications for the Makefiles and the dig.c source file.
nslookup's man page is now in man/ rather than tools/nslookup, for
consistency.
named/*: last-minute 4.9-FINAL changes to named-xfer.c and db_load.c resulted
in corruption of TXT records on zone transfers, and a high number of
useless syslog(SYS_ERR) messages about zones already being up to date.
these last-minute changes have been massaged into better shape and are
now a lot readier for prime time than they were. a lesson was learned.
the inet_aton() function is now used where appropriate, rather than the
old inet_addr(). this is just an evolutionary move that should have no
practical implications. bad addresses in the "tcplist", "bogusns", and
"sortlist" directives (from named.boot) are now syslogged.
some open files are still inherited by named-xfer from named, but they
are properly closed now.
the SIGXFSZ signal is now accepted as an alias for SIGHUP, in support
of the wierd DEC Hesiod implementation. no practical significance.
res/*: one important bug fix in the gethostent() stuff, and a whole bunch of
evolutionary include file changes.
include/*: include/sys was moved to compat/include/sys, since systems that
do not need it really really really need to get their own instead.
at some point i'm going to move the res/*.c files that are needed for
compatibility but not really part of the resolver, into compat/lib.
general: there are more settable parameters in the top-level Makefile, and
they are propagated downward into the subdirectories' Makefiles. you
should not have to edit any Makefile except the top-level one. Note
that "make links" still creates local Makefiles in the build directory
because "mkdep" still edits the Makefiles on most systems.
4.9-FINAL -------------------
Kevin Dunlap sent in some changes for the BOG. So did a lot of other folks.
Someone asked about AXP-OSF, so I did a trivial 64-bit port. Porting to
other 64-bit systems should be simple now. Someone also sent in some MIPS
RISCOS portability changes, which were simple and therefore were put in.
Note that some type names have been added to BSD 4.4 as a result of this
work; they are going to be in <sys/types.h> in BSD 4.4 but they are in a
local include file called <sys/bitypes.h> in this distribution, with
appropriate #ifdef's in the include files that depend on them. Those of you
who are porting to 64-bit platforms where "long" isn't 32 bits should be
using these new names for your types; there was no standard before this,
but the names we've added for BIND 4.9 and BSD 4.4 are going to be proposed
to Posix at some point. Sometimes it's just not OK for "int" to be the
"natural integer size of the machine" and you just _have_ to tell the compiler
how many bits you want.
The NIC added a new root server, thus pushing the size of a nonauthoritative
root server response (which includes the root server list in the answer as
well as the authority sections) over the 512-byte limit. This showed up a
long-term BIND bug wherein it failed to set the TC ("truncation occurred")
bit if truncation occurred anywhere but the answer section. Since truncation
was occuring at the end of the packet, in the additional data section, this
meant that BIND was generating truncated responses without setting TC in the
response header. Upon further investigation, I found that BIND ignored TC
on responses it received from other name servers. RFC 1035 states that RR's
from truncated responses should not be cached; with creative interpretation
of the exact 1035 wording, I found a way to reach this goal while still
caching the answer section (as long as the truncation occurred in some other
section, which 1035 gives no definitive way to determine but I'm happy with
my guess).
While researching the above, I finally broke down and added credibility
output to the zone dump files. They are in the comments so should cause
no trouble. There's more work to be done on the dump output; in particular,
Phil Almquist proposed and even prototyped a "tagging" of all RR's with the
A RR of the nameserver that sent them to us; this feature should be added
and the dump output should include it. This would add a lot to our ability
to track down corrupt data.
Don Lewis and I had more discussions about TC and ended up agreeing that the
right thing to do is to set TC on responses that overflow in the answer or
authority section, truncating at an RR boundary, but do not set TC on responses
that overflow in the additional-data section (truncating at a {name,type}
boundary). This actually solves the root server problem pretty well, since
BIND 4.9 will, when it tries to use an NS whose A isn't in the cache, generate
a sysquery() for the missing A. (Heck, additional data TTL's are depreciated
at the rate of 5% per use, so this would end up happening pretty quickly even
if we did cache a partial {name,type} -- but now we won't have to.)
While trying to fix all of this stuff I ended up moving some functions around
to avoid duplicating them in different source files, and I reformatted some
source lines that went over 80 characters. I also made a few things "static"
that used to be unneccessarily global. More of that will happen in 4.9.1.
DEC's product version of MIT Hesiod uses SIGXFSZ for what we do with SIGHUP;
since the default for SIGXFSZ is to exit, it seemed prudent to wire it up to
do what SIGHUP does instead, so that this BIND can run on DEC Hesiod servers.
At the request of several people, I integrated the USC "dig" and Rutgers
"host" tools into the distribution. This required some changes to the
resolver library's debugging output formats, which will be visible in
nslookup, nsquery, and any other tool that sets the RES_DEBUG option.
Note that there is no support for "DEFNAMES" in this version of dig, due
to design changes between 4.8 (from which "dig" is derived) and 4.9. there
is no reason in principle why it can't be made to work, but it doesn't work
now. therefore only fully-qualified names can be looked up with this "dig".
I had to change the name of the resolver "state" structure to be "__res_state"
for standards conformance (really, it is not reasonable to expect that because
a program includes <resolv.h> it will never define its own structure called
"state". This change highlights the imperative that any application which is
relinked against this resolver must first be recompiled against these include
files (notably <resolv.h>). This is true for almost all versions of libresolv.
I asked for items for the "TODO" list and got quite a few. Check them out
before you hack; someone else may already have started doing what you want to
do. I also asked for tools for the "contrib" subdirectory and got 650KB worth.
They make the BIND 4.9 distribution a lot larger than 4.8.3 was, but the extra
bytes are well worth their weight.
Kenneth Almquist (no relation to Phil, as far as I know) posted a patch for
res_send() that lets it keep track of servers that are responding "SERVFAIL"
or some other fatal condition; these servers are NOT used for retries of the
current query. This information is not persistent between calls to res_send()
since future calls will probably be for different {name,type} queries, which
will not neccessarily fail in the same way. This change is trivial and makes
a measurable difference in the amount of DNS traffic on my local net.
4.9-BETA ------------------- April 17, 1993 -- Paul Vixie -- DECWRL
"Peter Koch" <pk@TechFak.Uni-Bielefeld.DE>'s previous patch caused core
dumps on some systems. I fixed part of it and Peter sent me a fix for
the rest of it. All is now well.
The Bind Operations Guide in doc/BOG has been updated to 4.9. Also, the
man page in man/named.8 has had some patches applied. The copyrights are
all fixed now. Let's get this thing OUT of here!
4.9-ALPHA ------------------- March 15, 1993 -- Paul Vixie -- DECWRL
There was a really bad bug affecting wildcards. I received a patch
from "Peter Koch" <pk@TechFak.Uni-Bielefeld.DE> which fixes some of
it, but I can't quite motivate myself to fix the rest of it since I
know that what's _really_ wrong is going to require chainsaws and
dynamite to fix and that'll add another year to the release. I think
that this patch will hold us for a while.
There are a LOT of portability changes that I'm holding onto, especially
including 64-bit fixes. Do not submit any more portability changes
until 4.9.1 opens. Go ahead and make them, but be prepared to remake
them later. Let me know what you are doing but don't send me any diffs
for portability until I ask for them. 4.9 has been stuck in the barrel
for way too long already -- patches that don't fix RFC-noncompliance or
core dumps will just go into my "todo" folder (which is presently a
black hole of great mass).
4.9-ALPHA ---------------- Febrtuary 2, 1992 -- Paul Vixie -- DECWRL
Mostly portability fixes. The nslookup "lex" problem is BSDI-specific
and I'm not going to hold up release because of it. This will be the
last alpha release before the public beta. It is, as usual, running
the DEC.COM primary name service and has done so for more than a week
without any problems.
4.9-ALPHA ---------------- January 10, 1993 -- Paul Vixie -- DECWRL
Once I get the known bug in nslookup (see below) fixed, this version is going
to go into public beta. I would appreciate it if everyone would try it out.
KNOWN BUG IN THIS RELEASE: something wild is going on inside of the yylex()
routing on BSD/386 systems. It only affects nslookup. I'm still trying to
figure out how I'm going to debug this; lex experts, please see what's going
on. None of the changes since the 930105 release should have been capable
of producing this change, but something is sure doing it.
I finally fixed the {GET,PUT}{SHORT,LONG} macros to stop issuing warnings
on HP-UX systems. They are also warning-free on Ultrix(SPIM,VAX), BSDI(386),
and SunOS(SPARC) systems. I took the plunge and changed the internal functions
in res/res_comp.c to depend on these macros instead of duplicating the code,
and everything still works.
Tom Limoncelli found three ancient memory leaks. I fixed two of them
but the last one looks too much like a "cannot happen" for me to be
willing to experiment with it. Besides which, it's "very" minor.
Uses setsid() on POSIX systems. PID file is now optional. (arc@sgi)
Comments (";" or "#") are now allowed in resolv.conf (arc@sgi).
Documentation and copyright changes in README.
Known to compile on NeXT machines.
Some portability changes for AIX, whose CC is very picky.
I forgot to mention in the 921227 release that T_RP is supported (arc@sgi).
I included a number of changes that Alan Barrett has been trying to get
in since the 921221 version. Most are portability-related, and the few
things that are functional are changes to my own previous additions :-),
so I'm fairly sure that they are doing the right thing. Alan's changes
include:
include/arpa/nameser.h
improved error diagnosis in the BYTE_ORDER configuration.
changed hp9000 test to hp9000s300. As far as I know, there is
no hp9000 preprocessor symbol. Should probably add other
hp9000s<whatever> tests, but have not done so.
named/ns.h
Moved the XFER-related stuff from the end of the file to near
the top, where it is grouped with similar stuff.
Makefiles:
Add SYSLIBS variable, so folk can compile with -lBSD easily.
Changed install targets to make them easier to customise.
make links wasn't handling named.{reload,restart}*
Add ${CDEBUG} flag to link step. Some debuggers don't work
right if the program isn't linked with the -g flag.
struct timeval members are declared as unsigned long on some systems.
Add casts to (long) in several if statements that appear to assume
that tv_sec is signed.
PID_FIX in ns_main.c controlled more than just whether or not the
pid file gets fixed.
Changed it to control only that one feature.
For debugging, it is useful for a nameserver to listen to non-standard
port, but to forward requests to a standard port.
Add "-p remote/local" option to named/ns_main.c.
Also needed some other changes elsewhere.
Don't forward back to the host that asked us a question, unless they
asked from some port other than their nameserver port. This allows a
dig or nslookup user on a host to ask us questions with
recursion-desired, where we are willing to recursively ask the
nameserver on their host. However, if a nameserver asks us something
we will not recurse back to them.
nslookup() in named/ns_forw.c checks for this and returns -1.
ns_forw() and sysquery() notice this and return SERVFAIL.
Moved the nsContainsUs functionality from a separate routine
into nslookup(). No need to do the same tree walk several times.
While trying to track down various problems, added detection
and logging of errors in several syscalls in ns_main.c.
Avoid integer overflow in roundtrip time calc in ns_resp.
This needs a definition for INT_MAX.
Fixed root zone transfer bug. Also corrected some slightly misleading
comments in the doaxfr() code, and added some more comments.
4.9-ALPHA ---------------- January 5, 1993 -- Paul Vixie -- DECWRL
This one was built and tested on Ultrix 4.2 (SPIM, MIPS CC and GCC),
BSD/386 (Gamma.4), Sun SPARC (4.0.3, sorry, that's the latest I have),
4.3BSD Reno (VAX, PCC), and Ultrix 3.0 (VAX PCC).
Moved res/defs.h to conf/portability.h; named/options.h to conf/options.h.
Portability changes for O_NDELAY. SUNOS is really strange about this.
Removed some unneccessary goto's added to ns_main.c on 1jan. Oops.
Art Harkin of HP sent in a number of small (read: obviously correct)
improvements, some related to portability, some to functionality.
4.9-ALPHA ---------------- January 1, 1993 -- Paul Vixie -- DECWRL
Changed all O_NONBLOCK to O_NDELAY. Changed all {r}index to str{r}chr.
Added some SysV support in the form of bcopy->memcpy, bzero->memset.
Added C_HS support to named-xfer (greg@duke.cs.unlv.edu).
Fixed a line-number problem in asp's "include" logic (asp@uunet.uu.net).
streamq's were being used after free(). bug report from fuat@ans.net
and jpe@ee.egr.duke.edu. bug fix by vixie.
In the resolver, we now default to address 127.0.0.1 rather than 0.0.0.0.
There's a comment in the code that explains why.
In the resolver, arc@xingping.esg.sgi.com changed it to use inet_aton()
and included that function for those not running 4.4bsd.
arc@xingping.esg.sgi.com also provided lots of portability fixes and
general cleanups, in particular to nslookup which he maintains for CSRG.
4.9-ALPHA ---------------- December 27, 1992 -- Paul Vixie -- DECWRL
Added strtoul() to libresolv.a since it's yet another neccessary function
that older systems don't have. If we can stomach strcasecmp() we can sure
handle this.
Moved res/named/gethostnamadr.c to res/gethnamaddr.c (note basename change)
and res/named/sethostent.c to res/sethostent.c. Since the host table stuff
isn't in separate files any more I saw no reason to retain the subdirectory.
Updated all the copyrights and applied the small lint changes that bring
the baseline of this version from "4.8.3 as seen on ucbarpa" up to "4.8.3
as released with net-2". Thanks to the alpha testers for pointing this out
to me and for sending in the diffs.
With much howling and screaming, I ported this to UMIPS (MIPS System V).
There are a lot of really bad things going on in their libc.a, and now
they're going on in BIND as well.
I added a "res/defs.h" file and then proceeded to include it from all kinds
of files that aren't in res/. I'm thinking of moving it but I'm also trying
to figure out where -- include/ is the wrong place. res/defs.h has in it all
the ugly ifdef's needed to figure out whether this is a late-model BSD system,
a POSIX system, or just old.
All the "#endif" and "#else" cpp directives now have comments around their
annotations. It turns out that System V CPP complains about "#endif DEBUG"
but has no problem with "#endif /*DEBUG*/". In many cases where the #ifdef
was obviously visible and unambiguous, I simply removed the annotation.
The "l" is now a ";". Thanks to all who replied :-).
There was a very bad bug in the named-xfer interface. 'nuff said.
AIX needs a 32-bit field for PID's. I can't imagine. But it's fixed.
The "domain" directive in named.boot is now an option, defaulting to off.
There was a benign bug in sqrm().
doaxfr() is now shorter and clearer.
There is an "include" directive in the named.boot file now. Its syntax is
simple: "include somefile". No quotes, no "#", no <brackets>. This feature
was in 4.9-ALPHA as well, courtesy of Andrew Partan. I forgot to document it.
4.9-ALPHA ---------------- December 21, 1992 -- Paul Vixie -- DECWRL
This release incorporates fixes from a lot of people, including many from
DECWRL. Some fixes are just lint; some are to avoid dumping core on non-VAX
computers; many are to fix promiscuity, corruption, and rudeness.
Various internal DEC programmers have ported the old 4.8.3 code to various
not-entirely-BSD-like platforms and turned up some interesting lint. All
of this has been fixed. Also, we fixed a bad bug in the handling of timeouts
and SERVFAIL's when forwarders and slave are both used.
I have made major changes to the code inside the ALLOW_UPDATES ifdef's, but
I don't use it and have never compiled with that option turned on so I don't
know if it still works. Given that SNMP has come and there is an IETF WG for
SNMP management of the DNS, I am thinking very seriously of purging all of the
ALLOW_UPDATES code in 4.9.1. I suspect that Mike Schwartz will let me know if
this is ok..
(interrim "KJB" notes) ------------------- March, 1992 -- Paul Vixie -- DECWRL
If we are about to forward a query for some zone for which we are one of the
servers, we send back a SERVFAIL instead. If we don't have it, chances are
good that the other name servers won't have it either. This is the major
cause of "network meltdown" when the root servers declare you as a name server
for some zone you don't know about and havn't configured yourself for.
Fixed a memory leak such that if db_update() fails to update the database
from a response packet, a databuf will no longer be orphaned. Also fixed
what looks like a similar leak in the ALLOW_UPDATES code but I don't use it
that hasn't been tested.
Fixed a memory sponge such that if we forward a query to someone who is not
ever going to answer it, we will eventually expire it from our query queue.
Previously it would expire after N retries to N' different servers, which
could be a very long time. Particularly in the case of lame delegations and
other forwarding loops, we feel that 90 seconds (two max-retry intervals) is
enough time for a query to be answered. While we were into this code we made
several fields in the query structure into "short"'s since they were only
being used to store smallish integers. The query list gets Very Long during
a forwarding loop -- even 90 seconds worth of queries is a lot of queries.
This version includes my hacks that assign a "credibility index" to each
<name,type> such that when more credible data arrives for a given
<name,type>, all old data is purged. When equally-credible data arrives it
is aggregated in the way we all know and love; when less credible data
arrives it is completely ignored. Credibility, from best to worst, is:
1. zone files (primary or secondary)
2. authoritative answers
3. non-authoritative answers and authority records
4. additional data
5. zone files ("cache" or "bootstrap" information)
You need this version of bind if you still show any A RR's in network
32.0.0.0 when you look up uucp-gw-1.pa.dec.com's A or adobe.com's NS.
I have also added some extra code to prevent pollution of the internal
"hint cache." In all versions of BIND that I was able to test, any IN_A
response to any sysquery() would cause the IN_A RR to be added to the
fcachetab ("hint cache"). This resulted in lots of extra cruft in the hint
cache, that wasn't timed out properly, which in turn resulted in lots of
strange answers ('nuff said, take my word for it.)
Though changes have been made to make the Ultrix and GNU (2.1) C compilers
stop complaining about the source, it should still compile and run just
about anywhere. In fact, after I cleaned up lots of old lint, this version
of BIND is known to compile and run on:
Ultrix 4.2 (MIPS or VAX)
SunOS 4.0.3
BSD/386 (BSDi beta)
This was being released as King James Bind because, like KJ Sendmail, it is
a merge of every major variant of Bind that we know about. It was
assembled and tested by Paul Vixie of DEC NSL/WRL, with generous donations
of code and advice from Win Treese of DEC CRL. Changes from Don Lewis of
Harris, Andrew Partan of UUNET, and Piet Beertema of EUNet are also included.
See the OPTIONS file for a description of the changes you can control with
#ifdef's.
This server has been run on UUCP-GW-{1,2}.PA.DEC.COM, which are in the UUCP
Zone. Our named.boot file has ~1900 lines in it. Before we instituted the
changes in this release, our name server usually ran at about 16MB virtual,
15MB physical, growing slowly but constantly until we restarted it.
Whenever a new zone was added to the NIC's root zone listing us as a name
server, our servers would kill themselves and eachother (and NS.UU.NET, one
of the other UUCP Zone name servers) with forwarding loops. After these
changes, we run at a fairly constant 8MB virtual and physical size, and our
apparent CPU utilization is always 0.0% since we never finish a quantum and
the scheduler always sees us as waiting for I-O. In other words, life is good.
Notes from UCB version 4.8.3 follow:
-------------------
This is version 4.8.3 of bind. It is a test release that updates
versions 4.8 and 4.8.1 with fixes, and is essentially the same as
the version of named on the 4.3BSD Reno release. Although it is
currently described as a test release, it is believed to be reasonably
stable and more usable than the previously-released versions.
Here are some of the more important changes:
o A list of domains may be specified for searching in resolv.conf instead
of just the local domain name.
o gethostbyname() will accept a dotted quad.
o Support has been added for the the T_TXT data type and for the class
C_HS. These are both used by Hesiod from Project Athena at MIT.
o All of the pathnames have been put into one header file. This
makes it easier to change the location based upon your local
configuration.
o Responses are only accepted from an address to which we might of sent
the request. This might cause problems if some server is multihomed
and is still running BIND 4.3, but it prevents attacks induced by
sending responses from another address.
o Numerous bugs have been fixed: Adding a new authoritative zone now
works when the server has a cached SOA record. Comparisons in the
db now look at type and class as well instead of dropping records
with identical data. Scheduling of maintenance interrupts has been
moved to one routine avoid spurious ones. Named goes into the background
after more of the initialization is done. Stream connection queue
handling was cleaned up including a bug that caused data corruption
and core dumps. Sys5 no longer can have multiple transfers of the
same zone occuring at the same time. Handle CNAME -> CNAME loops
more gracefully. Avoid making one server never get queried. Border
conditions in resolver are checked more accurately.
o Nslookup has been updated.
There are several bug reports that have yet to be integrated into this
version. Hopefully they will be dealt with in the next release. Please
send feedback on this release.
Notes from versions 4.8.1 and 4.8 follow:
------------------
This is version 4.8.1 of bind. It is a test release that includes
version 4.8 with fixes, asynchronous zone transfer and better reload
capabilities. Although it is currently described as a test release,
it is believed to be reasonably stable and more usable than the currently-
released version, 4.8. The changes of note are:
o The asynchronous zone transfer code previously posted to the bind
mailing list has been integrated, completed and tested. There are
a number of changes from the version posted, including fixes to
allow top-level domains to work and a simplification of the timer
code.
o The code for reloading the server has been changed so that only
primary zones master files that have changed are reloaded. The
cache and secondary zones are not flushed, and the sortlist, domain,
etc. are reset to correspond to the boot file contents.
o Several bugs have been fixed: the name "*" is not interpreted as
a wildcard in cached zones, only in primary zones. Secondary servers
no longer decrement the time-to-live of records by the time since
they verified the zone with the master; as a result, they never
hand out nameserver referrals with too short a TTL to be usable.
A bug was fixed that caused secondary servers with out-of-date
zones to return empty answers between the actual expiration time
and the next timeout.
There are several other bugs that have been reported but have not yet
been fixed. In addition, the next regular release of named will
support negative caching, but this has not been integrated.
I would appreciate receiving feedback on this release; in particular,
problems (or lack of problems) when installing on various systems.
I attempted to update the SysV code when integrating the zone-transfer,
but haven't tested it.
The notes from version 4.8 follow.
----------
Welcome to version 4.8 of bind.
There have been several changes to the named boot file (/etc/named.boot)
of which you should be aware. The "domain" line for each zone is no longer
needed, but one such line may still be used to specify a default domain
to be used for queries containing names with only a single component.
The term "suffixes", which was added in version 4.7alpha, has been removed.
The manual page on named (named.8) has been updated to reflect all
these changes. Please read this and look at the example files
before installation. You should also note the changes in the
resolver code to support non-fully-qualified addresses and per-user
host aliases. See hostname(7) for an overview. Two new routines
have been added to the resolver library since the last test release:
res_query formulates a query, sends it, waits for a response and does
preliminary error checking; res_search implements the search rules
of gethostbyname using res_query.
The MX lookup routine in sendmail has been modified to use res_search.
Also, dn_skip takes an additional parameter and has been renamed
to dn_skipname. While old sendmail binaries will work with the new
version of bind, because of these changes, it is desirable to install
new sendmail sources and recompile sendmail. Do not rebuild sendmail
from old sources. The new sendmail is on ucbarpa.Berkeley.EDU for
anonymous FTP from pub/4.3/sendmail.MX.tar and pub/4.3/sendmail.MX.tar.Z.
There have been numerous changes to named, fixing most of the known
bugs that can be fixed without major structural changes in the server.
Several server configurations that failed before should now work.
Certain robustness problems have been fixed, in particular bounds-
checking when processing incoming packets. Two changes have been made
in preparation for negative caching: SOA records are sent in the authority
section in negative responses with NXDOMAIN set, and a bug was fixed that
caused confusion and repeated requests if a response had no error, no answer
and an SOA in the authority section. As such responses are already sent
by other servers, and will be sent by the next release of BIND, it is
important that all sites upgrade to this version as quickly as possible.
The root "hint" cache and cache file remain the largest problem area,
along with named's naivete in accepting bogus server's data.
These will be addressed in the next release, along with asynchronous
zone transfers, intelligent reloading of zone files, faster startup,
and caching of negative responses.
This version (4.8) will replace the last officially released version (4.5).
Version 4.5 has a serious bug that causes the generation of a continuous
stream of bogons to the root domain servers (bogus queries with the query
response bit set and possibly garbage for nsid and rcode). It is imperative
that these versions of named be replaced as fast as possible. We urge you to
field 4.8 quickly, for the sake of the root domain servers.
Mike Karels
Jean Wood
bind@ucbarpa.Berkeley.EDU
## ++Copyright++
## -
## Copyright (c)
## The Regents of the University of California. All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted provided that the following conditions
## are met:
## 1. Redistributions of source code must retain the above copyright
## notice, this list of conditions and the following disclaimer.
## 2. Redistributions in binary form must reproduce the above copyright
## notice, this list of conditions and the following disclaimer in the
## documentation and/or other materials provided with the distribution.
## 3. All advertising materials mentioning features or use of this software
## must display the following acknowledgement:
## This product includes software developed by the University of
## California, Berkeley and its contributors.
## 4. Neither the name of the University nor the names of its contributors
## may be used to endorse or promote products derived from this software
## without specific prior written permission.
##
## THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
## ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
## ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
## FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
## DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
## OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
## OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
## SUCH DAMAGE.
## -
## Portions Copyright (c) 1993 by Digital Equipment Corporation.
##
## Permission to use, copy, modify, and distribute this software for any
## purpose with or without fee is hereby granted, provided that the above
## copyright notice and this permission notice appear in all copies, and that
## the name of Digital Equipment Corporation not be used in advertising or
## publicity pertaining to distribution of the document or software without
## specific, written prior permission.
##
## THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
## WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
## OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
## CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
## DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
## PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
## SOFTWARE.
## -
## --Copyright--