Commit 84e6ec60 authored by Lamont Jones's avatar Lamont Jones

9.6.1b1

parent 45b41449
--- 9.6.0-P1 released ---
--- 9.6.1b1 released ---
2522. [security] Handle -1 from DSA_do_verify() and EVP_verify().
2577. [doc] Clarified some statistics counters. [RT #19454]
2576. [bug] NSEC record were not being correctly signed when
a zone transitions from insecure to secure.
Handle such incorrectly signed zones. [RT #19114]
2574. [doc] Document nsupdate -g and -o. [RT #19351]
2573. [bug] Replacing a non-CNAME record with a CNAME record in a
single transaction in a signed zone failed. [RT #19397]
2568. [bug] Report when the write to indicate a otherwise
successful start fails. [RT #19360]
2567. [bug] dst__privstruct_writefile() could miss write errors.
write_public_key() could miss write errors.
dnssec-dsfromkey could miss write errors.
[RT #19360]
2564. [bug] Only take EDNS fallback steps when processing timeouts.
[RT #19405]
2563. [bug] Dig could leak a socket causing it to wait forever
to exit. [RT #19359]
2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
2559. [bug] dnssec-dsfromkey could compute bad DS records when
reading from a K* files. [RT #19357]
2557. [cleanup] PCI compliance:
* new libisc log module file
* isc_dir_chroot() now also changes the working
directory to "/".
* additional INSISTs
* additional logging when files can't be removed.
2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
error checks in the correct order resulting in the
wrong error code sometimes being returned. [RT #19249]
2554. [bug] Validation of uppercase queries from NSEC3 zones could
fail. [RT #19297]
2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
2552. [bug] zero-no-soa-ttl-cache was not being honoured.
[RT #19340]
2551. [bug] Potential Reference leak on return. [RT #19341]
2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
[RT #19343]
2549. [port] linux: define NR_OPEN if not currently defined.
[RT #19344]
2548. [bug] Install iterated_hash.h. [RT #19335]
2547. [bug] openssl_link.c:mem_realloc() could reference an
out-of-range area of the source buffer. New public
function isc_mem_reallocate() was introduced to address
this bug. [RT #19313]
2545. [doc] ARM: Legal hostname checking (check-names) is
for SRV RDATA too. [RT #19304]
2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
2542. [doc] Update the description of dig +adflag. [RT #19290]
2541. [bug] Conditionally update dispatch manager statistics.
[RT #19247]
2539. [security] Update the interaction between recursion, allow-query,
allow-query-cache and allow-recursion. [RT #19198]
2538. [bug] cache/ADB memory could grow over max-cache-size,
especially with threads and smaller max-cache-size
values. [RT #19240]
2537. [experimental] Added more statistics counters including those on socket
I/O events and query RTT histograms. [RT #18802]
2536. [cleanup] Silence some warnings when -Werror=format-security is
specified. [RT #19083]
2535. [bug] dig +showsearh and +trace interacted badly. [RT #19091]
2532. [bug] dig: check the question section of the response to
see if it matches the asked question. [RT #18495]
2531. [bug] Change #2207 was incomplete. [RT #19098]
2530. [bug] named failed to reject insecure to secure transitions
via UPDATE. [RT #19101]
2529. [cleanup] Upgrade libtool to silence complaints from recent
version of autoconf. [RT #18657]
2528. [cleanup] Silence spurious configure warning about
--datarootdir [RT #19096]
2527. [bug] named could reuse cache on reload with
enabling/disabling validation. [RT #19119]
2525. [experimental] New logging category "query-errors" to provide detailed
internal information about query failures, especially
about server failures. [RT #19027]
2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
2523. [bug] Random type rdata freed by dns_nsec_typepresent().
[RT #19112]
2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
2521. [bug] Improve epoll cross compilation support. [RT #19047]
2519. [bug] dig/host with -4 or -6 didn't work if more than two
nameserver addresses of the excluded address family
preceded in resolv.conf. [RT #19081]
2517. [bug] dig +trace with -4 or -6 failed when it chose a
nameserver address of the excluded address.
[RT #18843]
2516. [bug] glue sort for responses was performed even when not
needed. [RT #19039]
2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
a nameserver of the excluded address family.
[RT #18848]
2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
[RT #18885]
2506. [port] solaris: Check at configure time if
hack_shutup_pthreadonceinit is needed. [RT #19037]
2505. [port] Treat amd64 similarly to x86_64 when determining
atomic operation support. [RT #19031]
2503. [port] linux: improve compatibility with Linux Standard
Base. [RT #18793]
2502. [cleanup] isc_radix: Improve compliance with coding style,
document function in <isc/radix.h>. [RT #18534]
--- 9.6.0 released ---
......
Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 1996-2003 Internet Software Consortium.
Permission to use, copy, modify, and/or distribute this software for any
......@@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
$Id: COPYRIGHT,v 1.14 2008/01/02 23:47:01 tbox Exp $
$Id: COPYRIGHT,v 1.14.176.1 2009/01/05 23:47:22 tbox Exp $
Portions Copyright (C) 1996-2001 Nominum, Inc.
......
Frequently Asked Questions about BIND 9
Copyright © 2004-2008 Internet Systems Consortium, Inc. ("ISC")
Copyright © 2004-2009 Internet Systems Consortium, Inc. ("ISC")
Copyright © 2000-2003 Internet Software Consortium.
......@@ -600,7 +600,7 @@ Q: Why do queries for NSEC3 records fail to return the NSEC3 record?
A: NSEC3 records are strictly meta data and can only be returned in the
authority section. This is done so that signing the zone using NSEC3
records does not bring names into existance that do not exist in the
records does not bring names into existence that do not exist in the
unsigned version of the zone.
5. Operating-System Specific Questions
......@@ -825,7 +825,6 @@ A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to
use certain interrupts as a source of random events. You can make this
permanent by setting rand_irqs in /etc/rc.conf.
/etc/rc.conf
rand_irqs="3 14 15"
See also <http://people.freebsd.org/~dougb/randomness.html>.
......
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>
<!--
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
......@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: FAQ.xml,v 1.46 2008/09/09 05:42:17 marka Exp $ -->
<!-- $Id: FAQ.xml,v 1.46.56.4 2009/02/19 01:51:58 tbox Exp $ -->
<article class="faq">
<title>Frequently Asked Questions about BIND 9</title>
......@@ -28,6 +28,7 @@
<year>2006</year>
<year>2007</year>
<year>2008</year>
<year>2009</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
......@@ -1067,7 +1068,7 @@ empty:
NSEC3 records are strictly meta data and can only be
returned in the authority section. This is done so that
signing the zone using NSEC3 records does not bring names
into existance that do not exist in the unsigned version
into existence that do not exist in the unsigned version
of the zone.
</para>
</answer>
......@@ -1470,7 +1471,6 @@ options {
</para>
<informalexample>
<programlisting>
/etc/rc.conf
rand_irqs="3 14 15"</programlisting>
</informalexample>
<para>
......
# Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
......@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.52 2008/09/25 04:02:38 tbox Exp $
# $Id: Makefile.in,v 1.52.48.2 2009/02/20 23:47:23 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
......@@ -24,6 +24,12 @@ top_srcdir = @top_srcdir@
SUBDIRS = make lib bin doc
TARGETS =
MANPAGES = isc-config.sh.1
HTMLPAGES = isc-config.sh.html
MANOBJS = ${MANPAGES} ${HTMLPAGES}
@BIND9_MAKE_RULES@
distclean::
......@@ -36,12 +42,19 @@ distclean::
maintainer-clean::
rm -f configure
docclean manclean maintainer-clean::
rm -f ${MANOBJS}
doc man:: ${MANOBJS}
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} \
${DESTDIR}${localstatedir}/run ${DESTDIR}${sysconfdir}
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
install:: isc-config.sh installdirs
${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir}
${INSTALL_DATA} ${srcdir}/isc-config.sh.1 ${DESTDIR}${mandir}/man1
tags:
rm -f TAGS
......
......@@ -97,13 +97,14 @@ BIND 9.4.0
rndc now allows addresses to be set in the server clauses.
New option "allow-query-cache". This lets allow-query be
used to specify the default zone access level rather than
having to have every zone override the global value.
allow-query-cache can be set at both the options and view
levels. If allow-query-cache is not set then allow-recursion
is used if set, otherwise allow-query is used if set, otherwise
the default (localhost; localnets;) is used.
New option "allow-query-cache". This lets "allow-query"
be used to specify the default zone access level rather
than having to have every zone override the global value.
"allow-query-cache" can be set at both the options and view
levels. If "allow-query-cache" is not set then "allow-recursion"
is used if set, otherwise "allow-query" is used if set
unless "recursion no;" is set in which case "none;" is used,
otherwise the default (localhost; localnets;) is used.
rndc: the source address can now be specified.
......
......@@ -55,7 +55,7 @@ at least specify `--with-idn' option to enable IDN support.
`--with-libiconv' assumes that your C compiler has `-R'
option, and that the option adds the specified run-time path
to an exacutable binary. If `-R' option of your compiler has
to an executable binary. If `-R' option of your compiler has
different meaning, or your compiler lacks the option, you
should use `--with-iconv' option instead. Binary command
without run-time path information might be unexecutable.
......@@ -68,7 +68,7 @@ at least specify `--with-idn' option to enable IDN support.
specified, `--with-iconv' is prior to `--with-libiconv'.
--with-iconv=ICONV_LIBSPEC
If your libc doens't provide iconv(), you need to specify the
If your libc doesn't provide iconv(), you need to specify the
library containing iconv() with this option. `ICONV_LIBSPEC'
is the argument(s) to `cc' or `ld' to link the library, for
example, `--with-iconv="-L/usr/local/lib -liconv"'.
......@@ -82,7 +82,7 @@ at least specify `--with-idn' option to enable IDN support.
this option is not specified, `-L${PREFIX}/lib -lidnkit' is
assumed, where ${PREFIX} is the installation prefix specified
with `--with-idn' option above. You may need to use this
option to specify extra argments, for example,
option to specify extra arguments, for example,
`--with-idnlib="-L/usr/local/lib -R/usr/local/lib -lidnkit"'.
Please consult `README' for other configuration options.
......@@ -109,4 +109,4 @@ about idnkit and this patch.
Bug reports and comments on this kit should be sent to
mdnkit-bugs@nic.ad.jp and idn-cmt@nic.ad.jp, respectively.
; $Id: README.idnkit,v 1.2 2005/09/09 06:13:57 marka Exp $
; $Id: README.idnkit,v 1.2.762.1 2009/01/18 23:25:14 marka Exp $
/*
* Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: acconfig.h,v 1.51 2007/06/19 23:46:59 tbox Exp $ */
/* $Id: acconfig.h,v 1.51.334.2 2009/02/16 23:47:15 tbox Exp $ */
/*! \file */
......@@ -25,9 +25,6 @@
***/
@TOP@
/** define to `int' if <sys/types.h> doesn't define. */
#undef ssize_t
/** define on DEC OSF to enable 4.4BSD style sa_len support */
#undef _SOCKADDR_LEN
......@@ -61,9 +58,6 @@
/** define if you have the NET_RT_IFLIST sysctl variable and sys/sysctl.h */
#undef HAVE_IFLIST_SYSCTL
/** define if chroot() is available */
#undef HAVE_CHROOT
/** define if tzset() is available */
#undef HAVE_TZSET
......@@ -115,7 +109,7 @@ int sigwait(const unsigned int *set, int *sig);
* The silly continuation line is to keep configure from
* commenting out the #undef.
*/
#undef \
va_start
#define va_start(ap, last) \
......
/*
* Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check-tool.c,v 1.35 2008/10/24 00:28:00 marka Exp $ */
/* $Id: check-tool.c,v 1.35.36.3 2009/01/20 02:03:18 marka Exp $ */
/*! \file */
......@@ -115,6 +115,7 @@ static isc_logcategory_t categories[] = {
{ "queries", 0 },
{ "unmatched", 0 },
{ "update-security", 0 },
{ "query-errors", 0 },
{ NULL, 0 }
};
......@@ -217,8 +218,8 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
while (cur != NULL && cur->ai_canonname == NULL &&
cur->ai_next != NULL)
cur = cur->ai_next;
if (ai != NULL && cur->ai_canonname != NULL &&
strcasecmp(ai->ai_canonname, namebuf) != 0 &&
if (cur != NULL && cur->ai_canonname != NULL &&
strcasecmp(cur->ai_canonname, namebuf) != 0 &&
!logged(namebuf, ERR_IS_CNAME)) {
dns_zone_log(zone, ISC_LOG_ERROR,
"%s/NS '%s' (out of zone) "
......
/*
* Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named-checkconf.c,v 1.46 2007/11/26 02:12:45 marka Exp $ */
/* $Id: named-checkconf.c,v 1.46.222.2 2009/02/16 23:47:15 tbox Exp $ */
/*! \file */
......@@ -61,9 +61,9 @@ isc_log_t *logc = NULL;
/*% usage */
static void
usage(void) {
fprintf(stderr, "usage: %s [-h] [-j] [-v] [-z] [-t directory] "
fprintf(stderr, "usage: %s [-h] [-j] [-v] [-z] [-t directory] "
"[named.conf]\n", program);
exit(1);
exit(1);
}
/*% directory callback */
......@@ -173,9 +173,9 @@ configure_zone(const char *vclass, const char *view,
zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
classobj = cfg_tuple_get(zconfig, "class");
if (!cfg_obj_isstring(classobj))
zclass = vclass;
else
if (!cfg_obj_isstring(classobj))
zclass = vclass;
else
zclass = cfg_obj_asstring(classobj);
zoptions = cfg_tuple_get(zconfig, "options");
......@@ -194,9 +194,9 @@ configure_zone(const char *vclass, const char *view,
return (ISC_R_FAILURE);
if (strcasecmp(cfg_obj_asstring(typeobj), "master") != 0)
return (ISC_R_SUCCESS);
cfg_map_get(zoptions, "database", &dbobj);
if (dbobj != NULL)
return (ISC_R_SUCCESS);
cfg_map_get(zoptions, "database", &dbobj);
if (dbobj != NULL)
return (ISC_R_SUCCESS);
cfg_map_get(zoptions, "file", &fileobj);
if (fileobj == NULL)
return (ISC_R_FAILURE);
......@@ -287,8 +287,8 @@ configure_zone(const char *vclass, const char *view,
} else
INSIST(0);
} else {
zone_options |= DNS_ZONEOPT_CHECKNAMES;
zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
zone_options |= DNS_ZONEOPT_CHECKNAMES;
zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
}
masterformat = dns_masterformat_text;
......@@ -399,7 +399,7 @@ main(int argc, char **argv) {
int exit_status = 0;
isc_entropy_t *ectx = NULL;
isc_boolean_t load_zones = ISC_FALSE;
isc_commandline_errprint = ISC_FALSE;
while ((c = isc_commandline_parse(argc, argv, "dhjt:vz")) != EOF) {
......@@ -419,12 +419,6 @@ main(int argc, char **argv) {
isc_result_totext(result));
exit(1);
}
result = isc_dir_chdir("/");
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "isc_dir_chdir: %s\n",
isc_result_totext(result));
exit(1);
}
break;
case 'v':
......
.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
......@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: named-checkzone.8,v 1.42 2007/06/20 02:27:32 marka Exp $
.\" $Id: named-checkzone.8,v 1.42.334.1 2009/01/23 01:53:33 tbox Exp $
.\"
.hy 0
.ad l
......@@ -82,7 +82,7 @@ When loading the zone file read the journal if it exists.
.PP
\-c \fIclass\fR
.RS 4
Specify the class of the zone. If not specified "IN" is assumed.
Specify the class of the zone. If not specified, "IN" is assumed.
.RE
.PP
\-i \fImode\fR
......@@ -272,7 +272,7 @@ BIND 9 Administrator Reference Manual.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2002 Internet Software Consortium.
.br
/*
* Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named-checkzone.c,v 1.51 2008/10/24 01:44:48 tbox Exp $ */
/* $Id: named-checkzone.c,v 1.51.34.2 2009/02/16 23:47:15 tbox Exp $ */
/*! \file */
......@@ -268,12 +268,6 @@ main(int argc, char **argv) {
isc_result_totext(result));
exit(1);
}
result = isc_dir_chdir("/");
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "isc_dir_chdir: %s\n",
isc_result_totext(result));
exit(1);
}
break;
case 's':
......
......@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
......@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named-checkzone.docbook,v 1.34 2007/06/19 06:58:03 marka Exp $ -->
<!-- $Id: named-checkzone.docbook,v 1.34.334.2 2009/01/22 23:47:04 tbox Exp $ -->
<refentry id="man.named-checkzone">