Commit | Line | Data |
---|---|---|
daa8a7e2 C |
1 | 4.9.2 ------------------ BETA5 ----------------- Paul Vixie |
2 | ||
3 | 52. A number of optimizations that fell out of negative caching and/or the | |
4 | validation code have been turned off in order to avoid confusing older | |
5 | nameservers and their unfortunate assumptions about co-invariants. | |
6 | Mark Andrews and Robert Elz were the principle debuggers and contributors | |
7 | to this part of the effort. | |
8 | ||
9 | 51. We're now much more portable to systems without Posix or BSD signals, | |
10 | thanks to Bill Wisner. | |
11 | ||
12 | 50. tools/host.c now has more reasonable error messages and can deal with | |
13 | negative caching servers. | |
14 | ||
15 | 49. Lots of Makefile gaffes are now fixed. | |
16 | ||
17 | 48. New "host" in contrib/host/, complements of Eric Wassenaar. | |
18 | ||
19 | 47. AFSDB support is now complete, thanks to Chris Everhart. | |
20 | ||
21 | 46. The bug whereby named would sporadically return NXDOMAIN when it should | |
22 | have sent back a referral has been fixed. | |
23 | ||
24 | 4.9.2 ------------------ BETA3, BETA4 ----------------- Paul Vixie | |
25 | ||
26 | 45. Robert Elz has provided updated LOCALDOMAIN environment variable | |
27 | processing, making it more like resolv.conf's "search" than "domain". | |
28 | In the spirit of this I have added a RES_OPTIONS environment variable | |
29 | and a corresponding "options" keyword to resolv.conf. All of this is | |
30 | documented in the man pages and in the BOG. Robert has also contributed | |
31 | several bug fixes to the validation and negative caching code. | |
32 | ||
33 | 4.9.2 ------------------ ALPHA ----------------- Paul Vixie | |
34 | ||
35 | 44. BETA1, BETA2, and three patches to BETA2 have all come and gone without | |
36 | itemized descriptions in this file. I'll provide the RCS history on the | |
37 | code to anyone who asks, but basically what's been happening is that some | |
38 | core dumps were fixed, others added, then those were fixed too. Meanwhile | |
39 | RFC 1535 has been published, codifying CERT's concerns and our answer to | |
40 | them. BIND is now RFC 1535 compatible. RFC's 1535, 1536, and 1537 are | |
41 | now included in the doc/ directory. Note that Mark Andrews supplied many | |
42 | of the fixes to the core dumps, some of which were introduced by me and | |
43 | some by ISI's negative caching and/or validation code. | |
44 | ||
45 | 43. patch05 to ALPHA2 (930908) released: this includes new DNSRCH logic to | |
46 | correct a serious problem that CERT called me with today. the change is | |
47 | subtle and will have the effect that names which could match either as | |
48 | fully qualified names or partially qualified names using the local search | |
49 | list will be found as fully qualified. previous releases would have found | |
50 | them first through the local search list. local search lists are a bad | |
51 | idea in my opinion; see new SEARCH_DEFAULT option in OPTIONS file for more | |
52 | information. also in this release: limited Solaris support, in the form | |
53 | of POSIX-style signal handling used on systems which support (or require) | |
54 | it. as of this patch, 4.9.2 has a good chance of compiling out of the box | |
55 | on Solaris, modulo makefile edits. dig and host should be more portable | |
56 | now, too. | |
57 | ||
58 | 42. patch04 to ALPHA2 (930908) released: this corrects several borderline | |
59 | syntax errors in various Makefiles (Sun and Ultrix makes complained); | |
60 | it corrects a coredump on Ultrix systems (which aren't really as POSIX | |
61 | as i thought they were); it lets dig and nslookup compile again on SunOS; | |
62 | and it cleans up some dirty junk in named-xfer.c. this stuff is really | |
63 | really minor but i would like to see it tested on a Sun system before the | |
64 | beta. | |
65 | ||
66 | 41. patch03 to ALPHA2 (930908) released: this uses compat/include by default | |
67 | which is helpful on BSD/386 systems and shouldn't hurt any others except | |
68 | perhaps real 4.4BSD systems (and maybe not even those); it removes Bryan | |
69 | Beecher's SHUFFLE_ADDRS option since he and I agree that Marshall Rose's | |
70 | ROUND_ROBIN stuff is more general and cleaner; it includes various patches | |
71 | to the documentation sent in by several folks (please print the BOG and | |
72 | let me know if you find problems in it); it fixes "make depend" problem | |
73 | in "man/" subdirectory; it fixes several outright bugs in Gregory Shapiro's | |
74 | SECURE_ZONES code; it removes an obscure syslog() that should have been a | |
75 | dprintf() ("validate_count -> 0"); it fixes a bug in NCACHE whereby a T_ANY | |
76 | query for a name which was negatively cached but had children would return | |
77 | _answers_ with the T_ANY type for subsequent queries; several newer syslog | |
78 | messages were reworded to make them clearer; a portability bug in the | |
79 | SUNSECURITY logic was fixed; another in the RFC1101 logic was fixed; | |
80 | support for the PAGER environment variable was added to nslookup (sorry, | |
81 | i know we're in functional freeze but this will enable development in the | |
82 | next cycle and it was pretty simple) and only affects the "view" and "help" | |
83 | commands. | |
84 | ||
85 | 40. patch02 to ALPHA2 (930908) released; this includes more fixed from Mark | |
86 | Andrews, this time to Anant's NCACHE stuff (memory leak and functional | |
87 | bug). Also included is a patch from Gregory Neil Shapiro to his SECURE_ | |
88 | ZONES code, which I hadn't noticed since I don't run it here. | |
89 | ||
90 | 39. patch01 to ALPHA2 (930908) released; this includes some fixes from Mark | |
91 | Andrews to his "clev" and ADDAUTH stuff. The "clev" patch fixes a problem | |
92 | on all servers; the ADDAUTH stuff is still experimental so most users will | |
93 | not be affected by it. Dave Morrison also sent a patch for the USE_UTIME | |
94 | logic, which is important for ULTRIX systems. | |
95 | ||
96 | 38. 4.9.2-ALPHA2 released on 930908. | |
97 | ||
98 | 37. Mark Andrews sent an initial attempt at implementing ADDAUTH, which will | |
99 | eventually allow named to include authority and glue RR's with all | |
100 | authoritative answers. I am not sure that the design goal is right, and | |
101 | the implementation currently sends back glue RR's but no authority RR's, | |
102 | so I'm recommending against using this for now. But since it changes some | |
103 | internal interfaces in a harmless enough way, I'm including the changes. | |
104 | ||
105 | 36. Marshall Rose's ROUND_ROBIN code snuck in at the last hour. This is the | |
106 | best answer I've seen to the problems purported to be solved by SA RR's, | |
107 | and my wording in the OPTIONS file shows this. | |
108 | ||
109 | 35. These items from TODO is now done: | |
110 | ||
111 | [vixie@pa.dec.com 25apr93]: clean up debugging | |
112 | replace all "#ifdef DEBUG...fprintf(...)...#endif" with dprintf(...) | |
113 | which would be a macro that only expands to an fprintf() if DEBUG is | |
114 | set. dprintf(x, (args)) with x as the log level. perhaps change log | |
115 | levels to be symbolic, and perhaps make them a mask instead of a limit. | |
116 | ||
117 | [vixie@pa.dec.com 25apr93]: clean up #ifdef's and portability | |
118 | add and use function prototypes. make everything static that can be. | |
119 | externs should only be in .h files (add more .h files, per module if | |
120 | needed, to cover these). add "export" keyword (null define) to make | |
121 | it clear which names are exported and which are static. all top-blevel | |
122 | names in a module must be "export" or "static". | |
123 | ||
124 | [gshapiro@wpi.wpi.edu and vixie@pa.dec.com 26apr93]: access control | |
125 | "xfrnets" is ok but what we really need is full access control per | |
126 | zone rather than a global list of acceptable client nets. this is | |
127 | especially important if you send /etc/passwd via zone transfer. | |
128 | ||
129 | [postel@isi.edu anant@isi.edu jaffe@noc.rutgers.edu | |
130 | 28apr93]: negative caching | |
131 | Paul: | |
132 | We'ed like to have included in 4.9.1 | |
133 | our implemention for negative caching. | |
134 | --jon & Anant. | |
135 | ||
136 | [vixie@pa.dec.com 16may93]: inet_addr needs to die | |
137 | to be replaced by calls to inet_aton, which doesn't confuse the | |
138 | broadcast address with bad addresses. | |
139 | ||
140 | [Paul: I know you said that you'd like to wait for the IETF DNS WG to | |
141 | "bless" an official load balancing scheme, but I'll be adding my | |
142 | shuffle A records to BIND 4.9 for use here at U-M anyhow. The code | |
143 | mods to existing source files are minimal since the bulk of the work | |
144 | is done in a separate .c I added. If you don't want SA records to | |
145 | move into 4.9.1 unless they become official, please just toss this | |
146 | first entry. --bryan@umich.edu] | |
147 | ||
148 | [bryan@umich.edu 25apr93]: add "shuffle A" records | |
149 | There are several schemes for adding some kind of load balancing | |
150 | capability to the DNS. Our "Shuffle Address" (SA) records are one | |
151 | stab at this, and since they're in use at U-M, I need to add them | |
152 | so we can use BIND 4.9 here. | |
153 | ||
154 | [bryan@umich.edu 25apr93]: add AFSDB records | |
155 | AFSDB records were proposed in RFC xxxx. We use them here at the | |
156 | University of Michigan, so I need to add them for our copy of | |
157 | BIND 4.9. | |
158 | ||
159 | [bryan@umich.edu 25apr93]: small fix to resolver's p_cdname() | |
160 | The current copy of p_cdname() in the resolver does not work | |
161 | for query responses larger than 512 bytes (which can happen when | |
162 | using TCP). A very small modification changes the "sanity check" | |
163 | argument (the second one) to dn_expand() from "msg + 512" to | |
164 | "cp + MAXCDNAME". (This showed up very recently.) | |
165 | ||
166 | 34. While waiting for some last minute changes from volunteers, I looked | |
167 | at my work queue and saw that asp@uunet.uu.net had asked a while ago | |
168 | that named not fork/exec a named-xfer unless it had already determined | |
169 | that the serial number was out of date. This is important to sites like | |
170 | UUNET and DECWRL, which have thousands of "secondary" lines in their | |
171 | named.boot and can take hours to check all the serial numbers at boot | |
172 | time if named forks/execs named-xfer and lets named-xfer compare the | |
173 | serial numbers, rather than comparing them in named and only fork/exec'ing | |
174 | a named-xfer if it's actually neccessary to do a transfer. In spite of | |
175 | C's lack of threads, this only took a few hours to do. So it's in. | |
176 | ||
177 | 33. Gregory Shapiro's "secure_zone" changes are in. See the BOG. | |
178 | ||
179 | 32. Internals changes: STATS is no longer optional; ns_req() has been split | |
180 | into three functions for readability. Convex systems are now supported. | |
181 | You can now define LOG_FAC in conf/options.h if you want to syslog as | |
182 | LOG_LOCAL1 or some other non-LOG_DAEMON value. The mkstemp() problem on | |
183 | ULTRIX has been fixed. More dead code has been eliminated. | |
184 | ||
185 | 31. Large TCP queries are now printable in debug mode (which is used by | |
186 | "dig" and "nslookup"), thanks to a patch and a lot of patient explain- | |
187 | ations from Bryan Beecher. | |
188 | ||
189 | 30. Data from subdomains ("deeper zones") is now considered more credible | |
190 | than data from parent zones, if both are authoritative. This permits | |
191 | a subdomain's data to differ from its parents delegation information | |
192 | and have the most-local information supercede the least-local. Mark | |
193 | Andrews <marka@syd.dms.csiro.au> sent this in, and it is nonoptional. | |
194 | ||
195 | 29. rossc@ucc.su.oz.au's SUNSECURITY patch is now included, along with | |
196 | marka@syd.dms.csiro.au's performance improvement to it. Note that | |
197 | I am violating my own policies by including this, since it came | |
198 | without a corresponding patch to OPTIONS, conf/options.h, and the BOG. | |
199 | ||
200 | 28. Interfaces with multiple addresses were not being handled properly. | |
201 | This is an issue for 4.3-Reno and later BSD systems, including BNR2 | |
202 | ("Net-2") and 4.4BSD. Multiple addresses are not properly handled | |
203 | as if they were all aliases for the localhost. | |
204 | ||
205 | 27. Jukka Ukkonen <ukkonen@csc.fi> sent me some patches for the Convex, | |
206 | which I've put it but cannot test. | |
207 | ||
208 | 26. sob@tmc.edu (Stan Barber) sent me new versions of contrib/host/host.c | |
209 | and contrib/host/send.c, which I have installed but not tested. I am | |
210 | still waiting for someone to update the version in tools/host.c, which | |
211 | is going to be a lot more work. Contact me via e-mail if you want to | |
212 | help. | |
213 | ||
214 | 25. My credibility stuff from the original 4.9 (and before that, KJB) | |
215 | was operating under a ``scorched earth'' policy due to a brain fault | |
216 | on my part when I wrote the code originally. Tim.Goodwin@pipex.net | |
217 | discovered this and sent in a patch. Note that throwing out glue is | |
218 | generally OK since glue is generally NOT OK, but disposing of it after | |
219 | ~20 references is a lot better than disposing of it after 1 reference. | |
220 | ||
221 | 24. NS RR sorting on forwarded and system queries was not happening | |
222 | unless more than 1024 milliseconds of RTT variance existed among | |
223 | the servers. This was a good value for development and testing | |
224 | but not for production use. The value is now 128 milliseconds. | |
225 | No, this should not be a configurable in the boot file. | |
226 | ||
227 | 23. I am including a file doc/FAQ which was posted to usenet as: | |
228 | From: craig@ecel.uwa.edu.au (Craig Richmond - division) | |
229 | Newsgroups: comp.protocols.tcp-ip.domains | |
230 | Subject: FAQ: Setting up a basic DNS server for a domain | |
231 | Date: 3 Aug 1993 10:53:51 GMT | |
232 | Organization: The University of Western Australia | |
233 | Lines: 1088 | |
234 | Message-ID: <23lg3v$1go@uniwa.uwa.edu.au> | |
235 | Summary: Step by Step implementation of a DNS server | |
236 | Keywords: FAQ DNS setup | |
237 | ||
238 | 22. named-xfer now syslogs if the remote server's serial number is _lower_ | |
239 | than ours, which does seem like a bad thing. per@erix.ericsson.se | |
240 | (Per Hedeland) sent this in. | |
241 | ||
242 | 21. man/resolver.3 had a typo on the exp_dn argument to dn_expand. fixed. | |
243 | (Steve Alexander <stevea@lachman.com> sent this in.) | |
244 | ||
245 | 20. include/sys/cdefs.h moved to compat/include/sys/cdefs.h since some | |
246 | systems have their own which must be used. the top-level makefile | |
247 | must be edited if you are on one of these systems, since the default | |
248 | CFLAGS includes this new directory as a -I directive. sys/bitypes.h | |
249 | has also moved. | |
250 | ||
251 | 19. A neccessary bug fix for ISI's VALIDATE/NCACHE code has been incorporated. | |
252 | If you had to rebuild without these turned on in options.h to get your | |
253 | CNAME lookups to work again in an earlier 4.9.2 ALPHA, you can turn them | |
254 | on again now. | |
255 | ||
256 | 18. The q_system field of the query structure has been removed in favor of | |
257 | a q_type field containing bit definitions. The old PRIMING_CACHE magic | |
258 | cookie is no longer used. Go to the end of the universe, do not pass go. | |
259 | ||
260 | 17. Converted to ANSI C. All functions are static unless they are actually | |
261 | needed outside the current module ("file" in C terminology); static | |
262 | functions are declared with prototypes if they are forward-referenced. | |
263 | Externally visible functions are declared in separate header files, with | |
264 | prototypes. ns.h and db.h have been split into four new header files: | |
265 | db.h -> db_defs.h db_glob.h db_func.h | |
266 | ns.h -> ns_defs.h ns_glob.h ns_func.h | |
267 | ||
268 | The *_defs files contain only structure and type definitions, and macro | |
269 | definitions. Nothing that generates text or data space in the executable | |
270 | is declared here. | |
271 | ||
272 | The *_glob files contain only global variable declarations, which used to | |
273 | be defined in the various *.c files in a more or less random fashion. The | |
274 | declarations are "extern" if included from non-main()-containing files, but | |
275 | are defined globally and given initial values in main()-ish files. This | |
276 | reuse of the same declarations insures that the type and size declarations | |
277 | match between definitions and external references to them. | |
278 | ||
279 | The *_func files contains function prototypes for global ("extern") | |
280 | functions. The prototypes are all optional so will not break non-ANSI | |
281 | systems. Note that I don't have such a system any more so I may be wrong. | |
282 | ||
283 | 16. Removed all remaining references to "short" or "long" that did not | |
284 | depend on the vague semantics of those types. Most uses were actually | |
285 | depending on a size of 16 bits for short and 32 bits for long, and there | |
286 | are processors/compilers where each of these types is different. This | |
287 | work was begun in 4.9 and is now complete. Note that some structs that | |
288 | are used in large data structures use "char" for 8-bit integers. It helps. | |
289 | ||
290 | 05Jul93 - ALPHA Released | |
291 | ||
292 | This is the cleanup release after 4.9. I'm going to try the TCSH style of | |
293 | logging the changes; let me know if you think it's a bad way of doing it. | |
294 | ||
295 | 15. the resolver now includes an implementation of RFC 1101, which allows | |
296 | network names to be encoded in the DNS tree rather than in /etc/networks. | |
297 | this implementation is by rps@matuc2.mat.uc.pt (Rui Pedro Mendes Salgueiro) | |
298 | i put the test program and original documentation in contrib/rfc1101/. i | |
299 | would like to see their main.c ("nettest") turned into a tools/nettest, | |
300 | but i'm not willing to do the work myself. it needs a man page, etc. | |
301 | ||
302 | 14. as expected the initial HS zone transfer stuff didn't work that well. | |
303 | thanks to <per@ericsson.se>, retries after failed SOA queries will use | |
304 | C_IN rather than falling through to C_HS inappropriately. | |
305 | ||
306 | 13. ns_init.c was fcntl(SETFL)'ing in a destructive way. it now does a | |
307 | fcntl(GETFL) to get the old option mask and then |'s in the new flag. | |
308 | this patch came from Eduard Vopicka <Eduard.Vopicka@vse.cz>. | |
309 | ||
310 | 12. there are two new conf/Info.* files; check 'em out. | |
311 | ||
312 | 11. ultrix (some versions, especially the vax ones) libc.a had some bad | |
313 | naming conventions for some resolver routines. getshort/putshort just | |
314 | have to be real functions, not just macros, or you can't link anything | |
315 | with this resolver. patch was sent by <aas@brain.physics.swin.oz.au>. | |
316 | ||
317 | 10. sethostent(x) for host files was sticky for nonzero 'x' (avalon@anu.edu.au) | |
318 | ||
319 | 9. hp9000s700 is now supported in include/arpa/nameser.h (avalon@anu.edu.au) | |
320 | ||
321 | 8. statistics dumps now print the time in decimal-seconds-since-1970 in | |
322 | addition to the old "ctime" format, for ease of debugging. (Peter Koch). | |
323 | ||
324 | 7. systems with 14-character filename limitations have apparently been | |
325 | having trouble in named-xfer since its temporary file names are bigger | |
326 | than they can handle. ash@hp sent in some patches a while ago, enabled | |
327 | with SHORT_FNAMES in conf/options.h, to deal with this appropriately. | |
328 | We should probably just generate short names always. | |
329 | ||
330 | 6. Some security stuff from ISI. According to Anant Kumar <anant@isi.edu>: | |
331 | ||
332 | The validation procedure is the major change here. Currently, we | |
333 | accept anything from a server, as long as we had asked it a question. | |
334 | This implies that a malicious server can really send us any data and | |
335 | we not only pass it on, we also cache it for as long as the TTL | |
336 | holds. This can be really bad for our health and for that of those | |
337 | who use the DNS. | |
338 | ||
339 | We add this procedure to verify for each RR returned by a server | |
340 | that it is indeed authoritative for either that zone, or for a | |
341 | parent zone. We end up trusting the root servers for everything! | |
342 | Also, the more rich our cache is the more choosy we become about the | |
343 | data we add on to it. This stuff is all ifdef'd with "#ifdef VALIDATE" | |
344 | ||
345 | The negative caching stuff adds on a d_rcode field to the databufs. | |
346 | Any positive entry now shows a NOERROR there while negative entries | |
347 | have either a NXDOMAIN or NOERROR_NODATA. NOERROR_NODATA rcode is | |
348 | never returned. It is used only to differentiate, within the | |
349 | internal database, between negative and positive entries. We use the | |
350 | regular hash table (hashtab) to store negative entries, too. Only | |
351 | authoritative answers are negative cached, for NTTL (parameterized, | |
352 | currently 10 minutes) seconds. Non-authoritative NXDOMAINs or | |
353 | NOERROR with zero RR count, now generated, are now accepted but | |
354 | never cached. This is ifdef'd with "#ifdef NCACHE". | |
355 | ||
356 | 5. "make install" now has a prayer of working for the man pages. an observation | |
357 | was made that net2++ systems _require_ formatted "cat" pages and that older | |
358 | systems are _able_ to use them, so that's all we install. | |
359 | ||
360 | 4. i wrote man pages for named.reload, named.restart, and named-xfer. these | |
361 | were actually in 4.9.1 for 4.4BSD. | |
362 | ||
363 | 3. unneeded functions in compat/lib will now generate placeholder symbols, to | |
364 | make sure that the linker doesn't generate ugly-but-harmless warnings. | |
365 | ||
366 | 2. my ignorance of the true meaning of _POSIX_SOURCE has been corrected, | |
367 | along with the ugly-but-working code in conf/portability.h and elsewhere. | |
368 | ||
369 | 1. non-resolver routines moved from res/ to compat/lib/. this will shorten | |
370 | libresolv.a and make it easier to integrate new BIND releases into Net-2 | |
371 | descendents such as 4.4BSD and BSD/386. | |
372 | ||
373 | 4.9.1 ------------------ | |
374 | ||
375 | This is the integration of the changes that were made for 4.4BSD. This | |
376 | release will not be published. Changes include: | |
377 | ||
378 | doc/BOG/*: many changes to improve appearance of the output, including | |
379 | orphan-avoidance and better tab stops. Sent to me by someone on | |
380 | the net who deserves thanks but I've lost the original mail. Oops. | |
381 | ||
382 | include/*: the CSRG people weren't entirely pleased with the interface | |
383 | changes i made to the res_*() and inet_*() functions. in particular, | |
384 | the changes from "long" to "u_int32_t" were too sweeping in their | |
385 | opinion since Posix is already working on standardizing them and | |
386 | might look unkindly on an apparently-still-evolving interface. also, | |
387 | the possibility that all the vendors will change their implementations | |
388 | to match the new interface is apparently rather dim. therefore most | |
389 | externally-visible occurances of the int32_t type have been changed | |
390 | back to "long" in the resolver interface. we believe that this should | |
391 | still be portable to Cray and AXP machines, but i'll wait to hear from | |
392 | someone who can actually try it out and let me know. | |
393 | ||
394 | tools/*: the "net2" version of "lex" requires some additional flags and libs, | |
395 | and this had implications for the Makefiles and the dig.c source file. | |
396 | nslookup's man page is now in man/ rather than tools/nslookup, for | |
397 | consistency. | |
398 | ||
399 | named/*: last-minute 4.9-FINAL changes to named-xfer.c and db_load.c resulted | |
400 | in corruption of TXT records on zone transfers, and a high number of | |
401 | useless syslog(SYS_ERR) messages about zones already being up to date. | |
402 | these last-minute changes have been massaged into better shape and are | |
403 | now a lot readier for prime time than they were. a lesson was learned. | |
404 | ||
405 | the inet_aton() function is now used where appropriate, rather than the | |
406 | old inet_addr(). this is just an evolutionary move that should have no | |
407 | practical implications. bad addresses in the "tcplist", "bogusns", and | |
408 | "sortlist" directives (from named.boot) are now syslogged. | |
409 | ||
410 | some open files are still inherited by named-xfer from named, but they | |
411 | are properly closed now. | |
412 | ||
413 | the SIGXFSZ signal is now accepted as an alias for SIGHUP, in support | |
414 | of the wierd DEC Hesiod implementation. no practical significance. | |
415 | ||
416 | res/*: one important bug fix in the gethostent() stuff, and a whole bunch of | |
417 | evolutionary include file changes. | |
418 | ||
419 | include/*: include/sys was moved to compat/include/sys, since systems that | |
420 | do not need it really really really need to get their own instead. | |
421 | at some point i'm going to move the res/*.c files that are needed for | |
422 | compatibility but not really part of the resolver, into compat/lib. | |
423 | ||
424 | general: there are more settable parameters in the top-level Makefile, and | |
425 | they are propagated downward into the subdirectories' Makefiles. you | |
426 | should not have to edit any Makefile except the top-level one. Note | |
427 | that "make links" still creates local Makefiles in the build directory | |
428 | because "mkdep" still edits the Makefiles on most systems. | |
429 | ||
430 | 4.9-FINAL ------------------- | |
431 | ||
432 | Kevin Dunlap sent in some changes for the BOG. So did a lot of other folks. | |
433 | ||
434 | Someone asked about AXP-OSF, so I did a trivial 64-bit port. Porting to | |
435 | other 64-bit systems should be simple now. Someone also sent in some MIPS | |
436 | RISCOS portability changes, which were simple and therefore were put in. | |
437 | Note that some type names have been added to BSD 4.4 as a result of this | |
438 | work; they are going to be in <sys/types.h> in BSD 4.4 but they are in a | |
439 | local include file called <sys/bitypes.h> in this distribution, with | |
440 | appropriate #ifdef's in the include files that depend on them. Those of you | |
441 | who are porting to 64-bit platforms where "long" isn't 32 bits should be | |
442 | using these new names for your types; there was no standard before this, | |
443 | but the names we've added for BIND 4.9 and BSD 4.4 are going to be proposed | |
444 | to Posix at some point. Sometimes it's just not OK for "int" to be the | |
445 | "natural integer size of the machine" and you just _have_ to tell the compiler | |
446 | how many bits you want. | |
447 | ||
448 | The NIC added a new root server, thus pushing the size of a nonauthoritative | |
449 | root server response (which includes the root server list in the answer as | |
450 | well as the authority sections) over the 512-byte limit. This showed up a | |
451 | long-term BIND bug wherein it failed to set the TC ("truncation occurred") | |
452 | bit if truncation occurred anywhere but the answer section. Since truncation | |
453 | was occuring at the end of the packet, in the additional data section, this | |
454 | meant that BIND was generating truncated responses without setting TC in the | |
455 | response header. Upon further investigation, I found that BIND ignored TC | |
456 | on responses it received from other name servers. RFC 1035 states that RR's | |
457 | from truncated responses should not be cached; with creative interpretation | |
458 | of the exact 1035 wording, I found a way to reach this goal while still | |
459 | caching the answer section (as long as the truncation occurred in some other | |
460 | section, which 1035 gives no definitive way to determine but I'm happy with | |
461 | my guess). | |
462 | ||
463 | While researching the above, I finally broke down and added credibility | |
464 | output to the zone dump files. They are in the comments so should cause | |
465 | no trouble. There's more work to be done on the dump output; in particular, | |
466 | Phil Almquist proposed and even prototyped a "tagging" of all RR's with the | |
467 | A RR of the nameserver that sent them to us; this feature should be added | |
468 | and the dump output should include it. This would add a lot to our ability | |
469 | to track down corrupt data. | |
470 | ||
471 | Don Lewis and I had more discussions about TC and ended up agreeing that the | |
472 | right thing to do is to set TC on responses that overflow in the answer or | |
473 | authority section, truncating at an RR boundary, but do not set TC on responses | |
474 | that overflow in the additional-data section (truncating at a {name,type} | |
475 | boundary). This actually solves the root server problem pretty well, since | |
476 | BIND 4.9 will, when it tries to use an NS whose A isn't in the cache, generate | |
477 | a sysquery() for the missing A. (Heck, additional data TTL's are depreciated | |
478 | at the rate of 5% per use, so this would end up happening pretty quickly even | |
479 | if we did cache a partial {name,type} -- but now we won't have to.) | |
480 | ||
481 | While trying to fix all of this stuff I ended up moving some functions around | |
482 | to avoid duplicating them in different source files, and I reformatted some | |
483 | source lines that went over 80 characters. I also made a few things "static" | |
484 | that used to be unneccessarily global. More of that will happen in 4.9.1. | |
485 | ||
486 | DEC's product version of MIT Hesiod uses SIGXFSZ for what we do with SIGHUP; | |
487 | since the default for SIGXFSZ is to exit, it seemed prudent to wire it up to | |
488 | do what SIGHUP does instead, so that this BIND can run on DEC Hesiod servers. | |
489 | ||
490 | At the request of several people, I integrated the USC "dig" and Rutgers | |
491 | "host" tools into the distribution. This required some changes to the | |
492 | resolver library's debugging output formats, which will be visible in | |
493 | nslookup, nsquery, and any other tool that sets the RES_DEBUG option. | |
494 | Note that there is no support for "DEFNAMES" in this version of dig, due | |
495 | to design changes between 4.8 (from which "dig" is derived) and 4.9. there | |
496 | is no reason in principle why it can't be made to work, but it doesn't work | |
497 | now. therefore only fully-qualified names can be looked up with this "dig". | |
498 | ||
499 | I had to change the name of the resolver "state" structure to be "__res_state" | |
500 | for standards conformance (really, it is not reasonable to expect that because | |
501 | a program includes <resolv.h> it will never define its own structure called | |
502 | "state". This change highlights the imperative that any application which is | |
503 | relinked against this resolver must first be recompiled against these include | |
504 | files (notably <resolv.h>). This is true for almost all versions of libresolv. | |
505 | ||
506 | I asked for items for the "TODO" list and got quite a few. Check them out | |
507 | before you hack; someone else may already have started doing what you want to | |
508 | do. I also asked for tools for the "contrib" subdirectory and got 650KB worth. | |
509 | They make the BIND 4.9 distribution a lot larger than 4.8.3 was, but the extra | |
510 | bytes are well worth their weight. | |
511 | ||
512 | Kenneth Almquist (no relation to Phil, as far as I know) posted a patch for | |
513 | res_send() that lets it keep track of servers that are responding "SERVFAIL" | |
514 | or some other fatal condition; these servers are NOT used for retries of the | |
515 | current query. This information is not persistent between calls to res_send() | |
516 | since future calls will probably be for different {name,type} queries, which | |
517 | will not neccessarily fail in the same way. This change is trivial and makes | |
518 | a measurable difference in the amount of DNS traffic on my local net. | |
519 | ||
520 | 4.9-BETA ------------------- April 17, 1993 -- Paul Vixie -- DECWRL | |
521 | ||
522 | "Peter Koch" <pk@TechFak.Uni-Bielefeld.DE>'s previous patch caused core | |
523 | dumps on some systems. I fixed part of it and Peter sent me a fix for | |
524 | the rest of it. All is now well. | |
525 | ||
526 | The Bind Operations Guide in doc/BOG has been updated to 4.9. Also, the | |
527 | man page in man/named.8 has had some patches applied. The copyrights are | |
528 | all fixed now. Let's get this thing OUT of here! | |
529 | ||
530 | 4.9-ALPHA ------------------- March 15, 1993 -- Paul Vixie -- DECWRL | |
531 | ||
532 | There was a really bad bug affecting wildcards. I received a patch | |
533 | from "Peter Koch" <pk@TechFak.Uni-Bielefeld.DE> which fixes some of | |
534 | it, but I can't quite motivate myself to fix the rest of it since I | |
535 | know that what's _really_ wrong is going to require chainsaws and | |
536 | dynamite to fix and that'll add another year to the release. I think | |
537 | that this patch will hold us for a while. | |
538 | ||
539 | There are a LOT of portability changes that I'm holding onto, especially | |
540 | including 64-bit fixes. Do not submit any more portability changes | |
541 | until 4.9.1 opens. Go ahead and make them, but be prepared to remake | |
542 | them later. Let me know what you are doing but don't send me any diffs | |
543 | for portability until I ask for them. 4.9 has been stuck in the barrel | |
544 | for way too long already -- patches that don't fix RFC-noncompliance or | |
545 | core dumps will just go into my "todo" folder (which is presently a | |
546 | black hole of great mass). | |
547 | ||
548 | 4.9-ALPHA ---------------- Febrtuary 2, 1992 -- Paul Vixie -- DECWRL | |
549 | ||
550 | Mostly portability fixes. The nslookup "lex" problem is BSDI-specific | |
551 | and I'm not going to hold up release because of it. This will be the | |
552 | last alpha release before the public beta. It is, as usual, running | |
553 | the DEC.COM primary name service and has done so for more than a week | |
554 | without any problems. | |
555 | ||
556 | 4.9-ALPHA ---------------- January 10, 1993 -- Paul Vixie -- DECWRL | |
557 | ||
558 | Once I get the known bug in nslookup (see below) fixed, this version is going | |
559 | to go into public beta. I would appreciate it if everyone would try it out. | |
560 | ||
561 | KNOWN BUG IN THIS RELEASE: something wild is going on inside of the yylex() | |
562 | routing on BSD/386 systems. It only affects nslookup. I'm still trying to | |
563 | figure out how I'm going to debug this; lex experts, please see what's going | |
564 | on. None of the changes since the 930105 release should have been capable | |
565 | of producing this change, but something is sure doing it. | |
566 | ||
567 | I finally fixed the {GET,PUT}{SHORT,LONG} macros to stop issuing warnings | |
568 | on HP-UX systems. They are also warning-free on Ultrix(SPIM,VAX), BSDI(386), | |
569 | and SunOS(SPARC) systems. I took the plunge and changed the internal functions | |
570 | in res/res_comp.c to depend on these macros instead of duplicating the code, | |
571 | and everything still works. | |
572 | ||
573 | Tom Limoncelli found three ancient memory leaks. I fixed two of them | |
574 | but the last one looks too much like a "cannot happen" for me to be | |
575 | willing to experiment with it. Besides which, it's "very" minor. | |
576 | ||
577 | Uses setsid() on POSIX systems. PID file is now optional. (arc@sgi) | |
578 | ||
579 | Comments (";" or "#") are now allowed in resolv.conf (arc@sgi). | |
580 | ||
581 | Documentation and copyright changes in README. | |
582 | ||
583 | Known to compile on NeXT machines. | |
584 | ||
585 | Some portability changes for AIX, whose CC is very picky. | |
586 | ||
587 | I forgot to mention in the 921227 release that T_RP is supported (arc@sgi). | |
588 | ||
589 | I included a number of changes that Alan Barrett has been trying to get | |
590 | in since the 921221 version. Most are portability-related, and the few | |
591 | things that are functional are changes to my own previous additions :-), | |
592 | so I'm fairly sure that they are doing the right thing. Alan's changes | |
593 | include: | |
594 | ||
595 | include/arpa/nameser.h | |
596 | improved error diagnosis in the BYTE_ORDER configuration. | |
597 | ||
598 | changed hp9000 test to hp9000s300. As far as I know, there is | |
599 | no hp9000 preprocessor symbol. Should probably add other | |
600 | hp9000s<whatever> tests, but have not done so. | |
601 | ||
602 | named/ns.h | |
603 | Moved the XFER-related stuff from the end of the file to near | |
604 | the top, where it is grouped with similar stuff. | |
605 | ||
606 | Makefiles: | |
607 | Add SYSLIBS variable, so folk can compile with -lBSD easily. | |
608 | ||
609 | Changed install targets to make them easier to customise. | |
610 | ||
611 | make links wasn't handling named.{reload,restart}* | |
612 | ||
613 | Add ${CDEBUG} flag to link step. Some debuggers don't work | |
614 | right if the program isn't linked with the -g flag. | |
615 | ||
616 | struct timeval members are declared as unsigned long on some systems. | |
617 | Add casts to (long) in several if statements that appear to assume | |
618 | that tv_sec is signed. | |
619 | ||
620 | PID_FIX in ns_main.c controlled more than just whether or not the | |
621 | pid file gets fixed. | |
622 | Changed it to control only that one feature. | |
623 | ||
624 | For debugging, it is useful for a nameserver to listen to non-standard | |
625 | port, but to forward requests to a standard port. | |
626 | Add "-p remote/local" option to named/ns_main.c. | |
627 | Also needed some other changes elsewhere. | |
628 | ||
629 | Don't forward back to the host that asked us a question, unless they | |
630 | asked from some port other than their nameserver port. This allows a | |
631 | dig or nslookup user on a host to ask us questions with | |
632 | recursion-desired, where we are willing to recursively ask the | |
633 | nameserver on their host. However, if a nameserver asks us something | |
634 | we will not recurse back to them. | |
635 | nslookup() in named/ns_forw.c checks for this and returns -1. | |
636 | ns_forw() and sysquery() notice this and return SERVFAIL. | |
637 | ||
638 | Moved the nsContainsUs functionality from a separate routine | |
639 | into nslookup(). No need to do the same tree walk several times. | |
640 | ||
641 | While trying to track down various problems, added detection | |
642 | and logging of errors in several syscalls in ns_main.c. | |
643 | ||
644 | Avoid integer overflow in roundtrip time calc in ns_resp. | |
645 | This needs a definition for INT_MAX. | |
646 | ||
647 | Fixed root zone transfer bug. Also corrected some slightly misleading | |
648 | comments in the doaxfr() code, and added some more comments. | |
649 | ||
650 | 4.9-ALPHA ---------------- January 5, 1993 -- Paul Vixie -- DECWRL | |
651 | ||
652 | This one was built and tested on Ultrix 4.2 (SPIM, MIPS CC and GCC), | |
653 | BSD/386 (Gamma.4), Sun SPARC (4.0.3, sorry, that's the latest I have), | |
654 | 4.3BSD Reno (VAX, PCC), and Ultrix 3.0 (VAX PCC). | |
655 | ||
656 | Moved res/defs.h to conf/portability.h; named/options.h to conf/options.h. | |
657 | ||
658 | Portability changes for O_NDELAY. SUNOS is really strange about this. | |
659 | ||
660 | Removed some unneccessary goto's added to ns_main.c on 1jan. Oops. | |
661 | ||
662 | Art Harkin of HP sent in a number of small (read: obviously correct) | |
663 | improvements, some related to portability, some to functionality. | |
664 | ||
665 | 4.9-ALPHA ---------------- January 1, 1993 -- Paul Vixie -- DECWRL | |
666 | ||
667 | Changed all O_NONBLOCK to O_NDELAY. Changed all {r}index to str{r}chr. | |
668 | ||
669 | Added some SysV support in the form of bcopy->memcpy, bzero->memset. | |
670 | ||
671 | Added C_HS support to named-xfer (greg@duke.cs.unlv.edu). | |
672 | ||
673 | Fixed a line-number problem in asp's "include" logic (asp@uunet.uu.net). | |
674 | ||
675 | streamq's were being used after free(). bug report from fuat@ans.net | |
676 | and jpe@ee.egr.duke.edu. bug fix by vixie. | |
677 | ||
678 | In the resolver, we now default to address 127.0.0.1 rather than 0.0.0.0. | |
679 | There's a comment in the code that explains why. | |
680 | ||
681 | In the resolver, arc@xingping.esg.sgi.com changed it to use inet_aton() | |
682 | and included that function for those not running 4.4bsd. | |
683 | ||
684 | arc@xingping.esg.sgi.com also provided lots of portability fixes and | |
685 | general cleanups, in particular to nslookup which he maintains for CSRG. | |
686 | ||
687 | 4.9-ALPHA ---------------- December 27, 1992 -- Paul Vixie -- DECWRL | |
688 | ||
689 | Added strtoul() to libresolv.a since it's yet another neccessary function | |
690 | that older systems don't have. If we can stomach strcasecmp() we can sure | |
691 | handle this. | |
692 | ||
693 | Moved res/named/gethostnamadr.c to res/gethnamaddr.c (note basename change) | |
694 | and res/named/sethostent.c to res/sethostent.c. Since the host table stuff | |
695 | isn't in separate files any more I saw no reason to retain the subdirectory. | |
696 | ||
697 | Updated all the copyrights and applied the small lint changes that bring | |
698 | the baseline of this version from "4.8.3 as seen on ucbarpa" up to "4.8.3 | |
699 | as released with net-2". Thanks to the alpha testers for pointing this out | |
700 | to me and for sending in the diffs. | |
701 | ||
702 | With much howling and screaming, I ported this to UMIPS (MIPS System V). | |
703 | There are a lot of really bad things going on in their libc.a, and now | |
704 | they're going on in BIND as well. | |
705 | ||
706 | I added a "res/defs.h" file and then proceeded to include it from all kinds | |
707 | of files that aren't in res/. I'm thinking of moving it but I'm also trying | |
708 | to figure out where -- include/ is the wrong place. res/defs.h has in it all | |
709 | the ugly ifdef's needed to figure out whether this is a late-model BSD system, | |
710 | a POSIX system, or just old. | |
711 | ||
712 | All the "#endif" and "#else" cpp directives now have comments around their | |
713 | annotations. It turns out that System V CPP complains about "#endif DEBUG" | |
714 | but has no problem with "#endif /*DEBUG*/". In many cases where the #ifdef | |
715 | was obviously visible and unambiguous, I simply removed the annotation. | |
716 | ||
717 | The "l" is now a ";". Thanks to all who replied :-). | |
718 | ||
719 | There was a very bad bug in the named-xfer interface. 'nuff said. | |
720 | ||
721 | AIX needs a 32-bit field for PID's. I can't imagine. But it's fixed. | |
722 | ||
723 | The "domain" directive in named.boot is now an option, defaulting to off. | |
724 | ||
725 | There was a benign bug in sqrm(). | |
726 | ||
727 | doaxfr() is now shorter and clearer. | |
728 | ||
729 | There is an "include" directive in the named.boot file now. Its syntax is | |
730 | simple: "include somefile". No quotes, no "#", no <brackets>. This feature | |
731 | was in 4.9-ALPHA as well, courtesy of Andrew Partan. I forgot to document it. | |
732 | ||
733 | 4.9-ALPHA ---------------- December 21, 1992 -- Paul Vixie -- DECWRL | |
734 | ||
735 | This release incorporates fixes from a lot of people, including many from | |
736 | DECWRL. Some fixes are just lint; some are to avoid dumping core on non-VAX | |
737 | computers; many are to fix promiscuity, corruption, and rudeness. | |
738 | ||
739 | Various internal DEC programmers have ported the old 4.8.3 code to various | |
740 | not-entirely-BSD-like platforms and turned up some interesting lint. All | |
741 | of this has been fixed. Also, we fixed a bad bug in the handling of timeouts | |
742 | and SERVFAIL's when forwarders and slave are both used. | |
743 | ||
744 | I have made major changes to the code inside the ALLOW_UPDATES ifdef's, but | |
745 | I don't use it and have never compiled with that option turned on so I don't | |
746 | know if it still works. Given that SNMP has come and there is an IETF WG for | |
747 | SNMP management of the DNS, I am thinking very seriously of purging all of the | |
748 | ALLOW_UPDATES code in 4.9.1. I suspect that Mike Schwartz will let me know if | |
749 | this is ok.. | |
750 | ||
751 | (interrim "KJB" notes) ------------------- March, 1992 -- Paul Vixie -- DECWRL | |
752 | ||
753 | If we are about to forward a query for some zone for which we are one of the | |
754 | servers, we send back a SERVFAIL instead. If we don't have it, chances are | |
755 | good that the other name servers won't have it either. This is the major | |
756 | cause of "network meltdown" when the root servers declare you as a name server | |
757 | for some zone you don't know about and havn't configured yourself for. | |
758 | ||
759 | Fixed a memory leak such that if db_update() fails to update the database | |
760 | from a response packet, a databuf will no longer be orphaned. Also fixed | |
761 | what looks like a similar leak in the ALLOW_UPDATES code but I don't use it | |
762 | that hasn't been tested. | |
763 | ||
764 | Fixed a memory sponge such that if we forward a query to someone who is not | |
765 | ever going to answer it, we will eventually expire it from our query queue. | |
766 | Previously it would expire after N retries to N' different servers, which | |
767 | could be a very long time. Particularly in the case of lame delegations and | |
768 | other forwarding loops, we feel that 90 seconds (two max-retry intervals) is | |
769 | enough time for a query to be answered. While we were into this code we made | |
770 | several fields in the query structure into "short"'s since they were only | |
771 | being used to store smallish integers. The query list gets Very Long during | |
772 | a forwarding loop -- even 90 seconds worth of queries is a lot of queries. | |
773 | ||
774 | This version includes my hacks that assign a "credibility index" to each | |
775 | <name,type> such that when more credible data arrives for a given | |
776 | <name,type>, all old data is purged. When equally-credible data arrives it | |
777 | is aggregated in the way we all know and love; when less credible data | |
778 | arrives it is completely ignored. Credibility, from best to worst, is: | |
779 | 1. zone files (primary or secondary) | |
780 | 2. authoritative answers | |
781 | 3. non-authoritative answers and authority records | |
782 | 4. additional data | |
783 | 5. zone files ("cache" or "bootstrap" information) | |
784 | You need this version of bind if you still show any A RR's in network | |
785 | 32.0.0.0 when you look up uucp-gw-1.pa.dec.com's A or adobe.com's NS. | |
786 | ||
787 | I have also added some extra code to prevent pollution of the internal | |
788 | "hint cache." In all versions of BIND that I was able to test, any IN_A | |
789 | response to any sysquery() would cause the IN_A RR to be added to the | |
790 | fcachetab ("hint cache"). This resulted in lots of extra cruft in the hint | |
791 | cache, that wasn't timed out properly, which in turn resulted in lots of | |
792 | strange answers ('nuff said, take my word for it.) | |
793 | ||
794 | Though changes have been made to make the Ultrix and GNU (2.1) C compilers | |
795 | stop complaining about the source, it should still compile and run just | |
796 | about anywhere. In fact, after I cleaned up lots of old lint, this version | |
797 | of BIND is known to compile and run on: | |
798 | ||
799 | Ultrix 4.2 (MIPS or VAX) | |
800 | SunOS 4.0.3 | |
801 | BSD/386 (BSDi beta) | |
802 | ||
803 | This was being released as King James Bind because, like KJ Sendmail, it is | |
804 | a merge of every major variant of Bind that we know about. It was | |
805 | assembled and tested by Paul Vixie of DEC NSL/WRL, with generous donations | |
806 | of code and advice from Win Treese of DEC CRL. Changes from Don Lewis of | |
807 | Harris, Andrew Partan of UUNET, and Piet Beertema of EUNet are also included. | |
808 | See the OPTIONS file for a description of the changes you can control with | |
809 | #ifdef's. | |
810 | ||
811 | This server has been run on UUCP-GW-{1,2}.PA.DEC.COM, which are in the UUCP | |
812 | Zone. Our named.boot file has ~1900 lines in it. Before we instituted the | |
813 | changes in this release, our name server usually ran at about 16MB virtual, | |
814 | 15MB physical, growing slowly but constantly until we restarted it. | |
815 | Whenever a new zone was added to the NIC's root zone listing us as a name | |
816 | server, our servers would kill themselves and eachother (and NS.UU.NET, one | |
817 | of the other UUCP Zone name servers) with forwarding loops. After these | |
818 | changes, we run at a fairly constant 8MB virtual and physical size, and our | |
819 | apparent CPU utilization is always 0.0% since we never finish a quantum and | |
820 | the scheduler always sees us as waiting for I-O. In other words, life is good. | |
821 | ||
822 | Notes from UCB version 4.8.3 follow: | |
823 | ||
824 | ------------------- | |
825 | ||
826 | This is version 4.8.3 of bind. It is a test release that updates | |
827 | versions 4.8 and 4.8.1 with fixes, and is essentially the same as | |
828 | the version of named on the 4.3BSD Reno release. Although it is | |
829 | currently described as a test release, it is believed to be reasonably | |
830 | stable and more usable than the previously-released versions. | |
831 | Here are some of the more important changes: | |
832 | ||
833 | o A list of domains may be specified for searching in resolv.conf instead | |
834 | of just the local domain name. | |
835 | ||
836 | o gethostbyname() will accept a dotted quad. | |
837 | ||
838 | o Support has been added for the the T_TXT data type and for the class | |
839 | C_HS. These are both used by Hesiod from Project Athena at MIT. | |
840 | ||
841 | o All of the pathnames have been put into one header file. This | |
842 | makes it easier to change the location based upon your local | |
843 | configuration. | |
844 | ||
845 | o Responses are only accepted from an address to which we might of sent | |
846 | the request. This might cause problems if some server is multihomed | |
847 | and is still running BIND 4.3, but it prevents attacks induced by | |
848 | sending responses from another address. | |
849 | ||
850 | o Numerous bugs have been fixed: Adding a new authoritative zone now | |
851 | works when the server has a cached SOA record. Comparisons in the | |
852 | db now look at type and class as well instead of dropping records | |
853 | with identical data. Scheduling of maintenance interrupts has been | |
854 | moved to one routine avoid spurious ones. Named goes into the background | |
855 | after more of the initialization is done. Stream connection queue | |
856 | handling was cleaned up including a bug that caused data corruption | |
857 | and core dumps. Sys5 no longer can have multiple transfers of the | |
858 | same zone occuring at the same time. Handle CNAME -> CNAME loops | |
859 | more gracefully. Avoid making one server never get queried. Border | |
860 | conditions in resolver are checked more accurately. | |
861 | ||
862 | o Nslookup has been updated. | |
863 | ||
864 | There are several bug reports that have yet to be integrated into this | |
865 | version. Hopefully they will be dealt with in the next release. Please | |
866 | send feedback on this release. | |
867 | ||
868 | Notes from versions 4.8.1 and 4.8 follow: | |
869 | ||
870 | ------------------ | |
871 | ||
872 | This is version 4.8.1 of bind. It is a test release that includes | |
873 | version 4.8 with fixes, asynchronous zone transfer and better reload | |
874 | capabilities. Although it is currently described as a test release, | |
875 | it is believed to be reasonably stable and more usable than the currently- | |
876 | released version, 4.8. The changes of note are: | |
877 | ||
878 | o The asynchronous zone transfer code previously posted to the bind | |
879 | mailing list has been integrated, completed and tested. There are | |
880 | a number of changes from the version posted, including fixes to | |
881 | allow top-level domains to work and a simplification of the timer | |
882 | code. | |
883 | ||
884 | o The code for reloading the server has been changed so that only | |
885 | primary zones master files that have changed are reloaded. The | |
886 | cache and secondary zones are not flushed, and the sortlist, domain, | |
887 | etc. are reset to correspond to the boot file contents. | |
888 | ||
889 | o Several bugs have been fixed: the name "*" is not interpreted as | |
890 | a wildcard in cached zones, only in primary zones. Secondary servers | |
891 | no longer decrement the time-to-live of records by the time since | |
892 | they verified the zone with the master; as a result, they never | |
893 | hand out nameserver referrals with too short a TTL to be usable. | |
894 | A bug was fixed that caused secondary servers with out-of-date | |
895 | zones to return empty answers between the actual expiration time | |
896 | and the next timeout. | |
897 | ||
898 | There are several other bugs that have been reported but have not yet | |
899 | been fixed. In addition, the next regular release of named will | |
900 | support negative caching, but this has not been integrated. | |
901 | ||
902 | I would appreciate receiving feedback on this release; in particular, | |
903 | problems (or lack of problems) when installing on various systems. | |
904 | I attempted to update the SysV code when integrating the zone-transfer, | |
905 | but haven't tested it. | |
906 | ||
907 | The notes from version 4.8 follow. | |
908 | ||
909 | ---------- | |
910 | Welcome to version 4.8 of bind. | |
911 | ||
912 | There have been several changes to the named boot file (/etc/named.boot) | |
913 | of which you should be aware. The "domain" line for each zone is no longer | |
914 | needed, but one such line may still be used to specify a default domain | |
915 | to be used for queries containing names with only a single component. | |
916 | The term "suffixes", which was added in version 4.7alpha, has been removed. | |
917 | ||
918 | The manual page on named (named.8) has been updated to reflect all | |
919 | these changes. Please read this and look at the example files | |
920 | before installation. You should also note the changes in the | |
921 | resolver code to support non-fully-qualified addresses and per-user | |
922 | host aliases. See hostname(7) for an overview. Two new routines | |
923 | have been added to the resolver library since the last test release: | |
924 | res_query formulates a query, sends it, waits for a response and does | |
925 | preliminary error checking; res_search implements the search rules | |
926 | of gethostbyname using res_query. | |
927 | ||
928 | The MX lookup routine in sendmail has been modified to use res_search. | |
929 | Also, dn_skip takes an additional parameter and has been renamed | |
930 | to dn_skipname. While old sendmail binaries will work with the new | |
931 | version of bind, because of these changes, it is desirable to install | |
932 | new sendmail sources and recompile sendmail. Do not rebuild sendmail | |
933 | from old sources. The new sendmail is on ucbarpa.Berkeley.EDU for | |
934 | anonymous FTP from pub/4.3/sendmail.MX.tar and pub/4.3/sendmail.MX.tar.Z. | |
935 | ||
936 | There have been numerous changes to named, fixing most of the known | |
937 | bugs that can be fixed without major structural changes in the server. | |
938 | Several server configurations that failed before should now work. | |
939 | Certain robustness problems have been fixed, in particular bounds- | |
940 | checking when processing incoming packets. Two changes have been made | |
941 | in preparation for negative caching: SOA records are sent in the authority | |
942 | section in negative responses with NXDOMAIN set, and a bug was fixed that | |
943 | caused confusion and repeated requests if a response had no error, no answer | |
944 | and an SOA in the authority section. As such responses are already sent | |
945 | by other servers, and will be sent by the next release of BIND, it is | |
946 | important that all sites upgrade to this version as quickly as possible. | |
947 | ||
948 | The root "hint" cache and cache file remain the largest problem area, | |
949 | along with named's naivete in accepting bogus server's data. | |
950 | These will be addressed in the next release, along with asynchronous | |
951 | zone transfers, intelligent reloading of zone files, faster startup, | |
952 | and caching of negative responses. | |
953 | ||
954 | This version (4.8) will replace the last officially released version (4.5). | |
955 | Version 4.5 has a serious bug that causes the generation of a continuous | |
956 | stream of bogons to the root domain servers (bogus queries with the query | |
957 | response bit set and possibly garbage for nsid and rcode). It is imperative | |
958 | that these versions of named be replaced as fast as possible. We urge you to | |
959 | field 4.8 quickly, for the sake of the root domain servers. | |
960 | ||
961 | Mike Karels | |
962 | Jean Wood | |
963 | bind@ucbarpa.Berkeley.EDU | |
964 | ||
965 | ## ++Copyright++ | |
966 | ## - | |
967 | ## Copyright (c) | |
968 | ## The Regents of the University of California. All rights reserved. | |
969 | ## | |
970 | ## Redistribution and use in source and binary forms, with or without | |
971 | ## modification, are permitted provided that the following conditions | |
972 | ## are met: | |
973 | ## 1. Redistributions of source code must retain the above copyright | |
974 | ## notice, this list of conditions and the following disclaimer. | |
975 | ## 2. Redistributions in binary form must reproduce the above copyright | |
976 | ## notice, this list of conditions and the following disclaimer in the | |
977 | ## documentation and/or other materials provided with the distribution. | |
978 | ## 3. All advertising materials mentioning features or use of this software | |
979 | ## must display the following acknowledgement: | |
980 | ## This product includes software developed by the University of | |
981 | ## California, Berkeley and its contributors. | |
982 | ## 4. Neither the name of the University nor the names of its contributors | |
983 | ## may be used to endorse or promote products derived from this software | |
984 | ## without specific prior written permission. | |
985 | ## | |
986 | ## THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | |
987 | ## ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
988 | ## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
989 | ## ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
990 | ## FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
991 | ## DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
992 | ## OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
993 | ## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
994 | ## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
995 | ## OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
996 | ## SUCH DAMAGE. | |
997 | ## - | |
998 | ## Portions Copyright (c) 1993 by Digital Equipment Corporation. | |
999 | ## | |
1000 | ## Permission to use, copy, modify, and distribute this software for any | |
1001 | ## purpose with or without fee is hereby granted, provided that the above | |
1002 | ## copyright notice and this permission notice appear in all copies, and that | |
1003 | ## the name of Digital Equipment Corporation not be used in advertising or | |
1004 | ## publicity pertaining to distribution of the document or software without | |
1005 | ## specific, written prior permission. | |
1006 | ## | |
1007 | ## THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL | |
1008 | ## WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES | |
1009 | ## OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT | |
1010 | ## CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL | |
1011 | ## DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR | |
1012 | ## PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS | |
1013 | ## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS | |
1014 | ## SOFTWARE. | |
1015 | ## - | |
1016 | ## --Copyright-- |