| 1 | 4.9.2 ------------------ BETA5 ----------------- Paul Vixie |
| 2 | |
| 3 | 52. A number of optimizations that fell out of negative caching and/or the |
| 4 | validation code have been turned off in order to avoid confusing older |
| 5 | nameservers and their unfortunate assumptions about co-invariants. |
| 6 | Mark Andrews and Robert Elz were the principle debuggers and contributors |
| 7 | to this part of the effort. |
| 8 | |
| 9 | 51. We're now much more portable to systems without Posix or BSD signals, |
| 10 | thanks to Bill Wisner. |
| 11 | |
| 12 | 50. tools/host.c now has more reasonable error messages and can deal with |
| 13 | negative caching servers. |
| 14 | |
| 15 | 49. Lots of Makefile gaffes are now fixed. |
| 16 | |
| 17 | 48. New "host" in contrib/host/, complements of Eric Wassenaar. |
| 18 | |
| 19 | 47. AFSDB support is now complete, thanks to Chris Everhart. |
| 20 | |
| 21 | 46. The bug whereby named would sporadically return NXDOMAIN when it should |
| 22 | have sent back a referral has been fixed. |
| 23 | |
| 24 | 4.9.2 ------------------ BETA3, BETA4 ----------------- Paul Vixie |
| 25 | |
| 26 | 45. Robert Elz has provided updated LOCALDOMAIN environment variable |
| 27 | processing, making it more like resolv.conf's "search" than "domain". |
| 28 | In the spirit of this I have added a RES_OPTIONS environment variable |
| 29 | and a corresponding "options" keyword to resolv.conf. All of this is |
| 30 | documented in the man pages and in the BOG. Robert has also contributed |
| 31 | several bug fixes to the validation and negative caching code. |
| 32 | |
| 33 | 4.9.2 ------------------ ALPHA ----------------- Paul Vixie |
| 34 | |
| 35 | 44. BETA1, BETA2, and three patches to BETA2 have all come and gone without |
| 36 | itemized descriptions in this file. I'll provide the RCS history on the |
| 37 | code to anyone who asks, but basically what's been happening is that some |
| 38 | core dumps were fixed, others added, then those were fixed too. Meanwhile |
| 39 | RFC 1535 has been published, codifying CERT's concerns and our answer to |
| 40 | them. BIND is now RFC 1535 compatible. RFC's 1535, 1536, and 1537 are |
| 41 | now included in the doc/ directory. Note that Mark Andrews supplied many |
| 42 | of the fixes to the core dumps, some of which were introduced by me and |
| 43 | some by ISI's negative caching and/or validation code. |
| 44 | |
| 45 | 43. patch05 to ALPHA2 (930908) released: this includes new DNSRCH logic to |
| 46 | correct a serious problem that CERT called me with today. the change is |
| 47 | subtle and will have the effect that names which could match either as |
| 48 | fully qualified names or partially qualified names using the local search |
| 49 | list will be found as fully qualified. previous releases would have found |
| 50 | them first through the local search list. local search lists are a bad |
| 51 | idea in my opinion; see new SEARCH_DEFAULT option in OPTIONS file for more |
| 52 | information. also in this release: limited Solaris support, in the form |
| 53 | of POSIX-style signal handling used on systems which support (or require) |
| 54 | it. as of this patch, 4.9.2 has a good chance of compiling out of the box |
| 55 | on Solaris, modulo makefile edits. dig and host should be more portable |
| 56 | now, too. |
| 57 | |
| 58 | 42. patch04 to ALPHA2 (930908) released: this corrects several borderline |
| 59 | syntax errors in various Makefiles (Sun and Ultrix makes complained); |
| 60 | it corrects a coredump on Ultrix systems (which aren't really as POSIX |
| 61 | as i thought they were); it lets dig and nslookup compile again on SunOS; |
| 62 | and it cleans up some dirty junk in named-xfer.c. this stuff is really |
| 63 | really minor but i would like to see it tested on a Sun system before the |
| 64 | beta. |
| 65 | |
| 66 | 41. patch03 to ALPHA2 (930908) released: this uses compat/include by default |
| 67 | which is helpful on BSD/386 systems and shouldn't hurt any others except |
| 68 | perhaps real 4.4BSD systems (and maybe not even those); it removes Bryan |
| 69 | Beecher's SHUFFLE_ADDRS option since he and I agree that Marshall Rose's |
| 70 | ROUND_ROBIN stuff is more general and cleaner; it includes various patches |
| 71 | to the documentation sent in by several folks (please print the BOG and |
| 72 | let me know if you find problems in it); it fixes "make depend" problem |
| 73 | in "man/" subdirectory; it fixes several outright bugs in Gregory Shapiro's |
| 74 | SECURE_ZONES code; it removes an obscure syslog() that should have been a |
| 75 | dprintf() ("validate_count -> 0"); it fixes a bug in NCACHE whereby a T_ANY |
| 76 | query for a name which was negatively cached but had children would return |
| 77 | _answers_ with the T_ANY type for subsequent queries; several newer syslog |
| 78 | messages were reworded to make them clearer; a portability bug in the |
| 79 | SUNSECURITY logic was fixed; another in the RFC1101 logic was fixed; |
| 80 | support for the PAGER environment variable was added to nslookup (sorry, |
| 81 | i know we're in functional freeze but this will enable development in the |
| 82 | next cycle and it was pretty simple) and only affects the "view" and "help" |
| 83 | commands. |
| 84 | |
| 85 | 40. patch02 to ALPHA2 (930908) released; this includes more fixed from Mark |
| 86 | Andrews, this time to Anant's NCACHE stuff (memory leak and functional |
| 87 | bug). Also included is a patch from Gregory Neil Shapiro to his SECURE_ |
| 88 | ZONES code, which I hadn't noticed since I don't run it here. |
| 89 | |
| 90 | 39. patch01 to ALPHA2 (930908) released; this includes some fixes from Mark |
| 91 | Andrews to his "clev" and ADDAUTH stuff. The "clev" patch fixes a problem |
| 92 | on all servers; the ADDAUTH stuff is still experimental so most users will |
| 93 | not be affected by it. Dave Morrison also sent a patch for the USE_UTIME |
| 94 | logic, which is important for ULTRIX systems. |
| 95 | |
| 96 | 38. 4.9.2-ALPHA2 released on 930908. |
| 97 | |
| 98 | 37. Mark Andrews sent an initial attempt at implementing ADDAUTH, which will |
| 99 | eventually allow named to include authority and glue RR's with all |
| 100 | authoritative answers. I am not sure that the design goal is right, and |
| 101 | the implementation currently sends back glue RR's but no authority RR's, |
| 102 | so I'm recommending against using this for now. But since it changes some |
| 103 | internal interfaces in a harmless enough way, I'm including the changes. |
| 104 | |
| 105 | 36. Marshall Rose's ROUND_ROBIN code snuck in at the last hour. This is the |
| 106 | best answer I've seen to the problems purported to be solved by SA RR's, |
| 107 | and my wording in the OPTIONS file shows this. |
| 108 | |
| 109 | 35. These items from TODO is now done: |
| 110 | |
| 111 | [vixie@pa.dec.com 25apr93]: clean up debugging |
| 112 | replace all "#ifdef DEBUG...fprintf(...)...#endif" with dprintf(...) |
| 113 | which would be a macro that only expands to an fprintf() if DEBUG is |
| 114 | set. dprintf(x, (args)) with x as the log level. perhaps change log |
| 115 | levels to be symbolic, and perhaps make them a mask instead of a limit. |
| 116 | |
| 117 | [vixie@pa.dec.com 25apr93]: clean up #ifdef's and portability |
| 118 | add and use function prototypes. make everything static that can be. |
| 119 | externs should only be in .h files (add more .h files, per module if |
| 120 | needed, to cover these). add "export" keyword (null define) to make |
| 121 | it clear which names are exported and which are static. all top-blevel |
| 122 | names in a module must be "export" or "static". |
| 123 | |
| 124 | [gshapiro@wpi.wpi.edu and vixie@pa.dec.com 26apr93]: access control |
| 125 | "xfrnets" is ok but what we really need is full access control per |
| 126 | zone rather than a global list of acceptable client nets. this is |
| 127 | especially important if you send /etc/passwd via zone transfer. |
| 128 | |
| 129 | [postel@isi.edu anant@isi.edu jaffe@noc.rutgers.edu |
| 130 | 28apr93]: negative caching |
| 131 | Paul: |
| 132 | We'ed like to have included in 4.9.1 |
| 133 | our implemention for negative caching. |
| 134 | --jon & Anant. |
| 135 | |
| 136 | [vixie@pa.dec.com 16may93]: inet_addr needs to die |
| 137 | to be replaced by calls to inet_aton, which doesn't confuse the |
| 138 | broadcast address with bad addresses. |
| 139 | |
| 140 | [Paul: I know you said that you'd like to wait for the IETF DNS WG to |
| 141 | "bless" an official load balancing scheme, but I'll be adding my |
| 142 | shuffle A records to BIND 4.9 for use here at U-M anyhow. The code |
| 143 | mods to existing source files are minimal since the bulk of the work |
| 144 | is done in a separate .c I added. If you don't want SA records to |
| 145 | move into 4.9.1 unless they become official, please just toss this |
| 146 | first entry. --bryan@umich.edu] |
| 147 | |
| 148 | [bryan@umich.edu 25apr93]: add "shuffle A" records |
| 149 | There are several schemes for adding some kind of load balancing |
| 150 | capability to the DNS. Our "Shuffle Address" (SA) records are one |
| 151 | stab at this, and since they're in use at U-M, I need to add them |
| 152 | so we can use BIND 4.9 here. |
| 153 | |
| 154 | [bryan@umich.edu 25apr93]: add AFSDB records |
| 155 | AFSDB records were proposed in RFC xxxx. We use them here at the |
| 156 | University of Michigan, so I need to add them for our copy of |
| 157 | BIND 4.9. |
| 158 | |
| 159 | [bryan@umich.edu 25apr93]: small fix to resolver's p_cdname() |
| 160 | The current copy of p_cdname() in the resolver does not work |
| 161 | for query responses larger than 512 bytes (which can happen when |
| 162 | using TCP). A very small modification changes the "sanity check" |
| 163 | argument (the second one) to dn_expand() from "msg + 512" to |
| 164 | "cp + MAXCDNAME". (This showed up very recently.) |
| 165 | |
| 166 | 34. While waiting for some last minute changes from volunteers, I looked |
| 167 | at my work queue and saw that asp@uunet.uu.net had asked a while ago |
| 168 | that named not fork/exec a named-xfer unless it had already determined |
| 169 | that the serial number was out of date. This is important to sites like |
| 170 | UUNET and DECWRL, which have thousands of "secondary" lines in their |
| 171 | named.boot and can take hours to check all the serial numbers at boot |
| 172 | time if named forks/execs named-xfer and lets named-xfer compare the |
| 173 | serial numbers, rather than comparing them in named and only fork/exec'ing |
| 174 | a named-xfer if it's actually neccessary to do a transfer. In spite of |
| 175 | C's lack of threads, this only took a few hours to do. So it's in. |
| 176 | |
| 177 | 33. Gregory Shapiro's "secure_zone" changes are in. See the BOG. |
| 178 | |
| 179 | 32. Internals changes: STATS is no longer optional; ns_req() has been split |
| 180 | into three functions for readability. Convex systems are now supported. |
| 181 | You can now define LOG_FAC in conf/options.h if you want to syslog as |
| 182 | LOG_LOCAL1 or some other non-LOG_DAEMON value. The mkstemp() problem on |
| 183 | ULTRIX has been fixed. More dead code has been eliminated. |
| 184 | |
| 185 | 31. Large TCP queries are now printable in debug mode (which is used by |
| 186 | "dig" and "nslookup"), thanks to a patch and a lot of patient explain- |
| 187 | ations from Bryan Beecher. |
| 188 | |
| 189 | 30. Data from subdomains ("deeper zones") is now considered more credible |
| 190 | than data from parent zones, if both are authoritative. This permits |
| 191 | a subdomain's data to differ from its parents delegation information |
| 192 | and have the most-local information supercede the least-local. Mark |
| 193 | Andrews <marka@syd.dms.csiro.au> sent this in, and it is nonoptional. |
| 194 | |
| 195 | 29. rossc@ucc.su.oz.au's SUNSECURITY patch is now included, along with |
| 196 | marka@syd.dms.csiro.au's performance improvement to it. Note that |
| 197 | I am violating my own policies by including this, since it came |
| 198 | without a corresponding patch to OPTIONS, conf/options.h, and the BOG. |
| 199 | |
| 200 | 28. Interfaces with multiple addresses were not being handled properly. |
| 201 | This is an issue for 4.3-Reno and later BSD systems, including BNR2 |
| 202 | ("Net-2") and 4.4BSD. Multiple addresses are not properly handled |
| 203 | as if they were all aliases for the localhost. |
| 204 | |
| 205 | 27. Jukka Ukkonen <ukkonen@csc.fi> sent me some patches for the Convex, |
| 206 | which I've put it but cannot test. |
| 207 | |
| 208 | 26. sob@tmc.edu (Stan Barber) sent me new versions of contrib/host/host.c |
| 209 | and contrib/host/send.c, which I have installed but not tested. I am |
| 210 | still waiting for someone to update the version in tools/host.c, which |
| 211 | is going to be a lot more work. Contact me via e-mail if you want to |
| 212 | help. |
| 213 | |
| 214 | 25. My credibility stuff from the original 4.9 (and before that, KJB) |
| 215 | was operating under a ``scorched earth'' policy due to a brain fault |
| 216 | on my part when I wrote the code originally. Tim.Goodwin@pipex.net |
| 217 | discovered this and sent in a patch. Note that throwing out glue is |
| 218 | generally OK since glue is generally NOT OK, but disposing of it after |
| 219 | ~20 references is a lot better than disposing of it after 1 reference. |
| 220 | |
| 221 | 24. NS RR sorting on forwarded and system queries was not happening |
| 222 | unless more than 1024 milliseconds of RTT variance existed among |
| 223 | the servers. This was a good value for development and testing |
| 224 | but not for production use. The value is now 128 milliseconds. |
| 225 | No, this should not be a configurable in the boot file. |
| 226 | |
| 227 | 23. I am including a file doc/FAQ which was posted to usenet as: |
| 228 | From: craig@ecel.uwa.edu.au (Craig Richmond - division) |
| 229 | Newsgroups: comp.protocols.tcp-ip.domains |
| 230 | Subject: FAQ: Setting up a basic DNS server for a domain |
| 231 | Date: 3 Aug 1993 10:53:51 GMT |
| 232 | Organization: The University of Western Australia |
| 233 | Lines: 1088 |
| 234 | Message-ID: <23lg3v$1go@uniwa.uwa.edu.au> |
| 235 | Summary: Step by Step implementation of a DNS server |
| 236 | Keywords: FAQ DNS setup |
| 237 | |
| 238 | 22. named-xfer now syslogs if the remote server's serial number is _lower_ |
| 239 | than ours, which does seem like a bad thing. per@erix.ericsson.se |
| 240 | (Per Hedeland) sent this in. |
| 241 | |
| 242 | 21. man/resolver.3 had a typo on the exp_dn argument to dn_expand. fixed. |
| 243 | (Steve Alexander <stevea@lachman.com> sent this in.) |
| 244 | |
| 245 | 20. include/sys/cdefs.h moved to compat/include/sys/cdefs.h since some |
| 246 | systems have their own which must be used. the top-level makefile |
| 247 | must be edited if you are on one of these systems, since the default |
| 248 | CFLAGS includes this new directory as a -I directive. sys/bitypes.h |
| 249 | has also moved. |
| 250 | |
| 251 | 19. A neccessary bug fix for ISI's VALIDATE/NCACHE code has been incorporated. |
| 252 | If you had to rebuild without these turned on in options.h to get your |
| 253 | CNAME lookups to work again in an earlier 4.9.2 ALPHA, you can turn them |
| 254 | on again now. |
| 255 | |
| 256 | 18. The q_system field of the query structure has been removed in favor of |
| 257 | a q_type field containing bit definitions. The old PRIMING_CACHE magic |
| 258 | cookie is no longer used. Go to the end of the universe, do not pass go. |
| 259 | |
| 260 | 17. Converted to ANSI C. All functions are static unless they are actually |
| 261 | needed outside the current module ("file" in C terminology); static |
| 262 | functions are declared with prototypes if they are forward-referenced. |
| 263 | Externally visible functions are declared in separate header files, with |
| 264 | prototypes. ns.h and db.h have been split into four new header files: |
| 265 | db.h -> db_defs.h db_glob.h db_func.h |
| 266 | ns.h -> ns_defs.h ns_glob.h ns_func.h |
| 267 | |
| 268 | The *_defs files contain only structure and type definitions, and macro |
| 269 | definitions. Nothing that generates text or data space in the executable |
| 270 | is declared here. |
| 271 | |
| 272 | The *_glob files contain only global variable declarations, which used to |
| 273 | be defined in the various *.c files in a more or less random fashion. The |
| 274 | declarations are "extern" if included from non-main()-containing files, but |
| 275 | are defined globally and given initial values in main()-ish files. This |
| 276 | reuse of the same declarations insures that the type and size declarations |
| 277 | match between definitions and external references to them. |
| 278 | |
| 279 | The *_func files contains function prototypes for global ("extern") |
| 280 | functions. The prototypes are all optional so will not break non-ANSI |
| 281 | systems. Note that I don't have such a system any more so I may be wrong. |
| 282 | |
| 283 | 16. Removed all remaining references to "short" or "long" that did not |
| 284 | depend on the vague semantics of those types. Most uses were actually |
| 285 | depending on a size of 16 bits for short and 32 bits for long, and there |
| 286 | are processors/compilers where each of these types is different. This |
| 287 | work was begun in 4.9 and is now complete. Note that some structs that |
| 288 | are used in large data structures use "char" for 8-bit integers. It helps. |
| 289 | |
| 290 | 05Jul93 - ALPHA Released |
| 291 | |
| 292 | This is the cleanup release after 4.9. I'm going to try the TCSH style of |
| 293 | logging the changes; let me know if you think it's a bad way of doing it. |
| 294 | |
| 295 | 15. the resolver now includes an implementation of RFC 1101, which allows |
| 296 | network names to be encoded in the DNS tree rather than in /etc/networks. |
| 297 | this implementation is by rps@matuc2.mat.uc.pt (Rui Pedro Mendes Salgueiro) |
| 298 | i put the test program and original documentation in contrib/rfc1101/. i |
| 299 | would like to see their main.c ("nettest") turned into a tools/nettest, |
| 300 | but i'm not willing to do the work myself. it needs a man page, etc. |
| 301 | |
| 302 | 14. as expected the initial HS zone transfer stuff didn't work that well. |
| 303 | thanks to <per@ericsson.se>, retries after failed SOA queries will use |
| 304 | C_IN rather than falling through to C_HS inappropriately. |
| 305 | |
| 306 | 13. ns_init.c was fcntl(SETFL)'ing in a destructive way. it now does a |
| 307 | fcntl(GETFL) to get the old option mask and then |'s in the new flag. |
| 308 | this patch came from Eduard Vopicka <Eduard.Vopicka@vse.cz>. |
| 309 | |
| 310 | 12. there are two new conf/Info.* files; check 'em out. |
| 311 | |
| 312 | 11. ultrix (some versions, especially the vax ones) libc.a had some bad |
| 313 | naming conventions for some resolver routines. getshort/putshort just |
| 314 | have to be real functions, not just macros, or you can't link anything |
| 315 | with this resolver. patch was sent by <aas@brain.physics.swin.oz.au>. |
| 316 | |
| 317 | 10. sethostent(x) for host files was sticky for nonzero 'x' (avalon@anu.edu.au) |
| 318 | |
| 319 | 9. hp9000s700 is now supported in include/arpa/nameser.h (avalon@anu.edu.au) |
| 320 | |
| 321 | 8. statistics dumps now print the time in decimal-seconds-since-1970 in |
| 322 | addition to the old "ctime" format, for ease of debugging. (Peter Koch). |
| 323 | |
| 324 | 7. systems with 14-character filename limitations have apparently been |
| 325 | having trouble in named-xfer since its temporary file names are bigger |
| 326 | than they can handle. ash@hp sent in some patches a while ago, enabled |
| 327 | with SHORT_FNAMES in conf/options.h, to deal with this appropriately. |
| 328 | We should probably just generate short names always. |
| 329 | |
| 330 | 6. Some security stuff from ISI. According to Anant Kumar <anant@isi.edu>: |
| 331 | |
| 332 | The validation procedure is the major change here. Currently, we |
| 333 | accept anything from a server, as long as we had asked it a question. |
| 334 | This implies that a malicious server can really send us any data and |
| 335 | we not only pass it on, we also cache it for as long as the TTL |
| 336 | holds. This can be really bad for our health and for that of those |
| 337 | who use the DNS. |
| 338 | |
| 339 | We add this procedure to verify for each RR returned by a server |
| 340 | that it is indeed authoritative for either that zone, or for a |
| 341 | parent zone. We end up trusting the root servers for everything! |
| 342 | Also, the more rich our cache is the more choosy we become about the |
| 343 | data we add on to it. This stuff is all ifdef'd with "#ifdef VALIDATE" |
| 344 | |
| 345 | The negative caching stuff adds on a d_rcode field to the databufs. |
| 346 | Any positive entry now shows a NOERROR there while negative entries |
| 347 | have either a NXDOMAIN or NOERROR_NODATA. NOERROR_NODATA rcode is |
| 348 | never returned. It is used only to differentiate, within the |
| 349 | internal database, between negative and positive entries. We use the |
| 350 | regular hash table (hashtab) to store negative entries, too. Only |
| 351 | authoritative answers are negative cached, for NTTL (parameterized, |
| 352 | currently 10 minutes) seconds. Non-authoritative NXDOMAINs or |
| 353 | NOERROR with zero RR count, now generated, are now accepted but |
| 354 | never cached. This is ifdef'd with "#ifdef NCACHE". |
| 355 | |
| 356 | 5. "make install" now has a prayer of working for the man pages. an observation |
| 357 | was made that net2++ systems _require_ formatted "cat" pages and that older |
| 358 | systems are _able_ to use them, so that's all we install. |
| 359 | |
| 360 | 4. i wrote man pages for named.reload, named.restart, and named-xfer. these |
| 361 | were actually in 4.9.1 for 4.4BSD. |
| 362 | |
| 363 | 3. unneeded functions in compat/lib will now generate placeholder symbols, to |
| 364 | make sure that the linker doesn't generate ugly-but-harmless warnings. |
| 365 | |
| 366 | 2. my ignorance of the true meaning of _POSIX_SOURCE has been corrected, |
| 367 | along with the ugly-but-working code in conf/portability.h and elsewhere. |
| 368 | |
| 369 | 1. non-resolver routines moved from res/ to compat/lib/. this will shorten |
| 370 | libresolv.a and make it easier to integrate new BIND releases into Net-2 |
| 371 | descendents such as 4.4BSD and BSD/386. |
| 372 | |
| 373 | 4.9.1 ------------------ |
| 374 | |
| 375 | This is the integration of the changes that were made for 4.4BSD. This |
| 376 | release will not be published. Changes include: |
| 377 | |
| 378 | doc/BOG/*: many changes to improve appearance of the output, including |
| 379 | orphan-avoidance and better tab stops. Sent to me by someone on |
| 380 | the net who deserves thanks but I've lost the original mail. Oops. |
| 381 | |
| 382 | include/*: the CSRG people weren't entirely pleased with the interface |
| 383 | changes i made to the res_*() and inet_*() functions. in particular, |
| 384 | the changes from "long" to "u_int32_t" were too sweeping in their |
| 385 | opinion since Posix is already working on standardizing them and |
| 386 | might look unkindly on an apparently-still-evolving interface. also, |
| 387 | the possibility that all the vendors will change their implementations |
| 388 | to match the new interface is apparently rather dim. therefore most |
| 389 | externally-visible occurances of the int32_t type have been changed |
| 390 | back to "long" in the resolver interface. we believe that this should |
| 391 | still be portable to Cray and AXP machines, but i'll wait to hear from |
| 392 | someone who can actually try it out and let me know. |
| 393 | |
| 394 | tools/*: the "net2" version of "lex" requires some additional flags and libs, |
| 395 | and this had implications for the Makefiles and the dig.c source file. |
| 396 | nslookup's man page is now in man/ rather than tools/nslookup, for |
| 397 | consistency. |
| 398 | |
| 399 | named/*: last-minute 4.9-FINAL changes to named-xfer.c and db_load.c resulted |
| 400 | in corruption of TXT records on zone transfers, and a high number of |
| 401 | useless syslog(SYS_ERR) messages about zones already being up to date. |
| 402 | these last-minute changes have been massaged into better shape and are |
| 403 | now a lot readier for prime time than they were. a lesson was learned. |
| 404 | |
| 405 | the inet_aton() function is now used where appropriate, rather than the |
| 406 | old inet_addr(). this is just an evolutionary move that should have no |
| 407 | practical implications. bad addresses in the "tcplist", "bogusns", and |
| 408 | "sortlist" directives (from named.boot) are now syslogged. |
| 409 | |
| 410 | some open files are still inherited by named-xfer from named, but they |
| 411 | are properly closed now. |
| 412 | |
| 413 | the SIGXFSZ signal is now accepted as an alias for SIGHUP, in support |
| 414 | of the wierd DEC Hesiod implementation. no practical significance. |
| 415 | |
| 416 | res/*: one important bug fix in the gethostent() stuff, and a whole bunch of |
| 417 | evolutionary include file changes. |
| 418 | |
| 419 | include/*: include/sys was moved to compat/include/sys, since systems that |
| 420 | do not need it really really really need to get their own instead. |
| 421 | at some point i'm going to move the res/*.c files that are needed for |
| 422 | compatibility but not really part of the resolver, into compat/lib. |
| 423 | |
| 424 | general: there are more settable parameters in the top-level Makefile, and |
| 425 | they are propagated downward into the subdirectories' Makefiles. you |
| 426 | should not have to edit any Makefile except the top-level one. Note |
| 427 | that "make links" still creates local Makefiles in the build directory |
| 428 | because "mkdep" still edits the Makefiles on most systems. |
| 429 | |
| 430 | 4.9-FINAL ------------------- |
| 431 | |
| 432 | Kevin Dunlap sent in some changes for the BOG. So did a lot of other folks. |
| 433 | |
| 434 | Someone asked about AXP-OSF, so I did a trivial 64-bit port. Porting to |
| 435 | other 64-bit systems should be simple now. Someone also sent in some MIPS |
| 436 | RISCOS portability changes, which were simple and therefore were put in. |
| 437 | Note that some type names have been added to BSD 4.4 as a result of this |
| 438 | work; they are going to be in <sys/types.h> in BSD 4.4 but they are in a |
| 439 | local include file called <sys/bitypes.h> in this distribution, with |
| 440 | appropriate #ifdef's in the include files that depend on them. Those of you |
| 441 | who are porting to 64-bit platforms where "long" isn't 32 bits should be |
| 442 | using these new names for your types; there was no standard before this, |
| 443 | but the names we've added for BIND 4.9 and BSD 4.4 are going to be proposed |
| 444 | to Posix at some point. Sometimes it's just not OK for "int" to be the |
| 445 | "natural integer size of the machine" and you just _have_ to tell the compiler |
| 446 | how many bits you want. |
| 447 | |
| 448 | The NIC added a new root server, thus pushing the size of a nonauthoritative |
| 449 | root server response (which includes the root server list in the answer as |
| 450 | well as the authority sections) over the 512-byte limit. This showed up a |
| 451 | long-term BIND bug wherein it failed to set the TC ("truncation occurred") |
| 452 | bit if truncation occurred anywhere but the answer section. Since truncation |
| 453 | was occuring at the end of the packet, in the additional data section, this |
| 454 | meant that BIND was generating truncated responses without setting TC in the |
| 455 | response header. Upon further investigation, I found that BIND ignored TC |
| 456 | on responses it received from other name servers. RFC 1035 states that RR's |
| 457 | from truncated responses should not be cached; with creative interpretation |
| 458 | of the exact 1035 wording, I found a way to reach this goal while still |
| 459 | caching the answer section (as long as the truncation occurred in some other |
| 460 | section, which 1035 gives no definitive way to determine but I'm happy with |
| 461 | my guess). |
| 462 | |
| 463 | While researching the above, I finally broke down and added credibility |
| 464 | output to the zone dump files. They are in the comments so should cause |
| 465 | no trouble. There's more work to be done on the dump output; in particular, |
| 466 | Phil Almquist proposed and even prototyped a "tagging" of all RR's with the |
| 467 | A RR of the nameserver that sent them to us; this feature should be added |
| 468 | and the dump output should include it. This would add a lot to our ability |
| 469 | to track down corrupt data. |
| 470 | |
| 471 | Don Lewis and I had more discussions about TC and ended up agreeing that the |
| 472 | right thing to do is to set TC on responses that overflow in the answer or |
| 473 | authority section, truncating at an RR boundary, but do not set TC on responses |
| 474 | that overflow in the additional-data section (truncating at a {name,type} |
| 475 | boundary). This actually solves the root server problem pretty well, since |
| 476 | BIND 4.9 will, when it tries to use an NS whose A isn't in the cache, generate |
| 477 | a sysquery() for the missing A. (Heck, additional data TTL's are depreciated |
| 478 | at the rate of 5% per use, so this would end up happening pretty quickly even |
| 479 | if we did cache a partial {name,type} -- but now we won't have to.) |
| 480 | |
| 481 | While trying to fix all of this stuff I ended up moving some functions around |
| 482 | to avoid duplicating them in different source files, and I reformatted some |
| 483 | source lines that went over 80 characters. I also made a few things "static" |
| 484 | that used to be unneccessarily global. More of that will happen in 4.9.1. |
| 485 | |
| 486 | DEC's product version of MIT Hesiod uses SIGXFSZ for what we do with SIGHUP; |
| 487 | since the default for SIGXFSZ is to exit, it seemed prudent to wire it up to |
| 488 | do what SIGHUP does instead, so that this BIND can run on DEC Hesiod servers. |
| 489 | |
| 490 | At the request of several people, I integrated the USC "dig" and Rutgers |
| 491 | "host" tools into the distribution. This required some changes to the |
| 492 | resolver library's debugging output formats, which will be visible in |
| 493 | nslookup, nsquery, and any other tool that sets the RES_DEBUG option. |
| 494 | Note that there is no support for "DEFNAMES" in this version of dig, due |
| 495 | to design changes between 4.8 (from which "dig" is derived) and 4.9. there |
| 496 | is no reason in principle why it can't be made to work, but it doesn't work |
| 497 | now. therefore only fully-qualified names can be looked up with this "dig". |
| 498 | |
| 499 | I had to change the name of the resolver "state" structure to be "__res_state" |
| 500 | for standards conformance (really, it is not reasonable to expect that because |
| 501 | a program includes <resolv.h> it will never define its own structure called |
| 502 | "state". This change highlights the imperative that any application which is |
| 503 | relinked against this resolver must first be recompiled against these include |
| 504 | files (notably <resolv.h>). This is true for almost all versions of libresolv. |
| 505 | |
| 506 | I asked for items for the "TODO" list and got quite a few. Check them out |
| 507 | before you hack; someone else may already have started doing what you want to |
| 508 | do. I also asked for tools for the "contrib" subdirectory and got 650KB worth. |
| 509 | They make the BIND 4.9 distribution a lot larger than 4.8.3 was, but the extra |
| 510 | bytes are well worth their weight. |
| 511 | |
| 512 | Kenneth Almquist (no relation to Phil, as far as I know) posted a patch for |
| 513 | res_send() that lets it keep track of servers that are responding "SERVFAIL" |
| 514 | or some other fatal condition; these servers are NOT used for retries of the |
| 515 | current query. This information is not persistent between calls to res_send() |
| 516 | since future calls will probably be for different {name,type} queries, which |
| 517 | will not neccessarily fail in the same way. This change is trivial and makes |
| 518 | a measurable difference in the amount of DNS traffic on my local net. |
| 519 | |
| 520 | 4.9-BETA ------------------- April 17, 1993 -- Paul Vixie -- DECWRL |
| 521 | |
| 522 | "Peter Koch" <pk@TechFak.Uni-Bielefeld.DE>'s previous patch caused core |
| 523 | dumps on some systems. I fixed part of it and Peter sent me a fix for |
| 524 | the rest of it. All is now well. |
| 525 | |
| 526 | The Bind Operations Guide in doc/BOG has been updated to 4.9. Also, the |
| 527 | man page in man/named.8 has had some patches applied. The copyrights are |
| 528 | all fixed now. Let's get this thing OUT of here! |
| 529 | |
| 530 | 4.9-ALPHA ------------------- March 15, 1993 -- Paul Vixie -- DECWRL |
| 531 | |
| 532 | There was a really bad bug affecting wildcards. I received a patch |
| 533 | from "Peter Koch" <pk@TechFak.Uni-Bielefeld.DE> which fixes some of |
| 534 | it, but I can't quite motivate myself to fix the rest of it since I |
| 535 | know that what's _really_ wrong is going to require chainsaws and |
| 536 | dynamite to fix and that'll add another year to the release. I think |
| 537 | that this patch will hold us for a while. |
| 538 | |
| 539 | There are a LOT of portability changes that I'm holding onto, especially |
| 540 | including 64-bit fixes. Do not submit any more portability changes |
| 541 | until 4.9.1 opens. Go ahead and make them, but be prepared to remake |
| 542 | them later. Let me know what you are doing but don't send me any diffs |
| 543 | for portability until I ask for them. 4.9 has been stuck in the barrel |
| 544 | for way too long already -- patches that don't fix RFC-noncompliance or |
| 545 | core dumps will just go into my "todo" folder (which is presently a |
| 546 | black hole of great mass). |
| 547 | |
| 548 | 4.9-ALPHA ---------------- Febrtuary 2, 1992 -- Paul Vixie -- DECWRL |
| 549 | |
| 550 | Mostly portability fixes. The nslookup "lex" problem is BSDI-specific |
| 551 | and I'm not going to hold up release because of it. This will be the |
| 552 | last alpha release before the public beta. It is, as usual, running |
| 553 | the DEC.COM primary name service and has done so for more than a week |
| 554 | without any problems. |
| 555 | |
| 556 | 4.9-ALPHA ---------------- January 10, 1993 -- Paul Vixie -- DECWRL |
| 557 | |
| 558 | Once I get the known bug in nslookup (see below) fixed, this version is going |
| 559 | to go into public beta. I would appreciate it if everyone would try it out. |
| 560 | |
| 561 | KNOWN BUG IN THIS RELEASE: something wild is going on inside of the yylex() |
| 562 | routing on BSD/386 systems. It only affects nslookup. I'm still trying to |
| 563 | figure out how I'm going to debug this; lex experts, please see what's going |
| 564 | on. None of the changes since the 930105 release should have been capable |
| 565 | of producing this change, but something is sure doing it. |
| 566 | |
| 567 | I finally fixed the {GET,PUT}{SHORT,LONG} macros to stop issuing warnings |
| 568 | on HP-UX systems. They are also warning-free on Ultrix(SPIM,VAX), BSDI(386), |
| 569 | and SunOS(SPARC) systems. I took the plunge and changed the internal functions |
| 570 | in res/res_comp.c to depend on these macros instead of duplicating the code, |
| 571 | and everything still works. |
| 572 | |
| 573 | Tom Limoncelli found three ancient memory leaks. I fixed two of them |
| 574 | but the last one looks too much like a "cannot happen" for me to be |
| 575 | willing to experiment with it. Besides which, it's "very" minor. |
| 576 | |
| 577 | Uses setsid() on POSIX systems. PID file is now optional. (arc@sgi) |
| 578 | |
| 579 | Comments (";" or "#") are now allowed in resolv.conf (arc@sgi). |
| 580 | |
| 581 | Documentation and copyright changes in README. |
| 582 | |
| 583 | Known to compile on NeXT machines. |
| 584 | |
| 585 | Some portability changes for AIX, whose CC is very picky. |
| 586 | |
| 587 | I forgot to mention in the 921227 release that T_RP is supported (arc@sgi). |
| 588 | |
| 589 | I included a number of changes that Alan Barrett has been trying to get |
| 590 | in since the 921221 version. Most are portability-related, and the few |
| 591 | things that are functional are changes to my own previous additions :-), |
| 592 | so I'm fairly sure that they are doing the right thing. Alan's changes |
| 593 | include: |
| 594 | |
| 595 | include/arpa/nameser.h |
| 596 | improved error diagnosis in the BYTE_ORDER configuration. |
| 597 | |
| 598 | changed hp9000 test to hp9000s300. As far as I know, there is |
| 599 | no hp9000 preprocessor symbol. Should probably add other |
| 600 | hp9000s<whatever> tests, but have not done so. |
| 601 | |
| 602 | named/ns.h |
| 603 | Moved the XFER-related stuff from the end of the file to near |
| 604 | the top, where it is grouped with similar stuff. |
| 605 | |
| 606 | Makefiles: |
| 607 | Add SYSLIBS variable, so folk can compile with -lBSD easily. |
| 608 | |
| 609 | Changed install targets to make them easier to customise. |
| 610 | |
| 611 | make links wasn't handling named.{reload,restart}* |
| 612 | |
| 613 | Add ${CDEBUG} flag to link step. Some debuggers don't work |
| 614 | right if the program isn't linked with the -g flag. |
| 615 | |
| 616 | struct timeval members are declared as unsigned long on some systems. |
| 617 | Add casts to (long) in several if statements that appear to assume |
| 618 | that tv_sec is signed. |
| 619 | |
| 620 | PID_FIX in ns_main.c controlled more than just whether or not the |
| 621 | pid file gets fixed. |
| 622 | Changed it to control only that one feature. |
| 623 | |
| 624 | For debugging, it is useful for a nameserver to listen to non-standard |
| 625 | port, but to forward requests to a standard port. |
| 626 | Add "-p remote/local" option to named/ns_main.c. |
| 627 | Also needed some other changes elsewhere. |
| 628 | |
| 629 | Don't forward back to the host that asked us a question, unless they |
| 630 | asked from some port other than their nameserver port. This allows a |
| 631 | dig or nslookup user on a host to ask us questions with |
| 632 | recursion-desired, where we are willing to recursively ask the |
| 633 | nameserver on their host. However, if a nameserver asks us something |
| 634 | we will not recurse back to them. |
| 635 | nslookup() in named/ns_forw.c checks for this and returns -1. |
| 636 | ns_forw() and sysquery() notice this and return SERVFAIL. |
| 637 | |
| 638 | Moved the nsContainsUs functionality from a separate routine |
| 639 | into nslookup(). No need to do the same tree walk several times. |
| 640 | |
| 641 | While trying to track down various problems, added detection |
| 642 | and logging of errors in several syscalls in ns_main.c. |
| 643 | |
| 644 | Avoid integer overflow in roundtrip time calc in ns_resp. |
| 645 | This needs a definition for INT_MAX. |
| 646 | |
| 647 | Fixed root zone transfer bug. Also corrected some slightly misleading |
| 648 | comments in the doaxfr() code, and added some more comments. |
| 649 | |
| 650 | 4.9-ALPHA ---------------- January 5, 1993 -- Paul Vixie -- DECWRL |
| 651 | |
| 652 | This one was built and tested on Ultrix 4.2 (SPIM, MIPS CC and GCC), |
| 653 | BSD/386 (Gamma.4), Sun SPARC (4.0.3, sorry, that's the latest I have), |
| 654 | 4.3BSD Reno (VAX, PCC), and Ultrix 3.0 (VAX PCC). |
| 655 | |
| 656 | Moved res/defs.h to conf/portability.h; named/options.h to conf/options.h. |
| 657 | |
| 658 | Portability changes for O_NDELAY. SUNOS is really strange about this. |
| 659 | |
| 660 | Removed some unneccessary goto's added to ns_main.c on 1jan. Oops. |
| 661 | |
| 662 | Art Harkin of HP sent in a number of small (read: obviously correct) |
| 663 | improvements, some related to portability, some to functionality. |
| 664 | |
| 665 | 4.9-ALPHA ---------------- January 1, 1993 -- Paul Vixie -- DECWRL |
| 666 | |
| 667 | Changed all O_NONBLOCK to O_NDELAY. Changed all {r}index to str{r}chr. |
| 668 | |
| 669 | Added some SysV support in the form of bcopy->memcpy, bzero->memset. |
| 670 | |
| 671 | Added C_HS support to named-xfer (greg@duke.cs.unlv.edu). |
| 672 | |
| 673 | Fixed a line-number problem in asp's "include" logic (asp@uunet.uu.net). |
| 674 | |
| 675 | streamq's were being used after free(). bug report from fuat@ans.net |
| 676 | and jpe@ee.egr.duke.edu. bug fix by vixie. |
| 677 | |
| 678 | In the resolver, we now default to address 127.0.0.1 rather than 0.0.0.0. |
| 679 | There's a comment in the code that explains why. |
| 680 | |
| 681 | In the resolver, arc@xingping.esg.sgi.com changed it to use inet_aton() |
| 682 | and included that function for those not running 4.4bsd. |
| 683 | |
| 684 | arc@xingping.esg.sgi.com also provided lots of portability fixes and |
| 685 | general cleanups, in particular to nslookup which he maintains for CSRG. |
| 686 | |
| 687 | 4.9-ALPHA ---------------- December 27, 1992 -- Paul Vixie -- DECWRL |
| 688 | |
| 689 | Added strtoul() to libresolv.a since it's yet another neccessary function |
| 690 | that older systems don't have. If we can stomach strcasecmp() we can sure |
| 691 | handle this. |
| 692 | |
| 693 | Moved res/named/gethostnamadr.c to res/gethnamaddr.c (note basename change) |
| 694 | and res/named/sethostent.c to res/sethostent.c. Since the host table stuff |
| 695 | isn't in separate files any more I saw no reason to retain the subdirectory. |
| 696 | |
| 697 | Updated all the copyrights and applied the small lint changes that bring |
| 698 | the baseline of this version from "4.8.3 as seen on ucbarpa" up to "4.8.3 |
| 699 | as released with net-2". Thanks to the alpha testers for pointing this out |
| 700 | to me and for sending in the diffs. |
| 701 | |
| 702 | With much howling and screaming, I ported this to UMIPS (MIPS System V). |
| 703 | There are a lot of really bad things going on in their libc.a, and now |
| 704 | they're going on in BIND as well. |
| 705 | |
| 706 | I added a "res/defs.h" file and then proceeded to include it from all kinds |
| 707 | of files that aren't in res/. I'm thinking of moving it but I'm also trying |
| 708 | to figure out where -- include/ is the wrong place. res/defs.h has in it all |
| 709 | the ugly ifdef's needed to figure out whether this is a late-model BSD system, |
| 710 | a POSIX system, or just old. |
| 711 | |
| 712 | All the "#endif" and "#else" cpp directives now have comments around their |
| 713 | annotations. It turns out that System V CPP complains about "#endif DEBUG" |
| 714 | but has no problem with "#endif /*DEBUG*/". In many cases where the #ifdef |
| 715 | was obviously visible and unambiguous, I simply removed the annotation. |
| 716 | |
| 717 | The "l" is now a ";". Thanks to all who replied :-). |
| 718 | |
| 719 | There was a very bad bug in the named-xfer interface. 'nuff said. |
| 720 | |
| 721 | AIX needs a 32-bit field for PID's. I can't imagine. But it's fixed. |
| 722 | |
| 723 | The "domain" directive in named.boot is now an option, defaulting to off. |
| 724 | |
| 725 | There was a benign bug in sqrm(). |
| 726 | |
| 727 | doaxfr() is now shorter and clearer. |
| 728 | |
| 729 | There is an "include" directive in the named.boot file now. Its syntax is |
| 730 | simple: "include somefile". No quotes, no "#", no <brackets>. This feature |
| 731 | was in 4.9-ALPHA as well, courtesy of Andrew Partan. I forgot to document it. |
| 732 | |
| 733 | 4.9-ALPHA ---------------- December 21, 1992 -- Paul Vixie -- DECWRL |
| 734 | |
| 735 | This release incorporates fixes from a lot of people, including many from |
| 736 | DECWRL. Some fixes are just lint; some are to avoid dumping core on non-VAX |
| 737 | computers; many are to fix promiscuity, corruption, and rudeness. |
| 738 | |
| 739 | Various internal DEC programmers have ported the old 4.8.3 code to various |
| 740 | not-entirely-BSD-like platforms and turned up some interesting lint. All |
| 741 | of this has been fixed. Also, we fixed a bad bug in the handling of timeouts |
| 742 | and SERVFAIL's when forwarders and slave are both used. |
| 743 | |
| 744 | I have made major changes to the code inside the ALLOW_UPDATES ifdef's, but |
| 745 | I don't use it and have never compiled with that option turned on so I don't |
| 746 | know if it still works. Given that SNMP has come and there is an IETF WG for |
| 747 | SNMP management of the DNS, I am thinking very seriously of purging all of the |
| 748 | ALLOW_UPDATES code in 4.9.1. I suspect that Mike Schwartz will let me know if |
| 749 | this is ok.. |
| 750 | |
| 751 | (interrim "KJB" notes) ------------------- March, 1992 -- Paul Vixie -- DECWRL |
| 752 | |
| 753 | If we are about to forward a query for some zone for which we are one of the |
| 754 | servers, we send back a SERVFAIL instead. If we don't have it, chances are |
| 755 | good that the other name servers won't have it either. This is the major |
| 756 | cause of "network meltdown" when the root servers declare you as a name server |
| 757 | for some zone you don't know about and havn't configured yourself for. |
| 758 | |
| 759 | Fixed a memory leak such that if db_update() fails to update the database |
| 760 | from a response packet, a databuf will no longer be orphaned. Also fixed |
| 761 | what looks like a similar leak in the ALLOW_UPDATES code but I don't use it |
| 762 | that hasn't been tested. |
| 763 | |
| 764 | Fixed a memory sponge such that if we forward a query to someone who is not |
| 765 | ever going to answer it, we will eventually expire it from our query queue. |
| 766 | Previously it would expire after N retries to N' different servers, which |
| 767 | could be a very long time. Particularly in the case of lame delegations and |
| 768 | other forwarding loops, we feel that 90 seconds (two max-retry intervals) is |
| 769 | enough time for a query to be answered. While we were into this code we made |
| 770 | several fields in the query structure into "short"'s since they were only |
| 771 | being used to store smallish integers. The query list gets Very Long during |
| 772 | a forwarding loop -- even 90 seconds worth of queries is a lot of queries. |
| 773 | |
| 774 | This version includes my hacks that assign a "credibility index" to each |
| 775 | <name,type> such that when more credible data arrives for a given |
| 776 | <name,type>, all old data is purged. When equally-credible data arrives it |
| 777 | is aggregated in the way we all know and love; when less credible data |
| 778 | arrives it is completely ignored. Credibility, from best to worst, is: |
| 779 | 1. zone files (primary or secondary) |
| 780 | 2. authoritative answers |
| 781 | 3. non-authoritative answers and authority records |
| 782 | 4. additional data |
| 783 | 5. zone files ("cache" or "bootstrap" information) |
| 784 | You need this version of bind if you still show any A RR's in network |
| 785 | 32.0.0.0 when you look up uucp-gw-1.pa.dec.com's A or adobe.com's NS. |
| 786 | |
| 787 | I have also added some extra code to prevent pollution of the internal |
| 788 | "hint cache." In all versions of BIND that I was able to test, any IN_A |
| 789 | response to any sysquery() would cause the IN_A RR to be added to the |
| 790 | fcachetab ("hint cache"). This resulted in lots of extra cruft in the hint |
| 791 | cache, that wasn't timed out properly, which in turn resulted in lots of |
| 792 | strange answers ('nuff said, take my word for it.) |
| 793 | |
| 794 | Though changes have been made to make the Ultrix and GNU (2.1) C compilers |
| 795 | stop complaining about the source, it should still compile and run just |
| 796 | about anywhere. In fact, after I cleaned up lots of old lint, this version |
| 797 | of BIND is known to compile and run on: |
| 798 | |
| 799 | Ultrix 4.2 (MIPS or VAX) |
| 800 | SunOS 4.0.3 |
| 801 | BSD/386 (BSDi beta) |
| 802 | |
| 803 | This was being released as King James Bind because, like KJ Sendmail, it is |
| 804 | a merge of every major variant of Bind that we know about. It was |
| 805 | assembled and tested by Paul Vixie of DEC NSL/WRL, with generous donations |
| 806 | of code and advice from Win Treese of DEC CRL. Changes from Don Lewis of |
| 807 | Harris, Andrew Partan of UUNET, and Piet Beertema of EUNet are also included. |
| 808 | See the OPTIONS file for a description of the changes you can control with |
| 809 | #ifdef's. |
| 810 | |
| 811 | This server has been run on UUCP-GW-{1,2}.PA.DEC.COM, which are in the UUCP |
| 812 | Zone. Our named.boot file has ~1900 lines in it. Before we instituted the |
| 813 | changes in this release, our name server usually ran at about 16MB virtual, |
| 814 | 15MB physical, growing slowly but constantly until we restarted it. |
| 815 | Whenever a new zone was added to the NIC's root zone listing us as a name |
| 816 | server, our servers would kill themselves and eachother (and NS.UU.NET, one |
| 817 | of the other UUCP Zone name servers) with forwarding loops. After these |
| 818 | changes, we run at a fairly constant 8MB virtual and physical size, and our |
| 819 | apparent CPU utilization is always 0.0% since we never finish a quantum and |
| 820 | the scheduler always sees us as waiting for I-O. In other words, life is good. |
| 821 | |
| 822 | Notes from UCB version 4.8.3 follow: |
| 823 | |
| 824 | ------------------- |
| 825 | |
| 826 | This is version 4.8.3 of bind. It is a test release that updates |
| 827 | versions 4.8 and 4.8.1 with fixes, and is essentially the same as |
| 828 | the version of named on the 4.3BSD Reno release. Although it is |
| 829 | currently described as a test release, it is believed to be reasonably |
| 830 | stable and more usable than the previously-released versions. |
| 831 | Here are some of the more important changes: |
| 832 | |
| 833 | o A list of domains may be specified for searching in resolv.conf instead |
| 834 | of just the local domain name. |
| 835 | |
| 836 | o gethostbyname() will accept a dotted quad. |
| 837 | |
| 838 | o Support has been added for the the T_TXT data type and for the class |
| 839 | C_HS. These are both used by Hesiod from Project Athena at MIT. |
| 840 | |
| 841 | o All of the pathnames have been put into one header file. This |
| 842 | makes it easier to change the location based upon your local |
| 843 | configuration. |
| 844 | |
| 845 | o Responses are only accepted from an address to which we might of sent |
| 846 | the request. This might cause problems if some server is multihomed |
| 847 | and is still running BIND 4.3, but it prevents attacks induced by |
| 848 | sending responses from another address. |
| 849 | |
| 850 | o Numerous bugs have been fixed: Adding a new authoritative zone now |
| 851 | works when the server has a cached SOA record. Comparisons in the |
| 852 | db now look at type and class as well instead of dropping records |
| 853 | with identical data. Scheduling of maintenance interrupts has been |
| 854 | moved to one routine avoid spurious ones. Named goes into the background |
| 855 | after more of the initialization is done. Stream connection queue |
| 856 | handling was cleaned up including a bug that caused data corruption |
| 857 | and core dumps. Sys5 no longer can have multiple transfers of the |
| 858 | same zone occuring at the same time. Handle CNAME -> CNAME loops |
| 859 | more gracefully. Avoid making one server never get queried. Border |
| 860 | conditions in resolver are checked more accurately. |
| 861 | |
| 862 | o Nslookup has been updated. |
| 863 | |
| 864 | There are several bug reports that have yet to be integrated into this |
| 865 | version. Hopefully they will be dealt with in the next release. Please |
| 866 | send feedback on this release. |
| 867 | |
| 868 | Notes from versions 4.8.1 and 4.8 follow: |
| 869 | |
| 870 | ------------------ |
| 871 | |
| 872 | This is version 4.8.1 of bind. It is a test release that includes |
| 873 | version 4.8 with fixes, asynchronous zone transfer and better reload |
| 874 | capabilities. Although it is currently described as a test release, |
| 875 | it is believed to be reasonably stable and more usable than the currently- |
| 876 | released version, 4.8. The changes of note are: |
| 877 | |
| 878 | o The asynchronous zone transfer code previously posted to the bind |
| 879 | mailing list has been integrated, completed and tested. There are |
| 880 | a number of changes from the version posted, including fixes to |
| 881 | allow top-level domains to work and a simplification of the timer |
| 882 | code. |
| 883 | |
| 884 | o The code for reloading the server has been changed so that only |
| 885 | primary zones master files that have changed are reloaded. The |
| 886 | cache and secondary zones are not flushed, and the sortlist, domain, |
| 887 | etc. are reset to correspond to the boot file contents. |
| 888 | |
| 889 | o Several bugs have been fixed: the name "*" is not interpreted as |
| 890 | a wildcard in cached zones, only in primary zones. Secondary servers |
| 891 | no longer decrement the time-to-live of records by the time since |
| 892 | they verified the zone with the master; as a result, they never |
| 893 | hand out nameserver referrals with too short a TTL to be usable. |
| 894 | A bug was fixed that caused secondary servers with out-of-date |
| 895 | zones to return empty answers between the actual expiration time |
| 896 | and the next timeout. |
| 897 | |
| 898 | There are several other bugs that have been reported but have not yet |
| 899 | been fixed. In addition, the next regular release of named will |
| 900 | support negative caching, but this has not been integrated. |
| 901 | |
| 902 | I would appreciate receiving feedback on this release; in particular, |
| 903 | problems (or lack of problems) when installing on various systems. |
| 904 | I attempted to update the SysV code when integrating the zone-transfer, |
| 905 | but haven't tested it. |
| 906 | |
| 907 | The notes from version 4.8 follow. |
| 908 | |
| 909 | ---------- |
| 910 | Welcome to version 4.8 of bind. |
| 911 | |
| 912 | There have been several changes to the named boot file (/etc/named.boot) |
| 913 | of which you should be aware. The "domain" line for each zone is no longer |
| 914 | needed, but one such line may still be used to specify a default domain |
| 915 | to be used for queries containing names with only a single component. |
| 916 | The term "suffixes", which was added in version 4.7alpha, has been removed. |
| 917 | |
| 918 | The manual page on named (named.8) has been updated to reflect all |
| 919 | these changes. Please read this and look at the example files |
| 920 | before installation. You should also note the changes in the |
| 921 | resolver code to support non-fully-qualified addresses and per-user |
| 922 | host aliases. See hostname(7) for an overview. Two new routines |
| 923 | have been added to the resolver library since the last test release: |
| 924 | res_query formulates a query, sends it, waits for a response and does |
| 925 | preliminary error checking; res_search implements the search rules |
| 926 | of gethostbyname using res_query. |
| 927 | |
| 928 | The MX lookup routine in sendmail has been modified to use res_search. |
| 929 | Also, dn_skip takes an additional parameter and has been renamed |
| 930 | to dn_skipname. While old sendmail binaries will work with the new |
| 931 | version of bind, because of these changes, it is desirable to install |
| 932 | new sendmail sources and recompile sendmail. Do not rebuild sendmail |
| 933 | from old sources. The new sendmail is on ucbarpa.Berkeley.EDU for |
| 934 | anonymous FTP from pub/4.3/sendmail.MX.tar and pub/4.3/sendmail.MX.tar.Z. |
| 935 | |
| 936 | There have been numerous changes to named, fixing most of the known |
| 937 | bugs that can be fixed without major structural changes in the server. |
| 938 | Several server configurations that failed before should now work. |
| 939 | Certain robustness problems have been fixed, in particular bounds- |
| 940 | checking when processing incoming packets. Two changes have been made |
| 941 | in preparation for negative caching: SOA records are sent in the authority |
| 942 | section in negative responses with NXDOMAIN set, and a bug was fixed that |
| 943 | caused confusion and repeated requests if a response had no error, no answer |
| 944 | and an SOA in the authority section. As such responses are already sent |
| 945 | by other servers, and will be sent by the next release of BIND, it is |
| 946 | important that all sites upgrade to this version as quickly as possible. |
| 947 | |
| 948 | The root "hint" cache and cache file remain the largest problem area, |
| 949 | along with named's naivete in accepting bogus server's data. |
| 950 | These will be addressed in the next release, along with asynchronous |
| 951 | zone transfers, intelligent reloading of zone files, faster startup, |
| 952 | and caching of negative responses. |
| 953 | |
| 954 | This version (4.8) will replace the last officially released version (4.5). |
| 955 | Version 4.5 has a serious bug that causes the generation of a continuous |
| 956 | stream of bogons to the root domain servers (bogus queries with the query |
| 957 | response bit set and possibly garbage for nsid and rcode). It is imperative |
| 958 | that these versions of named be replaced as fast as possible. We urge you to |
| 959 | field 4.8 quickly, for the sake of the root domain servers. |
| 960 | |
| 961 | Mike Karels |
| 962 | Jean Wood |
| 963 | bind@ucbarpa.Berkeley.EDU |
| 964 | |
| 965 | ## ++Copyright++ |
| 966 | ## - |
| 967 | ## Copyright (c) |
| 968 | ## The Regents of the University of California. All rights reserved. |
| 969 | ## |
| 970 | ## Redistribution and use in source and binary forms, with or without |
| 971 | ## modification, are permitted provided that the following conditions |
| 972 | ## are met: |
| 973 | ## 1. Redistributions of source code must retain the above copyright |
| 974 | ## notice, this list of conditions and the following disclaimer. |
| 975 | ## 2. Redistributions in binary form must reproduce the above copyright |
| 976 | ## notice, this list of conditions and the following disclaimer in the |
| 977 | ## documentation and/or other materials provided with the distribution. |
| 978 | ## 3. All advertising materials mentioning features or use of this software |
| 979 | ## must display the following acknowledgement: |
| 980 | ## This product includes software developed by the University of |
| 981 | ## California, Berkeley and its contributors. |
| 982 | ## 4. Neither the name of the University nor the names of its contributors |
| 983 | ## may be used to endorse or promote products derived from this software |
| 984 | ## without specific prior written permission. |
| 985 | ## |
| 986 | ## THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
| 987 | ## ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 988 | ## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 989 | ## ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
| 990 | ## FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 991 | ## DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 992 | ## OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 993 | ## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 994 | ## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 995 | ## OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 996 | ## SUCH DAMAGE. |
| 997 | ## - |
| 998 | ## Portions Copyright (c) 1993 by Digital Equipment Corporation. |
| 999 | ## |
| 1000 | ## Permission to use, copy, modify, and distribute this software for any |
| 1001 | ## purpose with or without fee is hereby granted, provided that the above |
| 1002 | ## copyright notice and this permission notice appear in all copies, and that |
| 1003 | ## the name of Digital Equipment Corporation not be used in advertising or |
| 1004 | ## publicity pertaining to distribution of the document or software without |
| 1005 | ## specific, written prior permission. |
| 1006 | ## |
| 1007 | ## THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL |
| 1008 | ## WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES |
| 1009 | ## OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT |
| 1010 | ## CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL |
| 1011 | ## DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR |
| 1012 | ## PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS |
| 1013 | ## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS |
| 1014 | ## SOFTWARE. |
| 1015 | ## - |
| 1016 | ## --Copyright-- |