makes patch-ab unnecessary:
* A typo in the HS A code caused an assertion failure.
* lwres_gethostbyname() and company set lwres_h_errno
to a random value on success.
* If named was shut down early in the startup
process, ns_omapi_shutdown() would attempt to lock
an unintialized mutex. [RT #262]
* stub zones could leak memory and reference counts if
all the masters were unreachable.
* isc_rwlock_lock() would needlessly block
readers when it reached the read quota even
if no writers were waiting.
* Log messages were occasionally lost or corrupted
due to a race condition in isc_log_doit().
* The request library didn't completely work with IPv6.
* Check for IPV6_RECVPKTINFO and use it instead of
IPV6_PKTINFO if found. [RT #229]
add patch to help 2292bis environment (= latest KAME, Solaris8).
--- rc1 -> rc2
--- 9.0.0rc2 released ---
377. [bug] When additional data lookups were refused due to
"allow-query", the databases were still being
attached causing reference leaks.
376. [bug] The server should always use good entropy when
performing cryptographic functions needing entropy.
375. [bug] Per-zone allow-query did not properly override the
view/global one for CNAME targets and additional
data [RT #220].
374. [bug] SOA in authoritative negative responses had wrong TTL.
373. [func] nslookup is now installed by "make install".
372. [bug] Deal with Microsoft DNS servers appending two bytes of
garbage to zone transfer requests.
371. [bug] At high debug levels, doing an outgoing zone transfer
of a very large RRset could cause an assertion failure
during logging.
370. [bug] The error messages for rollforward failures were
overly terse.
367. [bug] Allow proper selection of server on nslookup command
line.
365. [bug] nsupdate -k leaked memory.
362. [bug] rndc no longer aborts if the configuration file is
missing an options statement. [RT #209]
359. [bug] dnssec-signzone occasionally signed glue records.
357. [bug] The zone file parser crashed if the argument
to $INCLUDE was a quoted string.
354. [doc] Man pages for the dnssec tools are now included in
the distribution, in doc/man/dnssec.
353. [bug] double increment in lwres/gethost.c:copytobuf().
(RT# 187)
352. [bug] Race condition in dns_client_t startup could cause
an assertion failure.
351. [bug] Constructing a response with rcode SERVFAIL to a TSIG
signed query could crash the server.
350. [bug] Also-notify lists specified in the global options
block were not correctly reference counted, causing
a memory leak.
349. [bug] Processing a query with the CD bit set now works
as expected.
344. [bug] When shutting down, lwresd sometimes tried
to shut down its client tasks twice,
triggering an assertion.
343. [bug] Although zone maintenance SOA queries and
notify requests were signed with TSIG keys
when configured for the server in case,
the TSIG was not verified on the response.
342. [bug] The wrong name was being passed to
dns_name_dup() when generating a TSIG
key using TKEY.
340. [bug] The top-level COPYRIGHT file was missing from
the distribution.
339. [bug] DNSSEC validation of the response to an ANY
query at a name with a CNAME RR in a secure
zone triggered an assertion failure.
337. [bug] "dig" did not recognize "nsap-ptr" as an RR type
on the command line.
336. [bug] "dig -f" used 64 k of memory for each line in
the file. It now uses much less, though still
proportionally to the file size.
335. [bug] named would occasionally attempt recursion when
it was disallowed or undesired.
333. [bug] The resolver incorrectly accepted referrals to
domains that were not parents of the query name,
causing assertion failures.
331. [bug] Only log "recursion denied" if RD is set. (RT #178)
Changes are too numerous to list here in detail, but highlights are:
The communication between "rndc" and "named" is now
authenticated using digital signatures. Because of
this, rndc now requires a configuration file "rndc.conf"
containing a shared secret, with a corresponding
"controls" clause in named.conf.
When the server is chrooted using the -t option,
it no longer needs copies of the passwd and group
files in the chroot environment.
Various bug fixes and cleanups, especially
in the dig, host, nslookup, and nsupdate
programs.
There are a few known bugs:
The option "query-source * port 53;" will not work as
expected. Instead of the wildcard address "*", you need
to use an explicit source IP address.
On some systems, IPv6 and IPv4 sockets interact in
unexpected ways. For details, see doc/misc/ipv6.
To reduce the impact of these problems, the server
no longer listens for requests on IPv6 addresses
by default. If you need to accept DNS queries over
IPv6, you must specify "listen-on-v6 { any; };"
in the named.conf options statement.
There are known problems with thread signal handling
under Solaris 2.6.
The "dig" and "host" tools have been completely rewritten and
are included in the base distribution. Fixed: Most bugs reported
against beta 2. Added: The server now supports "views", a
mechanism for answering DNS queries differently to different
requestors. This will make split DNS setups much easier to build;
NOTIFY (RFC1996) has been implemented; Basic support for validation
of DNSSEC signatures has been implemented (for details, see
"doc/misc/dnssec").
Many more config file options
implemented (see doc/misc/options for a
summary of the current implementation
status), portability improvements, (works
much better than beta 1 on FreeBSD 3.4),
and bugfixes (almost all bugs reported
against beta 1 have been fixed).
be most useful to advanced users working with IPv6 or DNSSEC.
BIND 9.0.0b1 is not functionally complete, and is not a release
candidate for BIND 9.0.0. The ISC anticipates a number of additional
beta releases between now and May, when BIND 9.0.0 is scheduled to
be released.
The ISC does not recommend using BIND 9.0.0b1 for "production"
services.
