diff options
author | sthen <sthen@openbsd.org> | 2019-12-18 11:01:06 +0000 |
---|---|---|
committer | sthen <sthen@openbsd.org> | 2019-12-18 11:01:06 +0000 |
commit | 66225e4db1a151f3476a4d2930bea1ded01a8449 (patch) | |
tree | 6a4b6007427014bb8aa1fb8692523e320167a263 /usr.sbin/nsd | |
parent | remove, not useful here (diff) | |
download | wireguard-openbsd-66225e4db1a151f3476a4d2930bea1ded01a8449.tar.xz wireguard-openbsd-66225e4db1a151f3476a4d2930bea1ded01a8449.zip |
add the changelog
Diffstat (limited to 'usr.sbin/nsd')
-rw-r--r-- | usr.sbin/nsd/doc/ChangeLog | 4268 |
1 files changed, 4268 insertions, 0 deletions
diff --git a/usr.sbin/nsd/doc/ChangeLog b/usr.sbin/nsd/doc/ChangeLog new file mode 100644 index 00000000000..b7733ad0c86 --- /dev/null +++ b/usr.sbin/nsd/doc/ChangeLog @@ -0,0 +1,4268 @@ +13 August 2019: Wouter + - Fix error message for out of zone data to have more information. + +12 August 2019: Wouter + - Fix #33: Fix segfault in service of remaining streams on exit. + +6 August 2019: Wouter + - Tag for 4.2.2rc1. + +5 August 2019: Wouter + - PR #31: nsd-control: Add missing stdio header. + - PR #32: tsig: Fix compilation without HAVE_SSL. + - Cleanup tls context on xfrd exit. + +31 July 2019: Wouter + - Fix #29: SSHFP check NULL pointer dereference. + - Fix #30: SSHFP check failure due to missing domain name. + - Fix to timeval_add in minievent for remaining second in microseconds. + +22 July 2019: Wouter + - Set timeout for refetch immediately, only spread load when there + are retries. + +19 July 2019: Wouter + - Set no renegotiation on the SSL context to stop client + session renegotiation. + +18 July 2019: Wouter + - Fix #25: NSD doesn't refresh zones after extended downtime, + it refreshes the old zones, with a random delay of a couple of + seconds to spread the load. + - Fix so that expired zones stay expired when server is down a + long time. + +17 July 2019: Wouter + - Fix that NSD warns for wrong length of the hash in SSHFP records. + +15 July 2019: Wouter + - PR #23: Fix typo in nsd.conf man-page. + +4 July 2019: Wouter + - Set version to 4.2.2 in development. + - clean memory on exit of nsd-checkzone for memory debug. + - Fix #20: CVE-2019-13207 Stack-based Buffer Overflow in the + dname_concatenate() function. Reported by Frederic Cambus. + It causes the zone parser to crash on a malformed zone file, + with assertions enabled, an assertion catches it. + - Fix #19: Out-of-bounds read caused by improper validation of + array index. Reported by Frederic Cambus. The zone parser + fails on type SIG because of mismatched definition with RRSIG. + +2 July 2019: Wouter + - Tag for 4.2.1rc1 + +27 June 2019: Wouter + - Fix unit test for added options and no dot after zone updated + log message. + - Fix compile without accept4. + +21 June 2019: Wouter + - Omit remaining tcp processing if the list is empty. + - Fix output of nsd-checkconf -h. + +20 June 2019: Wouter + - Initialize event structures before event_set, to stop uninitialized + values from setting event library lists and assertions, that would + sometimes also show after event_del. + - Added num.tls and num.tls6 stat counters. + - PR #12: send-buffer-size, receive-buffer-size, + tcp-reject-overflow options for nsd.conf, from Jeroen Koekkoek. + - Do not use symbol from libc, instead use own replacement, if not + available, for accept4. + - Fix #14, tcp connections have 1/10 to be active and have to work + every second, and then they get time to complete during a reload, + this is a process that lingers with the old version during a version + update. + +19 June 2019: Wouter + - Fix tls handshake event callback function mistake, reported + by Mykhailo Danylenko. + +18 June 2019: Wouter + - Fix #15: crash in SSL library, initialize variables for TCP access + when TLS is configured. + +14 June 2019: Wouter + - Fix to init event not pointer, in reassignment. + +12 June 2019: Wouter + - Fix to init event structure for reassignment. + +11 June 2019: Wouter + - NSD 4.2.0 release. Current development is 4.2.1. + - Fixup of RELNOTES, corrected RFC reference for 4892. + - Fix #13: Stray dot at the end of some log entries, removes dot + after updated serial number in log entry. + - Fix TLS cipher selection, the previous was redundant, prefers + CHACHA20-POLY1305 over AESGCM and was not as readable as it could be. + - Consolidate server tls context create and remote control context + create, with hardening for the remote control tls context too. + +6 June 2019: Wouter + - NSD 4.2.0rc1 tag. + +4 June 2019: Wouter + - Fix unit test for outgoing interface to use random port numbers for + the outgoing interface config. + +29 May 2019: Wouter + - Fix to guard _OPENBSD_SOURCE from redefinition. + +28 May 2019: Wouter + - Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD. + +16 May 2019: Wouter + - Fix #10: Fix memory leaks caused by duplicate rr and include + instructions. + +6 May 2019: Wouter + - Note CII best practices badge for NSD on the README.md. + +2 May 2019: Wouter + - Fix .gitignore for unit test generated files. + - Fix checkconf unit test for hide-identity and tls. + +1 May 2019: Wouter + - Fix makedist.sh for use with git. + - Nicer output on travis for clang analysis. + - Add .gitignore file to exclude built files from version tracking. + - Add README.md file in repository with compile instructions. + - Fix .gitignore for dnstap files and aclocal temp. + - Add aclocal to README.md for pkgconfig for some configure options. + +25 April 2019: Wouter + - Add tls.tpkg unit test for DNS over TLS functionality. + +18 April 2019: Wouter + - Fix to avoid buffer alloc with global buffer in tls write handler. + - Fix to initialize event structure when accepting TCP connection. + - Use travis for build check, initial unit test and clang analysis. + - Disable SSLv2,3,TLSv1.0,1.1 if TLS1.2 is available in libssl. + - Disable weak ciphers, enable CIPHER_SERVER_PREFERENCE. + - further setup ssl ctx after the keys are loaded, for ECDH. + - TLS OCSP stapling support, enabled with tls-service-ocsp: filename, + patch from Andreas Schulze. + +17 April 2019: Wouter + - Fix to share openssl init code, and perform it once. + +16 April 2019: Andreas via Sara + - Patch to add support for TCP Fast Open + - Patch to add support for tls service on a specified tls port + +16 April 2019: Wouter + - Fix #4249: The option hide-identity: yes stops NSD from responding + with the hostname for chaos class queries. Implements the RFC4829 + security considerations. + - Remove starttls, this signalling method was not standardized. + - Remove TO bit, this signalling method was not standardized. + - Remove unused first_query and tls_ok states. + - Remove sign-compare warning in tls packet send code. + - Fix spelling in comment and log printout. + - Fix potential uninitialized variable. + - Fix documentation for DNS over TLS, and set default port 853. + - Fix to add missing comment. + - Fix that the TLS handshake routine sets the correct event to + continue when done. + - Fix that TLS renegotiation calls the read and write routines again + with the same parameters when the desired event has been satisfied. + - Fix that TCP Fastopen has better error message and supports OSX. + - Fix log for fastopen with verbosity. + - Squelch TLS handshake failure log until verbosity 3. + - Add per-zone statistics for TLS queries, and dnstap for TLS queries, + and rcode and TCflag statistics for TCP and TLS queries. + +25 March 2019: Wouter + - Print IP address when bind socket fails with error. + +21 March 2019: Wouter + - Fix spelling error in release notes. + - Fix to delete unused zparser.default_apex member. + +19 March 2019: Wouter + - tag 4.1.27rc1. This became 4.1.27 on 25 March 2019 and trunk has + 4.1.28 in development. + +18 March 2019: Wouter + - Fix unit test bug013_truncate for new truncation with EDNS size, + it is one RR smaller for the truncated response in the test. + +14 March 2019: Wouter + - Fixed radtree_insert memory leak. + - Fixed access recycled variable. + +11 March 2019: Wouter + - Fix #6: nsd-control-setup: Change validity time to a shorter + period (<2038). + - Fix unused definition in header remote.h. + - Fix #4236: IPV4_MINIMAL_RESPONSE_SIZE=1480 is slightly too big. + - Fix #4235: IP_PMTUDISC_OMIT on IPv4/UDP sockets. + +18 February 2019: Wouter + - Fix to remove unused code. + +15 February 2019: Wouter + - tentative robustness, delete stats items from list twice if needed. + +14 February 2019: Wouter + - Fix #4: setusercontext() is in libutil on NetBSD, and also + include login_cap.h only if it exists. + - Fix #4215: fixup for state update for TSIG information in server + processes, nicer printout for tsig_print, tsig_print without + arguments and no leaks. + - nicer logging for update_tsig. + +1 February 2019: Wouter + - Fix for tsig assoc_tsig command on acl with nokey elements. + +29 January 2019: Wouter + - Fix #4215: on-the-fly change of TSIG keys with patch from Igor, adds + nsd-control print_tsig, update_tsig, add_tsig, assoc_tsig + and del_tsig. These changes are gone after reload, edit the + config file (or a file included from it) to make changes that + last after restart. + - documentation for tsig nsd-control options. + +24 January 2019: Wouter + - Deny ANY with only one RR in response, by default. Patch from + Daisuke Higashi. The deny-any statement in nsd.conf sets ANY + queries over UDP to be further moved to TCP as well. + Also no additional section processig for type ANY, reducing + the response size. + - assertions for clang analysis. + +10 December 2018: Wouter + - Fix for FreeBSD port with dnstap enabled. + +6 December 2018: Wouter + - Fix to reduce region_log_stats if condition, this removes a + debug statement. + +5 December 2018: Wouter + - Fix #4213: disable-ipv6 and dnstap compile error. + +3 December 2018: Wouter + - Note that the content_list member is unused; and could be removed + if the database format is modified or updated. + - Fix that dnstap logs CQ and CR like BIND does. + - Revert that, it looks wrong, AQ and AR are for the authoritative. + +29 November 2018: Wouter + - Tag for 4.1.26rc1. Which became 4.1.26 on 4 dec 2018. + Trunk has 4.1.27 in development. + - Fix clang analysis warning on null in closest encloser for wildcard + denial nsec. + - Fix clang analysis warnings. + +27 November 2018: Wouter + - Fix parsezone failure in 4194 fix. + +26 November 2018: Wouter + - Fix to not set GLOB_NOSORT so the nsd.conf include: files are + sorted and in a predictable order. + - Added nsd-control changezone. nsd-control changezone name pattern + allows the change of a zone pattern option without downtime for + the zone, in one operation. + - Fix #3433: document that reconfig does not change per-zone stats. + +20 November 2018: Wouter + - Fix #4205: enable-recvmmsg in mixed IPv4/IPv6 environment fails. + This sets the msg_hdr.msg_namelen correctly after receipt. + +19 November 2018: Wouter + - Support SO_REUSEPORT_LB in FreeBSD 12 with the reuseport: yes + option in nsd.conf. + - Fix #4202: nsd-control delzone incorrect exit code on error. + - Tab style fix to use tab for 8 spaces, from Xiaobo Liu. + +25 October 2018: Wouter + - Adjust dnstap socket path for chroot. + +22 October 2018: Wouter + - Fix #4194: Zone file parser derailed by non-FQDN names in RHS of + DNSSEC RRs. + - Fix some more, neater code and checks for domain length limit. + - check that the dnstap socket file can be opened and exists, print + error if not. + +4 October 2018: Wouter + - dnstap work, the dnstap.proto is a copy of the file from Unbound, + also dnstap.m4 configure include file. + - dnstap collector: free eventbase and memclean nicer. + - dnstap collector: send data and read it in collector. + - dnstap/dnstap.c and .h from Unbound's contribution from + Farsight Security, added to then adapt it for dnstap logging in NSD. + - dnstap.c with auth query and auth response, and called from + the collector. + - dnstap work, config nsd.conf parse. + - dnstap example config. + +25 September 2018: Wouter + - NSD 4.1.25 released, trunk has 4.1.26 in development. + +18 September 2018: Wouter + - tag for NSD 4.1.25rc1. + +17 September 2018: Wouter + - Fix #4156: Fix systemd service manager state change notification + +14 September 2018: Wouter + - Remove unused if clause during server service startup. + +13 September 2018: Wouter + - Fix typo in clang analysis test. + - Annotate exit functions with noreturn. + - nsd-control prints neater errors for file failures. + +12 September 2018: Wouter + - clang analysis test. + +11 September 2018: Wouter + - Fix to combine the same error function into one, from Xiaobo Liu. + - Fix initialisation in remote.c. + - please clang analyzer and fix parse of IPSECKEY with bad gateway. + - Fix unit test code for clang analyzer. + - Fix nsd-checkconf fail on bad zone name. + +10 September 2018: Wouter + - Fix coding style in nsd.c + +7 September 2018: Wouter + - append_trailing_slash has one implementation and is not repeated + differently. + +4 September 2018: Wouter + - Fix codingstyle in nsd-checkconf.c in patch from Sharp Liu. + +15 August 2018: Wouter + - Fix use_systemd typo/leftover in remote.c. + +13 August 2018: Wouter + - tag for 4.1.24 release. + - trunk is 4.1.25 in development. + - Fix that nsec3 precompile deletion happens before the RRs of + the zone are deleted. + - Fix printout of accepted remote control connection for unix sockets. + +6 August 2018: Wouter + - tag for 4.1.24rc1 release. + +30 July 2018: Wouter + - Tag for NSD 4.1.23 release, trunk is 4.1.24, includes + fix NSD time sensitive TSIG compare vulnerability. + - Fix checkconf test for use-systemd option. + +25 July 2018: Wouter + - #4133: Fix that when IXFR contains a zone with broken NSEC3PARAM + chain, NSD leniently attempts to find a working NSEC3PARAM. + +23 July 2018: Wouter + - Remove socket activation from systemd code, it was reported as + not useful to enable. The readiness signalling is still there, + and can be enabled with use-systemd: yes. + - Only call sd_notify from systemd when use-systemd is yes. + +6 July 2018: Wouter + - RFC8162 support, for record type SMIMEA. + - Fix that type CAA (and URI) in the zone file can contain + dots when not in quotes. + +26 June 2018: Wouter + - configure --enable-systemd (needs pkg-config and libsystemd) can + be used to then use-systemd: yes in nsd.conf and use socket + activation and readiness signalling with systemd. + +19 June 2018: Wouter + - #4106: Fix that stats printed from nsd-control are recast from + unsigned long to unsigned (remote.c). + +14 June 2018: Wouter + - Fix that first control-interface determines if TLS is used. Warn + when IP address interfaces are used without TLS. + +12 June 2018: Wouter + - #4102: control interface via local socket. + configure it with control-interface: "/path/nsd.ctl" The path + has to start with a / to separate it from an IP address. + The local socket does not use SSL, but unencrypted traffic, use + file and containing directory permissions to restrict access. + +6 June 2018: Wouter + - Patch to fix openwrt for mac os build darwin detection in configure. + +4 June 2018: Wouter + - tag for 4.1.22rc1. Became 4.1.22 on 11 June, trunk is 4.1.23 in + development from this point. + +31 May 2018: Wouter + - Fix to use same condition for nsec3 hash allocation and free. + +23 May 2018: Wouter + - Use accept4 to speed up answer of TCP queries, on Linux and FreeBSD + and OpenBSD. + +22 May 2018: Wouter + - Fix nsec3 hash of parent and child co-hosted nsec3 enabled zones. + +15 May 2018: Wouter + - Fix memory free in unit test. + +14 May 2018: Wouter + - Tag for 4.1.21 release. + - trunk has 4.1.22 in development. + - refuse-any sends truncation (+TC) in reply to ANY queries over UDP, + and allows TCP queries like normal. + +7 May 2018: Wouter + - Tag for 4.1.21rc1 release. + +4 May 2018: Wouter + - Fix #4093: Release notes not using 2018. + +3 May 2018: Wouter + - Fix buffer size warnings from compiler on filename lengths. + +26 April 2018: Wouter + - lower memory usage for tcp connections, so tcp-count can be higher. + - Fix checkconf test for refuse-any option. + +3 April 2018: Wouter + - refuse-any nsd.conf option that refuses queries of type ANY. + +5 March 2018: Wouter + - Fix #3562: explain build error when flex missing. + +20 February 2018: Wouter + - For more clang warnings + - Fix spelling error in xfr-inspect. + +19 February 2018: Wouter + - Fix for clang analysis complaints. + +15 February 2018: Wouter + - --enable-memclean cleans up memory for use with memory checkers, + eg. valgrind. + - Fix unused variable warnings from clang analyzer. + +14 February 2018: Wouter + - updated RELNOTES for upcoming release. + - tag 4.1.20rc1, became release on 20 feb, trunk has 4.1.21 in + development. + +9 February 2018: Wouter + - make depend: updated the make dependencies in the Makefile. + +8 February 2018: Wouter + - Fix memory leak when rehashing nsec3 after axfr or zonefile read, + in the selectively allocated precompiled nsec3 hashes. + +6 February 2018: Wouter + - Fix memory leak in zone file read of unknown rr formatted RRs. + +11 December 2017: Wouter + - Add test for support of -Wno-address-of-packed-member for + --enable-packed. + - tag for release 4.1.19 + - trunk has 4.1.20 in development. + +8 December 2017: Wouter + - tag for 4.1.19rc1 + +7 December 2017: Wouter + - Fixup lexer warning for gcc 4.2. + +6 December 2017: Wouter + - Fix 3392: Fix regression in 4.1.18 for notify lists with ip4 + and ip6 targets. + +5 December 2017: Wouter + - Fix spelling error in xfr-inspect. + +1 December 2017: Wouter + - Fix warnings emitted by clang for --enable-packed. Alignment is not + a problem for x86_64, don't enable packed when the platform + requires aligned access. + +30 November 2017: Wouter + - tag for 4.1.18 release. + - trunk has 4.1.19 in development. + - ignore fallthrough compiler warning in flex EOF rule. + +27 November 2017: Wouter + - Fix crash for DS query when parent and child zones both configured + in nsd.conf and parent zone has not loaded properly. + - tag for 4.1.18rc2. + +16 November 2017: Wouter + - tag for 4.1.18rc1. + +14 November 2017: Wouter + - Fix #2871: Increase number of sockets for xfrd transfers. + +6 November 2017: Wouter + - Set usage counts in namedb tree to uint32 to save memory. + - Fix up debug content from nsec3 collision printout work. + +2 November 2016: Wouter + - make ip-transparent option work on OpenBSD. + +11 October 2016: Wouter + - Fix #1567: Change crit to err log level for gettimeofday failure. + Add defines for compile without syslog. + +9 October 2016: Wouter + - Fix collision printout of nsec3 to print name, hash and reverse. + +2 October 2016: Wouter + - nsd-control zonestatus prints wait time between attempts, for zones + that are in that waiting time. + +19 September 2016: Wouter + - merges feature branch branches/alloced_prehashes into trunk. + +18 September 2016: Wouter + - Fix #1446: A corrupted zone file "propagates" to good ones. + +14 September 2016: Wouter + - Fix layout in xfrd.c. + +6 September 2017: Willem + - Save memory by selectively allocate precompiled nsec3 hashes + +29 August 2016: Wouter + - With --enable-packed save memory, at expense of unaligned reads. + - Fix writev compile warning on FreeBSD. + +25 July 2016: Wouter + - NSD sends up to 16 notifies simultaneously for up to 64 zones, + to increase rate of notification for large master configurations. + +24 July 2016: Wouter + - Fix gcc 7.1.1 warnings. + +17 July 2016: Wouter + - Trunk has 4.1.18 + - xfr-inspect is part of source dir, but not made or installed by + default. + - retry timeout between sending notifies dropped from 15 to 3 sec. + +13 July 2016: Wouter + - tag 4.1.17rc1, and that became the 4.1.17 release on 21 July 2017. + +29 June 2016: Wouter + - make depend. + +26 June 2016: Wouter + - Fix text format of deletes for CDS and CDNSKEY, single 0 to represent + empty base64 or hex string. + +23 June 2016: Wouter + - Fix potential null pointer in nsec3 adjustment tree. + +15 June 2016: Wouter + - xfr-inspect debug tool prints out xfr contents of files in tmp. + +6 June 2016: Wouter + - Fix #1272: use writev to put tcp length field with data for outgoing + zone transfer requests. + +16 May 2016: Wouter + - zone parser parses type AVC (it has TXT format). + +25 April 2016: Wouter + - 4.1.16 release tag. + - trunk contains 4.1.17 in development. + +11 April 2016: Wouter + - 4.1.16 rc1 tag for release. + - minor manpage fix. + +5 April 2016: Wouter + - Patch for expire state in multi-master when masters includes + broken master. + +27 March 2016: Wouter + - Fix 1243: Option to make NSD emit really minimal responses, + minimal-responses: yes in nsd.conf. + - but they give additional information for priming queries (type NS). + +6 March 2016: Wouter + - Fix 1228: OpenSSL include is not guarded with HAVE_SSL + +28 February 2016: Wouter + - Printout serial error with hint it may be too big. + +20 February 2016: Wouter + - Fix missing _t to _type conversion for disable-radix-tree option. + +15 February 2016: Wouter + - zone parser can parse acronyms for algorithms ED25519 and ED448. + +13 February 2016: Wouter + - Calculate new udb index after growing the array, fix from + Chaofeng Liu. + +7 February 2016: Wouter + - tag for 4.1.15 rc1. Which became 4.1.15 on 16 Feb. Trunk 4.1.16. + +19 January 2016: Wouter + - Fix to rename _t typedefs because POSIX reserves them. + +3 January 2016: Wouter + - Fix #1195: Fix so that NSD fails on non-compliant values for Serial. + +14 December 2016: Wouter + - Squelch zone transfer error address family not supported by protocol + at low verbosity levels. + +13 December 2016: Wouter + - Fix nsd-control and ipv6 only. + +8 December 2016: Wouter + - tag 4.1.14 + - trunk contains 4.1.15 in development. + +1 December 2016: Wouter + - Fix restart of zone transfers when new config becomes available. + - tag 4.1.14rc1 + +25 October 2016: Wouter + - Fix #1132 for SERVFAIL zones perform backoff, and remembers the + timeout on next startup. + - Save backoff timeout into xfrd.state file, this file has a higher + version number now. Old files are skipped silently (causes + refresh) and created as new files upon exit. + - Set number of rounds to 1; NSD will try every master once, then + wait for timeout or notify. + - Fix axfr fallback for rounds to 1. + +20 October 2016: Wouter + - suppress compile warning in lex files. + +18 October 2016: Wouter + - Robust fix against missing master in tcp_open for xfrd. + - More in depth fix for the previous. + - Fix wildcards in include: config statements with chroot enabled. + +27 September 2016: Wouter + - NSD 4.1.13 tag. + - trunk has 4.1.14 in development. + - Fix null memcpy for radixtree with single link element. + +19 September 2016: Wouter + - Review comments Ralph: wrapped long lines and nicer example conf. + +16 September 2016: Wouter + - NSD 4.1.13rc1 tag. + +15 September 2016: Wouter + - Test for openssl init_crypto and init_ssl functions. + +14 September 2016: Ralph + - Fix OPENSSL_INIT_ADD_ALL_DIGESTS compatibility check + +13 September 2016: Wouter + - Fix double const in dname_const() function. + - Silenced flex-generated sign-unsigned warning print with gcc + diagnostic pragma. + +8 September 2016: Wouter + - more extensible edns option handling. + +2 September 2016: Wouter + - Release of 4.1.12; trunk is 4.1.13 and the patch for 4.1.12 (that + does not contain the other changes to the trunk) is folded into + the trunk. + - Fix #827: fix compile with openssl 1.1.0 with api=1.1.0. + +25 August 2016: Wouter + - Fix multimaster for not tried full zone transfer for a expired zone. + - Explain --disable-radix tree uses some more CPU. + +22 August 2016: Wouter + - Fix README spelling error of BSD license (reported by Joerg Jung). + +19 August 2016: Wouter + - for type SRV add A/AAAA to the additional section (if possible), + just like we already do for type MX. + +17 August 2016: Wouter + - Add robustness against unallocated data in nsec3 trees. + +16 August 2016: Wouter + - configure --disable-radix-tree for about 15% lower memory usage. + +12 August 2016: Wouter + - Fix #817: xfrd update failed loop. + +9 August 2016: Wouter + - Can config key algorithms with the digest name, eg. 'sha256'. + - default tsig algorithm is sha256. + - Fix typo in log output, 'transfered' -> 'transferred'. + - Fix compile warnings about signcompare in minmax retrytime. + +8 August 2016: Wouter + - Support syntax of RR type OPENPGPKEY from RFC 7929. + +5 August 2016: Wouter + - multi-master-check: yes can be used to check all masters for the + last version, using the higher version from the configured masters, + from Manabu Sonoda. + - small fixups on patch. And fix spacing and remove configure flag. + - Fix #812: make depend fails after distribution. + +2 August 2016: Wouter + - Fix unused result warnings from write and strtol. + +1 August 2016: Wouter + - Tag 4.1.11rc1. + - Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut. + - Tag 4.1.11rc2. + - trunk is 4.1.12 in development. + +8 July 2016: Wouter + - Note down tracking numbers for issue JVN#63359718 JPCERT#91251865. + +5 July 2016: Wouter + - Fix #790: size-limit-xfr can stop NSD from downloading infinite zone + transfer data size, from Toshifumi Sakaguchi. + +27 June 2016: Wouter + - Set default for min-refresh-time and min-retry-time to 0. Behaves + just like before, but has a configurable option in nsd.conf. + - Fix #783: Trying to run a root server without having configured it + silently gives wrong answers. + +16 June 2016: Wouter + - When tcp is more than half full, use short timeout for tcp session. + - Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori. + - man page entries for max-refresh-time patch. + +15 June 2016: Wouter + - Fix build without IPv6, patch from Zdenek Kaspar. + +14 June 2016: Wouter + - release 4.1.10 and tag for that. + - trunk has 4.1.11 in development. + +7 June 2016: Wouter + - Fix NSEC3 ent fix to use closest encloser, not wildcard denial. + +2 June 2016: Wouter + - Fix for NSEC3 with zone signed without exact match for empty + nonterminals, the answer for that domain gets wildcard denial. + - #772 Document that recvmmsg has IPv6 problems on some linux kernels. + - tag for 4.1.10rc1. + +31 May 2016: Wouter + - print notice that nsd is starting before taking off. + +20 May 2016: Wouter + - Updated fix for nonterminal nsec3 answers. + +19 May 2016: Wouter + - Fix empty nonterminal nsec3 cover answers. + +12 May 2016: Wouter + - NSD includes AAAA before A for queries over IPV6 (in delegations). + And TC is set if no glue can be provided with a delegation because + of packet size. + +19 April 2016: Wouter + - Fix #755: NSD spins after a zone update and a lot of TCP queries. + +7 April 2016: Wouter + - If set without nsd.db print "" as the default in the man pages. + +4 April 2016: Wouter + - Fix #751: NSD fails to occlude names below a DNAME. + +24 March 2016: Wouter + - Fix for openssl 1.1.0, HMAC_CTX size not exported from openssl. + +21 March 2016: Wouter + - Update acx_nlnetlabs.m4 to version 33 with HMAC_Update test. + - acx_nlnetlabs.m4 to v34, with -ldl -pthread test for libcrypto. + +15 March 2016: Wouter + - ip-freebind: yesno option in nsd.conf sets IP_FREEBIND socket option + for Linux, binds to interfaces and addresses that are down. + - Change the nsd.db file version because of nanosecond precision fix. + - 4.1.9 release with the nsd.db file version fix (but not freebind), + trunk contains 4.1.10 in development. + +10 March 2016: Wouter + - Tag 4.1.8 + - Trunk contains 4.1.9 in development. + +2 March 2016: Wouter + - Tag 4.1.8rc1 + +1 March 2016: Wouter + - #744: Fix that NSD replies for configured but unloaded zone + with SERVFAIL, not REFUSED. + +16 February 2016: Wouter + - RR type CSYNC (RFC7477) syntax is supported. + +29 January 2016: Wouter + - #739: zonefile changes when mtime is small are detected on reload, + if filesystem supports precision mtime values. + +19 January 2016: Wouter + - Fix #736: segfault during zone transfer. + +08 January 2016: Wouter + - Define _DEFAULT_SOURCE with _BSD_SOURCE for recent Linuxes. + +05 January 2016: Wouter + - #732: tcp-mss, outgoing-tcp-mss options for nsd.conf, patch + from Daisuke Higashi. + +04 January 2016: Wouter + - Updated acx_nlnetlabs to version 32. + +11 December 2015: Wouter + - Fix flto check for OSX clang. + +10 December 2015: Wouter + - 4.1.7 release + - trunk has 4.1.8 in development. + - take advantage of arc4random_uniform if available, patch from + Loganaden Velvindron. + +3 December 2015: Wouter + - tag for 4.1.7rc1 prerelease. + +2 December 2015: Wouter + - configure --enable-ratelimit-default-is-off with --enable-ratelimit + to set the default ratelimit to disabled but available in nsd.conf. + - Document that ratelimit qps and slip are updated in reconfig. + - version: "string" option to set chaos version query reply string. + - Fix up defaults in manpage. + +1 December 2015: Wouter + - Explain rrl-slip better in documentation. + +30 November 2015: Wouter + - Fix TCP responses when REUSEPORT is in use by turning it off. + - reuseport: no is the default, because the feature is not troublefree. + - Document default in manpage for rrl-slip, ip4 and 6 prefixlength. + +24 November 2015: Wouter + - Fix zonec ttl mismatch printout to include more information. + +18 November 2015: Wouter + - RELNOTES more descriptive. + - newer acx_nlnetlabs.m4. + - spelling fixes from Igor Sobrado Delgado. + +17 November 2015: Wouter + - Fix #721: Fix wrong error code (FORMERR) returned for unknown + opcode. NOTIMP expected. + +16 November 2015: Wouter + - Allocate less memory for TSIG digest. + +6 November 2015: Wouter + - Fixup for newer acx_nlnetlabs.m4, test for openssl version after + testing for libdl need. + +5 November 2015: Wouter + - newer acx_nlnetlabs.m4, does not needlessly link with -ldl. + +30 October 2015: Wouter + - Fix tpkg tests for portability. + +29 October 2015: Wouter + - patch from Doug Hogan for SSL_OP_NO_SSLvx options. + - updated contrib/nsd.spec, from Bálint Szigeti. + - support configure --with-dbfile="" for nodb mode by default, where + there is no binary database, but nsd reads and writes zonefiles. + +27 October 2015: Wouter + - portability fixes. + +26 October 2015: Wouter + - Init pfd for handlers added during handler-event-walk. + +23 October 2015: Wouter + - Fix many interfaces and zones updates from nsd parent event loop. + +22 October 2015: Wouter + - 4.1.6 release tag. + - trunk contain 4.1.7 in development. + +20 October 2015: Wouter + - 4.1.6rc2 tag created. + +19 October 2015: Wouter + - Fix compile of zonec error message on FreeBSD. + +15 October 2015: Wouter + - 4.1.6rc1 tag created. + +13 October 2015: Wouter + - nsd-checkconf warns for master zones with no zonefile statement. + - Fix start failure when many file descriptors are in use. + - The servfail rcode is not printed with a space in the middle. + - fixup file descriptor fixup nicer. + - print failed token for config syntax error or parse error. + +12 October 2015: Wouter + - Fix #711: Document that debug-mode yes is used for staying + attached to the supervisor console. + - Document verbosity 3 prints more information. + +30 September 2015: Wouter + - makedist.sh print on pgp signature creation. + +28 September 2015: Wouter + - Fix typo in zonec.c inside error message. + +24 September 2015: Wouter + - Fix #701: Fix that AD=1 set in a BADVERS response. + +21 September 2015: Wouter + - Fix #706: default port 53 not opened on ip4 because of getaddrinfo + hints initialisation failure. + - 4.1.5 release tag + - trunk contains 4.1.6 in development. + +9 September 2015: Wouter + - 4.1.4 release tag created. + - trunk contains 4.1.5 in development. + +31 August 2015: Wouter + - 4.1.4rc1 tag created. + +28 August 2015: Wouter + - Fix #698 formatting errors and typos in nsd.8.in. + - Add --enable-pie and --enable-relro-now options. + +18 August 2015: Wouter + - Admitted axfrs are logged at verbosity 1. Refused at verbosity 2. + +17 August 2015: Wouter + - Fixed checkconf test for reuseport setting. + +14 August 2015: Wouter + - SO_REUSEPORT does not work on FreeBSD. Enabled by default on Linux, + not enabled by default on other OSes. + +5 August 2015: Wouter + - Fix that notify from nsd-control contains soa serial. + +3 August 2015: Wouter + - squelch SO_REUSEPORT failure on verbosity less than 3. + +31 July 2015: Wouter + - removed hardcoded interface limit, --with-max-ips removed. + - SO_REUSEPORT support. + +16 July 2015: Wouter + - Fix #618: documented need to list ip-addresses separately in + nsd.conf if there are multiple, because the source address of + replies can otherwise go wrong. + +10 July 2015: Wouter + - Fix that for expired zones NSD performs an AXFR and accepts newer + and older serial numbers. + - Document that minimal responses only minimizes responses to fit + in one datagram. It does not minimize smaller responses. + +2 July 2015: Wouter + - Fix NSID response for short edns sizes. + +23 June 2015: Wouter + - Trunk contains 4.1.4 in development. + +4 June 2015: Wouter + - Tag 4.1.3rc1 + - improve nsd-control usage text. (23 june - added to 4.1.3) + - RFC7553 RR Type URI support. + +2 June 2015: Wouter + - Fix redefined macro lex warning for freebsd flex. + +29 May 2015: Wouter + - Fix that formerrors are ratelimited. + +19 May 2015: Wouter + - max-interfaces raised to 32. + +18 May 2015: Wouter + - removed unused defines for unofficial tsig-hmac algorithm codes. + The TSIG algorithm is identified by name in the config file. + +14 May 2015: Wouter + - hmac sha224, sha384 and sha512 support, patch from David Gwynne. + +23 April 2015: Wouter + - Fix crash in zone parser for relative dname after error in origin. + - Test for zone parser failures + +21 April 2015: Wouter + - nsd-control addzones and delzones read list of zones from stdin. + - Fix task and zonestat files to be stored in a subdirectory in tmp + to stop privilege elevation. + - printout names for successful addition and removal with bulk command. + +20 April 2015: Wouter + - Fix #665: when removing subdomain, nsd does not reparse parent zone. + +14 April 2015: Wouter + - trunk contains 4.1.3(upcoming). + +7 April 2015: Wouter + - Tag 4.1.2rc2. + +2 April 2015: Wouter + - Made log message more consistent, changed 'axfr refused' log message + to be more consistent with other messages. Also notify refused. + - verbosity 2 logs axfr refused and notify refused. + verbosity 1 contains less log messages. + +31 March 2015: Wouter + - Tag 4.1.2rc1. + +24 March 2015: Wouter + - Fix #654: Fix contradiction in notify logging verbosity level. + - Incoming notifies have serial number logged (at verbosity 1). + - Fix #655: Fix contradiction in verbosity for zone transfers. + +17 March 2015: Wouter + - Use reallocarray for integer overflow protection, patch submitted + by Loganaden Velvindron. + - Fix allocation integer overflow checks. + +13 March 2015: Wouter + - Fix buffer overflow in config parse of domain name, + reported by John Van de Meulebrouck Brendgard. + +12 March 2015: Wouter + - Updated default keylength in nsd-control-setup to 3k. + +10 March 2015: Wouter + - Fix use after free after zonefile syntax error followed by ttl + or origin directive, reported by John Van de Meulebrouck Brendgard. + - Fix syntax error followed by too many TXT elements parse crash + reported by John Van de Meulebrouck Brendgard. + +9 March 2015: Wouter + - Fix origin directive from unused old value and subdomain parser + failure, reported by John Van de Meulebrouck Brendgard. + +2 March 2015: Wouter + - Fix b64pton out of bounds error on invalid zonefile input + reported by John Van de Meulebrouck Brendgard. + +20 February 2015: Wouter + - Fix segfault on double origin in zone reader (thanks John Van de + Meulebrouck Brendgard). + +19 February 2015: Wouter + - Remove dead code domain_table_iterate. + - Fix segfault in zone reader on invalid input + reported by John Van de Meulebrouck Brendgard. + +5 February 2015: Wouter + - Fix #642: Change 'zone read with no errors' to '.. with success'. + Patch from Benedikt Heine. + +3 February 2015: Wouter + - Tag 4.1.1 release + - Trunk is 4.1.2 in development. + - Remove some duplicate header includes (from Brad Smith). + - Fix tcp waiting list for zone transfers where the bind and connect + calls fail. + +29 January 2015: Wouter + - Fix zonesdir chroot error message. + +28 January 2015: Wouter + - correct some hyphen-used-as-minus-sign (from Andreas Schulze) in + man pages. + +27 January 2015: Wouter + - Tag 4.1.1rc1 + +21 January 2015: Wouter + - Synthesize CNAMEs with same TTL as DNAME. + +12 January 2015: Wouter + - Fix casts for ctype functions (from Todd Miller). + - nsd-checkconf -f prints out full name of pidfile (with dir). + +9 January 2015: Wouter + - Fix bug#637: fix that nsd.db grows limitlessly, an off by one + on one megabyte free chunks, created during AXFRs of large zones, + that caused the one megabyte chunk to be leaked. + - Fix udb-inspect for one megabyte chunks, counts and statistics. + +6 January 2015: Wouter + - Fix spinning NSD with lots of failing transfers, due to pointer + comparison using void pointer subtraction (from Otto Moerbeek). + +5 January 2015: Wouter + - Patch nsd_munin_ from Philip Paeps to use type ABSOLUTE. + +4 Nov 2014: Wouter + - Document zonestat config, and nsd-checkconf access. + +3 Nov 2014: Wouter + - Fix that failure to add tcp to tcp base does not leak the socket. + +27 Oct 2014: Wouter + - Disabled use of SSLv3 in nsd-control. + - zonestats are cleared (or not, with stats_noreset). + +22 Oct 2014: Wouter + - Test for wildcard fix (from 3.2). + +16 Oct 2014: Wouter + - Fixes for wildcard addition and deletion, speedup for some cases. + +15 Oct 2014: Wouter + - Fix that queries for noname CH TXT are REFUSED instead of nodata. + +14 Oct 2014: Wouter + - per zone statistics with --enable-zone-stats, configure with + zonestats: "zonestatidentifier", zones with the same id are added. + +10 Oct 2014: Wouter + - Fix #616: retry xfer for zones with no content after command. + - Fix char used as array index warnings on NetBSD. + +8 Oct 2014: Wouter + - Fix "xfrd_handle_ipc: bad mode" log errors when compiled + with --disable-bind8-stats. + +18 Sep 2014: Wouter + - Fix that expired zones stay expired after a server restart. + +15 Sep 2014: Wouter + - RFC 7344: CDS and CDNSKEY (read in). + +4 Sep 2014: Wouter + - Tag 4.1.0. + - trunk is 4.1.1 in development. + - fix manpage for nsd-checkzone to have version and date. + +29 Aug 2014: Wouter + - Fix install of the nsd-checkconf man page. + +28 Aug 2014: Wouter + - Tag 4.1.0rc1 + +25 Aug 2014: Wouter + - Increased default --with-max-ips from 8 to 16, this increases the + number of interfaces you can specify in nsd.conf to listen to. + +19 Aug 2014: Wouter + - Remove .LP after .SH in man pages. + +7 Aug 2014: Wouter + - Fix for process swap of main and reload, reload failure from the + pipe is acted on, and reload fail not cause nsd to shutdown, also + ignore sigchlds from the servermain in reload, that would cause + EINTR to break file reads. + - trunk has version 4.1. + +5 Aug 2014: Wouter + - Fix #600: document that provide-xfr provides AXFR and not IXFR. + - remove program group fix, because it is not needed. + - Fix rising-load-average or memory-leaks in OSes (Linux since 2.6), + that keep track of all past process parents, or leak memory + for them. Fix makes it so there is no very deep string of + process parents. + The reload process is now the process parent of servermain. That + makes signals for children arrive at the reload, and servermain + has to use closed pipes to detect that children have exited. + +1 Aug 2014: Wouter + - Set program group on main process and its child processes, and + kill them on a reload. + +20 July 2014: Wouter + - Fix endian.h include for OpenBSD. + +15 July 2014: Wouter + - Fix -O3 compile flag to -O2 to avoid miscompilations. + - Allow user to override the -g -O2 CFLAGS in ./configure. + +11 July 2014: Wouter + - fix strptime implicit declaration error on OpenBSD. + +9 July 2014: Wouter + - removed unnecessary arc4random_uniform. + +8 July 2014: Matthijs + - fake-rfc2553 patch (thanks Benjamin Baier). + +8 July 2014: Wouter + - wait and reap processes that are not part of the process group. + +7 July 2014: Wouter + - Code review fixup from NSD3. + +30 Jun 2014: Wouter + - Fix #590: rrl log does not print wildcard as a star but escaped. + - Fix #591: rrl log messages at verbosity level 1. + (If that does not work for everyone, we need rrl-log: yesno option). + +27 Jun 2014: Wouter + - Fixup rr-test test so that it does not fail on the #553 string. + +17 Jun 2014: Matthijs + - Fix #587: Default value for statistics is 0. + - Remove the shift-reduce conflicts from the bug#553 fix. + +5 Jun 2014: Wouter + - Fix roundrobin cornercase for truncated packets. + - round-robin: yesno in nsd.conf enabled round robin rotation. + +28 May 2014: Wouter + - Fix #585: yylex_destroy missing, cannot compile on RHEL 5.x. + - Fix #583: Round-robin for records in the Answer section. + +22 May 2014: Wouter + - Fix zonefile parse with no whitespace before semicolon comments. + +16 May 2014: Wouter + - xfrd reaps children on a timer as well, similar to server_parent. + +8 May 2014: Wouter + - Fix #564: nsd-checkzone tool to check zonefile correctness. + +7 May 2014: Wouter + - Fix #577: makefile incorrectly installed manpages from srcdir. + +30 April 2014: Wouter + - Fix that xfrd reaps all children on every eventloop, because some + exited reloads may attach here and need reaping, also if the signal + is lost. + +23 April 2014: Wouter + - Fix progress printout for very large zones (numeric overflow). + +10 April 2014: Wouter + - Fix write_socket return value check in server.c (Thanks Brad Smith, + Mark Kettenis). + +8 April 2014: Wouter + - nsd-control addzone reports if zone already exists. + +7 April 2014: Wouter + - Fix #571: unused variable and incompatible pointer warnings when + compiled on a system without INET6. + +27 March 2014: Wouter + - Fix delete or rename of a lot of zones and make it take a + non-enormous time. Database compaction is deferred. + - Speed up deletion of zone contents a lot, (56s to 1s), speeds up + delete, rename and AXFR for zones. Defer emptynonterminal checks. + - Better example config in nsd.conf manual page. + - log-time-ascii option, default yes, with readable timestamp in log. + +25 March 2014: Wouter + - nsd shuts down during init process if given signal. + - shorter logging for zone transfer fail rcodes. + +24 March 2014: Wouter + - include: "foo/nsd.d/*.conf" works, wildcard glob on includes. + - Fix print filename of encompassing config file on read failure. + +21 March 2014: Wouter + - Fix bug in nodatabase mode with ixfrs that change nsec3param + (Thanks Anand Buddhdev). + - Changed maxbackoff for no-content secondary zones from 4h to 24h. + - nocontent zones are checked on startup, but continue backoff + from stored xfrd.state values. + +19 March 2014: Wouter + - made database: "" set the 3600 default for zonefileswrite only + if it is also at its default, so that user settings override. + - Unit test for zonefiles-write. + - Write xfrd.state for nodb mode again. Disable xfrd.state with + xfrdfile: "" in config. Does not check slave zone if state is + same as last time on startup. + - Fixed shutdown message sporadically not printed on exit. + - Documented zonefile %s syntax in nsd.conf man page. + - Fix manpage to put colon after zonefiles check and write. + - Change from 'Zone" to "zone" with ".. serial .. is updated" log + message. + +18 March 2014: Wouter + - unit test for nodb mode. + - Speed up zone write (.nl zonefile 30% faster). + The memory alloc-dealloc in print_rr has been moved to print_rrs. + - (from 3.2), fix for #553 and for other TXT string syntax. + - in nodb mode, xfrd.state is not written out, because the zones + are refreshed upon next startup anyway, so keeping timers and state + is unnecessary. + - zonefiles-write option in nsd.conf, enabled when database is "". + The server writes changed zonefiles to disk every hour. + +17 March 2014: Wouter + - Speed up zone parsing (.nl reads 40% faster). + The rrtype_from_string routine is called often, optimised it. + +14 March 2014: Wouter + - tag 4.0.3 + - trunk has 4.0.4 in development. + - database: "" starts without mmap of database. Less memory is used, + zones are read from text zonefile. + +13 March 2014: Wouter + - Fix nsd.db unclean close check. Previous databases are considered + unclean by the code and are created anew. + - Adds nsd.db larger than 400Tb check for sanity. Also test if + filesize as documented in the file is correct. + - nsd waits for tasks to complete on stop, prevents nsd.db corruption. + - fix to not delete tmpdir too early in shutdown process. + +12 March 2014: Wouter + - tag 4.0.2 + - trunk has 4.0.3 in development. + - disabled udb checking functionality that made it very slow, + this was enabled when enable-checking was turned on. + +27 February 2014: Wouter + - tag 4.0.2rc1 + +26 February 2014: Wouter + - Fix that NSD will delete and recreate not-clean-closed databases. + +20 February 2014: Wouter + - Fix from 3.2: make SOA RDATA comparisons in XFR more lenient (only + check serial). + +18 February 2014: Wouter + - Fix leak of zone name after zonefile read. + - Fix malloc too large that would be leaked in the radix tree. + +14 February 2014: Wouter + - configure change for easier compile on Minix. + +10 February 2014: Wouter + - Fix #552: zonefile loads on nsd-control reconfig when the name + of the file has changed. + +7 February 2014: Wouter + - Fix #551: change Regent to Copyright holder in the LICENSE, + to match the definition on opensource.org for the BSD License. + +3 February 2014: Wouter + - Disabled recvmmsg and sendmmsg usage by default because kernel + versions have implementation issues: ipv6 ignored, security issues. + - Detect libevent2 install automatically by configure, and use + event2 header files if necessary. + - Fixup link with lib/event2 subdir. + +30 January 2014: Wouter + - Fix expired zones to give SERVFAIL, also when parent zone loaded. + +27 January 2014: Wouter + - tag 4.0.1. + - trunk is 4.0.2 in development. + - rcode REFUSED for queries to non-hosted zones. + - documented nsd-control zonestatus output in nsd-control manpage. + - remove mention of nsdc from nsd-checkconf manpage. + +21 January 2014: Wouter + - tag 4.0.1rc2 + +20 January 2014: Wouter + - Fix #546: output format errors in nsd_munin_ (Thanks Tom Hendrikx). + +17 January 2014: Wouter + - Fix type CAA. + - Fix type EUI48. + - nsid can be set with "ascii_somestring" in ascii. + - Fix printout of high-chars in TXT on NetBSD. + +16 January 2014: Wouter + - Unit test for WKS failure. + +15 January 2014: Wouter + - tag 4.0.1rc1 + +13 January 2014: Wouter + - Check if configure in srcdir collides with outofdir build. + +10 January 2014: Wouter + - Fix that chroot is removed from zonefile names (for absolute names). + +9 January 2014: Wouter + - Fix that bad IXFR updates do not result in double SOA records, + and that an AXFR is started (attempted) when the zone state seems + to be inconsistent with the master's zone state. + +8 January 2014: Matthijs + - Bugfix #542: Match RRSIG TTL with SOA TTL in negative response. + +7 January 2014: Wouter + - Fix xfrd when zone transfer TCP contains zero length packets. + - Fix for NSEC3 zones where parent zone is co-hosted, also NSEC3, + because AXFRs overwrote nsec3 administration in the child zone. + +2 January 2014: Wouter + - Log ip address for sendto and sendmmsg failures. + +4 December 2013: Matthijs + - Support for CAA RRtype (RFC 6844). + +26 November 2013: Wouter + - Fix segfaults after read of zones with rr type WKS from zonefile. + - Seed PRNG for openssl at start of daemon, fixes SSL connection issue. + +25 November 2013: Wouter + - (same as in 3.2.16): fix wildcard cname to nxdomain repeated rrset. + +11 November 2013: Wouter + - Fix bug#534: IXFR query loop over UDP for zones that are unchanged. + +11 November 2013: Matthijs + - EUI48 and EUI64 is now RFC 7043 + +5 November 2013: Wouter + - Accept interface: as an alternative for ip-address: for + consistency with unbound.conf syntax. + +29 October 2013: Wouter + - tag for 4.0.0 release. + - trunk has 4.0.1 in development, for bug fixes. + +24 October 2013: Wouter + - Fixup zone change code. + - tag 4.0.0rc3. + +21 October 2013: Matthijs + - Initialize xfrd zone when changing zone from master to slave + and delete xfrd zone when changing zone from slave to master. + +14 October 2013: Wouter + - tag 4.0.0rc2. + +14 October 2013: Matthijs + - Additional log messages with reason why RR to be deleted cannot be + found. + +14 October 2013: Wouter + - Fix for zone transfer that has different-cased RRSIG signer names + or NSEC next-owner names. + +9 October 2013: Wouter + - tsig errors on incoming tsig print key name and source IP of query. + +8 October 2013: Wouter + - Update documentation for nsd -d option. + +7 October 2013: Wouter + - Fix mini_event ev_once flag to be prettier (review comments Yuri). + - tag 4.0.0rc1 recreated. + +4 October 2013: Wouter + - Fix bug where if you do not have flex, and then install flex, it + would not make without a re-untar of the source. + +3 October 2013: Wouter + - Review changes from Matthijs. + - doc/README updated, 'nsdc' is now removed. + +1 October 2013: Wouter + - Review commits from Matthijs. + - doc/UPGRADING updated, review Yuri. + +30 September 2013: Wouter + - tag 4.0.0rc1 + - updated doc/RELNOTES + +19 September 2013: Wouter + - configure --disable-recvmmsg for compat with older Linux kernels, + by default it autodetects support in the kernel on the buildmachine. + +20 Aug 2013: Wouter + - Fix time at 2038, uint32s changed to time_t, support 64bit time_t. + +19 Aug 2013: Wouter + - Fix use of 32bit time, for 2038, thanks to Theo de Raadt for patch. + +13 Aug 2013: Wouter + - Bugfix#518 Incorrect RRL prefix length option names in nsd.conf + man page from Ville Mattila. + +9 Aug 2013: Wouter + - Fix that xfrd, and nsd-control, does not stop responding when reload + errors out. The pid is sent like it should by server_main. + - Fix that EOF in quoted string error does not cause reload to exit. + - Fixup errors from the stack code checker. + +6 Aug 2013: Wouter + - Removed use of random when arc4random is available. Thus, random + and srandom are then not linked with the executable. + +16 Jul 2013: Wouter + - Fix segfault with no logfile and chroot (Thanks Patrik Lundin). + +15 Jul 2013: Wouter + - beta 5 tag. + - trunk has beta6 named in configure. + +9 Jul 2013: Wouter + - unlink xfr file if transfer is stopped, timeouted or interrupted. + And unlink xfr file in progress when the zone is deleted. + +8 Jul 2013: Wouter + - Increase tcpbacklog default to 256 (silently capped to 128 on BSD). + For remote control keep it at 16, it has less TCP load. + It does not actually increase TCP performance (some except), but + reduces connection loss when there is a spike in TCP connections. + +5 Jul 2013: Wouter + - nsd-mem stores temp files in current dir because /tmp is too small. + - printout pct parsed, read, nsec3 and written every 100.000 elements + and after 5 seconds. For big zones. + +3 Jul 2013: Wouter + - region-allocator has list of large allocations, so delete is in O(1). + - recursive readroutine for speedup of nsd.db reads (30%). + - udb-inspect prints type summary of nodes in nsd.db. + +28 Jun 2013: Matthijs + - Update tmp serial in xfr checking. + +28 Jun 2013: Wouter + - nsd.db 12% smaller, no nsec3 hash storage. Also ups udb version + because of the format change. printout udb write complete for + debug. + - Fix warning in labellength 0 code. + +27 Jun 2013: Matthijs + - Better XFR checking, fallback to AXFR (if allowed) if three + malformed XFR packets have been seen. + - zonec: Don't crash on domain names with label length 0. + +25 Jun 2013: Matthijs + - Rename --enable-eui-rrtypes to --enable-draft-rrtypes. + +25 Jun 2013: Wouter + - acx_nlnetlabs.m4 update, --disable-flto. + +20 Jun 2013: Matthijs + - Use IPV6 minimum MTU settings with TCP to reduce failures that + are caused by delays in learning working PMTU when communicating + through a tunnel. + - Improved RRL logging: also print triggering query src addr and qtype + (thanks Klaus Darilion). + - Merge some minor stuff from NSD3.2 + +18 Jun 2013: Matthijs + - Add rrl-slip config option (thanks Stephane Bortzmeyer). + - Add rrl-ipv{4,6}-prefix-length config option. + - Bug #496: Support for EUI48 and EUI64 RR types. + +14 Jun 2013: Wouter + - Optimizations: -O3 if possible (user can override CFLAGS), udp + buffers are set to 1m by default (if socket options exist), + use recvmmsg and sendmmsg, or only recvmmsg, or recvfrom. + +11 Jun 2013: Wouter + - Fix memory leak in zone parser for txt record (since the large + number of txt subsections fix). + - Fix zone parser allocations to be in db region. + - nsd-mem prints advice + +5 Jun 2013: Wouter + - Fix segfault on repeated reconfigs, double free of zone apex name. + +4 Jun 2013: Wouter + - Remove duplicate zlfile variable from options structure. + +30 May 2013: Wouter + - Fix nsd-mem for printout of values above 4G. + +16 May 2013: Wouter + - Patch from Lukas Wunner that makes chroot more consistent. + Make all paths absolute with the chrootdir in front, or use + an absolute zonesdir with other patsh relative to that. + +3 May 2013: Wouter + - Fix race on exit of nsd, for restarts, so that the pidfile-pid + process waits until port53 has been closed before exiting. + - update acx_nlnetlabs.m4 to v23, sleep w32 fix. + +29 April 2013: Wouter + - Remove unused pointer and fixup chroot include for trail slash. + +26 April 2013: Wouter + - Patch from Lukas Wunner that makes nsd.conf include files work + inside chroot/etc environments on repattern and reconfig. + +25 April 2013: Matthijs + - New config option "ip-transparent:", to bind to non local addresses + (thanks Arjen Zonneveld). + - RRtypes ASFDB, RP, RT should not compress dnames (thanks Peter + van Dijk). + +19 April 2013: Wouter + - own snprintf, fix use of snprintf return value (in debug print). + +18 April 2013: Wouter + - fix bug #491: pick program name (0th argument) as syslog identity. + +9 April 2013: Wouter + - Bug #494: Exit with return code 1 if socket code fails. (from 3.2) + - Fix B64_NTOP replacement definitions in configure.ac. + +26 March 2013: Wouter + - update lookup3.c with better endianness detection. + +25 March 2013: Wouter + - faster nsec3 updates. + - Fixup contrib/bug390.patch for 4.0.0b4. + - remove leak of nsec3. + - allocate radixtree in region for small (5%) total savings and + about 15% savings in the radixtree itself (due to many small alloc + savings in region). + +22 March 2013: Wouter + - use less memory for non-nsec3, nsec3tree. + +18 March 2013: Wouter + - update nsd-mem with pretty printout and RRL count. + +14 March 2013: Wouter + - Fix memory statistics in nsd_munin_. + +8 March 2013: Wouter + - nsd-mem tool initial commit. + +7 March 2013: Wouter + - notify information is logged at correct verbosity level, 1. + +5 March 2013: Matthijs + - Add hash to rrl bucket + +5 March 2013: Wouter + - Fixup the growth and shrinkage of nsd.db. This should use less + calls to remap and change the file and mmap size. + +15 February 2013: Wouter + - Fix compile on bigendian netbsd alpha. + - Fixup tests for older dig (check if +noedns option is supported) + +11 February 2013: Matthijs + - Fix outgoing-interface: Don't fail if family is IPv6 but + only IPv4 outgoing-interface is set, or vice versa. + +11 February 2013: Wouter + - fix tcp zonetransfer pipeline lookup function. + - remove compiler warning for memset from tsig read. + +7 February 2013: Wouter + - detect endianness in lookup3 on BSD, patch from Brad Smith. + - nsd-control verbosity prints out verbosity level without argument. + - nsd-control status prints out ratelimit if ratelimit is enabled. + +5 February 2013: Wouter + - Fix that old zonefile does not override newer AXFR for slave zones. + - Nicer printout of notify. + - beta4 + +4 February 2013: Wouter + - Fix AXFR of NSEC3 slave zone. + +1 February 2013: Wouter + - Less printout of 'bad transfer'. + +31 January 2013: Wouter + - Fix that nsec3 zones are precompiled when read from udb. This + caused assertion failures. + - Fix is_apex flag for zones read from udb. + +29 January 2013: Matthijs + - RRL documented in nsd.conf.sample + +29 January 2013: Wouter + - printout log less verbosely, not every axfr packet. + - remove printout of "bad transfer" to the log for notimpl. + - fixup tests for new netstat and new netcat. + +25 January 2013: Wouter + - fix gcc warning, do not use uninit value for rng init. + - fix zonefiles-check: entry in nsd.conf + - remove -fwhole-program gcc flag usage. We cannot reliably detect + if it works without failure. + +23 January 2013: Wouter + - beta3 + +22 January 2013: Wouter + - Fix time calculation of zone transfer. + - log ip address with tcp failure. + +21 January 2013: Wouter + - Improve tabs in sample nsd.conf for different tabsizes. + - Fix segv if xfrdir does not exit. + - create xfrdir on make install (does not remove on make uninstall, + because this could be /tmp). + - do not leave task files in /tmp if nsd fails to startup because + of file permissions. + - do-ip4 and do-ip6 nsd.conf options just like unbound. + - fixed testset for dig9 default with edns. + +18 January 2013: Wouter + - Fix configure for gentoo gcc and headers. + - List libevent in README. + - Tabs and spaces nicer in nsd.conf.sample. + - Fix spurious assertion failure for some rrl blocks. + +16 January 2013: Wouter + - Added zonefiles-check option, default yes, check mtimes of zone files + on sighup and startup (from Robin Hack). + +15 January 2013: Wouter + - documented that the _implicit_ pattern names are used internally. + +10 January 2013: Wouter + - updated RELNOTES. + - applied patch from Robin Hack to remove double pid file truncation. + - repattern is called reconfig (because most config options are + picked up, except for superuser options (chroot, logfile, port)). + - document that the zonefile attribute can be empty. + +9 January 2013: Wouter + - 4.0.0b2 is beta2 version tag. + +8 January 2013: Matthijs + - Merge changes from 3.2.15 with trunk: + * Update docs: CREDITS, NEW-CFG-OPTION, REQUIREMENTS, + RELNOTES, TODO + * Update dname_test.tpkg test. + * TSIG init only fails if no digests at all can be found. + * Remove unused tsig_get_algorithm_by_id code (was used by + nsd-xfer). + * Fix some fd leaks. + * Bug #485: Fallback to DEFAULT_TTL if MSB is set. + * Fix RCODE when xNAME loop final answer not exist to NXDOMAIN. + +8 January 2013: Wouter + - Fix make outside of source directory. + +7 January 2013: Wouter + - fixed uninit variable for empty zone axfr request + - fixed alloc of acl options for config zones so they can be deleted. + - fixed that pattern name is copied, so that patterns stay the same. + - repattern also rereads the zones in the config file and applies that + to the running server. + +21 December 2012: Wouter + - --with-logfile sets the logfile inside the example documentation. + - Fixed addzone and delzone inside chroot (thanks Will Pressly). + +19 December 2012: Wouter + - Fixup for libevent-2.1.2. + +18 December 2012: Wouter + - makedist makes sha256 for tarballs. + - nsd-control start runs an absolute path to start sbin/nsd. + +17 December 2012: Wouter + - Fix for use with libev (no use of event.ev_flags). + +12 December 2012: Wouter + - 4.0.0b1 is beta1 version. + +11 December 2012: Matthijs + - Better ILNP RR parsing (thanks Stephane Bortzmeyer). + +11 December 2012: Wouter + - fix libevent=no signals on Solaris. + - Fix handle of activated zones from timeout event. + - contrib/nsd_munin_ updated with memory lookup for BSD. + +10 December 2012: Wouter + - implement --with-libevent=no. + +10 December 2012: Matthijs + - Bug #483: Better error messages for TSIG errors. + - RFC 2845: If BADKEY or BADSIG, RCODE should be NOTAUTH. + Also, continue TSIG verification if NOTAUTH. + +7 December 2012: Wouter + - stable pidfile, xfrd is process leader and forks server-parent. + +5 December 2012: Wouter + - NSD4_imp_6 tag. + - trunk has imp_7 implementation. + +4 December 2012: Wouter + - NSD-RRL documented in manpage. + +3 December 2012: Wouter + - Fixup exit of server-child while notifies are incoming. + +28 November 2012: Wouter + - RRL implements classification type RRSIG. + +26 November 2012: Wouter + - Fix to make nsd.udb portable between 32bit and 64bit machines. + - Fix to make udb mmap work for FreeBSD8 when it grows significantly. + +23 November 2012: Wouter + - Fix compiler warnings and fix blocking pipes. + - default tcp-count set to 100. + +21 November 2012: Wouter + - Implement rrl log of unblock for collision. + - imported TLSA and ILNP support from NSD3. + +19 November 2012: Wouter + - Fix bug 480: libevent use when tcp-count is hit caused hang (in NSD4). + +9 November 2012: Wouter + - Log when NSD-RRL stops a stream from being blocked. + +8 November 2012: Willem + - Fix AXFR. Loop through the zone to transfer only. + +2 November 2012: Wouter + - Fix bug 478: declaration after statement (for gcc 2.95). + +1 November 2012: Wouter + - Fix default settings for RRL. + +30 October 2012: Wouter + - review fixup of RRL SLIP response. + - RRL uses dev/random at start, nonRRL does not. + +26 October 2012: Wouter + - nsd-control repattern also changes rrl-ratelimit and whitelist limit. + +17 October 2012: Wouter + - Fix alignment problem in zone transfer pipeline code. + - Fix random generator generating negative. + - Fix udb radtree strspace creation bug. + +15 October 2012: Wouter + - Fix activated zone does not interrupt transfer. + - Log of connection failure for zone transfer is neater. + +12 October 2012: Wouter + - Fix invalid time argument in nsd control (for OpenBSD). + +11 October 2012: Wouter + - Fix build on OpenBSD (Thanks Oliver Peter). + - tpkg for RRL. + +10 October 2012: Wouter + - implement nsd-checkconf option use of rrl-whitelist. + +9 October 2012: Wouter + - with --enable-ratelimit you enable ratelimiting, with verbosity 2 + it logs what is ratelimited for operational inspection. + - unit test for rrl. + - rrl uses mmap to save state across reloads. + - rrl enum and u16 flags (dnskey type). + - rrl whitelist and config. + +8 October 2012: Wouter + - Sync with unbound lookup3, has raninit value. + +5 October 2012: Wouter + - fix bug with event loop in zone transfer pipeline. + - close xfrd_sock_p in server_child because otherwise due to use of + kqueue, it gets a broken pipe when that process exits (on FreeBSD). + +4 October 2012: Wouter + - Fixup no use of internals ev_flags of libevent. + +1 October 2012: Wouter + - fix xfrd tcp skip. + +21 September 2012: Wouter + - tzset before chroot for correct timezone (from Camiel Dobbelaar). + - pipeline support for AXFR and IXFR tcp queries. + +11 September 2012: Wouter + - writev support for TCP. + +28 August 2012: Wouter + - TXT records with components longer than 255 fail to parse, + but without segfault, it continues processing with non NULL value. + +27 August 2012: Wouter + - libevent in server_child. + +21 August 2012: Matthijs + - Fix bug#464: Conditionally define MAXHOSTNAMELEN + +20 August 2012: Wouter + - Fix hang on exit in xfrd. + - optimized socket counts for zone transfer speed. + +13 August 2012: Wouter + - Fix xfrd libevent events. + +10 August 2012: Wouter + - libevent in xfrd. + +26 July 2012: Yuri + - Prioritize notify sender for requesting XFR. + (thanks Ilya Bakulin) + +19 July 2012: Willem + - Fix for VU#624931 CVE-2012-2978: NSD denial of service + vulnerability from non-standard DNS packet from any host + on the internet. + http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt + +18 July 2012: Wouter + - Fix bug#460: man page correction - identity. + +9 July 2012: Wouter + - delete temporary transfer files on exit of xfrd and reload. + - when tasks are applied, reload checks if it must exit between + tasks, so that it can quickly exit when NSD is told to quit. + - fix bug in apply_xfr that must use an udb_ptr because it shifts + when new allocations are made. + +6 July 2012: Wouter + - add xfrdir: "/tmp" option and configure --with-xfrdir="/tmp". + The nsd.task files and a subdirectory for zone transfers are + created there. + +2 July 2012: Wouter + - fix checkconf unit test and add test for backwards compatibility + for difffile: "x" statement. + +29 June 2012: Wouter + - Implemented /tmp/nsd.xfr.xxx/ to replace ixfr.db. So that nsdc + patch is no longer needed. + +8 June 2012: Wouter + - Fix tpkg test cutest_qroot and rr-test for printout of algorithms + as numbers, and copy of DO flag to the answer. + - pick up fd fix from 3_2 branch: Some more fd >= 0 to fd != -1 fixes + +31 May 2012: Matthijs + - Sync with 3.2 branch + +24 February 2012: Wouter + - Fix for qtype ANY for a wildcard domain in NSEC signed zone. + +9 February 2012: Wouter + - Update acxnlnetlabs.m4 version 21, fixed MEMCMP_BROKEN #undef line. + +23 January 2012: Wouter + - remove clang security warning about %n in format string. + +20 January 2012: Wouter + - Fix bug #430: segfault when MAX_INTERFACES set to more than 65K. + - Fix configure for OpenIndiana sunos 5.11, acx_nlnetlabs.m4 update. + +12 January 2012: Matthijs + - Fix bug #421: truncate pidfile on shutdown, before unlink. + +10 January 2012: Wouter + - removed unused variables. + +10 November 2011: Wouter + - acxnlnetlabs.m4 updated to version 16, better lto check (a.out drop). + +3 November 2011: Wouter + - fflush zonelistfile after zone add or delete. + +1 November 2011: Wouter + - Fix -flto detection for llvm compiler on Lion. + +10 October 2011: Matthijs + - Don't clear the AA bit if there is an authoritative CNAME in the + answer section (as shown in RFC 1034, Section 6.2.7, 2nd example). + +10 October 2011: Wouter + - squelch EPIPE when writing AXFR, enable with verbosity 2. + +26 September 2011: (Matthijs, from NSD3_2 branch) + - Copy the DO bit to the response. + - Don't return SERVFAIL on a domain that looks like a NSEC3 + domain but is actually a empty non-terminal. + +19 August 2011: Wouter + - Fix segfault if no logfile is used. + +5 August 2011: Wouter + - Fix make from repeating action already taken. + - Fix compile without openssl. + +3 August 2011: Wouter + - silence 'Broken pipe' messages in log (visible with verbosity 2). + - fix makedist.sh for removal of patch, notify, xfer. new nsd-control. + - tag 4.0.0-imp-5 created. + - trunk is 4.0.0-imp-6 under development. + - added nsd_munin_ script for statistics monitoring to contrib. + +2 August 2011: Wouter + - fix compile on Ubuntu 11.04 systems, detects cc system header issue. + +1 August 2011: Wouter + - fix checkconf test for remote control options. + - fix warning on Ubuntu 10.04, fix autoconf 2.68 warning on NetBSD. + +29 July 2011: Wouter + - zones with no zonefile are not written to text (assumes you can + get AXFR and IXFR for the contents). They are stored in nsd.db. + - test for repattern. + +28 July 2011: Wouter + - nsd-control repattern reads TSIG and pattern configuration. + +25 July 2011: Wouter + - fixed tests for removed tools from nsd, with replacements. + replaced nsd-patch with nsd-control write. replaced nsd-notify with + ldns-notify. replaced nsd-xfer with dig -t axfr. + - fix for xfrd restart if crashed. xfrd knows if a reload is + active at that time so it cannot start another one at the same + time. New shortsoa track for start that does not use taskdb + in use by reload. taskdb in use by crashed xfrd is recreated, + in case it is corrupt. This keeps the nsd.db intact, keeps + reload running with its updated and keeps service from the + server processes active. + +22 July 2011: Wouter + - added contrib/nsd.init (nsdc.sh that only does start,stop). + - removed nsdc.sh, nsd-xfer, nsd-notify, nsd-patch. + for rc.d: contrib/nsd.init, or platform specific init script. + nsd-xfer: see nsd-control transfer, or force_transfer. + nsd-notify: see nsd-control notify. + nsd-patch: see (cron job to) nsd-control write. + +21 July 2011: Wouter + - nsd-control notify, transfer and force_transfer. + - fix for bug in write and reload zone option. + - nsd-control zonestatus command. + +20 July 2011: Wouter + - reload can be given optional zone argument. + - nsd-control reopen_logfile. + - nsd-control write changed zonefiles. + +18 July 2011: Wouter + - Fix xfrd activation of zones to not break running zone transfers. + +13 July 2011: Wouter + - fix that signal causes stats to be printed to log. + - fix stats without remotecontrol. + - ignore notify and soainfo for deleted zone, if due to race they + arrive after the deletion. + - tpkg test for nsd-control, addzone and delzone + +5 July 2011: Wouter + - fix link to ssl with FreeBSD make. + +1 July 2011: Wouter + - fix optimize compile to link with ssl. + +29 June 2011: Wouter + - nsd-control delzone zone. Removes zone from zonelist. + - stats includes number of zones. + - RAXFR stat, which has not worked since NSD 1.2.4, reinstated. + - print more memory statistics, for xfrd and config. + +28 June 2011: Wouter + - nsd-control addzone zone pattern. Adds new zone, slave or master. + +27 June 2011: Wouter + - nsd-control stats and stats_noreset (if enabled at compile time). + nsd does not print statistics to logfile if period is 0. + +23 June 2011: Wouter + - -flto check supports clang compiler. + +22 June 2011: Wouter + - remote control, config, client, setup and status command. + - reload nsd-control command. + - stop nsd-control command. + - verbosity nsd-control command. + +14 June 2011: Wouter + - Fix to have no authority NS set processing for CNAMEs. + +9 June 2011: Wouter + - fix bug that relptrs have to be initialized with rel_ptr_init() when + created and zeroed with rptr_zero before deletion. + - tag 4.0.0-imp4 created + - trunk is 4.0.0-imp5 under development. + +8 June 2011: Wouter + - nsd reads the zonelist file on start. + - updated acx_nlnetlabs.m4 to version 11. + - configure checks size of off_t and increase region-allocator + alignment to 8 if it is 64bit and alignment at 4. + - fixed bug where not all references were removed before mmap was + synced to another process. + +7 June 2011: Wouter + - code to add and remove zonelist entries, and unit test. + +6 June 2011: Wouter + - fix unit tests for mmap with TODO and removal of -f in nsd-patch. + - zone expiry is communicated via the mmap, and not via the pipes, + simplifying the code significantly as well as making a large number + of zones more feasible. + +1 June 2011: Wouter + - mmap used for parent-xfrd communication of tasks and task results. + SIGHUP is sent to xfrd so it can become a task in the normal + workflow. This can process about 4500 zones per second (this was + with lots of debug prints per zone, in debug compile). The mmaps + are file-backed with /tmp/ files. They are removed on a clean exit. + - nsd.db and tmp mmaps are created with mode 0600 for safety. + - updated flag removed, nsd-patch always in -f force mode (-f removed) + and writes all zones always. Its role is taken over by task results. + +30 May 2011: Wouter + - Fix Makefile for U in environment, since wrong U is more common than + deansification necessity. + +27 May 2011: Wouter + - xfrd is forked before the database is read in, thus it does not + consume the memory of the database. It can be reforked on a crash, + which is like the current case. Difffile is cleaned by main process + and the soa serials are all sent via pipe instead of via forkmem. + +24 May 2011: Wouter + - implemented patterns in the nsd.conf file. + they can be instantiated with include-pattern: x. + existing zone definitions keep working (backwards compatible), such + zones really have an implicit pattern and cannot_delete flag set. + - work on zonelist read and storage. + +20 May 2011: Wouter + - from NSD_3_2 branch the fix: bug if the zonefile is changed for a + secondary but stored transfers are applied, and stop ixfr to empty. + The zone is flagged with error, and the good zone is still in nsd.db + for NSD4. + +17 May 2011: Wouter + - unit test for code coverage on nsec3 ixfr. + - tag 4.0.0-imp3 created + - trunk is 4.0.0-imp4 under development. + +13 May 2011: Matthijs + - Fix bug #381 - Binary escaped and transfers. + +13 May 2011: Wouter + - Unit test nsec3 salt change and fix for sanity check of nsec3 chain. + pretty prints the nsec3 parameters if verbose. + +12 May 2011: Wouter + - more unit test for nsec3 precompile changes. + - unit test for salt change, rehash in udb fix, remove last NSEC3 + from chain works, NSEC3PARAM RR fixed up if RR added or removed + from NSEC3PARAM RRset, hashtrees cleared properly, precompile clear + more thorough (not dependant on nsec3_conditions). + +11 May 2011: Wouter + - fixes for nsec3 precompile code: precompile for empty nonterminals + created when an RR is added. If SOA removed, precompile stays + coherent even though domain_find_zone no longer returns correct zone. + +21 April 2011: Wouter + - unit test and fixes in nsec3 precompile code. + +20 April 2011: Wouter + - incremental NSEC3 precompile. + +14 April 2011: Wouter + - remove chnum. Added numlist sorted by domain.number. + domains that are not used are removed. + +13 April 2011: Wouter + - Fix is_existing flag for ENT when domain that has a shared ENT + is deleted by IXFR. + - zonec can parse strings with RR in it. + - unit test for namedb. + +8 April 2011: Wouter + - porting complete. + - tag 4.0.0-imp2 created + - trunk is version 4.0.0-imp3. + +7 April 2011: Wouter + - ported to sunos 4.1.4, the unit test works (udb, radtree in mmap). + +6 April 2011: Wouter + - UDB_CHECK is enabled if --enable-checking is used. + Because it checks the pointer-administration lists it slows down. + - udb-inspect has feature -l that lists zones (and RRs) in nsd.db. + - fix memory leak by zonec; the region_cleanup triggers too late. + - set listen TCP_BACKLOG to 16 by default, it avoids connect reset + by peer in 1000-zones transfer on an ultra10, thus for many-zones. + - default xfrd-reload-timeout to 1 second. + +5 April 2011: Wouter + - Fix uninitialised value in xfrd nsd_soa, the rdata_count. + - Unit test for update of the nsd.db with new contents. + - Fix array bounds check in radtree-search function. + +4 April 2011: Wouter + - removed zonec from tests. fix unknown_rr test, enable ipseckey test. + increased timeouts on tests that are hard on the filesystem. + - Fixed IPSECKEY printout by nsd-patch. + +30 March 2011: Wouter + - nsd edits nsd.db for IXFR and AXFR messages. since xfrd already + checks zone transfers completely for syntax those errors cannot + happen, if they do (memory, disk error) the file is left dirty, + to be recreated on the next start (and the process dies). + +29 March 2011: Wouter + - nsd recreates nsd.db if it has not been closed properly or is + corrupted (bad header or wrong file format). + +28 March 2011: Wouter + - NSD without zonec. NSD loads zonefiles on start. + NSD stores NSEC3hashes on disk. + +25 March 2011: Wouter + - Fix bug #365, you can set NSDC_ZONEC_VERBOSE and NSDC_PATCH_STYLE + in the environment where nsdc runs. + - Fix bug #375, typos in nsd.conf.5. + - First step of bug #369: RRSIG DNSKEY sets zone to be treated DNSSEC. + - Fix bug #302, nsd accepts XFR but refuses to re-read the slave zone. + - NSD4 work: removed zonec, nsdc patch does not write text files + for slave zones (as if option is always to binary, this capability + returns later), nsdc patch deletes the ixfr.db. + kill-HUP rereads zone files that have changed. + +24 March 2011: Wouter + - compile fixes for BSD. preserve RRset order. + +23 March 2011: Wouter + - udbzone, store and read zone data in the random-access udb format. + +21 March 2011: Wouter + - udbradtree works. udb-inspect tool can print radtree details. + +16 March 2011: Matthijs + - undo fix bug#325: messes up dname compression + +14 March 2011: Wouter + - udb code added. uses lookup3 from unbound (public domain). + - unit test for radix tree in cutest. + - unit test for udb in cutest. + - udb-inspect tool to printout internals of udb files. + for debug, not installed or built by default. + - removed --disable-radixtree option. + +11 March 2011: Wouter + - Removed precompile features, speed gain took too much memory. + - domain number to size_t. + +9 March 2011: Wouter + - DNAME synthesis of CNAME. Uses TTL of the DNAME record. + - nsec3 and wildcard code. No additional section for wildcards. + Also CNAME and DNAME replies contain only that record (and synth + CNAME), the chain is not followed. + +8 March 2011: Wouter + - precompile work: + class ANY gets AA flag, SOA and type-NS processing, just + like BIND (9.6) and it simplifies processing for NSD. + other than compression difference (precompile compresses smaller), + there are no differences in a 49000 query testset against the root, + without EDNS. + +7 March 2011: Wouter + - check chown value and report high verbosity its error. + +3 March 2011: Matthijs + - fix #bug352: fix hardcoded paths in manpages. + +2 March 2011: Matthijs + - fix #bug354: make realclean cleans too much + - added make devclean for cleaning up autoconf and automake stuff + - Fix hardcoded paths in nsd.conf.sample and nsd.conf.5 + +24 February 2011: Matthijs + - fix #bug350: refused notifies should log client ip. + +2 March 2011: Wouter + - Fix AXFR service with radix tree. + - cutest for speed of answer encoding, and format of answers for root. + +1 March 2011: Wouter + - after merge, remove double -I. from makefile. + - radixtree is default. Nicer makefile and no warnings from unused + flex functions. + +1 March 2011: Wouter + - merge with trunk r3181: + 24 February 2011: Matthijs + - fix #bug350: refused notifies should log client ip. + 24 February 2011: Wouter + - fix bug#362: outgoing-interface and v4 vs. v6 leads to spurious + warning messages. + - fix bug#363: nsd-checkconf -v does not print outgoing-interface ok. + - fix that nsd-checkconf -o outgoing-interface omits NOKEY. + 23 February 2011: Wouter + - fix for bug#357, make xfrd quit with many zones. + +23 February 2011: Wouter + - Merge trunk r3151. + 22 February 2011: Matthijs + - Patch Jakob Schlyter (setusercontext before chroot). + 18 February 2011: Wouter + - overhaul of testset, with port uniqueness and fast start and stop. + 11 February 2011: Wouter + - added test case to do with bug357. + 24 January 2011: Matthijs + - Patch Tom Hendrikx (only errors to stderr when doing nsdc patch). + +17 February 2011: Wouter + - Fix leak of compressiontable when the domain table increases in size. + - added test case to do with bug357. + +10 February 2011: Wouter + - Merged with trunk r3115 changes: + 20 January 2011: Wouter + - Fix on shutdown, then getaddrinfo acquired data uses freeaddrinfo. + 19 January 2011: Wouter + - Bug #348: no -I/usr and -L/usr for libcrypto in /usr. + 5 January 2011: Matthijs + - Fix nsdc update and nsdc notify + - Force outgoing interface to be a single range acl + - Update documentation about acl options + - Code review + - Fix nsdc so it can use hmac-sha* tsigs + - Bug #347: NSEC3 nodata QTYPE=DS not at delegation mismatch + 4 January 2011: Yuri + - Doc spelling error, bug#345 + 15 December 2010: Wouter + - fix race condition when nsd is stopped while a reload is in + progress, often when rc.d does nsdc patch; nsdc stop in sequence. + reload is now signalled to stop too. + 10 December 2010: Matthijs + - fix bug#306: applied documentation patch + - fix bug#253: now also for QTYPE=DS. + 12 October 2010: Wouter + - Fix compilation on SunOS4. + 24 September 2010: Matthijs + - Bug #328: nsd-checkconf overrun + 1 September 2010: Yuri + - Support for huge TXT records. + 23 Aug 2010: Wouter + - fix bug#325: remove stale files from cvs from repo. + 16 Aug 2010: Yuri + - zonec, MAXRDATALEN check was off by one. + 9 Aug 2010: Matthijs + - nsdc return 1 outside function, should be exit 1 + - Bug #320: arc4random + 2 Aug 2010: Matthijs + - Bump to 3.2.7. + 21 July 2010: Wouter + - NUM_RECV_PER_SELECT 100 implemented, configure check if kernel + supports this. + +17 January 2011: Matthijs + - Bump to 3.2.8. + +5 January 2011: Matthijs + - Fix nsdc update and nsdc notify + - Force outgoing interface to be a single range acl + - Update documentation about acl options + - Code review + - Fix nsdc so it can use hmac-sha* tsigs + - Bug #347: NSEC3 nodata QTYPE=DS not at delegation mismatch + +20 July 2010: Wouter + - Branched from trunk. Added radix tree. + - use -fwhole-program if gcc supports it. + +19 July 2010: Matthijs + - fix bug#314, NSEC next field now correctly escapes spaces. + Also fixes label overflow issue. + - Put back HAVE_SSL. + - Code reviews. + - Add donor text. + +6 July 2010: Wouter + - Compiles on Minix 3.1.7; checks ss_family, suseconds_t, some + warning fixes. Needs socketpair to work, e.g. + http://wiki.minix3.org/en/SummerOfCode2010/UnixDomainSockets. + +2 July 2010: Wouter + - Put back CHECK_SSL in configure (removed with disable-tsig). + +17 June 2010: Matthijs + - Expand command line option '-a' and config option 'ip-address:' + with port number. + - Removed --disable-nsid, --disable-dnssec, --disable-tsig + +14 April 2010: Matthijs + - Bump to 3.2.6. + +14 April 2010: Matthijs + - uintptr_t fallback value to void* + - Backwards compatibility for MAP_ANONYMOUS + - Tag 3.2.5. + +31 March 2010: Matthijs + - Commit b64_pton optimalized compat code (Martin Svec). + - Commit (experimental) mmap-alloc-namedb patch (Martin Svec). + - Commit parse-token-leaks patch (Martin Svec). + +27 March 2010: Wouter + - fix bug#303: misspelled error message. + +19 March 2010: Wouter + - documented nsid: "hex string" setting in nsd.conf.sample. + +24 February 2010: Matthijs + - nsid: option + - Enable NSID support by default + - --with-chroot configure option + - Less stupid chroot error handling + +15 February 2010: Matthijs + - Skip memory cleanup to speed up reload (Martin Svec) + +1 February 2010: Wouter + - compat code for memcmp unsigned comparisons. + +21 January 2010: Wouter + - fixup debug sprintf to snprintf. + +21 January 2010: Matthijs + - Secure string functions, including compat code for strlcat. + - Randomness utility function + - Prepare for default chroot + +6 January 2010: Wouter + - check write errors when marking commit failed when difffile is broken. + +6 January 2010: Matthijs + - Move to 3.2.5 + +23 December 2009: Matthijs + - Store new options in nsd structure. + +22 December 2009: Matthijs + - New options 'ipv4-edns-size:' and 'ipv6-edns-size'. + - Bug 276 + - Bug 286 + - Bug 288 + +21 December 2009: Matthijs + - New option 'tcp-query-count:'. + - New option 'tcp-timeout:' and configure option '--with-tcp-timeout'. + - New zone option 'notify-retry:'. + +11 December 2009: Wouter + - Disable UDP IPv4 DF flag on Linux/FreeBSD/AIX with socket option. + +20 November 2009: Matthijs + - NSID bugfix: NSD did not recognize NSID in the query. + +9 September 2009: Matthijs + - DLV support + +18 August 2009: Matthijs + - Bug 269. + - Typo: logincap.h -> login_cap.h + +12 August 2009: Matthijs + - Maintainers feedback + +10 August 2009: Matthijs + - Code review. + - Also send errors to /dev/null in controlled_stop. + - chown nsd.db + +7 August 2009: Matthijs + - Bug 266: don't have strptime build error + +28 July 2009: Matthijs + - Bug 263: make TSIG algorithms comparison case insensitive. + +23 July 2009: Matthijs + - Patch Paul Wouters for NSD using hardcoded name. + +13 July 2009: Matthijs + - Bug 236: allow RRs before the SOA RR. + - Bug 253: No need for NS RRset in authority section, when returning + final answer for QTYPE=DNSKEY. + +29 June 2009: Wouter + - patch for use of Linux IPV6_MTU option, so that on linux the default + EDNS UDP size advertised becomes 4096 over IPv6. It fragments the + packets using the IPv6 minimum MTU. + +19 May 2009: Matthijs + - Clean up configure script (install hickup) + - Bug 249: Remove unnecessary LLONG_MIN and LLONG_MAX code. + - Replace strtoll code with own strtoserial function. + - Move up to 3.2.3. + +11 May 2009: Matthijs + - Add Off-by-one test + +6 May 2009: Matthijs + - Small fix in SO_REUSEADDR warning log message. + - Off-by-one bugfix (thanks Ilja van Sprundel, IOActive) + +29 April 2009: Matthijs + - A more ensured do_stop (useful fo nsdc restart). + +2 February 2009: Matthijs + - Bugfix #234. + - Bugfix #235. + - Reset 'error occurred' after notifying an error occurred at the $TTL or + $ORIGIN directive (Otherwise, the whole zone is skipped because the + error is reset after reading the SOA). + +2 February 2009: Matthijs + - Bugfix: return BADVERS when EDNS version > 0, instead of 0x1<FORMERR>. + +19 January 2009: Matthijs + - Bug 230: nsd-*: use stdout for non-error output (instead of stderr). + - Don't do strptime test when cross compiling. + +17 January 2009: Jelte + - Fix file rotation when no logfile but chroot. + +8 January 2009: Matthijs + - New nsd-patch option -o dbfile (set output.db) + - update nsdc to deal with the new nsd-patch options + - strptime compat fix + +6 January 2009: Matthijs + - New nsd-patch option -s (skip writing zonefiles) + - Removed some region_create memchecks (not needed) + +5 January 2009: Matthijs + - Bug 218 + - Bug 222 + - Replace SHA256_DIGEST_LENGTH with nicer HAVE_EVP_SHA256 + +10 December 2008: Matthijs + - Bugfix: better error message when ixfr.db cannot be read + +18 November 2008: Matthijs + - chown logfile, don't do file rotation if logfile is outside absolute + and outside chroot. + +17 November 2008: Matthijs + - File rotation for nsd.log when owned by nsd (+ tpkg test). + - Only AXFR fallback if master responded NOTIMPL or FORMATERR on IXFR + request. + - allow-axfr-fallback option. + +7 November 2008: Matthijs + - Bugfix: don't fclose if logfile == NULL. + +30 October 2008: Matthijs + - Allow escape characters in literal dnames + - Fix typo in zonec manpage + - Some fixes from code review + +20 October 2008: Matthijs + - Redo bugfix literal domain names in rdata (code adjustment) + - Added tests for case sensitive dns names and "Bug #162" + - Adjust nsd-patch to new ixfr.db format + +14 October 2008: Matthijs + - Only SO_LINGER when outgoing port is set + - Reset diff_skip when a new difffile is created (parts in the difffile + now have a timestamp). + - Undo bugfix literal domain names in rdata (code adjustment) + - Split up dname_parse to parse literal dnames and normalized dnames. + +3 October 2008: Matthijs + - setsockopt SO_LINGER, for portability outgoing-interface (BSD/Solaris) + +1 October 2008: Matthijs + - Configure the source ip-address for notifies by the master and zone + transfer requests by the slave in nsd.conf. + - Previously added source hostname/ip and port configuration for + nsd-notify and nsd-xfer + - Finetuned nsdc for nsdc notify and nsdc update + +29 September 2008: Matthijs + - Bugfix: only normalize domain names in rdatas when rrtype is listed in + RFC 4034, section 6.2: Canonical RR Form. + - Update TODO list + +25 September 2008: Matthijs + - Fix bug where hmac-sha256 was in algorithm table, but could not be + retrieved by name or id. + - Additional arguments for nsd-notify and nsd-xfer: set outgoing + hostname/ip-address and source port. + - Additional TODO entry: optimize code in nsd-* programs. + +8 September 2008: Matthijs + - RFC 4635, bugfix #130: support for hmac-sha1 and hmac-sha256 tsig + algorithms. + - modify and add tpkg tests for hmac-sha1 algorithms. + +2 September 2008: Matthijs + - AXFR fallback when IXFR/UDP failed on all masters + - Bugfix: strip off chroot value in corner cases + - Additional debug and verbose log messages + +29 August 2008: Matthijs + - IXFR allow UDP option + +26 August 2008: Matthijs + - Code layout, additional comments and documentation typo fixes + - IXFR over TCP, no longer UDP + +17 July 2008: Matthijs + - Make the maximum number of interfaces configurable. + - Write pidfile *after* successful server initialization, + instead of writing, and unlink if fail. + +16 July 2008: Matthijs + - Set upcoming release to 3.1.1 + - Wouter: fixed memory leaks that happened on error, mostly on + zone transfer errors. + +11 July 2008: Matthijs + - Avoid race condition in nsdc: let nsd server update pidfile before + closing old parent process. + +8 July 2008: Jelte + - Fixed NSEC3 memory leak in the case NSEC3 is not needed. + +7 July 2008: Matthijs + - Bugfix #191 + +9 June 2008: Matthijs + - When comparing RRs, do not compare TTL values (since the same record + with different TTL values are considered equal). + - Fixup some more unaligned memory access that could occur when + reading ixfr.db. + +19 May 2008: Matthijs + - Do not always log tcp read errors, only when real error or high verbosity + +28 April 2008: Matthijs + - Bugfix #172 (misleading error from zonec) + +27 March 2008: Matthijs + - Port some branch modifications to trunk + +28 February 2008: Matthijs + - Do not answer nsec3 wildcard information when DO bit is not set + +19 February 2008: Matthijs + - Fixed strptime bug (for MacOS Leopard) + +22 January 2008: Matthijs + - Add configuration for chkconfig to control nsd service (bug 164) + +15 January 2008: Matthijs + - Fixed bug 157 where nsd would return FORMERR if edns query is + received with version set to zero and rdlen is larger than zero. + +8 January 2008: Wouter + - no warning about optout records. also no warning about missing + nsec3 records. + - check for hash(apex)==nsec3 with SOA bit was done in duplicate. + - removed old commented out code + - using SOA bit in NSEC3 typemap to detect parameters + - using nonhashed NSEC3 to prove qtype=NSEC3 nxdomains + - prints for debugging. + - nicer comment on nsec3_lookup. + +7 January 2008: Wouter + - Fixup nsec3 tests, they need zonesdir: "." in conf files. + The tests pass. + - configure default is --enable-nsec3. Disabling this will save 20% more + memory (for very large zones). Moved tests to test on commit. + - set RRTYPE numbers for NSEC3=50, NSEC3PARAM=51. + - fixup checkconf test - updated parser lexer gives syntax error + on some garbage instead of parse error. Parselexer is updated for + new options (hide-version, verbosity). + - removed highrange rrtype code. fixup cutest for that. + - speedup of prehash code. + - skip nonexistent domains (operator.example.com). + - skip only-nsec3 domains (that could be 2x speedup) + - skip glue nameserver domains (for TLD with 2 glue per + delegation this is a 3x speedup). + - skip the prehash_domain for delegation points, which saves + another 2/3 hash operations, 3x speedup. + - printout how long nsec3 prepare took (verbosity >= 1). + +3 December 2007: Matthijs + - Fixup bug where data related files are looked up in the wrong + directory when chrooted with chrootdir ending with a slash. + +26 November 2007: Matthijs + - Fixup bug start nsd while already running: do not initialize server, + since it is already running. + +15 November 2007: Matthijs + - Changed man pages format from mdoc to mansun, to support the Solaris OS. + - Better logging for nsd-notify (show 'broken' zone) + +13 November 2007: Wouter + - CREDITS and RELNOTES now in utf-8. + +12 November 2007: Matthijs + - Changed man pages according to bug 162. + +30 October 2007: Wouter + - Fixup for skip after unknown deleted IXFR RR, otherwise processing + would continue at the wrong spot in the packet and process the IXFR + as if it were malformed. + - added unit test for this in long (needs ldns-testns, updated it). + - added unit test for rollback of malformed zone transfers. + Fixup for it, and fixup in ldns-testns to be randomport and + copy id for hex packets. + +29 October 2007: Wouter + - Fixup bug where malformed IXFR replies cause partial processing in + reload (or nsd-patch or nsd-startup). One result is multiple SOA + records in zone apex. Fixup rolls back the zone transfer, and waits + for NSD to try to load again. + +26 October 2008: Wouter + - small fix in descriptive text in sample config for debug-mode. + +9 October 2007: Mark + - Change default location of: nsd.db, ixfr.db & xfrd.state to + /var/db/nsd. + +5 October 2007: Wouter + - Fixup manual page entry for allow AXFR to anyone. + +3 August 2007: Mark + - Report source and zone for denied AXFR attempts. + +25 July 2007: Wouter + - bind2nsd to 0.5.0, fixup of includes, key{} handling. + +19 July 2007: Wouter + - bind2nsd to 0.4.8, fixup of include bug. + +18 July 2007: Wouter + - added contrib for bind2nsd, Al Stone provided an abridged version + that neatly fits for contrib. + +17 July 2007: Wouter + - fixup commithooks. + +16 July 2007: Wouter + - Added reference to http://bind2nsd.sourceforge.net/ to + contrib/README. + +3 July 2007: Mark + - Zone compiler now gives more sane error message when out of + diskspace. + - Fixed a call to drill in tpkg that made a test check bind instead of + nsd. + +2 July 2007: Mark + - Remove last traces of mmap usage. + - Some cleanups in tpkg. + +24 April 2007: Mark + - Added "hide-version" configuration setting. Enabling this feature + stops NSD from answering to CHAOS class version requests. + +19 April 2007: Wouter + - Compiled on minix 3.1.3 and make some adjustments to ease porting. + ECONNABORTED is checked for. sys/select.h included in nsd-notify. + SO_REUSEADDR failure is not fatal. PF_INET compat code added. + If you compile yourself; strptime and socketpair need compat code. + +13 April 2007: Wouter + - Minor tweak to nsec3.c, more elegant handling of malformed nsec3 + records from a zone transfer. + +10 April 2007: Wouter + - Fixup ignored return value in region-allocator. Now returns a NULL + memory allocation failure and leaves region in a consistent state. + +20 March 2007: Wouter + - Released 3.0.5. + - (for 3.0.6) -O2 test for Alpha moved to saner position. + +16 March 2007: Wouter + - port configure to AIX, removed warning on ALIGNMENT in region code. + defined _ALL_SOURCE to get recent C definitions on AIX. + - improved nsec3.h comments. + +22 February 2007: Wouter + - Zonesdir default is now /etc/nsd. + So that the invocation directory is not used to dump files into. + The user can change the zonesdir by editing the config file. + The directory is created by install, if not an error is printed. + - updated tpkg tests to use current dir for testing. + - tcp connections that drop do not spam the log file. + Unless verbosity is set high. + +19 February 2007: Wouter + - Fix empty line printed with warning on 'force zone transfer'. + +15 February 2007: Wouter + - Check for EPROTO definition to compile on FreeBSD4/Alpha. + +13 February 2007: Mark + - Debug flag (-d) behavior changed. Nsd now also forks children when + run in debug mode. + - Added verbosity mode (-V <level>) for extra operational logging. + +8 January 2007: Wouter + - README text on interface configuration added. + +2 January 2007: Wouter + - Fixup accept() that could block due to already closed connection. + Made listen() nonblocking, ignores errcodes that indicate closed tcp. + +29 January 2007: Mark + - Handle the new CERT RDATA types defined in RFC 4398 (submitted + by Mans Nilsson). + - Change nsd-notify retry timer from linear into exponential backoff + (submitted by Mans Nilsson). + - Due to a small bug in a comparison statement, zonec would fail + on the parsing of unknown CERT types. This got triggered by the + first bugfix today, as that one shouldn't have been discovered in + the first place. Took the opportunity to sanitize two other + comparison statements related to strtol(). + +24 January 2007: Wouter + - Tentative change to set UDP sockets nonblocking. Perhaps it + helps Howard. + +19 January 2007: Wouter + - NSEC3 work. prehash printed only once with time taken to prepare. + - prints are now only in DEBUG mode (except errors). + - rr descriptor counts for NSEC3 updated, has an extra field flags. + - now NSEC3PARAMs with flags!=0 are ignored, as per draft-09. + - Fixed where only first NSEC3PARAM was properly detected. + - Added tpkg in manual (because you need to compile with nsec3) + that performs the test queries from draft-09 and checks them. + - Made tpkg to test NSEC3 parameter detection. NSD will skip any + NSEC3PARAMs that don't work until the first working one is found. + Also, this means unknown hash algorithms are simply ignored. + A zone that uses exclusively unknown hash algorithms for NSEC3 + will give errors on loading (or after zone transfer) but NSD + will load and serve the zone (but no NSEC3s are returned). + - added tpkg in manual to test parent side DS answers. + These follow a different code path than child side DS. + - Will allow NSEC3s(and signatures) below a DNAME. + - A query for an NSEC3 ownername will lead to DNAME redirection + as if the NSEC3 did not exist. + - Test package in manual that tests NSEC3 and DNAME in the apex. + - Changed NSEC3 memory requirements from 5 pointers per domain name + to 3 pointers and 2 bits. + - Added jumpstart for nsec3 search, will greatly speed up optout + zone nxdomains. At the cost of one ptr per domain name. + The speedup also speeds up the nsec3 prepare stage. + +18 January 2007: Wouter + - Created 3.0.4 release tag. + - 3.0.5 number in trunk. + - add nsd.spec patch from Farkas Levente to contrib. + - NSEC3 new wireformat and presentation format from draft-09. + +11 January 2007: Wouter + - The message 'server .. closed cmd channel' is now priority INFO. + This to reduce the 'error' amount in the logs. + - On error in a tcp request, set to retry next instead of waiting + for the tcp timeout. + +9 January 2007: Wouter + - TSIG acl matching changed so that NOKEY allow-notify entries match + only queries without a tsig. Otherwise NSD would crash. + This only affects servers that have allow-notify: ip NOKEY and + someone sends a TSIG signed notify from that ip. + - test package for that. + - Fix for reply to notify messages with ANCOUNT wrong. The ack + to notify messages that passed the ACL, and had a SOA in the answer + section of the query, included wrong RR counts in the header. + - test package for notify reply wireformat. + +8 January 2007: Wouter + - ipc_send_blocked will not lead to busy waiting on it, but will block + in select, until SOA_END comes by. + - server_main sends SOA_END if reload crashes, to xfrd. So that xfrd + can set ipc_blocked=0 and can_send_reload=1; and thus resume service, + assuming that the crash was a temporary condition. + This will lead to trying every reload-timeout seconds to reload + if it is a permanent condition. Which is more obvious to the + operator. + - put the error "error: diff: RR ns.kiev.ua. already exists" in + debug mode only. Zone transfers with this error are liberally + accepted, and we should not spam the logfile. + - empty zones will not be retried forever every 10 seconds, + but exponential backoff to a max of every 4 hours. + The exact value is randomised to spread out attempts. + +5 January 2007: Wouter + - Fixed --zonesdir=<path> for configure. The value did not get used + as a default value. Now it is used as a default value. If a + default value is set for zonesdir, you can go to a 'no value + specified' by giving the empty string, zonesdir: "" in nsd.config. + - Fixed checkconf.tpkg for this change. nsd-checkconf will + output zonesdir: "" as this is the default for --zonesdir. + +2 January 2007: Wouter + - Added contrib script from Stephane Bortzmeyer to convert NSD 2 to + NSD 3 config files. Converts secondary zones and TSIG keys. + - Made config conversion script skip empty lines. + - Made config conversion script convert primary zones (and notify). + - Nsdc control script will exit with 'nsd startup failed.' if nsd + fails to start (due to bad config file for example). + +15 December 2006: Wouter + - Removed dlopen() checks from configure.ac, NSD3 no longer has + dynamic plugin support (since 3.0.0). + - added .rpm spec file to contrib. + - Updated README to remove reference to buildzones script. + +12 December 2006: Wouter + - Added missing include to ipc.c to compile on SunOS. + - Cast to avoid signed/unsigned comparison in compat/inet_ntop.c. + +11 December 2006: Wouter + - Added test to check for CNAME and other data error by zonec. + Currently NSEC, NSEC3, RRSIG, SIG, NXT are allowed next to CNAME. + - Fixup unaligned memory access that could occur when reading ixfr.db + with a partial transfer inside. + - RR type WKS (well known service) was not printed correctly, + htons() was forgotten when calling getservbyport. + - NSD does not complain about not being able to read the db CRC + when all that happens is the file became longer or shorter. + +8 December 2006: Wouter + - Moved down max XFRD UDP sockets for zone transfer queries to 100 + down from 300. This makes the total socket max at 200, so it fits + easily under 256 ulimit (a common default). + +7 December 2006: Wouter + - Improved error message to help operator. + - created 3.0.3 svn tag. + - default of zonesdir corrected (no directory is default). + +4 December 2006: Wouter + - updated test packages. Moved 213_large from manual to long. + size_0, source_port_0 made more working (needs root permission). + +1 December 2006: Wouter + - Moved xfrd ipc and reload handlers to front of event handler + lists for a 10% speedup in xfrd. + - Fixed so that NSD no longer interrupts zone transfers when + a notify comes in for that zone. Added package to test it. + - Fixed warning on Solaris 10. + +30 November 2006: Wouter + - Test for fallback in getaddrinfo more portable. + Ported to FreeBSD 6.1 without inet6. + - New quit sync had a problem with blocking in dispatch. Fixed. + - reload will retry quit_sync if nothing happens. + - parent tries to empty the pipes before closing them on quitsync. + - xfrd does not send reload when previous reload request busy. + - netio will only deliver the number of bits from select + and then stop. Optimisation. + +29 November 2006: Wouter + - Fixed getaddrinfo error message to be more descriptive. + - Fallback to ip4 also if getaddrinfo fails for ip6. + - instead of EAI_ADDRFAMILY uses EAI_FAMILY which is portable + to FreeBSD. + - signed/unsigned warning fix for FD_SETSIZE comparison. + - Lots of debug statements and new quit sync feature, where + the server children are synced with. So as not to lose buffers. + +28 November 2006: Wouter + - Debugging 10k zones transfer, set so that zones waiting for a + socket do not get timeouts. + - Debug change so that an event is only returned to one handler + by netio. + Reversed this. Netio will not deliver events you do not listen + to, and since xfrd first listens to write then read, it will + not have problems with stale events (for the fd from the previous + select) because these are always read, while it needs a write. + Re-Reversed it: netio will deliver events only once. + This is easier to understand for the poor hapless developer. + - Need to set notify_current for notify on waiting list. Fixed. + +27 November 2006: Wouter + - Debugging 10k zones transfer, noticed that it is possible for + netio to give a callback for an event that you were not listening + to. Now no longer does that. + +16 November 2006: Wouter + - Bug #153: now checks for FD_SETSIZE when adding fd to select fdset. + - Easy overview of socket allocation for xfrd in xfrd.h + - Upped the default xfrd socket limits a bit. + - Log message that the TCP connection limit is reach is now only + in -L 2 logging. It is spammy. + - updated dependencies. + - Added test for notify-socketcount, and removed unused files from + bug153 test package. + - Notify udp sockets are also capped at a max number. The rest + has to wait in a queue. + +15 November 2006: Wouter + - Fixed bug #152: identity keyword in nsd.conf did not work. + What happened was that the hostname() from the computer + was overriding the nsd.conf identity. Fixed now. + If commandline is given that is used. + Else nsd.conf entry is used. + Else hostname() detected from computer is used. + Else default string "unidentified" is used. + +14 November 2006: Wouter + - Fixed bug where NSD tries to create 10000 udp sockets, + when starting with 10000 secondary zones. Limited to 50 + at a time. The XFRD_MAX_UDP constant controls this. + +3 November 2006: Wouter + - Created tags/NSD_3_0_2_REL. + +2 November 2006: Wouter + - Added pdf for differences.tex for ease of use. + - Updated text in readme on memory usage. + +24 October 2006: Wouter + - Recycle rrset memory after doing special processing on the deleted + rrset data. + - log message clearer for 'duplicate xfr part' to 'discarding partial + xfr part'. + - if you have a server that has IXFR turned off but sends a TC flag + for IXFR queries, xfrd will retry to TCP. This makes the use of + 'AXFR' flag in nsd.conf file not needed in certain cases. + - Be thrifty and save up the memory that was lost at end of chunks + in the recycle bin. Saved 1.3Mb on 170(rrs)/220(total) Mb dataset. + +23 October 2006: Wouter + - Added checks for out of memory in reload (diff file). And it exits + if so neatly. + +13 October 2006: Wouter + - Bug #149: Wrong text for NOTAUTH error code. When notify is not + authorised REFUSED error code returned instead. + +4 October 2006: Wouter + - More fixes from Koh-ichi Ito (kohi@iri.co.jp now), for bug #146, + his bash does not do $(( )), so nsdc.sh has to use test of course. + +29 September 2006: Wouter + - recyclebin works, added a test that uses it (about 3 Mb goes + through the recyclebin). This resolves bug #147. + - Made -L 1 logging is little less verbose (-L 2 gets it all). + - added search path for openssl on Solaris 10 (/usr/sfw). + +28 September 2006: Wouter + - Removed unused global variable current_region, + and routines for it in region-allocator.c and .h. + - Added recycle option to regions. It will keep track of small + objects in a recycle bin. Large objects are deallocated. + No calls to recycle yet, unit test it first. + - added unit test for region recycle. + +27 September 2006: Wouter + - Further suggestion from Koh-ichi Ito, I've set opt->xfrdfile + to XFRDFILE in options_create. So opt->xfrdfile and opt->difffile + are never NULL. This simplifies code elsewhere. + And also handles chroot case (+=l) for default values. + - Fix for bug #145. The skip file position in the diff file was used + inconsistently - one part of the code skipped to before the 'IXFR' + type code and another part skipped to after that. Now all skip to + before the type code. This bug only happens if your diff file + is like: zone1_part1, zone2_part_1, zone1_part2, zone1_commit, + zone2_part2, zone2_commit. The skip over zone1_part1 failed. + - tpkg test in long dir that tests for the bugfix. Takes a long time + and uses ldns-testns feature to wait partway through an AXFR. + - removed debug log of strerror on diff read failure, when the errno + was already output to the logfile (resulting in a nonsense error). + +26 September 2006: Wouter + - NSD compiles on Solaris 10 with the sun cc compiler. + Added a define for _STDC_C99 for that. + - Checked that the patch for solaris for bug 143 indeed fixes the bug. + - Fixed bug #146 reported by Koh-ichi Ito: when chrooted nsd failed + to write xfrdfile/difffile. + +18 September 2006: Wouter + - no queries for NSEC3, RRSIG, ANY succeed for nsec3 only domains. + +15 September 2006: Wouter + - Fixed LOC parsing of integer overflow causing maximum values. + Added to test and backported fix to 2.3.6. + - NSEC3 qtype queries get noerror/nodata or nxdomain answers. + You can query for NSEC3PARAM. + - warnings for printf format on maxOS (sizet needs cast to int). + +13 September 2006: Wouter + - added fsync to AF_UNIX sockets to write last command (QUIT) before + closing them. + - sent explicit QUIT command to xfrd on final shutdown of the server. + +12 September 2006: Wouter + - Bug #144: LOC defaults for unspecified values wrong. Error in zonec. + Set defaults. Also fixed parser if LOC has no minutes or seconds. + - Also fixed rounding error in seconds 0.001 decimal. + - Test tpkg for bug 144. + +11 September 2006: Wouter + - nsdc now more portable in use of 'which'. + Does not only look at exit code but also checks for '^no ' string. + - nsd-patch does a chdir to zonesdir for relative difffile or dbfile + path names. + - nsdc handles zonesdir: for relative pidfile, dbfile, difffile + pathnames. + +7 September 2006: Wouter + - bumped version to 3.0.2. + - Nice configuration error when you had the wrong zone name in the + nsd.conf file. Zonec will give an error already. + - When you start a secondary zone without a zone file, you get + a much nicer error message, warning you of the zone transfer. + - Credits for prerelease testers; Thanks guys! + +6 September 2006: Wouter + - Fixed nsd-patch so that it writes the SOA at the start of the file. + - test tpkg that tests for the bug, has multiple rrsets at zone apex + and does nsd-patch followed by zonec. + Previous tests did not catch this: they used nsd-xfer to test zone + contents, or only checked the zone-file after nsd-patch. + - version number bumped to 3.0.1. + - svn tag 3_0_1 made. + +5 September 2006: Wouter + - differences file improvements. + - created 3.0.0 release in svn tags. + +4 September 2006: Wouter + - From suggestions by Bin Zhang: + - nsdc restart does not fail if nsd was not running. + - fixes to man pages, wrong locations for files. + - NSEC3-PARAM has no optout bit in presentation format. + - NSEC3PARAM spelling. + - differences in latex format (needs nlnetlabs housestyle). + +31 August 2006: Wouter + - Fix for tsig size still set when data is null ptr. + - Fix configure for NetBSD (1.6 - 2.0) to find struct timespec. + - DIFFERENCES file completion. + +30 August 2006: Wouter + - Print error nicely when nonblocking connect fails on systems + in a portable way. + - doc/UPGRADING document to assist NSD 2 to 3 upgrades. + - updates of error print - ignore EINPROGRESS if we check too early. + - wait for select writable before testing for connect error. + - echo "" >&2 is not as portable as we would like, removed from nsdc. + - fixed debug print of a null ptr. + - fixed bug where query for CNAME that points to unserved zone caused + nullptr exception on empty zone ptr. Now original zone is restored + after CNAME-pointed data is added to the packet. + Test in dname.tpkg. Reported by Kai. + - fixed stack corruption when ipv6 disabled. + +29 August 2006: Wouter + - NSEC3 made it so it can handle the case where the NSEC3 RRSET + with the SOA bit on does not have the RR with the soa bit set + as the first RR. + - Handle NSEC3-PARAM type. Checks to see if any of them work: + zone apex hashed exists, with NSEC3 type, and RR that has + the same parameters and the SOA bit set. + - in presentation format of NSEC3, NSEC3-PARAM reversed hash, optout. + - update to the DIFFERENCES file, bind 9.3.2 vs NSD 3 and + NSD 2 and 3 comparisons are completed. + +28 August 2006: Wouter + - echo messages in nsdc made clearer. nsdc notify and nsdc update + only send notify messages to slaves / localhost to force transfers. + - initial NSEC3-PARAM type code entry. parsed, ignored. + +25 August 2006: Wouter + - disabled make test target as tests are not shipped. + - performed prerelease static snapshot. + - updates to the DIFFERENCES document. + +24 August 2006: Wouter + - Fix bug 141 port from 2.3.6, copies behaviour from bind 9.3.2. + - Added a test for bug 141. + - Bug141: save the opcode from the query. + +23 August 2006: Wouter + - Fixed % by 0 exception in the bugfix #139. + - Fixed RFC 4035 says CD flag SHOULD be cleared on authoritative + responses, now NSD clears the CD flag. This is bug #140. + RFC 4035 could be confusing on this, as it states 'all servers + MUST copy the CD bit' more than once, but then makes clear only + recursive servers are meant with that statement. + - Differences document updates for bind 9.3.2 and nsd 3. + +22 August 2006: Wouter + - version number to 3.0.0 in preparation for release. + - Bug #139: resync stats to whole period. Fixed. + +21 August 2006: Wouter + - check for error in ftruncate call. + - replaced fwrite call with write_data call from util that does + error checking. + +15 August 2006: Wouter + - removed unused struct nsd.named8_stats variable. + - Bug #138: nsd aborts trying to bind all interfaces if ip6 is not + enabled, instead it will fallback to ip4. + +14 August 2006: Wouter + - Added test for rollback of an IXFR transfer by xfrd. + - Added test for reload timeout in xfrd, the reload does happen after + a while, but not immediately. + - Test that makes xfrd connect to ip6 address. + - Test that overloads the number of tcp connections in xfrd, + simulating a slow master, so that zones have to queue up to get it. + - code coverage is now 2514 of 10636 uncovered. Still a lot uncovered. + - ixfr queries return NOT_IMPL errors. + +11 August 2006: Wouter + - srandom to init random() in xfrd based on PID and time. + - improved usage() information to be more helpful, and with version. + - in makedist.sh, flex and bison called like in Makefile. + - test for tcp underrun and overrun of the buffer. + +10 August 2006: Wouter + - added more tests to increase code coverage of testset. + - moved acl parsing code from configparser.c to options.c to help + unit testing. + - nsd-checkconf echod wrong difffile filename with -v. + - nsd-patch can now be used with -f to force printing of all RRs. + - TYPE_NULL crashed NSD when it printed it, arg was ZF_DNAME, + now ZF_UNKNOWN. + - unknown rr test was faulty on input, the length was in nibbles + not in octets, but rfc specifies octets for unknown rrs. + NSD does not look at the length, and prints the length correctly. + - added type NXT to the rr-test for weird RRs. + - added printing test to rr-test, ipseckey and unknown-rr tests. + checks if NSD prints the same RR on output as it read in. + - put -x option for nsd-patch in usage(). + - test that kills an nsd child server and checks that it is + restarted. + +9 August 2006: Wouter + - tested nsdc functionality, make install and make uninstall. + - set O_NONBLOCKING on xfrd tcp sockets before the connect call, + because the handshaking can take very long too. + - difffile and xfrdfile set via configure, to absolute pathnames, + so that chroot checks work for them. + - updated tpkgs, they need to set relative paths now for difffile. + - gcov says 2821 of 10617 total code lines are not covered. + compiled with --coverage, not -O2, ran tpkg/* and long/testplan*. + counted grep '#####:' *.gcov | wc and grep '^ *[0-9]*:' *.gcov | wc. + - cleaned up the log functions, NSD no longer spams the syslog with + debug messages. The standard NSD debug util is used, -F -1 -L 2 for + a compile configured with --enable-checking will enable them again. + Errors are logged, as is the automated reload of a new serial. + - tpkgs for bug077 and bug107 were silently failing to test properly. + +8 August 2006: Wouter + - fixes for checkconf test, more portable. + - removed items from TODO that have been tested. + for multihomed servers you have to bind to each interface + explicitly to get outgoing ip-address the same as query + destination ip-address. + Forks and if-existing are tested and ok in testplan tests. + close_all_sockets is called by child, if tcponly, so leave it. + - user name check is hard portably with shell scripts, and + packaging could set a default user that does not exist on a machine. + - empty nodes (nonterminals) give no nxdomain any more (todo item done). + - removed (old) from TODO. + - removed contrib/buildzones.pl, it is outdated. + +7 August 2006: Wouter + - Made the tests a little more portable. + - fixed mempcy unable to handle unaligned memory addresses on Solaris, + used memmove instead of memcpy in zonec LOC conversion code. + - another unaligned memory access, when storing off_t pointer in + difffile.c, used memmove. + +4 August 2006: Wouter + - nsd will start if diff file is corrupt, with a log message. + It ignores the bad data. + - tpkg files do not override PATH, svnhook sets it. So user can + set path to utilities on the system to run the tests. + - running testset on DecAlpha discovered uninitialised variable + in NSD. Fixed. + - Jakob Schlyter asked for building nsd3 in an obj dir, i.e. + mkdir obj; cd obj; ../configure && make. Fixed up makefile for that. + - and bug137.tpkg for separate obj dir building. + +3 August 2006: Wouter + - more tests in mesh test. + - changed test packages to put nsd log to test result "/dev/stdout". + - test packages more portable - use default 'dig' location. + also, path is appended to, instead of replaced. + +2 August 2006: Wouter + - Region can be customised for detailed memory handling. + Especially if you set large_object_size=0, chunk_size=0, + the region will perform individual allocs, and 'save memory'. + The region still keeps tracks of allocations so that at + region_free time all memory is released. + - tsig.region removed, it was not used after attaching a cleanup + at creation. tsig creation uses custom region settings. + - xfrd inits the tsig records with memory saving settings, + so the regions alloced for tsig take up about 60 + 4*8 bytes. + - new custom region for query region - to make chunksize larger + there. The chunksize for the query region is important, if + all allocations for a query fit in it, no mallocs are needed. + - TSIG other_data field size according to RFC 2845 is 0 or 6. + In tsig implementation put a maximum to the field of 16, + otherwise a formerror results. + - query with IXFR appended SOA not formerror. + IXFR queries not reach the handler in axfr.c for IXFR queries. + - removed annoying debug message of added tsig key. + - added test that starts 7 servers in a mesh and lets them fight out + what zones to transfer and serve. + - xfrd logic bug: if notified a slave would not see the renewal + of its current zone. + +1 August 2006: Wouter + - Test for remove domains with IXFR. + - Fix for empty nonterminals and IXFR deletes. + - Test for timeouts, including expiry, and expiry and zone updates. + - Test for axfr refused authorisation. + - Test for deadlock in ipc. + +31 July 2006: Wouter + - Test plan ixfr test in tpkg/long directory. + - IXFR with many packets tested (one RR per packet). + +28 July 2006: Wouter + - tentative change, that preserves ordering of rrtypes for a domain. + - fix for serial rollover (old_serial + 2**31), now works, is seen + as new serial and rolled over to new. + - serial numbers, and time values, printed as unsigned to logfile. + - set so that if info is provided by operator, refreshing state + not expired is used. + - forgot to * a pointer to boolean, is_ixfr in the difffile reader. + This fixes the testplan_ixfr test 1. + +27 July 2006: Wouter + - fixup desc of tsig xfer test, remove debug from xfr_huge. + - fixed compressed dname tables cleanup, to set ptr to NULL. + - initialised xfrd_listener.fd to -1. + - fixed difffile handling of very short AXFRs, with no data. + +26 July 2006: Wouter + - Updated the requirements with comments from Olaf. + - README discourages use of experimental nsec3 rr a bit more. + - typo in DNAME code, used original qname instead of CNAME + adapted qname variable. + - added IPSECKEY RR type, RFC 4025. + - tpkg test with sample ipseckey rrs. + - wireformat for IPSECKEY depends on the value of a rdata atom, added + WF_IPSECGATEWAY to handle that. + - DHCID type, data is encoded in one binary/b64 blob. + +25 July 2006: Wouter + - max number of tries for nsd-notify is 15, so that the + total time for sending is about 75 seconds. + - forward port of fixes for bug 105 and 135 in nsdc. + forward port of test for bug 105. + - fixed nasty bug with configure --prefix=<...> where config.h + was wrong. Now double evaluate the shell expansion on the defines. + +5 July 2006: Wouter + - helped in README with gnu make; need to make clean + so that botched attempts by make to create the lexer files + do not stay around. + - removed %zd, replaced by casts to int. + - updated REQUIREMENTS file, the sections on RR types, on what + algorithm NSD follows and on which RFCs are supported are updated. + +3 July 2006: Wouter + - 'make depend' target in makefile. (updates both Makefile.in + and Makefile, so it works for users and for svn). + - doc minor update. + +2 July 2006: Wouter + - TESTPLAN, README, bugzilla-bugs docs updated. + - NSD for BIND users update. + +29 June 2006: Wouter + - removed --zonesfile nsd.zones configure option. + - doc/README updated for 3.0. + - doc update. NSD_FOR_BIND_USERS document. + - moved from -Ds to the config.h header, cleaner compilation output. + - use autoconfs built in large file support enabler. + +28 June 2006: Wouter + - nsdc neater, checks for BLOCKED ips more strictly. + - nsd -d also disables xfrd forking, and thus all reloads + and secondary zone treatment. Stated so in manual page. + - fixup, apart from ip4 need to allow ip6 in example.conf + line showing how to allow access for everyone to axfr. + +27 June 2006: Wouter + - Fixed read in server.c to be a blocking read for sure, + even if ipc is not blocking on the OS. + - nsd-notify tries to send notify 5 times, then exits with error. + - nsd-checkconf can lookup key secrets by name from a config file. + - difffile option is always set in options struct with default + or config value. + - nsd-patch uses dnames to compare zone names (for trailing .). + - nsdc updated to work with config file. + +26 June 2006: Wouter + - Nicer check in autoconf for struct timespec type. + - NSEC3 next hashed ownername is a length byte followed by data. + - nsd-checkconf more quiet, clearer error message. + - NSEC3 does not complain about glue records without nsec3. + - nsdc work (did start, stop, running, rebuild, restart, reload, stats). + +21 June 2006: Wouter + - nsid commandline parsed using hex_pton routine. + - unit test for hex_pton. + - added include stdlib, needed for free() on sunos4. + - fixup of disable-ipv6 compilation. + - memmove compat implementation (created fresh). + - yy_set_bol() for old flex compat define. + - compat implementation from openssh4.3p2 for + strlcpy, inet_aton, and inet_ntop routines. + - changed ctime_r usage to ctime() call, nsd is not threaded. + - compiles on SunOS4/gcc-2.95. + - debug statements go to the log_msg route instead of the + fprintf route, so they will get to a nice logfile even if + we forked away, with xfrd. logfile=/dev/stderr gives old way. + - minor changes to cutest to make unit test compile + on SunOS4/gcc-2.95, it checks out fine there. + +20 June 2006: Wouter + - updated configure to disable -O2 on platforms where gcc + does not like it (such as dec-alpha). + - nsd-notify used recvfrom and passed addrinfo.ai_addrlen + which is a size_t, but recfrom needs a socklen_t*. On dec + alpha these types differ in size (size_t is 64bit, + socklen_t is 32bit). Therefore, used a wrapper variable + to pass to recvfrom. + - changed long int to time_t in nsd-patch.c to please compiler + on dec alpha. + - dec alpha complains if statements are in front of variable + definitions. Fixed code for some mixups on this. + - Fixup cutest for dec alpha. Code, lowercase filename, %lf->%f. + - cutest fixup uses (size_t) cast and %zx to print ptrs (for debug). + - for SunOS4 configure detects ssize_t and struct timespec. + - removed usage of fpos_t, instead using fseeko/ftello for 64bit. + - configure will define fseeko/ftello with fseek/ftell if unavailable. + - added missing include from buffer.c (stdlib for free()). + - defines for snprintf and vsnprintf in config.h if needed. + - configlexer flex is called more cleanly with -t to write stdout. + - missing include from configparser, stdlib for atoi. + - config.h provide inet_pton define if it is not available. + - fixup of INET6 defines, where sockaddr_storage is used + outside of INET6 defines, in xfrd-tcp. + - edns_init_nsid was not defined in edns.h. + - added compat/fake-rfc2553.c and h from openssh 4.3p2. That has + a BSD license as well. They replace getaddrinfo() (and friends) + when those are missing. + +19 June 2006: Wouter + - updated the tpkg/manual tests for NSD 3 config files. + Some need root privileges to run (using hping), they all pass. + - also the tpkg/long test bug_sighup. + - nsec3 code will warn at prehash time for missing exact nsec3 + records. So faulty signed zones are more easily spotted. + - fixed NSEC3 and CNAME/DNAME chains, it will disprove the new qname. + - removed for() look in CNAME processing, only first CNAME is + processed now. + - zonec will error on a zone with multiple CNAMEs for one name. + +16 June 2006: Wouter + - Swapped read and write ops in xfrd_handle_ipc, so that a read + of a signal from main can stop further writes. + - xfrd will complete its last message before shutting down + the ipc writes and then acknowledge the reload-sync. + This resolves the race where half of ipc messages caused bad + modes from the main. + +15 June 2006: Wouter + - In preparation of notify send overhaul, moved the notify + send code to xfrd-notify.c and h files. + - created cleaner split of notify send and xfr code. + Still in the xfr process, because it is a convenient location. + - fixed bug where notify sending would read from wrong fd. + - send master zone notifies. + Does not skips master zone SOA INFO updates. + - fixed bug where port number acls did not match. + - fixed bug where tsig keys are checked for twice, but not error_code. + - fixed notify send retry counting. + - added test tpkg for notifies from nsd master to nsd slave. + - nsd-checkconf flags if you set allow-notify without request-xfr. + +14 June 2006: Wouter + - fixed crash bug when dnssec/NSEC enabled and query DNAME + target did not exist. + +13 June 2006: Wouter + - created doc subdirectory for documentation. + - removed unused DIFF FILE MAGIC string. + +12 June 2006: Wouter + - dname_test tpkg with very extensive DNAME testing. + - moved sizes of zone_name buffers to 3072 - for escaped names. + - nsd-patch has a debug option to list the contents of the + difffile/ixfr.db/transfer patch log in a journal fashion. You can + then manually inspect the contents. + +9 June 2006: Wouter + - after a reload NSD will report the memory churn: number of bytes + of memory wasted by the zone transfer code. + +8 June 2006: Wouter + - When zone is re-chosen after a CNAME/DNAME no SERVFAIL is set, + noerror is returned instead. + - zonec will error on multiple DNAMEs for the same name. + - zonec will error on DNAME and CNAME together. + - improved loop log message. + +7 June 2006: Wouter + - after DNAME the closest_match is set correctly for another DNAME. + - in case of a loop returns gracefully instead of crash. + - nsec3 checks if it is enabled for the zone for wildcards. + - NSD will give referrals for zone cuts encountered after a CNAME + or a DNAME. This also fixed various subtle stuff with CNAME/DNAME + and TYPE_DS at zone cuts. It basically re-determines the zone + to use after the CNAME/DNAME. + +6 June 2066: Wouter + - zonec checks for data below a DNAME, and will not create the db, + as per rfc 2672. Tpkg test to make sure such a zone is not loaded. + - updated rr-test tpkg so it has no data below a DNAME. + - DNAME synthesis of CNAME records, including compression for cname. + - included cname creation in dname test. + - preallocate the extra temporary domain_type structures. + - too many temp domains returns OK packet so that the resolver + will recurse and ask us again with the last name in the chain. + - fixed bug introduced in preallocation on temp domain numbering. + +2 June 2006: Wouter + - dname_replace function that does DNAME replace and unit tests. + - added error codes from DNSUPD rfc2136 to constants in dns.h. + - in query.c added DNAME following code. + - fixed bug 134: hints[i] in nsd.c to hints[0]. + - added tpkg small test for DNAME. + - tpkg to test bug 134 (starts 100 processes). + +1 June 2006: Wouter + - tsig test with NSD master and NSD slave server. Tsig AXFR transfer. + nsd-xfer used to test slave zone contents. + - fixed bug where buffer_flip() is done before appending tsig rr. + - version printed at start of nsd in logfile. + - xfrd prints name of tsig key used during transfer in commit comments + so it appears in the log file and in zonefile after nsd-patch. + - prints RRs from diff file only if debug level >= 1. + - scalable transfer test xfr_gig added, you can set the size to try + in the .pre file. Now set very small. + +31 May 2006: Wouter + - xfrd check for failed updates. It compares the time it wrote the + commit to disk with the time of the last reload command. + Failed updates are restarted like the zone is notified of the soa. + It also catches reloads that have been lost (reload cmd while reload + is running, or a crashed reload process, for example). + - when reload is issued, times at that second are put back one second, + so that after a reload all the zones that should have been loaded + have a time from before the reload. + - if a reload crashes, NSD will continue with the old database, + xfrd is not informed, since it cannot fix that. + - nsd-checkconf strdups arg strings before writing to it. + - tsig error replies contain error data, but no signature. + also crashproof, badly formatted tsigs get a format error. + - tsig error print knows about DNS rcodes in tsig error field. + - added tpkg tests for tsig. + - tpkg test for nsd-xfer with TSIG from nsd. + - small stuff with makedist.sh, CREDITS, Features, make test. + +30 May 2006: Wouter + - tsig pre-allocs the rr_region, not at runtime, tsig_create_record(). + - redid some region work for tsig. Now has another temporary region + for the context data. User is only aware of the region passed at + start that exists for the lifetime of the struct. + During TSIG checks no more mallocs are done, only region_free_all + and region allocs (of small size). + - checkconf, port is stored as a string. + - tsig now keeps a max_digest_size for giving reserved space. + - AXFR does tsig every 96 packets (and first and last packet). + - tsig signing works for all queries. SOA queries, ... + If you configured the key in the config file, you can use + that key for any query for any zone. + Except for NOTIFY and AXFR queries; those are only allowed for + the zone (and source ip address) which are configured in the config. + - cleaner compile with tsig disabled. + - fixed unknown key error reply in tsig. + +29 May 2006: Wouter + - The nonblocking write routines disable silently if they have + nothing to do. + - put xfrd read/write state routines (almost 500 lines of code) + into xfrd-disk.c file. + - little readme blurb on xfrd state file for the operator. + - put ipc code in its own file for ease of reading. + - removed --disable-axfr, you can control this via acls. + With no provide-xfr: statements, a zone will not do axfr. + +25 May 2006: Wouter + - fixed reload sending; it checks for EAGAIN and EINTR. + - reload sends parent quit command blocking to make sure of arrival. + - send_children_quit in parent uses nonblocking writes and closes + the pipe to signal the child to quit (even if the write does not + come through, the closed pipe will cause the child to quit). + - need_to_send_STATS flag in parent. + - reload has its own ipc-listening handler in server_main. + - nonblocking writes for server_main; this solved write-blocking race. + - another race condition solved, if a process dies, half a read or + write buffer could be left behind on another process. These are + dropped. Now: + * The server_main drops ipc from dead children. + * The server_main drops ipc if xfrd dies. + * The server_main drops xfrd(old) and all children ipc + on reload. + * The xfrd drops ipc to parent on a SOA_BEGIN from reload. + So after reload, but parent and xfrd start with + clean ipc buffers. + +24 May 2006: Wouter + - unit tests print progress while running to stderr. Included license + of cutest with its source in svn repository. + - stack type (for the IPC buffer of zone update dirty). And unit test. + - only update zone-is_ok if needed to reduce memory copy on write. + - split off conn_write() from xfrd tcp nonblocking write routines. + - nonblocking writes for xfrd. + +22 May 2006: Wouter + - ported over minor nits from 2.3.5 NSD fixups. Cast to (void) + unused function return values. + - removed kill signal to children, superfluous due to quit cmd ipc. + - moved is_ok for zones to the zone_type in namedb, not in + the options, it is a runtime value not a config value. + For zones that have no data, parent and children keep no state. + +12 May 2006: Wouter + - fixed up usage print for zonec to include -f option. + - xfrd send notifies. + - server no longer sends SOA INFO for master zones. + - removed possible debug log print of a null string. + +11 May 2006: Wouter + - nsd.conf.sample shows defaults for ip4-only, ip6-only and debug-mode. + - SOA_BEGIN message on start of reload sending soa info so that + xfrd will not reply with expire-notifications and thus deadlock + both on blocking writes (and no OS buffer on the pipes). + +10 May 2006: Wouter + - nsdc.sh is set +x after creation. + - improved error message when zone in db has no config info. + - support for broken nsec3 chains (if the one with the SOA bit + is complete, it is OK for there to be other nsec3 chains + with different parameters in the zone). + +9 May 2006: Wouter + - Fix for finding bad zone when populating SOA info on start. + it would find a parent zone instead of the zone in question ( + which is empty). + - request-xfr: AXFR 10.0.0.153 keytouse syntax to interoperate + with NSD machines. Will only send AXFR queries to the machine. + - documented AXFR option in nsd.conf.5 manual page, + and updated nsd-checkconf, nsd.conf.sample. + - made 'skipping zone' log entry clearer (Sam Weiler asked). + +8 May 2006: Wouter + - updated zparser.y to handle empty nsec_seq lists. + for empty nonterminals in NSEC3. + - nicer without ambiguous grammar. + +5 May 2006: Wouter + - nsd-notify handles option -y key:secret to TSIG sign outgoing + queries. + - the acl checks now verify TSIG signatures on the query. + - iterated_hash compiles with ssl disabled. + - new ipc NSD_ZONE_STATE sent by xfrd to nsd process. notifies + nsd of the state (ok or expired) of a zone. + - reload process waits for the old server_main to exit to make + sure there is no race condition listening to the NSD_ZONE_STATE + messages generated when reload sends SOA_INFO to xfrd. + - server_main and children all set zone_ok state in config options. + also server_main so that newly forked children get the right state. + - if a secondary zone is expired, NSD returns SERVFAIL. + a transient error, so resolvers try again later. + - SOA_END ipc message, sent by reload to xfrd, so it can repeat + all zone states (which can have changed during reload). + - zone_is_ok kept in config section so that state for zones + without data is not lost. Those have no zone_type*. + - secondary zones start in the expired state. + - if expired zones are updated, then NSD gets the go ahead from + xfrd after reload sends SOAINFO/SOAEND msg, so it is really + updated in nsd memory. + - fixed tpkg xfr_1 to have longer expiry times (from 0 and 3 + seconds to 2000 and 3000 seconds), so the zone does not expire + during the test anymore. + +4 May 2006: Wouter + - when a new lease is acquired xfrd_packet_newlease result is used. + - if a zone is lost in nsd db, xfrd will update state to match. + - IXFR can use TSIG in queries and verify responses. + - Fixed memory leak in xfrd tsig handling. + +3 May 2006: Wouter + - forward of 2.3.4 RELNOTES into trunk. + - debug log statements to track xfrd request rounds. + - removed memleak from handle_passed_packet in xfrd. + - faster find_zone in difffile.c. + - nsd-patch writes commit log entries into zone file. + - took some tsig.c enhancements from 3 branch, + -> if key or algo changes during connection, return bad_key, + -> debug statement neater. + - nsd adds tsig keys to tsig keyring at startup. + +2 May 2006: Wouter + - ifdef inet6 back on ss_family usage in server.c. + - nsd-checkconf ip6 ifdefs improved. + - xfrd tries servers 3 rounds, then waits for next retry. + +1 May 2006: Wouter + - off_t used for 64bit fileio. + - searches for smallest unused part and sets diff_skip to that. + - doc comment near the region_free_all for every query about + malloc speed. + - null ptr in strcmp does not work on bsd, fixed nsd-checkconf. + - made nsd.conf.sample.in so the sample gets prefix-corrected. + - removed nsd.zones.sample. + - makedist.sh added manual pages for nsd-xfer nsd-patch. + - install/uninstall nsd-patch, nsd-checkconf and manpage. + small update readme. + +28 Apr 2006: Wouter + - ixfr >64k in xfrd. + - fixed length of new commit parts. + - fixed multiple ipc reads in xfrd. + - fixed multiple packet ixfr read in diff file. + Miek: + - Forward port fixes for nsd-xfer and nsd-notify + +27 Apr 2006: + Wouter: + - nsec3 review fixes. + - diff file format expanded for >64kb transfer support. + - diff reader adjusted for >64kb. + Jelte: + - small non-null options check in nsd.c. + Miek: + - updated nsd-checkconf for zone parse shell script support. + +25 Apr 2006: Wouter + - Tests on NSEC3 code. Fixed that the unsecure delegations also + have _ds_ parent nsec3 prehashes, so that they get proper NSEC3s. + NSD will serve NSEC3s to prove 'opt-out' also if the opt-out bit + is (erroneously) not set. + - For the 05pre2 draft section 5.4.8.1. QTYPE is NSEC3, only NSEC3 + RRsets at name. Fixed that RRSIGs present do not matter. + And also the closest encloser proof in that case fixed. + If wildcard exists below zone apex servfails (cannot disprove + it and NSD cannot instantiate the wildcard at that point). + +24 Apr 2006: Miek + Miek: + - forward port nsid (disabled by default) + Wouter: + - nsd-patch manual page. + - minor MacOSX port fixes. + - xfrd-reload-timeout: config option. + - if you set the xfrd reload timeout to -1 it will not + automatically reload after a transfer. User can reload. + - reload timeout is a wait period after the reload is triggered. + - more verbose acl logging. Validated acls are logged in detail. + Invalid acls are only logged in debug mode, level >= 1. + - log message when xfrd tcp connections max out. + - if unknown NSEC3 hash type (not SHA-1), disable NSEC3. + - xfrd randomizes the timeouts, within 10% of original, + to spread out activity. Short timeouts < 10 seconds are not + affected, and will give activity bursts (on startup for example). + +21 Apr 2006: Wouter + - put NSEC3 code in nsec3.c and nsec3.h. + - iterated_hash only adds the salt if salt_len > 0. + - added some assertions and cleanups to nsec3 code. + - prehash also calcs the nsec3_last domain*. + - dbaccess when reading in will set the rr_type.owner value. + - changed namedb_find_zone to domain_find_zone, log msgs. + - implemented logic from nsec draft 05-pre2 section 5.4.1 - 5.4.8. + NSEC3 responses only happen for nsd compiled with --enable-nsec3 + and for zones where an NSEC3 with the SOA bit set exists. + - added prehash pointer to ds parent side cover for opt out. + - removed dynamic plugins. Dynamic plugin support is an explicit + non-requirement (under creeping featurism). + - in domain table create root nsec3 ptrs are NULL. + +20 Apr 2006: Wouter + - Unittest of base 32 encoding. + - unittest start for iterated hash. + - fixed for ctrlc in debug mode. + - delete zparser_conv_long, not used, not needed + - nsd-xfer will display NSEC3 correctly. zonec parses. + - improved usage() line from zonec, about -c none, must be -C. + - base32 printed in lowercase (canonical format for DNS). + - NSEC3 added prehash pointers to the namedb. + - NSEC3 autodetects presence of NSEC3 in zone and parameters. + +19 Apr 2006: Wouter + - port fix base10 in zonec conv short from 2_2 branch to trunk. + and conv byte, algo, certificate, long. + - configure option to enable NSEC3 (--enable-nsec3) support. + - from Ben Laurie's NSEC3 patch, loaned the parse code, + base32 conversion code and iterated_hash. + With some small modifications. The type rrdescriptors are + indexed by value below SPF, and in + rdata_wireformat_to_rdata_atoms BINARYWITHLENGTH checks + for end of buffer. Also parser checks for '-' salt. + Some layout (spaces after ,s). And NSEC3 define is used. + strtol used for iterations is base 10. + - moved rrtype descriptor table sanity check to unittest. + +18 Apr 2006: Wouter + - Fixed check for SOA IN, bad ntohs in the check. + - minimum timeout also enforced for very low expire times. + - report the actual used length of the sockaddr to sento + for FreeBSD. + +7 Apr 2006: Wouter + - modified the kill_nsd tpkg so that it waits up to 10x5 secs + for nsd to make the pid file, and it wait up to 10x5 secs for + nsd to exit after the kill signal is given. + - xfrd checks on startup if there is trailing garbage in the + diff file, left there by a previous xfrd killed in action. + It then snips off any partial parts, so service can resume. + Also the difffile_skip pos is set before any partial record there. + - first version of nsd-patch; reads db and ixfrs and updates zones. + - moved print_rdata from nsd-xfer to rdata.h to share code. + - moved print_rr from nsd-xfer to util.h to share code. + +6 Apr 2006: Wouter + - notify handler passes acl number that matches to xfrd. + - xfrd keeps a next_master for a zone, and sets it after notify. + when notified nsd will try to contact the master that sent + the notify, if send from an address that is both in acl + allow-notify and request-xfr. + - xfrd closes its tcp and udp sockets on exit. + - default names for diff file and xfrd state nicer. + - fixed up kill nsd grep on ps. + - fixed up race conditions in test script for kill nsd + wait for pid file creation by nsd, and grep -v grep in check. + - in nsd signal-flags inherited from the parent are zeroed + when a server_child starts. Also the server_child switches back + to NSD_RUN mode when a bad mode happens. + - check if ixfrs start from the version in memory. + - if IXFR/AXFR ends in a serial that is newer than the serial + that was sent in an notify, update the notified serial. + +5 Apr 2006: Wouter + - added lowerbound for retry timeout. + - added extra assertions to xfrd-tcp.c, saying that the waiting line + for tcp connections must be empty if the counter is below max. + - setup so that the first master tried is the first in acl list. + - diff file skips OPT and TSIG RRs if they are put into the answer + section. + - if IXFR contains an RR to delete that does not exist, nothing + happens. + - update zone for NS, RRSIG also if multiple RRs in the rrset. + - difffile: create zone struct also if domain exists already. + - difffile: destroy temp region on error. + - difffile: in delete_RR, create temp region outside of the routine, + so no alloc region, destroy region for every deleted RR. + - difffile: for IXFR: do not delete final SOA RR. + - difffile: unknown parts in file is an error. + - difffile: EOF on last packet is ignored w/o giving an error. + +4 Apr 2006: Wouter + - Addes EACCES to the netio dispatch error bailout. + - Removed EACCESS (probably due to log_msg), error on close + xfrd pipe is small, main process closes its end, and hopes for + the best). + - review: return on error condition in xfrd_tcp_open fixed. + - review: expired when time >= expire_time, so it will not wait + for the retry after expire until it will detect the expiredness. + - removed duplicate lines from xfrd_handle_zone_timeout. + - review: copy of uint32_t using memcpy to avoid unaligned memory + accesses. + - review: fd=-1 removed from set_refresh_now; only does timer. + - on a tcp timeout it will retry immediately (instead of waiting + another retry timeout). This means if you set refresh_now, it will + interrupt a tcp-timer for a fresh retry with the next master. + - put null in buffer for xfrd read state. + - log msg uses string that exists instead of overwritten buffer. + - read entry sets refresh depending on current time, + and makes sure not to check soa contents if none provided. + added explanatory comments. + - EACCES back in check. + - server_main first checks for terminated children, then select(). + So when select is interrupted, by kill or quitting children, + it will first see if it has to quit itself, before restarting + the children. + - destroy tempregion xfrd read on error. + - check for serial existence in xfrd_handle_incoming_soa. + - handle_incoming_soa uses set_timer_refresh routine. + and can handle expire times < refresh times. + - log msg for udp socket() error. + - review: xfrd_parse_soa_info email parse uses correct buffer spot. + - added a lowerbound to refresh interval (=1 second now). + - upon receipt of a IXFR, if the serial is older than the notified + serial, the zone stays refreshing (but the ixfr is saved). + +3 Apr 2006: Wouter + - Added buffer length check to internal ipc. + - split out packet_read_query_section from the process_query_section + routine (and moved to packet.c/h). + - xfrd reads passed packet via ipc. + - ported over fix to 2_2 on missing rr types by removing the + duplicate RRtype array, and using rrtype_to_string. + - xfrd handles notifies. immediately starts updating. + - xfrd state file format fix. + - removed libwrap stuff - superseded by acls. + use provide-xfr: statements for your zone in the config file. + updated README for this. + - updated tpkg tests for axfr to use provide-xfr: 127.0.0.1 NOKEY + - review: move var create to start of function (xfrd_init()). + +31 Mar 2006: Wouter + - zone type has a pointer to zone options. + - nsd options has an rbtree to find zone options in. + - nsd checks acl for incoming notifies and replies + error or confirmation. + - nicer layout in options.c. + - updated makefile dependencies. + - fixed sz for SOA_INFO ipc, which was too small. + - notify is sent to server_main, server_main sends it to xfrd. + +30 Mar 2006: Wouter + - include: documented in manual page. + - MAXINCLUDES define in one place (config.h). + - configure checks for strptime in include files. + - use %d instead of %zd (sparc5 machine does not get zd). + - use region_strdup in configlexer. + - added a check for EINVAL in dispatch - will abort + on the error instead of busy hang. + +29 Mar 2006: Wouter + - \r for config lexer. (similar changes to zonelexer). + - forward port of fix to 2_2 branch: + short int in var_arg is promoted to int, according to B. Laurie. + The same logic for %o, %d %x would hold for %u I think. + - in XFRD, soa prim_ns and email domain names are kept in a max + size buffer. + - split up dname_parse into parse from string to wireformat + and parse from wireformat to memoryformat, so both can be called. + - split up dname_make_from_packet into reading the wireformat + from the packet and the dname_make, so both can be called. + - xfrd reads all soa info from incoming xfr packets. + - xfrd will ignore TC bit on tcp channels. + - nsd sends xfrd all soa info, including ttl and dnames. + - config file now has an include: filename directive. + +28 Mar 2006: Miek + - forward port fixes for zone compiler and \r. svn:1926-1927 + - add DO bit MASK and remove the !! construct + +17 Mar 2006: Wouter + - according to axfr-clarify, added comments that we check + more leniently on further responses on a TCP stream. + +16 Mar 2006: Wouter + - Fixed up SOA INFO Send routines. Send from server works. + - niced up xfrd state file. + - Fixed up so that after a reload it will continue in diff file + where it left off. + - made send of SOA info use write_socket, in case of short writes. + - redesigned xfrd_tcp_read to use the same code for ipc read. + - no free()s before xfrd exit. + - xfrd handles incoming SOA INFO ipc packets. + - removed debug, updated zones get SOA INFO sent. + +15 Mar 2006: Wouter + - Fixed up domain table insert, it was being used in routines + that originate from nsd-xfer that do not set compression numbers + correctly. + - memleak fix in difffile in case of error. + - difffile processing works so that NSD can read an axfr saved + into the nsd.diff file. (xfrd already request and save it there). + - split off xfrd tcp handling into xfrd-tcp.c. + - cleaned up send_udp in xfrd, and read_state. + - removed xfrd tcp_send_blocking. + - xfrd sets state from ok to refresh to expired based on timeout. + - xfrd sets reload timeout. + - Added zone updated to keep track of zones that are changed + after a reload. These zones get their information notified + to xfrd. + - removed unused zprintrr declaration from zonec.h + - nsd sends soa information to xfrd. + +14 Mar 2006: Wouter + - TODO updated + - worked on reload ixfr. It will add/delete RRs and zones. + - xfrd receive parse of xfr messages improved. writes commit. + - server compressed_dname_offsets table is increased if reload + creates extra names. + - difffile will create zone and apex if not there (i.e. the zone + is configured but no data file provided). + - bit more verbose in error message for bad diff file. + - Typo fix in sample config file. + +13 Mar 2006: Wouter + - configure sets fseek (fgetpos/fsetpos) to use 64 bit interface + with _FILE_OFFSET_BITS=64. + - nsd will skip loading the .db if the DB checksum is the same. + - Miek added trace test and nsd kill test. + - Wouter worked on diff file c. + +10 Mar 2006: Wouter + - Cleanup of UDP/TCP code in XFRD. + - xfrd now has tcp max connections and managing. tcp read/write. + - response TC on UDP ixfr, starts TCP. + - sends correct ixfr and axfr queries, a bind server answers. + - made packet_skip_dname() public. + - sets read/write event flags for tcp fd right. + +9 Mar 2006: Wouter + - Removed header from DIFF file format. CRC not that important there, + you have to check the packets anyway. + - cutest rbtree removed unused clean_rbtree and always_fail routines. + - xfrd timeout handler, more work. Checks expire. + +8 Mar 2006: Wouter + - xfrd sends UDP xfr request to master(s) with timeouts, and stores + returned data on disk. + - updated dependencies and declaration of write_soa_buffer. + +7 Mar 2006: Wouter + - Fixed printfs for size_t warnings on Mac OsX. + +6 Mar 2006: nsd-team + * Wouter: xfrd read and write work. Statefile is "nsd.xfst". + * Wouter: nsd-checkconf checks dname parse of zone name:. + * Wouter: updated difffile in parser.y, production in server: clause. + * Wouter: zonec now takes -C for 'no config file' option. + * Wouter: updated configyyrename.h for bison 1.875d on sparc. + * Miek: zonec -h and nsd -h exit with exit code = 0. + * Miek & Wouter: updated tpkgs to work again. + * Wouter: xfrd read handle soas, handle soa_incoming part. + * Wouter: moved compare_serial() from nsd-xfer to util.h. + +4 Mar 2006: Wouter + - xfrd zone and soa memory structure definitions. + - xfrd init zones. + - xfrd read and write state file code. + - option for difffile: and xfrdfile: config lines. + +3 Mar 2006: Wouter + - Removed double kill after reload. Only socket cmd send. + - Added code to handle race condition where xfrd is restarted + during a successful reload. Afterwards, the new server_main + only has the old xfrd pid, new xfrd is an orphan. + Solution: when xfrd closes cmd channel (i.e. it quit) + unexpectedly, send sighup to all processes in the group. + This should quit the orphan & all children & reload the + server_main, which will fork the children and xfrd again. + +2 Mar 2006: Wouter + - Added nsd-checkconf.8 to makedist.sh replace list. + - DIFF file format updated. + - removed tsigkey->server value, it was read in, but unused. + - new function to add config file keys to tsig. + - nsd-checkconf checks parsing of keys. + - Updated sample key file with valid keys. + - added first xfrd files. xfrd is started from server_main. + xfrd listens to server and server to xfrd. xfrd is restarted + if it dies unexpectedly. xfrd quits when server signals it. + xfrd survives nsd reloads. + - nsd_options no longer global variable. + +1 Mar 2006: Wouter + - Nicer text in nsd.8. + - nsd.c prettier code in option handling. + - zonec.c code prettier in option handling, also chdir bug removed. + zonec uses the zone definitions in the config file. + updated zonec.8 and usage(). + - nsd also chdirs to the zonedir, otherwise nsd and zonec would + try to read the database: file from different directories. + .(it does the chdir before the chroot call.) + - new calling syntax for zonec and nsd, because of new config file. + - options added acl acceptance tests (no tsig yet). + - added unit test for options.c - for acl tests. + - zonec removed unused vars, nsd-checkconf print arguments. + - nsd-checkconf.8 manual page. + +28 Feb 2006: Wouter + - checked in options.h and config parser code. + - also nsd-checkconf that will test a config file + .(and optionally show what was read). + - default identity has a spelling error. + - Small fix (typo in example) to config manual page. + - Added ; to configparser.y to please bison 1.75 on bsd. + - Will check for blocked addresses in outgoing acls. Also ranges. + - Check configuration tpkg test added. Uses checkconf. + - checkconf does extra semantic tests. i.e. enable absent features. + - tcpcount and servercount cannot be negative. + - updated nsd.conf.5 manpage for @port syntax. + - changed config parser: allows empty server: part (defaults). + - made nsd.conf.sample file. + - put option to configure for CONFIG_FILE nsd.conf location. + Note. Already nsdc.conf exists. Both exist now. + - updated makefile dependencies (gcc -MM). + - getopt optstring in nsd-checkconf updated ("v" only option). + - Added config .o files to nsd and zonec. This compiles. + - Added commandline option -c configfile to zonec and nsd. + configure defaults < configfile < commandline options in importance. + +24 Feb 2006: Wouter + - Added compute_crc in util.h and unit tests for it. + - in cutest.tpkg the number of unit tests was hardcoded + in the tpkg package. Removed the dependency, cutest exit + value indicates if any failures happened. + - Added crc at end of NSD-database format. Unique per db. + upped db version to 7 because of this. + - Tested that crcs are big/little endian correct. + - Added DIFF file spec + - updated tpkg213 which compares md5 on a zonefile for new format. + - added nsd.conf.5 manual page with a draft contents. + +22 Feb 2006: nsd-team + * Miek: Changed over to Cutest testing framework. + * Miek: fixed typo in netio.h + * Miek: fix syntax in rbtree.c put functions on multiple lines. + * Miek: unit test tpkg for cutest. + * Wouter: fixed ptr bug in rbtree unit test. + +17 Feb 2006: Wouter + - rbtree_delete is added and works. Unit tests are there too. + - Changed tail recursion in rbtree_delete to while loop. + - Tagged this version as NSD_3_signalsocket_solution. + It is the stable 2_2 branch with cleanups, portable, and + signalhandler solution by socket communication redesign. + +15 Feb 2006: nsd-team + * Wouter: Fixed server_child would wait for two kill signals before quit. + * Miek: don't check for port==0 pkt, just try to send them. + Forward Port of 2.3. + * Wouter: Removed unused, not substituted, @nsdxfer@ from Makefile.in. + +14 Feb 2006: Wouter + - Added unit tests for rbtree. Extensive testing of all functions. + - Added tpkg unit test. + - configure tests for CUnit(optional lib for unit tests). Makefile + cleanup so it works on non-gmake on freebsd. + +13 Feb 2006: Wouter + - Removed timespec_add(current_time) in server_main, the timeout was + relative, not absolute. This fixes EINVAL on the timeout on freebsd. + - Added check in configure for compiler flags. Used for -Wextra. + - Added check in configure for va_list definition conflict between + stdio and stdarg. This happens on DEC Alpha/Debian. + - removed --enable-mmap configure option. There is no mmap support + in the current codebase. + - renamed local prev to next in domain_next() in namedb.h. + - Removed heap.h. It was not used. Heap and rbtree are mingled anyway. + - in netio.c, in dispatch, it would store the next pointer 'in case + the handler removes itself'. But if the handler removes that next. + Then it would fail. So stored the next in struct netio. + This removes a potential bug. Netio_dispatch is not reentrant. + Reentry would need a list of iterator* in struct netio. + - Changed process_query() to server_process_query(). It is too + similar to query_process(). + +10 Feb 2006: nsd-team + * Wouter: Improved configure.ac to detect pselect in sys/select. + The check works on freebsd(yes) and fedoracore 3 and 4 (no). + I hope it also works on Solaris. + Also various other prototypes were implicit: chroot, strptime, ... + These are also solved. + * Wouter: Checked configure on sparc5(solaris). Added check for + ctime_r in time.h (for tsig.c). This conf also works on freebsd/linux. + * Wouter: Updated dependencies in makefile for plugin headers. + These are included only when --enable-plugins is present. + * Wouter: Added a send quit over socket to kill commands in server_main, + These act when the fork children fails. If the kill fails, the + socket command hopefully still works. + * Wouter: Put reload code into a separate function. It communicates with + a socket to the old parent, and sends it a quit command. This works + and terminates the old nsd. Left in the kill as a double failsafe. + If the reload process dies, then the parent closes the socket. + * Wouter: Separated the signal mode from the socket-determined nsd->mode. + Every signal function has a variable, so that multiple signals can + arrive. Only the number of signals of the same type is lost, but not + important for nsd. The signals are handled in turn by the run loop. + This completes the coding to remove signal race conditions: + - nsd uses sockets to communicate with its subprocesses(server,reload). + - signal handler routine contains no lengthy system calls. + - signals cannot overwrite a previous signal. + * Wouter: fixed problem where nsd->mode and mode are different in + server_main. Nsd would kill the children, but then restart them again. + +09 Feb 2006: nsd-team + * Wouter: Updated dependencies in Makefile (regenerated them with gcc -MM). + * Wouter: Used splint on the source (with settings to reduce spam.) + And came to the following changes: + - In util.h, make it respect HAVE_CONFIG_H and HAVE_SYSLOG_H. + Also it now defines fallback values for #defines in syslog h. + - Added explicit cast to (unsigned int) in snprintf in dname.c, + dname_to_string routine. + * Wouter: Used extra warnings during gcc compile. -Wextra -Wall + -pedantic -Wbad-function-cast -Wmissing-declarations + -Wmissing-prototypes -Wnested-externs -Wold-style-definition + -Wstrict-prototypes -Wdeclaration-after-statement. + Using -Wtraditional gives too many warnings. + * Wouter: Found a problem with pselect. sys/select.h does not by default + provide the pselect function definition. configure script is + adjusted to test for this and enable _XOPEN_SOURCE=600 to get it. + Found this using the gcc warnings. + * Wouter: dname and rbtree test apps were in make clean target, but + do not exist anymore. Removed from make clean target. + * Wouter: in util log_file() the epoch time_t is passed to printf + without an int cast. Found using extra gcc warnings. + * Wouter: In server.c fixed some signed-unsigned comparisons + using the extra gcc warnings. + - in shutdown and int was used instead of size_t. + - in server_main timeout(signed) was compared with unsigned. + - unused variable in new handler functions. + - in handle_child_command int i instead of size_t was used. + - in zonec the process_rr routine was missing (void) as paramlist. + * Wouter: Added -Wall and -Wextra when --enable-checking is enabled. + * Miek: Ported over the big fat enable checking configure warning. + * Wouter: fixed configure check for pselect on freebsd. + +08 Feb 2006: nsd-team + * Wouter: In server.c also sockets from unexpectedly dead childs are closed. + * Wouter: in nsd.c and server.c cleaned out the signal handler, so that + it only includes two switch/if statements and alters only the mode. + No more calls to alarm(), waitpid(), write(), log_msg(). + Instead the work is done in the runloop in server.c and sent by socket. + Also the parent now waits for children. Parent restarts them. + * Wouter: Fixup, the children will quit if the parent closes the command + socket. If parent is killed, they will exit too. + * Wouter: The server_main now listens to children command channels. + Included timeout to check for terminated processes. + Test says that new signal handler works, and child->parent comm. + +07 Feb 2006: nsd-team + * Miek: configure.ac version to 3.0.0 + * Miek: looked at: buffer.{ch}, answer.{ch}, dns.{ch} + those files don't have any changes, except for dns.{ch} for the + explicit compression. + * Miek: looked at: zlexer.lex and zparser.y; only changes there + for the database changes. + * Wouter: Changed buffer in write_pid from 16 bytes to 32 bytes, + this makes 64 bit numbers fit in the buffer. + * Wouter: Socket connection between parent and child nsds added. + But sighandler now in worse shape. Need to close them. Remove kills. + * Wouter: close the parent and child command channel sockets in shutdown(). |