BIND 9.3.6rc1 is now available. BIND 9.3.6rc1 is a maintenance release for BIND 9.3. BIND 9.3.6rc1 can be downloaded from ftp://ftp.isc.org/isc/bind9/9.3.6rc1/bind-9.3.6rc1.tar.gz The PGP signature of the distribution is at ftp://ftp.isc.org/isc/bind9/9.3.6rc1/bind-9.3.6rc1.tar.gz.asc ftp://ftp.isc.org/isc/bind9/9.3.6rc1/bind-9.3.6rc1.tar.gz.sha256.asc ftp://ftp.isc.org/isc/bind9/9.3.6rc1/bind-9.3.6rc1.tar.gz.sha512.asc The signature was generated with the ISC public key, which is available at . A binary kit for Windows XP and Window 2003 is at ftp://ftp.isc.org/isc/bind9/9.3.6rc1/BIND9.3.6rc1.zip ftp://ftp.isc.org/isc/bind9/9.3.6rc1/BIND9.3.6rc1.debug.zip The PGP signature of the binary kit for Windows XP and Window 2003 is at ftp://ftp.isc.org/isc/bind9/9.3.6rc1/BIND9.3.6rc1.zip.asc ftp://ftp.isc.org/isc/bind9/9.3.6rc1/BIND9.3.6rc1.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.3.6rc1/BIND9.3.6rc1.zip.sha512.asc ftp://ftp.isc.org/isc/bind9/9.3.6rc1/BIND9.3.6rc1.debug.zip.asc ftp://ftp.isc.org/isc/bind9/9.3.6rc1/BIND9.3.6rc1.debug.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.3.6rc1/BIND9.3.6rc1.debug.zip.sha512.asc Changes since 9.3.0. --- 9.3.6rc1 released --- 2473. [port] linux: raise the limit on open files to the possible maximum value before spawning threads; 'files' specified in named.conf doesn't seem to work with threads as expected. [RT #18784] 2472. [port] linux: check the number of available cpu's before calling chroot as it depends on "/proc". [RT #16923] 2469. [port] solaris: Work around Solaris's select() limitations. [RT #18769] 2468. [bug] Resolver could try unreachable servers multiple times. [RT #18739] 2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740] 2465. [bug] Adb's handling of lame addresses was different for IPv4 and IPv6. [RT #18738] 2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket API and glibc hides parts of the IPv6 Advanced Socket API as a result. This is stupid as it breaks how the two halves (Basic and Advanced) of the IPv6 Socket API were designed to be used but we have to live with it. Define _GNU_SOURCE to pull in the IPv6 Advanced Socket API. [RT #18388] 2462. [doc] Document -m (enable memory usage debugging) option for dig. [RT #18757] 2461. [port] sunos: Change #2363 was not complete. [RT #17513] 2458. [doc] ARM: update and correction for max-cache-size. [RT #18294] 2455. [bug] Stop metadata being transfered via axfr/ixfr. [RT #18639] 2453. [bug] Remove NULL pointer dereference in dns_journal_print(). [RT #18316] 2449. [bug] libbind: Out of bounds reference in dns_ho.c:addrsort. [RT #18044] 2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery (clear DF) for UDP responses and requests. --- 9.3.6b1 released --- 2443. [bug] win32: UDP connect() would not generate an event, and so connected UDP sockets would never clean up. Fix this by doing an immediate WSAConnect() rather than an io completion port type for UDP. 2438. [bug] Timeouts could be logged incorrectly under win32. [RT #18617] 2437. [bug] Sockets could be closed too early, leading to inconsistent states in the socket module. [RT #18298] 2436. [security] win32: UDP client handler can be shutdown. [RT #18576] 2432. [bug] More Windows socket handling improvements. Stop using I/O events and use IO Completion Ports throughout. Rewrite the receive path logic to make it easier to support multiple simultaneous requestrs in the future. Add stricter consistency checking as a compile-time option (define ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off). 2430. [bug] win32: isc_interval_set() could round down to zero if the input was less than NS_INTERVAL nanoseconds. Round up instead. [RT #18549] 2429. [doc] nsupdate should be in section 1 of the man pages. [RT #18283] 2426. [bug] libbind: inet_net_pton() can sometimes return the wrong value if excessively large netmasks are supplied. [RT #18512] 2425. [bug] named didn't detect unavailable query source addresses at load time. [RT #18536] 2424. [port] configure now probes for a working epoll implementation. Allow the use of kqueue, epoll and /dev/poll to be selected at compile time. [RT #18277] 2422. [bug] Handle the special return value of a empty node as if it was a NXRRSET in the validator. [RT #18447] 2421. [func] Add new command line option '-S' for named to specify the max number of sockets. [RT #18493] Use caution: this option may not work for some operating systems without rebuilding named. 2420. [bug] Windows socket handling cleanup. Let the io completion event send out cancelled read/write done events, which keeps us from writing to memeory we no longer have ownership of. Add debugging socket_log() function. Rework TCP socket handling to not leak sockets. 2417. [bug] Connecting UDP sockets for outgoing queries could unexpectedly fail with an 'address already in use' error. [RT #18411] 2416. [func] Log file descriptors that cause exceeding the internal maximum. [RT #18460] 2414. [bug] A masterdump context held the database lock too long, causing various troubles such as dead lock and recursive lock acquisition. [RT #18311, #18456] 2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442] 2412. [bug] win32: address a resourse leak. [RT #18374] 2411. [bug] Allow using a larger number of sockets than FD_SETSIZE for select(). To enable this, set ISC_SOCKET_MAXSOCKETS at compilation time. [RT #18433] 2410. [bug] Correctly delete m_versionInfo. [RT #18432] 2408. [bug] A duplicate TCP dispatch event could be sent, which could then trigger an assertion failure in resquery_response(). [RT #18275] 2407. [port] hpux: test for sys/dyntune.h. [RT #18421] 2404. [port] hpux: files unlimited support. 2403. [bug] TSIG context leak. [RT #18341] 2402. [port] Support Solaris 2.11 and over. [RT #18362] 2401. [bug] Expect to get E[MN]FILE errno internal_accept() (from accept() or fcntl() system calls). [RT #18358] 2399. [bug] Abort timeout queries to reduce the number of open UDP sockets. [RT #18367] 2398. [bug] Improve file descriptor management. New, temporary, named.conf option reserved-sockets, default 512. [RT #18344] 2396. [bug] Don't set SO_REUSEADDR for randomized ports. [RT #18336] 2395. [port] Avoid warning and no effect from "files unlimited" on Linux when running as root. [RT #18335] 2394. [bug] Default configuration options set the limit for open files to 'unlimited' as described in the documentation. [RT #18331] 2392. [bug] remove 'grep -q' from acl test script, some platforms don't support it. [RT #18253] 2391 [port] hpux: cover additional recvmsg() error codes. [RT #18301] 2390 [bug] dispatch.c could make a false warning on 'odd socket'. [RT #18301]. 2389 [bug] Move the "working directory writable" check to after the ns_os_changeuser() call. [RT #18326] 2386. [func] Add warning about too small 'open files' limit. [RT #18269] 2385. [bug] A condition variable in socket.c could leak in rare error handling [RT #17968]. 2384. [security] Additional support for query port randomization (change #2375) including performance improvement and port range specification. [RT #17949, #18098] 2383. [bug] named could double queries when they resulted in SERVFAIL due to overkilling EDNS0 failure detection. [RT #18182] 2382. [doc] Add a description SSHFP to ARM. 2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET proofs which, in turn, caused validation failures for insecure zones immediately below a secure zone the server was authoritative for. [RT #18112] 2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant TLDs and supported RRs with TTLs [RT #17972] 2377. [bug] Address race condition in dnssec-signzone. [RT #18142] 2376. [bug] Change #2144 was not complete. 2375. [security] Fully randomize UDP query ports to improve forgery resilience. [RT #17949] 2369. [bug] libbind: Array bounds overrun on read in bitncmp(). [RT #18054] 2364. [bug] named could trigger an assertion when serving a malformed signed zone. [RT #17828] 2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;". [RT #17513] 2361. [bug] "recursion" statistics counter could be counted multiple times for a single query. [RT #17990] 2358. [doc] Update host's default query description. [RT #17934] 2356. [bug] Built in mutex profiler was not scalable enough. [RT #17436] 2353. [func] libbind: nsid support. [RT #17091] 2350. [port] win32: IPv6 support. [RT #17797] 2347. [bug] Delete now traverses the RB tree in the canonical order. [RT #17451] 2345. [bug] named-checkconf failed to detect when forwarders were set at both the options/view level and in a root zone. [RT #17671] 2344. [bug] Improve "logging{ file ...; };" documentation. [RT #17888] 2343. [bug] (Seemingly) duplicate IPv6 entries could be created in ADB. [RT #17837] 2341. [bug] libbind: add missing -I../include for off source tree builds. [RT #17606] 2340. [port] openbsd: interface configuration. [RT #17700] 2335. [port] sunos: libbind and *printf() support for long long. [RT #17513] 2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one bug in fromstruct_txt(). [RT #17609] 2333. [bug] Fix off by one error in isc_time_nowplusinterval(). [RT #17608] 2332. [contrib] query-loc-0.4.0. [RT #17602] 2331. [bug] Failure to regenerate any signatures was not being reported nor being past back to the UPDATE client. [RT #17570] 2330. [bug] Remove potential race condition when handling over memory events. [RT #17572] WARNING: API CHANGE: over memory callback function now needs to call isc_mem_waterack(). See for details. 2329. [bug] Clearer help text for dig's '-x' and '-i' options. 2325. [port] Linux: use capset() function if available. [RT #17557] --- 9.3.5 released --- --- 9.3.5rc2 released --- 2338. [bug] check_ds() could be called with a non DS rdataset. [RT #17598] 2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614] --- 9.3.5rc1 released --- 2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET, F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET, J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and M.ROOT-SERVERS.NET. 2323. [port] tru64: namespace clash. [RT #17547] 2322. [port] MacOS: work around the limitation of setrlimit() for RLIMIT_NOFILE. [RT #17526] 2321. [bug] Silence Coverity warnings in lib/dns/master.c, lib/dns/rbtdb.c, lib/isccfg/namedconf.c, lib/dns/tsig.c and bin/dnssec/dnssec-signzone.c. 2319. [bug] Silence Coverity warnings in lib/dns/rdata/in_1/apl_42.c. [RT #17469] 2318. [port] sunos fixes for libbind. [RT #17514] 2314. [bug] Uninitialized memory use on error path in bin/named/lwdnoop.c. [RT #17476] 2313. [cleanup] Silence Coverity warnings. Handle private stacks. [RT #17447] [RT #17478] 2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c. [RT #17458] 2311. [func] Update ACL regression test. [RT #17462] 2310. [bug] dig, host, nslookup: flush stdout before emitting debug/fatal messages. [RT #17501] 2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c. [RT #17495] 2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496] 2305. [security] inet_network() buffer overflow. CVE-2008-0122. 2304. [bug] Check returns from all dns_rdata_tostruct() calls. [RT #17460] 2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c. [RT #17471] 2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472] 2301. [bug] Remove resource leak and fix error messages in bin/tests/system/lwresd/lwtest.c. [RT #17474] 2300. [bug] Fixed failure to close open file in bin/tests/names/t_names.c. [RT #17473] 2299. [bug] Remove unnecessary NULL check in bin/nsupdate/nsupdate.c. [RT #17475] 2298. [bug] isc_mutex_lock() failure not caught in bin/tests/timers/t_timers.c. [RT #17468] 2297. [bug] isc_entropy_createfilesource() failure not caught in bin/tests/dst/t_dst.c. [RT #17467] 2296. [port] Allow docbook stylesheet location to be specified to configure. [RT #17457] 2295. [bug] Silence static overrun error in bin/named/lwaddr.c. [RT #17459] 2293. [func] Add ACL regression test. [RT #17375] 2292. [bug] Log if the working directory is not writable. [RT #17312] 2291. [bug] PR_SET_DUMPABLE may be set too late. Also report failure to set PR_SET_DUMPABLE. [RT #17312] 2290. [bug] Let AD in the query signal that the client wants AD set in the response. [RT #17301] 2288. [port] win32: mark service as running when we have finished loading. [RT #17441] 2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413] 2284. [bug] Memory leak in UPDATE prerequisite processing. [RT #17377] 2283. [bug] TSIG keys were not attaching to the memory context. TSIG keys should use the rings memory context rather than the clients memory context. [RT #17377] 2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available, to protect applications from receiving spurious SIGPIPE signals when using the resolver. 2277. [bug] Empty zone names were not correctly being caught at in the post parse checks. [RT #17357] --- 9.3.5b1 released --- 2273. [bug] Adjust log level to WARNING when saving inconsistent stub/slave master and journal files. [RT# 17279] 2272. [bug] Handle illegal dnssec-lookaside trust-anchor names. [RT #17262] 2270. [bug] dns_db_closeversion() version->writer could be reset before it is tested. [RT #17290] 2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232] 2265. [bug] Test that the memory context's basic_table is non NULL before freeing. [RT #17265] 2262. [bug] Error status from all but the last view could be lost. [RT #17292] 2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken. [RT #17241] 2257. [bug] win32: Use the full path to vcredist_x86.exe when calling it. [RT #17222] 2256. [bug] win32: Correctly register the installation location of bindevt.dll. [RT #17159] 2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42. 2254. [bug] timer.c:dispatch() failed to lock timer->lock when reading timer->idle allowing it to see intermediate values as timer->idle was reset by isc_timer_touch(). [RT #17243] 2251. [doc] Update memstatistics-file documentation to reflect reality. Note there is behaviour change for BIND 9.5. [RT #17113] 2249. [bug] Only set Authentic Data bit if client requested DNSSEC, per RFC 3655 [RT #17175] 2248. [cleanup] Fix several errors reported by Coverity. [RT #17160] 2247. [doc] Sort doc/misc/options. [RT #17067] 2246. [bug] Make the startup of test servers (ans.pl) more robust. [RT #17147] 2245. [bug] Validating lack of DS records at trust anchors wasn't working. [RT #17151] 2238. [bug] It was possible to trigger a REQUIRE when a validation was canceled. [RT #17106] 2237. [bug] libbind: res_init() was not thread aware. [RT #17123] 2236. [bug] dnssec-signzone failed to preserve the case of of wildcard owner names. [RT #17085] 2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134] 2229. [bug] Null pointer dereference on query pool creation failure. [RT #17133] 2232. [bug] dns_adb_findaddrinfo() could fail and return ISC_R_SUCCESS. [RT #17137] 2230. [bug] We could INSIST reading a corrupted journal. [RT #17132] 2228. [contrib] contrib: Change 2188 was incomplete. 2227. [cleanup] Tidied up the FAQ. [RT #17121] 2226. [bug] Fix build error. [RT #17124] 2225. [bug] More support for systems with no IPv4 addresses. [RT #17111] 2224. [bug] Defer journal compaction if a xfrin is in progress. [RT #17119] 2223. [bug] Make a new journal when compacting. [RT #17119] 2221. [bug] Set the event result code to reflect the actual record returned to caller when a cache update is rejected due to a more credible answer existing. [RT #17017] 2220. [bug] win32: Address a race condition in final shutdown of the Windows socket code. [RT #17028] 2218. [bug] Remove unnecessary REQUIRE from dns_validator_create(). [RT #16976] 2216. [cleanup] Fix a number of errors reported by Coverity. [RT #17094] 2214. [bug] Deregister OpenSSL lock callback when cleaning up. [RT #17098] 2213. [bug] SIG0 diagnostic failure messages were looking at the wrong status code. [RT #17101] 2210. [bug] Deleting class specific records via UPDATE could fail. [RT #17074] 2209. [port] osx: linking against user supplied static OpenSSL libraries failed as the system ones were still being found. [RT #17078] 2208. [port] win32: make sure both build methods produce the same output. [RT #17058] 2205. [bug] libbind: change #2119 broke thread support. [RT #16982] 2200. [bug] The search for cached NSEC records was stopping to early leading to excessive DLV queries. [RT #16930] 2199. [bug] win32: don't call WSAStartup() while loading dlls. [RT #16911] 2198. [bug] win32: RegCloseKey() could be called when RegOpenKeyEx() failed. [RT #16911] 2197. [bug] Add INSIST to catch negative responses which are not setting the event result code appropriately. [RT #16909] 2196. [port] win32: yield processor while waiting for once to to complete. [RT #16958] 2194. [bug] Close journal before calling 'done' in xfrin.c. 2189. [bug] Handle socket() returning EINTR. [RT #15949] 2188. [contrib] queryperf: autoconf changes to make the search for libresolv or libbind more robust. [RT #16299] 2187. [bug] query_addds(), query_addwildcardproof() and query_addnxrrsetnsec() should take a version argument. [RT #16368] 2186. [port] cygwin: libbind: check for struct sockaddr_storage independently of IPv6. [RT #16482] 2185. [port] sunos: libbind: check for ssize_t, memmove() and memchr(). [RT #16463] 2183. [bug] dnssec-signzone didn't handle offline private keys well. [RT #16832] 2182. [bug] dns_dispatch_createtcp() and dispatch_createudp() could return ISC_R_SUCCESS when they ran out of memory. [RT #16365] 2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462] 2180. [cleanup] Remove bit test from 'compress_test' as they are no longer needed. [RT #16497] 2178. [bug] 'rndc reload' of a slave or stub zone resulted in a reference leak. [RT #16867] 2177. [bug] Array bounds overrun on read (rcodetext) at debug level 10+. [RT #16798] 2176. [contrib] dbus update to handle race condition during initialization (Bugzilla 235809). [RT #16842] 2175. [bug] win32: windows broadcast condition variable support was broken. [RT #16592] 2174. [bug] I/O errors should always be fatal when reading master files. [RT #16825] 2173. [port] win32: When compiling with MSVS 2005 SP1 we also need to ship Microsoft.VC80.MFCLOC. 2172. [bug] query_addsoa() was being called with a non zone db. [RT #16834] 2171. [bug] Handle breaks in DNSSEC trust chains where the parent servers are not DS aware (DS queries to the parent return a referral to the child). 2169. [bug] host, nslookup: when reporting NXDOMAIN report the given name and not the last name searched for. [RT #16763] 2168. [bug] nsupdate: in non-interactive mode treat syntax errors as fatal errors. [RT #16785] 2166. [bug] When running in batch mode, dig could misinterpret a server address as a name to be looked up, causing unexpected output. [RT #16743] 2161. [bug] 'rndc flush' could report a false success. [RT #16698] 2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned from getifaddrs(). [RT #16708] 2156. [bug] Fix node reference leaks in lookup.c:lookup_find(), resolver.c:validated() and resolver.c:cache_name(). Fix a memory leak in rbtdb.c:free_noqname(). Make lookup.c:lookup_find() robust against event leaks. [RT #16685] 2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com. [RT #16694] 2152. [cleanup] Use sizeof(buf) instead of fixed number in dighost.c:get_trusted_key(). [RT #16678] 2151. [bug] Missing newline in usage message for journalprint. [RT #16679] 2150. [bug] 'rrset-order cyclic' uniformly distribute the starting point for the first response for a given RRset. [RT #16655] 2147. [bug] libbind: remove potential buffer overflow from hmac_link.c. [RT #16437] 2146. [cleanup] Silence Linux's spurious "obsolete setsockopt SO_BSDCOMPAT" message. [RT #16641] 2145. [bug] Check DS/DLV digest lengths for known digests. [RT #16622] 2144. [cleanup] Suppress logging of SERVFAIL from forwarders. [RT #16619] 2143. [bug] We failed to restart the IPv6 client when the kernel failed to return the destination the packet was sent to. [RT #16613] 2142. [bug] Handle master files with a modification time that matches the epoch. [RT# 16612] 2140. [bug] libbind: missing unlock on pthread_key_create() failures. [RT #16654] 2139. [bug] dns_view_find() was being called with wrong type in adb.c. [RT #16670] 2136. [bug] nslookup/host looped if there was no search list and the host didn't exist. [RT #16657] 2132. [bug] Missing unlock on out of memory in dns_dispatchmgr_setudp(). 2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635] 2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563] 2120. [doc] Fix markup on nsupdate man page. [RT #16556] 2119. [compat] libbind: allow res_init() to succeed enough to return the default domain even if it was unable to allocate memory. 2118. [bug] Handle response with long chains of domain name compression pointers which point to other compression pointers. [RT #16427] 2117. [bug] DNSSEC fixes: named could fail to cache NSEC records which could lead to validation failures. named didn't handle negative DS responses that were in the process of being validated. Check CNAME bit before accepting NODATA proof. To be able to ignore a child NSEC there must be SOA (and NS) set in the bitmap. [RT #16399] 2116. [bug] 'rndc reload' could cause the cache to continually be cleaned. [RT #16401] 2115. [bug] 'rndc reconfig' could trigger a INSIST if the number of masters for a zone was reduced. [RT #16444] 2114. [bug] dig/host/nslookup: searches for names with multiple labels were failing. [RT #16447] 2113. [bug] nsupdate: if a zone is specified it should be used for server discover. [RT# 16455] 2111. [bug] Fix a number of errors reported by Coverity. [RT #16507] 2110. [bug] "minimal-responses yes;" interacted badly with BIND 8 priming queries. [RT #16491] 2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502] --- 9.3.4-P1 released --- 2203. [security] Query id generation was cryptographically weak. [RT # 16915] 2193. [port] win32: BINDInstall.exe is now linked statically. [RT #16906] 2192. [port] win32: use vcredist_x86.exe to install Visual Studio's redistributable dlls if building with Visual Stdio 2005 or later. --- 9.3.4 released --- 2126. [security] Serialize validation of type ANY responses. [RT #16555] 2124. [security] It was possible to dereference a freed fetch context. [RT #16584] --- 9.3.3 released --- 2107. [bug] dighost.c: more cleanup of buffers. [RT #16499] 2104. [port] Fix Solaris SMF error message. 2103. [port] Add /usr/sfw to list of locations for OpenSSL under Solaris. 2102. [port] Silence Solaris 10 warnings. 2101. [bug] OpenSSL version checks were not quite right. [RT #16476] 2100. [port] win32: copy libeay32.dll to Build\Debug. 2099. [port] win32: more manifest issues. --- 9.3.3rc3 released --- 2096. [bug] libbind: handle applications that fail to detect res_init() failures better. 2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and net_cidr_ntop_ipv6(). [RT #16388] 2094. [contrib] Update named-bootconf. [RT# 16404] 2092. [bug] win32: dig, host, nslookup. Use registry config if resolv.conf does not exist or no nameservers listed. [RT #15877] 2091. [port] dighost.c: race condition on cleanup. [RT #16417] 2090. [port] win32: Visual C++ 2005 command line manifest support. [RT #16417] 2089. [security] Raise the minimum safe OpenSSL versions to OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions prior to these have known security flaws which are (potentially) exploitable in named. [RT #16391] 2088. [security] Change the default RSA exponent from 3 to 65537. [RT #16391] 2086. [port] libbind: FreeBSD now has get*by*_r() functions. [RT #16403] 2085. [doc] win32: added index.html and README to zip. [RT #16201] 2084. [contrib] dbus update for 9.3.3rc2. 2083. [port] win32: Visual C++ 2005 support. 2082. [doc] Document 'cache-file' as a test only option. --- 9.3.3rc2 released --- 2081. [port] libbind: minor 64-bit portability fix in memcluster.c. [RT #16360] 2080. [port] libbind: res_init.c did not compile on older versions of Solaris. [RT #16363] 2076. [bug] Several files were missing #include causing build failures on OSF. [RT #16341] 2074. [bug] dns_request_createvia2(), dns_request_createvia3(), dns_request_createraw2() and dns_request_createraw3() failed to send multiple UDP requests. [RT #16349] 2066. [security] Handle SIG queries gracefully. [RT #16300] --- 9.3.3rc1 released --- 2071. [port] Test whether gcc accepts -fno-strict-aliasing. [RT #16324] 2070. [bug] The remote address was not always displayed when reporting dispatch failures. [RT #16315] 2069. [bug] Cross compiling was not working. [RT #16330] 2067. [bug] 'rndc' could close the socket too early triggering a INSIST under Windows. [RT #16317] 2065. [bug] libbind: probe for HPUX prototypes for endprotoent_r() and endservent_r(). [RT 16313] 2064. [bug] libbind: silence AIX compiler warnings. [RT #16218] 2063. [bug] Change #1955 introduced a bug which caused the first 'rndc flush' call to not free memory. [RT #16244] 2062. [bug] 'dig +nssearch' was reusing a buffer before it had been returned by the socket code. [RT #16307] 2057. [bug] Make setting "ra" dependent on both allow-query and allow-recursion. [RT #16290] 2056. [bug] dig: ixfr= was not being treated case insensitively at all times. [RT #15955] 2055. [bug] Missing goto after dropping multicast query. [RT #15944] 2054. [port] freebsd: do not explicitly link against -lpthread. [RT #16170] 2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220] 2052. [bug] 'rndc' improve connect failed message to report the failing address. [RT #15978] 2051. [port] More strtol() fixes. [RT #16249] 2050. [bug] Parsing of NSAP records was not case insensitive. [RT #16287] 2049. [bug] Restore SOA before AXFR when falling back from a attempted IXFR when transferring in a zone. Allow a initial SOA query before attempting a AXFR to be requested. [RT #16156] 2048. [bug] It was possible to loop forever when using avoid-v4-udp-ports / avoid-v6-udp-ports when the OS always returned the same local port. [RT #16182] 2047. [bug] Failed to initialize the interface flags to zero. [RT #16245] 2043. [port] nsupdate/nslookup: Force the flushing of the prompt for interactive sessions. [RT#16148] 2038. [bug] dig/nslookup/host was unlinking from wrong list when handling errors. [RT #16122] 2037. [func] When unlinking the first or last element in a list check that the list head points to the element to be unlinked. [RT #15959] 2036. [bug] 'rndc recursing' could cause trigger a REQUIRE. [RT #16075] 2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124] --- 9.3.3b1 released --- 2031. [bug] Emit a error message when "rndc refresh" is called on a non slave/stub zone. [RT # 16073] 2030. [bug] We were being overly conservative when disabling openssl engine support. [RT #16030] 2029. [bug] host printed out the server multiple times when specified on the command line. [RT #15992] 2028. [port] linux: socket.c compatibility for old systems. [RT #16015] 2027. [port] libbind: Solaris x86 support. [RT #16020] 2026. [bug] Rate limit the two recursive client exceeded messages. [RT #16044] 2024. [bug] named emitted spurious "zone serial unchanged" messages on reload. [RT #16027] 2023. [bug] "make install" should create ${localstatedir}/run and ${sysconfdir} if they do not exist. [RT #16033] 2016. [bug] Return a partial answer if recursion is not allowed but requested and we had the answer to the original qname. [RT #15945] 2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR responses more gracefully. [RT #15941] 2009. [bug] libbind: Coverity fixes. [RT #15808] 2005. [bug] libbind: Retransmission timeouts should be based on which attempt it is to the nameserver and not the nameserver itself. [RT #13548] 2004. [bug] dns_tsig_sign() could pass a NULL pointer to dst_context_destroy() when cleaning up after a error. [RT #15835] 2003. [bug] libbind: The DNS name/address lookup functions could occasionally follow a random pointer due to structures not being completely zeroed. [RT #15806] 2002. [bug] libbind: tighten the constraints on when struct addrinfo._ai_pad exists. [RT #15783] 2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812] 1998. [bug] Restrict handling of fifos as sockets to just SunOS. This allows named to connect to entropy gathering daemons that use fifos instead of sockets. [RT #15840] 1997. [bug] Named was failing to replace negative cache entries when a positive one for the type was learnt. [RT #15818] 1995. [bug] 'host' was reporting multiple "is an alias" messages. [RT #15702] 1994. [port] OpenSSL 0.9.8 support. [RT #15694] 1993. [bug] Log messages, via syslog, were missing the space after the timestamp if "print-time yes" was specified. [RT #15844] 1991. [cleanup] The configuration data, once read, should be treated as read only. Expand the use of const to enforce this at compile time. [RT #15813] 1990. [bug] libbind: isc's override of broken gettimeofday() implementations was not always effective. [RT #15709] 1989. [bug] win32: don't check the service password when re-installing. [RT #15882] 1985. [protocol] DLV has now been assigned a official type code of 32769. [RT #15807] Note: care should be taken to ensure you upgrade both named and dnssec-signzone at the same time for zones with DLV records where named is the master server for the zone. Also any zones that contain DLV records should be removed when upgrading a slave zone. You do not however have to upgrade all servers for a zone with DLV records simultaneously. 1982. [bug] DNSKEY was being accepted on the parent side of a delegation. KEY is still accepted there for RFC 3007 validated updates. [RT #15620] 1981. [bug] win32: condition.c:wait() could fail to reattain the mutex lock. 1979. [port] linux: allow named to drop core after changing user ids. [RT #15753] 1978. [port] Handle systems which have a broken recvmsg(). [RT #15742] 1977. [bug] Silence noisy log message. [RT #15704] 1976. [bug] Handle systems with no IPv4 addresses. [RT #15695] 1975. [bug] libbind: isc_gethexstring() could misparse multi-line hex strings with comments. [RT #15814] 1974. [doc] List each of the zone types and associated zone options separately in the ARM. 1972. [contrib] DBUS dynamic forwarders integration from Jason Vas Dias . 1971. [port] linux: make detection of missing IF_NAMESIZE more robust. [RT #15443] 1970. [bug] nsupdate: adjust UDP timeout when falling back to unsigned SOA query. [RT #15775] 1969. [bug] win32: the socket code was freeing the socket structure too early. [RT #15776] 1968. [bug] Missing lock in resolver.c:validated(). [RT #15739] 1966. [bug] Don't set CD when we have fallen back to plain DNS. [RT #15727] 1963. [port] Tru64 4.0E doesn't support send() and recv(). [RT #15586] 1962. [bug] Named failed to clear old update-policy when it was removed. [RT #15491] 1961. [bug] Check the port and address of responses forwarded to dispatch. [RT #15474] 1960. [bug] Update code should set NSEC ttls from SOA MINIMUM. [RT #15465] 1958. [bug] Named failed to update the zone's secure state until the zone was reloaded. [RT #15412] 1957. [bug] Dig mishandled responses to class ANY queries. [RT #15402] 1956. [bug] Improve cross compile support, 'gen' is now built by native compiler. See README for additional cross compile support information. [RT #15148] 1955. [bug] Pre-allocate the cache cleaning iterator. [RT #14998] 1952. [port] hpux: tell the linker to build a runtime link path "-Wl,+b:". [RT #14816]. 1951. [security] Drop queries from particular well known ports. Don't return FORMERR to queries from particular well known ports. [RT #15636] 1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect() a TCP socket. This prevents the source address being set for TCP connections. [RT #15628] 1948. [bug] If was possible to trigger a REQUIRE failure in xfrin.c:maybe_free() if named ran out of memory. [RT #15568] 1946. [bug] resume_dslookup() could trigger a REQUIRE failure when using forwarders. [RT #15549] 1944. [cleanup] isc_hash_create() does not need a read/write lock. [RT #15522] 1943. [bug] Set the loadtime after rolling forward the journal. [RT #15647] 1942. [bug] If the name of a DNSKEY match that of one in trusted-keys do not attempt to validate the DNSKEY using the parents DS RRset. [RT #15649] 1941. [bug] ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642] 1940. [bug] Fixed a number of error conditions reported by Coverity. 1939. [bug] The resolver could dereference a null pointer after validation if all the queries have timed out. [RT #15528] 1938. [bug] The validator was not correctly handling unsecure negative responses at or below a SEP. [RT #15528] 1919. [contrib] queryperf: a set of new features: collecting/printing response delays, printing intermediate results, and adjusting query rate for the "target" qps. --- 9.3.2 released --- --- 9.3.2rc1 released --- 1936. [bug] The validator could leak memory. [RT #15544] 1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530] --- 9.3.2b2 released --- 1930. [port] HPUX: ia64 support. [RT #15473] 1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM. 1926. [bug] The Windows installer did not check for empty passwords. BINDinstall was being installed in the wrong place. [RT #15483] 1925. [port] All outer level AC_TRY_RUNs need cross compiling defaults. [RT #15469] 1924. [port] libbind: hpux ia64 support. [RT #15473] 1923. [bug] ns_client_detach() called too early. [RT #15499] --- 9.3.2b1 released --- 1917. [doc] funcsynopsisinfo wasn't being treated as verbatim when generating man pages. [RT #15385] 1915. [bug] dig +ndots was broken. [RT #15215] 1914. [protocol] DS is required to accept mnemonic algorithms (RFC 4034). Still emit numeric algorithms for compatibility with RFC 3658. [RT #15354] 1911. [bug] Update windows socket code. [RT #14965] 1910. [bug] dig's +sigchase code overhauled. [RT #14933] 1909. [bug] The DLV code has been re-worked to make no longer query order sensitive. [RT #14933] 1905. [bug] Strings returned from cfg_obj_asstring() should be treated as read-only. [RT #15256] 1901. [cleanup] Don't add DNSKEY records to the additional section. 1900. [bug] ixfr-from-differences failed to ensure that the serial number increased. [RT #15036] 1896. [bug] Extend ISC_SOCKADDR_FORMATSIZE and ISC_NETADDR_FORMATSIZE to allow for scope details. 1894. [bug] Recursive clients soft quota support wasn't working as expected. [RT #15103] 1893. [bug] A escaped character is, potentially, converted to the output character set too early. [RT #14666] 1892. [port] Use uintptr_t if available. [RT #14606] 1889. [port] sunos: non blocking i/o support. [RT #14951] 1887. [bug] The cache could delete expired records too fast for clients with a virtual time in the past. [RT #14991] 1886. [bug] fctx_create() could return success even though it failed. [RT #14993] 1884. [cleanup] dighost.c: move external declarations into . 1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug levels. [RT #14962] 1881. [func] Add a system test for named-checkconf. [RT #14931] 1877. [bug] Fix unreasonably low quantum on call to dns_rbt_destroy2(). Remove unnecessary unhash_node() call. [RT #14919] 1875. [bug] process_dhtkey() was using the wrong memory context to free some memory. [RT #14890] 1874. [port] sunos: portability fixes. [RT #14814] 1873. [port] win32: isc__errno2result() now reports its caller. [RT #13753] 1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753] 1867. [bug] It was possible to trigger a INSIST in dlv_validatezonekey(). [RT #14846] 1866. [bug] resolv.conf parse errors were being ignored by dig/host/nslookup. [RT #14841] 1865. [bug] Silently ignore nameservers in /etc/resolv.conf with bad addresses. [RT #14841] 1864. [bug] Don't try the alternative transfer source if you got a answer / transfer with the main source address. [RT #14802] 1863. [bug] rrset-order "fixed" error messages not complete. 1861. [bug] dig could trigger a INSIST on certain malformed responses. [RT #14801] 1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was incorrectly set. [RT #14775] 1858. [bug] The flush-zones-on-shutdown option wasn't being parsed. [RT #14686] 1857. [bug] named could trigger a INSIST() if reconfigured / reloaded too fast. [RT #14673] 1856. [doc] Switch Docbook toolchain from DSSSL to XSL. [RT #11398] 1855. [bug] ixfr-from-differences was failing to detect changes of ttl due to dns_diff_subtract() was ignoring the ttl of records. [RT #14616] 1854. [bug] lwres also needs to know the print format for (long long). [RT #13754] 1853. [bug] Rework how DLV interacts with proveunsecure(). [RT #13605] 1852. [cleanup] Remove last vestiges of dnssec-signkey and dnssec-makekeyset (removed from Makefile years ago). 1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591] 1849. [doc] All forms of the man pages (docbook, man, html) should have consistent copyright dates. 1848. [bug] Improve SMF integration. [RT #13238] 1847. [bug] isc_ondestroy_init() is called too late in dns_rbtdb_create()/dns_rbtdb64_create(). [RT #13661] 1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer . 1845. [bug] Improve error reporting to distinguish between accept()/fcntl() and socket()/fcntl() errors. [RT #13745] 1844. [bug] inet_pton() accepted more that 4 hexadecimal digits for each 16 bit piece of the IPv6 address. The text representation of a IPv6 address has been tightened to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt). [RT #5662] 1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps when CFLAGS contains "-I /usr/local/include" resulting in old header files being used. 1842. [port] cmsg_len() could produce incorrect results on some platform. [RT #13744] 1841. [bug] "dig +nssearch" now makes a recursive query to find the list of nameservers to query. [RT #13694] 1839. [bug] was not being installed. 1838. [cleanup] Don't allow Linux capabilities to be inherited. [RT #13707] 1837. [bug] Compile time option ISC_FACILITY was not effective for 'named -u '. [RT #13714] 1836. [cleanup] Silence compiler warnings in hash_test.c. 1835. [bug] Update dnssec-signzone's usage message. [RT #13657] 1834. [bug] Bad memset in rdata_test.c. [RT #13658] 1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660] 1832. [bug] named fails to return BADKEY on unknown TSIG algorithm. [RT #13620] 1831. [doc] Update named-checkzone documentation. [RT#13604] 1830. [bug] adb lame cache has sence of test reversed. [RT #13600] 1829. [bug] win32: "pid-file none;" broken. [RT #13563] 1828. [bug] isc_rwlock_init() failed to properly cleanup if it encountered a error. [RT #13549] 1827. [bug] host: update usage message for '-a'. [RT #37116] 1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out of memory error. [RT #13537] 1825. [bug] Missing UNLOCK() on out of memory error from in rbtdb.c:subtractrdataset(). [RT #13519] 1824. [bug] Memory leak on dns_zone_setdbtype() failure. [RT #13510] 1823. [bug] Wrong macro used to check for point to point interface. [RT#13418] 1822. [bug] check-names test for RT was reversed. [RT #13382] 1821. [doc] acls definitions are no longer required to be in named.conf prior to reference. They can be defined after being referenced. 1820. [bug] Gracefully handle acl loops. [RT #13659] 1819. [bug] The validator needed to check both the algorithm and digest types of the DS to determine if it could be used to introduce a secure zone. [RT #13593] 1816. [port] UnixWare: failed to compile lib/isc/unix/net.c. [RT #13597] 1815. [bug] nsupdate triggered a REQUIRE if the server was set without also setting the zone and it encountered a CNAME and was using TSIG. [RT #13086] 1810. [bug] configure, lib/bind/configure make different default decisions about whether to do a threaded build. [RT #13212] 1809. [bug] "make distclean" failed for libbind if the platform is not supported. 1807. [bug] When forwarding (forward only) set the active domain from the forward zone name. [RT #13526] 1804. [bug] Ensure that if we are queried for glue that it fits in the additional section or TC is set to tell the client to retry using TCP. [RT #10114] 1803. [bug] dnssec-signzone sometimes failed to remove old RRSIGs. [RT #13483] 1802. [bug] Handle connection resets better. [RT #11280] 1799. [bug] 'rndc flushname' failed to flush negative cache entries. [RT #13438] 1795. [bug] "rndc dumpdb" was not fully documented. Minor formating issues with "rndc dumpdb -all". [RT #13396] 1791. [bug] 'host -t a' still printed out AAAA and MX records. [RT #13230] --- 9.3.1 released --- 1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599] --- 9.3.1rc1 released --- 1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect. [RT #13453] 1808. [bug] zone.c:notify_zone() contained a race condition, zone->db could change underneath it. [RT #13511] 1806. [bug] The resolver returned the wrong result when a CNAME / DNAME was encountered when fetching glue from a secure namespace. [RT #13501] 1805. [bug] Pending status was not being cleared when DLV was active. [RT #13501] --- 9.3.1beta2 released --- 1800. [bug] Changes #1719 allowed a INSIST to be triggered. [RT #13428] --- 9.3.1beta1 released --- 1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should allow parallel make to succeed. 1789. [bug] Prerequisite test for tkey and dnssec could fail with "configure --with-libtool". 1788. [bug] libbind9.la/libbind9.so needs to link against libisccfg.la/libisccfg.so. 1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings. 1786. [port] AIX: libt_api needs to be taught to look for T_testlist in the main executable (--with-libtool). [RT #13239] 1785. [bug] libbind9.la/libbind9.so needs to link against libisc.la/libisc.so. 1784. [cleanup] "libtool -allow-undefined" is the default. Leave hooks in configure to allow it to be set if needed in the future. 1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the source tree. 1782. [port] OSX: --with-libtool + --enable-libbind broke on __evOptMonoTime. [RT #13219] 1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810] 1780. [bug] Update libtool to 1.5.10. 1779. [port] OSF 5.1: libtool didn't handle -pthread correctly. 1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT macros. 1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT macros. 1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT macros. 1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205] 1774. [port] Aix: Silence compiler warnings / build failures. [RT #13154] 1773. [bug] Fast retry on host / net unreachable. [RT #13153] 1770. [bug] named-checkconf failed to report missing a missing file clause for rbt{64} master/hint zones. [RT#13009] 1769. [port] win32: change compiler flags /MTd ==> /MDd, /MT ==> /MD. 1768. [bug] nsecnoexistnodata() could be called with a non-NSEC rdataset. [RT #12907] 1767. [port] Builds on IPv6 platforms without IPv6 Advanced API support for (struct in6_pktinfo) failed. [RT #13077] 1766. [bug] Update the master file timestamp on successful refresh as well as the journal's timestamp. [RT# 13062] 1765. [bug] configure --with-openssl=auto failed. [RT #12937] 1764. [bug] dns_zone_replacedb failed to emit a error message if there was no SOA record in the replacement db. [RT #13016] 1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS even when it failed. [RT #12995] 1761. [bug] 'rndc dumpdb' didn't report unassociated entries. [RT #12971] 1760. [bug] Host / net unreachable was not penalising rtt estimates. [RT #12970] 1759. [bug] Named failed to startup if the OS supported IPv6 but had no IPv6 interfaces configured. [RT #12942] 1754. [bug] We weren't always attempting to query the parent server for the DS records at the zone cut. [RT #12774] 1753. [bug] Don't serve a slave zone which has no NS records. [RT #12894] 1752. [port] Move isc_app_start() to after ns_os_daemonise() as some fork() implementations unblock the signals that are blocked by isc_app_start(). [RT #12810] 1751. [bug] --enable-getifaddrs failed under linux. [RT #12867] 1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly. [RT #12864] 1749. [bug] 'check-names response ignore;' failed to ignore. [RT #12866] 1747. [bug] BIND 8 compatibility: named/named-checkconf failed to parse "host-statistics-max" in named.conf. 1745. [bug] Dig/host/nslookup accept replies from link locals regardless of scope if no scope was specified when query was sent. [RT #12745] 1744. [bug] If tuple2msgname() failed to convert a tuple to a name a REQUIRE could be triggered. [RT #12796] 1743. [bug] If isc_taskmgr_create() was not able to create the requested number of worker threads then destruction of the manager would trigger an INSIST() failure. [RT #12790] 1742. [bug] Deleting all records at a node then adding a previously existing record, in a single UPDATE transaction, failed to leave / regenerate the associated RRSIG records. [RT #12788] 1741. [bug] Deleting all records at a node in a secure zone using a update-policy grant failed. [RT #12787] 1740. [bug] Replace rbt's hash algorithm as it performed badly with certain zones. [RT #12729] NOTE: a hash context now needs to be established via isc_hash_create() if the application was not already doing this. 1739. [bug] dns_rbt_deletetree() could incorrectly return ISC_R_QUOTA. [RT #12695] 1738. [bug] Enable overrun checking by default. [RT #12695] 1737. [bug] named failed if more than 16 masters were specified. [RT #12627] 1736. [bug] dst_key_fromnamedfile() could fail to read a public key. [RT #12687] 1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure. [RE #12688] 1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path. [RT #12588] 1733. [bug] Return non-zero exit status on initial load failure. [RT #12658] 1732. [bug] 'rrset-order name "*"' wasn't being applied to ".". [RT #12467] 1731. [port] darwin: relax version test in ifconfig.sh. [RT #12581] 1730. [port] Determine the length type used by the socket API. [RT #12581] 1728. [doc] Update check-names documentation. 1727. [bug] named-checkzone: check-names support didn't match documentation. 1726. [port] aix5: add support for aix5. 1725. [port] linux: update error message on interaction of threads, capabilities and setuid support (named -u). [RT #12541] 1724. [bug] Look for DNSKEY records with "dig +sigtrace". [RT #12557] 1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493] 1722. [bug] Don't commit the journal on malformed ixfr streams. [RT #12519] 1721. [bug] Error message from the journal processing were not always identifying the relevant journal. [RT #12519] 1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1 negative response. [RT #12506] 1719. [bug] named was not correctly caching a RFC 2308 Type 1 negative response. [RT #12506] 1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative responses when looking for the zone / master server. [RT #12506] 1717. [port] solaris: ifconfig.sh did not support Solaris 10. "ifconfig.sh down" didn't work for Solaris 9. 1716. [doc] named.conf(5) was being installed in the wrong location. [RT# 12441] 1714. [bug] dig/host/nslookup were only trying the first address when a nameserver was specified by name. [RT #12286] 1713. [port] linux: extend capset failure message to say: please ensure that the capset kernel module is loaded. see insmod(8) 1712. [bug] Missing FULLCHECK for "trusted-key" in dig. --- 9.3.0 released ---