1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
|
NSD RELEASE NOTES
2.3.6
=============
FEATURES:
- nsd-notify will retry max 15 times 5 second retries.
- patch from Stephane to allow xfer in parallel added to contrib.
BUG FIXES:
- Bug #105: nsdc lacks locking, fixed locking for root user.
- Bug #134: nsd: make -N <large number> work again
- Bug #135: Typo in locking code for nsdc, fixed.
- uninitialised variable (found in nsd3 debugging) fixed.
- unaligned memory access (on Solaris SPARC, from nsd3 debugging),
in zonec LOC parsing, fixed.
- removed unused named8_stats ptr.
- Bug #138: nsd aborts trying to bind all interfaces if ip6 is not
enabled, instead it will fallback to ip4.
- Bug #139: resync stats to whole period.
- Bug #140: NSD did not clear CD bit on authoritative answers.
- Bug #141: NSD did not clear flags on a formerror reply.
- tsig null ptr when size set, fixed.
- Bug #144: LOC RRtype defaults not according to RFC1876.
2.3.5
=============
BUG FIXES:
- Bug #132: regression, nsd: fix compile with --disable-ipv6
- Makefile: remove gnuisms
2.3.4
=============
BUG FIXES:
- Unknown type codes for type code numbers > 48 and < 97 work again.
(this implies --enable-checking can be enabled again)
- nsd: sighandler() fixes
- Bug #118: nsd: nsd_notify waits for a response. Will retry the notify
after a timeout.
- Bug #124: $(DESTDIR) was added to Makefile.in.
- Bug #128: zonec: parser can handle \\ at the end of a string.
- zonec: lexer: add \r to the newline delimeter
- zonec: use strtol with an explicit base 10 as parameter.
(Scott Rose, Roy Arends)
- nsd-xfer: print human readable error codes. Change logging to
be more in line with the rest
2.3.3
=============
BUG FIXES:
- Apply the correct patch to nsdc.sh.in.
2.3.2
=============
FEATURES:
- Bug #101: add support for the SPF record.
BUG FIXES:
- Bug #100: replaced non-portable use of timegm(3) with
portable implementation (mktime_from_utc).
- Bug #103: nsd: trim the SOA's TTL to the MINIMUM value when returning a
negative answer.
- Bug #104: nsd: add a time_t timestamp to the log when logging to
a file.
- Bug #105: nsdc: use a lock file when rebuilding the database (patch by
Jakob Schlyter/Ted Lindgreen/Sebastian/Ondrej Sury).
- Bug #106: zonec: don't walk all 256 NSEC windows when that is not
needed.
- Bug #107: zonec: fixed a crash when encountering bad unknown rdata.
- nsd: Don't print: "error: nsd is already running as <pid>, stopping"
when in fact NSD continues to run.
- nsd: Minimize the race window in sig_handler().
2.3.1
=============
BUG FIXES:
- zonec: Don't crash when generating error messages outside of zone
files.
- nsd: when logging to a file the pid is now printed.
- nsd: Reset 'boot' time in statistics when reloading the database,
since the statistics are reset to 0 on a reload.
- nsd-xfer.c: Added '-a' option to specify local address to connect
from. Original patch supplied by Walter Hop <nsd@walter.transip.nl>.
- Bug #98: Allow mnemonics for DS and RRSIG algorithm field.
2.3.0
=============
FEATURES:
- DNSSEC is now enabled by default. NSD should be fully
compliant with RFC4033, RFC4034, and RFC4035.
BUG FIXES:
- nsd: Ensure that the number of -a flags does not exceed the
maximum specified by MAX_INTERFACES in config.h.
- nsd-xfer: Use serial number arithmetic (RFC1982) for the
zone serial check
- nsdc: Don't pass (fake) serial number to nsd-xfer if the
zone file does not exist.
- zonec: Loading many zones would cause namedb_find_zone to
slow down, performance patch by Kazunori Fujiwara.
- Bug #96: nsd-xfer did not handle 8-bit domain names
correctly.
2.2.1
=============
FEATURES:
- The message priority is now included when logging to a file.
BUG FIXES:
- Zero length RDATA using the unknown RR notation was not
working (except for the APL RR type).
- Bug #93: './configure' error message containing a comma must
be properly bracketed.
- Bug #94: nsd-xfer: Handle unexpected EOF when receiving AXFR
data. Timeout if no data is received for more than 120
seconds (see the TCP_TIMEOUT parameter in config.h).
- Bug #95: An owner starting with an asterisk label ("*") was
being treated as its own wildcard child.
2.2.0
=============
FEATURES:
- nsd-xfer: replacement program for named-xfer to perform zone
transfers using AXFR. TSIG is supported by nsd-xfer but not
yet by the nsd server. DNSSEC is also supported. TSIG
requires OpenSSL version 0.9.7 or higher, configure using
--disable-tsig if you do not have OpenSSL installed.
Configure using --with-ssl=path if OpenSSL is not installed
at a standard location.
CODE CHANGES:
- New data structure 'buffer_type' for representing binary
buffers that can be read, written, and resized. Data in
these buffers is stored in network byte order. This data
structure replaces the iobuf field of 'struct query'.
BUG FIXES:
- Fixed endian problem in WKS record.
- Protocol can now be specified numerically in WKS record.
- Allow escape sequences (\DDD) in TTL, RR class, and RR type.
- The zone compiler now accepts many more characters in
unquoted strings such as domain name labels. The characters
no longer need to be escaped with a backslash.
- Close included files after reading.
- Maximum TCP message size is now 65535 bytes. AXFR response
packets are still limited to 16383 bytes for optimal
compression of dnames.
- The TSIG key for AXFRs can now also be stored in the file
<zonename>.tsiginfo. This makes it possible to use TSIG
with multiple master servers.
- Signals are no longer blocked while performing I/O so the
server should respond quicker to signals.
- Fixed parsing of LOC rdata. Fractions and altitude were not
handled correctly.
2.1.5
=============
BUG FIXES:
- Bug #90: handle \000 in TXT records correctly
- Fixed undefined behavior in the use of vsnprintf when
logging messages. This caused crashes on Linux/PPC.
2.1.4
=============
BUG FIXES:
- nsdc: Fixed a typo that caused AXFRs to stop working.
2.1.3
=============
FEATURES:
- nsd: The pidfile can be specified using the '-P' option.
BUG FIXES:
- Bug #87: allow @ in the rdata
- Bug #88: allow ::FFFF:ipv4addr in AAAA records
- Bug #89: Count the number of queries received over TCP,
instead of the number of TCP connections.
- Zonec: when - is used as input, set the filename to 'STDIN'.
- The nsdc script handles failed AXFRs more gracefully.
- NSD emits an error when it sees bitlabels (RFC 2673).
- Only copy the CD bit when DNSSEC is enabled.
2.1.2
=============
FEATURES:
- NSD now fully supports unknown record types using the
notation specified in RFC3597.
- Support for the following RR types has been added: WKS, X25,
ISDN, RT, NSAP, PX, NAPTR, KX, CERT, DNAME, and APL. DNAME
special processing is not supported.
BUG FIXES:
- Bug #84: NSD now uses SIGUSR1 instead of SIGILL to report stats.
- Bug #85: Support for WKS records.
- Bug #86: The characters "#%&^[]?" can now be used without
backslash in zone file domain names.
- Plugin callback return type fixed.
- The maximum message length for IPv6 UDP packets is now
limited to the IPv6 minimum MTU (1280) unless the
IPV6_USE_MIN_MTU socket option is supported.
2.1.1
=============
BUG FIXES:
- Bug #81: Handle unknown types correctly.
- Bug #82: Zonec: don't report "0 errors" unless -v is
specified.
- Bug #83: Close zone files after parsing.
- Handle AFSDB RR type.
2.1.0
=============
FEATURES:
- New networking code allows a single server to handle both
UDP and TCP connections. By default up to 10 simultaneous
TCP connections are supported. Use the '-n' flag to change
the default.
2.0.2
=============
BUG FIXES:
- Allow the use of a mnemonic for the algorithm field of a
DNSKEY record.
- Behavior of the zonec -v flag has been modified. By default
zonec will only print a single line with a summary of the
error count.
- Bug #75: Fixed typo in previous "fix".
2.0.1
=============
BUG FIXES:
- Queries for QTYPE DS (DNSSEC) were not handled correctly in
certain cases.
- Partial support for unknown RRs. Known RR types with
unknown RR data format is not yet supported.
- Bug #75: Fixed bad error message when nsdc update is run for
the first time.
- Bug #78: Multiple zones, each with include directives, are
now compiled correctly.
2.0.0
=============
FEATURES:
- Experimental DNSSEC support implemented, but disabled by
default. Enable using the --enable-dnssec configuration
option.
- IPv6 enabled by default. Disable using the --disable-ipv6
configuration option.
BUG FIXES:
- Bug #47: Domain name is now logged when a notify is
received.
- Bug #70: First include all A records in the additional
section, followed by AAAA records.
- Bug #77: Check length of domain name and label.
- LOC records are supported again.
1.4.0-alpha1
=============
FEATURES:
- New database format that is much more compact and portable
across architectures.
- The new zone compiler is now the default and the old zone
compiler has been removed.
- Name compression is done dynamically, removing one other
difference with BIND in the responses generated (the full
query name is now used for compression).
- CNAME target records are now generated from wildcard
records if necessary.
REGRESSIONS:
- mmap(2) isn't currently supported.
- Not all RR types are supported by zonec (such as LOC).
1.3.0-alpha1
=============
FEATURES:
- New name lookup algorithm. This required a change to the
database format. Performance should increase at the expense
of database size and memory usage.
- New zone compiler (zonec2) based on flex and yacc, fully RFC
compliant (still in alpha).
- Database can be loaded using mmap(2) (use the --enable-mmap
configure option to enable). This is useful on operating
systems such as Solaris that do not allow memory overcommit.
- Region based memory allocation and resource management.
- New internal format for storing domain names. Each dname
now includes an array of label offsets within the domain
name.
- Updates to the plugin API.
BUG FIXES:
- Bug #65: The syslog facility is now a compile time option
(--with-facility=FACILITY). The default facility is DAEMON.
- Bug #66: Automatic periodic dumping of the statistics (using
the -s option) is now continued after a database reload.
1.2.4
=============
BUG FIXES:
- Bug #72: If an RRset for a child domain is defined before
the RRset of the parent domain the parent's RRset would be
"lost".
1.2.3
=============
BUG FIXES:
- Bug #65: The syslog facility is now a compile time option
(--with-facility=FACILITY). The default facility is DAEMON.
- Bug #66: Automatic periodic dumping of the statistics (using
the -s option) is now continued after a database reload.
- NSD would try to kill pid -1 on startup if forking of a child
process failed.
- Do not log EAGAIN errors on calls to recvfrom. These errors
should be harmless.
1.2.2
=============
BUG FIXES:
- Bug #59: NSD returns FORMERR when the query name is >= 246
bytes.
- Bug #60: Zonec runs out of file descriptors with many zones.
- Bug #61: nsdc uses /bin/sh hardwired (and should not).
- Bug #62: NSD is not able to log to a file.
- Bug #63: nsdc update and zonec are too tallkative.
- Bug #64: Answer for request of a host resolved by a
wildcard-resource-record is not understandable by dig.
1.2.1
=============
BUG FIXES:
- AXFR terminates early if a zone containa a CNAME pointing
the the zone's domain name (SOA record) (bug #56).
- During an AXFR memory above the top of the stack was
accessed. This could lead to occassional AXFR errors (bad
packets).
- NSD now prints its version number and exits when invoked
with the -v flag (bug #57).
- NSD prints help information and exits when invoked with the
-h flag.
1.2.0
=============
FEATURES:
- NSD is now a single parent process (handling child
termination and database reloads) plus multiple UDP and TCP
child processes handling queries. Before the parent process
also handled UDP queries. This change simplifies the parent
and child processes and allows the use of multiple
concurrent UDP servers.
- Experimental plugin support. This required a minor,
incompatible change to the database format. Make sure you
recompile your database. Use --enable-plugins to enable.
- Full IPv6 support (for multi-homing and for Linux, thanks to
Colm MacCrthaigh and Jun-ichiro itojun Hagino). Use
--enable-ipv6 to enable.
- Support for multi-homing with TCP connections.
- Support for SunOS 4.x has been dropped.
CODE CHANGES:
- NSD should now conform to the Single Unix Specification
(http://www.unix.org/).
- Const correctness for strings and some other data types.
- Removed code for Berkeley DB, hash tables, and mmap(2).
- Separate preprocessor flags from code flags (CPPFLAGS and
CFLAGS).
- Use uint8_t instead of u_char, uint{16,32}_t instead of
u_int{16,32}_t.
- Fixed warnings from mixing signed and unsigned types.
- Use sigaction(2) instead of signal(2).
- The query_process function has been split up for clarity.
BUG FIXES:
- CHAOS TXT queries failed on big-endian machines.
- Portability fixes for Tru64 (thanks to Stephane Bortzmeyer),
HP-UX, and MacOS X (thanks to Ronald van der Pol).
- Removed compile time limit on maximum number of TCP child
servers.
- Support for debugging UDP and TCP queries.
- Always ensure there is enough room for the EDNS record when
answering a query with EDNS enabled.
1.1
=============
FEATURES:
- ANSI C
- autoconf/configure
- new parser
- support for various RR types in zonec
- support for UNKN RR types
BUG FIXES:
- lots of zone parsing errors eliminated
- empty node matching bug gives NXDOMAIN
1.0.3
=============
This release is a bug fix release and does not add any new features.
BUG FIXES:
- Ignore SIGPIPE errors (bug #43).
- Keep track of TCP child servers and restart if necessary.
(bug #55)
- Handle database reload failures correctly.
- Close UDP sockets in TCP child servers.
- Handle escaped characters (besides \.) in labels.
- Preserve the query's RD flag in the answer.
1.0.2
=============
FEATURES:
- -DBIND8_STATS to enable bind8 like [NX]STATS
- -t flag to make nsd chroot to a certain directory
- -s flag to make nsd produce statistics every s seconds
- /etc/nsd/nsdc.conf to overwrite default variables
for nsdc.sh
- less loggin and more radical tcp connection (mis)handling
- prefork -n processes to handle tcp connections
- multiple -a flags
CHANGES:
- named.stats file functionality is removed
BUG FIXES:
- couple of pedantic fixes in C code
- last zone in database axfr bug fixed
- nsdc update wont update bug fixed
1.0.1
=============
FEATURES:
- NSD drops permissions after binding the sockets
- ``cache'' zones are no longer allowed
- ID.Server & Version.Server compile time options
- AXFR implemented (with tcpwrapper for access control)
- nsdc update and nsdc notify functinality
- using named-xfer with TSIG for inbound axfr
CHANGES:
- the order of records in the database is from now
on significant
- since Berkeley DB doesnt define order for sequential
access it is no longer supported
BUG FIXES:
- white space problem in zonec is fixed
KNOWN BUGS:
- please see appropriate man pages for the known bugs
1.0.0 RELEASE
=============
KNOWN BUGS:
- Although NSD allows one to configure a zone without SOA record and
use it as so called ``cached'' non-authoritative data, it is decided
that having this functionality is wrong, dangerous and will be removed
from the further versions.
- If while processing EDNS(0) OPT record NSD encounters bad EDNS(0)
version it will answer with Format Error instead of EDNS(0) BADVERS
PLATFORMS:
Tested and working on i386 FreeBSD-4.4, i386 Linux, dec alpha Linux,
sparc SunOS 4.x
1.0.0-BETA2
===========
FIXES:
- wildcards bug fixed
- AA bit for class ANY bug fixed
- minor coredumps with really broken zones in zonec fixed
- linux & SunOS port
1.0-ALPHA2
==========
FIXES:
- IPv6 transport support added by Jun-ichiro itojun Hagino (Use -DINET6)
- Makefile modified for easier compile time configuration
- EDNS(0) bug fixed
- Default database changed to all lowercase, red-black tree to make nsd
DNSSEC ready
- REQUIREMENTS are cleaned up and updated
- Signal names changed in nsdc.sh.in
- Default compile options dont include -DMIMIC_BIND8
|
