################################################################################
#
# Copyright (c) 2011-2025, EURid vzw. All rights reserved.
# The YADIFA TM software product is provided under the BSD 3-clause license:
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
#        * Redistributions of source code must retain the above copyright
#          notice, this list of conditions and the following disclaimer.
#        * Redistributions in binary form must reproduce the above copyright
#          notice, this list of conditions and the following disclaimer in the
#          documentation and/or other materials provided with the distribution.
#        * Neither the name of EURid nor the names of its contributors may be
#          used to endorse or promote products derived from this software
#          without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
################################################################################

20250311:
    YADIFA 3.0.2

    Fixes builds for more architectures.


20250214:
    YADIFA 3.0.1

    Fixes builds on 32 bits architectures.

    Fixes an issue that would occur on ARM architectures.

    Fixes 64 bits time handling.
        Adds TIME64 support to CMake (-DTIME64:BOOL=ON adds _TIME_BITS=64 to the defines)
    

20241211:
    YADIFA 3.0.0


    Adds support for the OpenSSL 3.x API

    Adds the DNS-extension interface that allows an developer to create its own DNS types/class with some limitations

    This version comes with the CMake build that we've been using internally along with unit tests.

    Adds purely experimental support for post-quantum safe signatures. This feature requires libocs >= 0.11.0 and is an option for CMake builds.
	On a CMake build, add -DOQS:BOOL=ON during configuration.
	More details incoming about this.


20240626:
    YADIFA 2.6.7

    Adds -fno-strict-aliasing to the build options, fixes -flto

20240507:
    YADIFA 2.6.6

    Fixes an issue in the resource rate limiter that could crash the server on some condition.

20230213:
    YADIFA 2.6.3-public

    Fixes an issue where the answer to a DNSSEC query to a wild record right below the apex in a DNSSEC3 zone would not return all the relevant NSEC3 records

    Fixes an issue where the answer to a DNSSEC query to a wild record in an NSEC zone would incorrectly use the name of the query in the answer

    Fixes an issue where NSEC3-owning labels were not compressed

    Complies with Fedora https://fedoraproject.org/wiki/Changes/PortingToModernC (see m4/contributions/20230118-fedora-toolchain-porting-to-modern-c.patch)

20221209:
    YADIFA 2.6.2-public

    Fixes an issue trying to link the backtrace call while building yadifad on FreeBSD

20221130:
    YADIFA 2.6.1-public

    Fixes an issue where the answer of an TSIG-signed IXFR query over an undefined domain would not be properly signed.

    Fixes an issue building for big-endian architectures.

20221004:
    YADIFA 2.6.0-public

    The server can optionally load the locally stored zone before asking for the last version to its primary (load-local-first)

    The server now avoids storing temporary zone transfer images to disk if the zone is small enough (axfr-memory-threshold)

    zone transfers source address can now be specified in the configuration (transfer-source)

    The server now allows to sign a zone using only zone signing keys.

    Fixes online chain generation started from an zone that is not covered by DNSSEC.

    Fixes an issue where a generated DNSKEY could be missing smart fields if the storage became full right before they needed to be written.

    Fixes an issue that could occur using EDDSA on big-enough data sets.

20220228:
    YADIFA 2.5.4-public

    Fixes an issue handling CNAME records.

20211025:
    YADIFA 2.5.3-public

    Fixes a critical issue that could cause yadifad to crash handling certain DNS packet with privileged access.

20210929:
    YADIFA 2.5.2-public

    Fixes a critical issue that could cause yadifad to crash handling certain DNS packet with privileged access.

    Fixes an issue where a corrupted configuration file could lead to a crash while starting-up.

20210924:
    YADIFA 2.5.1-public

    Fixes a critical issue that could cause yadifad to crash handling certain DNS packet.

    Fixes an issue where yadifad would sometimes reply with an AXFR instead of an IXFR if the journal is under maintenance.

    Increased the pid column in the logger to 6 characters

    Drastically increased the limit for TCP queries.
	Note that using a high enough number compared to the available memory will cause yadifad to warn about limits and OOM kill risks.
	In practice a few hundred TCP queries should be enough.

20210602:
    YADIFA 2.5.0-public

    Adds a new, friendlier, TCP manager. When enabled, TCP connections aren't closed harshly after some time has elapased without any activity.

      In a nutshell:

        It is enabled using --enable-tcp-manager.
        It works using a quota of allowed parallel connections per host. There is one value for the registeres hosts and one for unknown hosts.
        All defined primaries are automatically added to the TCP manager as registered hosts.
        The server's local addresses are automatically added to the registered hosts.
        The default timeout is set to 3 seconds but doesn't imply a connection will be closed : only that it is a candidate for being closed.

    EDDSA support has been enable.

    Sending a TCP message now uses a single system call (message_send_tcp)

    Fixes an issue in some FreeBSD setups where UDP messages couldn't be sent by YADIFA.
    Fixes an issue in FreeBSD where TCP connections would sometimes be closed too quickly.
    Fixes an issue where failed dynamic updates prerequisites would return SERVFAIL instead of the more accurate error code.
    Fixes atomic usage for older C compilers.
    Fixes an issue where some RRSIG records may not be updated in time if they happened to have their update bundled with NSEC3 records updates while the incremental change could not be immediately written in the journal.
    Fixes the yadifa keygen module to understand "help" as a command and not as a domain.

20210223:
    YADIFA 2.4.2-public

    Fixes an issue where records below delegation are not ignored (https://github.com/yadifa/yadifa/issues/12).
    Fixes an issue in the _mm model where shutting down while still initializing may not stop properly.
    Changes default user/group to 'yadifa' user in example configuration.
    Fixes an issue with autoconf 2.70 obsolete functions.
    Fixes an issue where an unknown key configured in a zone acl may lead to a crash.
    Fixes an issue where an query without EDNS involving ACLs using optional keys would incorrectly be rejected.
    Fixes an issue where a network thread with a failed context would incorrectly have its context deleted.
    Adds a feature to yadifad to ensure that the dates in the key-roll section can be successfully applied for the next 10 years (--check-policies).
    Added support for primary and secondary variant options.
    Fixes builds for gcc 11.

20201209:
    YADIFA 2.4.1-public

    Fixes an issue in dnscore where a DNS TCP query would not return the real DNS error code.
    Fixes an issue that could happen when a network model isn't supported.
    Fixes the propagation of sendmmsg/recvmmsg function availability detection.
    Fixes an issue where yadifad would issue a warning when a key with algorithm > 7 is used with an NSEC zone.
    Fixes an issue that will occur on a chrooted environment where a managed-path would be used incorrectly.
    Fixes CNAME answers not following the aliases chain.
    Fixes CNAME recursion not returning the same answer as named in NXDOMAIN cases (reported by https://github.com/SivaKesava1, see https://github.com/yadifa/yadifa/issues/11)

    Adds patch for musl support (from https://github.com/kolbma, see https://github.com/yadifa/yadifa/issues/9#issuecomment-723047226)
    Adds stack size fix for musl support (the default size is way too small)

    Now imports a custom version of stdatomic.h for systems where it is missing, located in dnscore/thirdpary/stdatomic.h
	Made for CentOS 7 and any other release where that file is missing.
        The import is only active if strictly needed and will only be visible during the build.
	At the moment, it is not being installed with the other headers.
	The original source of the file was taken from https://gist.github.com/nhatminhle/5181506

    YAKEYROLLD 2.4.1

    Fixes the handling of incomplete TCP queries.
    Fixes a possible race-condition when initialising the keyroll context error codes.

    The keyroll now has another automatic recovery layer where it completely restarts the handling of a domain, generating a one-step update to put the zone in the expected state.

20201012:
    YADIFA 2.4.0-public

    Fixes an issue that could happen with multiprocess logging.
    Fixes an issue parsing a *. domain.
    Improves support for LibreSSL.
    Added contributions directories with community-provided patches.
    Readied the source for the release.

    Many changes have been made since version 2.3.x.
    
    Please read the manual for more information.

    YAKEYROLLD 2.4.0

    Since version 2.4.0, yadifad optionally allows dynamic update of RRSIG records.
    The external key managing tool using this feature is being released along with it.
   
    Please read the manual for more information.

    YADIFA CTRL 2.4.0

    The updated version of the command line controller has been made more user-friendly.

    Please read the manual for more information.

20200722:
    YADIFA 2.4.0-67

    Default listen is now "0.0.0.0,::0"
    Added "do-not-listen" feature to avoid conflicts with systemd-resolved, default is empty.
    Added --enable-systemd-resolved-avoidance in the configure script to change the default of "do-not-listen" to "127.0.0.53 port 53"
    Zone file reader now decodes \ddd tokens.
    Text zone parsing is now more lenient in what it accepts: unescaped @ and $ in a domain will be read as '@' and '$', with a warning.
    Improves the configuration update by keeping a timestamp of all files involved and checking they have been modified.
    Logger configuration can now be reconfigured during runtime.
    In the event of an incorrect reconfiguration of the network, yadifad will periodically try to reconfigure itself reading the configuration files.
    
    Fixes a potential issue in NSEC3 replying.
    Fixes TXT parsing issues.
    Fixes a leak with the chroot remapping when reconfiguring.
    Fixes a leak processing the command line.
    Fixes a leak in the policies configuration.
    
20200630:
    YADIFA 2.4.0-64

    Network setup errors will now stop yadifad if they occur during the first configuration.
        If they occur during a reconfiguration the error will be logged every minute instead of every second.

    Fixes DSA API usage with OpenSSL 1.1.0
    Fixes an other side effect of FreeBSD's process-shared mutexes where a thread waiting on a condition wouldn't always be woken up.
    Fixes IPv6 handling in FreeBSD.
    Fixes an issue where the logging could lock when daemonizing.
    Fixes the build-time-configuration paths when using cmake.
    Fixes an issue where a sync clean command would not delete the journal if the zone wasn't dynamically updated since the start of yadifad.
    Fixes an issue where the size of the buffer given for a message would be slightly bigger than needed.
    Duplicate but identical definition of a TSIG key are nolonger considered an error.
    Increased the log output handling control commands (mostly error conditions)

    yadifa ctrl:
        The fqdn isn't set by default anymore (it used to be '.' by default)
        Adds the "freeze", "thaw", "unfreeze", "freezeall", "unfreezeall" and "thawall" friendly keywords to yadfia ctrl.
        Adds the "notify" command.
        The FQDN has no default value anymore.
        Fixes the friendly parsing of the command line.
        Fixes several minor issues with the console output of the command line.

20200608:
    YADIFA 2.4.0-52
    	This is version is going to production as primary and for public release.

	Fixes limit case issues giving NSEC3 answers for some zone structures (mostly *, * + CNAME)
	Fixes an issue where the packet reader may not allocate enough room for SOA records (found in yakeyrolld) 
	
    YKEYROLL-1.0.5-4
    	This is version is going to production as primary and for public release.

	Fixes the handling of more limit cases (broken setup).

20200515:
    YADIFA 2.4.0-51
        In an effort to find issues using different tools, the code has been partially ported to compile in Visual Studio 2019. (Doesn't run)
		The code analyser from Visual Studio 2019 reported 290 potential issues, 5 of which were valid (understand: errors) and not reported by other analysers.
		We have used a mmap.c MIT-licensed code from github to help in this task. We'll have to decide to keep it or to write ours when we will do a Windows release.
	Adds a DNS pcap analyser tool to measure DNS traffic from a network pcap file. Used to find why so many packets were lost in the benchmark.
		(resut: The benchmark tool was broken.)
	Adds a --disable-filepool-cache build configure option.
	Logs clarity has been improved.
	Improved usability: <main> network-model option can now use words instead of just numbers, respectively: single, buffered, multi for 0, 1, 2.
	
	Fixes an issue that could occur in the logger service with some settings.
	Fixes an issue in the new network model.
	Fixes a memory leak that could occur in the cirular_file layer of the journal.
	Fixes a memory leak that could occur in the journal depending on the reason it was closed.
	Fixes a memory leak that could occur at shutdown while destroying a file pool.
	Fixes an issue where trying to print a corrupted fqdn (e.g.: random bytes) could have an undefined behaviour.
	Fixes an issue using the drop-before-load feature where the memory of the previous zone would not be completely freed yet before the new version of the zone started to load.
	Fixes a race condition that could occur while detaching stdout/stderr from console.
	Fixes missing AA flag in  primary notification.
	Fixes a rare issue where a signal could block the logger.
	Fixes TSIG-covered answers of an unsupported opcode.

    YKEYROLL-1.0.5-3
	Fixes the handling of several limit cases (all coming from a broken, corrupted state).

20200320:
    YADIFA 2.4.0-50
	Efforts have been made to reduce the memory usage in the case where a lot of specific listening addresses are defined.
	A new network-model taking advantage of the multiple-send/receive of some kernels has been added. (recvmmsg, sendmmsg)

	Back-ported gcc-10 compatibility fix from the main development branch (trunk)
		This issue was reported by several distributions already using the yet-to-be-released gcc-10 (We are using gcc-9)

	Adds the tcp_manager for experimentation (an alternative way to keep track of opened TCP connections).

	Fixes a potential memory leak that could sometimes happen freeing NSEC3 records without removing their attached RRSIG first.
	Fixes FreeBSD 12.1/libressl build issue.

    YKEYROLL-1.0.5-2
	Now handles SIGHUP to reopen the log files.
	Imrpoved the command line options help.

20200212:
    YADIFA 2.4.0-49
	This version is going for production.

	Fixes an issue with signature expiration value where the time was sometimes incorrectly taken from the oldest key.
	The RRL tables are now growing faster in order to avoid wasting resources.

    YKEYROLL-1.0.4-2
	This version is going for production.

	Now keeps the expected starting point and end point for all steps.
		This is used to verify the state before and after each update.
	Now has a "print" mode that logs the "plan" out (logs all the known steps).

20200128:
    YADIFA 2.4.0-48
	New nameserver infrastructure update.

	In <main>, adds a log_files_disabled flag to disable checking the log-path directory for existence and writing rights.
		Without this, yadifad would refuse to work without a proper log output directory like we have on our SELinux setup.

	Fixes an issue that would occur if SELinux would reject a write operation with EPERM to a socket we have succesfully opened for writing.
        	yadifad would not complain and end-up hammering both the socket creation and the logs

	Fixes an issue that would occur if SELinux would reject a read operation with EPERM on a socket we have successfully opened for reading.
		This happens, notably, the notify service, producing a lot of log lines.
        	Now such an issue will make yadifad pause for one second.

20200106:
    YADIFA 2.4.0-45
	Fixes an issue where having no ZSK would trigger a useless maintenance pass.
	Fixes an issue where notifies could stop being sent when their queue was full. (New dynamic queue used at minimal increased CPU cost for this part)
	Fixes an issue where reopening or syncing would have their effect delayed.
	Fixes an issue that could occur for DSA T parameter deduction from a public key.

	Made the command line more friendly using the new features from dnscore.
	
    YKEYROLL 1.0.3-0
	Now filters-out publish and unpublish meta lines.
	Fixes an issue where retrying to send a message to an unresponsive server could have the message content reset.

20191120:
    YKEYROLL-1.0.2-3
	This version is going for production.

	Adds switching to a uid/gid set in the configuration file (must be set to the same as yadifad).
	Adds process mutual-exclusion for plan generation.
	Improves shutdown speed.
	Reduces logging.

20191118:
    YADIFA 2.4.0-43
	Fixes an issue where enabling key activation leniency would incorrectly enable deactivation leniency.
	Fixes an issue where redundant signatures would be kept longuer than needed.
	The journal name for the root zone will now be root_zone.cjf (only one dot) intead of ..cjf, as that name was troublesome.
	
    YKEYROLL-1.0.1-9
	This version is going for production.

	Can now work in a loop without detaching from console.

20191106:
    YADIFA 2.4.0-42
	This version is going for production.

	Issues found by CLion's code inspector fixed or marked as invalid.
	Downgrades several "error" into "notice".
	More generally, an effort has been made to reduce the log size.
	Setting a policy field with an incorrect value will now log an error instead of stopping yadifad.
	Slave zones don't run sanitization anymore, as the primary is "right".  This avoids thight rules being counter-productive in production environments.

	Fixes an issue that would occur if an update happens at tahe same time as the removal of a DNSKEY when a maintenance has started.
	Fixes an issue where the authoritative bit coudl be flipped off in some operations.
	Fixes an issue where removing and adding the same record in a single update would incorrectly drop its signature.
	Fixes an issue where a secondary receiving an inccorrect IXFR stream (specifically: finishing on an incomplete page) would not reject the broken page.
	Fixes an issue where a primary would cut an IXFR page in half if a shutdown was triggered while the page was being read from the journal.
	Fixes an issue in the policy date computation that could lead to a time period without signature coverage.
	
20191010:
    YADIFA 2.4.0-41
	Fixes typos.

    YKEYROLL-1.0.0
	Improved error codes returned by the keyroll policies.
	Fixes an error that could occur parsing a corrupted step file.

20190927:
    YADIFA 2.4.0-40
	Adds a tool to append an IXFR in text form (so, from a dig command) to a journal.
		This is an unfriendly pure dev tool meant to create some tests scenarii.
	The cjf-scan tool, used to print the content of a journal, can now print its content in a way similar to the dig command.
		Simply use the "-clean" command line option before the journal file name.

		Both the above tools mean that a journal can be dumped as text, edited then re-created as binary.
		Although not initially created for this purpose, it can be a powerful fix tool.
	
	Fixes the "11:04" issue. It was triggered by an optimisation not being handled on all exit paths of the maintenance function, potentially leading to a buffer overflow.
	Fixes an issue in the journal:
		If the first update written into a dynamically sized journal is bigger that the default size of the journal (64KB) then yadifad incorrectly tries to shift-out
		content to make room, which it obviously cannot do.

20190920:
    YADIFA 2.4.0-39
	In <main>, adds axfr-strict-authority option.  Defaulted to enabled unless yadifad was built-configured using --enable-non-aa-axfr-support.
	Improves TXT parsing (github/ JZerf).
	Fixes an potential crash on SIGHUP if the zone loader calee gives an incorrect answer (github/kolbma).
	Fixes an issue where a UDP query with invalid return address (port 0) would trigger an EINVAL leading yadifa to shutdown the thread.
	Fixes an issue with IPv6 aliased replies. Depending on the OS/release the value could be wrong.  The fix tries several options.
		This has been tested on several Debian and RedHat variants and seems to work properly.

20190919:
    YADIFA 2.4.0-38
	note: Serial bump due to issues during rpm packaging.

	Reduces the number of warnings triggered by type bitmap fixes. Now only prints one and leaves the rest available as debug.
	Contains code to track the "11:04" issue and verify the hypothesis of its cause.

20190913:
    YADIFA 2.4.0-26
	Timestamp in dns-udp are now human-readable.
	Writing a zone as text now computes and updates the approximate wire size for the zone (AXFR/IXFR trigger accuracy)
	yadifad now replies to ENDS# bad format.

	Fixes an issue in dns-udp where the message size would not be reset on the received side.
	Fixes an issue in dns-udp where the rate-limiter would fire before a message would be checked for actual IO (aggregated queries).
	Fixes an issue in dns-udp where a very slow call-back would slow down the processing part of the receiver enough to trigger a timeout of the query.
	Fixes a warning that would be shown for keys being both NSEC and NSEC3.
	Fixes an issue where the '#' character was incorrectly set as a zone comment.
	Fixes an issue where a journal with an invalid character in a name would trigger an infinite error loop (until program shutdown).
	Fixes an issue where a DNSKEY dynamic update coming with an RRSIG push could fail under certain conditions.

	Fixes some typos.

    YKEYROLL-beta
	Improves error reporting.
	Allows different configuration files.
	Fixes corrupted plan handling.
	Updates the configuration example.
	Correction updates are now merged in a single step, then played.
	Added error-retries-cases in daemon mode.
	Added a --timeus-offset parameter (not publicly documented) to lie about the current time.
	Added a --dryrun parameter.
	Fixes an issue handling key duplicates.

20190627:
    YADIFA 2.4.0-25
	Fixes an issue where a corrupted journal would prevent a secondary from working.
	Fixes an issue replaying NSEC3 chain changes as a secondary that could occur when a discrepancy was found.
	If a corrupted journal is found, yadifad now renames it adding ".bad" to its name.

20190613:
    YADIFA 2.4.0-24
	Adds safeguards for the logger shutdown.
	
	FreeBSD 12.0 issue diagnostic:
		There was an elusive issue occurring only on FreeBSD 12.0 related to shared mutexes.
		After posting an the issue anonymously with a proof-of-concept code, it turns out it was bug in FreeBSD:

		An unlocked mutex is still being accessed by the thread library right after the effective unlock has occurred.

		yadifad destroys a structure containing mutexes right after it is unlocked for the last time.

		FreeBSD has issued a fix, but at the moment the fix appeared to have side effects.
		This may have been us not rebuilding "world" properly (First time we do this), or it may be that the patch wasn't complete at the time.
		The matter is closed as far as yadifad's source code is concerned so this is something to watch after the next FreeBSD update.

	Added the "freebsd12-test" proof-of-concept code in the test section of the code.

	Adds the IP_MTU_DISCOVER IP_PMTUDISC_OMIT patch:

	patch received 20190323 from daisuke.higashi@gmail.com

	/*
	 * Linux 3.15 has IP_PMTUDISC_OMIT which makes sockets
	 * ignore PMTU information and send packets with DF=0.
	 * Fragmentation is allowed if and only if the packet
	 * size exceeds the outgoing interface MTU or the packet
	 * encounters smaller MTU link in network.
	 * This mitigates DNS fragmentation attacks by preventing
	 * forged PMTU information.
	 * FreeBSD already has same semantics without setting
	 * the option.
	 */

	Added sereral fixes for NetBSD builds.
		Ultimately, NetBSD declares but does not implement PSHARED.
		This makes that platform unusable for the moment.

	Logs have been improved (level & verbosity, some have been downgraded to debug).

	Improves command-line help.

	Internally, INVALID and UNPROCESSABLE messages are now seen as the same error.

	In <main>, added log_unprocessable boolean to add a warning log for bad DNS messages.

	If yadifad is not started as root but requires elevated privileges in order to bind an addess, it will stop.
	
	Fixes build on older sytems (FreeBSD).
	Fixes an incorrect warning message related to TSIG.
	Fixes an issue with garbage collection at shutdown.
	Fixes an issue that would occur if the signature max-interval was set high enough to end up in an integer overflow.
	Fixes an issue where newly added keys would not always be taken into account in the computations.
	Fixes an issue where the nttl cache could overflow.
	Fixes an issue in the path provider of yadifad where an empty secondary zone file setting could lead to a NULL pointer reference.
	Fixes an issue where the KSK public key would not be stored, losing the flags of the key as seen by libdnscore.
	Fixes an issue in dns-udp that would occur when TCP fails with a DNS error.
	Fixes an issue in dns-udp where the thread_pool destruction order could trigger some issues.
	Fixes an issue where a TCP read time-out from a client (thus when the server is sending) could lead to an indefinitely held connection.
	Fixes an issue that could happen in the RRL, leading to the current state pool being misused.
	Fixes an issue where an error code sent from the socket server would nto be interpreted correctly.
	Fixes an issue in the text parser that was being tripped in the yakeyrolld.
	Fixes an issue where asking the help from the command line would return to the shell with a non-zero value.
	

    YKEYROLL-alpha
	Code commited in alpha state to avoid potential issues related to a certain event.

	The new keyroll software is being written in C.
	It is based on the YADIFA framework.
	It's main features are:
		_ cron-like timings,
		_ KSK/ZSK separation,
		_ RRSIG push usage,
		_ one event per file and one file per event,
		_ integrity milestones,
		_ extension of the time-line on demand.

20190326:
    YADIFA 2.4.0-23
	Added autogen.sh in the make dist.
	Improved yadifad startup so that simply asking for its version would not go through service start.
	Improved AXFR log messages: now showing the peer's IP address.

20190322:
    YADIFA 2.4.0-22
	EDDSA is known but not handled. (EDDSA handling code is in the 2.5.x branch)

	Sanitization now checks for DNSKEY matching RRSIG records.

	Fixes an issue where yadifad would abort in a specific condition:

		A zone that allows RRSIG pushed by dynamic updates
		with a bunch of inactive ZSK keys available, one of them still in the zone
		with said inactive ZSK key in the zone having signature expiring after its deactivation date AND in the future
		with an active key in the zone that does not expire and is fully usable (key pair available)
		with a single KSK key in the zone that has no private part available ...

		... was considered fubar and triggering an emergency stop (ending up in an abort())

	Fixes an issue handling BigNum from OpenSSL being sometimes smaller than expected.
	Fixes a double-free issue (crashed yadifad the 20190311).
	Fixes an issue that would occur on a secondary when the journal is too small to work optimally.
	
	Added a "dsfromkey" in the test section, to be added in the command line later

20190218:
    YADIFA 2.4.0-21
	Fixes an issue where killing yadifad while thread creation is in limbo would not work.
		yadifad will now ignore all signals until notify service thread is up and running (thus outside of limbo)
	Fixes an issue where policies would be tried on non-policed zones.

20190213:
    YADIFA 2.4.0-19
	Improves CPU usage by inlining several small domain-related functions.
	Sanitization now occurs only once, after the journal has been replayed.
	Code marked as obsolete has been removed.
	Fixes an issue where an internal update message woudln't be properly initialised.
	Fixes an irrelevant warning when "publish" equals "active" or "inactive" equals "delete" in a DNSKEY key.
	Fixes embedded delegation issues.
	    _ Sanitization complaining about wrong glue resource records in embedded delegations
		_ Sanitization complaining about unexpected signatures in embedded delegations
		_ Internal state is now correctly set.
	Fixes a policy issue where a DNSSEC chain would not be added if the DNSKEY was not already generated and added.
	Fixes an issue where removing an RRSIG covering a type could sometimes invalidate an RRSIG covering another in the same domain.
	Fixes an issue where a query that would return an RDATA with a '.' domain and require additionals, would trigger a memory underflow with undefined results.
	Fixes an issue that could occur when replaying NSEC3 updates from the journal.
	Fixes dnssec-policy NSEC chain generation that could not be completed because of an interference by the internal integrity tests.
	Fixes an issue with NSEC3 type bitmap handling that would occur on an empty broken zone without RRSIG records.
	Fixes an issue where reading corrupted messages would not be handled properly.
	Fixes an issue where the illegal addition of a DS resource record would not be handled properly.

20190205:
    YADIFA 2.4.0-18
	Signature verification now has an abstract API (easier extension to future algorithms e.g.: EDDSA).
	Added our own zone test program. This includes signatures verification.
		It's in the test section and the feature should be moved inside the command line later.
	Fixes an issue where deleting a DNSKEY in a dynamic update would not be handled properly.
	Fixes an issue where removing an RRSIG in signature maintenance would not change the type bitmap in the associated NSEC3 record.
	Fixes an issue where maintenance would remove an RRSIG for a replacement (exchange) that could not be created (e.g.: private key missing).
	Fixes an issue managing a zone with an NSEC3PARAM record but no NSEC3 chain.
	Fixes an issue where NSEC3 chain recomputation could be called before RRSIG changes would be known.
	Fixes an issue where stopping yadifad while it started a signature thread (in a window of a few instructions) would trigger an assertion.
	Fixes an issue where dnssec-policies could conflict with RRSIG pushed with a dynamic update.
	Fixes an issue parsing records with a class ANY in update messages.
	
20190109:
    YADIFA 2.4.0-17
	Added a test for the keyroll feature (test section).
	Key creation time is now systematically set in newly created keys.

20181122:
    YADIFA 2.4.0-11
	Fixes handling of several limit cases in chain updates (that should never happen in a sane system).
	Fixes some minor memory leaks.
	This is the first release that is meant to prevent DNSKEY with incorrect "smart" setup making yadifad trying to take them at every occasion (e.g.: dynamic update).

20181122:
    YADIFA-2.4.0-10
	Made to caters for the needs of an internal project.

20180802:
    YADIFA 2.4.0-1
	Fixes all fixable -Wextra warnings (that ar not in -Wall for some reason)
	One of these warnings would have showed the suprise-issue with the ACL ...
	These fixes needs to be thoroughly tested before being used on anything production.

20180725:
    YADIFA 2.4.0 alpha

        Fixes an issue where a secondary having downloaded a invalid zone from an primary will proceed re-download it and failing until the zone is fixed on the primary.
            Now it will wait until the axfr-retry + random(axfr-retry-jitter) elapsed.

        It is now possible to change the network configuration at runtime.

        It is now possible to have threads logged with a tag instead of an opaque hexadecimal ID. (--enable-log-thread-tag)

        It is now possible to pipe execute loggers output.

            e.g.:
                <channel>
                    my-zipped-channel "|/usr/bin/gzip - >> /var/log/yadifa.log.gz"
                </channel>

            Obviously, outputs are run using the uid/gid set for the server.
            As the command can be restarted for several reasons so using >> is the obvious choice.

        The maximum number of queries that are queued on an overloaded server is now configurable.
        Note this is currently only used by network-model 1 and the ram usage in bytes is about (workers * size * 64)

            For a server that only needs to answer 10000 queries per second, it would be suitable to use:

            e.g.:
                network-model-worker-backlog-size 10000

            Our artificial benchmark tests are showing that setting this value to 500000 is enough to handle about 2.5 millions queries per second
            on a server with the appropriate hardware configured properly (network queues, ...).

        The zone journal maximum size is now an hard limit instead of "best effort within a few bytes".

        The --disable-messages ./configure option has now been removed as the send & recv are not suitable for proper aliased addresses handling.

        The build system has been changed:

            From now on, to do a debug build, add CFLAGS='-O0 -g3 -DEBUG=1' to the configure command.

            e.g.:

            ./configure --enable-shared --enable-log-thread-tag CC=clang CFLAGS='-O0 -g3 -DDEBUG=1'

            A release build that keeps the symbols would be:

            ./configure --enable-log-thread-tag CC=clang CFLAGS='-O3 -g -DDEBUG=0'

        The dnszone library has been merged into dnscore and dnsdb.

        Several of our unit tests have been added as well as the valgrind suppression file (yadifad.supp).

        Several simplifications and abstractions have been made on the internal APIs.

        Network model 1 is the only model available from this version.

        dnssec-thread-count parameter is now obsolete

20180213:
    YADIFA 2.3.8
        Fixes the OPT record Z flags not being cleared in server answers.

20171207:
     YADIFA 2.3.0 - 2.3.7
         From now on, both primary and secondaries are updating the zone in the same manner (journal transactions)
         Messages are now default (--enable-messages). Disable them using --disable-messages.
         Adds more (dynamic) update validation.
         Adds a build option to remove compile date and time from various help messages (--disable-build-timestamp)
         A primary can now be configured to allow updating RRSIG records externally (e.g.: update add domain. RRSIG ...)
 
         Fixes an issue where closing an (a)XFR stream could lead to a race over the file descriptors.
         Fixes an issue where an AXFR query would return a version of the zone too old to be upgradable by following incremntal updates.
         Fixes an issue where zones with big-enough NSEC3 coverage (several millions NSEC3 record) could potentially reach an internal limit of the database.
         Fixes an issue where shutting down YADIFA while a zone is being downloaded (AXFR) may make it wait forever.
         Fixes an issue where the secondary would complain about a missing private key.
         Fixes an issue where a specifically truncated IXFR query may make YADIFA replying with an AXFR.
         Fixes an issue where an IXFR query returning "not implemented" instead of an AXFR would be retried later as an IXFR.
         Fixes an issue where hammering reopening the logs on an overloaded server would not work properly.
        
20170912:
    YADIFA 2.2.6
        Fixes an issue where a maliciously crafted message may block the server. (CVE-2017-14339)

20170420:
    YADIFA 2.2.5
        Fixes an issue on message-enabled servers where the return address would not be captured
        Increased the maximum number of network interfaces to 256

20170406:
    YADIFA 2.2.4
        Fixes an issue with relative include names that would not always be properly computed
        Fixes an issue where concurrent configuration reloads could lead to a crash

20170223:
    YADIFA 2.3.1 (internal)
        Added thread_pool_try_enqueue_call to give up if a queue is full or overworked (distance project)
        Fixes an issue with the CW queuing mechanism when trying to fill a full queue.

20161124:
    YADIFA 2.3.0 (internal)

        ECDSA can now be disabled at ./configure time.
            The support of ECDSA is not available in the openssl package of older Linux distributions.
            You can now add --disable-ecdsa at configure time to allow a build on these systems.

        Processed signals are now logged upon processing (info level) to allow the admin to know when a signal has effectively gone through.

        CPU affinity can now be tuned to stick a worker on a core.  In <main>:

            thread-affinity-multiplier can be used to use every (1) or every odd (2) logical CPU.

                Parameter range from 0 to 4.  (default is 0 = autodetect)
                By default, if hypertheading is detected, the multiplier is set to 2, else to 1.
            
            thread-affinity-base can be used to chose the first local CPU to consider.

                Parameter range from 0 to 3. (default is 0)

            In the end, network workers will have their affinity set to (base + multiplier * workerindex).

            The main purpose is to avoid using the hyperthread logical CPU as it can be counterproductive in some setups for high (10Gbps) troughput.

        Fixes:
        - fixed an issue on servers using the network-model 1 model (<main> : network-model 1)
        - fixed an issue where the removal in a certain order of hash/hash* related domains would end-up triggering an abort
        - fixed an issue where querying a signed domain that was deleted would answer NOERROR instead of NXDOMAIN
        - fixed an issue where a zone loaded with a journal would not be marked "dirty" and thus would not be fully dumped on disk upon kill -USR1
        - fixed an issue with network aliases not configured on all setups of --enable-messages
        - fixed an issue with the logger not releasing the log files before reconfiguration
        - fixed an issue with the journal where heavy load would prevent notification to secondaries

20161108:
    YADIFA 2.2.2
        OpenSSL 1.1.0 crypto API support

20160719:
    YADIFA 2.2.1

        Multi-primary support:
            Added axfr-retry-failure-delay-multiplier and axfr-retry-failure-delay-max <main> parameters to increase the time between two AXFR/IXFR retries on a primary.

        Fixes:
        - fixed an issue that would crash a YADIFA secondary when restarting with a journal present
        - fixed an issue in AXFR/IXFR retry timing management

20160715:
    YADIFA 2.2.0
        Multi-primary support:

            In <zone>, the primaries field is now a list.
            When the primary fails to answer, it is moved to the end of the list and (new) first one is used instead.

            There is a true-multiprimary setting, defaulted to 'no'.  In true multiprimary mode, changing the primary implies dropping local zone data and ignore serial values.
            This is to be used for a setup with truly independent primaries.

            By default, the primary change occurs at first failure. This can be changed to a higher value with multiprimary-retries (maximum: 255)
            This mostly makes sense on true-multiprimary mode as you want to be sure before reloading a zone completely.

        Smart signing:

            Keys with smart signing information are now handled by YADIFA.

        DNSSEC policies:

            YADIFA generates an rolls your keys and makes a non-DNSSEC zone into an NSEC or NSEC3 one.


        Support for ECDSA algorithm.

        Better support for huge incremental changes of a zone:
            YADIFA used to do the modification in one go, which could make it unresponsive for very big changes.
            Now the changes are applied more slowly, allowing queries to be answered.

        New network model:
            A new network model can be enabled. This model's main purpose is to be more resistent to system stalls with minimal, if any, performance loss.

            <main> network-model 1

        NSEC3 management improved.
            Several improvements have been made on the way NSEC3 is handlded.  Chains partially covering the zone are now accepted.

        Fixes:
        - fixed an issue where the maximum pid value supported was 99999
        - fixed an issue with RRSIG TTL values that were not always at the expected value.
        - fixed an issue with the $TTL not being respected.

20160126:
    YADIFA 2.1.6

        Fixes:
        - fixed an issue where the referral would not be measured for UDP on a optimised build.

20160108:
    YADIFA 2.1.5

        Dynamic updates do not use temporary files anymore which improves their general performance.
        The statistics now shows the referrals.

        Fixes:
        - fixed an issue where getting a huge incremental transfer would prevent the server from answering queries while applying the changes.
        - fixed an issue serving IXFR that would occur when a incremental change step was bigger than 64KB
        - fixed an issue for Solaris with the memory alignment fix not active everywhere
        - fixed an issue on the Solaris build settings
        - fixed an issue where sometimes yadifad would not find a configuration file given as a parameter with a relative path
        - fixed an issue where a wild-card would not be properly returned with an AXFR
        - fixed an issue where dynamically updating a zone at a speed such that the zone file would need to be written multiple times on disk
          before finishing the previous write could lead to a deadlock

20151026:
    YADIFA 2.1.4

        The zone reader error reporting has been improved.
        Stacktrace support added for Solaris.

        Known issue:
        - Adding and or removing NSEC3PARAM dynamically is not properly handled.

        Fixes:
        - fixed an issue where an NSEC3 answer proving a * query would lead to a crash
        - fixed an issue where a private key may be not recognised as such
        - fixed an issue where dynamic update prerequisite check would fail a valid match
        - fixed an issue where zone signature maintenance would only start if all private keys were available.

20150821:
    YADIFA 2.1.3

        Fixes:
        - fixed an issue that could lead to a crash at startup
        - fixed an issue where parsing a TYPE#### record would stop the parser prematurely


20150814:
    YADIFA 2.1.2

        The ./configure script has a new option: --enable-full-ascii7
        This changes the behaviour of DNS name validation to accept all the ASCII7 characters instead of only the DNS-space ones.
        Enabling this option is not recommended.

        Fixes:
        - fixes an issue where the hmac-shaX identification string sent with a TSIG had the suffix ".sig-alg.reg.int".

20150714:
    YADIFA 2.1.1

        The yadifa command line has a new option: --config|-c file : read the specific configuration file instead of ~/.yadifa.rc

        Issues detected on the NSEC3 database have now been upgraded from debug to info/warning

        Fixes:
        - fixed an issue where, on some cases; the garbage collector for the zones was not triggering for a long time.
        - fixed an issue in the Makefile (courtesy of DENIC)
        - fixed an issue where a few bytes could be leaked in some rare cases when failing to unload a zone
        - fixed an issue in RRL where some values of IPv6 prefix
        - fixed an issue accepting some answers on IXFR transfers

20150424:
    YADIFA 2.1.0

        New journal file format:
      
            This new format addresses a few issues like having maximum journal file and
            a relatively constant random access time even for very big sizes.

        The internal messaging queue has been changed to address huge amount of zones.

        New CHaos queries supported:
            hostname
            id.server

        Known issues:
        _ building successfully with LTO may require to append both AR=gcc-ar and RANLIB=gcc-ranlib to the ./configure command


20150403:
    YADIFA 2.0.6

        This release is a public release.
        This minor update's sole purpose is to fix YADIFA builds on OpenBSD.

        Fixes:
        - fixed a crash that could occur while sending a massive amount of notifications
        - OpenBSD builds are fixed.
            Tested on: OpenBSD 5.6 amd64, standard installation.
            Configure: ./configure

            Tested on: OpenBSD 5.6 amd64, with gcc 4.9 installed.
            Configure: ./configure CC=egcc

20150226:
    YADIFA 2.0.5

        This release is a public release.

        Fixes:
        - fixed an issue with huge IXFR transfers as a primary
        - fixed an issue with notifications on secondary-secondary-primary setup
        - fixed an issue with a potential infinite loop loading an AXFR from a primary
        - fixed missing hmac-sha* from <key> configuration
        - fixed an issue with TLSA records parsing
        - fixed an issue with base 16 encoding
        - fixed an issue parsing * domains
        - fixed an issue with some RRL motivated answers
        - increased the maximum number of network interfaces from 5 to 16
        - fixed an error in the configuration examples where "statistics" was used instead of "stats"
        - minor fixes and improvements

20141216:
    YADIFA 2.0.4

        This release is a public release.

        By popular demand, the default log file directory is now PREFIX/var/log/yadifa.  It can be set using --with-logdir=/my/dir

        Improved build mechanism.
            It has been tested to work automatically on Linux, FreeBSD, OSX, SunOS.
            RedHat family builds will use -O2 as maximum optimisations.

            Note that some optional features are now enabled by default but can be disabled.

        Fixes:
        - fixed an issue with the AXFR transfer where the serial number would not be properly taken into account
        - fixed an issue with the notify mechanism that could occur if the server was only listening to 127.0.0.1 
        - fixed an issue with bogus DNSKEY records that may potentially lead to a crash in openssl
        - fixed a reported potential "tmpfile" vulnerability on DEBUG builds (generated with make debug)
        - fixed an issue with IPv6 connections on some architectures
        - typos fixes
        - minor fixes and improvements

20141104:
        Architecture portability enhancements.

        On Solaris, if no --enable-force32bits nor --enable-force64bits is set, then 64 bits will be forced (fixes an issue at link-time)

        ELF 64-bit MSB executable SPARCV9 Version 1, UltraSPARC3 Extensions Required, dynamically linked, not stripped, no debugging information available

        PATH=/opt/csw/bin:/usr/ccs/bin:$PATH ./configure --enable-force32bits
        PATH=/opt/csw/bin:/usr/ccs/bin:$PATH make

20141030:
        Architecture portability enhancements.

    FreeBSD 9
        FreeBSD dnode3 9.0-RELEASE-p3 FreeBSD 9.0-RELEASE-p3 #0: Tue Jun 12 02:52:29 UTC 2012     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
        gcc (GCC) 4.2.1 20070831 patched [FreeBSD]
        ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), dynamically linked (uses shared libs), for FreeBSD 9.0 (900044), not stripped

    Ubuntu
        Linux dnode10 3.2.0-49-generic #75-Ubuntu SMP Tue Jun 18 17:39:32 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
        gcc (Ubuntu/Linaro 4.6.3-1ubuntu5) 4.6.3
        ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=0xe3b8601b9b5e59f8c9ce519cacbe9b8ff544ff1d, not stripped

    OSX
        Darwin RD-Mac-Mini.local 13.3.0 Darwin Kernel Version 13.3.0: Tue Jun  3 21:27:35 PDT 2014; root:xnu-2422.110.17~1/RELEASE_X86_64 x86_64
        Apple LLVM version 5.1 (clang-503.0.40) (based on LLVM 3.4svn)
        Mach-O 64-bit executable x86_64

20141029:
        Architecture portability enhancements.

        uname -a
        gcc --version
        file yadifad

    YellowDog Linux
        Linux 2.6.29-3.ydl61.4 #1 SMP Mon Sep 7 14:50:27 PDT 2009 ppc64 ppc64 ppc64 GNU/Linux
        gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-44)
        ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux 2.6.9, not stripped

        note: using --enable-force64bits failed because of ssl, no simple/quick way to install openssl-devel.ppc64 seemed available

    Debian PPC64
        Linux 3.2.0-3-powerpc64 #1 SMP Mon Jul 23 08:03:56 UTC 2012 ppc64 GNU/Linux
        gcc (Debian 4.6.3-8) 4.6.3
        ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.26, BuildID[sha1]=0xedc47c984a4af7eb9a7ecbc0f135e4d064ba08f0, with unknown capability 0x41000000 = 0x13676e75, with unknown capability 0x10000 = 0xb0401, not stripped

        note: using --enable-force64bits failed because of ssl, no simple/quick way to install openssl-devel.ppc64 seemed available

20141016:
    YADIFA 2.0.2

    TCP fallback support on truncation


20140905:
    YADIFA 2.0.0

        This release is a public release

        Fixes:
        - fixed a log incorrectly reporting an error when the client didn't close the TCP connection fast enough
        - fixed an issue with the statistics on TCP queries

        Known issue:
        - removing the last key of a signed zone is permitted by YADIFA but triggers some chicken-egg issue with signatures.

20140829:
    YADIFA 2.0.0-beta3-public

        This release is a public release

        - --disable-master feature at configure now builds a secondary-only server

        Fixes:
        - fixed an issue with TSIG signed queries
        - fixed an issue with thread pool live resizing
        - fixed an issue where reading an undeleted obsolete journal ending at the start of a newly transferred zone from the primary would incorrectly trigger an error

        Known issue:
        - removing the last key of a signed zone is permitted by YADIFA but triggers some chicken-egg issue with signatures.


20140630:
    YADIFA 2.0.0-beta2-public

        This release is a public release

        - basepath disabled
        - pidpath removed, only pidfile remains
        - log reopen notification is now timestamped
        - secondary zones no longer complain about missing NSEC/NSEC3 private keys
        - the error code ZRE_FILE_NOT_FOUND has been replaced by the more accurate code ZRE_NO_VALID_FILE_FOUND
        - default logging settings no longer output debug

        Fixes:
        - fixed issue in flag computation (AD,CD)
        - fixed an issue with journal truncation sometimes leading to a crash
        - zone parsing now correctly accepts '#' as a comment marker
        - zone parsing now rejects wrong fqdn as soon as it reads them, leading to a more accurate error message
        - removing the last dnskey of a zone no longer crashes the server

        Known issue:
        - removing the last key of a signed zone is permitted by YADIFA but triggers some chicken-egg issue with signatures.

        yadifa remote client commands prototype is now available with the following supported commands:

            -shutdown
                shuts down yadifa
                e.g. ./yadifa -s "192.0.2.1 port 53" -t shutdown
                
            -cfgreload
                reloads the <key> and <zone> sections of the yadifad configuration

                e.g. ./yadifa -s "192.0.2.1 port 53" -t cfgreload

            -logreopen
                closes and reopen the log files

                e.g. ./yadifa -s "192.0.2.1 port 53" -t logreopen

            -freezeall
                prevents all zones from being updated dynamically with nsupdate
                
                e.g. ./yadifa -s "192.0.2.1 port 53" -t freezeall

            -freeze
                prevents a zone from being updated dynamically with nsupdate

                e.g. ./yadifa -s "192.0.2.1 port 53" -t freeze -q somedomain.eu

            -unfreezeall
                enables updates of all zones again

                e.g. ./yadifa -s "192.0.2.1 port 53" -t unfreezeall

            -unfreeze
                enables updates of a zone again

                e.g. ./yadifa -s "192.0.2.1 port 53" -t unfreeze -q somedomain.eu

            In order to work, the allow-control ACL must be defined either in <main> for the global commands and
            may also be defined in <zone> for the ones targeting a specific zone.

                e.g. allow-control 127.0.0.1

            Note that tsig is not supported in the client yet.

20140528:
    YADIFA 2.0.0-beta1-public

	This release is a public release

	- NSID implemented (enabled at ./configure time with --enable-nsid
        - generic parser for:
 		- getops
		- zone file
		- resolv.conf
		- configuration
	- '@' can now be used in a zone file
        - new binary for controlling 'yadifad' (yadifa)
        - framework is rewritten for multi core systems
        - single core server has been removed

        Fixes:	
	- fixed several minor issues

        Know issues:
	- removing all dnskeys from a zone file crashes the server
	- yadifa has some issues with nodelay, nocork
	
20130424:
    YADIFA 1.1.0
        _ added DSA signature
        _ added SHA-256 SHA-384 SHA-512 digest algorithms
        _ now supports additional DNSSEC algorithms:
            DSASHA1
            DSASHA1_NSEC3
            RSASHA256_NSEC3
            RSASHA512_NSEC3
        _ Respone Rate Limitation implemented (enabled at ./configure time with --enable-rrl)
        _ --enable-tiny-footprint now reduces the memory usage further by reducing the standard log queue from 2^20 to 2^12 entries
        _ the general speed has been slightly improved
        _ dynamic updates pending for more than 3 seconds are now dropped with an error
        _ dynamic provisioning
    Fixes:
        _ fixed a memory leak that could occur at NSEC3 generation when loading the zone failed in a particular way
        _ fixed a memory leak at ixfr send
        _ fixed handling of '_' character that was improperly stored in the database
        _ fixed bandwidth limit settings (tcp stream in and out) not always being taken from the configuration
        _ fixed TSIG answer verification for notifies
        _ fixed error codes not being registered and thus logged as unknown hexadecimal error code.
        _ other minor fixes

20130612:
    YADIFA 1.0.3
        Fixes only (backports from 1.1.0)

    Fixes:
        _ fixed an issue preventing YADIFA from being build from another directory
        _ fixed an issue with OSX systems where gsed has to be used instead of sed
        _ fixed an issue with the '_' character not being properly handled
        _ fixed an issue where reading MX record from a zone file would incorrecly be rejected as invalid
        _ fixed an issue where the OPT record would not be properly written
        _ fixed an issue where an undefined ACL reference would be silently ignored
        _ fixed missing code tags for several error codes.  From now on unregistered codes are dumped in hexadicimal.
        _ fixed portability issues with BSD and OSX
        _ fixed several minor issues


20120921:
    YADIFA 1.0.2
        Fixes only

    Fixes:
        _ fixed an issue where the journal file was sometimes not properly closed at the end of a task
        _ fixed an issue where the TCP usage slots would sometimes wrongly return that they were all being used
        _ fixed an issue on IXFR processing (secondary side) where the type of answer from the primary would not be properly detected
        _ fixed an issue with TSIG on secrets not exactly 16 bytes long (binary form)
        _ fixed an issue on 32 bits architectures where the sig-validity-* fields would not be properly handled if not set
          on each zone section.
        _ slightly improved the replay time of big journal files
        _ fixed several minor issues

    Known issues:
        _ if the serial of a zone is changed in a way that it goes beyond a value such as
          the journal serial start is bigger than the journal serial end, issues are expected
          for IXFR answers.
        _ notify is ignored on TCP  

20120709:
    YADIFA 1.0.1
    	_ logging repeat compression is now by channel instead of global

    Fixes:
        _ fixed an issue where glibc whould assert if libgcc_s.so (libgcc_s.so.1) and libc.so (libc.so.6) where not
    	  available inside the chrooted directory of YADIFA
    	_ fixed an issue in the syslog module

    Known issues:
    	_ on 32 bits architectures, the sig-validity-* fields are not properly copied from <main> to <zone>
    	  as a workaround, set the sig-validity fields in each <zone> container in 32 bits architectures

    	  ie:
    		  sig-validity-interval 7
 			  sig-validity-regeneration 168
    		  sig-validity-jitter 3600
    	_ if the serial of a zone is changed in a way that it goes beyond a value such as
    	  the journal serial start is bigger than the journal serial end, issues are expected
    	  for IXFR answers.
    	_ notify is ignored on TCP

20120625:
    YADIFA 1.0.0
    	_ LTO support can be enabled with --enable-lto but this is not working with clang. LTO does not increase
    	  the performance significally
    	_ parallel processing of listening addresses can now be enabled.
    	  It can be set using thread-count-by-address in the <main> section.
    	  By default YADIFA will not use parallel processing as this feature has not been
    	  as thoroughly tested as the single-thread processing model
    	_ default parameters tuning
    	_ fixes

     Known issue:
    	_ on 32 bits architectures, the sig-validity-* fields are not properly copied from <main> to <zone>
    	  as a workaround, set the sig-validity fields in each <zone> container in 32 bits architectures

    	  ie:
    		  sig-validity-interval 7
 			  sig-validity-regeneration 168
    		  sig-validity-jitter 3600
		
20120530:
    YADIFA 1.0.0RC3
    	_ the configuration parser now ignores undefined logger names and
    	  report them with a warning
    	_ syslog messages are now put in the name of "yadifad" instead of  the name used for the "syslog" channel
    	_ syslog messages do not print the time from YADIFA anymore
    	_ improved the steps involved in loading a locally cached secondary zone
    	_ zones are now loaded in background 
    	_ man page yadifad-conf.man5 renamed into yadifad.conf.man5

    Fixes:
    	_ AXFR/IXFR answers with the RA bit set are nolonger rejected as invalid
    	_ YADIFA now answers to SIGINT again (shutdown)
    	_ fixed an issue where obsolete AXFR files were not always being deleted
    	_ fixed an issue occurring when both IPv4 and IPv6 were available to handle a notify
    	_ fixed journal replay issue where some RRSIGs records were not properly removed
    	_ fixed an issue occurring with IPv6 queries
    	_ fixed an issue in the generation of a specific NSEC3 error answer
    	_ fixed named query style layout

    Known issue:
    	_ if the serial of a zone is changed in a way that it goes beyond a value such as
    	  the journal serial start is bigger than the journal serial end, issues are expected
    	  for IXFR answers.
    	_ notify is ignored on TCP
    	
20120328:
    YADIFA 1.0.0RC2
    	_ fixed logging issue on work file creation error
    	_ fixed an issue where IXFR queries could be rejected as being wrongly formatted
    	_ fixed an issue in the query logging text
    	_ enabled command line options ( -u uid -g gid -d )
    
20120319:
    YADIFA 1.0.0RC1

    Is a full functional authoritative name server:

    	- works as primary or secondary name server
    	- AXFR
    	- IXFR
    	- NOTIFY
    	- NSUPDATE
    	- TSIG
    	- CLASSES:
    		- IN
    		- CH (just for version)
    	- TYPES:
    		- AAAA
    		- CNAME
    		- DNSKEY
    		- DS
    		- HINFO
    		- MX
    		- NAPTR
    		- NS
    		- NSEC3
    		- NSEC3PARAM
    		- NSEC
    		- PTR
    		- RRSIG
    		- SOA
    		- SRV
    		- SSHFP
    		- TXT
    	- Automatic resigning
    	- DNSSEC algorithms:
    		- 5 (RSASHA1)
    		- 7 (RSASHA1-NSEC3
    	- ACL's
    

    KNOWN ISSUES:

    	NSEC3:	_ cannot work with multiple NSEC3PARAM chains with mixed OPT-IN/OUT settings

    		_ adding a new NSEC3 chain expects that the primary sends the NSEC3PARAM first (it does not seems to be always the case)
    			  We have a case where a primary starts with 2 thousands NSEC3 opt-out records then adds 6 millions NSEC3 opt-in records but does not give the NSEC3PARAM record
    			  first. The secondary server rejects them all because it's unable to link them to a chain.  (This one has high priority)

    	DNSSEC:	_ it is not allowed to change the zone security mode (unsecure, NSEC, or NSEC3).  Once the zone is loaded it keeps its security mode.

    		_ dynamic updates of NSEC as well as NSEC3 records are refused

    	QUIT:	the server will shutdown on the following conditions:

    		_ detection of an impossible situation or an internal integrity issue (ie: for any reason the SOA has vanished from a zone)

    		_ memory limit reached which prevents any more work

    		_ ipc issue which prevent internal services communication

    	ACL:	_ since the access control is set by zone and CHAOS class is not implemented as a configurable zone, it is not possible (yet) to specifically block CHAOS queries.

20111121:
    YADIFA 0.5.5
    	-	many fixes 

    KNOWN ISSUE: NSEC3 secondary zone replay fails.

20110706:
    YADIFA 0.5.0
    	-	secondary mode, AXFR/IXFR (no TSIG yet for the secondary-side transfer)
    	-	answers to a notify from the primary
    	-	polls the (first) primary on the primaries list
    	-	maintains the .axfr & .ix files (deletes the obsoletes ones)
    	-	TSIG queries are checked
    	-	Replays the zone journal on startup after the zone load (journaling)
    	-	Answers IXFR queries (journaling)

20110601:
    YADIFA 0.4.0
    	Operational:
    	-	It works as a no dnssec name server
    	-	No notifies to secondary name servers
    	-	daemon
    	-	Answers AXFR queries with TSIG
    	- 	nsupdate functionality (journaling)
    	-	TSIG on client server side will be transmitted, but not checked
    	-	ACL works
    	- 	The zone has SOA, NS A resource records.

20110524:
	YADIFA 0.3.0
		First release internally of yadifad 20110524115500 GMT+1.

		Operational:
		-	It works as a no dnssec name server
		-	No notifies to secondary name servers
		-	daemon
		-	Answers AXFR queries
		- 	The zone has SOA, NS A resource records.
		

20091224:
    YADIFA 0.2.0
    	_	Answers AXFR queries
    	_	ACL based on IP and TSIG (not all query types are ACL'ed yet)

20091104:
    YADIFA 0.1.0

    	YADIFA is a work in progress. The main goal is to have an alternative for BIND or NSD.

    	Version 0.1.0 is an authoritative server only. 

    	It has no:
    	-	AXFR/IXFR functionality
    	-	dynupdate
    	- 	support for NSEC
    	- 	support for NSEC3
    	-	caching mechanism
    	- 	additional tools (eg.dig, dnssectools, drill,...)

    	It has:
    	-	a very fast way to give authoritative answer
    	-	a very fast method for loading the database and checking the zone files

    	This first release is to have a feeling how it works in an operational environment.
    
    TODO

    	Everything what is not implemented, has to be implemented. Most of the code is there, but is not activated.

    	No comformity tests has been done. (This of course is on the todo list)



Bug Reports and Mailing Lists

        Bugs reports should be sent to

                bugreport@yadifa.eu