changes

linux网络工具

			an INSIST. [RT# 11116]

1611.	[bug]		solaris: IPv6 interface scanning failed to cope with
			no active IPv6 interfaces.

1610.	[bug]		On dual stack machines "dig -b" failed to set the
			address type to be looked up with "@server".
			[RT #11069]

1600.	[bug]		Duplicate zone pre-load checks were not case
			insensitive.

1599.	[bug]		Fix memory leak on error path when checking named.conf.

1598.	[func]		Specify that certain parts of the namespace must
			be secure (dnssec-must-be-secure).

	--- 9.3.0beta2 released ---

1609.	[func]		dig now has support to chase DNSSEC signature chains.
			Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.

			DNSSEC validation code in dig coded by Olivier Courtay
			(olivier.courtay@irisa.fr) for the IDsA project
			(http://idsa.irisa.fr).

1608.	[func]		dig and host now accept -4/-6 to select IP transport
			to use when making queries.

1607.	[bug]		dig, host and nslookup were still using random()
			to generate query ids. [RT# 11013]

1604.	[bug]		A xfrout_ctx_create() failure would result in
			xfrout_ctx_destroy() being called with a
			partially initialized structure.
			
1603.	[bug]		nsupdate: set interactive based on isatty().
			[RT# 10929]

1602.	[bug]		Logging to a file failed unless a size was specified.
			[RT# 10925]

1601.	[bug]		Silence spurious warning 'both "recursion no;" and 
			"allow-recursion" active' warning from view "_bind".
			[RT# 10920]

1594.	[bug]		'rndc dumpdb' could prevent named from answering
			queries while the dump was in progress.  [RT #10565]

1593.	[bug]		rndc should return "unknown command" to unknown
			commands. [RT# 10642]

	--- 9.3.0beta1 released ---

1592.	[bug]		configure_view() could leak a dispatch. [RT #10675]

1591.	[bug]		libbind: updated to BIND 8.4.5.

1590.	[port]		netbsd: update thread support.

1589.	[func]		DNSSEC lookaside validation.

1588.	[bug]		win32: TCP sockets could become blocked. [RT #10115]

1587.	[bug]		dns_message_settsigkey() failed to clear existing key.
			[RT #10590]

1586.	[func]		"check-names" is now implemented.

1584.	[bug]		"make test" failed with a read only source tree.
			[RT #10461]

1583.	[bug]		Records add via UPDATE failed to get the correct trust
			level. [RT #10452]

1582.	[bug]		rrset-order failed to work on RRsets with more
			than 32 elements. [RT #10381]

1581.	[func]		Disable DNSSEC support by default.  To enable
			DNSSEC specify "dnssec-enable yes;" in named.conf.

1580.	[bug]		Zone destruction on final detach takes a long time.
			[RT #3746]

1579.	[bug]		Multiple task managers could not be created.

1578.	[bug]		Don't use CLASS E IPv4 addresses when resolving.
			[RT #10346]

1577.	[bug]		Use isc_uint32_t in ultrasparc optimizer bug
			workaround code. [RT #10331]

1576.	[bug]		Race condition in dns_dispatch_addresponse().
			[RT# 10272]

1575.	[func]		Log TSIG name on TSIG verify failure. [RT #4404]

1574.	[bug]		Don't attempt to open the controls socket(s) when
			running tests. [RT #9091]

1573.	[port]		linux: update to libtool 1.5.2 so that
			"make install DESTDIR=/xx" works with
			"configure --with-libtool".  [RT #9941]

1572.	[bug]		nsupdate: sign the soa query to find the enclosing
			zone if the server is specified. [RT #10148]

1571.	[bug]		rbt:hash_node() could fail leaving the hash table
			in an inconsistent state.  [RT #10208]

1570.	[bug]		nsupdate failed to handle classes other than IN.
			New keyword 'class' which sets the default class.
			[RT #10202]

1569.	[func]		nsupdate new command 'answer' which displays the
			complete answer message to the last update.

1568.	[bug]		nsupdate now reports that the update failed in
			interactive mode. [RT# 10236]

1567.	[bug]		B.ROOT-SERVERS.NET is now 192.228.79.201.

1566.	[port]		Support for the cmsg framework on Solaris and HP/UX.
			This also solved the problem that match-destinations
			for IPv6 addresses did not work on these systems.
			[RT #10221]

1565.	[bug]		CD flag should be copied to outgoing queries unless
			the query is under a secure entry point in which case
			CD should be set.

1564.	[func]		Attempt to provide a fallback entropy source to be
			used if named is running chrooted and named is unable
			to open entropy source within the chroot area.
			[RT #10133]

1563.	[bug]		Gracefully fail when unable to obtain neither an IPv4
			nor an IPv6 dispatch. [RT #10230]

1562.	[bug]		isc_socket_create() and isc_socket_accept() could
			leak memory under error conditions. [RT #10230]

1561.	[bug]		It was possible to release the same name twice if
			named ran out of memory. [RT #10197]

1560.	[port]		FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
			and EAI_NONAME to the same value.

1559.	[port]		named should ignore SIGFSZ.

1558.	[func]		New DNSSEC 'disable-algorithms'.  Support entry into
			child zones for which we don't have a supported
			algorithm.  Such child zones are treated as unsigned.

1557.	[func]		Implement missing DNSSEC tests for
			* NOQNAME proof with wildcard answers.
			* NOWILDARD proof with NXDOMAIN.
			Cache and return NOQNAME with wildcard answers.

1556.	[bug]		nsupdate now treats all names as fully qualified.
			[RT #6427]

1555.	[func]		'rrset-order cyclic' no longer has a random starting
			point. [RT #7572]

1554.	[bug]		dig, host, nslookup failed when no nameservers
			were specified in /etc/resolv.conf. [RT #8232]

1553.	[bug]		The windows socket code could stop accepting
			connections. [RT#10115]

1552.	[bug]		Accept NOTIFY requests from mapped masters if
			matched-mapped is set. [RT #10049]

1551.	[port]		Open "/dev/null" before calling chroot().

1550.	[port]		Call tzset(), if available, before calling chroot().

1549.	[func]		named-checkzone can now write out the zone contents
			in a easily parsable format (-D and -o).

1548.	[bug]		When parsing APL records it was possible to silently
			accept out of range ADDRESSFAMILY values. [RT# 9979]

1547.	[bug]		Named wasted memory recording duplicate lame zone
			entries. [RT #9341]

1546.	[bug]		We were rejecting valid secure CNAME to negative
			answers.

1545.	[bug]		It was possible to leak memory if named was unable to
			bind to the specified transfer source and TSIG was
			being used. [RT #10120]

1544.	[bug]		Named would logged a single entry to a file despite it
			being over the specified size limit.

1543.	[bug]		Logging using "versions unlimited" did not work.

1541.	[func]		NSEC now uses new bitmap format.

1540.	[bug]		"rndc reload <dynamiczone>" was silently accepted.
			[RT #8934]

1539.	[bug]		Open UDP sockets for notify-source and transfer-source
			that use reserved ports at startup. [RT #9475]

1537.	[func]		New option "querylog".  If set specify whether query
			logging is to be enabled or disabled at startup.

1536.	[bug]		Windows socket code failed to log a error description
			when returning ISC_R_UNEXPECTED. [RT #9998]

1534.	[bug]		Race condition when priming cache. [RT# 9940]

1533.	[func]		Warn if both "recursion no;" and "allow-recursion"
			are active. [RT# 4389]

1532.	[port]		netbsd: the configure test for <sys/sysctl.h>
			requires <sys/param.h>.

1531.	[port]		AIX more libtool fixes.

1530.	[bug]		It was possible to trigger a INSIST() failure if a
			slave master file was removed at just the correct
			moment. [RT #9462]

1529.	[bug]		"notify explicit;" failed to log that NOTIFY messages
			were being sent for the zone. [RT# 9442]

1528.	[cleanup]	Simplify some dns_name_ functions based on the
			deprecation of bitstring labels.

1527.	[cleanup]	Reduce the number of gettimeofday() calls without
			losing necessary timer granularity.

1525.	[bug]		dns_cache_create() could trigger a REQUIRE
			failure in isc_mem_put() during error cleanup.
			[RT# 9360]

1524.	[port]		AIX needs to be able to resolve all symbols when
			creating shared libraries (--with-libtool).

1523.	[bug]		Fix race condition in rbtdb. [RT# 9189]

1522.	[bug]		dns_db_findnode() relax the requirements on 'name'.
			[RT# 9286]

1521.	[bug]		dns_view_createresolver() failed to check the
			result from isc_mem_create(). [RT# 9294]

1520.	[protocol]	Add SSHFP (SSH Finger Print) type.

1519.	[bug]		dnssec-signzone:nsec_setbit() computed the wrong
			length of the new bitmap.

1518.	[bug]		dns_nsec_buildrdata(), and hence dns_nsec_build(),
			contained a off-by-one error when working out the
			number of octets in the bitmap.

1517.	[port]		Support for IPv6 interface scanning on HP/UX and
			TrueUNIX 5.1.

1516.	[func]		Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.

1515.	[func]		Allow transfer source to be set in a server statement.
			[RT #6496]

1514.	[bug]		named: isc_hash_destroy() was being called too early.
			[RT #9160]

1513.	[doc]		Add "US" to root-delegation-only exclude list.

1512.	[bug]		Extend the delegation-only logging to return query
			type, class and responding nameserver.

1511.	[bug]		delegation-only was generating false positives
			on negative answers from subzones.

1510.	[func]		New view option "root-delegation-only".  Apply
			delegation-only check to all TLDs and root.
			Note there are some TLDs that are NOT delegation
			only (e.g. DE, LV, US and MUSEUM) these can be excluded
			from the checks by using exclude.

			root-delegation-only exclude {
				"DE"; "LV"; "US"; "MUSEUM";
			};

1509.	[bug]		Hint zones should accept delegation-only.  Forward
			zone should not accept delegation-only.

1508.	[bug]		Don't apply delegation-only checks to answers from
			forwarders.

1507.	[bug]		Handle BIND 8 style returns to NS queries to parents
			when making delegation-only checks.

1506.	[bug]		Wrong return type for dns_view_isdelegationonly().

1505.	[bug]		Uninitialized rdataset in sdb. [RT #8750]

1504.	[func]		New zone type "delegation-only".

1503.	[port]		win32: install libeay32.dll outside of system32.

1502.	[bug]		nsupdate: adjust timeouts for UPDATE requests over TCP.

1501.	[func]		Allow TCP queue length to be specified via
			named.conf, tcp-listen-queue.

1500.	[bug]		host failed to lookup MX records.  Also look up
			AAAA records.

1475.	[port]		Probe for old sprintf().

1474.	[port]		Provide strtoul() and memmove() for platforms
			without them.

1469.	[func]		Log end of outgoing zone transfer at same level
			as the start of transfer is logged. [RT #4441]

1468.	[func]		Internal zones are no longer counted for
			'rndc status'.  [RT #4706]

1467.	[func]		$GENERATES now supports optional class and ttl.

1458.	[cleanup]	sprintf() -> snprintf().

1457.	[port]		Provide strlcat() and strlcpy() for platforms without
			them.

1455.	[bug]		<netaddr> missing from server grammar in
			doc/misc/options. [RT #5616]

1454.	[port]		Use getifaddrs() if available for interface scanning.
			--disable-getifaddrs to override.  Glibc currently
			has a getifaddrs() that does not support IPv6.
			Use --enable-getifaddrs=glibc to force the use of
			this version under linux machines.

1446.	[func]		Implemented undocumented alternate transfer sources
			from BIND 8.  See use-alt-transfer-source,
			alt-transfer-source and alt-transfer-source-v6.

			SECURITY: use-alt-transfer-source is ENABLED unless
			you are using views.  This may cause a security risk
			resulting in accidental disclosure of wrong zone
			content if the master supplying different source
			content based on IP address.  If you are not certain
			ISC recommends setting use-alt-transfer-source no;

1444.	[func]		dns_view_findzonecut2() allows you to specify if the
			cache should be searched for zone cuts.

1443.	[func]		Masters lists can now be specified and referenced
			in zone masters clauses and other masters lists.

1442.	[func]		New functions for manipulating port lists:
			dns_portlist_create(), dns_portlist_add(),
			dns_portlist_remove(), dns_portlist_match(),
			dns_portlist_attach() and dns_portlist_detach().

1441.	[func]		It is now possible to tell dig to bind to a specific
			source port.

1440.	[func]		It is now possible to tell named to avoid using
			certain source ports (avoid-v4-udp-ports,
			avoid-v6-udp-ports).

1438.	[func]		Log TSIG (if any) when logging NOTIFY requests.

1436.	[func]		dns_zonemgr_resumexfrs() can be used to restart
			stalled transfers.

1433.	[bug]		named could trigger a REQUIRE failure if it could
			not get a file descriptor when attempting to write
			a master file. [RT #4347]

1432.	[func]		The advertised EDNS UDP buffer size can now be set
			via named.conf (edns-udp-size).

1430.	[port]		linux: IPv6 interface scanning support.

1422.	[func]		Log name/type/class when denying a query.  [RT #4663]

1421.	[func]		Differentiate updates that don't succeed due to
			prerequisites (unsuccessful) vs other reasons
			(failed).

1417.	[func]		ID.SERVER/CHAOS is now a built in zone.
			See "server-id" for how to configure.

1415.	[func]		DS TTL now derived from NS ttl.  NXT TTL now derived
			from SOA MINIMUM.