changes

linux网络工具

1414.	[func]		Support for KSK flag.

1413.	[func]		Explictly request the (re-)generation of DS records from
			keysets (dnssec-signzone -g).

1412.	[func]		You can now specify servers to be tried if a nameserver
			has IPv6 address and you only support IPv4 or the
			reverse. See dual-stack-servers.

1410.	[func]		Handle records that live in the parent zone, e.g. DS.

1409.	[bug]		DS should have attribute DNS_RDATATYPEATTR_DNSSEC.

1404.	[bug]		libbind: ns_name_ntol() could overwrite a zero length
			buffer.

1403.	[func]		dnssec-signzone, dnssec-keygen, dnssec-makekeyset
			dnssec-signkey now report their version in the
			usage message.

1402.	[cleanup]	A6 has been moved to experimental and is no longer
			fully supported.

1400.	[bug]		Block the addition of wildcard NS records by IXFR
			or UPDATE. [RT #3502]

1398.	[doc]		ARM: notify-also should have been also-notify.
			[RT #4345]

1396.	[func]		dnssec-signzone: adjust the default signing time by
			1 hour to allow for clock skew.

1394.	[func]		It is now possible to check if a particular element is
			in a acl.  Remove duplicate entries from the localnets
			acl.

1393.	[port]		Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
			is not available in the kernel to prevent accidently
			listening on IPv4 interfaces.

1392.	[bug]		named-checkzone: update usage.

1391.	[func]		Add support for IPv6 scoped addresses in named.

1390.	[func]		host now supports ixfr.

1386.	[bug]		named-checkzone -z stopped on errors in a zone.
			[RT #3653]

1383.	[func]		Track the serial number in a IXFR response and log if
			a mismatch occurs.  This is a more specific error than
			"not exact". [RT #3445]

1380.	[func]		'rndc recursing' dump recursing queries to
			'recursing-file = "named.recursing";'.

1379.	[func]		'rndc status' now reports tcp and recursion quota
			states.

1378.	[func]		Improved positive feedback for 'rndc {reload|refresh}.

1377.	[func]		dns_zone_load{new}() now reports if the zone was
			loaded, queued for loading to up to date.

1376.	[func]		New function dns_zone_logc() to log to specified
			category.

1375.	[func]		'rndc dumpdb' now dumps the adb cache along with the
			data cache.

1374.	[func]		dns_adb_dump() now logs the lame zones associated
			with each server.

1371.	[bug]		notify-source-v6, transfer-source-v6 and
			query-source-v6 with explicit addresses and using the
			same ports as named was listening on could interfere
			with named's ability to answer queries sent to those
			addresses.

1368.	[func]		remove support for bitstring labels.

1367.	[func]		Use response times to select forwarders.

1365.	[func]		"localhost" and "localnets" acls now include IPv6
			addresses / prefixes.

1364.	[func]		Log file name when unable to open memory statistics
			and dump database files. [RT# 3437]

1363.	[func]		Listen-on-v6 now supports specific addresses.

1362.	[bug]		remove IFF_RUNNING test when scanning interfaces.

1361.	[func]		log the reason for rejecting a server when resolving
			queries.

1355.	[bug]		Fix DNSSEC wildcard proof for CNAME/DNAME.

1344.	[func]		Log if the serial number on the master has gone
			backwards.
			If you have multiple machines specified in the masters
			clause you may want to set 'multi-master yes;' to
			suppress this warning.

1343.	[func]		Log successful notifies received (info).  Adjust log
			level for failed notifies to notice.

1342.	[func]		Log remote address with TCP dispatch failures.

1341.	[func]		Allow a rate limiter to be stalled.

1339.	[func]		dig, host and nslookup now use IP6.ARPA for nibble
			lookups.  Bit string lookups are no longer attempted.

1336.	[func]		Nibble lookups under IP6.ARPA are now supported by
			dns_byaddr_create().  dns_byaddr_createptrname() is
			deprecated, use dns_byaddr_createptrname2() instead.

1332.	[func]		Report the current serial with periodic commits when
			rolling forward the journal.

1331.	[func]		Generate DNSSEC wildcard proofs.

1329.	[func]		named-checkzone will now check if nameservers that
			appear to be IP addresses.  Available modes "fail",
			"warn" (default) and "ignore" the results of the
			check.

1328.	[bug]		The validator could incorrectly verify an invalid
			negative proof.

1322.	[bug]		dnssec-signzone usage message was misleading.

1321.	[bug]		If the last RRset in a zone is glue, dnssec-signzone
			would incorrectly duplicate its output and sign it.

1313.	[func]		Query log now says if the query was signed (S) or
			if EDNS was used (E).

1312.	[func]		Log TSIG key used w/ outgoing zone transfers.

1309.	[func]		Log that a zone transfer was covered by a TSIG.

1308.	[func]		DS (delegation signer) support.

1304.	[func]		New function: dns_zone_name().

1303.	[func]		Option 'flush-zones-on-shutdown <boolean>;'.

1302.	[func]		Extended rndc dumpdb to support dumping of zones and
			view selection: 'dumpdb [-all|-zones|-cache] [view]'.

1301.	[func]		New category 'update-security'.

1300.	[port]		Compaq Trucluster support.

1293.	[func]		Entropy can now be retrieved from EGDs. [RT #2438]

1292.	[func]		Enable IPv6 support when using ioctl style interface
			scanning and OS supports SIOCGLIFADDR using struct
			if_laddrreq.

1291.	[func]		Enable IPv6 support when using sysctl style interface
			scanning.

1290.	[func]		"dig axfr" now reports the number of messages
			as well as the number of records.

1285.	[func]		lwres: probe the system to see what address families
			are currently in use.

1283.	[func]		Use "dataready" accept filter if available.

1281.	[func]		Log zone when unable to get private keys to update
			zone.  Log zone when NXT records are missing from
			secure zone.

1278.	[func]		dig: now supports +[no]cl +[no]ttlid.

1277.	[func]		You can now create your own customized printing
			styles: dns_master_stylecreate() and
			dns_master_styledestroy().

1271.	[bug]		"recursion available: {denied,approved}" was too
			confusing.

1267.	[func]		isc_file_openunique() now creates file using mode
			0666 rather than 0600.

1254.	[func]		preferred-glue option from BIND 8.3.

1250.	[func]		Nsupdate will report the address the update was
			sent to.

1247.	[bug]		Don't reset the interface index for link/site local
			addresses. [RT #2576]

1246.	[func]		New functions isc_sockaddr_issitelocal(),
			isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
			and isc_netaddr_islinklocal().

1243.	[bug]		It was possible to trigger a REQUIRE() in
			dns_message_findtype(). [RT #2659]

1235.	[func]		Report 'out of memory' errors from openssl.

1234.	[bug]		contrib/sdb: 'zonetodb' failed to call
			dns_result_register().  DNS_R_SEENINCLUDE should not
			be fatal.

1233.	[bug]		The flags field of a KEY record can be expressed in
			hex as well as decimal.

1226.	[func]		Use EDNS for zone refresh queries. [RT #2551]

1225.	[func]		dns_message_setopt() no longer requires that
			dns_message_renderbegin() to have been called.

1224.	[bug]		'rrset-order' and 'sortlist' should be additive
			not exclusive.

1223.	[func]		'rrset-order' partially works 'cyclic' and 'random'
			are supported.

1220.	[func]		Support for APL rdata type.

1219.	[func]		Named now reports the TSIG extended error code when
			signature verification fails. [RT #1651]

1217.	[func]		Report locations of previous key definition when a
			duplicate is detected.

1213.	[func]		Report view associated with client if it is not a
			standard view (_default or _bind).

1203.	[func]		Report locations of previous acl and zone definitions
			when a duplicate is detected.

1202.	[func]		New functions: cfg_obj_line() and cfg_obj_file().

1192.	[bug]		The seconds fields in LOC records were restricted
			to three decimal places.  More decimal places should
			be allowed but warned about.

1190.	[func]		Add the "rndc freeze" and "rndc unfreeze" commands.
			[RT #2394]

1187.	[bug]		named was incorrectly returning DNSSEC records
			in negative responses when the DO bit was not set.

1181.	[func]		Add the "key-directory" configuration statement,
			which allows the server to look for online signing
			keys in alternate directories.

1180.	[func]		dnssec-keygen should always generate keys with
			protocol 3 (DNSSEC), since it's less confusing
			that way.

1179.	[func]		Add SIG(0) support to nsupdate.

1177.	[func]		Report view when loading zones if it is not a
			standard view (_default or _bind). [RT #2270]

1171.	[func]		Added function isc_region_compare(), updated files in
			lib/dns to use this function instead of local one.

1169.	[func]		Identify recursive queries in the query log.

1163.	[func]		isc_time_formattimestamp() now includes the year.

1159.	[bug]		MD and MF are not permitted to be loaded by RFC1123.

1158.	[func]		Report the client's address when logging notify
			messages.

1157.	[func]		match-clients and match-destinations now accept
			keys. [RT #2045]

1155.	[func]		Recover from master files being removed from under
			us.

1153.	[func]		'rndc {stop|halt} -p' now reports the process id
			of the instance of named being shutdown.

1151.	[bug]		nslookup failed to check that the arguments to
			the port, timeout, and retry options were
			valid integers and in range. [RT #2099]

1150.	[bug]		named incorrectly accepted TTL values
			containing plus or minus signs, such as
			1d+1h-1s.

1149.	[func]		New function isc_parse_uint32().

1148.	[func]		'rndc-confgen -a' now provides positive feedback.

1147.	[func]		Set IPV6_V6ONLY on IPv6 sockets if supported by
			the OS.  listen-on-v6 { any; }; should no longer
			result in IPv4 queries be accepted.  Similarly
			control { inet :: ... }; should no longer result
			in IPv4 connections being accepted.  This can be
			overridden at compile time by defining
			ISC_ALLOW_MAPPED=1.

1146.	[func]		Allow IPV6_IPV6ONLY to be set/cleared on a socket if
			supported by the OS by a new function
			isc_socket_ipv6only().

1145.	[func]		"host" no longer reports a NOERROR/NODATA response
			by printing nothing. [RT #2065]

1143.	[bug]		When a trusted-keys statement was present and named
			was built without crypto support, it would leak memory.

1139.	[func]		It is now possible to flush a given name from the
			cache(s) via 'rndc flushname name [view]'. [RT #2051]

1138.	[func]		It is now possible to flush a given name from the
			cache by calling the new function
			dns_cache_flushname().

1137.	[func]		It is now possible to flush a given name from the
			ADB by calling the new function dns_adb_flushname().

1135.	[func]		You can now override the default syslog() facility for
			named/lwresd at compile time. [RT #1982]

1132.	[func]		Improve UPDATE prerequisite failure diagnostic messages.

1128.	[func]		sdb drivers can now provide RR data in either text
			or wire format, the latter using the new functions
			dns_sdb_putrdata() and dns_sdb_putnamedrdata().

1127.	[func]		rndc: If the server to contact has multiple addresses,
			try all of them.

1119.	[func]		Added support in Win32 for NTFS file/directory ACL's
			for access control.

1115.	[func]		Set maximum values for cleaning-interval,
			heartbeat-interval, interface-interval,
			max-transfer-idle-in, max-transfer-idle-out,
			max-transfer-time-in, max-transfer-time-out,
			statistics-interval of 28 days and
			sig-validity-interval of 3660 days. [RT #2002]

1110.	[bug]		dig should only accept valid abbreviations of +options.
			[RT #2003]

1105.	[port]		OpenUNIX 8 enable threads by default. [RT #1970]

1080.	[bug]		BIND 8 compatibility: accept bare IP prefixes
			as the second element of a two-element top level
			sort list statement. [RT #1964]

1079.	[bug]		BIND 8 compatibility: accept bare elements at top
			level of sort list treating them as if they were
			a single element list. [RT #1963]

1077.	[func]		Do not accept further recursive clients when
			the total number of recursive lookups being
			processed exceeds max-recursive-clients, even
			if some of the lookups are internally generated.
			[RT #1915, #1938]

1073.	[bug]		The ADB cache cleaning should also be space driven.
			[RT #1915, #1938]

1067.	[func]		Allow quotas to be soft, isc_quota_soft().

1065.	[func]		Runtime support to select new / old style interface
			scanning using ioctls.

1060.	[func]		Move refresh, stub and notify UDP retry processing
			into dns_request.

1059.	[func]		dns_request now support will now retry UDP queries,
			dns_request_createvia2() and dns_request_createraw2().

1058.	[func]		Limited lifetime ticker timers are now available,
			isc_timertype_limited.

1055.	[func]		Version and hostname queries can now be disabled
			using "version none;" and "hostname none;",
			respectively.

1049.	[func]		"pid-file none;" will disable writing a pid file.
			[RT #1848]

1037.	[bug]		Negative responses whose authority section contain
			SOA or NS records whose owner names are not equal
			equal to or parents of the query name should be
			rejected. [RT #1862]

1036.	[func]		Silently drop requests received via multicast as
			long as there is no final multicast DNS standard.