BIND 4.9.3 BETA1 ready for public testing

[Paul A Vixie <]

This release of BIND has some critical security bugs fixed, plus a whole slew
of small features and bug fixes.  The BOG (Bind Operations Guide) has been
changed as well, so it would be worthwhile to print it out and read it even
if you don't want a new BIND on your system.

We've been through a pretty long alpha test period and this BIND is running
in production on some very well known and busy name servers.  I invite the
public at large to try this version and let me know of any problems.  I am
not taking any new functionality at this point -- bug fixes and portability
changes are the only things I'll be accepting, though bug/nonportability
reports are welcome even without accompanying patches.

The release is on ftp.uu.net:~ftp/private/bind/bind-4.9.3-BETA1.tar.gz.  This
is an unreadable directory, so don't try "ls", just "get" the file.  Make sure
you use "binary" transfer mode or you will receive trash rather than bits.

Vital statistics on this file, for those of you who are concerned that it could
be tampered with in situ, are as follows:

	FTP Server:	ftp.uu.net
	Path:		/private/bind/bind-4.9.3-BETA1.tar.gz
	Size:		1048487 bytes
	BSD checksum:	33928 1024
	POSIX checksum:	3056552532 1048487
	MD5 checksum:	0af9ea6f3fd1a3beb6d4e9d95d904bd3

The CHANGES file is excerpted below, for those who need to be convinced that
this BIND is worth running.  The filter for patches will be narrowed after this
BIND hits "final", so if you want to have a chance to fix something, do it now
or you may have to wait for 4.9.4.

Paul Vixie
paul@localhost

Ref: encl

$Id: CHANGES,v 4.9.1.23 1994/06/03 15:04:29 vixie Exp $

	--- 4.9.3-beta1 released ---

107. Apollo systems were dumping core because of a missing #include <resolv.h>.

106. NSAP and NSAP_PTR RR's now recognized by res_debug() (but nothing else).

105. NeXTstep 2.1/3.0 and Pyramid dcosx now nominally supported.

104. res_querydomain() was doing Bad things if given an empty name.

		--- 4.9.3.a5.p4 published ---

103. named-xfer's exit cause is now syslog()'d more often/clearly (Paul Vixie).

102. I left out a ";" in the new compat/lib/ftruncate.c file (Craig Leres).

101. X25, ISDN, and RT RR support have been added (Michael A. Meiszl).

		--- 4.9.3.a5.p3 published ---

100. Another glitch (very minor this time) was found and fixed in the
     QSERIAL logic.  This was a performance problem only -- reliability
     wasn't affected (Bob Heiney).

99. SCO UNIX is now supported, thanks in part to Michael A. Meiszl.

98. I witlessly used a GCC-only feature (automatic aggregate initialization)
    in a5p2.  Kazuhisa Shimizu was the first to report it.

		--- 4.9.3.a5.p2 published ---

97. NEC EWS4800 EWS-UX/V Rel4.0/Rel4.2 support (from Kazuhisa Shimizu).

96. Some of the security checking logic in the new res/gethnamaddr.c's
    getanswer() was happening in the wrong order (thanks, Bob Heiney).

95. Minor typo in the man/host.1 man page (caught by Robert Elz).

94. DiG was groping core if given more than 10 tokens in a lookup string
    (Michael J. Corrigan provided the fix).

93. Queries to INADDR_ANY ("0.0.0.0") come back from the system's primary
    interface, and res_send() was discarding them.  A proper fix would add
    a lot of code to the resolver, so for now we'll just work around it
    (Michael J. Corrigan reported this).

92. The "data outside zone" syslog message was misleading (Bob Heiney).

		--- 4.9.3.a5.p1 published ---

91. res/gethnamaddr.c wouldn't compile on non-BSD systems since it depended
    on LOG_AUTH which is a post-4.3 feature (Bob Heiney reported this).

	****** 4.9.3-alpha5 released ******

90. redid most of my previous round of prototyping now that i truly 
    understand which variables and parameters should be u_char and which
    ones should be char.  (Vixie)

89. added (optional) prototypes for _getshort() and _getlong(); this means
    the calls all need casts of their argument since it usually isn't a
    u_char*.  Also prototyped res_query(), res_search, and the nominally
    private but for some reason not static res_querydomain().  (Vixie)

88. security related: responses from servers we didn't query are now ignored
    by the resolver; answers with QDCOUNT!=1 are treated as errors; name
    mismatches in the question or any part of the answer field are syslog()'d
    and ignored.  (Vixie)

87. fixed a bug in the SUNSECURITY stuff.  (Vixie)

86. a long standing bug in the name hashing code that caused it to ``hash in''
    the case of the name's characters, was found and fixed.  (twice.) (Vixie)

85. Bob Heiney did some performance analysis and concluded that samedomain()
    was soaking down cycles at a rate disproportionate to its usefulness; he
    reimplemented it in a way that violated the (good,fast,cheap) rule.

84. the RFC1101 implementation of getnetby*() was using case-sensitive
    string compares.

83. fp_query() will no longer try to format packets larger than PACKETSZ,
    and for perversity, dig and named are now prepared to handle replies
    (via TCP) larger than PACKETSZ.  new function: __fp_nquery().  (Vixie)

82. multiline initial syslog() is fixed (Bill G).

81. Don Lewis sent in a big update for the lame delegation logic.  Vixie fixed
    one bug.  Bryan Beecher had a big hand in this.

80. TCP replies can now be up to 8K in size (don walsh).

79. validation bug fixed (don lewis).

78. BOG patches from mike minnich and others.

77. more lint fixes for Cray (norb brotz).

76. a new hostname(7) man page was contributed by Art Harkin.

75. DESTINC is now a settable Makefile parameter (Marion Hakanson).

74. the zones-not-transferring bug is finally gone.

73. now using LOG_PERROR in openlog(); many parallel dprintf()'s are gone.

72. inability to retrieve serial number via UDP now forces TCP transfer.

71. removing secondary zone files and SIGHUP'ing will now force a transfer.

70. "cache" directives can now specify "/class" as documented in the BOG.

69. Mark Andrews' fix for the ns_forw core dump is in.

68. Keith Bostic fixed some typo's in the man pages.

67. Compiling without NCACHE is possible now (John Hanley).

66. Bill Gianopoulos and Alan Barrett finally agreed on what glue was and
    Bill's alpha4 patch is mostly gone now, and one new idea was added.

65. BOG improvements (Vixie, Brooks).

64. Mark Andrews' CLEANCACHE (recommended) and RETURNSOA (__NOT__ recommended!)
    are in.  RETURNSOA should not be enabled at this time; there's nothing
    wrong with the code but it will cause cache corruption in older servers
    and may not be necessary.  The jury is still out.

63. outbound zone transfers are now logged (requested by Ron Johnson).

62. serial number queries sent out for zone transfer purposes will now be
    limited to a maximum of four (4) simultaneous outstanding; this keeps
    BIND from overflowing its UDP socket buffer when hundreds of zones must
    be checked (still trying to fix Paul Pomes' problem).

61. short A RR's in responses will no longer lead to purify errors due to short
    malloc()'s in savedata() (thanks to Nicholas Briggs for reporting this).

	****** 4.9.3-alpha4 released ******

60. manifest constants used instead of "sizeof({u_,}int{16,32}_t)", for
    systems which lack 16- and 32-bit integers (paul vixie for norm brotz).

59. zone transfer anti-glue logic made RFC1034-compliant (bill gianopoulos).

58. seg fault in sysquery() (from LAME_DELEGATION) fixed (mark andrews).

	****** 4.9.3-alpha3 released ******

57. a big, hefty patch was made to the negative caching logic (mark andrews).

56. named-xfer will no longer scramble the default origin (alan barrett).

55. random bits of lint found and removed (mario guerra).

54. convexos-10 is now supported (jukka ukkonen).

53. seg fault in database dumps (from VALIDATE) fixed (don lewis).

52. problem with extra bogus 0.0.0.0 A RR's from VALIDATE fixed (mark andrews).

51. the LAME_DELEGATION logic once written into 4.8.3 by don lewis has
    been substantially reworked and put into 4.9.3-alpha3 (bryan beecher).

50. all instances of "sizeof(HEADER)" were changed to "HFIXEDSZ" to make
    life easier for the cray.  also, "struct HEADER" in include/arpa/nameser.h
    uses just bit fields now, for portability to 64-bit systems without
    16-bit integer types.   (norb brotz suggested it; paul vixie did it).

49. build changes for NeXT and AIX systems (artur romao; c. wolfhugel).

48. random sunshlib changes (piete brooks).

47. minor fixes for solaris build (carson gaspar; paul pomes).

48. a few bugs were wrung out of the BOG (per hedeland; vixie).

	****** 4.9.3-alpha2 released ******

47. several obscure Makefile problems were fixed (vixie).

46. there is now a per-primary-NS quota for simultaneous zone transfers; this
    will cut down on the retry thrashing seen on servers that are secondary for
    thousands of zones (vixie).

45. a bug introduced by change #23 has been fixed (marten terpstra; apb).

44. the "data outside zone" messages are now consistent (piete brooks; vixie).

43. several #include's were reordered in res/*.c and a few #ifdef's were
    changed; BIND should now run OK on DGUX (henry miller).

42. several changes to the conf/options.h and Makefile (vixie):
    -> SVR4 has been added as a top-level Makefile CDEFS option
    -> SYSV has moved from conf/options.h to the top level Makefile
    -> INVQ is now an "#ifdef" rather than a "#if"

41. resolver no longer uses initialized static data, which should make shared
    libraries easier to generate (vixie did it, at the urging of many others).

40. now compiles on Apollo DomainOS (don lewis).

	****** 4.9.3-alpha1 released ******

39. lots of lint found and fixed (craig leres).

38. illegal enum compare fixed in named/ns_stats.c (vixie).

37. missing ')' added in SUNSECURITY section of res/gethnamaddr.c (h miller).

	****** 4.9.3-prealpha released ******

36. bryan beecher's "query" has been promoted to tools/ and renamed "dnsquery".

35. various bugs were fixed in the negative caching (vixie; mark andrews).

34. several debugging and dump output problems were fixed (mark andrews).

33. TXT RR's can now be read from zone files even if they lack quotes;
    the RFC doesn't say quotes are needed (jim martin).

32. limited support for AIX-3 is now included (christoph wolfhugel).

31. SUNSECURITY is now an obvious default in ./Makefile (p killey; b beecher).

30. VC queries that time out are now GC'd and SERVFAIL'd (mark andrews).

29. HP-UX 9.0's top-level makefile variables have been changed (don lewis).

28. various fixes for tools/host.c (jim martin; mark andrews).

27. syslog messages logged by SUNSECURITY will now include the address of
    the host that's having problems (david morrison).

26. systems whose connect() calls fail if a socket is already connect()'d
    will now have their sockets closed and recreated in res_send() (piete
    brooks; mark andrews; vixie).

25. res_send() will now corrected reset its "connected" variable when the
    connectedness of a socket changes (mark andrews).

24. SERVFAIL responses will no longer terminate the res_search() inner loop,
    thus catastrophic problems with early search elements will no longer
    prevent res_search() from trying later search elements (bryan beecher;vix).

23. non-NS RR's for delegated subzones will no longer be accepted in a zone
    transfer (alan p barrett).

22. the setting for _PATH_PIDFILE is now overridden by the Makefile (l hume).

21. named.restart.sh now has a smaller path with %DESTSBIN% first therein;
    this should prevent the vendor version of named from being exec'd by
    accident (leigh hume).

20. big change: statistics are now kept "per name server" rather than as
    a single global array.  the /var/tmp/named.stats file format has changed
    quite a bit, so older awk/perl scripts are likely to stop working.

19. big change: every RR now keeps a pointer to a "nameser" struct; this
    currently permits SIGINT-initiated dumps to include the address of all
    non-zone data, which will help with tracking down corrupt data.

18. db_load.c was missing two #ifdef/#endif's for CRED (mike minnich).

17. don't aggregate SOA or WKS RR's in the cache (vixie).

16. minor cosmetic changes (vixie).

15. fixed typo in compat/Makefile ("LIBDIR" -> "DESTDIR") (rob davies).

14. fixed spurious "accept: interrupted system calls" (vixie).

13. named will now start as many named-xfer's as it should; previously it
    lost track of the need for transfers at the beginning of each maint
    cycle.  also, we don't bother asking for an SOA if we know that our
    zone is out of date.  i've changed the transfer metrics so that more
    transfers can happen concurrently, and maint cycles come more often.
    (andrew partan; vixie).

12. a number of LOG_ERR and LOG_CRIT syslogs were downgraded to LOG_NOTICE
    (rob davies; vixie).

11. sequence number checking now treats "zero" as a special case.
    (craig leres; andrew partan; vixie).

10. MFLAGS no longer used explicitly, since it is often used implicitly
    (mark andrews; vixie).

9. ADDAUTH is no longer considered experimental (tony stoneley; vixie).

8. several obscure type bugs fixed (don lewis).

7. signal handlers all now preserve errno (don lewis).

6. TTL deprecation made more portable (don lewis).

5. now compiles on Apollo DomainOS and is generally more POSIX-ish (don lewis).

4. bryan beecher's "query" tool has been promoted to tools/ and renamed to
   dnsquery.  minor changes were required in several Makefiles (vixie).

3. "make links" at the top level will now make a higher resolution link tree,
   which makes porting easier on some systems (ian dickinson).

2. Convex feof() bug now has a workaround (jukka ukkonen).

1. gethostby*() will no longer overwrite its fixed-size array if a host with
   too many addresses is handled (reported by piete brooks, fixed by vixie).