From paul at vix.com Fri Jun 3 17:39:50 1994 From: paul at vix.com (Paul A Vixie) Date: Fri, 03 Jun 1994 08:39:50 -0700 Subject: BIND 4.9.3 BETA1 ready for public testing Message-ID: <9406031539.AA17145@gw.home.vix.com> This release of BIND has some critical security bugs fixed, plus a whole slew of small features and bug fixes. The BOG (Bind Operations Guide) has been changed as well, so it would be worthwhile to print it out and read it even if you don't want a new BIND on your system. We've been through a pretty long alpha test period and this BIND is running in production on some very well known and busy name servers. I invite the public at large to try this version and let me know of any problems. I am not taking any new functionality at this point -- bug fixes and portability changes are the only things I'll be accepting, though bug/nonportability reports are welcome even without accompanying patches. The release is on ftp.uu.net:~ftp/private/bind/bind-4.9.3-BETA1.tar.gz. This is an unreadable directory, so don't try "ls", just "get" the file. Make sure you use "binary" transfer mode or you will receive trash rather than bits. Vital statistics on this file, for those of you who are concerned that it could be tampered with in situ, are as follows: FTP Server: ftp.uu.net Path: /private/bind/bind-4.9.3-BETA1.tar.gz Size: 1048487 bytes BSD checksum: 33928 1024 POSIX checksum: 3056552532 1048487 MD5 checksum: 0af9ea6f3fd1a3beb6d4e9d95d904bd3 The CHANGES file is excerpted below, for those who need to be convinced that this BIND is worth running. The filter for patches will be narrowed after this BIND hits "final", so if you want to have a chance to fix something, do it now or you may have to wait for 4.9.4. Paul Vixie paul at vix.com Ref: encl $Id: CHANGES,v 4.9.1.23 1994/06/03 15:04:29 vixie Exp $ --- 4.9.3-beta1 released --- 107. Apollo systems were dumping core because of a missing #include . 106. NSAP and NSAP_PTR RR's now recognized by res_debug() (but nothing else). 105. NeXTstep 2.1/3.0 and Pyramid dcosx now nominally supported. 104. res_querydomain() was doing Bad things if given an empty name. --- 4.9.3.a5.p4 published --- 103. named-xfer's exit cause is now syslog()'d more often/clearly (Paul Vixie). 102. I left out a ";" in the new compat/lib/ftruncate.c file (Craig Leres). 101. X25, ISDN, and RT RR support have been added (Michael A. Meiszl). --- 4.9.3.a5.p3 published --- 100. Another glitch (very minor this time) was found and fixed in the QSERIAL logic. This was a performance problem only -- reliability wasn't affected (Bob Heiney). 99. SCO UNIX is now supported, thanks in part to Michael A. Meiszl. 98. I witlessly used a GCC-only feature (automatic aggregate initialization) in a5p2. Kazuhisa Shimizu was the first to report it. --- 4.9.3.a5.p2 published --- 97. NEC EWS4800 EWS-UX/V Rel4.0/Rel4.2 support (from Kazuhisa Shimizu). 96. Some of the security checking logic in the new res/gethnamaddr.c's getanswer() was happening in the wrong order (thanks, Bob Heiney). 95. Minor typo in the man/host.1 man page (caught by Robert Elz). 94. DiG was groping core if given more than 10 tokens in a lookup string (Michael J. Corrigan provided the fix). 93. Queries to INADDR_ANY ("0.0.0.0") come back from the system's primary interface, and res_send() was discarding them. A proper fix would add a lot of code to the resolver, so for now we'll just work around it (Michael J. Corrigan reported this). 92. The "data outside zone" syslog message was misleading (Bob Heiney). --- 4.9.3.a5.p1 published --- 91. res/gethnamaddr.c wouldn't compile on non-BSD systems since it depended on LOG_AUTH which is a post-4.3 feature (Bob Heiney reported this). ****** 4.9.3-alpha5 released ****** 90. redid most of my previous round of prototyping now that i truly understand which variables and parameters should be u_char and which ones should be char. (Vixie) 89. added (optional) prototypes for _getshort() and _getlong(); this means the calls all need casts of their argument since it usually isn't a u_char*. Also prototyped res_query(), res_search, and the nominally private but for some reason not static res_querydomain(). (Vixie) 88. security related: responses from servers we didn't query are now ignored by the resolver; answers with QDCOUNT!=1 are treated as errors; name mismatches in the question or any part of the answer field are syslog()'d and ignored. (Vixie) 87. fixed a bug in the SUNSECURITY stuff. (Vixie) 86. a long standing bug in the name hashing code that caused it to ``hash in'' the case of the name's characters, was found and fixed. (twice.) (Vixie) 85. Bob Heiney did some performance analysis and concluded that samedomain() was soaking down cycles at a rate disproportionate to its usefulness; he reimplemented it in a way that violated the (good,fast,cheap) rule. 84. the RFC1101 implementation of getnetby*() was using case-sensitive string compares. 83. fp_query() will no longer try to format packets larger than PACKETSZ, and for perversity, dig and named are now prepared to handle replies (via TCP) larger than PACKETSZ. new function: __fp_nquery(). (Vixie) 82. multiline initial syslog() is fixed (Bill G). 81. Don Lewis sent in a big update for the lame delegation logic. Vixie fixed one bug. Bryan Beecher had a big hand in this. 80. TCP replies can now be up to 8K in size (don walsh). 79. validation bug fixed (don lewis). 78. BOG patches from mike minnich and others. 77. more lint fixes for Cray (norb brotz). 76. a new hostname(7) man page was contributed by Art Harkin. 75. DESTINC is now a settable Makefile parameter (Marion Hakanson). 74. the zones-not-transferring bug is finally gone. 73. now using LOG_PERROR in openlog(); many parallel dprintf()'s are gone. 72. inability to retrieve serial number via UDP now forces TCP transfer. 71. removing secondary zone files and SIGHUP'ing will now force a transfer. 70. "cache" directives can now specify "/class" as documented in the BOG. 69. Mark Andrews' fix for the ns_forw core dump is in. 68. Keith Bostic fixed some typo's in the man pages. 67. Compiling without NCACHE is possible now (John Hanley). 66. Bill Gianopoulos and Alan Barrett finally agreed on what glue was and Bill's alpha4 patch is mostly gone now, and one new idea was added. 65. BOG improvements (Vixie, Brooks). 64. Mark Andrews' CLEANCACHE (recommended) and RETURNSOA (__NOT__ recommended!) are in. RETURNSOA should not be enabled at this time; there's nothing wrong with the code but it will cause cache corruption in older servers and may not be necessary. The jury is still out. 63. outbound zone transfers are now logged (requested by Ron Johnson). 62. serial number queries sent out for zone transfer purposes will now be limited to a maximum of four (4) simultaneous outstanding; this keeps BIND from overflowing its UDP socket buffer when hundreds of zones must be checked (still trying to fix Paul Pomes' problem). 61. short A RR's in responses will no longer lead to purify errors due to short malloc()'s in savedata() (thanks to Nicholas Briggs for reporting this). ****** 4.9.3-alpha4 released ****** 60. manifest constants used instead of "sizeof({u_,}int{16,32}_t)", for systems which lack 16- and 32-bit integers (paul vixie for norm brotz). 59. zone transfer anti-glue logic made RFC1034-compliant (bill gianopoulos). 58. seg fault in sysquery() (from LAME_DELEGATION) fixed (mark andrews). ****** 4.9.3-alpha3 released ****** 57. a big, hefty patch was made to the negative caching logic (mark andrews). 56. named-xfer will no longer scramble the default origin (alan barrett). 55. random bits of lint found and removed (mario guerra). 54. convexos-10 is now supported (jukka ukkonen). 53. seg fault in database dumps (from VALIDATE) fixed (don lewis). 52. problem with extra bogus 0.0.0.0 A RR's from VALIDATE fixed (mark andrews). 51. the LAME_DELEGATION logic once written into 4.8.3 by don lewis has been substantially reworked and put into 4.9.3-alpha3 (bryan beecher). 50. all instances of "sizeof(HEADER)" were changed to "HFIXEDSZ" to make life easier for the cray. also, "struct HEADER" in include/arpa/nameser.h uses just bit fields now, for portability to 64-bit systems without 16-bit integer types. (norb brotz suggested it; paul vixie did it). 49. build changes for NeXT and AIX systems (artur romao; c. wolfhugel). 48. random sunshlib changes (piete brooks). 47. minor fixes for solaris build (carson gaspar; paul pomes). 48. a few bugs were wrung out of the BOG (per hedeland; vixie). ****** 4.9.3-alpha2 released ****** 47. several obscure Makefile problems were fixed (vixie). 46. there is now a per-primary-NS quota for simultaneous zone transfers; this will cut down on the retry thrashing seen on servers that are secondary for thousands of zones (vixie). 45. a bug introduced by change #23 has been fixed (marten terpstra; apb). 44. the "data outside zone" messages are now consistent (piete brooks; vixie). 43. several #include's were reordered in res/*.c and a few #ifdef's were changed; BIND should now run OK on DGUX (henry miller). 42. several changes to the conf/options.h and Makefile (vixie): -> SVR4 has been added as a top-level Makefile CDEFS option -> SYSV has moved from conf/options.h to the top level Makefile -> INVQ is now an "#ifdef" rather than a "#if" 41. resolver no longer uses initialized static data, which should make shared libraries easier to generate (vixie did it, at the urging of many others). 40. now compiles on Apollo DomainOS (don lewis). ****** 4.9.3-alpha1 released ****** 39. lots of lint found and fixed (craig leres). 38. illegal enum compare fixed in named/ns_stats.c (vixie). 37. missing ')' added in SUNSECURITY section of res/gethnamaddr.c (h miller). ****** 4.9.3-prealpha released ****** 36. bryan beecher's "query" has been promoted to tools/ and renamed "dnsquery". 35. various bugs were fixed in the negative caching (vixie; mark andrews). 34. several debugging and dump output problems were fixed (mark andrews). 33. TXT RR's can now be read from zone files even if they lack quotes; the RFC doesn't say quotes are needed (jim martin). 32. limited support for AIX-3 is now included (christoph wolfhugel). 31. SUNSECURITY is now an obvious default in ./Makefile (p killey; b beecher). 30. VC queries that time out are now GC'd and SERVFAIL'd (mark andrews). 29. HP-UX 9.0's top-level makefile variables have been changed (don lewis). 28. various fixes for tools/host.c (jim martin; mark andrews). 27. syslog messages logged by SUNSECURITY will now include the address of the host that's having problems (david morrison). 26. systems whose connect() calls fail if a socket is already connect()'d will now have their sockets closed and recreated in res_send() (piete brooks; mark andrews; vixie). 25. res_send() will now corrected reset its "connected" variable when the connectedness of a socket changes (mark andrews). 24. SERVFAIL responses will no longer terminate the res_search() inner loop, thus catastrophic problems with early search elements will no longer prevent res_search() from trying later search elements (bryan beecher;vix). 23. non-NS RR's for delegated subzones will no longer be accepted in a zone transfer (alan p barrett). 22. the setting for _PATH_PIDFILE is now overridden by the Makefile (l hume). 21. named.restart.sh now has a smaller path with %DESTSBIN% first therein; this should prevent the vendor version of named from being exec'd by accident (leigh hume). 20. big change: statistics are now kept "per name server" rather than as a single global array. the /var/tmp/named.stats file format has changed quite a bit, so older awk/perl scripts are likely to stop working. 19. big change: every RR now keeps a pointer to a "nameser" struct; this currently permits SIGINT-initiated dumps to include the address of all non-zone data, which will help with tracking down corrupt data. 18. db_load.c was missing two #ifdef/#endif's for CRED (mike minnich). 17. don't aggregate SOA or WKS RR's in the cache (vixie). 16. minor cosmetic changes (vixie). 15. fixed typo in compat/Makefile ("LIBDIR" -> "DESTDIR") (rob davies). 14. fixed spurious "accept: interrupted system calls" (vixie). 13. named will now start as many named-xfer's as it should; previously it lost track of the need for transfers at the beginning of each maint cycle. also, we don't bother asking for an SOA if we know that our zone is out of date. i've changed the transfer metrics so that more transfers can happen concurrently, and maint cycles come more often. (andrew partan; vixie). 12. a number of LOG_ERR and LOG_CRIT syslogs were downgraded to LOG_NOTICE (rob davies; vixie). 11. sequence number checking now treats "zero" as a special case. (craig leres; andrew partan; vixie). 10. MFLAGS no longer used explicitly, since it is often used implicitly (mark andrews; vixie). 9. ADDAUTH is no longer considered experimental (tony stoneley; vixie). 8. several obscure type bugs fixed (don lewis). 7. signal handlers all now preserve errno (don lewis). 6. TTL deprecation made more portable (don lewis). 5. now compiles on Apollo DomainOS and is generally more POSIX-ish (don lewis). 4. bryan beecher's "query" tool has been promoted to tools/ and renamed to dnsquery. minor changes were required in several Makefiles (vixie). 3. "make links" at the top level will now make a higher resolution link tree, which makes porting easier on some systems (ian dickinson). 2. Convex feof() bug now has a workaround (jukka ukkonen). 1. gethostby*() will no longer overwrite its fixed-size array if a host with too many addresses is handled (reported by piete brooks, fixed by vixie). From rv at deins.Informatik.Uni-Dortmund.DE Tue Jun 7 20:40:52 1994 From: rv at deins.Informatik.Uni-Dortmund.DE (Ruediger Volk) Date: Tue, 07 Jun 1994 20:40:52 +0200 Subject: BIND 4.9.3 BETA1 ready for public testing Message-ID: <12755.771014452@deins.Informatik.Uni-Dortmund.DE> Francis forwarded today Paul Vixie's announcement of the BETA1 version of BIND 4.9.3. Please note that BIND 4.9.3 is progressing at a quite fast - but always unpredictable - rate. So Paul already published and announced the BETA2 version yesterday (and the BETA1 version thus disappeared). Here are Paul's notes about changes: > Beta1->Beta2 changes are short but important. No diffs are available. You > should grab the whole new tarball and make sure you like the way it works -- > we're very close to a Final release on this version. The only outstanding > bug is that ULTRIX/VAX machines have a "multiply defined" error in linking; > given that it works fine on ULTRIX/RISC, OSF/1, BSD/386, and SunOS, I don't > think there's much cause for alarm. The README file has been updated since > Beta1, as well. and the change log tells: > --- 4.9.3-beta2 released --- > > 120. I upgraded my "-me" macros so that the included doc/bog/file.psf is OK. > > 119. NXDOMAIN responses from the negative cache will now always be > authoritative. this is the least of all evils, trust me. > > 118. strcasecmp() in compat/lib is now ANSI compliant. > > 117. PTR RR's are no longer subject to ROUND_ROBIN processing. > > 116. writev() emulation for SCO had a bug. > > 115. the resolver no longer calls sscanf() or qsort(). > > 114. minor debugging nit cleaned up in res_querydomain(). > > 113. IP options on incoming connections are now logged and ignored. This > should probably be done for datagrams as well but not today. > > 112. tree.c made portable to non-POSIX/ANSI systems. > > 111. NSAP RR's are now supported. NSAP_PTR RR's are deprecated and so left out. > > 110. outbound zone transfers are now logged. > > 109. various lint cleaned up wrt 16-bit integer handling. > > 108. named-xfer was exiting bogusly on some systems due to flakey kernel > interfaces. i've rewritten some of the code to avoid the problem, > and fixed plenty of lint in the process. > > --- 4.9.3-beta1 released --- A few new errors (mainly portability related) in BETA2 have been reported already yesterday, so BETA2 is unlikely to become declared FINAL for 4.9.3. Paul posts the BIND announcements to the general BIND distribution list ; I'd expect everybody who is interested in installing very new BIND software (as opposed to "just run the currently established most recent good version") is a subscriber of bind at uunet.uu.net and will see the announcements that way; those interested in testing and pushing the very newest versions (eventually including experimental versions that really require some effort to watch what they are doing) anyway need to be on the BIND workers' list. Ruediger Ruediger Volk Universitaet Dortmund, Informatik IRB D-44221 Dortmund, Germany E-Mail: rv at Informatik.Uni-Dortmund.DE Phone: +49 231 755 4760 Fax: +49 231 755 2386 From Francis.Dupont at inria.fr Wed Jun 22 14:28:49 1994 From: Francis.Dupont at inria.fr (Francis Dupont) Date: Wed, 22 Jun 1994 14:28:49 +0200 Subject: BIND 4.9.3 documents Message-ID: <199406221228.OAA00871@givry.inria.fr> Some documents from BIND 4.9.3 beta3 distrib are available by anonymous FTP on ftp.ripe.net in the tools/dns/bind-4.9.3-docs directory: - bog.ps.Z (BIND Operation Guide) - purdue-paper.ps.Z "Countering Abuse of Name-Based Authentication" Regards Francis.Dupont at inria.fr