This release of BIND has some critical security bugs fixed, plus a whole slew of small features and bug fixes. The BOG (Bind Operations Guide) has been changed as well, so it would be worthwhile to print it out and read it even if you don't want a new BIND on your system. We've been through a pretty long alpha test period and this BIND is running in production on some very well known and busy name servers. I invite the public at large to try this version and let me know of any problems. I am not taking any new functionality at this point -- bug fixes and portability changes are the only things I'll be accepting, though bug/nonportability reports are welcome even without accompanying patches. The release is on ftp.uu.net:~ftp/private/bind/bind-4.9.3-BETA1.tar.gz. This is an unreadable directory, so don't try "ls", just "get" the file. Make sure you use "binary" transfer mode or you will receive trash rather than bits. Vital statistics on this file, for those of you who are concerned that it could be tampered with in situ, are as follows: FTP Server: ftp.uu.net Path: /private/bind/bind-4.9.3-BETA1.tar.gz Size: 1048487 bytes BSD checksum: 33928 1024 POSIX checksum: 3056552532 1048487 MD5 checksum: 0af9ea6f3fd1a3beb6d4e9d95d904bd3 The CHANGES file is excerpted below, for those who need to be convinced that this BIND is worth running. The filter for patches will be narrowed after this BIND hits "final", so if you want to have a chance to fix something, do it now or you may have to wait for 4.9.4. Paul Vixie paul@vix.com Ref: encl $Id: CHANGES,v 4.9.1.23 1994/06/03 15:04:29 vixie Exp $ --- 4.9.3-beta1 released --- 107. Apollo systems were dumping core because of a missing #include <resolv.h>. 106. NSAP and NSAP_PTR RR's now recognized by res_debug() (but nothing else). 105. NeXTstep 2.1/3.0 and Pyramid dcosx now nominally supported. 104. res_querydomain() was doing Bad things if given an empty name. --- 4.9.3.a5.p4 published --- 103. named-xfer's exit cause is now syslog()'d more often/clearly (Paul Vixie). 102. I left out a ";" in the new compat/lib/ftruncate.c file (Craig Leres). 101. X25, ISDN, and RT RR support have been added (Michael A. Meiszl). --- 4.9.3.a5.p3 published --- 100. Another glitch (very minor this time) was found and fixed in the QSERIAL logic. This was a performance problem only -- reliability wasn't affected (Bob Heiney). 99. SCO UNIX is now supported, thanks in part to Michael A. Meiszl. 98. I witlessly used a GCC-only feature (automatic aggregate initialization) in a5p2. Kazuhisa Shimizu was the first to report it. --- 4.9.3.a5.p2 published --- 97. NEC EWS4800 EWS-UX/V Rel4.0/Rel4.2 support (from Kazuhisa Shimizu). 96. Some of the security checking logic in the new res/gethnamaddr.c's getanswer() was happening in the wrong order (thanks, Bob Heiney). 95. Minor typo in the man/host.1 man page (caught by Robert Elz). 94. DiG was groping core if given more than 10 tokens in a lookup string (Michael J. Corrigan provided the fix). 93. Queries to INADDR_ANY ("0.0.0.0") come back from the system's primary interface, and res_send() was discarding them. A proper fix would add a lot of code to the resolver, so for now we'll just work around it (Michael J. Corrigan reported this). 92. The "data outside zone" syslog message was misleading (Bob Heiney). --- 4.9.3.a5.p1 published --- 91. res/gethnamaddr.c wouldn't compile on non-BSD systems since it depended on LOG_AUTH which is a post-4.3 feature (Bob Heiney reported this). ****** 4.9.3-alpha5 released ****** 90. redid most of my previous round of prototyping now that i truly understand which variables and parameters should be u_char and which ones should be char. (Vixie) 89. added (optional) prototypes for _getshort() and _getlong(); this means the calls all need casts of their argument since it usually isn't a u_char*. Also prototyped res_query(), res_search, and the nominally private but for some reason not static res_querydomain(). (Vixie) 88. security related: responses from servers we didn't query are now ignored by the resolver; answers with QDCOUNT!=1 are treated as errors; name mismatches in the question or any part of the answer field are syslog()'d and ignored. (Vixie) 87. fixed a bug in the SUNSECURITY stuff. (Vixie) 86. a long standing bug in the name hashing code that caused it to ``hash in'' the case of the name's characters, was found and fixed. (twice.) (Vixie) 85. Bob Heiney did some performance analysis and concluded that samedomain() was soaking down cycles at a rate disproportionate to its usefulness; he reimplemented it in a way that violated the (good,fast,cheap) rule. 84. the RFC1101 implementation of getnetby*() was using case-sensitive string compares. 83. fp_query() will no longer try to format packets larger than PACKETSZ, and for perversity, dig and named are now prepared to handle replies (via TCP) larger than PACKETSZ. new function: __fp_nquery(). (Vixie) 82. multiline initial syslog() is fixed (Bill G). 81. Don Lewis sent in a big update for the lame delegation logic. Vixie fixed one bug. Bryan Beecher had a big hand in this. 80. TCP replies can now be up to 8K in size (don walsh). 79. validation bug fixed (don lewis). 78. BOG patches from mike minnich and others. 77. more lint fixes for Cray (norb brotz). 76. a new hostname(7) man page was contributed by Art Harkin. 75. DESTINC is now a settable Makefile parameter (Marion Hakanson). 74. the zones-not-transferring bug is finally gone. 73. now using LOG_PERROR in openlog(); many parallel dprintf()'s are gone. 72. inability to retrieve serial number via UDP now forces TCP transfer. 71. removing secondary zone files and SIGHUP'ing will now force a transfer. 70. "cache" directives can now specify "/class" as documented in the BOG. 69. Mark Andrews' fix for the ns_forw core dump is in. 68. Keith Bostic fixed some typo's in the man pages. 67. Compiling without NCACHE is possible now (John Hanley). 66. Bill Gianopoulos and Alan Barrett finally agreed on what glue was and Bill's alpha4 patch is mostly gone now, and one new idea was added. 65. BOG improvements (Vixie, Brooks). 64. Mark Andrews' CLEANCACHE (recommended) and RETURNSOA (__NOT__ recommended!) are in. RETURNSOA should not be enabled at this time; there's nothing wrong with the code but it will cause cache corruption in older servers and may not be necessary. The jury is still out. 63. outbound zone transfers are now logged (requested by Ron Johnson). 62. serial number queries sent out for zone transfer purposes will now be limited to a maximum of four (4) simultaneous outstanding; this keeps BIND from overflowing its UDP socket buffer when hundreds of zones must be checked (still trying to fix Paul Pomes' problem). 61. short A RR's in responses will no longer lead to purify errors due to short malloc()'s in savedata() (thanks to Nicholas Briggs for reporting this). ****** 4.9.3-alpha4 released ****** 60. manifest constants used instead of "sizeof({u_,}int{16,32}_t)", for systems which lack 16- and 32-bit integers (paul vixie for norm brotz). 59. zone transfer anti-glue logic made RFC1034-compliant (bill gianopoulos). 58. seg fault in sysquery() (from LAME_DELEGATION) fixed (mark andrews). ****** 4.9.3-alpha3 released ****** 57. a big, hefty patch was made to the negative caching logic (mark andrews). 56. named-xfer will no longer scramble the default origin (alan barrett). 55. random bits of lint found and removed (mario guerra). 54. convexos-10 is now supported (jukka ukkonen). 53. seg fault in database dumps (from VALIDATE) fixed (don lewis). 52. problem with extra bogus 0.0.0.0 A RR's from VALIDATE fixed (mark andrews). 51. the LAME_DELEGATION logic once written into 4.8.3 by don lewis has been substantially reworked and put into 4.9.3-alpha3 (bryan beecher). 50. all instances of "sizeof(HEADER)" were changed to "HFIXEDSZ" to make life easier for the cray. also, "struct HEADER" in include/arpa/nameser.h uses just bit fields now, for portability to 64-bit systems without 16-bit integer types. (norb brotz suggested it; paul vixie did it). 49. build changes for NeXT and AIX systems (artur romao; c. wolfhugel). 48. random sunshlib changes (piete brooks). 47. minor fixes for solaris build (carson gaspar; paul pomes). 48. a few bugs were wrung out of the BOG (per hedeland; vixie). ****** 4.9.3-alpha2 released ****** 47. several obscure Makefile problems were fixed (vixie). 46. there is now a per-primary-NS quota for simultaneous zone transfers; this will cut down on the retry thrashing seen on servers that are secondary for thousands of zones (vixie). 45. a bug introduced by change #23 has been fixed (marten terpstra; apb). 44. the "data outside zone" messages are now consistent (piete brooks; vixie). 43. several #include's were reordered in res/*.c and a few #ifdef's were changed; BIND should now run OK on DGUX (henry miller). 42. several changes to the conf/options.h and Makefile (vixie): -> SVR4 has been added as a top-level Makefile CDEFS option -> SYSV has moved from conf/options.h to the top level Makefile -> INVQ is now an "#ifdef" rather than a "#if" 41. resolver no longer uses initialized static data, which should make shared libraries easier to generate (vixie did it, at the urging of many others). 40. now compiles on Apollo DomainOS (don lewis). ****** 4.9.3-alpha1 released ****** 39. lots of lint found and fixed (craig leres). 38. illegal enum compare fixed in named/ns_stats.c (vixie). 37. missing ')' added in SUNSECURITY section of res/gethnamaddr.c (h miller). ****** 4.9.3-prealpha released ****** 36. bryan beecher's "query" has been promoted to tools/ and renamed "dnsquery". 35. various bugs were fixed in the negative caching (vixie; mark andrews). 34. several debugging and dump output problems were fixed (mark andrews). 33. TXT RR's can now be read from zone files even if they lack quotes; the RFC doesn't say quotes are needed (jim martin). 32. limited support for AIX-3 is now included (christoph wolfhugel). 31. SUNSECURITY is now an obvious default in ./Makefile (p killey; b beecher). 30. VC queries that time out are now GC'd and SERVFAIL'd (mark andrews). 29. HP-UX 9.0's top-level makefile variables have been changed (don lewis). 28. various fixes for tools/host.c (jim martin; mark andrews). 27. syslog messages logged by SUNSECURITY will now include the address of the host that's having problems (david morrison). 26. systems whose connect() calls fail if a socket is already connect()'d will now have their sockets closed and recreated in res_send() (piete brooks; mark andrews; vixie). 25. res_send() will now corrected reset its "connected" variable when the connectedness of a socket changes (mark andrews). 24. SERVFAIL responses will no longer terminate the res_search() inner loop, thus catastrophic problems with early search elements will no longer prevent res_search() from trying later search elements (bryan beecher;vix). 23. non-NS RR's for delegated subzones will no longer be accepted in a zone transfer (alan p barrett). 22. the setting for _PATH_PIDFILE is now overridden by the Makefile (l hume). 21. named.restart.sh now has a smaller path with %DESTSBIN% first therein; this should prevent the vendor version of named from being exec'd by accident (leigh hume). 20. big change: statistics are now kept "per name server" rather than as a single global array. the /var/tmp/named.stats file format has changed quite a bit, so older awk/perl scripts are likely to stop working. 19. big change: every RR now keeps a pointer to a "nameser" struct; this currently permits SIGINT-initiated dumps to include the address of all non-zone data, which will help with tracking down corrupt data. 18. db_load.c was missing two #ifdef/#endif's for CRED (mike minnich). 17. don't aggregate SOA or WKS RR's in the cache (vixie). 16. minor cosmetic changes (vixie). 15. fixed typo in compat/Makefile ("LIBDIR" -> "DESTDIR") (rob davies). 14. fixed spurious "accept: interrupted system calls" (vixie). 13. named will now start as many named-xfer's as it should; previously it lost track of the need for transfers at the beginning of each maint cycle. also, we don't bother asking for an SOA if we know that our zone is out of date. i've changed the transfer metrics so that more transfers can happen concurrently, and maint cycles come more often. (andrew partan; vixie). 12. a number of LOG_ERR and LOG_CRIT syslogs were downgraded to LOG_NOTICE (rob davies; vixie). 11. sequence number checking now treats "zero" as a special case. (craig leres; andrew partan; vixie). 10. MFLAGS no longer used explicitly, since it is often used implicitly (mark andrews; vixie). 9. ADDAUTH is no longer considered experimental (tony stoneley; vixie). 8. several obscure type bugs fixed (don lewis). 7. signal handlers all now preserve errno (don lewis). 6. TTL deprecation made more portable (don lewis). 5. now compiles on Apollo DomainOS and is generally more POSIX-ish (don lewis). 4. bryan beecher's "query" tool has been promoted to tools/ and renamed to dnsquery. minor changes were required in several Makefiles (vixie). 3. "make links" at the top level will now make a higher resolution link tree, which makes porting easier on some systems (ian dickinson). 2. Convex feof() bug now has a workaround (jukka ukkonen). 1. gethostby*() will no longer overwrite its fixed-size array if a host with too many addresses is handled (reported by piete brooks, fixed by vixie).