318. [func] dns_c_ndcctx_destroy() could never return anything
except ISC_R_SUCCESS; made it have void return instead.
(More importantly, this change also adds a missing NULL initialization)
If trying to validate a key set that happens to be a security root, the
validation should only consist of checking that each key in the key set
is also in the list of security root keys.
Strangeness occurs when the key set is signed, since the key set is marked
as secure, but the sig set is not, since it wasn't used in the validation
process. This means that a query for a key set at a security root will
have the AD bit set if the key set is unsigned and not if the key set is signed.
323. [bug] dns_rbt_findname() did not ignore empty rbt nodes.
Because of this, servers authoritative for a parent
and grandchild zone but not authoritative for the
intervening child zone did not correctly issue
referrals to the servers of the child zone.
Check that zone->view is not NULL before checking that zone->view->adb is not
NULL. It appears that zone maintenance can occur when the zone is shutting
down and the view pointer is NULL. We don't want to do zone maintenance in
this case.
If we're asking for a key and need to call dns_view_findzonecut(), set
the DNS_DB_NOEXACT flag. This means that the resolver will start look for the
key at or above the parent zone, and will return the key set from the parent
zone if key sets are present in both the parent and child.
313. [bug] When parsing resolv.conf, don't terminate on an
error. Instead, parse as much as possible, but
still return an error if one was found.
312. [bug] Increase the number of allowed elements in the
resolv.conf search path from 6 to 8. If there
are more than this, ignore the remainder rather
than returning a failure in lwres_conf_parse.
307. [bug] When canceling a query, the resolver didn't check for
isc_socket_sendto() calls that did not yet have their
completion events posted, so it could (rarely) end up
destroying the query context and then want to use
it again when the send event posted, triggering an
assertion as it tried to cancel an already-canceled
query. (RT #77)
305. [bug] When reloading the server with a config file
containing a syntax error, it could catch an
assertion failure trying to perform zone
maintenance on tentatively created zones whose
views were never fully configured and lacked
an address database.
300. [bug] Using both <isc/net.h> and <lwres/net.h> didn't work
on platforms lacking IPv6 because each included their
own ipv6 header file for the missing definitions. Now
each library's ipv6.h defines the wrapper symbol of
the other (ISC_IPV6_H and LWRES_IPV6_H).
294. [bug] If we run out of space in while processing glue
when reading a master file and commit "current name"
reverts to "name_current" instead of staying as
"name_glue".
by dns_message_parse(), dns_message_findname() failed to find anything due
to checking for attribute bits set only by dns_message_parse(). This caused
an infinite loop when constructing the response to an ANY query at a CNAME
in a secure zone.
broke OMAPI's creation of a dst key from an incoming
message, causing an assertion to be triggered. Fixed.
Also fixed was a problem where a failed call to dns_name_fromtext would
have meant the mutex was not unlocked. This was fixed in the mainline too,
I just forgot to mention it.
A CHANGES entry was not committed because it isn't clear to me how we are
handling things changed on the mainline but not under other release tags.
The bind9_v9_0 CHANGES file is missing #283 and #284 from the mainline.