Changelog

Note

The following list contains detailed information about BIND9’s development. Regular users should refer to Release Notes for changes relevant to them.

BIND 9.21.2

New Features

  • Log query response status to the query log. a4b9625196d

    Log a query response summary using the new category responses. Logging can be controlled by the option responselog and rndc responselog. [GL #459] [GL !9449]

  • Added WALLET type. d0d4c6dae72

    Add the new record type WALLET (262). This provides a mapping from a domain name to a cryptographic currency wallet. Multiple mappings can exist if multiple records exist. [GL #4947] [GL !9521]

  • Support ISO timestamps with timezone information. e618cdddf8f

    The configuration option print-time can now be set to iso8601-tzinfo in order to use the ISO 8601 timestamp with timezone information when logging. This is used as a default for named -g. [GL #4963] [GL !9563]

  • Add flag to named-checkconf to ignore “not configured” errors. 0d2482c62e9

    named-checkconf now takes “-n” to ignore “not configured” errors. This allows named-checkconf to check the syntax of configurations from other builds which have support for more options. [GL !9446]

  • Implement the ForwardOnlyFail statistics channel counter. 3efa17ee014

    The new ForwardOnlyFail statistics channel counter indicates the number of queries failed due to bad forwarders for ‘forward only’ zones.

    Related to #1793 [GL !9498]

Removed Features

  • Remove “port” from source address options. dc3578ee84c

    Remove the use of “port” when configuring query-source(-v6), transfer- source(-v6), notify-source(-v6), parental-source(-v6), etc. Remove the use of source ports for parental-agents.

    Also remove the deprecated options use-{v4,v6}-udp-ports and avoid-{v4,v6}udp-ports. [GL #3843] [GL !9469]

  • Remove DNSRPS implementation from the open-source version. 20024a28c01

    DNSRPS was the API for a commercial implementation of Response-Policy Zones that was supposedly better. However, it was never open-sourced and has only ever been available from a single vendor. This goes against the principle that the open-source edition of BIND 9 should contain only features that are generally available and universal.

    This commit removes the DNSRPS implementation from BIND 9. It may be reinstated in the subscription edition if there’s enough interest from customers, but it would have to be rewritten as a plugin (hook) instead of hard-wiring it again in so many places. [GL !9358]

  • Remove unused function dns_zonemgr_resumexfrs() 4d759a251b9

    [GL !9565]

Feature Changes

  • Set logging category for notify/xfer-in related messages. 796f8861735

    Some ‘notify’ and ‘xfer-in’ related log messages were logged at the ‘general’ category instead of their own category. This has been fixed. [GL #2730] [GL !9451]

  • Restore the number of threadpool threads back to original value. 28badd8ed48

    The issue of long-running operations potentially blocking query resolution has been fixed. Revert this temporary workaround and restore the number of threadpool threads. [GL #4898] [GL !9530]

  • Allow IXFR-to-AXFR fallback on DNS_R_TOOMANYRECORDS. b343484ddb6

    This change allows fallback from an IXFR failure to AXFR when the reason is DNS_R_TOOMANYRECORDS. This is because this error condition could be temporary only in an intermediate version of IXFR transactions and it’s possible that the latest version of the zone doesn’t have that condition. In such a case, the secondary would never be able to update the zone (even if it could) without this fallback.

    This fallback behavior is particularly useful with the recently introduced max-records-per-type and max-types-per-name options: the primary may not have these limitations and may temporarily introduce “too many” records, breaking IXFR. If the primary side subsequently deletes these records, this fallback will help recover the zone transfer failure automatically; without it, the secondary side would first need to increase the limit, which requires more operational overhead and has its own adverse effect. [GL #4928] [GL !9333]

  • Remove statslock from dnssec-signzone. f466e32fdb1

    Silence Coverity CID 468757 and 468767 (DATA RACE read not locked) by converting dnssec-signzone to use atomics for statistics counters rather than using a lock. [GL #4939] [GL !9496]

  • Honour the Control Group memory contraints on Linux. f48b86871f4

    On Linux, the system administrator can use Control Group cgroup mechanism to limit the amount of available memory to the process. This limit will be honoured when calculating the percentage-based values. [GL !9556]

  • Use libuv functions to get memory available to BIND 9. aed7f552d54

    This change uses uv_get_available_memory() if available with fallback to uv_get_constrained_memory() with fallback to uv_get_total_memory(). [GL !9527]

  • Use release memory ordering when incrementing reference counter. b1be0145a5a

    As the relaxed memory ordering doesn’t ensure any memory synchronization, it is possible that the increment will succeed even in the case when it should not - there is a race between atomic_fetch_sub(…, acq_rel) and atomic_fetch_add(…, relaxed). Only the result is consistent, but the previous value for both calls could be same when both calls are executed at the same time. [GL !9460]

  • Use uv_available_parallelism() if available. 59e85a022da

    Instead of cooking up our own code for getting the number of available CPUs for named to use, make use of uv_available_parallelism() from libuv >= 1.44.0. [GL !9524]

Bug Fixes

  • Fix a statistics channel counter bug when ‘forward only’ zones are used. b82957376dc

    When resolving a zone with a ‘forward only’ policy, and finding out that all the forwarders are marked as “bad”, the ‘ServerQuota’ counter of the statistics channel was incorrectly increased. This has been fixed. [GL #1793] [GL !9493]

  • Fix a bug in the static-stub implementation. 3304e1dc769

    Static-stub addresses and addresses from other sources were being mixed together, resulting in static-stub queries going to addresses not specified in the configuration, or alternatively, static-stub addresses being used instead of the correct server addresses. [GL #4850] [GL !9314]

  • Don’t allow statistics-channel if libxml2 and libjson-c are unsupported. 0d4accd07f4

    When the libxml2 and libjson-c libraries are not supported, the statistics channel can’t return anything useful, so it is now disabled. Use of statistics-channel in named.conf is a fatal error. [GL #4895] [GL !9423]

  • Separate DNSSEC validation from the long-running tasks. 23b2ce56e5d

    As part of the KeyTrap [CVE-2023-50387] mitigation, the DNSSEC CPU- intensive operations were offloaded to a separate threadpool that we use to run other tasks that could affect the networking latency.

    If that threadpool is running some long-running tasks like RPZ, catalog zone processing, or zone file operations, it would delay DNSSEC validations to a point where the resolving signed DNS records would fail.

    Split the CPU-intensive and long-running tasks into separate threadpools in a way that the long-running tasks don’t block the CPU- intensive operations. [GL #4898] [GL !9473]

  • Fix assertion failure when processing access control lists. 6bb4070685c

    The named process could terminate unexpectedly when processing ACL. This has been fixed. [GL #4908] [GL !9458]

  • Fix bug in Offline KSK that is using ZSK with unlimited lifetime. 3e11c4a8733

    If the ZSK has unlimited lifetime, the timing metadata “Inactive” and “Delete” cannot be found and is treated as an error, preventing the zone to be signed. This has been fixed. [GL #4914] [GL !9447]

  • Fix data race in offloaded dns_message_checksig() 3808567de1a

    When verifying a message in an offloaded thread there is a race with the worker thread which writes to the same buffer. Clone the message buffer before offloading. [GL #4929] [GL !9481]

  • Limit the outgoing UDP send queue size. 3b26732781c

    If the operating system UDP queue gets full and the outgoing UDP sending starts to be delayed, BIND 9 could exhibit memory spikes as it tries to enqueue all the outgoing UDP messages. Try a bit harder to deliver the outgoing UDP messages synchronously and if that fails, drop the outgoing DNS message that would get queued up and then timeout on the client side. [GL #4930] [GL !9506]

  • Do not set SO_INCOMING_CPU. f93934dea76

    We currently set SO_INCOMING_CPU incorrectly, and testing by Ondrej shows that fixing the issue by setting affinities is worse than letting the kernel schedule threads without constraints. So we should not set SO_INCOMING_CPU anymore. [GL #4936] [GL !9497]

  • Fix the ‘rndc dumpdb’ command’s error reporting. 4498c0216f1

    The ‘rndc dumpdb’ command wasn’t reporting errors which occurred when starting up the database dump process by named, like, for example, a permission denied error for the ‘dump-file’ file. This has been fixed. Note, however, that ‘rndc dumpdb’ performs asynchronous writes, so errors can also occur during the dumping process, which will not be reported back to ‘rndc’, but which will still be logged by named. [GL #4944] [GL !9547]

  • Fix long-running incoming transfers. f0accc8f617

    Incoming transfers that took longer than 30 seconds would stop reading from the TCP stream and the incoming transfer would be indefinitely stuck causing BIND 9 to hang during shutdown.

    This has been fixed and the max-transfer-time-in and max-transfer- idle-in timeouts are now honoured. [GL #4949] [GL !9531]

  • Fix assertion failure when receiving DNS responses over TCP. fe305f96c9c

    When matching the received Query ID in the TCP connection, an invalid received Query ID can very rarely cause assertion failure. [GL #4952] [GL !9580]

  • Null clausedefs for ancient options. 474398a5a99

    This commit nulls all type fields for the clausedef lists that are declared ancient, and removes the corresponding cfg_type_t and parsing functions when they are found to be unused after the change.

    Among others, it removes some leftovers from #1913. [GL #4962] [GL !9552]

  • Don’t ignore the local port number in dns_dispatch_add() for TCP. 41f4c620c2e

    The dns_dispatch_add() function registers the ‘resp’ entry in ‘disp->mgr->qids’ hash table with ‘resp->port’ being 0, but in tcp_recv_success(), when looking up an entry in the hash table after a successfully received data the port is used, so if the local port was set (i.e. it was not 0) it fails to find the entry and results in an unexpected error.

    Set the ‘resp->port’ to the given local port value extracted from ‘disp->local’. [GL #4969] [GL !9576]

  • Add a missing rcu_read_unlock() call on exit path. d7d1804f16e

    An exit path in the dns_dispatch_add() function fails to get out of the RCU critical section when returning early. Add the missing rcu_read_unlock() call. [GL !9561]

  • Clean up DNSRPS. 4187ef28e2c

    Addressed several build and test errors when DNSRPS is enabled. [GL !9374]

  • Don’t enable REUSEADDR on outgoing UDP sockets. 27c4d7ef6d9

    The outgoing UDP sockets enabled SO_REUSEADDR that allows sharing of the UDP sockets, but with one big caveat - the socket that was opened the last would get all traffic. The dispatch code would ignore the invalid responses in the dns_dispatch, but this could lead to unexpected results. [GL !9569]

BIND 9.21.1

New Features

  • Support for Offline KSK implemented. bfa206beecc

    Add a new configuration option offline-ksk to enable Offline KSK key management. Signed Key Response (SKR) files created with dnssec-ksr (or other program) can now be imported into named with the new rndc skr -import command. Rather than creating new DNSKEY, CDS and CDNSKEY records and generating signatures covering these types, these records are loaded from the currently active bundle from the imported SKR.

    The implementation is loosely based on: https://www.iana.org/dnssec/archive/files/draft-icann-dnssec- keymgmt-01.txt [GL #1128] [GL !9119]

  • Implement the ‘request-ixfr-max-diffs’ configuration option. 99b18bab7e1

    The new ‘request-ixfr-max-diffs’ configuration option sets the maximum number of incoming incremental zone transfer (IXFR) differences, exceeding which triggers a full zone transfer (AXFR). [GL #4389] [GL !9094]

  • Print the full path of the working directory in startup log messages. cf53eac46e9

    named now prints its initial working directory during startup and the changed working directory when loading or reloading its configuration file if it has a valid ‘directory’ option defined. [GL #4731] [GL !9362]

  • Support restricted key tag range when generating new keys. d40b722d462

    It is useful when multiple signers are being used to sign a zone to able to specify a restricted range of range of key tags that will be used by an operator to sign the zone. This adds controls to named (dnssec-policy), dnssec-signzone, dnssec-keyfromlabel and dnssec-ksr (dnssec-policy) to specify such ranges. [GL #4830] [GL !9258]

Removed Features

  • Remove the ‘dialup’ and ‘heartbeat-interval’ options. a133a33b650

    The dialup and heartbeat-interval options have been removed, along with all code implementing them. Using these options is now a fatal error. [GL #4237] [GL !8160]

  • Remove outdated perllib integration. f73a19bb3e9

    The code in conftools/ directory hasn’t been touched since 2000. Nobody knows what it does and nobody even knows how to build it or test it. Just remove the whole directory. [GL !9302]

Feature Changes

  • Use deterministic ecdsa for openssl >= 3.2. 069c6c22654

    OpenSSL has added support for deterministic ECDSA (RFC 6979) with version 3.2.

    Use it by default as it removes arguably its most fragile side of ECDSA. The derandomization doesn’t pose a risk for DNS usecases and is allowed by FIPS 186-5. [GL #299] [GL !9128]

  • Exempt prefetches from the fetches-per-zone and fetches-per-server quotas. 4cd73e2536c

    Fetches generated automatically as a result of ‘prefetch’ are now exempt from the ‘fetches-per-zone’ and ‘fetches-per-server’ quotas. This should help in maintaining the cache from which query responses can be given. [GL #4219] [GL !9095]

  • Restore the ability to select individual unit tests. 2299aba5c20

    This add the command line arguments: -d (debug), -l (list tests) and -t test (run this test) to the unit tests, e.g.:

    % ./rdata_test -t zonemd
    [==========] selected:
    Running 1 test(s).
    [ RUN      ] zonemd
    [       OK ] zonemd
    [==========] selected: 1 test(s) run.
    [  PASSED  ] 1 test(s).
    %
    

    [GL #4579] [GL !9384]

  • Process also the ISC_R_CANCELED result code in rpz_rewrite() d0d6ad0c52e

    Log canceled resolver queries (e.g. when shutting down a hung fetch) in DEBUG3 level instead of DEBUG1 which is used for the “unrecognized” result codes. [GL #4797] [GL !9148]

  • Use single logging context for everything. aa408051d6c

    Instead of juggling different logging context, use one single logging context that gets initialized in the libisc constructor and destroyed in the libisc destructor. [GL #4848] [GL !9301]

  • Remove code to read and parse /proc/net/if_inet6 on Linux. 8071384324b

    The getifaddr() works fine for years, so we don’t have to keep the callback to parse /proc/net/if_inet6 anymore. [GL #4852] [GL !9315]

  • Use seteuid()/setegid() instead of setreseuid()/setresgid() 558ec133ea1

    It looks like that all supported systems now have support for _POSIX_SAVED_IDS, so it’s safe to use setegid() and setegid() because those will not change saved used/group IDs. [GL #4862] [GL !9363]

  • Follow the number of CPU set by taskset/cpuset. 9afcdc2b184

    Administrators may wish to constrain the set of cores that BIND 9 runs on via the ‘taskset’, ‘cpuset’ or ‘numactl’ programs (or equivalent on other O/S).

    If the admin has used taskset, the named will now follow to automatically use the given number of CPUs rather than the system wide count. [GL #4884] [GL !9398]

  • Double the number of threadpool threads. cfdded46676

    Introduce this temporary workaround to reduce the impact of long- running tasks in offload threads which can block the resolution of queries. [GL #4898]

Bug Fixes

  • Delay release of root privileges until after configuring controls. 8a09d54d6be

    Delay relinquishing root privileges until the control channel has been configured, for the benefit of systems that require root to use privileged port numbers. This mostly affects systems without fine- grained privilege systems (i.e., other than Linux). [GL #4793] [GL !9123]

  • Fix the assertion failure in the isc_hashmap iterator. c31cd677882

    When the round robin hashing reorders the map entries on deletion, we were adjusting the iterator table size only when the reordering was happening at the internal table boundary. The iterator table size had to be reduced by one to prevent seeing the entry that resized on position [0] twice because it migrated to [iter->size - 1] position.

    However, the same thing could happen when the same entry migrates a second time from [iter->size - 1] to [iter->size - 2] position (and so on) because the check that we are manipulating the entry just in the [0] position was insufficient. Instead of checking the position [pos == 0], we now check that the [pos % iter->size == 0], thus ignoring all the entries that might have moved back to the end of the internal table. [GL #4838] [GL !9292]

  • Add -Wno-psabi to CFLAGS for x86 (32-bit) builds. 75021765f8d

    GCC 11.1+ emits a note during compilation when there are 64-bit atomic fields in a structure, because it fixed a compiler bug by changing the alignment of such fields, which caused ABI change.

    Add -Wno-psabi to CFLAGS for such builds in order to silence the warning. That shouldn’t be a problem since we don’t expose our structures to the outside. [GL #4841] [GL !9319]

  • Check if logconfig is NULL before using it in isc_log_doit() ebd669a8303

    Check if ‘lctx->logconfig’ is NULL before using it in isc_log_doit(), because it’s possible that isc_log_destroy() was already called, e.g. when a ‘call_rcu’ function wants to log a message during shutdown. [GL #4842] [GL !9297]

  • Change the NS_PER_SEC (and friends) from enum to static const. 2d12e1142ae

    New version of clang (19) has introduced a stricter checks when mixing integer (and float types) with enums. In this case, we used enum {} as C17 doesn’t have constexpr yet. Change the time conversion constants to be static const unsigned int instead of enum values. [GL #4845] [GL !9313]

  • Check the result of dirfd() before calling unlinkat() 661981be7b0

    Instead of directly using the result of dirfd() in the unlinkat() call, check whether the returned file descriptor is actually valid. That doesn’t really change the logic as the unlinkat() would fail with invalid descriptor anyway, but this is cleaner and will report the right error returned directly by dirfd() instead of EBADF from unlinkat(). [GL #4853] [GL !9316]

  • Fix rare assertion failure when shutting down incoming transfer. 14d2040934e

    A very rare assertion failure can be triggered when the incoming transfer is either forcefully shut down or it is finished during printing the details about the statistics channel. This has been fixed. [GL #4860] [GL !9336]

  • Fix the resesuid() shim implementation for NetBSD. 5bfed08b253

    The shim implementation of setresuid() was wrong - there was a copy and paste error and it was calling setresgid() instead. This only affects NetBSD because Linux, FreeBSD and OpenBSD have setresuid() and setresgid() implementation available from the system library. [GL #4862] [GL !9359]

  • Fix algoritm rollover bug when there are two keys with the same keytag. 8dbd57116bf

    If there is an algorithm rollover and two keys of different algorithm share the same keytags, then there is a possibility that if we check that a key matches a specific state, we are checking against the wrong key. This has been fixed by not only checking for matching key tag but also key algorithm. [GL #4878] [GL !9381]

  • Stop using malloc_usable_size and malloc_size. f99da39934d

    The malloc_usable_size() can return size larger than originally allocated and when these sizes disagree the fortifier enabled by _FORTIFY_SOURCE=3 detects overflow and stops the named execution abruptly. Stop using these convenience functions as they are primary used for introspection-only. [GL #4880] [GL !9400]

  • Preserve statement tag order in documentation. 0b9ce9c05b1

    This supports bit-for-bit reproducibility of built documentation. [GL #4886] [GL !9399]

  • Fix an assertion failure in validate_dnskey_dsset_done() 31245213a09

    Under rare circumstances, named could terminate unexpectedly when validating a DNSKEY resource record if the validation was canceled in the meantime. This has been fixed. [GL #4911]

  • Silence all warnings that stem from the default config. f4e0d0e460b

    As we now setup the logging very early, parsing the default config would always print warnings about experimental (and possibly deprecated) options in the default config. This would even mess with commands like named -V and it is also wrong to warn users about using experimental options in the default config, because they can’t do anything about this. Add CFG_PCTX_NODEPRECATED and CFG_PCTX_NOEXPERIMENTAL options that we can pass to cfg parser and silence the early warnings caused by using experimental options in the default config. [GL !9304]

BIND 9.21.0

New Features

  • Tighten ‘max-recursion-queries’ and add ‘max-query-restarts’ option. f202937078f

    There were cases in resolver.c when the max-recursion-queries quota was ineffective. It was possible to craft zones that would cause a resolver to waste resources by sending excessive queries while attempting to resolve a name. This has been addressed by correcting errors in the implementation of max-recursion-queries, and by reducing the default value from 100 to 32.

    In addition, a new max-query-restarts option has been added which limits the number of times a recursive server will follow CNAME or DNAME records before terminating resolution. This was previously a hard-coded limit of 16, and now defaults to 11. [GL #4741] [GL !9281]

  • Implement rndc retransfer -force. 34589811c59

    A new optional argument ‘-force’ has been added to the command channel command ‘rndc retransfer’. When it is specified, named aborts the ongoing zone transfer (if there is one), and starts a new transfer. [GL #2299] [GL !9102]

  • Add support for external log rotation tools. 5ff1fbe1550

    Add two mechanisms to close open log files. The first is rndc closelogs. The second is kill -USR1 <pid>. They are intended to be used with external log rotation tools. [GL #4780] [GL !9113]

  • Generate changelog from git log. a64ecc5fdd8

    Use a single source of truth, the git log, to generate the list of CHANGES. Use the .rst format and include it in the ARM for a quick reference with proper gitlab links to issues and merge requests. [GL #75] [GL !9152]

Feature Changes

  • Use only c23 or c11 noreturn specifiers. cd92a145a36

    Use [[noreturn]] when compiling with C23 or greater.

    The attribute macro name has been capitalized as NORETURN as defining it as noreturn breaks external headers. #define noreturn __attribute__((noreturn)) wasn’t used as C11’s stdnoreturn.h/_Noreturn is required to build BIND9 in the first place. [GL !9149]

  • Initialize the DST subsystem implicitly. 7f2513a5aa8

    Instead of calling dst_lib_init() and dst_lib_destroy() explicitly by all the programs, create a separate memory context for the DST subsystem and use the library constructor and destructor to initialize the DST internals. [GL !9254]

  • Remove OpenSSL 1.x Engine support. b620b7e9118

    The OpenSSL 1.x Engines support has been deprecated in the OpenSSL 3.x and is going to be removed from the upstream OpenSSL. Remove the OpenSSL Engine support from BIND 9 in favor of OpenSSL 3.x Providers. [GL #4828] [GL !9252]

  • Fix the rsa exponent to 65537. 5fafb0e7f7b

    There isn’t a realistic reason to ever use e = 4294967297. Fortunately its codepath wasn’t reachable to users and can be safetly removed.

    Keep in mind the dns_key_generate header comment was outdated. e = 3 hasn’t been used since 2006 so there isn’t a reason to panic. The toggle was the public exponents between 65537 and 4294967297. [GL !9133]

  • Remove the crc64 implementation. 9397251eb32

    CRC-64 has been added for map files. Now that the map file format has been removed, there isn’t a reason to keep the implementation. [GL !9135]

  • Call rcu_barrier() in the isc_mem_destroy() just once. dcee04f70cb

    The previous work in this area was led by the belief that we might be calling call_rcu() from within call_rcu() callbacks. After carefully checking all the current callback, it became evident that this is not the case and the problem isn’t enough rcu_barrier() calls, but something entirely else.

    Call the rcu_barrier() just once as that’s enough and the multiple rcu_barrier() calls will not hide the real problem anymore, so we can find it. [GL !9134]

  • Require at least OpenSSL 1.1.1. 96ccd962b72

    OpenSSL 1.1.1 or better (or equivalent LibreSSL version) is now required to compile BIND 9. [GL #2806] [GL !9110]

  • Don’t open route socket if we don’t need it. 246d5ccbc9c

    When automatic-interface-scan is disabled, the route socket was still being opened. Add new API to connect / disconnect from the route socket only as needed.

    Additionally, move the block that disables periodic interface rescans to a place where it actually have access to the configuration values. Previously, the values were being checked before the configuration was loaded. [GL #4757] [GL !9122]

  • Clarify that cds_wfcq_dequeue_blocking() doesn’t block if empty. afe406be395

    [GL !9124]

  • Allow shorter resolver-query-timeout configuration. 1661278b343

    The minimum allowed value of ‘resolver-query-timeout’ was lowered to 301 milliseconds instead of the earlier 10000 milliseconds (which is the default). As earlier, values less than or equal to 300 are converted to seconds before applying the limit. [GL #4320] [GL !9091]

  • Replace #define DNS_GETDB_ with struct of bools. 020fda92b4b

    Replace #define DNS_GETDB_ with struct of bools to make it easier to pretty-print the attributes in a debugger. [GL #4559] [GL !9093]

  • Fix data race in clean_finds_at_name. 0dcc93d87a8

    Stop updating find.result_v4 and find.result_v4 in clean_finds_at_name. The values are supposed to be static. [GL #4118] [GL !9108]

Bug Fixes

  • Reconfigure catz member zones during named reconfiguration. acfa5b28f91

    During a reconfiguration named wasn’t reconfiguring catalog zones’ member zones. This has been fixed. [GL #4733]

  • Move the dst__openssl_toresult to isc_tls unit. 9e7cd68d9fe

    Since the enable_fips_mode() now resides inside the isc_tls unit, BIND 9 would fail to compile when FIPS mode was enabled as the DST subsystem logging functions were missing.

    Move the crypto library logging functions from the openssl_link unit to isc_tls unit and enhance it, so it can now be used from both places keeping the old dst__openssl_toresult* macros alive. [GL !9286]

  • Disassociate the SSL object from the cached SSL_SESSION. 1d1bc3a1485

    When the SSL object was destroyed, it would invalidate all SSL_SESSION objects including the cached, but not yet used, TLS session objects.

    Properly disassociate the SSL object from the SSL_SESSION before we store it in the TLS session cache, so we can later destroy it without invalidating the cached TLS sessions. [GL #4834] [GL !9271]

  • Attach/detach to the listening child socket when accepting TLS. ee00bddf94f

    When TLS connection (TLSstream) connection was accepted, the children listening socket was not attached to sock->server and thus it could have been freed before all the accepted connections were actually closed.

    In turn, this would cause us to call isc_tls_free() too soon - causing cascade errors in pending SSL_read_ex() in the accepted connections.

    Properly attach and detach the children listening socket when accepting and closing the server connections. [GL #4833] [GL !9270]

  • Fix –enable-tracing build on systems without dtrace. ced1eb358da

    Missing file util/dtrace.sh prevented builds on system without dtrace utility. This has been corrected.

  • Make hypothesis optional for system tests. 5dd3c416760

    Ensure that system tests can be executed without Python hypothesis package. [GL #4831] [GL !9265]

  • Dig now reports missing query section for opcode QUERY. 7facf967aca

    Query responses should contain the question section with some exceptions. Dig was not reporting this. [GL #4808] [GL !9233]

  • Fix assertion failure in the glue cache. 227add4c3eb

    Fix an assertion failure that could happen as a result of data race between free_gluetable() and addglue() on the same headers. [GL #4691] [GL !9126]

  • Don’t use ‘create’ flag unnecessarily in findnode() a26055f03ec

    when searching the cache for a node so that we can delete an rdataset, it isn’t necessary to set the ‘create’ flag. if the node doesn’t exist yet, we won’t be able to delete anything from it anyway. [GL !9158]

  • Raise the log level of priming failures. 6573276bada

    When a priming query is complete, it’s currently logged at level ISC_LOG_DEBUG(1), regardless of success or failure. We are now raising it to ISC_LOG_NOTICE in the case of failure. [GL #3516] [GL #3516] [GL !9121]

  • Fix assertion failure when checking named-checkconf version. 00739e99f67

    Checking the version of named-checkconf would end with assertion failure. This has been fixed. [GL #4827] [GL !9243]

  • Valid TSIG signatures with invalid time cause crash. 7a705a3ea4e

    An assertion failure triggers when the TSIG has valid cryptographic signature, but the time is invalid. This can happen when the times between the primary and secondary servers are not synchronised. [GL #4811] [GL !9234]

  • Don’t skip the counting if fcount_incr() is called with force==true. 026024a6aed

    The fcount_incr() was incorrectly skipping the accounting for the fetches-per-zone if the force argument was set to true. We want to skip the accounting only when the fetches-per-zone is completely disabled, but for individual names we need to do the accounting even if we are forcing the result to be success. [GL #4786] [GL !9115]

  • Don’t skip the counting if fcount_incr() is called with force==true (v2) 8b70722fcb

    The fcount_incr() was not increasing counter->count when force was set to true, but fcount_decr() would try to decrease the counter leading to underflow and assertion failure. Swap the order of the arguments in the condition, so the !force is evaluated after incrementing the .count. [GL #4846] [GL !9298]

  • Remove superfluous memset() in isc_nmsocket_init() 4c363393ff1

    The tlsstream part of the isc_nmsocket_t gets initialized via designater initializer and doesn’t need the extra memset() later; just remove it. [GL !9120]

  • Fix PTHREAD_MUTEX_ADAPTIVE_NP and PTHREAD_MUTEX_ERRORCHECK_NP usage. 4efdb8b00a0

    The PTHREAD_MUTEX_ADAPTIVE_NP and PTHREAD_MUTEX_ERRORCHECK_NP are usually not defines, but enum values, so simple preprocessor check doesn’t work.

    Check for PTHREAD_MUTEX_ADAPTIVE_NP from the autoconf AS_COMPILE_IFELSE block and define HAVE_PTHREAD_MUTEX_ADAPTIVE_NP. This should enable adaptive mutex on Linux and FreeBSD.

    As PTHREAD_MUTEX_ERRORCHECK actually comes from POSIX and Linux glibc does define it when compatibility macros are being set, we can just use PTHREAD_MUTEX_ERRORCHECK instead of PTHREAD_MUTEX_ERRORCHECK_NP. [GL !9111]

  • Remove extra newline from yaml output. b9cbd3bc767

    I split this into two commits, one for the actual newline removal, and one for issues I found, ruining the yaml output when some errors were outputted.

  • CID 498025 and CID 498031: Overflowed constant INTEGER_OVERFLOW. 35d93624a56

    Add INSIST to fail if the multiplication would cause the variables to overflow. [GL #4798] [GL !9131]

  • Remove unnecessary operations. 33f4ee7c36c

    Decrementing optlen immediately before calling continue is unneccesary and inconsistent with the rest of dns_message_pseudosectiontoyaml and dns_message_pseudosectiontotext. Coverity was also reporting an impossible false positive overflow of optlen (CID 499061). [GL !9130]

  • Fix generation of 6to4-self name expansion from IPv4 address. ea2a5909a56

    The period between the most significant nibble of the encoded IPv4 address and the 2.0.0.2.IP6.ARPA suffix was missing resulting in the wrong name being checked. Add system test for 6to4-self implementation. [GL #4766] [GL !9099]

  • Fix false QNAME minimisation error being reported. 5857a4d3972

    Remove the false positive “success resolving” log message when QNAME minimisation is in effect and the final result is NXDOMAIN. [GL #4784] [GL !9117]

  • Dig +yaml was producing unexpected and/or invalid YAML output. 93d7d221bd9

    [GL #4796] [GL !9127]

  • SVBC alpn text parsing failed to reject zero length alpn. 0b56763df3f

    [GL #4775] [GL !9106]

  • Return SERVFAIL for a too long CNAME chain. 89ab9e948d1

    When cutting a long CNAME chain, named was returning NOERROR instead of SERVFAIL (alongside with a partial answer). This has been fixed. [GL #4449] [GL !9090]

  • Properly calculate the amount of system memory. 6427d625ea5

    On 32 bit machines isc_meminfo_totalphys could return an incorrect value. [GL #4799] [GL !9132]

  • Update key lifetime and metadata after dnssec-policy reconfig. d9d882816aa

    Adjust key state and timing metadata if dnssec-policy key lifetime configuration is updated, so that it also affects existing keys. [GL #4677] [GL !9118]

Changes prior to 9.20.0

        --- 9.20.0 released ---

6404.   [placeholder]

6403.   [security]      qctx-zversion was not being cleared when it should have
                        been leading to an assertion failure if it needed to be
                        reused. (CVE-2024-4076) [GL #4507]

6402.   [security]      A malicious DNS client that sends many queries with a
                        SIG(0)-signed message can cause the server to respond
                        slowly or not respond at all to other clients. Use the
                        offload threadpool for SIG(0) signature verifications,
                        add the 'sig0checks-quota' configuration option to
                        introduce a quota for SIG(0)-signed queries running in
                        parallel and add the 'sig0checks-quota-exempt' option to
                        exempt certain clients by their IP/network addresses.
                        (CVE-2024-1975) [GL #4480]

6401.   [security]      An excessively large number of rrtypes per owner can
                        slow down database query processing, so a limit has been
                        placed on the number of rrtypes that can be stored per
                        owner (node) in a cache or zone database. This is
                        configured with the new "max-rrtypes-per-name" option,
                        and defaults to 100. (CVE-2024-1737)
                        [GL #3403] [GL #4548]

6400.   [security]      Excessively large rdatasets can slow down database
                        query processing, so a limit has been placed on the
                        number of records that can be stored per rdataset
                        in a cache or zone database. This is configured
                        with the new "max-records-per-type" option, and
                        defaults to 100. (CVE-2024-1737)
                        [GL #497] [GL #3405]

6399.   [security]      Malicious DNS client that sends many queries over
                        TCP but never reads responses can cause server to
                        respond slowly or not respond at all for other
                        clients. (CVE-2024-0760) [GL #4481]

6398.   [bug]           Fix potential data races in our DoH implementation
                        related to HTTP/2 session object management and
                        endpoints set object management after reconfiguration.
                        We would like to thank Dzintars and Ivo from nic.lv
                        for bringing this to our attention. [GL #4473]

6397.   [placeholder]

6396.   [func]          Outgoing zone transfers are no longer enabled by
                        default. To enable them, an "allow-transfer" ACL
                        must be specified. [GL #4728]

6395.   [bug]           Handle ISC_R_HOSTDOWN and ISC_R_NETDOWN in resolver.c.
                        [GL #4736]

6394.   [bug]           Named's -4 and -6 options now apply to zone primaries,
                        also-notify and parental-agents.  Report when a zone
                        has these options configured but does not have an IPv4
                        or IPv6 address listed respectively. [GL #3472]

6393.   [func]          Deal with uv_tcp_close_reset() error return codes
                        more gracefully. [GL #4708]

6392.   [bug]           Use a completely new memory context when flushing the
                        cache. [GL #2744]

6391.   [placeholder]

6390.   [placeholder]

6389.   [bug]           dnssec-verify and dnssec-signzone could fail if there
                        was an obscured DNSKEY RRset at a delegatation.
                        [GL #4517]

6388.   [placeholder]

6387.   [func]          Added a new statistics variable "recursive high-water"
                        that reports the maximum number of simultaneous
                        recursive clients BIND has handled while running.
                        [GL #4668]

6386.   [bug]           When shutting down catzs->view could point to freed
                        memory. Obtain a reference to the view to prevent this.
                        [GL #4502]

6385.   [func]          Relax SVCB alias mode checks to allow parameters.
                        [GL #4704]

6384.   [bug]           Remove infinite loop when including a directory in a
                        zone file. [GL #4357]

6383.   [bug]           Address an infinite loop in $GENERATE when a negative
                        value was converted in nibble mode. [GL #4353]

6382.   [bug]           Fix RPZ response's SOA record TTL, which was incorrectly
                        set to 1 if 'add-soa' is used. [GL #3323]
        --- 9.19.24 released ---

6381.   [bug]           dns_qp_lookup() could position the iterator at the
                        wrong predecessor when searching for names with
                        uncommon characters, which are encoded as two-octet
                        sequences in QP trie keys. [GL #4702]

6380.   [func]          Queries and responses now emit distinct dnstap entries
                        for DoT and DoH. [GL #4523]

6379.   [bug]           A QP iterator bug could result in DNSSEC validation
                        failing because the wrong NSEC was returned. [GL #4659]

6378.   [func]          The option to specify the number of UDP dispatches was
                        previously removed. An attempt to use the option now
                        prints a warning. [GL #1879]

6377.   [func]          Introduce 'dnssec-ksr', a DNSSEC tool to create
                        Key Signing Requests (KSRs) and Signed Key Responses
                        (SKRs). [GL #1128]

6376.   [func]          Allow 'dnssec-keygen' options '-f' and '-k' to be used
                        together to create a subset of keys from the DNSSEC
                        policy. [GL !8188]

6375.   [func]          Allow multiple RNDC message to be processed from
                        a single TCP read. [GL #4416]

6374.   [func]          Don't count expired / future RRSIGs in verification
                        failure quota. [GL #4586]

6373.   [func]          Offload the isc_http response processing to worker
                        thread. [GL #4680]

6372.   [func]          Implement signature jitter for dnssec-policy. [GL #4554]

6371.   [bug]           Access to the trust bytes in the ncache data needed to
                        be made thread safe. [GL #4475]

6370.   [bug]           Wrong source address used for IPv6 notify messages.
                        [GL #4669]
        --- 9.19.23 released ---

6369.   [func]          The 'fixed' value for the 'rrset-order' option has
                        been marked and documented as deprecated. [GL #4446]

6368.   [func]          The 'sortlist' option has been marked and documented
                        as deprecated. [GL #4593]

6367.   [bug]           Since the dns_validator_destroy() function doesn't
                        guarantee that it destroys the validator, rename it to
                        dns_validator_shutdown() and require explicit
                        dns_validator_detach() to follow. Implement an expected
                        behavior of the function to release a name associated
                        with the validator. [GL #4654]

6366.   [bug]           An assertion could be triggered in the QPDB cache when
                        encountering a delegation below a DNAME. [GL #4652]

6365.   [placeholder]

6364.   [protocol]      Add RESOLVER.ARPA to the built in empty zones.
                        [GL #4580]

6363.   [bug]           dig/mdig +ednsflags=<non-zero-value> did not re-enable
                        EDNS if it had been disabled. [GL #4641]

6362.   [bug]           Reduce memory consumption of QP-trie based databases
                        by dynamically allocating the nodenames. [GL #4614]

6361.   [bug]           Some invalid ISO 8601 durations were accepted
                        erroneously. [GL #4624]

6360.   [bug]           Don't return static-stub synthesised NS RRset.
                        [GL #4608]

6359.   [bug]           Fix bug in Depends (keymgr_dep) function. [GL #4552]
        --- 9.19.22 released ---

6358.   [bug]           Fix validate_dnskey_dsset when KSK is not signing,
                        do not skip remainder of DS RRset. [GL #4625]

6357.   [func]          The QP zone database implementation introduced in
                        change #6355 has now been replaced with a version
                        based on the multithreaded dns_qpmulti API, which
                        is based on RCU and reduces the need for locking.
                        The new implementation is called "qpzone". The
                        previous "qp" implementation has been renamed
                        "qpcache", and can only be used for the cache.
                        [GL #4348]

6356.   [bug]           Attach the loop also in the dns_cache_flush(), so
                        the cache pruning still works after the flush.
                        [GL #4621]

6355.   [func]          The red-black tree data structure underlying the
                        RBTDB has been replaced with QP-tries.  This is
                        expected to improve scalability and reduce
                        CPU consumption under load. It is currently known to
                        have higher memory consumption than the traditional
                        RBTDB; this will be addressed in future releases.

                        Nodes in a QP-trie contain the full domain name,
                        while nodes in a red-black tree only contain names
                        relative to a parent.  Because of this difference,
                        zone files dumped with masterfile-style "relative"
                        will no longer have multiple different $ORIGIN
                        statements throughout the file.

                        This version is a minimal adaptation, keeping RBTDB
                        code largely unchanged, except as needed to replace
                        the underlying data structure. It uses the
                        single-thread "dns_qp" interface with locks for
                        synchronization. A future version will use the
                        multithreaded "dns_qpmulti" interface instead,
                        and will be renamed to QPDB.

                        The RBT-based version of RBTDB is still in place
                        for now, and can be used by specifying "database rbt"
                        in a "zone" statement, or by compiling with
                        "configure --with-zonedb=rbt --with-cachedb=rbt".
                        [GL #4411]

6354.   [bug]           Change 6035 introduced a regression when chasing DS
                        records resulting in an assertion failure. [GL #4612]

6353.   [bug]           Improve the TTL-based cleaning by removing the expired
                        headers from the heap, so they don't block the next
                        cleaning round and clean more than a single item for
                        each new addition to the RBTDB. [GL #4591]

6352.   [bug]           Revert change 6319 and decrease lock contention during
                        RBTDB tree pruning by not cleaning up nodes recursively
                        within a single prune_tree() call. [GL #4596]

6351.   [protocol]      Support for the RESINFO record type has been added.
                        [GL #4413]

6350.   [bug]           Address use after free in expire_lru_headers. [GL #4495]

6349.   [placeholder]

6348.   [bug]           BIND could previously abort when trying to
                        establish a connection to a remote server using an
                        incorrect 'tls' configuration. That has been
                        fixed. Thanks to Tobias Wolter for bringing
                        the issue to our attention. [GL #4572]

6347.   [func]          Disallow stale-answer-client-timeout non-zero values.
                        [GL #4447]

6346.   [bug]           Cleaned up several minor bugs in the RBTDB dbiterator
                        implementation. [GL !8741]

6345.   [bug]           Added missing dns_rdataset_disassociate calls in
                        validator.c:findnsec3proofs. [GL #4571]

6344.   [bug]           Fix case insensitive setting for isc_ht hashtable.
                        [GL #4568]

6343.   [bug]           Fix case insensitive setting for isc_ht hashtable.
                        [GL #4568]

6342.   [placeholder]

6341.   [bug]           Address use after free in ccmsg_senddone. [GL #4549]

6340.   [test]          Fix incorrectly reported errors when running tests
                        with `make test` on platforms with older pytest.
                        [GL #4560]

6339.   [bug]           The alignas() can't be used on types larger than
                        max_align_t; instead add padding into the structures
                        where we want avoid false memory sharing. [GL #4187]

6338.   [func]          Optimize slabheader placement, so the infrastructure
                        records are put in the beginning of the slabheader
                        linked list. [GL !8675]

6337.   [bug]           Nsupdate could assert while shutting down. [GL #4529]

6336.   [func]          Expose the zones with the 'first refresh' flag set in
                        statistics channel's "Incoming Zone Transfers" section
                        to indicate the zones that are not yet fully ready, and
                        their first refresh is pending or is in-progress. Also
                        expose the number of such zones in the output of the
                        'rndc status' command. [GL #4241]

6335.   [func]          The 'dnssec-validation yes' option now requires an
                        explicitly configured 'trust-anchors' statement (or
                        'managed-keys' or 'trusted-keys' statements, both
                        deprecated). [GL #4373]

6334.   [doc]           Improve ARM parental-agents definition. [GL #4531]

6333.   [bug]           Fix the DNS_GETDB_STALEFIRST flag, which was defined
                        incorrectly in lib/ns/query.c. [GL !8683]

6332.   [bug]           Range-check the arguments to fetch-quota-param.
                        [GL #362]

6331.   [func]          Add HSM support for dnssec-policy. You can now
                        configure keys with a key-store that allows you to
                        set the directory to store key files and to set a
                        PKCS #11 URI string. [GL #1129]

6330.   [doc]           Update ZSK minimum lifetime documentation in ARM, also
                        depends on signing delay. [GL #4510]

6329.   [func]          Nsupdate can now set the UL EDNS option when sending
                        UPDATE requests. [GL #4419]

6328.   [func]          Add workaround to enforce dynamic linker to pull
                        jemalloc earlier than libc to ensure all memory
                        allocations are done via jemalloc. [GL #4404]

6327.   [func]          Expose the TCP client count in statistics channel.
                        [GL #4425]

6326.   [bug]           Changes to "listen-on" statements were ignored on
                        reconfiguration unless the port or interface address was
                        changed, making it impossible to change a related
                        listener transport type. Thanks to Thomas Amgarten.
                        [GL #4518] [GL #4528]

6325.   [func]          The 'tls' block was extended with a new
                        'cipher-suites' option that allows setting
                        allowed cipher suites for TLSv1.3.
                        [GL #3504]

6324.   [bug]           Fix a possible crash in 'dig +nssearch +nofail' and
                        'host -C' commands when one of the name servers returns
                        SERVFAIL. [GL #4508]
        --- 9.19.21 released ---

6323.   [placeholder]

6322.   [security]      Specific DNS answers could cause a denial-of-service
                        condition due to DNS validation taking a long time.
                        (CVE-2023-50387) [GL #4424]

                        The same code change also addresses another problem:
                        preparing NSEC3 closest encloser proofs could exhaust
                        available CPU resources. (CVE-2023-50868) [GL #4459]

6321.   [security]      Change 6315 inadvertently introduced regressions that
                        could cause named to crash. [GL #4234]

6320.   [placeholder]
        --- 9.19.20 released ---

6319.   [func]          Limit isc_async_run() overhead for RBTDB tree pruning.
                        [GL #4383]

6318.   [placeholder]

6317.   [security]      Restore DNS64 state when handling a serve-stale timeout.
                        (CVE-2023-5679) [GL #4334]

6316.   [security]      Specific queries could trigger an assertion check with
                        nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281]

6315.   [security]      Speed up parsing of DNS messages with many different
                        names. (CVE-2023-4408) [GL #4234]

6314.   [bug]           Address race conditions in dns_tsigkey_find().
                        [GL #4182]

6313.   [bug]           When dnssec-policy is in effect the DNSKEY's TTLs in
                        the zone where not being updated to match the policy.
                        This lead to failures when DNSKEYs where updated as the
                        TTLs mismatched. [GL #4466]

6312.   [bug]           Conversion from NSEC3 signed to NSEC signed could
                        temporarily put the zone into a state where it was
                        treated as unsigned until the NSEC chain was built.
                        Additionally conversion from one set of NSEC3 parameters
                        to another could also temporarily put the zone into a
                        state where it was treated as unsigned until the new
                        NSEC3 chain was built. [GL #1794] [GL #4495]

6311.   [func]          Zone content checks are now disabled by default
                        when running named-compilezone. named-checkzone
                        can still be used for checking zone integrity,
                        or the former checks in named-compilezone can be
                        re-enabled by using "named-compilezone -i full
                        -k fail -n fail -r warn -m warn -M warn -S warn
                        -T warn -W warn -C check-svcb:fail". [GL #4364]

6310.   [bug]           Memory leak in zone.c:sign_zone. When named signed a
                        zone it could leak dst_keys due to a misplaced
                        'continue'. [GL #4488]

6309.   [bug]           Changing a zone's primaries while a refresh was in
                        progress could trigger an assertion. [GL #4310]

6308.   [bug]           Prevent crashes caused by the zone journal getting
                        destroyed before all changes from an incoming IXFR are
                        written to it. [GL #4496]

6307.   [bug]           Obtain a client->handle reference when calling
                        async_restart. [GL #4439]

6306.   [func]          Log more details about the cause of "not exact" errors.
                        [GL #4500]

6305.   [placeholder]

6304.   [bug]           The wrong time was being used to determine what RRSIGs
                        where to be generated when dnssec-policy was in use.
                        [GL #4494]

6303.   [bug]           Dig failed to correctly process a SIGINT received while
                        waiting for a TCP connection to complete. [GL #4138]

6302.   [func]          The "trust-anchor-telemetry" statement is no longer
                        marked as experimental. This silences a relevant log
                        message that was emitted even when the feature was
                        explicitly disabled. [GL #4497]

6301.   [bug]           Fix data races with atomic members of the xfrin
                        structure in xfrin_start() and xfrin_send_request()
                        functions. [GL #4493]

6300.   [bug]           Fix statistics export to use full 64 bit signed numbers
                        instead of truncating values to unsigned 32 bits.
                        [GL #4467]

6299.   [port]          NetBSD has added 'hmac' to libc which collides with our
                        use of 'hmac'. [GL #4478]

6298.   [bug]           Fix dns_qp_lookup bugs related to the iterator.
                        [GL !8558]
        --- 9.19.19 released ---

6297.   [bug]           Improve LRU cleaning behaviour. [GL #4448]

6296.   [func]          The "resolver-nonbackoff-tries" and
                        "resolver-retry-interval" options have been removed;
                        Using them is now a fatal error. [GL #4405]

6295.   [bug]           Fix an assertion failure which could occur during
                        shutdown when DNSSEC validation was running. [GL #4462]

6294.   [bug]           BIND might sometimes crash after startup or
                        re-configuration when one 'tls' entry is used multiple
                        times to connect to remote servers due to initialisation
                        attempts from contexts of multiple threads. That has
                        been fixed. [GL #4464]

6293.   [func]          Initial support for accepting the PROXYv2 protocol in
                        all currently implemented DNS transports in BIND and
                        complementary support for sending it in dig are included
                        into this release. [GL #4388]

6292.   [func]          Lower the maximum number of allowed NSEC3 iterations,
                        from 150 to 50. DNSSEC responses with a higher
                        iteration count are treated as insecure. For signing
                        with dnssec-policy, iterations must be set to zero.
                        [GL #4363]

6291.   [bug]           SIGTERM failed to properly stop multiple outstanding
                        lookup in dig. [GL #4457]

6290.   [bug]           Dig +yaml will now report "no servers could be reached"
                        also for UDP setup failure when no other servers or
                        tries are left. [GL #1229]

6289.   [test]          Remove legacy system test runner in favor of pytest.
                        [GL #4251]

6288.   [func]          Refactor the isc_mem overmem handling to always use
                        isc_mem_isovermem and remove the water callback.
                        [GL #4451]

6287.   [bug]           Recognize escapes when reading the public key from file.
                        [GL !8502]

6286.   [bug]           Dig +yaml will now report "no servers could be reached"
                        on TCP connection failure as well as for UDP timeouts.
                        [GL #4396]

6285.   [func]          Remove AES-based DNS cookies. [GL #4421]

6284.   [bug]           Fix a catz db update notification callback registration
                        logic error, which could cause an assertion failure when
                        receiving an AXFR update for a catalog zone while the
                        previous update process of the catalog zone was already
                        running. [GL #4418]

6283.   [bug]           Fix a data race in isc_hashmap by using atomics for the
                        iterators number. [GL !8474]

6282.   [func]          Deprecate AES-based DNS cookies. [GL #4421]

6281.   [bug]           Fix a data race in dns_tsigkeyring_dump(). [GL #4328]
        --- 9.19.18 released ---

6280.   [bug]           Fix missing newlines in the output of "rndc nta -dump".
                        [GL !8454]

6279.   [func]          Use QNAME minimization when fetching nameserver
                        addresses. [GL #4209]

6278.   [bug]           The call to isc_mem_setwater() was incorrectly
                        removed from dns_cache_setcachesize(), causing
                        cache overmem conditions not to be detected. [GL #4340]

6277.   [bug]           Take into account local authoritative zones when
                        falling back to serve-stale. [GL #4355]

6276.   [cleanup]       Remove both lock-file configuration option and the
                        -X argument to named. [GL #4391]

6275.   [bug]           Fix assertion failure when using lock-file configuration
                        option together -X argument to named. [GL #4386]

6274.   [bug]           The 'lock-file' file was being removed when it
                        shouldn't have been making it ineffective if named was
                        started 3 or more times. [GL #4387]

6273.   [bug]           Don't reuse the existing TCP streams in dns_xfrin, so
                        parallel TCP transfers works again. [GL #4379]

6272.   [func]          Enable systemd units support with the 'notify-reload'
                        service type by settng the MONOTONIC_USEC field when
                        sending an sd_notify() message to the service manager
                        to notify it about reloading the service. Note that the
                        'NotifyAccess=all' option is required in the systemd
                        unit file's '[Service]' section. [GL #4377]

6271.   [bug]           Fix a shutdown race in dns__catz_update_cb(). [GL #4381]

6270.   [bug]           Handle an assertion when the primary server returned
                        NOTIMP to IXFR or FORMERR to EDNS to SOA/IXFR/AXFR
                        request when transfering a zone. [GL #4372]

6269.   [maint]         B.ROOT-SERVERS.NET addresses are now 170.247.170.2 and
                        2801:1b8:10::b. [GL #4101]

6268.   [func]          Offload the IXFR and AXFR processing to unblock
                        the networking threads. [GL #4367]

6267.   [func]          The timeouts for resending zone refresh queries over UDP
                        were lowered to enable named to more quickly determine
                        that a primary is down. [GL #4260]

6266.   [func]          The zone option 'inline-signing' is ignored from now
                        on iff there is no 'dnssec-policy' configured for the
                        corresponding zone. [GL #4349]

6265.   [bug]           Don't schedule resign operations on the raw version
                        of an inline-signing zone. [GL #4350]

6264.   [func]          Use atomics to handle some ADB entry members
                        to reduce ADB locking contention. [GL #4326]

6263.   [func]          Convert the RPZ summary database to use a QP trie
                        instead of an RBT. [GL !8352]

6262.   [bug]           Duplicate control sockets didn't generate a
                        configuration failure leading to hard to diagnose
                        rndc connection errors.  These are now caught by
                        named-checkconf and named. [GL #4253]

6261.   [bug]           Fix a possible assertion failure on an error path in
                        resolver.c:fctx_query(), when using an uninitialized
                        link. [GL #4331]

6260.   [func]          Added options to the QP trie that will be needed
                        when it is used as a zone or cache database: backward
                        iteration, and retrieval of DNSSEC predecessor
                        nodes and node chains. [GL !8338]

6259.   [placeholder]

6258.   [func]          Use explictly created external memory pools for
                        dns_message in the ns_client and dns_resolver.
                        [GL #4325]

6257.   [func]          Expose the "Refresh SOA" query state (before the XFR)
                        in the incoming zone transfers section of the
                        statistics channel and show the local and remote
                        addresses for that query. Also Improve the
                        "Duration (s)" field to show the duration of the
                        "Pending" and "Refresh SOA" states too, before the
                        actual transfer starts. [GL !8305]

6256.   [func]          Expose the SOA query transport type (used before/during
                        XFR) in the incoming zone transfers section of the
                        statistics channel. [GL !8240]

6255.   [func]          Expose data about incoming zone transfers in progress
                        using statistics channel. [GL #3883]

6254.   [cleanup]       Add semantic patch to do an explicit cast from char
                        to unsigned char in ctype.h class of functions.
                        [GL #4327]

6253.   [cleanup]       Remove the support for control channel over Unix
                        Domain Sockets. [GL #4311]

6252.   [test]          Python system tests have to be executed by invoking
                        pytest directly. Executing them with the legacy test
                        runner is no longer supported. [GL #4250]

6251.   [bug]           Interating a hashmap could return the same element
                        twice. [GL #3422]

6250.   [bug]           The wrong covered value was being set by
                        dns_ncache_current for RRSIG records in the returned
                        rdataset structure. This resulted in TYPE0 being
                        reported as the covered value of the RRSIG when dumping
                        the cache contents. [GL #4314]

6249.   [cleanup]       Reduce the number of reserved UDP dispatches
                        to the number of loops, replace the round-robin
                        mechanism in dns_dispatchset_t with dispatches
                        pinned to loops, and use lock-free hash tables
                        for looking up query IDs and active TCP
                        connections. [GL !8304]

6248.   [func]          Add an option "resolver-use-dns64", which enables
                        application of DNS64 rules to server addresses
                        when sending recursive queries. This allows
                        resolution to be performed via NAT64. [GL #608]

6247.   [func]          Implement incremental hashing in both isc_siphash
                        and isc_hash units. [GL #4306]
        --- 9.19.17 released ---

6246.   [placeholder]

6245.   [security]      Limit the amount of recursion that can be performed
                        by isccc_cc_fromwire. (CVE-2023-3341) [GL #4152]

6244.   [bug]           Adjust log levels on malformed messages to NOTICE when
                        transferring in a zone. [GL #4290]

6243.   [bug]           Restore the call order of dns_validator_destroy and
                        fetchctx_detach to prevent use after free. [GL #4214]

6242.   [func]          Ignore jemalloc versions before 4.0.0 as we now
                        need explicit memory arenas and tcache support.
                        [GL #4296]

6241.   [placeholder]

6240.   [bug]           Use dedicated per-worker thread jemalloc memory
                        arenas for send buffers allocation to reduce memory
                        consumption and avoid lock contention. [GL #4038]

6239.   [func]          Deprecate the 'dnssec-must-be-secure' option.
                        [GL #3700]

6238.   [cleanup]       Refactor several objects relying on dns_rbt trees
                        to instead of dns_nametree, a wrapper around dns_qp.
                        [GL !8213]

6237.   [bug]           Address memory leaks due to not clearing OpenSSL error
                        stack. [GL #4159]

6236.   [func]          Add isc_mem_cget() and isc_mem_cput() calloc-like
                        functions that take nmemb and size, do checked
                        multiplication and zero the memory before returning
                        it to the user.  Replace isc_mem_getx(..., ISC_MEM_ZERO)
                        with isc_mem_cget(...) usage. [GL !8237]

6235.   [doc]           Clarify BIND 9 time formats. [GL #4266]

6234.   [bug]           Restore stale-refresh-time value after flushing the
                        cache. [GL #4278]

6233.   [func]          Extend client side support for the EDNS EXPIRE option
                        to IXFR and AXFR query types. [GL #4170]

6232.   [bug]           Following the introduction of krb5-subdomain-self-rhs
                        and ms-subdomain-self-rhs update rules, removal of
                        nonexistent PTR and SRV records via UPDATE could fail.
                        [GL #4280]

6231.   [func]          Make nsupdate honor -v for SOA requests only if the
                        server is specified. [GL #1181]

6230.   [bug]           Prevent an unnecessary query restart if a synthesized
                        CNAME target points to the CNAME owner. [GL #3835]

6229.   [func]          Add basic USDT framework for adding static
                        tracing points. [GL #4041]

6228.   [func]          Limit the number of inactive network manager handles
                        and uvreq objects that we keep around for reusing
                        later. [GL #4265]

6227.   [bug]           Check the statistics-channel HTTP Content-length
                        to prevent negative or overflowing values from
                        causing a crash. [GL #4125]

6226.   [bug]           Attach dispatchmgr in the dns_view object to prevent
                        use-after-free when shutting down. [GL #4228]

6225.   [func]          Convert dns_nta, dns_forward and dns_keytable units
                        to use QP trie instead of an RBT. [GL !7811]

6224.   [bug]           Check the If-Modified-Since value length to prevent
                        out-of-bounds write. [GL #4124]

6223.   [func]          Make -E engine option for OpenSSL Engine API use only.
                        OpenSSL Provider API will now require engine to not be
                        set. [GL #8153]

6222.   [func]          Fixes to provider/engine based ECDSA key handling.
                        [GL !8152]
        --- 9.19.16 released ---

6221.   [cleanup]       Refactor dns_rdataset internals, move rdatasetheader
                        declarations out of rbtdb.c so they can be used by other
                        databases in the future, and split the zone and cache
                        functions from rbtdb.c into separate modules. [GL !7873]

6220.   [func]          Deprecate the 'dialup' and 'heartbeat-interval'
                        options. [GL #3700]

6219.   [bug]           Ignore 'max-zone-ttl' on 'dnssec-policy insecure'.
                        [GL #4032]

6218.   [func]          Add inline-signing to dnssec-policy. [GL #3677]

6217.   [func]          The dns_badcache unit was refactored to use cds_lfht
                        instead of hand-crafted locked hashtable. [GL #4223]

6216.   [bug]           Pin dns_request events to the originating loop
                        to serialize access to the data. [GL #4086]

6215.   [protocol]      Return REFUSED to GSS-API TKEY requests if GSS-API
                        support is not configured. [GL #4225]

6214.   [bug]           Fix the memory leak in for struct stub_glue_request
                        allocated in stub_request_nameserver_address() but not
                        freed in stub_glue_response(). [GL #4227]

6213.   [bug]           Mark a primary server as temporarily unreachable if the
                        TCP connection attempt times out. [GL #4215]

6212.   [placeholder]

6211.   [func]          Remove 'auto-dnssec'. This obsoletes the configuration
                        options 'dnskey-sig-validity', 'dnssec-dnskey-kskonly',
                        'dnssec-update-mode', 'sig-validity-interval', and
                        'update-check-ksk'. [GL #3672]

6210.   [func]          Don't add signing records for DNSKEY added with dynamic
                        update. The dynamic update DNSSEC management feature was
                        removed with GL #3686. [GL !8070]

6209.   [func]          Reduce query-response latency by making recursive
                        queries (CNAME, DNAME, NSEC) asynchronous instead
                        of directly calling the respective functions. [GL #4185]

6208.   [func]          Return BADCOOKIE for out-of-date or otherwise bad, well
                        formed DNS SERVER COOKIES. [GL #4194]
        --- 9.19.15 released ---

6207.   [cleanup]       The code implementing TSIG/TKEY support has been cleaned
                        up and refactored for improved robustness, readability,
                        and consistency with other code modules. [GL !7828]

6206.   [bug]           Add shutdown checks in dns_catz_dbupdate_callback() to
                        avoid a race with dns_catz_shutdown_catzs(). [GL #4171]

6205.   [bug]           Restore support to read legacy HMAC-MD5 K file pairs.
                        [GL #4154]

6204.   [bug]           Use NS records for relaxed QNAME-minimization mode.
                        This reduces the number of queries named makes when
                        resolving, as it allows the non-existence of NS RRsets
                        at non-referral nodes to be cached in addition to the
                        referrals that are normally cached. [GL #3325]

6203.   [cleanup]       Ensure that the size calculation does not overflow
                        when allocating memory for an array.
                        [GL #4120] [GL #4121] [GL #4122]

6202.   [func]          Use per-loop memory contexts for dns_resolver
                        objects. [GL !8015]

6201.   [bug]           The free_all_cpu_call_rcu_data() call at the end
                        of isc_loopmgr_run() was causing ~200 ms extra
                        latency. [GL #4163]

6200.   [placeholder]

6199.   [bug]           Improve HTTP Connection: header protocol conformance
                        in the statistics channel. [GL #4126]

6198.   [func]          Remove the holes in the isc_result_t enum to compact
                        the isc_result tables. [GL #4149]

6197.   [bug]           Fix a data race between the dns_zone and dns_catz
                        modules when registering/unregistering a database
                        update notification callback for a catalog zone.
                        [GL #4132]

6196.   [cleanup]       Report "permission denied" instead of "unexpected error"
                        when trying to update a zone file on a read-only file
                        system. Thanks to Midnight Veil. [GL #4134]

6195.   [bug]           Use rcu to reference view->adb. [GL #4021]

6194.   [func]          Change function 'find_zone_keys()' to look for signing
                        keys by looking for key files instead of a DNSKEY
                        RRset lookup. [GL #4141]

6193.   [bug]           Fix a catz db update notification callback registration
                        logic error, which could crash named when receiving an
                        AXFR update for a catalog zone while the previous update
                        process of the catalog zone was already running.
                        [GL #4136]
        --- 9.19.14 released ---

6192.   [placeholder]

6191.   [placeholder]

6190.   [security]      Improve the overmem cleaning process to prevent the
                        cache going over the configured limit. (CVE-2023-2828)
                        [GL #4055]

6189.   [bug]           Fix an extra dns_validator deatch when encountering
                        deadling which would lead to assertion failure.
                        [GL #4115]

6188.   [performance]   Reduce memory consumption by allocating properly
                        sized send buffers for stream-based transports.
                        [GL #4038]

6187.   [bug]           Address view shutdown INSIST when accessing the
                        zonetable. [GL #4093]

6186.   [bug]           Fix a 'clients-per-query' miscalculation bug. When the
                        'stale-answer-enable' options was enabled and the
                        'stale-answer-client-timeout' option was enabled and
                        larger than 0, named was taking two places from the
                        'clients-per-query' limit for each client and was
                        failing to gradually auto-tune its value, as configured.
                        [GL #4074]

6185.   [func]          Add "ClientQuota" statistics channel counter, which
                        indicates the number of the resolver's spilled queries
                        due to reaching the clients per query quota. [GL !7978]

6184.   [func]          Special-case code that was added to allow GSS-TSIG
                        to work around bugs in the Windows 2000 version of
                        Active Directory has been removed. The 'nsupdate -o'
                        option and 'oldgsstsig' command have been
                        deprecated, and are now treated as synonyms for
                        'nsupdate -g' and 'gsstsig' respectively. [GL #4012]

6183.   [bug]           Fix a serve-stale bug where a delegation from cache
                        could be returned to the client. [GL #3950]

6182.   [cleanup]       Remove configure checks for epoll, kqueue and
                        /dev/poll. [GL #4098]

6181.   [placeholder]

6180.   [bug]           The session key object could be incorrectly added
                        to multiple different views' keyrings. [GL #4079]

6179.   [bug]           Fix an interfacemgr use-after-free error in
                        zoneconf.c:isself(). [GL #3765]

6178.   [func]          Add support for the multi-signer model 2 (RFC 8901) when
                        using inline-signing. [GL #2710]

6177.   [placeholder]

6176.   [test]          Add support for using pytest & pytest-xdist to
                        execute the system test suite. [GL #3978]

6175.   [test]          Fix the `upforwd` system test to be more reliable,

6174.   [placeholder]

6173.   [bug]           Properly process extra "nameserver" lines in
                        resolv.conf otherwise the next line is not properly
                        processed. [GL #4066]

6172.   [cleanup]       Refactor the loop manager and qp-trie code to remove
                        isc_qsbr and use liburcu instead. [GL #3936]

6171.   [cleanup]       Remove the stack implementation added in change 6108:
                        we are using the liburcu concurrent data structures
                        instead. [GL !7920]

6170.   [func]          The 'rndc -t' option allows a timeout to be set in
                        seconds, so that commands that take a long time to
                        complete (e.g., reloading a very large configuration)
                        can be given time to do so. The default is 60
                        seconds. [GL #4046]

6169.   [bug]           named could crash when deleting inline-signing zones
                        with "rndc delzone". [GL #4054]

6168.   [func]          Refactor the glue cache to store list of the GLUE
                        directly in the rdatasetheader instead of keeping
                        it in the hashtable indexed by the node pointer.
                        [GL #4045]

6167.   [func]          Add 'cdnskey' configuration option. [GL #4050]

6166.   [func]          Retry without DNS COOKIE on FORMERR if it appears that
                        the FORMERR was due to the presence of a DNS COOKIE
                        option. [GL #4049]

6165.   [bug]           Fix a logic error in dighost.c which could call the
                        dighost_shutdown() callback twice and cause problems
                        if the callback function was not idempotent. [GL #4039]
        --- 9.19.13 released ---

6164.   [bug]           Set the rndc idle read timeout back to 60 seconds,
                        from the netmgr default of 30 seconds, in order to
                        match the behavior of 9.16 and earlier. [GL #4046]

6163.   [func]          Add option to dnstap-read to use timestamps in
                        milliseconds (thanks to Oliver Ford). [GL #2360]

6162.   [placeholder]

6161.   [bug]           Fix log file rotation when using absolute path as
                        file. [GL #3991]

6160.   [bug]           'delv +ns' could print duplicate output. [GL #4020]

6159.   [bug]           Fix use-after-free bug in TCP accept connection
                        failure. [GL #4018]

6158.   [func]          Add ISC_LIST_FOREACH() and ISC_LIST_FOREACH_SAFE()
                        to walk the ISC_LIST() in a unified manner and use
                        the safe macro to fix the potential UAF when shutting
                        down the isc_httpd. [GL #4031]

6157.   [bug]           When removing delegations in an OPTOUT range
                        empty-non-terminal NSEC3 records generated by
                        those delegations were not removed. [GL #4027]

6156.   [bug]           Reimplement the maximum and idle timeouts for incoming
                        zone tranfers. [GL #4004]

6155.   [bug]           Treat ISC_R_INVALIDPROTO as a networking error
                        in the dispatch code to avoid retrying with the
                        same server. [GL #4005]

6154.   [func]          Add spinlock implementation.  The spinlock is much
                        smaller (8 bytes) than pthread_mutex (40 bytes), so
                        it can be easily embedded into objects for more
                        fine-grained locking (per-object vs per-bucket).

                        On the other hand, the spinlock is unsuitable for
                        situations where the lock might be held for a long
                        time as it keeps the waiting threads in a spinning
                        busy loop. [GL #3977]

6153.   [bug]           Fix the streaming protocols (TCP, TLS) shutdown
                        sequence. [GL #4011]

6152.   [bug]           In dispatch, honour the configured source-port
                        selection when UDP connection fails with address
                        in use error.

                        Also treat ISC_R_NOPERM same as ISC_R_ADDRINUSE.
                        [GL #3986]

6151.   [bug]           When the same ``notify-source`` address and port number
                        was configured for multiple destinations and zones, an
                        unresponsive server could tie up the socket until it
                        timed out; in the meantime, NOTIFY messages for other
                        servers silently failed.``named`` will now retry these
                        failing messages over TCP.  NOTIFY failures are now
                        logged at level INFO. [GL #4001] [GL #4002]

6150.   [bug]           If the zones have active upstream forwards, the
                        shutting down the server might cause assertion
                        failures as the forward were all canceled from
                        the main loop instead from the loops associated
                        with the zone. [GL #4015]

6149.   [test]          As a workaround, include an OpenSSL header file before
                        including cmocka.h in the unit tests, because OpenSSL
                        3.1.0 uses __attribute__(malloc), conflicting with a
                        redefined malloc in cmocka.h. [GL #4000]

6148.   [bug]           Fix a use-after-free bug in dns_xfrin_create().
                        [GL !7832]

6147.   [performance]   Fix the TCP server parent quota use. [GL #3985]
        --- 9.19.12 released ---

6146.   [performance]   Replace the zone table red-black tree and associated
                        locking with a lock-free qp-trie. [GL !7582]

6145.   [bug]           Fix a possible use-after-free bug in the
                        dns__catz_done_cb() function. [GL #3997]

6144.   [bug]           A reference counting problem (double detach) might
                        occur when shutting down zone transfer early after
                        switching the dns_xfrin to use dns_dispatch API.
                        [GL #3984]

6143.   [bug]           A reference counting problem on the error path in
                        the xfrin_connect_done() might cause an assertion
                        failure on shutdown.  [GL #3989]

6142.   [bug]           Reduce the number of dns_dnssec_verify calls made
                        determining if revoked keys needs to be removed from
                        the trust anchors. [GL #3981]

6141.   [bug]           Fix several issues in nsupdate timeout handling and
                        update the -t option's documentation. [GL #3674]

6140.   [func]          Implement automatic parental-agents ('checkds yes').
                        [GL #3901]

6139.   [func]          Add isc_histo_t general-purpose log-linear histograms,
                        and use them for message size statistics. [GL !7696]

6138.   [doc]           Fix the DF-flag documentation on the outgoing
                        UDP packets. [GL #3710]

6137.   [cleanup]       Remove the trampoline jump when spawning threads.
                        [GL !7293]

6136.   [cleanup]       Remove the isc_fsaccess API in favor of creating
                        temporary file first and atomically replace the key
                        with non-truncated content. [GL #3982]

6135.   [cleanup]       Change isc_stdtime_get(&t) to t = isc_stdtime_now().
                        [GL !7757]

6134.   [bug]           Fix a crash when dig or host receive a signal.
                        [GL #3970]

6133.   [cleanup]       Refactor the isc_job_run() to not make any allocations
                        by embedding isc_job_t into callback argument, and
                        running it directly.  As a side-effect, isc_async_run
                        and isc_job_run now executes jobs in the natural order.

                        Use the new improved API to execute connect, read and
                        send callbacks from netmgr in more straightforward
                        manner, speeding up the networking. [GL #3961]

6132.   [doc]           Remove a dead link in the DNSSEC guide. [GL #3967]

6131.   [test]          Add a minimal test-only library to allow testing
                        of the DNSRPS API without FastRPZ installed.
                        Thanks to Farsight Securty. [GL !7693]

6130.   [func]          The new "delv +ns" option activates name server mode,
                        in which delv sets up an internal recursive
                        resolver and uses that, rather than an external
                        server, to look up the requested data. All messages
                        sent and received during the resolution and
                        validation process are logged. This can be used in
                        place of "dig +trace"; it more accurately
                        replicates the behavior of named when resolving
                        a query. [GL #3842]

6129.   [cleanup]       Value stored to 'source' during its initialization is
                        never read. [GL #3965]

6128.   [bug]           Fix an omission in an earlier commit to avoid a race
                        between the 'dns__catz_update_cb()' and
                        'dns_catz_dbupdate_callback()' functions. [GL #3968]

6127.   [cleanup]       Refactor network manager netievent callbacks to
                        use isc_job_run()/isc_async_run(). [GL #3964]

6126.   [func]          Remove zone type "delegation-only" and the
                        "delegation-only" and "root-delegation-only"
                        options. [GL #3953]

6125.   [bug]           Hold a catz reference while the update process is
                        running, so that the catalog zone is not destroyed
                        during shutdown until the update process is finished or
                        properly canceled by the activated 'shuttingdown' flag.
                        [GL #3955]

6124.   [bug]           When changing from a NSEC3 capable DNSSEC algorithm to
                        an NSEC3 incapable DNSSEC algorithm using KASP the zone
                        could sometimes be incompletely signed. [GL #3937]

6123.   [placeholder]

6122.   [func]          BIND now requires liburcu for lock-free data structures
                        and concurrent safe memory reclamation. It replaces the
                        home-grown lock-free linked list and QSBR machinery
                        added in changes 6108 and 6109.  [GL #3935]

6121.   [cleanup]       Remove support for TKEY Mode 2 (Diffie-Hellman Exchanged
                        Keying). [GL #3905]
        --- 9.19.11 released ---

6120.   [bug]           Use two pairs of dns_db_t and dns_dbversion_t in a
                        catalog zone structure to avoid a race between the
                        dns__catz_update_cb() and dns_catz_dbupdate_callback()
                        functions. [GL #3907]

6119.   [bug]           Make sure to revert the reconfigured zones to the
                        previous version of the view, when the new view
                        reconfiguration fails during the configuration of
                        one of the configured zones. [GL #3911]

6118.   [func]          Add 'cds-digest-types' configuration option. Also allow
                        dnssec-signzone to create multple CDS records.
                        [GL #3837]

6117.   [func]          Add a qp-trie data structure. This is a foundation for
                        our plan to replace, in stages, BIND's red-black tree.
                        The qp-trie has lock-free multithreaded reads, using
                        QSBR for safe memory reclamation. [GL !7130]

6116.   [placeholder]

6115.   [bug]           Unregister db update notify callback before detaching
                        from the previous db inside the catz update notify
                        callback. [GL #3777]

6114.   [func]          Run the catalog zone update process on the offload
                        threads. [GL #3881]

6113.   [func]          Add shutdown signaling for catalog zones. [GL !7571]

6112.   [func]          Add reference count tracing for dns_catz_zone_t and
                        dns_catz_zones_t. [GL !7570]

6111.   [cleanup]       Move irs_resconf into libdns, and remove the
                        now empty libirs. [GL !7463]

6110.   [cleanup]       Refactor the dns_xfrin module to use dns_dispatch
                        to set up TCP connections and send and receive
                        messages. [GL #3886]

6109.   [func]          Infrastructure for QSBR, asynchronous safe memory
                        reclamation for lock-free data structures. [GL !7471]

6108.   [func]          Support for simple lock-free singly-linked stacks.
                        [GL !7470]

6107.   [cleanup]       Remove the dns_sdb API and rewrite the named
                        builtin databases to implement dns_db directly.
                        [GL #3882]

6106.   [cleanup]       Move bind9_getaddresses() to isc_getaddresses()
                        and remove the now empty libbind9. [GL !7462]

6105.   [bug]           Detach 'rpzs' and 'catzs' from the previous view in
                        configure_rpz() and configure_catz(), respectively,
                        just after attaching it to the new view. [GL #3880]

6104.   [cleanup]       Move libbind9's configuration checking code into
                        libisccfg alongside the other configuration code.
                        [GL !7461]

6103.   [func]          All uses of the isc_task and isc_event APIs have
                        been refactored to use isc_loop instead, and the
                        original APIs have been removed. [GL #3797]

6102.   [cleanup]       Several nugatory headers have been removed from libisc.
                        [GL !7464]

6101.   [port]          Clarify the portability dodge needed for `strerror_r()`
                        [GL !7465]

6100.   [cleanup]       Deprecate <isc/deprecated.h>, because obsolete
                        functions are now deleted instead of marked with
                        an attribute. [GL !7466]

6099.   [performance]   Change the internal read-write lock to modified C-RW-WP
                        algorithm that is more reader-writer fair and has better
                        performance for our workloads. [GL #1609]

6098.   [test]          Don't test HMAC-MD5 when not supported by libcrypto.
                        [GL #3871]

6097.   [port]          Improve support for yield / pause instructions in spin
                        loops on AArch64 platforms. [GL !7469]

6096.   [bug]           Fix RPZ reference counting error on shutdown in
                        dns__rpz_timer_cb(). [GL #3866]

6095.   [test]          Test various 'islands of trust' configurations when
                        using managed keys. [GL #3662]

6094.   [bug]           Building against (or running with) libuv versions
                        1.35.0 and 1.36.0 is now a fatal error.  The rules for
                        mixing and matching compile-time and run-time libuv
                        versions have been tightened for libuv versions between
                        1.35.0 and 1.40.0. [GL #3840]

6093.   [performance]   Reduce the size of each rdataset header object
                        by 16 bytes. [GL !7505]

6092.   [bug]           dnssec-cds failed to cleanup properly. [GL #3831]

6091.   [cleanup]       Drop RHEL 7 and clones support. [GL #3729]

6090.   [bug]           Fix a bug in resolver's resume_dslookup() function by
                        making sure that dns_resolver_createfetch() is called
                        with valid parameters, as required by the function.
                        [GL #3839]

6089.   [bug]           Source ports configured for query-source,
                        transfer-source, etc, were being ignored. (This
                        feature is deprecated, but it is not yet removed,
                        so the bug still needed fixing.) [GL #3790]

6088.   [cleanup]       /etc/bind.keys is no longer needed and has been
                        removed from the distribution. named and delv can
                        still load keys from a file for testing purposes,
                        but they no longer do so by default. [GL #3850]

6087.   [cleanup]       Remove support for the `DNS_NAME_DOWNCASE` option to
                        the various dns_*_fromwire() functions. It has long
                        been unused and is unsupported since change 6022.
                        [GL !7467]

6086.   [cleanup]       Remove some remnants of bitstring labels. [GL !7196]

6085.   [func]          Add isc_time_monotonic() to simplify time measurements.
                        [GL !7468]

6084.   [bug]           When BIND was built without jemalloc, the allocator flag
                        ISC_MEM_ZERO could return non-zero memory. [GL #3845]
        --- 9.19.10 released ---

6083.   [bug]           Fix DNSRPS-enabled builds as they were inadvertently
                        broken by changes 5949 and 6042. [GL #3827]

6082.   [test]          fuzz/dns_message_checksig leaked memory when shutting
                        down. [GL #3828]

6081.   [bug]           Handle primary server address lookup failures in
                        nsupdate more gracefully. [GL #3830]

6080.   [bug]           'named -V' leaked memory. [GL #3829]

6079.   [bug]           Force set the DS state after a 'rdnc dnssec -checkds'
                        command. [GL #3822]

6078.   [func]          Cleanup the memory statistic counters to a bare
                        minumum - InUse with Malloced as alias. [GL #3718]

6077.   [func]          Implement query forwarding to DoT-enabled upstream
                        servers. [GL #3726]

6076.   [bug]           Handle OS errors when creating UDP and TCP sockets
                        more gracefully. [GL #3800]

6075.   [bug]           Add missing node lock when setting node->wild in
                        add_wildcard_magic. [GL #3799]

6074.   [func]          Refactor the isc_nm_xfr_allowed() function to return
                        isc_result_t instead of boolean. [GL #3808]

6073.   [bug]           Set RD=1 on DS requests to parental-agents. [GL #3783]

6072.   [bug]           Avoid the OpenSSL lock contention when initializing
                        Message Digest Contexts by using explicit algorithm
                        fetching, initializing static contexts for every
                        supported algorithms, and initializing the new context
                        by copying the static copy. [GL #3795]

6071.   [func]          The use of "port" when configuring query-source,
                        transfer-source, notify-source and parental-source
                        addresses has been deprecated, along with the
                        use-v[46]-udp-ports and avoid-v[46]-udp-ports
                        options. A warning will be logged when these
                        options are used. In a future release, they
                        will be removed. [GL #3781]

6070.   [func]          DSCP parsing has now been fully removed, and
                        configuration of DSCP values in named.conf is a
                        configuration error. [GL #3789]

6069.   [bug]           Detach from the view in zone_shutdown() to
                        release the memory held by the dead view
                        early. [GL #3801]

6068.   [bug]           Downloading a zone via TLS from a server which does
                        not negotiate "dot" ALPN token could crash BIND
                        on shutdown. That has been fixed. [GL #3767]
        --- 9.19.9 released ---

6067.   [security]      Fix serve-stale crash when recursive clients soft quota
                        is reached. (CVE-2022-3924) [GL #3619]

6066.   [security]      Handle RRSIG lookups when serve-stale is active.
                        (CVE-2022-3736) [GL #3622]

6065.   [placeholder]

6064.   [security]      An UPDATE message flood could cause named to exhaust all
                        available memory. This flaw was addressed by adding a
                        new "update-quota" statement that controls the number of
                        simultaneous UPDATE messages that can be processed or
                        forwarded. The default is 100. A stats counter has been
                        added to record events when the update quota is
                        exceeded, and the XML and JSON statistics version
                        numbers have been updated. (CVE-2022-3094) [GL #3523]

6063.   [cleanup]       The RSA and ECDSA parts of the DNSSEC has been
                        refactored for a better OpenSSL 3.x integration and
                        preliminary PKCS#11 support via for OpenSSL Providers
                        has been added. [GL #3785]

6062.   [func]          The DSCP implementation, which has been
                        nonfunctional for some time, is now marked as
                        obsolete and the implementation has been removed.
                        Configuring DSCP values in named.conf has no
                        effect, and a warning will be logged that
                        the feature should no longer be used. [GL #3773]

6061.   [bug]           Fix unexpected "Prohibited" extended DNS error
                        on allow-recursion. [GL #3743]

6060.   [bug]           Fix a use-after-free bug in dns_zonemgr_releasezone()
                        by detaching from the zone manager outside of the write
                        lock. [GL #3768]

6059.   [bug]           In some serve stale scenarios, like when following an
                        expired CNAME record, named could return SERVFAIL if the
                        previous request wasn't successful. Consider non-stale
                        data when in serve-stale mode. [GL #3678]

6058.   [bug]           Prevent named from crashing when "rndc delzone"
                        attempts to delete a zone added by a catalog zone.
                        [GL #3745]

6057.   [bug]           Fix shutdown and error path bugs in the rpz unit.
                        [GL #3735]

6056.   [bug]           Fix a race in adb.c:clean_namehooks(), so that an ADB
                        entry does not expire without holding the entries lock.
                        [GL #3754]

6055.   [cleanup]       Remove setting alternate transfer sources, make options
                        alt-transfer-source, alt-transfer-transfer-source-v6,
                        and use-alt-transfer-source ancient. [GL #3714]

6054.   [func]          Refactor remote servers (primaries, parental-agents)
                        in zone.c. Store common code in new source files
                        remote.c and remote.h. Introduce a new way to set the
                        source address and port. [GL !7110]

6053.   [bug]           Fix an ADB quota management bug in resolver. [GL #3752]

6052.   [func]          Replace DNS over TCP and DNS over TLS transports
                        code with a new, unified transport implementation.
                        [GL #3374]

6051.   [bug]           Improve thread safety in the dns_dispatch unit.
                        [GL #3178] [GL #3636]

6050.   [bug]           Changes to the RPZ response-policy min-update-interval
                        and add-soa options now take effect as expected when
                        named is reconfigured. [GL #3740]

6049.   [bug]           Exclude ABD hashtables from the ADB memory
                        overmem checks and don't clean ADB names
                        and ADB entries used in the last 10 seconds
                        (ADB_CACHE_MINIMUM). [GL #3739]

6048.   [bug]           Fix a log message error in dns_catz_update_from_db(),
                        where serials with values of 2^31 or larger were logged
                        incorrectly as negative numbers. [GL #3742]

6047.   [bug]           Try the next server instead of trying the same
                        server again on an outgoing query timeout.
                        [GL #3637]

6046.   [bug]           TLS session resumption might lead to handshake
                        failures when client certificates are used for
                        authentication (Mutual TLS).  This has been fixed.
                        [GL #3725]

6045.   [cleanup]       The list of supported DNSSEC algorithms changed log
                        level from "warning" to "notice" to match named's other
                        startup messages. [GL !7217]

6044.   [bug]           There was an "RSASHA236" typo in a log message.
                        [GL !7206]
        --- 9.19.8 released ---

6043.   [bug]           The key file IO locks objects would never get
                        deleted from the hashtable due to off-by-one error.
                        [GL #3727]

6042.   [bug]           ANY responses could sometimes have the wrong TTL.
                        [GL #3613]

6041.   [func]          Set the RLIMIT_NOFILE to rlim_max returned from
                        getrlimit() instead of trying to guess the maximum
                        allowed value. [GL #3676]

6040.   [bug]           Speed up the named shutdown time by explicitly
                        canceling all recursing ns_client objects for
                        each ns_clientmgr. [GL #3183]

6039.   [bug]           Removing a catalog zone from catalog-zones without
                        also removing the referenced zone could leave a
                        dangling pointer. [GL #3683]

6038.   [placeholder]

6037.   [func]          Reject zones which have DS records not at delegation
                        points. [GL #3697]

6036.   [bug]           nslookup and host were not honoring the selected port
                        in TCP mode. [GL #3721]

6035.   [bug]           Refactor the dns_resolver unit to store the fetch
                        contexts and zone counter directly in the hash
                        tables without buckets and implement effective
                        cleaning of both objects. [GL #3709]

6034.   [func]          Deprecate alt-transfer-source, alt-transfer-source-v6
                        and use-alt-transfer-source. [GL #3694]

6033.   [func]          Log messages related to serve-stale now include the RR
                        type involved. [GL !7145]

6032.   [bug]           After change 5995, zone transfers were using a small
                        compression context that only had space for the first
                        few dozen names in each message. They now use a large
                        compression context with enough space for every name.
                        [GL #3706]

6031.   [bug]           Move the "final reference detached" log message
                        from dns_zone unit to the DEBUG(1) log level.
                        [GL #3707]

6030.   [bug]           Refactor the ADB to use a global LRU queue, store
                        the ADB names and ADB entries directly in the hash
                        tables instead of buckets, and properly clean the
                        ADB names and entries when not in use. [GL #3239]
                        [GL #3238] [GL #2615] [GL #2078] [GL #2437]
                        [GL #3312] [GL #2441]

6029.   [cleanup]       Remove the unused external cache cleaning mechanism
                        as RBTDB has its own internal cache cleaning
                        mechanism and we don't support any other database
                        implementations. [GL #3639]

6028.   [performance]   Build-time code generation of DNS RRtype switches
                        is now much faster. [GL !7121]

6027.   [bug]           Fix assertion failure in isc_http API used by
                        statschannel if the read callback would be called
                        on HTTP request that has been already closed.
                        [GL #3693]

6026.   [cleanup]       Deduplicate time unit conversion factors.
                        [GL !7033]

6025.   [bug]           Copy TLS identifier when setting up primaries for
                        catalog member zones. [GL #3638]

6024.   [func]          Deprecate 'auto-dnssec'. [GL #3667]

6023.   [func]          Remove dynamic update DNSSEC management feature.
                        [GL #3686]

6022.   [performance]   The decompression implementation in dns_name_fromwire()
                        is now smaller and faster. [GL #3655]

6021.   [bug]           Use the current domain name when checking answers from
                        a dual-stack-server. [GL #3607]

6020.   [bug]           Ensure 'named-checkconf -z' respects the check-wildcard
                        option when loading a zone.  [GL #1905]

6019.   [func]          Deprecate `coresize`, `datasize`, `files`, and
                        `stacksize` named.conf options. [GL #3676]

6018.   [cleanup]       Remove the --with-tuning configure option.
                        [GL #3664]

6017.   [bug]           The view's zone table was not locked when it should
                        have been leading to race conditions when external
                        extensions that manipulate the zone table where in
                        use. [GL #3468]

6016.   [func]          Change NSEC3PARAM TTL to match the SOA MINIMUM.
                        [GL #3570]

6015.   [bug]           Some browsers (Firefox) send more than 10 HTTP
                        headers.  Bump the number of allowed HTTP headers
                        to 100. [GL #3670]

6014.   [func]          Add isc_hashmap API implementation that implements
                        Robin Hood hashing.  The API requires the keys to
                        be stored with the stored value.  [GL !6790]
        --- 9.19.7 released ---

6013.   [bug]           Fix a crash that could happen when you change
                        a dnssec-policy zone with NSEC3 to start using
                        inline-signing. [GL #3591]

6012.   [placeholder]

6011.   [func]          Refactor the privilege setting part of named_os unit
                        to make libcap on Linux mandatory and use setreuid
                        and setregid if available. [GL #3583]

6010.   [func]          Make the initial interface scan happen before
                        dropping the privileges.  This requires exiting
                        exclusive mode before scanning the interfaces
                        and re-entering it again when we are done.  This
                        is because starting the listening on interfaces
                        requires the loopmgr to be running and not paused.
                        [GL #3583]

6009.   [bug]           Don't trust a placeholder KEYDATA from the managed-keys
                        zone by adding it into secroots. [GL #2895]

6008.   [bug]           Fixed a race condition that could cause a crash
                        in dns_zone_synckeyzone(). [GL #3617]

6007.   [cleanup]       Don't enforce the jemalloc use on NetBSD. [GL #3634]

6006.   [cleanup]       The zone dumping was using isc_task API to launch
                        the zonedump on the offloaded threadpool.  Remove
                        the task and launch the offloaded work directly.
                        [GL #3628]

6005.   [func]          The zone loading has been moved to the offload
                        threadpool instead of doing incremental repeated
                        tasks, so zone loading scheduling is now driven
                        by the operating system scheduler rather than fixed
                        (100) quantum. [GL #3625]

6004.   [func]          Add check-svcb to control the checking of additional
                        constraints on SVBC records.  This change impacts on
                        named, named-checkconf, named-checkzone,
                        named-compilezone and nsupdate. [GL #3576]

6003.   [bug]           Fix an inheritance bug when setting the port on
                        remote servers in configuration. [GL #3627]

6002.   [bug]           Fix a resolver prefetch bug when the record's TTL value
                        is equal to the configured prefetch eligibility value,
                        but the record was erroneously not treated as eligible
                        for prefetching. [GL #3603]

6001.   [bug]           Always call dns_adb_endudpfetch() after calling
                        dns_adb_beginudpfetch() for UDP queries in resolver.c,
                        in order to adjust back the quota. [GL #3598]

6000.   [bug]           Fix a startup issue on Solaris systems with many
                        (reportedly > 510) CPUs. Thanks to Stacey Marshall from
                        Oracle for deep investigation of the problem. [GL #3563]

5999.   [bug]           rpz-ip rules could be ineffective in some scenarios
                        with CD=1 queries. [GL #3247]

5998.   [placeholder]

5997.   [cleanup]       Less ceremonial UNEXPECTED_ERROR() and FATAL_ERROR()
                        reporting macros. [GL !6914]

5996.   [bug]           Fix a couple of bugs in cfg_print_duration(), which
                        could result in generating incomplete duration values
                        when printing the configuration using named-checkconf.
                        [GL !6880]

5995.   [performance]   A new algorithm for DNS name compression based on a
                        hash set of message offsets. Name compression is now
                        more complete as well as being generally faster, and
                        the implementation is less complicated and requires
                        much less memory. [GL !6517]

5994.   [func]          Refactor the isc_httpd implementation used in the
                        statistics channel. [GL !6879]

5993.   [cleanup]       Store dns_name_t attributes as boolean members of
                        the structure. Remove DNS_NAMEATTR_* macros.
                        Fix latent attribute handling bug in RBT. [GL !6902]
        --- 9.19.6 released ---

5992.   [func]          Introduce the new isc_mem_*x() APIs that takes extra
                        flags as the last argument.  Currently ISC_MEM_ZERO
                        and ISC_MEM_ALIGN(n) flags have been implemented that
                        clears the memory to avoid the isc_mem_get()/memset()
                        pattern and make aligned allocation which replaces the
                        previous isc_mem_*_aligned() calls. [GL !6398]

5991.   [protocol]      Add support for parsing and validating "dohpath" to
                        SVCB. [GL #3544]

5990.   [test]          fuzz/dns_message_checksig now creates the key directory
                        it uses when testing in /tmp at run time. [GL #3569]

5989.   [func]          Implement support for DDNS update forwarding using DoT
                        to TLS-enabled primary servers. [GL #3512]

5988.   [bug]           Some out of memory conditions in opensslrsa_link.c
                        could lead to memory leaks. [GL #3551]

5987.   [func]          Provide custom isc_mem based allocators for libuv,
                        OpenSSL and libxml2 libraries that support replacing
                        the internal allocators. [GL #3559]

5986.   [func]          Make the memory context debugging options local to
                        the memory context and make it immutable for the memory
                        context lifetime. [GL #3559]

5985.   [func]          Bump the minimal libuv version to 1.34.0. [GL #3567]

5984.   [func]          'named -V' now reports the list of supported
                        DNSSEC/DS/HMAC algorithms and the supported TKEY modes.
                        [GL #3541]

5983.   [bug]           Changing just the TSIG key names for primaries in
                        catalog zones' member zones was not effective.
                        [GL #3557]

5982.   [func]          Extend dig to allow requests to be signed using SIG(0)
                        as well as providing a mechanism to specify the signing
                        time. [GL !5923]

5981.   [test]          Add dns_message_checksig fuzzer to check messages
                        signed using TSIG or SIG(0). [GL !5923]

5980.   [func]          The internal isc_entropy API provider has been
                        changed from OpenSSL RAND_bytes() to uv_random()
                        to use system provided entropy. [GL !6803]

5979.   [func]          Implement DoT support for nsupdate. [GL #1781]

5978.   [port]          The ability to use pkcs11 via engine_pkcs11 has been
                        restored, by only using deprecated APIs in
                        OpenSSL 3.0.0. BIND needs to be compiled with
                        '-DOPENSSL_API_COMPAT=10100' specified in the CFLAGS
                        at compile time. [GL !6711]

5977.   [bug]           named could incorrectly return non-truncated, glueless
                        referrals for responses whose size was close to the UDP
                        packet size limit. [GL #1967]

5976.   [cleanup]       isc_timer_t objects are now created, started and
                        destroyed in a particular loop, and timer callbacks
                        run in that loop. isc_timer_stop() can still be called
                        from any loop; when run from a different loop than
                        the one associated with the timer, the request will
                        be recorded in atomic variable and the timer will
                        be stopped on the next callback call. [GL #3202]

5975.   [func]          Implement TLS transport support for dns_request and
                        dns_dispatch. [GL #3529]

5974.   [bug]           Fix an assertion failure in dispatch caused by
                        extra read callback call. [GL #3545]

5973.   [bug]           Fixed a possible invalid detach in UPDATE
                        processing. [GL #3522]

5972.   [bug]           Gracefully handle when the statschannel HTTP connection
                        gets cancelled during sending data back to the client.
                        [GL #3542]

5971.   [func]          Add libsystemd sd_notify() support. [GL #1176]

5970.   [func]          Log the reason why a query was refused. [GL !6669]

5969.   [bug]           DNSSEC signing statistics failed to identify the
                        algorithm involved.  The key names have been changed
                        to be the algorithm number followed by "+" followed
                        by the key id (e.g. "8+54274"). [GL #3525]

5968.   [cleanup]       Remove 'resolve' binary from tests. [GL !6733]

5967.   [cleanup]       Flagged the obsolete "random-device" option as
                        ancient; it is now an error to configure it. [GL #3399]

5966.   [func]          You can now specify if a server must return a DNS
                        COOKIE before accepting the response over UDP.
                        [GL #2295]

                        server <prefix> { require-cookie <yes_or_no>; };

5965.   [cleanup]       Move the duplicated ASCII case conversion tables to
                        isc_ascii where they can be shared, and replace the
                        various hot-path tolower() loops with calls to new
                        isc_ascii implementations. [GL !6516]

5964.   [func]          When an international domain name is not valid, DiG will
                        now pass it through unchanged, instead of stopping with
                        an error message. [GL #3527]

5963.   [bug]           Ensure struct named_server is properly initialized.
                        [GL #6531]
        --- 9.19.5 released ---

5962.   [security]      Fix memory leak in EdDSA verify processing.
                        (CVE-2022-38178) [GL #3487]

5961.   [placeholder]

5960.   [security]      Fix serve-stale crash that could happen when
                        stale-answer-client-timeout was set to 0 and there was
                        a stale CNAME in the cache for an incoming query.
                        (CVE-2022-3080) [GL #3517]

5959.   [security]      Fix memory leaks in the DH code when using OpenSSL 3.0.0
                        and later versions. The openssldh_compare(),
                        openssldh_paramcompare(), and openssldh_todns()
                        functions were affected. (CVE-2022-2906) [GL #3491]

5958.   [security]      When an HTTP connection was reused to get
                        statistics from the stats channel, and zlib
                        compression was in use, each successive
                        response sent larger and larger blocks of memory,
                        potentially reading past the end of the allocated
                        buffer. (CVE-2022-2881) [GL #3493]

5957.   [security]      Prevent excessive resource use while processing large
                        delegations. (CVE-2022-2795) [GL #3394]

5956.   [func]          Make RRL code treat all QNAMEs that are subject to
                        wildcard processing within a given zone as the same
                        name. [GL #3459]

5955.   [port]          The libxml2 library has deprecated the usage of
                        xmlInitThreads() and xmlCleanupThreads() functions. Use
                        xmlInitParser() and xmlCleanupParser() instead.
                        [GL #3518]

5954.   [func]          Fallback to IDNA2003 processing in dig when IDNA2008
                        conversion fails. [GL #3485]

5953.   [bug]           Fix a crash on shutdown in delete_trace_entry(). Add
                        mctx attach/detach pair to make sure that the memory
                        context used by a memory pool is not destroyed before
                        the memory pool itself. [GL #3515]

5952.   [bug]           Use quotes around address strings in YAML output.
                        [GL #3511]

5951.   [bug]           In some cases, the dnstap query_message field was
                        erroneously set when logging response messages.
                        [GL #3501]

5950.   [func]          Implement a feature to set an Extended DNS Error (EDE)
                        code on responses modified by RPZ. [GL #3410]

5949.   [func]          Add new isc_loopmgr API that runs the application
                        event loops and completely replaces the isc_app
                        API. Refactor the isc_taskmgr, isc_timermgr and
                        isc_netmgr to use the isc_loopmgr event loops.
                        [GL #3508]

5948.   [bug]           Fix nsec3.c:dns_nsec3_activex() function, add a missing
                        dns_db_detachnode() call. [GL #3500]

5947.   [func]          Change dnssec-policy to allow graceful transition from
                        an NSEC only zone to NSEC3. [GL #3486]

5946.   [bug]           Fix statistics channel's handling of multiple HTTP
                        requests in a single connection which have non-empty
                        request bodies. [GL #3463]

5945.   [bug]           If parsing /etc/bind.key failed, delv could assert
                        when trying to parse the built in trust anchors as
                        the parser hadn't been reset. [GL !6468]

5944.   [bug]           Fix +http-plain-get and +http-plain-post options
                        support in dig. Thanks to Marco Davids at SIDN for
                        reporting the problem. [GL !6672]

5943.   [placeholder]

5942.   [bug]           Fix tkey.c:buildquery() function's error handling by
                        adding the missing cleanup code. [GL #3492]

5941.   [func]          Zones with dnssec-policy now require dynamic DNS or
                        inline-siging to be configured explicitly. [GL #3381]

5940.   [placeholder]

5939.   [placeholder]

5938.   [bug]           An integer type overflow could cause an assertion
                        failure when freeing memory. [GL #3483]

5937.   [cleanup]       The dns_rdatalist_tordataset() and
                        dns_rdatalist_fromrdataset() functions can no
                        longer fail. Clean up their prototypes and error
                        handling, and that of other calling functions that
                        subsequently cannot fail, including
                        dns_message_setquerytsig(). [GL #3467]

5936.   [bug]           Don't enable serve-stale for lookups that error because
                        it is a duplicate query or a query that would be
                        dropped. [GL #2982]

5935.   [bug]           Fix DiG lookup reference counting bug, which could
                        be observed in NSSEARCH mode. [GL #3478]
        --- 9.19.4 released ---

5934.   [func]          Improve fetches-per-zone fetch limit logging to log
                        the final allowed and spilled values of the fetch
                        counters before the counter object gets destroyed.
                        [GL #3461]

5933.   [port]          Automatically disable RSASHA1 and NSEC3RSASHA1 in
                        named on Fedorda 33, Oracle Linux 9 and RHEL9 when
                        they are disabled by the security policy. [GL #3469]

5932.   [bug]           Fix rndc dumpdb -expired and always include expired
                        RRsets, not just for RBTDB_VIRTUAL time window.
                        [GL #3462]

5931.   [bug]           Fix DiG query error handling robustness in NSSEARCH
                        mode by making sure that udp_ready(), tcp_connected(),
                        and send_done() callbacks start the next query in chain
                        even if there is some kind of error with the previous
                        query. [GL #3419]

5930.   [bug]           Fix DiG query retry and fail-over bug in UDP mode.
                        Also simplify the overall retry and fail-over logic to
                        make it behave predictably, and always respect the
                        documented +retry/+tries count set by a command-line
                        option (or use the default values of 2 or 3
                        respectively). [GL #3407]

5929.   [func]          The use of the "max-zone-ttl" option in "zone" and
                        "options" blocks is now deprecated; this should
                        now be configured as part of "dnssec-policy"
                        instead. The old option still works in zones
                        with no "dnssec-policy" configured, but a warning
                        will be logged when loading configuration. Its
                        functionality will be removed in a future release.
                        Using "max-zone-ttl" and "dnssec-policy" in the
                        same zone is now a fatal error. [GL #2918]

5928.   [placeholder]

5927.   [bug]           A race was possible in dns_dispatch_connect()
                        that could trigger an assertion failure if two
                        threads called it near-simultaneously. [GL #3456]

5926.   [func]          Handle transient TCP connect() EADDRINUSE failures
                        on FreeBSD (and possibly other BSDs) by trying three
                        times before giving up. [GL #3451]

5925.   [bug]           With a forwarder configured for all queries, resolution
                        failures encountered during DS chasing could trigger
                        assertion failures due to a logic bug in
                        resume_dslookup() that caused it to call
                        dns_resolver_createfetch() with an invalid name.
                        [GL #3439]

5924.   [func]          When it's necessary to use AXFR to respond to an
                        IXFR request, a message explaining the reason
                        is now logged at level info. [GL #2683]

5923.   [bug]           Fix inheritance for dnssec-policy when checking for
                        inline-signing. [GL #3438]

5922.   [bug]           Forwarding of UPDATE message could fail with the
                        introduction of netmgr. This has been fixed. [GL #3389]

5921.   [test]          Convert system tests to use a default DNSKEY algorithm
                        where the test is not DNSKEY algorithm specific.
                        [GL #3440]

5920.   [bug]           Don't pass back the current name offset when the
                        compression is disabled in the non-improving case.
                        [GL #3423]
        --- 9.19.3 released ---

5919.   [func]          The "rndc fetchlimit" command lists name servers
                        and domain names that are being rate-limited by
                        "fetches-per-server" or "fetches-per-zone" limits.
                        [GL #665]

5918.   [test]          Convert system tests to use a default HMAC algorithm
                        where the test is not HMAC specific. [GL #3433]

5917.   [bug]           Update ifconfig.sh script as is miscomputed interface
                        identifiers when destroying interfaces. [GL #3061]

5916.   [bug]           When resolving a name, don't give up immediately if an
                        authoritative server returns FORMERR; try the other
                        servers first. [GL #3152]

5915.   [bug]           Detect missing closing brace (}) and computational
                        overflows in $GENERATE directives. [GL #3429]

5914.   [bug]           When synth-from-dnssec generated a response using
                        records from a higher zone, it could unexpectedly prove
                        non-existance of records in a subordinate grafted-on
                        namespace. [GL #3402]

5913.   [placeholder]

5912.   [cleanup]       The "glue-cache" option has been removed. The glue cache
                        feature still works and is now permanently enabled.
                        [GL #2147]

5911.   [bug]           Update HTTP listener settings on reconfiguration.
                        [GL #3415]

5910.   [cleanup]       Move built-in dnssec-policies into the defaultconf.
                        These are now printed with 'named -C'. [GL !6467]

5909.   [bug]           The server-side destination port was missing from dnstap
                        captures of client traffic. [GL #3309]

5908.   [bug]           Fix race conditions in route_connected(). [GL #3401]

5907.   [bug]           Fix a crash in dig NS search mode when one of the NS
                        server queries fail. [GL #3207]

5906.   [cleanup]       Various features (e.g. prefetch, RPZ) no longer share
                        common pointers when initiating recursion. This
                        rationalizes recursion quota handling and makes the
                        value of the RecursClients statistics counter more
                        accurate. [GL #3168]

5905.   [bug]           When the TCP connection would be closed/reset between
                        the connect/accept and the read, the uv_read_start()
                        return value would be unexpected and cause an assertion
                        failure. [GL #3400]

5904.   [func]          Changed dnssec-signzone -H default to 0 additional
                        NSEC3 iterations. [GL #3395]

5903.   [bug]           When named checks that the OPCODE in a response matches
                        that of the request, if there is a mismatch named logs
                        an error.  Some of those error messages incorrectly
                        used RCODE instead of OPCODE to lookup the nemonic.
                        This has been corrected. [GL !6420]

5902.   [func]          NXDOMAIN cache records are no longer retained in
                        the cache after expiry, even when serve-stale is
                        in use. [GL #3386]

5901.   [bug]           When processing a catalog zone member zone make sure
                        that there is no configured pre-existing forward-only
                        forward zone with that name. [GL #2506]

5900.   [placeholder]
        --- 9.19.2 released ---

5899.   [func]          Don't try to process DNSSEC-related and ZONEMD records
                        in catz. [GL #3380]

5898.   [cleanup]       Simplify BIND's internal DNS name compression API. As
                        RFC 6891 explains, it isn't practical to deploy new
                        label types or compression methods, so it isn't
                        necessary to have an API designed to support them.
                        Remove compression terminology that refers to Internet
                        Drafts that expired in the 1990s. [GL !6270]

5897.   [bug]           Views that weren't configured to use RFC 5011 key
                        management would still set up an empty managed-keys
                        zone. This has been fixed. [GL #3349]

5896.   [func]          Add some more dnssec-policy checks to detect weird
                        policies. [GL #1611]

5895.   [test]          Add new set of unit test macros and move the unit
                        tests under single namespace in /tests/. [GL !6243]

5894.   [func]          Avoid periodic interface re-scans on Linux by
                        default, where a reliable event-based mechanism for
                        detecting interface state changes is available.
                        [GL #3064]

5893.   [func]          Add TLS session resumption support to the client-side
                        TLS code. [GL !6274]

5892.   [cleanup]       Refactored the the hash tables in resolver.c to
                        use the isc_ht API. [GL !6271]

5891.   [func]          Key timing options for `dnssec-settime` and related
                        utilities now accept "UNSET" times as printed by
                        `dnssec-settime -p`. [GL #3361]

5890.   [bug]           When the fetches-per-server quota was adjusted
                        because of an authoritative server timing out more
                        or less frequently, it was incorrectly set to 1
                        rather than the intended value.  This has been
                        fixed. [GL #3327]

5889.   [cleanup]       Refactored and simplified the shutdown processes in
                        dns_view, dns_resolver, dns_requestmgr, and dns_adb
                        by reducing interdependencies between the objects.
                        [GL !6278]

5888.   [bug]           Only write key files if the dnssec-policy keymgr has
                        changed the metadata. [GL #3302]

5887.   [cleanup]       Remove the on-shutdown mechanics from isc_task API.
                        Replace it by isc_task_send() when we are shutting
                        down. [GL !6275]
        --- 9.19.1 released ---

5886.   [security]      Fix a crash in DNS-over-HTTPS (DoH) code caused by
                        premature TLS stream socket object deletion.
                        (CVE-2022-1183) [GL #3216]

5885.   [bug]           RPZ NSIP and NSDNAME rule processing didn't handle stub
                        and static-stub zones at or above the query name.  This
                        has now been addressed. [GL #3232]

5884.   [cleanup]       Reduce struct padding in ADB address entries, and use a
                        binary hash function to find addresses. [GL !6219]

5883.   [cleanup]       Move netmgr/uv-compat.{c,h} to <isc/uv.h>, so
                        the compatibility libuv shims could be used outside
                        the network manager. [GL !6199]

5882.   [contrib]       Avoid name space collision in dlz modules by prefixing
                        functions with 'dlz_'. [GL !5778]

5881.   [placeholder]

5880.   [func]          Add new named command-line option -C to print built-in
                        defaults. [GL #1326]

5879.   [contrib]       dlz: Add FALLTHROUGH and UNREACHABLE macros. [GL #3306]

5878.   [func]          Check the algorithm name or OID embedded at the start
                        of the signature field for PRIVATEDNS and PRIVATEOID
                        SIG and RRSIG records are well formed. [GL #3296]

5877.   [func]          Introduce the concept of broken catalog zones described
                        in the DNS catalog zones draft version 5 document.
                        [GL #3224]

5876.   [func]          Add DNS Extended Errors when stale answers are returned
                        from cache. [GL #2267]

5875.   [bug]           Fixed a deadlock that could occur if an rndc
                        connection arrived during the shutdown of network
                        interfaces. [GL #3272]

5874.   [placeholder]

5873.   [bug]           Refactor the fctx_done() function to set fctx to
                        NULL after detaching, so that reference counting
                        errors will be easier to avoid. [GL #2969]

5872.   [bug]           udp_recv() in dispatch could trigger an INSIST when the
                        callback's result indicated success but the response
                        was canceled in the meantime. [GL #3300]

5871.   [bug]           Fix dig hanging on TLS context creation errors.
                        [GL #3285]

5870.   [cleanup]       Remove redundant macros in the RBT implementation.
                        [GL !6158]

5869.   [func]          Enable use of IP(V6)_RECVERR on Linux that allows
                        the kernel to report destination host/network
                        unreachable errors to the userspace application.
                        [GL #4251]

5868.   [cleanup]       Use Daniel Lemire's "nearly divisionless" algorithm
                        for unbiased bounded random numbers, and move
                        re-seeding out of the hot path. [GL !6161]

5867.   [bug]           Fix assertion failure triggered by attaching to dns_adb
                        in dns_adb_createfind() that has been triggered to shut
                        down in different thread between the check for shutting
                        down condition and the attach to dns_adb. [GL #3298]

5866.   [bug]           Work around a jemalloc quirk which could trigger an
                        out-of-memory condition in named over time. [GL #3287]

5865.   [func]          Make statistics channel and control channel listen
                        on a single network manager thread. [GL !6032]

5864.   [func]          The OID embedded at the start of a PRIVATEOID public
                        key in a KEY, DNSKEY, CDNSKEY, or RKEY RR is now
                        checked for validity when reading from wire or from
                        zone files, and the OID is printed when
                        'dig +rrcomments' is used. Similarly, the name
                        embedded at the start of a PRIVATEDNS public key
                        is also checked for validity. [GL #3234]

5863.   [bug]           If there was a pending negative cache DS entry,
                        validations depending upon it could fail. [GL #3279]

5862.   [bug]           dig returned a 0 exit status on UDP connection failure.
                        [GL #3235]

5861.   [func]          Implement support for catalog zones change of ownership
                        (coo) mechanism described in the DNS catalog zones draft
                        version 5 document. [GL #3223]

5860.   [func]          Implement support for catalog zones options new syntax
                        based on catalog zones custom properties with "ext"
                        suffix described in the DNS catalog zones draft version
                        5 document. [GL #3222]

5859.   [bug]           Fix an assertion failure when using dig with +nssearch
                        and +tcp options by starting the next query in the
                        send_done() callback (like in the UDP mode) instead
                        of doing that recursively in start_tcp(). Also
                        ensure that queries interrupted while connecting
                        are detached properly. [GL #3144]

5858.   [bug]           Don't remove CDS/CDNSKEY DELETE records on zone sign
                        when using 'auto-dnssec maintain;'. [GL #2931]

5857.   [bug]           Fixed a possible crash during shutdown due to ADB
                        entries being unlinked from the hash table too
                        soon. [GL #3256]
        --- 9.19.0 released ---

5856.   [bug]           The "starting maxtime timer" message related to outgoing
                        zone transfers was incorrectly logged at the ERROR level
                        instead of DEBUG(1). [GL #3208]

5855.   [bug]           Ensure that zone maintenance queries have a retry limit.
                        [GL #3242]

5854.   [func]          Implement reference counting for TLS contexts and
                        allow reloading of TLS certificates on reconfiguration
                        without destroying the underlying TCP listener sockets
                        for TLS-based DNS transports. [GL #3122]

5853.   [bug]           When using both the `+qr` and `+y` options `dig` could
                        crash if the connection to the first server was not
                        successful. [GL #3244]

5852.   [func]          Add new "reuseport" option to enable/disable load
                        balancing of sockets. [GL #3249]

5851.   [placeholder]

5850.   [func]          Run the RPZ update process on the offload threads.
                        [GL #3190]

5849.   [cleanup]       Remove use of exclusive mode in ns_interfacemgr in
                        favor of rwlocked access to localhost and localnets
                        members of dns_aclenv_t structure. [GL #3229]

5848.   [bug]           dig could hang in some cases involving multiple servers
                        in a lookup, when a request fails and the next one
                        refuses to start for some reason, for example if it was
                        an IPv4 mapped IPv6 address. [GL #3248]

5847.   [cleanup]       Remove task privileged mode in favor of processing
                        all events in the loadzone task in a single run
                        by setting the quantum to UINT_MAX. [GL #3253]

5846.   [func]          In dns_zonemgr, create per-thread task, zonetask, and
                        loadtask and pin the zones to individual threads,
                        instead of having "many", spreading the zones among
                        them and hoping for the best.  This also removes any
                        need to dynamically reallocate the pools with memory
                        contexts and tasks. [GL #3226]

5845.   [bug]           Refactor the timer to keep track of posted events
                        as to use isc_task_purgeevent() instead of using
                        isc_task_purgerange().  The isc_task_purgeevent()
                        has been refactored to purge a single event instead
                        of walking through the list of posted events.
                        [GL #3252]

5844.   [bug]           dig +nssearch was hanging until manually interrupted.
                        [GL #3145]

5843.   [bug]           When an UPDATE targets a zone that is not configured,
                        the requested zone name is now logged in the "not
                        authoritative" error message, so that it is easier to
                        track down problematic update clients. [GL #3209]

5842.   [cleanup]       Remove the task exclusive mode use in ns_clientmgr.
                        [GL #3230]

5841.   [bug]           Refactor the address database:
                        - Use self-resizing hash tables, eliminating the
                          need to go into task-exclusive mode when resizing.
                        - Simplify reference counting of ADB objects
                          and the process for shutting down. [GL #3213]

5840.   [cleanup]       Remove multiple application context use in dns_client
                        unit. [GL !6041]

5839.   [func]          Add support for remote TLS certificates
                        verification, both to BIND and dig, making it possible
                        to implement Strict and Mutual TLS authentication,
                        as described in RFC 9103, Section 9.3. [GL #3163]

5838.   [cleanup]       When modifying a member zone in a catalog zone, and it
                        is detected that the zone exists and was not created by
                        the current catalog zone, distinguish the two cases when
                        the zone was not added by a catalog zone at all, and
                        when the zone was added by a different catalog zone,
                        and log a warning message accordingly. [GL #3221]

5837.   [func]          Key timing options for `dnssec-keygen` and
                        `dnssec-settime` now accept times as printed by
                        `dnssec-settime -p`. [GL !2947]

5836.   [bug]           Quote the dns64 prefix in error messages that complain
                        about problems with it, to avoid confusion with the
                        following dns64 ACLs. [GL #3210]

5835.   [cleanup]       Remove extrahandlesize from the netmgr, the callers
                        now have to allocate the object before calling
                        isc_nm_setdata() and deallocate the memory in the close
                        callback passed to isc_nm_setdata(). [GL #3227]

5834.   [cleanup]       C99 variable-length arrays are difficult to use safely,
                        so avoid them except in test code. [GL #3201]

5833.   [bug]           When encountering socket error while trying to initiate
                        a TCP connection to a server, dig could hang
                        indefinitely, when there were more servers to try.
                        [GL #3205]

5832.   [bug]           When timing-out or having other types of socket errors
                        during a query, dig wasn't trying to perform the lookup
                        using other servers, in case they exist. [GL #3128]

5831.   [bug]           When resending a UDP request in the result of a timeout,
                        the recv_done() function in dighost.c was prepending
                        the new query into the loookup's queries list instead
                        of inserting, which could cause an assertion failure
                        when the resent query's result was SERVFAIL. [GL #3020]

5830.   [func]          Implement incremental resizing of isc_ht hash tables to
                        perform the rehashing gradually. The catalog zone
                        implementation has been optimized to work with hundreds
                        of thousands of member zones. [GL #3212] [GL #3744]

5829.   [func]          Refactor and simplify isc_timer API in preparation
                        for further refactoring on top of network manager
                        loops. [GL #3202]

5828.   [bug]           Replace single TCP write timer with per-TCP write
                        timers. [GL #3200]

5827.   [cleanup]       The command-line utilities printed their version numbers
                        inconsistently; they all now print to stdout. (They are
                        still inconsistent abotut whether you use `-v` or `-V`
                        to request the version). [GL #3189]

5826.   [cleanup]       Stop dig from complaining about lack of IDN support when
                        the user asks for no IDN translation. [GL #3188]

5825.   [func]          Set the minimum MTU on UDPv6 and TCPv6 sockets and
                        limit TCP maximum segment size (TCP_MAXSEG) to (1220)
                        for both TCPv4 and TCPv6 sockets. [GL #2201]

5824.   [bug]           Invalid dnssec-policy definitions were being accepted
                        where the defined keys did not cover both KSK and ZSK
                        roles for a given algorithm.  This is now checked for
                        and the dnssec-policy is rejected if both roles are
                        not present for all algorithms in use. [GL #3142]

5823.   [func]          Replace hazard pointers based lock-free list with
                        locked-list based queue that's simpler and has no or
                        little performance impact. [GL #3180]

5822.   [bug]           When calling dns_dispatch_send(), attach/detach
                        dns_request_t object as the read callback could
                        be called before send callback dereferencing
                        dns_request_t object too early. [GL #3105]

5821.   [bug]           Fix query context management issues in the TCP part
                        of dig. [GL #3184]

5820.   [security]      An assertion could occur in resume_dslookup() if the
                        fetch had been shut down earlier. (CVE-2022-0667)
                        [GL #3129]

5819.   [security]      Lookups involving a DNAME could trigger an INSIST when
                        "synth-from-dnssec" was enabled. (CVE-2022-0635)
                        [GL #3158]

5818.   [security]      A synchronous call to closehandle_cb() caused
                        isc__nm_process_sock_buffer() to be called recursively,
                        which in turn left TCP connections hanging in the
                        CLOSE_WAIT state blocking indefinitely when
                        out-of-order processing was disabled. (CVE-2022-0396)
                        [GL #3112]

5817.   [security]      The rules for acceptance of records into the cache
                        have been tightened to prevent the possibility of
                        poisoning if forwarders send records outside
                        the configured bailiwick. (CVE-2021-25220) [GL #2950]

5816.   [bug]           Make BIND compile with LibreSSL 3.5.0, as it was using
                        not very accurate pre-processor checks for using shims.
                        [GL #3172]

5815.   [bug]           If an oversized key name of a specific length was used
                        in the text form of an HTTP or SVBC record, an INSIST
                        could be triggered when parsing it. [GL #3175]

5814.   [bug]           The RecursClients statistics counter could underflow
                        in certain resolution scenarios. [GL #3147]

5813.   [func]          The "keep-response-order" ACL has been declared
                        obsolete, and is now non-operational. [GL #3140]

5812.   [func]          Drop the artificial limit on the number of queries
                        processed in a single TCP read callback. [GL #3141]

5811.   [bug]           Reimplement the maximum and idle timeouts for outgoing
                        zone tranfers. [GL #1897]

5810.   [func]          New option '-J' for dnssec-signzone and dnssec-verify
                        allows loading journal files. [GL #2486]

5809.   [bug]           Reset client TCP connection when data received cannot
                        be parsed as a valid DNS request. [GL #3149]

5808.   [bug]           Certain TCP failures were not caught and handled
                        correctly by the dispatch manager, causing
                        connections to time out rather than returning
                        SERVFAIL. [GL #3133]

5807.   [bug]           Add a TCP "write" timer, and time out writing
                        connections after the "tcp-idle-timeout" period
                        has elapsed. [GL #3132]

5806.   [bug]           An error in checking the "blackhole" ACL could cause
                        DNS requests sent by named to fail if the
                        destination address or prefix was specifically
                        excluded from the ACL. [GL #3157]

5805.   [func]          The result of each resolver priming attempt is now
                        included in the "resolver priming query complete" log
                        message. [GL #3139]

5804.   [func]          Add a debug log message when starting and ending
                        the task exclusive mode. [GL #3137]

5803.   [func]          Use compile-time paths in the documentation.
                        [GL #2717]

5802.   [test]          Add system test to test engine_pkcs11. [GL !5727]

5801.   [bug]           Log "quota reached" message when hard quota
                        is reached when accepting a connection. [GL #3125]

5800.   [func]          Add ECS support to the DLZ interface. [GL #3082]

5799.   [bug]           Use L1 cache-line size detected at runtime. [GL #3108]

5798.   [test]          Add system test to test dnssec-keyfromlabel. [GL #3092]

5797.   [bug]           A failed view configuration during a named
                        reconfiguration procedure could cause inconsistencies
                        in BIND internal structures, causing a crash or other
                        unexpected errors. [GL #3060]

5796.   [bug]           Ignore the invalid (<= 0) values returned
                        by the sysconf() check for the L1 cache line
                        size.  [GL #3108]

5795.   [bug]           rndc could crash when interrupted by a signal
                        before receiving a response. [GL #3080]

5794.   [func]          Set the IPV6_V6ONLY on all IPv6 sockets to
                        restrict the IPv6 sockets to sending and
                        receiving IPv6 packets only. [GL #3093]

5793.   [bug]           Correctly detect and enable UDP recvmmsg support
                        in all versions of libuv that support it. [GL #3095]

5792.   [bug]           Don't schedule zone events on ISC_R_SHUTTINGDOWN
                        event failures. [GL #3084]

5791.   [func]          Remove workaround for servers returning FORMERR
                        when receiving NOTIFY query with SOA record in
                        ANSWER section. [GL #3086]

5790.   [bug]           The control channel was incorrectly looking for
                        ISC_R_CANCELED as a signal that the named is
                        shutting down.  In the dispatch refactoring,
                        the result code returned from network manager
                        is now ISC_R_SHUTTINGDOWN.  Change the control
                        channel code to use ISC_R_SHUTTINGDOWN result
                        code to detect named being shut down. [GL #3079]
        --- 9.17.22 released ---

5789.   [bug]           Allow replacing expired zone signatures with
                        signatures created by the KSK. [GL #3049]

5788.   [bug]           An assertion could occur if a catalog zone event was
                        scheduled while the task manager was being shut
                        down. [GL #3074]

5787.   [doc]           Update 'auto-dnssec' documentation, it may only be
                        activated at zone level. [GL #3023]

5786.   [bug]           Defer detaching from zone->raw in zone_shutdown() if
                        the zone is in the process of being dumped to disk, to
                        ensure that the unsigned serial number information is
                        always written in the raw-format header of the signed
                        version on an inline-signed zone. [GL #3071]

5785.   [bug]           named could leak memory when two dnssec-policy clauses
                        had the same name. named failed to log this error.
                        [GL #3085]

5784.   [func]          Implement TLS-contexts reuse. Reusing the
                        previously created TLS context objects can reduce
                        initialisation time for some configurations and enables
                        TLS session resumption for incoming zone transfers over
                        TLS (XoT). [GL #3067]

5783.   [func]          named is now able to log TLS pre-master secrets for
                        debugging purposes. This requires setting the
                        SSLKEYLOGFILE environment variable appropriately.
                        [GL #2723]

5782.   [func]          Use ECDSA P-256 instead of a 4096-bit RSA when
                        generating ephemeral key and certificate for the
                        'tls ephemeral' configuration. [GL #2264]

5781.   [bug]           Make BIND work with OpenSSL 3.0.1 as it is now
                        enforcing minimum buffer lengths in EVP_MAC_final and
                        hence EVP_DigestSignFinal.  rndc and TSIG at a minimum
                        were broken by this change. [GL #3057]

5780.   [bug]           The Linux kernel may send netlink messages
                        indicating that network interfaces have changed
                        when they have not. This caused frequent unnecessary
                        re-scans of the interfaces.  Netlink messages now
                        only trigger re-scanning if a new address is seen
                        or an existing address is removed. [GL #3055]

5779.   [test]          Drop cppcheck suppressions and workarounds. [GL #2886]

5778.   [bug]           Destroyed TLS contexts could have been used after a
                        reconfiguration, making BIND unable to serve queries
                        over TLS and HTTPS. [GL #3053]

5777.   [bug]           TCP connections could hang after receiving
                        non-matching responses. [GL #3042]

5776.   [bug]           Add a missing isc_condition_destroy() for nmsocket
                        condition variable and add missing isc_mutex_destroy()
                        for nmworker lock. [GL #3051]
        --- 9.17.21 released ---

5775.   [bug]           Added a timer in the resolver to kill fetches that
                        have deadlocked as a result of dependency loops
                        with the ADB or the validator. This condition is
                        now logged with the message "shut down hung fetch
                        while resolving '<name>/<type>'". [GL #3040]

5774.   [func]          Restore NSEC Aggressive Cache ("synth-from-dnssec")
                        as active by default. It is limited to NSEC only
                        and by default ignores NSEC records with next name
                        in form \000.domain. [GL #1265]

5773.   [func]          Change the message when accepting TCP connection has
                        failed to say "Accepting TCP connection failed" and
                        change the log level for ISC_R_NOTCONNECTED, ISC_R_QUOTA
                        and ISC_R_SOFTQUOTA results codes from ERROR to INFO.
                        [GL #2700]

5772.   [bug]           The resolver could hang on shutdown due to dispatch
                        resources not being cleaned up when a TCP connection
                        was reset. [GL #3026]

5771.   [bug]           Use idn2 UseSTD3ASCIIRules=false to disable additional
                        unicode validity checks because enabling the additional
                        checks would break valid domain names that contains
                        non-alphanumerical characters such as underscore
                        character (_) or wildcard (*).  This reverts change
                        [GL !5738] from the previous release. [GL #1610]

5770.   [func]          BIND could abort on startup on systems using old
                        OpenSSL versions when 'protocols' option is used inside
                        a 'tls' statement. [GL !5602]

5769.   [func]          Added support for client-side 'tls' parameters when
                        doing incoming zone transfers via XoT. [GL !5602]

5768.   [bug]           dnssec-dsfromkey failed to omit revoked keys. [GL #853]

5767.   [func]          Extend allow-transfer option with 'port' and
                        'transport' options to restrict zone transfers to
                        a specific port and DNS transport protocol.
                        [GL #2776]

5766.   [func]          Unused 'tls' clause options 'ca-file' and 'hostname'
                        were disabled. [GL !5600]

5765.   [bug]           Fix a bug in DoH implementation making 'dig'
                        abort when ALPN negotiation fails. [GL #3022]

5764.   [bug]           dns_sdlz_putrr failed to process some valid resource
                        records. [GL #3021]

5763.   [bug]           Fix a bug in DoT code leading to an abort when
                        a zone transfer ends with an unexpected DNS message.
                        [GL #3004]

5762.   [bug]           Fix a "named" crash related to removing and restoring a
                        `catalog-zone` entry in the configuration file and
                        running `rndc reconfig`. [GL #1608]

5761.   [bug]           OpenSSL 3.0.0 support could fail to correctly read
                        ECDSA private keys leading to incorrect signatures
                        being generated. [GL #3014]

5760.   [bug]           Prevent a possible use-after-free error in resolver.
                        [GL #3018]

5759.   [func]          Set Extended DNS Error Code 18 - Prohibited if query
                        access is denied to the specific client. [GL #1836]

5758.   [bug]           mdig now honors the operating system's preferred
                        ephemeral port range. [GL #2374]

5757.   [test]          Replace sed in nsupdate system test with awk to
                        construct the nsupdate command.  The sed expression
                        was not reliably changing the ttl. [GL #3003]

5756.   [func]          Assign HTTP freshness lifetime to responses sent
                        via DNS-over-HTTPS, according to the recommendations
                        given in RFC 8484. [GL #2854]
        --- 9.17.20 released ---

5755.   [bug]           The statistics channel wasn't correctly handling
                        multiple HTTP requests, or pipelined or truncated
                        requests. [GL #2973]

5754.   [bug]           "tls" statements may omit "key-file" and "cert-file",
                        but if either one is specified, then both must be.
                        [GL #2986]

5753.   [placeholder]

5752.   [bug]           Fix an assertion failure caused by missing member zones
                        during a reload of a catalog zone. [GL #2308]

5751.   [port]          Add support for OpenSSL 3.0.0.  OpenSSL 3.0.0
                        deprecated 'engine' support.  If OpenSSL 3.0.0 has
                        been built without support for deprecated functionality
                        pkcs11 via engine_pkcs11 is no longer available.
                        [GL #2843]

5750.   [bug]           Fix a bug when comparing two RSA keys. There was a typo
                        which caused the "p" prime factors to not being
                        compared. [GL #2972]

5749.   [bug]           Handle duplicate references to the same catalog
                        zone gracefully. [GL #2916]

5748.   [func]          Update "nsec3param" defaults to iterations 0, salt
                        length 0. [GL #2956]

5747.   [func]          Update rndc serve-stale status output to be less
                        confusing. [GL #2742]

5746.   [bug]           A lame server delegation could lead to a loop in which
                        a resolver fetch depends on an ADB find which depends
                        on the same resolver fetch. Previously, this would
                        cause the fetch to hang until timing out, but after
                        change #5730 it would hang forever. The condition is
                        now detected and avoided. [GL #2927]

5745.   [bug]           Fetch context objects now use attach/detach
                        semantics to make it easier to find and debug
                        reference-counting errors, and several such errors
                        have been fixed. [GL #2953]

5744.   [func]          The network manager is now used for netlink sockets
                        to monitor network interface changes. This was the
                        last remaining use of the old isc_socket and
                        isc_socketmgr APIs, so they have now been removed.
                        The "named -S" argument and the "reserved-sockets"
                        option in named.conf have no function now, and are
                        deprecated. "socketmgr" statistics are no longer
                        reported in the statistics channel. [GL #2926]

5743.   [func]          Add finer-grained "update-policy" rules,
                        "krb5-subdomain-self-rhs" and "ms-subdomain-self-rhs",
                        which restrict SRV and PTR record changes, allowing
                        only records whose content matches the machine name
                        embedded in the Kerberos principal making the change.
                        [GL #481]

5742.   [func]          ISC_LIKELY() and ISC_UNLIKELY() macros have been
                        removed. [GL #2952]

5741.   [bug]           Log files with "timestamp" suffixes could be left in
                        place after rolling, even if the number of preserved
                        log files exceeded the configured "versions" limit.
                        [GL #828]

5740.   [func]          Implement incremental resizing of RBT hash table to
                        perform the rehashing gradually. [GL #2941]

5739.   [func]          Change default of 'dnssec-dnskey-kskonly' to 'yes'.
                        [GL #1316]

5738.   [bug]           Enable idn2 UseSTD3ASCIIRules=true to implement
                        additional unicode validity checks. [GL #1610]

5737.   [bug]           Address Coverity warning in lib/dns/dnssec.c.
                        [GL #2935]
        --- 9.17.19 released ---

5736.   [security]      The "lame-ttl" option is now forcibly set to 0. This
                        effectively disables the lame server cache, as it could
                        previously be abused by an attacker to significantly
                        degrade resolver performance. (CVE-2021-25219)
                        [GL #2899]

5735.   [cleanup]       The result codes which BIND 9 uses internally are now
                        all defined as a single list of enum values rather than
                        as multiple sets of integers scattered around shared
                        libraries. This prevents the need for locking in some
                        functions operating on result codes, and makes result
                        codes more debugger-friendly. [GL #719]

5734.   [bug]           Fix intermittent assertion failures in dig which were
                        triggered during zone transfers. [GL #2884]

5733.   [func]          Require the "dot" Application-Layer Protocol Negotiation
                        (ALPN) token to be selected in the TLS handshake for
                        zone transfers over TLS (XoT), as required by RFC 9103
                        section 7.1. [GL #2794]

5732.   [cleanup]       Remove the dns_lib_init(), dns_lib_shutdown(),
                        ns_lib_init(), and ns_lib_shutdown() functions, as they
                        no longer served any useful purpose. [GL #88]

5731.   [bug]           Disallow defining "http" configuration clauses called
                        "default" as they were silently ignored. [GL #2925]

5730.   [func]          The resolver and the request and dispatch managers have
                        been substantially refactored, and are now based on the
                        network manager instead of the old isc_socket API. All
                        outgoing DNS queries and requests now use the new API;
                        isc_socket is only used to monitor for network interface
                        changes. [GL #2401]

5729.   [func]          Allow finer control over TLS protocol configuration by
                        implementing new options for "tls" configuration clauses
                        ("dhparam-file", "ciphers", "prefer-server-ciphers",
                        "session-tickets"). These options make achieving perfect
                        forward secrecy (PFS) possible for DNS-over-TLS (DoT)
                        and DNS-over-HTTPS (DoH). [GL #2796]

5728.   [func]          Allow specifying supported TLS protocol versions for
                        each "tls" configuration clause. [GL #2795]

5727.   [placeholder]

5726.   [bug]           Fix a use-after-free bug which was triggered while
                        checking for duplicate "http" configuration clauses.
                        [GL #2924]

5725.   [bug]           Fix an assertion failure triggered by passing an invalid
                        HTTP path to dig. [GL #2923]

5724.   [bug]           Address a potential deadlock when checking zone content
                        consistency. [GL #2908]

5723.   [bug]           Change 5709 broke backward compatibility for the
                        "check-names master ..." and "check-names slave ..."
                        options. This has been fixed. [GL #2911]

5722.   [bug]           Preserve the contents of the receive buffer for TCPDNS
                        and TLSDNS when growing its size. [GL #2917]

5721.   [func]          A new realloc()-like function, isc_mem_reget(), was
                        added to the libisc API for resizing memory chunks
                        allocated using isc_mem_get(). Memory (re)allocation
                        functions are now guaranteed to return non-NULL pointers
                        for zero-sized allocation requests. [GL !5440]

5720.   [contrib]       Remove old-style DLZ drivers that had to be enabled at
                        build time. [GL #2814]

5719.   [func]          Remove support for the "map" zone file format.
                        [GL #2882]

5718.   [bug]           The "sig-signing-type" zone configuration option was
                        processed incorrectly, causing valid configurations to
                        be rejected. This has been fixed. [GL #2906]

5717.   [func]          The "cache-file" option, which was documented as "for
                        testing purposes only" and not to be used, has been
                        removed. [GL #2903]

5716.   [placeholder]

5715.   [func]          Add a check for ports specified in "*-source(-v6)"
                        options clashing with a global listening port. Such a
                        configuration was already unsupported, but it failed
                        silently; it is now treated as an error. [GL #2888]

5714.   [bug]           Remove the "adjust interface" mechanism which was
                        responsible for setting up listeners on interfaces when
                        the "*-source(-v6)" address and port were the same as
                        the "listen-on(-v6)" address and port. Such a
                        configuration is no longer supported; under certain
                        timing conditions, that mechanism could prevent named
                        from listening on some TCP ports. This has been fixed.
                        [GL #2852]

5713.   [func]          Add "primaries" as a synonym for "masters" and
                        "default-primaries" as a synonym for "default-masters"
                        in catalog zone configuration options. [GL #2818]

5712.   [func]          Remove native PKCS#11 support in favor of engine_pkcs11
                        from the OpenSC project. [GL #2691]
        --- 9.17.18 released ---

5711.   [bug]           "map" files exceeding 2GB in size failed to load due to
                        a size comparison that incorrectly treated the file size
                        as a signed integer. [GL #2878]

5710.   [placeholder]

5709.   [func]          When reporting zone types in the statistics channel, the
                        terms "primary" and "secondary" are now used instead of
                        "master" and "slave", respectively. Enum values
                        throughout the code have been updated to use this
                        terminology as well. [GL #1944]

5708.   [placeholder]

5707.   [bug]           A bug was fixed which prevented dig from querying
                        DNS-over-HTTPS (DoH) servers via IPv6. [GL #2860]

5706.   [cleanup]       Support for external applications to register with
                        libisc and use it has been removed. Export versions of
                        BIND 9 libraries have not been supported for some time,
                        but the isc_lib_register() function was still available;
                        it has now been removed. [GL !2420]

5705.   [bug]           Change #5686 altered the internal memory structure of
                        zone databases, but neglected to update the MAPAPI value
                        for zone files in "map" format. This caused named to
                        attempt to load incompatible map files, triggering an
                        assertion failure on startup. The MAPAPI value has now
                        been updated, so named rejects outdated files when
                        encountering them. [GL #2872]

5704.   [bug]           Change #5317 caused the EDNS TCP Keepalive option to be
                        ignored inadvertently in client requests. It has now
                        been fixed and this option is handled properly again.
                        [GL #1927]

5703.   [bug]           Fix a crash in dig caused by closing an HTTP/2 socket
                        associated with an unused HTTP/2 session. [GL #2858]

5702.   [bug]           Improve compatibility with DNS-over-HTTPS (DoH) clients
                        by allowing HTTP/2 request headers in any order.
                        [GL #2875]

5701.   [bug]           named-checkconf failed to detect syntactically invalid
                        values of the "key" and "tls" parameters used to define
                        members of remote server lists. [GL #2461]

5700.   [bug]           When a member zone was removed from a catalog zone,
                        journal files for the former were not deleted.
                        [GL #2842]

5699.   [func]          Data structures holding DNSSEC signing statistics are
                        now grown and shrunk as necessary upon key rollover
                        events. [GL #1721]

5698.   [bug]           When a DNSSEC-signed zone which only has a single
                        signing key available is migrated to use KASP, that key
                        is now treated as a Combined Signing Key (CSK).
                        [GL #2857]

5697.   [func]          dnssec-cds now only generates SHA-2 DS records by
                        default and avoids copying deprecated SHA-1 records from
                        a child zone to its delegation in the parent. If the
                        child zone does not publish SHA-2 CDS records,
                        dnssec-cds will generate them from the CDNSKEY records.
                        The "-a algorithm" option now affects the process of
                        generating DS digest records from both CDS and CDNSKEY
                        records. Thanks to Tony Finch. [GL #2871]

5696.   [protocol]      Support for HTTPS and SVCB record types has been added.
                        [GL #1132]

5695.   [func]          Add a new dig command-line option, "+showbadcookie",
                        which causes a BADCOOKIE response message to be
                        displayed when it is received from the server.
                        [GL #2319]

5694.   [bug]           Stale data in the cache could cause named to send
                        non-minimized queries despite QNAME minimization being
                        enabled. [GL #2665]

5693.   [func]          Restore support for reading "timeout" and "attempts"
                        options from /etc/resolv.conf, and use their values in
                        dig, host, and nslookup. (This was previously supported
                        by liblwres, and was still mentioned in the man pages,
                        but had stopped working after liblwres was deprecated in
                        favor of libirs.) [GL #2785]

5692.   [bug]           Fix a rare crash in DNS-over-HTTPS (DoH) code caused by
                        detaching from an HTTP/2 session handle too early when
                        sending data. [GL #2851]

5691.   [bug]           When a dynamic zone was made available in another view
                        using the "in-view" statement, running "rndc freeze"
                        always reported an "already frozen" error even though
                        the zone was successfully frozen. [GL #2844]

5690.   [func]          dnssec-signzone now honors Predecessor and Successor
                        metadata found in private key files: if a signature for
                        an RRset generated by the inactive predecessor exists
                        and does not need to be replaced, no additional
                        signature is now created for that RRset using the
                        successor key. This enables dnssec-signzone to gradually
                        replace RRSIGs during a ZSK rollover. [GL #1551]
        --- 9.17.17 released ---

5689.   [security]      An assertion failure occurred when named attempted to
                        send a UDP packet that exceeded the MTU size, if
                        Response Rate Limiting (RRL) was enabled.
                        (CVE-2021-25218) [GL #2856]

5688.   [bug]           Zones using KASP and inline-signed zones failed to apply
                        changes from the unsigned zone to the signed zone under
                        certain circumstances. This has been fixed. [GL #2735]

5687.   [bug]           "rndc reload <zonename>" could trigger a redundant
                        reload for an inline-signed zone whose zone file was not
                        modified since the last "rndc reload". This has been
                        fixed. [GL #2855]

5686.   [func]          The number of internal data structures allocated for
                        each zone was reduced. [GL #2829]

5685.   [bug]           named failed to check the opcode of responses when
                        performing zone refreshes, stub zone updates, and UPDATE
                        forwarding. This has been fixed. [GL #2762]

5684.   [func]          The DNS-over-HTTP (DoH) configuration syntax was
                        extended:
                        - The maximum number of active DoH connections can now
                          be set using the "http-listener-clients" option. The
                          default is 300.
                        - The maximum number of concurrent HTTP/2 streams per
                          connection can now be set using the
                          "http-streams-per-connection" option. The default is
                          100.
                        - Both of these values can also be set on a per-listener
                          basis using the "listener-clients" and
                          "streams-per-connection" parameters in an "http"
                          statement.
                        [GL #2809]

5683.   [bug]           The configuration-checking code now verifies HTTP paths.
                        [GL !5231]

5682.   [bug]           Some changes to "zone-statistics" settings were not
                        properly processed by "rndc reconfig". This has been
                        fixed. [GL #2820]

5681.   [func]          Relax the checks in the dns_zone_cdscheck() function to
                        allow CDS and CDNSKEY records in the zone that do not
                        match an existing DNSKEY record, as long as the
                        algorithm matches. This allows a clean rollover from one
                        provider to another in a multi-signer DNSSEC
                        configuration. [GL #2710]

5680.   [bug]           HTTP GET requests without query strings caused a crash
                        in DoH code. This has been fixed. [GL !5268]

5679.   [func]          Thread affinity is no longer set. [GL #2822]

5678.   [bug]           The "check DS" code failed to release all resources upon
                        named shutdown when a refresh was in progress. This has
                        been fixed. [GL #2811]

5677.   [func]          Previously, named accepted FORMERR responses both with
                        and without an OPT record, as an indication that a given
                        server did not support EDNS. To implement full
                        compliance with RFC 6891, only FORMERR responses without
                        an OPT record are now accepted. This intentionally
                        breaks communication with servers that do not support
                        EDNS and that incorrectly echo back the query message
                        with the RCODE field set to FORMERR and the QR bit set
                        to 1. [GL #2249]

5676.   [func]          Memory allocation has been substantially refactored; it
                        is now based on the memory allocation API provided by
                        the jemalloc library, which is a new optional build
                        dependency for BIND 9. [GL #2433]

5675.   [bug]           Compatibility with DoH clients has been improved by
                        ignoring the value of the "Accept" HTTP header.
                        [GL !5246]

5674.   [bug]           A shutdown hang was triggered by DoH clients prematurely
                        aborting HTTP/2 streams. This has been fixed. [GL !5245]

5673.   [func]          Add a new build-time option, --disable-doh, to allow
                        building BIND 9 without the libnghttp2 library.
                        [GL #2478]

5672.   [bug]           Authentication of rndc messages could fail if a
                        "controls" statement was configured with multiple key
                        algorithms for the same listener. This has been fixed.
                        [GL #2756]
        --- 9.17.16 released ---

5671.   [bug]           A race condition could occur where two threads were
                        competing for the same set of key file locks, leading to
                        a deadlock. This has been fixed. [GL #2786]

5670.   [bug]           create_keydata() created an invalid placeholder keydata
                        record upon a refresh failure, which prevented the
                        database of managed keys from subsequently being read
                        back. This has been fixed. [GL #2686]

5669.   [func]          KASP support was extended with the "check DS" feature.
                        Zones with "dnssec-policy" and "parental-agents"
                        configured now check for DS presence and can perform
                        automatic KSK rollovers. [GL #1126]

5668.   [bug]           Rescheduling a setnsec3param() task when a zone failed
                        to load on startup caused a hang on shutdown. This has
                        been fixed. [GL #2791]

5667.   [bug]           The configuration-checking code failed to account for
                        the inheritance rules of the "dnssec-policy" option.
                        This has been fixed. [GL #2780]

5666.   [doc]           The safe "edns-udp-size" value was tweaked to match the
                        probing value from BIND 9.16 for better compatibility.
                        [GL #2183]

5665.   [bug]           If nsupdate sends an SOA request and receives a REFUSED
                        response, it now fails over to the next available
                        server. [GL #2758]

5664.   [func]          For UDP messages larger than the path MTU, named now
                        sends an empty response with the TC (TrunCated) bit set.
                        In addition, setting the DF (Don't Fragment) flag on
                        outgoing UDP sockets was re-enabled. [GL #2790]

5663.   [bug]           Non-zero OPCODEs are now properly handled when receiving
                        queries over DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH)
                        channels. [GL #2787]

5662.   [bug]           Views with recursion disabled are now configured with a
                        default cache size of 2 MB unless "max-cache-size" is
                        explicitly set. This prevents cache RBT hash tables from
                        being needlessly preallocated for such views. [GL #2777]

5661.   [bug]           Change 5644 inadvertently introduced a deadlock: when
                        locking the key file mutex for each zone structure in a
                        different view, the "in-view" logic was not considered.
                        This has been fixed. [GL #2783]

5660.   [bug]           The configuration-checking code failed to account for
                        the inheritance rules of the "key-directory" option.
                        [GL #2778]

                        This change was included in BIND 9.17.15.

5659.   [bug]           When preparing DNS responses, named could replace the
                        letters 'W' (uppercase) and 'w' (lowercase) with '\000'.
                        This has been fixed. [GL #2779]

                        This change was included in BIND 9.17.15.

5658.   [bug]           Increasing "max-cache-size" for a running named instance
                        (using "rndc reconfig") did not cause the hash tables
                        used by cache databases to be grown accordingly. This
                        has been fixed. [GL #2770]

5657.   [cleanup]       Support was removed for both built-in atomics in old
                        versions of Clang (< 3.6.0) and GCC (< 4.7.0), and
                        atomics emulated with a mutex. [GL #2606]

5656.   [bug]           Named now ensures that large responses work correctly
                        over DNS-over-HTTPS (DoH), and that zone transfer
                        requests over DoH are explicitly rejected. [GL !5148]

5655.   [bug]           Signed, insecure delegation responses prepared by named
                        either lacked the necessary NSEC records or contained
                        duplicate NSEC records when both wildcard expansion and
                        CNAME chaining were required to prepare the response.
                        This has been fixed. [GL #2759]

5654.   [port]          Windows support has been removed. [GL #2690]

5653.   [bug]           A bug that caused the NSEC3 salt to be changed on every
                        restart for zones using KASP has been fixed. [GL #2725]
        --- 9.17.14 released ---

5652.   [bug]           A copy-and-paste error in change 5584 caused the
                        IP_DONTFRAG socket option to be enabled instead of
                        disabled. This has been fixed. [GL #2746]

5651.   [func]          Refactor zone dumping to be processed asynchronously via
                        the uv_work_t thread pool API. [GL #2732]

5650.   [bug]           Prevent a crash that could occur if serve-stale was
                        enabled and a prefetch was triggered during a query
                        restart. [GL #2733]

5649.   [bug]           If a query was answered with stale data on a server with
                        DNS64 enabled, an assertion could occur if a non-stale
                        answer arrived afterward. [GL #2731]

5648.   [bug]           The calculation of the estimated IXFR transaction size
                        in dns_journal_iter_init() was invalid. [GL #2685]

5647.   [func]          The interface manager has been refactored to use fewer
                        client manager objects, which in turn use fewer memory
                        contexts and tasks. This should result in less
                        fragmented memory and better startup performance.
                        [GL #2433]

5646.   [bug]           The default TCP timeout for rndc has been increased to
                        60 seconds. This was its original value, but it had been
                        inadvertently lowered to 10 when rndc was updated to use
                        the network manager. [GL #2643]

5645.   [cleanup]       Remove the rarely-used dns_name_copy() function and
                        rename dns_name_copynf() to dns_name_copy(). [GL !5081]

5644.   [bug]           Fix a race condition in reading and writing key files
                        for zones using KASP and configured in multiple views.
                        [GL #1875]

5643.   [placeholder]

5642.   [bug]           Zones which are configured in multiple views with
                        different values set for "dnssec-policy" and with
                        identical values set for "key-directory" are now
                        detected and treated as a configuration error.
                        [GL #2463]

5641.   [bug]           Address a potential memory leak in
                        dst_key_fromnamedfile(). [GL #2689]

5640.   [func]          Add new configuration options for setting the size of
                        receive and send buffers in the operating system:
                        "tcp-receive-buffer", "tcp-send-buffer",
                        "udp-receive-buffer", and "udp-send-buffer". [GL #2313]

5639.   [bug]           Check that the first and last SOA record of an AXFR are
                        consistent. [GL #2528]
        --- 9.17.13 released ---

5638.   [bug]           Improvements related to network manager/task manager
                        integration:
                        - isc_managers_create() and isc_managers_destroy()
                          functions were added to handle setup and teardown of
                          netmgr, taskmgr, timermgr, and socketmgr, since these
                          require a precise order of operations now.
                        - Event queue processing is now quantized to prevent
                          infinite looping.
                        - The netmgr can now be paused from within a netmgr
                          thread.
                        - Deadlocks due to a conflict between netmgr's
                          pause/resume and listen/stoplistening operations were
                          fixed.
                        [GL #2654]

5637.   [placeholder]

5636.   [bug]           named and named-checkconf did not report an error when
                        multiple zones with the "dnssec-policy" option set were
                        using the same zone file. This has been fixed.
                        [GL #2603]

5635.   [bug]           Journal compaction could fail when a journal with
                        invalid transaction headers was not detected at startup.
                        This has been fixed. [GL #2670]

5634.   [bug]           If "dnssec-policy" was active and a private key file was
                        temporarily offline during a rekey event, named could
                        incorrectly introduce replacement keys and break a
                        signed zone. This has been fixed. [GL #2596]

5633.   [doc]           The "inline-signing" option was incorrectly described as
                        being inherited from the "options"/"view" levels and was
                        incorrectly accepted at those levels without effect.
                        This has been fixed. [GL #2536]

5632.   [func]          Add a new built-in KASP, "insecure", which is used to
                        transition a zone from a signed to an unsigned state.
                        The existing built-in KASP "none" should no longer be
                        used to unsign a zone. [GL #2645]

5631.   [protocol]      Update the implementation of the ZONEMD RR type to match
                        RFC 8976. [GL #2658]

5630.   [func]          Treat DNSSEC responses containing NSEC3 records with
                        iteration counts greater than 150 as insecure.
                        [GL #2445]

5629.   [func]          Reduce the maximum supported number of NSEC3 iterations
                        that can be configured for a zone to 150. [GL #2642]

5628.   [bug]           Host and nslookup could crash upon receiving a SERVFAIL
                        response. This has been fixed. [GL #2564]

5627.   [bug]           RRSIG(SOA) RRsets placed anywhere other than at the zone
                        apex were triggering infinite resigning loops. This has
                        been fixed. [GL #2650]

5626.   [bug]           When generating zone signing keys, KASP now also checks
                        for key ID conflicts among newly created keys, rather
                        than just between new and existing ones. [GL #2628]

5625.   [bug]           A deadlock could occur when multiple "rndc addzone",
                        "rndc delzone", and/or "rndc modzone" commands were
                        invoked simultaneously for different zones. This has
                        been fixed. [GL #2626]

5624.   [func]          Task manager events are now processed inside network
                        manager loops. The task manager no longer needs its own
                        set of worker threads, which improves resolver
                        performance. [GL #2638]

5623.   [bug]           When named was shut down during an ongoing zone
                        transfer, xfrin_fail() could incorrectly be called
                        twice. This has been fixed. [GL #2630]

5622.   [cleanup]       The lib/samples/ directory has been removed, as export
                        versions of libraries are no longer maintained.
                        [GL !4835]

5621.   [placeholder]

5620.   [bug]           If zone journal files written by BIND 9.16.11 or earlier
                        were present when BIND was upgraded, the zone file for
                        that zone could have been inadvertently rewritten with
                        the current zone contents. This caused the original zone
                        file structure (e.g. comments, $INCLUDE directives) to
                        be lost, although the zone data itself was preserved.
                        This has been fixed. [GL #2623]

5619.   [protocol]      Implement draft-vandijk-dnsop-nsec-ttl, updating the
                        protocol such that NSEC(3) TTL values are set to the
                        minimum of the SOA MINIMUM value or the SOA TTL.
                        [GL #2347]

5618.   [bug]           Change 5149 introduced some inconsistencies in the way
                        record TTLs were presented in cache dumps. These
                        inconsistencies have been eliminated. [GL #389]
                        [GL #2289]
        --- 9.17.12 released ---

5617.   [placeholder]

5616.   [security]      named crashed when a DNAME record placed in the ANSWER
                        section during DNAME chasing turned out to be the final
                        answer to a client query. (CVE-2021-25215) [GL #2540]

5615.   [security]      Insufficient IXFR checks could result in named serving a
                        zone without an SOA record at the apex, leading to a
                        RUNTIME_CHECK assertion failure when the zone was
                        subsequently refreshed. This has been fixed by adding an
                        owner name check for all SOA records which are included
                        in a zone transfer. (CVE-2021-25214) [GL #2467]

5614.   [bug]           Ensure all resources are properly cleaned up when a call
                        to gss_accept_sec_context() fails. [GL #2620]

5613.   [bug]           It was possible to write an invalid transaction header
                        in the journal file for a managed-keys database after
                        upgrading. This has been fixed. Invalid headers in
                        existing journal files are detected and named is able
                        to recover from them. [GL #2600]

5612.   [bug]           Continued refactoring of the network manager:
                        - allow recovery from read and connect timeout events,
                        - ensure that calls to isc_nm_*connect() always
                          return the connection status via a callback
                          function.
                        [GL #2401]

5611.   [func]          Set "stale-answer-client-timeout" to "off" by default.
                        [GL #2608]

5610.   [bug]           Prevent a crash which could happen when a lookup
                        triggered by "stale-answer-client-timeout" was attempted
                        right after recursion for a client query finished.
                        [GL #2594]

5609.   [func]          The ISC implementation of SPNEGO was removed from BIND 9
                        source code. It was no longer necessary as all major
                        contemporary Kerberos/GSSAPI libraries include support
                        for SPNEGO. [GL #2607]

5608.   [bug]           When sending queries over TCP, dig now properly handles
                        "+tries=1 +retry=0" by not retrying the connection when
                        the remote server closes the connection prematurely.
                        [GL #2490]

5607.   [bug]           As "rndc dnssec -checkds" and "rndc dnssec -rollover"
                        commands may affect the next scheduled key event,
                        reconfiguration of zone keys is now triggered after
                        receiving either of these commands to prevent
                        unnecessary key rollover delays. [GL #2488]

5606.   [bug]           CDS/CDNSKEY DELETE records are now removed when a zone
                        transitions from a secure to an insecure state.
                        named-checkzone also no longer reports an error when
                        such records are found in an unsigned zone. [GL #2517]

5605.   [bug]           "dig -u" now uses the CLOCK_REALTIME clock source for
                        more accurate time reporting. [GL #2592]

5604.   [experimental]  A "filter-a.so" plugin, which is similar to the
                        "filter-aaaa.so" plugin but which omits A records
                        instead of AAAA records, has been added. Thanks to
                        GitLab user @treysis. [GL #2585]

5603.   [placeholder]

5602.   [bug]           Fix TCPDNS and TLSDNS timers in Network Manager. This
                        makes the "tcp-initial-timeout" and "tcp-idle-timeout"
                        options work correctly again. [GL #2583]

5601.   [bug]           Zones using KASP could not be thawed after they were
                        frozen using "rndc freeze". This has been fixed.
                        [GL #2523]

5600.   [bug]           Send a full certificate chain instead of just the leaf
                        certificate to DNS-over-TLS (DoT) and DNS-over-HTTPS
                        (DoH) clients. This makes BIND 9 DoT/DoH servers
                        compatible with a broader set of clients. [GL #2514]

5599.   [bug]           Fix a named crash which occurred after skipping a
                        primary server while transferring a zone over TLS.
                        [GL #2562]

5598.   [port]          Silence -Wchar-subscripts compiler warnings triggered on
                        some platforms due to calling character classification
                        functions declared in the <ctype.h> header with
                        arguments of type char. [GL #2567]
        --- 9.17.11 released ---

5597.   [bug]           When serve-stale was enabled and starting the recursive
                        resolution process for a query failed, a named instance
                        could crash if it was configured as both a recursive and
                        authoritative server. This problem was introduced by
                        change 5573 and has now been fixed. [GL #2565]

5596.   [func]          Client-side support for DNS-over-HTTPS (DoH) has been
                        added to dig. "dig +https" can now query a server via
                        HTTP/2. [GL #1641]

5595.   [cleanup]       Public header files for BIND 9 libraries no longer
                        directly include third-party library headers. This
                        prevents the need to include paths to third-party header
                        files in CFLAGS whenever BIND 9 public header files are
                        used, which could cause build-time issues on hosts with
                        older versions of BIND 9 installed. [GL #2357]

5594.   [bug]           Building with --enable-dnsrps --enable-dnsrps-dl failed.
                        [GL #2298]

5593.   [bug]           Journal files written by older versions of named can now
                        be read when loading zones, so that journal
                        incompatibility does not cause problems on upgrade.
                        Outdated journals are updated to the new format after
                        loading. [GL #2505]

5592.   [bug]           Prevent hazard pointer table overflows on machines with
                        many cores, by allowing the thread IDs (serving as
                        indices into hazard pointer tables) of finished threads
                        to be reused by those created later. [GL #2396]

5591.   [bug]           Fix a crash that occurred when
                        "stale-answer-client-timeout" was triggered without any
                        (stale) data available in the cache to answer the query.
                        [GL #2503]

5590.   [bug]           NSEC3 records were not immediately created for dynamic
                        zones using NSEC3 with "dnssec-policy", resulting in
                        such zones going bogus. Add code to process the
                        NSEC3PARAM queue at zone load time so that NSEC3 records
                        for such zones are created immediately. [GL #2498]

5589.   [placeholder]

5588.   [func]          Add a new "purge-keys" option for "dnssec-policy". This
                        option determines the period of time for which key files
                        are retained after they become obsolete. [GL #2408]

5587.   [bug]           A standalone libtool script no longer needs to be
                        present in PATH to build BIND 9 from a source tarball
                        prepared using "make dist". [GL #2504]

5586.   [bug]           An invalid direction field in a LOC record resulted in
                        an INSIST failure when a zone file containing such a
                        record was loaded. [GL #2499]

5585.   [func]          Memory contexts and memory pool implementations were
                        refactored to reduce lock contention for shared memory
                        contexts by replacing mutexes with atomic operations.
                        The internal memory allocator was simplified so that it
                        is only a thin wrapper around the system allocator. This
                        change made the "-M external" named option redundant and
                        it was therefore removed. [GL #2433]

5584.   [bug]           No longer set the IP_DONTFRAG option on UDP sockets, to
                        prevent dropping outgoing packets exceeding
                        "max-udp-size". [GL #2466]

5583.   [func]          Changes to DNS-over-HTTPS (DoH) configuration syntax:
                        - When "http" is specified in "listen-on" or
                          "listen-on-v6" statements, "tls" must also now be
                          specified. If an unencrypted connection is desired
                          (for example, when running behind a reverse proxy),
                          use "tls none".
                        - "http default" can now be specified in "listen-on" and
                          "listen-on-v6" statements to use the default HTTP
                          endpoint of "/dns-query". It is no longer necessary to
                          include an "http" statement in named.conf unless
                          overriding this value.
                        [GL #2472]

5582.   [bug]           BIND 9 failed to build when static OpenSSL libraries
                        were used and the pkg-config files for libssl and/or
                        libcrypto were unavailable. This has been fixed by
                        ensuring that the correct linking order for libssl and
                        libcrypto is always used. [GL #2402]

5581.   [bug]           Fix a memory leak that occurred when inline-signed zones
                        were added to the configuration, followed by a
                        reconfiguration of named. [GL #2041]

5580.   [test]          The system test framework no longer differentiates
                        between SKIPPED and UNTESTED system test results. Any
                        system test which is not run is now marked as SKIPPED.
                        [GL !4517]

5579.   [bug]           If an invalid key name (e.g. "a..b") was specified in a
                        primaries list in named.conf, the wrong size was passed
                        to isc_mem_put(), resulting in the returned memory being
                        put on the wrong free list. This prevented named from
                        starting up. [GL #2460]
        --- 9.17.10 released ---

5578.   [protocol]      Make "check-names" accept A records below "_spf",
                        "_spf_rate", and "_spf_verify" labels in order to cater
                        for the "exists" SPF mechanism specified in RFC 7208
                        section 5.7 and appendix D.1. [GL #2377]

5577.   [bug]           Fix the "three is a crowd" key rollover bug in KASP by
                        correctly implementing Equation (2) of the "Flexible and
                        Robust Key Rollover" paper. [GL #2375]

5576.   [experimental]  Initial server-side implementation of DNS-over-HTTPS
                        (DoH). Support for both TLS-encrypted and unencrypted
                        HTTP/2 connections has been added to the network manager
                        and integrated into named. (Note: there is currently no
                        client-side support for DNS-over-HTTPS; this will be
                        added to dig in a future release.) [GL #1144]

5575.   [bug]           When migrating to KASP, BIND 9 considered keys with the
                        "Inactive" and/or "Delete" timing metadata to be
                        possible active keys. This has been fixed. [GL #2406]

5574.   [func]          Incoming zone transfers can now use TLS. Addresses in a
                        "primaries" list take an optional "tls" argument,
                        specifying either a previously configured "tls" block or
                        "ephemeral"; SOA queries and zone transfer requests are
                        then sent via TLS. [GL #2392]

5573.   [func]          When serve-stale is enabled and stale data is available,
                        named now returns stale answers upon encountering any
                        unexpected error in the query resolution process.
                        However, the "stale-refresh-time" window is still only
                        started upon a timeout. [GL #2434]

5572.   [bug]           Address potential double free in generatexml().
                        [GL #2420]

5571.   [bug]           named failed to start when its configuration included a
                        zone with a non-builtin "allow-update" ACL attached.
                        [GL #2413]

5570.   [bug]           Improve performance of the DNSSEC verification code by
                        reducing the number of repeated calls to
                        dns_dnssec_keyfromrdata(). [GL #2073]

5569.   [bug]           Emit useful error message when "rndc retransfer" is
                        applied to a zone of inappropriate type. [GL #2342]

5568.   [bug]           Fixed a crash in "dnssec-keyfromlabel" when using ECDSA
                        keys. [GL #2178]

5567.   [bug]           Dig now reports unknown dash options while pre-parsing
                        the options. This prevents "-multi" instead of "+multi"
                        from reporting memory usage before ending option parsing
                        with "Invalid option: -lti". [GL #2403]

5566.   [func]          Add "stale-answer-client-timeout" option, which is the
                        amount of time a recursive resolver waits before
                        attempting to answer the query using stale data from
                        cache. [GL #2247]

5565.   [func]          The SONAMEs for BIND 9 libraries now include the current
                        BIND 9 version number, in an effort to tightly couple
                        internal libraries with a specific release. [GL #2387]

5564.   [cleanup]       Network manager's TLSDNS module was refactored to use
                        libuv and libssl directly instead of a stack of TCP/TLS
                        sockets. [GL #2335]

5563.   [cleanup]       Changed several obsolete configuration options to
                        ancient, making them fatal errors. Also cleaned up the
                        number of clause flags in the configuration parser.
                        [GL #1086]

5562.   [placeholder]

5561.   [bug]           KASP incorrectly set signature validity to the value of
                        the DNSKEY signature validity. This is now fixed.
                        [GL #2383]

5560.   [func]          The default value of "max-stale-ttl" has been changed
                        from 12 hours to 1 day and the default value of
                        "stale-answer-ttl" has been changed from 1 second to 30
                        seconds, following RFC 8767 recommendations. [GL #2248]
        --- 9.17.9 released ---

5559.   [bug]           The --with-maxminddb=PATH form of the build-time option
                        enabling support for libmaxminddb was not working
                        correctly. This has been fixed. [GL #2366]

5558.   [bug]           Asynchronous hook modules could trigger an assertion
                        failure when the fetch handle was detached too late.
                        Thanks to Jinmei Tatuya at Infoblox. [GL #2379]

5557.   [bug]           Prevent RBTDB instances from being destroyed by multiple
                        threads at the same time. [GL #2317]

5556.   [bug]           Further tweak newline printing in dnssec-signzone and
                        dnssec-verify. [GL #2359]

5555.   [placeholder]

5554.   [bug]           dnssec-signzone and dnssec-verify were missing newlines
                        between log messages. [GL #2359]

5553.   [bug]           When reconfiguring named, removing "auto-dnssec" did not
                        turn off DNSSEC maintenance. [GL #2341]

5552.   [func]          When switching to "dnssec-policy none;", named now
                        permits a safe transition to insecure mode and publishes
                        the CDS and CDNSKEY DELETE records, as described in RFC
                        8078. [GL #1750]

5551.   [bug]           named no longer attempts to assign threads to CPUs
                        outside the CPU affinity set. Thanks to Ole Bjørn
                        Hessen. [GL #2245]

5550.   [func]          dnssec-signzone and named now log a warning when falling
                        back to the "increment" SOA serial method. [GL #2058]

5549.   [protocol]      ipv4only.arpa is now served when DNS64 is configured.
                        [GL #385]

5548.   [placeholder]

5547.   [placeholder]
        --- 9.17.8 released ---

5546.   [placeholder]

5545.   [func]          OS support for load-balanced sockets is no longer
                        required to receive incoming queries in multiple netmgr
                        threads. [GL #2137]

5544.   [func]          Restore the default value of "nocookie-udp-size" to 4096
                        bytes. [GL #2250]

5543.   [bug]           Fix UDP performance issues caused by making netmgr
                        callbacks asynchronous-only. [GL #2320]

5542.   [bug]           Refactor netmgr. [GL #1920] [GL #2034] [GL #2061]
                        [GL #2194] [GL #2221] [GL #2266] [GL #2283] [GL #2318]
                        [GL #2321]

5541.   [func]          Adjust the "max-recursion-queries" default from 75 to
                        100. [GL #2305]

5540.   [port]          Fix building with native PKCS#11 support for AEP Keyper.
                        [GL #2315]

5539.   [bug]           Tighten handling of missing DNS COOKIE responses over
                        UDP by falling back to TCP. [GL #2275]

5538.   [func]          Add NSEC3 support to KASP. A new option for
                        "dnssec-policy", "nsec3param", can be used to set the
                        desired NSEC3 parameters. NSEC3 salt collisions are
                        automatically prevented during resalting. Salt
                        generation is now logged with zone context. [GL #1620]

5537.   [func]          The query plugin mechanism has been extended
                        to support asynchronous operations. For example, a
                        plugin can now trigger recursion and resume
                        processing when it is complete. Thanks to Jinmei
                        Tatuya at Infoblox. [GL #2141]

5536.   [func]          Dig can now report the DNS64 prefixes in use
                        (+dns64prefix). [GL #1154]

5535.   [bug]           dig/nslookup/host could crash on shutdown after an
                        interrupt. [GL #2287] [GL #2288]

5534.   [bug]           The CNAME synthesized from a DNAME was incorrectly
                        followed when the QTYPE was CNAME or ANY. [GL #2280]
        --- 9.17.7 released ---

5533.   [func]          Add the "stale-refresh-time" option, a time window that
                        starts after a failed lookup, during which a stale RRset
                        is served directly from cache before a new attempt to
                        refresh it is made. [GL #2066]

5532.   [cleanup]       Unused header files were removed:
                        bin/rndc/include/rndc/os.h, lib/isc/timer_p.h,
                        lib/isccfg/include/isccfg/dnsconf.h and code related
                        to those files. [GL #1913]

5531.   [func]          Add support for DNS over TLS (DoT) to dig and named.
                        dig output now includes the transport protocol used.
                        [GL #1816] [GL #1840]

5530.   [bug]           dnstap did not capture responses to forwarded UPDATE
                        requests. [GL #2252]

5529.   [func]          The network manager API is now used by named to send
                        zone transfer requests. [GL #2016]

5528.   [func]          Convert dig, host, and nslookup to use the network
                        manager API. As a side effect of this change, "dig
                        +unexpected" no longer works, and has been disabled.
                        [GL #2140]

5527.   [bug]           A NULL pointer dereference occurred when creating an NTA
                        recheck query failed. [GL #2244]

5526.   [bug]           Fix a race/NULL dereference in TCPDNS read. [GL #2227]

5525.   [placeholder]

5524.   [func]          Added functionality to the network manager to support
                        outgoing DNS queries in addition to incoming ones.
                        [GL #2235]

5523.   [bug]           The initial lookup in a zone transitioning to/from a
                        signed state could fail if the DNSKEY RRset was not
                        found. [GL #2236]

5522.   [bug]           Fixed a race/NULL dereference in TCPDNS send. [GL #2227]

5521.   [func]          All use of libltdl was dropped. libuv's shared library
                        handling interface is now used instead. [GL !4278]

5520.   [bug]           Fixed a number of shutdown races, reference counting
                        errors, and spurious log messages that could occur
                        in the network manager. [GL #2221]

5519.   [cleanup]       Unused source code was removed: lib/dns/dbtable.c,
                        lib/dns/portlist.c, lib/isc/bufferlist.c, and code
                        related to those files. [GL #2060]

5518.   [bug]           Stub zones now work correctly with primary servers using
                        "minimal-responses yes". [GL #1736]

5517.   [bug]           Do not treat UV_EOF as a TCP4RecvErr or a TCP6RecvErr.
                        [GL #2208]
        --- 9.17.6 released ---

5516.   [func]          The default EDNS buffer size has been changed from 4096
                        to 1232 bytes, the EDNS buffer size probing has been
                        removed, and named now sets the DF (Don't Fragment) flag
                        on outgoing UDP packets. [GL #2183]

5515.   [func]          Add 'rndc dnssec -rollover' command to trigger a manual
                        rollover for a specific key. [GL #1749]

5514.   [bug]           Fix KASP expected key size for Ed25519 and Ed448.
                        [GL #2171]

5513.   [doc]           The ARM section describing the "rrset-order" statement
                        was rewritten to make it unambiguous and up-to-date with
                        the source code. [GL #2139]

5512.   [bug]           "rrset-order" rules using "order none" were causing
                        named to crash despite named-checkconf treating them as
                        valid. [GL #2139]

5511.   [bug]           'dig -u +yaml' failed to display timestamps to the
                        microsecond. [GL #2190]

5510.   [bug]           Implement the attach/detach semantics for dns_message_t
                        to fix a data race in accessing an already-destroyed
                        fctx->rmessage. [GL #2124]

5509.   [bug]           filter-aaaa: named crashed upon shutdown if it was in
                        the process of recursing for A RRsets. [GL #1040]

5508.   [func]          Added new parameter "-expired" for "rndc dumpdb" that
                        also prints expired RRsets (awaiting cleanup) to the
                        dump file. [GL #1870]

5507.   [bug]           Named could compute incorrect SIG(0) responses.
                        [GL #2109]

5506.   [bug]           Properly handle failed sysconf() calls, so we don't
                        report invalid memory size. [GL #2166]

5505.   [bug]           Updating contents of a mixed-case RPZ could cause some
                        rules to be ignored. [GL #2169]

5504.   [func]          The "glue-cache" option has been marked as deprecated.
                        The glue cache feature will be permanently enabled in a
                        future release. [GL #2146]

5503.   [bug]           Cleaned up reference counting of network manager
                        handles, now using isc_nmhandle_attach() and _detach()
                        instead of _ref() and _unref(). [GL #2122]
        --- 9.17.5 released ---

5502.   [func]          'dig +bufsize=0' no longer disables EDNS. [GL #2054]

5501.   [func]          Log CDS/CDNSKEY publication. [GL #1748]

5500.   [bug]           Fix (non-)publication of CDS and CDNSKEY records.
                        [GL #2103]

5499.   [func]          Add '-P ds' and '-D ds' arguments to dnssec-settime.
                        [GL #1748]

5498.   [test]          The --with-gperftools-profiler configure option was
                        removed. [GL !4045]

5497.   [placeholder]

5496.   [bug]           Address a TSAN report by ensuring each rate limiter
                        object holds a reference to its task. [GL #2081]

5495.   [bug]           With query minimization enabled, named failed to
                        resolve ip6.arpa. names that had extra labels to the
                        left of the IPv6 part. [GL #1847]

5494.   [bug]           Silence the EPROTO syslog message on older systems.
                        [GL #1928]

5493.   [bug]           Fix off-by-one error when calculating new hash table
                        size. [GL #2104]

5492.   [bug]           Tighten LOC parsing to reject a period (".") and/or "m"
                        as a value. Fix handling of negative altitudes which are
                        not whole meters. [GL #2074]

5491.   [bug]           rbtversion->glue_table_size could be read without the
                        appropriate lock being held. [GL #2080]

5490.   [func]          Refactor readline support to use pkg-config and add
                        support for the editline library. [GL !3942]

5489.   [bug]           Named erroneously accepted certain invalid resource
                        records that were incorrectly processed after
                        subsequently being written to disk and loaded back, as
                        the wire format differed. Such records include: CERT,
                        IPSECKEY, NSEC3, NSEC3PARAM, NXT, SIG, TLSA, WKS, and
                        X25. [GL !3953]

5488.   [bug]           NTA code needed to have a weak reference on its
                        associated view to prevent the latter from being deleted
                        while NTA tests were being performed. [GL #2067]

5487.   [cleanup]       Update managed keys log messages to be less confusing.
                        [GL #2027]

5486.   [func]          Add 'rndc dnssec -checkds' command, which signals to
                        named that the DS record for a given zone or key has
                        been updated in the parent zone. [GL #1613]
        --- 9.17.4 released ---

5485.   [placeholder]

5484.   [func]          Expire zero TTL records quickly rather than using them
                        for stale answers. [GL #1829]

5483.   [func]          Keeping "stale" answers in cache has been disabled by
                        default and can be re-enabled with a new configuration
                        option "stale-cache-enable". [GL #1712]

5482.   [bug]           If the Duplicate Address Detection (DAD) mechanism had
                        not yet finished after adding a new IPv6 address to the
                        system, BIND 9 would fail to bind to IPv6 addresses in a
                        tentative state. [GL #2038]

5481.   [security]      "update-policy" rules of type "subdomain" were
                        incorrectly treated as "zonesub" rules, which allowed
                        keys used in "subdomain" rules to update names outside
                        of the specified subdomains. The problem was fixed by
                        making sure "subdomain" rules are again processed as
                        described in the ARM. (CVE-2020-8624) [GL #2055]

5480.   [security]      When BIND 9 was compiled with native PKCS#11 support, it
                        was possible to trigger an assertion failure in code
                        determining the number of bits in the PKCS#11 RSA public
                        key with a specially crafted packet. (CVE-2020-8623)
                        [GL #2037]

5479.   [security]      named could crash in certain query resolution scenarios
                        where QNAME minimization and forwarding were both
                        enabled. (CVE-2020-8621) [GL #1997]

5478.   [security]      It was possible to trigger an assertion failure by
                        sending a specially crafted large TCP DNS message.
                        (CVE-2020-8620) [GL #1996]

5477.   [bug]           The idle timeout for connected TCP sockets, which was
                        previously set to a high fixed value, is now derived
                        from the client query processing timeout configured for
                        a resolver. [GL #2024]

5476.   [security]      It was possible to trigger an assertion failure when
                        verifying the response to a TSIG-signed request.
                        (CVE-2020-8622) [GL #2028]

5475.   [bug]           Wildcard RPZ passthru rules could incorrectly be
                        overridden by other rules that were loaded from RPZ
                        zones which appeared later in the "response-policy"
                        statement. This has been fixed. [GL #1619]

5474.   [bug]           dns_rdata_hip_next() failed to return ISC_R_NOMORE
                        when it should have. [GL !3880]

5473.   [func]          The RBT hash table implementation has been changed
                        to use a faster hash function (HalfSipHash2-4) and
                        Fibonacci hashing for better distribution. Setting
                        "max-cache-size" now preallocates a fixed-size hash
                        table so that rehashing does not cause resolution
                        brownouts while the hash table is grown. [GL #1775]

5472.   [func]          The statistics channel has been updated to use the
                        new network manager. [GL #2022]

5471.   [bug]           The introduction of KASP support inadvertently caused
                        the second field of "sig-validity-interval" to always be
                        calculated in hours, even in cases when it should have
                        been calculated in days. This has been fixed. (Thanks to
                        Tony Finch.) [GL !3735]

5470.   [port]          gsskrb5_register_acceptor_identity() is now only called
                        if gssapi_krb5.h is present. [GL #1995]

5469.   [port]          On illumos, a constant called SEC is already defined in
                        <sys/time.h>, which conflicts with an identically named
                        constant in libbind9. This conflict has been resolved.
                        [GL #1993]

5468.   [bug]           Addressed potential double unlock in process_fd().
                        [GL #2005]

5467.   [func]          The control channel and the rndc utility have been
                        updated to use the new network manager. To support
                        this, the network manager was updated to enable
                        the initiation of client TCP connections. Its
                        internal reference counting has been refactored.

                        Note: As a side effect of this change, rndc cannot
                        currently be used with UNIX-domain sockets, and its
                        default timeout has changed from 60 seconds to 30.
                        These will be addressed in a future release.
                        [GL #1759]

5466.   [bug]           Addressed an error in recursive clients stats reporting.
                        [GL #1719]

5465.   [func]          Added fallback to built-in trust-anchors, managed-keys,
                        or trusted-keys if the bindkeys-file (bind.keys) cannot
                        be parsed. [GL #1235]

5464.   [bug]           Requesting more than 128 files to be saved when rolling
                        dnstap log files caused a buffer overflow. This has been
                        fixed. [GL #1989]

5463.   [placeholder]

5462.   [bug]           Move LMDB locking from LMDB itself to named. [GL #1976]

5461.   [bug]           The STALE rdataset header attribute was updated while
                        the write lock was not being held, leading to incorrect
                        statistics. The header attributes are now converted to
                        use atomic operations. [GL #1475]

5460.   [cleanup]       tsig-keygen was previously an alias for
                        ddns-confgen and was documented in the ddns-confgen
                        man page. This has been reversed; tsig-keygen is
                        now the primary name. [GL #1998]

5459.   [bug]           Fixed bad isc_mem_put() size when an invalid type was
                        specified in an "update-policy" rule. [GL #1990]
        --- 9.17.3 released ---

5458.   [bug]           Prevent a theoretically possible NULL dereference caused
                        by a data race between zone_maintenance() and
                        dns_zone_setview_helper(). [GL #1627]

5457.   [placeholder]

5456.   [func]          Added "primaries" as a synonym for "masters" in
                        named.conf, and "primary-only" as a synonym for
                        "master-only" in the parameters to "notify", to bring
                        terminology up-to-date with RFC 8499. [GL #1948]

5455.   [bug]           named could crash when cleaning dead nodes in
                        lib/dns/rbtdb.c that were being reused. [GL #1968]

5454.   [bug]           Address a startup crash that occurred when the server
                        was under load and the root zone had not yet been
                        loaded. [GL #1862]

5453.   [bug]           named crashed on shutdown when a new rndc connection was
                        received during shutdown. [GL #1747]

5452.   [bug]           The "blackhole" ACL was accidentally disabled for client
                        queries. [GL #1936]

5451.   [func]          Add 'rndc dnssec -status' command. [GL #1612]

5450.   [placeholder]

5449.   [bug]           Fix a socket shutdown race in netmgr udp. [GL #1938]

5448.   [bug]           Fix a race condition in isc__nm_tcpdns_send().
                        [GL #1937]

5447.   [bug]           IPv6 addresses ending in "::" could break YAML
                        parsing. A "0" is now appended to such addresses
                        in YAML output from dig, mdig, delv, and dnstap-read.
                        [GL #1952]

5446.   [bug]           The validator could fail to accept a properly signed
                        RRset if an unsupported algorithm appeared earlier in
                        the DNSKEY RRset than a supported algorithm. It could
                        also stop if it detected a malformed public key.
                        [GL #1689]

5445.   [cleanup]       Disable and disallow static linking. [GL #1933]

5444.   [bug]           'rndc dnstap -roll <value>' did not limit the number of
                        saved files to <value>. [GL !3728]

5443.   [bug]           The "primary" and "secondary" keywords, when used
                        as parameters for "check-names", were not
                        processed correctly and were being ignored. [GL #1949]

5442.   [func]          Add support for outgoing TCP connections in netmgr.
                        [GL #1958]

5441.   [placeholder]

5440.   [placeholder]

5439.   [bug]           The DS RRset returned by dns_keynode_dsset() was used in
                        a non-thread-safe manner. [GL #1926]
        --- 9.17.2 released ---

5438.   [bug]           Fix a race in TCP accepting code. [GL #1930]

5437.   [bug]           Fix a data race in lib/dns/resolver.c:log_formerr().
                        [GL #1808]

5436.   [security]      It was possible to trigger an INSIST when determining
                        whether a record would fit into a TCP message buffer.
                        (CVE-2020-8618) [GL #1850]

5435.   [tests]         Add RFC 4592 responses examples to the wildcard system
                        test. [GL #1718]

5434.   [security]      It was possible to trigger an INSIST in
                        lib/dns/rbtdb.c:new_reference() with a particular zone
                        content and query patterns. (CVE-2020-8619) [GL #1111]
                        [GL #1718]

5433.   [placeholder]

5432.   [bug]           Check the question section when processing AXFR, IXFR,
                        and SOA replies when transferring a zone in. [GL #1683]

5431.   [func]          Reject DS records at the zone apex when loading
                        master files. Log but otherwise ignore attempts to
                        add DS records at the zone apex via UPDATE. [GL #1798]

5430.   [doc]           Update docs - with netmgr, a separate listening socket
                        is created for each IPv6 interface (just as with IPv4).
                        [GL #1782]

5429.   [cleanup]       Move BIND binaries which are neither daemons nor
                        administrative programs to $bindir. [GL #1724]

5428.   [bug]           Clean up GSSAPI resources in nsupdate only after taskmgr
                        has been destroyed. Thanks to Petr Menšík. [GL !3316]

5427.   [placeholder]

5426.   [bug]           Don't abort() when setting SO_INCOMING_CPU on the socket
                        fails. [GL #1911]

5425.   [func]          The default value of "max-stale-ttl" has been changed
                        from 1 week to 12 hours. [GL #1877]

5424.   [bug]           With KASP, when creating a successor key, the "goal"
                        state of the current active key (predecessor) was not
                        changed and thus never removed from the zone. [GL #1846]

5423.   [bug]           Fix a bug in keymgr_key_has_successor(): it incorrectly
                        returned true if any other key in the keyring had a
                        successor. [GL #1845]

5422.   [bug]           When using dnssec-policy, print correct key timing
                        metadata. [GL #1843]

5421.   [bug]           Fix a race that could cause named to crash when looking
                        up the nodename of an RBT node if the tree was modified.
                        [GL #1857]

5420.   [bug]           Add missing isc_{mutex,conditional}_destroy() calls
                        that caused a memory leak on FreeBSD. [GL #1893]

5419.   [func]          Add new dig command line option, "+qid=<num>", which
                        allows the query ID to be set to an arbitrary value.
                        Add a new ./configure option, --enable-singletrace,
                        which allows trace logging of a single query when QID is
                        set to 0. [GL #1851]

5418.   [bug]           delv failed to parse deprecated trusted-keys-style
                        trust anchors. [GL #1860]

5417.   [cleanup]       The code determining the advertised UDP buffer size in
                        outgoing EDNS queries has been refactored to improve its
                        clarity. [GL #1868]

5416.   [bug]           Fix a lock order inversion in lib/isc/unix/socket.c.
                        [GL #1859]

5415.   [test]          Address race in dnssec system test that led to
                        test failures. [GL #1852]

5414.   [test]          Adjust time allowed for journal truncation to occur
                        in nsupdate system test to avoid test failure.
                        [GL #1855]

5413.   [test]          Address race in autosign system test that led to
                        test failures. [GL #1852]

5412.   [bug]           'provide-ixfr no;' failed to return up-to-date responses
                        when the serial was greater than or equal to the
                        current serial. [GL #1714]

5411.   [cleanup]       TCP accept code has been refactored to use a single
                        accept() and pass the accepted socket to child threads
                        for processing. [GL !3320]

5410.   [func]          Add the ability to specify per-type record count limits,
                        which are enforced when adding records via UPDATE, in an
                        "update-policy" statement. [GL #1657]

5409.   [performance]   When looking up NSEC3 data in a zone database, skip the
                        check for empty non-terminal nodes; the NSEC3 tree does
                        not have any. [GL #1834]

5408.   [protocol]      Print Extended DNS Errors if present in OPT record.
                        [GL #1835]

5407.   [func]          Zone timers are now exported via statistics channel.
                        Thanks to Paul Frieden, Verizon Media. [GL #1232]

5406.   [func]          Add a new logging category, "rpz-passthru", which allows
                        RPZ passthru actions to be logged in a separate channel.
                        [GL #54]

5405.   [bug]           'named-checkconf -p' could include spurious text in
                        server-addresses statements due to an uninitialized DSCP
                        value. [GL #1812]

5404.   [bug]           'named-checkconf -z' could incorrectly indicate
                        success if errors were found in one view but not in a
                        subsequent one. [GL #1807]

5403.   [func]          Do not set UDP receive/send buffer sizes - use system
                        defaults. [GL #1713]

5402.   [bug]           On FreeBSD, use SO_REUSEPORT_LB instead of SO_REUSEPORT.
                        Enable use of SO_REUSEADDR on all platforms which
                        support it. [GL !3365]

5401.   [bug]           The number of input queues allocated during dnstap
                        initialization was too low, which could prevent some
                        dnstap data from being logged. [GL #1795]

5400.   [func]          Add engine support to OpenSSL EdDSA implementation.
                        [GL #1763]

5399.   [func]          Add engine support to OpenSSL ECDSA implementation.
                        [GL #1534]

5398.   [bug]           Named could fail to restart if a zone with a double
                        quote (") in its name was added with 'rndc addzone'.
                        [GL #1695]

5397.   [func]          Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.
                        Thanks to Aaron Thompson. [GL !3326]

5396.   [func]          When necessary (i.e. in libuv >= 1.37), use the
                        UV_UDP_RECVMMSG flag to enable recvmmsg() support in
                        libuv. [GL #1797]

5395.   [security]      Further limit the number of queries that can be
                        triggered from a request.  Root and TLD servers
                        are no longer exempt from max-recursion-queries.
                        Fetches for missing name server address records
                        are limited to 4 for any domain. (CVE-2020-8616)
                        [GL #1388]

5394.   [cleanup]       Named formerly attempted to change the effective UID and
                        GID in named_os_openfile(), which could trigger a
                        spurious log message if they were already set to the
                        desired values. This has been fixed. [GL #1042]
                        [GL #1090]

5393.   [cleanup]       Unused and/or redundant APIs were removed from libirs.
                        [GL #1758]

5392.   [bug]           It was possible for named to crash during shutdown
                        or reconfiguration if an RPZ zone was still being
                        updated. [GL #1779]

5391.   [func]          The BIND 9 build system has been changed to use a
                        typical autoconf+automake+libtool stack. When building
                        from the Git repository, run "autoreconf -fi" first.
                        [GL #4]

5390.   [security]      Replaying a TSIG BADTIME response as a request could
                        trigger an assertion failure. (CVE-2020-8617)
                        [GL #1703]

5389.   [bug]           Finish PKCS#11 code cleanup, fix a couple of smaller
                        bugs and use PKCS#11 v3.0 EdDSA macros and constants.
                        Thanks to Aaron Thompson. [GL !3391]

5388.   [func]          Reject AXFR streams where the message ID is not
                        consistent. [GL #1674]

5387.   [placeholder]

5386.   [cleanup]       Address Coverity warnings in lib/dns/keymgr.c.
                        [GL #1737]

5385.   [func]          Make ISC rwlock implementation the default again.
                        [GL #1753]

5384.   [bug]           With "dnssec-policy" in effect, "inline-signing" was
                        implicitly set to "yes". Now "inline-signing" is only
                        set to "yes" if the zone is not dynamic. [GL #1709]
        --- 9.17.1 released ---

5383.   [func]          Add a quota attach function with a callback and clean up
                        the isc_quota API. [GL !3280]

5382.   [bug]           Use clock_gettime() instead of gettimeofday() for
                        isc_stdtime() function. [GL #1679]

5381.   [bug]           Fix logging API data race by adding rwlock and caching
                        logging levels in stdatomic variables to restore
                        performance to original levels. [GL #1675] [GL #1717]

5380.   [contrib]       Fix building MySQL DLZ modules against MySQL 8
                        libraries. [GL #1678]

5379.   [placeholder]

5378.   [bug]           Receiving invalid DNS data was triggering an assertion
                        failure in nslookup. [GL #1652]

5377.   [placeholder]

5376.   [bug]           Fix ineffective DNS rebinding protection when BIND is
                        configured as a forwarding DNS server. Thanks to Tobias
                        Klein. [GL #1574]

5375.   [test]          Fix timing issues in the "kasp" system test. [GL #1669]

5374.   [bug]           Statistics counters tracking recursive clients and
                        active connections could underflow. [GL #1087]

5373.   [bug]           Collecting statistics for DNSSEC signing operations
                        (change 5254) caused an array of significant size (over
                        100 kB) to be allocated for each configured zone. Each
                        of these arrays is tracking all possible key IDs; this
                        could trigger an out-of-memory condition on servers with
                        a high enough number of zones configured. Fixed by
                        tracking up to four keys per zone and rotating counters
                        when keys are replaced. This fixes the immediate problem
                        of high memory usage, but should be improved in a future
                        release by growing or shrinking the number of keys to
                        track upon key rollover events. [GL #1179]

5372.   [bug]           Fix migration from existing DNSSEC key files
                        ("auto-dnssec maintain") to "dnssec-policy". [GL #1706]

5371.   [bug]           Improve incremental updates of the RPZ summary
                        database to reduce delays that could occur when
                        a policy zone update included a large number of
                        record deletions. [GL #1447]

5370.   [bug]           Deactivation of a netmgr handle associated with a
                        socket could be skipped in some circumstances.
                        Fixed by deactivating the netmgr handle before
                        scheduling the asynchronous close routine. [GL #1700]

5369.   [func]          Add the ability to specify whether to wait for
                        nameserver domain names to be looked up, with a new RPZ
                        modifying directive 'nsdname-wait-recurse'. [GL #1138]

5368.   [bug]           Named failed to restart if 'rndc addzone' names
                        contained special characters (e.g. '/'). [GL #1655]

5367.   [placeholder]
        --- 9.17.0 released ---

5366.   [bug]           Fix a race condition with the keymgr when the same
                        zone plus dnssec-policy is configured in multiple
                        views. [GL #1653]

5365.   [bug]           Algorithm rollover was stuck on submitting DS
                        because keymgr thought it would move to an invalid
                        state.  Fixed by checking the current key against
                        the desired state, not the existing state. [GL #1626]

5364.   [bug]           Algorithm rollover waited too long before introducing
                        zone signatures.  It waited to make sure all signatures
                        were regenerated, but when introducing a new algorithm,
                        all signatures are regenerated immediately.  Only
                        add the sign delay if there is a predecessor key.
                        [GL #1625]

5363.   [bug]           When changing a dnssec-policy, existing keys with
                        properties that no longer match were not being retired.
                        [GL #1624]

5362.   [func]          Limit the size of IXFR responses so that AXFR will
                        be used instead if it would be smaller. This is
                        controlled by the "max-ixfr-ratio" option, which
                        is a percentage representing the ratio of IXFR size
                        to the size of the entire zone. This value cannot
                        exceed 100%, which is the default. [GL #1515]

5361.   [bug]           named might not accept new connections after
                        hitting tcp-clients quota. [GL #1643]

5360.   [bug]           delv could fail to load trust anchors in DNSKEY
                        format. [GL #1647]

5359.   [func]          "rndc nta -d" and "rndc secroots" now include
                        "validate-except" entries when listing negative
                        trust anchors. These are indicated by the keyword
                        "permanent" in place of an expiry date. [GL #1532]

5358.   [bug]           Inline master zones whose master files were touched
                        but otherwise unchanged and were subsequently reloaded
                        may have stopped re-signing. [GL !3135]

5357.   [bug]           Newly added RRSIG records with expiry times before
                        the previous earliest expiry times might not be
                        re-signed in time.  This was a side effect of 5315.
                        [GL !3137]

5356.   [func]          Update dnssec-policy configuration statements:
                        - Rename "zone-max-ttl" dnssec-policy option to
                          "max-zone-ttl" for consistency with the existing
                          zone option.
                        - Allow for "lifetime unlimited" as a synonym for
                          "lifetime PT0S".
                        - Make "key-directory" optional.
                        - Warn if specifying a key length does not make
                          sense; fail if key length is out of range for
                          the algorithm.
                        - Allow use of mnemonics when specifying key
                          algorithm (e.g. "rsasha256", "ecdsa384", etc.).
                        - Make ISO 8601 durations case-insensitive.
                        [GL #1598]

5355.   [func]          What was set with --with-tuning=large option in
                        older BIND9 versions is now a default, and
                        a --with-tuning=small option was added for small
                        (e.g. OpenWRT) systems. [GL !2989]

5354.   [bug]           dnssec-policy created new KSK keys for zones in the
                        initial stage of signing (with the DS not yet in the
                        rumoured or omnipresent states).  Fix by checking the
                        key goals rather than the active state when determining
                        whether new keys are needed. [GL #1593]

5353.   [doc]           Document port and dscp parameters in forwarders
                        configuration option. [GL #914]

5352.   [bug]           Correctly handle catalog zone entries containing
                        characters that aren't legal in filenames. [GL #1592]

5351.   [bug]           CDS / CDNSKEY consistency checks failed to handle
                        removal records. [GL #1554]

5350.   [bug]           When a view was configured with class CHAOS, the
                        server could crash while processing a query for a
                        non-existent record. [GL #1540]

5349.   [bug]           Fix a race in task_pause/unpause. [GL #1571]

5348.   [bug]           dnssec-settime -Psync was not being honoured.
                        Thanks to Tony Finch. [GL !2893]
        --- 9.15.8 released ---

5347.   [bug]           Fixed a bug that could cause an intermittent crash
                        in validator.c when validating a negative cache
                        entry. [GL #1561]

5346.   [bug]           Make hazard pointer array allocations dynamic, fixing
                        a bug that caused named to crash on machines with more
                        than 40 cores. [GL #1493]

5345.   [func]          Key-style trust anchors and DS-style trust anchors
                        can now both be used for the same name. [GL #1237]

5344.   [bug]           Handle accept() errors properly in netmgr. [GL !2880]

5343.   [func]          Add statistics counters to the netmgr. [GL #1311]

5342.   [bug]           Disable pktinfo for IPv6 and bind to each interface
                        explicitly instead, because libuv doesn't support
                        pktinfo control messages. [GL #1558]

5341.   [func]          Simplify passing the bound TCP socket to child
                        threads by using isc_uv_export/import functions.
                        [GL !2825]

5340.   [bug]           Don't deadlock when binding to a TCP socket fails.
                        [GL #1499]

5339.   [bug]           With some libmaxminddb versions, named could erroneously
                        match an IP address not belonging to any subnet defined
                        in a given GeoIP2 database to one of the existing
                        entries in that database. [GL #1552]

5338.   [bug]           Fix line spacing in `rndc secroots`.
                        Thanks to Tony Finch. [GL !2478]

5337.   [func]          'named -V' now reports maxminddb and protobuf-c
                        versions. [GL !2686]
        --- 9.15.7 released ---

5336.   [bug]           The TCP high-water statistic could report an
                        incorrect value on startup. [GL #1392]

5335.   [func]          Make TCP listening code multithreaded. [GL !2659]

5334.   [doc]           Update documentation with dnssec-policy clarifications.
                        Also change some defaults. [GL !2711]

5333.   [bug]           Fix duration printing on Solaris when value is not
                        an ISO 8601 duration. [GL #1460]

5332.   [func]          Renamed "dnssec-keys" configuration statement
                        to the more descriptive "trust-anchors". [GL !2702]

5331.   [func]          Use compiler-provided mechanisms for thread local
                        storage, and make the requirement for such mechanisms
                        explicit in configure. [GL #1444]

5330.   [bug]           'configure --without-python' was ineffective if
                        PYTHON was set in the environment. [GL #1434]

5329.   [bug]           Reconfiguring named caused memory to be leaked when any
                        GeoIP2 database was in use. [GL #1445]

5328.   [bug]           rbtdb.c:rdataset_{get,set}ownercase failed to obtain
                        a node lock. [GL #1417]

5327.   [func]          Added a statistics counter to track queries
                        dropped because the recursive-clients quota was
                        exceeded. [GL #1399]

5326.   [bug]           Add Python dependency on 'distutils.core' to configure.
                        'distutils.core' is required for installation.
                        [GL #1397]

5325.   [bug]           Addressed several issues with TCP connections in
                        the netmgr: restored support for TCP connection
                        timeouts, restored TCP backlog support, actively
                        close all open sockets during shutdown. [GL #1312]

5324.   [bug]           Change the category of some log messages from general
                        to the more appropriate catergory of xfer-in. [GL #1394]

5323.   [bug]           Fix a bug in DNSSEC trust anchor verification.
                        [GL !2609]

5322.   [placeholder]

5321.   [bug]           Obtain write lock before updating version->records
                        and version->bytes. [GL #1341]

5320.   [cleanup]       Silence TSAN on header->count. [GL #1344]
        --- 9.15.6 released ---

5319.   [func]          Trust anchors can now be configured using DS
                        format to represent a key digest, by using the
                        new "initial-ds" or "static-ds" keywords in
                        the "dnssec-keys" statement.

                        Note: DNSKEY-format and DS-format trust anchors
                        cannot both be used for the same domain name.
                        [GL #622]

5318.   [cleanup]       The DNSSEC validation code has been refactored
                        for clarity and to reduce code duplication.
                        [GL #622]

5317.   [func]          A new asynchronous network communications system
                        based on libuv is now used for listening for
                        incoming requests and responding to them. (The
                        old isc_socket API remains in use for sending
                        iterative queries and processing responses; this
                        will be changed too in a later release.)

                        This change will make it easier to improve
                        performance and implement new protocol layers
                        (e.g., DNS over TLS) in the future. [GL #29]

5316.   [func]          A new "dnssec-policy" option has been added to
                        named.conf to implement a key and signing policy
                        (KASP) for zones. When this option is in use,
                        named can generate new keys as needed and
                        automatically roll both ZSK and KSK keys. (Note
                        that the syntax for this statement differs from
                        the dnssec policy used by dnssec-keymgr.)

                        See the ARM for configuration details. [GL #1134]

5315.   [bug]           Apply the initial RRSIG expiration spread fixed
                        to all dynamically created records in the zone
                        including NSEC3. Also fix the signature clusters
                        when the server has been offline for prolonged
                        period of times. [GL #1256]

5314.   [func]          Added a new statistics variable "tcp-highwater"
                        that reports the maximum number of simultaneous TCP
                        clients BIND has handled while running. [GL #1206]

5313.   [bug]           The default GeoIP2 database location did not match
                        the ARM.  'named -V' now reports the default
                        location. [GL #1301]

5312.   [bug]           Do not flush the cache for `rndc validation status`.
                        Thanks to Tony Finch. [GL !2462]

5311.   [cleanup]       Include all views in output of `rndc validation status`.
                        Thanks to Tony Finch. [GL !2461]

5310.   [bug]           TCP failures were affecting EDNS statistics. [GL #1059]

5309.   [placeholder]

5308.   [bug]           Don't log DNS_R_UNCHANGED from sync_secure_journal()
                        at ERROR level in receive_secure_serial(). [GL #1288]

5307.   [bug]           Fix hang when named-compilezone output is sent to pipe.
                        Thanks to Tony Finch. [GL !2481]

5306.   [security]      Set a limit on number of simultaneous pipelined TCP
                        queries. (CVE-2019-6477) [GL #1264]

5305.   [bug]           NSEC Aggressive Cache ("synth-from-dnssec") has been
                        disabled by default because it was found to have
                        a significant performance impact on the recursive
                        service. [GL #1265]

5304.   [bug]           "dnskey-sig-validity 0;" was not being accepted.
                        [GL #876]

5303.   [placeholder]

5302.   [bug]           Fix checking that "dnstap-output" is defined when
                        "dnstap" is specified in a view. [GL #1281]

5301.   [bug]           Detect partial prefixes / incomplete IPv4 address in
                        acls. [GL #1143]

5300.   [bug]           dig/mdig/delv: Add a colon after EDNS option names,
                        even when the option is empty, to improve
                        readability and allow correct parsing of YAML
                        output. [GL #1226]
        --- 9.15.5 released ---

5299.   [security]      A flaw in DNSSEC verification when transferring
                        mirror zones could allow data to be incorrectly
                        marked valid. (CVE-2019-6475) [GL #1252]

5298.   [security]      Named could assert if a forwarder returned a
                        referral, rather than resolving the query, when QNAME
                        minimization was enabled. (CVE-2019-6476) [GL #1051]

5297.   [bug]           Check whether a previous QNAME minimization fetch
                        is still running before starting a new one; return
                        SERVFAIL and log an error if so. [GL #1191]

5296.   [placeholder]

5295.   [cleanup]       Split dns_name_copy() calls into dns_name_copy() and
                        dns_name_copynf() for those calls that can potentially
                        fail and those that should not fail respectively.
                        [GL !2265]

5294.   [func]          Fallback to ACE name on output in locale, which does not
                        support converting it to unicode.  [GL #846]

5293.   [bug]           On Windows, named crashed upon any attempt to fetch XML
                        statistics from it. [GL #1245]

5292.   [bug]           Queue 'rndc nsec3param' requests while signing inline
                        zone changes. [GL #1205]
        --- 9.15.4 released ---

5291.   [placeholder]

5290.   [placeholder]

5289.   [bug]           Address NULL pointer dereference in rpz.c:rpz_detach.
                        [GL #1210]

5288.   [bug]           dnssec-must-be-secure was not always honored.
                        [GL #1209]

5287.   [placeholder]

5286.   [contrib]       Address potential NULL pointer dereferences in
                        dlz_mysqldyn_mod.c. [GL #1207]

5285.   [port]          win32: implement "-T maxudpXXX". [GL #837]

5284.   [func]          Added +unexpected command line option to dig.
                        By default, dig won't accept a reply from a source
                        other than the one to which it sent the query.
                        Invoking dig with +unexpected argument will allow it
                        to process replies from unexpected sources.

5283.   [bug]           When a response-policy zone expires, ensure that
                        its policies are removed from the RPZ summary
                        database. [GL #1146]

5282.   [bug]           Fixed a bug in searching for possible wildcard matches
                        for query names in the RPZ summary database. [GL #1146]

5281.   [cleanup]       Don't escape commas when reporting named's command
                        line. [GL #1189]

5280.   [protocol]      Add support for displaying EDNS option LLQ. [GL #1201]

5279.   [bug]           When loading, reject zones containing CDS or CDNSKEY
                        RRsets at the zone apex if they would cause DNSSEC
                        validation failures if published in the parent zone
                        as the DS RRset.  [GL #1187]

5278.   [func]          Add YAML output formats for dig, mdig and delv;
                        use the "+yaml" option to enable. [GL #1145]
        --- 9.15.3 released ---

5277.   [bug]           Cache DB statistics could underflow when serve-stale
                        was in use, because of a bug in counter maintenance
                        when RRsets become stale.

                        Functions for dumping statistics have been updated
                        to dump active, stale, and ancient statistic
                        counters.  Ancient RRset counters are prefixed
                        with '~'; stale RRset counters are still prefixed
                        with '#'. [GL #602]

5276.   [func]          DNSSEC Lookaside Validation (DLV) is now obsolete;
                        all code enabling its use has been removed from the
                        validator, "delv", and the DNSSEC tools. [GL #7]

5275.   [bug]           Mark DS records included in referral messages
                        with trust level "pending" so that they can be
                        validated and cached immediately, with no need to
                        re-query. [GL #964]

5274.   [bug]           Address potential use after free race when shutting
                        down rpz. [GL #1175]

5273.   [bug]           Check that bits [64..71] of a dns64 prefix are zero.
                        [GL #1159]

5272.   [cleanup]       Remove isc-config.sh script as the BIND 9 libraries
                        are now purely internal. [GL #1123]

5271.   [func]          The normal (non-debugging) output of dnssec-signzone
                        and dnssec-verify tools now goes to stdout, instead of
                        the combination of stderr and stdout.

5270.   [bug]           'dig +expandaaaa +short' did not work. [GL #1152]

5269.   [port]          cygwin: can return ETIMEDOUT on connect() with a
                        non-blocking socket. [GL #1133]

5268.   [placeholder]

5267.   [func]          Allow statistics groups display to be toggle-able.
                        [GL #1030]

5266.   [bug]           named-checkconf failed to report dnstap-output
                        missing from named.conf when dnstap was specified.
                        [GL #1136]

5265.   [bug]           DNS64 and RPZ nodata (CNAME *.) rules interacted badly
                        [GL #1106]

5264.   [func]          New DNS Cookie algorithm - siphash24 - has been added
                        to BIND 9, and the old HMAC-SHA DNS Cookie algorithms
                        have been removed. [GL #605]
        --- 9.15.2 released ---

5263.   [cleanup]       Use atomics and isc_refcount_t wherever possible.
                        [GL #1038]

5262.   [func]          Removed support for the legacy GeoIP API. [GL #1112]

5261.   [cleanup]       Remove SO_BSDCOMPAT socket option usage.

5260.   [bug]           dnstap-read was producing malformed output for large
                        packets. [GL #1093]

5259.   [func]          New option '-i' for 'named-checkconf' to ignore
                        warnings about deprecated options. [GL #1101]

5258.   [func]          Added support for the GeoIP2 API from MaxMind. This
                        will be compiled in by default if the "libmaxminddb"
                        library is found at compile time, but can be
                        suppressed using "configure --disable-geoip".

                        Certain geoip ACL settings that were available with
                        legacy GeoIP are not available when using GeoIP2.
                        [GL #182]

5257.   [bug]           Some statistics data was not being displayed.
                        Add shading to the zone tables. [GL #1030]

5256.   [bug]           Ensure that glue records are included in root
                        priming responses if "minimal-responses" is not
                        set to "yes". [GL #1092]

5255.   [bug]           Errors encountered while reloading inline-signing
                        zones could be ignored, causing the zone content to
                        be left in an incompletely updated state rather than
                        reverted. [GL #1109]

5254.   [func]          Collect metrics to report to the statistics-channel
                        DNSSEC signing operations (dnssec-sign) and refresh
                        operations (dnssec-refresh) per zone and per keytag.
                        [GL #513]

5253.   [port]          Support platforms that don't define ULLONG_MAX.
                        [GL #1098]

5252.   [func]          Report if the last 'rndc reload/reconfig' failed in
                        rndc status. [GL !2040]

5251.   [bug]           Statistics were broken in x86 Windows builds.
                        [GL #1081]

5250.   [func]          The default size for RSA keys is now 2048 bits,
                        for both ZSKs and KSKs. [GL #1097]

5249.   [bug]           Fix a possible underflow in recursion clients
                        statistics when hitting recursive clients
                        soft quota. [GL #1067]
        --- 9.15.1 released ---

5248.   [func]          To clarify the configuration of DNSSEC keys,
                        the "managed-keys" and "trusted-keys" options
                        have both been deprecated.  The new "dnssec-keys"
                        statement can now be used for all trust anchors,
                        with the keywords "iniital-key" or "static-key"
                        to indicate whether the configured trust anchor
                        should be used for initialization of RFC 5011 key
                        management, or as a permanent trust anchor.

                        The "static-key" keyword will generate a warning if
                        used for the root zone.

                        Configurations using "trusted-keys" or "managed-keys"
                        will continue to work with no changes, but will
                        generate warnings in the log. In a future release,
                        these options will be marked obsolete. [GL #6]

5247.   [cleanup]       The 'cleaning-interval' option has been removed.
                        [GL !1731]

5246.   [func]          Log TSIG if appropriate in 'sending notify to' message.
                        [GL #1058]

5245.   [cleanup]       Reduce logging level for IXFR up-to-date poll
                        responses. [GL #1009]

5244.   [security]      Fixed a race condition in dns_dispatch_getnext()
                        that could cause an assertion failure if a
                        significant number of incoming packets were
                        rejected. (CVE-2019-6471) [GL #942]

5243.   [bug]           Fix a possible race between dispatcher and socket
                        code in a high-load cold-cache resolver scenario.
                        [GL #943]

5242.   [bug]           In relaxed qname minimization mode, fall back to
                        normal resolution when encountering a lame
                        delegation, and use _.domain/A queries rather
                        than domain/NS. [GL #1055]

5241.   [bug]           Fix Ed448 private and public key ASN.1 prefix blobs.
                        [GL #225]

5240.   [bug]           Remove key id calculation for RSAMD5. [GL #996]

5239.   [func]          Change the json-c detection to pkg-config. [GL #855]

5238.   [bug]           Fix a possible deadlock in TCP code. [GL #1046]

5237.   [bug]           Recurse to find the root server list with 'dig +trace'.
                        [GL #1028]

5236.   [func]          Add SipHash 2-4 implementation in lib/isc/siphash.c
                        and switch isc_hash_function() to use SipHash 2-4.
                        [GL #605]

5235.   [cleanup]       Refactor lib/isc/app.c to be thread-safe, unused
                        parts of the API has been removed and the
                        isc_appctx_t data type has been changed to be
                        fully opaque. [GL #1023]

5234.   [port]          arm: just use the compiler's default support for
                        yield. [GL #981]
        --- 9.15.0 released ---

5233.   [bug]           Negative trust anchors did not work with "forward only;"
                        to validating resolvers. [GL #997]

5232.   [placeholder]

5231.   [protocol]      Add support for displaying CLIENT-TAG and SERVER-TAG.
                        [GL #960]

5230.   [protocol]      The SHA-1 hash algorithm is no longer used when
                        generating DS and CDS records. [GL #1015]

5229.   [protocol]      Enforce known SSHFP fingerprint lengths. [GL #852]

5228.   [func]          If trusted-keys and managed-keys were configured
                        simultaneously for the same name, the key could
                        not be be rolled automatically. This is now
                        a fatal configuration error. [GL #868]

5227.   [placeholder]

5226.   [placeholder]

5225.   [func]          Allow dig to print out AAAA record fully expanded.
                        with +[no]expandaaaa. [GL #765]

5224.   [bug]           Only test provide-ixfr on TCP streams. [GL #991]

5223.   [bug]           Fixed a race in the filter-aaaa plugin accessing
                        the hash table. [GL #1005]

5222.   [bug]           'delv -t ANY' could leak memory. [GL #983]

5221.   [test]          Enable parallel execution of system tests on
                        Windows. [GL !4101]

5220.   [cleanup]       Refactor the isc_stat structure to take advantage
                        of stdatomic. [GL !1493]

5219.   [bug]           Fixed a race in the filter-aaaa plugin that could
                        trigger a crash when returning an instance object
                        to the memory pool. [GL #982]

5218.   [bug]           Conditionally include <dlfcn.h>. [GL #995]

5217.   [bug]           Restore key id calculation for RSAMD5. [GL #996]

5216.   [bug]           Fetches-per-zone counter wasn't updated correctly
                        when doing qname minimization. [GL #992]

5215.   [bug]           Change #5124 was incomplete; named could still
                        return FORMERR instead of SERVFAIL in some cases.
                        [GL #990]

5214.   [bug]           win32: named now removes its lock file upon shutdown.
                        [GL #979]

5213.   [bug]           win32: Eliminated a race which allowed named.exe running
                        as a service to be killed prematurely during shutdown.
                        [GL #978]

5212.   [placeholder]

5211.   [bug]           Allow out-of-zone additional data to be included
                        in authoritative responses if recursion is allowed
                        and "minimal-responses" is disabled.  This behavior
                        was inadvertently removed in change #4605. [GL #817]

5210.   [bug]           When dnstap is enabled and recursion is not
                        available, incoming queries are now logged
                        as "auth". Previously, this depended on whether
                        recursion was requested by the client, not on
                        whether recursion was available. [GL #963]

5209.   [bug]           When update-check-ksk is true, add_sigs was not
                        considering offline keys, leaving record sets signed
                        with the incorrect type key. [GL #763]

5208.   [test]          Run valid rdata wire encodings through totext+fromtext
                        and tofmttext+fromtext methods to check these methods.
                        [GL #899]

5207.   [test]          Check delv and dig TTL values. [GL #965]

5206.   [bug]           Delv could print out bad TTLs. [GL #965]

5205.   [bug]           Enforce that a DS hash exists. [GL #899]

5204.   [test]          Check that dns_rdata_fromtext() produces a record that
                        will be accepted by dns_rdata_fromwire(). [GL #852]

5203.   [bug]           Enforce whether key rdata exists or not in KEY,
                        DNSKEY, CDNSKEY and RKEY. [GL #899]

5202.   [bug]           <dns/ecs.h> was missing ISC_LANG_ENDDECLS. [GL #976]

5201.   [bug]           Fix a possible deadlock in RPZ update code. [GL #973]

5200.   [security]      tcp-clients settings could be exceeded in some cases,
                        which could lead to exhaustion of file descriptors.
                        (CVE-2018-5743) [GL #615]

5199.   [security]      In certain configurations, named could crash
                        if nxdomain-redirect was in use and a redirected
                        query resulted in an NXDOMAIN from the cache.
                        (CVE-2019-6467) [GL #880]

5198.   [bug]           If a fetch context was being shut down and, at the same
                        time, we returned from qname minimization, an INSIST
                        could be hit. [GL #966]

5197.   [bug]           dig could die in best effort mode on multiple SIG(0)
                        records. Similarly on multiple OPT and multiple TSIG
                        records. [GL #920]

5196.   [bug]           make install failed with --with-dlopen=no. [GL #955]

5195.   [bug]           "allow-update" and "allow-update-forwarding" were
                        treated as configuration errors if used at the
                        options or view level. [GL #913]

5194.   [bug]           Enforce non empty ZOMEMD hash. [GL #899]

5193.   [bug]           EID and NIMLOC failed to do multi-line output
                        correctly. [GL #899]

5192.   [placeholder]

5191.   [placeholder]

5190.   [bug]           Ignore trust anchors using disabled algorithms.
                        [GL #806]

5189.   [cleanup]       Remove revoked root DNSKEY from bind.keys. [GL #945]

5188.   [func]          The "dnssec-enable" option is deprecated and no
                        longer has any effect; DNSSEC responses are
                        always enabled. [GL #866]

5187.   [test]          Set time zone before running any tests in dnstap_test.
                        [GL #940]

5186.   [cleanup]       More dnssec-keygen manual tidying. [GL !1678]

5185.   [placeholder]

5184.   [bug]           Missing unlocks in sdlz.c. [GL #936]

5183.   [bug]           Reinitialize ECS data before reusing client
                        structures. [GL #881]

5182.   [bug]           Fix a high-load race/crash in handling of
                        isc_socket_close() in resolver. [GL #834]

5181.   [func]          Add a mechanism for a DLZ module to signal that
                        the view's allow-transfer ACL should be used to
                        determine whether transfers are allowed. [GL #803]

5180.   [bug]           delv now honors the operating system's preferred
                        ephemeral port range. [GL #925]

5179.   [cleanup]       Replace some vague type declarations with the more
                        specific dns_secalg_t and dns_dsdigest_t.
                        Thanks to Tony Finch. [GL !1498]

5178.   [bug]           Handle EDQUOT (disk quota) and ENOSPC (disk full)
                        errors when writing files. [GL #902]

5177.   [func]          Add the ability to specify in named.conf whether a
                        response-policy zone's SOA record should be added
                        to the additional section (add-soa yes/no). [GL #865]

5176.   [tests]         Remove a dependency on libxml in statschannel system
                        test. [GL #926]

5175.   [bug]           Fixed a problem with file input in dnssec-keymgr,
                        dnssec-coverage and dnssec-checkds when using
                        python3. [GL #882]

5174.   [doc]           Tidy dnssec-keygen manual. [GL !1557]

5173.   [bug]           Fixed a race in socket code that could occur when
                        accept, send, or recv were called from an event
                        loop but the socket had been closed by another
                        thread. [RT #874]

5172.   [bug]           nsupdate now honors the operating system's preferred
                        ephemeral port range. [GL #905]

5171.   [func]          named plugins are now installed into a separate
                        directory.  Supplying a filename (a string without path
                        separators) in a "plugin" configuration stanza now
                        causes named to look for that plugin in that directory.
                        [GL #878]

5170.   [test]          Added --with-dlz-filesystem to feature-test. [GL !1587]

5169.   [bug]           The presence of certain types in an otherwise
                        empty node could cause a crash while processing a
                        type ANY query. [GL #901]

5168.   [bug]           Do not crash on shutdown when RPZ fails to load.  Also,
                        keep previous version of the database if RPZ fails to
                        load. [GL #813]

5167.   [bug]           nxdomain-redirect could sometimes lookup the wrong
                        redirect name. [GL #892]

5166.   [placeholder]

5165.   [contrib]       Removed SDB drivers from contrib; they're obsolete.
                        [GL #428]

5164.   [bug]           Correct errno to result translation in dlz filesystem
                        modules. [GL #884]

5163.   [cleanup]       Out-of-tree builds failed --enable-dnstap. [GL #836]

5162.   [cleanup]       Improve dnssec-keymgr manual. Thanks to Tony Finch.
                        [GL !1518]

5161.   [bug]           Do not require the SEP bit to be set for mirror zone
                        trust anchors. [GL #873]

5160.   [contrib]       Added DNAME support to the DLZ LDAP schema. Also
                        fixed a compilation bug affecting several DLZ
                        modules. [GL #872]

5159.   [bug]           dnssec-coverage was incorrectly ignoring
                        names specified on the command line without
                        trailing dots. [GL !1478]

5158.   [protocol]      Add support for AMTRELAY and ZONEMD. [GL #867]

5157.   [bug]           Nslookup now errors out if there are extra command
                        line arguments. [GL #207]

5156.   [doc]           Extended and refined the section of the ARM describing
                        mirror zones. [GL #774]

5155.   [func]          "named -V" now outputs the default paths to
                        named.conf, rndc.conf, bind.keys, and other
                        files used or created by named and other tools, so
                        that the correct paths to these files can quickly be
                        determined regardless of the configure settings
                        used when BIND was built. [GL #859]

5154.   [bug]           dig: process_opt could be called twice on the same
                        message leading to a assertion failure. [GL #860]

5153.   [func]          Zone transfer statistics (size, number of records, and
                        number of messages) are now logged for outgoing
                        transfers as well as incoming ones. [GL #513]

5152.   [func]          Improved logging of DNSSEC key events:
                        - Zone signing and DNSKEY maintenance events are
                          now logged to the "dnssec" category
                        - Messages are now logged when DNSSEC keys are
                          published, activated, inactivated, deleted,
                          or revoked.
                        [GL #714]

5151.   [func]          Options that have been been marked as obsolete in
                        named.conf for a very long time are now fatal
                        configuration errors. [GL #358]

5150.   [cleanup]       Remove the ability to compile BIND with assertions
                        disabled. [GL #735]

5149.   [func]          "rndc dumpdb" now prints a line above a stale RRset
                        indicating how long the data will be retained in the
                        cache for emergency use. [GL #101]

5148.   [bug]           named did not sign the TKEY response. [GL #821]

5147.   [bug]           dnssec-keymgr: Add a five-minute margin to better
                        handle key events close to 'now'. [GL #848]

5146.   [placeholder]

5145.   [func]          Use atomics instead of locked variables for isc_quota
                        and isc_counter. [GL !1389]

5144.   [bug]           dig now returns a non-zero exit code when a TCP
                        connection is prematurely closed by a peer more than
                        once for the same lookup.  [GL #820]

5143.   [bug]           dnssec-keymgr and dnssec-coverage failed to find
                        key files for zone names ending in ".". [GL #560]

5142.   [cleanup]       Removed "configure --disable-rpz-nsip" and
                        "--disable-rpz-nsdname" options. "nsip-enable"
                        and "nsdname-enable" both now default to yes,
                        regardless of compile-time settings. [GL #824]

5141.   [security]      Zone transfer controls for writable DLZ zones were
                        not effective as the allowzonexfr method was not being
                        called for such zones. (CVE-2019-6465) [GL #790]

5140.   [bug]           Don't immediately mark existing keys as inactive and
                        deleted when running dnssec-keymgr for the first
                        time. [GL #117]

5139.   [bug]           If possible, don't use forwarders when priming.
                        This ensures we can get root server IP addresses
                        from priming query response glue, which may not
                        be present if the forwarding server is returning
                        minimal responses. [GL #752]

5138.   [bug]           Under some circumstances named could hit an assertion
                        failure when doing qname minimization when using
                        forwarders. [GL #797]

5137.   [func]          named now logs messages whenever a mirror zone becomes
                        usable or unusable for resolution purposes. [GL #818]

5136.   [cleanup]       Check in named-checkconf that allow-update and
                        allow-update-forwarding are not set at the
                        view/options level; fix documentation. [GL #512]

5135.   [port]          sparc: Use smt_pause() instead of pause. [GL #816]

5134.   [bug]           win32: WSAStartup was not called before getservbyname
                        was called. [GL #590]

5133.   [bug]           'rndc managed-keys' didn't handle class and view
                        correctly and failed to add new lines between each
                        view. [GL !1327]

5132.   [bug]           Fix race condition in cleanup part of dns_dt_create().
                        [GL !1323]

5131.   [cleanup]       Address Coverity warnings. [GL #801]

5130.   [cleanup]       Remove support for l10n message catalogs. [GL #709]

5129.   [contrib]       sdlz_helper.c:build_querylist was not properly
                        splitting the query string. [GL #798]

5128.   [bug]           Refreshkeytime was not being updated for managed
                        keys zones. [GL #784]

5127.   [bug]           rcode.c:maybe_numeric failed to handle NUL in text
                        regions. [GL #807]

5126.   [bug]           Named incorrectly accepted empty base64 and hex encoded
                        fields when reading master files. [GL #807]

5125.   [bug]           Allow for up to 100 records or 64k of data when caching
                        a negative response. [GL #804]

5124.   [bug]           Named could incorrectly return FORMERR rather than
                        SERVFAIL. [GL #804]

5123.   [bug]           dig could hang indefinitely after encountering an error
                        before creating a TCP socket. [GL #692]

5122.   [bug]           In a "forward first;" configuration, a forwarder
                        timeout did not prevent that forwarder from being
                        queried again after falling back to full recursive
                        resolution. [GL #315]

5121.   [contrib]       dlz_stub_driver.c fails to return ISC_R_NOTFOUND on none
                        matching zone names. [GL !1299]

5120.   [placeholder]

5119.   [placeholder]

5118.   [security]      Named could crash if it is managing a key with
                        `managed-keys` and the authoritative zone is rolling
                        the key to an unsupported algorithm. (CVE-2018-5745)
                        [GL #780]

5117.   [placeholder]

5116.   [bug]           Named/named-checkconf triggered a assertion when
                        a mirror zone's name is bad. [GL #778]

5115.   [bug]           Allow unsupported algorithms in zone when not used for
                        signing with dnssec-signzone. [GL #783]

5114.   [func]          Include a 'reconfig/reload in progress' status line
                        in rndc status, use it in tests.

5113.   [port]          Fixed a Windows build error.

5112.   [bug]           Named/named-checkconf could dump core if there was
                        a missing masters clause and a bad notify clause.
                        [GL #779]

5111.   [bug]           Occluded DNSKEY records could make it into the
                        delegating NSEC/NSEC3 bitmap. [GL #742]

5110.   [security]      Named leaked memory if there were multiple Key Tag
                        EDNS options present. (CVE-2018-5744) [GL #772]

5109.   [cleanup]       Remove support for RSAMD5 algorithm. [GL #628]
        --- 9.13.5 released ---

5108.   [bug]           Named could fail to determine bottom of zone when
                        removing out of date keys leading to invalid NSEC
                        and NSEC3 records being added to the zone. [GL #771]

5107.   [bug]           'host -U' did not work. [GL #769]

5106.   [experimental]  A new "plugin" mechanism has been added to allow
                        extension of query processing functionality through
                        the use of dynamically loadable libraries. A
                        "filter-aaaa.so" plugin has been implemented,
                        replacing the filter-aaaa feature that was formerly
                        implemented as a native part of BIND.

                        The "filter-aaaa", "filter-aaaa-on-v4" and
                        "filter-aaaa-on-v6" options can no longer be
                        configured using native named.conf syntax. However,
                        loading the filter-aaaa.so plugin and setting its
                        parameters provides identical functionality.

                        Note that the plugin API is a work in progress and
                        is likely to evolve as further plugins are
                        implemented. [GL #15]

5105.   [bug]           Fix a race between process_fd and socketclose in
                        unix socket code. [GL #744]

5104.   [cleanup]       Log clearer informational message when a catz zone
                        is overridden by a zone in named.conf.
                        Thanks to Tony Finch. [GL !1157]

5103.   [bug]           Add missing design by contract tests to dns_catz*.
                        [GL #748]

5102.   [bug]           dnssec-coverage failed to use the default TTL when
                        checking KSK deletion times leading to a exception.
                        [GL #585]

5101.   [bug]           Fix default installation path for Python modules and
                        remove the dnspython dependency accidentally introduced
                        by change 4970. [GL #730]

5100.   [func]          Pin resolver tasks to specific task queues. [GL !1117]

5099.   [func]          Failed mutex and conditional creations are always
                        fatal. [GL #674]
        --- 9.13.4 released ---

5098.   [func]          Failed memory allocations are now fatal. [GL #674]

5097.   [cleanup]       Remove embedded ATF unit testing framework
                        from BIND source distribution.  [GL !875]

5096.   [func]          Use multiple event loops in socket code, and
                        make network threads CPU-affinitive.  This
                        significantly improves performance on large
                        systems. [GL #666]

5095.   [test]          Converted all unit tests from ATF to CMocka;
                        removed the source code for the ATF libraries.
                        Build with "configure --with-cmocka" to enable
                        unit testing. [GL #620]

5094.   [func]          Add 'dig -r' to disable reading of .digrc. [GL !970]

5093.   [bug]           Log lame qname-minimization servers only if they're
                        really lame. [GL #671]

5092.   [bug]           Address memory leak on SIGTERM in nsupdate when using
                        GSS-TSIG. [GL #558]

5091.   [func]          Two new global and per-view options min-cache-ttl
                        and min-ncache-ttl [GL #613]

5090.   [bug]           dig and mdig failed to properly pre-parse dash value
                        pairs when value was a separate argument and started
                        with a dash. [GL #584]

5089.   [bug]           Restore localhost fallback in dig and host which is
                        used when no nameserver addresses present in
                        /etc/resolv.conf are usable due to the requested
                        address family restrictions. [GL #433]

5088.   [bug]           dig/host/nslookup could crash when interrupted close to
                        a query timeout. [GL #599]

5087.   [test]          Check that result tables are complete. [GL #676]

5086.   [func]          Log of RPZ now includes the QTYPE and QCLASS. [GL #623]

5085.   [bug]           win32: Restore looking up nameservers, search list,
                        etc. [GL #186]

5084.   [placeholder]

5083.   [func]          Add autoconf macro AX_POSIX_SHELL, so we
                        can use POSIX-compatible shell features
                        in the scripts.

5082.   [bug]           Fixed a race that could cause a crash in
                        dig/host/nslookup. [GL #650]

5081.   [func]          Use per-worker queues in task manager, make task
                        runners CPU-affine. [GL #659]

5080.   [func]          Improvements to "rndc nta" user interface:
                        - catch and report invalid command line options
                        - when removing an NTA from all views, do not
                          abort with an error if the NTA was not found
                          in one of the views
                        - include the view name in "rndc nta -dump"
                          output, for consistency with the add and remove
                          actions
                        Thanks to Tony Finch. [GL !816]

5079.   [func]          Disable IDN processing in dig and nslookup
                        when not on a tty. [GL #653]

5078.   [cleanup]       Require python components to be explicitly disabled if
                        python is not available on unix platforms. [GL #601]

5077.   [cleanup]       Remove ip6.int support (-i) from dig and mdig.
                        [GL !969]

5076.   [bug]           "require-server-cookie" was not effective if
                        "rate-limit" was configured. [GL #617]

5075.   [bug]           Refresh nameservers from cache when sending final
                        query in qname minimization. [GL #16]

5074.   [cleanup]       Remove vector socket functions - isc_socket_recvv(),
                        isc_socket_sendtov(), isc_socket_sendtov2(),
                        isc_socket_sendv() - in order to simplify socket code.
                        [GL #645]

5073.   [bug]           Destroy a task first when destroying rpzs and catzs.
                        [GL #84]

5072.   [bug]           Add unit tests for isc_buffer_copyregion() and fix its
                        behavior for auto-reallocated buffers. [GL #644]

5071.   [bug]           Comparison of NXT records was broken. [GL #631]

5070.   [bug]           Record types which support a empty rdata field were
                        not handling the empty rdata field case. [GL #638]

5069.   [bug]           Fix a hang on in RPZ when named is shutdown during RPZ
                        zone update. [GL !907]

5068.   [bug]           Fix a race in RPZ with min-update-interval set to 0.
                        [GL #643]

5067.   [bug]           Don't minimize qname when sending the query
                        to a forwarder. [GL #361]

5066.   [cleanup]       Allow unquoted strings to be used as a zone names
                        in response-policy statements. [GL #641]

5065.   [bug]           Only set IPV6_USE_MIN_MTU on IPv6. [GL #553]

5064.   [test]          Initialize TZ environment variable before calling
                        dns_test_begin in dnstap_test. [GL #624]

5063.   [test]          In statschannel test try a few times before failing
                        when checking if the compressed output is the same as
                        uncompressed. [GL !909]

5062.   [func]          Use non-crypto-secure PRNG to generate nonces for
                        cookies. [GL !887]

5061.   [protocol]      Add support for EID and NIMLOC. [GL #626]

5060.   [bug]           GID, UID and UINFO could not be loaded using unknown
                        record format. [GL #627]

5059.   [bug]           Display a per-view list of zones in the web interface.
                        [GL #427]

5058.   [func]          Replace old message digest and hmac APIs with more
                        generic isc_md and isc_hmac APIs, and convert their
                        respective tests to cmocka. [GL #305]

5057.   [protocol]      Add support for ATMA. [GL #619]

5056.   [placeholder]

5055.   [func]          A default list of primary servers for the root zone is
                        now built into named, allowing the "masters" statement
                        to be omitted when configuring an IANA root zone
                        mirror. [GL #564]

5054.   [func]          Attempts to use mirror zones with recursion disabled
                        are now considered a configuration error. [GL #564]

5053.   [func]          The only valid zone-level NOTIFY settings for mirror
                        zones are now "notify no;" and "notify explicit;".
                        [GL #564]

5052.   [func]          Mirror zones are now configured using "type mirror;"
                        rather than "mirror yes;". [GL #564]

5051.   [doc]           Documentation incorrectly stated that the
                        "server-addresses" static-stub zone option accepts
                        custom port numbers. [GL #582]

5050.   [bug]           The libirs version of getaddrinfo() was unable to parse
                        scoped IPv6 addresses present in /etc/resolv.conf.
                        [GL #187]

5049.   [cleanup]       QNAME minimization has been deeply refactored. [GL #16]

5048.   [func]          Add configure option to enable and enforce FIPS mode
                        in BIND 9. [GL #506]

5047.   [bug]           Messages logged for certain query processing failures
                        now include a more specific error description if it is
                        available. [GL #572]

5046.   [bug]           named could crash during shutdown if an RPZ
                        reload was in progress. [RT #46210]

5045.   [func]          Remove support for DNSSEC algorithms 3 (DSA)
                        and 6 (DSA-NSEC3-SHA1). [GL #22]

5044.   [cleanup]       If "dnssec-enable" is no, then "dnssec-validation"
                        now also defaults to no.  [GL #388]

5043.   [bug]           Fix creating and validating EdDSA signatures. [GL #579]

5042.   [test]          Make the chained delegations in reclimit behave
                        like they would in a regular name server. [GL #578]

5041.   [test]          The chain test contains a incomplete delegation.
                        [GL #568]

5040.   [func]          Extended dnstap so that it can log UPDATE requests
                        and responses as separate message types. Thanks
                        to Greg Rabil. [GL #570]

5039.   [bug]           Named could fail to preserve owner name case of new
                        RRset. [GL #420]

5038.   [bug]           Chaosnet addresses were compared incorrectly.
                        [GL #562]

5037.   [func]          "allow-recursion-on" and "allow-query-cache-on"
                        each now default to the other if only one of them
                        is set, in order to be more consistent with the way
                        "allow-recursion" and "allow-query-cache" work.
                        Also we now ensure that both query-cache ACLs are
                        checked when determining cache access. [GL #319]

5036.   [cleanup]       Fixed a spacing/formatting error in some RPZ-related
                        error messages in the log. [GL !805]

5035.   [test]          Fixed errors that prevented the DNSRPS subtests
                        from running in the rpz and rpzrecurse system
                        tests. [GL #503]

5034.   [bug]           A race between threads could prevent zone maintenance
                        scheduled immediately after zone load from being
                        performed. [GL #542]

5033.   [bug]           When adding NTAs to multiple views using "rndc nta",
                        the text returned via rndc was incorrectly terminated
                        after the first line, making it look as if only one
                        NTA had been added. Also, it was not possible to
                        differentiate between views with the same name but
                        different classes; this has been corrected with the
                        addition of a "-class" option. [GL #105]

5032.   [func]          Add krb5-selfsub and ms-selfsub update policy rules.
                        [GL #511]

5031.   [cleanup]       Various defines in platform.h has been either dropped
                        if always or never triggered on supported platforms
                        or replaced with config.h equivalents if the defines
                        didn't have any impact on public headers.  Workarounds
                        for LinuxThreads have been removed because NPTL is
                        available since Linux kernel 2.6.0.  [GL #525]

5030.   [bug]           Align CMSG buffers to a 64-bit boundary, fixes crash
                        on architectures with strict alignment. [GL #521]
        --- 9.13.3 released ---

5029.   [func]          Workarounds for servers that misbehave when queried
                        with EDNS have been removed, because these broken
                        servers and the workarounds for their noncompliance
                        cause unnecessary delays, increase code complexity,
                        and prevent deployment of new DNS features. See
                        https://dnsflagday.net for further details. [GL #150]

5028.   [bug]           Spread the initial RRSIG expiration times over the
                        entire working sig-validity-interval when signing a
                        zone in named to even out re-signing and transfer
                        loads. [GL #418]

5027.   [func]          Set SO_SNDBUF size on sockets. [GL #74]

5026.   [bug]           rndc reconfig should not touch already loaded zones.
                        [GL #276]

5025.   [cleanup]       Remove isc_keyboard family of functions. [GL #178]

5024.   [func]          Replace custom assembly for atomic operations with
                        atomic support from the compiler. The code will now use
                        C11 stdatomic, or __atomic, or __sync builtins with GCC
                        or Clang compilers, and Interlocked functions with MSVC.
                        [GL #10]

5023.   [cleanup]       Remove wrappers that try to fix broken or incomplete
                        implementations of IPv6, pthreads and other core
                        functionality required and used by BIND. [GL #192]

5022.   [doc]           Update ms-self, ms-subdomain, krb5-self, and
                        krb5-subdomain documentation. [GL !708]

5021.   [bug]           dig returned a non-zero exit code when it received a
                        reply over TCP after a retry. [GL #487]

5020.   [func]          RNG uses thread-local storage instead of locks, if
                        supported by platform. [GL #496]

5019.   [cleanup]       A message is now logged when ixfr-from-differences is
                        set at zone level for an inline-signed zone. [GL #470]

5018.   [bug]           Fix incorrect sizeof arguments in lib/isc/pk11.c.
                        [GL !588]

5017.   [bug]           lib/isc/pk11.c failed to unlink the session before
                        releasing the lock which is unsafe. [GL !589]

5016.   [bug]           Named could assert with overlapping filter-aaaa and
                        dns64 acls. [GL #445]

5015.   [bug]           Reloading all zones caused zone maintenance to cease
                        for inline-signed zones. [GL #435]

5014.   [bug]           Signatures loaded from the journal for the signed
                        version of an inline-signed zone were not scheduled for
                        refresh. [GL #482]

5013.   [bug]           A referral response with a non-empty ANSWER section was
                        inadvertently being treated as an error. [GL #390]

5012.   [bug]           Fix lock order reversal in pk11_initialize. [GL !590]

5011.   [func]          Remove support for unthreaded named. [GL #478]

5010.   [func]          New "validate-except" option specifies a list of
                        domains beneath which DNSSEC validation should not
                        be performed. [GL #237]

5009.   [bug]           Upon an OpenSSL failure, the first error in the OpenSSL
                        error queue was not logged. [GL #476]

5008.   [bug]           "rndc signing -nsec3param ..." requests were silently
                        ignored for zones which were not yet loaded or
                        transferred. [GL #468]

5007.   [cleanup]       Replace custom ISC boolean and integer data types
                        with C99 stdint.h and stdbool.h types. [GL #9]

5006.   [cleanup]       Code preparing a delegation response was extracted from
                        query_delegation() and query_zone_delegation() into a
                        separate function in order to decrease code
                        duplication. [GL #431]

5005.   [bug]           dnssec-verify, and dnssec-signzone at the verification
                        step, failed on some validly signed zones. [GL #442]

5004.   [bug]           'rndc reconfig' could cause inline zones to stop
                        re-signing. [GL #439]

5003.   [bug]           dns_acl_isinsecure did not handle geoip elements.
                        [GL #406]

5002.   [bug]           mdig: Handle malformed +ednsopt option, support 100
                        +ednsopt options per query rather than 100 total and
                        address memory leaks if +ednsopt was specified.
                        [GL #410]

5001.   [bug]           Fix refcount errors on error paths. [GL !563]

5000.   [bug]           named_server_servestale() could leave the server in
                        exclusive mode if an error occurred. [GL #441]

4999.   [cleanup]       Remove custom printf implementation in lib/isc/print.c.
                        [GL #261]

4998.   [test]          Make resolver and cacheclean tests more civilized.

4997.   [security]      named could crash during recursive processing
                        of DNAME records when "deny-answer-aliases" was
                        in use. (CVE-2018-5740) [GL #387]

4996.   [bug]           dig: Handle malformed +ednsopt option. [GL #403]

4995.   [test]          Add tests for "tcp-self" update policy. [GL !282]

4994.   [bug]           Trust anchor telemetry queries were not being sent
                        upstream for locally served zones. [GL #392]

4993.   [cleanup]       Remove support for silently ignoring 'no-change' deltas
                        from BIND 8 when processing an IXFR stream. 'no-change'
                        deltas will now trigger a fallback to AXFR as the
                        recovery mechanism. [GL #369]

4992.   [bug]           The wrong address was being logged for trust anchor
                        telemetry queries. [GL #379]

4991.   [bug]           "rndc reconfig" was incorrectly handling zones whose
                        "mirror" setting was changed. [GL #381]

4990.   [bug]           Prevent a possible NULL reference in pkcs11-keygen.
                        [GL #401]

4989.   [cleanup]       IDN support in dig has been reworked.  IDNA2003
                        fallbacks were removed in the process. [GL #384]

4988.   [bug]           Don't synthesize NXDOMAIN from NSEC for records under
                        a DNAME.
        --- 9.13.2 released ---

4987.   [cleanup]       dns_rdataslab_tordataset() and its related
                        dns_rdatasetmethods_t callbacks were removed as they
                        were not being used by anything in BIND. [GL #371]

4986.   [func]          When built on Linux, BIND now requires the libcap
                        library to set process privileges, unless capability
                        support is explicitly overridden with "configure
                        --disable-linux-caps". [GL #321]

4985.   [func]          Add a new slave zone option, "mirror", to enable
                        serving a non-authoritative copy of a zone that
                        is subject to DNSSEC validation before being
                        used.  For now, this option is only meant to
                        facilitate deployment of an RFC 7706-style local
                        copy of the root zone. [GL #33]

4984.   [bug]           Improve handling of very large incremental
                        zone transfers to prevent journal corruption. [GL #339]

4983.   [func]          Add the ability to not return a DNS COOKIE option
                        when one is present in the request (answer-cookie no;).
                        [GL #173]

4982.   [cleanup]       Return FORMERR if the question section is empty
                        and no COOKIE option is present; this restores
                        older behavior except in the newly specified
                        COOKIE case. [GL #260]

4981.   [bug]           Fix race in cmsg buffer usage in socket code.
                        [GL #180]

4980.   [bug]           Named-checkconf failed to detect bad in-view targets.
                        [GL #288]

4979.   [placeholder]

4978.   [test]          Fix error handling and resolver configuration in the
                        "rpz" system test. [GL #312]

4977.   [func]          When starting up, log the same details that
                        would be reported by 'named -V'. [GL #247]

4976.   [bug]           Log the label with invalid prefix length correctly
                        when loading RPZ zones. [GL #254]

4975.   [bug]           The server cookie computation for sha1 and sha256 did
                        not match the method described in RFC 7873. [GL #356]

4974.   [bug]           Restore default rrset-order to random. [GL #336]

4973.   [func]          verifyzone() and the functions it uses were moved to
                        libdns and refactored to prevent exit() from being
                        called upon failure.  A side effect of that is that
                        dnssec-signzone and dnssec-verify now check for memory
                        leaks upon shutdown. [GL #266]

4972.   [func]          Declare the 'rdata' argument for dns_rdata_tostruct()
                        to be const. [GL #341]

4971.   [bug]           dnssec-signzone and dnssec-verify did not treat records
                        below a DNAME as out-of-zone data. [GL #298]

4970.   [func]          Add QNAME minimization option to resolver. [GL #16]

4969.   [cleanup]       Refactor zone logging functions. [GL #269]
        --- 9.13.1 released ---

4968.   [bug]           If glue records are signed, attempt to validate them.
                        [GL #209]

4967.   [cleanup]       Add "answer-cookie" to the parser, marked obsolete.

4966.   [placeholder]

4965.   [func]          Add support for marking options as deprecated.
                        [GL #322]

4964.   [bug]           Reduce the probability of double signature when deleting
                        a DNSKEY by checking if the node is otherwise signed
                        by the algorithm of the key to be deleted. [GL #240]

4963.   [test]          ifconfig.sh now uses "ip" instead of "ifconfig",
                        if available, to configure the test interfaces on
                        linux.  [GL #302]

4962.   [cleanup]       Move 'named -T' processing to its own function.
                        [GL #316]

4961.   [protocol]      Remove support for ECC-GOST (GOST R 34.11-94).
                        [GL #295]

4960.   [security]      When recursion is enabled, but the "allow-recursion"
                        and "allow-query-cache" ACLs are not specified,
                        they should be limited to local networks,
                        but were inadvertently set to match the default
                        "allow-query", thus allowing remote queries.
                        (CVE-2018-5738) [GL #309]

4959.   [func]          NSID logging (enabled by the "request-nsid" option)
                        now has its own "nsid" category, instead of using the
                        "resolver" category. [GL !332]

4958.   [bug]           Remove redundant space from NSEC3 record. [GL #281]

4957.   [func]          The default setting for "dnssec-validation" is now
                        "auto", which activates DNSSEC validation using the
                        IANA root key. (The default can be changed back to
                        "yes", which activates DNSSEC validation only when keys
                        are explicitly configured in named.conf, by building
                        BIND with "configure --disable-auto-validation".)
                        [GL #30]

4956.   [func]          Change isc_random() to be just PRNG using xoshiro128**,
                        and add isc_nonce_buf() that uses CSPRNG. [GL #289]

4955.   [cleanup]       Silence cppcheck warnings in lib/dns/master.c.
                        [GL #286]

4954.   [func]          Messages about serving of stale answers are now
                        directed to the "serve-stale" logging category.
                        Also clarified serve-stale documentation. [GL !323]

4953.   [bug]           Removed the option to build the red black tree
                        database without a hash table; the non-hashing
                        version was buggy and is not needed. [GL #184]

4952.   [func]          Authoritative server support in named for the
                        EDNS CLIENT-SUBNET option (which was experimental
                        and not practical to deploy) has been removed.

                        The ECS option is still supported in dig and mdig
                        via the +subnet option, and can be parsed and logged
                        when received by named, but it is no longer used
                        for ACL processing. The "geoip-use-ecs" option
                        is now obsolete; a warning will be logged if it is
                        used in named.conf. "ecs" tags in an ACL definition
                        are also obsolete and will cause the configuration
                        to fail to load.  [GL #32]

4951.   [protocol]      Add "HOME.ARPA" to list of built in empty zones as
                        per RFC 8375. [GL #273]
        --- 9.13.0 released ---

4950.   [bug]           ISC_SOCKEVENTATTR_TRUNC was not be set. [GL #238]

4949.   [placeholder]

4948.   [bug]           When request-nsid is turned on, EDNS NSID options
                        should be logged at level info. Since change 3741
                        they have been logged at debug(3) by mistake.
                        [GL !290]

4947.   [func]          Replace all random functions with isc_random(),
                        isc_random_buf() and isc_random_uniform() API.
                        [GL #221]

4946.   [bug]           Additional glue was not being returned by resolver
                        for unsigned zones since change 4596. [GL #209]

4945.   [func]          BIND can no longer be built without DNSSEC support.
                        A cryptography provider (i.e., OpenSSL or a hardware
                        service module with PKCS#11 support) must be
                        available. [GL #244]

4944.   [cleanup]       Silence cppcheck portability warnings in
                        lib/isc/tests/buffer_test.c. [GL #239]

4943.   [bug]           Change 4687 consumed too much memory when running
                        system tests with --with-tuning=large.  Reduced the
                        hash table size to 512 entries for 'named -m record'
                        restoring the previous memory footprint. [GL #248]

4942.   [cleanup]       Consolidate multiple instances of splitting of
                        batchline in dig into a single function. [GL #196]

4941.   [cleanup]       Silence clang static analyzer warnings. [GL #196]

4940.   [cleanup]       Extract the loop in dns__zone_updatesigs() into
                        separate functions to improve code readability.
                        [GL #135]

4939.   [test]          Add basic unit tests for update_sigs(). [GL #135]

4938.   [placeholder]

4937.   [func]          Remove support for OpenSSL < 1.0.0 [GL #191]

4936.   [func]          Always use OpenSSL or PKCS#11 random data providers,
                        and remove the --{enable,disable}-crypto-rand configure
                        options. [GL #165]

4935.   [func]          Add support for LibreSSL >= 2.7.0 (some OpenSSL 1.1.0
                        call were added). [GL #191]

4934.   [security]      The serve-stale feature could cause an assertion failure
                        in rbtdb.c even when stale-answer-enable was false.
                        Simultaneous use of stale cache records and NSEC
                        aggressive negative caching could trigger a recursion
                        loop. (CVE-2018-5737) [GL #185]

4933.   [bug]           Not creating signing keys for an inline signed zone
                        prevented changes applied to the raw zone from being
                        reflected in the secure zone until signing keys were
                        made available. [GL #159]

4932.   [bug]           Bumped signed serial of an inline signed zone was
                        logged even when an error occurred while updating
                        signatures. [GL #159]

4931.   [func]          Removed the "rbtdb64" database implementation.
                        [GL #217]

4930.   [bug]           Remove a bogus check in nslookup command line
                        argument processing. [GL #206]

4929.   [func]          Add the ability to set RA and TC in queries made by
                        dig (+[no]raflag, +[no]tcflag). [GL #213]

4928.   [func]          The "dnskey-sig-validity" option allows
                        "sig-validity-interval" to be overridden for signatures
                        covering DNSKEY RRsets. [GL #145]

4927.   [placeholder]

4926.   [func]          Add root key sentinel support.  To disable, add
                        'root-key-sentinel no;' to named.conf. [GL #37]

4925.   [func]          Several configuration options that define intervals
                        can now take TTL value suffixes (for example, 2h or 1d)
                        in addition to integer parameters. These include
                        max-cache-ttl, max-ncache-ttl, max-policy-ttl,
                        fstrm-set-reopen-interval, interface-interval, and
                        min-update-interval. [GL #203]

4924.   [cleanup]       Clean up the isc_string_* namespace and leave
                        only strlcpy and strlcat. [GL #178]

4923.   [cleanup]       Refactor socket and socket event options into
                        enum types. [GL !135]

4922.   [bug]           dnstap: Log the destination address of client
                        packets rather than the interface address.
                        [GL #197]

4921.   [cleanup]       Add dns_fixedname_initname() and refactor the caller
                        code to make usage of the new function, as a part of
                        refactoring dns_fixedname_*() macros were turned into
                        functions. [GL #183]

4920.   [cleanup]       Clean up libdns removing most of the backwards
                        compatibility wrappers.

4919.   [cleanup]       Clean up the isc_hash_* namespace and leave only
                        the FNV-1a hash implementation. [GL #178]

4918.   [bug]           Fix double free after keygen error in dnssec-keygen
                        when OpenSSL >= 1.1.0 is used and RSA_generate_key_ex
                        fails. [GL #109]

4917.   [func]          Support 64 RPZ policy zones by default. [GL #123]

4916.   [func]          Remove IDNA2003 support and the bundled idnkit-1.0
                        library.

4915.   [func]          Implement IDNA2008 support in dig by adding support
                        for libidn2.  New dig option +idnin has been added,
                        which allows to process invalid domain names much
                        like dig without IDN support.  libidn2 version 2.0
                        or higher is needed for +idnout enabled by default.

4914.   [security]      A bug in zone database reference counting could lead to
                        a crash when multiple versions of a slave zone were
                        transferred from a master in close succession.
                        (CVE-2018-5736) [GL #134]

4913.   [test]          Re-implemented older unit tests in bin/tests as ATF,
                        removed the lib/tests unit testing library. [GL #115]

4912.   [test]          Improved the reliability of the 'cds' system test.
                        [GL #136]

4911.   [test]          Improved the reliability of the 'mkeys' system test.
                        [GL #128]

4910.   [func]          Update util/check-changes to work on release branches.
                        [GL #113]

4909.   [bug]           named-checkconf did not detect in-view zone collisions.
                        [GL #125]

4908.   [test]          Eliminated unnecessary waiting in the allow_query
                        system test. Also changed its name to allow-query.
                        [GL #81]

4907.   [test]          Improved the reliability of the 'notify' system
                        test. [GL #59]

4906.   [func]          Replace getquad() with inet_pton(), completing
                        change #4900. [GL #56]

4905.   [bug]           irs_resconf_load() ignored resolv.conf syntax errors
                        when "domain" or "search" options were present in that
                        file. [GL #110]

4904.   [bug]           Temporarily revert change #4859. [GL #124]

4903.   [bug]           "check-mx fail;" did not prevent MX records containing
                        IP addresses from being added to a zone by a dynamic
                        update. [GL #112]

4902.   [test]          Improved the reliability of the 'ixfr' system
                        test. [GL #66]

4901.   [func]          "dig +nssearch" now lists the name servers
                        for a domain that time out, as well as the servers
                        that respond. [GL #64]

4900.   [func]          Remove all uses of inet_aton().  As a result of this
                        change, IPv4 addresses are now only accepted in
                        dotted-quad format. [GL #13]

4899.   [test]          Convert most of the remaining system tests to be able
                        to run in parallel, continuing the work from change
                        #4895. To take advantage of this, use "make -jN check",
                        where N is the number of processors to use. [GL #91]

4898.   [func]          Remove libseccomp based system-call filtering. [GL #93]

4897.   [test]          Update to rpz system test so that it doesn't recurse.
                        [GL #68]

4896.   [test]          cacheclean system test was not robust. [GL #82]

4895.   [test]          Allow some system tests to run in parallel.
                        [RT #46602]

4894.   [bug]           named could crash while rolling a dnstap output file.
                        [RT #46942]

4893.   [bug]           Address various issues reported by cppcheck. [GL #51]

4892.   [bug]           named could leak memory when "rndc reload" was invoked
                        before all zone loading actions triggered by a previous
                        "rndc reload" command were completed. [RT #47076]

4891.   [placeholder]

4890.   [func]          Remove unused ondestroy callback from libisc.
                        [isc-projects/bind9!3]

4889.   [func]          Warn about the use of old root keys without the new
                        root key being present.  Warn about dlv.isc.org's
                        key being present. Warn about both managed and
                        trusted root keys being present. [RT #43670]

4888.   [test]          Initialize sockets correctly in sample-update so
                        that the nsupdate system test will run on Windows.
                        [RT #47097]

4887.   [test]          Enable the rpzrecurse test to run on Windows.
                        [RT #47093]

4886.   [doc]           Document dig -u in manpage. [RT #47150]

4885.   [security]      update-policy rules that otherwise ignore the name
                        field now require that it be set to "." to ensure
                        that any type list present is properly interpreted.
                        [RT #47126]

4884.   [bug]           named could crash on shutdown due to a race between
                        shutdown_server() and ns__client_request(). [RT #47120]

4883.   [cleanup]       Improved debugging output from dnssec-cds. [RT #47026]

4882.   [bug]           Address potential memory leak in
                        dns_update_signaturesinc. [RT #47084]

4881.   [bug]           Only include dst_openssl.h when OpenSSL is required.
                        [RT #47068]

4880.   [bug]           Named wasn't returning the target of a cross-zone
                        CNAME between two served zones when recursion was
                        desired and available (RD=1, RA=1). (When this is
                        not the case, the CNAME target is deliberately
                        withheld to prevent accidental cache poisoning.)
                        [RT #47078]

4879.   [bug]           dns_rdata_caa:value_len field was too small.
                        [RT #47086]

4878.   [bug]           List 'ply' as a requirement for the 'isc' python
                        package. [RT #47065]

4877.   [bug]           Address integer overflow when exponentially
                        backing off retry intervals. [RT #47041]

4876.   [bug]           Address deadlock with accessing a keytable. [RT #47000]

4875.   [bug]           Address compile failures on older systems. [RT #47015]

4874.   [bug]           Wrong time display when reporting new keywarntime.
                        [RT #47042]

4873.   [doc]           Grammars for named.conf included in the ARM are now
                        automatically generated by the configuration parser
                        itself.  As a side effect of the work needed to
                        separate zone type grammars from each other, this
                        also makes checking of zone statements in
                        named-checkconf more correct and consistent.
                        [RT #36957]

4872.   [bug]           Don't permit loading meta RR types such as TKEY
                        from master files. [RT #47009]

4871.   [bug]           Fix configure glitch in detecting stdatomic.h
                        support on systems with multiple compilers.
                        [RT #46959]

4870.   [test]          Update included ATF library to atf-0.21 preserving
                        the ATF tool. [RT #46967]

4869.   [bug]           Address some cases where NULL with zero length could
                        be passed to memmove which is undefined behavior and
                        can lead to bad optimization. [RT #46888]

4868.   [func]          dnssec-keygen can no longer generate HMAC keys.
                        Use tsig-keygen instead. [RT #46404]

4867.   [cleanup]       Normalize rndc on/off commands (validation,
                        querylog, serve-stale) so they all accept the
                        same synonyms for on/off (yes/no, true/false,
                        enable/disable). Thanks to Tony Finch. [RT #47022]

4866.   [port]          DST library initialization verifies MD5 (when MD5
                        was not disabled) and SHA-1 hash and HMAC support.
                        [RT #46764]

4865.   [cleanup]       Simplify handling isc_socket_sendto2() return values.
                        [RT #46986]

4864.   [bug]           named acting as a slave for a catalog zone crashed if
                        the latter contained a master definition without an IP
                        address. [RT #45999]

4863.   [bug]           Fix various other bugs reported by Valgrind's
                        memcheck tool. [RT #46978]

4862.   [bug]           The rdata flags for RRSIG were not being properly set
                        when constructing a rdataslab. [RT #46978]

4861.   [bug]           The isc_crc64 unit test was not endian independent.
                        [RT #46973]

4860.   [bug]           isc_int8_t should be signed char.  [RT #46973]

4859.   [bug]           A loop was possible when attempting to validate
                        unsigned CNAME responses from secure zones;
                        this caused a delay in returning SERVFAIL and
                        also increased the chances of encountering
                        CVE-2017-3145. [RT #46839]

4858.   [security]      Addresses could be referenced after being freed
                        in resolver.c, causing an assertion failure.
                        (CVE-2017-3145) [RT #46839]

4857.   [bug]           Maintain attach/detach semantics for event->db,
                        event->node, event->rdataset and event->sigrdataset
                        in query.c. [RT #46891]

4856.   [bug]           'rndc zonestatus' reported the wrong underlying type
                        for a inline slave zone. [RT #46875]

4855.   [bug]           isc_time_formatshorttimestamp produced incorrect
                        output. [RT #46938]

4854.   [bug]           query_synthcnamewildcard should stop generating the
                        response if query_synthwildcard fails. [RT #46939]

4853.   [bug]           Add REQUIRE's and INSIST's to isc_time_formatISO8601L
                        and isc_time_formatISO8601Lms. [RT #46916]

4852.   [bug]           Handle strftime() failing in isc_time_formatISO8601ms.
                        Add REQUIRE's and INSIST's to isc_time_formattimestamp,
                        isc_time_formathttptimestamp, isc_time_formatISO8601,
                        isc_time_formatISO8601ms. [RT #46892]

4851.   [port]          Support using kyua as well as atf-run to run the unit
                        tests. [RT #46853]

4850.   [bug]           Named failed to restart with multiple added zones in
                        lmdb database. [RT #46889]

4849.   [bug]           Duplicate zones could appear in the .nzf file if
                        addzone failed. [RT #46435]

4848.   [func]          Zone types "primary" and "secondary" can now be used
                        as synonyms for "master" and "slave" in named.conf.
                        [RT #46713]

4847.   [bug]           dnssec-dnskey-kskonly was not being honored for
                        CDS and CDNSKEY. [RT #46755]

4846.   [test]          Adjust timing values in runtime system test. Address
                        named.pid removal races in runtime system test.
                        [RT #46800]

4845.   [bug]           Dig (non iOS) should exit on malformed names.
                        [RT #46806]

4844.   [test]          Address memory leaks in libatf-c. [RT #46798]

4843.   [bug]           dnssec-signzone free hashlist on exit. [RT #46791]

4842.   [bug]           Conditionally compile opensslecdsa_link.c to avoid
                        warnings about unused function. [RT #46790]
        --- 9.12.0rc1 released ---

4841.   [bug]           Address -fsanitize=undefined warnings. [RT #46786]

4840.   [test]          Add tests to cover fallback to using ZSK on inactive
                        KSK. [RT #46787]

4839.   [bug]           zone.c:zone_sign was not properly determining
                        if there were active KSK and ZSK keys for
                        a algorithm when update-check-ksk is true
                        (default) leaving records unsigned with one or
                        more DNSKEY algorithms. [RT #46774]

4838.   [bug]           zone.c:add_sigs was not properly determining
                        if there were active KSK and ZSK keys for
                        a algorithm when update-check-ksk is true
                        (default) leaving records unsigned with one or
                        more DNSKEY algorithms. [RT #46754]

4837.   [bug]           dns_update_signatures{inc} (add_sigs) was not
                        properly determining if there were active KSK and
                        ZSK keys for a algorithm when update-check-ksk is
                        true (default) leaving records unsigned when there
                        were multiple DNSKEY algorithms for the zone.
                        [RT #46743]

4836.   [bug]           Zones created using "rndc addzone" could
                        temporarily fail to inherit an "allow-transfer"
                        ACL that had been configured in the options
                        statement. [RT #46603]

4835.   [cleanup]       Clean up and refactor LMDB-related code. [RT #46718]

4834.   [port]          Fix LMDB support on OpenBSD. [RT #46718]

4833.   [bug]           isc_event_free should check that the event is not
                        linked when called. [RT #46725]

4832.   [bug]           Events were not being removed from zone->rss_events.
                        [RT #46725]

4831.   [bug]           Convert the RRSIG expirytime to 64 bits for
                        comparisons in diff.c:resign. [RT #46710]

4830.   [bug]           Failure to configure ATF when requested did not cause
                        an error in top-level configure script. [RT #46655]

4829.   [bug]           isc_heap_delete did not zero the index value when
                        the heap was created with a callback to do that.
                        [RT #46709]

4828.   [bug]           Do not use thread-local storage for storing LMDB reader
                        locktable slots. [RT #46556]

4827.   [misc]          Add a precommit check script util/checklibs.sh
                        [RT #46215]

4826.   [cleanup]       Prevent potential build failures in bin/confgen/ and
                        bin/named/ when using parallel make. [RT #46648]

4825.   [bug]           Prevent a bogus "error during managed-keys processing
                        (no more)" warning from being logged. [RT #46645]

4824.   [port]          Add iOS hooks to dig. [RT #42011]

4823.   [test]          Refactor reclimit system test to improve its
                        reliability and speed. [RT #46632]

4822.   [bug]           Use resign_sooner in dns_db_setsigningtime. [RT #46473]

4821.   [bug]           When resigning ensure that the SOA's expire time is
                        always later that the resigning time of other records.
                        [RT #46473]

4820.   [bug]           dns_db_subtractrdataset should transfer the resigning
                        information to the new header. [RT #46473]

4819.   [bug]           Fully backout the transaction when adding a RRset
                        to the resigning / removal heaps fails. [RT #46473]

4818.   [test]          The logfileconfig system test could intermittently
                        report false negatives on some platforms. [RT #46615]

4817.   [cleanup]       Use DNS_NAME_INITABSOLUTE and DNS_NAME_INITNONABSOLUTE.
                        [RT #45433]

4816.   [bug]           Don't use a common array for storing EDNS options
                        in DiG as it could fill up. [RT #45611]

4815.   [bug]           rbt_test.c:insert_and_delete needed to call
                        dns_rbt_addnode instead of dns_rbt_addname. [RT #46553]

4814.   [cleanup]       Use AS_HELP_STRING for consistent help text. [RT #46521]

4813.   [bug]           Address potential read after free errors from
                        query_synthnodata, query_synthwildcard and
                        query_synthnxdomain. [RT #46547]

4812.   [bug]           Minor improvements to stability and consistency of code
                        handling managed keys. [RT #46468]

4811.   [bug]           Revert api changes to use <isc/buffer.h> inline
                        macros.  Provide a alternative mechanism to turn
                        on the use of inline macros when building BIND.
                        [RT #46520]

4810.   [test]          The chain system test failed if the IPv6 interfaces
                        were not configured. [RT #46508]
        --- 9.12.0b2 released ---

4809.   [port]          Check at configure time whether -latomic is needed
                        for stdatomic.h. [RT #46324]

4808.   [bug]           Properly test for zlib.h. [RT #46504]

4807.   [cleanup]       isc_rng_randombytes() returns a specified number of
                        bytes from the PRNG; this is now used instead of
                        calling isc_rng_random() multiple times. [RT #46230]

4806.   [func]          Log messages related to loading of zones are now
                        directed to the "zoneload" logging category.
                        [RT #41640]

4805.   [bug]           TCP4Active and TCP6Active weren't being updated
                        correctly. [RT #46454]

4804.   [port]          win32: access() does not work on directories as
                        required by POSIX.  Supply a alternative in
                        isc_file_isdirwritable. [RT #46394]

4803.   [placeholder]

4802.   [test]          Refactor mkeys system test to make it quicker and more
                        reliable. [RT #45293]

4801.   [func]          'dnssec-lookaside auto;' and 'dnssec-lookaside .
                        trust-anchor dlv.isc.org;' now elicit warnings rather
                        than being fatal configuration errors. [RT #46410]

4800.   [bug]           When processing delzone, write one zone config per
                        line to the NZF. [RT #46323]

4799.   [cleanup]       Improve clarity of keytable unit tests. [RT #46407]

4798.   [func]          Keys specified in "managed-keys" statements
                        are tagged as "initializing" until they have been
                        updated by a key refresh query. If initialization
                        fails it will be visible from "rndc secroots".
                        [RT #46267]

4797.   [func]          Removed "isc-hmac-fixup", as the versions of BIND that
                        had the bug it worked around are long past end of
                        life. [RT #46411]

4796.   [bug]           Increase the maximum configurable TCP keepalive
                        timeout to 65535. [RT #44710]

4795.   [func]          A new statistics counter has been added to track
                        priming queries. [RT #46313]

4794.   [func]          "dnssec-checkds -s" specifies a file from which
                        to read a DS set rather than querying the parent.
                        [RT #44667]

4793.   [bug]           nsupdate -[46] could overflow the array of server
                        addresses. [RT #46402]

4792.   [bug]           Fix map file header correctness check. [RT #38418]

4791.   [doc]           Fixed outdated documentation about export libraries.
                        [RT #46341]

4790.   [bug]           nsupdate could trigger a require when sending a
                        update to the second address of the server.
                        [RT #45731]

4789.   [cleanup]       Check writability of new-zones-directory. [RT #46308]

4788.   [cleanup]       When using "update-policy local", log a warning
                        when an update matching the session key is received
                        from a remote host. [RT #46213]

4787.   [cleanup]       Turn nsec3param_salt_totext() into a public function,
                        dns_nsec3param_salttotext(), and add unit tests for it.
                        [RT #46289]

4786.   [func]          The "filter-aaaa-on-v4" and "filter-aaaa-on-v6"
                        options are no longer conditionally compiled.
                        [RT #46340]

4785.   [func]          The hmac-md5 algorithm is no longer recommended for
                        use with RNDC keys.  The default in rndc-confgen
                        is now hmac-sha256. [RT #42272]

4784.   [func]          The use of dnssec-keygen to generate HMAC keys is
                        deprecated in favor of tsig-keygen.  dnssec-keygen
                        will print a warning when used for this purpose.
                        All HMAC algorithms will be removed from
                        dnssec-keygen in a future release. [RT #42272]

4783.   [test]          dnssec: 'check that NOTIFY is sent at the end of
                        NSEC3 chain generation failed' required more time
                        on some machines for the IXFR to complete. [RT #46388]

4782.   [test]          dnssec: 'checking positive and negative validation
                        with negative trust anchors' required more time to
                        complete on some machines. [RT #46386]

4781.   [maint]         B.ROOT-SERVERS.NET is now 199.9.14.201. [RT #45889]

4780.   [bug]           When answering ANY queries, don't include the NS
                        RRset in the authority section if it was already
                        in the answer section. [RT #44543]

4779.   [bug]           Expire NTA at the start of the second. Don't update
                        the expiry value if the record has already expired
                        after a successful check. [RT #46368]

4778.   [test]          Improve synth-from-dnssec testing. [RT #46352]

4777.   [cleanup]       Removed a redundant call to configure_view_acl().
                        [RT #46369]

4776.   [bug]           Improve portability of ht_test. [RT #46333]

4775.   [bug]           Address Coverity warnings in ht_test.c and mem_test.c
                        [RT #46281]

4774.   [bug]           <isc/util.h> was incorrectly included in several
                        header files. [RT #46311]

4773.   [doc]           Fixed generating Doxygen documentation for functions
                        annotated using certain macros.  Miscellaneous
                        Doxygen-related cleanups. [RT #46276]
        --- 9.12.0b1 released ---

4772.   [test]          Expanded unit testing framework for libns, using
                        hooks to interrupt query flow and inspect state
                        at specified locations. [RT #46173]

4771.   [bug]           When sending RFC 5011 refresh queries, disregard
                        cached DNSKEY rrsets. [RT #46251]

4770.   [bug]           Cache additional data from priming queries as glue.
                        Previously they were ignored as unsigned
                        non-answer data from a secure zone, and never
                        actually got added to the cache, causing hints
                        to be used frequently for root-server
                        addresses, which triggered re-priming. [RT #45241]

4769.   [func]          The working directory and managed-keys directory has
                        to be writeable (and seekable). [RT #46077]

4768.   [func]          By default, memory is no longer filled with tag values
                        when it is allocated or freed; this improves
                        performance but makes debugging of certain memory
                        issues more difficult. "named -M fill" turns memory
                        filling back on. (Building "configure
                        --enable-developer", turns memory fill on by
                        default again; it can then be disabled with
                        "named -M nofill".) [RT #45123]

4767.   [func]          Add a new function, isc_buffer_printf(), which can be
                        used to append a formatted string to the used region of
                        a buffer. [RT #46201]

4766.   [cleanup]       Address Coverity warnings. [RT #46150]

4765.   [bug]           Address potential INSIST in dnssec-cds. [RT #46150]

4764.   [bug]           Address portability issues in cds system test.
                        [RT #46214]

4763.   [contrib]       Improve compatibility when building MySQL DLZ
                        module by using mysql_config if available.
                        [RT #45558]

4762.   [func]          "update-policy local" is now restricted to updates
                        from local addresses. (Previously, other addresses
                        were allowed so long as updates were signed by the
                        local session key.) [RT #45492]

4761.   [protocol]      Add support for DOA. [RT #45612]

4760.   [func]          Add glue cache statistics counters. [RT #46028]

4759.   [func]          Add logging channel "trust-anchor-telemetry" to
                        record trust-anchor-telemetry in incoming requests.
                        Both _ta-XXXX.<anchor>/NULL and EDNS KEY-TAG options
                        are logged.  [RT #46124]

4758.   [doc]           Remove documentation of unimplemented "topology".
                        [RT #46161]

4757.   [func]          New "dnssec-cds" command creates a new parent DS
                        RRset based on CDS or CDNSKEY RRsets found in
                        a child zone, and generates either a dsset file
                        or stream of nsupdate commands to update the
                        parent. Thanks to Tony Finch. [RT #46090]

4756.   [bug]           Interrupting dig could lead to an INSIST failure after
                        certain errors were encountered while querying a host
                        whose name resolved to more than one address.  Change
                        4537 increased the odds of triggering this issue by
                        causing dig to hang indefinitely when certain error
                        paths were evaluated.  dig now also retries TCP queries
                        (once) if the server gracefully closes the connection
                        before sending a response. [RT #42832, #45159]

4755.   [cleanup]       Silence unnecessary log message when NZF file doesn't
                        exist. [RT #46186]

4754.   [bug]           dns_zone_setview needs a two stage commit to properly
                        handle errors. [RT #45841]

4753.   [contrib]       Software obtainable from known upstream locations
                        (i.e., zkt, nslint, query-loc) has been removed.
                        Links to these and other packages can be found at
                        https://www.isc.org/community/tools [RT #46182]

4752.   [test]          Add unit test for isc_net_pton. [RT #46171]

4751.   [func]          "dnssec-signzone -S" can now automatically add parent
                        synchronization records (CDS and CDNSKEY) according
                        to key metadata set using the -Psync and -Dsync
                        options to dnssec-keygen and dnssec-settime.
                        [RT #46149]

4750.   [func]          "rndc managed-keys destroy" shuts down RFC 5011 key
                        maintenance and deletes the managed-keys database.
                        If followed by "rndc reconfig" or a server restart,
                        key maintenance is reinitialized from scratch.
                        This is primarily intended for testing. [RT #32456]

4749.   [func]          The ISC DLV service has been shut down, and all
                        DLV records have been removed from dlv.isc.org.
                        - Removed references to ISC DLV in documentation
                        - Removed DLV key from bind.keys
                        - No longer use ISC DLV by default in delv
                        - "dnssec-lookaside auto" and configuration of
                          "dnssec-lookaide" with dlv.isc.org as the trust
                          anchor are both now fatal errors.
                        [RT #46155]

4748.   [cleanup]       Sprintf to snprintf coversions. [RT #46132]

4747.   [func]          Synthesis of responses from DNSSEC-verified records.
                        Stage 3 - synthesize NODATA responses. [RT #40138]

4746.   [cleanup]       Add configured prefixes to configure summary
                        output. [RT #46153]

4745.   [test]          Add color-coded pass/fail messages to system
                        tests when running on terminals that support them.
                        [RT #45977]

4744.   [bug]           Suppress trust-anchor-telemetry queries if
                        validation is disabled. [RT #46131]

4743.   [func]          Exclude trust-anchor-telemetry queries from
                        synth-from-dnssec processing. [RT #46123]

4742.   [func]          Synthesis of responses from DNSSEC-verified records.
                        Stage 2 - synthesis of records from wildcard data.
                        If the dns64 or filter-aaaa* is configured then the
                        involved lookups are currently excluded. [RT #40138]

4741.   [bug]           Make isc_refcount_current() atomically read the
                        counter value. [RT #46074]

4740.   [cleanup]       Avoid triggering format-truncated warnings. [RT #46107]

4739.   [cleanup]       Address clang static analysis warnings. [RT #45952]

4738.   [port]          win32: strftime mishandles %Z. [RT #46039]

4737.   [cleanup]       Address Coverity warnings. [RT #46012]

4736.   [cleanup]       (a) Added comments to NSEC3-related functions in
                        lib/dns/zone.c.  (b) Refactored NSEC3 salt formatting
                        code.  (c) Minor tweaks to lock and result handling.
                        [RT #46053]

4735.   [bug]           Add @ISC_OPENSSL_LIBS@ to isc-config. [RT #46078]

4734.   [contrib]       Added sample configuration for DNS-over-TLS in
                        contrib/dnspriv.

4733.   [bug]           Change #4706 introduced a bug causing TCP clients
                        not be reused correctly, leading to unconstrained
                        memory growth. [RT #46029]

4732.   [func]          Change default minimal-responses setting to
                        no-auth-recursive. [RT #46016]

4731.   [bug]           Fix use after free when closing an LMDB. [RT #46000]

4730.   [bug]           Fix out of bounds access in DHCID totext() method.
                        [RT #46001]

4729.   [bug]           Don't use memset() to wipe memory, as it may be
                        removed by compiler optimizations when the
                        memset() occurs on automatic stack allocation
                        just before function return. [RT #45947]

4728.   [func]          Use C11's stdatomic.h instead of isc_atomic
                        where available. [RT #40668]

4727.   [bug]           Retransferring an inline-signed slave using NSEC3
                        around the time its NSEC3 salt was changed could result
                        in an infinite signing loop. [RT #45080]

4726.   [port]          Prevent setsockopt() errors related to TCP_FASTOPEN
                        from being logged on FreeBSD if the kernel does not
                        support it.  Notify the user when the kernel does
                        support TCP_FASTOPEN, but it is disabled by sysctl.
                        Add a new configure option, --disable-tcp-fastopen, to
                        disable use of TCP_FASTOPEN altogether. [RT #44754]

4725.   [bug]           Nsupdate: "recvsoa" was incorrectly reported for
                        failures in sending the update message.  The correct
                        location to be reported is "update_completed".
                        [RT #46014]

4724.   [func]          By default, BIND now uses the random number
                        functions provided by the crypto library (i.e.,
                        OpenSSL or a PKCS#11 provider) as a source of
                        randomness rather than /dev/random.  This is
                        suitable for virtual machine environments
                        which have limited entropy pools and lack
                        hardware random number generators.

                        This can be overridden by specifying another
                        entropy source via the "random-device" option
                        in named.conf, or via the -r command line option;
                        however, for functions requiring full cryptographic
                        strength, such as DNSSEC key generation, this
                        cannot be overridden. In particular, the -r
                        command line option no longer has any effect on
                        dnssec-keygen.

                        This can be disabled by building with
                        "configure --disable-crypto-rand".
                        [RT #31459] [RT #46047]

4723.   [bug]           Statistics counter DNSTAPdropped was misidentified
                        as DNSSECdropped. [RT #46002]

4722.   [cleanup]       Clean up uses of strcpy() and strcat() in favor of
                        strlcpy() and strlcat() for safety. [RT #45981]

4721.   [func]          'dnssec-signzone -x' and 'dnssec-dnskey-kskonly'
                        options now apply to CDNSKEY and DS records as well
                        as DNSKEY. Thanks to Tony Finch. [RT #45689]

4720.   [func]          Added a statistics counter to track prefetch
                        queries. [RT #45847]

4719.   [bug]           Address PVS static analyzer warnings. [RT #45946]

4718.   [func]          Avoid searching for a owner name compression pointer
                        more than once when writing out a RRset. [RT #45802]

4717.   [bug]           Treat replies with QCOUNT=0 as truncated if TC=1,
                        FORMERR if TC=0, and log the error correctly.
                        [RT #45836]

4716.   [placeholder]
        --- 9.12.0a1 released ---

4715.   [bug]           TreeMemMax was mis-identified as a second HeapMemMax
                        in the Json cache statistics. [RT #45980]

4714.   [port]          openbsd/libressl: add support for building with
                        --enable-openssl-hash. [RT #45982]

4713.   [func]          Added support for the DNS Response Policy Service
                        (DNSRPS) API, which allows named to use an external
                        response policy daemon when built with
                        "configure --enable-dnsrps". Thanks to Farsight
                        Security. [RT #43376]

4712.   [bug]           "dig +domain" and "dig +search" didn't retain the
                        search domain when retrying with TCP. [RT #45547]

4711.   [test]          Some RR types were missing from genzones.sh.
                        [RT #45782]

4710.   [cleanup]       Changed the --enable-openssl-hash default to yes.
                        [RT #45019]

4709.   [cleanup]       Use dns_name_fullhash() to hash names for RRL.
                        [RT #45435]

4708.   [cleanup]       Legacy Windows builds (i.e. for XP and earlier)
                        are no longer supported. [RT #45186]

4707.   [func]          The lightweight resolver daemon and library (lwresd
                        and liblwres) have been removed. [RT #45186]

4706.   [func]          Code implementing name server query processing has
                        been moved from bin/named to a new library "libns".
                        Functions remaining in bin/named are now prefixed
                        with "named_" rather than "ns_".  This will make it
                        easier to write unit tests for name server code, or
                        link name server functionality into new tools.
                        [RT #45186]

4705.   [placeholder]

4704.   [cleanup]       Silence Visual Studio compiler warnings. [RT #45898]

4703.   [bug]           BINDInstall.exe was missing some buffer length checks.
                        [RT #45898]

4702.   [func]          Update function declarations to use
                        dns_masterstyle_flags_t for style flags. [RT #45924]

4701.   [cleanup]       Refactored lib/dns/tsig.c to reduce code
                        duplication and simplify the disabling of MD5.
                        [RT #45490]

4700.   [func]          Serving of stale answers is now supported. This
                        allows named to provide stale cached answers when
                        the authoritative server is under attack.
                        See max-stale-ttl, stale-answer-enable,
                        stale-answer-ttl. [RT #44790]

4699.   [func]          Multiple cookie-secret clauses can now be specified.
                        The first one specified is used to generate new
                        server cookies.  [RT #45672]

4698.   [port]          Add --with-python-install-dir configure option to allow
                        specifying a nonstandard installation directory for
                        Python modules. [RT #45407]

4697.   [bug]           Restore workaround for Microsoft Windows TSIG hash
                        computation bug. [RT #45854]

4696.   [port]          Enable filter-aaaa support by default on Windows
                        builds. [RT #45883]

4695.   [bug]           cookie-secrets were not being properly checked by
                        named-checkconf. [RT #45886]

4694.   [func]          dnssec-keygen no longer uses RSASHA1 by default;
                        the signing algorithm must be specified on
                        the command line with the "-a" option.  Signing
                        scripts that rely on the existing default behavior
                        will break; use "dnssec-keygen -a RSASHA1" to
                        repair them. (The goal of this change is to make
                        it easier to find scripts using RSASHA1 so they
                        can be changed in the event of that algorithm
                        being deprecated in the future.) [RT #44755]

4693.   [func]          Synthesis of responses from DNSSEC-verified records.
                        Stage 1 covers NXDOMAIN synthesis from NSEC records.
                        This is controlled by synth-from-dnssec and is enabled
                        by default. [RT #40138]

4692.   [bug]           Fix build failures with libressl introduced in 4676.
                        [RT #45879]

4691.   [func]          Add -4/-6 command line options to nsupdate and rndc.
                        [RT #45632]

4690.   [bug]           Command line options -4/-6 were handled inconsistently
                        between tools. [RT #45632]

4689.   [cleanup]       Turn on minimal responses for CDNSKEY and CDS in
                        addition to DNSKEY and DS. Thanks to Tony Finch.
                        [RT #45690]

4688.   [protocol]      Check and display EDNS KEY TAG options (RFC 8145) in
                        messages. [RT #44804]

4687.   [func]          Refactor tracklines code. [RT #45126]

4686.   [bug]           dnssec-settime -p could print a bogus warning about
                        key deletion scheduled before its inactivation when a
                        key had an inactivation date set but no deletion date
                        set. [RT #45807]

4685.   [bug]           dnssec-settime incorrectly calculated publication and
                        activation dates for a successor key. [RT #45806]

4684.   [bug]           delv could send bogus DNS queries when an explicit
                        server address was specified on the command line along
                        with -4/-6. [RT #45804]

4683.   [bug]           Prevent nsupdate from immediately exiting on invalid
                        user input in interactive mode. [RT #28194]

4682.   [bug]           Don't report errors on records below a DNAME.
                        [RT #44880]

4681.   [bug]           Log messages from the validator now include the
                        associated view unless the view is "_default/IN"
                        or "_dnsclient/IN". [RT #45770]

4680.   [bug]           Fix failing over to another master server address when
                        nsupdate is used with GSS-API. [RT #45380]

4679.   [cleanup]       Suggest using -o when dnssec-verify finds a SOA record
                        not at top of zone and -o is not used. [RT #45519]

4678.   [bug]           geoip-use-ecs has the wrong type when geoip support
                        is disabled at configure time. [RT #45763]

4677.   [cleanup]       Split up the main function in dig to better support
                        the iOS app version. [RT #45508]

4676.   [cleanup]       Allow BIND to be built using OpenSSL 1.0.X with
                        deprecated functions removed. [RT #45706]

4675.   [cleanup]       Don't use C++ keyword class. [RT #45726]

4674.   [func]          "dig +sigchase", and related options "+topdown" and
                        "+trusted-keys", have been removed. Use "delv" for
                        queries with DNSSEC validation. [RT #42793]

4673.   [port]          Silence GCC 7 warnings. [RT #45592]

4672.   [placeholder]

4671.   [bug]           Fix a race condition that could cause the
                        resolver to crash with assertion failure when
                        chasing DS in specific conditions with a very
                        short RTT to the upstream nameserver. [RT #45168]

4670.   [cleanup]       Ensure that a request MAC is never sent back
                        in an XFR response unless the signature was
                        verified. [RT #45494]

4669.   [func]          Iterative query logic in resolver.c has been
                        refactored into smaller functions and commented,
                        for improved readability, maintainability and
                        testability. [RT #45362]

4668.   [bug]           Use localtime_r and gmtime_r for thread safety.
                        [RT #45664]

4667.   [cleanup]       Refactor RDATA unit tests. [RT #45610]

4666.   [bug]           dnssec-keymgr: Domain names beginning with digits (0-9)
                        could cause a parser error when reading the policy
                        file. This now works correctly so long as the domain
                        name is quoted. [RT #45641]

4665.   [protocol]      Added support for ED25519 and ED448 DNSSEC signing
                        algorithms (RFC 8080). (Note: these algorithms
                        depend on code currently in the development branch
                        of OpenSSL which has not yet been released.)
                        [RT #44696]

4664.   [func]          Add a "glue-cache" option to enable or disable the
                        glue cache. The default is "yes". [RT #45125]

4663.   [cleanup]       Clarify error message printed by dnssec-dsfromkey.
                        [RT #21731]

4662.   [performance]   Improve cache memory cleanup of zero TTL records
                        by putting them at the tail of LRU header lists.
                        [RT #45274]

4661.   [bug]           A race condition could occur if a zone was reloaded
                        while resigning, triggering a crash in
                        rbtdb.c:closeversion(). [RT #45276]

4660.   [bug]           Remove spurious "peer" from Windows socket log
                        messages. [RT #45617]

4659.   [bug]           Remove spurious log message about lmdb-mapsize
                        not being supported when parsing builtin
                        configuration file. [RT #45618]

4658.   [bug]           Clean up build directory created by "setup.py install"
                        immediately.  [RT #45628]

4657.   [bug]           rrchecker system test result could be improperly
                        determined. [RT #45602]

4656.   [bug]           Apply "port" and "dscp" values specified in catalog
                        zone's "default-masters" option to the generated
                        configuration of its member zones. [RT #45545]

4655.   [bug]           Lack of seccomp could be falsely reported. [RT #45599]

4654.   [cleanup]       Don't use C++ keywords delete, new and namespace.
                        [RT #45538]

4653.   [bug]           Reorder includes to move @DST_OPENSSL_INC@ and
                        @ISC_OPENSSL_INC@ after shipped include directories.
                        [RT #45581]

4652.   [bug]           Nsupdate could attempt to use a zeroed address on
                        server timeout. [RT #45417]

4651.   [test]          Silence coverity warnings in tsig_test.c. [RT #45528]

4650.   [placeholder]

4649.   [bug]           The wrong zone was logged when a catalog zone is added.
                        [RT #45520]

4648.   [bug]           "rndc reconfig" on a slave no longer causes all member
                        zones of configured catalog zones to be removed from
                        configuration. [RT #45310]

4647.   [bug]           Change 4643 broke verification of TSIG signed TCP
                        message sequences where not all the messages contain
                        TSIG records.  These may be used in AXFR and IXFR
                        responses. [RT #45509]

4646.   [placeholder]

4645.   [bug]           Fix PKCS#11 RSA parsing when MD5 is disabled.
                        [RT #45300]

4644.   [placeholder]

4643.   [security]      An error in TSIG handling could permit unauthorized
                        zone transfers or zone updates. (CVE-2017-3142)
                        (CVE-2017-3143) [RT #45383]

4642.   [cleanup]       Add more logging of RFC 5011 events affecting the
                        status of managed keys: newly observed keys,
                        deletion of revoked keys, etc. [RT #45354]

4641.   [cleanup]       Parallel builds (make -j) could fail with --with-atf /
                        --enable-developer. [RT #45373]

4640.   [bug]           If query_findversion failed in query_getdb due to
                        memory failure the error status was incorrectly
                        discarded. [RT #45331]

4639.   [bug]           Fix a regression in --with-tuning reporting introduced
                        by change 4488. [RT #45396]

4638.   [bug]           Reloading or reconfiguring named could fail on
                        some platforms when LMDB was in use. [RT #45203]

4637.   [func]          "nsec3hash -r" option ("rdata order") takes arguments
                        in the same order as they appear in NSEC3 or
                        NSEC3PARAM records, so that NSEC3 parameters can
                        be cut and pasted from an existing record. Thanks
                        to Tony Finch for the contribution. [RT #45183]

4636.   [bug]           Normalize rpz policy zone names when checking for
                        existence. [RT #45358]

4635.   [bug]           Fix RPZ NSDNAME logging that was logging
                        failures as NSIP. [RT #45052]

4634.   [contrib]       check5011.pl needs to handle optional space before
                        semi-colon in +multi-line output. [RT #45352]

4633.   [maint]         Updated AAAA (2001:500:200::b) for B.ROOT-SERVERS.NET.

4632.   [security]      The BIND installer on Windows used an unquoted
                        service path, which can enable privilege escalation.
                        (CVE-2017-3141) [RT #45229]

4631.   [security]      Some RPZ configurations could go into an infinite
                        query loop when encountering responses with TTL=0.
                        (CVE-2017-3140) [RT #45181]

4630.   [bug]           "dyndb" is dependent on dlopen existing / being
                        enabled. [RT #45291]

4629.   [bug]           dns_client_startupdate could not be called with a
                        running client. [RT #45277]

4628.   [bug]           Fixed a potential reference leak in query_getdb().
                        [RT #45247]

4627.   [placeholder]

4626.   [test]          Added more tests for handling of different record
                        ordering in CNAME and DNAME responses. [QA #430]

4625.   [bug]           Running "rndc addzone" and "rndc delzone" at close
                        to the same time could trigger a deadlock if using
                        LMDB. [RT #45209]

4624.   [placeholder]

4623.   [bug]           Use --with-protobuf-c and --with-libfstrm to find
                        protoc-c and fstrm_capture. [RT #45187]

4622.   [bug]           Remove unnecessary escaping of semicolon in CAA and
                        URI records. [RT #45216]

4621.   [port]          Force alignment of oid arrays to silence loader
                        warnings. [RT #45131]

4620.   [port]          Handle EPFNOSUPPORT being returned when probing
                        to see if a socket type is supported. [RT #45214]

4619.   [bug]           Call isc_mem_put instead of isc_mem_free in
                        bin/named/server.c:setup_newzones. [RT #45202]

4618.   [bug]           Check isc_mem_strdup results in dns_view_setnewzones.
                        Add logging for lmdb call failures. [RT #45204]

4617.   [test]          Update rndc system test to be more delay tolerant.
                        [RT #45177]

4616.   [bug]           When using LMDB, zones deleted using "rndc delzone"
                        were not correctly removed from the new-zone
                        database. [RT #45185]

4615.   [bug]           AD could be set on truncated answer with no records
                        present in the answer and authority sections.
                        [RT #45140]

4614.   [test]          Fixed an error in the sockaddr unit test. [RT #45146]

4613.   [func]          By default, the maximum size of a zone journal file
                        is now twice the size of the zone's contents (there
                        is little benefit to a journal larger than this).
                        This can be overridden by setting "max-journal-size"
                        to "unlimited" or to an explicit value up to 2G.
                        Thanks to Tony Finch. [RT #38324]

4612.   [bug]           Silence 'may be use uninitalised' warning and simplify
                        the code in lwres/getaddinfo:process_answer.
                        [RT #45158]

4611.   [bug]           The default LMDB mapsize was too low and caused
                        errors after few thousand zones were added using
                        rndc addzone. A new config option "lmdb-mapsize"
                        has been introduced to configure the LMDB
                        mapsize depending on operational needs.
                        [RT #44954]

4610.   [func]          The "new-zones-directory" option specifies the
                        location of NZF or NZD files for storing
                        configuration of zones added by "rndc addzone".
                        Thanks to Petr Menšík. [RT #44853]

4609.   [cleanup]       Rearrange makefiles to enable parallel execution
                        (i.e. "make -j"). [RT #45078]

4608.   [func]          DiG now warns about .local queries which are reserved
                        for Multicast DNS. [RT #44783]

4607.   [bug]           The memory context's malloced and maxmalloced counters
                        were being updated without the appropriate lock being
                        held.  [RT #44869]

4606.   [port]          Stop using experimental "Experimental keys on scalar"
                        feature of perl as it has been removed. [RT #45012]

4605.   [performance]   Improve performance for delegation heavy answers
                        and also general query performance. Removes the
                        acache feature that didn't significantly improve
                        performance. Adds a glue cache. Removes
                        additional-from-cache and additional-from-auth
                        features. Enables minimal-responses by
                        default. Improves performance of compression
                        code, owner case restoration, hash function,
                        etc. Uses inline buffer implementation by
                        default. Many other performance changes and fixes.
                        [RT #44029]

4604.   [bug]           Don't use ERR_load_crypto_strings() when building
                        with OpenSSL 1.1.0. [RT #45117]

4603.   [doc]           Automatically generate named.conf(5) man page
                        from doc/misc/options. Thanks to Tony Finch.
                        [RT #43525]

4602.   [func]          Threads are now set to human-readable
                        names to assist debugging, when supported by
                        the OS. [RT #43234]

4601.   [bug]           Reject incorrect RSA key lengths during key
                        generation and and sign/verify context
                        creation. [RT #45043]

4600.   [bug]           Adjust RPZ trigger counts only when the entry
                        being deleted exists. [RT #43386]

4599.   [bug]           Fix inconsistencies in inline signing time
                        comparison that were introduced with the
                        introduction of rdatasetheader->resign_lsb.
                        [RT #42112]

4598.   [func]          Update fuzzing code to (1) reply to a DNSKEY
                        query from named with appropriate DNSKEY used in
                        fuzzing; (2) patch the QTYPE correctly in
                        resolver fuzzing; (3) comment things so the rest
                        of us are able to understand how fuzzing is
                        implemented in named; (4) Coding style changes,
                        cleanup, etc. [RT #44787]

4597.   [bug]           The validator now ignores SHA-1 DS digest type
                        when a DS record with SHA-384 digest type is
                        present and is a supported digest type.
                        [RT #45017]

4596.   [bug]           Validate glue before adding it to the additional
                        section. This also fixes incorrect TTL capping
                        when the RRSIG expired earlier than the TTL.
                        [RT #45062]

4595.   [func]          dnssec-keygen will no longer generate RSA keys
                        less than 1024 bits in length. dnssec-keymgr
                        was similarly updated. [RT #36895]

4594.   [func]          "dnstap-read -x" prints a hex dump of the wire
                        format of each logged DNS message. [RT #44816]

4593.   [doc]           Update README using markdown, remove outdated FAQ
                        file in favor of the knowledge base.

4592.   [bug]           A race condition on shutdown could trigger an
                        assertion failure in dispatch.c. [RT #43822]

4591.   [port]          Addressed some python 3 compatibility issues.
                        Thanks to Ville Skytta. [RT #44955] [RT #44956]

4590.   [bug]           Support for PTHREAD_MUTEX_ADAPTIVE_NP was not being
                        properly detected. [RT #44871]

4589.   [cleanup]       "configure -q" is now silent. [RT #44829]

4588.   [bug]           nsupdate could send queries for TKEY to the wrong
                        server when using GSSAPI. Thanks to Tomas Hozza.
                        [RT #39893]

4587.   [bug]           named-checkzone failed to handle occulted data below
                        DNAMEs correctly. [RT #44877]

4586.   [func]          dig, host and nslookup now use TCP for ANY queries.
                        [RT #44687]

4585.   [port]          win32: Set CompileAS value. [RT #42474]

4584.   [bug]           A number of memory usage statistics were not properly
                        reported when they exceeded 4G.  [RT #44750]

4583.   [func]          "host -A" returns most records for a name but
                        omits RRSIG, NSEC and NSEC3. (Thanks to Tony Finch.)
                        [RT #43032]

4582.   [security]      'rndc ""' could trigger a assertion failure in named.
                        (CVE-2017-3138) [RT #44924]

4581.   [port]          Linux: Add getpid and getrandom to the list of system
                        calls named uses for seccomp. [RT #44883]

4580.   [bug]           4578 introduced a regression when handling CNAME to
                        referral below the current domain. [RT #44850]

4579.   [func]          Logging channels and dnstap output files can now
                        be configured with a "suffix" option, set to
                        either "increment" or "timestamp", indicating
                        whether to use incrementing numbers or timestamps
                        as the file suffix when rolling over a log file.
                        [RT #42838]

4578.   [security]      Some chaining (CNAME or DNAME) responses to upstream
                        queries could trigger assertion failures.
                        (CVE-2017-3137) [RT #44734]

4577.   [func]          Make qtype of resolver fuzzing packet configurable
                        via command line. [RT #43540]

4576.   [func]          The RPZ implementation has been substantially
                        refactored for improved performance and reliability.
                        [RT #43449]

4575.   [security]      DNS64 with "break-dnssec yes;" can result in an
                        assertion failure. (CVE-2017-3136) [RT #44653]

4574.   [bug]           Dig leaked memory with multiple +subnet options.
                        [RT #44683]

4573.   [func]          Query logic has been substantially refactored (e.g.
                        query_find function has been split into smaller
                        functions) for improved readability, maintainability
                        and testability. [RT #43929]

4572.   [func]          The "dnstap-output" option can now take "size" and
                        "versions" parameters to indicate the maximum size
                        a dnstap log file can grow before rolling to a new
                        file, and how many old files to retain. [RT #44502]

4571.   [bug]           Out-of-tree builds of backtrace_test failed.

4570.   [cleanup]       named did not correctly fall back to the built-in
                        initializing keys if the bind.keys file was present
                        but empty. [RT #44531]

4569.   [func]          Store both local and remote addresses in dnstap
                        logging, and modify dnstap-read output format to
                        print them. [RT #43595]

4568.   [contrib]       Added a --with-bind option to the dnsperf configure
                        script to specify BIND prefix path.

4567.   [port]          Call getprotobyname and getservbyname prior to calling
                        chroot so that shared libraries get loaded. [RT #44537]

4566.   [func]          Query logging now includes the ECS option if one
                        was included in the query. [RT #44476]

4565.   [cleanup]       The inline macro versions of isc_buffer_put*()
                        did not implement automatic buffer reallocation.
                        [RT #44216]

4564.   [maint]         Update the built in managed keys to include the
                        upcoming root KSK. [RT #44579]

4563.   [bug]           Modified zones would occasionally fail to reload.
                        [RT #39424]

4562.   [func]          Add additional memory statistics currently malloced
                        and maxmalloced per memory context. [RT #43593]

4561.   [port]          Silence a warning in strict C99 compilers. [RT #44414]

4560.   [bug]           mdig: add -m option to enable memory debugging rather
                        than having it on all the time. [RT #44509]

4559.   [bug]           openssl_link.c didn't compile if ISC_MEM_TRACKLINES
                        was turned off.  [RT #44509]

4558.   [bug]           Synthesised CNAME before matching DNAME was still
                        being cached when it should not have been.  [RT #44318]

4557.   [security]      Combining dns64 and rpz can result in dereferencing
                        a NULL pointer (read).  (CVE-2017-3135) [RT#44434]

4556.   [bug]           Sending an EDNS Padding option using "dig
                        +ednsopt" could cause a crash in dig. [RT #44462]

4555.   [func]          dig +ednsopt: EDNS options can now be specified by
                        name in addition to numeric value. [RT #44461]

4554.   [bug]           Remove double unlock in dns_dispatchmgr_setudp.
                        [RT #44336]

4553.   [bug]           Named could deadlock there were multiple changes to
                        NSEC/NSEC3 parameters for a zone being processed at
                        the same time. [RT #42770]

4552.   [bug]           Named could trigger a assertion when sending notify
                        messages. [RT #44019]

4551.   [test]          Add system tests for integrity checks of MX and
                        SRV records. [RT #43953]

4550.   [cleanup]       Increased the number of available master file
                        output style flags from 32 to 64. [RT #44043]

4549.   [func]          Added support for the EDNS TCP Keepalive option
                        (RFC 7828). [RT #42126]

4548.   [func]          Added support for the EDNS Padding option (RFC 7830).
                        [RT #42094]

4547.   [port]          Add support for --enable-native-pkcs11 on the AEP
                        Keyper HSM. [RT #42463]

4546.   [func]          Extend the use of const declarations. [RT #43379]

4545.   [func]          Expand YAML output from dnstap-read to include
                        a detailed breakdown of the DNS message contents.
                        [RT #43642]

4544.   [bug]           Add message/payload size to dnstap-read YAML output.
                        [RT #43622]

4543.   [bug]           dns_client_startupdate now delays sending the update
                        request until isc_app_ctxrun has been called.
                        [RT #43976]

4542.   [func]          Allow rndc to manipulate redirect zones with using
                        -redirect as the zone name (use "-redirect." to
                        manipulate a zone named "-redirect"). [RT #43971]

4541.   [bug]           rndc addzone should properly reject non master/slave
                        zones. [RT #43665]

4540.   [bug]           Correctly handle ecs entries in dns_acl_isinsecure.
                        [RT #43601]

4539.   [bug]           Referencing a nonexistent zone with RPZ could lead
                        to a assertion failure when configuring. [RT #43787]

4538.   [bug]           Call dns_client_startresolve from client->task.
                        [RT #43896]

4537.   [bug]           Handle timeouts better in dig/host/nslookup. [RT #43576]

4536.   [bug]           ISC_SOCKEVENTATTR_USEMINMTU was not being cleared
                        when reusing the event structure. [RT #43885]

4535.   [bug]           Address race condition in setting / testing of
                        DNS_REQUEST_F_SENDING. [RT #43889]

4534.   [bug]           Only set RD, RA and CD in QUERY responses. [RT #43879]

4533.   [bug]           dns_client_update should terminate on prerequisite
                        failures (NXDOMAIN, YXDOMAIN, NXRRSET, YXRRSET)
                        and also on BADZONE.  [RT #43865]

4532.   [contrib]       Make gen-data-queryperf.py python 3 compatible.
                        [RT #43836]

4531.   [security]      'is_zone' was not being properly updated by redirect2
                        and subsequently preserved leading to an assertion
                        failure. (CVE-2016-9778) [RT #43837]

4530.   [bug]           Change 4489 broke the handling of CNAME -> DNAME
                        in responses resulting in SERVFAIL being returned.
                        [RT #43779]

4529.   [cleanup]       Silence noisy log warning when DSCP probe fails
                        due to firewall rules. [RT #43847]

4528.   [bug]           Only set the flag bits for the i/o we are waiting
                        for on EPOLLERR or EPOLLHUP. [RT #43617]

4527.   [doc]           Support DocBook XSL Stylesheets v1.79.1. [RT #43831]

4526.   [doc]           Corrected errors and improved formatting of
                        grammar definitions in the ARM. [RT #43739]

4525.   [doc]           Fixed outdated documentation on managed-keys.
                        [RT #43810]

4524.   [bug]           The net zero test was broken causing IPv4 servers
                        with addresses ending in .0 to be rejected. [RT #43776]

4523.   [doc]           Expand config doc for <querysource4> and
                        <querysource6>. [RT #43768]

4522.   [bug]           Handle big gaps in log file version numbers better.
                        [RT #38688]

4521.   [cleanup]       Log it as an error if an entropy source is not
                        found and there is no fallback available. [RT #43659]

4520.   [cleanup]       Alphabetize more of the grammar when printing it
                        out. Fix unbalanced indenting. [RT #43755]

4519.   [port]          win32: handle ERROR_MORE_DATA. [RT #43534]

4518.   [func]          The "print-time" option in the logging configuration
                        can now take arguments "local", "iso8601" or
                        "iso8601-utc" to indicate the format in which the
                        date and time should be logged. For backward
                        compatibility, "yes" is a synonym for "local".
                        [RT #42585]

4517.   [security]      Named could mishandle authority sections that were
                        missing RRSIGs triggering an assertion failure.
                        (CVE-2016-9444) [RT # 43632]

4516.   [bug]           isc_socketmgr_renderjson was missing from the
                        windows build. [RT #43602]

4515.   [port]          FreeBSD: Find readline headers when they are in
                        edit/readline/ instead of readline/. [RT #43658]

4514.   [port]          NetBSD: strip -WL, from ld command line. [RT #43204]

4513.   [cleanup]       Minimum Python versions are now 2.7 and 3.2.
                        [RT #43566]

4512.   [bug]           win32: @GEOIP_INC@ missing from delv.vcxproj.in.
                        [RT #43556]

4511.   [bug]           win32: mdig.exe-BNFT was missing Configure. [RT #43554]

4510.   [security]      Named mishandled some responses where covering RRSIG
                        records are returned without the requested data
                        resulting in a assertion failure. (CVE-2016-9147)
                        [RT #43548]

4509.   [test]          Make the rrl system test more reliable on slower
                        machines by using mdig instead of dig. [RT #43280]

4508.   [security]      Named incorrectly tried to cache TKEY records which
                        could trigger a assertion failure when there was
                        a class mismatch. (CVE-2016-9131) [RT #43522]

4507.   [bug]           Named could incorrectly log 'allows updates by IP
                        address, which is insecure' [RT #43432]

4506.   [func]          'named-checkconf -l' will now list the zones found in
                        named.conf. [RT #43154]

4505.   [port]          Use IP_PMTUDISC_OMIT if available. [RT #35494]

4504.   [security]      Allow the maximum number of records in a zone to
                        be specified.  This provides a control for issues
                        raised in CVE-2016-6170. [RT #42143]

4503.   [cleanup]       "make uninstall" now removes files installed by
                        BIND. (This currently excludes Python files
                        due to lack of support in setup.py.) [RT #42192]

4502.   [func]          Report multiple and experimental options when printing
                        grammar. [RT #43134]

4501.   [placeholder]

4500.   [bug]           Support modifier I64 in isc__print_printf. [RT #43526]

4499.   [port]          MacOSX: silence deprecated function warning
                        by using arc4random_stir() when available
                        instead of arc4random_addrandom(). [RT #43503]

4498.   [test]          Simplify prerequisite checks in system tests.
                        [RT #43516]

4497.   [port]          Add support for OpenSSL 1.1.0. [RT #41284]

4496.   [func]          dig: add +idnout to control whether labels are
                        display in punycode or not.  Requires idn support
                        to be enabled at compile time. [RT #43398]

4495.   [bug]           A isc_mutex_init call was not being checked.
                        [RT #43391]

4494.   [bug]           Look for <editline/readline.h>. [RT #43429]

4493.   [bug]           bin/tests/system/dyndb/driver/Makefile.in should use
                        SO_TARGETS. [RT# 43336]

4492.   [bug]           irs_resconf_load failed to initialize sortlistnxt
                        causing bad writes if resolv.conf contained a
                        sortlist directive. [RT #43459]

4491.   [bug]           Improve message emitted when testing whether sendmsg
                        works with TOS/TCLASS fails. [RT #43483]

4490.   [maint]         Added AAAA (2001:500:12::d0d) for G.ROOT-SERVERS.NET.

4489.   [security]      It was possible to trigger assertions when processing
                        a response containing a DNAME answer. (CVE-2016-8864)
                        [RT #43465]

4488.   [port]          Darwin: use -framework for Kerberos. [RT #43418]

4487.   [test]          Make system tests work on Windows. [RT #42931]

4486.   [bug]           Look in $prefix/lib/pythonX.Y/site-packages for
                        the python modules we install. [RT #43330]

4485.   [bug]           Failure to find readline when requested should be
                        fatal to configure. [RT #43328]

4484.   [func]          Check prefixes in acls to make sure the address and
                        prefix lengths are consistent.  Warn only in
                        BIND 9.11 and earlier. [RT #43367]

4483.   [bug]           Address use before require check and remove extraneous
                        dns_message_gettsigkey call in dns_tsig_sign.
                        [RT #43374]

4482.   [cleanup]       Change #4455 was incomplete. [RT #43252]

4481.   [func]          dig: make +class, +crypto, +multiline, +rrcomments,
                        +onesoa, +qr, +ttlid, +ttlunits and -u per lookup
                        rather than global. [RT #42450]

4480.   [placeholder]

4479.   [placeholder]

4478.   [func]          Add +continue option to mdig, allow continue on socket
                        errors. [RT #43281]

4477.   [test]          Fix mkeys test timing issues. [RT #41028]

4476.   [test]          Fix reclimit test on slower machines. [RT #43283]

4475.   [doc]           Update named-checkconf documentation. [RT #43153]

4474.   [bug]           win32: call WSAStartup in fromtext_in_wks so that
                        getprotobyname and getservbyname work.  [RT #43197]

4473.   [bug]           Only call fsync / _commit on regular files. [RT #43196]

4472.   [bug]           Named could fail to find the correct NSEC3 records when
                        a zone was updated between looking for the answer and
                        looking for the NSEC3 records proving nonexistence
                        of the answer. [RT #43247]
--- 9.11.0 released ---
        --- 9.11.0rc3 released ---

4471.   [cleanup]       Render client/query logging format consistent for
                        ease of log file parsing. (Note that this affects
                        "querylog" format: there is now an additional field
                        indicating the client object address.) [RT #43238]

4470.   [bug]           Reset message with intent parse before
                        calling dns_dispatch_getnext. [RT #43229]

4469.   [placeholder]
        --- 9.11.0rc2 released ---

4468.   [bug]           Address ECS option handling issues. [RT #43191]

4467.   [security]      It was possible to trigger an assertion when
                        rendering a message. (CVE-2016-2776) [RT #43139]

4466.   [bug]           Interface scanning didn't work on a Windows system
                        without a non local IPv6 addresses. [RT #43130]

4465.   [bug]           Don't use "%z" as Windows doesn't support it.
                        [RT #43131]

4464.   [bug]           Fix windows python support. [RT #43173]

4463.   [bug]           The dnstap system test failed on some systems.
                        [RT #43129]

4462.   [bug]           Don't describe a returned EDNS COOKIE as "good"
                        when there isn't a valid server cookie. [RT #43167]

4461.   [bug]           win32: not all external data was properly marked
                        as external data for windows dll. [RT #43161]
        --- 9.11.0rc1 released ---

4460.   [test]          Add system test for dnstap using unix domain sockets.
                        [RT #42926]

4459.   [bug]           TCP client objects created to handle pipeline queries
                        were not cleaned up correctly, causing uncontrolled
                        memory growth. [RT #43106]

4458.   [cleanup]       Update assertions to be more correct, and also remove
                        use of a reserved word. [RT #43090]

4457.   [maint]         Added AAAA (2001:500:a8::e) for E.ROOT-SERVERS.NET.

4456.   [doc]           Add DOCTYPE and lang attribute to <html> tags.
                        [RT #42587]

4455.   [cleanup]       Allow dyndb modules to correctly log the filename
                        and line number when processing configuration text
                        from named.conf. [RT #43050]

4454.   [bug]           'rndc dnstap -reopen' had a race issue. [RT #43089]

4453.   [bug]           Prefetching of DS records failed to update their
                        RRSIGs. [RT #42865]

4452.   [bug]           The default key manager policy file is now
                        <sysdir>/dnssec-policy.conf (usually
                        /etc/dnssec-policy.conf). [RT #43064]

4451.   [cleanup]       Log more useful information if a PKCS#11 provider
                        library cannot be loaded. [RT #43076]

4450.   [port]          Provide more nuanced HSM support which better matches
                        the specific PKCS11 providers capabilities. [RT #42458]

4449.   [test]          Fix catalog zones test on slower systems. [RT #42997]

4448.   [bug]           win32: ::1 was not being found when iterating
                        interfaces. [RT #42993]

4447.   [tuning]        Allow the fstrm_iothr_init() options to be set using
                        named.conf to control how dnstap manages the data
                        flow. [RT #42974]

4446.   [bug]           The cache_find() and _findrdataset() functions
                        could find rdatasets that had been marked stale.
                        [RT #42853]

4445.   [cleanup]       isc_errno_toresult() can now be used to call the
                        formerly private function isc__errno2result().
                        [RT #43050]

4444.   [bug]           Fixed some issues related to dyndb: A bug caused
                        braces to be omitted when passing configuration text
                        from named.conf to a dyndb driver, and there was a
                        use-after-free in the sample dyndb driver. [RT #43050]

4443.   [func]          Set TCP_MAXSEG in addition to IPV6_USE_MIN_MTU on
                        TCP sockets. [RT #42864]

4442.   [bug]           Fix RPZ CIDR tree insertion bug that corrupted
                        tree data structure with overlapping networks
                        (longest prefix match was ineffective).
                        [RT #43035]

4441.   [cleanup]       Alphabetize host's help output. [RT #43031]

4440.   [func]          Enable TCP fast open support when available on the
                        server side. [RT #42866]

4439.   [bug]           Address race conditions getting ownernames of nodes.
                        [RT #43005]

4438.   [func]          Use LIFO rather than FIFO when processing startup
                        notify and refresh queries. [RT #42825]

4437.   [func]          Minimal-responses now has two additional modes
                        no-auth and no-auth-recursive which suppress
                        adding the NS records to the authority section
                        as well as the associated address records for the
                        nameservers. [RT #42005]

4436.   [func]          Return TLSA records as additional data for MX and SRV
                        lookups. [RT #42894]

4435.   [tuning]        Only set IPV6_USE_MIN_MTU for UDP when the message
                        will not fit into a single IPv4 encapsulated IPv6
                        UDP packet when transmitted over a Ethernet link.
                        [RT #42871]

4434.   [protocol]      Return EDNS EXPIRE option for master zones in addition
                        to slave zones. [RT #43008]

4433.   [cleanup]       Report an error when passing an invalid option or
                        view name to "rndc dumpdb". [RT #42958]

4432.   [test]          Hide rndc output on expected failures in logfileconfig
                        system test. [RT #27996]

4431.   [bug]           named-checkconf now checks the rate-limit clause.
                        [RT #42970]

4430.   [bug]           Lwresd died if a search list was not defined.
                        Found by 0x710DDDD At Alibaba Security. [RT #42895]

4429.   [bug]           Address potential use after free on fclose() error.
                        [RT #42976]

4428.   [bug]           The "test dispatch getnext" unit test could fail
                        in a threaded build. [RT #42979]

4427.   [bug]           The "query" and "response" parameters to the
                        "dnstap" option had their functions reversed.
        --- 9.11.0b3 released ---

4426.   [bug]           Addressed Coverity warnings. [RT #42908]

4425.   [bug]           arpaname, dnstap-read and named-rrchecker were not
                        being installed into ${prefix}/bin.  Tidy up
                        installation issues with CHANGE 4421. [RT #42910]

4424.   [experimental]  Named now sends _ta-XXXX.<trust-anchor>/NULL queries
                        to provide feedback to the trust-anchor administrators
                        about how key rollovers are progressing as per
                        draft-ietf-dnsop-edns-key-tag-02.  This can be
                        disabled using 'trust-anchor-telemetry no;'.
                        [RT #40583]

4423.   [maint]         Added missing IPv6 address 2001:500:84::b for
                        B.ROOT-SERVERS.NET. [RT #42898]

4422.   [port]          Silence clang warnings in dig.c and dighost.c.
                        [RT #42451]

4421.   [func]          When built with LMDB (Lightning Memory-mapped
                        Database), named will now use a database to store
                        the configuration for zones added by "rndc addzone"
                        instead of using a flat NZF file. This improves
                        performance of "rndc delzone" and "rndc modzone"
                        significantly. Existing NZF files will
                        automatically by converted to NZD databases.
                        To view the contents of an NZD or to roll back to
                        NZF format, use "named-nzd2nzf". To disable
                        this feature, use "configure --without-lmdb".
                        [RT #39837]

4420.   [func]          nslookup now looks for AAAA as well as A by default.
                        [RT #40420]

4419.   [bug]           Don't cause undefined result if the label of an
                        entry in catalog zone is changed. [RT #42708]

4418.   [bug]           Fix a compiler warning in GSSAPI code. [RT #42879]

4417.   [bug]           dnssec-keymgr could fail to create successor keys
                        if the prepublication interval was set to a value
                        smaller than the default. [RT #42820]

4416.   [bug]           dnssec-keymgr: Domain names in policy files could
                        fail to match due to trailing dots. [RT #42807]

4415.   [bug]           dnssec-keymgr: Expired/deleted keys were not always
                        excluded. [RT #42884]

4414.   [bug]           Corrected a bug in the MIPS implementation of
                        isc_atomic_xadd(). [RT #41965]

4413.   [bug]           GSSAPI negotiation could fail if GSS_S_CONTINUE_NEEDED
                        was returned. [RT #42733]
        --- 9.11.0b2 released ---

4412.   [cleanup]       Make fixes for GCC 6. ISC_OFFSET_MAXIMUM macro was
                        removed. [RT #42721]

4411.   [func]          "rndc dnstap -roll" automatically rolls the
                        dnstap output file; the previous version is
                        saved with ".0" suffix, and earlier versions
                        with ".1" and so on. An optional numeric argument
                        indicates how many prior files to save. [RT #42830]

4410.   [bug]           Address use after free and memory leak with dnstap.
                        [RT #42746]

4409.   [bug]           DNS64 should exclude mapped addresses by default when
                        an exclude acl is not defined. [RT #42810]

4408.   [func]          Continue waiting for expected response when we the
                        response we get does not match the request. [RT #41026]

4407.   [performance]   Use GCC builtin for clz in RPZ lookup code.
                        [RT #42818]

4406.   [security]      getrrsetbyname with a non absolute name could
                        trigger an infinite recursion bug in lwresd
                        and named with lwres configured if when combined
                        with a search list entry the resulting name is
                        too long. (CVE-2016-2775) [RT #42694]

4405.   [bug]           Change 4342 introduced a regression where you could
                        not remove a delegation in a NSEC3 signed zone using
                        OPTOUT via nsupdate. [RT #42702]

4404.   [misc]          Allow krb5-config to be used when configuring gssapi.
                        [RT #42580]

4403.   [bug]           Rename variables and arguments that shadow: basename,
                        clone and gai_error.

4402.   [bug]           protoc-c is now a hard requirement for --enable-dnstap.
        --- 9.11.0b1 released ---

4401.   [misc]          Change LICENSE to MPL 2.0.

4400.   [bug]           ttl policy was not being inherited in policy.py.
                        [RT #42718]

4399.   [bug]           policy.py 'ECCGOST', 'ECDSAP256SHA256', and
                        'ECDSAP384SHA384' don't have settable keysize.
                        [RT #42718]

4398.   [bug]           Correct spelling of ECDSAP256SHA256 in policy.py.
                        [RT #42718]

4397.   [bug]           Update Windows python support. [RT #42538]

4396.   [func]          dnssec-keymgr now takes a '-r randomfile' option.
                        [RT #42455]

4395.   [bug]           Improve out-of-tree installation of python modules.
                        [RT #42586]

4394.   [func]          Add rndc command "dnstap-reopen" to close and
                        reopen dnstap output files. [RT #41803]

4393.   [bug]           Address potential NULL pointer dereferences in
                        dnstap code.

4392.   [func]          Collect statistics for RSSAC02v3 traffic-volume,
                        traffic-sizes and rcode-volume reporting. [RT #41475]

4391.   [contrib]       Fix leaks in contrib DLZ code. [RT #42707]

4390.   [doc]           Description of masters with TSIG, allow-query and
                        allow-transfer options in catalog zones. [RT #42692]

4389.   [test]          Rewritten test suite for catalog zones. [RT #42676]

4388.   [func]          Support for master entries with TSIG keys in catalog
                        zones. [RT #42577]

4387.   [bug]           Change 4336 was not complete leading to SERVFAIL
                        being return as NS records expired. [RT #42683]

4386.   [bug]           Remove shadowed overmem function/variable. [RT #42706]

4385.   [func]          Add support for allow-query and allow-transfer ACLs
                        to catalog zones. [RT #42578]

4384.   [bug]           Change 4256 accidentally disabled logging of the
                        rndc command. [RT #42654]

4383.   [bug]           Correct spelling error in stats channel description of
                        "EDNS client subnet option received". [RT #42633]

4382.   [bug]           rndc {addzone,modzone,delzone,showzone} should all
                        compare the zone name using a canonical format.
                        [RT #42630]

4381.   [bug]           Missing "zone-directory" option in catalog zone
                        definition caused BIND to crash. [RT #42579]
        --- 9.11.0a3 released ---

4380.   [experimental]  Added a "zone-directory" option to "catalog-zones"
                        syntax, allowing local masterfiles for slaves
                        that are provisioned by catalog zones to be stored
                        in a directory other than the server's working
                        directory. [RT #42527]

4379.   [bug]           An INSIST could be triggered if a zone contains
                        RRSIG records with expiry fields that loop
                        using serial number arithmetic. [RT #40571]

4378.   [contrib]       #include <isc/string.h> for strlcat in zone2ldap.c.
                        [RT #42525]

4377.   [bug]           Don't reuse zero TTL responses beyond the current
                        client set (excludes ANY/SIG/RRSIG queries).
                        [RT #42142]

4376.   [experimental]  Added support for Catalog Zones, a new method for
                        provisioning secondary servers in which a list of
                        zones to be served is stored in a DNS zone and can
                        be propagated to slaves via AXFR/IXFR. [RT #41581]

4375.   [func]          Add support for automatic reallocation of isc_buffer
                        to isc_buffer_put* functions. [RT #42394]

4374.   [bug]           Use SAVE/RESTORE macros in query.c to reduce the
                        probability of reference counting errors as seen
                        in 4365. [RT #42405]

4373.   [bug]           Address undefined behavior in getaddrinfo. [RT #42479]

4372.   [bug]           Address undefined behavior in libt_api. [RT #42480]

4371.   [func]          New "minimal-any" option reduces the size of UDP
                        responses for qtype ANY by returning a single
                        arbitrarily selected RRset instead of all RRsets.
                        Thanks to Tony Finch. [RT #41615]

4370.   [bug]           Address python3 compatibility issues with RNDC module.
                        [RT #42499] [RT #42506]
        --- 9.11.0a2 released ---

4369.   [bug]           Fix 'make' and 'make install' out-of-tree python
                        support. [RT #42484]

4368.   [bug]           Fix a crash when calling "rndc stats" on some
                        Windows builds because some Visual Studio compilers
                        generated crashing code for the "%z" printf()
                        format specifier. [RT #42380]

4367.   [bug]           Remove unnecessary assignment of loadtime in
                        zone_touched. [RT #42440]

4366.   [bug]           Address race condition when updating rbtnode bit
                        fields. [RT #42379]

4365.   [bug]           Address zone reference counting errors involving
                        nxdomain-redirect. [RT #42258]

4364.   [port]          freebsd: add -Wl,-E to loader flags [RT #41690]

4363.   [port]          win32: Disable explicit triggering UAC when running
                        BINDInstall.

4362.   [func]          Changed rndc reconfig behavior so that newly added
                        zones are loaded asynchronously and the loading does
                        not block the server. [RT #41934]

4361.   [cleanup]       Where supported, file modification times returned
                        by isc_file_getmodtime() are now accurate to the
                        nanosecond. [RT #41968]

4360.   [bug]           Silence spurious 'bad key type' message when there is
                        a existing TSIG key. [RT #42195]

4359.   [bug]           Inherited 'also-notify' lists were not being checked
                        by named-checkconf. [RT #42174]

4358.   [test]          Added American Fuzzy Lop harness that allows
                        feeding fuzzed packets into BIND.
                        [RT #41723]

4357.   [func]          Add the python RNDC module. [RT #42093]

4356.   [func]          Add the ability to specify whether to wait for
                        nameserver addresses to be looked up or not to
                        RPZ with a new modifying directive 'nsip-wait-recurse'.
                        [RT #35009]

4355.   [func]          "pkcs11-list" now displays the extractability
                        attribute of private or secret keys stored in
                        an HSM, as either "true", "false", or "never"
                        Thanks to Daniel Stirnimann. [RT #36557]

4354.   [bug]           Check that the received HMAC length matches the
                        expected length prior to check the contents on the
                        control channel.  This prevents a OOB read error.
                        This was reported by Lian Yihan, <[email protected]>.
                        [RT #42215]

4353.   [cleanup]       Update PKCS#11 header files. [RT #42175]

4352.   [cleanup]       The ISC DNSSEC Lookaside Validation (DLV) service
                        is scheduled to be disabled in 2017.  A warning is
                        now logged when named is configured to use it,
                        either explicitly or via "dnssec-lookaside auto;"
                        [RT #42207]

4351.   [bug]           'dig +noignore' didn't work. [RT #42273]

4350.   [contrib]       Declare result in  dlz_filesystem_dynamic.c.

4349.   [contrib]       kasp2policy: A python script to create a DNSSEC
                        policy file from an OpenDNSSEC KASP XML file.

4348.   [func]          dnssec-keymgr: A new python-based DNSSEC key
                        management utility, which reads a policy definition
                        file and can create or update DNSSEC keys as needed
                        to ensure that a zone's keys match policy, roll over
                        correctly on schedule, etc.  Thanks to Sebastian
                        Castro for assistance in development. [RT #39211]

4347.   [port]          Corrected a build error on x86_64 Solaris. [RT #42150]

4346.   [bug]           Fixed a regression introduced in change #4337 which
                        caused signed domains with revoked KSKs to fail
                        validation. [RT #42147]

4345.   [contrib]       perftcpdns mishandled the return values from
                        clock_nanosleep. [RT #42131]

4344.   [port]          Address openssl version differences. [RT #42059]

4343.   [bug]           dns_dnssec_syncupdate mis-declared in <dns/dnssec.h>.
                        [RT #42090]

4342.   [bug]           'rndc flushtree' could fail to clean the tree if there
                        wasn't a node at the specified name. [RT #41846]
        --- 9.11.0a1 released ---

4341.   [bug]           Correct the handling of ECS options with
                        address family 0. [RT #41377]

4340.   [performance]   Implement adaptive read-write locks, reducing the
                        overhead of locks that are only held briefly.
                        [RT #37329]

4339.   [test]          Use "mdig" to test pipelined queries. [RT #41929]

4338.   [bug]           Reimplement change 4324 as it wasn't properly doing
                        all the required book keeping. [RT #41941]

4337.   [bug]           The previous change exposed a latent flaw in
                        key refresh queries for managed-keys when
                        a cached DNSKEY had TTL 0. [RT #41986]

4336.   [bug]           Don't emit records with zero ttl unless the records
                        were learnt with a zero ttl. [RT #41687]

4335.   [bug]           zone->view could be detached too early. [RT #41942]

4334.   [func]          'named -V' now reports zlib version. [RT #41913]

4333.   [maint]         L.ROOT-SERVERS.NET is now 199.7.83.42 and
                        2001:500:9f::42.

4332.   [placeholder]

4331.   [func]          When loading managed signed zones detect if the
                        RRSIG's inception time is in the future and regenerate
                        the RRSIG immediately. [RT #41808]

4330.   [protocol]      Identify the PAD option as "PAD" when printing out
                        a message.

4329.   [func]          Warn about a common misconfiguration when forwarding
                        RFC 1918 zones. [RT #41441]

4328.   [performance]   Add dns_name_fromwire() benchmark test. [RT #41694]

4327.   [func]          Log query and depth counters during fetches when
                        querytrace (./configure --enable-querytrace) is
                        enabled (helps in diagnosing).  [RT #41787]

4326.   [protocol]      Add support for AVC. [RT #41819]

4325.   [func]          Add a line to "rndc status" indicating the
                        hostname and operating system details. [RT #41610]

4324.   [bug]           When deleting records from a zone database, interior
                        nodes could be left empty but not deleted, damaging
                        search performance afterward. [RT #40997]

4323.   [bug]           Improve HTTP header processing on statschannel.
                        [RT #41674]

4322.   [security]      Duplicate EDNS COOKIE options in a response could
                        trigger an assertion failure. (CVE-2016-2088)
                        [RT #41809]

4321.   [bug]           Zones using mapped files containing out-of-zone data
                        could return SERVFAIL instead of the expected NODATA
                        or NXDOMAIN results. [RT #41596]

4320.   [bug]           Insufficient memory allocation when handling
                        "none" ACL could cause an assertion failure in
                        named when parsing ACL configuration. [RT #41745]

4319.   [security]      Fix resolver assertion failure due to improper
                        DNAME handling when parsing fetch reply messages.
                        (CVE-2016-1286) [RT #41753]

4318.   [security]      Malformed control messages can trigger assertions
                        in named and rndc. (CVE-2016-1285) [RT #41666]

4317.   [bug]           Age all unused servers on fetch timeout. [RT #41597]

4316.   [func]          Add option to tools to print RRs in unknown
                        presentation format [RT #41595].

4315.   [bug]           Check that configured view class isn't a meta class.
                        [RT #41572].

4314.   [contrib]       Added 'dnsperf-2.1.0.0-1', a set of performance
                        testing tools provided by Nominum, Inc.

4313.   [bug]           Handle ns_client_replace failures in test mode.
                        [RT #41190]

4312.   [bug]           dig's unknown DNS and EDNS flags (MBZ value) logging
                        was not consistent. [RT #41600]

4311.   [bug]           Prevent "rndc delzone" from being used on
                        response-policy zones. [RT #41593]

4310.   [performance]   Use __builtin_expect() where available to annotate
                        conditions with known behavior. [RT #41411]

4309.   [cleanup]       Remove the spurious "none" filename from log messages
                        when processing built-in configuration. [RT #41594]

4308.   [func]          Added operating system details to "named -V"
                        output. [RT #41452]

4307.   [bug]           "dig +subnet" and "mdig +subnet" could send
                        incorrectly-formatted Client Subnet options
                        if the prefix length was not divisible by 8.
                        Also fixed a memory leak in "mdig". [RT #45178]

4306.   [maint]         Added a PKCS#11 openssl patch supporting
                        version 1.0.2f [RT #38312]

4305.   [bug]           dnssec-signzone was not removing unnecessary rrsigs
                        from the zone's apex. [RT #41483]

4304.   [port]          xfer system test failed as 'tail -n +value' is not
                        portable. [RT #41315]

4303.   [bug]           "dig +subnet" was unable to send a prefix length of
                        zero, as it was incorrectly changed to 32 for v4
                        prefixes or 128 for v6 prefixes. In addition to
                        fixing this, "dig +subnet=0" has been added as a
                        short form for 0.0.0.0/0. The same changes have
                        also been made in "mdig". [RT #41553]

4302.   [port]          win32: fixed a build error in VS 2015. [RT #41426]

4301.   [bug]           dnssec-settime -p [DP]sync was not working. [RT #41534]

4300.   [bug]           A flag could be set in the wrong field when setting
                        up non-recursive queries; this could cause the
                        SERVFAIL cache to cache responses it shouldn't.
                        New querytrace logging has been added which
                        identified this error. [RT #41155]

4299.   [bug]           Check that exactly totallen bytes are read when
                        reading a RRset from raw files in both single read
                        and incremental modes. [RT #41402]

4298.   [bug]           dns_rpz_add errors in loadzone were not being
                        propagated up the call stack. [RT #41425]

4297.   [test]          Ensure delegations in RPZ zones fail robustly.
                        [RT #41518]

4296.   [bug]           TCP packet sizes were calculated incorrectly in the
                        stats channel; they could be counted in the wrong
                        histogram bucket. [RT #40587]

4295.   [bug]           An unchecked result in dns_message_pseudosectiontotext()
                        could allow incorrect text formatting of EDNS EXPIRE
                        options. [RT #41437]

4294.   [bug]           Fixed a regression in which "rndc stop -p" failed
                        to print the PID. [RT #41513]

4293.   [bug]           Address memory leak on priming query creation failure.
                        [RT #41512]

4292.   [placeholder]

4291.   [cleanup]       Added a required include to dns/forward.h. [RT #41474]

4290.   [func]          The timers returned by the statistics channel
                        (indicating current time, server boot time, and
                        most recent reconfiguration time) are now reported
                        with millisecond accuracy. [RT #40082]

4289.   [bug]           The server could crash due to memory being used
                        after it was freed if a zone transfer timed out.
                        [RT #41297]

4288.   [bug]           Fixed a regression in resolver.c:possibly_mark()
                        which caused known-bogus servers to be queried
                        anyway. [RT #41321]

4287.   [bug]           Silence an overly noisy log message when message
                        parsing fails. [RT #41374]

4286.   [security]      render_ecs errors were mishandled when printing out
                        a OPT record resulting in a assertion failure.
                        (CVE-2015-8705) [RT #41397]

4285.   [security]      Specific APL data could trigger a INSIST.
                        (CVE-2015-8704) [RT #41396]

4284.   [bug]           Some GeoIP options were incorrectly documented
                        using abbreviated forms which were not accepted by
                        named.  The code has been updated to allow both
                        long and abbreviated forms. [RT #41381]

4283.   [bug]           OPENSSL_config is no longer re-callable. [RT #41348]

4282.   [func]          'dig +[no]mapped' determine whether the use of mapped
                        IPv4 addresses over IPv6 is permitted or not.  The
                        default is +mapped.  [RT #41307]

4281.   [bug]           Teach dns_message_totext about BADCOOKIE. [RT #41257]

4280.   [performance]   Use optimal message sizes to improve compression
                        in AXFRs. This reduces network traffic. [RT #40996]

4279.   [test]          Don't use fixed ports when unit testing. [RT #41194]

4278.   [bug]           'delv +short +[no]split[=##]' didn't work as expected.
                        [RT #41238]

4277.   [performance]   Improve performance of the RBT, the central zone
                        datastructure: The aux hashtable was improved,
                        hash function was updated to perform more
                        uniform mapping, uppernode was added to
                        dns_rbtnode, and other cleanups and performance
                        improvements were made. [RT #41165]

4276.   [protocol]      Add support for SMIMEA. [RT #40513]

4275.   [performance]   Lazily initialize dns_compress->table only when
                        compression is enabled. [RT #41189]

4274.   [performance]   Speed up typemap processing from text. [RT #41196]

4273.   [bug]           Only call dns_test_begin() and dns_test_end() once each
                        in nsec3_test as it fails with GOST if called multiple
                        times.

4272.   [bug]           dig: the +norrcomments option didn't work with +multi.
                        [RT #41234]

4271.   [test]          Unit tests could deadlock in isc__taskmgr_pause().
                        [RT #41235]

4270.   [security]      Update allowed OpenSSL versions as named is
                        potentially vulnerable to CVE-2015-3193.

4269.   [bug]           Zones using "map" format master files currently
                        don't work as policy zones.  This limitation has
                        now been documented; attempting to use such zones
                        in "response-policy" statements is now a
                        configuration error.  [RT #38321]

4268.   [func]          "rndc status" now reports the path to the
                        configuration file. [RT #36470]

4267.   [test]          Check sdlz error handling. [RT #41142]

4266.   [placeholder]

4265.   [bug]           Address unchecked isc_mem_get calls. [RT #41187]

4264.   [bug]           Check const of strchr/strrchr assignments match
                        argument's const status. [RT #41150]

4263.   [contrib]       Address compiler warnings in mysqldyn module.
                        [RT #41130]

4262.   [bug]           Fixed a bug in epoll socket code that caused
                        sockets to not be registered for ready
                        notification in some cases, causing named to not
                        read from or write to them, resulting in what
                        appear to the user as blocked connections.
                        [RT #41067]

4261.   [maint]         H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53.
                        [RT #40556]

4260.   [security]      Insufficient testing when parsing a message allowed
                        records with an incorrect class to be be accepted,
                        triggering a REQUIRE failure when those records
                        were subsequently cached. (CVE-2015-8000) [RT #40987]

4259.   [func]          Add an option for non-destructive control channel
                        access using a "read-only" clause. In such
                        cases, a restricted set of rndc commands are
                        allowed for querying information from named.
                        [RT #40498]

4258.   [bug]           Limit rndc query message sizes to 32 KiB. This should
                        not break any legitimate rndc commands, but will
                        prevent a rogue rndc query from allocating too
                        much memory. [RT #41073]

4257.   [cleanup]       Python scripts reported incorrect version. [RT #41080]

4256.   [bug]           Allow rndc command arguments to be quoted so as
                        to allow spaces. [RT #36665]

4255.   [performance]   Add 'message-compression' option to disable DNS
                        compression in responses. [RT #40726]

4254.   [bug]           Address missing lock when getting zone's serial.
                        [RT #41072]

4253.   [security]      Address fetch context reference count handling error
                        on socket error. (CVE-2015-8461)  [RT#40945]

4252.   [func]          Add support for automating the generation CDS and
                        CDNSKEY rrsets to named and dnssec-signzone.
                        [RT #40424]

4251.   [bug]           NTAs were deleted when the server was reconfigured
                        or reloaded. [RT #41058]

4250.   [func]          Log the TSIG key in use during inbound zone
                        transfers. [RT #41075]

4249.   [func]          Improve error reporting of TSIG / SIG(0) records in
                        the wrong location. [RT #41030]

4248.   [performance]   Add an isc_atomic_storeq() function, use it in
                        stats counters to improve performance.
                        [RT #39972] [RT #39979]

4247.   [port]          Require both HAVE_JSON and JSON_C_VERSION to be
                        defined to report json library version. [RT #41045]

4246.   [test]          Ensure the statschannel system test runs when BIND
                        is not built with libjson. [RT #40944]

4245.   [placeholder]

4244.   [bug]           The parser was not reporting that use-ixfr is obsolete.
                        [RT #41010]

4243.   [func]          Improved stats reporting from Timothe Litt. [RT #38941]

4242.   [bug]           Replace the client if not already replaced when
                        prefetching. [RT #41001]

4241.   [doc]           Improved the TSIG, TKEY, and SIG(0) sections in
                        the ARM. [RT #40955]

4240.   [port]          Fix LibreSSL compatibility. [RT #40977]

4239.   [func]          Changed default servfail-ttl value to 1 second from 10.
                        Also, the maximum value is now 30 instead of 300.
                        [RT #37556]

4238.   [bug]           Don't send to servers on net zero (0.0.0.0/8).
                        [RT #40947]

4237.   [doc]           Upgraded documentation toolchain to use DocBook 5
                        and dblatex. [RT #40766]

4236.   [performance]   On machines with 2 or more processors (CPU), the
                        default value for the number of UDP listeners
                        has been changed to the number of detected
                        processors minus one. [RT #40761]

4235.   [func]          Added support in named for "dnstap", a fast method of
                        capturing and logging DNS traffic, and a new command
                        "dnstap-read" to read a dnstap log file.  Use
                        "configure --enable-dnstap" to enable this
                        feature (note that this requires libprotobuf-c
                        and libfstrm). See the ARM for configuration details.

                        Thanks to Robert Edmonds of Farsight Security.
                        [RT #40211]

4234.   [func]          Add deflate compression in statistics channel HTTP
                        server. [RT #40861]

4233.   [test]          Add tests for CDS and CDNSKEY with delegation-only.
                        [RT #40597]

4232.   [contrib]       Address unchecked memory allocation calls in
                        query-loc and zone2ldap. [RT #40789]

4231.   [contrib]       Address unchecked calloc call in dlz_mysqldyn_mod.c.
                        [RT #40840]

4230.   [contrib]       dlz_wildcard_dynamic.c:dlz_create could return a
                        uninitialized result. [RT #40839]

4229.   [bug]           A variable could be used uninitialized in
                        dns_update_signaturesinc. [RT #40784]

4228.   [bug]           Address race condition in dns_client_destroyrestrans.
                        [RT #40605]

4227.   [bug]           Silence static analysis warnings. [RT #40828]

4226.   [bug]           Address a theoretical shutdown race in
                        zone.c:notify_send_queue(). [RT #38958]

4225.   [port]          freebsd/openbsd:  Use '${CC} -shared' for building
                        shared libraries. [RT #39557]

4224.   [func]          Added support for "dyndb", a new interface for loading
                        zone data from an external database, developed by
                        Red Hat for the FreeIPA project.

                        DynDB drivers fully implement the BIND database
                        API, and are capable of significantly better
                        performance and functionality than DLZ drivers,
                        while taking advantage of advanced database
                        features not available in BIND such as multi-master
                        replication.

                        Thanks to Adam Tkac and Petr Spacek of Red Hat.
                        [RT #35271]

4223.   [func]          Add support for setting max-cache-size to percentage
                        of available physical memory, set default to 90%.
                        [RT #38442]

4222.   [func]          Bias IPv6 servers when selecting the next server to
                        query. [RT #40836]

4221.   [bug]           Resource leak on DNS_R_NXDOMAIN in fctx_create.
                        [RT #40583]

4220.   [doc]           Improve documentation for zone-statistics.
                        [RT #36955]

4219.   [bug]           Set event->result to ISC_R_WOULDBLOCK on EWOULDBLOCK,
                        EGAIN when these soft error are not retried for
                        isc_socket_send*().

4218.   [bug]           Potential null pointer dereference on out of memory
                        if mmap is not supported. [RT #40777]

4217.   [protocol]      Add support for CSYNC. [RT #40532]

4216.   [cleanup]       Silence static analysis warnings. [RT #40649]

4215.   [bug]           nsupdate: skip to next request on GSSTKEY create
                        failure. [RT #40685]

4214.   [protocol]      Add support for TALINK.  [RT #40544]

4213.   [bug]           Don't reuse a cache across multiple classes.
                        [RT #40205]

4212.   [func]          Re-query if we get a bad client cookie returned over
                        UDP. [RT #40748]

4211.   [bug]           Ensure that lwresd gets at least one task to work
                        with if enabled. [RT #40652]

4210.   [cleanup]       Silence use after free false positive. [RT #40743]

4209.   [bug]           Address resource leaks in dlz modules. [RT #40654]

4208.   [bug]           Address null pointer dereferences on out of memory.
                        [RT #40764]

4207.   [bug]           Handle class mismatches with raw zone files.
                        [RT #40746]

4206.   [bug]           contrib: fixed a possible NULL dereference in
                        DLZ wildcard module. [RT #40745]

4205.   [bug]           'named-checkconf -p' could include unwanted spaces
                        when printing tuples with unset optional fields.
                        [RT #40731]

4204.   [bug]           'dig +trace' failed to lookup the correct type if
                        the initial root NS query was retried. [RT #40296]

4203.   [test]          The rrchecker system test now tests conversion
                        to and from unknown-type format. [RT #40584]

4202.   [bug]           isccc_cc_fromwire() could return an incorrect
                        result. [RT #40614]

4201.   [func]          The default preferred-glue is now the address record
                        type of the transport the query was received
                        over.  [RT #40468]

4200.   [cleanup]       win32: update BINDinstall to be BIND release
                        independent. [RT #38915]

4199.   [protocol]      Add support for NINFO, RKEY, SINK, TA.
                        [RT #40545] [RT #40547] [RT #40561] [RT #40563]

4198.   [placeholder]

4197.   [bug]           'named-checkconf -z' didn't handle 'in-view' clauses.
                        [RT #40603]

4196.   [doc]           Improve how "enum + other" types are documented.
                        [RT #40608]

4195.   [bug]           'max-zone-ttl unlimited;' was broken. [RT #40608]

4194.   [bug]           named-checkconf -p failed to properly print a port
                        range.  [RT #40634]

4193.   [bug]           Handle broken servers that return BADVERS incorrectly.
                        [RT #40427]

4192.   [bug]           The default rrset-order of random was not always being
                        applied. [RT #40456]

4191.   [protocol]      Accept DNS-SD non LDH PTR records in reverse zones
                        as per RFC 6763. [RT #37889]

4190.   [protocol]      Accept Active Directory gc._msdcs.<forest> name as
                        valid with check-names.  <forest> still needs to be
                        LDH. [RT #40399]

4189.   [cleanup]       Don't exit on overly long tokens in named.conf.
                        [RT #40418]

4188.   [bug]           Support HTTP/1.0 client properly on the statistics
                        channel. [RT #40261]

4187.   [func]          When any RR type implementation doesn't
                        implement totext() for the RDATA's wire
                        representation and returns ISC_R_NOTIMPLEMENTED,
                        such RDATA is now printed in unknown
                        presentation format (RFC 3597). RR types affected
                        include LOC(29) and APL(42). [RT #40317].

4186.   [bug]           Fixed an RPZ bug where a QNAME would be matched
                        against a policy RR with wildcard owner name
                        (trigger) where the QNAME was the wildcard owner
                        name's parent. For example, the bug caused a query
                        with QNAME "example.com" to match a policy RR with
                        "*.example.com" as trigger. [RT #40357]

4185.   [bug]           Fixed an RPZ bug where a policy RR with wildcard
                        owner name (trigger) would prevent another policy RR
                        with its parent owner name from being
                        loaded. For example, the bug caused a policy RR
                        with trigger "example.com" to not have any
                        effect when a previous policy RR with trigger
                        "*.example.com" existed in that RPZ zone.
                        [RT #40357]

4184.   [bug]           Fixed a possible memory leak in name compression
                        when rendering long messages. (Also, improved
                        wire_test for testing such messages.) [RT #40375]

4183.   [cleanup]       Use timing-safe memory comparisons in cryptographic
                        code. Also, the timing-safe comparison functions have
                        been renamed to avoid possible confusion with
                        memcmp(). Thanks to Loganaden Velvindron of
                        AFRINIC. [RT #40148]

4182.   [cleanup]       Use mnemonics for RR class and type comparisons.
                        [RT #40297]

4181.   [bug]           Queued notify messages could be dequeued from the
                        wrong rate limiter queue. [RT #40350]

4180.   [bug]           Error responses in pipelined queries could
                        cause a crash in client.c. [RT #40289]

4179.   [bug]           Fix double frees in getaddrinfo() in libirs.
                        [RT #40209]

4178.   [bug]           Fix assertion failure in parsing UNSPEC(103) RR from
                        text. [RT #40274]

4177.   [bug]           Fix assertion failure in parsing NSAP records from
                        text. [RT #40285]

4176.   [bug]           Address race issues with lwresd. [RT #40284]

4175.   [bug]           TKEY with GSS-API keys needed bigger buffers.
                        [RT #40333]

4174.   [bug]           "dnssec-coverage -r" didn't handle time unit
                        suffixes correctly. [RT #38444]

4173.   [bug]           dig +sigchase was not properly matching the trusted
                        key. [RT #40188]

4172.   [bug]           Named / named-checkconf didn't handle a view of CLASS0.
                        [RT #40265]

4171.   [bug]           Fixed incorrect class checks in TSIG RR
                        implementation. [RT #40287]

4170.   [security]      An incorrect boundary check in the OPENPGPKEY
                        rdatatype could trigger an assertion failure.
                        (CVE-2015-5986) [RT #40286]

4169.   [test]          Added a 'wire_test -d' option to read input as
                        raw binary data, for use as a fuzzing harness.
                        [RT #40312]

4168.   [security]      A buffer accounting error could trigger an
                        assertion failure when parsing certain malformed
                        DNSSEC keys. (CVE-2015-5722) [RT #40212]

4167.   [func]          Update rndc's usage output to include recently added
                        commands. Thanks to Tony Finch for submitting a
                        patch. [RT #40010]

4166.   [func]          Print informative output from rndc showzone when
                        allow-new-zones is not enabled for a view. Thanks to
                        Tony Finch for submitting a patch. [RT #40009]

4165.   [security]      A failure to reset a value to NULL in tkey.c could
                        result in an assertion failure. (CVE-2015-5477)
                        [RT #40046]

4164.   [bug]           Don't rename slave files and journals on out of memory.
                        [RT #40033]

4163.   [bug]           Address compiler warnings. [RT #40024]

4162.   [bug]           httpdmgr->flags was not being initialized. [RT #40017]

4161.   [test]          Add JSON test for traffic size stats; also test
                        for consistency between "rndc stats" and the XML
                        and JSON statistics channel contents. [RT #38700]

4160.   [placeholder]

4159.   [cleanup]       Alphabetize dig's help output. [RT #39966]

4158.   [placeholder]

4157.   [placeholder]

4156.   [func]          Added statistics counters to track the sizes
                        of incoming queries and outgoing responses in
                        histogram buckets, as specified in RSSAC002.
                        [RT #39049]

4155.   [func]          Allow RPZ rewrite logging to be configured on a
                        per-zone basis using a newly introduced log clause in
                        the response-policy option. [RT #39754]

4154.   [bug]           A OPT record should be included with the FORMERR
                        response when there is a malformed EDNS option.
                        [RT #39647]

4153.   [bug]           Dig should zero non significant +subnet bits.  Check
                        that non significant ECS bits are zero on receipt.
                        [RT #39647]

4152.   [func]          Implement DNS COOKIE option.  This replaces the
                        experimental SIT option of BIND 9.10.  The following
                        named.conf directives are available: send-cookie,
                        cookie-secret, cookie-algorithm, nocookie-udp-size
                        and require-server-cookie.  The following dig options
                        are available: +[no]cookie[=value] and +[no]badcookie.
                        [RT #39928]

4151.   [bug]           'rndc flush' could cause a deadlock. [RT #39835]

4150.   [bug]           win32: listen-on-v6 { any; }; was not working.  Apply
                        minimal fix.  [RT #39667]

4149.   [bug]           Fixed a race condition in the getaddrinfo()
                        implementation in libirs, which caused the delv
                        utility to crash with an assertion failure when using
                        the '@server' syntax with a hostname argument.
                        [RT #39899]

4148.   [bug]           Fix a bug when printing zone names with '/' character
                        in XML and JSON statistics output. [RT #39873]

4147.   [bug]           Filter-aaaa / filter-aaaa-on-v4 / filter-aaaa-on-v6
                        was returning referrals rather than nodata responses
                        when the AAAA records were filtered.  [RT #39843]

4146.   [bug]           Address reference leak that could prevent a clean
                        shutdown. [RT #37125]

4145.   [bug]           Not all unassociated adb entries where being printed.
                        [RT #37125]

4144.   [func]          Add statistics counters for nxdomain redirections.
                        [RT #39790]

4143.   [placeholder]

4142.   [bug]           rndc addzone with view specified saved NZF config
                        that could not be read back by named. This has now
                        been fixed. [RT #39845]

4141.   [bug]           A formatting bug caused rndc zonestatus to print
                        negative numbers for large serial values. This has
                        now been fixed. [RT #39854]

4140.   [cleanup]       Remove redundant nzf_remove() call during delzone.
                        [RT #39844]

4139.   [doc]           Fix rpz-client-ip documentation. [RT #39783]

4138.   [security]      An uninitialized value in validator.c could result
                        in an assertion failure. (CVE-2015-4620) [RT #39795]

4137.   [bug]           Make rndc reconfig report configuration errors the
                        same way rndc reload does. [RT #39635]

4136.   [bug]           Stale statistics counters with the leading
                        '#' prefix (such as #NXDOMAIN) were not being
                        updated correctly. This has been fixed. [RT #39141]

4135.   [cleanup]       Log expired NTA at startup. [RT #39680]

4134.   [cleanup]       Include client-ip rules when logging the number
                        of RPZ rules of each type. [RT #39670]

4133.   [port]          Update how various json libraries are handled.
                        [RT #39646]

4132.   [cleanup]       dig: added +rd as a synonym for +recurse,
                        added +class as an unabbreviated alternative
                        to +cl. [RT #39686]

4131.   [bug]           Addressed further problems with reloading RPZ
                        zones. [RT #39649]

4130.   [bug]           The compatibility shim for *printf() misprinted some
                        large numbers. [RT #39586]

4129.   [port]          Address API changes in OpenSSL 1.1.0. [RT #39532]

4128.   [bug]           Address issues raised by Coverity 7.6. [RT #39537]

4127.   [protocol]      CDS and CDNSKEY need to be signed by the key signing
                        key as per RFC 7344, Section 4.1. [RT #37215]

4126.   [bug]           Addressed a regression introduced in change #4121.
                        [RT #39611]

4125.   [test]          Added tests for dig, renamed delv test to digdelv.
                        [RT #39490]

4124.   [func]          Log errors or warnings encountered when parsing the
                        internal default configuration.  Clarify the logging
                        of errors and warnings encountered in rndc
                        addzone or modzone parameters. [RT #39440]

4123.   [port]          Added %z (size_t) format options to the portable
                        internal printf/sprintf implementation. [RT #39586]

4122.   [bug]           The server could match a shorter prefix than what was
                        available in CLIENT-IP policy triggers, and so, an
                        unexpected action could be taken. This has been
                        corrected. [RT #39481]

4121.   [bug]           On servers with one or more policy zones
                        configured as slaves, if a policy zone updated
                        during regular operation (rather than at
                        startup) using a full zone reload, such as via
                        AXFR, a bug could allow the RPZ summary data to
                        fall out of sync, potentially leading to an
                        assertion failure in rpz.c when further
                        incremental updates were made to the zone, such
                        as via IXFR. [RT #39567]

4120.   [bug]           A bug in RPZ could cause the server to crash if
                        policy zones were updated while recursion was
                        pending for RPZ processing of an active query.
                        [RT #39415]

4119.   [test]          Allow dig to set the message opcode. [RT #39550]

4118.   [bug]           Teach isc-config.sh about irs. [RT #39213]

4117.   [protocol]      Add EMPTY.AS112.ARPA as per RFC 7534.

4116.   [bug]           Fix a bug in RPZ that could cause some policy
                        zones that did not specifically require
                        recursion to be treated as if they did;
                        consequently, setting qname-wait-recurse no; was
                        sometimes ineffective. [RT #39229]

4115.   [func]          "rndc -r" now prints the result code (e.g.,
                        ISC_R_SUCCESS, ISC_R_TIMEOUT, etc) after
                        running the requested command. [RT #38913]

4114.   [bug]           Fix a regression in radix tree implementation
                        introduced by ECS code. This bug was never
                        released, but it was reported by a user testing
                        master. [RT #38983]

4113.   [test]          Check for Net::DNS is some system test
                        prerequisites. [RT #39369]

4112.   [bug]           Named failed to load when "root-delegation-only"
                        was used without a list of domains to exclude.
                        [RT #39380]

4111.   [doc]           Alphabetize rndc man page. [RT #39360]

4110.   [bug]           Address memory leaks / null pointer dereferences
                        on out of memory. [RT #39310]

4109.   [port]          linux: support reading the local port range from
                        net.ipv4.ip_local_port_range. [RT # 39379]

4108.   [func]          An additional NXDOMAIN redirect method (option
                        "nxdomain-redirect") has been added, allowing
                        redirection to a specified DNS namespace instead
                        of a single redirect zone. [RT #37989]

4107.   [bug]           Address potential deadlock when updating zone content.
                        [RT #39269]

4106.   [port]          Improve readline support. [RT #38938]

4105.   [port]          Misc fixes for Microsoft Visual Studio
                        2015 CTP6 in 64 bit mode. [RT #39308]

4104.   [bug]           Address uninitialized elements. [RT #39252]

4103.   [port]          Misc fixes for Microsoft Visual Studio
                        2015 CTP6. [RT #39267]

4102.   [bug]           Fix a use after free bug introduced in change
                        #4094.  [RT #39281]

4101.   [bug]           dig: the +split and +rrcomments options didn't
                        work with +short. [RT #39291]

4100.   [bug]           Inherited owernames on the line immediately following
                        a $INCLUDE were not working.  [RT #39268]

4099.   [port]          clang: make unknown commandline options hard errors
                        when determining what options are supported.
                        [RT #39273]

4098.   [bug]           Address use-after-free issue when using a
                        predecessor key with dnssec-settime. [RT #39272]

4097.   [func]          Add additional logging about xfrin transfer status.
                        [RT #39170]

4096.   [bug]           Fix a use after free of query->sendevent.
                        [RT #39132]

4095.   [bug]           zone->options2 was not being properly initialized.
                        [RT #39228]

4094.   [bug]           A race during shutdown or reconfiguration could
                        cause an assertion in mem.c. [RT #38979]

4093.   [func]          Dig now learns the SIT value from truncated
                        responses when it retries over TCP. [RT #39047]

4092.   [bug]           'in-view' didn't work for zones beneath a empty zone.
                        [RT #39173]

4091.   [cleanup]       Some cleanups in isc mem code. [RT #38896]

4090.   [bug]           Fix a crash while parsing malformed CAA RRs in
                        presentation format, i.e., from text such as
                        from master files. Thanks to John Van de
                        Meulebrouck Brendgard for discovering and
                        reporting this problem. [RT #39003]

4089.   [bug]           Send notifies immediately for slave zones during
                        startup. [RT #38843]

4088.   [port]          Fixed errors when building with libressl. [RT #38899]

4087.   [bug]           Fix a crash due to use-after-free due to sequencing
                        of tasks actions. [RT #38495]

4086.   [bug]           Fix out-of-srcdir build with native pkcs11. [RT #38831]

4085.   [bug]           ISC_PLATFORM_HAVEXADDQ could be inconsistently set.
                        [RT #38828]

4084.   [bug]           Fix a possible race in updating stats counters.
                        [RT #38826]

4083.   [cleanup]       Print the number of CPUs and UDP listeners
                        consistently in the log and in "rndc status"
                        output; indicate whether threads are supported
                        in "named -V" output. [RT #38811]

4082.   [bug]           Incrementally sign large inline zone deltas.
                        [RT #37927]

4081.   [cleanup]       Use dns_rdatalist_init consistently. [RT #38759]

4080.   [func]          Completed change #4022, adding a "lock-file" option
                        to named.conf to override the default lock file,
                        in addition to the "named -X <filename>" command
                        line option.  Setting the lock file to "none"
                        using either method disables the check completely.
                        [RT #37908]

4079.   [func]          Preserve the case of the owner name of records to
                        the RRset level. [RT #37442]

4078.   [bug]           Handle the case where CMSG_SPACE(sizeof(int)) !=
                        CMSG_SPACE(sizeof(char)). [RT #38621]

4077.   [test]          Add static-stub regression test for DS NXDOMAIN
                        return making the static stub disappear. [RT #38564]

4076.   [bug]           Named could crash on shutdown with outstanding
                        reload / reconfig events. [RT #38622]

4075.   [placeholder]

4074.   [cleanup]       Cleaned up more warnings from gcc -Wshadow. [RT #38708]

4073.   [cleanup]       Add libjson-c version number reporting to
                        "named -V"; normalize version number formatting.
                        [RT #38056]

4072.   [func]          Add a --enable-querytrace configure switch for
                        very verbose query trace logging. (This option
                        has a negative performance impact and should be
                        used only for debugging.) [RT #37520]

4071.   [cleanup]       Initialize pthread mutex attrs just once, instead of
                        doing it per mutex creation. [RT #38547]

4070.   [bug]           Fix a segfault in nslookup in a query such as
                        "nslookup isc.org AMS.SNS-PB.ISC.ORG -all".
                        [RT #38548]

4069.   [doc]           Reorganize options in the nsupdate man page.
                        [RT #38515]

4068.   [bug]           Omit unknown serial number from JSON zone statistics.
                        [RT #38604]

4067.   [cleanup]       Reduce noise from RRL when query logging is
                        disabled. [RT #38648]

4066.   [doc]           Reorganize options in the dig man page. [RT #38516]

4065.   [test]          Additional RFC 5011 tests. [RT #38569]

4064.   [contrib]       dnssec-keyset.sh: Generates a specified number
                        of DNSSEC keys with timing set to implement a
                        pre-publication key rollover strategy. Thanks
                        to Jeffry A. Spain. [RT #38459]

4063.   [bug]           Asynchronous zone loads were not handled
                        correctly when the zone load was already in
                        progress; this could trigger a crash in zt.c.
                        [RT #37573]

4062.   [bug]           Fix an out-of-bounds read in RPZ code. If the
                        read succeeded, it doesn't result in a bug
                        during operation. If the read failed, named
                        could segfault. [RT #38559]

4061.   [bug]           Handle timeout in legacy system test. [RT #38573]

4060.   [bug]           dns_rdata_freestruct could be called on a
                        uninitialized structure when handling a error.
                        [RT #38568]

4059.   [bug]           Addressed valgrind warnings. [RT #38549]

4058.   [bug]           UDP dispatches could use the wrong pseudorandom
                        number generator context. [RT #38578]

4057.   [bug]           'dnssec-dsfromkey -T 0' failed to add ttl field.
                        [RT #38565]

4056.   [bug]           Expanded automatic testing of trust anchor
                        management and fixed several small bugs including
                        a memory leak and a possible loss of key state
                        information. [RT #38458]

4055.   [func]          "rndc managed-keys" can be used to check status
                        of trust anchors or to force keys to be refreshed,
                        Also, the managed keys data file has easier-to-read
                        comments.  [RT #38458]

4054.   [func]          Added a new tool 'mdig', a lightweight clone of
                        dig able to send multiple pipelined queries.
                        [RT #38261]

4053.   [security]      Revoking a managed trust anchor and supplying
                        an untrusted replacement could cause named
                        to crash with an assertion failure.
                        (CVE-2015-1349) [RT #38344]

4052.   [bug]           Fix a leak of query fetchlock. [RT #38454]

4051.   [bug]           Fix a leak of pthread_mutexattr_t. [RT #38454]

4050.   [bug]           RPZ could send spurious SERVFAILs in response
                        to duplicate queries. [RT #38510]

4049.   [bug]           CDS and CDNSKEY had the wrong attributes. [RT #38491]

4048.   [bug]           adb hash table was not being grown. [RT #38470]

4047.   [cleanup]       "named -V" now reports the current running versions
                        of OpenSSL and the libxml2 libraries, in addition to
                        the versions that were in use at build time.

4046.   [bug]           Accounting of "total use" in memory context
                        statistics was not correct. [RT #38370]

4045.   [bug]           Skip to next master on dns_request_createvia4 failure.
                        [RT #25185]

4044.   [bug]           Change 3955 was not complete, resulting in an assertion
                        failure if the timing was just right. [RT #38352]

4043.   [func]          "rndc modzone" can be used to modify the
                        configuration of an existing zone, using similar
                        syntax to "rndc addzone". [RT #37895]

4042.   [bug]           zone.c:iszonesecure was being called too late.
                        [RT #38371]

4041.   [func]          TCP sockets can now be shared while connecting.
                        (This will be used to enable client-side support
                        of pipelined queries.) [RT #38231]

4040.   [func]          Added server-side support for pipelined TCP
                        queries. Clients may continue sending queries via
                        TCP while previous queries are being processed
                        in parallel.  (The new "keep-response-order"
                        option allows clients to be specified for which
                        the old behavior will still be used.) [RT #37821]

4039.   [cleanup]       Cleaned up warnings from gcc -Wshadow. [RT #37381]

4038.   [bug]           Add 'rpz' flag to node and use it to determine whether
                        to call dns_rpz_delete.  This should prevent unbalanced
                        add / delete calls. [RT #36888]

4037.   [bug]           also-notify was ignoring the tsig key when checking
                        for duplicates resulting in some expected notify
                        messages not being sent. [RT #38369]

4036.   [bug]           Make call to open a temporary file name safe during
                        NZF creation. [RT #38331]

4035.   [bug]           Close temporary and NZF FILE pointers before moving
                        the former into the latter's place, as required on
                        Windows. [RT #38332]

4034.   [func]          When added, negative trust anchors (NTA) are now
                        saved to files (viewname.nta), in order to
                        persist across restarts of the named server.
                        [RT #37087]

4033.   [bug]           Missing out of memory check in request.c:req_send.
                        [RT #38311]

4032.   [bug]           Built-in "empty" zones did not correctly inherit the
                        "allow-transfer" ACL from the options or view.
                        [RT #38310]

4031.   [bug]           named-checkconf -z failed to report a missing file
                        with a hint zone. [RT #38294]

4030.   [func]          "rndc delzone" is now applicable to zones that were
                        configured in named.conf, as well as zones that
                        were added via "rndc addzone". (Note, however, that
                        if named.conf is not also modified, the deleted zone
                        will return when named is reloaded.) [RT #37887]

4029.   [func]          "rndc showzone" displays the current configuration
                        of a specified zone. [RT #37887]

4028.   [bug]           $GENERATE with a zero step was not being caught as a
                        error.  A $GENERATE with a / but no step was not being
                        caught as a error. [RT #38262]

4027.   [port]          Net::DNS 0.81 compatibility. [RT #38165]

4026.   [bug]           Fix RFC 3658 reference in dig +sigchase. [RT #38173]

4025.   [port]          bsdi: failed to build. [RT #38047]

4024.   [bug]           dns_rdata_opt_first, dns_rdata_opt_next,
                        dns_rdata_opt_current, dns_rdata_txt_first,
                        dns_rdata_txt_next and dns_rdata_txt_current were
                        documented but not implemented.  These have now been
                        implemented.

                        dns_rdata_spf_first, dns_rdata_spf_next and
                        dns_rdata_spf_current were documented but not
                        implemented.  The prototypes for these
                        functions have been removed. [RT #38068]

4023.   [bug]           win32: socket handling with explicit ports and
                        invoking named with -4 was broken for some
                        configurations. [RT #38068]

4022.   [func]          Stop multiple spawns of named by limiting number of
                        processes to 1. This is done by using a lockfile and
                        checking whether we can listen on any configured
                        TCP interfaces. [RT #37908]

4021.   [bug]           Adjust max-recursion-queries to accommodate
                        the need for more queries when the cache is
                        empty. [RT #38104]

4020.   [bug]           Change 3736 broke nsupdate's SOA MNAME discovery
                        resulting in updates being sent to the wrong server.
                        [RT #37925]

4019.   [func]          If named is not configured to validate the answer
                        then allow fallback to plain DNS on timeout even
                        when we know the server supports EDNS. [RT #37978]

4018.   [placeholder]

4017.   [test]          Add system test to check lookups to legacy servers
                        with broken DNS behavior. [RT #37965]

4016.   [bug]           Fix a dig segfault due to bad linked list usage.
                        [RT #37591]

4015.   [bug]           Nameservers that are skipped due to them being
                        CNAMEs were not being logged. They are now logged
                        to category 'cname' as per BIND 8. [RT #37935]

4014.   [bug]           When including a master file origin_changed was
                        not being properly set leading to a potentially
                        spurious 'inherited owner' warning. [RT #37919]

4013.   [func]          Add a new tcp-only option to server (config) /
                        peer (struct) to use TCP transport to send
                        queries (in place of UDP transport with a
                        TCP fallback on truncated (TC set) response).
                        [RT #37800]

4012.   [cleanup]       Check returned status of OpenSSL digest and HMAC
                        functions when they return one. Note this applies
                        only to FIPS capable OpenSSL libraries put in
                        FIPS mode and MD5. [RT #37944]

4011.   [bug]           master's list port and dscp inheritance was not
                        properly implemented. [RT #37792]

4010.   [cleanup]       Clear the prefetchable state when initiating a
                        prefetch. [RT #37399]

4009.   [func]          delv: added a +tcp option. [RT #37855]

4008.   [contrib]       Updated zkt to latest version (1.1.3). [RT #37886]

4007.   [doc]           Remove acl forward reference restriction. [RT #37772]

4006.   [security]      A flaw in delegation handling could be exploited
                        to put named into an infinite loop.  This has
                        been addressed by placing limits on the number
                        of levels of recursion named will allow (default 7),
                        and the number of iterative queries that it will
                        send (default 50) before terminating a recursive
                        query (CVE-2014-8500).

                        The recursion depth limit is configured via the
                        "max-recursion-depth" option, and the query limit
                        via the "max-recursion-queries" option.  [RT #37580]

4005.   [func]          The buffer used for returning text from rndc
                        commands is now dynamically resizable, allowing
                        arbitrarily large amounts of text to be sent back
                        to the client. (Prior to this change, it was
                        possible for the output of "rndc tsig-list" to be
                        truncated.) [RT #37731]

4004.   [bug]           When delegations had AAAA glue but not A, a
                        reference could be leaked causing an assertion
                        failure on shutdown. [RT #37796]

4003.   [security]      When geoip-directory was reconfigured during
                        named run-time, the previously loaded GeoIP
                        data could remain, potentially causing wrong
                        ACLs to be used or wrong results to be served
                        based on geolocation (CVE-2014-8680). [RT #37720]

4002.   [security]      Lookups in GeoIP databases that were not
                        loaded could cause an assertion failure
                        (CVE-2014-8680). [RT #37679]

4001.   [security]      The caching of GeoIP lookups did not always
                        handle address families correctly, potentially
                        resulting in an assertion failure (CVE-2014-8680).
                        [RT #37672]

4000.   [bug]           NXDOMAIN redirection incorrectly handled NXRRSET
                        from the redirect zone. [RT #37722]
3999.   [func]          "mkeys" and "nzf" files are now named after
                        their corresponding views, unless the view name
                        contains characters that would be incompatible
                        with use in a filename (i.e., slash, backslash,
                        or capital letters). If a view name does contain
                        these characters, the files will still be named
                        using a cryptographic hash of the view name.
                        Regardless of this, if a file using the old name
                        format is found to exist, it will continue to be
                        used. [RT #37704]

3998.   [bug]           isc_radix_search was returning matches that were
                        too precise. [RT #37680]

3997.   [protocol]      Add OPENGPGKEY record. [RT# 37671]

3996.   [bug]           Address use after free on out of memory error in
                        keyring_add. [RT #37639]

3995.   [bug]           receive_secure_serial holds the zone lock for too
                        long. [RT #37626]

3994.   [func]          Dig now supports setting the last unassigned DNS
                        header flag bit (dig +zflag). [RT #37421]

3993.   [func]          Dig now supports EDNS negotiation by default.
                        (dig +[no]ednsnegotiation).

                        Note:  This is disabled by default in BIND 9.10
                        and enabled by default in BIND 9.11.  [RT #37604]

3992.   [func]          DiG can now send queries without questions
                        (dig +header-only). [RT #37599]

3991.   [func]          Add the ability to buffer logging output by specifying
                        "buffered yes;" when defining a channel. [RT #26561]

3990.   [test]          Add tests for unknown DNSSEC algorithm handling.
                        [RT #37541]

3989.   [cleanup]       Remove redundant dns_db_resigned calls. [RT #35748]

3988.   [func]          Allow the zone serial of a dynamically updatable
                        zone to be updated via "rndc signing -serial".
                        [RT #37404]

3987.   [port]          Handle future Visual Studio 14 incompatible changes.
                        [RT #37380]

3986.   [doc]           Add the BIND version number to page footers
                        in the ARM. [RT #37398]

3985.   [doc]           Describe how +ndots and +search interact in dig.
                        [RT #37529]

3984.   [func]          Accept 256 byte long PINs in native PKCS#11
                        crypto. [RT #37410]

3983.   [bug]           Change #3940 was incomplete: negative trust anchors
                        could be set to last up to a week, but the
                        "nta-lifetime" and "nta-recheck" options were
                        still limited to one day. [RT #37522]

3982.   [doc]           Include release notes in product documentation.
                        [RT #37272]

3981.   [bug]           Cache DS/NXDOMAIN independently of other query types.
                        [RT #37467]

3980.   [bug]           Improve --with-tuning=large by self tuning of SO_RCVBUF
                        size. [RT #37187]

3979.   [bug]           Negative trust anchor fetches were not properly
                        managed. [RT #37488]

3978.   [test]          Added a unit test for Diffie-Hellman key
                        computation, completing change #3974. [RT #37477]

3977.   [cleanup]       "rndc secroots" reported a "not found" error when
                        there were no negative trust anchors set. [RT #37506]

3976.   [bug]           When refreshing managed-key trust anchors, clear
                        any cached trust so that they will always be
                        revalidated with the current set of secure
                        roots. [RT #37506]

3975.   [bug]           Don't populate or use the bad cache for queries that
                        don't request or use recursion. [RT #37466]

3974.   [bug]           Handle DH_compute_key() failure correctly in
                        openssldh_link.c. [RT #37477]

3973.   [test]          Added hooks for Google Performance Tools CPU profiler,
                        including real-time/wall-clock profiling. Use
                        "configure --with-gperftools-profiler" to enable.
                        [RT #37339]

3972.   [bug]           Fix host's usage statement. [RT #37397]

3971.   [bug]           Reduce the cascading failures due to a bad $TTL line
                        in named-checkconf / named-checkzone. [RT #37138]

3970.   [contrib]       Fixed a use after free bug in the SDB LDAP driver.
                        [RT #37237]

3969.   [test]          Added 'delv' system test. [RT #36901]

3968.   [bug]           Silence spurious log messages when using 'named -[46]'.
                        [RT #37308]

3967.   [test]          Add test for inlined signed zone in multiple views
                        with different DNSKEY sets. [RT #35759]

3966.   [bug]           Missing dns_db_closeversion call in receive_secure_db.
                        [RT #35746]

3965.   [func]          Log outgoing packets and improve packet logging to
                        support logging the remote address. [RT #36624]

3964.   [func]          nsupdate now performs check-names processing.
                        [RT #36266]

3963.   [test]          Added NXRRSET test cases to the "dlzexternal"
                        system test. [RT #37344]

3962.   [bug]           'dig +topdown +trace +sigchase' address unhandled error
                        conditions. [RT #34663]

3961.   [bug]           Forwarding of SIG(0) signed UPDATE messages failed with
                        BADSIG.  [RT #37216]

3960.   [bug]           'dig +sigchase' could loop forever. [RT #37220]

3959.   [bug]           Updates could be lost if they arrived immediately
                        after a rndc thaw. [RT #37233]

3958.   [bug]           Detect when writeable files have multiple references
                        in named.conf. [RT #37172]

3957.   [bug]           "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256
                        and ECDSAP384SHA384. [RT #37183]

3956.   [func]          Notify messages are now rate limited by notify-rate and
                        startup-notify-rate instead of serial-query-rate.
                        [RT #24454]

3955.   [bug]           Notify messages due to changes are no longer queued
                        behind startup notify messages. [RT #24454]

3954.   [bug]           Unchecked mutex init in dlz_dlopen_driver.c [RT #37112]

3953.   [bug]           Don't escape semi-colon in TXT fields. [RT #37159]

3952.   [bug]           dns_name_fullcompare failed to set *nlabelsp when the
                        two name pointers were the same. [RT #37176]

3951.   [func]          Add the ability to set yet-to-be-defined EDNS flags
                        to dig (+ednsflags=#). [RT #37142]

3950.   [port]          Changed the bin/python Makefile to work around a
                        bmake bug in FreeBSD 10 and NetBSD 6. [RT #36993]

3949.   [experimental]  Experimental support for draft-andrews-edns1 by sending
                        EDNS(1) queries (define DRAFT_ANDREWS_EDNS1 when
                        building).  Add support for limiting the EDNS version
                        advertised to servers: server { edns-version 0; };
                        Log the EDNS version received in the query log.
                        [RT #35864]

3948.   [port]          solaris: RCVBUFSIZE was too large on Solaris with
                        --with-tuning=large. [RT #37059]

3947.   [cleanup]       Set the executable bit on libraries when using
                        libtool. [RT #36786]

3946.   [cleanup]       Improved "configure" search for a python interpreter.
                        [RT #36992]

3945.   [bug]           Invalid wildcard expansions could be incorrectly
                        accepted by the validator. [RT #37093]

3944.   [test]          Added a regression test for "server-id". [RT #37057]

3943.   [func]          SERVFAIL responses can now be cached for a
                        limited time (configured by "servfail-ttl",
                        default 10 seconds, limit 30). This can reduce
                        the frequency of retries when an authoritative
                        server is known to be failing, e.g., due to
                        ongoing DNSSEC validation problems. [RT #21347]

3942.   [bug]           Wildcard responses from a optout range should be
                        marked as insecure. [RT #37072]

3941.   [doc]           Include the BIND version number in the ARM. [RT #37067]

3940.   [func]          "rndc nta" now allows negative trust anchors to be
                        set for up to one week. [RT #37069]

3939.   [func]          Improve UPDATE forwarding performance by allowing TCP
                        connections to be shared. [RT #37039]

3938.   [func]          Added quotas to be used in recursive resolvers
                        that are under high query load for names in zones
                        whose authoritative servers are nonresponsive or
                        are experiencing a denial of service attack.

                        - "fetches-per-server" limits the number of
                          simultaneous queries that can be sent to any
                          single authoritative server.  The configured
                          value is a starting point; it is automatically
                          adjusted downward if the server is partially or
                          completely non-responsive. The algorithm used to
                          adjust the quota can be configured via the
                          "fetch-quota-params" option.
                        - "fetches-per-zone" limits the number of
                          simultaneous queries that can be sent for names
                          within a single domain.  (Note: Unlike
                          "fetches-per-server", this value is not
                          self-tuning.)
                        - New stats counters have been added to count
                          queries spilled due to these quotas.

                        See the ARM for details of these options. [RT #37125]

3937.   [func]          Added some debug logging to better indicate the
                        conditions causing SERVFAILs when resolving.
                        [RT #35538]

3936.   [func]          Added authoritative support for the EDNS Client
                        Subnet (ECS) option.

                        ACLs can now include "ecs" elements which specify
                        an address or network prefix; if an ECS option is
                        included in a DNS query, then the address encoded
                        in the option will be matched against "ecs" ACL
                        elements.

                        Also, if an ECS address is included in a query,
                        then it will be used instead of the client source
                        address when matching "geoip" ACL elements.  This
                        behavior can be overridden with "geoip-use-ecs no;".
                        (Note: to enable "geoip" ACLs, use "configure
                        --with-geoip". This requires libGeoIP version
                        1.5.0 or higher.)

                        When "ecs" or "geoip" ACL elements are used to
                        select a view for a query, the response will include
                        an ECS option to indicate which client network the
                        answer is valid for.

                        (Thanks to Vincent Bernat.) [RT #36781]

3935.   [bug]           "geoip asnum" ACL elements would not match unless
                        the full organization name was specified.  They
                        can now match against the AS number alone (e.g.,
                        AS1234). [RT #36945]

3934.   [bug]           Catch bad 'sit-secret' in named-checkconf.  Improve
                        sit-secret documentation. [RT #36980]

3933.   [bug]           Corrected the implementation of dns_rdata_casecompare()
                        for the HIP rdata type.  [RT #36911]

3932.   [test]          Improved named-checkconf tests. [RT #36911]

3931.   [cleanup]       Cleanup how dlz grammar is defined. [RT #36879]

3930.   [bug]           "rndc nta -r" could cause a server hang if the
                        NTA was not found. [RT #36909]

3929.   [bug]           'host -a' needed to clear idnoptions. [RT #36963]

3928.   [test]          Improve rndc system test. [RT #36898]

3927.   [bug]           dig: report PKCS#11 error codes correctly when
                        compiled with --enable-native-pkcs11. [RT #36956]

3926.   [doc]           Added doc for geoip-directory. [RT #36877]

3925.   [bug]           DS lookup of RFC 1918 empty zones failed. [RT #36917]

3924.   [bug]           Improve 'rndc addzone' error reporting. [RT #35187]

3923.   [bug]           Sanity check the xml2-config output. [RT #22246]

3922.   [bug]           When resigning, dnssec-signzone was removing
                        all signatures from delegation nodes. It now
                        retains DS and (if applicable) NSEC signatures.
                        [RT #36946]

3921.   [bug]           AD was inappropriately set on RPZ responses. [RT #36833]

3920.   [doc]           Added doc for masterfile-style. [RT #36823]

3919.   [bug]           dig: continue to next line if a address lookup fails
                        in batch mode. [RT #36755]

3918.   [doc]           Update check-spf documentation. [RT #36910]

3917.   [bug]           dig, nslookup and host now continue on names that are
                        too long after applying a search list elements.
                        [RT #36892]

3916.   [contrib]       zone2sqlite checked wrong result code.  Address
                        compiler warnings. [RT #36931]

3915.   [bug]           Address a assertion if a route event arrived while
                        shutting down. [RT #36887]

3914.   [bug]           Allow the URI target and CAA value fields to
                        be zero length. [RT #36737]

3913.   [bug]           Address race issue in dispatch. [RT #36731]

3912.   [bug]           Address some unrecoverable lookup failures. [RT #36330]

3911.   [func]          Implement EDNS EXPIRE option client side, allowing
                        a slave server to set the expiration timer correctly
                        when transferring zone data from another slave
                        server. [RT #35925]

3910.   [bug]           Fix races to free event during shutdown. [RT #36720]

3909.   [bug]           When computing the number of elements required for a
                        acl count_acl_elements could have a short count leading
                        to a assertion failure.  Also zero out new acl elements
                        in dns_acl_merge.  [RT #36675]

3908.   [bug]           rndc now differentiates between a zone in multiple
                        views and a zone that doesn't exist at all. [RT #36691]

3907.   [cleanup]       Alphabetize rndc help. [RT #36683]

3906.   [protocol]      Update URI record format to comply with
                        draft-faltstrom-uri-08. [RT #36642]

3905.   [bug]           Address deadlock between view.c and adb.c. [RT #36341]

3904.   [func]          Add the RPZ SOA to the additional section. [RT36507]

3903.   [bug]           Improve the accuracy of DiG's reported round trip
                        time. [RT 36611]

3902.   [bug]           liblwres wasn't handling link-local addresses in
                        nameserver clauses in resolv.conf. [RT #36039]

3901.   [protocol]      Added support for CAA record type (RFC 6844).
                        [RT #36625]

3900.   [bug]           Fix a crash in PostgreSQL DLZ driver. [RT #36637]

3899.   [bug]           "request-ixfr" is only applicable to slave and redirect
                        zones. [RT #36608]

3898.   [bug]           Too small a buffer in tohexstr() calls in test code.
                        [RT #36598]

3897.   [bug]           RPZ summary information was not properly being updated
                        after a AXFR resulting in changes sometimes being
                        ignored.  [RT #35885]

3896.   [bug]           Address performance issues with DSCP code on some
                        platforms. [RT #36534]

3895.   [func]          Add the ability to set the DSCP code point to dig.
                        [RT #36546]

3894.   [bug]           Buffers in isc_print_vsnprintf were not properly
                        initialized leading to potential overflows when
                        printing out quad values. [RT #36505]

3893.   [bug]           Peer DSCP values could be returned without being set.
                        [RT #36538]

3892.   [bug]           Setting '-t aaaa' in .digrc had unintended side
                        effects. [RT #36452]

3891.   [bug]           Use ${INSTALL_SCRIPT} rather than ${INSTALL_PROGRAM}
                        to install python programs.

3890.   [bug]           RRSIG sets that were not loaded in a single transaction
                        at start up where not being correctly added to
                        re-signing heaps.  [RT #36302]

3889.   [port]          hurd: configure fixes as per:
                        https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746540

3888.   [func]          'rndc status' now reports the number of automatic
                        zones. [RT #36015]

3887.   [cleanup]       Make all static symbols in rbtdb64 end in "64" so
                        they are easier to use in a debugger. [RT #36373]

3886.   [bug]           rbtdb_write_header should use a once to initialize
                        FILE_VERSION. [RT #36374]

3885.   [port]          Use 'open()' rather than 'file()' to open files in
                        python.

3884.   [protocol]      Add CDS and CDNSKEY record types. [RT #36333]

3883.   [placeholder]

3882.   [func]          By default, negative trust anchors will be tested
                        periodically to see whether data below them can be
                        validated, and if so, they will be allowed to
                        expire early. The "rndc nta -force" option
                        overrides this behavior.  The default NTA lifetime
                        and the recheck frequency can be configured by the
                        "nta-lifetime" and "nta-recheck" options. [RT #36146]

3881.   [bug]           Address memory leak with UPDATE error handling.
                        [RT #36303]

3880.   [test]          Update ans.pl to work with new TSIG support in
                        Net::DNS; add additional Net::DNS version prerequisite
                        checks. [RT #36327]

3879.   [func]          Add version printing option to various BIND utilities.
                        [RT #10686]

3878.   [bug]           Using the incorrect filename for a DLZ module
                        caused a segmentation fault on startup. [RT #36286]

3877.   [bug]           Inserting and deleting parent and child nodes
                        in response policy zones could trigger an assertion
                        failure. [RT #36272]

3876.   [bug]           Improve efficiency of DLZ redirect zones by
                        suppressing unnecessary database lookups. [RT #35835]

3875.   [cleanup]       Clarify log message when unable to read private
                        key files. [RT #24702]

3874.   [test]          Check that only "check-names master" is needed for
                        updates to be accepted.

3873.   [protocol]      Only warn for SPF without TXT spf record. [RT #36210]

3872.   [bug]           Address issues found by static analysis. [RT #36209]

3871.   [bug]           Don't publish an activated key automatically before
                        its publish time. [RT #35063]

3870.   [func]          Updated the random number generator used in
                        the resolver to use the updated ChaCha based one
                        (similar to OpenBSD's changes). Also moved the
                        RNG to libisc and added unit tests for it.
                        [RT #35942]

3869.   [doc]           Document that in-view zones cannot be used for
                        response policy zones. [RT #35941]

3868.   [bug]           isc_mem_setwater incorrectly cleared hi_called
                        potentially leaving over memory cleaner running.
                        [RT #35270]

3867.   [func]          "rndc nta" can now be used to set a temporary
                        negative trust anchor, which disables DNSSEC
                        validation below a specified name for a specified
                        period of time (not exceeding 24 hours).  This
                        can be used when validation for a domain is known
                        to be failing due to a configuration error on
                        the part of the domain owner rather than a
                        spoofing attack. [RT #29358]

3866.   [bug]           Named could die on disk full in generate_session_key.
                        [RT #36119]

3865.   [test]          Improved testability of the red-black tree
                        implementation and added unit tests. [RT #35904]

3864.   [bug]           RPZ didn't work well when being used as forwarder.
                        [RT #36060]

3863.   [bug]           The "E" flag was missing from the query log as a
                        unintended side effect of code rearrangement to
                        support EDNS EXPIRE. [RT #36117]

3862.   [cleanup]       Return immediately if we are not going to log the
                        message in ns_client_dumpmessage.

3861.   [security]      Missing isc_buffer_availablelength check results
                        in a REQUIRE assertion when printing out a packet
                        (CVE-2014-3859).  [RT #36078]

3860.   [bug]           ioctl(DP_POLL) array size needs to be determined
                        at run time as it is limited to {OPEN_MAX}.
                        [RT #35878]

3859.   [placeholder]

3858.   [bug]           Disable GCC 4.9 "delete null pointer check".
                        [RT #35968]

3857.   [bug]           Make it harder for a incorrect NOEDNS classification
                        to be made. [RT #36020]

3856.   [bug]           Configuring libjson without also configuring libxml
                        resulted in a REQUIRE assertion when retrieving
                        statistics using json. [RT #36009]

3855.   [bug]           Limit smoothed round trip time aging to no more than
                        once a second. [RT #32909]

3854.   [cleanup]       Report unrecognized options, if any, in the final
                        configure summary. [RT #36014]

3853.   [cleanup]       Refactor dns_rdataslab_fromrdataset to separate out
                        the handling of a rdataset with no records. [RT #35968]

3852.   [func]          Increase the default number of clients available
                        for servicing lightweight resolver queries, and
                        make them configurable via the "lwres-tasks" and
                        "lwres-clients" options.  (Thanks to Tomas Hozza.)
                        [RT #35857]

3851.   [func]          Allow libseccomp based system-call filtering
                        on Linux; use "configure --enable-seccomp" to
                        turn it on.  Thanks to Loganaden Velvindron
                        of AFRINIC for the contribution. [RT #35347]

3850.   [bug]           Disabling forwarding could trigger a REQUIRE assertion.
                        [RT #35979]

3849.   [doc]           Alphabetized dig's +options. [RT #35992]

3848.   [bug]           Adjust 'statistics-channels specified but not effective'
                        error message to account for JSON support. [RT #36008]

3847.   [bug]           'configure --with-dlz-postgres' failed to fail when
                        there is not support available.

3846.   [bug]           "dig +notcp ixfr=<serial>" should result in a UDP
                        ixfr query. [RT #35980]

3845.   [placeholder]

3844.   [bug]           Use the x64 version of the Microsoft Visual C++
                        Redistributable when built for 64 bit Windows.
                        [RT #35973]

3843.   [protocol]      Check EDNS EXPIRE option in dns_rdata_fromwire.
                        [RT #35969]

3842.   [bug]           Adjust RRL log-only logging category. [RT #35945]

3841.   [cleanup]       Refactor zone.c:add_opt to use dns_message_buildopt.
                        [RT #35924]

3840.   [port]          Check for arc4random_addrandom() before using it;
                        it's been removed from OpenBSD 5.5. [RT #35907]

3839.   [test]          Use only posix-compatible shell in system tests.
                        [RT #35625]

3838.   [protocol]      EDNS EXPIRE as been assigned a code point of 9.

3837.   [security]      A NULL pointer is passed to query_prefetch resulting
                        a REQUIRE assertion failure when a fetch is actually
                        initiated (CVE-2014-3214).  [RT #35899]

3836.   [bug]           Address C++ keyword usage in header file.

3835.   [bug]           Geoip ACL elements didn't work correctly when
                        referenced via named or nested ACLs. [RT #35879]

3834.   [bug]           The re-signing heaps were not being updated soon enough
                        leading to multiple re-generations of the same RRSIG
                        when a zone transfer was in progress. [RT #35273]

3833.   [bug]           Cross compiling was broken due to calling genrandom at
                        build time. [RT #35869]

3832.   [func]          "named -L <filename>" causes named to send log
                        messages to the specified file by default instead
                        of to the system log. (Thanks to Tony Finch.)
                        [RT #35845]

3831.   [cleanup]       Reduce logging noise when EDNS state changes occur.
                        [RT #35843]

3830.   [func]          When query logging is enabled, log query errors at
                        the same level ('info') as the queries themselves.
                        [RT #35844]

3829.   [func]          "dig +ttlunits" causes dig to print TTL values
                        with time-unit suffixes: w, d, h, m, s for
                        weeks, days, hours, minutes, and seconds. (Thanks
                        to Tony Finch.) [RT #35823]

3828.   [func]          "dnssec-signzone -N date" updates serial number
                        to the current date in YYYYMMDDNN format.
                        [RT #35800]

3827.   [placeholder]

3826.   [bug]           Corrected bad INSIST logic in isc_radix_remove().
                        [RT #35870]

3825.   [bug]           Address sign extension bug in isc_regex_validate.
                        [RT #35758]

3824.   [bug]           A collision between two flag values could cause
                        problems with cache cleaning when SIT was enabled.
                        [RT #35858]

3823.   [func]          Log the rpz cname target when rewriting. [RT #35667]

3822.   [bug]           Log the correct type of static-stub zones when
                        removing them. [RT #35842]

3821.   [contrib]       Added a new "mysqldyn" DLZ module with dynamic
                        update and transaction support. Thanks to Marty
                        Lee for the contribution. [RT #35656]

3820.   [func]          The DLZ API doesn't pass the database version to
                        the lookup() function; this can cause DLZ modules
                        that allow dynamic updates to mishandle prerequisite
                        checks. This has been corrected by adding a
                        'dbversion' field to the dns_clientinfo_t
                        structure. [RT #35656]

3819.   [bug]           NSEC3 hashes need to be able to be entered and
                        displayed without padding.  This is not a issue for
                        currently defined algorithms but may be for future
                        hash algorithms. [RT #27925]

3818.   [bug]           Stop lying to the optimizer that 'void *arg' is a
                        constant in isc_event_allocate.

3817.   [func]          The "delve" command is now spelled "delv" to avoid
                        a namespace collision with the Xapian project.
                        [RT #35801]

3816.   [func]          "dig +qr" now reports query size. (Thanks to
                        Tony Finch.) [RT #35822]

3815.   [doc]           Clarify "nsupdate -y" usage in man page. [RT #35808]

3814.   [func]          The "masterfile-style" zone option controls the
                        formatting of dumped zone files. Options are
                        "relative" (multiline format) and "full" (one
                        record per line). The default is "relative".
                        [RT #20798]

3813.   [func]          "host" now recognizes the "timeout", "attempts" and
                        "debug" options when set in /etc/resolv.conf.
                        (Thanks to Adam Tkac at RedHat.) [RT #21885]

3812.   [func]          Dig now supports sending arbitrary EDNS options from
                        the command line (+ednsopt=code[:value]). [RT #35584]

3811.   [func]          "serial-update-method date;" sets serial number
                        on dynamic update to today's date in YYYYMMDDNN
                        format. (Thanks to Bradley Forschinger.) [RT #24903]

3810.   [bug]           Work around broken nameservers that fail to ignore
                        unknown EDNS options. [RT #35766]

3809.   [doc]           Fix SIT and NSID documentation.

3808.   [doc]           Clean up "prefetch" documentation. [RT #35751]

3807.   [bug]           Fix sign extension bug in dns_name_fromtext when
                        lowercase is set. [RT #35743]

3806.   [test]          Improved system test portability. [RT #35625]

3805.   [contrib]       Added contrib/perftcpdns, a performance testing tool
                        for DNS over TCP. [RT #35710]
        --- 9.10.0rc1 released ---

3804.   [bug]           Corrected a race condition in dispatch.c in which
                        portentry could be reset leading to an assertion
                        failure in socket_search(). (Change #3708
                        addressed the same issue but was incomplete.)
                        [RT #35128]

3803.   [bug]           "named-checkconf -z" incorrectly rejected zones
                        using alternate data sources for not having a "file"
                        option. [RT #35685]

3802.   [bug]           Various header files were not being installed.

3801.   [port]          Fix probing for gssapi support on FreeBSD. [RT #35615]

3800.   [bug]           A pending event on the route socket could cause an
                        assertion failure when shutting down named. [RT #35674]

3799.   [bug]           Improve named's command line error reporting.
                        [RT #35603]

3798.   [bug]           'rndc zonestatus' was reporting the wrong re-signing
                        time. [RT #35659]

3797.   [port]          netbsd: geoip support probing was broken. [RT #35642]

3796.   [bug]           Register dns and pkcs#11 error codes. [RT #35629]

3795.   [bug]           Make named-checkconf detect raw masterfiles for
                        hint zones and reject them. [RT #35268]

3794.   [maint]         Added AAAA for C.ROOT-SERVERS.NET.

3793.   [bug]           zone.c:save_nsec3param() could assert when out of
                        memory. [RT #35621]

3792.   [func]          Provide links to the alternate statistics views when
                        displaying in a browser.  [RT #35605]

3791.   [placeholder]

3790.   [bug]           Handle broken nameservers that send BADVERS in
                        response to unknown EDNS options.  Maintain
                        statistics on BADVERS responses.

3789.   [bug]           Null pointer dereference on rbt creation failure.

3788.   [bug]           dns_peer_getrequestsit was returning request_nsid by
                        mistake.
        --- 9.10.0b2 released ---

3787.   [bug]           The code that checks whether "auto-dnssec" is
                        allowed was ignoring "allow-update" ACLs set at
                        the options or view level. [RT #29536]

3786.   [func]          Provide more detailed error codes when using
                        native PKCS#11. "pkcs11-tokens" now fails robustly
                        rather than asserting when run against an HSM with
                        an incomplete PKCS#11 API implementation. [RT #35479]

3785.   [bug]           Debugging code dumphex didn't accept arbitrarily long
                        input (only compiled with -DDEBUG). [RT #35544]

3784.   [bug]           Using "rrset-order fixed" when it had not been
                        enabled at compile time caused inconsistent
                        results. It now works as documented, defaulting
                        to cyclic mode. [RT #28104]

3783.   [func]          "tsig-keygen" is now available as an alternate
                        command name for "ddns-confgen".  It generates
                        a TSIG key in named.conf format without comments.
                        [RT #35503]

3782.   [func]          Specifying "auto" as the salt when using
                        "rndc signing -nsec3param" causes named to
                        generate a 64-bit salt at random. [RT #35322]

3781.   [tuning]        Use adaptive mutex locks when available; this
                        has been found to improve performance under load
                        on many systems. "configure --with-locktype=standard"
                        restores conventional mutex locks. [RT #32576]

3780.   [bug]           $GENERATE handled negative numbers incorrectly.
                        [RT #25528]

3779.   [cleanup]       Clarify the error message when using an option
                        that was not enabled at compile time. [RT #35504]

3778.   [bug]           Log a warning when the wrong address family is
                        used in "listen-on" or "listen-on-v6". [RT #17848]

3777.   [bug]           EDNS EXPIRE code could dump core when processing
                        DLZ queries. [RT #35493]

3776.   [func]          "rndc -q" suppresses output from successful
                        rndc commands. Errors are printed on stderr.
                        [RT #21393]

3775.   [bug]           dlz_dlopen driver could return the wrong error
                        code on API version mismatch, leading to a segfault.
                        [RT #35495]

3774.   [func]          When using "request-nsid", log the NSID value in
                        printable form as well as hex. [RT #20864]

3773.   [func]          "host", "nslookup" and "nsupdate" now have
                        options to print the version number and exit.
                        [RT #26057]

3772.   [contrib]       Added sqlite3 dynamically-loadable DLZ module.
                        (Based in part on a contribution from Tim Tessier.)
                        [RT #20822]

3771.   [cleanup]       Adjusted log level for "using built-in key"
                        messages. [RT #24383]

3770.   [bug]           "dig +trace" could fail with an assertion when it
                        needed to fall back to TCP due to a truncated
                        response. [RT #24660]

3769.   [doc]           Improved documentation of "rndc signing -list".
                        [RT #30652]

3768.   [bug]           "dnssec-checkds" was missing the SHA-384 digest
                        algorithm. [RT #34000]

3767.   [func]          Log explicitly when using rndc.key to configure
                        command channel. [RT #35316]

3766.   [cleanup]       Fixed problems with building outside the source
                        tree when using native PKCS#11. [RT #35459]

3765.   [bug]           Fixed a bug in "rndc secroots" that could crash
                        named when dumping an empty keynode. [RT #35469]

3764.   [bug]           The dnssec-keygen/settime -S and -i options
                        (to set up a successor key and set the prepublication
                        interval) were missing from dnssec-keyfromlabel.
                        [RT #35394]

3763.   [bug]           delve: Cache DNSSEC records to avoid the need to
                        re-fetch them when restarting validation. [RT #35476]

3762.   [bug]           Address build problems with --pkcs11-native +
                        --with-openssl with ECDSA support. [RT #35467]

3761.   [bug]           Address dangling reference bug in dns_keytable_add.
                        [RT #35471]

3760.   [bug]           Improve SIT with native PKCS#11 and on Windows.
                        [RT #35433]

3759.   [port]          Enable delve on Windows. [RT #35441]

3758.   [port]          Enable export library APIs on Windows. [RT #35382]

3757.   [port]          Enable Python tools (dnssec-coverage,
                        dnssec-checkds) to run on Windows. [RT #34355]

3756.   [bug]           GSSAPI Kerberos realm checking was broken in
                        check_config leading to spurious messages being
                        logged.  [RT #35443]
        --- 9.10.0b1 released ---

3755.   [func]          Add stats counters for known EDNS options + others.
                        [RT #35447]

3754.   [cleanup]       win32: Installer now places files in the
                        Program Files area rather than system services.
                        [RT #35361]

3753.   [bug]           allow-notify was ignoring keys. [RT #35425]

3752.   [bug]           Address potential REQUIRE failure if
                        DNS_STYLEFLAG_COMMENTDATA is set when printing out
                        a rdataset.

3751.   [tuning]        The default setting for the -U option (setting
                        the number of UDP listeners per interface) has
                        been adjusted to improve performance. [RT #35417]

3750.   [experimental]  Partially implement EDNS EXPIRE option as described
                        in draft-andrews-dnsext-expire-00.  Retrieval of
                        the remaining time until expiry for slave zones
                        is supported.

                        EXPIRE uses an experimental option code (65002),
                        which is subject to change. [RT #35416]

3749.   [func]          "dig +subnet" sends an EDNS client subnet option
                        containing the specified address/prefix when
                        querying. (Thanks to Wilmer van der Gaast.)
                        [RT #35415]

3748.   [test]          Use delve to test dns_client interfaces. [RT #35383]

3747.   [bug]           A race condition could lead to a core dump when
                        destroying a resolver fetch object. [RT #35385]

3746.   [func]          New "max-zone-ttl" option enforces maximum
                        TTLs for zones. If loading a zone containing a
                        higher TTL, the load fails. DDNS updates with
                        higher TTLs are accepted but the TTL is truncated.
                        (Note: Currently supported for master zones only;
                        inline-signing slaves will be added.) [RT #38405]

3745.   [func]          "configure --with-tuning=large" adjusts various
                        compiled-in constants and default settings to
                        values suited to large servers with abundant
                        memory. [RT #29538]

3744.   [experimental]  SIT: send and process Source Identity Tokens
                        (similar to DNS Cookies by Donald Eastlake 3rd),
                        which are designed to help clients detect off-path
                        spoofed responses and for servers to identify
                        legitimate clients.

                        SIT uses an experimental EDNS option code (65001),
                        which will be changed to an IANA-assigned value
                        if the experiment is deemed a success.

                        SIT can be enabled via "configure --enable-sit" (or
                        --enable-developer). It is enabled by default in
                        Windows.

                        Servers can be configured to send smaller responses
                        to clients that have not identified themselves via
                        SIT.  RRL processing has also been updated;
                        legitimate clients are not subject to rate
                        limiting. [RT #35389]

3743.   [bug]           delegation-only flag wasn't working in forward zone
                        declarations despite being documented.  This is
                        needed to support turning off forwarding and turning
                        on delegation only at the same name.  [RT #35392]

3742.   [port]          linux: libcap support: declare curval at start of
                        block. [RT #35387]

3741.   [func]          "delve" (domain entity lookup and validation engine):
                        A new tool with dig-like semantics for performing DNS
                        lookups, with internal DNSSEC validation, using the
                        same resolver and validator logic as named. This
                        allows easy validation of DNSSEC data in environments
                        with untrustworthy resolvers, and assists with
                        troubleshooting of DNSSEC problems. [RT #32406]

3740.   [contrib]       Minor fixes to configure --with-dlz-bdb,
                        --with-dlz-postgres and --with-dlz-odbc. [RT #35340]

3739.   [func]          Added per-zone stats counters to track TCP and
                        UDP queries. [RT #35375]

3738.   [bug]           --enable-openssl-hash failed to build. [RT #35343]

3737.   [bug]           'rndc retransfer' could trigger a assertion failure
                        with inline zones. [RT #35353]

3736.   [bug]           nsupdate: When specifying a server by name,
                        fall back to alternate addresses if the first
                        address for that name is not reachable. [RT #25784]

3735.   [cleanup]       Merged the libiscpk11 library into libisc
                        to simplify dependencies. [RT #35205]

3734.   [bug]           Improve building with libtool. [RT #35314]

3733.   [func]          Improve interface scanning support.  Interface
                        information will be automatically updated if the
                        OS supports routing sockets (MacOS, *BSD, Linux).
                        Use "automatic-interface-scan no;" to disable.

                        Add "rndc scan" to trigger a scan. [RT #23027]

3732.   [contrib]       Fixed a type mismatch causing the ODBC DLZ
                        driver to dump core on 64-bit systems. [RT #35324]

3731.   [func]          Added a "no-case-compress" ACL, which causes
                        named to use case-insensitive compression
                        (disabling change #3645) for specified
                        clients. (This is useful when dealing
                        with broken client implementations that
                        use case-sensitive name comparisons,
                        rejecting responses that fail to match the
                        capitalization of the query that was sent.)
                        [RT #35300]

3730.   [cleanup]       Added "never" as a synonym for "none" when
                        configuring key event dates in the dnssec tools.
                        [RT #35277]

3729.   [bug]           dnssec-keygen could set the publication date
                        incorrectly when only the activation date was
                        specified on the command line. [RT #35278]

3728.   [doc]           Expanded native-PKCS#11 documentation,
                        specifically pkcs11: URI labels. [RT #35287]

3727.   [func]          The isc_bitstring API is no longer used and
                        has been removed from libisc. [RT #35284]

3726.   [cleanup]       Clarified the error message when attempting
                        to configure more than 32 response-policy zones.
                        [RT #35283]

3725.   [contrib]       Updated zkt and nslint to newest versions,
                        cleaned up and rearranged the contrib
                        directory, and added a README.
        --- 9.10.0a2 released ---

3724.   [bug]           win32: Fixed a bug that prevented dig and
                        host from exiting properly after completing
                        a UDP query. [RT #35288]

3723.   [cleanup]       Imported keys are now handled the same way
                        regardless of DNSSEC algorithm. [RT #35215]

3722.   [bug]           Using geoip ACLs in a blackhole statement
                        could cause a segfault. [RT #35272]

3721.   [doc]           Improved documentation of the EDNS processing
                        enhancements introduced in change #3593. [RT #35275]

3720.   [bug]           Address compiler warnings. [RT #35261]

3719.   [bug]           Address memory leak in in peer.c. [RT #35255]

3718.   [bug]           A missing ISC_LINK_INIT in log.c. [RT #35260]

3717.   [port]          hpux: Treat EOPNOTSUPP as a expected error code when
                        probing to see if it is possible to set dscp values
                        on a per packet basis. [RT #35252]

3716.   [bug]           The dns_request code was setting dcsp values when not
                        requested.  [RT #35252]

3715.   [bug]           The region and city databases could fail to
                        initialize when using some versions of libGeoIP,
                        causing assertion failures when named was
                        configured to use them. [RT #35427]

3714.   [test]          System tests that need to test for cryptography
                        support before running can now use a common
                        "testcrypto.sh" script to do so. [RT #35213]

3713.   [bug]           Save memory by not storing "also-notify" addresses
                        in zone objects that are configured not to send
                        notify requests. [RT #35195]

3712.   [placeholder]

3711.   [placeholder]

3710.   [bug]           Address double dns_zone_detach when switching to
                        using automatic empty zones from regular zones.
                        [RT #35177]

3709.   [port]          Use built-in versions of strptime() and timegm()
                        on all platforms to avoid portability issues.
                        [RT #35183]

3708.   [bug]           Address a portentry locking issue in dispatch.c.
                        [RT #35128]

3707.   [bug]           irs_resconf_load now returns ISC_R_FILENOTFOUND
                        on a missing resolv.conf file and initializes the
                        structure as if it had been configured with:

                                nameserver ::1
                                nameserver 127.0.0.1

                        Note: Callers will need to be updated to treat
                        ISC_R_FILENOTFOUND as a qualified success or else
                        they will leak memory. The following code fragment
                        will work with both old and new versions without
                        changing the behaviour of the existing code.

                        resconf = NULL;
                        result = irs_resconf_load(mctx, "/etc/resolv.conf",
                                                  &resconf);
                        if (result != ISC_SUCCESS) {
                                if (resconf != NULL)
                                        irs_resconf_destroy(&resconf);
                                ....
                        }

                        [RT #35194]

3706.   [contrib]       queryperf: Fixed a possible integer overflow when
                        printing results. [RT #35182]

3705.   [func]          "configure --enable-native-pkcs11" enables BIND
                        to use the PKCS#11 API for all cryptographic
                        functions, so that it can drive a hardware service
                        module directly without the need to use a modified
                        OpenSSL as intermediary (so long as the HSM's vendor
                        provides a complete-enough implementation of the
                        PKCS#11 interface). This has been tested successfully
                        with the Thales nShield HSM and with SoftHSMv2 from
                        the OpenDNSSEC project. [RT #29031]

3704.   [protocol]      Accept integer timestamps in RRSIG records. [RT #35185]

3703.   [func]          To improve recursive resolver performance, cache
                        records which are still being requested by clients
                        can now be automatically refreshed from the
                        authoritative server before they expire, reducing
                        or eliminating the time window in which no answer
                        is available in the cache. See the "prefetch" option
                        for more details. [RT #35041]

3702.   [func]          'dnssec-coverage -l' option specifies a length
                        of time to check for coverage; events further into
                        the future are ignored.  'dnssec-coverage -z'
                        checks only ZSK events, and 'dnssec-coverage -k'
                        checks only KSK events.  (Thanks to Peter Palfrader.)
                        [RT #35168]

3701.   [func]          named-checkconf can now obscure shared secrets
                        when printing by specifying '-x'. [RT #34465]

3700.   [func]          Allow access to subgroups of XML statistics via
                        special URLs http://<server>:<port>/xml/v3/server,
                        /zones, /net, /tasks, /mem, and /status.  [RT #35115]

3699.   [bug]           Improvements to statistics channel XSL stylesheet:
                        the stylesheet can now be cached by the browser;
                        section headers are omitted from the stats display
                        when there is no data in those sections to be
                        displayed; counters are now right-justified for
                        easier readability. [RT #35117]

3698.   [cleanup]       Replaced all uses of memcpy() with memmove().
                        [RT #35120]

3697.   [bug]           Handle "." as a search list element when IDN support
                        is enabled. [RT #35133]

3696.   [bug]           dig failed to handle AXFR style IXFR responses which
                        span multiple messages. [RT #35137]

3695.   [bug]           Address a possible race in dispatch.c. [RT #35107]

3694.   [bug]           Warn when a key-directory is configured for a zone,
                        but does not exist or is not a directory. [RT #35108]

3693.   [security]      memcpy was incorrectly called with overlapping
                        ranges resulting in malformed names being generated
                        on some platforms.  This could cause INSIST failures
                        when serving NSEC3 signed zones (CVE-2014-0591).
                        [RT #35120]

3692.   [bug]           Two calls to dns_db_getoriginnode were fatal if there
                        was no data at the node. [RT #35080]

3691.   [contrib]       Address null pointer dereference in LDAP and
                        MySQL DLZ modules.

3690.   [bug]           Iterative responses could be missed when the source
                        port for an upstream query was the same as the
                        listener port (53). [RT #34925]

3689.   [bug]           Fixed a bug causing an insecure delegation from one
                        static-stub zone to another to fail with a broken
                        trust chain. [RT #35081]

3688.   [bug]           loadnode could return a freed node on out of memory.
                        [RT #35106]

3687.   [bug]           Address null pointer dereference in zone_xfrdone.
                        [RT #35042]

3686.   [func]          "dnssec-signzone -Q" drops signatures from keys
                        that are still published but no longer active.
                        [RT #34990]

3685.   [bug]           "rndc refresh" didn't work correctly with slave
                        zones using inline-signing. [RT #35105]

3684.   [bug]           The list of included files would grow on reload.
                        [RT 35090]

3683.   [cleanup]       Add a more detailed "not found" message to rndc
                        commands which specify a zone name. [RT #35059]

3682.   [bug]           Correct the behavior of rndc retransfer to allow
                        inline-signing slave zones to retain NSEC3 parameters
                        instead of reverting to NSEC. [RT #34745]

3681.   [port]          Update the Windows build system to support feature
                        selection and WIN64 builds.  This is a work in
                        progress. [RT #34160]

3680.   [bug]           Ensure buffer space is available in "rndc zonestatus".
                        [RT #35084]

3679.   [bug]           dig could fail to clean up TCP sockets still
                        waiting on connect(). [RT #35074]

3678.   [port]          Update config.guess and config.sub. [RT #35060]

3677.   [bug]           'nsupdate' leaked memory if 'realm' was used multiple
                        times.  [RT #35073]

3676.   [bug]           "named-checkconf -z" now checks zones of type
                        hint and redirect as well as master. [RT #35046]

3675.   [misc]          Provide a place for third parties to add version
                        information for their extensions in the version
                        file by setting the EXTENSIONS variable.
        --- 9.10.0a1 released ---

3674.   [bug]           RPZ zeroed ttls if the query type was '*'. [RT #35026]

3673.   [func]          New "in-view" zone option allows direct sharing
                        of zones between views. [RT #32968]

3672.   [func]          Local address can now be specified when using
                        dns_client API. [RT #34811]

3671.   [bug]           Don't allow dnssec-importkey overwrite a existing
                        non-imported private key.

3670.   [bug]           Address read after free in server side of
                        lwres_getrrsetbyname. [RT #29075]

3669.   [port]          freebsd: --with-gssapi needs -lhx509. [RT #35001]

3668.   [bug]           Fix cast in lex.c which could see 0xff treated as eof.
                        [RT #34993]

3667.   [test]          dig: add support to keep the TCP socket open between
                        successive queries (+[no]keepopen).  [RT #34918]

3666.   [func]          Add a tool, named-rrchecker, for checking the syntax
                        of individual resource records.  This tool is intended
                        to be called by provisioning systems so that the front
                        end does not need to be upgraded to support new DNS
                        record types. [RT #34778]

3665.   [bug]           Failure to release lock on error in receive_secure_db.
                        [RT #34944]

3664.   [bug]           Updated OpenSSL PKCS#11 patches to fix active list
                        locking and other bugs. [RT #34855]

3663.   [bug]           Address bugs in dns_rdata_fromstruct and
                        dns_rdata_tostruct for WKS and ISDN types. [RT #34910]

3662.   [bug]           'host' could die if a UDP query timed out. [RT #34870]

3661.   [bug]           Address lock order reversal deadlock with inline zones.
                        [RT #34856]

3660.   [cleanup]       Changed the name of "isc-config.sh" to "bind9-config".
                        [RT #23825]

3659.   [port]          solaris: don't add explicit dependencies/rules for
                        python programs as make won't use the implicit rules.
                        [RT #34835]

3658.   [port]          linux: Address platform specific compilation issue
                        when libcap-devel is installed. [RT #34838]

3657.   [port]          Some readline clones don't accept NULL pointers when
                        calling add_history. [RT #34842]

3656.   [security]      Treat an all zero netmask as invalid when generating
                        the localnets acl. (The prior behavior could
                        allow unexpected matches when using some versions
                        of Winsock: CVE-2013-6320.) [RT #34687]

3655.   [cleanup]       Simplify TCP message processing when requesting a
                        zone transfer.  [RT #34825]

3654.   [bug]           Address race condition with manual notify requests.
                        [RT #34806]

3653.   [func]          Create delegations for all "children" of empty zones
                        except "forward first". [RT #34826]

3652.   [bug]           Address bug with rpz-drop policy. [RT #34816]

3651.   [tuning]        Adjust when a master server is deemed unreachable.
                        [RT #27075]

3650.   [tuning]        Use separate rate limiting queues for refresh and
                        notify requests. [RT #30589]

3649.   [cleanup]       Include a comment in .nzf files, giving the name of
                        the associated view. [RT #34765]

3648.   [test]          Updated the ATF test framework to version 0.17.
                        [RT #25627]

3647.   [bug]           Address a race condition when shutting down a zone.
                        [RT #34750]

3646.   [bug]           Journal filename string could be set incorrectly,
                        causing garbage in log messages. [RT #34738]

3645.   [protocol]      Use case sensitive compression when responding to
                        queries. [RT #34737]

3644.   [protocol]      Check that EDNS subnet client options are well formed.
                        [RT #34718]

3643.   [doc]           Clarify RRL "slip" documentation.

3642.   [func]          Allow externally generated DNSKEY to be imported
                        into the DNSKEY management framework.  A new tool
                        dnssec-importkey is used to do this. [RT #34698]

3641.   [bug]           Handle changes to sig-validity-interval settings
                        better. [RT #34625]

3640.   [bug]           ndots was not being checked when searching.  Only
                        continue searching on NXDOMAIN responses.  Add the
                        ability to specify ndots to nslookup. [RT #34711]

3639.   [bug]           Treat type 65533 (KEYDATA) as opaque except when used
                        in a key zone. [RT #34238]

3638.   [cleanup]       Add the ability to handle ENOPROTOOPT in case it is
                        encountered. [RT #34668]

3637.   [bug]           'allow-query-on' was checking the source address
                        rather than the destination address. [RT #34590]

3636.   [bug]           Automatic empty zones now behave better with
                        forward only "zones" beneath them. [RT #34583]

3635.   [bug]           Signatures were not being removed from a zone with
                        only KSK keys for a algorithm. [RT #34439]

3634.   [func]          Report build-id in rndc status. Report build-id
                        when building from a git repository. [RT #20422]

3633.   [cleanup]       Refactor OPT processing in named to make it easier
                        to support new EDNS options. [RT #34414]

3632.   [bug]           Signature from newly inactive keys were not being
                        removed. [RT #32178]

3631.   [bug]           Remove spurious warning about missing signatures when
                        qtype is SIG. [RT #34600]

3630.   [bug]           Ensure correct ID computation for MD5 keys. [RT #33033]

3629.   [func]          Allow the printing of cryptographic fields in DNSSEC
                        records by dig to be suppressed (dig +nocrypto).
                        [RT #34534]

3628.   [func]          Report DNSKEY key id's when dumping the cache.
                        [RT #34533]

3627.   [bug]           RPZ changes were not effective on slaves. [RT #34450]

3626.   [func]          dig: NSID output now easier to read. [RT #21160]

3625.   [bug]           Don't send notify messages to machines outside of the
                        test setup.

3624.   [bug]           Look for 'json_object_new_int64' when looking for a
                        the json library. [RT #34449]

3623.   [placeholder]

3622.   [tuning]        Eliminate an unnecessary lock when incrementing
                        cache statistics. [RT #34339]

3621.   [security]      Incorrect bounds checking on private type 'keydata'
                        can lead to a remotely triggerable REQUIRE failure
                        (CVE-2013-4854). [RT #34238]

3620.   [func]          Added "rpz-client-ip" policy triggers, enabling
                        RPZ responses to be configured on the basis of
                        the client IP address; this can be used, for
                        example, to blacklist misbehaving recursive
                        or stub resolvers. [RT #33605]

3619.   [bug]           Fixed a bug in RPZ with "recursive-only no;"
                        [RT #33776]

3618.   [func]          "rndc reload" now checks modification times of
                        include files as well as master files to determine
                        whether to skip reloading a zone. [RT #33936]

3617.   [bug]           Named was failing to answer queries during
                        "rndc reload" [RT #34098]

3616.   [bug]           Change #3613 was incomplete. [RT #34177]

3615.   [cleanup]       "configure" now finishes by printing a summary
                        of optional BIND features and whether they are
                        active or inactive. ("configure --enable-full-report"
                        increases the verbosity of the summary.) [RT #31777]

3614.   [port]          Check for <linux/types.h>. [RT #34162]

3613.   [bug]           named could crash when deleting inline-signing
                        zones with "rndc delzone". [RT #34066]

3612.   [port]          Check whether to use -ljson or -ljson-c. [RT #34115]

3611.   [bug]           Improved resistance to a theoretical authentication
                        attack based on differential timing.  [RT #33939]

3610.   [cleanup]       win32: Some executables had been omitted from the
                        installer. [RT #34116]

3609.   [bug]           Corrected a possible deadlock in applications using
                        the export version of the isc_app API. [RT #33967]

3608.   [port]          win32: added todos.pl script to ensure all text files
                        the win32 build depends on are converted to DOS
                        newline format. [RT #22067]

3607.   [bug]           dnssec-keygen had broken 'Invalid keyfile' error
                        message. [RT #34045]

3606.   [func]          "rndc flushtree" now flushes matching
                        records in the address database and bad cache
                        as well as the DNS cache. (Previously only the
                        DNS cache was flushed.) [RT #33970]

3605.   [port]          win32: Addressed several compatibility issues
                        with newer versions of Visual Studio. [RT #33916]

3604.   [bug]           Fixed a compile-time error when building with
                        JSON but not XML. [RT #33959]

3603.   [bug]           Install <isc/stat.h>. [RT #33956]

3602.   [contrib]       Added DLZ Perl module, allowing Perl scripts to
                        integrate with named and serve DNS data.
                        (Contributed by John Eaglesham of Yahoo.)

3601.   [bug]           Added to PKCS#11 openssl patches a value len
                        attribute in DH derive key. [RT #33928]

3600.   [cleanup]       dig: Fixed a typo in the warning output when receiving
                        an oversized response. [RT #33910]

3599.   [tuning]        Check for pointer equivalence in name comparisons.
                        [RT #18125]

3598.   [cleanup]       Improved portability of map file code. [RT #33820]

3597.   [bug]           Ensure automatic-resigning heaps are reconstructed
                        when loading zones in map format. [RT #33381]

3596.   [port]          Updated win32 build documentation, added
                        dnssec-verify. [RT #22067]

3595.   [port]          win32: Fix build problems introduced by change #3550.
                        [RT #33807]

3594.   [maint]         Update config.guess and config.sub. [RT #33816]

3593.   [func]          Update EDNS processing to better track remote server
                        capabilities. [RT #30655]

3592.   [doc]           Moved documentation of rndc command options to the
                        rndc man page. [RT #33506]

3591.   [func]          Use CRC-64 to detect map file corruption at load
                        time. [RT #33746]

3590.   [bug]           When using RRL on recursive servers, defer
                        rate-limiting until after recursion is complete;
                        also, use correct rcode for slipped NXDOMAIN
                        responses.  [RT #33604]

3589.   [func]          Report serial numbers in when starting zone transfers.
                        Report accepted NOTIFY requests including serial.
                        [RT #33037]

3588.   [bug]           dig: addressed a memory leak in the sigchase code
                        that could cause a shutdown crash.  [RT #33733]

3587.   [func]          'named -g' now checks the logging configuration but
                        does not use it. [RT #33473]

3586.   [bug]           Handle errors in xmlDocDumpFormatMemoryEnc. [RT #33706]

3585.   [func]          "rndc delzone -clean" option removes zone files
                        when deleting a zone. [RT #33570]

3584.   [security]      Caching data from an incompletely signed zone could
                        trigger an assertion failure in resolver.c
                        (CVE-2013-3919). [RT #33690]

3583.   [bug]           Address memory leak in GSS-API processing [RT #33574]

3582.   [bug]           Silence false positive warning regarding missing file
                        directive for inline slave zones.  [RT #33662]

3581.   [bug]           Changed the tcp-listen-queue default to 10. [RT #33029]

3580.   [bug]           Addressed a possible race in acache.c [RT #33602]

3579.   [maint]         Updates to PKCS#11 openssl patches, supporting
                        versions 0.9.8y, 1.0.0k, 1.0.1e [RT #33463]

3578.   [bug]           'rndc -c file' now fails if 'file' does not exist.
                        [RT #33571]

3577.   [bug]           Handle zero TTL values better. [RT #33411]

3576.   [bug]           Address a shutdown race when validating. [RT #33573]

3575.   [func]          Changed the logging category for RRL events from
                        'queries' to 'query-errors'. [RT #33540]

3574.   [doc]           The 'hostname' keyword was missing from server-id
                        description in the named.conf man page. [RT #33476]

3573.   [bug]           "rndc addzone" and "rndc delzone" incorrectly handled
                        zone names containing punctuation marks and other
                        nonstandard characters. [RT #33419]

3572.   [func]          Threads are now enabled by default on most
                        operating systems. [RT #25483]

3571.   [bug]           Address race condition in dns_client_startresolve().
                        [RT #33234]

3570.   [bug]           Check internal pointers are valid when loading map
                        files. [RT #33403]

3569.   [contrib]       Ported mysql DLZ driver to dynamically-loadable
                        module, and added multithread support. [RT #33394]

3568.   [cleanup]       Add a product description line to the version file,
                        to be reported by named -v/-V. [RT #33366]

3567.   [bug]           Silence clang static analyzer warnings. [RT #33365]

3566.   [func]          Log when forwarding updates to master. [RT #33240]

3565.   [placeholder]

3564.   [bug]           Improved handling of corrupted map files. [RT #33380]

3563.   [contrib]       zone2sqlite failed with some table names. [RT #33375]

3562.   [func]          Update map file header format to include a SHA-1 hash
                        of the database content, so that corrupted map files
                        can be rejected at load time. [RT #32459]

3561.   [bug]           dig: issue a warning if an EDNS query returns FORMERR
                        or NOTIMP.  Adjust usage message. [RT #33363]

3560.   [bug]           isc-config.sh did not honor includedir and libdir
                        when set via configure. [RT #33345]

3559.   [func]          Check that both forms of Sender Policy Framework
                        records exist or do not exist. [RT #33355]

3558.   [bug]           IXFR of a DLZ stored zone was broken. [RT #33331]

3557.   [bug]           Reloading redirect zones was broken. [RT #33292]

3556.   [maint]         Added AAAA for D.ROOT-SERVERS.NET.

3555.   [bug]           Address theoretical race conditions in acache.c
                        (change #3553 was incomplete). [RT #33252]

3554.   [bug]           RRL failed to correctly rate-limit upward
                        referrals and failed to count dropped error
                        responses in the statistics. [RT #33225]

3553.   [bug]           Address suspected double free in acache. [RT #33252]

3552.   [bug]           Wrong getopt option string for 'nsupdate -r'.
                        [RT #33280]

3551.   [bug]           resolver.querydscp[46] were uninitialized.  [RT #32686]

3550.   [func]          Unified the internal and export versions of the
                        BIND libraries, allowing external clients to use
                        the same libraries as BIND. [RT #33131]

3549.   [doc]           Documentation for "request-nsid" was missing.
                        [RT #33153]

3548.   [bug]           The NSID request code in resolver.c was broken
                        resulting in invalid EDNS options being sent.
                        [RT #33153]

3547.   [bug]           Some malformed unknown rdata records were not properly
                        detected and rejected. [RT #33129]

3546.   [func]          Add EUI48 and EUI64 types. [RT #33082]

3545.   [bug]           RRL slip behavior was incorrect when set to 1.
                        [RT #33111]

3544.   [contrib]       check5011.pl: Script to report the status of
                        managed keys as recorded in managed-keys.bind.
                        Contributed by Tony Finch <[email protected]>

3543.   [bug]           Update socket structure before attaching to socket
                        manager after accept. [RT #33084]

3542.   [placeholder]

3541.   [bug]           Parts of libdns were not properly initialized when
                        built in libexport mode. [RT #33028]

3540.   [test]          libt_api: t_info and t_assert were not thread safe.

3539.   [port]          win32: timestamp format didn't match other platforms.

3538.   [test]          Running "make test" now requires loopback interfaces
                        to be set up. [RT #32452]

3537.   [tuning]        Slave zones, when updated, now send NOTIFY messages
                        to peers before being dumped to disk rather than
                        after. [RT #27242]

3536.   [func]          Add support for setting Differentiated Services Code
                        Point (DSCP) values in named.  Most configuration
                        options which take a "port" option (e.g.,
                        listen-on, forwarders, also-notify, masters,
                        notify-source, etc) can now also take a "dscp"
                        option specifying a code point for use with
                        outgoing traffic, if supported by the underlying
                        OS. [RT #27596]

3535.   [bug]           Minor win32 cleanups. [RT #32962]

3534.   [bug]           Extra text after an embedded NULL was ignored when
                        parsing zone files. [RT #32699]

3533.   [contrib]       query-loc-0.4.0: memory leaks. [RT #32960]

3532.   [contrib]       zkt: fixed buffer overrun, resource leaks. [RT #32960]

3531.   [bug]           win32: A uninitialized value could be returned on out
                        of memory. [RT #32960]

3530.   [contrib]       Better RTT tracking in queryperf. [RT #30128]

3529.   [func]          Named now listens on both IPv4 and IPv6 interfaces
                        by default.  Named previously only listened on IPv4
                        interfaces by default unless named was running in
                        IPv6 only mode.  [RT #32945]

3528.   [func]          New "dnssec-coverage" command scans the timing
                        metadata for a set of DNSSEC keys and reports if a
                        lapse in signing coverage has been scheduled
                        inadvertently. (Note: This tool depends on python;
                        it will not be built or installed on systems that
                        do not have a python interpreter.) [RT #28098]

3527.   [compat]        Add a URI to allow applications to explicitly
                        request a particular XML schema from the statistics
                        channel, returning 404 if not supported. [RT #32481]

3526.   [cleanup]       Set up dependencies for unit tests correctly during
                        build. [RT #32803]

3525.   [func]          Support for additional signing algorithms in rndc:
                        hmac-sha1, -sha224, -sha256, -sha384, and -sha512.
                        The -A option to rndc-confgen can be used to
                        select the algorithm for the generated key.
                        (The default is still hmac-md5; this may
                        change in a future release.) [RT #20363]

3524.   [func]          Added an alternate statistics channel in JSON format,
                        when the server is built with the json-c library:
                        http://[address]:[port]/json. [RT #32630]

3523.   [contrib]       Ported filesystem and ldap DLZ drivers to
                        dynamically-loadable modules, and added the
                        "wildcard" module based on a contribution from
                        Vadim Goncharov <[email protected]>. [RT #23569]

3522.   [bug]           DLZ lookups could fail to return SERVFAIL when
                        they ought to. [RT #32685]

3521.   [bug]           Address memory leak in opensslecdsa_link.c. [RT #32249]

3520.   [bug]           'mctx' was not being referenced counted in some places
                        where it should have been.  [RT #32794]

3519.   [func]          Full replay protection via four-way handshake is
                        now mandatory for rndc clients. Very old versions
                        of rndc will no longer work. [RT #32798]

3518.   [bug]           Increase the size of dns_rrl_key.s.rtype by one bit
                        so that all dns_rrl_rtype_t enum values fit regardless
                        of whether it is treated as signed or unsigned by
                        the compiler. [RT #32792]

3517.   [bug]           Reorder destruction to avoid shutdown race. [RT #32777]

3516.   [placeholder]

3515.   [port]          '%T' is not portable in strftime(). [RT #32763]

3514.   [bug]           The ranges for valid key sizes in ddns-confgen and
                        rndc-confgen were too constrained. Keys up to 512
                        bits are now allowed for most algorithms, and up
                        to 1024 bits for hmac-sha384 and hmac-sha512.
                        [RT #32753]

3513.   [func]          "dig -u" prints times in microseconds rather than
                        milliseconds. [RT #32704]

3512.   [func]          "rndc validation check" reports the current status
                        of DNSSEC validation. [RT #21397]

3511.   [doc]           Improve documentation of redirect zones. [RT #32756]

3510.   [func]          "rndc status" and XML statistics channel now report
                        server start and reconfiguration times. [RT #21048]

3509.   [cleanup]       Added a product line to version file to allow for
                        easy naming of different products (BIND
                        vs BIND ESV, for example). [RT #32755]

3508.   [contrib]       queryperf was incorrectly rejecting the -T option.
                        [RT #32338]

3507.   [bug]           Statistics channel XSL had a glitch when attempting
                        to chart query data before any queries had been
                        received. [RT #32620]

3506.   [func]          When setting "max-cache-size" and "max-acache-size",
                        the keyword "unlimited" is no longer defined as equal
                        to 4 gigabytes (except on 32-bit platforms); it
                        means literally unlimited. [RT #32358]

3505.   [bug]           When setting "max-cache-size" and "max-acache-size",
                        larger values than 4 gigabytes could not be set
                        explicitly, though larger sizes were available
                        when setting cache size to 0. This has been
                        corrected; the full range is now available.
                        [RT #32358]

3504.   [func]          Add support for ACLs based on geographic location,
                        using MaxMind GeoIP databases. Based on code
                        contributed by Ken Brownfield <[email protected]>.
                        [RT #30681]

3503.   [doc]           Clarify size_spec syntax. [RT #32449]

3502.   [func]          zone-statistics: "no" is now a synonym for "none",
                        instead of "terse". [RT #29165]

3501.   [func]          zone-statistics now takes three options: full,
                        terse, and none. "yes" and "no" are retained as
                        synonyms for full and terse, respectively. [RT #29165]

3500.   [security]      Support NAPTR regular expression validation on
                        all platforms without using libregex, which
                        can be vulnerable to memory exhaustion attack
                        (CVE-2013-2266). [RT #32688]
3499.   [doc]           Corrected ARM documentation of built-in zones.
                        [RT #32694]

3498.   [bug]           zone statistics for zones which matched a potential
                        empty zone could have their zone-statistics setting
                        overridden.

3497.   [func]          When deleting a slave/stub zone using 'rndc delzone'
                        report the files that were being used so they can
                        be cleaned up if desired. [RT #27899]

3496.   [placeholder]

3495.   [func]          Support multiple response-policy zones (up to 32),
                        while improving RPZ performance.  "response-policy"
                        syntax now includes a "min-ns-dots" clause, with
                        default 1, to exclude top-level domains from
                        NSIP and NSDNAME checking. --enable-rpz-nsip and
                        --enable-rpz-nsdname are now the default. [RT #32251]

3494.   [func]          DNS RRL: Blunt the impact of DNS reflection and
                        amplification attacks by rate-limiting substantially-
                        identical responses. [RT #28130]

3493.   [contrib]       Added BDBHPT dynamically-loadable DLZ module,
                        contributed by Mark Goldfinch. [RT #32549]

3492.   [bug]           Fixed a regression in zone loading performance
                        due to lock contention. [RT #30399]

3491.   [bug]           Slave zones using inline-signing must specify a
                        file name. [RT #31946]

3490.   [bug]           When logging RDATA during update, truncate if it's
                        too long. [RT #32365]

3489.   [bug]           --enable-developer now turns on ISC_LIST_CHECKINIT.
                        dns_dlzcreate() failed to properly initialize
                        dlzdb.link.  When cloning a rdataset do not copy
                        the link contents.  [RT #32651]

3488.   [bug]           Use after free error with DH generated keys. [RT #32649]

3487.   [bug]           Change 3444 was not complete.  There was a additional
                        place where the NOQNAME proof needed to be saved.
                        [RT #32629]

3486.   [bug]           named could crash when using TKEY-negotiated keys
                        that had been deleted and then recreated. [RT #32506]

3485.   [cleanup]       Only compile openssl_gostlink.c if we support GOST.

3484.   [bug]           Some statistics were incorrectly rendered in XML.
                        [RT #32587]

3483.   [placeholder]

3482.   [func]          dig +nssearch now prints name servers that don't
                        have address records (missing AAAA or A, or the name
                        doesn't exist). [RT #29348]

3481.   [cleanup]       Removed use of const const in atf.

3480.   [bug]           Silence logging noise when setting up zone
                        statistics. [RT #32525]

3479.   [bug]           Address potential memory leaks in gssapi support
                        code. [RT #32405]

3478.   [port]          Fix a build failure in strict C99 environments
                        [RT #32475]

3477.   [func]          Expand logging when adding records via DDNS update
                        [RT #32365]

3476.   [bug]           "rndc zonestatus" could report a spurious "not
                        found" error on inline-signing zones. [RT #29226]

3475.   [cleanup]       Changed name of 'map' zone file format (previously
                        'fast'). [RT #32458]

3474.   [bug]           nsupdate could assert when the local and remote
                        address families didn't match. [RT #22897]

3473.   [bug]           dnssec-signzone/verify could incorrectly report
                        an error condition due to an empty node above an
                        opt-out delegation lacking an NSEC3. [RT #32072]

3472.   [bug]           The active-connections counter in the socket
                        statistics could underflow. [RT #31747]

3471.   [bug]           The number of UDP dispatches now defaults to
                        the number of CPUs even if -n has been set to
                        a higher value. [RT #30964]

3470.   [bug]           Slave zones could fail to dump when successfully
                        refreshing after an initial failure. [RT #31276]

3469.   [bug]           Handle DLZ lookup failures more gracefully. Improve
                        backward compatibility between versions of DLZ dlopen
                        API. [RT #32275]

3468.   [security]      RPZ rules to generate A records (but not AAAA records)
                        could trigger an assertion failure when used in
                        conjunction with DNS64 (CVE-2012-5689). [RT #32141]

3467.   [bug]           Added checks in dnssec-keygen and dnssec-settime
                        to check for delete date < inactive date. [RT #31719]

3466.   [contrib]       Corrected the DNS_CLIENTINFOMETHODS_VERSION check
                        in DLZ example driver. [RT #32275]

3465.   [bug]           Handle isolated reserved ports. [RT #31778]

3464.   [maint]         Updates to PKCS#11 openssl patches, supporting
                        versions 0.9.8x, 1.0.0j, 1.0.1c [RT #29749]

3463.   [doc]           Clarify managed-keys syntax in ARM. [RT #32232]

3462.   [doc]           Clarify server selection behavior of dig when using
                        -4 or -6 options. [RT #32181]

3461.   [bug]           Negative responses could incorrectly have AD=1
                        set. [RT #32237]

3460.   [bug]           Only link against readline where needed. [RT #29810]

3459.   [func]          Added -J option to named-checkzone/named-compilezone
                        to specify the path to the journal file. [RT #30958]

3458.   [bug]           Return FORMERR when presented with a overly long
                        domain named in a request. [RT #29682]

3457.   [protocol]      Add ILNP records (NID, LP, L32, L64). [RT #31836]

3456.   [port]          g++47: ATF failed to compile. [RT #32012]

3455.   [contrib]       queryperf: fix getopt option list. [RT #32338]

3454.   [port]          sparc64: improve atomic support. [RT #25182]

3453.   [bug]           'rndc addzone' of a zone with 'inline-signing yes;'
                        failed. [RT #31960]

3452.   [bug]           Accept duplicate singleton records. [RT #32329]

3451.   [port]          Increase per thread stack size from 64K to 1M.
                        [RT #32230]

3450.   [bug]           Stop logfileconfig system test spam system logs.
                        [RT #32315]

3449.   [bug]           gen.c: use the pre-processor to construct format
                        strings so that compiler can perform sanity checks;
                        check the snprintf results. [RT #17576]

3448.   [bug]           The allow-query-on ACL was not processed correctly.
                        [RT #29486]

3447.   [port]          Add support for libxml2-2.9.x [RT #32231]

3446.   [port]          win32: Add source ID (see change #3400) to build.
                        [RT #31683]

3445.   [bug]           Warn about zone files with blank owner names
                        immediately after $ORIGIN directives. [RT #31848]

3444.   [bug]           The NOQNAME proof was not being returned from cached
                        insecure responses. [RT #21409]

3443.   [bug]           ddns-confgen: Some TSIG algorithms were incorrectly
                        rejected when generating keys. [RT #31927]

3442.   [port]          Net::DNS 0.69 introduced a non backwards compatible
                        change. [RT #32216]

3441.   [maint]         D.ROOT-SERVERS.NET is now 199.7.91.13.

3440.   [bug]           Reorder get_key_struct to not trigger a assertion when
                        cleaning up due to out of memory error. [RT #32131]

3439.   [placeholder]

3438.   [bug]           Don't accept unknown data escape in quotes. [RT #32031]

3437.   [bug]           isc_buffer_init -> isc_buffer_constinit to initialize
                        buffers with constant data. [RT #32064]

3436.   [bug]           Check malloc/calloc return values. [RT #32088]

3435.   [bug]           Cross compilation support in configure was broken.
                        [RT #32078]

3434.   [bug]           Pass client info to the DLZ findzone() entry
                        point in addition to lookup().  This makes it
                        possible for a database to answer differently
                        whether it's authoritative for a name depending
                        on the address of the client.  [RT #31775]

3433.   [bug]           dlz_findzone() did not correctly handle
                        ISC_R_NOMORE. [RT #31172]

3432.   [func]          Multiple DLZ databases can now be configured.
                        DLZ databases are searched in the order configured,
                        unless set to "search no", in which case a
                        zone can be configured to be retrieved from a
                        particular DLZ database by using a "dlz <name>"
                        option in the zone statement.  DLZ databases can
                        support type "master" and "redirect" zones.
                        [RT #27597]

3431.   [bug]           ddns-confgen: Some valid key algorithms were
                        not accepted. [RT #31927]

3430.   [bug]           win32: isc_time_formatISO8601 was missing the
                        'T' between the date and time. [RT #32044]

3429.   [bug]           dns_zone_getserial2 could a return success without
                        returning a valid serial. [RT #32007]

3428.   [cleanup]       dig: Add timezone to date output. [RT #2269]

3427.   [bug]           dig +trace incorrectly displayed name server
                        addresses instead of names. [RT #31641]

3426.   [bug]           dnssec-checkds: Clearer output when records are not
                        found. [RT #31968]

3425.   [bug]           "acacheentry" reference counting was broken resulting
                        in use after free. [RT #31908]

3424.   [func]          dnssec-dsfromkey now emits the hash without spaces.
                        [RT #31951]

3423.   [bug]           "rndc signing -nsec3param" didn't accept the full
                        range of possible values.  Address portability issues.
                        [RT #31938]

3422.   [bug]           Added a clear error message for when the SOA does not
                        match the referral. [RT #31281]

3421.   [bug]           Named loops when re-signing if all keys are offline.
                        [RT #31916]

3420.   [bug]           Address VPATH compilation issues. [RT #31879]

3419.   [bug]           Memory leak on validation cancel. [RT #31869]

3418.   [func]          New XML schema (version 3.0) for the statistics channel
                        adds query type statistics at the zone level, and
                        flattens the XML tree and uses compressed format to
                        optimize parsing. Includes new XSL that permits
                        charting via the Google Charts API on browsers that
                        support javascript in XSL.  The old XML schema has been
                        deprecated. [RT #30023]

3417.   [placeholder]

3416.   [bug]           Named could die on shutdown if running with 128 UDP
                        dispatches per interface. [RT #31743]

3415.   [bug]           named could die with a REQUIRE failure if a validation
                        was canceled. [RT #31804]

3414.   [bug]           Address locking issues found by Coverity. [RT #31626]

3413.   [func]          Record the number of DNS64 AAAA RRsets that have been
                        synthesized. [RT #27636]

3412.   [bug]           Copy timeval structure from control message data.
                        [RT #31548]

3411.   [tuning]        Use IPV6_USE_MIN_MTU or equivalent with TCP in addition
                        to UDP. [RT #31690]

3410.   [bug]           Addressed Coverity warnings. [RT #31626]

3409.   [contrib]       contrib/dane/mkdane.sh: Tool to generate TLSA RR's
                        from X.509 certificates, for use with DANE
                        (DNS-based Authentication of Named Entities).
                        [RT #30513]

3408.   [bug]           Some DNSSEC-related options (update-check-ksk,
                        dnssec-loadkeys-interval, dnssec-dnskey-kskonly)
                        are now legal in slave zones as long as
                        inline-signing is in use. [RT #31078]

3407.   [placeholder]

3406.   [bug]           mem.c: Fix compilation errors when building with
                        ISC_MEM_TRACKLINES or ISC_MEMPOOL_NAMES disabled.
                        Also, ISC_MEM_DEBUG is no longer optional. [RT #31559]

3405.   [bug]           Handle time going backwards in acache. [RT #31253]

3404.   [bug]           dnssec-signzone: When re-signing a zone, remove
                        RRSIG and NSEC records from nodes that used to be
                        in-zone but are now below a zone cut. [RT #31556]

3403.   [bug]           Silence noisy OpenSSL logging. [RT #31497]

3402.   [test]          The IPv6 interface numbers used for system
                        tests were incorrect on some platforms. [RT #25085]

3401.   [bug]           Addressed Coverity warnings. [RT #31484]

3400.   [cleanup]       "named -V" can now report a source ID string, defined
                        in the "srcid" file in the build tree and normally set
                        to the most recent git hash.  [RT #31494]

3399.   [port]          netbsd: rename 'bool' parameter to avoid namespace
                        clash.  [RT #31515]

3398.   [bug]           SOA parameters were not being updated with inline
                        signed zones if the zone was modified while the
                        server was offline. [RT #29272]

3397.   [bug]           dig crashed when using +nssearch with +tcp. [RT #25298]

3396.   [bug]           OPT records were incorrectly removed from signed,
                        truncated responses. [RT #31439]

3395.   [protocol]      Add RFC 6598 reverse zones to built in empty zones
                        list, 64.100.IN-ADDR.ARPA ... 127.100.IN-ADDR.ARPA.
                        [RT #31336]

3394.   [bug]           Adjust 'successfully validated after lower casing
                        signer' log level and category. [RT #31414]

3393.   [bug]           'host -C' could core dump if REFUSED was received.
                        [RT #31381]

3392.   [func]          Keep statistics on REFUSED responses. [RT #31412]

3391.   [bug]           A DNSKEY lookup that encountered a CNAME failed.
                        [RT #31262]

3390.   [bug]           Silence clang compiler warnings. [RT #30417]

3389.   [bug]           Always return NOERROR (not 0) in TSIG. [RT #31275]

3388.   [bug]           Fixed several Coverity warnings.
                        Note: This change includes a fix for a bug that
                        was subsequently determined to be an exploitable
                        security vulnerability, CVE-2012-5688: named could
                        die on specific queries with dns64 enabled.
                        [RT #30996]

3387.   [func]          DS digest can be disabled at runtime with
                        disable-ds-digests. [RT #21581]

3386.   [bug]           Address locking violation when generating new NSEC /
                        NSEC3 chains. [RT #31224]

3385.   [bug]           named-checkconf didn't detect missing master lists
                        in also-notify clauses. [RT #30810]

3384.   [bug]           Improved logging of crypto errors. [RT #30963]

3383.   [security]      A certain combination of records in the RBT could
                        cause named to hang while populating the additional
                        section of a response. [RT #31090]

3382.   [bug]           SOA query from slave used use-v6-udp-ports range,
                        if set, regardless of the address family in use.
                        [RT #24173]

3381.   [contrib]       Update queryperf to support more RR types.
                        [RT #30762]

3380.   [bug]           named could die if a nonexistent master list was
                        referenced in a also-notify. [RT #31004]

3379.   [bug]           isc_interval_zero and isc_time_epoch should be
                        "const (type)* const". [RT #31069]

3378.   [bug]           Handle missing 'managed-keys-directory' better.
                        [RT #30625]

3377.   [bug]           Removed spurious newline from NSEC3 multiline
                        output. [RT #31044]

3376.   [bug]           Lack of EDNS support was being recorded without a
                        successful response. [RT #30811]

3375.   [bug]           'rndc dumpdb' failed on empty caches. [RT #30808]

3374.   [bug]           isc_parse_uint32 failed to return a range error on
                        systems with 64 bit longs. [RT #30232]

3373.   [bug]           win32: open raw files in binary mode. [RT #30944]

3372.   [bug]           Silence spurious "deleted from unreachable cache"
                        messages.  [RT #30501]

3371.   [bug]           AD=1 should behave like DO=1 when deciding whether to
                        add NS RRsets to the additional section or not.
                        [RT #30479]

3370.   [bug]           Address use after free while shutting down. [RT #30241]

3369.   [bug]           nsupdate terminated unexpectedly in interactive mode
                        if built with readline support. [RT #29550]

3368.   [bug]           <dns/iptable.h>, <dns/private.h> and <dns/zone.h>
                        were not C++ safe.

3367.   [bug]           dns_dnsseckey_create() result was not being checked.
                        [RT #30685]

3366.   [bug]           Fixed Read-After-Write dependency violation for IA64
                        atomic operations. [RT #25181]

3365.   [bug]           Removed spurious newlines from log messages in
                        zone.c [RT #30675]

3364.   [security]      Named could die on specially crafted record.
                        [RT #30416]

3363.   [bug]           Need to allow "forward" and "fowarders" options
                        in static-stub zones; this had been overlooked.
                        [RT #30482]

3362.   [bug]           Setting some option values to 0 in named.conf
                        could trigger an assertion failure on startup.
                        [RT #27730]

3361.   [bug]           "rndc signing -nsec3param" didn't work correctly
                        when salt was set to '-' (no salt). [RT #30099]

3360.   [bug]           'host -w' could die.  [RT #18723]

3359.   [bug]           An improperly-formed TSIG secret could cause a
                        memory leak. [RT #30607]

3358.   [placeholder]

3357.   [port]          Add support for libxml2-2.8.x [RT #30440]

3356.   [bug]           Cap the TTL of signed RRsets when RRSIGs are
                        approaching their expiry, so they don't remain
                        in caches after expiry. [RT #26429]

3355.   [port]          Use more portable awk in verify system test.

3354.   [func]          Improve OpenSSL error logging. [RT #29932]

3353.   [bug]           Use a single task for task exclusive operations.
                        [RT #29872]

3352.   [bug]           Ensure that learned server attributes timeout of the
                        adb cache. [RT #29856]

3351.   [bug]           isc_mem_put and isc_mem_putanddetach didn't report
                        caller if either ISC_MEM_DEBUGSIZE or ISC_MEM_DEBUGCTX
                        memory debugging flags are set. [RT #30243]

3350.   [bug]           Memory read overrun in isc___mem_reallocate if
                        ISC_MEM_DEBUGCTX memory debugging flag is set.
                        [RT #30240]

3349.   [bug]           Change #3345 was incomplete. [RT #30233]

3348.   [bug]           Prevent RRSIG data from being cached if a negative
                        record matching the covering type exists at a higher
                        trust level. Such data already can't be retrieved from
                        the cache since change 3218 -- this prevents it
                        being inserted into the cache as well. [RT #26809]

3347.   [bug]           dnssec-settime: Issue a warning when writing a new
                        private key file would cause a change in the
                        permissions of the existing file. [RT #27724]

3346.   [security]      Bad-cache data could be used before it was
                        initialized, causing an assert. [RT #30025]

3345.   [bug]           Addressed race condition when removing the last item
                        or inserting the first item in an ISC_QUEUE.
                        [RT #29539]

3344.   [func]          New "dnssec-checkds" command checks a zone to
                        determine which DS records should be published
                        in the parent zone, or which DLV records should be
                        published in a DLV zone, and queries the DNS to
                        ensure that it exists. (Note: This tool depends
                        on python; it will not be built or installed on
                        systems that do not have a python interpreter.)
                        [RT #28099]

3343.   [placeholder]

3342.   [bug]           Change #3314 broke saving of stub zones to disk
                        resulting in excessive cpu usage in some cases.
                        [RT #29952]

3341.   [func]          New "dnssec-verify" command checks a signed zone
                        to ensure correctness of signatures and of NSEC/NSEC3
                        chains. [RT #23673]

3340.   [func]          Added new 'map' zone file format, which is an image
                        of a zone database that can be loaded directly into
                        memory via mmap(), allowing much faster zone loading.
                        (Note: Because of pointer sizes and other
                        considerations, this file format is platform-dependent;
                        'map' zone files cannot always be transferred from one
                        server to another.) [RT #25419]

3339.   [func]          Allow the maximum supported rsa exponent size to be
                        specified: "max-rsa-exponent-size <value>;" [RT #29228]

3338.   [bug]           Address race condition in units tests: asyncload_zone
                        and asyncload_zt. [RT #26100]

3337.   [bug]           Change #3294 broke support for the multiple keys
                        in controls. [RT #29694]

3336.   [func]          Maintain statistics for RRsets tagged as "stale".
                        [RT #29514]

3335.   [func]          nslookup: return a nonzero exit code when unable
                        to get an answer. [RT #29492]

3334.   [bug]           Hold a zone table reference while performing a
                        asynchronous load of a zone. [RT #28326]

3333.   [bug]           Setting resolver-query-timeout too low can cause
                        named to not recover if it loses connectivity.
                        [RT #29623]

3332.   [bug]           Re-use cached DS rrsets if possible. [RT #29446]

3331.   [security]      dns_rdataslab_fromrdataset could produce bad
                        rdataslabs. [RT #29644]

3330.   [func]          Fix missing signatures on NOERROR results despite
                        RPZ rewriting.  Also
                         - add optional "recursive-only yes|no" to the
                           response-policy statement
                         - add optional "max-policy-ttl" to the response-policy
                            statement to limit the false data that
                            "recursive-only no" can introduce into
                            resolvers' caches
                         - add a RPZ performance test to bin/tests/system/rpz
                             when queryperf is available.
                         - the encoding of PASSTHRU action to "rpz-passthru".
                             (The old encoding is still accepted.)
                        [RT #26172]


3329.   [bug]           Handle RRSIG signer-name case consistently: We
                        generate RRSIG records with the signer-name in
                        lower case.  We accept them with any case, but if
                        they fail to validate, we try again in lower case.
                        [RT #27451]

3328.   [bug]           Fixed inconsistent data checking in dst_parse.c.
                        [RT #29401]

3327.   [func]          Added 'filter-aaaa-on-v6' option; this is similar
                        to 'filter-aaaa-on-v4' but applies to IPv6
                        connections.  (Use "configure --enable-filter-aaaa"
                        to enable this option.)  [RT #27308]

3326.   [func]          Added task list statistics: task model, worker
                        threads, quantum, tasks running, tasks ready.
                        [RT #27678]

3325.   [func]          Report cache statistics: memory use, number of
                        nodes, number of hash buckets, hit and miss counts.
                        [RT #27056]

3324.   [test]          Add better tests for ADB stats [RT #27057]

3323.   [func]          Report the number of buckets the resolver is using.
                        [RT #27020]

3322.   [func]          Monitor the number of active TCP and UDP dispatches.
                        [RT #27055]

3321.   [func]          Monitor the number of recursive fetches and the
                        number of open sockets, and report these values in
                        the statistics channel. [RT #27054]

3320.   [func]          Added support for monitoring of recursing client
                        count. [RT #27009]

3319.   [func]          Added support for monitoring of ADB entry count and
                        hash size. [RT #27057]

3318.   [tuning]        Reduce the amount of work performed while holding a
                        bucket lock when finished with a fetch context.
                        [RT #29239]

3317.   [func]          Add ECDSA support (RFC 6605). [RT #21918]

3316.   [tuning]        Improved locking performance when recursing.
                        [RT #28836]

3315.   [tuning]        Use multiple dispatch objects for sending upstream
                        queries; this can improve performance on busy
                        multiprocessor systems by reducing lock contention.
                        [RT #28605]

3314.   [bug]           The masters list could be updated while stub_callback
                        or refresh_callback were using it. [RT #26732]

3313.   [protocol]      Add TLSA record type. [RT #28989]

3312.   [bug]           named-checkconf didn't detect a bad dns64 clients acl.
                        [RT #27631]

3311.   [bug]           Abort the zone dump if zone->db is NULL in
                        zone.c:zone_gotwritehandle. [RT #29028]

3310.   [test]          Increase table size for mutex profiling. [RT #28809]

3309.   [bug]           resolver.c:fctx_finddone() was not thread safe.
                        [RT #27995]

3308.   [placeholder]

3307.   [bug]           Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS.
                        [RT #28956]

3306.   [bug]           Improve DNS64 reverse zone performance. [RT #28563]

3305.   [func]          Add wire format lookup method to sdb. [RT #28563]

3304.   [bug]           Use hmctx, not mctx when freeing rbtdb->heaps.
                        [RT #28571]

3303.   [bug]           named could die when reloading. [RT #28606]

3302.   [bug]           dns_dnssec_findmatchingkeys could fail to find
                        keys if the zone name contained character that
                        required special mappings. [RT #28600]

3301.   [contrib]       Update queryperf to build on darwin.  Add -R flag
                        for non-recursive queries. [RT #28565]

3300.   [bug]           Named could die if gssapi was enabled in named.conf
                        but was not compiled in. [RT #28338]

3299.   [bug]           Make SDB handle errors from database drivers better.
                        [RT #28534]

3298.   [bug]           Named could dereference a NULL pointer in
                        zmgr_start_xfrin_ifquota if the zone was being removed.
                        [RT #28419]

3297.   [bug]           Named could die on a malformed master file. [RT #28467]

3296.   [bug]           Named could die with a INSIST failure in
                        client.c:exit_check. [RT #28346]

3295.   [bug]           Adjust isc_time_secondsastimet range check to be more
                        portable. [RT # 26542]

3294.   [bug]           isccc/cc.c:table_fromwire failed to free alist on
                        error. [RT #28265]

3293.   [func]          nsupdate: list supported type. [RT #28261]

3292.   [func]          Log messages in the axfr stream at debug 10.
                        [RT #28040]

3291.   [port]          Fixed a build error on systems without ENOTSUP.
                        [RT #28200]

3290.   [bug]           <isc/hmacsha.h> was not being installed. [RT #28169]

3289.   [bug]           'rndc retransfer' failed for inline zones. [RT #28036]

3288.   [bug]           dlz_destroy() function wasn't correctly registered
                        by the DLZ dlopen driver. [RT #28056]

3287.   [port]          Update ans.pl to work with Net::DNS 0.68. [RT #28028]

3286.   [bug]           Managed key maintenance timer could fail to start
                        after 'rndc reconfig'. [RT #26786]

3285.   [bug]           val-frdataset was incorrectly disassociated in
                        proveunsecure after calling startfinddlvsep.
                        [RT #27928]

3284.   [bug]           Address race conditions with the handling of
                        rbtnode.deadlink. [RT #27738]

3283.   [bug]           Raw zones with with more than 512 records in a RRset
                        failed to load. [RT #27863]

3282.   [bug]           Restrict the TTL of NS RRset to no more than that
                        of the old NS RRset when replacing it.
                        [RT #27792] [RT #27884]

3281.   [bug]           SOA refresh queries could be treated as cancelled
                        despite succeeding over the loopback interface.
                        [RT #27782]

3280.   [bug]           Potential double free of a rdataset on out of memory
                        with DNS64. [RT #27762]

3279.   [bug]           Hold a internal reference to the zone while performing
                        a asynchronous load.  Address potential memory leak
                        if the asynchronous is cancelled. [RT #27750]

3278.   [bug]           Make sure automatic key maintenance is started
                        when "auto-dnssec maintain" is turned on during
                        "rndc reconfig". [RT #26805]

3277.   [bug]           win32: isc_socket_dup is not implemented. [RT #27696]

3276.   [bug]           win32: ns_os_openfile failed to return NULL on
                        safe_open failure. [RT #27696]

3275.   [bug]           Corrected rndc -h output; the 'rndc sync -clean'
                        option had been misspelled as '-clear'.  (To avoid
                        future confusion, both options now work.) [RT #27173]

3274.   [placeholder]

3273.   [bug]           AAAA responses could be returned in the additional
                        section even when filter-aaaa-on-v4 was in use.
                        [RT #27292]

3272.   [func]          New "rndc zonestatus" command prints information
                        about the specified zone. [RT #21671]

3271.   [port]          darwin: mksymtbl is not always stable, loop several
                        times before giving up.  mksymtbl was using non
                        portable perl to covert 64 bit hex strings. [RT #27653]
        --- 9.9.0rc2 released ---

3270.   [bug]           "rndc reload" didn't reuse existing zones correctly
                        when inline-signing was in use. [RT #27650]

3269.   [port]          darwin 11 and later now built threaded by default.

3268.   [bug]           Convert RRSIG expiry times to 64 timestamps to work
                        out the earliest expiry time. [RT #23311]

3267.   [bug]           Memory allocation failures could be mis-reported as
                        unexpected error.  New ISC_R_UNSET result code.
                        [RT #27336]

3266.   [bug]           The maximum number of NSEC3 iterations for a
                        DNSKEY RRset was not being properly computed.
                        [RT #26543]

3265.   [bug]           Corrected a problem with lock ordering in the
                        inline-signing code. [RT #27557]

3264.   [bug]           Automatic regeneration of signatures in an
                        inline-signing zone could stall when the server
                        was restarted. [RT #27344]

3263.   [bug]           "rndc sync" did not affect the unsigned side of an
                        inline-signing zone. [RT #27337]

3262.   [bug]           Signed responses were handled incorrectly by RPZ.
                        [RT #27316]

3261.   [func]          RRset ordering now defaults to random. [RT #27174]

3260.   [bug]           "rrset-order cyclic" could appear not to rotate
                        for some query patterns.  [RT #27170/27185]
        --- 9.9.0rc1 released ---

3259.   [bug]           named-compilezone: Suppress "dump zone to <file>"
                        message when writing to stdout. [RT #27109]

3258.   [test]          Add "forcing full sign with unreadable keys" test.
                        [RT #27153]

3257.   [bug]           Do not generate a error message when calling fsync()
                        in a pipe or socket. [RT #27109]

3256.   [bug]           Disable empty zones for lwresd -C. [RT #27139]

3255.   [func]          No longer require that a empty zones be explicitly
                        enabled or that a empty zone is disabled for
                        RFC 1918 empty zones to be configured. [RT #27139]

3254.   [bug]           Set isc_socket_ipv6only() on the IPv6 control channels.
                        [RT #22249]

3253.   [bug]           Return DNS_R_SYNTAX when the input to a text field is
                        too long. [RT #26956]

3252.   [bug]           When master zones using inline-signing were
                        updated while the server was offline, the source
                        zone could fall out of sync with the signed
                        copy. They can now resynchronize. [RT #26676]

3251.   [bug]           Enforce a upper bound (65535 bytes) on the amount of
                        memory dns_sdlz_putrr() can allocate per record to
                        prevent run away memory consumption on ISC_R_NOSPACE.
                        [RT #26956]

3250.   [func]          'configure --enable-developer'; turn on various
                        configure options, normally off by default, that
                        we want developers to build and test with. [RT #27103]

3249.   [bug]           Update log message when saving slave zones files for
                        analysis after load failures. [RT #27087]

3248.   [bug]           Configure options --enable-fixed-rrset and
                        --enable-exportlib were incompatible with each
                        other. [RT #27087]

3247.   [bug]           'raw' format zones failed to preserve load order
                        breaking 'fixed' sort order. [RT #27087]

3246.   [bug]           Named failed to start with a empty also-notify list.
                        [RT #27087]

3245.   [bug]           Don't report a error unchanged serials unless there
                        were other changes when thawing a zone with
                        ixfr-fromdifferences. [RT #26845]

3244.   [func]          Added readline support to nslookup and nsupdate.
                        Also simplified nsupdate syntax to make "update"
                        and "prereq" optional. [RT #24659]

3243.   [port]          freebsd,netbsd,bsdi: the thread defaults were not
                        being properly set.

3242.   [func]          Extended the header of raw-format master files to
                        include the serial number of the zone from which
                        they were generated, if different (as in the case
                        of inline-signing zones).  This is to be used in
                        inline-signing zones, to track changes between the
                        unsigned and signed versions of the zone, which may
                        have different serial numbers.

                        (Note: raw zonefiles generated by this version of
                        BIND are no longer compatible with prior versions.
                        To generate a backward-compatible raw zonefile
                        using dnssec-signzone or named-compilezone, specify
                        output format "raw=0" instead of simply "raw".)
                        [RT #26587]

3241.   [bug]           Address race conditions in the resolver code.
                        [RT #26889]

3240.   [bug]           DNSKEY state change events could be missed. [RT #26874]

3239.   [bug]           dns_dnssec_findmatchingkeys needs to use a consistent
                        timestamp. [RT #26883]

3238.   [bug]           keyrdata was not being reinitialized in
                        lib/dns/rbtdb.c:iszonesecure. [RT #26913]

3237.   [bug]           dig -6 didn't work with +trace. [RT #26906]

3236.   [bug]           Backed out changes #3182 and #3202, related to
                        EDNS(0) fallback behavior. [RT #26416]

3235.   [func]          dns_db_diffx, a extended dns_db_diff which returns
                        the generated diff and optionally writes it to a
                        journal. [RT #26386]

3234.   [bug]           'make depend' produced invalid makefiles. [RT #26830]

3233.   [bug]           'rndc freeze/thaw' didn't work for inline zones.
                        [RT #26632]

3232.   [bug]           Zero zone->curmaster before return in
                        dns_zone_setmasterswithkeys(). [RT #26732]

3231.   [bug]           named could fail to send a incompressible zone.
                        [RT #26796]

3230.   [bug]           'dig axfr' failed to properly handle a multi-message
                        axfr with a serial of 0. [RT #26796]

3229.   [bug]           Fix local variable to struct var assignment
                        found by CLANG warning.

3228.   [tuning]        Dynamically grow symbol table to improve zone
                        loading performance. [RT #26523]

3227.   [bug]           Interim fix to make WKS's use of getprotobyname()
                        and getservbyname() self thread safe. [RT #26232]

3226.   [bug]           Address minor resource leakages. [RT #26624]

3225.   [bug]           Silence spurious "setsockopt(517, IPV6_V6ONLY) failed"
                        messages. [RT #26507]

3224.   [bug]           'rndc signing' argument parsing was broken. [RT #26684]

3223.   [bug]           'task_test privilege_drop' generated false positives.
                        [RT #26766]

3222.   [cleanup]       Replace dns_journal_{get,set}_bitws with
                        dns_journal_{get,set}_sourceserial. [RT #26634]

3221.   [bug]           Fixed a potential core dump on shutdown due to
                        referencing fetch context after it's been freed.
                        [RT #26720]
        --- 9.9.0b2 released ---

3220.   [bug]           Change #3186 was incomplete; dns_db_rpz_findips()
                        could fail to set the database version correctly,
                        causing an assertion failure. [RT #26180]

3219.   [bug]           Disable NOEDNS caching following a timeout.

3218.   [security]      Cache lookup could return RRSIG data associated with
                        nonexistent records, leading to an assertion
                        failure. [RT #26590]

3217.   [cleanup]       Fix build problem with --disable-static. [RT #26476]

3216.   [bug]           resolver.c:validated() was not thread-safe. [RT #26478]

3215.   [bug]           'rndc recursing' could cause a core dump. [RT #26495]

3214.   [func]          Add 'named -U' option to set the number of UDP
                        listener threads per interface. [RT #26485]

3213.   [doc]           Clarify ixfr-from-differences behavior. [RT #25188]

3212.   [bug]           rbtdb.c: failed to remove a node from the deadnodes
                        list prior to adding a reference to it leading a
                        possible assertion failure. [RT #23219]

3211.   [func]          dnssec-signzone: "-f -" prints to stdout; "-O full"
                        option prints in single-line-per-record format.
                        [RT #20287]

3210.   [bug]           Canceling the oldest query due to recursive-client
                        overload could trigger an assertion failure. [RT #26463]

3209.   [func]          Add "dnssec-lookaside 'no'".  [RT #24858]

3208.   [bug]           'dig -y' handle unknown tsig algorithm better.
                        [RT #25522]

3207.   [contrib]       Fixed build error in Berkeley DB DLZ module. [RT #26444]

3206.   [cleanup]       Add ISC information to log at start time. [RT #25484]

3205.   [func]          Upgrade dig's defaults to better reflect modern
                        nameserver behavior.  Enable "dig +adflag" and
                        "dig +edns=0" by default.  Enable "+dnssec" when
                        running "dig +trace". [RT #23497]

3204.   [bug]           When a master server that has been marked as
                        unreachable sends a NOTIFY, mark it reachable
                        again. [RT #25960]

3203.   [bug]           Increase log level to 'info' for validation failures
                        from expired or not-yet-valid RRSIGs. [RT #21796]

3202.   [bug]           NOEDNS caching on timeout was too aggressive.
                        [RT #26416]

3201.   [func]          'rndc querylog' can now be given an on/off parameter
                        instead of only being used as a toggle. [RT #18351]

3200.   [doc]           Some rndc functions were undocumented or were
                        missing from 'rndc -h' output. [RT #25555]

3199.   [func]          When logging client information, include the name
                        being queried. [RT #25944]

3198.   [doc]           Clarified that dnssec-settime can alter keyfile
                        permissions. [RT #24866]

3197.   [bug]           Don't try to log the filename and line number when
                        the config parser can't open a file. [RT #22263]

3196.   [bug]           nsupdate: return nonzero exit code when target zone
                        doesn't exist. [RT #25783]

3195.   [cleanup]       Silence "file not found" warnings when loading
                        managed-keys zone. [RT #26340]

3194.   [doc]           Updated RFC references in the 'empty-zones-enable'
                        documentation. [RT #25203]

3193.   [cleanup]       Changed MAXZONEKEYS to DNS_MAXZONEKEYS, moved to
                        dnssec.h. [RT #26415]

3192.   [bug]           A query structure could be used after being freed.
                        [RT #22208]

3191.   [bug]           Print NULL records using "unknown" format. [RT #26392]

3190.   [bug]           Underflow in error handling in isc_mutexblock_init.
                        [RT #26397]

3189.   [test]          Added a summary report after system tests. [RT #25517]

3188.   [bug]           zone.c:zone_refreshkeys() could fail to detach
                        references correctly when errors occurred, causing
                        a hang on shutdown. [RT #26372]

3187.   [port]          win32: support for Visual Studio 2008.  [RT #26356]
        --- 9.9.0b1 released ---

3186.   [bug]           Version/db mismatch in rpz code. [RT #26180]

3185.   [func]          New 'rndc signing' option for auto-dnssec zones:
                         - 'rndc signing -list' displays the current
                           state of signing operations
                         - 'rndc signing -clear' clears the signing state
                           records for keys that have fully signed the zone
                         - 'rndc signing -nsec3param' sets the NSEC3
                           parameters for the zone
                        The 'rndc keydone' syntax is removed. [RT #23729]

3184.   [bug]           named had excessive cpu usage when a redirect zone was
                        configured. [RT #26013]

3183.   [bug]           Added RTLD_GLOBAL flag to dlopen call. [RT #26301]

3182.   [bug]           Auth servers behind firewalls which block packets
                        greater than 512 bytes may cause other servers to
                        perform poorly. Now, adb retains edns information
                        and caches noedns servers. [RT #23392/24964]

3181.   [func]          Inline-signing is now supported for master zones.
                        [RT #26224]

3180.   [func]          Local copies of slave zones are now saved in raw
                        format by default, to improve startup performance.
                        'masterfile-format text;' can be used to override
                        the default, if desired. [RT #25867]

3179.   [port]          kfreebsd: build issues. [RT #26273]

3178.   [bug]           A race condition introduced by change #3163 could
                        cause an assertion failure on shutdown. [RT #26271]

3177.   [func]          'rndc keydone', remove the indicator record that
                        named has finished signing the zone with the
                        corresponding key.  [RT #26206]

3176.   [doc]           Corrected example code and added a README to the
                        sample external DLZ module in contrib/dlz/example.
                        [RT #26215]

3175.   [bug]           Fix how DNSSEC positive wildcard responses from a
                        NSEC3 signed zone are validated.  Stop sending a
                        unnecessary NSEC3 record when generating such
                        responses. [RT #26200]

3174.   [bug]           Always compute to revoked key tag from scratch.
                        [RT #26186]

3173.   [port]          Correctly validate root DS responses. [RT #25726]

3172.   [port]          darwin 10.* and freebsd [89] are now built threaded by
                        default.

3171.   [bug]           Exclusively lock the task when adding a zone using
                        'rndc addzone'.  [RT #25600]
        --- 9.9.0a3 released ---

3170.   [func]          RPZ update:
                        - fix precedence among competing rules
                        - improve ARM text including documenting rule precedence
                        - try to rewrite CNAME chains until first hit
                        - new "rpz" logging channel
                        - RDATA for CNAME rules can include wildcards
                        - replace "NO-OP" named.conf policy override with
                          "PASSTHRU" and add "DISABLED" override ("NO-OP"
                          is still recognized)
                        [RT #25172]

3169.   [func]          Catch db/version mis-matches when calling dns_db_*().
                        [RT #26017]

3168.   [bug]           Nxdomain redirection could trigger an assert with
                        a ANY query. [RT #26017]

3167.   [bug]           Negative answers from forwarders were not being
                        correctly tagged making them appear to not be cached.
                        [RT #25380]

3166.   [bug]           Upgrading a zone to support inline-signing failed.
                        [RT #26014]

3165.   [bug]           dnssec-signzone could generate new signatures when
                        resigning, even when valid signatures were already
                        present. [RT #26025]

3164.   [func]          Enable DLZ modules to retrieve client information,
                        so that responses can be changed depending on the
                        source address of the query. [RT #25768]

3163.   [bug]           Use finer-grained locking in client.c to address
                        concurrency problems with large numbers of threads.
                        [RT #26044]

3162.   [test]          start.pl: modified to allow for "named.args" in
                        ns*/ subdirectory to override stock arguments to
                        named. Largely from RT #26044, but no separate ticket.

3161.   [bug]           zone.c:del_sigs failed to always reset rdata leading
                        assertion failures. [RT #25880]

3160.   [bug]           When printing out a NSEC3 record in multiline form
                        the newline was not being printed causing type codes
                        to be run together. [RT #25873]

3159.   [bug]           On some platforms, named could assert on startup
                        when running in a chrooted environment without
                        /proc. [RT #25863]

3158.   [bug]           Recursive servers would prefer a particular UDP
                        socket instead of using all available sockets.
                        [RT #26038]

3157.   [tuning]        Reduce the time spent in "rndc reconfig" by parsing
                        the config file before pausing the server. [RT #21373]

3156.   [placeholder]
        --- 9.9.0a2 released ---

3155.   [bug]           Fixed a build failure when using contrib DLZ
                        drivers (e.g., mysql, postgresql, etc). [RT #25710]

3154.   [bug]           Attempting to print an empty rdataset could trigger
                        an assert. [RT #25452]

3153.   [func]          Extend request-ixfr to zone level and remove the
                        side effect of forcing an AXFR. [RT #25156]

3152.   [cleanup]       Some versions of gcc and clang failed due to
                        incorrect use of __builtin_expect. [RT #25183]

3151.   [bug]           Queries for type RRSIG or SIG could be handled
                        incorrectly.  [RT #21050]

3150.   [func]          Improved startup and reconfiguration time by
                        enabling zones to load in multiple threads. [RT #25333]

3149.   [placeholder]

3148.   [bug]           Processing of normal queries could be stalled when
                        forwarding a UPDATE message. [RT #24711]

3147.   [func]          Initial inline signing support.  [RT #23657]
        --- 9.9.0a1 released ---

3146.   [test]          Fixed gcc4.6.0 errors in ATF. [RT #25598]

3145.   [test]          Capture output of ATF unit tests in "./atf.out" if
                        there were any errors while running them. [RT #25527]

3144.   [bug]           dns_dbiterator_seek() could trigger an assert when
                        used with a nonexistent database node. [RT #25358]

3143.   [bug]           Silence clang compiler warnings. [RT #25174]

3142.   [bug]           NAPTR is class agnostic. [RT #25429]

3141.   [bug]           Silence spurious "zone serial (0) unchanged" messages
                        associated with empty zones. [RT #25079]

3140.   [func]          New command "rndc flushtree <name>" clears the
                        specified name from the server cache along with
                        all names under it. [RT #19970]

3139.   [test]          Added tests from RFC 6234, RFC 2202, and RFC 1321
                        for the hashing algorithms (md5, sha1 - sha512, and
                        their hmac counterparts).  [RT #25067]

3138.   [bug]           Address memory leaks and out-of-order operations when
                        shutting named down. [RT #25210]

3137.   [func]          Improve hardware scalability by allowing multiple
                        worker threads to process incoming UDP packets.
                        This can significantly increase query throughput
                        on some systems.  [RT #22992]

3136.   [func]          Add RFC 1918 reverse zones to the list of built-in
                        empty zones switched on by the 'empty-zones-enable'
                        option. [RT #24990]

3135.   [port]          FreeBSD: workaround broken IPV6_USE_MIN_MTU processing.
                        See http://www.freebsd.org/cgi/query-pr.cgi?pr=158307
                        [RT #24950]

3134.   [bug]           Improve the accuracy of dnssec-signzone's signing
                        statistics. [RT #16030]

3133.   [bug]           Change #3114 was incomplete. [RT #24577]

3132.   [placeholder]

3131.   [tuning]        Improve scalability by allocating one zone task
                        per 100 zones at startup time, rather than using a
                        fixed-size task table. [RT #24406]

3130.   [func]          Support alternate methods for managing a dynamic
                        zone's serial number.  Two methods are currently
                        defined using serial-update-method, "increment"
                        (default) and "unixtime".  [RT #23849]

3129.   [bug]           Named could crash on 'rndc reconfig' when
                        allow-new-zones was set to yes and named ACLs
                        were used. [RT #22739]

3128.   [func]          Inserting an NSEC3PARAM via dynamic update in an
                        auto-dnssec zone that has not been signed yet
                        will cause it to be signed with the specified NSEC3
                        parameters when keys are activated.  The
                        NSEC3PARAM record will not appear in the zone until
                        it is signed, but the parameters will be stored.
                        [RT #23684]

3127.   [bug]           'rndc thaw' will now remove a zone's journal file
                        if the zone serial number has been changed and
                        ixfr-from-differences is not in use.  [RT #24687]

3126.   [security]      Using DNAME record to generate replacements caused
                        RPZ to exit with a assertion failure. [RT #24766]

3125.   [security]      Using wildcard CNAME records as a replacement with
                        RPZ caused named to exit with a assertion failure.
                        [RT #24715]

3124.   [bug]           Use an rdataset attribute flag to indicate
                        negative-cache records rather than using rrtype 0;
                        this will prevent problems when that rrtype is
                        used in actual DNS packets. [RT #24777]

3123.   [security]      Change #2912 exposed a latent flaw in
                        dns_rdataset_totext() that could cause named to
                        crash with an assertion failure. [RT #24777]

3122.   [cleanup]       dnssec-settime: corrected usage message. [RT #24664]

3121.   [security]      An authoritative name server sending a negative
                        response containing a very large RRset could
                        trigger an off-by-one error in the ncache code
                        and crash named. [RT #24650]

3120.   [bug]           Named could fail to validate zones listed in a DLV
                        that validated insecure without using DLV and had
                        DS records in the parent zone. [RT #24631]

3119.   [bug]           When rolling to a new DNSSEC key, a private-type
                        record could be created and never marked complete.
                        [RT #23253]

3118.   [bug]           nsupdate could dump core on shutdown when using
                        SIG(0) keys. [RT #24604]

3117.   [cleanup]       Remove doc and parser references to the
                        never-implemented 'auto-dnssec create' option.
                        [RT #24533]

3116.   [func]          New 'dnssec-update-mode' option controls updates
                        of DNSSEC records in signed dynamic zones.  Set to
                        'no-resign' to disable automatic RRSIG regeneration
                        while retaining the ability to sign new or changed
                        data. [RT #24533]

3115.   [bug]           Named could fail to return requested data when
                        following a CNAME that points into the same zone.
                        [RT #24455]

3114.   [bug]           Retain expired RRSIGs in dynamic zones if key is
                        inactive and there is no replacement key. [RT #23136]

3113.   [doc]           Document the relationship between serial-query-rate
                        and NOTIFY messages.

3112.   [doc]           Add missing descriptions of the update policy name
                        types "ms-self", "ms-subdomain", "krb5-self" and
                        "krb5-subdomain", which allow machines to update
                        their own records, to the BIND 9 ARM.

3111.   [bug]           Improved consistency checks for dnssec-enable and
                        dnssec-validation, added test cases to the
                        checkconf system test. [RT #24398]

3110.   [bug]           dnssec-signzone: Wrong error message could appear
                        when attempting to sign with no KSK. [RT #24369]

3109.   [func]          The also-notify option now uses the same syntax
                        as a zone's masters clause.  This means it is
                        now possible to specify a TSIG key to use when
                        sending notifies to a given server, or to include
                        an explicit named masters list in an also-notify
                        statement.  [RT #23508]

3108.   [cleanup]       dnssec-signzone: Clarified some error and
                        warning messages; removed #ifdef ALLOW_KSKLESS_ZONES
                        code (use -P instead). [RT #20852]

3107.   [bug]           dnssec-signzone: Report the correct number of ZSKs
                        when using -x. [RT #20852]

3106.   [func]          When logging client requests, include the name of
                        the TSIG key if any. [RT #23619]

3105.   [bug]           GOST support can be suppressed by "configure
                        --without-gost" [RT #24367]

3104.   [bug]           Better support for cross-compiling. [RT #24367]

3103.   [bug]           Configuring 'dnssec-validation auto' in a view
                        instead of in the options statement could trigger
                        an assertion failure in named-checkconf. [RT #24382]

3102.   [func]          New 'dnssec-loadkeys-interval' option configures
                        how often, in minutes, to check the key repository
                        for updates when using automatic key maintenance.
                        Default is every 60 minutes (formerly hard-coded
                        to 12 hours). [RT #23744]

3101.   [bug]           Zones using automatic key maintenance could fail
                        to check the key repository for updates. [RT #23744]

3100.   [security]      Certain response policy zone configurations could
                        trigger an INSIST when receiving a query of type
                        RRSIG. [RT #24280]

3099.   [test]          "dlz" system test now runs but gives R:SKIPPED if
                        not compiled with --with-dlz-filesystem.  [RT #24146]

3098.   [bug]           DLZ zones were answering without setting the AA bit.
                        [RT #24146]

3097.   [test]          Add a tool to test handling of malformed packets.
                        [RT #24096]

3096.   [bug]           Set KRB5_KTNAME before calling log_cred() in
                        dst_gssapi_acceptctx(). [RT #24004]

3095.   [bug]           Handle isolated reserved ports in the port range.
                        [RT #23957]

3094.   [doc]           Expand dns64 documentation.

3093.   [bug]           Fix gssapi/kerberos dependencies [RT #23836]

3092.   [bug]           Signatures for records at the zone apex could go
                        stale due to an incorrect timer setting. [RT #23769]

3091.   [bug]           Fixed a bug in which zone keys that were published
                        and then subsequently activated could fail to trigger
                        automatic signing. [RT #22911]

3090.   [func]          Make --with-gssapi default [RT #23738]

3089.   [func]          dnssec-dsfromkey now supports reading keys from
                        standard input "dnssec-dsfromkey -f -". [RT #20662]

3088.   [bug]           Remove bin/tests/system/logfileconfig/ns1/named.conf
                        and add setup.sh in order to resolve changing
                        named.conf issue.  [RT #23687]

3087.   [bug]           DDNS updates using SIG(0) with update-policy match
                        type "external" could cause a crash. [RT #23735]

3086.   [bug]           Running dnssec-settime -f on an old-style key will
                        now force an update to the new key format even if no
                        other change has been specified, using "-P now -A now"
                        as default values.  [RT #22474]

3085.   [func]          New '-R' option in dnssec-signzone forces removal
                        of signatures which have not yet expired but
                        were generated by a key that no longer exists.
                        [RT #22471]

3084.   [func]          A new command "rndc sync" dumps pending changes in
                        a dynamic zone to disk; "rndc sync -clean" also
                        removes the journal file after syncing.  Also,
                        "rndc freeze" no longer removes journal files.
                        [RT #22473]

3083.   [bug]           NOTIFY messages were not being sent when generating
                        a NSEC3 chain incrementally. [RT #23702]

3082.   [port]          strtok_r is threads only. [RT #23747]

3081.   [bug]           Failure of DNAME substitution did not return
                        YXDOMAIN. [RT #23591]

3080.   [cleanup]       Replaced compile time constant by STDTIME_ON_32BITS.
                        [RT #23587]

3079.   [bug]           Handle isc_event_allocate failures in t_tasks.
                        [RT #23572]

3078.   [func]          Added a new include file with function typedefs
                        for the DLZ "dlopen" driver. [RT #23629]

3077.   [bug]           zone.c:zone_refreshkeys() incorrectly called
                        dns_zone_attach(), use zone->irefs instead. [RT #23303]

3076.   [func]          New '-L' option in dnssec-keygen, dnsset-settime, and
                        dnssec-keyfromlabel sets the default TTL of the
                        key.  When possible, automatic signing will use that
                        TTL when the key is published.  [RT #23304]

3075.   [bug]           dns_dnssec_findzonekeys{2} used a inconsistent
                        timestamp when determining which keys are active.
                        [RT #23642]

3074.   [bug]           Make the adb cache read through for zone data and
                        glue learn for zone named is authoritative for.
                        [RT #22842]

3073.   [bug]           managed-keys changes were not properly being recorded.
                        [RT #20256]

3072.   [bug]           dns_dns64_aaaaok() potential NULL pointer dereference.
                        [RT #20256]

3071.   [bug]           has_nsec could be used uninitialized in
                        update.c:next_active. [RT #20256]

3070.   [bug]           dnssec-signzone potential NULL pointer dereference.
                        [RT #20256]

3069.   [cleanup]       Silence warnings messages from clang static analysis.
                        [RT #20256]

3068.   [bug]           Named failed to build with a OpenSSL without engine
                        support. [RT #23473]

3067.   [bug]           ixfr-from-differences {master|slave}; failed to
                        select the master/slave zones.  [RT #23580]

3066.   [func]          The DLZ "dlopen" driver is now built by default,
                        no longer requiring a configure option.  To
                        disable it, use "configure --without-dlopen".
                        Driver also supported on win32.  [RT #23467]

3065.   [bug]           RRSIG could have time stamps too far in the future.
                        [RT #23356]

3064.   [bug]           powerpc: add sync instructions to the end of atomic
                        operations. [RT #23469]

3063.   [contrib]       More verbose error reporting from DLZ LDAP. [RT #23402]

3062.   [func]          Made several changes to enhance human readability
                        of DNSSEC data in dig output and in generated
                        zone files:
                         - DNSKEY record comments are more verbose, no
                           longer used in multiline mode only
                         - multiline RRSIG records reformatted
                         - multiline output mode for NSEC3PARAM records
                         - "dig +norrcomments" suppresses DNSKEY comments
                         - "dig +split=X" breaks hex/base64 records into
                           fields of width X; "dig +nosplit" disables this.
                        [RT #22820]

3061.   [func]          New option "dnssec-signzone -D", only write out
                        generated DNSSEC records. [RT #22896]

3060.   [func]          New option "dnssec-signzone -X <date>" allows
                        specification of a separate expiration date
                        for DNSKEY RRSIGs and other RRSIGs. [RT #22141]

3059.   [test]          Added a regression test for change #3023.

3058.   [bug]           Cause named to terminate at startup or rndc reconfig/
                        reload to fail, if a log file specified in the conf
                        file isn't a plain file. [RT #22771]

3057.   [bug]           "rndc secroots" would abort after the first error
                        and so could miss some views. [RT #23488]

3056.   [func]          Added support for URI resource record. [RT #23386]

3055.   [placeholder]

3054.   [bug]           Added elliptic curve support check in
                        GOST OpenSSL engine detection. [RT #23485]

3053.   [bug]           Under a sustained high query load with a finite
                        max-cache-size, it was possible for cache memory
                        to be exhausted and not recovered. [RT #23371]

3052.   [test]          Fixed last autosign test report. [RT #23256]

3051.   [bug]           NS records obscure DNAME records at the bottom of the
                        zone if both are present. [RT #23035]

3050.   [bug]           The autosign system test was timing dependent.
                        Wait for the initial autosigning to complete
                        before running the rest of the test. [RT #23035]

3049.   [bug]           Save and restore the gid when creating creating
                        named.pid at startup. [RT #23290]

3048.   [bug]           Fully separate view key management. [RT #23419]

3047.   [bug]           DNSKEY NODATA responses not cached fixed in
                        validator.c. Tests added to dnssec system test.
                        [RT #22908]

3046.   [bug]           Use RRSIG original TTL to compute validated RRset
                        and RRSIG TTL. [RT #23332]

3045.   [removed]       Replaced by change #3050.

3044.   [bug]           Hold the socket manager lock while freeing the socket.
                        [RT #23333]

3043.   [test]          Merged in the NetBSD ATF test framework (currently
                        version 0.12) for development of future unit tests.
                        Use configure --with-atf to build ATF internally
                        or configure --with-atf=prefix to use an external
                        copy.  [RT #23209]

3042.   [bug]           dig +trace could fail attempting to use IPv6
                        addresses on systems with only IPv4 connectivity.
                        [RT #23297]

3041.   [bug]           dnssec-signzone failed to generate new signatures on
                        ttl changes. [RT #23330]

3040.   [bug]           Named failed to validate insecure zones where a node
                        with a CNAME existed between the trust anchor and the
                        top of the zone. [RT #23338]

3039.   [func]          Redirect on NXDOMAIN support. [RT #23146]

3038.   [bug]           Install <dns/rpz.h>.  [RT #23342]

3037.   [doc]           Update COPYRIGHT to contain all the individual
                        copyright notices that cover various parts.

3036.   [bug]           Check built-in zone arguments to see if the zone
                        is re-usable or not. [RT #21914]

3035.   [cleanup]       Simplify by using strlcpy. [RT #22521]

3034.   [cleanup]       nslookup: use strlcpy instead of safecopy. [RT #22521]

3033.   [cleanup]       Add two INSIST(bucket != DNS_ADB_INVALIDBUCKET).
                        [RT #22521]

3032.   [bug]           rdatalist.c: add missing REQUIREs. [RT #22521]

3031.   [bug]           dns_rdataclass_format() handle a zero sized buffer.
                        [RT #22521]

3030.   [bug]           dns_rdatatype_format() handle a zero sized buffer.
                        [RT #22521]

3029.   [bug]           isc_netaddr_format() handle a zero sized buffer.
                        [RT #22521]

3028.   [bug]           isc_sockaddr_format() handle a zero sized buffer.
                        [RT #22521]

3027.   [bug]           Add documented REQUIREs to cfg_obj_asnetprefix() to
                        catch NULL pointer dereferences before they happen.
                        [RT #22521]

3026.   [bug]           lib/isc/httpd.c: check that we have enough space
                        after calling grow_headerspace() and if not
                        re-call grow_headerspace() until we do. [RT #22521]

3025.   [bug]           Fixed a possible deadlock due to zone resigning.
                        [RT #22964]

3024.   [func]          RTT Banding removed due to minor security increase
                        but major impact on resolver latency. [RT #23310]

3023.   [bug]           Named could be left in an inconsistent state when
                        receiving multiple AXFR response messages that were
                        not all TSIG-signed. [RT #23254]

3022.   [bug]           Fixed rpz SERVFAILs after failed zone transfers
                        [RT #23246]

3021.   [bug]           Change #3010 was incomplete. [RT #22296]

3020.   [bug]           auto-dnssec failed to correctly update the zone when
                        changing the DNSKEY RRset. [RT #23232]

3019.   [test]          Test: check apex NSEC3 records after adding DNSKEY
                        record via UPDATE. [RT #23229]

3018.   [bug]           Named failed to check for the "none;" acl when deciding
                        if a zone may need to be re-signed. [RT #23120]

3017.   [doc]           dnssec-keyfromlabel -I was not properly documented.
                        [RT #22887]

3016.   [bug]           rndc usage missing '-b'. [RT #22937]

3015.   [port]          win32: fix IN6_IS_ADDR_LINKLOCAL and
                        IN6_IS_ADDR_SITELOCAL macros. [RT #22724]

3014.   [placeholder]

3013.   [bug]           The DNS64 ttl was not always being set as expected.
                        [RT #23034]

3012.   [bug]           Remove DNSKEY TTL change pairs before generating
                        signing records for any remaining DNSKEY changes.
                        [RT #22590]

3011.   [func]          Change the default query timeout from 30 seconds
                        to 10.  Allow setting this in named.conf using the new
                        'resolver-query-timeout' option, which specifies a max
                        time in seconds.  0 means 'default' and anything longer
                        than 30 will be silently set to 30. [RT #22852]

3010.   [bug]           Fixed a bug where "rndc reconfig" stopped the timer
                        for refreshing managed-keys. [RT #22296]

3009.   [bug]           clients-per-query code didn't work as expected with
                        particular query patterns. [RT #22972]
        --- 9.8.0b1 released ---

3008.   [func]          Response policy zones (RPZ) support. [RT #21726]

3007.   [bug]           Named failed to preserve the case of domain names in
                        rdata which is not compressible when writing master
                        files.  [RT #22863]

3006.   [func]          Allow dynamically generated TSIG keys to be preserved
                        across restarts of named.  Initially this is for
                        TSIG keys generated using GSSAPI. [RT #22639]

3005.   [port]          Solaris: Work around the lack of
                        gsskrb5_register_acceptor_identity() by setting
                        the KRB5_KTNAME environment variable to the
                        contents of tkey-gssapi-keytab.  Also fixed
                        test errors on MacOSX.  [RT #22853]

3004.   [func]          DNS64 reverse support. [RT #22769]

3003.   [experimental]  Added update-policy match type "external",
                        enabling named to defer the decision of whether to
                        allow a dynamic update to an external daemon.
                        (Contributed by Andrew Tridgell.) [RT #22758]

3002.   [bug]           isc_mutex_init_errcheck() failed to destroy attr.
                        [RT #22766]

3001.   [func]          Added a default trust anchor for the root zone, which
                        can be switched on by setting "dnssec-validation auto;"
                        in the named.conf options. [RT #21727]

3000.   [bug]           More TKEY/GSS fixes:
                         - nsupdate can now get the default realm from
                           the user's Kerberos principal
                         - corrected gsstest compilation flags
                         - improved documentation
                         - fixed some NULL dereferences
                        [RT #22795]

2999.   [func]          Add GOST support (RFC 5933). [RT #20639]

2998.   [func]          Add isc_task_beginexclusive and isc_task_endexclusive
                        to the task api. [RT #22776]

2997.   [func]          named -V now reports the OpenSSL and libxml2 versions
                        it was compiled against. [RT #22687]

2996.   [security]      Temporarily disable SO_ACCEPTFILTER support.
                        [RT #22589]

2995.   [bug]           The Kerberos realm was not being correctly extracted
                        from the signer's identity. [RT #22770]

2994.   [port]          NetBSD: use pthreads by default on NetBSD >= 5.0, and
                        do not use threads on earlier versions.  Also kill
                        the unproven-pthreads, mit-pthreads, and ptl2 support.

2993.   [func]          Dynamically grow adb hash tables. [RT #21186]

2992.   [contrib]       contrib/check-secure-delegation.pl:  A simple tool
                        for looking at a secure delegation. [RT #22059]

2991.   [contrib]       contrib/zone-edit.sh: A simple zone editing tool for
                        dynamic zones. [RT #22365]

2990.   [bug]           'dnssec-settime -S' no longer tests prepublication
                        interval validity when the interval is set to 0.
                        [RT #22761]

2989.   [func]          Added support for writable DLZ zones. (Contributed
                        by Andrew Tridgell of the Samba project.) [RT #22629]

2988.   [experimental]  Added a "dlopen" DLZ driver, allowing the creation
                        of external DLZ drivers that can be loaded as
                        shared objects at runtime rather than linked with
                        named.  Currently this is switched on via a
                        compile-time option, "configure --with-dlz-dlopen".
                        Note: the syntax for configuring DLZ zones
                        is likely to be refined in future releases.
                        (Contributed by Andrew Tridgell of the Samba
                        project.) [RT #22629]

2987.   [func]          Improve ease of configuring TKEY/GSS updates by
                        adding a "tkey-gssapi-keytab" option.  If set,
                        updates will be allowed with any key matching
                        a principal in the specified keytab file.
                        "tkey-gssapi-credential" is no longer required
                        and is expected to be deprecated.  (Contributed
                        by Andrew Tridgell of the Samba project.)
                        [RT #22629]

2986.   [func]          Add new zone type "static-stub".  It's like a stub
                        zone, but the nameserver names and/or their IP
                        addresses are statically configured. [RT #21474]

2985.   [bug]           Add a regression test for change #2896. [RT #21324]

2984.   [bug]           Don't run MX checks when the target of the MX record
                        is ".".  [RT #22645]

2983.   [bug]           Include "loadkeys" in rndc help output. [RT #22493]
        --- 9.8.0a1 released ---

2982.   [bug]           Reference count dst keys.  dst_key_attach() can be used
                        increment the reference count.

                        Note: dns_tsigkey_createfromkey() callers should now
                        always call dst_key_free() rather than setting it
                        to NULL on success. [RT #22672]

2981.   [func]          Partial DNS64 support (AAAA synthesis). [RT #21991]

2980.   [bug]           named didn't properly handle UPDATES that changed the
                        TTL of the NSEC3PARAM RRset. [RT #22363]

2979.   [bug]           named could deadlock during shutdown if two
                        "rndc stop" commands were issued at the same
                        time. [RT #22108]

2978.   [port]          hpux: look for <devpoll.h> [RT #21919]

2977.   [bug]           'nsupdate -l' report if the session key is missing.
                        [RT #21670]

2976.   [bug]           named could die on exit after negotiating a GSS-TSIG
                        key. [RT #22573]

2975.   [bug]           rbtdb.c:cleanup_dead_nodes_callback() acquired the
                        wrong lock which could lead to server deadlock.
                        [RT #22614]

2974.   [bug]           Some valid UPDATE requests could fail due to a
                        consistency check examining the existing version
                        of the zone rather than the new version resulting
                        from the UPDATE. [RT #22413]

2973.   [bug]           bind.keys.h was being removed by the "make clean"
                        at the end of configure resulting in build failures
                        where there is very old version of perl installed.
                        Move it to "make maintainer-clean". [RT #22230]

2972.   [bug]           win32: address windows socket errors. [RT #21906]

2971.   [bug]           Fixed a bug that caused journal files not to be
                        compacted on Windows systems as a result of
                        non-POSIX-compliant rename() semantics. [RT #22434]

2970.   [security]      Adding a NO DATA negative cache entry failed to clear
                        any matching RRSIG records.  A subsequent lookup of
                        of NO DATA cache entry could trigger a INSIST when the
                        unexpected RRSIG was also returned with the NO DATA
                        cache entry.

                        CVE-2010-3613, VU#706148. [RT #22288]

2969.   [security]      Fix acl type processing so that allow-query works
                        in options and view statements.  Also add a new
                        set of tests to verify proper functioning.

                        CVE-2010-3615, VU#510208. [RT #22418]

2968.   [security]      Named could fail to prove a data set was insecure
                        before marking it as insecure.  One set of conditions
                        that can trigger this occurs naturally when rolling
                        DNSKEY algorithms.

                        CVE-2010-3614, VU#837744. [RT #22309]

2967.   [bug]           'host -D' now turns on debugging messages earlier.
                        [RT #22361]

2966.   [bug]           isc_print_vsnprintf() failed to check if there was
                        space available in the buffer when adding a left
                        justified character with a non zero width,
                        (e.g. "%-1c"). [RT #22270]

2965.   [func]          Test HMAC functions using test data from RFC 2104 and
                        RFC 4634. [RT #21702]

2964.   [placeholder]

2963.   [security]      The allow-query acl was being applied instead of the
                        allow-query-cache acl to cache lookups. [RT #22114]

2962.   [port]          win32: add more dependencies to BINDBuild.dsw.
                        [RT #22062]

2961.   [bug]           Be still more selective about the non-authoritative
                        answers we apply change 2748 to. [RT #22074]

2960.   [func]          Check that named accepts non-authoritative answers.
                        [RT #21594]

2959.   [func]          Check that named starts with a missing masterfile.
                        [RT #22076]

2958.   [bug]           named failed to start with a missing master file.
                        [RT #22076]

2957.   [bug]           entropy_get() and entropy_getpseudo() failed to match
                        the API for RAND_bytes() and RAND_pseudo_bytes()
                        respectively. [RT #21962]

2956.   [port]          Enable atomic operations on the PowerPC64. [RT #21899]

2955.   [func]          Provide more detail in the recursing log. [RT #22043]

2954.   [bug]           contrib: dlz_mysql_driver.c bad error handling on
                        build_sqldbinstance failure. [RT #21623]

2953.   [bug]           Silence spurious "expected covering NSEC3, got an
                        exact match" message when returning a wildcard
                        no data response. [RT #21744]

2952.   [port]          win32: named-checkzone and named-checkconf failed
                        to initialize winsock. [RT #21932]

2951.   [bug]           named failed to generate a correct signed response
                        in a optout, delegation only zone with no secure
                        delegations. [RT #22007]

2950.   [bug]           named failed to perform a SOA up to date check when
                        falling back to TCP on UDP timeouts when
                        ixfr-from-differences was set. [RT #21595]

2949.   [bug]           dns_view_setnewzones() contained a memory leak if
                        it was called multiple times. [RT #21942]

2948.   [port]          MacOS: provide a mechanism to configure the test
                        interfaces at reboot. See bin/tests/system/README
                        for details.

2947.   [placeholder]

2946.   [doc]           Document the default values for the minimum and maximum
                        zone refresh and retry values in the ARM. [RT #21886]

2945.   [doc]           Update empty-zones list in ARM. [RT #21772]

2944.   [maint]         Remove ORCHID prefix from built in empty zones.
                        [RT #21772]

2943.   [func]          Add support to load new keys into managed zones
                        without signing immediately with "rndc loadkeys".
                        Add support to link keys with "dnssec-keygen -S"
                        and "dnssec-settime -S".  [RT #21351]

2942.   [contrib]       zone2sqlite failed to setup the entropy sources.
                        [RT #21610]

2941.   [bug]           sdb and sdlz (dlz's zone database) failed to support
                        DNAME at the zone apex.  [RT #21610]

2940.   [port]          Remove connection aborted error message on
                        Windows. [RT #21549]

2939.   [func]          Check that named successfully skips NSEC3 records
                        that fail to match the NSEC3PARAM record currently
                        in use. [RT #21868]

2938.   [bug]           When generating signed responses, from a signed zone
                        that uses NSEC3, named would use a uninitialized
                        pointer if it needed to skip a NSEC3 record because
                        it didn't match the selected NSEC3PARAM record for
                        zone. [RT #21868]

2937.   [bug]           Worked around an apparent race condition in over
                        memory conditions.  Without this fix a DNS cache DB or
                        ADB could incorrectly stay in an over memory state,
                        effectively refusing further caching, which
                        subsequently made a BIND 9 caching server unworkable.
                        This fix prevents this problem from happening by
                        polling the state of the memory context, rather than
                        making a copy of the state, which appeared to cause
                        a race.  This is a "workaround" in that it doesn't
                        solve the possible race per se, but several experiments
                        proved this change solves the symptom.  Also, the
                        polling overhead hasn't been reported to be an issue.
                        This bug should only affect a caching server that
                        specifies a finite max-cache-size.  It's also quite
                        likely that the bug happens only when enabling threads,
                        but it's not confirmed yet. [RT #21818]

2936.   [func]          Improved configuration syntax and multiple-view
                        support for addzone/delzone feature (see change
                        #2930).  Removed "new-zone-file" option, replaced
                        with "allow-new-zones (yes|no)".  The new-zone-file
                        for each view is now created automatically, with
                        a filename generated from a hash of the view name.
                        It is no longer necessary to "include" the
                        new-zone-file in named.conf; this happens
                        automatically.  Zones that were not added via
                        "rndc addzone" can no longer be removed with
                        "rndc delzone". [RT #19447]

2935.   [bug]           nsupdate: improve 'file not found' error message.
                        [RT #21871]

2934.   [bug]           Use ANSI C compliant shift range in lib/isc/entropy.c.
                        [RT #21871]

2933.   [bug]           'dig +nsid' used stack memory after it went out of
                        scope.  This could potentially result in a unknown,
                        potentially malformed, EDNS option being sent instead
                        of the desired NSID option. [RT #21781]

2932.   [cleanup]       Corrected a numbering error in the "dnssec" test.
                        [RT #21597]

2931.   [bug]           Temporarily and partially disable change 2864
                        because it would cause infinite attempts of RRSIG
                        queries.  This is an urgent care fix; we'll
                        revisit the issue and complete the fix later.
                        [RT #21710]

2930.   [experimental]  New "rndc addzone" and "rndc delzone" commands
                        allow dynamic addition and deletion of zones.
                        To enable this feature, specify a "new-zone-file"
                        option at the view or options level in named.conf.
                        Zone configuration information for the new zones
                        will be written into that file.  To make the new
                        zones persist after a restart, "include" the file
                        into named.conf in the appropriate view.  (Note:
                        This feature is not yet documented, and its syntax
                        is expected to change.) [RT #19447]

2929.   [bug]           Improved handling of GSS security contexts:
                         - added LRU expiration for generated TSIGs
                         - added the ability to use a non-default realm
                         - added new "realm" keyword in nsupdate
                         - limited lifetime of generated keys to 1 hour
                           or the lifetime of the context (whichever is
                           smaller)
                        [RT #19737]

2928.   [bug]           Be more selective about the non-authoritative
                        answer we apply change 2748 to. [RT #21594]

2927.   [placeholder]

2926.   [placeholder]

2925.   [bug]           Named failed to accept uncachable negative responses
                        from insecure zones. [RT #21555]

2924.   [func]          'rndc  secroots'  dump a combined summary of the
                        current managed keys combined with trusted keys.
                        [RT #20904]

2923.   [bug]           'dig +trace' could drop core after "connection
                        timeout". [RT #21514]

2922.   [contrib]       Update zkt to version 1.0.

2921.   [bug]           The resolver could attempt to destroy a fetch context
                        too soon.  [RT #19878]

2920.   [func]          Allow 'filter-aaaa-on-v4' to be applied selectively
                        to IPv4 clients.  New acl 'filter-aaaa' (default any).

2919.   [func]          Add autosign-ksk and autosign-zsk virtual time tests.
                        [RT #20840]

2918.   [maint]         Add AAAA address for I.ROOT-SERVERS.NET.

2917.   [func]          Virtual time test framework. [RT #20801]

2916.   [func]          Add framework to use IPv6 in tests.
                        fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7

2915.   [cleanup]       Be smarter about which objects we attempt to compile
                        based on configure options. [RT #21444]

2914.   [bug]           Make the "autosign" system test more portable.
                        [RT #20997]

2913.   [func]          Add pkcs#11 system tests. [RT #20784]

2912.   [func]          Windows clients don't like UPDATE responses that clear
                        the zone section. [RT #20986]

2911.   [bug]           dnssec-signzone didn't handle out of zone records well.
                        [RT #21367]

2910.   [func]          Sanity check Kerberos credentials. [RT #20986]

2909.   [bug]           named-checkconf -p could die if "update-policy local;"
                        was specified in named.conf. [RT #21416]

2908.   [bug]           It was possible for re-signing to stop after removing
                        a DNSKEY. [RT #21384]

2907.   [bug]           The export version of libdns had undefined references.
                        [RT #21444]

2906.   [bug]           Address RFC 5011 implementation issues. [RT #20903]

2905.   [port]          aix: set use_atomic=yes with native compiler.
                        [RT #21402]

2904.   [bug]           When using DLV, sub-zones of the zones in the DLV,
                        could be incorrectly marked as insecure instead of
                        secure leading to negative proofs failing.  This was
                        a unintended outcome from change 2890. [RT #21392]

2903.   [bug]           managed-keys-directory missing from namedconf.c.
                        [RT #21370]

2902.   [func]          Add regression test for change 2897. [RT #21040]

2901.   [port]          Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]

2900.   [bug]           The placeholder negative caching element was not
                        properly constructed triggering a INSIST in
                        dns_ncache_towire(). [RT #21346]

2899.   [port]          win32: Support linking against OpenSSL 1.0.0.

2898.   [bug]           nslookup leaked memory when -domain=value was
                        specified. [RT #21301]

2897.   [bug]           NSEC3 chains could be left behind when transitioning
                        to insecure. [RT #21040]

2896.   [bug]           "rndc sign" failed to properly update the zone
                        when adding a DNSKEY for publication only. [RT #21045]

2895.   [func]          genrandom: add support for the generation of multiple
                        files.  [RT #20917]

2894.   [contrib]       DLZ LDAP support now use '$' not '%'. [RT #21294]

2893.   [bug]           Improve managed keys support.  New named.conf option
                        managed-keys-directory. [RT #20924]

2892.   [bug]           Handle REVOKED keys better. [RT #20961]

2891.   [maint]         Update empty-zones list to match
                        draft-ietf-dnsop-default-local-zones-13. [RT #21099]

2890.   [bug]           Handle the introduction of new trusted-keys and
                        DS, DLV RRsets better. [RT #21097]

2889.   [bug]           Elements of the grammar where not properly reported.
                        [RT #21046]

2888.   [bug]           Only the first EDNS option was displayed. [RT #21273]

2887.   [bug]           Report the keytag times in UTC in the .key file,
                        local time is presented as a comment within the
                        comment.  [RT #21223]

2886.   [bug]           ctime() is not thread safe. [RT #21223]

2885.   [bug]           Improve -fno-strict-aliasing support probing in
                        configure. [RT #21080]

2884.   [bug]           Insufficient validation in dns_name_getlabelsequence().
                        [RT #21283]

2883.   [bug]           'dig +short' failed to handle really large datasets.
                        [RT #21113]

2882.   [bug]           Remove memory context from list of active contexts
                        before clearing 'magic'. [RT #21274]

2881.   [bug]           Reduce the amount of time the rbtdb write lock
                        is held when closing a version. [RT #21198]

2880.   [cleanup]       Make the output of dnssec-keygen and dnssec-revoke
                        consistent. [RT #21078]

2879.   [contrib]       DLZ bdbhpt driver fails to close correct cursor.
                        [RT #21106]

2878.   [func]          Incrementally write the master file after performing
                        a AXFR.  [RT #21010]

2877.   [bug]           The validator failed to skip obviously mismatching
                        RRSIGs. [RT #21138]

2876.   [bug]           Named could return SERVFAIL for negative responses
                        from unsigned zones. [RT #21131]

2875.   [bug]           dns_time64_fromtext() could accept non digits.
                        [RT #21033]

2874.   [bug]           Cache lack of EDNS support only after the server
                        successfully responds to the query using plain DNS.
                        [RT #20930]

2873.   [bug]           Canceling a dynamic update via the dns/client module
                        could trigger an assertion failure. [RT #21133]

2872.   [bug]           Modify dns/client.c:dns_client_createx() to only
                        require one of IPv4 or IPv6 rather than both.
                        [RT #21122]

2871.   [bug]           Type mismatch in mem_api.c between the definition and
                        the header file, causing build failure with
                        --enable-exportlib. [RT #21138]

2870.   [maint]         Add AAAA address for L.ROOT-SERVERS.NET.

2869.   [bug]           Fix arguments to dns_keytable_findnextkeynode() call.
                        [RT #20877]

2868.   [cleanup]       Run "make clean" at the end of configure to ensure
                        any changes made by configure are integrated.
                        Use --with-make-clean=no to disable.  [RT #20994]

2867.   [bug]           Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
                        don't like it.  [RT #20986]

2866.   [bug]           Windows does not like the TSIG name being compressed.
                        [RT #20986]

2865.   [bug]           memset to zero event.data.  [RT #20986]

2864.   [bug]           Direct SIG/RRSIG queries were not handled correctly.
                        [RT #21050]

2863.   [port]          linux: disable IPv6 PMTUD and use network minimum MTU.
                        [RT #21056]

2862.   [bug]           nsupdate didn't default to the parent zone when
                        updating DS records. [RT #20896]

2861.   [doc]           dnssec-settime man pages didn't correctly document the
                        inactivation time. [RT #21039]

2860.   [bug]           named-checkconf's usage was out of date. [RT #21039]

2859.   [bug]           When canceling validation it was possible to leak
                        memory. [RT #20800]

2858.   [bug]           RTT estimates were not being adjusted on ICMP errors.
                        [RT #20772]

2857.   [bug]           named-checkconf did not fail on a bad trusted key.
                        [RT #20705]

2856.   [bug]           The size of a memory allocation was not always properly
                        recorded. [RT #20927]

2855.   [func]          nsupdate will now preserve the entered case of domain
                        names in update requests it sends. [RT #20928]

2854.   [func]          dig: allow the final soa record in a axfr response to
                        be suppressed, dig +onesoa. [RT #20929]

2853.   [bug]           add_sigs() could run out of scratch space. [RT #21015]

2852.   [bug]           Handle broken DNSSEC trust chains better. [RT #15619]

2851.   [doc]           nslookup.1, removed <informalexample> from the docbook
                        source as it produced bad nroff.  [RT #21007]

2850.   [bug]           If isc_heap_insert() failed due to memory shortage
                        the heap would have corrupted entries. [RT #20951]

2849.   [bug]           Don't treat errors from the xml2 library as fatal.
                        [RT #20945]

2848.   [doc]           Moved README.dnssec, README.libdns, README.pkcs11 and
                        README.rfc5011 into the ARM. [RT #20899]

2847.   [cleanup]       Corrected usage message in dnssec-settime. [RT #20921]

2846.   [bug]           EOF on unix domain sockets was not being handled
                        correctly. [RT #20731]

2845.   [bug]           RFC 5011 client could crash on shutdown. [RT #20903]

2844.   [doc]           notify-delay default in ARM was wrong.  It should have
                        been five (5) seconds.

2843.   [func]          Prevent dnssec-keygen and dnssec-keyfromlabel from
                        creating key files if there is a chance that the new
                        key ID will collide with an existing one after
                        either of the keys has been revoked.  (To override
                        this in the case of dnssec-keyfromlabel, use the -y
                        option.  dnssec-keygen will simply create a
                        different, non-colliding key, so an override is
                        not necessary.) [RT #20838]

2842.   [func]          Added "smartsign" and improved "autosign" and
                        "dnssec" regression tests. [RT #20865]

2841.   [bug]           Change 2836 was not complete. [RT #20883]

2840.   [bug]           Temporary fixed pkcs11-destroy usage check.
                        [RT #20760]

2839.   [bug]           A KSK revoked by named could not be deleted.
                        [RT #20881]

2838.   [placeholder]

2837.   [port]          Prevent Linux spurious warnings about fwrite().
                        [RT #20812]

2836.   [bug]           Keys that were scheduled to become active could
                        be delayed. [RT #20874]

2835.   [bug]           Key inactivity dates were inadvertently stored in
                        the private key file with the outdated tag
                        "Unpublish" rather than "Inactive".  This has been
                        fixed; however, any existing keys that had Inactive
                        dates set will now need to have them reset, using
                        'dnssec-settime -I'. [RT #20868]

2834.   [bug]           HMAC-SHA* keys that were longer than the algorithm
                        digest length were used incorrectly, leading to
                        interoperability problems with other DNS
                        implementations.  This has been corrected.
                        (Note: If an oversize key is in use, and
                        compatibility is needed with an older release of
                        BIND, the new tool "isc-hmac-fixup" can convert
                        the key secret to a form that will work with all
                        versions.) [RT #20751]

2833.   [cleanup]       Fix usage messages in dnssec-keygen and dnssec-settime.
                        [RT #20851]

2832.   [bug]           Modify "struct stat" in lib/export/samples/nsprobe.c
                        to avoid redefinition in some OSs [RT 20831]

2831.   [security]      Do not attempt to validate or cache
                        out-of-bailiwick data returned with a secure
                        answer; it must be re-fetched from its original
                        source and validated in that context. [RT #20819]

2830.   [bug]           Changing the OPTOUT setting could take multiple
                        passes. [RT #20813]

2829.   [bug]           Fixed potential node inconsistency in rbtdb.c.
                        [RT #20808]

2828.   [security]      Cached CNAME or DNAME RR could be returned to clients
                        without DNSSEC validation. [RT #20737]

2827.   [security]      Bogus NXDOMAIN could be cached as if valid. [RT #20712]

2826.   [bug]           NSEC3->NSEC transitions could fail due to a lock not
                        being released.  [RT #20740]

2825.   [bug]           Changing the setting of OPTOUT in a NSEC3 chain that
                        was in the process of being created was not properly
                        recorded in the zone. [RT #20786]

2824.   [bug]           "rndc sign" was not being run by the correct task.
                        [RT #20759]

2823.   [bug]           rbtdb.c:getsigningtime() was missing locks. [RT #20781]

2822.   [bug]           rbtdb.c:loadnode() could return the wrong result.
                        [RT #20802]

2821.   [doc]           Add note that named-checkconf doesn't automatically
                        read rndc.key and bind.keys [RT #20758]

2820.   [func]          Handle read access failure of OpenSSL configuration
                        file more user friendly (PKCS#11 engine patch).
                        [RT #20668]

2819.   [cleanup]       Removed unnecessary DNS_POINTER_MAXHOPS define.
                        [RT #20771]

2818.   [cleanup]       rndc could return an incorrect error code
                        when a zone was not found. [RT #20767]

2817.   [cleanup]       Removed unnecessary isc_task_endexclusive() calls.
                        [RT #20768]

2816.   [bug]           previous_closest_nsec() could fail to return
                        data for NSEC3 nodes [RT #29730]

2815.   [bug]           Exclusively lock the task when freezing a zone.
                        [RT #19838]

2814.   [func]          Provide a definitive error message when a master
                        zone is not loaded. [RT #20757]

2813.   [bug]           Better handling of unreadable DNSSEC key files.
                        [RT #20710]

2812.   [bug]           Make sure updates can't result in a zone with
                        NSEC-only keys and NSEC3 records. [RT #20748]

2811.   [cleanup]       Add "rndc sign" to list of commands in rndc usage
                        output. [RT #20733]

2810.   [doc]           Clarified the process of transitioning an NSEC3 zone
                        to insecure. [RT #20746]

2809.   [cleanup]       Restored accidentally-deleted text in usage output
                        in dnssec-settime and dnssec-revoke [RT #20739]

2808.   [bug]           Remove the attempt to install atomic.h from lib/isc.
                        atomic.h is correctly installed by the architecture
                        specific subdirectories.  [RT #20722]

2807.   [bug]           Fixed a possible ASSERT when reconfiguring zone
                        keys. [RT #20720]
        --- 9.7.0rc1 released ---

2806.   [bug]           "rdnc sign" could delay re-signing the DNSKEY
                        when it had changed. [RT #20703]

2805.   [bug]           Fixed namespace problems encountered when building
                        external programs using non-exported BIND9 libraries
                        (i.e., built without --enable-exportlib). [RT #20679]

2804.   [bug]           Send notifies when a zone is signed with "rndc sign"
                        or as a result of a scheduled key change. [RT #20700]

2803.   [port]          win32: Install named-journalprint, nsec3hash, arpaname
                        and genrandom under windows. [RT #20670]

2802.   [cleanup]       Rename journalprint to named-journalprint. [RT #20670]

2801.   [func]          Detect and report records that are different according
                        to DNSSEC but are semantically equal according to plain
                        DNS.  Apply plain DNS comparisons rather than DNSSEC
                        comparisons when processing UPDATE requests.
                        dnssec-signzone now removes such semantically duplicate
                        records prior to signing the RRset.

                        named-checkzone -r {ignore|warn|fail} (default warn)
                        named-compilezone -r {ignore|warn|fail} (default warn)

                        named.conf: check-dup-records {ignore|warn|fail};

2800.   [func]          Reject zones which have NS records which refer to
                        CNAMEs, DNAMEs or don't have address record (class IN
                        only).  Reject UPDATEs which would cause the zone
                        to fail the above checks if committed. [RT #20678]

2799.   [cleanup]       Changed the "secure-to-insecure" option to
                        "dnssec-secure-to-insecure", and "dnskey-ksk-only"
                        to "dnssec-dnskey-kskonly", for clarity. [RT #20586]

2798.   [bug]           Addressed bugs in managed-keys initialization
                        and rollover. [RT #20683]

2797.   [bug]           Don't decrement the dispatch manager's maxbuffers.
                        [RT #20613]

2796.   [bug]           Missing dns_rdataset_disassociate() call in
                        dns_nsec3_delnsec3sx(). [RT #20681]

2795.   [cleanup]       Add text to differentiate "update with no effect"
                        log messages. [RT #18889]

2794.   [bug]           Install <isc/namespace.h>.  [RT #20677]

2793.   [func]          Add "autosign" and "metadata" tests to the
                        automatic tests. [RT #19946]

2792.   [func]          "filter-aaaa-on-v4" can now be set in view
                        options (if compiled in).  [RT #20635]

2791.   [bug]           The installation of isc-config.sh was broken.
                        [RT #20667]

2790.   [bug]           Handle DS queries to stub zones. [RT #20440]

2789.   [bug]           Fixed an INSIST in dispatch.c [RT #20576]

2788.   [bug]           dnssec-signzone could sign with keys that were
                        not requested [RT #20625]

2787.   [bug]           Spurious log message when zone keys were
                        dynamically reconfigured. [RT #20659]

2786.   [bug]           Additional could be promoted to answer. [RT #20663]
        --- 9.7.0b3 released ---

2785.   [bug]           Revoked keys could fail to self-sign [RT #20652]

2784.   [bug]           TC was not always being set when required glue was
                        dropped. [RT #20655]

2783.   [func]          Return minimal responses to EDNS/UDP queries with a UDP
                        buffer size of 512 or less.  [RT #20654]

2782.   [port]          win32: use getaddrinfo() for hostname lookups.
                        [RT #20650]

2781.   [bug]           Inactive keys could be used for signing. [RT #20649]

2780.   [bug]           dnssec-keygen -A none didn't properly unset the
                        activation date in all cases. [RT #20648]

2779.   [bug]           Dynamic key revocation could fail. [RT #20644]

2778.   [bug]           dnssec-signzone could fail when a key was revoked
                        without deleting the unrevoked version. [RT #20638]

2777.   [contrib]       DLZ MYSQL auto reconnect support discovery was wrong.

2776.   [bug]           Change #2762 was not correct. [RT #20647]

2775.   [bug]           Accept RSASHA256 and RSASHA512 as NSEC3 compatible
                        in dnssec-keyfromlabel. [RT #20643]

2774.   [bug]           Existing cache DB wasn't being reused after
                        reconfiguration. [RT #20629]

2773.   [bug]           In autosigned zones, the SOA could be signed
                        with the KSK. [RT #20628]

2772.   [security]      When validating, track whether pending data was from
                        the additional section or not and only return it if
                        validates as secure. [RT #20438]

2771.   [bug]           dnssec-signzone: DNSKEY records could be
                        corrupted when importing from key files [RT #20624]

2770.   [cleanup]       Add log messages to resolver.c to indicate events
                        causing FORMERR responses. [RT #20526]

2769.   [cleanup]       Change #2742 was incomplete. [RT #19589]

2768.   [bug]           dnssec-signzone: -S no longer implies -g [RT #20568]

2767.   [bug]           named could crash on startup if a zone was
                        configured with auto-dnssec and there was no
                        key-directory. [RT #20615]

2766.   [bug]           isc_socket_fdwatchpoke() should only update the
                        socketmgr state if the socket is not pending on a
                        read or write.  [RT #20603]

2765.   [bug]           Skip masters for which the TSIG key cannot be found.
                        [RT #20595]

2764.   [bug]           "rndc-confgen -a" could trigger a REQUIRE. [RT #20610]

2763.   [bug]           "rndc sign" didn't create an NSEC chain. [RT #20591]

2762.   [bug]           DLV validation failed with a local slave DLV zone.
                        [RT #20577]

2761.   [cleanup]       Enable internal symbol table for backtrace only for
                        systems that are known to work.  Currently, BSD
                        variants, Linux and Solaris are supported. [RT #20202]

2760.   [cleanup]       Corrected named-compilezone usage summary. [RT #20533]

2759.   [doc]           Add information about .jbk/.jnw files to
                        the ARM. [RT #20303]

2758.   [bug]           win32: Added a workaround for a windows 2008 bug
                        that could cause the UDP client handler to shut
                        down. [RT #19176]

2757.   [bug]           dig: assertion failure could occur in connect
                        timeout. [RT #20599]

2756.   [bug]           Fixed corrupt logfile message in update.c. [RT #20597]

2755.   [placeholder]

2754.   [bug]           Secure-to-insecure transitions failed when zone
                        was signed with NSEC3. [RT #20587]

2753.   [bug]           Removed an unnecessary warning that could appear when
                        building an NSEC chain. [RT #20589]

2752.   [bug]           Locking violation. [RT #20587]

2751.   [bug]           Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]

2750.   [bug]           dig: assertion failure could occur when a server
                        didn't have an address. [RT #20579]

2749.   [bug]           ixfr-from-differences generated a non-minimal ixfr
                        for NSEC3 signed zones. [RT #20452]

2748.   [func]          Identify bad answers from GTLD servers and treat them
                        as referrals. [RT #18884]

2747.   [bug]           Journal roll forwards failed to set the re-signing
                        time of RRSIGs correctly. [RT #20541]

2746.   [port]          hpux: address signed/unsigned expansion mismatch of
                        dns_rbtnode_t.nsec. [RT #20542]

2745.   [bug]           configure script didn't probe the return type of
                        gai_strerror(3) correctly. [RT #20573]

2744.   [func]          Log if a query was over TCP. [RT #19961]

2743.   [bug]           RRSIG could be incorrectly set in the NSEC3 record
                        for a insecure delegation.
        --- 9.7.0b2 released ---

2742.   [cleanup]       Clarify some DNSSEC-related log messages in
                        validator.c. [RT #19589]

2741.   [func]          Allow the dnssec-keygen progress messages to be
                        suppressed (dnssec-keygen -q).  Automatically
                        suppress the progress messages when stdin is not
                        a tty. [RT #20474]

2740.   [placeholder]

2739.   [cleanup]       Clean up API for initializing and clearing trust
                        anchors for a view. [RT #20211]

2738.   [func]          Add RSASHA256 and RSASHA512 tests to the dnssec system
                        test. [RT #20453]

2737.   [func]          UPDATE requests can leak existence information.
                        [RT #17261]

2736.   [func]          Improve the performance of NSEC signed zones with
                        more than a normal amount of glue below a delegation.
                        [RT #20191]

2735.   [bug]           dnssec-signzone could fail to read keys
                        that were specified on the command line with
                        full paths, but weren't in the current
                        directory. [RT #20421]

2734.   [port]          cygwin: arpaname did not compile. [RT #20473]

2733.   [cleanup]       Clean up coding style in pkcs11-* tools. [RT #20355]

2732.   [func]          Add optional filter-aaaa-on-v4 option, available
                        if built with './configure --enable-filter-aaaa'.
                        Filters out AAAA answers to clients connecting
                        via IPv4.  (This is NOT recommended for general
                        use.) [RT #20339]

2731.   [func]          Additional work on change 2709.  The key parser
                        will now ignore unrecognized fields when the
                        minor version number of the private key format
                        has been increased.  It will reject any key with
                        the major version number increased. [RT #20310]

2730.   [func]          Have dnssec-keygen display a progress indication
                        a la 'openssl genrsa' on standard error. Note
                        when the first '.' is followed by a long stop
                        one has the choice between slow generation vs.
                        poor random quality, i.e., '-r /dev/urandom'.
                        [RT #20284]

2729.   [func]          When constructing a CNAME from a DNAME use the DNAME
                        TTL. [RT #20451]

2728.   [bug]           dnssec-keygen, dnssec-keyfromlabel and
                        dnssec-signzone now warn immediately if asked to
                        write into a nonexistent directory. [RT #20278]

2727.   [func]          The 'key-directory' option can now specify a relative
                        path. [RT #20154]

2726.   [func]          Added support for SHA-2 DNSSEC algorithms,
                        RSASHA256 and RSASHA512. [RT #20023]

2725.   [doc]           Added information about the file "managed-keys.bind"
                        to the ARM. [RT #20235]

2724.   [bug]           Updates to a existing node in secure zone using NSEC
                        were failing. [RT #20448]

2723.   [bug]           isc_base32_totext(), isc_base32hex_totext(), and
                        isc_base64_totext(), didn't always mark regions of
                        memory as fully consumed after conversion.  [RT #20445]

2722.   [bug]           Ensure that the memory associated with the name of
                        a node in a rbt tree is not altered during the life
                        of the node. [RT #20431]

2721.   [port]          Have dst__entropy_status() prime the random number
                        generator. [RT #20369]

2720.   [bug]           RFC 5011 trust anchor updates could trigger an
                        assert if the DNSKEY record was unsigned. [RT #20406]

2719.   [func]          Skip trusted/managed keys for unsupported algorithms.
                        [RT #20392]

2718.   [bug]           The space calculations in opensslrsa_todns() were
                        incorrect. [RT #20394]

2717.   [bug]           named failed to update the NSEC/NSEC3 record when
                        the last private type record was removed as a result
                        of completing the signing the zone with a key.
                        [RT #20399]

2716.   [bug]           nslookup debug mode didn't return the ttl. [RT #20414]
        --- 9.7.0b1 released ---

2715.   [bug]           Require OpenSSL support to be explicitly disabled.
                        [RT #20288]

2714.   [port]          aix/powerpc: 'asm("ics");' needs non standard assembler
                        flags.

2713.   [bug]           powerpc: atomic operations missing asm("ics") /
                        __isync() calls.

2712.   [func]          New 'auto-dnssec' zone option allows zone signing
                        to be fully automated in zones configured for
                        dynamic DNS.  'auto-dnssec allow;' permits a zone
                        to be signed by creating keys for it in the
                        key-directory and using 'rndc sign <zone>'.
                        'auto-dnssec maintain;' allows that too, plus it
                        also keeps the zone's DNSSEC keys up to date
                        according to their timing metadata. [RT #19943]

2711.   [port]          win32: Add the bin/pkcs11 tools into the full
                        build. [RT #20372]

2710.   [func]          New 'dnssec-signzone -x' flag and 'dnskey-ksk-only'
                        zone option cause a zone to be signed with only KSKs
                        signing the DNSKEY RRset, not ZSKs.  This reduces
                        the size of a DNSKEY answer.  [RT #20340]

2709.   [func]          Added some data fields, currently unused, to the
                        private key file format, to allow implementation
                        of explicit key rollover in a future release
                        without impairing backward or forward compatibility.
                        [RT #20310]

2708.   [func]          Insecure to secure and NSEC3 parameter changes via
                        update are now fully supported and no longer require
                        defines to enable.  We now no longer overload the
                        NSEC3PARAM flag field, nor the NSEC OPT bit at the
                        apex.  Secure to insecure changes are controlled by
                        by the named.conf option 'secure-to-insecure'.

                        Warning: If you had previously enabled support by
                        adding defines at compile time to BIND 9.6 you should
                        ensure that all changes that are in progress have
                        completed prior to upgrading to BIND 9.7.  BIND 9.7
                        is not backwards compatible.

2707.   [func]          dnssec-keyfromlabel no longer require engine name
                        to be specified in the label if there is a default
                        engine or the -E option has been used.  Also, it
                        now uses default algorithms as dnssec-keygen does
                        (i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
                        [RT #20371]

2706.   [bug]           Loading a zone with a very large NSEC3 salt could
                        trigger an assert. [RT #20368]

2705.   [placeholder]

2704.   [bug]           Serial of dynamic and stub zones could be inconsistent
                        with their SOA serial.  [RT #19387]

2703.   [func]          Introduce an OpenSSL "engine" argument with -E
                        for all binaries which can take benefit of
                        crypto hardware. [RT #20230]

2702.   [func]          Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]

2701.   [doc]           Correction to ARM: hmac-md5 is no longer the only
                        supported TSIG key algorithm. [RT #18046]

2700.   [doc]           The match-mapped-addresses option is discouraged.
                        [RT #12252]

2699.   [bug]           Missing lock in rbtdb.c. [RT #20037]

2698.   [placeholder]

2697.   [port]          win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
                        S_IFREG are defined after including <isc/stat.h>.
                        [RT #20309]

2696.   [bug]           named failed to successfully process some valid
                        acl constructs. [RT #20308]

2695.   [func]          DHCP/DDNS - update fdwatch code for use by
                        DHCP.  Modify the api to isc_sockfdwatch_t (the
                        callback function for isc_socket_fdwatchcreate)
                        to include information about the direction (read
                        or write) and add isc_socket_fdwatchpoke.
                        [RT #20253]

2694.   [bug]           Reduce default NSEC3 iterations from 100 to 10.
                        [RT #19970]

2693.   [port]          Add some noreturn attributes. [RT #20257]

2692.   [port]          win32: 32/64 bit cleanups. [RT #20335]

2691.   [func]          dnssec-signzone: retain the existing NSEC or NSEC3
                        chain when re-signing a previously-signed zone.
                        Use -u to modify NSEC3 parameters or switch
                        between NSEC and NSEC3. [RT #20304]

2690.   [bug]           win32: fix isc_thread_key_getspecific() prototype.
                        [RT #20315]

2689.   [bug]           Correctly handle snprintf result. [RT #20306]

2688.   [bug]           Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
                        to decide to fetch the destination address. [RT #20305]

2687.   [bug]           Fixed dnssec-signzone -S handling of revoked keys.
                        Also, added warnings when revoking a ZSK, as this is
                        not defined by protocol (but is legal).  [RT #19943]

2686.   [bug]           dnssec-signzone should clean the old NSEC chain when
                        signing with NSEC3 and vice versa. [RT #20301]

2685.   [contrib]       Update contrib/zkt to version 0.99c. [RT #20054]

2684.   [cleanup]       dig: formalize +ad and +cd as synonyms for
                        +adflag and +cdflag.  [RT #19305]

2683.   [bug]           dnssec-signzone should clean out old NSEC3 chains when
                        the NSEC3 parameters used to sign the zone change.
                        [RT #20246]

2682.   [bug]           "configure --enable-symtable=all" failed to
                        build. [RT #20282]

2681.   [bug]           IPSECKEY RR of gateway type 3 was not correctly
                        decoded. [RT #20269]

2680.   [func]          Move contrib/pkcs11-keygen to bin/pkcs11. [RT #20067]

2679.   [func]          dig -k can now accept TSIG keys in named.conf
                        format.  [RT #20031]

2678.   [func]          Treat DS queries as if "minimal-response yes;"
                        was set. [RT #20258]

2677.   [func]          Changes to key metadata behavior:
                        - Keys without "publish" or "active" dates set will
                          no longer be used for smart signing.  However,
                          those dates will be set to "now" by default when
                          a key is created; to generate a key but not use
                          it yet, use dnssec-keygen -G.
                        - New "inactive" date (dnssec-keygen/settime -I)
                          sets the time when a key is no longer used for
                          signing but is still published.
                        - The "unpublished" date (-U) is deprecated in
                          favor of "deleted" (-D).
                        [RT #20247]

2676.   [bug]           --with-export-installdir should have been
                        --with-export-includedir. [RT #20252]

2675.   [bug]           dnssec-signzone could crash if the key directory
                        did not exist. [RT #20232]
        --- 9.7.0a3 released ---

2674.   [bug]           "dnssec-lookaside auto;" crashed if named was built
                        without openssl. [RT #20231]

2673.   [bug]           The managed-keys.bind zone file could fail to
                        load due to a spurious result from sync_keyzone()
                        [RT #20045]

2672.   [bug]           Don't enable searching in 'host' when doing reverse
                        lookups. [RT #20218]

2671.   [bug]           Add support for PKCS#11 providers not returning
                        the public exponent in RSA private keys
                        (OpenCryptoki for instance) in
                        dnssec-keyfromlabel. [RT #19294]

2670.   [bug]           Unexpected connect failures failed to log enough
                        information to be useful. [RT #20205]

2669.   [func]          Update PKCS#11 support to support Keyper HSM.
                        Update PKCS#11 patch to be against openssl-0.9.8i.

2668.   [func]          Several improvements to dnssec-* tools, including:
                        - dnssec-keygen and dnssec-settime can now set key
                          metadata fields 0 (to unset a value, use "none")
                        - dnssec-revoke sets the revocation date in
                          addition to the revoke bit
                        - dnssec-settime can now print individual metadata
                          fields instead of always printing all of them,
                          and can print them in unix epoch time format for
                          use by scripts
                        [RT #19942]

2667.   [func]          Add support for logging stack backtrace on assertion
                        failure (not available for all platforms). [RT #19780]

2666.   [func]          Added an 'options' argument to dns_name_fromstring()
                        (API change from 9.7.0a2). [RT #20196]

2665.   [func]          Clarify syntax for managed-keys {} statement, add
                        ARM documentation about RFC 5011 support. [RT #19874]

2664.   [bug]           create_keydata() and minimal_update() in zone.c
                        didn't properly check return values for some
                        functions.  [RT #19956]

2663.   [func]          win32:  allow named to run as a service using
                        "NT AUTHORITY\LocalService" as the account. [RT #19977]

2662.   [bug]           lwres_getipnodebyname() and lwres_getipnodebyaddr()
                        returned a misleading error code when lwresd was
                        down. [RT #20028]

2661.   [bug]           Check whether socket fd exceeds FD_SETSIZE when
                        creating lwres context. [RT #20029]

2660.   [func]          Add a new set of DNS libraries for non-BIND9
                        applications.  See README.libdns. [RT #19369]

2659.   [doc]           Clarify dnssec-keygen doc: key name must match zone
                        name for DNSSEC keys. [RT #19938]

2658.   [bug]           dnssec-settime and dnssec-revoke didn't process
                        key file paths correctly. [RT #20078]

2657.   [cleanup]       Lower "journal file <path> does not exist, creating it"
                        log level to debug 1. [RT #20058]

2656.   [func]          win32: add a "tools only" check box to the installer
                        which causes it to only install dig, host, nslookup,
                        nsupdate and relevant DLLs.  [RT #19998]

2655.   [doc]           Document that key-directory does not affect
                        bind.keys, rndc.key or session.key.  [RT #20155]

2654.   [bug]           Improve error reporting on duplicated names for
                        deny-answer-xxx. [RT #20164]

2653.   [bug]           Treat ENGINE_load_private_key() failures as key
                        not found rather than out of memory.  [RT #18033]

2652.   [func]          Provide more detail about what record is being
                        deleted. [RT #20061]

2651.   [bug]           Dates could print incorrectly in K*.key files on
                        64-bit systems. [RT #20076]

2650.   [bug]           Assertion failure in dnssec-signzone when trying
                        to read keyset-* files. [RT #20075]

2649.   [bug]           Set the domain for forward only zones. [RT #19944]

2648.   [port]          win32: isc_time_seconds() was broken. [RT #19900]

2647.   [bug]           Remove unnecessary SOA updates when a new KSK is
                        added. [RT #19913]

2646.   [bug]           Incorrect cleanup on error in socket.c. [RT #19987]

2645.   [port]          "gcc -m32" didn't work on amd64 and x86_64 platforms
                        which default to 64 bits. [RT #19927]
        --- 9.7.0a2 released ---

2644.   [bug]           Change #2628 caused a regression on some systems;
                        named was unable to write the PID file and would
                        fail on startup. [RT #20001]

2643.   [bug]           Stub zones interacted badly with NSEC3 support.
                        [RT #19777]

2642.   [bug]           nsupdate could dump core on solaris when reading
                        improperly formatted key files.  [RT #20015]

2641.   [bug]           Fixed an error in parsing update-policy syntax,
                        added a regression test to check it. [RT #20007]

2640.   [security]      A specially crafted update packet will cause named
                        to exit. [RT #20000]

2639.   [bug]           Silence compiler warnings in gssapi code. [RT #19954]

2638.   [bug]           Install arpaname. [RT #19957]

2637.   [func]          Rationalize dnssec-signzone's signwithkey() calling.
                        [RT #19959]

2636.   [func]          Simplify zone signing and key maintenance with the
                        dnssec-* tools.  Major changes:
                        - all dnssec-* tools now take a -K option to
                          specify a directory in which key files will be
                          stored
                        - DNSSEC can now store metadata indicating when
                          they are scheduled to be published, activated,
                          revoked or removed; these values can be set by
                          dnssec-keygen or overwritten by the new
                          dnssec-settime command
                        - dnssec-signzone -S (for "smart") option reads key
                          metadata and uses it to determine automatically
                          which keys to publish to the zone, use for
                          signing, revoke, or remove from the zone
                        [RT #19816]

2635.   [bug]           isc_inet_ntop() incorrectly handled 0.0/16 addresses.
                        [RT #19716]

2634.   [port]          win32: Add support for libxml2, enable
                        statschannel. [RT #19773]

2633.   [bug]           Handle 15 bit rand() functions. [RT #19783]

2632.   [func]          util/kit.sh: warn if documentation appears to be out of
                        date.  [RT #19922]

2631.   [bug]           Handle "//", "/./" and "/../" in mkdirpath().
                        [RT #19926 ]

2630.   [func]          Improved syntax for DDNS autoconfiguration:  use
                        "update-policy local;" to switch on local DDNS in a
                        zone. (The "ddns-autoconf" option has been removed.)
                        [RT #19875]

2629.   [port]          Check for seteuid()/setegid(), use setresuid()/
                        setresgid() if not present. [RT #19932]

2628.   [port]          linux: Allow /var/run/named/named.pid to be opened
                        at startup with reduced capabilities in operation.
                        [RT #19884]

2627.   [bug]           Named aborted if the same key was included in
                        trusted-keys more than once. [RT #19918]

2626.   [bug]           Multiple trusted-keys could trigger an assertion
                        failure. [RT #19914]

2625.   [bug]           Missing UNLOCK in rbtdb.c. [RT #19865]

2624.   [func]          'named-checkconf -p' will print out the parsed
                        configuration. [RT #18871]

2623.   [bug]           Named started searches for DS non-optimally. [RT #19915]

2622.   [bug]           Printing of named.conf grammar was broken. [RT #19919]

2621.   [doc]           Made copyright boilerplate consistent.  [RT #19833]

2620.   [bug]           Delay thawing the zone until the reload of it has
                        completed successfully.  [RT #19750]

2619.   [func]          Add support for RFC 5011, automatic trust anchor
                        maintenance.  The new "managed-keys" statement can
                        be used in place of "trusted-keys" for zones which
                        support this protocol.  (Note: this syntax is
                        expected to change prior to 9.7.0 final.) [RT #19248]

2618.   [bug]           The sdb and sdlz db_interator_seek() methods could
                        loop infinitely. [RT #19847]

2617.   [bug]           ifconfig.sh failed to emit an error message when
                        run from the wrong location. [RT #19375]

2616.   [bug]           'host' used the nameservers from resolv.conf even
                        when a explicit nameserver was specified. [RT #19852]

2615.   [bug]           "__attribute__((unused))" was in the wrong place
                        for ia64 gcc builds. [RT #19854]

2614.   [port]          win32: 'named -v' should automatically be executed
                        in the foreground. [RT #19844]

2613.   [placeholder]
        --- 9.7.0a1 released ---

2612.   [func]          Add default values for the arguments to
                        dnssec-keygen.  Without arguments, it will now
                        generate a 1024-bit RSASHA1 zone-signing key,
                        or with the -f KSK option, a 2048-bit RSASHA1
                        key-signing key. [RT #19300]

2611.   [func]          Add -l option to dnssec-dsfromkey to generate
                        DLV records instead of DS records. [RT #19300]

2610.   [port]          sunos: Change #2363 was not complete. [RT #19796]

2609.   [func]          Simplify the configuration of dynamic zones:
                        - add ddns-confgen command to generate
                          configuration text for named.conf
                        - add zone option "ddns-autoconf yes;", which
                          causes named to generate a TSIG session key
                          and allow updates to the zone using that key
                        - add '-l' (localhost) option to nsupdate, which
                          causes nsupdate to connect to a locally-running
                          named process using the session key generated
                          by named
                        [RT #19284]

2608.   [func]          Perform post signing verification checks in
                        dnssec-signzone.  These can be disabled with -P.

                        The post sign verification test ensures that for each
                        algorithm in use there is at least one non revoked
                        self signed KSK key.  That all revoked KSK keys are
                        self signed.  That all records in the zone are signed
                        by the algorithm.  [RT #19653]

2607.   [bug]           named could incorrectly delete NSEC3 records for
                        empty nodes when processing a update request.
                        [RT #19749]

2606.   [bug]           "delegation-only" was not being accepted in
                        delegation-only type zones. [RT #19717]

2605.   [bug]           Accept DS responses from delegation only zones.
                        [RT # 19296]

2604.   [func]          Add support for DNS rebinding attack prevention through
                        new options, deny-answer-addresses and
                        deny-answer-aliases.  Based on contributed code from
                        JD Nurmi, Google. [RT #18192]

2603.   [port]          win32: handle .exe extension of named-checkzone and
                        named-comilezone argv[0] names under windows.
                        [RT #19767]

2602.   [port]          win32: fix debugging command line build of libisccfg.
                        [RT #19767]

2601.   [doc]           Mention file creation mode mask in the
                        named manual page.

2600.   [doc]           ARM: miscellaneous reformatting for different
                        page widths. [RT #19574]

2599.   [bug]           Address rapid memory growth when validation fails.
                        [RT #19654]

2598.   [func]          Reserve the -F flag. [RT #19657]

2597.   [bug]           Handle a validation failure with a insecure delegation
                        from a NSEC3 signed master/slave zone.  [RT #19464]

2596.   [bug]           Stale tree nodes of cache/dynamic rbtdb could stay
                        long, leading to inefficient memory usage or rejecting
                        newer cache entries in the worst case. [RT #19563]

2595.   [bug]           Fix unknown extended rcodes in dig. [RT #19625]

2594.   [func]          Have rndc warn if using its default configuration
                        file when the key file also exists. [RT #19424]

2593.   [bug]           Improve a corner source of SERVFAILs [RT #19632]

2592.   [bug]           Treat "any" as a type in nsupdate. [RT #19455]

2591.   [bug]           named could die when processing a update in
                        removed_orphaned_ds(). [RT #19507]

2590.   [func]          Report zone/class of "update with no effect".
                        [RT #19542]

2589.   [bug]           dns_db_unregister() failed to clear '*dbimp'.
                        [RT #19626]

2588.   [bug]           SO_REUSEADDR could be set unconditionally after failure
                        of bind(2) call.  This should be rare and mostly
                        harmless, but may cause interference with other
                        processes that happen to use the same port. [RT #19642]

2587.   [func]          Improve logging by reporting serial numbers for
                        when zone serial has gone backwards or unchanged.
                        [RT #19506]

2586.   [bug]           Missing cleanup of SIG rdataset in searching a DLZ DB
                        or SDB. [RT #19577]

2585.   [bug]           Uninitialized socket name could be referenced via a
                        statistics channel, triggering an assertion failure in
                        XML rendering. [RT #19427]

2584.   [bug]           alpha: gcc optimization could break atomic operations.
                        [RT #19227]

2583.   [port]          netbsd: provide a control to not add the compile
                        date to the version string, -DNO_VERSION_DATE.

2582.   [bug]           Don't emit warning log message when we attempt to
                        remove non-existent journal. [RT #19516]

2581.   [contrib]       dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
                        Requires MySQL 5.0.19 or later. [RT #19084]

2580.   [bug]           UpdateRej statistics counter could be incremented twice
                        for one rejection. [RT #19476]

2579.   [bug]           DNSSEC lookaside validation failed to handle unknown
                        algorithms. [RT #19479]

2578.   [bug]           Changed default sig-signing-type to 65534, because
                        65535 turns out to be reserved.  [RT #19477]

2577.   [doc]           Clarified some statistics counters. [RT #19454]

2576.   [bug]           NSEC record were not being correctly signed when
                        a zone transitions from insecure to secure.
                        Handle such incorrectly signed zones. [RT #19114]

2575.   [func]          New functions dns_name_fromstring() and
                        dns_name_tostring(), to simplify conversion
                        of a string to a dns_name structure and vice
                        versa. [RT #19451]

2574.   [doc]           Document nsupdate -g and -o. [RT #19351]

2573.   [bug]           Replacing a non-CNAME record with a CNAME record in a
                        single transaction in a signed zone failed. [RT #19397]

2572.   [func]          Simplify DLV configuration, with a new option
                        "dnssec-lookaside auto;"  This is the equivalent
                        of "dnssec-lookaside . trust-anchor dlv.isc.org;"
                        plus setting a trusted-key for dlv.isc.org.

                        Note: The trusted key is hard-coded into named,
                        but is also stored in (and can be overridden
                        by) $sysconfdir/bind.keys.  As the ISC DLV key
                        rolls over it can be kept up to date by replacing
                        the bind.keys file with a key downloaded from
                        https://www.isc.org/solutions/dlv. [RT #18685]

2571.   [func]          Add a new tool "arpaname" which translates IP addresses
                        to the corresponding IN-ADDR.ARPA or IP6.ARPA name.
                        [RT #18976]

2570.   [func]          Log the destination address the query was sent to.
                        [RT #19209]

2569.   [func]          Move journalprint, nsec3hash, and genrandom
                        commands from bin/tests into bin/tools;
                        "make install" will put them in $sbindir. [RT #19301]

2568.   [bug]           Report when the write to indicate a otherwise
                        successful start fails. [RT #19360]

2567.   [bug]           dst__privstruct_writefile() could miss write errors.
                        write_public_key() could miss write errors.
                        dnssec-dsfromkey could miss write errors.
                        [RT #19360]

2566.   [cleanup]       Clarify logged message when an insecure DNSSEC
                        response arrives from a zone thought to be secure:
                        "insecurity proof failed" instead of "not
                        insecure". [RT #19400]

2565.   [func]          Add support for HIP record.  Includes new functions
                        dns_rdata_hip_first(), dns_rdata_hip_next()
                        and dns_rdata_hip_current().  [RT #19384]

2564.   [bug]           Only take EDNS fallback steps when processing timeouts.
                        [RT #19405]

2563.   [bug]           Dig could leak a socket causing it to wait forever
                        to exit. [RT #19359]

2562.   [doc]           ARM: miscellaneous improvements, reorganization,
                        and some new content.

2561.   [doc]           Add isc-config.sh(1) man page. [RT #16378]

2560.   [bug]           Add #include <config.h> to iptable.c. [RT #18258]

2559.   [bug]           dnssec-dsfromkey could compute bad DS records when
                        reading from a K* files.  [RT #19357]

2558.   [func]          Set the ownership of missing directories created
                        for pid-file if -u has been specified on the command
                        line. [RT #19328]

2557.   [cleanup]       PCI compliance:
                        * new libisc log module file
                        * isc_dir_chroot() now also changes the working
                          directory to "/".
                        * additional INSISTs
                        * additional logging when files can't be removed.

2556.   [port]          Solaris: mkdir(2) on tmpfs filesystems does not do the
                        error checks in the correct order resulting in the
                        wrong error code sometimes being returned. [RT #19249]

2555.   [func]          dig: when emitting a hex dump also display the
                        corresponding characters. [RT #19258]

2554.   [bug]           Validation of uppercase queries from NSEC3 zones could
                        fail. [RT #19297]

2553.   [bug]           Reference leak on DNSSEC validation errors. [RT #19291]

2552.   [bug]           zero-no-soa-ttl-cache was not being honored.
                        [RT #19340]

2551.   [bug]           Potential Reference leak on return. [RT #19341]

2550.   [bug]           Check --with-openssl=<path> finds <openssl/opensslv.h>.
                        [RT #19343]

2549.   [port]          linux: define NR_OPEN if not currently defined.
                        [RT #19344]

2548.   [bug]           Install iterated_hash.h. [RT #19335]

2547.   [bug]           openssl_link.c:mem_realloc() could reference an
                        out-of-range area of the source buffer.  New public
                        function isc_mem_reallocate() was introduced to address
                        this bug. [RT #19313]

2546.   [func]          Add --enable-openssl-hash configure flag to use
                        OpenSSL (in place of internal routine) for hash
                        functions (MD5, SHA[12] and HMAC). [RT #18815]

2545.   [doc]           ARM: Legal hostname checking (check-names) is
                        for SRV RDATA too. [RT #19304]

2544.   [cleanup]       Removed unused structure members in adb.c. [RT #19225]

2543.   [contrib]       Update contrib/zkt to version 0.98. [RT #19113]

2542.   [doc]           Update the description of dig +adflag. [RT #19290]

2541.   [bug]           Conditionally update dispatch manager statistics.
                        [RT #19247]

2540.   [func]          Add a nibble mode to $GENERATE. [RT #18872]

2539.   [security]      Update the interaction between recursion, allow-query,
                        allow-query-cache and allow-recursion.  [RT #19198]

2538.   [bug]           cache/ADB memory could grow over max-cache-size,
                        especially with threads and smaller max-cache-size
                        values. [RT #19240]

2537.   [func]          Added more statistics counters including those on socket
                        I/O events and query RTT histograms. [RT #18802]

2536.   [cleanup]       Silence some warnings when -Werror=format-security is
                        specified. [RT #19083]

2535.   [bug]           dig +showsearch and +trace interacted badly. [RT #19091]

2534.   [func]          Check NAPTR records regular expressions and
                        replacement strings to ensure they are syntactically
                        valid and consistent. [RT #18168]

2533.   [doc]           ARM: document @ (at-sign). [RT #17144]

2532.   [bug]           dig: check the question section of the response to
                        see if it matches the asked question. [RT #18495]

2531.   [bug]           Change #2207 was incomplete. [RT #19098]

2530.   [bug]           named failed to reject insecure to secure transitions
                        via UPDATE. [RT #19101]

2529.   [cleanup]       Upgrade libtool to silence complaints from recent
                        version of autoconf. [RT #18657]

2528.   [cleanup]       Silence spurious configure warning about
                        --datarootdir [RT #19096]

2527.   [placeholder]

2526.   [func]          New named option "attach-cache" that allows multiple
                        views to share a single cache to save memory and
                        improve lookup efficiency.  Based on contributed code
                        from Barclay Osborn, Google. [RT #18905]

2525.   [func]          New logging category "query-errors" to provide detailed
                        internal information about query failures, especially
                        about server failures. [RT #19027]

2524.   [port]          sunos: dnssec-signzone needs strtoul(). [RT #19129]

2523.   [bug]           Random type rdata freed by dns_nsec_typepresent().
                        [RT #19112]

2522.   [security]      Handle -1 from DSA_do_verify() and EVP_VerifyFinal().

2521.   [bug]           Improve epoll cross compilation support. [RT #19047]

2520.   [bug]           Update xml statistics version number to 2.0 as change
                        #2388 made the schema incompatible to the previous
                        version. [RT #19080]

2519.   [bug]           dig/host with -4 or -6 didn't work if more than two
                        nameserver addresses of the excluded address family
                        preceded in resolv.conf. [RT #19081]

2518.   [func]          Add support for the new CERT types from RFC 4398.
                        [RT #19077]

2517.   [bug]           dig +trace with -4 or -6 failed when it chose a
                        nameserver address of the excluded address type.
                        [RT #18843]

2516.   [bug]           glue sort for responses was performed even when not
                        needed. [RT #19039]

2515.   [port]          win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
                        [RT #19063]

2514.   [bug]           dig/host failed with -4 or -6 when resolv.conf contains
                        a nameserver of the excluded address family.
                        [RT #18848]

2513.   [bug]           Fix windows cli build. [RT #19062]

2512.   [func]          Print a summary of the cached records which make up
                        the negative response.  [RT #18885]

2511.   [cleanup]       dns_rdata_tofmttext() add const to linebreak.
                        [RT #18885]

2510.   [bug]           "dig +sigchase" could trigger REQUIRE failures.
                        [RT #19033]

2509.   [bug]           Specifying a fixed query source port was broken.
                        [RT #19051]

2508.   [placeholder]

2507.   [func]          Log the recursion quota values when killing the
                        oldest query or refusing to recurse due to quota.
                        [RT #19022]

2506.   [port]          solaris: Check at configure time if
                        hack_shutup_pthreadonceinit is needed. [RT #19037]

2505.   [port]          Treat amd64 similarly to x86_64 when determining
                        atomic operation support. [RT #19031]

2504.   [bug]           Address race condition in the socket code. [RT #18899]

2503.   [port]          linux: improve compatibility with Linux Standard
                        Base. [RT #18793]

2502.   [cleanup]       isc_radix: Improve compliance with coding style,
                        document function in <isc/radix.h>. [RT #18534]

2501.   [func]          $GENERATE now supports all rdata types.  Multi-field
                        rdata types need to be quoted.  See the ARM for
                        details. [RT #18368]

2500.   [contrib]       contrib/sdb/pgsql/zonetodb.c called non-existent
                        function. [RT #18582]

2499.   [port]          solaris: lib/lwres/getaddrinfo.c namespace clash.
                        [RT #18837]
        --- 9.6.0rc1 released ---

2498.   [bug]           Removed a bogus function argument used with
                        ISC_SOCKET_USE_POLLWATCH: it could cause compiler
                        warning or crash named with the debug 1 level
                        of logging. [RT #18917]

2497.   [bug]           Don't add RRSIG bit to NSEC3 bit map for insecure
                        delegation.

2496.   [bug]           Add sanity length checks to NSID option. [RT #18813]

2495.   [bug]           Tighten RRSIG checks. [RT #18795]

2494.   [bug]           isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
                        installed. [RT #18826]

2493.   [bug]           The linux capabilities code was not correctly cleaning
                        up after itself. [RT #18767]

2492.   [func]          Rndc status now reports the number of cpus discovered
                        and the number of worker threads when running
                        multi-threaded. [RT #18273]

2491.   [func]          Attempt to re-use a local port if we are already using
                        the port. [RT #18548]

2490.   [port]          aix: work around a kernel bug where IPV6_RECVPKTINFO
                        is cleared when IPV6_V6ONLY is set. [RT #18785]

2489.   [port]          solaris: Workaround Solaris's kernel bug about
                        /dev/poll:
                        http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
                        Define ISC_SOCKET_USE_POLLWATCH at build time to enable
                        this workaround. [RT #18870]

2488.   [func]          Added a tool, dnssec-dsfromkey, to generate DS records
                        from keyset and .key files. [RT #18694]

2487.   [bug]           Give TCP connections longer to complete. [RT #18675]

2486.   [func]          The default locations for named.pid and lwresd.pid
                        are now /var/run/named/named.pid and
                        /var/run/lwresd/lwresd.pid respectively.

                        This allows the owner of the containing directory
                        to be set, for "named -u" support, and allows there
                        to be a permanent symbolic link in the path, for
                        "named -t" support.  [RT #18306]

2485.   [bug]           Change update's the handling of obscured RRSIG
                        records.  Not all orphaned DS records were being
                        removed. [RT #18828]

2484.   [bug]           It was possible to trigger a REQUIRE failure when
                        adding NSEC3 proofs to the response in
                        query_addwildcardproof().  [RT #18828]

2483.   [port]          win32: chroot() is not supported. [RT #18805]

2482.   [port]          libxml2: support versions 2.7.* in addition
                        to 2.6.*. [RT #18806]
        --- 9.6.0b1 released ---

2481.   [bug]           rbtdb.c:matchparams() failed to handle NSEC3 chain
                        collisions.  [RT #18812]

2480.   [bug]           named could fail to emit all the required NSEC3
                        records.  [RT #18812]

2479.   [bug]           xfrout:covers was not properly initialized. [RT #18801]

2478.   [bug]           'addresses' could be used uninitialized in
                        configure_forward(). [RT #18800]

2477.   [bug]           dig: the global option to print the command line is
                        +cmd not print_cmd.  Update the output to reflect
                        this. [RT #17008]

2476.   [doc]           ARM: improve documentation for max-journal-size and
                        ixfr-from-differences. [RT #15909] [RT #18541]

2475.   [bug]           LRU cache cleanup under overmem condition could purge
                        particular entries more aggressively. [RT #17628]

2474.   [bug]           ACL structures could be allocated with insufficient
                        space, causing an array overrun. [RT #18765]

2473.   [port]          linux: raise the limit on open files to the possible
                        maximum value before spawning threads; 'files'
                        specified in named.conf doesn't seem to work with
                        threads as expected. [RT #18784]

2472.   [port]          linux: check the number of available cpu's before
                        calling chroot as it depends on "/proc". [RT #16923]

2471.   [bug]           named-checkzone was not reporting missing mandatory
                        glue when sibling checks were disabled. [RT #18768]

2470.   [bug]           Elements of the isc_radix_node_t could be incorrectly
                        overwritten.  [RT #18719]

2469.   [port]          solaris: Work around Solaris's select() limitations.
                        [RT #18769]

2468.   [bug]           Resolver could try unreachable servers multiple times.
                        [RT #18739]

2467.   [bug]           Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]

2466.   [doc]           ARM: explain max-cache-ttl 0 SERVFAIL issue.
                        [RT #18302]

2465.   [bug]           Adb's handling of lame addresses was different
                        for IPv4 and IPv6. [RT #18738]

2464.   [port]          linux: check that a capability is present before
                        trying to set it. [RT #18135]

2463.   [port]          linux: POSIX doesn't include the IPv6 Advanced Socket
                        API and glibc hides parts of the IPv6 Advanced Socket
                        API as a result.  This is stupid as it breaks how the
                        two halves (Basic and Advanced) of the IPv6 Socket API
                        were designed to be used but we have to live with it.
                        Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
                        API. [RT #18388]

2462.   [doc]           Document -m (enable memory usage debugging)
                        option for dig. [RT #18757]

2461.   [port]          sunos: Change #2363 was not complete. [RT #17513]
        --- 9.6.0a1 released ---

2460.   [bug]           Don't call dns_db_getnsec3parameters() on the cache.
                        [RT #18697]

2459.   [contrib]       Import dnssec-zkt to contrib/zkt. [RT #18448]

2458.   [doc]           ARM: update and correction for max-cache-size.
                        [RT #18294]

2457.   [tuning]        max-cache-size is reverted to 0, the previous
                        default.  It should be safe because expired cache
                        entries are also purged. [RT #18684]

2456.   [bug]           In ACLs, ::/0 and 0.0.0.0/0 would both match any
                        address, regardless of family.  They now correctly
                        distinguish IPv4 from IPv6.  [RT #18559]

2455.   [bug]           Stop metadata being transferred via axfr/ixfr.
                        [RT #18639]

2454.   [func]          nsupdate: you can now set a default ttl. [RT #18317]

2453.   [bug]           Remove NULL pointer dereference in dns_journal_print().
                        [RT #18316]

2452.   [func]          Improve bin/test/journalprint. [RT #18316]

2451.   [port]          solaris: handle runtime linking better. [RT #18356]

2450.   [doc]           Fix lwresd docbook problem for manual page.
                        [RT #18672]

2449.   [placeholder]

2448.   [func]          Add NSEC3 support. [RT #15452]

2447.   [cleanup]       libbind has been split out as a separate product.

2446.   [func]          Add a new log message about build options on startup.
                        A new command-line option '-V' for named is also
                        provided to show this information. [RT #18645]

2445.   [doc]           ARM out-of-date on empty reverse zones (list includes
                        RFC1918 address, but these are not yet compiled in).
                        [RT #18578]

2444.   [port]          Linux, FreeBSD, AIX: Turn off path mtu discovery
                        (clear DF) for UDP responses and requests.

2443.   [bug]           win32: UDP connect() would not generate an event,
                        and so connected UDP sockets would never clean up.
                        Fix this by doing an immediate WSAConnect() rather
                        than an io completion port type for UDP.

2442.   [bug]           A lock could be destroyed twice. [RT #18626]

2441.   [bug]           isc_radix_insert() could copy radix tree nodes
                        incompletely. [RT #18573]

2440.   [bug]           named-checkconf used an incorrect test to determine
                        if an ACL was set to none.

2439.   [bug]           Potential NULL dereference in dns_acl_isanyornone().
                        [RT #18559]

2438.   [bug]           Timeouts could be logged incorrectly under win32.

2437.   [bug]           Sockets could be closed too early, leading to
                        inconsistent states in the socket module. [RT #18298]

2436.   [security]      win32: UDP client handler can be shutdown. [RT #18576]

2435.   [bug]           Fixed an ACL memory leak affecting win32.

2434.   [bug]           Fixed a minor error-reporting bug in
                        lib/isc/win32/socket.c.

2433.   [tuning]        Set initial timeout to 800ms.

2432.   [bug]           More Windows socket handling improvements.  Stop
                        using I/O events and use IO Completion Ports
                        throughout.  Rewrite the receive path logic to make
                        it easier to support multiple simultaneous
                        requesters in the future.  Add stricter consistency
                        checking as a compile-time option (define
                        ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).

2431.   [bug]           Acl processing could leak memory. [RT #18323]

2430.   [bug]           win32: isc_interval_set() could round down to
                        zero if the input was less than NS_INTERVAL
                        nanoseconds.  Round up instead. [RT #18549]

2429.   [doc]           nsupdate should be in section 1 of the man pages.
                        [RT #18283]

2428.   [bug]           dns_iptable_merge() mishandled merges of negative
                        tables. [RT #18409]

2427.   [func]          Treat DNSKEY queries as if "minimal-response yes;"
                        was set. [RT #18528]

2426.   [bug]           libbind: inet_net_pton() can sometimes return the
                        wrong value if excessively large net masks are
                        supplied. [RT #18512]

2425.   [bug]           named didn't detect unavailable query source addresses
                        at load time. [RT #18536]

2424.   [port]          configure now probes for a working epoll
                        implementation.  Allow the use of kqueue,
                        epoll and /dev/poll to be selected at compile
                        time. [RT #18277]

2423.   [security]      Randomize server selection on queries, so as to
                        make forgery a little more difficult.  Instead of
                        always preferring the server with the lowest RTT,
                        pick a server with RTT within the same 128
                        millisecond band.  [RT #18441]

2422.   [bug]           Handle the special return value of a empty node as
                        if it was a NXRRSET in the validator. [RT #18447]

2421.   [func]          Add new command line option '-S' for named to specify
                        the max number of sockets. [RT #18493]
                        Use caution: this option may not work for some
                        operating systems without rebuilding named.

2420.   [bug]           Windows socket handling cleanup.  Let the io
                        completion event send out canceled read/write
                        done events, which keeps us from writing to memory
                        we no longer have ownership of.  Add debugging
                        socket_log() function.  Rework TCP socket handling
                        to not leak sockets.

2419.   [cleanup]       Document that isc_socket_create() and isc_socket_open()
                        should not be used for isc_sockettype_fdwatch sockets.
                        [RT #18521]

2418.   [bug]           AXFR request on a DLZ could trigger a REQUIRE failure
                        [RT #18430]

2417.   [bug]           Connecting UDP sockets for outgoing queries could
                        unexpectedly fail with an 'address already in use'
                        error. [RT #18411]

2416.   [func]          Log file descriptors that cause exceeding the
                        internal maximum. [RT #18460]

2415.   [bug]           'rndc dumpdb' could trigger various assertion failures
                        in rbtdb.c. [RT #18455]

2414.   [bug]           A masterdump context held the database lock too long,
                        causing various troubles such as dead lock and
                        recursive lock acquisition. [RT #18311, #18456]

2413.   [bug]           Fixed an unreachable code path in socket.c. [RT #18442]

2412.   [bug]           win32: address a resource leak. [RT #18374]

2411.   [bug]           Allow using a larger number of sockets than FD_SETSIZE
                        for select().  To enable this, set ISC_SOCKET_MAXSOCKETS
                        at compilation time.  [RT #18433]

                        Note: with changes #2469 and #2421 above, there is no
                        need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
                        any more.

2410.   [bug]           Correctly delete m_versionInfo. [RT #18432]

2409.   [bug]           Only log that we disabled EDNS processing if we were
                        subsequently successful.  [RT #18029]

2408.   [bug]           A duplicate TCP dispatch event could be sent, which
                        could then trigger an assertion failure in
                        resquery_response().  [RT #18275]

2407.   [port]          hpux: test for sys/dyntune.h. [RT #18421]

2406.   [placeholder]

2405.   [cleanup]       The default value for dnssec-validation was changed to
                        "yes" in 9.5.0-P1 and all subsequent releases; this
                        was inadvertently omitted from CHANGES at the time.

2404.   [port]          hpux: files unlimited support.

2403.   [bug]           TSIG context leak. [RT #18341]

2402.   [port]          Support Solaris 2.11 and over. [RT #18362]

2401.   [bug]           Expect to get E[MN]FILE errno internal_accept()
                        (from accept() or fcntl() system calls). [RT #18358]

2400.   [bug]           Log if kqueue()/epoll_create()/open(/dev/poll) fails.
                        [RT #18297]

2399.   [placeholder]

2398.   [bug]           Improve file descriptor management.  New,
                        temporary, named.conf option reserved-sockets,
                        default 512. [RT #18344]

2397.   [bug]           gssapi_functions had too many elements. [RT #18355]

2396.   [bug]           Don't set SO_REUSEADDR for randomized ports.
                        [RT #18336]

2395.   [port]          Avoid warning and no effect from "files unlimited"
                        on Linux when running as root. [RT #18335]

2394.   [bug]           Default configuration options set the limit for
                        open files to 'unlimited' as described in the
                        documentation. [RT #18331]

2393.   [bug]           nested acls containing keys could trigger an
                        assertion in acl.c. [RT #18166]

2392.   [bug]           remove 'grep -q' from acl test script, some platforms
                        don't support it. [RT #18253]

2391.   [port]          hpux: cover additional recvmsg() error codes.
                        [RT #18301]

2390.   [bug]           dispatch.c could make a false warning on 'odd socket'.
                        [RT #18301].

2389.   [bug]           Move the "working directory writable" check to after
                        the ns_os_changeuser() call. [RT #18326]

2388.   [bug]           Avoid using tables for layout purposes in
                        statistics XSL [RT #18159].

2387.   [bug]           Silence compiler warnings in lib/isc/radix.c.
                        [RT #18147] [RT #18258]

2386.   [func]          Add warning about too small 'open files' limit.
                        [RT #18269]

2385.   [bug]           A condition variable in socket.c could leak in
                        rare error handling [RT #17968].

2384.   [security]      Fully randomize UDP query ports to improve
                        forgery resilience. [RT #17949, #18098]

2383.   [bug]           named could double queries when they resulted in
                        SERVFAIL due to overkilling EDNS0 failure detection.
                        [RT #18182]

2382.   [doc]           Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
                        to ARM.

2381.   [port]          dlz/mysql: support multiple install layouts for
                        mysql.  <prefix>/include/{,mysql/}mysql.h and
                        <prefix>/lib/{,mysql/}. [RT #18152]

2380.   [bug]           dns_view_find() was not returning NXDOMAIN/NXRRSET
                        proofs which, in turn, caused validation failures
                        for insecure zones immediately below a secure zone
                        the server was authoritative for. [RT #18112]

2379.   [contrib]       queryperf/gen-data-queryperf.py: removed redundant
                        TLDs and supported RRs with TTLs [RT #17972]

2378.   [bug]           gssapi_functions{} had a redundant member in BIND 9.5.
                        [RT #18169]

2377.   [bug]           Address race condition in dnssec-signzone. [RT #18142]

2376.   [bug]           Change #2144 was not complete.

2375.   [placeholder]

2374.   [bug]           "blackhole" ACLs could cause named to segfault due
                        to some uninitialized memory. [RT #18095]

2373.   [bug]           Default values of zone ACLs were re-parsed each time a
                        new zone was configured, causing an overconsumption
                        of memory. [RT #18092]

2372.   [bug]           Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]

2371.   [doc]           Add +nsid option to dig man page. [RT #18039]

2370.   [bug]           "rndc freeze" could trigger an assertion in named
                        when called on a nonexistent zone. [RT #18050]

2369.   [bug]           libbind: Array bounds overrun on read in bitncmp().
                        [RT #18054]

2368.   [port]          Linux: use libcap for capability management if
                        possible. [RT #18026]

2367.   [bug]           Improve counting of dns_resstatscounter_retry
                        [RT #18030]

2366.   [bug]           Adb shutdown race. [RT #18021]

2365.   [bug]           Fix a bug that caused dns_acl_isany() to return
                        spurious results. [RT #18000]

2364.   [bug]           named could trigger a assertion when serving a
                        malformed signed zone. [RT #17828]

2363.   [port]          sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
                        [RT #17513]

2362.   [cleanup]       Make "rrset-order fixed" a compile-time option.
                        settable by "./configure --enable-fixed-rrset".
                        Disabled by default. [RT #17977]

2361.   [bug]           "recursion" statistics counter could be counted
                        multiple times for a single query.  [RT #17990]

2360.   [bug]           Fix a condition where we release a database version
                        (which may acquire a lock) while holding the lock.

2359.   [bug]           Fix NSID bug. [RT #17942]

2358.   [doc]           Update host's default query description. [RT #17934]

2357.   [port]          Don't use OpenSSL's engine support in versions before
                        OpenSSL 0.9.7f. [RT #17922]

2356.   [bug]           Built in mutex profiler was not scalable enough.
                        [RT #17436]

2355.   [func]          Extend the number statistics counters available.
                        [RT #17590]

2354.   [bug]           Failed to initialize some rdatasetheader_t elements.
                        [RT #17927]

2353.   [func]          Add support for Name Server ID (RFC 5001).
                        'dig +nsid' requests NSID from server.
                        'request-nsid yes;' causes recursive server to send
                        NSID requests to upstream servers.  Server responds
                        to NSID requests with the string configured by
                        'server-id' option.  [RT #17091]

2352.   [bug]           Various GSS_API fixups. [RT #17729]

2351.   [bug]           convertxsl.pl generated very long lines. [RT #17906]

2350.   [port]          win32: IPv6 support. [RT #17797]

2349.   [func]          Provide incremental re-signing support for secure
                        dynamic zones. [RT #1091]

2348.   [func]          Use the EVP interface to OpenSSL. Add PKCS#11 support.
                        Documentation is in the new README.pkcs11 file.
                        New tool, dnssec-keyfromlabel, which takes the
                        label of a key pair in a HSM and constructs a DNS
                        key pair for use by named and dnssec-signzone.
                        [RT #16844]

2347.   [bug]           Delete now traverses the RB tree in the canonical
                        order. [RT #17451]

2346.   [func]          Memory statistics now cover all active memory contexts
                        in increased detail. [RT #17580]

2345.   [bug]           named-checkconf failed to detect when forwarders
                        were set at both the options/view level and in
                        a root zone. [RT #17671]

2344.   [bug]           Improve "logging{ file ...; };" documentation.
                        [RT #17888]

2343.   [bug]           (Seemingly) duplicate IPv6 entries could be
                        created in ADB. [RT #17837]

2342.   [func]          Use getifaddrs() if available under Linux. [RT #17224]

2341.   [bug]           libbind: add missing -I../include for off source
                        tree builds. [RT #17606]

2340.   [port]          openbsd: interface configuration. [RT #17700]

2339.   [port]          tru64: support for libbind. [RT #17589]

2338.   [bug]           check_ds() could be called with a non DS rdataset.
                        [RT #17598]

2337.   [bug]           BUILD_LDFLAGS was not being correctly set.  [RT #17614]

2336.   [func]          If "named -6" is specified then listen on all IPv6
                        interfaces if there are not listen-on-v6 clauses in
                        named.conf.  [RT #17581]

2335.   [port]          sunos:  libbind and *printf() support for long long.
                        [RT #17513]

2334.   [bug]           Bad REQUIRES in fromstruct_in_naptr(),  off by one
                        bug in fromstruct_txt(). [RT #17609]

2333.   [bug]           Fix off by one error in isc_time_nowplusinterval().
                        [RT #17608]

2332.   [contrib]       query-loc-0.4.0. [RT #17602]

2331.   [bug]           Failure to regenerate any signatures was not being
                        reported nor being past back to the UPDATE client.
                        [RT #17570]

2330.   [bug]           Remove potential race condition when handling
                        over memory events. [RT #17572]

                        WARNING: API CHANGE: over memory callback
                        function now needs to call isc_mem_waterack().
                        See <isc/mem.h> for details.

2329.   [bug]           Clearer help text for dig's '-x' and '-i' options.

2328.   [maint]         Add AAAA addresses for A.ROOT-SERVERS.NET,
                        F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
                        J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
                        M.ROOT-SERVERS.NET.

2327.   [bug]           It was possible to dereference a NULL pointer in
                        rbtdb.c.  Implement dead node processing in zones as
                        we do for caches. [RT #17312]

2326.   [bug]           It was possible to trigger a INSIST in the acache
                        processing.

2325.   [port]          Linux: use capset() function if available. [RT #17557]

2324.   [bug]           Fix IPv6 matching against "any;". [RT #17533]

2323.   [port]          tru64: namespace clash. [RT #17547]

2322.   [port]          MacOS: work around the limitation of setrlimit()
                        for RLIMIT_NOFILE. [RT #17526]

2321.   [placeholder]

2320.   [func]          Make statistics counters thread-safe for platforms
                        that support certain atomic operations. [RT #17466]

2319.   [bug]           Silence Coverity warnings in
                        lib/dns/rdata/in_1/apl_42.c. [RT #17469]

2318.   [port]          sunos fixes for libbind.  [RT #17514]

2317.   [bug]           "make distclean" removed bind9.xsl.h. [RT #17518]

2316.   [port]          Missing #include <isc/print.h> in lib/dns/gssapictx.c.
                        [RT #17513]

2315.   [bug]           Used incorrect address family for mapped IPv4
                        addresses in acl.c. [RT #17519]

2314.   [bug]           Uninitialized memory use on error path in
                        bin/named/lwdnoop.c.  [RT #17476]

2313.   [cleanup]       Silence Coverity warnings. Handle private stacks.
                        [RT #17447] [RT #17478]

2312.   [cleanup]       Silence Coverity warning in lib/isc/unix/socket.c.
                        [RT #17458]

2311.   [bug]           IPv6 addresses could match IPv4 ACL entries and
                        vice versa. [RT #17462]

2310.   [bug]           dig, host, nslookup: flush stdout before emitting
                        debug/fatal messages.  [RT #17501]

2309.   [cleanup]       Fix Coverity warnings in lib/dns/acl.c and iptable.c.
                        [RT #17455]

2308.   [cleanup]       Silence Coverity warning in bin/named/controlconf.c.
                        [RT #17495]

2307.   [bug]           Remove infinite loop from lib/dns/sdb.c. [RT #17496]

2306.   [bug]           Remove potential race from lib/dns/resolver.c.
                        [RT #17470]

2305.   [security]      inet_network() buffer overflow. CVE-2008-0122.

2304.   [bug]           Check returns from all dns_rdata_tostruct() calls.
                        [RT #17460]

2303.   [bug]           Remove unnecessary code from bin/named/lwdgnba.c.
                        [RT #17471]

2302.   [bug]           Fix memset() calls in lib/tests/t_api.c. [RT #17472]

2301.   [bug]           Remove resource leak and fix error messages in
                        bin/tests/system/lwresd/lwtest.c. [RT #17474]

2300.   [bug]           Fixed failure to close open file in
                        bin/tests/names/t_names.c. [RT #17473]

2299.   [bug]           Remove unnecessary NULL check in
                        bin/nsupdate/nsupdate.c. [RT #17475]

2298.   [bug]           isc_mutex_lock() failure not caught in
                        bin/tests/timers/t_timers.c. [RT #17468]

2297.   [bug]           isc_entropy_createfilesource() failure not caught in
                        bin/tests/dst/t_dst.c. [RT #17467]

2296.   [port]          Allow docbook stylesheet location to be specified to
                        configure. [RT #17457]

2295.   [bug]           Silence static overrun error in bin/named/lwaddr.c.
                        [RT #17459]

2294.   [func]          Allow the experimental statistics channels to have
                        multiple connections and ACL.
                        Note: the stats-server and stats-server-v6 options
                        available in the previous beta releases are replaced
                        with the generic statistics-channels statement.

2293.   [func]          Add ACL regression test. [RT #17375]

2292.   [bug]           Log if the working directory is not writable.
                        [RT #17312]

2291.   [bug]           PR_SET_DUMPABLE may be set too late.  Also report
                        failure to set PR_SET_DUMPABLE. [RT #17312]

2290.   [bug]           Let AD in the query signal that the client wants AD
                        set in the response. [RT #17301]

2289.   [func]          named-checkzone now reports the out-of-zone CNAME
                        found. [RT #17309]

2288.   [port]          win32: mark service as running when we have finished
                        loading.  [RT #17441]

2287.   [bug]           Use 'volatile' if the compiler supports it. [RT #17413]

2286.   [func]          Allow a TCP connection to be used as a weak
                        authentication method for reverse zones.
                        New update-policy methods tcp-self and 6to4-self.
                        [RT #17378]

2285.   [func]          Test framework for client memory context management.
                        [RT #17377]

2284.   [bug]           Memory leak in UPDATE prerequisite processing.
                        [RT #17377]

2283.   [bug]           TSIG keys were not attaching to the memory
                        context.  TSIG keys should use the rings
                        memory context rather than the clients memory
                        context. [RT #17377]

2282.   [bug]           Acl code fixups. [RT #17346] [RT #17374]

2281.   [bug]           Attempts to use undefined acls were not being logged.
                        [RT #17307]

2280.   [func]          Allow the experimental http server to be reached
                        over IPv6 as well as IPv4. [RT #17332]

2279.   [bug]           Use setsockopt(SO_NOSIGPIPE), when available,
                        to protect applications from receiving spurious
                        SIGPIPE signals when using the resolver.

2278.   [bug]           win32: handle the case where Windows returns no
                        search list or DNS suffix. [RT #17354]

2277.   [bug]           Empty zone names were not correctly being caught at
                        in the post parse checks. [RT #17357]

2276.   [bug]           Install <dst/gssapi.h>.  [RT #17359]

2275.   [func]          Add support to dig to perform IXFR queries over UDP.
                        [RT #17235]

2274.   [func]          Log zone transfer statistics. [RT #17336]

2273.   [bug]           Adjust log level to WARNING when saving inconsistent
                        stub/slave master and journal files. [RT #17279]

2272.   [bug]           Handle illegal dnssec-lookaside trust-anchor names.
                        [RT #17262]

2271.   [bug]           Fix a memory leak in http server code [RT #17100]

2270.   [bug]           dns_db_closeversion() version->writer could be reset
                        before it is tested. [RT #17290]

2269.   [contrib]       dbus memory leaks and missing va_end calls. [RT #17232]

2268.   [bug]           0.IN-ADDR.ARPA was missing from the empty zones
                        list.
        --- 9.5.0b1 released ---

2267.   [bug]           Radix tree node_num value could be set incorrectly,
                        causing positive ACL matches to look like negative
                        ones.  [RT #17311]

2266.   [bug]           client.c:get_clientmctx() returned the same mctx
                        once the pool of mctx's was filled. [RT #17218]

2265.   [bug]           Test that the memory context's basic_table is non NULL
                        before freeing.  [RT #17265]

2264.   [bug]           Server prefix length was being ignored. [RT #17308]

2263.   [bug]           "named-checkconf -z" failed to set default value
                        for "check-integrity".  [RT #17306]

2262.   [bug]           Error status from all but the last view could be
                        lost. [RT #17292]

2261.   [bug]           Fix memory leak with "any" and "none" ACLs [RT #17272]

2260.   [bug]           Reported wrong clients-per-query when increasing the
                        value. [RT #17236]

2259.   [placeholder]
        --- 9.5.0a7 released ---

2258.   [bug]           Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
                        [RT #17241]

2257.   [bug]           win32: Use the full path to vcredist_x86.exe when
                        calling it. [RT #17222]

2256.   [bug]           win32: Correctly register the installation location of
                        bindevt.dll. [RT #17159]

2255.   [maint]         L.ROOT-SERVERS.NET is now 199.7.83.42.

2254.   [bug]           timer.c:dispatch() failed to lock timer->lock
                        when reading timer->idle allowing it to see
                        intermediate values as timer->idle was reset by
                        isc_timer_touch(). [RT #17243]

2253.   [func]          "max-cache-size" defaults to 32M.
                        "max-acache-size" defaults to 16M.

2252.   [bug]           Fixed errors in sortlist code [RT #17216]

2251.   [placeholder]

2250.   [func]          New flag 'memstatistics' to state whether the
                        memory statistics file should be written or not.
                        Additionally named's -m option will cause the
                        statistics file to be written. [RT #17113]

2249.   [bug]           Only set Authentic Data bit if client requested
                        DNSSEC, per RFC 3655 [RT #17175]

2248.   [cleanup]       Fix several errors reported by Coverity. [RT #17160]

2247.   [doc]           Sort doc/misc/options. [RT #17067]

2246.   [bug]           Make the startup of test servers (ans.pl) more
                        robust. [RT #17147]

2245.   [bug]           Validating lack of DS records at trust anchors wasn't
                        working. [RT #17151]

2244.   [func]          Allow the check of nameserver names against the
                        SOA MNAME field to be disabled by specifying
                        'notify-to-soa yes;'.  [RT #17073]

2243.   [func]          Configuration files without a newline at the end now
                        parse without error. [RT #17120]

2242.   [bug]           nsupdate: GSS-TSIG support using the Heimdal Kerberos
                        library could require a source of random data.
                        [RT #17127]

2241.   [func]          nsupdate: add a interactive 'help' command. [RT #17099]

2240.   [bug]           Cleanup nsupdates GSS-TSIG support.  Convert
                        a number of INSIST()s into plain fatal() errors
                        which report the triggering result code.
                        The 'key' command wasn't disabling GSS-TSIG.
                        [RT #17099]

2239.   [func]          Ship a pre built bin/named/bind9.xsl.h. [RT #17114]

2238.   [bug]           It was possible to trigger a REQUIRE when a
                        validation was canceled. [RT #17106]

2237.   [bug]           libbind: res_init() was not thread aware. [RT #17123]

2236.   [bug]           dnssec-signzone failed to preserve the case of
                        of wildcard owner names. [RT #17085]

2235.   [bug]           <isc/atomic.h> was not being installed. [RT #17135]

2234.   [port]          Correct some compiler warnings on SCO OSr5 [RT #17134]

2233.   [func]          Add support for O(1) ACL processing, based on
                        radix tree code originally written by Kevin
                        Brintnall. [RT #16288]

2232.   [bug]           dns_adb_findaddrinfo() could fail and return
                        ISC_R_SUCCESS. [RT #17137]

2231.   [bug]           Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
                        [RT #17088]

2230.   [bug]           We could INSIST reading a corrupted journal.
                        [RT #17132]

2229.   [bug]           Null pointer dereference on query pool creation
                        failure. [RT #17133]

2228.   [contrib]       contrib: Change 2188 was incomplete.

2227.   [cleanup]       Tidied up the FAQ. [RT #17121]

2226.   [placeholder]

2225.   [bug]           More support for systems with no IPv4 addresses.
                        [RT #17111]

2224.   [bug]           Defer journal compaction if a xfrin is in progress.
                        [RT #17119]

2223.   [bug]           Make a new journal when compacting. [RT #17119]

2222.   [func]          named-checkconf now checks server key references.
                        [RT #17097]

2221.   [bug]           Set the event result code to reflect the actual
                        record turned to caller when a cache update is
                        rejected due to a more credible answer existing.
                        [RT #17017]

2220.   [bug]           win32: Address a race condition in final shutdown of
                        the Windows socket code. [RT #17028]

2219.   [bug]           Apply zone consistency checks to additions, not
                        removals, when updating. [RT #17049]

2218.   [bug]           Remove unnecessary REQUIRE from dns_validator_create().
                        [RT #16976]

2217.   [func]          Adjust update log levels. [RT #17092]

2216.   [cleanup]       Fix a number of errors reported by Coverity.
                        [RT #17094]

2215.   [bug]           Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]

2214.   [bug]           Deregister OpenSSL lock callback when cleaning
                        up.  Reorder OpenSSL cleanup so that RAND_cleanup()
                        is called before the locks are destroyed. [RT #17098]

2213.   [bug]           SIG0 diagnostic failure messages were looking at the
                        wrong status code. [RT #17101]

2212.   [func]          'host -m' now causes memory statistics and active
                        memory to be printed at exit. [RT 17028]

2211.   [func]          Update "dynamic update temporarily disabled" message.
                        [RT #17065]

2210.   [bug]           Deleting class specific records via UPDATE could
                        fail.  [RT #17074]

2209.   [port]          osx: linking against user supplied static OpenSSL
                        libraries failed as the system ones were still being
                        found. [RT #17078]

2208.   [port]          win32: make sure both build methods produce the
                        same output. [RT #17058]

2207.   [port]          Some implementations of getaddrinfo() fail to set
                        ai_canonname correctly. [RT #17061]
        --- 9.5.0a6 released ---

2206.   [security]      "allow-query-cache" and "allow-recursion" now
                        cross inherit from each other.

                        If allow-query-cache is not set in named.conf then
                        allow-recursion is used if set, otherwise allow-query
                        is used if set, otherwise the default (localnets;
                        localhost;) is used.

                        If allow-recursion is not set in named.conf then
                        allow-query-cache is used if set, otherwise allow-query
                        is used if set, otherwise the default (localnets;
                        localhost;) is used.

                        [RT #16987]

2205.   [bug]           libbind: change #2119 broke thread support. [RT #16982]

2204.   [bug]           "rndc flushname name unknown-view" caused named
                        to crash. [RT #16984]

2203.   [security]      Query id generation was cryptographically weak.
                        [RT # 16915]

2202.   [security]      The default acls for allow-query-cache and
                        allow-recursion were not being applied. [RT #16960]

2201.   [bug]           The build failed in a separate object directory.
                        [RT #16943]

2200.   [bug]           The search for cached NSEC records was stopping to
                        early leading to excessive DLV queries. [RT #16930]

2199.   [bug]           win32: don't call WSAStartup() while loading dlls.
                        [RT #16911]

2198.   [bug]           win32: RegCloseKey() could be called when
                        RegOpenKeyEx() failed. [RT #16911]

2197.   [bug]           Add INSIST to catch negative responses which are
                        not setting the event result code appropriately.
                        [RT #16909]

2196.   [port]          win32: yield processor while waiting for once to
                        to complete. [RT #16958]

2195.   [func]          dnssec-keygen now defaults to nametype "ZONE"
                        when generating DNSKEYs. [RT #16954]

2194.   [bug]           Close journal before calling 'done' in xfrin.c.
        --- 9.5.0a5 released ---

2193.   [port]          win32: BINDInstall.exe is now linked statically.
                        [RT #16906]

2192.   [port]          win32: use vcredist_x86.exe to install Visual
                        Studio's redistributable dlls if building with
                        Visual Stdio 2005 or later.

2191.   [func]          named-checkzone now allows dumping to stdout (-).
                        named-checkconf now has -h for help.
                        named-checkzone now has -h for help.
                        rndc now has -h for help.
                        Better handling of '-?' for usage summaries.
                        [RT #16707]

2190.   [func]          Make fallback to plain DNS from EDNS due to timeouts
                        more visible.  New logging category "edns-disabled".
                        [RT #16871]

2189.   [bug]           Handle socket() returning EINTR. [RT #15949]

2188.   [contrib]       queryperf: autoconf changes to make the search for
                        libresolv or libbind more robust. [RT #16299]

2187.   [bug]           query_addds(), query_addwildcardproof() and
                        query_addnxrrsetnsec() should take a version
                        argument. [RT #16368]

2186.   [port]          cygwin: libbind: check for struct sockaddr_storage
                        independently of IPv6. [RT #16482]

2185.   [port]          sunos: libbind: check for ssize_t, memmove() and
                        memchr(). [RT #16463]

2184.   [bug]           bind9.xsl.h didn't build out of the source tree.
                        [RT #16830]

2183.   [bug]           dnssec-signzone didn't handle offline private keys
                        well.  [RT #16832]

2182.   [bug]           dns_dispatch_createtcp() and dispatch_createudp()
                        could return ISC_R_SUCCESS when they ran out of
                        memory. [RT #16365]

2181.   [port]          sunos: libbind: add paths.h from BIND 8. [RT #16462]

2180.   [cleanup]       Remove bit test from 'compress_test' as they
                        are no longer needed. [RT #16497]

2179.   [func]          'rndc command zone' will now find 'zone' if it is
                        unique to all the views. [RT #16821]

2178.   [bug]           'rndc reload' of a slave or stub zone resulted in
                        a reference leak. [RT #16867]

2177.   [bug]           Array bounds overrun on read (rcodetext) at
                        debug level 10+. [RT #16798]

2176.   [contrib]       dbus update to handle race condition during
                        initialization (Bugzilla 235809). [RT #16842]

2175.   [bug]           win32: windows broadcast condition variable support
                        was broken. [RT #16592]

2174.   [bug]           I/O errors should always be fatal when reading
                        master files. [RT #16825]

2173.   [port]          win32: When compiling with MSVS 2005 SP1 we also
                        need to ship Microsoft.VC80.MFCLOC.
        --- 9.5.0a4 released ---

2172.   [bug]           query_addsoa() was being called with a non zone db.
                        [RT #16834]

2171.   [bug]           Handle breaks in DNSSEC trust chains where the parent
                        servers are not DS aware (DS queries to the parent
                        return a referral to the child).

2170.   [func]          Add acache processing to test suite. [RT #16711]

2169.   [bug]           host, nslookup: when reporting NXDOMAIN report the
                        given name and not the last name searched for.
                        [RT #16763]

2168.   [bug]           nsupdate: in non-interactive mode treat syntax errors
                        as fatal errors. [RT #16785]

2167.   [bug]           When re-using a automatic zone named failed to
                        attach it to the new view. [RT #16786]
        --- 9.5.0a3 released ---

2166.   [bug]           When running in batch mode, dig could misinterpret
                        a server address as a name to be looked up, causing
                        unexpected output. [RT #16743]

2165.   [func]          Allow the destination address of a query to determine
                        if we will answer the query or recurse.
                        allow-query-on, allow-recursion-on and
                        allow-query-cache-on. [RT #16291]

2164.   [bug]           The code to determine how named-checkzone /
                        named-compilezone was called failed under windows.
                        [RT #16764]

2163.   [bug]           If only one of query-source and query-source-v6
                        specified a port the query pools code broke (change
                        2129).  [RT #16768]

2162.   [func]          Allow "rrset-order fixed" to be disabled at compile
                        time. [RT #16665]

2161.   [bug]           Fix which log messages are emitted for 'rndc flush'.
                        [RT #16698]

2160.   [bug]           libisc wasn't handling NULL ifa_addr pointers returned
                        from getifaddrs(). [RT #16708]
        --- 9.5.0a2 released ---

2159.   [bug]           Array bounds overrun in acache processing. [RT #16710]

2158.   [bug]           ns_client_isself() failed to initialize key
                        leading to a REQUIRE failure. [RT #16688]

2157.   [func]          dns_db_transfernode() created. [RT #16685]

2156.   [bug]           Fix node reference leaks in lookup.c:lookup_find(),
                        resolver.c:validated() and resolver.c:cache_name().
                        Fix a memory leak in rbtdb.c:free_noqname().
                        Make lookup.c:lookup_find() robust against
                        event leaks. [RT #16685]

2155.   [contrib]       SQLite sdb module from [email protected].
                        [RT #16694]

2154.   [func]          Scoped (e.g. IPv6 link-local) addresses may now be
                        matched in acls by omitting the scope. [RT #16599]

2153.   [bug]           nsupdate could leak memory. [RT #16691]

2152.   [cleanup]       Use sizeof(buf) instead of fixed number in
                        dighost.c:get_trusted_key(). [RT #16678]

2151.   [bug]           Missing newline in usage message for journalprint.
                        [RT #16679]

2150.   [bug]           'rrset-order cyclic' uniformly distribute the
                        starting point for the first response for a given
                        RRset. [RT #16655]

2149.   [bug]           isc_mem_checkdestroyed() failed to abort on
                        if there were still active memory contexts.
                        [RT #16672]

2148.   [func]          Add positive logging for rndc commands. [RT #14623]

2147.   [bug]           libbind: remove potential buffer overflow from
                        hmac_link.c. [RT #16437]

2146.   [cleanup]       Silence Linux's spurious "obsolete setsockopt
                        SO_BSDCOMPAT" message. [RT #16641]

2145.   [bug]           Check DS/DLV digest lengths for known digests.
                        [RT #16622]

2144.   [cleanup]       Suppress logging of SERVFAIL from forwarders.
                        [RT #16619]

2143.   [bug]           We failed to restart the IPv6 client when the
                        kernel failed to return the destination the
                        packet was sent to. [RT #16613]

2142.   [bug]           Handle master files with a modification time that
                        matches the epoch. [RT #16612]

2141.   [bug]           dig/host should not be setting IDN_ASCCHECK (IDN
                        equivalent of LDH checks).  [RT #16609]

2140.   [bug]           libbind: missing unlock on pthread_key_create()
                        failures. [RT #16654]

2139.   [bug]           dns_view_find() was being called with wrong type
                        in adb.c. [RT #16670]

2138.   [bug]           Lock order reversal in resolver.c. [RT #16653]

2137.   [port]          Mips little endian and/or mips 64 bit are now
                        supported for atomic operations. [RT #16648]

2136.   [bug]           nslookup/host looped if there was no search list
                        and the host didn't exist. [RT #16657]

2135.   [bug]           Uninitialized rdataset in sdlz.c. [RT #16656]

2134.   [func]          Additional statistics support. [RT #16666]

2133.   [port]          powerpc:  Support both IBM and MacOS Power PC
                        assembler syntaxes. [RT #16647]

2132.   [bug]           Missing unlock on out of memory in
                        dns_dispatchmgr_setudp().

2131.   [contrib]       dlz/mysql: AXFR was broken. [RT #16630]

2130.   [func]          Log if CD or DO were set. [RT #16640]

2129.   [func]          Provide a pool of UDP sockets for queries to be
                        made over. See use-queryport-pool, queryport-pool-ports
                        and queryport-pool-updateinterval.  [RT #16415]

2128.   [doc]           xsltproc --nonet, update DTD versions.  [RT #16635]

2127.   [port]          Improved OpenSSL 0.9.8 support. [RT #16563]

2126.   [security]      Serialize validation of type ANY responses. [RT #16555]

2125.   [bug]           dns_zone_getzeronosoattl() REQUIRE failure if DLZ
                        was defined. [RT #16574]

2124.   [security]      It was possible to dereference a freed fetch
                        context. [RT #16584]
        --- 9.5.0a1 released ---

2123.   [func]          Use Doxygen to generate internal documentation.
                        [RT #11398]

2122.   [func]          Experimental http server and statistics support
                        for named via xml.

2121.   [func]          Add a 10 slot dead masters cache (LRU) with a 600
                        second timeout. [RT #16553]

2120.   [doc]           Fix markup on nsupdate man page. [RT #16556]

2119.   [compat]        libbind: allow res_init() to succeed enough to
                        return the default domain even if it was unable
                        to allocate memory.

2118.   [bug]           Handle response with long chains of domain name
                        compression pointers which point to other compression
                        pointers. [RT #16427]

2117.   [bug]           DNSSEC fixes: named could fail to cache NSEC records
                        which could lead to validation failures.  named didn't
                        handle negative DS responses that were in the process
                        of being validated.  Check CNAME bit before accepting
                        NODATA proof. To be able to ignore a child NSEC there
                        must be SOA (and NS) set in the bitmap. [RT #16399]

2116.   [bug]           'rndc reload' could cause the cache to continually
                        be cleaned. [RT #16401]

2115.   [bug]           'rndc reconfig' could trigger a INSIST if the
                        number of masters for a zone was reduced. [RT #16444]

2114.   [bug]           dig/host/nslookup: searches for names with multiple
                        labels were failing. [RT #16447]

2113.   [bug]           nsupdate: if a zone is specified it should be used
                        for server discover. [RT #16455]

2112.   [security]      Warn if weak RSA exponent is used. [RT #16460]

2111.   [bug]           Fix a number of errors reported by Coverity.
                        [RT #16507]

2110.   [bug]           "minimal-responses yes;" interacted badly with BIND 8
                        priming queries. [RT #16491]

2109.   [port]          libbind: silence aix 5.3 compiler warnings. [RT #16502]

2108.   [func]          DHCID support. [RT #16456]

2107.   [bug]           dighost.c: more cleanup of buffers. [RT #16499]

2106.   [func]          'rndc status' now reports named's version. [RT #16426]

2105.   [func]          GSS-TSIG support (RFC 3645).

2104.   [port]          Fix Solaris SMF error message.

2103.   [port]          Add /usr/sfw to list of locations for OpenSSL
                        under Solaris.

2102.   [port]          Silence Solaris 10 warnings.

2101.   [bug]           OpenSSL version checks were not quite right.
                        [RT #16476]

2100.   [port]          win32: copy libeay32.dll to Build\Debug.
                        Copy Debug\named-checkzone to Debug\named-compilezone.

2099.   [port]          win32: more manifest issues.

2098.   [bug]           Race in rbtdb.c:no_references(), which occasionally
                        triggered an INSIST failure about the node lock
                        reference.  [RT #16411]

2097.   [bug]           named could reference a destroyed memory context
                        after being reloaded / reconfigured. [RT #16428]

2096.   [bug]           libbind: handle applications that fail to detect
                        res_init() failures better.

2095.   [port]          libbind: always prototype inet_cidr_ntop_ipv6() and
                        net_cidr_ntop_ipv6(). [RT #16388]

2094.   [contrib]       Update named-bootconf.  [RT #16404]

2093.   [bug]           named-checkzone -s was broken.

2092.   [bug]           win32: dig, host, nslookup.  Use registry config
                        if resolv.conf does not exist or no nameservers
                        listed. [RT #15877]

2091.   [port]          dighost.c: race condition on cleanup. [RT #16417]

2090.   [port]          win32: Visual C++ 2005 command line manifest support.
                        [RT #16417]

2089.   [security]      Raise the minimum safe OpenSSL versions to
                        OpenSSL 0.9.7l and OpenSSL 0.9.8d.  Versions
                        prior to these have known security flaws which
                        are (potentially) exploitable in named. [RT #16391]

2088.   [security]      Change the default RSA exponent from 3 to 65537.
                        [RT #16391]

2087.   [port]          libisc failed to compile on OS's w/o a vsnprintf.
                        [RT #16382]

2086.   [port]          libbind: FreeBSD now has get*by*_r() functions.
                        [RT #16403]

2085.   [doc]           win32: added index.html and README to zip. [RT #16201]

2084.   [contrib]       dbus update for 9.3.3rc2.

2083.   [port]          win32: Visual C++ 2005 support.

2082.   [doc]           Document 'cache-file' as a test only option.

2081.   [port]          libbind: minor 64-bit portability fix in memcluster.c.
                        [RT #16360]

2080.   [port]          libbind: res_init.c did not compile on older versions
                        of Solaris. [RT #16363]

2079.   [bug]           The lame cache was not handling multiple types
                        correctly. [RT #16361]

2078.   [bug]           dnssec-checkzone output style "default" was badly
                        named.  It is now called "relative". [RT #16326]

2077.   [bug]           'dnssec-signzone -O raw' wasn't outputting the
                        complete signed zone. [RT #16326]

2076.   [bug]           Several files were missing #include <config.h>
                        causing build failures on OSF. [RT #16341]

2075.   [bug]           The spillat timer event handler could leak memory.
                        [RT #16357]

2074.   [bug]           dns_request_createvia2(), dns_request_createvia3(),
                        dns_request_createraw2() and dns_request_createraw3()
                        failed to send multiple UDP requests. [RT #16349]

2073.   [bug]           Incorrect semantics check for update policy "wildcard".
                        [RT #16353]

2072.   [bug]           We were not generating valid HMAC SHA digests.
                        [RT #16320]

2071.   [port]          Test whether gcc accepts -fno-strict-aliasing.
                        [RT #16324]

2070.   [bug]           The remote address was not always displayed when
                        reporting dispatch failures. [RT #16315]

2069.   [bug]           Cross compiling was not working. [RT #16330]

2068.   [cleanup]       Lower incremental tuning message to debug 1.
                        [RT #16319]

2067.   [bug]           'rndc' could close the socket too early triggering
                        a INSIST under Windows. [RT #16317]

2066.   [security]      Handle SIG queries gracefully. [RT #16300]

2065.   [bug]           libbind: probe for HPUX prototypes for
                        endprotoent_r() and endservent_r().  [RT 16313]

2064.   [bug]           libbind: silence AIX compiler warnings. [RT #16218]

2063.   [bug]           Change #1955 introduced a bug which caused the first
                        'rndc flush' call to not free memory. [RT #16244]

2062.   [bug]           'dig +nssearch' was reusing a buffer before it had
                        been returned by the socket code. [RT #16307]

2061.   [bug]           Accept expired wildcard message reversed. [RT #16296]

2060.   [bug]           Enabling DLZ support could leave views partially
                        configured. [RT #16295]

2059.   [bug]           Search into cache rbtdb could trigger an INSIST
                        failure while cleaning up a stale rdataset.
                        [RT #16292]

2058.   [bug]           Adjust how we calculate rtt estimates in the presence
                        of authoritative servers that drop EDNS and/or CD
                        requests.  Also fallback to EDNS/512 and plain DNS
                        faster for zones with less than 3 servers.  [RT #16187]

2057.   [bug]           Make setting "ra" dependent on both allow-query-cache
                        and allow-recursion. [RT #16290]

2056.   [bug]           dig: ixfr= was not being treated case insensitively
                        at all times. [RT #15955]

2055.   [bug]           Missing goto after dropping multicast query.
                        [RT #15944]

2054.   [port]          freebsd: do not explicitly link against -lpthread.
                        [RT #16170]

2053.   [port]          netbsd:libbind: silence compiler warnings. [RT #16220]

2052.   [bug]           'rndc' improve connect failed message to report
                        the failing address. [RT #15978]

2051.   [port]          More strtol() fixes. [RT #16249]

2050.   [bug]           Parsing of NSAP records was not case insensitive.
                        [RT #16287]

2049.   [bug]           Restore SOA before AXFR when falling back from
                        a attempted IXFR when transferring in a zone.
                        Allow a initial SOA query before attempting
                        a AXFR to be requested. [RT #16156]

2048.   [bug]           It was possible to loop forever when using
                        avoid-v4-udp-ports / avoid-v6-udp-ports when
                        the OS always returned the same local port.
                        [RT #16182]

2047.   [bug]           Failed to initialize the interface flags to zero.
                        [RT #16245]

2046.   [bug]           rbtdb.c:rdataset_setadditional() could cause duplicate
                        cleanup [RT #16247].

2045.   [func]          Use lock buckets for acache entries to limit memory
                        consumption. [RT #16183]

2044.   [port]          Add support for atomic operations for Itanium.
                        [RT #16179]

2043.   [port]          nsupdate/nslookup: Force the flushing of the prompt
                        for interactive sessions. [RT #16148]

2042.   [bug]           named-checkconf was incorrectly rejecting the
                        logging category "config". [RT #16117]

2041.   [bug]           "configure --with-dlz-bdb=yes" produced a bad
                        set of libraries to be linked. [RT #16129]

2040.   [bug]           rbtdb no_references() could trigger an INSIST
                        failure with --enable-atomic.  [RT #16022]

2039.   [func]          Check that all buffers passed to the socket code
                        have been retrieved when the socket event is freed.
                        [RT #16122]

2038.   [bug]           dig/nslookup/host was unlinking from wrong list
                        when handling errors. [RT #16122]

2037.   [func]          When unlinking the first or last element in a list
                        check that the list head points to the element to
                        be unlinked. [RT #15959]

2036.   [bug]           'rndc recursing' could cause trigger a REQUIRE.
                        [RT #16075]

2035.   [func]          Make falling back to TCP on UDP refresh failure
                        optional. Default "try-tcp-refresh yes;" for BIND 8
                        compatibility. [RT #16123]

2034.   [bug]           gcc: set -fno-strict-aliasing. [RT #16124]

2033.   [bug]           We weren't creating multiple client memory contexts
                        on demand as expected. [RT #16095]

2032.   [bug]           Remove a INSIST in query_addadditional2(). [RT #16074]

2031.   [bug]           Emit a error message when "rndc refresh" is called on
                        a non slave/stub zone. [RT # 16073]

2030.   [bug]           We were being overly conservative when disabling
                        openssl engine support. [RT #16030]

2029.   [bug]           host printed out the server multiple times when
                        specified on the command line. [RT #15992]

2028.   [port]          linux: socket.c compatibility for old systems.
                        [RT #16015]

2027.   [port]          libbind: Solaris x86 support. [RT #16020]

2026.   [bug]           Rate limit the two recursive client exceeded messages.
                        [RT #16044]

2025.   [func]          Update "zone serial unchanged" message. [RT #16026]

2024.   [bug]           named emitted spurious "zone serial unchanged"
                        messages on reload. [RT #16027]

2023.   [bug]           "make install" should create ${localstatedir}/run and
                        ${sysconfdir} if they do not exist. [RT #16033]

2022.   [bug]           If dnssec validation is disabled only assert CD if
                        CD was requested. [RT #16037]

2021.   [bug]           dnssec-enable no; triggered a REQUIRE. [RT #16037]

2020.   [bug]           rdataset_setadditional() could leak memory. [RT #16034]

2019.   [tuning]        Reduce the amount of work performed per quantum
                        when cleaning the cache. [RT #15986]

2018.   [bug]           Checking if the HMAC MD5 private file was broken.
                        [RT #15960]

2017.   [bug]           allow-query default was not correct. [RT #15946]

2016.   [bug]           Return a partial answer if recursion is not
                        allowed but requested and we had the answer
                        to the original qname. [RT #15945]

2015.   [cleanup]       use-additional-cache is now acache-enable for
                        consistency.  Default acache-enable off in BIND 9.4
                        as it requires memory usage to be configured.
                        It may be enabled by default in BIND 9.5 once we
                        have more experience with it.

2014.   [func]          Statistics about acache now recorded and sent
                        to log. [RT #15976]

2013.   [bug]           Handle unexpected TSIGs on unsigned AXFR/IXFR
                        responses more gracefully. [RT #15941]

2012.   [func]          Don't insert new acache entries if acache is full.
                        [RT #15970]

2011.   [func]          dnssec-signzone can now update the SOA record of
                        the signed zone, either as an increment or as the
                        system time(). [RT #15633]

2010.   [placeholder]   rt15958

2009.   [bug]           libbind: Coverity fixes. [RT #15808]

2008.   [func]          It is now possible to enable/disable DNSSEC
                        validation from rndc.  This is useful for the
                        mobile hosts where the current connection point
                        breaks DNSSEC (firewall/proxy).  [RT #15592]

                                rndc validation newstate [view]

2007.   [func]          It is now possible to explicitly enable DNSSEC
                        validation.  default dnssec-validation no; to
                        be changed to yes in 9.5.0.  [RT #15674]

2006.   [security]      Allow-query-cache and allow-recursion now default
                        to the built in acls "localnets" and "localhost".

                        This is being done to make caching servers less
                        attractive as reflective amplifying targets for
                        spoofed traffic.  This still leave authoritative
                        servers exposed.

                        The best fix is for full BCP 38 deployment to
                        remove spoofed traffic.

2005.   [bug]           libbind: Retransmission timeouts should be
                        based on which attempt it is to the nameserver
                        and not the nameserver itself. [RT #13548]

2004.   [bug]           dns_tsig_sign() could pass a NULL pointer to
                        dst_context_destroy() when cleaning up after a
                        error. [RT #15835]

2003.   [bug]           libbind: The DNS name/address lookup functions could
                        occasionally follow a random pointer due to
                        structures not being completely zeroed. [RT #15806]

2002.   [bug]           libbind: tighten the constraints on when
                        struct addrinfo._ai_pad exists.  [RT #15783]

2001.   [func]          Check the KSK flag when updating a secure dynamic zone.
                        New zone option "update-check-ksk yes;".  [RT #15817]

2000.   [bug]           memmove()/strtol() fix was incomplete. [RT #15812]

1999.   [func]          Implement "rrset-order fixed". [RT #13662]

1998.   [bug]           Restrict handling of fifos as sockets to just SunOS.
                        This allows named to connect to entropy gathering
                        daemons that use fifos instead of sockets. [RT #15840]

1997.   [bug]           Named was failing to replace negative cache entries
                        when a positive one for the type was learnt.
                        [RT #15818]

1996.   [bug]           nsupdate: if a zone has been specified it should
                        appear in the output of 'show'. [RT #15797]

1995.   [bug]           'host' was reporting multiple "is an alias" messages.
                        [RT #15702]

1994.   [port]          OpenSSL 0.9.8 support. [RT #15694]

1993.   [bug]           Log messages, via syslog, were missing the space
                        after the timestamp if "print-time yes" was specified.
                        [RT #15844]

1992.   [bug]           Not all incoming zone transfer messages included the
                        view.  [RT #15825]

1991.   [cleanup]       The configuration data, once read, should be treated
                        as read only.  Expand the use of const to enforce this
                        at compile time. [RT #15813]

1990.   [bug]           libbind:  isc's override of broken gettimeofday()
                        implementations was not always effective.
                        [RT #15709]

1989.   [bug]           win32: don't check the service password when
                        re-installing. [RT #15882]

1988.   [bug]           Remove a bus error from the SHA256/SHA512 support.
                        [RT #15878]

1987.   [func]          DS/DLV SHA256 digest algorithm support. [RT #15608]

1986.   [func]          Report when a zone is removed. [RT #15849]

1985.   [protocol]      DLV has now been assigned a official type code of
                        32769. [RT #15807]

                        Note: care should be taken to ensure you upgrade
                        both named and dnssec-signzone at the same time for
                        zones with DLV records where named is the master
                        server for the zone.  Also any zones that contain
                        DLV records should be removed when upgrading a slave
                        zone.  You do not however have to upgrade all
                        servers for a zone with DLV records simultaneously.

1984.   [func]          dig, nslookup and host now advertise a 4096 byte
                        EDNS UDP buffer size by default. [RT #15855]

1983.   [func]          Two new update policies.  "selfsub" and "selfwild".
                        [RT #12895]

1982.   [bug]           DNSKEY was being accepted on the parent side of
                        a delegation.  KEY is still accepted there for
                        RFC 3007 validated updates. [RT #15620]

1981.   [bug]           win32: condition.c:wait() could fail to reattain
                        the mutex lock.

1980.   [func]          dnssec-signzone: output the SOA record as the
                        first record in the signed zone. [RT #15758]

1979.   [port]          linux: allow named to drop core after changing
                        user ids. [RT #15753]

1978.   [port]          Handle systems which have a broken recvmsg().
                        [RT #15742]

1977.   [bug]           Silence noisy log message. [RT #15704]

1976.   [bug]           Handle systems with no IPv4 addresses. [RT #15695]

1975.   [bug]           libbind: isc_gethexstring() could misparse multi-line
                        hex strings with comments. [RT #15814]

1974.   [doc]           List each of the zone types and associated zone
                        options separately in the ARM.

1973.   [func]          TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
                        HMACSHA512 support. [RT #13606]

1972.   [contrib]       DBUS dynamic forwarders integration from
                        Jason Vas Dias <[email protected]>.

1971.   [port]          linux: make detection of missing IF_NAMESIZE more
                        robust. [RT #15443]

1970.   [bug]           nsupdate: adjust UDP timeout when falling back to
                        unsigned SOA query. [RT #15775]

1969.   [bug]           win32: the socket code was freeing the socket
                        structure too early. [RT #15776]

1968.   [bug]           Missing lock in resolver.c:validated(). [RT #15739]

1967.   [func]          dig/nslookup/host: warn about missing "QR". [RT #15779]

1966.   [bug]           Don't set CD when we have fallen back to plain DNS.
                        [RT #15727]

1965.   [func]          Suppress spurious "recursion requested but not
                        available" warning with 'dig +qr'. [RT #15780].

1964.   [func]          Separate out MX and SRV to CNAME checks. [RT #15723]

1963.   [port]          Tru64 4.0E doesn't support send() and recv().
                        [RT #15586]

1962.   [bug]           Named failed to clear old update-policy when it
                        was removed. [RT #15491]

1961.   [bug]           Check the port and address of responses forwarded
                        to dispatch. [RT #15474]

1960.   [bug]           Update code should set NSEC ttls from SOA MINIMUM.
                        [RT #15465]

1959.   [func]          Control the zeroing of the negative response TTL to
                        a soa query.  Defaults "zero-no-soa-ttl yes;" and
                        "zero-no-soa-ttl-cache no;". [RT #15460]

1958.   [bug]           Named failed to update the zone's secure state
                        until the zone was reloaded. [RT #15412]

1957.   [bug]           Dig mishandled responses to class ANY queries.
                        [RT #15402]

1956.   [bug]           Improve cross compile support, 'gen' is now built
                        by native compiler.  See README for additional
                        cross compile support information. [RT #15148]

1955.   [bug]           Pre-allocate the cache cleaning iterator. [RT #14998]

1954.   [func]          Named now falls back to advertising EDNS with a
                        512 byte receive buffer if the initial EDNS queries
                        fail.  [RT #14852]

1953.   [func]          The maximum EDNS UDP response named will send can
                        now be set in named.conf (max-udp-size).  This is
                        independent of the advertised receive buffer
                        (edns-udp-size). [RT #14852]

1952.   [port]          hpux: tell the linker to build a runtime link
                        path "-Wl,+b:". [RT #14816].

1951.   [security]      Drop queries from particular well known ports.
                        Don't return FORMERR to queries from particular
                        well known ports.  [RT #15636]

1950.   [port]          Solaris 2.5.1 and earlier cannot bind() then connect()
                        a TCP socket. This prevents the source address being
                        set for TCP connections. [RT #15628]

1949.   [func]          Addition memory leakage checks. [RT #15544]

1948.   [bug]           If was possible to trigger a REQUIRE failure in
                        xfrin.c:maybe_free() if named ran out of memory.
                        [RT #15568]

1947.   [func]          It is now possible to configure named to accept
                        expired RRSIGs.  Default "dnssec-accept-expired no;".
                        Setting "dnssec-accept-expired yes;" leaves named
                        vulnerable to replay attacks.  [RT #14685]

1946.   [bug]           resume_dslookup() could trigger a REQUIRE failure
                        when using forwarders. [RT #15549]

1945.   [cleanup]       dnssec-keygen: RSA (RSAMD5) is no longer recommended.
                        To generate a RSAMD5 key you must explicitly request
                        RSAMD5. [RT #13780]

1944.   [cleanup]       isc_hash_create() does not need a read/write lock.
                        [RT #15522]

1943.   [bug]           Set the loadtime after rolling forward the journal.
                        [RT #15647]

1942.   [bug]           If the name of a DNSKEY match that of one in
                        trusted-keys do not attempt to validate the DNSKEY
                        using the parents DS RRset. [RT #15649]

1941.   [bug]           ncache_adderesult() should set eresult even if no
                        rdataset is passed to it. [RT #15642]

1940.   [bug]           Fixed a number of error conditions reported by
                        Coverity.

1939.   [bug]           The resolver could dereference a null pointer after
                        validation if all the queries have timed out.
                        [RT #15528]

1938.   [bug]           The validator was not correctly handling unsecure
                        negative responses at or below a SEP. [RT #15528]

1937.   [bug]           sdlz doesn't handle RRSIG records. [RT #15564]

1936.   [bug]           The validator could leak memory. [RT #15544]

1935.   [bug]           'acache' was DO sensitive. [RT #15430]

1934.   [func]          Validate pending NS RRsets, in the authority section,
                        prior to returning them if it can be done without
                        requiring DNSKEYs to be fetched.  [RT #15430]

1933.   [bug]           dump_rdataset_raw() had a incorrect INSIST. [RT #15534]

1932.   [bug]           hpux: LDFLAGS was getting corrupted. [RT #15530]

1931.   [bug]           Per-client mctx could require a huge amount of memory,
                        particularly for a busy caching server. [RT #15519]

1930.   [port]          HPUX: ia64 support. [RT #15473]

1929.   [port]          FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.

1928.   [bug]           Race in rbtdb.c:currentversion(). [RT #15517]

1927.   [bug]           Access to soanode or nsnode in rbtdb violated the
                        lock order rule and could cause a dead lock.
                        [RT #15518]

1926.   [bug]           The Windows installer did not check for empty
                        passwords.  BINDinstall was being installed in
                        the wrong place. [RT #15483]

1925.   [port]          All outer level AC_TRY_RUNs need cross compiling
                        defaults. [RT #15469]

1924.   [port]          libbind: hpux ia64 support. [RT #15473]

1923.   [bug]           ns_client_detach() called too early. [RT #15499]

1922.   [bug]           check-tool.c:setup_logging() missing call to
                        dns_log_setcontext().

1921.   [bug]           Client memory contexts were not using internal
                        malloc. [RT #15434]

1920.   [bug]           The cache rbtdb lock array was too small to
                        have the desired performance characteristics.
                        [RT #15454]

1919.   [contrib]       queryperf: a set of new features: collecting/printing
                        response delays, printing intermediate results, and
                        adjusting query rate for the "target" qps.

1918.   [bug]           Memory leak when checking acls. [RT #15391]

1917.   [doc]           funcsynopsisinfo wasn't being treated as verbatim
                        when generating man pages. [RT #15385]

1916.   [func]          Integrate contributed IDN code from JPNIC. [RT #15383]

1915.   [bug]           dig +ndots was broken. [RT #15215]

1914.   [protocol]      DS is required to accept mnemonic algorithms
                        (RFC 4034).  Still emit numeric algorithms for
                        compatibility with RFC 3658. [RT #15354]

1913.   [func]          Integrate contributed DLZ code into named. [RT #11382]

1912.   [port]          aix: atomic locking for powerpc. [RT #15020]

1911.   [bug]           Update windows socket code. [RT #14965]

1910.   [bug]           dig's +sigchase code overhauled. [RT #14933]

1909.   [bug]           The DLV code has been re-worked to make no longer
                        query order sensitive. [RT #14933]

1908.   [func]          dig now warns if 'RA' is not set in the answer when
                        'RD' was set in the query.  host/nslookup skip servers
                        that fail to set 'RA' when 'RD' is set unless a server
                        is explicitly set.  [RT #15005]

1907.   [func]          host/nslookup now continue (default)/fail on SERVFAIL.
                        [RT #15006]

1906.   [func]          dig now has a '-q queryname' and '+showsearch' options.
                        [RT #15034]

1905.   [bug]           Strings returned from cfg_obj_asstring() should be
                        treated as read-only.  The prototype for
                        cfg_obj_asstring() has been updated to reflect this.
                        [RT #15256]

1904.   [func]          Automatic empty zone creation for D.F.IP6.ARPA and
                        friends.  Note: RFC 1918 zones are not yet covered by
                        this but are likely to be in a future release.

                        New options: empty-server, empty-contact,
                        empty-zones-enable and disable-empty-zone.

1903.   [func]          ISC string copy API.

1902.   [func]          Attempt to make the amount of work performed in a
                        iteration self tuning.  The covers nodes clean from
                        the cache per iteration, nodes written to disk when
                        rewriting a master file and nodes destroyed per
                        iteration when destroying a zone or a cache.
                        [RT #14996]

1901.   [cleanup]       Don't add DNSKEY records to the additional section.

1900.   [bug]           ixfr-from-differences failed to ensure that the
                        serial number increased. [RT #15036]

1899.   [func]          named-checkconf now validates update-policy entries.
                        [RT #14963]

1898.   [bug]           Extend ISC_SOCKADDR_FORMATSIZE and
                        ISC_NETADDR_FORMATSIZE to allow for scope details.

1897.   [func]          x86 and x86_64 now have separate atomic locking
                        implementations.

1896.   [bug]           Recursive clients soft quota support wasn't working
                        as expected. [RT #15103]

1895.   [bug]           A escaped character is, potentially, converted to
                        the output character set too early. [RT #14666]

1894.   [doc]           Review ARM for BIND 9.4.

1893.   [port]          Use uintptr_t if available. [RT #14606]

1892.   [func]          Support for SPF rdata type. [RT #15033]

1891.   [port]          freebsd: pthread_mutex_init can fail if it runs out
                        of memory. [RT #14995]

1890.   [func]          Raise the UDP receive buffer size to 32k if it is
                        less than 32k. [RT #14953]

1889.   [port]          sunos: non blocking i/o support. [RT #14951]

1888.   [func]          Support for IPSECKEY rdata type. [RT #14967]

1887.   [bug]           The cache could delete expired records too fast for
                        clients with a virtual time in the past. [RT #14991]

1886.   [bug]           fctx_create() could return success even though it
                        failed. [RT #14993]

1885.   [func]          dig: report the number of extra bytes still left in
                        the packet after processing all the records.

1884.   [cleanup]       dighost.c: move external declarations into <dig/dig.h>.

1883.   [bug]           dnssec-signzone, dnssec-keygen: handle negative debug
                        levels. [RT #14962]

1882.   [func]          Limit the number of recursive clients that can be
                        waiting for a single query (<qname,qtype,qclass>) to
                        resolve.  New options clients-per-query and
                        max-clients-per-query.

1881.   [func]          Add a system test for named-checkconf. [RT #14931]

1880.   [func]          The lame cache is now done on a <qname,qclass,qtype>
                        basis as some servers only appear to be lame for
                        certain query types.  [RT #14916]

1879.   [func]          "USE INTERNAL MALLOC" is now runtime selectable.
                        [RT #14892]

1878.   [func]          Detect duplicates of UDP queries we are recursing on
                        and drop them.  New stats category "duplicate".
                        [RT #2471]

1877.   [bug]           Fix unreasonably low quantum on call to
                        dns_rbt_destroy2().  Remove unnecessary unhash_node()
                        call. [RT #14919]

1876.   [func]          Additional memory debugging support to track size
                        and mctx arguments. [RT #14814]

1875.   [bug]           process_dhtkey() was using the wrong memory context
                        to free some memory. [RT #14890]

1874.   [port]          sunos: portability fixes. [RT #14814]

1873.   [port]          win32: isc__errno2result() now reports its caller.
                        [RT #13753]

1872.   [port]          win32: Handle ERROR_NETNAME_DELETED.  [RT #13753]

1871.   [placeholder]

1870.   [func]          Added framework for handling multiple EDNS versions.
                        [RT #14873]

1869.   [func]          dig can now specify the EDNS version when making
                        a query. [RT #14873]

1868.   [func]          edns-udp-size can now be overridden on a per
                        server basis. [RT #14851]

1867.   [bug]           It was possible to trigger a INSIST in
                        dlv_validatezonekey(). [RT #14846]

1866.   [bug]           resolv.conf parse errors were being ignored by
                        dig/host/nslookup. [RT #14841]

1865.   [bug]           Silently ignore nameservers in /etc/resolv.conf with
                        bad addresses. [RT #14841]

1864.   [bug]           Don't try the alternative transfer source if you
                        got a answer / transfer with the main source
                        address. [RT #14802]

1863.   [bug]           rrset-order "fixed" error messages not complete.

1862.   [func]          Add additional zone data constancy checks.
                        named-checkzone has extended checking of NS, MX and
                        SRV record and the hosts they reference.
                        named has extended post zone load checks.
                        New zone options: check-mx and integrity-check.
                        [RT #4940]

1861.   [bug]           dig could trigger a INSIST on certain malformed
                        responses. [RT #14801]

1860.   [port]          solaris 2.8: hack_shutup_pthreadmutexinit was
                        incorrectly set. [RT #14775]

1859.   [func]          Add support for CH A record. [RT #14695]

1858.   [bug]           The flush-zones-on-shutdown option wasn't being
                        parsed. [RT #14686]

1857.   [bug]           named could trigger a INSIST() if reconfigured /
                        reloaded too fast.  [RT #14673]

1856.   [doc]           Switch Docbook toolchain from DSSSL to XSL.
                        [RT #11398]

1855.   [bug]           ixfr-from-differences was failing to detect changes
                        of ttl due to dns_diff_subtract() was ignoring the ttl
                        of records.  [RT #14616]

1854.   [bug]           lwres also needs to know the print format for
                        (long long).  [RT #13754]

1853.   [bug]           Rework how DLV interacts with proveunsecure().
                        [RT #13605]

1852.   [cleanup]       Remove last vestiges of dnssec-signkey and
                        dnssec-makekeyset (removed from Makefile years ago).

1851.   [doc]           Doxygen comment markup. [RT #11398]

1850.   [bug]           Memory leak in lwres_getipnodebyaddr(). [RT #14591]

1849.   [doc]           All forms of the man pages (docbook, man, html) should
                        have consistent copyright dates.

1848.   [bug]           Improve SMF integration. [RT #13238]

1847.   [bug]           isc_ondestroy_init() is called too late in
                        dns_rbtdb_create()/dns_rbtdb64_create().
                        [RT #13661]

1846.   [contrib]       query-loc-0.3.0 from Stephane Bortzmeyer
                        <[email protected]>.

1845.   [bug]           Improve error reporting to distinguish between
                        accept()/fcntl() and socket()/fcntl() errors.
                        [RT #13745]

1844.   [bug]           inet_pton() accepted more that 4 hexadecimal digits
                        for each 16 bit piece of the IPv6 address.  The text
                        representation of a IPv6 address has been tightened
                        to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
                        [RT #5662]

1843.   [cleanup]       CINCLUDES takes precedence over CFLAGS.  This helps
                        when CFLAGS contains "-I /usr/local/include"
                        resulting in old header files being used.

1842.   [port]          cmsg_len() could produce incorrect results on
                        some platform. [RT #13744]

1841.   [bug]           "dig +nssearch" now makes a recursive query to
                        find the list of nameservers to query. [RT #13694]

1840.   [func]          dnssec-signzone can now randomize signature end times
                        (dnssec-signzone -j jitter). [RT #13609]

1839.   [bug]           <isc/hash.h> was not being installed.

1838.   [cleanup]       Don't allow Linux capabilities to be inherited.
                        [RT #13707]

1837.   [bug]           Compile time option ISC_FACILITY was not effective
                        for 'named -u <user>'.  [RT #13714]

1836.   [cleanup]       Silence compiler warnings in hash_test.c.

1835.   [bug]           Update dnssec-signzone's usage message. [RT #13657]

1834.   [bug]           Bad memset in rdata_test.c. [RT #13658]

1833.   [bug]           Race condition in isc_mutex_lock_profile(). [RT #13660]

1832.   [bug]           named fails to return BADKEY on unknown TSIG algorithm.
                        [RT #13620]

1831.   [doc]           Update named-checkzone documentation. [RT #13604]

1830.   [bug]           adb lame cache has sense of test reversed. [RT #13600]

1829.   [bug]           win32: "pid-file none;" broken. [RT #13563]

1828.   [bug]           isc_rwlock_init() failed to properly cleanup if it
                        encountered a error. [RT #13549]

1827.   [bug]           host: update usage message for '-a'. [RT #37116]

1826.   [bug]           Missing DESTROYLOCK() in isc_mem_createx() on out
                        of memory error. [RT #13537]

1825.   [bug]           Missing UNLOCK() on out of memory error from in
                        rbtdb.c:subtractrdataset(). [RT #13519]

1824.   [bug]           Memory leak on dns_zone_setdbtype() failure.
                        [RT #13510]

1823.   [bug]           Wrong macro used to check for point to point interface.
                        [RT #13418]

1822.   [bug]           check-names test for RT was reversed. [RT #13382]

1821.   [placeholder]

1820.   [bug]           Gracefully handle acl loops. [RT #13659]

1819.   [bug]           The validator needed to check both the algorithm and
                        digest types of the DS to determine if it could be
                        used to introduce a secure zone. [RT #13593]

1818.   [bug]           'named-checkconf -z' triggered an INSIST. [RT #13599]

1817.   [func]          Add support for additional zone file formats for
                        improving loading performance.  The masterfile-format
                        option in named.conf can be used to specify a
                        non-default format.  A separate command
                        named-compilezone was provided to generate zone files
                        in the new format.  Additionally, the -I and -O options
                        for dnssec-signzone specify the input and output
                        formats.

1816.   [port]          UnixWare: failed to compile lib/isc/unix/net.c.
                        [RT #13597]

1815.   [bug]           nsupdate triggered a REQUIRE if the server was set
                        without also setting the zone and it encountered
                        a CNAME and was using TSIG.  [RT #13086]

1814.   [func]          UNIX domain controls are now supported.

1813.   [func]          Restructured the data locking framework using
                        architecture dependent atomic operations (when
                        available), improving response performance on
                        multi-processor machines significantly.
                        x86, x86_64, alpha, powerpc, and mips are currently
                        supported.

1812.   [port]          win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
                        [RT #13453]

1811.   [func]          Preserve the case of domain names in rdata during
                        zone transfers. [RT #13547]

1810.   [bug]           configure, lib/bind/configure make different default
                        decisions about whether to do a threaded build.
                        [RT #13212]

1809.   [bug]           "make distclean" failed for libbind if the platform
                        is not supported.

1808.   [bug]           zone.c:notify_zone() contained a race condition,
                        zone->db could change underneath it.  [RT #13511]

1807.   [bug]           When forwarding (forward only) set the active domain
                        from the forward zone name. [RT #13526]

1806.   [bug]           The resolver returned the wrong result when a CNAME /
                        DNAME was encountered when fetching glue from a
                        secure namespace. [RT #13501]

1805.   [bug]           Pending status was not being cleared when DLV was
                        active. [RT #13501]

1804.   [bug]           Ensure that if we are queried for glue that it fits
                        in the additional section or TC is set to tell the
                        client to retry using TCP. [RT #10114]

1803.   [bug]           dnssec-signzone sometimes failed to remove old
                        RRSIGs. [RT #13483]

1802.   [bug]           Handle connection resets better. [RT #11280]

1801.   [func]          Report differences between hints and real NS rrset
                        and associated address records.

1800.   [bug]           Changes #1719 allowed a INSIST to be triggered.
                        [RT #13428]

1799.   [bug]           'rndc flushname' failed to flush negative cache
                        entries. [RT #13438]

1798.   [func]          The server syntax has been extended to support a
                        range of servers.  [RT #11132]

1797.   [func]          named-checkconf now check acls to verify that they
                        only refer to existing acls. [RT #13101]

1796.   [func]          "rndc freeze/thaw" now freezes/thaws all zones.

1795.   [bug]           "rndc dumpdb" was not fully documented.  Minor
                        formatting issues with "rndc dumpdb -all".  [RT #13396]

1794.   [func]          Named and named-checkzone can now both check for
                        non-terminal wildcard records.

1793.   [func]          Extend adjusting TTL warning messages. [RT #13378]

1792.   [func]          New zone option "notify-delay".  Specify a minimum
                        delay between sets of NOTIFY messages.

1791.   [bug]           'host -t a' still printed out AAAA and MX records.
                        [RT #13230]

1790.   [cleanup]       Move lib/dns/sec/dst up into lib/dns.  This should
                        allow parallel make to succeed.

1789.   [bug]           Prerequisite test for tkey and dnssec could fail
                        with "configure --with-libtool".

1788.   [bug]           libbind9.la/libbind9.so needs to link against
                        libisccfg.la/libisccfg.so.

1787.   [port]          HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.

1786.   [port]          AIX: libt_api needs to be taught to look for
                        T_testlist in the main executable (--with-libtool).
                        [RT #13239]

1785.   [bug]           libbind9.la/libbind9.so needs to link against
                        libisc.la/libisc.so.

1784.   [cleanup]       "libtool -allow-undefined" is the default.
                        Leave hooks in configure to allow it to be set
                        if needed in the future.

1783.   [cleanup]       We only need one copy of libtool.m4, ltmain.sh in the
                        source tree.

1782.   [port]          OSX: --with-libtool + --enable-libbind broke on
                        __evOptMonoTime.  [RT #13219]

1781.   [port]          FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]

1780.   [bug]           Update libtool to 1.5.10.

1779.   [port]          OSF 5.1: libtool didn't handle -pthread correctly.

1778.   [port]          HUX 11.11: fix broken IN6ADDR_ANY_INIT and
                        IN6ADDR_LOOPBACK_INIT macros.

1777.   [port]          OSF 5.1: fix broken IN6ADDR_ANY_INIT and
                        IN6ADDR_LOOPBACK_INIT macros.

1776.   [port]          Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
                        IN6ADDR_LOOPBACK_INIT macros.

1775.   [bug]           Only compile getnetent_r.c when threaded. [RT #13205]

1774.   [port]          Aix: Silence compiler warnings / build failures.
                        [RT #13154]

1773.   [bug]           Fast retry on host / net unreachable. [RT #13153]

1772.   [placeholder]

1771.   [placeholder]

1770.   [bug]           named-checkconf failed to report missing a missing
                        file clause for rbt{64} master/hint zones. [RT #13009]

1769.   [port]          win32: change compiler flags /MTd ==> /MDd,
                        /MT ==> /MD.

1768.   [bug]           nsecnoexistnodata() could be called with a non-NSEC
                        rdataset. [RT #12907]

1767.   [port]          Builds on IPv6 platforms without IPv6 Advanced API
                        support for (struct in6_pktinfo) failed.  [RT #13077]

1766.   [bug]           Update the master file timestamp on successful refresh
                        as well as the journal's timestamp. [RT #13062]

1765.   [bug]           configure --with-openssl=auto failed. [RT #12937]

1764.   [bug]           dns_zone_replacedb failed to emit a error message
                        if there was no SOA record in the replacement db.
                        [RT #13016]

1763.   [func]          Perform sanity checks on NS records which refer to
                        'in zone' names. [RT #13002]

1762.   [bug]           isc_interfaceiter_create() could return ISC_R_SUCCESS
                        even when it failed. [RT #12995]

1761.   [bug]           'rndc dumpdb' didn't report unassociated entries.
                        [RT #12971]

1760.   [bug]           Host / net unreachable was not penalising rtt
                        estimates. [RT #12970]

1759.   [bug]           Named failed to startup if the OS supported IPv6
                        but had no IPv6 interfaces configured. [RT #12942]

1758.   [func]          Don't send notify messages to self. [RT #12933]

1757.   [func]          host now can turn on memory debugging flags with '-m'.

1756.   [func]          named-checkconf now checks the logging configuration.
                        [RT #12352]

1755.   [func]          allow-update is now settable at the options / view
                        level. [RT #6636]

1754.   [bug]           We weren't always attempting to query the parent
                        server for the DS records at the zone cut.
                        [RT #12774]

1753.   [bug]           Don't serve a slave zone which has no NS records.
                        [RT #12894]

1752.   [port]          Move isc_app_start() to after ns_os_daemonise()
                        as some fork() implementations unblock the signals
                        that are blocked by isc_app_start(). [RT #12810]

1751.   [bug]           --enable-getifaddrs failed under linux. [RT #12867]

1750.   [port]          lib/bind/make/rules.in:subdirs was not bash friendly.
                        [RT #12864]
1749.   [bug]           'check-names response ignore;' failed to ignore.
                        [RT #12866]

1748.   [func]          dig now returns the byte count for axfr/ixfr.

1747.   [bug]           BIND 8 compatibility: named/named-checkconf failed
                        to parse "host-statistics-max" in named.conf.

1746.   [func]          Make public the function to read a key file,
                        dst_key_read_public(). [RT #12450]

1745.   [bug]           Dig/host/nslookup accept replies from link locals
                        regardless of scope if no scope was specified when
                        query was sent. [RT #12745]

1744.   [bug]           If tuple2msgname() failed to convert a tuple to
                        a name a REQUIRE could be triggered. [RT #12796]

1743.   [bug]           If isc_taskmgr_create() was not able to create the
                        requested number of worker threads then destruction
                        of the manager would trigger an INSIST() failure.
                        [RT #12790]

1742.   [bug]           Deleting all records at a node then adding a
                        previously existing record, in a single UPDATE
                        transaction, failed to leave / regenerate the
                        associated RRSIG records. [RT #12788]

1741.   [bug]           Deleting all records at a node in a secure zone
                        using a update-policy grant failed. [RT #12787]

1740.   [bug]           Replace rbt's hash algorithm as it performed badly
                        with certain zones. [RT #12729]

                        NOTE: a hash context now needs to be established
                        via isc_hash_create() if the application was not
                        already doing this.

1739.   [bug]           dns_rbt_deletetree() could incorrectly return
                        ISC_R_QUOTA.  [RT #12695]

1738.   [bug]           Enable overrun checking by default. [RT #12695]

1737.   [bug]           named failed if more than 16 masters were specified.
                        [RT #12627]

1736.   [bug]           dst_key_fromnamedfile() could fail to read a
                        public key. [RT #12687]

1735.   [bug]           'dig +sigtrace' could die with a REQUIRE failure.
                        [RE #12688]

1734.   [cleanup]       'rndc-confgen -a -t' remove extra '/' in path.
                        [RT #12588]

1733.   [bug]           Return non-zero exit status on initial load failure.
                        [RT #12658]

1732.   [bug]           'rrset-order name "*"' wasn't being applied to ".".
                        [RT #12467]

1731.   [port]          darwin: relax version test in ifconfig.sh.
                        [RT #12581]

1730.   [port]          Determine the length type used by the socket API.
                        [RT #12581]

1729.   [func]          Improve check-names error messages.

1728.   [doc]           Update check-names documentation.

1727.   [bug]           named-checkzone: check-names support didn't match
                        documentation.

1726.   [port]          aix5: add support for aix5.

1725.   [port]          linux: update error message on interaction of threads,
                        capabilities and setuid support (named -u). [RT #12541]

1724.   [bug]           Look for DNSKEY records with "dig +sigtrace".
                        [RT #12557]

1723.   [cleanup]       Silence compiler warnings from t_tasks.c. [RT #12493]

1722.   [bug]           Don't commit the journal on malformed ixfr streams.
                        [RT #12519]

1721.   [bug]           Error message from the journal processing were not
                        always identifying the relevant journal. [RT #12519]

1720.   [bug]           'dig +chase' did not terminate on a RFC 2308 Type 1
                        negative response. [RT #12506]

1719.   [bug]           named was not correctly caching a RFC 2308 Type 1
                        negative response. [RT #12506]

1718.   [bug]           nsupdate was not handling RFC 2308 Type 3 negative
                        responses when looking for the zone / master server.
                        [RT #12506]

1717.   [port]          solaris: ifconfig.sh did not support Solaris 10.
                        "ifconfig.sh down" didn't work for Solaris 9.

1716.   [doc]           named.conf(5) was being installed in the wrong
                        location.  [RT #12441]

1715.   [func]          'dig +trace' now randomly selects the next servers
                        to try.  Report if there is a bad delegation.

1714.   [bug]           dig/host/nslookup were only trying the first
                        address when a nameserver was specified by name.
                        [RT #12286]

1713.   [port]          linux: extend capset failure message to say:
                        please ensure that the capset kernel module is
                        loaded.  see insmod(8)

1712.   [bug]           Missing FULLCHECK for "trusted-key" in dig.

1711.   [func]          'rndc unfreeze' has been deprecated by 'rndc thaw'.

1710.   [func]          'rndc notify zone [class [view]]' resend the NOTIFY
                        messages for the specified zone. [RT #9479]

1709.   [port]          solaris: add SMF support from Sun.

1708.   [cleanup]       Replaced dns_fullname_hash() with dns_name_fullhash()
                        for conformance to the name space convention.  Binary
                        backward compatibility to the old function name is
                        provided. [RT #12376]

1707.   [contrib]       sdb/ldap updated to version 1.0-beta.

1706.   [bug]           'rndc stop' failed to cause zones to be flushed
                        sometimes. [RT #12328]

1705.   [func]          Allow the journal's name to be changed via named.conf.

1704.   [port]          lwres needed a snprintf() implementation for
                        platforms without snprintf().  Add missing
                        "#include <isc/print.h>". [RT #12321]

1703.   [bug]           named would loop sending NOTIFY messages when it
                        failed to receive a response. [RT #12322]

1702.   [bug]           also-notify should not be applied to built in zones.
                        [RT #12323]

1701.   [doc]           A minimal named.conf man page.

1700.   [func]          nslookup is no longer to be treated as deprecated.
                        Remove "deprecated" warning message.  Add man page.

1699.   [bug]           dnssec-signzone can generate "not exact" errors
                        when resigning. [RT #12281]

1698.   [doc]           Use reserved IPv6 documentation prefix.

1697.   [bug]           xxx-source{,-v6} was not effective when it
                        specified one of listening addresses and a
                        different port than the listening port. [RT #12257]

1696.   [bug]           dnssec-signzone failed to clean out nodes that
                        consisted of only NSEC and RRSIG records.
                        [RT #12154]

1695.   [bug]           DS records when forwarding require special handling.
                        [RT #12133]

1694.   [bug]           Report if the builtin views of "_default" / "_bind"
                        are defined in named.conf. [RT #12023]

1693.   [bug]           max-journal-size was not effective for master zones
                        with ixfr-from-differences set. [RT #12024]

1692.   [bug]           Don't set -I, -L and -R flags when libcrypto is in
                        /usr/lib. [RT #11971]

1691.   [bug]           sdb's attachversion was not complete. [RT #11990]

1690.   [bug]           Delay detaching view from the client until UPDATE
                        processing completes when shutting down. [RT #11714]

1689.   [bug]           DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
                        contained gratuitous semicolons. [RT #11707]

1688.   [bug]           LDFLAGS was not supported.

1687.   [bug]           Race condition in dispatch. [RT #10272]

1686.   [bug]           Named sent a extraneous NOTIFY when it received a
                        redundant UPDATE request. [RT #11943]

1685.   [bug]           Change #1679 loop tests weren't quite right.

1684.   [func]          ixfr-from-differences now takes master and slave in
                        addition to yes and no at the options and view levels.

1683.   [bug]           dig +sigchase could leak memory. [RT #11445]

1682.   [port]          Update configure test for (long long) printf format.
                        [RT #5066]

1681.   [bug]           Only set SO_REUSEADDR when a port is specified in
                        isc_socket_bind(). [RT #11742]

1680.   [func]          rndc: the source address can now be specified.

1679.   [bug]           When there was a single nameserver with multiple
                        addresses for a zone not all addresses were tried.
                        [RT #11706]

1678.   [bug]           RRSIG should use TYPEXXXXX for unknown types.

1677.   [bug]           dig: +aaonly didn't work, +aaflag undocumented.

1676.   [func]          New option "allow-query-cache".  This lets
                        allow-query be used to specify the default zone
                        access level rather than having to have every
                        zone override the global value.  allow-query-cache
                        can be set at both the options and view levels.
                        If allow-query-cache is not set allow-query applies.

1675.   [bug]           named would sometimes add extra NSEC records to
                        the authority section.

1674.   [port]          linux: increase buffer size used to scan
                        /proc/net/if_inet6.

1673.   [port]          linux: issue a error messages if IPv6 interface
                        scans fails.

1672.   [cleanup]       Tests which only function in a threaded build
                        now return R:THREADONLY (rather than R:UNTESTED)
                        in a non-threaded build.

1671.   [contrib]       queryperf: add NAPTR to the list of known types.

1670.   [func]          Log UPDATE requests to slave zones without an acl as
                        "disabled" at debug level 3. [RT #11657]

1669.   [placeholder]

1668.   [bug]           DIG_SIGCHASE was making bin/dig/host dump core.

1667.   [port]          linux: not all versions have IF_NAMESIZE.

1666.   [bug]           The optional port on hostnames in dual-stack-servers
                        was being ignored.

1665.   [func]          rndc now allows addresses to be set in the
                        server clauses.

1664.   [bug]           nsupdate needed KEY for SIG(0), not DNSKEY.

1663.   [func]          Look for OpenSSL by default.

1662.   [bug]           Change #1658 failed to change one use of 'type'
                        to 'keytype'.

1661.   [bug]           Restore dns_name_concatenate() call in
                        adb.c:set_target().  [RT #11582]

1660.   [bug]           win32: connection_reset_fix() was being called
                        unconditionally.  [RT #11595]

1659.   [cleanup]       Cleanup some messages that were referring to KEY vs
                        DNSKEY, NXT vs NSEC and SIG vs RRSIG.

1658.   [func]          Update dnssec-keygen to default to KEY for HMAC-MD5
                        and DH.  Tighten which options apply to KEY and
                        DNSKEY records.

1657.   [doc]           ARM: document query log output.

1656.   [doc]           Update DNSSEC description in ARM to cover DS, NSEC
                        DNSKEY and RRSIG.  [RT #11542]

1655.   [bug]           Logging multiple versions w/o a size was broken.
                        [RT #11446]

1654.   [bug]           isc_result_totext() contained array bounds read
                        error.

1653.   [func]          Add key type checking to dst_key_fromfilename(),
                        DST_TYPE_KEY should be used to read TSIG, TKEY and
                        SIG(0) keys.

1652.   [bug]           TKEY still uses KEY.

1651.   [bug]           dig: process multiple dash options.

1650.   [bug]           dig, nslookup: flush standard out after each command.

1649.   [bug]           Silence "unexpected non-minimal diff" message.
                        [RT #11206]

1648.   [func]          Update dnssec-lookaside named.conf syntax to support
                        multiple dnssec-lookaside namespaces (not yet
                        implemented).

1647.   [bug]           It was possible trigger a INSIST when chasing a DS
                        record that required walking back over a empty node.
                        [RT #11445]

1646.   [bug]           win32: logging file versions didn't work with
                        non-UNC filenames.  [RT #11486]

1645.   [bug]           named could trigger a REQUIRE failure if multiple
                        masters with keys are specified.

1644.   [bug]           Update the journal modification time after a
                        successful refresh query. [RT #11436]

1643.   [bug]           dns_db_closeversion() could leak memory / node
                        references. [RT #11163]

1642.   [port]          Support OpenSSL implementations which don't have
                        DSA support. [RT #11360]

1641.   [bug]           Update the check-names description in ARM. [RT #11389]

1640.   [bug]           win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
                        incorrectly closing the socket.  [RT #11291]

1639.   [func]          Initial dlv system test.

1638.   [bug]           "ixfr-from-differences" could generate a REQUIRE
                        failure if the journal open failed. [RT #11347]

1637.   [bug]           Node reference leak on error in addnoqname().

1636.   [bug]           The dump done callback could get ISC_R_SUCCESS even if
                        a error had occurred.  The database version no longer
                        matched the version of the database that was dumped.

1635.   [bug]           Memory leak on error in query_addds().

1634.   [bug]           named didn't supply a useful error message when it
                        detected duplicate views.  [RT #11208]

1633.   [bug]           named should return NOTIMP to update requests to a
                        slaves without a allow-update-forwarding acl specified.
                        [RT #11331]

1632.   [bug]           nsupdate failed to send prerequisite only UPDATE
                        messages. [RT #11288]

1631.   [bug]           dns_journal_compact() could sometimes corrupt the
                        journal. [RT #11124]

1630.   [contrib]       queryperf: add support for IPv6 transport.

1629.   [func]          dig now supports IPv6 scoped addresses with the
                        extended format in the local-server part. [RT #8753]

1628.   [bug]           Typo in Compaq Trucluster support. [RT #11264]

1627.   [bug]           win32: sockets were not being closed when the
                        last external reference was removed. [RT #11179]

1626.   [bug]           --enable-getifaddrs was broken. [RT #11259]

1625.   [bug]           named failed to load/transfer RFC2535 signed zones
                        which contained CNAMES. [RT #11237]

1624.   [bug]           zonemgr_putio() call should be locked. [RT #11163]

1623.   [bug]           A serial number of zero was being displayed in the
                        "sending notifies" log message when also-notify was
                        used. [RT #11177]

1622.   [func]          probe the system to see if IPV6_(RECV)PKTINFO is
                        available, and suppress wildcard binding if not.

1621.   [bug]           match-destinations did not work for IPv6 TCP queries.
                        [RT #11156]

1620.   [func]          When loading a zone report if it is signed. [RT #11149]

1619.   [bug]           Missing ISC_LIST_UNLINK in end_reserved_dispatches().
                        [RT #11118]

1618.   [bug]           Fencepost errors in dns_name_ishostname() and
                        dns_name_ismailbox() could trigger a INSIST().

1617.   [port]          win32: VC++ 6.0 support.

1616.   [compat]        Ensure that named's version is visible in the core
                        dump. [RT #11127]

1615.   [port]          Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
                        it is defined.

1614.   [port]          win32: silence resource limit messages. [RT #11101]

1613.   [bug]           Builds would fail on machines w/o a if_nametoindex().
                        Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
                        [RT #11119]

1612.   [bug]           check-names at the option/view level could trigger
                        an INSIST. [RT #11116]

1611.   [bug]           solaris: IPv6 interface scanning failed to cope with
                        no active IPv6 interfaces.

1610.   [bug]           On dual stack machines "dig -b" failed to set the
                        address type to be looked up with "@server".
                        [RT #11069]

1609.   [func]          dig now has support to chase DNSSEC signature chains.
                        Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.

                        DNSSEC validation code in dig coded by Olivier Courtay
                        ([email protected]) for the IDsA project
                        (http://idsa.irisa.fr).

1608.   [func]          dig and host now accept -4/-6 to select IP transport
                        to use when making queries.

1607.   [bug]           dig, host and nslookup were still using random()
                        to generate query ids. [RT #11013]

1606.   [bug]           DLV insecurity proof was failing.

1605.   [func]          New dns_db_find() option DNS_DBFIND_COVERINGNSEC.

1604.   [bug]           A xfrout_ctx_create() failure would result in
                        xfrout_ctx_destroy() being called with a
                        partially initialized structure.

1603.   [bug]           nsupdate: set interactive based on isatty().
                        [RT #10929]

1602.   [bug]           Logging to a file failed unless a size was specified.
                        [RT #10925]

1601.   [bug]           Silence spurious warning 'both "recursion no;" and
                        "allow-recursion" active' warning from view "_bind".
                        [RT #10920]

1600.   [bug]           Duplicate zone pre-load checks were not case
                        insensitive.

1599.   [bug]           Fix memory leak on error path when checking named.conf.

1598.   [func]          Specify that certain parts of the namespace must
                        be secure (dnssec-must-be-secure).

1597.   [func]          Allow notify-source and query-source to be specified
                        on a per server basis similar to transfer-source.
                        [RT #6496]

1596.   [func]          Accept 'notify-source' style syntax for query-source.

1595.   [func]          New notify type 'master-only'.  Enable notify for
                        master zones only.

1594.   [bug]           'rndc dumpdb' could prevent named from answering
                        queries while the dump was in progress.  [RT #10565]

1593.   [bug]           rndc should return "unknown command" to unknown
                        commands. [RT #10642]

1592.   [bug]           configure_view() could leak a dispatch. [RT #10675]

1591.   [bug]           libbind: updated to BIND 8.4.5.

1590.   [port]          netbsd: update thread support.

1589.   [func]          DNSSEC lookaside validation.

1588.   [bug]           win32: TCP sockets could become blocked. [RT #10115]

1587.   [bug]           dns_message_settsigkey() failed to clear existing key.
                        [RT #10590]

1586.   [func]          "check-names" is now implemented.

1585.   [placeholder]

1584.   [bug]           "make test" failed with a read only source tree.
                        [RT #10461]

1583.   [bug]           Records add via UPDATE failed to get the correct trust
                        level. [RT #10452]

1582.   [bug]           rrset-order failed to work on RRsets with more
                        than 32 elements. [RT #10381]

1581.   [func]          Disable DNSSEC support by default.  To enable
                        DNSSEC specify "dnssec-enable yes;" in named.conf.

1580.   [bug]           Zone destruction on final detach takes a long time.
                        [RT #3746]

1579.   [bug]           Multiple task managers could not be created.

1578.   [bug]           Don't use CLASS E IPv4 addresses when resolving.
                        [RT #10346]

1577.   [bug]           Use isc_uint32_t in ultrasparc optimizer bug
                        workaround code. [RT #10331]

1576.   [bug]           Race condition in dns_dispatch_addresponse().
                        [RT #10272]

1575.   [func]          Log TSIG name on TSIG verify failure. [RT #4404]

1574.   [bug]           Don't attempt to open the controls socket(s) when
                        running tests. [RT #9091]

1573.   [port]          linux: update to libtool 1.5.2 so that
                        "make install DESTDIR=/xx" works with
                        "configure --with-libtool".  [RT #9941]

1572.   [bug]           nsupdate: sign the soa query to find the enclosing
                        zone if the server is specified. [RT #10148]

1571.   [bug]           rbt:hash_node() could fail leaving the hash table
                        in an inconsistent state.  [RT #10208]

1570.   [bug]           nsupdate failed to handle classes other than IN.
                        New keyword 'class' which sets the default class.
                        [RT #10202]

1569.   [func]          nsupdate new command 'answer' which displays the
                        complete answer message to the last update.

1568.   [bug]           nsupdate now reports that the update failed in
                        interactive mode. [RT #10236]

1567.   [maint]         B.ROOT-SERVERS.NET is now 192.228.79.201.

1566.   [port]          Support for the cmsg framework on Solaris and HP/UX.
                        This also solved the problem that match-destinations
                        for IPv6 addresses did not work on these systems.
                        [RT #10221]

1565.   [bug]           CD flag should be copied to outgoing queries unless
                        the query is under a secure entry point in which case
                        CD should be set.

1564.   [func]          Attempt to provide a fallback entropy source to be
                        used if named is running chrooted and named is unable
                        to open entropy source within the chroot area.
                        [RT #10133]

1563.   [bug]           Gracefully fail when unable to obtain neither an IPv4
                        nor an IPv6 dispatch. [RT #10230]

1562.   [bug]           isc_socket_create() and isc_socket_accept() could
                        leak memory under error conditions. [RT #10230]

1561.   [bug]           It was possible to release the same name twice if
                        named ran out of memory. [RT #10197]

1560.   [port]          FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
                        and EAI_NONAME to the same value.

1559.   [port]          named should ignore SIGFSZ.

1558.   [func]          New DNSSEC 'disable-algorithms'.  Support entry into
                        child zones for which we don't have a supported
                        algorithm.  Such child zones are treated as unsigned.

1557.   [func]          Implement missing DNSSEC tests for
                        * NOQNAME proof with wildcard answers.
                        * NOWILDARD proof with NXDOMAIN.
                        Cache and return NOQNAME with wildcard answers.

1556.   [bug]           nsupdate now treats all names as fully qualified.
                        [RT #6427]

1555.   [func]          'rrset-order cyclic' no longer has a random starting
                        point per query. [RT #7572]

1554.   [bug]           dig, host, nslookup failed when no nameservers
                        were specified in /etc/resolv.conf. [RT #8232]

1553.   [bug]           The windows socket code could stop accepting
                        connections. [RT #10115]

1552.   [bug]           Accept NOTIFY requests from mapped masters if
                        matched-mapped is set. [RT #10049]

1551.   [port]          Open "/dev/null" before calling chroot().

1550.   [port]          Call tzset(), if available, before calling chroot().

1549.   [func]          named-checkzone can now write out the zone contents
                        in a easily parsable format (-D and -o).

1548.   [bug]           When parsing APL records it was possible to silently
                        accept out of range ADDRESSFAMILY values. [RT #9979]

1547.   [bug]           Named wasted memory recording duplicate lame zone
                        entries. [RT #9341]

1546.   [bug]           We were rejecting valid secure CNAME to negative
                        answers.

1545.   [bug]           It was possible to leak memory if named was unable to
                        bind to the specified transfer source and TSIG was
                        being used. [RT #10120]

1544.   [bug]           Named would logged a single entry to a file despite it
                        being over the specified size limit.

1543.   [bug]           Logging using "versions unlimited" did not work.

1542.   [placeholder]

1541.   [func]          NSEC now uses new bitmap format.

1540.   [bug]           "rndc reload <dynamiczone>" was silently accepted.
                        [RT #8934]

1539.   [bug]           Open UDP sockets for notify-source and transfer-source
                        that use reserved ports at startup. [RT #9475]

1538.   [placeholder]   rt9997

1537.   [func]          New option "querylog".  If set specify whether query
                        logging is to be enabled or disabled at startup.

1536.   [bug]           Windows socket code failed to log a error description
                        when returning ISC_R_UNEXPECTED. [RT #9998]

1535.   [placeholder]

1534.   [bug]           Race condition when priming cache. [RT #9940]

1533.   [func]          Warn if both "recursion no;" and "allow-recursion"
                        are active. [RT #4389]

1532.   [port]          netbsd: the configure test for <sys/sysctl.h>
                        requires <sys/param.h>.

1531.   [port]          AIX more libtool fixes.

1530.   [bug]           It was possible to trigger a INSIST() failure if a
                        slave master file was removed at just the correct
                        moment. [RT #9462]

1529.   [bug]           "notify explicit;" failed to log that NOTIFY messages
                        were being sent for the zone. [RT #9442]

1528.   [cleanup]       Simplify some dns_name_ functions based on the
                        deprecation of bitstring labels.

1527.   [cleanup]       Reduce the number of gettimeofday() calls without
                        losing necessary timer granularity.

1526.   [func]          Implemented "additional section caching (or acache)",
                        an internal cache framework for additional section
                        content to improve response performance.  Several
                        configuration options were provided to control the
                        behavior.

1525.   [bug]           dns_cache_create() could trigger a REQUIRE
                        failure in isc_mem_put() during error cleanup.
                        [RT #9360]

1524.   [port]          AIX needs to be able to resolve all symbols when
                        creating shared libraries (--with-libtool).

1523.   [bug]           Fix race condition in rbtdb. [RT #9189]

1522.   [bug]           dns_db_findnode() relax the requirements on 'name'.
                        [RT #9286]

1521.   [bug]           dns_view_createresolver() failed to check the
                        result from isc_mem_create(). [RT #9294]

1520.   [protocol]      Add SSHFP (SSH Finger Print) type.

1519.   [bug]           dnssec-signzone:nsec_setbit() computed the wrong
                        length of the new bitmap.

1518.   [bug]           dns_nsec_buildrdata(), and hence dns_nsec_build(),
                        contained a off-by-one error when working out the
                        number of octets in the bitmap.

1517.   [port]          Support for IPv6 interface scanning on HP/UX and
                        TrueUNIX 5.1.

1516.   [func]          Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.

1515.   [func]          Allow transfer source to be set in a server statement.
                        [RT #6496]

1514.   [bug]           named: isc_hash_destroy() was being called too early.
                        [RT #9160]

1513.   [doc]           Add "US" to root-delegation-only exclude list.

1512.   [bug]           Extend the delegation-only logging to return query
                        type, class and responding nameserver.

1511.   [bug]           delegation-only was generating false positives
                        on negative answers from sub-zones.

1510.   [func]          New view option "root-delegation-only".  Apply
                        delegation-only check to all TLDs and root.
                        Note there are some TLDs that are NOT delegation
                        only (e.g. DE, LV, US and MUSEUM) these can be excluded
                        from the checks by using exclude.

                        root-delegation-only exclude {
                                "DE"; "LV"; "US"; "MUSEUM";
                        };

1509.   [bug]           Hint zones should accept delegation-only.  Forward
                        zone should not accept delegation-only.

1508.   [bug]           Don't apply delegation-only checks to answers from
                        forwarders.

1507.   [bug]           Handle BIND 8 style returns to NS queries to parents
                        when making delegation-only checks.

1506.   [bug]           Wrong return type for dns_view_isdelegationonly().

1505.   [bug]           Uninitialized rdataset in sdb. [RT #8750]

1504.   [func]          New zone type "delegation-only".

1503.   [port]          win32: install libeay32.dll outside of system32.

1502.   [bug]           nsupdate: adjust timeouts for UPDATE requests over TCP.

1501.   [func]          Allow TCP queue length to be specified via
                        named.conf, tcp-listen-queue.

1500.   [bug]           host failed to lookup MX records.  Also look up
                        AAAA records.
1499.   [bug]           isc_random need to be seeded better if arc4random()
                        is not used.

1498.   [port]          bsdos: 5.x support.

1497.   [placeholder]

1496.   [port]          test for pthread_attr_setstacksize().

1495.   [cleanup]       Replace hash functions with universal hash.

1494.   [security]      Turn on RSA BLINDING as a precaution.

1493.   [placeholder]

1492.   [cleanup]       Preserve rwlock quota context when upgrading /
                        downgrading. [RT #5599]

1491.   [bug]           dns_master_dump*() would produce extraneous $ORIGIN
                        lines. [RT #6206]

1490.   [bug]           Accept reading state as well as working state in
                        ns_client_next(). [RT #6813]

1489.   [compat]        Treat 'allow-update' on slave zones as a warning.
                        [RT #3469]

1488.   [bug]           Don't override trust levels for glue addresses.
                        [RT #5764]

1487.   [bug]           A REQUIRE() failure could be triggered if a zone was
                        queued for transfer and the zone was then removed.
                        [RT #6189]

1486.   [bug]           isc_print_snprintf() '%%' consumed one too many format
                        characters. [RT #8230]

1485.   [bug]           gen failed to handle high type values. [RT #6225]

1484.   [bug]           The number of records reported after a AXFR was wrong.
                        [RT #6229]

1483.   [bug]           dig axfr failed if the message id in the answer failed
                        to match that in the request.  Only the id in the first
                        message is required to match. [RT #8138]

1482.   [bug]           named could fail to start if the kernel supports
                        IPv6 but no interfaces are configured.  Similarly
                        for IPv4. [RT #6229]

1481.   [bug]           Refresh and stub queries failed to use masters keys
                        if specified. [RT #7391]

1480.   [bug]           Provide replay protection for rndc commands.  Full
                        replay protection requires both rndc and named to
                        be updated.  Partial replay protection (limited
                        exposure after restart) is provided if just named
                        is updated.

1479.   [bug]           cfg_create_tuple() failed to handle out of
                        memory cleanup.  parse_list() would leak memory
                        on syntax errors.

1478.   [port]          ifconfig.sh didn't account for other virtual
                        interfaces.  It now takes a optional argument
                        to specify the first interface number. [RT #3907]

1477.   [bug]           memory leak using stub zones and TSIG.

1476.   [placeholder]

1475.   [port]          Probe for old sprintf().

1474.   [port]          Provide strtoul() and memmove() for platforms
                        without them.

1473.   [bug]           create_map() and create_string() failed to handle out
                        of memory cleanup.  [RT #6813]

1472.   [contrib]       idnkit-1.0 from JPNIC, replaces mdnkit.

1471.   [bug]           libbind: updated to BIND 8.4.0.

1470.   [bug]           Incorrect length passed to snprintf. [RT #5966]

1469.   [func]          Log end of outgoing zone transfer at same level
                        as the start of transfer is logged. [RT #4441]

1468.   [func]          Internal zones are no longer counted for
                        'rndc status'.  [RT #4706]

1467.   [func]          $GENERATES now supports optional class and ttl.

1466.   [bug]           lwresd configuration errors resulted in memory
                        and lock leaks.  [RT #5228]

1465.   [bug]           isc_base64_decodestring() and isc_base64_tobuffer()
                        failed to check that trailing bits were zero allowing
                        some invalid base64 strings to be accepted.  [RT #5397]

1464.   [bug]           Preserve "out of zone" data for outgoing zone
                        transfers. [RT #5192]

1463.   [bug]           dns_rdata_from{wire,struct}() failed to catch bad
                        NXT bit maps. [RT #5577]

1462.   [bug]           parse_sizeval() failed to check the token type.
                        [RT #5586]

1461.   [bug]           Remove deadlock from rbtdb code. [RT #5599]

1460.   [bug]           inet_pton() failed to reject certain malformed
                        IPv6 literals.

1459.   [placeholder]

1458.   [cleanup]       sprintf() -> snprintf().

1457.   [port]          Provide strlcat() and strlcpy() for platforms without
                        them.

1456.   [contrib]       gen-data-queryperf.py from Stephane Bortzmeyer.

1455.   [bug]           <netaddr> missing from server grammar in
                        doc/misc/options. [RT #5616]

1454.   [port]          Use getifaddrs() if available for interface scanning.
                        --disable-getifaddrs to override.  Glibc currently
                        has a getifaddrs() that does not support IPv6.
                        Use --enable-getifaddrs=glibc to force the use of
                        this version under linux machines.

1453.   [doc]           ARM: $GENERATE example wasn't accurate. [RT #5298]

1452.   [placeholder]

1451.   [bug]           rndc-confgen didn't exit with a error code for all
                        failures. [RT #5209]

1450.   [bug]           Fetching expired glue failed under certain
                        circumstances.  [RT #5124]

1449.   [bug]           query_addbestns() didn't handle running out of memory
                        gracefully.

1448.   [bug]           Handle empty wildcards labels.

1447.   [bug]           We were casting (unsigned int) to and from (void *).
                        rdataset->private4 is now rdataset->privateuint4
                        to reflect a type change.

1446.   [func]          Implemented undocumented alternate transfer sources
                        from BIND 8.  See use-alt-transfer-source,
                        alt-transfer-source and alt-transfer-source-v6.

                        SECURITY: use-alt-transfer-source is ENABLED unless
                        you are using views.  This may cause a security risk
                        resulting in accidental disclosure of wrong zone
                        content if the master supplying different source
                        content based on IP address.  If you are not certain
                        ISC recommends setting use-alt-transfer-source no;

1445.   [bug]           DNS_ADBFIND_STARTATROOT broke stub zones.  This has
                        been replaced with DNS_ADBFIND_STARTATZONE which
                        causes the search to start using the closest zone.

1444.   [func]          dns_view_findzonecut2() allows you to specify if the
                        cache should be searched for zone cuts.

1443.   [func]          Masters lists can now be specified and referenced
                        in zone masters clauses and other masters lists.

1442.   [func]          New functions for manipulating port lists:
                        dns_portlist_create(), dns_portlist_add(),
                        dns_portlist_remove(), dns_portlist_match(),
                        dns_portlist_attach() and dns_portlist_detach().

1441.   [func]          It is now possible to tell dig to bind to a specific
                        source port.

1440.   [func]          It is now possible to tell named to avoid using
                        certain source ports (avoid-v4-udp-ports,
                        avoid-v6-udp-ports).

1439.   [bug]           Named could return NOERROR with certain NOTIFY
                        failures.  Return NOTAUTH if the NOTIFY zone is
                        not being served.

1438.   [func]          Log TSIG (if any) when logging NOTIFY requests.

1437.   [bug]           Leave space for stdio to work in. [RT #5033]

1436.   [func]          dns_zonemgr_resumexfrs() can be used to restart
                        stalled transfers.

1435.   [bug]           zmgr_resume_xfrs() was being called read locked
                        rather than write locked.  zmgr_resume_xfrs()
                        was not being called if the zone was being
                        shutdown.

1434.   [bug]           "rndc reconfig" failed to initiate the initial
                        zone transfer of new slave zones.

1433.   [bug]           named could trigger a REQUIRE failure if it could
                        not get a file descriptor when attempting to write
                        a master file. [RT #4347]

1432.   [func]          The advertised EDNS UDP buffer size can now be set
                        via named.conf (edns-udp-size).

1431.   [bug]           isc_print_snprintf() "%s" with precision could walk off
                        end of argument. [RT #5191]

1430.   [port]          linux: IPv6 interface scanning support.

1429.   [bug]           Prevent the cache getting locked to old servers.

1428.   [placeholder]

1427.   [bug]           Race condition in adb with threaded build.

1426.   [placeholder]

1425.   [port]          linux/libbind: define __USE_MISC when testing *_r()
                        function prototypes in netdb.h.  [RT #4921]

1424.   [bug]           EDNS version not being correctly printed.

1423.   [contrib]       queryperf: added A6 and SRV.

1422.   [func]          Log name/type/class when denying a query.  [RT #4663]

1421.   [func]          Differentiate updates that don't succeed due to
                        prerequisites (unsuccessful) vs other reasons
                        (failed).

1420.   [port]          solaris: work around gcc optimizer bug.

1419.   [port]          openbsd: use /dev/arandom. [RT #4950]

1418.   [bug]           'rndc reconfig' did not cause new slaves to load.

1417.   [func]          ID.SERVER/CHAOS is now a built in zone.
                        See "server-id" for how to configure.

1416.   [bug]           Empty node should return NOERROR NODATA, not NXDOMAIN.
                        [RT #4715]

1415.   [func]          DS TTL now derived from NS ttl.  NXT TTL now derived
                        from SOA MINIMUM.

1414.   [func]          Support for KSK flag.

1413.   [func]          Explicitly request the (re-)generation of DS records
                        from keysets (dnssec-signzone -g).

1412.   [func]          You can now specify servers to be tried if a nameserver
                        has IPv6 address and you only support IPv4 or the
                        reverse. See dual-stack-servers.

1411.   [bug]           empty nodes should stop wildcard matches. [RT #4802]

1410.   [func]          Handle records that live in the parent zone, e.g. DS.

1409.   [bug]           DS should have attribute DNS_RDATATYPEATTR_DNSSEC.

1408.   [bug]           "make distclean" was not complete. [RT #4700]

1407.   [bug]           lfsr incorrectly implements the shift register.
                        [RT #4617]

1406.   [bug]           dispatch initializes one of the LFSR's with a incorrect
                        polynomial.  [RT #4617]

1405.   [func]          Use arc4random() if available.

1404.   [bug]           libbind: ns_name_ntol() could overwrite a zero length
                        buffer.

1403.   [func]          dnssec-signzone, dnssec-keygen, dnssec-makekeyset
                        dnssec-signkey now report their version in the
                        usage message.

1402.   [cleanup]       A6 has been moved to experimental and is no longer
                        fully supported.

1401.   [bug]           adb wasn't clearing state when the timer expired.

1400.   [bug]           Block the addition of wildcard NS records by IXFR
                        or UPDATE. [RT #3502]

1399.   [bug]           Use serial number arithmetic when testing SIG
                        timestamps. [RT #4268]

1398.   [doc]           ARM: notify-also should have been also-notify.
                        [RT #4345]

1397.   [maint]         J.ROOT-SERVERS.NET is now 192.58.128.30.

1396.   [func]          dnssec-signzone: adjust the default signing time by
                        1 hour to allow for clock skew.

1395.   [port]          OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
                        have a working implementation.  [RT #4079]

1394.   [func]          It is now possible to check if a particular element is
                        in a acl.  Remove duplicate entries from the localnets
                        acl.

1393.   [port]          Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
                        is not available in the kernel to prevent accidentally
                        listening on IPv4 interfaces.

1392.   [bug]           named-checkzone: update usage.

1391.   [func]          Add support for IPv6 scoped addresses in named.

1390.   [func]          host now supports ixfr.

1389.   [bug]           named could fail to rotate long log files.  [RT #3666]

1388.   [port]          irix: check for sys/sysctl.h and NET_RT_IFLIST before
                        defining HAVE_IFLIST_SYSCTL. [RT #3770]

1387.   [bug]           named could crash due to an access to invalid memory
                        space (which caused an assertion failure) in
                        incremental cleaning.  [RT #3588]

1386.   [bug]           named-checkzone -z stopped on errors in a zone.
                        [RT #3653]

1385.   [bug]           Setting serial-query-rate to 10 would trigger a
                        REQUIRE failure.

1384.   [bug]           host was incompatible with BIND 8 in its exit code and
                        in the output with the -l option.  [RT #3536]

1383.   [func]          Track the serial number in a IXFR response and log if
                        a mismatch occurs.  This is a more specific error than
                        "not exact". [RT #3445]

1382.   [bug]           make install failed with --enable-libbind. [RT #3656]

1381.   [bug]           named failed to correctly process answers that
                        contained DNAME records where the resulting CNAME
                        resulted in a negative answer.

1380.   [func]          'rndc recursing' dump recursing queries to
                        'recursing-file = "named.recursing";'.

1379.   [func]          'rndc status' now reports tcp and recursion quota
                        states.

1378.   [func]          Improved positive feedback for 'rndc {reload|refresh}.

1377.   [func]          dns_zone_load{new}() now reports if the zone was
                        loaded, queued for loading to up to date.

1376.   [func]          New function dns_zone_logc() to log to specified
                        category.

1375.   [func]          'rndc dumpdb' now dumps the adb cache along with the
                        data cache.

1374.   [func]          dns_adb_dump() now logs the lame zones associated
                        with each server.

1373.   [bug]           Recovery from expired glue failed under certain
                        circumstances.

1372.   [bug]           named crashes with an assertion failure on exit when
                        sharing the same port for listening and querying, and
                        changing listening addresses several times. [RT #3509]

1371.   [bug]           notify-source-v6, transfer-source-v6 and
                        query-source-v6 with explicit addresses and using the
                        same ports as named was listening on could interfere
                        with named's ability to answer queries sent to those
                        addresses.

1370.   [bug]           dig '+[no]recurse' was incorrectly documented.

1369.   [bug]           Adding an NS record as the lexicographically last
                        record in a secure zone didn't work.

1368.   [func]          remove support for bitstring labels.

1367.   [func]          Use response times to select forwarders.

1366.   [contrib]       queryperf usage was incomplete.  Add '-h' for help.

1365.   [func]          "localhost" and "localnets" acls now include IPv6
                        addresses / prefixes.

1364.   [func]          Log file name when unable to open memory statistics
                        and dump database files. [RT #3437]

1363.   [func]          Listen-on-v6 now supports specific addresses.

1362.   [bug]           remove IFF_RUNNING test when scanning interfaces.

1361.   [func]          log the reason for rejecting a server when resolving
                        queries.

1360.   [bug]           --enable-libbind would fail when not built in the
                        source tree for certain OS's.

1359.   [security]      Support patches OpenSSL libraries.
                        http://www.cert.org/advisories/CA-2002-23.html

1358.   [bug]           It was possible to trigger a INSIST when debugging
                        large dynamic updates. [RT #3390]

1357.   [bug]           nsupdate was extremely wasteful of memory.

1356.   [tuning]        Reduce the number of events / quantum for zone tasks.

1355.   [bug]           Fix DNSSEC wildcard proof for CNAME/DNAME.

1354.   [doc]           lwres man pages had illegal nroff.

1353.   [contrib]       sdb/ldap to version 0.9.

1352.   [bug]           dig, host, nslookup when falling back to TCP use the
                        current search entry (if any). [RT #3374]

1351.   [bug]           lwres_getipnodebyname() returned the wrong name
                        when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
                        was set.

1350.   [bug]           dns_name_fromtext() failed to handle too many labels
                        gracefully.

1349.   [security]      Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
                        http://www.cert.org/advisories/CA-2002-23.html

1348.   [port]          win32: Rewrote code to use I/O Completion Ports
                        in socket.c and eliminating a host of socket
                        errors. Performance is enhanced.

1347.   [placeholder]

1346.   [placeholder]

1345.   [port]          Use a explicit -Wformat with gcc.  Not all versions
                        include it in -Wall.

1344.   [func]          Log if the serial number on the master has gone
                        backwards.
                        If you have multiple machines specified in the masters
                        clause you may want to set 'multi-master yes;' to
                        suppress this warning.

1343.   [func]          Log successful notifies received (info).  Adjust log
                        level for failed notifies to notice.

1342.   [func]          Log remote address with TCP dispatch failures.

1341.   [func]          Allow a rate limiter to be stalled.

1340.   [bug]           Delay and spread out the startup refresh load.

1339.   [func]          dig, host and nslookup now use IP6.ARPA for nibble
                        lookups.  Bit string lookups are no longer attempted.

1338.   [placeholder]

1337.   [placeholder]

1336.   [func]          Nibble lookups under IP6.ARPA are now supported by
                        dns_byaddr_create().  dns_byaddr_createptrname() is
                        deprecated, use dns_byaddr_createptrname2() instead.

1335.   [bug]           When performing a nonexistence proof, the validator
                        should discard parent NXTs from higher in the DNS.

1334.   [bug]           When signing/verifying rdatasets, duplicate rdatas
                        need to be suppressed.

1333.   [contrib]       queryperf now reports a summary of returned
                        rcodes (-c), rcodes are printed in mnemonic form (-v).

1332.   [func]          Report the current serial with periodic commits when
                        rolling forward the journal.

1331.   [func]          Generate DNSSEC wildcard proofs.

1330.   [bug]           When processing events (non-threaded) only allow
                        the task one chance to use to use its quantum.

1329.   [func]          named-checkzone will now check if nameservers that
                        appear to be IP addresses.  Available modes "fail",
                        "warn" (default) and "ignore" the results of the
                        check.

1328.   [bug]           The validator could incorrectly verify an invalid
                        negative proof.

1327.   [bug]           The validator would incorrectly mark data as insecure
                        when seeing a bogus signature before a correct
                        signature.

1326.   [bug]           DNAME/CNAME signatures were not being cached when
                        validation was not being performed. [RT #3284]

1325.   [bug]           If the tcpquota was exhausted it was possible to
                        to trigger a INSIST() failure.

1324.   [port]          darwin: ifconfig.sh now supports darwin.

1323.   [port]          linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]

1322.   [bug]           dnssec-signzone usage message was misleading.

1321.   [bug]           If the last RRset in a zone is glue, dnssec-signzone
                        would incorrectly duplicate its output and sign it.

1320.   [doc]           query-source-v6 was missing from options section.
                        [RT #3218]

1319.   [func]          libbind: log attempts to exploit #1318.

1318.   [bug]           libbind: Remote buffer overrun.

1317.   [port]          libbind: TrueUNIX 5.1 does not like __align as a
                        element name.

1316.   [bug]           libbind: gethostans() could get out of sync parsing
                        the response if there was a very long CNAME chain.

1315.   [bug]           Options should apply to the internal _bind view.

1314.   [port]          Handle ECONNRESET from sendmsg() [unix].

1313.   [func]          Query log now says if the query was signed (S) or
                        if EDNS was used (E).

1312.   [func]          Log TSIG key used w/ outgoing zone transfers.

1311.   [bug]           lwres_getrrsetbyname leaked memory.  [RT #3159]

1310.   [bug]           'rndc stop' failed to cause zones to be flushed
                        sometimes. [RT #3157]

1309.   [func]          Log that a zone transfer was covered by a TSIG.

1308.   [func]          DS (delegation signer) support.

1307.   [bug]           nsupdate: allow white space base64 key data.

1306.   [bug]           Badly encoded LOC record when the size, horizontal
                        precision or vertical precision was 0.1m.

1305.   [bug]           Document that internal zones are included in the
                        rndc status results.

1304.   [func]          New function: dns_zone_name().

1303.   [func]          Option 'flush-zones-on-shutdown <boolean>;'.

1302.   [func]          Extended rndc dumpdb to support dumping of zones and
                        view selection: 'dumpdb [-all|-zones|-cache] [view]'.

1301.   [func]          New category 'update-security'.

1300.   [port]          Compaq Trucluster support.

1299.   [bug]           Set AI_ADDRCONFIG when looking up addresses
                        via getaddrinfo() (affects dig, host, nslookup, rndc
                        and nsupdate).

1298.   [bug]           The CINCLUDES macro in lib/dns/sec/dst/Makefile
                        could be left with a trailing "\" after configure
                        has been run.

1297.   [port]          linux: make handling EINVAL from socket() no longer
                        conditional on #ifdef LINUX.

1296.   [bug]           isc_log_closefilelogs() needed to lock the log
                        context.

1295.   [bug]           isc_log_setdebuglevel() needed to lock the log
                        context.

1294.   [func]          libbind: no longer attempts bit string labels for
                        IPv6 reverse resolution.  Try IP6.ARPA then IP6.INT
                        for nibble style resolution.

1293.   [func]          Entropy can now be retrieved from EGDs. [RT #2438]

1292.   [func]          Enable IPv6 support when using ioctl style interface
                        scanning and OS supports SIOCGLIFADDR using struct
                        if_laddrreq.

1291.   [func]          Enable IPv6 support when using sysctl style interface
                        scanning.

1290.   [func]          "dig axfr" now reports the number of messages
                        as well as the number of records.

1289.   [port]          See if -ldl is required for OpenSSL? [RT #2672]

1288.   [bug]           Adjusted REQUIRE's in lib/dns/name.c to better
                        reflect written requirements.

1287.   [bug]           REQUIRE that DNS_DBADD_MERGE only be set when adding
                        a rdataset to a zone db in the rbtdb implementation of
                        addrdataset.

1286.   [bug]           dns_name_downcase() enforce requirement that
                        target != NULL or name->buffer != NULL.

1285.   [func]          lwres: probe the system to see what address families
                        are currently in use.

1284.   [bug]           The RTT estimate on unused servers was not aged.
                        [RT #2569]

1283.   [func]          Use "dataready" accept filter if available.

1282.   [port]          libbind: hpux 11.11 interface scanning.

1281.   [func]          Log zone when unable to get private keys to update
                        zone.  Log zone when NXT records are missing from
                        secure zone.

1280.   [bug]           libbind: escape '(' and ')' when converting to
                        presentation form.

1279.   [port]          Darwin uses (unsigned long) for size_t. [RT #2590]

1278.   [func]          dig: now supports +[no]cl +[no]ttlid.

1277.   [func]          You can now create your own customized printing
                        styles: dns_master_stylecreate() and
                        dns_master_styledestroy().

1276.   [bug]           libbind: const pointer conflicts in res_debug.c.

1275.   [port]          libbind: hpux: treat all hpux systems as BIG_ENDIAN.

1274.   [bug]           Memory leak in lwres_gnbarequest_parse().

1273.   [port]          libbind: solaris: 64 bit binary compatibility.

1272.   [contrib]       Berkeley DB 4.0 sdb implementation from
                        Nuno Miguel Rodrigues <[email protected]>.

1271.   [bug]           "recursion available: {denied,approved}" was too
                        confusing.

1270.   [bug]           Check that system inet_pton() and inet_ntop() support
                        AF_INET6.

1269.   [port]          Openserver: ifconfig.sh support.

1268.   [port]          Openserver: the value FD_SETSIZE depends on whether
                        <sys/param.h> is included or not.  Be consistent.

1267.   [func]          isc_file_openunique() now creates file using mode
                        0666 rather than 0600.

1266.   [bug]           ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
                        __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
                        are not C++ compatible, use *_TYPE versions instead.

1265.   [bug]           libbind: LINK_INIT and UNLINK were not compatible with
                        C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.

1264.   [placeholder]

1263.   [bug]           Reference after free error if dns_dispatchmgr_create()
                        failed.

1262.   [bug]           ns_server_destroy() failed to set *serverp to NULL.

1261.   [func]          libbind: ns_sign2() and ns_sign_tcp() now provide
                        support for compressed TSIG owner names.

1260.   [func]          libbind: res_update can now update IPv6 servers,
                        new function res_findzonecut2().

1259.   [bug]           libbind: get_salen() IPv6 support was broken for OSs
                        w/o sa_len.

1258.   [bug]           libbind: res_nametotype() and res_nametoclass() were
                        broken.

1257.   [bug]           Failure to write pid-file should not be fatal on
                        reload. [RT #2861]

1256.   [contrib]       'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.

1255.   [bug]           When verifying that an NXT proves nonexistence, check
                        the rcode of the message and only do the matching NXT
                        check.  That is, for NXDOMAIN responses, check that
                        the name is in the range between the NXT owner and
                        next name, and for NOERROR NODATA responses, check
                        that the type is not present in the NXT bitmap.

1254.   [func]          preferred-glue option from BIND 8.3.

1253.   [bug]           The dnssec system test failed to remove the correct
                        files.

1252.   [bug]           Dig, host and nslookup were not checking the address
                        the answer was coming from against the address it was
                        sent to. [RT #2692]

1251.   [port]          win32: a make file contained absolute version specific
                        references.

1250.   [func]          Nsupdate will report the address the update was
                        sent to.
1249.   [bug]           Missing masters clause was not handled gracefully.
                        [RT #2703]

1248.   [bug]           DESTDIR was not being propagated between makes.

1247.   [bug]           Don't reset the interface index for link/site local
                        addresses. [RT #2576]

1246.   [func]          New functions isc_sockaddr_issitelocal(),
                        isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
                        and isc_netaddr_islinklocal().

1245.   [bug]           Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
                        accept().

1244.   [bug]           Receiving a TCP message from a blackhole address would
                        prevent further messages being received over that
                        interface.

1243.   [bug]           It was possible to trigger a REQUIRE() in
                        dns_message_findtype(). [RT #2659]

1242.   [bug]           named-checkzone failed if a journal existed. [RT #2657]

1241.   [bug]           Drop received UDP messages with a zero source port
                        as these are invariably forged. [RT #2621]

1240.   [bug]           It was possible to leak zone references by
                        specifying an incorrect zone to rndc.

1239.   [bug]           Under certain circumstances named could continue to
                        use a name after it had been freed triggering
                        INSIST() failures.  [RT #2614]

1238.   [bug]           It is possible to lockup the server when shutting down
                        if notifies were being processed. [RT #2591]

1237.   [bug]           nslookup: "set q=type" failed.

1236.   [bug]           dns_rdata{class,type}_fromtext() didn't handle non
                        NULL terminated text regions. [RT #2588]

1235.   [func]          Report 'out of memory' errors from openssl.

1234.   [bug]           contrib/sdb: 'zonetodb' failed to call
                        dns_result_register().  DNS_R_SEENINCLUDE should not
                        be fatal.

1233.   [bug]           The flags field of a KEY record can be expressed in
                        hex as well as decimal.

1232.   [bug]           unix/errno2result() didn't handle EADDRNOTAVAIL.

1231.   [port]          HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.

1230.   [bug]           isccc_cc_isreply() and isccc_cc_isack() were broken.

1229.   [bug]           named would crash if it received a TSIG signed
                        query as part of an AXFR response. [RT #2570]

1228.   [bug]           'make install' did not depend on 'make all'. [RT #2559]

1227.   [bug]           dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
                        if a number was expected and some other token was
                        found. [RT #2532]

1226.   [func]          Use EDNS for zone refresh queries. [RT #2551]

1225.   [func]          dns_message_setopt() no longer requires that
                        dns_message_renderbegin() to have been called.

1224.   [bug]           'rrset-order' and 'sortlist' should be additive
                        not exclusive.

1223.   [func]          'rrset-order' partially works 'cyclic' and 'random'
                        are supported.

1222.   [bug]           Specifying 'port *' did not always result in a system
                        selected (non-reserved) port being used. [RT #2537]

1221.   [bug]           Zone types 'master', 'slave' and 'stub' were not being
                        compared case insensitively. [RT #2542]

1220.   [func]          Support for APL rdata type.

1219.   [func]          Named now reports the TSIG extended error code when
                        signature verification fails. [RT #1651]

1218.   [bug]           Named incorrectly returned SERVFAIL rather than
                        NOTAUTH when there was a TSIG BADTIME error. [RT #2519]

1217.   [func]          Report locations of previous key definition when a
                        duplicate is detected.

1216.   [bug]           Multiple server clauses for the same server were not
                        reported.  [RT #2514]

1215.   [port]          solaris: add support to ifconfig.sh for x86 2.5.1

1214.   [bug]           Win32: isc_file_renameunique() could leave zero length
                        files behind.

1213.   [func]          Report view associated with client if it is not a
                        standard view (_default or _bind).

1212.   [port]          libbind: 64k answer buffers were causing stack space
                        to be exceeded for certain OS.  Use heap space instead.

1211.   [bug]           dns_name_fromtext() incorrectly handled certain
                        valid octal bitlabels. [RT #2483]

1210.   [bug]           libbind: getnameinfo() failed to lookup IPv4 mapped /
                        compatible addresses. [RT #2461]

1209.   [bug]           Dig, host, nslookup were not checking the message ids
                        on the responses. [RT #2454]

1208.   [bug]           dns_master_load*() failed to log a error message if
                        an error was detected when parsing the owner name of
                        a record.  [RT #2448]

1207.   [bug]           libbind: getaddrinfo() could call freeaddrinfo() with
                        an invalid pointer.

1206.   [bug]           SERVFAIL and NOTIMP responses to an EDNS query should
                        trigger a non-EDNS retry.

1205.   [bug]           OPT, TSIG and TKEY cannot be used to set the "class"
                        of the message. [RT #2449]

1204.   [bug]           libbind: res_nupdate() failed to update the name
                        server addresses before sending the update.

1203.   [func]          Report locations of previous acl and zone definitions
                        when a duplicate is detected.

1202.   [func]          New functions: cfg_obj_line() and cfg_obj_file().

1201.   [bug]           Require that if 'callbacks' is passed to
                        dns_rdata_fromtext(), callbacks->error and
                        callbacks->warn are initialized.

1200.   [bug]           Log 'errno' that we are unable to convert to
                        isc_result_t. [RT #2404]

1199.   [doc]           ARM reference to RFC 2157 should have been RFC 1918.
                        [RT #2436]

1198.   [bug]           OPT printing style was not consistent with the way the
                        header fields are printed.  The DO bit was not reported
                        if set.  Report if any of the MBZ bits are set.

1197.   [bug]           Attempts to define the same acl multiple times were not
                        detected.

1196.   [contrib]       update mdnkit to 2.2.3.

1195.   [bug]           Attempts to redefine builtin acls should be caught.
                        [RT #2403]

1194.   [bug]           Not all duplicate zone definitions were being detected
                        at the named.conf checking stage. [RT #2431]

1193.   [bug]           dig +besteffort parsing didn't handle packet
                        truncation.  dns_message_parse() has new flag
                        DNS_MESSAGE_IGNORETRUNCATION.

1192.   [bug]           The seconds fields in LOC records were restricted
                        to three decimal places.  More decimal places should
                        be allowed but warned about.

1191.   [bug]           A dynamic update removing the last non-apex name in
                        a secure zone would fail. [RT #2399]

1190.   [func]          Add the "rndc freeze" and "rndc unfreeze" commands.
                        [RT #2394]

1189.   [bug]           On some systems, malloc(0) returns NULL, which
                        could cause the caller to report an out of memory
                        error. [RT #2398]

1188.   [bug]           Dynamic updates of a signed zone would fail if
                        some of the zone private keys were unavailable.

1187.   [bug]           named was incorrectly returning DNSSEC records
                        in negative responses when the DO bit was not set.

1186.   [bug]           isc_hex_tobuffer(,,length = 0) failed to unget the
                        EOL token when reading to end of line.

1185.   [bug]           libbind: don't assume statp->_u._ext.ext is valid
                        unless RES_INIT is set when calling res_*init().

1184.   [bug]           libbind: call res_ndestroy() if RES_INIT is set
                        when res_*init() is called.

1183.   [bug]           Handle ENOSR error when writing to the internal
                        control pipe. [RT #2395]

1182.   [bug]           The server could throw an assertion failure when
                        constructing a negative response packet.

1181.   [func]          Add the "key-directory" configuration statement,
                        which allows the server to look for online signing
                        keys in alternate directories.

1180.   [func]          dnssec-keygen should always generate keys with
                        protocol 3 (DNSSEC), since it's less confusing
                        that way.

1179.   [func]          Add SIG(0) support to nsupdate.

1178.   [bug]           Follow and cache (if appropriate) A6 and other
                        data chains to completion in the additional section.

1177.   [func]          Report view when loading zones if it is not a
                        standard view (_default or _bind). [RT #2270]

1176.   [doc]           Document that allow-v6-synthesis is only performed
                        for clients that are supplied recursive service.
                        [RT #2260]

1175.   [bug]           named-checkzone and named-checkconf failed to call
                        dns_result_register() at startup which could
                        result in runtime exceptions when printing
                        "out of memory" errors. [RT #2335]

1174.   [bug]           Win32: add WSAECONNRESET to the expected errors
                        from connect(). [RT #2308]

1173.   [bug]           Potential memory leaks in isc_log_create() and
                        isc_log_settag(). [RT #2336]

1172.   [doc]           Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
                        table of RR types in ARM.

1171.   [func]          Added function isc_region_compare(), updated files in
                        lib/dns to use this function instead of local one.

1170.   [bug]           Don't attempt to print the token when a I/O error
                        occurs when parsing named.conf. [RT #2275]

1169.   [func]          Identify recursive queries in the query log.

1168.   [bug]           Empty also-notify clauses were not handled. [RT #2309]

1167.   [contrib]       nslint-2.1a3 (from author).

1166.   [bug]           "Not Implemented" should be reported as NOTIMP,
                        not NOTIMPL. [RT #2281]

1165.   [bug]           We were rejecting notify-source{-v6} in zone clauses.

1164.   [bug]           Empty masters clauses in slave / stub zones were not
                        handled gracefully. [RT #2262]

1163.   [func]          isc_time_formattimestamp() now includes the year.

1162.   [bug]           The allow-notify option was not accepted in slave
                        zone statements.

1161.   [bug]           named-checkzone looped on unbalanced brackets.
                        [RT #2248]

1160.   [bug]           Generating Diffie-Hellman keys longer than 1024
                        bits could fail. [RT #2241]

1159.   [bug]           MD and MF are not permitted to be loaded by RFC1123.

1158.   [func]          Report the client's address when logging notify
                        messages.

1157.   [func]          match-clients and match-destinations now accept
                        keys. [RT #2045]

1156.   [port]          The configure test for strsep() incorrectly
                        succeeded on certain patched versions of
                        AIX 4.3.3. [RT #2190]

1155.   [func]          Recover from master files being removed from under
                        us.

1154.   [bug]           Don't attempt to obtain the netmask of a interface
                        if there is no address configured. [RT #2176]

1153.   [func]          'rndc {stop|halt} -p' now reports the process id
                        of the instance of named being shutdown.

1152.   [bug]           libbind: read buffer overflows.

1151.   [bug]           nslookup failed to check that the arguments to
                        the port, timeout, and retry options were
                        valid integers and in range. [RT #2099]

1150.   [bug]           named incorrectly accepted TTL values
                        containing plus or minus signs, such as
                        1d+1h-1s.

1149.   [func]          New function isc_parse_uint32().

1148.   [func]          'rndc-confgen -a' now provides positive feedback.

1147.   [func]          Set IPV6_V6ONLY on IPv6 sockets if supported by
                        the OS.  listen-on-v6 { any; }; should no longer
                        result in IPv4 queries be accepted.  Similarly
                        control { inet :: ... }; should no longer result
                        in IPv4 connections being accepted.  This can be
                        overridden at compile time by defining
                        ISC_ALLOW_MAPPED=1.

1146.   [func]          Allow IPV6_IPV6ONLY to be set/cleared on a socket if
                        supported by the OS by a new function
                        isc_socket_ipv6only().

1145.   [func]          "host" no longer reports a NOERROR/NODATA response
                        by printing nothing. [RT #2065]

1144.   [bug]           rndc-confgen would crash if both the -a and -t
                        options were specified. [RT #2159]

1143.   [bug]           When a trusted-keys statement was present and named
                        was built without crypto support, it would leak memory.

1142.   [bug]           dnssec-signzone would fail to delete temporary files
                        in some failure cases. [RT #2144]

1141.   [bug]           When named rejected a control message, it would
                        leak a file descriptor and memory.  It would also
                        fail to respond, causing rndc to hang.
                        [RT #2139, #2164]

1140.   [bug]           rndc-confgen did not accept IPv6 addresses as arguments
                        to the -s option. [RT #2138]

1139.   [func]          It is now possible to flush a given name from the
                        cache(s) via 'rndc flushname name [view]'. [RT #2051]

1138.   [func]          It is now possible to flush a given name from the
                        cache by calling the new function
                        dns_cache_flushname().

1137.   [func]          It is now possible to flush a given name from the
                        ADB by calling the new function dns_adb_flushname().

1136.   [bug]           CNAME records synthesized from DNAMEs did not
                        have a TTL of zero as required by RFC2672.
                        [RT #2129]

1135.   [func]          You can now override the default syslog() facility for
                        named/lwresd at compile time. [RT #1982]

1134.   [bug]           Multi-threaded servers could deadlock in ferror()
                        when reloading zone files. [RT #1951, #1998]

1133.   [bug]           IN6_IS_ADDR_LOOPBACK was not portably defined on
                        platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]

1132.   [func]          Improve UPDATE prerequisite failure diagnostic messages.

1131.   [bug]           The match-destinations view option did not work with
                        IPv6 destinations. [RT #2073, #2074]

1130.   [bug]           Log messages reporting an out-of-range serial number
                        did not include the out-of-range number but the
                        following token. [RT #2076]

1129.   [bug]           Multi-threaded servers could crash under heavy
                        resolution load due to a race condition. [RT #2018]

1128.   [func]          sdb drivers can now provide RR data in either text
                        or wire format, the latter using the new functions
                        dns_sdb_putrdata() and dns_sdb_putnamedrdata().

1127.   [func]          rndc: If the server to contact has multiple addresses,
                        try all of them.

1126.   [bug]           The server could access a freed event if shut
                        down while a client start event was pending
                        delivery. [RT #2061]

1125.   [bug]           rndc: -k option was missing from usage message.
                        [RT #2057]

1124.   [doc]           dig: +[no]dnssec, +[no]besteffort and +[no]fail
                        are now documented. [RT #2052]

1123.   [bug]           dig +[no]fail did not match description. [RT #2052]

1122.   [tuning]        Resolution timeout reduced from 90 to 30 seconds.
                        [RT #2046]

1121.   [bug]           The server could attempt to access a NULL zone
                        table if shut down while resolving.
                        [RT #1587, #2054]

1120.   [bug]           Errors in options were not fatal. [RT #2002]

1119.   [func]          Added support in Win32 for NTFS file/directory ACL's
                        for access control.

1118.   [bug]           On multi-threaded servers, a race condition
                        could cause an assertion failure in resolver.c
                        during resolver shutdown. [RT #2029]

1117.   [port]          The configure check for in6addr_loopback incorrectly
                        succeeded on AIX 4.3 when compiling with -O2
                        because the test code was optimized away.
                        [RT #2016]

1116.   [bug]           Setting transfers in a server clause, transfers-in,
                        or transfers-per-ns to a value greater than
                        2147483647 disabled transfers. [RT #2002]

1115.   [func]          Set maximum values for cleaning-interval,
                        heartbeat-interval, interface-interval,
                        max-transfer-idle-in, max-transfer-idle-out,
                        max-transfer-time-in, max-transfer-time-out,
                        statistics-interval of 28 days and
                        sig-validity-interval of 3660 days. [RT #2002]

1114.   [port]          Ignore more accept() errors. [RT #2021]

1113.   [bug]           The allow-update-forwarding option was ignored
                        when specified in a view. [RT #2014]

1112.   [placeholder]

1111.   [bug]           Multi-threaded servers could deadlock processing
                        recursive queries due to a locking hierarchy
                        violation in adb.c. [RT #2017]

1110.   [bug]           dig should only accept valid abbreviations of +options.
                        [RT #2003]

1109.   [bug]           nsupdate accepted illegal ttl values.

1108.   [bug]           On Win32, rndc was hanging when named was not running
                        due to failure to select for exceptional conditions
                        in select(). [RT #1870]

1107.   [bug]           nsupdate could catch an assertion failure if an
                        invalid domain name was given as the argument to
                        the "zone" command.

1106.   [bug]           After seeing an out of range TTL, nsupdate would
                        treat all TTLs as out of range. [RT #2001]

1105.   [port]          OpenUNIX 8 enable threads by default. [RT #1970]

1104.   [bug]           Invalid arguments to the transfer-format option
                        could cause an assertion failure. [RT #1995]

1103.   [port]          OpenUNIX 8 support (ifconfig.sh). [RT #1970]

1102.   [doc]           Note that query logging is enabled by directing the
                        queries category to a channel.

1101.   [bug]           Array bounds read error in lwres_gai_strerror.

1100.   [bug]           libbind: DNSSEC key ids were computed incorrectly.

1099.   [cleanup]       libbind: defining REPORT_ERRORS in lib/bind/dst caused
                        compile time errors.

1098.   [bug]           libbind: HMAC-MD5 key files are now mode 0600.

1097.   [func]          libbind: RES_PRF_TRUNC for dig.

1096.   [func]          libbind: "DNSSEC OK" (DO) support.

1095.   [func]          libbind: resolver option: no-tld-query.  disables
                        trying unqualified as a tld.  no_tld_query is also
                        supported for FreeBSD compatibility.

1094.   [func]          libbind: add support gcc's format string checking.

1093.   [doc]           libbind: miscellaneous nroff fixes.

1092.   [bug]           libbind: get*by*() failed to check if res_init() had
                        been called.

1091.   [bug]           libbind: misplaced va_end().

1090.   [bug]           libbind: dns_ho.c:add_hostent() was not returning
                        the amount of memory consumed resulting in garbage
                        address being returned.  Alignment calculations were
                        wasting space.  We weren't suppressing duplicate
                        addresses.

1089.   [func]          libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
                        support.

1088.   [port]          libbind: MPE/iX C.70 (incomplete)

1087.   [bug]           libbind: struct __res_state too large on 64 bit arch.

1086.   [port]          libbind: sunos: old sprintf.

1085.   [port]          libbind: solaris: sys_nerr and sys_errlist do not
                        exist when compiling in 64 bit mode.

1084.   [cleanup]       libbind: gai_strerror() rewritten.

1083.   [bug]           The default control channel listened on the
                        wildcard address, not the loopback as documented.
                        [RT #1975]

1082.   [bug]           The -g option to named incorrectly caused logging
                        to be sent to syslog in addition to stderr.
                        [RT #1974]

1081.   [bug]           Multicast queries were incorrectly identified
                        based on the source address, not the destination
                        address.

1080.   [bug]           BIND 8 compatibility: accept bare IP prefixes
                        as the second element of a two-element top level
                        sort list statement. [RT #1964]

1079.   [bug]           BIND 8 compatibility: accept bare elements at top
                        level of sort list treating them as if they were
                        a single element list. [RT #1963]

1078.   [bug]           We failed to correct bad tv_usec values in one case.
                        [RT #1966]

1077.   [func]          Do not accept further recursive clients when
                        the total number of recursive lookups being
                        processed exceeds max-recursive-clients, even
                        if some of the lookups are internally generated.
                        [RT #1915, #1938]

1076.   [bug]           A badly defined global key could trigger an assertion
                        on load/reload if views were used. [RT #1947]

1075.   [bug]           Out-of-range network prefix lengths were not
                        reported. [RT #1954]

1074.   [bug]           Running out of memory in dump_rdataset() could
                        cause an assertion failure. [RT #1946]

1073.   [bug]           The ADB cache cleaning should also be space driven.
                        [RT #1915, #1938]

1072.   [bug]           The TCP client quota could be exceeded when
                        recursion occurred. [RT #1937]

1071.   [bug]           Sockets listening for TCP DNS connections
                        specified an excessive listen backlog. [RT #1937]

1070.   [bug]           Copy DNSSEC OK (DO) to response as specified by
                        draft-ietf-dnsext-dnssec-okbit-03.txt.

1069.   [placeholder]

1068.   [bug]           errno could be overwritten by catgets(). [RT #1921]

1067.   [func]          Allow quotas to be soft, isc_quota_soft().

1066.   [bug]           Provide a thread safe wrapper for strerror().
                        [RT #1689]

1065.   [func]          Runtime support to select new / old style interface
                        scanning using ioctls.

1064.   [bug]           Do not shut down active network interfaces if we
                        are unable to scan the interface list. [RT #1921]

1063.   [bug]           libbind: "make install" was failing on IRIX.
                        [RT #1919]

1062.   [bug]           If the control channel listener socket was shut
                        down before server exit, the listener object could
                        be freed twice. [RT #1916]

1061.   [bug]           If periodic cache cleaning happened to start
                        while cleaning due to reaching the configured
                        maximum cache size was in progress, the server
                        could catch an assertion failure. [RT #1912]

1060.   [func]          Move refresh, stub and notify UDP retry processing
                        into dns_request.

1059.   [func]          dns_request now support will now retry UDP queries,
                        dns_request_createvia2() and dns_request_createraw2().

1058.   [func]          Limited lifetime ticker timers are now available,
                        isc_timertype_limited.

1057.   [bug]           Reloading the server after adding a "file" clause
                        to a zone statement could cause the server to
                        crash due to a typo in change 1016.

1056.   [bug]           Rndc could catch an assertion failure on SIGINT due
                        to an uninitialized variable. [RT #1908]

1055.   [func]          Version and hostname queries can now be disabled
                        using "version none;" and "hostname none;",
                        respectively.

1054.   [bug]           On Win32, cfg_categories and cfg_modules need to be
                        exported from the libisccfg DLL.

1053.   [bug]           Dig did not increase its timeout when receiving
                        AXFRs unless the +time option was used. [RT #1904]

1052.   [bug]           Journals were not being created in binary mode
                        resulting in "journal format not recognized" error
                        under Win32. [RT #1889]

1051.   [bug]           Do not ignore a network interface completely just
                        because it has a noncontiguous netmask.  Instead,
                        omit it from the localnets ACL and issue a warning.
                        [RT #1891]

1050.   [bug]           Log messages reporting malformed IP addresses in
                        address lists such as that of the forwarders option
                        failed to include the correct error code, file
                        name, and line number. [RT #1890]

1049.   [func]          "pid-file none;" will disable writing a pid file.
                        [RT #1848]

1048.   [bug]           Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
                        didn't work.

1047.   [bug]           named was incorrectly refusing all requests signed
                        with a TSIG key derived from an unsigned TKEY
                        negotiation with a NOERROR response. [RT #1886]

1046.   [bug]           The help message for the --with-openssl configure
                        option was inaccurate. [RT #1880]

1045.   [bug]           It was possible to skip saving glue for a nameserver
                        for a stub zone.

1044.   [bug]           Specifying allow-transfer, notify-source, or
                        notify-source-v6 in a stub zone was not treated
                        as an error.

1043.   [bug]           Specifying a transfer-source or transfer-source-v6
                        option in the zone statement for a master zone was
                        not treated as an error. [RT #1876]

1042.   [bug]           The "config" logging category did not work properly.
                        [RT #1873]

1041.   [bug]           Dig/host/nslookup could catch an assertion failure
                        on SIGINT due to an uninitialized variable. [RT #1867]

1040.   [bug]           Multiple listen-on-v6 options with different ports
                        were not accepted. [RT #1875]

1039.   [bug]           Negative responses with CNAMEs in the answer section
                        were cached incorrectly. [RT #1862]

1038.   [bug]           In servers configured with a tkey-domain option,
                        TKEY queries with an owner name other than the root
                        could cause an assertion failure. [RT #1866, #1869]

1037.   [bug]           Negative responses whose authority section contain
                        SOA or NS records whose owner names are not equal
                        equal to or parents of the query name should be
                        rejected. [RT #1862]

1036.   [func]          Silently drop requests received via multicast as
                        long as there is no final multicast DNS standard.

1035.   [bug]           If we respond to multicast queries (which we
                        currently do not), respond from a unicast address
                        as specified in RFC 1123. [RT #137]

1034.   [bug]           Ignore the RD bit on multicast queries as specified
                        in RFC 1123. [RT #137]

1033.   [bug]           Always respond to requests with an unsupported opcode
                        with NOTIMP, even if we don't have a matching view
                        or cannot determine the class.

1032.   [func]          hostname.bind/txt/chaos now returns the name of
                        the machine hosting the nameserver.  This is useful
                        in diagnosing problems with anycast servers.

1031.   [bug]           libbind.a: isc__gettimeofday() infinite recursion.
                        [RT #1858]

1030.   [bug]           On systems with no resolv.conf file, nsupdate
                        exited with an error rather than defaulting
                        to using the loopback address. [RT #1836]

1029.   [bug]           Some named.conf errors did not cause the loading
                        of the configuration file to return a failure
                        status even though they were logged. [RT #1847]

1028.   [bug]           On Win32, dig/host/nslookup looked for resolv.conf
                        in the wrong directory. [RT #1833]

1027.   [bug]           RRs having the reserved type 0 should be rejected.
                        [RT #1471]

1026.   [placeholder]

1025.   [bug]           Don't use multicast addresses to resolve iterative
                        queries. [RT #101]

1024.   [port]          Compilation failed on HP-UX 11.11 due to
                        incompatible use of the SIOCGLIFCONF macro
                        name. [RT #1831]

1023.   [func]          Accept hints without TTLs.

1022.   [bug]           Don't report empty root hints as "extra data".
                        [RT #1802]

1021.   [bug]           On Win32, log message timestamps were one month
                        later than they should have been, and the server
                        would exhibit unspecified behavior in December.

1020.   [bug]           IXFR log messages did not distinguish between
                        true IXFRs, AXFR-style IXFRs, and mere version
                        polls. [RT #1811]

1019.   [bug]           The value of the lame-ttl option was limited to 18000
                        seconds, not 1800 seconds as documented. [RT #1803]

1018.   [bug]           The default log channel was not always initialized
                        correctly. [RT #1813]

1017.   [bug]           When specifying TSIG keys to dig and nsupdate using
                        the -k option, they must be HMAC-MD5 keys. [RT #1810]

1016.   [bug]           Slave zones with no backup file were re-transferred
                        on every server reload.

1015.   [bug]           Log channels that had a "versions" option but no
                        "size" option failed to create numbered log
                        files. [RT #1783]

1014.   [bug]           Some queries would cause statistics counters to
                        increment more than once or not at all. [RT #1321]

1013.   [bug]           It was possible to cancel a query twice when marking
                        a server as bogus or by having a blackhole acl.
                        [RT #1776]

1012.   [bug]           The -p option to named did not behave as documented.

1011.   [cleanup]       Removed isc_dir_current().

1010.   [bug]           The server could attempt to execute a command channel
                        command after initiating server shutdown, causing
                        an assertion failure. [RT #1766]

1009.   [port]          OpenUNIX 8 support. [RT #1728]

1008.   [port]          libtool.m4, ltmain.sh from libtool-1.4.2.

1007.   [port]          config.guess, config.sub from autoconf-2.52.

1006.   [bug]           If a KEY RR was found missing during DNSSEC validation,
                        an assertion failure could subsequently be triggered
                        in the resolver. [RT #1763]

1005.   [bug]           Don't copy nonzero RCODEs from request to response.
                        [RT #1765]

1004.   [port]          Deal with recvfrom() returning EHOSTDOWN. [RT #1770]

1003.   [func]          Add the +retry option to dig.

1002.   [bug]           When reporting an unknown class name in named.conf,
                        including the file name and line number. [RT #1759]

1001.   [bug]           win32 socket code doio_recv was not catching a
                        WSACONNRESET error when a client was timing out
                        the request and closing its socket. [RT #1745]

1000.   [bug]           BIND 8 compatibility: accept "HESIOD" as an alias
                        for class "HS". [RT #1759]

 999.   [func]          "rndc retransfer zone [class [view]]" added.
                        [RT #1752]

 998.   [func]          named-checkzone now has arguments to specify the
                        chroot directory (-t) and working directory (-w).
                        [RT #1755]

 997.   [func]          Add support for RSA-SHA1 keys (RFC3110).

 996.   [func]          Issue warning if the configuration filename contains
                        the chroot path.

 995.   [bug]           dig, host, nslookup: using a raw IPv6 address as a
                        target address should be fatal on a IPv4 only system.

 994.   [func]          Treat non-authoritative responses to queries for type
                        NS as referrals even if the NS records are in the
                        answer section, because BIND 8 servers incorrectly
                        send them that way.  This is necessary for DNSSEC
                        validation of the NS records of a secure zone to
                        succeed when the parent is a BIND 8 server. [RT #1706]

 993.   [func]          dig: -v now reports the version.

 992.   [doc]           dig: ~/.digrc is now documented.

 991.   [func]          Lower UDP refresh timeout messages to level
                        debug 1.

 990.   [bug]           The rndc-confgen man page was not installed.

 989.   [bug]           Report filename if $INCLUDE fails for file related
                        errors. [RT #1736]

 988.   [bug]           'additional-from-auth no;' did not work reliably
                        in the case of queries answered from the cache.
                        [RT #1436]

 987.   [bug]           "dig -help" didn't show "+[no]stats".

 986.   [bug]           "dig +noall" failed to clear stats and command
                        printing.

 985.   [func]          Consider network interfaces to be up iff they have
                        a nonzero IP address rather than based on the
                        IFF_UP flag. [RT #1160]

 984.   [bug]           Multi-threading should be enabled by default on
                        Solaris 2.7 and newer, but it wasn't.

 983.   [func]          The server now supports generating IXFR difference
                        sequences for non-dynamic zones by comparing zone
                        versions, when enabled using the new config
                        option "ixfr-from-differences". [RT #1727]

 982.   [func]          If "memstatistics-file" is set in options the memory
                        statistics will be written to it.

 981.   [func]          The dnssec tools can now take multiple '-r randomfile'
                        arguments.

 980.   [bug]           Incoming zone transfers restarting after an error
                        could trigger an assertion failure. [RT #1692]

 979.   [func]          Incremental master file dumping.  dns_master_dumpinc(),
                        dns_master_dumptostreaminc(), dns_dumpctx_attach(),
                        dns_dumpctx_detach(), dns_dumpctx_cancel(),
                        dns_dumpctx_db() and dns_dumpctx_version().

 978.   [bug]           dns_db_attachversion() had an invalid REQUIRE()
                        condition.

 977.   [bug]           Improve "not at top of zone" error message.

 976.   [func]          named-checkconf can now test load master zones
                        (named-checkconf -z). [RT #1468]

 975.   [bug]           "max-cache-size default;" as a view option
                        caused an assertion failure.

 974.   [bug]           "max-cache-size unlimited;" as a global option
                        was not accepted.

 973.   [bug]           Failed to log the question name when logging:
                        "bad zone transfer request: non-authoritative zone
                        (NOTAUTH)".

 972.   [bug]           The file modification time code in zone.c was using the
                        wrong epoch. [RT #1667]

 971.   [placeholder]

 970.   [func]          'max-journal-size' can now be used to set a target
                        size for a journal.

 969.   [func]          dig now supports the undocumented dig 8 feature
                        of allowing arbitrary labels, not just dotted
                        decimal quads, with the -x option.  This can be
                        used to conveniently look up RFC2317 names as in
                        "dig -x 10.0.0.0-127". [RT #827, #1576, #1598]

 968.   [bug]           On win32, the isc_time_now() function was unnecessarily
                        calling strtime(). [RT #1671]

 967.   [bug]           On win32, the link for bindevt was not including the
                        required resource file to enable the event viewer
                        to interpret the error messages in the event log,
                        [RT #1668]

 966.   [placeholder]

 965.   [bug]           Including data other than root server NS and A
                        records in the root hint file could cause a rbtdb
                        node reference leak. [RT #1581, #1618]

 964.   [func]          Warn if data other than root server NS and A records
                        are found in the root hint file. [RT #1581, #1618]

 963.   [bug]           Bad ISC_LANG_ENDDECLS. [RT #1645]

 962.   [bug]           libbind: bad "#undef", don't attempt to install
                        non-existent nlist.h. [RT #1640]

 961.   [bug]           Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
                        was not defined. [RT #1482]

 960.   [port]          liblwres failed to build on systems with support for
                        getrrsetbyname() in the OS. [RT #1592]

 959.   [port]          On FreeBSD, determine the number of CPUs by calling
                        sysctlbyname(). [RT #1584]

 958.   [port]          ssize_t is not available on all platforms. [RT #1607]

 957.   [bug]           sys/select.h inclusion was broken on older platforms.
                        [RT #1607]

 956.   [bug]           ns_g_autorndcfile changed to ns_g_keyfile
                        in named/win32/os.c due to code changes in
                        change #953. win32 .make file for rndc-confgen
                        updated to add include path for os.h header.
       --- 9.2.0rc1 released ---

955.   [bug]           When using views, the zone's class was not being
                       inherited from the view's class. [RT #1583]

954.   [bug]           When requesting AXFRs or IXFRs using dig, host, or
                       nslookup, the RD bit should not be set as zone
                       transfers are inherently non-recursive. [RT #1575]

953.   [func]          The /var/run/named.key file from change #843
                       has been replaced by /etc/rndc.key.  Both
                       named and rndc will look for this file and use
                       it to configure a default control channel key
                       if not already configured using a different
                       method (rndc.conf / controls).  Unlike
                       named.key, rndc.key is not created automatically;
                       it must be created by manually running
                       "rndc-confgen -a".

952.   [bug]           The server required manual intervention to serve the
                       affected zones if it died between creating a journal
                       and committing the first change to it.

951.   [bug]           CFLAGS was not passed to the linker when
                       linking some of the test programs under
                       bin/tests. [RT #1555].

950.   [bug]           Explicit TTLs did not properly override $TTL
                       due to a bug in change 834. [RT #1558]

949.   [bug]           host was unable to print records larger than 512
                       bytes. [RT #1557]
       --- 9.2.0b2 released ---

948.   [port]          Integrated support for building on Windows NT /
                       Windows 2000.

947.   [bug]           dns_rdata_soa_t had a badly named element "mname" which
                       was really the RNAME field from RFC1035.  To avoid
                       confusion and silent errors that would occur it the
                       "origin" and "mname" elements were given their correct
                       names "mname" and "rname" respectively, the "mname"
                       element is renamed to "contact".

946.   [cleanup]       doc/misc/options is now machine-generated from the
                       configuration parser syntax tables, and therefore
                       more likely to be correct.

945.   [func]          Add the new view-specific options
                       "match-destinations" and "match-recursive-only".

944.   [func]          Check for expired signatures on load.

943.   [bug]           The server could crash when receiving a command
                       via rndc if the configuration file listed only
                       nonexistent keys in the controls statement. [RT #1530]

942.   [port]          libbind: GETNETBYADDR_ADDR_T was not correctly
                       defined on some platforms.

941.   [bug]           The configuration checker crashed if a slave
                       zone didn't contain a masters statement. [RT #1514]

940.   [bug]           Double zone locking failure on error path. [RT #1510]
       --- 9.2.0b1 released ---

939.   [port]          Add the --disable-linux-caps option to configure for
                       systems that manage capabilities outside of named.
                       [RT #1503]

938.   [placeholder]

937.   [bug]           A race when shutting down a zone could trigger a
                       INSIST() failure. [RT #1034]

936.   [func]          Warn about IPv4 addresses that are not complete
                       dotted quads. [RT #1084]

935.   [bug]           inet_pton failed to reject leading zeros.

934.   [port]          Deal with systems where accept() spuriously returns
                       ECONNRESET.

933.   [bug]           configure failed doing libbind on platforms not
                       supported by BIND 8. [RT #1496]
       --- 9.2.0a3 released ---

932.   [bug]           Use INSTALL_SCRIPT, not INSTALL_PROGRAM,
                       when installing isc-config.sh.
                       [RT #198, #1466]

931.   [bug]           The controls statement only attempted to verify
                       messages using the first key in the key list.
                       (9.2.0a1/a2 only).

930.   [func]          Query performance testing tool added as
                       contrib/queryperf.

929.   [placeholder]

928.   [bug]           nsupdate would send empty update packets if the
                       send (or empty line) command was run after
                       another send but before any new updates or
                       prerequisites were specified.  It should simply
                       ignore this command.

927.   [bug]           Don't hold the zone lock for the entire dump to disk.
                       [RT #1423]

926.   [bug]           The resolver could deadlock with the ADB when
                       shutting down (multi-threaded builds only).
                       [RT #1324]

925.   [cleanup]       Remove openssl from the distribution; require that
                       --with-openssl be specified if DNSSEC is needed.

924.   [port]          Extend support for pre-RFC2133 IPv6 implementation.
                       [RT #987]

923.   [bug]           Multiline TSIG secrets (and other multiline strings)
                       were not accepted in named.conf. [RT #1469]

922.   [func]          Added two new lwres_getrrsetbyname() result codes,
                       ERR_NONAME and ERR_NODATA.

921.   [bug]           lwres returned an incorrect error code if it received
                       a truncated message.

920.   [func]          Increase the lwres receive buffer size to 16K.
                       [RT #1451]

919.   [placeholder]

918.   [func]          In nsupdate, TSIG errors are no longer treated as
                       fatal errors.

917.   [func]          New nsupdate command 'key', allowing TSIG keys to
                       be specified in the nsupdate command stream rather
                       than the command line.

916.   [bug]           Specifying type ixfr to dig without specifying
                       a serial number failed in unexpected ways.

915.   [func]          The named-checkconf and named-checkzone programs
                       now have a '-v' option for printing their version.
                       [RT #1151]

914.   [bug]           Global 'server' statements were rejected when
                       using views, even though they were accepted
                       in 9.1. [RT #1368]

913.   [bug]           Cache cleaning was not sufficiently aggressive.
                       [RT #1441, #1444]

912.   [bug]           Attempts to set the 'additional-from-cache' or
                       'additional-from-auth' option to 'no' in a
                       server with recursion enabled will now
                       be ignored and cause a warning message.
                       [RT #1145]

911.   [placeholder]

910.   [port]          Some pre-RFC2133 IPv6 implementations do not define
                       IN6ADDR_ANY_INIT. [RT #1416]

909.   [placeholder]

908.   [func]          New program, rndc-confgen, to simplify setting up rndc.

907.   [func]          The ability to get entropy from either the
                       random device, a user-provided file or from
                       the keyboard was migrated from the DNSSEC tools
                       to libisc as isc_entropy_usebestsource().

906.   [port]          Separated the system independent portion of
                       lib/isc/unix/entropy.c into lib/isc/entropy.c
                       and added lib/isc/win32/entropy.c.

905.   [bug]           Configuring a forward "zone" for the root domain
                       did not work. [RT #1418]

904.   [bug]           The server would leak memory if attempting to use
                       an expired TSIG key. [RT #1406]

903.   [bug]           dig should not crash when receiving a TCP packet
                       of length 0.

902.   [bug]           The -d option was ignored if both -t and -g were also
                       specified.

901.   [placeholder]

900.   [bug]           A config.guess update changed the system identification
                       string of FreeBSD systems; configure and
                       bin/tests/system/ifconfig.sh now recognize the new
                       string.
       --- 9.2.0a2 released ---

899.   [bug]           lib/dns/soa.c failed to compile on many platforms
                       due to inappropriate use of a void value.
                       [RT #1372, #1373, #1386, #1387, #1395]

898.   [bug]           "dig" failed to set a nonzero exit status
                       on UDP query timeout. [RT #1323]

897.   [bug]           A config.guess update changed the system identification
                       string of UnixWare systems; configure now recognizes
                       the new string.

896.   [bug]           If a configuration file is set on named's command line
                       and it has a relative pathname, the current directory
                       (after any possible jailing resulting from named -t)
                       will be prepended to it so that reloading works
                       properly even when a directory option is present.

895.   [func]          New function, isc_dir_current(), akin to POSIX's
                       getcwd().

894.   [bug]           When using the DNSSEC tools, a message intended to warn
                       when the keyboard was being used because of the lack
                       of a suitable random device was not being printed.

893.   [func]          Removed isc_file_test() and added isc_file_exists()
                       for the basic functionality that was being added
                       with isc_file_test().

892.   [placeholder]

891.   [bug]           Return an error when a SIG(0) signed response to
                       an unsigned query is seen.  This should actually
                       do the verification, but it's not currently
                       possible. [RT #1391]

890.   [cleanup]       The man pages no longer require the mandoc macros
                       and should now format cleanly using most versions of
                       nroff, and HTML versions of the man pages have been
                       added.  Both are generated from DocBook source.

889.   [port]          Eliminated blank lines before .TH in nroff man
                       pages since they cause problems with some versions
                       of nroff. [RT #1390]

888.   [bug]           Don't die when using TKEY to delete a nonexistent
                       TSIG key. [RT #1392]

887.   [port]          Detect broken compilers that can't call static
                       functions from inline functions. [RT #1212]

886.   [placeholder]

885.   [placeholder]

884.   [placeholder]

883.   [placeholder]

882.   [placeholder]

881.   [placeholder]

880.   [placeholder]

879.   [placeholder]

878.   [placeholder]

877.   [placeholder]

876.   [placeholder]

875.   [placeholder]

874.   [placeholder]

873.   [placeholder]

872.   [placeholder]

871.   [placeholder]

870.   [placeholder]

869.   [placeholder]

868.   [placeholder]

867.   [placeholder]

866.   [func]          Close debug only file channels when debug is set to
                       zero. [RT #1246]

865.   [bug]           The new configuration parser did not allow
                       the optional debug level in a "severity debug"
                       clause of a logging channel to be omitted.
                       This is now allowed and treated as "severity
                       debug 1;" like it does in BIND 8.2.4, not as
                       "severity debug 0;" like it did in BIND 9.1.
                       [RT #1367]

864.   [cleanup]       Multi-threading is now enabled by default on
                       OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.

863.   [bug]           If an error occurred while an outgoing zone transfer
                       was starting up, the server could access a domain
                       name that had already been freed when logging a
                       message saying that the transfer was starting.
                       [RT #1383]

862.   [bug]           Use after realloc(), non portable pointer arithmetic in
                       grmerge().

861.   [port]          Add support for Mac OS X, by making it equivalent
                       to Darwin.  This was derived from the config.guess
                       file shipped with Mac OS X. [RT #1355]

860.   [func]          Drop cross class glue in zone transfers.

859.   [bug]           Cache cleaning now won't swamp the CPU if there
                       is a persistent over limit condition.

858.   [func]          isc_mem_setwater() no longer requires that when the
                       callback function is non-NULL then its hi_water
                       argument must be greater than its lo_water argument
                       (they can now be equal) or that they be non-zero.

857.   [cleanup]       Use ISC_MAGIC() to define all magic numbers for
                       structs, for our friends in EBCDIC-land.

856.   [func]          Allow partial rdatasets to be returned in answer and
                       authority sections to help non-TCP capable clients
                       recover from truncation. [RT #1301]

855.   [bug]           Stop spurious "using RFC 1035 TTL semantics" warnings.

854.   [bug]           The config parser didn't properly handle config
                       options that were specified in units of time other
                       than seconds. [RT #1372]

853.   [bug]           configure_view_acl() failed to detach existing acls.
                       [RT #1374]

852.   [bug]           Handle responses from servers which do not know
                       about IXFR.

851.   [cleanup]       The obsolete support-ixfr option was not properly
                       ignored.
       --- 9.2.0a1 released ---

850.   [bug]           dns_rbt_findnode() would not find nodes that were
                       split on a bitstring label somewhere other than in
                       the last label of the node. [RT #1351]

849.   [func]          <isc/net.h> will ensure INADDR_LOOPBACK is defined.

848.   [func]          A minimum max-cache-size of two megabytes is enforced
                       by the cache cleaner.

847.   [func]          Added isc_file_test(), which currently only has
                       some very basic functionality to test for the
                       existence of a file, whether a pathname is absolute,
                       or whether a pathname is the fundamental representation
                       of the current directory.  It is intended that this
                       function can be expanded to test other things a
                       programmer might want to know about a file.

846.   [func]          A non-zero 'param' to dst_key_generate() when making an
                       hmac-md5 key means that good entropy is not required.

845.   [bug]           The access rights on the public file of a symmetric
                       key are now restricted as soon as the file is opened,
                       rather than after it has been written and closed.

844.   [func]          <isc/net.h> will ensure INADDR_LOOPBACK is defined,
                       just as <lwres/net.h> does.

843.   [func]          If no controls statement is present in named.conf,
                       or if any inet phrase of a controls statement is
                       lacking a keys clause, then a key will be automatically
                       generated by named and an rndc.conf-style file
                       named named.key will be written that uses it.  rndc
                       will use this file only if its normal configuration
                       file, or one provided on the command line, does not
                       exist.

842.   [func]          'rndc flush' now takes an optional view.

841.   [bug]           When sdb modules were not declared threadsafe, their
                       create and destroy functions were not serialized.

840.   [bug]           The config file parser could print the wrong file
                       name if an error was detected after an included file
                       was parsed. [RT #1353]

839.   [func]          Dump packets for which there was no view or that the
                       class could not be determined to category "unmatched".

838.   [port]          UnixWare 7.x.x is now supported by
                       bin/tests/system/ifconfig.sh.

837.   [cleanup]       Multi-threading is now enabled by default only on
                       OSF1, Solaris 2.7 and newer, and AIX.

836.   [func]          Upgraded libtool to 1.4.

835.   [bug]           The dispatcher could enter a busy loop if
                       it got an I/O error receiving on a UDP socket.
                       [RT #1293]

834.   [func]          Accept (but warn about) master files beginning with
                       an SOA record without an explicit TTL field and
                       lacking a $TTL directive, by using the SOA MINTTL
                       as a default TTL.  This is for backwards compatibility
                       with old versions of BIND 8, which accepted such
                       files without warning although they are illegal
                       according to RFC1035.

833.   [cleanup]       Moved dns_soa_*() from <dns/journal.h> to
                       <dns/soa.h>, and extended them to support
                       all the integer-valued fields of the SOA RR.

832.   [bug]           The default location for named.conf in named-checkconf
                       should depend on --sysconfdir like it does in named.
                       [RT #1258]

831.   [placeholder]

830.   [func]          Implement 'rndc status'.

829.   [bug]           The DNS_R_ZONECUT result code should only be returned
                       when an ANY query is made with DNS_DBFIND_GLUEOK set.
                       In all other ANY query cases, returning the delegation
                       is better.

828.   [bug]           The errno value from recvfrom() could be overwritten
                       by logging code. [RT #1293]

827.   [bug]           When an IXFR protocol error occurs, the slave
                       should retry with AXFR.

826.   [bug]           Some IXFR protocol errors were not detected.

825.   [bug]           zone.c:ns_query() detached from the wrong zone
                       reference. [RT #1264]

824.   [bug]           Correct line numbers reported by dns_master_load().
                       [RT #1263]

823.   [func]          The output of "dig -h" now goes to stdout so that it
                       can easily be piped through "more". [RT #1254]

822.   [bug]           Sending nxrrset prerequisites would crash nsupdate.
                       [RT #1248]

821.   [bug]           The program name used when logging to syslog should
                       be stripped of leading path components.
                       [RT #1178, #1232]

820.   [bug]           Name server address lookups failed to follow
                       A6 chains into the glue of local authoritative
                       zones.

819.   [bug]           In certain cases, the resolver's attempts to
                       restart an address lookup at the root could cause
                       the fetch to deadlock (with itself) instead of
                       restarting. [RT #1225]

818.   [bug]           Certain pathological responses to ANY queries could
                       cause an assertion failure. [RT #1218]

817.   [func]          Adjust timeouts for dialup zone queries.

816.   [bug]           Report potential problems with log file accessibility
                       at configuration time, since such problems can't
                       reliably be reported at the time they actually occur.

815.   [bug]           If a log file was specified with a path separator
                       character (i.e. "/") in its name and the directory
                       did not exist, the log file's name was treated as
                       though it were the directory name. [RT #1189]

814.   [bug]           Socket objects left over from accept() failures
                       were incorrectly destroyed, causing corruption
                       of socket manager data structures.

813.   [bug]           File descriptors exceeding FD_SETSIZE were handled
                       badly. [RT #1192]

812.   [bug]           dig sometimes printed incomplete IXFR responses
                       due to an uninitialized variable. [RT #1188]

811.   [bug]           Parentheses were not quoted in zone dumps. [RT #1194]

810.   [bug]           The signer name in SIG records was not properly
                       down-cased when signing/verifying records. [RT #1186]

809.   [bug]           Configuring a non-local address as a transfer-source
                       could cause an assertion failure during load.

808.   [func]          Add 'rndc flush' to flush the server's cache.

807.   [bug]           When setting up TCP connections for incoming zone
                       transfers, the transfer-source port was not
                       ignored like it should be.

806.   [bug]           DNS_R_SEENINCLUDE was failing to propagate back up
                       the calling stack to the zone maintenance level,
                       causing zones to not reload when an included file was
                       touched but the top-level zone file was not.

805.   [bug]           When using "forward only", missing root hints should
                       not cause queries to fail. [RT #1143]

804.   [bug]           Attempting to obtain entropy could fail in some
                       situations.  This would be most common on systems
                       with user-space threads. [RT #1131]

803.   [bug]           Treat all SIG queries as if they have the CD bit set,
                       otherwise no data will be returned [RT #749]

802.   [bug]           DNSSEC key tags were computed incorrectly in almost
                       all cases. [RT #1146]

801.   [bug]           nsupdate should treat lines beginning with ';' as
                       comments. [RT #1139]

800.   [bug]           dnssec-signzone produced incorrect statistics for
                       large zones. [RT #1133]

799.   [bug]           The ADB didn't find AAAA glue in a zone unless A6
                       glue was also present.

798.   [bug]           nsupdate should be able to reject bad input lines
                       and continue. [RT #1130]

797.   [func]          Issue a warning if the 'directory' option contains
                       a relative path. [RT #269]

796.   [func]          When a size limit is associated with a log file,
                       only roll it when the size is reached, not every
                       time the log file is opened. [RT #1096]

795.   [func]          Add the +multiline option to dig. [RT #1095]

794.   [func]          Implement the "port" and "default-port" statements
                       in rndc.conf.

793.   [cleanup]       The DNSSEC tools could create filenames that were
                       illegal or contained shell meta-characters.  They
                       now use a different text encoding of names that
                       doesn't have these problems. [RT #1101]

792.   [cleanup]       Replace the OMAPI command channel protocol with a
                       simpler one.

791.   [bug]           The command channel now works over IPv6.

790.   [bug]           Wildcards created using dynamic update or IXFR
                       could fail to match. [RT #1111]

789.   [bug]           The "localhost" and "localnets" ACLs did not match
                       when used as the second element of a two-element
                       sortlist item.

788.   [func]          Add the "match-mapped-addresses" option, which
                       causes IPv6 v4mapped addresses to be treated as
                       IPv4 addresses for the purpose of acl matching.

787.   [bug]           The DNSSEC tools failed to downcase domain
                       names when mapping them into file names.

786.   [bug]           When DNSSEC signing/verifying data, owner names were
                       not properly down-cased.

785.   [bug]           A race condition in the resolver could cause
                       an assertion failure. [RT #673, #872, #1048]

784.   [bug]           nsupdate and other programs would not quit properly
                       if some signals were blocked by the caller. [RT #1081]

783.   [bug]           Following CNAMEs could cause an assertion failure
                       when either using an sdb database or under very
                       rare conditions.

782.   [func]          Implement the "serial-query-rate" option.

781.   [func]          Avoid error packet loops by dropping duplicate FORMERR
                       responses. [RT #1006]

780.   [bug]           Error handling code dealing with out of memory or
                       other rare errors could lead to assertion failures
                       by calling functions on uninitialized names. [RT #1065]

779.   [func]          Added the "minimal-responses" option.

778.   [bug]           When starting cache cleaning, cleaning_timer_action()
                       returned without first pausing the iterator, which
                       could cause deadlock. [RT #998]

777.   [bug]           An empty forwarders list in a zone failed to override
                       global forwarders. [RT #995]

776.   [func]          Improved error reporting in denied messages. [RT #252]

775.   [placeholder]

774.   [func]          max-cache-size is implemented.

773.   [func]          Added isc_rwlock_trylock() to attempt to lock without
                       blocking.

772.   [bug]           Owner names could be incorrectly omitted from cache
                       dumps in the presence of negative caching entries.
                       [RT #991]

771.   [cleanup]       TSIG errors related to unsynchronized clocks
                       are logged better. [RT #919]

770.   [func]          Add the "edns yes_or_no" statement to the server
                       clause. [RT #524]

769.   [func]          Improved error reporting when parsing rdata. [RT #740]

768.   [bug]           The server did not emit an SOA when a CNAME
                       or DNAME chain ended in NXDOMAIN in an
                       authoritative zone.

767.   [placeholder]

766.   [bug]           A few cases in query_find() could leak fname.
                       This would trigger the mpctx->allocated == 0
                       assertion when the server exited.
                       [RT #739, #776, #798, #812, #818, #821, #845,
                       #892, #935, #966]

765.   [func]          ACL names are once again case insensitive, like
                       in BIND 8. [RT #252]

764.   [func]          Configuration files now allow "include" directives
                       in more places, such as inside the "view" statement.
                       [RT #377, #728, #860]

763.   [func]          Configuration files no longer have reserved words.
                       [RT #731, #753]

762.   [cleanup]       The named.conf and rndc.conf file parsers have
                       been completely rewritten.

761.   [bug]           _REENTRANT was still defined when building with
                       --disable-threads.

760.   [contrib]       Significant enhancements to the pgsql sdb driver.

759.   [bug]           The resolver didn't turn off "avoid fetches" mode
                       when restarting, possibly causing resolution
                       to fail when it should not.  This bug only affected
                       platforms which support both IPv4 and IPv6. [RT #927]

758.   [bug]           The "avoid fetches" code did not treat negative
                       cache entries correctly, causing fetches that would
                       be useful to be avoided.  This bug only affected
                       platforms which support both IPv4 and IPv6. [RT #927]

757.   [func]          Log zone transfers.

756.   [bug]           dns_zone_load() could "return" success when no master
                       file was configured.

755.   [bug]           Fix incorrectly formatted log messages in zone.c.

754.   [bug]           Certain failure conditions sending UDP packets
                       could cause the server to retry the transmission
                       indefinitely. [RT #902]

753.   [bug]           dig, host, and nslookup would fail to contact a
                       remote server if getaddrinfo() returned an IPv6
                       address on a system that doesn't support IPv6.
                       [RT #917]

752.   [func]          Correct bad tv_usec elements returned by
                       gettimeofday().

751.   [func]          Log successful zone loads / transfers.  [RT #898]

750.   [bug]           A query should not match a DNAME whose trust level
                       is pending. [RT #916]

749.   [bug]           When a query matched a DNAME in a secure zone, the
                       server did not return the signature of the DNAME.
                       [RT #915]

748.   [doc]           List supported RFCs in doc/misc/rfc-compliance.
                       [RT #781]

747.   [bug]           The code to determine whether an IXFR was possible
                       did not properly check for a database that could
                       not have a journal. [RT #865, #908]

746.   [bug]           The sdb didn't clone rdatasets properly, causing
                       a crash when the server followed delegations. [RT #905]

745.   [func]          Report the owner name of records that fail
                       semantic checks while loading.

744.   [bug]           When returning DNS_R_CNAME or DNS_R_DNAME as the
                       result of an ANY or SIG query, the resolver failed
                       to setup the return event's rdatasets, causing an
                       assertion failure in the query code. [RT #881]

743.   [bug]           Receiving a large number of certain malformed
                       answers could cause named to stop responding.
                       [RT #861]

742.   [placeholder]

741.   [port]          Support openssl-engine. [RT #709]

740.   [port]          Handle openssl library mismatches slightly better.

739.   [port]          Look for /dev/random in configure, rather than
                       assuming it will be there for only a predefined
                       set of OSes.

738.   [bug]           If a non-threadsafe sdb driver supported AXFR and
                       received an AXFR request, it would deadlock or die
                       with an assertion failure. [RT #852]

737.   [port]          stdtime.c failed to compile on certain platforms.

736.   [func]          New functions isc_task_{begin,end}exclusive().

735.   [doc]           Add BIND 4 migration notes.

734.   [bug]           An attempt to re-lock the zone lock could occur if
                       the server was shutdown during a zone transfer.
                       [RT #830]

733.   [bug]           Reference counts of dns_acl_t objects need to be
                       locked but were not. [RT #801, #821]

732.   [bug]           Glue with 0 TTL could also cause SERVFAIL. [RT #828]

731.   [bug]           Certain zone errors could cause named-checkzone to
                       fail ungracefully. [RT #819]

730.   [bug]           lwres_getaddrinfo() returns the correct result when
                       it fails to contact a server. [RT #768]

729.   [port]          pthread_setconcurrency() needs to be called on Solaris.

728.   [bug]           Fix comment processing on master file directives.
                       [RT #757]

727.   [port]          Work around OS bug where accept() succeeds but
                       fails to fill in the peer address of the accepted
                       connection, by treating it as an error rather than
                       an assertion failure. [RT #809]

726.   [func]          Implement the "trace" and "notrace" commands in rndc.

725.   [bug]           Installing man pages could fail.

724.   [func]          New libisc functions isc_netaddr_any(),
                       isc_netaddr_any6().

723.   [bug]           Referrals whose NS RRs had a 0 TTL caused the resolver
                       to return DNS_R_SERVFAIL. [RT #783]

722.   [func]          Allow incremental loads to be canceled.

721.   [cleanup]       Load manager and dns_master_loadfilequota() are no
                       more.

720.   [bug]           Server could enter infinite loop in
                       dispatch.c:do_cancel(). [RT #733]

719.   [bug]           Rapid reloads could trigger an assertion failure.
                       [RT #743, #763]

718.   [cleanup]       "internal" is no longer a reserved word in named.conf.
                       [RT #753, #731]

717.   [bug]           Certain TKEY processing failure modes could
                       reference an uninitialized variable, causing the
                       server to crash. [RT #750]

716.   [bug]           The first line of a $INCLUDE master file was lost if
                       an origin was specified. [RT #744]

715.   [bug]           Resolving some A6 chains could cause an assertion
                       failure in adb.c. [RT #738]

714.   [bug]           Preserve interval timers across reloads unless changed.
                       [RT #729]

713.   [func]          named-checkconf takes '-t directory' similar to named.
                       [RT #726]

712.   [bug]           Sending a large signed update message caused an
                       assertion failure. [RT #718]

711.   [bug]           The libisc and liblwres implementations of
                       inet_ntop contained an off by one error.

710.   [func]          The forwarders statement now takes an optional
                       port. [RT #418]

709.   [bug]           ANY or SIG queries for data with a TTL of 0
                       would return SERVFAIL. [RT #620]

708.   [bug]           When building with --with-openssl, the openssl headers
                       included with BIND 9 should not be used. [RT #702]

707.   [func]          The "filename" argument to named-checkzone is no
                       longer optional, to reduce confusion. [RT #612]

706.   [bug]           Zones with an explicit "allow-update { none; };"
                       were considered dynamic and therefore not reloaded
                       on SIGHUP or "rndc reload".

705.   [port]          Work out resource limit type for use where rlim_t is
                       not available. [RT #695]

704.   [port]          RLIMIT_NOFILE is not available on all platforms.
                       [RT #695]

703.   [port]          sys/select.h is needed on older platforms. [RT #695]

702.   [func]          If the address 0.0.0.0 is seen in resolv.conf,
                       use 127.0.0.1 instead. [RT #693]

701.   [func]          Root hints are now fully optional.  Class IN
                       views use compiled-in hints by default, as
                       before.  Non-IN views with no root hints now
                       provide authoritative service but not recursion.
                       A warning is logged if a view has neither root
                       hints nor authoritative data for the root. [RT #696]

700.   [bug]           $GENERATE range check was wrong. [RT #688]

699.   [bug]           The lexer mishandled empty quoted strings. [RT #694]

698.   [bug]           Aborting nsupdate with ^C would lead to several
                       race conditions.

697.   [bug]           nsupdate was not compatible with the undocumented
                       BIND 8 behavior of ignoring TTLs in "update delete"
                       commands. [RT #693]

696.   [bug]           lwresd would die with an assertion failure when passed
                       a zero-length name. [RT #692]

695.   [bug]           If the resolver attempted to query a blackholed or
                       bogus server, the resolution would fail immediately.

694.   [bug]           $GENERATE did not produce the last entry.
                       [RT #682, #683]

693.   [bug]           An empty lwres statement in named.conf caused
                       the server to crash while loading.

692.   [bug]           Deal with systems that have getaddrinfo() but not
                       gai_strerror(). [RT #679]

691.   [bug]           Configuring per-view forwarders caused an assertion
                       failure. [RT #675, #734]

690.   [func]          $GENERATE now supports DNAME. [RT #654]

689.   [doc]           man pages are now installed. [RT #210]

688.   [func]          "make tags" now works on systems with the
                       "Exuberant Ctags" etags.

687.   [bug]           Only say we have IPv6, with sufficient functionality,
                       if it has actually been tested. [RT #586]

686.   [bug]           dig and nslookup can now be properly aborted during
                       blocking operations. [RT #568]

685.   [bug]           nslookup should use the search list/domain options
                       from resolv.conf by default. [RT #405, #630]

684.   [bug]           Memory leak with view forwarders. [RT #656]

683.   [bug]           File descriptor leak in isc_lex_openfile().

682.   [bug]           nslookup displayed SOA records incorrectly. [RT #665]

681.   [bug]           $GENERATE specifying output format was broken. [RT #653]

680.   [bug]           dns_rdata_fromstruct() mishandled options bigger
                       than 255 octets.

679.   [bug]           $INCLUDE could leak memory and file descriptors on
                       reload. [RT #639]

678.   [bug]           "transfer-format one-answer;" could trigger an assertion
                       failure. [RT #646]

677.   [bug]           dnssec-signzone would occasionally use the wrong ttl
                       for database operations and fail. [RT #643]

676.   [bug]           Log messages about lame servers to category
                       'lame-servers' rather than 'resolver', so as not
                       to be gratuitously incompatible with BIND 8.

675.   [bug]           TKEY queries could cause the server to leak
                       memory.

674.   [func]          Allow messages to be TSIG signed / verified using
                       a offset from the current time.

673.   [func]          The server can now convert RFC1886-style recursive
                       lookup requests into RFC2874-style lookups, when
                       enabled using the new option "allow-v6-synthesis".

672.   [bug]           The wrong time was in the "time signed" field when
                       replying with BADTIME error.

671.   [bug]           The message code was failing to parse a message with
                       no question section and a TSIG record. [RT #628]

670.   [bug]           The lwres replacements for getaddrinfo and
                       getipnodebyname didn't properly check for the
                       existence of the sockaddr sa_len field.

669.   [bug]           dnssec-keygen now makes the public key file
                       non-world-readable for symmetric keys. [RT #403]

668.   [func]          named-checkzone now reports multiple errors in master
                       files.

667.   [bug]           On Linux, running named with the -u option and a
                       non-world-readable configuration file didn't work.
                       [RT #626]

666.   [bug]           If a request sent by dig is longer than 512 bytes,
                       use TCP.

665.   [bug]           Signed responses were not sent when the size of the
                       TSIG + question exceeded the maximum message size.
                       [RT #628]

664.   [bug]           The t_tasks and t_timers module tests are now skipped
                       when building without threads, since they require
                       threads.

663.   [func]          Accept a size_spec, not just an integer, in the
                       (unimplemented and ignored) max-ixfr-log-size option
                       for compatibility with recent versions of BIND 8.
                       [RT #613]

662.   [bug]           dns_rdata_fromtext() failed to log certain errors.

661.   [bug]           Certain UDP IXFR requests caused an assertion failure
                       (mpctx->allocated == 0). [RT #355, #394, #623]

660.   [port]          Detect multiple CPUs on HP-UX and IRIX.

659.   [performance]   Rewrite the name compression code to be much faster.

658.   [cleanup]       Remove all vestiges of 16 bit global compression.

657.   [bug]           When a listen-on statement in an lwres block does not
                       specify a port, use 921, not 53.  Also update the
                       listen-on documentation. [RT #616]

656.   [func]          Treat an unescaped newline in a quoted string as
                       an error.  This means that TXT records with missing
                       close quotes should have meaningful errors printed.

655.   [bug]           Improve error reporting on unexpected eof when loading
                       zones. [RT #611]

654.   [bug]           Origin was being forgotten in TCP retries in dig.
                       [RT #574]

653.   [bug]           +defname option in dig was reversed in sense.
                       [RT #549]

652.   [bug]           zone_saveunique() did not report the new name.

651.   [func]          The AD bit in responses now has the meaning
                       specified in <draft-ietf-dnsext-ad-is-secure>.

650.   [bug]           SIG(0) records were being generated and verified
                       incorrectly. [RT #606]

649.   [bug]           It was possible to join to an already running fctx
                       after it had "cloned" its events, but before it sent
                       them.  In this case, the event of the newly joined
                       fetch would not contain the answer, and would
                       trigger the INSIST() in fctx_sendevents().  In
                       BIND 9.0, this bug did not trigger an INSIST(), but
                       caused the fetch to fail with a SERVFAIL result.
                       [RT #588, #597, #605, #607]

648.   [port]          Add support for pre-RFC2133 IPv6 implementations.

647.   [bug]           Resolver queries sent after following multiple
                       referrals had excessively long retransmission
                       timeouts due to incorrectly counting the referrals
                       as "restarts".

646.   [bug]           The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
                       didn't _cleanly_ fix the problem it was trying to fix.

645.   [port]          BSD/OS 3.0 needs pthread_init(). [RT #603]

644.   [bug]           #622 needed more work. [RT #562]

643.   [bug]           xfrin error messages made more verbose, added class
                       of the zone. [RT #599]

642.   [bug]           Break the exit_check() race in the zone module.
                       [RT #598]
       --- 9.1.0b2 released ---

641.   [bug]           $GENERATE caused a uninitialized link to be used.
                       [RT #595]

640.   [bug]           Memory leak in error path could cause
                       "mpctx->allocated == 0" failure. [RT #584]

639.   [bug]           Reading entropy from the keyboard would sometimes fail.
                       [RT #591]

638.   [port]          lib/isc/random.c needed to explicitly include time.h
                       to get a prototype for time() when pthreads was not
                       being used. [RT #592]

637.   [port]          Use isc_u?int64_t instead of (unsigned) long long in
                       lib/isc/print.c.  Also allow lib/isc/print.c to
                       be compiled even if the platform does not need it.
                       [RT #592]

636.   [port]          Shut up MSVC++ about a possible loss of precision
                       in the ISC__BUFFER_PUTUINT*() macros. [RT #592]

635.   [bug]           Reloading a server with a configured blackhole list
                       would cause an assertion. [RT #590]

634.   [bug]           A log file will completely stop being written when
                       it reaches the maximum size in all cases, not just
                       when versioning is also enabled. [RT #570]

633.   [port]          Cope with rlim_t missing on BSD/OS systems. [RT #575]

632.   [bug]           The index array of the journal file was
                       corrupted as it was written to disk.

631.   [port]          Build without thread support on systems without
                       pthreads.

630.   [bug]           Locking failure in zone code. [RT #582]

629.   [bug]           9.1.0b1 dereferenced a null pointer and crashed
                       when responding to a UDP IXFR request.

628.   [bug]           If the root hints contained only AAAA addresses,
                       named would be unable to perform resolution.

627.   [bug]           The EDNS0 blackhole detection code of change 324
                       waited for three retransmissions to each server,
                       which takes much too long when a domain has many
                       name servers and all of them drop EDNS0 queries.
                       Now we retry without EDNS0 after three consecutive
                       timeouts, even if they are all from different
                       servers. [RT #143]

626.   [bug]           The lightweight resolver daemon no longer crashes
                       when asked for a SIG rrset. [RT #558]

625.   [func]          Zones now inherit their class from the enclosing view.

624.   [bug]           The zone object could get timer events after it had
                       been destroyed, causing a server crash. [RT #571]

623.   [func]          Added "named-checkconf" and "named-checkzone" program
                       for syntax checking named.conf files and zone files,
                       respectively.

622.   [bug]           A canceled request could be destroyed before
                       dns_request_destroy() was called. [RT #562]

621.   [port]          Disable IPv6 at runtime if IPv6 sockets are unusable.
                       This mostly affects Red Hat Linux 7.0, which has
                       conflicts between libc and the kernel.

620.   [bug]           dns_master_load*inc() now require 'task' and 'load'
                       to be non-null.  Also 'done' will not be called if
                       dns_master_load*inc() fails immediately. [RT #565]

619.   [placeholder]

618.   [bug]           Queries to a signed zone could sometimes cause
                       an assertion failure.

617.   [bug]           When using dynamic update to add a new RR to an
                       existing RRset with a different TTL, the journal
                       entries generated from the update did not include
                       explicit deletions and re-additions of the existing
                       RRs to update their TTL to the new value.

616.   [func]          dnssec-signzone -t output now includes performance
                       statistics.

615.   [bug]           dnssec-signzone did not like child keysets signed
                       by multiple keys.

614.   [bug]           Checks for uninitialized link fields were prone
                       to false positives, causing assertion failures.
                       The checks are now disabled by default and may
                       be re-enabled by defining ISC_LIST_CHECKINIT.

613.   [bug]           "rndc reload zone" now reloads primary zones.
                       It previously only updated slave and stub zones,
                       if an SOA query indicated an out of date serial.

612.   [cleanup]       Shutup a ridiculously noisy HP-UX compiler that
                       complains relentlessly about how its treatment
                       of 'const' has changed as well as how casting
                       sometimes tightens alignment constraints.

611.   [func]          allow-notify can be used to permit processing of
                       notify messages from hosts other than a slave's
                       masters.

610.   [func]          rndc dumpdb is now supported.

609.   [bug]           getrrsetbyname() would crash lwresd if the server
                       found more SIGs than answers. [RT #554]

608.   [func]          dnssec-signzone now adds a comment to the zone
                       with the time the file was signed.

607.   [bug]           nsupdate would fail if it encountered a CNAME or
                       DNAME in a response to an SOA query. [RT #515]

606.   [bug]           Compiling with --disable-threads failed due
                       to isc_thread_self() being incorrectly defined
                       as an integer rather than a function.

605.   [func]          New function isc_lex_getlasttokentext().

604.   [bug]           The named.conf parser could print incorrect line
                       numbers when long comments were present.

603.   [bug]           Make dig handle multiple types or classes on the same
                       query more correctly.

602.   [func]          Cope automatically with UnixWare's broken
                       IN6_IS_ADDR_* macros. [RT #539]

601.   [func]          Return a non-zero exit code if an update fails
                       in nsupdate.

600.   [bug]           Reverse lookups sometimes failed in dig, etc...

599.   [func]          Added four new functions to the libisc log API to
                       support i18n messages.  isc_log_iwrite(),
                       isc_log_ivwrite(), isc_log_iwrite1() and
                       isc_log_ivwrite1() were added.

598.   [bug]           An update-policy statement would cause the server
                       to assert while loading. [RT #536]

597.   [func]          dnssec-signzone is now multi-threaded.

596.   [bug]           DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
                       not mutually exclusive.

595.   [port]          On Linux 2.2, socket() returns EINVAL when it
                       should return EAFNOSUPPORT.  Work around this.
                       [RT #531]

594.   [func]          sdb drivers are now assumed to not be thread-safe
                       unless the DNS_SDBFLAG_THREADSAFE flag is supplied.

593.   [bug]           If a secure zone was missing all its NXTs and
                       a dynamic update was attempted, the server entered
                       an infinite loop.

592.   [bug]           The sig-validity-interval option now specifies a
                       number of days, not seconds.  This matches the
                       documentation. [RT #529]
       --- 9.1.0b1 released ---

591.   [bug]           Work around non-reentrancy in openssl by disabling
                       pre-computation in keys.

590.   [doc]           There are now man pages for the lwres library in
                       doc/man/lwres.

589.   [bug]           The server could deadlock if a zone was updated
                       while being transferred out.

588.   [bug]           ctx->in_use was not being correctly initialized when
                       when pushing a file for $INCLUDE. [RT #523]

587.   [func]          A warning is now printed if the "allow-update"
                       option allows updates based on the source IP
                       address, to alert users to the fact that this
                       is insecure and becoming increasingly so as
                       servers capable of update forwarding are being
                       deployed.

586.   [bug]           multiple views with the same name were fatal. [RT #516]

585.   [func]          dns_db_addrdataset() and dns_rdataslab_merge()
                       now support 'exact' additions in a similar manner to
                       dns_db_subtractrdataset() and dns_rdataslab_subtract().

584.   [func]          You can now say 'notify explicit'; to suppress
                       notification of the servers listed in NS records
                       and notify only those servers listed in the
                       'also-notify' option.

583.   [func]          "rndc querylog" will now toggle logging of
                       queries, like "ndc querylog" in BIND 8.

582.   [bug]           dns_zone_idetach() failed to lock the zone.
                       [RT #199, #463]

581.   [bug]           log severity was not being correctly processed.
                       [RT #485]

580.   [func]          Ignore trailing garbage on incoming DNS packets,
                       for interoperability with broken server
                       implementations. [RT #491]

579.   [bug]           nsupdate did not take a filename to read update from.
                       [RT #492]

578.   [func]          New config option "notify-source", to specify the
                       source address for notify messages.

577.   [func]          Log illegal RDATA combinations. e.g. multiple
                       singleton types, cname and other data.

576.   [doc]           isc_log_create() description did not match reality.

575.   [bug]           isc_log_create() was not setting internal state
                       correctly to reflect the default channels created.

574.   [bug]           TSIG signed queries sent by the resolver would fail to
                       have their responses validated and would leak memory.

573.   [bug]           The journal files of IXFRed slave zones were
                       inadvertently discarded on server reload, causing
                       "journal out of sync with zone" errors on subsequent
                       reloads. [RT #482]

572.   [bug]           Quoted strings were not accepted as key names in
                       address match lists.

571.   [bug]           It was possible to create an rdataset of singleton
                       type which had more than one rdata. [RT #154]
                       [RT #279]

570.   [bug]           rbtdb.c allowed zones containing nodes which had
                       both a CNAME and "other data". [RT #154]

569.   [func]          The DNSSEC AD bit will not be set on queries which
                       have not requested a DNSSEC response.

568.   [func]          Add sample simple database drivers in contrib/sdb.

567.   [bug]           Setting the zone transfer timeout to zero caused an
                       assertion failure. [RT #302]

566.   [func]          New public function dns_timer_setidle().

565.   [func]          Log queries more like BIND 8: query logging is now
                       done to category "queries", level "info". [RT #169]

564.   [func]          Add sortlist support to lwresd.

563.   [func]          New public functions dns_rdatatype_format() and
                       dns_rdataclass_format(), for convenient formatting
                       of rdata type/class mnemonics in log messages.

562.   [cleanup]       Moved lib/dns/*conf.c to bin/named where they belong.

561.   [func]          The 'datasize', 'stacksize', 'coresize' and 'files'
                       clauses of the options{} statement are now implemented.

560.   [bug]           dns_name_split did not properly the resulting prefix
                       when a maximal length bitstring label was split which
                       was preceded by another bitstring label. [RT #429]

559.   [bug]           dns_name_split did not properly create the suffix
                       when splitting within a maximal length bitstring label.

558.   [func]          New functions, isc_resource_getlimit and
                       isc_resource_setlimit.

557.   [func]          Symbolic constants for libisc integral types.

556.   [func]          The DNSSEC OK bit in the EDNS extended flags
                       is now implemented.  Responses to queries without
                       this bit set will not contain any DNSSEC records.

555.   [bug]           A slave server attempting a zone transfer could
                       crash with an assertion failure on certain
                       malformed responses from the master. [RT #457]

554.   [bug]           In some cases, not all of the dnssec tools were
                       properly installed.

553.   [bug]           Incoming zone transfers deferred due to quota
                       were not started when quota was increased but
                       only when a transfer in progress finished. [RT #456]

552.   [bug]           We were not correctly detecting the end of all c-style
                       comments. [RT #455]

551.   [func]          Implemented the 'sortlist' option.

550.   [func]          Support unknown rdata types and classes.

549.   [bug]           "make" did not immediately abort the build when a
                       subdirectory make failed [RT #450].

548.   [func]          The lexer now ungets tokens more correctly.

547.   [placeholder]

546.   [func]          Option 'lame-ttl' is now implemented.

545.   [func]          Name limit and counting options removed from dig;
                       they didn't work properly, and cannot be correctly
                       implemented without significant changes.

544.   [func]          Add statistics option, enable statistics-file option,
                       add RNDC option "dump-statistics" to write out a
                       query statistics file.

543.   [doc]           The 'port' option is now documented.

542.   [func]          Add support for update forwarding as required for
                       full compliance with RFC2136.  It is turned off
                       by default and can be enabled using the
                       'allow-update-forwarding' option.

541.   [func]          Add bogus server support.

540.   [func]          Add dialup support.

539.   [func]          Support the blackhole option.

538.   [bug]           fix buffer overruns by 1 in lwres_getnameinfo().

537.   [placeholder]

536.   [func]          Use transfer-source{-v6} when sending refresh queries.
                       Transfer-source{-v6} now take a optional port
                       parameter for setting the UDP source port.  The port
                       parameter is ignored for TCP.

535.   [func]          Use transfer-source{-v6} when forwarding update
                       requests.

534.   [func]          Ancestors have been removed from RBT chains.  Ancestor
                       information can be discerned via node parent pointers.

533.   [func]          Incorporated name hashing into the RBT database to
                       improve search speed.

532.   [func]          Implement DNS UPDATE pseudo records using
                       DNS_RDATA_UPDATE flag.

531.   [func]          Rdata really should be initialized before being assigned
                       to (dns_rdata_fromwire(), dns_rdata_fromtext(),
                       dns_rdata_clone(), dns_rdata_fromregion()),
                       check that it is.

530.   [func]          New function dns_rdata_invalidate().

529.   [bug]           521 contained a bug which caused zones to always
                       reload.  [RT #410]

528.   [func]          The ISC_LIST_XXXX macros now perform sanity checks
                       on their arguments.  ISC_LIST_XXXXUNSAFE can be use
                       to skip the checks however use with caution.

527.   [func]          New function dns_rdata_clone().

526.   [bug]           nsupdate incorrectly refused to add RRs with a TTL
                       of 0.

525.   [func]          New arguments 'options' for dns_db_subtractrdataset(),
                       and 'flags' for dns_rdataslab_subtract() allowing you
                       to request that the RR's must exist prior to deletion.
                       DNS_R_NOTEXACT is returned if the condition is not met.

524.   [func]          The 'forward' and 'forwarders' statement in
                       non-forward zones should work now.

523.   [doc]           The source to the Administrator Reference Manual is
                       now an XML file using the DocBook DTD, and is included
                       in the distribution.  The plain text version of the
                       ARM is temporarily unavailable while we figure out
                       how to generate readable plain text from the XML.

522.   [func]          The lightweight resolver daemon can now use
                       a real configuration file, and its functionality
                       can be provided by a name server.  Also, the -p and -P
                       options to lwresd have been reversed.

521.   [bug]           Detect master files which contain $INCLUDE and always
                       reload. [RT #196]

520.   [bug]           Upgraded libtool to 1.3.5, which makes shared
                       library builds almost work on AIX (and possibly
                       others).

519.   [bug]           dns_name_split() would improperly split some bitstring
                       labels, zeroing a few of the least significant bits in
                       the prefix part.  When such an improperly created
                       prefix was returned to the RBT database, the bogus
                       label was dutifully stored, corrupting the tree.
                       [RT #369]

518.   [bug]           The resolver did not realize that a DNAME which was
                       "the answer" to the client's query was "the answer",
                       and such queries would fail. [RT #399]

517.   [bug]           The resolver's DNAME code would trigger an assertion
                       if there was more than one DNAME in the chain.
                       [RT #399]

516.   [bug]           Cache lookups which had a NULL node pointer, e.g.
                       those by dns_view_find(), and which would match a
                       DNAME, would trigger an INSIST(!search.need_cleanup)
                       assertion. [RT #399]

515.   [bug]           The ssu table was not being attached / detached
                       by dns_zone_[sg]etssutable. [RT #397]

514.   [func]          Retry refresh and notify queries if they timeout.
                       [RT #388]

513.   [func]          New functionality added to rdnc and server to allow
                       individual zones to be refreshed or reloaded.

512.   [bug]           The zone transfer code could throw an exception with
                       an invalid IXFR stream.

511.   [bug]           The message code could throw an assertion on an
                       out of memory failure. [RT #392]

510.   [bug]           Remove spurious view notify warning. [RT #376]

509.   [func]          Add support for write of zone files on shutdown.

508.   [func]          dns_message_parse() can now do a best-effort
                       attempt, which should allow dig to print more invalid
                       messages.

507.   [func]          New functions dns_zone_flush(), dns_zt_flushanddetach()
                       and dns_view_flushanddetach().

506.   [func]          Do not fail to start on errors in zone files.

505.   [bug]           nsupdate was printing "unknown result code". [RT #373]

504.   [bug]           The zone was not being marked as dirty when updated via
                       IXFR.

503.   [bug]           dumptime was not being set along with
                       DNS_ZONEFLG_NEEDDUMP.

502.   [func]          On a SERVFAIL reply, DiG will now try the next server
                       in the list, unless the +fail option is specified.

501.   [bug]           Incorrect port numbers were being displayed by
                       nslookup. [RT #352]

500.   [func]          Nearly useless +details option removed from DiG.

499.   [func]          In DiG, specifying a class with -c or type with -t
                       changes command-line parsing so that classes and
                       types are only recognized if following -c or -t.
                       This allows hosts with the same name as a class or
                       type to be looked up.

498.   [doc]           There is now a man page for "dig"
                       in doc/man/bin/dig.1.

497.   [bug]           The error messages printed when an IP match list
                       contained a network address with a nonzero host
                       part where not sufficiently detailed. [RT #365]

496.   [bug]           named didn't sanity check numeric parameters. [RT #361]

495.   [bug]           nsupdate was unable to handle large records. [RT #368]

494.   [func]          Do not cache NXDOMAIN responses for SOA queries.

493.   [func]          Return non-cachable (ttl = 0) NXDOMAIN responses
                       for SOA queries.  This makes it easier to locate
                       the containing zone without polluting intermediate
                       caches.

492.   [bug]           attempting to reload a zone caused the server fail
                       to shutdown cleanly. [RT #360]

491.   [bug]           nsupdate would segfault when sending certain
                       prerequisites with empty RDATA. [RT #356]

490.   [func]          When a slave/stub zone has not yet successfully
                       obtained an SOA containing the zone's configured
                       retry time, perform the SOA query retries using
                       exponential backoff. [RT #337]

489.   [func]          The zone manager now has a "i/o" queue.

488.   [bug]           Locks weren't properly destroyed in some cases.

487.   [port]          flockfile() is not defined on all systems.

486.   [bug]           nslookup: "set all" and "server" commands showed
                       the incorrect port number if a port other than 53
                       was specified. [RT #352]

485.   [func]          When dig had more than one server to query, it would
                       send all of the messages at the same time.  Add
                       rate limiting of the transmitted messages.

484.   [bug]           When the server was reloaded after removing addresses
                       from the named.conf "listen-on" statement, sockets
                       were still listening on the removed addresses due
                       to reference count loops. [RT #325]

483.   [bug]           nslookup: "set all" showed a "search" option but it
                       was not settable.

482.   [bug]           nslookup: a plain "server" or "lserver" should be
                       treated as a lookup.

481.   [bug]           nslookup:get_next_command() stack size could exceed
                       per thread limit.

480.   [bug]           strtok() is not thread safe. [RT #349]

479.   [func]          The test suite can now be run by typing "make check"
                       or "make test" at the top level.

478.   [bug]           "make install" failed if the directory specified with
                       --prefix did not already exist.

477.   [bug]           The the isc-config.sh script could be installed before
                       its directory was created. [RT #324]

476.   [bug]           A zone could expire while a zone transfer was in
                       progress triggering a INSIST failure. [RT #329]

475.   [bug]           query_getzonedb() sometimes returned a non-null version
                       on failure.  This caused assertion failures when
                       generating query responses where names subject to
                       additional section processing pointed to a zone
                       to which access had been denied by means of the
                       allow-query option. [RT #336]

474.   [bug]           The mnemonic of the CHAOS class is CH according to
                       RFC1035, but it was printed and read only as CHAOS.
                       We now accept both forms as input, and print it
                       as CH. [RT #305]

473.   [bug]           nsupdate overran the end of the list of name servers
                       when no servers could be reached, typically causing
                       it to print the error message "dns_request_create:
                       not implemented".

472.   [bug]           Off-by-one error caused isc_time_add() to sometimes
                       produce invalid time values.

471.   [bug]           nsupdate didn't compile on HP/UX 10.20

470.   [func]          $GENERATE is now supported.  See also
                       doc/misc/migration.

469.   [bug]           "query-source address * port 53;" now works.

468.   [bug]           dns_master_load*() failed to report file and line
                       number in certain error conditions.

467.   [bug]           dns_master_load*() failed to log an error if
                       pushfile() failed.

466.   [bug]           dns_master_load*() could return success when it failed.

465.   [cleanup]       Allow 0 to be set as an omapi_value_t value by
                       omapi_value_storeint().

464.   [cleanup]       Build with openssl's RSA code instead of dnssafe.

463.   [bug]           nsupdate sent malformed SOA queries to the second
                       and subsequent name servers in resolv.conf if the
                       query sent to the first one failed.

462.   [bug]           --disable-ipv6 should work now.

461.   [bug]           Specifying an unknown key in the "keys" clause of the
                       "controls" statement caused a NULL pointer dereference.
                       [RT #316]

460.   [bug]           Much of the DNSSEC code only worked with class IN.

459.   [bug]           Nslookup processed the "set" command incorrectly.

458.   [bug]           Nslookup didn't properly check class and type values.
                       [RT #305]

457.   [bug]           Dig/host/hslookup didn't properly handle connect
                       timeouts in certain situations, causing an
                       unnecessary warning message to be printed.

456.   [bug]           Stub zones were not resetting the refresh and expire
                       counters, loadtime or clearing the DNS_ZONE_REFRESH
                       (refresh in progress) flag upon successful update.
                       This disabled further refreshing of the stub zone,
                       causing it to eventually expire. [RT #300]

455.   [doc]           Document IPv4 prefix notation does not require a
                       dotted decimal quad but may be just dotted decimal.

454.   [bug]           Enforce dotted decimal and dotted decimal quad where
                       documented as such in named.conf. [RT #304, RT #311]

453.   [bug]           Warn if the obsolete option "maintain-ixfr-base"
                       is specified in named.conf. [RT #306]

452.   [bug]           Warn if the unimplemented option "statistics-file"
                       is specified in named.conf. [RT #301]

451.   [func]          Update forwarding implemented.

450.   [func]          New function ns_client_sendraw().

449.   [bug]           isc_bitstring_copy() only works correctly if the
                       two bitstrings have the same lsb0 value, but this
                       requirement was not documented, nor was there a
                       REQUIRE for it.

448.   [bug]           Host output formatting change, to match v8. [RT #255]

447.   [bug]           Dig didn't properly retry in TCP mode after
                       a truncated reply. [RT #277]

446.   [bug]           Confusing notify log message. [RT #298]

445.   [bug]           Doing a 0 bit isc_bitstring_copy() of an lsb0
                       bitstring triggered a REQUIRE statement.  The REQUIRE
                       statement was incorrect. [RT #297]

444.   [func]          "recursion denied" messages are always logged at
                       debug level 1, now, rather than sometimes at ERROR.
                       This silences these warnings in the usual case, where
                       some clients set the RD bit in all queries.

443.   [bug]           When loading a master file failed because of an
                       unrecognized RR type name, the error message
                       did not include the file name and line number.
                       [RT #285]

442.   [bug]           TSIG signed messages that did not match any view
                       crashed the server. [RT #290]

441.   [bug]           Nodes obscured by a DNAME were inaccessible even
                       when DNS_DBFIND_GLUEOK was set.

440.   [func]          New function dns_zone_forwardupdate().

439.   [func]          New function dns_request_createraw().

438.   [func]          New function dns_message_getrawmessage().

437.   [func]          Log NOTIFY activity to the notify channel.

436.   [bug]           If recvmsg() returned EHOSTUNREACH or ENETUNREACH,
                       which sometimes happens on Linux, named would enter
                       a busy loop.  Also, unexpected socket errors were
                       not logged at a high enough logging level to be
                       useful in diagnosing this situation. [RT #275]

435.   [bug]           dns_zone_dump() overwrote existing zone files
                       rather than writing to a temporary file and
                       renaming.  This could lead to empty or partial
                       zone files being left around in certain error
                       conditions involving the initial transfer of a
                       slave zone, interfering with subsequent server
                       startup. [RT #282]

434.   [func]          New function isc_file_isabsolute().

433.   [func]          isc_base64_decodestring() now accepts newlines
                       within the base64 data.  This makes it possible
                       to break up the key data in a "trusted-keys"
                       statement into multiple lines. [RT #284]

432.   [func]          Added refresh/retry jitter.  The actual refresh/
                       retry time is now a random value between 75% and
                       100% of the configured value.

431.   [func]          Log at ISC_LOG_INFO when a zone is successfully
                       loaded.

430.   [bug]           Rewrote the lightweight resolver client management
                       code to handle shutdown correctly and general
                       cleanup.

429.   [bug]           The space reserved for a TSIG record in a response
                       was 2 bytes too short, leading to message
                       generation failures.

428.   [bug]           rbtdb.c:find_closest_nxt() erroneously returned
                       DNS_R_BADDB for nodes which had neither NXT nor SIG NXT
                       (e.g. glue).  This could cause SERVFAILs when
                       generating negative responses in a secure zone.

427.   [bug]           Avoid going into an infinite loop when the validator
                       gets a negative response to a key query where the
                       records are signed by the missing key.

426.   [bug]           Attempting to generate an oversized RSA key could
                       cause dnssec-keygen to dump core.

425.   [bug]           Warn about the auth-nxdomain default value change
                       if there is no auth-nxdomain statement in the
                       config file. [RT #287]

424.   [bug]           notify_createmessage() could trigger an assertion
                       failure when creating the notify message failed,
                       e.g. due to corrupt zones with multiple SOA records.
                       [RT #279]

423.   [bug]           When responding to a recursive query, errors that occur
                       after following a CNAME should cause the query to fail.
                       [RT #274]

422.   [func]          get rid of isc_random_t, and make isc_random_get()
                       and isc_random_jitter() use rand() internally
                       instead of local state.  Note that isc_random_*()
                       functions are only for weak, non-critical "randomness"
                       such as timing jitter and such.

421.   [bug]           nslookup would exit when given a blank line as input.

420.   [bug]           nslookup failed to implement the "exit" command.

419.   [bug]           The certificate type PKIX was misspelled as SKIX.

418.   [bug]           At debug levels >= 10, getting an unexpected
                       socket receive error would crash the server
                       while trying to log the error message.

417.   [func]          Add isc_app_block() and isc_app_unblock(), which
                       allow an application to handle signals while
                       blocking.

416.   [bug]           Slave zones with no master file tried to use a
                       NULL pointer for a journal file name when they
                       received an IXFR. [RT #273]

415.   [bug]           The logging code leaked file descriptors.

414.   [bug]           Server did not shut down until all incoming zone
                       transfers were finished.

413.   [bug]           Notify could attempt to use the zone database after
                       it had been unloaded. [RT #267]

412.   [bug]           named -v didn't print the version.

411.   [bug]           A typo in the HS A code caused an assertion failure.

410.   [bug]           lwres_gethostbyname() and company set lwres_h_errno
                       to a random value on success.

409.   [bug]           If named was shut down early in the startup
                       process, ns_omapi_shutdown() would attempt to lock
                       an uninitialized mutex. [RT #262]

408.   [bug]           stub zones could leak memory and reference counts if
                       all the masters were unreachable.

407.   [bug]           isc_rwlock_lock() would needlessly block
                       readers when it reached the read quota even
                       if no writers were waiting.

406.   [bug]           Log messages were occasionally lost or corrupted
                       due to a race condition in isc_log_doit().

405.   [func]          Add support for selective forwarding (forward zones)

404.   [bug]           The request library didn't completely work with IPv6.

403.   [bug]           "host" did not use the search list.

402.   [bug]           Treat undefined acls as errors, rather than
                       warning and then later throwing an assertion.
                       [RT #252]

401.   [func]          Added simple database API.

400.   [bug]           SIG(0) signing and verifying was done incorrectly.
                       [RT #249]
399.   [bug]           When reloading the server with a config file
                       containing a syntax error, it could catch an
                       assertion failure trying to perform zone
                       maintenance on, or sending notifies from,
                       tentatively created zones whose views were
                       never fully configured and lacked an address
                       database and request manager.

398.   [bug]           "dig" sometimes caught an assertion failure when
                       using TSIG, depending on the key length.

397.   [func]          Added utility functions dns_view_gettsig() and
                       dns_view_getpeertsig().

396.   [doc]           There is now a man page for "nsupdate"
                       in doc/man/bin/nsupdate.8.

395.   [bug]           nslookup printed incorrect RR type mnemonics
                       for RRs of type >= 21 [RT #237].

394.   [bug]           Current name was not propagated via $INCLUDE.

393.   [func]          Initial answer while loading (awl) support.
                       Entry points: dns_master_loadfileinc(),
                       dns_master_loadstreaminc(), dns_master_loadbufferinc().
                       Note: calls to dns_master_load*inc() should be rate
                       be rate limited so as to not use up all file
                       descriptors.

392.   [func]          Add ISC_R_FAMILYNOSUPPORT.  Returned when OS does
                       not support the given address family requested.

391.   [clarity]       ISC_R_FAMILY -> ISC_R_FAMILYMISMATCH.

390.   [func]          The function dns_zone_setdbtype() now takes
                       an argc/argv style vector of words and sets
                       both the zone database type and its arguments,
                       making the functions dns_zone_adddbarg()
                       and dns_zone_cleardbargs() unnecessary.

389.   [bug]           Attempting to send a request over IPv6 using
                       dns_request_create() on a system without IPv6
                       support caused an assertion failure [RT #235].

388.   [func]          dig and host can now do reverse ipv6 lookups.

387.   [func]          Add dns_byaddr_createptrname(), which converts
                       an address into the name used by a PTR query.

386.   [bug]           Missing strdup() of ACL name caused random
                       ACL matching failures [RT #228].

385.   [cleanup]       Removed functions dns_zone_equal(), dns_zone_print(),
                       and dns_zt_print().

384.   [bug]           nsupdate was incorrectly limiting TTLs to 65535 instead
                       of 2147483647.

383.   [func]          When writing a master file, print the SOA and NS
                       records (and their SIGs) before other records.

382.   [bug]           named -u failed on many Linux systems where the
                       libc provided kernel headers do not match
                       the current kernel.

381.   [bug]           Check for IPV6_RECVPKTINFO and use it instead of
                       IPV6_PKTINFO if found. [RT #229]

380.   [bug]           nsupdate didn't work with IPv6.

379.   [func]          New library function isc_sockaddr_anyofpf().

378.   [func]          named and lwresd will log the command line arguments
                       they were started with in the "starting ..." message.

377.   [bug]           When additional data lookups were refused due to
                       "allow-query", the databases were still being
                       attached causing reference leaks.

376.   [bug]           The server should always use good entropy when
                       performing cryptographic functions needing entropy.

375.   [bug]           Per-zone "allow-query" did not properly override the
                       view/global one for CNAME targets and additional
                       data [RT #220].

374.   [bug]           SOA in authoritative negative responses had wrong TTL.

373.   [func]          nslookup is now installed by "make install".

372.   [bug]           Deal with Microsoft DNS servers appending two bytes of
                       garbage to zone transfer requests.

371.   [bug]           At high debug levels, doing an outgoing zone transfer
                       of a very large RRset could cause an assertion failure
                       during logging.

370.   [bug]           The error messages for roll-forward failures were
                       overly terse.

369.   [func]          Support new named.conf options, view and zone
                       statements:

                               max-retry-time, min-retry-time,
                               max-refresh-time, min-refresh-time.

368.   [func]          Restructure the internal ".bind" view so that more
                       zones can be added to it.

367.   [bug]           Allow proper selection of server on nslookup command
                       line.

366.   [func]          Allow use of '-' batch file in dig for stdin.

365.   [bug]           nsupdate -k leaked memory.

364.   [func]          Added additional-from-{cache,auth}

363.   [placeholder]

362.   [bug]           rndc no longer aborts if the configuration file is
                       missing an options statement. [RT #209]

361.   [func]          When the RBT find or chain functions set the name and
                       origin for a node that stores the root label
                       the name is now set to an empty name, instead of ".",
                       to simplify later use of the name and origin by
                       dns_name_concatenate(), dns_name_totext() or
                       dns_name_format().

360.   [func]          dns_name_totext() and dns_name_format() now allow
                       an empty name to be passed, which is formatted as "@".

359.   [bug]           dnssec-signzone occasionally signed glue records.

358.   [cleanup]       Rename the intermediate files used by the dnssec
                       programs.

357.   [bug]           The zone file parser crashed if the argument
                       to $INCLUDE was a quoted string.

356.   [cleanup]       isc_task_send no longer requires event->sender to
                       be non-null.

355.   [func]          Added isc_dir_createunique(), similar to mkdtemp().

354.   [doc]           Man pages for the dnssec tools are now included in
                       the distribution, in doc/man/dnssec.

353.   [bug]           double increment in lwres/gethost.c:copytobuf().
                       [RT #187]

352.   [bug]           Race condition in dns_client_t startup could cause
                       an assertion failure.

351.   [bug]           Constructing a response with rcode SERVFAIL to a TSIG
                       signed query could crash the server.

350.   [bug]           Also-notify lists specified in the global options
                       block were not correctly reference counted, causing
                       a memory leak.

349.   [bug]           Processing a query with the CD bit set now works
                       as expected.

348.   [func]          New boolean named.conf options 'additional-from-auth'
                       and 'additional-from-cache' now supported in view and
                       global options statement.

347.   [bug]           Don't crash if an argument is left off options in dig.

346.   [placeholder]

345.   [bug]           Large-scale changes/cleanups to dig:
                       * Significantly improve structure handling
                       * Don't pre-load entire batch files
                       * Add name/rr counting/limiting
                       * Fix SIGINT handling
                       * Shorten timeouts to match v8's behavior

344.   [bug]           When shutting down, lwresd sometimes tried
                       to shut down its client tasks twice,
                       triggering an assertion.

343.   [bug]           Although zone maintenance SOA queries and
                       notify requests were signed with TSIG keys
                       when configured for the server in case,
                       the TSIG was not verified on the response.

342.   [bug]           The wrong name was being passed to
                       dns_name_dup() when generating a TSIG
                       key using TKEY.

341.   [func]          Support 'key' clause in named.conf zone masters
                       statement to allow authentication via TSIG keys:

                               masters {
                                       10.0.0.1 port 5353 key "foo";
                                       10.0.0.2 ;
                               };

340.   [bug]           The top-level COPYRIGHT file was missing from
                       the distribution.

339.   [bug]           DNSSEC validation of the response to an ANY
                       query at a name with a CNAME RR in a secure
                       zone triggered an assertion failure.

338.   [bug]           lwresd logged to syslog as named, not lwresd.

337.   [bug]           "dig" did not recognize "nsap-ptr" as an RR type
                       on the command line.

336.   [bug]           "dig -f" used 64 k of memory for each line in
                       the file.  It now uses much less, though still
                       proportionally to the file size.

335.   [bug]           named would occasionally attempt recursion when
                       it was disallowed or undesired.

334.   [func]          Added hmac-md5 to libisc.

333.   [bug]           The resolver incorrectly accepted referrals to
                       domains that were not parents of the query name,
                       causing assertion failures.

332.   [func]          New function dns_name_reset().

331.   [bug]           Only log "recursion denied" if RD is set. [RT #178]

330.   [bug]           Many debugging messages were partially formatted
                       even when debugging was turned off, causing a
                       significant decrease in query performance.

329.   [func]          omapi_auth_register() now takes a size_t argument for
                       the length of a key's secret data.  Previously
                       OMAPI only stored secrets up to the first NUL byte.

328.   [func]          Added isc_base64_decodestring().

327.   [bug]           rndc.conf parser wasn't correctly recognizing an IP
                       address where a host specification was required.

326.   [func]          'keys' in an 'inet' control statement is now
                       required and must have at least one item in it.
                       A "not supported" warning is now issued if a 'unix'
                       control channel is defined.

325.   [bug]           isc_lex_gettoken was processing octal strings when
                       ISC_LEXOPT_CNUMBER was not set.

324.   [func]          In the resolver, turn EDNS0 off if there is no
                       response after a number of retransmissions.
                       This is to allow queries some chance of succeeding
                       even if all the authoritative servers of a zone
                       silently discard EDNS0 requests instead of
                       sending an error response like they ought to.

323.   [bug]           dns_rbt_findname() did not ignore empty rbt nodes.
                       Because of this, servers authoritative for a parent
                       and grandchild zone but not authoritative for the
                       intervening child zone did not correctly issue
                       referrals to the servers of the child zone.

322.   [bug]           Queries for KEY RRs are now sent to the parent
                       server before the authoritative one, making
                       DNSSEC insecurity proofs work in many cases
                       where they previously didn't.

321.   [bug]           When synthesizing a CNAME RR for a DNAME
                       response, query_addcname() failed to initialize
                       the type and class of the CNAME dns_rdata_t,
                       causing random failures.

320.   [func]          Multiple rndc changes: parses an rndc.conf file,
                       uses authentication to talk to named, command
                       line syntax changed.  This will all be described
                       in the ARM.

319.   [func]          The named.conf "controls" statement is now used
                       to configure the OMAPI command channel.

318.   [func]          dns_c_ndcctx_destroy() could never return anything
                       except ISC_R_SUCCESS; made it have void return instead.

317.   [func]          Use callbacks from libomapi to determine if a
                       new connection is valid, and if a key requested
                       to be used with that connection is valid.

316.   [bug]           Generate a warning if we detect an unexpected <eof>
                       but treat as <eol><eof>.

315.   [bug]           Handle non-empty blanks lines. [RT #163]

314.   [func]          The named.conf controls statement can now have
                       more than one key specified for the inet clause.

313.   [bug]           When parsing resolv.conf, don't terminate on an
                       error.  Instead, parse as much as possible, but
                       still return an error if one was found.

312.   [bug]           Increase the number of allowed elements in the
                       resolv.conf search path from 6 to 8.  If there
                       are more than this, ignore the remainder rather
                       than returning a failure in lwres_conf_parse.

311.   [bug]           lwres_conf_parse failed when the first line of
                       resolv.conf was empty or a comment.

310.   [func]          Changes to named.conf "controls" statement (inet
                       subtype only)

                         - support "keys" clause

                               controls {
                                  inet * port 1024
                                       allow { any; } keys { "foo"; }
                               }

                         - allow "port xxx" to be left out of statement,
                           in which case it defaults to omapi's default port
                           of 953.

309.   [bug]           When sending a referral, the server did not look
                       for name server addresses as glue in the zone
                       holding the NS RRset in the case where this zone
                       was not the same as the one where it looked for
                       name server addresses as authoritative data.

308.   [bug]           Treat a SOA record not at top of zone as an error
                       when loading a zone. [RT #154]

307.   [bug]           When canceling a query, the resolver didn't check for
                       isc_socket_sendto() calls that did not yet have their
                       completion events posted, so it could (rarely) end up
                       destroying the query context and then want to use
                       it again when the send event posted, triggering an
                       assertion as it tried to cancel an already-canceled
                       query.  [RT #77]

306.   [bug]           Reading HMAC-MD5 private key files didn't work.

305.   [bug]           When reloading the server with a config file
                       containing a syntax error, it could catch an
                       assertion failure trying to perform zone
                       maintenance on tentatively created zones whose
                       views were never fully configured and lacked
                       an address database.

304.   [bug]           If more than LWRES_CONFMAXNAMESERVERS servers
                       are listed in resolv.conf, silently ignore them
                       instead of returning failure.

303.   [bug]           Add additional sanity checks to differentiate a AXFR
                       response vs a IXFR response. [RT #157]

302.   [bug]           In dig, host, and nslookup, MXNAME should be large
                       enough to hold any legal domain name in presentation
                       format + terminating NULL.

301.   [bug]           Uninitialized pointer in host:printmessage(). [RT #159]

300.   [bug]           Using both <isc/net.h> and <lwres/net.h> didn't work
                       on platforms lacking IPv6 because each included their
                       own ipv6 header file for the missing definitions.  Now
                       each library's ipv6.h defines the wrapper symbol of
                       the other (ISC_IPV6_H and LWRES_IPV6_H).

299.   [cleanup]       Get the user and group information before changing the
                       root directory, so the administrator does not need to
                       keep a copy of the user and group databases in the
                       chroot'ed environment.  Suggested by Hakan Olsson.

298.   [bug]           A mutex deadlock occurred during shutdown of the
                       interface manager under certain conditions.
                       Digital Unix systems were the most affected.

297.   [bug]           Specifying a key name that wasn't fully qualified
                       in certain parts of the config file could cause
                       an assertion failure.

296.   [bug]           "make install" from a separate build directory
                       failed unless configure had been run in the source
                       directory, too.

295.   [bug]           When invoked with type==CNAME and a message
                       not constructed by dns_message_parse(),
                       dns_message_findname() failed to find anything
                       due to checking for attribute bits that are set
                       only in dns_message_parse().  This caused an
                       infinite loop when constructing the response to
                       an ANY query at a CNAME in a secure zone.

294.   [bug]           If we run out of space in while processing glue
                       when reading a master file and commit "current name"
                       reverts to "name_current" instead of staying as
                       "name_glue".

293.   [port]          Add support for FreeBSD 4.0 system tests.

292.   [bug]           Due to problems with the way some operating systems
                       handle simultaneous listening on IPv4 and IPv6
                       addresses, the server no longer listens on IPv6
                       addresses by default.  To revert to the previous
                       behavior, specify "listen-on-v6 { any; };" in
                       the config file.

291.   [func]          Caching servers no longer send outgoing queries
                       over TCP just because the incoming recursive query
                       was a TCP one.

290.   [cleanup]       +twiddle option to dig (for testing only) removed.

289.   [cleanup]       dig is now installed in $bindir instead of $sbindir.
                       host is now installed in $bindir.  (Be sure to remove
                       any $sbindir/dig from a previous release.)

288.   [func]          rndc is now installed by "make install" into $sbindir.

287.   [bug]           rndc now works again as "rndc 127.1 reload" (for
                       only that task).  Parsing its configuration file and
                       using digital signatures for authentication has been
                       disabled until named supports the "controls" statement,
                       post-9.0.0.

286.   [bug]           On Solaris 2, when named inherited a signal state
                       where SIGHUP had the SIG_IGN action, SIGHUP would
                       be ignored rather than causing the server to reload
                       its configuration.

285.   [bug]           A change made to the dst API for beta4 inadvertently
                       broke OMAPI's creation of a dst key from an incoming
                       message, causing an assertion to be triggered.  Fixed.

284.   [func]          The DNSSEC key generation and signing tools now
                       generate randomness from keyboard input on systems
                       that lack /dev/random.

283.   [cleanup]       The 'lwresd' program is now a link to 'named'.

282.   [bug]           The lexer now returns ISC_R_RANGE if parsed integer is
                       too big for an unsigned long.

281.   [bug]           Fixed list of recognized config file category names.

280.   [func]          Add isc-config.sh, which can be used to more
                       easily build applications that link with
                       our libraries.

279.   [bug]           Private omapi function symbols shared between
                       two or more files in libomapi.a were not namespace
                       protected using the ISC convention of starting with
                       the library name and two underscores ("omapi__"...)

278.   [bug]           bin/named/logconf.c:category_fromconf() didn't take
                       note of when isc_log_categorybyname() wasn't able
                       to find the category name and would then apply the
                       channel list of the unknown category to all categories.

277.   [bug]           isc_log_categorybyname() and isc_log_modulebyname()
                       would fail to find the first member of any category
                       or module array apart from the internal defaults.
                       Thus, for example, the "notify" category was improperly
                       configured by named.

276.   [bug]           dig now supports maximum sized TCP messages.

275.   [bug]           The definition of lwres_gai_strerror() was missing
                       the lwres_ prefix.

274.   [bug]           TSIG AXFR verify failed when talking to a BIND 8
                       server.

273.   [func]          The default for the 'transfer-format' option is
                       now 'many-answers'.  This will break zone transfers
                       to BIND 4.9.5 and older unless there is an explicit
                       'one-answer' configuration.

272.   [bug]           The sending of large TCP responses was canceled
                       in mid-transmission due to a race condition
                       caused by the failure to set the client object's
                       "newstate" variable correctly when transitioning
                       to the "working" state.

271.   [func]          Attempt to probe the number of cpus in named
                       if unspecified rather than defaulting to 1.

270.   [func]          Allow maximum sized TCP answers.

269.   [bug]           Failed DNSSEC validations could cause an assertion
                       failure by causing clone_results() to be called with
                       with hevent->node == NULL.

268.   [doc]           A plain text version of the Administrator
                       Reference Manual is now included in the distribution,
                       as doc/arm/Bv9ARM.txt.

267.   [func]          Nsupdate is now provided in the distribution.

266.   [bug]           zone.c:save_nsrrset() node was not initialized.

265.   [bug]           dns_request_create() now works for TCP.

264.   [func]          Dispatch can not take TCP sockets in connecting
                       state.  Set DNS_DISPATCHATTR_CONNECTED when calling
                       dns_dispatch_createtcp() for connected TCP sockets
                       or call dns_dispatch_starttcp() when the socket is
                       connected.

263.   [func]          New logging channel type 'stderr'

                               channel some-name {
                                       stderr;
                                       severity error;
                               }

262.   [bug]           'master' was not initialized in zone.c:stub_callback().

261.   [func]          Add dns_zone_markdirty().

260.   [bug]           Running named as a non-root user failed on Linux
                       kernels new enough to support retaining capabilities
                       after setuid().

259.   [func]          New random-device and random-seed-file statements
                       for global options block of named.conf. Both accept
                       a single string argument.

258.   [bug]           Fixed printing of lwres_addr_t.address field.

257.   [bug]           The server detached the last zone manager reference
                       too early, while it could still be in use by queries.
                       This manifested itself as assertion failures during the
                       shutdown process for busy name servers. [RT #133]

256.   [func]          isc_ratelimiter_t now has attach/detach semantics, and
                       isc_ratelimiter_shutdown guarantees that the rate
                       limiter is detached from its task.

255.   [func]          New function dns_zonemgr_attach().

254.   [bug]           Suppress "query denied" messages on additional data
                       lookups.
       --- 9.0.0b4 released ---

253.   [func]          resolv.conf parser now recognizes ';' and '#' as
                       comments (anywhere in line, not just as the beginning).

252.   [bug]           resolv.conf parser mishandled masks on sortlists.
                       It also aborted when an unrecognized keyword was seen,
                       now it silently ignores the entire line.

251.   [bug]           lwresd caught an assertion failure on startup.

250.   [bug]           fixed handling of size+unit when value would be too
                       large for internal representation.

249.   [cleanup]       max-cache-size config option now takes a size-spec
                       like 'datasize', except 'default' is not allowed.

248.   [bug]           global lame-ttl option was not being printed when
                       config structures were written out.

247.   [cleanup]       Rename cache-size config option to max-cache-size.

246.   [func]          Rename global option cachesize to cache-size and
                       add corresponding option to view statement.

245.   [bug]           If an uncompressed name will take more than 255
                       bytes and the buffer is sufficiently long,
                       dns_name_fromwire should return DNS_R_FORMERR,
                       not ISC_R_NOSPACE.  This bug caused cause the
                       server to catch an assertion failure when it
                       received a query for a name longer than 255
                       bytes.

244.   [bug]           empty named.conf file and empty options statement are
                       now parsed properly.

243.   [func]          new cachesize option for named.conf

242.   [cleanup]       fixed incorrect warning about auth-nxdomain usage.

241.   [cleanup]       nscount and soacount have been removed from the
                       dns_master_*() argument lists.

240.   [func]          databases now come in three flavours: zone, cache
                       and stub.

239.   [func]          If ISC_MEM_DEBUG is enabled, the variable
                       isc_mem_debugging controls whether messages
                       are printed or not.

238.   [cleanup]       A few more compilation warnings have been quieted:
                       + missing sigwait prototype on BSD/OS 4.0/4.0.1.
                       + PTHREAD_ONCE_INIT unbraced initializer warnings on
                               Solaris 2.8.
                       + IN6ADDR_ANY_INIT unbraced initializer warnings on
                               BSD/OS 4.*, Linux and Solaris 2.8.

237.   [bug]           If connect() returned ENOBUFS when the resolver was
                       initiating a TCP query, the socket didn't get
                       destroyed, and the server did not shut down cleanly.

236.   [func]          Added new listen-on-v6 config file statement.

235.   [func]          Consider it a config file error if a listen-on
                       statement has an IPv6 address in it, or a
                       listen-on-v6 statement has an IPv4 address in it.

234.   [bug]           Allow a trusted-key's first field (domain-name) be
                       either a quoted or an unquoted string, instead of
                       requiring a quoted string.

233.   [cleanup]       Convert all config structure integer values to unsigned
                       integer (isc_uint32_t) to match grammar.

232.   [bug]           Allow slave zones to not have a file.

231.   [func]          Support new 'port' clause in config file options
                       section. Causes 'listen-on', 'masters' and
                       'also-notify' statements to use its value instead of
                       default (53).

230.   [func]          Replace the dst sign/verify API with a cleaner one.

229.   [func]          Support config file sig-validity-interval statement
                       in options, views and zone statements (master
                       zones only).

228.   [cleanup]       Logging messages in config module stripped of
                       trailing period.

227.   [cleanup]       The enumerated identifiers dns_rdataclass_*,
                       dns_rcode_*, dns_opcode_*, and dns_trust_* are
                       also now cast to their appropriate types, as with
                       dns_rdatatype_* in item number 225 below.

226.   [func]          dns_name_totext() now always prints the root name as
                       '.', even when omit_final_dot is true.

225.   [cleanup]       The enumerated dns_rdatatype_* identifiers are now
                       cast to dns_rdatatype_t via macros of their same name
                       so that they are of the proper integral type wherever
                       a dns_rdatatype_t is needed.

224.   [cleanup]       The entire project builds cleanly with gcc's
                       -Wcast-qual and -Wwrite-strings warnings enabled,
                       which is now the default when using gcc.  (Warnings
                       from confparser.c, because of yacc's code, are
                       unfortunately to be expected.)

223.   [func]          Several functions were re-prototyped to qualify one
                       or more of their arguments with "const".  Similarly,
                       several functions that return pointers now have
                       those pointers qualified with const.

222.   [bug]           The global 'also-notify' option was ignored.

221.   [bug]           An uninitialized variable was sometimes passed to
                       dns_rdata_freestruct() when loading a zone, causing
                       an assertion failure.

220.   [cleanup]       Set the default outgoing port in the view, and
                       set it in sockaddrs returned from the ADB.
                       [31-May-2000 explorer]

219.   [bug]           Signed truncated messages more correctly follow
                       the respective specs.

218.   [func]          When an rdataset is signed, its ttl is normalized
                       based on the signature validity period.

217.   [func]          Also-notify and trusted-keys can now be used in
                       the 'view' statement.

216.   [func]          The 'max-cache-ttl' and 'max-ncache-ttl' options
                       now work.

215.   [bug]           Failures at certain points in request processing
                       could cause the assertion INSIST(client->lockview
                       == NULL) to be triggered.

214.   [func]          New public function isc_netaddr_format(), for
                       formatting network addresses in log messages.

213.   [bug]           Don't leak memory when reloading the zone if
                       an update-policy clause was present in the old zone.

212.   [func]          Added dns_message_get/settsigkey, to make TSIG
                       key management reasonable.

211.   [func]          The 'key' and 'server' statements can now occur
                       inside 'view' statements.

210.   [bug]           The 'allow-transfer' option was ignored for slave
                       zones, and the 'transfers-per-ns' option was
                       was ignored for all zones.

209.   [cleanup]       Upgraded openssl files to new version 0.9.5a

208.   [func]          Added ISC_OFFSET_MAXIMUM for the maximum value
                       of an isc_offset_t.

207.   [func]          The dnssec tools properly use the logging subsystem.

206.   [cleanup]       dst now stores the key name as a dns_name_t, not
                       a char *.

205.   [cleanup]       On IRIX, turn off the mostly harmless warnings 1692
                       ("prototyped function redeclared without prototype")
                       and 1552 ("variable ... set but not used") when
                       compiling in the lib/dns/sec/{dnssafe,openssl}
                       directories, which contain code imported from outside
                       sources.

204.   [cleanup]       On HP/UX, pass +vnocompatwarnings to the linker
                       to quiet the warnings that "The linked output may not
                       run on a PA 1.x system."

203.   [func]          notify and zone soa queries are now tsig signed when
                       appropriate.

202.   [func]          isc_lex_getsourceline() changed from returning int
                       to returning unsigned long, the type of its underlying
                       counter.

201.   [cleanup]       Removed the test/sdig program, it has been
                       replaced by bin/dig/dig.
       --- 9.0.0b3 released ---

200.   [bug]           Failures in sending query responses to clients
                       (e.g., running out of network buffers) were
                       not logged.

199.   [bug]           isc_heap_delete() sometimes violated the heap
                       invariant, causing timer events not to be posted
                       when due.

198.   [func]          Dispatch managers hold memory pools which
                       any managed dispatcher may use.  This allows
                       us to avoid dipping into the memory context for
                       most allocations. [19-May-2000 explorer]

197.   [bug]           When an incoming AXFR or IXFR completes, the
                       zone's internal state is refreshed from the
                       SOA data. [19-May-2000 explorer]

196.   [func]          Dispatchers can be shared easily between views
                       and/or interfaces. [19-May-2000 explorer]

195.   [bug]           Including the NXT record of the root domain
                       in a negative response caused an assertion
                       failure.

194.   [doc]           The PDF version of the Administrator's Reference
                       Manual is no longer included in the ISC BIND9
                       distribution.

193.   [func]          changed dst_key_free() prototype.

192.   [bug]           Zone configuration validation is now done at end
                       of config file parsing, and before loading
                       callbacks.

191.   [func]          Patched to compile on UnixWare 7.x.  This platform
                       is not directly supported by the ISC.

190.   [cleanup]       The DNSSEC tools have been moved to a separate
                       directory dnssec/ and given the following new,
                       more descriptive names:

                             dnssec-keygen
                             dnssec-signzone
                             dnssec-signkey
                             dnssec-makekeyset

                       Their command line arguments have also been changed to
                       be more consistent.  dnssec-keygen now prints the
                       name of the generated key files (sans extension)
                       on standard output to simplify its use in automated
                       scripts.

189.   [func]          isc_time_secondsastimet(), a new function, will ensure
                       that the number of seconds in an isc_time_t does not
                       exceed the range of a time_t, or return ISC_R_RANGE.
                       Similarly, isc_time_now(), isc_time_nowplusinterval(),
                       isc_time_add() and isc_time_subtract() now check the
                       range for overflow/underflow.  In the case of
                       isc_time_subtract, this changed a calling requirement
                       (ie, something that could generate an assertion)
                       into merely a condition that returns an error result.
                       isc_time_add() and isc_time_subtract() were void-
                       valued before but now return isc_result_t.

188.   [func]          Log a warning message when an incoming zone transfer
                       contains out-of-zone data.

187.   [func]          isc_ratelimiter_enqueue() has an additional argument
                       'task'.

186.   [func]          dns_request_getresponse() has an additional argument
                       'preserve_order'.

185.   [bug]           Fixed up handling of ISC_MEMCLUSTER_LEGACY.  Several
                       public functions did not have an isc__ prefix, and
                       referred to functions that had previously been
                       renamed.

184.   [cleanup]       Variables/functions which began with two leading
                       underscores were made to conform to the ANSI/ISO
                       standard, which says that such names are reserved.

183.   [func]          ISC_LOG_PRINTTAG option for log channels.  Useful
                       for logging the program name or other identifier.

182.   [cleanup]       New command-line parameters for dnssec tools

181.   [func]          Added dst_key_buildfilename and dst_key_parsefilename

180.   [func]          New isc_result_t ISC_R_RANGE.  Supersedes DNS_R_RANGE.

179.   [func]          options named.conf statement *must* now come
                       before any zone or view statements.

178.   [func]          Post-load of named.conf check verifies a slave zone
                       has non-empty list of masters defined.

177.   [func]          New per-zone boolean:

                               enable-zone yes | no ;

                       intended to let a zone be disabled without having
                       to comment out the entire zone statement.

176.   [func]          New global and per-view option:

                               max-cache-ttl number

175.   [func]          New global and per-view option:

                               additional-data internal | minimal | maximal;

174.   [func]          New public function isc_sockaddr_format(), for
                       formatting socket addresses in log messages.

173.   [func]          Keep a queue of zones waiting for zone transfer
                       quota so that a new transfer can be dispatched
                       immediately whenever quota becomes available.

172.   [bug]           $TTL directive was sometimes missing from dumped
                       master files because totext_ctx_init() failed to
                       initialize ctx->current_ttl_valid.

171.   [cleanup]       On NetBSD systems, the mit-pthreads or
                       unproven-pthreads library is now always used
                       unless --with-ptl2 is explicitly specified on
                       the configure command line.  The
                       --with-mit-pthreads option is no longer needed
                       and has been removed.

170.   [cleanup]       Remove inter server consistency checks from zone,
                       these should return as a separate module in 9.1.
                       dns_zone_checkservers(), dns_zone_checkparents(),
                       dns_zone_checkchildren(), dns_zone_checkglue().

                       Remove dns_zone_setadb(), dns_zone_setresolver(),
                       dns_zone_setrequestmgr() these should now be found
                       via the view.

169.   [func]          ratelimiter can now process N events per interval.

168.   [bug]           include statements in named.conf caused syntax errors
                       due to not consuming the semicolon ending the include
                       statement before switching input streams.

167.   [bug]           Make lack of masters for a slave zone a soft error.

166.   [bug]           Keygen was overwriting existing keys if key_id
                       conflicted, now it will retry, and non-null keys
                       with key_id == 0 are not generated anymore.  Key
                       was not able to generate NOAUTHCONF DSA key,
                       increased RSA key size to 2048 bits.

165.   [cleanup]       Silence "end-of-loop condition not reached" warnings
                       from Solaris compiler.

164.   [func]          Added functions isc_stdio_open(), isc_stdio_close(),
                       isc_stdio_seek(), isc_stdio_read(), isc_stdio_write(),
                       isc_stdio_flush(), isc_stdio_sync(), isc_file_remove()
                       to encapsulate nonportable usage of errno and sync.

163.   [func]          Added result codes ISC_R_FILENOTFOUND and
                       ISC_R_FILEEXISTS.

162.   [bug]           Ensure proper range for arguments to ctype.h functions.

161.   [cleanup]       error in yyparse prototype that only HPUX caught.

160.   [cleanup]       getnet*() are not going to be implemented at this
                       stage.

159.   [func]          Redefinition of config file elements is now an
                       error (instead of a warning).

158.   [bug]           Log channel and category list copy routines
                       weren't assigning properly to output parameter.

157.   [port]          Fix missing prototype for getopt().

156.   [func]          Support new 'database' statement in zone.

                               database "quoted-string";

155.   [bug]           ns_notify_start() was not detaching the found zone.

154.   [func]          The signer now logs libdns warnings to stderr even when
                       not verbose, and in a nicer format.

153.   [func]          dns_rdata_tostruct() 'mctx' is now optional.  If 'mctx'
                       is NULL then you need to preserve the 'rdata' until
                       you have finished using the structure as there may be
                       references to the associated memory.  If 'mctx' is
                       non-NULL it is guaranteed that there are no references
                       to memory associated with 'rdata'.

                       dns_rdata_freestruct() must be called if 'mctx' was
                       non-NULL and may safely be called if 'mctx' was NULL.

152.   [bug]           keygen dumped core if domain name argument was omitted
                       from command line.

151.   [func]          Support 'disabled' statement in zone config (causes
                       zone to be parsed and then ignored). Currently must
                       come after the 'type' clause.

150.   [func]          Support optional ports in masters and also-notify
                       statements:

                               masters [ port xxx ] { y.y.y.y [ port zzz ] ; }

149.   [cleanup]       Removed unused argument 'olist' from
                       dns_c_view_unsetordering().

148.   [cleanup]       Stop issuing some warnings about some configuration
                       file statements that were not implemented, but now are.

147.   [bug]           Changed yacc union size to be smaller for yaccs that
                       put yacc-stack on the real stack.

146.   [cleanup]       More general redundant header file cleanup.  Rather
                       than continuing to itemize every header which changed,
                       this changelog entry just notes that if a header file
                       did not need another header file that it was including
                       in order to provide its advertised functionality, the
                       inclusion of the other header file was removed.  See
                       util/check-includes for how this was tested.

145.   [cleanup]       Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
                       ISC_LANG_ENDDECLS to header files that had function
                       prototypes, and removed it from those that did not.

144.   [cleanup]       libdns header files too numerous to name were made
                       to conform to the same style for multiple inclusion
                       protection.

143.   [func]          Added function dns_rdatatype_isknown().

142.   [cleanup]       <isc/stdtime.h> does not need <time.h> or
                       <isc/result.h>.

141.   [bug]           Corrupt requests with multiple questions could
                       cause an assertion failure.

140.   [cleanup]       <isc/time.h> does not need <time.h> or <isc/result.h>.

139.   [cleanup]       <isc/net.h> now includes <isc/types.h> instead of
                       <isc/int.h> and <isc/result.h>.

138.   [cleanup]       isc_strtouq moved from str.[ch] to string.[ch] and
                       renamed isc_string_touint64.  isc_strsep moved from
                       strsep.c to string.c and renamed isc_string_separate.

137.   [cleanup]       <isc/commandline.h>, <isc/mem.h>, <isc/print.h>
                       <isc/serial.h>, <isc/string.h> and <isc/offset.h>
                       made to conform to the same style for multiple
                       inclusion protection.

136.   [cleanup]       <isc/commandline.h>, <isc/interfaceiter.h>,
                       <isc/net.h> and Win32's <isc/thread.h> needed
                       ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS.

135.   [cleanup]       Win32's <isc/condition.h> did not need <isc/result.h>
                       or <isc/boolean.h>, now uses <isc/types.h> in place
                       of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
                       and ISC_LANG_ENDDECLS.

134.   [cleanup]       <isc/dir.h> does not need <limits.h>.

133.   [cleanup]       <isc/ipv6.h> needs <isc/platform.h>.

132.   [cleanup]       <isc/app.h> does not need <isc/task.h>, but does
                       need <isc/eventclass.h>.

131.   [cleanup]       <isc/mutex.h> and <isc/util.h> need <isc/result.h>
                       for ISC_R_* codes used in macros.

130.   [cleanup]       <isc/condition.h> does not need <pthread.h> or
                       <isc/boolean.h>, and now includes <isc/types.h>
                       instead of <isc/time.h>.

129.   [bug]           The 'default_debug' log channel was not set up when
                       'category default' was present in the config file

128.   [cleanup]       <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
                       ISC_LANG_ENDDECLS at end of header.

127.   [cleanup]       The contracts for the comparison routines
                       dns_name_fullcompare(), dns_name_compare(),
                       dns_name_rdatacompare(), and dns_rdata_compare() now
                       specify that the order value returned is < 0, 0, or > 0
                       instead of -1, 0, or 1.

126.   [cleanup]       <isc/quota.h> and <isc/taskpool.h> need <isc/lang.h>.

125.   [cleanup]       <isc/eventclass.h>, <isc/ipv6.h>, <isc/magic.h>,
                       <isc/mutex.h>, <isc/once.h>, <isc/region.h>, and
                       <isc/resultclass.h> do not need <isc/lang.h>.

124.   [func]          signer now imports parent's zone key signature
                       and creates null keys/sets zone status bit for
                       children when necessary

123.   [cleanup]       <isc/event.h> does not need <stddef.h>.

122.   [cleanup]       <isc/task.h> does not need <isc/mem.h> or
                       <isc/result.h>.

121.   [cleanup]       <isc/symtab.h> does not need <isc/mem.h> or
                       <isc/result.h>.  Multiple inclusion protection
                       symbol fixed from ISC_SYMBOL_H to ISC_SYMTAB_H.
                       isc_symtab_t moved to <isc/types.h>.

120.   [cleanup]       <isc/socket.h> does not need <isc/boolean.h>,
                       <isc/bufferlist.h>, <isc/task.h>, <isc/mem.h> or
                       <isc/net.h>.

119.   [cleanup]       structure definitions for generic rdata structures do
                       not have _generic_ in their names.

118.   [cleanup]       libdns.a is now namespace-clean, on NetBSD, excepting
                       YACC crust (yyparse, etc) [2000-apr-27 explorer]

117.   [cleanup]       libdns.a changes:
                       dns_zone_clearnotify() and dns_zone_addnotify()
                       are replaced by dns_zone_setnotifyalso().
                       dns_zone_clearmasters() and dns_zone_addmaster()
                       are replaced by dns_zone_setmasters().

116.   [func]          Added <isc/offset.h> for isc_offset_t (aka off_t
                       on Unix systems).

115.   [port]          Shut up the -Wmissing-declarations warning about
                       <stdio.h>'s __sputaux on BSD/OS pre-4.1.

114.   [cleanup]       <isc/sockaddr.h> does not need <isc/buffer.h> or
                       <isc/list.h>.

113.   [func]          Utility programs dig and host added.

112.   [cleanup]       <isc/serial.h> does not need <isc/boolean.h>.

111.   [cleanup]       <isc/rwlock.h> does not need <isc/result.h> or
                       <isc/mutex.h>.

110.   [cleanup]       <isc/result.h> does not need <isc/boolean.h> or
                       <isc/list.h>.

109.   [bug]           "make depend" did nothing for
                       bin/tests/{db,mem,sockaddr,tasks,timers}/.

108.   [cleanup]       DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
                       <dns/types.h> to <dns/bit.h> and renamed to
                       DNS_BIT_SET/DNS_BIT_GET/DNS_BIT_CLEAR.

107.   [func]          Add keysigner and keysettool.

106.   [func]          Allow dnssec verifications to ignore the validity
                       period.  Used by several of the dnssec tools.

105.   [doc]           doc/dev/coding.html expanded with other
                       implicit conventions the developers have used.

104.   [bug]           Made compress_add and compress_find static to
                       lib/dns/compress.c.

103.   [func]          libisc buffer API changes for <isc/buffer.h>:
                       Added:
                               isc_buffer_base(b)          (pointer)
                               isc_buffer_current(b)       (pointer)
                               isc_buffer_active(b)        (pointer)
                               isc_buffer_used(b)          (pointer)
                               isc_buffer_length(b)            (int)
                               isc_buffer_usedlength(b)        (int)
                               isc_buffer_consumedlength(b)    (int)
                               isc_buffer_remaininglength(b)   (int)
                               isc_buffer_activelength(b)      (int)
                               isc_buffer_availablelength(b)   (int)
                       Removed:
                               ISC_BUFFER_USEDCOUNT(b)
                               ISC_BUFFER_AVAILABLECOUNT(b)
                               isc_buffer_type(b)
                       Changed names:
                               isc_buffer_used(b, r) ->
                                       isc_buffer_usedregion(b, r)
                               isc_buffer_available(b, r) ->
                                       isc_buffer_available_region(b, r)
                               isc_buffer_consumed(b, r) ->
                                       isc_buffer_consumedregion(b, r)
                               isc_buffer_active(b, r) ->
                                       isc_buffer_activeregion(b, r)
                               isc_buffer_remaining(b, r) ->
                                       isc_buffer_remainingregion(b, r)

                       Buffer types were removed, so the ISC_BUFFERTYPE_*
                       macros are no more, and the type argument to
                       isc_buffer_init and isc_buffer_allocate were removed.
                       isc_buffer_putstr is now void (instead of isc_result_t)
                       and requires that the caller ensure that there
                       is enough available buffer space for the string.

102.   [port]          Correctly detect inet_aton, inet_pton and inet_ptop
                       on BSD/OS 4.1.

101.   [cleanup]       Quieted EGCS warnings from lib/isc/print.c.

100.   [cleanup]       <isc/random.h> does not need <isc/int.h> or
                       <isc/mutex.h>.  isc_random_t moved to <isc/types.h>.

 99.   [cleanup]       Rate limiter now has separate shutdown() and
                       destroy() functions, and it guarantees that all
                       queued events are delivered even in the shutdown case.

 98.   [cleanup]       <isc/print.h> does not need <stdarg.h> or <stddef.h>
                       unless ISC_PLATFORM_NEEDVSNPRINTF is defined.

 97.   [cleanup]       <isc/ondestroy.h> does not need <stddef.h> or
                       <isc/event.h>.

 96.   [cleanup]       <isc/mutex.h> does not need <isc/result.h>.

 95.   [cleanup]       <isc/mutexblock.h> does not need <isc/result.h>.

 94.   [cleanup]       Some installed header files did not compile as C++.

 93.   [cleanup]       <isc/msgcat.h> does not need <isc/result.h>.

 92.   [cleanup]       <isc/mem.h> does not need <stddef.h>, <isc/boolean.h>,
                       or <isc/result.h>.

 91.   [cleanup]       <isc/log.h> does not need <sys/types.h> or
                       <isc/result.h>.

 90.   [cleanup]       Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
                       from <named/listenlist.h>.

 89.   [cleanup]       <isc/lex.h> does not need <stddef.h>.

 88.   [cleanup]       <isc/interfaceiter.h> does not need <isc/result.h> or
                       <isc/mem.h>.  isc_interface_t and isc_interfaceiter_t
                       moved to <isc/types.h>.

 87.   [cleanup]       <isc/heap.h> does not need <isc/boolean.h>,
                       <isc/mem.h> or <isc/result.h>.

 86.   [cleanup]       isc_bufferlist_t moved from <isc/bufferlist.h> to
                       <isc/types.h>.

 85.   [cleanup]       <isc/bufferlist.h> does not need <isc/buffer.h>,
                       <isc/list.h>, <isc/mem.h>, <isc/region.h> or
                       <isc/int.h>.

 84.   [func]          allow-query ACL checks now apply to all data
                       added to a response.

 83.   [func]          If the server is authoritative for both a
                       delegating zone and its (nonsecure) delegatee, and
                       a query is made for a KEY RR at the top of the
                       delegatee, then the server will look for a KEY
                       in the delegator if it is not found in the delegatee.

 82.   [cleanup]       <isc/buffer.h> does not need <isc/list.h>.

 81.   [cleanup]       <isc/int.h> and <isc/boolean.h> do not need
                       <isc/lang.h>.

 80.   [cleanup]       <isc/print.h> does not need <stdio.h> or <stdlib.h>.

 79.   [cleanup]       <dns/callbacks.h> does not need <stdio.h>.

 78.   [cleanup]       lwres_conftest renamed to lwresconf_test for
                       consistency with other *_test programs.

 77.   [cleanup]       typedef of isc_time_t and isc_interval_t moved from
                       <isc/time.h> to <isc/types.h>.

 76.   [cleanup]       Rewrote keygen.

 75.   [func]          Don't load a zone if its database file is older
                       than the last time the zone was loaded.

 74.   [cleanup]       Removed mktemplate.o and ufile.o from libisc.a,
                       subsumed by file.o.

 73.   [func]          New "file" API in libisc, including new function
                       isc_file_getmodtime, isc_mktemplate renamed to
                       isc_file_mktemplate and isc_ufile renamed to
                       isc_file_openunique.  By no means an exhaustive API,
                       it is just what's needed for now.

 72.   [func]          DNS_RBTFIND_NOPREDECESSOR and DNS_RBTFIND_NOOPTIONS
                       added for dns_rbt_findnode, the former to disable the
                       setting of the chain to the predecessor, and the
                       latter to make clear when no options are set.

 71.   [cleanup]       Made explicit the implicit REQUIREs of
                       isc_time_seconds, isc_time_nanoseconds, and
                       isc_time_subtract.

 70.   [func]          isc_time_set() added.

 69.   [bug]           The zone object's master and also-notify lists grew
                       longer with each server reload.

 68.   [func]          Partial support for SIG(0) on incoming messages.

 67.   [performance]   Allow use of alternate (compile-time supplied)
                       OpenSSL libraries/headers.

 66.   [func]          Data in authoritative zones should have a trust level
                       beyond secure.

 65.   [cleanup]       Removed obsolete typedef of dns_zone_callbackarg_t
                       from <dns/types.h>.

 64.   [func]          The RBT, DB, and zone table APIs now allow the
                       caller find the most-enclosing superdomain of
                       a name.

 63.   [func]          Generate NOTIFY messages.

 62.   [func]          Add UDP refresh support.

 61.   [cleanup]       Use single quotes consistently in log messages.

 60.   [func]          Catch and disallow singleton types on message
                       parse.

 59.   [bug]           Cause net/host unreachable to be a hard error
                       when sending and receiving.

 58.   [bug]           bin/named/query.c could sometimes trigger the
                       (client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
                       == 0 assertion in query_newname().

 57.   [func]          Added dns_nxt_typepresent()

 56.   [bug]           SIG records were not properly returned in cached
                       negative answers.

 55.   [bug]           Responses containing multiple names in the authority
                       section were not negatively cached.

 54.   [bug]           If a fetch with sigrdataset==NULL joined one with
                       sigrdataset!=NULL or vice versa, the resolver
                       could catch an assertion or lose signature data,
                       respectively.

 53.   [port]          freebsd 4.0: lib/isc/unix/socket.c requires
                       <sys/param.h>.

 52.   [bug]           rndc: taskmgr and socketmgr were not initialized
                       to NULL.

 51.   [cleanup]       dns/compress.h and dns/zt.h did not need to include
                       dns/rbt.h; it was needed only by compress.c and zt.c.

 50.   [func]          RBT deletion no longer requires a valid chain to work,
                       and dns_rbt_deletenode was added.

 49.   [func]          Each cache now has its own mctx.

 48.   [func]          isc_task_create() no longer takes an mctx.
                       isc_task_mem() has been eliminated.

 47.   [func]          A number of modules now use memory context reference
                       counting.

 46.   [func]          Memory contexts are now reference counted.
                       Added isc_mem_inuse() and isc_mem_preallocate().
                       Renamed isc_mem_destroy_check() to
                       isc_mem_setdestroycheck().

 45.   [bug]           The trusted-key statement incorrectly loaded keys.

 44.   [bug]           Don't include authority data if it would force us
                       to unset the AD bit in the message.

 43.   [bug]           DNSSEC verification of cached rdatasets was failing.

 42.   [cleanup]       Simplified logging of messages with embedded domain
                       names by introducing a new convenience function
                       dns_name_format().

 41.   [func]          Use PR_SET_KEEPCAPS on Linux 2.3.99-pre3 and later
                       to allow 'named' to run as a non-root user while
                       retaining the ability to bind() to privileged
                       ports.

 40.   [func]          Introduced new logging category "dnssec" and
                       logging module "dns/validator".

 39.   [cleanup]       Moved the typedefs for isc_region_t, isc_textregion_t,
                       and isc_lex_t to <isc/types.h>.

 38.   [bug]           TSIG signed incoming zone transfers work now.

 37.   [bug]           If the first RR in an incoming zone transfer was
                       not an SOA, the server died with an assertion failure
                       instead of just reporting an error.

 36.   [cleanup]       Change DNS_R_SUCCESS (and others) to ISC_R_SUCCESS

 35.   [performance]   Log messages which are of a level too high to be
                       logged by any channel in the logging configuration
                       will not cause the log mutex to be locked.

 34.   [bug]           Recursion was allowed even with 'recursion no'.

 33.   [func]          The RBT now maintains a parent pointer at each node.

 32.   [cleanup]       bin/lwresd/client.c needs <string.h> for memset()
                       prototype.

 31.   [bug]           Use ${LIBTOOL} to compile bin/named/main.@O@.

 30.   [func]          config file grammar change to support optional
                       class type for a view.

 29.   [func]          support new config file view options:

                               auth-nxdomain recursion query-source
                               query-source-v6 transfer-source
                               transfer-source-v6 max-transfer-time-out
                               max-transfer-idle-out transfer-format
                               request-ixfr provide-ixfr cleaning-interval
                               fetch-glue notify rfc2308-type1 lame-ttl
                               max-ncache-ttl min-roots

 28.   [func]          support lame-ttl, min-roots and serial-queries
                       config global options.

 27.   [bug]           Only include <netinet6/in6.h> on BSD/OS 4.[01]*.
                       Including it on other platforms (eg, NetBSD) can
                       cause a forced #error from the C preprocessor.

 26.   [func]          new match-clients statement in config file view.

 25.   [bug]           make install failed to install <isc/log.h> and
                       <isc/ondestroy.h>.

 24.   [cleanup]       Eliminate some unnecessary #includes of header
                       files from header files.

 23.   [cleanup]       Provide more context in log messages about client
                       requests, using a new function ns_client_log().

 22.   [bug]           SIGs weren't returned in the answer section when
                       the query resulted in a fetch.

 21.   [port]          Look at STD_CINCLUDES after CINCLUDES during
                       compilation, so additional system include directories
                       can be searched but header files in the bind9 source
                       tree with conflicting names take precedence.  This
                       avoids issues with installed versions of dnssafe and
                       openssl.

 20.   [func]          Configuration file post-load validation of zones
                       failed if there were no zones.

 19.   [bug]           dns_zone_notifyreceive() failed to unlock the zone
                       lock in certain error cases.

 18.   [bug]           Use AC_TRY_LINK rather than AC_TRY_COMPILE in
                       configure.in to check for presence of in6addr_any.

 17.   [func]          Do configuration file post-load validation of zones.

 16.   [bug]           put quotes around key names on config file
                       output to avoid possible keyword clashes.

 15.   [func]          Add dns_name_dupwithoffsets().  This function is
                       improves comparison performance for duped names.

 14.   [bug]           free_rbtdb() could have 'put' unallocated memory in
                       an unlikely error path.

 13.   [bug]           lib/dns/master.c and lib/dns/xfrin.c didn't ignore
                       out-of-zone data.

 12.   [bug]           Fixed possible uninitialized variable error.

 11.   [bug]           axfr_rrstream_first() didn't check the result code of
                       db_rr_iterator_first(), possibly causing an assertion
                       to be triggered later.

 10.   [bug]           A bug in the code which makes EDNS0 OPT records in
                       bin/named/client.c and lib/dns/resolver.c could
                       trigger an assertion.

  9.   [cleanup]       replaced bit-setting code in confctx.c and replaced
                       repeated code with macro calls.

  8.   [bug]           Shutdown of incoming zone transfer accessed
                       freed memory.

  7.   [cleanup]       removed 'listen-on' from view statement.

  6.   [bug]           quote RR names when generating config file to
                       prevent possible clash with config file keywords
                       (such as 'key').

  5.   [func]          syntax change to named.conf file: new ssu grant/deny
                       statements must now be enclosed by an 'update-policy'
                       block.

  4.   [port]          bin/named/unix/os.c didn't compile on systems with
                       linux 2.3 kernel includes due to conflicts between
                       C library includes and the kernel includes.  We now
                       get only what we need from <linux/capability.h>, and
                       avoid pulling in other linux kernel .h files.

  3.   [bug]           TKEYs go in the answer section of responses, not
                       the additional section.

  2.   [bug]           Generating cryptographic randomness failed on
                       systems without /dev/random.

  1.   [bug]           The installdirs rule in
                       lib/isc/unix/include/isc/Makefile.in had a typo which
                       prevented the isc directory from being created if it
                       didn't exist.
--- 9.0.0b2 released ---