BIND 9.3.0 has a number of new features over 9.2, including: * DNSSEC is now DS based. See doc/draft/draft-ietf-dnsext-dnssec-*. * DNSSEC lookaside validation. * check-names is now implemented. * rrset-order in more complete. * IPv4/IPv6 transition support, dual-stack-servers. * IXFR deltas can now be generated when loading master files, ixfr-from-differences. * It is now possible to specify the size of a journal, max-journal-size. * It is now possible to define a named set of master servers to be used in masters clause, masters. * The advertised EDNS UDP size can now be set, edns-udp-size. * allow-v6-synthesis has been obsoleted. NOTE: * Zones containing MD and MF will now be rejected. * dig, nslookup name. now report "Not Implemented" as NOTIMP rather than NOTIMPL. This will have impact on scripts that are looking for NOTIMPL. Before submitting a bug report on BIND 9.2.5 to ISC's bug tracking system, please review the following list of upcoming fixes: 1971. [port] linux: make detection of missing IF_NAMESIZE more robust. [RT #15443] 1969. [bug] win32: the socket code was freeing the socket structure too early. [RT #15776] 1966. [bug] Don't set CD when we have fallen back to plain DNS. [RT #15727] 1962. [bug] Named failed to clear old update-policy when it was removed. [RT #15491] 1961. [bug] Check the port and address of responses forwarded to dispatch. [RT #15474] 1960. [bug] Update code should set NXT ttls from SOA MINIMUM. [RT #15465] 1958. [bug] Named failed to update the zone's secure state until the zone was reloaded. [RT #15412] 1957. [bug] Dig mishandled responses to class ANY queries. [RT #15402] 1956. [bug] Improve cross compile support, 'gen' is now built by native compiler. See README for additional cross compile support information. [RT #15148] 1955. [bug] Pre-allocate the cache cleaning interator. [RT #14998] 1952. [port] hpux: tell the linker to build a runtime link path "-Wl,+b:". [RT #14816]. 1951. [security] Drop queries from particular well known ports. Don't return FORMERR to queries from particular well known ports. [RT #15636] 1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect() a TCP socket. This prevents the source address being set for TCP connections. [RT #15628] 1948. [bug] If was possible to trigger a REQUIRE failure in xfrin.c:maybe_free() if named ran out of memory. [RT #15568] 1944. [cleanup] isc_hash_create() does not need a read/write lock. [RT #15522] 1943. [bug] Set the loadtime after rolling forward the journal. [RT #15647] 1940. [bug] Fixed a number of error conditions reported by Coverity. --- 9.2.6 released --- --- 9.2.6rc1 released --- 1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530] --- 9.2.6b2 released --- 1930. [port] HPUX: ia64 support. [RT #15473] 1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM. 1926. [bug] BINDinstall was being installed in the wrong place. [RT #15483] 1925. [port] All outer level AC_TRY_RUNs need cross compiling defaults. [RT #15469] 1924. [port] libbind: hpux ia64 support. [RT #15473] 1923. [bug] ns_client_detach() called too early. [RT #15499] --- 9.2.6b1 released --- 1917. [doc] funcsynopsisinfo wasn't being treated as verbatim when generating man pages. [RT #15385] 1911. [bug] Update windows socket code. [RT #14965] 1905. [bug] Strings returned from cfg_obj_asstring() should be treated as read-only. [RT #15256] 1895. [bug] A escaped character is, potentially, converted to the output character set too early. [RT #14666] 1893. [port] Use uintptr_t if available. [RT #14606] 1889. [port] sunos: non blocking i/o support. [RT #14951] 1887. [bug] The cache could delete expired records too fast for clients with a virtual time in the past. [RT #14991] 1886. [bug] fctx_create() could return success even though it failed. [RT #14993] 1884. [cleanup] dighost.c: move external declarations into . 1883. [bug] dnssec-signzone, dnssec-keygen, dnssec-signkey, dnssec-makekeyset: handle negative debug levels. [RT #14962] 1881. [func] Add a system test for named-checkconf. [RT #14931] 1877. [bug] Fix unreasonably low quantum on call to dns_rbt_destroy2(). Remove unnecessay unhash_node() call. [RT #14919] 1875. [bug] process_dhtkey() was using the wrong memory context to free some memory. [RT #14890] 1873. [port] win32: isc__errno2result() now reports its caller. [RT #13753] 1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753] 1871. [bug] dnssec_makekeyset and dnssec-signkey failed to initalize the hash context. [RT #13771] 1865. [bug] Silently ignore nameservers in /etc/resolv.conf with bad addresses. [RT #14841] 1861. [bug] dig could trigger a INSIST on certain malformed responses. [RT #14801] 1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was incorrectly set. [RT #14775] 1856. [doc] Switch Docbook toolchain from DSSSL to XSL. [RT #11398] 1854. [bug] lwres also needs to know the print format for (long long). [RT #13754] 1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591] 1849. [doc] All forms of the man pages (docbook, man, html) should have consistant copyright dates. 1848. [bug] Improve SMF integration. [RT #13238] 1847. [bug] isc_ondestroy_init() is called too late in dns_rbtdb_create()/dns_rbtdb64_create(). [RT #13661] 1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer . 1845. [bug] Improve error reporting to distingish between accept()/fcntl() and socket()/fcntl() errors. [RT #13745] 1844. [bug] inet_pton() accepted more that 4 hexadecimal digits for each 16 bit piece of the IPv6 address. The text representation of a IPv6 address has been tighted to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt). [RT #5662] 1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps when CFLAGS contains "-I /usr/local/include" resulting in old header files being used. 1842. [port] cmsg_len() could produce incorrect results on some platform. [RT #13744] 1841. [bug] "dig +nssearch" now makes a recursive query to find the list of nameservers to query. [RT #13694] 1839. [bug] was not being installed. 1838. [cleanup] Don't allow Linux capabilities to be inherited. [RT #13707] 1836. [cleanup] Silence compiler warnings in hash_test.c. 1835. [bug] Update dnssec-signzone's usage message. [RT #13657] 1834. [bug] Bad memset in rdata_test.c. [RT #13658] 1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660] 1832. [bug] named fails to return BADKEY on unknown TSIG algorithm. [RT #13620] 1830. [bug] adb lame cache has sence of test reversed. [RT #13600] 1828. [bug] isc_rwlock_init() failed to properly cleanup if it encountered a error. [RT #13549] 1827. [bug] host: update usage message for '-a'. [RT #37116] 1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out of memory error. [RT #13537] 1825. [bug] Missing UNLOCK() on out of memory error from in rbtdb.c:subtractrdataset(). [RT #13519] 1824. [bug] Memory leak on dns_zone_setdbtype() failure. [RT #13510] 1823. [bug] Wrong macro used to check for point to point interface. [RT#13418] 1821. [doc] acls definitions are no longer required to be in named.conf prior to reference. They can be defined after being referenced. 1820. [bug] Gracefully handle acl loops. [RT #13659] 1815. [bug] nsupdate triggered a REQUIRE if the server was set without also setting the zone and it encountered a CNAME and was using TSIG. [RT #13086] 1810. [bug] configure, lib/bind/configure make different default decisions about whether to do a threaded build. [RT #13212] 1809. [bug] "make distclean" failed for libbind if the platform is not supported. 1807. [bug] When forwarding (forward only) set the active domain from the forward zone name. [RT #13526] 1804. [bug] Ensure that if we are queried for glue that it fits in the additional section or TC is set to tell the client to retry using TCP. [RT #10114] 1802. [bug] Handle connection resets better. [RT #11280]