2e9fa938d0
PR: 7904 Submitted by: Issei Hirayama <iss@mail.wbs.ne.jp>
This is the source portion of BIND version 8.1.2. Its companions are "doc" and "contrib" so you are probably not missing anything. See the CHANGES file for a detailed listing of all changes. See the INSTALL file for information on building and installing BIND 8.1.2. BIND 8.1.2 Highlights Security fixes for a number of problems including: An attacker could overwrite the stack if inverse query support was enabled. A number of denial of service attacks where malformed packets could cause the server to crash. The server was willing to answer queries on its forwarding sockets. Several memory leaks have been plugged. The server no longer panics if a periodic interface scan fails due to no file descriptors being available. Updates to a number of ports. New ports for QNX, LynxOS, HP-UX 9.x, and HP MPE. "files unlimited" now works as expected on systems where setting an infinite rlim_max for RLIMIT_NOFILE works. Adding and deleting the same record in the same dynamic update no longer crashes the server. If a dynamic update fails, rollback is now done in LIFO order instead of FIFO order. Better behavior when priming of the root servers fails. purge_zone() didn't work correctly for the root zone, allowing old data to persist after loading the zone. Improved handling of oversized UDP packets. All hosts on the also-notify list are now notified. The meaning of the count returned by select() varies somewhat by operating system, and this could cause previous releases of the server to spin. Per-host statistics may be disabled by specifying 'host-statistics no' in named.conf. The maximum number of zones has been increased from 32768 to 65536. query-source may specify an address and port that the server is already listening on. BIND 8.1.1 required that either the address or port be wild. E.g., you can now say: listen-on port 53 { 10.0.0.1; }; query-source address 10.0.0.1 port 53; The value of FD_SETSIZE to use may be specified. Experimental -u (set user id), -g (set group id), and -t (chroot) command line options. See the INSTALL file for details. BIND 8 Features -> DNS Dynamic Updates (RFC 2136) -> DNS Change Notification (RFC 1996) -> Completely new configuration syntax -> Flexible, categorized logging system -> IP-address-based access control for queries, zone transfers, and updates that may be specified on a zone-by-zone basis -> More efficient zone transfers -> Improved performance for servers with thousands of zones -> The server no longer forks for outbound zone transfers -> Many bug fixes File and Directory Overview CHANGES history of added features and fixed bugs INSTALL how to build and install README this file TODO features planned but not yet written Version the version number of this release bin/* source for executables, including the nameserver include/* public .h files lib/* the resolver and various BIND support libraries port/* ports to various operating systems Kits, Questions, Comments, and Bug Reports <URL:ftp://ftp.isc.org/isc/bind/src/cur> current non-test release <URL:ftp://ftp.isc.org/isc/bind/src/testing> latest public test kit <URL:usenet:comp.protocols.dns.bind> using BIND <URL:usenet:comp.protocols.dns.ops> DNS operations in general <URL:usenet:comp.protocols.dns.std> DNS standards in general <URL:mailto:bind-users-request@vix.com> gw'd to u:c.p.d.bind <URL:mailto:namedroppers-request@internic.net> gw'd to u:c.p.d.std <URL:mailto:bind-workers-request@vix.com> code warriors only please <URL:http://www.isc.org/bind.html> the BIND home page <URL:mailto:bind-bugs@isc.org> bug reports To Support the Effort Note that BIND is supported by the Internet Software Consortium, and although it is free for use and redistribution and incorporation into vendor products and export and anything else you can think of, it costs money to produce. That money comes from ISPs, hardware and software vendors, companies who make extensive use of the software, and generally kind hearted folk such as yourself. The Internet Software Consortium has also commissioned a DHCP server implementation, has taken over official support/release of the INN system, and supports the Kerberos Version 5 effort at MIT. You can learn more about the ISC's goals and accomplishments from the web page at <URL:http://www.isc.org/>.